Posted 2026-05-21 · Updated 2026-06-06 · ~5 min read
The JSO AI surface is now available in two modes. Anyone can use the browser previews to see the answer shape without an API key. Signed-in accounts can save their own OpenAI or Claude key in the dashboard and run live AI through the same JSO endpoints.
June 2026 update. BYO OpenAI and Claude keys are the primary activation path in this workspace. Managed JSO AI checkout is optional and only appears when billing is enabled. Save a provider key in
AI Settings to make the AI endpoints return live provider-backed answers for your account.
What is available now
- preset-suggest helps turn a plain-language project description into starter protection settings.
- compat-check reviews JavaScript for patterns that may break after protection, such as dynamic code execution, reflection-heavy framework code, or source-map leakage.
- explain-error turns a protected-output runtime error into a likely cause and practical next step.
- usage exposes current-month AI usage counters for dashboards and monitoring.
All four endpoints use the same APIKey + APIPwd authentication as the obfuscation API. The response envelope is locked by /Docs/ai-wire-format.schema.json and the polyglot smoke harness, so client integrations can validate the shape in CI.
Preview pages do not need a key
The browser previews run the same rule-based guidance locally, so evaluators can see the product shape before connecting a provider key or API account.
Live AI uses your provider key first
Open AI Settings, choose OpenAI or Claude, and save a provider key. JSO encrypts the key before storage and never shows it again after save. Provider billing stays with the OpenAI or Claude account that owns the key, while JSO tracks usage so the dashboard can show activity and limits.
Managed JSO AI plans are separate from the core obfuscation plans. They are visible on premium-membership.aspx, but online checkout is available only when managed AI billing is enabled for the workspace. When checkout is disabled, the dashboard points users to BYO setup or support instead of creating a broken Stripe session.
Observability is part of the contract
The usage endpoint and Prometheus textfile exporter let teams track AI usage where they already watch build and runtime systems.
* * * * * JSO_API_KEY=... JSO_API_PASSWORD=... \
/usr/bin/node /opt/jso/jso-ai-quota-exporter.js \
--out /var/lib/node_exporter/textfile_collector/jso_ai.prom
The exporter records scrape success, action use, token use, quota caps, and quota rejections. Cookbook recipe 13 has the full setup.
How this changes the CLI
The AI compatibility check can run before protection. Add --ai-precheck to the existing jso-protector command and the CLI scans input files before spending obfuscation quota.
jso-protector --config jso.config.json --ai-precheck --ai-precheck-fail-on error
The standalone variant, jso ai compat-scan, remains available when teams want to run the gate separately from the protection step.
What is next
Phase 1 now focuses on making the BYO-key account path smoother: key testing, clearer usage states, better dashboard copy, and predictable fallback to preview mode when no provider key is available. The wire envelope does not change. provider shifts from rule-based to claude-byo or openai-byo for accounts using their own key.
Phase 2 is the Resistance Score: a planned adversarial probe that reports how much useful structure a named attacker recovers from protected output. That should be evidence a team can audit, not just a marketing claim.
Follow along
The release cadence is visible at /changelog.aspx and subscribable via RSS. The shipping roadmap is at /roadmap.aspx.
For help choosing BYO setup or a managed AI tier, contact support.
TL;DR. Preview mode is enough to wire an integration. Saving an OpenAI or Claude key turns the same endpoints into live AI for that account. Managed checkout is optional and environment-gated.