Skip to content

ZeroPathAI/agent_install

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
hooks
hooks
 
 
rules
rules
 
 
scripts
scripts
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
install.sh
install.sh
 
 
uninstall.sh
uninstall.sh
 
 

Repository files navigation

ZeroPath Coding Agent Integration

One installer that wires ZeroPath security scanning into the AI coding agents on your machine, so the code they write is reviewed at the moment it is generated — before it reaches a commit, a PR, or production.

Supported agents:

Agent MCP tools Agent guidance Stop hook
Claude Code managed block in ~/.claude/CLAUDE.md ✅ blocking or monitoring (~/.claude/settings.json)
OpenAI Codex managed block in ~/.codex/AGENTS.md ❌ no cross-platform hook support
Cursor per-project .cursor/rules/zeropath.mdc ✅ observational (~/.cursor/hooks.json, beta)

Quick install

curl -fsSL https://raw.githubusercontent.com/ZeroPathAI/agent_install/main/install.sh | bash

The installer detects which agents are present and configures all of them. It prompts for a ZeroPath API token (create one in Settings → API Tokens in the dashboard); for non-interactive installs:

export ZEROPATH_API_TOKEN_ID="..."
export ZEROPATH_API_TOKEN_SECRET="..."
curl -fsSL https://raw.githubusercontent.com/ZeroPathAI/agent_install/main/install.sh | bash

Useful flags (after bash -s --): --agents claude,codex,cursor, --org-id, --base-url (self-hosted / branch environments), --no-hooks, --no-mcp, --no-rules.

How it integrates with agents

Full documentation lives on the ZeroPath docs site: zeropath.com/docs/developer-tools/coding-agents/overview. The short version — there are two deliberately different mechanisms:

  1. MCP (agent-initiated). Each agent gets the ZeroPath MCP server, which exposes ZeroPath's API as tools — including the On-Demand Code Scan tools asyncCodeScans.submit / status / results. Installed guidance (rules files) tells the agent to submit the diff it just wrote, along with conversation context in additionalContext, and to fix critical/high findings before declaring a task done. This path is LLM-discretionary: the agent chooses when to call it.

  2. Stop hooks (deterministic). For agents with lifecycle hooks, the installer registers a stop hook that runs every time the agent finishes a turn — no model discretion involved. The hook submits the workspace's uncommitted Git diff via the zeropath CLI (scan-code --diff --caller agent) and:

    • Monitoring mode (default): warns the user about findings and logs the full report under ~/.zeropath/logs/.
    • Blocking mode: refuses to let the agent stop while findings at or above a severity threshold exist, feeding the findings back into the agent's context so it remediates them. Enable with ZEROPATH_BLOCKING_STOP_HOOKS=true in ~/.zeropath/config.env.

Scans run against ZeroPath's On-Demand Code Scan API, which analyzes just the submitted diff/files (typically tens of seconds) and supports an additionalContext field for task context. Agent-triggered scans are tagged metadata.caller: "agent" so they're distinguishable in scan telemetry.

What gets installed where

Path Purpose
~/.zeropath/bin/zeropath ZeroPath CLI (downloaded from zeropath-cli releases)
~/.zeropath/bin/zeropath-cursor-rules Helper that installs the Cursor project rule into the current repo
~/.zeropath/hooks/ Stop-hook scripts (zeropath_hook.py + per-agent wrappers)
~/.zeropath/config.env Hook settings (blocking mode, severity threshold, timeouts)
~/.zeropath/logs/, ~/.zeropath/cache/ Scan reports and diff-hash cache (skip rescanning unchanged diffs)
~/.config/zeropath/credentials.json API token, written via zeropath auth
~/.claude.json, ~/.claude/settings.json, ~/.claude/CLAUDE.md Claude Code MCP server, Stop hook, guidance
~/.codex/config.toml, ~/.codex/AGENTS.md Codex MCP server, guidance
~/.cursor/mcp.json, ~/.cursor/hooks.json Cursor MCP server, stop hook

The MCP server itself runs on demand via uvx — the installer warns if uv is missing.

Verify

  • Claude Code: /mcp should list a connected zeropath server. claude --debug shows the Stop hook firing at the end of a turn.
  • Codex: /mcp in the TUI, or check ~/.codex/config.toml.
  • Cursor: Settings → MCP lists zeropath. Run zeropath-cursor-rules once per project to install the agent rule.
  • End to end: in a repo with uncommitted changes, ~/.zeropath/bin/zeropath scan-code --diff --caller agent.

Documentation

Canonical docs live on the ZeroPath docs site (this repo intentionally keeps none of its own beyond this README, so there is a single source of truth):

Uninstall

curl -fsSL https://raw.githubusercontent.com/ZeroPathAI/agent_install/main/uninstall.sh | bash

Add -s -- --purge to also remove stored credentials.

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages