CLI reference
Generated from
openthunder --help. Runnode apps/docs/docs/gen-cli-reference.mjsto refresh.
The CLI ships inside OpenThunder Desktop. In the repo it runs as node apps/cli/dist/index.js; installed, it is the openthunder command. Every command below was captured from the real --help output.
openthunder
Usage: openthunder [options] [command]
Verified agentic engineering control plane
Options:
-V, --version output the version number
-h, --help display help for command
Commands:
init [options] Initialize OpenThunder in the current
repository
mission Manage missions
providers List available providers
dashboard Open the dashboard in the browser
node Manage Thunder Node identity and remote
access
lens Architecture Lens: map, brief, and
interrogate a repository
security Security Lens: security score, findings,
and remediation
mastery Repository Mastery Pack: turn repo
intelligence into engineering mastery
(Skills Tech Talk)
analyze [options] Generate the full OpenThunder agent context
set for this repo
brief [options] Print the agent brief for this repo
(overview, stack, key files, risks)
catch-up [options] Summarize what changed since a ref, and
what to ask a coding agent next
prompt [options] Print a paste-ready prompt for a coding
agent, primed with repo context
risks [options] Print the risk register (security-sensitive
files, churn hotspots, known risks)
testing [options] Print the testing guide (detected framework
and verification commands)
verify [options] Run the repo's detected checks (typecheck,
test, lint, build) and report results
evidence [options] Assemble a PR evidence pack: changes vs the
default branch, verification status, and
risks
loop Loop Engineering: run durable,
agent-interchangeable engineering loops
next [options] Recommend one clear next action based on
current repo state
ask [options] Compile the best agent prompt from repo
intelligence (prompt the repo, not from
memory)
tests [options] Show which tests to run and what coverage
may be missing
review [options] Simulate a tough senior reviewer on the
current change
senior-packet [options] Generate an explain-and-defend packet like
a senior engineer
why [options] <file> Explain why a file exists and why it
matters (git history + dependents)
onboard [options] Explain the repo (or an area) like you
joined the team today
focus [options] <area> Focus on one area: brief, changes, risks,
tests, next action, agent prompt
drift [options] Detect architecture drift: imports that
cross a disallowed boundary
health [options] Repo health snapshot with explainable
metrics and trend over time
agents Agent performance: which agent is best per
task type, from loop history
scan [options] Run a lens and produce a repo health report
(code-health | traditional-security |
ai-security | all)
code-health [options] Code Health Lens: maintainability,
reliability, complexity, duplication, test
posture
traditional-security [options] Traditional Security: secrets, injection,
insecure config, weak crypto (heuristic
SAST)
ai-security [options] AI Security: prompt injection, unsafe RAG,
excessive agency, MCP/tool risk, execution
paths (heuristic)
fusion [options] Security x Architecture fusion: security
findings re-ranked by architectural blast
radius
fix-prompt [options] <findingId> Generate an agent-ready fix prompt for a
finding (run a scan first)
gate Quality gate: fail the build on NEW risk;
warn on legacy (baseline)
ci-init [options] Write a GitHub Actions workflow that scans,
uploads SARIF, and runs the gate
pr-evidence [options] PR evidence pack from a scan: scores, gate,
new/high-risk findings, tests, reviewer
questions
practice [options] Generate Skills Tech Talk practice material
from scan findings (no source code)
context-pack [options] Paste-ready AI context pack for Claude
Code, Cursor, Copilot, or Codex
review-diff [options] Review the current diff: files touched,
risk, likely missing tests, breakage risks
review-pr [options] Review the branch against a base ref (the
PR diff): files, risk, missing tests,
breakage risks
pr-summary [options] PR-ready summary with scan evidence:
scores, gate, new findings, tests
cloud OpenThunder Cloud: publish scan results
(privacy-first team control plane)
license OpenThunder licensing: keygen, issue, and
verify signed licenses
help [command] display help for command
openthunder init
Usage: openthunder init [options]
Initialize OpenThunder in the current repository
Options:
--repo <path> Repository path (default: "/Users/christian/Dev/OpenThunder")
