@debugbundle/cli 0.1.8 → 0.1.9

package/dist/main.cjs

@@ -15197,6 +15197,25 @@ function buildSkill() {
     "",
     "Use DebugBundle before starting a fresh bug investigation.",
     "",
+    "## Investigation Quickstart",
+    "",
+    "When the user reports a bug, runtime failure, production incident, regression, broken deploy, or unknown error, start here before reading arbitrary source files.",
+    "",
+    "1. Run `debugbundle doctor --json` to learn whether the project is local-only or connected and whether the local scaffold is healthy.",
+    "2. List actionable failures with `debugbundle incidents --source local --status open --json` for local data, or `debugbundle incidents --source cloud --status open --json` when the issue came from a hosted environment.",
+    "3. Inspect the chosen incident with `debugbundle inspect <incident-id> --source <local|cloud> --json` and `debugbundle explain <incident-id> --source <local|cloud> --json`.",
+    "4. Fetch evidence before editing code: `debugbundle bundle <incident-id> --source <local|cloud> --json` and `debugbundle reproduce <incident-id> --source <local|cloud> --json`.",
+    "5. If local SDK or relay events have landed but no bundle exists yet, run `debugbundle process --preset <minimal|balanced|investigative> --json` and then list incidents again.",
+    "",
+    "Key local paths:",
+    "- `.debugbundle/profile.json` \u2014 project map, service paths, and validation state",
+    "- `.debugbundle/local/connection.json` \u2014 local-only vs connected mode and environment delivery policy",
+    "- `.debugbundle/local/events/` \u2014 raw local SDK, relay, ingest, and watch event batches",
+    "- `.debugbundle/local/state.json` \u2014 local incident index, lifecycle state, and bundle paths",
+    "- `.debugbundle/bundles/local/` \u2014 locally generated bundle artifacts",
+    "- `.debugbundle/bundles/local/reproductions/` \u2014 local reproduction artifacts",
+    "- `.debugbundle/bundles/cloud/` \u2014 explicitly fetched cloud artifact cache",
+    "",
     "## Core Workflow",
     "",
     "1. Check DebugBundle incidents first to avoid re-investigating a known failure.",
@@ -15247,23 +15266,35 @@ function buildCliReference() {
     "## Setup",
     "",
     "- `debugbundle setup [--non-interactive] [--json]`",
-    "- `debugbundle doctor [--json]`",
+    "- `debugbundle doctor [--check-relay] [--json]`",
     "- `debugbundle validate [--fix] [--json]`",
     "- `debugbundle ingest <file> --format <format> [--json]`",
     "- `debugbundle watch --log <file> --format <format> [--json]`",
     "- `debugbundle watch --cloud --log <file> --format <format> [--json]`",
     "- `debugbundle process [--preset <minimal|balanced|investigative>] [--json]`",
+    "- `debugbundle clean [--events] [--bundles] [--all] [--older-than <Nd>] [--json]`",
     "",
     "## Investigation",
     "",
-    "- `debugbundle incidents`",
-    "- `debugbundle inspect <incident-id>`",
-    "- `debugbundle bundle <incident-id>`",
-    "- `debugbundle reproduce <incident-id>`",
-    "- `debugbundle resolve <incident-id>`",
-    "- `debugbundle reopen <incident-id>`",
+    "- `debugbundle incidents [--source <local|cloud>] [--project-id <id>] [--environment <name>] [--service <name>] [--status <status>] [--severity <severity>] [--cursor <cursor>] [--limit <n>] [--json]`",
+    "- `debugbundle inspect <incident-id> [--source <local|cloud>] [--json]`",
+    "- `debugbundle explain <incident-id> [--source <local|cloud>] [--json]`",
+    "- `debugbundle bundle <incident-id> [--source <local|cloud>] [--json]`",
+    "- `debugbundle reproduce <incident-id> [--source <local|cloud>] [--json]`",
+    "- `debugbundle resolve <incident-id> [--source <local|cloud>] [--json]`",
+    "- `debugbundle reopen <incident-id> [--source <local|cloud>] [--json]`",
     "- `debugbundle analyze --type improvement --local`",
     "",
+    "## Operational Paths",
+    "",
+    "- `.debugbundle/profile.json` \u2014 committed project map and agent validation state",
+    "- `.debugbundle/local/connection.json` \u2014 committed delivery policy and cloud connection metadata",
+    "- `.debugbundle/local/events/` \u2014 gitignored raw local event batches",
+    "- `.debugbundle/local/state.json` \u2014 gitignored local incident index and lifecycle state",
+    "- `.debugbundle/bundles/local/` \u2014 gitignored local bundle artifacts",
+    "- `.debugbundle/bundles/local/reproductions/` \u2014 gitignored local reproduction artifacts",
