{ "report_info": { "version": "9.0.1", "generated_at": "2026-04-11T17:16:13Z", "binary_name": "ai-gateway" }, "binary": { "name": "ai-gateway", "path": "/home/kodachi/k900/dashboard/hooks/ai-gateway", "timestamp": "2026-04-11T17:16:13Z", "file_info": { "size": 4737288, "sha256": "c0dc5c859eb535a24e1b3440dd63b92a05871d5374b9da1b282425ce7d0260e4" }, "flag_n": { "status": "success", "timestamp": "2026-04-11T17:16:13.658658272Z", "command": "info", "version": "9.0.1", "data": { "name": "ai-gateway", "version": "9.0.1", "author": "Warith Al Maawali", "description": "Unified AI gateway for command catalog, policy firewall, and safe execution", "copyright": "© 2026 Linux Kodachi", "website": "https://www.digi77.com", "license": "Proprietary", "features": [ "Embedded command catalog with 800+ commands from 15+ services", "TF-IDF + substring hybrid search across all services", "Three-tier risk classification (Passive/Active/Dangerous)", "Policy firewall with allowlist enforcement", "Workspace confinement and path validation", "Failure cooldown to prevent cascading degradation", "Per-agent identity, rate limiting, and audit trail for executions", "Approval ticket workflow for agent-to-human authorization", "Configurable per-operation timeouts with env var override", "Full JSON/JSON-pretty/JSON-human output support" ], "securityFeatures": { "inputValidation": "All inputs are validated and sanitized", "rateLimiting": "Built-in rate limiting for network operations", "authentication": "Secure authentication with certificate pinning", "encryption": "TLS 1.3 for all network communications" }, "systemRequirements": { "os": "Linux (Debian-based)", "privileges": "root/sudo for system operations", "dependencies": [ "OpenSSL", "libcurl" ] } }, "errors": [], "warnings": [], "metadata": { "executionTime": 0, "hostname": "Boardroom-System", "user": "kodachi" } }, "flag_v": { "status": "success", "timestamp": "2026-04-11T17:16:13.724736952Z", "command": "version", "version": "9.0.1", "data": { "name": "ai-gateway", "version": "9.0.1", "buildDate": "2026-04-11T17:16:13.724153713Z", "gitCommit": "unknown", "rustVersion": "1.82.0" }, "errors": [], "warnings": [], "metadata": { "executionTime": 0, "hostname": "Boardroom-System", "user": "kodachi" } }, "flag_h": { "status": "success", "timestamp": "2026-04-11T17:16:13.790767583Z", "command": "help", "version": "9.0.1", "data": { "name": "ai-gateway", "description": "Unified AI gateway for command catalog, policy firewall, and safe execution", "usage": "ai-gateway [OPTIONS] [COMMAND] [ARGS]", "commandCategories": [ { "category": "Administration", "commands": [ { "name": "index", "description": "Rebuild the search index from the embedded registry", "usage": "ai-gateway ai-gateway index rebuild", "options": [], "requires_sudo": false, "examples": [ "ai-gateway index rebuild", "ai-gateway index rebuild --json", "ai-gateway index rebuild --json-pretty" ] }, { "name": "policy", "description": "Show the current safety policy configuration", "usage": "ai-gateway ai-gateway policy show", "options": [], "requires_sudo": false, "examples": [ "ai-gateway policy show", "ai-gateway policy show --json", "ai-gateway policy show --json-pretty" ] }, { "name": "doctor", "description": "Health check that verifies all registered binaries exist and respond", "usage": "ai-gateway ai-gateway doctor", "options": [], "requires_sudo": false, "examples": [ "ai-gateway doctor", "ai-gateway doctor --json", "ai-gateway doctor --json-pretty" ] }, { "name": "approve", "description": "Issue or verify human approval tickets for agent execution", "usage": "ai-gateway ai-gateway approve issue [--agent-id ] [--ttl ]\nai-gateway approve verify --ticket [--agent-id ]", "options": [], "requires_sudo": false, "examples": [ "ai-gateway approve issue health-control block-internet --agent-id kodachi-claw --ttl 600 --json", "ai-gateway approve verify --ticket \"$TICKET\" health-control block-internet --agent-id kodachi-claw --json" ] } ] }, { "category": "Discovery", "commands": [ { "name": "list", "description": "List all services and their commands from the embedded