CLI reference

Generated from openthunder --help. Run node apps/docs/docs/gen-cli-reference.mjs to refresh.

The CLI ships inside OpenThunder Desktop. In the repo it runs as node apps/cli/dist/index.js; installed, it is the openthunder command. Every command below was captured from the real --help output.

openthunder

Usage: openthunder [options] [command]

Verified agentic engineering control plane

Options:
  -V, --version                     output the version number
  -h, --help                        display help for command

Commands:
  init [options]                    Initialize OpenThunder in the current
                                    repository
  mission                           Manage missions
  providers                         List available providers
  dashboard                         Open the dashboard in the browser
  node                              Manage Thunder Node identity and remote
                                    access
  lens                              Architecture Lens: map, brief, and
                                    interrogate a repository
  security                          Security Lens: security score, findings,
                                    and remediation
  mastery                           Repository Mastery Pack: turn repo
                                    intelligence into engineering mastery
                                    (Skills Tech Talk)
  analyze [options]                 Generate the full OpenThunder agent context
                                    set for this repo
  brief [options]                   Print the agent brief for this repo
                                    (overview, stack, key files, risks)
  catch-up [options]                Summarize what changed since a ref, and
                                    what to ask a coding agent next
  prompt [options]                  Print a paste-ready prompt for a coding
                                    agent, primed with repo context
  risks [options]                   Print the risk register (security-sensitive
                                    files, churn hotspots, known risks)
  testing [options]                 Print the testing guide (detected framework
                                    and verification commands)
  verify [options]                  Run the repo's detected checks (typecheck,
                                    test, lint, build) and report results
  evidence [options]                Assemble a PR evidence pack: changes vs the
                                    default branch, verification status, and
                                    risks
  loop                              Loop Engineering: run durable,
                                    agent-interchangeable engineering loops
  next [options]                    Recommend one clear next action based on
                                    current repo state
  ask [options]                     Compile the best agent prompt from repo
                                    intelligence (prompt the repo, not from
                                    memory)
  tests [options]                   Show which tests to run and what coverage
                                    may be missing
  review [options]                  Simulate a tough senior reviewer on the
                                    current change
  senior-packet [options]           Generate an explain-and-defend packet like
                                    a senior engineer
  why [options] <file>              Explain why a file exists and why it
                                    matters (git history + dependents)
  onboard [options]                 Explain the repo (or an area) like you
                                    joined the team today
  focus [options] <area>            Focus on one area: brief, changes, risks,
                                    tests, next action, agent prompt
  drift [options]                   Detect architecture drift: imports that
                                    cross a disallowed boundary
  health [options]                  Repo health snapshot with explainable
                                    metrics and trend over time
  agents                            Agent performance: which agent is best per
                                    task type, from loop history
  scan [options]                    Run a lens and produce a repo health report
                                    (code-health | traditional-security |
                                    ai-security | all)
  code-health [options]             Code Health Lens: maintainability,
                                    reliability, complexity, duplication, test
                                    posture
  traditional-security [options]    Traditional Security: secrets, injection,
                                    insecure config, weak crypto (heuristic
                                    SAST)
  ai-security [options]             AI Security: prompt injection, unsafe RAG,
                                    excessive agency, MCP/tool risk, execution
                                    paths (heuristic)
  fusion [options]                  Security x Architecture fusion: security
                                    findings re-ranked by architectural blast
                                    radius
  fix-prompt [options] <findingId>  Generate an agent-ready fix prompt for a
                                    finding (run a scan first)
  gate                              Quality gate: fail the build on NEW risk;
                                    warn on legacy (baseline)
  ci-init [options]                 Write a GitHub Actions workflow that scans,
                                    uploads SARIF, and runs the gate
  pr-evidence [options]             PR evidence pack from a scan: scores, gate,
                                    new/high-risk findings, tests, reviewer
                                    questions
  practice [options]                Generate Skills Tech Talk practice material
                                    from scan findings (no source code)
  context-pack [options]            Paste-ready AI context pack for Claude
                                    Code, Cursor, Copilot, or Codex
  review-diff [options]             Review the current diff: files touched,
                                    risk, likely missing tests, breakage risks
  review-pr [options]               Review the branch against a base ref (the
                                    PR diff): files, risk, missing tests,
                                    breakage risks
  pr-summary [options]              PR-ready summary with scan evidence:
                                    scores, gate, new findings, tests
  cloud                             OpenThunder Cloud: publish scan results
                                    (privacy-first team control plane)
  license                           OpenThunder licensing: keygen, issue, and
                                    verify signed licenses
  help [command]                    display help for command

openthunder init

Usage: openthunder init [options]

