Skip to main content

The bin/ticore CLI

TiCore v2 ships a first-class command-line tool for installing addons, generating application keys, scanning for committed secrets, and running addon migrations. Run any command from your project root — the CLI finds the project by walking up to TiCore/config.php.

Quick Reference

TiCore CLI command quick reference
Command What it does
ticore addon list Lists the addons installed in this project by reading each TiCore/addons/*/addon.json (slug, version, description). Prints a hint if none are installed. Must be run from inside a TiCore project — the CLI locates the project root by walking up until it finds TiCore/config.php.
ticore addon add <slug> Fetches an addon from the public repo (tuxxin/TiCore, branch HEAD) into TiCore/addons/<slug>/. Validates the slug against ^[a-z0-9][a-z0-9\-]*$, downloads its addon.json, then pulls each file listed in the manifest’s files[] from raw.githubusercontent.com. Refuses if the addon is already installed.
ticore addon remove <slug> Deletes an installed addon directory (TiCore/addons/<slug>/). Validates the slug and errors if the addon is not installed. Any database tables the addon created are left intact, so removing an addon never destroys data.
ticore key:generate Prints a fresh 32-byte, cryptographically random hex secret — bin2hex(random_bytes(32)) — suitable for use as an app key or token in .env. It only prints the value; copy it into .env yourself (so existing keys are never overwritten by accident).
ticore secrets:scan Recursively scans the project for committable secrets before you push. Detects GitHub PATs, Stripe sk_live_/whsec_ keys, AWS AKIA keys, Google AIza keys, GCP/PEM private keys, AdSense ca-pub ids, and inline credentials. Skips .git, vendor, logs, node_modules, and database dirs plus .env/.sqlite/.db/.log files (and files > 2 MB), and ignores obvious placeholders. Exits 1 on any hit, otherwise prints secrets:scan clean — pairs with the gitleaks CI workflow.
ticore migrate Runs addon migrations: globs TiCore/addons/*/migrations/*.php and lists the files to run through your DB layer. Note that self-migrating addons (for example auth) create their tables on first boot, so often there are no migration files to run at all.
ticore help Prints the CLI usage summary listing every available command. This is also the default action when no command — or an unknown command — is given.

These are the complete set of bin/ticore commands in TiCore v2. There is no scaffolding or code-generation command — the CLI focuses on addons, secrets, and migrations.

Commands in Detail

ticore addon list

Lists the addons installed in this project by reading each TiCore/addons/*/addon.json (slug, version, description). Prints a hint if none are installed. Must be run from inside a TiCore project — the CLI locates the project root by walking up until it finds TiCore/config.php.

$ run bin/ticore addon list

installed addons:
  auth           1.0.0  Full user accounts: register, login, logout, account, roles
  rest-api-kit   1.0.0  Hashed API keys + X-Api-Key auth + /api/v2 group

ticore addon add <slug>

Fetches an addon from the public repo (tuxxin/TiCore, branch HEAD) into TiCore/addons/<slug>/. Validates the slug against ^[a-z0-9][a-z0-9\-]*$, downloads its addon.json, then pulls each file listed in the manifest’s files[] from raw.githubusercontent.com. Refuses if the addon is already installed.

$ run bin/ticore addon add auth

fetching addon 'auth' from tuxxin/TiCore @ HEAD ...
  + addon.json
  + (each file listed in the manifest's files[])
addon 'auth' installed to TiCore/addons/auth

ticore addon remove <slug>

Deletes an installed addon directory (TiCore/addons/<slug>/). Validates the slug and errors if the addon is not installed. Any database tables the addon created are left intact, so removing an addon never destroys data.

$ run bin/ticore addon remove payments

removed addon 'payments' (TiCore/addons/payments)
note: any tables it created were left intact

ticore key:generate

Prints a fresh 32-byte, cryptographically random hex secret — bin2hex(random_bytes(32)) — suitable for use as an app key or token in .env. It only prints the value; copy it into .env yourself (so existing keys are never overwritten by accident).

$ run bin/ticore key:generate

9f3c2b7e1a4d8c6f0e2b5a9d7c3f1e8b6a4d2c0f9e7b5a3d1c8f6e4b2a0d9c7f

ticore secrets:scan

Recursively scans the project for committable secrets before you push. Detects GitHub PATs, Stripe sk_live_/whsec_ keys, AWS AKIA keys, Google AIza keys, GCP/PEM private keys, AdSense ca-pub ids, and inline credentials. Skips .git, vendor, logs, node_modules, and database dirs plus .env/.sqlite/.db/.log files (and files > 2 MB), and ignores obvious placeholders. Exits 1 on any hit, otherwise prints secrets:scan clean — pairs with the gitleaks CI workflow.

$ run bin/ticore secrets:scan

secrets:scan clean

ticore migrate

Runs addon migrations: globs TiCore/addons/*/migrations/*.php and lists the files to run through your DB layer. Note that self-migrating addons (for example auth) create their tables on first boot, so often there are no migration files to run at all.

$ run bin/ticore migrate

scanning TiCore/addons/*/migrations/*.php ...
no migration files found (self-migrating addons create tables on first boot)

ticore help

Prints the CLI usage summary listing every available command. This is also the default action when no command — or an unknown command — is given.

$ run bin/ticore help

usage: bin/ticore <command>
  addon list | add <slug> | remove <slug>
  key:generate
  secrets:scan
  migrate
  help

Example output is illustrative; exact text may vary by version and by which addons are installed.

A Typical End-to-End Setup Flow

From a fresh clone, generating an app key and pulling in the features you need is just a few commands. The CLI prints the key — you paste it into .env — then you add addons, run any migrations, and scan for secrets before your first push.

# 1. Clone and copy the example env into place
git clone https://github.com/tuxxin/TiCore.git myapp
cd myapp
cp TiCore/.env.example TiCore/.env

# 2. Generate a 32-byte hex app key, then paste it into TiCore/.env
bin/ticore key:generate
#   -> 9f3c2b7e1a4d8c6f0e2b5a9d7c3f1e8b6a4d2c0f9e7b5a3d1c8f6e4b2a0d9c7f
#   set e.g. ADMIN_TOKEN=... in TiCore/.env

# 3. Discover and install the addons you want
bin/ticore addon list
bin/ticore addon add auth            # user accounts (register/login/logout/account)
bin/ticore addon add rest-api-kit    # hashed API keys + /api/v2 group
#   ...then add their .env keys (e.g. STRIPE_SECRET_KEY for payments)

# 4. Run addon migrations (many addons self-migrate on first boot)
bin/ticore migrate

# 5. Before pushing, verify nothing sensitive is committed
bin/ticore secrets:scan             # exits 1 on any hit, else: secrets:scan clean

Removing a feature later is just bin/ticore addon remove <slug> — the addon directory is deleted, but any tables it created are kept so you never lose data.

Next Steps

Use addon add to install any of the available addons, then read the docs to wire up routing, middleware, and the SEO suite. See the security model for how secrets:scan fits the overall hardening, and how TiCore compares to other micro-frameworks.

Share: 𝕏 Twitter Facebook LinkedIn
Proton VPN — 10 device connections, audited no-logs
Recommended: Proton Unlimited
VPN, encrypted Drive, encrypted Mail, password manager — one bundle. See the full review →