Changelog

pentest-agent: A CLI Built for AI Agents

How we built a command-line interface that lets coding agents like OpenClaw and Claude Code run full penetration tests autonomously.

March 10, 2026

Security testing has always been a human-in-the-loop process. Even with RedVeil automating the pentest itself, someone still had to open the dashboard, click buttons, and shepherd results through triage. We kept hearing the same thing from teams using AI coding agents: "My agent can write the fix — why can't it run the test too?"

Today we're releasing pentest-agent, a CLI interface that gives AI agents like OpenClaw and Claude Code full, programmatic control over the RedVeil platform. Create a project, kick off a scan, triage findings, generate a report — all from a single terminal session, no browser required.

npm install -g pentest-agent

Why a CLI for agents?

AI coding agents are becoming the first line of defense in development workflows. They review pull requests, refactor code, and resolve tickets. But when it comes to security, they hit a wall — there's no standard, scriptable way for an agent to say "test this app for vulnerabilities and tell me what to fix."

pentest-agent closes that gap. Every command emits structured JSON, follows predictable conventions, and works headlessly — exactly what an agent needs to operate without supervision.

What agents can do with it

A coding agent with access to pentest-agent can run a complete penetration test lifecycle:

  1. Authenticate — store a token via environment variable or the device auth flow, no browser popup needed.
  2. Create a project — point at a web app, API, external network, or cloud account with a single command.
  3. Launch and monitor scans — start, pause, resume, cancel, or schedule scans and poll for status.
  4. Triage findings — list vulnerabilities, inspect evidence, mark false positives with justification, or kick off retests.
  5. Generate reports — produce executive, technical, or compliance PDFs and download them programmatically.
  6. Track usage — estimate ops cost before scanning and verify budget availability.

Here's what a full autonomous workflow looks like:

export REDVEIL_TOKEN="$REDVEIL_SECRET"
 
PROJECT=$(pentest-agent project create webapp \
  --name "Acme App" \
  --target https://app.acme.com \
  --auth-type bearer \
  --bearer-token @/secrets/bearer.txt \
  --json)
PROJECT_ID=$(echo "$PROJECT" | jq -r '._id')
 
pentest-agent scan start "$PROJECT_ID"
pentest-agent scan status "$PROJECT_ID" --json
 
pentest-agent finding list "$PROJECT_ID" --json
pentest-agent report generate --project "$PROJECT_ID" --type executive_pdf --json

An agent can parse every response, decide what to do next, and keep going — no human in the loop.

Drop it into your pipeline

pentest-agent was built for headless environments from day one. Authenticate and let your pipeline do the rest.

A GitHub Actions step might look like this:

- name: Security scan
  env:
    REDVEIL_TOKEN: ${{ secrets.REDVEIL_TOKEN }}
  run: |
    npx pentest-agent scan start "$PROJECT_ID"
    STATUS=$(npx pentest-agent scan status "$PROJECT_ID" --json | jq -r '.scanStatus')
    while [ "$STATUS" = "running" ]; do
      sleep 30
      STATUS=$(npx pentest-agent scan status "$PROJECT_ID" --json | jq -r '.scanStatus')
    done
    CRITICAL=$(npx pentest-agent finding list "$PROJECT_ID" --json | jq '[.[] | select(.severity >= 9)] | length')
    if [ "$CRITICAL" -gt 0 ]; then
      echo "::error::$CRITICAL critical findings detected"
      exit 1
    fi

Wire it into any CI system — GitHub Actions, GitLab CI, Jenkins, CircleCI — and you get a security gate that blocks deploys when critical vulnerabilities appear, with zero manual intervention.

Designed for machines, usable by humans

While agents are the primary audience, pentest-agent is a first-class CLI for humans too. When it detects a TTY, it renders aligned ASCII tables and human-friendly output. Pipe it or pass --json, and you get structured data instead. Both modes work with the same commands.

What this unlocks

With pentest-agent in the toolchain, we're seeing teams wire up workflows that weren't possible before:

  • Agent-initiated security gates — a coding agent runs a pentest after merging a feature branch, blocks the deploy if critical findings appear, and opens fix PRs automatically.
  • Continuous retesting — after an agent remediates a vulnerability, it calls finding retest to verify the fix without waiting for a human to click a button.
  • Scheduled compliance runs — cron-triggered scans that generate attestation reports and push them to a shared drive, fully unattended.
  • Cost-aware scanning — agents call usage estimate-project and usage check before starting a scan, avoiding surprise overages.

Get started

Install globally from npm:

npm install -g pentest-agent

Or run without installing:

npx pentest-agent --help

Authenticate and run your first scan in under a minute:

pentest-agent auth login
pentest-agent project create webapp \
  --name "My App" \
  --target https://myapp.com \
  --auth-type none
pentest-agent scan start <projectId>

Full documentation lives at docs.redveil.ai and in the CLI reference.

What's next

We're working on deeper integration with CI/CD platforms, and evolving our cli to let agents react to scan events in real time. If you're building agent-driven security workflows, we'd love to hear what you need — reach out at info@redveil.ai.

Previous

Cloud Security Testing: AWS, GCP & Azure

Next

No next update