Skillget

zagi

agent
Security Audit
Fail
Health Pass
  • License — License: NOASSERTION
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Community trust — 274 GitHub stars
Code Fail
  • rm -rf — Recursive force deletion command in install.sh
  • spawnSync — Synchronous process spawning in server/src/index.ts
  • process.env — Environment variable access in server/src/index.ts
  • network request — Outbound network request in server/src/index.ts
  • process.env — Environment variable access in server/test/server.test.ts
  • network request — Outbound network request in server/test/server.test.ts
  • rm -rf — Recursive force deletion command in test/conformance.sh
Permissions Pass
  • Permissions — No dangerous permissions requested
Purpose
This tool is a command-line interface (CLI) wrapper for Git, written in Zig. It is designed specifically for AI agents, optimizing Git operations to save context window space and providing token-efficient output modes like JSON.

Security Assessment
The overall risk is rated as Medium. The tool actively accesses system environment variables and executes shell commands via synchronous process spawning, which is typical for a CLI application but requires standard caution. However, the audit raised a significant red flag: the installation script and test files contain `rm -rf` (recursive force deletion) commands. Additionally, the code initiates outbound network requests. While no hardcoded secrets or explicitly dangerous background permissions were found, piping a web script directly to the shell (`curl ... | sh`) combined with forceful deletion commands means users should carefully inspect what the installer does before execution.

Quality Assessment
The project appears to be actively maintained, with its last push occurring today. It has garnered 274 GitHub stars, indicating a healthy level of community trust and user adoption. The only notable drawback in this category is that its software license is marked as "NOASSERTION," meaning it lacks a clearly defined legal open-source license.

Verdict
Use with caution—while the project is active and popular, review the installation script carefully before executing it due to the presence of forceful deletion commands.
SUMMARY

better git cli for agents

README.md

zagi

a better git interface for agents

Why use zagi?

  • 121 git compatible commands
  • ~50% smaller output that doesn't overflow context windows
  • 1.5-2x faster than git in all implemented commands
  • Agent friendly features like fork and prompt
  • Three output modes: succinct (default), --compat (git-identical), --json
  • Git passthrough for non implemented commands

Installation

curl -fsSL zagi.sh/install | sh

This downloads the binary and sets up git as an alias to zagi. Restart your shell after installation.

From source

git clone https://github.com/mattzcarey/zagi.git
cd zagi
zig build -Doptimize=ReleaseFast
./zig-out/bin/zagi alias  # set up the alias

Usage

Use git as normal:

git status         # compact status
git log            # concise commit history
git diff           # minimal diff format
git add .          # confirms what was staged
git commit -m "x"  # shows commit stats

Any commands or flags not yet implemented in zagi pass through to git. zagi also comes with its own set of features for managing code written by agents.

Output modes

zagi has three output modes:

Succinct (default) — token-efficient output for agents:

git status
# branch: main
# staged: 2 files
#   A  src/new.ts
#   M  src/main.ts

Compat — identical to git CLI output:

git --compat status
git --compat log --oneline -5
git --compat diff --stat

JSON — structured output for machine parsing:

git --json status
# {"branch":"main","clean":false,"staged":[{"marker":"A","path":"src/new.ts"}],"modified":[],"untracked":[]}

git --json log -n 3
# [{"hash":"abc123f","date":"2025-01-15","author":"Alice","email":"[email protected]","subject":"Add feature"}]

git --json diff
# {"files":[{"path":"src/main.ts","insertions":5,"deletions":2}]}

Easy worktrees

zagi ships with a wrapper around worktrees called fork:

# Create named forks for different approaches your agent could take
git fork nodejs-based
git fork bun-based

# Work in each fork
cd .forks/nodejs-based
# ... make changes, commit ...

cd .forks/bun-based
# ... make changes, commit ...

# Compare results, then pick the winner
cd ../..
git fork                       # list forks with commit counts
git fork --pick bun-based      # merge fork into base (keeps both histories)
git fork --promote bun-based   # replace base with fork (discards base commits)

# Clean up
git fork --delete-all

Agent mode

Agent mode is automatically enabled when running inside AI tools (Claude Code, OpenCode, Cursor, Windsurf, VS Code). You can also enable it manually:

export ZAGI_AGENT=my-agent

This enables:

  • Prompt tracking: git commit --prompt records the user request that created the commit
  • AI attribution: Automatically detects and stores which AI agent made the commit
git commit -m "Add feature" --prompt "Add a logout button to the header"
git log --prompts   # view prompts
git log --agent     # view which AI agent made commits
git log --session   # view full session transcript (with pagination)

Metadata is stored in git notes (refs/notes/agent, refs/notes/prompt, refs/notes/session) which are local by default and don't affect commit history.

Guardrails

Opt-in protection against destructive commands (reset --hard, push --force, clean -f, etc.):

export ZAGI_GUARDRAILS=1
git reset --hard HEAD~1  # blocked!

To bypass guardrails, set an override secret:

git set-override pineapples
ZAGI_OVERRIDE=pineapples git reset --hard HEAD~1  # allowed

Environment variables

Variable Description Default
ZAGI_GUARDRAILS Block destructive git commands. Bypass with ZAGI_OVERRIDE. (unset)
ZAGI_OVERRIDE Bypass guardrails with the secret set via git set-override. (unset)
ZAGI_REQUIRE_PROMPT_COMMIT Require --prompt on commits in agent mode. (unset)
ZAGI_STRIP_COAUTHORS Strip Co-Authored-By: lines from commit messages. (unset)

Agent mode is automatically detected when running inside Claude Code (CLAUDECODE=1) or OpenCode (OPENCODE=1).

Strip co-authors

Remove Co-Authored-By: lines that AI tools like Claude Code add to commit messages:

export ZAGI_STRIP_COAUTHORS=1
git commit -m "Add feature

Co-Authored-By: Claude <[email protected]>"  # stripped automatically

Output comparison

Standard git log:

commit abc123f4567890def1234567890abcdef12345
Author: Alice Smith <[email protected]>
Date:   Mon Jan 15 14:32:21 2025 -0800

    Add user authentication system

zagi log:

abc123f (2025-01-15) Alice: Add user authentication system

Development

Requirements: Zig 0.15, Bun

zig build                           # build
zig build test                      # run zig tests
cd test && bun i && bun run test    # run integration tests
bash test/conformance.sh ./zig-out/bin/zagi  # run conformance tests

See AGENTS.md for contribution guidelines.

License

MIT

Reviews (0)

No results found