| title | Automation Contract |
|---|
This document defines the machine-consumption contract for Agora CLI.
Use this guide for:
- CI jobs
- shell scripts
- agentic workflows
- editor or IDE integrations
- General Rules
- Project Resolution Precedence
- Config Isolation
- JSON Envelope
- Envelope Versioning
- Progress Events (NDJSON Stream)
- MCP Progress Notifications
- Exit Codes
- Stable Result Shapes
- Human vs Machine Output
- Prefer
--jsonfor any command consumed by code, scripts, or agents. - Prefer
agora initfor end-to-end setup. - Use low-level commands when a workflow must be decomposed, resumed, or partially re-run.
- Use
agora --help --allto inspect the full command tree (human-readable). - Use
agora --help --all --jsonfor a machine-readable command tree with all flags — the primary capability discovery mechanism for agents. - Use
agora introspect --jsonwhen you need command labels, enums, and version metadata in a single stable artifact. - Use
agora project doctor --jsonfor readiness checks before continuing with automated setup. - Use
agora whoami --plainfor shellifchains that only needauthenticated/unauthenticated. - In JSON mode, both success and failure return the same top-level envelope shape.
- Use
--json --prettywhen a human needs to inspect JSON directly. Scripts should keep the default single-line JSON. - Use
--quietto suppress the success envelope in both pretty and JSON modes; the exit code becomes the only result. Errors are still printed on stderr (and as a JSON envelope on stdout when--jsonis set without--quiet). NDJSON progress events are still emitted because they are observability, not results. - Use
--debug(equivalent toAGORA_DEBUG=1) to echo structured log records to stderr. The flag does not change exit codes, JSON envelope shape, or NDJSON progress events; it only mirrors the entries that would normally be written to the log file. Pair with--jsonfor fully machine-parseable runs that also surface internal events to your CI logs. v0.2.0 dropped the legacy--verbose/-valias and theAGORA_VERBOSEenv var; persisted configs that contain averbosekey are auto-promoted todebugon first load. - Use
--yes(or-y) /AGORA_NO_INPUT=1to assume the default answer to confirmation prompts. Following industry convention for-y(apt-style), the flag never starts brand-new interactive flows: in JSON, CI, or non-TTY contexts the CLI still fails fast with the sameAUTH_UNAUTHENTICATEDerror you would have seen without--yes, instead of silently launching an OAuth browser flow. - Interactive login prompts only appear in interactive pretty-mode TTY runs. Automation should authenticate up front with
agora login;--json,AGORA_OUTPUT=json, detected CI environments, and non-TTY stdin all skip the prompt and fail withAUTH_UNAUTHENTICATED. - In non-interactive runs (
--yes, JSON, CI, non-TTY), pass--templateexplicitly toagora init. The CLI now fails fast withQUICKSTART_TEMPLATE_REQUIREDinstead of silently selecting a template. - Output mode precedence is: explicit CLI flag (
--jsonor--output) first, user-setAGORA_OUTPUTsecond, then user-customized config file value, then CI auto-detect → JSON (see below), then pretty. - Set
AGORA_AGENT=<tool-name>in automated environments to explicitly label agent traffic in the APIUser-Agent. When unset, the CLI may infer a coarse label such ascursor,claude-code,cline,windsurf,codex, oraiderfrom known agent environment markers. SetAGORA_AGENT_DISABLE_INFER=1to disable inference. - Use
agora mcp serveto expose local Agora CLI tools to MCP-capable agents. The full surface is exposed:agora.version,agora.introspect,agora.auth.{status,logout},agora.config.{path,get},agora.telemetry.status,agora.upgrade.check,agora.project.{list,show,use,create,doctor,env,env_write},agora.project.feature.{list,status,enable},agora.project.webhook.{events,list,show,create,update,delete},agora.quickstart.{list,create,env_write}, andagora.init. Authentication is intentionally not exposed via MCP because OAuth requires an interactive browser; runagora loginonce on the host first. - Use
agora open --target docsfor the human GitHub Pages docs andagora open --target docs-mdfor the agent-facing raw Markdown index. In CI/non-TTY runs the command defaults to URL-only output unless--browseris set. The Markdown tree is published under predictable/md/URLs, for example/md/commands.md,/md/automation.md, and/md/error-codes.md. - Docs publishing reads
internal-docs/pages/site.envforCLI_DOCS_*andCLI_INSTALL_*URL defaults; staging Pages builds can override those environment variables at workflow time without changing docs content. The resolved values are published as/docs.envfor transparency. - The CLI maintains a short-lived on-disk completion cache for
agora project use <TAB>under<AGORA_HOME>/cache/projects.json. The cache is only used for completions when a local unexpired session exists (session.jsonwith a non-empty access token and a futureexpiresAt, when present), so Tab does not suggest stale project names after logout or local session expiry. The cache TTL is 5 minutes by default; override withAGORA_PROJECT_CACHE_TTL_SECONDS=<seconds>(set to0to disable). Cache files older than 24 h are pruned at every CLI startup. SetAGORA_DISABLE_CACHE=1to drop the cache on the next startup. The cache is invalidated automatically byagora logoutandagora project create(the latter clears the file; it does not embed the new project until the next successful list fetch). To force-refresh the cached completion page, runagora project list --refresh-cachewhile authenticated; that command fetches the unfiltered first page used by completion and rewritesprojects.jsonwhen it succeeds.
