Docs / For maintainers & developers / 05

Using the CLI

Install opub, configure a supported agent, and run funded sessions.

3 min read / Guide 05

cli agents

The opub CLI is open source.

It connects a browser-provisioned compute key to a supported agent and links sessions to the project, so donors can see that donated compute is being actively used on it.

The CLI is optional. A compute key is a capped OpenRouter credential for opub's allowed model providers. Use it with any compatible tool or workflow; sessions just won't be linked if you use the key directly.

See Supported agents for help choosing between them.

Continue sessions require the Continue CLI (cn) on your PATH. See the Continue CLI guide for install instructions.

Install

curl -fsSL https://opub.dev/install.sh | sh

The installer downloads signed-and-checksummed release archives. Pin a version with OPUB_VERSION=v0.1.0.

Setup

From inside the repository you maintain, run setup with the one-time compute key shown after browser creation:

opub setup claude --project owner/repo --compute-key-id ck_...
opub setup codex --project owner/repo --compute-key-id ck_...
opub setup copilot --project owner/repo --compute-key-id ck_...
opub setup vibe --project owner/repo --compute-key-id ck_...
opub setup opencode --project owner/repo --compute-key-id ck_...
opub setup continue --project owner/repo --compute-key-id ck_...

opub setup verifies the repository origin matches --project, stores the provider key in your system credential store, and writes non-secret config for the agent. The key secret does not appear in config files.

Run

opub run claude
opub run codex
opub run copilot
opub run vibe
opub run opencode
opub run codex -- "fix the failing test"
opub run continue -- -p "Review staged changes for obvious bugs" --silent

opub run creates or refreshes a local work session, injects provider credentials and runtime launch proof into the agent process, and loads the bundled skill, plugin, or generated agent config. The agent itself is unchanged — opub wraps the launch.

Check your setup

opub doctor codex

opub doctor reports repo root, config paths, credential presence, agent executable, session state, and MCP status. Run it if setup or a session behaves unexpectedly.

What the session signal means

When you run an agent through opub run, the CLI reads your provider key from the OS system keyring and injects it into the agent's environment. A local MCP server starts alongside the agent, exposing four tools: identify_project, get_compute_status, get_active_work_session, and finish_work_session. Each tool returns project and session metadata — the repository, compute key, target agent, and session timestamps. None return the provider key, and none observe prompts, responses, files, diffs, commits, pull requests, or issues.

A skill file, plugin, or generated config rule instructs the agent to call identify_project at session start and surface the project context. The instruction cannot expand to request sensitive data — the MCP server simply does not have it.

Spend attribution works through the provider's own API ledger: OpenRouter sees your compute key in every request and links token spend to that key. The local MCP server plays no role in spend tracking. opub does not observe your prompts or responses.

If you use the key directly without opub run, spend still accrues to the project. The local session link will not be present, but everything else works the same.

Was this helpful?

Send feedback Edit on GitHub →