+    "- `.debugbundle/bundles/cloud/` \u2014 gitignored cache for explicitly fetched cloud artifacts",
+    "",
     "## Incident Hygiene",
     "",
     "Resolve incidents after a fix is verified or after an intentional smoke, dogfood, or verification incident has served its purpose.",
@@ -15295,6 +15326,17 @@ function buildMcpReference() {
     "",
     "Use the same incident-first workflow through MCP when an agent is operating in connected mode.",
     "",
+    "## Investigation Tools",
+    "",
+    "- `doctor` \u2014 validate local profile, connection config, auth state, and setup health.",
+    "- `list_incidents` \u2014 list local, cloud, or connected combined incidents; pass `source`, `status`, `environment`, `service`, `severity`, `cursor`, and `limit` when needed.",
+    "- `get_incident` \u2014 fetch incident metadata by incident id.",
+    "- `get_incident_context` \u2014 fetch deterministic explanation context for triage.",
+    "- `get_bundle` \u2014 fetch the full debug bundle before proposing a fix.",
+    "- `get_reproduction` \u2014 fetch reproduction guidance before editing code.",
+    "- `resolve_incident` / `reopen_incident` \u2014 update lifecycle state after validation.",
+    "- `analyze` \u2014 run local agent-oriented analysis from local bundles and skill schemas.",
+    "",
     "- Prefer bundle retrieval tools before reading raw repository files.",
     "- Use MCP bundle access when the current issue originated in production.",
     "- Resolve fixed or intentionally generated incidents with `resolve_incident` so open incidents stay actionable.",
@@ -15318,8 +15360,12 @@ function buildBundleSchemaReference() {
     "Focus on:",
     "- `summary` for the failure synopsis and recommended action",
     "- `service` and `environment` for routing to the right code path",
+    "- `context.error`, `context.request`, `context.response`, `context.logs`, `context.frontend`, `context.runtime`, `context.git`, `context.dependencies`, and `context.probe_data` for supporting evidence",
+    "- `reproduction` for confidence, commands, and manual steps",
     "- `links.reproduction` for the generated reproduction artifact",
     "- `metadata.source` for whether the bundle came from local or cloud data",
+    "",
+    "Treat the bundle as the source of truth for the failure report. Use repository reads to confirm and patch the implicated code paths, not to rediscover incident context from scratch.",
     ""
   ].join("\n");
 }
@@ -15330,10 +15376,12 @@ function buildProfileEnrichmentReference() {
     "The setup profile is generated from static analysis and must be reviewed before agents rely on it for architecture decisions.",
     "",
     "Checklist:",
-    "- verify service kinds, frameworks, and runtime assumptions",
-    "- add critical paths and ownership notes",
-    "- confirm build, test, and lint workflows",
-    "- update `debugbundle.validation_status` to `agent-validated` when complete",
+    "- verify `project.primary_languages`, `project.package_managers`, and `project.deployment_targets`",
+    "- verify each service `kind`, `runtime`, `framework`, `paths`, `owns_routes`, and `depends_on` value against the repository",
+    "- add critical paths for ingestion, processing, retrieval, SDK capture, auth, billing, and any project-specific high-risk workflows",
+    "- confirm `repo.generated_paths` and `repo.do_not_edit_paths` match the local scaffold",
+    "- confirm build, test, lint, and install workflows in `developer_workflows`",
+    "- update `debugbundle.last_reviewed_at` and set `debugbundle.validation_status` to `agent-validated` when complete",
     ""
   ].join("\n");
 }
@@ -15415,6 +15463,22 @@ function buildSkillEvals() {
             "Resolve verified or intentionally generated incidents after the workflow is complete.",
             "Leave unresolved incidents open when the failure is still live or unverified."
           ]
+        },
+        {
+          name: "artifact_path_discovery",
+          prompt: "The user reports an unknown local runtime error. Confirm the skill tells the agent which DebugBundle paths and commands to inspect first.",
+          expected_behavior: [
+            "Run doctor and list local open incidents before broad source exploration.",
+            "Use .debugbundle/local/state.json, .debugbundle/bundles/local/, and reproduction artifact paths as the local evidence map."
