@debugbundle/cli 1.3.0 → 1.5.0

package/dist/main.cjs

@@ -14462,6 +14462,113 @@ var coerce = {
 };
 var NEVER = INVALID;
 
+// ../../packages/shared-types/src/tier-capabilities.ts
+var TIER_CAPABILITIES = {
+  free: {
+    remote_probes: false,
+    github_automation: false,
+    slack_integration: false,
+    cloud_improvement_bundles: false,
+    shared_dashboards: false,
+    member_invites: false,
+    included_capacity_units: 1,
+    max_members: 1,
+    ingestion_rate_per_min: 1e3,
+    retrieval_rate_per_min: 100,
+    bundle_retention_days: 7,
+    raw_event_retention_days: 7,
+    // Allowance buckets (account-level pool, not per capacity unit)
+    monthly_bundle_requests: 100,
+    monthly_raw_ingested_events: 750,
+    retained_bundle_cap: 50,
+    monthly_remote_activations: 0,
+    monthly_alert_deliveries: 25,
+    monthly_webhook_deliveries: 100,
+    availability_checks_per_project: 1,
+    availability_check_min_interval_seconds: 300
+  },
+  solo: {
+    remote_probes: true,
+    github_automation: true,
+    slack_integration: false,
+    cloud_improvement_bundles: true,
+    shared_dashboards: false,
+    member_invites: false,
+    included_capacity_units: 3,
+    max_members: 1,
+    ingestion_rate_per_min: 5e3,
+    retrieval_rate_per_min: 300,
+    bundle_retention_days: 30,
+    raw_event_retention_days: 14,
+    // Per-unit allowance (multiply by included and purchased capacity units)
+    monthly_bundle_requests: 250,
+    monthly_raw_ingested_events: 3500,
+    retained_bundle_cap: 150,
+    monthly_remote_activations: 25,
+    monthly_alert_deliveries: 75,
+    monthly_webhook_deliveries: 250,
+    availability_checks_per_project: 5,
+    availability_check_min_interval_seconds: 60
+  },
+  team: {
+    remote_probes: true,
+    github_automation: true,
+    slack_integration: true,
+    cloud_improvement_bundles: true,
+    shared_dashboards: true,
+    member_invites: true,
+    included_capacity_units: 15,
+    max_members: 1e3,
+    ingestion_rate_per_min: 1e4,
+    retrieval_rate_per_min: 500,
+    bundle_retention_days: 90,
+    raw_event_retention_days: 30,
+    // Per-unit allowance (multiply by included and purchased capacity units)
+    monthly_bundle_requests: 1e3,
+    monthly_raw_ingested_events: 1e4,
+    retained_bundle_cap: 400,
+    monthly_remote_activations: 50,
+    monthly_alert_deliveries: 300,
+    monthly_webhook_deliveries: 1e3,
+    availability_checks_per_project: 25,
+    availability_check_min_interval_seconds: 30
+  }
+};
+var SELFHOST_CAPABILITIES = {
+  remote_probes: true,
+  github_automation: true,
+  slack_integration: true,
+  cloud_improvement_bundles: true,
+  shared_dashboards: true,
+  member_invites: true,
+  included_capacity_units: 1e6,
+  max_members: 1e3,
+  ingestion_rate_per_min: 1e6,
+  retrieval_rate_per_min: 1e5,
+  bundle_retention_days: 36500,
+  raw_event_retention_days: 36500,
+  monthly_bundle_requests: 1e9,
+  monthly_raw_ingested_events: 1e9,
+  retained_bundle_cap: 1e6,
+  monthly_remote_activations: 1e6,
+  monthly_alert_deliveries: 1e6,
+  monthly_webhook_deliveries: 1e6,
+  availability_checks_per_project: 1e6,
+  availability_check_min_interval_seconds: 30
+};
+function isSelfHostMode() {
+  return typeof process !== "undefined" && process.env["SELFHOST_MODE"] === "true";
+}
+function getTierCapabilities(plan) {
+  if (isSelfHostMode()) {
+    return SELFHOST_CAPABILITIES;
+  }
+  if (plan !== void 0 && plan in TIER_CAPABILITIES) {
+    return TIER_CAPABILITIES[plan];
+  }
+  return TIER_CAPABILITIES.free;
+}
+
 // ../../packages/shared-types/src/capture-policy.ts
 var EventClassValues = [
   "incident_signal",
@@ -14707,6 +14814,7 @@ function isRouteOnlyExternalProbe(normalizedRoute) {
     "/__debug__/render_panel",
     "/actuator",
     "/autodiscover/autodiscover.json",
+    "/containers/json",
     "/developmentserver/metadatauploader",
     "/cpanel",
     "/favicon.ico",
@@ -16830,6 +16938,9 @@ function createRetrievalApi(client) {
       if (input2.severity !== void 0) {
         query.set("severity", input2.severity);
       }
+      if (input2.firstSeenAfter !== void 0) {
+        query.set("first_seen_after", input2.firstSeenAfter);
+      }
       if (input2.cursor !== void 0) {
         query.set("cursor", input2.cursor);
       }
@@ -17086,6 +17197,88 @@ function createRetrievalApi(client) {
   };
 }
 
+// ../../packages/storage/src/account-analytics-store.ts
+var ACCOUNT_METRIC_KEYS = [
+  "account_created",
+  "account_deleted",
+  "project_created",
+  "project_deleted",
+  "raw_events_accepted",
+  "raw_events_rejected",
+  "events_rejected_malformed",
+  "events_rejected_rate_limited",
+  "events_rejected_quota",
+  "events_rejected_capture_policy",
+  "events_rejected_capture_rule",
+  "billable_events_counted",
+  "incident_signal_events_counted",
+  "context_signal_events_counted",
+  "operational_signal_events_counted",
+  "local_verification_events_accepted",
+  "cloud_verification_events_accepted",
+  "incidents_opened",
+  "incidents_resolved",
+  "incidents_reopened",
+  "incidents_regressed",
+  "incident_occurrences",
+  "incident_occurrences_high_severity",
+  "incident_occurrences_critical_severity",
+  "incidents_auto_detected_spiking",
+  "failure_bundles_created",
+  "failure_bundles_updated",
+  "failure_bundle_generations_failed",
+  "improvement_bundles_created",
+  "improvement_bundles_updated",
+  "improvement_bundle_generations_failed",
+  "reproductions_created",
+  "reproductions_failed",
+  "retention_bundle_owners_rotated",
+  "improvements_opened",
+  "improvements_resolved",
+  "improvements_reopened",
+  "improvements_snoozed",
+  "recurring_incident_improvements_opened",
+  "post_deploy_regression_improvements_opened",
+  "slow_request_improvements_opened",
+  "request_failure_improvements_opened",
+  "warning_log_improvements_opened",
+  "alert_deliveries_created",
+  "alert_deliveries_delivered",
+  "alert_deliveries_failed",
+  "alert_email_digests_sent",
+  "operational_emails_sent",
+  "weekly_reports_sent",
+  "weekly_reports_failed",
+  "webhook_deliveries_created",
+  "webhook_deliveries_delivered",
+  "webhook_deliveries_failed",
+  "webhooks_auto_disabled",
+  "github_dispatches_created",
+  "github_dispatches_delivered",
+  "github_dispatches_failed",
+  "github_dispatch_rules_created",
+  "github_dispatch_rules_deleted",
+  "remote_probe_activations_created",
+  "remote_probe_activations_expired",
+  "probe_events_accepted",
+  "capture_rules_created",
+  "capture_rules_deleted",
+  "capture_policy_updates",
+  "trial_started",
+  "trial_converted",
+  "trial_expired",
+  "plan_upgraded",
+  "plan_downgraded",
+  "capacity_units_purchased",
+  "capacity_units_reduced",
+  "allowance_warning_emails_sent",
+  "allowance_limit_emails_sent",
+  "projects_existing_at_account_deletion",
+  "open_incidents_existing_at_account_deletion",
+  "open_improvements_existing_at_account_deletion"
+];
+var AccountMetricKeySchema = external_exports.enum(ACCOUNT_METRIC_KEYS);
+
 // ../../packages/storage/src/incident-context.ts
 function isRecord2(value) {
   return typeof value === "object" && value !== null && !Array.isArray(value);
@@ -17371,11 +17564,24 @@ function deriveIncidentReasonFromSourceEventTypes(eventTypes) {
 // ../../packages/auth/src/primitives.ts
 var import_argon2 = require("@node-rs/argon2");
 
+// ../../packages/auth/src/account-deletion-auth.ts
+var DEFAULT_ACCOUNT_DELETION_CODE_LIFETIME_MS = 1e3 * 60 * 10;
+
 // ../../packages/auth/src/web-session-auth.ts
 var DEFAULT_SESSION_LIFETIME_MS = 1e3 * 60 * 60 * 24 * 7;
 var DEFAULT_EMAIL_AUTH_CODE_LIFETIME_MS = 1e3 * 60 * 10;
 var DEFAULT_GITHUB_OAUTH_STATE_LIFETIME_MS = 1e3 * 60 * 10;
 
+// ../../packages/storage/src/availability-check-store-helpers.ts
+var TIER_CAPABILITIES_SQL = {
+  free_limit: getTierCapabilities("free").availability_checks_per_project,
+  solo_limit: getTierCapabilities("solo").availability_checks_per_project,
+  team_limit: getTierCapabilities("team").availability_checks_per_project,
+  free_interval: getTierCapabilities("free").availability_check_min_interval_seconds,
+  solo_interval: getTierCapabilities("solo").availability_check_min_interval_seconds,
+  team_interval: getTierCapabilities("team").availability_check_min_interval_seconds
+};
+
 // ../../packages/storage/src/auth-rate-limiter.ts
 var import_ioredis = __toESM(require_built3(), 1);
 
@@ -17880,8 +18086,131 @@ function classifyEvent(eventType, logLevel, probeActivationId, payload, captureP
 var import_ioredis4 = __toESM(require_built3(), 1);
 var DEFAULT_PROCESSING_TIMEOUT_MS = 5 * 60 * 1e3;
 
-// ../../packages/storage/src/schema-migrations.ts
-var import_node_crypto2 = require("node:crypto");
+// ../../packages/storage/src/availability-check-bootstrap-statements.ts
+var AVAILABILITY_CHECK_BOOTSTRAP_STATEMENTS = [
+  `
+    CREATE TABLE availability_checks (
+      id uuid PRIMARY KEY,
+      project_id uuid NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
+      created_by_user_id uuid REFERENCES users(id) ON DELETE SET NULL,
+      name text NOT NULL,
+      url text NOT NULL,
+      method text NOT NULL CHECK (method IN ('GET', 'HEAD')),
+      expected_status_min integer NOT NULL DEFAULT 200 CHECK (expected_status_min BETWEEN 100 AND 599),
+      expected_status_max integer NOT NULL DEFAULT 399 CHECK (expected_status_max BETWEEN 100 AND 599),
+      timeout_ms integer NOT NULL DEFAULT 5000 CHECK (timeout_ms BETWEEN 500 AND 5000),
+      interval_seconds integer NOT NULL CHECK (interval_seconds >= 30),
+      failure_threshold integer NOT NULL DEFAULT 3 CHECK (failure_threshold BETWEEN 1 AND 10),
+      recovery_threshold integer NOT NULL DEFAULT 2 CHECK (recovery_threshold BETWEEN 1 AND 10),
+      environment text NOT NULL DEFAULT 'production',
+      service_name text,
+      enabled boolean NOT NULL DEFAULT true,
+      status text NOT NULL DEFAULT 'unknown' CHECK (status IN ('unknown', 'passing', 'failing')),
+      consecutive_failures integer NOT NULL DEFAULT 0,
+      consecutive_successes integer NOT NULL DEFAULT 0,
+      linked_incident_id uuid REFERENCES incidents(id) ON DELETE SET NULL,
+      last_checked_at timestamptz,
+      next_check_at timestamptz,
+      claimed_at timestamptz,
+      last_result_status text CHECK (
+        last_result_status IS NULL OR last_result_status IN (
+          'success',
+          'http_status_mismatch',
+          'timeout',
+          'dns_error',
+          'tls_error',
+          'connection_error',
+          'redirect_blocked',
+          'security_blocked',
+          'internal_error'
+        )
+      ),
+      last_result_http_status integer,
+      last_result_error_kind text,
+      last_result_error_message text,
+      last_result_duration_ms integer,
+      deleted_at timestamptz,
+      created_at timestamptz NOT NULL DEFAULT now(),
+      updated_at timestamptz NOT NULL DEFAULT now()
+    )
+  `,
+  `
+    CREATE INDEX availability_checks_project_created_idx
+    ON availability_checks (project_id, created_at DESC)
+  `,
+  `
+    CREATE INDEX availability_checks_due_idx
+    ON availability_checks (next_check_at, project_id)
+  `,
+  `
+    CREATE INDEX availability_checks_claimed_idx
+    ON availability_checks (claimed_at)
+  `,
+  `
+    CREATE TABLE availability_check_results (
+      id uuid PRIMARY KEY,
+      check_id uuid NOT NULL REFERENCES availability_checks(id) ON DELETE CASCADE,
+      project_id uuid NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
+      started_at timestamptz NOT NULL,
+      completed_at timestamptz NOT NULL,
+      duration_ms integer NOT NULL,
+      status text NOT NULL CHECK (
+        status IN (
+          'success',
+          'http_status_mismatch',
+          'timeout',
+          'dns_error',
+          'tls_error',
+          'connection_error',
+          'redirect_blocked',
+          'security_blocked',
+          'internal_error'
+        )
+      ),
+      http_status integer,
+      error_kind text,
+      error_message text,
+      redirect_count integer NOT NULL DEFAULT 0,
+      checked_url_host text NOT NULL,
+      checked_url_path text NOT NULL,
+      final_url text NOT NULL,
+      created_at timestamptz NOT NULL DEFAULT now()
+    )
+  `,
+  `
+    CREATE INDEX availability_check_results_check_started_idx
+    ON availability_check_results (check_id, started_at DESC)
+  `,
+  `
+    CREATE INDEX availability_check_results_project_started_idx
+    ON availability_check_results (project_id, started_at DESC)
+  `,
+  `
+    CREATE TABLE availability_check_daily_rollups (
+      id uuid PRIMARY KEY,
+      check_id uuid NOT NULL REFERENCES availability_checks(id) ON DELETE CASCADE,
+      project_id uuid NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
+      day date NOT NULL,
+      state text NOT NULL CHECK (state IN ('unknown', 'operational', 'degraded', 'down', 'paused')),
+      total_checks integer NOT NULL DEFAULT 0,
+      successful_checks integer NOT NULL DEFAULT 0,
+      failed_checks integer NOT NULL DEFAULT 0,
+      degraded_checks integer NOT NULL DEFAULT 0,
+      avg_duration_ms integer,
+      first_checked_at timestamptz,
+      last_checked_at timestamptz,
+      downtime_seconds integer NOT NULL DEFAULT 0,
+      incident_ids uuid[] NOT NULL DEFAULT '{}'::uuid[],
+      created_at timestamptz NOT NULL DEFAULT now(),
+      updated_at timestamptz NOT NULL DEFAULT now(),
+      UNIQUE (check_id, day)
+    )
+  `,
+  `
+    CREATE INDEX availability_check_daily_rollups_project_day_idx
+    ON availability_check_daily_rollups (project_id, day DESC)
+  `
+];
 
