@btcemail/cli 0.3.0 → 0.5.0

package/dist/index.js

@@ -2,12 +2,9 @@
 
 // src/index.ts
 import { Command } from "commander";
-import pc11 from "picocolors";
+import pc16 from "picocolors";
 
-// src/commands/login.ts
-import { randomUUID } from "crypto";
-import open from "open";
-import ora from "ora";
+// src/commands/blocklist.ts
 import pc from "picocolors";
 
 // src/config.ts
@@ -104,104 +101,6 @@ function getToken() {
   return auth.token;
 }
 
-// src/commands/login.ts
-var POLL_INTERVAL_MS = 2e3;
-var POLL_TIMEOUT_MS = 3e5;
-async function loginCommand() {
-  const sessionId = randomUUID();
-  const baseUrl = getApiBaseUrl().replace("/api/v1", "");
-  const authUrl = `${baseUrl}/auth/cli?session_id=${sessionId}`;
-  const pollUrl = `${baseUrl}/api/auth/cli-session?session_id=${sessionId}`;
-  console.log();
-  console.log(pc.bold("btc.email CLI Login"));
-  console.log();
-  try {
-    const createResponse = await fetch(
-      `${baseUrl}/api/auth/cli-session`,
-      {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify({ session_id: sessionId })
-      }
-    );
-    if (!createResponse.ok) {
-      console.error(pc.red("Failed to initialize login session"));
-      process.exit(1);
-    }
-  } catch (error) {
-    console.error(pc.red("Failed to connect to btc.email server"));
-    console.error(
-      pc.dim(error instanceof Error ? error.message : "Unknown error")
-    );
-    process.exit(1);
-  }
-  console.log(pc.dim("Opening browser for authentication..."));
-  console.log();
-  console.log(pc.dim("If the browser doesn't open, visit:"));
-  console.log(pc.cyan(authUrl));
-  console.log();
-  try {
-    await open(authUrl);
-  } catch {
-  }
-  const spinner = ora("Waiting for authentication...").start();
-  const startTime = Date.now();
-  while (Date.now() - startTime < POLL_TIMEOUT_MS) {
-    try {
-      const response = await fetch(pollUrl);
-      if (response.status === 202) {
-        await sleep(POLL_INTERVAL_MS);
-        continue;
-      }
-      if (response.status === 410) {
-        spinner.fail("Session expired. Please try again.");
-        process.exit(1);
-      }
-      if (response.ok) {
-        const data = await response.json();
-        if (data.status === "complete") {
-          setAuth({
-            token: data.data.token,
-            expiresAt: data.data.expiresAt,
-            userId: data.data.userId,
-            email: data.data.email
-          });
-          spinner.succeed(pc.green("Successfully logged in!"));
-          console.log();
-          console.log(`  ${pc.dim("Email:")} ${data.data.email}`);
-          console.log();
-          console.log(pc.dim("You can now use btcemail commands."));
-          console.log(pc.dim("Run `btcemail --help` to see available commands."));
-          return;
-        }
-      }
-      await sleep(POLL_INTERVAL_MS);
-    } catch (error) {
-      await sleep(POLL_INTERVAL_MS);
-    }
-  }
-  spinner.fail("Authentication timed out. Please try again.");
-  process.exit(1);
-}
-function sleep(ms) {
-  return new Promise((resolve) => setTimeout(resolve, ms));
-}
-
-// src/commands/logout.ts
-import pc2 from "picocolors";
-async function logoutCommand() {
-  if (!isAuthenticated()) {
-    console.log(pc2.yellow("You are not logged in."));
-    return;
-  }
-  clearAuth();
-  console.log(pc2.green("Successfully logged out."));
-}
-
-// src/commands/whoami.ts
-import pc3 from "picocolors";
-import ora2 from "ora";
-
 // src/api.ts
 async function apiRequest(endpoint, options = {}) {
   const token = getToken();
@@ -259,9 +158,7 @@ async function getCreditsBalance() {
   return apiRequest("/credits/balance");
 }
 async function getWhoami() {
-  return apiRequest(
-    "/auth/whoami"
-  );
+  return apiRequest("/auth/whoami");
 }
 async function getPendingEmails(options = {}) {
   const params = new URLSearchParams();
@@ -278,6 +175,15 @@ async function payForEmail(id, paymentHash) {
     body: JSON.stringify({ paymentHash })
   });
 }
+async function acceptPendingEmail(id, whitelist2 = true) {
+  return apiRequest(
+    `/inbound/${id}/accept`,
+    {
+      method: "POST",
+      body: JSON.stringify({ whitelist: whitelist2 })
+    }
+  );
+}
 async function sendEmail(options) {
   return apiRequest("/email/send", {
     method: "POST",
@@ -387,6 +293,64 @@ async function checkPaymentStatus(paymentHash) {
     };
   }
 }
+async function getSettings(username) {
+  const params = username ? `?username=${username}` : "";
+  return apiRequest(`/settings${params}`);
+}
+async function updateSettings(settings2, username) {
+  const params = username ? `?username=${username}` : "";
+  return apiRequest(
+    `/settings${params}`,
+    {
+      method: "POST",
+      body: JSON.stringify(settings2)
+    }
+  );
+}
+async function getWhitelist(username) {
+  const params = username ? `?username=${username}` : "";
+  return apiRequest(`/whitelist${params}`);
+}
+async function addToWhitelist(entry, username) {
+  const params = username ? `?username=${username}` : "";
+  return apiRequest(`/whitelist${params}`, {
+    method: "POST",
+    body: JSON.stringify(entry)
+  });
+}
+async function removeFromWhitelist(id) {
+  return apiRequest(`/whitelist/${id}`, {
+    method: "DELETE"
+  });
+}
+async function getBlocklist(username) {
+  const params = username ? `?username=${username}` : "";
+  return apiRequest(`/blocklist${params}`);
+}
+async function addToBlocklist(entry, username) {
+  const params = username ? `?username=${username}` : "";
+  return apiRequest(`/blocklist${params}`, {
+    method: "POST",
+    body: JSON.stringify(entry)
+  });
+}
+async function removeFromBlocklist(id) {
+  return apiRequest(`/blocklist/${id}`, {
+    method: "DELETE"
+  });
+}
+async function getNetwork() {
+  return apiRequest("/network");
+}
+async function setNetwork(network2) {
+  return apiRequest("/network", {
+    method: "POST",
+    body: JSON.stringify({ network: network2 })
+  });
+}
+async function getStats() {
+  return apiRequest("/stats");
+}
 function getCreditPurchaseOptions() {
   return [
     {
@@ -420,194 +384,868 @@ function getCreditPurchaseOptions() {
   ];
 }
 
-// src/commands/whoami.ts
-async function whoamiCommand() {
-  if (!isAuthenticated()) {
-    console.log(pc3.yellow("Not logged in."));
-    console.log(pc3.dim("Run `btcemail login` to authenticate."));
+// src/commands/blocklist.ts
+async function blocklistListCommand(options = {}) {
+  const token = getToken();
+  if (!token) {
+    console.error(pc.red("Not logged in. Run 'btcemail login' first."));
     process.exit(1);
   }
-  const auth = getAuth();
-  if (!auth) {
-    console.log(pc3.yellow("Not logged in."));
+  const result = await getBlocklist(options.username);
+  if (!result.ok) {
+    console.error(pc.red(`Error: ${result.error.message}`));
     process.exit(1);
   }
-  const spinner = ora2("Fetching account info...").start();
-  const result = await getWhoami();
-  spinner.stop();
-  if (result.ok) {
-    console.log();
-    console.log(pc3.bold("Current User"));
-    console.log();
-    console.log(`  ${pc3.dim("Email:")}    ${result.data.email}`);
-    if (result.data.username) {
-      console.log(`  ${pc3.dim("Username:")} ${result.data.username}@btc.email`);
-    }
-    console.log(`  ${pc3.dim("User ID:")}  ${result.data.id}`);
-    const expiryInfo = getTokenExpiryInfo();
-    if (expiryInfo.expiresIn) {
-      const expiryColor = isTokenExpiringSoon() ? pc3.yellow : pc3.dim;
-      console.log(`  ${pc3.dim("Session:")}  ${expiryColor(`expires in ${expiryInfo.expiresIn}`)}`);
-    }
-    console.log();
-    if (isTokenExpiringSoon()) {
-      console.log(pc3.yellow("Session expiring soon. Run `btcemail login` to refresh."));
-      console.log();
-    }
-  } else {
-    console.log();
-    console.log(pc3.bold("Current User") + pc3.dim(" (cached)"));
+  const { username, entries } = result.data;
+  if (options.json) {
+    console.log(JSON.stringify({ username, entries }, null, 2));
+    return;
+  }
+  console.log();
+  console.log(pc.bold("Blocklist for ") + pc.cyan(`${username}@btc.email`));
+  console.log();
+  if (entries.length === 0) {
+    console.log(pc.dim("  No entries in blocklist."));
     console.log();
-    console.log(`  ${pc3.dim("Email:")}   ${auth.email}`);
-    console.log(`  ${pc3.dim("User ID:")} ${auth.userId}`);
+    console.log(pc.dim("  Add entries with: btcemail blocklist add <email>"));
+    console.log(pc.dim("  Or for domains:   btcemail blocklist add @domain.com"));
     console.log();
-    if (result.error.code === "UNAUTHENTICATED" || result.error.code === "UNAUTHORIZED") {
-      console.log(pc3.yellow("Session expired. Run `btcemail login` to re-authenticate."));
-    }
+    return;
   }
+  console.log(pc.dim(`  ${entries.length} ${entries.length === 1 ? "entry" : "entries"}:`));
+  console.log();
+  for (const entry of entries) {
+    const value = entry.sender_email || `@${entry.sender_domain}`;
+    const reason = entry.reason ? pc.dim(` - ${entry.reason}`) : "";
+    console.log(`  ${pc.red(value)}${reason}`);
+    console.log(pc.dim(`    ID: ${entry.id}`));
+  }
+  console.log();
 }
-
-// src/commands/list.ts
-import pc4 from "picocolors";
-import ora3 from "ora";
-
-// src/utils/cache.ts
-var CACHE_KEY = "emailCache";
-var CACHE_TTL_MS = 30 * 60 * 1e3;
-function cacheEmailList(folder, emails) {
-  config.set(CACHE_KEY, {
-    folder,
-    emails,
-    timestamp: Date.now()
-  });
+async function blocklistAddCommand(entry, options = {}) {
+  const token = getToken();
+  if (!token) {
+    console.error(pc.red("Not logged in. Run 'btcemail login' first."));
+    process.exit(1);
+  }
+  const isDomain = entry.startsWith("@");
+  const payload = isDomain ? { domain: entry.slice(1), reason: options.reason } : { email: entry, reason: options.reason };
+  const result = await addToBlocklist(payload, options.username);
+  if (!result.ok) {
+    console.error(pc.red(`Error: ${result.error.message}`));
+    process.exit(1);
+  }
+  if (options.json) {
+    console.log(JSON.stringify({ success: true, entry: result.data.entry }, null, 2));
+    return;
+  }
+  console.log(pc.green(`Added to blocklist: ${pc.red(entry)}`));
 }
-function getCachedEmailList(folder) {
-  const cache = config.get(CACHE_KEY);
-  if (!cache) return null;
-  if (Date.now() - cache.timestamp > CACHE_TTL_MS) {
-    config.delete(CACHE_KEY);
-    return null;
+async function blocklistRemoveCommand(id, options = {}) {
+  const token = getToken();
+  if (!token) {
+    console.error(pc.red("Not logged in. Run 'btcemail login' first."));
+    process.exit(1);
   }
-  if (folder && cache.folder !== folder) {
-    return null;
+  const result = await removeFromBlocklist(id);
+  if (!result.ok) {
+    console.error(pc.red(`Error: ${result.error.message}`));
+    process.exit(1);
   }
-  return cache;
+  if (options.json) {
+    console.log(JSON.stringify({ success: true }, null, 2));
+    return;
