jungle-grid 0.1.0

package/dist/api.d.ts

@@ -0,0 +1,208 @@
+/**
+ * api.ts — Typed HTTP client for the Jungle Grid orchestrator REST API.
+ *
+ * Architecture role: Pillar 1 (Abstract GPU Selection) enforcement boundary.
+ * This module is the ONLY place the CLI makes HTTP requests to the orchestrator.
+ * All requests go through apiRequest(), which:
+ *   - Injects the Bearer token from stored credentials (auth.ts)
+ *   - Resolves the base URL from config (config.ts)
+ *   - Returns typed responses matching the orchestrator's JSON envelope
+ *
+ * DISPLAY CONTRACT:
+ *   - Job-oriented responses should stay workload-first and scheduling-focused.
+ *   - Provider and marketplace node inspection may intentionally include full
+ *     node capability data such as GPU type, VRAM, or CUDA support.
+ *   - Secrets or node authentication material must never be modeled here.
+ *
+ * Upstream: Called by command handlers in index.ts.
+ * Downstream: Calls orchestrator REST API; reads token via auth.ts; reads
+ *             API URL via config.ts.
+ */
+/**
+ * Response from POST /v1/jobs — job submission confirmation.
+ * Note: no hardware details in the response. The user sees a job ID and status,
+ * never which GPU was selected. That is an internal scheduling decision.
+ */
+export interface SubmitJobResponse {
+    job_id: string;
+    status: string;
+    queued_at: string;
+}
+/**
+ * Score breakdown returned as part of job status.
+ * These are abstract quality scores, not hardware metrics.
+ */
+export interface ScoreBreakdown {
+    price: number;
+    reliability: number;
+    latency: number;
+    performance: number;
+    queue_depth: number;
+    thermal: number;
+    total: number;
+}
+/**
+ * Response from GET /v1/jobs/:id — job status details.
+ * assigned_node_id is an opaque identifier, not a hardware description.
+ */
+export interface JobStatusResponse {
+    job_id: string;
+    name?: string;
+    status: string;
+    status_reason?: string;
+    workload_type?: string;
+    model_size_gb?: number;
+    batch_size?: number;
+    precision?: string;
+    optimize_for?: string;
+    image?: string;
+    command?: string;
+    args?: string[];
+    assigned_node_id?: string;
+    last_failed_node_id?: string;
+    dispatch_attempt?: number;
+    score_breakdown?: ScoreBreakdown;
+    created_at: string;
+    queued_at?: string;
+    started_at?: string;
+    updated_at: string;
+    completed_at?: string;
+}
+export interface JobRuntimeResponse {
+    job_id: string;
+    status: string;
+    status_reason?: string;
+    image: string;
+    command?: string;
+    args?: string[];
+    exit_code?: number;
+    timed_out?: boolean;
+    started_at?: string;
+    finished_at?: string;
+    stdout_tail?: string;
+    stderr_tail?: string;
+}
+/**
+ * Raw job item from GET /v1/jobs.
+ *
+ * The orchestrator currently serializes Go struct field names as PascalCase.
+ * The CLI reads only abstract workload fields and intentionally ignores any
+ * hardware-specific fields that may exist in the payload.
+ */
+export interface JobListItem {
+    ID: string;
+    Name?: string;
+    Status?: string;
+    WorkloadType?: string;
+    OptimizeFor?: string;
+    CreatedAtUnix?: number;
+    UpdatedAtUnix?: number;
+}
+/**
+ * Response from GET /v1/jobs — owner-filtered list of the current user's jobs.
+ */
+export interface JobListResponse {
+    jobs?: JobListItem[];
+}
+export interface NodeRegisterRequest {
+    node_id: string;
+    email: string;
+    payout: {
+        bank_name: string;
+        account_number: string;
+        account_name: string;
+    };
+    hardware: {
+        gpu: string;
+        vram_gb: number;
+        gpu_count: number;
+        cpu_cores: number;
+        cpu_mhz: number;
+        ram_gb: number;
+        cuda_version: string;
+        cuda_support: boolean;
+        compute_capability: string;
+    };
+    network: {
+        latency_ms: number;
+    };
+    environment: {
+        os: string;
+        location: string;
+        dispatch_url: string;
+    };
+    price_per_hour: number;
+    reliability_score: number;
+    performance_score: number;
+}
+export interface NodeRegisterResponse {
+    node_id: string;
+    api_key: string;
+    status: string;
+}
+export interface NodeActivateResponse {
+    node_id: string;
+    status: string;
+}
+/**
+ * Response from POST /auth/device — initiates the device login flow.
+ */
+export interface DeviceAuthResponse {
+    login_url: string;
+}
+/**
+ * Response from GET /auth/token — returned when login is complete.
+ * The token field is an opaque JWT. The CLI never inspects its payload.
+ */
+export interface TokenResponse {
+    token: string;
+    user: {
+        id: string;
+        email: string;
+        role?: string;
+    };
+}
+/**
+ * Response from GET /auth/me — current user info.
+ */
+export interface MeResponse {
+    id: string;
+    email: string;
+    role: string;
+}
+/**
+ * Error thrown when the API returns a non-2xx status.
+ * Carries the status code and parsed error body for display.
+ */
+export declare class ApiError extends Error {
+    readonly status: number;
+    readonly code: string;
+    constructor(status: number, code: string, message: string);
+}
+/**
+ * Makes an authenticated HTTP request to the orchestrator API.
+ *
+ * Automatically injects the Bearer token if the user is logged in.
+ * If no token is stored, the request is sent without auth (the server
+ * decides whether to allow unauthenticated access).
+ *
+ * @param method - HTTP method (GET, POST, etc.)
+ * @param urlPath - Path relative to the API base URL (e.g., "/v1/jobs")
+ * @param body - Optional request body; will be JSON-serialized.
+ * @returns Parsed JSON response body, typed as T.
+ * @throws ApiError if the server returns a non-2xx status.
+ *
+ * Side effects: Reads token from ~/.jungle-grid/credentials.json via auth.ts.
+ */
+export declare function apiRequest<T>(method: string, urlPath: string, body?: unknown): Promise<T>;
+/**
+ * Convenience: makes a GET request expecting a JSON response,
+ * but returns null on 202 (pending) instead of throwing.
+ * Used by the device-flow token polling loop.
+ *
+ * @param urlPath - Path relative to the API base URL.
+ * @returns Parsed response, or null if status is 202.
+ * @throws ApiError for non-2xx statuses other than 202.
+ */
+export declare function apiPoll<T>(urlPath: string): Promise<T | null>;
+//# sourceMappingURL=api.d.ts.map