 // ../../packages/storage/src/storage-bootstrap-statements.ts
 var STORAGE_BOOTSTRAP_STATEMENTS = [
@@ -18050,6 +18379,7 @@ var STORAGE_BOOTSTRAP_STATEMENTS = [
       user_id uuid NOT NULL REFERENCES users(id) ON DELETE CASCADE,
       organization_id uuid NOT NULL REFERENCES organizations(id) ON DELETE CASCADE,
       session_token_hash text UNIQUE NOT NULL,
+      auth_method text CHECK (auth_method IS NULL OR auth_method IN ('email_code', 'github_oauth')),
       created_at timestamptz NOT NULL DEFAULT now(),
       expires_at timestamptz NOT NULL,
       revoked_at timestamptz
@@ -18082,6 +18412,26 @@ var STORAGE_BOOTSTRAP_STATEMENTS = [
     CREATE INDEX email_auth_challenges_code_hash_idx
     ON email_auth_challenges (code_hash)
   `,
+  `
+    CREATE TABLE account_deletion_challenges (
+      id uuid PRIMARY KEY,
+      organization_id uuid NOT NULL REFERENCES organizations(id) ON DELETE CASCADE,
+      user_id uuid NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+      email text NOT NULL,
+      code_hash text NOT NULL,
+      created_at timestamptz NOT NULL DEFAULT now(),
+      expires_at timestamptz NOT NULL,
+      used_at timestamptz
+    )
+  `,
+  `
+    CREATE INDEX account_deletion_challenges_scope_idx
+    ON account_deletion_challenges (organization_id, user_id, lower(email), created_at DESC)
+  `,
+  `
+    CREATE INDEX account_deletion_challenges_code_hash_idx
+    ON account_deletion_challenges (code_hash)
+  `,
   `
     CREATE TABLE github_device_authorizations (
       id uuid PRIMARY KEY,
@@ -18792,6 +19142,103 @@ var STORAGE_BOOTSTRAP_STATEMENTS = [
       PRIMARY KEY (organization_id, period_starts_at)
     )
   `,
+  `
+    CREATE TABLE project_usage_counters (
+      project_id uuid NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
+      period_starts_at timestamptz NOT NULL,
+      raw_ingested_events integer NOT NULL DEFAULT 0,
+      updated_at timestamptz NOT NULL DEFAULT now(),
+      PRIMARY KEY (project_id, period_starts_at)
+    )
+  `,
+  `
+    CREATE TABLE account_analytics_accounts (
+      analytics_account_id uuid PRIMARY KEY,
+      organization_id uuid UNIQUE,
+      organization_id_hash text NOT NULL UNIQUE,
+      created_at timestamptz NOT NULL,
+      first_seen_at timestamptz NOT NULL,
+      metrics_collection_started_at timestamptz NOT NULL,
+      backfilled_from_retained_rows_at timestamptz,
+      deleted_at timestamptz,
+      initial_plan text,
+      latest_known_plan text,
+      latest_capacity_units integer,
+      account_deleted boolean NOT NULL DEFAULT false,
+      metrics_schema_version integer NOT NULL DEFAULT 1,
+      updated_at timestamptz NOT NULL DEFAULT now()
+    )
+  `,
+  `
+    CREATE TABLE account_metric_periods (
+      analytics_account_id uuid NOT NULL REFERENCES account_analytics_accounts(analytics_account_id),
+      period_grain text NOT NULL CHECK (period_grain IN ('day', 'month', 'year', 'lifetime')),
+      period_starts_at timestamptz NOT NULL,
+      metric_key text NOT NULL,
+      metric_value bigint NOT NULL DEFAULT 0,
+      updated_at timestamptz NOT NULL DEFAULT now(),
+      PRIMARY KEY (analytics_account_id, period_grain, period_starts_at, metric_key)
+    )
+  `,
+  `
+    CREATE INDEX account_metric_periods_grain_period_metric_idx
+    ON account_metric_periods (period_grain, period_starts_at, metric_key)
+  `,
+  `
+    CREATE INDEX account_metric_periods_account_grain_period_idx
+    ON account_metric_periods (analytics_account_id, period_grain, period_starts_at)
+  `,
+  `
+    CREATE TABLE account_metric_events (
+      dedupe_key_hash text PRIMARY KEY,
+      analytics_account_id uuid NOT NULL REFERENCES account_analytics_accounts(analytics_account_id),
+      metric_source text NOT NULL,
+      occurred_at timestamptz NOT NULL,
+      recorded_at timestamptz NOT NULL DEFAULT now(),
+      metric_deltas jsonb NOT NULL
+    )
+  `,
+  `
+    CREATE TABLE account_payment_retention_records (
+      id uuid PRIMARY KEY,
+      analytics_account_id uuid NOT NULL REFERENCES account_analytics_accounts(analytics_account_id),
+      organization_id_hash text NOT NULL,
+      provider text NOT NULL,
+      plan text,
+      billing_state text,
+      stripe_customer_id text,
+      stripe_subscription_id text,
+      billing_period_starts_at timestamptz,
+      billing_period_ends_at timestamptz,
+      additional_capacity_units integer,
+      last_billing_event_id text,
+      account_deleted_at timestamptz NOT NULL,
+      recorded_at timestamptz NOT NULL DEFAULT now(),
+      updated_at timestamptz NOT NULL DEFAULT now(),
+      UNIQUE (analytics_account_id, provider)
+    )
+  `,
+  `
+    CREATE INDEX account_payment_retention_records_provider_idx
+    ON account_payment_retention_records (provider, account_deleted_at DESC)
+  `,
+  `
+    CREATE TABLE account_payment_provider_events (
+      provider_event_key text PRIMARY KEY,
+      analytics_account_id uuid NOT NULL REFERENCES account_analytics_accounts(analytics_account_id),
+      organization_id_hash text NOT NULL,
+      provider text NOT NULL,
+      provider_event_id text NOT NULL,
+      provider_event_type text NOT NULL,
+      processed_at timestamptz NOT NULL,
+      account_deleted_at timestamptz NOT NULL,
+      recorded_at timestamptz NOT NULL DEFAULT now()
+    )
+  `,
+  `
+    CREATE UNIQUE INDEX account_payment_provider_events_provider_event_key
+    ON account_payment_provider_events (provider, provider_event_id)
+  `,
   `
     CREATE TABLE operational_email_deliveries (
       id uuid PRIMARY KEY,
@@ -18861,12 +19308,257 @@ var STORAGE_BOOTSTRAP_STATEMENTS = [
   `
 ];
 
+// ../../packages/storage/src/storage-bootstrap-all-statements.ts
+var STORAGE_BOOTSTRAP_STATEMENTS2 = [
+  ...STORAGE_BOOTSTRAP_STATEMENTS,
+  ...AVAILABILITY_CHECK_BOOTSTRAP_STATEMENTS
+];
+
 // ../../packages/storage/src/migrations.ts
-var STORAGE_BOOTSTRAP_SQL = STORAGE_BOOTSTRAP_STATEMENTS.join(";\n\n");
+var STORAGE_BOOTSTRAP_SQL = STORAGE_BOOTSTRAP_STATEMENTS2.join(";\n\n");
 
