From 62450af124d268c76a619716381174f88f70d6f1 Mon Sep 17 00:00:00 2001 From: jarugupj <121142710+jarugupj@users.noreply.github.com> Date: Wed, 3 Jun 2026 15:16:39 +0000 Subject: [PATCH 1/3] Expand CLI reference and group it like the MCP docs Adds dedicated reference pages for commands that were undocumented or buried inside the browsers page, and regroups the CLI tab to mirror the MCP tab (Getting Started + Commands). - New pages: proxies, browser-pools, profiles, auth-connections, status, upgrade - Move proxies/browser-pools/profiles out of the browsers page into their own pages - Fix the Homebrew install command to use the current tap (kernel/tap/kernel) - Refresh the create template list to match the latest CLI Command surface and flags pinned to CLI v0.19.3. Co-Authored-By: Claude Opus 4.7 --- docs.json | 36 +++++-- reference/cli.mdx | 11 ++- reference/cli/auth-connections.mdx | 91 +++++++++++++++++ reference/cli/browser-pools.mdx | 93 ++++++++++++++++++ reference/cli/browsers.mdx | 153 ----------------------------- reference/cli/create.mdx | 29 +++--- reference/cli/profiles.mdx | 48 +++++++++ reference/cli/proxies.mdx | 66 +++++++++++++ reference/cli/status.mdx | 14 +++ reference/cli/upgrade.mdx | 18 ++++ 10 files changed, 384 insertions(+), 175 deletions(-) create mode 100644 reference/cli/auth-connections.mdx create mode 100644 reference/cli/browser-pools.mdx create mode 100644 reference/cli/profiles.mdx create mode 100644 reference/cli/proxies.mdx create mode 100644 reference/cli/status.mdx create mode 100644 reference/cli/upgrade.mdx diff --git a/docs.json b/docs.json index 8e839d8..8cc037a 100644 --- a/docs.json +++ b/docs.json @@ -259,16 +259,32 @@ }, { "tab": "CLI", - "pages": [ - "reference/cli", - "reference/cli/create", - "reference/cli/auth", - "reference/cli/browsers", - "reference/cli/apps", - "reference/cli/projects", - "reference/cli/api-keys", - "reference/cli/mcp", - "reference/cli/extensions" + "groups": [ + { + "group": "Getting Started", + "pages": [ + "reference/cli", + "reference/cli/create", + "reference/cli/auth" + ] + }, + { + "group": "Commands", + "pages": [ + "reference/cli/apps", + "reference/cli/browsers", + "reference/cli/browser-pools", + "reference/cli/profiles", + "reference/cli/proxies", + "reference/cli/extensions", + "reference/cli/auth-connections", + "reference/cli/projects", + "reference/cli/api-keys", + "reference/cli/status", + "reference/cli/upgrade", + "reference/cli/mcp" + ] + } ] }, { diff --git a/reference/cli.mdx b/reference/cli.mdx index edcb503..dacbc1e 100644 --- a/reference/cli.mdx +++ b/reference/cli.mdx @@ -8,7 +8,7 @@ The Kernel CLI helps you access and manage your Kernel resources. ```bash # Using brew -brew install onkernel/tap/kernel +brew install kernel/tap/kernel # Using pnpm pnpm install -g @onkernel/cli @@ -34,6 +34,15 @@ kernel --version Create, view, and manage Kernel browsers. + + Pre-warm and reuse pools of browsers. + + + Persist and reuse browser profiles. + + + Create and manage proxy configurations. + Deploy apps, invoke actions, and stream logs. diff --git a/reference/cli/auth-connections.mdx b/reference/cli/auth-connections.mdx new file mode 100644 index 0000000..0ffb3b6 --- /dev/null +++ b/reference/cli/auth-connections.mdx @@ -0,0 +1,91 @@ +--- +title: "Auth Connections" +--- + +Manage [managed auth](/auth/configuration) connections that keep browser profiles logged into a domain. A connection drives a login flow once, then keeps the profile's session healthy over time. + +## `kernel auth connections list` +List managed auth connections. + +| Flag | Description | +|------|-------------| +| `--domain ` | Filter by domain. | +| `--profile-name ` | Filter by profile name. | +| `--limit ` | Maximum number of results to return. | +| `--offset ` | Number of results to skip. | +| `--output json`, `-o json` | Output raw JSON array. | + +## `kernel auth connections get ` +Get a managed auth connection by ID. + +| Flag | Description | +|------|-------------| +| `--output json`, `-o json` | Output raw JSON object. | + +## `kernel auth connections create` +Create a managed auth connection for a profile and domain. + +| Flag | Description | +|------|-------------| +| `--profile-name ` | Name of the profile to manage. Required. | +| `--domain ` | Target domain for authentication. Required. | +| `--login-url ` | Optional login page URL to skip discovery. | +| `--allowed-domain ` | Additional allowed domains (repeatable). | +| `--health-check-interval ` | Interval between health checks (`300`–`86400`). | +| `--proxy-id ` | Proxy ID to use. | +| `--proxy-name ` | Proxy name to use. | +| `--no-save-credentials` | Don't save credentials after a successful login. | +| `--output json`, `-o json` | Output raw JSON object. | + +```bash +kernel auth connections create --profile-name my-profile --domain example.com +``` + +## `kernel auth connections update ` +Update a managed auth connection. + +| Flag | Description | +|------|-------------| +| `--allowed-domain ` | Additional allowed domains (replaces existing list). | +| `--login-url ` | Login page URL (set to empty string to clear). | +| `--health-check-interval ` | Interval between health checks. | +| `--proxy-id ` | Proxy ID to use. | +| `--proxy-name ` | Proxy name to use. | +| `--save-credentials` | Enable saving credentials after a successful login. | +| `--no-save-credentials` | Disable saving credentials after a successful login. | +| `--output json`, `-o json` | Output raw JSON object. | + +## `kernel auth connections login ` +Start a login flow for a connection. + +| Flag | Description | +|------|-------------| +| `--proxy-id ` | Proxy ID to use for this login. | +| `--proxy-name ` | Proxy name to use for this login. | +| `--output json`, `-o json` | Output raw JSON object. | + +## `kernel auth connections submit ` +Submit field values to an in-progress login flow. + +| Flag | Description | +|------|-------------| +| `--field ` | Field name/value pair (repeatable). | +| `--mfa-option-id ` | MFA option ID if the user selected an MFA method. | +| `--sign-in-option-id ` | Sign-in option ID if the flow returned non-MFA choices. | +| `--sso-provider ` | SSO provider if the user chose an SSO button (e.g. `google`, `github`). | +| `--sso-button-selector ` | XPath selector if the user chose an SSO button. | +| `--output json`, `-o json` | Output raw JSON object. | + +## `kernel auth connections follow ` +Follow login flow events for a connection. + +| Flag | Description | +|------|-------------| +| `--output json`, `-o json` | Output raw JSON object. | + +## `kernel auth connections delete ` +Delete a managed auth connection. + +| Flag | Description | +|------|-------------| +| `--yes`, `-y` | Skip confirmation prompt. | diff --git a/reference/cli/browser-pools.mdx b/reference/cli/browser-pools.mdx new file mode 100644 index 0000000..d1b3b1d --- /dev/null +++ b/reference/cli/browser-pools.mdx @@ -0,0 +1,93 @@ +--- +title: "Browser Pools" +--- + +Manage pools of pre-warmed browsers for high-concurrency workloads. For background and scaling guidance, see [Browser Pools](/browsers/pools/overview). + +## `kernel browser-pools list` +List all browser pools. + +| Flag | Description | +|------|-------------| +| `--output json`, `-o json` | Output raw JSON array. | + +## `kernel browser-pools get ` +Get details of a browser pool. + +| Flag | Description | +|------|-------------| +| `--output json`, `-o json` | Output raw JSON object. | + +## `kernel browser-pools create [name]` +Create a new browser pool. + +| Flag | Description | +|------|-------------| +| `--name ` | Optional unique name for the pool. | +| `--size ` | Number of browsers in the pool. | +| `--fill-rate ` | Fill rate per minute. | +| `--timeout ` | Idle timeout in seconds. | +| `--start-url ` | Initial page to open for new browsers. | +| `--profile-id ` | Profile ID to load into pool browsers. | +| `--profile-name ` | Profile name to load into pool