> ## Documentation Index
> Fetch the complete documentation index at: https://docs.guardway.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Overview

> Inventory and risk-score every AI tool, agent, skill, MCP server, and extension installed on a laptop or workstation — locally, with nothing uploaded.

**Guardway CLI** (`gw-cli`) is the endpoint-side arm of [Discovery](/discovery/overview). Where the GitHub side of Discovery scans your *repositories* in the cloud, `gw-cli` runs on a *machine* — a developer laptop, a build host, a workstation — and inventories the AI tools that are actually installed there: the agents, accounts, agent projects, skills, MCP servers, and extensions a person has on disk, each scored for risk.

It is a single self-contained binary. It runs entirely on the machine and stores its results encrypted under `~/.guardway`. By default it is **local-only** — nothing leaves the endpoint. Optionally, you can **enroll** it with a console API key so it reports its inventory to a central Guardway console for fleet visibility; reporting is strictly opt-in (see [Fleet reporting](#fleet-reporting-optional)).

<Frame caption="Guardway CLI → local dashboard">
  <img src="https://mintcdn.com/fcguardwayai/k3kSubULXk9nAca3/images/screenshots/discovery/guardway-cli/overview.png?fit=max&auto=format&n=k3kSubULXk9nAca3&q=85&s=b000e0db459a500f95f284b2e5684342" alt="Guardway CLI local dashboard" width="1600" height="1000" data-path="images/screenshots/discovery/guardway-cli/overview.png" />
</Frame>

## What this is for

Repository Discovery answers *"what AI does our source code depend on?"* The Guardway CLI answers the complementary question: *"what AI tooling is actually installed and running on this endpoint, and is any of it risky?"*

Use it to:

* **Inventory** the AI tools, agent projects, skills, MCP servers, and extensions on a machine.
* **Risk-score** each skill / command / subagent / MCP config before it can do harm.
* **Measure** the machine against the [OWASP Agentic Skills Top 10](/discovery/guardway-cli/inventory#owasp-agentic-skills-top-10) — every finding is tagged AST01–AST10 and rolled up into a compliance score.
* **Govern** what's installed: [`approve`](/discovery/guardway-cli/cli-reference#approve) a reviewed baseline, then get flagged when anything new or changed appears.
* **Vet** a skill or repo from a git URL *before* installing it — clone-and-scan, never execute.
* **Watch** live LLM traffic (model, redacted prompt, tool calls, tokens, destination) on macOS.

It complements repository Discovery: repos tell you what your codebase ships; the endpoint tells you what your engineers are running locally — including things that never touch a repo.

## What it finds

| Type                                       | Examples                                                                                                                                            |
| ------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------- |
| **AI tools / apps**                        | Claude Code, Claude Desktop, Cursor, Codex, Gemini CLI, Copilot, Cline, Continue, Goose, and many more — desktop apps, CLIs, and editor extensions. |
| **Accounts**                               | Per tool, whether the signed-in account is **corporate** or **personal** (by email domain).                                                         |
| **Agent projects**                         | Folders on disk that contain agent configuration (skills, MCP configs, add-ons).                                                                    |
| **Skills**                                 | `SKILL.md` skills, risk-scored individually.                                                                                                        |
| **MCP servers**                            | Registered [MCP](https://modelcontextprotocol.io) server configs, analyzed for hardcoded secrets, non-TLS endpoints, and shell-launch.              |
| **Commands / Hooks / Subagents / Plugins** | The full agent extension surface, with risky items flagged.                                                                                         |

## Platforms

<CodeGroup>
  ```text macOS theme={null}
  Full build. Discovery + risk scoring + local dashboard,
  plus live LLM-traffic capture (`gw-cli mitm`).
  Apple Silicon by default; x86_64 build on request.
  ```

  ```text Linux theme={null}
  Static-analysis build (Ubuntu 24.04, x86_64 / arm64).
  Discovery + risk scoring + dashboard.
  Live traffic capture (`mitm`) is macOS-only.
  ```

  ```text Windows theme={null}
  Static-analysis build (Windows 10/11, x86-64).
  Discovery + risk scoring + dashboard.
  Live traffic capture (`mitm`) is macOS-only.
  ```
</CodeGroup>

## Install

<Tabs>
  <Tab title="macOS">
    ```sh theme={null}
    tar -xzf guardway-gw-cli-macos-arm64.tar.gz
    cd guardway-gw-cli
    ./install.sh
    ```

    Copies `gw-cli` to `~/.local/bin` and clears the download-quarantine flag. If `gw-cli: command not found`, add `~/.local/bin` to your `PATH`:

    ```sh theme={null}
    echo 'export PATH="$HOME/.local/bin:$PATH"' >> ~/.zshrc
    ```
  </Tab>

  <Tab title="Linux">
    ```sh theme={null}
    tar -xzf guardway-gw-cli-linux-x86_64.tar.gz   # or -linux-arm64
    cd guardway-gw-cli
    ./install.sh
    ```

    Copies `gw-cli` to `~/.local/bin`. The binary is glibc-based with no runtime dependencies. If `gw-cli: command not found`, add `~/.local/bin` to your `PATH`:

    ```sh theme={null}
    echo 'export PATH="$HOME/.local/bin:$PATH"' >> ~/.bashrc
    ```
  </Tab>

