CLI Reference

Last updated: Apr. 1, 2026

The Foundry CLI provides a collection of commands that support the entire app development process. You can use it to create, test, and manage your apps directly from the command line.

Most Foundry commands can be run in either non-interactive mode or interactive mode. In non-interactive mode, you use command-line arguments to form exactly the command you want to run, in a single step. In interactive mode, you run a basic command with no extra arguments, and you’re guided through a series of prompts. To back out of a series of prompts, press Ctrl+C.

If a flag is marked as required in this reference, this means that the flag is required for the command to run. If you don’t specify a flag that’s required, you’re prompted to provide a value for it. Some commands have a --no-prompt flag, which prevents prompts for unspecified flags. If you don’t specify all required flags when you use the --no-prompt flag, the command returns an error.

To view the list of available Foundry commands:

foundry

To view a list of available subcommands for a command:

foundry [subcommand]

To view usage and options, add --help or -h:

foundry apps create -h

To view detailed command execution output, add the --verbose option.

api-integrations

Create and manage API integrations for your app.

foundry api-integrations [subcommand]

Subcommands: create, run, view

api-integrations create

foundry api-integrations create [flags]

Example:

foundry api-integrations create --name PetStore \
  --spec https://petstore3.swagger.io/api/v3/openapi.json --no-prompt

Flag	Required	Description
`--description -d`	Yes	A description for the API integration.
`--name -n`	Yes	A name for the API integration.
`--spec`	Yes	The file path or URL to an OpenAPI specification file.
`--no-prompt`	No	Prevents prompting for user input.

api-integrations run

Run an operation in an API integration.

foundry api-integrations run [flags]

Flag	Required	Description
`--operation-id`	Yes	The name of the API operation to run.
`--spec -s`	Yes	Path to the OpenAPI specification within the app directory.
`-c, --configs`	No	The config to pass to the API. Can specify multiple.
`--operation-path`	No	The path of the API operation to run.
`--operation-verb`	No	The verb (GET, POST, etc.) for the API operation.
`--params -p`	Conditional	Parameters to pass. Required if the operation has mandatory parameters.

api-integrations view

Start a local Swagger Editor UI server.

foundry api-integrations view

apps

Create and manage apps.

foundry apps [subcommand]

Subcommands: clone, create, delete, deploy, list-deployments, release, run, sync

apps clone

Make a copy of an existing Foundry app deployment.

foundry apps clone [flags]

Example:

foundry apps clone --app-id 84b299...d44731 --directory my-cloned-app --deployment-version v1.1.0-pre-release --no-git

Flag	Required	Description
`--app-id`	Yes	The app ID. Find it at Foundry > App manager — the last part of the URL.
`--deployment-version -v`	Yes	The deployment version to clone.
`--directory -d`	No	Location for the cloned app. Defaults to the app name.
`--no-git`	No	Prevent initializing a Git repository.
`--overwrite -w`	No	Overwrites an existing directory of the same name.

apps create

Create a new app, its directory structure, and manifest file.

foundry apps create [flags]

Example:

foundry apps create --name "my-first-app" --description "My first Foundry app" --no-prompt

Flag	Required	Description
`--name -n`	Yes	A name for the app.
`--description -d`	Yes	A description for the app.
`--from-template`	No	Use an app template to create an app.
`--logo -l`	No	URL or file system path to an image for the app logo.
`--no-git`	No	Prevent initializing a Git repository.
`--no-prompt`	No	Prevent prompting for optional flags.
`--usecase`	No	Use case for the app.
`--vendor`	No	Vendor of the app.
`--vendor-products`	No	Comma-delimited list of related products.

apps delete

Delete an app, its directory structure, and manifest file. Use with caution — changes are irreversible.

foundry apps delete [flags]

Flag	Required	Description
`--force-delete -f`	No	Delete without prompting for confirmation.
`--local-files`	No	Also delete local files. Default: false.

apps deploy

Package and upload files from your local app directory to your CID.

foundry apps deploy [flags]

Example:

foundry apps deploy --change-type major --change-log "New Threat Hunting dashboard"

Flag	Required	Description
`--change-log -c`	Yes	A description of the changes in this deployment.
`--change-type`	Yes	The version type: `major`, `minor`, or `patch`.
`--diff-only`	No	Preview a diff without performing the deployment.
`--no-live-progress`	No	Do not display live progress.
`--no-prompt`	No	Prevent prompting.
`--re-deploy`	No	Retry the latest failed deployment.
`--write-local-pkg`	No	Write the packaged content to the local file system.

apps list-deployments

List deployments and deployment IDs for an app.

foundry apps list-deployments [flags]

apps release

Release an app deployment version so it can be installed from the app catalog.

