Skip to main content
Keycli is a hosted control plane for agent-safe production changes. It gives coding agents and engineering teams one governed workflow for env vars, secrets, deploy-linked changes, approvals, and audit across provider surfaces like Vercel, GitHub, and Render. Thin CLI entrypoint. Hosted plan/apply/audit control plane underneath. Use Keycli in this order:
  1. npm install from the repo root.
  2. Quickstart — prove the workflow.
  3. Provider connections — connect one provider with real scope.
  4. First governed change — do one low-risk path, then one approval-gated path.
Important distinction:
  • npm run demo:vercel:preview is the current internal proof harness for the first live Vercel wedge.
  • The intended public CLI flow is operation-first: keycli connect, keycli check, keycli rotate, keycli apply, keycli audit.
  • Until that replacement flow is fully shipped, the docs stay explicit about where the script is still doing real proof work.

How Keycli works

  1. request
  2. plan
  3. check
  4. approve when needed
  5. apply + audit

What is live today

  • hosted TypeScript control plane
  • live Vercel, GitHub Actions, and Render changes when the connection is valid and in scope
  • explicit simulation when a target is not live-ready

Read these only when you need them