CLI
The eda command puts Eda in your terminal: AI-assisted integration, one-off
checks, smoke tests, MCP servers, and secure login.
Install
curl -fsSL https://cdn.edahq.com/install.sh | shDetects your OS and package manager, installs the CLI, and falls back to npm if your fast installer has no global bin dir.
The installed command is eda regardless of how you install it.
eda init
AI-assisted integration. Point it at your project and Eda’s AI scans the codebase, finds the consequential calls, proposes exactly where checks belong, and — with your consent — writes them, smoke-tests the result, and reports the cost.
cd your-project
eda initScan
Walks your source, ranks files by signals (payments, deletes, email, deploys, agent tool calls) — nothing leaves your machine until you approve.
Analyze
Sends the top candidates to Eda’s AI, which returns a ranked plan of integration points with risk levels and a short rationale for each.
Choose
Pick which points to apply (all, 1,3, or none). Install the SDK if it’s
missing.
Apply + verify
The AI rewrites each file (backups saved to .eda-backup/), then runs a smoke test:
a syntax check plus one live eda.check() through the API. You get a “Thank you for
adding Eda!” summary and a cost line.
Pricing: eda init is pay-per-token — no subscription. You pay for exactly
the AI usage it consumed, billed to the card on file. The cost is printed at the
end of every run.
eda login
Enterprise-grade, browser-based device authorization — no pasting long-lived secrets into your shell history.
eda loginStart the flow
The CLI requests a short user code and opens your browser to
app.edahq.com/device.
Confirm in the browser
You authenticate with your existing account (SSO/passkey/password as configured) and approve the device code. The CLI is polling in the background.
Token stored securely
On approval, the CLI receives a scoped token and stores it in ~/.eda/config.json
with 0600 permissions (owner-only). Nothing sensitive is echoed to the terminal.
The device flow is designed to be airtight: user codes are short-lived and
single-use, tokens are scoped to your workspace and revocable from the dashboard,
and the CLI never sees your password. Revoke a device any time in Settings →
Security. For CI, use a scoped API key in EDA_API_KEY instead of interactive
login.
Credentials resolve in this order: EDA_API_KEY env var → .env.local in the
project → ~/.eda/config.json.
Everyday commands
| Command | What it does |
|---|---|
eda check <agent> <action> ['{json}'] | Send a one-off check and print the decision. |
eda tail [n] | Show the latest checks (default 15). |
eda usage | Quota + AI token usage this period. |
eda whoami | Active key, plan, and quota. |
eda doctor | Connectivity + config diagnosis. |
eda smoke | Three live checks to prove the pipe works. |
eda mcp serve | Run Eda’s MCP server (eda_check, eda_wait_approval). |
eda mcp proxy -- <cmd> | Gate an existing MCP server through Eda. |
eda version | Print the CLI version. |
Examples
# a quick policy-sensitive check
eda check payments-agent wire_transfer '{"amount": 50000}'
# tail the last 30 decisions
eda tail 30
# verify everything is wired
eda doctor && eda smokeEvery CLI check lands in the same audit log as your SDK checks — handy for testing policies before you ship code.