Mogplex Docs
CLIGuides

Authentication

How Mogplex resolves stored credentials, when account login is enough, and what bare `mogplex`, `/login`, and `/logout` mean in the CLI.

Mogplex can run with either direct provider credentials or your Mogplex account. When a session starts, it resolves auth in this order.

Resolution order

  1. Environment variable first. If a provider env var is set in your shell, Mogplex uses it.

    ProviderEnvironment variable
    MogplexMOGPLEX_API_KEY
    AnthropicANTHROPIC_API_KEY
    OpenAIOPENAI_API_KEY
    GoogleGOOGLE_GENERATIVE_AI_API_KEY
    GroqGROQ_API_KEY
    MistralMISTRAL_API_KEY
    DeepSeekDEEPSEEK_API_KEY
    xAIXAI_API_KEY
    CohereCOHERE_API_KEY
    VercelVERCEL_API_TOKEN

  2. Fallback to stored credentials. If the env var is not set, Mogplex reads ~/.mogplex/auth.json.

  3. Stored Mogplex account login. If the only stored credential is your Mogplex browser login, the CLI starts against your account-backed model access and synced catalog.

  4. No credentials → startup prompt or clear error. In interactive TTY startup, bare mogplex prompts you to either sign in with Mogplex or store a provider API key. In non-interactive contexts it exits with a clear message telling you to run mogplex.

Mogplex account login

Running mogplex and choosing Sign in with Mogplex opens the webapp login flow and stores a mogplex token in ~/.mogplex/auth.json.

That login now does three things for the CLI:

  • unlocks your synced model catalog
  • unlocks synced MCP configuration
  • runs prompts through the model access configured for your Mogplex account

If your account does not have model access yet, add an AI Gateway, OpenAI, or Anthropic key in Settings > API Keys.

/login

Use mogplex as the normal entrypoint:

mogplex

If you prefer to jump straight into the auth flow, mogplex login opens the same chooser.

Inside the TUI, /login still works for storing direct provider keys when you want the CLI to use a specific provider credential locally.

Provider keys

Direct provider credentials still work and still take precedence over the account login path. This is useful for shell-driven setups and CI.

export OPENAI_API_KEY=sk-...
mogplex

/logout

Removes the stored key from ~/.mogplex/auth.json.

Two things to know:

  • If the matching env var is set, the next session still authenticates via the env var. This is by design — env vars are the source of truth for shell-driven setups.
  • If you log out of Mogplex, synced models and MCP entries disappear on the next startup.

Logging and credential safety

Session logs at ~/.mogplex/logs/<session-id>.jsonl never contain:

  • API keys or OAuth tokens
  • Contents of ~/.mogplex/auth.json

All data is redacted before it is written to disk.

When MOGPLEX_DEBUG=1 is set, debug logs also capture stream chunks and tool outputs. These may include prompt or tool content, so treat debug logs with the same care as your source code.

Edit on GitHub

Guides

Deep dives into how the Mogplex CLI works.

Overview

The Mogplex web app for projects, agents, automations, observability, settings, installations, and the hosted API.

On this page

Resolution orderMogplex account login/loginProvider keys/logoutLogging and credential safety