Publish
Accounts
rig login, rig logout, and how the Hub identity flow works.
The Hub uses Clerk-backed device-flow OAuth for CLI authentication. You sign in once in your browser; the CLI gets a long-lived token.
Sign in
rig loginWhat happens:
- CLI requests a device code from
https://userig.xyz/api/v1/auth/device. - CLI opens
https://userig.xyz/auth/devicein your browser with the code. - You sign in (with email, Google, GitHub — whatever the Hub supports).
- You approve the device code on the same page.
- CLI polls until the code is approved, then receives a token.
- CLI writes the token to
~/.config/rig/config.json.
Now rig hub publish, rig hub search, etc. authenticate as you.
Sign out
rig logoutRemoves the stored token from ~/.config/rig/config.json. Your Hub account
itself isn't deleted; only this machine's stored credentials.
Inspect
cat ~/.config/rig/config.jsonLooks like:
{
"hub_url": "https://userig.xyz",
"hub_token": "<JWT>",
"hub_user": {
"id": "user_…",
"username": "you",
"email": "you@example.com"
}
}hub_user is decoded from the token at login time and used to populate
[rig].author defaults.
Changing the Hub URL
For self-hosted Hubs or CI:
export RIG_HUB_URL=https://your-hub.example.com
rig loginSubsequent commands hit that URL.
Privacy and scope
- The token is per device. Logging in on a new machine doesn't invalidate other machines' tokens.
- Tokens are scoped to your Hub account and grant the operations you'd be allowed to do via the website (read public, write to your own packages).
- Rig itself does not send telemetry; the only network traffic from the CLI is to the resolved sources (Hub, GitHub, your local registry).
Multiple accounts
Currently one account per machine. To switch, rig logout && rig login as
the other user. There's no rig whoami subcommand yet; cat ~/.config/rig/config.json is the workaround.
See also
- Publish to the Hub
- Environment variables (
RIG_HUB_URL) - Hub API