Manages InsForge backend infrastructure via CLI: creates DB tables/migrations, runs SQL/RLS, deploys serverless/edge functions/frontends, handles storage buckets/secrets/cron jobs/logs/diagnostics.
npx claudepluginhub insforge/insforge-skillsThis skill uses the workspace's default tool permissions.
Command-line tool for managing InsForge Backend-as-a-Service projects.
Diagnoses errors, bugs, performance issues, and failures in InsForge projects from frontend SDK errors to backend infrastructure via CLI commands for logs/status and AI-assisted suggestions.
Guides Wrangler CLI for deploying, developing, and managing Cloudflare Workers, KV, R2, D1, Vectorize, Hyperdrive, Workers AI, and more. Ensures latest syntax and best practices via docs retrieval.
Manages Appwrite projects via CLI: installation, login, init, deploy functions/sites/tables/buckets/teams/topics, resources, CI/CD, type-safe SDKs.
Share bugs, ideas, or general feedback.
Command-line tool for managing InsForge Backend-as-a-Service projects.
NEVER install the CLI globally (npm install -g @insforge/cli). Always run commands via npx:
npx @insforge/cli <command>
This ensures the latest version is always used without global install issues (permissions, PATH, node version mismatches).
Session start — verify authentication and project:
npx @insforge/cli whoami # verify authentication
npx @insforge/cli current # verify linked project
If not authenticated: npx @insforge/cli login
If no project linked: npx @insforge/cli create (new) or npx @insforge/cli link (existing)
| Flag | Description |
|---|---|
--json | Structured JSON output (for scripts and agents) |
-y, --yes | Skip confirmation prompts |
All examples below use
npx @insforge/cli. Never callinsforgedirectly.
| Code | Meaning |
|---|---|
| 0 | Success |
| 1 | General error (e.g., HTTP 400+ from function invoke) |
| 2 | Not authenticated |
| 3 | Project not linked |
| 4 | Resource not found |
| 5 | Permission denied |
| Variable | Description |
|---|---|
INSFORGE_ACCESS_TOKEN | Override stored access token |
INSFORGE_PROJECT_ID | Override linked project ID |
INSFORGE_EMAIL | Email for non-interactive login |
INSFORGE_PASSWORD | Password for non-interactive login |
npx @insforge/cli login — OAuth (browser) or --email for password login. See references/login.mdnpx @insforge/cli logout — clear stored credentialsnpx @insforge/cli whoami — show current usernpx @insforge/cli create — create new project. See references/create.mdnpx @insforge/cli link — link directory to existing projectnpx @insforge/cli current — show current user + linked projectnpx @insforge/cli list — list all orgs and projectsnpx @insforge/cli metadata — show backend metadata (auth config, database tables, storage buckets, edge functions, AI models, realtime channels). Use --json for structured output. Run this first to discover what's configured before building features.npx @insforge/cli dbnpx @insforge/cli db query <sql> — execute raw SQL. See references/db-query.mdnpx @insforge/cli db tables / indexes / policies / triggers / functions — inspect schemanpx @insforge/cli db migrations list / fetch / new / up — manage developer migration files. See references/db-migrations.mdnpx @insforge/cli db rpc <fn> [--data <json>] — call database function (GET if no data, POST if data)npx @insforge/cli db export — export schema/data. See references/db-export.mdnpx @insforge/cli db import <file> — import from SQL file. See references/db-import.mdUse
db migrationsfor schema changes. Reservedb queryfor inspecting data and for row-levelSELECT / INSERT / UPDATE / DELETEwork.
npx @insforge/cli functionsnpx @insforge/cli functions list — list deployed functionsnpx @insforge/cli functions code <slug> — view function sourcenpx @insforge/cli functions deploy <slug> — deploy or update. See references/functions-deploy.mdnpx @insforge/cli functions invoke <slug> [--data <json>] [--method GET|POST] — invoke functionnpx @insforge/cli functions delete <slug> — delete an edge function (with confirmation)npx @insforge/cli storagenpx @insforge/cli storage buckets — list bucketsnpx @insforge/cli storage create-bucket <name> [--private] — create bucket (default: public)npx @insforge/cli storage delete-bucket <name> — delete bucket and all its objects (destructive)npx @insforge/cli storage list-objects <bucket> [--prefix] [--search] [--limit] [--sort] — list objectsnpx @insforge/cli storage upload <file> --bucket <name> [--key <objectKey>] — upload filenpx @insforge/cli storage download <objectKey> --bucket <name> [--output <path>] — download filenpx @insforge/cli deploymentsDeploy a frontend application (static site / SPA / Next.js / etc.) to Vercel, managed through InsForge. For backend container workloads see Backend Compute Services below.
