@debugbundle/cli 1.1.1 → 1.2.0

package/dist/main.cjs

@@ -14486,25 +14486,74 @@ var CaptureProbeEventsSchema = external_exports.enum(CaptureProbeEventsValues);
 var RequestSignalClassificationValues = ["incident_signal", "context_signal"];
 var RequestSignalClassificationSchema = external_exports.enum(RequestSignalClassificationValues);
 var RECOMMENDED_IMMEDIATE_CLIENT_ERROR_STATUSES = [401, 403, 409, 422];
+var HTTP_METHOD_VALUES = ["GET", "POST", "PUT", "PATCH", "DELETE", "HEAD", "OPTIONS"];
 var ImmediateClientErrorStatusSchema = external_exports.number().int().min(400).max(499);
+var HttpMethodSchema = external_exports.enum(HTTP_METHOD_VALUES);
 function normalizeImmediateClientErrorStatuses(statuses) {
   return Array.from(new Set(statuses)).sort((left, right) => left - right);
 }
 var ImmediateClientErrorStatusesSchema = external_exports.array(ImmediateClientErrorStatusSchema).max(12).transform((statuses) => normalizeImmediateClientErrorStatuses(statuses));
+function normalizePathPattern(value) {
+  return value.trim().replace(/\/{2,}/g, "/");
+}
+function isValidPathPattern(value) {
+  const normalized = normalizePathPattern(value);
+  if (!normalized.startsWith("/") || normalized.includes("?") || normalized.includes("#")) {
+    return false;
+  }
+  const wildcardIndex = normalized.indexOf("*");
+  return wildcardIndex === -1 || wildcardIndex === normalized.length - 1;
+}
+function normalizeHttpMethods(methods) {
+  if (methods === void 0 || methods.length === 0) {
+    return [];
+  }
+  const normalized = methods.map((method) => method.toUpperCase()).filter(
+    (method) => HTTP_METHOD_VALUES.includes(method)
+  );
+  return Array.from(new Set(normalized)).sort();
+}
+function normalizeImmediateClientErrorPathRules(rules) {
+  const normalized = rules.map((rule) => ({
+    status_code: rule.status_code,
+    path_pattern: normalizePathPattern(rule.path_pattern),
+    methods: normalizeHttpMethods(rule.methods)
+  }));
+  const deduped = /* @__PURE__ */ new Map();
+  for (const rule of normalized) {
+    deduped.set(`${rule.status_code}:${rule.path_pattern}:${rule.methods.join(",")}`, rule);
+  }
+  return Array.from(deduped.values()).sort((left, right) => {
+    if (left.status_code !== right.status_code) return left.status_code - right.status_code;
+    const pathComparison = left.path_pattern.localeCompare(right.path_pattern);
+    if (pathComparison !== 0) return pathComparison;
+    return left.methods.join(",").localeCompare(right.methods.join(","));
+  });
+}
+var ImmediateClientErrorPathRuleSchema = external_exports.object({
+  status_code: ImmediateClientErrorStatusSchema,
+  path_pattern: external_exports.string().min(1).max(256).transform(normalizePathPattern).refine(isValidPathPattern, {
+    message: "path_pattern must start with / and may only use a terminal * wildcard"
+  }),
+  methods: external_exports.array(HttpMethodSchema).max(7).optional().default([]).transform(normalizeHttpMethods)
+});
+var ImmediateClientErrorPathRulesSchema = external_exports.array(ImmediateClientErrorPathRuleSchema).max(25).transform((rules) => normalizeImmediateClientErrorPathRules(rules));
 var ResolvedCapturePolicySchema = external_exports.object({
   preset: CapturePresetSchema,
   capture_logs: CaptureLogsSchema,
   capture_request_events: CaptureRequestEventsSchema,
   capture_breadcrumbs: CaptureBreadcrumbsSchema,
   capture_probe_events: CaptureProbeEventsSchema,
-  immediate_client_error_statuses: ImmediateClientErrorStatusesSchema
+  immediate_client_error_statuses: ImmediateClientErrorStatusesSchema,
+  immediate_client_error_path_rules: ImmediateClientErrorPathRulesSchema.default([])
 });
