@debugbundle/cli 0.1.1 → 0.1.2

package/dist/main.cjs

@@ -14547,6 +14547,26 @@ var InlineProbeDataSchema = external_exports.object({
   version: external_exports.literal(1),
   items: external_exports.array(InlineProbeDataItemSchema)
 }).strict();
+var RuntimeMemoryStatsSchema = external_exports.object({
+  rss: external_exports.number().nonnegative().nullable(),
+  heap_total: external_exports.number().nonnegative().nullable(),
+  heap_used: external_exports.number().nonnegative().nullable(),
+  external: external_exports.number().nonnegative().nullable(),
+  peak: external_exports.number().nonnegative().nullable()
+}).strict();
+var BackendRuntimePayloadSchema = external_exports.object({
+  version: external_exports.string().min(1),
+  platform: external_exports.string().min(1).nullable().optional(),
+  arch: external_exports.string().min(1).nullable().optional(),
+  pid: external_exports.number().int().nonnegative().nullable().optional(),
+  cwd: external_exports.string().min(1).nullable().optional(),
+  uptime_sec: external_exports.number().nonnegative().nullable().optional(),
+  hostname: external_exports.string().min(1).nullable().optional(),
+  thread_id: external_exports.union([external_exports.string(), external_exports.number()]).nullable().optional(),
+  framework_version: external_exports.string().min(1).nullable().optional(),
+  memory: RuntimeMemoryStatsSchema.nullable().optional(),
+  framework_extras: external_exports.record(external_exports.string(), external_exports.unknown()).nullable().optional()
+}).strict();
 var BackendExceptionPayloadSchema = external_exports.object({
   name: external_exports.string().min(1),
   message: external_exports.string().min(1),
@@ -14564,9 +14584,7 @@ var BackendExceptionPayloadSchema = external_exports.object({
     headers: external_exports.record(external_exports.string(), external_exports.unknown()).optional(),
     body: external_exports.unknown().optional()
   }),
-  runtime: external_exports.object({
-    version: external_exports.string().min(1)
-  }),
+  runtime: BackendRuntimePayloadSchema,
   probe_data: InlineProbeDataSchema.optional()
 }).strict();
 var RequestEventPayloadSchema = external_exports.object({
@@ -14837,13 +14855,7 @@ var ContextDeploySchema = external_exports.object({
   deployed_at: external_exports.string().datetime().nullable(),
   regression_window: external_exports.boolean().nullable()
 });
-var MemoryStatsSchema = external_exports.object({
-  rss: external_exports.number().nonnegative().nullable(),
-  heap_total: external_exports.number().nonnegative().nullable(),
-  heap_used: external_exports.number().nonnegative().nullable(),
-  external: external_exports.number().nonnegative().nullable(),
-  peak: external_exports.number().nonnegative().nullable()
-});
+var MemoryStatsSchema = RuntimeMemoryStatsSchema;
 var ContextRuntimeSchema = external_exports.object({
   version: external_exports.literal(1),
   name: external_exports.string().min(1),
@@ -16221,9 +16233,11 @@ function deriveIncidentReasonFromSourceEventTypes(eventTypes) {
   return null;
 }
 
-// ../../packages/auth/src/index.ts
+// ../../packages/auth/src/primitives.ts
 var import_argon2 = require("@node-rs/argon2");
-var DEFAULT_SESSION_LIFETIME_MS = 1e3 * 60 * 60 * 4;
+
+// ../../packages/auth/src/web-session-auth.ts
+var DEFAULT_SESSION_LIFETIME_MS = 1e3 * 60 * 60 * 24 * 7;
 var DEFAULT_EMAIL_AUTH_CODE_LIFETIME_MS = 1e3 * 60 * 10;
 var DEFAULT_GITHUB_OAUTH_STATE_LIFETIME_MS = 1e3 * 60 * 10;
 
@@ -16551,6 +16565,37 @@ var STORAGE_SCHEMA_MIGRATIONS = [
       "ALTER TABLE organizations ADD COLUMN IF NOT EXISTS suspended_at timestamptz",
       "ALTER TABLE organization_members ADD COLUMN IF NOT EXISTS suspended_at timestamptz"
     ]
+  }),
+  defineStorageSchemaMigration({
+    id: "202605120001_add_github_device_authorizations",
+    description: "Add persisted GitHub CLI bootstrap state for device-flow login.",
+    statements: [
+      `
+        CREATE TABLE IF NOT EXISTS github_device_authorizations (
+          id uuid PRIMARY KEY,
+          device_code text NOT NULL UNIQUE,
+          user_code text NOT NULL,
+          verification_uri text NOT NULL,
+          interval_seconds integer NOT NULL,
+          expires_at timestamptz NOT NULL,
+          accepted_terms_at timestamptz,
+          created_at timestamptz NOT NULL DEFAULT now(),
+          completed_at timestamptz,
+          claimed_at timestamptz,
+          terminal_error text,
+          user_id uuid REFERENCES users(id) ON DELETE SET NULL,
+          organization_id uuid REFERENCES organizations(id) ON DELETE SET NULL
+        )
+      `,
+      `
+        CREATE INDEX IF NOT EXISTS github_device_authorizations_user_code_idx
+        ON github_device_authorizations (user_code, created_at DESC)
+      `,
+      `
+        CREATE INDEX IF NOT EXISTS github_device_authorizations_expires_at_idx
+        ON github_device_authorizations (expires_at)
+      `
+    ]
   })
 ];
 
@@ -17289,7 +17334,7 @@ async function countCloudArtifactCache(dependencies) {
 }
 
 // src/connect-command.ts
-var import_promises7 = require("node:fs/promises");
+var import_promises8 = require("node:fs/promises");
 var import_node_path9 = require("node:path");
 
 // ../../packages/project-management-client/src/index.ts
@@ -17732,7 +17777,8 @@ function createAlertApi(client) {
       const body = {
         project_id: input.projectId,
         channel: input.channel,
-        condition_type: input.conditionType
+        condition_type: input.conditionType,
+        config: input.config
       };
       if (input.serviceId !== void 0) {
         body.service_id = input.serviceId;
@@ -17740,9 +17786,6 @@ function createAlertApi(client) {
       if (input.severityMin !== void 0) {
         body.severity_min = input.severityMin;
       }
-      if (input.config !== void 0) {
-        body.config = input.config;
-      }
       if (input.isEnabled !== void 0) {
         body.is_enabled = input.isEnabled;
       }
@@ -18979,6 +19022,531 @@ async function readConnectionConfig(rootDirectory, readFile) {
   return parsed.data;
 }
 
+// src/interactive-auth.ts
+var import_node_process = require("node:process");
+var import_promises7 = require("node:readline/promises");
+function isInteractiveTerminal() {
+  return import_node_process.stdin.isTTY === true && import_node_process.stdout.isTTY === true;
+}
+async function promptForInteractiveLoginSelection() {
+  const readlineInterface = (0, import_promises7.createInterface)({
+    input: import_node_process.stdin,
+    output: import_node_process.stdout
+  });
+  try {
+    import_node_process.stdout.write(
+      [
+        "Choose an authentication method:",
+        "1. GitHub (auto: use gh if available, otherwise device flow)",
+        "2. GitHub device flow",
+        "3. Existing member token",
+        "4. Cancel"
+      ].join("\n") + "\n"
+    );
+    for (; ; ) {
+      const selection = (await readlineInterface.question("Selection [1-4]: ")).trim();
+      if (selection === "1") {
+        return { kind: "github" };
+      }
+      if (selection === "2") {
+        return { kind: "github-device" };
+      }
+      if (selection === "3") {
+        const bearerToken = (await readlineInterface.question("Paste your member token: ")).trim();
+        if (bearerToken.length > 0) {
+          return {
+            kind: "member-token",
+            bearerToken
+          };
+        }
+        import_node_process.stdout.write("Member token cannot be empty.\n");
+        continue;
+      }
+      if (selection === "4") {
+        return { kind: "cancel" };
+      }
+      import_node_process.stdout.write("Enter 1, 2, 3, or 4.\n");
+    }
+  } finally {
+    readlineInterface.close();
+  }
+}
+
+// src/login-command.ts
+var import_node_child_process = require("node:child_process");
+var import_node_util = require("node:util");
+var execFile = (0, import_node_util.promisify)(import_node_child_process.execFile);
+var DEFAULT_BASE_URL = "https://api.debugbundle.com";
+var DEFAULT_GITHUB_BOOTSTRAP_LABEL = "GitHub bootstrap";
+var MIN_DEVICE_POLL_INTERVAL_SECONDS = 7;
+var LoginCommandInputSchema = external_exports.object({
+  bearerToken: external_exports.string().trim().min(1).optional(),
+  baseUrl: external_exports.string().url().default(DEFAULT_BASE_URL),
+  github: external_exports.boolean().optional(),
+  githubCli: external_exports.boolean().optional(),
+  githubDevice: external_exports.boolean().optional(),
+  label: external_exports.string().trim().min(1).max(120).default(DEFAULT_GITHUB_BOOTSTRAP_LABEL)
+}).superRefine((value, context) => {
+  const githubModeCount = [value.github, value.githubCli, value.githubDevice].filter((flag) => flag === true).length;
+  if (githubModeCount > 1) {
+    context.addIssue({
+      code: external_exports.ZodIssueCode.custom,
+      message: "github_mode_conflict"
+    });
+  }
+  if (value.bearerToken !== void 0 && githubModeCount > 0) {
+    context.addIssue({
+      code: external_exports.ZodIssueCode.custom,
+      message: "login_mode_conflict"
+    });
+  }
+  if (value.bearerToken === void 0 && githubModeCount === 0) {
+    context.addIssue({
+      code: external_exports.ZodIssueCode.custom,
+      message: "login_mode_missing"
+    });
+  }
+});
+var ApiErrorResponseSchema9 = external_exports.object({
+  error: external_exports.string()
+}).strict();
+var DeviceStartResponseSchema = external_exports.object({
+  request_id: external_exports.string().uuid(),
+  user_code: external_exports.string().min(1),
+  verification_uri: external_exports.string().url(),
+  interval_seconds: external_exports.number().int().positive(),
+  expires_at: external_exports.string().datetime()
+}).strict();
+var DevicePollResponseSchema = external_exports.discriminatedUnion("status", [
+  external_exports.object({
+    status: external_exports.literal("pending"),
+    interval_seconds: external_exports.number().int().positive(),
+    expires_at: external_exports.string().datetime()
+  }).strict(),
+  external_exports.object({
+    status: external_exports.enum(["approved", "claimed"]),
+    expires_at: external_exports.string().datetime()
+  }).strict(),
+  external_exports.object({
+    status: external_exports.enum(["denied", "expired", "rejected"]),
+    reason: external_exports.string(),
+    expires_at: external_exports.string().datetime()
+  }).strict()
+]);
+var MemberTokenResponseSchema = external_exports.object({
+  token: external_exports.object({
+    token_id: external_exports.string(),
+    user_id: external_exports.string(),
+    organization_id: external_exports.string(),
+    label: external_exports.string(),
+    created_at: external_exports.string(),
+    last_used_at: external_exports.string().nullable(),
+    revoked_at: external_exports.string().nullable(),
+    expires_at: external_exports.string().nullable(),
+    plaintext: external_exports.string()
+  }).strict()
+}).strict();
+var LoginApiError = class extends Error {
+  status;
+  code;
+  constructor(status, code) {
+    super(`login_api_error: ${status}:${code}`);
+    this.status = status;
+    this.code = code;
+  }
+};
+function normalizeBaseUrl2(baseUrl) {
+  return baseUrl.endsWith("/") ? baseUrl.slice(0, -1) : baseUrl;
+}
+function formatLoginOutput(authState, authFilePath) {
+  return [
+    "Authenticated: yes",
+    `Base URL: ${authState.base_url}`,
+    `Auth File: ${authFilePath}`,
+    `Token: ${buildTokenPreview(authState.bearer_token)}`
+  ].join("\n");
+}
+function validateMemberToken(token) {
+  return token.startsWith("dbundle_mem_");
+}
+function resolveLoginMode(input) {
+  if (input.bearerToken !== void 0) {
+    return "token";
+  }
+  if (input.githubCli === true) {
+    return "github-cli";
+  }
+  if (input.githubDevice === true) {
+    return "github-device";
+  }
+  return "github";
+}
+function hasExplicitLoginMode(input) {
+  return input.bearerToken !== void 0 || input.github === true || input.githubCli === true || input.githubDevice === true;
+}
+async function maybePromptForLoginInput(input, dependencies) {
+  if (hasExplicitLoginMode(input) || input.json === true) {
+    return input;
+  }
+  const interactive = (dependencies?.isInteractiveTerminal ?? isInteractiveTerminal)();
+  if (!interactive) {
+    return input;
+  }
+  const selection = await (dependencies?.promptForInteractiveLogin ?? promptForInteractiveLoginSelection)();
+  if (selection.kind === "cancel") {
+    return {
+      exitCode: 4,
+      output: "Authentication cancelled."
+    };
+  }
+  if (selection.kind === "member-token") {
+    return {
+      ...input,
+      bearerToken: selection.bearerToken
+    };
+  }
+  if (selection.kind === "github-device") {
+    return {
+      ...input,
+      githubDevice: true
+    };
+  }
+  return {
+    ...input,
+    github: true
+  };
+}
+function mapInputValidationError(parsedInput) {
+  if (parsedInput.error.issues.some((issue) => issue.message === "github_mode_conflict")) {
+    return "Choose only one of --github, --github-cli, or --github-device.";
+  }
+  if (parsedInput.error.issues.some((issue) => issue.message === "login_mode_conflict")) {
+    return "Use either a member token or a GitHub login mode, not both.";
+  }
+  if (parsedInput.error.issues.some((issue) => issue.message === "login_mode_missing")) {
+    return "Provide either a member token or one of --github, --github-cli, or --github-device.";
+  }
+  return "Invalid login options.";
+}
+function mapApiErrorToMessage(error) {
+  switch (error.code) {
+    case "auth_not_configured":
+      return "GitHub login is not configured on this DebugBundle API.";
+    case "github_device_flow_disabled":
+      return "GitHub device flow is not enabled for this DebugBundle API.";
+    case "github_oauth_unavailable":
+      return "GitHub OAuth is temporarily unavailable.";
+    case "invalid_github_token":
+      return "The local GitHub CLI token was rejected by DebugBundle.";
+    case "github_device_request_not_found":
+      return "GitHub device authorization request was not found.";
+    case "github_device_auth_pending":
+      return "GitHub device authorization has not completed yet.";
+    case "github_device_auth_expired":
+      return "GitHub device authorization expired before it could be claimed.";
+    case "github_device_auth_claimed":
+      return "GitHub device authorization was already claimed.";
+    case "github_device_auth_rejected":
+      return "GitHub device authorization was rejected.";
+    case "github_email_unavailable":
+      return "GitHub did not provide a verified primary email address.";
+    case "account_signup_disabled":
+      return "This DebugBundle workspace does not allow new account signups for this GitHub identity.";
+    case "account_suspended":
+      return "This DebugBundle account is suspended.";
+    case "rate_limited":
+      return "GitHub login was rate limited. Please wait and try again.";
+    default:
+      return `GitHub login failed: ${error.code}`;
+  }
+}
+async function parseResponseBody2(response) {
+  const rawBody = await response.text();
+  if (rawBody.length === 0) {
+    return null;
+  }
+  try {
+    return JSON.parse(rawBody);
+  } catch {
+    return rawBody;
+  }
+}
+async function requestJson(input, dependencies) {
+  const fetchImpl = dependencies?.fetchImpl ?? fetch;
+  const response = await fetchImpl(`${normalizeBaseUrl2(input.baseUrl)}${input.path}`, {
+    method: input.method,
+    headers: {
+      accept: "application/json",
+      "content-type": "application/json"
+    },
+    body: JSON.stringify(input.body)
+  });
+  const body = await parseResponseBody2(response);
+  if (response.status < 200 || response.status >= 300) {
+    const parsedError = ApiErrorResponseSchema9.safeParse(body);
+    throw new LoginApiError(response.status, parsedError.success ? parsedError.data.error : "unknown_error");
+  }
+  return body;
+}
+async function readGitHubAccessTokenFromGh() {
+  try {
+    const result = await execFile("gh", ["auth", "token"]);
+    const token = result.stdout.trim();
+    return token.length > 0 ? token : null;
+  } catch {
+    return null;
+  }
+}
+async function exchangeGitHubToken(input, dependencies) {
+  const body = await requestJson(
+    {
+      baseUrl: input.baseUrl,
+      method: "POST",
+      path: "/v1/auth/github/token/exchange",
+      body: {
+        github_access_token: input.githubAccessToken,
+        label: input.label,
+        accepted_terms: true
+      }
+    },
+    dependencies
+  );
+  return MemberTokenResponseSchema.parse(body);
+}
+async function startGitHubDeviceFlow(input, dependencies) {
+  const body = await requestJson(
+    {
+      baseUrl: input.baseUrl,
+      method: "POST",
+      path: "/v1/auth/github/device/start",
+      body: {
+        accepted_terms: true
+      }
+    },
+    dependencies
+  );
+  return DeviceStartResponseSchema.parse(body);
+}
+async function pollGitHubDeviceFlow(input, dependencies) {
+  const body = await requestJson(
+    {
+      baseUrl: input.baseUrl,
+      method: "POST",
+      path: "/v1/auth/github/device/poll",
