CLI authentication

The Navi CLI authenticates to the public Navi API and stores its local config in:

~/.config/navi/config.json

Current supported method

Today, the supported public method is a session cookie:

navi auth login --cookie "<your-session-cookie>"

Environment-based configuration

You can also provide runtime values through environment variables:

export NAVI_API_BASE_URL=https://dev.meridian7.io
export NAVI_COOKIE="<your-session-cookie>"

Environment variables override the saved config for the current process.

Verify your identity

After logging in, verify the active principal:

navi auth whoami

Log out

To clear locally stored credentials:

navi auth logout

Token support

The CLI command surface already reserves future support for:

personal access tokens for human CLI users
service API keys for system integrations

Those credentials are not enabled until the public credential service supports durable revocation, auditing, and metering. If your deployment does not support bearer credentials yet, use session authentication.

Security guidance

treat the local config file like a credential-bearing file
avoid checking session cookies into scripts or source control
prefer environment variables for short-lived shell sessions
run navi auth logout on shared machines when you are done

Overview

CLI

MCP

API

Authentication

CLI authentication

Current supported method

Environment-based configuration

Verify your identity

Log out

Token support

Security guidance

Overview

CLI

MCP

API

​CLI authentication

​Current supported method

​Environment-based configuration

​Verify your identity

​Log out

​Token support

​Security guidance

CLI authentication

Current supported method

Environment-based configuration

Verify your identity

Log out

Token support

Security guidance