Skip to main content

Global Options

codeant --version    # Show CLI version
codeant --help       # Show help for all commands
codeant <command> --help  # Show help for a specific command

Authentication

login

Authenticate with CodeAnt AI via browser-based OAuth. 
codeant login

logout

Sign out and remove stored credentials. 
codeant logout

set-token

Store an authentication token for an SCM platform. 
codeant set-token <remote> <token>
Supported remotes: github, gitlab, bitbucket, azure Examples: 
codeant set-token github ghp_xxxxxxxxxxxx
codeant set-token gitlab glpat-xxxxxxxxxxxx
codeant set-token bitbucket ATBB_xxxxxxxxxxxx
codeant set-token azure xxxxxxxxxxxx

Code Scanning

All scanning commands share a common set of options for controlling scan scope and file filtering.

Common Scan Options

These options apply to secrets:
OptionDescription
--stagedScan only staged files (default)
--allScan all changed files compared to base branch
--uncommittedScan all uncommitted changes (staged + unstaged + untracked)
--last-commitScan files from the last commit
--last-n-commits <n>Scan files from the last n commits (max 5)
--include <patterns>Comma-separated glob patterns to include files
--exclude <patterns>Comma-separated glob patterns to exclude files
Glob Pattern Syntax:
  • * matches any characters except /
  • ** matches any characters including /
  • *.{js,ts} matches multiple extensions (brace expansion is supported)
  • Multiple patterns: --exclude 'test/**,dist/**'

secrets

Scan code for exposed secrets, API keys, and credentials. 
codeant secrets [options]
Secrets-Specific Options:
OptionDescription
--fail-on <level>Fail threshold: HIGH, MEDIUM, or all (default: HIGH)
Confidence Levels:
LevelDescription
HIGHHigh confidence — likely a real secret
MEDIUMMedium confidence — may require manual review
FALSE_POSITIVEDetected but likely not a real secret (always ignored)
Exit Codes:
  • 0 — No blocking secrets found (or only false positives)
  • 1 — Secrets detected that match the --fail-on threshold
Examples: 
# Scan staged files (default)
codeant secrets

# Scan all changed files on this branch
codeant secrets --all

# Scan the last commit
codeant secrets --last-commit

# Scan last 3 commits
codeant secrets --last-n-commits 3

# Fail on HIGH and MEDIUM confidence secrets
codeant secrets --fail-on MEDIUM

# Fail on all secrets except false positives
codeant secrets --fail-on all

# Filter by file patterns
codeant secrets --include '**/*.js' --exclude 'node_modules/**,*.test.js'
Example Output: Secrets found (blocking): 
✗ 2 secret(s) found!

src/config.js
  Line 5: AWS Access Key (HIGH)
  Line 12: API Key (HIGH)

Remove secrets before committing.
Only false positives (non-blocking): 
⚠ 1 potential secret(s) found (ignored)

Ignored (false positives):
  src/example.js
    Line 10: Generic Secret (FALSE_POSITIVE)

✓ Commit allowed (only false positives found)
No secrets: 
✓ No secrets found

Configuration

set-base-url

Set a custom API base URL for self-hosted CodeAnt deployments. 
codeant set-base-url <url>
Example: 
codeant set-base-url https://api.your-company.com

get-base-url

Display the current API base URL and where it’s configured. 
codeant get-base-url

Configuration File

All configuration is stored in ~/.codeant/config.json. Configuration Keys:
KeyDescription
apiKeyCodeAnt AI API token (set via codeant login)
baseUrlAPI base URL (set via codeant set-base-url)
githubTokenGitHub token (set via codeant set-token github)
gitlabTokenGitLab token (set via codeant set-token gitlab)
bitbucketTokenBitbucket token (set via codeant set-token bitbucket)
azureDevOpsTokenAzure DevOps token (set via codeant set-token azure)
githubBaseUrlGitHub Enterprise API URL
gitlabBaseUrlSelf-hosted GitLab URL
bitbucketBaseUrlBitbucket Server URL
Environment Variables:
VariableDescription
CODEANT_API_URLOverride API base URL
CODEANT_API_TOKENOverride API authentication token
GITHUB_TOKEN / GH_TOKENGitHub authentication
GITHUB_API_URL / GH_ENTERPRISE_URLGitHub Enterprise API URL
GITLAB_TOKENGitLab authentication
GITLAB_URL / GITLAB_HOSTSelf-hosted GitLab URL
BITBUCKET_TOKENBitbucket authentication
BITBUCKET_URL / BITBUCKET_SERVER_URLBitbucket Server URL
AZURE_DEVOPS_TOKEN / AZURE_DEVOPS_PATAzure DevOps authentication
Priority Order:
  1. Environment variables (highest)
  2. Platform CLI tools (gh, glab)
  3. Config file (~/.codeant/config.json)
  4. Default values