tm auth whoami, tm models list, tm users get, and other management workflows.
Use tm auth status when you need to see the local Control Plane token state
and the current inference credential state.
If tm is not already on your PATH, install the CLI first with
Installation. The commands below assume tm is on
your PATH. If you are running from this repo checkout without activating a
shell that already exposes tm, use ./.venv/bin/tm.
tm auth status reports local credential presence. Use tm auth whoami to confirm that the current Control Plane token still works against the live API.
Login Flow
tm auth statusis the local readiness check after login and sync.tm auth whoamiis the live validation step that proves the current bearer token still works against the Control Plane.
TM_CONFIG_HOME is unset, the CLI stores Control Plane tokens at
~/.config/tensormesh/auth.json. When TM_CONFIG_HOME is set, the token file
moves to $TM_CONFIG_HOME/auth.json. Managed gateway settings synced from the
Control Plane live under [managed] in the matching config.toml.
Automation And Headless Use
Usetm auth whoami when you need a live token check. It calls GET /auth/profile, so it validates the current bearer token against the Control Plane instead of only checking the local token file.
For controlled scripts that need the raw bearer token, use:
tm auth print-token --yes-i-know only in a controlled shell.
Treat that token like a secret: avoid shell history, CI logs, and copied plaintext files.
Refresh And Logout
Use refresh when you already have a saved login and want to update the local token set:tm auth logout --yes when you
want explicit non-interactive cleanup.
CLI Login Endpoint Scope
tm auth login and tm auth refresh use the CLI browser-login flow rather than the stable raw API integration surface for external clients.