CLI Reference
Complete reference for the dojops command-line interface.
Commands
Workflow
| Command | Description |
|---|---|
dojops arise | Generate complete CI/CD pipeline from scratch (interactive) |
dojops arise --yes | Auto-detect preferences and generate with smart defaults |
dojops arise --dry-run | Preview pipeline design without generating files |
dojops arise --skip-verify | Skip external config validation during generation |
arise scans your repo, asks about your CI platform (GitHub Actions, GitLab CI, Jenkins), pipeline stages, container registry, security scanner, deploy target, and environment strategy, then generates all files in parallel with verification and audit logging. Use --yes to skip prompts and auto-detect everything.
Generation & Planning
| Command | Description |
|---|---|
dojops <prompt> | Generate DevOps config (default command) |
dojops generate <prompt> | Explicit generation (same as default) |
dojops plan <prompt> | Decompose goal into dependency-aware task graph |
dojops plan --voice | Use voice input as plan prompt (requires whisper.cpp + sox) |
dojops plan --execute <prompt> | Plan + execute with approval workflow |
dojops apply [<plan-id>] | Execute a saved plan |
dojops apply --skip-verify | Skip external config verification (on by default) |
dojops apply --allow-all-paths | Bypass DevOps file write allowlist |
dojops apply --resume | Resume a partially-failed plan |
dojops apply --replay | Deterministic replay: temp=0, validate env match |
dojops apply --dry-run | Preview changes without writing files |
dojops apply --force | Skip git dirty check, HIGH risk gate, and replay validation |
dojops apply --task <id> | Run only a single task from the plan |
dojops apply --timeout <ms> | Per-task timeout in milliseconds |
dojops apply --parallel=N | Max parallel tasks during wave execution |
dojops apply --repair-attempts=N | Max self-repair attempts per task (default: 3) |
dojops apply --install-packages | Run package manager install after successful apply |
dojops validate [<plan-id>] | Validate plan against schemas |
dojops explain [<plan-id>] | LLM explains a plan in plain language |
Diagnostics & Analysis
| Command | Description |
|---|---|
dojops check | LLM-powered DevOps config quality check (score 0-100) |
dojops check --output json | Output check report as JSON |
dojops check provider | Test LLM provider connectivity and list models |
dojops debug ci <log> | Diagnose CI/CD log failures (root cause, fixes) |
dojops analyze diff --file | Analyze infrastructure diff (risk, cost, security) |
dojops scan | Security scan: vulnerabilities, deps, IaC, secrets |
dojops scan --security | Run security scanners only (trivy, gitleaks) |
dojops scan --deps | Run dependency audit only (npm, pip) |
dojops scan --iac | Run IaC scanners only (checkov, hadolint) |
dojops scan --sbom | Generate SBOM (CycloneDX) with hash tracking |
dojops scan --license | Run license compliance scanners (trivy-license) |
dojops scan --fix | Generate and apply LLM-powered remediation |
dojops scan --compare | Compare findings with previous scan report |
dojops scan --target <dir> | Scan a different directory |
dojops scan --fail-on <sev> | Set severity threshold for non-zero exit (CRITICAL, HIGH, MEDIUM, LOW) |
dojops scan --compliance=FW | Map findings to a compliance framework (CIS, PCI-DSS, HIPAA, SOC2) |
dojops scan --sarif | Output in SARIF format (for GitHub Code Scanning, etc.) |
Autonomous Agent
| Command | Description |
|---|---|
dojops auto <prompt> | Autonomous agent mode, iterative tool-use loop (ReAct pattern) |
dojops auto --max-iterations=N | Set max loop iterations (default: 50) |
dojops auto --background | Run in background, return run ID immediately |
dojops auto --voice | Use voice input as task prompt (requires whisper.cpp + sox) |
dojops auto --allow-all-paths | Bypass DevOps file write allowlist |
dojops auto --skip-verify | Skip external config verification |
dojops auto --force | Skip safety checks (git dirty, HIGH risk gates) |
dojops auto --commit | Auto-commit changes on success |
dojops auto --repair-attempts=N | Max self-repair attempts (default: 4) |
dojops auto --timeout=<ms> | Per-iteration timeout in milliseconds |
The autonomous agent reads files, makes targeted changes, runs commands, and verifies, all iteratively. It uses 7 tools: read_file, write_file, edit_file, run_command, run_skill, search_files, and done.
Background Runs
| Command | Description |
|---|---|
dojops runs list | List all background runs with status and duration |
dojops runs show <id> | Show full detail + output log for a run |
dojops runs clean | Remove completed runs older than 7 days |
Use dojops auto --background <prompt> to start a background agent run. The CLI returns immediately with a run ID. Check progress with dojops runs show <id>.
MCP (Model Context Protocol)
| Command | Description |
|---|---|
dojops mcp list | List configured MCP servers, test connections, show tools |
dojops mcp add | Add an MCP server interactively (stdio or streamable-http) |
dojops mcp remove | Remove an MCP server by name |
MCP servers extend the autonomous agent with external tools (databases, cloud APIs, GitHub, etc.). Configure in .dojops/mcp.json (project) or ~/.dojops/mcp.json (global). Tools appear as mcp__<server>__<tool> in dojops auto.
Interactive
| Command | Description |
|---|---|
dojops chat | Interactive multi-turn AI session |
dojops chat --session=NAME | Resume or create a named session |
dojops chat --resume | Resume the most recent session |
dojops chat --agent=NAME | Pin conversation to a specialist agent |
dojops chat --voice | Enable voice input mode (requires whisper.cpp + sox) |
dojops chat --message=TEXT | Send a single message and exit (scriptable, also -m) |
dojops chat export | Export all sessions as markdown |
dojops chat export <id> | Export a specific session |
dojops chat export --format=json | Export as JSON instead of markdown |
dojops chat export --output=FILE | Write export to a file instead of stdout |
Chat supports slash commands:
| Command | Description |
|---|---|
/help | Show available commands |
/exit | Save session and exit |
/agent <name> | Pin routing to a specialist agent (auto to unpin) |
/model | Switch LLM model (interactive picker) |
/provider [name] | Switch LLM provider mid-session |
/compress | Summarize conversation to free context window |
/sessions | List saved chat sessions |
/status | Show session status bar (agent, provider, turn count) |
/history | Show recent messages in this session |
/clear | Clear all messages (keeps session metadata) |
/save | Save the current session to disk |
/plan <goal> | Decompose a goal into a task plan |
/apply [plan-id] | Execute a saved plan |
/scan [type] | Run security/dependency scanners |
/auto <prompt> | Run autonomous agent (iterative tool-use) |
/checkpoint [name] | Create a git-based checkpoint of current state |
/restore <id> | Restore files from a checkpoint |
/rewind [n] | Undo last N conversation turns (--code to also revert files) |
/voice | Push-to-talk voice input (requires whisper.cpp + sox) |
!<command> | Run a shell command inline (e.g. !git status) |
@path/to/file | Inject file contents inline as context |
Agents & Skills
| Command | Description |
|---|---|
dojops agents list | List all agents (built-in + custom) |
dojops agents info <name> | Show agent details (supports partial names) |
dojops agents create <desc> | Create a custom agent (LLM-generated) |
dojops agents create --manual | Create a custom agent interactively |
dojops agents remove <name> | Remove a custom agent |
dojops skills list | List discovered custom skills (global + project) |
dojops skills validate <path> | Validate a custom skill manifest |
dojops skills init <name> | Scaffold a v2 .dops skill (with optional AI generation) |
dojops skills publish <file> | Publish a .dops skill to the DojOps Hub |
dojops skills install <name> | Install a .dops skill from the DojOps Hub |
dojops skills search <query> | Search the DojOps Hub for skills |
dojops skills dev <path.dops> | Validate a .dops file with live feedback |
dojops skills dev --watch | Watch mode, re-validate on file changes |
dojops toolchain list | List system toolchain binaries with install status |
dojops toolchain install <name> | Download binary into toolchain (~/.dojops/toolchain/) |
dojops toolchain remove <name> | Remove a toolchain binary |
dojops toolchain clean | Remove all toolchain binaries |
dojops inspect [<target>] | Inspect config and/or session state (default: both) |
dojops verify | Verify audit log hash chain integrity (standalone) |
History & Audit
| Command | Description |
|---|---|
dojops history list | View execution history |
dojops history show <plan-id> | Show plan details and per-task results |
dojops history verify | Verify audit log hash chain integrity |
