Developers

CLI

The index365 CLI wraps the REST API for terminals, CI pipelines, and agent shells. Everything below works identically against the live API with a scoped key.

Install

npm i -g @index365/cli

This puts the index365 command on your PATH. Every command below uses it directly.

To update to the latest version later:

npm i -g @index365/cli@latest

The CLI also prints a one-line notice when a newer version is available, so you do not have to check by hand.

Authenticate

bash
index365 login            # asks how you want to sign in, then saves a key (0600)
index365 whoami           # which account/org this machine is signed in as
index365 doctor           # diagnose auth, version, and config (--fix applies safe fixes)

index365 login asks how you want to sign in. Browser (the default) runs a loopback + PKCE flow: it opens the dashboard consent screen, and once you approve it mints a scoped key and saves it locally. The secret never travels through a URL, and nothing is pasted. API key lets you paste a key from the dashboard API Keys page (available on every plan, including Free). To skip the menu, run index365 login --web for the browser flow directly.

For CI or headless machines, pass index365 login --key <key> or set INDEX365_API_KEY to use a key with no prompt. The CLI never prints your secret.

Run an audit end to end

bash
index365 projects list
index365 projects create --domain acme.com --name "Acme"   # add a project (idempotent by domain)
index365 projects delete <projectId> --confirm acme.com    # remove a project (echo its domain)
index365 runs start --project <projectId> --wait     # polls until terminal
index365 reports context <runId> --json              # compact agent context
index365 findings list --run <runId> --severity critical --json
index365 reports download <runId> --output report.json

A project's domain covers its apex and every subdomain, so runs start can audit staging.acme.com or pr-42.preview.acme.com under the same project without creating a new one.

Scan a local page before you deploy

scan local scores a page running on your own machine, so you can check a fix before you deploy. The CLI fetches the local URL and uploads the HTML response; index365 never fetches your machine, and cookie values never leave it. It scores the on-page AI-readiness checks read from that HTML (content, structure, schema, and answerability). DNS, TLS, redirects, robots/sitemap/llms.txt, email auth, and response-header security are not evaluated and are listed in coverage.notEvaluated; run a live scan for those. v1 supports --product ai-readiness only.

bash
# Iterate locally: scan the dev server, fix, re-scan, repeat before pushing
index365 scan local http://localhost:3000/pricing \
  --project <projectId> --wait --fail-under 80 --output .index365/local.json

Marketing Signal audits

bash
index365 marketing run --project <projectId> --wait   # five-stage marketing audit
index365 marketing report --project <projectId>       # latest report (stage scores)
index365 marketing findings --project <projectId> --stage measure --json
index365 integrations list --project <projectId>      # connected-signal providers

Website Security audits run through the REST API today (POST /runs with scanMode=paid_website_security); see the REST API page. A dedicated CLI command is on the roadmap.

CI example

ci.sh
# Fail the pipeline when a deploy degrades AI-readiness
index365 runs start --project "$PROJECT_ID" \
  --idempotency-key "$CI_COMMIT_SHA" --wait --json > run.json
score=$(jq -r .score run.json)
test "$score" -ge 70 || { echo "AI-readiness score $score below 70"; exit 1; }

Conventions

  • --json on every command prints the raw API payload for scripts and agents.
  • Stable exit codes: 0 ok, 1 error, 2 usage, 3 auth, 4 not found, 5 quota/conflict/rate.
  • --idempotency-key makes runs start retry-safe: the same key returns the original run instead of double-spending credits.
  • index365 mcp config prints ready-to-paste MCP host configuration.

Drive the CLI from your agent

The index365 agent skills wrap these commands so your coding agent can run an audit and apply fixes in one instruction. Install and authenticate the CLI first, then see Agent skills for the one-command install.