+      body: {
+        request_id: input.requestId
+      }
+    },
+    dependencies
+  );
+  return DevicePollResponseSchema.parse(body);
+}
+async function claimGitHubDeviceFlow(input, dependencies) {
+  const body = await requestJson(
+    {
+      baseUrl: input.baseUrl,
+      method: "POST",
+      path: "/v1/auth/github/device/claim",
+      body: {
+        request_id: input.requestId,
+        label: input.label
+      }
+    },
+    dependencies
+  );
+  return MemberTokenResponseSchema.parse(body);
+}
+function formatPersistedSuccess(input, dependencies) {
+  const authState = {
+    bearer_token: input.bearerToken,
+    base_url: input.baseUrl
+  };
+  return dependencies.writeAuthState({
+    ...input.authFilePath === void 0 ? {} : { authFilePath: input.authFilePath },
+    authState
+  }).then((persistedPath) => {
+    const authFilePath = persistedPath ?? input.authFilePath ?? "";
+    const payload = {
+      authenticated: true,
+      auth: {
+        base_url: authState.base_url,
+        token_preview: buildTokenPreview(authState.bearer_token)
+      },
+      auth_file_path: authFilePath
+    };
+    return {
+      exitCode: 0,
+      output: input.json ? JSON.stringify(payload) : formatLoginOutput(authState, authFilePath)
+    };
+  });
+}
+function buildProgressReporter(dependency) {
+  if (dependency !== void 0) {
+    return dependency;
+  }
+  return (text) => {
+    process.stderr.write(`${text}
+`);
+  };
+}
+async function loginCommand(input, dependencies) {
+  const promptedInput = await maybePromptForLoginInput(input, dependencies);
+  if ("exitCode" in promptedInput) {
+    return promptedInput;
+  }
+  const parsedInput = LoginCommandInputSchema.safeParse({
+    bearerToken: promptedInput.bearerToken,
+    baseUrl: promptedInput.baseUrl ?? DEFAULT_BASE_URL,
+    github: promptedInput.github,
+    githubCli: promptedInput.githubCli,
+    githubDevice: promptedInput.githubDevice,
+    label: promptedInput.label ?? DEFAULT_GITHUB_BOOTSTRAP_LABEL
+  });
+  if (!parsedInput.success) {
+    return {
+      exitCode: 4,
+      output: mapInputValidationError(parsedInput)
+    };
+  }
+  const normalizedInput = parsedInput.data;
+  const writeAuthState = dependencies?.writeAuthState ?? persistCliAuthState;
+  try {
+    if (resolveLoginMode(normalizedInput) === "token") {
+      if (!validateMemberToken(normalizedInput.bearerToken)) {
+        return {
+          exitCode: 4,
+          output: "Invalid member token."
+        };
+      }
+      return await formatPersistedSuccess(
+        {
+          baseUrl: normalizedInput.baseUrl,
+          bearerToken: normalizedInput.bearerToken,
+          ...promptedInput.json === void 0 ? {} : { json: promptedInput.json },
+          ...promptedInput.authFilePath === void 0 ? {} : { authFilePath: promptedInput.authFilePath }
+        },
+        { writeAuthState }
+      );
+    }
+    const readGitHubAccessToken = dependencies?.readGitHubAccessToken ?? readGitHubAccessTokenFromGh;
+    const sleep = dependencies?.sleep ?? ((ms) => new Promise((resolve) => setTimeout(resolve, ms)));
+    const reportProgress = buildProgressReporter(dependencies?.reportProgress);
+    const loginMode = resolveLoginMode(normalizedInput);
+    if (loginMode !== "github-device") {
+      const githubAccessToken = await readGitHubAccessToken();
+      if (githubAccessToken !== null) {
+        reportProgress("Using existing GitHub CLI authentication.");
+        try {
+          const exchanged = await exchangeGitHubToken(
+            {
+              baseUrl: normalizedInput.baseUrl,
+              githubAccessToken,
+              label: normalizedInput.label
+            },
+            dependencies
+          );
+          return await formatPersistedSuccess(
+            {
+              baseUrl: normalizedInput.baseUrl,
+              bearerToken: exchanged.token.plaintext,
+              ...promptedInput.json === void 0 ? {} : { json: promptedInput.json },
+              ...promptedInput.authFilePath === void 0 ? {} : { authFilePath: promptedInput.authFilePath }
+            },
+            { writeAuthState }
+          );
+        } catch (error) {
+          if (!(error instanceof LoginApiError)) {
+            throw error;
+          }
+          if (loginMode === "github-cli" || error.code !== "invalid_github_token") {
+            return {
+              exitCode: error.status === 401 || error.status === 403 ? 4 : 1,
+              output: mapApiErrorToMessage(error)
+            };
+          }
+          reportProgress("The local GitHub CLI token was not accepted. Falling back to device flow.");
+        }
+      } else if (loginMode === "github-cli") {
+        return {
+          exitCode: 4,
+          output: "GitHub CLI is not authenticated on this machine."
+        };
+      } else {
+        reportProgress("GitHub CLI is not authenticated. Falling back to device flow.");
+      }
+    }
+    const started = await startGitHubDeviceFlow(
+      {
+        baseUrl: normalizedInput.baseUrl
+      },
+      dependencies
+    );
+    reportProgress(`Open ${started.verification_uri} and enter code ${started.user_code}.`);
+    reportProgress("Waiting for GitHub approval...");
+    let intervalSeconds = Math.max(started.interval_seconds, MIN_DEVICE_POLL_INTERVAL_SECONDS);
+    for (; ; ) {
+      await sleep(intervalSeconds * 1e3);
+      const polled = await pollGitHubDeviceFlow(
+        {
+          baseUrl: normalizedInput.baseUrl,
+          requestId: started.request_id
+        },
+        dependencies
+      );
+      if (polled.status === "pending") {
+        intervalSeconds = Math.max(polled.interval_seconds, MIN_DEVICE_POLL_INTERVAL_SECONDS);
+        continue;
+      }
+      if (polled.status === "approved") {
+        const claimed = await claimGitHubDeviceFlow(
+          {
+            baseUrl: normalizedInput.baseUrl,
+            requestId: started.request_id,
+            label: normalizedInput.label
+          },
+          dependencies
+        );
+        return await formatPersistedSuccess(
+          {
+            baseUrl: normalizedInput.baseUrl,
+            bearerToken: claimed.token.plaintext,
+            ...promptedInput.json === void 0 ? {} : { json: promptedInput.json },
+            ...promptedInput.authFilePath === void 0 ? {} : { authFilePath: promptedInput.authFilePath }
+          },
+          { writeAuthState }
+        );
+      }
+      if (polled.status === "claimed") {
+        return {
+          exitCode: 4,
+          output: "GitHub device authorization was already claimed."
+        };
+      }
+      if (polled.status === "denied" || polled.status === "expired" || polled.status === "rejected") {
+        return {
+          exitCode: 4,
+          output: polled.status === "denied" ? "GitHub device authorization was denied." : polled.status === "expired" ? "GitHub device authorization expired." : `GitHub device authorization was rejected: ${polled.reason}`
+        };
+      }
+      return {
+        exitCode: 1,
+        output: "GitHub device authorization returned an unexpected status."
+      };
+    }
+  } catch (error) {
+    if (error instanceof LoginApiError) {
+      return {
+        exitCode: error.status === 400 || error.status === 401 || error.status === 403 || error.status === 409 ? 4 : 1,
+        output: mapApiErrorToMessage(error)
+      };
+    }
+    return {
+      exitCode: 1,
+      output: error instanceof Error ? error.message : String(error)
+    };
+  }
+}
+
 // src/connect-command.ts
 var ProfileNameSchema = external_exports.object({
   project: external_exports.object({
@@ -19068,9 +19636,9 @@ function buildValidationFailureResult(input) {
 }
 async function connectCommand(input, dependencies = {}) {
   const cwd = dependencies.cwd ?? (() => process.cwd());
-  const readFile = dependencies.readFile ?? ((path) => (0, import_promises7.readFile)(path, "utf8"));
-  const stat = dependencies.stat ?? import_promises7.stat;
-  const writeFile = dependencies.writeFile ?? import_promises7.writeFile;
+  const readFile = dependencies.readFile ?? ((path) => (0, import_promises8.readFile)(path, "utf8"));
+  const stat = dependencies.stat ?? import_promises8.stat;
+  const writeFile = dependencies.writeFile ?? import_promises8.writeFile;
   const readAuthState = dependencies.readAuthState ?? ((authInput) => readCliAuthState(authInput));
   const createHttpClient = dependencies.createHttpClient ?? ((clientInput) => {
     const httpClientDependencies = {};
@@ -19081,6 +19649,7 @@ async function connectCommand(input, dependencies = {}) {
   });
   const createProjectApi = dependencies.createProjectManagementApi ?? createProjectManagementApi;
   const createTokenApi = dependencies.createTokenManagementApi ?? createTokenManagementApi;
+  const loginCommand2 = dependencies.loginCommand ?? loginCommand;
   const rootDirectory = cwd();
   const initialChecks = [];
   const profileValidation = await readValidatedProfileName(rootDirectory, { readFile, stat });
@@ -19137,7 +19706,22 @@ async function connectCommand(input, dependencies = {}) {
     message: `Found ${CONNECTION_FILE_PATH}`
   });
   try {
-    const authState = await readAuthState({ ...input.authFilePath === void 0 ? {} : { authFilePath: input.authFilePath } });
+    let authState;
+    try {
+      authState = await readAuthState({ ...input.authFilePath === void 0 ? {} : { authFilePath: input.authFilePath } });
+    } catch (error) {
+      const shouldAttemptInteractiveLogin = error instanceof CliAuthStateError && error.code === "auth_state_missing" && input.json !== true && (dependencies.isInteractiveTerminal ?? isInteractiveTerminal)();
+      if (!shouldAttemptInteractiveLogin) {
+        throw error;
+      }
+      const loginResult = await loginCommand2({
+        ...input.authFilePath === void 0 ? {} : { authFilePath: input.authFilePath }
+      });
+      if (loginResult.exitCode !== 0) {
+        return loginResult;
+      }
+      authState = await readAuthState({ ...input.authFilePath === void 0 ? {} : { authFilePath: input.authFilePath } });
+    }
     const httpClient = createHttpClient({ baseUrl: authState.base_url });
     const projectApi = createProjectApi(httpClient);
     const tokenApi = createTokenApi(httpClient);
@@ -19241,7 +19825,7 @@ async function connectCommand(input, dependencies = {}) {
           message
         }
       ], [
-        exitCode === 2 ? "Run debugbundle login before connecting the project to cloud." : "Resolve the cloud API error and retry debugbundle connect."
+        exitCode === 2 ? "Run debugbundle login to choose an auth flow, or use debugbundle login --github, debugbundle login --github-device, or debugbundle login <dbundle_mem_...> before connecting the project to cloud." : "Resolve the cloud API error and retry debugbundle connect."
       ]) : `DebugBundle connect failed.
 - ${message}`
     };
@@ -19249,7 +19833,7 @@ async function connectCommand(input, dependencies = {}) {
 }
 
