@facilio/vibe-cli
v0.1.8
Published
Vibe CLI — build and deploy Vibe apps from your terminal.
Maintainers
Readme
@facilio/vibe-cli
Build and deploy Vibe apps from your terminal.
npm install -g @facilio/vibe-cli
vibe login
vibe deployCommands
| Command | What it does |
|---|---|
| vibe login | Sign in via the OAuth2 device-authorization flow (RFC 8628). Works on laptops, over SSH, and inside containers — no local callback port needed. |
| vibe login --api-key <key> | Non-interactive sign-in for CI. Pass - to read the key from stdin (keeps it out of shell history). |
| vibe logout | Revoke the token server-side (best-effort) and clear it locally. |
| vibe whoami | Show the active session: user, server, auth source, token expiry. |
| vibe deploy | Zip build.publish, upload, wait for deployment to finish. --prod marks production. Build your app yourself first (e.g. npm run build). |
| vibe app create | Create a new app — prompts for name, description, optional logo. |
| vibe app list (ls) | List apps in your org. |
vibe.json
Place this at the root of your project. build.publish is the folder your build tool writes static files to (e.g. dist, build, out).
{
"name": "my-app",
"build": {
"publish": "dist"
}
}After the first successful deploy, the CLI writes siteId back into this file. Commit it.
How login works
vibe login uses the OAuth2 device-authorization grant (RFC 8628) — the same model GitHub CLI, gcloud, and AWS SSO use.
- CLI requests a
device_code+ shortuser_codefrom identity-service. - CLI prints the verification URL and
user_code, and auto-opens the URL in a browser. - User signs in on the verification page (on the same device or any other — phone, laptop) and confirms the code.
- CLI polls the token endpoint until the user approves; on success it receives an access token + refresh token, plus the user's home-region service URLs.
- CLI persists the token set securely (see Credential storage below) and routes all subsequent calls to the user's home region directly.
For CI / automation, skip the browser entirely:
echo "$VIBE_API_KEY_VALUE" | vibe login --api-key -
# or, zero-config — login is implicit when the env var is set
export VIBE_API_KEY=...
vibe deployCredential storage
Tokens are stored in the OS-native secret store — never as plaintext when avoidable.
| OS | Where the secret lives |
|---|---|
| macOS | Keychain (security command, service name facilio-vibe-cli) |
| Linux | Secret Service via libsecret-tools (GNOME Keyring / KWallet) |
| Windows | DPAPI-encrypted per-user blob in ~/.vibe/, registered in Credential Manager |
| Anywhere the OS store isn't available | ~/.vibe/credentials.json, mode 0600, as a fallback |
After a successful vibe login, the CLI prints exactly where the token landed. To inspect the entry on macOS:
security find-generic-password -a default -s facilio-vibe-cli -w | jqvibe logout clears the entry from both the OS store and the file fallback.
To force the file fallback (e.g. minimal Docker images on Linux without libsecret-tools), set VIBE_NO_KEYCHAIN=1.
Environment variables
| Var | Purpose |
|---|---|
| VIBE_API_KEY | Skip the browser flow entirely. When set, every command treats the value as the auth token (overrides anything in the OS store / file). Ideal for CI. |
| VIBE_SERVER_URL | Override the vibe-server URL. Used by login (initial bootstrap) and deploy. |
| VIBE_IDENTITY_URL | Override the identity-service base URL the device-auth flow bootstraps against. |
| VIBE_CLIENT_ID | Override the OAuth client id. Must be registered as a public client on identity-service. |
| VIBE_SERVICE | Override the identity-service service key (default vibe). |
| VIBE_NO_KEYCHAIN | Set to 1 to force file-based credential storage even when an OS keychain is available. |
Each of the URL / id / service flags also has a --flag equivalent on vibe login. CLI flag > env var > built-in default.
Cross-region homing
The CLI bootstraps against the configured identity-service, but the token is minted on the user's home region. The token response carries service_url / identity_url / token_url / revoke_url for that region, and the CLI persists them. From then on, refresh / API / revoke calls go directly to the home region — the bootstrap host is never contacted again. No CLI change needed for new regions.
Development
npm install
npm run dev -- login --server http://localhost:8080
npm run build
node dist/index.js login
# pack + reinstall as the global `vibe`
npm run build
npm pack
npm uninstall -g @facilio/vibe-cli
npm i -g ./facilio-vibe-cli-0.0.1.tgz