diff --git a/pkg/auth/client.go b/pkg/auth/client.go
index c3064c6..58bf2c4 100644
--- a/pkg/auth/client.go
+++ b/pkg/auth/client.go
@@ -12,7 +12,17 @@ import (
 
 // GetAuthenticatedClient returns a Kernel client with appropriate authentication
 func GetAuthenticatedClient(opts ...option.RequestOption) (*kernel.Client, error) {
-	// Try to use stored OAuth tokens first
+	// Try to use API key first if available
+	apiKey := os.Getenv("KERNEL_API_KEY")
+	if apiKey != "" {
+		pterm.Debug.Println("Using API key authentication")
+
+		authOpts := append(opts, option.WithHeader("Authorization", "Bearer "+apiKey))
+		client := kernel.NewClient(authOpts...)
+		return &client, nil
+	}
+
+	// Fallback to OAuth tokens if no API key is available
 	tokens, err := LoadTokens()
 	if err == nil {
 		// Check if access token is expired and refresh if needed
@@ -41,15 +51,6 @@ func GetAuthenticatedClient(opts ...option.RequestOption) (*kernel.Client, error
 		return &client, nil
 	}
 
-	// Fallback to API key if no OAuth tokens are available
-	apiKey := os.Getenv("KERNEL_API_KEY")
-	if apiKey == "" {
-		return nil, fmt.Errorf("no authentication available. Please run 'kernel login' or set KERNEL_API_KEY environment variable")
-	}
-
-	pterm.Debug.Println("Using API key authentication (fallback)")
-
-	authOpts := append(opts, option.WithHeader("Authorization", "Bearer "+apiKey))
-	client := kernel.NewClient(authOpts...)
-	return &client, nil
+	// No authentication available
+	return nil, fmt.Errorf("no authentication available. Please run 'kernel login' or set KERNEL_API_KEY environment variable")
 }
diff --git a/pkg/auth/oauth.go b/pkg/auth/oauth.go
index de97eaa..dcb730e 100644
--- a/pkg/auth/oauth.go
+++ b/pkg/auth/oauth.go
@@ -25,11 +25,22 @@ var successHTML string
 
 const (
 	// MCP Server OAuth endpoints (which proxy to Clerk)
+	// Production
 	AuthURL  = "https://auth.onkernel.com/authorize"
 	TokenURL = "https://auth.onkernel.com/token"
+	
+	// Staging
+	// AuthURL  = "https://auth.dev.onkernel.com/authorize"
+	// TokenURL = "https://auth.dev.onkernel.com/token"
+	
+	// Local
+	// AuthURL  = "http://localhost:3002/authorize"
+	// TokenURL = "http://localhost:3002/token"
 
 	// OAuth client configuration
 	ClientID    = "hmFrJn9hKDV2N02M" // Prod Kernel CLI OAuth Client ID
+	// ClientID    = "gkUVbm11p6EqKd7r" // Staging Kernel CLI OAuth Client ID
+	// ClientID    = "J7i8BKwyFBoyPQN3" // Local Kernel CLI OAuth Client ID
 	RedirectURI = "http://localhost"
 
 	// OAuth scopes - openid for the MCP server flow