HelloJohn / docs
hjctl CLI

CLI Reference

Complete command reference for hjctl — the HelloJohn CLI.

CLI Reference

Complete reference for all hjctl commands, flags, and options.

Global flags

These flags are available on every command:

FlagShortDefaultDescription
--api-key$HJ_API_KEYHelloJohn API secret key
--api-url$HJ_API_URLHelloJohn API base URL
--profile-pdefaultConfig profile name
--format-ftableOutput format: table, json, yaml, csv
--no-colorfalseDisable colored output
--quiet-qfalseSuppress non-essential output
--help-hShow help for command
--version-vShow version

hjctl auth

hjctl auth login [flags]
hjctl auth logout
hjctl auth status
hjctl auth switch-profile <profile>
FlagDescription
--api-key <key>Authenticate with an API key (non-interactive)
--api-url <url>HelloJohn API URL
--profile <name>Profile name to save credentials as

hjctl config

hjctl config set <key> <value> [--profile <name>]
hjctl config get <key> [--profile <name>]
hjctl config list [--profile <name>]
hjctl config delete <key>
hjctl config show-server

Config keys: api-key, api-url, default-tenant, format

hjctl users

hjctl users list [flags]
hjctl users get <id|--email email> [flags]
hjctl users create [flags]
hjctl users update <id> [flags]
hjctl users disable <id>
hjctl users enable <id>
hjctl users delete <id> [--confirm]
hjctl users reset-password <id>
hjctl users set-password <id> [--password <pwd>]
hjctl users sessions <id>
hjctl users revoke-sessions <id> [--session <session-id>]

hjctl users list

FlagDescription
--tenant <id>Filter by tenant ID
--role <role>Filter by role (admin, member, custom)
--email-verifiedFilter to verified email users
--disabledShow disabled users only
--limit <n>Max results (default: 50)
--cursor <cursor>Pagination cursor

hjctl users create

FlagRequiredDescription
--email <email>User email
--password <pwd>Password (prompted if omitted)
--display-name <name>Display name
--tenant <id>Tenant ID
--role <role>Role (default: member)
--skip-email-verificationMark email as verified
--metadata <json>Public metadata as JSON

hjctl users update

FlagDescription
--display-name <name>Update display name
--role <role>Update role
--email <email>Update email
--metadata <json>Update public metadata (merged)
--private-metadata <json>Update private metadata (merged)

hjctl tenants

hjctl tenants list [flags]
hjctl tenants get <id|--slug slug>
hjctl tenants create [flags]
hjctl tenants update <id> [flags]
hjctl tenants delete <id> [--confirm]
hjctl tenants stats <id>
hjctl tenants config get <id>
hjctl tenants config set <id> [flags]

hjctl tenants create

FlagRequiredDescription
--name <name>Tenant display name
--slug <slug>URL-safe slug (auto-generated if omitted)
--metadata <json>Tenant metadata as JSON

hjctl tenants config set

FlagDescription
--allowed-auth-methods <methods>Comma-separated: email_password,google,github
--mfa-requiredEnable required MFA for all users
--email-domain <domain>Restrict signups to this email domain
--password-min-length <n>Minimum password length
--session-ttl <duration>Access token TTL (e.g. 30m)

hjctl orgs

hjctl orgs list --tenant <id>
hjctl orgs get <id>
hjctl orgs create [flags]
hjctl orgs update <id> [flags]
hjctl orgs delete <id> [--confirm]
hjctl orgs members <id>
hjctl orgs add-member <org-id> [flags]
hjctl orgs remove-member <org-id> --user <user-id>
hjctl orgs update-member <org-id> --user <user-id> --role <role>

hjctl orgs create

FlagRequiredDescription
--tenant <id>Tenant ID
--name <name>Organization name
--slug <slug>URL-safe slug

hjctl orgs add-member

FlagRequiredDescription
--user <id>User ID to add
--role <role>Role in org (default: member)

hjctl api-keys

hjctl api-keys list [--tenant <id>]
hjctl api-keys get <id>
hjctl api-keys create [flags]
hjctl api-keys rotate <id>
hjctl api-keys revoke <id>

hjctl api-keys create

FlagRequiredDescription
--name <name>Key name
--scopes <scopes>Comma-separated scopes
--tenant <id>Scope key to a tenant
--expires <date>Expiry date (ISO 8601 or YYYY-MM-DD)

Available scopes: users:read, users:write, tenants:read, tenants:write, orgs:read, orgs:write, sessions:read, sessions:write, audit-logs:read, webhooks:read, webhooks:write

hjctl webhooks

hjctl webhooks list
hjctl webhooks get <id>
hjctl webhooks create [flags]
hjctl webhooks update <id> [flags]
hjctl webhooks delete <id>
hjctl webhooks test <id> [--event <type>]
hjctl webhooks deliveries <id> [flags]
hjctl webhooks forward [--port <port>] [--path <path>]

hjctl webhooks create

FlagRequiredDescription
--url <url>Endpoint URL
--events <events>Comma-separated event types (default: *)
--secret <secret>HMAC signing secret (auto-generated if omitted)
--tenant <id>Scope to a tenant
--enabledEnable immediately (default: true)

hjctl webhooks deliveries

FlagDescription
--status <status>success, failed, pending
--limit <n>Max results (default: 20)
--since <duration>e.g. 24h, 7d

hjctl webhooks forward

Forwards webhook events to a local development server.

FlagDefaultDescription
--port <n>3001Local server port
--path <path>/webhooks/hellojohnLocal endpoint path
--events <events>*Events to forward

hjctl audit-logs

hjctl audit-logs list [flags]
hjctl audit-logs get <id>
hjctl audit-logs export [flags]

hjctl audit-logs list

FlagDescription
--type <type>Event type filter (supports user.* wildcards)
--actor <id>Filter by actor ID
--result <result>success or failure
--ip <ip>Filter by IP address
--tenant <id>Filter by tenant
--from <datetime>Start time (ISO 8601 or YYYY-MM-DD)
--to <datetime>End time
--limit <n>Max results (default: 50)

hjctl audit-logs export

FlagDefaultDescription
--format <fmt>csvcsv or ndjson
--from <datetime>Start time (required)
--to <datetime>nowEnd time
--output <file>-Output file (- = stdout)
--type <type>Filter by event type
--tenant <id>Filter by tenant

hjctl migrate

hjctl migrate          # Run pending migrations
hjctl migrate status   # Show migration status
hjctl migrate rollback # Roll back last migration (use with caution)

hjctl admin

hjctl admin seed [flags]    # Create first admin account
hjctl admin list            # List system admins
hjctl admin add <email>     # Grant system admin role
hjctl admin remove <email>  # Revoke system admin role

hjctl admin seed

FlagRequiredDescription
--email <email>Admin email
--password <pwd>Password (prompted if omitted)

hjctl health

hjctl health              # Check API + DB + Redis + SMTP health
hjctl health --watch      # Continuous health monitoring (every 30s)
hjctl health --json       # Output as JSON

hjctl version

hjctl version             # Print version
hjctl version --json      # Print version as JSON
hjctl version --check     # Check for newer version

Exit codes

CodeMeaning
0Success
1General error
2Invalid arguments
3Authentication error
4Not found
5Rate limited

hjctl CLI

Manage HelloJohn users, tenants, API keys, and webhooks from the command line with hjctl.

hj tenants

Manage HelloJohn tenants from the command line — create, list, update, and switch between tenants with hjctl.

On this page

CLI ReferenceGlobal flagshjctl authhjctl confighjctl usershjctl users listhjctl users createhjctl users updatehjctl tenantshjctl tenants createhjctl tenants config sethjctl orgshjctl orgs createhjctl orgs add-memberhjctl api-keyshjctl api-keys createhjctl webhookshjctl webhooks createhjctl webhooks deliverieshjctl webhooks forwardhjctl audit-logshjctl audit-logs listhjctl audit-logs exporthjctl migratehjctl adminhjctl admin seedhjctl healthhjctl versionExit codes