@vendodev/cli

The Vendo CLI. Log in to your Vendo account, develop apps locally with real Vendo identity, validate deploy manifests, and SSH into your running deployments.

Install

npm i -g @vendodev/cli
vendo --help

Commands

| Command | What it does | |---|---| | vendo login | Open the browser to authorize the CLI; stores a long-lived API key in ~/.vendo/config.json. | | vendo logout | Remove the local credential. | | vendo whoami | Show the email + tenant the CLI is logged in as. | | vendo validate [file] | Lint a vendo.yaml manifest against the public schema. Defaults to ./vendo.yaml. | | vendo dev | Localhost reverse proxy that fronts your local app with real Vendo identity headers. Useful when developing apps that expect to run on a Vendo deployment. | | vendo ssh <deployment> | Open an interactive shell on a running deployment (Hermes, etc.). |

Auth model

The CLI authenticates via PKCE against vendo.run. The browser flow returns a long-lived API key (a vendo_sk_* token) scoped to your tenant. The key is stored in ~/.vendo/config.json with mode 0600. Revoke it from the dashboard or via vendo logout (revokes server-side too).

SSH

vendo ssh <deployment> brokers a real SSH session into your Railway-hosted deployment. The CLI hits https://vendo.run/api/cli/ssh/:deployment to mint a short-lived session token, then opens a WebSocket to wss://ssh.vendo.run/, which proxies stdio to an OpenSSH child connected to ssh.railway.com. Vendo holds the SSH key; you never see it.

Sessions are audited (start, end, duration, user, deployment). Provider keys do not sit in the deployment env — only a scoped vendo_sk_* proxy token, which is rate-limited and spend-capped server-side.

Develop

git clone [email protected]:runvendo/vendo-cli.git
cd vendo-cli
npm install
npm test
npm run smoke

License

MIT