@debugbundle/cli 1.5.0 → 1.5.2

package/dist/main.cjs

@@ -15350,6 +15350,29 @@ var ImprovementSettingsUpdateSchema = external_exports.object({
   message: "At least one improvement settings field must be provided."
 });
 
+// ../../packages/shared-types/src/project-color-tags.ts
+var PROJECT_COLOR_TAG_VALUES = [
+  "red",
+  "orange",
+  "amber",
+  "yellow",
+  "lime",
+  "green",
+  "emerald",
+  "teal",
+  "cyan",
+  "sky",
+  "blue",
+  "indigo",
+  "violet",
+  "purple",
+  "fuchsia",
+  "pink",
+  "rose",
+  "slate"
+];
+var ProjectColorTagSchema = external_exports.enum(PROJECT_COLOR_TAG_VALUES);
+
 // ../../packages/shared-types/src/index.ts
 function createUuidV4() {
   const cryptoSource = globalThis.crypto;
@@ -15944,8 +15967,10 @@ function buildSkill() {
     "name: debugbundle",
     "description: >-",
     "  Investigate runtime incidents, inspect debug bundles, generate reproductions,",
-    "  and run improvement analysis using the DebugBundle CLI and local project scaffold.",
-    "  Use when the user reports a bug, runtime failure, or asks about production incidents.",
+    "  run improvement analysis, and inspect operational controls using the DebugBundle",
+    "  CLI and local project scaffold. Use when the user reports a bug, runtime",
+    "  failure, production incident, endpoint downtime, health-check issue, missing",
+    "  notification, webhook delivery failure, probe request, or noisy incident.",
     "metadata:",
     "  author: debugbundle",
     '  version: "1.0"',
@@ -15983,6 +16008,24 @@ function buildSkill() {
     "4. Apply the narrowest fix, then validate it with the repository test workflow from `.debugbundle/profile.json`.",
     "5. When the fix is confirmed, or when the incident was intentionally generated for smoke, verification, or dogfooding, resolve it with `debugbundle resolve <incident-id> [incident-id ...]` or MCP `resolve_incident` / `resolve_incidents` so the open queue stays actionable.",
     "",
+    "## Investigation Controls",
+    "",
+    "Use these controls when the user's issue is about observability behavior, notification delivery, targeted evidence gathering, or event noise rather than only application code.",
+    "",
+    "- Availability checks: use hosted health checks for endpoint downtime, public reachability, or project Health tab issues. These are DebugBundle-run external `GET`/`HEAD` checks, not SDK events from the customer app.",
+    "- Probes: inspect active probes with `debugbundle probe list <project-id> --json` or MCP `list_active_probes` before activating more probes. Activate probes only when targeted runtime evidence is needed and the user has asked for investigation.",
+    "- Capture policy and rules: inspect policy/rules before suppressing noisy incidents. Prefer `debugbundle capture-rule suggest <incident-id> --json` and narrow capture-policy path rules over broad drops or demotions.",
+    "- Alerts and webhooks: when the user reports missing, duplicate, or failed notifications, inspect alert config, webhook config, and webhook delivery history before changing application code.",
+    "",
+    "## Availability Checks",
+    "",
+    "- Start with `debugbundle health checks list --project-id <id> --json` or MCP `list_health_checks` to inspect saved checks and plan limits.",
+    "- For a failing check, inspect `debugbundle health checks results <check-id> --project-id <id> --json` and `debugbundle health checks daily-rollups <check-id> --project-id <id> --json` before changing code.",
+    "- Use `debugbundle health checks test --project-id <id> --url <url> --json` or MCP `test_health_check` before creating or updating a saved check. Tests are side-effect-free: no incidents, retained history rows, or counters.",
+    "- Create, update, delete, enable, or disable checks only when the user explicitly asks to change monitoring.",
+    "- Availability incidents reuse the normal incident lifecycle. If a check opened an incident, fetch the incident context, bundle, and reproduction before proposing a fix, then resolve only after the endpoint recovers or the intentional verification incident has served its purpose.",
+    "- Do not configure private, localhost, metadata-service, credentialed, or state-mutating targets. V1 health-check targets must be external `http`/`https` URLs on safe ports.",
+    "",
     "## Incident Hygiene",
     "",
     "- Treat `open` as actionable work, not historical record.",
@@ -15999,6 +16042,25 @@ function buildSkill() {
     "- Scope frontend noise by structured evidence such as service, environment, `browser_event_kind`, `browser_event_opaque`, `client_kind`, `bot_family`, and message fields. Do not broadly demote generic `Unhandled promise rejection` incidents without bot-scoped or otherwise narrow evidence.",
     "- For expected or intentionally promoted 4xx responses on known routes, use capture-policy client-error path rules instead of promoting all client errors: `debugbundle capture-policy set --client-error-path-rule <status=/path/*@GET>`.",
     "",
+    "## Notification Delivery",
+    "",
+    "When notification or automation delivery is the reported failure, inspect configuration and delivery records before changing incident logic.",
+    "",
+    "- Alerts route incident notifications to configured channels. Start with `debugbundle alert list --project-id <id> --json` and confirm condition, severity, service, cooldown, channel, and enabled state.",
+    "- Webhooks deliver signed lifecycle events to external systems. Start with `debugbundle webhook list --project-id <id> --json`, then inspect `debugbundle webhook deliveries <webhook-id> --project-id <id> --json` before retrying or testing.",
+    "- Webhook tests and retries are side-effecting delivery actions. Use them only when validating a destination or replaying an explicit failed delivery.",
+    "",
+    "## Full Documentation",
+    "",
+    "- CLI: `https://debugbundle.com/docs/cli`",
+    "- MCP tools: `https://debugbundle.com/docs/mcp/tools`",
+    "- Availability checks: `https://debugbundle.com/docs/availability-checks`",
+    "- Probes: `https://debugbundle.com/docs/probes`",
+    "- Capture policy and rules: `https://debugbundle.com/docs/capture-policy`",
+    "- Alerts: `https://debugbundle.com/docs/alerts` and `https://debugbundle.com/docs/cli/alerts`",
+    "- Webhooks: `https://debugbundle.com/docs/webhooks` and `https://debugbundle.com/docs/cli/webhooks`",
+    "- API ingestion: `https://debugbundle.com/docs/api/ingestion`",
+    "",
     "## Profile Validation",
     "",
     "Use this task after setup or whenever architecture changes make the static profile stale.",
@@ -16076,6 +16138,56 @@ function buildCliReference() {
     "",
     "Use capture-rule suggestions for repeated operational noise after inspecting an incident bundle. Use capture-policy client-error path rules for route-scoped 4xx incidents instead of promoting all client errors.",
     "",
+    "## Probes",
+    "",
+    "- `debugbundle probe activate <project-id> --label-pattern <pattern> [--service <name>] [--environment <name>] [--ttl-seconds <n>] [--trigger-ttl-seconds <n>] [--auth-file <path>] [--json]`",
+    "- `debugbundle probe list <project-id> [--auth-file <path>] [--json]`",
+    "- `debugbundle probe deactivate <project-id> <activation-id> [--auth-file <path>] [--json]`",
+    "",
+    "Use probes for targeted evidence gathering when bundle context is insufficient. Prefer narrow label patterns, scoped service/environment values, and explicit TTLs.",
+    "",
+    "## Notifications",
+    "",
+    "- `debugbundle alert list --project-id <id> [--limit <n>] [--auth-file <path>] [--json]`",
+    "- `debugbundle alert create --project-id <id> --channel <channel> --condition <condition> [--service-id <id>] [--severity-min <level>] [--cooldown <seconds>] --config-json <json> [--is-enabled <true|false>] [--auth-file <path>] [--json]`",
+    "- `debugbundle alert update <alert-id> --project-id <id> [--service-id <id|null>] [--channel <channel>] [--condition <condition>] [--severity-min <level|null>] [--cooldown <seconds>] [--config-json <json|null>] [--is-enabled <true|false>] [--auth-file <path>] [--json]`",
+    "- `debugbundle alert delete <alert-id> --project-id <id> [--auth-file <path>] [--json]`",
+    "- `debugbundle webhook list --project-id <id> [--limit <n>] [--auth-file <path>] [--json]`",
+    "- `debugbundle webhook create --project-id <id> --url <url> --event <event[,event]> [--environment <env[,env]>] [--service <svc[,svc]>] [--severity-min <level>] [--bundle-type <type[,type]>] [--verification <true|false>] [--is-enabled <true|false>] [--auth-file <path>] [--json]`",
+    "- `debugbundle webhook update <webhook-id> --project-id <id> [--url <url>] [--event <event[,event]>] [--environment <env[,env]>] [--service <svc[,svc]>] [--severity-min <level>] [--bundle-type <type[,type]>] [--verification <true|false>] [--is-enabled <true|false>] [--auth-file <path>] [--json]`",
+    "- `debugbundle webhook delete <webhook-id> --project-id <id> [--auth-file <path>] [--json]`",
+    "- `debugbundle webhook test <webhook-id> --project-id <id> [--event <verification.passed|verification.failed>] [--auth-file <path>] [--json]`",
+    "- `debugbundle webhook deliveries <webhook-id> --project-id <id> [--limit <n>] [--auth-file <path>] [--json]`",
+    "- `debugbundle webhook retry <webhook-id> <delivery-id> --project-id <id> [--auth-file <path>] [--json]`",
+    "",
+    "Use alert commands for notification routing and webhook commands for signed event delivery, delivery history, synthetic tests, and manual retries.",
+    "",
+    "## Availability Checks",
+    "",
+    "- `debugbundle health checks list --project-id <id> [--limit <n>] [--auth-file <path>] [--json]`",
+    "- `debugbundle health checks get <check-id> --project-id <id> [--auth-file <path>] [--json]`",
+    "- `debugbundle health checks create --project-id <id> --name <name> --url <url> --interval-seconds <n> [--method <GET|HEAD>] [--expected-status-min <code>] [--expected-status-max <code>] [--timeout-ms <n>] [--failure-threshold <n>] [--recovery-threshold <n>] [--environment <name>] [--service <name|null>] [--enabled <true|false>] [--auth-file <path>] [--json]`",
+    "- `debugbundle health checks update <check-id> --project-id <id> [--name <name>] [--url <url>] [--method <GET|HEAD>] [--expected-status-min <code>] [--expected-status-max <code>] [--timeout-ms <n>] [--interval-seconds <n>] [--failure-threshold <n>] [--recovery-threshold <n>] [--environment <name>] [--service <name|null>] [--enabled <true|false>] [--auth-file <path>] [--json]`",
+    "- `debugbundle health checks delete <check-id> --project-id <id> [--auth-file <path>] [--json]`",
+    "- `debugbundle health checks test --project-id <id> --url <url> [--method <GET|HEAD>] [--expected-status-min <code>] [--expected-status-max <code>] [--timeout-ms <n>] [--auth-file <path>] [--json]`",
+    "- `debugbundle health checks results <check-id> --project-id <id> [--limit <n>] [--auth-file <path>] [--json]`",
+    "- `debugbundle health checks daily-rollups <check-id> --project-id <id> [--limit <n>] [--auth-file <path>] [--json]`",
+    "",
+    "Use availability-check commands for hosted endpoint reachability. Prefer `test` before saving a new target. `test` is side-effect-free and does not create incidents or retained history. Saved checks remain visible after downgrade, but checks beyond current count or interval limits pause until the project becomes eligible again.",
+    "",
+    "## Documentation URLs",
+    "",
+    "- CLI overview: `https://debugbundle.com/docs/cli`",
+    "- Cloud workflow: `https://debugbundle.com/docs/cli/cloud-workflow`",
+    "- API overview: `https://debugbundle.com/docs/api`",
+    "- API ingestion: `https://debugbundle.com/docs/api/ingestion`",
