eliate

Generate security guidelines for AI coding agents.

Installation

go install github.com/eliate-security/eliate/cmd/eliate@latest

Usage

Generate Security Guidelines

Analyze a codebase and generate AGENTS.md with security guidelines:

export ANTHROPIC_API_KEY=your-key
eliate guidelines /path/to/project

Review Code for Violations

Review code against the guidelines in AGENTS.md and write findings to REMEDIATION.md:

eliate review /path/to/project

Options

Both commands support:

• --timeout <seconds> - Analysis timeout (default: 300)
• --quiet, -q - Suppress output

Security Controls

The agent operates with restricted permissions:

Blocked file reads:

• .env, .env.*
• *.pem, *.key, *.p12, *.pfx
• id_rsa, id_ed25519
• credentials.*, *.netrc, .npmrc, .pypirc

Allowed bash commands (read-only):

• ls, find, tree, cat, head, tail, wc, file, stat, du, df

Write permissions:

• guidelines command: only AGENTS.md
• review command: only REMEDIATION.md