TopGun/ Help Center/ Command Reference

Command Reference

All /topgun flags, output files, auth token configuration, and topgun-tools commands.

/topgun Flags

All flags are optional. TopGun works with zero flags for most use cases.

Usage
/topgun <task description> [flags]
--registries
--registries <registry1,registry2,…>

Restrict the FindSkills search to a comma-separated list of registry names. By default, all enabled adapters run. Use this to target specific sources or speed up searches when you know where the skill lives.

/topgun web scraping skill --registries skills.sh,npm /topgun git automation --registries github,smithery
--offline
--offline

Skip all live registry queries. TopGun uses only previously cached results from ~/.topgun/cache/. Useful when working without internet access or when you want to re-run a pipeline on already-fetched candidates without hitting rate limits.

/topgun deployment skill --offline
--reset
--reset

Discard any saved pipeline state (~/.topgun/state.json) and start the pipeline from scratch. Without this flag, an interrupted pipeline will resume from its last completed stage.

/topgun code review skill --reset
--force-audit
--force-audit

Bypass the audit cache and always run fresh SENTINEL passes, even if a clean result for this contentSha was cached within the last 24 hours. Use this when you want to re-audit a skill after the SENTINEL ruleset has been updated.

/topgun test runner skill --force-audit
--auto-approve
--auto-approve

Skip the manual approval gate and automatically install the winning skill after a successful 2-pass SENTINEL audit. The full audit manifest is still written to ~/.topgun/audit-manifest.json for review after the fact. Use with care in automated workflows.

/topgun linting skill --auto-approve
--auto-approve does not bypass the SENTINEL audit — it only skips the interactive approval prompt. The 2-pass requirement is always enforced.

Output Files

TopGun writes all pipeline artifacts to ~/.topgun/. These files are useful for debugging, audit trails, and pipeline resume.

state.json
Current pipeline state. Written after each stage completes. Used by resume logic to skip already-completed stages. Deleted on successful install or when --reset is passed.
candidates.json
Full list of candidates returned by FindSkills, after deduplication. Includes each candidate's registry source, contentSha, raw metadata, and all four scoring dimensions. Written after CompareSkills completes.
audit-manifest.json
The complete audit record for the selected skill: composite score, sub-scores, SENTINEL pass history, findings per pass, SHA-256 values, and the final clean status. This is the document shown at the approval gate.
install-log.json
Record of the installation: timestamp, skill name, version, source registry, install method (plugin system or local-copy fallback), and whether it succeeded. Appended to — not overwritten — on each successful install.
cache/
Directory of cached registry responses and audit results, keyed by contentSha. Files older than 24 hours are ignored. Can be cleared manually or by running topgun-tools clear-cache.

Auth Token Storage

TopGun stores registry auth tokens in the macOS Keychain (or the OS credential store on Linux/Windows). Tokens are never written to disk in plaintext.

Configuring tokens

Use the topgun-tools set-token command to store a token:

topgun-tools
# GitHub personal access token (read:public_repo scope) node topgun-tools.cjs set-token github <your-token> # Smithery API token node topgun-tools.cjs set-token smithery <your-token> # GitLab personal access token (read_api scope) node topgun-tools.cjs set-token gitlab <your-token>

Token usage by registry

  • GitHub — increases rate limit from 60 to 5,000 requests/hour. Required if you search GitHub topics frequently.
  • Smithery — unlocks private skill listings. Not required for public skills.
  • GitLab — required only for private group or project repositories. Public GitLab repos work without a token.
If no GitHub token is configured and you hit the rate limit, TopGun will log a warning and return whatever GitHub results were fetched before the limit was reached. It will not fail the pipeline.

topgun-tools.cjs

topgun-tools.cjs is a CLI utility bundled with TopGun for managing tokens, cache, and pipeline state outside of Claude Code.

CommandDescription
set-token <registry> <token> Store a registry auth token in the OS credential store
get-token <registry> Retrieve and print a stored token (masked except last 4 chars)
delete-token <registry> Remove a stored token from the credential store
clear-cache Delete all files in ~/.topgun/cache/
clear-cache --older-than <hours> Delete cache files older than the specified number of hours
reset-state Delete ~/.topgun/state.json — equivalent to --reset flag
show-manifest Pretty-print the most recent audit-manifest.json
show-install-log Print all entries from install-log.json in a readable table
list-registries Print all configured registry adapters and their current status (enabled/disabled, auth present)
Example usage
# From the TopGun plugin directory node ~/.claude/plugins/topgun/topgun-tools.cjs show-manifest node ~/.claude/plugins/topgun/topgun-tools.cjs list-registries node ~/.claude/plugins/topgun/topgun-tools.cjs clear-cache --older-than 48
← Previous Core Concepts Next → Troubleshooting