Public beta — not for production use. Data may be wiped at any time. Questions? Contact us.
Documentation menu

Install the Axiom CLI

Install the axiom CLI with Homebrew or the curl install script, authenticate with axiom login, and confirm your identity and tenant with axiom whoami.

View as Markdown

The axiom CLI is how you create packages, develop nodes locally, and push them to the Axiom platform. This page installs the CLI, logs you in, and verifies your identity — about five minutes end to end.

Install

Pick the method for your platform. Both drop a prebuilt axiom binary on your PATH; you do not need a Go toolchain to use the CLI.

Homebrew (macOS / Linux):

brew install axiomide/tap/axiom

Install script (macOS / Linux):

curl -fsSL https://raw.githubusercontent.com/AxiomIDE/axiom-releases/main/install.sh | sh

The script detects your OS and architecture (Linux/macOS, amd64/arm64), downloads the matching release binary, and installs it (to /usr/local/bin, or ~/.local/bin if that is not writable). Pin a version with AXIOM_VERSION=v1.2.3, or change the target with AXIOM_INSTALL_DIR.

Windows: download the .zip for windows/amd64 from the Releases page and put axiom.exe on your PATH. The pure-CLI commands (init, validate, create, push, client, login) run natively on Windows; the Docker-backed commands (axiom build) and the local dev server (axiom dev, which uses a Unix socket) are supported under WSL2.

Released binaries ship from the public AxiomIDE/axiom-releases repo — prebuilt binaries and the install script only; the platform source is not published there.

Verify the binary is on your PATH:

axiom version

This prints the CLI version, for example:

axiom version 0.1.0

Run axiom --help at any time to list every command, or axiom <command> --help for one command's flags. The full command reference is at reference/cli.

Set up language toolchains

Authoring nodes shells out to a few per-language tools — protoc and language plugins for proto codegen, plus each language's test runner. To see what you're missing without installing anything, run:

axiom doctor

Bare axiom doctor only checks: it reports which toolchain pieces your packages need and prints copy-paste install hints for the ones that are absent — it changes nothing. Run inside a package, axiom doctor --fix performs the project-local installs it can do safely — go mod download, go install of the proto plugins, npm install, or pip install into an active virtualenv — and only advises (never installs) system-level tools like protoc. It never uses sudo or touches system packages.

(axiom doctor outside a package surveys every language and exits 0 — purely informational. Inside a package it checks just that package's language and exits non-zero when a required tool is missing, so it can gate CI.)

When you scaffold a package, axiom init --install runs the language's dependency install (pip install -r requirements.txt, npm install, go mod download, …) right after writing the manifests, so the generated code compiles and tests run without a separate setup step.

You can also install the per-language tools yourself when you get to a guide; each Create a node page lists exactly what it needs.

Log in with axiom login

axiom login authenticates you with the Axiom platform using the OAuth Device Flow:

axiom login

The command prints a verification URL and a one-time user code, then opens the URL in your default browser. Complete sign-in there via GitHub or Google and enter the code when prompted. Meanwhile the CLI polls the platform until you approve; on success it prints your identity:

✓ Logged in as <client-id> (tenant: <tenant-id>)

The resulting API key is stored in ~/.axiom/credentials (a JSON file, written with owner-only 0600 permissions). Every authenticated CLI command reads the key from there — you log in once per machine, not per command.

Two things to know:

  • The device code expires (typically after 15 minutes). If you see device code expired, run axiom login again.
  • In CI environments, set the AXIOM_API_KEY environment variable before running axiom login — the CLI saves that key directly and skips the browser flow entirely. You can create API keys in the account console; see Create and manage API keys.

Verify with axiom whoami

axiom whoami shows the user and tenant associated with your stored API key:

axiom whoami
Email:  you@example.com
Tenant: <tenant-id>

The tenant is the isolation boundary for everything you push: your packages, flows, secrets, and memory are scoped to it (see Sandboxing and tenancy).

If you have not logged in yet, axiom whoami prints Not logged in. Run "axiom login" to authenticate. and exits with a non-zero status — run axiom login first.

Point the CLI at your deployment

The CLI reads two environment variables to locate your Axiom deployment. Your Axiom host provides the values for these variables in your account settings or deployment configuration:

VariablePurpose
AXIOM_API_URLPlatform API (login, push, search)
AXIOM_INGRESS_URLFlow invocation endpoint (base origin, no path)
# e.g. in ~/.bashrc or your CI environment
export AXIOM_API_URL="https://api.example-axiom-host.com"
export AXIOM_INGRESS_URL="https://flows.example-axiom-host.com"

AXIOM_INGRESS_URL is the base origin only — no /invocations or other path suffix. Set these before running axiom login: the stored credential is just the API key, so switching AXIOM_API_URL to a different deployment requires logging in again against that deployment.

Next steps

You have a working, authenticated CLI. Continue the tutorial spine:

For background on what you'll be building, read Nodes, packages, and flows.