 // src/doctor-command.ts
-var import_promises8 = require("node:fs/promises");
+var import_promises9 = require("node:fs/promises");
 var import_node_path10 = require("node:path");
 var ProfileSchema2 = external_exports.object({
   debugbundle: external_exports.object({
@@ -19269,7 +19853,7 @@ var RELAY_SPOOL_DELIVERED_MARKER_SUFFIX2 = ".delivered";
 var RELAY_SPOOL_EVENT_SUFFIX = ".events.json";
 var SUGGESTED_ACTIONS = [
   "Run debugbundle setup if local scaffold files are missing.",
-  "Run debugbundle login to create ~/.debugbundle/auth.json.",
+  "Run debugbundle login to choose an auth flow, or use debugbundle login --github, debugbundle login --github-device, or debugbundle login <dbundle_mem_...> to create ~/.debugbundle/auth.json.",
   "Review .debugbundle/profile.json when architecture changes or the profile becomes stale."
 ];
 async function pathExists3(path, stat) {
@@ -19471,7 +20055,7 @@ async function loadConnection(rootDirectory, dependencies) {
     };
   }
 }
-function normalizeBaseUrl2(baseUrl) {
+function normalizeBaseUrl3(baseUrl) {
   return baseUrl.endsWith("/") ? baseUrl.slice(0, -1) : baseUrl;
 }
 function buildProjectModeCheck(connection) {
@@ -19571,7 +20155,7 @@ async function buildAuthCheck(input, readAuthStateImpl) {
     };
   }
 }
-async function parseResponseBody2(response) {
+async function parseResponseBody3(response) {
   const rawBody = await response.text();
   if (rawBody.length === 0) {
     return null;
@@ -19586,8 +20170,8 @@ async function buildConnectedApiCheck(input) {
   if (input.connection === null || input.connection.mode !== "connected") {
     return null;
   }
-  const connectionBaseUrl = input.connection.cloud_base_url === null ? null : normalizeBaseUrl2(input.connection.cloud_base_url);
-  const authBaseUrl = input.authState === null ? null : normalizeBaseUrl2(input.authState.base_url);
+  const connectionBaseUrl = input.connection.cloud_base_url === null ? null : normalizeBaseUrl3(input.connection.cloud_base_url);
+  const authBaseUrl = input.authState === null ? null : normalizeBaseUrl3(input.authState.base_url);
   const baseUrl = authBaseUrl ?? connectionBaseUrl;
   if (baseUrl === null) {
     return {
@@ -19611,7 +20195,7 @@ async function buildConnectedApiCheck(input) {
       message: `Connected API ${baseUrl} could not be reached: ${error instanceof Error ? error.message : String(error)}`
     };
   }
-  const parsedHealthBody = await parseResponseBody2(healthResponse);
+  const parsedHealthBody = await parseResponseBody3(healthResponse);
   if (healthResponse.status !== 200) {
     return {
       name: "connected-api",
@@ -19649,7 +20233,7 @@ async function buildConnectedApiCheck(input) {
       message: `Connected API ${baseUrl} could not verify member-token auth: ${error instanceof Error ? error.message : String(error)}`
     };
   }
-  const parsedIncidentsBody = await parseResponseBody2(incidentsResponse);
+  const parsedIncidentsBody = await parseResponseBody3(incidentsResponse);
   if (incidentsResponse.status !== 200) {
     return {
       name: "connected-api",
@@ -19732,9 +20316,9 @@ async function doctorCommand(input, dependencies = {}) {
   const now = dependencies.now ?? (() => /* @__PURE__ */ new Date());
   const fetchImpl = dependencies.fetchImpl ?? fetch;
   const readAuthStateImpl = dependencies.readAuthState ?? readCliAuthState;
-  const readdir = dependencies.readdir ?? import_promises8.readdir;
-  const readFile = dependencies.readFile ?? ((filePath) => (0, import_promises8.readFile)(filePath, "utf8"));
-  const stat = dependencies.stat ?? import_promises8.stat;
+  const readdir = dependencies.readdir ?? import_promises9.readdir;
+  const readFile = dependencies.readFile ?? ((filePath) => (0, import_promises9.readFile)(filePath, "utf8"));
+  const stat = dependencies.stat ?? import_promises9.stat;
   const rootDirectory = cwd();
   const currentTime = now();
   const { check: profileCheck, profile } = await loadProfile(rootDirectory, { readFile, stat });
@@ -19765,7 +20349,7 @@ async function doctorCommand(input, dependencies = {}) {
 