dojops history audit | List audit log entries |
dojops history repair | Repair broken audit log hash chain |
dojops destroy <plan-id> | Remove generated artifacts from a plan |
dojops rollback <plan-id> | Reverse an applied plan (delete created files + restore .bak backups) |
Provider Management
| Command | Description |
|---|---|
dojops provider | List all providers with status (alias: list) |
dojops provider add <name> [--token KEY] | Add/configure a provider token |
dojops provider remove <name> | Remove a provider token |
dojops provider default <name> | Set the default provider |
dojops provider switch | Interactive picker to switch default provider |
dojops provider --as-default <name> | Set default provider (shortcut) |
dojops provider list --output json | List providers as JSON |
Configuration & Server
| Command | Description |
|---|---|
dojops config | Configure provider, model, tokens (interactive) |
dojops config show | Display current configuration |
dojops config profile create NAME | Save current config as a named profile |
dojops config profile use NAME | Switch to a named profile |
dojops config profile list | List all profiles |
dojops config get <key> | Get a specific config value (tokens are masked) |
dojops config set <key> <value> | Set a config value (supports dot notation, e.g. tokens.openai) |
dojops config delete <key> | Delete a config key |
dojops config validate | Validate config values and file permissions |
dojops config backup | Save current config as a timestamped backup |
dojops config restore [file] | Restore config from a backup |
dojops config apply <file> | Import config from a YAML or JSON file |
dojops config export <file> | Export current config to a file |
dojops auth login | Authenticate with LLM provider |
dojops auth status | Show saved tokens and default provider |
dojops serve [--port=N] | Start API server + web dashboard |
dojops serve --no-auth | Start server without API key authentication (local dev only) |
dojops serve --tls-cert=PATH --tls-key=PATH | Enable HTTPS/TLS on the API server |
dojops serve credentials | Generate API key for dashboard/API authentication |
dojops init | Initialize .dojops/ + full repo scan (11 CI, IaC, scripts, security) |
dojops status | System health diagnostics + project metrics (alias: doctor, --fix to auto-repair) |
dojops upgrade | Check for and install CLI updates (--check for check-only) |
Observability & Memory
| Command | Description |
|---|---|
dojops tokens | Show LLM token usage analytics (per provider, daily, total) |
dojops insights [category] | Surface actionable insights from project history |
dojops insights --all | Show all insights (default: top 10) |
dojops memory list | List persistent project notes (--category to filter) |
dojops memory add <text> | Add a project note (--category, --keywords) |
dojops memory remove <id> | Remove a note by ID (alias: rm) |
dojops memory clear | Delete all notes |
dojops memory search <query> | Search notes by keyword |
dojops memory auto [on|off] | Toggle auto-enrichment from agent runs |
dojops memory errors | List learned error patterns with occurrence counts |
dojops learn summary | Overview of executions, errors, and recent activity |
dojops learn patterns | Execution frequency by command type with success rates |
dojops learn rules | List learned error patterns with resolution status |
dojops learn resolve <id> | Mark an error pattern as resolved with a note |
dojops learn dismiss <id> | Delete an error pattern |
Scheduled Jobs
| Command | Description |
|---|---|
dojops cron | Show cron usage |
dojops cron add "<schedule>" <command> | Add a scheduled DojOps job (cron expression + args) |
dojops cron list | List all scheduled jobs |
dojops cron remove <job-id> | Remove a scheduled job |
Checkpoints
| Command | Description |
|---|---|
dojops checkpoint create [name] | Create a git-based snapshot of current working tree |
dojops checkpoint list | List all checkpoints with timestamps and files |
dojops checkpoint restore <id> | Restore files from a checkpoint by ID or name |
dojops checkpoint clean | Remove all checkpoint metadata |
Checkpoints use git stash create under the hood — they snapshot dirty state without modifying the working tree or stash list. Metadata is stored in .dojops/checkpoints/. The autonomous agent creates a checkpoint automatically before its first file write, so you can always roll back.