+    "- Alerts: `https://debugbundle.com/docs/alerts` and `https://debugbundle.com/docs/cli/alerts`",
+    "- Webhooks: `https://debugbundle.com/docs/webhooks`, `https://debugbundle.com/docs/cli/webhooks`, and `https://debugbundle.com/docs/api/webhooks`",
+    "- Probes: `https://debugbundle.com/docs/probes` and `https://debugbundle.com/docs/api/probes`",
+    "- Capture policy and rules: `https://debugbundle.com/docs/capture-policy`",
+    "- Availability checks: `https://debugbundle.com/docs/availability-checks`",
+    "- MCP tool catalog: `https://debugbundle.com/docs/mcp/tools`",
+    "",
     "## Operational Paths",
     "",
     "- `.debugbundle/profile.json` \u2014 committed project map and agent validation state",
@@ -16097,7 +16209,7 @@ function buildCliReference() {
     "",
     "```bash",
     "debugbundle incidents --status open --json",
-    "debugbundle resolve <incident-id>",
+    "debugbundle resolve <incident-id> [incident-id ...]",
     "debugbundle incidents --status open --json",
     "```",
     "",
@@ -16142,6 +16254,45 @@ function buildMcpReference() {
     "",
     "Use these tools for repeated low-value operational noise only after inspecting incident evidence. Keep frontend suppression scoped by structured browser and client signals, and use path-scoped capture policy for known 4xx routes.",
     "",
+    "## Probe Tools",
+    "",
+    "- `activate_probe` \u2014 activate a remote probe pattern with optional service/environment scope and TTL.",
+    "- `list_active_probes` \u2014 list active probe activations for a project.",
+    "- `deactivate_probe` \u2014 deactivate one active probe.",
+    "",
+    "Use probes for targeted evidence gathering when incident bundles do not contain enough runtime context.",
+    "",
+    "## Notification Tools",
+    "",
+    "- `list_alerts`, `create_alert`, `update_alert`, `delete_alert` \u2014 manage incident alert rules.",
+    "- `list_webhooks`, `create_webhook`, `update_webhook`, `delete_webhook` \u2014 manage signed webhook destinations.",
+    "- `test_webhook`, `list_webhook_deliveries` \u2014 validate webhook delivery and inspect delivery history.",
+    "",
+    "Use these tools when the reported problem is missing, duplicate, delayed, disabled, or failed notification delivery.",
+    "",
+    "## Availability Check Tools",
+    "",
+    "- `list_health_checks` \u2014 list hosted health checks and plan limits for a project.",
+    "- `get_health_check` \u2014 fetch one hosted health check by id.",
+    "- `test_health_check` \u2014 run a side-effect-free target test without opening incidents or writing retained history.",
+    "- `create_health_check`, `update_health_check`, `delete_health_check` \u2014 manage saved hosted health checks when the user explicitly asks to change monitoring.",
+    "- `list_health_check_results` \u2014 inspect recent raw executions for one check.",
+    "- `list_health_check_daily_rollups` \u2014 inspect retained per-day status history for one check.",
+    "",
+    "Use these tools for endpoint downtime, public reachability, and project Health tab issues. Start with list/results/rollups, use `test_health_check` before saving target changes, and inspect the linked normal incident bundle when failures crossed the configured threshold.",
+    "",
+    "## Documentation URLs",
+    "",
+    "- MCP overview: `https://debugbundle.com/docs/mcp`",
+    "- MCP workflows: `https://debugbundle.com/docs/mcp/workflows`",
+    "- MCP tools: `https://debugbundle.com/docs/mcp/tools`",
+    "- Availability checks: `https://debugbundle.com/docs/availability-checks`",
+    "- Probes: `https://debugbundle.com/docs/probes`",
+    "- Capture policy and rules: `https://debugbundle.com/docs/capture-policy`",
+    "- Alerts: `https://debugbundle.com/docs/alerts`",
+    "- Webhooks: `https://debugbundle.com/docs/webhooks`",
+    "- API ingestion: `https://debugbundle.com/docs/api/ingestion`",
+    "",
     "## Smoke-Test Cleanup Recipe",
     "",
     '1. Call `list_incidents` with `status: "open"`.',
@@ -16276,6 +16427,15 @@ function buildSkillEvals() {
             "Use capture-policy path rules for known route-scoped 4xx incidents."
           ]
         },
+        {
+          name: "operational_controls_guidance",
+          prompt: "The user reports missing webhook deliveries and asks whether probes or alerts are available. Confirm the skill points the agent to the relevant operational controls and docs.",
+          expected_behavior: [
+            "Inspect alert and webhook configuration plus webhook delivery history before changing application code.",
+            "Use probes for targeted evidence gathering with narrow scope and TTL.",
+            "Point to the full CLI, MCP, alerts, webhooks, probes, capture policy, availability checks, and ingestion documentation URLs."
+          ]
+        },
         {
           name: "artifact_path_discovery",
           prompt: "The user reports an unknown local runtime error. Confirm the skill tells the agent which DebugBundle paths and commands to inspect first.",
@@ -16701,6 +16861,20 @@ var import_promises3 = require("node:fs/promises");
 var import_node_path4 = require("node:path");
 
 // ../../packages/retrieval-client/src/index.ts
+var ProjectColorTagResponseSchema = external_exports.unknown().transform((value, context) => {
+  if (value === void 0 || value === null) {
+    return null;
+  }
+  const parsed = ProjectColorTagSchema.safeParse(value);
+  if (!parsed.success) {
+    context.addIssue({
+      code: external_exports.ZodIssueCode.custom,
+      message: "Invalid project color tag"
+    });
+    return external_exports.NEVER;
+  }
+  return parsed.data;
+});
 var IncidentReasonSchema = external_exports.object({
   kind: external_exports.enum(["backend_exception", "frontend_exception", "request_failure", "error_log"]),
   description: external_exports.string(),
@@ -16712,6 +16886,7 @@ var IncidentSchema = external_exports.object({
