deloc
Start deploying

Account & tokens

Checking your identity, minting tokens for CI, upgrading plans, and the canonical tier-limits table both the API and the Worker enforce.

Checking your account

shell
deloc whoami

Prints:

  • Email and username
  • Org (if any) and your role within it
  • Current tier (free, pro, pro_unlimited, team, enterprise)
  • Storage used vs. limit
  • Subdomain your apps live on ({username}.deloc.dev or {org-slug}.deloc.dev)

Run this before anything destructive — it's easy to end up in the wrong account when you have multiple.

API tokens

Tokens authenticate every CLI and MCP call. You already have one from deloc login (stored in ~/.deloc/config.json). Create additional named tokens for specific machines or CI pipelines:

shell
deloc tokens list                          # Active tokens
deloc tokens create "GitHub Actions CI"    # Mint a new one (printed once)
deloc tokens revoke tok_abc123             # Revoke by ID
Tokens are shown once
The token value is printed to stdout exactly once at creation. The server only stores a bcrypt hash. If you lose it, revoke and mint a new one.

Using a token

Three ways, in precedence order:

  • DELOC_TOKEN environment variable (highest priority — best for CI)
  • ~/.deloc/config.json (written by deloc login)
  • MCP server env block in the editor's config
shell
# One-off run with a specific token
DELOC_TOKEN=dl_xxxxx deloc list

# CI (GitHub Actions)
env:
  DELOC_TOKEN: ${{ secrets.DELOC_TOKEN }}

Token scope and expiry

Tokens carry the identity of the user (or org member) who created them. They inherit that user's role — publisher, admin, viewer. Default expiry is 30 days, but you can rotate or revoke any time from deloc tokens list.

Upgrading and billing

shell
deloc upgrade                  # Opens Stripe checkout
deloc upgrade pro_unlimited    # Jump straight to a specific plan
deloc billing                  # Customer portal (cards, invoices, cancel)

Self-serve plans — Pro, Pro Unlimited, Team — are Stripe checkouts. You're returned to the dashboard after payment and the tier flips immediately. Enterprise is custom — see pricing and reach out.

Tier limits at a glance

TierAppsStorageBandwidth / app / moPer deployExpiryActionsDomain restrict
Free3100MB1GB50MB30 days
Pro51GB10GB100MBnever
Pro Unlimited5GB25GB250MBnever
Team10GB50GB500MBnever
Enterprisecustomcustom1GBnever

The canonical values live in packages/shared/src/constants.ts and are enforced identically by the API (on upload) and the Worker (on each request). Enterprise custom deals override individual caps via the org record.

Feature gating beyond limits
  • Free tier shows a Deloc branding badge; all paid tiers remove it.
  • Domain-restricted access is Pro Unlimited and above.
  • Actions are Pro and above.
  • Team tier adds multi-publisher, org roles, and activity log.
  • Enterprise adds SSO, admin console, audit log export, SCIM.

Logout and switching accounts

shell
deloc logout

Revokes the current token server-side and clears ~/.deloc/config.json. Your MCP server loses auth too (it reads the same config).

To switch accounts, logout then login with the other credentials:

shell
deloc logout && deloc login

Or override on a per-command basis without touching the config:

shell
DELOC_TOKEN=dl_other_account_token deloc list