Harper is an AI agent that provides a unified interface to multiple AI providers (OpenAI, Sambanova, Gemini), with persistent chat sessions, command execution, MCP support, and SQLite-backed storage.
This guide describes practical, low-friction configuration choices that help keep Harper deployments safe, predictable, and easy to operate.
This document focuses on:
- Sensible defaults for credential handling
- Guardrails around command and file operations
- Clear, user-controlled behavior for potentially sensitive actions
No changes are required to core functionality, and all guidance is compatible with existing workflows.
The following areas benefit from explicit configuration to ensure predictable behavior:
- API credentials — Prevent accidental disclosure
- Command execution — Keep system access intentional
- File operations — Avoid unintended file access
- Session handling — Maintain isolation between runs
These are not flaws, but natural considerations for tools that interact with external systems.
- Use environment variables for all API keys
- Keep configuration files free of real secrets
- Ensure
.envfiles and the.harper/data directory are excluded from version control
This keeps credentials local to the runtime environment and easy to rotate.
- Require explicit user approval before running commands
- Reject shell metacharacters commonly associated with chaining or injection
- Keep execution scoped to the project workspace
This ensures commands are always intentional and observable.
- Validate file paths before access
- Default to the project directory
- Ask for confirmation on write operations
These checks reduce surprises while preserving flexibility.
- Keep sessions isolated
- Avoid sharing sensitive context across runs
- Prefer short-lived or encrypted storage for session data
This supports safe reuse without hidden coupling.
Harper includes a configurable Terminal UI (TUI) with theme support.
[ui]
theme = "dark" # default | dark | lightThemes affect:
- Background and foreground colors
- Message roles
- Borders and status indicators
UI customization is purely cosmetic and does not affect security behavior.
git clone https://github.com/harpertoken/harper.git
cd harper
cp config/env.example .env
# add API keys locally
cargo build --release
cargo run --releasedocker build -t harper .
docker run --rm -it \
-v "$(pwd)/data:/app/data" \
--env-file .env \
--read-only \
--tmpfs /tmp \
harperThese options favor clarity and containment without introducing operational complexity.
Harper prioritizes environment-based configuration for sensitive values and applies lightweight validation at runtime.
Harper uses GitHub Code Scanning with CodeQL to automatically find security vulnerabilities and errors in the codebase.
- Automated scans on pushes and PRs
- CodeQL analysis for Rust code
- SARIF reports for detailed findings
- Alert management in Security tab
- Public repositories on GitHub.com
- Organization repositories with GitHub Code Security
Code scanning analyzes the code to identify vulnerabilities and errors. Results appear as alerts in the repository's Security tab. GitHub Copilot Autofix may suggest fixes for detected issues.
Uses GitHub Actions minutes. Private repos require GitHub Code Security license.
- CodeQL: GitHub's primary analysis engine
- Third-party tools: Supported via SARIF upload
For setup details, see Configuring code scanning.