Skip to main content

CLI reference

Use this page when you already know the workflow and need exact commands, options, supported values, and defaults. For a task-oriented walkthrough, start with Sync MCP clients.

LightNow CLI

Manage MCP servers centrally in LightNow and keep every local client in sync with the right runtime profile.

1pipx install lightnow-cli
2lightnow login
3lightnow sync --client codex

Installation

The CLI source and release repository is lightnow-ai/lightnow-cli.

Install the CLI with pipx:

pipx install lightnow-cli

Requirements:

  • Python 3.11 or higher
  • pipx
  • a LightNow account

You can also install the CLI directly from the public repository:

pipx install git+https://github.com/lightnow-ai/lightnow-cli.git

Check the installed version:

lightnow --version

Authentication model

The LightNow CLI signs in with OAuth Device Authorization. lightnow login requests a device code from Keycloak, opens the browser approval URL, and polls until the browser approval is complete. The CLI never receives a browser redirect, which keeps the flow usable from local terminals, remote shells, and headless environments.

Tokens are stored in ~/.lightnow/config.json. Commands refresh expired access tokens automatically while the refresh token is still valid.

How to read this reference

Each command includes:

FieldMeaning
UsageThe command shape. Uppercase values are placeholders.
OptionsSupported flags, accepted values, defaults, and behavior.
NotesOperational details that matter for automation or security.

Usage

lightnow [GLOBAL_OPTIONS] COMMAND [COMMAND_OPTIONS]

Global options

KeyType / valuesDetails
--versionbooleanPrint the installed LightNow CLI version and exit.
--install-completionshell completionInstall shell completion for the current shell.
--show-completionshell completionPrint shell completion output so it can be copied or customized.
--helpbooleanShow help for the current command.

Command overview

CommandDetails
lightnow loginAuthenticate with LightNow using OAuth Device Authorization.
lightnow statusShow whether the local CLI session is valid.
lightnow whoamiShow the signed-in LightNow identity.
lightnow logoutClear stored authentication tokens.
lightnow contextSelect the default Personal or organization context for CLI commands.
lightnow searchSearch MCP servers in the registry.
lightnow favoritesList favorited MCP servers for a user, tenant, or effective context.
lightnow infoShow details for one MCP server and optional version.
lightnow syncSync a LightNow runtime profile into a local MCP client configuration.
lightnow runRun one profile server through the LightNow Local Runner.
lightnow validateValidate MCP server metadata, docs, and specs locally.
lightnow publishPublish MCP server artifacts to the registry.

Authentication commands

lightnow login

Authenticate with LightNow.

lightnow login
KeyType / valuesDetails
--helpbooleanShow command help.

Notes:

  • Opens the browser approval URL for the fixed lightnow-cli Keycloak client.
  • Stores tokens locally after approval.
  • Does not use OAuth redirect URIs.

lightnow status

Show current authentication status.

lightnow status
KeyType / valuesDetails
--helpbooleanShow command help.

lightnow whoami

Show current user information.

lightnow whoami
KeyType / valuesDetails
--helpbooleanShow command help.

lightnow logout

Clear stored authentication tokens.

lightnow logout
KeyType / valuesDetails
--helpbooleanShow command help.

Context commands

lightnow context

Select the default LightNow context for commands that can act on either your personal account or an organization.

lightnow context
KeyType / valuesDetails
--showbooleanShow the currently stored context.
--personalbooleanSwitch back to the personal account context.
--tenantstringSelect an organization by exact tenant ID or subdomain.

Examples:

lightnow context
lightnow context --tenant acme
lightnow context --personal
lightnow context --show

Notes:

  • lightnow context lists the organizations available to your signed-in account and stores the selected context locally.
  • After a context is stored, context-aware commands use it automatically: search, favorites, info, sync, run, and publish.
  • Passing --tenant to an individual command overrides the stored context for that command only.
  • Organization selection is resolved through the LightNow Admin API and stored as a tenant ID. Registry requests then send this tenant ID as X-Tenant.

Registry discovery commands

Search MCP servers in the LightNow Registry.

lightnow search QUERY [OPTIONS]
KeyType / valuesDetails
QUERYstringSearch term, for example redis or github. Required.
--sortstringSort order supported by the Registry API.
--tenantstringOverride the stored context for this command.
--limitintegerMaximum number of servers to return. Default: 10.
--cursorstringPagination cursor.
--show-cursorbooleanPrint the raw next-page cursor for scripted pagination.

