Skip to main content
Goal: understand the narrow honest Keycli wedge in one short session. Canonical flow: connect → readiness → plan → inspect risk/policy → approve when needed → apply → audit

1. Install the repo

npm install
This is the canonical starting point today because the hosted TypeScript control-plane demo lives in this repo.

2. Prove the workflow

npm run demo:hosted:self
Check for:
  • plan.risk.level
  • nextAction
  • approval required for risky paths
  • audit output at the end

3. Prove one live change

Start the hosted API: 
npm run api:hosted
Then run the public Vercel preview CLI wedge. Repo-first today means using the repo launcher: 
export VERCEL_TOKEN=...
node src/cli.mjs onboard --workspace demo --owner ricco
node src/cli.mjs connect vercel --project your-project --token-env VERCEL_TOKEN
node src/cli.mjs check readiness
node src/cli.mjs rotate KEYCLI_SMOKE_TEST --provider vercel --env preview --value smoke_$(date +%s)
node src/cli.mjs apply <plan-id>
node src/cli.mjs audit
If you install a launcher later, the same shape is: 
keycli onboard
keycli connect vercel
keycli check readiness
keycli rotate --provider vercel --env preview
keycli apply <plan-id>
keycli audit
Treat demo:vercel:preview as the internal proof harness / regression-safe script for this same wedge. It is still useful for repeatable validation, but it is no longer the primary public flow to teach first.

4. Then go deeper