When the CLI detects it is running inside a CI environment, it automatically:
- Switches the default output mode to
--output json(so build logs stay machine-parseable). - Suppresses the first-run "Config initialized" banner on stderr.
- Skips interactive prompts (login confirmation, project reuse confirmation, template picker).
CI is detected when any of the following environment variables is present (and CI is not literally false/0/empty):
| Variable | Vendor |
|---|---|
CI |
de-facto universal |
GITHUB_ACTIONS |
GitHub Actions |
GITLAB_CI |
GitLab CI |
BUILDKITE |
Buildkite |
CIRCLECI |
CircleCI |
JENKINS_URL |
Jenkins |
TF_BUILD |
Azure Pipelines |
You can always override:
--output pretty— force pretty output even in CI.AGORA_OUTPUT=pretty— same, via env (user-set values always win over auto-detect).AGORA_DISABLE_CI_DETECT=1— disable CI detection entirely (useful when iterating on a CI script locally).
Primary command groups:
initquickstartprojectauthconfig
Commands that require a project resolve context in this order:
- explicit
--projector positional project argument - repo-local
.agora/project.jsonfrom the target repo path - global CLI context selected by
agora project use
Agent guidance:
- prefer explicit
--projectfor deterministic cross-repo operations - rely on repo-local binding when operating repeatedly inside one bound quickstart
- keep
metadataPathfrom command results if you need to validate or audit project bindings
The CLI creates or migrates its config directory on startup. In CI, tests, and multi-agent runs, isolate config and session state with AGORA_HOME so concurrent jobs do not mutate a shared developer profile:
export AGORA_HOME="$(mktemp -d)"
agora auth status --json
agora init my-nextjs-demo --template nextjs --project my-project --jsonAGORA_HOME points directly at the Agora CLI config directory. XDG_CONFIG_HOME is also supported, but AGORA_HOME is the most explicit option for short-lived automation.
Commands that support structured output return a JSON envelope in this shape:
{
"ok": true,
"command": "init",
"data": {},
"meta": {
"outputMode": "json",
"exitCode": 0
}
}Stable top-level fields:
oktruefor success andfalsefor failure.commandStable command label used by the CLI for the result payload.dataCommand-specific result payload. This is usuallynullon failure.project doctor --jsonkeeps its diagnostic payload on readiness failures so agents can inspect blocking issues while still branching onok: false.errorPresent on failure with a stable error object. Known structured failures may includeerror.code,error.httpStatus, anderror.requestIdin addition toerror.message.meta.outputModeCurrentlyjsonwhen--jsonis used.meta.exitCodeProcess exit code for this result. Success envelopes use0; error envelopes use the nonzero process exit code.
Agent guidance:
- branch on
commandanddata - branch on
okfirst for success vs failure - treat pretty output as human-only
- do not parse stderr when
--jsonis in use
A JSON Schema for this envelope is published at
docs/schema/envelope.v1.json (also available
at the live URL https://agoraio.github.io/cli/schema/envelope.v1.json).
Wrappers that want compile-time type safety can generate types from the
schema with quicktype, datamodel-code-generator, or any
JSON-Schema-aware tool.
The current contract is envelope.v1.json. Minor CLI releases may add fields to envelopes, progress events, command result data, and introspection records. Agents must ignore unknown fields.
