From b398eb0c0def8b173ff497ceab6abff6b9cd8774 Mon Sep 17 00:00:00 2001
From: Angelo Ashmore <angeloashmore@users.noreply.github.com>
Date: Tue, 2 Jun 2026 12:29:07 -1000
Subject: [PATCH 1/4] feat: support PRISMIC_TOKEN env var to override stored
 token

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 src/auth.ts | 2 ++
 src/env.ts  | 1 +
 2 files changed, 3 insertions(+)

diff --git a/src/auth.ts b/src/auth.ts
index b637796..238cd38 100644
--- a/src/auth.ts
+++ b/src/auth.ts
@@ -23,6 +23,7 @@ const CredentialsSchema = z.looseObject({
 type Credentials = z.infer<typeof CredentialsSchema>;
 
 export async function getToken(): Promise<string | undefined> {
+	if (env.PRISMIC_TOKEN) return env.PRISMIC_TOKEN;
 	const credentials = await readCredentials();
 	return credentials?.token;
 }
@@ -34,6 +35,7 @@ export async function getHost(): Promise<string> {
 }
 
 export async function refreshToken(): Promise<string | undefined> {
+	if (env.PRISMIC_TOKEN) return env.PRISMIC_TOKEN;
 	const token = await getToken();
 	if (!token) return;
 	const host = await getHost();
diff --git a/src/env.ts b/src/env.ts
index e239fd5..bd26798 100644
--- a/src/env.ts
+++ b/src/env.ts
@@ -15,6 +15,7 @@ const Env = z.object({
 	PRISMIC_SENTRY_ENVIRONMENT: z.optional(z.string()),
 	PRISMIC_SENTRY_ENABLED: z.optional(z.stringbool()),
 	PRISMIC_HOST: z.optional(z.string()),
+	PRISMIC_TOKEN: z.optional(z.string()),
 	PRISMIC_DOCS_HOST: z.optional(z.string()),
 	PRISMIC_CONFIG_DIR: z.optional(z.string()),
 	PRISMIC_TYPE_BUILDER_ENABLED: z.optional(z.stringbool()),

From c3e2a17eccd7c4fba5bc42fcb5b396961a53e46d Mon Sep 17 00:00:00 2001
From: Angelo Ashmore <angeloashmore@users.noreply.github.com>
Date: Tue, 2 Jun 2026 12:32:22 -1000
Subject: [PATCH 2/4] refactor: return early from refreshToken when
 PRISMIC_TOKEN is set

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 src/auth.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/auth.ts b/src/auth.ts
index 238cd38..36c20f1 100644
--- a/src/auth.ts
+++ b/src/auth.ts
@@ -35,7 +35,7 @@ export async function getHost(): Promise<string> {
 }
 
 export async function refreshToken(): Promise<string | undefined> {
-	if (env.PRISMIC_TOKEN) return env.PRISMIC_TOKEN;
+	if (env.PRISMIC_TOKEN) return;
 	const token = await getToken();
 	if (!token) return;
 	const host = await getHost();

From 44e40380c84f1486c435952ba5ecd14857032d20 Mon Sep 17 00:00:00 2001
From: Angelo Ashmore <angeloashmore@users.noreply.github.com>
Date: Tue, 2 Jun 2026 12:41:20 -1000
Subject: [PATCH 3/4] fix(init): fail clearly when PRISMIC_TOKEN is rejected

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 src/commands/init.ts | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/commands/init.ts b/src/commands/init.ts
index 3c0d05c..a436274 100644
--- a/src/commands/init.ts
+++ b/src/commands/init.ts
@@ -4,7 +4,7 @@ import { getAdapter } from "../adapters";
 import { createLoginSession, getHost, getToken } from "../auth";
 import { getCustomTypes, getSlices } from "../clients/custom-types";
 import { getProfile } from "../clients/user";
-import { DEFAULT_PRISMIC_HOST } from "../env";
+import { DEFAULT_PRISMIC_HOST, env } from "../env";
 import { openBrowser } from "../lib/browser";
 import { CommandError, createCommand, type CommandConfig } from "../lib/command";
 import { diffArrays } from "../lib/diff";
@@ -76,6 +76,11 @@ export default createCommand(config, async ({ values }) => {
 		profile = await getProfile({ token, host });
 	} catch (error) {
 		if (error instanceof UnauthorizedRequestError || error instanceof ForbiddenRequestError) {
+			if (env.PRISMIC_TOKEN) {
+				throw new CommandError(
+					"PRISMIC_TOKEN is invalid or expired. Unset it to log in with a browser, or replace it with a valid token.",
+				);
+			}
 			console.info("Not logged in. Starting login...");
 			const { email } = await createLoginSession({
 				onReady: (url) => {

From e8920ef13d4bedfd0dd56bdadc34aadf0890d9ba Mon Sep 17 00:00:00 2001
From: Angelo Ashmore <angeloashmore@users.noreply.github.com>
Date: Tue, 2 Jun 2026 12:51:42 -1000
Subject: [PATCH 4/4] test(whoami): cover PRISMIC_TOKEN env var auth

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 test/whoami.test.ts | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/test/whoami.test.ts b/test/whoami.test.ts
index 7fcdae7..fabebf2 100644
--- a/test/whoami.test.ts
+++ b/test/whoami.test.ts
@@ -18,3 +18,13 @@ it("fails when not logged in", async ({ expect, prismic, logout }) => {
 	const { exitCode } = await prismic("whoami");
 	expect(exitCode).not.toBe(0);
 });
+
+it("uses PRISMIC_TOKEN env var when set", async ({ expect, prismic, login, logout, token }) => {
+	const { email } = await login();
+	await logout();
+	const { stdout, exitCode } = await prismic("whoami", [], {
+		nodeOptions: { env: { PRISMIC_TOKEN: token } },
+	});
+	expect(exitCode).toBe(0);
+	expect(stdout).toContain(email);
+});