Skip to main content

Cody CLI Features

Cody CLI is a full-featured AI coding assistant that runs in your terminal. Here's everything it can do.

AI Coding Assistant

  • 9 top coding models — 4 free, 5 paid. Default: DeepSeek 4 Flash (free) / Kimi K2 (paid)
  • Zero signupnpm install -g @ainative/cody-cli && cody works instantly with auto-provisioning
  • Tool use — file read/write/edit, bash execution, grep, glob, web search, semantic codebase search
  • 100+ slash commands — code review, security scanning, PR review, workflows, and more
  • Streaming responses — real-time output as the model generates

Agentic Features

5-Level Nested Sub-Agents

Agents can spawn sub-agents up to 5 levels deep. Enables complex multi-step workflows where agents delegate specialized tasks. Depth is tracked via AsyncLocalStorage — no parameter drilling.

Background Agents

/bg <task> delegates work to a background agent. Continue working in the foreground while the agent runs. Get notified when background tasks complete.

Auto Mode

/auto on enables smart permission classification. Safe actions (file reads, grep, git status) run without prompting. Dangerous operations (rm, git push, sudo) still require explicit approval. The classifier categorizes every tool call as safe, review, or dangerous.

YAML Workflow Orchestration

Define multi-step agent pipelines in YAML:

name: review-and-fix
steps:
- name: review
prompt: "Review the code for bugs"
- name: fix
prompt: "Fix the bugs found in the review"
depends_on: [review]

Steps with no dependencies run in parallel. Circular dependency detection included.

Autonomous Goal Mode

/goal all tests pass with 80% coverage — Cody works autonomously until the condition is met. Maximum 20 turns, backs off after 3 failed attempts.

Code Quality

Code Review

/code-review reviews staged or last-commit git diff for bugs, edge cases, and missing error handling. Cites line numbers and suggests specific fixes.

Security Review

/security-review runs an OWASP Top 10 scan covering: SQL injection, XSS, command injection, path traversal, hardcoded secrets, SSRF, insecure crypto, missing auth, insecure deserialization, and security misconfiguration. Outputs structured findings with severity, file:line, description, and fix suggestion.

PR Review & Fix

  • /pr-review [number|url] — reviews a pull request for bugs, security, and performance
  • /pr-fix [number] — fetches review comments and auto-generates code fixes

Developer Experience

Persistent Memory

Cody stores context across sessions via ZeroDB. Memories persist between conversations — user preferences, project context, feedback, and reference pointers.

MCP Server Support

Connect external tools via the Model Context Protocol. Built-in MCP servers for ZeroDB, browser automation, and sequential thinking. Add custom servers in .mcp.json.

Custom Skills & Marketplace

11 built-in skills ship with the CLI. /skill-marketplace browses and installs community skills from the AINative catalog.

Session Monitoring

  • /recap [minutes|all] — see what happened while you were away
  • /monitor start <path> — watch files/directories for changes
  • /notifications on — mobile push notifications when tasks complete

Interactive Tutorials

/powerup offers 6 guided lessons covering tools, agents, MCP servers, memory, skills, and code review. Each lesson walks through the feature with live examples.

Token & Cost Tracking

/usage shows real-time token usage — model, turns, input/output tokens, and estimated cost. Works with all models including free tier.

Permission System

Deny Rules with Param Matching

Permission deny rules support parameter matching:

Bash(command:rm -rf)     # blocks rm commands specifically
Agent(subagent_type:*) # blocks all agent spawning

Uses contains-matching — rm -rf matches inside longer commands. Plain Tool rules still work for blanket denials.

Loop Self-Pacing

/loop 5 run tests and fix failures repeats an instruction N times. /loop until all tests pass loops until a condition is met. Self-paces with backoff after 3 consecutive identical errors.

Infrastructure

  • 1,274 tests including 144 stress tests
  • 22 MB unpacked package size (optimized from 42.7 MB)
  • 43K char system prompt (optimized from 59K — saves ~4K tokens per API call)
  • Fallback model chain — if the primary model is unavailable, Cody automatically tries the next in the chain