registry", "usage": "ai-gateway ai-gateway list [--service ] [--category ]", "options": [ { "flag": "--service", "description": "Filter by service name" }, { "flag": "--category", "description": "Filter by category name" } ], "requires_sudo": false, "examples": [ "ai-gateway list", "ai-gateway list --json", "ai-gateway list --service tor-switch", "ai-gateway list --service health-control --json", "ai-gateway list --category passive" ] }, { "name": "search", "description": "Search across all services and commands using TF-IDF + substring matching", "usage": "ai-gateway ai-gateway search [--limit ]", "options": [ { "flag": "--limit", "description": "Maximum number of results to return", "default": "20" } ], "requires_sudo": false, "examples": [ "ai-gateway search \"tor status\"", "ai-gateway search \"dns leak\" --json", "ai-gateway search \"network check\" --limit 5", "ai-gateway search \"panic\" --json-pretty" ] }, { "name": "help", "description": "Show detailed help for a service or specific command", "usage": "ai-gateway ai-gateway help [command]", "options": [], "requires_sudo": false, "examples": [ "ai-gateway help tor-switch", "ai-gateway help tor-switch tor-status --json", "ai-gateway help health-control --json-pretty", "ai-gateway help dns-leak test", "ai-gateway help zeroclaw --json" ] }, { "name": "capabilities", "description": "Show effective capabilities for an AI agent identity", "usage": "ai-gateway ai-gateway capabilities [--agent-id ] [--agent-token ]", "options": [ { "flag": "--agent-id", "description": "Agent profile (kodachi-claw/nullclaw/agentzero/openclaw/picoclaw/nanoclaw/claude-code/gpt/gemini/open-interpreter; aliases: zeroclaw, nanclaw, \"claude code\", \"open interpreter\")", "default": "anonymous" }, { "flag": "--agent-token", "description": "Optional token for authenticated agent profiles" } ], "requires_sudo": false, "examples": [ "ai-gateway capabilities --agent-id kodachi-claw --agent-token $KODACHI_AGENT_TOKEN_KODACHI_CLAW --json", "ai-gateway capabilities --agent-id nullclaw --agent-token $KODACHI_AGENT_TOKEN_NULLCLAW", "ai-gateway capabilities --agent-id openclaw --agent-token $KODACHI_AGENT_TOKEN_OPENCLAW --json", "ai-gateway capabilities --agent-id picoclaw --agent-token $KODACHI_AGENT_TOKEN_PICOCLAW --json", "ai-gateway capabilities --agent-id nanoclaw --agent-token $KODACHI_AGENT_TOKEN_NANOCLAW --json", "ai-gateway capabilities --agent-id nanclaw --agent-token $KODACHI_AGENT_TOKEN_NANOCLAW --json", "ai-gateway capabilities --agent-id claude-code --agent-token $KODACHI_AGENT_TOKEN_CLAUDE_CODE --json", "ai-gateway capabilities --agent-id \"claude code\" --agent-token $KODACHI_AGENT_TOKEN_CLAUDE_CODE --json", "ai-gateway capabilities --agent-id gpt --agent-token $KODACHI_AGENT_TOKEN_GPT --json", "ai-gateway capabilities --agent-id gemini --agent-token $KODACHI_AGENT_TOKEN_GEMINI --json", "ai-gateway capabilities --agent-id open-interpreter --agent-token $KODACHI_AGENT_TOKEN_OPEN_INTERPRETER --json", "ai-gateway capabilities --agent-id \"open interpreter\" --agent-token $KODACHI_AGENT_TOKEN_OPEN_INTERPRETER --json", "ai-gateway capabilities --agent-id anonymous --json" ] } ] }, { "category": "Execution", "commands": [ { "name": "run", "description": "Validate and execute a binary command through the safety layer", "usage": "ai-gateway ai-gateway run --command [--args ...] [--args-json ] [--dry-run] [--timeout ] [--agent-id ] [--agent-token ] [--approval-ticket ] OR ai-gateway run --batch-json --agent-id --agent-token ", "options": [ { "flag": "--command", "description": "Command to execute (required)", "required": true }, { "flag": "--args", "description": "Command arguments (multiple)" }, { "flag": "--args-json", "description": "Command arguments as JSON object/array" }, { "flag": "--batch-json", "description": "Batch execution payload for trusted agents (JSON array, sequential mode only)" }, { "flag": "--dry-run", "description": "Validate without executing" }, { "flag": "--timeout", "description": "Execution timeout in seconds", "default": "60" }, { "flag": "--confirm", "description": "Approval token for commands requiring