Skip to main content

Quickstart

You can understand the current Keycli wedge in roughly 15–20 minutes. Recommended order:
  1. run the hosted self-demo
  2. inspect the trust boundary
  3. optionally prove one live provider mutation
  4. then move into provider setup and governed changes

Prerequisites

  • Node 20+
  • local clone of the repo
  • dependencies installed
npm install

Step 1: run the fastest honest demo

npm run demo:hosted:self
This is the best first run because it proves the control-plane model without asking you to prepare provider credentials.

What you should see

  • a workspace gets bootstrapped
  • an owner token is issued
  • an agent token is issued
  • a plan is created from intent
  • risky apply is blocked before approval
  • the agent cannot self-approve
  • the human approves
  • the plan is applied
  • audit output shows the full story

What this proves

  • Keycli is not arbitrary shell execution
  • the hosted TypeScript path is real
  • risk and next action are part of the product, not an afterthought
  • agents do not automatically get authority to approve or mint more power

What this does not prove

  • live provider mutation
  • GitHub-native approval capture
  • production deployment polish
That is expected. The first demo is about the trust model.

Step 2: know what to inspect

Do not just look for green output. Look for the important product behaviors:
  • plan.risk.level
  • nextAction
  • whether apply is blocked before approval
  • whether the agent is prevented from approving
  • whether the audit trail captures the sequence cleanly
If those behaviors are legible, the wedge is legible.

Step 3: prove one live provider mutation

After the self-demo, the best live path is the preview-safe Vercel lane. Terminal 1: 
npm run api:hosted
Terminal 2: 
export VERCEL_TOKEN=...
export KEYCLI_VERCEL_PROJECT=your-project
npm run demo:vercel:preview
  • single provider
  • preview target instead of prod
  • no deploy step required
  • low-risk under the current policy
  • easier to explain than the mixed-provider wedge

What this proves

  • real hosted API
  • real ProviderConnection creation and testing
  • real workspace readiness reporting
  • real preview env var mutation through the Vercel API
Full details: Vercel

Step 4: choose your next page

If you want the mental model

Read Why Keycli.

If you want to wire real providers

Read Provider connections.

If you want to understand the workflow boundary

Read First governed change and Approvals.

If you want the strongest current wedge

Read GitHub after the Vercel preview path.

Local docs workflow

If you want to preview or validate the Mintlify docs themselves: 
npm run docs:dev
npm run docs:validate
Notes:
  • docs:dev runs Mintlify on port 3001
  • local Mint preview is pinned to node@20 because Mintlify does not like the workspace default Node 25 runtime
  • docs.json is the primary docs config; mint.json remains alongside it for compatibility