package/dist/api.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"api.d.ts","sourceRoot":"","sources":["../src/api.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAOH;;;;GAIG;AACH,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,eAAe,CAAC,EAAE,cAAc,CAAC;IACjC,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;;;;;GAMG;AACH,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,IAAI,CAAC,EAAE,WAAW,EAAE,CAAC;CACtB;AAED,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE;QACN,SAAS,EAAE,MAAM,CAAC;QAClB,cAAc,EAAE,MAAM,CAAC;QACvB,YAAY,EAAE,MAAM,CAAC;KACtB,CAAC;IACF,QAAQ,EAAE;QACR,GAAG,EAAE,MAAM,CAAC;QACZ,OAAO,EAAE,MAAM,CAAC;QAChB,SAAS,EAAE,MAAM,CAAC;QAClB,SAAS,EAAE,MAAM,CAAC;QAClB,OAAO,EAAE,MAAM,CAAC;QAChB,MAAM,EAAE,MAAM,CAAC;QACf,YAAY,EAAE,MAAM,CAAC;QACrB,YAAY,EAAE,OAAO,CAAC;QACtB,kBAAkB,EAAE,MAAM,CAAC;KAC5B,CAAC;IACF,OAAO,EAAE;QACP,UAAU,EAAE,MAAM,CAAC;KACpB,CAAC;IACF,WAAW,EAAE;QACX,EAAE,EAAE,MAAM,CAAC;QACX,QAAQ,EAAE,MAAM,CAAC;QACjB,YAAY,EAAE,MAAM,CAAC;KACtB,CAAC;IACF,cAAc,EAAE,MAAM,CAAC;IACvB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,iBAAiB,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;CAChB;AAID;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE;QACJ,EAAE,EAAE,MAAM,CAAC;QACX,KAAK,EAAE,MAAM,CAAC;QACd,IAAI,CAAC,EAAE,MAAM,CAAC;KACf,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;CACd;AAID;;;GAGG;AACH,qBAAa,QAAS,SAAQ,KAAK;aAEf,MAAM,EAAE,MAAM;aACd,IAAI,EAAE,MAAM;gBADZ,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,EAC5B,OAAO,EAAE,MAAM;CAKlB;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,UAAU,CAAC,CAAC,EAChC,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,EACf,IAAI,CAAC,EAAE,OAAO,GACb,OAAO,CAAC,CAAC,CAAC,CAqCZ;AAED;;;;;;;;GAQG;AACH,wBAAsB,OAAO,CAAC,CAAC,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC,CAgCnE"}