   incident_id: external_exports.string(),
   project_id: external_exports.string(),
   project_name: external_exports.string(),
+  project_color_tag: ProjectColorTagResponseSchema,
   service_id: external_exports.string().nullable(),
   service_name: external_exports.string().nullable(),
   latest_deployment_id: external_exports.string().nullable(),
@@ -16734,6 +16909,7 @@ var ImprovementSchema = external_exports.object({
   improvement_id: external_exports.string(),
   project_id: external_exports.string(),
   project_name: external_exports.string(),
+  project_color_tag: ProjectColorTagResponseSchema,
   project_slug: external_exports.string(),
   service_id: external_exports.string().nullable(),
   service_name: external_exports.string(),
@@ -16919,6 +17095,24 @@ async function expectServices(responsePromise) {
   const parsed = await expectParsed(responsePromise, ServicesResponseSchema);
   return parsed.services;
 }
+function normalizeIncidentRecord(incident) {
+  return {
+    ...incident,
+    project_color_tag: incident.project_color_tag
+  };
+}
+function normalizeIncidentContext(context) {
+  return {
+    ...context,
+    incident: normalizeIncidentRecord(context.incident)
+  };
+}
+function normalizeImprovementRecord(improvement) {
+  return {
+    ...improvement,
+    project_color_tag: improvement.project_color_tag
+  };
+}
 function createRetrievalApi(client) {
   return {
     async listIncidents(input2) {
@@ -16957,7 +17151,7 @@ function createRetrievalApi(client) {
         IncidentsResponseSchema
       );
       return {
-        incidents: parsed.incidents,
+        incidents: parsed.incidents.map(normalizeIncidentRecord),
         next_cursor: parsed.next_cursor ?? null
       };
     },
@@ -16970,10 +17164,10 @@ function createRetrievalApi(client) {
         }),
         IncidentResponseSchema
       );
-      return parsed.incident;
+      return normalizeIncidentRecord(parsed.incident);
     },
     async getIncidentContext(input2) {
-      return await expectParsed(
+      const parsed = await expectParsed(
         client.request({
           method: "GET",
           path: `/v1/incidents/${input2.incidentId}/context`,
@@ -16981,6 +17175,7 @@ function createRetrievalApi(client) {
         }),
         IncidentContextSchema
       );
+      return normalizeIncidentContext(parsed);
     },
     async resolveIncident(input2) {
       const parsed = await expectParsed(
@@ -16991,7 +17186,7 @@ function createRetrievalApi(client) {
         }),
         IncidentResponseSchema
       );
-      return parsed.incident;
+      return normalizeIncidentRecord(parsed.incident);
     },
     async resolveIncidents(input2) {
       const parsed = await expectParsed(
@@ -17005,7 +17200,7 @@ function createRetrievalApi(client) {
         }),
         BulkIncidentResponseSchema
       );
-      return parsed.incidents;
+      return parsed.incidents.map(normalizeIncidentRecord);
     },
     async reopenIncident(input2) {
       const parsed = await expectParsed(
@@ -17016,7 +17211,7 @@ function createRetrievalApi(client) {
         }),
         IncidentResponseSchema
       );
-      return parsed.incident;
+      return normalizeIncidentRecord(parsed.incident);
     },
     async reopenIncidents(input2) {
       const parsed = await expectParsed(
@@ -17030,7 +17225,7 @@ function createRetrievalApi(client) {
         }),
         BulkIncidentResponseSchema
       );
-      return parsed.incidents;
+      return parsed.incidents.map(normalizeIncidentRecord);
     },
     async getBundle(input2) {
       const bundle = await expectParsed(
@@ -17127,7 +17322,7 @@ function createRetrievalApi(client) {
         ImprovementsResponseSchema
       );
       return {
-        improvements: parsed.improvements,
+        improvements: parsed.improvements.map(normalizeImprovementRecord),
         next_cursor: parsed.next_cursor ?? null
       };
     },
@@ -17140,7 +17335,7 @@ function createRetrievalApi(client) {
         }),
         ImprovementResponseSchema
       );
-      return parsed.improvement;
+      return normalizeImprovementRecord(parsed.improvement);
     },
     async resolveImprovement(input2) {
       const parsed = await expectParsed(
@@ -17151,7 +17346,7 @@ function createRetrievalApi(client) {
         }),
         ImprovementResponseSchema
       );
-      return parsed.improvement;
+      return normalizeImprovementRecord(parsed.improvement);
     },
     async reopenImprovement(input2) {
       const parsed = await expectParsed(
@@ -17162,7 +17357,7 @@ function createRetrievalApi(client) {
         }),
         ImprovementResponseSchema
       );
-      return parsed.improvement;
+      return normalizeImprovementRecord(parsed.improvement);
     },
     async snoozeImprovement(input2) {
       const parsed = await expectParsed(
@@ -17174,7 +17369,7 @@ function createRetrievalApi(client) {
         }),
         ImprovementResponseSchema
       );
-      return parsed.improvement;
+      return normalizeImprovementRecord(parsed.improvement);
     },
     async getImprovementBundle(input2) {
       return await expectParsed(
@@ -18212,6 +18407,136 @@ var AVAILABILITY_CHECK_BOOTSTRAP_STATEMENTS = [
   `
 ];
 
+// ../../packages/storage/src/storage-bootstrap-account-analytics-statements.ts
+var STORAGE_BOOTSTRAP_ACCOUNT_ANALYTICS_STATEMENTS = [
+  `
+    CREATE TABLE account_analytics_accounts (
+      analytics_account_id uuid PRIMARY KEY,
+      organization_id uuid UNIQUE,
+      organization_id_hash text NOT NULL UNIQUE,
+      created_at timestamptz NOT NULL,
+      first_seen_at timestamptz NOT NULL,
+      metrics_collection_started_at timestamptz NOT NULL,
+      backfilled_from_retained_rows_at timestamptz,
+      deleted_at timestamptz,
+      initial_plan text,
+      latest_known_plan text,
+      latest_capacity_units integer,
+      account_deleted boolean NOT NULL DEFAULT false,