+  }
+  console.log(pc.green("Removed from blocklist"));
 }
-function getEmailIdByIndex(index) {
-  const cache = getCachedEmailList();
-  if (!cache) return null;
-  const idx = index - 1;
-  if (idx < 0 || idx >= cache.emails.length) {
-    return null;
+
+// src/commands/credits.ts
+import ora from "ora";
+import pc3 from "picocolors";
+import qrcode from "qrcode-terminal";
+
+// src/utils/payment-polling.ts
+import pc2 from "picocolors";
+var SPINNER_FRAMES = ["\u280B", "\u2819", "\u2839", "\u2838", "\u283C", "\u2834", "\u2826", "\u2827", "\u2807", "\u280F"];
+async function pollForPayment(options) {
+  const { paymentHash, checkFn, maxAttempts = 120, intervalMs = 2500, onPaid } = options;
+  let frame = 0;
+  let attempts = 0;
+  process.stdout.write(`${pc2.cyan(SPINNER_FRAMES[0])} Waiting for payment...`);
+  while (attempts < maxAttempts) {
+    try {
+      const status = await checkFn(paymentHash);
+      if (status.paid) {
+        process.stdout.write(`\r${" ".repeat(50)}\r`);
+        console.log(`${pc2.green("\u2713")} Payment received!`);
+        if (onPaid) onPaid();
+        return status;
+      }
+    } catch {
+    }
+    frame = (frame + 1) % SPINNER_FRAMES.length;
+    const timeLeft = Math.ceil((maxAttempts - attempts) * intervalMs / 1e3 / 60);
+    process.stdout.write(
+      `\r${pc2.cyan(SPINNER_FRAMES[frame])} Waiting for payment... (${timeLeft}m remaining)`
+    );
+    await sleep(intervalMs);
+    attempts++;
   }
-  return cache.emails[idx].id;
+  process.stdout.write(`\r${" ".repeat(60)}\r`);
+  console.log(`${pc2.yellow("\u26A0")} Timed out waiting for payment.`);
+  return { paid: false };
 }
-function isNumericId(id) {
-  return /^\d+$/.test(id);
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
 }
 
-// src/commands/list.ts
-async function listCommand(options) {
+// src/commands/credits.ts
+async function creditsBalanceCommand() {
   if (!isAuthenticated()) {
-    console.log(pc4.yellow("Not logged in."));
-    console.log(pc4.dim("Run `btcemail login` to authenticate."));
+    console.log(pc3.yellow("Not logged in."));
+    console.log(pc3.dim("Run `btcemail login` to authenticate."));
     process.exit(1);
   }
-  const folder = options.folder || "inbox";
-  const limit = options.limit || 20;
-  const page = options.page || 1;
-  const offset = (page - 1) * limit;
-  const spinner = ora3("Loading emails...").start();
-  const result = await getEmails({
-    folder,
-    limit,
-    offset
-  });
+  const spinner = ora("Fetching balance...").start();
+  const result = await getCreditsBalance();
   if (!result.ok) {
     spinner.fail(`Error: ${result.error.message}`);
     process.exit(1);
   }
-  const { data: emails, pagination } = result.data;
   spinner.stop();
-  const cachedEmails = emails.map((e) => ({
-    id: e.id,
-    subject: e.subject,
-    from: e.from.name || e.from.email
-  }));
-  cacheEmailList(folder, cachedEmails);
-  if (options.json) {
-    console.log(JSON.stringify({ emails, pagination }, null, 2));
-    return;
-  }
+  const { balanceSats, lifetimePurchasedSats, lifetimeSpentSats } = result.data;
   console.log();
-  console.log(pc4.bold(`${capitalize(folder)} (${pagination.total} emails)`));
+  console.log(pc3.bold("Credit Balance"));
+  console.log();
+  console.log(`  ${pc3.green(formatSats(balanceSats))} sats`);
+  console.log();
+  if (lifetimePurchasedSats > 0 || lifetimeSpentSats > 0) {
+    console.log(pc3.dim(`  Purchased: ${formatSats(lifetimePurchasedSats)} sats`));
+    console.log(pc3.dim(`  Spent: ${formatSats(lifetimeSpentSats)} sats`));
+    console.log();
+  }
+  if (balanceSats === 0) {
+    console.log(pc3.dim("  No credits available."));
+    console.log(pc3.dim("  Run `btcemail credits purchase` to buy credits."));
+    console.log();
+  }
+}
+async function creditsHistoryCommand(options) {
+  if (!isAuthenticated()) {
+    console.log(pc3.yellow("Not logged in."));
+    console.log(pc3.dim("Run `btcemail login` to authenticate."));
+    process.exit(1);
+  }
+  const spinner = ora("Loading transaction history...").start();
+  const result = await getCreditTransactions({
+    limit: options.limit || 20,
+    type: options.type
+  });
+  if (!result.ok) {
+    spinner.fail(`Error: ${result.error.message}`);
+    process.exit(1);
+  }
+  const { data: transactions, pagination } = result.data;
+  spinner.stop();
+  if (options.json) {
+    console.log(JSON.stringify({ transactions, pagination }, null, 2));
+    return;
+  }
+  console.log();
+  console.log(pc3.bold("Transaction History"));
+  console.log();
+  if (transactions.length === 0) {
+    console.log(pc3.dim("  No transactions found."));
+    console.log();
+    return;
+  }
+  console.log(
+    `  ${pc3.dim("Date".padEnd(12))} ${pc3.dim("Type".padEnd(15))} ${pc3.dim("Amount".padEnd(12))} ${pc3.dim("Balance")}`
+  );
+  console.log(pc3.dim(`  ${"-".repeat(55)}`));
+  for (const tx of transactions) {
+    const date = formatDate(tx.createdAt);
+    const type = formatTransactionType(tx.transactionType).padEnd(15);
+    const amount = formatAmount(tx.amountSats).padEnd(12);
+    const balance = formatSats(tx.balanceAfter);
+    console.log(`  ${date.padEnd(12)} ${type} ${amount} ${pc3.dim(balance)}`);
+  }
+  console.log();
+  if (pagination.hasMore) {
+    console.log(pc3.dim(`  Use --limit to see more transactions.`));
+    console.log();
+  }
+}
+async function creditsPurchaseCommand(options) {
+  if (!isAuthenticated()) {
+    console.log(pc3.yellow("Not logged in."));
+    console.log(pc3.dim("Run `btcemail login` to authenticate."));
+    process.exit(1);
+  }
+  const purchaseOptions = getCreditPurchaseOptions();
+  if (options.option === void 0) {
+    console.log();
+    console.log(pc3.bold("Purchase Options"));
+    console.log();
+    purchaseOptions.forEach((opt, index) => {
+      console.log(`  ${pc3.cyan(`[${index}]`)} ${opt.label}`);
+      console.log(`      ${pc3.dim(opt.description)}`);
+      console.log(`      ${pc3.dim(`Price: ${formatSats(opt.priceSats)} sats`)}`);
+      if (opt.bonusSats > 0) {
+        console.log(`      ${pc3.green(`+${formatSats(opt.bonusSats)} bonus sats`)}`);
+      }
+      console.log();
+    });
+    console.log(pc3.dim("  Usage: btcemail credits purchase --option <index>"));
+    console.log(pc3.dim("  Add --wait to wait for payment confirmation."));
+    console.log();
+    return;
+  }
+  if (options.option < 0 || options.option >= purchaseOptions.length) {
+    console.error(pc3.red(`Error: Invalid option. Choose 0-${purchaseOptions.length - 1}.`));
+    process.exit(1);
+  }
+  const _selectedOption = purchaseOptions[options.option];
+  const spinner = ora("Creating invoice...").start();
+  const result = await purchaseCredits(options.option);
+  if (!result.ok) {
+    spinner.fail(`Error: ${result.error.message}`);
+    process.exit(1);
+  }
+  spinner.stop();
+  const purchase = result.data;
+  if (options.json) {
+    console.log(JSON.stringify(purchase, null, 2));
+    return;
+  }
+  console.log();
+  console.log(pc3.bold("Lightning Invoice"));
+  console.log();
+  console.log(`  ${pc3.dim("Amount:")} ${formatSats(purchase.amountSats)} sats`);
+  console.log(`  ${pc3.dim("Credits:")} ${formatSats(purchase.creditsToReceive)} sats`);
+  if (purchase.bonusSats > 0) {
+    console.log(`  ${pc3.dim("Bonus:")} ${pc3.green(`+${formatSats(purchase.bonusSats)} sats`)}`);
+  }
+  console.log();
+  console.log(pc3.bold("Scan to pay:"));
+  console.log();
+  qrcode.generate(purchase.invoice, { small: true }, (qr) => {
+    const indentedQr = qr.split("\n").map((line) => `  ${line}`).join("\n");
+    console.log(indentedQr);
+  });
+  console.log();
+  console.log(pc3.bold("Invoice:"));
+  console.log();
+  console.log(`  ${purchase.invoice}`);
+  console.log();
+  console.log(pc3.dim(`  Payment hash: ${purchase.paymentHash}`));
+  console.log(pc3.dim(`  Expires: ${new Date(purchase.expiresAt).toLocaleString()}`));
+  console.log();
+  if (options.wait) {
+    console.log();
+    const status = await pollForPayment({
+      paymentHash: purchase.paymentHash,
+      checkFn: async (hash) => {
+        const result2 = await checkPaymentStatus(hash);
+        if (result2.ok) {
+          return { paid: result2.data.paid };
+        }
+        return { paid: false };
+      },
+      onPaid: async () => {
+        const balanceResult = await getCreditsBalance();
+        if (balanceResult.ok) {
+          console.log();
+          console.log(
+            `${pc3.dim("New balance:")} ${pc3.green(formatSats(balanceResult.data.balanceSats))} sats`
+          );
+        }
+      }
+    });
+    if (!status.paid) {
+      console.log(pc3.dim("  You can still pay the invoice and credits will be added."));
+    }
+    console.log();
+  } else {
+    console.log(pc3.dim("  Scan the QR code or copy the invoice above to pay."));
+    console.log(pc3.dim("  Use --wait to wait for payment confirmation."));
+    console.log();
+  }
+}
+function formatSats(sats) {
+  return sats.toLocaleString();
+}
+function formatAmount(sats) {
+  if (sats >= 0) {
+    return pc3.green(`+${formatSats(sats)}`);
+  }
+  return pc3.red(formatSats(sats));
+}
+function formatTransactionType(type) {
+  const types = {
+    topup: "Top-up",
+    email_sent: "Email Sent",
+    email_received: "Email Received",
+    refund: "Refund",
+    bonus: "Bonus"
+  };
+  return types[type] || type;
+}
+function formatDate(dateString) {
+  const date = new Date(dateString);
+  return date.toLocaleDateString("en-US", {
+    month: "short",
+    day: "numeric"
+  });
+}
+
+// src/commands/inbound.ts
+import ora2 from "ora";
+import pc4 from "picocolors";
+async function inboundDeliveredCommand(options) {
+  if (!isAuthenticated()) {
+    console.log(pc4.yellow("Not logged in."));
+    console.log(pc4.dim("Run `btcemail login` to authenticate."));
+    process.exit(1);
+  }
+  const spinner = ora2("Loading delivered emails...").start();
+  const result = await getDeliveredEmails({
+    limit: options.limit || 20
+  });
+  if (!result.ok) {
+    spinner.fail(`Error: ${result.error.message}`);
+    process.exit(1);
+  }
+  const { data: emails, pagination } = result.data;
+  spinner.stop();
+  if (options.json) {
+    console.log(JSON.stringify({ emails, pagination }, null, 2));
+    return;
+  }
+  console.log();
+  console.log(pc4.bold(`Delivered (${pagination.total} paid emails received)`));
+  console.log();
+  if (emails.length === 0) {
+    console.log(pc4.dim("  No delivered emails yet."));
+    console.log();
+    return;
+  }
+  console.log(
+    `  ${pc4.dim("#".padEnd(4))} ${pc4.dim("From".padEnd(28))} ${pc4.dim("Subject".padEnd(40))} ${pc4.dim("Date")}`
+  );
+  console.log(pc4.dim(`  ${"-".repeat(85)}`));
+  emails.forEach((email, index) => {
+    const num = pc4.cyan(String(index + 1).padEnd(4));
+    const from = truncate(email.from.name || email.from.email, 26).padEnd(28);
+    const subject = truncate(email.subject, 38).padEnd(40);
