Authentication
The CLI supports two independent auth paths. Interactive mode prefers your session; print mode prefers a personal access token (PAT).
| How | Behavior | |
|---|---|---|
| Session (full parity) | testrelic login — email/password via the encrypted challenge flow. Cookies persist in ~/.testrelic/cookies.json and auto-refresh. | Interactive confirmations and repo memory writes. |
| PAT | testrelic login --token tr_mcp_… (optionally --email you@org). | Confirmations auto-approve; full tool results. |
The PAT uses the same convention as @testrelic/mcp. Create a
token at
platform.testrelic.ai/settings/mcp-tokens.
Credentials are written with owner-only (0600) file permissions.
Session login
testrelic login # prompts for email + password
- Force the session path even in print mode with
--session. - For non-interactive session login, set
TESTRELIC_PASSWORDin the environment.
Token login
testrelic login --token tr_mcp_xxxxxxxx
# associate the token with a specific account:
testrelic login --token tr_mcp_xxxxxxxx --email you@org.com
TESTRELIC_MCP_TOKEN is honored as a lowest-precedence fallback — an explicit
testrelic login --token … (or a token stored on disk) always takes priority over the
environment variable.
export TESTRELIC_MCP_TOKEN=tr_mcp_xxxxxxxx # fallback only
Log out
testrelic logout # clear the current session / token
testrelic logout --all # clear every stored credential
Pointing at a different backend
The CLI defaults to production. Point it elsewhere for staging or self-hosted setups:
testrelic config set baseUrl https://your-host.example.com/api/v1
# or per-invocation:
testrelic --base-url https://your-host.example.com/api/v1
# or via environment:
export TESTRELIC_CLOUD_URL=https://your-host.example.com/api/v1
Diagnostics
testrelic doctor # checks auth, MCP servers, and terminal capabilities