@debugbundle/cli 0.1.7 → 0.1.9

package/dist/main.cjs

@@ -14507,6 +14507,7 @@ var CapturePolicyOverridesSchema = external_exports.object({
   immediate_client_error_statuses: ImmediateClientErrorStatusesSchema.nullable()
 });
 var CapturePolicyResponseSchema = external_exports.object({
+  access_mode: external_exports.enum(["manage", "preview"]),
   policy: ResolvedCapturePolicySchema,
   overrides: CapturePolicyOverridesSchema
 });
@@ -14604,6 +14605,29 @@ function getRequestAnomalyThreshold(input) {
   return null;
 }
 
+// ../../packages/shared-types/src/improvement-settings.ts
+var ImprovementBundleSensitivityValues = [
+  "high_confidence",
+  "balanced",
+  "verbose"
+];
+var ImprovementBundleSensitivitySchema = external_exports.enum(ImprovementBundleSensitivityValues);
+var ImprovementSettingsSchema = external_exports.object({
+  automated_improvement_bundles_enabled: external_exports.boolean(),
+  improvement_bundle_sensitivity: ImprovementBundleSensitivitySchema
+});
+var ImprovementSettingsResponseSchema = external_exports.object({
+  access_mode: external_exports.enum(["manage", "preview"]),
+  cloud_automation_available: external_exports.boolean(),
+  settings: ImprovementSettingsSchema
+});
+var ImprovementSettingsUpdateSchema = external_exports.object({
+  automated_improvement_bundles_enabled: external_exports.boolean().optional(),
+  improvement_bundle_sensitivity: ImprovementBundleSensitivitySchema.optional()
+}).refine((input) => Object.keys(input).length > 0, {
+  message: "At least one improvement settings field must be provided."
+});
+
 // ../../packages/shared-types/src/index.ts
 function createUuidV4() {
   const cryptoSource = globalThis.crypto;
@@ -15173,6 +15197,25 @@ function buildSkill() {
     "",
     "Use DebugBundle before starting a fresh bug investigation.",
     "",
+    "## Investigation Quickstart",
+    "",
+    "When the user reports a bug, runtime failure, production incident, regression, broken deploy, or unknown error, start here before reading arbitrary source files.",
+    "",
+    "1. Run `debugbundle doctor --json` to learn whether the project is local-only or connected and whether the local scaffold is healthy.",
+    "2. List actionable failures with `debugbundle incidents --source local --status open --json` for local data, or `debugbundle incidents --source cloud --status open --json` when the issue came from a hosted environment.",
+    "3. Inspect the chosen incident with `debugbundle inspect <incident-id> --source <local|cloud> --json` and `debugbundle explain <incident-id> --source <local|cloud> --json`.",
+    "4. Fetch evidence before editing code: `debugbundle bundle <incident-id> --source <local|cloud> --json` and `debugbundle reproduce <incident-id> --source <local|cloud> --json`.",
+    "5. If local SDK or relay events have landed but no bundle exists yet, run `debugbundle process --preset <minimal|balanced|investigative> --json` and then list incidents again.",
+    "",
+    "Key local paths:",
+    "- `.debugbundle/profile.json` \u2014 project map, service paths, and validation state",
+    "- `.debugbundle/local/connection.json` \u2014 local-only vs connected mode and environment delivery policy",
+    "- `.debugbundle/local/events/` \u2014 raw local SDK, relay, ingest, and watch event batches",
+    "- `.debugbundle/local/state.json` \u2014 local incident index, lifecycle state, and bundle paths",
+    "- `.debugbundle/bundles/local/` \u2014 locally generated bundle artifacts",
+    "- `.debugbundle/bundles/local/reproductions/` \u2014 local reproduction artifacts",
+    "- `.debugbundle/bundles/cloud/` \u2014 explicitly fetched cloud artifact cache",
+    "",
     "## Core Workflow",
     "",
     "1. Check DebugBundle incidents first to avoid re-investigating a known failure.",
@@ -15223,23 +15266,35 @@ function buildCliReference() {
     "## Setup",
     "",
     "- `debugbundle setup [--non-interactive] [--json]`",
-    "- `debugbundle doctor [--json]`",
+    "- `debugbundle doctor [--check-relay] [--json]`",
     "- `debugbundle validate [--fix] [--json]`",
     "- `debugbundle ingest <file> --format <format> [--json]`",
     "- `debugbundle watch --log <file> --format <format> [--json]`",
     "- `debugbundle watch --cloud --log <file> --format <format> [--json]`",
     "- `debugbundle process [--preset <minimal|balanced|investigative>] [--json]`",
+    "- `debugbundle clean [--events] [--bundles] [--all] [--older-than <Nd>] [--json]`",
     "",
     "## Investigation",
     "",
-    "- `debugbundle incidents`",
-    "- `debugbundle inspect <incident-id>`",
-    "- `debugbundle bundle <incident-id>`",
-    "- `debugbundle reproduce <incident-id>`",
-    "- `debugbundle resolve <incident-id>`",
-    "- `debugbundle reopen <incident-id>`",
+    "- `debugbundle incidents [--source <local|cloud>] [--project-id <id>] [--environment <name>] [--service <name>] [--status <status>] [--severity <severity>] [--cursor <cursor>] [--limit <n>] [--json]`",
+    "- `debugbundle inspect <incident-id> [--source <local|cloud>] [--json]`",
+    "- `debugbundle explain <incident-id> [--source <local|cloud>] [--json]`",
+    "- `debugbundle bundle <incident-id> [--source <local|cloud>] [--json]`",
+    "- `debugbundle reproduce <incident-id> [--source <local|cloud>] [--json]`",
+    "- `debugbundle resolve <incident-id> [--source <local|cloud>] [--json]`",
+    "- `debugbundle reopen <incident-id> [--source <local|cloud>] [--json]`",
     "- `debugbundle analyze --type improvement --local`",
     "",
+    "## Operational Paths",
+    "",
+    "- `.debugbundle/profile.json` \u2014 committed project map and agent validation state",
+    "- `.debugbundle/local/connection.json` \u2014 committed delivery policy and cloud connection metadata",
+    "- `.debugbundle/local/events/` \u2014 gitignored raw local event batches",
+    "- `.debugbundle/local/state.json` \u2014 gitignored local incident index and lifecycle state",
+    "- `.debugbundle/bundles/local/` \u2014 gitignored local bundle artifacts",
+    "- `.debugbundle/bundles/local/reproductions/` \u2014 gitignored local reproduction artifacts",
+    "- `.debugbundle/bundles/cloud/` \u2014 gitignored cache for explicitly fetched cloud artifacts",
+    "",
     "## Incident Hygiene",
     "",
     "Resolve incidents after a fix is verified or after an intentional smoke, dogfood, or verification incident has served its purpose.",
@@ -15271,6 +15326,17 @@ function buildMcpReference() {
     "",
     "Use the same incident-first workflow through MCP when an agent is operating in connected mode.",
     "",
+    "## Investigation Tools",
+    "",
+    "- `doctor` \u2014 validate local profile, connection config, auth state, and setup health.",
+    "- `list_incidents` \u2014 list local, cloud, or connected combined incidents; pass `source`, `status`, `environment`, `service`, `severity`, `cursor`, and `limit` when needed.",
+    "- `get_incident` \u2014 fetch incident metadata by incident id.",
+    "- `get_incident_context` \u2014 fetch deterministic explanation context for triage.",
+    "- `get_bundle` \u2014 fetch the full debug bundle before proposing a fix.",
+    "- `get_reproduction` \u2014 fetch reproduction guidance before editing code.",
+    "- `resolve_incident` / `reopen_incident` \u2014 update lifecycle state after validation.",
+    "- `analyze` \u2014 run local agent-oriented analysis from local bundles and skill schemas.",
+    "",
     "- Prefer bundle retrieval tools before reading raw repository files.",
     "- Use MCP bundle access when the current issue originated in production.",
     "- Resolve fixed or intentionally generated incidents with `resolve_incident` so open incidents stay actionable.",
@@ -15294,8 +15360,12 @@ function buildBundleSchemaReference() {
     "Focus on:",
     "- `summary` for the failure synopsis and recommended action",
     "- `service` and `environment` for routing to the right code path",
+    "- `context.error`, `context.request`, `context.response`, `context.logs`, `context.frontend`, `context.runtime`, `context.git`, `context.dependencies`, and `context.probe_data` for supporting evidence",
+    "- `reproduction` for confidence, commands, and manual steps",
     "- `links.reproduction` for the generated reproduction artifact",
     "- `metadata.source` for whether the bundle came from local or cloud data",
+    "",
+    "Treat the bundle as the source of truth for the failure report. Use repository reads to confirm and patch the implicated code paths, not to rediscover incident context from scratch.",
     ""
   ].join("\n");
 }
@@ -15306,10 +15376,12 @@ function buildProfileEnrichmentReference() {
     "The setup profile is generated from static analysis and must be reviewed before agents rely on it for architecture decisions.",
     "",
     "Checklist:",
-    "- verify service kinds, frameworks, and runtime assumptions",
-    "- add critical paths and ownership notes",
-    "- confirm build, test, and lint workflows",
-    "- update `debugbundle.validation_status` to `agent-validated` when complete",
+    "- verify `project.primary_languages`, `project.package_managers`, and `project.deployment_targets`",
+    "- verify each service `kind`, `runtime`, `framework`, `paths`, `owns_routes`, and `depends_on` value against the repository",
+    "- add critical paths for ingestion, processing, retrieval, SDK capture, auth, billing, and any project-specific high-risk workflows",
+    "- confirm `repo.generated_paths` and `repo.do_not_edit_paths` match the local scaffold",
+    "- confirm build, test, lint, and install workflows in `developer_workflows`",
+    "- update `debugbundle.last_reviewed_at` and set `debugbundle.validation_status` to `agent-validated` when complete",
     ""
   ].join("\n");
 }
@@ -15391,6 +15463,22 @@ function buildSkillEvals() {
             "Resolve verified or intentionally generated incidents after the workflow is complete.",
             "Leave unresolved incidents open when the failure is still live or unverified."
           ]
+        },
+        {
+          name: "artifact_path_discovery",
+          prompt: "The user reports an unknown local runtime error. Confirm the skill tells the agent which DebugBundle paths and commands to inspect first.",
+          expected_behavior: [
+            "Run doctor and list local open incidents before broad source exploration.",
+            "Use .debugbundle/local/state.json, .debugbundle/bundles/local/, and reproduction artifact paths as the local evidence map."
+          ]
+        },
+        {
+          name: "connected_incident_fetch",
+          prompt: "The user says a production incident fired in the hosted DebugBundle project. Confirm the skill points the agent to the cloud retrieval path.",
+          expected_behavior: [
+            "List cloud open incidents or use MCP list_incidents with source cloud.",
+            "Fetch inspect, context, bundle, and reproduction artifacts before editing code."
