Authentication

proto supports multiple authentication methods. The recommended approach for most users is API key authentication via modelProviders.

Methods

API key (recommended)

Connect to OpenAI, Anthropic, Gemini, or any OpenAI-compatible endpoint.

Configure ~/.proto/settings.json:

{
  "modelProviders": {
    "openai": [{ "id": "gpt-4o", "envKey": "OPENAI_API_KEY" }]
  },
  "security": { "auth": { "selectedType": "openai" } },
  "model": { "name": "gpt-4o" }
}

Set the key:

export OPENAI_API_KEY="sk-..."

See Reference → Model Providers for the full schema.

Set API keys

Keys are resolved in this order (first match wins):

Priority	Source
1 (highest)	CLI flag (--openai-api-key, etc.)
2	Shell environment (export KEY=...)
3	.proto/.env or .env (project, then home)
4 (lowest)	settings.json → env field

Shell profile (recommended):

export OPENAI_API_KEY="sk-..."
export ANTHROPIC_API_KEY="sk-ant-..."
export GEMINI_API_KEY="AIza..."

.proto/.env file:

OPENAI_API_KEY=sk-...

Add .proto/.env to .gitignore.

Auth CLI commands

proto auth              # interactive setup
proto auth status       # show current configuration

In-session commands

/auth                   # change auth interactively
/model                  # switch models

Environment variable lookup

The envKey field in modelProviders specifies the name of the environment variable that holds the API key. proto reads process.env[envKey] at request time — keys are never persisted in settings.

Security notes

• Never commit API keys to version control.
• Prefer shell export or .proto/.env over the env field in settings.json.
• Use .proto/.env (not .env) to avoid conflicts with other tools. Add it to .gitignore.