Skip to Content
⚠️ v0.1 — Early preview. APIs and schema may change.
CLI Reference

CLI Reference

The zil CLI provides nine commands for the agent development lifecycle.

zil init

Scaffold a new Zil agent project.

zil init <name> [options]

Arguments

ArgumentDescription
nameProject name (kebab-case, 3–64 characters)

Options

OptionValuesDefaultDescription
--llmgemini, anthropic, openai, vertexgeminiLLM provider
--frameworkadk, openhandsadkAgent framework backend
--mcpnone, filesystem, git, customnoneInclude MCP server scaffolding
--agentscomma-separated namesSub-agent names for multi-agent scaffold (e.g. vta,vtd)
--skillscomma-separated namesSkill names to scaffold in skills/ (e.g. fd-submit-changes,fd-run-tests)
--servicenone, webhooknoneService mode: webhook scaffolds FastAPI app.py + runner.py with HITL support
--no-evalsSkip eval suite scaffolding
--no-otelSkip OpenTelemetry instrumentation
--non-interactiveUse defaults for all prompts

Examples

# Interactive mode (prompts for LLM provider) zil init my-agent # Non-interactive with defaults zil init my-agent --non-interactive # Specify LLM provider directly zil init my-agent --llm vertex # Multi-agent project with webhook service zil init my-agent --agents vta,vtd --service webhook # Scaffold with skills zil init my-agent --agents vta,vtd --skills fd-explore-repo,fd-submit-changes # Include MCP server scaffolding zil init my-agent --mcp filesystem

Generated files

zil init produces a complete project with:

  • manifest.yaml — the Zil agent descriptor
  • adapters/llm.yaml — LLM provider configuration
  • adapters/embed.yaml — embedding provider configuration
  • identity/persona.md — agent persona
  • identity/instructions.md — behavior instructions
  • identity/guardrails.yaml — hard rules and constraints
  • evals/config.yaml — eval engine configuration (framework + judge LLM)
  • evals/baseline.yaml — eval suite definition
  • evals/cases/ — example eval test cases
  • observability/config.yaml — OpenTelemetry configuration
  • {module_name}/__init__.py — Python package init
  • {module_name}/agent.py — agent entry point (uses zil.create_agent())
  • {module_name}/.env.example — API key template
  • Dockerfile — multi-stage container build
  • .github/workflows/zil-pipeline.yaml — CI/CD pipeline
  • README.md, .gitignore, requirements.txt

With --agents, additionally generates:

  • agents/{name}/identity/ — per-agent identity directories (persona.md, instructions.md, guardrails.yaml)
  • spec.agents entries in manifest.yaml

With --service webhook, additionally generates:

  • {module_name}/app.py — FastAPI webhook entry point with /human/respond HITL endpoint
  • {module_name}/runner.py — execution runner for webhook-driven agents

With --skills, additionally generates:

  • skills/{name}/SKILL.md — skill stub files
  • spec.skills reference in manifest.yaml

Where {module_name} is the agent name converted to snake_case (e.g., my-agentmy_agent).

Auto-install

After scaffolding, zil init offers to create a .venv and install dependencies from requirements.txt. This includes zil-ai[adk] which pulls in the SDK and Google ADK.

In --non-interactive mode, auto-install runs automatically.


zil validate

Validate a Zil agent project against the manifest schema.

zil validate [options]

Options

OptionValuesDefaultDescription
--project-dirpath.Project directory to validate
--formattext, jsontextOutput format

Exit codes

CodeMeaning
0Valid — all checks passed
1Invalid — one or more errors
2Warnings only — valid but with recommendations

What it checks

  1. Schema validationmanifest.yaml against the Zil v1 JSON Schema
  2. Identity filespersona.md, instructions.md, guardrails.yaml exist
  3. Guardrails validationguardrails.yaml structure, enforceable rule count, regex validity, output protection warnings
  4. Adapter references — LLM and embedding adapter YAML files exist
  5. Eval suitebaseline.yaml and referenced case files exist
  6. Observability configconfig.yaml exists, checks for recommended attributes
  7. Environment variablesspec.env declarations, adapter cross-references
  8. MCP tools — source directories exist, entry_point files present, source location convention, env var references
  9. Multi-agentspec.agents identity directories, LLM model references, MCP server name references, skill references
  10. Runtime dependencies — warns on unknown dependency types, flags npm-global without apt-nodesource (Node.js)
  11. Cost config — budget consistency checks, cross-reference with resource limits