+          ]
+        },
+        {
+          name: "connected_incident_fetch",
+          prompt: "The user says a production incident fired in the hosted DebugBundle project. Confirm the skill points the agent to the cloud retrieval path.",
+          expected_behavior: [
+            "List cloud open incidents or use MCP list_incidents with source cloud.",
+            "Fetch inspect, context, bundle, and reproduction artifacts before editing code."
+          ]
         }
       ]
     },
@@ -15845,6 +15909,7 @@ var ImprovementSchema = external_exports.object({
   summary: external_exports.string(),
   occurrence_count: external_exports.number().int(),
   evidence: external_exports.record(external_exports.unknown()),
+  related_incident_ids: external_exports.array(external_exports.string()),
   first_detected_at: external_exports.string(),
   last_detected_at: external_exports.string(),
   resolved_at: external_exports.string().nullable(),
@@ -17076,6 +17141,164 @@ var STORAGE_SCHEMA_MIGRATIONS = [
         )
       `
     ]
+  }),
+  defineStorageSchemaMigration({
+    id: "202605180004_add_operational_email_deliveries",
+    description: "Add durable operational email delivery queue with retries and dedupe.",
+    statements: [
+      `
+        CREATE TABLE IF NOT EXISTS operational_email_deliveries (
+          id uuid PRIMARY KEY,
+          organization_id uuid NOT NULL REFERENCES organizations(id) ON DELETE CASCADE,
+          project_id uuid NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
+          kind text NOT NULL,
+          dedupe_key text NOT NULL,
+          payload jsonb NOT NULL DEFAULT '{}'::jsonb,
+          status text NOT NULL DEFAULT 'pending',
+          attempt_count integer NOT NULL DEFAULT 0,
+          next_attempt_at timestamptz,
+          last_error text,
+          delivered_at timestamptz,
+          created_at timestamptz NOT NULL DEFAULT now(),
+          updated_at timestamptz NOT NULL DEFAULT now(),
+          UNIQUE (organization_id, kind, dedupe_key)
+        )
+      `,
+      `
+        ALTER TABLE operational_email_deliveries
+        DROP CONSTRAINT IF EXISTS operational_email_deliveries_kind_check
+      `,
+      `
+        ALTER TABLE operational_email_deliveries
+        ADD CONSTRAINT operational_email_deliveries_kind_check
+        CHECK (kind IN ('webhook_auto_disabled', 'allowance_warning_80', 'allowance_limit_reached', 'retention_rotation_notice'))
+      `,
+      `
+        ALTER TABLE operational_email_deliveries
+        DROP CONSTRAINT IF EXISTS operational_email_deliveries_status_check
+      `,
+      `
+        ALTER TABLE operational_email_deliveries
+        ADD CONSTRAINT operational_email_deliveries_status_check
+        CHECK (status IN ('pending', 'retrying', 'delivered', 'failed'))
+      `,
+      `
+        CREATE INDEX IF NOT EXISTS operational_email_deliveries_status_next_attempt_idx
+        ON operational_email_deliveries (status, next_attempt_at, created_at)
+      `
+    ]
+  }),
+  defineStorageSchemaMigration({
+    id: "202605180005_add_github_improvement_dispatch_targets",
+    description: "Allow GitHub dispatch deliveries to target either incidents or hosted improvements.",
+    statements: [
+      "ALTER TABLE github_dispatch_deliveries ALTER COLUMN incident_id DROP NOT NULL",
+      "ALTER TABLE github_dispatch_deliveries RENAME COLUMN incident_fingerprint TO target_fingerprint",
+      "ALTER TABLE github_dispatch_deliveries ADD COLUMN IF NOT EXISTS improvement_opportunity_id uuid REFERENCES improvement_opportunities(id) ON DELETE CASCADE",
+      "DROP INDEX IF EXISTS github_dispatch_deliveries_rule_dedupe_key_idx",
+      `
+        CREATE UNIQUE INDEX IF NOT EXISTS github_dispatch_deliveries_rule_dedupe_key_idx
+        ON github_dispatch_deliveries (rule_id, target_fingerprint, dedupe_key)
+      `,
+      "ALTER TABLE github_dispatch_deliveries DROP CONSTRAINT IF EXISTS github_dispatch_deliveries_check",
+      `
