@getjack/jack 0.1.31 → 0.1.33

package/src/commands/ship.ts

@@ -3,26 +3,53 @@ import { createReporter, output } from "../lib/output.ts";
 import { deployProject } from "../lib/project-operations.ts";
 
 export default async function ship(
-	options: { managed?: boolean; byo?: boolean; dryRun?: boolean } = {},
+	options: { managed?: boolean; byo?: boolean; dryRun?: boolean; json?: boolean; message?: string } = {},
 ): Promise<void> {
 	const isCi = process.env.CI === "true" || process.env.CI === "1";
+	const jsonOutput = options.json ?? false;
 	try {
 		const result = await deployProject({
 			projectPath: process.cwd(),
-			reporter: createReporter(),
-			interactive: !isCi,
+			reporter: jsonOutput ? undefined : createReporter(),
+			interactive: !isCi && !jsonOutput,
 			includeSecrets: !options.dryRun,
 			includeSync: !options.dryRun,
 			managed: options.managed,
 			byo: options.byo,
 			dryRun: options.dryRun,
+			message: options.message,
 		});
 
+		if (jsonOutput) {
+			console.log(
+				JSON.stringify({
+					success: true,
+					projectName: result.projectName,
+					url: result.workerUrl,
+					deployMode: result.deployMode,
+					...(options.message && { message: options.message }),
+				}),
+			);
+			return;
+		}
+
 		if (!result.workerUrl && result.deployOutput) {
 			console.error(result.deployOutput);
 		}
 	} catch (error) {
 		const details = getErrorDetails(error);
+
+		if (jsonOutput) {
+			console.log(
+				JSON.stringify({
+					success: false,
+					error: details.message,
+					suggestion: details.suggestion,
+				}),
+			);
+			process.exit(details.meta?.exitCode ?? 1);
+		}
+
 		if (!details.meta?.reported) {
 			output.error(details.message);
 		}