+    const date = formatDate2(email.date);
+    console.log(`  ${num}${from} ${subject} ${pc4.dim(date)}`);
+  });
+  console.log();
+  if (pagination.hasMore) {
+    console.log(
+      pc4.dim(`  Showing ${emails.length} of ${pagination.total}. Use --limit to see more.`)
+    );
+    console.log();
+  }
+  console.log(pc4.dim("  Read email: btcemail read <id>"));
+  console.log();
+}
+async function inboundPendingCommand(options) {
+  if (!isAuthenticated()) {
+    console.log(pc4.yellow("Not logged in."));
+    console.log(pc4.dim("Run `btcemail login` to authenticate."));
+    process.exit(1);
+  }
+  const spinner = ora2("Loading pending emails...").start();
+  const result = await getPendingEmails({
+    limit: options.limit || 20
+  });
+  if (!result.ok) {
+    spinner.fail(`Error: ${result.error.message}`);
+    process.exit(1);
+  }
+  const { data: emails, pagination } = result.data;
+  spinner.stop();
+  if (options.json) {
+    console.log(JSON.stringify({ emails, pagination }, null, 2));
+    return;
+  }
+  console.log();
+  console.log(pc4.bold(`Pending (${pagination.total} awaiting payment)`));
+  console.log();
+  if (emails.length === 0) {
+    console.log(pc4.dim("  No pending emails."));
+    console.log();
+    return;
+  }
+  console.log(
+    `  ${pc4.dim("#".padEnd(4))} ${pc4.dim("From".padEnd(28))} ${pc4.dim("Subject".padEnd(35))} ${pc4.dim("Sats")}`
+  );
+  console.log(pc4.dim(`  ${"-".repeat(80)}`));
+  emails.forEach((email, index) => {
+    const num = pc4.cyan(String(index + 1).padEnd(4));
+    const from = truncate(email.from.name || email.from.email, 26).padEnd(28);
+    const subject = truncate(email.subject, 33).padEnd(35);
+    const sats = pc4.yellow(String(email.amountSats));
+    console.log(`  ${num}${from} ${subject} ${sats}`);
+  });
+  console.log();
+  if (pagination.hasMore) {
+    console.log(
+      pc4.dim(`  Showing ${emails.length} of ${pagination.total}. Use --limit to see more.`)
+    );
+    console.log();
+  }
+  console.log(pc4.dim("  View details: btcemail inbound view <id>"));
+  console.log();
+}
+async function inboundViewCommand(id, options) {
+  if (!isAuthenticated()) {
+    console.log(pc4.yellow("Not logged in."));
+    console.log(pc4.dim("Run `btcemail login` to authenticate."));
+    process.exit(1);
+  }
+  const spinner = ora2("Loading email details...").start();
+  const result = await getPendingEmail(id);
+  if (!result.ok) {
+    if (result.error.code === "NOT_FOUND") {
+      spinner.fail(`Pending email not found: ${id}`);
+    } else {
+      spinner.fail(`Error: ${result.error.message}`);
+    }
+    process.exit(1);
+  }
+  spinner.stop();
+  const email = result.data;
+  if (options.json) {
+    console.log(JSON.stringify(email, null, 2));
+    return;
+  }
+  console.log();
+  console.log(pc4.bold(email.subject || "(No subject)"));
+  console.log();
+  console.log(`${pc4.dim("From:")}    ${formatAddress(email.from)}`);
+  console.log(`${pc4.dim("Date:")}    ${formatFullDate(email.createdAt)}`);
+  console.log(`${pc4.dim("ID:")}      ${email.id}`);
+  console.log();
+  console.log(pc4.yellow(`Payment Required: ${email.amountSats} sats`));
+  console.log();
+  if (email.paymentHash) {
+    console.log(pc4.dim("To receive this email, pay the invoice and run:"));
+    console.log(pc4.cyan(`  btcemail inbound pay ${email.id} --payment-hash <preimage>`));
+  } else {
+    console.log(pc4.dim("Payment information not available."));
+  }
+  console.log();
+  console.log(pc4.dim("-".repeat(60)));
+  console.log();
+  console.log(pc4.dim("Preview (full content available after payment):"));
+  console.log();
+  console.log(truncate(email.bodyText || email.body, 200));
+  console.log();
+}
+async function inboundPayCommand(id, options) {
+  if (!isAuthenticated()) {
+    console.log(pc4.yellow("Not logged in."));
+    console.log(pc4.dim("Run `btcemail login` to authenticate."));
+    process.exit(1);
+  }
+  if (!options.paymentHash) {
+    console.error(pc4.red("Payment hash is required. Use --payment-hash <preimage>"));
+    process.exit(1);
+  }
+  const spinner = ora2("Verifying payment...").start();
+  const result = await payForEmail(id, options.paymentHash);
+  if (!result.ok) {
+    if (result.error.code === "PAYMENT_INVALID") {
+      spinner.fail("Payment verification failed.");
+      console.log(pc4.dim("Make sure you paid the correct invoice and provided the preimage."));
+    } else if (result.error.code === "NOT_FOUND") {
+      spinner.fail(`Pending email not found or already delivered: ${id}`);
+    } else {
+      spinner.fail(`Error: ${result.error.message}`);
+    }
+    process.exit(1);
+  }
+  spinner.succeed("Payment verified! Email delivered.");
+  console.log();
+  console.log(`${pc4.dim("Email ID:")} ${result.data.emailId}`);
+  console.log(`${pc4.dim("Status:")}   ${result.data.status}`);
+  console.log();
+  console.log(pc4.dim(`Read email: btcemail read ${result.data.emailId}`));
+  console.log();
+}
+async function inboundAcceptCommand(id, options) {
+  if (!isAuthenticated()) {
+    console.log(pc4.yellow("Not logged in."));
+    console.log(pc4.dim("Run `btcemail login` to authenticate."));
+    process.exit(1);
+  }
+  const spinner = ora2("Accepting email...").start();
+  const shouldWhitelist = !options.noWhitelist;
+  const result = await acceptPendingEmail(id, shouldWhitelist);
+  if (!result.ok) {
+    if (result.error.code === "NOT_FOUND") {
+      spinner.fail(`Pending email not found: ${id}`);
+    } else {
+      spinner.fail(`Error: ${result.error.message}`);
+    }
+    process.exit(1);
+  }
+  spinner.succeed("Email accepted and delivered!");
+  console.log();
+  console.log(`${pc4.dim("Email ID:")} ${result.data.emailId}`);
+  console.log(`${pc4.dim("Status:")}   ${result.data.status}`);
+  if (result.data.whitelisted) {
+    console.log(`${pc4.dim("Sender:")}   ${pc4.green(result.data.senderEmail)} ${pc4.dim("(whitelisted)")}`);
+  }
+  console.log();
+  console.log(pc4.dim(`Read email: btcemail read ${result.data.emailId}`));
+  console.log();
+}
+function truncate(str, maxLength) {
+  if (str.length <= maxLength) return str;
+  return `${str.slice(0, maxLength - 1)}\u2026`;
+}
+function formatAddress(addr) {
+  if (addr.name) {
+    return `${addr.name} <${addr.email}>`;
+  }
+  return addr.email;
+}
+function formatFullDate(dateString) {
+  const date = new Date(dateString);
+  return date.toLocaleString("en-US", {
+    weekday: "short",
+    year: "numeric",
+    month: "short",
+    day: "numeric",
+    hour: "numeric",
+    minute: "2-digit"
+  });
+}
+function formatDate2(dateString) {
+  const date = new Date(dateString);
+  const now = /* @__PURE__ */ new Date();
+  const diffMs = now.getTime() - date.getTime();
+  const diffDays = Math.floor(diffMs / (1e3 * 60 * 60 * 24));
+  if (diffDays === 0) {
+    return date.toLocaleTimeString("en-US", {
+      hour: "numeric",
+      minute: "2-digit"
+    });
+  }
+  if (diffDays < 7) {
+    return date.toLocaleDateString("en-US", { weekday: "short" });
+  }
+  return date.toLocaleDateString("en-US", {
+    month: "short",
+    day: "numeric"
+  });
+}
+
+// src/commands/list.ts
+import ora3 from "ora";
+import pc5 from "picocolors";
+
+// src/utils/cache.ts
+var CACHE_KEY = "emailCache";
+var CACHE_TTL_MS = 30 * 60 * 1e3;
+function cacheEmailList(folder, emails) {
+  config.set(CACHE_KEY, {
+    folder,
+    emails,
+    timestamp: Date.now()
+  });
+}
+function getCachedEmailList(folder) {
+  const cache = config.get(CACHE_KEY);
+  if (!cache) return null;
+  if (Date.now() - cache.timestamp > CACHE_TTL_MS) {
+    config.delete(CACHE_KEY);
+    return null;
+  }
+  if (folder && cache.folder !== folder) {
+    return null;
+  }
+  return cache;
+}
+function getEmailIdByIndex(index) {
+  const cache = getCachedEmailList();
+  if (!cache) return null;
+  const idx = index - 1;
+  if (idx < 0 || idx >= cache.emails.length) {
+    return null;
+  }
+  return cache.emails[idx].id;
+}
+function isNumericId(id) {
+  return /^\d+$/.test(id);
+}
+
+// src/commands/list.ts
+async function listCommand(options) {
+  if (!isAuthenticated()) {
+    console.log(pc5.yellow("Not logged in."));
+    console.log(pc5.dim("Run `btcemail login` to authenticate."));
+    process.exit(1);
+  }
+  const folder = options.folder || "inbox";
+  const limit = options.limit || 20;
+  const page = options.page || 1;
+  const offset = (page - 1) * limit;
+  const spinner = ora3("Loading emails...").start();
+  const result = await getEmails({
+    folder,
+    limit,
+    offset
+  });
+  if (!result.ok) {
+    spinner.fail(`Error: ${result.error.message}`);
+    process.exit(1);
+  }
+  const { data: emails, pagination } = result.data;
+  spinner.stop();
+  const cachedEmails = emails.map((e) => ({
+    id: e.id,
+    subject: e.subject,
+    from: e.from.name || e.from.email
+  }));
+  cacheEmailList(folder, cachedEmails);
+  if (options.json) {
+    console.log(JSON.stringify({ emails, pagination }, null, 2));
+    return;
+  }
+  console.log();
+  console.log(pc5.bold(`${capitalize(folder)} (${pagination.total} emails)`));
   console.log();
   if (emails.length === 0) {
-    console.log(pc4.dim("  No emails found."));
+    console.log(pc5.dim("  No emails found."));
     console.log();
     return;
   }
   console.log(
-    `  ${pc4.dim("#".padEnd(4))} ${pc4.dim("From".padEnd(25))} ${pc4.dim("Subject".padEnd(45))} ${pc4.dim("Date")}`
+    `  ${pc5.dim("#".padEnd(4))} ${pc5.dim("From".padEnd(25))} ${pc5.dim("Subject".padEnd(45))} ${pc5.dim("Date")}`
   );
-  console.log(pc4.dim("  " + "-".repeat(85)));
+  console.log(pc5.dim(`  ${"-".repeat(85)}`));
   emails.forEach((email, index) => {
-    const num = pc4.cyan(String(index + 1).padEnd(4));
-    const unreadMarker = email.unread ? pc4.cyan("\u25CF") : " ";
-    const from = truncate(email.from.name || email.from.email, 23).padEnd(25);
-    const subject = truncate(email.subject, 43).padEnd(45);
-    const date = formatDate(email.date);
-    console.log(`${unreadMarker} ${num}${from} ${subject} ${pc4.dim(date)}`);
+    const num = pc5.cyan(String(index + 1).padEnd(4));
+    const unreadMarker = email.unread ? pc5.cyan("\u25CF") : " ";
+    const from = truncate2(email.from.name || email.from.email, 23).padEnd(25);
+    const subject = truncate2(email.subject, 43).padEnd(45);
+    const date = formatDate3(email.date);
+    console.log(`${unreadMarker} ${num}${from} ${subject} ${pc5.dim(date)}`);
   });
   console.log();
   const totalPages = Math.ceil(pagination.total / limit);
   const currentPage = page;
   if (totalPages > 1) {
     console.log(
-      pc4.dim(`  Page ${currentPage} of ${totalPages} (${emails.length} of ${pagination.total})`)
+      pc5.dim(`  Page ${currentPage} of ${totalPages} (${emails.length} of ${pagination.total})`)
     );
     if (currentPage < totalPages) {
-      console.log(pc4.dim(`  Next page: btcemail list --page ${currentPage + 1}`));
