CLI Reference
Five commands you'll actually use
Most days, this is the whole CLI. Everything below exists for when you need it.
initrunner new: create a new agent role via conversational builderinitrunner run: run an agent from a YAML file, starter name, or ephemeral modeinitrunner setup: guided setup wizard for first-time configurationinitrunner doctor: check provider configuration, API keys, and connectivityinitrunner install: install a role from InitHub or an OCI registry
Path Resolution
All commands that accept a role path also accept a directory or an installed role name. Resolution order:
- If the path is a file, use it.
- If the path is a directory:
a. If
<dir>/role.yamlexists, use it. b. Otherwise scan top-level*.yaml/*.ymlfor files withapiVersion: initrunner/v1. c. Exactly one match is used; zero or multiple matches produce an error. - Otherwise, look up the name in the installed role registry (exact key, owner/name, or display name).
This means initrunner run . works from inside an agent directory, and initrunner run code-reviewer works after initrunner install alice/code-reviewer.
Full command reference
The full surface area, when you need it.
| Command | Description |
|---|---|
initrunner | Interactive menu (provider setup, quick chat, create agent) or --help for commands |
initrunner run [PATH] | Run an agent, daemon, server, or bot (auto-detects kind). No PATH starts ephemeral REPL. |
initrunner validate <PATH> | Validate a role, team, or flow definition |
initrunner new [description] | Create a new agent via conversational builder |
initrunner configure <PATH> | Switch the LLM provider/model for a role without editing YAML |
initrunner setup | Guided setup wizard (provider selection + test) |
initrunner ingest <PATH> | Ingest documents into vector store |
initrunner test <PATH> -s <suite> | Run a test suite against an agent |
initrunner dashboard | Launch web dashboard (requires [dashboard] extra) |
initrunner desktop | Launch dashboard in native window (requires [desktop] extra) |
initrunner examples list | List bundled examples |
initrunner examples show <name> | Preview an example with syntax highlighting |
initrunner examples copy <name> | Copy example files to current directory |
initrunner examples download | Download the full example catalog |
initrunner install <source> | Install a role from InitHub or OCI registry |
initrunner uninstall <name> | Remove an installed role |
initrunner search <query> | Search InitHub for agent packs |
initrunner info <source> | Inspect a role's metadata without installing |
initrunner list | List installed roles (with run commands) |
initrunner update [name] | Update installed role(s) to latest version |
initrunner doctor | Check provider configuration, API keys, and connectivity |
initrunner plugins | List discovered tool plugins |
initrunner audit prune | Prune old audit records |
initrunner audit export | Export audit records as JSON or CSV |
initrunner audit verify-chain | Verify the HMAC-signed audit chain (since v2026.4.15) |
initrunner audit security-events | Query the security-events audit table by type, agent, or limit (since v2026.4.16) |
initrunner pending | List tool-call approvals awaiting a decision (since v2026.4.17). See Approvals. |
initrunner approve RUN_ID | Resume a paused run by approving or denying its pending tool calls (since v2026.4.17) |
initrunner export agent-spec PATH | Export a role as a PydanticAI Agent Spec (since v2026.4.17). See Agent Spec Import & Export. |
initrunner vault init | Create a new encrypted credential vault (since v2026.4.15) |
initrunner vault set <NAME> [VALUE] | Store a credential (prompts for value when omitted) |
initrunner vault get <NAME> | Print a stored credential value |
initrunner vault list | List credential names (values are never printed) |
initrunner vault rm <NAME> | Remove a credential |
initrunner vault import [FILE] | Import credentials from .env or JSON (defaults to ~/.initrunner/.env) |
initrunner vault export --env|--json | Export the vault as dotenv or JSON |
initrunner vault rotate | Re-encrypt the vault under a new passphrase |
initrunner vault verify | Check that a passphrase decrypts the vault |
initrunner vault cache | Cache the passphrase in the OS keyring (requires [vault-keyring]) |
initrunner vault lock | Clear the cached passphrase from the keyring |
initrunner vault status | Show vault location, entry count, last modified, cache state |
initrunner cost report | Cost breakdown by agent with filters |
initrunner cost summary | High-level spend overview with time breakdowns |
initrunner cost by-model | Cost grouped by model and provider |
initrunner cost estimate <role.yaml> | Predict per-run cost from a role YAML |
initrunner memory clear <PATH> | Clear agent memory store |
initrunner memory export <PATH> | Export memories to JSON |
initrunner memory import <PATH> <file> | Import memories from JSON |
initrunner memory list <PATH> | List stored memories |
initrunner memory consolidate <PATH> | Run memory consolidation manually |
initrunner skill new [name] | Scaffold a new skill directory |
initrunner skill validate <path> | Validate a skill definition |
initrunner skill list | List available skills |
initrunner flow new <name> | Scaffold a new flow project from a pattern |
initrunner flow up <flow.yaml> | Run flow orchestration (foreground) |
initrunner flow validate <flow.yaml> | Validate a flow definition |
initrunner flow install <flow.yaml> | Install systemd user unit |
initrunner flow uninstall <name> | Remove systemd unit |
initrunner flow start <name> | Start systemd service |
initrunner flow stop <name> | Stop systemd service |
initrunner flow restart <name> | Restart systemd service |
initrunner flow status <name> | Show systemd service status |
initrunner flow logs <name> | Show journald logs |
initrunner flow events | Query delegate routing events |
initrunner mcp list-tools <PATH> | List tools from MCP servers in a role |
initrunner mcp serve <PATH>... | Expose agents as an MCP server |
initrunner a2a serve <PATH> | Expose an agent as an A2A server |
initrunner login | Log in to InitHub (browser auth) or OCI registry |
initrunner logout | Remove stored InitHub credentials |
initrunner whoami | Show current InitHub user |
initrunner publish [PATH] | Publish to InitHub (default) or OCI registry |
initrunner hub login | (deprecated) Authenticate with InitHub |
initrunner hub logout | (deprecated) Remove stored InitHub credentials |
initrunner hub whoami | (deprecated) Show current InitHub user |
initrunner hub search <QUERY> | (deprecated) Search InitHub for agent packs |
initrunner hub publish [PATH] | (deprecated) Publish an agent pack to InitHub |
initrunner hub info <PACKAGE> | (deprecated) Show InitHub package details |
initrunner --version | Print version |
PATH can be a role YAML file (
role.yaml,pdf-agent.yaml) or a directory containing one. See Path Resolution.
Global Options
| Flag | Description |
|---|---|
--version | Print version and exit |
--verbose | Enable debug logging |
Environment Variables
| Variable | Effect |
|---|---|
INITRUNNER_AUDIT_DB | Default audit database path (overridden by --audit-db) |
INITRUNNER_AUDIT_HMAC_KEY | 64-char hex HMAC key used to sign and verify the audit chain. Falls back to ~/.initrunner/audit_hmac.key. Required by audit verify-chain if no key file exists. |
INITRUNNER_VAULT_PASSPHRASE | Vault passphrase for non-interactive use (CI, scripts). Scrubbed from subprocess env. |
INITRUNNER_SKILL_DIR | Extra skill search directory (CLI --skill-dir takes precedence, but env dir is also searched) |
Run Options
Synopsis: initrunner run [PATH] [OPTIONS]
The PATH argument is optional — running with no PATH starts an ephemeral REPL (see Quickstart). When --sense is used, PATH is also optional. The run command auto-detects the YAML kind (Agent, Team, Flow) and dispatches accordingly. Mode flags (--daemon, --autopilot, --serve, --bot, --telegram, --discord) are mutually exclusive.
Since v2026.4.10, run performs pre-flight YAML schema validation before any skill resolution, model resolution, or API call. Errors render as a Rich panel with per-field paths, 1-based line/column numbers, and inline fix suggestions. flow up, flow install, and flow validate additionally walk every role referenced by spec.agents and prefix nested issues with agents.<name>. so you can tell which referenced file is broken.
In interactive terminals, run also prompts for a missing provider API key inline on first use and persists it to ~/.initrunner/.env (mode 0600) — no initrunner setup round-trip required. Non-interactive sessions (CI, piped stdin, redirected stdout) keep the original API key not found error and exit code 1.
| Flag | Description |
|---|---|
-p, --prompt TEXT | Single prompt to send |
--task TEXT | Alias for --prompt |
-i, --interactive | Interactive REPL mode |
-a, --autonomous | Autonomous agentic loop mode (requires -p) |
--daemon | Run in trigger-driven daemon mode |
--autopilot | Daemon mode with all triggers autonomous |
--serve | Serve agent as an OpenAI-compatible API |
--bot TEXT | Launch as a bot (telegram or discord) |
--telegram | Launch as a Telegram bot (ephemeral mode). |
--discord | Launch as a Discord bot (ephemeral mode). |
--provider TEXT | Model provider (overrides auto-detection). Used in ephemeral mode. |
--tool-profile TEXT | Tool profile: none, minimal (default), all. Used in ephemeral mode. |
--tools TEXT | Extra tool types to enable (repeatable). See Extra Tools. |
--ingest PATH | Paths or globs to ingest for document Q&A (repeatable). |
--memory / --no-memory | Enable or disable persistent memory (default: enabled in ephemeral mode). |
--list-tools | List available extra tool types and exit. |
--list | List available starter agents and exit. |
--save PATH | Save a starter agent to a local directory. |
--max-iterations N | Override max iterations for autonomous mode |
--token-budget N | Cumulative token budget across the run, including inline-delegated sub-agents. Overrides guardrails.run_token_budget for this invocation. Since v2026.5.1. See Guardrails. |
--resume | Resume the previous REPL session |
--dry-run | Simulate with TestModel (no API calls) |
--format TEXT | Output format: auto (default — stream on TTY, plain when piped), json (structured envelope with token counts and timing), text (stdout-only, stats to stderr), rich (buffered Markdown panel). |
--no-stream | Deprecated. Use --format rich instead. |
--host TEXT | Host to bind to (default: 127.0.0.1). Requires --serve. |
--port INT | Port to listen on (default: 8000). Requires --serve or --bot. |
--api-key TEXT | API key for Bearer token authentication. Requires --serve. |
--cors-origin TEXT | Allowed CORS origin (repeatable). Merged with security.server.cors_origins from role YAML. Requires --serve. |
--allowed-users TEXT | Restrict bot to these usernames (repeatable). Requires --bot, --telegram, or --discord. |
--allowed-user-ids TEXT | Restrict bot to these user IDs (repeatable). Requires --bot, --telegram, or --discord. |
--audit-db PATH | Custom audit database path |
--no-audit | Disable audit logging |
--skill-dir PATH | Extra skill search directory |
-A, --attach PATH_OR_URL | Attach file or URL (repeatable). Supports images, audio, video, and documents. Requires -p. See Multimodal Input. |
--report PATH | Export a markdown report to PATH after the run. See Report Export. |
--report-template TEXT | Report template: default, pr-review, changelog, ci-fix. Requires --report. |
--sense | Sense the best role for the given prompt (replaces PATH argument). |
--role-dir PATH | Directory to search for roles when using --sense. |
--confirm-role | Prompt to confirm the auto-selected role before running (requires a TTY). |
--budget-timezone TEXT | IANA timezone for daily/weekly budget resets (default: UTC). Valid with --daemon, --autopilot, --bot. |
--model TEXT | Model alias or provider:model (overrides role config). Env: INITRUNNER_MODEL. See Model Aliases. |
--explain-profiles | Display effective tool, trigger, and sandbox configuration for the role's security preset and exit. See Security Presets. |
--agent-spec PATH | Run a PydanticAI Agent Spec (YAML or JSON) as a transient role. Since v2026.4.17. See Agent Spec Import. |
--var KEY=VALUE | Value for a {{var}} template variable declared in spec.deps_schema. Repeatable. Single-shot mode only. Since v2026.4.17. See Configuration: Spec Deps Schema. |
Intent Sensing examples
# Let initrunner pick the best role for your task
initrunner run --sense -p "analyze this CSV and summarize"
# Search a specific directory for roles
initrunner run --sense --role-dir ./roles/ -p "search the web for AI news"
# Review the sensed role before running
initrunner run --sense --confirm-role -p "review my code for bugs"
# Dry-run: discover + score roles without any LLM calls
initrunner run --sense --dry-run -p "task description"Intent Sensing uses a two-pass strategy:
- Keyword/tag scoring — zero API calls. Selects confidently when one role clearly matches.
- LLM tiebreaker — compact call used only when the top two candidates are too close. Skipped when
--dry-runis set.
Set INITRUNNER_DEFAULT_MODEL to override the model used for the LLM tiebreaker (default: openai:gpt-4o-mini).
See Intent Sensing for the full algorithm reference, role tagging guide, and troubleshooting.
Combine flags: initrunner run role.yaml -p "Hello!" -i sends a prompt then continues interactively.
Note: Token budgets (
max_tokens_per_run,autonomous_token_budget, etc.) are set inspec.guardrailsin the role YAML. See Guardrails.
Team mode
When the role file has kind: Team, the run command executes in team mode — running each persona sequentially or in parallel. A prompt (--task or -p) is required. Interactive (-i) and autonomous (-a) modes are not supported for teams. See Team Mode.
Tool Profiles
Tool profiles control which tools are available in ephemeral and bot modes.
| Profile | Tools | Notes |
|---|---|---|
none | (none) | Safest — pure text chat, no tool access. |
minimal | datetime, web_reader | Default. Time awareness and web page reading. |
all | All tools from Extra Tools table | Includes shell, python, and slack — see Security. Requires env vars for slack. |
# Chat with no tools
initrunner run --tool-profile none
# Chat with every available tool
SLACK_WEBHOOK_URL="https://hooks.slack.com/..." initrunner run --tool-profile allExtra Tools
Use --tools to add individual tools on top of the selected profile, or use --tool-profile all to enable everything at once.
# Add slack to the default minimal profile
SLACK_WEBHOOK_URL="https://hooks.slack.com/..." initrunner run --telegram --tools slack
# Add multiple tools
initrunner run --tools git --tools shellDuplicates are ignored — --tool-profile all --tools search won't add search twice.
| Tool | Required env vars | Notes |
|---|---|---|
datetime | — | Time awareness (included in minimal). |
web_reader | — | Fetch and read web pages (included in minimal). |
search | — | Web search (included in all). |
python | — | Execute Python code (included in all). |
filesystem | — | Read-only filesystem access (included in all). |
slack | SLACK_WEBHOOK_URL | Send messages to a Slack channel. |
git | — | Read-only git operations in current directory. |
shell | — | Execute shell commands. |
Run initrunner run --list-tools to see this list from the CLI.
If a tool requires an environment variable that isn't set, the command exits immediately with an actionable error:
Error: Tool 'slack' requires SLACK_WEBHOOK_URL.
Export it or add it to your .env file:
export SLACK_WEBHOOK_URL=your-valueDocument Search (--ingest)
The --ingest flag gives you CLI-driven RAG with no YAML file. Point it at a directory and InitRunner chunks, embeds, and indexes the files, then registers search_documents() as a tool.
# Search your docs folder
initrunner run --ingest ./docs/
# Combine with tools
initrunner run --ingest ./docs/ --tool-profile all
# Combine with a bot
initrunner run --telegram --ingest ./knowledge-base/How it works:
- InitRunner resolves the path and globs for supported files.
- Files are chunked (paragraph strategy, 512 chars, 50 overlap).
- Chunks are embedded using the auto-detected provider.
- The
search_documents()tool is registered for the session.
Supported file types: .txt, .md, .rst, .csv, .json, .html. Install initrunner[ingest] for .pdf, .docx, and .xlsx.
Each --ingest invocation re-indexes the directory. Vectors are stored in a session-scoped database under ~/.initrunner/stores/.
Memory in Ephemeral Mode
Ephemeral mode has memory enabled by default. The agent remembers facts across turns within a session and can persist them across sessions.
initrunner run # memory on (default)
initrunner run --resume # resume last session
initrunner run --no-memory # disable memory entirelyWhen memory is enabled, ephemeral mode creates a lightweight memory store with semantic memory. The agent can use remember() and recall() to store and retrieve facts. --resume loads the most recent session for the auto-detected provider. --no-memory disables all memory — each conversation starts fresh.
Provider Auto-Detection
When --provider is not specified, InitRunner checks environment variables in this order:
| Priority | Provider | Environment Variable | Default Model |
|---|---|---|---|
| 1 | anthropic | ANTHROPIC_API_KEY | claude-sonnet-4-6 |
| 2 | openai | OPENAI_API_KEY | gpt-5-mini |
| 3 | GOOGLE_API_KEY | gemini-2.5-flash | |
| 4 | groq | GROQ_API_KEY | llama-4-scout-17b-16e |
| 5 | mistral | MISTRAL_API_KEY | mistral-large-latest |
| 6 | cohere | CO_API_KEY | command-a |
| 7 | ollama | (localhost:11434 reachable) | First available model or llama3.2 |
The first key found wins. Ollama is used as a fallback only when no API keys are set and Ollama is running locally.
# Force a specific provider
initrunner run --provider google
# Force both provider and model
initrunner run --provider openai --model gpt-5-miniEnvironment variables can also be set in ~/.initrunner/.env or a .env file in the current directory. Running initrunner setup writes the provider key there automatically.
Ephemeral Mode Security
- Tool profiles control agent capabilities. The
noneprofile is safest for untrusted environments. Theminimaldefault gives time and web reading. Theallprofile enables every tool includingpython,shell, andslack. allprofile includespythonandshell= full host access. Both tools can execute arbitrary code on the host. Never useallin public-facing bots without access control.--tools shellgrants shell access. Likepython, theshelltool allows arbitrary command execution. Only use it in trusted, local contexts.--tools slacksends messages to a real channel. The Slack webhook URL is a secret — treat it like a token.- Bot tokens are secrets. Store them in environment variables or
.envfiles. Never commit tokens to version control. - Ephemeral bots respond to everyone. Bot mode does not set
allowed_usersorallowed_rolesby default. - Daily token budget is a cost firewall. Bot mode defaults to 200,000 tokens/day. For production, tune
daemon_daily_token_budgetin your role'sspec.guardrails. - Use
role.yamlfor production bots. Ephemeral run shortcuts are for prototyping and personal use. Production bots should use a role file with explicit access control, token budgets, and tool configuration.
New Options
Synopsis: initrunner new [DESCRIPTION] [OPTIONS]
Create a new agent role via conversational builder. Seed modes are mutually exclusive.
| Flag | Description |
|---|---|
DESCRIPTION | Natural language description (generates via LLM) |
--from SOURCE | Source: local file path, bundled example name, or hub:ref |
--template TEXT | Start from a named template (basic, rag, daemon, memory, ollama, api, telegram, discord) |
--blank | Start from a minimal blank template |
--langchain PATH | Path to a LangChain Python file to import and convert |
--provider TEXT | Model provider (auto-detected if omitted) |
--model TEXT | Model name (uses provider default if omitted) |
--output PATH | Output file path (default: role.yaml) |
--force | Overwrite existing file without prompting |
--no-refine | Skip the interactive refinement loop |
--list-templates | List available role templates and exit |
Without any seed, starts an interactive conversation where the LLM asks what to build.
Examples
# Generate from description with interactive refinement
initrunner new "a code review bot that reads git diffs"
# Start from a template, skip refinement
initrunner new --template rag --no-refine
# Load from an example
initrunner new --from hello-world
# Blank template with specific provider
initrunner new --blank --provider anthropic
# Import a LangChain agent
initrunner new --langchain my_agent.py
# Fully interactive (no seed)
initrunner newSetup Options
| Flag | Description |
|---|---|
--provider TEXT | Provider (skip interactive selection) |
--name TEXT | Agent name (default: my-agent) |
--template TEXT | Template: chatbot, rag, memory, daemon |
--model TEXT | Model name. Uses provider default if omitted. |
--skip-test | Skip connectivity test |
--output PATH | Role output path (default: role.yaml) |
-y, --accept-risks | Accept security disclaimer without prompting |
--interfaces TEXT | Install interfaces: dashboard, desktop, both, skip |
See Setup Wizard for templates, non-interactive usage, and troubleshooting.
Configure Options
Synopsis: initrunner configure <PATH> [OPTIONS]
Switch the LLM provider and model for a role without editing YAML. In interactive mode (no flags), shows available providers and a model picker. In non-interactive mode, pass --provider and/or --model directly. For installed roles, overrides are stored in registry.json and survive hub updates and reinstalls — the installed YAML stays pristine.
| Flag | Description |
|---|---|
PATH | Role YAML file, directory, or installed role name |
--provider TEXT | Target provider (e.g. openai, anthropic, groq, ollama) |
--model TEXT | Target model name |
--reset | Remove provider override, revert to original |
Examples
# Interactive — pick provider and model from menus
initrunner configure role.yaml
# Non-interactive — set provider and model directly
initrunner configure role.yaml --provider anthropic --model claude-sonnet-4-6
# Configure an installed role by name
initrunner configure code-reviewer --provider groq
# Revert to the original provider/model
initrunner configure code-reviewer --resetPost-install adaptation: After
initrunner install, if the role requires an API key you don't have, the CLI offers one-step adaptation to a configured provider. Pass--yesto auto-adapt non-interactively.
Serve Options
The
servesubcommand was removed. Useinitrunner run <PATH> --serveinstead. See Run Options for the full flag list and API Server for endpoint details, streaming, multi-turn conversations, and usage examples.
Validate Options
Synopsis: initrunner validate <PATH> [OPTIONS]
| Flag | Description |
|---|---|
--explain | Print plain-language explanations of each config section (no LLM calls) |
Since v2026.4.10, initrunner validate produces the same Rich panel as the run pre-flight — severity labels, per-field paths, 1-based line/column for syntax errors, and inline fix hints. The success-table path is unchanged. For flows, flow validate walks every role file referenced by spec.agents and prefixes nested issues with agents.<name>. so you can tell which referenced file broke.
Doctor Options
| Flag | Description |
|---|---|
--quickstart | Run a smoke prompt to verify end-to-end connectivity |
--role PATH | Role file to test (loads its .env and uses it for --quickstart). Since v2026.4.12, also runs extended diagnostics (skills, custom tools, memory, triggers, MCP servers). |
--deep | Run active checks (MCP connectivity, full imports, DB open) instead of static-only analysis. Requires --role or --flow. Since v2026.4.12. |
--flow PATH | Validate a flow topology and run per-agent diagnostics on all referenced roles. Since v2026.4.12. |
--fix | Auto-repair detected issues (install missing extras, offer API key setup, repair config). Since v2026.4.12, also patches deprecated YAML fields in-place. |
--fix --yes | Auto-fix without confirmation prompts (CI-friendly) |
See Doctor for details.
Daemon Options
The
daemonsubcommand was removed. Useinitrunner run <PATH> --daemoninstead. See Run Options for the full flag list and Triggers for trigger configuration.
Hub Options
Synopsis: initrunner hub <command> [OPTIONS]
Manage agent packs on InitHub. The top-level login, logout, whoami, and publish commands are preferred; hub subcommands are deprecated but still work.
hub login
initrunner hub login # opens browser for device code authorization
initrunner hub login --token TEXT # pass a token directly (CI/headless environments)| Flag | Description |
|---|---|
--token TEXT | API token with publish scope. Skips browser-based device code flow. Use in CI or headless environments. |
Without --token, the CLI generates a one-time device code, opens the browser to approve it, and polls until authorization completes. The resulting token is stored locally for future commands.
hub publish
initrunner hub publish # publish from current directory
initrunner hub publish ./my-agent/ # publish from a path
initrunner hub publish role.yaml --readme README.md # attach a README| Flag | Description |
|---|---|
PATH | Role file or directory to publish (default: .) |
--readme PATH | README file to include with the package |
--repo-url TEXT | Repository URL for the package listing |
--category TEXT | Category slug (repeatable) |
Requires authentication (hub login) with a token that has publish scope.
hub search
initrunner hub search "code review"
initrunner hub search python --tag automation| Flag | Description |
|---|---|
QUERY | Search query (matches name, description, tags) |
--tag TEXT | Filter by tag (repeatable) |
hub info
initrunner hub info owner/package-name| Flag | Description |
|---|---|
PACKAGE | Package identifier (owner/name) |
Flow Subcommands
| Subcommand | Description |
|---|---|
flow new <name> | Scaffold a new flow project from a pattern |
flow up <file> | Start orchestration in foreground |
flow validate <file> | Validate flow definition |
flow install <file> | Install systemd user unit |
flow uninstall <name> | Remove systemd unit |
flow start <name> | Start systemd service |
flow stop <name> | Stop systemd service |
flow restart <name> | Restart systemd service |
flow status <name> | Show service status |
flow logs <name> | Show journald logs (-f to follow, -n for line count) |
flow events | Query delegate routing events |
See Flow for full multi-agent orchestration documentation.
Flow New Options
Synopsis: initrunner flow new <name> [OPTIONS]
Scaffold a new flow project with role files and flow.yaml. Three patterns are available: chain (linear chain), fan-out (dispatcher + parallel workers), and route (intake with sense-based routing).
| Flag | Description |
|---|---|
--pattern TEXT | Composition pattern: chain, fan-out, route (default: chain) |
--agents INT | Number of agents to generate (default varies by pattern) |
--shared-memory | Enable shared memory across agents |
--provider TEXT | Model provider for generated roles |
--model TEXT | Model name for generated roles |
--list-patterns | List available composition patterns and exit |
Flow Events Options
| Flag | Description |
|---|---|
--source TEXT | Filter by source agent |
--target TEXT | Filter by target agent |
--status TEXT | Filter by status (delivered, dropped, filtered, error) |
--run-id TEXT | Filter by source run ID |
--since TEXT | Start timestamp (ISO 8601) |
--until TEXT | End timestamp (ISO 8601) |
--limit INT | Max events to show (default: 100) |
--audit-db PATH | Path to audit database |
MCP List-Tools Options
Synopsis: initrunner mcp list-tools PATH [OPTIONS]
| Flag | Description |
|---|---|
--index INT | Target a specific MCP tool entry by 0-based index |
MCP Serve Options
Synopsis: initrunner mcp serve PATHS... [OPTIONS]
| Flag | Description |
|---|---|
--transport, -t TEXT | Transport: stdio, sse, streamable-http (default: stdio) |
--host TEXT | Host to bind to (default: 127.0.0.1) |
--port INT | Port to listen on (default: 8080) |
--server-name TEXT | MCP server name (default: initrunner) |
--pass-through | Also expose agent MCP tools directly |
--audit-db PATH | Custom audit database path |
--no-audit | Disable audit logging |
--skill-dir PATH | Extra skill search directory |
See MCP Gateway for transport details, client configuration, pass-through mode, and usage examples.
A2A Serve Options
Synopsis: initrunner a2a serve PATH [OPTIONS]
Expose an agent as an A2A (Agent-to-Agent) server using Google's open standard for cross-framework agent communication.
| Flag | Description |
|---|---|
PATH | Path to the role YAML file |
--host TEXT | Host to bind to (default: 127.0.0.1) |
--port INT | Port to listen on (default: 8000) |
--api-key TEXT | API key for Bearer token auth. When set, all endpoints except the agent card require Authorization: Bearer <key>. |
--cors-origin TEXT | Allowed CORS origin (repeatable) |
--audit-db PATH | Custom audit database path |
--no-audit | Disable audit logging |
--skill-dir PATH | Extra skill search directory |
--model TEXT | Model alias or provider:model override |
Requires the [a2a] install extra: uv pip install initrunner[a2a].
See A2A Server for agent cards, delegate configuration, and a comparison with --serve and mcp serve.
Vault Subcommands
Synopsis: initrunner vault <command> [OPTIONS]
Since v2026.4.15. Manages the local encrypted credential vault at ~/.initrunner/vault.enc (Fernet + scrypt). The credential resolver checks env vars first, then the vault, so existing api_key_env, token_env, and ${VAR} placeholders keep working without changes. Standard-provider keys resolved from the vault are injected into os.environ so SDK clients (OpenAI, Anthropic, Google) can find them.
Requires the [vault] install extra (or [vault-keyring] to cache the passphrase in your OS keyring): uv pip install initrunner[vault].
| Subcommand | Description |
|---|---|
init | Create a new vault. Prompts for a passphrase. |
set <NAME> [VALUE] | Store a credential. Prompts for the value (not echoed) when omitted. |
get <NAME> | Print a credential value to stdout. |
list | List credential names. Values are never printed. |
rm <NAME> | Remove a credential. |
import [FILE] | Import from a .env or JSON file. Defaults to ~/.initrunner/.env and offers to delete the source after a successful import. |
export --env|--json [--out PATH] | Export the vault as dotenv or JSON. Output files are written with mode 0600. |
rotate | Re-encrypt under a new passphrase. Updates the keyring cache when one was set. |
verify | Confirm a passphrase decrypts the vault without caching it. |
cache | Cache the passphrase in the OS keyring (requires [vault-keyring]). |
lock | Clear the keyring-cached passphrase. |
status | Show vault path, entry count, last-modified, and cache state. |
All commands accept --no-prompt to fail fast in non-interactive use. Pass the passphrase via INITRUNNER_VAULT_PASSPHRASE for CI. The variable is scrubbed from subprocess environments so it cannot leak to child processes.
# One-time setup
initrunner vault init
initrunner vault set OPENAI_API_KEY # prompts for value
initrunner vault import # pull from ~/.initrunner/.env
# Daily use; your existing roles keep working
initrunner run role.yaml -p "hello"
# CI use
INITRUNNER_VAULT_PASSPHRASE=$VAULT_PASS initrunner vault listApprovals Subcommands
Since v2026.4.17. See Approvals for the full walkthrough.
initrunner pending
Lists unresolved tool-call approvals across every run in the audit database.
initrunner pendingShows run_id, tool_call_id, tool name, agent name, timestamp, and the first slice of the arguments. Exits 0 with an empty-state message when nothing is pending.
initrunner approve
Synopsis: initrunner approve RUN_ID [OPTIONS]
Resumes a paused run. Every pending call on the run must end up with a decision before the run resumes — anything unresolved by --tool-call-id defaults to denied.
| Flag | Description |
|---|---|
RUN_ID | The paused run identifier (from pending or from the CLI resume hint). |
--all | Approve every pending tool call for the run. |
--tool-call-id ID | Decide only the named call. |
--deny | Invert the decision. Combine with --all or --tool-call-id. |
initrunner approve abc123 --all
initrunner approve abc123 --tool-call-id call_01HW9Q
initrunner approve abc123 --all --denyExport Agent Spec
Synopsis: initrunner export agent-spec PATH
Since v2026.4.17. Exports a role as a PydanticAI Agent Spec, writing <name>.agent-spec.yaml plus a companion .schema.json in the same directory. Fields outside the Agent Spec overlap (triggers, ingest, memory, skills, sinks, autonomy, reasoning, guardrails, security) are dropped with a warning table — export is lossy by design.
initrunner export agent-spec ./greeter/role.yamlSee Agent Spec Import & Export for the field mapping and round-trip guidance.
Audit Verify-Chain Options
Synopsis: initrunner audit verify-chain [OPTIONS]
Since v2026.4.15. Walks the HMAC-signed audit chain and reports any breaks. Exits non-zero on a missing key or a chain break.
| Flag | Description |
|---|---|
--audit-db PATH | Custom audit database path |
See Audit Trail: Tamper-Evident Chain for output fields, exit codes, and key storage.
Audit Security-Events Options
Synopsis: initrunner audit security-events [OPTIONS]
Since v2026.4.16. Queries the security_events audit table and renders the result as a Rich table. Use it to inspect sandboxed tool calls (sandbox.exec) and other security events the runtime logs.
| Flag | Description |
|---|---|
--event-type TYPE | Filter by event type (e.g. sandbox.exec) |
--agent NAME | Filter by agent name |
--limit N | Maximum rows to return (default: 50) |
--audit-db PATH | Custom audit database path |
# Every sandboxed tool call, most recent first
initrunner audit security-events --event-type sandbox.exec
# Just one agent's events
initrunner audit security-events --agent code-runner --limit 200Every sandboxed call emits a sandbox.exec record with backend, argv0, rc, and duration_ms, attributed to the role's agent name. See Runtime Sandbox: Audit.