package/src/commands/tokens.ts

@@ -0,0 +1,134 @@
+/**
+ * jack tokens - Manage API tokens for headless authentication
+ *
+ * Tokens are account-level (not project-scoped).
+ * Set JACK_API_TOKEN in your environment for CI/CD and automated pipelines.
+ */
+
+import { error, info, success } from "../lib/output.ts";
+import {
+	type TokenInfo,
+	createApiToken,
+	listApiTokens,
+	revokeApiToken,
+} from "../lib/services/token-operations.ts";
+import { Events, track } from "../lib/telemetry.ts";
+
+export default async function tokens(
+	subcommand?: string,
+	args: string[] = [],
+	flags: Record<string, unknown> = {},
+): Promise<void> {
+	if (!subcommand) {
+		return showHelp();
+	}
+
+	if (subcommand === "help" || subcommand === "--help" || subcommand === "-h") {
+		return showHelp();
+	}
+
+	switch (subcommand) {
+		case "create":
+		case "new":
+			return await createToken(args, flags);
+		case "list":
+		case "ls":
+			return await listTokens();
+		case "revoke":
+		case "rm":
+		case "delete":
+			return await revokeToken(args);
+		default:
+			error(`Unknown subcommand: ${subcommand}`);
+			info("Available: create, list, revoke");
+			process.exit(1);
+	}
+}
+
+function showHelp(): void {
+	console.error("");
+	info("jack tokens - Manage API tokens for headless authentication");
+	console.error("");
+	console.error("Commands:");
+	console.error("  create [name]             Create a new API token");
+	console.error("    --expires <days>        Token expires after N days");
+	console.error("  list                      List active tokens");
+	console.error("  revoke <id>               Revoke a token");
+	console.error("");
+	console.error("Usage:");
+	console.error("  Set JACK_API_TOKEN in your environment for headless auth.");
+	console.error("  Tokens work in CI/CD, Docker, and automated pipelines.");
+	console.error("");
+}
+
+async function createToken(args: string[], flags: Record<string, unknown> = {}): Promise<void> {
+	// Accept name from --name flag or first positional arg
+	let name = "CLI Token";
+	if (flags.name && typeof flags.name === "string") {
+		name = flags.name;
+	} else if (args[0] && !args[0].startsWith("-")) {
+		name = args[0];
+	}
+
+	// Parse --expires <days> flag
+	let expiresInDays: number | undefined;
+	if (flags.expires !== undefined) {
+		const parsed = Number(flags.expires);
+		if (!Number.isInteger(parsed) || parsed <= 0) {
+			error("--expires must be a positive integer (number of days)");
+			process.exit(1);
+		}
+		expiresInDays = parsed;
+	}
+
+	const data = await createApiToken(name, expiresInDays);
+
+	track(Events.TOKEN_CREATED);
+
+	success("Token created");
+	console.error("");
+	console.error(`  ${data.token}`);
+	console.error("");
+	console.error("  Save this token -- it will not be shown again.");
+	if (data.expires_at) {
+		console.error(`  Expires: ${data.expires_at}`);
+	}
+	console.error("");
+	console.error("  Usage:");
+	console.error("    export JACK_API_TOKEN=<token>");
+	console.error("    jack ship");
+	console.error("");
+}
+
+async function listTokens(): Promise<void> {
+	const tokenList = await listApiTokens();
+
+	if (tokenList.length === 0) {
+		info("No active tokens");
+		return;
+	}
+
+	console.error("");
+	for (const t of tokenList) {
+		const lastUsed = t.last_used_at ? `last used ${t.last_used_at}` : "never used";
+		console.error(`  ${t.id}  ${t.name}  (${lastUsed})`);
+	}
+	console.error("");
+}
+
+async function revokeToken(args: string[]): Promise<void> {
+	const tokenId = args[0];
+
+	if (!tokenId) {
+		error("Missing token ID");
+		info("Usage: jack tokens revoke <token-id>");
+		info("Run 'jack tokens list' to see token IDs");
+		process.exit(1);
+	}
+
+	await revokeApiToken(tokenId);
+
+	track(Events.TOKEN_REVOKED);
+
+	success(`Token revoked: ${tokenId}`);
+}

package/src/commands/whoami.ts

@@ -1,31 +1,70 @@
+import { authFetch } from "../lib/auth/index.ts";
 import { getCredentials } from "../lib/auth/store.ts";
-import { info, item, success } from "../lib/output.ts";
+import { getControlApiUrl } from "../lib/control-plane.ts";
+import { error, info, item, success } from "../lib/output.ts";
 
 export default async function whoami(): Promise<void> {
+	const apiToken = process.env.JACK_API_TOKEN;
 	const creds = await getCredentials();
 
-	if (!creds) {
+	if (!apiToken && !creds) {
 		info("Not logged in");
 		info("Run 'jack login' to sign in");
 		return;
 	}
 
 	console.error("");
+
+	if (apiToken && !creds) {
+		// Token-only: fetch user info from control plane
+		try {
+			const res = await authFetch(`${getControlApiUrl()}/v1/me`);
+			if (!res.ok) {
+				error("API token is invalid or expired");
+				return;
+			}
+			const data = (await res.json()) as {
+				user?: { email?: string; id?: string; first_name?: string; last_name?: string };
+			};
+			if (data.user) {
+				success("Logged in");
+				if (data.user.email) item(`Email: ${data.user.email}`);
+				if (data.user.id) item(`ID: ${data.user.id}`);
+				if (data.user.first_name) {
+					item(`Name: ${data.user.first_name}${data.user.last_name ? ` ${data.user.last_name}` : ""}`);
+				}
+			} else {
+				success("Authenticated");
+			}
+			item(`Auth: API token (${apiToken.slice(4, 12)}...)`);
+		} catch {
+			error("Failed to reach control plane");
+			item(`Auth: API token (${apiToken.slice(4, 12)}...)`);
+		}
+		console.error("");
+		return;
+	}
+
+	// Has stored creds (with or without API token)
 	success("Logged in");
-	item(`Email: ${creds.user.email}`);
-	item(`ID: ${creds.user.id}`);
+	item(`Email: ${creds!.user.email}`);
+	item(`ID: ${creds!.user.id}`);
 