+          ]
         }
       ]
     },
@@ -15802,6 +15890,35 @@ var IncidentSchema = external_exports.object({
   matched_fields: external_exports.array(external_exports.string()),
   incident_reason: IncidentReasonSchema.optional()
 }).strict();
+var ImprovementSchema = external_exports.object({
+  improvement_id: external_exports.string(),
+  project_id: external_exports.string(),
+  project_name: external_exports.string(),
+  project_slug: external_exports.string(),
+  service_id: external_exports.string().nullable(),
+  service_name: external_exports.string(),
+  service_runtime: external_exports.string().nullable(),
+  service_framework: external_exports.string().nullable(),
+  environment: external_exports.string(),
+  kind: external_exports.enum(["warning_hotspot", "slow_request", "request_failure_pattern", "recurring_incident", "post_deploy_regression"]),
+  status: external_exports.enum(["open", "resolved", "snoozed"]),
+  severity: external_exports.enum(["low", "medium", "high", "critical"]),
+  confidence: external_exports.number(),
+  fingerprint: external_exports.string(),
+  title: external_exports.string(),
+  summary: external_exports.string(),
+  occurrence_count: external_exports.number().int(),
+  evidence: external_exports.record(external_exports.unknown()),
+  related_incident_ids: external_exports.array(external_exports.string()),
+  first_detected_at: external_exports.string(),
+  last_detected_at: external_exports.string(),
+  resolved_at: external_exports.string().nullable(),
+  snoozed_until: external_exports.string().nullable(),
+  bundle_generation_number: external_exports.number().int(),
+  bundle_created_at: external_exports.string().nullable(),
+  bundle_updated_at: external_exports.string().nullable(),
+  bundle_failure_reason: external_exports.string().nullable()
+}).strict();
 var ServiceSchema3 = external_exports.object({
   service_id: external_exports.string(),
   project_id: external_exports.string(),
@@ -15824,6 +15941,9 @@ var IncidentsResponseSchema = external_exports.object({
 var IncidentResponseSchema = external_exports.object({
   incident: IncidentSchema
 }).strict();
+var ImprovementResponseSchema = external_exports.object({
+  improvement: ImprovementSchema
+}).strict();
 var IncidentContextArtifactSchema = external_exports.object({
   status: external_exports.enum(["ready", "pending", "failed"]),
   body: external_exports.unknown().optional(),
@@ -15894,6 +16014,10 @@ var IncidentContextSchema = external_exports.object({
 var ServicesResponseSchema = external_exports.object({
   services: external_exports.array(ServiceSchema3)
 }).strict();
+var ImprovementsResponseSchema = external_exports.object({
+  improvements: external_exports.array(ImprovementSchema),
+  next_cursor: external_exports.string().nullable().optional()
+}).strict();
 var LogsResponseSchema = external_exports.object({
   logs: external_exports.array(LogSchema),
   next_cursor: external_exports.string().nullable().optional()
@@ -16092,6 +16216,108 @@ function createRetrievalApi(client) {
           bearerToken: input.bearerToken
         })
       );
+    },
+    async listImprovements(input) {
+      const query = new URLSearchParams();
+      if (input.projectId !== void 0) {
+        query.set("project_id", input.projectId);
+      }
+      if (input.environment !== void 0) {
+        query.set("environment", input.environment);
+      }
+      if (input.service !== void 0) {
+        query.set("service", input.service);
+      }
+      if (input.status !== void 0) {
+        query.set("status", input.status);
+      }
+      if (input.severity !== void 0) {
+        query.set("severity", input.severity);
+      }
+      if (input.kind !== void 0) {
+        query.set("kind", input.kind);
+      }
+      if (input.cursor !== void 0) {
+        query.set("cursor", input.cursor);
+      }
+      if (input.limit !== void 0) {
+        query.set("limit", String(input.limit));
+      }
+      const path = query.size > 0 ? `/v1/improvements?${query.toString()}` : "/v1/improvements";
+      const parsed = await expectParsed(
+        client.request({
+          method: "GET",
+          path,
+          bearerToken: input.bearerToken
+        }),
+        ImprovementsResponseSchema
+      );
+      return {
+        improvements: parsed.improvements,
+        next_cursor: parsed.next_cursor ?? null
+      };
+    },
+    async getImprovement(input) {
+      const parsed = await expectParsed(
+        client.request({
+          method: "GET",
+          path: `/v1/improvements/${input.improvementId}`,
+          bearerToken: input.bearerToken
+        }),
+        ImprovementResponseSchema
+      );
+      return parsed.improvement;
+    },
+    async resolveImprovement(input) {
+      const parsed = await expectParsed(
+        client.request({
+          method: "POST",
+          path: `/v1/improvements/${input.improvementId}/resolve`,
+          bearerToken: input.bearerToken
+        }),
+        ImprovementResponseSchema
+      );
+      return parsed.improvement;
+    },
+    async reopenImprovement(input) {
+      const parsed = await expectParsed(
+        client.request({
+          method: "POST",
+          path: `/v1/improvements/${input.improvementId}/reopen`,
+          bearerToken: input.bearerToken
+        }),
+        ImprovementResponseSchema
+      );
+      return parsed.improvement;
+    },
+    async snoozeImprovement(input) {
+      const parsed = await expectParsed(
+        client.request({
+          method: "POST",
+          path: `/v1/improvements/${input.improvementId}/snooze`,
+          bearerToken: input.bearerToken,
+          body: { snoozed_until: input.snoozedUntil }
+        }),
+        ImprovementResponseSchema
+      );
+      return parsed.improvement;
+    },
+    async getImprovementBundle(input) {
+      return await expectParsed(
+        client.request({
+          method: "GET",
+          path: `/v1/projects/${input.projectId}/improvements/${input.improvementId}/bundle`,
+          bearerToken: input.bearerToken
+        }),
+        external_exports.union([
+          PendingStatusSchema,
+          BundleSchema,
+          external_exports.object({
+            status: external_exports.literal("failed"),
+            reason: external_exports.string()
+          }).strict()
+        ])
+      );
     }
   };
 }
@@ -16750,6 +16976,329 @@ var STORAGE_SCHEMA_MIGRATIONS = [
       "ALTER TABLE users ADD COLUMN IF NOT EXISTS avatar_content_type text",
       "ALTER TABLE users ADD COLUMN IF NOT EXISTS avatar_updated_at timestamptz"
     ]
+  }),
+  defineStorageSchemaMigration({
+    id: "202605170001_add_alert_email_digest_queue",
+    description: "Add queued email alert digests and digest items for fixed-window alert batching.",
+    statements: [
+      `
+        CREATE TABLE IF NOT EXISTS alert_email_digests (
+          id uuid PRIMARY KEY,
+          project_id uuid NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
+          recipient text NOT NULL,
+          status text NOT NULL,
+          next_attempt_at timestamptz,
+          claimed_at timestamptz,
+          last_error text,
+          delivered_at timestamptz,
+          created_at timestamptz NOT NULL DEFAULT now(),
+          updated_at timestamptz NOT NULL DEFAULT now()
+        )
+      `,
+      `
+        CREATE UNIQUE INDEX IF NOT EXISTS alert_email_digests_project_recipient_pending_idx
+        ON alert_email_digests (project_id, recipient)
+        WHERE status = 'pending' AND claimed_at IS NULL
+      `,
+      `
+        CREATE INDEX IF NOT EXISTS alert_email_digests_status_next_attempt_idx
+        ON alert_email_digests (status, next_attempt_at)
+      `,
+      `
+        CREATE TABLE IF NOT EXISTS alert_email_digest_items (
+          id uuid PRIMARY KEY,
+          digest_id uuid NOT NULL REFERENCES alert_email_digests(id) ON DELETE CASCADE,
+          alert_id uuid NOT NULL REFERENCES alert_rules(id) ON DELETE CASCADE,
+          project_id uuid NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
+          incident_id uuid NOT NULL REFERENCES incidents(id) ON DELETE CASCADE,
+          condition_type text NOT NULL,
+          dedupe_key text NOT NULL,
+          payload jsonb NOT NULL,
+          created_at timestamptz NOT NULL DEFAULT now(),
+          UNIQUE (alert_id, incident_id, dedupe_key)
+        )
+      `,
+      `
+        CREATE INDEX IF NOT EXISTS alert_email_digest_items_digest_created_idx
+        ON alert_email_digest_items (digest_id, created_at ASC)
+      `
+    ]
+  }),
+  defineStorageSchemaMigration({
+    id: "202605180001_add_skipped_github_dispatch_status",
+    description: "Allow GitHub dispatch delivery history to record rate-limited skips without retrying them.",
+    statements: [
+      "ALTER TABLE github_dispatch_deliveries DROP CONSTRAINT IF EXISTS github_dispatch_deliveries_status_check",
+      "ALTER TABLE github_dispatch_deliveries ADD CONSTRAINT github_dispatch_deliveries_status_check CHECK (status IN ('pending', 'retrying', 'delivered', 'failed', 'skipped'))"
+    ]
+  }),
+  defineStorageSchemaMigration({
+    id: "202605180002_add_project_improvement_settings",
+    description: "Add project-level automated improvement settings columns.",
+    statements: [
+      "ALTER TABLE projects ADD COLUMN IF NOT EXISTS automated_improvement_bundles_enabled boolean NOT NULL DEFAULT true",
+      "ALTER TABLE projects ADD COLUMN IF NOT EXISTS improvement_bundle_sensitivity text NOT NULL DEFAULT 'balanced'",
+      `
+        ALTER TABLE projects
+        DROP CONSTRAINT IF EXISTS projects_improvement_bundle_sensitivity_check
+      `,
+      `
+        ALTER TABLE projects
+        ADD CONSTRAINT projects_improvement_bundle_sensitivity_check
+        CHECK (improvement_bundle_sensitivity IN ('high_confidence', 'balanced', 'verbose'))
+      `
+    ]
+  }),
+  defineStorageSchemaMigration({
+    id: "202605180003_add_improvement_opportunities_and_bundle_generation_shape",
+    description: "Add hosted improvement opportunity storage and allow bundle generations to reference improvements directly.",
+    statements: [
+      `
+        CREATE TABLE IF NOT EXISTS improvement_opportunities (
+          id uuid PRIMARY KEY,
+          project_id uuid NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
+          service_id uuid REFERENCES services(id) ON DELETE SET NULL,
+          service_name text NOT NULL,
+          environment text NOT NULL DEFAULT 'production',
+          kind text NOT NULL,
+          status text NOT NULL DEFAULT 'open',
+          severity text NOT NULL,
+          confidence numeric NOT NULL,
+          fingerprint text NOT NULL,
+          title text NOT NULL,
+          summary text NOT NULL,
+          occurrence_count integer NOT NULL DEFAULT 1,
+          evidence jsonb NOT NULL,
+          first_detected_at timestamptz NOT NULL,
+          last_detected_at timestamptz NOT NULL,
+          last_source_event_id uuid,
+          related_incident_ids uuid[] NOT NULL DEFAULT '{}',
+          bundle_generation_number integer NOT NULL DEFAULT 0,
+          bundle_created_at timestamptz,
+          bundle_updated_at timestamptz,
+          bundle_source_event_id uuid,
+          bundle_failure_reason text,
+          resolved_at timestamptz,
+          resolved_by_user_id uuid REFERENCES users(id) ON DELETE SET NULL,
+          snoozed_until timestamptz,
+          created_at timestamptz NOT NULL DEFAULT now(),
+          updated_at timestamptz NOT NULL DEFAULT now(),
+          UNIQUE (project_id, fingerprint)
+        )
+      `,
+      `
+        CREATE INDEX IF NOT EXISTS improvement_opportunities_project_status_detected_idx
+        ON improvement_opportunities (project_id, status, last_detected_at DESC)
+      `,
+      `
+        CREATE INDEX IF NOT EXISTS improvement_opportunities_project_kind_detected_idx
+        ON improvement_opportunities (project_id, kind, last_detected_at DESC)
+      `,
+      `
+        CREATE INDEX IF NOT EXISTS improvement_opportunities_project_service_env_idx
+        ON improvement_opportunities (project_id, service_id, environment)
+      `,
+      `
+        CREATE TABLE IF NOT EXISTS improvement_opportunity_events (
+          improvement_opportunity_id uuid NOT NULL REFERENCES improvement_opportunities(id) ON DELETE CASCADE,
+          event_id uuid NOT NULL,
+          event_type text NOT NULL,
+          occurred_at timestamptz NOT NULL,
+          PRIMARY KEY (improvement_opportunity_id, event_id)
+        )
+      `,
+      `
+        CREATE INDEX IF NOT EXISTS improvement_opportunity_events_detected_idx
+        ON improvement_opportunity_events (improvement_opportunity_id, occurred_at DESC, event_id DESC)
+      `,
+      "ALTER TABLE bundle_generations ALTER COLUMN incident_id DROP NOT NULL",
+      "ALTER TABLE bundle_generations ADD COLUMN IF NOT EXISTS improvement_opportunity_id uuid REFERENCES improvement_opportunities(id) ON DELETE CASCADE",
+      "ALTER TABLE bundle_generations DROP CONSTRAINT IF EXISTS bundle_generations_incident_id_source_event_id_key",
+      "DROP INDEX IF EXISTS bundle_generations_incident_source_idx",
+      "DROP INDEX IF EXISTS bundle_generations_improvement_source_idx",
+      `
+        CREATE UNIQUE INDEX IF NOT EXISTS bundle_generations_incident_source_idx
+        ON bundle_generations (incident_id, source_event_id)
+        WHERE incident_id IS NOT NULL
+      `,
+      `
+        CREATE UNIQUE INDEX IF NOT EXISTS bundle_generations_improvement_source_idx
+        ON bundle_generations (improvement_opportunity_id, source_event_id)
+        WHERE improvement_opportunity_id IS NOT NULL
+      `,
+      "DROP INDEX IF EXISTS bundle_generations_improvement_generation_idx",
+      `
+        CREATE INDEX IF NOT EXISTS bundle_generations_improvement_generation_idx
+        ON bundle_generations (improvement_opportunity_id, generation_number DESC)
+        WHERE improvement_opportunity_id IS NOT NULL
+      `,
+      "ALTER TABLE bundle_generations DROP CONSTRAINT IF EXISTS bundle_generations_owner_check",
+      `
+        ALTER TABLE bundle_generations
+        ADD CONSTRAINT bundle_generations_owner_check CHECK (
+          (incident_id IS NOT NULL AND improvement_opportunity_id IS NULL AND bundle_type = 'failure')
+          OR (incident_id IS NULL AND improvement_opportunity_id IS NOT NULL AND bundle_type = 'improvement')
+        )
+      `
+    ]
+  }),
+  defineStorageSchemaMigration({
+    id: "202605180004_add_operational_email_deliveries",
+    description: "Add durable operational email delivery queue with retries and dedupe.",
+    statements: [
+      `
+        CREATE TABLE IF NOT EXISTS operational_email_deliveries (
+          id uuid PRIMARY KEY,
+          organization_id uuid NOT NULL REFERENCES organizations(id) ON DELETE CASCADE,
+          project_id uuid NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
+          kind text NOT NULL,
+          dedupe_key text NOT NULL,
