taikutaiku
User GuidePluginsAPI Reference

CLI reference

taiku CLI commands, flags, and environment variables.

The taiku CLI creates collaborative terminal sessions, manages authentication, exposes tunnels, and configures filesystem sandboxing. This page is a reference for the main commands and options. For real-world usage patterns, see Scenarios and Common Workflows.

taiku

Start a new collaborative terminal session. This is the primary command. Running taiku with no subcommand creates a session, connects to the server, and opens the session URL in your browser or desktop app.

taiku [OPTIONS]

When you run taiku, it:

  1. Resolves your authentication credentials.
  2. Connects to the taiku server to register the session.
  3. Spawns a local shell process (your default shell, or the one specified with --shell).
  4. Opens the session URL in the taiku desktop app (or browser, depending on configuration).
  5. Copies the session URL to your clipboard.
  6. Streams terminal I/O between your local shell and the server until you exit.

Options

OptionDescription
--shell <SHELL>Shell command to run instead of your default shell. It can be any executable, including /bin/bash, /bin/zsh, fish, or python3. If omitted, taiku uses the SHELL environment variable or falls back to /bin/sh.
--name <NAME>Display name for the session. Shown in the title bar and session list. Defaults to user@hostname.
--quiet / -qQuiet mode. Suppresses the greeting banner and only prints the session URL to stdout. Useful for scripting.
--verbose / -vEnable verbose logging output. Prints debug-level logs to stderr.
--no-appSkip opening the desktop app. The session URL opens in your default browser instead. Use this on remote servers without a GUI, or when you prefer the browser experience.
--no-browserDo not open a browser window on startup. The session URL is still printed and copied to clipboard.
--no-copyDo not copy the session URL to the clipboard on startup.
--enable-readersGenerate separate reader, writer, and admin URLs. Each role gets its own standalone link (its own URL fragment) — there is no extra password appended to the link. The reader link can view but not type; the writer link can type; the admin link can also manage tunnels.
--token <TOKEN>Use a specific API token for authentication instead of the stored credentials or environment variable.
--tunnel <PORTS>Expose local ports as HTTP tunnels, accessible to session participants. Accepts a comma-separated list of port numbers. If you don't pass this flag, taiku declares port 3000 by default.
--open-tunnelAuto-approve all tunnel port requests from session users. Without this flag, each tunnel port request requires manual approval in the terminal.
--sandbox <PATH>Restrict the shell to a workspace directory using the operating system's built-in filesystem sandboxing. The shell can only access files within the specified path.
--sandbox-roMake the sandbox workspace read-only. Implies --sandbox. The shell can read files in the workspace but cannot create, modify, or delete them.
--sandbox-mode <MODE>Sandbox behavior profile. Options are isolated (default) and trusted. Trusted mode relaxes certain restrictions for scenarios where the sandboxed process needs broader system access.
--sandbox-allow <PATH>Add an additional path to the sandbox read-only allow list. Can be repeated to allow multiple paths.
--sandbox-bridge-claude-authAllow sandboxed shells to reuse host Claude authentication and configuration state.
--sandbox-bridge-codex-authAllow sandboxed shells to reuse host Codex authentication and configuration state.
--sandbox-bridge-opencode-authAllow sandboxed shells to reuse host OpenCode authentication and configuration state.
--sandbox-bridge-amp-authAllow sandboxed shells to reuse host Amp authentication and configuration state.
--sandbox-bridge-cursor-authAllow sandboxed shells to reuse host Cursor agent authentication and configuration state.
--no-sandbox-claude-authDeny sandboxed shells access to host Claude auth/config, including trusted sandbox mode.
--no-sandbox-codex-authDeny sandboxed shells access to host Codex auth/config, including trusted sandbox mode.
--no-sandbox-opencode-authDeny sandboxed shells access to host OpenCode auth/config, including trusted sandbox mode.
--no-sandbox-amp-authDeny sandboxed shells access to host Amp auth/config, including trusted sandbox mode.
--no-sandbox-cursor-authDeny sandboxed shells access to host Cursor agent auth/config, including trusted sandbox mode.
--no-nested-toolsDo not forward Taiku tool integrations into interactive ssh or docker exec shells launched from the session.
--no-nested-atuinDo not forward Taiku-scoped Atuin config/history into interactive ssh or docker exec shells launched from the session.
--server <URL>Address of the remote taiku server. Defaults to https://taiku.live. Same as TAIKU_SERVER. The flag is accepted globally but omitted from taiku --help; prefer the env var for scripts.

