Documentation

CLI Reference

Every Oynix command — what it does, how to run it, the flags, and the output you'll see. Oynix indexes your code and decisions into a knowledge graph you can query; the commands below set that up and put it to work.

Prerequisites

A terminal, Docker (for the local engine), and a Neo4j database (local or cloud).
An AI provider key for understanding code (BYOK), unless you run a local model.
Sign in once with `oynix login`, then `oynix init` to configure this machine.

Getting started

oynix guide

alias stepsalias setup-orderalias onboarding

Probes your live state and prints the setup steps with a ✓/→/○/· status for each, then the next action. No flags.

Output

Oynix — setup steps
Run in order. ✓ done · → do next · ○ to do · · optional

✓ Sign in           oynix login
✓ Configure         oynix init
→ Workspace key     oynix key setup
· Git host auth     oynix connect github|gitlab|bitbucket
○ Start the engine  oynix engine start
○ Index a repo      oynix index <owner/repo>

Next: oynix key setup

oynix login [--provider google|github]

Signs you in (identity) so presence, conflicts, and authorship map to you. Google for everyone; GitHub here is only an indexing connector.

Flag	Meaning	Default
--provider <google\|github>	auth provider	google

Output

Opening your browser to sign in with Google…
  if it doesn't open: https://accounts.google.com/o/oauth2/…

  waiting for you to finish in the browser…

✓ Signed in as You  via google
  you@acme.com

Next: set up your workspace key →  oynix key setup

oynix init

One-time setup on this machine — saves an encrypted settings file at ~/.oynix/config.enc. Run plain and it prompts you; flags pre-fill the answers.

Flag	Meaning	Default
--email <e>	your email (locks the settings file)	—
--llm-provider <openai\|anthropic\|groq\|ollama>	which AI understands your code	—
--llm-key <k>	API key (not needed for ollama)	—
--embeddings-provider <openai\|ollama>	semantic-search model	—
--embeddings-key <k>	API key (skip for ollama)	—
--neo4j-uri <uri>	where the graph database lives	—
--neo4j-user / --neo4j-pass / --neo4j-db	database login	neo4j / — / neo4j
--mcp-port <n>	port for the local server	8080
--team-id <id>	label for your team	local
--force	start over — wipe & redo setup	—

Examples

oynix init                                                # simplest — asks the rest
oynix init --email you@acme.com --llm-provider openai --llm-key sk-xxx
oynix init --neo4j-uri neo4j+s://abc.databases.neo4j.io --neo4j-pass pw
oynix init --force                                       # redo from scratch

Output

✓ Wrote ~/.oynix/config.enc    Oynix initialised. Next: oynix key setup

oynix key

group

Set up your workspace key — create a new workspace (you become Master) or join one.

Subcommand	What it does
key setup	interactive: use an existing key or create one
key create [--name <label>]	mint a new key (Master if you have no workspace yet)
key validate [--key <key>]	check a key; show plan + role; save engine token
key show	your current workspace, role, plan
key list	list workspace keys (Master/Admin)
key revoke <prefix> [--yes]	revoke a key by prefix (Master)

Output

key create

✓ Workspace key created

  oynix_7ec8be9a4f2c…
  (shown once — saved to ~/.oynix; keep it safe)

key validate

✓ Key valid

  Workspace: acme
  Role:      Master
  Plan:      Free

Engine

The local engine (graph database + indexer + ingestion) and wiring coding agents to it.

oynix engine

groupalias mcp-engine

Local engine lifecycle — graph database + indexer + ingestion, in Docker.

Subcommand	What it does
engine start	boot the stack (writes compose files, signs in to the registry, up -d)
engine stop [--volumes]	stop containers (--volumes also deletes the data — destructive)
engine restart	restart all containers
engine update	pull latest images + recreate — keeps your data (never down -v)
engine logs [service] [--tail <n>]	stream container logs
engine status	running state of the containers

Flag	Meaning	Default
--volumes (stop)	also delete the Neo4j data volume (destructive)	—
--tail <n> (logs)	recent lines to show	50

Output

engine start

✓ Infrastructure started

Neo4j:           bolt://localhost:7687
oynix-indexer:   http://localhost:8001
oynix-ingestion: http://localhost:8000

Run `oynix status` to verify all services are healthy.

engine update

✓ Images updated
✓ Engine updated — your data is intact

oynix mcp

group

Wire a coding agent (Claude / Cursor / …) to Oynix. Not needed to start the engine.

