npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@sembix/cli

v1.14.1

Published

CLI tool for managing Sembix products

Downloads

785

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

j-bixj-bixsembix-dannysembix-danny

Keywords

sembixstudioclideploymentgithub-actionsawsterraforminfrastructure

Readme

Sembix CLI

A unified CLI for managing Sembix Strata with two main capabilities:

  1. Environment Management (sembix strata) - Create and manage GitHub Actions environments for AWS deployments
  2. Environment Interaction (sembix workflow, sembix project) - Execute and manage workflows on running Strata instances

Table of Contents

Prerequisites

  • Node.js 20 or higher
  • For environment management: GitHub Personal Access Token with repo and workflow scopes
  • For environment interaction: Access to a Sembix Strata instance with Cognito credentials

Installation

# From npm
npm install -g @sembix/cli

# From source
git clone <repo>
npm install && npm run build
npm link

Quick Start

Initial Configuration

sembix configure

Prompts for:

  • GitHub token (for environment management)
  • Optionally: Strata profile (for environment interaction)

Environment Management (GitHub Deployment)

# Create GitHub Actions environment
sembix strata create production --repo owner/repo

# After first deployment, add Hub integration
sembix strata add-hub production --repo owner/repo

# List environments
sembix strata list owner/repo

Environment Interaction (Strata API)

# Authenticate with Strata instance
sembix login

# Start a workflow
sembix workflow start

# Monitor workflow status
sembix workflow run status --workflow-id wf_456 --run-id run_789 --watch

# List projects
sembix project list

Part 1: Environment Management

Concepts

The sembix strata commands automate GitHub Actions environment creation for Sembix Strata deployments on AWS and Azure. They create GitHub environments with encrypted secrets and variables required for Terraform-based infrastructure deployment.

Cloud Provider Support:

  • AWS: Full support for all features including Hub integration, Customer Portal, billing/licensing, and Microsoft Graph
  • Azure: Full support for all features including Hub integration, Customer Portal, billing/licensing, and Microsoft Graph

Deployment Process:

  1. Bootstrap - Create environment → Run GitHub Actions → Get IAM/role ARNs
  2. Hub Integration - Add Hub ARNs → Run GitHub Actions again → Full deployment
  3. Optional Features - Add billing, Customer Portal, or Microsoft Graph as needed

Command Reference

sembix strata create [name]

Create a new GitHub Actions environment for Strata deployment.

# Interactive mode (guided prompts)
sembix strata create

# With repository and name
sembix strata create production --repo owner/repo

# With YAML config file
sembix strata create --config production.yaml

# Skip Hub integration (add later)
sembix strata create production --repo owner/repo --skip-hub

Key Options:

  • -r, --repo <repo> - Target repository (owner/repo)
  • -c, --config <path> - YAML configuration file
  • -t, --token <token> - GitHub token (overrides config)
  • -e, --env <name> - Environment name
  • --skip-hub - Skip Hub integration step

What it does:

  1. Prompts for repository selection (if not provided)
  2. Prompts for environment name (if not provided)
  3. Validates environment doesn't already exist
  4. Walks through 12 configuration steps:
    • Step 1: Cloud Provider Selection
    • Step 2: Basic Configuration
    • Step 3: Database Configuration
    • Step 4: Networking Configuration
    • Step 5: Security Configuration
    • Step 6: Cognito Configuration
    • Step 7: Domain Configuration
    • Step 8: Monitoring Configuration
    • Step 9: Hub Integration (Optional)
    • Step 10: Customer Portal (Optional)
    • Step 11: Billing/Licensing (Optional)
    • Step 12: Microsoft Graph - User Invites (Optional)
  5. Creates GitHub Actions environment
  6. Sets all secrets and variables
  7. Displays success message with next steps

Configuration Categories:

  • AWS: --aws-account-id, --aws-region, --customer-role-arn, --terraform-state-bucket
  • Database: --database-name, --database-user
  • Networking: --vpc-cidr, --custom-vpc-id, --subnet-ids, --enable-vpc-endpoints
  • Security: --sg-* (security groups), --iam-* (IAM roles), --use-custom-*
  • TLS/DNS: --certificate-arn, --cloudfront-domain, --cloudfront-cert-arn, --bff-alb-cert-arn, --bff-internal-alb-cert-arn, --hosted-zone-id
  • Features: --deploy-strata-notifications, --enable-bff-waf
  • Frontend: --github-app-client-id, --jira-client-id
  • Hub: --hub-engine-execution-role, --hub-consumer-role, --hub-admin-role
  • Customer Portal: --customer-portal-cloudfront-domain, --customer-portal-cert-arn, --customer-portal-data-bucket-name
  • Billing/Licensing: --billing-enabled, --billing-instance-id, --billing-* (intervals and cloud-specific secrets)
  • Microsoft Graph: --graph-client-id, --graph-client-secret-arn (AWS), --graph-client-secret-name (Azure)

See all 60+ options

sembix strata update [name]

Update an existing GitHub Actions environment. Only provide flags you want to change.

# Add Hub integration
sembix strata update production --repo owner/repo \
  --hub-engine-execution-role arn:aws:iam::123456789012:role/HubEngine \
  --hub-consumer-role arn:aws:iam::123456789012:role/HubConsumer

# Update feature flags
sembix strata update production --repo owner/repo \
  --deploy-strata-memory true

sembix strata add-hub [name]

Add Sembix Hub integration to an existing environment (Phase 2 of deployment).

sembix strata add-hub production --repo owner/repo

Interactive prompts for Hub role ARNs (or use flags):

  • --hub-engine-execution-role <arn> - Hub Engine Execution Role ARN
  • --hub-consumer-role <arn> - Hub Consumer Role ARN
  • --hub-admin-role <arn> - Hub Admin Role ARN
  • --hub-appconfig-role <arn> - Hub AppConfig Role ARN (optional)

sembix strata add-customer-portal [name]

Add Customer Portal configuration to an existing environment.

# Interactive mode
sembix strata add-customer-portal production --repo owner/repo

# With YAML config
sembix strata add-customer-portal production --repo owner/repo --config config.yaml

# With CLI flags
sembix strata add-customer-portal production --repo owner/repo \
  --customer-portal-cloudfront-domain portal.example.com \
  --customer-portal-cloudfront-cert-arn arn:aws:acm:us-east-1:123456789012:certificate/abc123 \
  --customer-portal-hosted-zone-id Z1234567890ABC \
  --customer-portal-data-bucket-name my-portal-data-bucket

Required Options:

  • --customer-portal-cloudfront-domain <domain> - CloudFront custom domain for the portal
  • --customer-portal-cloudfront-cert-arn <arn> - ACM certificate ARN (must be in us-east-1)
  • --customer-portal-hosted-zone-id <id> - Route53 hosted zone ID
  • --customer-portal-data-bucket-name <name> - S3 bucket name for portal data

Optional Options:

  • --customer-portal-cognito-password-min-length <length> - Minimum password length (8-128, default: 8)
  • --customer-portal-log-level <level> - Log level: debug, info, warn, error (default: info)

sembix strata add-billing [name]

Add billing/licensing configuration to an existing environment.

# Interactive mode
sembix strata add-billing production --repo owner/repo

# With YAML config
sembix strata add-billing production --repo owner/repo --config config.yaml

# With CLI flags (AWS)
sembix strata add-billing production --repo owner/repo \
  --cloud-provider aws \
  --billing-enabled true \
  --billing-instance-id acme-prod-001 \
  --billing-engine-image-tag v1.0.0 \
  --billing-hub-role-arn arn:aws:iam::123456789012:role/BillingHub \
  --billing-license-key-secret-arn arn:aws:secretsmanager:us-east-1:123456789012:secret:license

# With CLI flags (Azure)
sembix strata add-billing production --repo owner/repo \
  --cloud-provider azure \
  --billing-enabled true \
  --billing-instance-id acme-prod-001 \
  --billing-license-key-secret-name acme-license-key

# Disable billing
sembix strata add-billing production --repo owner/repo \
  --cloud-provider aws \
  --billing-enabled false

Required Options:

  • --cloud-provider <provider> - Cloud provider (aws or azure)
  • --billing-enabled <boolean> - Enable billing (true/false)

