CLI Getting Started
The Temps CLI (@temps-sdk/cli) lets you manage projects, deployments, environments, and more directly from your terminal.
Installation
You can run the CLI directly using bunx or npx without installing it globally, or install it as a global package.
Run Without Installing
Run CLI commands
bunx @temps-sdk/cli --version
Global Installation
Install globally
bun add -g @temps-sdk/cli
After global installation, the temps command is available directly. To run without installing, use bunx @temps-sdk/cli (or npx @temps-sdk/cli):
bunx @temps-sdk/cli --version
Configuration
Before using the CLI, you need to configure it to connect to your Temps instance.
Login (Browser Device Flow)
Running login with no --api-key starts the interactive, browser-based OAuth 2.0 device-authorization flow. The CLI never prompts for a password — you sign in with the same credentials, MFA, and SSO you use for the web UI.
Login to Temps
bunx @temps-sdk/cli login https://temps.example.com
What happens:
- The CLI requests a
device_codeand a short, dasheduser_code(XXXX-XXXX) from the server and prints the approval URL (/cli-login/<user_code>). It makes a best-effort attempt to open your browser (openon macOS,starton Windows,xdg-openelsewhere). If no browser can open — headless, SSH, sandbox, CI, or a non-TTY shell — the printed URL is your fallback. - The approval page lives inside the console. If you are not already signed in, you are bounced through the standard login screen and returned afterward. The page shows the account, device/client name, requesting IP, and expiry so you can confirm before approving.
- The CLI polls until you approve. On approval, the server mints a standard API key (90-day TTL, scoped to your primary role) and delivers it to the CLI exactly once.
The device session expires after 15 minutes, and the CLI polls roughly every 2 seconds. Set TEMPS_NO_BROWSER=1 to skip the auto-open attempt (the URL is still printed):
TEMPS_NO_BROWSER=1 bunx @temps-sdk/cli login https://temps.example.com
Login with an API Key (Headless / CI)
For headless or CI environments, pass a pre-minted API key with --api-key (or -k). The key is validated against the server before being stored. You can generate an API key from the Temps dashboard under Settings → API Keys.
Login with an API key
bunx @temps-sdk/cli login https://temps.example.com --api-key <your-api-key>
login options
bunx @temps-sdk/cli login accepts only these options. The legacy --email, --password, --magic, --mfa, and --device flags have been removed.
| Option | Description |
|---|---|
[url] | Positional Temps server URL to authenticate against. |
--api-key, -k | Use a pre-minted API key (Settings → API Keys) instead of opening the browser. Required for headless / CI. |
--context <name> | Save the credentials under this context name (defaults to the URL host). |
--debug | Print every request/response to stderr (also enabled via TEMPS_DEBUG=1). |
Existing API keys — including any minted by older versions of the CLI — continue to work unchanged. Only the email + password login path has been removed. Magic-link login still works for browser logins from the web /login page, but is no longer available through the CLI.
Logout
temps logout makes a best-effort, bearer-authenticated request to revoke the current context's API key on the server, then clears the local credentials. If the server-side revoke fails, it only warns and still removes the local credentials.
Log out of Temps
bunx @temps-sdk/cli logout
| Option | Description |
|---|---|
--local-only | Skip server-side revocation; only clear local credentials. |
--context <name> | Log out of a specific context (defaults to the active one). |
Configure with Wizard
For a guided setup experience:
Run configuration wizard
bunx @temps-sdk/cli configure
Quick Start
Here's a quick workflow to deploy your first project using the CLI.
1. List Your Projects
List projects
bunx @temps-sdk/cli projects list
2. Create a New Project
Create a project
bunx @temps-sdk/cli projects create \
--name my-app \
--description "My awesome application" \
--repo https://github.com/myuser/my-app
3. Deploy Your Project
Deploy to production
4. View Deployment Logs
Stream logs
bunx @temps-sdk/cli runtime-logs --project my-app --follow
Environment Variables
The CLI respects the following environment variables for configuration:
| Variable | Description |
|---|---|
TEMPS_API_URL | Temps API endpoint URL |
TEMPS_API_TOKEN | Authentication token |
TEMPS_API_KEY | API key (alternative to token) |
NO_COLOR | Disable colored output |
Example:
export TEMPS_API_URL=https://temps.example.com
export TEMPS_API_KEY=your-api-key
bunx @temps-sdk/cli projects list
Configuration Files
The CLI stores configuration in:
- Config file:
~/.temps/config.json - Credentials:
~/.temps/.secrets
View your current configuration:
Show configuration
bunx @temps-sdk/cli configure show
Authentication Endpoints
The browser device flow is backed by these routes. They are served under the /api prefix because plugin routes are nested under /api.
| Route | Method | Auth | Purpose |
|---|---|---|---|
/api/auth/cli/device/start | POST | none | CLI requests a device_code + user_code. |
/api/auth/cli/device/poll | POST | none | CLI polls until the device is approved or denied. |
/api/auth/cli/device/lookup | GET | session | Approval page reads device details by user_code. |
/api/auth/cli/device/approve | POST | session | Approve the device from the browser. |
/api/auth/cli/device/deny | POST | session | Deny the device from the browser. |
/api/auth/cli/logout | POST | API key | Revoke the presented API key server-side. |
The poll response uses standard OAuth 2.0 device-flow status codes: authorization_pending, slow_down, access_denied, expired_token, and approved. On slow_down, the CLI doubles its polling delay up to a 10-second cap.
Next Steps
- CLI Reference - Complete command reference with all options
- API Reference - Use the REST API directly
- Environment Variables Reference - All configuration options