Initialize OpenThunder in the current repository

Options:
  --repo <path>  Repository path (default: "/Users/christian/Dev/OpenThunder")
  -h, --help     display help for command

openthunder mission

Usage: openthunder mission [options] [command]

Manage missions

Options:
  -h, --help             display help for command

Commands:
  create [options]       Create a new mission
  list [options]         List all missions
  show [options] <id>    Show mission details
  run [options] <id>     Run a mission (build → review → verify)
  verify [options] <id>  Check evidence requirements for a mission
  report [options] <id>  Show or generate the mission report
  help [command]         display help for command

openthunder providers

Usage: openthunder providers [options]

List available providers

Options:
  -h, --help  display help for command

openthunder dashboard

Usage: openthunder dashboard [options]

Open the dashboard in the browser

Options:
  -h, --help  display help for command

openthunder node

Usage: openthunder node [options] [command]

Manage Thunder Node identity and remote access

Options:
  -h, --help          display help for command

Commands:
  init [options]      Initialize node identity and WireGuard config
  status [options]    Show node identity, WireGuard peers, and SSH tunnel
                      config
  add-peer [options]  Add a WireGuard peer (e.g. phone) and display QR code
  link [options]      Configure an SSH reverse tunnel for remote access
  help [command]      display help for command

openthunder lens

Usage: openthunder lens [options] [command]

Architecture Lens: map, brief, and interrogate a repository

Options:
  -h, --help                              display help for command

Commands:
  generate [options]                      Analyze the repo and persist a Lens (narrated when ANTHROPIC_API_KEY is set)
  brief [options]                         Print the assembled Architecture Brief (Markdown) for the latest Lens
  ask [options] <question...>             Ask a question answered from the repo Lens, with citations
  drift [options]                         Show architecture drift between the two most recent generations
  export [options]                        Write a self-contained HTML architecture report you can share or attach to a PR
  score [options]                         Print the architecture scorecard: overall score and explainable sub-scores
  fitness [options]                       Run architecture fitness functions; exit 1 on blocking/error failures
  smells [options]                        List detected architecture smells with evidence and severity
  recommend [options]                     Show actionable recommendations (problem, fix, effort, mission contract)
  health [options]                        Print the architecture health score and the factors behind it
  study [options]                         Print an ordered reading path to understand the system
  runtime [options]                       Verify intended architecture vs observed runtime traces (drift, missing telemetry)
  graph [options] [node]                  Architecture intelligence graph. With a node (file path), answer why/owner/depends/breaks/missions/rules
  simulate [options] <scenario> <target>  What-if a change before editing. Scenarios: split-module, extract-service, move-layer, replace-provider, introduce-queue, separate-sync-async, add-resilience
  review-pack [options]                   Generate a review-ready Architecture Review Pack for a recommendation
  history [options]                       Architecture Time Machine: snapshot timeline + regression attribution
  trend [options]                         Show how the architecture score has moved across generations
  impact [options]                        Architecture impact of the working tree vs the last recorded Lens (PR / mission impact)
  plan [options]                          Safe refactor sequence: the order to tackle the recommendations
  adr [options]                           Generate Architecture Decision Records from the recovered decisions
  check [options]                         Fail (exit 1) if the working tree adds architectural regressions vs the last recorded Lens
  install-hook [options]                  Install a git hook that runs lens check, blocking regressions automatically
  help [command]                          display help for command

openthunder security

Usage: openthunder security [options] [command]

Security Lens: security score, findings, and remediation

Options:
  -h, --help                      display help for command

Commands:
  score [options]                 Run the security scan and print the 0-100
                                  score with sub-scores
  findings [options]              List security findings with severity and
                                  evidence
  recommend [options]             Show findings with exploit scenario,
                                  remediation, and mission contract
  ask [options] <question...>     Ask the Security Architect, grounded in this
                                  repo security analysis
  review-pack [options]           Generate a shareable Security Review Pack
                                  (Markdown, or --html)
  maps [options]                  Print the security Mermaid maps (trust
                                  boundary, API exposure, secrets, AI tools,
                                  exploit paths)
  threat-model [options]          STRIDE threat model per critical flow
                                  (assets, actors, threats, controls,
                                  mitigations)
  compliance [options] [profile]  Compliance READINESS (not certification).
                                  Profiles: hipaa, fedramp, soc2, pci, gdpr,
                                  enterprise
  check [options]                 Security gate: exit 1 on critical findings,
                                  new secrets, or unauthenticated protected
                                  routes
  help [command]                  display help for command

openthunder mastery

Usage: openthunder mastery [options] [command]

Repository Mastery Pack: turn repo intelligence into engineering mastery
(Skills Tech Talk)

Options:
  -h, --help            display help for command

Commands:
  generate [options]    Generate a Repository Mastery Pack from the latest scan
  export [options]      Export the latest Repository Mastery Pack as JSON
  questions [options]   Preview the suggested mastery questions
  flashcards [options]  Preview the suggested flashcards
  practice [options]    Export a portable, offline practice pack (flashcards,
                        curriculum, drills, trainer.html)
  send [options]        Print the Skills Tech Talk deep link to train on this
                        repo
  help [command]        display help for command

openthunder analyze

Usage: openthunder analyze [options]

Generate the full OpenThunder agent context set for this repo

Options:
  -C, --repo <path>  repository path (default: current directory)
  --write            write every generated file into the repo (default: list
                     them)
  --no-bridges       skip CLAUDE.md / AGENTS.md / Cursor / Copilot bridge files
  -h, --help         display help for command

openthunder brief

Usage: openthunder brief [options]

Print the agent brief for this repo (overview, stack, key files, risks)

Options:
  -C, --repo <path>    repository path (default: current directory)
  --current            emit CURRENT_STATE (branch, uncommitted work) instead of
                       the brief
  -o, --output <path>  write to a file instead of stdout
  -h, --help           display help for command

openthunder catch-up

Usage: openthunder catch-up [options]

Summarize what changed since a ref, and what to ask a coding agent next

Options:
  -C, --repo <path>    repository path (default: current directory)
  --since <ref>        commit, branch, or date to compare against (default:
                       "main")
  -o, --output <path>  write to a file instead of stdout
  -h, --help           display help for command

openthunder prompt

Usage: openthunder prompt [options]

Print a paste-ready prompt for a coding agent, primed with repo context

Options:
  -C, --repo <path>    repository path (default: current directory)
  --for <agent>        target agent (claude, codex, cursor, copilot) (default:
                       "claude")
  --mission <text>     what you want the agent to do
  -o, --output <path>  write to a file instead of stdout
  -h, --help           display help for command

openthunder risks

Usage: openthunder risks [options]

Print the risk register (security-sensitive files, churn hotspots, known risks)

Options:
  -C, --repo <path>    repository path (default: current directory)
  -o, --output <path>  write to a file instead of stdout
  -h, --help           display help for command

openthunder testing

Usage: openthunder testing [options]

Print the testing guide (detected framework and verification commands)

Options:
  -C, --repo <path>    repository path (default: current directory)
  -o, --output <path>  write to a file instead of stdout
  -h, --help           display help for command

openthunder verify

Usage: openthunder verify [options]

Run the repo's detected checks (typecheck, test, lint, build) and report
results

Options:
  -C, --repo <path>    repository path (default: current directory)
  --diff               report against current changes (informational; runs the
                       same checks)
  --timeout <seconds>  per-check timeout (default: "300")
  -o, --output <path>  write the report to a file instead of stdout
  -h, --help           display help for command

openthunder evidence

Usage: openthunder evidence [options]

Assemble a PR evidence pack: changes vs the default branch, verification
status, and risks

Options:
  -C, --repo <path>    repository path (default: current directory)
  --since <ref>        compare against this ref (default: the default branch)
  --no-verify          skip running checks (faster; omits the verification
                       section)
  --timeout <seconds>  per-check timeout (default: "300")
  -o, --output <path>  write the pack to a file instead of stdout
  -h, --help           display help for command

openthunder loop

Usage: openthunder loop [options] [command]

Loop Engineering: run durable, agent-interchangeable engineering loops

Options:
  -h, --help              display help for command

Commands:
  list [options]          List available loop templates
  run [options] <loopId>  Start a new loop run: capture context, generate an
                          agent-ready prompt, save state
  continue [options]      Continue the latest loop, optionally with a different
                          agent (preserves mission + context)
  verify [options]        Verify the current diff against the loop mission
                          (blast radius, risk, tests)
  evidence [options]      Generate a PR-ready evidence pack for the current
                          loop
  help [command]          display help for command

openthunder next

Usage: openthunder next [options]

Recommend one clear next action based on current repo state

Options:
  -C, --repo <path>  repository path (default: current directory)
  --json             output JSON instead of Markdown
  -h, --help         display help for command

openthunder ask

Usage: openthunder ask [options]

Compile the best agent prompt from repo intelligence (prompt the repo, not from
memory)

Options:
  -C, --repo <path>    repository path (default: current directory)
  --for <agent>        target agent (claude|codex|cursor|copilot|generic)
                       (default: "claude")
  --mission <text>     what you want the agent to do
  --area <area>        focus area
  -o, --output <path>  write to a file instead of stdout
  -h, --help           display help for command

openthunder tests

Usage: openthunder tests [options]