browsers. | +| `--save-changes` | Save changes back to the profile when sessions end. | +| `--proxy-id ` | Proxy ID to use for pool browsers. | +| `--extension ` | Extension IDs or names to load (repeatable). | +| `--viewport ` | Viewport size (e.g. `1280x800`). | +| `--headless` | Enable headless mode. | +| `--stealth` | Enable stealth mode. | +| `--kiosk` | Enable kiosk mode. | +| `--output json`, `-o json` | Output raw JSON object. | + +```bash +kernel browser-pools create my-pool --size 10 --fill-rate 5 --stealth +``` + +## `kernel browser-pools update ` +Update a browser pool's configuration. + +| Flag | Description | +|------|-------------| +| `--name ` | Update the pool name. | +| `--size ` | Updated pool size. | +| `--fill-rate ` | Fill rate per minute. | +| `--timeout ` | Idle timeout in seconds. | +| `--start-url ` | Initial page to open for new browsers. | +| `--clear-start-url` | Clear the pool start URL. | +| `--discard-all-idle` | Discard all idle browsers. | +| `--profile-id ` | Profile ID to load into pool browsers. | +| `--profile-name ` | Profile name to load into pool browsers. | +| `--save-changes` | Save changes back to the profile when sessions end. | +| `--proxy-id ` | Proxy ID to use for pool browsers. | +| `--extension ` | Extension IDs or names to load (repeatable). | +| `--viewport ` | Viewport size (e.g. `1280x800`). | +| `--headless` | Enable headless mode. | +| `--stealth` | Enable stealth mode. | +| `--kiosk` | Enable kiosk mode. | +| `--output json`, `-o json` | Output raw JSON object. | + +## `kernel browser-pools acquire ` +Acquire a browser from the pool. + +| Flag | Description | +|------|-------------| +| `--timeout ` | Acquire timeout in seconds. | +| `--output json`, `-o json` | Output raw JSON object. | + +## `kernel browser-pools release ` +Release a browser back to the pool. + +| Flag | Description | +|------|-------------| +| `--session-id ` | Browser session ID to release. | +| `--reuse` | Reuse the browser instance (default: `true`). | + +## `kernel browser-pools delete ` +Delete a browser pool. + +| Flag | Description | +|------|-------------| +| `--force` | Force delete even if browsers are leased. | + +## `kernel browser-pools flush ` +Flush idle browsers from the pool. diff --git a/reference/cli/browsers.mdx b/reference/cli/browsers.mdx index 0b7586e..3c0eba8 100644 --- a/reference/cli/browsers.mdx +++ b/reference/cli/browsers.mdx @@ -367,156 +367,3 @@ Delete an uploaded extension. ### `kernel browsers extensions upload ...` Upload one or more unpacked Chrome extensions directly into a running browser session. - -## Proxy management - -### `kernel proxies list` -List available proxy configurations. - -| Flag | Description | -|------|-------------| -| `--output json`, `-o json` | Output raw JSON array. | - -### `kernel proxies get ` -Show details for a proxy configuration. - -| Flag | Description | -|------|-------------| -| `--output json`, `-o json` | Output raw JSON object. | - -### `kernel proxies create` -Create a new proxy configuration. - -| Flag | Description | -|------|-------------| -| `--name ` | Proxy configuration name. | -| `--type ` | `datacenter`, `isp`, `residential`, `mobile`, or `custom` (required). | -| `--protocol ` | Protocol to use (`http` or `https`; default: `https`). | -| `--country ` | ISO 3166 country code or `EU`. | -| `--city ` | City (residential, mobile; requires `--country`). | -| `--state ` | State/region code (residential, mobile). | -| `--zip ` | ZIP/postal code (residential, mobile). | -| `--asn ` | Autonomous system number (residential, mobile). | -| `--os ` | Operating system (`windows`, `macos`, `android`; residential). | -| `--carrier ` | Mobile carrier (mobile). | -| `--host ` | Proxy host (custom; required). | -| `--port ` | Proxy port (custom; required). | -| `--username ` | Proxy username (custom). | -| `--password ` | Proxy password (custom). | -| `--bypass-host ` | Hostname to bypass proxy (repeatable; max 100). | -| `--output