  <Tab title="Windows">
    Unzip `guardway-gw-cli-windows-x86_64.zip`, then in **PowerShell** from the unzipped folder:

    ```powershell theme={null}
    .\install.ps1
    ```

    If script execution is blocked:

    ```powershell theme={null}
    powershell -ExecutionPolicy Bypass -File .\install.ps1
    ```

    Open a **new** terminal so the updated `PATH` takes effect.
  </Tab>
</Tabs>

<Note>
  The current builds are **unsigned test builds**. On macOS, if Gatekeeper blocks it, run `xattr -dr com.apple.quarantine ~/.local/bin/gw-cli`. On Windows, SmartScreen/Defender may warn on first run; `install.ps1` clears the mark-of-the-web.
</Note>

## How it works

<Steps>
  <Step title="Inventory the machine">
    ```sh theme={null}
    gw-cli discover --deep
    ```

    Walks the machine for AI tools, agent projects, skills, MCP configs, and extensions, then risk-scores each artifact and stores the result encrypted under `~/.guardway`.
  </Step>

  <Step title="View the results">
    ```sh theme={null}
    gw-cli serve        # live dashboard → http://localhost:8789  (Ctrl-C to stop)
    gw-cli report       # or a plain-text summary in the terminal
    ```

    The dashboard groups skills by project, badges each by risk, and has tabs for Add-ons, Agents, MCP servers, Tools, and Runtime — plus an Accounts summary. See [Local Dashboard](/discovery/guardway-cli/dashboard).
  </Step>

  <Step title="Keep it current (recommended)">
    ```sh theme={null}
    gw-cli schedule --interval daily --at 09:00
    ```

    Installs a background job (launchd / systemd `--user` timer / Task Scheduler) that re-runs `discover --deep` on a cadence and exits — nothing stays resident. Open `serve` whenever you want to look.
  </Step>

  <Step title="Vet before you install">
    ```sh theme={null}
    gw-cli vet github.com/owner/repo
    ```

    Shallow-clones a skill/repo into a throwaway temp dir, scans every artifact, prints a verdict, and deletes the clone — **the code is never executed**.
  </Step>

  <Step title="(macOS) Capture live traffic">
    ```sh theme={null}
    gw-cli mitm
    ```

    Trusts a local CA and points the system HTTPS proxy at a local inspector so you can see what your AI tools actually send to model providers — with secrets redacted. Reverts on exit.
  </Step>
</Steps>

## Accurate risk scoring (recommended)

Out of the box, `gw-cli` scores with a built-in heuristic engine that deliberately over-flags. For production-grade scoring it auto-detects **NVIDIA SkillSpector** if present:

```sh theme={null}
curl -LsSf https://astral.sh/uv/install.sh | sh
uv tool install --python 3.12 git+https://github.com/NVIDIA/skillspector.git
gw-cli discover --deep      # now scores with engine = SkillSpector
```

See [Inventory & Risk Scoring](/discovery/guardway-cli/inventory) for how the two engines differ and what the offline augmentation passes add on top.

## Fleet reporting (optional)

By default the CLI never talks to the network. To roll endpoint inventory up into a central console for fleet visibility, **enroll** the machine once with an endpoint API key:

```sh theme={null}
gw-cli enroll --key sk-ep-… --url <your-console-url> --verify
```

This writes the key + console URL to `<data-dir>/config.toml` (mode `0600`, never logged). Afterwards you can push the current snapshot on demand or after a scan:

```sh theme={null}
gw-cli discover --deep --report     # scan, then push the findings
gw-cli report --push                # push the latest stored snapshot
gw-cli enroll --remove              # stop reporting; clears the saved config
```

<Note>
  Reporting is **opt-in and fail-safe**: nothing is sent unless a key + URL are configured, secrets are already redacted at source, `--air-gap` disables reporting, and a failed push is queued to a local outbox and retried on the next run — it never breaks a scan.
</Note>

## Scope & privacy

The Guardway CLI is **local-first**. It runs on the machine and stores everything encrypted under `~/.guardway` (`%USERPROFILE%\.guardway` on Windows). Unless you explicitly [enroll](#fleet-reporting-optional) it with a console API key, **nothing leaves the endpoint** — no inventory, no findings, no prompts. Wipe all state with `rm -rf ~/.guardway`.

<Warning>
  Only one `gw-cli` process can use the encrypted store at a time. Don't run `discover` while `serve` is running — use the dashboard's **Rescan** button instead.
</Warning>

## Where to next

<CardGroup cols={2}>
  <Card icon="rectangle-terminal" title="CLI Reference" href="/discovery/guardway-cli/cli-reference">
    Every command and flag: `discover`, `serve`, `scan`, `vet`, `report`, `schedule`, `mitm`, `demo`.
  </Card>

  <Card icon="magnifying-glass-chart" title="Inventory & Risk Scoring" href="/discovery/guardway-cli/inventory">
    What it detects, the risk levels, the two scoring engines, and the offline evasion-resistant passes.
  </Card>

  <Card icon="gauge" title="Local Dashboard" href="/discovery/guardway-cli/dashboard">
    The `serve` dashboard: tabs, the Accounts summary, freshness, and auto-refresh.
  </Card>

  <Card icon="radar" title="Discovery Overview" href="/discovery/overview">
    The repository (GitHub) side of Discovery that this complements.
  </Card>
</CardGroup>
