CLI reference
repome command groups, flags, and environment variables.
The repome CLI is the canonical shell client for the API. Every command also
accepts --json for machine-readable output; JSON is the default when
stdout is not a TTY.
Global flags
Recognised anywhere in argv (before or after the subcommand):
| Flag | Description |
|---|---|
--repo <name> | Override the active repo for this invocation |
--json | Machine-readable JSON on stdout, events as NDJSON on stderr |
| Env var | Description |
|---|---|
REPOME_API_KEY | Overrides the stored auth.json key (takes precedence) |
REPOME_SERVER_URL | API base URL (default: https://api.repome.sh) |
REPOME_REPO | Default repo if no --repo is passed |
REPOME_ANON_ID | Overrides the stored anonymous repo identifier |
Repo names are bare — the server resolves them against your active org.
There is no per-command org override; switch the active org with
repome org switch <slug>.
repome init
Authenticate the CLI, set up your active org, and optionally link the current directory to a repome repo. An organization is auto-created at signup. Idempotent — re-running surfaces current state without destructive changes.
repome init
repome init --no-linkBehavior:
- no auth → device-flow login
- active org set → report it
- no active org yet → activate the account's oldest org
- inside a git repo → offer to write
.repome/config.json(--no-linkskips)
repome whoami
Print the active authentication, organization, and resolved repo context. Exits 0 even when unauthenticated so agents can use it as a probe.
repome whoamirepome auth
| Subcommand | Purpose |
|---|---|
repome auth login | Start the device-authorization flow and store an rpme_ API key |
repome auth logout | Delete the stored credential and revoke the key |
repome auth token | Print the active API key (or --header for curl) |
repome auth status | Show which credential is active (env vs file) |
Bare repome auth is a back-compat alias for repome auth login.
# Print the active key for scripting
export REPOME_API_KEY=$(repome auth token)
# Or use it directly with curl against the oRPC endpoint
curl -X POST -H "$(repome auth token --header)" \
https://api.repome.sh/api/rpc/health/pingREPOME_API_KEY overrides the stored key for CI, agents, and scripts.
repome org
An organization is auto-created when you sign up — its name is derived from
your display name or email (renamable later). Org slugs are opaque,
server-minted handles (org-…): copy them from repome org list, don't
invent them.
| Subcommand | Purpose |
|---|---|
repome org list | List organizations you belong to |
repome org current | Print the active organization |
repome org switch <slug> | Switch the active organization (slug from list) |
repome org create [--name] | Create an organization (slug is server-minted) |
repome org delete <slug> | Delete an organization you own |
repome repos
| Subcommand | Purpose |
|---|---|
repome repos create | Create a new repo |
repome repos import | Import a repo from GitHub |
repome repos get | Show a repo |
repome repos list | List repos in the current org |
repome repos delete | Delete a repo |
repome repos list
repome repos create hello-world --description "..." --default-branch main
repome repos import site --from https://github.com/acme/site.git
repome repos delete hello-world --yesFor ephemeral, no-auth repos, see repome anon.
repome anon
Manage anonymous, ephemeral repos that don't require authentication.
Identity is a local anonId stored in ~/.config/repome/anon.json (or set
via REPOME_ANON_ID). Anon repos are owned by that anonId and expire
after the TTL chosen at creation time.
| Subcommand | Purpose |
|---|---|
repome anon create | Create an ephemeral anonymous repo |
repome anon list | List anon repos owned by this anonId |
repome anon get | Show details of an anon repo |
repome anon clone | Clone an anon repo (mints a read token + wires git credentials) |
repome anon share | Share an anon repo with a human or an agent |
repome anon delete | Delete an anon repo |
repome anon whoami | Print the local anonId and its source (env vs store) |
repome anon create --ttl 6h
repome anon list
repome anon clone <name> /tmp/scratch
repome anon share <name> --role write --expires 2h
repome anon delete <name> --yesrepome anon share mirrors repome share for anonymous
repos: it mints an owner-scoped share token and prints a clone URL that
works with bare git — no account, no repome CLI on the recipient side. A
share can never outlive the repo (the TTL is clamped to the repo's remaining
lifetime), and repome anon delete <name> is the kill switch for every
share. --link creates a secure invite instead (see
repome invites), clamped to the repo's expiry; manage
those with repome anon invites list / repome anon invites revoke <id>
(anon invites belong to your local anonId, not a logged-in session).
After repome anon clone, the git credential helper falls back to an anon-scoped mint when no
auth is present, so git fetch / git pull keep working without re-running repome auth.
repome git
Read and clone git content via the API — no shell-out needed for log,
show, ls, branch, tag, compare, or diff.
| Subcommand | Purpose |
|---|---|
repome git clone | Clone a repo (mints a token + wires the credential helper) |
repome git log | List commits |
repome git show | Show a blob by oid or ref:path |
repome git ls | List tree entries |
repome git branch | List, create, or delete branches |
repome git tag | List, create, or delete tags |
repome git compare | Compare two refs |
repome git diff | Diff two refs |
repome git clone hello-world
repome git log hello-world --oneline -n 20
repome git ls hello-world src/ -rrepome git clone and repome anon clone read the repo's API-returned
storage remote, mint a short-lived token, and install local credentials for
the clone.
repome link / repome unlink
Write or remove .repome/config.json in the current directory so
subsequent commands resolve the repo automatically.