package/dist/api.js

@@ -0,0 +1,118 @@
+"use strict";
+/**
+ * api.ts — Typed HTTP client for the Jungle Grid orchestrator REST API.
+ *
+ * Architecture role: Pillar 1 (Abstract GPU Selection) enforcement boundary.
+ * This module is the ONLY place the CLI makes HTTP requests to the orchestrator.
+ * All requests go through apiRequest(), which:
+ *   - Injects the Bearer token from stored credentials (auth.ts)
+ *   - Resolves the base URL from config (config.ts)
+ *   - Returns typed responses matching the orchestrator's JSON envelope
+ *
+ * DISPLAY CONTRACT:
+ *   - Job-oriented responses should stay workload-first and scheduling-focused.
+ *   - Provider and marketplace node inspection may intentionally include full
+ *     node capability data such as GPU type, VRAM, or CUDA support.
+ *   - Secrets or node authentication material must never be modeled here.
+ *
+ * Upstream: Called by command handlers in index.ts.
+ * Downstream: Calls orchestrator REST API; reads token via auth.ts; reads
+ *             API URL via config.ts.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ApiError = void 0;
+exports.apiRequest = apiRequest;
+exports.apiPoll = apiPoll;
+const config_1 = require("./config");
+const auth_1 = require("./auth");
+// ─── HTTP client ───────────────────────────────────────────────────────────
+/**
+ * Error thrown when the API returns a non-2xx status.
+ * Carries the status code and parsed error body for display.
+ */
+class ApiError extends Error {
+    status;
+    code;
+    constructor(status, code, message) {
+        super(message);
+        this.status = status;
+        this.code = code;
+        this.name = "ApiError";
+    }
+}
+exports.ApiError = ApiError;
+/**
+ * Makes an authenticated HTTP request to the orchestrator API.
+ *
+ * Automatically injects the Bearer token if the user is logged in.
+ * If no token is stored, the request is sent without auth (the server
+ * decides whether to allow unauthenticated access).
+ *
+ * @param method - HTTP method (GET, POST, etc.)
+ * @param urlPath - Path relative to the API base URL (e.g., "/v1/jobs")
+ * @param body - Optional request body; will be JSON-serialized.
+ * @returns Parsed JSON response body, typed as T.
+ * @throws ApiError if the server returns a non-2xx status.
+ *
+ * Side effects: Reads token from ~/.jungle-grid/credentials.json via auth.ts.
+ */
+async function apiRequest(method, urlPath, body) {
+    const baseUrl = (0, config_1.getApiUrl)();
+    const url = `${baseUrl}${urlPath}`;
+    // Build headers. Content-Type is always JSON for consistency.
+    const headers = {
+        "Content-Type": "application/json",
+        Accept: "application/json",
+    };
+    // Inject Bearer token if available. The token is read fresh on every
+    // request so that login/logout within the same process takes effect
+    // immediately without restarting.
+    const token = (0, auth_1.readToken)();
+    if (token) {
+        headers["Authorization"] = `Bearer ${token}`;
+    }
+    const response = await fetch(url, {
+        method,
+        headers,
+        body: body ? JSON.stringify(body) : undefined,
+    });
+    // Parse response body. Even error responses are JSON from the orchestrator.
+    const data = await response.json();
+    if (!response.ok) {
+        const errBody = data?.error;
+        throw new ApiError(response.status, errBody?.code ?? "UNKNOWN", errBody?.message ?? `Request failed with status ${response.status}`);
+    }
+    return data;
+}
+/**
+ * Convenience: makes a GET request expecting a JSON response,
+ * but returns null on 202 (pending) instead of throwing.
+ * Used by the device-flow token polling loop.
+ *
+ * @param urlPath - Path relative to the API base URL.
+ * @returns Parsed response, or null if status is 202.
+ * @throws ApiError for non-2xx statuses other than 202.
+ */
+async function apiPoll(urlPath) {
+    const baseUrl = (0, config_1.getApiUrl)();
+    const url = `${baseUrl}${urlPath}`;
+    const headers = {
+        Accept: "application/json",
+    };
+    const token = (0, auth_1.readToken)();
+    if (token) {
+        headers["Authorization"] = `Bearer ${token}`;
+    }
+    const response = await fetch(url, { method: "GET", headers });
+    // 202 means "still pending" in the device auth flow.
+    if (response.status === 202) {
+        return null;
+    }
+    const data = await response.json();
+    if (!response.ok) {
+        const errBody = data?.error;
+        throw new ApiError(response.status, errBody?.code ?? "UNKNOWN", errBody?.message ?? `Request failed with status ${response.status}`);
+    }
+    return data;
+}
+//# sourceMappingURL=api.js.map