Examples

# Validate current directory zil validate # Validate a specific directory zil validate --project-dir ./my-agent # JSON output for CI/CD pipelines zil validate --format=json

JSON output

{ "valid": true, "exit_code": 0, "errors": 0, "warnings": 0, "checks": [ { "status": "pass", "message": "manifest.yaml — schema valid" }, { "status": "pass", "message": "identity/persona.md — present" } ] }

zil audit

Run an agent-native security audit. Unlike generic dependency scanners, zil audit focuses exclusively on LLM agent-specific attack surfaces.

zil audit [options]

Options

OptionValuesDefaultDescription
--project-dirpath.Project directory to audit
--formattext, jsontextOutput format
--fixShow actionable fix suggestions

Exit codes

CodeMeaning
0Pass — no critical findings or warnings
1Critical — one or more critical findings
2Warnings only — no critical findings but recommendations exist

What it checks

CheckDescription
Guardrail coverageScores coverage across 5 dimensions: injection detection, PII output, PII input, output constraints, denied topics
Injection resilienceRuns 20 adversarial prompts through the guardrail engine across 6 attack categories
Output leakageChecks if system prompt, persona, or instructions could leak through output undetected
Indirect injection surfaceAST-scans tool functions for external data ingestion (HTTP, DB, file reads) without guardrail filtering
Instruction consistencyDetects contradictions between permissive persona language and restrictive guardrails
Context window riskMeasures system prompt size as a percentage of the model’s context window
Identity hardeningChecks persona and instructions for anti-patterns (vague boundaries, missing refusals)

Examples

# Audit the current project zil audit # Audit a specific project zil audit --project-dir ./my-agent # Show fix suggestions zil audit --fix # JSON output for CI/CD zil audit --format=json

Sample output

╭─ Zil Security Audit ─────────────────────────────╮ │ Project: my-agent v1.0.0 │ ╰───────────────────────────────────────────────────╯ Guardrail Coverage ─────────────────────────────── 4/5 ✓ Prompt injection detection enabled ✓ PII output detection enabled · PII input detection disabled (optional) ✓ Output constraints: max 4000 chars ⚠ Denied topics: none configured Injection Resilience ──────────────────────────── 19/20 ✓ Ignore instructions (4/4) ✓ DAN jailbreak (3/3) ⚠ System prompt extraction (2/3) — 1 bypass ✓ Tag injection (4/4) ✓ Rule override (3/3) ✓ Instruction forget (3/3) Output Leakage ─────────────────────────────────── PASS ✓ System prompt not reproducible in output Indirect Injection Surface ─────────────────────── WARN ⚠ tool: fetch_data() — returns external data (HTTP) ✓ tool: calculate() — pure computation Instruction Consistency ────────────────────────── PASS ✓ No contradictions between persona and guardrails Context Window Risk ────────────────────────────── PASS ✓ System prompt: ~500 tokens (0.4% of 128,000 context) Identity Hardening ─────────────────────────────── PASS ✓ Refusal boundaries — present ✓ Scope definition — present ✓ Response format — present Summary: 0 critical, 2 warnings

zil pack

Build a .zil archive from a validated agent project.

zil pack [options]

Options

OptionValuesDefaultDescription
--project-dirpath.Project directory to package
--output-dirpathdist/Output directory for the archive
--skip-evalsSkip eval suite (warns loudly)
--signSign the archive with cosign after building
--keypathPath to cosign private key (default: keyless/OIDC)

What it does

  1. Validates the project (calls zil validate internally)
  2. Runs the eval suite — refuses to pack if below the pass threshold
  3. Generates an SBOM in CycloneDX 1.5 format
  4. Creates a tar.gz archive with the standard .zil layout

Archive structure

my-agent-1.0.0.zil ├── manifest.yaml ├── adapters/ ├── identity/ ├── evals/ ├── observability/ ├── {module_name}/ ├── BUILD_META.json ├── SBOM.cyclonedx.json └── EVAL_RESULTS.json (if evals ran)