+          payload jsonb NOT NULL DEFAULT '{}'::jsonb,
+          status text NOT NULL DEFAULT 'pending',
+          attempt_count integer NOT NULL DEFAULT 0,
+          next_attempt_at timestamptz,
+          last_error text,
+          delivered_at timestamptz,
+          created_at timestamptz NOT NULL DEFAULT now(),
+          updated_at timestamptz NOT NULL DEFAULT now(),
+          UNIQUE (organization_id, kind, dedupe_key)
+        )
+      `,
+      `
+        ALTER TABLE operational_email_deliveries
+        DROP CONSTRAINT IF EXISTS operational_email_deliveries_kind_check
+      `,
+      `
+        ALTER TABLE operational_email_deliveries
+        ADD CONSTRAINT operational_email_deliveries_kind_check
+        CHECK (kind IN ('webhook_auto_disabled', 'allowance_warning_80', 'allowance_limit_reached', 'retention_rotation_notice'))
+      `,
+      `
+        ALTER TABLE operational_email_deliveries
+        DROP CONSTRAINT IF EXISTS operational_email_deliveries_status_check
+      `,
+      `
+        ALTER TABLE operational_email_deliveries
+        ADD CONSTRAINT operational_email_deliveries_status_check
+        CHECK (status IN ('pending', 'retrying', 'delivered', 'failed'))
+      `,
+      `
+        CREATE INDEX IF NOT EXISTS operational_email_deliveries_status_next_attempt_idx
+        ON operational_email_deliveries (status, next_attempt_at, created_at)
+      `
+    ]
+  }),
+  defineStorageSchemaMigration({
+    id: "202605180005_add_github_improvement_dispatch_targets",
+    description: "Allow GitHub dispatch deliveries to target either incidents or hosted improvements.",
+    statements: [
+      "ALTER TABLE github_dispatch_deliveries ALTER COLUMN incident_id DROP NOT NULL",
+      "ALTER TABLE github_dispatch_deliveries RENAME COLUMN incident_fingerprint TO target_fingerprint",
+      "ALTER TABLE github_dispatch_deliveries ADD COLUMN IF NOT EXISTS improvement_opportunity_id uuid REFERENCES improvement_opportunities(id) ON DELETE CASCADE",
+      "DROP INDEX IF EXISTS github_dispatch_deliveries_rule_dedupe_key_idx",
+      `
+        CREATE UNIQUE INDEX IF NOT EXISTS github_dispatch_deliveries_rule_dedupe_key_idx
+        ON github_dispatch_deliveries (rule_id, target_fingerprint, dedupe_key)
+      `,
+      "ALTER TABLE github_dispatch_deliveries DROP CONSTRAINT IF EXISTS github_dispatch_deliveries_check",
+      `
+        ALTER TABLE github_dispatch_deliveries
+        ADD CONSTRAINT github_dispatch_deliveries_check CHECK (
+          (incident_id IS NOT NULL AND improvement_opportunity_id IS NULL)
+          OR (incident_id IS NULL AND improvement_opportunity_id IS NOT NULL)
+        )
+      `
+    ]
+  }),
+  defineStorageSchemaMigration({
+    id: "202605180006_add_missing_bundle_and_creator_columns",
+    description: "Backfill creator ownership columns and incident bundle tracking columns that existed only in bootstrap schema.",
+    statements: [
+      "ALTER TABLE incidents ADD COLUMN IF NOT EXISTS bundle_generation_number integer NOT NULL DEFAULT 0",
+      "ALTER TABLE incidents ADD COLUMN IF NOT EXISTS bundle_created_at timestamptz",
+      "ALTER TABLE incidents ADD COLUMN IF NOT EXISTS bundle_updated_at timestamptz",
+      "ALTER TABLE incidents ADD COLUMN IF NOT EXISTS bundle_source_event_id uuid",
+      "ALTER TABLE incidents ADD COLUMN IF NOT EXISTS bundle_source_occurred_at timestamptz",
+      "ALTER TABLE incidents ADD COLUMN IF NOT EXISTS bundle_trigger text",
+      "ALTER TABLE incidents ADD COLUMN IF NOT EXISTS bundle_failure_reason text",
+      "ALTER TABLE alert_rules ADD COLUMN IF NOT EXISTS created_by_user_id uuid",
+      `
+        UPDATE alert_rules ar
+        SET created_by_user_id = p.owner_user_id
+        FROM projects p
+        WHERE ar.project_id = p.id
+          AND ar.created_by_user_id IS NULL
+      `,
+      "ALTER TABLE alert_rules DROP CONSTRAINT IF EXISTS alert_rules_created_by_user_id_fkey",
+      `
+        ALTER TABLE alert_rules
+        ADD CONSTRAINT alert_rules_created_by_user_id_fkey
+        FOREIGN KEY (created_by_user_id) REFERENCES users(id) ON DELETE CASCADE
+      `,
+      "ALTER TABLE alert_rules ALTER COLUMN created_by_user_id SET NOT NULL",
+      "ALTER TABLE agent_webhooks ADD COLUMN IF NOT EXISTS created_by_user_id uuid",
+      `
+        UPDATE agent_webhooks aw
+        SET created_by_user_id = p.owner_user_id
+        FROM projects p
+        WHERE aw.project_id = p.id
+          AND aw.created_by_user_id IS NULL
+      `,
+      "ALTER TABLE agent_webhooks DROP CONSTRAINT IF EXISTS agent_webhooks_created_by_user_id_fkey",
+      `
+        ALTER TABLE agent_webhooks
+        ADD CONSTRAINT agent_webhooks_created_by_user_id_fkey
+        FOREIGN KEY (created_by_user_id) REFERENCES users(id) ON DELETE CASCADE
+      `,
+      "ALTER TABLE agent_webhooks ALTER COLUMN created_by_user_id SET NOT NULL",
+      "ALTER TABLE github_dispatch_rules ADD COLUMN IF NOT EXISTS created_by_user_id uuid",
+      `
+        UPDATE github_dispatch_rules gdr
+        SET created_by_user_id = p.owner_user_id
+        FROM projects p
+        WHERE gdr.project_id = p.id
+          AND gdr.created_by_user_id IS NULL
+      `,
+      "ALTER TABLE github_dispatch_rules DROP CONSTRAINT IF EXISTS github_dispatch_rules_created_by_user_id_fkey",
+      `
+        ALTER TABLE github_dispatch_rules
+        ADD CONSTRAINT github_dispatch_rules_created_by_user_id_fkey
+        FOREIGN KEY (created_by_user_id) REFERENCES users(id) ON DELETE CASCADE
+      `,
+      "ALTER TABLE github_dispatch_rules ALTER COLUMN created_by_user_id SET NOT NULL"
+    ]
+  }),
+  defineStorageSchemaMigration({
+    id: "202605200001_limit_weekly_report_email_channel_per_project",
+    description: "Keep weekly email reports singular per project.",
+    statements: [
+      `
+        DELETE FROM weekly_report_channels
+        WHERE id IN (
+          SELECT id
+          FROM (
+            SELECT
+              id,
+              row_number() OVER (PARTITION BY project_id ORDER BY created_at ASC, id ASC) AS row_number
+            FROM weekly_report_channels
+            WHERE channel = 'email'
+          ) ranked
+          WHERE ranked.row_number > 1
+        )
+      `,
+      `
+        CREATE UNIQUE INDEX IF NOT EXISTS weekly_report_channels_project_email_unique_idx
+        ON weekly_report_channels (project_id)
+        WHERE channel = 'email'
+      `
+    ]
+  }),
+  defineStorageSchemaMigration({
+    id: "202605220001_add_project_token_allowed_origins",
+    description: "Add optional browser-origin allowlists to project ingestion tokens.",
+    statements: [
+      "ALTER TABLE project_tokens ADD COLUMN IF NOT EXISTS allowed_origins jsonb NOT NULL DEFAULT '[]'::jsonb"
+    ]
   })
 ];
 
@@ -17508,6 +18057,7 @@ var ProjectRecordSchema = external_exports.object({
   owner_user_id: external_exports.string(),
   owner_email: external_exports.string().email(),
   relationship: external_exports.enum(["owned", "shared"]),
+  sharing_state: external_exports.enum(["private", "shared_by_you", "shared_with_you"]),
   effective_role: external_exports.enum(["owner", "admin", "member"]),
   name: external_exports.string(),
   slug: external_exports.string(),
@@ -17529,6 +18079,7 @@ var DeletedProjectRecordSchema = external_exports.object({
   owner_user_id: external_exports.string(),
   owner_email: external_exports.string().email(),
   relationship: external_exports.enum(["owned", "shared"]),
+  sharing_state: external_exports.enum(["private", "shared_by_you", "shared_with_you"]),
   effective_role: external_exports.enum(["owner", "admin", "member"]),
   name: external_exports.string(),
   slug: external_exports.string(),
@@ -17655,6 +18206,7 @@ var ProjectTokenSchema = external_exports.object({
   token_id: external_exports.string(),
   project_id: external_exports.string(),
   label: external_exports.string(),
+  allowed_origins: external_exports.array(external_exports.string()).default([]),
   created_at: external_exports.string(),
   last_used_at: external_exports.string().nullable(),
   revoked_at: external_exports.string().nullable(),
@@ -17739,7 +18291,8 @@ function createTokenManagementApi(client) {
           path: `/v1/projects/${input.projectId}/tokens`,
           bearerToken: input.bearerToken,
           body: {
-            label: input.label
+            label: input.label,
+            ...input.allowedOrigins === void 0 ? {} : { allowed_origins: input.allowedOrigins }
           }
         })
       );
@@ -17862,6 +18415,7 @@ var AlertConditionTypeSchema = external_exports.enum([
 var AlertSchema = external_exports.object({
   alert_id: external_exports.string(),
   project_id: external_exports.string(),
+  created_by_user_id: external_exports.string(),
   service_id: external_exports.string().nullable(),
   channel: AlertChannelSchema,
   condition_type: AlertConditionTypeSchema,
@@ -17987,7 +18541,7 @@ function createAlertApi(client) {
       return expectAlert(
         client.request({
           method: "PATCH",
-          path: `/v1/alerts/${input.alertId}`,
+          path: `/v1/alerts/${input.alertId}${buildQuery({ project_id: input.projectId })}`,
           bearerToken: input.bearerToken,
           body
         })
@@ -17996,7 +18550,7 @@ function createAlertApi(client) {
     async deleteAlert(input) {
       const response = await client.request({
         method: "DELETE",
-        path: `/v1/alerts/${input.alertId}`,
+        path: `/v1/alerts/${input.alertId}${buildQuery({ project_id: input.projectId })}`,
         bearerToken: input.bearerToken
       });
       if (response.status < 200 || response.status >= 300) {
@@ -18079,6 +18633,7 @@ var WebhookFiltersSchema = external_exports.object({
 var WebhookSchema = external_exports.object({
   webhook_id: external_exports.string(),
   project_id: external_exports.string(),
+  created_by_user_id: external_exports.string(),
   url: external_exports.string(),
   events: external_exports.array(WebhookEventTypeSchema),
   filters: WebhookFiltersSchema,
@@ -18249,7 +18804,7 @@ function createWebhookApi(client) {
       return expectWebhook(
         client.request({
           method: "GET",
-          path: `/v1/webhooks/${input.webhookId}`,
+          path: `/v1/webhooks/${input.webhookId}${buildQuery2({ project_id: input.projectId })}`,
           bearerToken: input.bearerToken
         })
       );
@@ -18271,7 +18826,7 @@ function createWebhookApi(client) {
       return expectWebhook(
         client.request({
           method: "PATCH",
-          path: `/v1/webhooks/${input.webhookId}`,
+          path: `/v1/webhooks/${input.webhookId}${buildQuery2({ project_id: input.projectId })}`,
           bearerToken: input.bearerToken,
           body
         })
@@ -18280,7 +18835,7 @@ function createWebhookApi(client) {
     async deleteWebhook(input) {
       const response = await client.request({
         method: "DELETE",
-        path: `/v1/webhooks/${input.webhookId}`,
+        path: `/v1/webhooks/${input.webhookId}${buildQuery2({ project_id: input.projectId })}`,
         bearerToken: input.bearerToken
       });
       if (response.status < 200 || response.status >= 300) {
@@ -18298,7 +18853,7 @@ function createWebhookApi(client) {
       return expectWebhookTestDelivery(
         client.request({
           method: "POST",
-          path: `/v1/webhooks/${input.webhookId}/test`,
+          path: `/v1/webhooks/${input.webhookId}/test${buildQuery2({ project_id: input.projectId })}`,
           bearerToken: input.bearerToken,
           body
         })
@@ -18308,7 +18863,7 @@ function createWebhookApi(client) {
       return expectWebhookDeliveries(
         client.request({
           method: "GET",
-          path: `/v1/webhooks/${input.webhookId}/deliveries${buildQuery2({ limit: input.limit })}`,
+          path: `/v1/webhooks/${input.webhookId}/deliveries${buildQuery2({ project_id: input.projectId, limit: input.limit })}`,
           bearerToken: input.bearerToken
         })
       );
@@ -18317,7 +18872,7 @@ function createWebhookApi(client) {
       return expectRetryDelivery(
         client.request({
           method: "POST",
-          path: `/v1/webhooks/${input.webhookId}/deliveries/${input.deliveryId}/retry`,
+          path: `/v1/webhooks/${input.webhookId}/deliveries/${input.deliveryId}/retry${buildQuery2({ project_id: input.projectId })}`,
           bearerToken: input.bearerToken,
           body: {}
         })
@@ -18507,7 +19062,8 @@ var BillingSummarySchema = external_exports.object({
     monthly_raw_ingested_events: BillingUsageMetricSchema,
     retained_bundle_cap: BillingUsageMetricSchema,
     monthly_remote_activations: BillingUsageMetricSchema,
-    monthly_alert_deliveries: BillingUsageMetricSchema
+    monthly_alert_deliveries: BillingUsageMetricSchema,
+    monthly_webhook_deliveries: BillingUsageMetricSchema
   }).strict()
 }).strict();
 var BillingSummaryResponseSchema = external_exports.object({
@@ -18621,6 +19177,7 @@ var ProjectGitHubRepoSchema = external_exports.object({
 var GitHubDispatchRuleSchema = external_exports.object({
   rule_id: external_exports.string(),
   project_id: external_exports.string(),
+  created_by_user_id: external_exports.string(),
   name: external_exports.string(),
   enabled: external_exports.boolean(),
   event_types: external_exports.array(external_exports.string().min(1)),
@@ -18637,9 +19194,10 @@ var GitHubDispatchDeliverySchema = external_exports.object({
   delivery_id: external_exports.string(),
   rule_id: external_exports.string(),
   rule_name: external_exports.string(),
-  incident_id: external_exports.string(),
-  incident_title: external_exports.string(),
-  status: external_exports.enum(["pending", "retrying", "delivered", "failed"]),
+  incident_id: external_exports.string().nullable(),
+  improvement_id: external_exports.string().nullable(),
+  target_title: external_exports.string(),
+  status: external_exports.enum(["pending", "retrying", "delivered", "failed", "skipped"]),
   attempt_count: external_exports.number().int(),
   last_attempt_at: external_exports.string().nullable(),
   last_error: external_exports.string().nullable(),
@@ -18776,19 +19334,21 @@ async function expectNoContent(responsePromise) {
 function createGitHubManagementApi(client) {
   return {
     async getInstallation(input) {
+      const query = input.projectId === void 0 ? "" : `?project_id=${encodeURIComponent(input.projectId)}`;
       return expectInstallation(
         client.request({
           method: "GET",
-          path: "/v1/github/installation",
+          path: `/v1/github/installation${query}`,
           bearerToken: input.bearerToken
         })
       );
     },
     async listRepositories(input) {
+      const query = input.projectId === void 0 ? "" : `?project_id=${encodeURIComponent(input.projectId)}`;
       return expectRepositories(
         client.request({
           method: "GET",
-          path: "/v1/github/repositories",
+          path: `/v1/github/repositories${query}`,
           bearerToken: input.bearerToken