confirmation" }, { "flag": "--approval-ticket", "description": "Human-issued approval ticket for Active/Dangerous commands" }, { "flag": "--agent-id", "description": "Agent profile (trusted profiles require token auth)", "default": "anonymous" }, { "flag": "--agent-token", "description": "Agent auth token for token-required profiles" } ], "requires_sudo": false, "examples": [ "ai-gateway run health-control --command net-check --dry-run", "ai-gateway run ip-fetch --command fetch --dry-run --json", "ai-gateway run tor-switch --command tor-status --timeout 60 --json", "ai-gateway run tor-switch --command set-exit-node --args-json '{\"country\":\"de\"}' --dry-run --json", "ai-gateway run dns-leak --command test --dry-run --json-pretty", "ai-gateway run kodachi-claw --command status --agent-id kodachi-claw --agent-token $KODACHI_AGENT_TOKEN_KODACHI_CLAW --dry-run --json", "KODACHI_TRUSTED_BATCH_MODE=true ai-gateway run --agent-id kodachi-claw --agent-token $KODACHI_AGENT_TOKEN_KODACHI_CLAW --batch-json '[{\"service\":\"kodachi-claw\",\"command\":\"status\"},{\"service\":\"kodachi-claw\",\"command\":\"doctor\",\"dry_run\":true}]' --json", "ai-gateway approve issue health-control block-internet --agent-id kodachi-claw --ttl 600 --json" ] } ] } ], "globalOptions": [ { "flag": "-h, --help", "description": "Print help information" }, { "flag": "-v, --version", "description": "Print version information" }, { "flag": "-n, --info", "description": "Display detailed information" }, { "flag": "-e, --examples", "description": "Show usage examples" }, { "flag": "--json", "description": "Output in JSON format" }, { "flag": "--json-pretty", "description": "Pretty-print JSON output with indentation" }, { "flag": "--json-human", "description": "Enhanced JSON output with improved formatting (like jq)" }, { "flag": "--verbose", "description": "Enable verbose output" }, { "flag": "--quiet", "description": "Suppress non-essential output" }, { "flag": "--no-color", "description": "Disable colored output" }, { "flag": "--config ", "description": "Use custom configuration file" }, { "flag": "--timeout ", "description": "Set timeout (default: 30)" }, { "flag": "--retry ", "description": "Retry attempts (default: 3)" } ], "environmentVariables": [ { "name": "RUST_LOG", "description": "Set logging level", "default": "info", "values": "error|warn|info|debug|trace" }, { "name": "NO_COLOR", "description": "Disable all colored output when set", "default": "unset", "values": "1|true|yes (any value disables color)" } ], "exitCodes": { "0": "Success", "2": "Invalid arguments", "4": "Network error", "5": "File not found", "1": "General error", "3": "Permission denied" } }, "errors": [], "warnings": [], "metadata": { "executionTime": 0, "hostname": "Boardroom-System", "user": "kodachi" } }, "flag_e": { "status": "success", "timestamp": "2026-04-11T17:16:13.932445807Z", "command": "examples", "version": "9.0.1", "data": { "name": "ai-gateway", "description": "Usage examples for ai-gateway", "categories": [ { "id": "1_discovery", "title": "Service Discovery", "description": "Discover and explore all available Kodachi services and commands", "examples": [ { "command": "ai-gateway list --json", "description": "List all services with their commands in JSON format", "expectedOutput": "JSON array of all discovered services with metadata" }, { "command": "ai-gateway list --service tor-switch --json", "description": "List commands for a specific service", "expectedOutput": "Commands for tor-switch with descriptions and risk tiers" }, { "command": "ai-gateway list --service health-control", "description": "List health-control commands in text format", "expectedOutput": "Formatted list of health-control commands" } ] }, { "id": "2_search", "title": "Command Search", "description": "Search across all services using TF-IDF + substring hybrid search engine", "examples": [ { "command": "ai-gateway search \"tor exit node\" --json", "description": "Search for Tor exit node commands", "expectedOutput": "Ranked results with relevance scores", "notes": "Uses TF-IDF cosine similarity + substring