Command Reference
Use this page as the canonical command map forsi.
Command discovery workflow
Core runtime commands
| Command family | Primary purpose | Major subcommands | Detailed guide |
|---|---|---|---|
si codex | Manage profile-bound Codex containers and profile registry state | profile, spawn, remove, tail, shell, list, tmux, warmup, respawn | CLI Reference |
si vault (si creds) | Encrypt and inject dotenv secrets | keypair, status, check, hooks, encrypt, decrypt, restore, set, unset, get, list, run, docker exec | Vault |
si fort | Wrapper for hosted Fort policy/auth API (runtime secret access path) | doctor, auth, get, set, list, batch-get, run, agent, config show, config set | Vault |
si surf | Dockerized Playwright MCP runtime | build, start, status, logs, proxy | Browser |
si viva | Manage Viva runtime and node helper commands | config, passthrough runtime helpers | CLI Reference |
si orbit | First-party provider orbit namespace | list, github, cloudflare, aws, gcp, google, openai, oci, stripe, workos, apple | Providers |
si image | Image provider and generation bridge | provider-specific image flows | Providers |
si settings | Show resolved SI settings | none | CLI Reference |
si commands | List visible SI root commands | list | CLI Reference |
Provider and integration command families
| Integration | Command family | Typical first checks | Detailed guide |
|---|---|---|---|
| GitHub | si orbit github ... | si orbit github auth status, si orbit github doctor, si orbit github project list Aureuma | GitHub |
| Cloudflare | si orbit cloudflare ... | si orbit cloudflare auth status, si orbit cloudflare doctor | Cloudflare |
| GCP + Gemini/Vertex | si orbit gcp ... | si orbit gcp auth status, si orbit gcp doctor | GCP |
| Google Places | si orbit google places ... | si orbit google places auth status, si orbit google places doctor | Google Places |
| Google Play | si orbit google play ... | si orbit google play auth status, si orbit google play doctor | Google Play |
| YouTube Data | si orbit google youtube ... | si orbit google youtube auth status, si orbit google youtube doctor | Google YouTube |
| AWS | si orbit aws ... | si orbit aws auth status, si orbit aws doctor | AWS |
| OpenAI | si orbit openai ... | si orbit openai auth status, si orbit openai doctor | OpenAI |
| OCI | si orbit oci ... | si orbit oci auth status, si orbit oci doctor | OCI |
| Stripe | si orbit stripe ... | si orbit stripe auth status, si orbit stripe doctor | Stripe |
| WorkOS | si orbit workos ... | si orbit workos auth status, si orbit workos doctor | WorkOS |
| Apple App Store Connect | si orbit apple store ... | si orbit apple store auth status, doctor | Apple App Store |
| Provider inventory | si orbit list | si orbit list, si orbit list --provider github --json | Providers |
Build, docs, and developer tooling
| Command family | Purpose | Typical usage |
|---|---|---|
si build image | Build local runtime image | si build image |
si build self | Build or upgrade si binary | si build self |
si build self check | Fast typecheck for the SI CLI | si build self check --timings |
si build self assets | Build all release archives + checksums.txt locally | si build self assets --version vX.Y.Z |
si commands | Show visible public root commands | si commands |
si settings | Inspect resolved settings | si settings |
Recommended operator workflows
1. New machine bootstrap
2. Integration readiness check
3. Release maintainer preflight
- Use
--target <sha>when creating a release for a tag that does not already exist on the remote. - SI creates the tag ref first in that case; if
--targetis omitted, release creation fails clearly.
Guardrails
- For host/admin automation, prefer
si vault run -- <cmd>when a command needs secrets. - For SI runtime containers, use
si fort ...for secret access. si fortbootstrap/admin auth is file-backed and prefers explicit--token-fileinjection from~/.si/fort/bootstrap/admin.tokenwhen present.- Pass native
fortflags after--when invoking through wrapper. - Run integration-specific
doctorcommands before write operations. - Run
si help --format jsonorsi commandswhen updating CLI docs.