         })
       );
@@ -25341,7 +25901,7 @@ var CLI_USAGE_LINES = [
   "  debugbundle billing capacity schedule-reduction --target-additional-capacity-units <n> [--auth-file <path>] [--json]",
   "  debugbundle billing capacity cancel-reduction [--auth-file <path>] [--json]",
   "  debugbundle github status [--project-id <id>] [--auth-file <path>] [--json]",
-  "  debugbundle github repos [--auth-file <path>] [--json]",
+  "  debugbundle github repos [--project-id <id>] [--auth-file <path>] [--json]",
   "  debugbundle github repo set <owner/repo> --project-id <id> [--auth-file <path>] [--json]",
   "  debugbundle github repo remove --project-id <id> [--auth-file <path>] [--json]",
   "  debugbundle github rules --project-id <id> [--auth-file <path>] [--json]",
@@ -25355,32 +25915,41 @@ var CLI_USAGE_LINES = [
   "  debugbundle project update <project-id> [--name <name>] [--slug <slug>] [--environment-default <env>] [--auth-file <path>] [--json]",
   "  debugbundle project delete <project-id> [--auth-file <path>] [--json]",
   "  debugbundle token project list <project-id> [--limit <n>] [--auth-file <path>] [--json]",
-  "  debugbundle token project create <project-id> --label <label> [--auth-file <path>] [--json]",
+  "  debugbundle token project create <project-id> --label <label> [--allowed-origin <origin> ...] [--auth-file <path>] [--json]",
   "  debugbundle token project revoke <project-id> <token-id> [--auth-file <path>] [--json]",
   "  debugbundle token member list [--limit <n>] [--auth-file <path>] [--json]",
   "  debugbundle token member create --label <label> [--auth-file <path>] [--json]",
   "  debugbundle token member revoke <token-id> [--auth-file <path>] [--json]",
   "  debugbundle alert list --project-id <id> [--limit <n>] [--auth-file <path>] [--json]",
   "  debugbundle alert create --project-id <id> --channel <channel> --condition <condition> [--service-id <id>] [--severity-min <level>] --config-json <json> [--is-enabled <true|false>] [--auth-file <path>] [--json]",
-  "  debugbundle alert update <alert-id> [--service-id <id|null>] [--channel <channel>] [--condition <condition>] [--severity-min <level|null>] [--config-json <json|null>] [--is-enabled <true|false>] [--auth-file <path>] [--json]",
-  "  debugbundle alert delete <alert-id> [--auth-file <path>] [--json]",
+  "  debugbundle alert update <alert-id> --project-id <id> [--service-id <id|null>] [--channel <channel>] [--condition <condition>] [--severity-min <level|null>] [--config-json <json|null>] [--is-enabled <true|false>] [--auth-file <path>] [--json]",
+  "  debugbundle alert delete <alert-id> --project-id <id> [--auth-file <path>] [--json]",
   "  debugbundle slack list --project-id <id> [--auth-file <path>] [--json]",
   "  debugbundle slack connect-url --project-id <id> [--return-to </projects/...>] [--auth-file <path>] [--json]",
   "  debugbundle slack test <destination-id> --project-id <id> [--auth-file <path>] [--json]",
   "  debugbundle slack delete <destination-id> --project-id <id> [--auth-file <path>] [--json]",
   "  debugbundle webhook list --project-id <id> [--limit <n>] [--auth-file <path>] [--json]",
   "  debugbundle webhook create --project-id <id> --url <url> --event <event[,event]> [--environment <env[,env]>] [--service <svc[,svc]>] [--severity-min <level>] [--bundle-type <type[,type]>] [--verification <true|false>] [--is-enabled <true|false>] [--auth-file <path>] [--json]",
-  "  debugbundle webhook update <webhook-id> [--url <url>] [--event <event[,event]>] [--environment <env[,env]>] [--service <svc[,svc]>] [--severity-min <level>] [--bundle-type <type[,type]>] [--verification <true|false>] [--is-enabled <true|false>] [--auth-file <path>] [--json]",
-  "  debugbundle webhook delete <webhook-id> [--auth-file <path>] [--json]",
-  "  debugbundle webhook test <webhook-id> [--event <verification.passed|verification.failed>] [--auth-file <path>] [--json]",
-  "  debugbundle webhook deliveries <webhook-id> [--limit <n>] [--auth-file <path>] [--json]",
-  "  debugbundle webhook retry <webhook-id> <delivery-id> [--auth-file <path>] [--json]",
+  "  debugbundle webhook update <webhook-id> --project-id <id> [--url <url>] [--event <event[,event]>] [--environment <env[,env]>] [--service <svc[,svc]>] [--severity-min <level>] [--bundle-type <type[,type]>] [--verification <true|false>] [--is-enabled <true|false>] [--auth-file <path>] [--json]",
+  "  debugbundle webhook delete <webhook-id> --project-id <id> [--auth-file <path>] [--json]",
+  "  debugbundle webhook test <webhook-id> --project-id <id> [--event <verification.passed|verification.failed>] [--auth-file <path>] [--json]",
+  "  debugbundle webhook deliveries <webhook-id> --project-id <id> [--limit <n>] [--auth-file <path>] [--json]",
+  "  debugbundle webhook retry <webhook-id> <delivery-id> --project-id <id> [--auth-file <path>] [--json]",
   "  debugbundle weekly-report list --project-id <id> [--limit <n>] [--auth-file <path>] [--json]",
   "  debugbundle weekly-report create --project-id <id> --channel <email|slack> --day-of-week <day> --hour-of-day <0-23> --timezone <iana> --config-json <json> [--is-enabled <true|false>] [--auth-file <path>] [--json]",
+  '      email --config-json uses {"to":["owner@example.com"]} with up to 3 recipients',
   "  debugbundle weekly-report update <channel-id> [--day-of-week <day>] [--hour-of-day <0-23>] [--timezone <iana>] [--config-json <json>] [--is-enabled <true|false>] [--auth-file <path>] [--json]",
   "  debugbundle weekly-report delete <channel-id> [--auth-file <path>] [--json]",
   "  debugbundle capture-policy get --project <id> [--auth-file <path>] [--json]",
   "  debugbundle capture-policy set --project <id> [--preset <minimal|balanced|investigative>] [--override <key=value>] [--client-error-incidents <preset-default|none|recommended|custom>] [--client-error-statuses <400,401,...>] [--auth-file <path>] [--json]",
+  "  debugbundle improvements list [--project-id <id>] [--environment <name>] [--service <name>] [--status <status>] [--severity <level>] [--kind <kind>] [--cursor <cursor>] [--limit <n>] [--auth-file <path>] [--json]",
+  "  debugbundle improvements get <improvement-id> [--auth-file <path>] [--json]",
+  "  debugbundle improvements bundle <improvement-id> --project-id <id> [--auth-file <path>] [--json]",
+  "  debugbundle improvements resolve <improvement-id> [--auth-file <path>] [--json]",
+  "  debugbundle improvements reopen <improvement-id> [--auth-file <path>] [--json]",
+  "  debugbundle improvements snooze <improvement-id> --until <ISO8601> [--auth-file <path>] [--json]",
+  "  debugbundle improvements settings get --project <id> [--auth-file <path>] [--json]",
+  "  debugbundle improvements settings set --project <id> [--enabled <true|false>] [--sensitivity <high_confidence|balanced|verbose>] [--auth-file <path>] [--json]",
   "  debugbundle probe activate <project-id> --label-pattern <pattern> [--service <name>] [--environment <name>] [--ttl-seconds <n>] [--trigger-ttl-seconds <n>] [--auth-file <path>] [--json]",
   "  debugbundle probe list <project-id> [--auth-file <path>] [--json]",
   "  debugbundle probe deactivate <project-id> <activation-id> [--auth-file <path>] [--json]",
@@ -25401,53 +25970,62 @@ var import_node_path16 = require("node:path");
 var SUGGESTED_ACTIONS2 = [
   "Run debugbundle setup if .debugbundle/profile.json is missing.",
   "Run debugbundle profile validate for field-level profile errors.",
-  "Run debugbundle validate --fix to recreate missing local DebugBundle stubs when safe."
+  "Run debugbundle validate --fix to recreate missing or stale local DebugBundle stubs when safe."
 ];
 var FIXABLE_FILES = [
   {
     name: "connection-config",
     filePath: CONNECTION_FILE_PATH,
-    buildContent: buildConnectionConfig
+    buildContent: buildConnectionConfig,
+    checkContent: false
   },
   {
     name: "agent-skill",
     filePath: SKILL_FILE_PATH,
-    buildContent: buildSkill
+    buildContent: buildSkill,
+    checkContent: true
   },
   {
     name: "cli-reference",
     filePath: CLI_REFERENCE_FILE_PATH,
-    buildContent: buildCliReference
+    buildContent: buildCliReference,
+    checkContent: true
   },
   {
     name: "mcp-reference",
     filePath: MCP_REFERENCE_FILE_PATH,
-    buildContent: buildMcpReference
+    buildContent: buildMcpReference,
+    checkContent: true
   },
   {
     name: "bundle-schema-reference",
     filePath: BUNDLE_SCHEMA_REFERENCE_FILE_PATH,
-    buildContent: buildBundleSchemaReference
+    buildContent: buildBundleSchemaReference,
+    checkContent: true
   },
   {
     name: "profile-enrichment-reference",
     filePath: PROFILE_ENRICHMENT_REFERENCE_FILE_PATH,
-    buildContent: buildProfileEnrichmentReference
+    buildContent: buildProfileEnrichmentReference,
+    checkContent: true
   },
   {
     name: "improvement-analysis-recipe",
     filePath: IMPROVEMENT_ANALYSIS_RECIPE_FILE_PATH,
-    buildContent: buildImprovementAnalysisRecipe
+    buildContent: buildImprovementAnalysisRecipe,
+    checkContent: true
   },
   {
     name: "performance-analysis-recipe",
     filePath: PERFORMANCE_ANALYSIS_RECIPE_FILE_PATH,
-    buildContent: buildPerformanceAnalysisRecipe
+    buildContent: buildPerformanceAnalysisRecipe,
+    checkContent: true
   },
   {
     name: "skill-evals",
     filePath: EVALS_FILE_PATH,
-    buildContent: buildSkillEvals
+    buildContent: buildSkillEvals,
+    checkContent: true
   }
 ];
 async function pathExists6(path, stat) {
@@ -25561,6 +26139,28 @@ async function validateCommand(input, dependencies = {}) {
   for (const fixableFile of FIXABLE_FILES) {
     const absoluteFilePath = (0, import_node_path16.join)(rootDirectory, fixableFile.filePath);
     if (await pathExists6(absoluteFilePath, stat)) {
+      if (fixableFile.checkContent) {
+        const currentContents = await readFile(absoluteFilePath);
+        const expectedContents = fixableFile.buildContent();
+        if (currentContents !== expectedContents) {
+          if (input.fix === true) {
+            await writeFile(absoluteFilePath, expectedContents);
+            checks.push({
+              name: fixableFile.name,
+              status: "ok",
+              message: `Updated stale ${fixableFile.filePath}`
+            });
+            continue;
+          }
+          autoFixAvailable = true;
+          checks.push({
+            name: fixableFile.name,
+            status: "warning",
+            message: `Stale ${fixableFile.filePath}; run debugbundle validate --fix to refresh it.`
+          });
+          continue;
+        }
+      }
       checks.push({
         name: fixableFile.name,
         status: "ok",
@@ -25948,6 +26548,7 @@ async function updateAlertCommand(input, api) {
   try {
     const requestInput = {
       bearerToken: input.bearerToken,
+      projectId: input.projectId,
       alertId: input.alertId
     };
     if (input.serviceId !== void 0) {
@@ -25984,6 +26585,7 @@ async function updateAlertWithAuthCommand(input, dependencies) {
     runCommand: (authState, api) => {
       const commandInput = {
         bearerToken: authState.bearer_token,
+        projectId: input.projectId,
         alertId: input.alertId
       };
       if (input.serviceId !== void 0) {
@@ -26017,6 +26619,7 @@ async function deleteAlertCommand(input, api) {
   try {
     const alert = await api.deleteAlert({
       bearerToken: input.bearerToken,
+      projectId: input.projectId,
       alertId: input.alertId
     });
     return {
@@ -26034,6 +26637,7 @@ async function deleteAlertWithAuthCommand(input, dependencies) {
     runCommand: (authState, api) => {
       const commandInput = {
         bearerToken: authState.bearer_token,
+        projectId: input.projectId,
         alertId: input.alertId
       };
       if (input.json !== void 0) {
@@ -26246,9 +26850,9 @@ async function setCapturePolicyWithAuthCommand(input, dependencies) {
   });
 }
 
-// src/project-commands.ts
+// src/improvement-commands.ts
 function mapErrorToExitCode6(error) {
-  if (!(error instanceof ProjectManagementApiError)) {
+  if (!(error instanceof RetrievalApiError)) {
     return 1;
   }
   if (error.status === 401) {
@@ -26260,18 +26864,416 @@ function mapErrorToExitCode6(error) {
   if (error.status === 400) {
     return 4;
   }
-  if (error.status === 409) {
-    return 5;
-  }
   return 1;
 }
-function formatProject(project) {
-  return `${project.project_id} ${project.name} (${project.slug})`;
+function formatImprovementTable(improvements) {
+  if (improvements.length === 0) {
+    return "No improvements found.";
+  }
+  return improvements.map((improvement) => `${improvement.improvement_id} | ${improvement.severity} | ${improvement.status} | ${improvement.title}`).join("\n");
 }
-async function listProjectsCommand(input, api) {
+function formatImprovementDetail(improvement) {
+  return [
+    `Improvement: ${improvement.improvement_id}`,
+    `Project: ${improvement.project_name}`,
+    `Title: ${improvement.title}`,
+    `Kind: ${improvement.kind}`,
+    `Severity: ${improvement.severity}`,
+    `Status: ${improvement.status}`,
+    `Environment: ${improvement.environment}`,
+    `Service: ${improvement.service_name}`,
+    `Confidence: ${improvement.confidence}`,
+    `Occurrences: ${improvement.occurrence_count}`,
+    `Last detected: ${improvement.last_detected_at}`,
+    ...improvement.related_incident_ids === void 0 || improvement.related_incident_ids.length === 0 ? [] : [`Related incidents: ${improvement.related_incident_ids.join(", ")}`],
+    ...improvement.resolved_at === null ? [] : [`Resolved at: ${improvement.resolved_at}`],
+    `Summary: ${improvement.summary}`
+  ].join("\n");
+}
+function formatObjectOutput2(payload) {
+  return JSON.stringify(payload, null, 2);
+}
+async function listImprovementsCommand(input, api) {
   try {
-    const requestInput = {
-      bearerToken: input.bearerToken
+    const response = await api.listImprovements(input);
+    return {
+      exitCode: 0,
+      output: input.json ? JSON.stringify(response) : `${formatImprovementTable(
+        response.improvements
+      )}${response.next_cursor === null ? "" : `
+next_cursor: ${response.next_cursor}`}`
+    };
+  } catch (error) {
+    return {
+      exitCode: mapErrorToExitCode6(error),
+      output: error instanceof Error ? error.message : String(error)
+    };
+  }
+}
+async function getImprovementCommand(input, api) {
+  try {
+    const improvement = await api.getImprovement(input);
+    return {
+      exitCode: 0,
+      output: input.json ? JSON.stringify(improvement) : formatImprovementDetail(improvement)
+    };
+  } catch (error) {
+    return {
+      exitCode: mapErrorToExitCode6(error),
+      output: error instanceof Error ? error.message : String(error)
+    };
+  }
+}
+async function resolveImprovementCommand(input, api) {
+  try {
+    const improvement = await api.resolveImprovement(input);
+    return {
+      exitCode: 0,
+      output: input.json ? JSON.stringify(improvement) : `Improvement resolved.