+      console.log(pc5.dim(`  Next page: btcemail list --page ${currentPage + 1}`));
+    }
+    console.log();
+  }
+  console.log(pc5.dim("  Read email: btcemail read <#> or btcemail read <id>"));
+  console.log();
+}
+function capitalize(str) {
+  return str.charAt(0).toUpperCase() + str.slice(1);
+}
+function truncate2(str, maxLength) {
+  if (str.length <= maxLength) return str;
+  return `${str.slice(0, maxLength - 1)}\u2026`;
+}
+function formatDate3(dateString) {
+  const date = new Date(dateString);
+  const now = /* @__PURE__ */ new Date();
+  const diffMs = now.getTime() - date.getTime();
+  const diffDays = Math.floor(diffMs / (1e3 * 60 * 60 * 24));
+  if (diffDays === 0) {
+    return date.toLocaleTimeString("en-US", {
+      hour: "numeric",
+      minute: "2-digit"
+    });
+  }
+  if (diffDays < 7) {
+    return date.toLocaleDateString("en-US", { weekday: "short" });
+  }
+  return date.toLocaleDateString("en-US", {
+    month: "short",
+    day: "numeric"
+  });
+}
+
+// src/commands/login.ts
+import { randomUUID } from "crypto";
+import open from "open";
+import ora4 from "ora";
+import pc6 from "picocolors";
+var POLL_INTERVAL_MS = 2e3;
+var POLL_TIMEOUT_MS = 3e5;
+async function loginCommand() {
+  const sessionId = randomUUID();
+  const baseUrl = getApiBaseUrl().replace("/api/v1", "");
+  const authUrl = `${baseUrl}/auth/cli?session_id=${sessionId}`;
+  const pollUrl = `${baseUrl}/api/auth/cli-session?session_id=${sessionId}`;
+  console.log();
+  console.log(pc6.bold("btc.email CLI Login"));
+  console.log();
+  try {
+    const createResponse = await fetch(`${baseUrl}/api/auth/cli-session`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ session_id: sessionId })
+    });
+    if (!createResponse.ok) {
+      console.error(pc6.red("Failed to initialize login session"));
+      process.exit(1);
+    }
+  } catch (error) {
+    console.error(pc6.red("Failed to connect to btc.email server"));
+    console.error(pc6.dim(error instanceof Error ? error.message : "Unknown error"));
+    process.exit(1);
+  }
+  console.log(pc6.dim("Opening browser for authentication..."));
+  console.log();
+  console.log(pc6.dim("If the browser doesn't open, visit:"));
+  console.log(pc6.cyan(authUrl));
+  console.log();
+  try {
+    await open(authUrl);
+  } catch {
+  }
+  const spinner = ora4("Waiting for authentication...").start();
+  const startTime = Date.now();
+  while (Date.now() - startTime < POLL_TIMEOUT_MS) {
+    try {
+      const response = await fetch(pollUrl);
+      if (response.status === 202) {
+        await sleep2(POLL_INTERVAL_MS);
+        continue;
+      }
+      if (response.status === 410) {
+        spinner.fail("Session expired. Please try again.");
+        process.exit(1);
+      }
+      if (response.ok) {
+        const data = await response.json();
+        if (data.status === "complete") {
+          setAuth({
+            token: data.data.token,
+            expiresAt: data.data.expiresAt,
+            userId: data.data.userId,
+            email: data.data.email
+          });
+          spinner.succeed(pc6.green("Successfully logged in!"));
+          console.log();
+          console.log(`  ${pc6.dim("Email:")} ${data.data.email}`);
+          console.log();
+          console.log(pc6.dim("You can now use btcemail commands."));
+          console.log(pc6.dim("Run `btcemail --help` to see available commands."));
+          return;
+        }
+      }
+      await sleep2(POLL_INTERVAL_MS);
+    } catch (_error) {
+      await sleep2(POLL_INTERVAL_MS);
     }
+  }
+  spinner.fail("Authentication timed out. Please try again.");
+  process.exit(1);
+}
+function sleep2(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+
+// src/commands/logout.ts
+import pc7 from "picocolors";
+async function logoutCommand() {
+  if (!isAuthenticated()) {
+    console.log(pc7.yellow("You are not logged in."));
+    return;
+  }
+  clearAuth();
+  console.log(pc7.green("Successfully logged out."));
+}
+
+// src/commands/network.ts
+import pc8 from "picocolors";
+async function networkShowCommand(options = {}) {
+  const token = getToken();
+  if (!token) {
+    console.error(pc8.red("Not logged in. Run 'btcemail login' first."));
+    process.exit(1);
+  }
+  const result = await getNetwork();
+  if (!result.ok) {
+    console.error(pc8.red(`Error: ${result.error.message}`));
+    process.exit(1);
+  }
+  const { network_mode, networks } = result.data;
+  if (options.json) {
+    console.log(JSON.stringify({ network_mode, networks }, null, 2));
+    return;
+  }
+  console.log();
+  console.log(pc8.bold("Network Mode"));
+  console.log();
+  const isTestnet = network_mode === "testnet";
+  const currentLabel = isTestnet ? pc8.blue("testnet") + pc8.dim(" (fake Bitcoin)") : pc8.red("mainnet") + pc8.dim(" (real Bitcoin)");
+  console.log(`  Current: ${currentLabel}`);
+  console.log();
+  console.log(pc8.dim("  Available networks:"));
+  console.log(
+    `    testnet: ${networks.testnet.available ? pc8.green("available") : pc8.red("unavailable")}`
+  );
+  console.log(
+    `    mainnet: ${networks.mainnet.available ? pc8.green("available") : pc8.red("unavailable")}`
+  );
+  console.log();
+  if (!isTestnet) {
+    console.log(pc8.yellow("  Warning: You are on mainnet. Payments use real Bitcoin!"));
     console.log();
   }
-  console.log(pc4.dim("  Read email: btcemail read <#> or btcemail read <id>"));
-  console.log();
-}
-function capitalize(str) {
-  return str.charAt(0).toUpperCase() + str.slice(1);
 }
-function truncate(str, maxLength) {
-  if (str.length <= maxLength) return str;
-  return str.slice(0, maxLength - 1) + "\u2026";
-}
-function formatDate(dateString) {
-  const date = new Date(dateString);
-  const now = /* @__PURE__ */ new Date();
-  const diffMs = now.getTime() - date.getTime();
-  const diffDays = Math.floor(diffMs / (1e3 * 60 * 60 * 24));
-  if (diffDays === 0) {
-    return date.toLocaleTimeString("en-US", {
-      hour: "numeric",
-      minute: "2-digit"
-    });
+async function networkSwitchCommand(network2, options = {}) {
+  const token = getToken();
+  if (!token) {
+    console.error(pc8.red("Not logged in. Run 'btcemail login' first."));
+    process.exit(1);
   }
-  if (diffDays < 7) {
-    return date.toLocaleDateString("en-US", { weekday: "short" });
+  if (network2 !== "testnet" && network2 !== "mainnet") {
+    console.error(pc8.red("Invalid network. Use 'testnet' or 'mainnet'."));
+    process.exit(1);
   }
-  return date.toLocaleDateString("en-US", {
-    month: "short",
-    day: "numeric"
-  });
+  if (network2 === "mainnet") {
+    console.log();
+    console.log(pc8.yellow("Warning: You are switching to mainnet."));
+    console.log(pc8.yellow("All payments will use real Bitcoin!"));
+    console.log();
+  }
+  const result = await setNetwork(network2);
+  if (!result.ok) {
+    console.error(pc8.red(`Error: ${result.error.message}`));
+    process.exit(1);
+  }
+  if (options.json) {
+    console.log(JSON.stringify({ success: true, network_mode: result.data.network_mode }, null, 2));
+    return;
+  }
+  const label = network2 === "testnet" ? pc8.blue("testnet") : pc8.red("mainnet");
+  console.log(pc8.green(`Switched to ${label}`));
 }
 
 // src/commands/read.ts
-import pc5 from "picocolors";
-import ora4 from "ora";
+import ora5 from "ora";
+import pc9 from "picocolors";
 async function readCommand(idOrNumber, options) {
   if (!isAuthenticated()) {
-    console.log(pc5.yellow("Not logged in."));
-    console.log(pc5.dim("Run `btcemail login` to authenticate."));
+    console.log(pc9.yellow("Not logged in."));
+    console.log(pc9.dim("Run `btcemail login` to authenticate."));
     process.exit(1);
   }
   let emailId = idOrNumber;
@@ -619,16 +1257,18 @@ async function readCommand(idOrNumber, options) {
     } else {
       const cache = getCachedEmailList();
       if (cache) {
-        console.error(pc5.red(`Email #${index} not found in list.`));
-        console.log(pc5.dim(`List has ${cache.emails.length} emails. Run 'btcemail list' to refresh.`));
+        console.error(pc9.red(`Email #${index} not found in list.`));
+        console.log(
+          pc9.dim(`List has ${cache.emails.length} emails. Run 'btcemail list' to refresh.`)
+        );
       } else {
-        console.error(pc5.red(`No email list cached.`));
-        console.log(pc5.dim(`Run 'btcemail list' first, then use 'btcemail read <#>'.`));
+        console.error(pc9.red(`No email list cached.`));
+        console.log(pc9.dim(`Run 'btcemail list' first, then use 'btcemail read <#>'.`));
       }
       process.exit(1);
     }
   }
-  const spinner = ora4("Loading email...").start();
+  const spinner = ora5("Loading email...").start();
   const result = await getEmail(emailId);
   if (!result.ok) {
     if (result.error.code === "NOT_FOUND") {
@@ -645,37 +1285,37 @@ async function readCommand(idOrNumber, options) {
     return;
   }
   console.log();
-  console.log(pc5.bold(email.subject || "(No subject)"));
+  console.log(pc9.bold(email.subject || "(No subject)"));
   console.log();
-  console.log(`${pc5.dim("From:")}    ${formatAddress(email.from)}`);
-  console.log(`${pc5.dim("To:")}      ${email.to.map(formatAddress).join(", ")}`);
-  console.log(`${pc5.dim("Date:")}    ${formatFullDate(email.date)}`);
-  console.log(`${pc5.dim("ID:")}      ${email.id}`);
+  console.log(`${pc9.dim("From:")}    ${formatAddress2(email.from)}`);
+  console.log(`${pc9.dim("To:")}      ${email.to.map(formatAddress2).join(", ")}`);
+  console.log(`${pc9.dim("Date:")}    ${formatFullDate2(email.date)}`);
+  console.log(`${pc9.dim("ID:")}      ${email.id}`);
   if (email.labels.length > 0) {
-    console.log(`${pc5.dim("Labels:")}  ${email.labels.join(", ")}`);
+    console.log(`${pc9.dim("Labels:")}  ${email.labels.join(", ")}`);
   }
   console.log();
-  console.log(pc5.dim("-".repeat(60)));
+  console.log(pc9.dim("-".repeat(60)));
   console.log();
   const content = email.bodyText || email.body || email.snippet;
   if (content) {
     const displayContent = email.bodyText || stripHtml(email.body || email.snippet);
     console.log(displayContent);
   } else {
-    console.log(pc5.dim("(No content)"));
+    console.log(pc9.dim("(No content)"));
   }
   console.log();
 }
 function stripHtml(html) {
   return html.replace(/<br\s*\/?>/gi, "\n").replace(/<\/p>/gi, "\n\n").replace(/<\/div>/gi, "\n").replace(/<[^>]*>/g, "").replace(/&nbsp;/g, " ").replace(/&lt;/g, "<").replace(/&gt;/g, ">").replace(/&amp;/g, "&").replace(/&quot;/g, '"').trim();
 }
-function formatAddress(addr) {
+function formatAddress2(addr) {
   if (addr.name) {
     return `${addr.name} <${addr.email}>`;
   }
   return addr.email;
 }
-function formatFullDate(dateString) {
+function formatFullDate2(dateString) {
   const date = new Date(dateString);
   return date.toLocaleString("en-US", {
     weekday: "short",
@@ -688,19 +1328,19 @@ function formatFullDate(dateString) {
