Use this skill whenever the user needs backend infrastructure management — creating database tables, running SQL, deploying serverless functions, managing st...
---
name: insforge-cli
description: >-
Use this skill whenever the user needs backend infrastructure management — creating database tables, running SQL, deploying serverless functions, managing storage buckets, deploying frontend apps, adding secrets, setting up cron jobs, or checking logs — especially if the project uses InsForge. Trigger on any of these contexts: creating or altering database tables/schemas, writing RLS policies via SQL, deploying or invoking edge functions, creating storage buckets, deploying frontends to hosting, managing secrets/env vars, setting up scheduled tasks/cron, viewing backend logs, or exporting/importing database backups. If the user asks for these operations generically (e.g., "create a users table", "deploy my app", "set up a cron job") and you're unsure whether they use InsForge, consult this skill and ask. For writing frontend application code with the InsForge SDK (@insforge/sdk), use the insforge skill instead.
license: Apache-2.0
metadata:
author: insforge
version: "1.0.0"
organization: InsForge
date: February 2026
---
# InsForge CLI
Command-line tool for managing InsForge Backend-as-a-Service projects.
## Critical: Session Start Checks
**First**, ensure the CLI is installed. Run `insforge whoami` — if the command is not found, install it:
```bash
npm install -g @insforge/cli
```
**Then** verify authentication and project:
```bash
insforge whoami # verify authentication
insforge current # verify linked project
```
If not authenticated: `insforge login`
If no project linked: `insforge create` (new) or `insforge link` (existing)
## Global Options
| Flag | Description |
|------|-------------|
| `--json` | Structured JSON output (for scripts and agents) |
| `-y, --yes` | Skip confirmation prompts |
## Exit Codes
| Code | Meaning |
|------|---------|
| 0 | Success |
| 1 | General error (e.g., HTTP 400+ from function invoke) |
| 2 | Not authenticated |
| 3 | Project not linked |
| 4 | Resource not found |
| 5 | Permission denied |
## Environment Variables
| Variable | Description |
|----------|-------------|
| `INSFORGE_ACCESS_TOKEN` | Override stored access token |
| `INSFORGE_PROJECT_ID` | Override linked project ID |
| `INSFORGE_EMAIL` | Email for non-interactive login |
| `INSFORGE_PASSWORD` | Password for non-interactive login |
---
## Commands
### Authentication
- `insforge login` — OAuth (browser) or `--email` for password login. See [references/login.md](references/login.md)
- `insforge logout` — clear stored credentials
- `insforge whoami` — show current user
### Project Management
- `insforge create` — create new project. See [references/create.md](references/create.md)
- `insforge link` — link directory to existing project
- `insforge current` — show current user + linked project
- `insforge list` — list all orgs and projects
- `insforge metadata` — show backend metadata (auth config, database tables, storage buckets, edge functions, AI models, realtime channels). Use `--json` for structured output. **Run this first** to discover what's configured before building features.
### Database — `insforge db`
- `insforge db query <sql>` — execute raw SQL. See [references/db-query.md](references/db-query.md)
- `insforge db tables / indexes / policies / triggers / functions` — inspect schema
- `insforge db rpc <fn> [--data <json>]` — call database function (GET if no data, POST if data)
- `insforge db export` — export schema/data. See [references/db-export.md](references/db-export.md)
- `insforge db import <file>` — import from SQL file. See [references/db-import.md](references/db-import.md)
### Edge Functions — `insforge functions`
- `insforge functions list` — list deployed functions
- `insforge functions code <slug>` — view function source
- `insforge functions deploy <slug>` — deploy or update. See [references/functions-deploy.md](references/functions-deploy.md)
- `insforge functions invoke <slug> [--data <json>] [--method GET|POST]` — invoke function
### Storage — `insforge storage`
- `insforge storage buckets` — list buckets
- `insforge storage create-bucket <name> [--private]` — create bucket (default: public)