+${formatImprovementDetail(improvement)}`
+    };
+  } catch (error) {
+    return {
+      exitCode: mapErrorToExitCode6(error),
+      output: error instanceof Error ? error.message : String(error)
+    };
+  }
+}
+async function reopenImprovementCommand(input, api) {
+  try {
+    const improvement = await api.reopenImprovement(input);
+    return {
+      exitCode: 0,
+      output: input.json ? JSON.stringify(improvement) : `Improvement reopened.
+${formatImprovementDetail(improvement)}`
+    };
+  } catch (error) {
+    return {
+      exitCode: mapErrorToExitCode6(error),
+      output: error instanceof Error ? error.message : String(error)
+    };
+  }
+}
+async function snoozeImprovementCommand(input, api) {
+  try {
+    const improvement = await api.snoozeImprovement(input);
+    return {
+      exitCode: 0,
+      output: input.json ? JSON.stringify(improvement) : `Improvement snoozed.
+${formatImprovementDetail(improvement)}`
+    };
+  } catch (error) {
+    return {
+      exitCode: mapErrorToExitCode6(error),
+      output: error instanceof Error ? error.message : String(error)
+    };
+  }
+}
+async function getImprovementBundleCommand(input, api) {
+  try {
+    const bundle = await api.getImprovementBundle(input);
+    return {
+      exitCode: 0,
+      output: input.json ? JSON.stringify(bundle) : formatObjectOutput2(bundle)
+    };
+  } catch (error) {
+    return {
+      exitCode: mapErrorToExitCode6(error),
+      output: error instanceof Error ? error.message : String(error)
+    };
+  }
+}
+async function listImprovementsWithAuthCommand(input, dependencies) {
+  return runAuthenticatedCliCommand(input, {
+    createApi: createAuthenticatedRetrievalApi,
+    dependencies,
+    runCommand: (authState, api) => listImprovementsCommand(
+      {
+        bearerToken: authState.bearer_token,
+        ...input.projectId === void 0 ? {} : { projectId: input.projectId },
+        ...input.environment === void 0 ? {} : { environment: input.environment },
+        ...input.service === void 0 ? {} : { service: input.service },
+        ...input.status === void 0 ? {} : { status: input.status },
+        ...input.severity === void 0 ? {} : { severity: input.severity },
+        ...input.kind === void 0 ? {} : { kind: input.kind },
+        ...input.cursor === void 0 ? {} : { cursor: input.cursor },
+        ...input.limit === void 0 ? {} : { limit: input.limit },
+        ...input.json === void 0 ? {} : { json: input.json }
+      },
+      api
+    )
+  });
+}
+async function getImprovementWithAuthCommand(input, dependencies) {
+  return runAuthenticatedCliCommand(input, {
+    createApi: createAuthenticatedRetrievalApi,
+    dependencies,
+    runCommand: (authState, api) => getImprovementCommand(
+      {
+        bearerToken: authState.bearer_token,
+        improvementId: input.improvementId,
+        ...input.json === void 0 ? {} : { json: input.json }
+      },
+      api
+    )
+  });
+}
+async function resolveImprovementWithAuthCommand(input, dependencies) {
+  return runAuthenticatedCliCommand(input, {
+    createApi: createAuthenticatedRetrievalApi,
+    dependencies,
+    runCommand: (authState, api) => resolveImprovementCommand(
+      {
+        bearerToken: authState.bearer_token,
+        improvementId: input.improvementId,
+        ...input.json === void 0 ? {} : { json: input.json }
+      },
+      api
+    )
+  });
+}
+async function reopenImprovementWithAuthCommand(input, dependencies) {
+  return runAuthenticatedCliCommand(input, {
+    createApi: createAuthenticatedRetrievalApi,
+    dependencies,
+    runCommand: (authState, api) => reopenImprovementCommand(
+      {
+        bearerToken: authState.bearer_token,
+        improvementId: input.improvementId,
+        ...input.json === void 0 ? {} : { json: input.json }
+      },
+      api
+    )
+  });
+}
+async function snoozeImprovementWithAuthCommand(input, dependencies) {
+  return runAuthenticatedCliCommand(input, {
+    createApi: createAuthenticatedRetrievalApi,
+    dependencies,
+    runCommand: (authState, api) => snoozeImprovementCommand(
+      {
+        bearerToken: authState.bearer_token,
+        improvementId: input.improvementId,
+        snoozedUntil: input.snoozedUntil,
+        ...input.json === void 0 ? {} : { json: input.json }
+      },
+      api
+    )
+  });
+}
+async function getImprovementBundleWithAuthCommand(input, dependencies) {
+  return runAuthenticatedCliCommand(input, {
+    createApi: createAuthenticatedRetrievalApi,
+    dependencies,
+    runCommand: (authState, api) => getImprovementBundleCommand(
+      {
+        bearerToken: authState.bearer_token,
+        projectId: input.projectId,
+        improvementId: input.improvementId,
+        ...input.json === void 0 ? {} : { json: input.json }
+      },
+      api
+    )
+  });
+}
+
+// src/improvement-settings-commands.ts
+var ImprovementSettingsApiError = class extends Error {
+  status;
+  constructor(status, message) {
+    super(message);
+    this.name = "ImprovementSettingsApiError";
+    this.status = status;
+  }
+};
+function toApiError2(status, body, fallback) {
+  if (typeof body === "object" && body !== null && "error" in body && typeof body.error === "string") {
+    return new ImprovementSettingsApiError(status, body.error);
+  }
+  return new ImprovementSettingsApiError(status, fallback);
+}
+function createImprovementSettingsApi(httpClient) {
+  return {
+    async getImprovementSettings(input) {
+      const response = await httpClient.request({
+        method: "GET",
+        path: `/v1/projects/${encodeURIComponent(input.projectId)}/improvement-settings`,
+        bearerToken: input.bearerToken
+      });
+      if (response.status !== 200) {
+        throw toApiError2(response.status, response.body, "Failed to get improvement settings.");
+      }
+      const parsed = ImprovementSettingsResponseSchema.safeParse(response.body);
+      if (!parsed.success) {
+        throw new ImprovementSettingsApiError(500, "Invalid improvement settings response.");
+      }
+      return parsed.data;
+    },
+    async updateImprovementSettings(input) {
+      const response = await httpClient.request({
+        method: "PATCH",
+        path: `/v1/projects/${encodeURIComponent(input.projectId)}/improvement-settings`,
+        bearerToken: input.bearerToken,
+        body: input.update
+      });
+      if (response.status !== 200) {
+        throw toApiError2(response.status, response.body, "Failed to update improvement settings.");
+      }
+      const parsed = ImprovementSettingsResponseSchema.safeParse(response.body);
+      if (!parsed.success) {
+        throw new ImprovementSettingsApiError(500, "Invalid improvement settings response.");
+      }
+      return parsed.data;
+    }
+  };
+}
+function mapErrorToExitCode7(error) {
+  if (!(error instanceof ImprovementSettingsApiError)) {
+    return 1;
+  }
+  if (error.status === 401) {
+    return 2;
+  }
+  if (error.status === 404) {
+    return 3;
+  }
+  if (error.status === 400) {
+    return 4;
+  }
+  return 1;
+}
+function formatSettings(response) {
+  return [
+    `access_mode: ${response.access_mode}`,
+    `cloud_automation_available: ${response.cloud_automation_available}`,
+    `automated_improvement_bundles_enabled: ${response.settings.automated_improvement_bundles_enabled}`,
+    `improvement_bundle_sensitivity: ${response.settings.improvement_bundle_sensitivity}`
+  ].join("\n");
+}
+async function getImprovementSettingsCommand(input, api) {
+  try {
+    const response = await api.getImprovementSettings({
+      bearerToken: input.bearerToken,
+      projectId: input.projectId
+    });
+    return {
+      exitCode: 0,
+      output: input.json ? JSON.stringify(response) : formatSettings(response)
+    };
+  } catch (error) {
+    return {
+      exitCode: mapErrorToExitCode7(error),
+      output: error instanceof Error ? error.message : String(error)
+    };
+  }
+}
+async function setImprovementSettingsCommand(input, api) {
+  try {
+    const parsedUpdate = ImprovementSettingsUpdateSchema.safeParse(input.update);
+    if (!parsedUpdate.success) {
+      return {
+        exitCode: 4,
+        output: "Invalid improvement settings update."
+      };
+    }
+    const response = await api.updateImprovementSettings({
+      bearerToken: input.bearerToken,
+      projectId: input.projectId,
+      update: parsedUpdate.data
+    });
+    return {
+      exitCode: 0,
+      output: input.json ? JSON.stringify(response) : `Improvement settings updated.