json`, `-o json` | Output raw JSON object. | - -### `kernel proxies delete ` -Delete a proxy configuration. - -| Flag | Description | -|------|-------------| -| `--yes`, `-y` | Skip confirmation. | - -## Browser pools - -For more details on browser pools, see [Browser Pools](/browsers/pools/overview). - -### `kernel browser-pools list` -List all browser pools. - -| Flag | Description | -|------|-------------| -| `--output json`, `-o json` | Output raw JSON array. | - -### `kernel browser-pools create` -Create a new browser pool. - -| Flag | Description | -|------|-------------| -| `--name ` | Optional unique name for the pool. | -| `--size ` | Number of browsers in the pool (required). | -| `--fill-rate ` | Percentage of the pool to fill per minute. | -| `--timeout ` | Idle timeout for browsers acquired from the pool. | -| `--start-url ` | Initial page to open for new browsers. | -| `--output json`, `-o json` | Output raw JSON object. | - -### `kernel browser-pools get ` -Get pool details. - -| Flag | Description | -|------|-------------| -| `--output json`, `-o json` | Output raw JSON object. | - -### `kernel browser-pools update ` -Update pool configuration. - -| Flag | Description | -|------|-------------| -| `--size ` | Updated pool size. | -| `--start-url ` | Initial page to open for new browsers. | -| `--clear-start-url` | Clear the pool start URL. | -| `--discard-all-idle` | Discard all idle browsers and refill. | -| `--output json`, `-o json` | Output raw JSON object. | - -### `kernel browser-pools acquire ` -Acquire a browser from the pool. - -| Flag | Description | -|------|-------------| -| `--timeout ` | Acquire timeout before returning 204. | -| `--output json`, `-o json` | Output raw JSON object. | - -### `kernel browser-pools release ` -Release a browser back to the pool. - -| Flag | Description | -|------|-------------| -| `--session-id ` | Browser session ID to release (required). | -| `--reuse` | Reuse the browser instance (default: true). | - -### `kernel browser-pools delete ` -Delete a pool. - -| Flag | Description | -|------|-------------| -| `--force` | Force delete even if browsers are leased. | - -### `kernel browser-pools flush ` -Destroy all idle browsers in the pool. - -## Profiles - -For more details on browser profiles, see [Profiles](/auth/profiles). - -### `kernel profiles list` -List all browser profiles. - -| Flag | Description | -|------|-------------| -| `--output json`, `-o json` | Output raw JSON array. | - -### `kernel profiles get ` -Get profile details. - -| Flag | Description | -|------|-------------| -| `--output json`, `-o json` | Output raw JSON object. | - -### `kernel profiles create` -Create a new browser profile. - -| Flag | Description | -|------|-------------| -| `--name ` | Optional unique name for the profile. | -| `--output json`, `-o json` | Output raw JSON object. | - -### `kernel profiles download ` -Download a profile as a ZIP archive. - -| Flag | Description | -|------|-------------| -| `--to ` | Output zip file path. Required. | -| `--pretty` | Pretty-print JSON to file. | - -### `kernel profiles delete ` -Delete a profile by ID or name. - -| Flag | Description | -|------|-------------| -| `--yes`, `-y` | Skip confirmation prompt. | diff --git a/reference/cli/create.mdx b/reference/cli/create.mdx index 4483aa7..32ffd15 100644 --- a/reference/cli/create.mdx +++ b/reference/cli/create.mdx @@ -16,21 +16,28 @@ Create a new Kernel application from a template. The CLI provides an interactive ## Available templates ### TypeScript templates -- **`sample-app`** — Basic template with Playwright integration for page title extraction +- **`sample-app`** — Basic Kernel app with Playwright integration - **`captcha-solver`** — Demo of Kernel's auto-CAPTCHA solving capability -- **`anthropic-computer-use`** — Anthropic Computer Use API sample implementation -- **`openai-computer-use`** — OpenAI Computer Using Agent (CUA) sample implementation -- **`gemini-computer-use`** — Google Gemini CUA sample implementation -- **`stagehand`** — Returns the first result of a specified Google search -- **`magnitude`** — [Magnitude framework](https://github.com/magnitude-labs/magnitude) integration +- **`anthropic-computer-use`** — Anthropic computer use agent +- **`openai-computer-use`** — OpenAI Computer Using Agent (CUA) +- **`gemini-computer-use`** — Google Gemini computer use agent +- **`claude-agent-sdk`** — Claude Agent SDK browser automation agent +- **`stagehand`** — [Stagehand](https://github.com/browserbase/stagehand) v3 SDK integration +- **`magnitude`** — [Magnitude](https://github.com/magnitude-labs/magnitude) SDK integration +- **`tzafon`** — Tzafon Northstar CUA Fast computer use agent +- **`yutori`** — Yutori n1.5 computer use agent ### Python templates -- **`sample-app`** — Basic template with Playwright integration for page title extraction +- **`sample-app`** — Basic Kernel app with Playwright integration - **`captcha-solver`** — Demo of Kernel's auto-CAPTCHA solving capability -- **`openagi-computer-use`** — OpenAGI's Lux Computer Use API sample implementation -- **`anthropic-computer-use`** — Anthropic Computer Use API sample implementation -- **`openai-computer-use`** — OpenAI Computer Using Agent (CUA) sample implementation -- **`browser-use`** — Integrates the Browser Use for AI-powered web automation +- **`anthropic-computer-use`** — Anthropic computer use agent +- **`openai-computer-use`** — OpenAI Computer Using Agent (CUA) +- **`gemini-computer-use`** — Google Gemini computer use agent +- **`claude-agent-sdk`** — Claude Agent SDK browser automation agent +- **`openagi-computer-use`** — OpenAGI computer use agent +- **`browser-use`** — [Browser Use](https://github.com/browser-use/browser-use) SDK integration +- **`tzafon`** — Tzafon Northstar CUA Fast computer use agent +- **`yutori`** — Yutori n1.5 computer use agent ## Examples diff --git a/reference/cli/profiles.mdx b/reference/cli/profiles.mdx new file mode 100644 index 0000000..d75758c --- /dev/null +++ b/reference/cli/profiles.mdx @@ -0,0 +1,48 @@ +--- +title: "Profiles" +--- + +Manage browser profiles that persist cookies, local storage, and other browser state across sessions. For background, see [Profiles](/auth/profiles). + +## `kernel profiles list` +List all browser profiles. + +| Flag | Description | +|------|-------------| +| `--query ` | Search profiles by name or ID. | +| `--page ` | Page number, 1-based (default: `1`). | +| `--per-page ` | Items per page (default: `20`). | +| `--output json`, `-o json` | Output raw JSON array. | + +## `kernel profiles get ` +Get details for a profile by ID or name. + +| Flag | Description | +|------|-------------| +| `--output json`, `-o json` | Output raw JSON object. | + +## `kernel profiles create` +Create a new browser profile. + +| Flag | Description | +|------|-------------| +| `--name ` | Optional unique profile name. | +| `--output json`, `-o json` | Output raw JSON object. | + +## `kernel profiles download ` +Download a profile and extract its user-data archive into the directory given by `--to`. The directory is created if it doesn't exist. + +| Flag | Description | +|------|-------------| +| `--to ` | Directory to extract the profile into. Required. | + +```bash +kernel profiles download my-profile --to ./profile-data +``` + +## `kernel profiles delete ` +Delete a profile by ID or name. + +| Flag | Description | +|------|-------------| +| `--yes`, `-y` | Skip confirmation prompt. | diff --git a/reference/cli/proxies.mdx b/reference/cli/proxies.mdx new file mode 100644 index 0000000..7cc8214 --- /dev/null +++ b/reference/cli/proxies.mdx @@ -0,0 +1,66 @@ +--- +title: "Proxies" +--- + +Manage proxy configurations for routing browser traffic. For background on proxy types and when to use each, see [Proxies](/proxies/overview). + +## `kernel proxies list` +List available proxy configurations. + +| Flag | Description | +|------|-------------| +| `--output