Package Exports
- @cruxy/cli
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@cruxy/cli) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
@cruxy/cli
An agentic coding CLI that plans, edits, tests, and ships from your terminal — powered by the Cruxy API.
Cruxy is a terminal-first coding agent that works directly in your repository — reading code, editing files, running commands, and verifying its own work, with an approval gate before anything touches disk.
Install
npm install -g @cruxy/cli
cruxy run "explain this codebase" # first run guides you through setupOn your first interactive run with no key, cruxy walks you through getting one,
validates it, and saves it to ~/.cruxy (owner-only) — no env var needed. You
can also run setup on demand:
cruxy login # set or replace your API key
cruxy init # key + a project CRUXY.md + a first run
export CRUXY_API_KEY=cxy_live_... # …or just use an env var (always wins)Features
- Onboarding — a guided first run (
cruxy login/cruxy initon demand): get a key, validate it live, and save it to~/.cruxy/credentials.json(0600) — never toconfig.json, the project, or env files. Keys resolve env → credentials store. Non-interactive runs stay fail-loud (CRUXY_E_AUTH_MISSING_KEY), never blocking on input. - Tools —
read_file,write_file,edit_file,glob,list_files,grep_files,run_command,git_status,apply_patch,search_codebase,list_skills,load_skill,create_pull_request. - Pull requests —
cruxy pr(and thecreate_pull_requesttool) turn the current changes into a PR: feature branch → conventional commit → push → open the PR, with a generated title/body, all behind the approval gate. GitHub ships first behind a swappableForgeProvider; the token is read fromGITHUB_TOKEN/GH_TOKEN/gh auth token(never stored). It never commits or pushes on a protected branch, never force-pushes, and never bypasses the commit/push hooks. - Codebase index — a local, incremental semantic index (
cruxy index) behind thesearch_codebasetool. Embeddings run on-device via fastembed (ONNX, bge-small-en-v1.5) with no network calls; the store is SQLite at.cruxy/index.db. Only changed files are re-embedded;.gitignore/.cruxyignoreare respected and secrets (.env*, keys) are never indexed. - Skills — reusable, task-specific instructions in a
SKILL.md(frontmatter + markdown), discovered vialist_skillsand pulled on demand withload_skill(progressive disclosure: only name + description are in context until a skill is loaded). Layered project > user > builtin, strictly validated, and never auto-executed. - Agent — streaming output, multi-turn interactive sessions, context
compaction, and awareness of git state and project instructions (
CRUXY.md). - Streaming render — flicker-free live output: a single in-place status line
(spinner while the model thinks / tools run), append-only committed text,
syntax-highlighted code fences, tool-call notes, and diffs drawn by the same
renderer as the approval prompt. Degrades cleanly: piped/CI output is plain
append-only text with zero ANSI (chrome on stderr),
NO_COLORdrops color, andCRUXY_NO_SPINNER=1stills the animation. - Plan mode (opt-in:
cruxy run --plan,/plan, oragent.planMode) — the agent proposes a structured, step-by-step plan; you approve it once, then it executes with live per-step status. Approving consents to the shape of the work — every action still passes the approval gate, and destructive/ungrantable actions always re-confirm even after approval. - Safety — a single approval gate with diff previews that fails closed; read-only tools never prompt; file access is confined to the project root; shell commands run bounded.
Interactive slash commands: /help, /clear, /compact, /reload, /exit.
For unattended runs, pass --yes to approve every action.
Codebase search
cruxy index # build / refresh the local index (.cruxy/index.db)
cruxy index --status # show what's indexed
cruxy index --force # re-embed every fileThe index refreshes itself lazily the first time the agent calls
search_codebase, so it works even without running cruxy index first. The
bge-small embedding model (~130 MB) downloads and caches on first use.
Skills
cruxy skills # list the resolved skill catalog
cruxy skills --status # show source directories and validation errorsAdd a skill by creating <name>/SKILL.md under .cruxy/skills/ (project) or
~/.cruxy/skills/ (user); shipped builtins are the lowest layer. See the
built-in using-skills skill for the authoring rules.