When enabled=true, AWS requires:

  • --billing-instance-id <id> - Unique billing instance ID (provided by Sembix)
  • --billing-engine-image-tag <tag> - Billing engine Docker image tag
  • --billing-hub-role-arn <arn> - Billing Hub cross-account IAM role ARN
  • --billing-license-key-secret-arn <arn> - License key Secrets Manager ARN

When enabled=true, Azure requires:

  • --billing-instance-id <id> - Unique billing instance ID (provided by Sembix)
  • --billing-license-key-secret-name <name> - License key Key Vault secret name

Optional Runtime Intervals:

  • --billing-license-refresh-interval-ms <ms> - License refresh interval (default: 3600000)
  • --billing-config-poll-interval-ms <ms> - Config poll interval (default: 300000)
  • --billing-telemetry-poll-interval-ms <ms> - Telemetry poll interval (default: 300000)

When to use:

  • After initial deployment when billing requirements are confirmed
  • To enable billing on an existing environment
  • To update billing configuration (instance ID, intervals, etc.)
  • To disable billing (sets BILLING_ENABLED=false)

What it does:

  1. Validates the environment exists
  2. Prompts for billing configuration (or uses config file/CLI flags)
  3. Updates GitHub environment with billing variables and secrets
  4. Displays configuration summary

Note: Billing is optional. Deployments without billing ship with BILLING_ENABLED=false.

sembix strata list [repository]

List GitHub Actions environments.

sembix strata list                    # All accessible repositories
sembix strata list owner/repo         # Specific repository

sembix strata tunnel [environment]

When Strata is deployed without public DNS, the BFF ALB is internal and unreachable from your machine — typically serving internal HTTPS with a cert from a private CA in the account (HTTP is also supported). This command opens a local browser tunnel to it — provisioning an ephemeral SSM bastion, port-forwarding to the ALB, running a small in-process proxy (no mitmproxy / Python dependency) so the browser does TLS end-to-end with the real ALB, auto-trusting the ALB's private CA so Chrome/Safari load it without warnings, and tearing it all down on Ctrl-C.

sembix strata tunnel production       # discover ALB/VPC/subnet via AWS, then tunnel

See docs/INTERNAL_ALB_ACCESS.md for prerequisites, flags, the required AWS permissions, caveats, and troubleshooting.

Configuration

Priority Chain

Configuration values are resolved in this order (highest to lowest):

  1. CLI Flags - Explicit command-line options
  2. Config File - YAML file (via --config)
  3. Interactive Prompts - User input during execution
  4. Defaults - Built-in defaults

GitHub Token Priority

GitHub token is resolved in this order:

  1. --token flag
  2. GITHUB_TOKEN environment variable
  3. ~/.sembix/config (via sembix configure)
  4. .env file

YAML Config File

Create production.yaml:

repository:
  owner: acme-corp
  repo: sembix-deployment

environmentName: client-abc-production
awsAccountId: "123456789012"
awsRegion: us-east-1
customerRoleArn: arn:aws:iam::123456789012:role/GitHubActionsDeployRole
terraformStateBucket: my-terraform-state-bucket

database:
  name: sembix_studio
  user: sembix_studio_user

networking:
  enableVpcEndpoints: true
  useCustomNetworking: false
  vpcCidr: 10.0.0.0/16
  azCount: 2

tls:
  cloudfrontDomain: strata.acme.com
  cloudfrontCertArn: arn:aws:acm:us-east-1:123456789012:certificate/abc123
  bffAlbCertificateArn: arn:aws:acm:us-east-1:123456789012:certificate/def456
  hostedZoneId: Z1234567890ABC

frontend:
  githubAppClientId: Iv1.0123456789abcdef
  githubAppName: sembix-strata-app
  jiraClientId: abc123def456

features:
  deployStudioMemory: true
  deployStudioNotifications: false
  enableBffWaf: false

# Hub integration (optional, add after Phase 1)
hub:
  engineExecutionRoleArn: arn:aws:iam::999888777666:role/HubEngine
  consumerRoleArn: arn:aws:iam::999888777666:role/HubConsumer
  adminRoleArn: arn:aws:iam::999888777666:role/HubAdmin

See config.example.yaml for complete reference with all options.

