An enterprise-grade compilation pipeline, security auditing scanner, and local execution environment. Build local-first, execute sandboxed runbooks, and sign compliance proofs cryptographically.
Install the CLI utility globally. The CLI binds your workspace sessions to local folders and scans assets before staging deployment drafts.
npm install -g @getaimd/cli
aimd.json)Initializing a project folder creates an aimd.json config file. This registers compile rules, local path settings, and workspace identifiers:
{
"workspace": "my-org-slug", // Unique workspace identifier on AIMD
"name": "core-deployments", // Listing registry namespace
"version": "1.4.0", // Current package semver
"type": "sem", // Asset format code (sem, code_package, prompt)
"exclude": [ // Directory patterns bypassed in push scans
"**/node_modules/**",
"**/.git/**"
],
"concurrency": "lease_lock" // Collaborative write protection strategy
}Self-Executing Markdown (SEM) upgrades traditional markdown guides into runnable code. By combining YAML parameter headers, markdown step checkpoints, and isolated script executions, SEM files automate local deployments safely.
{{DB_PORT}}) and compiles interactive forms for the marketplace web application.```bash execute run within a dedicated local subshell context.deploy.sem.md)A standard SEM file defines variables in the frontmatter, details step checklists, executes CLI scripts, and checks outcomes:
---
type: SEM Runbook
variables:
- name: REPO_URL
default: "https://github.com/vercel/next-js-boilerplate"
- name: APP_DIR
default: "./deploy-target"
---
# Setup and Deployment Pipeline
This SEM runbook automates staging repository clones and builds.
## Step 1: Clone Repository
Clone the Next.js boilerplate into the target directory.
```bash execute
git clone {{REPO_URL}} {{APP_DIR}}
```
> **Why**
> We isolate the clone into a separate directory to avoid dirtying git submodules.
> **Check**
> Verify the output path exists:
> - file-exists: {{APP_DIR}}/package.json
[AIMD Engine] Parsing SEM Runbook: deploy.sem.md
[AIMD Engine] Dynamic variable discovered: REPO_URL = "https://github.com/vercel/next-js-boilerplate"
[AIMD Engine] Dynamic variable discovered: APP_DIR = "./deploy-target"
[AIMD Engine] Step 1 of 1: Clone Repository
[Terminal] $ git clone https://github.com/vercel/next-js-boilerplate ./deploy-target
Cloning into './deploy-target'...
✔ Step 1 success assertion checked: ./deploy-target/package.json exists [OK]
[AIMD Engine] Pipeline executed successfully. [1 step completed, 0 warnings]Exhaustive command options, options flags, exit codes, and usage examples for all terminal integration actions.
Authenticates your local command-line interface shell with the remote organization API registry. Opens a temporary local port to catch browser login callback variables.
aimd login
Scaffolds a local config mapping manifest aimd.json in the current folder. Establishes the organization scope and name bindings.
aimd init --workspace frontend-team --name checkout-flow
--workspace <slug> (Target workspace key) --name <string> (Registry namespace)Executes a specified .sem.md pipeline. Validates required variable arguments and executes command statements in an isolated local shell.
aimd run deploy.sem.md --step 2 --dry-run
--step <number> (Run a specific step only) --dry-run (Print command steps without executing) --force (Ignore local pre-execution checking errors)Performs code audits on a target directory. Detects plain text secrets, high-entropy API credentials, private PII leaks, and dangerous command override scripts.
aimd scan ./src --severity high --format json
--severity <high|all> (Vulnerability filter) --format <json|text> (Structured output format)Executes validation suites and compiler checks against ruleset templates and markdown steps to verify directory state.
aimd test ./rules --verbose
--verbose (Print full testing stack details) --bail (Stop test suite execution on first failed check)Audits and registers active hardware seat keys. Used in package licenses to control local device fingerprint boundaries.
aimd keys register --key 5f83-8a21 --device my-macbook
list (Inspect registered device keys) register (Link license key to hardware) revoke (Disconnect device from key slot)Manages active team workspace sessions. Inspect user seats, audit team roles, and redirect upload actions.
aimd workspace switch enterprise-core
list (Show accessible workspaces) switch <slug> (Switch current target scope) members (List users in active organization)Generates SOC2-compliant cryptographic compliance logs. Validates security checks and produces signoff signatures.
aimd proof --verify --output ./audit-log.json
--verify (Verify compliance proofs in target folder) --output <path> (Path to save generated audit logs)Synchronizes files and directory rule templates from a remote listing database into your local repository.
aimd pull 8a3f-2b10 --force
--force (Overwrite files in local directory without prompt confirmation) --output <path> (Directory target path)Performs compile validations on parameters, updates session lease concurrency locks, and pushes source files as remote drafts.
aimd push --dir ./src --no-validate
--dir <path> (Root folder directory to push) --no-validate (Ignore warning check scans during push)Locks semantic tag mappings, structures pricing/licensing splits, and releases a new production version to the registry.
aimd publish --version 1.0.0 --notes "Initial public release"
--version <semver> (Production semantic version) --notes <string> (Release notes details)The compiler and scanner components use industry-standard patterns to ensure source codebases and runbooks satisfy enterprise guidelines before deployment.
During aimd push, the parser reads all source rule files and SEM sheets. It runs a regular expression scanner to compile dynamic parameter tokens inside {{VAR}} brackets. The output configuration creates dynamic form schemas. This allows developers to test variables inside the web console interface before executing.
When working in teams, developers share template listings. To prevent overwriting drafts concurrently, the push step contacts the backend API to query the edit lease context. If the lease is owned by another developer, the process exits with exit code 409 Conflict.
Running aimd scan checks source directories for potential exposures. It searches for: