parako CLI
parako is a thin app-files helper that introspects the install layout and delegates upgrade / rollback / gc to install.sh. It never starts, stops, restarts, or configures services; never runs database migrations or backups; never touches nginx, TLS, or secrets — those remain operator-owned. Operator runbook: Upgrades.
| Verb | Purpose | Delegates to |
|---|---|---|
parako version | Print helper + app + previous-release versions | reads current/package.json + .parako-state |
parako paths | Print resolved install paths | reads .parako-state |
parako doctor [--json] | File / config sanity (no service, no DB, no network) | install.sh --doctor |
parako update [--version vX.Y.Z] | App-files update; atomic symlink swap | install.sh --update |
parako rollback [--to vX.Y.Z] | Re-aim current to a prior release | install.sh --rollback |
parako gc [--keep N] [--yes] | Prune old releases/v*/; never touches runtime/ | install.sh --gc |
parako clean-stale | Auto-remove stale current.tmp.* symlinks left by a crashed run | install.sh --clean-stale --doctor |
parako self-update [--force] | Refresh the parako helper itself (prefers contrib/, falls back URL) | none (atomic local replace) |
parako uninstall [--purge] [--keep-bin] | Remove the install; preserves runtime/ unless --purge | install.sh --uninstall |
parako --help | Help text | — |
parako version
Section titled “parako version”== parako parako helper 0.2.0 install dir /opt/parako-id current release v0.2.0 previous release <none> app version 0.2.0parako paths
Section titled “parako paths”== Parako.ID paths install dir /opt/parako-id current symlink /opt/parako-id/current current target /opt/parako-id/releases/v0.2.0 runtime /opt/parako-id/runtime env file /opt/parako-id/runtime/.env jwks dir /opt/parako-id/runtime/jwks logs dir /opt/parako-id/runtime/logs releases dir /opt/parako-id/releases state file /opt/parako-id/.parako-stateWire your supervisor (systemd WorkingDirectory, PM2 cwd, docker-compose volume) at /opt/parako-id/current.
parako doctor
Section titled “parako doctor”== Parako.ID doctor Install dir /opt/parako-id Current release v0.2.0 Previous <none> Version 0.2.0 Installed at 20260603T103244Z dist/src/index.js ... present [OK] runtime/.env ....... missing (copy from current/contrib/.env.sample) [WARN] runtime/jwks/jwks.json absent [INFO] (only required for file-backed key storage) Releases on disk ... 1--json emits the same data for scripting. Doctor does not probe systemctl, pm2, curl /health, or any database client.
parako update
Section titled “parako update”parako update # latest stableparako update --version v0.2.1 # pinparako update --plan # no network, no writesparako update --dry-run # download + cosign verify, no writesThe atomic pointer swap leaves your runtime/ untouched and your service running on the old code paths until you restart. See Upgrades for the full operator runbook.
parako rollback
Section titled “parako rollback”parako rollback # previous releaseparako rollback --to v0.1.5 # specific release on diskWarning: Application files revert, but database migrations are NOT reversed. See the Upgrades → Rollback decision tree.
parako gc
Section titled “parako gc”parako gc # previewparako gc --keep 3 --yes # apply, retain N from the deletable setTwo releases are always protected (current and previous, per .parako-state); --keep N (default 3) retains N more from releases/v*/ sorted by mtime. GC never touches runtime/.
parako uninstall
Section titled “parako uninstall”parako uninstall # remove releases/, current, .parako-state; also removes /usr/local/bin/parakoparako uninstall --keep-bin # same, but preserves the parako helper binaryparako uninstall --purge # also wipes runtime/ (operator data — requires explicit `yes` confirmation)By default parako uninstall keeps runtime/ (operator data — .env, JWKS, uploads). Pass --purge for a complete wipe.
parako self-update
Section titled “parako self-update”parako self-update # refresh from contrib/parako.sh (cosign-verified) or get.parako.idparako self-update --force # reinstall even if version matchesparako self-update --from-url <URL> # explicit fetch URL (HTTPS only)parako self-update updates only the parako helper binary at /usr/local/bin/parako (or ~/.local/bin/parako for non-root installs). For application updates, use parako update.
Source priority:
<install>/current/contrib/parako.shif an install exists (already cosign-verified at install time).https://get.parako.id/parako.shotherwise (TLS-only trust).
parako clean-stale
Section titled “parako clean-stale”parako clean-staleRemoves any current.tmp.* symlink left over by a crashed installer run, then runs parako doctor. Safe to run anytime — acquires the installer lock first so it cannot race with a concurrent install.