> ## Documentation Index > Fetch the complete documentation index at: https://docs.codeant.ai/llms.txt > Use this file to discover all available pages before exploring further. # CLI Commands > Complete reference for all CodeAnt AI CLI commands ## Global Options ```bash theme={null} codeant --version # Show CLI version codeant --help # Show help for all commands codeant --help # Show help for a specific command ``` ## Authentication ### login Authenticate with CodeAnt AI via browser-based OAuth. ```bash theme={null} codeant login ``` ### logout Sign out and remove stored credentials. ```bash theme={null} codeant logout ``` ### set-token Store an authentication token for an SCM platform. ```bash theme={null} codeant set-token ``` **Supported remotes:** `github`, `gitlab`, `bitbucket`, `azure` **Examples:** ```bash theme={null} codeant set-token github ghp_xxxxxxxxxxxx codeant set-token gitlab glpat-xxxxxxxxxxxx codeant set-token bitbucket ATBB_xxxxxxxxxxxx codeant set-token azure xxxxxxxxxxxx ``` ### set-codeant-api-key Manually set the CodeAnt AI API key (alternative to `codeant login`). ```bash theme={null} codeant set-codeant-api-key ``` ### get-codeant-api-key Display the currently stored CodeAnt API key (masked — shows first and last 4 characters). ```bash theme={null} codeant get-codeant-api-key ``` ### set-telemetry Enable or disable anonymous usage analytics (PostHog). ```bash theme={null} codeant set-telemetry ``` ### get-telemetry Show current telemetry status. ```bash theme={null} codeant get-telemetry ``` ## Code Scanning All scanning commands share a common set of options for controlling scan scope and file filtering. ### Common Scan Options These options apply to `secrets`: | Option | Description | | ------------------------ | ------------------------------------------------------------ | | `--staged` | Scan only staged files (default) | | `--all` | Scan all changed files compared to base branch | | `--committed` | Scan only unpushed commits | | `--uncommitted` | Scan all uncommitted changes (staged + unstaged + untracked) | | `--last-commit` | Scan files from the last commit | | `--last-n-commits ` | Scan files from the last n commits (max 5) | | `--base ` | Compare against a specific base branch | | `--base-commit ` | Compare against a specific commit SHA | | `--include ` | Comma-separated glob patterns to include files | | `--exclude ` | Comma-separated glob patterns to exclude files | **Glob Pattern Syntax:** * `*` matches any characters except `/` * `**` matches any characters including `/` * `*.{js,ts}` matches multiple extensions (brace expansion is supported) * Multiple patterns: `--exclude 'test/**,dist/**'` *** ### secrets Scan code for exposed secrets, API keys, and credentials. ```bash theme={null} codeant secrets [options] ``` **Secrets-Specific Options:** | Option | Description | | ------------------- | ------------------------------------------------------------ | | `--fail-on ` | Fail threshold: `HIGH`, `MEDIUM`, or `all` (default: `HIGH`) | **Confidence Levels:** | Level | Description | | ---------------- | ------------------------------------------------------ | | `HIGH` | High confidence — likely a real secret | | `MEDIUM` | Medium confidence — may require manual review | | `FALSE_POSITIVE` | Detected but likely not a real secret (always ignored) | **Exit Codes:** * `0` — No blocking secrets found (or only false positives) * `1` — Secrets detected that match the `--fail-on` threshold **Examples:** ```bash theme={null} # Scan staged files (default) codeant secrets # Scan all changed files on this branch codeant secrets --all # Scan the last commit codeant secrets --last-commit # Scan last 3 commits codeant secrets --last-n-commits 3 # Fail on HIGH and MEDIUM confidence secrets codeant secrets --fail-on MEDIUM # Fail on all secrets except false positives codeant secrets --fail-on all # Filter by file patterns codeant secrets --include '**/*.js' --exclude 'node_modules/**,*.test.js' ``` **Example Output:** Secrets found (blocking): ``` ✗ 2 secret(s) found! src/config.js Line 5: AWS Access Key (HIGH) Line 12: API Key (HIGH) Remove secrets before committing. ``` Only false positives (non-blocking): ``` ⚠ 1 potential secret(s) found (ignored) Ignored (false positives): src/example.js Line 10: Generic Secret (FALSE_POSITIVE) ✓ Commit allowed (only false positives found) ``` No secrets: ``` ✓ No secrets found ``` ## Analytics ### track Send an analytics event to CodeAnt. Primarily used by integrations (Claude Code skills, CI systems, etc.) to record usage events. ```bash theme={null} codeant track [options] ``` | Option | Description | | ---------------- | ----------------------------------------------------------------------- | | `--event ` | Event name (**required**), e.g., `skill_invoked`, `suggestions_applied` | | `--props ` | JSON string of event properties (default: `{}`) | **Example:** ```bash theme={null} codeant track --event skill_invoked --props '{"skill":"codeant-review","source":"claude-code"}' ``` *** ## Configuration ### set-base-url Set a custom API base URL for self-hosted CodeAnt deployments. ```bash theme={null} codeant set-base-url ``` **Example:** ```bash theme={null} codeant set-base-url https://api.your-company.com ``` ### get-base-url Display the current API base URL and where it's configured. ```bash theme={null} codeant get-base-url ``` ## Configuration File All configuration is stored in `~/.codeant/config.json`. **Configuration Keys:** | Key | Description | | ------------------ | ------------------------------------------------------------------------------- | | `apiKeyV2` | CodeAnt AI API token (set via `codeant login` or `codeant set-codeant-api-key`) | | `baseUrl` | API base URL (set via `codeant set-base-url`) | | `githubToken` | GitHub token (set via `codeant set-token github`) | | `gitlabToken` | GitLab token (set via `codeant set-token gitlab`) | | `bitbucketToken` | Bitbucket token (set via `codeant set-token bitbucket`) | | `azureDevOpsToken` | Azure DevOps token (set via `codeant set-token azure`) | | `githubBaseUrl` | GitHub Enterprise API URL | | `gitlabBaseUrl` | Self-hosted GitLab URL | | `bitbucketBaseUrl` | Bitbucket Server URL | | `telemetryEnabled` | Boolean — enable or disable anonymous analytics | **Environment Variables:** | Variable | Description | | ----------------------------------------- | ----------------------------------------- | | `CODEANT_API_URL` | Override API base URL | | `CODEANT_API_TOKEN` | Override API authentication token | | `CODEANT_TELEMETRY_DISABLED` | Set to `1` or `true` to disable analytics | | `GITHUB_TOKEN` / `GH_TOKEN` | GitHub authentication | | `GITHUB_API_URL` / `GH_ENTERPRISE_URL` | GitHub Enterprise API URL | | `GITLAB_TOKEN` | GitLab authentication | | `GITLAB_URL` / `GITLAB_HOST` | Self-hosted GitLab URL | | `BITBUCKET_TOKEN` | Bitbucket authentication | | `BITBUCKET_URL` / `BITBUCKET_SERVER_URL` | Bitbucket Server URL | | `AZURE_DEVOPS_TOKEN` / `AZURE_DEVOPS_PAT` | Azure DevOps authentication | **Priority Order:** 1. Environment variables (highest) 2. Platform CLI tools (`gh`, `glab`) 3. Config file (`~/.codeant/config.json`) 4. Default values