Install the Axiom CLI
Install the axiom CLI with Homebrew or the curl install script, authenticate with axiom login, and confirm your identity and tenant with axiom whoami.
View as MarkdownThe axiom CLI is how you create packages, develop nodes locally, and push
them to the Axiom platform. This page installs the CLI, logs you in, and
verifies your identity — about five minutes end to end.
Install
Pick the method for your platform. Both drop a prebuilt axiom binary on your
PATH; you do not need a Go toolchain to use the CLI.
Homebrew (macOS / Linux):
brew install axiomide/tap/axiomInstall script (macOS / Linux):
curl -fsSL https://raw.githubusercontent.com/AxiomIDE/axiom-releases/main/install.sh | shThe script detects your OS and architecture (Linux/macOS, amd64/arm64),
downloads the matching release binary, and installs it (to /usr/local/bin, or
~/.local/bin if that is not writable). Pin a version with
AXIOM_VERSION=v1.2.3, or change the target with AXIOM_INSTALL_DIR.
Windows: download the .zip for windows/amd64 from the
Releases page and put
axiom.exe on your PATH. The pure-CLI commands (init, validate, create, push,
client, login) run natively on Windows; the Docker-backed commands
(axiom build) and the local dev server (axiom dev, which uses a Unix socket)
are supported under WSL2.
Released binaries ship from the public AxiomIDE/axiom-releases repo — prebuilt binaries and the install script only; the platform source is not published there.
Verify the binary is on your PATH:
axiom versionThis prints the CLI version, for example:
axiom version 0.1.0Run axiom --help at any time to list every command, or
axiom <command> --help for one command's flags. The full command reference
is at reference/cli.
Set up language toolchains
Authoring nodes shells out to a few per-language tools — protoc and language
plugins for proto codegen, plus each language's test runner. To see what you're
missing without installing anything, run:
axiom doctorBare axiom doctor only checks: it reports which toolchain pieces your
packages need and prints copy-paste install hints for the ones that are absent —
it changes nothing. Run inside a package, axiom doctor --fix performs the
project-local installs it can do safely — go mod download, go install of
the proto plugins, npm install, or pip install into an active virtualenv —
and only advises (never installs) system-level tools like protoc. It never
uses sudo or touches system packages.
(axiom doctor outside a package surveys every language and exits 0 — purely
informational. Inside a package it checks just that package's language and exits
non-zero when a required tool is missing, so it can gate CI.)
When you scaffold a package, axiom init --install runs the language's
dependency install (pip install -r requirements.txt, npm install,
go mod download, …) right after writing the manifests, so the generated code
compiles and tests run without a separate setup step.
You can also install the per-language tools yourself when you get to a guide; each Create a node page lists exactly what it needs.
Log in with axiom login
axiom login authenticates you with the Axiom platform using the OAuth
Device Flow:
axiom loginThe command prints a verification URL and a one-time user code, then opens the URL in your default browser. Complete sign-in there via GitHub or Google and enter the code when prompted. Meanwhile the CLI polls the platform until you approve; on success it prints your identity:
✓ Logged in as <client-id> (tenant: <tenant-id>)The resulting API key is stored in ~/.axiom/credentials (a JSON file,
written with owner-only 0600 permissions). Every authenticated CLI command
reads the key from there — you log in once per machine, not per command.
Two things to know:
- The device code expires (typically after 15 minutes). If you see
device code expired, runaxiom loginagain. - In CI environments, set the
AXIOM_API_KEYenvironment variable before runningaxiom login— the CLI saves that key directly and skips the browser flow entirely. You can create API keys in the account console; see Create and manage API keys.
Verify with axiom whoami
axiom whoami shows the user and tenant associated with your stored API key:
axiom whoamiEmail: you@example.com
Tenant: <tenant-id>The tenant is the isolation boundary for everything you push: your packages, flows, secrets, and memory are scoped to it (see Sandboxing and tenancy).
If you have not logged in yet, axiom whoami prints
Not logged in. Run "axiom login" to authenticate. and exits with a non-zero
status — run axiom login first.
Point the CLI at your deployment
The CLI reads two environment variables to locate your Axiom deployment. Your Axiom host provides the values for these variables in your account settings or deployment configuration:
| Variable | Purpose |
|---|---|
AXIOM_API_URL | Platform API (login, push, search) |
AXIOM_INGRESS_URL | Flow invocation endpoint (base origin, no path) |
# e.g. in ~/.bashrc or your CI environment
export AXIOM_API_URL="https://api.example-axiom-host.com"
export AXIOM_INGRESS_URL="https://flows.example-axiom-host.com"AXIOM_INGRESS_URL is the base origin only — no /invocations or other path
suffix. Set these before running axiom login: the stored credential is just
the API key, so switching AXIOM_API_URL to a different deployment requires
logging in again against that deployment.
Next steps
You have a working, authenticated CLI. Continue the tutorial spine:
- Create your first node —
axiom init,axiom create node,axiom dev,axiom test. - Build your first flow — push your package, compose a
flow in the canvas, and
axiom publishit to the marketplace. - Invoke a flow via API — call your flow with curl or a generated client.
For background on what you'll be building, read Nodes, packages, and flows.