-h, --help display help for command
openthunder mission
Usage: openthunder mission [options] [command]
Manage missions
Options:
-h, --help display help for command
Commands:
create [options] Create a new mission
list [options] List all missions
show [options] <id> Show mission details
run [options] <id> Run a mission (build → review → verify)
verify [options] <id> Check evidence requirements for a mission
report [options] <id> Show or generate the mission report
help [command] display help for command
openthunder providers
Usage: openthunder providers [options]
List available providers
Options:
-h, --help display help for command
openthunder dashboard
Usage: openthunder dashboard [options]
Open the dashboard in the browser
Options:
-h, --help display help for command
openthunder node
Usage: openthunder node [options] [command]
Manage Thunder Node identity and remote access
Options:
-h, --help display help for command
Commands:
init [options] Initialize node identity and WireGuard config
status [options] Show node identity, WireGuard peers, and SSH tunnel
config
add-peer [options] Add a WireGuard peer (e.g. phone) and display QR code
link [options] Configure an SSH reverse tunnel for remote access
help [command] display help for command
openthunder lens
Usage: openthunder lens [options] [command]
Architecture Lens: map, brief, and interrogate a repository
Options:
-h, --help display help for command
Commands:
generate [options] Analyze the repo and persist a Lens (narrated when ANTHROPIC_API_KEY is set)
brief [options] Print the assembled Architecture Brief (Markdown) for the latest Lens
ask [options] <question...> Ask a question answered from the repo Lens, with citations
drift [options] Show architecture drift between the two most recent generations
export [options] Write a self-contained HTML architecture report you can share or attach to a PR
score [options] Print the architecture scorecard: overall score and explainable sub-scores
fitness [options] Run architecture fitness functions; exit 1 on blocking/error failures
smells [options] List detected architecture smells with evidence and severity
recommend [options] Show actionable recommendations (problem, fix, effort, mission contract)
health [options] Print the architecture health score and the factors behind it
study [options] Print an ordered reading path to understand the system
runtime [options] Verify intended architecture vs observed runtime traces (drift, missing telemetry)
graph [options] [node] Architecture intelligence graph. With a node (file path), answer why/owner/depends/breaks/missions/rules
simulate [options] <scenario> <target> What-if a change before editing. Scenarios: split-module, extract-service, move-layer, replace-provider, introduce-queue, separate-sync-async, add-resilience
review-pack [options] Generate a review-ready Architecture Review Pack for a recommendation
history [options] Architecture Time Machine: snapshot timeline + regression attribution
trend [options] Show how the architecture score has moved across generations
impact [options] Architecture impact of the working tree vs the last recorded Lens (PR / mission impact)
plan [options] Safe refactor sequence: the order to tackle the recommendations
adr [options] Generate Architecture Decision Records from the recovered decisions
check [options] Fail (exit 1) if the working tree adds architectural regressions vs the last recorded Lens
install-hook [options] Install a git hook that runs lens check, blocking regressions automatically
help [command] display help for command
openthunder security
Usage: openthunder security [options] [command]
Security Lens: security score, findings, and remediation
Options:
-h, --help display help for command
Commands:
score [options] Run the security scan and print the 0-100
score with sub-scores
findings [options] List security findings with severity and
evidence
recommend [options] Show findings with exploit scenario,
remediation, and mission contract
ask [options] <question...> Ask the Security Architect, grounded in this
repo security analysis
review-pack [options] Generate a shareable Security Review Pack
(Markdown, or --html)
maps [options] Print the security Mermaid maps (trust
boundary, API exposure, secrets, AI tools,
exploit paths)
threat-model [options] STRIDE threat model per critical flow
(assets, actors, threats, controls,
mitigations)
compliance [options] [profile] Compliance READINESS (not certification).
