Back to Cova

Cova CLI

Monitor your monitoring from the terminal. Scan repos, connect tools, run analyses, and check PRs for monitoring gaps - all from the command line or CI/CD pipelines.

Contents

Installation Authentication Commands Global Options CI/CD Integration CLI vs Web App Configuration Troubleshooting

Installation

pip install cova-cli

Requires Python 3.9+. Works on macOS, Linux, and Windows.

Verify the installation:

cova --version
# cova-cli 0.1.0

Authentication

1. Generate a token

Go to Settings > General > CLI & API Access in the Cova web app and click Generate Token. Copy the token - it's only shown once.

2. Log in

cova login
# Enter your API token: ****
# Logged in as you@email.com (pro)

Or pass the token directly (useful for scripts):

cova login --token cova_your_token_here

CI/CD: Set the COVA_TOKEN environment variable instead of running cova login. All commands will use it automatically.

3. Log out

cova logout

Removes the saved token from ~/.cova/config.

Commands

cova status

Show your account info, plan, and connected tools.

cova status

  Account:  you@email.com
  Plan:     pro
  Tools:    Datadog, PagerDuty, Sentry

cova scan

Scan a local repository for monitoring recommendations. Analyzes your source code to identify endpoints, databases, services, and suggests what to monitor.

# Scan current directory
cova scan .

# Scan a specific repo
cova scan ~/projects/my-api

# JSON output for scripting
cova scan . --json

The scan archives your source files (skipping node_modules, .git, venv, binaries, etc.) and uploads them for AI-powered analysis.

cova connect

Connect a monitoring tool. Prompts for the required credentials interactively.

cova connect datadog
#   API Key: ****
#   Application Key: ****
#   Datadog Site [datadoghq.com]: us5.datadoghq.com
# Connected to Datadog. 47 monitors found.

Supported tools:

Tool	Command	Required Credentials
PagerDuty	`cova connect pagerduty`	API Key
Datadog	`cova connect datadog`	API Key, App Key, Site
Grafana	`cova connect grafana`	URL, Service Account Token
Sentry	`cova connect sentry`	Auth Token, Organization Slug
New Relic	`cova connect newrelic`	User API Key, Account ID
Sumo Logic	`cova connect sumologic`	Access ID, Access Key
Splunk	`cova connect splunk`	URL, Auth Token

cova analyze

Run a monitor analysis across all connected tools. Returns a health score, coverage breakdown, and findings.

cova analyze

# ╭──────── Health Score ────────╮
# │     72/100  Needs Work       │
# ╰──────────────────────────────╯
# 
# Coverage
#   Uptime                ████████████████░░░░ 78%
#   Error Tracking        ██████████░░░░░░░░░░ 50%
#   Alerting              ████████████████████ 100%

Prerequisite: At least one tool must be connected via cova connect or the web UI before running an analysis.

cova pr-check CI/CD

Check a git diff for monitoring gaps. Runs locally using git diff - no GitHub or GitLab connection required. Returns exit code 0 if clean, 1 if gaps are found - perfect for CI gates.

Note: This command analyzes your local git diff. It does not require GitHub or GitLab to be connected. See CLI vs Web App for how this compares to the web-based PR Guard feature.

# Check latest commit
cova pr-check

# Check against main branch
cova pr-check --diff main..HEAD

# Check specific range
cova pr-check --diff HEAD~3

# Pipe a diff from stdin
git diff main | cova pr-check --from-stdin

Exit codes:

Code	Meaning
`0`	No monitoring gaps found
`1`	Monitoring gaps detected (new endpoints, databases, or services without coverage)
`2`	Error (auth failure, network issue, etc.)

Global Options

These flags work with every command:

Flag	Description
`--json`	Output as machine-readable JSON (stdout). Errors still go to stderr.
`-q` / `--quiet`	Suppress all output except errors. Useful for CI scripts that only care about exit codes.
`--version`	Print version and exit.
`--help`	Show help for any command.

Examples:

# JSON output, pipe to jq
cova analyze --json | jq '.health_score'

# Quiet mode - only exit code matters
cova pr-check -q && echo "Clean" || echo "Gaps found"

# Per-command help
cova scan --help

CI/CD Integration

GitHub Actions

# .github/workflows/cova.yml
name: Monitoring Check
on: [pull_request]

jobs:
  cova:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Install Cova CLI
        run: pip install cova-cli

      - name: Check for monitoring gaps
        run: cova pr-check --diff origin/main..HEAD --json
        env:
          COVA_TOKEN: ${{ secrets.COVA_TOKEN }}

GitLab CI

# .gitlab-ci.yml
cova-check:
  image: python:3.11-slim
  script:
    - pip install cova-cli
    - cova pr-check --diff origin/main..HEAD --json
  variables:
    COVA_TOKEN: $COVA_TOKEN

Pre-commit Hook

# Run before every push
echo 'cova pr-check -q || echo "Warning: monitoring gaps detected"' >> .git/hooks/pre-push
chmod +x .git/hooks/pre-push

Tip: Add COVA_TOKEN as a repository secret in your CI platform. The CLI picks it up automatically - no cova login needed.