Pull requests
export GITHUB_TOKEN=ghp_... # or GH_TOKEN, or be logged in with `gh`
cruxy pr # generate + open a PR for the current changes
cruxy pr --base develop # target a specific base branch
cruxy pr --title "fix(cli): …" # override the generated title
cruxy pr --draft # open as a draftThe whole plan — branch, commit, and PR title/body — is shown for approval
before anything runs. On a protected branch (main/master/configured via
git.protectedBranches) cruxy branches off first; the base defaults to
git.defaultBase, then the repo's default branch, then main.
Checkpoints & rollback
Before an agent run's first file mutation, cruxy snapshots the working tree
(tracked + untracked non-ignored files; gitignored paths and the secrets
denylist are never captured). cruxy rollback undoes the whole run — creates,
edits, deletes — in one operation:
cruxy checkpoint list # saved checkpoints, newest first
cruxy rollback # restore the most recent checkpoint
cruxy rollback <id> # restore a specific oneRollback is destructive, so it previews exactly what will change (including
anything that changed outside the run — surfaced, never silently clobbered)
and always asks for approval; it cannot be session-granted and refuses to run
non-interactively (CRUXY_E_ROLLBACK_APPROVAL_REQUIRED).
In a git repo, snapshots go into the git object database via a temporary index
— HEAD, your index, the stash, and every ref are untouched, and nothing shows
up in git status. Outside a repo, a content-addressed shadow copy under
.cruxy/checkpoints/ is used. Retention is bounded (checkpoint.retention,
default 10; disable with checkpoint.enabled = false).
Boundary: checkpoints cover working-tree files only. Commits, pushes, and PRs made during a run are never undone — the rollback preview says so.
Errors & exit codes
Every user-facing error prints a title, the cause (when known), concrete next
steps, and a stable code (e.g. CRUXY_E_GATEWAY_UNREACHABLE). Pass --verbose
(or --log-level debug / DEBUG=1) to see the underlying error and stack;
NO_COLOR disables color. Exit codes are stable per category, so scripts can
branch on them:
| Exit | Category | Example codes |
|---|---|---|
0 |
success | — |
1 |
internal | CRUXY_E_INTERNAL |
2 |
usage | CRUXY_E_USAGE, CRUXY_E_CONFIG_KEY_UNKNOWN, CRUXY_E_PROVIDER_UNSUPPORTED, CRUXY_E_GIT_PROTECTED_BRANCH, CRUXY_E_PLAN_INVALID, CRUXY_E_PLAN_REVISION_LIMIT, CRUXY_E_CHECKPOINT_NOT_FOUND |
3 |
config | CRUXY_E_CONFIG_PARSE, CRUXY_E_CONFIG_INVALID |
4 |
auth | CRUXY_E_AUTH_MISSING_KEY, CRUXY_E_AUTH_INVALID, CRUXY_E_FORGE_AUTH |
5 |
network | CRUXY_E_GATEWAY_UNREACHABLE, CRUXY_E_GIT_PUSH_FAILED |
6 |
api | CRUXY_E_API, CRUXY_E_API_RATE_LIMIT, CRUXY_E_API_OVERLOADED, CRUXY_E_BUDGET_EXHAUSTED, CRUXY_E_FORGE_API |
7 |
filesystem | CRUXY_E_FILE_NOT_FOUND, CRUXY_E_PERMISSION_DENIED, CRUXY_E_PATH_ESCAPE, CRUXY_E_CHECKPOINT_FAILED |
8 |
index | CRUXY_E_INDEX_EMBEDDER_UNAVAILABLE, CRUXY_E_INDEX_STORE_UNAVAILABLE, CRUXY_E_INDEX_FAILED |
9 |
skill | CRUXY_E_SKILL_INVALID, CRUXY_E_SKILL_NOT_FOUND |
10 |
approval | CRUXY_E_APPROVAL_REQUIRED, CRUXY_E_PLAN_APPROVAL_REQUIRED, CRUXY_E_ROLLBACK_APPROVAL_REQUIRED |
The LLM client is @cruxy/sdk —
provider-agnostic, built over fetch, with no vendor SDKs.
License
MIT