+      metrics_schema_version integer NOT NULL DEFAULT 1,
+      updated_at timestamptz NOT NULL DEFAULT now()
+    )
+  `,
+  `
+    CREATE TABLE account_metric_periods (
+      analytics_account_id uuid NOT NULL REFERENCES account_analytics_accounts(analytics_account_id),
+      period_grain text NOT NULL CHECK (period_grain IN ('day', 'month', 'year', 'lifetime')),
+      period_starts_at timestamptz NOT NULL,
+      metric_key text NOT NULL,
+      metric_value bigint NOT NULL DEFAULT 0,
+      updated_at timestamptz NOT NULL DEFAULT now(),
+      PRIMARY KEY (analytics_account_id, period_grain, period_starts_at, metric_key)
+    )
+  `,
+  `
+    CREATE INDEX account_metric_periods_grain_period_metric_idx
+    ON account_metric_periods (period_grain, period_starts_at, metric_key)
+  `,
+  `
+    CREATE INDEX account_metric_periods_account_grain_period_idx
+    ON account_metric_periods (analytics_account_id, period_grain, period_starts_at)
+  `,
+  `
+    CREATE TABLE account_metric_events (
+      dedupe_key_hash text PRIMARY KEY,
+      analytics_account_id uuid NOT NULL REFERENCES account_analytics_accounts(analytics_account_id),
+      metric_source text NOT NULL,
+      occurred_at timestamptz NOT NULL,
+      recorded_at timestamptz NOT NULL DEFAULT now(),
+      metric_deltas jsonb NOT NULL
+    )
+  `,
+  `
+    CREATE TABLE ingestion_rejection_diagnostic_periods (
+      analytics_account_id uuid NOT NULL REFERENCES account_analytics_accounts(analytics_account_id),
+      period_starts_at timestamptz NOT NULL,
+      rejection_reason text NOT NULL,
+      project_id_text text NOT NULL DEFAULT '',
+      service_name text NOT NULL DEFAULT '',
+      service_environment text NOT NULL DEFAULT '',
+      service_runtime text NOT NULL DEFAULT '',
+      sdk_name text NOT NULL DEFAULT '',
+      sdk_version text NOT NULL DEFAULT '',
+      event_type text NOT NULL DEFAULT '',
+      validation_code text NOT NULL DEFAULT '',
+      validation_path text NOT NULL DEFAULT '',
+      occurrences bigint NOT NULL DEFAULT 0,
+      first_seen_at timestamptz NOT NULL,
+      last_seen_at timestamptz NOT NULL,
+      updated_at timestamptz NOT NULL DEFAULT now(),
+      PRIMARY KEY (
+        analytics_account_id,
+        period_starts_at,
+        rejection_reason,
+        project_id_text,
+        service_name,
+        service_environment,
+        service_runtime,
+        sdk_name,
+        sdk_version,
+        event_type,
+        validation_code,
+        validation_path
+      )
+    )
+  `,
+  `
+    CREATE INDEX ingestion_rejection_diagnostic_periods_reason_period_idx
+    ON ingestion_rejection_diagnostic_periods (rejection_reason, period_starts_at, last_seen_at DESC)
+  `,
+  `
+    CREATE TABLE account_payment_retention_records (
+      id uuid PRIMARY KEY,
+      analytics_account_id uuid NOT NULL REFERENCES account_analytics_accounts(analytics_account_id),
+      organization_id_hash text NOT NULL,
+      provider text NOT NULL,
+      plan text,
+      billing_state text,
+      stripe_customer_id text,
+      stripe_subscription_id text,
+      billing_period_starts_at timestamptz,
+      billing_period_ends_at timestamptz,
+      additional_capacity_units integer,
+      last_billing_event_id text,
+      account_deleted_at timestamptz NOT NULL,
+      recorded_at timestamptz NOT NULL DEFAULT now(),
+      updated_at timestamptz NOT NULL DEFAULT now(),
+      UNIQUE (analytics_account_id, provider)
+    )
+  `,
+  `
+    CREATE INDEX account_payment_retention_records_provider_idx
+    ON account_payment_retention_records (provider, account_deleted_at DESC)
+  `,
+  `
+    CREATE TABLE account_payment_provider_events (
+      provider_event_key text PRIMARY KEY,
+      analytics_account_id uuid NOT NULL REFERENCES account_analytics_accounts(analytics_account_id),
+      organization_id_hash text NOT NULL,
+      provider text NOT NULL,
+      provider_event_id text NOT NULL,
+      provider_event_type text NOT NULL,
+      processed_at timestamptz NOT NULL,
+      account_deleted_at timestamptz NOT NULL,
+      recorded_at timestamptz NOT NULL DEFAULT now()
+    )
+  `,
+  `
+    CREATE UNIQUE INDEX account_payment_provider_events_provider_event_key
+    ON account_payment_provider_events (provider, provider_event_id)
+  `
+];
+
 // ../../packages/storage/src/storage-bootstrap-statements.ts
 var STORAGE_BOOTSTRAP_STATEMENTS = [
   `
@@ -18275,6 +18600,8 @@ var STORAGE_BOOTSTRAP_STATEMENTS = [
       name text NOT NULL,
       slug text NOT NULL,
       environment_default text NOT NULL DEFAULT 'production',
+      color_tag text
+        CHECK (color_tag IN ('red', 'orange', 'amber', 'yellow', 'lime', 'green', 'emerald', 'teal', 'cyan', 'sky', 'blue', 'indigo', 'violet', 'purple', 'fuchsia', 'pink', 'rose', 'slate') OR color_tag IS NULL),
       automated_improvement_bundles_enabled boolean NOT NULL DEFAULT true,
       improvement_bundle_sensitivity text NOT NULL DEFAULT 'high_confidence'
         CHECK (improvement_bundle_sensitivity IN ('high_confidence', 'balanced', 'verbose')),
@@ -19151,94 +19478,7 @@ var STORAGE_BOOTSTRAP_STATEMENTS = [
       PRIMARY KEY (project_id, period_starts_at)
     )
   `,
-  `
-    CREATE TABLE account_analytics_accounts (
-      analytics_account_id uuid PRIMARY KEY,
-      organization_id uuid UNIQUE,
-      organization_id_hash text NOT NULL UNIQUE,
-      created_at timestamptz NOT NULL,
-      first_seen_at timestamptz NOT NULL,
-      metrics_collection_started_at timestamptz NOT NULL,
-      backfilled_from_retained_rows_at timestamptz,
-      deleted_at timestamptz,
-      initial_plan text,
-      latest_known_plan text,
-      latest_capacity_units integer,
-      account_deleted boolean NOT NULL DEFAULT false,
-      metrics_schema_version integer NOT NULL DEFAULT 1,
-      updated_at timestamptz NOT NULL DEFAULT now()
-    )
-  `,
-  `
-    CREATE TABLE account_metric_periods (