Examples

# Package with all defaults zil pack # Skip evals during development zil pack --skip-evals # Custom output directory zil pack --output-dir ./artifacts # Sign with keyless (Sigstore OIDC) zil pack --sign # Sign with a private key zil pack --sign --key cosign.key

zil inspect

Inspect a .zil archive without extracting it.

zil inspect <archive> [options]

Arguments

ArgumentDescription
archivePath to the .zil file

Options

OptionValuesDefaultDescription
--showfile pathPrint a specific file from the archive
--jsonMachine-readable JSON output
--verifyVerify the cosign signature of the archive
--keypathPath to cosign public key for verification

Examples

# Summary view zil inspect dist/my-agent-1.0.0.zil # Show a specific file zil inspect dist/my-agent-1.0.0.zil --show manifest.yaml zil inspect dist/my-agent-1.0.0.zil --show identity/persona.md # JSON output for CI/CD zil inspect dist/my-agent-1.0.0.zil --json # Verify signature (keyless) zil inspect --verify dist/my-agent-1.0.0.zil # Verify with public key zil inspect --verify dist/my-agent-1.0.0.zil --key cosign.pub

Output

Zil Package: my-agent Version: 1.0.0 Description: A customer support agent. Framework: adk (python) Created: 2026-05-07T22:37:15+00:00 Size: 0.1 MB SBOM: 5 dependencies Evals: 96.0% (passed) Components ┏━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━┳━━━━━━━━┓ ┃ Component ┃ Files ┃ Size ┃ ┡━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━╇━━━━━━━━┩ │ adapters/ │ 2 │ 305 B │ │ identity/ │ 3 │ 1.4 KB │ │ manifest.yaml │ 1 │ 502 B │ │ my_agent/ │ 4 │ 1.0 KB │ │ SBOM.cyclonedx.json │ 1 │ 1.0 KB │ └─────────────────────┴───────┴────────┘

zil push

Push a .zil archive to an OCI-compatible registry.

zil push <archive> --registry <url>

Arguments

ArgumentDescription
archivePath to the .zil file

Options

OptionValuesDefaultDescription
--registryURLOCI registry URL (required)

Supported registries

  • Google Artifact Registry
  • GitHub Container Registry (GHCR)
  • Amazon ECR
  • Docker Hub
  • Any OCI-compatible registry

Authentication

Uses ambient credentials:

  • gcloud auth configure-docker for Artifact Registry
  • docker login for Docker Hub / GHCR
  • Environment variables (ORAS_*) for custom setups

Examples

# Push to Google Artifact Registry zil push dist/my-agent-1.0.0.zil \ --registry us-docker.pkg.dev/my-project/agents # Push to GHCR zil push dist/my-agent-1.0.0.zil \ --registry ghcr.io/my-org/agents

The resulting reference is <registry>/<agent-name>:<version>, e.g.: us-docker.pkg.dev/my-project/agents/my-agent:1.0.0


zil eval

Agent evaluation command group — run suites, add cases, record sessions, generate tests.

zil eval <subcommand> [options]

Subcommands

SubcommandDescription
runRun the evaluation suite against the agent
addInteractively create eval cases by chatting with the agent
recordRecord a chat session and convert turns into eval cases
generateUse the judge LLM to synthesize eval cases from agent identity

zil eval run

OptionValuesDefaultDescription
--project-dirpath.Project directory
--suitestringbaselineSuite to run
--verbose / -vShow per-case details
--json-outputOutput results as JSON (for CI)
--thresholdfloatOverride pass threshold

zil eval add

OptionValuesDefaultDescription
--project-dirpath.Project directory
--groupstringaccuracyTarget case group name
--suitestringbaselineSuite to register the group in

zil eval record

OptionValuesDefaultDescription
--project-dirpath.Project directory
--groupstringrecordedTarget case group name
--suitestringbaselineSuite to register the group in
--auto-acceptSave all turns without per-turn confirmation

zil eval generate

OptionValuesDefaultDescription
--project-dirpath.Project directory
--count / -nint10Number of cases to generate
--groupstringgeneratedTarget case group name
--suitestringbaselineSuite to register the group in
--categorystringFocus area (e.g. accuracy, guardrails, edge-cases)
--no-reviewSave all generated cases without review