Breaking envelope changes require a new schema file such as envelope.v2.json, a CHANGELOG.md entry, and a migration note in this document. Removing fields, changing field types, or changing the meaning of existing enum values is treated as breaking.
agora project env is the only command whose default (non-JSON)
output is raw stdout — without the unified envelope — so it can be used
with shell substitution:
source <(agora project env --shell)
eval "$(agora project env --format shell)"To explicitly request a specific format, pass --format:
| Flag | Output |
|---|---|
--format dotenv |
KEY=value lines (default; >> .env) |
--format shell |
shell export KEY=value statements |
--format envelope |
unified JSON envelope (alias of --json) |
--format json |
same as --format envelope |
--shell |
back-compat alias of --format shell |
--json |
unified JSON envelope |
For automation, prefer --json (or --format envelope) so the result
has the same shape as every other command. agora project env write
already emits the unified envelope under all output modes — only the
read path has the raw-stdout exception above.
In interactive pretty TTY sessions, running agora project env without an explicit --format, --shell, or --json prints a stderr hint pointing agents to --json / --format envelope. The hint is not emitted in JSON mode or non-TTY automation.
Long-running commands emit one or more progress events to stdout ahead of the final envelope when --json is set. The wire format is NDJSON (newline-delimited JSON): one complete JSON object per line, terminated by \n.
Agents must therefore parse stdout line-by-line, not as a single JSON document. The terminal envelope is always the last line and is the only object with the top-level ok field.
{"event":"progress","command":"init","stage":"clone:start","message":"Cloning quickstart repository","timestamp":"2026-04-29T22:30:00.123Z","repoUrl":"https://github.com/AgoraIO/...","targetPath":"/abs/path","ref":""}Stable top-level fields on every progress event:
event— always the literal string"progress". Use this to distinguish progress events from the terminal envelope (which has"ok"instead).command— the same stable command label used by the terminal envelope.stage— a stable enum-like string identifying the milestone. See the table below.message— short human-readable description suitable for a log line.timestamp— RFC3339Nano UTC timestamp.
Additional stage-specific fields may appear (for example repoUrl, projectId, loginUrl). These are documented per-stage but agents should treat unknown extra fields as opaque metadata.
| Stage | Emitted by | When | Stage-specific fields |
|---|---|---|---|
clone:override |
quickstart create, init |
Before clone:start when an AGORA_QUICKSTART_<TEMPLATE>_REPO_URL override is in use |
repoUrl, envVar |
clone:start |
quickstart create, init |
Before the git clone shell-out |
repoUrl, targetPath, ref |
clone:complete |
quickstart create, init |
After git clone succeeds |
targetPath |
clone:strip-git |
quickstart create, init |
After upstream .git metadata is removed from the scaffold |
targetPath |
project:create |
init |
Before creating a new Agora project | projectName, features |
project:created |
init |
After the project is ready | projectId, projectName |
project:reuse |
init |
When binding to an existing project | projectId, projectName |
oauth:waiting |
login, auth login |
After the localhost callback server is listening and the URL is printed | loginUrl, redirectUri, timeoutMs |
oauth:received |
login, auth login |
When the browser callback delivers an authorization code | (none) |
oauth:complete |
login, auth login |
After the access token is stored locally | (none) |
{"event":"progress","command":"init","stage":"project:reuse","message":"Reusing existing Agora project","timestamp":"...","projectId":"prj_abc","projectName":"Default Project"}
{"event":"progress","command":"init","stage":"clone:start","message":"Cloning quickstart repository","timestamp":"...","repoUrl":"...","targetPath":"...","ref":""}
{"event":"progress","command":"init","stage":"clone:complete","message":"Quickstart repository cloned","timestamp":"...","targetPath":"..."}
{"event":"progress","command":"init","stage":"clone:strip-git","message":"Removed quickstart repository history","timestamp":"...","targetPath":"..."}
{"ok":true,"command":"init","data":{},"meta":{"exitCode":0,"outputMode":"json"}}
- Read stdout line by line until EOF.
- JSON-decode each line independently.
- Discard or log lines that do not parse as JSON (defensive).
- The line where
event === "progress"is a progress event;stageandmessageare the most useful fields. - The first (and only) line where
okis set is the terminal envelope. - Process exit code is also reported in
meta.exitCodeof the terminal envelope; treat the OS exit code as the source of truth.