+        ALTER TABLE github_dispatch_deliveries
+        ADD CONSTRAINT github_dispatch_deliveries_check CHECK (
+          (incident_id IS NOT NULL AND improvement_opportunity_id IS NULL)
+          OR (incident_id IS NULL AND improvement_opportunity_id IS NOT NULL)
+        )
+      `
+    ]
+  }),
+  defineStorageSchemaMigration({
+    id: "202605180006_add_missing_bundle_and_creator_columns",
+    description: "Backfill creator ownership columns and incident bundle tracking columns that existed only in bootstrap schema.",
+    statements: [
+      "ALTER TABLE incidents ADD COLUMN IF NOT EXISTS bundle_generation_number integer NOT NULL DEFAULT 0",
+      "ALTER TABLE incidents ADD COLUMN IF NOT EXISTS bundle_created_at timestamptz",
+      "ALTER TABLE incidents ADD COLUMN IF NOT EXISTS bundle_updated_at timestamptz",
+      "ALTER TABLE incidents ADD COLUMN IF NOT EXISTS bundle_source_event_id uuid",
+      "ALTER TABLE incidents ADD COLUMN IF NOT EXISTS bundle_source_occurred_at timestamptz",
+      "ALTER TABLE incidents ADD COLUMN IF NOT EXISTS bundle_trigger text",
+      "ALTER TABLE incidents ADD COLUMN IF NOT EXISTS bundle_failure_reason text",
+      "ALTER TABLE alert_rules ADD COLUMN IF NOT EXISTS created_by_user_id uuid",
+      `
+        UPDATE alert_rules ar
+        SET created_by_user_id = p.owner_user_id
+        FROM projects p
+        WHERE ar.project_id = p.id
+          AND ar.created_by_user_id IS NULL
+      `,
+      "ALTER TABLE alert_rules DROP CONSTRAINT IF EXISTS alert_rules_created_by_user_id_fkey",
+      `
+        ALTER TABLE alert_rules
+        ADD CONSTRAINT alert_rules_created_by_user_id_fkey
+        FOREIGN KEY (created_by_user_id) REFERENCES users(id) ON DELETE CASCADE
+      `,
+      "ALTER TABLE alert_rules ALTER COLUMN created_by_user_id SET NOT NULL",
+      "ALTER TABLE agent_webhooks ADD COLUMN IF NOT EXISTS created_by_user_id uuid",
+      `
+        UPDATE agent_webhooks aw
+        SET created_by_user_id = p.owner_user_id
+        FROM projects p
+        WHERE aw.project_id = p.id
+          AND aw.created_by_user_id IS NULL
+      `,
+      "ALTER TABLE agent_webhooks DROP CONSTRAINT IF EXISTS agent_webhooks_created_by_user_id_fkey",
+      `
+        ALTER TABLE agent_webhooks
+        ADD CONSTRAINT agent_webhooks_created_by_user_id_fkey
+        FOREIGN KEY (created_by_user_id) REFERENCES users(id) ON DELETE CASCADE
+      `,
+      "ALTER TABLE agent_webhooks ALTER COLUMN created_by_user_id SET NOT NULL",
+      "ALTER TABLE github_dispatch_rules ADD COLUMN IF NOT EXISTS created_by_user_id uuid",
+      `
+        UPDATE github_dispatch_rules gdr
+        SET created_by_user_id = p.owner_user_id
+        FROM projects p
+        WHERE gdr.project_id = p.id
+          AND gdr.created_by_user_id IS NULL
+      `,
+      "ALTER TABLE github_dispatch_rules DROP CONSTRAINT IF EXISTS github_dispatch_rules_created_by_user_id_fkey",
+      `
+        ALTER TABLE github_dispatch_rules
+        ADD CONSTRAINT github_dispatch_rules_created_by_user_id_fkey
+        FOREIGN KEY (created_by_user_id) REFERENCES users(id) ON DELETE CASCADE
+      `,
+      "ALTER TABLE github_dispatch_rules ALTER COLUMN created_by_user_id SET NOT NULL"
+    ]
+  }),
+  defineStorageSchemaMigration({
+    id: "202605200001_limit_weekly_report_email_channel_per_project",
+    description: "Keep weekly email reports singular per project.",
+    statements: [
+      `
+        DELETE FROM weekly_report_channels
+        WHERE id IN (
+          SELECT id
+          FROM (
+            SELECT
+              id,
+              row_number() OVER (PARTITION BY project_id ORDER BY created_at ASC, id ASC) AS row_number
+            FROM weekly_report_channels
+            WHERE channel = 'email'
+          ) ranked
+          WHERE ranked.row_number > 1
+        )
+      `,
+      `
+        CREATE UNIQUE INDEX IF NOT EXISTS weekly_report_channels_project_email_unique_idx
+        ON weekly_report_channels (project_id)
+        WHERE channel = 'email'
+      `
+    ]
+  }),
+  defineStorageSchemaMigration({
+    id: "202605220001_add_project_token_allowed_origins",
+    description: "Add optional browser-origin allowlists to project ingestion tokens.",
+    statements: [
+      "ALTER TABLE project_tokens ADD COLUMN IF NOT EXISTS allowed_origins jsonb NOT NULL DEFAULT '[]'::jsonb"
+    ]
   })
 ];
 
@@ -17983,6 +18206,7 @@ var ProjectTokenSchema = external_exports.object({
   token_id: external_exports.string(),
   project_id: external_exports.string(),
   label: external_exports.string(),
+  allowed_origins: external_exports.array(external_exports.string()).default([]),
   created_at: external_exports.string(),
   last_used_at: external_exports.string().nullable(),
   revoked_at: external_exports.string().nullable(),
@@ -18067,7 +18291,8 @@ function createTokenManagementApi(client) {
           path: `/v1/projects/${input.projectId}/tokens`,
           bearerToken: input.bearerToken,
           body: {
-            label: input.label
+            label: input.label,
+            ...input.allowedOrigins === void 0 ? {} : { allowed_origins: input.allowedOrigins }
           }
         })
       );
@@ -18969,8 +19194,9 @@ var GitHubDispatchDeliverySchema = external_exports.object({
   delivery_id: external_exports.string(),
   rule_id: external_exports.string(),
   rule_name: external_exports.string(),
-  incident_id: external_exports.string(),
-  incident_title: external_exports.string(),
+  incident_id: external_exports.string().nullable(),
+  improvement_id: external_exports.string().nullable(),
+  target_title: external_exports.string(),
   status: external_exports.enum(["pending", "retrying", "delivered", "failed", "skipped"]),
   attempt_count: external_exports.number().int(),
   last_attempt_at: external_exports.string().nullable(),
@@ -25689,7 +25915,7 @@ var CLI_USAGE_LINES = [
   "  debugbundle project update <project-id> [--name <name>] [--slug <slug>] [--environment-default <env>] [--auth-file <path>] [--json]",
   "  debugbundle project delete <project-id> [--auth-file <path>] [--json]",
   "  debugbundle token project list <project-id> [--limit <n>] [--auth-file <path>] [--json]",
-  "  debugbundle token project create <project-id> --label <label> [--auth-file <path>] [--json]",
+  "  debugbundle token project create <project-id> --label <label> [--allowed-origin <origin> ...] [--auth-file <path>] [--json]",
   "  debugbundle token project revoke <project-id> <token-id> [--auth-file <path>] [--json]",
   "  debugbundle token member list [--limit <n>] [--auth-file <path>] [--json]",
   "  debugbundle token member create --label <label> [--auth-file <path>] [--json]",
@@ -25711,6 +25937,7 @@ var CLI_USAGE_LINES = [
   "  debugbundle webhook retry <webhook-id> <delivery-id> --project-id <id> [--auth-file <path>] [--json]",
   "  debugbundle weekly-report list --project-id <id> [--limit <n>] [--auth-file <path>] [--json]",
   "  debugbundle weekly-report create --project-id <id> --channel <email|slack> --day-of-week <day> --hour-of-day <0-23> --timezone <iana> --config-json <json> [--is-enabled <true|false>] [--auth-file <path>] [--json]",
+  '      email --config-json uses {"to":["owner@example.com"]} with up to 3 recipients',
   "  debugbundle weekly-report update <channel-id> [--day-of-week <day>] [--hour-of-day <0-23>] [--timezone <iana>] [--config-json <json>] [--is-enabled <true|false>] [--auth-file <path>] [--json]",
   "  debugbundle weekly-report delete <channel-id> [--auth-file <path>] [--json]",
   "  debugbundle capture-policy get --project <id> [--auth-file <path>] [--json]",
@@ -25743,53 +25970,62 @@ var import_node_path16 = require("node:path");
 var SUGGESTED_ACTIONS2 = [
   "Run debugbundle setup if .debugbundle/profile.json is missing.",
   "Run debugbundle profile validate for field-level profile errors.",
-  "Run debugbundle validate --fix to recreate missing local DebugBundle stubs when safe."
