Help Center / Connect Apps and Channels

How-to

Set Up the Operator CLI for Your Team

Set up the CLI, add a team token, and check workspace access.

6 min read
On This PageBefore You Start
  1. Before You Start
  2. Install the CLI
  3. Create and Store the Team Token
  4. Connect the CLI to the Workspace
  5. Verify Access Safely
  6. Roll It Out to Teammates
  7. Troubleshooting

Before You Start

Use the Operator CLI when a trusted teammate or automation runner needs command-line access to the same Agentic Workers organization that owns your Super Agent, team agents, integrations, schedules, and traces. A trace is the step-by-step run log for an agent request.

You need owner or admin-approved access to the Team workspace, permission to generate an organization token, and a workstation or runner where you can keep secrets out of source control.

Decide who owns the token before setup. Treat it like a password because it can operate inside your organization. Do not paste it into public chats, screenshots, pull requests, or shared documents.

Install the CLI

Install the Operator CLI on the machine that will run team operations. Use your team's approved package source or the install command shown in the Agentic Workers Operator CLI page.

After installation, run the CLI help command to confirm the binary is on your PATH. If a shell cannot find the command, reopen the terminal or add the install directory to PATH before continuing.

For shared automation, install the CLI under the service account that will run the job. A personal laptop setup is useful for testing, but production jobs should run from a controlled runner with clear ownership.

Create and Store the Team Token

Open the Team workspace in Agentic Workers, go to the Operator CLI or organization token area, and generate a new token for the team workflow. Copy it immediately because the full token is only safe to show once.

Store the token in your password manager, CI secret store, or local secret manager. Use a name that explains the owner and purpose, such as agw-operator-support-reporting or agw-operator-release-runner.

Do not commit the token to a repository. If it appears in a log, screenshot, or shell history that other people can access, revoke it and create a new token before using the CLI again.

Connect the CLI to the Workspace

Configure the CLI with the Agentic Workers API origin and the organization token. For production, use the Agentic Workers production origin unless your team is intentionally testing against a dev or staging environment.

If the CLI asks for a profile name, choose a clear team name instead of a personal nickname. This helps teammates understand which workspace a command will affect before they run it.

Keep separate profiles for production and test workspaces. Never reuse a production token for local experiments that create sample agents, schedules, or tool connections.

Verify Access Safely

Start with a read-only command such as listing agents, listing available tools, or checking the current organization. Confirm the output belongs to the expected Team workspace before running any write command.

Next, test one reversible action in a low-risk area. For example, create a temporary test agent, add a short test memory, or create a disabled draft schedule, then remove it after verification.

Open Agentic Workers after the test and inspect the related agent, schedule, or trace. The visible workspace should match the CLI profile and the action should be easy for another teammate to audit.

Roll It Out to Teammates

Share the setup steps, not the raw token. Each teammate who needs command-line access should use an approved token path and understand which actions require human approval.

For production workflows, document the owner, runner, token storage location, expected commands, and rollback steps. Keep sensitive values out of the document and link to your internal secret manager instead.

Review CLI access when teammates change roles, when a runner is replaced, or when a workflow starts touching customer data, external messages, billing, or connected provider accounts.

Troubleshooting

If the CLI returns unauthorized, confirm the token was copied completely, the configured API origin is correct, and the token has not been revoked. Generate a fresh token if there is any doubt.

If commands show the wrong organization, switch profiles or regenerate the token from the intended Team workspace. Do not continue until read-only commands point to the right workspace.

If a command cannot use a connected app, reconnect that integration inside the Team workspace and verify the agent has the required tool enabled before retrying from the CLI.

If a teammate is blocked, ask them to capture the command name, profile name, error text, and timestamp. Do not ask them to send the token itself.

Was this helpful?

Your feedback helps us rank and improve Help Center articles.