-	if (creds.user.first_name) {
-		item(`Name: ${creds.user.first_name}${creds.user.last_name ? ` ${creds.user.last_name}` : ""}`);
+	if (creds!.user.first_name) {
+		item(`Name: ${creds!.user.first_name}${creds!.user.last_name ? ` ${creds!.user.last_name}` : ""}`);
 	}
 
-	const expiresIn = creds.expires_at - Math.floor(Date.now() / 1000);
-	if (expiresIn > 0) {
-		const hours = Math.floor(expiresIn / 3600);
-		const minutes = Math.floor((expiresIn % 3600) / 60);
-		item(`Token expires: ${hours}h ${minutes}m`);
+	if (apiToken) {
+		item("Auth: API token");
 	} else {
-		item("Token: expired (will refresh on next request)");
+		const expiresIn = creds!.expires_at - Math.floor(Date.now() / 1000);
+		if (expiresIn > 0) {
+			const hours = Math.floor(expiresIn / 3600);
+			const minutes = Math.floor((expiresIn % 3600) / 60);
+			item(`Token expires: ${hours}h ${minutes}m`);
+		} else {
+			item("Token: expired (will refresh on next request)");
+		}
 	}
 	console.error("");
 }

package/src/index.ts

@@ -18,10 +18,12 @@ const cli = meow(
     new <name> [path]   Create and deploy a project
     vibe "<phrase>"     Create from an idea
     ship                Push changes to production
+    rollback            Roll back to previous deploy
 
   Projects
     open [name]         Open in browser
     logs                Stream live logs
+    deploys             List recent deployments
     down [name]         Undeploy from cloud
     ls                  List all projects
     info [name]         Show project details
@@ -35,6 +37,7 @@ const cli = meow(
     login               Sign in
     logout              Sign out
     whoami              Show current user
+    tokens              Manage API tokens
     update              Update jack to latest version
 
   Project Management
@@ -181,6 +184,12 @@ const cli = meow(
 			sort: {
 				type: "string",
 			},
+			name: {
+				type: "string",
+			},
+			to: {
+				type: "string",
+			},
 		},
 	},
 );
@@ -208,6 +217,7 @@ const [command, ...args] = cli.input;
 			os: process.platform,
 			arch: process.arch,
 			node_version: process.version,
+			auth_method: process.env.JACK_API_TOKEN ? "token" : "oauth",
 		});
 
 		// Update lastIdentifyDate
@@ -220,6 +230,7 @@ const [command, ...args] = cli.input;
 			os: process.platform,
 			arch: process.arch,
 			node_version: process.version,
+			auth_method: process.env.JACK_API_TOKEN ? "token" : "oauth",
 		});
 	}
 })();
@@ -285,6 +296,8 @@ try {
 				managed: cli.flags.managed,
 				byo: cli.flags.byo,
 				dryRun: cli.flags.dryRun,
+				json: cli.flags.json,
+				message: cli.flags.message,
 			});
 			break;
 		}
@@ -294,6 +307,16 @@ try {
 			await withTelemetry("logs", logs)({ label: cli.flags.label });
 			break;
 		}
+		case "deploys": {
+			const { default: deploys } = await import("./commands/deploys.ts");
+			await withTelemetry("deploys", deploys)({ all: cli.flags.all });
+			break;
+		}
+		case "rollback": {
+			const { default: rollback } = await import("./commands/rollback.ts");
+			await withTelemetry("rollback", rollback)({ to: cli.flags.to });
+			break;
+		}
 		case "agents": {
 			const { default: agents } = await import("./commands/agents.ts");
 			await withTelemetry("agents", agents, { subcommand: args[0] })(args[0], args.slice(1), {
@@ -389,6 +412,7 @@ try {
 
