Slash Commands¶
Merlya supports slash commands for quick actions.
General Commands¶
/help [command]¶
Show help for all commands or a specific command.
/exit¶
Exit Merlya.
/new [title]¶
Start a new conversation.
/language <en|fr>¶
Change interface language.
Host Management¶
/hosts list [--tag=<tag>]¶
List all hosts in inventory.
/hosts show <name>¶
Show details for a specific host.
/hosts add <name> [--test]¶
Add a new host to inventory (interactive prompts for hostname, port, username).
/hosts delete <name>¶
Remove a host from inventory.
/hosts tag <name> <tag>¶
Add a tag to a host.
/hosts untag <name> <tag>¶
Remove a tag from a host.
/hosts edit <name>¶
Edit a host interactively (hostname/port/user/tags).
/hosts check [<name>|--tag=<tag>|--all]¶
Check SSH connectivity to hosts (supports --parallel).
/hosts import <file>¶
Import hosts from a file.
Supported formats:
- JSON - Array of host objects
- YAML - List of hosts
- TOML - Host definitions with
[hosts.name]sections - CSV - Columns: name, hostname, port, username, elevation_method, elevation_user, tags
- SSH config -
~/.ssh/configformat - /etc/hosts -
/etc/hostsformat
/hosts import hosts.toml
/hosts import ~/.ssh/config --format=ssh
/hosts import inventory.yaml
/hosts import /etc/hosts --format=etc_hosts
TOML Example:
[hosts.internal-db]
hostname = "10.0.1.50"
user = "dbadmin"
jump_host = "bastion.example.com"
port = 22
tags = ["database", "production"]
elevation_method = "sudo_password" # sudo, sudo_password, doas, doas_password, su, none
elevation_user = "root" # Target user for elevation (default: root)
[hosts.bastion]
hostname = "bastion.example.com"
user = "admin"
elevation_method = "sudo" # NOPASSWD sudo configured
Elevation Methods:
| Method | Description |
|---|---|
none | No elevation (default) |
sudo | sudo with NOPASSWD |
sudo_password | sudo requiring password |
doas | doas with NOPASSWD (BSD) |
doas_password | doas requiring password |
su | su (requires root password) |
/hosts export <file>¶
Export hosts to a file.
Scanning¶
/scan <host> [options]¶
Scan a host for system information and security issues.
Scan Types:
/scan web01 # Full scan (default)
/scan web01 --full # Complete system + security scan
/scan web01 --quick # Fast check: CPU, memory, disk, ports
/scan web01 --security # Security checks only
/scan web01 --system # System info only
Output Options:
/scan web01 --json # Output as JSON
/scan web01 --show-all # Show all ports/users/services (no truncation)
Skip Options:
/scan web01 --no-docker # Skip Docker checks
/scan web01 --no-updates # Skip pending updates check
/scan web01 --no-network # Skip network diagnostics
/scan web01 --no-services # Skip services list
/scan web01 --no-cron # Skip cron jobs list
Multi-Host Scanning:
/scan web01 db01 --quick # Scan multiple hosts
/scan --tag=production --parallel # Scan all hosts with tag in parallel
/scan --all --quick # Scan entire inventory
System Checks: CPU, memory, disk, Docker, services, network, cron, processes, logs
Security Checks: Open ports, SSH config, users, SSH keys, sudo config, critical services, failed logins, pending updates
Variables¶
/variable list¶
List all variables.
/variable set <name> <value>¶
Set a variable.
/variable get <name>¶
Get a variable value.
/variable delete <name>¶
Delete a variable.
/variable import <file> [--merge|--replace] [--dry-run]¶
Import variables (and optionally hosts) from YAML/JSON/.env style files.
/variable export <file> [--include-secrets]¶
Export variables to a file (YAML/JSON/.env), optionally prompting for secrets.
/variable template <file>¶
Generate a template file for variable import.
Secrets¶
Secrets are stored securely in the system keyring. The agent never receives raw values — only @references that are resolved at execution time.
/secret list¶
List all secrets (names only, values never shown).
/secret set <name>¶
Store a secret (prompts for value securely).
Setting a sudo/elevation password for a host:
# Format: sudo:<hostname>:password (for sudo)
/secret set sudo:web-01:password
# Format: root:<hostname>:password (for su / root login)
/secret set root:db-prod:password
Once stored, the agent uses @sudo:web-01:password as a reference and never sees the plaintext. You only need to do this manually to pre-populate the keyring (e.g. in CI or before a session). During interactive use, the agent prompts you automatically when it needs elevation credentials.
Setting credentials for a service (e.g. database):
# Format: <service>:<host>:<field>
/secret set mysql:db-prod:password
/secret set mongo:db-prod:password
/secret delete <name>¶
Delete a secret.
/secret clear-elevation [<host>|--all]¶
Clear stored elevation (sudo/su) passwords.
