Platform View

Documentation is adapted for macOS.

Shell commands, launchd paths, and Apple runtime guidance

CLI Version Context

Installed CLI: 1.1.0 (latest compatibility profile)

Support Bundle

Capture a complete diagnostics artifact for support triage.

macos
OUT=~/Desktop/opta-support-$(date +%Y%m%d-%H%M%S).txt; { echo "# Opta Support Bundle"; echo "# Generated: $(date -u +%Y-%m-%dT%H:%M:%SZ)"; echo; opta doctor; echo; opta daemon status; echo; opta daemon logs --lines 200; echo; opta config list; } > "$OUT" && echo "Saved $OUT"
Support FAQ

Learn About

Deep workflow guides aligned to this documentation section.

Opta Accounts Masterclass

Account-control strategy, token posture, and multi-surface auth flows.

accounts
Browse all Opta Learn guides

Accounts Overview

Opta Accounts is the identity and cloud-sync layer for Opta apps. It provides Supabase-backed authentication, CLI browser login handoff, cloud API key sync, and account capability checks used by the CLI runtime.

What Is Opta Accounts

The Accounts portal runs at https://accounts.optalocal.com. The CLI uses it for browser OAuth sign-in and stores the resulting session locally. Once signed in, the CLI can sync API keys and evaluate account capabilities for gated actions.

  • Auth - email/password, phone/password, and browser OAuth.
  • CLI callback relay - secure redirect to local 127.0.0.1:<port> callback.
  • Cloud key sync - opta account keys list|push|delete.
  • Capability checks - account and device-aware policy decisions.

Architecture

text
Opta CLI
  │
  │ account login --oauth
  ▼
accounts.optalocal.com
  │
  │ /cli/callback?port=<local-port>&state=<csrf>
  ▼
127.0.0.1:<local-port>/callback
  │
  │ access_token + refresh_token
  ▼
~/.config/opta/account.json
  │
  ├─ account keys list|push|delete  -> Accounts API (/api/keys)
  └─ capability evaluate            -> Accounts API (/api/capabilities/evaluate)

CLI Surface

Primary account commands:

Inspect local account session and expiry
opta account status --json
{
  "ok": true,
  "authenticated": true,
  "project": "cytjsmezydytbmjrolyz",
  "user": { "id": "user_123", "email": "matthew@optamize.biz", "phone": null, "name": "Matthew" },
  "session": { "tokenType": "bearer", "expiresAt": "2026-03-04T10:24:12.000Z" },
  "updatedAt": "2026-03-04T09:41:03.000Z"
}
Open browser sign-in through accounts.optalocal.com
opta account login --oauth
List cloud-synced provider keys for this account
opta account keys list --json

Data Stored Locally

The CLI persists account session state to ~/.config/opta/account.json with file mode 0600. Directory mode is 0700.

~/.config/opta/account.json
{
  "project": "cytjsmezydytbmjrolyz",
  "session": {
    "access_token": "...",
    "refresh_token": "...",
    "token_type": "bearer",
    "expires_in": 3600,
    "expires_at": 1772619852
  },
  "user": {
    "id": "user_123",
    "email": "matthew@optamize.biz"
  },
  "updatedAt": "2026-03-04T09:41:03.000Z",
  "deviceId": "dev_abc123"
}
Automatic refresh behavior
If a token is within 5 minutes of expiry, the CLI attempts a silent refresh using the stored refresh_token. If refresh fails, the local session is treated as unauthenticated.

Quick Start

Sign in through browser OAuth with a 5-minute timeout
opta account login --oauth --timeout 300
Verify the session is present and unexpired
opta account status --json
Store a provider API key in Opta Accounts cloud
opta account keys push anthropic sk-ant-... --label work

Next Pages

  • Auth - login modes, callback flow, token handling.
  • Sync - key sync, device registration, capabilities.
  • Troubleshooting - failure patterns and recovery commands.
Previous
Change Impact
Next
Auth