[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-1543":3},{"id":4,"name":5,"fullName":6,"owner":5,"repo":5,"description":7,"homepage":8,"htmlUrl":9,"language":10,"languages":9,"totalLinesOfCode":9,"stars":11,"forks":12,"watchers":13,"openIssues":13,"contributorsCount":14,"subscribersCount":14,"size":14,"stars1d":15,"stars7d":16,"stars30d":17,"stars90d":14,"forks30d":14,"starsTrendScore":16,"compositeScore":18,"rankGlobal":9,"rankLanguage":9,"license":19,"archived":20,"fork":20,"defaultBranch":21,"hasWiki":22,"hasPages":20,"topics":23,"createdAt":9,"pushedAt":9,"updatedAt":24,"readmeContent":25,"aiSummary":26,"trendingCount":14,"starSnapshotCount":14,"syncStatus":27,"lastSyncTime":28,"discoverSource":29},1543,"sigcli","sigcli\u002Fsigcli","The authentication CLI & Proxy for AI agents. Give agents access, not your credentials.","https:\u002F\u002Fsigcli.ai",null,"TypeScript",249,21,8,0,3,9,37,58.23,"MIT License",false,"main",true,[],"2026-06-12 04:00:10","# Sigcli\n\n**Sign in your way. AI works on your behalf.**\n\n\u003Cp align=\"center\">\n \u003Cimg src=\"website\u002Fpublic\u002Fdemo.gif\" alt=\"sig demo\" width=\"720\" \u002F>\n\u003C\u002Fp>\n\nAI agents need access to your work systems — Jira, wikis, calendars, internal APIs. But passing credentials through shell history, environment variables, and agent context windows is a security nightmare.\n\n**sig** handles browser SSO, encrypts credentials at rest, and injects them into any process — so your agents authenticate without ever seeing secrets.\n\n```bash\nnpm install -g @sigcli\u002Fcli\n```\n\n## Quick Start\n\n```bash\nsig init # create ~\u002F.sig\u002Fconfig.yaml\nsig login https:\u002F\u002Fjira.example.com # authenticate via browser SSO — once\n\n# now your AI agent can work on your behalf:\nsig request https:\u002F\u002Fjira.example.com\u002Frest\u002Fapi\u002F2\u002Fmyself\nsig request https:\u002F\u002Fjira.example.com\u002Frest\u002Fapi\u002F2\u002Fsearch --method POST --body '{\"jql\":\"assignee=currentUser()\"}'\n```\n\n## Why sig\n\n- **Browser SSO** — signs in through a real browser. Works with any website, any login flow.\n- **Encrypted at rest** — AES-256-GCM encryption. Every access is audit-logged.\n- **Declarative config** — define what to extract (cookies, localStorage, tokens) and how to apply them to requests.\n- **Multi-provider** — inject credentials from multiple systems in a single command.\n- **MITM proxy** — agents set `HTTP_PROXY` and credentials are injected transparently. Zero-trust.\n- **AI-native** — stable CLI with predictable exit codes and JSON output. Built for agents.\n\n## How It Works\n\n```\nYou log in once sig extracts & encrypts AI agent operates\nin your browser --> credentials locally --> on your behalf\n(any SSO\u002Flogin flow) (~\u002F.sig\u002Fcredentials\u002F) (sig request \u002F sig proxy)\n```\n\n**sig login** opens a browser, you log in normally (SSO, MFA, anything). sig extracts credentials based on `extract[]` rules, validates them against `validateUrl` (or detects login redirects), encrypts with AES-256-GCM, and stores locally. When your agent needs a request, `apply[]` rules inject credentials into HTTP headers, body, or query params.\n\n## Provider Configuration\n\nMost enterprise\u002FSSO sites work with zero config. Public sites need a bit more. Here's the progression from simple to advanced:\n\n### 1. Zero config (auto-provision)\n\nFor SSO-protected internal tools, just run:\n\n```bash\nsig login https:\u002F\u002Fjira.example.com\n```\n\nsig opens a real browser, you log in, and it writes config automatically:\n\n```yaml\n# ~\u002F.sig\u002Fconfig.yaml (auto-generated)\njira-example:\n domains:\n - jira.example.com\n entryUrl: https:\u002F\u002Fjira.example.com\u002F\n strategy: browser\n extract:\n - from: cookies\n as: session\n match: '*'\n apply:\n - in: header\n name: Cookie\n value: '${session}'\n```\n\n### 