Most teams don't know what AI dev tools and agents are active across their repos, what permissions they have, or what changed since last week. Wrkr answers that in minutes. Scan your GitHub org, get ranked findings, and generate audit-ready evidence. Read-only. No integration required.
Wrkr is the See layer in the Clyra AI governance stack (See -> Prove -> Control -> Build). It discovers AI tooling across repositories and orgs, scores posture, tracks identity lifecycle, and emits signed proof artifacts ready for compliance review or downstream automation.
Docs: clyra-ai.github.io/wrkr | Command contracts: docs/commands/ | Docs map: docs/README.md
- You need a deterministic inventory of AI development tools across repos or an org.
- You need ranked risk findings and posture scoring you can trend over time.
- You need file-based, verifiable evidence for audits or CI gates.
- You need stable JSON and exit-code contracts for automation pipelines.
- You need runtime enforcement at tool execution boundaries (that is Gait, the Control layer).
- You need live network telemetry as your primary signal.
- You need probabilistic or LLM-based scoring in the scan or evidence path.
brew install Clyra-AI/tap/wrkrWRKR_VERSION="$(gh release view --repo Clyra-AI/wrkr --json tagName -q .tagName 2>/dev/null || curl -fsSL https://api.github.com/repos/Clyra-AI/wrkr/releases/latest | python3 -c 'import json,sys; print(json.load(sys.stdin)[\"tag_name\"])')"
go install github.com/Clyra-AI/wrkr/cmd/wrkr@"${WRKR_VERSION}"command -v wrkr
wrkr --jsonCommon locations:
- Apple Silicon Homebrew:
/opt/homebrew/bin/wrkr - Intel Homebrew:
/usr/local/bin/wrkr - Go install:
$(go env GOBIN)/wrkr(or$(go env GOPATH)/bin/wrkrwhenGOBINis unset)
Run the full scan-to-evidence workflow locally against the bundled scenarios:
# Build local CLI
make build
# Point at a local target
./.tmp/wrkr init --non-interactive --path ./scenarios/wrkr/scan-mixed-org/repos --json
# Scan, rank, and score posture
./.tmp/wrkr scan --path ./scenarios/wrkr/scan-mixed-org/repos --profile standard --json
./.tmp/wrkr report --top 5 --json
./.tmp/wrkr score --json
# Generate and verify evidence
./.tmp/wrkr evidence --frameworks eu-ai-act,soc2 --output ./.tmp/evidence --json
./.tmp/wrkr verify --chain --json
# Baseline and drift gate
./.tmp/wrkr regress init --baseline ./.wrkr/last-scan.json --output ./.tmp/wrkr-regress-baseline.json --json
./.tmp/wrkr regress run --baseline ./.tmp/wrkr-regress-baseline.json --jsonExpected JSON keys by command family:
scan:target,findings,ranked_findings,inventory,privilege_budget,agent_privilege_map,profile,posture_score(optional:policy_warnings,report)report:top_findings,total_tools,compliance_gap_countscore:score,grade,weighted_breakdown,trend_deltaevidence:output_dir,manifest_path,chain_path,framework_coverageverify:chain.intact,chain.head_hashregress run: deterministic drift status and reason fields
Structured detection for Claude, Cursor, Codex, Copilot, MCP, skills, and CI agent execution patterns. Local offline scanning via --path. Fail-closed behavior for hosted acquisition modes.
Ranked findings with repo-exposure rollups. Posture score and weighted breakdown you can trend over time to show governance improving.
Deterministic identities in wrkr:<tool_id>:<org> format. Lifecycle transitions from discovered through approved, active, deprecated, and revoked.
Signed proof records for scan_finding, risk_assessment, and lifecycle events. Evidence bundles with compliance framework mappings and offline verification. No calling home required.
Regress baseline and run gates with stable exit behavior. Deterministic remediation planning via wrkr fix for top-risk findings.
Exactly one source target is required per scan invocation:
--repo <owner/repo>--org <org>--path <local-dir>
Acquisition behavior:
--path: local, offline, fully deterministic.--repoand--org: require--github-apiorWRKR_GITHUB_API_BASE; unavailable acquisition fails closed with exit7.- Invalid target combinations fail with exit
6.
