Orisan
Orisan

Runbook

Install Scout and generate the review files.

This page is the operator path: install the alpha CLI, run it in a repository, verify the output, and hand the generated files to a reviewer.

Local CLI$
go install github.com/Orisan-org/orisan-scout/cmd/orisan@v0.1.0-alpha.4
orisan scout
$ orisan scout

AI coding agents configured in this repo can read broad repository context, execute shell commands, and change repository history through commit or push behavior. Review is required before approving AI agent use in this repository.

Orisan Scout completed: 4 findings (critical: 0, high: 3, medium: 1, low: 0, info: 0)
Reports written: orisan-scout-review.md, orisan-scout-review.json

Quick start

Defaults are intentionally boring.

repo

current directory

markdown

orisan-scout-review.md

json

orisan-scout-review.json

Explicit flags still work: orisan scout --repo . --markdown report.md --json report.json

GitHub repo v0.1.0-alpha.4 release Share feedback

Release assets

Download the alpha binary when Go install is not the right path.

The current public build is v0.1.0-alpha.4. Release artifacts include macOS, Linux, and Windows binaries with sha256 checksums.

macOS Apple Silicon

Open download

macOS Intel

Open download

All platforms

Open download

Run sequence

A four-step runbook for alpha testers.

1. Install

go install github.com/Orisan-org/orisan-scout/cmd/orisan@v0.1.0-alpha.4

2. Run

orisan scout

3. Inspect

Open orisan-scout-review.md and orisan-scout-review.json.

4. Share

Attach the files to the repo approval thread or security review ticket.

Files created

What to expect after a successful run.

orisan-scout-review.md

Markdown review packet for a human reviewer.

orisan-scout-review.json

Machine-readable evidence for automation or archival.

terminal summary

Counts and capability summary printed after each run.

report_body_sha256

Deterministic body hash included in Markdown and JSON.

git metadata

Commit SHA and dirty status when the repo is a git checkout.

payload stored: false

Findings store metadata and matched reasons, not source payloads.

Smoke tests

Validate the CLI before sending results around.

Clean repo

Run in an empty temp repo. Expected: 0 findings and the clean v0.1 summary.

Risk fixture

Add a repo-local MCP filesystem mount or shell server. Expected: READ or EXECUTE findings.

Instruction fixture

Add AGENTS.md with shell or auto-commit language. Expected: EXECUTE or CHANGE findings.

Explicit paths

orisan scout --repo . --markdown report.md --json report.json

Alpha feedback

Tell us whether the approval record is useful.

Do not share source code, secrets, or private reports unless your policy allows it. Finding count, usefulness, noise, and missing coverage are enough.

Share feedback

Scope

v0.1 checks repo-local MCP configs and repo-level agent instructions.

.mcp.json.cursor/mcp.json.vscode/mcp.jsonAGENTS.mdCLAUDE.md.github/copilot-instructions.md.cursor/rules.windsurf/.codex/.continue/

Troubleshooting

Common alpha issues.

command not found

Confirm your Go bin directory is on PATH, then re-run the install command.

private module error

Use the release assets from GitHub instead of go install.

non-git repo

Scout still runs; git metadata will be marked unavailable.

unexpected clean result

Confirm the relevant config or instruction file is repo-local and in v0.1 scope.