 var CapturePolicyOverridesSchema = external_exports.object({
   capture_logs: CaptureLogsSchema.nullable(),
   capture_request_events: CaptureRequestEventsSchema.nullable(),
   capture_breadcrumbs: CaptureBreadcrumbsSchema.nullable(),
   capture_probe_events: CaptureProbeEventsSchema.nullable(),
-  immediate_client_error_statuses: ImmediateClientErrorStatusesSchema.nullable()
+  immediate_client_error_statuses: ImmediateClientErrorStatusesSchema.nullable(),
+  immediate_client_error_path_rules: ImmediateClientErrorPathRulesSchema.nullable().default(null)
 });
 var CapturePolicyResponseSchema = external_exports.object({
   access_mode: external_exports.enum(["manage", "preview"]),
@@ -14519,6 +14568,7 @@ var CapturePolicySchema = external_exports.object({
   capture_breadcrumbs: CaptureBreadcrumbsSchema.nullable(),
   capture_probe_events: CaptureProbeEventsSchema.nullable(),
   immediate_client_error_statuses: ImmediateClientErrorStatusesSchema.nullable(),
+  immediate_client_error_path_rules: ImmediateClientErrorPathRulesSchema.nullable().default(null),
   updated_at: external_exports.string().datetime()
 });
 var CapturePolicyUpdateSchema = external_exports.object({
@@ -14527,7 +14577,8 @@ var CapturePolicyUpdateSchema = external_exports.object({
   capture_request_events: CaptureRequestEventsSchema.nullable().optional(),
   capture_breadcrumbs: CaptureBreadcrumbsSchema.nullable().optional(),
   capture_probe_events: CaptureProbeEventsSchema.nullable().optional(),
-  immediate_client_error_statuses: ImmediateClientErrorStatusesSchema.nullable().optional()
+  immediate_client_error_statuses: ImmediateClientErrorStatusesSchema.nullable().optional(),
+  immediate_client_error_path_rules: ImmediateClientErrorPathRulesSchema.nullable().optional()
 });
 var PRESET_DEFAULTS = {
   minimal: {
@@ -14535,30 +14586,69 @@ var PRESET_DEFAULTS = {
     capture_request_events: "failures_only",
     capture_breadcrumbs: "local_only",
     capture_probe_events: "buffer_only",
-    immediate_client_error_statuses: []
+    immediate_client_error_statuses: [],
+    immediate_client_error_path_rules: []
   },
   balanced: {
     capture_logs: "warning",
     capture_request_events: "failures_only",
     capture_breadcrumbs: "exception_only",
     capture_probe_events: "buffer_only",
-    immediate_client_error_statuses: []
+    immediate_client_error_statuses: [],
+    immediate_client_error_path_rules: []
   },
   investigative: {
     capture_logs: "info",
     capture_request_events: "all",
     capture_breadcrumbs: "standalone",
     capture_probe_events: "standalone_when_activated",
-    immediate_client_error_statuses: [...RECOMMENDED_IMMEDIATE_CLIENT_ERROR_STATUSES]
+    immediate_client_error_statuses: [...RECOMMENDED_IMMEDIATE_CLIENT_ERROR_STATUSES],
+    immediate_client_error_path_rules: []
   }
 };
 var BALANCED_IMMEDIATE_REQUEST_STATUSES = /* @__PURE__ */ new Set([408, 423, 424, 425, 429]);
 var INVESTIGATIVE_IMMEDIATE_REQUEST_STATUSES = /* @__PURE__ */ new Set([...BALANCED_IMMEDIATE_REQUEST_STATUSES, 409]);
-var BALANCED_STANDARD_ANOMALY_STATUSES = /* @__PURE__ */ new Set([401, 403, 404, 409, 422]);
-var BALANCED_HIGH_VOLUME_ANOMALY_STATUSES = /* @__PURE__ */ new Set([400, 410]);
-var INVESTIGATIVE_ANOMALY_STATUSES = /* @__PURE__ */ new Set([...BALANCED_STANDARD_ANOMALY_STATUSES, ...BALANCED_HIGH_VOLUME_ANOMALY_STATUSES]);
+function normalizeRequestPath(value) {
+  if (typeof value !== "string") {
+    return null;
+  }
+  const trimmed = value.trim();
+  if (trimmed.length === 0) {
+    return null;
+  }
+  const path = trimmed.startsWith("http://") || trimmed.startsWith("https://") ? (() => {
+    try {
+      return new URL(trimmed).pathname;
+    } catch {
