Authentication
LoopCLI uses the same authentication layer as the dashboard. Tokens are scoped to your workspace and issued through the secure device-login flow.
Browser-assisted CLI login
loopcli auth login
- The CLI prints a short approval code and attempts to open https://app.loopcli.com/auth/device.
- Approve the request in your browser (you must be signed in to the dashboard).
- Once approved, the CLI stores the issued token in
~/.loopcli/config.json.
Tips:
- Use
loopcli auth login --no-browserif you prefer to copy/paste the link manually. - Pass
--device-name "My MacBook"to control how the API key is labelled in the dashboard. - Legacy email/password login still works (
loopcli auth login --email you@example.com --password *****), but the browser flow is recommended.
Status checks
loopcli status– shows auth state, current project, and API endpoint.loopcli auth whoami– prints the current user profile and role.loopcli auth logout– revokes the token and clears local config.
Environment overrides
Point the CLI at staging or self-hosted environments:
export LOOPCLI_API_URL=https://staging.loopcli.com/api
Secrets management
The vault is live—use the dedicated commands instead of local env files:
loopcli secret add <name>– create a new secret (reads from--valueor STDIN).loopcli secret list– inspect stored secrets, rotation counts, and key versions.loopcli secret reveal <name>– decrypt once for debugging.loopcli secret import/export– move secrets between projects or keep a secure backup when rotating keys.loopcli secret rekey(admin) – migrate vault entries to the latest encryption key after updatingVAULT_KEYSET.
Troubleshooting
- Pending approval: refresh the browser tab or start over with
loopcli auth login. Each device request expires after 10 minutes. - Request denied or expired: rerun the login command to generate a fresh link.
- Wrong workspace: check the
endpointfield in~/.loopcli/config.json, or runloopcli status. - Token revoked: the CLI prompts you to sign in again the next time you call an authenticated command.