npx @insforge/cli deployments deploy [dir] — deploy frontend app from its source directory. See references/deployments-deploy.mdnpx @insforge/cli deployments list — list deploymentsnpx @insforge/cli deployments status <id> [--sync] — get deployment status (--sync fetches from Vercel)npx @insforge/cli deployments cancel <id> — cancel running deploymentnpx @insforge/cli deployments env list — list all deployment environment variablesnpx @insforge/cli deployments env set <key> <value> — create or update a deployment environment variablenpx @insforge/cli deployments env delete <id> — delete a deployment environment variable by IDnpx @insforge/cli computeDeploy and manage backend containerized services (APIs, workers, microservices). Each service runs as a Docker container reachable via a public HTTPS endpoint. For frontend hosting see Frontend Deployments above.
🔧 Implementation note (for agents): InsForge runs compute on Fly.io under the hood, but DO NOT use
flyctldirectly to deploy or manage these services. The Fly account, org, IP allocation, and machine ownership all live on the InsForge cloud —flyctlinvoked with the user's own credentials will land in the wrong org and fail withunauthorized. Always usenpx @insforge/cli compute …. The CLI is just an HTTP client that calls the InsForge backend; the backend talks to Fly. Noflyctland no Fly token are needed locally.
⚠️ In progress. Compute services are still in development; the API and CLI may change.
Availability: Compute requires the backend to have Fly.io configured. If not enabled, the API returns
COMPUTE_SERVICE_NOT_CONFIGUREDwith setup instructions innextActions. Follow those instructions.
npx @insforge/cli compute list — list all compute services (name, status, image, CPU, memory, endpoint)npx @insforge/cli compute get <id> — get service detailsnpx @insforge/cli compute deploy --image <url> --name <name> [--port] [--cpu] [--memory] [--region] [--env] — deploy a pre-built Docker image. See references/compute-deploy.md.npx @insforge/cli compute update <id> [--image] [--port] [--cpu] [--memory] [--region] — update service confignpx @insforge/cli compute stop <id> — stop a running servicenpx @insforge/cli compute start <id> — start a stopped servicenpx @insforge/cli compute logs <id> [--limit 50] — view machine event logsnpx @insforge/cli compute delete <id> — delete service and destroy Fly.io resourcesnpx @insforge/cli secretsnpx @insforge/cli secrets list [--all] — list secrets (values hidden; --all includes deleted)npx @insforge/cli secrets get <key> — get decrypted valuenpx @insforge/cli secrets add <key> <value> [--reserved] [--expires <ISO date>] — create secretnpx @insforge/cli secrets update <key> [--value] [--active] [--reserved] [--expires] — update secretnpx @insforge/cli secrets delete <key> — soft delete (marks inactive; restore with --active true)npx @insforge/cli schedulesnpx @insforge/cli schedules list — list all scheduled tasks (shows ID, name, cron, URL, method, active, next run)npx @insforge/cli schedules get <id> — get schedule detailsnpx @insforge/cli schedules create --name --cron --url --method [--headers <json>] [--body <json>] — create a cron job (5-field cron format only)npx @insforge/cli schedules update <id> [--name] [--cron] [--url] [--method] [--headers] [--body] [--active] — update schedulenpx @insforge/cli schedules delete <id> — delete schedule (with confirmation)npx @insforge/cli schedules logs <id> [--limit] [--offset] — view execution logsnpx @insforge/cli diagnoseRun with no subcommand for a full health report across all checks.
