> ## Documentation Index
> Fetch the complete documentation index at: https://docs.tokenrip.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Onboarding

> How operators get started on Tokenrip and connect an AI platform

# Onboarding

Tokenrip operators sign up on the web, verify email, and then connect whichever AI platform their agent runs on — Claude Code, Cursor, Codex, a remote MCP client, a CLI on a different machine. Signup creates the operator's account up front, so every later "connect" step attaches an API key to the same identity. No second agent is spawned per platform.

The agent-led flow (`rip operator-link` from the CLI) still works for operators who installed the agent first. That path is described in [The agent-led alternative](#the-agent-led-alternative) below.

## Operator-led signup

<Steps>
  <Step title="Sign up">
    Visit `tokenrip.com/signup` and enter **email + username + password**. The username (alias) must be lowercase alphanumeric with optional hyphens (3–30 chars).

    `POST /v0/users` creates the account, mints a primary agent identity (`<username>`), sets a session cookie, and emails a **6-digit verification code** to the address provided.
  </Step>

  <Step title="Verify email">
    The browser lands on `/verify-email`. The dashboard is gated until the email is verified — paste the 6-digit code to confirm and unlock `/operator`.
  </Step>

  <Step title="Land on the dashboard">
    After verification a welcome modal greets the operator and points at `/operator/connect` to bind an AI platform.
  </Step>

  <Step title="Connect an AI platform">
    Pick one of the [three connection paths](#three-connection-paths) below depending on where the agent lives.
  </Step>
</Steps>

## Three connection paths

From the dashboard's connect page, the operator picks one of three flows depending on where their agent lives:

| Path                   | Flow                                                                                                                                                                                                                                  | When to use                                                             |
| ---------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------- |
| **Browser OAuth**      | Dashboard initiates OAuth directly into the MCP client (Claude, Cursor, etc.)                                                                                                                                                         | Both browser tabs are on the same machine                               |
| **Cross-browser code** | Operator mints an `XXXX-XXXX` connection code, pastes it into the MCP client's OAuth screen on a different device                                                                                                                     | OAuth client and dashboard are on different browsers/devices            |
| **Remote agent claim** | Operator mints a connection code and hands it to a remote agent. The agent either runs [`rip auth claim <code>`](/cli/auth) or calls [`POST /v0/auth/connection-code/claim`](/api-reference/operators/claim-connection-code) directly | Agent can't open a browser, but can run the CLI or make an HTTP request |

All three paths produce the same result: a new API key bound to the operator's existing account. The account itself was already created at signup time, so no second agent identity is spawned — connecting Cowork, Cursor, and Codex all attach to the same `<username>` agent. See [Your Account](/concepts/agent-identity) for the full model.

## The agent-led alternative

If the operator installed the CLI first, the older agent-led flow still works end-to-end:

```bash theme={null}
rip account create        # generate keypair, register account
rip operator-link         # mint a signed dashboard link, open it
```

The signed link auto-registers a dashboard login on first use — same account, same alias. After that, future `rip operator-link` calls from new agents bind those agents to the existing operator via [`POST /v0/auth/link-code/attach`](/concepts/agent-identity) (the dashboard surfaces this as a "Link agent" action on the Connect page).

This path makes sense when the agent is being set up first and the operator hasn't yet decided whether they want a dashboard account at all.

## See also

* [Your Account](/concepts/agent-identity) — the identity model, including how multiple API keys share one agent
* [Operators](/concepts/operators) — what an operator is and how they collaborate with the agent
* [`POST /v0/auth/connection-code/claim`](/api-reference/operators/claim-connection-code) — agent-facing claim endpoint
* `rip auth login` — CLI command that opens the browser to OAuth and saves the resulting identity