+      return trimmed;
+    }
+  })() : trimmed;
+  return (path.split(/[?#]/, 1)[0] ?? path).replace(/\/{2,}/g, "/");
+}
+function pathPatternMatches(rulePattern, requestPath) {
+  const pattern = normalizePathPattern(rulePattern);
+  if (!pattern.endsWith("*")) {
+    return requestPath === pattern;
+  }
+  const prefix = pattern.slice(0, -1);
+  return requestPath.startsWith(prefix);
+}
+function matchesImmediateClientErrorPathRule(input2) {
+  const { responseStatus, immediateClientErrorPathRules = [] } = input2;
+  if (responseStatus === null || !Number.isFinite(responseStatus) || immediateClientErrorPathRules.length === 0) {
+    return false;
+  }
+  const requestPath = normalizeRequestPath(input2.requestPath);
+  if (requestPath === null) {
+    return false;
+  }
+  const httpMethod = typeof input2.httpMethod === "string" ? input2.httpMethod.toUpperCase() : null;
+  return immediateClientErrorPathRules.some(
+    (rule) => rule.status_code === responseStatus && (rule.methods.length === 0 || httpMethod !== null && rule.methods.includes(httpMethod)) && pathPatternMatches(rule.path_pattern, requestPath)
+  );
+}
 function classifyRequestStatus(input2) {
-  const { responseStatus, capturePreset, immediateClientErrorStatuses = [] } = input2;
+  const { responseStatus, capturePreset, immediateClientErrorStatuses = [], immediateClientErrorPathRules = [] } = input2;
   if (responseStatus === null || !Number.isFinite(responseStatus)) {
     return "context_signal";
   }
@@ -14568,6 +14658,14 @@ function classifyRequestStatus(input2) {
   if (immediateClientErrorStatuses.includes(responseStatus)) {
     return "incident_signal";
   }
+  if (matchesImmediateClientErrorPathRule({
+    responseStatus,
+    requestPath: input2.requestPath,
+    httpMethod: input2.httpMethod,
+    immediateClientErrorPathRules
+  })) {
+    return "incident_signal";
+  }
   if (capturePreset === "investigative") {
     return INVESTIGATIVE_IMMEDIATE_REQUEST_STATUSES.has(responseStatus) ? "incident_signal" : "context_signal";
   }
@@ -14577,33 +14675,101 @@ function classifyRequestStatus(input2) {
   return "context_signal";
 }
 function getRequestAnomalyThreshold(input2) {
-  const { responseStatus, capturePreset } = input2;
+  const { responseStatus } = input2;
   if (responseStatus === null || !Number.isFinite(responseStatus) || responseStatus < 400 || responseStatus >= 500) {
     return null;
   }
-  if (capturePreset === "minimal") {
-    return null;
+  return null;
+}
+
+// ../../packages/shared-types/src/request-failure-noise.ts
+function isLowValueExternalProbeRequestFailure404(input2) {
+  if (input2.responseStatus !== 404 || input2.httpMethod.toUpperCase() !== "GET") {
+    return false;
   }
-  if (capturePreset === "investigative") {
-    return INVESTIGATIVE_ANOMALY_STATUSES.has(responseStatus) ? {
-      minimum_occurrences_5m: 8,
-      minimum_ratio_5m_to_1h: 2
-    } : null;
+  const normalizedRoute = input2.routeTemplate.toLowerCase().replace(/\/+$/, "") || "/";
+  const normalizedPath = normalizePath(input2.requestPath ?? input2.routeTemplate);
+  const routesToCheck = /* @__PURE__ */ new Set([normalizedRoute, normalizedPath]);
+  for (const route of routesToCheck) {
+    if (isRouteOnlyExternalProbe(route)) {
+      return true;
+    }
   }
-  if (BALANCED_STANDARD_ANOMALY_STATUSES.has(responseStatus)) {
-    return {
-      minimum_occurrences_5m: 20,
-      minimum_ratio_5m_to_1h: 3
-    };
+  return isDirectIpRequest(input2.headers ?? null) && [...routesToCheck].some(isGenericDirectIpProbeRoute);
+}
+function normalizePath(path) {
+  const withoutQuery = path.split("?")[0] ?? path;
+  return withoutQuery.toLowerCase().replace(/\/+$/, "") || "/";