package/dist/api.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"api.js","sourceRoot":"","sources":["../src/api.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;GAmBG;;;AA6MH,gCAyCC;AAWD,0BAgCC;AA/RD,qCAAqC;AACrC,iCAAmC;AA0KnC,8EAA8E;AAE9E;;;GAGG;AACH,MAAa,QAAS,SAAQ,KAAK;IAEf;IACA;IAFlB,YACkB,MAAc,EACd,IAAY,EAC5B,OAAe;QAEf,KAAK,CAAC,OAAO,CAAC,CAAC;QAJC,WAAM,GAAN,MAAM,CAAQ;QACd,SAAI,GAAJ,IAAI,CAAQ;QAI5B,IAAI,CAAC,IAAI,GAAG,UAAU,CAAC;IACzB,CAAC;CACF;AATD,4BASC;AAED;;;;;;;;;;;;;;GAcG;AACI,KAAK,UAAU,UAAU,CAC9B,MAAc,EACd,OAAe,EACf,IAAc;IAEd,MAAM,OAAO,GAAG,IAAA,kBAAS,GAAE,CAAC;IAC5B,MAAM,GAAG,GAAG,GAAG,OAAO,GAAG,OAAO,EAAE,CAAC;IAEnC,8DAA8D;IAC9D,MAAM,OAAO,GAA2B;QACtC,cAAc,EAAE,kBAAkB;QAClC,MAAM,EAAE,kBAAkB;KAC3B,CAAC;IAEF,qEAAqE;IACrE,oEAAoE;IACpE,kCAAkC;IAClC,MAAM,KAAK,GAAG,IAAA,gBAAS,GAAE,CAAC;IAC1B,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,CAAC,eAAe,CAAC,GAAG,UAAU,KAAK,EAAE,CAAC;IAC/C,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAChC,MAAM;QACN,OAAO;QACP,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;KAC9C,CAAC,CAAC;IAEH,4EAA4E;IAC5E,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IAEnC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,OAAO,GAAG,IAAI,EAAE,KAAK,CAAC;QAC5B,MAAM,IAAI,QAAQ,CAChB,QAAQ,CAAC,MAAM,EACf,OAAO,EAAE,IAAI,IAAI,SAAS,EAC1B,OAAO,EAAE,OAAO,IAAI,8BAA8B,QAAQ,CAAC,MAAM,EAAE,CACpE,CAAC;IACJ,CAAC;IAED,OAAO,IAAS,CAAC;AACnB,CAAC;AAED;;;;;;;;GAQG;AACI,KAAK,UAAU,OAAO,CAAI,OAAe;IAC9C,MAAM,OAAO,GAAG,IAAA,kBAAS,GAAE,CAAC;IAC5B,MAAM,GAAG,GAAG,GAAG,OAAO,GAAG,OAAO,EAAE,CAAC;IAEnC,MAAM,OAAO,GAA2B;QACtC,MAAM,EAAE,kBAAkB;KAC3B,CAAC;IAEF,MAAM,KAAK,GAAG,IAAA,gBAAS,GAAE,CAAC;IAC1B,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,CAAC,eAAe,CAAC,GAAG,UAAU,KAAK,EAAE,CAAC;IAC/C,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;IAE9D,qDAAqD;IACrD,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QAC5B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IAEnC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,OAAO,GAAG,IAAI,EAAE,KAAK,CAAC;QAC5B,MAAM,IAAI,QAAQ,CAChB,QAAQ,CAAC,MAAM,EACf,OAAO,EAAE,IAAI,IAAI,SAAS,EAC1B,OAAO,EAAE,OAAO,IAAI,8BAA8B,QAAQ,CAAC,MAAM,EAAE,CACpE,CAAC;IACJ,CAAC;IAED,OAAO,IAAS,CAAC;AACnB,CAAC"}

