CLI for the Action1 API — manage your endpoints, automations, patches, and more from the terminal.
- ~140 API endpoints covered: endpoints, automations, reports, software deployment, vulnerabilities, RBAC, and more
- Secure credential storage: client secrets stored in OS keychain (macOS Keychain, Windows Credential Manager, Linux Secret Service)
- Multi-profile: manage multiple Action1 accounts and organizations
- Multi-region: North America, Europe, Australia
- Flexible output: table, JSON, CSV, YAML
- Cross-platform: macOS, Linux, Windows (amd64 and arm64)
- Auto-pagination: fetch all results with
--all - MCP integration: 50 tools for Claude Code, VS Code, JetBrains
- An Action1 account with API access
- API credentials (Client ID and Client Secret) generated from the Action1 console
Go to the Releases page and download the archive for your platform.
Or with a single command:
macOS (Apple Silicon — M1/M2/M3/M4):
curl -sL https://github.com/dimer47/action1-cli/releases/latest/download/action1-cli_darwin_arm64.tar.gz | tar xz
sudo mv action1 /usr/local/bin/macOS (Intel):
curl -sL https://github.com/dimer47/action1-cli/releases/latest/download/action1-cli_darwin_amd64.tar.gz | tar xz
sudo mv action1 /usr/local/bin/Linux (amd64):
curl -sL https://github.com/dimer47/action1-cli/releases/latest/download/action1-cli_linux_amd64.tar.gz | tar xz
sudo mv action1 /usr/local/bin/Linux (arm64 — Raspberry Pi, etc.):
curl -sL https://github.com/dimer47/action1-cli/releases/latest/download/action1-cli_linux_arm64.tar.gz | tar xz
sudo mv action1 /usr/local/bin/Windows:
Download action1-cli_windows_amd64.zip from the Releases page, extract and add the folder to your PATH.
go install github.com/dimer47/action1-cli@latestThe binary will be installed in $GOPATH/bin/ (usually ~/go/bin/). Make sure this directory is in your PATH.
git clone https://github.com/dimer47/action1-cli.git
cd action1-cli
go build -o action1 .
./action1 versionaction1 version
# action1 version 0.1.0The CLI automatically checks for new versions at startup and notifies you when an update is available.
# Update to the latest version
action1 self-update
# Check for updates without installing
action1 self-update --checkThe update is downloaded from GitHub Releases and replaces the current binary in place. If the binary is in a protected directory (e.g. /usr/local/bin/), sudo will be requested automatically.
- Log in to the Action1 console
- Go to Configuration > API Credentials
- Click Create API Credentials
- Copy the Client ID and Client Secret
- Note your region (North America, Europe, or Australia)
action1 auth login --region euAnswer the prompts:
Region: eu (https://app.eu.action1.com/api/3.0)
Client ID: api-key-xxxxx@action1.com # Paste your Client ID
Client Secret: # Paste your secret (hidden)
Successfully authenticated.
Token expires in 3600 seconds.
The client credentials are stored in the OS keychain (encrypted). Tokens are stored locally with restricted permissions (0600).
# List organizations to find your org ID
action1 org list
# Set the default
action1 config set org <orgId># List your endpoints
action1 endpoint list
# Check endpoint status
action1 endpoint status
# List vulnerabilities
action1 vulnerability list
# Run a report
action1 report data <reportId>Located at:
- macOS:
~/Library/Application Support/action1/config.yaml - Linux:
~/.config/action1/config.yaml - Windows:
%APPDATA%\action1\config.yaml
# Create a "production" profile
action1 config use-profile production
action1 auth login --region eu
# Create a "staging" profile
action1 config use-profile staging
action1 auth login --region na
# List profiles (* = active)
action1 config list-profiles
# default
# * production
# staging
# Switch profile
action1 config use-profile production
# Use a profile for a single command
action1 endpoint list --profile staging| OS | Backend | What is stored |
|---|---|---|
| macOS | Keychain | Client ID + Secret |
| Windows | Credential Manager | Client ID + Secret |
| Linux | Secret Service (GNOME Keyring / KWallet) | Client ID + Secret |
| Fallback | Config file (0600) | Everything |
Tokens (access + refresh) are always stored in the config file with restricted permissions, as they are too large for some keychain implementations.