CLI vs Web App

The CLI gives you access to the same core Cova features as the web app - same backend, same analysis engine. The main differences are in how you interact with the results.

Feature	Web App	CLI
Connect tools	Visual modal with connection status, test button, restore on refresh	`cova connect <tool>` - same interactive prompts, credentials stored server-side. Connects the same tools to the same account.
Monitor Scan	Dashboard with health score, interactive coverage cards, findings with severity filters, Generate Fix button, Deploy to Datadog	`cova analyze` - health score, coverage bars, findings table in terminal. No config generation or deploy - use the web app for those.
Repo Scan	Upload via drag-and-drop or GitHub/GitLab import. Visual results with tech stack, endpoints, recommendations.	`cova scan <path>` - archives and uploads a local directory. Same AI analysis, results printed to terminal.
PR Guard	Automatic via GitHub/GitLab webhooks. Runs silently on every PR/MR and posts inline comments with detailed recommendations and fix suggestions.	`cova pr-check` - runs against local `git diff`, no GitHub/GitLab connection needed. Output goes to terminal only - no PR comments. Returns exit code for CI gates.
Ask Cova (Chat)	Architecture-aware AI chat with context from your scans and tools	Not available in CLI. Use the web app.
Incident Autopilot	AI-powered incident investigation from connected tool data	Not available in CLI. Use the web app.
Generate Fix / Deploy	AI generates monitor configs, deploy directly to Datadog	Not available in CLI. Use the web app.
Alert Noise Analysis	PagerDuty and Datadog alert noise breakdown with AI recommendations	Not available in CLI. Use the web app.
Reports	PDF/HTML report export	Not available in CLI. Use the web app.
Scheduled Scans	Recurring monitor scans on a schedule	Not available in CLI. Use cron + `cova analyze --json` for a similar workflow.

What works the same

Tool connections are shared. Connect Datadog via CLI and it shows up in the web app (and vice versa). Same account, same credentials.
Scan results are shared. Run cova analyze from the CLI and the results appear in the web dashboard too.
Same analysis engine. CLI and web use the exact same backend API and AI models. No difference in accuracy or coverage.

What's different

PR Guard comments. The web-based PR Guard posts detailed fix recommendations directly on your PRs as comments. The CLI pr-check only outputs to your terminal/CI logs and returns an exit code. For inline PR feedback, use the web PR Guard with GitHub or GitLab connected.
Interactive features. Config generation, deploy-to-tool, incident investigation, and chat require the web UI. The CLI is optimized for scanning, checking, and CI/CD automation.
No GitHub/GitLab required. The CLI works with local git repos directly. You don't need to connect a SCM provider to use cova scan or cova pr-check.

Best practice: Use the CLI for CI/CD gates and quick terminal checks. Use the web app for investigation, config generation, and deploying fixes. They complement each other - same account, same data.

Configuration

The CLI stores its config at ~/.cova/config (permissions 600):

{
  "token": "cova_...",
  "api_url": "https://nocta-backend.onrender.com"
}

Environment Variables

Variable	Description
`COVA_TOKEN`	API token. Overrides config file. Use this in CI/CD.
`COVA_API_URL`	Custom API URL. For self-hosted or local development.

Environment variables always take priority over the config file.

Quick Reference

# Setup
pip install cova-cli           # install
cova login                     # authenticate (interactive)
cova status                    # check account + tools

# Connect tools
cova connect datadog           # connect Datadog
cova connect pagerduty         # connect PagerDuty
cova connect sentry            # connect Sentry
cova connect grafana           # connect Grafana
cova connect newrelic          # connect New Relic
cova connect sumologic         # connect Sumo Logic
cova connect splunk            # connect Splunk

# Scan + Analyze
cova scan .                    # scan repo for monitoring recs
cova scan ~/my-api             # scan a specific path
cova analyze                   # run monitor analysis
cova pr-check                  # check latest commit for gaps
cova pr-check --diff main..HEAD  # check branch diff

# Output modes
cova analyze --json            # machine-readable JSON
cova pr-check -q               # quiet (exit code only)
cova scan . --json | jq        # pipe to jq

# CI/CD (no login needed)
COVA_TOKEN=xxx cova pr-check --json  # env var auth
cova logout                    # clear saved token

Troubleshooting

Error	Cause	Fix
`Not logged in`	No token configured	Run `cova login` or set `COVA_TOKEN`
`Authentication failed`	Token is invalid or revoked	Generate a new token in Settings and run `cova login`
`Rate limit exceeded`	Too many requests	Wait a minute and retry
`Cannot connect to Cova API`	Network issue or server starting up	Check internet connection. If using Render free tier, wait 30 seconds and retry.
`Token limit reached`	Max 5 tokens per account	Revoke an old token in Settings before generating a new one

Cova - Monitor your monitoring