Use --production-targets <path> to classify production-write exposure deterministically.
wrkr scan --path ./scenarios/wrkr/scan-mixed-org/repos --production-targets ./docs/examples/production-targets.v1.yaml --jsonPolicy contract:
- YAML file, schema-validated against
schemas/v1/policy/production-targets.schema.json - Exact/prefix matching only (no free-form regex)
production_write = has_any(write_permissions) AND matches_any_production_target- Optional strict mode:
--production-targets-strictreturns non-zero when the policy file is missing/invalid
Reference example: docs/examples/production-targets.v1.yaml
Generate deterministic operator-ready markdown directly from scan:
wrkr scan --path ./scenarios/wrkr/scan-mixed-org/repos --report-md --report-md-path ./.tmp/scan-summary.md --report-template operator --jsonRender report artifacts from saved state:
wrkr report --state ./.tmp/state.json --md --md-path ./.tmp/wrkr-report.md --explainwrkr init --non-interactive --path ./scenarios/wrkr/scan-mixed-org/repos --json
wrkr scan --path ./scenarios/wrkr/scan-mixed-org/repos --state ./.tmp/state.json --json
wrkr report --top 5 --json
wrkr evidence --frameworks eu-ai-act,soc2 --state ./.tmp/state.json --output ./.tmp/evidence --json
wrkr verify --chain --state ./.tmp/state.json --json
wrkr regress init --baseline ./.tmp/state.json --output ./.tmp/wrkr-regress-baseline.json --json
wrkr regress run --baseline ./.tmp/wrkr-regress-baseline.json --state ./.tmp/state.json --jsonGate semantics:
- Exit
0: pass - Exit
5: drift/regression gate fail - Any other non-zero: contract or runtime failure; block merge
Reference guides: docs/adopt_in_one_pr.md | docs/integration_checklist.md
Wrkr is the DMV registration for your AI fleet. It tells you what is on the road, what it is authorized to do, and what changed. Wrkr generates deterministic evidence artifacts from scans; Axym maps those artifacts to compliance controls and reporting workflows. Runtime enforcement remains Gait's boundary.
- See (Wrkr): Discover AI tooling posture and risk.
- Prove (Axym): Consume and verify evidence records.
- Control (Gait): Enforce runtime tool-boundary decisions.
Wrkr runs standalone and interoperates through shared Clyra-AI/proof contracts.
- Deterministic scan, risk, and proof pipeline. No LLM calls in these paths, ever.
- Zero data exfiltration by default for local scan and evidence workflows.
- Evidence is file-based, portable, and verifiable offline.
--jsonoutput is machine-consumable across all command surfaces.- Exit codes are stable API contracts:
0success1runtime failure2verification failure3policy/schema violation4approval required5regression drift6invalid input7dependency missing8unsafe operation blocked
wrkr init
wrkr scan
wrkr report
wrkr export
wrkr identity list|show|approve|review|deprecate|revoke
wrkr lifecycle
wrkr manifest generate
wrkr regress init|run
wrkr score
wrkr verify --chain
wrkr evidence
wrkr fix
All commands support --json. Human-readable rationale is available via --explain where supported.
- Docs map:
docs/README.md - Mental model:
docs/concepts/mental_model.md - Architecture:
docs/architecture.md - Policy authoring:
docs/policy_authoring.md - Failure taxonomy and exits:
docs/failure_taxonomy_exit_codes.md - Threat model:
docs/threat_model.md - Compatibility matrix:
docs/contracts/compatibility_matrix.md - Trust docs:
docs/trust/ - Intent pages:
docs/intent/
Public docs: clyra-ai.github.io/wrkr
make fmt
make lint-fast
make test-fast
make test-contracts
make test-scenarios
make prepush-fullDocs and docs-site validation:
make test-docs-consistency
make test-docs-storyline
make docs-site-check
make docs-site-audit-prod- Security policy:
SECURITY.md - Contributing guide:
CONTRIBUTING.md - License:
LICENSE - Issues: github.com/Clyra-AI/wrkr/issues