package/dist/auth.d.ts

@@ -0,0 +1,66 @@
+/**
+ * auth.ts — Token storage and retrieval for Jungle Grid CLI.
+ *
+ * Architecture role: Pillar 1 (Abstract GPU Selection) support module.
+ * This module manages the JWT token that authenticates CLI users against
+ * the orchestrator API. It reads/writes ~/.jungle-grid/credentials.json.
+ *
+ * SECURITY INVARIANTS:
+ *   - The token is NEVER logged, printed, or included in error messages.
+ *   - The credentials file is written with mode 0600 (owner-only read/write).
+ *   - The token is a JWT signed server-side; the CLI treats it as opaque.
+ *
+ * Upstream: Called by api.ts (to read token for Bearer header) and
+ *           index.ts login/logout commands (to write/clear token).
+ * Downstream: Reads/writes ~/.jungle-grid/credentials.json.
+ */
+/**
+ * Shape of the credentials stored on disk.
+ * The token field is an opaque JWT — the CLI never decodes or validates it.
+ * The user fields are convenience copies for display (e.g., `jungle whoami`).
+ */
+export interface StoredCredentials {
+    /** JWT Bearer token issued by the orchestrator. Opaque to the CLI. */
+    token: string;
+    /** Basic user info returned alongside the token during login. */
+    user: {
+        id: string;
+        email: string;
+    };
+}
+/**
+ * Reads stored credentials from disk.
+ *
+ * @returns The stored credentials, or null if not logged in or file is corrupt.
+ *          Never throws — a missing or malformed file simply means "not authenticated".
+ */
+export declare function readCredentials(): StoredCredentials | null;
+/**
+ * Reads just the Bearer token from stored credentials.
+ * Convenience wrapper used by the API client.
+ *
+ * @returns The JWT token string, or null if not authenticated.
+ */
+export declare function readToken(): string | null;
+/**
+ * Persists credentials to disk after a successful login.
+ *
+ * Creates the config directory if it doesn't exist.
+ * Writes with restrictive permissions to protect the token.
+ *
+ * @param credentials - The token and user info to store.
+ *
+ * Side effects: Creates ~/.jungle-grid/ directory if missing.
+ *               Writes ~/.jungle-grid/credentials.json with mode 0600.
+ */
+export declare function writeCredentials(credentials: StoredCredentials): void;
+/**
+ * Removes stored credentials (logout).
+ *
+ * Deletes the credentials file entirely rather than zeroing it,
+ * so readCredentials() returns null immediately after.
+ *
+ * Side effects: Deletes ~/.jungle-grid/credentials.json if it exists.
+ */
+export declare function clearCredentials(): void;
+//# sourceMappingURL=auth.d.ts.map

package/dist/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAaH;;;;GAIG;AACH,MAAM,WAAW,iBAAiB;IAChC,sEAAsE;IACtE,KAAK,EAAE,MAAM,CAAC;IACd,iEAAiE;IACjE,IAAI,EAAE;QACJ,EAAE,EAAE,MAAM,CAAC;QACX,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;CACH;AAWD;;;;;GAKG;AACH,wBAAgB,eAAe,IAAI,iBAAiB,GAAG,IAAI,CAkB1D;AAED;;;;;GAKG;AACH,wBAAgB,SAAS,IAAI,MAAM,GAAG,IAAI,CAGzC;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,gBAAgB,CAAC,WAAW,EAAE,iBAAiB,GAAG,IAAI,CAerE;AAED;;;;;;;GAOG;AACH,wBAAgB,gBAAgB,IAAI,IAAI,CASvC"}

