Skip to Content
FeaturesCLI Reference

CLI Reference

Primary focus: The CLI is designed for PR reviews and quality gates in CI/CD pipelines. While it supports triggering scans and exporting results, the core use case is integrating CodeStax security checks into your automated workflows — blocking merges that introduce critical vulnerabilities and triggering PR-level reviews for configured pull-request workflows.

The CodeStax CLI lets you interact with the platform from your terminal or CI/CD pipeline.

Installation

The CLI is a self-contained Python 3 script (cli/main.py) with no third-party dependencies. Clone the repository and run it directly with Python:

# Run from a clone of the repository python3 cli/main.py <command> # Show available commands python3 cli/main.py --help

Authentication

Set your API key as an environment variable:

export CODESTAX_API_KEY="your-api-key-here" export CODESTAX_API_URL="https://codestax.co/api" # optional, defaults to production

Generate an API key from Settings → API Keys in the dashboard.

Commands

codestax trigger

Trigger a PR review for a repository.

codestax trigger 42 1337 --wait
Argument / FlagRequiredDefaultDescription
repo_idYesRepository ID (positional, integer)
pr_numberYesPull request number (positional)
--waitNofalseWait for the review to complete and print results

codestax gate

Read the immutable quality-gate snapshot published for a review.

codestax gate 1337
Argument / FlagRequiredDefaultDescription
review_idYesReview ID (positional, integer)

The CLI does not accept a threshold override. A gate result is evaluated by the review worker using the effective organization/repository policy and then stored as an immutable, versioned snapshot. Configure the organization policy under Settings → Policies and use a repository policy override for repositories that need different limits. Changing policy later does not rewrite an existing review’s decision.

codestax list

List PR reviews, optionally filtered by repository and status.

codestax list --repo-id 42 --limit 10
FlagRequiredDefaultDescription
--repo-idNoall reposFilter by repository ID (integer)
--statusNoallFilter by status: pending, scanning, completed, failed
--limitNo20Number of results

codestax issues

List issues for a specific review.

codestax issues 1337
ArgumentRequiredDefaultDescription
review_idYesReview ID (positional, integer)

codestax dora

Retrieve DORA metrics, optionally scoped to a repository.

codestax dora --days 30 --repo-id 42
FlagRequiredDefaultDescription
--daysNo30Number of days to report over (integer)
--repo-idNoall reposFilter by repository ID (integer)

codestax export

Export a review report.

codestax export 1337 --format json --output results.json codestax export 1337 --format csv --output results.csv
Argument / FlagRequiredDefaultDescription
review_idYesReview ID (positional, integer)
--formatNojsonExport format: json or csv
--output, -oNostdoutOutput file path

The CLI validates the response media type before decoding it. JSON exports require application/json; CSV exports require text/csv and are written as exact UTF-8 text (including the server’s original line endings). A mismatch is an operational error rather than a best-effort format guess.

codestax review

All-in-one for CI/CD: trigger a PR review, wait for it to complete, then read the immutable quality-gate snapshot. The exit code distinguishes policy failure, inconclusive analysis, active work, review failure, timeout, and operational errors.

codestax review 42 1337
Argument / FlagRequiredDefaultDescription
repo_idYesRepository ID (positional, integer)
pr_numberYesPull request number (positional)

CI/CD Usage

GitHub Actions

name: CodeStax Security Gate on: [pull_request] jobs: security: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v5 with: python-version: '3.11' - name: Check out CodeStax CLI uses: actions/checkout@v4 with: repository: codestax/codestax-platform path: codestax - name: Trigger PR review and enforce quality gate env: CODESTAX_API_KEY: ${{ secrets.CODESTAX_API_KEY }} run: python3 codestax/cli/main.py review ${{ vars.CODESTAX_REPO_ID }} ${{ github.event.pull_request.number }}

GitLab CI

codestax-gate: image: python:3.11-alpine stage: test before_script: - git clone https://github.com/codestax/codestax-platform.git codestax script: - python3 codestax/cli/main.py review $CODESTAX_REPO_ID $CI_MERGE_REQUEST_IID variables: CODESTAX_API_KEY: $CODESTAX_API_KEY

Exit Codes

CodeMeaning
0Immutable gate passed
1Immutable gate failed the captured organization/repository policy
2Review or gate is still pending
3Gate is inconclusive because the immutable analysis snapshot is missing, incomplete, degraded, or unverified
4Review execution failed before a gate decision could be trusted
5Review reported a timeout or the CLI wait deadline elapsed; the CLI does not request a gate after its wait deadline
6Authentication, HTTP API, network, or response-format error

These values are the stable public CLI contract for CI automation. Only exit code 0 should be treated as permission to continue a protected pipeline. In particular, 3 means inconclusive, not passed or failed.