Subcommand	What it does
mcp setup	write compose/.env, register the MCP server with your client, print the snippet

Flag	Meaning	Default
--client <name\|all>	claude, cursor, vscode, windsurf, gemini, codex, aider, … or all	claude
-y, --yes	auto-register without prompting	—
--server-bin <path>	path to the oynix-server binary	auto-detect

Output

✓ docker-compose.yml → ~/.oynix/docker-compose.yml
✓ .env               → ~/.oynix/.env

  Claude Code — MCP registration
  ✓ Registered with Claude Code — restart it to load the server.

  Other clients: oynix mcp setup --client cursor|vscode|…|all

Code & knowledge

Index repos, connect doc sources, and query the graph in plain English.

oynix index [owner/repo]

Parses a repository into the graph so you can ask about it. Public repos work as-is; private/org repos need oynix connect <provider> first.

Flag	Meaning	Default
--provider <github\|gitlab\|bitbucket>	git host	github
--branch <b>	branch to index	main
--all	index every repo your account can see	—
--no-wait	start and return immediately	—
--force	re-index even if the commit is unchanged	—
--embeddings <reuse\|regenerate>	reuse cached vectors (free) or recompute with the current model (docstrings reused, so no LLM cost)	ask / reuse

Output

✓ Indexing started — job a1b2c3d4
  Runs in the background (a few minutes for a large repo).
  When it's done:  oynix ask "how does this project work?"

✓ Indexed oynix-ai/oynix-cli
Ask it anything:  oynix ask "how does this project work?"

oynix repos

alias repo

Lists repos your connected account can see (run oynix connect <provider> first).

Flag	Meaning	Default
--provider <github\|gitlab\|bitbucket>	git host	github
--workspace <slug>	Bitbucket workspace to list	config bitbucket.workspace

Output

✓ 24 repositories

  oynix-ai/oynix-cli   (public)
  acme/web-app         (private)

  Index one:  oynix index oynix-ai/oynix-cli

oynix connect [source]

Connect a git host (github/gitlab/bitbucket — for private repos) or a doc source (jira/confluence/notion). Run again to test the token; --force replaces it.

Flag	Meaning	Default
--force	reconnect / replace the saved token	—
-p, --project <id>	which project	your only indexed project

Output

✓ Connected github
  2 sources connected — see all:  oynix connectors

oynix connectors

group

Manage external sources whose docs/tickets are ingested and linked to your code.

Subcommand	What it does
connectors (bare)	list connected sources
connectors sync [source]	pull the latest from a source and link it to code (progress bar)
connectors disconnect [source] [--yes]	remove a source

Flag	Meaning	Default
-p, --project <id>	which project	auto
-y, --yes (disconnect)	skip confirmation	—

Output

connectors (list)

  Git hosts  (1)
    Github

  Connected sources

  ● jira (PROJ)   synced 2h ago
  ● notion        never synced — run: oynix connectors sync notion

oynix ask [question]

Ask your code (and ingested docs) a plain-English question. Returns an answer with a confidence band, the sources it used, and a visualizer link.

Flag	Meaning	Default
-p, --project <id>	scope to one project	all projects
--max-nodes <n>	code nodes to use as context	8

Output

  how does login work?
  searched all projects → answered from oynix-cli
  confidence  ▰▰▰▰▰▰▰▱▱▱  72%  high

  Login is handled by internal/auth/sso.go (Google device flow); the token is
  saved by config.Save and attached to calls by SetDefaultBearer.

  sources
  → ssoLogin    (internal/auth/sso.go)        100%
  → config.Save (internal/config/config.go)    71%

  why this exists
  → ssoLogin — wire Google device flow  https://github.com/acme/app/pull/142

  explore in the visualizer
  http://localhost:3001/?project=oynix-cli&focus=…

oynix why [file]

Shows what explains a file — the docs, PRs, and tickets behind it, each with source and confidence. Provenance (why it exists), not behaviour. Takes a file path, not a question.

Flag	Meaning	Default
-s, --symbol <name>	narrow to a specific function/class	whole file
--kind <semantic\|name>	only show links of this kind	all
--min-confidence <0..1>	hide links below this confidence	0
-p, --project <id>	which project	auto

Output

  WHY  ssoLogin  (internal/auth/handler.go)
  confidence  ▰▰▰▰▰▰▰▰▰▱  95%

  github · 0.95 · mentions
    wire Google device flow
    Replaces the old PAT paste with a device-code flow…
    https://github.com/acme/app/pull/142
    → internal/auth/sso.go, internal/cmd/login.go

  jira · 0.88 · about
    PROJ-214  Add SSO login

oynix health

A 0–100 health score over the code graph (no AI, no re-index): dead code, cycles, god objects, large files.

