Skip to main content

Documentation Index

Fetch the complete documentation index at: https://api-docs.tiro.ooo/llms.txt

Use this file to discover all available pages before exploring further.

The CLI ships as @theplato/tiro-cli on npm and runs on Node.js 20+. macOS, Linux, and Windows.

1. Install

npm install -g @theplato/tiro-cli
Verify the install: 
tiro --version
# → 0.2.0 (or later)
System requirements: Node.js 20 or later. The shipped binary is ESM-only; Node 18 will error on import.

2. Sign in

tiro auth login
This opens your default browser to Tiro’s OAuth Authorization Code + PKCE flow. The CLI runs a one-shot local HTTP server on http://127.0.0.1:<random-port>/callback to receive the redirect. After you sign in, the JWT is stored in your OS-native credential store:
  • macOS — Keychain
  • Linux — Secret Service (requires gnome-keyring or kwallet)
  • Windows — Credential Manager
Confirm: 
tiro auth status
# ✓ Signed in
#   source:     keychain
#   hostname:   https://api.tiro.ooo
#   user:       <userId>
#   expires at: <ISO datetime>
#   token:      tk__...***
The token prefix is the only fragment ever shown — the full bearer token never leaves the keychain.

3. Sign out

tiro auth logout
Clears the keychain entry and the cached Dynamic Client Registration ID. Your next tiro auth login registers a fresh DCR client.

Headless, CI, and agent environments

Some environments can’t open a browser (CI, SSH, sandboxed agents, Docker). For those, set TIRO_TOKEN directly. Any value here overrides the keychain. 
export TIRO_TOKEN="$(security find-generic-password -s 'io.tiro.cli' -a default -w 2>/dev/null \
  | jq -r '.accessToken')"
tiro notes list --json
In GitHub Actions: 
- name: Run tiro
  env:
    TIRO_TOKEN: ${{ secrets.TIRO_TOKEN }}
  run: |
    tiro notes search "release notes" --since 1d --json > recent.jsonl
Putting your full bearer token in a CI secret is equivalent to a 180-day Personal Access Token. Rotate by running tiro auth logout && tiro auth login on a trusted machine and copying the new token into the secret store.

Configuration overrides

VariablePurpose
TIRO_TOKENBearer token — overrides keychain
TIRO_HOSTNAMEAPI base URL (defaults to https://api.tiro.ooo)
TIRO_OUTPUT_DIRDefault --output-dir for export commands (v0.3+)
NO_COLORDisable ANSI colors (no-color.org)
Per-call overrides: 
tiro --hostname https://api.tiro-ooo.dev notes list      # dev environment
tiro notes get <guid> --json --no-color                  # script-friendly

Update the CLI

npm update -g @theplato/tiro-cli
→ Continue to Quickstart for hands-on examples.