2. Public sites (`validateUrl`)\n\nPublic sites set tracking cookies to **all visitors**. sig can't tell auth cookies from junk using redirect detection alone. Add `validateUrl` pointing to a protected endpoint — sig probes it and accepts credentials only on 2xx:\n\n```yaml\nreddit:\n domains:\n - www.reddit.com\n - reddit.com\n entryUrl: https:\u002F\u002Fwww.reddit.com\u002F\n validateUrl: https:\u002F\u002Fwww.reddit.com\u002Fprefs\u002Ffriends\n strategy: browser\n extract:\n - from: cookies\n as: cookie\n match: '*'\n apply:\n - in: header\n name: Cookie\n value: '${cookie}'\n```\n\nsig validates extracted credentials against `validateUrl` — 401\u002F403 means not logged in, 2xx means success.\n\n| Site | validateUrl |\n| ----------- | ------------------------------------------------------ |\n| Reddit | `https:\u002F\u002Fwww.reddit.com\u002Fprefs\u002Ffriends` |\n| X (Twitter) | `https:\u002F\u002Fx.com\u002Fi\u002Fapi\u002F2\u002Fnotifications\u002Fall.json?count=1` |\n| LinkedIn | `https:\u002F\u002Fwww.linkedin.com\u002Fvoyager\u002Fapi\u002Fme` |\n| YouTube | `https:\u002F\u002Fwww.youtube.com\u002Faccount` |\n| V2EX | `https:\u002F\u002Fwww.v2ex.com\u002Fsettings` |\n| Zhihu | `https:\u002F\u002Fwww.zhihu.com\u002Fapi\u002Fv4\u002Fme` |\n\n### 3. Multiple domains\n\nSome sites use multiple domains (e.g. x.com migrated from twitter.com). List all domains so sig captures cookies from both:\n\n```yaml\nx:\n domains:\n - x.com\n - twitter.com\n entryUrl: https:\u002F\u002Fx.com\u002F\n validateUrl: https:\u002F\u002Fx.com\u002Fi\u002Fapi\u002F2\u002Fnotifications\u002Fall.json?count=1\n strategy: browser\n networkProxy: socks5:\u002F\u002F127.0.0.1:3333\n extract:\n - from: cookies\n as: cookie\n match: '*'\n - from: cookies\n as: ct0\n match: 'ct0'\n apply:\n - in: header\n name: Cookie\n value: '${cookie}'\n - in: header\n name: x-csrf-token\n value: '${ct0}'\n - in: header\n name: authorization\n value: 'Bearer AAAAAAAAAAAAAAAAAAAAANRILgAAAAAAnNwIzUejRCOuH5E6I8xnZz4puTs%3D1Zv7ttfk8LF81IUq16cHjhLTvJu4FA33AGWWjCpTnA'\n```\n\n### 4. localStorage extraction (advanced)\n\nSome apps store tokens in localStorage instead of cookies. Use `from: localStorage` with `match` (key pattern) and `jsonPath` (nested field):\n\n```yaml\napp-slack:\n domains:\n - your-org.enterprise.slack.com\n entryUrl: https:\u002F\u002Fapp.slack.com\u002Fclient\u002FYOUR_TEAM_ID\n strategy: browser\n extract:\n - from: cookies\n as: session\n match: '*'\n - from: localStorage\n as: xoxc-token\n match: localConfig_v2\n jsonPath: teams.YOUR_TEAM_ID.token\n apply:\n - in: header\n name: Cookie\n value: '${session}'\n - in: header\n name: Authorization\n value: 'Bearer ${xoxc-token}'\n```\n\nFull guide with debugging tips at **[sigcli.ai](https:\u002F\u002Fsigcli.ai)**.\n\n## AI Agent Skills\n\nPre-built Python scripts that let AI agents operate 14+ web services — email, chat, forums, video platforms, social networks, and more. Each skill includes scripts + documentation that agents read and execute autonomously.\n\n\u003Cp align=\"center\">\n \u003Cimg src=\"pitch\u002Fx-demo.gif\" alt=\"X (Twitter) skill: search and reply from your terminal\" width=\"720\" \u002F>\n\u003C\u002Fp>\n\nInstall skills to your coding agent (Claude Code, Cursor, Windsurf, Cline):\n\n```bash\nnpx @sigcli\u002Fskills # install skills to your coding agent\n```\n\nSee the [full skills catalog](skills\u002FREADME.md) for details.\n\n## Documentation\n\nFull docs, configuration, SDK, and AI agent integration guide at **[sigcli.ai](https:\u002F\u002Fsigcli.ai)**.\n\n## License\n\n[MIT](LICENSE)\n","sigcli 是一个用于AI代理的身份验证命令行工具和代理,旨在让AI代理能够访问工作系统而无需直接暴露用户凭证。它通过浏览器SSO登录来获取并加密存储凭证,使用AES-256-GCM算法确保安全,并支持将这些凭证注入到任何进程中,从而实现无缝且安全的认证过程。其核心功能包括多提供商支持、中间人代理设置以及针对AI应用优化的CLI设计。适用于需要与Jira、内部API等系统交互但又希望保持高安全标准的场景中,特别适合开发人员及团队在构建涉及敏感数据处理的自动化流程时使用。",2,"2026-06-11 02:44:36","CREATED_QUERY"]