-// ../../packages/storage/src/schema-migrations.ts
+// ../../packages/storage/src/availability-check-schema-migrations.ts
+var import_node_crypto2 = require("node:crypto");
+function defineAvailabilityCheckStorageSchemaMigration(input2) {
+  return {
+    ...input2,
+    checksum: (0, import_node_crypto2.createHash)("sha256").update(JSON.stringify(input2)).digest("hex")
+  };
+}
+var AVAILABILITY_CHECK_STORAGE_SCHEMA_MIGRATIONS = [
+  defineAvailabilityCheckStorageSchemaMigration({
+    id: "202606150001_add_availability_checks",
+    description: "Add project-scoped availability checks, result history, and daily rollups.",
+    statements: [
+      `
+        CREATE TABLE IF NOT EXISTS availability_checks (
+          id uuid PRIMARY KEY,
+          project_id uuid NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
+          created_by_user_id uuid REFERENCES users(id) ON DELETE SET NULL,
+          name text NOT NULL,
+          url text NOT NULL,
+          method text NOT NULL,
+          expected_status_min integer NOT NULL DEFAULT 200,
+          expected_status_max integer NOT NULL DEFAULT 399,
+          timeout_ms integer NOT NULL DEFAULT 5000,
+          interval_seconds integer NOT NULL,
+          failure_threshold integer NOT NULL DEFAULT 3,
+          recovery_threshold integer NOT NULL DEFAULT 2,
+          environment text NOT NULL DEFAULT 'production',
+          service_name text,
+          enabled boolean NOT NULL DEFAULT true,
+          status text NOT NULL DEFAULT 'unknown',
+          consecutive_failures integer NOT NULL DEFAULT 0,
+          consecutive_successes integer NOT NULL DEFAULT 0,
+          linked_incident_id uuid REFERENCES incidents(id) ON DELETE SET NULL,
+          last_checked_at timestamptz,
+          next_check_at timestamptz,
+          claimed_at timestamptz,
+          last_result_status text,
+          last_result_http_status integer,
+          last_result_error_kind text,
+          last_result_error_message text,
+          last_result_duration_ms integer,
+          deleted_at timestamptz,
+          created_at timestamptz NOT NULL DEFAULT now(),
+          updated_at timestamptz NOT NULL DEFAULT now()
+        )
+      `,
+      `
+        ALTER TABLE availability_checks
+        DROP CONSTRAINT IF EXISTS availability_checks_method_check
+      `,
+      `
+        ALTER TABLE availability_checks
+        ADD CONSTRAINT availability_checks_method_check
+        CHECK (method IN ('GET', 'HEAD'))
+      `,
+      `
+        ALTER TABLE availability_checks
+        DROP CONSTRAINT IF EXISTS availability_checks_expected_status_min_check
+      `,
+      `
+        ALTER TABLE availability_checks
+        ADD CONSTRAINT availability_checks_expected_status_min_check
+        CHECK (expected_status_min BETWEEN 100 AND 599)
+      `,
+      `
+        ALTER TABLE availability_checks
+        DROP CONSTRAINT IF EXISTS availability_checks_expected_status_max_check
+      `,
+      `
+        ALTER TABLE availability_checks
+        ADD CONSTRAINT availability_checks_expected_status_max_check
+        CHECK (expected_status_max BETWEEN 100 AND 599)
+      `,
+      `
+        ALTER TABLE availability_checks
+        DROP CONSTRAINT IF EXISTS availability_checks_timeout_ms_check
+      `,
+      `
+        ALTER TABLE availability_checks
+        ADD CONSTRAINT availability_checks_timeout_ms_check
+        CHECK (timeout_ms BETWEEN 500 AND 5000)
+      `,
+      `
+        ALTER TABLE availability_checks
+        DROP CONSTRAINT IF EXISTS availability_checks_interval_seconds_check
+      `,
+      `
+        ALTER TABLE availability_checks
+        ADD CONSTRAINT availability_checks_interval_seconds_check
+        CHECK (interval_seconds >= 30)
+      `,
+      `
+        ALTER TABLE availability_checks
+        DROP CONSTRAINT IF EXISTS availability_checks_failure_threshold_check
+      `,
+      `
+        ALTER TABLE availability_checks
+        ADD CONSTRAINT availability_checks_failure_threshold_check
+        CHECK (failure_threshold BETWEEN 1 AND 10)
+      `,
+      `
+        ALTER TABLE availability_checks
+        DROP CONSTRAINT IF EXISTS availability_checks_recovery_threshold_check
+      `,
+      `
+        ALTER TABLE availability_checks
+        ADD CONSTRAINT availability_checks_recovery_threshold_check
+        CHECK (recovery_threshold BETWEEN 1 AND 10)
+      `,
+      `
+        ALTER TABLE availability_checks
+        DROP CONSTRAINT IF EXISTS availability_checks_status_check
+      `,
+      `
+        ALTER TABLE availability_checks
+        ADD CONSTRAINT availability_checks_status_check
+        CHECK (status IN ('unknown', 'passing', 'failing'))
+      `,
+      `
+        ALTER TABLE availability_checks
+        DROP CONSTRAINT IF EXISTS availability_checks_last_result_status_check
+      `,
+      `
+        ALTER TABLE availability_checks
+        ADD CONSTRAINT availability_checks_last_result_status_check
+        CHECK (
+          last_result_status IS NULL OR last_result_status IN (
+            'success',
+            'http_status_mismatch',
+            'timeout',
+            'dns_error',
+            'tls_error',
+            'connection_error',
+            'redirect_blocked',
+            'security_blocked',
+            'internal_error'
+          )
+        )
+      `,
+      `
+        CREATE INDEX IF NOT EXISTS availability_checks_project_created_idx
+        ON availability_checks (project_id, created_at DESC)
+      `,
+      `
+        CREATE INDEX IF NOT EXISTS availability_checks_due_idx
+        ON availability_checks (next_check_at, project_id)
+      `,
+      `
+        CREATE INDEX IF NOT EXISTS availability_checks_claimed_idx
+        ON availability_checks (claimed_at)
+      `,
+      `
+        CREATE TABLE IF NOT EXISTS availability_check_results (
+          id uuid PRIMARY KEY,
+          check_id uuid NOT NULL REFERENCES availability_checks(id) ON DELETE CASCADE,
+          project_id uuid NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
+          started_at timestamptz NOT NULL,
+          completed_at timestamptz NOT NULL,
+          duration_ms integer NOT NULL,
+          status text NOT NULL,
+          http_status integer,
+          error_kind text,
+          error_message text,
+          redirect_count integer NOT NULL DEFAULT 0,
+          checked_url_host text NOT NULL,
+          checked_url_path text NOT NULL,
+          final_url text NOT NULL,
+          created_at timestamptz NOT NULL DEFAULT now()
+        )
+      `,
+      `
+        ALTER TABLE availability_check_results
+        DROP CONSTRAINT IF EXISTS availability_check_results_status_check
+      `,
+      `
+        ALTER TABLE availability_check_results
+        ADD CONSTRAINT availability_check_results_status_check
+        CHECK (
+          status IN (
+            'success',
+            'http_status_mismatch',
+            'timeout',
+            'dns_error',
+            'tls_error',
+            'connection_error',
+            'redirect_blocked',
+            'security_blocked',
+            'internal_error'
+          )
+        )
+      `,
+      `
+        CREATE INDEX IF NOT EXISTS availability_check_results_check_started_idx
+        ON availability_check_results (check_id, started_at DESC)
+      `,
+      `
+        CREATE INDEX IF NOT EXISTS availability_check_results_project_started_idx
+        ON availability_check_results (project_id, started_at DESC)
+      `,
+      `
+        CREATE TABLE IF NOT EXISTS availability_check_daily_rollups (
+          id uuid PRIMARY KEY,
+          check_id uuid NOT NULL REFERENCES availability_checks(id) ON DELETE CASCADE,
+          project_id uuid NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
+          day date NOT NULL,
+          state text NOT NULL,
+          total_checks integer NOT NULL DEFAULT 0,
+          successful_checks integer NOT NULL DEFAULT 0,
+          failed_checks integer NOT NULL DEFAULT 0,
+          degraded_checks integer NOT NULL DEFAULT 0,
+          avg_duration_ms integer,
+          first_checked_at timestamptz,
+          last_checked_at timestamptz,
+          downtime_seconds integer NOT NULL DEFAULT 0,
+          incident_ids uuid[] NOT NULL DEFAULT '{}'::uuid[],
+          created_at timestamptz NOT NULL DEFAULT now(),
+          updated_at timestamptz NOT NULL DEFAULT now(),
+          UNIQUE (check_id, day)
+        )
+      `,
+      `
+        ALTER TABLE availability_check_daily_rollups
+        DROP CONSTRAINT IF EXISTS availability_check_daily_rollups_state_check
+      `,
+      `
+        ALTER TABLE availability_check_daily_rollups
+        ADD CONSTRAINT availability_check_daily_rollups_state_check
+        CHECK (state IN ('unknown', 'operational', 'degraded', 'down', 'paused'))
+      `,
+      `
+        CREATE INDEX IF NOT EXISTS availability_check_daily_rollups_project_day_idx
+        ON availability_check_daily_rollups (project_id, day DESC)
+      `
+    ]
+  })
+];
+
+// ../../packages/storage/src/schema-migrations-catalog.ts
+var import_node_crypto3 = require("node:crypto");
 function computeMigrationChecksum(input2) {
-  return (0, import_node_crypto2.createHash)("sha256").update(JSON.stringify(input2)).digest("hex");
+  return (0, import_node_crypto3.createHash)("sha256").update(JSON.stringify(input2)).digest("hex");
 }
 function defineStorageSchemaMigration(input2) {
   return {
@@ -19560,38 +20252,205 @@ var STORAGE_SCHEMA_MIGRATIONS = [
     statements: [
       "ALTER TABLE capture_policies ADD COLUMN IF NOT EXISTS immediate_client_error_path_rules jsonb"
     ]
-  })
-];
-
-// src/local-retrieval-store.ts
-var CONNECTION_FILE_PATH2 = ".debugbundle/local/connection.json";
-var STATE_FILE_PATH = ".debugbundle/local/state.json";
-function isStringArray(value) {
-  return Array.isArray(value) && value.every((item) => typeof item === "string");
-}
-function createReadError(status, code) {
-  return new RetrievalApiError(status, code);
-}
-async function readJsonFile(path, dependencies) {
-  const readFile = dependencies?.readFile ?? import_promises3.readFile;
-  try {
-    return JSON.parse(await readFile(path, "utf8"));
-  } catch (error) {
-    if (isRecord(error) && error["code"] === "ENOENT") {
-      throw error;
-    }
-    throw createReadError(400, "invalid_local_json");
-  }
-}
-function parseLocalConnection(candidate) {
-  if (!isRecord(candidate) || candidate["mode"] !== "local-only" && candidate["mode"] !== "connected") {
-    throw createReadError(400, "invalid_local_connection_config");
-  }
-  return {
-    mode: candidate["mode"]
-  };
-}
-function parseLocalIncident(candidate) {
+  }),
+  defineStorageSchemaMigration({
+    id: "202606100001_add_project_usage_counters",
+    description: "Add durable project-level raw ingestion counters for project dashboard metrics.",
+    statements: [
+      `
+        CREATE TABLE IF NOT EXISTS project_usage_counters (
+          project_id uuid NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
+          period_starts_at timestamptz NOT NULL,
+          raw_ingested_events integer NOT NULL DEFAULT 0,
+          updated_at timestamptz NOT NULL DEFAULT now(),
+          PRIMARY KEY (project_id, period_starts_at)
+        )
+      `
+    ]
+  }),
+  defineStorageSchemaMigration({
+    id: "202606100002_add_account_deletion_challenges",
+    description: "Add scoped OTP challenges for account deletion confirmation.",
+    statements: [
+      `
+        CREATE TABLE IF NOT EXISTS account_deletion_challenges (
+          id uuid PRIMARY KEY,
+          organization_id uuid NOT NULL REFERENCES organizations(id) ON DELETE CASCADE,
+          user_id uuid NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+          email text NOT NULL,
+          code_hash text NOT NULL,
+          created_at timestamptz NOT NULL DEFAULT now(),
+          expires_at timestamptz NOT NULL,
+          used_at timestamptz
+        )
+      `,
+      `
+        CREATE INDEX IF NOT EXISTS account_deletion_challenges_scope_idx
+        ON account_deletion_challenges (organization_id, user_id, lower(email), created_at DESC)
+      `,
+      `
+        CREATE INDEX IF NOT EXISTS account_deletion_challenges_code_hash_idx
+        ON account_deletion_challenges (code_hash)
+      `
+    ]
+  }),
+  defineStorageSchemaMigration({
+    id: "202606100003_add_account_analytics_and_payment_retention",
+    description: "Add deletion-safe account analytics and payment retention ledgers.",
+    statements: [
+      `
+        CREATE TABLE IF NOT EXISTS account_analytics_accounts (
+          analytics_account_id uuid PRIMARY KEY,
+          organization_id uuid UNIQUE,
+          organization_id_hash text NOT NULL UNIQUE,
+          created_at timestamptz NOT NULL,
+          first_seen_at timestamptz NOT NULL,
+          metrics_collection_started_at timestamptz NOT NULL,
+          backfilled_from_retained_rows_at timestamptz,
+          deleted_at timestamptz,
+          initial_plan text,
+          latest_known_plan text,
+          latest_capacity_units integer,
+          account_deleted boolean NOT NULL DEFAULT false,
+          metrics_schema_version integer NOT NULL DEFAULT 1,
+          updated_at timestamptz NOT NULL DEFAULT now()
+        )
+      `,
+      `
+        CREATE TABLE IF NOT EXISTS account_metric_periods (
+          analytics_account_id uuid NOT NULL REFERENCES account_analytics_accounts(analytics_account_id),
+          period_grain text NOT NULL CHECK (period_grain IN ('day', 'month', 'year', 'lifetime')),
+          period_starts_at timestamptz NOT NULL,
+          metric_key text NOT NULL,
+          metric_value bigint NOT NULL DEFAULT 0,
+          updated_at timestamptz NOT NULL DEFAULT now(),
+          PRIMARY KEY (analytics_account_id, period_grain, period_starts_at, metric_key)
+        )
+      `,
+      `
+        CREATE INDEX IF NOT EXISTS account_metric_periods_grain_period_metric_idx
+        ON account_metric_periods (period_grain, period_starts_at, metric_key)
+      `,
+      `
+        CREATE INDEX IF NOT EXISTS account_metric_periods_account_grain_period_idx
+        ON account_metric_periods (analytics_account_id, period_grain, period_starts_at)
+      `,
+      `
+        CREATE TABLE IF NOT EXISTS account_metric_events (
+          dedupe_key_hash text PRIMARY KEY,
+          analytics_account_id uuid NOT NULL REFERENCES account_analytics_accounts(analytics_account_id),
+          metric_source text NOT NULL,
+          occurred_at timestamptz NOT NULL,
+          recorded_at timestamptz NOT NULL DEFAULT now(),
+          metric_deltas jsonb NOT NULL
+        )
+      `,
+      `
+        CREATE TABLE IF NOT EXISTS account_payment_retention_records (
+          id uuid PRIMARY KEY,
+          analytics_account_id uuid NOT NULL REFERENCES account_analytics_accounts(analytics_account_id),
+          organization_id_hash text NOT NULL,
+          provider text NOT NULL,
+          plan text,
+          billing_state text,
+          stripe_customer_id text,
+          stripe_subscription_id text,
+          billing_period_starts_at timestamptz,
+          billing_period_ends_at timestamptz,
+          additional_capacity_units integer,
+          last_billing_event_id text,
+          account_deleted_at timestamptz NOT NULL,
+          recorded_at timestamptz NOT NULL DEFAULT now(),
+          updated_at timestamptz NOT NULL DEFAULT now(),
+          UNIQUE (analytics_account_id, provider)
+        )
+      `,
+      `
+        CREATE INDEX IF NOT EXISTS account_payment_retention_records_provider_idx
+        ON account_payment_retention_records (provider, account_deleted_at DESC)
+      `,
+      `
+        CREATE TABLE IF NOT EXISTS account_payment_provider_events (
+          provider_event_key text PRIMARY KEY,
+          analytics_account_id uuid NOT NULL REFERENCES account_analytics_accounts(analytics_account_id),
+          organization_id_hash text NOT NULL,
+          provider text NOT NULL,
+          provider_event_id text NOT NULL,
+          provider_event_type text NOT NULL,
+          processed_at timestamptz NOT NULL,
+          account_deleted_at timestamptz NOT NULL,
+          recorded_at timestamptz NOT NULL DEFAULT now()
+        )
+      `,
+      `
+        CREATE UNIQUE INDEX IF NOT EXISTS account_payment_provider_events_provider_event_key
+        ON account_payment_provider_events (provider, provider_event_id)
+      `
+    ]
+  }),
+  defineStorageSchemaMigration({
+    id: "202606120001_add_session_auth_method",
+    description: "Track the auth method used to create each browser session.",
+    statements: [
+      "ALTER TABLE sessions ADD COLUMN IF NOT EXISTS auth_method text",
+      "ALTER TABLE sessions DROP CONSTRAINT IF EXISTS sessions_auth_method_check",
+      `
+        ALTER TABLE sessions
+        ADD CONSTRAINT sessions_auth_method_check
+        CHECK (auth_method IS NULL OR auth_method IN ('email_code', 'github_oauth'))
+      `
+    ]
+  }),
+  defineStorageSchemaMigration({
+    id: "202606130001_retire_expired_project_invites",
+    description: "Retire already-expired project invites so re-inviting the same email is unblocked.",
+    statements: [
+      `
+        UPDATE project_invites
+        SET canceled_at = expires_at
+        WHERE accepted_at IS NULL
+          AND canceled_at IS NULL
+          AND expires_at <= now()
+      `
+    ]
+  })
+];
+
+// ../../packages/storage/src/schema-migrations.ts
+var STORAGE_SCHEMA_MIGRATIONS2 = [
+  ...STORAGE_SCHEMA_MIGRATIONS,
+  ...AVAILABILITY_CHECK_STORAGE_SCHEMA_MIGRATIONS
+];
+
+// src/local-retrieval-store.ts
+var CONNECTION_FILE_PATH2 = ".debugbundle/local/connection.json";
+var STATE_FILE_PATH = ".debugbundle/local/state.json";
+function isStringArray(value) {
+  return Array.isArray(value) && value.every((item) => typeof item === "string");
+}
+function createReadError(status, code) {
+  return new RetrievalApiError(status, code);
+}
+async function readJsonFile(path, dependencies) {
+  const readFile = dependencies?.readFile ?? import_promises3.readFile;
+  try {
+    return JSON.parse(await readFile(path, "utf8"));
+  } catch (error) {
+    if (isRecord(error) && error["code"] === "ENOENT") {
+      throw error;
+    }
+    throw createReadError(400, "invalid_local_json");
+  }
+}
+function parseLocalConnection(candidate) {
+  if (!isRecord(candidate) || candidate["mode"] !== "local-only" && candidate["mode"] !== "connected") {
+    throw createReadError(400, "invalid_local_connection_config");
+  }
+  return {
+    mode: candidate["mode"]
+  };
+}
+function parseLocalIncident(candidate) {
   if (!isRecord(candidate)) {
     throw createReadError(400, "invalid_local_state");
   }
@@ -19763,7 +20622,7 @@ async function listLocalIncidents(input2, dependencies) {
       return true;
     }
     return incident.status === input2.status;
-  }).filter((incident) => input2.severity === void 0 ? true : incident.severity === input2.severity).sort(sortIncidentsDescending);
+  }).filter((incident) => input2.severity === void 0 ? true : incident.severity === input2.severity).filter((incident) => input2.firstSeenAfter === void 0 ? true : incident.first_seen_at >= input2.firstSeenAfter).sort(sortIncidentsDescending);
   const startIndex = input2.cursor === void 0 ? 0 : incidents.findIndex((incident) => buildCursor(incident) === input2.cursor) + 1;
   const pagedIncidents = input2.limit === void 0 ? incidents.slice(startIndex) : incidents.slice(startIndex, startIndex + input2.limit);
   const hasMore = input2.limit !== void 0 && startIndex + input2.limit < incidents.length;
@@ -20307,6 +21166,10 @@ var import_node_path9 = require("node:path");
 
