Platform View

Documentation is adapted for macOS.

Shell commands, launchd paths, and Apple runtime guidance

CLI Version Context

Installed CLI: 1.1.0 (latest compatibility profile)

Support Bundle

Capture a complete diagnostics artifact for support triage.

macos
OUT=~/Desktop/opta-support-$(date +%Y%m%d-%H%M%S).txt; { echo "# Opta Support Bundle"; echo "# Generated: $(date -u +%Y-%m-%dT%H:%M:%SZ)"; echo; opta doctor; echo; opta daemon status; echo; opta daemon logs --lines 200; echo; opta config list; } > "$OUT" && echo "Saved $OUT"
Support FAQ

Learn About

Deep workflow guides aligned to this documentation section.

Opta Accounts Masterclass

Account-control strategy, token posture, and multi-surface auth flows.

accounts
Browse all Opta Learn guides

Sync

Opta Accounts sync covers cloud API keys, device identity, session activity, and capability checks used to gate CLI actions.

What Syncs

  • API keys - via Accounts API /api/keys.
  • Device identity - fingerprint-based registration via /api/devices/register.
  • Capability decisions - scoped checks via /api/capabilities/evaluate.
  • Session records - upserted in accounts_sessions and periodically touched.

Cloud Key Sync

Cloud key commands operate on the authenticated account and support provider filtering, labels, and JSON output for automation.

List cloud keys for a provider
opta account keys list --provider anthropic --json
Create or update a cloud key entry
opta account keys push anthropic sk-ant-... --label work
Delete a cloud key by ID
opta account keys delete 9d4c4b93-2d7e-44cf-8ca2-f214ef6a10f1 --provider anthropic
keys list --json output
{
  "ok": true,
  "keys": [
    {
      "id": "9d4c4b93-2d7e-44cf-8ca2-f214ef6a10f1",
      "provider": "anthropic",
      "label": "work",
      "keyValue": "sk-ant-...",
      "updatedAt": "2026-03-04T08:17:41.902Z"
    }
  ]
}
Key material
Treat command history as sensitive when using keys push <provider> <key>. Prefer shell history controls or wrapper scripts in CI.

Device Registration

On login, the CLI computes a deterministic device fingerprint and registers the device. Existing fingerprints are reused to avoid duplicate devices after re-login.

Device sync flow
1) GET  /api/devices/fingerprint?hash=<sha256>
2) POST /api/devices/register (if not found)
3) Persist deviceId into ~/.config/opta/account.json

Capability Evaluation

Runtime features can be gated by account policy using /api/capabilities/evaluate. Typical scopes include CLI chat/run permissions and account-tier checks.

Capability request shape
{
  "scope": "cli.run",
  "deviceId": "dev_abc123"
}

If evaluation fails (network or auth), callers should assume deny and surface a recoverable reason.

Session Record Sync

The CLI upserts a cloud session row after login and periodically touches last_seen_at while active. This drives account-side activity and device visibility.

Session row fields
session_type: "cli"
created_at: ISO8601
last_seen_at: ISO8601
expires_at: ISO8601|null

Automation Example

CI-friendly sync checks
opta account status --json | jq '.authenticated'
opta account keys list --json | jq '.keys | length'
opta account keys push openai "$OPENAI_API_KEY" --label ci --json
opta account keys list --provider openai --json | jq '.keys[0].label'
Previous
Auth
Next
Troubleshooting