Skip to main content
The Phaseo CLI gives you a first-party terminal workflow for the Phaseo control plane. Use it when you want to:
  • sign in as a real Phaseo user from a local shell, remote shell, or agent runtime
  • create and rotate API keys or management keys
  • manage workspaces, presets, settings, and guardrails
  • use first-party CLI OAuth while user-owned OAuth apps remain in private testing
  • inspect models, providers, pricing, credits, activity, analytics, and generations

Install

npm install -g @phaseo/cli
pnpm add -g @phaseo/cli
yarn global add @phaseo/cli
bun add -g @phaseo/cli

Check the installed version

phaseo --version
phaseo version
phaseo version --json
  • phaseo --version prints the installed version.
  • phaseo version prints the version plus the recommended update command for the current package manager.
  • interactive runs also show an update hint when a newer published version is available.
The older phaseo command remains available as a compatibility alias.

Sign in

Start with:
phaseo login
The CLI supports two first-party flows:
  • Sign in with Phaseo: browser OAuth with authorization code + PKCE
  • Sign in with Device Code: best for SSH, CI, headless shells, and agent environments
You can force either path:
phaseo login --browser
phaseo login --device-code
Remote and non-interactive environments automatically prefer device code.

Confirm who you are

phaseo whoami
phaseo whoami --json
This returns your current Phaseo user, scopes, active workspace, and available workspaces.

Create keys

phaseo keys create --name "Local CLI Key"
phaseo keys create --name "Agent Sandbox Key" --json
phaseo keys current
Use --json when an agent or automation needs the raw created key once.

Manage workspaces and guardrails

phaseo workspaces list
phaseo workspaces members <workspace-id-or-slug>

phaseo guardrails list
phaseo guardrails create --name "Production Safety" --body-json '{"enabled":true}'
The CLI is intended to cover the useful parts of the Phaseo dashboard and management APIs from the terminal.

OAuth apps

User-created OAuth apps are coming soon. This release keeps OAuth client creation in private testing while the first-party Phaseo CLI uses the shared OAuth/OIDC foundation for browser sign-in, device code, token refresh, revoke, userinfo, and JWKS/discovery flows. Self-hosted or preview deployments keep third-party OAuth disabled unless PHASEO_THIRD_PARTY_OAUTH_ENABLED is set to a truthy value. Accepted truthy values are 1, true, yes, and on, matched case-insensitively after trimming whitespace. Leave the variable unset while validating the first-party CLI path; enabling it exposes user-created OAuth app management and should only be paired with reviewed redirect URI, consent, client-secret, and workspace authorization configuration.
.env
PHASEO_THIRD_PARTY_OAUTH_ENABLED=true
Docker
docker run -e PHASEO_THIRD_PARTY_OAUTH_ENABLED=true phaseo
Kubernetes
env:
  - name: PHASEO_THIRD_PARTY_OAUTH_ENABLED
    value: "true"

Security model

  • CLI sessions prefer OS-backed secure storage where available.
  • phaseo logout revokes the stored refresh token before clearing local state.
  • Management keys require explicit capabilities.
  • Regular inference keys rely on guardrails, routing policies, and workspace settings rather than a separate scope model.

Update

npm install -g @phaseo/cli@latest
pnpm add -g @phaseo/cli@latest
yarn global add @phaseo/cli@latest
bun add -g @phaseo/cli@latest

Next steps

Last modified on July 9, 2026