Show which tests to run and what coverage may be missing

Options:
  -C, --repo <path>    repository path (default: current directory)
  --for-diff           map the current diff to likely tests (default)
  --area <area>        analyze a specific area
  --file <path>        analyze a single file
  --json               output JSON
  -o, --output <path>  write Markdown to a file
  -h, --help           display help for command

openthunder review

Usage: openthunder review [options]

Simulate a tough senior reviewer on the current change

Options:
  -C, --repo <path>    repository path (default: current directory)
  --simulate           run the reviewer simulation (default action)
  --since <ref>        compare against this ref
  --json               output JSON
  -o, --output <path>  write Markdown to a file
  -h, --help           display help for command

openthunder senior-packet

Usage: openthunder senior-packet [options]

Generate an explain-and-defend packet like a senior engineer

Options:
  -C, --repo <path>    repository path (default: current directory)
  --area <area>        focus on an area
  --since <ref>        focus on changes since a ref
  --json               output JSON
  -o, --output <path>  write Markdown to a file
  -h, --help           display help for command

openthunder why

Usage: openthunder why [options] <file>

Explain why a file exists and why it matters (git history + dependents)

Arguments:
  file                 the file to explain

Options:
  -C, --repo <path>    repository path (default: current directory)
  --json               output JSON
  -o, --output <path>  write Markdown to a file
  -h, --help           display help for command

openthunder onboard

Usage: openthunder onboard [options]

Explain the repo (or an area) like you joined the team today

Options:
  -C, --repo <path>    repository path (default: current directory)
  --area <area>        focus on a specific area
  --json               output JSON
  -o, --output <path>  write Markdown to a file
  -h, --help           display help for command

openthunder focus

Usage: openthunder focus [options] <area>

Focus on one area: brief, changes, risks, tests, next action, agent prompt

Arguments:
  area                 the area (directory or fuzzy name)

Options:
  -C, --repo <path>    repository path (default: current directory)
  --json               output JSON
  -o, --output <path>  write Markdown to a file
  -h, --help           display help for command

openthunder drift

Usage: openthunder drift [options]

Detect architecture drift: imports that cross a disallowed boundary

Options:
  -C, --repo <path>    repository path (default: current directory)
  --json               output JSON
  -o, --output <path>  write Markdown to a file
  -h, --help           display help for command

openthunder health

Usage: openthunder health [options]

Repo health snapshot with explainable metrics and trend over time

Options:
  -C, --repo <path>    repository path (default: current directory)
  --trend              compare against the previous snapshot
  --json               output JSON
  -o, --output <path>  write Markdown to a file
  -h, --help           display help for command

openthunder agents

Usage: openthunder agents [options] [command]

Agent performance: which agent is best per task type, from loop history

Options:
  -h, --help        display help for command

Commands:
  report [options]  Report agent performance per task type from recorded loop
                    runs
  help [command]    display help for command

openthunder scan

Usage: openthunder scan [options]

Run a lens and produce a repo health report (code-health | traditional-security
| ai-security | all)

Options:
  -C, --repo <path>    repository path (default: current directory)
  --lens <lens>        lens to run (code-health | traditional-security |
                       ai-security | all) (default: "code-health")
  --all                run all available lenses
  --since <ref>        base ref for new-code detection
  --new-code           only findings introduced by the current branch
  --format <fmt>       markdown | json | sarif (default: "markdown")
  -o, --output <path>  write to a file
  -h, --help           display help for command

openthunder code-health

Usage: openthunder code-health [options]

Code Health Lens: maintainability, reliability, complexity, duplication, test
posture

Options:
  -C, --repo <path>    repository path (default: current directory)
  --since <ref>        base ref for new-code detection (default: default
                       branch)
  --new-code           only findings introduced by the current branch
  --json               output JSON
  -o, --output <path>  write Markdown to a file
  -h, --help           display help for command

openthunder traditional-security

Usage: openthunder traditional-security [options]

Traditional Security: secrets, injection, insecure config, weak crypto
(heuristic SAST)

Options:
  -C, --repo <path>    repository path (default: current directory)
  --json               output JSON
  -o, --output <path>  write Markdown to a file
  -h, --help           display help for command

openthunder ai-security

Usage: openthunder ai-security [options]

AI Security: prompt injection, unsafe RAG, excessive agency, MCP/tool risk,
execution paths (heuristic)

