Account & Sign-in
Vibecontrols uses your Burdenoff Workspaces identity. Same email, same SSO, same MFA.
What you'll learn
- How to sign in to the web app
- How the CLI signs in
- How the agent receives credentials
- Where to manage your profile / MFA / sessions
Web app sign-in
Go to app.vibecontrols.com → sign in with your Burdenoff Workspaces credentials (email + password, SSO, or magic link if your tenant allows).
CLI sign-in (vibecontrols)
vibecontrols auth login # OAuth2 device-code flow (interactive)
vibecontrols auth status # show current token + workspace
vibecontrols auth token # print platform access token
vibecontrols auth token --workspace # print workspace-scoped token
vibecontrols auth logout # clear local credentials
For service-to-service automation:
vibecontrols auth login --client-credentials \
--client-id <id> --client-secret <secret>
Tokens are stored at ~/.config/vibecontrols-cli/auth.json (mode 0600). Platform tokens auto-refresh every ~1 hour; workspace tokens every ~15 minutes.
Agent sign-in (vibe)
The agent does not have its own login command. Instead, after you start it (vibe start), the agent:
- Stands up an outbound Cloudflare tunnel
- Generates its own
agentApiKey(random secret, used by the platform to authenticate inbound calls) - Waits in pre-config mode for the platform to push OAuth credentials via
POST /api/agent/gateway-auth
The web app pushes these credentials when you click "Add Target" or "Attach Agent". From that point the agent can fetch the per-workspace encryption key, decrypt its plugin storage, and load plugins.
If you set VIBE_* environment variables before starting (typical for Docker/systemd/CI), the agent finalizes inline at boot.
Manage profile, MFA, sessions, SSO
These are platform-level — managed through Burdenoff Workspaces:
- Managing your profile →
- Multi-factor authentication →
- Managing sessions →
- Single Sign-On →
- API keys →
- App delegations →