+}
+function isRouteOnlyExternalProbe(normalizedRoute) {
+  const exactRoutes = /* @__PURE__ */ new Set([
+    "/.env",
+    "/__debug__/render_panel",
+    "/actuator",
+    "/autodiscover/autodiscover.json",
+    "/developmentserver/metadatauploader",
+    "/cpanel",
+    "/favicon.ico",
+    "/geoserver/web",
+    "/hnap1",
+    "/logon/logonpoint/index.html",
+    "/owa/auth/logon.aspx",
+    "/robots.txt",
+    "/rdweb/pages",
+    "/web",
+    "/webclient/login.xhtml",
+    "/webconsole",
+    "/webui",
+    "/whm",
+    "/wp-admin",
+    "/wp-login.php",
+    "/wsman",
+    "/xmlrpc.php"
+  ]);
+  if (exactRoutes.has(normalizedRoute)) {
+    return true;
   }
-  if (BALANCED_HIGH_VOLUME_ANOMALY_STATUSES.has(responseStatus)) {
-    return {
-      minimum_occurrences_5m: 50,
-      minimum_ratio_5m_to_1h: 5
-    };
+  return normalizedRoute.includes("/.git/") || normalizedRoute.includes("/.svn/") || normalizedRoute.includes("/api_keys") || normalizedRoute.includes("/backup/api_keys") || normalizedRoute.includes("/phpmyadmin") || normalizedRoute.includes("/pma/") || normalizedRoute.includes("/vendor/phpunit/") || normalizedRoute.startsWith("/autodiscover/") || normalizedRoute.startsWith("/cgi-bin/") || normalizedRoute.startsWith("/ecp/") || normalizedRoute.endsWith("/.git/config") || normalizedRoute.endsWith("/composer.json") || normalizedRoute.endsWith("/composer.lock") || normalizedRoute.endsWith("/package-lock.json") || normalizedRoute.endsWith("/package.json") || normalizedRoute.endsWith("/server-status") || normalizedRoute.includes("wp-config") || normalizedRoute.startsWith("/owa/") || normalizedRoute.startsWith("/rdweb/") || normalizedRoute.startsWith("/vpn/") || normalizedRoute.startsWith("/wp-") || isSensitiveBackupFileProbe(normalizedRoute);
+}
+function isSensitiveBackupFileProbe(normalizedRoute) {
+  if (!/\.(?:bak|backup|dump|old|orig|save|sql|swp|tar|tar\.gz|zip)$/.test(normalizedRoute)) {
+    return false;
+  }
+  return /(?:^|\/|\.)(?:backup|config|database|db|dump|env|secret|site|www|wp-config)(?:\/|\.|_|-|$)/.test(normalizedRoute);
+}
+function isGenericDirectIpProbeRoute(normalizedRoute) {
+  return [
+    "/admin",
+    "/administrator",
+    "/login",
+    "/logincheck",
+    "/remote/logincheck"
+  ].includes(normalizedRoute);
+}
+function isDirectIpRequest(headers) {
+  if (headers === null) {
+    return false;
+  }
+  const host = readHeader(headers, "x-forwarded-host") ?? readHeader(headers, "host");
+  if (host === null) {
+    return false;
+  }
+  return isIpLikeHost(host);
+}
+function readHeader(headers, name) {
+  const direct = headers[name] ?? headers[name.toLowerCase()];
+  if (typeof direct === "string") {
+    return direct;
+  }
+  if (Array.isArray(direct) && typeof direct[0] === "string") {
+    return direct[0];
   }
   return null;
 }
+function isIpLikeHost(value) {
+  const host = value.trim().replace(/:\d+$/, "");
+  return /^(?:\d{1,3}\.){3}\d{1,3}$/.test(host) || /^\[[0-9a-f:]+\]$/i.test(host) || host.includes(":") && /^[0-9a-f:]+$/i.test(host);
+}
 
 // ../../packages/shared-types/src/capture-rules.ts
 var CAPTURE_RULE_EVENT_TYPES = [
@@ -17542,7 +17708,7 @@ function getRequestResponseStatus(payload) {
   const status = payload?.["response_status"];
   return typeof status === "number" && Number.isFinite(status) ? status : null;
 }
-function classifyEvent(eventType, logLevel, probeActivationId, payload, capturePreset = "minimal", immediateClientErrorStatuses = []) {
+function classifyEvent(eventType, logLevel, probeActivationId, payload, capturePreset = "minimal", immediateClientErrorStatuses = [], immediateClientErrorPathRules = []) {
   switch (eventType) {
     case "backend_exception":
