aios yet)aios doesn't exist on your machine). Once installed, aios --key <new-key> rotates in seconds.
Seventeen of the most common AIOS hiccups, organized by where they trip people up. Each one has a copy-paste fix. Most take under a minute.
If you've never set up a git hook before, three quick pictures, so when something breaks, you know which piece is involved.
Each commit goes through the hook, gets reviewed on our servers, comes back as PASS, WARN, or GATE. Your staged files are transmitted to our servers for critic evaluation, then immediately discarded, we store only the verdict, content hash, and findings. The content itself is never written to disk or retained.
In a single config file in your home directory. Every project's hook reads it. You only set it once.
A small script git runs before saving your change. AIOS installs one. Once installed, every commit is reviewed automatically, you don't run anything.
Every command runs from your project's root directory (the folder containing .git/). Replace sk-aios-YOUR-KEY with your real key.
aios yet)aios doesn't exist on your machine). Once installed, aios --key <new-key> rotates in seconds.
aios doctor · aios upgrade · aios verifyaios doctoraios upgradeaios verifyaios --version · aios --helpaios rewrite-configpaths[] entries so test code doesn't gate on production critics. Backs up the prior config. Use --dry-run to preview first.aios uninstall--purge-docs for full removal, or --dry-run to preview.It tells you (and us) your OS, shell, Node version, editor, whether the server's reachable, and whether governance actually works. Paste the output into a support email and we can usually solve it in one reply.
AIOS DOCTOR, diagnostic report ================================ aios CLI version : 5.2.0 OS : win32 10.0.26200 (x64) Shell / terminal : PowerShell/cmd Node version : 20.11.0 Project dir : C:\Users\you\my-project AI tool / editor : Cursor, AGENTS.md present (model-agnostic) Checks: [ OK ] Node >= 18. OK (20.11.0) [ OK ] git installed. OK (git version 2.43.0) [ OK ] inside a git repository. OK [ OK ] AIOS pre-commit hook installed. OK [ OK ] API key configured. OK (sk-aios-a1b2…) [ OK ] server reachable. OK (server v5.2.0) [ OK ] governance call works. OK, server ran 18 rule domain(s) All checks passed. Your next `git commit` will be governed.
AIOS installs once via a single command in a terminal, then governs every commit automatically. If you only use Claude Desktop, Codex Desktop, or a no-terminal IDE, here's how to find one.
Win+X on your keyboard.Win+R, type powershell, press Enter.cd into your project folder before running aios --key sk-aios-….Cmd+Space to open Spotlight.cd into your project folder, then run the install command.Two options:
git commit after that, you never need the terminal again.Run this for me: irm https://aios.visnryentertainment.com/install.ps1 | iex (Windows) or Run this for me: curl -fsSL https://aios.visnryentertainment.com/install.sh | sh (macOS). The agent will execute it via its shell tool.PowerShell quirks and the most common Windows-only friction. Most are one-command fixes.
Y and press Enter. The installer proceeds normally. You can do this safely once, we don't auto-update anything afterwards.curl -fsSL command into PowerShell errors out about the -fsSL flag.curl to its own Invoke-WebRequest, which has different flags./install.ps1.
CONIN$ENOENT: no such file or directory, open 'CONIN$'.iex (iwr …)). Node can't open the console for the interactive Full/Minimal prompt.Path and permission things, mostly. Fewer Windows-style surprises here.
aios --key … errors with node not found or similar.aios --key … tells you it can't find a git repo.You got the verification email, copied the key, ran the command, and something blew up.
aios doctor shows governance call works. FAIL. HTTP 401, and every git commit is rejected as unauthorized.aios key sk-aios-…, missing the double dash. The word "key" got saved as your key.aios upgrade on an older version, saved the word "upgrade" as your key.aios doctor, the governance check should pass. Want to be sure your CLI has the latest safeguards? Run the direct reinstall first: npm install -g https://aios-governance-production.up.railway.app/package.tgzaios --key sk-aios-NEW-KEY.npm install stalls forever or errors with UNABLE_TO_VERIFY_LEAF_SIGNATURE, ETIMEDOUT, or proxy-related messages.railway.app."status":"ok", the issue is your network. If not, check status.railway.app, we'll be back soon.10.x.x.x rather than aios-governance-production.up.railway.app.No verdict, no errors, no output. The hook isn't firing.
git commit succeeds normally. No PASS/WARN/GATE. No "running governance…" line..git/hooks/:
aios doctor, if "server reachable" fails, see I-02.node_modules or other huge foldersnode_modules/, dist/, .next/, etc.git status, or AIOS can't review files inside it..git/ folder inside one of your subfolders (usually from cloning a starter into a place that already has git)..git:
A GATE verdict stopped the commit. Here's how to read it and move forward.
git add them, and re-commit. If you're sure it's a false positive, see G-1a (Wrong file type) below, or G-02 (Bypass).eval check fires on a comment that just mentions eval. A rule meant for production web code blocks a file that isn't production web code.aios.config.json lets you tell AIOS what kind of file each folder contains (tests / CLI / data / docs / etc.) so only the right rules run against each.tests/, scripts/proofs/, tools/, docs/, seed_data/, and adds a paths[] entry for each. Backs up the prior config to aios.config.json.pre-v5.3.bak. Preserves your custom keys.
aios.config.json, recommit.aios.config.json:
production (strictest), library, local_tooling, test_harness, data_extraction, knowledge_base, mixed.
secrets, owasp, crypto, auth, compliance) stay gating in every profile. You can't accidentally silence security with a config edit. AIOS rejects profiles that try. Profiles only relax style / structure critics where they don't apply.AIOS_INTENT.md), the AIOS_PREFLIGHT_BYPASS=1 env var now also requires AIOS_PREFLIGHT_REASON, a free-text explanation of why you're bypassing:
ok, test, fix, wip, bypass, the env-var name itself). Reason is written into your audit ledger so every bypass has a recorded rationale. This applies to the AIOS preflight script only, the git commit --no-verify form above is covered by the next entry (v5.3.55+).
