[ 200 OK ][ ANALYZE ][ .SARIF ][ FIX-PR ]
getdebug

CLI Docs

Set up the getdebug CLI in two minutes

A security-aware code-intel CLI. There's a real free tier — the secrets scanner runs with zero setup and no account — and a --local mode that keeps your code on your machine. Everything below is also in the README and getdebug <command> --help.

Install

Pick one

# npm — downloads the right prebuilt binary for your platform
npm i -g @getdebug/cli

# Go developers
go install github.com/getdebug-ai/cli/cmd/getdebug@latest

Prefer a raw binary? Grab one for macOS / Linux / Windows (x86_64 + arm64) from the releases page.

Zero setup

Scan for secrets right now

No account, no network. Walks your tree and flags hard-coded credentials — AWS, GitHub, Stripe, Slack, OpenAI keys, private-key blocks, and high-entropy strings near credential keywords.

getdebug analyze .

# In CI — fail the build on any critical finding:
getdebug analyze . --ci --fail-on=critical

Success looks like scanned N files in <1s and a numbered list of findings (or zero). Exit code is 0 when clean, 1 when findings hit the threshold under --ci.

Local mode — your code stays on your laptop

Code intelligence via Ollama

index --local and search --local embed and search your repo entirely on-device. Nothing reaches getdebug's servers. One-time setup:

1. Install Ollama (free, open source) — pick your OS

brew install ollama
# …or download the app from https://ollama.ai
ollama serve                 # start the daemon
ollama pull nomic-embed-text # getdebug's local embedding model

2. Index and search your repo (same on every OS)

getdebug index --local
getdebug search --local "validate webhook signature"

Swap models with --model (e.g. mxbai-embed-large for stronger recall, all-minilm for speed). Confirm Ollama is up on any platform with curl http://localhost:11434/api/tags.

Reference

Commands

getdebug analyze .Scan for secrets, no account or network needed.
getdebug analyze . --ci --fail-on=criticalGate CI; non-zero exit on findings.
getdebug analyze . --sarif=out.sarifSARIF 2.1.0 for GitHub Code Scanning.
getdebug index --localBuild an on-device code index via Ollama.
getdebug search --local "<query>"Semantic search across your indexed code.
getdebug loginAuthenticate for hosted analysis + fix PRs.
getdebug statusIdentity, recent runs, recent fix PRs.
getdebug fix <id> --applyApply a generated patch (reversible backup).
getdebug undoRestore the most recent applied fix.

What's free

Free vs. hosted

Free, no account

The secrets scanner, CI gating, SARIF output, and --local indexing/search via Ollama. Forever.

Hosted

Sign in with getdebug login for server-side analysis with frontier models and auto-fix PRs. See pricing.

MCP server

Use getdebug from Claude or Cursor

@getdebug/mcp is a Model Context Protocol server. Once configured, your AI client can call five tools against your getdebug org: list_projects, list_findings, get_finding, list_fixes, and start_scan. It reuses the same bearer token getdebug login already stores — no extra auth.

Claude Desktop

Add to ~/Library/Application Support/Claude/claude_desktop_config.json (or your OS equivalent), then restart Claude Desktop:

{
  "mcpServers": {
    "getdebug": {
      "command": "npx",
      "args": ["-y", "@getdebug/mcp"]
    }
  }
}

Cursor

Add the same block to ~/.cursor/mcp.json (or .cursor/mcp.json per workspace).

The server reads ~/.getdebug/config.json with the same 0600 perm check the CLI enforces. Override the API base with GETDEBUG_API_URL for staging or local dev.

Full reference + source

The complete guide, every flag, and the source live on GitHub. Issues and contributions welcome.

github.com/getdebug-ai/cli