 }
 
 // src/commands/search.ts
-import pc6 from "picocolors";
-import ora5 from "ora";
+import ora6 from "ora";
+import pc10 from "picocolors";
 async function searchCommand(query, options) {
   if (!isAuthenticated()) {
-    console.log(pc6.yellow("Not logged in."));
-    console.log(pc6.dim("Run `btcemail login` to authenticate."));
+    console.log(pc10.yellow("Not logged in."));
+    console.log(pc10.dim("Run `btcemail login` to authenticate."));
     process.exit(1);
   }
   if (!query || query.trim().length === 0) {
-    console.error(pc6.red("Error: Search query is required"));
+    console.error(pc10.red("Error: Search query is required"));
     process.exit(1);
   }
-  const spinner = ora5(`Searching for "${query}"...`).start();
+  const spinner = ora6(`Searching for "${query}"...`).start();
   const result = await getEmails({
     search: query.trim(),
     limit: options.limit || 20
@@ -722,42 +1362,40 @@ async function searchCommand(query, options) {
     return;
   }
   console.log();
-  console.log(pc6.bold(`Search: "${query}" (${pagination.total} found)`));
+  console.log(pc10.bold(`Search: "${query}" (${pagination.total} found)`));
   console.log();
   if (emails.length === 0) {
-    console.log(pc6.dim("  No emails found matching your search."));
+    console.log(pc10.dim("  No emails found matching your search."));
     console.log();
     return;
   }
   console.log(
-    `  ${pc6.dim("#".padEnd(4))} ${pc6.dim("From".padEnd(25))} ${pc6.dim("Subject".padEnd(45))} ${pc6.dim("Date")}`
+    `  ${pc10.dim("#".padEnd(4))} ${pc10.dim("From".padEnd(25))} ${pc10.dim("Subject".padEnd(45))} ${pc10.dim("Date")}`
   );
-  console.log(pc6.dim("  " + "-".repeat(85)));
+  console.log(pc10.dim(`  ${"-".repeat(85)}`));
   emails.forEach((email, index) => {
-    const num = pc6.cyan(String(index + 1).padEnd(4));
-    const unreadMarker = email.unread ? pc6.cyan("\u25CF") : " ";
-    const from = truncate2(email.from.name || email.from.email, 23).padEnd(25);
-    const subject = truncate2(email.subject, 43).padEnd(45);
-    const date = formatDate2(email.date);
-    console.log(`${unreadMarker} ${num}${from} ${subject} ${pc6.dim(date)}`);
+    const num = pc10.cyan(String(index + 1).padEnd(4));
+    const unreadMarker = email.unread ? pc10.cyan("\u25CF") : " ";
+    const from = truncate3(email.from.name || email.from.email, 23).padEnd(25);
+    const subject = truncate3(email.subject, 43).padEnd(45);
+    const date = formatDate4(email.date);
+    console.log(`${unreadMarker} ${num}${from} ${subject} ${pc10.dim(date)}`);
   });
   console.log();
   if (pagination.hasMore) {
     console.log(
-      pc6.dim(
-        `  Showing ${emails.length} of ${pagination.total}. Use --limit to see more.`
-      )
+      pc10.dim(`  Showing ${emails.length} of ${pagination.total}. Use --limit to see more.`)
     );
     console.log();
   }
-  console.log(pc6.dim("  Read email: btcemail read <#> or btcemail read <id>"));
+  console.log(pc10.dim("  Read email: btcemail read <#> or btcemail read <id>"));
   console.log();
 }
-function truncate2(str, maxLength) {
+function truncate3(str, maxLength) {
   if (str.length <= maxLength) return str;
-  return str.slice(0, maxLength - 1) + "\u2026";
+  return `${str.slice(0, maxLength - 1)}\u2026`;
 }
-function formatDate2(dateString) {
+function formatDate4(dateString) {
   const date = new Date(dateString);
   const now = /* @__PURE__ */ new Date();
   const diffMs = now.getTime() - date.getTime();
@@ -767,248 +1405,10 @@ function formatDate2(dateString) {
       hour: "numeric",
       minute: "2-digit"
     });
-  }
-  if (diffDays < 7) {
-    return date.toLocaleDateString("en-US", { weekday: "short" });
-  }
-  return date.toLocaleDateString("en-US", {
-    month: "short",
-    day: "numeric"
-  });
-}
-
-// src/commands/credits.ts
-import pc8 from "picocolors";
-import ora6 from "ora";
-import qrcode from "qrcode-terminal";
-
-// src/utils/payment-polling.ts
-import pc7 from "picocolors";
-var SPINNER_FRAMES = ["\u280B", "\u2819", "\u2839", "\u2838", "\u283C", "\u2834", "\u2826", "\u2827", "\u2807", "\u280F"];
-async function pollForPayment(options) {
-  const { paymentHash, checkFn, maxAttempts = 120, intervalMs = 2500, onPaid } = options;
-  let frame = 0;
-  let attempts = 0;
-  process.stdout.write(`${pc7.cyan(SPINNER_FRAMES[0])} Waiting for payment...`);
-  while (attempts < maxAttempts) {
-    try {
-      const status = await checkFn(paymentHash);
-      if (status.paid) {
-        process.stdout.write("\r" + " ".repeat(50) + "\r");
-        console.log(pc7.green("\u2713") + " Payment received!");
-        if (onPaid) onPaid();
-        return status;
-      }
-    } catch {
-    }
-    frame = (frame + 1) % SPINNER_FRAMES.length;
-    const timeLeft = Math.ceil((maxAttempts - attempts) * intervalMs / 1e3 / 60);
-    process.stdout.write(
-      `\r${pc7.cyan(SPINNER_FRAMES[frame])} Waiting for payment... (${timeLeft}m remaining)`
-    );
-    await sleep2(intervalMs);
-    attempts++;
-  }
-  process.stdout.write("\r" + " ".repeat(60) + "\r");
-  console.log(pc7.yellow("\u26A0") + " Timed out waiting for payment.");
-  return { paid: false };
-}
-function sleep2(ms) {
-  return new Promise((resolve) => setTimeout(resolve, ms));
-}
-
-// src/commands/credits.ts
-async function creditsBalanceCommand() {
-  if (!isAuthenticated()) {
-    console.log(pc8.yellow("Not logged in."));
-    console.log(pc8.dim("Run `btcemail login` to authenticate."));
-    process.exit(1);
-  }
-  const spinner = ora6("Fetching balance...").start();
-  const result = await getCreditsBalance();
-  if (!result.ok) {
-    spinner.fail(`Error: ${result.error.message}`);
-    process.exit(1);
-  }
-  spinner.stop();
-  const { balanceSats, lifetimePurchasedSats, lifetimeSpentSats } = result.data;
-  console.log();
-  console.log(pc8.bold("Credit Balance"));
-  console.log();
-  console.log(`  ${pc8.green(formatSats(balanceSats))} sats`);
-  console.log();
-  if (lifetimePurchasedSats > 0 || lifetimeSpentSats > 0) {
-    console.log(pc8.dim(`  Purchased: ${formatSats(lifetimePurchasedSats)} sats`));
-    console.log(pc8.dim(`  Spent: ${formatSats(lifetimeSpentSats)} sats`));
-    console.log();
-  }
-  if (balanceSats === 0) {
-    console.log(pc8.dim("  No credits available."));
-    console.log(pc8.dim("  Run `btcemail credits purchase` to buy credits."));
-    console.log();
-  }
-}
-async function creditsHistoryCommand(options) {
-  if (!isAuthenticated()) {
-    console.log(pc8.yellow("Not logged in."));
-    console.log(pc8.dim("Run `btcemail login` to authenticate."));
-    process.exit(1);
-  }
-  const spinner = ora6("Loading transaction history...").start();
-  const result = await getCreditTransactions({
-    limit: options.limit || 20,
-    type: options.type
-  });
-  if (!result.ok) {
-    spinner.fail(`Error: ${result.error.message}`);
-    process.exit(1);
-  }
-  const { data: transactions, pagination } = result.data;
-  spinner.stop();
-  if (options.json) {
-    console.log(JSON.stringify({ transactions, pagination }, null, 2));
-    return;
-  }
-  console.log();
-  console.log(pc8.bold("Transaction History"));
-  console.log();
-  if (transactions.length === 0) {
-    console.log(pc8.dim("  No transactions found."));
-    console.log();
-    return;
-  }
-  console.log(
-    `  ${pc8.dim("Date".padEnd(12))} ${pc8.dim("Type".padEnd(15))} ${pc8.dim("Amount".padEnd(12))} ${pc8.dim("Balance")}`
-  );
-  console.log(pc8.dim("  " + "-".repeat(55)));
-  for (const tx of transactions) {
-    const date = formatDate3(tx.createdAt);
-    const type = formatTransactionType(tx.transactionType).padEnd(15);
-    const amount = formatAmount(tx.amountSats).padEnd(12);
-    const balance = formatSats(tx.balanceAfter);
-    console.log(`  ${date.padEnd(12)} ${type} ${amount} ${pc8.dim(balance)}`);
-  }
-  console.log();
-  if (pagination.hasMore) {
-    console.log(pc8.dim(`  Use --limit to see more transactions.`));
-    console.log();
-  }
-}
-async function creditsPurchaseCommand(options) {
-  if (!isAuthenticated()) {
-    console.log(pc8.yellow("Not logged in."));
-    console.log(pc8.dim("Run `btcemail login` to authenticate."));
-    process.exit(1);
-  }
-  const purchaseOptions = getCreditPurchaseOptions();
-  if (options.option === void 0) {
-    console.log();
-    console.log(pc8.bold("Purchase Options"));
-    console.log();
-    purchaseOptions.forEach((opt, index) => {
-      console.log(`  ${pc8.cyan(`[${index}]`)} ${opt.label}`);
-      console.log(`      ${pc8.dim(opt.description)}`);
-      console.log(`      ${pc8.dim(`Price: ${formatSats(opt.priceSats)} sats`)}`);
-      if (opt.bonusSats > 0) {
-        console.log(`      ${pc8.green(`+${formatSats(opt.bonusSats)} bonus sats`)}`);
-      }
-      console.log();
-    });
-    console.log(pc8.dim("  Usage: btcemail credits purchase --option <index>"));
-    console.log(pc8.dim("  Add --wait to wait for payment confirmation."));
-    console.log();
-    return;
-  }
-  if (options.option < 0 || options.option >= purchaseOptions.length) {
-    console.error(pc8.red(`Error: Invalid option. Choose 0-${purchaseOptions.length - 1}.`));
-    process.exit(1);
-  }
-  const selectedOption = purchaseOptions[options.option];
-  const spinner = ora6("Creating invoice...").start();
-  const result = await purchaseCredits(options.option);
-  if (!result.ok) {
-    spinner.fail(`Error: ${result.error.message}`);
-    process.exit(1);
-  }
-  spinner.stop();
-  const purchase = result.data;
-  if (options.json) {
-    console.log(JSON.stringify(purchase, null, 2));
-    return;
-  }
-  console.log();
-  console.log(pc8.bold("Lightning Invoice"));
-  console.log();
-  console.log(`  ${pc8.dim("Amount:")} ${formatSats(purchase.amountSats)} sats`);
-  console.log(`  ${pc8.dim("Credits:")} ${formatSats(purchase.creditsToReceive)} sats`);
-  if (purchase.bonusSats > 0) {
-    console.log(`  ${pc8.dim("Bonus:")} ${pc8.green(`+${formatSats(purchase.bonusSats)} sats`)}`);
-  }
-  console.log();
-  console.log(pc8.bold("Scan to pay:"));
-  console.log();
-  qrcode.generate(purchase.invoice, { small: true }, (qr) => {
-    const indentedQr = qr.split("\n").map((line) => "  " + line).join("\n");
-    console.log(indentedQr);
-  });
-  console.log();
-  console.log(pc8.bold("Invoice:"));
-  console.log();
-  console.log(`  ${purchase.invoice}`);
-  console.log();
-  console.log(pc8.dim(`  Payment hash: ${purchase.paymentHash}`));
-  console.log(pc8.dim(`  Expires: ${new Date(purchase.expiresAt).toLocaleString()}`));
-  console.log();
-  if (options.wait) {
-    console.log();
-    const status = await pollForPayment({
-      paymentHash: purchase.paymentHash,
-      checkFn: async (hash) => {
-        const result2 = await checkPaymentStatus(hash);
-        if (result2.ok) {
-          return { paid: result2.data.paid };
-        }
-        return { paid: false };
-      },
-      onPaid: async () => {
