Install CLI

The rensei CLI is the primary interface for authenticating, managing compute, and driving the Rensei platform from your terminal. It inherits the full donmai command surface from the open-source donmai runner and adds platform-specific authentication, multi-machine fleet management, billing, compliance, and workflow tooling.

Install

brew install RenseiAI/tap/rensei

Homebrew handles version management and auto-updates. The rensei cask is published to RenseiAI/homebrew-tap with every release.

To upgrade later:

brew upgrade rensei

Pre-built binaries (macOS arm64/amd64, Linux arm64/amd64) are attached to every release at github.com/RenseiAI/releases.

# macOS arm64 - adjust the filename for your platform
curl -fsSL https://github.com/RenseiAI/releases/releases/latest/download/rensei_darwin_arm64.tar.gz \
  | tar -xz -C /usr/local/bin rensei

Verify the binary is on your PATH:

rensei --version

Source access is restricted to internal contributors. Only compiled binaries are distributed publicly.

If you have access to the private rensei-tui repository:

make build   # produces bin/rensei

Authenticate

After installing, add an auth context. The recommended path is browser-based user login:

rensei auth add --user

Your browser opens the Rensei login page. After completing the OAuth flow, the CLI stores token material in your system's native secret backend - Keychain on macOS, an encrypted file on headless Linux.

Automation and CI

For non-interactive environments, pass a token via stdin:

# Org-scoped API key (rsk_live_...) saved to an encrypted file
printf '%s' "$RENSEI_TOKEN" | rensei auth add \
  --name ci-org \
  --kind org_token \
  --secret-store encrypted-file \
  --token-stdin

# Project-scoped token
printf '%s' "$RENSEI_PROJECT_TOKEN" | rensei auth add \
  --kind project_token \
  --token-stdin

For fully ephemeral runs (smoke tests, one-shot agents) where you do not want to persist a context at all, use the environment fallback or per-command --token-stdin:

# Per-command override - no context stored
printf '%s' "$RENSEI_TOKEN" | \
  rensei --url https://app.rensei.ai --org my-org --project my-project \
    --token-stdin host status

# Environment fallback - also inherited by child processes
RENSEI_TOKEN="$RENSEI_TOKEN" rensei --org my-org --project my-project host status

--token-stdin reads one token from stdin, trims a trailing newline, and never echoes it. It is the preferred automation path - it keeps secrets out of shell history and process listings. Prefer it over RENSEI_TOKEN env var when your script can pipe the token directly, since env vars are inherited by child processes.

Verify your auth context

rensei config show     # active context + org/project
rensei org list        # orgs you have access to

Multiple contexts

Switch between contexts without disrupting other contexts:

rensei auth list
rensei auth activate <name>

# Per-command override (useful in scripts)
rensei --auth smoke-alpha --org Acme --project api-backend project list

# Remove a context you no longer need
rensei auth remove <name>

Auth contexts store metadata in ~/.config/rensei/config.json and keep token material in your system secret backend - Keychain on macOS, an encrypted file on headless Linux. To specify a backend explicitly:

printf '%s' "$RENSEI_TOKEN" | rensei auth add \
  --name headless-ci \
  --kind org_token \
  --secret-store encrypted-file \
  --token-stdin

See auth contexts for the full reference, including context kinds, secret backends, refresh semantics, and the RENSEI_SECRET_PASSPHRASE env var for encrypted-file contexts.

Select your active project

Run the interactive setup wizard to select which project your CLI commands operate against by default:

rensei setup

The wizard lists the orgs and projects you have access to and writes the selected project to ~/.config/rensei/config.json. To skip the TUI:

rensei setup --project api-backend

To inspect or change the current config values without the wizard:

rensei config show
rensei config set url https://app.rensei.ai
rensei config reset   # clear all local config

Install the local daemon

The local daemon registers your machine as a compute worker, allowing Rensei to dispatch agent sessions to it.

rensei host install

When an rsk_ API key is present in your config, host install automatically mints a short-lived rsp_live_... worker registration token and writes it to ~/.rensei/daemon.yaml under orchestrator.authToken, so the registered service can authenticate on startup. You never need to handle this token manually.

For multi-project orgs, specify which project this host worker belongs to:

rensei host install --project api-backend

If no rsk_ key is present (for example, in a BYOC environment), fall back to manual registration:

rensei host setup    # configure token manually
rensei host install  # then install the service

After install, verify the daemon is running:

rensei host status
# → daemon: running  version: v0.x.x  capacity: idle

The daemon and its OSS-canonical install paths (launchd on macOS, systemd on Linux, Docker) are documented at donmai.dev/docs/local-daemon. The platform layer (rensei host install) adds automatic rsp_live_... token provisioning on top of those install paths.

The daemon exposes a small set of lifecycle commands useful for day-to-day operations:

rensei host logs        # tail daemon logs
rensei host doctor      # verify daemon health and connectivity
rensei host drain       # stop accepting new sessions; finish current ones
rensei host update      # update daemon binary in place
rensei host uninstall   # remove daemon service registration

Verify your setup

rensei status          # health aggregator: daemon, fleet, platform connection
rensei fleet list      # all registered machines in your org
rensei host capacity status   # sessions this machine can serve

Global flags

Every rensei command supports these flags:

Flag	Short description
`--url <url>`	Override the platform base URL (default: `https://app.rensei.ai`)
`--auth <name>`	Use a named auth context without activating it globally
`--org <slug>`	Override the active org for this invocation
`--project <slug>`	Override the active project for this invocation
`--token-stdin`	Read auth token from stdin (preferred automation path)
`--no-interactive`	Disable TUI prompts; error instead of prompting
`--json`	Output JSON instead of human-readable text

These flags compose: --auth, --org, and --project together let you target any context without altering your saved active context. This is the recommended pattern for scripts and smoke tests.

See global flags reference for the complete list including env var equivalents (RENSEI_TOKEN, RENSEI_ORG, RENSEI_PROJECT, RENSEI_URL).

Next steps

Quickstart - connect Linear and run your first SDLC agent
CLI quick-start - full setup wizard walkthrough including GitHub and Linear OAuth
Host daemon - daemon lifecycle, doctor, drain, and update
Fleet management - multi-machine routing

On this page