@getjack/jack 0.1.30 → 0.1.32

package/src/commands/tokens.ts

@@ -0,0 +1,119 @@
+/**
+ * jack tokens - Manage API tokens for headless authentication
+ *
+ * Tokens are account-level (not project-scoped).
+ * Set JACK_API_TOKEN in your environment for CI/CD and automated pipelines.
+ */
+
+import { error, info, success } from "../lib/output.ts";
+import {
+	type TokenInfo,
+	createApiToken,
+	listApiTokens,
+	revokeApiToken,
+} from "../lib/services/token-operations.ts";
+import { Events, track } from "../lib/telemetry.ts";
+
+export default async function tokens(
+	subcommand?: string,
+	args: string[] = [],
+	flags: Record<string, unknown> = {},
+): Promise<void> {
+	if (!subcommand) {
+		return showHelp();
+	}
+
+	if (subcommand === "help" || subcommand === "--help" || subcommand === "-h") {
+		return showHelp();
+	}
+
+	switch (subcommand) {
+		case "create":
+		case "new":
+			return await createToken(args, flags);
+		case "list":
+		case "ls":
+			return await listTokens();
+		case "revoke":
+		case "rm":
+		case "delete":
+			return await revokeToken(args);
+		default:
+			error(`Unknown subcommand: ${subcommand}`);
+			info("Available: create, list, revoke");
+			process.exit(1);
+	}
+}
+
+function showHelp(): void {
+	console.error("");
+	info("jack tokens - Manage API tokens for headless authentication");
+	console.error("");
+	console.error("Commands:");
+	console.error("  create [name]             Create a new API token");
+	console.error("  list                      List active tokens");
+	console.error("  revoke <id>               Revoke a token");
+	console.error("");
+	console.error("Usage:");
+	console.error("  Set JACK_API_TOKEN in your environment for headless auth.");
+	console.error("  Tokens work in CI/CD, Docker, and automated pipelines.");
+	console.error("");
+}
+
+async function createToken(args: string[], flags: Record<string, unknown> = {}): Promise<void> {
+	// Accept name from --name flag or first positional arg
+	let name = "CLI Token";
+	if (flags.name && typeof flags.name === "string") {
+		name = flags.name;
+	} else if (args[0] && !args[0].startsWith("-")) {
+		name = args[0];
+	}
+
+	const data = await createApiToken(name);
+
+	track(Events.TOKEN_CREATED);
+
+	success("Token created");
+	console.error("");
+	console.error(`  ${data.token}`);
+	console.error("");
+	console.error("  Save this token -- it will not be shown again.");
+	console.error("");
+	console.error("  Usage:");
+	console.error("    export JACK_API_TOKEN=<token>");
+	console.error("    jack ship");
+	console.error("");
+}
+
+async function listTokens(): Promise<void> {
+	const tokenList = await listApiTokens();
+
+	if (tokenList.length === 0) {
+		info("No active tokens");
+		return;
+	}
+
+	console.error("");
+	for (const t of tokenList) {
+		const lastUsed = t.last_used_at ? `last used ${t.last_used_at}` : "never used";
+		console.error(`  ${t.id}  ${t.name}  (${lastUsed})`);
+	}
+	console.error("");
+}
+
+async function revokeToken(args: string[]): Promise<void> {
+	const tokenId = args[0];
+
+	if (!tokenId) {
+		error("Missing token ID");
+		info("Usage: jack tokens revoke <token-id>");
+		info("Run 'jack tokens list' to see token IDs");
+		process.exit(1);
+	}
+
+	await revokeApiToken(tokenId);
+
+	track(Events.TOKEN_REVOKED);
+
+	success(`Token revoked: ${tokenId}`);
+}

package/src/commands/whoami.ts

@@ -19,13 +19,17 @@ export default async function whoami(): Promise<void> {
 		item(`Name: ${creds.user.first_name}${creds.user.last_name ? ` ${creds.user.last_name}` : ""}`);
 	}
 
-	const expiresIn = creds.expires_at - Math.floor(Date.now() / 1000);
-	if (expiresIn > 0) {
-		const hours = Math.floor(expiresIn / 3600);
-		const minutes = Math.floor((expiresIn % 3600) / 60);
-		item(`Token expires: ${hours}h ${minutes}m`);
+	if (process.env.JACK_API_TOKEN) {
+		item("Auth: API token");
 	} else {
-		item("Token: expired (will refresh on next request)");
+		const expiresIn = creds.expires_at - Math.floor(Date.now() / 1000);
+		if (expiresIn > 0) {
+			const hours = Math.floor(expiresIn / 3600);
+			const minutes = Math.floor((expiresIn % 3600) / 60);
+			item(`Token expires: ${hours}h ${minutes}m`);
+		} else {
+			item("Token: expired (will refresh on next request)");
+		}
 	}
 	console.error("");
 }

package/src/index.ts

@@ -35,6 +35,7 @@ const cli = meow(
     login               Sign in
     logout              Sign out
     whoami              Show current user
+    tokens              Manage API tokens
     update              Update jack to latest version
 