Profiles: hipaa, fedramp, soc2, pci, gdpr,
enterprise
check [options] Security gate: exit 1 on critical findings,
new secrets, or unauthenticated protected
routes
help [command] display help for command
openthunder mastery
Usage: openthunder mastery [options] [command]
Repository Mastery Pack: turn repo intelligence into engineering mastery
(Skills Tech Talk)
Options:
-h, --help display help for command
Commands:
generate [options] Generate a Repository Mastery Pack from the latest scan
export [options] Export the latest Repository Mastery Pack as JSON
questions [options] Preview the suggested mastery questions
flashcards [options] Preview the suggested flashcards
practice [options] Export a portable, offline practice pack (flashcards,
curriculum, drills, trainer.html)
send [options] Print the Skills Tech Talk deep link to train on this
repo
help [command] display help for command
openthunder analyze
Usage: openthunder analyze [options]
Generate the full OpenThunder agent context set for this repo
Options:
-C, --repo <path> repository path (default: current directory)
--write write every generated file into the repo (default: list
them)
--no-bridges skip CLAUDE.md / AGENTS.md / Cursor / Copilot bridge files
-h, --help display help for command
openthunder brief
Usage: openthunder brief [options]
Print the agent brief for this repo (overview, stack, key files, risks)
Options:
-C, --repo <path> repository path (default: current directory)
--current emit CURRENT_STATE (branch, uncommitted work) instead of
the brief
-o, --output <path> write to a file instead of stdout
-h, --help display help for command
openthunder catch-up
Usage: openthunder catch-up [options]
Summarize what changed since a ref, and what to ask a coding agent next
Options:
-C, --repo <path> repository path (default: current directory)
--since <ref> commit, branch, or date to compare against (default:
"main")
-o, --output <path> write to a file instead of stdout
-h, --help display help for command
openthunder prompt
Usage: openthunder prompt [options]
Print a paste-ready prompt for a coding agent, primed with repo context
Options:
-C, --repo <path> repository path (default: current directory)
--for <agent> target agent (claude, codex, cursor, copilot) (default:
"claude")
--mission <text> what you want the agent to do
-o, --output <path> write to a file instead of stdout
-h, --help display help for command
openthunder risks
Usage: openthunder risks [options]
Print the risk register (security-sensitive files, churn hotspots, known risks)
Options:
-C, --repo <path> repository path (default: current directory)
-o, --output <path> write to a file instead of stdout
-h, --help display help for command
openthunder testing
Usage: openthunder testing [options]
Print the testing guide (detected framework and verification commands)
Options:
-C, --repo <path> repository path (default: current directory)
-o, --output <path> write to a file instead of stdout
-h, --help display help for command
openthunder verify
Usage: openthunder verify [options]
Run the repo's detected checks (typecheck, test, lint, build) and report
results
Options:
-C, --repo <path> repository path (default: current directory)
--diff report against current changes (informational; runs the
same checks)
--timeout <seconds> per-check timeout (default: "300")
-o, --output <path> write the report to a file instead of stdout
-h, --help display help for command
openthunder evidence
Usage: openthunder evidence [options]
Assemble a PR evidence pack: changes vs the default branch, verification
status, and risks
Options:
-C, --repo <path> repository path (default: current directory)
--since <ref> compare against this ref (default: the default branch)
--no-verify skip running checks (faster; omits the verification
section)
--timeout <seconds> per-check timeout (default: "300")
-o, --output <path> write the pack to a file instead of stdout
-h, --help display help for command
openthunder loop
Usage: openthunder loop [options] [command]
Loop Engineering: run durable, agent-interchangeable engineering loops
Options:
-h, --help display help for command
Commands:
list [options] List available loop templates
run [options] <loopId> Start a new loop run: capture context, generate an
agent-ready prompt, save state
continue [options] Continue the latest loop, optionally with a different
agent (preserves mission + context)
verify [options] Verify the current diff against the loop mission
(blast radius, risk, tests)
evidence [options] Generate a PR-ready evidence pack for the current
loop
help [command] display help for command
openthunder next
Usage: openthunder next [options]
Recommend one clear next action based on current repo state
Options:
-C, --repo <path> repository path (default: current directory)
--json output JSON instead of Markdown
-h, --help display help for command
openthunder ask
Usage: openthunder ask [options]
Compile the best agent prompt from repo intelligence (prompt the repo, not from
memory)
Options:
-C, --repo <path> repository path (default: current directory)
--for <agent> target agent (claude|codex|cursor|copilot|generic)
(default: "claude")
--mission <text> what you want the agent to do
--area <area> focus area
-o, --output <path> write to a file instead of stdout
-h, --help display help for command
openthunder tests
Usage: openthunder tests [options]
Show which tests to run and what coverage may be missing
Options:
-C, --repo <path> repository path (default: current directory)
--for-diff map the current diff to likely tests (default)
--area <area> analyze a specific area
--file <path> analyze a single file
--json output JSON
-o, --output <path> write Markdown to a file
-h, --help display help for command