Flag	Meaning	Default
-d, --details	list example offenders for each metric	—
-p, --project <id>	which project	auto

Output

  REPOSITORY HEALTH

  A   90/100
  ████████████████████░░
  214 files · 1,284 definitions

  −4  dead code         3 definitions with no inbound reference
  −2  dependency cycles 1 file-graph cycle
  −4  god objects       Load, runStatus
   0  large files

  oynix health --details   show every offender

oynix arch

group

Declare intended architecture once (.oynix/architecture.yml), then check the real graph against it.

Subcommand	What it does
arch init	scaffold a rules file from your top-level source dirs
arch check	check the indexed graph (default) or the local working tree (--local)

Flag	Meaning	Default
-o, --out <path> (init)	output path	.oynix/architecture.yml
--local (check)	check working tree (fast, no push)	indexed
--accept allow (check)	baseline: bless current deps, flag only NEW drift	—
--fail-on-violation (check)	non-zero exit (for hooks/CI)	—

Output

arch check

Architecture: 98% compliant — 1 violation
  ✗ internal/ui → internal/db  (forbidden · layer cycle)  error

oynix diagram

A diagram from the code graph (no AI, always current). Module-level by default; --files zooms in; --sequence --from <fn> traces a real call chain. Architecture violations drawn red when rules exist.

Flag	Meaning	Default
--depth <n>	directory depth to group modules by	2
--files	draw individual files instead of modules	—
--sequence --from <symbol>	trace the real call chain from a function	—
--format <mermaid\|plantuml\|png\|svg>	diagram syntax (png/svg need mmdc)	mermaid
-o, --out <file>	write to a file instead of stdout	stdout

Output

module dependency map

graph LR
  cmd --> config
  http -->|⚠| db

--sequence --from runAsk

sequenceDiagram
  participant p0 as runAsk
  participant p1 as PostJSON
  p0->>p1: calls

oynix wiki [module]

Per-module docs from the graph — summary, key definitions, dependencies, consumers, and risks. Opens as Markdown in your editor by default.

Flag	Meaning	Default
-t, --term	render in the terminal	opens editor
--markdown	print raw Markdown to stdout	—
-o, --out <dir>	export the whole wiki to files	—
--depth <n>	module grouping depth	2
--top <n>	key definitions per module	6

Output

✓ Wrote ~/.oynix/wiki/oynix-cli_internal-cmd.md
  Opening in your editor… (--term to render in the terminal instead)

oynix summarize

One-screen executive read — overview, health/arch status, key modules by centrality + roles, most-referenced code, what changed since the last index, and reading order.

Flag	Meaning	Default
--top <n>	key modules / pieces to list	6
-p, --project <id>	which project	auto

Output

  REPOSITORY SUMMARY · oynix-cli

  A Go CLI that wraps Oynix's engine + control-plane APIs…

  Health 90/100 (A)  ·  Architecture 98%
  12 modules · 214 files · 1,284 definitions

  Key modules
    internal/cmd      CLI orchestration
    internal/client   HTTP to the engine

  What changed
  health ▲+5 since last index (2026-06-19)
  • internal/cmd  58 commits · Priyam Soni · 2026-06-20

oynix ownership [file]

Who owns a file, from git history — top authors by recent activity, a bus-factor warning when one author dominates, and files that change together with it. With --risk, scans the whole repo for single-owner files.

Flag	Meaning	Default
--risk	repo-wide bus-factor scan: files dominated by one author	—
--top <n>	top authors (or silos, with --risk) to show	5
-p, --project <id>	which project	auto

Output

per file

  OWNERSHIP  internal/cmd/ask.go

  1 author · 6 commits touch this file

  ★ Priyam Soni  6 commits (100%)  last 2026-06-20

  ⚠ Bus factor 1 — Priyam Soni is the only author. Knowledge silo; spread it around.

  Often changed together with
  • internal/cmd/root.go   in 4 shared commits

Needs the repo indexed with history (private repos need a token, e.g. GITHUB_TOKEN, or ownership is empty).

oynix graph

group

Inspect the knowledge graph.

Subcommand	What it does
graph stats	decisions by topic + generated skills
graph view	open the visualizer in your browser
graph search [query]	search the code graph (+ a visualizer focus deep-link)
graph inspect [node-id]	a node's properties + its neighbours (calls / called-by) + a deep-link
graph export	export nodes + edges as JSON

Output

graph inspect <id>

  name             handleLogin
  file_path        internal/auth/handler.go

  Calls
  → validateToken  calls · <node-id>
  Called by
  → loginCmd       calls · <node-id>

  explore in the visualizer
  http://localhost:3001?project=…&focus=<id>

oynix memory

One overview of everything ingested — code repos (by git host) + document sources. Only sources you have appear. No flags.