json`, `-o json` | Output raw JSON array. | + +## `kernel proxies get ` +Show details for a proxy configuration. + +| Flag | Description | +|------|-------------| +| `--output json`, `-o json` | Output raw JSON object. | + +## `kernel proxies create` +Create a new proxy configuration. Proxy quality for bot detection avoidance, best to worst: mobile > residential > ISP > datacenter. + +| Flag | Description | +|------|-------------| +| `--type ` | `datacenter`, `isp`, `residential`, `mobile`, or `custom`. Required. | +| `--name ` | Proxy configuration name. | +| `--protocol ` | Protocol to use (`http` or `https`; default: `https`). | +| `--country ` | ISO 3166 country code or `EU`. | +| `--city ` | City name without spaces (e.g. `sanfrancisco`). Requires `--country`. | +| `--state ` | Two-letter state code. | +| `--zip ` | US ZIP code. | +| `--asn ` | Autonomous system number (e.g. `AS15169`). | +| `--os ` | Operating system (`windows`, `macos`, `android`). | +| `--carrier ` | Mobile carrier. | +| `--host ` | Proxy host address or IP (`custom` type). | +| `--port ` | Proxy port (`custom` type). | +| `--username ` | Username for proxy authentication (`custom` type). | +| `--password ` | Password for proxy authentication (`custom` type). | +| `--bypass-host ` | Hostname(s) to bypass the proxy and connect directly (repeatable or comma-separated). | +| `--output json`, `-o json` | Output raw JSON object. | + +```bash +# Datacenter proxy in the US +kernel proxies create --type datacenter --country US --name "US Datacenter" + +# Custom proxy server +kernel proxies create --type custom --host proxy.example.com --port 8080 --username myuser --password mypass + +# Residential proxy with location +kernel proxies create --type residential --country US --city sanfrancisco --state CA +``` + +## `kernel proxies check ` +Run a health check on a proxy to verify it's working and update its status. + +| Flag | Description | +|------|-------------| +| `--output json`, `-o json` | Output raw JSON object. | + +## `kernel proxies delete ` +Delete a proxy configuration. + +| Flag | Description | +|------|-------------| +| `--yes`, `-y` | Skip confirmation prompt. | diff --git a/reference/cli/status.mdx b/reference/cli/status.mdx new file mode 100644 index 0000000..1846776 --- /dev/null +++ b/reference/cli/status.mdx @@ -0,0 +1,14 @@ +--- +title: "Status" +--- + +## `kernel status` +Check the operational status of Kernel services, including the API and browser infrastructure. + +| Flag | Description | +|------|-------------| +| `--output json`, `-o json` | Output the raw API response as JSON. | + +```bash +kernel status +``` diff --git a/reference/cli/upgrade.mdx b/reference/cli/upgrade.mdx new file mode 100644 index 0000000..4d86441 --- /dev/null +++ b/reference/cli/upgrade.mdx @@ -0,0 +1,18 @@ +--- +title: "Upgrade" +--- + +## `kernel upgrade` +Upgrade the Kernel CLI to the latest version. The command detects how the CLI was installed (Homebrew, pnpm, npm, or bun) and runs the matching upgrade command. If the installation method can't be detected, it prints manual upgrade instructions. + +| Flag | Description | +|------|-------------| +| `--dry-run` | Show what would be executed without running it. | + +```bash +# Upgrade in place +kernel upgrade + +# Preview the upgrade command +kernel upgrade --dry-run +``` From 3fff75f23885a27a7560ff676e81b0dde02bb31f Mon Sep 17 00:00:00 2001 From: jarugupj <121142710+jarugupj@users.noreply.github.com> Date: Wed, 3 Jun 2026 15:22:53 +0000 Subject: [PATCH 2/3] Trim unverified scope claim from status page Co-Authored-By: Claude Opus 4.7 --- reference/cli/status.