+${formatSettings(response)}`
+    };
+  } catch (error) {
+    return {
+      exitCode: mapErrorToExitCode7(error),
+      output: error instanceof Error ? error.message : String(error)
+    };
+  }
+}
+async function createAuthenticatedImprovementSettingsApi(input, dependencies) {
+  const readAuthState = dependencies?.readAuthState ?? readCliAuthState;
+  const authStateInput = {};
+  if (input.authFilePath !== void 0) {
+    authStateInput.authFilePath = input.authFilePath;
+  }
+  const authState = await readAuthState(authStateInput);
+  const createHttpClient = dependencies?.createHttpClient ?? ((clientInput) => {
+    const httpClientDependencies = {};
+    if (dependencies?.fetchImpl !== void 0) {
+      httpClientDependencies.fetchImpl = dependencies.fetchImpl;
+    }
+    return createCliHttpClient(clientInput, httpClientDependencies);
+  });
+  const httpClient = createHttpClient({ baseUrl: authState.base_url });
+  const createApi = dependencies?.createApi ?? createImprovementSettingsApi;
+  return {
+    authState,
+    api: createApi(httpClient)
+  };
+}
+async function getImprovementSettingsWithAuthCommand(input, dependencies) {
+  return runAuthenticatedCliCommand(input, {
+    createApi: createAuthenticatedImprovementSettingsApi,
+    dependencies,
+    runCommand: (authState, api) => {
+      const commandInput = {
+        bearerToken: authState.bearer_token,
+        projectId: input.projectId
+      };
+      if (input.json !== void 0) {
+        commandInput.json = input.json;
+      }
+      return getImprovementSettingsCommand(commandInput, api);
+    }
+  });
+}
+async function setImprovementSettingsWithAuthCommand(input, dependencies) {
+  return runAuthenticatedCliCommand(input, {
+    createApi: createAuthenticatedImprovementSettingsApi,
+    dependencies,
+    runCommand: (authState, api) => {
+      const commandInput = {
+        bearerToken: authState.bearer_token,
+        projectId: input.projectId,
+        update: input.update
+      };
+      if (input.json !== void 0) {
+        commandInput.json = input.json;
+      }
+      return setImprovementSettingsCommand(commandInput, api);
+    }
+  });
+}
+
+// src/project-commands.ts
+function mapErrorToExitCode8(error) {
+  if (!(error instanceof ProjectManagementApiError)) {
+    return 1;
+  }
+  if (error.status === 401) {
+    return 2;
+  }
+  if (error.status === 404) {
+    return 3;
+  }
+  if (error.status === 400) {
+    return 4;
+  }
+  if (error.status === 409) {
+    return 5;
+  }
+  return 1;
+}
+function formatProject(project) {
+  return `${project.project_id} ${project.name} (${project.slug})`;
+}
+async function listProjectsCommand(input, api) {
+  try {
+    const requestInput = {
+      bearerToken: input.bearerToken
     };
     if (input.limit !== void 0) {
       requestInput.limit = input.limit;
@@ -26282,7 +27284,7 @@ async function listProjectsCommand(input, api) {
       output: input.json ? JSON.stringify({ projects }) : projects.length === 0 ? "No projects found." : projects.map(formatProject).join("\n")
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode6(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode8(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function createProjectCommand(input, api) {
@@ -26301,7 +27303,7 @@ async function createProjectCommand(input, api) {
       output: input.json ? JSON.stringify({ project }) : `Project created: ${formatProject(project)}`
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode6(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode8(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function updateProjectCommand(input, api) {
@@ -26325,7 +27327,7 @@ async function updateProjectCommand(input, api) {
       output: input.json ? JSON.stringify({ project }) : `Project updated: ${formatProject(project)}`
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode6(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode8(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function deleteProjectCommand(input, api) {
@@ -26339,7 +27341,7 @@ async function deleteProjectCommand(input, api) {
       output: input.json ? JSON.stringify({ project }) : `Project deleted: ${project.project_id} (${project.name})`
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode6(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode8(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function listProjectsWithAuthCommand(input, dependencies) {
@@ -26431,7 +27433,7 @@ async function deleteProjectWithAuthCommand(input, dependencies) {
 }
 
 // src/token-commands.ts
-function mapErrorToExitCode7(error) {
+function mapErrorToExitCode9(error) {
   if (!(error instanceof TokenManagementApiError)) {
     return 1;
   }
@@ -26452,6 +27454,20 @@ function formatTokenTable(tokens) {
   }
   return tokens.map((token) => `${token.token_id} | ${token.label} | ${token.revoked_at === null ? "active" : "revoked"}`).join("\n");
 }
+function formatAllowedOrigins(allowedOrigins) {
+  if (allowedOrigins === void 0 || allowedOrigins.length === 0) {
+    return "none";
+  }
+  return allowedOrigins.join(", ");
+}
+function formatProjectTokenTable(tokens) {
+  if (tokens.length === 0) {
+    return "No tokens found.";
+  }
+  return tokens.map(
+    (token) => `${token.token_id} | ${token.label} | ${token.revoked_at === null ? "active" : "revoked"} | origins: ${formatAllowedOrigins(token.allowed_origins)}`
+  ).join("\n");
+}
 async function listProjectTokensCommand(input, api) {
   try {
     const requestInput = {
@@ -26467,10 +27483,10 @@ async function listProjectTokensCommand(input, api) {
     }
     return {
       exitCode: 0,
-      output: formatTokenTable(tokens)
+      output: formatProjectTokenTable(tokens)
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode7(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode9(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function listProjectTokensWithAuthCommand(input, dependencies) {
@@ -26496,21 +27512,26 @@ async function listProjectTokensWithAuthCommand(input, dependencies) {
 }
 async function createProjectTokenCommand(input, api) {
   try {
-    const token = await api.createProjectToken({
+    const requestInput = {
       bearerToken: input.bearerToken,
       projectId: input.projectId,
       label: input.label
-    });
+    };
+    if (input.allowedOrigins !== void 0) {
+      requestInput.allowedOrigins = input.allowedOrigins;
+    }
+    const token = await api.createProjectToken(requestInput);
     if (input.json) {
       return { exitCode: 0, output: JSON.stringify({ token }) };
     }
     return {
       exitCode: 0,
       output: `Project token created: ${token.token_id}
+Allowed origins: ${formatAllowedOrigins(token.allowed_origins)}
 Plaintext: ${token.plaintext ?? "<none>"}`
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode7(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode9(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function createProjectTokenWithAuthCommand(input, dependencies) {
@@ -26523,6 +27544,9 @@ async function createProjectTokenWithAuthCommand(input, dependencies) {
         projectId: input.projectId,
         label: input.label
       };
+      if (input.allowedOrigins !== void 0) {
+        commandInput.allowedOrigins = input.allowedOrigins;
+      }
       if (input.json !== void 0) {
         commandInput.json = input.json;
       }
@@ -26547,7 +27571,7 @@ async function revokeProjectTokenCommand(input, api) {
       output: `Project token revoked: ${token.token_id}`
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode7(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode9(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function revokeProjectTokenWithAuthCommand(input, dependencies) {
@@ -26586,7 +27610,7 @@ async function listMemberTokensCommand(input, api) {
       output: formatTokenTable(tokens)
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode7(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode9(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function listMemberTokensWithAuthCommand(input, dependencies) {
@@ -26624,7 +27648,7 @@ async function createMemberTokenCommand(input, api) {
 Plaintext: ${token.plaintext ?? "<none>"}`
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode7(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode9(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function createMemberTokenWithAuthCommand(input, dependencies) {
@@ -26659,7 +27683,7 @@ async function revokeMemberTokenCommand(input, api) {
       output: `Member token revoked: ${token.token_id}`
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode7(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode9(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function revokeMemberTokenWithAuthCommand(input, dependencies) {
@@ -26682,7 +27706,7 @@ async function revokeMemberTokenWithAuthCommand(input, dependencies) {
 }
 
 // src/webhook-commands.ts
-function mapErrorToExitCode8(error) {
+function mapErrorToExitCode10(error) {
   if (!(error instanceof WebhookApiError)) {
     return 1;
   }
@@ -26727,7 +27751,7 @@ async function listWebhooksCommand(input, api) {
       output: input.json ? JSON.stringify({ webhooks }) : formatWebhookTable(webhooks)
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode8(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode10(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function listWebhooksWithAuthCommand(input, dependencies) {
@@ -26775,7 +27799,7 @@ async function createWebhookCommand(input, api) {
 Signing secret: ${webhook.signing_secret}`
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode8(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode10(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function createWebhookWithAuthCommand(input, dependencies) {
@@ -26808,6 +27832,7 @@ async function updateWebhookCommand(input, api) {
   try {
     const requestInput = {
       bearerToken: input.bearerToken,
+      projectId: input.projectId,
       webhookId: input.webhookId
     };
     if (input.url !== void 0) {
@@ -26828,7 +27853,7 @@ async function updateWebhookCommand(input, api) {
       output: input.json ? JSON.stringify({ webhook }) : `Webhook updated: ${webhook.webhook_id}`
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode8(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode10(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function updateWebhookWithAuthCommand(input, dependencies) {
@@ -26838,6 +27863,7 @@ async function updateWebhookWithAuthCommand(input, dependencies) {
     runCommand: (authState, api) => {
       const commandInput = {
         bearerToken: authState.bearer_token,
+        projectId: input.projectId,
         webhookId: input.webhookId
       };
       if (input.url !== void 0) {
@@ -26865,6 +27891,7 @@ async function deleteWebhookCommand(input, api) {
   try {
     const webhook = await api.deleteWebhook({
       bearerToken: input.bearerToken,
+      projectId: input.projectId,
       webhookId: input.webhookId
     });
     return {
@@ -26872,7 +27899,7 @@ async function deleteWebhookCommand(input, api) {
       output: input.json ? JSON.stringify({ webhook }) : `Webhook deleted: ${webhook.webhook_id}`
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode8(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode10(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function deleteWebhookWithAuthCommand(input, dependencies) {
@@ -26882,6 +27909,7 @@ async function deleteWebhookWithAuthCommand(input, dependencies) {
     runCommand: (authState, api) => {
       const commandInput = {
         bearerToken: authState.bearer_token,
+        projectId: input.projectId,
         webhookId: input.webhookId
       };
       if (input.json !== void 0) {
@@ -26897,6 +27925,7 @@ async function testWebhookCommand(input, api) {
   try {
     const requestInput = {
       bearerToken: input.bearerToken,
+      projectId: input.projectId,
       webhookId: input.webhookId
     };
     if (input.eventType !== void 0) {
@@ -26908,7 +27937,7 @@ async function testWebhookCommand(input, api) {
       output: input.json ? JSON.stringify({ delivery }) : `Webhook test queued: ${delivery.delivery_id} | ${delivery.event_type} | attempts=${delivery.attempt_count}`
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode8(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode10(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function testWebhookWithAuthCommand(input, dependencies) {
@@ -26918,6 +27947,7 @@ async function testWebhookWithAuthCommand(input, dependencies) {
     runCommand: (authState, api) => {
       const commandInput = {
         bearerToken: authState.bearer_token,
+        projectId: input.projectId,
         webhookId: input.webhookId
       };
       if (input.eventType !== void 0) {
@@ -26936,6 +27966,7 @@ async function listWebhookDeliveriesCommand(input, api) {
   try {
     const requestInput = {
       bearerToken: input.bearerToken,
+      projectId: input.projectId,
       webhookId: input.webhookId
     };
     if (input.limit !== void 0) {
@@ -26947,7 +27978,7 @@ async function listWebhookDeliveriesCommand(input, api) {
       output: input.json ? JSON.stringify({ deliveries }) : formatWebhookDeliveriesTable(deliveries)
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode8(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode10(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function listWebhookDeliveriesWithAuthCommand(input, dependencies) {
@@ -26957,6 +27988,7 @@ async function listWebhookDeliveriesWithAuthCommand(input, dependencies) {
     runCommand: (authState, api) => {
       const commandInput = {
         bearerToken: authState.bearer_token,
+        projectId: input.projectId,
         webhookId: input.webhookId
       };
       if (input.limit !== void 0) {
@@ -26975,6 +28007,7 @@ async function retryWebhookDeliveryCommand(input, api) {
   try {
     const result = await api.retryWebhookDelivery({
       bearerToken: input.bearerToken,
+      projectId: input.projectId,
       webhookId: input.webhookId,
       deliveryId: input.deliveryId
     });
@@ -26983,7 +28016,7 @@ async function retryWebhookDeliveryCommand(input, api) {
       output: input.json ? JSON.stringify(result) : `Delivery retried: ${result.delivery_id} | ${result.event_type}`
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode8(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode10(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function retryWebhookDeliveryWithAuthCommand(input, dependencies) {
@@ -26993,6 +28026,7 @@ async function retryWebhookDeliveryWithAuthCommand(input, dependencies) {
     runCommand: (authState, api) => {
       const commandInput = {
         bearerToken: authState.bearer_token,
+        projectId: input.projectId,
         webhookId: input.webhookId,
         deliveryId: input.deliveryId
       };
@@ -27007,7 +28041,7 @@ async function retryWebhookDeliveryWithAuthCommand(input, dependencies) {
 }
 
 // src/weekly-report-commands.ts
-function mapErrorToExitCode9(error) {
+function mapErrorToExitCode11(error) {
   if (!(error instanceof WeeklyReportApiError)) {
     return 1;
   }
@@ -27042,7 +28076,7 @@ async function listWeeklyReportChannelsCommand(input, api) {
       output: input.json ? JSON.stringify({ channels }) : formatWeeklyReportChannelTable(channels)
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode9(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode11(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function listWeeklyReportChannelsWithAuthCommand(input, dependencies) {
@@ -27075,7 +28109,7 @@ async function createWeeklyReportChannelCommand(input, api) {
       output: input.json ? JSON.stringify({ channel }) : `Weekly report channel created: ${channel.channel_id}`