-      analytics_account_id uuid NOT NULL REFERENCES account_analytics_accounts(analytics_account_id),
-      period_grain text NOT NULL CHECK (period_grain IN ('day', 'month', 'year', 'lifetime')),
-      period_starts_at timestamptz NOT NULL,
-      metric_key text NOT NULL,
-      metric_value bigint NOT NULL DEFAULT 0,
-      updated_at timestamptz NOT NULL DEFAULT now(),
-      PRIMARY KEY (analytics_account_id, period_grain, period_starts_at, metric_key)
-    )
-  `,
-  `
-    CREATE INDEX account_metric_periods_grain_period_metric_idx
-    ON account_metric_periods (period_grain, period_starts_at, metric_key)
-  `,
-  `
-    CREATE INDEX account_metric_periods_account_grain_period_idx
-    ON account_metric_periods (analytics_account_id, period_grain, period_starts_at)
-  `,
-  `
-    CREATE TABLE account_metric_events (
-      dedupe_key_hash text PRIMARY KEY,
-      analytics_account_id uuid NOT NULL REFERENCES account_analytics_accounts(analytics_account_id),
-      metric_source text NOT NULL,
-      occurred_at timestamptz NOT NULL,
-      recorded_at timestamptz NOT NULL DEFAULT now(),
-      metric_deltas jsonb NOT NULL
-    )
-  `,
-  `
-    CREATE TABLE account_payment_retention_records (
-      id uuid PRIMARY KEY,
-      analytics_account_id uuid NOT NULL REFERENCES account_analytics_accounts(analytics_account_id),
-      organization_id_hash text NOT NULL,
-      provider text NOT NULL,
-      plan text,
-      billing_state text,
-      stripe_customer_id text,
-      stripe_subscription_id text,
-      billing_period_starts_at timestamptz,
-      billing_period_ends_at timestamptz,
-      additional_capacity_units integer,
-      last_billing_event_id text,
-      account_deleted_at timestamptz NOT NULL,
-      recorded_at timestamptz NOT NULL DEFAULT now(),
-      updated_at timestamptz NOT NULL DEFAULT now(),
-      UNIQUE (analytics_account_id, provider)
-    )
-  `,
-  `
-    CREATE INDEX account_payment_retention_records_provider_idx
-    ON account_payment_retention_records (provider, account_deleted_at DESC)
-  `,
-  `
-    CREATE TABLE account_payment_provider_events (
-      provider_event_key text PRIMARY KEY,
-      analytics_account_id uuid NOT NULL REFERENCES account_analytics_accounts(analytics_account_id),
-      organization_id_hash text NOT NULL,
-      provider text NOT NULL,
-      provider_event_id text NOT NULL,
-      provider_event_type text NOT NULL,
-      processed_at timestamptz NOT NULL,
-      account_deleted_at timestamptz NOT NULL,
-      recorded_at timestamptz NOT NULL DEFAULT now()
-    )
-  `,
-  `
-    CREATE UNIQUE INDEX account_payment_provider_events_provider_event_key
-    ON account_payment_provider_events (provider, provider_event_id)
-  `,
+  ...STORAGE_BOOTSTRAP_ACCOUNT_ANALYTICS_STATEMENTS,
   `
     CREATE TABLE operational_email_deliveries (
       id uuid PRIMARY KEY,
@@ -20413,6 +20653,70 @@ var STORAGE_SCHEMA_MIGRATIONS = [
           AND expires_at <= now()
       `
     ]
+  }),
+  defineStorageSchemaMigration({
+    id: "202606140001_add_ingestion_rejection_diagnostics",
+    description: "Track sanitized ingestion rejection diagnostics for operator breakdowns.",
+    statements: [
+      `
+        CREATE TABLE IF NOT EXISTS ingestion_rejection_diagnostic_periods (
+          analytics_account_id uuid NOT NULL REFERENCES account_analytics_accounts(analytics_account_id),
+          period_starts_at timestamptz NOT NULL,
+          rejection_reason text NOT NULL,
+          project_id_text text NOT NULL DEFAULT '',
+          service_name text NOT NULL DEFAULT '',
+          service_environment text NOT NULL DEFAULT '',
+          service_runtime text NOT NULL DEFAULT '',
+          sdk_name text NOT NULL DEFAULT '',
+          sdk_version text NOT NULL DEFAULT '',
+          event_type text NOT NULL DEFAULT '',
+          validation_code text NOT NULL DEFAULT '',
+          validation_path text NOT NULL DEFAULT '',
+          occurrences bigint NOT NULL DEFAULT 0,
+          first_seen_at timestamptz NOT NULL,
+          last_seen_at timestamptz NOT NULL,
+          updated_at timestamptz NOT NULL DEFAULT now(),
+          PRIMARY KEY (
+            analytics_account_id,
+            period_starts_at,
+            rejection_reason,
+            project_id_text,
+            service_name,
+            service_environment,
+            service_runtime,
+            sdk_name,
+            sdk_version,
+            event_type,
+            validation_code,
+            validation_path
+          )
+        )
+      `,
+      `
+        CREATE INDEX IF NOT EXISTS ingestion_rejection_diagnostic_periods_reason_period_idx
+        ON ingestion_rejection_diagnostic_periods (
+          rejection_reason,
+          period_starts_at,
+          last_seen_at DESC
+        )
+      `
+    ]
+  }),
+  defineStorageSchemaMigration({
+    id: "202606170001_add_project_color_tags",
+    description: "Add optional project color tags for project metadata and retrieval surfaces.",
+    statements: [
+      "ALTER TABLE projects ADD COLUMN IF NOT EXISTS color_tag text",
+      "ALTER TABLE projects DROP CONSTRAINT IF EXISTS projects_color_tag_check",
+      `
+        ALTER TABLE projects
+        ADD CONSTRAINT projects_color_tag_check
+        CHECK (
+          color_tag IN ('red', 'orange', 'amber', 'yellow', 'lime', 'green', 'emerald', 'teal', 'cyan', 'sky', 'blue', 'indigo', 'violet', 'purple', 'fuchsia', 'pink', 'rose', 'slate')
+          OR color_tag IS NULL
+        )
+      `
+    ]
   })
 ];
 
@@ -20420,7 +20724,7 @@ var STORAGE_SCHEMA_MIGRATIONS = [
 var STORAGE_SCHEMA_MIGRATIONS2 = [
   ...STORAGE_SCHEMA_MIGRATIONS,
   ...AVAILABILITY_CHECK_STORAGE_SCHEMA_MIGRATIONS
-];
+].sort((left, right) => left.id.localeCompare(right.id));
 
 // src/local-retrieval-store.ts
 var CONNECTION_FILE_PATH2 = ".debugbundle/local/connection.json";