taiku new

Start another taiku session from this machine, in addition to any you already have running.

taiku new [PATH] [OPTIONS]

PATH is the directory the new session starts in (defaults to the current directory).

OptionDescription
--name <NAME>Session name shown in the title.
--no-sandboxStart without a filesystem sandbox.
--sandbox-path <PATH>Restrict the new session to an explicit directory.
--sandbox-roMake the sandbox workspace read-only.
--trustedUse trusted sandbox mode (see --sandbox-mode).

taiku local

Start a local-only session on a loopback server, with no traffic leaving your machine. Useful for working offline or keeping a session fully private.

taiku local [PATH] [OPTIONS]

It takes the same PATH and sandbox options as taiku new, plus:

OptionDescription
--port <PORT>Loopback port for the local server. Defaults to a free port.
--server-bin <PATH>Path to the taiku-server binary (see note below).

taiku local runs its own loopback server, so it needs the taiku-server binary available. It looks for one next to the taiku binary or at TAIKU_SERVER_BIN; if your install doesn't include it, point --server-bin at one.

taiku login

Authenticate with your taiku account. This stores credentials locally so subsequent taiku commands are authenticated.

taiku login [OPTIONS]

On machines with a browser, taiku login opens the OAuth login page. You authenticate in the browser, and the CLI receives the credentials automatically via the device authorization flow.

On machines without a desktop (typical servers or build runners), taiku login prints a URL and a device code. You visit the URL on any device, enter the code, and authenticate. The CLI polls for completion and stores the credentials when the flow succeeds.

Options

OptionDescription
--token <TOKEN>Provide an API token directly instead of using the interactive device flow. Useful for automated pipelines where browser-based auth is not possible.
--forceRe-run the sign-in flow even when valid credentials already exist — for example, to switch accounts.

Where credentials are stored

After successful login, credentials are written to ~/.config/taiku/credentials:

{
  "server": "https://taiku.live",
  "api_key": "tk_...",
  "email": "you@example.com"
}

This file is readable only by your user. The CLI reads it automatically on every invocation. If you are already signed in, taiku login reports that account and exits without re-running the sign-in flow — so taiku sessions you start are already authenticated. To switch accounts, run taiku logout first, or taiku login --force to overwrite the existing credentials.

Inside a taiku session, taiku login and taiku logout are unavailable: the session already runs as your signed-in account, so manage credentials from your host machine instead.

taiku logout

Remove stored credentials and log out.

taiku logout

This deletes the ~/.config/taiku/credentials file. After logging out, taiku commands that require authentication will prompt you to log in again.

taiku sandbox

Manage the persistent sandbox allow-list. This lets you pre-configure paths that sandboxed sessions can access without specifying --sandbox-allow every time.

taiku sandbox allow

Add a path to the persistent allow-list.

taiku sandbox allow <PATH> [--rw]
OptionDescription
--rwGrant read-write access instead of the default read-only.

taiku sandbox deny

Remove a path from the allow-list.

taiku sandbox deny <PATH>

taiku sandbox list

Show all currently allowed paths.

taiku sandbox list

taiku tools

Install and manage the command-line tools taiku uses, routing each install to the right manager (mise, Homebrew, or your system package manager).