+  "Run debugbundle validate --fix to recreate missing or stale local DebugBundle stubs when safe."
 ];
 var FIXABLE_FILES = [
   {
     name: "connection-config",
     filePath: CONNECTION_FILE_PATH,
-    buildContent: buildConnectionConfig
+    buildContent: buildConnectionConfig,
+    checkContent: false
   },
   {
     name: "agent-skill",
     filePath: SKILL_FILE_PATH,
-    buildContent: buildSkill
+    buildContent: buildSkill,
+    checkContent: true
   },
   {
     name: "cli-reference",
     filePath: CLI_REFERENCE_FILE_PATH,
-    buildContent: buildCliReference
+    buildContent: buildCliReference,
+    checkContent: true
   },
   {
     name: "mcp-reference",
     filePath: MCP_REFERENCE_FILE_PATH,
-    buildContent: buildMcpReference
+    buildContent: buildMcpReference,
+    checkContent: true
   },
   {
     name: "bundle-schema-reference",
     filePath: BUNDLE_SCHEMA_REFERENCE_FILE_PATH,
-    buildContent: buildBundleSchemaReference
+    buildContent: buildBundleSchemaReference,
+    checkContent: true
   },
   {
     name: "profile-enrichment-reference",
     filePath: PROFILE_ENRICHMENT_REFERENCE_FILE_PATH,
-    buildContent: buildProfileEnrichmentReference
+    buildContent: buildProfileEnrichmentReference,
+    checkContent: true
   },
   {
     name: "improvement-analysis-recipe",
     filePath: IMPROVEMENT_ANALYSIS_RECIPE_FILE_PATH,
-    buildContent: buildImprovementAnalysisRecipe
+    buildContent: buildImprovementAnalysisRecipe,
+    checkContent: true
   },
   {
     name: "performance-analysis-recipe",
     filePath: PERFORMANCE_ANALYSIS_RECIPE_FILE_PATH,
-    buildContent: buildPerformanceAnalysisRecipe
+    buildContent: buildPerformanceAnalysisRecipe,
+    checkContent: true
   },
   {
     name: "skill-evals",
     filePath: EVALS_FILE_PATH,
-    buildContent: buildSkillEvals
+    buildContent: buildSkillEvals,
+    checkContent: true
   }
 ];
 async function pathExists6(path, stat) {
@@ -25903,6 +26139,28 @@ async function validateCommand(input, dependencies = {}) {
   for (const fixableFile of FIXABLE_FILES) {
     const absoluteFilePath = (0, import_node_path16.join)(rootDirectory, fixableFile.filePath);
     if (await pathExists6(absoluteFilePath, stat)) {
+      if (fixableFile.checkContent) {
+        const currentContents = await readFile(absoluteFilePath);
+        const expectedContents = fixableFile.buildContent();
+        if (currentContents !== expectedContents) {
+          if (input.fix === true) {
+            await writeFile(absoluteFilePath, expectedContents);
+            checks.push({
+              name: fixableFile.name,
+              status: "ok",
+              message: `Updated stale ${fixableFile.filePath}`
+            });
+            continue;
+          }
+          autoFixAvailable = true;
+          checks.push({
+            name: fixableFile.name,
+            status: "warning",
+            message: `Stale ${fixableFile.filePath}; run debugbundle validate --fix to refresh it.`
+          });
+          continue;
+        }
+      }
       checks.push({
         name: fixableFile.name,
         status: "ok",
@@ -26627,6 +26885,7 @@ function formatImprovementDetail(improvement) {
     `Confidence: ${improvement.confidence}`,
     `Occurrences: ${improvement.occurrence_count}`,
     `Last detected: ${improvement.last_detected_at}`,
+    ...improvement.related_incident_ids === void 0 || improvement.related_incident_ids.length === 0 ? [] : [`Related incidents: ${improvement.related_incident_ids.join(", ")}`],
     ...improvement.resolved_at === null ? [] : [`Resolved at: ${improvement.resolved_at}`],
     `Summary: ${improvement.summary}`
   ].join("\n");
@@ -27195,6 +27454,20 @@ function formatTokenTable(tokens) {
   }
   return tokens.map((token) => `${token.token_id} | ${token.label} | ${token.revoked_at === null ? "active" : "revoked"}`).join("\n");
 }