-        const balanceResult = await getCreditsBalance();
-        if (balanceResult.ok) {
-          console.log();
-          console.log(`${pc8.dim("New balance:")} ${pc8.green(formatSats(balanceResult.data.balanceSats))} sats`);
-        }
-      }
-    });
-    if (!status.paid) {
-      console.log(pc8.dim("  You can still pay the invoice and credits will be added."));
-    }
-    console.log();
-  } else {
-    console.log(pc8.dim("  Scan the QR code or copy the invoice above to pay."));
-    console.log(pc8.dim("  Use --wait to wait for payment confirmation."));
-    console.log();
-  }
-}
-function formatSats(sats) {
-  return sats.toLocaleString();
-}
-function formatAmount(sats) {
-  if (sats >= 0) {
-    return pc8.green(`+${formatSats(sats)}`);
-  }
-  return pc8.red(formatSats(sats));
-}
-function formatTransactionType(type) {
-  const types = {
-    topup: "Top-up",
-    email_sent: "Email Sent",
-    email_received: "Email Received",
-    refund: "Refund",
-    bonus: "Bonus"
-  };
-  return types[type] || type;
-}
-function formatDate3(dateString) {
-  const date = new Date(dateString);
+  }
+  if (diffDays < 7) {
+    return date.toLocaleDateString("en-US", { weekday: "short" });
+  }
   return date.toLocaleDateString("en-US", {
     month: "short",
     day: "numeric"
@@ -1016,13 +1416,13 @@ function formatDate3(dateString) {
 }
 
 // src/commands/send.ts
-import pc9 from "picocolors";
 import ora7 from "ora";
+import pc11 from "picocolors";
 import qrcode2 from "qrcode-terminal";
 async function sendCommand(options) {
   if (!isAuthenticated()) {
-    console.log(pc9.yellow("Not logged in."));
-    console.log(pc9.dim("Run `btcemail login` to authenticate."));
+    console.log(pc11.yellow("Not logged in."));
+    console.log(pc11.dim("Run `btcemail login` to authenticate."));
     process.exit(1);
   }
   let fromEmail = options.fromEmail;
@@ -1031,7 +1431,7 @@ async function sendCommand(options) {
     const whoamiResult = await getWhoami();
     spinner2.stop();
     if (whoamiResult.ok && whoamiResult.data.username) {
-      fromEmail = `${whoamiResult.data.username}@btc.email`;
+      fromEmail = whoamiResult.data.username;
     } else {
       const auth = getAuth();
       if (auth?.email?.endsWith("@btc.email")) {
@@ -1040,29 +1440,29 @@ async function sendCommand(options) {
     }
   }
   if (!fromEmail || !fromEmail.endsWith("@btc.email")) {
-    console.error(pc9.red("No @btc.email address found."));
-    console.log(pc9.dim("Register a username at https://btc.email"));
+    console.error(pc11.red("No @btc.email address found."));
+    console.log(pc11.dim("Register a username at https://btc.email"));
     process.exit(1);
   }
   if (!options.to) {
-    console.error(pc9.red("Recipient is required. Use --to <email>"));
+    console.error(pc11.red("Recipient is required. Use --to <email>"));
     process.exit(1);
   }
   if (!options.subject) {
-    console.error(pc9.red("Subject is required. Use --subject <text>"));
+    console.error(pc11.red("Subject is required. Use --subject <text>"));
     process.exit(1);
   }
   if (!options.body) {
-    console.error(pc9.red("Body is required. Use --body <text>"));
+    console.error(pc11.red("Body is required. Use --body <text>"));
     process.exit(1);
   }
   const toEmails = options.to.split(",").map((e) => e.trim());
   console.log();
-  console.log(pc9.bold("Sending Email"));
+  console.log(pc11.bold("Sending Email"));
   console.log();
-  console.log(`${pc9.dim("From:")}    ${fromEmail}`);
-  console.log(`${pc9.dim("To:")}      ${toEmails.join(", ")}`);
-  console.log(`${pc9.dim("Subject:")} ${options.subject}`);
+  console.log(`${pc11.dim("From:")}    ${fromEmail}`);
+  console.log(`${pc11.dim("To:")}      ${toEmails.join(", ")}`);
+  console.log(`${pc11.dim("Subject:")} ${options.subject}`);
   console.log();
   if (!options.paymentHash) {
     const spinner2 = ora7("Getting invoice...").start();
@@ -1073,17 +1473,17 @@ async function sendCommand(options) {
     spinner2.stop();
     if (invoiceResult.ok && invoiceResult.data.amountSats > 0) {
       const invoice = invoiceResult.data;
-      console.log(pc9.yellow(`Payment required: ${invoice.amountSats} sats`));
+      console.log(pc11.yellow(`Payment required: ${invoice.amountSats} sats`));
       console.log();
-      console.log(pc9.bold("Scan to pay:"));
+      console.log(pc11.bold("Scan to pay:"));
       console.log();
       qrcode2.generate(invoice.invoice, { small: true }, (qr) => {
-        const indentedQr = qr.split("\n").map((line) => "  " + line).join("\n");
+        const indentedQr = qr.split("\n").map((line) => `  ${line}`).join("\n");
         console.log(indentedQr);
       });
       console.log();
-      console.log(pc9.dim("Lightning Invoice:"));
-      console.log(pc9.cyan(invoice.invoice));
+      console.log(pc11.dim("Lightning Invoice:"));
+      console.log(pc11.cyan(invoice.invoice));
       console.log();
       if (options.wait) {
         const status = await pollForPayment({
@@ -1111,24 +1511,26 @@ async function sendCommand(options) {
           }
           sendSpinner.succeed("Email sent!");
           console.log();
-          console.log(`${pc9.dim("Email ID:")} ${result2.data.emailId}`);
+          console.log(`${pc11.dim("Email ID:")} ${result2.data.emailId}`);
           if (result2.data.messageId) {
-            console.log(`${pc9.dim("Message ID:")} ${result2.data.messageId}`);
+            console.log(`${pc11.dim("Message ID:")} ${result2.data.messageId}`);
           }
           console.log();
         } else {
-          console.log(pc9.dim("Payment not confirmed. You can still pay and resend with --payment-hash."));
+          console.log(
+            pc11.dim("Payment not confirmed. You can still pay and resend with --payment-hash.")
+          );
         }
         return;
       }
-      console.log(pc9.dim("Pay this invoice with your Lightning wallet, then run:"));
+      console.log(pc11.dim("Pay this invoice with your Lightning wallet, then run:"));
       console.log(
-        pc9.cyan(
+        pc11.cyan(
           `  btcemail send --to "${options.to}" --subject "${options.subject}" --body "${options.body}" --payment-hash ${invoice.paymentHash}`
         )
       );
       console.log();
-      console.log(pc9.dim("Or use --wait to automatically wait for payment."));
+      console.log(pc11.dim("Or use --wait to automatically wait for payment."));
       console.log();
       return;
     }
@@ -1144,7 +1546,7 @@ async function sendCommand(options) {
   if (!result.ok) {
     if (result.error.code === "PAYMENT_REQUIRED") {
       spinner.fail("Payment required to send this email.");
-      console.log(pc9.dim("Use the invoice above to pay, then include --payment-hash"));
+      console.log(pc11.dim("Use the invoice above to pay, then include --payment-hash"));
     } else {
       spinner.fail(`Error: ${result.error.message}`);
     }
@@ -1152,234 +1554,305 @@ async function sendCommand(options) {
   }
   spinner.succeed("Email sent!");
   console.log();
-  console.log(`${pc9.dim("Email ID:")} ${result.data.emailId}`);
+  console.log(`${pc11.dim("Email ID:")} ${result.data.emailId}`);
   if (result.data.messageId) {
-    console.log(`${pc9.dim("Message ID:")} ${result.data.messageId}`);
+    console.log(`${pc11.dim("Message ID:")} ${result.data.messageId}`);
   }
   console.log();
 }
 
-// src/commands/inbound.ts
-import pc10 from "picocolors";
-import ora8 from "ora";
-async function inboundDeliveredCommand(options) {
-  if (!isAuthenticated()) {
-    console.log(pc10.yellow("Not logged in."));
-    console.log(pc10.dim("Run `btcemail login` to authenticate."));
+// src/commands/settings.ts
+import pc12 from "picocolors";
+async function settingsShowCommand(options = {}) {
+  const token = getToken();
+  if (!token) {
+    console.error(pc12.red("Not logged in. Run 'btcemail login' first."));
     process.exit(1);
   }
-  const spinner = ora8("Loading delivered emails...").start();
-  const result = await getDeliveredEmails({
-    limit: options.limit || 20
-  });
+  const result = await getSettings(options.username);
   if (!result.ok) {
-    spinner.fail(`Error: ${result.error.message}`);
+    console.error(pc12.red(`Error: ${result.error.message}`));
     process.exit(1);
   }
-  const { data: emails, pagination } = result.data;
-  spinner.stop();
+  const { username, usernames, settings: settings2 } = result.data;
   if (options.json) {
-    console.log(JSON.stringify({ emails, pagination }, null, 2));
+    console.log(JSON.stringify({ username, usernames, settings: settings2 }, null, 2));
     return;
   }
   console.log();
-  console.log(pc10.bold(`Delivered (${pagination.total} paid emails received)`));
-  console.log();
-  if (emails.length === 0) {
-    console.log(pc10.dim("  No delivered emails yet."));
-    console.log();
-    return;
+  console.log(pc12.bold("Settings for ") + pc12.cyan(`${username}@btc.email`));
+  if (usernames.length > 1) {
+    console.log(pc12.dim(`(You have ${usernames.length} addresses: ${usernames.join(", ")})`));
   }
+  console.log();
+  console.log(pc12.dim("Pricing:"));
+  console.log(`  Email price: ${pc12.yellow(settings2.default_price_sats.toLocaleString())} sats`);
+  console.log();
+  console.log(pc12.dim("Toggles:"));
   console.log(
-    `  ${pc10.dim("#".padEnd(4))} ${pc10.dim("From".padEnd(28))} ${pc10.dim("Subject".padEnd(40))} ${pc10.dim("Date")}`
+    `  Require payment: ${settings2.require_payment_from_unknown ? pc12.green("on") : pc12.red("off")}`
+  );
+  console.log(
+    `  Auto-whitelist:  ${settings2.auto_whitelist_on_payment ? pc12.green("on") : pc12.red("off")}`
   );
-  console.log(pc10.dim("  " + "-".repeat(85)));
-  emails.forEach((email, index) => {
-    const num = pc10.cyan(String(index + 1).padEnd(4));
-    const from = truncate3(email.from.name || email.from.email, 26).padEnd(28);
-    const subject = truncate3(email.subject, 38).padEnd(40);
-    const date = formatDate4(email.date);
-    console.log(`  ${num}${from} ${subject} ${pc10.dim(date)}`);
-  });
   console.log();
-  if (pagination.hasMore) {
-    console.log(
-      pc10.dim(`  Showing ${emails.length} of ${pagination.total}. Use --limit to see more.`)
-    );
-    console.log();
+  console.log(pc12.dim("Auto-reply:"));
+  if (settings2.custom_auto_reply_body) {
+    console.log(`  ${pc12.italic(settings2.custom_auto_reply_body)}`);
+  } else {
+    console.log(`  ${pc12.dim("(default message)")}`);
   }
-  console.log(pc10.dim("  Read email: btcemail read <id>"));
   console.log();
 }
-async function inboundPendingCommand(options) {
-  if (!isAuthenticated()) {
-    console.log(pc10.yellow("Not logged in."));
-    console.log(pc10.dim("Run `btcemail login` to authenticate."));
+async function settingsPricingCommand(sats, options = {}) {
+  const token = getToken();
+  if (!token) {
+    console.error(pc12.red("Not logged in. Run 'btcemail login' first."));