 // ../../packages/project-management-client/src/index.ts
 var ProjectMetricsSchema = external_exports.object({
+  open_incidents: external_exports.number().int().nonnegative().default(0),
+  regressed_incidents: external_exports.number().int().nonnegative().default(0),
+  opened_incidents_today: external_exports.number().int().nonnegative().default(0),
+  opened_incidents_month: external_exports.number().int().nonnegative().default(0),
   monthly_bundle_requests: external_exports.number().int().nonnegative(),
   monthly_raw_ingested_events: external_exports.number().int().nonnegative(),
   retained_bundles: external_exports.number().int().nonnegative(),
@@ -23542,12 +24405,12 @@ async function doctorCommand(input2, dependencies = {}) {
 }
 
 // src/ingest-command.ts
-var import_node_crypto5 = require("node:crypto");
+var import_node_crypto6 = require("node:crypto");
 var import_promises11 = require("node:fs/promises");
 var import_node_path12 = require("node:path");
 
 // ../../packages/log-parser/src/project-id.ts
-var import_node_crypto3 = require("node:crypto");
+var import_node_crypto4 = require("node:crypto");
 var INGEST_SDK = {
   name: "debugbundle-ingest",
   version: "0.1.0"
@@ -23557,7 +24420,7 @@ function slugify(value) {
   return normalized.length > 0 ? normalized : "application";
 }
 function buildDeterministicUuid(parts) {
-  const digest = (0, import_node_crypto3.createHash)("sha256").update(parts.join("\0")).digest();
+  const digest = (0, import_node_crypto4.createHash)("sha256").update(parts.join("\0")).digest();
   const bytes = Uint8Array.from(digest.subarray(0, 16));
   bytes[6] = (bytes[6] ?? 0) & 15 | 80;
   bytes[8] = (bytes[8] ?? 0) & 63 | 128;
@@ -23862,7 +24725,7 @@ function parseLogFile(content, input2) {
 }
 
 // src/process-command.ts
-var import_node_crypto4 = require("node:crypto");
+var import_node_crypto5 = require("node:crypto");
 var import_promises10 = require("node:fs/promises");
 var import_node_path11 = require("node:path");
 
@@ -25036,7 +25899,7 @@ function mergeAggregateGroup(aggregates) {
   });
 }
 function hashIdentifier(parts, prefix, length) {
-  const digest = (0, import_node_crypto4.createHash)("sha256").update(parts.join("\0")).digest("hex");
+  const digest = (0, import_node_crypto5.createHash)("sha256").update(parts.join("\0")).digest("hex");
   return `${prefix}_${digest.slice(0, length)}`;
 }
 function deriveIncidentId(projectId, serviceName, environment, incidentFingerprint) {
@@ -25070,7 +25933,7 @@ function stableJson3(value) {
   return `{${keys.map((key) => `${JSON.stringify(key)}:${stableJson3(record[key])}`).join(",")}}`;
 }
 function buildRequestAnomalyFingerprint(input2) {
-  return (0, import_node_crypto4.createHash)("sha256").update(
+  return (0, import_node_crypto5.createHash)("sha256").update(
     stableJson3({
       kind: "request_status_anomaly",
       project_id: input2.projectId,
@@ -25704,7 +26567,7 @@ function buildEventFileName(events, filePath) {
     const candidate = Date.parse(event.occurred_at);
     return Number.isFinite(candidate) && candidate > latest ? candidate : latest;
   }, 0);
-  const digest = (0, import_node_crypto5.createHash)("sha256").update([filePath, ...events.map((event) => event.event_id)].join("\0")).digest("hex").slice(0, 8);
+  const digest = (0, import_node_crypto6.createHash)("sha256").update([filePath, ...events.map((event) => event.event_id)].join("\0")).digest("hex").slice(0, 8);
   return `${lastOccurredAt}-${digest}-${slugify2(events[0]?.service.name ?? (0, import_node_path12.basename)(filePath))}.events.json`;
 }
 function formatHumanOutput(summary) {
@@ -27321,6 +28184,7 @@ async function listAllCloudIncidents(input2, api) {
       ...input2.service === void 0 ? {} : { service: input2.service },
       ...input2.status === void 0 ? {} : { status: input2.status },
       ...input2.severity === void 0 ? {} : { severity: input2.severity },
+      ...input2.firstSeenAfter === void 0 ? {} : { firstSeenAfter: input2.firstSeenAfter },
       ...cursor === void 0 ? {} : { cursor }
     });
     incidents.push(
@@ -27341,7 +28205,8 @@ async function mapCombinedIncidentListResult(input2, api, dependencies) {
       ...input2.environment === void 0 ? {} : { environment: input2.environment },
       ...input2.service === void 0 ? {} : { service: input2.service },
       ...input2.status === void 0 ? {} : { status: input2.status },
-      ...input2.severity === void 0 ? {} : { severity: input2.severity }
+      ...input2.severity === void 0 ? {} : { severity: input2.severity },
+      ...input2.firstSeenAfter === void 0 ? {} : { firstSeenAfter: input2.firstSeenAfter }
     },
     dependencies
   );
@@ -27352,7 +28217,8 @@ async function mapCombinedIncidentListResult(input2, api, dependencies) {
       ...input2.environment === void 0 ? {} : { environment: input2.environment },
       ...input2.service === void 0 ? {} : { service: input2.service },
       ...input2.status === void 0 ? {} : { status: input2.status },
-      ...input2.severity === void 0 ? {} : { severity: input2.severity }
+      ...input2.severity === void 0 ? {} : { severity: input2.severity },
+      ...input2.firstSeenAfter === void 0 ? {} : { firstSeenAfter: input2.firstSeenAfter }
     },
     api
   );
@@ -27391,6 +28257,9 @@ async function listIncidentsCommand(input2, api) {
     if (input2.severity !== void 0) {
       requestInput.severity = input2.severity;
     }
+    if (input2.firstSeenAfter !== void 0) {
+      requestInput.firstSeenAfter = input2.firstSeenAfter;
+    }
     if (input2.cursor !== void 0) {
       requestInput.cursor = input2.cursor;
     }
@@ -27422,6 +28291,7 @@ async function listIncidentsWithAuthCommand(input2, dependencies) {
           ...input2.service === void 0 ? {} : { service: input2.service },
           ...input2.status === void 0 ? {} : { status: input2.status },
           ...input2.severity === void 0 ? {} : { severity: input2.severity },
+          ...input2.firstSeenAfter === void 0 ? {} : { firstSeenAfter: input2.firstSeenAfter },
           ...input2.cursor === void 0 ? {} : { cursor: input2.cursor },
           ...input2.limit === void 0 ? {} : { limit: input2.limit }
         },
@@ -27446,6 +28316,7 @@ async function listIncidentsWithAuthCommand(input2, dependencies) {
           ...input2.service === void 0 ? {} : { service: input2.service },
           ...input2.status === void 0 ? {} : { status: input2.status },
           ...input2.severity === void 0 ? {} : { severity: input2.severity },
+          ...input2.firstSeenAfter === void 0 ? {} : { firstSeenAfter: input2.firstSeenAfter },
           ...input2.cursor === void 0 ? {} : { cursor: input2.cursor },
           ...input2.limit === void 0 ? {} : { limit: input2.limit },
           ...input2.json === void 0 ? {} : { json: input2.json }
@@ -27481,6 +28352,9 @@ async function listIncidentsWithAuthCommand(input2, dependencies) {
       if (input2.severity !== void 0) {
         commandInput.severity = input2.severity;
       }
+      if (input2.firstSeenAfter !== void 0) {
+        commandInput.firstSeenAfter = input2.firstSeenAfter;
+      }
       if (input2.cursor !== void 0) {
         commandInput.cursor = input2.cursor;
       }
@@ -28241,7 +29115,7 @@ async function listServicesWithAuthCommand(input2, dependencies) {
 }
 
 // src/verify-command.ts
-var import_node_crypto6 = require("node:crypto");
+var import_node_crypto7 = require("node:crypto");
 var import_promises15 = require("node:fs/promises");
 var import_node_path17 = require("node:path");
 function resolveOverallStatus2(checks) {
@@ -28386,7 +29260,7 @@ function cloudVerificationRunId(now) {
   return now.toISOString().replace(/[-:.TZ]/g, "").slice(0, 14);
 }
 function defaultCloudVerificationSuffix() {
-  return (0, import_node_crypto6.randomUUID)().replace(/-/g, "").slice(0, 12);
+  return (0, import_node_crypto7.randomUUID)().replace(/-/g, "").slice(0, 12);
 }
 function normalizeCloudVerificationSuffix(suffix) {
   const normalized = suffix.toLowerCase().replace(/[^a-z0-9]/g, "").slice(0, 12);
@@ -29205,7 +30079,7 @@ var CLI_USAGE_LINES = [
   "  debugbundle login --github-device [--label <label>] [--base-url <url>] [--auth-file <path>] [--json]",
   "  debugbundle profile validate [--json]",
   "  debugbundle whoami [--auth-file <path>] [--json]",
-  "  debugbundle incidents [--source <local|cloud>] [--project-id <id>] [--environment <name>] [--service <name>] [--status <status>] [--severity <severity>] [--cursor <cursor>] [--limit <n>] [--auth-file <path>] [--json]",
+  "  debugbundle incidents [--source <local|cloud>] [--project-id <id>] [--environment <name>] [--service <name>] [--status <status>] [--severity <severity>] [--first-seen-after <ISO8601>] [--cursor <cursor>] [--limit <n>] [--auth-file <path>] [--json]",
   "  debugbundle inspect <incident-id> [--source <local|cloud>] [--auth-file <path>] [--json]",
   "  debugbundle explain <incident-id> [--source <local|cloud>] [--auth-file <path>] [--json]",
   "  debugbundle resolve <incident-id> [incident-id ...] [--source <local|cloud>] [--auth-file <path>] [--json]",
@@ -29278,6 +30152,14 @@ var CLI_USAGE_LINES = [
   "  debugbundle probe activate <project-id> --label-pattern <pattern> [--service <name>] [--environment <name>] [--ttl-seconds <n>] [--trigger-ttl-seconds <n>] [--auth-file <path>] [--json]",
   "  debugbundle probe list <project-id> [--auth-file <path>] [--json]",
   "  debugbundle probe deactivate <project-id> <activation-id> [--auth-file <path>] [--json]",
+  "  debugbundle health checks list --project-id <id> [--limit <n>] [--auth-file <path>] [--json]",
+  "  debugbundle health checks get <check-id> --project-id <id> [--auth-file <path>] [--json]",
+  "  debugbundle health checks create --project-id <id> --name <name> --url <url> --interval-seconds <n> [--method <GET|HEAD>] [--expected-status-min <code>] [--expected-status-max <code>] [--timeout-ms <n>] [--failure-threshold <n>] [--recovery-threshold <n>] [--environment <name>] [--service <name|null>] [--enabled <true|false>] [--auth-file <path>] [--json]",
+  "  debugbundle health checks update <check-id> --project-id <id> [--name <name>] [--url <url>] [--method <GET|HEAD>] [--expected-status-min <code>] [--expected-status-max <code>] [--timeout-ms <n>] [--interval-seconds <n>] [--failure-threshold <n>] [--recovery-threshold <n>] [--environment <name>] [--service <name|null>] [--enabled <true|false>] [--auth-file <path>] [--json]",
+  "  debugbundle health checks delete <check-id> --project-id <id> [--auth-file <path>] [--json]",
+  "  debugbundle health checks test --project-id <id> --url <url> [--method <GET|HEAD>] [--expected-status-min <code>] [--expected-status-max <code>] [--timeout-ms <n>] [--auth-file <path>] [--json]",
+  "  debugbundle health checks results <check-id> --project-id <id> [--limit <n>] [--auth-file <path>] [--json]",
+  "  debugbundle health checks daily-rollups <check-id> --project-id <id> [--limit <n>] [--auth-file <path>] [--json]",
   "  debugbundle project members list --project-id <id> [--auth-file <path>] [--json]",
   "  debugbundle project members invites --project-id <id> [--auth-file <path>] [--json]",
   "  debugbundle project members invite --project-id <id> --email <email> --role <admin|member> [--auth-file <path>] [--json]",
@@ -32166,58 +33048,25 @@ async function handleTokenCommand(parsedArgv, dependencies) {
   throw new CliInputError("Unknown token command.");
 }
 
