Hello!
Many of you have been reporting frequent CLI logouts, and we’ve experienced them too. We apologize for the inconvenience. The issue was tricky to understand and fix, so despite several attempts, we were unsuccessful initially.
We’ve finally found the cause. To put it simply: the CLI manages an access token and secret token pair. The access token is short-lived for security reasons, while the secret token is used to refresh the pair. Token refresh can happen at any time during the CLI workflow. We needed to develop this in a way that prevented race conditions during concurrent refresh operations. However, we missed a small but crucial detail: if we triggered a refresh operation and the CLI exited before it completed, we’d end up with an invalid local refresh token. We believe this is what happened to most of you.
To solve this, we moved the refresh operation to a hidden CLI command that spawns in a detached process, ensuring its lifecycle isn’t bound to the parent process. Note that this is a CLI-specific issue—in apps (e.g., iOS), the chances of termination during such operations are extremely low. While we could have extended the token lifetime, we prioritized security.
Please pull Tuist 4.55.7 and let us know if the logouts stop or if you encounter any issues. The implementation is tricky to debug due to the two-process architecture, so we may have missed something.