CLI

The Well CLI (well) connects your shell to Well over MCP. well login runs a browser OAuth flow and connects as Well CLI — no API key, nothing to paste. The onboarding chat picks the connection up automatically.

Install

brew install wellapp-ai/tap/well

Log in

well login

This opens your browser to authorize Well CLI against your Well account. Pick the workspaces to grant on the consent screen, then return to your terminal — the session is stored in ~/.well/config.json (readable only by you).

well status   # show the current login and authorized workspaces
well logout   # clear the local session

Commands

Targeting another environment

By default well talks to production (https://api.wellapp.ai). Point it elsewhere with a flag or an environment variable:

well login --server https://api.test.wellapp.ai
# or
WELL_API_URL=https://api.test.wellapp.ai well status

The well-staging binary ships with the test API as its default, so it needs no flag.

How it works

well login is a standard OAuth 2.0 authorization-code flow with PKCE:

1. Discovery — reads the server's OAuth metadata (/.well-known/oauth-authorization-server).
2. Registration — registers as a public client (Dynamic Client Registration) with a loopback redirect.
3. Authorization — opens the consent screen with a PKCE S256 challenge; a local listener captures the result.
4. Token — exchanges the authorization code (plus the PKCE verifier) for access and refresh tokens.
5. Connect — performs the MCP initialize handshake as Well CLI, which registers the connection with Well.