Installation
Web Terminal tools — plain English
What each command is for, what you get back, request cost, and when to use it. Same intelligence as the MCP server — this is the browser surface.
Request costs (2026): Heavy commands use multiple monthly requests (e.g. overview ~7, web website overview ~10, site/check ~6, supply ~8). Before a run you see Cost: ~N requests if this succeeds · free if it fails. Failed runs do not burn quota. Counts also show on Overview → Recent Calls after success.
Open the terminal at Dashboard → Terminal. Paste a public GitHub URL, then run a command. Type / for the slash menu — all 37 commands on /docs/slash-commands. MCP tools: /docs/tools.
How usage works
One successful tool call = one request on your API key. Failed runs (errors, bot walls handled cleanly, cancelled) do not burn quota. Warm cache on the same tab can return instantly without a new bill.
overview is designed as a single MCP call when possible. Running many different commands (overview + architecture + find + supply) bills once each — that is expected.
Learn a public GitHub repo
Paste https://github.com/owner/repo, then pick one of these. Answers use the same clean card design: hero, tags, short sections, dig deeper.
| Command | What it is | What you get | Requests | Needs |
|---|---|---|---|---|
overview | First look at a public GitHub repo | Product story, language bars, size, how to run, numbered next steps | ~7 | Repo URL pasted first |
architecture | How the codebase is wired | Entry points, auth, external services — clickable file paths | ~7 | Repo |
setup | Install and run this project | Install + dev/test/build commands in plain English | ~7 | Repo |
get-context | Full technical brief | Stack, layout, env, deploy — same clean card layout as overview | ~7 | Repo |
find QUERY | Search the codebase | Top matches with paths you can open | ~5 | Repo + search words |
structure | Folders and packages | Monorepo layout and where things live | ~7 | Repo |
stats | Size and layout snapshot | File counts, layout, run commands | ~5 | Repo |
read / outline | Open a file or outline | File body or symbol outline | ~5 | Repo + path |
check-package name | Is this npm/PyPI package safe? | Latest version, risk signals, CVEs, plain takeaway | ~5 | Package name |
check-test (legacy: scope-task) | Test Pulse — run suite / failures / why | Pass/fail clusters, fix_first, session follow-ups | ~1 run + free session slices | Repo with tests |
remember / recall / memory | Project memory facts | Saved decisions/gotchas across sessions | ~5 | Signed in |
think | One-shot structured reasoning | Checkpoint summary (multi-turn = editor) | ~2–5 | Signed in |
Any website or package
These do not need a repo (except combined supply with a connected GitHub project). Results are severity-ranked and plain English.
Start with web your-site.com — one overview card covering brand face, health, stack, security headers, and exposed API keys. Use site, check url, or supply site to zoom into one layer.
| Command | What it is | What you get | Requests | Needs |
|---|---|---|---|---|
web example.com | Website Overview — full public site scan | Identity, scorecard, TLS, cookies, stack/CDN, header scorecard, public vs private keys, what we scanned, fix-first — one powerful card | ~10 | Public URL or domain (no repo required) |
site example.com | Site Pulse — is the site up? | Alive/broken, trust score, load time, framework, plain English | ~6 | Public URL or domain (no repo required) |
check url https://… | Security headers audit | Grade (A–F), HSTS/CSP gaps, TLS — honest if bot wall blocks you | ~6 | Public HTTPS URL |
supply site https://… | Secrets on a live website | JS bundles, exposed files, leaked keys, severity-ranked fixes | ~8 | Public URL |
supply audit owner/repo | Hero: public GitHub + live site | Repo secrets + auto-discovered production URL scan | ~8 | Public GitHub owner/repo |
supply keys owner/repo | Secrets-only deep scan | Git history + pattern hits for leaked credentials | ~8 | Public GitHub owner/repo |
supply https://… | Wide URL security scan | Multi-page surface, headers, APIs, severity counts | ~8 | Public URL (or paste after connecting a repo) |
Bot walls
If a site returns "Vercel Security Checkpoint" or similar, the audit will say so — it will not pretend that page is grade F for missing HSTS. Retry later or audit an origin that is not behind a challenge.
Keys, quota, sessions
| Command | What it is | What you get | Requests | Needs |
|---|---|---|---|---|
usage | How much quota you used | Used / limit for the selected API key | free | Signed in |
keys · key N | Which API key bills this terminal | List keys; switch billing key | free | Signed in |
sessions · session N | Cloud terminal tabs | List, rename, switch, delete tabs | free | Signed in |
help | Command list with costs | Same costs as this page, inside the terminal | free | — |
defs NAME/rename WORD— definitions and every occurrence before a renameread FILE/outline FILE/summarize FILE— open or explain a fileframework·auth·database·deploy— deep slices of get-contexthelp— short command list in the terminalconnect— wire Cursor / VS Code withnpx zephex setup