     process.exit(1);
   }
-  const spinner = ora8("Loading pending emails...").start();
-  const result = await getPendingEmails({
-    limit: options.limit || 20
-  });
+  const price = parseInt(sats, 10);
+  if (Number.isNaN(price) || price < 0) {
+    console.error(pc12.red("Invalid price. Must be a non-negative number."));
+    process.exit(1);
+  }
+  const result = await updateSettings({ default_price_sats: price }, options.username);
   if (!result.ok) {
-    spinner.fail(`Error: ${result.error.message}`);
+    console.error(pc12.red(`Error: ${result.error.message}`));
     process.exit(1);
   }
-  const { data: emails, pagination } = result.data;
-  spinner.stop();
   if (options.json) {
-    console.log(JSON.stringify({ emails, pagination }, null, 2));
+    console.log(JSON.stringify({ success: true, price }, null, 2));
+    return;
+  }
+  console.log(pc12.green(`Email price set to ${pc12.yellow(price.toLocaleString())} sats`));
+}
+async function settingsRequirePaymentCommand(value, options = {}) {
+  const token = getToken();
+  if (!token) {
+    console.error(pc12.red("Not logged in. Run 'btcemail login' first."));
+    process.exit(1);
+  }
+  const enabled = value.toLowerCase() === "on" || value === "true" || value === "1";
+  const disabled = value.toLowerCase() === "off" || value === "false" || value === "0";
+  if (!enabled && !disabled) {
+    console.error(pc12.red("Invalid value. Use 'on' or 'off'."));
+    process.exit(1);
+  }
+  const result = await updateSettings({ require_payment_from_unknown: enabled }, options.username);
+  if (!result.ok) {
+    console.error(pc12.red(`Error: ${result.error.message}`));
+    process.exit(1);
+  }
+  console.log(pc12.green(`Require payment: ${enabled ? pc12.green("on") : pc12.red("off")}`));
+}
+async function settingsAutoWhitelistCommand(value, options = {}) {
+  const token = getToken();
+  if (!token) {
+    console.error(pc12.red("Not logged in. Run 'btcemail login' first."));
+    process.exit(1);
+  }
+  const enabled = value.toLowerCase() === "on" || value === "true" || value === "1";
+  const disabled = value.toLowerCase() === "off" || value === "false" || value === "0";
+  if (!enabled && !disabled) {
+    console.error(pc12.red("Invalid value. Use 'on' or 'off'."));
+    process.exit(1);
+  }
+  const result = await updateSettings({ auto_whitelist_on_payment: enabled }, options.username);
+  if (!result.ok) {
+    console.error(pc12.red(`Error: ${result.error.message}`));
+    process.exit(1);
+  }
+  console.log(pc12.green(`Auto-whitelist: ${enabled ? pc12.green("on") : pc12.red("off")}`));
+}
+async function settingsAutoReplyCommand(message, options = {}) {
+  const token = getToken();
+  if (!token) {
+    console.error(pc12.red("Not logged in. Run 'btcemail login' first."));
+    process.exit(1);
+  }
+  const newMessage = options.clear ? null : message || null;
+  const result = await updateSettings({ custom_auto_reply_body: newMessage }, options.username);
+  if (!result.ok) {
+    console.error(pc12.red(`Error: ${result.error.message}`));
+    process.exit(1);
+  }
+  if (options.clear) {
+    console.log(pc12.green("Auto-reply reset to default message"));
+  } else if (newMessage) {
+    console.log(pc12.green("Auto-reply message updated"));
+  } else {
+    console.log(pc12.yellow("No message provided. Use --clear to reset to default."));
+  }
+}
+
+// src/commands/stats.ts
+import pc13 from "picocolors";
+async function statsCommand(options = {}) {
+  const token = getToken();
+  if (!token) {
+    console.error(pc13.red("Not logged in. Run 'btcemail login' first."));
+    process.exit(1);
+  }
+  const result = await getStats();
+  if (!result.ok) {
+    console.error(pc13.red(`Error: ${result.error.message}`));
+    process.exit(1);
+  }
+  const { totalReceived, totalSent, pendingCount, addressCount, usernames } = result.data;
+  if (options.json) {
+    console.log(JSON.stringify(result.data, null, 2));
     return;
   }
   console.log();
-  console.log(pc10.bold(`Pending (${pagination.total} awaiting payment)`));
+  console.log(pc13.bold("Dashboard Statistics"));
   console.log();
-  if (emails.length === 0) {
-    console.log(pc10.dim("  No pending emails."));
+  console.log(`  Total Received:  ${pc13.green(`+${totalReceived.toLocaleString()}`)} sats`);
+  console.log(`  Total Sent:      ${pc13.yellow(`-${totalSent.toLocaleString()}`)} sats`);
+  console.log(`  Pending Emails:  ${pendingCount > 0 ? pc13.yellow(pendingCount) : pc13.dim("0")}`);
+  console.log(`  Active Addresses: ${addressCount}`);
+  console.log();
+  if (usernames.length > 0) {
+    console.log(pc13.dim("  Your addresses:"));
+    for (const username of usernames) {
+      console.log(`    ${pc13.cyan(username)}@btc.email`);
+    }
     console.log();
-    return;
   }
-  console.log(
-    `  ${pc10.dim("#".padEnd(4))} ${pc10.dim("From".padEnd(28))} ${pc10.dim("Subject".padEnd(35))} ${pc10.dim("Sats")}`
-  );
-  console.log(pc10.dim("  " + "-".repeat(80)));
-  emails.forEach((email, index) => {
-    const num = pc10.cyan(String(index + 1).padEnd(4));
-    const from = truncate3(email.from.name || email.from.email, 26).padEnd(28);
-    const subject = truncate3(email.subject, 33).padEnd(35);
-    const sats = pc10.yellow(String(email.amountSats));
-    console.log(`  ${num}${from} ${subject} ${sats}`);
-  });
-  console.log();
-  if (pagination.hasMore) {
-    console.log(
-      pc10.dim(`  Showing ${emails.length} of ${pagination.total}. Use --limit to see more.`)
-    );
+  if (pendingCount > 0) {
+    console.log(pc13.dim("  View pending emails: btcemail inbound pending"));
     console.log();
   }
-  console.log(pc10.dim("  View details: btcemail inbound view <id>"));
-  console.log();
 }
-async function inboundViewCommand(id, options) {
-  if (!isAuthenticated()) {
-    console.log(pc10.yellow("Not logged in."));
-    console.log(pc10.dim("Run `btcemail login` to authenticate."));
+
+// src/commands/whitelist.ts
+import pc14 from "picocolors";
+async function whitelistListCommand(options = {}) {
+  const token = getToken();
+  if (!token) {
+    console.error(pc14.red("Not logged in. Run 'btcemail login' first."));
     process.exit(1);
   }
-  const spinner = ora8("Loading email details...").start();
-  const result = await getPendingEmail(id);
+  const result = await getWhitelist(options.username);
   if (!result.ok) {
-    if (result.error.code === "NOT_FOUND") {
-      spinner.fail(`Pending email not found: ${id}`);
-    } else {
-      spinner.fail(`Error: ${result.error.message}`);
-    }
+    console.error(pc14.red(`Error: ${result.error.message}`));
     process.exit(1);
   }
-  spinner.stop();
-  const email = result.data;
+  const { username, entries } = result.data;
   if (options.json) {
-    console.log(JSON.stringify(email, null, 2));
+    console.log(JSON.stringify({ username, entries }, null, 2));
     return;
   }
   console.log();
-  console.log(pc10.bold(email.subject || "(No subject)"));
+  console.log(pc14.bold("Whitelist for ") + pc14.cyan(`${username}@btc.email`));
   console.log();
-  console.log(`${pc10.dim("From:")}    ${formatAddress2(email.from)}`);
-  console.log(`${pc10.dim("Date:")}    ${formatFullDate2(email.createdAt)}`);
-  console.log(`${pc10.dim("ID:")}      ${email.id}`);
-  console.log();
-  console.log(pc10.yellow(`Payment Required: ${email.amountSats} sats`));
-  console.log();
-  if (email.paymentHash) {
-    console.log(pc10.dim("To receive this email, pay the invoice and run:"));
-    console.log(pc10.cyan(`  btcemail inbound pay ${email.id} --payment-hash <preimage>`));
-  } else {
-    console.log(pc10.dim("Payment information not available."));
+  if (entries.length === 0) {
+    console.log(pc14.dim("  No entries in whitelist."));
+    console.log();
+    console.log(pc14.dim("  Add entries with: btcemail whitelist add <email>"));
+    console.log(pc14.dim("  Or for domains:   btcemail whitelist add @domain.com"));
+    console.log();
+    return;
   }
+  console.log(pc14.dim(`  ${entries.length} ${entries.length === 1 ? "entry" : "entries"}:`));
   console.log();
-  console.log(pc10.dim("-".repeat(60)));
-  console.log();
-  console.log(pc10.dim("Preview (full content available after payment):"));
-  console.log();
-  console.log(truncate3(email.bodyText || email.body, 200));
+  for (const entry of entries) {
+    const value = entry.sender_email || `@${entry.sender_domain}`;
+    const via = entry.added_via !== "manual" ? pc14.dim(` (via ${entry.added_via})`) : "";
+    const note = entry.note ? pc14.dim(` - ${entry.note}`) : "";
+    console.log(`  ${pc14.green(value)}${via}${note}`);
+    console.log(pc14.dim(`    ID: ${entry.id}`));
+  }
   console.log();
 }
-async function inboundPayCommand(id, options) {
-  if (!isAuthenticated()) {
-    console.log(pc10.yellow("Not logged in."));
-    console.log(pc10.dim("Run `btcemail login` to authenticate."));
+async function whitelistAddCommand(entry, options = {}) {
+  const token = getToken();
+  if (!token) {
+    console.error(pc14.red("Not logged in. Run 'btcemail login' first."));
     process.exit(1);
   }
-  if (!options.paymentHash) {
-    console.error(pc10.red("Payment hash is required. Use --payment-hash <preimage>"));
+  const isDomain = entry.startsWith("@");
+  const payload = isDomain ? { domain: entry.slice(1), note: options.note } : { email: entry, note: options.note };
+  const result = await addToWhitelist(payload, options.username);
+  if (!result.ok) {
+    console.error(pc14.red(`Error: ${result.error.message}`));
     process.exit(1);
   }
-  const spinner = ora8("Verifying payment...").start();
-  const result = await payForEmail(id, options.paymentHash);
+  if (options.json) {
+    console.log(JSON.stringify({ success: true, entry: result.data.entry }, null, 2));
+    return;
+  }
+  console.log(pc14.green(`Added to whitelist: ${pc14.cyan(entry)}`));
+}
+async function whitelistRemoveCommand(id, options = {}) {
+  const token = getToken();
+  if (!token) {
+    console.error(pc14.red("Not logged in. Run 'btcemail login' first."));
+    process.exit(1);
+  }
+  const result = await removeFromWhitelist(id);
   if (!result.ok) {
-    if (result.error.code === "PAYMENT_INVALID") {
-      spinner.fail("Payment verification failed.");
-      console.log(pc10.dim("Make sure you paid the correct invoice and provided the preimage."));
-    } else if (result.error.code === "NOT_FOUND") {
-      spinner.fail(`Pending email not found or already delivered: ${id}`);
-    } else {
-      spinner.fail(`Error: ${result.error.message}`);
-    }
+    console.error(pc14.red(`Error: ${result.error.message}`));
     process.exit(1);
   }
-  spinner.succeed("Payment verified! Email delivered.");
-  console.log();
-  console.log(`${pc10.dim("Email ID:")} ${result.data.emailId}`);
-  console.log(`${pc10.dim("Status:")}   ${result.data.status}`);
-  console.log();
