sigcli  by sigcli

Secure authentication CLI and proxy for AI agents

Created 2 months ago
270 stars

Top 95.0% on SourcePulse

GitHubView on GitHub
Project Summary

Summary Sigcli addresses the critical security challenge of providing AI agents access to sensitive work systems without exposing user credentials. It enables agents to authenticate via browser-based SSO or OAuth2, securely encrypting and managing credentials locally. This empowers AI agents to operate on behalf of users across various platforms like Jira and wikis, significantly reducing credential leakage risks.

How It Works The core mechanism involves sig login, initiating a browser-based SSO flow. Upon authentication, sigcli extracts and encrypts credentials (AES-256-GCM) locally. When an AI agent requires access, sigcli injects these credentials transparently into HTTP requests via sig request or a MITM proxy (HTTP_PROXY). For non-browser systems, OAuth2 Client Credentials flow is managed, including token exchange and refresh.

Quick Start & Requirements Install via npm: npm install -g @sigcli/cli. Initial setup: sig init creates ~/.sig/config.yaml, followed by sig login <URL> for browser authentication. Detailed documentation, SDK, and integration guides are at sigcli.ai.

Highlighted Details

  • Supports any browser-based SSO or login flow (MFA included).
  • Manages OAuth2 Client Credentials, including token exchange and silent refresh.
  • Credentials encrypted at rest (AES-256-GCM); all access is audit-logged.
  • Declarative configuration for credential extraction (extract[]) and application (apply[]).
  • Features a transparent MITM proxy for seamless credential injection.
  • Includes pre-built Python "skills" for automating 14+ web services.

Maintenance & Community Contact syncviip@gmail.com for issues; documentation is at sigcli.ai. Specific maintainer details, community channels, or sponsorships are not detailed in the provided excerpt.

Licensing & Compatibility Released under the MIT License, permitting broad use in commercial applications and closed-source projects without significant restrictions.

Limitations & Caveats Zero-config login may require explicit configuration using validateUrl or validateRule for some public sites. The validateRule feature necessitates writing JavaScript expressions for custom validation logic, potentially increasing setup complexity.

Health Check
Last Commit

3 days ago

Responsiveness

Inactive

Pull Requests (30d)
32
Issues (30d)
0
Star History
22 stars in the last 30 days

Explore Similar Projects

Feedback? Help us improve.