Stages are stable identifiers; new stages may be added over time. Agents should treat unknown stages as benign progress information rather than failing on them.
When long-running tools are invoked through MCP with _meta.progressToken, agora mcp serve forwards stage updates as JSON-RPC notifications/progress frames before the final tools/call response. This keeps stdio framing valid while allowing host agents to display progress.
Example tools/call params:
{
"name": "agora.quickstart.create",
"arguments": {
"template": "nextjs",
"dir": "my-demo"
},
"_meta": {
"progressToken": "demo-1"
}
}Example progress notification:
{"jsonrpc":"2.0","method":"notifications/progress","params":{"progressToken":"demo-1","progress":1,"stage":"clone:start","message":"Cloning quickstart repository","timestamp":"..."}}The final MCP tool result is unchanged: the CLI result payload is JSON-stringified into content[0].text.
Implications for agent authors:
- Use
_meta.progressTokenwhen callingagora.init,agora.quickstart.create, oragora.project.createand your host can display progress notifications. - Without a progress token, MCP calls remain a single final response.
- Plan for higher tail latency on MCP
tools/callfor the affected tools; the user-visible "nothing is happening" gap may be tens of seconds for git clones or project creation. Consider surfacing your own "running tool: agora.init…" UI in the host agent. - The terminal payload shape returned in
content[0].textis identical to the CLI's terminaldataenvelope, so existing JSON-shape handlers continue to work unchanged. - Shell commands (
agora ... --json) still use NDJSON progress events followed by the terminal envelope.
Failure example:
{
"ok": false,
"command": "project env write",
"data": null,
"error": {
"message": "path/to/.env.custom already exists. Use --append to append it or --overwrite to replace it.",
"logFilePath": "/path/to/agora-cli.log"
},
"meta": {
"outputMode": "json",
"exitCode": 1
}
}| Code | Meaning | Commands |
|---|---|---|
| 0 | Success | all commands |
| 1 | General error or blocking issue | most commands; project doctor when blocking issues found |
| 2 | Non-blocking warning | project doctor when only warnings found |
| 3 | Auth or session error | project doctor when not authenticated; auth status / whoami when unauthenticated |
In JSON mode the meta.exitCode field carries the same value as the process exit code.
Known error.code values are cataloged in error-codes.md.
The following commands are part of the documented JSON contract.
Example:
./agora introspect --jsonRequired data fields:
commandsArray of enumerable command metadata.globalFlagsRoot flags inherited by commands.pseudoCommandsStable command labels emitted by root flags such asagora --upgrade-check.enumsKnown enum values for agent validation.versionBuild metadata.
Each commands[] item includes path, command, short, flags, headlessSafe, and interactivity. Agents should use headlessSafe=false to avoid flows that require direct user interaction, and use interactivity for a human-readable reason such as interactive-browser, stdio-server, or browser-in-interactive-pretty-mode.
Example:
./agora init my-nextjs-demo --template nextjs --json
./agora init my-nextjs-demo --template nextjs --new-project --jsonBy default init reuses an existing project — preferring one named exactly "Default Project". If no default exists, interactive sessions show existing projects with a create-new option and default to the most recently created project; JSON, CI, and non-TTY runs select the most recent project automatically. Pass --new-project to force creation. Use --project <name|id> to bind to a specific project.
For deterministic automation, always pass --project <name|id> or --new-project.
Required data fields:
actionAlwaysinit.templateTemplate ID such asnextjs,python, orgo.projectActioncreatedorexisting.reusedExistingProjectBoolean mirror for agents that branch on init reuse.projectIdprojectNameprojectSelectionReasonOne ofexplicit_project,new_project,no_existing_projects,default_name,interactive_new_project,interactive_selection, ormost_recent.regionpathAbsolute path to the cloned quickstart.envPathPath of the env file relative to the cloned quickstart root.metadataPathRepo-local project binding file path, currently.agora/project.json.enabledFeaturesArray of features enabled during this run. Defaults tortc,rtm, andconvoaifor newly created projects unless overridden with--feature. Empty for existing projects since the CLI did not create them in this run.nextStepsOrdered list of suggested follow-up commands for the selected template.statusCurrentlyready.
Optional fields:
rtmDataCenterRTM data center configured on the new project when RTM was enabled. Defaults toNAwhen--rtm-data-centeris omitted.