Example:

lightnow search github --limit 5

lightnow favorites

Show MCP servers favorited for the selected context.

lightnow favorites [OPTIONS]
KeyType / valuesDetails
--scopeeffective, user, tenant, system, trueFavorite scope. Default: user.
--sortstringSort order supported by the Registry API.
--tenantstringOverride the stored context for this command.
--limitintegerMaximum number of servers to return. Default: 10.
--cursorstringPagination cursor.
--show-cursorbooleanPrint the raw next-page cursor for scripted pagination.

lightnow info

Get detailed information about a specific MCP server.

lightnow info SERVER_ID [OPTIONS]
KeyType / valuesDetails
SERVER_IDstringServer ID to inspect. Required.
--versionstringSpecific server version to retrieve.
--tenantstringOverride the stored context for this command.

Integration commands

lightnow sync

Sync a LightNow runtime profile into a local MCP client configuration.

lightnow sync --client CLIENT [OPTIONS]
KeyType / valuesDetails
--clientsupported client targetTarget MCP client. Required.
--profilestringRuntime profile. Default: default.
--tenantstringOverride the stored context for this command.
--formattoml, json, yaml, shellExport format. Defaults to the selected client format.
--secret-modeplaintext, placeholderplaintext writes secret values after confirmation; placeholder writes ${SECRET_NAME} references. Default: plaintext.
--config-pathpathTarget client configuration file.
--api-urlURLRegistry API base URL.
--dry-runbooleanPrint a redacted preview without writing.
--yesbooleanSkip plaintext write confirmation.
--runnerbooleanWrite lightnow run wrappers instead of client-side server configs.

Examples:

lightnow sync --client codex --profile default
lightnow context --tenant acme
lightnow sync --client claude-code --profile default
lightnow sync --client codex --profile default --dry-run
lightnow sync --client codex --profile default --runner

Supported client targets:

Client targetDefault formatDefault path
codexTOML~/.codex/config.toml
claude-desktopJSON~/Library/Application Support/Claude/claude_desktop_config.json
claude-codeJSON~/.claude/mcp.json
cursorJSON~/.cursor/mcp.json
windsurfJSON~/.codeium/windsurf/mcp_config.json
continueYAML~/.continue/config.yaml
gemini-cliJSON~/.gemini/settings.json
librechatYAML./librechat.yaml
vscodeJSON./.vscode/mcp.json
mcp-inspectorshell./lightnow-mcp-inspector.sh

Notes:

  • --dry-run redacts known secret-like values.
  • --runner keeps secret values in LightNow and writes wrapper commands.
  • JSON clients get a sibling .lightnow-managed.json manifest so future syncs know which entries LightNow owns.

lightnow run

Run one MCP server through LightNow and inject secrets into the child process.

lightnow run --server SERVER [OPTIONS]
KeyType / valuesDetails
--serverstringMCP server alias from the selected runtime profile. Required.
--profilestringLightNow runtime profile. Default: default.
--tenantstringOverride the stored context for this command.
--api-urlURLRegistry API base URL.
--transportstdioRequested runtime transport. Default: stdio.

Example:

lightnow run --profile default --server sonarqube

Notes:

  • The selected server must be linked to a registry server version.
  • Secrets are injected only into the child MCP server process.
  • Non-stdio transports are rejected.

Publishing commands

lightnow validate

Validate MCP server artifacts locally.

lightnow validate [OPTIONS]
KeyType / valuesDetails
--serverpathPath to server.json.
--docspathPath to docs.md.
--specpathPath to an OpenAPI specification file.

Example:

lightnow validate --server server.json --docs docs.md --spec openapi.json

lightnow publish

Publish MCP server artifacts to the registry.

lightnow publish --server server.json [OPTIONS]
KeyType / valuesDetails
--serverpathPath to server.json. Required.
--docspathPath to docs.md.
--specpathPath to an OpenAPI specification file.
--tenantstringOverride the stored context for this command.
--validate-onlybooleanValidate files without publishing.

Example server.json:

{
"name": "your-namespace.example/memory",
"version": "1.0.0",
"description": "A runnable stdio MCP server example for validating LightNow CLI publish and sync workflows.",
"transport": {
"type": "stdio",
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-memory"]
}
}

Validate and publish:

lightnow validate --server server.json --docs docs.md
lightnow publish --server server.json --docs docs.md

Replace your-namespace.example/memory with a namespace you own before publishing. After the server is added to a runtime profile in LightNow, it can be synced into local clients with lightnow sync.

Exit behavior

ConditionBehavior
Not authenticatedPrints a login prompt and exits non-zero.
Expired access tokenAsks you to run lightnow login again.
Validation failurePrints validation errors and exits non-zero.
Sync or runner failurePrints a redacted error and exits non-zero.
We use cookies to ensure you get the best experience on our website. For more information on how we use cookies, please see our Privacy Policy.