- `insforge storage delete-bucket <name>` — delete bucket and **all its objects** (destructive)
- `insforge storage list-objects <bucket> [--prefix] [--search] [--limit] [--sort]` — list objects
- `insforge storage upload <file> --bucket <name> [--key <objectKey>]` — upload file
- `insforge storage download <objectKey> --bucket <name> [--output <path>]` — download file
### Deployments — `insforge deployments`
- `insforge deployments deploy [dir]` — deploy frontend app. See [references/deployments-deploy.md](references/deployments-deploy.md)
- `insforge deployments list` — list deployments
- `insforge deployments status <id> [--sync]` — get deployment status (--sync fetches from Vercel)
- `insforge deployments cancel <id>` — cancel running deployment
### Secrets — `insforge secrets`
- `insforge secrets list [--all]` — list secrets (values hidden; `--all` includes deleted)
- `insforge secrets get <key>` — get decrypted value
- `insforge secrets add <key> <value> [--reserved] [--expires <ISO date>]` — create secret
- `insforge secrets update <key> [--value] [--active] [--reserved] [--expires]` — update secret
- `insforge secrets delete <key>` — **soft delete** (marks inactive; restore with `--active true`)
### Schedules — `insforge schedules`
- `insforge schedules list` — list all scheduled tasks (shows ID, name, cron, URL, method, active, next run)
- `insforge schedules get <id>` — get schedule details
- `insforge schedules create --name --cron --url --method [--headers <json>] [--body <json>]` — create a cron job (5-field cron format only)
- `insforge schedules update <id> [--name] [--cron] [--url] [--method] [--headers] [--body] [--active]` — update schedule
- `insforge schedules delete <id>` — delete schedule (with confirmation)
- `insforge schedules logs <id> [--limit] [--offset]` — view execution logs
### Logs — `insforge logs`
- `insforge logs <source> [--limit <n>]` — fetch backend container logs (default: 20 entries)
| Source | Description |
|--------|-------------|
| `insforge.logs` | Main backend logs |
| `postgREST.logs` | PostgREST API layer logs |
| `postgres.logs` | PostgreSQL database logs |
| `function.logs` | Edge function execution logs |
> Source names are case-insensitive: `postgrest.logs` works the same as `postgREST.logs`.
### Documentation — `insforge docs`
- `insforge docs` — list all topics
- `insforge docs instructions` — setup guide
- `insforge docs <feature> <language>` — feature docs (`db / storage / functions / auth / ai / realtime` × `typescript / swift / kotlin / rest-api`)
> For writing application code with the InsForge SDK, use the insforge (SDK) skill instead, and use the `insforge docs <feature> <language>` to get specific SDK documentation.
---
## Non-Obvious Behaviors
**Functions invoke URL**: invoked at `{oss_host}/functions/{slug}` — NOT `/api/functions/{slug}`. Exits with code 1 on HTTP 400+.
**Secrets delete is soft**: marks the secret inactive, not destroyed. Restore with `insforge secrets update KEY --active true`. Use `--all` with `secrets list` to see inactive ones.
**Storage delete-bucket is hard**: deletes the bucket and every object inside it permanently.
**db rpc uses GET or POST**: no `--data` → GET; with `--data` → POST.
**Schedules use 5-field cron only**: `minute hour day month day-of-week`. 6-field (with seconds) is NOT supported. Headers can reference secrets with `${{secrets.KEY_NAME}}`.
---
## Common Workflows
### Set up database schema
```bash
insforge db query "CREATE TABLE posts (
id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
title TEXT NOT NULL,
content TEXT,
author_id UUID REFERENCES auth.users(id),
created_at TIMESTAMPTZ DEFAULT now()
)"
insforge db query "ALTER TABLE posts ENABLE ROW LEVEL SECURITY"
insforge db query "CREATE POLICY \"public_read\" ON posts FOR SELECT USING (true)"
insforge db query "CREATE POLICY \"owner_write\" ON posts FOR INSERT WITH CHECK (auth.uid() = author_id)"
```
> FK to users: always `auth.users(id)`. RLS current user: `auth.uid()`.
### Deploy an edge function
```bash
# Default source path: insforge/functions/{slug}/index.ts
insforge functions deploy my-handler
insforge functions invoke my-handler --data '{"action": "test"}'
```
### Deploy frontend
**Always verify the local build succeeds before deploying.** Local builds are faster to debug and don't waste server resources.
