CLI Skill
This skill teaches your coding agent how to drive the entire Inkbox API from a shell using the @inkbox/cli tool. Once installed, the agent knows which commands exist, which flags they take, which require a vault key, and which are high-risk and need user confirmation before running.
What your agent learns
| Feature | Operations |
|---|---|
| Auth & runtime | --api-key / INKBOX_API_KEY, --vault-key / INKBOX_VAULT_KEY, --base-url, --json for parseable output |
| Install modes | Global (npm install -g @inkbox/cli), one-shot (npx @inkbox/cli <command>), local repo dev (npm --prefix cli run dev -- <command>) |
| High-risk operations | Commands that send real traffic or mutate resources — signup create, email send, phone call, text send, identity delete, email delete, vault delete, number release, filter-mode flips, signing-key create |
| Agent self-signup | inkbox signup create, signup verify, signup resend-verification, signup status — with the issued API key passed back via --api-key or INKBOX_API_KEY |
| Identities | identity list / get / create <handle> [--display-name] [--description] [--email-local-part] [--tls-mode edge|passthrough] / delete / update <handle> [--display-name] [--description] [--clear-description] [--new-handle] [--status active|paused] / refresh |
| Tunnels | tunnel list / tunnel get <id-or-handle> / tunnel update <id> [--metadata] / tunnel sign-csr <id> --csr <path-or-pem> [--out <path>] — tunnels are provisioned and destroyed via the identity surface |
| Identity-scoped secrets | identity create-secret / get-secret / delete-secret / revoke-access / set-totp / remove-totp / totp-code (requires vault key) |
email send / list / get / search / unread / mark-read / delete / delete-thread / star / unstar / thread — all identity-scoped via -i <handle> | |
| Phone | phone call / calls / transcripts / search-transcripts — identity-scoped |
| Text messages | text send (--to <number[,number...]> | --conversation-id <uuid>) [--text] [--media-url] for 1:1 SMS/MMS, beta group MMS, and conversation replies; list / get / conversations --include-groups / conversation <conversation-key> / search / mark-read / mark-conversation-read <conversation-key> — identity-scoped. Some carriers may reject group chats or MMS from 10DLC numbers |
| Vault | vault init / info / secrets / get / create / delete / keys / grant-access / revoke-access / access-list; per-type listings (logins, api-keys, ssh-keys, key-pairs) |
| Vault secret types | login, api_key, key_pair, ssh_key, other — with per-type flag sets (e.g. --password, --key, --private-key, --data) |
| Mailboxes (admin) | mailbox list / get / update (filter mode) — mailboxes are created and destroyed via the identity surface |
| Mailbox contact rules | mailbox rules list / get / create / update / delete — per-mailbox and admin-wide listings |
| Phone numbers (admin) | number list / get / provision / update (incoming-call action / filter mode) / release |
| Number contact rules | number rules list / get / create / update / delete — per-number and admin-wide listings |
| Contacts | contacts list / get / create / update / delete / lookup (by email / email-contains / email-domain / phone / phone-contains) / import <file.vcf> / export / access list / grant / revoke |
| Notes | notes list / get / create / update / delete / access list / grant / revoke |
| Whoami, signing keys, webhooks | inkbox whoami, inkbox signing-key create, inkbox webhook verify --payload --secret -H ... — event-type-agnostic; verifies any of the six mail events (each with a sparse data.contacts list of {bucket, address, id, name} per matched recipient, plus bcc_addresses on outbound), five text.* lifecycle events (conversation_id, outbound recipients[], group recipient_phone_number, plural data.contacts + data.agent_identities), or the flat inbound-call payload (plural top-level contacts + agent_identities) |
| Output conventions | --json for stable parsing; default table/record output for human review; stderr notices on filter-mode changes |
Install
bashInstall the CLI itself:
bash