CommandDescription
install [SPEC] [--global]Install a tool. SPEC can be a tool name, or an explicit manager:package like brew:wget or mise:node@20. Omit it to open an interactive picker. --global installs into the shared environment instead of this project's.
exec <TOOL> -- [ARGS]Run a tool at its resolved version without installing it permanently.
search [QUERY] [--list]Search the catalog of installable tools.
syncInstall everything pinned in this project's taiku.lock.
sharePrint taiku.lock to stdout so you can copy it to another machine and taiku tools sync.
bootstrap [--brew]Ensure the base managers exist and apply the baseline tool set. --brew also runs your Homebrew bundle (macOS).
bootstrap-defaultsInstall just the default taiku tool set into taiku's managed bin directory.

taiku install

Shortcut for taiku tools install.

taiku install [SPEC] [--global]

With no SPEC, it opens the interactive picker.

taiku init

Print shell setup code that adds taiku's terminal helpers to your shell. Run it once from your shell config so the helpers load in every new shell.

# zsh / bash — add to ~/.zshrc or ~/.bashrc
eval "$(taiku init zsh)"
eval "$(taiku init bash)"

# PowerShell — add to your $PROFILE
taiku init pwsh | Out-String | Invoke-Expression

The setup code installs a switch shell function (so taiku switch can change your current directory) along with lightweight wrappers that make taiku's path and tool integrations work smoothly inside your shell. On PowerShell, which reserves the switch keyword, it installs a Switch-Worktree function with an sw alias instead.

OptionDescription
--aggressiveInstall a broader set of command wrappers where the shell supports it. Use only if the default helpers miss something; off by default.

taiku switch

Jump between git worktrees and branches with a fuzzy picker. Run it inside any git repository.

taiku switch [NAME] [OPTIONS]

With no argument, taiku switch opens an interactive picker (using fzf or sk if installed, otherwise a numbered list) over your worktrees and branches. Pick one and your shell changes into it. With a NAME, it jumps directly:

  • A name that matches an existing worktree changes into that worktree.
  • A branch name without a worktree creates one under <repo>/.claude/worktrees/<name>/ and changes into it.
  • Anything else prints an error.

To change your current directory, taiku switch relies on the switch shell function installed by taiku init. Once that is set up, you can also just type switch instead of taiku switch.

Picker controls

When the fzf/sk picker is open:

KeyAction
EnterSwitch to the selected worktree/branch
Ctrl+OOpen the row's pull request in a browser tile
Ctrl+GView the worktree's diff in taiku
Ctrl+R / Ctrl+N / Ctrl+PRe-sort by recent / name / path
Ctrl+A / Ctrl+W / Ctrl+BShow all / only worktrees / only branches

The list is ranked by how often and how recently you switch into each worktree, with the current worktree pinned at the top. Open pull requests for a branch are shown inline when the GitHub CLI (gh) is installed and authenticated.

Options

OptionDescription
--sort <recent|name|path>Initial sort order. recent (default) puts newest commits first; name and path are alphabetical.
--filter <all|worktrees|branches>Which candidates to show. all is the default.
--no-pickerForce the plain numbered prompt even when fzf/sk is installed.
--listPrint the candidate list instead of switching. Useful for scripting.

taiku bystand

Keep the device online and listen for remote session commands. This is a long-running mode where the CLI stays connected to the server without starting an interactive session, waiting for remote instructions from the dashboard.

taiku bystand

Use this on machines that should be remotely accessible but do not need an active session running at all times. While it is running, the device accepts remote Start session commands from the dashboard. The desktop app achieves the same thing with a GUI; taiku bystand does the same without a local window.

taiku remote

Request remote desktop from inside a taiku session shell.

taiku remote [--session <name>] [--client <id>] [--password <password>]

This command is only available inside a shell that was created by taiku. It is for the case where you are already in a remote taiku terminal from another computer and want to open the host's desktop in the taiku desktop app.

When you run it, taiku sends a remote desktop request to the connected session client. If the host requires manual approval, the command prints that the request is pending and waits for approval, rejection, or timeout. If the host uses password-only access, pass --password.

