CLI Reference

pals login

Redeem an invite token and join the swarm allow-list.

$ pals login --invite-token TOKEN [OPTIONS]

What it does

Sends your peer identity (derived from identity.key) to the ProgressPals backend and presents your invite token. If the token is valid, the backend adds your peer ID to the swarm’s allow-list and returns a per-peer credential, which is stored in config.json (mode 0600).

Run this once per swarm. After it succeeds, run pals join MODEL --peer MADDR to actually connect.

Options

--invite-token

TEXTrequired

The invite token your operator gave you.

Env: PROGRESSPALS_INVITE_TOKEN

--config-dir

TEXT

Read config from this directory.

Examples

Pass the token via env var (preferred — stays out of shell history):

$export PROGRESSPALS_INVITE_TOKEN=pp_inv_...

$pals login

✓ peer credential stored

Don’t pass tokens on the CLI. pals login --invite-token pp_inv_... works but the token ends up in your shell history and in /proc/<pid>/cmdline while the process runs. Always prefer the env-var form.

How auth works

At RPC time, the cryptographic peer ID (verified by libp2p’s Noise handshake) is the auth token — the server’s allow-list refreshes from the backend and checks peer ID, not the per-peer credential. Your credential is a redemption receipt and a future-reserved slot for per-peer key material; you don’t present it on each call.