# OpenCLI Agent Pack: Syft

Use this when an AI agent needs to work with `syft`.

## What this CLI is for
The official CLI from Anchore. SBOMs, package inventory, and supply chain from the terminal. Supports structured output — good for scripts and agents.

Best for: sboms, package inventory, and supply chain from the terminal.

## Agent readiness
Great for agents (75/100)
- Structured output is available for parsing.
- Supports non-interactive/scripted use.
- Works well in CI or repeatable automation.

## Install
```sh
brew install syft
```

## Verify before real work
```sh
syft --version
```
Expected signal: syft responds locally and is ready for the first real command.

## Safe starting commands
```sh
syft --version
```

```sh
syft dir:.
```

## Guardrails for agents
- Run the verify command first.
- Summarize findings before taking actions with side effects.

## Suggested agent instruction
You may use Syft (`syft`) for sboms, package inventory, and supply chain from the terminal.. First install it if missing, then run the verify command. Start with read-only or inspection commands. Summarize what you found before changing anything. Ask for confirmation before commands that mutate remote state, spend money, deploy, delete data, merge code, or expose secrets.

Source: OpenCLI