Use --no-keychain to force file-based storage for everything.
action1 endpoint list # List all endpoints
action1 endpoint list --all # Fetch all (auto-paginate)
action1 endpoint list --filter "name eq 'SRV01'" # OData filter
action1 endpoint get <id> # Endpoint details
action1 endpoint status # Online/offline counts
action1 endpoint update <id> --name "new-name" # Rename
action1 endpoint delete <id> # Delete (asks confirmation)
action1 endpoint move <id> --to-org <orgId> # Move to another org
action1 endpoint missing-updates <id> # Missing patches
action1 endpoint install-url windowsEXE # Agent install URLaction1 endpoint-group list # List groups
action1 endpoint-group create --name "Servers" # Create
action1 endpoint-group members <id> # List members
action1 endpoint-group add <id> --endpoints a,b,c # Add endpoints
action1 endpoint-group remove <id> --endpoints a,b # Remove endpoints# Schedules
action1 automation schedule list
action1 automation schedule create --data @schedule.json
action1 automation schedule get <id>
action1 automation schedule delete <id>
# Run immediately
action1 automation instance run --data @automation.json
action1 automation instance results <instanceId>
action1 automation instance stop <instanceId>
# Action templates
action1 automation template list
action1 automation template get <templateId>action1 report list # List reports
action1 report data <reportId> # Get report rows
action1 report data <reportId> --all # All rows
action1 report export <reportId> --output-file r.csv
action1 report requery <reportId> # Re-run
action1 report drilldown <reportId> <rowId> # Row detailsaction1 software list # List packages
action1 software get <id> # Package details
action1 software clone <id> # Clone a package
action1 software version create <pkgId> --data @v.json
action1 software upload <pkgId> <verId> ./installer.exeaction1 update list # All missing updates
action1 update get <packageId> # Updates for a package
action1 update endpoints <pkgId> <verId> # Endpoints missing updateaction1 installed-software list # All installed apps
action1 installed-software get <endpointId> # Apps on one endpoint
action1 installed-software requery # Refresh dataaction1 vulnerability list # Vulnerable software
action1 vulnerability get <cveId> # CVE details (org)
action1 vulnerability cve <cveId> # CVE details (global)
action1 vulnerability endpoints <cveId> # Affected endpoints
action1 vulnerability remediation list <cveId> # Past remediations
action1 vulnerability remediation create <cveId> --data @control.jsonaction1 script list # List scripts
action1 script create --name "Cleanup" --type powershell --file cleanup.ps1
action1 script get <id>
action1 script update <id> --file cleanup_v2.ps1
action1 script delete <id>action1 user me # Current user
action1 user list # All users
action1 user create --email admin@co.com --name "Admin"
action1 role list # All roles
action1 role assign <roleId> <userId> # Assign user to role
action1 role permissions # Permission templatesaction1 org list # List orgs
action1 org create --name "Production" # Create
action1 org update <id> --data '{"name":"Prod"}' # Update
action1 org delete <id> # Deleteaction1 audit list # Audit events
action1 audit list --from 2026-01-01 --to 2026-01-31
action1 audit get <id> # Event details
action1 audit export --output-file audit.json # Exportaction1 search "query" # Quick search
action1 log get # Diagnostic logs
action1 enterprise get # Enterprise settings
action1 subscription info # License info
action1 subscription usage # Usage stats| Flag | Short | Description | Default |
|---|---|---|---|
--org |
-o |
Organization ID | from config |
--region |
-r |
Server region: na, eu, au |
from config |
--output |
-O |
Output format: table, json, csv, yaml |
table |
--profile |
-p |
Config profile | from config |
--quiet |
-q |
Suppress headers and decorations | false |
--verbose |
-v |
Show HTTP requests | false |
--no-color |
Disable colored output | false |
|
--no-keychain |
Use file-based credential storage | false |
|
--config |
Config file path | auto-detected |
# Bash
action1 completion bash > /etc/bash_completion.d/action1
# Zsh (add to your .zshrc)
action1 completion zsh > "${fpath[1]}/_action1"
# Fish
action1 completion fish > ~/.config/fish/completions/action1.fish
# PowerShell
action1 completion powershell > action1.ps1For faster typing:
| Command | Alias |
|---|---|
endpoint |
ep |
endpoint-group |
epg |
automation |
auto |
vulnerability |
vuln |
software |
sw |
installed-software |
isw |
data-source |
ds |
subscription |
sub |
report-subscription |
report-sub |
The CLI includes a built-in MCP (Model Context Protocol) server exposing 50 tools for AI assistants.