Important: Releasing an app with the Foundry CLI does not trigger MFA identity verification for apps with relevant RTR capabilities in environments where MFA is required. MFA identity verification is triggered only when releasing apps from the Foundry UI.

foundry apps release [flags]

Example:

foundry apps release --deployment-id dc2e8c...c80bfd --change-type major --notes "New Threat Hunting dashboard"

Flag	Required	Description
`--change-type -v`	Yes	The version type: `major`, `minor`, or `patch`.
`--deployment-id -d`	Yes	The deployment ID. Get this by running `foundry apps list-deployments`.
`--notes -n`	Yes	Release notes describing the changes.
`--app-id`	No	Specify only if running from a different app directory.

apps run

Start the app locally in development mode.

foundry apps run

apps sync

Download an app deployment version into a directory for local development.

foundry apps sync [flags]

Example:

foundry apps sync --app-id d955b4...296693 --deployment-version v3.0.0-pre-release --no-git

Flag	Required	Description
`--app-id`	Yes	The app ID.
`--deployment-version -v`	Yes	The deployment version to sync.
`--directory -d`	No	Directory to sync into. Defaults to the app name.
`--force`	No	Force sync even if there are undeployed UI changes.
`--no-git`	No	Prevent initializing a Git repository.
`--no-prompt`	No	Prevent prompting.
`--replace-all -w`	No	Replace all files in the directory if it already exists.

apps validate

Validates the app and its associated artifacts for deployment to the cloud without actually deploying. This performs a dry run of the deployment process.

foundry apps validate [flags]

Example:

foundry apps validate --no-prompt

Flag	Required	Description
`--no-prompt`	No	Do not interactively prompt for any values.

auth

Manage authorization for your app (roles and scopes).

foundry auth [subcommand]

Subcommands: roles, scopes

auth roles create

Create a custom role and permissions to control app access.

foundry auth roles create [flags]

Example:

foundry auth roles create --name threat-hunting-dashboard --description "Controls access to the threat hunting dashboard" --permissions access-dashboards

auth scopes add

Grant additional permissions to your app.

foundry auth scopes add

Note: Running this command results in a major version update and requires users of your app to accept.

collections

Create and manage storage collections and schemas.

foundry collections [subcommand]

collections create

Create a new collection with a new schema, or update an existing collection.

foundry collections create --name <new_collection_name> [flags]
foundry collections create --name <existing_collection_name> [flags]

Flag	Required	Description
`--name -n`	Yes	A name for the collection (new or existing).
`--description -d`	Yes	A description for the collection.
`--schema`	Yes	File path or URL to a JSON Schema document.
`--permissions`	No	Permissions required. Must be created with `foundry auth roles create` first.
`--wf-expose`	No	Controls whether the artifact can be used as a workflow action. Default: false.
`--wf-app-only-action`	No	Limit to app workflows only (not Fusion SOAR). Default: true.
`--wf-tags`	No	Optional tags for categorization in Fusion SOAR workflows.

completion

Output shell completion for the given shell.

foundry completion [subcommand]

Subcommands: bash, fish, oh-my-zsh, powershell, zsh

docs

Create a README doc for your Foundry app in Markdown.

foundry docs [subcommand]

Subcommands: add, create

docs add

Upload an image for your app’s README doc.

foundry docs add --image-path example.png

Note: The image file must be added to the app_docs directory first.

docs create

Create a README doc for your Foundry app.

foundry docs create --name readme.md

functions

Build custom business logic into your app. Functions can be written in Python or Go.

foundry functions [subcommand]

Aliases: fns

Subcommands: create, run

functions create

Add a function to an app. This command does not have an interactive mode — you must specify all required options on the command line.

You can’t assign permissions when creating a function; you must assign permissions in the app manifest.