     case "frontend_exception":
@@ -17554,7 +17720,14 @@ function classifyEvent(eventType, logLevel, probeActivationId, payload, captureP
       return "context_signal";
     case "request_event": {
       const responseStatus = getRequestResponseStatus(payload);
-      return classifyRequestStatus({ responseStatus, capturePreset, immediateClientErrorStatuses });
+      return classifyRequestStatus({
+        responseStatus,
+        requestPath: payload?.["path"],
+        httpMethod: payload?.["method"],
+        capturePreset,
+        immediateClientErrorStatuses,
+        immediateClientErrorPathRules
+      });
     }
     case "frontend_breadcrumb":
     case "deploy_metadata":
@@ -17892,6 +18065,7 @@ var STORAGE_BOOTSTRAP_STATEMENTS = [
       capture_breadcrumbs text,
       capture_probe_events text,
       immediate_client_error_statuses jsonb,
+      immediate_client_error_path_rules jsonb,
       updated_at timestamptz NOT NULL DEFAULT now()
     )
   `,
@@ -19247,6 +19421,13 @@ var STORAGE_SCHEMA_MIGRATIONS = [
         ON plan_cleanup_tasks (completed_at, next_attempt_at, created_at)
       `
     ]
+  }),
+  defineStorageSchemaMigration({
+    id: "202606080001_add_capture_policy_client_error_path_rules",
+    description: "Add path-scoped client error incident promotion rules to capture policies.",
+    statements: [
+      "ALTER TABLE capture_policies ADD COLUMN IF NOT EXISTS immediate_client_error_path_rules jsonb"
+    ]
   })
 ];
 
@@ -19998,7 +20179,7 @@ var ProjectMetricsSchema = external_exports.object({
   monthly_raw_ingested_events: external_exports.number().int().nonnegative(),
   retained_bundles: external_exports.number().int().nonnegative(),
   monthly_alert_deliveries: external_exports.number().int().nonnegative()
-}).strict();
+});
 var ProjectRecordSchema = external_exports.object({
   project_id: external_exports.string(),
   organization_id: external_exports.string(),
@@ -20015,13 +20196,13 @@ var ProjectRecordSchema = external_exports.object({
   metrics: ProjectMetricsSchema,
   created_at: external_exports.string(),
   updated_at: external_exports.string()
-}).strict();
+});
 var ProjectListResponseSchema = external_exports.object({
   projects: external_exports.array(ProjectRecordSchema)
-}).strict();
+});
 var ProjectCreateResponseSchema = external_exports.object({
   project: ProjectRecordSchema
-}).strict();
+});
 var DeletedProjectRecordSchema = external_exports.object({
   project_id: external_exports.string(),
   organization_id: external_exports.string(),
@@ -20037,10 +20218,10 @@ var DeletedProjectRecordSchema = external_exports.object({
   organization_plan: external_exports.enum(["free", "solo", "team"]),
   created_at: external_exports.string(),
   updated_at: external_exports.string()
-}).strict();
+});
 var ProjectDeleteResponseSchema = external_exports.object({
   project: DeletedProjectRecordSchema
-}).strict();
+});
 var ApiErrorResponseSchema2 = external_exports.object({
   error: external_exports.string()
 }).strict();
@@ -24809,6 +24990,15 @@ function collectRequestAnomalyAggregates(batches, capturePreset) {
       if (threshold === null || responseStatus === null || method === null || routeTemplate === null) {
         continue;
       }
+      if (isLowValueExternalProbeRequestFailure404({
+        httpMethod: method,
+        requestPath: event.payload.path,
+        routeTemplate,
+        responseStatus,
+        headers: event.payload.headers
+      })) {
+        continue;
+      }
       const projectId = requireProjectId(event);
       const incidentFingerprint = buildRequestAnomalyFingerprint({
         projectId,
@@ -28938,7 +29128,7 @@ var CLI_USAGE_LINES = [