package/dist/auth.js

@@ -0,0 +1,151 @@
+"use strict";
+/**
+ * auth.ts — Token storage and retrieval for Jungle Grid CLI.
+ *
+ * Architecture role: Pillar 1 (Abstract GPU Selection) support module.
+ * This module manages the JWT token that authenticates CLI users against
+ * the orchestrator API. It reads/writes ~/.jungle-grid/credentials.json.
+ *
+ * SECURITY INVARIANTS:
+ *   - The token is NEVER logged, printed, or included in error messages.
+ *   - The credentials file is written with mode 0600 (owner-only read/write).
+ *   - The token is a JWT signed server-side; the CLI treats it as opaque.
+ *
+ * Upstream: Called by api.ts (to read token for Bearer header) and
+ *           index.ts login/logout commands (to write/clear token).
+ * Downstream: Reads/writes ~/.jungle-grid/credentials.json.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.readCredentials = readCredentials;
+exports.readToken = readToken;
+exports.writeCredentials = writeCredentials;
+exports.clearCredentials = clearCredentials;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const config_1 = require("./config");
+/**
+ * Filename for stored credentials.
+ * Contains the JWT token and basic user info (email, id).
+ * Changing this name would break existing authenticated sessions.
+ */
+const CREDENTIALS_FILE = "credentials.json";
+/**
+ * Returns the full path to the credentials file.
+ *
+ * @returns Absolute path to ~/.jungle-grid/credentials.json
+ */
+function credentialsPath() {
+    return path.join((0, config_1.getConfigDir)(), CREDENTIALS_FILE);
+}
+/**
+ * Reads stored credentials from disk.
+ *
+ * @returns The stored credentials, or null if not logged in or file is corrupt.
+ *          Never throws — a missing or malformed file simply means "not authenticated".
+ */
+function readCredentials() {
+    try {
+        const filePath = credentialsPath();
+        if (!fs.existsSync(filePath)) {
+            return null;
+        }
+        const raw = fs.readFileSync(filePath, "utf-8");
+        const parsed = JSON.parse(raw);
+        // Minimal validation — we need at least a token string to be useful.
+        if (!parsed.token || typeof parsed.token !== "string") {
+            return null;
+        }
+        return parsed;
+    }
+    catch {
+        // Corrupt file — treat as not authenticated.
+        return null;
+    }
+}
+/**
+ * Reads just the Bearer token from stored credentials.
+ * Convenience wrapper used by the API client.
+ *
+ * @returns The JWT token string, or null if not authenticated.
+ */
+function readToken() {
+    const creds = readCredentials();
+    return creds?.token ?? null;
+}
+/**
+ * Persists credentials to disk after a successful login.
+ *
+ * Creates the config directory if it doesn't exist.
+ * Writes with restrictive permissions to protect the token.
+ *
+ * @param credentials - The token and user info to store.
+ *
+ * Side effects: Creates ~/.jungle-grid/ directory if missing.
+ *               Writes ~/.jungle-grid/credentials.json with mode 0600.
+ */
+function writeCredentials(credentials) {
+    const dir = (0, config_1.getConfigDir)();
+    // Ensure the config directory exists. The recursive flag is safe
+    // even if the directory already exists.
+    if (!fs.existsSync(dir)) {
+        fs.mkdirSync(dir, { recursive: true });
+    }
+    const filePath = credentialsPath();
+    const content = JSON.stringify(credentials, null, 2) + "\n";
+    // Write with owner-only permissions. On Windows this is a no-op for the
+    // mode parameter, but we set it for correctness on Unix systems.
+    fs.writeFileSync(filePath, content, { mode: 0o600 });
+}
+/**
+ * Removes stored credentials (logout).
+ *
+ * Deletes the credentials file entirely rather than zeroing it,
+ * so readCredentials() returns null immediately after.
+ *
+ * Side effects: Deletes ~/.jungle-grid/credentials.json if it exists.
+ */
+function clearCredentials() {
+    const filePath = credentialsPath();
+    try {
+        if (fs.existsSync(filePath)) {
+            fs.unlinkSync(filePath);
+        }
+    }
+    catch {
+        // If we can't delete, the file may already be gone. Not critical.
+    }
+}
+//# sourceMappingURL=auth.js.map