Display-oriented fields:
title
Safe branch fields:
templateprojectActionprojectIdpathenvPathstatus
Automation notes:
--dry-runreturns the planned envelope (status: "planned",dryRun: true) without creating remote resources.--idempotency-key <key>is forwarded to the API body for retry-safe project creation where supported.
Example:
./agora project create my-agent-demo --json
./agora project create my-agent-demo --rtm-data-center EU --json
./agora project create my-agent-demo --feature rtc --feature convoai --jsonRequired data fields (success):
actionAlwayscreate.projectIdprojectNameappIdregionenabledFeaturesArray of features that were enabled on the new project. Defaults to["rtc", "rtm", "convoai"]when no--featureflags are passed. Explicitconvoairequests also includertm.
Optional fields:
rtmDataCenterRTM data center configured when RTM was enabled. Defaults toNAwhen--rtm-data-centeris omitted.
Required data fields (--dry-run):
actionAlwayscreate.dryRunAlwaystrue.statusAlwaysplanned.projectNameregionenabledFeaturestemplateProject preset that would be applied (empty when not requested).idempotencyKeyEchoes the caller-provided--idempotency-keyvalue (empty when not provided).
Optional fields (--dry-run):
rtmDataCenterUppercased data center value (CN,NA,EU, orAP) when RTM is enabled. Defaults toNAwhen omitted.
Safe branch fields:
projectId(success only)projectNameregionenabledFeaturesstatus(--dry-runonly)dryRun(--dry-runonly)
Example:
./agora project use my-agent-demo --jsonRequired data fields:
actionAlwaysuse.projectIdprojectNameregionstatusCurrentlyselected.
Safe branch fields:
projectIdprojectNameregionstatus
Example:
./agora project show --jsonRequired data fields:
actionAlwaysshow.projectIdprojectNameappIdregiontokenEnabled
Optional fields:
appCertificateThe app certificate (signing key). Present when the project has one configured. Sensitive — redacted in pretty output; available in JSON mode.
Display-oriented fields:
appCertificate
Safe branch fields:
projectIdprojectNameappIdregiontokenEnabled
Example:
./agora project env write apps/web/.env.local --jsonOptional data fields:
credentialLayoutEitherstandard(AGORA_* keys) ornextjs(NEXT_PUBLIC_AGORA_APP_IDandNEXT_AGORA_APP_CERTIFICATE) when the workspace is detected or overridden as Next.js.
Required data fields:
actionAlwaysenv-write.projectIdprojectNamepathAbsolute path to the written dotenv file.projectTypeDetected workspace type used for future repo metadata (nextjs,go,python,node, orstandard).statusOne ofcreated,updated,appended, oroverwritten.keysWrittenOrdered list of credential keys that were written. By defaultproject env writeusesAGORA_APP_IDandAGORA_APP_CERTIFICATE. Next.js workspaces (detected viapackage.json/next.config.*/env.local.example/ repo.agoraprojectType/template: nextjs, or forced with--template nextjs) useNEXT_PUBLIC_AGORA_APP_IDandNEXT_AGORA_APP_CERTIFICATEinstead. Non-secret project metadata stays in.agora/project.json.
Optional data fields (present when the CLI updates or creates repo metadata):
metadataUpdatedtruewhen.agora/project.jsonwas created or updated for the selected project (includingprojectTypeandenvPathwhen missing).metadataPathRelative path.agora/project.jsonfrom the repo root whenmetadataUpdatedis true.
Pass --template standard to force AGORA_* keys when auto-detection would pick Next.js.
Write behavior:
- existing
.envand.env.localfiles are preserved; missing credential keys are appended and existing credential keys are updated - existing legacy Agora-managed blocks are replaced with plain credential assignments
- duplicate credential assignments are commented out after the first updated key
- explicit non-standard env files still require
--appendor--overwritewhen they do not already contain managed credentials
Safe branch fields:
pathstatuskeysWrittencredentialLayoutprojectTypemetadataUpdated(when repo binding was updated)metadataPath(whenmetadataUpdatedis true)
Example:
./agora project env --jsonRequired data fields:
actionAlwaysenv.formatCurrentlyjson.projectIdprojectNameregionvaluesObject containing the rendered env key/value pairs.
Safe branch fields:
projectIdprojectNameregionvalues
Example:
./agora quickstart list --jsonRequired data fields:
actionAlwayslist.itemsArray of template objects.