matching" }, { "command": "ai-gateway search \"dns leak\" --limit 5 --json", "description": "Search with limited results", "expectedOutput": "Top 5 matching commands for DNS leak operations" }, { "command": "ai-gateway search \"network check\"", "description": "Search for network check commands in text format", "expectedOutput": "Numbered list of matching commands with scores" }, { "command": "ai-gateway search \"panic\" --json", "description": "Find all panic/emergency commands", "expectedOutput": "Emergency commands with Dangerous risk tier", "notes": "Dangerous commands are blocked unless pentest mode" } ] }, { "id": "3_help", "title": "Service Help", "description": "Get detailed help for any service or specific command", "examples": [ { "command": "ai-gateway help tor-switch --json", "description": "Full specification for tor-switch service", "expectedOutput": "JSON with all commands, options, examples, features, requirements" }, { "command": "ai-gateway help health-control security-status --json", "description": "Help for a specific command", "expectedOutput": "Detailed command spec with parameters and examples" }, { "command": "ai-gateway help dns-switch", "description": "Text help for dns-switch service", "expectedOutput": "Formatted help output for dns-switch" }, { "command": "ai-gateway help ip-fetch --json-pretty", "description": "Pretty-printed JSON help for ip-fetch", "expectedOutput": "Indented JSON with full service specification" } ] }, { "id": "4_execution", "title": "Safe Command Execution", "description": "Validate first, then execute when appropriate. No env var is needed for passive/active commands.", "examples": [ { "command": "ai-gateway run tor-switch --command tor-status --dry-run --json", "description": "Step 1 (validate): preview a passive command", "expectedOutput": "Validation result without actual execution", "notes": "Always use --dry-run first for safety" }, { "command": "ai-gateway run tor-switch --command tor-status --json", "description": "Step 2 (apply): execute passive command (no env needed)", "expectedOutput": "Live command execution result", "notes": "Passive commands execute without KODACHI_PENTEST_MODE" }, { "command": "ai-gateway run tor-switch --command set-exit-node --args-json '{\"country\":\"de\"}' --confirm --dry-run --json", "description": "Active command flow (no env needed): validate with explicit confirmation", "expectedOutput": "Validated active operation with parsed args-json", "notes": "For active commands, remove --dry-run to apply changes" }, { "command": "ai-gateway run dns-leak --command test --dry-run --timeout 60 --json", "description": "Dry-run DNS leak test with custom timeout", "expectedOutput": "Validation result for dns-leak test", "notes": "Timeout can be overridden with KODACHI_TOOL_TIMEOUT_MS env var" }, { "command": "ai-gateway run ip-fetch --command fetch --dry-run --json", "description": "Dry-run ip-fetch fetch command", "expectedOutput": "Validation result for ip-fetch fetch", "notes": "Dry-run keeps examples deterministic in offline/auth-restricted environments" }, { "command": "ai-gateway run tor-switch --command set-exit-node --args-json '{\"country\":\"de\"}' --dry-run --json", "description": "Pass structured JSON arguments for agent-safe invocation", "expectedOutput": "Dry-run validation with args expanded from JSON", "notes": "`--args-json` avoids brittle shell quoting in agent pipelines" } ] }, { "id": "5_policy", "title": "Safety Policy", "description": "View and understand the safety policy configuration", "examples": [ { "command": "ai-gateway policy show --json", "description": "Show current safety policy as JSON", "expectedOutput": "Policy with risk tiers, allowlists, and pentest mode status" }, { "command": "ai-gateway policy show", "description": "Show safety policy in text format", "expectedOutput": "Formatted policy display" }, { "command": "ai-gateway policy show --json-pretty", "description": "Pretty-printed policy configuration", "expectedOutput": "Indented JSON with complete policy details", "notes": "Run with inline env: KODACHI_PENTEST_MODE=true ai-gateway run health-control --command wipe-file --confirm --json" }, { "command": "KODACHI_PENTEST_MODE=true ai-gateway run health-control --command wipe-file --confirm \"I understand\" --dry-run --json", "description": "Dangerous command flow: env var required in addition to explicit confirm", "expectedOutput": "Dangerous command validated in dry-run mode with explicit confirmation token", "notes": "KODACHI_PENTEST_MODE is required only for dangerous commands" } ] }, { "id": "6_administration", "title": "Administration", "description": "Index management and system health checks", "examples": [ { "command": "ai-gateway index rebuild --json", "description": "Rebuild the search index", "expectedOutput": "Index statistics with service and command counts" }, { "command": "ai-gateway doctor --json", "description": "Check health of all registered binaries", "expectedOutput": "Health report for each binary (exists, responds, version, size)" }, { "command": "ai-gateway doctor", "description": "Health check in text format", "expectedOutput": "Table showing binary health status" } ] }, { "id": "7_output_formats", "title": "Output Formats", "description": "All commands support multiple output formats", "examples": [ { "command": "ai-gateway list --json", "description": "Standard JSON output (compact)", "expectedOutput": "Compact JSON response" }, { "command": "ai-gateway list --json-pretty", "description": "Pretty-printed JSON with indentation", "expectedOutput": "Indented JSON for readability" }, { "command": "ai-gateway list --json-human", "description": "Enhanced human-friendly JSON (like jq)", "expectedOutput": "Color-highlighted JSON output" }, { "command": "ai-gateway --version", "description": "Show version information", "expectedOutput": "ai-gateway version 9.0.1" }, { "command": "ai-gateway --info --json", "description": "Show detailed program info as JSON", "expectedOutput": "JSON with features, security, requirements" } ] }, { "id": "8_ai_agent_integration", "title": "AI Agent Integration", "description": "How Kodachi AI standardizes execution for agentzero/openclaw/picoclaw/kodachi-claw/nullclaw/nanoclaw/open-interpreter via one gateway contract", "examples": [ { "command": "ai-gateway search \"check tor status\" --limit 1 --json", "description": "AI agent finds the best matching command", "expectedOutput": "Top matching command with service and invocation", "notes": "ai-cmd delegates execution through ai-gateway; pipe to jq externally if needed" }, { "command": "ai-gateway run tor-switch --command tor-status --dry-run --json", "description": "AI agent validates before executing", "expectedOutput": "Validation passes, shows what would run", "notes": "Safety layer prevents dangerous commands from AI agents" }, { "command": "ai-gateway run tor-switch --command tor-status --json", "description": "AI agent executes passive command (no env required)", "expectedOutput": "Live tor-status execution result", "notes": "Passive command execution does not require KODACHI_PENTEST_MODE" }, { "command": "ai-gateway run kodachi-claw --command status --dry-run --json", "description": "Kodachi Claw integration path through ai-gateway", "expectedOutput": "Validation for kodachi-claw status command", "notes": "Kodachi AI gives the same JSON execution contract to all agents" }, { "command": "ai-gateway run agentzero --command status --dry-run --json", "description": "AgentZero integration template (must be in allowlist)", "expectedOutput": "Policy + invocation validation for agentzero", "notes": "Add agentzero to the default allowlist in policy_engine.rs" }, { "command": "ai-gateway run openclaw --command status --dry-run --json", "description": "OpenClaw integration template", "expectedOutput": "Policy + invocation validation for openclaw", "notes": "Use --dry-run first, then remove --dry-run to execute" }, { "command": "ai-gateway run picoclaw --command status --dry-run --json", "description": "PicoClaw integration template", "expectedOutput": "Policy + invocation validation for picoclaw", "notes": "Same API shape as ai-cmd and zeroclaw integrations" }, { "command": "ai-gateway run kodachi-claw --command status --json", "description": "Kodachi Claw live execution path (no allow-all env required when installed/allowlisted)", "expectedOutput": "Live kodachi-claw command output through gateway safety layer" }, { "command": "ai-gateway run nullclaw --command status --dry-run --json", "description": "NullClaw integration template", "expectedOutput": "Policy + invocation validation for nullclaw", "notes": "Ensure nullclaw is in the policy engine allowlist" }, { "command": "ai-gateway run nanoclaw --command status --dry-run --json", "description": "NanoClaw integration template", "expectedOutput": "Policy + invocation validation for nanoclaw", "notes": "Consistent gateway contract keeps agent integrations simple" }, { "command": "ai-gateway help tor-switch tor-status --json", "description": "AI agent gets command specification", "expectedOutput": "Full command spec for AI to understand parameters", "notes": "Use jq in your shell after this command for field extraction" } ] }, { "id": "9_agent_security", "title": "Agent Security", "description": "Identity verification, capability discovery, and approval-ticket workflow", "examples": [ { "command": "ai-gateway capabilities --agent-id kodachi-claw --agent-token $KODACHI_AGENT_TOKEN_KODACHI_CLAW --json", "description": "Discover what kodachi-claw is allowed to do", "expectedOutput": "Effective services, max risk tier, and per-minute rate limit" }, { "command": "ai-gateway capabilities --agent-id gpt --agent-token $KODACHI_AGENT_TOKEN_GPT --json", "description": "Discover trusted GPT agent capabilities", "expectedOutput": "Trusted profile details for gpt" }, { "command": "ai-gateway capabilities --agent-id claude-code --agent-token $KODACHI_AGENT_TOKEN_CLAUDE_CODE --json", "description": "Discover trusted Claude Code agent capabilities", "expectedOutput": "Trusted profile details for claude-code" }, { "command": "ai-gateway capabilities --agent-id gemini --agent-token $KODACHI_AGENT_TOKEN_GEMINI --json", "description": "Discover trusted Gemini agent capabilities", "expectedOutput": "Trusted profile details for gemini" }, { "command": "ai-gateway capabilities --agent-id open-interpreter --agent-token $KODACHI_AGENT_TOKEN_OPEN_INTERPRETER --json", "description": "Discover trusted Open Interpreter agent capabilities", "expectedOutput": "Trusted profile details for open-interpreter" }, { "command": "ai-gateway capabilities --agent-id openclaw --agent-token $KODACHI_AGENT_TOKEN_OPENCLAW --json", "description": "Discover trusted OpenClaw agent capabilities", "expectedOutput": "Trusted profile details for openclaw" }, { "command": "ai-gateway capabilities --agent-id picoclaw --agent-token $KODACHI_AGENT_TOKEN_PICOCLAW --json", "description": "Discover trusted PicoClaw agent capabilities", "expectedOutput": "Trusted profile details for picoclaw" }, { "command": "ai-gateway capabilities --agent-id nanoclaw --agent-token $KODACHI_AGENT_TOKEN_NANOCLAW --json", "description": "Discover trusted NanoClaw agent capabilities", "expectedOutput": "Trusted profile details for nanoclaw" }, { "command": "ai-gateway approve issue health-control block-internet --agent-id kodachi-claw --ttl 600 --json", "description": "Human issues time-limited approval ticket for an active/dangerous operation", "expectedOutput": "Signed approval ticket string", "notes": "Requires KODACHI_GATEWAY_APPROVAL_SECRET; extract .data.ticket with jq externally" }, { "command": "ai-gateway run health-control --command block-internet --agent-id kodachi-claw --agent-token $KODACHI_AGENT_TOKEN_KODACHI_CLAW --approval-ticket \"$TICKET\" --json", "description": "Agent executes command using identity + approval workflow", "expectedOutput": "Execution gated by identity policy, rate limit, and ticket verification", "notes": "Without valid ticket, execution returns requires_approval" } ] } ], "quickReference": [ "sudo ai-gateway --help", "sudo ai-gateway --version", "sudo ai-gateway --info --json", "sudo ai-gateway --examples --json" ] }, "errors": [], "warnings": [], "metadata": { "executionTime": 0, "hostname": "Boardroom-System", "user": "kodachi" } } } }