Log in

Sign in to the CLI with GitHub or Google, or use an API key for headless hosts.

artifacts login

The CLI opens your default browser at https://user.tonbo.dev/login, you sign in, and the browser hands a short-lived authorization back to the CLI on a local callback. Subsequent commands read the saved credentials at ~/.config/tonbo/artifacts/credentials.json (mode 0600); you don't need to re-authenticate per shell.

Verify

artifacts workspace list
# {"workspaces":[]} on a fresh login

Headless hosts (no browser)

Some environments can't receive a loopback browser callback, a Fly machine shell, a CI runner, a container with no display. Two options:

  1. Use manual-code login for an interactive remote shell

    Manual-code mode still uses the normal OAuth flow, but the browser shows a short one-time code that you paste back into the terminal.

    artifacts login --manual-code
  2. Use an API key for fully non-interactive hosts

    API keys come from your User Center account, not the CLI. Mint a tbo_* key in the dashboard, then export it on the headless host. Both the CLI and the SDK auto-detect it, so no artifacts login step is needed:

    export TONBO_API_KEY=tbo_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    
    artifacts mount my-workspace /mnt/work

    See API keys for the full pattern.

Logout

artifacts logout

Removes ~/.config/tonbo/artifacts/credentials.json. Doesn't touch the BYO credentials cache (separate file at ~/.config/tonbo/artifacts/byo-credentials); use artifacts storage clear for that.