   "  debugbundle weekly-report update <channel-id> [--day-of-week <day>] [--hour-of-day <0-23>] [--timezone <iana>] [--config-json <json>] [--is-enabled <true|false>] [--auth-file <path>] [--json]",
   "  debugbundle weekly-report delete <channel-id> [--auth-file <path>] [--json]",
   "  debugbundle capture-policy get --project <id> [--auth-file <path>] [--json]",
-  "  debugbundle capture-policy set --project <id> [--preset <minimal|balanced|investigative>] [--override <key=value>] [--client-error-incidents <preset-default|none|recommended|custom>] [--client-error-statuses <400,401,...>] [--auth-file <path>] [--json]",
+  "  debugbundle capture-policy set --project <id> [--preset <minimal|balanced|investigative>] [--override <key=value>] [--client-error-incidents <preset-default|none|recommended|custom>] [--client-error-statuses <400,401,...>] [--client-error-path-rule <404=/path/*@GET,POST>] [--client-error-path-rules-json <json|null>] [--auth-file <path>] [--json]",
   "  debugbundle capture-rule list --project-id <id> [--auth-file <path>] [--json]",
   "  debugbundle capture-rule suggest <incident-id> [--auth-file <path>] [--json]",
   "  debugbundle capture-rule create-from-suggestion <incident-id> --suggestion-id <id> [--name <name>] [--description <text>] [--enabled <true|false>] [--expires-at <ISO8601>] [--auth-file <path>] [--json]",
@@ -31918,6 +32108,18 @@ function statusesEqual(left, right) {
 function formatStatusList(statuses) {
   return statuses.length === 0 ? "none" : statuses.join(", ");
 }
+function formatClientErrorPathRules(response) {
+  const rawOverride = response.overrides.immediate_client_error_path_rules ?? null;
+  const rules = rawOverride ?? response.policy.immediate_client_error_path_rules ?? [];
+  if (rules.length === 0) {
+    return rawOverride === null ? "preset default (none)" : "none (explicit)";
+  }
+  const formatted = rules.map((rule) => {
+    const methods = rule.methods.length === 0 ? "" : `@${rule.methods.join(",")}`;
+    return `${rule.status_code}=${rule.path_pattern}${methods}`;
+  });
+  return `${rawOverride === null ? "preset default" : "custom"} (${formatted.join("; ")})`;
+}
 function formatClientErrorIncidents(response) {
   const rawOverride = response.overrides.immediate_client_error_statuses;
   if (rawOverride === null) {
@@ -31939,7 +32141,8 @@ function formatPolicy(response) {
     `capture_request_events: ${policy.capture_request_events}`,
     `capture_breadcrumbs: ${policy.capture_breadcrumbs}`,
     `capture_probe_events: ${policy.capture_probe_events}`,
-    `client_error_incidents: ${formatClientErrorIncidents(response)}`
+    `client_error_incidents: ${formatClientErrorIncidents(response)}`,
+    `client_error_path_rules: ${formatClientErrorPathRules(response)}`
   ].join("\n");
 }
 async function getCapturePolicyCommand(input2, api) {
@@ -32712,6 +32915,31 @@ async function handleCapturePolicyCommand(parsedArgv, dependencies) {
     }
     return normalized;
   }
+  function parseClientErrorPathRuleOption(value) {
+    const separatorIndex = value.indexOf("=");
+    if (separatorIndex <= 0 || separatorIndex === value.length - 1) {
+      throw new CliInputError("Invalid value for --client-error-path-rule.");
+    }
+    const status = Number(value.slice(0, separatorIndex));
+    if (!Number.isInteger(status) || status < 400 || status > 499) {
+      throw new CliInputError("Invalid value for --client-error-path-rule.");
+    }
+    const ruleValue = value.slice(separatorIndex + 1);
+    const methodSeparatorIndex = ruleValue.lastIndexOf("@");
+    const pathPattern = methodSeparatorIndex === -1 ? ruleValue : ruleValue.slice(0, methodSeparatorIndex);
