Skip to content
Quayside

Using the CLI

The Quayside CLI (quayside) gives engineers and scripts a thin command-line surface for login, identity, agent classes, and child-process wrapping.

For the full command reference see Reference → CLI.

Install

The CLI is a Python package; install with pipx:

Terminal window
pipx install quayside-cli

Or for local development:

Terminal window
cd cli/quayside-cli
uv sync
uv run quayside --help

First time: login

Terminal window
quayside login \
  --principal-id alice@example.com \
  --class-slug eng/code-reviewer \
  --url http://quayside.internal:8000

This:

  1. POSTs to /api/v1/auth/dev/mint-token on the given Quayside server
  2. Caches the resulting token at ~/.config/quayside/token.json with 0600 permissions
  3. Stamps the token’s expiry locally

For production OIDC integration (v2), login will run an OAuth/PKCE flow instead.

Inspect what’s cached

eng/code-reviewer
quayside whoami
# principal_id : alice@example.com
# tenant       : dev
# url          : http://quayside.internal:8000
# expires_in   : 3527s
# issuer       : quayside

Exits 1 if not logged in.

Wrap a child process

The main use of the CLI is to run another command with Quayside’s identity wired in via environment variables:

Terminal window
quayside run claude-code

What this does:

  1. Reads the cached token
  2. Sets ANTHROPIC_BASE_URL=<url>/api/v1/proxy/anthropic
  3. Sets ANTHROPIC_API_KEY=qsk_<jwt> (the proxy parses the JWT from x-api-key)
  4. execvpes the child process with that environment

Any process that respects ANTHROPIC_BASE_URL and ANTHROPIC_API_KEY now goes through Quayside without code changes. Claude Code does. Most LLM-using scripts can be made to.

You can wrap arbitrary commands too:

Terminal window
quayside run -- python my_agent_script.py --flag arg
quayside run -- node my-script.js
quayside run -- sh -c 'echo $ANTHROPIC_BASE_URL'

The -- separates quayside’s flags from the child’s argv.

Manage classes

CommandPurpose
quayside class list [--status STATE]Show registered classes, optionally filtered by lifecycle
quayside class show <slug>Detail page for one class
quayside class register --slug X --name Y --purpose Z --owner WRegister a new class
quayside class deprecate <slug>Transition the class to deprecated lifecycle

The CLI talks to the Quayside server via the URL cached at login time, or --url if you pass it explicitly.

Logout

Terminal window
quayside logout

Deletes the cached token file.

Why a CLI alongside the dashboard

Some flows fit shell better:

  • Scripts and CI jobs that need a quayside identity baked into a process
  • One-shot class registration from a notebook or terminal
  • Engineers who never open the dashboard

The CLI talks to the same HTTP API. Anything you can do in one, you can do in the other.