--no-verify, or commits made before AIOS was installed), AIOS now asks for a reason at push time, same shape as the preflight bypass above:
fix, test, asdf, etc.), not the env-var name pasted back. The reason lands in your audit log with kind: "push_bypass" alongside the commit SHAs that skipped review. Whoever runs the push provides the reason, you, your CI, or your AI agent. Closes the silent --no-verify loophole that used to let things slip through without a written record of why.
git commit for the first time in a freshly-installed AIOS repo, your terminal prints a long banner labeled "AIOS GOVERNANCE. FIRST COMMIT WELCOME" followed by the contents of AIOS_AGENTS.md. Subsequent commits don't show it.CLAUDE.md or other vendor files. The banner is the AI's training-wheels moment, it loads the rules into context. After first commit, AIOS drops a .aios/welcomed marker and the banner never repeats..aios/welcomed and it will re-fire on the next commit.AIOS_AGENTS.md (the governance rules), aios.config.json (your settings for what kind of file gets which rules), and .git/hooks/pre-commit (chained, your existing hooks are preserved). AIOS never writes to CLAUDE.md, AGENTS.md, .cursor/rules/, .github/copilot-instructions.md, or .windsurfrules. Those belong to you. AIOS never commits, never pushes, never modifies your source code.aios rewrite-config says "detector module not found"aios rewrite-config errors out with Cannot find module ... v53ConfigDetector or similar. Was working previously, or never worked on a fresh install.aios rewrite-config. If aios upgrade reports "already up to date" but the error persists, you may have a stale install, reinstall with aios --key <your-key>.
crypto.constantTime fires unexpectedly on code with no secretsdocs[keys[0]] or if (config.row_key) trips crypto.constantTime. "secret-dependent branch detected" or "secret-dependent memory access detected", even though the identifier is not a secret.key as a substring, so things like keys, row_key, even monkey tripped it. We've since tightened the rule so only the standalone word fires.key), open a feedback ticket from the dashboard, that's a separate issue.
The link should arrive within seconds. When it doesn't, here's the playbook.
/signup, the page says "check your email", but nothing arrived.noreply@aios.visnryentertainment.com.aios.visnryentertainment.com to your safe senders.401 Unauthorized; or you never copied it from the verification page.aios --key sk-aios-NEW-KEY in your project after.name@gmail.com?"gmial.com, gmaill.com, gmail.cm.@ (in the username part). AIOS can detect typo'd domains but can't tell whether the username part exists at a real domain like gmail.com, it's a real address from our perspective, the bounce happens at delivery.@. Compare letter-by-letter against another place your email appears (an existing email client, login screen, etc.).If the same address fails twice and you've confirmed the spelling, contact support@visnryentertainment.com, could be a corporate spam filter blocking us at the gateway.
You signed up with a new email, but the dashboard shows verdicts from a different account.
Alternative: re-click the original verification link from your inbox, that automatically refreshes your browser session to the new account.
One install, many projects. Here's how it works.
npm install is once per machine. The aios --key command is once per project (it installs the hook). For a new repo:
One command. By default it keeps your audit-record markdowns (your governance evidence) and only removes the hooks + config.
What's preserved by default: AIOS_MEMORY.md, AIOS_VERDICTS.md, AIOS_CODEBASE.md, AIOS_INTENT.md, AIOS_DECISION_LOG.md, AIOS_TECHNICAL_DEBT.md, AIOS_RELATIONSHIP.md, AIOS_CODEBASE_MAP.md, AIOS_TESTS.md, AIOS_COMPLIANCE.md, AIOS_SUPPLY_CHAIN.md, plus the .aios/ ledger directory. These are your governance evidence, the cryptographic record of what AIOS reviewed and when. We don't delete them automatically.
What's removed: the git pre-commit / post-commit / pre-push hooks (your originals are restored from .pre-aios backups if present), aios_user_config.json, aios.config.json, AIOS-only entries from .mcp.json (other entries preserved), the AIOS-START..AIOS-END blocks in AGENTS.md / CLAUDE.md, AIOS_AGENTS.md (if AIOS-managed), and the # AIOS section of .gitignore.
To also uninstall the global CLI: npm uninstall -g aios-governance. That removes the aios binary from your PATH.
/dashboard, click Sign in, and the button spins forever, or nothing happens at all.AIOS_SERVER set in your shell profile (especially via OneDrive-synced PowerShell), your dashboard tab may be pointed at a server that's no longer running. Check with echo $env:AIOS_SERVER (PowerShell) or echo $AIOS_SERVER (bash).aios doctor from any AIOS-installed project to confirm the server is up.aios doctor to confirm reachability.The AIOS check run is powered by Approach B — the runner is downloaded from your AIOS server at CI time, so there is no public GitHub repo dependency. Common failures below.
401 or "Unauthorized" in the run output.AIOS_API_KEY secret in your GitHub repo is missing, wrong, or revoked.AIOS_API_KEY exists (no typos, no extra spaces)..js, .ts, .py, .go — not .png, .pdf, .woff).curl -fsSL .../ci-runner -o aios-runner.js with a network error or 404.https://aios-governance-production.up.railway.app/health in a browser. It should return {"status":"ok"}..github/workflows/aios.yml and confirm the server URL matches your account's server.aios.yml from the dashboard GitHub Actions page and recommit..github/workflows/aios.yml (not .github/aios.yml, not .github/workflow/).If none of the above fixes work, run aios doctor in your project and paste the output into an email. We usually solve it in one reply.