Vendo Docs

Install, log in, develop locally with real Vendo identity, validate manifests, SSH into deployments.

The Vendo CLI is vendo — a small Node-based tool for working against vendo.run from your terminal. Six commands cover the full surface: authenticate, develop locally, validate a manifest, and SSH into a running deployment.

Package	npm	Source
`@vendodev/cli`	npmjs.com/package/@vendodev/cli	runvendo/vendo-cli

Install

npm install -g @vendodev/cli
vendo --help

Requires Node 20 or newer.

Commands

Command	Description
`vendo login`	Authorize the CLI against your Vendo account
`vendo logout`	Revoke the local credential server-side and remove it locally
`vendo whoami`	Show the logged-in account, tenant, and credit balance
`vendo validate [file]`	Lint `vendo.yaml` against the deploy manifest schema
`vendo dev`	Write a `.env.vendo-dev` for sourcing into a local OSS app
`vendo ssh <deployment>`	Open an interactive shell on a running deployment

Get per-command help with vendo <command> --help.

Global flags

Flag	Description
`--help`, `-h`	Print usage
`--version`, `-v`	Print the installed CLI version

vendo login accepts --api-base <url> to override the Vendo web URL (default https://vendo.run); the override is persisted in the local config so subsequent commands use it automatically.

An unknown command prints Unknown command: <name> followed by the help text and exits with code 2.

Local config

vendo login writes ~/.vendo/config.json with mode 0600 (the parent ~/.vendo directory is created with mode 0700):

{
  "apiBase": "https://vendo.run",
  "apiKey": "vendo_sk_…",
  "tenantId": "t_…",
  "appId": "app_…",
  "issuedToEmail": "[email protected]",
  "issuedAt": "2026-05-20T12:00:00Z"
}

The stored apiKey is a long-lived vendo_sk_* proxy key scoped to your tenant. Revoke it via vendo logout (which also clears the file) or from the dashboard's API Keys panel.

The config path is resolved as ${HOME}/.vendo/config.json, so overriding $HOME relocates the file. There is no XDG_CONFIG_HOME support.

The CLI does not respect VENDO_API_KEY from the environment — it always reads ~/.vendo/config.json. To use a different key for one command, run vendo logout and re-login, or pass --api-base to switch to a different Vendo instance.

Auth model

vendo login is a one-shot loopback browser bootstrap, not PKCE:

The CLI starts an HTTP listener on http://127.0.0.1:<random-port>/done and a 5-minute timer.
The CLI opens ${apiBase}/dev/cli-bootstrap?cb=<loopback>&mode=personal-key in your browser.
After you click Issue dev API key, the page mints a fresh vendo_sk_* key server-side (revoking any previous CLI key for your account) and POSTs the JSON { apiKey, tenantId, appId, email, issuedAt, ... } directly to the loopback URL.
The CLI writes the payload to ~/.vendo/config.json and exits.

There is no code verifier, no challenge, no state token, no POST /api/cli/exchange round-trip — the key is issued by the browser page and delivered straight to the loopback listener. The loopback handler answers the CORS preflight from apiBase and rejects bodies missing apiKey / tenantId. See vendo login for the full sequence.

The issued key is what every other CLI command (and every HTTP request through /api/cli/*) uses to authenticate.

Network surface

The CLI talks only to your apiBase (default vendo.run) plus, for vendo ssh, a WebSocket broker at ssh.vendo.run. No telemetry, no analytics endpoints.

Develop

To work on the CLI itself:

git clone [email protected]:runvendo/vendo-cli.git
cd vendo-cli
npm install
npm test
npm run smoke   # `vendo --help`

HTTP API > index — the surface the CLI calls under the hood
Build a tool > vendo.yaml authoring — what vendo validate checks against

Vendo CLI

On this page