package/dist/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA2CH,0CAkBC;AAQD,8BAGC;AAaD,4CAeC;AAUD,4CASC;AArHD,uCAAyB;AACzB,2CAA6B;AAC7B,qCAAwC;AAExC;;;;GAIG;AACH,MAAM,gBAAgB,GAAG,kBAAkB,CAAC;AAiB5C;;;;GAIG;AACH,SAAS,eAAe;IACtB,OAAO,IAAI,CAAC,IAAI,CAAC,IAAA,qBAAY,GAAE,EAAE,gBAAgB,CAAC,CAAC;AACrD,CAAC;AAED;;;;;GAKG;AACH,SAAgB,eAAe;IAC7B,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,eAAe,EAAE,CAAC;QACnC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC7B,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC/C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAsB,CAAC;QAEpD,qEAAqE;QACrE,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;YACtD,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,MAAM,CAAC;QACP,6CAA6C;QAC7C,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,SAAgB,SAAS;IACvB,MAAM,KAAK,GAAG,eAAe,EAAE,CAAC;IAChC,OAAO,KAAK,EAAE,KAAK,IAAI,IAAI,CAAC;AAC9B,CAAC;AAED;;;;;;;;;;GAUG;AACH,SAAgB,gBAAgB,CAAC,WAA8B;IAC7D,MAAM,GAAG,GAAG,IAAA,qBAAY,GAAE,CAAC;IAE3B,iEAAiE;IACjE,wCAAwC;IACxC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACxB,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACzC,CAAC;IAED,MAAM,QAAQ,GAAG,eAAe,EAAE,CAAC;IACnC,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC;IAE5D,wEAAwE;IACxE,iEAAiE;IACjE,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AACvD,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,gBAAgB;IAC9B,MAAM,QAAQ,GAAG,eAAe,EAAE,CAAC;IACnC,IAAI,CAAC;QACH,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5B,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,kEAAkE;IACpE,CAAC;AACH,CAAC"}

package/dist/banner.d.ts

@@ -0,0 +1,5 @@
+/**
+ * banner.ts - Shared banner output for the Jungle Grid CLI.
+ */
+export declare function printBanner(version?: string): void;
+//# sourceMappingURL=banner.d.ts.map

package/dist/banner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"banner.d.ts","sourceRoot":"","sources":["../src/banner.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,wBAAgB,WAAW,CAAC,OAAO,SAAU,GAAG,IAAI,CAEnD"}

package/dist/banner.js

@@ -0,0 +1,11 @@
+"use strict";
+/**
+ * banner.ts - Shared banner output for the Jungle Grid CLI.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.printBanner = printBanner;
+const ui_1 = require("./ui");
+function printBanner(version = "0.1.0") {
+    process.stdout.write(`${(0, ui_1.renderBanner)(version)}\n`);
+}
+//# sourceMappingURL=banner.js.map

package/dist/banner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"banner.js","sourceRoot":"","sources":["../src/banner.ts"],"names":[],"mappings":";AAAA;;GAEG;;AAIH,kCAEC;AAJD,6BAAoC;AAEpC,SAAgB,WAAW,CAAC,OAAO,GAAG,OAAO;IAC3C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,IAAA,iBAAY,EAAC,OAAO,CAAC,IAAI,CAAC,CAAC;AACrD,CAAC"}

package/dist/config.d.ts

@@ -0,0 +1,30 @@
+/**
+ * config.ts — CLI configuration loader for Jungle Grid.
+ *
+ * Architecture role: Pillar 1 (Abstract GPU Selection) support module.
+ * The CLI must know where the orchestrator API lives, but never what
+ * hardware sits behind it. This module resolves the API base URL from
+ * three sources in priority order:
+ *   1. JUNGLE_GRID_API environment variable (highest priority)
+ *   2. ~/.jungle-grid/config.json file
+ *   3. Built-in default (http://api.junglegrid.jaguarbuilds.dev:8080)
+ *
+ * Upstream: Called by api.ts to build request URLs.
+ * Downstream: Reads from filesystem (~/.jungle-grid/config.json).
+ */
+/**
+ * Resolves the orchestrator API base URL.
+ *
+ * Priority: JUNGLE_GRID_API env > config.json > default.
+ *
+ * @returns The API base URL string, never empty, never trailing-slashed.
+ */
+export declare function getApiUrl(): string;
+/**
+ * Returns the path to the Jungle Grid config directory.
+ * Used by auth.ts to know where to write credentials.
+ *
+ * @returns Absolute path to ~/.jungle-grid/
+ */
+export declare function getConfigDir(): string;
+//# sourceMappingURL=config.d.ts.map

package/dist/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAoCH;;;;;;GAMG;AACH,wBAAgB,SAAS,IAAI,MAAM,CAyBlC;AAED;;;;;GAKG;AACH,wBAAgB,YAAY,IAAI,MAAM,CAErC"}