+    const methods = methodSeparatorIndex === -1 ? [] : ruleValue.slice(methodSeparatorIndex + 1).split(",").map((method) => method.trim().toUpperCase()).filter((method) => method.length > 0);
+    const parsed = ImmediateClientErrorPathRulesSchema.safeParse([
+      {
+        status_code: status,
+        path_pattern: pathPattern,
+        methods
+      }
+    ]);
+    if (!parsed.success || parsed.data[0] === void 0) {
+      throw new CliInputError("Invalid value for --client-error-path-rule.");
+    }
+    return parsed.data[0];
+  }
   const action = requirePositional(parsedArgv, 1, "action");
   if (action === "get") {
     expectNoUnknownOptions(parsedArgv, ["auth-file", "json", "project"]);
@@ -32732,7 +32960,9 @@ async function handleCapturePolicyCommand(parsedArgv, dependencies) {
       "preset",
       "override",
       "client-error-incidents",
-      "client-error-statuses"
+      "client-error-statuses",
+      "client-error-path-rule",
+      "client-error-path-rules-json"
     ]);
     ensureNoExtraPositionals(parsedArgv, 2);
     const projectId = readStringOption(parsedArgv, "project");
@@ -32759,9 +32989,14 @@ async function handleCapturePolicyCommand(parsedArgv, dependencies) {
     }
     const clientErrorIncidents = readStringOption(parsedArgv, "client-error-incidents");
     const clientErrorStatuses = readStringOption(parsedArgv, "client-error-statuses");
+    const clientErrorPathRuleOptions = readStringListOption(parsedArgv, "client-error-path-rule") ?? [];
+    const clientErrorPathRulesJson = readJsonOption(parsedArgv, "client-error-path-rules-json");
     if (clientErrorStatuses !== void 0 && clientErrorIncidents !== "custom") {
       throw new CliInputError("Use --client-error-statuses only with --client-error-incidents custom.");
     }
+    if (clientErrorPathRuleOptions.length > 0 && clientErrorPathRulesJson !== void 0) {
+      throw new CliInputError("Use either --client-error-path-rule or --client-error-path-rules-json, not both.");
+    }
     if (clientErrorIncidents !== void 0) {
       switch (clientErrorIncidents) {
         case "preset-default":
@@ -32783,6 +33018,22 @@ async function handleCapturePolicyCommand(parsedArgv, dependencies) {
           throw new CliInputError("Invalid value for --client-error-incidents.");
       }
     }
+    if (clientErrorPathRulesJson !== void 0) {
+      if (clientErrorPathRulesJson === null) {
+        update.immediate_client_error_path_rules = null;
+      } else {
+        const parsed = ImmediateClientErrorPathRulesSchema.safeParse(clientErrorPathRulesJson);
+        if (!parsed.success) {
+          throw new CliInputError("Invalid value for --client-error-path-rules-json.");
+        }
+        update.immediate_client_error_path_rules = parsed.data;
+      }
+    }
+    if (clientErrorPathRuleOptions.length > 0) {
+      update.immediate_client_error_path_rules = ImmediateClientErrorPathRulesSchema.parse(
+        clientErrorPathRuleOptions.map(parseClientErrorPathRuleOption)
+      );
+    }
     if (Object.keys(update).length === 0) {
       throw new CliInputError("At least one capture policy field must be provided.");
     }
@@ -34488,7 +34739,7 @@ async function handleCaptureRuleCommand2(parsedArgv, dependencies) {
 // package.json
 var package_default = {
   name: "@debugbundle/cli",
-  version: "1.1.1",
+  version: "1.2.0",
   private: false,
   description: "Command-line interface for DebugBundle",
   license: "AGPL-3.0-only",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@debugbundle/cli",
-  "version": "1.1.1",
+  "version": "1.2.0",
   "private": false,
   "description": "Command-line interface for DebugBundle",
   "license": "AGPL-3.0-only",