Each item currently includes:
idtitledescriptionruntimerepoUrldocsUrlavailableenvDocssupportsInit
Safe branch fields:
items[].iditems[].runtimeitems[].repoUrlitems[].availableitems[].supportsInit
Display-oriented fields:
titledescriptiondocsUrlenvDocs
Automation notes:
--ref <branch|tag|ref>pins the cloned quickstart source for workshops and reproducible demos.
Example:
./agora quickstart create my-python-demo --template python --project my-project --jsonRequired data fields:
actionAlwayscreate.templatetitleruntimecloneUrldocsUrlpathAbsolute path to the cloned quickstart.envStatustemplate-onlyorconfigured.envPathEmpty when no project was bound during creation.metadataPath.agora/project.jsonwhen the quickstart was bound to a project during creation.statusCurrentlycloned.writtenFiles or managed outputs written by the command.
Optional fields:
projectIdprojectName
Safe branch fields:
templatepathenvStatusenvPathstatusprojectId
Example:
./agora quickstart env write /abs/path/to/my-python-demo --jsonRequired data fields:
actionAlwaysenv-write.templatetitlepathAbsolute path to the quickstart root.envPathEnv file path relative to the quickstart root.metadataPathRepo-local project binding file path, currently.agora/project.json.projectIdprojectNamestatusCurrentlycreated,updated, orappended.
Env write behavior:
- quickstart env files contain only the App ID and App Certificate variable names required by the template
- Next.js uses
NEXT_PUBLIC_AGORA_APP_IDandNEXT_AGORA_APP_CERTIFICATE - Python and Go use
APP_IDandAPP_CERTIFICATE - project metadata such as project ID, project name, region, template, projectType, and env path is stored in
.agora/project.json - existing quickstart env files are preserved; missing credential keys are appended and existing credential keys are updated
- stale Agora credential aliases for another runtime are commented out to avoid ambiguous dotenv resolution; for example, a Next.js quickstart prefers
NEXT_PUBLIC_AGORA_APP_IDand comments out oldAGORA_APP_ID/APP_IDentries when replacing them
Safe branch fields:
templatepathenvPathprojectIdprojectNamestatus
Example:
./agora project doctor --jsonRequired data fields:
actionAlwaysdoctor.healthymodedefaultordeep.statusOne ofhealthy,warning,not_ready, orauth_error.summarychecksArray of category objects.blockingIssuesArray of blocking issue objects.warningsArray of warning issue objects.
Optional fields:
projectNil during auth or project-selection failure paths.workspacePresent in deep mode with repo-local binding and env consistency details.
Safe branch fields:
healthymodestatussummaryblockingIssueswarnings
Recommended agent behavior:
- branch first on
status - use
healthyas a fast readiness boolean - inspect
blockingIssues[].suggestedCommandfor recovery suggestions - for repo-bound validation, run
project doctor --deep --json
Examples:
./agora auth status --json
./agora whoami --jsonWhen authenticated, this command returns a success envelope with these required data fields:
actionAlwaysstatus.authenticatedstatusauthenticated.regionexpiresAtscope
Safe branch fields:
authenticatedregionstatusexpiresAt
When unauthenticated, this command returns exit code 3 and an error envelope:
{
"ok": false,
"command": "auth status",
"data": null,
"error": {
"message": "No local Agora session found. Run `agora login` first.",
"code": "AUTH_UNAUTHENTICATED",
"logFilePath": "/path/to/agora-cli.log"
},
"meta": {
"outputMode": "json",
"exitCode": 3
}
}Agent guidance:
- branch on
okbefore readingdata - handle
error.code == "AUTH_UNAUTHENTICATED"as the unauthenticated state - run
agora loginbefore continuing with commands that require a session
Example:
./agora login --json
./agora auth login --jsonlogin --json is an NDJSON stream, not a single JSON blob: it emits oauth:waiting, oauth:received, and oauth:complete progress events before the final envelope. Parse stdout line-by-line and use the last object with top-level ok as the command result.
Required data fields:
actionAlwayslogin.statusCurrentlyauthenticated.regionscopeexpiresAt
Safe branch fields:
regionstatusexpiresAt
Example:
./agora logout --json
./agora auth logout --jsonRequired data fields:
actionAlwayslogout.statusCurrentlylogged-out.clearedSessiontrueif a session file was removed;falseif no session existed.