npx @insforge/cli diagnose — full health report (runs all diagnostics)npx @insforge/cli diagnose --ai "<issue description>" — hand a natural-language problem description (error, failing URL, HTTP status) to the InsForge debug agent; returns a diagnosis plus suggested solutionsnpx @insforge/cli diagnose metrics [--range 1h|6h|24h|7d] [--metrics <list>] — EC2 instance metrics (CPU, memory, disk, network). Default range: 1hnpx @insforge/cli diagnose advisor [--severity critical|warning|info] [--category security|performance|health] [--limit <n>] — latest advisor scan results and issues. Default limit: 50npx @insforge/cli diagnose db [--check <checks>] — database health checks. Checks: connections, slow-queries, bloat, size, index-usage, locks, cache-hit (default: all)npx @insforge/cli diagnose logs [--source <name>] [--limit <n>] — aggregate error-level logs from all backend sources. Default limit: 100npx @insforge/cli logsnpx @insforge/cli logs <source> [--limit <n>] — fetch backend container logs (default: 20 entries)| Source | Description |
|---|---|
insforge.logs | Main backend logs |
postgREST.logs | PostgREST API layer logs |
postgres.logs | PostgreSQL database logs |
function.logs | Edge function execution logs |
function-deploy.logs | Edge function deployment logs |
Source names are case-insensitive:
postgrest.logsworks the same aspostgREST.logs.
npx @insforge/cli docsnpx @insforge/cli docs — list all topicsnpx @insforge/cli docs instructions — setup guidenpx @insforge/cli docs <feature> <language> — feature docs (db / storage / functions / auth / ai / realtime × typescript / swift / kotlin / rest-api)For writing application code with the InsForge SDK, use the insforge (SDK) skill instead, and use the
npx @insforge/cli docs <feature> <language>to get specific SDK documentation.
Functions invoke URL: invoked at {oss_host}/functions/{slug} — NOT /api/functions/{slug}. Exits with code 1 on HTTP 400+.
Secrets delete is soft: marks the secret inactive, not destroyed. Restore with npx @insforge/cli secrets update KEY --active true. Use --all with secrets list to see inactive ones.
Storage delete-bucket is hard: deletes the bucket and every object inside it permanently.
db rpc uses GET or POST: no --data → GET; with --data → POST.
db migrations use timestamped files: migration filenames use YYYYMMDDHHmmss_name.sql, for example 20260418091500_create-posts.sql.
db migrations up supports safe batch modes: npx @insforge/cli db migrations up <filename|version> applies one explicit local target. npx @insforge/cli db migrations up --to <version|filename> and npx @insforge/cli db migrations up --all apply pending files in ascending version order and stop on the first failure.
db migrations run inside a backend-managed transaction: do not put BEGIN, COMMIT, or ROLLBACK in migration files.
The live database schema is the source of truth: before writing a migration, and again if a migration fails, inspect the current database state first (db tables / indexes / policies / triggers / functions, plus db migrations list) and then adjust the migration statements to match reality. Do not assume local files are still current.
⚠️ v1 limitation — image-only. compute deploy --image <url> deploys a pre-built image. It does NOT build from source. Build locally with Docker, push to any registry, then deploy via --image. Server-side build is roadmap, not v1. Don't reach for flyctl deploy as a workaround — it 401s because the Fly account is InsForge's, not yours.
Compute endpoints use .fly.dev: Services get a public URL at https://{name}-{projectId}.fly.dev. Custom domains require DNS configuration.
Schedules use 5-field cron only: minute hour day month day-of-week. 6-field (with seconds) is NOT supported. Headers can reference secrets with ${{secrets.KEY_NAME}}.
# Inspect the current live schema first
npx @insforge/cli db tables
npx @insforge/cli db indexes
npx @insforge/cli db policies
npx @insforge/cli db migrations list
# Sync applied remote migration history locally
npx @insforge/cli db migrations fetch
# Create the next schema migration file
npx @insforge/cli db migrations new create-posts
# Edit migrations/20260418091500_create-posts.sql with CREATE TABLE / ALTER TABLE / policies
# Apply pending migrations safely
npx @insforge/cli db migrations up --all
Use migrations for schema changes. Use
db queryfor row changes and inspection. In migrations, FK to users withauth.users(id)and useauth.uid()in RLS policies.
# Inspect remote migration history
npx @insforge/cli db migrations list
# Sync applied remote migrations into migrations/
npx @insforge/cli db migrations fetch
# Create the next local migration file
npx @insforge/cli db migrations new create-posts
# Apply all pending local migrations
npx @insforge/cli db migrations up --all
# Default source path: insforge/functions/{slug}/index.ts
npx @insforge/cli functions deploy my-handler
npx @insforge/cli functions invoke my-handler --data '{"action": "test"}'
Always verify the local build succeeds before deploying. Local builds are faster to debug and don't waste server resources. After the build passes, deploy the project source directory (usually .), not dist/ or other generated build output.