   Project Management
@@ -181,6 +182,9 @@ const cli = meow(
 			sort: {
 				type: "string",
 			},
+			name: {
+				type: "string",
+			},
 		},
 	},
 );
@@ -208,6 +212,7 @@ const [command, ...args] = cli.input;
 			os: process.platform,
 			arch: process.arch,
 			node_version: process.version,
+			auth_method: process.env.JACK_API_TOKEN ? "token" : "oauth",
 		});
 
 		// Update lastIdentifyDate
@@ -220,6 +225,7 @@ const [command, ...args] = cli.input;
 			os: process.platform,
 			arch: process.arch,
 			node_version: process.version,
+			auth_method: process.env.JACK_API_TOKEN ? "token" : "oauth",
 		});
 	}
 })();
@@ -285,6 +291,7 @@ try {
 				managed: cli.flags.managed,
 				byo: cli.flags.byo,
 				dryRun: cli.flags.dryRun,
+				json: cli.flags.json,
 			});
 			break;
 		}
@@ -389,6 +396,7 @@ try {
 
 			await withTelemetry("services", services, { subcommand })(args[0], serviceArgs, {
 				project: cli.flags.project,
+				json: cli.flags.json,
 			});
 			break;
 		}
@@ -399,6 +407,15 @@ try {
 			});
 			break;
 		}
+		case "tokens": {
+			const { default: tokens } = await import("./commands/tokens.ts");
+			await withTelemetry("tokens", tokens, { subcommand: args[0] })(
+				args[0],
+				args.slice(1),
+				cli.flags,
+			);
+			break;
+		}
 		case "domain": {
 			const { default: domain } = await import("./commands/domain.ts");
 			await withTelemetry("domain", domain, { subcommand: args[0] })(args[0], args.slice(1));

package/src/lib/auth/client.ts

@@ -73,6 +73,16 @@ export async function refreshToken(refreshTokenValue: string): Promise<TokenResp
 }
 
 export async function getValidAccessToken(): Promise<string | null> {
+	// Priority 1: API token from environment
+	const apiToken = process.env.JACK_API_TOKEN;
+	if (apiToken) {
+		if (!apiToken.startsWith("jkt_")) {
+			console.error("Warning: JACK_API_TOKEN should start with 'jkt_'");
+		}
+		return apiToken;
+	}
+
+	// Priority 2: Stored OAuth credentials
 	const creds = await getCredentials();
 	if (!creds) {
 		return null;
@@ -102,7 +112,7 @@ export async function getValidAccessToken(): Promise<string | null> {
 export async function authFetch(url: string, options: RequestInit = {}): Promise<Response> {
 	const token = await getValidAccessToken();
 	if (!token) {
-		throw new Error("Not authenticated. Run 'jack login' first.");
+		throw new Error("Not authenticated. Run 'jack login' or set JACK_API_TOKEN.");
 	}
 
 	return fetch(url, {

package/src/lib/auth/guard.ts

@@ -13,7 +13,7 @@ export async function requireAuth(): Promise<string> {
 		throw new JackError(
 			JackErrorCode.AUTH_FAILED,
 			"Not logged in",
-			"Run 'jack login' to sign in to jack cloud",
+			"Run 'jack login' to sign in, or set JACK_API_TOKEN for headless use",
 		);
 	}
 

package/src/lib/auth/login-flow.ts

@@ -3,6 +3,7 @@
  */
 import { text } from "@clack/prompts";
 import {
+	applyReferralCode,
 	checkUsernameAvailable,
 	getCurrentUserProfile,
 	registerUser,
@@ -114,6 +115,11 @@ export async function runLoginFlow(options?: LoginFlowOptions): Promise<LoginFlo
 					isNewUser = await promptForUsername(tokens.user.email, tokens.user.first_name);
 				}
 