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode9(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode11(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function createWeeklyReportChannelWithAuthCommand(input, dependencies) {
@@ -27110,7 +28144,7 @@ async function updateWeeklyReportChannelCommand(input, api) {
       output: input.json ? JSON.stringify({ channel }) : `Weekly report channel updated: ${channel.channel_id}`
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode9(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode11(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function updateWeeklyReportChannelWithAuthCommand(input, dependencies) {
@@ -27141,7 +28175,7 @@ async function deleteWeeklyReportChannelCommand(input, api) {
       output: input.json ? JSON.stringify({ channel: deleted }) : `Weekly report channel deleted: ${deleted.channel_id}`
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode9(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode11(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function deleteWeeklyReportChannelWithAuthCommand(input, dependencies) {
@@ -27160,7 +28194,7 @@ async function deleteWeeklyReportChannelWithAuthCommand(input, dependencies) {
 }
 
 // src/slack-commands.ts
-function mapErrorToExitCode10(error) {
+function mapErrorToExitCode12(error) {
   if (!(error instanceof SlackApiError)) {
     return 1;
   }
@@ -27196,7 +28230,7 @@ async function listSlackDestinationsCommand(input, api) {
       output: input.json ? JSON.stringify({ destinations }) : formatSlackDestinationTable(destinations)
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode10(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode12(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function listSlackDestinationsWithAuthCommand(input, dependencies) {
@@ -27225,7 +28259,7 @@ async function getSlackConnectUrlCommand(input, api) {
       output: input.json ? JSON.stringify({ install_url: installUrl }) : installUrl
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode10(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode12(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function getSlackConnectUrlWithAuthCommand(input, dependencies) {
@@ -27255,7 +28289,7 @@ async function testSlackDestinationCommand(input, api) {
       output: input.json ? JSON.stringify({ delivery }) : `Slack test message delivered for destination: ${input.destinationId}`
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode10(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode12(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function testSlackDestinationWithAuthCommand(input, dependencies) {
@@ -27285,7 +28319,7 @@ async function deleteSlackDestinationCommand(input, api) {
       output: input.json ? JSON.stringify({ destination: deleted }) : `Slack destination deleted: ${deleted.slack_destination_id}`
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode10(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode12(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function deleteSlackDestinationWithAuthCommand(input, dependencies) {
@@ -27305,7 +28339,7 @@ async function deleteSlackDestinationWithAuthCommand(input, dependencies) {
 }
 
 // src/billing-commands.ts
-function mapErrorToExitCode11(error) {
+function mapErrorToExitCode13(error) {
   if (!(error instanceof BillingApiError)) {
     return 1;
   }
@@ -27336,7 +28370,8 @@ function formatBillingSummary(billing) {
     formatMetric("Raw ingested events", billing.allowances.monthly_raw_ingested_events),
     formatMetric("Retained bundles", billing.allowances.retained_bundle_cap),
     formatMetric("Remote activations", billing.allowances.monthly_remote_activations),
-    formatMetric("Alert deliveries", billing.allowances.monthly_alert_deliveries)
+    formatMetric("Alert deliveries", billing.allowances.monthly_alert_deliveries),
+    formatMetric("Webhook deliveries", billing.allowances.monthly_webhook_deliveries)
   ];
   if (billing.capacity_units.pending_reduction !== null) {
     lines.push(
@@ -27353,7 +28388,7 @@ async function getBillingSummaryCommand(input, api) {
       output: input.json ? JSON.stringify({ billing }) : formatBillingSummary(billing)
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode11(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode13(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function increaseBillingCapacityCommand(input, api) {
@@ -27368,7 +28403,7 @@ async function increaseBillingCapacityCommand(input, api) {
 ${formatBillingSummary(billing)}`
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode11(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode13(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function scheduleBillingCapacityReductionCommand(input, api) {
@@ -27383,7 +28418,7 @@ async function scheduleBillingCapacityReductionCommand(input, api) {
 ${formatBillingSummary(billing)}`
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode11(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode13(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function cancelBillingCapacityReductionCommand(input, api) {
@@ -27395,7 +28430,7 @@ async function cancelBillingCapacityReductionCommand(input, api) {
 ${formatBillingSummary(billing)}`
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode11(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode13(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function getBillingSummaryWithAuthCommand(input, dependencies) {
@@ -27466,7 +28501,7 @@ var MemberApiError = class extends Error {
     this.code = code;
   }
 };
-function toApiError2(status, body) {
+function toApiError3(status, body) {
   if (typeof body === "object" && body !== null && "error" in body && typeof body.error === "string") {
     return new MemberApiError(status, body.error);
   }
@@ -27481,7 +28516,7 @@ function createMemberApi(httpClient) {
         bearerToken: input.bearerToken
       });
       if (response.status !== 200) {
-        throw toApiError2(response.status, response.body);
+        throw toApiError3(response.status, response.body);
       }
       return response.body;
     },
@@ -27492,7 +28527,7 @@ function createMemberApi(httpClient) {
         bearerToken: input.bearerToken
       });
       if (response.status !== 200) {
-        throw toApiError2(response.status, response.body);
+        throw toApiError3(response.status, response.body);
       }
       return response.body;
     },
@@ -27504,7 +28539,7 @@ function createMemberApi(httpClient) {
         body: { email: input.email, role: input.role }
       });
       if (response.status !== 201) {
-        throw toApiError2(response.status, response.body);
+        throw toApiError3(response.status, response.body);
       }
       return response.body;
     },
@@ -27515,7 +28550,7 @@ function createMemberApi(httpClient) {
         bearerToken: input.bearerToken
       });
       if (response.status !== 200) {
-        throw toApiError2(response.status, response.body);
+        throw toApiError3(response.status, response.body);
       }
       return response.body;
     },
@@ -27527,7 +28562,7 @@ function createMemberApi(httpClient) {
         body: { role: input.role }
       });
       if (response.status !== 200) {
-        throw toApiError2(response.status, response.body);
+        throw toApiError3(response.status, response.body);
       }
       return response.body;
     },
@@ -27538,7 +28573,7 @@ function createMemberApi(httpClient) {
         bearerToken: input.bearerToken
       });
       if (response.status !== 200) {
-        throw toApiError2(response.status, response.body);
+        throw toApiError3(response.status, response.body);
       }
       return response.body;
     }
@@ -27556,7 +28591,7 @@ function formatInvitesTable(invites) {
   }
   return invites.map((i) => `${i.invite_id} | ${i.email} | ${i.role} | expires=${i.expires_at}`).join("\n");
 }
-function mapErrorToExitCode12(error) {
+function mapErrorToExitCode14(error) {
   if (!(error instanceof MemberApiError)) {
     return 1;
   }
@@ -27583,7 +28618,7 @@ async function listMembersCommand(input, api) {
     };
   } catch (error) {
     return {
-      exitCode: mapErrorToExitCode12(error),
+      exitCode: mapErrorToExitCode14(error),
       output: error instanceof MemberApiError ? error.code : String(error)
     };
   }
@@ -27597,7 +28632,7 @@ async function listInvitesCommand(input, api) {
     };
   } catch (error) {
     return {
-      exitCode: mapErrorToExitCode12(error),
+      exitCode: mapErrorToExitCode14(error),
       output: error instanceof MemberApiError ? error.code : String(error)
     };
   }
@@ -27616,7 +28651,7 @@ async function inviteMemberCommand(input, api) {
     };
   } catch (error) {
     return {
-      exitCode: mapErrorToExitCode12(error),
+      exitCode: mapErrorToExitCode14(error),
       output: error instanceof MemberApiError ? error.code : String(error)
     };
   }
@@ -27630,7 +28665,7 @@ async function cancelInviteCommand(input, api) {
     };
   } catch (error) {
     return {
-      exitCode: mapErrorToExitCode12(error),
+      exitCode: mapErrorToExitCode14(error),
       output: error instanceof MemberApiError ? error.code : String(error)
     };
   }
@@ -27649,7 +28684,7 @@ async function updateMemberRoleCommand(input, api) {
     };
   } catch (error) {
     return {
-      exitCode: mapErrorToExitCode12(error),
+      exitCode: mapErrorToExitCode14(error),
       output: error instanceof MemberApiError ? error.code : String(error)
     };
   }
@@ -27663,7 +28698,7 @@ async function removeMemberCommand(input, api) {
     };
   } catch (error) {
     return {
-      exitCode: mapErrorToExitCode12(error),
+      exitCode: mapErrorToExitCode14(error),
       output: error instanceof MemberApiError ? error.code : String(error)
     };
   }
@@ -27774,7 +28809,7 @@ var ProbeApiError = class extends Error {
     this.code = code;
   }
 };
-function toApiError3(status, body) {
+function toApiError4(status, body) {
   if (typeof body === "object" && body !== null && "error" in body && typeof body.error === "string") {
     return new ProbeApiError(status, body.error);
   }
@@ -27805,7 +28840,7 @@ function createProbeApi(httpClient) {
         body
       });
       if (response.status !== 201) {
-        throw toApiError3(response.status, response.body);
+        throw toApiError4(response.status, response.body);
       }
       return response.body;
     },
@@ -27816,7 +28851,7 @@ function createProbeApi(httpClient) {
         bearerToken: input.bearerToken
       });
       if (response.status !== 200) {
-        throw toApiError3(response.status, response.body);
+        throw toApiError4(response.status, response.body);
       }
       return response.body;
     },
@@ -27828,13 +28863,13 @@ function createProbeApi(httpClient) {
         body: { activation_id: input.activationId }
       });
       if (response.status !== 200) {
-        throw toApiError3(response.status, response.body);
+        throw toApiError4(response.status, response.body);
       }
       return response.body;
     }
   };
 }
-function mapErrorToExitCode13(error) {
+function mapErrorToExitCode15(error) {
   if (!(error instanceof ProbeApiError)) {
     return 1;
   }
@@ -27887,7 +28922,7 @@ async function activateProbeCommand(input, api) {
 Trigger token: ${result.trigger_token}`
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode13(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode15(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function listActiveProbesCommand(input, api) {
@@ -27907,7 +28942,7 @@ async function listActiveProbesCommand(input, api) {
       output: result.activations.map((a) => `${a.activation_id} ${a.label_pattern} (${a.service}/${a.environment}) expires ${a.expires_at}`).join("\n")
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode13(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode15(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function deactivateProbeCommand(input, api) {
@@ -27925,7 +28960,7 @@ async function deactivateProbeCommand(input, api) {
       output: result.deactivated ? "Probe deactivated." : "Probe was already inactive."
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode13(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode15(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function createAuthenticatedProbeApi(input, dependencies) {
@@ -27975,7 +29010,7 @@ async function deactivateProbeWithAuthCommand(input, dependencies) {
 }
 
 // src/github-commands.ts
-function mapErrorToExitCode14(error) {
+function mapErrorToExitCode16(error) {
   if (!(error instanceof GitHubManagementApiError)) {
     return 1;
   }
@@ -28017,12 +29052,15 @@ function formatGitHubDeliveryTable(deliveries) {
     return "No GitHub deliveries found.";
   }
   return deliveries.map(
-    (delivery) => `${delivery.rule_name} | ${delivery.status} | ${delivery.incident_title} | attempts: ${delivery.attempt_count}`
+    (delivery) => `${delivery.rule_name} | ${delivery.status} | ${delivery.target_title} | attempts: ${delivery.attempt_count}`
   ).join("\n");
 }
 async function getGitHubStatusCommand(input, api) {
   try {
-    const installation = await api.getInstallation({ bearerToken: input.bearerToken });
+    const installation = await api.getInstallation({
+      bearerToken: input.bearerToken,
+      ...input.projectId === void 0 ? {} : { projectId: input.projectId }
+    });
     const repo = input.projectId === void 0 || api.getProjectRepo === void 0 ? null : await api.getProjectRepo({ bearerToken: input.bearerToken, projectId: input.projectId });
     if (input.json) {
       return {
@@ -28036,18 +29074,21 @@ async function getGitHubStatusCommand(input, api) {
 ${formatProjectRepo(repo)}`
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode14(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode16(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function listGitHubRepositoriesCommand(input, api) {
   try {
-    const repositories = await api.listRepositories({ bearerToken: input.bearerToken });
+    const repositories = await api.listRepositories({
+      bearerToken: input.bearerToken,
+      ...input.projectId === void 0 ? {} : { projectId: input.projectId }
+    });
     return {
       exitCode: 0,
       output: input.json ? JSON.stringify({ repositories }) : repositories.length === 0 ? "No GitHub repositories found." : repositories.map((repository) => `${repository.full_name} (${repository.default_branch})`).join("\n")
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode14(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode16(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function setProjectGitHubRepoCommand(input, api) {
@@ -28070,7 +29111,7 @@ async function setProjectGitHubRepoCommand(input, api) {
       output: input.json ? JSON.stringify({ repo: assignedRepo }) : `Project repo set: ${formatProjectRepo(assignedRepo)}`
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode14(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode16(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function removeProjectGitHubRepoCommand(input, api) {
@@ -28081,7 +29122,7 @@ async function removeProjectGitHubRepoCommand(input, api) {
       output: input.json ? JSON.stringify({ removed: true, project_id: input.projectId }) : `Project repo removed: ${input.projectId}`
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode14(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode16(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function listProjectGitHubRulesCommand(input, api) {
@@ -28095,7 +29136,7 @@ async function listProjectGitHubRulesCommand(input, api) {
       output: input.json ? JSON.stringify({ rules }) : formatGitHubRuleTable(rules)
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode14(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode16(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function listProjectGitHubDeliveriesCommand(input, api) {