Common Workflows

First-time setup:

sembix strata create --config base.yaml --skip-hub
# → Run GitHub Actions → Get IAM ARNs → Send to Sembix
sembix strata add-hub production --repo owner/repo
# → Run GitHub Actions again → Full deployment

Update existing environment:

sembix strata update production --repo owner/repo \
  --deploy-strata-memory true

Create multiple environments:

sembix strata create prod --repo owner/repo --config prod.yaml
sembix strata create staging --repo owner/repo --config staging.yaml

Add Customer Portal to existing environment:

# Interactive mode (easiest)
sembix strata add-customer-portal production --repo owner/repo

# With config file
sembix strata add-customer-portal production --repo owner/repo --config prod.yaml

# With CLI flags
sembix strata add-customer-portal production --repo owner/repo \
  --customer-portal-cloudfront-domain portal.mycompany.com \
  --customer-portal-cloudfront-cert-arn arn:aws:acm:us-east-1:123456789012:certificate/abc123 \
  --customer-portal-hosted-zone-id Z1234567890ABC \
  --customer-portal-data-bucket-name mycompany-portal-data

Add billing to existing environment:

# Interactive mode (recommended)
sembix strata add-billing production --repo owner/repo

# With config file
sembix strata add-billing production --repo owner/repo --config billing.yaml

# With CLI flags (AWS)
sembix strata add-billing production --repo owner/repo \
  --cloud-provider aws \
  --billing-enabled true \
  --billing-instance-id acme-prod-001 \
  --billing-engine-image-tag v1.0.0 \
  --billing-hub-role-arn arn:aws:iam::123456789012:role/BillingHub \
  --billing-license-key-secret-arn arn:aws:secretsmanager:us-east-1:123456789012:secret:license

# With CLI flags (Azure)
sembix strata add-billing production --repo owner/repo \
  --cloud-provider azure \
  --billing-enabled true \
  --billing-instance-id acme-prod-001 \
  --billing-license-key-secret-name acme-license-key

Part 2: Environment Interaction

Concepts

The Sembix CLI provides commands to interact with running Sembix Strata instances. Use these commands to execute workflows, manage projects, and monitor workflow runs.

Two Authentication Methods:

  1. Browser OAuth - For local development (interactive login)
  2. Client Credentials - For CI/CD (M2M authentication)

Authentication

Local Development (Browser OAuth)

# Login (opens browser)
sembix login

# Login to specific profile
sembix login --profile production

# Logout
sembix logout --profile production

# Logout from all profiles
sembix logout --all

Tokens are stored in ~/.sembix/tokens/<profile>.json and automatically refreshed.

CI/CD (Client Credentials)

Set environment variables:

export SEMBIX_CLIENT_ID="7a8b9c0d1e2f3g4h"
export SEMBIX_CLIENT_SECRET="your-secret"

No login required - CLI automatically uses client credentials when detected.

GitHub Actions Example:

- name: Start workflow
  env:
    SEMBIX_CLIENT_ID: ${{ secrets.SEMBIX_M2M_CLIENT_ID }}
    SEMBIX_CLIENT_SECRET: ${{ secrets.SEMBIX_M2M_CLIENT_SECRET }}
  run: |
    sembix workflow start --project-id proj_123 --workflow-id wf_456

Command Reference

Profile Management

sembix profile list

List all configured Strata profiles.

sembix profile list

sembix profile show <name>

Show profile details.

sembix profile show production

sembix profile set-default <name>

Set default profile.

sembix profile set-default production

sembix profile delete <name>

Delete a profile and its tokens.

sembix profile delete staging

sembix profile set-default-project <profile> <project-id>

Set default project for a profile (allows omitting --project-id in commands).

sembix profile set-default-project production proj_abc123

Project Management

sembix project list

List projects in Strata instance.

# List all projects
sembix project list

# Filter by name
sembix project list --name "Production"

# With specific profile
sembix project list --profile production

# Pretty output
sembix project list --pretty

sembix project show

Show project details.

sembix project show --project-id proj_abc123

Workflow Operations

sembix workflow list

List workflow instances (definitions).