 // src/ingest-command.ts
 var import_node_crypto5 = require("node:crypto");
-var import_promises10 = require("node:fs/promises");
+var import_promises11 = require("node:fs/promises");
 var import_node_path12 = require("node:path");
 
 // ../../packages/log-parser/src/project-id.ts
@@ -20085,10 +20669,11 @@ function parseLogFile(content, input) {
 
 // src/process-command.ts
 var import_node_crypto4 = require("node:crypto");
-var import_promises9 = require("node:fs/promises");
+var import_promises10 = require("node:fs/promises");
 var import_node_path11 = require("node:path");
 
 // ../../packages/bundle-engine/src/index.ts
+var DYNAMIC_SEGMENT_PATTERN2 = /^(?:\d+|[0-9a-f]{8}-[0-9a-f-]{27}|[A-Za-z0-9_-]{24,})$/;
 function toIsoTimestamp(value) {
   return new Date(value).toISOString();
 }
@@ -20162,6 +20747,41 @@ function inferSignalTypeFromSourceEventTypes(sourceEventTypes) {
 function extractTopFrames(stack) {
   return stack.split("\n").map((line) => line.trim()).filter((line) => line.startsWith("at ")).slice(0, 3);
 }
+function decodeRouteSegment2(segment) {
+  try {
+    return decodeURIComponent(segment);
+  } catch {
+    return segment.replace(
+      /%([0-9A-Fa-f]{2})/g,
+      (_match, hexByte) => String.fromCharCode(parseInt(hexByte, 16))
+    );
+  }
+}
+function isDynamicRouteSegment2(segment) {
+  if (DYNAMIC_SEGMENT_PATTERN2.test(segment)) {
+    return true;
+  }
+  const decodedSegment = decodeRouteSegment2(segment);
+  if (decodedSegment.includes("/")) {
+    return true;
+  }
+  if (decodedSegment !== segment && DYNAMIC_SEGMENT_PATTERN2.test(decodedSegment)) {
+    return true;
+  }
+  const strippedMalformedPercent = decodedSegment.replace(/%+/g, "");
+  return strippedMalformedPercent !== decodedSegment && DYNAMIC_SEGMENT_PATTERN2.test(strippedMalformedPercent);
+}
+function normalizeRouteTemplate(path) {
+  if (path === null || path.length === 0) {
+    return null;
+  }
+  const pathWithoutQueryOrFragment = path.split(/[?#]/, 1)[0] ?? "";
+  if (pathWithoutQueryOrFragment.length === 0) {
+    return "/";
+  }
+  const normalizedSegments = pathWithoutQueryOrFragment.split("/").filter((segment) => segment.length > 0).map((segment) => isDynamicRouteSegment2(segment) ? "{param}" : segment);
+  return normalizedSegments.length === 0 ? "/" : `/${normalizedSegments.join("/")}`;
+}
 function deriveFirstApplicationFrame(errorContext) {
   const firstFrame = errorContext?.top_frames[0];
   if (firstFrame === void 0) {
@@ -20255,13 +20875,135 @@ function buildRequestContext(envelopes) {
     version: 1,
     method: exceptionEvent.payload.request.method,
     path: exceptionEvent.payload.request.path,
-    route_template: null,
+    route_template: normalizeRouteTemplate(exceptionEvent.payload.request.path),
     query: exceptionEvent.payload.request.query,
     headers: exceptionEvent.payload.request.headers,
     body: exceptionEvent.payload.request.body ?? null,
     request_id: exceptionEvent.correlation?.request_id ?? null
   };
 }
+function titleCaseWord(value) {
+  if (value.toLowerCase() === "github") {
+    return "GitHub";
+  }
+  if (value.toLowerCase() === "api") {
+    return "API";
+  }
+  return `${value.slice(0, 1).toUpperCase()}${value.slice(1)}`;
+}
+function formatDependencyName(name) {
+  return name.split("_").filter((part) => part.length > 0).map(titleCaseWord).join(" ");
+}
+function inferDependencyName(text) {
+  const match = /\b([a-z][a-z0-9]*_api)_(?:invalid_response|error|failure|failed|unavailable|timeout)\b/.exec(text);
+  return match?.[1] ?? null;
+}
+function buildDependenciesContext(incident, errorContext, requestContext) {
+  if (errorContext === null) {
+    return null;
+  }
+  const text = `${incident.title} ${errorContext.name} ${errorContext.message}`.toLowerCase();
+  const dependencyName = inferDependencyName(text);
+  if (dependencyName === null) {
+    return null;
+  }
+  const displayName = formatDependencyName(dependencyName);
+  const route = requestContext?.route_template ?? requestContext?.path ?? null;
+  const requestDescription = requestContext !== null ? `${requestContext.method} ${route ?? requestContext.path}` : "the failing request";
+  const invalidResponse = text.includes("invalid_response");
+  return {
+    version: 1,
+    items: [
+      {
+        name: dependencyName,
+        status: "failed",
+        notes: invalidResponse ? `${displayName} returned an unexpected response shape while handling ${requestDescription}.` : `${displayName} failed while handling ${requestDescription}.`
+      }
+    ]
+  };
+}
+function buildSummaryGuidance(input) {
+  if (input.errorContext === null) {
+    return {
+      likely_cause: null,
+      confidence: 0,
+      recommended_action: null
+    };
+  }
+  const route = input.requestContext?.route_template ?? input.requestContext?.path ?? null;
+  const requestDescription = input.requestContext !== null ? `${input.requestContext.method} ${route ?? input.requestContext.path}` : null;
+  const firstDependency = input.dependenciesContext?.items[0] ?? null;
+  const dependencyDisplayName = firstDependency !== null ? formatDependencyName(firstDependency.name) : null;
+  const firstFrame = input.firstApplicationFrame;
+  const frameDescription = firstFrame?.file !== null && firstFrame?.file !== void 0 ? ` in ${firstFrame.file}` : "";
+  const invalidResponse = input.errorContext.message.toLowerCase().includes("invalid_response");
+  let likelyCause = null;
+  let recommendedAction = null;
+  if (firstDependency !== null && dependencyDisplayName !== null && requestDescription !== null && invalidResponse) {
+    likelyCause = `${dependencyDisplayName} returned a response that did not match the expected schema while handling ${requestDescription}.`;
+    recommendedAction = `Inspect the ${dependencyDisplayName} response handling${frameDescription}, including schema validation and sanitized upstream response shape.`;
+  } else if (firstDependency !== null && dependencyDisplayName !== null && requestDescription !== null) {
+    likelyCause = `${dependencyDisplayName} failed while handling ${requestDescription}.`;
+    recommendedAction = `Inspect the ${dependencyDisplayName} call path${frameDescription} and compare the captured dependency notes with upstream status.`;
+  } else if (requestDescription !== null) {
+    likelyCause = `${input.errorContext.name} occurred while handling ${requestDescription}${frameDescription}.`;
+    recommendedAction = `Inspect the first application frame${frameDescription} and the captured request/response context.`;
+  } else if (firstFrame !== null) {
+    likelyCause = `${input.errorContext.name} originated from the first captured application frame${frameDescription}.`;
+    recommendedAction = `Inspect the first application frame${frameDescription} and surrounding error handling.`;
+  }
+  if (likelyCause === null || recommendedAction === null) {
+    return {
+      likely_cause: null,
+      confidence: 0,
+      recommended_action: null
+    };
+  }
+  let confidence = 0.25;
+  if (input.requestContext !== null) confidence += 0.15;
+  if (input.responseContext !== null) confidence += 0.1;
+  if (firstFrame !== null && firstFrame.file !== null) confidence += 0.1;
+  if (firstDependency !== null) confidence += 0.1;
+  if (input.errorContext.message.length > 0) confidence += 0.05;
+  return {
+    likely_cause: likelyCause,
+    confidence: Math.min(0.8, Number(confidence.toFixed(2))),
+    recommended_action: recommendedAction
+  };
+}
+function normalizeBaseUrl4(value) {
+  const trimmed = value?.trim();
+  if (trimmed === void 0 || trimmed.length === 0) {
+    return null;
+  }
+  return trimmed.replace(/\/+$/, "");
+}
+function buildLinks(incident, linkBaseUrls) {
+  const apiBaseUrl = normalizeBaseUrl4(linkBaseUrls?.api);
+  const appBaseUrl = normalizeBaseUrl4(linkBaseUrls?.app);
+  const docsBaseUrl = normalizeBaseUrl4(linkBaseUrls?.docs);
+  const incidentPath = `/v1/incidents/${encodeURIComponent(incident.incident_id)}`;
+  const appIncidentPath = `/incidents/${encodeURIComponent(incident.incident_id)}`;
+  const appProjectPath = `/projects/${encodeURIComponent(incident.project_id)}`;
+  return {
+    self: apiBaseUrl !== null ? `${apiBaseUrl}${incidentPath}/bundle` : null,
+    reproduction: apiBaseUrl !== null ? `${apiBaseUrl}${incidentPath}/reproduction` : null,
+    incident: appBaseUrl !== null ? `${appBaseUrl}${appIncidentPath}` : null,
+    project: appBaseUrl !== null ? `${appBaseUrl}${appProjectPath}` : null,
+    docs: docsBaseUrl !== null ? `${docsBaseUrl}/bundles` : null
+  };
+}
+function applyBundleRedaction(candidate) {
+  const redactionResult = redact(candidate);
+  const fields = [...new Set(redactionResult.redacted_fields)].sort();
+  const redactedBundle = redactionResult.redacted;
+  redactedBundle["redaction"] = {
+    redacted: true,
+    fields,
+    notes: fields.length > 0 ? "Sensitive bundle fields were redacted before storage." : null
+  };
+  return redactedBundle;
+}
 function buildResponseContext(envelopes) {
   const requestEvent = selectLatestEnvelopeByType(envelopes, isRequestEventEnvelope);
   if (requestEvent !== null) {
@@ -20394,17 +21136,31 @@ function buildFrontendContext(envelopes) {
     dom_context: domContext
   };
 }
-function buildDeployContext(envelopes, trigger) {
+function buildDeployContext(envelopes, trigger, configuredDeploy) {
   const envelope = selectLatestEnvelopeByType(envelopes, isDeployMetadataEnvelope);
-  if (envelope === null) {
+  if (envelope !== null) {
+    return {
+      version: 1,
+      commit_sha: envelope.payload.commit_sha,
+      deploy_version: envelope.payload.version,
+      branch: envelope.payload.branch,
+      deployed_at: toIsoTimestamp(envelope.payload.deployed_at),
+      regression_window: trigger === "regression_reopen"
+    };
+  }
+  const commitSha = configuredDeploy?.commit_sha ?? null;
+  const deployVersion = configuredDeploy?.deploy_version ?? null;
+  const branch = configuredDeploy?.branch ?? null;
+  const deployedAt = configuredDeploy?.deployed_at ?? null;
+  if (commitSha === null && deployVersion === null && branch === null && deployedAt === null) {
     return null;
   }
   return {
     version: 1,
-    commit_sha: envelope.payload.commit_sha,
-    deploy_version: envelope.payload.version,
-    branch: envelope.payload.branch,
-    deployed_at: toIsoTimestamp(envelope.payload.deployed_at),
+    commit_sha: commitSha,
+    deploy_version: deployVersion,
+    branch,
+    deployed_at: deployedAt === null ? null : toIsoTimestamp(deployedAt),
     regression_window: trigger === "regression_reopen"
   };
 }
@@ -20413,34 +21169,49 @@ function buildRuntimeContext(envelopes) {
   if (backendException === null) {
     return null;
   }
+  const runtime = backendException.payload.runtime;
   return {
     version: 1,
     name: backendException.service.runtime ?? "unknown",
-    runtime_version: backendException.payload.runtime.version,
-    platform: null,
-    arch: null,
-    pid: null,
-    cwd: null,
-    uptime_sec: null,
-    hostname: null,
-    thread_id: null,
+    runtime_version: runtime.version,
+    platform: runtime.platform ?? null,
+    arch: runtime.arch ?? null,
+    pid: runtime.pid ?? null,
+    cwd: runtime.cwd ?? null,
+    uptime_sec: runtime.uptime_sec ?? null,
+    hostname: runtime.hostname ?? null,
+    thread_id: runtime.thread_id ?? null,
     framework: backendException.service.framework ?? null,
-    framework_version: null,
-    memory: null,
-    framework_extras: null
+    framework_version: runtime.framework_version ?? null,
+    memory: runtime.memory ?? null,
+    framework_extras: runtime.framework_extras ?? null
   };
 }
-function buildGitContext(envelopes) {
+function buildGitContext(envelopes, configuredDeploy) {
   const deployEnvelope = selectLatestEnvelopeByType(envelopes, isDeployMetadataEnvelope);
   if (deployEnvelope === null) {
-    return null;
+    const commit = configuredDeploy?.commit_sha ?? null;
+    const branch = configuredDeploy?.branch ?? null;
+    const repo = configuredDeploy?.repo ?? null;
+    if (commit === null && branch === null && repo === null) {
+      return null;
+    }
+    return {
+      version: 1,
+      commit,
+      commit_short: commit === null ? null : commit.slice(0, 7),
+      branch,
+      repo,
+      dirty: false,
+      source: "env"
+    };
   }
   return {
     version: 1,
     commit: deployEnvelope.payload.commit_sha,
     commit_short: deployEnvelope.payload.commit_sha.slice(0, 7),
     branch: deployEnvelope.payload.branch,
-    repo: null,
+    repo: configuredDeploy?.repo ?? null,
     dirty: false,
     source: "env"
   };
@@ -20483,10 +21254,11 @@ function buildBundle(input) {
   const responseContext = buildResponseContext(sourceEnvelopes);
   const logsContext = buildLogsContext(sourceEnvelopes);
   const frontendContext = buildFrontendContext(sourceEnvelopes);
-  const deployContext = buildDeployContext(sourceEnvelopes, input.job.trigger);
+  const deployContext = buildDeployContext(sourceEnvelopes, input.job.trigger, input.configuredDeploy);
   const runtimeContext = buildRuntimeContext(sourceEnvelopes);
-  const gitContext = buildGitContext(sourceEnvelopes);
+  const gitContext = buildGitContext(sourceEnvelopes, input.configuredDeploy);
   const deviceContext = buildDeviceContext(sourceEnvelopes);
+  const dependenciesContext = buildDependenciesContext(input.incident, errorContext, requestContext);
   const primarySignalType = primarySignalEnvelope !== null ? mapSignalType(primarySignalEnvelope.event_type) : inferSignalTypeFromSourceEventTypes(sourceEventTypes);
   const primarySourceEvent = errorContext?.name ?? sourceEventTypes[0] ?? "backend_exception";
   const firstSeenAt = new Date(input.incident.first_seen_at).toISOString();
@@ -20495,7 +21267,15 @@ function buildBundle(input) {
   const serviceRuntime = input.incident.service_runtime ?? selectLatestEnvelope(sourceEnvelopes, (envelope) => envelope.event_type !== "probe_event")?.service.runtime ?? null;
   const serviceFramework = input.incident.service_framework ?? selectLatestEnvelope(sourceEnvelopes, (envelope) => envelope.event_type !== "probe_event")?.service.framework ?? null;
   const customerVisible = frontendContext !== null;
-  return BundleV1Schema.parse({
+  const firstApplicationFrame = deriveFirstApplicationFrame(errorContext);
+  const summaryGuidance = buildSummaryGuidance({
+    errorContext,
+    requestContext,
+    responseContext,
+    dependenciesContext,
+    firstApplicationFrame
+  });
+  const candidate = {
     bundle_version: 1,
     bundle_id: `bnd_${input.incident.incident_id}`,
     bundle_type: "failure",
@@ -20530,13 +21310,13 @@ function buildBundle(input) {
     summary: {
       title: input.incident.title,
       description: `Deterministic bundle generated from ${input.job.trigger}`,
-      likely_cause: null,
-      confidence: 0,
-      recommended_action: null,
+      likely_cause: summaryGuidance.likely_cause,
+      confidence: summaryGuidance.confidence,
+      recommended_action: summaryGuidance.recommended_action,
       severity: input.incident.severity,
       error_type: primarySourceEvent,
       error_message: errorContext?.message ?? input.incident.title,
-      first_application_frame: deriveFirstApplicationFrame(errorContext),
+      first_application_frame: firstApplicationFrame,
       primary_signal: primarySignalType,
       signals: {
         new_deploy: input.job.trigger === "deploy_metadata",
@@ -20561,7 +21341,7 @@ function buildBundle(input) {
       deploy: deployContext,
       runtime: runtimeContext,
       git: gitContext,
-      dependencies: null,
+      dependencies: dependenciesContext,
       probe_data: {
         version: 1,
         items: input.probeDataItems
@@ -20582,11 +21362,7 @@ function buildBundle(input) {
       production_verified: false
     },
     links: {
-      self: null,
-      reproduction: null,
-      incident: null,
-      project: null,
-      docs: null
+      ...buildLinks(input.incident, input.linkBaseUrls)
     },
     redaction: {
       redacted: true,
@@ -20599,7 +21375,8 @@ function buildBundle(input) {
       generator_version: "worker-build-bundle-v2",
       generation_number: input.bundleMetadata.generation_number
     }
-  });
+  };
+  return BundleV1Schema.parse(applyBundleRedaction(candidate));
 }
 
