syncable-cli 0.37.1

A Rust-based CLI that analyzes code repositories and generates Infrastructure as Code configurations
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179

<p align="center">
  <img src="https://raw.githubusercontent.com/syncable-dev/syncable-cli/main/logo.png" alt="Syncable" width="320" />
</p>

<h1 align="center">syncable-cli-skills</h1>

<p align="center">
  <strong>Teach your AI coding agent how to use the Syncable CLI toolbox.</strong>
</p>

<p align="center">
  <a href="https://www.npmjs.com/package/syncable-cli-skills"><img src="https://img.shields.io/npm/v/syncable-cli-skills.svg" alt="npm version" /></a>
  <a href="https://www.npmjs.com/package/syncable-cli-skills"><img src="https://img.shields.io/npm/dm/syncable-cli-skills.svg" alt="npm downloads" /></a>
  <a href="https://github.com/syncable-dev/syncable-cli"><img src="https://img.shields.io/github/license/syncable-dev/syncable-cli.svg" alt="license" /></a>
  <img src="https://img.shields.io/node/v/syncable-cli-skills.svg" alt="node version" />
</p>

---

One command installs **11 skills** (7 command + 4 workflow) that give AI coding agents full access to Syncable's security scanning, vulnerability detection, IaC validation, Kubernetes optimization, and deployment pipeline - all through the `sync-ctl` CLI.

## Supported Agents

| Agent | Install Type | Format |
|-------|-------------|--------|
| **Claude Code** | Plugin (`~/.claude/plugins/cache/syncable/`) | Plugin marketplace with `SKILL.md` directories |
| **Codex** | Global (`~/.agents/skills/`) | `SKILL.md` directories |
| **Cursor** | Per-project (`.cursor/rules/`) | `.mdc` with `alwaysApply` |
| **Windsurf** | Per-project (`.windsurf/rules/`) | `.md` with `trigger: always` |
| **Gemini CLI** | Global (`~/.gemini/<profile>/skills/`) | `SKILL.md` directories |

## Quick Start

```bash
npx syncable-cli-skills
```

That's it. The installer will:

1. Check if `sync-ctl` is installed (and offer to install it via `cargo` if not)
2. Detect which AI coding agents you have
3. Let you pick which agents should receive skills
4. Install skills in each agent's native format

Then open your agent and say: **"assess this project"**

## What Gets Installed

### Command Skills

Atomic wrappers around individual `sync-ctl` commands. Each skill teaches the agent when and how to invoke a specific tool:

| Skill | What it does |
|-------|-------------|
| `syncable-analyze` | Detect tech stack, languages, frameworks, dependencies |
| `syncable-security` | Scan for secrets, hardcoded credentials, insecure patterns |
| `syncable-vulnerabilities` | Check dependencies for known CVEs |
| `syncable-dependencies` | Audit licenses, find outdated or deprecated packages |
| `syncable-validate` | Lint Dockerfiles, Compose files, Terraform, K8s manifests |
| `syncable-optimize` | Analyze Kubernetes resource requests, limits, cost efficiency |
| `syncable-platform` | Authenticate, select projects/environments, deploy |

### Workflow Skills

Multi-step orchestrations that chain command skills together with decision logic:

| Skill | What it does |
|-------|-------------|
| `syncable-project-assessment` | Full health check: stack analysis + security + vulnerabilities + dependencies |
| `syncable-security-audit` | Deep pre-deployment security review with paranoid mode scanning |
| `syncable-iac-pipeline` | Validate all IaC files + Kubernetes optimization (conditional) |
| `syncable-deploy-pipeline` | End-to-end deploy: auth, analyze, security gate, deploy + monitor |

## CLI Reference

```
npx syncable-cli-skills [command] [options]
```

### Commands

| Command | Description |
|---------|-------------|
| `install` | Install sync-ctl and skills *(default)* |
| `uninstall` | Remove skills from agents |
| `update` | Update skills to the latest version |
| `status` | Show what's installed and where |

### Options

| Option | Description |
|--------|-------------|
| `--skip-cli` | Skip the sync-ctl installation check |
| `--dry-run` | Preview what would happen without making changes |
| `--agents <list>` | Comma-separated list: `claude,cursor,windsurf,codex,gemini` |
| `--global-only` | Only install to global agents (Claude Code, Codex) |
| `--project-only` | Only install to project-level agents (Cursor, Windsurf, Gemini) |
| `-y, --yes` | Skip all confirmation prompts |
| `--verbose` | Show detailed output for debugging |

### Examples

```bash
# Interactive install (default)
npx syncable-cli-skills

# Install for specific agents only
npx syncable-cli-skills install --agents claude,cursor

# Non-interactive CI install
npx syncable-cli-skills install --yes --global-only

# Preview without making changes
npx syncable-cli-skills install --dry-run

# Check current installation status
npx syncable-cli-skills status

# Update to latest skills
npx syncable-cli-skills update

# Remove all skills
npx syncable-cli-skills uninstall --yes
```

## Prerequisites

- **Node.js >= 18** (required to run the installer)
- **Rust / Cargo** (required for `sync-ctl` - the installer can set this up for you)
- **sync-ctl** (the Syncable CLI - the installer can install this via `cargo install syncable-cli`)

If `cargo` or `sync-ctl` are missing, the installer will walk you through setting them up interactively.

## How It Works

Skills are markdown files with YAML frontmatter that describe **when** to use a tool and **how** to invoke it. They don't execute code directly - they teach the AI agent's reasoning layer about the capabilities available through `sync-ctl`.

When an agent encounters a task like "check this project for vulnerabilities," the skill gives it the exact command, flags, output interpretation logic, and error handling to do the job correctly.

Each agent has its own format for loading skills:

- **Claude Code** reads `.md` files from `~/.claude/skills/`
- **Codex** reads `SKILL.md` from directories in `~/.codex/skills/`
- **Cursor** reads `.mdc` files with special frontmatter from `.cursor/rules/`
- **Windsurf** reads `.md` files with `trigger: always` from `.windsurf/rules/`
- **Gemini CLI** reads from a `GEMINI.md` file in the project root

The installer transforms skills into each format automatically.

## Updating

Skills are bundled in the npm package. When new skills or improvements are published:

```bash
npx syncable-cli-skills update
```

This removes the old skills and installs the latest version.

## Uninstalling

```bash
npx syncable-cli-skills uninstall
```

This removes only the Syncable skills. It does **not** uninstall `sync-ctl`, `cargo`, or `rustup` - those are general-purpose tools you may rely on.

## Privacy

This installer runs entirely locally. It does not collect analytics, send telemetry, or phone home. The only network requests it makes are to install `rustup` or `sync-ctl` if you explicitly approve those steps.

## License

GPL-3.0 - See [LICENSE](https://github.com/syncable-dev/syncable-cli/blob/main/LICENSE) for details.

## Links

- [Syncable CLI](https://github.com/syncable-dev/syncable-cli) - The CLI toolbox these skills teach agents to use
- [crates.io](https://crates.io/crates/syncable-cli) - `cargo install syncable-cli`