Safe branch fields:
statusclearedSession
Example:
./agora project list --json
./agora project list --keyword demo --page 2 --json
./agora project list --refresh-cache --jsonRequired data fields:
itemsArray of project summary objects.pageCurrent page number (1-based).pageSizeNumber of items per page.totalTotal number of matching projects across all pages.cacheRefreshedBoolean.trueonly when--refresh-cachesuccessfully refreshed the unfiltered first-page project completion cache.
Each item includes: projectId, name, appId, projectType, status, createdAt, updatedAt.
Safe branch fields:
items[].projectIditems[].nametotalpagepageSize
Example:
./agora project feature list --json
./agora project feature list my-project --jsonRequired data fields:
actionAlwaysfeature-list.projectIdprojectNameitemsArray of feature status objects.
Each item includes: feature (one of rtc, rtm, convoai), status (one of enabled, disabled, included, provisioning), message.
Safe branch fields:
projectIditems[].featureitems[].status
Example:
./agora project feature status convoai --jsonRequired data fields:
actionAlwaysfeature-status.featurestatusOne ofenabled,disabled,included,provisioning.messageprojectIdprojectName
Safe branch fields:
featurestatusprojectId
Example:
./agora project feature enable convoai --jsonRequired data fields:
actionAlwaysfeature-enable.featurestatusOne ofenabled,included.messageprojectIdprojectName
Safe branch fields:
featurestatusprojectId
Examples:
./agora project webhook events --feature rtc --json
./agora project webhook create --project my-project --feature rtc --url https://example.com/webhook --events channel-created,user-joined --json
./agora project webhook show 42 --project my-project --feature rtc --with-secret --json
./agora project webhook update 42 --project my-project --feature rtc --url https://example.com/webhook2 --json
./agora project webhook delete 42 --project my-project --feature rtc --yes --jsonWebhook commands are feature-scoped. Pass --feature rtc, --feature rtm, or --feature convoai and prefer explicit --project <id|name> for automation.
Run project webhook events --feature <feature> --json before creating a webhook to discover the event IDs and keys that can be passed to --events.
project webhook events required data fields:
actionAlwayswebhook-events.featureitemsArray of event objects.
Each event item includes:
idkeyStable CLI event key derived from the English display name, for examplechannel-created.displayNameeventTypepayloadwhen provided by the API.
project webhook list required data fields:
actionAlwayswebhook-list.projectIdprojectNamefeatureeventsThe available event catalog for the selected feature.itemsArray of webhook config objects.
Each list item includes:
configIdurlurlRegionDelivery region for webhook callbacks:cn,sea,na, oreu.enabledCanonical webhook state field. Webhook JSON does not emit a stringstatus.eventIdseventsEvent details that matcheventIdswhen available.retryRetry behavior when returned by the API. This field is read-only in the CLI.useIpWhitelistsecretPresent when the backend returns a secret, redacted as********.listnever emits a raw secret.
project webhook show, project webhook create, and project webhook update required data fields:
actionOne ofwebhook-show,webhook-create, orwebhook-update.projectIdprojectNamefeatureconfigIdurlurlRegionDelivery region for webhook callbacks:cn,sea,na, oreu.enabledCanonical webhook state field. Webhook JSON does not emit a stringstatus.eventIdseventsEvent details that matcheventIdswhen available.useIpWhitelistconfigNested webhook config object with the same config fields.
Optional top-level data fields for show, create, and update (also present in the nested config object when set):
secretWebhook signing secret.createreturns the generated or caller-provided secret atdata.secretanddata.config.secretso automation can store it.showreturns the raw secret only with--with-secret; otherwise it redactsdata.secretanddata.config.secretas********.updatedoes not rotate secrets; when the backend returns a secret,updateemits the redacted value.listhas no top-levelsecret; item secrets are redacted asitems[].secret == "********".retryRetry behavior when returned by the API. This field is read-only in the CLI and appears atdata.retryanddata.config.retry;listexposes it per item asitems[].retry.
project webhook create requires --events <event-id-or-key>[,<event-id-or-key>...]. project webhook update preserves existing values for omitted mutable fields. Use --url, --events, --delivery-region, --enabled, or --disabled to replace only those fields. update does not rotate or emit the raw secret.
project webhook delete required data fields:
actionAlwayswebhook-delete.projectIdprojectNamefeatureconfigIddeletedtrueafter the remote config is deleted.