 // ../../packages/repro-engine/src/index.ts
@@ -20619,6 +21396,44 @@ function shellQuote(value) {
 function sortRecordEntries(record) {
   return Object.entries(record).sort(([left], [right]) => left.localeCompare(right));
 }
+var REPLAY_HEADER_PRIORITY = [
+  "authorization",
+  "cookie",
+  "accept",
+  "content-type",
+  "origin",
+  "accept-language",
+  "access-control-request-method",
+  "access-control-request-headers",
+  "x-request-id",
+  "x-correlation-id",
+  "x-debugbundle-trace-id"
+];
+var DROPPED_REPLAY_HEADERS = /* @__PURE__ */ new Set([
+  "host",
+  "x-forwarded-host",
+  "x-forwarded-proto",
+  "connection",
+  "keep-alive",
+  "transfer-encoding",
+  "upgrade",
+  "te",
+  "trailer",
+  "proxy-connection",
+  "accept-encoding",
+  "content-length",
+  "cache-control",
+  "pragma",
+  "priority",
+  "sec-ch-ua",
+  "sec-ch-ua-mobile",
+  "sec-ch-ua-platform",
+  "sec-fetch-dest",
+  "sec-fetch-mode",
+  "sec-fetch-site",
+  "sec-fetch-user",
+  "user-agent"
+]);
 function serializeScalarValue(value) {
   if (typeof value === "string") {
     return value;
@@ -20697,12 +21512,25 @@ function buildStructuredReplayQuery(query) {
   return hasStructuredQueryAmbiguity(normalizedQuery) ? normalizedQuery : void 0;
 }
 function buildReplayHeaders(headers) {
-  return Object.fromEntries(
-    sortRecordEntries(headers).filter(([headerName]) => !["host", "x-forwarded-host", "x-forwarded-proto"].includes(headerName.toLowerCase())).map(([headerName, headerValue]) => [headerName, normalizeHeaderValue(headerValue)])
-  );
+  const entries = sortRecordEntries(headers).filter(([headerName]) => !DROPPED_REPLAY_HEADERS.has(headerName.toLowerCase())).map(([headerName, headerValue]) => [headerName, normalizeHeaderValue(headerValue)]);
+  entries.sort(([left], [right]) => {
+    const leftPriority = REPLAY_HEADER_PRIORITY.indexOf(left.toLowerCase());
+    const rightPriority = REPLAY_HEADER_PRIORITY.indexOf(right.toLowerCase());
+    if (leftPriority !== -1 || rightPriority !== -1) {
+      if (leftPriority === -1) {
+        return 1;
+      }
+      if (rightPriority === -1) {
+        return -1;
+      }
+      return leftPriority - rightPriority;
+    }
+    return left.localeCompare(right);
+  });
+  return Object.fromEntries(entries);
 }
 function expandHeaderValues(headers) {
-  return sortRecordEntries(headers).flatMap(([headerName, headerValue]) => {
+  return Object.entries(headers).flatMap(([headerName, headerValue]) => {
     if (Array.isArray(headerValue)) {
       return headerValue.map((item) => [headerName, serializeScalarValue(item)]);
     }
@@ -21211,11 +22039,11 @@ function serializeState(state) {
 }
 async function processCommand(input, dependencies = {}) {
   const cwd = dependencies.cwd ?? (() => process.cwd());
-  const mkdir = dependencies.mkdir ?? import_promises9.mkdir;
-  const readFile = dependencies.readFile ?? ((filePath) => (0, import_promises9.readFile)(filePath, "utf8"));
-  const readdir = dependencies.readdir ?? import_promises9.readdir;
-  const stat = dependencies.stat ?? import_promises9.stat;
-  const writeFile = dependencies.writeFile ?? ((filePath, content) => (0, import_promises9.writeFile)(filePath, content, "utf8"));
+  const mkdir = dependencies.mkdir ?? import_promises10.mkdir;
+  const readFile = dependencies.readFile ?? ((filePath) => (0, import_promises10.readFile)(filePath, "utf8"));
+  const readdir = dependencies.readdir ?? import_promises10.readdir;
+  const stat = dependencies.stat ?? import_promises10.stat;
+  const writeFile = dependencies.writeFile ?? ((filePath, content) => (0, import_promises10.writeFile)(filePath, content, "utf8"));
   const rootDirectory = cwd();
   const eventsDirectoryPath = (0, import_node_path11.join)(rootDirectory, LOCAL_EVENTS_DIRECTORY_PATH2);
   const statePath = (0, import_node_path11.join)(rootDirectory, LOCAL_STATE_FILE_PATH);
@@ -21495,11 +22323,11 @@ async function ingestCommand(input, dependencies = {}) {
     };
   }
   const cwd = dependencies.cwd ?? (() => process.cwd());
-  const mkdir = dependencies.mkdir ?? (async (path, options) => (0, import_promises10.mkdir)(path, options));
+  const mkdir = dependencies.mkdir ?? (async (path, options) => (0, import_promises11.mkdir)(path, options));
   const processLocalEvents = dependencies.processCommand ?? processCommand;
-  const readFile = dependencies.readFile ?? (async (path) => (0, import_promises10.readFile)(path, "utf8"));
-  const rename = dependencies.rename ?? (async (sourcePath, destinationPath) => (0, import_promises10.rename)(sourcePath, destinationPath));
-  const writeFile = dependencies.writeFile ?? (async (path, content) => (0, import_promises10.writeFile)(path, content, "utf8"));
+  const readFile = dependencies.readFile ?? (async (path) => (0, import_promises11.readFile)(path, "utf8"));
+  const rename = dependencies.rename ?? (async (sourcePath, destinationPath) => (0, import_promises11.rename)(sourcePath, destinationPath));
+  const writeFile = dependencies.writeFile ?? (async (path, content) => (0, import_promises11.writeFile)(path, content, "utf8"));
   try {
     const rootDirectory = cwd();
     const profile = await readProfile(rootDirectory, readFile);
@@ -21556,14 +22384,14 @@ async function ingestCommand(input, dependencies = {}) {
 }
 
