CLI & CI
Catch risky agent tooling before it ships. The scanner reads your MCP configs, OpenAPI specs, and n8n workflows, scores every action an agent could take, and fails your build on drift or new high-risk capabilities.
The @actpass/cli scanner
shell
npx @actpass/cli scan . # scan the current project
npx @actpass/cli init # scaffold actpass config + lockfile| Command | What it does |
|---|---|
init | Scaffold ActPass config and a baseline actpass.lock for drift detection. |
scan | Discover MCP/OpenAPI/n8n tool surfaces, score risk, report findings. |
diff | Compare current tool manifests against the lockfile — classify drift. |
policy-test | Run example actions through a policy locally and assert the decisions. |
report-export | Export the scan as a shareable report. |
mcp-proxy | Run the enforcing MCP proxy locally (see Integrations). |
Tip:Commit
actpass.lock. It pins the approved hash of every tool your agents can reach — diff then catches rug-pulls the same way a package lockfile catches dependency swaps.GitHub Action
The same scanner, on every pull request. It comments findings inline and fails the check when new risk appears.
.github/workflows/actpass.yml
name: ActPass Security Scan
on: [pull_request]
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actpass/scan-action@v1
with:
path: . # project root to scan
fail-on: high # critical | high | medium | low
baseline: actpass.lock # drift detection baseline
# narrow the surface if needed:
# mcp-config: agents/mcp.json
# openapi: api/openapi.yaml
# n8n-workflow: flows/support.json| Input | Default | Purpose |
|---|---|---|
path | . | Project root to scan |
fail-on | high | Minimum severity that fails the check |
baseline | actpass.lock | Lockfile for drift detection |
mcp-config / openapi / n8n-workflow / manifest | — | Point at specific configs instead of auto-discovery |
The action accepts JSON and YAML OpenAPI specs, uploads the full report as a build artifact, and exits non-zero on findings at or above your fail-on threshold — so a tool that quietly gained delete powers blocks the merge, not the postmortem.