```bash
# 1. Build locally first
npm run build
# 2. Deploy
insforge deployments deploy ./dist --env '{"VITE_API_URL": "https://my-app.us-east.insforge.app"}'
```
**Environment variable prefix by framework:**
| Framework | Prefix | Example |
|-----------|--------|---------|
| Vite | `VITE_` | `VITE_INSFORGE_URL` |
| Next.js | `NEXT_PUBLIC_` | `NEXT_PUBLIC_INSFORGE_URL` |
| Create React App | `REACT_APP_` | `REACT_APP_INSFORGE_URL` |
| Astro | `PUBLIC_` | `PUBLIC_INSFORGE_URL` |
| SvelteKit | `PUBLIC_` | `PUBLIC_INSFORGE_URL` |
**Pre-deploy checklist:**
- [ ] `npm run build` succeeds locally
- [ ] All required env vars configured with correct framework prefix
- [ ] Edge function directories excluded from frontend build (if applicable)
- [ ] Never include `node_modules`, `.git`, `.env`, `.insforge`, or build output in the zip
- [ ] Build output directory matches framework's expected output (`dist/`, `build/`, `.next/`, etc.)
### Backup and restore database
```bash
insforge db export --output backup.sql
insforge db import backup.sql
```
### Schedule a cron job
```bash
# Create a schedule that calls a function every 5 minutes
insforge schedules create \
--name "Cleanup Expired" \
--cron "*/5 * * * *" \
--url "https://my-app.us-east.insforge.app/functions/cleanup" \
--method POST \
--headers '{"Authorization": "Bearer ${{secrets.API_TOKEN}}"}'
# Check execution history
insforge schedules logs <id>
```
#### Cron Expression Format
InsForge uses **5-field cron expressions** (pg_cron format). 6-field expressions with seconds are NOT supported.
```
┌─────────────── minute (0-59)
│ ┌───────────── hour (0-23)
│ │ ┌─────────── day of month (1-31)
│ │ │ ┌───────── month (1-12)
│ │ │ │ ┌─────── day of week (0-6, Sunday=0)
│ │ │ │ │
* * * * *
```
| Expression | Description |
|------------|-------------|
| `* * * * *` | Every minute |
| `*/5 * * * *` | Every 5 minutes |
| `0 * * * *` | Every hour (at minute 0) |
| `0 9 * * *` | Daily at 9:00 AM |
| `0 9 * * 1` | Every Monday at 9:00 AM |
| `0 0 1 * *` | First day of every month at midnight |
| `30 14 * * 1-5` | Weekdays at 2:30 PM |
#### Secret References in Headers
Headers can reference secrets stored in InsForge using the syntax `${{secrets.KEY_NAME}}`.
```json
{
"headers": {
"Authorization": "Bearer ${{secrets.API_TOKEN}}",
"X-API-Key": "${{secrets.EXTERNAL_API_KEY}}"
}
}
```
Secrets are resolved at schedule creation/update time. If a referenced secret doesn't exist, the operation fails with a 404 error.
#### Best Practices
1. **Use 5-field cron expressions only**
- pg_cron does not support seconds (6-field format)
- Example: `*/5 * * * *` for every 5 minutes
2. **Store sensitive values as secrets**
- Use `${{secrets.KEY_NAME}}` in headers for API keys and tokens
- Create secrets first via the secrets API before referencing them
3. **Target InsForge functions for serverless tasks**
- Use the function URL format: `https://your-project.region.insforge.app/functions/{slug}`
- Ensure the target function exists and has `status: "active"`
4. **Monitor execution logs**
- Check logs regularly to ensure schedules are running successfully
- Look for non-200 status codes and failed executions
#### Common Mistakes
| Mistake | Solution |
|---------|----------|
| Using 6-field cron (with seconds) | Use 5-field format only: `minute hour day month day-of-week` |
| Referencing non-existent secret | Create the secret first via secrets API |
| Targeting non-existent function | Verify function exists and is `active` before scheduling |
| Schedule not running | Check `isActive` is `true` and cron expression is valid |
#### Recommended Workflow
```
1. Create secrets if needed -> `insforge secrets add KEY VALUE`
2. Create/verify target function -> `insforge functions list`
3. Create schedule -> `insforge schedules create`
4. Verify schedule is active -> `insforge schedules get <id>`
5. Monitor execution logs -> `insforge schedules logs <id>`
```
### Debug with logs
```bash
insforge logs function.logs # function execution issues
insforge logs postgres.logs # database query problems
insforge logs insforge.logs # API / auth errors
insforge logs postgrest.logs --limit 50
```
#### Best Practices
1. **Start with function.logs for function issues**
- Check execution errors, timeouts, and runtime exceptions
2. **Use postgres.logs for query problems**
- Debug slow queries, constraint violations, connection issues
3. **Check insforge.logs for API errors**
- Authentication failures, request validation, general backend errors
#### Common Debugging Scenarios
| Problem | Check |
|---------|-------|
| Function not working | `function.logs` |
| Database query failing | `postgres.logs`, `postgREST.logs` |
| Auth issues | `insforge.logs` |
| API returning 500 errors | `insforge.logs`, `postgREST.logs` |
### Non-interactive CI/CD
```bash
INSFORGE_EMAIL=$EMAIL INSFORGE_PASSWORD=$PASSWORD insforge login --email -y
insforge link --project-id $PROJECT_ID --org-id $ORG_ID -y
insforge db query "SELECT count(*) FROM users" --json
```
---
## Project Configuration
After `create` or `link`, `.insforge/project.json` is created:
```json
{
"project_id": "...",
"appkey": "...",
"region": "us-east",
"api_key": "ik_...",
"oss_host": "https://{appkey}.{region}.insforge.app"
}
```
`oss_host` is the base URL for all SDK and API operations. `api_key` is the admin key for backend API calls.
> **Never commit this file to version control or share it publicly**.
> Do not edit this file manually. Use `insforge link` to switch projects.
don't have the plugin yet? install it then click "run inline in claude" again.
the insforge cli is a command-line tool for managing insforge backend-as-a-service projects. use this skill when the user needs to create or alter database tables and schemas, write row-level security policies via sql, deploy or invoke edge functions, create storage buckets, deploy frontends to hosting, manage secrets and environment variables, set up scheduled tasks (cron jobs), view backend logs, or export/import database backups. the cli bridges local development to insforge's hosted infrastructure. if the user asks for these operations generically (e.g., "create a users table", "deploy my app", "set up a cron job") and you're unsure whether they use insforge, consult this skill. note: for writing frontend application code with the insforge sdk (@insforge/sdk), use the insforge skill instead.
npm install -g @insforge/cliinsforge logininsforge create (new project) or insforge link (existing project)INSFORGE_ACCESS_TOKEN: override stored access tokenINSFORGE_PROJECT_ID: override linked project idINSFORGE_EMAIL: email for non-interactive loginINSFORGE_PASSWORD: password for non-interactive logininsforge metadata --jsonverify cli installation and authentication
insforge whoami to check authentication statusnpm install -g @insforge/cliauthenticate (if needed)
insforge login for oauth (opens browser) or insforge login --email for password-based loginINSFORGE_EMAIL and INSFORGE_PASSWORD env vars, then run insforge login --email -yverify or link project
insforge current to check linked projectinsforge create (new) or insforge link --project-id <id> --org-id <id> (existing).insforge/project.json created with project metadatadiscover project configuration
insforge metadata --json to inspect backend structure (auth config, database tables, storage buckets, edge functions, ai models, realtime channels)execute target operation (choose one path below based on user intent)
path a: database operations
insforge db query "<sql>" to execute raw sql (returns query result or exit code 1 on error)insforge db tables / indexes / policies / triggers / functions to inspect schema (returns text table)insforge db rpc <function_name> [--data <json>] to call a database function (post if data, get if no data)insforge db export --output <file> to dump schema and data (creates sql file)insforge db import <file> to load sql file into database (returns import summary)path b: edge function operations
insforge functions list to show all deployed functions (returns table with slug, status, url, updated_at)insforge functions code <slug> to view function source code (returns file content)insforge functions deploy <slug> to deploy or update a function (reads from insforge/functions/{slug}/index.ts, returns deployment status)insforge functions invoke <slug> [--data <json>] [--method GET|POST] to call the function (returns http response body)path c: storage operations
insforge storage buckets to list all buckets (returns table with name, visibility, created_at)insforge storage create-bucket <name> [--private] to create a bucket (default: public, returns bucket metadata)insforge storage delete-bucket <name> to delete bucket and all objects (destructive, returns confirmation)insforge storage list-objects <bucket> [--prefix] [--search] [--limit] [--sort] to list objects (returns table with key, size, updated_at)insforge storage upload <file> --bucket <name> [--key <objectKey>] to upload file (returns object metadata)insforge storage download <objectKey> --bucket <name> [--output <path>] to download file (returns file written to disk)path d: frontend deployment
npm run build (prevents deploy of broken builds)insforge deployments deploy [dir] [--env '{"KEY": "value"}'] (reads from dir, returns deployment id and status)VITE_ (vite), NEXT_PUBLIC_ (next.js), REACT_APP_ (cra), PUBLIC_ (astro, sveltekit)path e: secrets management
insforge secrets list [--all] to list all secrets (values hidden unless --all, returns table with key, active, expires_at)insforge secrets get <key> to retrieve decrypted value (returns plaintext value)insforge secrets add <key> <value> [--reserved] [--expires <iso_date>] to create secret (returns secret metadata)insforge secrets update <key> [--value] [--active true|false] [--expires <iso_date>] to modify secret (returns updated metadata)insforge secrets delete <key> to soft-delete secret (marks inactive, returns confirmation; restore with --active true)path f: scheduled tasks (cron jobs)