 // src/watch-command.ts
-var import_promises11 = require("node:fs/promises");
+var import_promises12 = require("node:fs/promises");
 var import_node_path13 = require("node:path");
-function normalizeBaseUrl3(baseUrl) {
+function normalizeBaseUrl5(baseUrl) {
   return baseUrl.endsWith("/") ? baseUrl.slice(0, -1) : baseUrl;
 }
 async function sendEventsToApi(input, dependencies) {
   const fetchImpl = dependencies?.fetchImpl ?? fetch;
-  const response = await fetchImpl(`${normalizeBaseUrl3(input.baseUrl)}/v1/events`, {
+  const response = await fetchImpl(`${normalizeBaseUrl5(input.baseUrl)}/v1/events`, {
     method: "POST",
     headers: {
       accept: "application/json",
@@ -21600,18 +22428,18 @@ async function watchCommand(input, dependencies = {}) {
     };
   }
   const cwd = dependencies.cwd ?? (() => process.cwd());
-  const mkdir = dependencies.mkdir ?? (async (path, options) => (0, import_promises11.mkdir)(path, options));
+  const mkdir = dependencies.mkdir ?? (async (path, options) => (0, import_promises12.mkdir)(path, options));
   const pollIntervalMs = dependencies.pollIntervalMs ?? 1e3;
   const processLocalEvents = dependencies.processCommand ?? processCommand;
-  const readFile = dependencies.readFile ?? (async (path) => (0, import_promises11.readFile)(path));
+  const readFile = dependencies.readFile ?? (async (path) => (0, import_promises12.readFile)(path));
   const readEnv = dependencies.readEnv ?? ((name) => process.env[name]);
-  const rename = dependencies.rename ?? (async (sourcePath, destinationPath) => (0, import_promises11.rename)(sourcePath, destinationPath));
+  const rename = dependencies.rename ?? (async (sourcePath, destinationPath) => (0, import_promises12.rename)(sourcePath, destinationPath));
   const fetchDependencies = dependencies.fetchImpl === void 0 ? void 0 : { fetchImpl: dependencies.fetchImpl };
   const sendEvents = dependencies.sendEvents ?? ((requestInput) => sendEventsToApi(requestInput, fetchDependencies));
   const signal = dependencies.signal;
   const sleep = dependencies.sleep ?? (async (milliseconds) => new Promise((resolve) => setTimeout(resolve, milliseconds)));
-  const stat = dependencies.stat ?? import_promises11.stat;
-  const writeFile = dependencies.writeFile ?? (async (path, content) => (0, import_promises11.writeFile)(path, content, "utf8"));
+  const stat = dependencies.stat ?? import_promises12.stat;
+  const writeFile = dependencies.writeFile ?? (async (path, content) => (0, import_promises12.writeFile)(path, content, "utf8"));
   try {
     const rootDirectory = cwd();
     const profile = await readProfile(rootDirectory, async (path) => (await readFile(path)).toString("utf8"));
@@ -21733,7 +22561,7 @@ async function watchCommand(input, dependencies = {}) {
 }
 
 // src/setup-command.ts
-var import_promises12 = require("node:fs/promises");
+var import_promises13 = require("node:fs/promises");
 var import_node_path14 = require("node:path");
 var MANAGED_AGENTS_START = "<!-- debugbundle:start -->";
 var MANAGED_AGENTS_END = "<!-- debugbundle:end -->";
@@ -22280,13 +23108,13 @@ async function buildProfile(rootDirectory, dependencies) {
 async function setupCommand(input, dependencies = {}) {
   const cwd = dependencies.cwd ?? (() => process.cwd());
   const mkdir = dependencies.mkdir ?? (async (path, options) => {
-    await (0, import_promises12.mkdir)(path, options);
+    await (0, import_promises13.mkdir)(path, options);
   });
-  const readFile = dependencies.readFile ?? (async (path) => (0, import_promises12.readFile)(path, "utf8"));
-  const readdir = dependencies.readdir ?? (async (path) => (0, import_promises12.readdir)(path));
-  const remove = dependencies.remove ?? (async (path, options) => (0, import_promises12.rm)(path, options));
-  const stat = dependencies.stat ?? (async (path) => (0, import_promises12.stat)(path));
-  const writeFile = dependencies.writeFile ?? (async (path, content) => (0, import_promises12.writeFile)(path, content, "utf8"));
+  const readFile = dependencies.readFile ?? (async (path) => (0, import_promises13.readFile)(path, "utf8"));
+  const readdir = dependencies.readdir ?? (async (path) => (0, import_promises13.readdir)(path));
+  const remove = dependencies.remove ?? (async (path, options) => (0, import_promises13.rm)(path, options));
+  const stat = dependencies.stat ?? (async (path) => (0, import_promises13.stat)(path));
+  const writeFile = dependencies.writeFile ?? (async (path, content) => (0, import_promises13.writeFile)(path, content, "utf8"));
   const now = dependencies.now ?? (() => /* @__PURE__ */ new Date());
   const rootDirectory = cwd();
   const packageJson = await readJsonFile2((0, import_node_path14.join)(rootDirectory, "package.json"), readFile);
@@ -22387,66 +23215,6 @@ async function setupCommand(input, dependencies = {}) {
   }
 }
 
-// src/login-command.ts
-var LoginCommandInputSchema = external_exports.object({
-  bearerToken: external_exports.string().trim().min(1),
-  baseUrl: external_exports.string().url().default("https://api.debugbundle.com")
-});
-function formatLoginOutput(authState, authFilePath) {
-  return [
-    "Authenticated: yes",
-    `Base URL: ${authState.base_url}`,
-    `Auth File: ${authFilePath}`,
-    `Token: ${buildTokenPreview(authState.bearer_token)}`
-  ].join("\n");
-}
-function validateMemberToken(token) {
-  return token.startsWith("dbundle_mem_");
-}
-async function loginCommand(input, dependencies) {
-  const parsedInput = LoginCommandInputSchema.safeParse({
-    bearerToken: input.bearerToken,
-    baseUrl: input.baseUrl ?? "https://api.debugbundle.com"
-  });
-  if (!parsedInput.success || !validateMemberToken(parsedInput.data.bearerToken)) {
-    return {
-      exitCode: 4,
-      output: "Invalid member token."
-    };
-  }
-  const authState = {
-    bearer_token: parsedInput.data.bearerToken,
-    base_url: parsedInput.data.baseUrl
-  };
-  const writeAuthState = dependencies?.writeAuthState ?? persistCliAuthState;
-  try {
-    const writeInput = {
-      authState
-    };
-    if (input.authFilePath !== void 0) {
-      writeInput.authFilePath = input.authFilePath;
-    }
-    const persistedPath = await writeAuthState(writeInput) ?? (input.authFilePath ?? "");
-    const payload = {
-      authenticated: true,
-      auth: {
-        base_url: authState.base_url,
-        token_preview: buildTokenPreview(authState.bearer_token)
-      },
-      auth_file_path: persistedPath
-    };
-    return {
-      exitCode: 0,
-      output: input.json ? JSON.stringify(payload) : formatLoginOutput(authState, payload.auth_file_path)
-    };
-  } catch (error) {
-    return {
-      exitCode: 1,
-      output: error instanceof Error ? error.message : String(error)
-    };
-  }
-}
-
 // src/profile-command.ts
 function formatProfileValidationErrors(errors) {
   return [
@@ -23350,7 +24118,7 @@ async function listServicesWithAuthCommand(input, dependencies) {
 }
 
