Skip to main content

Command Reference

Use this page as the canonical command map for si.

Command discovery workflow

si --help
si help
si version
si <command> --help
si <command> <subcommand> --help
Color semantics for help and text-mode output are documented in CLI Reference. JSON output remains uncolored by design.

Core runtime commands

Command familyPrimary purposeMajor subcommandsDetailed guide
si codexManage profile-bound Codex workers and profile registry stateprofile, spawn, stop, remove, tail, shell, list, tmux, warmup, respawnCLI Reference
si vault (si creds)Encrypt and inject dotenv secretskeypair, status, check, hooks, encrypt, decrypt, restore, set, unset, get, list, runVault
si fortWrapper for hosted Fort policy/auth APIdoctor, auth, get, set, list, batch-get, run, agent, config show, config setVault
si surfLocal Playwright browser runtimebuild, start, status, logs, proxyBrowser
si vivaManage the Viva runtime wrapperconfig, passthrough runtime helpersCLI Reference
si imageImage provider and generation bridgeprovider-specific image flowsCLI Reference
si settingsShow resolved SI settingsnoneSettings
si doctorCheck fresh-machine distribution prerequisites--format jsonTesting
si commandsList visible SI root commandslistCLI Reference

Third-party integrations

Third-party API/provider command families moved to the standalone Aureuma/orbit repository and orbit <provider> ... CLI. SI no longer owns those command implementations or provider settings.

Integration ownership

IntegrationOwnership modeSI responsibilityOwning implementation
fortnative-wrapperResolve/build/run the Fort binary, mediate SI auth/session paths, and expose wrapper configfort repo
vivanative-wrapperResolve/build/run the Viva binary and manage SI wrapper/tunnel settingsviva repo
surfnative-wrapperResolve/build/run the Surf binary, set SI_SURF_WRAPPED=1, and manage SI wrapper settingssurf repo
imageinternal-si / provider bridgeKeep SI-owned image bridge commands in SISI repo
vaultinternal-si maintenanceMaintain SI Vault encryption/checking flows; prefer Fort for operator secret runtime workSI repo
third-party providersprovider-clientNo SI root command; use orbit <provider> ...orbit repo
first-party API clientsapi-client when presentThin CLI/request formatting only when SI explicitly owns the clientOwning service backend
catalog-only providersinventory-onlyDo not document as runnable SI command familiesOwning catalog/orbit data
If a standalone adjacent repo owns a stable CLI, add a root SI wrapper only for wrapper concerns. If a service exposes an HTTP API but no stable local CLI, keep business logic, schemas, billing/usage rules, and backend tests in the owning service.

Build, docs, and developer tooling

Command familyPurposeTypical usage
si build selfBuild or upgrade si binarysi build self
si build self checkFast typecheck for the SI CLIsi build self check --timings
si build self assetsBuild all release archives + checksums.txt locallysi build self assets --out-dir .artifacts/release-preflight
si commandsShow visible public root commandssi commands
si settingsInspect resolved settingssi settings

1. New machine bootstrap

si codex status
si build self
si build self check --timings
si vault status
si --help
si commands

2. Release maintainer preflight

si build self assets --out-dir .artifacts/release-preflight

Guardrails

  • Use si fort and si codex commands directly for task, worker, session, and run control.
  • For host/admin automation, prefer si fort run -- <cmd> when a command needs secrets.
  • For SI runtime workers, use si fort ... for secret access.
  • Pass native fort flags after -- when invoking through wrapper.
  • Run si help --format json or si commands when updating CLI docs.