salambo
v0.1.4
Published
Salambo CLI for API workflows
Readme
Salambo CLI
Command-line tooling for Salambo agent source deployments.
First-agent quickstart
salambo init my-agent
cd my-agent
salambo auth set --api-url https://app.salambo.ai
salambo auth set --key <api_key>
salambo auth status
salambo deploysalambo deploy is the main deployment path for the current template. It uploads your agent source and compiled Pi manifest to Salambo; the hosted deployment worker builds the sandbox image, creates the Daytona snapshot, and activates the agent.
Current template model
The default Pi template is worker-owned:
Salambo worker = brain, model loop, run lifecycle
template repo = agent config + sandbox image inputsThere is intentionally no app server, no /agent/query, and no local Pi brain in the template repo.
Agent behavior belongs in:
agent/settings.json
agent/system.md
agent/skills/**
agent/prompts/**
agent/extensions/**Sandbox machine setup belongs in:
sandbox/Dockerfile
sandbox/packages.mjs
sandbox/workspace/**Primary commands
salambo init <name>
salambo auth set --api-url https://app.salambo.ai
salambo auth set --key <api_key>
salambo auth status
salambo auth whoami
salambo deploy
salambo manifest --path . --json
salambo doctorsalambo init
Creates a starter agent repo from the hosted template and writes a local salambo.yaml for the chosen agent name.
salambo auth
Stores, checks, or removes the API URL and key used by later CLI commands. auth set can update the URL and key together or one at a time; setting a new key keeps the existing URL.
salambo auth set --api-url https://app.salambo.ai
salambo auth set --key <api_key>
salambo auth status
salambo auth whoami
salambo auth logoutsalambo deploy
Packages the source directory into a .tar.gz archive, excludes generated/dependency directories (.git, node_modules, dist, .next, .turbo, coverage), compiles and uploads the Pi manifest, creates an immutable deployment record, uploads the source archive, verifies its SHA-256, and leaves the deployment in source_uploaded for the Salambo deployment worker.
The hosted deployment worker owns the remaining server-side steps:
source_uploaded -> Depot image build -> Daytona snapshot -> ready -> agents.active_deployment_idGitHub Actions/CI should not build Docker images and should not receive Depot or Daytona credentials. CI only needs Salambo API auth plus any environment variables referenced by salambo.yaml secrets.
salambo smoke
Calls the real Salambo Responses API for the deployed agent. This validates the hosted API/runtime path. It is useful after the agent is ready and the account has the required runtime scopes/billing state.
salambo manifest
Compiles and prints the deploy manifest for review/debugging without uploading source.
salambo doctor
Read-only diagnostics for local config, auth profile, and required secret env vars.
Agent API commands
These remain available for lower-level agent API workflows:
salambo agent create --template ./agent.template.json --profile default
salambo agent config set --id <agent_id> --file ./agent.config.json --profile defaultLegacy local-harness commands
The old local Docker image/snapshot workflow is not exposed in the first-agent CLI. salambo deploy now always means source deploy from the current project directory unless --source <path> points at another directory.
The current template runs Pi in Salambo's hosted worker. There is no supported salambo dev, salambo pi, salambo build, or salambo snapshot push path for the first-agent release.
salambo.yaml
A minimal source-deploy config looks like:
version: 1
name: my-agent
runtime: pi
image:
context: .
dockerfile: sandbox/Dockerfile
platform: linux/amd64
buildArgs: {}
snapshot:
name: my-agent
entrypoint: /app/start.sh
size: s
agent:
name: My Agent
slug: my-agent
description: General-purpose Pi agent.
icon: 🤖
isActive: true
runtimeConfig:
egressPolicyMode: restricted
egressAllowlist:
- api.openai.com
env:
MODEL:
value: gpt-5.2
description: Default model.
secrets:
OPENAI_API_KEY:
fromEnv: OPENAI_API_KEY
description: OpenAI provider key.
exposeTo:
- runtimeRules:
- MVP runtime is
pi. agent.slugis used to find/update the deployed agent.agent.isActivecontrols deployed active/inactive state.enventries are non-secret configuration.secretsentries usefromEnvand must never store raw secret values in YAML.exposeTocontrols where an entry is available:runtimefor the Salambo/Pi worker brain,sandboxfor Daytona hands/tools/extensions.- Sandbox-exposed secrets require
allowedHostsand are injected as sealed egress tokens, not plaintext env vars.
Install / run from repo
In the monorepo:
pnpm --filter salambo build
node packages/cli/build/index.js --helpFor local package validation:
pnpm --filter salambo test
pnpm --filter salambo typecheck
pnpm --filter salambo build
cd packages/cli && npm pack --dry-run