+function formatAllowedOrigins(allowedOrigins) {
+  if (allowedOrigins === void 0 || allowedOrigins.length === 0) {
+    return "none";
+  }
+  return allowedOrigins.join(", ");
+}
+function formatProjectTokenTable(tokens) {
+  if (tokens.length === 0) {
+    return "No tokens found.";
+  }
+  return tokens.map(
+    (token) => `${token.token_id} | ${token.label} | ${token.revoked_at === null ? "active" : "revoked"} | origins: ${formatAllowedOrigins(token.allowed_origins)}`
+  ).join("\n");
+}
 async function listProjectTokensCommand(input, api) {
   try {
     const requestInput = {
@@ -27210,7 +27483,7 @@ async function listProjectTokensCommand(input, api) {
     }
     return {
       exitCode: 0,
-      output: formatTokenTable(tokens)
+      output: formatProjectTokenTable(tokens)
     };
   } catch (error) {
     return { exitCode: mapErrorToExitCode9(error), output: error instanceof Error ? error.message : String(error) };
@@ -27239,17 +27512,22 @@ async function listProjectTokensWithAuthCommand(input, dependencies) {
 }
 async function createProjectTokenCommand(input, api) {
   try {
-    const token = await api.createProjectToken({
+    const requestInput = {
       bearerToken: input.bearerToken,
       projectId: input.projectId,
       label: input.label
-    });
+    };
+    if (input.allowedOrigins !== void 0) {
+      requestInput.allowedOrigins = input.allowedOrigins;
+    }
+    const token = await api.createProjectToken(requestInput);
     if (input.json) {
       return { exitCode: 0, output: JSON.stringify({ token }) };
     }
     return {
       exitCode: 0,
       output: `Project token created: ${token.token_id}
+Allowed origins: ${formatAllowedOrigins(token.allowed_origins)}
 Plaintext: ${token.plaintext ?? "<none>"}`
     };
   } catch (error) {
@@ -27266,6 +27544,9 @@ async function createProjectTokenWithAuthCommand(input, dependencies) {
         projectId: input.projectId,
         label: input.label
       };
+      if (input.allowedOrigins !== void 0) {
+        commandInput.allowedOrigins = input.allowedOrigins;
+      }
       if (input.json !== void 0) {
         commandInput.json = input.json;
       }
@@ -28771,7 +29052,7 @@ function formatGitHubDeliveryTable(deliveries) {
     return "No GitHub deliveries found.";
   }
   return deliveries.map(
-    (delivery) => `${delivery.rule_name} | ${delivery.status} | ${delivery.incident_title} | attempts: ${delivery.attempt_count}`
+    (delivery) => `${delivery.rule_name} | ${delivery.status} | ${delivery.target_title} | attempts: ${delivery.attempt_count}`
   ).join("\n");
 }
 async function getGitHubStatusCommand(input, api) {
@@ -29622,16 +29903,18 @@ async function handleTokenCommand(parsedArgv, dependencies) {
       return await (dependencies.listProjectTokensCommand ?? listProjectTokensWithAuthCommand)(input);
     }
     if (action === "create") {
-      expectNoUnknownOptions(parsedArgv, ["auth-file", "json", "label"]);
+      expectNoUnknownOptions(parsedArgv, ["auth-file", "json", "label", "allowed-origin"]);
       ensureNoExtraPositionals(parsedArgv, 4);
       const label = readStringOption(parsedArgv, "label");
       if (label === void 0) {
         throw new CliInputError("Missing required option --label.");
       }
+      const allowedOrigins = readStringListOption(parsedArgv, "allowed-origin");
       return await (dependencies.createProjectTokenCommand ?? createProjectTokenWithAuthCommand)(
         appendCommonAuthOptions(parsedArgv, {
           projectId: requirePositional(parsedArgv, 3, "project-id"),
-          label
+          label,
+          ...allowedOrigins === void 0 ? {} : { allowedOrigins }
         })
       );
     }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@debugbundle/cli",
-  "version": "0.1.8",
+  "version": "0.1.9",
   "private": false,
   "description": "Command-line interface for DebugBundle",
   "license": "AGPL-3.0-only",