OptionDescription
--session <name>Target a specific session instead of the current taiku session.
--client <id>Target a specific connected client from taiku func list-users.
--password <password>Remote desktop guard password, when the host requires password approval.

taiku remote does not start a new terminal session. It uses the session you are already in, and it still follows the normal remote desktop requirements: both sides need the desktop app, the controller must be a different device from the host, and the host's guard mode may require approval.

taiku share

Publish the session you are already in to a shareable link, without interrupting your live terminal. Run it from inside a session you are hosting on this machine.

taiku share [OPTIONS]

taiku share snapshots the running session and moves its hosting onto a server so the link works from anywhere, then prints the URL to send to collaborators. Your terminal keeps running throughout; only where the session is hosted changes. Run outside a session, it prints an error telling you to start one first.

Everyone with the link can type by default. Start the session with --enable-readers if you also want a read-only link to hand out.

OptionDescription
--keep-pathPreserve the host filesystem path on the destination. Off by default.
--server <URL>Destination server for the share. Defaults to the global server.

To hand the session to a managed machine instead of hosting it from your device, see taiku cloud.

taiku cloud

Provision or reuse a managed cloud workspace for a local project, start file sync, and open a taiku session on the cloud machine.

taiku cloud [PATH] [OPTIONS]

If PATH is omitted, taiku uses the current directory. The local path becomes a binding, so future runs from that same path reopen the same workspace when possible.

Run from inside a session, taiku cloud moves that session's project onto the managed machine and continues there, so it survives device sleep and stays reachable from anywhere.

Options

OptionDescription
--verbosePrint full underlying errors instead of shorter user-facing messages.
--no-transfer-agent-configsSkip the one-time transfer of supported local agent configs and dotfiles.
--no-cloud-claude-authDo not transfer Claude auth/config into the cloud workspace.
--no-cloud-codex-authDo not transfer Codex auth/config into the cloud workspace.
--no-cloud-opencode-authDo not transfer OpenCode auth/config into the cloud workspace.
--no-cloud-cursor-authDo not transfer Cursor agent auth/config into the cloud workspace.
--no-cloud-amp-authDo not transfer Amp auth/config into the cloud workspace.
--refresh-agentsRe-run agent config transfer for a workspace that already received one.

The default transfer also includes Taiku user preferences that should follow the workspace, such as global .taikuignore rules and tool configuration. Those preferences refresh on later taiku cloud runs. Machine identity, login credentials, active-session state, diagnostics, and sandbox path approvals stay local.

Subcommands

CommandDescription
status [--all] [--path <PATH>]Show the workspace bound to a path, or every workspace with --all.
close [--path <PATH>]Close the active taiku session on the workspace without stopping it.
sleep [--path <PATH>]Pause the workspace's backing machine while keeping identity and data.
resume [--path <PATH>]Wake a sleeping workspace.
restart [--path <PATH>]Restart the workspace's existing backing machine.
resize <SIZE_GB> [--path <PATH>]Grow the workspace's persistent volume to SIZE_GB gigabytes.
sync [--install|--uninstall] [--path <PATH>]Reconcile the background file-sync session for the workspace.
detach [--path <PATH>]Remove the local-path binding without deleting the workspace.
attach <WORKSPACE_ID> [PATH]Bind a local path to an existing workspace.
delete [--path <PATH>] [--yes]Permanently delete the workspace and its backing infrastructure.

rebuild [--path <PATH>] [--yes] is available only on dev-mode servers. It replaces the backing machine with the current server cloud image for local cloud-image iteration.

.taikuignore

Taiku initializes a global ignore file at ~/.config/taiku/taikuignore the first time an ignore-aware command needs it. That file contains editable default rules for cloud sync and recursive scans, such as node_modules/, target/, .svelte-kit/, and logs.

Add .taikuignore at the workspace root for path-specific rules. Workspace rules are applied after the global file, so they can add ignores or opt back in with ! negation:

private/
archive/
generated-docs/
vendor-notes/
*.log
!private/keep.md
!node_modules/

Blank lines and # comments are ignored. Some feature policies are still separate: markdown scans keep crawl limits and root dot-directory handling, and gitfile worktrees keep cloud-local .git handling so remote git diff works. Ignore files apply to recursive work only; explicitly opening or reading a file is not blocked by the ignore file.