openthunder review
Usage: openthunder review [options]
Simulate a tough senior reviewer on the current change
Options:
-C, --repo <path> repository path (default: current directory)
--simulate run the reviewer simulation (default action)
--since <ref> compare against this ref
--json output JSON
-o, --output <path> write Markdown to a file
-h, --help display help for command
openthunder senior-packet
Usage: openthunder senior-packet [options]
Generate an explain-and-defend packet like a senior engineer
Options:
-C, --repo <path> repository path (default: current directory)
--area <area> focus on an area
--since <ref> focus on changes since a ref
--json output JSON
-o, --output <path> write Markdown to a file
-h, --help display help for command
openthunder why
Usage: openthunder why [options] <file>
Explain why a file exists and why it matters (git history + dependents)
Arguments:
file the file to explain
Options:
-C, --repo <path> repository path (default: current directory)
--json output JSON
-o, --output <path> write Markdown to a file
-h, --help display help for command
openthunder onboard
Usage: openthunder onboard [options]
Explain the repo (or an area) like you joined the team today
Options:
-C, --repo <path> repository path (default: current directory)
--area <area> focus on a specific area
--json output JSON
-o, --output <path> write Markdown to a file
-h, --help display help for command
openthunder focus
Usage: openthunder focus [options] <area>
Focus on one area: brief, changes, risks, tests, next action, agent prompt
Arguments:
area the area (directory or fuzzy name)
Options:
-C, --repo <path> repository path (default: current directory)
--json output JSON
-o, --output <path> write Markdown to a file
-h, --help display help for command
openthunder drift
Usage: openthunder drift [options]
Detect architecture drift: imports that cross a disallowed boundary
Options:
-C, --repo <path> repository path (default: current directory)
--json output JSON
-o, --output <path> write Markdown to a file
-h, --help display help for command
openthunder health
Usage: openthunder health [options]
Repo health snapshot with explainable metrics and trend over time
Options:
-C, --repo <path> repository path (default: current directory)
--trend compare against the previous snapshot
--json output JSON
-o, --output <path> write Markdown to a file
-h, --help display help for command
openthunder agents
Usage: openthunder agents [options] [command]
Agent performance: which agent is best per task type, from loop history
Options:
-h, --help display help for command
Commands:
report [options] Report agent performance per task type from recorded loop
runs
help [command] display help for command
openthunder scan
Usage: openthunder scan [options]
Run a lens and produce a repo health report (code-health | traditional-security
| ai-security | all)
Options:
-C, --repo <path> repository path (default: current directory)
--lens <lens> lens to run (code-health | traditional-security |
ai-security | all) (default: "code-health")
--all run all available lenses
--since <ref> base ref for new-code detection
--new-code only findings introduced by the current branch
--format <fmt> markdown | json | sarif (default: "markdown")
-o, --output <path> write to a file
-h, --help display help for command
openthunder code-health
Usage: openthunder code-health [options]
Code Health Lens: maintainability, reliability, complexity, duplication, test
posture
Options:
-C, --repo <path> repository path (default: current directory)
--since <ref> base ref for new-code detection (default: default
branch)
--new-code only findings introduced by the current branch
--json output JSON
-o, --output <path> write Markdown to a file
-h, --help display help for command
openthunder traditional-security
Usage: openthunder traditional-security [options]
Traditional Security: secrets, injection, insecure config, weak crypto
(heuristic SAST)
Options:
-C, --repo <path> repository path (default: current directory)
--json output JSON
-o, --output <path> write Markdown to a file
-h, --help display help for command
openthunder ai-security
Usage: openthunder ai-security [options]
AI Security: prompt injection, unsafe RAG, excessive agency, MCP/tool risk,
execution paths (heuristic)
Options:
-C, --repo <path> repository path (default: current directory)
--map-flows emphasize the AI execution-path map
--json output JSON
-o, --output <path> write Markdown to a file
-h, --help display help for command
openthunder fusion
Usage: openthunder fusion [options]
Security x Architecture fusion: security findings re-ranked by architectural
blast radius
Options:
-C, --repo <path> repository path (default: current directory)
--top <n> rows to print (default 10)
--json output JSON
-o, --output <path> write Markdown to a file
-h, --help display help for command
openthunder fix-prompt
Usage: openthunder fix-prompt [options] <findingId>
Generate an agent-ready fix prompt for a finding (run a scan first)
Arguments:
findingId the finding id from a scan report
Options:
-C, --repo <path> repository path (default: current directory)
--for <agent> target agent (claude|codex|cursor|generic) (default:
"claude")
-o, --output <path> write to a file instead of the default fix-prompts dir
-h, --help display help for command
openthunder gate
Usage: openthunder gate [options] [command]
Quality gate: fail the build on NEW risk; warn on legacy (baseline)
Options:
-h, --help display help for command
Commands:
run [options] Run all lenses and evaluate the quality gate (exit
1 on failure)
init [options] Create a baseline from the current scan (accept
existing findings as legacy)
update-baseline [options] Refresh the baseline to the current findings (e.g.