 			await withTelemetry("services", services, { subcommand })(args[0], serviceArgs, {
 				project: cli.flags.project,
+				json: cli.flags.json,
 			});
 			break;
 		}
@@ -399,6 +423,15 @@ try {
 			});
 			break;
 		}
+		case "tokens": {
+			const { default: tokens } = await import("./commands/tokens.ts");
+			await withTelemetry("tokens", tokens, { subcommand: args[0] })(
+				args[0],
+				args.slice(1),
+				cli.flags,
+			);
+			break;
+		}
 		case "domain": {
 			const { default: domain } = await import("./commands/domain.ts");
 			await withTelemetry("domain", domain, { subcommand: args[0] })(args[0], args.slice(1));

package/src/lib/agent-files.ts

@@ -7,7 +7,7 @@ import type { AgentConfig, AgentDefinition } from "./agents.ts";
  * Template for AGENTS.md
  */
 function generateAgentsMd(projectName: string, template: Template): string {
-	const summary = template.agentContext?.summary || "A Cloudflare Workers project";
+	const summary = template.agentContext?.summary || "A jack project";
 	const fullText = template.agentContext?.full_text || "";
 
 	return `# ${projectName}
@@ -16,16 +16,66 @@ function generateAgentsMd(projectName: string, template: Template): string {
 
 ## Deployment
 
-This project is deployed to Cloudflare Workers using jack:
+This project is deployed and managed via jack:
 
 \`\`\`bash
-jack ship    # Deploy to Cloudflare Workers
+jack ship    # Deploy to production
 jack logs    # Stream production logs
 \`\`\`
 
 All deployment is handled by jack. Never run \`wrangler\` commands directly.
 
+## Quick Commands
+
+| Command | What it does |
+|---------|--------------|
+| \`jack ship\` | Deploy to production |
+| \`jack logs\` | Stream live logs |
+| \`jack services\` | Manage databases, KV, and other bindings |
+| \`jack secrets\` | Manage environment secrets |
+
+## Services & Bindings
+
+Jack manages your project's services. To add a database:
+
+\`\`\`bash
+jack services db create
+\`\`\`
+
+To query it:
+
+\`\`\`bash
+jack services db query "SELECT * FROM users"
+\`\`\`
+
 ${fullText}
+
+## For AI Agents
+
+### MCP Tools
+
+If jack MCP is connected, **always prefer these tools over CLI commands or wrangler**:
+
+| Tool | Use for |
+|------|---------|
+| \`mcp__jack__create_project\` | Create a new project (supports forking via \`template: "username/slug"\`) |
+| \`mcp__jack__deploy_project\` | Deploy changes |
+| \`mcp__jack__get_project_status\` | Check deployment status and URL |
+| \`mcp__jack__list_projects\` | List all projects |
+| \`mcp__jack__create_database\` | Create a database |
+| \`mcp__jack__execute_sql\` | Query the database (read-only by default) |
+| \`mcp__jack__list_databases\` | List project databases |
+| \`mcp__jack__create_storage_bucket\` | Create object storage |
+| \`mcp__jack__create_vectorize_index\` | Create vector search index |
+| \`mcp__jack__tail_logs\` | Debug with live log samples |
+| \`mcp__jack__start_log_session\` | Start real-time log stream |
+| \`mcp__jack__create_cron\` | Create scheduled tasks |
+| \`mcp__jack__list_domains\` | List custom domains |
+| \`mcp__jack__connect_domain\` | Add a custom domain |
+
+### Documentation
+
+Full jack documentation: https://docs.getjack.org/llms-full.txt
 `;
 }
 
@@ -39,7 +89,7 @@ See [AGENTS.md](./AGENTS.md) for complete project context and deployment instruc
 
 ## Quick Commands
 
-- **Deploy**: \`jack ship\` - Deploy to Cloudflare Workers
+- **Deploy**: \`jack ship\` - Deploy to production
 - **Logs**: \`jack logs\` - Stream production logs
 