Environment variables are required. Frontend apps need env vars (API URL, anon key) to connect to InsForge at runtime. Deploying without them produces a broken app. Before deploying, you must ensure env vars are set using one of these two approaches:
Option A — Persistent env vars (recommended): Set once, applied to every future deployment automatically. Best for projects that will be redeployed.
# Check what's already set
npx @insforge/cli deployments env list
# Set the vars your app needs (use the correct framework prefix)
npx @insforge/cli deployments env set VITE_INSFORGE_URL https://my-app.us-east.insforge.app
npx @insforge/cli deployments env set VITE_INSFORGE_ANON_KEY ik_xxx
# Deploy the project source — persistent env vars are applied automatically
npx @insforge/cli deployments deploy .
Option B — Inline --env flag: Pass env vars as JSON directly on the deploy command. Useful for one-off deploys or overriding persistent vars.
npx @insforge/cli deployments deploy . --env '{"VITE_INSFORGE_URL": "https://my-app.us-east.insforge.app", "VITE_INSFORGE_ANON_KEY": "ik_xxx"}'
Full workflow:
# 1. Build locally first
npm run build
# 2. Ensure env vars are set (check existing, add missing)
npx @insforge/cli deployments env list
npx @insforge/cli deployments env set VITE_INSFORGE_URL https://my-app.us-east.insforge.app
npx @insforge/cli deployments env set VITE_INSFORGE_ANON_KEY ik_xxx
# 3. Deploy the project source directory
npx @insforge/cli deployments deploy .
Environment variable prefix by framework:
| Framework | Prefix | Example |
|---|---|---|
| Vite | VITE_ | VITE_INSFORGE_URL |
| Next.js | NEXT_PUBLIC_ | NEXT_PUBLIC_INSFORGE_URL |
| Create React App | REACT_APP_ | REACT_APP_INSFORGE_URL |
| Astro | PUBLIC_ | PUBLIC_INSFORGE_URL |
| SvelteKit | PUBLIC_ | PUBLIC_INSFORGE_URL |
Pre-deploy checklist:
npm run build succeeds locallydeployments env list to verify, or pass --env on the deploy command.), not dist/, build/, or .next/node_modules, .git, .env, or .insforge in the uploaddist/, build/, .next/, etc.)InsForge deploys pre-built Docker images. Build the image with your own toolchain, then deploy.
Off-the-shelf image:
npx @insforge/cli compute deploy --image nginx:alpine --name my-api --port 80 --region iad
npx @insforge/cli compute list
# Service is running with a public https://{name}-{project}.fly.dev endpoint
# No flyctl, no FLY_API_TOKEN, no local Docker required.
Your own image (local Docker):
docker build -t ghcr.io/you/app:v1 .
docker push ghcr.io/you/app:v1
npx @insforge/cli compute deploy --image ghcr.io/you/app:v1 --name my-api --port 8000
Lifecycle management:
npx @insforge/cli compute stop <id> # stop the machine
npx @insforge/cli compute start <id> # restart it
npx @insforge/cli compute logs <id> # check machine events
npx @insforge/cli compute delete <id> # destroy everything
CPU tiers: shared-1x (default), shared-2x, performance-1x, performance-2x, performance-4x
Memory options: 256, 512 (default), 1024, 2048, 4096, 8192 MB
Regions: iad (default), sin, lax, lhr, nrt, ams, syd
The
deploycommand requiresflyctlCLI andFLY_API_TOKENenv var. It backs up any existingfly.toml, generates one for the deploy, then restores the original.
npx @insforge/cli db export --output backup.sql
npx @insforge/cli db import backup.sql
# Create a schedule that calls a function every 5 minutes
npx @insforge/cli schedules create \
--name "Cleanup Expired" \
--cron "*/5 * * * *" \
--url "https://my-app.us-east.insforge.app/functions/cleanup" \
--method POST \
--headers '{"Authorization": "Bearer ${{secrets.API_TOKEN}}"}'
# Check execution history
npx @insforge/cli schedules logs <id>
InsForge uses 5-field cron expressions (pg_cron format). 6-field expressions with seconds are NOT supported.
