JSPM

  • Created
  • Published
  • Downloads 509
  • Score
    100M100P100Q117271F

Package Exports

  • @modelstatus/cli

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@modelstatus/cli) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

@modelstatus/cli

Track which AI models you use, where, and never get surprised by a retirement.

The free CLI + TUI for LLM Status — scans your repo for AI model usage (OpenAI, Anthropic, Google, Mistral, DeepSeek, xAI, Moonshot, Cohere, and dozens more) and joins it to a constantly-updated lifecycle registry so you find out before gpt-4 retires, not after.

npx @modelstatus/cli status

That's it. No sign-in, no account, and the scan runs entirely on your machine — you get a snapshot of every model in your repo plus health badges and replacement suggestions. (Anonymous usage analytics — event names + counts only, never code, model names, or paths — can be turned off anytime: mm config analytics off, or MM_NO_ANALYTICS=1.)

Install

Pick whichever fits your stack:

# Self-contained binary, no Node required (sha256 + signature verified by the installer):
curl -fsSL https://llmstatus.ai/install.sh | bash

# Homebrew (macOS + Linux):
brew install randomartifact/tap/modelstatus-cli

# Via npm (needs Node ≥18):
npm i -g @modelstatus/cli

Or skip install entirely and one-shot it: npx @modelstatus/cli status.

Quick start

Free: open the dashboard

mm [dir]                              # the full TUI — inventory · scan · what's new · alerts

Just run mm (optionally on a folder) for the interactive dashboard: it scans locally, shows every model in use with its health, and lets you fix the dying ones — no account needed.

Free: a one-shot health check (great for CI / pipes)

mm status [dir]                       # quick offline check, prints + exits
npx @modelstatus/cli status [dir]     # zero install (needs Node)

Pulls the signed registry snapshot from cdn.llmstatus.ai (Ed25519-signed, anti-rollback, ~225 kB), scans the directory, resolves every model id, and prints what you use along with its health:

LLM Status — registry 20260528T013239Z (today), 380 models
Scanned ./apps/web: 12 reference(s) → 6 model(s), 1 custom

Models in use:
  🔴 retired     openai/gpt-4-0314          retires 2024-06-13   → openai/gpt-4-1  (2)
  🟠 retiring    anthropic/claude-opus-4    retires 2026-06-15   → anthropic/claude-opus-4-7  (1)
  🟢 ok          openai/gpt-5                                                       (3)

⚠ 2 model(s) need attention before they retire.

Works fully offline after the first run (cached snapshot at ~/.config/llmstatus/registry-cache.json).

Free: fix the dying ones

mm fix [dir] --dry-run    # preview the rewrites
mm fix [dir]              # apply (asks first)

Rewrites deprecated/retiring model ids to their current registry replacement, in place. Boundary-safe (gpt-4 never rewrites inside gpt-4o), style-preserving (prefixed stays prefixed), and chain-aware — if the replacement is itself dying, it follows the chain to the first live model. In the TUI, press f for a red/green diff preview; nothing is written until you confirm.

Sign in for cloud features

mm login           # browser sign-in, polls for completion
mm scan            # scans + uploads to your account's inventory
mm                 # launches the TUI: inventory, scan, what's-new, alerts
mm upgrade         # Stripe checkout for Pro (alerting)

You get two binaries — mm (short) and llmstatus (descriptive). Same binary, take your pick.

Commands

Command What it does
mm status [dir] Free offline model-health check — no account
mm fix [dir] Rewrite dying model ids to their replacement (--dry-run to preview)
mm [dir] Launch the TUI on a folder (defaults to the current one) — runs locally
mm update Update the binary in place (Homebrew installs: brew upgrade)
mm login [api_key] Browser sign-in with polling (or paste a key)
mm signup Create an account in the browser
mm scan [dir] Scan for model usage; interactive TUI, or --ci/--json for pipelines
mm sources List detection sources and whether each can run here
mm upgrade Open Stripe checkout, poll until Pro is active
mm logout Forget the saved API key

Scan sources (--sources, default filesystem; all for everything):

Source Reads from
filesystem repo files
env live process env vars (OPENAI_API_KEY, …)
aws-secrets AWS Secrets Manager + SSM
k8s kubectl secrets + configmaps
helm helm release values
sql psql, via --db <dsn>

Secret sources shell out to your already-authenticated CLIs, run read-only, REDACT every snippet, and only ever upload model ids — secret values never leave your machine. Use --dry-run to preview.

Common flags: --api <url> · --key <key> · --project <id|name> · --yes · --json · --ci · --dry-run · --sources <list> · --region <r> · --namespace <ns> · --kube-context <c> · --db <dsn> · --sql-table <t>

Free vs paid

Free (this CLI) Pro (signed in)
mm status on any repo ✓ unlimited
Signed registry snapshot, offline cache
Resolve + health locally, on-device
Secret-source aware (env, aws-secrets, k8s, helm, sql)
mm fix — rewrite dying ids to replacements
Cloud inventory across projects/teams
GitHub App: PR checks + one-click fix PRs
Alerts on deprecations/retirements (email/Slack/SMS)
CI integrations + web dashboard

How the registry distribution works

The registry is published as a date-versioned, signed snapshot on Cloudflare R2 at cdn.llmstatus.ai, with a mini-TUF trust chain:

pinned root key (in the CLI binary)
   → root-signs ─→ keys.json (names the current signing key)
                       → signing-key-signs ─→ latest.json (pointer, with sha256)
                                                  → blob: <version>.json (immutable)

The CLI verifies every byte before trusting the snapshot, refuses any rollback to an older version, and falls back to its local cache when the network's down. The signing key can be rotated without shipping a new CLI release.

The binaries get the same treatment: macOS builds are Developer ID signed and Apple-notarized, every release manifest is Ed25519-signed and verified — against a public key embedded in the installer and the self-updater, not fetched from the CDN — and both refuse to proceed if any check fails.

Verify a download yourself

The installer already checks everything, but you can verify any binary independently with minisign (Ed25519). Each binary ships a detached .minisig next to it on the CDN:

# e.g. Linux x64 (use latest/ or a pinned cli/v0.1.83/)
curl -fLO https://cdn.llmstatus.ai/cli/latest/modelstatus-cli-linux-x64
curl -fLO https://cdn.llmstatus.ai/cli/latest/modelstatus-cli-linux-x64.minisig
minisign -Vm modelstatus-cli-linux-x64 \
  -P RWQlKGcm5lXiIiTvGv/cdc0joBn1sm9vOFr9WqR6CI15PXzoHNHVBY6S
# → "Signature and comment signature verified"

The public key is also committed at packages/cli/release-minisign.pub. (On macOS you additionally get the Developer ID signature + Apple notarization; on Linux/Windows the minisign signature is the independent check.)

License

MIT © LLM Status