Skip to main content

Command reference

Every command accepts the global --url and --token flags (see the overview).

Setup and status

perma init # scaffold ~/.permaura config
perma serve # run a local gateway (in-memory demo)
perma status # gateway health, versions and counts

Agents

perma agent add "Codex CLI" # register an agent; prints its id

Grants

Bind allow/deny rules for a connection (resource) to an agent:

perma grant --agent codex-cli --resource db1 \
--allow uptime --allow sftp.get \
--deny sftp.put \
--max-calls 100

Secrets (vault)

Values are read from an environment variable or stdin, never an argument, and are never echoed back:

perma vault add sec_api --env-var MY_API_KEY
perma vault list # ids only, never values

Approvals and audit

perma pending # calls held for a human decision
perma approve appr_abc # run a held call, return the redacted result
perma deny appr_abc # reject a held call; nothing runs
perma audit --limit 50 # the hash-chained, signed audit log

Policy

Evaluate a decision locally, without touching a gateway:

perma policy test --capability transactions.refund --action refund \
--resource braintree_prod --risk critical

Connections

List configured connections, or add an SSH host (see Connecting via SSH for the full guide):

perma connection list

perma connection add-ssh db1 \
--host db1.example.com --user deploy \
--host-key-sha256 "SHA256:9Ije…" \
--key-file ~/.ssh/db1_ed25519 \
--sftp-root /var/data \
--exec 'uptime:uptime' \
--exec 'restart:systemctl,restart,{service}' --require-approval \
--agent codex-cli

connection add-ssh flags

FlagMeaning
<id>connection id; capabilities are namespaced under it (db1.uptime)
--host, --port, --userthe SSH target, pinned server-side (default port 22)
--host-key-sha256 <fp>expected host-key fingerprint; required unless --insecure
--insecureskip host-key verification (local/dev only)
--key-file <path>unencrypted private key to seal (public-key auth)
--password-env <VAR>use password auth, reading the password from that env var
--sftp-root <path>expose path-scoped sftp.get/put/list under this root
--exec 'action:prog,arg,{ph}'an allow-listed exec command (repeatable); {ph} args become placeholders
--agent <id>also allow the declared actions and grant them to this agent
--require-approvalmark the exec commands as needing human approval