CLI

CLI

The eda command puts Eda in your terminal: AI-assisted integration, one-off checks, smoke tests, MCP servers, and secure login.

Install

curl -fsSL https://cdn.edahq.com/install.sh | sh

Detects your OS and package manager, installs the CLI, and falls back to npm if your fast installer has no global bin dir.

The installed command is eda regardless of how you install it.

eda init

AI-assisted integration. Point it at your project and Eda’s AI scans the codebase, finds the consequential calls, proposes exactly where checks belong, and — with your consent — writes them, smoke-tests the result, and reports the cost.

cd your-project
eda init

Scan

Walks your source, ranks files by signals (payments, deletes, email, deploys, agent tool calls) — nothing leaves your machine until you approve.

Analyze

Sends the top candidates to Eda’s AI, which returns a ranked plan of integration points with risk levels and a short rationale for each.

Choose

Pick which points to apply (all, 1,3, or none). Install the SDK if it’s missing.

Apply + verify

The AI rewrites each file (backups saved to .eda-backup/), then runs a smoke test: a syntax check plus one live eda.check() through the API. You get a “Thank you for adding Eda!” summary and a cost line.

Pricing: eda init is pay-per-token — no subscription. You pay for exactly the AI usage it consumed, billed to the card on file. The cost is printed at the end of every run.

eda login

Enterprise-grade, browser-based device authorization — no pasting long-lived secrets into your shell history.

eda login

Start the flow

The CLI requests a short user code and opens your browser to app.edahq.com/device.

Confirm in the browser

You authenticate with your existing account (SSO/passkey/password as configured) and approve the device code. The CLI is polling in the background.

Token stored securely

On approval, the CLI receives a scoped token and stores it in ~/.eda/config.json with 0600 permissions (owner-only). Nothing sensitive is echoed to the terminal.

⚠️

The device flow is designed to be airtight: user codes are short-lived and single-use, tokens are scoped to your workspace and revocable from the dashboard, and the CLI never sees your password. Revoke a device any time in Settings → Security. For CI, use a scoped API key in EDA_API_KEY instead of interactive login.

Credentials resolve in this order: EDA_API_KEY env var → .env.local in the project → ~/.eda/config.json.

Everyday commands

CommandWhat it does
eda check <agent> <action> ['{json}']Send a one-off check and print the decision.
eda tail [n]Show the latest checks (default 15).
eda usageQuota + AI token usage this period.
eda whoamiActive key, plan, and quota.
eda doctorConnectivity + config diagnosis.
eda smokeThree live checks to prove the pipe works.
eda mcp serveRun Eda’s MCP server (eda_check, eda_wait_approval).
eda mcp proxy -- <cmd>Gate an existing MCP server through Eda.
eda versionPrint the CLI version.

Examples

# a quick policy-sensitive check
eda check payments-agent wire_transfer '{"amount": 50000}'
 
# tail the last 30 decisions
eda tail 30
 
# verify everything is wired
eda doctor && eda smoke

Every CLI check lands in the same audit log as your SDK checks — handy for testing policies before you ship code.