insforge schedules list to show all schedules (returns table with id, name, cron, url, method, active, next_run)insforge schedules get <id> to view schedule details (returns json object)insforge schedules create --name <name> --cron <expr> --url <url> --method <GET|POST> [--headers <json>] [--body <json>] to create schedule (returns schedule id and metadata)insforge schedules update <id> [--name] [--cron] [--url] [--method] [--headers] [--body] [--active true|false] to modify schedule (returns updated metadata)insforge schedules delete <id> to delete schedule (asks for confirmation, returns deletion confirmation)insforge schedules logs <id> [--limit <n>] [--offset <n>] to view execution history (returns log entries with timestamp, status code, duration)path g: backend logs
insforge logs <source> [--limit <n>] to fetch backend logs (default limit: 20 entries, returns log lines with timestamp and message)handle errors and edge cases
insforge metadata --json to confirm existence.insforge logs for details. for function invokes, http 4xx/5xx from the function itself exits with code 1.insforge login to refresh.output results to user
--json flag: output structured json (useful for scripts and downstream agents)npm install -g @insforge/cliinsforge login. for ci/cd, use email/password via env vars and --email -y flags.insforge create (new project) or insforge link --project-id <id> --org-id <id> (existing project).insforge metadata --json or insforge db tables before executing sql.npm run build). use correct env var prefix for framework (vite: VITE_, next.js: NEXT_PUBLIC_, etc.). never commit .insforge/project.json to version control.https://{appkey}.{region}.insforge.app/functions/{slug}. verify function exists and is active via insforge functions list.insforge secrets add, then reference in headers as ${{secrets.KEY_NAME}}.insforge logs function.logs (for function issues), insforge logs postgres.logs (for database issues), insforge logs insforge.logs (for auth/api issues). use --limit 50 for larger log window.insforge secrets add KEY VALUE.insforge secrets delete): marks inactive but not destroyed. restore with insforge secrets update KEY --active true. use insforge secrets list --all to see inactive secrets.--data: uses http get. if --data provided: uses http post.--json flag to any command (works with most commands except logs, which default to text). use -y to skip confirmation prompts in non-interactive environments..insforge/project.json file created in current directory with keys: project_id, appkey, region, api_key, oss_host--json); schema tables; export as .sql file; import returns summary; exit code 0 on success, 1 on sql error, 4 if resource not found, 5 if permission deniedinsforge whoami returns current user email/id; insforge current returns linked project id.insforge/project.json file exists in current directory; insforge current no longer errors.sql file; import returns row count summary; no exit code 1insforge functions list shows function with status "active"; insforge functions invoke returns http 200 and function outputinsforge storage buckets; object appears in insforge storage list-objects; file downloads to local disk without errorinsforge secrets list shows secret key (without value); insforge secrets get KEY returns plaintext valueinsforge schedules list shows schedule with correct cron expression, url, method; insforge schedules logs <id> shows execution history with 200+ status codesinsforge logs <source> returns log lines without error; log entries have timestamps and readable messagesfirst, ensure the cli is installed. run insforge whoami. if the command is not found, install it:
npm install -g @insforge/cli
then verify authentication and project:
insforge whoami # verify authentication
insforge current # verify linked project
if not authenticated: insforge login
if no project linked: insforge create (new) or insforge link (existing)
| flag | description |
|---|---|
--json |
structured json output (for scripts and agents) |
-y, --yes |
skip confirmation prompts |
| code | meaning |
|---|---|
| 0 | success |
| 1 | general error (e.g., http 400+ from function invoke) |
| 2 | not authenticated |
| 3 | project not linked |
| 4 | resource not found |
| 5 | permission denied |
| variable | description | |