# Auto-detect from `origin` when inside a clone, or pass an explicit name
repome link
repome link --repo hello-world
repome unlinkThe link file records the bare repo name. That name resolves against your
active org, so switching orgs re-points the link; if the repo does not exist
in the new active org, repo and git commands surface REPO_NOT_FOUND.
repome tokens
| Subcommand | Purpose |
|---|---|
repome tokens mint | Mint a scoped repo token (--scope read or write) |
repome tokens list | List repo tokens (shares included) |
repome tokens revoke | Revoke a repo token by id |
repome tokens mint hello-world --scope write --op agent
repome tokens list hello-world
repome tokens revoke hello-world <id>You can always revoke tokens you minted yourself (so the revoke command
printed by repome share works for every sharer); revoking anyone else's
tokens requires repo admin.
--op selects the TTL cap and must be one of refs, object, merge,
seed, clone, agent, or share. Use agent for general write tokens;
share is the long-lived tier behind repome share. Git
credential-helper requests derive push/fetch scope through the API's
tokens.mintForGitRemote path.
Repo tokens are for git remote operations. Use API keys from repome keys
when calling the RPC API or SDK.
repome share
One command to onboard a single human or agent to one specific repo — without org membership, accounts, or short-lived git-wire tokens. A share is a long-lived, repo-scoped, revocable token embedded in a clone URL: whoever holds the link has the granted access (bearer semantics).
repome share my-api --role write --expires 7dEvery share prints:
- a clone URL that works with bare
git clone(the credential is percent-encoded into the URL — treat the whole URL as a secret), - the
.repome/config.jsonlink snippet for the recipient's clone, - a paste-ready onboarding block that reads the same for a human or an agent
(
--out FILEwrites it to a file), and - the exact
repome tokens revoke …command that kills the share.
| Flag | Purpose |
|---|---|
--role read|write | Access level → token scope (default read) |
--expires <duration> | Share lifetime, e.g. 24h, 7d (default 7d, clamped) |
--link | Mint a secure invite link instead (see below) |
--out <file> | Write the onboarding instructions to a file |
--print | Dry run — show the plan without minting anything |
Inside a linked directory repome share needs no name; manage shares with
repome tokens list / repome tokens revoke.
The default output embeds a live credential in the clone URL. Pasting it into chat, an issue, or a
transcript shares the access with everyone who can read that channel. For untrusted channels use
--link.
Secure invite links (--link)
repome share --link prints an unguessable https://repome.sh/invites/<id>
capability URL instead of a credential-bearing clone URL — safe to paste in
chat, because the invite id is the only secret in the link:
repome share my-api --role read --linkOpening the invite renders the onboarding instructions; a fresh,
short-lived git credential is minted only on an explicit Reveal action
(never on a bare GET, so link previews can't consume it). Agents can fetch
the same invite as raw markdown at /invites/<id>.md?reveal=1. Invites are
revocable (repome invites revoke <id>), expiring, and policy-bounded
(maxReveals); repome stores only a hash of the invite id and never stores
a live credential.
repome invites
Manage the secure invite links created by repome share --link.
| Subcommand | Purpose |
|---|---|
repome invites list | List share invite links you created |
repome invites revoke | Revoke an invite (stops future reveals) |
repome invites list
repome invites revoke <id>Invites created by repome anon share --link belong to your local anonId
rather than a logged-in session — manage those with
repome anon invites list / repome anon invites revoke <id>.
Revoking an invite stops future reveals immediately; credentials already
revealed stay valid until their short TTL expires (revoke those with
repome tokens revoke). Treat every invite URL like a password.
repome keys
Create, list, and delete additional API keys for CI, API, and SDK consumers. Scopes are repeatable.
| Subcommand | Purpose |
|---|---|
repome keys create | Create a new API key |
repome keys list | List API keys |
repome keys delete | Delete an API key |
repome keys create ci --scope repos:read --scope tokens:mint
repome keys list
repome keys delete <id> --yesAvailable scopes: repos:read, repos:write, tokens:read,
tokens:mint, tokens:revoke, orgs:read, orgs:write, members:read,
members:write, keys:read, keys:write, agents:invoke.
repome members
Members commands administer the active org. Switch the administered org with
repome org switch <slug>.
| Subcommand | Purpose |
|---|---|
repome members list | List members |
repome members invitations | List pending invitations |
repome members invite | Invite a member |
repome members remove | Remove a member |
repome members set-role | Change a member role |
repome members accept | Accept an invitation |
repome members cancel | Cancel an invitation |
repome doctor
Check the CLI's local configuration: auth store, file permissions, server reachability, and the git credential helper.
repome doctorrepome git config-credential-helper
Install or remove the git credential helper for repome remotes. repome git clone wires credentials for the clone automatically; this command is useful
when you manage remotes yourself.
repome git config-credential-helper --global
repome git config-credential-helper --global --uninstallAgent discovery endpoints
The docs site exposes canonical bytes for coding agents alongside the rendered pages:
| Endpoint | Content |
|---|---|
/skill.md | Canonical repome SKILL.md for agent skill stores |
/llms.txt | Plain-text index of every docs page |
https://repome.sh/docs/<slug>.md | Raw markdown for any docs page (append .md) |
See /docs/agents for the install-the-skill walkthrough.