# List all workflows
sembix workflow list

# Filter by project
sembix workflow list --project-id proj_123

sembix workflow template show

Show workflow template with input variable details (useful for discovering input names).

sembix workflow template show --project-id proj_123 --workflow-id wf_456

sembix workflow start

Start a workflow instance (creates a new run).

# Interactive mode (prompts for project, workflow, inputs)
sembix workflow start

# With project and workflow IDs
sembix workflow start --project-id proj_123 --workflow-id wf_456

# With workflow name instead of ID
sembix workflow start --project-id proj_123 --workflow-name "Deploy"

# With inline JSON inputs (using input variable names)
sembix workflow start --project-id proj_123 --workflow-id wf_456 \
  --inputs '{"environment":"production","version":"1.2.3"}'

# With inputs from file
sembix workflow start --project-id proj_123 --workflow-id wf_456 \
  --inputs @inputs.json

# Using default project (set via profile set-default-project)
sembix workflow start --workflow-id wf_456 --inputs '{"key":"value"}'

# Non-interactive mode
sembix workflow start --project-id proj_123 --workflow-id wf_456 --no-interactive

Options:

  • -p, --profile <name> - Profile to use
  • --project-id <id> - Project ID (uses default if not specified)
  • --workflow-id <id> - Workflow ID (or use --workflow-name)
  • --workflow-name <name> - Workflow name (or use --workflow-id)
  • --inputs <json> - Input variables as JSON or @file.json
  • --workspace-id <id> - Workspace ID (optional)
  • --issue-id <id> - Issue ID (optional)
  • --no-interactive - Disable interactive prompts

Input Formats:

The --inputs flag supports three formats:

  1. Name-based format (recommended):

    --inputs '{"repositoryUrl": "https://github.com/acme/repo", "branch": "main"}'
    • Uses input variable names from the workflow template
    • CLI automatically resolves names to IDs and validates inputs
    • Required fields must be provided with non-empty values
    • Optional fields can be omitted (will be filled with empty strings)

  2. ID-based format:

    --inputs '[{"id": "var_123", "instruction": "value"}, {"id": "var_456", "instruction": "main"}]'
    • Uses input variable IDs directly
    • Useful when you know the exact IDs
    • Still validates required fields and data types

  3. File-based format:

    --inputs @inputs.json
    • Reads inputs from a JSON file
    • File can contain name-based or ID-based format

Input Validation:

The CLI validates all inputs before starting the workflow:

  • Required fields: Must have non-empty values

    # Error: Missing required field
--inputs '{"branch": "main"}'
# Error: Required input "repositoryUrl" is missing or empty

  • Boolean fields: Must be true or false (converted to strings)

    # Valid
--inputs '{"enabled": true, "dryRun": false}'
--inputs '{"enabled": "true", "dryRun": "false"}'

  • Optional fields: Automatically filled with empty strings if not provided

    # Input: Only required fields provided
--inputs '{"environment": "production"}'

# CLI adds optional fields:
# {"environment": "production", "optionalField": ""}

Validation Examples:

# ✓ Valid - all required fields provided
sembix workflow start --project-id proj_123 --workflow-id wf_456 \
  --inputs '{"environment": "production", "version": "1.2.3"}'

# ✗ Invalid - missing required field
sembix workflow start --project-id proj_123 --workflow-id wf_456 \
  --inputs '{"environment": "production"}'
# Error: Input validation failed:
#   - Required input "version" is missing or empty

# ✗ Invalid - boolean field has invalid value
sembix workflow start --project-id proj_123 --workflow-id wf_456 \
  --inputs '{"enabled": "yes"}'
# Error: Input validation failed:
#   - Input "enabled" must be true or false (got: yes)

# ✓ Valid - optional fields can be omitted
sembix workflow start --project-id proj_123 --workflow-id wf_456 \
  --inputs '{"environment": "prod"}'
# CLI automatically adds: {"environment": "prod", "optionalField": ""}

Interactive Mode:

If --inputs is not provided, the CLI enters interactive mode and prompts for each input:

sembix workflow start --project-id proj_123 --workflow-id wf_456

# Prompts appear:
# ? environment (required): production
# ? version (required): 1.2.3
# ? dryRun (optional): [y/n]
# ? notes (optional):

sembix workflow run list

List workflow runs (executions). Excludes sub-workflow runs by default.