@@ -28111,7 +29152,7 @@ async function listProjectGitHubDeliveriesCommand(input, api) {
       output: input.json ? JSON.stringify({ deliveries }) : formatGitHubDeliveryTable(deliveries)
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode14(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode16(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function retryProjectGitHubDeliveryCommand(input, api) {
@@ -28126,7 +29167,7 @@ async function retryProjectGitHubDeliveryCommand(input, api) {
       output: input.json ? JSON.stringify({ delivery }) : `GitHub delivery retried: ${delivery.delivery_id} | ${delivery.status}`
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode14(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode16(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function createProjectGitHubRuleCommand(input, api) {
@@ -28149,7 +29190,7 @@ async function createProjectGitHubRuleCommand(input, api) {
       output: input.json ? JSON.stringify({ rule }) : `GitHub rule created: ${rule.rule_id}`
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode14(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode16(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function updateProjectGitHubRuleCommand(input, api) {
@@ -28173,7 +29214,7 @@ async function updateProjectGitHubRuleCommand(input, api) {
       output: input.json ? JSON.stringify({ rule }) : `GitHub rule updated: ${rule.rule_id}`
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode14(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode16(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function deleteProjectGitHubRuleCommand(input, api) {
@@ -28188,7 +29229,7 @@ async function deleteProjectGitHubRuleCommand(input, api) {
       output: input.json ? JSON.stringify({ deleted: true, project_id: input.projectId, rule_id: input.ruleId }) : `GitHub rule deleted: ${input.ruleId}`
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode14(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode16(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function getGitHubStatusWithAuthCommand(input, dependencies) {
@@ -28373,11 +29414,14 @@ async function handleGithubCommand(parsedArgv, dependencies) {
     return await (dependencies.getGitHubStatusCommand ?? getGitHubStatusWithAuthCommand)(input);
   }
   if (action === "repos") {
-    expectNoUnknownOptions(parsedArgv, ["auth-file", "json"]);
+    expectNoUnknownOptions(parsedArgv, ["auth-file", "json", "project-id"]);
     ensureNoExtraPositionals(parsedArgv, 2);
-    return await (dependencies.listGitHubRepositoriesCommand ?? listGitHubRepositoriesWithAuthCommand)(
-      appendCommonAuthOptions(parsedArgv, {})
-    );
+    const input = appendCommonAuthOptions(parsedArgv, {});
+    const projectId = readStringOption(parsedArgv, "project-id");
+    if (projectId !== void 0) {
+      input.projectId = projectId;
+    }
+    return await (dependencies.listGitHubRepositoriesCommand ?? listGitHubRepositoriesWithAuthCommand)(input);
   }
   if (action !== "repo") {
     if (action === "deliveries") {
@@ -28537,6 +29581,133 @@ async function handleGithubCommand(parsedArgv, dependencies) {
   }
   throw new CliInputError("Unknown github repo command.");
 }
+async function handleImprovementsCommand(parsedArgv, dependencies) {
+  const action = requirePositional(parsedArgv, 1, "action");
+  if (action === "list") {
+    expectNoUnknownOptions(parsedArgv, ["project-id", "environment", "service", "status", "severity", "kind", "cursor", "limit", "auth-file", "json"]);
+    ensureNoExtraPositionals(parsedArgv, 2);
+    const input = appendCommonAuthOptions(parsedArgv, {});
+    const projectId = readStringOption(parsedArgv, "project-id");
+    if (projectId !== void 0) input.projectId = projectId;
+    const environment = readStringOption(parsedArgv, "environment");
+    if (environment !== void 0) input.environment = environment;
+    const service = readStringOption(parsedArgv, "service");
+    if (service !== void 0) input.service = service;
+    const status = readStringOption(parsedArgv, "status");
+    if (status !== void 0) input.status = status;
+    const severity = readStringOption(parsedArgv, "severity");
+    if (severity !== void 0) input.severity = severity;
+    const kind = readStringOption(parsedArgv, "kind");
+    if (kind !== void 0) input.kind = kind;
+    const cursor = readStringOption(parsedArgv, "cursor");
+    if (cursor !== void 0) input.cursor = cursor;
+    const limit = readLimitOption(parsedArgv);
+    if (limit !== void 0) input.limit = limit;
+    return await (dependencies.listImprovementsCommand ?? listImprovementsWithAuthCommand)(input);
+  }
+  if (action === "get") {
+    expectNoUnknownOptions(parsedArgv, ["auth-file", "json"]);
+    ensureNoExtraPositionals(parsedArgv, 3);
+    return await (dependencies.getImprovementCommand ?? getImprovementWithAuthCommand)(
+      appendCommonAuthOptions(parsedArgv, {
+        improvementId: requirePositional(parsedArgv, 2, "improvement-id")
+      })
+    );
+  }
+  if (action === "bundle") {
+    expectNoUnknownOptions(parsedArgv, ["project-id", "auth-file", "json"]);
+    ensureNoExtraPositionals(parsedArgv, 3);
+    const projectId = readStringOption(parsedArgv, "project-id");
+    if (projectId === void 0) {
+      throw new CliInputError("Missing required option --project-id.");
+    }
+    return await (dependencies.getImprovementBundleCommand ?? getImprovementBundleWithAuthCommand)(
+      appendCommonAuthOptions(parsedArgv, {
+        projectId,
+        improvementId: requirePositional(parsedArgv, 2, "improvement-id")
+      })
+    );
+  }
+  if (action === "resolve") {
+    expectNoUnknownOptions(parsedArgv, ["auth-file", "json"]);
+    ensureNoExtraPositionals(parsedArgv, 3);
+    return await (dependencies.resolveImprovementCommand ?? resolveImprovementWithAuthCommand)(
+      appendCommonAuthOptions(parsedArgv, {
+        improvementId: requirePositional(parsedArgv, 2, "improvement-id")
+      })
+    );
+  }
+  if (action === "reopen") {
+    expectNoUnknownOptions(parsedArgv, ["auth-file", "json"]);
+    ensureNoExtraPositionals(parsedArgv, 3);
+    return await (dependencies.reopenImprovementCommand ?? reopenImprovementWithAuthCommand)(
+      appendCommonAuthOptions(parsedArgv, {
+        improvementId: requirePositional(parsedArgv, 2, "improvement-id")
+      })
+    );
+  }
+  if (action === "snooze") {
+    expectNoUnknownOptions(parsedArgv, ["until", "auth-file", "json"]);
+    ensureNoExtraPositionals(parsedArgv, 3);
+    const snoozedUntil = readStringOption(parsedArgv, "until");
+    if (snoozedUntil === void 0) {
+      throw new CliInputError("Missing required option --until.");
+    }
+    return await (dependencies.snoozeImprovementCommand ?? snoozeImprovementWithAuthCommand)(
+      appendCommonAuthOptions(parsedArgv, {
+        improvementId: requirePositional(parsedArgv, 2, "improvement-id"),
+        snoozedUntil
+      })
+    );
+  }
+  if (action !== "settings") {
+    throw new CliInputError("Unknown improvements command.");
+  }
+  const settingsAction = requirePositional(parsedArgv, 2, "settings action");
+  if (settingsAction === "get") {
+    expectNoUnknownOptions(parsedArgv, ["project", "auth-file", "json"]);
+    ensureNoExtraPositionals(parsedArgv, 3);
+    const projectId = readStringOption(parsedArgv, "project");
+    if (projectId === void 0) {
+      throw new CliInputError("Missing required option --project.");
+    }
+    return await (dependencies.getImprovementSettingsCommand ?? getImprovementSettingsWithAuthCommand)(
+      appendCommonAuthOptions(parsedArgv, {
+        projectId
+      })
+    );
+  }
+  if (settingsAction === "set") {
+    expectNoUnknownOptions(parsedArgv, ["project", "enabled", "sensitivity", "auth-file", "json"]);
+    ensureNoExtraPositionals(parsedArgv, 3);
+    const projectId = readStringOption(parsedArgv, "project");
+    if (projectId === void 0) {
+      throw new CliInputError("Missing required option --project.");
+    }
+    const update = {};
+    const enabled = readBooleanStringOption(parsedArgv, "enabled");
+    if (enabled !== void 0) {
+      update.automated_improvement_bundles_enabled = enabled;
+    }
+    const sensitivity = readStringOption(parsedArgv, "sensitivity");
+    if (sensitivity !== void 0) {
+      if (sensitivity !== "high_confidence" && sensitivity !== "balanced" && sensitivity !== "verbose") {
+        throw new CliInputError("Invalid value for --sensitivity.");
+      }
+      update.improvement_bundle_sensitivity = sensitivity;
+    }
+    if (Object.keys(update).length === 0) {
+      throw new CliInputError("At least one improvement settings field must be provided.");
+    }
+    return await (dependencies.setImprovementSettingsCommand ?? setImprovementSettingsWithAuthCommand)(
+      appendCommonAuthOptions(parsedArgv, {
+        projectId,
+        update
+      })
+    );
+  }
+  throw new CliInputError("Unknown improvements settings command.");
+}
 async function handleBillingCommand(parsedArgv, dependencies) {
   const action = requirePositional(parsedArgv, 1, "action");
   if (action === "get") {
@@ -28732,16 +29903,18 @@ async function handleTokenCommand(parsedArgv, dependencies) {
       return await (dependencies.listProjectTokensCommand ?? listProjectTokensWithAuthCommand)(input);
     }
     if (action === "create") {
-      expectNoUnknownOptions(parsedArgv, ["auth-file", "json", "label"]);
+      expectNoUnknownOptions(parsedArgv, ["auth-file", "json", "label", "allowed-origin"]);
       ensureNoExtraPositionals(parsedArgv, 4);
       const label = readStringOption(parsedArgv, "label");
       if (label === void 0) {
         throw new CliInputError("Missing required option --label.");
       }
+      const allowedOrigins = readStringListOption(parsedArgv, "allowed-origin");
       return await (dependencies.createProjectTokenCommand ?? createProjectTokenWithAuthCommand)(
         appendCommonAuthOptions(parsedArgv, {
           projectId: requirePositional(parsedArgv, 3, "project-id"),
-          label
+          label,
+          ...allowedOrigins === void 0 ? {} : { allowedOrigins }
         })
       );
     }
@@ -29035,6 +30208,7 @@ async function handleWebhookCommand(parsedArgv, dependencies) {
     expectNoUnknownOptions(parsedArgv, [
       "auth-file",
       "json",
+      "project-id",
       "url",
       "event",
       "environment",
@@ -29045,7 +30219,12 @@ async function handleWebhookCommand(parsedArgv, dependencies) {
       "is-enabled"
     ]);
     ensureNoExtraPositionals(parsedArgv, 3);
+    const projectId = readStringOption(parsedArgv, "project-id");
+    if (projectId === void 0) {
+      throw new CliInputError("Missing required option --project-id.");
+    }
     const input = appendCommonAuthOptions(parsedArgv, {
+      projectId,
       webhookId: requirePositional(parsedArgv, 2, "webhook-id")
     });
     const url = readStringOption(parsedArgv, "url");
@@ -29090,18 +30269,28 @@ async function handleWebhookCommand(parsedArgv, dependencies) {
     return await (dependencies.updateWebhookCommand ?? updateWebhookWithAuthCommand)(input);
   }
   if (action === "delete") {
-    expectNoUnknownOptions(parsedArgv, ["auth-file", "json"]);
+    expectNoUnknownOptions(parsedArgv, ["auth-file", "json", "project-id"]);
     ensureNoExtraPositionals(parsedArgv, 3);
+    const projectId = readStringOption(parsedArgv, "project-id");
+    if (projectId === void 0) {
+      throw new CliInputError("Missing required option --project-id.");
+    }
     return await (dependencies.deleteWebhookCommand ?? deleteWebhookWithAuthCommand)(
       appendCommonAuthOptions(parsedArgv, {
+        projectId,
         webhookId: requirePositional(parsedArgv, 2, "webhook-id")
       })
     );
   }
   if (action === "test") {
-    expectNoUnknownOptions(parsedArgv, ["auth-file", "json", "event"]);
+    expectNoUnknownOptions(parsedArgv, ["auth-file", "json", "project-id", "event"]);
     ensureNoExtraPositionals(parsedArgv, 3);
+    const projectId = readStringOption(parsedArgv, "project-id");
+    if (projectId === void 0) {
+      throw new CliInputError("Missing required option --project-id.");
+    }
     const input = appendCommonAuthOptions(parsedArgv, {
+      projectId,
       webhookId: requirePositional(parsedArgv, 2, "webhook-id")
     });
     const eventType = readStringOption(parsedArgv, "event");
@@ -29114,9 +30303,14 @@ async function handleWebhookCommand(parsedArgv, dependencies) {
     return await (dependencies.testWebhookCommand ?? testWebhookWithAuthCommand)(input);
   }
   if (action === "deliveries") {
-    expectNoUnknownOptions(parsedArgv, ["auth-file", "json", "limit"]);
+    expectNoUnknownOptions(parsedArgv, ["auth-file", "json", "project-id", "limit"]);
     ensureNoExtraPositionals(parsedArgv, 3);
+    const projectId = readStringOption(parsedArgv, "project-id");
+    if (projectId === void 0) {
+      throw new CliInputError("Missing required option --project-id.");
+    }
     const input = appendCommonAuthOptions(parsedArgv, {
+      projectId,
       webhookId: requirePositional(parsedArgv, 2, "webhook-id")
     });
     const limit = readLimitOption(parsedArgv);
@@ -29126,9 +30320,14 @@ async function handleWebhookCommand(parsedArgv, dependencies) {
     return await (dependencies.listWebhookDeliveriesCommand ?? listWebhookDeliveriesWithAuthCommand)(input);
   }
   if (action === "retry") {
-    expectNoUnknownOptions(parsedArgv, ["auth-file", "json"]);
+    expectNoUnknownOptions(parsedArgv, ["auth-file", "json", "project-id"]);
     ensureNoExtraPositionals(parsedArgv, 4);
+    const projectId = readStringOption(parsedArgv, "project-id");
+    if (projectId === void 0) {
+      throw new CliInputError("Missing required option --project-id.");
+    }
     const input = appendCommonAuthOptions(parsedArgv, {
+      projectId,
       webhookId: requirePositional(parsedArgv, 2, "webhook-id"),
       deliveryId: requirePositional(parsedArgv, 3, "delivery-id")
     });
@@ -29207,6 +30406,7 @@ async function handleAlertCommand(parsedArgv, dependencies) {
     expectNoUnknownOptions(parsedArgv, [
       "auth-file",
       "json",
+      "project-id",
       "service-id",
       "channel",
       "condition",
@@ -29215,7 +30415,12 @@ async function handleAlertCommand(parsedArgv, dependencies) {
       "is-enabled"
     ]);
     ensureNoExtraPositionals(parsedArgv, 3);
+    const projectId = readStringOption(parsedArgv, "project-id");
+    if (projectId === void 0) {
+      throw new CliInputError("Missing required option --project-id.");
+    }
     const input = appendCommonAuthOptions(parsedArgv, {
+      projectId,
       alertId: requirePositional(parsedArgv, 2, "alert-id")
     });
     const serviceId = readStringOption(parsedArgv, "service-id");
@@ -29248,10 +30453,15 @@ async function handleAlertCommand(parsedArgv, dependencies) {
     return await (dependencies.updateAlertCommand ?? updateAlertWithAuthCommand)(input);
   }
   if (action === "delete") {
-    expectNoUnknownOptions(parsedArgv, ["auth-file", "json"]);
+    expectNoUnknownOptions(parsedArgv, ["auth-file", "json", "project-id"]);
     ensureNoExtraPositionals(parsedArgv, 3);
+    const projectId = readStringOption(parsedArgv, "project-id");
+    if (projectId === void 0) {
+      throw new CliInputError("Missing required option --project-id.");
+    }
     return await (dependencies.deleteAlertCommand ?? deleteAlertWithAuthCommand)(
       appendCommonAuthOptions(parsedArgv, {
+        projectId,
         alertId: requirePositional(parsedArgv, 2, "alert-id")
       })
     );
@@ -29859,6 +31069,9 @@ ${formatUsage()}`
     if (command === "capture-policy") {
       return await handleCapturePolicyCommand(parsedArgv, dependencies);
     }
+    if (command === "improvements") {
+      return await handleImprovementsCommand(parsedArgv, dependencies);
+    }
     if (command === "probe") {
       return await handleProbeCommand(parsedArgv, dependencies);
     }