 ## Important

package/src/lib/agent-integration.ts

@@ -1,165 +1,18 @@
 /**
  * Agent integration module
  *
- * Ensures AI agents have proper context for jack projects.
+ * Ensures AI agents have MCP configured for jack projects.
  * Called during both project creation and first BYO deploy.
  */
 
-import { existsSync } from "node:fs";
-import { join } from "node:path";
-import type { Template } from "../templates/types.ts";
 import { installMcpConfigsToAllApps, isAppInstalled } from "./mcp-config.ts";
 
 export interface EnsureAgentResult {
 	mcpInstalled: string[];
-	jackMdCreated: boolean;
-	referencesAdded: string[];
 }
 
 export interface EnsureAgentOptions {
-	template?: Template;
 	silent?: boolean;
-	projectName?: string;
-}
-
-/**
- * Generate JACK.md content
- * Uses template agentContext if available, otherwise generic jack instructions
- */
-export function generateJackMd(projectName?: string, template?: Template): string {
-	const header = projectName ? `# ${projectName}\n\n` : "# Jack\n\n";
-
-	const templateSummary = template?.agentContext?.summary;
-	const templateFullText = template?.agentContext?.full_text;
-
-	const summarySection = templateSummary ? `> ${templateSummary}\n\n` : "";
-
-	const templateSection = templateFullText ? `${templateFullText}\n\n` : "";
-
-	return `${header}${summarySection}This project is deployed and managed via jack.
-
-## Quick Commands
-
-| Command | What it does |
-|---------|--------------|
-| \`jack ship\` | Deploy to production |
-| \`jack logs\` | Stream live logs |
-| \`jack services\` | Manage databases, KV, and other bindings |
-| \`jack secrets\` | Manage environment secrets |
-
-## Important
-
-- **Never run \`wrangler\` commands directly** - jack handles all infrastructure
-- Use \`jack services db\` to create and query databases
-- Secrets sync automatically across deploys
-
-## Services & Bindings
-
-Jack manages your project's services. To add a database:
-
-\`\`\`bash
-jack services db create
-\`\`\`
-
-To query it:
-
-\`\`\`bash
-jack services db query "SELECT * FROM users"
-\`\`\`
-
-More bindings (KV, R2, queues) coming soon.
-
-${templateSection}## For AI Agents
-
-### MCP Tools
-
-If jack MCP is connected, prefer these tools over CLI commands:
-
-| Tool | Use for |
-|------|---------|
-| \`mcp__jack__deploy_project\` | Deploy changes |
-| \`mcp__jack__create_database\` | Create a new database |
-| \`mcp__jack__execute_sql\` | Query the database |
-| \`mcp__jack__list_projects\` | List all projects |
-| \`mcp__jack__get_project_status\` | Check deployment status |
-
-### Documentation
-
-Full jack documentation: https://docs.getjack.org/llms-full.txt
-`;
-}
-
-/**
- * Create JACK.md if it doesn't exist
- */
-async function ensureJackMd(
-	projectPath: string,
-	projectName?: string,
-	template?: Template,
-): Promise<boolean> {
-	const jackMdPath = join(projectPath, "JACK.md");
-
-	if (existsSync(jackMdPath)) {
-		return false;
-	}
-
-	const content = generateJackMd(projectName, template);
-	await Bun.write(jackMdPath, content);
-	return true;
-}
-
-/**
- * Append JACK.md reference to existing agent files (CLAUDE.md, AGENTS.md)
- */
-async function appendJackMdReferences(projectPath: string): Promise<string[]> {
-	const filesToCheck = ["CLAUDE.md", "AGENTS.md"];
-	const referencesAdded: string[] = [];
-	const jackMdPath = join(projectPath, "JACK.md");
-
-	// Only add references if JACK.md exists
-	if (!existsSync(jackMdPath)) {
-		return referencesAdded;
-	}
-
-	const referenceBlock = `<!-- Added by jack -->
-> **Jack project** - See [JACK.md](./JACK.md) for deployment, services, and bindings.
-
-`;
-
-	for (const filename of filesToCheck) {
-		const filePath = join(projectPath, filename);
-
-		if (!existsSync(filePath)) {
-			continue;
-		}
-
-		try {
-			const content = await Bun.file(filePath).text();
-
-			// Skip if reference already exists
-			if (content.includes("JACK.md") || content.includes("<!-- Added by jack -->")) {
-				continue;
-			}
-
-			// Find position after first heading, or prepend if no heading
-			const headingMatch = content.match(/^#[^\n]*\n/m);
-			let newContent: string;
-
-			if (headingMatch && headingMatch.index !== undefined) {
-				const insertPos = headingMatch.index + headingMatch[0].length;
-				newContent = content.slice(0, insertPos) + "\n" + referenceBlock + content.slice(insertPos);
-			} else {
-				newContent = referenceBlock + content;
-			}
-
-			await Bun.write(filePath, newContent);
-			referencesAdded.push(filename);
-		} catch {
-			// Ignore errors reading/writing individual files
-		}
-	}
-
-	return referencesAdded;
 }
 