Review
| Command | Description |
|---|---|
dojops review [files...] | DevSecOps review of config files with tool-backed validation |
dojops review --fix | Generate and apply LLM-powered fixes for findings |
dojops review --auto-fix | Auto-apply fixes without confirmation |
dojops review --context7 | Enable Context7 documentation integration during review |
dojops review --no-auto-discover | Only review explicitly listed files (skip auto-detection) |
dojops review --output json | Machine-readable output (useful for CI) |
Review runs external validators (actionlint, hadolint, shellcheck) against detected DevOps files, then asks the LLM to analyze findings and suggest fixes. Without arguments, it auto-discovers config files in the project.
Trust
| Command | Description |
|---|---|
dojops trust | Mark current workspace configs as trusted |
dojops trust list | List all trusted folders with content hashes |
dojops untrust | Remove trust for the current workspace |
When a project contains custom agents (.dojops/agents/), MCP servers (.dojops/mcp.json), or custom skills (.dojops/skills/), DojOps prompts you to trust the folder before loading them. Trust decisions are stored in ~/.dojops/trusted-folders.json with a SHA-256 content hash. If configs change, you’ll be re-prompted.
Secrets
| Command | Description |
|---|---|
dojops secrets list | List stored secret names with encryption status |
dojops secrets set <name> <val> | Store a secret (AES-256-GCM encrypted) |
dojops secrets get <name> | Retrieve a secret (masked unless --raw) |
dojops secrets remove <name> | Delete a secret |
Secrets are encrypted with AES-256-GCM and stored in .dojops/secrets.json with restrictive file permissions (0600). Use this for API keys, tokens, and credentials that skills and agents reference at runtime.
Backup
| Command | Description |
|---|---|
dojops backup | Create a timestamped .tar.gz of .dojops/ with SHA-256 |
dojops backup --output DIR | Save the backup archive to a specific directory |
dojops backup list | List existing backup archives in the project root |
dojops backup restore <archive> | Extract a backup into .dojops/ |
dojops backup restore <archive> --verify | Verify SHA-256 checksum before restoring |
Backs up the entire .dojops/ directory — config, memory database, secrets vault, checkpoints, and custom skills. A .sha256 checksum file is written alongside each archive.
Infrastructure
| Command | Description |
|---|---|
dojops cost [--target DIR] | Estimate infrastructure costs via Infracost |
dojops drift [--target DIR] | Detect drift between IaC definitions and live state |
dojops drift --fix | Auto-apply fixes for detected drift |
dojops fix-deps | Auto-remediate dependency vulnerabilities |
cost requires Infracost installed (auto-installed via toolchain if missing). drift checks Terraform state and Kubernetes resources against their definitions.
Shell completion
| Command | Description |
|---|---|
dojops completion bash | Output bash completion script |
dojops completion zsh | Output zsh completion script |
dojops completion fish | Output fish completion script |
dojops completion install | Auto-install completion in your shell config |
# Quick setup (bash)
dojops completion bash >> ~/.bashrc && source ~/.bashrc
# Quick setup (zsh)
dojops completion zsh >> ~/.zshrc && source ~/.zshrc
# Or let DojOps do it
dojops completion installGlobal Options
| Option | Description |
|---|---|
--provider=NAME | LLM provider: openai, anthropic, ollama, deepseek, gemini, github-copilot |
--model=NAME | LLM model override |
--temperature=N | LLM temperature (0-2) for deterministic reproducibility |
--fallback-provider=NAME | Fallback LLM provider (used when primary fails) |
--profile=NAME | Use named config profile |
--skill=NAME | Force a specific skill for generate, plan, or apply (bypasses agent routing) |
--file, -f FILE | Read prompt from a file (.md, .txt); combinable with inline prompt |
--agent=NAME | Force a specific agent for generate (bypasses keyword routing) |
--timeout=MS | Global timeout in milliseconds |
--thinking=LEVEL | Reasoning effort: none, low, medium, high (provider support varies) |
--output=FORMAT | Output: table (default), json, yaml, stream-json |
--raw | Output raw LLM response text only (no formatting) |
--verbose | Verbose output |