Add to your Claude Code settings (or VS Code / JetBrains with the Claude extension):
{
"mcpServers": {
"action1": {
"command": "action1",
"args": ["mcp-serve"]
}
}
}The MCP server automatically uses your credentials from
action1 auth login. No extra configuration needed.
| Tool | Description |
|---|---|
org-list |
List all organizations |
org-create |
Create a new organization |
endpoint-list |
List managed endpoints |
endpoint-get |
Get endpoint details |
endpoint-status |
Endpoint status (online/offline) |
endpoint-update |
Update endpoint name/comment |
endpoint-delete |
Delete an endpoint |
endpoint-missing-updates |
Missing patches for an endpoint |
endpoint-group-list |
List endpoint groups |
endpoint-group-get |
Get group details |
endpoint-group-members |
List endpoints in a group |
automation-schedule-list |
List automation schedules |
automation-schedule-get |
Get schedule details |
automation-schedule-delete |
Delete a schedule |
automation-instance-list |
List automation instances |
automation-instance-get |
Get instance details |
automation-instance-results |
Endpoint results for an instance |
automation-instance-stop |
Stop a running automation |
automation-template-list |
List action templates |
report-list |
List all reports |
report-data |
Get report data rows |
report-export |
Export a report |
report-requery |
Re-run a report |
software-list |
List software packages |
software-get |
Get package details |
update-list |
List missing updates |
update-get |
Updates for a package |
installed-software-list |
List installed software |
installed-software-get |
Software on a specific endpoint |
vulnerability-list |
List vulnerable software |
vulnerability-get |
CVE details (org-specific) |
vulnerability-endpoints |
Endpoints affected by a CVE |
vulnerability-cve |
CVE description (global) |
script-list |
List scripts |
script-get |
Get a script |
data-source-list |
List data sources |
user-me |
Current user info |
user-list |
List all users |
user-get |
Get user details |
user-roles |
User's assigned roles |
role-list |
List all roles |
role-get |
Get role details |
role-users |
Users in a role |
role-permissions |
Permission templates |
enterprise-get |
Enterprise settings |
subscription-info |
License info |
subscription-usage |
Usage statistics |
search |
Search endpoints, reports, apps |
audit-list |
Audit trail events |
audit-get |
Audit event details |
log-get |
Diagnostic logs |
Once configured, you can simply say:
- "List my Action1 endpoints"
- "What vulnerabilities affect my organization?"
- "Show me the missing patches for endpoint X"
- "What automations are running?"
Claude will automatically call the right MCP tools.
# Clone
git clone https://github.com/dimer47/action1-cli.git
cd action1-cli
# Build
go build -o action1 .
# Run tests
go test ./...
# Lint
go vet ./...git tag v0.1.0
git push origin v0.1.0
# GitHub Actions builds and publishes automaticallyMIT