CLI command reference
All commands accept --help. Identifiers are UUIDs or short names where noted.
Print the version with podmakerctl --version.
Authentication
Authentication commands are top-level.
| Command | Description |
|---|---|
pdctl login --url <panel> | Authenticate and store a bearer token |
pdctl whoami | Show the current user |
pdctl logout | Clear stored credentials |
plan
The planning workflow. See plan lifecycle for the end-to-end flow.
| Command | Description |
|---|---|
pdctl plan generate | Interview-driven plan (ECONOMY / BALANCED / PERFORMANCE) |
pdctl plan validate <file> | Schema-validate a plan |
pdctl plan estimate <file> | Monthly cost breakdown |
pdctl plan inspect <file> | Detailed plan analysis |
pdctl plan render <file> | Render to terminal / JSON |
pdctl plan customise <file> | Per-service override (mode, replicas, instance) |
pdctl plan compare <a> <b> | Per-node diff + cost delta |
pdctl plan diff --git-a <ref> --git-b <ref> | Diff two plan YAMLs, or two Git refs (--repo, --path) |
pdctl plan budget <topology-id> | Cost projection vs. a budget for a live topology |
pdctl plan apply <file> | Apply a plan to the control plane |
pdctl plan deploy | Deploy from an applied plan |
pdctl plan watch <topology-id> | Follow per-node status until settled |
pdctl plan status <topology-id> | Per-node deploy status |
pdctl plan dashboard <topology-id> | Live TUI dashboard (--tail-logs, --ai summary) |
pdctl plan show <topology-id> | Fetch + print a topology breakdown |
pdctl plan releases <topology-id> | Release history |
pdctl plan rollback <topology-id> | Restore a prior release and re-deploy |
pdctl plan fed-health <topology-id> | Probe cross-cluster ServiceExports (MCS / Submariner) |
pdctl plan tour <bundle> | Page through a publish bundle |
pdctl plan repo <git-url> | Scan a repo and suggest plans |
pdctl plan publish <file> | Bundle plan + manifest.sha256 + provenance, cosign-signed |
pdctl plan replay <bundle-dir> | Re-apply a published bundle |
pdctl plan verify <bundle-dir> | Verify bundle integrity vs manifest |
plan template
A catalog of reusable plans.
| Command | Description |
|---|---|
pdctl plan template list | List available templates |
pdctl plan template search <query> | Search the catalog |
pdctl plan template show <slug> | Show a template |
pdctl plan template install <slug> | Install a template as a new plan |
pdctl plan template create <plan-file> | Publish a plan as a template |
pdctl plan template update <slug> <plan-file> | Update a template |
pdctl plan template diff <slug-a> <slug-b> | Diff two templates |
pdctl plan template stats | Catalog usage stats |
Signing & provenance
plan publish writes manifest.sha256 + provenance.json and signs the
manifest with cosign when it is on PATH:
| Flag | Effect |
|---|---|
--keyless | Sigstore keyless mode (Fulcio + Rekor); auto-detects GitHub Actions OIDC |
--oidc-issuer <url> | Override the OIDC issuer |
--no-sign | Skip manifest.sha256, provenance and cosign signing |
plan verify checks every file against manifest.sha256 and reports drift.
server
| Command | Description |
|---|---|
pdctl server list | List servers / nodes |
pdctl server add | Provision a new server |
pdctl server adopt | Adopt an existing machine |
pdctl server destroy <id> | Destroy a server |
k8s
Full Kubernetes lifecycle.
| Command | Description |
|---|---|
pdctl k8s cluster create / destroy / list | Cluster lifecycle |
pdctl k8s nodepool add / remove | Node pools |
pdctl k8s deploy <app> | Deploy a workload |
pdctl k8s scale / logs / exec | Operate workloads |
pdctl k8s ingress / secret | Ingress and secrets |
pdctl k8s rollout-status <app> | Rollout status for an application |
pdctl k8s raw -- <kubectl args> | Passthrough to kubectl with the cluster kubeconfig |
(pdctl k8s cluster adopt adopts an existing cluster.)
topology
Templates, topology specs, and zero-downtime migrations.
| Command | Description |
|---|---|
pdctl topology init / install / list | Browse and materialise topology templates |
pdctl topology migrate <topology-id> | Kick off a zero-downtime migration |
pdctl topology migration list / show / pause / resume / rollback | Inspect and control in-flight migrations |
releases & rollback
Deploy history and rollback are top-level (and mirrored under plan).
| Command | Description |
|---|---|
pdctl releases <site> | A site’s deploy history |
pdctl rollback <site> | Roll a site back to a prior release |
provider
| Command | Description |
|---|---|
pdctl provider list | List cloud-provider credentials |
pdctl provider add <provider> | Add credentials (Hetzner / DigitalOcean / AWS / Azure / GCP / Cloudflare / Route 53) |
pdctl provider remove <id> | Remove credentials |
Project & misc
| Command | Description |
|---|---|
pdctl scan [path] | Analyse a local project and suggest a topology |
pdctl validate <setup.yml> | Validate a v1alpha manifest |
pdctl apply -f <spec.yml> | Apply a declarative spec bundle |
pdctl init | Initialise a new site |
pdctl agents list | Detect installed AI agents |
pdctl completion <shell> | Shell completion script |