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/reference/cli/status.mdx b/reference/cli/status.mdx index 1846776..e3be14e 100644 --- a/reference/cli/status.mdx +++ b/reference/cli/status.mdx @@ -3,7 +3,7 @@ title: "Status" --- ## `kernel status` -Check the operational status of Kernel services, including the API and browser infrastructure. +Check the operational status of Kernel services. | Flag | Description | |------|-------------| From 60dda9e593efd053f80f1d51f652642575477cf7 Mon Sep 17 00:00:00 2001 From: jarugupj <121142710+jarugupj@users.noreply.github.com> Date: Wed, 3 Jun 2026 20:31:49 +0000 Subject: [PATCH 3/3] Add credentials CLI reference and link from auth connections Documents the kernel credentials and kernel credential-providers commands on a combined Credentials page, cross-linked to the managed auth and 1Password feature docs. Restores the credential-provider flags on the auth connections page. Co-Authored-By: Claude Opus 4.7 --- docs.json | 1 + reference/cli.mdx | 3 + reference/cli/auth-connections.mdx | 8 ++ reference/cli/credentials.mdx | 130 +++++++++++++++++++++++++++++ 4 files changed, 142 insertions(+) create mode 100644 reference/cli/credentials.mdx diff --git a/docs.json b/docs.json index 8cc037a..0f948d4 100644 --- a/docs.json +++ b/docs.json @@ -278,6 +278,7 @@ "reference/cli/proxies", "reference/cli/extensions", "reference/cli/auth-connections", + "reference/cli/credentials", "reference/cli/projects", "reference/cli/api-keys", "reference/cli/status", diff --git a/reference/cli.mdx b/reference/cli.mdx index dacbc1e..edf35a3 100644 --- a/reference/cli.mdx +++ b/reference/cli.mdx @@ -58,6 +58,9 @@ kernel --version Create, list, rename, and delete API keys. + + Store credentials and connect external providers. + ## Quick Start diff --git a/reference/cli/auth-connections.mdx b/reference/cli/auth-connections.mdx index 0ffb3b6..a2de553 100644 --- a/reference/cli/auth-connections.mdx +++ b/reference/cli/auth-connections.mdx @@ -34,6 +34,10 @@ Create a managed auth connection for a profile and domain. | `--health-check-interval ` | Interval between health checks (`300`–`86400`). | | `--proxy-id ` | Proxy ID to use. | | `--proxy-name ` | Proxy name to use. | +| `--credential-name ` | [Kernel credential](/reference/cli/credentials) name to use. | +| `--credential-provider ` | External [credential provider](/reference/cli/credentials#credential-providers) to look up credentials from. | +| `--credential-path ` | Provider-specific path (e.g. `VaultName/ItemName`). | +| `--credential-auto` | Look up by domain from the specified provider (defaults to true when `--credential-provider` is set without `--credential-path`). | | `--no-save-credentials` | Don't save credentials after a successful login. | | `--output json`, `-o json` | Output raw JSON object. | @@ -51,6 +55,10 @@ Update a managed auth connection. | `--health-check-interval ` | Interval between health checks. | | `--proxy-id ` | Proxy ID to use. | | `--proxy-name ` | Proxy name to use. | +| `--credential-name ` | [Kernel credential](/reference/cli/credentials) name to use. | +| `--credential-provider ` | External [credential provider](/reference/cli/credentials#credential-providers) to look up credentials from. | +| `--credential-path ` | Provider-specific path (e.g. `VaultName/ItemName`). | +| `--credential-auto` | Look up by domain from the specified provider. | | `--save-credentials` | Enable saving credentials after a successful login. | | `--no-save-credentials` | Disable saving credentials after a successful login. | | `--output json`, `-o json` | Output raw JSON object. | diff --git a/reference/cli/credentials.mdx b/reference/cli/credentials.mdx new file mode 100644 index 0000000..f3a8f7a --- /dev/null +++ b/reference/cli/credentials.mdx @@ -0,0 +1,130 @@ +--- +title: "Credentials" +--- + +Manage stored credentials and external credential providers used for automated re-authentication. For background on how credentials power [managed auth](/auth/configuration), see [Credentials](/auth/credentials); for connecting 1Password, see the [1Password integration](/integrations/1password). + +## Credentials + +Stored login details that Kernel uses to re-authenticate a profile when its session expires. + +### `kernel credentials list` +List stored credentials. + +| Flag | Description | +|------|-------------| +| `--domain ` | Filter by domain. | +| `--limit ` | Maximum number of results to return. | +| `--offset ` | Number of results to skip. | +| `--output json`, `-o json` | Output raw JSON array. | + +### `kernel credentials get ` +Get a credential by ID or name. + +| Flag | Description | +|------|-------------| +| `--output json`, `-o json` | Output raw JSON object. | + +### `kernel credentials create` +Create a new credential. + +| Flag | Description | +|------|-------------| +| `--name ` | Unique name for the credential. Required. | +| `--domain ` | Target domain this credential is for. Required. | +| `--value ` | Field name/value pair, e.g. `--value username=myuser --value password=mypass` (repeatable). | +| `--totp-secret ` | Base32-encoded TOTP secret for 2FA. | +| `--sso-provider ` | SSO provider (e.g. `google`, `github`, `microsoft`). | +| `--output json`, `-o json` | Output raw JSON object. | + +```bash +kernel credentials create --name acme-login --domain example.com \ + --value username=alice --value password=s3cret +``` + +### `kernel credentials update ` +Update a credential. Pass an empty string to `--totp-secret` or `--sso-provider` to remove it. + +| Flag | Description | +|------|-------------| +| `--name ` | New name for the credential. | +| `--value ` | Field name/value pair to update (repeatable). | +| `--totp-secret ` | Base32-encoded TOTP secret (empty string to remove). | +| `--sso-provider ` | SSO provider (empty string to remove). | +| `--output json`, `-o json` | Output raw JSON object. | + +### `kernel credentials totp-code ` +Get the current TOTP code for a credential. + +| Flag | Description | +|------|-------------| +| `--output json`, `-o json` | Output raw JSON object. | + +### `kernel credentials delete ` +Delete a credential. + +| Flag | Description | +|------|-------------| +| `--yes`, `-y` | Skip confirmation prompt. | + +## Credential providers + +External providers (such as 1Password) that Kernel queries to look up credentials automatically by domain. + +### `kernel credential-providers list` +List credential providers. + +| Flag | Description | +|------|-------------| +| `--output json`, `-o json` | Output raw JSON array. | + +### `kernel credential-providers get ` +Get a credential provider by ID. + +| Flag | Description | +|------|-------------| +| `--output json`, `-o json` | Output raw JSON object. | + +### `kernel credential-providers create` +Create a new credential provider. + +| Flag | Description | +|------|-------------| +| `--provider-type ` | Provider type (e.g. `onepassword`). | +| `--name ` | Human-readable name for this provider instance. | +| `--token ` | Service account token for the provider. | +| `--cache-ttl ` | How long to cache credential lists, in seconds (default: `300`). | +| `--output json`, `-o json` | Output raw JSON object. | + +### `kernel credential-providers update ` +Update a credential provider. + +| Flag | Description | +|------|-------------| +| `--name ` | New human-readable name. | +| `--token ` | New service account token (to rotate credentials). | +| `--enabled` | Whether the provider is enabled for credential lookups. | +| `--priority ` | Priority order for lookups (lower numbers are checked first). | +| `--cache-ttl ` | How long to cache credential lists, in seconds. | +| `--output json`, `-o json` | Output raw JSON object. | + +### `kernel credential-providers list-items ` +List items available from a credential provider. + +| Flag | Description | +|------|-------------| +| `--output json`, `-o json` | Output raw JSON array. | + +### `kernel credential-providers test ` +Test a credential provider connection. + +| Flag | Description | +|------|-------------| +| `--output json`, `-o json` | Output raw JSON object. | + +### `kernel credential-providers delete ` +Delete a credential provider. + +| Flag | Description | +|------|-------------| +| `--yes`, `-y` | Skip confirmation prompt. |