 /**
@@ -186,31 +39,16 @@ async function ensureMcpConfigured(): Promise<string[]> {
 /**
  * Ensure agent integration is set up for a project
  *
- * This function:
- * 1. Creates JACK.md if not exists (with template context if available)
- * 2. Appends JACK.md reference to existing CLAUDE.md/AGENTS.md
- * 3. Installs MCP config to detected AI apps
- *
+ * Installs MCP config to detected AI apps.
  * Safe to call multiple times - all operations are idempotent.
  */
 export async function ensureAgentIntegration(
-	projectPath: string,
-	options: EnsureAgentOptions = {},
+	_projectPath: string,
+	_options: EnsureAgentOptions = {},
 ): Promise<EnsureAgentResult> {
-	const { template, projectName } = options;
-
-	// 1. Create JACK.md if not exists
-	const jackMdCreated = await ensureJackMd(projectPath, projectName, template);
-
-	// 2. Append references to existing agent files
-	const referencesAdded = await appendJackMdReferences(projectPath);
-
-	// 3. Ensure MCP is configured
 	const mcpInstalled = await ensureMcpConfigured();
 
 	return {
 		mcpInstalled,
-		jackMdCreated,
-		referencesAdded,
 	};
 }

package/src/lib/auth/client.ts

@@ -73,6 +73,16 @@ export async function refreshToken(refreshTokenValue: string): Promise<TokenResp
 }
 
 export async function getValidAccessToken(): Promise<string | null> {
+	// Priority 1: API token from environment
+	const apiToken = process.env.JACK_API_TOKEN;
+	if (apiToken) {
+		if (!apiToken.startsWith("jkt_")) {
+			console.error("Warning: JACK_API_TOKEN should start with 'jkt_'");
+		}
+		return apiToken;
+	}
+
+	// Priority 2: Stored OAuth credentials
 	const creds = await getCredentials();
 	if (!creds) {
 		return null;
@@ -102,7 +112,7 @@ export async function getValidAccessToken(): Promise<string | null> {
 export async function authFetch(url: string, options: RequestInit = {}): Promise<Response> {
 	const token = await getValidAccessToken();
 	if (!token) {
-		throw new Error("Not authenticated. Run 'jack login' first.");
+		throw new Error("Not authenticated. Run 'jack login' or set JACK_API_TOKEN.");
 	}
 
 	return fetch(url, {

package/src/lib/auth/guard.ts

@@ -13,7 +13,7 @@ export async function requireAuth(): Promise<string> {
 		throw new JackError(
 			JackErrorCode.AUTH_FAILED,
 			"Not logged in",
-			"Run 'jack login' to sign in to jack cloud",
+			"Run 'jack login' to sign in, or set JACK_API_TOKEN for headless use",
 		);
 	}