Install and sign in
Sign in once per machine
Copy the workspace id from your Passport URL. Login opens a browser and stores the resulting refresh credential in the existing
~/.passport/credentials.json profile store with owner-only permissions.Commands
| Command | Purpose |
|---|---|
passport status | Show the workspace, profile, policy client, and visible MCP connection states. |
passport doctor | Check the runtime, credential-store safety, endpoint, authentication, and exact CLI protocol without exposing credentials. |
passport search [query] | Discover allowed, namespaced tools. An empty query lists the visible catalog. |
passport describe <tool> | Print a tool’s description, read-only flag, and full parameters schema. |
passport run <tool> [json-args] | Execute a governed tool call. Use --args - for stdin or repeat --set / --set-json. |
passport connect [app...] | Get or open a personal-account connection flow. Add --wait <sec> to wait for completion. |
passport resources [uri] | List resources or read one URI. |
passport prompts [name] | List prompts or get one, with repeatable --set key=value arguments. |
passport completion <bash|zsh|fish> | Generate shell completion locally without a profile or network request. |
passport login / logout | Create or revoke a named local profile. |
passport help [verb] / version | Inspect the CLI without a profile or network connection. |
--profile, --json, --timeout, --quiet, and --caller.
Diagnose and complete
doctor returns every check even when one fails. Human output includes a safe,
actionable fix; --json returns a stable report suitable for support automation.
Neither form prints credential values, response bodies, or member identity.
JSON and exit-code contract
With--json, stdout contains exactly one JSON value. Hints and warnings go to stderr, so an agent can pipe results without stripping human output. JSON errors have this stable shape:
| Exit | Meaning |
|---|---|
| 0 | Success. |
| 1 | Network, server, or ambiguous execution error. Do not retry automatically. |
| 2 | Authentication is missing, expired, or revoked. Run passport login. |
| 3 | A personal app connection is required. Run passport connect <app>. |
| 4 | Approval is pending. The result includes the approval id. |
| 5 | Policy, a guardrail, client selection, or approval denial blocked the call. |
| 6 | Usage error or unknown tool. |
passport run --wait <sec> retries only a definite approval_pending response. It never retries a timeout or network failure because the execution outcome could be ambiguous.
Profiles and attribution
The default profile usescli as its policy client. To keep app selection and Activity distinct for a specific terminal agent, create a per-agent profile:
--caller <id> takes precedence. Activity labels it as self-reported, for example Passport CLI · Codex via CLI; the authenticated member or agent and the policy client remain separate identities.
OpenCode is a first-class policy identity too. Use --client opencode --profile opencode@work when its selection and Activity should remain distinct from other terminal agents.
Headless, CI, and cron
Create an agent identity and key under Settings → Advanced → Headless & CI, then inject both variables through your CI secret store. Environment-key mode wins over local profiles, writes nothing to disk, and works withoutpassport login.
passport connect from an interactive member profile when an app needs personal OAuth.
Agent keys are also non-interactive: they do not create action-time member
approval prompts. Use a member profile for an operation that must pause for a
human’s one-off approval.
The CLI never wraps provider APIs directly and never bypasses the gateway. It calls Passport’s governed meta-tools and MCP resource/prompt methods, so CLI and MCP usage share one policy and audit pipeline.