Example (Python):

foundry functions create --name "hello-world-py" --description "hello world function in python" -l python --handler-method GET --handler-name "hello-world-handler" --handler-path /helloworld

Example (Go):

foundry functions create --name "hello-world-go" --description "hello world function in go" --language go --handler-method GET --handler-name "hello-world-handler" --handler-path /helloworld

Flag	Required	Description
`--name -n`	Yes	Function name (5-50 chars, lowercase letters/numbers/hyphens).
`--description -d`	Yes	Description (10-1000 chars).
`--language -l`	Yes	`python` or `go`.
`--handler-name`	Yes	A name for the function handler.
`--handler-method`	Yes	HTTP method: GET, POST, PUT, PATCH, or DELETE.
`--handler-path`	Yes	The path to the handler API.
`--input-schema`	Yes	Path to a JSON schema file for expected input.
`--config-path`	No	File path for a function configuration file (JSON or YAML).
`--max_exec_duration_seconds`	No	Maximum execution time, up to 900 seconds.
`--max_exec_memory_mb`	No	Maximum memory allocation, up to 1024 MB.
`--output-schema`	No	Path to a JSON schema file for expected output.
`--permissions`	No	Permissions required for the function.
`--wf-expose`	No	Controls whether the function can be used as a workflow action. Default: false.
`--wf-app-only-action`	No	Limit to app workflows only. Default: true.
`--wf-disruptive`	No	Mark the function as potentially disruptive.
`--wf-tags`	No	Optional tags for Fusion SOAR workflows.

functions run

Run a Docker image locally to test a function.

foundry functions run [flags]

Flag	Required	Description
`--name`	Yes	Run only the named functions.
`--debug`	No	Print detailed debug logs.

Create a CLI profile by opening an authorization form in your browser.

foundry login [flags]

Tip: If you use SSO, make sure you’re logged in with SSO, then go directly to the URL output by foundry login.

Flag	Required	Description
`--cloud-region -c`	No	Cloud region: us-1, us-2, eu-1, us-gov-1, us-gov-2.
`--no-config`	No	Output credentials to stdout instead of saving to configuration file.

profile

Display and manage Foundry CLI profiles.

Note: On Linux and macOS, your profile is stored in ~/.config/foundry/configuration.yml. On Windows: C:\Users\<username>\.config\foundry\configuration.yml.

foundry profile [subcommand]

Subcommands: activate, create, delete, list

profile activate

Change the active Foundry CLI profile.

foundry profile activate [flags]

profile create

Create a new Foundry CLI profile from an existing, non-Foundry API client.

foundry profile create [flags]

Flag	Required	Description
`--api-client-id`	Yes	The ID of an existing API client.
`--api-client-secret`	Yes	The secret for an existing API client.
`--cid`	Yes	The CID where the profile should be created.
`--cloud-region`	Yes	Cloud region: us-1, us-2, eu-1, us-gov-1, us-gov-2.
`--name -n`	Yes	A name for the CLI profile.

profile delete

Delete a Foundry CLI profile and its associated API client ID and secret.

foundry profile delete [flags]

profile list

List all of your Foundry CLI profiles.

foundry profile list

rtr-scripts

Create and manage custom Real Time Response scripts.

foundry rtr-scripts [subcommand]

Subcommands: create, run

rtr-scripts create

Add an RTR script to an app.

foundry rtr-scripts create [flags]

Flag	Required	Description
`--name -n`	Yes	The RTR script name.
`--platform -p`	Yes	Platform: `Linux`, `Windows`, or `Mac`.
`--description -d`	No	An optional description.

rtr-scripts run

Run an RTR script locally for testing.

foundry rtr-scripts run [flags]

Flag	Required	Description
`--script-name -s`	Yes	The RTR script name to run.
`--device-id`	Conditional	The host ID (required if hostname not provided).
`--hostname`	Conditional	The host name (required if device-id not provided).
`--params -p`	No	Parameters to pass to the RTR script.

saved-searches

Manage queries for an app.

foundry saved-searches [subcommand]

Aliases: logscale, saved-search, ss

Subcommands: create, delete, edit, list, upload

ui

Create and manage UI extensions and pages.

foundry ui [subcommand]

Subcommands: extensions, pages, run

ui extensions create

Create a new UI extension.

foundry ui extensions create

ui pages create

Create a new UI page.

foundry ui pages create

ui run

Start the app locally in development mode.

foundry ui run

workflows

Create and manage workflow templates.

workflows create

Create a new workflow template from a YAML specification file.

foundry workflows create [flags]

Example:

foundry workflows create --name "Paginate security events" \
  --spec workflows/Paginate_security_events.yml --no-prompt

Flag	Required	Description
`--name -n`	Yes	Name of the workflow.
`--spec -s`	Yes	Filepath or URL to a workflow specification file.
`--permissions`	No	Permissions required for the workflow.
`--no-prompt`	No	Do not interactively prompt for any values.

Workflow YAML specs are typically created visually in the Falcon console workflow builder and exported, then passed to this command. Hand-authoring the YAML from scratch is rare because the format includes action IDs and class references.