φ phi
// install-time verification · v0.6.4
§ 01 Install ~30s, single binary

One binary. Six platforms. Zero registry account.

phi ships as a single static Go binary. Pick the install method for your platform — they all produce the same phi executable.

Linux

One-liner — detects architecture (amd64 / arm64), downloads the right archive, verifies its sha256, and installs to /usr/local/bin: 

curl -sSL https://phi.philtechs.org/install.sh | sh

If you don't have write access to /usr/local/bin, the script sudos. To install elsewhere: 

curl -sSL .../install.sh | sh -s -- --dir ~/.local/bin

To pin a specific version:

curl -sSL .../install.sh | sh -s -- --version v0.6.4

macOS

Same script — supports both Intel (x86_64) and Apple Silicon (arm64) Macs: 

curl -sSL https://phi.philtechs.org/install.sh | sh

Windows

From PowerShell:

iwr -useb https://phi.philtechs.org/install.ps1 | iex

Installs to %LOCALAPPDATA%\phi\phi.exe. The script tells you whether the install dir is on PATH and prints the setx command to add it if not.

Windows Defender flagged phi? Common false positive on unsigned Go binaries — the install script verifies sha256 against checksums.txt before running it, so if you got that far the bytes are the real release. Unblock with Add-MpPreference -ExclusionPath "$env:LOCALAPPDATA\phi", or see the FAQ entry for context and reporting status.

Direct download

Grab the right archive from GitHub Releases and extract it:

Platform Archive
Linux x86_64 phi_X.Y.Z_Linux_x86_64.tar.gz
Linux arm64 phi_X.Y.Z_Linux_arm64.tar.gz
macOS Intel phi_X.Y.Z_Darwin_x86_64.tar.gz
macOS Apple Silicon phi_X.Y.Z_Darwin_arm64.tar.gz
Windows x86_64 phi_X.Y.Z_Windows_x86_64.zip

Each release also publishes checksums.txt with sha256 hashes — verify before installing.

Verify

phi version

Should print phi 0.6.4.

Use phi in Docker

Phi is a single static binary with no runtime dependencies, so getting it into a Docker image is just one extra RUN line. There's no Docker-specific plugin or buildpack — same install script as your dev machine, run during the build. Three patterns, pick whichever fits your base image.

Pattern A — install in the build stage (simplest)

Works directly on Debian/Ubuntu-derived bases (curl, tar, sha256sum all preinstalled): 

FROM node:20-bookworm

# Install phi (~5s; cached unless install.sh changes)
RUN curl -sSL https://phi.philtechs.org/install.sh | sh

WORKDIR /app
COPY package.json phi.lock ./
RUN phi ci --omit=dev

COPY . .
CMD ["node", "server.js"]

For Alpine, add the prerequisites first:

FROM node:20-alpine
RUN apk add --no-cache curl tar coreutils ca-certificates
RUN curl -sSL https://phi.philtechs.org/install.sh | sh
# ... rest same

Pattern B — multi-stage (recommended)

Install phi in a tiny builder, copy only the binary into the runtime image. No curl/tar bloat in production; the phi layer caches well (invalidates only when install.sh changes): 

# ---- phi installer stage ----
FROM debian:bookworm-slim AS phi
RUN apt-get update \
 && apt-get install -y --no-install-recommends curl ca-certificates \
 && curl -sSL https://phi.philtechs.org/install.sh | sh

# ---- app stage ----
FROM node:20-alpine
COPY --from=phi /usr/local/bin/phi /usr/local/bin/phi

WORKDIR /app
COPY package.json phi.lock ./
RUN phi ci --omit=dev

COPY . .
CMD ["node", "server.js"]

Pattern C — direct binary fetch (air-gapped / pinned)

For builds that can't reach phi.philtechs.org, or when you want a pinned, byte-reproducible install with no script execution: 

FROM node:20-alpine AS phi
ARG PHI_VERSION=v0.6.4
RUN wget -O /tmp/phi.tar.gz \
      https://github.com/philtechs-org/phi-releases/releases/download/${PHI_VERSION}/phi_${PHI_VERSION#v}_Linux_x86_64.tar.gz \
 && tar -xzf /tmp/phi.tar.gz -C /usr/local/bin phi

FROM node:20-alpine
COPY --from=phi /usr/local/bin/phi /usr/local/bin/phi
# ... rest same

Pin PHI_VERSION and the build becomes byte-reproducible — the release asset is sha256-stable.

Scaffold a project

Once phi is on PATH, bootstrap a new project end-to-end: 

phi create react   my-app          # Vite + React + TypeScript
phi create next    my-site         # Next.js (App Router)
phi create express my-server       # built-in template
phi create fastify my-api          # fastify-cli generate
phi create nest    my-service      # @nestjs/cli new

The scaffolder package is fetched and audited through phi's safe pipeline before its binary runs in your current directory. Then: 

cd my-app
phi install

Keeping phi up to date

The fastest way — one command, all platforms:

phi self-update

Downloads the latest GitHub release archive for your platform, verifies its sha256 against the release's checksums.txt, and replaces the running phi binary in place. On Windows the running .exe is renamed to .old first (Windows can't overwrite a running executable); the leftover gets cleaned up on next phi run. 

phi self-update --check               # is there a new version?
phi self-update --version v0.6.4      # pin to a specific tag
phi self-update --yes                 # skip the prompt (CI / scripts)
Note: phi self-update updates phi itself. phi update re-resolves your project's dependencies. They share the verb "update" with different scope on purpose — phi follows npm conventions where it can.

Manual fallback (no command, no installed phi needed): just re-run the install one-liner. The script always grabs the newest release. 

# Linux / macOS
curl -sSL https://phi.philtechs.org/install.sh | sh

# Windows (PowerShell)
iwr -useb https://phi.philtechs.org/install.ps1 | iex

Uninstall

phi is a single binary — delete it and remove its cache:

# Linux / macOS
sudo rm /usr/local/bin/phi
rm -rf ~/.cache/phi

# Windows
Remove-Item "$env:LOCALAPPDATA\phi" -Recurse -Force