/secret clear-elevation # List stored elevation passwords
/secret clear-elevation web-01 # Clear for specific host
/secret clear-elevation --all # Clear all elevation passwords
Conversations¶
Merlya stores conversation history and lets you resume or export it.
/conv list [--limit=<n>]¶
List saved conversations.
/conv show <id>¶
Show conversation details.
/conv load <id>¶
Load a previous conversation.
/conv delete <id>¶
Delete a conversation.
/conv rename <id> <title>¶
Rename a conversation.
/conv search <query>¶
Search conversations.
/conv export <id> <file>¶
Export a conversation to a file.
Model Management¶
/model or /model show¶
Show current provider and model configuration (brain/fast models).
/model provider <name>¶
Change LLM provider (prompts for API key if missing). Sets default brain/fast models for the provider.
Available providers: anthropic, openai, openrouter, mistral, groq, ollama
/model brain [name]¶
Show or set the brain model (complex reasoning, planning, analysis).
/model fast [name]¶
Show or set the fast model (routing, fingerprinting, quick decisions).
/model test¶
Test LLM connectivity with the current configuration.
MCP (Model Context Protocol)¶
Extend Merlya with external MCP servers (e.g., Context7, GitHub, Slack, custom).
/mcp list¶
List configured MCP servers.
/mcp add <name> <command> [args...] [--env=KEY=VALUE] [--cwd=/path] [--no-test]¶
Add a server and automatically test the connection.
Environment Variable Syntax: - ${secret-name} - Required variable (from env or /secret set) - ${VAR:-default} - Variable with default value
Flags: - --env=KEY=VALUE - Set environment variable (can use multiple times) - --cwd=/path - Set working directory for the server - --no-test - Skip automatic connection test
Examples:
# Context7 - Code documentation context
/secret set context7-token <your-api-key>
/mcp add context7 npx -y @upstash/context7-mcp --env=CONTEXT7_API_KEY=${context7-token}
# GitHub - Repository management
/secret set github-token ghp_xxxxx
/mcp add github npx -y @modelcontextprotocol/server-github --env=GITHUB_TOKEN=${github-token}
# Slack - Team communication
/secret set slack-bot-token xoxb-your-bot-token
/mcp add slack npx -y @modelcontextprotocol/server-slack --env=SLACK_BOT_TOKEN=${slack-bot-token}
# Filesystem - Local file access
/mcp add fs npx -y @modelcontextprotocol/server-filesystem /home/user/projects
# With optional env default
/mcp add custom python server.py --env=PORT=${MCP_PORT:-8080}
# Skip auto-test (useful for offline setup)
/mcp add slow-server npx -y @slow/mcp --no-test
Important: - After adding, Merlya automatically tests the connection - If the test fails, the config is saved but you'll see a warning - Use /mcp test <name> to retry the connection test
/mcp remove <name>¶
Remove a server from configuration.
/mcp show <name>¶
Show server configuration.
/mcp test <name>¶
Start/connect and list exposed tools.
/mcp tools [name]¶
List available MCP tools (optionally filter by server).
/mcp examples¶
Show sample configuration snippets with common MCP servers.
SSH Management¶
/ssh connect <host>¶
Test SSH connection to a host.
/ssh exec <host> <command>¶
Execute a command over SSH.
/ssh disconnect <host>¶
Disconnect from a host.
/ssh config <host>¶
Interactive SSH configuration for a host.
/ssh test <host>¶
Test SSH connectivity (diagnostics).
System¶
/metrics¶
Show in-memory metrics summary for the current session.
Displays:
- Commands: total execution count by type and status
- SSH Operations: count, average duration, maximum duration
- LLM Calls: count by provider and model
- Pipeline Executions: count by type and status
Metrics are tracked automatically as you work; they reset when the session ends.
Alias: /m
/health¶
Show system health status.
/log level <level>¶
Set log level.
/log show¶
Show recent log entries.
Audit¶
/audit recent [limit]¶
Show recent audit events.
/audit export [file] [--since <hours>] [--limit <n>]¶
Export audit logs to JSON (SIEM-compatible format).
/audit export # Export to default file
/audit export ./audit.json # Export to specific file
/audit export --since 24 # Last 24 hours only
/audit export --limit 1000 # Limit to 1000 events
/audit export audit.json --since 48 --limit 500
/audit filter <type>¶
Filter audit events by type.
/audit stats¶
Show audit statistics.
Host and Secret References¶
Host Names¶
Reference hosts from inventory by their name (without @):
Secret References¶
Reference secrets stored in keyring with @:
The @ prefix is reserved for secrets only. Secrets are resolved from the system keyring before execution and never appear in logs.
Variable Mentions¶
Variables set via /variable set are expanded automatically:
Command Aliases¶
Some commands have shorter aliases:
| Command | Alias |
|---|---|
/help | /h |
/exit | /quit, /q |
/language | /lang |
/variable | /var |
/conv | /conversation |