Supply Chain Security

How the ReplayCI CLI protects your environment — dependency hygiene, network behavior, and build integrity.

Dependency profile

The @replayci/cli npm package has a minimal dependency footprint:

Direct dependencies

Package	Purpose
`yaml`	Parse `.replayci.yml` config files
`tsx`	TypeScript execution for the CLI bin shim
`openai`	OpenAI provider adapter
`@anthropic-ai/sdk`	Anthropic provider adapter
`@prisma/client`	Database client (optional, for `--persist`)
`prisma`	Schema management (optional, for `--persist`)
`pino`	Structured logging
`pino-pretty`	Human-readable log output (dev only)
`zod`	Schema validation

What's NOT included

No postinstall scripts — npm install never executes arbitrary code
No native binaries or node-gyp compilation
No telemetry or analytics collection
No background processes or daemons

Network behavior

The CLI makes zero network calls by default. Network access is opt-in:

Trigger	Destination	When
`--provider openai`	`api.openai.com`	Running live contracts against OpenAI
`--provider anthropic`	`api.anthropic.com`	Running live contracts against Anthropic
`REPLAYCI_API_KEY` set	`app.replayci.com`	Pushing results to hosted dashboard
`--provider recorded`	None	Replays from local fixtures — fully offline

Push is opt-in

Run results are only pushed to the ReplayCI API when REPLAYCI_API_KEY is set as an environment variable. Without it, all data stays local. The push destination can be overridden with REPLAYCI_API_URL for self-hosted deployments.

Push timeout

API push uses a 30-second AbortController timeout. If the push fails for any reason (network error, timeout, server error), the CLI warns to stderr but does not exit with an error code. Push failure never blocks your CI pipeline.

CI isolation (Lane A)

ReplayCI's two-lane CI system enforces strict isolation for merge-blocking tests:

Lane A (Hard Gate)

Uses --provider recorded only — no live API calls
Egress blocking via iptables (when running in container mode)
Deterministic corpus pinned via corpus_manifest_hash
No network access whatsoever

Lane B (Evidence Lane)

Allows live API calls for evidence collection
Results are advisory (annotate-by-default)
Shadow comparisons and drift detection run here
Never blocks merges

This separation ensures that your merge gate can never be affected by third-party API availability or network issues.

Package integrity

Lockfile

The package-lock.json is committed and pinned. npm ci (used in CI and production deploys) installs exact versions from the lockfile — no floating resolutions.

Published package contents

The npm package includes only what's specified in package.json "files":

bin/         — CLI entry point (replayci.mjs)
src/         — TypeScript source
packs/starter/ — Starter contract pack
tsconfig.json
tsconfig.container.json
artifacts/schema/

No test files, evidence artifacts, documentation, or development tooling is published.

No lifecycle scripts

The package defines no postinstall, preinstall, or install scripts. Installing @replayci/cli runs zero code beyond npm's own dependency resolution.

Container security

When running replay bundles in container mode, additional protections apply:

Control	Implementation
Bundle size limit	50 MiB maximum (GR-19)
Path traversal protection	All paths validated before extraction
Schema validation	Bundle manifest validated against expected schema
Non-root execution	Docker container runs as non-root user
Egress blocking	iptables rules block all outbound network access
Resource limits	Container CPU and memory limits enforced

Replay bundles are treated as hostile input (GR-19: Replay Bundle Hardening). Every field is validated, every path is sanitized, and every size is checked before processing.

Build and release

CI pipeline

Every commit runs through GitHub Actions:

Type check — TypeScript strict mode
Full test suite — 2400+ automated tests
SecurityGate verification — regression tests for secret scanning
Dashboard build — production build verification

Docker image

The production Docker image:

Based on an official Node.js image
Runs as non-root user
Includes only production dependencies
No development tools or test fixtures

What you can verify

Inspect the package before installing:
```
npm pack @replayci/cli --dry-run
```

Check for lifecycle scripts:

npm pkg get scripts.postinstall scripts.preinstall scripts.install

Audit dependencies:
```
npm audit --production
```
Run fully offline with recorded fixtures:
```
npx replayci --provider recorded
```
This makes zero network calls — verify with your network monitor.

Dependency profile​

Direct dependencies​

What's NOT included​

Network behavior​

Push is opt-in​

Push timeout​

CI isolation (Lane A)​

Lane A (Hard Gate)​

Lane B (Evidence Lane)​

Package integrity​

Lockfile​

Published package contents​

No lifecycle scripts​

Container security​

Build and release​

CI pipeline​

Docker image​

What you can verify​