-  console.log(pc10.dim(`Read email: btcemail read ${result.data.emailId}`));
-  console.log();
-}
-function truncate3(str, maxLength) {
-  if (str.length <= maxLength) return str;
-  return str.slice(0, maxLength - 1) + "\u2026";
-}
-function formatAddress2(addr) {
-  if (addr.name) {
-    return `${addr.name} <${addr.email}>`;
+  if (options.json) {
+    console.log(JSON.stringify({ success: true }, null, 2));
+    return;
   }
-  return addr.email;
-}
-function formatFullDate2(dateString) {
-  const date = new Date(dateString);
-  return date.toLocaleString("en-US", {
-    weekday: "short",
-    year: "numeric",
-    month: "short",
-    day: "numeric",
-    hour: "numeric",
-    minute: "2-digit"
-  });
+  console.log(pc14.green("Removed from whitelist"));
 }
-function formatDate4(dateString) {
-  const date = new Date(dateString);
-  const now = /* @__PURE__ */ new Date();
-  const diffMs = now.getTime() - date.getTime();
-  const diffDays = Math.floor(diffMs / (1e3 * 60 * 60 * 24));
-  if (diffDays === 0) {
-    return date.toLocaleTimeString("en-US", {
-      hour: "numeric",
-      minute: "2-digit"
-    });
+
+// src/commands/whoami.ts
+import ora8 from "ora";
+import pc15 from "picocolors";
+async function whoamiCommand() {
+  if (!isAuthenticated()) {
+    console.log(pc15.yellow("Not logged in."));
+    console.log(pc15.dim("Run `btcemail login` to authenticate."));
+    process.exit(1);
   }
-  if (diffDays < 7) {
-    return date.toLocaleDateString("en-US", { weekday: "short" });
+  const auth = getAuth();
+  if (!auth) {
+    console.log(pc15.yellow("Not logged in."));
+    process.exit(1);
+  }
+  const spinner = ora8("Fetching account info...").start();
+  const result = await getWhoami();
+  spinner.stop();
+  if (result.ok) {
+    console.log();
+    console.log(pc15.bold("Current User"));
+    console.log();
+    console.log(`  ${pc15.dim("Email:")}    ${result.data.email}`);
+    if (result.data.username) {
+      console.log(`  ${pc15.dim("Username:")} ${result.data.username}@btc.email`);
+    }
+    console.log(`  ${pc15.dim("User ID:")}  ${result.data.id}`);
+    const expiryInfo = getTokenExpiryInfo();
+    if (expiryInfo.expiresIn) {
+      const expiryColor = isTokenExpiringSoon() ? pc15.yellow : pc15.dim;
+      console.log(`  ${pc15.dim("Session:")}  ${expiryColor(`expires in ${expiryInfo.expiresIn}`)}`);
+    }
+    console.log();
+    if (isTokenExpiringSoon()) {
+      console.log(pc15.yellow("Session expiring soon. Run `btcemail login` to refresh."));
+      console.log();
+    }
+  } else {
+    console.log();
+    console.log(pc15.bold("Current User") + pc15.dim(" (cached)"));
+    console.log();
+    console.log(`  ${pc15.dim("Email:")}   ${auth.email}`);
+    console.log(`  ${pc15.dim("User ID:")} ${auth.userId}`);
+    console.log();
+    if (result.error.code === "UNAUTHENTICATED" || result.error.code === "UNAUTHORIZED") {
+      console.log(pc15.yellow("Session expired. Run `btcemail login` to re-authenticate."));
+    }
   }
-  return date.toLocaleDateString("en-US", {
-    month: "short",
-    day: "numeric"
-  });
 }
 
 // src/index.ts
 var program = new Command();
-program.name("btcemail").description("btc.email CLI - Spam-free email powered by Bitcoin Lightning").version("0.3.0");
+program.name("btcemail").description("btc.email CLI - Spam-free email powered by Bitcoin Lightning").version("0.4.0");
 program.command("login").description("Authenticate with btc.email (opens browser)").action(loginCommand);
 program.command("logout").description("Clear stored credentials").action(logoutCommand);
 program.command("whoami").description("Show current authenticated user").action(whoamiCommand);
@@ -1410,7 +1883,13 @@ program.command("send").description("Send an email (with Lightning payment)").op
     wait: options.wait
   });
 });
-var inbound = program.command("inbound").description("Manage inbound emails (pending and delivered)");
+program.command("bin").description("List pending inbound emails (alias for 'inbound pending')").option("-l, --limit <number>", "Number of emails to show", "20").option("--json", "Output as JSON").action(async (options) => {
+  await inboundPendingCommand({
+    limit: parseInt(options.limit, 10),
+    json: options.json
+  });
+});
+var inbound = program.command("inbound").alias("in").description("Manage inbound emails (pending and delivered)");
 inbound.command("pending").alias("p").description("List pending emails awaiting payment").option("-l, --limit <number>", "Number of emails to show", "20").option("--json", "Output as JSON").action(async (options) => {
   await inboundPendingCommand({
     limit: parseInt(options.limit, 10),
@@ -1429,6 +1908,9 @@ inbound.command("view <id>").description("View pending email details and payment
 inbound.command("pay <id>").description("Pay for a pending email").requiredOption("--payment-hash <hash>", "Payment preimage from Lightning invoice").action(async (id, options) => {
   await inboundPayCommand(id, { paymentHash: options.paymentHash });
 });
+inbound.command("accept <id>").alias("a").description("Accept email without payment and whitelist sender").option("--no-whitelist", "Don't add sender to whitelist").action(async (id, options) => {
+  await inboundAcceptCommand(id, { noWhitelist: options.whitelist === false });
+});
 var credits = program.command("credits").description("Manage credits");
 credits.command("balance").alias("bal").description("Show credit balance").action(creditsBalanceCommand);
 credits.command("history").description("Show transaction history").option("-l, --limit <number>", "Number of transactions to show", "20").option("-t, --type <type>", "Filter by type (topup, email_sent, email_received, refund, bonus)").option("--json", "Output as JSON").action(async (options) => {
@@ -1445,9 +1927,78 @@ credits.command("purchase").alias("buy").description("Purchase credits with Ligh
     wait: options.wait
   });
 });
+var settings = program.command("settings").description("Manage email pricing and preferences");
+settings.command("show").description("Show current settings").option("-u, --username <name>", "Specific @btc.email address").option("--json", "Output as JSON").action(async (options) => {
+  await settingsShowCommand({ username: options.username, json: options.json });
+});
+settings.command("pricing <sats>").description("Set email price in sats").option("-u, --username <name>", "Specific @btc.email address").option("--json", "Output as JSON").action(async (sats, options) => {
+  await settingsPricingCommand(sats, { username: options.username, json: options.json });
+});
+settings.command("require-payment <on|off>").description("Toggle payment requirement for unknown senders").option("-u, --username <name>", "Specific @btc.email address").action(async (value, options) => {
+  await settingsRequirePaymentCommand(value, { username: options.username });
+});
+settings.command("auto-whitelist <on|off>").description("Toggle auto-whitelist after payment").option("-u, --username <name>", "Specific @btc.email address").action(async (value, options) => {
+  await settingsAutoWhitelistCommand(value, { username: options.username });
+});
+settings.command("auto-reply [message]").description("Set custom auto-reply message").option("-u, --username <name>", "Specific @btc.email address").option("--clear", "Reset to default message").action(async (message, options) => {
+  await settingsAutoReplyCommand(message, { username: options.username, clear: options.clear });
+});
+settings.action(async () => {
+  await settingsShowCommand({});
+});
+var whitelist = program.command("whitelist").alias("wl").description("Manage senders who can email you for free");
+whitelist.command("list").description("List whitelist entries").option("-u, --username <name>", "Specific @btc.email address").option("--json", "Output as JSON").action(async (options) => {
+  await whitelistListCommand({ username: options.username, json: options.json });
+});
+whitelist.command("add <entry>").description("Add email or @domain to whitelist").option("-u, --username <name>", "Specific @btc.email address").option("-n, --note <note>", "Optional note").option("--json", "Output as JSON").action(async (entry, options) => {
+  await whitelistAddCommand(entry, {
+    username: options.username,
+    note: options.note,
+    json: options.json
+  });
+});
+whitelist.command("remove <id>").description("Remove entry from whitelist by ID").option("--json", "Output as JSON").action(async (id, options) => {
+  await whitelistRemoveCommand(id, { json: options.json });
+});
+whitelist.action(async () => {
+  await whitelistListCommand({});
+});
+var blocklist = program.command("blocklist").alias("bl").description("Manage blocked senders");
+blocklist.command("list").description("List blocklist entries").option("-u, --username <name>", "Specific @btc.email address").option("--json", "Output as JSON").action(async (options) => {
+  await blocklistListCommand({ username: options.username, json: options.json });
+});
+blocklist.command("add <entry>").description("Add email or @domain to blocklist").option("-u, --username <name>", "Specific @btc.email address").option("-r, --reason <reason>", "Optional reason").option("--json", "Output as JSON").action(async (entry, options) => {
+  await blocklistAddCommand(entry, {
+    username: options.username,
+    reason: options.reason,
+    json: options.json
+  });
+});
+blocklist.command("remove <id>").description("Remove entry from blocklist by ID").option("--json", "Output as JSON").action(async (id, options) => {
+  await blocklistRemoveCommand(id, { json: options.json });
+});
+blocklist.action(async () => {
+  await blocklistListCommand({});
+});
+var network = program.command("network").description("Manage Lightning network mode");
+network.command("show").description("Show current network mode").option("--json", "Output as JSON").action(async (options) => {
+  await networkShowCommand({ json: options.json });
+});
+network.command("testnet").description("Switch to testnet (fake Bitcoin)").option("--json", "Output as JSON").action(async (options) => {
+  await networkSwitchCommand("testnet", { json: options.json });
+});
+network.command("mainnet").description("Switch to mainnet (real Bitcoin)").option("--json", "Output as JSON").action(async (options) => {
+  await networkSwitchCommand("mainnet", { json: options.json });
+});
+network.action(async () => {
+  await networkShowCommand({});
+});
+program.command("stats").description("Show dashboard statistics").option("--json", "Output as JSON").action(async (options) => {
+  await statsCommand({ json: options.json });
+});
 program.action(() => {
   console.log();
-  console.log(pc11.bold("btc.email CLI") + pc11.dim(" - Spam-free email powered by Bitcoin Lightning"));
+  console.log(pc16.bold("btc.email CLI") + pc16.dim(" - Spam-free email powered by Bitcoin Lightning"));
   console.log();
   program.outputHelp();
 });