Skip to main content
The Duvo CLI is designed to run in scripts and automation pipelines, not just interactively. This page covers how to authenticate in non-interactive environments, common automation patterns, and three complete worked examples.

Authentication in CI/CD and scripts

Use an API key, not OAuth

OAuth sessions require a browser login and are bound to a user’s session. For CI/CD pipelines and server-side scripts, use an API key instead. Generate a key at Your Profile → API keys — scoped to a single team or to all teams you can access — and store it as a secret environment variable in your CI system (GitHub Actions secrets, GitLab CI variables, AWS Secrets Manager, etc.). Users with the Manager role or above can also create and view a team’s keys at Team Settings → API keys.

Pass the key as an environment variable

The CLI reads DUVO_API_KEY automatically, so you never need to touch a config file or run duvo login in a pipeline:

Rotating API keys

API keys do not expire by default. Rotate them by:

Create a new key

Create a new key at Your Profile → API keys.

Update the CI secret

Update the key in your CI secret store.

Delete the old key

Delete the old key from the dashboard.
There is a brief window between steps where both keys are valid — this ensures zero-downtime rotation.
If a key is compromised, delete it immediately and treat any Runs that ran under it as potentially untrusted.

GitHub Actions example


Common scripting patterns

Start a Run and wait for it to finish

duvo runs start returns immediately. Poll duvo runs get until the Run reaches a terminal status:

Upload files before starting a Run

When your Agent needs to process files, create a sandbox, upload the files, and pass the sandbox ID to the run:
For files larger than 10 MB, get a presigned URL and upload directly:

Bulk-reprocess Cases on an Agent

When you need to route a set of Cases to a specific Agent — for example, assigning a backlog of items after a new Agent is deployed.
Any active Runs for the specified Cases are interrupted.
--ids accepts a comma-separated list of up to 100 Case IDs. The --yes flag skips the confirmation prompt, which is required in non-interactive scripts.

Collect Run output from a completed run

After a Run finishes, pull the assistant’s messages to feed the output into downstream systems:

Roll out an Agent config change to multiple Agents

When a shared config file is updated (for example, a common AOP or tool set), push it as a new Revision across every affected Agent:

Worked examples

Example 1: One-shot Run trigger

Trigger a Run from any shell or pipeline and print the final output. Exit non-zero if the Run fails.

Example 2: Nightly Agent config sync from Git

Store Agent configs as JSON files in a Git repository and push any changed configs to Duvo on every merge to main. This lets you version-control your Agent Setups alongside your application code. Repository layout:
Sync script (.github/workflows/sync-assignments.yml):
Only files changed in the push are synced, so the workflow is fast even with many Agent files in the repo.

Example 3: Weekly Run-status report

Run weekly in CI to summarize how many Runs completed, failed, or are still running across your key Agents. Post the summary wherever your team receives reports.
Pipe the output to slack-cli, mail, or any notification tool your team uses.

Tips

  • Always add --yes to bulk operations (bulk-reprocess, bulk-update-status, cases delete) in scripts so they don’t block waiting for confirmation.
  • Combine --json with jq for all scripting — human-readable output can change between CLI versions, but JSON is stable.
  • Set DUVO_PROFILE to target a non-default profile (e.g., staging) without changing your shell’s default: DUVO_PROFILE=staging duvo runs start --agent "$AGENT_ID" --json.
  • Run duvo <command> --help to see the full flag set for any command.

Starting Runs

Full command reference for duvo runs

Managing Agents

Creating Agents and Revisions

Cases and Queues

Bulk Case operations

Advanced Commands

duvo api, sandboxes, and raw API access

Public API Reference

REST alternative if you need more than the CLI offers