CLI Command Reference
Global configuration
Config lives at ~/.entelligence/config.json (created automatically, permissions locked to 0600 — owner read/write only). It stores your API key, org UUID, and GitHub token as they're set via auth login and related commands.
Resolution order (highest priority first) for any credential: CLI flag → matching environment variable → value saved in the config file.
| Environment variable | Overrides | Notes |
|---|---|---|
ENTELLIGENCE_API_KEY | api_key in config | Alternative to entelligence auth login — set this for CI/non-interactive use |
ENTELLIGENCE_TOKEN | --token on review | Distinct from ENTELLIGENCE_API_KEY — used specifically by review's --token flag |
ENTELLIGENCE_ORG_UUID | org_uuid in config / --org-uuid | Also accepted by entelligence incident --org-uuid |
ENTELLIGENCE_ENDPOINT | --endpoint on review | API endpoint override, distinct from ENTELLIGENCE_BASE_URL below |
ENTELLIGENCE_BASE_URL | default API host | Production default: https://entelligence.ddbrief.com. Set to http://localhost:8000 for local backend development |
ENTELLIGENCE_APP_URL | default web app host | Used for the browser-based login flow. Default: https://app.entelligence.ai |
ENTELLIGENCE_GITHUB_TOKEN / GITHUB_TOKEN / GH_TOKEN | github_token in config | Checked in that order |
ENTELLIGENCE_NO_AUTO_UPDATE | — | Set to disable the daily auto-update check |
Auto-update also skips automatically in CI — detected via CI, GITHUB_ACTIONS, GITLAB_CI, BUILDKITE, JENKINS_URL, or TF_BUILD being set — and for editable/dev installs, where it prints a one-line notice instead of upgrading in place.
Exit codes: every command exits 1 on any failure (auth error, network error, git error, invalid input) and 0 on success — there's currently no distinct exit code to distinguish "ran fine, found issues" from "ran fine, found nothing." Script around output content (or --json where available) rather than the exit code alone if you need to branch on findings.
Auth
| Command | Description |
|---|---|
entelligence auth login | Authenticate — paste your API key, or opens a browser-based login against ENTELLIGENCE_APP_URL |
entelligence auth status | Show current authentication status |
entelligence auth logout | Clear stored credentials |
Review
Runs AI code review against your local git diff. See Reviewing from the CLI for a walkthrough.
| Flag | Default | Description |
|---|---|---|
--base-branch | main | Base branch to diff against |
--endpoint (env ENTELLIGENCE_ENDPOINT) | from config | Override the API endpoint for this run |
--token (env ENTELLIGENCE_TOKEN) | from config | Override the auth token for this run |
--org-uuid (env ENTELLIGENCE_ORG_UUID) | resolved server-side | Override the org UUID for this run |
--priority | medium | low / medium / high — how aggressively findings are surfaced |
--mode | verbose | concise / verbose |
--plain | off | Plain, detailed text output — no rich terminal formatting |
--prompt-only | off | Minimal, token-efficient output, meant for piping into another agent |
--repo-path | . | Path to the repo to review |
--committed-only | off | Force a committed-vs-base-branch diff instead of trying uncommitted changes first |
--textual | off | Experimental. Opens an interactive Textual file browser before reviewing |
--mock | off | Exercise the UI with fake data — no API call, useful for scripting/demos |
--debug | off | Print the raw request/response and write a log to ~/.entelligence/cli-debug.log |
entelligence review --priority high --mode verbose
entelligence review --committed-only --base-branch develop
entelligence review --prompt-only # feed straight into another agentdiff and status
| Command | Flags | Description |
|---|---|---|
entelligence diff | --file/-f <path> (required), --base-branch, --repo-path | Show the diff for a single file |
entelligence status | --base-branch, --repo-path | Repo and auth status summary |
Security
Vulnerability scanning for a connected repo. Every subcommand supports --json for scripting.
| Command | Flags | Description |
|---|---|---|
entelligence security scan <owner/repo> | --branch, --force, --wait (polls every 15s, up to 10 min), --json | Kick off a scan |
entelligence security status <scan_id> | --json | Check progress (scan_status, progress_percentage, current_step) |
entelligence security list [<owner/repo>] | --limit (20), --status-filter, --json | List recent scans |
entelligence security summary <scan_id> | --json | Score + severity breakdown |
entelligence security issues <scan_id> | --severity (repeatable), --type (repeatable), --file, --rule, --limit (50), --offset (0), --json | List individual findings, filterable |
entelligence security suggest <scan_id> <rule_key> <owner/repo> | --file, --json | Get a suggested fix for one finding |
entelligence security dashboard | --scan-id, --json | Current metrics, severity breakdown, vulnerability trend |
entelligence security scan acme/payments-service --wait
entelligence security issues <scan_id> --severity critical --severity high --jsonsecurity doesn't accept a global --org-uuid override — org is always resolved from your authenticated session.
