Security Layer
CLI commands

callers

List and inspect AI tool caller profiles.

Security Layer auto-detects which AI tool triggered a command and applies the appropriate capability profile. The callers command lets you view these profiles.

Usage

sl callers list
sl callers profile <name>

Subcommands

callers list

Shows all configured AI tool callers with their detection rules and capabilities.

$ sl callers list

  claude-code (Claude Code)
    taint: OWNER
    capabilities: exec, file.read, file.write, web_fetch
    detect env: CLAUDE_CODE
    detect process: claude

  cursor (Cursor)
    taint: TRUSTED_CONTACT
    capabilities: exec, file.read, file.write
    detect env: CURSOR_SESSION
    detect process: cursor

callers profile <name>

Shows detailed information for a specific caller.

$ sl callers profile claude-code

  ID:           claude-code
  Display name: Claude Code
  Default taint: OWNER

  Capabilities:
    exec, file.read, file.write, web_fetch

  Detection:
    Environment: CLAUDE_CODE
    Process:     claude

Exit codes: 0 on success, 1 if the caller is unknown or the name argument is missing.

How detection works

When a command is intercepted (via shell shim or hook), Security Layer checks:

  1. Environment variables — Does the calling process have specific env vars set?
  2. Process name — Does the parent process match a known AI tool?

The detected caller determines which capability profile is applied.

See also

projects

Manage project directory trust rules.

setup

Auto-setup for Claude Code, Cursor, and other integrations.

On this page

UsageSubcommandscallers listcallers profile <name>How detection worksSee also