For the end-to-end workflow, see Cloud workspaces.

taiku func

Remote session management. Control a running taiku session from the CLI or from inside a taiku terminal. Commands are relayed through the server to the browser client, which executes them and returns results as JSON.

taiku func [--session <name>] <command> [args]

How it works:

  • When you start a session with taiku, the session name is written to ~/.config/taiku/active-session. taiku func reads this file to know which session to target.
  • Commands are sent via HTTP to the server, which relays them over WebSocket to a connected client. A session window must be open (browser or desktop app) for commands to work. If nothing is connected, commands time out after a few seconds.
  • taiku func works inside taiku terminals. It's one of the few commands not blocked by the nested-session guard.
  • Use --session <name> to target a specific session instead of the active one.
  • Use --client <id> (from list-users) when several participants are connected and you need to control a specific client.
  • Commands that affect terminals follow the session's normal control model. You can manage your own terminals; other active participants' terminals require handoff or tunnel-admin access.

Layout commands

CommandDescription
split-h [--tile <key>]Split tile horizontally
split-v [--tile <key>]Split tile vertically
close-tile [--tile <key>]Close a tile
reset-layoutReset to balanced grid
toggle-direction [--tile <key>]Toggle split H/V
set-ratio <ratio> [--tile <key>]Set split ratio (0.1-0.9)
swap-tiles <key-a> <key-b>Swap two tiles
maximize [--tile <key>]Maximize a tile
focus-tile <key>Focus a tile
focus-direction <left|right|up|down>Focus neighbor tile
rename-tile <name> [key]Rename a tile (key defaults to focused)
get-layoutPrint layout tree as JSON
list-tilesList all tiles
get-tab-groupsList tab groups

Workspace commands

CommandDescription
list-workspacesList workspace pages
create-workspaceCreate new workspace
switch-workspace <index>Switch workspace page
list-user-tiles <user-id>List tiles for user ID from list-users
setup --grid <RxC> [--tiles <spec>] [--commands <c1,c2,...>]Create grid layout on target client

Shell commands

CommandDescription
list-shellsList shells with sizes
create-shellCreate a new shell
close-shell <id>Close a shell
write-to-shell <id> <data>Write to a shell
run <command> [--tile <key>]Run command in a tile
get-shell-output <id> [--chunks N]Get terminal output
get-terminal-namesGet shell names

Session info commands

CommandDescription
get-sessionSession metadata
list-usersList connected users
get-roleGet your role
get-ownershipShell ownership info
adopt-shell <id>Adopt a shell

Chat commands

CommandDescription
get-chatGet chat history
send-chat <message>Send chat message
broadcast-event <type> [--data <json>]Broadcast plugin event

Agent commands

CommandDescription
list-agentsList active AI agents
get-agent-costToken usage summary
list-agent-sessionsList agent sessions
get-agent-events <session-id> [--types] [--limit]Get session events

Other commands

CommandDescription
list-tunnelsList tunnel ports
toast <message> [--kind info|success|error]Show toast notification
notify <title> [--body <text>]Send notification
show-layoutASCII layout view
show-treeTree layout view

taiku logs

Manage local diagnostic logs the CLI stores for support and debugging.

taiku logs export

Export diagnostic logs as an encrypted bundle.

taiku logs export [--output <FILE>]
OptionDescription
--output <FILE> / -oWhere to write the bundle. Defaults to taiku-logs-<timestamp>.tkl.

taiku logs clear

Clear all stored diagnostic logs.

taiku logs clear

taiku logs status

Show how many log entries are stored and approximate database size.

taiku logs status

taiku update

Check for a newer taiku release and optionally self-update.

taiku update
OptionDescription
--checkOnly check for updates; do not install

Environment variables

VariableDescriptionDefault
SHELLDefault shell for new sessions. Taiku reads this when --shell is not provided.System default
TAIKU_TOKENAPI token for authentication. Checked after --token flag but before the credentials file.Not set
TAIKU_SERVEROverride the server URL (same as the global --server flag).https://taiku.live

On this page