-// src/capture-policy-commands.ts
-var CapturePolicyApiError = class extends Error {
+// src/health-check-commands.ts
+var HealthCheckApiError = class extends Error {
   status;
-  constructor(status, message) {
-    super(message);
-    this.name = "CapturePolicyApiError";
+  code;
+  constructor(status, code) {
+    super(`health_check_api_error: ${status}:${code}`);
+    this.name = "HealthCheckApiError";
     this.status = status;
+    this.code = code;
   }
 };
-function toApiError3(status, body, fallback) {
+function toApiError3(status, body) {
   if (typeof body === "object" && body !== null && "error" in body && typeof body.error === "string") {
-    return new CapturePolicyApiError(status, body.error);
+    return new HealthCheckApiError(status, body.error);
   }
-  return new CapturePolicyApiError(status, fallback);
-}
-function createCapturePolicyApi(httpClient) {
-  return {
-    async getCapturePolicy(input2) {
-      const response = await httpClient.request({
-        method: "GET",
-        path: `/v1/projects/${encodeURIComponent(input2.projectId)}/capture-policy`,
-        bearerToken: input2.bearerToken
-      });
-      if (response.status !== 200) {
-        throw toApiError3(response.status, response.body, "Failed to get capture policy.");
-      }
-      const parsed = CapturePolicyResponseSchema.safeParse(response.body);
-      if (!parsed.success) {
-        throw new CapturePolicyApiError(500, "Invalid capture policy response.");
-      }
-      return parsed.data;
-    },
-    async updateCapturePolicy(input2) {
-      const response = await httpClient.request({
-        method: "PATCH",
-        path: `/v1/projects/${encodeURIComponent(input2.projectId)}/capture-policy`,
-        bearerToken: input2.bearerToken,
-        body: input2.update
-      });
-      if (response.status !== 200) {
-        throw toApiError3(response.status, response.body, "Failed to update capture policy.");
-      }
-      const parsed = CapturePolicyResponseSchema.safeParse(response.body);
-      if (!parsed.success) {
-        throw new CapturePolicyApiError(500, "Invalid capture policy response.");
-      }
-      return parsed.data;
-    }
-  };
+  return new HealthCheckApiError(status, "unknown_error");
 }
 function mapErrorToExitCode11(error) {
-  if (!(error instanceof CapturePolicyApiError)) {
+  if (!(error instanceof HealthCheckApiError)) {
     return 1;
   }
   if (error.status === 401) {
@@ -32229,108 +33078,893 @@ function mapErrorToExitCode11(error) {
   if (error.status === 400) {
     return 4;
   }
+  if (error.status === 403 || error.status === 409) {
+    return 5;
+  }
+  if (error.status === 429) {
+    return 6;
+  }
   return 1;
 }
-function statusesEqual(left, right) {
-  if (left.length !== right.length) {
-    return false;
+function buildCreateRequestBody(input2) {
+  const body = {
+    name: input2.name,
+    url: input2.url,
+    method: input2.method,
+    expected_status_min: input2.expectedStatusMin,
+    expected_status_max: input2.expectedStatusMax,
+    timeout_ms: input2.timeoutMs,
+    interval_seconds: input2.intervalSeconds,
+    failure_threshold: input2.failureThreshold,
+    recovery_threshold: input2.recoveryThreshold,
+    enabled: input2.enabled
+  };
+  if (input2.environment !== void 0) {
+    body["environment"] = input2.environment;
   }
-  return left.every((value, index) => value === right[index]);
-}
-function formatStatusList(statuses) {
-  return statuses.length === 0 ? "none" : statuses.join(", ");
-}
-function formatClientErrorPathRules(response) {
-  const rawOverride = response.overrides.immediate_client_error_path_rules ?? null;
-  const rules = rawOverride ?? response.policy.immediate_client_error_path_rules ?? [];
-  if (rules.length === 0) {
-    return rawOverride === null ? "preset default (none)" : "none (explicit)";
+  if (input2.serviceName !== void 0) {
+    body["service_name"] = input2.serviceName;
   }
-  const formatted = rules.map((rule) => {
-    const methods = rule.methods.length === 0 ? "" : `@${rule.methods.join(",")}`;
-    return `${rule.status_code}=${rule.path_pattern}${methods}`;
-  });
-  return `${rawOverride === null ? "preset default" : "custom"} (${formatted.join("; ")})`;
+  return body;
 }
-function formatClientErrorIncidents(response) {
-  const rawOverride = response.overrides.immediate_client_error_statuses;
-  if (rawOverride === null) {
-    return `preset default (${formatStatusList(response.policy.immediate_client_error_statuses)})`;
+function buildUpdateRequestBody(input2) {
+  const body = {};
+  if (input2.name !== void 0) {
+    body["name"] = input2.name;
   }
-  if (rawOverride.length === 0) {
-    return "none (explicit)";
+  if (input2.url !== void 0) {
+    body["url"] = input2.url;
   }
-  if (statusesEqual(rawOverride, RECOMMENDED_IMMEDIATE_CLIENT_ERROR_STATUSES)) {
-    return `recommended (${formatStatusList(rawOverride)})`;
+  if (input2.method !== void 0) {
+    body["method"] = input2.method;
   }
-  return `custom (${formatStatusList(rawOverride)})`;
-}
-function formatPolicy(response) {
-  const policy = response.policy;
-  return [
-    `preset: ${policy.preset}`,
-    `capture_logs: ${policy.capture_logs}`,
-    `capture_request_events: ${policy.capture_request_events}`,
-    `capture_breadcrumbs: ${policy.capture_breadcrumbs}`,
-    `capture_probe_events: ${policy.capture_probe_events}`,
-    `client_error_incidents: ${formatClientErrorIncidents(response)}`,
-    `client_error_path_rules: ${formatClientErrorPathRules(response)}`
-  ].join("\n");
-}
-async function getCapturePolicyCommand(input2, api) {
-  try {
-    const response = await api.getCapturePolicy({
-      bearerToken: input2.bearerToken,
-      projectId: input2.projectId
-    });
-    return {
-      exitCode: 0,
-      output: input2.json ? JSON.stringify(response) : formatPolicy(response)
-    };
-  } catch (error) {
-    return {
-      exitCode: mapErrorToExitCode11(error),
-      output: error instanceof Error ? error.message : String(error)
-    };
+  if (input2.expectedStatusMin !== void 0) {
+    body["expected_status_min"] = input2.expectedStatusMin;
   }
-}
-async function setCapturePolicyCommand(input2, api) {
-  try {
-    const parsedUpdate = CapturePolicyUpdateSchema.safeParse(input2.update);
-    if (!parsedUpdate.success) {
-      return {
-        exitCode: 4,
-        output: "Invalid capture policy update."
-      };
-    }
-    const response = await api.updateCapturePolicy({
-      bearerToken: input2.bearerToken,
-      projectId: input2.projectId,
-      update: parsedUpdate.data
-    });
-    return {
-      exitCode: 0,
-      output: input2.json ? JSON.stringify(response) : `Capture policy updated.
-${formatPolicy(response)}`
-    };
-  } catch (error) {
-    return {
-      exitCode: mapErrorToExitCode11(error),
-      output: error instanceof Error ? error.message : String(error)
-    };
+  if (input2.expectedStatusMax !== void 0) {
+    body["expected_status_max"] = input2.expectedStatusMax;
   }
-}
-async function createAuthenticatedCapturePolicyApi(input2, dependencies) {
-  const readAuthState = dependencies?.readAuthState ?? readCliAuthState;
-  const authStateInput = {};
-  if (input2.authFilePath !== void 0) {
-    authStateInput.authFilePath = input2.authFilePath;
+  if (input2.timeoutMs !== void 0) {
+    body["timeout_ms"] = input2.timeoutMs;
   }
-  const authState = await readAuthState(authStateInput);
-  const createHttpClient = dependencies?.createHttpClient ?? ((clientInput) => {
-    const httpClientDependencies = {};
-    if (dependencies?.fetchImpl !== void 0) {
-      httpClientDependencies.fetchImpl = dependencies.fetchImpl;
+  if (input2.intervalSeconds !== void 0) {
+    body["interval_seconds"] = input2.intervalSeconds;
+  }
+  if (input2.failureThreshold !== void 0) {
+    body["failure_threshold"] = input2.failureThreshold;
+  }
+  if (input2.recoveryThreshold !== void 0) {
+    body["recovery_threshold"] = input2.recoveryThreshold;
+  }
+  if (input2.environment !== void 0) {
+    body["environment"] = input2.environment;
+  }
+  if (input2.serviceName !== void 0) {
+    body["service_name"] = input2.serviceName;
+  }
+  if (input2.enabled !== void 0) {
+    body["enabled"] = input2.enabled;
+  }
+  return body;
+}
+function createHealthCheckApi(httpClient) {
+  return {
+    async listHealthChecks(input2) {
+      const limit = input2.limit ?? 100;
+      const response = await httpClient.request({
+        method: "GET",
+        path: `/v1/projects/${encodeURIComponent(input2.projectId)}/availability-checks?limit=${encodeURIComponent(String(limit))}`,
+        bearerToken: input2.bearerToken
+      });
+      if (response.status !== 200) {
+        throw toApiError3(response.status, response.body);
+      }
+      return response.body;
+    },
+    async getHealthCheck(input2) {
+      const response = await httpClient.request({
+        method: "GET",
+        path: `/v1/projects/${encodeURIComponent(input2.projectId)}/availability-checks/${encodeURIComponent(input2.checkId)}`,
+        bearerToken: input2.bearerToken
+      });
+      if (response.status !== 200) {
+        throw toApiError3(response.status, response.body);
+      }
+      return response.body;
+    },
+    async createHealthCheck(input2) {
+      const response = await httpClient.request({
+        method: "POST",
+        path: `/v1/projects/${encodeURIComponent(input2.projectId)}/availability-checks`,
+        bearerToken: input2.bearerToken,
+        body: buildCreateRequestBody(input2)
+      });
+      if (response.status !== 201) {
+        throw toApiError3(response.status, response.body);
+      }
+      return response.body;
+    },
+    async updateHealthCheck(input2) {
+      const response = await httpClient.request({
+        method: "PATCH",
+        path: `/v1/projects/${encodeURIComponent(input2.projectId)}/availability-checks/${encodeURIComponent(input2.checkId)}`,
+        bearerToken: input2.bearerToken,
+        body: buildUpdateRequestBody(input2)
+      });
+      if (response.status !== 200) {
+        throw toApiError3(response.status, response.body);
+      }
+      return response.body;
+    },
+    async deleteHealthCheck(input2) {
+      const response = await httpClient.request({
+        method: "DELETE",
+        path: `/v1/projects/${encodeURIComponent(input2.projectId)}/availability-checks/${encodeURIComponent(input2.checkId)}`,
+        bearerToken: input2.bearerToken
+      });
+      if (response.status !== 200) {
+        throw toApiError3(response.status, response.body);
+      }
+      return response.body;
+    },
+    async testHealthCheck(input2) {
+      const response = await httpClient.request({
+        method: "POST",
+        path: `/v1/projects/${encodeURIComponent(input2.projectId)}/availability-checks/test`,
+        bearerToken: input2.bearerToken,
+        body: {
+          url: input2.url,
+          method: input2.method,
+          expected_status_min: input2.expectedStatusMin,
+          expected_status_max: input2.expectedStatusMax,
+          timeout_ms: input2.timeoutMs
+        }
+      });
+      if (response.status !== 200) {
+        throw toApiError3(response.status, response.body);
+      }
+      return response.body;
+    },
+    async listHealthCheckResults(input2) {
+      const limit = input2.limit ?? 20;
+      const response = await httpClient.request({
+        method: "GET",
+        path: `/v1/projects/${encodeURIComponent(input2.projectId)}/availability-checks/${encodeURIComponent(input2.checkId)}/results?limit=${encodeURIComponent(String(limit))}`,
+        bearerToken: input2.bearerToken
+      });
+      if (response.status !== 200) {
+        throw toApiError3(response.status, response.body);
+      }
+      return response.body;
+    },
+    async listHealthCheckDailyRollups(input2) {
+      const limit = input2.limit ?? 30;
+      const response = await httpClient.request({
+        method: "GET",
+        path: `/v1/projects/${encodeURIComponent(input2.projectId)}/availability-checks/${encodeURIComponent(input2.checkId)}/daily-rollups?limit=${encodeURIComponent(String(limit))}`,
+        bearerToken: input2.bearerToken
+      });
+      if (response.status !== 200) {
+        throw toApiError3(response.status, response.body);
+      }
+      return response.body;
+    }
+  };
+}
+function formatServiceAndEnvironment(check) {
+  return `${check.service_name ?? "availability"}/${check.environment}`;
+}
+function formatNullable(value) {
+  return value === null ? "-" : String(value);
+}
+function formatCheckSummary(check) {
+  const lastResult = check.last_result_status === null ? "no checks yet" : `${check.last_result_status}${check.last_result_http_status === null ? "" : ` ${check.last_result_http_status}`}`;
+  return [
+    `${check.check_id} ${check.name} [${check.status}]`,
+    `${check.method} ${check.url}`,
+    `interval=${check.interval_seconds}s timeout=${check.timeout_ms}ms expected=${check.expected_status_min}-${check.expected_status_max}`,
+    `service=${formatServiceAndEnvironment(check)} enabled=${check.enabled ? "true" : "false"} last=${lastResult}`
+  ].join("\n");
+}
+function formatCheckResultSummary(result) {
+  return [
+    `${result.started_at} ${result.status}`,
+    `http=${formatNullable(result.http_status)} duration=${result.duration_ms}ms redirects=${result.redirect_count}`,
+    `host=${result.checked_url_host} final=${result.final_url}`
+  ].join(" ");
+}
+function formatCheckDailyRollupSummary(rollup) {
+  return [
+    `${rollup.day} ${rollup.state}`,
+    `checks=${rollup.total_checks}`,
+    `success=${rollup.successful_checks}`,
+    `failed=${rollup.failed_checks}`,
+    `degraded=${rollup.degraded_checks}`,
+    `avg=${formatNullable(rollup.avg_duration_ms)}ms`,
+    `downtime=${rollup.downtime_seconds}s`
+  ].join(" ");
+}
+function formatTestResult(result) {
+  return [
+    `Test result: ${result.result.status}`,
+    `http=${formatNullable(result.result.http_status)}`,
+    `duration=${result.result.duration_ms}ms`,
+    `host=${result.result.checked_url_host}`,
+    `final=${result.result.final_url}`
+  ].join(" ");
+}
+async function listHealthChecksCommand(input2, api) {
+  try {
+    const result = await api.listHealthChecks({
+      bearerToken: input2.bearerToken,
+      projectId: input2.projectId,
+      ...input2.limit === void 0 ? {} : { limit: input2.limit }
+    });
+    if (input2.json) {
+      return { exitCode: 0, output: JSON.stringify(result) };
+    }
+    if (result.checks.length === 0) {
+      return {
+        exitCode: 0,
+        output: `No health checks.
+Plan limits: ${result.limits.max_checks_per_project} checks, minimum interval ${result.limits.min_interval_seconds}s.`
+      };
+    }
+    return {
+      exitCode: 0,
+      output: result.checks.map(formatCheckSummary).join("\n\n")
+    };
+  } catch (error) {
+    return { exitCode: mapErrorToExitCode11(error), output: error instanceof Error ? error.message : String(error) };
+  }
+}
+async function getHealthCheckCommand(input2, api) {
+  try {
+    const result = await api.getHealthCheck({
+      bearerToken: input2.bearerToken,
+      projectId: input2.projectId,
+      checkId: input2.checkId
+    });
+    if (input2.json) {
+      return { exitCode: 0, output: JSON.stringify(result) };
+    }
+    return {
+      exitCode: 0,
+      output: `${formatCheckSummary(result.check)}
+limits=${result.limits.max_checks_per_project} min_interval=${result.limits.min_interval_seconds}s`
+    };
+  } catch (error) {
+    return { exitCode: mapErrorToExitCode11(error), output: error instanceof Error ? error.message : String(error) };
+  }
+}
+async function createHealthCheckCommand(input2, api) {
+  try {
+    const result = await api.createHealthCheck(input2);
+    if (input2.json) {
+      return { exitCode: 0, output: JSON.stringify(result) };
+    }
+    return {
+      exitCode: 0,
+      output: `Health check created: ${result.check.check_id} (${result.check.name})`
+    };
+  } catch (error) {
+    return { exitCode: mapErrorToExitCode11(error), output: error instanceof Error ? error.message : String(error) };
+  }
+}
+async function updateHealthCheckCommand(input2, api) {
+  try {
+    const result = await api.updateHealthCheck(input2);
+    if (input2.json) {
+      return { exitCode: 0, output: JSON.stringify(result) };
+    }
+    return {
+      exitCode: 0,
+      output: `Health check updated: ${result.check.check_id} (${result.check.name})`
+    };
+  } catch (error) {
+    return { exitCode: mapErrorToExitCode11(error), output: error instanceof Error ? error.message : String(error) };
+  }
+}
+async function deleteHealthCheckCommand(input2, api) {
+  try {
+    const result = await api.deleteHealthCheck({
+      bearerToken: input2.bearerToken,
+      projectId: input2.projectId,
+      checkId: input2.checkId
+    });
+    if (input2.json) {
+      return { exitCode: 0, output: JSON.stringify(result) };
+    }
+    return {
+      exitCode: 0,
+      output: result.deleted ? "Health check deleted." : "Health check was already deleted."
+    };
+  } catch (error) {
+    return { exitCode: mapErrorToExitCode11(error), output: error instanceof Error ? error.message : String(error) };
+  }
+}
+async function testHealthCheckCommand(input2, api) {
+  try {
+    const result = await api.testHealthCheck(input2);
+    if (input2.json) {
+      return { exitCode: 0, output: JSON.stringify(result) };
+    }
+    return {
+      exitCode: 0,
+      output: formatTestResult(result)
+    };
+  } catch (error) {
+    return { exitCode: mapErrorToExitCode11(error), output: error instanceof Error ? error.message : String(error) };
+  }
+}
+async function listHealthCheckResultsCommand(input2, api) {
+  try {
+    const result = await api.listHealthCheckResults({
+      bearerToken: input2.bearerToken,
+      projectId: input2.projectId,
+      checkId: input2.checkId,
+      ...input2.limit === void 0 ? {} : { limit: input2.limit }
+    });
+    if (input2.json) {
+      return { exitCode: 0, output: JSON.stringify(result) };
+    }
+    if (result.results.length === 0) {
+      return { exitCode: 0, output: "No health check results." };
+    }
+    return {
+      exitCode: 0,
+      output: result.results.map(formatCheckResultSummary).join("\n")
+    };
+  } catch (error) {
+    return { exitCode: mapErrorToExitCode11(error), output: error instanceof Error ? error.message : String(error) };
+  }
+}
+async function listHealthCheckDailyRollupsCommand(input2, api) {
+  try {
+    const result = await api.listHealthCheckDailyRollups({
+      bearerToken: input2.bearerToken,
+      projectId: input2.projectId,
+      checkId: input2.checkId,
+      ...input2.limit === void 0 ? {} : { limit: input2.limit }
+    });
+    if (input2.json) {
+      return { exitCode: 0, output: JSON.stringify(result) };
+    }
+    if (result.rollups.length === 0) {
+      return { exitCode: 0, output: "No health check daily rollups." };
+    }
+    return {
+      exitCode: 0,
+      output: result.rollups.map(formatCheckDailyRollupSummary).join("\n")
+    };
+  } catch (error) {
+    return { exitCode: mapErrorToExitCode11(error), output: error instanceof Error ? error.message : String(error) };
+  }
+}
+async function createAuthenticatedHealthCheckApi(input2, dependencies) {
+  const readAuth = dependencies?.readAuthState ?? readCliAuthState;
+  const authStateInput = {};
+  if (input2.authFilePath !== void 0) {
+    authStateInput.authFilePath = input2.authFilePath;
+  }
+  const authState = await readAuth(authStateInput);
+  const createHttpClient = dependencies?.createHttpClient ?? ((clientInput) => createCliHttpClient(clientInput));
+  const httpClient = createHttpClient({ baseUrl: authState.base_url });
+  const createApi = dependencies?.createApi ?? createHealthCheckApi;
+  return { authState, api: createApi(httpClient) };
+}
+async function listHealthChecksWithAuthCommand(input2, dependencies) {
+  return runAuthenticatedCliCommand(input2, {
+    createApi: createAuthenticatedHealthCheckApi,
+    dependencies,
+    runCommand: (authState, api) => listHealthChecksCommand(
+      {
+        bearerToken: authState.bearer_token,
+        projectId: input2.projectId,
+        ...input2.limit === void 0 ? {} : { limit: input2.limit },
+        ...input2.json === void 0 ? {} : { json: input2.json }
+      },
+      { listHealthChecks: (requestInput) => api.listHealthChecks(requestInput) }
+    )
+  });
+}
+async function getHealthCheckWithAuthCommand(input2, dependencies) {
+  return runAuthenticatedCliCommand(input2, {
+    createApi: createAuthenticatedHealthCheckApi,
+    dependencies,
+    runCommand: (authState, api) => getHealthCheckCommand(
+      {
+        bearerToken: authState.bearer_token,
+        projectId: input2.projectId,
+        checkId: input2.checkId,
+        ...input2.json === void 0 ? {} : { json: input2.json }
+      },
+      { getHealthCheck: (requestInput) => api.getHealthCheck(requestInput) }
+    )
+  });
+}
+async function createHealthCheckWithAuthCommand(input2, dependencies) {
+  return runAuthenticatedCliCommand(input2, {
+    createApi: createAuthenticatedHealthCheckApi,
+    dependencies,
+    runCommand: (authState, api) => {
+      const commandInput = {
+        ...input2,
+        bearerToken: authState.bearer_token
+      };
+      return createHealthCheckCommand(commandInput, {
+        createHealthCheck: (requestInput) => api.createHealthCheck(requestInput)
+      });
+    }
+  });
+}
+async function updateHealthCheckWithAuthCommand(input2, dependencies) {
+  return runAuthenticatedCliCommand(input2, {
+    createApi: createAuthenticatedHealthCheckApi,
+    dependencies,
+    runCommand: (authState, api) => {
+      const commandInput = {
+        ...input2,
+        bearerToken: authState.bearer_token
+      };
+      return updateHealthCheckCommand(commandInput, {
+        updateHealthCheck: (requestInput) => api.updateHealthCheck(requestInput)
+      });
+    }
+  });
+}
+async function deleteHealthCheckWithAuthCommand(input2, dependencies) {
+  return runAuthenticatedCliCommand(input2, {
+    createApi: createAuthenticatedHealthCheckApi,
+    dependencies,
+    runCommand: (authState, api) => deleteHealthCheckCommand(
+      {
+        bearerToken: authState.bearer_token,
+        projectId: input2.projectId,
+        checkId: input2.checkId,
+        ...input2.json === void 0 ? {} : { json: input2.json }
+      },
+      { deleteHealthCheck: (requestInput) => api.deleteHealthCheck(requestInput) }
+    )
+  });
+}
+async function testHealthCheckWithAuthCommand(input2, dependencies) {
+  return runAuthenticatedCliCommand(input2, {
+    createApi: createAuthenticatedHealthCheckApi,
+    dependencies,
+    runCommand: (authState, api) => {
+      const commandInput = {
+        ...input2,
+        bearerToken: authState.bearer_token
+      };
+      return testHealthCheckCommand(commandInput, {
+        testHealthCheck: (requestInput) => api.testHealthCheck(requestInput)
+      });
+    }
+  });
+}
+async function listHealthCheckResultsWithAuthCommand(input2, dependencies) {
+  return runAuthenticatedCliCommand(input2, {
+    createApi: createAuthenticatedHealthCheckApi,
+    dependencies,
+    runCommand: (authState, api) => listHealthCheckResultsCommand(
+      {
+        bearerToken: authState.bearer_token,
+        projectId: input2.projectId,
+        checkId: input2.checkId,
+        ...input2.limit === void 0 ? {} : { limit: input2.limit },
+        ...input2.json === void 0 ? {} : { json: input2.json }
+      },
+      { listHealthCheckResults: (requestInput) => api.listHealthCheckResults(requestInput) }
+    )
+  });
+}
+async function listHealthCheckDailyRollupsWithAuthCommand(input2, dependencies) {
+  return runAuthenticatedCliCommand(input2, {
+    createApi: createAuthenticatedHealthCheckApi,
+    dependencies,
+    runCommand: (authState, api) => listHealthCheckDailyRollupsCommand(
+      {
+        bearerToken: authState.bearer_token,
+        projectId: input2.projectId,
+        checkId: input2.checkId,
+        ...input2.limit === void 0 ? {} : { limit: input2.limit },
+        ...input2.json === void 0 ? {} : { json: input2.json }
+      },
+      { listHealthCheckDailyRollups: (requestInput) => api.listHealthCheckDailyRollups(requestInput) }
+    )
+  });
+}
+
+// src/management-health-command-handlers.ts
+function readOptionalServiceName(parsedArgv) {
+  const service = readStringOption(parsedArgv, "service");
+  if (service === void 0) {
+    return void 0;
+  }
+  return service === "null" ? null : service;
+}
+function readRequiredProjectId(parsedArgv) {
+  const projectId = readStringOption(parsedArgv, "project-id");
+  if (projectId === void 0) {
+    throw new CliInputError("Missing required option --project-id.");
+  }
+  return projectId;
+}
+function readRequiredUrl(parsedArgv) {
+  const url = readStringOption(parsedArgv, "url");
+  if (url === void 0) {
+    throw new CliInputError("Missing required option --url.");
+  }
+  return url;
+}
+function readRequiredName(parsedArgv) {
+  const name = readStringOption(parsedArgv, "name");
+  if (name === void 0) {
+    throw new CliInputError("Missing required option --name.");
+  }
+  return name;
+}
+async function handleHealthCommand(parsedArgv, dependencies) {
+  const resource = requirePositional(parsedArgv, 1, "resource");
+  if (resource !== "checks") {
+    throw new CliInputError("Unknown health command.");
+  }
+  const action = requirePositional(parsedArgv, 2, "action");
+  if (action === "list") {
+    expectNoUnknownOptions(parsedArgv, ["auth-file", "json", "project-id", "limit"]);
+    ensureNoExtraPositionals(parsedArgv, 3);
+    const limit = readLimitOption(parsedArgv);
+    return await (dependencies.listHealthChecksCommand ?? listHealthChecksWithAuthCommand)(
+      appendCommonAuthOptions(parsedArgv, {
+        projectId: readRequiredProjectId(parsedArgv),
+        ...limit === void 0 ? {} : { limit }
+      })
+    );
+  }
+  if (action === "get") {
+    expectNoUnknownOptions(parsedArgv, ["auth-file", "json", "project-id"]);
+    ensureNoExtraPositionals(parsedArgv, 4);
+    return await (dependencies.getHealthCheckCommand ?? getHealthCheckWithAuthCommand)(
+      appendCommonAuthOptions(parsedArgv, {
+        projectId: readRequiredProjectId(parsedArgv),
+        checkId: requirePositional(parsedArgv, 3, "check-id")
+      })
+    );
+  }
+  if (action === "create") {
+    expectNoUnknownOptions(parsedArgv, [
+      "auth-file",
+      "json",
+      "project-id",
+      "name",
+      "url",
+      "method",
+      "expected-status-min",
+      "expected-status-max",
+      "timeout-ms",
+      "interval-seconds",
+      "failure-threshold",
+      "recovery-threshold",
+      "environment",
+      "service",
+      "enabled"
+    ]);
+    ensureNoExtraPositionals(parsedArgv, 3);
+    const intervalSeconds = readIntegerOption(parsedArgv, "interval-seconds");
+    if (intervalSeconds === void 0) {
+      throw new CliInputError("Missing required option --interval-seconds.");
+    }
+    const method = readStringOption(parsedArgv, "method") ?? "GET";
+    if (method !== "GET" && method !== "HEAD") {
+      throw new CliInputError("Invalid value for --method.");
+    }
+    const enabled = readBooleanStringOption(parsedArgv, "enabled") ?? true;
+    const environment = readStringOption(parsedArgv, "environment");
+    const serviceName = readOptionalServiceName(parsedArgv);
+    return await (dependencies.createHealthCheckCommand ?? createHealthCheckWithAuthCommand)(
+      appendCommonAuthOptions(parsedArgv, {
+        projectId: readRequiredProjectId(parsedArgv),
+        name: readRequiredName(parsedArgv),
+        url: readRequiredUrl(parsedArgv),
+        method,
+        expectedStatusMin: readIntegerOption(parsedArgv, "expected-status-min") ?? 200,
+        expectedStatusMax: readIntegerOption(parsedArgv, "expected-status-max") ?? 399,
+        timeoutMs: readIntegerOption(parsedArgv, "timeout-ms") ?? 5e3,
+        intervalSeconds,
+        failureThreshold: readIntegerOption(parsedArgv, "failure-threshold") ?? 3,
+        recoveryThreshold: readIntegerOption(parsedArgv, "recovery-threshold") ?? 2,
+        ...environment === void 0 ? {} : { environment },
+        ...serviceName === void 0 ? {} : { serviceName },
+        enabled
+      })
+    );
+  }
+  if (action === "update") {
+    expectNoUnknownOptions(parsedArgv, [
+      "auth-file",
+      "json",
+      "project-id",
+      "name",
+      "url",
+      "method",
+      "expected-status-min",
+      "expected-status-max",
+      "timeout-ms",
+      "interval-seconds",
+      "failure-threshold",
+      "recovery-threshold",
+      "environment",
+      "service",
+      "enabled"
+    ]);
+    ensureNoExtraPositionals(parsedArgv, 4);
+    const method = readStringOption(parsedArgv, "method");
+    if (method !== void 0 && method !== "GET" && method !== "HEAD") {
+      throw new CliInputError("Invalid value for --method.");
+    }
+    const input2 = appendCommonAuthOptions(parsedArgv, {
+      projectId: readRequiredProjectId(parsedArgv),
+      checkId: requirePositional(parsedArgv, 3, "check-id")
+    });
+    const name = readStringOption(parsedArgv, "name");
+    const url = readStringOption(parsedArgv, "url");
+    const expectedStatusMin = readIntegerOption(parsedArgv, "expected-status-min");
+    const expectedStatusMax = readIntegerOption(parsedArgv, "expected-status-max");
+    const timeoutMs = readIntegerOption(parsedArgv, "timeout-ms");
+    const intervalSeconds = readIntegerOption(parsedArgv, "interval-seconds");
+    const failureThreshold = readIntegerOption(parsedArgv, "failure-threshold");
+    const recoveryThreshold = readIntegerOption(parsedArgv, "recovery-threshold");
+    const environment = readStringOption(parsedArgv, "environment");
+    const serviceName = readOptionalServiceName(parsedArgv);
+    const enabled = readBooleanStringOption(parsedArgv, "enabled");
+    if (name !== void 0) input2.name = name;
+    if (url !== void 0) input2.url = url;
+    if (method !== void 0) input2.method = method;
+    if (expectedStatusMin !== void 0) input2.expectedStatusMin = expectedStatusMin;
+    if (expectedStatusMax !== void 0) input2.expectedStatusMax = expectedStatusMax;
+    if (timeoutMs !== void 0) input2.timeoutMs = timeoutMs;
+    if (intervalSeconds !== void 0) input2.intervalSeconds = intervalSeconds;
+    if (failureThreshold !== void 0) input2.failureThreshold = failureThreshold;
+    if (recoveryThreshold !== void 0) input2.recoveryThreshold = recoveryThreshold;
+    if (environment !== void 0) input2.environment = environment;
+    if (serviceName !== void 0) input2.serviceName = serviceName;
+    if (enabled !== void 0) input2.enabled = enabled;
+    const hasChanges = name !== void 0 || url !== void 0 || method !== void 0 || expectedStatusMin !== void 0 || expectedStatusMax !== void 0 || timeoutMs !== void 0 || intervalSeconds !== void 0 || failureThreshold !== void 0 || recoveryThreshold !== void 0 || environment !== void 0 || serviceName !== void 0 || enabled !== void 0;
+    if (!hasChanges) {
+      throw new CliInputError("At least one health-check field must be provided.");
+    }
+    return await (dependencies.updateHealthCheckCommand ?? updateHealthCheckWithAuthCommand)(input2);
+  }
+  if (action === "delete") {
+    expectNoUnknownOptions(parsedArgv, ["auth-file", "json", "project-id"]);
+    ensureNoExtraPositionals(parsedArgv, 4);
+    return await (dependencies.deleteHealthCheckCommand ?? deleteHealthCheckWithAuthCommand)(
+      appendCommonAuthOptions(parsedArgv, {
+        projectId: readRequiredProjectId(parsedArgv),
+        checkId: requirePositional(parsedArgv, 3, "check-id")
+      })
+    );
+  }
+  if (action === "test") {
+    expectNoUnknownOptions(parsedArgv, [
+      "auth-file",
+      "json",
+      "project-id",
+      "url",
+      "method",
+      "expected-status-min",
+      "expected-status-max",
+      "timeout-ms"
+    ]);
+    ensureNoExtraPositionals(parsedArgv, 3);
+    const method = readStringOption(parsedArgv, "method") ?? "GET";
+    if (method !== "GET" && method !== "HEAD") {
+      throw new CliInputError("Invalid value for --method.");
+    }
+    return await (dependencies.testHealthCheckCommand ?? testHealthCheckWithAuthCommand)(
+      appendCommonAuthOptions(parsedArgv, {
+        projectId: readRequiredProjectId(parsedArgv),
+        url: readRequiredUrl(parsedArgv),
+        method,
+        expectedStatusMin: readIntegerOption(parsedArgv, "expected-status-min") ?? 200,
+        expectedStatusMax: readIntegerOption(parsedArgv, "expected-status-max") ?? 399,
+        timeoutMs: readIntegerOption(parsedArgv, "timeout-ms") ?? 5e3
+      })
+    );
+  }
+  if (action === "results") {
+    expectNoUnknownOptions(parsedArgv, ["auth-file", "json", "project-id", "limit"]);
+    ensureNoExtraPositionals(parsedArgv, 4);
+    const limit = readLimitOption(parsedArgv);
+    return await (dependencies.listHealthCheckResultsCommand ?? listHealthCheckResultsWithAuthCommand)(
+      appendCommonAuthOptions(parsedArgv, {
+        projectId: readRequiredProjectId(parsedArgv),
+        checkId: requirePositional(parsedArgv, 3, "check-id"),
+        ...limit === void 0 ? {} : { limit }
+      })
+    );
+  }
+  if (action === "daily-rollups") {
+    expectNoUnknownOptions(parsedArgv, ["auth-file", "json", "project-id", "limit"]);
+    ensureNoExtraPositionals(parsedArgv, 4);
+    const limit = readLimitOption(parsedArgv);
+    return await (dependencies.listHealthCheckDailyRollupsCommand ?? listHealthCheckDailyRollupsWithAuthCommand)(
+      appendCommonAuthOptions(parsedArgv, {
+        projectId: readRequiredProjectId(parsedArgv),
+        checkId: requirePositional(parsedArgv, 3, "check-id"),
+        ...limit === void 0 ? {} : { limit }
+      })
+    );
+  }
+  throw new CliInputError("Unknown health checks command.");
+}
+
+// src/capture-policy-commands.ts
+var CapturePolicyApiError = class extends Error {
+  status;
+  constructor(status, message) {
+    super(message);
+    this.name = "CapturePolicyApiError";
+    this.status = status;
+  }
+};
+function toApiError4(status, body, fallback) {
+  if (typeof body === "object" && body !== null && "error" in body && typeof body.error === "string") {
+    return new CapturePolicyApiError(status, body.error);
+  }
+  return new CapturePolicyApiError(status, fallback);
+}
+function createCapturePolicyApi(httpClient) {
+  return {
+    async getCapturePolicy(input2) {
+      const response = await httpClient.request({
+        method: "GET",
+        path: `/v1/projects/${encodeURIComponent(input2.projectId)}/capture-policy`,
+        bearerToken: input2.bearerToken
+      });
+      if (response.status !== 200) {
+        throw toApiError4(response.status, response.body, "Failed to get capture policy.");
+      }
+      const parsed = CapturePolicyResponseSchema.safeParse(response.body);
+      if (!parsed.success) {
+        throw new CapturePolicyApiError(500, "Invalid capture policy response.");
+      }
+      return parsed.data;
+    },
+    async updateCapturePolicy(input2) {
+      const response = await httpClient.request({
+        method: "PATCH",
+        path: `/v1/projects/${encodeURIComponent(input2.projectId)}/capture-policy`,
+        bearerToken: input2.bearerToken,
+        body: input2.update
+      });
+      if (response.status !== 200) {
+        throw toApiError4(response.status, response.body, "Failed to update capture policy.");
+      }
+      const parsed = CapturePolicyResponseSchema.safeParse(response.body);
+      if (!parsed.success) {
+        throw new CapturePolicyApiError(500, "Invalid capture policy response.");
+      }
+      return parsed.data;
+    }
+  };
+}
+function mapErrorToExitCode12(error) {
+  if (!(error instanceof CapturePolicyApiError)) {
+    return 1;
+  }
+  if (error.status === 401) {
+    return 2;
+  }
+  if (error.status === 404) {
+    return 3;
+  }
+  if (error.status === 400) {
+    return 4;
+  }
+  return 1;
+}
+function statusesEqual(left, right) {
+  if (left.length !== right.length) {
+    return false;
+  }
+  return left.every((value, index) => value === right[index]);
+}
+function formatStatusList(statuses) {
+  return statuses.length === 0 ? "none" : statuses.join(", ");
+}
+function formatClientErrorPathRules(response) {
+  const rawOverride = response.overrides.immediate_client_error_path_rules ?? null;
+  const rules = rawOverride ?? response.policy.immediate_client_error_path_rules ?? [];
+  if (rules.length === 0) {
+    return rawOverride === null ? "preset default (none)" : "none (explicit)";
+  }
+  const formatted = rules.map((rule) => {
+    const methods = rule.methods.length === 0 ? "" : `@${rule.methods.join(",")}`;
+    return `${rule.status_code}=${rule.path_pattern}${methods}`;
+  });
+  return `${rawOverride === null ? "preset default" : "custom"} (${formatted.join("; ")})`;
+}
+function formatClientErrorIncidents(response) {
+  const rawOverride = response.overrides.immediate_client_error_statuses;
+  if (rawOverride === null) {
+    return `preset default (${formatStatusList(response.policy.immediate_client_error_statuses)})`;
+  }
+  if (rawOverride.length === 0) {
+    return "none (explicit)";
+  }
+  if (statusesEqual(rawOverride, RECOMMENDED_IMMEDIATE_CLIENT_ERROR_STATUSES)) {
+    return `recommended (${formatStatusList(rawOverride)})`;
+  }
+  return `custom (${formatStatusList(rawOverride)})`;
+}
+function formatPolicy(response) {
+  const policy = response.policy;
+  return [
+    `preset: ${policy.preset}`,
+    `capture_logs: ${policy.capture_logs}`,
+    `capture_request_events: ${policy.capture_request_events}`,
+    `capture_breadcrumbs: ${policy.capture_breadcrumbs}`,
+    `capture_probe_events: ${policy.capture_probe_events}`,
+    `client_error_incidents: ${formatClientErrorIncidents(response)}`,
+    `client_error_path_rules: ${formatClientErrorPathRules(response)}`
+  ].join("\n");
+}
+async function getCapturePolicyCommand(input2, api) {
+  try {
+    const response = await api.getCapturePolicy({
+      bearerToken: input2.bearerToken,
+      projectId: input2.projectId
+    });
+    return {
+      exitCode: 0,
+      output: input2.json ? JSON.stringify(response) : formatPolicy(response)
+    };
+  } catch (error) {
+    return {
+      exitCode: mapErrorToExitCode12(error),
+      output: error instanceof Error ? error.message : String(error)
+    };
+  }
+}
+async function setCapturePolicyCommand(input2, api) {
+  try {
+    const parsedUpdate = CapturePolicyUpdateSchema.safeParse(input2.update);
+    if (!parsedUpdate.success) {
+      return {
+        exitCode: 4,
+        output: "Invalid capture policy update."
+      };
+    }
+    const response = await api.updateCapturePolicy({
+      bearerToken: input2.bearerToken,
+      projectId: input2.projectId,
+      update: parsedUpdate.data
+    });
+    return {
+      exitCode: 0,
+      output: input2.json ? JSON.stringify(response) : `Capture policy updated.
+${formatPolicy(response)}`
+    };
+  } catch (error) {
+    return {
+      exitCode: mapErrorToExitCode12(error),
+      output: error instanceof Error ? error.message : String(error)
+    };
+  }
+}
+async function createAuthenticatedCapturePolicyApi(input2, dependencies) {
+  const readAuthState = dependencies?.readAuthState ?? readCliAuthState;
+  const authStateInput = {};
+  if (input2.authFilePath !== void 0) {
+    authStateInput.authFilePath = input2.authFilePath;
+  }
+  const authState = await readAuthState(authStateInput);
+  const createHttpClient = dependencies?.createHttpClient ?? ((clientInput) => {
+    const httpClientDependencies = {};
+    if (dependencies?.fetchImpl !== void 0) {
+      httpClientDependencies.fetchImpl = dependencies.fetchImpl;
     }
     return createCliHttpClient(clientInput, httpClientDependencies);
   });
@@ -32388,7 +34022,7 @@ var CaptureRuleApiError = class extends Error {
     this.status = status;
   }
 };
-function toApiError4(status, body, fallback) {
+function toApiError5(status, body, fallback) {
   if (typeof body === "object" && body !== null && "error" in body && typeof body.error === "string") {
     return new CaptureRuleApiError(status, body.error);
   }
@@ -32403,7 +34037,7 @@ function createCaptureRuleApi(httpClient) {
         bearerToken: input2.bearerToken
       });
       if (response.status !== 200) {
-        throw toApiError4(response.status, response.body, "Failed to list capture rules.");
+        throw toApiError5(response.status, response.body, "Failed to list capture rules.");
       }
       const parsed = CaptureRulesResponseSchema.safeParse(response.body);
       if (!parsed.success) {
@@ -32419,7 +34053,7 @@ function createCaptureRuleApi(httpClient) {
         body: input2.create
       });
       if (response.status !== 201) {
-        throw toApiError4(response.status, response.body, "Failed to create capture rule.");
+        throw toApiError5(response.status, response.body, "Failed to create capture rule.");
       }
       const parsed = CaptureRuleResponseSchema.safeParse(response.body);
       if (!parsed.success) {
@@ -32434,7 +34068,7 @@ function createCaptureRuleApi(httpClient) {
         bearerToken: input2.bearerToken
       });
       if (response.status !== 200) {
-        throw toApiError4(response.status, response.body, "Failed to suggest capture rules.");
+        throw toApiError5(response.status, response.body, "Failed to suggest capture rules.");
       }
       const parsed = CaptureRuleSuggestionsResponseSchema.safeParse(response.body);
       if (!parsed.success) {
@@ -32450,7 +34084,7 @@ function createCaptureRuleApi(httpClient) {
         body: input2.create
       });
       if (response.status !== 201) {
-        throw toApiError4(response.status, response.body, "Failed to create capture rule from suggestion.");
+        throw toApiError5(response.status, response.body, "Failed to create capture rule from suggestion.");
       }
       const parsed = CaptureRuleResponseSchema.safeParse(response.body);
       if (!parsed.success) {
@@ -32466,7 +34100,7 @@ function createCaptureRuleApi(httpClient) {
         body: input2.update
       });
       if (response.status !== 200) {
-        throw toApiError4(response.status, response.body, "Failed to update capture rule.");
+        throw toApiError5(response.status, response.body, "Failed to update capture rule.");
       }
       const parsed = CaptureRuleResponseSchema.safeParse(response.body);
       if (!parsed.success) {
@@ -32481,7 +34115,7 @@ function createCaptureRuleApi(httpClient) {
         bearerToken: input2.bearerToken
       });
       if (response.status !== 200) {
-        throw toApiError4(response.status, response.body, "Failed to delete capture rule.");
+        throw toApiError5(response.status, response.body, "Failed to delete capture rule.");
       }
       if (typeof response.body !== "object" || response.body === null || !("success" in response.body) || response.body.success !== true) {
         throw new CaptureRuleApiError(500, "Invalid capture rule delete response.");
@@ -32490,7 +34124,7 @@ function createCaptureRuleApi(httpClient) {
     }
   };
 }
-function mapErrorToExitCode12(error) {
+function mapErrorToExitCode13(error) {
   if (!(error instanceof CaptureRuleApiError)) {
     return 1;
   }
@@ -32614,7 +34248,7 @@ async function listCaptureRulesCommand(input2, api) {
     };
   } catch (error) {
     return {
-      exitCode: mapErrorToExitCode12(error),
+      exitCode: mapErrorToExitCode13(error),
       output: error instanceof Error ? error.message : String(error)
     };
   }
@@ -32640,7 +34274,7 @@ ${formatRule(response.rule)}`
     };
   } catch (error) {
     return {
-      exitCode: mapErrorToExitCode12(error),
+      exitCode: mapErrorToExitCode13(error),
       output: error instanceof Error ? error.message : String(error)
     };
   }
@@ -32657,7 +34291,7 @@ async function suggestCaptureRulesFromIncidentCommand(input2, api) {
     };
   } catch (error) {
     return {
-      exitCode: mapErrorToExitCode12(error),
+      exitCode: mapErrorToExitCode13(error),
       output: error instanceof Error ? error.message : String(error)
     };
   }
@@ -32683,7 +34317,7 @@ ${formatRule(response.rule)}`
     };
   } catch (error) {
     return {
-      exitCode: mapErrorToExitCode12(error),
+      exitCode: mapErrorToExitCode13(error),
       output: error instanceof Error ? error.message : String(error)
     };
   }
@@ -32710,7 +34344,7 @@ ${formatRule(response.rule)}`
     };
   } catch (error) {
     return {
-      exitCode: mapErrorToExitCode12(error),
+      exitCode: mapErrorToExitCode13(error),
       output: error instanceof Error ? error.message : String(error)
     };
   }
@@ -32728,7 +34362,7 @@ async function deleteCaptureRuleCommand(input2, api) {
     };
   } catch (error) {
     return {
-      exitCode: mapErrorToExitCode12(error),
+      exitCode: mapErrorToExitCode13(error),
       output: error instanceof Error ? error.message : String(error)
     };
   }
@@ -32855,7 +34489,7 @@ var ProbeApiError = class extends Error {
     this.code = code;
   }
 };
-function toApiError5(status, body) {
+function toApiError6(status, body) {
   if (typeof body === "object" && body !== null && "error" in body && typeof body.error === "string") {
     return new ProbeApiError(status, body.error);
   }
@@ -32886,7 +34520,7 @@ function createProbeApi(httpClient) {
         body
       });
       if (response.status !== 201) {
-        throw toApiError5(response.status, response.body);
+        throw toApiError6(response.status, response.body);
       }
       return response.body;
     },
@@ -32897,7 +34531,7 @@ function createProbeApi(httpClient) {
         bearerToken: input2.bearerToken
       });
       if (response.status !== 200) {
-        throw toApiError5(response.status, response.body);
+        throw toApiError6(response.status, response.body);
       }
       return response.body;
     },
@@ -32909,13 +34543,13 @@ function createProbeApi(httpClient) {
         body: { activation_id: input2.activationId }
       });
       if (response.status !== 200) {
-        throw toApiError5(response.status, response.body);
+        throw toApiError6(response.status, response.body);
       }
       return response.body;
     }
   };
 }
-function mapErrorToExitCode13(error) {
+function mapErrorToExitCode14(error) {
   if (!(error instanceof ProbeApiError)) {
     return 1;
   }
@@ -32968,7 +34602,7 @@ async function activateProbeCommand(input2, api) {
 Trigger token: ${result.trigger_token}`
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode13(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode14(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function listActiveProbesCommand(input2, api) {
@@ -32988,7 +34622,7 @@ async function listActiveProbesCommand(input2, api) {
       output: result.activations.map((a) => `${a.activation_id} ${a.label_pattern} (${a.service}/${a.environment}) expires ${a.expires_at}`).join("\n")
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode13(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode14(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function deactivateProbeCommand(input2, api) {
@@ -33006,7 +34640,7 @@ async function deactivateProbeCommand(input2, api) {
       output: result.deactivated ? "Probe deactivated." : "Probe was already inactive."
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode13(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode14(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function createAuthenticatedProbeApi(input2, dependencies) {
@@ -33441,7 +35075,7 @@ function handleMemberCommand(parsedArgv, dependencies) {
 }
 
 // src/alert-commands.ts
-function mapErrorToExitCode14(error) {
+function mapErrorToExitCode15(error) {
   if (!(error instanceof AlertApiError)) {
     return 1;
   }
@@ -33479,7 +35113,7 @@ async function listAlertsCommand(input2, api) {
       output: input2.json ? JSON.stringify({ alerts }) : formatAlertTable(alerts)
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode14(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode15(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function listAlertsWithAuthCommand(input2, dependencies) {
@@ -33530,7 +35164,7 @@ async function createAlertCommand(input2, api) {
       output: input2.json ? JSON.stringify({ alert }) : `Alert created: ${alert.alert_id}`
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode14(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode15(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function createAlertWithAuthCommand(input2, dependencies) {
@@ -33600,7 +35234,7 @@ async function updateAlertCommand(input2, api) {
       output: input2.json ? JSON.stringify({ alert }) : `Alert updated: ${alert.alert_id}`
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode14(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode15(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function updateAlertWithAuthCommand(input2, dependencies) {
@@ -33655,7 +35289,7 @@ async function deleteAlertCommand(input2, api) {
       output: input2.json ? JSON.stringify({ alert }) : `Alert deleted: ${alert.alert_id}`
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode14(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode15(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function deleteAlertWithAuthCommand(input2, dependencies) {
@@ -33679,7 +35313,7 @@ async function deleteAlertWithAuthCommand(input2, dependencies) {
 }
 