Incident
AI-driven triage and remediation for recurring production error patterns ("Error Knowledge Units" / EKUs). See the /incident skill for an interactive workflow.
| Command | Flags | Description |
|---|---|---|
entelligence incident list | --status (active/dormant/all, default all), --repo, --verbose, --limit (50) | Ranked list of error patterns by severity, then frequency |
entelligence incident show <eku_id> | — | Root cause and recommended fix for one pattern |
entelligence incident logs <eku_id> | --limit (20), --full, --json | Raw, deduplicated production log samples |
entelligence incident fix <eku_id> --repo <org/name> | --watch (polls every 15s, up to 5 min), --yes/-y | Trigger an automated fix — opens a PR |
entelligence incident monitor | --phase, --repo, --verbose | List merged fixes currently being verified post-merge |
entelligence incident track <job_id> | --watch | Status of a fix job — classification, PR link, test results |
entelligence incident refresh | --verbose | Trigger a fresh monitoring sweep |
The whole group also accepts --org-uuid to target a specific org.
fix is a write action — it opens a PR against the repo you specify. Unless you pass --yes, it prints the pattern, severity, and repo, then prompts "Trigger Fix Now?" (defaults to No — you must explicitly confirm).
entelligence incident list --status active --repo acme/payments-service
entelligence incident fix EKU-1842 --repo acme/payments-service --watchInsights
Coding-agent usage analytics — see Agent Insights setup for the full walkthrough. Most subcommands are a thin passthrough to the open-source cinsights engine; sync and schedule are native to entelligence-cli.
| Command | Key flags | Description |
|---|---|---|
entelligence insights setup | --provider, --model, --base-url, --extra-headers, --digest, --validate | Configure the LLM used for local analysis. Omit provider/model to get an interactive prompt |
entelligence insights index | --source (local/entireio/phoenix), --hours (default 4380 ≈ 6 months), --force, -v | Index local session files — free, no LLM calls |
entelligence insights analyze | --limit (50), --concurrency (5), --min-score (0.0), --yes/-y, --tasks-only | Analyze indexed sessions. Prints a cost estimate and asks to confirm unless --yes |
entelligence insights digest project <name> | --days | Generate a project digest |
entelligence insights digest user <id> | --days | Generate a personal digest |
entelligence insights serve | — | Local web dashboard at http://localhost:8100 |
entelligence insights sync | --hours (168), --all, --no-index, --batch-size (100), --dry-run | Push locally-computed metrics to your org's Agent Insights dashboard |
entelligence insights schedule | --at HH:MM (default 09:00), --remove | Install/remove a daily job that runs insights sync automatically |
Naming gotcha: cinsights (the underlying open-source tool) has its own schedule install/status/uninstall subcommand for scheduling local index+analyze. When invoked through entelligence insights schedule, the literal word schedule is intercepted by Entelligence's own native command first — so entelligence insights schedule install does not behave like cinsights schedule install. Only --at and --remove are supported through the entelligence wrapper.
What gets synced, and what doesn't: insights sync only pushes pre-computed metrics — token counts, tool-call names and counts, efficiency scores. It explicitly excludes raw context blobs and never sends tool input/output (which could contain code, commands, or secrets).
entelligence insights setup
entelligence insights index --source local --hours 8760
entelligence insights sync --dry-run # see what would be pushed, without sending it
entelligence insights schedule --at 09:00Wrapped
| Command | Flags | Description |
|---|---|---|
entelligence wrapped | --days, --no-sync | Generate your personal year-in-review coding-agent summary |
Before anything is generated, prompts are redacted client-side: secrets matching AWS/OpenAI/GitHub/Slack key patterns, UUIDs, and long hex strings are stripped, each prompt is truncated to 500 characters, and the whole corpus is capped at 2,000 prompts / 500K characters. Only text you actually typed is used — never assistant responses or tool input/output. The backend re-redacts as a second layer of defense.
Troubleshooting
| Symptom | Cause | Fix |
|---|---|---|
entelligence auth status shows not authenticated | No API key in config or env | Run entelligence auth login, or set ENTELLIGENCE_API_KEY |
"No changes detected" on review | No uncommitted or committed diff found | Check git status; use --committed-only --base-branch <branch> if your changes are already committed |
| Base URL not switching to local dev | ENTELLIGENCE_BASE_URL not set / stale .env | export ENTELLIGENCE_BASE_URL=http://localhost:8000, or check .env in an editable install |
| Command hangs or times out | Network issue reaching the API | Re-run with --debug (on review) to see the raw request, and check ~/.entelligence/cli-debug.log |
| Config permission errors | Corrupted ~/.entelligence/config.json | rm ~/.entelligence/config.json && entelligence auth login |
| Changes to an editable/dev install aren't reflected | Stale install | uv tool uninstall entelligence-cli && make setup (from the CLI repo) |
Every command supports --help for the exact, current flag list on your installed version — e.g. entelligence review --help.