--debug | Debug-level output with stack traces |
--quiet | Suppress non-essential output |
--no-color | Disable color output |
--non-interactive | Disable interactive prompts |
--yes | Auto-approve all confirmations (implies --non-interactive) |
--version, -V | Show version number |
--help, -h | Show help message |
Exit Codes
| Code | Meaning |
|---|---|
| 0 | Success |
| 1 | General error |
| 2 | Validation error |
| 3 | Approval required |
| 4 | Lock conflict (concurrent operation) |
| 5 | No .dojops/ project |
| 6 | HIGH security findings detected |
| 7 | CRITICAL security findings detected |
Lifecycle Hooks
DojOps supports lifecycle hooks, shell commands that run at specific events during CLI operations. Configure hooks in .dojops/hooks.json:
{
"hooks": {
"pre-generate": { "command": "echo 'Starting generation...'" },
"post-generate": { "command": "./scripts/lint-output.sh" },
"pre-plan": { "command": "git stash" },
"post-plan": [
{ "command": "echo 'Plan complete'" },
{ "command": "./notify.sh", "continueOnError": true }
],
"on-error": { "command": "./scripts/alert-failure.sh" }
}
}Hook Events
| Event | When it runs | Abort on failure |
|---|---|---|
pre-generate | Before LLM generation | Yes |
post-generate | After successful generation | No |
pre-plan | Before plan decomposition | Yes |
post-plan | After plan completion | No |
pre-execute | Before execution/apply | Yes |
post-execute | After execution completes | No |
pre-scan | Before security scanning | Yes |
post-scan | After scan completes | No |
on-error | When any operation fails | No |
Hook Environment Variables
Hooks receive context via environment variables:
| Variable | Description |
|---|---|
DOJOPS_HOOK_EVENT | The event name (e.g. pre-plan) |
DOJOPS_HOOK_ROOT | Project root directory |
DOJOPS_HOOK_AGENT | Active agent name (if applicable) |
DOJOPS_HOOK_OUTPUT | Output file path (if applicable) |
DOJOPS_HOOK_PROMPT | The user prompt (if applicable) |
DOJOPS_HOOK_ERROR | Error message (on-error only) |
Pre-hooks abort the operation on failure by default. Set "continueOnError": true to override. Post-hooks and on-error hooks continue by default.
Examples
Generating Configs
# Generate with automatic agent routing
dojops "Create a Terraform config for S3 with versioning"
dojops "Write a Kubernetes deployment for nginx with 3 replicas"
dojops "Set up monitoring with Prometheus and alerting rules"
dojops "Create a multi-stage Dockerfile for a Go application"
# Update existing configs (auto-detects existing files, creates .bak backup)
dojops "Add caching to the GitHub Actions workflow"
dojops "Add a Redis service to docker-compose"
dojops "Add an S3 bucket to the existing Terraform config"
# Override provider/model for a single command
dojops --provider=anthropic "Create a Helm chart for Redis"
dojops --model=gpt-4o "Design a VPC with public and private subnets"
# Force a specific skill (bypass agent routing)
dojops --skill=terraform "Create an S3 bucket with versioning"
dojops --skill=kubernetes "Create a deployment for nginx"File-Based Prompts
# Read prompt from a file
dojops --file requirements.md
dojops -f spec.txt
# Combine inline prompt with file content (inline provides context, file provides details)
dojops --file infrastructure-spec.md "Use Terraform with AWS"
dojops plan -f cicd-requirements.txt "Target GitHub Actions"Planning and Execution
# Decompose a complex goal into tasks
dojops plan "Set up CI/CD for a Node.js app with Docker and Kubernetes"
# Plan and execute immediately
dojops plan --execute --yes "Create CI pipeline for a Python project"
# Execute a saved plan
dojops apply
dojops apply --dry-run # preview only
dojops apply --skip-verify # skip external validation (on by default)
dojops apply --force # skip git dirty working tree check
dojops apply --allow-all-paths # bypass DevOps file write allowlist
dojops apply --resume --yes # resume failed tasks, auto-approve
dojops apply --replay # deterministic: temp=0, validate env match
dojops apply --replay --yes # force replay despite mismatches
# Force a specific skill for planning or execution
dojops --skill=terraform plan "Set up S3 with CloudFront"
dojops apply plan-abc --skill=terraform # only run terraform tasks from planDiagnostics
# Debug CI failures
dojops debug ci "ERROR: tsc failed with exit code 1..."
