Skip to content

AxioRank/grok-plugin

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

AxioRank | Govern your Grok coding agent

Govern Grok's agent the way you govern production agents. This plugin blocks the things you do not want an autonomous agent doing on your machine, locally and offline, and optionally mints a signed, offline-verifiable proof that the session was governed.

It blocks, before the action runs:

  • Destructive commands (rm -rf, git push --force, DROP TABLE, curl ... | sh)
  • Secret exfiltration (a command or file write that ships an API key, token, or .env)
  • Prompt-injected tool results (a poisoned MCP reply or fetched page steering the agent)

Local blocking runs fully offline with no account and no API key. It is a thin, self-contained wrapper around the published @axiorank/coding-guard, which bundles the zero-dependency AxioRank detection engine.

Install

From the Grok Build marketplace:

grok plugin install axiorank --trust

Or add this repository as a marketplace first, then install:

grok plugin marketplace add AxioRank/grok-plugin
grok plugin install axiorank --trust

Inside Grok Build you can also type /marketplace, find AxioRank, and press i.

What's in the plugin

Component What it does
hooks/hooks.json Runs the guard on PreToolUse, PostToolUse, and Stop.
scripts/guard.sh Shim that prefers the vendored bin/guard.mjs (offline) and falls back to npx @axiorank/coding-guard; passes --agent grok. Fail-open.
bin/guard.mjs Vendored coding-guard CLI (zero deps; runs on node).
.mcp.json Registers AxioRank's remote MCP server (optional; the full tools need AXIORANK_API_KEY).
skills/coding-guard/SKILL.md Reference for what the guard blocks and how sealing and verification work.
commands/governance.md /axiorank:governance: report the current governance state.
commands/verify-seal.md /axiorank:verify-seal: verify the session seal offline.

The AxioRank MCP server

.mcp.json registers AxioRank's remote security-gateway MCP server at https://app.axiorank.com/api/mcp-server/mcp. Public discovery (health and protocol coverage) works with no key. Set AXIORANK_API_KEY to unlock the full governance tools: score a proposed tool call, quarantine or revoke an agent, manage outbound policies, and search the audit trail from inside Grok.

Central audit and the Coding Session Seal (optional)

Set an API key and each session is reported to your AxioRank workspace and sealed at the end:

export AXIORANK_API_KEY="axr_live_..."

Sessions then appear under Coding Sessions, and a signed seal lands in <repo>/.axiorank/session-<id>.seal.json. Verify it offline, with no trust in AxioRank:

npx -y @axiorank/audit-verify coding-seal .axiorank/session-*.seal.json

Local blocking and central audit are free (audit counts against your plan's normal event quota). The signed Coding Session Seal is a Team-plan feature.

Privacy

The guard scores tool calls locally on your machine. Nothing leaves your machine unless you set AXIORANK_API_KEY, in which case redacted call metadata is sent to your AxioRank workspace for the audit trail and seal. The guard never reads ~/.ssh, .env, or your environment for exfiltration; it inspects the tool call the agent is about to run so it can block a leak, and it redacts secret material before recording anything.

MIT licensed. Part of AxioRank.

About

Govern your Grok coding agent: block destructive commands, secret exfiltration, and prompt-injected tool results locally and offline, then mint a signed Coding Session Seal. Install: grok plugin marketplace add AxioRank/grok-plugin

Resources

License

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors