si is an AI-first CLI for orchestrating coding agents, provider bridges, and secure runtime workflows.
Quick links: docs/index.mdx · docs/CLI_REFERENCE.md · docs/VAULT.md · docs/RELEASING.md
- Codex containers: profile-scoped lifecycle under
si codex(profile,spawn,status,shell,report,clone,remove,respawn). - Vault: encrypted dotenv workflows with trust/recipient checks and secure command injection.
- Provider orbits: first-party integrations under
si orbit <provider> ...for Stripe, GitHub, Cloudflare, Google (Places/Play/YouTube), Apple, WorkOS, AWS, GCP, OpenAI, and OCI. - Browser runtime: Dockerized Playwright MCP runtime (
si browser ...). - Docs workflow: Mintlify wrapper (
si mintlify ...) to bootstrap and maintain docs locally.
rust/: primary Rust workspace and shipping CLI implementation.tools/si-browser: browser runtime Docker assets.tools/si-image: unified runtime image used by codex and runtime-side tooling.docs/: Markdown + Mintlify docs content.
Use one of these install paths:
# npm (global launcher package)
npm install -g @aureuma/si
# Homebrew
brew install aureuma/si/siHomebrew uses user/repo/formula for external taps, so brew install aureuma/si is not a valid formula path.
Direct source install remains available:
cargo run --quiet --locked -p si-rs-cli -- build installer run --forcePrerequisites:
- Docker Engine available on host.
- Latest stable Rust toolchain for local source builds.
si-rsis the runtime entrypoint.
Build local CLI + runtime image:
# host build (Rust-primary CLI)
cd /path/to/si
cargo build --release --locked --bin si-rs
# runtime image for codex
./.artifacts/cargo-target/release/si-rs build imageFast local iteration:
si build self check --timings
si build self --timingsCodex lifecycle:
./si codex spawn --profile <profile> --workspace "$PWD"
./si codex list
./si codex shell --profile <profile> -- bash
./si codex tail --profile <profile>
./si codex remove --profile <profile>Browser runtime:
./si browser build
./si browser start
./si browser status
./si browser logs --follow
./si browser stopWhen running, SI-managed codex containers auto-register MCP server si_browser
to the browser runtime endpoint on the shared Docker network.
Mintlify docs tooling:
./si mintlify init --repo . --docs-dir docs --site-url https://docs.si.aureuma.ai --force
./si mintlify validate
./si mintlify devsi codex ...: agent runtime operations.si vault ...: secure secret workflows.si orbit ...: provider bridges and provider capability inventory.si browser ...: Playwright MCP browser runtime.si mintlify ...: docs site bootstrap/validation/dev wrappers.si build ...: local image + self-build workflows.
Full command surface: run si --help and command-specific help (si <command> --help).
Run module tests:
cargo run --quiet --locked --manifest-path rust/crates/si-tools/Cargo.toml --bin si-test-runner -- workspaceRun the staged Rust workspace checks:
cargo fmt --check
cargo clippy --workspace --all-targets -- -D warnings
cargo test --workspaceRun installer smoke tests:
cargo run --quiet --locked -p si-rs-cli -- build installer smoke-host
cargo run --quiet --locked -p si-rs-cli -- build installer smoke-dockerRun strict vault-focused tests:
cargo run --quiet --locked --manifest-path rust/crates/si-tools/Cargo.toml --bin si-test-runner -- vaultRun the full local test stack in one command:
cargo run --quiet --locked --manifest-path rust/crates/si-tools/Cargo.toml --bin si-test-runner -- allRun the Rust host matrix for the direct si/fort/surf chain:
cargo run --quiet --locked --manifest-path rust/crates/si-tools/Cargo.toml --bin si-rust-host-matrix --Scenario coverage and expected behavior are documented in docs/HOST_TEST_MATRIX.md.
Run static analysis:
./si analyzeRelease process and runbook:
Published GitHub Releases automatically include multi-arch CLI archives for:
- Linux (
amd64,arm64,armv7) - macOS (
amd64,arm64)
Local preflight command:
./.artifacts/cargo-target/release/si-rs build self assets --version vX.Y.Z --out-dir .artifacts/release-preflight./.artifacts/cargo-target/release/si-rs build npm vault --version vX.Y.Z(vault key:NPM_GAT_AUREUMA_VANGUARDA)
This repository is licensed under GNU Affero General Public License v3.0 (AGPL-3.0).
See LICENSE.