Auth
Authentication Commands
The Arc Memory CLI provides commands for authenticating with GitHub, which is required for accessing GitHub data such as pull requests and issues.
Related Documentation:
- Build Commands - After authenticating, build your knowledge graph
- Doctor Commands - Verify your authentication status
- Building Graphs Examples - Examples of using authentication with builds
Overview
Authentication is handled through the arc auth command group. Arc Memory uses GitHub’s device flow for authentication, which is a secure way to authenticate without having to enter your credentials directly.
Commands
arc auth gh
Authenticate with GitHub using device flow.
This command initiates the GitHub device flow authentication process. It will display a code and a URL. You need to visit the URL, enter the code, and authorize the Arc Memory application to access your GitHub account.
Options
--client-id TEXT: GitHub OAuth client ID. If not provided, uses the default Arc Memory app.--client-secret TEXT: GitHub OAuth client secret. If not provided, uses the default Arc Memory app.--timeout INTEGER: Timeout in seconds for the device flow (default: 300).--debug: Enable debug logging.
Example
arc auth gh-app
Authenticate with a GitHub App.
This command configures authentication for a GitHub App. GitHub Apps provide more granular permissions and can be installed on organizations.
Options
--app-id TEXT: GitHub App ID.--private-key TEXT: Path to the GitHub App private key file.--client-id TEXT: GitHub OAuth client ID for the GitHub App.--client-secret TEXT: GitHub OAuth client secret for the GitHub App.--debug: Enable debug logging.
Example
Authentication Storage
Arc Memory stores authentication tokens securely:
- System Keyring: By default, tokens are stored in your system’s secure keyring (Keychain on macOS, Credential Manager on Windows, etc.).
- Environment Variables: You can also provide tokens via environment variables (
GITHUB_TOKEN).
If a token is found in environment variables, Arc Memory will ask if you want to store it in the system keyring for future use.
Checking Authentication Status
You can verify your authentication status by running:
This will show if you have a valid GitHub token configured.
Troubleshooting
Authentication Failures
If you encounter authentication issues:
-
Network Issues:
- Check your internet connection
- Ensure you can access github.com in your browser
- If behind a corporate firewall, check if GitHub API access is allowed
- Try again with
arc auth gh --debugto see detailed error messages
-
Token Expiration:
- GitHub tokens can expire or be revoked
- Simply run
arc auth ghagain to get a new token - You’ll see a new device code and URL to visit
-
Permission Issues:
- Ensure the token has the necessary permissions (repo, read:org)
- If you’re using a custom client ID, verify it has the correct scopes
- You may need to revoke the existing token in your GitHub settings and re-authenticate
-
Rate Limiting:
- GitHub API has rate limits
- If you hit them, wait or use a token with higher limits
- Enterprise accounts typically have higher rate limits
Re-authentication
You may need to re-authenticate in these situations:
- New Device: When using Arc Memory on a new device
- Token Revoked: If you revoked the token in GitHub settings
- Token Expired: If your token has expired
- Permission Changes: If you need different permissions
To re-authenticate:
Verifying Authentication
To verify that your authentication is working:
If you see GitHub data in your graph, your authentication is working correctly.