https://github.com/bitcomplete/pin-cli

Command-line client for pin (HTML sharing service)
https://github.com/bitcomplete/pin-cli

Last synced: 18 days ago
JSON representation

Command-line client for pin (HTML sharing service)

• Host: GitHub
• URL: https://github.com/bitcomplete/pin-cli
• Owner: bitcomplete
• License: mit
• Created: 2026-05-24T02:29:11.000Z (27 days ago)
• Default Branch: main
• Last Pushed: 2026-05-24T09:45:56.000Z (27 days ago)
• Last Synced: 2026-05-24T11:27:29.784Z (27 days ago)
• Language: Go
• Size: 10.7 KB
• Stars: 0
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# pin-cli

Command-line client for pin — a tiny tool for sharing HTML files behind Google SSO.

## Install

```sh

brew install bitcomplete/tap/pin

```

Or `go install github.com/bitcomplete/pin-cli@latest` if you'd rather build from source.

## Use

```sh

pin login                       # one-time, opens browser → Google SSO

pin share /tmp/report.html      # → https://pin.bitcomplete.dev/p/01HX...

```

Subcommands:

| Command | What |

|---|---|

| `pin login [--device]` | Sign in. `--device` for SSH / headless boxes. |

| `pin share ` | Upload an HTML or MDX file. Prints the share URL. |

| `pin get ` | Fetch a share's MDX source to stdout. `--html` for the rendered form. |

| `pin components` | List the MDX components available in pin, grouped by category. |

| `pin components get ` | Show one component's props + example. |

| `pin components dump` | Print every component's full detail. |

| `pin whoami` | Show the currently-logged-in email. |

| `pin logout` | Revoke the refresh token + clear local creds. |

| `pin version` | Print the CLI version. |

Environment variables:

| Var | Default | What |

|---|---|---|

| `PIN_HOST` | `https://pin.bitcomplete.dev` | Override the pin instance. |

| `PIN_AGENT` | `pin-cli@` | Label sent with auth + upload requests for audit. |

Credentials are stored in your OS keychain (macOS Keychain / Windows Credential Manager / libsecret on Linux) with a 0600 file fallback at `~/.config/pin/credentials.json` for headless boxes.

## How auth works

`pin login` does an OAuth 2.1 PKCE loopback flow against the pin server (which in turn handles Google SSO for the human). `pin login --device` falls back to the RFC 8628 device-code flow when no local browser is available.

Refresh tokens are rotated on every use; reuse triggers family revocation. If a CI script's stored token gets exfiltrated and used elsewhere, the next legitimate refresh detects it and locks everyone out — `pin login` again to recover.

## License

MIT