dojops debug ci "npm ERR! ERESOLVE unable to resolve dependency tree"
# Analyze infrastructure diffs (--file recommended for multiline)
dojops analyze diff --file plan.diff
terraform plan | dojops analyze diff
dojops explain lastDevOps Quality Check
# Analyze detected DevOps files for quality, security, and best practices
dojops check
# Machine-readable output
dojops check --output json
# Test provider connectivity
dojops check provider
dojops check provider --output jsonSecurity Scanning
# Full project scan
dojops scan
# Targeted scans
dojops scan --security # trivy + gitleaks
dojops scan --deps # npm-audit + pip-audit
dojops scan --iac # checkov + hadolint
dojops scan --sbom # generate SBOM with hash tracking
dojops scan --license # license compliance check
# Compare with previous scan
dojops scan --compare
# Auto-remediation
dojops scan --fix --yes
# Scan a different directory
dojops scan --target /path/to/project
# Fail CI on severity threshold
dojops scan --fail-on MEDIUMInteractive Chat
# Start a new session
dojops chat
# Named session with agent pinning
dojops chat --session=infra --agent=terraform
# Resume the most recent session
dojops chat --resume
# Single message (non-interactive, scriptable)
dojops chat --message "What tools are missing in this project?"
dojops chat -m "Explain the CI pipeline" --output jsonToolchain Management
# Check available toolchain binaries
dojops toolchain list
# Install external validators
dojops toolchain install terraform
dojops toolchain install kubectl
dojops toolchain install hadolint
# Cleanup
dojops toolchain cleanCustom Skill Management
# List discovered custom skills (global + project)
dojops skills list
# Scaffold a new .dops skill (uses AI when provider is configured)
dojops skills init my-skill
# Validate a custom skill
dojops skills validate my-skill
# Publish a skill to DojOps Hub (requires DOJOPS_HUB_TOKEN)
dojops skills publish my-skill.dops --changelog "Initial release"
# Install a skill from DojOps Hub
dojops skills install nginx-config
dojops skills install nginx-config --version 1.0.0 --global
# Search the DojOps Hub for skills
dojops skills search docker
dojops skills search terraform --limit 5
dojops skills search k8s --output jsonHub Publishing Setup
Publishing skills to the DojOps Hub requires an API token:
# 1. Sign in at hub.dojops.ai → Settings → API Tokens
# 2. Generate a token (format: dojops_<40-hex-chars>)
# 3. Set the environment variable:
export DOJOPS_HUB_TOKEN="dojops_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2"
# Publish a skill
dojops skills publish my-skill.dops
# Publish with changelog
dojops skills publish my-skill.dops --changelog "v1.1.0: Added Redis support"
# Install from hub (no token required)
dojops skills install my-skill
dojops skills install my-skill --version 1.0.0 --globalThe CLI sends the token as a Bearer header. Tokens can be managed (created, viewed, revoked) from the Hub Settings page at /settings/tokens. See DevOps Skills, Hub Integration for the full publish/install flow.
Provider Management
# List all providers with status
dojops provider
dojops provider list --output json
# Add providers
dojops provider add openai --token sk-...
dojops provider add anthropic --token sk-ant-...
