Earl

AI-safe CLI for AI agents. Earl sits between your agent and external services, ensuring secrets stay in the OS keychain, requests follow reviewed templates, and outbound traffic obeys egress rules.

Why

AI agents with shell or network access can read secrets in plaintext and make arbitrary API calls. Earl eliminates that risk:

• Agents run earl call provider.command --param value instead of raw curl
• Secrets are stored in the OS keychain and injected at request time
• Every request is defined by an HCL template that can be reviewed ahead of time
• Outbound traffic is restricted via [[network.allow]] egress rules
• Private IPs are blocked to prevent SSRF
• Bash and SQL execution runs in a sandbox

Install

cargo install earl

Or use the installer scripts:

# macOS / Linux
curl -fsSL https://raw.githubusercontent.com/brwse/earl/main/scripts/install.sh | bash

# Windows (PowerShell)
irm https://raw.githubusercontent.com/brwse/earl/main/scripts/install.ps1 | iex

Quick start

# Import a template
earl templates import ./examples/bash/system.hcl

# Call a command defined in the template
earl call system.disk_usage --path /tmp

Templates are HCL files that define commands, parameters, and protocol operations:

version = 1
provider = "system"

command "disk_usage" {
  title       = "Check disk usage"
  summary     = "Reports disk usage for a given path"
  description = "Runs du -sh in a sandboxed bash environment."

  param "path" {
    type     = "string"
    required = true
  }

  operation {
    protocol = "bash"

    bash {
      script = "du -sh {{ args.path }}"
      sandbox {
        network = false
      }
    }
  }
}

Documentation

Full docs at brwse.github.io/earl/docs:

Quick Start · Security Model · Templates · Configuration · MCP Integration · CLI Reference

License

MIT