Exit codes

CodeMeaning
0Suite passed (for run) / command completed
1Suite failed or error

Examples

# Run baseline eval suite zil eval run # Verbose with per-case details zil eval run --verbose # JSON output for CI zil eval run --json-output # Interactive case builder zil eval add --group edge-cases # Record a session zil eval record --auto-accept # Generate cases from identity zil eval generate --count 20 --category guardrails --no-review

JSON output (from zil eval run --json-output)

{ "suite": "baseline", "score": 0.92, "passed": true, "threshold": 0.85, "total_cases": 5, "passed_cases": 5, "failed_cases": 0, "groups": [ { "name": "accuracy", "pass_rate": 1.0, "weight": 0.5, "cases": [...] } ] }

zil serve

Start the agent as a REST/A2A server. Exposes the agent via REST endpoints with SSE streaming, manifest-declared webhooks, and optionally the A2A protocol  for agent-to-agent communication.

zil serve [options]

Options

OptionValuesDefaultDescription
--project-dirpath.Project directory
--portinteger8000Server port
--hoststring127.0.0.1Bind address
--no-a2aDisable A2A protocol endpoints
--reloadAuto-reload on code changes (dev mode)
--dockerBuild and run in a Docker container
--traceEnable OTLP trace export to the configured endpoint
--trace-consolePrint spans to stderr (no collector needed)

Endpoints

MethodPathDescription
GET/healthHealth check
POST/invokeOne-shot invoke — send a message, get a streaming SSE response
POST/sessionsCreate a new session (returns session ID)
POST/sessions/{id}/messagesSend a message within an existing session (SSE stream)
GET/sessions/{id}/streamReconnect to an active SSE stream
DELETE/sessions/{id}Close and clean up a session
GET/.well-known/agent.jsonA2A Agent Card (auto-generated from manifest)
POST/tasks/sendA2A task endpoint (synchronous)
POST/tasks/sendSubscribeA2A task endpoint (SSE streaming)

SSE event stream

Both /invoke and /sessions/{id}/messages return a Server-Sent Events stream. Each event is a JSON-encoded SessionEvent:

data: {"type": "tool_call", "tool_name": "search", "args": {"q": "zil"}} data: {"type": "tool_result", "tool_name": "search", "result": "..."} data: {"type": "text", "text": "Based on the search results..."} data: {"type": "done", "metadata": {"session_id": "abc-123"}}

Event types: text, tool_call, tool_result, error, done. See Frameworks for details.

Examples

# Start on default port zil serve # Custom port and host zil serve --port 3000 --host 0.0.0.0 # With tracing zil serve --trace # Dev mode with auto-reload zil serve --reload # Disable A2A protocol zil serve --no-a2a

Docker mode

Build and run the agent in a Docker container, replicating the production environment locally:

# Build image and run container zil serve --docker # With full observability (Grafana OTEL-LGTM stack) zil serve --docker --trace # Custom port zil serve --docker --port 3000

Dockerfile auto-regenerationzil serve --docker regenerates the Dockerfile from manifest.yaml before every docker build, ensuring that spec.runtime.dependencies and spec.tools.host_dependencies are always reflected in the container. You don’t need to manually edit the Dockerfile.

Docker runs also load both .env and .env.local files for complete environment configuration.

When --docker --trace is used, a Grafana OTEL-LGTM  container is started alongside your agent, providing:

  • Traces (Tempo) — every agent invocation, LLM call, and tool execution
  • Metrics (Mimir) — request counts, latencies, token usage
  • Logs (Loki) — structured log aggregation
ServiceURL
Agent serverhttp://localhost:8000
Grafana dashboardhttp://localhost:3000

Default Grafana login: admin / admin.