@@ -21165,6 +21469,20 @@ var import_promises8 = require("node:fs/promises");
 var import_node_path9 = require("node:path");
 
 // ../../packages/project-management-client/src/index.ts
+var ProjectColorTagResponseSchema2 = external_exports.unknown().transform((value, context) => {
+  if (value === void 0 || value === null) {
+    return null;
+  }
+  const parsed = ProjectColorTagSchema.safeParse(value);
+  if (!parsed.success) {
+    context.addIssue({
+      code: external_exports.ZodIssueCode.custom,
+      message: "Invalid project color tag"
+    });
+    return external_exports.NEVER;
+  }
+  return parsed.data;
+});
 var ProjectMetricsSchema = external_exports.object({
   open_incidents: external_exports.number().int().nonnegative().default(0),
   regressed_incidents: external_exports.number().int().nonnegative().default(0),
@@ -21187,6 +21505,7 @@ var ProjectRecordSchema = external_exports.object({
   name: external_exports.string(),
   slug: external_exports.string(),
   environment_default: external_exports.string(),
+  color_tag: ProjectColorTagResponseSchema2,
   organization_plan: external_exports.enum(["free", "solo", "team"]),
   metrics: ProjectMetricsSchema,
   created_at: external_exports.string(),
@@ -21210,6 +21529,7 @@ var DeletedProjectRecordSchema = external_exports.object({
   name: external_exports.string(),
   slug: external_exports.string(),
   environment_default: external_exports.string(),
+  color_tag: ProjectColorTagResponseSchema2,
   organization_plan: external_exports.enum(["free", "solo", "team"]),
   created_at: external_exports.string(),
   updated_at: external_exports.string()
@@ -21236,6 +21556,18 @@ function parseApiError2(status, body) {
   }
   throw new ProjectManagementApiError(status, parsed.data.error);
 }
+function normalizeProjectRecord(project) {
+  return {
+    ...project,
+    color_tag: project.color_tag
+  };
+}
+function normalizeDeletedProjectRecord(project) {
+  return {
+    ...project,
+    color_tag: project.color_tag
+  };
+}
 async function expectProjects(responsePromise) {
   const response = await responsePromise;
   if (response.status < 200 || response.status >= 300) {
@@ -21245,7 +21577,7 @@ async function expectProjects(responsePromise) {
   if (!parsed.success) {
     throw new ProjectManagementApiError(response.status, "invalid_response_shape");
   }
-  return parsed.data.projects;
+  return parsed.data.projects.map(normalizeProjectRecord);
 }
 async function expectProject(responsePromise) {
   const response = await responsePromise;
@@ -21256,7 +21588,7 @@ async function expectProject(responsePromise) {
   if (!parsed.success) {
     throw new ProjectManagementApiError(response.status, "invalid_response_shape");
   }
-  return parsed.data.project;
+  return normalizeProjectRecord(parsed.data.project);
 }
 async function expectDeletedProject(responsePromise) {
   const response = await responsePromise;
@@ -21267,7 +21599,7 @@ async function expectDeletedProject(responsePromise) {
   if (!parsed.success) {
     throw new ProjectManagementApiError(response.status, "invalid_response_shape");
   }
-  return parsed.data.project;
+  return normalizeDeletedProjectRecord(parsed.data.project);
 }
 function createProjectManagementApi(client) {
   return {
@@ -21290,7 +21622,8 @@ function createProjectManagementApi(client) {
           body: {
             name: input2.name,
             slug: input2.slug,
-            ...input2.environmentDefault === void 0 ? {} : { environment_default: input2.environmentDefault }
+            ...input2.environmentDefault === void 0 ? {} : { environment_default: input2.environmentDefault },
+            ...input2.colorTag === void 0 ? {} : { color_tag: input2.colorTag }
           }
         })
       );
@@ -21306,6 +21639,9 @@ function createProjectManagementApi(client) {
       if (input2.environmentDefault !== void 0) {
         body["environment_default"] = input2.environmentDefault;
       }
+      if (input2.colorTag !== void 0) {
+        body["color_tag"] = input2.colorTag;
+      }
       return expectProject(
         client.request({
           method: "PATCH",
@@ -27622,7 +27958,7 @@ function buildManagedAgentsSection() {
     "- Read `.agents/skills/debugbundle/SKILL.md` for the full debugging workflow.",
     "- Use `debugbundle inspect <incident-id>` or MCP `get_bundle` when a user reports an issue.",
     "- Run reproduction artifacts from `.debugbundle/bundles/local/reproductions/` before proposing a fix.",
-    "- After a fix is verified, or after an intentional smoke or dogfood incident has served its purpose, resolve it with `debugbundle resolve <incident-id>` or MCP `resolve_incident` so open incidents remain actionable.",
+    "- After a fix is verified, or after an intentional smoke or dogfood incident has served its purpose, resolve it with `debugbundle resolve <incident-id> [incident-id ...]` or MCP `resolve_incident` / `resolve_incidents` so open incidents remain actionable.",
     "- Use `debugbundle doctor` to validate local DebugBundle setup or connectivity issues.",
     MANAGED_AGENTS_END
   ].join("\n");
@@ -30104,8 +30440,8 @@ var CLI_USAGE_LINES = [
   "  debugbundle github deliveries --project-id <id> [--status <status>] [--limit <n>] [--auth-file <path>] [--json]",
   "  debugbundle github deliveries retry <delivery-id> --project-id <id> [--auth-file <path>] [--json]",
   "  debugbundle project list [--limit <n>] [--auth-file <path>] [--json]",
-  "  debugbundle project create --name <name> --slug <slug> [--environment-default <env>] [--auth-file <path>] [--json]",
-  "  debugbundle project update <project-id> [--name <name>] [--slug <slug>] [--environment-default <env>] [--auth-file <path>] [--json]",
+  "  debugbundle project create --name <name> --slug <slug> [--environment-default <env>] [--color-tag <tag>] [--auth-file <path>] [--json]",
+  "  debugbundle project update <project-id> [--name <name>] [--slug <slug>] [--environment-default <env>] [--color-tag <tag> | --clear-color-tag] [--auth-file <path>] [--json]",