Delete is destructive and requires confirmation. Pass --yes (or -y) in CLI automation; the MCP delete tool requires confirm: true.
Safe branch fields by command shape:
- Event discovery:
feature,items[].id,items[].key - List:
projectId,feature,items[].configId,items[].enabled,items[].eventIds,items[].urlRegion - Show/create/update:
projectId,feature,configId,enabled,eventIds,urlRegion - Delete:
projectId,feature,configId,deleted
Example:
./agora config path --jsonRequired data fields:
pathAbsolute path to the config file on disk.
Safe branch fields:
path
Example:
./agora config get --jsonReturns the current resolved config object. Safe branch fields:
outputlogLevelbrowserAutoOpentelemetryEnableddebug(renamed from legacyverbosein v0.2.0; legacy key is migrated on first load)
Endpoint and OAuth integration values are derived from the active login
region and may be temporarily overridden with environment variables such as
AGORA_API_BASE_URL, AGORA_OAUTH_BASE_URL, AGORA_OAUTH_CLIENT_ID, and
AGORA_OAUTH_SCOPE; they are not persisted in config.json.
Migration note: configs written by older CLI versions may contain
apiBaseUrl, oauthBaseUrl, oauthClientId, or oauthScope. Schema version
4 drops those keys on first load. If automation previously depended on those
persisted values, set the corresponding AGORA_* environment variable in the
job environment instead.
Example:
./agora config update --output json --json
./agora config update --telemetry-enabled=false --jsonBoolean config flags use Cobra's explicit false syntax. To disable a boolean, pass --flag=false (for example --telemetry-enabled=false, --browser-auto-open=false, or --debug=false); omitting the flag leaves the persisted value unchanged.
Returns the updated config object with the same shape as config get. Safe branch fields are the same as config get.
Example:
./agora upgrade --json
./agora upgrade --check --json
./agora --upgrade-check --jsonCI/agent guidance: prefer --check (or --upgrade-check) so automation does not mutate the running binary.
Required data fields:
actionupgradefor the subcommand andupgrade-checkfor the root--upgrade-checkpseudo-command.installMethodOne ofinstaller,npm,homebrew,scoop,chocolatey,winget, orunknown.installSourceinstall.sh/install.ps1when read from a valid direct-installer receipt,pathwhen inferred from the resolved executable path, orfallbackwhen no durable source was available.installedPathResolved executable path used for receipt validation and path inference.upgradeCommandThe user-facing command for the owning install channel.commandBackwards-compatible alias forupgradeCommand.statusOne ofmanual,dry-run,up-to-date, orupgraded.
Optional fields:
receiptPathPath to the validatedagora.install.jsonreceipt when present.currentVersionVersion of the running binary foragora upgrade.latestVersionLatest resolved release version when the command resolves GitHub release metadata.versionStructured version payload foragora --upgrade-check.receiptWarningNonfatal warning when a direct-installer self-update succeeded but the CLI could not refreshagora.install.json.ciBlockedPresent andtruewhen installer-managed self-update is skipped because CI auto-detect is active andAGORA_ALLOW_UPGRADE_IN_CIis not set.suggestedCommandSuggested non-mutating check command whenciBlockedis true.
Upgrade behavior:
- direct-installer installs (
installMethod: "installer") self-update in place after downloading the GitHub release archive and verifying it againstchecksums.txt - archive prefix is version-aware:
agora-cli-go_*for target releases v0.1.7–v0.2.0,agora-cli_*for v0.2.1+ - in CI, installer-managed self-update is skipped by default (
status: "manual"+ciBlocked: true); setAGORA_ALLOW_UPGRADE_IN_CI=1to opt in - package-manager installs return
status: "manual"with the owning package-manager command; agents should run that command only after user approval unknownmeans the CLI could not verify the install channel, usually because the binary is a development/test build
Safe branch fields:
installMethodinstallSourceupgradeCommandstatus
- Pretty output is optimized for humans.
- JSON output is the supported machine-readable contract.
- For reliable automation, do not parse help text or pretty output.
- Use
--output prettyto force human output whenAGORA_OUTPUT=jsonis set in the environment.
Recommended pattern:
./agora project doctor --json
./agora init my-go-demo --template go --json
./agora quickstart env write my-go-demo --json