Options:
  -C, --repo <path>    repository path (default: current directory)
  --map-flows          emphasize the AI execution-path map
  --json               output JSON
  -o, --output <path>  write Markdown to a file
  -h, --help           display help for command

openthunder fusion

Usage: openthunder fusion [options]

Security x Architecture fusion: security findings re-ranked by architectural
blast radius

Options:
  -C, --repo <path>    repository path (default: current directory)
  --top <n>            rows to print (default 10)
  --json               output JSON
  -o, --output <path>  write Markdown to a file
  -h, --help           display help for command

openthunder fix-prompt

Usage: openthunder fix-prompt [options] <findingId>

Generate an agent-ready fix prompt for a finding (run a scan first)

Arguments:
  findingId            the finding id from a scan report

Options:
  -C, --repo <path>    repository path (default: current directory)
  --for <agent>        target agent (claude|codex|cursor|generic) (default:
                       "claude")
  -o, --output <path>  write to a file instead of the default fix-prompts dir
  -h, --help           display help for command

openthunder gate

Usage: openthunder gate [options] [command]

Quality gate: fail the build on NEW risk; warn on legacy (baseline)

Options:
  -h, --help                 display help for command

Commands:
  run [options]              Run all lenses and evaluate the quality gate (exit
                             1 on failure)
  init [options]             Create a baseline from the current scan (accept
                             existing findings as legacy)
  update-baseline [options]  Refresh the baseline to the current findings (e.g.
                             after fixing or accepting)
  explain                    Describe the quality gate conditions
  help [command]             display help for command

openthunder ci-init

Usage: openthunder ci-init [options]

Write a GitHub Actions workflow that scans, uploads SARIF, and runs the gate

Options:
  -C, --repo <path>    repository path (default: current directory)
  -o, --output <path>  workflow path (default:
                       ".github/workflows/openthunder.yml")
  -h, --help           display help for command

openthunder pr-evidence

Usage: openthunder pr-evidence [options]

PR evidence pack from a scan: scores, gate, new/high-risk findings, tests,
reviewer questions

Options:
  -C, --repo <path>    repository path (default: current directory)
  -o, --output <path>  write to a file
  -h, --help           display help for command

openthunder practice

Usage: openthunder practice [options]

Generate Skills Tech Talk practice material from scan findings (no source code)

Options:
  -C, --repo <path>    repository path (default: current directory)
  --from-findings      use the latest scan findings (default)
  --lens <lens>        focus on one lens (code-health | traditional-security |
                       ai-security)
  --json               output JSON
  -o, --output <path>  write Markdown to a file
  -h, --help           display help for command

openthunder context-pack

Usage: openthunder context-pack [options]

Paste-ready AI context pack for Claude Code, Cursor, Copilot, or Codex

Options:
  -C, --repo <path>  repository path (default: current directory)
  --goal <text>      what you want the agent to do
  --json             output JSON instead of text
  --no-attribution   omit the attribution footer
  -h, --help         display help for command

openthunder review-diff

Usage: openthunder review-diff [options]

Review the current diff: files touched, risk, likely missing tests, breakage
risks

Options:
  -C, --repo <path>  repository path (default: current directory)
  --json             output JSON instead of text
  -h, --help         display help for command

openthunder review-pr

Usage: openthunder review-pr [options]

Review the branch against a base ref (the PR diff): files, risk, missing tests,
breakage risks

Options:
  -C, --repo <path>  repository path (default: current directory)
  --base <ref>       base ref to diff against (default: the repo default
                     branch)
  --json             output JSON instead of text
  -h, --help         display help for command

openthunder pr-summary

Usage: openthunder pr-summary [options]

PR-ready summary with scan evidence: scores, gate, new findings, tests

Options:
  -C, --repo <path>  repository path (default: current directory)
  --json             output JSON instead of Markdown
  --no-attribution   omit the attribution footer
  -h, --help         display help for command

openthunder cloud

Usage: openthunder cloud [options] [command]

OpenThunder Cloud: publish scan results (privacy-first team control plane)

Options:
  -h, --help         display help for command

Commands:
  publish [options]  Publish a scan result to OpenThunder Cloud (privacy-first:
                     no raw code)
  ci-init [options]  Write a GitHub Actions workflow that scans, publishes to
                     the cloud, and gates
  help [command]     display help for command

openthunder license

Usage: openthunder license [options] [command]

OpenThunder licensing: keygen, issue, and verify signed licenses

Options:
  -h, --help                display help for command

Commands:
  keygen [options]          Generate an Ed25519 keypair. Keep the private key
                            secret; ship the public key with the app.
  sign [options]            Issue a signed license token
  verify [options] <token>  Verify a license token offline against the public
                            key
  help [command]            display help for command