To explore traces in Grafana:

  1. Go to Explore (compass icon)
  2. Select Tempo as the data source
  3. Click SearchRun query

Both containers stop on Ctrl+C.


zil deploy

Deploy the agent to Google Cloud Run with project/region resolution, pre-deploy eval gating, and automatic project context bundling.

zil deploy [options]

Options

OptionValuesDefaultDescription
--project-dirpath.Project directory
--projectstringGCP project (or GOOGLE_CLOUD_PROJECT env var)
--regionstringGCP region (or GOOGLE_CLOUD_REGION env var)
--servicestringagent nameCloud Run service name
--traceEnable Cloud Trace telemetry
--skip-evalsSkip pre-deploy eval check
--fromrefDeploy from a .zil file or OCI registry reference
--env-filepathDotenv file with env var values (for CI/automation)
--allow-unauthenticatedAllow unauthenticated access to the Cloud Run service
--memorystring1GiCloud Run memory limit (e.g. 512Mi, 1Gi, 2Gi)
--cpustring1Cloud Run CPU allocation (e.g. 1, 2, 4)
--outputtext, jsontextOutput format — json for machine-readable deploy results

Prerequisites

  1. gcloud CLI installed and authenticated:

    gcloud auth login gcloud config set project YOUR_PROJECT_ID
  2. Required GCP APIs enabled:

    gcloud services enable \ run.googleapis.com \ artifactregistry.googleapis.com \ cloudbuild.googleapis.com
  3. Agent framework installed (e.g., zil-ai[adk]).

Walkthrough

# Deploy with explicit project and region zil deploy --project my-project --region us-central1 # Use env vars instead of flags export GOOGLE_CLOUD_PROJECT=my-project export GOOGLE_CLOUD_REGION=us-central1 zil deploy # Deploy with Cloud Trace telemetry zil deploy --project my-project --region us-central1 --trace # Skip evals for a quick re-deploy zil deploy --project my-project --region us-central1 --skip-evals # Deploy from a local .zil archive zil deploy --from dist/my-agent-1.0.0.zil \ --project my-project --region us-central1 # Deploy from an OCI registry zil deploy --from us-docker.pkg.dev/my-project/agents/my-agent:1.0.0 \ --project my-project --region us-central1

What happens during deploy

  1. Eval gate — runs the eval suite. If evals fail, deployment is blocked (exit code 1). Use --skip-evals to override.
  2. Env resolution — collects environment variables from --env-file, process env, or interactive prompts. Injects them via --set-env-vars.
  3. Dockerfile generation — if spec.tools.host_dependencies or spec.runtime.dependencies are declared, generates a custom Dockerfile with the correct RUN stanzas. See Runtime Dependencies.
  4. Cloud SQL auto-wiring — if SESSION_DB_URI contains a Cloud SQL connection string, automatically extracts the instance name and passes --add-cloudsql-instances to gcloud run deploy.
  5. gcloud run deploy --source — builds the container image via Cloud Build, deploys to Cloud Run, and routes traffic.
  6. Cleanup — removes bundled files from your local source tree.

JSON output

Use --output json for machine-readable deploy results (ideal for CI pipelines):

zil deploy --project my-project --region us-central1 --output json
{ "agent": "my-agent", "version": "1.0.0", "service": "my-agent", "project": "my-project", "region": "us-central1", "url": "https://my-agent-abc123-uc.a.run.app", "endpoints": { "adk_web": "https://my-agent-abc123-uc.a.run.app/dev-ui", "webhook": "https://my-agent-abc123-uc.a.run.app/webhook", "hitl_respond": "https://my-agent-abc123-uc.a.run.app/human/respond" }, "cloud_sql_instance": "my-project:us-central1:my-instance", "deployed_at": "2026-05-21T14:30:00Z" }

Pre-deploy eval gate

By default, zil deploy runs the eval suite before deploying. If evals fail, the deploy is blocked:

→ Running pre-deploy eval check... ✗ Eval suite failed: 72.0% (threshold: 85.0%). Deploy blocked. Use --skip-evals to override.

Use --skip-evals to bypass:

zil deploy --project my-project --region us-central1 --skip-evals

Secrets on Cloud Run

The .env file is excluded from the container for security. Set secrets via environment variables or Secret Manager:

# Environment variables gcloud run services update my-agent \ --set-env-vars="GOOGLE_API_KEY=your-key" \ --region=us-central1 # Secret Manager (recommended) echo -n "your-key" | gcloud secrets create google-api-key --data-file=- gcloud run services update my-agent \ --set-secrets="GOOGLE_API_KEY=google-api-key:latest" \ --region=us-central1

Observability on Cloud Run

With --trace, spans are exported to Google Cloud Trace. View them at:

GCP Console → Observability → Trace Explorer

Metrics and logs are automatically available in Cloud Run’s built-in Observability tab.