 // src/verify-command.ts
-var import_promises13 = require("node:fs/promises");
+var import_promises14 = require("node:fs/promises");
 var import_node_path15 = require("node:path");
 function resolveOverallStatus2(checks) {
   if (checks.some((check) => check.status === "error" || check.status === "missing")) {
@@ -23423,7 +24191,7 @@ function buildCloudSuggestedActions(status, incidentId, mode = "passive_recent_i
     ];
   }
   return [
-    "Run debugbundle login to create ~/.debugbundle/auth.json before verifying cloud traffic.",
+    "Run debugbundle login to choose an auth flow, or use debugbundle login --github, debugbundle login --github-device, or debugbundle login <dbundle_mem_...> to create ~/.debugbundle/auth.json before verifying cloud traffic.",
     "Generate a live cloud request, then re-run debugbundle verify cloud with the correct project and service filters."
   ];
 }
@@ -23608,14 +24376,14 @@ async function writeVerificationEventBatch(input, dependencies) {
 async function verifyLocalCommand(input, dependencies = {}) {
   const cwd = dependencies.cwd ?? (() => process.cwd());
   const mkdir = dependencies.mkdir ?? (async (path, options) => {
-    await (0, import_promises13.mkdir)(path, options);
+    await (0, import_promises14.mkdir)(path, options);
   });
   const now = dependencies.now ?? (() => /* @__PURE__ */ new Date());
   const processLocal = dependencies.processCommand ?? processCommand;
   const readVerifiedLocalState = dependencies.readLocalState ?? readLocalState;
   const readVerifiedLocalBundle = dependencies.getLocalBundle ?? getLocalBundle;
-  const rename = dependencies.rename ?? (async (sourcePath, destinationPath) => (0, import_promises13.rename)(sourcePath, destinationPath));
-  const writeFile = dependencies.writeFile ?? (async (path, content) => (0, import_promises13.writeFile)(path, content, "utf8"));
+  const rename = dependencies.rename ?? (async (sourcePath, destinationPath) => (0, import_promises14.rename)(sourcePath, destinationPath));
+  const writeFile = dependencies.writeFile ?? (async (path, content) => (0, import_promises14.writeFile)(path, content, "utf8"));
   const checks = [];
   function finalize(exitCode, errors, incidentId) {
     return formatResult(input, exitCode, checks, errors, incidentId);
@@ -23636,7 +24404,7 @@ async function verifyLocalCommand(input, dependencies = {}) {
   });
   try {
     const rootDirectory = cwd();
-    const profile = await readProfile(rootDirectory, async (path) => (0, import_promises13.readFile)(path, "utf8"));
+    const profile = await readProfile(rootDirectory, async (path) => (0, import_promises14.readFile)(path, "utf8"));
     const projectId = buildProjectId(profile);
     const verificationNow = now();
     const runId = verificationNow.toISOString().replace(/[-:.TZ]/g, "").slice(0, 14);
@@ -24095,7 +24863,11 @@ var CLI_USAGE_LINES = [
   "  debugbundle verify local [--json]",
   "  debugbundle verify cloud --project-id <id> [--trigger-5xx] [--service <name>] [--environment <name>] [--max-age-minutes <n>] [--auth-file <path>] [--json]",
   "  debugbundle smoke --project-id <id> [--service <name>] [--environment <name>] [--max-age-minutes <n>] [--auth-file <path>] [--json]",
+  "  debugbundle login [--base-url <url>] [--auth-file <path>] [--json]",
   "  debugbundle login <member-token> [--base-url <url>] [--auth-file <path>] [--json]",
+  "  debugbundle login --github [--label <label>] [--base-url <url>] [--auth-file <path>] [--json]",
+  "  debugbundle login --github-cli [--label <label>] [--base-url <url>] [--auth-file <path>] [--json]",
+  "  debugbundle login --github-device [--label <label>] [--base-url <url>] [--auth-file <path>] [--json]",
   "  debugbundle profile validate [--json]",
   "  debugbundle whoami [--auth-file <path>] [--json]",
   "  debugbundle incidents [--source <local|cloud>] [--project-id <id>] [--environment <name>] [--service <name>] [--status <status>] [--severity <severity>] [--cursor <cursor>] [--limit <n>] [--auth-file <path>] [--json]",
@@ -24132,7 +24904,7 @@ var CLI_USAGE_LINES = [
   "  debugbundle token member create --label <label> [--auth-file <path>] [--json]",
   "  debugbundle token member revoke <token-id> [--auth-file <path>] [--json]",
   "  debugbundle alert list --project-id <id> [--limit <n>] [--auth-file <path>] [--json]",
-  "  debugbundle alert create --project-id <id> --channel <channel> --condition <condition> [--service-id <id>] [--severity-min <level>] [--config-json <json>] [--is-enabled <true|false>] [--auth-file <path>] [--json]",
+  "  debugbundle alert create --project-id <id> --channel <channel> --condition <condition> [--service-id <id>] [--severity-min <level>] --config-json <json> [--is-enabled <true|false>] [--auth-file <path>] [--json]",
   "  debugbundle alert update <alert-id> [--service-id <id|null>] [--channel <channel>] [--condition <condition>] [--severity-min <level|null>] [--config-json <json|null>] [--is-enabled <true|false>] [--auth-file <path>] [--json]",
   "  debugbundle alert delete <alert-id> [--auth-file <path>] [--json]",
   "  debugbundle webhook list --project-id <id> [--limit <n>] [--auth-file <path>] [--json]",
@@ -24163,7 +24935,7 @@ function formatUsage() {
 }
 
 // src/validate-command.ts
-var import_promises14 = require("node:fs/promises");
+var import_promises15 = require("node:fs/promises");
 var import_node_path16 = require("node:path");
 var SUGGESTED_ACTIONS2 = [
   "Run debugbundle setup if .debugbundle/profile.json is missing.",
@@ -24306,11 +25078,11 @@ ${managedSection}
 async function validateCommand(input, dependencies = {}) {
   const cwd = dependencies.cwd ?? (() => process.cwd());
   const mkdir = dependencies.mkdir ?? (async (path, options) => {
-    await (0, import_promises14.mkdir)(path, options);
+    await (0, import_promises15.mkdir)(path, options);
   });
-  const readFile = dependencies.readFile ?? ((filePath) => (0, import_promises14.readFile)(filePath, "utf8"));
-  const stat = dependencies.stat ?? import_promises14.stat;
-  const writeFile = dependencies.writeFile ?? (async (filePath, content) => (0, import_promises14.writeFile)(filePath, content, "utf8"));
+  const readFile = dependencies.readFile ?? ((filePath) => (0, import_promises15.readFile)(filePath, "utf8"));
+  const stat = dependencies.stat ?? import_promises15.stat;
+  const writeFile = dependencies.writeFile ?? (async (filePath, content) => (0, import_promises15.writeFile)(filePath, content, "utf8"));
   const rootDirectory = cwd();
   const profileValidation = await validateProfile(rootDirectory, { readFile, stat });
   const checks = [
@@ -24419,7 +25191,7 @@ function parseArgv(argv) {
       positionals.push(token);
       continue;
     }
-    if (token === "--fix" || token === "--json" || token === "--check-relay" || token === "--privacy" || token === "--help" || token === "--non-interactive" || token === "--local" || token === "--cloud" || token === "--events" || token === "--bundles" || token === "--all" || token === "--trigger-5xx") {
+    if (token === "--fix" || token === "--json" || token === "--check-relay" || token === "--privacy" || token === "--help" || token === "--non-interactive" || token === "--local" || token === "--cloud" || token === "--events" || token === "--bundles" || token === "--all" || token === "--trigger-5xx" || token === "--github" || token === "--github-cli" || token === "--github-device") {
       options.set(token.slice(2), true);
       continue;
     }
@@ -24660,7 +25432,8 @@ async function createAlertCommand(input, api) {
       bearerToken: input.bearerToken,
       projectId: input.projectId,
       channel: input.channel,
-      conditionType: input.conditionType
+      conditionType: input.conditionType,
+      config: input.config
     };
     if (input.serviceId !== void 0) {
       requestInput.serviceId = input.serviceId;
@@ -24668,9 +25441,6 @@ async function createAlertCommand(input, api) {
     if (input.severityMin !== void 0) {
       requestInput.severityMin = input.severityMin;
     }
-    if (input.config !== void 0) {
-      requestInput.config = input.config;
-    }
     if (input.isEnabled !== void 0) {
       requestInput.isEnabled = input.isEnabled;
     }
@@ -24692,7 +25462,8 @@ async function createAlertWithAuthCommand(input, dependencies) {
         bearerToken: authState.bearer_token,
         projectId: input.projectId,
         channel: input.channel,
-        conditionType: input.conditionType
+        conditionType: input.conditionType,
+        config: input.config
       };
       if (input.serviceId !== void 0) {
         commandInput.serviceId = input.serviceId;
@@ -24700,9 +25471,6 @@ async function createAlertWithAuthCommand(input, dependencies) {
       if (input.severityMin !== void 0) {
         commandInput.severityMin = input.severityMin;
       }
-      if (input.config !== void 0) {
-        commandInput.config = input.config;
-      }
       if (input.isEnabled !== void 0) {
         commandInput.isEnabled = input.isEnabled;
       }
@@ -27701,9 +28469,10 @@ async function handleAlertCommand(parsedArgv, dependencies) {
       input.severityMin = severityMin;
     }
     const config = readJsonOption(parsedArgv, "config-json");
-    if (config !== void 0) {
-      input.config = config;
+    if (config === void 0 || typeof config !== "object" || config === null) {
+      throw new CliInputError("Missing required option --config-json.");
     }
+    input.config = config;
     const isEnabled = readBooleanStringOption(parsedArgv, "is-enabled");
     if (isEnabled !== void 0) {
       input.isEnabled = isEnabled;
@@ -28082,15 +28851,30 @@ ${formatUsage()}`
       return await (dependencies.smokeCommand ?? smokeCommand)(input);
     }
     if (command === "login") {
-      expectNoUnknownOptions(parsedArgv, ["auth-file", "base-url", "json"]);
+      expectNoUnknownOptions(parsedArgv, ["auth-file", "base-url", "json", "github", "github-cli", "github-device", "label"]);
       ensureNoExtraPositionals(parsedArgv, 2);
-      const input = appendCommonAuthOptions(parsedArgv, {
-        bearerToken: requirePositional(parsedArgv, 1, "member-token")
-      });
+      const bearerToken = parsedArgv.positionals[1];
+      const input = appendCommonAuthOptions(parsedArgv, {});
+      if (bearerToken !== void 0) {
+        input.bearerToken = bearerToken;
+      }
       const baseUrl = readStringOption(parsedArgv, "base-url");
       if (baseUrl !== void 0) {
         input.baseUrl = baseUrl;
       }
+      if (readBooleanOption(parsedArgv, "github") === true) {
+        input.github = true;
+      }
+      if (readBooleanOption(parsedArgv, "github-cli") === true) {
+        input.githubCli = true;
+      }
+      if (readBooleanOption(parsedArgv, "github-device") === true) {
+        input.githubDevice = true;
+      }
+      const label = readStringOption(parsedArgv, "label");
+      if (label !== void 0) {
+        input.label = label;
+      }
       return await (dependencies.loginCommand ?? loginCommand)(input);
     }
     if (command === "whoami") {
@@ -28295,7 +29079,7 @@ ${formatUsage()}`
 }
 async function main(dependencies = {}) {
   const argv = dependencies.argv ?? process.argv.slice(2);
-  const stdout = dependencies.stdout ?? ((text) => process.stdout.write(text));
+  const stdout2 = dependencies.stdout ?? ((text) => process.stdout.write(text));
   const stderr = dependencies.stderr ?? ((text) => process.stderr.write(text));
   const setExitCode = dependencies.setExitCode ?? ((code) => {
     process.exitCode = code;
@@ -28303,7 +29087,7 @@ async function main(dependencies = {}) {
   const result = await runCli(argv, dependencies);
   if (result.output.length > 0) {
     if (result.exitCode === 0) {
-      stdout(`${result.output}
+      stdout2(`${result.output}
 `);
     } else {
       stderr(`${result.output}