after fixing or accepting)
explain Describe the quality gate conditions
help [command] display help for command
openthunder ci-init
Usage: openthunder ci-init [options]
Write a GitHub Actions workflow that scans, uploads SARIF, and runs the gate
Options:
-C, --repo <path> repository path (default: current directory)
-o, --output <path> workflow path (default:
".github/workflows/openthunder.yml")
-h, --help display help for command
openthunder pr-evidence
Usage: openthunder pr-evidence [options]
PR evidence pack from a scan: scores, gate, new/high-risk findings, tests,
reviewer questions
Options:
-C, --repo <path> repository path (default: current directory)
-o, --output <path> write to a file
-h, --help display help for command
openthunder practice
Usage: openthunder practice [options]
Generate Skills Tech Talk practice material from scan findings (no source code)
Options:
-C, --repo <path> repository path (default: current directory)
--from-findings use the latest scan findings (default)
--lens <lens> focus on one lens (code-health | traditional-security |
ai-security)
--json output JSON
-o, --output <path> write Markdown to a file
-h, --help display help for command
openthunder context-pack
Usage: openthunder context-pack [options]
Paste-ready AI context pack for Claude Code, Cursor, Copilot, or Codex
Options:
-C, --repo <path> repository path (default: current directory)
--goal <text> what you want the agent to do
--json output JSON instead of text
--no-attribution omit the attribution footer
-h, --help display help for command
openthunder review-diff
Usage: openthunder review-diff [options]
Review the current diff: files touched, risk, likely missing tests, breakage
risks
Options:
-C, --repo <path> repository path (default: current directory)
--json output JSON instead of text
-h, --help display help for command
openthunder review-pr
Usage: openthunder review-pr [options]
Review the branch against a base ref (the PR diff): files, risk, missing tests,
breakage risks
Options:
-C, --repo <path> repository path (default: current directory)
--base <ref> base ref to diff against (default: the repo default
branch)
--json output JSON instead of text
-h, --help display help for command
openthunder pr-summary
Usage: openthunder pr-summary [options]
PR-ready summary with scan evidence: scores, gate, new findings, tests
Options:
-C, --repo <path> repository path (default: current directory)
--json output JSON instead of Markdown
--no-attribution omit the attribution footer
-h, --help display help for command
openthunder cloud
Usage: openthunder cloud [options] [command]
OpenThunder Cloud: publish scan results (privacy-first team control plane)
Options:
-h, --help display help for command
Commands:
publish [options] Publish a scan result to OpenThunder Cloud (privacy-first:
no raw code)
ci-init [options] Write a GitHub Actions workflow that scans, publishes to
the cloud, and gates
help [command] display help for command
openthunder license
Usage: openthunder license [options] [command]
OpenThunder licensing: keygen, issue, and verify signed licenses
Options:
-h, --help display help for command
Commands:
keygen [options] Generate an Ed25519 keypair. Keep the private key
secret; ship the public key with the app.
sign [options] Issue a signed license token
verify [options] <token> Verify a license token offline against the public
key
help [command] display help for command