CLI Reference
This page is the fast orientation guide forsi.
For a full categorized list, use Command Reference.
Command discovery pattern
CLI color system
SI text output uses a small semantic palette instead of per-command ad hoc colors:| Role | Meaning | Color |
|---|---|---|
| Section headings | usage blocks, help sections, command-group titles | cyan |
| Commands and examples | command names, runnable examples, selected profiles | magenta |
| Flags and operator prompts | options, warnings, confirmation prompts | yellow |
| Labels | key=value keys, field names, probe labels | blue |
| Success | ready, ok, warmed, healthy state | green |
| Warning | degraded or operator-attention state | yellow |
| Error | failed, invalid, destructive/error state | red |
| Muted | indexes, separators, filler text | gray |
- JSON output stays uncolored.
- Text output uses the semantic palette above when color is enabled.
si --helpand nested--helpoutput use the same palette as runtime text output.
SI_CLI_COLOR=always: force color even when stdout is not a TTYSI_CLI_COLOR=auto: default behaviorSI_CLI_COLOR=never: disable CLI colorsNO_COLOR=1: disable CLI colors
Top-level command families
| Domain | Commands |
|---|---|
| Runtime and orchestration | si codex, si surf, si viva |
| Secrets and context | si vault (si creds), si fort, si settings |
| Third-party integrations | Use the standalone orbit <provider> ... CLI from Aureuma/orbit; si image remains in SI for image bridge workflows. |
| Build and release | si build, si commands, si version, si help |
High-signal workflows
Runtime setup
Viva tunnel via SI wrapper
Integration readiness
Fort runtime secret check
Release preflight
si build self assetsdefaults to the canonical SI workspace version from rootCargo.toml.- For SI itself, release tags come from that same repo-wide version and only minor releases are tagged/published.
orbit github release createnow verifies the remote tag first.- When the tag is missing, pass
--target <sha>and SI will create the git tag ref before creating the release. - For draft releases, GitHub may still return an
untagged-...HTML URL until publish; verify withtag_nameandgit ls-remote --tags.
Faster Rust iteration
si build selfnow reuses.artifacts/cargo-target/self-buildby default for faster rebuilds.si build self checkrunscargo checkagainst the SI CLI manifest without linking a release binary.si build selfand release-asset builds auto-usesccachewhen it is available onPATH.- Keep SI’s
.artifacts/cargo-targetwarm during active development. Prune it only when artifacts are older than 14 days or when root disk pressure requires immediate recovery; clear repo target directories before clearingsccacheso cross-repo Rust rebuilds stay fast.
Safety guidance
- On host/admin flows, use
si fort run -- <command>when secrets are required. - For SI runtime workers, use
si fort ...for secret access. si fortwrapper passes explicit Fort file-path auth flags for the managed Codex profile session underCODEX_HOME/fort/; caller-suppliedFORT_TOKEN_PATH/FORT_REFRESH_TOKEN_PATHvalues are not normal runtime fallbacks.- Runtime secret commands fail loudly when no usable runtime Fort session exists; bootstrap/admin token files are only for explicit admin/provisioning commands.
- If a flag belongs to the native
fortCLI, pass it after--(example:si fort -- --host https://fort.aureuma.ai doctor). - Prefer
--jsonfor automation and auditability. - Run
doctorcommands before mutating production systems. - Keep command docs aligned with
si --helpandsi help --format json.orbit github release createnow follows the checkout-first default path more closely: - omit the repo argument inside a GitHub checkout and SI infers it from
origin - use
-R, --repo <owner/repo>when you need an explicit override - omit
--titleto reuse the release tag as the title