+				// Prompt for referral code for new users only (one-time, no retry)
+				if (isNewUser && process.stdout.isTTY) {
+					await promptForReferral();
+				}
+
 				console.error("");
 				const displayName = tokens.user.first_name || "you";
 				if (isNewUser) {
@@ -294,3 +300,31 @@ function normalizeToUsername(input: string): string {
 		.replace(/^-+|-+$/g, "")
 		.slice(0, 39);
 }
+
+/**
+ * Prompt new users for a referral code (one-time, no retry on failure).
+ */
+async function promptForReferral(): Promise<void> {
+	console.error("");
+	const referralInput = await text({
+		message: "Were you referred by someone? Enter their username (or press Enter to skip):",
+	});
+
+	if (isCancel(referralInput)) {
+		return;
+	}
+
+	const code = referralInput.trim();
+	if (!code) {
+		return;
+	}
+
+	try {
+		const result = await applyReferralCode(code);
+		if (result.applied) {
+			success("Referral applied! You'll both get a bonus when you upgrade.");
+		}
+	} catch {
+		// Silently continue - referral is not critical
+	}
+}

package/src/lib/auth/store.ts

@@ -51,6 +51,9 @@ export type AuthState = "logged-in" | "not-logged-in" | "session-expired";
  * - "session-expired": had credentials but refresh failed
  */
 export async function getAuthState(): Promise<AuthState> {
+	// API token always counts as logged in
+	if (process.env.JACK_API_TOKEN) return "logged-in";
+
 	const creds = await getCredentials();
 	if (!creds) return "not-logged-in";
 

package/src/lib/control-plane.ts

@@ -666,6 +666,35 @@ export async function setUsername(username: string): Promise<SetUsernameResponse
 	return response.json() as Promise<SetUsernameResponse>;
 }
 
+export interface ApplyReferralResult {
+	applied: boolean;
+	reason?: "invalid" | "self_referral" | "already_referred";
+}
+
+/**
+ * Apply a referral code (username) for the current user.
+ * Returns whether the code was applied successfully.
+ */
+export async function applyReferralCode(code: string): Promise<ApplyReferralResult> {
+	const { authFetch } = await import("./auth/index.ts");
+
+	const response = await authFetch(`${getControlApiUrl()}/v1/referral/apply`, {
+		method: "POST",
+		headers: { "Content-Type": "application/json" },
+		body: JSON.stringify({ code }),
+	});
+
+	if (response.status === 429) {
+		return { applied: false, reason: "invalid" };
+	}
+
+	if (!response.ok) {
+		return { applied: false, reason: "invalid" };
+	}
+
+	return response.json() as Promise<ApplyReferralResult>;
+}
+
 /**
  * Get the current user's profile including username.
  */
@@ -777,6 +806,36 @@ export interface LogSessionInfo {
 	expires_at: string;
 }
 
+// ============================================================================
+// Cron Schedule Types
+// ============================================================================
+
+export interface CronScheduleInfo {
+	id: string;
+	expression: string;
+	description: string;
+	enabled: boolean;
+	next_run_at: string;
+	last_run_at: string | null;
+	last_run_status: string | null;
+	last_run_duration_ms: number | null;
+	consecutive_failures: number;
+	created_at: string;
+}
+
+export interface CreateCronScheduleResponse {
+	id: string;
+	expression: string;
+	description: string;
+	next_run_at: string;
+}
+
+export interface TriggerCronScheduleResponse {
+	triggered: boolean;
+	status: string;
+	duration_ms: number;
+}
+
 export interface StartLogSessionResponse {
 	success: boolean;
 	session: LogSessionInfo;
@@ -807,3 +866,100 @@ export async function startLogSession(
 