Output

  OYNIX MEMORY

  Repositories  (2)
    oynix-ai/oynix-cli                 github     ready
    oynix-ai/oynix                     github     ready

  Document sources  (2)
    jira                               ready
    notion                             ready

  2 repositories · 2 document sources

oynix forget <owner/repo>

Permanently removes an indexed repo (graph nodes, search index, project record). Cached docstrings kept. Master only.

Flag	Meaning	Default
--branch <b>	only forget this branch	all branches
--yes	skip confirmation	—

Output

⚠ This will permanently delete 1 indexed project:
    oynix-cli  (main, github)
Continue? [y/N] y
✓ Forgot oynix-cli  (main)
  1 deleted · 0 failed

Team awareness

Roster, live presence, and the collaboration layer from your team graph.

oynix members

group

See who's in your workspace and their roles. Master can change/remove. (Onboarding new members is in the web console.)

Subcommand	What it does
members (bare)	list members + roles
members role <email> <master\|admin\|member>	change a role (Master)
members remove <email> [--yes]	remove a member + revoke their keys (Master)

Output

members (list)

  WORKSPACE MEMBERS  (3)

    you@acme.com                       [Master]
    alice@acme.com                     [Admin]
    bob@acme.com                       [Member]

  Change a role:  oynix members role <email> <master|admin|member>

oynix presence <file>

Tells the team graph you're editing <file> (others see you) and warns if someone else already is. The emitter (modes presence is the viewer).

Flag	Meaning	Default
-w, --watch	heartbeat until Ctrl-C, then clear	—
--interval <s>	heartbeat seconds (with --watch)	30
-p, --project <id>	links presence to the code graph	—

Output

no one else there

✓ Editing internal/auth/handler.go — no one else is here.

someone else is in it

⚠ alice@acme.com is also editing internal/auth/handler.go
  You're both in internal/auth/handler.go — coordinate before changing the same code.

oynix modes

groupalias mode

The collaboration layer from your team graph (live team graph, team-scoped by team_id).

Subcommand	What it does
modes presence	who's editing what right now (--file, --watch)
modes conflict	overlapping edits + past resolutions (--file, --developer required)
modes skills [topic]	list auto-generated team skills (or print one)
modes decisions	browse the team's decision history (--topic, --limit)

Output

modes presence

  LIVE PRESENCE

  2 developer(s) active

  ● alice@acme.com   internal/auth/handler.go   2m ago
  ● you@acme.com     internal/cmd/mcp.go        now

modes decisions --topic accepts: auth · deployment · testing · architecture · security · performance · convention · incident.

System

Status, diagnostics, config, license, and sign-out.

oynix status

Health summary — identity, engine, a real database probe, and providers (LLM + embeddings). No flags.

Output

  Oynix Status

  (a table of: identity · engine/indexer/ingestion · a real Neo4j probe · LLM + embeddings providers)

  Capability coverage
    ✓ Code search   ✓ Docs ingest   ○ Vision (add a vision provider)

oynix doctor

Runs checks and prints a pass/fail summary with fix hints. No flags.

Output

  Oynix Doctor

  ✓ config readable
  ✓ docker running
  ✗ Neo4j reachable
       unreachable at bolt://localhost:7687 → run `oynix engine start`

  Some checks failed. Address the issues above and re-run `oynix doctor`.

oynix config

group

Manage configuration values.

Subcommand	What it does
config set <key> <value>	set a value (e.g. config set llm.provider anthropic)
config get <key>	print one value
config list	show all values
config reset	reset all config to defaults

Output

config list

llm.provider        = ollama
neo4j.uri           = bolt://localhost:7687
bitbucket.workspace = (unset)

oynix auth

group

License / authentication (separate from login and key).

Subcommand	What it does
auth login	validate and save a license key (--key)
auth logout	remove the stored license key
auth status	show auth/license status
auth keygen	generate a workspace license key (self-hosted/beta) (--activate)

Output

auth status

✓ Authenticated   Plan: Free
  Expires: 2027-06-20

oynix logout

Sign out — clears your identity + session on this machine. No flags.

Output

✓ Signed out. Run `oynix login` to sign back in.

oynix help [command] · oynix completion <shell>

Built-ins. help prints help for any command; completion emits a shell autocompletion script (bash | zsh | fish | powershell).

Common command chains

The recipes that string commands together for everyday goals.

Goal	Chain
First-time setup	login → init → key setup → engine start
Index a private repo	connect github → repos → index <owner/repo>
Ask about code	ask "…" (or why <file> / graph search)
Add docs / tickets	connect jira -p <id> → connectors sync jira
Understand a repo	summarize → wiki <module> → diagram
Quality gate (CI / hook)	health → arch check --local --fail-on-violation
Keep current	engine update (data preserved)
Team workspace	key create (Master) → members role <email> admin
Remove a repo	forget <owner/repo> (Master)