@romegadigital/cli
Advanced tools
Headless CLI for the RGK platform. Exposes the dash.rgk.app API to human and AI operators.
Headless CLI for the RGK platform. Designed so a human or an AI agent can exercise any API endpoint without leaving the terminal.
# Always-latest invocation. Recommended for non-technical users.
npx -y @romegadigital/cli@latest login
# Or install once and let the CLI nag about updates.
npm install -g @romegadigital/cli
rgk login
rgk login walks an OAuth 2.0 Device Authorization Grant (RFC 8628): it prints
a short code, asks you to visit https://dash.rgk.app/settings/cli, and waits
until you approve the request in the browser. The token is stored locally with
0600 permissions under $XDG_CONFIG_HOME/rgk/credentials.json (or the
OS-appropriate equivalent).
| Command | Purpose |
|---|---|
rgk login | Authenticate with an RGK server via device flow. |
rgk logout | Forget local credentials and revoke the server-side token. |
rgk whoami | Show the user and token tied to the current credentials. |
rgk openapi | Print the OpenAPI document used for route discovery. |
rgk routes [query] | List/search available API operations. |
rgk describe <method> <path> | Show parameters, request body, response schemas, and CLI usage for an operation. |
rgk api <method> <path> [--data <json>] [--form key=value] | Send an authenticated request against any endpoint. --form repeats for multipart uploads; prefix the value with @ to attach a file (--form file=@/path/to/contract.pdf). |
All commands accept --json to emit machine-readable output to stdout (and
default to JSON when stdout is not a TTY). Errors exit with a non-zero status
and a JSON body on stderr when --json is active.
AI agents should discover the API before calling it:
# Dump the full OpenAPI document.
rgk openapi --json
# Search routes by keyword, method, or tag.
rgk routes organizations --json
rgk routes --method POST --tag Billing --json
# Inspect the expected payload and response shape.
rgk describe POST /v1/organizations --json
# Call the endpoint with the described shape.
rgk api POST /api/v1/organizations --data '{"name":"Example Co"}' --json
The CLI reads the authenticated /api/v1/openapi endpoint first, then falls
back to Scramble's local /docs/api.json document when the authenticated route
is unavailable.
# Human-readable identity check.
rgk whoami
# List the first page of organizations as JSON for an agent.
rgk api GET organizations --json
# Pipe a payload from stdin.
cat new-org.json | rgk api POST organizations --data -
# Upload a file via multipart/form-data. Repeat --form per field; prefix the
# value with @ to attach a file from disk.
rgk api POST /api/v1/customer-services/svc_abc/contracts \
--form file=@./contract.pdf \
--form 'name=3D Digital hosting contract' \
--form 'notes=Imported from acquisition archive.'
| Variable | Effect |
|---|---|
RGK_SERVER | Default server URL (overridden per-command by --server). |
RGK_TOKEN | Skip the credentials file entirely — useful in CI. |
XDG_CONFIG_HOME | Honoured for credential storage on Linux/macOS. |
rgk login calls POST /api/cli/device/code and receives a device_code
(secret), a user_code (8 characters, shown to the user), and a poll
interval.POST /api/cli/device/token every few seconds.The CLI never sees the user's password and the dash never sees the CLI's
machine — the device_code is the only thing linking the two sessions.
npm install
npm run build --workspace @romegadigital/cli
./packages/rgk-cli/dist/main.js --help
# Run against a local dash instance.
RGK_SERVER=http://localhost ./packages/rgk-cli/dist/main.js login
The first iteration of this CLI is hand-written. The intent is to grow the
rgk api <tag> <operation> command tree directly from Scramble's OpenAPI
document. To regenerate types:
RGK_OPENAPI=https://dash.rgk.app/docs/api.json npm run generate --workspace @romegadigital/cli
The full command-tree codegen step is not wired up yet. Until it lands, the
rgk routes, rgk describe, and rgk api <method> <path> commands are the
surface every endpoint is reachable through.
rgk api <tag> <operation> subcommands from the OpenAPI document.rgk organizations create,
rgk projects log-time, etc.) with @inquirer/prompts.update-notifier banner so users on stale installs find out.rgk shim invoking npx -y @romegadigital/cli@latest.keytar-backed credential storage as an opt-in upgrade over the
permissions-restricted file store.FAQs
Headless CLI for the RGK platform. Exposes the dash.rgk.app API to human and AI operators.
We found that @romegadigital/cli demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket MCP now lets AI assistants review org alerts, investigate threats using the Socket threat feed, and inspect package files in addition to dependency scoring.
Product
Socket Firewall blocks malicious VS Code and Open VSX extensions before install, protecting developers from compromised editor marketplaces.
Research
More than 140 Mastra npm packages were compromised in a supply chain attack that used a typosquatted dependency to deliver a cross-platform infostealer during installation.