 	return response.json() as Promise<StartLogSessionResponse>;
 }
+
+// ============================================================================
+// Cron Schedule Operations
+// ============================================================================
+
+/**
+ * Create a cron schedule for a managed project.
+ */
+export async function createCronSchedule(
+	projectId: string,
+	expression: string,
+): Promise<CreateCronScheduleResponse> {
+	const { authFetch } = await import("./auth/index.ts");
+
+	const response = await authFetch(`${getControlApiUrl()}/v1/projects/${projectId}/crons`, {
+		method: "POST",
+		headers: { "Content-Type": "application/json" },
+		body: JSON.stringify({ expression }),
+	});
+
+	if (!response.ok) {
+		const err = (await response.json().catch(() => ({ message: "Unknown error" }))) as {
+			message?: string;
+		};
+		throw new Error(err.message || `Failed to create cron schedule: ${response.status}`);
+	}
+
+	return response.json() as Promise<CreateCronScheduleResponse>;
+}
+
+/**
+ * List all cron schedules for a managed project.
+ */
+export async function listCronSchedules(projectId: string): Promise<CronScheduleInfo[]> {
+	const { authFetch } = await import("./auth/index.ts");
+
+	const response = await authFetch(`${getControlApiUrl()}/v1/projects/${projectId}/crons`);
+
+	if (!response.ok) {
+		const err = (await response.json().catch(() => ({ message: "Unknown error" }))) as {
+			message?: string;
+		};
+		throw new Error(err.message || `Failed to list cron schedules: ${response.status}`);
+	}
+
+	const data = (await response.json()) as { schedules: CronScheduleInfo[] };
+	return data.schedules;
+}
+
+/**
+ * Delete a cron schedule from a managed project.
+ */
+export async function deleteCronSchedule(projectId: string, cronId: string): Promise<void> {
+	const { authFetch } = await import("./auth/index.ts");
+
+	const response = await authFetch(
+		`${getControlApiUrl()}/v1/projects/${projectId}/crons/${cronId}`,
+		{ method: "DELETE" },
+	);
+
+	if (response.status === 404) {
+		// Already deleted, treat as success
+		return;
+	}
+
+	if (!response.ok) {
+		const err = (await response.json().catch(() => ({ message: "Unknown error" }))) as {
+			message?: string;
+		};
+		throw new Error(err.message || `Failed to delete cron schedule: ${response.status}`);
+	}
+}
+
+/**
+ * Manually trigger a cron schedule on a managed project.
+ */
+export async function triggerCronSchedule(
+	projectId: string,
+	expression: string,
+): Promise<TriggerCronScheduleResponse> {
+	const { authFetch } = await import("./auth/index.ts");
+
+	const response = await authFetch(`${getControlApiUrl()}/v1/projects/${projectId}/crons/trigger`, {
+		method: "POST",
+		headers: { "Content-Type": "application/json" },
+		body: JSON.stringify({ expression }),
+	});
+
+	if (!response.ok) {
+		const err = (await response.json().catch(() => ({ message: "Unknown error" }))) as {
+			message?: string;
+		};
+		throw new Error(err.message || `Failed to trigger cron schedule: ${response.status}`);
+	}
+
+	return response.json() as Promise<TriggerCronScheduleResponse>;
+}

package/src/lib/mcp-config.ts

@@ -9,6 +9,7 @@ import { CONFIG_DIR } from "./config.ts";
  * MCP server configuration structure
  */
 export interface McpServerConfig {
+	type: "stdio";
 	command: string;
 	args: string[];
 	env?: Record<string, string>;
@@ -48,19 +49,40 @@ export const APP_MCP_CONFIGS: Record<string, AppMcpConfig> = {
 const JACK_MCP_CONFIG_DIR = join(CONFIG_DIR, "mcp");
 const JACK_MCP_CONFIG_PATH = join(JACK_MCP_CONFIG_DIR, "config.json");
 
+/**
+ * Find the jack binary path
+ * Checks common install locations
+ */
+function findJackBinary(): string {
+	const bunBin = join(homedir(), ".bun", "bin", "jack");
+	const npmBin = join(homedir(), ".npm-global", "bin", "jack");
+	const homebrewBin = "/opt/homebrew/bin/jack";
+	const usrLocalBin = "/usr/local/bin/jack";
+
+	// Check in order of priority
+	for (const path of [bunBin, npmBin, homebrewBin, usrLocalBin]) {
+		if (existsSync(path)) {
+			return path;
+		}
+	}
+
+	// Fallback to just "jack" and hope PATH works
+	return "jack";
+}
+
 /**
  * Returns the jack MCP server configuration
- * Includes PATH with common install locations so Claude Desktop can find jack
+ * Uses full path to jack binary for reliability
  */
 export function getJackMcpConfig(): McpServerConfig {
-	// Build PATH with common locations where jack might be installed
-	// ~/.bun/bin is where `bun link` installs global commands
+	// Build PATH with common locations (still needed for child processes)
 	const bunBin = join(homedir(), ".bun", "bin");
 	const npmBin = join(homedir(), ".npm-global", "bin");
 	const defaultPaths = [bunBin, npmBin, "/opt/homebrew/bin", "/usr/local/bin", "/usr/bin", "/bin"];
 
 	return {
-		command: "jack",
+		type: "stdio",
+		command: findJackBinary(),
 		args: ["mcp", "serve"],
 		env: {
 			PATH: defaultPaths.join(":"),

package/src/lib/output.ts

@@ -179,7 +179,8 @@ export function box(title: string, lines: string[]): void {
 	const gradient = "░".repeat(innerWidth);
 
 	// Truncate text if too long for box
-	const truncate = (text: string) => (text.length > maxLen ? text.slice(0, maxLen - 1) + "…" : text);
+	const truncate = (text: string) =>
+		text.length > maxLen ? text.slice(0, maxLen - 1) + "…" : text;
 
 	// Pad plain text first, then apply colors (ANSI codes break padEnd calculation)
 	const pad = (text: string) => `  ${truncate(text).padEnd(maxLen)}  `;
@@ -226,7 +227,8 @@ export function celebrate(title: string, lines: string[]): void {
 	const space = " ".repeat(innerWidth);
 
 	// Truncate text if too long for box
-	const truncate = (text: string) => (text.length > maxLen ? text.slice(0, maxLen - 1) + "…" : text);
+	const truncate = (text: string) =>
+		text.length > maxLen ? text.slice(0, maxLen - 1) + "…" : text;
 
 	// Center text based on visual length, then apply colors
 	const center = (text: string, applyBold = false) => {

package/src/lib/picker.ts

@@ -86,7 +86,9 @@ export function requireTTY(): void {
  * Interactive project picker using @clack/core primitives
  * @param options.cloudOnly - If true, only shows cloud-only projects (for linking)
  */
-export async function pickProject(options?: PickProjectOptions): Promise<PickerResult | PickerCancelResult> {
+export async function pickProject(
+	options?: PickProjectOptions,
+): Promise<PickerResult | PickerCancelResult> {
 	// Fetch all projects
 	let allProjects: ProjectListItem[];
 	try {

package/src/lib/project-operations.ts

@@ -47,7 +47,7 @@ import { debug, isDebug, printTimingSummary, timerEnd, timerStart } from "./debu
 import { ensureWranglerInstalled, validateModeAvailability } from "./deploy-mode.ts";
 import { detectSecrets, generateEnvFile, generateSecretsJson } from "./env-parser.ts";
 import { JackError, JackErrorCode } from "./errors.ts";
-import { type HookOutput, runHook } from "./hooks.ts";
+import { type HookOutput, promptSelect, runHook } from "./hooks.ts";
 import { loadTemplateKeywords, matchTemplateByIntent } from "./intent.ts";
 import {
 	type ManagedCreateResult,
@@ -1605,13 +1605,36 @@ export async function deployProject(options: DeployOptions = {}): Promise<Deploy
 			// User is logged into Jack Cloud - create managed project
 			const orphanedProjectName = await getProjectNameFromDir(projectPath);
 
-			reporter.info(`Linking "${orphanedProjectName}" to jack cloud...`);
-
-			// Get username for URL construction
+			// Get username for confirmation prompt and URL construction
 			const { getCurrentUserProfile } = await import("./control-plane.ts");
 			const profile = await getCurrentUserProfile();
 			const ownerUsername = profile?.username ?? undefined;
 
+			// Confirm before creating new project
+			if (interactive) {
+				reporter.info("This project isn't linked to jack cloud.");
+				const choice = await promptSelect(
+					["Yes", "No"],
+					`Create new project "${orphanedProjectName}" under @${ownerUsername ?? "unknown"}?`,
+				);
+				if (choice !== 0) {
+					reporter.info("Cancelled. To link to an existing project, use: jack link <project-id>");
+					return {
+						projectName: orphanedProjectName,
+						workerUrl: null,
+						deployMode: "managed" as DeployMode,
+					};
+				}
+			} else {
+				throw new JackError(
+					JackErrorCode.PROJECT_NOT_FOUND,
+					"Project not linked to jack cloud (non-interactive mode)",
+					"Run interactively or use: jack link <project-id>",
+				);
+			}
+
+			reporter.info(`Linking "${orphanedProjectName}" to jack cloud...`);
+
 			// Create managed project on jack cloud
 			const remoteResult = await createManagedProjectRemote(orphanedProjectName, reporter, {
 				usePrebuilt: false,
@@ -1716,6 +1739,17 @@ export async function deployProject(options: DeployOptions = {}): Promise<Deploy
 			);
 		}
 
+		// Show current identity for visibility (managed mode only, not dry run)
+		if (!dryRun) {
+			const { getCurrentUserProfile } = await import("./control-plane.ts");
+			const profile = await getCurrentUserProfile();
+			if (profile?.username) {
+				reporter.info(`Deploying as @${profile.username}...`);
+			} else if (profile?.email) {
+				reporter.info(`Deploying as ${profile.email}...`);
+			}
+		}
+
 		// Dry run: build for validation then stop before actual deployment
 		// (deployToManagedProject handles its own build, so only build here for dry-run)
 		if (dryRun) {