# Switch default provider
dojops provider switch # interactive picker
dojops provider default anthropic # direct
dojops provider --as-default openai # shortcut flag
# Remove a provider
dojops provider remove deepseekAdministration
# System diagnostics
dojops doctor
# Browse agents (partial names supported: terraform, docker, security, etc.)
dojops agents list
dojops agents info terraform # matches terraform-specialist
dojops agents info security # matches security-auditor
# Create custom agents
dojops agents create "an SRE specialist for incident response"
dojops agents create --manual
dojops agents remove sre-specialist
# Audit trail
dojops history list
dojops history show plan-abc123
dojops history verify
# Start dashboard
dojops serve --port=8080
# Generate API credentials and start with auth
dojops serve credentials # generates key, saves to ~/.dojops/server.json
dojops serve # auto-loads key from server.json
# Start without authentication (local development only)
dojops serve --no-auth
# Enable HTTPS/TLS
dojops serve --tls-cert=cert.pem --tls-key=key.pem
# Configuration profiles
dojops config profile create staging
dojops config profile use staging
dojops config profile list
# Check for updates
dojops upgrade --check
# Upgrade to latest version
dojops upgrade
# Upgrade without confirmation
dojops upgrade --yesConfig Management
dojops config get defaultProvider # Read a value
dojops config set defaultProvider ollama # Set a value
dojops config set tokens.openai sk-xxx # Set nested value
dojops config delete tokens.deepseek # Remove a key
dojops config validate # Check config health
# Backup and restore
dojops config backup # Save timestamped backup
dojops config restore # Interactive picker
dojops config export config.yaml # Export to YAML
dojops config apply config.yaml # Import from YAML/JSONObservability & Memory
# Token usage analytics
dojops tokens
dojops tokens --output json
# Opportunity detection
dojops insights # Top 10 insights
dojops insights --all # Show everything
dojops insights security # Filter by category
# Project memory
dojops memory add "Always use t3.medium for staging"
dojops memory add "Terraform state in S3" --category=convention --keywords=terraform,s3
dojops memory list
dojops memory search terraform
dojops memory remove 3
dojops memory clear # Delete all notes
# Auto-enrichment (memory from dojops auto runs)
dojops memory auto # Check status
dojops memory auto on # Enable
dojops memory auto off # Disable
# Learned error patterns
dojops memory errors
# Pattern analysis (learn from execution history)
dojops learn summary # Quick overview
dojops learn patterns # Usage by command type
dojops learn rules --type generate # Error patterns for generate
dojops learn resolve 5 "Fixed by pinning to gpt-4o"
dojops learn dismiss 3 # Remove an error patternScheduled Jobs
dojops cron add "0 2 * * *" plan "backup terraform" # Schedule nightly plan
dojops cron add "*/30 * * * *" scan --security # Scan every 30 min
dojops cron list # View all jobs
dojops cron remove job-abc123 # Remove a jobCheckpoints & Trust
# Snapshot current state before risky changes
dojops checkpoint create before-refactor
# List checkpoints
dojops checkpoint list
# Restore a checkpoint
dojops checkpoint restore before-refactor
# Remove all checkpoints
dojops checkpoint clean
# Trust workspace configs (agents, MCP servers, skills)
dojops trust
dojops trust list
# Remove trust
dojops untrustSecrets
# Store API keys and tokens (AES-256-GCM encrypted)
dojops secrets set ANTHROPIC_API_KEY sk-ant-...
dojops secrets set AWS_ACCESS_KEY_ID AKIA...
# List stored secrets
dojops secrets list
# Retrieve (masked by default)
dojops secrets get ANTHROPIC_API_KEY
dojops secrets get ANTHROPIC_API_KEY --raw # Full value
# Remove
dojops secrets remove AWS_ACCESS_KEY_IDBackup
# Create a backup of .dojops/
dojops backup
dojops backup --output ~/backups
# List existing backups
dojops backup list
# Restore from a backup
dojops backup restore dojops-backup-2026-03-22.tar.gz
dojops backup restore dojops-backup-2026-03-22.tar.gz --verifyReview
# Review all detected DevOps files
dojops review
# Review specific files
dojops review Dockerfile .github/workflows/ci.yml
# Review and auto-fix
dojops review --fix --yes
# JSON output for CI pipelines
dojops review --output json --non-interactiveInfrastructure
# Estimate costs for Terraform configs
dojops cost
dojops cost --target ./infra/
# Detect drift between IaC and live state
dojops drift
dojops drift --target ./terraform/
# Auto-fix detected drift
dojops drift --fix
# Auto-remediate vulnerable dependencies
dojops fix-depsShell Completion
# Generate and install completion
dojops completion install
# Or generate manually
dojops completion bash >> ~/.bashrc
dojops completion zsh >> ~/.zshrcSkill Development
dojops skills dev my-tool.dops # Validate a skill
dojops skills dev my-tool.dops --watch # Watch modeChat Export
dojops chat export # Export all sessions as markdown
dojops chat export session-123 # Export specific session
dojops chat export --format=json # Export as JSON
dojops chat export --output=chat.md # Save to file