Developers
CLI
The index365 CLI wraps the REST API for terminals, CI pipelines, and agent shells. Everything below works identically against the live API with a scoped key.
Install
npm i -g @index365/cliThis puts the index365 command on your PATH. Every command below uses it directly.
To update to the latest version later:
npm i -g @index365/cli@latestThe CLI also prints a one-line notice when a newer version is available, so you do not have to check by hand.
Authenticate
index365 login # asks how you want to sign in, then saves a key (0600)
index365 whoami # which account/org this machine is signed in as
index365 doctor # diagnose auth, version, and config (--fix applies safe fixes)index365 login asks how you want to sign in. Browser (the default) runs a loopback + PKCE flow: it opens the dashboard consent screen, and once you approve it mints a scoped key and saves it locally. The secret never travels through a URL, and nothing is pasted. API key lets you paste a key from the dashboard API Keys page (available on every plan, including Free). To skip the menu, run index365 login --web for the browser flow directly.
For CI or headless machines, pass index365 login --key <key> or set INDEX365_API_KEY to use a key with no prompt. The CLI never prints your secret.
Run an audit end to end
index365 projects list
index365 projects create --domain acme.com --name "Acme" # add a project (idempotent by domain)
index365 projects delete <projectId> --confirm acme.com # remove a project (echo its domain)
index365 runs start --project <projectId> --wait # polls until terminal
index365 reports context <runId> --json # compact agent context
index365 findings list --run <runId> --severity critical --json
index365 reports download <runId> --output report.jsonA project's domain covers its apex and every subdomain, so runs start can audit staging.acme.com or pr-42.preview.acme.com under the same project without creating a new one.
Scan a local page before you deploy
scan local scores a page running on your own machine, so you can check a fix before you deploy. The CLI fetches the local URL and uploads the HTML response; index365 never fetches your machine, and cookie values never leave it. It scores the on-page AI-readiness checks read from that HTML (content, structure, schema, and answerability). DNS, TLS, redirects, robots/sitemap/llms.txt, email auth, and response-header security are not evaluated and are listed in coverage.notEvaluated; run a live scan for those. v1 supports --product ai-readiness only.
# Iterate locally: scan the dev server, fix, re-scan, repeat before pushing
index365 scan local http://localhost:3000/pricing \
--project <projectId> --wait --fail-under 80 --output .index365/local.jsonMarketing Signal audits
index365 marketing run --project <projectId> --wait # five-stage marketing audit
index365 marketing report --project <projectId> # latest report (stage scores)
index365 marketing findings --project <projectId> --stage measure --json
index365 integrations list --project <projectId> # connected-signal providersWebsite Security audits run through the REST API today (POST /runs with scanMode=paid_website_security); see the REST API page. A dedicated CLI command is on the roadmap.
CI example
# Fail the pipeline when a deploy degrades AI-readiness
index365 runs start --project "$PROJECT_ID" \
--idempotency-key "$CI_COMMIT_SHA" --wait --json > run.json
score=$(jq -r .score run.json)
test "$score" -ge 70 || { echo "AI-readiness score $score below 70"; exit 1; }Conventions
--jsonon every command prints the raw API payload for scripts and agents.- Stable exit codes: 0 ok, 1 error, 2 usage, 3 auth, 4 not found, 5 quota/conflict/rate.
--idempotency-keymakesruns startretry-safe: the same key returns the original run instead of double-spending credits.index365 mcp configprints ready-to-paste MCP host configuration.
Drive the CLI from your agent
The index365 agent skills wrap these commands so your coding agent can run an audit and apply fixes in one instruction. Install and authenticate the CLI first, then see Agent skills for the one-command install.