 // src/slack-commands.ts
-function mapErrorToExitCode15(error) {
+function mapErrorToExitCode16(error) {
   if (!(error instanceof SlackApiError)) {
     return 1;
   }
@@ -33715,7 +35349,7 @@ async function listSlackDestinationsCommand(input2, api) {
       output: input2.json ? JSON.stringify({ destinations }) : formatSlackDestinationTable(destinations)
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode15(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode16(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function listSlackDestinationsWithAuthCommand(input2, dependencies) {
@@ -33744,7 +35378,7 @@ async function getSlackConnectUrlCommand(input2, api) {
       output: input2.json ? JSON.stringify({ install_url: installUrl }) : installUrl
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode15(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode16(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function getSlackConnectUrlWithAuthCommand(input2, dependencies) {
@@ -33774,7 +35408,7 @@ async function testSlackDestinationCommand(input2, api) {
       output: input2.json ? JSON.stringify({ delivery }) : `Slack test message delivered for destination: ${input2.destinationId}`
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode15(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode16(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function testSlackDestinationWithAuthCommand(input2, dependencies) {
@@ -33804,7 +35438,7 @@ async function deleteSlackDestinationCommand(input2, api) {
       output: input2.json ? JSON.stringify({ destination: deleted }) : `Slack destination deleted: ${deleted.slack_destination_id}`
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode15(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode16(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function deleteSlackDestinationWithAuthCommand(input2, dependencies) {
@@ -33824,7 +35458,7 @@ async function deleteSlackDestinationWithAuthCommand(input2, dependencies) {
 }
 
