Asyntax CLI

Drive your Asyntax workspace from the terminal: pick an org, pick a project, generate a backend or frontend, or run an AI-powered security scan against any directory.

██████╗ ██████╗██╗   ██╗███╗   ██╗████████╗ █████╗ ██╗  ██╗
   Asyntax AI — workspace + security from your terminal

Install

npm install -g asyntax-cli

The package name is asyntax-cli; the executable installed on your PATH is asyntax.

Requires Node.js 18.17+.

Get started

asyntax              # interactive: banner + login/workspace menu
asyntax login        # browser-based magic-link auth via dev.asyntax.com/login/cli
asyntax workspace    # pick an org + project, then generate or scan
asyntax scan ./      # ad-hoc scan of a directory (no project context)
asyntax whoami       # show the current account
asyntax logout       # remove the stored token

asyntax workspace (alias asyntax ws) is the main entry point once you're signed in. After login, the CLI also offers to drop you straight into it.

The workspace flow

After asyntax login:

1. Pick an org. The CLI lists every organization you're a member of. Choose one, or + Create a new organization.
2. Pick a project. The CLI lists projects in the chosen org. Choose one, or + Create a new project — you'll be asked for a name and a project type (frontend, backend, fullstack, or security_checkup).
3. Pick an action. From the workspace menu:
   • Generate a backend project — kicks off an AI generation job scoped to your project. The CLI prints a job ID and a playground URL where you can watch live progress in the browser.
   • Generate a frontend project — same, but for the frontend agent.
   • Scan this project for security issues — walks a directory, sends the files to the security agent in the context of your project, and prints a grouped report.
   • Switch project / org — jump back to the picker.

Your last-used { orgSlug, projectSlug } is cached in ~/.asyntax/config.json, so the next time you run asyntax workspace the CLI offers to resume there.

How auth works

asyntax login follows a device-code flow:

1. The CLI calls POST /api/v1/cli/auth/initiate and receives a short user_code (e.g. AB12-CD34) plus a verification URL.
2. The CLI opens your browser to https://dev.asyntax.com/login/cli?code=….
3. After you sign in to the web platform and click Authorize, the browser hits POST /api/v1/cli/auth/grant to bind the code to your account.
4. The CLI is polling POST /api/v1/cli/auth/poll and receives a 30-day HMAC-signed token.

The token is written to ~/.asyntax/config.json with mode 0600 and is valid for 30 days; once expired, the CLI will prompt you to log in again. Every command other than login / logout / whoami uses this token via the Authorization: Bearer cli_… header.

Configuration

API endpoints

All authenticated endpoints sit under /api/v1/cli/ and accept the HMAC-signed CLI token. The CLI never touches the regular user JWT.

What scan does

Both asyntax scan <dir> (ad-hoc) and the project-scoped scan in the workspace flow walk the directory (skipping node_modules, .git, dist, etc.), read scannable source files (up to 50 files / 256 KB per file / 4 MB total), upload them, and print a grouped, color-coded report (critical → info) with a recommendation per finding. The project-scoped variant tags each finding with your org_slug / project_slug.

Privacy / safety

• Only files you explicitly target are sent.
• The CLI confirms the file count before uploading.
• Tokens are stored locally in ~/.asyntax/config.json (mode 0600).
• asyntax logout deletes the stored token.

Changelog

0.2.0

• New asyntax workspace command: pick an org → pick a project → generate a backend, generate a frontend, or run a project-scoped security scan.
• Last-used { orgSlug, projectSlug } is cached for fast re-entry.
• After asyntax login, the CLI offers to drop straight into the workspace flow.
• All workspace endpoints sit under /api/v1/cli/ and use the existing CLI HMAC token — no new auth surface.

0.1.0

• Initial release: login, logout, whoami, scan.