# List all runs
sembix workflow run list

# Filter by workflow
sembix workflow run list --workflow-id wf_456

# Filter by project
sembix workflow run list --project-id proj_123

# Filter by status
sembix workflow run list --status RUNNING

# Include sub-workflow runs
sembix workflow run list --include-subflows

# Pagination
sembix workflow run list --limit 20 --offset 10

sembix workflow run status

Get the status of a workflow run.

# Get current status
sembix workflow run status --workflow-id wf_456 --run-id run_789

# Watch until completion (polls every 5 seconds)
sembix workflow run status --workflow-id wf_456 --run-id run_789 --watch

sembix workflow run show

Show full details of a specific workflow run.

# Show run details
sembix workflow run show --workflow-id wf_456 --run-id run_789

# Watch until completion
sembix workflow run show --workflow-id wf_456 --run-id run_789 --watch

sembix workflow run stop

Stop a running workflow.

sembix workflow run stop --project-id proj_123 \
  --workflow-id wf_456 --run-id run_789

Common Workflows

Start and monitor a workflow:

# Interactive mode (easiest)
sembix workflow start

# Programmatic mode
RUN_ID=$(sembix workflow start \
  --project-id proj_123 \
  --workflow-id wf_456 \
  --inputs '{"env":"production"}' \
  | jq -r '.runId')

# Watch until completion
sembix workflow run status \
  --workflow-id wf_456 \
  --run-id $RUN_ID \
  --watch

List recent failures:

sembix workflow run list --status FAILED --limit 10

Use default project:

# Set default project once
sembix profile set-default-project production proj_123

# Now omit --project-id
sembix workflow start --workflow-id wf_456

Use inputs from file:

# Create inputs.json
cat > inputs.json <<EOF
{
  "repositoryUrl": "https://github.com/acme/repo",
  "branch": "main",
  "environment": "production"
}
EOF

# Use file
sembix workflow start \
  --project-id proj_123 \
  --workflow-id wf_456 \
  --inputs @inputs.json

Global Configuration

sembix configure

Interactive configuration for GitHub credentials and Strata profiles.

sembix configure

Prompts for:

  1. GitHub Personal Access Token
  2. Default GitHub organization (optional)
  3. Optionally: Strata profile configuration
    • Profile name
    • Strata API URL
    • Cognito User Pool ID, Client ID, Region, Domain

Saves to ~/.sembix/config with 0600 permissions.

Environment Variables

GitHub (for environment management):

  • GITHUB_TOKEN - GitHub Personal Access Token
  • DEFAULT_GITHUB_ORG - Default GitHub organization

Strata (for environment interaction):

  • SEMBIX_DEFAULT_PROFILE - Default Strata profile
  • SEMBIX_CLIENT_ID - M2M client ID (for CI/CD)
  • SEMBIX_CLIENT_SECRET - M2M client secret (for CI/CD)

Profile Selection Priority:

  1. --profile CLI flag (highest)
  2. SEMBIX_DEFAULT_PROFILE environment variable
  3. default_profile in ~/.sembix/config
  4. First available profile (lowest)

Global Options

Output Formatting:

--output <format>    # json, pretty, or text
--pretty             # Shorthand for --output pretty

Examples:

sembix project list --pretty
sembix workflow list --output json

Other:

--help, -h           # Show help
--version, -V        # Show version

Troubleshooting

Authentication Issues

GitHub token required:

sembix configure

GitHub token invalid:

  1. Create new token at https://github.com/settings/tokens
  2. Required scopes: repo, workflow
  3. Run sembix configure to update

Strata authentication required:

sembix login --profile production

Strata token expired:

sembix logout --profile production
sembix login --profile production

Common Errors

Repository not found:

  • Verify repository name format: owner/repo
  • Check token has access to repository
  • For orgs, configure SSO authorization

Environment already exists:

# Update existing environment
sembix strata update production --repo owner/repo

# Or use different name
sembix strata create production-v2 --repo owner/repo

Invalid environment name:

  • Must be lowercase letters, numbers, hyphens
  • Minimum 3 characters
  • No spaces or special characters

Profile not found:

sembix configure  # Add profile
sembix profile list  # List available profiles

Workflow not found:

sembix workflow list --project-id proj_123  # List available workflows
sembix workflow start  # Use interactive mode

Client credentials not working:

  1. Verify credentials have no extra spaces
  2. Check required scopes:
    • sembix-api/projects.read
    • sembix-api/workflows.read
    • sembix-api/workflows.execute
  3. Test locally:
    export SEMBIX_CLIENT_ID="your-id"
export SEMBIX_CLIENT_SECRET="your-secret"
sembix login

Getting Help

sembix --help                        # Global help
sembix strata --help                 # Strata commands help
sembix strata create --help          # Specific command help
sembix workflow start --help         # Workflow command help

sembix --version                     # Check CLI version
sembix profile list                  # Check profile status
sembix strata list                   # Verify GitHub access

Development

Project Structure

sembix-cli/
├── src/
│   ├── commands/              # Command implementations
│   ├── prompts/               # Interactive prompts
│   ├── services/              # Cognito auth, GitHub API
│   ├── utils/                 # Utilities (config, UI)
│   ├── types.ts               # TypeScript types
│   ├── config-schema.ts       # Zod schemas
│   └── index.ts               # CLI entry point
├── config.example.yaml        # Example config file
└── package.json

Scripts

npm run build       # Compile TypeScript
npm run dev         # Run with tsx (development)
npm run type-check  # Type check only
npm test            # Run tests

Adding Commands

  1. Create file in src/commands/
  2. Add prompts in src/prompts/ if needed
  3. Register command in src/index.ts
  4. Add types to src/types.ts
  5. Add validation to src/config-schema.ts

Complete Strata Options

All options for sembix strata create and sembix strata update:

General:

  • -t, --token <token> - GitHub token
  • -c, --config <path> - YAML config file
  • -r, --repo <repo> - Repository (owner/repo)
  • -e, --env <name> - Environment name

AWS:

  • --aws-account-id <id> - AWS Account ID (12 digits)
  • --aws-region <region> - AWS Region
  • --customer-role-arn <arn> - GitHub Actions IAM role ARN
  • --terraform-state-bucket <bucket> - Terraform state S3 bucket

Database:

  • --database-name <name> - PostgreSQL database name
  • --database-user <user> - PostgreSQL database user

Networking:

  • --enable-vpc-endpoints <boolean> - Enable VPC endpoints
  • --use-custom-networking <boolean> - Use existing VPC
  • --vpc-cidr <cidr> - VPC CIDR block
  • --public-subnet-cidrs <json> - Public subnet CIDRs (JSON array)
  • --private-subnet-cidrs <json> - Private subnet CIDRs (JSON array)
  • --az-count <count> - Number of AZs (2 or 3)
  • --custom-vpc-id <id> - Existing VPC ID
  • --custom-public-subnet-ids <ids> - Existing public subnet IDs (comma-separated)
  • --custom-private-subnet-ids <ids> - Existing private subnet IDs (comma-separated)

Security Groups:

  • --use-custom-security-groups <boolean> - Use custom security groups
  • --sg-workflow-engine <id> - Workflow Engine SG
  • --sg-aurora <id> - Aurora SG
  • --sg-rds-proxy <id> - RDS Proxy SG
  • --sg-bff-ecs <id> - BFF ECS SG
  • --sg-bff-alb <id> - BFF ALB SG
  • --sg-semantic-event-engine <id> - Semantic Event Engine SG
  • --sg-workspace-runtime <id> - Workspace Runtime SG
  • --sg-workspace-runtime-efs <id> - Workspace Runtime EFS SG

IAM Roles:

  • --use-custom-iam-roles <boolean> - Use custom IAM roles
  • --iam-workflow-engine-exec <arn> - Workflow Engine execution role ARN
  • --iam-workflow-engine-task <arn> - Workflow Engine task role ARN
  • --iam-bff-ecs-exec <arn> - BFF ECS execution role ARN
  • --iam-bff-ecs-task <arn> - BFF ECS task role ARN
  • --iam-semantic-event-engine-exec <arn> - Semantic Event Engine execution role ARN
  • --iam-semantic-event-engine-task <arn> - Semantic Event Engine task role ARN
  • --iam-rds-proxy <arn> - RDS Proxy role ARN
  • --iam-strata-notification <arn> - Strata Notification role ARN
  • --iam-workspace-runtime-exec <arn> - Workspace Runtime execution role ARN
  • --iam-workspace-runtime-task <arn> - Workspace Runtime task role ARN

TLS/DNS:

  • --certificate-arn <arn> - Primary ACM certificate ARN (wildcard, used as default for all TLS components)
  • --cloudfront-domain <domain> - CloudFront custom domain
  • --cloudfront-cert-arn <arn> - CloudFront certificate ARN (must be in us-east-1, overrides primary)
  • --bff-alb-cert-arn <arn> - BFF public ALB certificate ARN (overrides primary)
  • --bff-internal-alb-cert-arn <arn> - BFF internal ALB certificate ARN (overrides primary)
  • --hosted-zone-id <id> - Route53 hosted zone ID

Features:

  • --deploy-strata-notifications <boolean> - Deploy Strata Notifications
  • --enable-bff-waf <boolean> - Enable WAF for BFF

Frontend:

  • --github-app-client-id <id> - GitHub App OAuth client ID
  • --github-app-name <name> - GitHub App name
  • --jira-client-id <id> - Jira OAuth client ID

Hub Integration:

  • --skip-hub - Skip Hub integration
  • --hub-engine-execution-role <arn> - Hub Engine Execution Role ARN
  • --hub-consumer-role <arn> - Hub Consumer Role ARN
  • --hub-admin-role <arn> - Hub Admin Role ARN
  • --hub-appconfig-role <arn> - Hub AppConfig Role ARN
  • --hub-appconfig-app-id <id> - Hub AppConfig Application ID
  • --hub-appconfig-env-id <id> - Hub AppConfig Environment ID
  • --hub-appconfig-profile-id <id> - Hub AppConfig Profile ID

Customer Portal:

  • --customer-portal-cloudfront-domain <domain> - CloudFront domain for Customer Portal
  • --customer-portal-cloudfront-cert-arn <arn> - ACM certificate ARN (must be in us-east-1)
  • --customer-portal-hosted-zone-id <id> - Route53 hosted zone ID
  • --customer-portal-data-bucket-name <name> - S3 bucket name for portal data
  • --customer-portal-cognito-password-min-length <length> - Password minimum length (8-128)
  • --customer-portal-log-level <level> - Log level (debug, info, warn, error)

Billing/Licensing (Optional - Step 11):

  • --billing-enabled <boolean> - Enable billing engine (true/false)
  • --billing-instance-id <id> - Unique billing instance ID (provided by Sembix)
  • --billing-license-refresh-interval-ms <ms> - License refresh interval (default: 3600000)
  • --billing-config-poll-interval-ms <ms> - Config poll interval (default: 300000)
  • --billing-telemetry-poll-interval-ms <ms> - Telemetry poll interval (default: 300000)
  • --billing-engine-image-tag <tag> - Billing engine Docker image tag (AWS only)
  • --billing-hub-role-arn <arn> - Billing Hub cross-account IAM role ARN (AWS only)
  • --billing-license-key-secret-arn <arn> - License key Secrets Manager ARN (AWS only)
  • --billing-license-key-secret-name <name> - License key Key Vault secret name (Azure only)

Microsoft Graph - User Invites (Optional - Step 12):

  • --graph-client-id <id> - Microsoft Graph app client ID (GUID format)
  • --graph-client-secret-arn <arn> - Graph client secret Secrets Manager ARN (AWS only)
  • --graph-client-secret-name <name> - Graph client secret Key Vault secret name (Azure only)

Note: Microsoft Graph is only needed if your tenant uses Graph-backed email invites for user onboarding.

License

Proprietary - Sembix AI

Support

For issues or questions, contact the Sembix team or open an issue in the repository.

See Also