Authentication

mycli uses email-based magic links for authentication. No passwords needed.

Login flow

my cli login

1. The CLI prompts for your email address
2. A magic link is sent to your inbox via the device auth flow
3. Click the link to verify your email
4. The CLI receives a JWT token and stores it securely

Token storage

Auth tokens are stored in your operating system’s keyring (macOS Keychain, Linux Secret Service, Windows Credential Manager). If the keyring is unavailable, tokens fall back to ~/.my/credentials.json.

Check login status

my cli whoami

Shows your user ID and email if logged in.

Check overall status

my cli status

Shows the API URL, login state, last sync time, and cached command count.

Logout

my cli logout

Clears stored credentials from the keyring and local file.

Token refresh

Access tokens are short-lived JWTs. The CLI automatically refreshes tokens using a refresh token when needed. You should rarely need to log in again.

Working without an account

Tip

Many mycli features work without authentication:

• Libraries — my library add/remove/list/update all work offline
• Run from file — my cli run -f command.yaml works locally without any network access

Only publishing commands to the registry requires authentication.

Next steps

CLI Reference: login Login command details.

Environment Variables API configuration.