┌─────────────── minute (0-59)
│ ┌───────────── hour (0-23)
│ │ ┌─────────── day of month (1-31)
│ │ │ ┌───────── month (1-12)
│ │ │ │ ┌─────── day of week (0-6, Sunday=0)
│ │ │ │ │
* * * * *
| Expression | Description |
|---|---|
* * * * * | Every minute |
*/5 * * * * | Every 5 minutes |
0 * * * * | Every hour (at minute 0) |
0 9 * * * | Daily at 9:00 AM |
0 9 * * 1 | Every Monday at 9:00 AM |
0 0 1 * * | First day of every month at midnight |
30 14 * * 1-5 | Weekdays at 2:30 PM |
Headers can reference secrets stored in InsForge using the syntax ${{secrets.KEY_NAME}}.
{
"headers": {
"Authorization": "Bearer ${{secrets.API_TOKEN}}",
"X-API-Key": "${{secrets.EXTERNAL_API_KEY}}"
}
}
Secrets are resolved at schedule creation/update time. If a referenced secret doesn't exist, the operation fails with a 404 error.
Use 5-field cron expressions only
*/5 * * * * for every 5 minutesStore sensitive values as secrets
${{secrets.KEY_NAME}} in headers for API keys and tokensTarget InsForge functions for serverless tasks
https://your-project.region.insforge.app/functions/{slug}status: "active"Monitor execution logs
| Mistake | Solution |
|---|---|
| Using 6-field cron (with seconds) | Use 5-field format only: minute hour day month day-of-week |
| Referencing non-existent secret | Create the secret first via secrets API |
| Targeting non-existent function | Verify function exists and is active before scheduling |
| Schedule not running | Check isActive is true and cron expression is valid |
1. Create secrets if needed -> `npx @insforge/cli secrets add KEY VALUE`
2. Create/verify target function -> `npx @insforge/cli functions list`
3. Create schedule -> `npx @insforge/cli schedules create`
4. Verify schedule is active -> `npx @insforge/cli schedules get <id>`
5. Monitor execution logs -> `npx @insforge/cli schedules logs <id>`
# Full health report (all checks)
npx @insforge/cli diagnose
# Check specific areas
npx @insforge/cli diagnose metrics --range 24h # CPU/memory/disk over last 24h
npx @insforge/cli diagnose advisor --severity critical # critical issues only
npx @insforge/cli diagnose db --check bloat,slow-queries # specific DB checks
npx @insforge/cli diagnose logs # aggregate errors from all sources
npx @insforge/cli logs function.logs # function execution issues
npx @insforge/cli logs postgres.logs # database query problems
npx @insforge/cli logs insforge.logs # API / auth errors
npx @insforge/cli logs postgrest.logs --limit 50
Start with function.logs for function issues
Use postgres.logs for query problems
Check insforge.logs for API errors
| Problem | Check |
|---|---|
| Function not working | function.logs |
| Database query failing | postgres.logs, postgREST.logs |
| Auth issues | insforge.logs |
| API returning 500 errors | insforge.logs, postgREST.logs |
| General health / performance | diagnose (full report) or diagnose metrics |
| Database bloat / slow queries | diagnose db |
| Security / config issues | diagnose advisor --category security |
| Compute service not starting | compute logs <id>, check Fly machine events |
| Compute deploy failed | Check FLY_API_TOKEN is set, flyctl installed |
INSFORGE_EMAIL=$EMAIL INSFORGE_PASSWORD=$PASSWORD npx @insforge/cli login --email -y
npx @insforge/cli link --project-id $PROJECT_ID --org-id $ORG_ID -y
npx @insforge/cli db query "SELECT count(*) FROM users" --json
After create or link, .insforge/project.json is created:
{
"project_id": "...",
"appkey": "...",
"region": "us-east",
"api_key": "ik_...",
"oss_host": "https://{appkey}.{region}.insforge.app"
}
oss_host is the base URL for all SDK and API operations. api_key is the admin key for backend API calls.
Never commit this file to version control or share it publicly. Do not edit this file manually. Use
npx @insforge/cli linkto switch projects.