@ktmcp-cli/awsamplify 1.0.0

package/AGENT.md

@@ -0,0 +1,69 @@
+# AGENT.md — AWS Amplify CLI for AI Agents
+
+This document explains how to use the AWS Amplify CLI as an AI agent.
+
+## Overview
+
+The `awsamplify` CLI provides access to the AWS Amplify API. Requires AWS credentials with Amplify permissions.
+
+## Prerequisites
+
+```bash
+awsamplify config set accessKeyId YOUR_AWS_ACCESS_KEY_ID
+awsamplify config set secretAccessKey YOUR_AWS_SECRET_ACCESS_KEY
+awsamplify config set region us-east-1
+```
+
+## All Commands
+
+### Config
+
+```bash
+awsamplify config get <key>
+awsamplify config set <key> <value>
+awsamplify config list
+```
+
+### Apps
+
+```bash
+awsamplify apps list
+awsamplify apps list --region us-west-2
+awsamplify apps get <app-id>
+awsamplify apps create --name "my-app"
+awsamplify apps create --name "my-app" --description "desc" --repository https://github.com/user/repo
+awsamplify apps delete <app-id>
+```
+
+### Branches
+
+```bash
+awsamplify branches list <app-id>
+awsamplify branches get <app-id> <branch-name>
+awsamplify branches create <app-id> --name main
+awsamplify branches delete <app-id> <branch-name>
+```
+
+### Deployments
+
+```bash
+awsamplify deployments list <app-id> <branch-name>
+awsamplify deployments get <app-id> <branch-name> <job-id>
+awsamplify deployments create <app-id> <branch-name>
+```
+
+## JSON Output
+
+All commands support `--json`:
+
+```bash
+awsamplify apps list --json
+awsamplify branches list <app-id> --json
+awsamplify deployments list <app-id> main --json
+```
+
+## Error Handling
+
+The CLI exits with code 1 on error and prints to stderr.
+- `AWS authentication failed` — Check accessKeyId and secretAccessKey
+- `Resource not found` — Check the ID is correct

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 KTMCP
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,86 @@
+> "Six months ago, everyone was talking about MCPs. And I was like, screw MCPs. Every MCP would be better as a CLI."
+>
+> — [Peter Steinberger](https://twitter.com/steipete), Founder of OpenClaw
+> [Watch on YouTube (~2:39:00)](https://www.youtube.com/@lexfridman) | [Lex Fridman Podcast #491](https://lexfridman.com/peter-steinberger/)
+
+# AWS Amplify CLI
+
+Production-ready CLI for the AWS Amplify API. Manage apps, branches, and deployments directly from your terminal.
+
+## Installation
+
+```bash
+npm install -g @ktmcp-cli/awsamplify
+```
+
+## Configuration
+
+```bash
+awsamplify config set accessKeyId YOUR_AWS_ACCESS_KEY_ID
+awsamplify config set secretAccessKey YOUR_AWS_SECRET_ACCESS_KEY
+awsamplify config set region us-east-1
+```
+
+## Usage
+
+### Apps
+
+```bash
+# List all Amplify apps
+awsamplify apps list
+awsamplify apps list --region us-west-2
+
+# Get app details
+awsamplify apps get <app-id>
+
+# Create a new app
+awsamplify apps create --name "my-app"
+awsamplify apps create --name "my-app" --description "My Amplify app" --repository https://github.com/user/repo
+
+# Delete an app
+awsamplify apps delete <app-id>
+```
+
+### Branches
+
+```bash
+# List branches for an app
+awsamplify branches list <app-id>
+
+# Get branch details
+awsamplify branches get <app-id> main
+
+# Create a branch
+awsamplify branches create <app-id> --name main
+awsamplify branches create <app-id> --name staging --description "Staging branch"
+
+# Delete a branch
+awsamplify branches delete <app-id> <branch-name>
+```
+
+### Deployments
+
+```bash
+# List deployments (jobs) for a branch
+awsamplify deployments list <app-id> main
+
+# Get deployment details
+awsamplify deployments get <app-id> main <job-id>
+
+# Trigger a new deployment
+awsamplify deployments create <app-id> main
+```
+
+### JSON Output
+
+All commands support `--json`:
+
+```bash
+awsamplify apps list --json
+awsamplify branches list <app-id> --json
+awsamplify deployments list <app-id> main --json | jq '.[].status'
+```
+
+## License
+
+MIT

package/bin/awsamplify.js

@@ -0,0 +1,9 @@
+#!/usr/bin/env node
+
+import { fileURLToPath } from 'url';
+import { dirname, join } from 'path';
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+
+import(join(__dirname, '..', 'src', 'index.js'));

package/package.json

@@ -0,0 +1,27 @@
+{
+  "name": "@ktmcp-cli/awsamplify",
+  "version": "1.0.0",
+  "description": "Production-ready CLI for AWS Amplify API - Kill The MCP",
+  "type": "module",
+  "main": "src/index.js",
+  "bin": {
+    "awsamplify": "bin/awsamplify.js"
+  },
+  "keywords": ["awsamplify", "aws", "amplify", "cli", "api", "ktmcp"],
+  "author": "KTMCP",
+  "license": "MIT",
+  "dependencies": {
+    "commander": "^12.0.0",
+    "axios": "^1.6.7",
+    "chalk": "^5.3.0",
+    "ora": "^8.0.1",
+    "conf": "^12.0.0"
+  },
+  "engines": { "node": ">=18.0.0" },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/ktmcp-cli/awsamplify.git"
+  },
+  "homepage": "https://killthemcp.com/awsamplify-cli",
+  "bugs": { "url": "https://github.com/ktmcp-cli/awsamplify/issues" }
+}

package/src/api.js

@@ -0,0 +1,202 @@
+import axios from 'axios';
+import crypto from 'crypto';
+import { getConfig } from './config.js';
+
+/**
+ * AWS Signature Version 4 signing helper
+ */
+function sign(key, msg) {
+  return crypto.createHmac('sha256', key).update(msg).digest();
+}
+
+function getSigningKey(secretKey, dateStamp, regionName, serviceName) {
+  const kDate = sign('AWS4' + secretKey, dateStamp);
+  const kRegion = sign(kDate, regionName);
+  const kService = sign(kRegion, serviceName);
+  const kSigning = sign(kService, 'aws4_request');
+  return kSigning;
+}
+
+function buildAuthHeader({ method, url, body, service, region, accessKeyId, secretAccessKey }) {
+  const parsedUrl = new URL(url);
+  const host = parsedUrl.host;
+  const path = parsedUrl.pathname;
+  const queryString = parsedUrl.search ? parsedUrl.search.slice(1) : '';
+
+  const now = new Date();
+  const amzDate = now.toISOString().replace(/[:-]|\.\d{3}/g, '').slice(0, 15) + 'Z';
+  const dateStamp = amzDate.slice(0, 8);
+
+  const payloadHash = crypto.createHash('sha256').update(body || '').digest('hex');
+
+  const canonicalHeaders = `host:${host}\nx-amz-date:${amzDate}\n`;
+  const signedHeaders = 'host;x-amz-date';
+
+  const canonicalRequest = [
+    method.toUpperCase(),
+    path,
+    queryString,
+    canonicalHeaders,
+    signedHeaders,
+    payloadHash
+  ].join('\n');
+
+  const credentialScope = `${dateStamp}/${region}/${service}/aws4_request`;
+  const stringToSign = [
+    'AWS4-HMAC-SHA256',
+    amzDate,
+    credentialScope,
+    crypto.createHash('sha256').update(canonicalRequest).digest('hex')
+  ].join('\n');
+
+  const signingKey = getSigningKey(secretAccessKey, dateStamp, region, service);
+  const signature = crypto.createHmac('sha256', signingKey).update(stringToSign).digest('hex');
+
+  const authorization = `AWS4-HMAC-SHA256 Credential=${accessKeyId}/${credentialScope}, SignedHeaders=${signedHeaders}, Signature=${signature}`;
+
+  return { authorization, amzDate };
+}
+
+function getAwsClient(region) {
+  const accessKeyId = getConfig('accessKeyId');
+  const secretAccessKey = getConfig('secretAccessKey');
+  const resolvedRegion = region || getConfig('region') || 'us-east-1';
+  const baseURL = `https://amplify.${resolvedRegion}.amazonaws.com`;
+
+  return {
+    request: async (method, path, data = null) => {
+      const url = `${baseURL}${path}`;
+      const body = data ? JSON.stringify(data) : '';
+      const { authorization, amzDate } = buildAuthHeader({
+        method,
+        url,
+        body,
+        service: 'amplify',
+        region: resolvedRegion,
+        accessKeyId,
+        secretAccessKey
+      });
+
+      try {
+        const response = await axios({
+          method,
+          url,
+          data: data || undefined,
+          headers: {
+            'Authorization': authorization,
+            'X-Amz-Date': amzDate,
+            'Content-Type': 'application/json',
+            'Accept': 'application/json'
+          }
+        });
+        return response.data;
+      } catch (error) {
+        handleApiError(error);
+      }
+    }
+  };
+}
+
+function handleApiError(error) {
+  if (error.response) {
+    const status = error.response.status;
+    const data = error.response.data;
+    if (status === 401 || status === 403) {
+      throw new Error('AWS authentication failed. Check your accessKeyId and secretAccessKey.');
+    } else if (status === 404) {
+      throw new Error('Resource not found.');
+    } else if (status === 429) {
+      throw new Error('Rate limit exceeded. Please wait before retrying.');
+    } else {
+      const message = data?.message || data?.Message || data?.error || JSON.stringify(data);
+      throw new Error(`AWS API Error (${status}): ${message}`);
+    }
+  } else if (error.request) {
+    throw new Error('No response from AWS Amplify API. Check your internet connection and region.');
+  } else {
+    throw error;
+  }
+}
+
+// ============================================================
+// APPS
+// ============================================================
+
+export async function listApps(region) {
+  const client = getAwsClient(region);
+  const data = await client.request('GET', '/apps');
+  return data?.apps || [];
+}
+
+export async function getApp(appId, region) {
+  const client = getAwsClient(region);
+  const data = await client.request('GET', `/apps/${appId}`);
+  return data?.app || data || null;
+}
+
+export async function createApp({ name, description, repository, region }) {
+  const client = getAwsClient(region);
+  const body = { name };
+  if (description) body.description = description;
+  if (repository) body.repository = repository;
+  const data = await client.request('POST', '/apps', body);
+  return data?.app || data || null;
+}
+
+export async function deleteApp(appId, region) {
+  const client = getAwsClient(region);
+  const data = await client.request('DELETE', `/apps/${appId}`);
+  return data?.app || data || null;
+}
+
+// ============================================================
+// BRANCHES
+// ============================================================
+
+export async function listBranches(appId, region) {
+  const client = getAwsClient(region);
+  const data = await client.request('GET', `/apps/${appId}/branches`);
+  return data?.branches || [];
+}
+
+export async function getBranch(appId, branchName, region) {
+  const client = getAwsClient(region);
+  const data = await client.request('GET', `/apps/${appId}/branches/${encodeURIComponent(branchName)}`);
+  return data?.branch || data || null;
+}
+
+export async function createBranch({ appId, branchName, description, region }) {
+  const client = getAwsClient(region);
+  const body = { branchName };
+  if (description) body.description = description;
+  const data = await client.request('POST', `/apps/${appId}/branches`, body);
+  return data?.branch || data || null;
+}
+
+export async function deleteBranch(appId, branchName, region) {
+  const client = getAwsClient(region);
+  const data = await client.request('DELETE', `/apps/${appId}/branches/${encodeURIComponent(branchName)}`);
+  return data?.branch || data || null;
+}
+
+// ============================================================
+// DEPLOYMENTS
+// ============================================================
+
+export async function listDeployments(appId, branchName, region) {
+  const client = getAwsClient(region);
+  const data = await client.request('GET', `/apps/${appId}/branches/${encodeURIComponent(branchName)}/jobs`);
+  return data?.jobSummaries || [];
+}
+
+export async function getDeployment(appId, branchName, jobId, region) {
+  const client = getAwsClient(region);
+  const data = await client.request('GET', `/apps/${appId}/branches/${encodeURIComponent(branchName)}/jobs/${jobId}`);
+  return data?.job || data || null;
+}
+
+export async function createDeployment({ appId, branchName, region }) {
+  const client = getAwsClient(region);
+  const data = await client.request('POST', `/apps/${appId}/branches/${encodeURIComponent(branchName)}/deployments`);
+  return data || null;
+}

package/src/config.js

@@ -0,0 +1,21 @@
+import Conf from 'conf';
+
+const config = new Conf({ projectName: '@ktmcp-cli/awsamplify' });
+
+export function getConfig(key) {
+  return config.get(key);
+}
+
+export function setConfig(key, value) {
+  config.set(key, value);
+}
+
+export function isConfigured() {
+  return !!(config.get('accessKeyId') && config.get('secretAccessKey'));
+}
+
+export function getAllConfig() {
+  return config.store;
+}
+
+export default config;

package/src/index.js

@@ -0,0 +1,500 @@
+import { Command } from 'commander';
+import chalk from 'chalk';
+import ora from 'ora';
+import { getConfig, setConfig, getAllConfig, isConfigured } from './config.js';
+import {
+  listApps,
+  getApp,
+  createApp,
+  deleteApp,
+  listBranches,
+  getBranch,
+  createBranch,
+  deleteBranch,
+  listDeployments,
+  getDeployment,
+  createDeployment
+} from './api.js';
+
+const program = new Command();
+
+// ============================================================
+// Helpers
+// ============================================================
+
+function printSuccess(message) {
+  console.log(chalk.green('✓') + ' ' + message);
+}
+
+function printError(message) {
+  console.error(chalk.red('✗') + ' ' + message);
+}
+
+function printTable(data, columns) {
+  if (!data || data.length === 0) {
+    console.log(chalk.yellow('No results found.'));
+    return;
+  }
+
+  const widths = {};
+  columns.forEach(col => {
+    widths[col.key] = col.label.length;
+    data.forEach(row => {
+      const val = String(col.format ? col.format(row[col.key], row) : (row[col.key] ?? ''));
+      if (val.length > widths[col.key]) widths[col.key] = val.length;
+    });
+    widths[col.key] = Math.min(widths[col.key], 40);
+  });
+
+  const header = columns.map(col => col.label.padEnd(widths[col.key])).join('  ');
+  console.log(chalk.bold(chalk.cyan(header)));
+  console.log(chalk.dim('─'.repeat(header.length)));
+
+  data.forEach(row => {
+    const line = columns.map(col => {
+      const val = String(col.format ? col.format(row[col.key], row) : (row[col.key] ?? ''));
+      return val.substring(0, widths[col.key]).padEnd(widths[col.key]);
+    }).join('  ');
+    console.log(line);
+  });
+
+  console.log(chalk.dim(`\n${data.length} result(s)`));
+}
+
+function printJson(data) {
+  console.log(JSON.stringify(data, null, 2));
+}
+
+async function withSpinner(message, fn) {
+  const spinner = ora(message).start();
+  try {
+    const result = await fn();
+    spinner.stop();
+    return result;
+  } catch (error) {
+    spinner.stop();
+    throw error;
+  }
+}
+
+function requireAuth() {
+  if (!isConfigured()) {
+    printError('AWS credentials not configured.');
+    console.log('\nRun the following to configure:');
+    console.log(chalk.cyan('  awsamplify config set accessKeyId YOUR_KEY'));
+    console.log(chalk.cyan('  awsamplify config set secretAccessKey YOUR_SECRET'));
+    console.log(chalk.cyan('  awsamplify config set region us-east-1'));
+    process.exit(1);
+  }
+}
+
+// ============================================================
+// Program metadata
+// ============================================================
+
+program
+  .name('awsamplify')
+  .description(chalk.bold('AWS Amplify CLI') + ' - Manage Amplify apps, branches, and deployments')
+  .version('1.0.0');
+
+// ============================================================
+// CONFIG
+// ============================================================
+
+const configCmd = program.command('config').description('Manage CLI configuration');
+
+configCmd
+  .command('get <key>')
+  .description('Get a configuration value')
+  .action((key) => {
+    const value = getConfig(key);
+    if (value === undefined) {
+      printError(`Key '${key}' not found`);
+    } else {
+      console.log(value);
+    }
+  });
+
+configCmd
+  .command('set <key> <value>')
+  .description('Set a configuration value')
+  .action((key, value) => {
+    setConfig(key, value);
+    printSuccess(`Config '${key}' set`);
+  });
+
+configCmd
+  .command('list')
+  .description('List all configuration values')
+  .action(() => {
+    const all = getAllConfig();
+    console.log(chalk.bold('\nAWS Amplify CLI Configuration\n'));
+    if (Object.keys(all).length === 0) {
+      console.log(chalk.yellow('No configuration set.'));
+      console.log('\nRun:');
+      console.log(chalk.cyan('  awsamplify config set accessKeyId YOUR_KEY'));
+      console.log(chalk.cyan('  awsamplify config set secretAccessKey YOUR_SECRET'));
+      console.log(chalk.cyan('  awsamplify config set region us-east-1'));
+    } else {
+      Object.entries(all).forEach(([k, v]) => {
+        const displayVal = k === 'secretAccessKey' ? chalk.green('*'.repeat(8)) : chalk.cyan(String(v));
+        console.log(`${k}: ${displayVal}`);
+      });
+    }
+  });
+
+// ============================================================
+// APPS
+// ============================================================
+
+const appsCmd = program.command('apps').description('Manage Amplify apps');
+
+appsCmd
+  .command('list')
+  .description('List all Amplify apps')
+  .option('--region <region>', 'AWS region')
+  .option('--json', 'Output as JSON')
+  .action(async (options) => {
+    requireAuth();
+    try {
+      const apps = await withSpinner('Fetching Amplify apps...', () =>
+        listApps(options.region)
+      );
+
+      if (options.json) {
+        printJson(apps);
+        return;
+      }
+
+      printTable(apps, [
+        { key: 'appId', label: 'App ID' },
+        { key: 'name', label: 'Name' },
+        { key: 'description', label: 'Description' },
+        { key: 'defaultDomain', label: 'Domain' },
+        { key: 'createTime', label: 'Created', format: (v) => v ? new Date(v).toLocaleDateString() : '' }
+      ]);
+    } catch (error) {
+      printError(error.message);
+      process.exit(1);
+    }
+  });
+
+appsCmd
+  .command('get <app-id>')
+  .description('Get details of an Amplify app')
+  .option('--region <region>', 'AWS region')
+  .option('--json', 'Output as JSON')
+  .action(async (appId, options) => {
+    requireAuth();
+    try {
+      const app = await withSpinner(`Fetching app ${appId}...`, () =>
+        getApp(appId, options.region)
+      );
+
+      if (!app) {
+        printError('App not found');
+        process.exit(1);
+      }
+
+      if (options.json) {
+        printJson(app);
+        return;
+      }
+
+      console.log(chalk.bold('\nAmplify App Details\n'));
+      console.log('App ID:        ', chalk.cyan(app.appId || appId));
+      console.log('Name:          ', chalk.bold(app.name || 'N/A'));
+      console.log('Description:   ', app.description || 'N/A');
+      console.log('Domain:        ', app.defaultDomain || 'N/A');
+      console.log('Repository:    ', app.repository || 'N/A');
+      console.log('Platform:      ', app.platform || 'N/A');
+      console.log('Created:       ', app.createTime ? new Date(app.createTime).toLocaleString() : 'N/A');
+      console.log('Updated:       ', app.updateTime ? new Date(app.updateTime).toLocaleString() : 'N/A');
+      console.log('');
+    } catch (error) {
+      printError(error.message);
+      process.exit(1);
+    }
+  });
+
+appsCmd
+  .command('create')
+  .description('Create a new Amplify app')
+  .requiredOption('--name <name>', 'App name')
+  .option('--description <description>', 'App description')
+  .option('--repository <url>', 'Repository URL')
+  .option('--region <region>', 'AWS region')
+  .option('--json', 'Output as JSON')
+  .action(async (options) => {
+    requireAuth();
+    try {
+      const app = await withSpinner('Creating Amplify app...', () =>
+        createApp({
+          name: options.name,
+          description: options.description,
+          repository: options.repository,
+          region: options.region
+        })
+      );
+
+      if (options.json) {
+        printJson(app);
+        return;
+      }
+
+      printSuccess(`App created: ${chalk.bold(app?.name || options.name)}`);
+      if (app) {
+        console.log('App ID:  ', chalk.cyan(app.appId));
+        console.log('Domain:  ', app.defaultDomain || 'N/A');
+      }
+    } catch (error) {
+      printError(error.message);
+      process.exit(1);
+    }
+  });
+
+appsCmd
+  .command('delete <app-id>')
+  .description('Delete an Amplify app')
+  .option('--region <region>', 'AWS region')
+  .action(async (appId, options) => {
+    requireAuth();
+    try {
+      await withSpinner(`Deleting app ${appId}...`, () => deleteApp(appId, options.region));
+      printSuccess(`App ${appId} deleted`);
+    } catch (error) {
+      printError(error.message);
+      process.exit(1);
+    }
+  });
+
+// ============================================================
+// BRANCHES
+// ============================================================
+
+const branchesCmd = program.command('branches').description('Manage Amplify branches');
+
+branchesCmd
+  .command('list <app-id>')
+  .description('List branches for an app')
+  .option('--region <region>', 'AWS region')
+  .option('--json', 'Output as JSON')
+  .action(async (appId, options) => {
+    requireAuth();
+    try {
+      const branches = await withSpinner('Fetching branches...', () =>
+        listBranches(appId, options.region)
+      );
+
+      if (options.json) {
+        printJson(branches);
+        return;
+      }
+
+      printTable(branches, [
+        { key: 'branchName', label: 'Branch' },
+        { key: 'displayName', label: 'Display Name' },
+        { key: 'stage', label: 'Stage' },
+        { key: 'activeJobId', label: 'Active Job' },
+        { key: 'createTime', label: 'Created', format: (v) => v ? new Date(v).toLocaleDateString() : '' }
+      ]);
+    } catch (error) {
+      printError(error.message);
+      process.exit(1);
+    }
+  });
+
+branchesCmd
+  .command('get <app-id> <branch-name>')
+  .description('Get branch details')
+  .option('--region <region>', 'AWS region')
+  .option('--json', 'Output as JSON')
+  .action(async (appId, branchName, options) => {
+    requireAuth();
+    try {
+      const branch = await withSpinner(`Fetching branch ${branchName}...`, () =>
+        getBranch(appId, branchName, options.region)
+      );
+
+      if (!branch) {
+        printError('Branch not found');
+        process.exit(1);
+      }
+
+      if (options.json) {
+        printJson(branch);
+        return;
+      }
+
+      console.log(chalk.bold('\nBranch Details\n'));
+      console.log('Branch Name:   ', chalk.cyan(branch.branchName || branchName));
+      console.log('Display Name:  ', branch.displayName || 'N/A');
+      console.log('Stage:         ', branch.stage || 'N/A');
+      console.log('Active Job:    ', branch.activeJobId || 'N/A');
+      console.log('Framework:     ', branch.framework || 'N/A');
+      console.log('Created:       ', branch.createTime ? new Date(branch.createTime).toLocaleString() : 'N/A');
+      console.log('');
+    } catch (error) {
+      printError(error.message);
+      process.exit(1);
+    }
+  });
+
+branchesCmd
+  .command('create <app-id>')
+  .description('Create a new branch')
+  .requiredOption('--name <name>', 'Branch name')
+  .option('--description <description>', 'Branch description')
+  .option('--region <region>', 'AWS region')
+  .option('--json', 'Output as JSON')
+  .action(async (appId, options) => {
+    requireAuth();
+    try {
+      const branch = await withSpinner('Creating branch...', () =>
+        createBranch({
+          appId,
+          branchName: options.name,
+          description: options.description,
+          region: options.region
+        })
+      );
+
+      if (options.json) {
+        printJson(branch);
+        return;
+      }
+
+      printSuccess(`Branch created: ${chalk.bold(options.name)}`);
+      if (branch) console.log('Branch ARN: ', branch.branchArn || 'N/A');
+    } catch (error) {
+      printError(error.message);
+      process.exit(1);
+    }
+  });
+
+branchesCmd
+  .command('delete <app-id> <branch-name>')
+  .description('Delete a branch')
+  .option('--region <region>', 'AWS region')
+  .action(async (appId, branchName, options) => {
+    requireAuth();
+    try {
+      await withSpinner(`Deleting branch ${branchName}...`, () =>
+        deleteBranch(appId, branchName, options.region)
+      );
+      printSuccess(`Branch ${branchName} deleted`);
+    } catch (error) {
+      printError(error.message);
+      process.exit(1);
+    }
+  });
+
+// ============================================================
+// DEPLOYMENTS
+// ============================================================
+
+const deploymentsCmd = program.command('deployments').description('Manage Amplify deployments');
+
+deploymentsCmd
+  .command('list <app-id> <branch-name>')
+  .description('List deployments (jobs) for a branch')
+  .option('--region <region>', 'AWS region')
+  .option('--json', 'Output as JSON')
+  .action(async (appId, branchName, options) => {
+    requireAuth();
+    try {
+      const deployments = await withSpinner('Fetching deployments...', () =>
+        listDeployments(appId, branchName, options.region)
+      );
+
+      if (options.json) {
+        printJson(deployments);
+        return;
+      }
+
+      printTable(deployments, [
+        { key: 'jobId', label: 'Job ID' },
+        { key: 'jobType', label: 'Type' },
+        { key: 'status', label: 'Status' },
+        { key: 'commitMessage', label: 'Commit', format: (v) => (v || '').substring(0, 30) },
+        { key: 'startTime', label: 'Started', format: (v) => v ? new Date(v).toLocaleDateString() : '' },
+        { key: 'endTime', label: 'Ended', format: (v) => v ? new Date(v).toLocaleDateString() : '' }
+      ]);
+    } catch (error) {
+      printError(error.message);
+      process.exit(1);
+    }
+  });
+
+deploymentsCmd
+  .command('get <app-id> <branch-name> <job-id>')
+  .description('Get deployment details')
+  .option('--region <region>', 'AWS region')
+  .option('--json', 'Output as JSON')
+  .action(async (appId, branchName, jobId, options) => {
+    requireAuth();
+    try {
+      const deployment = await withSpinner(`Fetching deployment ${jobId}...`, () =>
+        getDeployment(appId, branchName, jobId, options.region)
+      );
+
+      if (!deployment) {
+        printError('Deployment not found');
+        process.exit(1);
+      }
+
+      if (options.json) {
+        printJson(deployment);
+        return;
+      }
+
+      const summary = deployment.summary || deployment;
+      console.log(chalk.bold('\nDeployment Details\n'));
+      console.log('Job ID:        ', chalk.cyan(summary.jobId || jobId));
+      console.log('Type:          ', summary.jobType || 'N/A');
+      console.log('Status:        ', summary.status || 'N/A');
+      console.log('Commit ID:     ', summary.commitId || 'N/A');
+      console.log('Commit Msg:    ', summary.commitMessage || 'N/A');
+      console.log('Started:       ', summary.startTime ? new Date(summary.startTime).toLocaleString() : 'N/A');
+      console.log('Ended:         ', summary.endTime ? new Date(summary.endTime).toLocaleString() : 'N/A');
+      console.log('');
+    } catch (error) {
+      printError(error.message);
+      process.exit(1);
+    }
+  });
+
+deploymentsCmd
+  .command('create <app-id> <branch-name>')
+  .description('Trigger a new deployment for a branch')
+  .option('--region <region>', 'AWS region')
+  .option('--json', 'Output as JSON')
+  .action(async (appId, branchName, options) => {
+    requireAuth();
+    try {
+      const result = await withSpinner('Creating deployment...', () =>
+        createDeployment({ appId, branchName, region: options.region })
+      );
+
+      if (options.json) {
+        printJson(result);
+        return;
+      }
+
+      printSuccess('Deployment created');
+      if (result) console.log(JSON.stringify(result, null, 2));
+    } catch (error) {
+      printError(error.message);
+      process.exit(1);
+    }
+  });
+
+// ============================================================
+// Parse
+// ============================================================
+
+program.parse(process.argv);
+
+if (process.argv.length <= 2) {
+  program.help();
+}