CLI reference

The mog CLI is available as an npm package. All commands support --json for machine-readable output, making the CLI suitable for use inside agent runners and CI pipelines.

npm install -g mogmd

Exit codes

Code	Meaning
0	Success
1	Error (printed to stderr)
2	Approval required — an approvalUrl is included in the JSON output

JSON output

Add --json to any command to get structured output. All JSON responses share this envelope:

// Success
{ "ok": true, "command": "install", "data": { ... } }
 
// Error
{ "ok": false, "command": "install", "error": "Package not found" }
 
// Approval required (exit code 2)
{ "ok": false, "command": "buy", "error": "Approval required", "approvalUrl": "https://mog.md/..." }

The data field shape varies per command — see each command below for its specific output shape.

Global options

Flag	Description
--version	Print CLI version and exit
--help	Print help for a command

---

mog auth

Authenticate with the mog marketplace using the device code flow (RFC 8628).

mog auth [options]

Flag	Description
--logout	Log out and remove stored credentials
--status	Show current auth status without triggering login
--json	Output as JSON

How it works

Running mog auth starts the device flow: it requests a short code from the API, prints a URL and code, and polls until you approve in a browser. Once approved, the token is stored locally. This flow works in fully headless environments — no browser is needed on the CLI host.

Examples

# Start authentication
mog auth
 
# Check if authenticated
mog auth --status
 
# Log out
mog auth --logout

Credential storage

• macOS: ~/Library/Application Support/mog/credentials.json
• Linux: ~/.config/mog/credentials.json
• Windows: %APPDATA%\mog\credentials.json

JSON output (--json)

{ "ok": true, "command": "auth", "data": { "authenticated": true } }
{ "ok": true, "command": "auth", "data": { "loggedOut": true } }
{ "ok": true, "command": "auth", "data": { "authenticated": false } }

---

mog search

Search the mog marketplace for packages.

mog search [query] [options]

Flag	Description	Default
[query]	Full-text search query (optional)	—
--type <type>	Filter by type: skill, rule, bundle, template	—
--target <target>	Filter by agent target: cursor, claude-code, codex, generic	—
--sort <sort>	Sort order: popular, recent, price_asc, price_desc	popular
--free	Show only free packages	—
--page <n>	Page number	1
--json	Output as JSON	—

Examples

# Free-text search
mog search "react testing"
 
# Only skills for Cursor
mog search --target cursor --type skill
 
# Free packages sorted by newest
mog search --free --sort recent
 
# JSON output for scripting
mog search "testing" --json

JSON output (--json)

{
  "ok": true,
  "command": "search",
  "data": {
    "results": [
      {
        "id": "uuid",
        "vendorSlug": "acme",
        "slug": "react-testing-skill",
        "title": "React Testing Skill",
        "description": "...",
        "type": "skill",
        "targets": ["cursor", "claude-code"],
        "priceCents": 0,
        "currency": "usd",
        "latestVersion": "1.2.0",
        "installCount": 124,
        "rating": "4.8",
        "ratingCount": 12,
        "vendorName": "Acme Corp",
        "vendorVerified": true
      }
    ],
    "total": 1,
    "page": 1,
    "perPage": 20
  }
}

---

mog buy

Purchase a package without installing it.

mog buy <vendor/package> [options]

Requires authentication.

Flag	Description
<vendor/package>	Package identifier, e.g. acme/router-eval
--max-price <cents>	Maximum price in cents. If the package costs more, the purchase is blocked.
--auto	Allow automatic purchase within policy limits
--json	Output as JSON

Approval required (exit code 2)

If the package price exceeds your spend policy or the --max-price ceiling, the command exits with code 2:

{ "ok": false, "command": "buy", "error": "Approval required", "approvalUrl": "https://mog.md/purchases/approve?listing=..." }

JSON output (--json)

// Successful purchase
{
  "ok": true,
  "command": "buy",
  "data": {
    "status": "purchased",
    "entitlementId": "uuid",
    "orderId": "uuid",
    "amountCents": 500
  }
}
 
// Already owned
{ "ok": true, "command": "buy", "data": { "status": "already_owned", "entitlementId": "uuid" } }

---

mog install

Download, verify, and install a package. Optionally purchase it in the same step with --auto-buy.

mog install <vendor/package> [options]

Requires authentication.

Flag	Description	Default
<vendor/package>	Package identifier, e.g. acme/router-eval	—
--target <target>	Installation target: cursor, claude-code, codex, generic. Auto-detected if not specified.	auto
--auto-buy	Automatically purchase the package if not already owned	—
--max-price <cents>	Maximum price in cents when using --auto-buy	—
--preflight	Show what would happen without making any changes	—
--dir <path>	Installation directory	current directory
--json	Output as JSON	—

Target auto-detection

If --target is not specified, the CLI detects the environment by checking for marker directories in the current working directory:

• .cursor/ → target: cursor
• .claude/ → target: claude-code
• (none) → target: generic

Default install paths

Target	Default install path
cursor	.cursor/skills/{slug}/
claude-code	.claude/skills/{slug}/
codex	mog_modules/{slug}/
generic	mog_modules/{slug}/

Package authors can override these defaults in their mog.yaml install_map field.

What install does

1. Fetches the listing and resolves the latest published release
2. Checks your entitlement; purchases if --auto-buy is set
3. Requests a signed download URL (expires in 5 minutes)
4. Downloads the .zip archive and verifies the SHA-256 hash
5. Extracts files to the install path (path traversal protected)
6. Writes the entry to mog.lock.json atomically

JSON output (--json)

{
  "ok": true,
  "command": "install",
  "data": {
    "package": "acme/router-eval",
    "version": "1.0.0",
    "target": "cursor",
    "installPath": "/my-project/.cursor/skills/router-eval/",
    "files": 3
  }
}

---

mog ls

List all packages installed in the current project (reads from mog.lock.json).

mog ls [options]

Flag	Description	Default
--dir <path>	Project directory to read lockfile from	current directory
--json	Output as JSON	—

JSON output (--json)

{
  "ok": true,
  "command": "ls",
  "data": {
    "count": 2,
    "packages": [
      {
        "name": "acme/router-eval",
        "vendor": "acme",
        "slug": "router-eval",
        "version": "1.0.0",
        "target": "cursor",
        "installPath": "/my-project/.cursor/skills/router-eval/",
        "installedAt": "2026-01-15T10:00:00.000Z",
        "updateChannel": "minor"
      }
    ]
  }
}

---

mog update

Update installed packages to the latest compatible version. Respects the updateChannel field in the lockfile (default: minor — blocks major version bumps).

mog update [vendor/package] [options]

Requires authentication.

Flag	Description	Default
[vendor/package]	Specific package to update. If omitted, updates all packages.	—
--dry-run	Show available updates without installing anything	—
--dir <path>	Project directory	current directory
--json	Output as JSON	—

Update channels

Channel	Allowed updates
patch	Patch versions only (e.g. 1.0.0 → 1.0.1)
minor	Patch and minor versions (e.g. 1.0.0 → 1.2.0) — default
major	All versions including major bumps

JSON output (--json)

{
  "ok": true,
  "command": "update",
  "data": {
    "updated": [{ "name": "acme/router-eval", "from": "1.0.0", "to": "1.1.0" }],
    "skipped": [{ "name": "acme/big-upgrade", "version": "2.0.0", "reason": "Major upgrade requires explicit opt-in." }]
  }
}

---

mog uninstall

Remove an installed package and update the lockfile.

mog uninstall <vendor/package> [options]

Flag	Description	Default
<vendor/package>	Package identifier, e.g. acme/router-eval	—
--dir <path>	Project directory	current directory
--json	Output as JSON	—

Removes the install directory from disk and deletes the entry from mog.lock.json. Does not revoke your entitlement — you can reinstall at any time.

JSON output (--json)

{
  "ok": true,
  "command": "uninstall",
  "data": {
    "package": "acme/router-eval",
    "removedPath": "/my-project/.cursor/skills/router-eval/"
  }
}

---

mog publish

Build, upload, scan, and publish a package from a local directory.

mog publish [options]

Requires authentication with sell scope (vendor account required).

Flag	Description	Default
--dir <path>	Package directory to publish	current directory
--price <dollars>	Price in USD (e.g. 4.99). Only applied on the first upload of this package.	—
--yes	Skip confirmation prompt	—
--json	Output as JSON	—

What publish does

1. Reads and validates mog.yaml in the package directory
2. Zips the directory (excluding .git, node_modules, .DS_Store)
3. Prompts for confirmation (unless --yes)
4. Uploads the archive to the API
5. Polls the scan pipeline until the scan completes (max 2 minutes)
6. Automatically publishes the release if the scan passes

Examples

# Publish from the current directory
mog publish
 
# Publish a package directory at a specific price
mog publish --dir ./my-skill --price 4.99
 
# Skip prompts (for CI pipelines)
mog publish --yes --json

JSON output (--json)

{
  "ok": true,
  "command": "publish",
  "data": {
    "name": "acme/my-skill",
    "version": "1.0.0",
    "releaseId": "uuid",
    "listingId": "uuid"
  }
}

---

Environment variables

Variable	Description	Default
MOG_API_URL	Override the API base URL (useful for self-hosting or development)	https://api.mog.md
MOG_TOKEN	API token. Read before checking the credentials file.	—