@teable/cli
v0.6.22
Published
Teable CLI — manage bases, tables, fields, views, records, and more
Readme
@teable/cli
CLI wrapper for @teable/ai-tools-ee.
This package is organized around a one-tool-one-command architecture.
Configure auth
Two authentication methods are supported: OAuth login (recommended) and Personal Access Token (PAT).
OAuth login (recommended)
teable auth loginOpens a browser for Teable login using OAuth Authorization Code + PKCE. After authorization, tokens are saved automatically. Access tokens auto-refresh before expiry — no manual token management needed.
# custom endpoint
teable auth login --endpoint https://my-teable.example.com
# custom OAuth client ID
teable auth login --client-id my-client-id
# request specific scopes (comma-separated)
teable auth login --scopes "table|read,record|read,record|create"Personal Access Token (PAT)
teable auth --token teable_pat_xxxNon-interactive — writes a PAT-based auth config. Tokens can also be provided via TEABLE_TOKEN or TEABLE_PAT environment variables.
# overwrite existing file
teable auth --force
# custom output path
teable auth --path ./.teablerc.json
# explicit endpoint
teable auth --token teable_pat_xxx --endpoint https://app.teable.aiAuth management
# show current auth status (auth type, token expiry, scopes, etc.)
teable auth status
# clear saved credentials (OAuth tokens and PAT)
teable auth logoutAuth config is saved to ~/.teable/cli/config.json by default.
Usage examples
# Manage bases (create / get / list / update / delete)
teable base list # all accessible bases
teable base list --space-id spcXXXX # bases in one space
teable base create --space-id spcXXXX --name "My Base" --icon 📊
teable base get --base-id bseXXXX
teable base update --base-id bseXXXX --name "Renamed Base"
teable base delete --base-id bseXXXX
# SQL query
# `dbTableName` from `teable table get` is one dotted value (e.g. bseXXXX.tbl_users);
# split it on the dot into two quoted identifiers: "bseXXXX"."tbl_users"
teable sql-query \
--base-id bseXXXX \
--sql "SELECT * FROM \"bseXXXX\".\"tbl_users\" LIMIT 10"
# List available tools for current base permission
teable tools list --base-id bseXXXX
# Search tools by keyword
teable tools list --base-id bseXXXX --search sql
# Get records with projection
teable record get \
--base-id bseXXXX \
--table-id tblXXXX \
--take 10 \
--projection '["fldName","fldAmount"]'
# Call API with path params (object/array fields use JSON string)
teable call-api \
--base-id bseXXXX \
--method POST \
--url '/table/{tableId}/record/{recordId}/duplicate' \
--params '{"tableId":"tblXXXX","recordId":"recXXXX"}'Auth resolution priority
--tokenCLI flagTEABLE_TOKEN/TEABLE_PATenvironment variable- OAuth tokens from config (with auto-refresh)
- PAT from config
Endpoint: --endpoint flag or TEABLE_ENDPOINT env (default: https://app.teable.ai).
Config
Config loading order:
- User-level config:
~/.teable/cli/config.json - Project-level override (optional):
.teable/cli/config.jsonin project root
PAT config:
{
"token": "teable_pat_xxx",
"endpoint": "https://app.teable.ai"
}OAuth config (written automatically by auth login):
{
"endpoint": "https://app.teable.ai",
"token": "...",
"oauth": {
"accessToken": "...",
"refreshToken": "...",
"expiresAt": 1709654400000,
"refreshExpiresAt": 1712246400000,
"clientId": "teable-cli",
"scopes": ["table|read", "record|read"]
}
}Fields:
token— PAT or OAuth access tokenendpoint— Teable API endpointoauth— OAuth token state (managed automatically)disabledCommands— commands to turn off (see below)
timeZone and permissionLevel are resolved dynamically by tool middleware and cached in ~/.teable/cli/runtime-cache.json for 5 minutes, keyed by baseId.
Disabling commands
Commands can be turned off — useful for environments where, for example, bases are provisioned by setup code and base CRUD should not be exposed.
Set disabledCommands in the config file, and/or the TEABLE_CLI_DISABLED_COMMANDS env var (comma-separated); the two are merged. Each entry targets a command:
- a resource group —
base(disables the whole group) - a
group:verb—base:create(disables one sub-command) - a standalone command —
sql-query
{
"disabledCommands": ["base", "scrape"]
}TEABLE_CLI_DISABLED_COMMANDS=base:create,base:delete teable base --helpDisabled commands are not registered at all — running one yields an "unknown command" error. auth and config cannot be disabled.
Directory structure
src/
cli.ts # commander bootstrap + command registration
auth/
constants.ts # OAuth constants (client ID, timeout)
pkce.ts # PKCE crypto utilities (verifier, challenge, state)
callback-server.ts # Temporary HTTP server for OAuth redirect
oauth-client.ts # Token exchange & refresh HTTP calls
browser.ts # Browser open + terminal refocus (macOS)
oauth-login.ts # Orchestrator: ties all auth modules together
commands/
index.ts # command registration entry
auth.command.ts # auth, auth login, auth logout, auth status
tools/
*.command.ts # one file per tool command
list.command.ts # list tools filtered by permission
sql-query.command.ts # specialized sql-query command
tool-metas.ts # tool command metadata + creators
tool-commands.generated.ts # generated bundles for tool defs
shared/
shared-options.ts # common tool command options
tool-guards.ts # tool definition guard helpers
tool-command-factory.ts # shared command factory
bootstrap/
config.ts # resolve token/endpoint (PAT + OAuth)
openapi.ts # openapi axios setup + auto-refresh interceptor
runtime/
context.ts # experimental_context builder
cache.ts # runtime context cache
tool-runtime.ts # shared tool command context/runtime helpers
types.ts