The CLI Agent Harness is an open-source security project designed to solve a critical problem in the era of autonomous developer tools: Ambient Authority.

When you run agents like Claude Code, Aider, or Codex locally on your machine, they typically inherit your entire environment. They have access to your SSH keys, your production AWS credentials, and root-level write access to your hard drive.

Most developers attempt to "secure" these agents by writing better system prompts ("Do not delete my files"). But prompt injection proves that behavioral filtering fails. You cannot filter danger with an LLM.

The Kernel Approach

This project replaces wrappers with a deterministic governance kernel. We virtualize the world for the agent using an immutable WorldManifest. If a tool is not in the agent's ontology, it simply does not exist. If a piece of data is tainted, the compiler statically ensures it can never drive a network request.

The Engineering Flywheel

This blog itself is maintained by an autonomous multi-agent system spinning an "Engineering Flywheel." Codex constantly queries the web for new vulnerabilities, Claude Code writes the Rust defenses in the cli-agent kernel, and Antigravity generates these deep-dive articles and terminal demos to share with the community.