3. Authenticate the CLI - Synheart Documentation

Once you have a platform account, authenticate the CLI so it can install the runtime and other artifacts from the registry.

synheart login

The CLI uses OAuth 2.0 Device Flow:

The CLI prints a URL and a one-time code.
Open the URL in your browser.
Sign in to platform.synheart.ai and confirm the code.
The CLI receives a token and stores it securely.

Where credentials are stored

macOS: Keychain.
Windows: Credential Manager.
Linux: Secret Service (libsecret-compatible). On headless or container Linux without a Secret Service daemon, the CLI falls back to an encrypted file at ~/.synheart/credentials.enc.

Verify

synheart whoami
synheart auth status   # token expiry, refresh state

Sign out

synheart logout            # remove local credentials
synheart logout --revoke   # also revoke the token on the server

Enterprise gateways

The CLI talks to https://api.synheart.ai by default, and that’s the only endpoint supported on standard builds. Pointing the CLI elsewhere requires either an enterprise plan (which enables SYNHEART_API_URL so the same binary can target your dedicated Synheart gateway) or rebuilding the CLI from source against your own endpoint. Once SYNHEART_API_URL is enabled for your account, the value is picked up by login, install, sync, whoami, and auth status.

Install the runtime

Download the on-device HSI runtime that powers Synheart Core.

2. Create a platform account 4. Install the runtime

​Sign in

​Where credentials are stored

​Verify

​Sign out

​Enterprise gateways

​Next

Install the runtime

Sign in

Where credentials are stored

Verify

Sign out

Enterprise gateways

Next