zsh · first-astria-scaninstall

$ npm install -g @astriguard/cli

AVAILABLE ON NPM

ASTRIA CLI

Run Astriguard compliance scans from your terminal before code reaches review.

View npm package See commands

📦 npm package⚡ pre-push hook🔎 scan --file

See how it works

Built for teams

For every developer on your organisation

Astriguard CLI shifts compliance left: from a post-merge administrative burden to a terminal workflow that helps your whole team catch risky code before it leaves the machine.

⚡

Scan before push

Run a pre-push scan against the files you are about to ship and catch compliance issues before they become PR feedback.

prereview feedback loop

🔒

Same dashboard rules

The CLI uses the repositories, frameworks, and access controls already configured in Astriguard, so local scans and cloud scans stay aligned.

100%rule parity

📋

Readable terminal results

Findings come back with file paths, framework context, severity, and suggested fixes in the terminal so developers can act without opening a dashboard.

1command to scan

Setup

Up and running in under two minutes

STEP 01

Install from npm and sign in

Install the published package, connect your GitHub identity, and optionally add the pre-push hook to the current repository.

npm install -g @astriguard/cli
astria-cli login
astria-cli install-hooks

STEP 02

Scan changed files or one file

Inspect staged changes before pushing, or scan a specific file with the frameworks you care about while you are iterating.

astria-cli scan --pre-push
astria-cli scan --file apps/api/src/routes.ts --frameworks SOC2

STEP 03

Fix terminal diagnostics

Astriguard verifies repository access, runs the configured compliance scan, and returns focused diagnostics with file, severity, framework, and remediation context.

Scanning 5 staged changed files...
HIGH  SOC2 CC6.1  apps/api/src/routes.ts:42
Add authorization before returning customer data.

See it in action

From staged diff to actionable findings

See how a local scan turns changed files into focused compliance diagnostics before code review.

zsh · my-project

CLEAN

01 · STAGED CHANGE

Developer stages an infrastructure change

infra/database.tf

10resource "aws_db_instance" "prod" {

11 instance_class = "db.t3.medium"

12 engine = "postgres"

13 publicly_accessible = true

14 storage_encrypted = false

15}

astria-cli · local shield

Architecture

Local speed. Cloud intelligence.

The CLI collects local git context, sends it through authenticated Astriguard APIs, and returns the same framework-aware analysis your team uses in cloud scans.

🔍

Local Git Context

Staged diffs · selected files

Astriguard CLI runs inside your repository, reads staged changes or a selected file, normalizes the GitHub remote, and packages only the relevant source context for analysis.

staged diffsingle filepre-push hookrepo remote

🧠

Astriguard Cloud Scan

Authenticated · framework-aware

The API verifies that the user can access the repository, applies the configured frameworks and plan-aware model policy, then returns terminal-ready diagnostics with remediation guidance.

SOC 2HIPAAGDPREU AI Act

Local context and cloud analysis merge into terminal diagnostics and pre-push exit codes so developers can fix the issue while the change is still fresh.

The difference

Reactive compliance vs proactive compliance

Aspect	Without Astriguard CLI	With Astriguard CLI
When violations are found	xPR review comments, after code is pushed	vIn the terminal before push or while scanning a file
How the scan runs	xRemote-only scans after a branch is already opened	vRun pre-push or single-file scans from the repo
File scope	xEntire PR context, even when you only need to check a small change	vStaged changed files or one explicit file path
Developer feedback	xDashboard or PR comments required to understand findings	vStructured terminal output with severity, rule context, and fix guidance
Compliance rule source	xSeparate CI config, drift possible	vPulled from Astriguard dashboard and tied to verified repository access

🛡️

AVAILABLE ON NPM

Install Astriguard CLI today

The CLI package is live on npm. Install it globally, sign in, and start scanning changed files from the same repositories connected to Astriguard.

View on npmnpm install -g @astriguard/cli

Then run astria-cli login and astria-cli scan --pre-push.