 // src/webhook-commands.ts
-function mapErrorToExitCode16(error) {
+function mapErrorToExitCode17(error) {
   if (!(error instanceof WebhookApiError)) {
     return 1;
   }
@@ -33869,7 +35503,7 @@ async function listWebhooksCommand(input2, api) {
       output: input2.json ? JSON.stringify({ webhooks }) : formatWebhookTable(webhooks)
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode16(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode17(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function listWebhooksWithAuthCommand(input2, dependencies) {
@@ -33917,7 +35551,7 @@ async function createWebhookCommand(input2, api) {
 Signing secret: ${webhook.signing_secret}`
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode16(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode17(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function createWebhookWithAuthCommand(input2, dependencies) {
@@ -33971,7 +35605,7 @@ async function updateWebhookCommand(input2, api) {
       output: input2.json ? JSON.stringify({ webhook }) : `Webhook updated: ${webhook.webhook_id}`
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode16(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode17(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function updateWebhookWithAuthCommand(input2, dependencies) {
@@ -34017,7 +35651,7 @@ async function deleteWebhookCommand(input2, api) {
       output: input2.json ? JSON.stringify({ webhook }) : `Webhook deleted: ${webhook.webhook_id}`
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode16(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode17(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function deleteWebhookWithAuthCommand(input2, dependencies) {
@@ -34055,7 +35689,7 @@ async function testWebhookCommand(input2, api) {
       output: input2.json ? JSON.stringify({ delivery }) : `Webhook test queued: ${delivery.delivery_id} | ${delivery.event_type} | attempts=${delivery.attempt_count}`
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode16(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode17(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function testWebhookWithAuthCommand(input2, dependencies) {
@@ -34096,7 +35730,7 @@ async function listWebhookDeliveriesCommand(input2, api) {
       output: input2.json ? JSON.stringify({ deliveries }) : formatWebhookDeliveriesTable(deliveries)
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode16(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode17(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function listWebhookDeliveriesWithAuthCommand(input2, dependencies) {
@@ -34134,7 +35768,7 @@ async function retryWebhookDeliveryCommand(input2, api) {
       output: input2.json ? JSON.stringify(result) : `Delivery retried: ${result.delivery_id} | ${result.event_type}`
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode16(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode17(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function retryWebhookDeliveryWithAuthCommand(input2, dependencies) {
@@ -34159,7 +35793,7 @@ async function retryWebhookDeliveryWithAuthCommand(input2, dependencies) {
 }
 
 // src/weekly-report-commands.ts
-function mapErrorToExitCode17(error) {
+function mapErrorToExitCode18(error) {
   if (!(error instanceof WeeklyReportApiError)) {
     return 1;
   }
@@ -34194,7 +35828,7 @@ async function listWeeklyReportChannelsCommand(input2, api) {
       output: input2.json ? JSON.stringify({ channels }) : formatWeeklyReportChannelTable(channels)
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode17(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode18(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function listWeeklyReportChannelsWithAuthCommand(input2, dependencies) {
@@ -34227,7 +35861,7 @@ async function createWeeklyReportChannelCommand(input2, api) {
       output: input2.json ? JSON.stringify({ channel }) : `Weekly report channel created: ${channel.channel_id}`
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode17(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode18(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function createWeeklyReportChannelWithAuthCommand(input2, dependencies) {
@@ -34262,7 +35896,7 @@ async function updateWeeklyReportChannelCommand(input2, api) {
       output: input2.json ? JSON.stringify({ channel }) : `Weekly report channel updated: ${channel.channel_id}`
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode17(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode18(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function updateWeeklyReportChannelWithAuthCommand(input2, dependencies) {
@@ -34293,7 +35927,7 @@ async function deleteWeeklyReportChannelCommand(input2, api) {
       output: input2.json ? JSON.stringify({ channel: deleted }) : `Weekly report channel deleted: ${deleted.channel_id}`
     };
   } catch (error) {
-    return { exitCode: mapErrorToExitCode17(error), output: error instanceof Error ? error.message : String(error) };
+    return { exitCode: mapErrorToExitCode18(error), output: error instanceof Error ? error.message : String(error) };
   }
 }
 async function deleteWeeklyReportChannelWithAuthCommand(input2, dependencies) {
@@ -34903,7 +36537,7 @@ async function handleCaptureRuleCommand2(parsedArgv, dependencies) {
 // package.json
 var package_default = {
   name: "@debugbundle/cli",
-  version: "1.3.0",
+  version: "1.5.0",
   private: false,
   description: "Command-line interface for DebugBundle",
   license: "AGPL-3.0-only",
@@ -35194,7 +36828,7 @@ ${formatUsage()}`
       return await (dependencies.whoamiCommand ?? whoamiCommand)(appendCommonAuthOptions(parsedArgv, {}));
     }
     if (command === "incidents") {
-      expectNoUnknownOptions(parsedArgv, ["auth-file", "json", "source", "project-id", "environment", "service", "status", "severity", "cursor", "limit"]);
+      expectNoUnknownOptions(parsedArgv, ["auth-file", "json", "source", "project-id", "environment", "service", "status", "severity", "first-seen-after", "cursor", "limit"]);
       ensureNoExtraPositionals(parsedArgv, 1);
       const input2 = appendCommonAuthOptions(parsedArgv, {});
       const source = readRetrievalSource(parsedArgv);
@@ -35221,6 +36855,10 @@ ${formatUsage()}`
       if (severity !== void 0) {
         input2.severity = severity;
       }
+      const firstSeenAfter = readStringOption(parsedArgv, "first-seen-after");
+      if (firstSeenAfter !== void 0) {
+        input2.firstSeenAfter = firstSeenAfter;
+      }
       const cursor = readStringOption(parsedArgv, "cursor");
       if (cursor !== void 0) {
         input2.cursor = cursor;
@@ -35377,6 +37015,9 @@ ${formatUsage()}`
     if (command === "probe") {
       return await handleProbeCommand(parsedArgv, dependencies);
     }
+    if (command === "health") {
+      return await handleHealthCommand(parsedArgv, dependencies);
+    }
     if (command === "member") {
       return await handleMemberCommand(parsedArgv, dependencies);
     }