   "  debugbundle project delete <project-id> [--auth-file <path>] [--json]",
   "  debugbundle token project list <project-id> [--limit <n>] [--auth-file <path>] [--json]",
   "  debugbundle token project create <project-id> --label <label> [--allowed-origin <origin> ...] [--auth-file <path>] [--json]",
@@ -30469,7 +30805,7 @@ function parseArgv(argv) {
       positionals.push(token);
       continue;
     }
-    if (token === "--fix" || token === "--json" || token === "--check-relay" || token === "--privacy" || token === "--help" || token === "--version" || token === "--non-interactive" || token === "--local" || token === "--cloud" || token === "--events" || token === "--bundles" || token === "--all" || token === "--trigger-5xx" || token === "--expect-app-event" || token === "--github" || token === "--github-cli" || token === "--github-device") {
+    if (token === "--fix" || token === "--json" || token === "--check-relay" || token === "--privacy" || token === "--help" || token === "--version" || token === "--non-interactive" || token === "--local" || token === "--cloud" || token === "--events" || token === "--bundles" || token === "--all" || token === "--trigger-5xx" || token === "--expect-app-event" || token === "--github" || token === "--github-cli" || token === "--github-device" || token === "--clear-color-tag") {
       options.set(token.slice(2), true);
       continue;
     }
@@ -32357,6 +32693,9 @@ async function createProjectCommand(input2, api) {
     if (input2.environmentDefault !== void 0) {
       requestInput.environmentDefault = input2.environmentDefault;
     }
+    if (input2.colorTag !== void 0) {
+      requestInput.colorTag = input2.colorTag;
+    }
     const project = await api.createProject(requestInput);
     return {
       exitCode: 0,
@@ -32381,6 +32720,9 @@ async function updateProjectCommand(input2, api) {
     if (input2.environmentDefault !== void 0) {
       requestInput.environmentDefault = input2.environmentDefault;
     }
+    if (input2.colorTag !== void 0) {
+      requestInput.colorTag = input2.colorTag;
+    }
     const project = await api.updateProject(requestInput);
     return {
       exitCode: 0,
@@ -32437,6 +32779,9 @@ async function createProjectWithAuthCommand(input2, dependencies) {
       if (input2.environmentDefault !== void 0) {
         commandInput.environmentDefault = input2.environmentDefault;
       }
+      if (input2.colorTag !== void 0) {
+        commandInput.colorTag = input2.colorTag;
+      }
       if (input2.json !== void 0) {
         commandInput.json = input2.json;
       }
@@ -32464,6 +32809,9 @@ async function updateProjectWithAuthCommand(input2, dependencies) {
       if (input2.environmentDefault !== void 0) {
         commandInput.environmentDefault = input2.environmentDefault;
       }
+      if (input2.colorTag !== void 0) {
+        commandInput.colorTag = input2.colorTag;
+      }
       if (input2.json !== void 0) {
         commandInput.json = input2.json;
       }
@@ -32766,6 +33114,16 @@ async function revokeMemberTokenWithAuthCommand(input2, dependencies) {
 }
 
 // src/management-billing-project-token-command-handlers.ts
+function readProjectColorTagOption(parsedArgv) {
+  const colorTag = readStringOption(parsedArgv, "color-tag");
+  if (colorTag === void 0) {
+    return void 0;
+  }
+  if (PROJECT_COLOR_TAG_VALUES.includes(colorTag)) {
+    return colorTag;
+  }
+  throw new CliInputError("Invalid value for --color-tag.");
+}
 async function handleBillingCommand(parsedArgv, dependencies) {
   const action = requirePositional(parsedArgv, 1, "action");
   if (action === "get") {
@@ -32919,7 +33277,7 @@ async function handleProjectCommand(parsedArgv, dependencies) {
     return await (dependencies.listProjectsCommand ?? listProjectsWithAuthCommand)(input2);
   }
   if (action === "create") {
-    expectNoUnknownOptions(parsedArgv, ["auth-file", "json", "name", "slug", "environment-default"]);
+    expectNoUnknownOptions(parsedArgv, ["auth-file", "json", "name", "slug", "environment-default", "color-tag"]);
     ensureNoExtraPositionals(parsedArgv, 2);
     const name = readStringOption(parsedArgv, "name");
     if (name === void 0) {
@@ -32934,10 +33292,14 @@ async function handleProjectCommand(parsedArgv, dependencies) {
     if (environmentDefault !== void 0) {
       input2.environmentDefault = environmentDefault;
     }
+    const colorTag = readProjectColorTagOption(parsedArgv);
+    if (colorTag !== void 0) {
+      input2.colorTag = colorTag;
+    }
     return await (dependencies.createProjectCommand ?? createProjectWithAuthCommand)(input2);
   }
   if (action === "update") {
-    expectNoUnknownOptions(parsedArgv, ["auth-file", "json", "name", "slug", "environment-default"]);
+    expectNoUnknownOptions(parsedArgv, ["auth-file", "json", "name", "slug", "environment-default", "color-tag", "clear-color-tag"]);
     ensureNoExtraPositionals(parsedArgv, 3);
     const input2 = appendCommonAuthOptions(parsedArgv, {
       projectId: requirePositional(parsedArgv, 2, "project-id")
@@ -32954,7 +33316,18 @@ async function handleProjectCommand(parsedArgv, dependencies) {
     if (environmentDefault !== void 0) {
       input2.environmentDefault = environmentDefault;
     }
-    if (input2.name === void 0 && input2.slug === void 0 && input2.environmentDefault === void 0) {
+    if (readBooleanOption(parsedArgv, "clear-color-tag") === true) {
+      if (readStringOption(parsedArgv, "color-tag") !== void 0) {
+        throw new CliInputError("Use either --color-tag or --clear-color-tag.");
+      }
+      input2.colorTag = null;
+    } else {
+      const colorTag = readProjectColorTagOption(parsedArgv);
+      if (colorTag !== void 0) {
+        input2.colorTag = colorTag;
+      }
+    }
+    if (input2.name === void 0 && input2.slug === void 0 && input2.environmentDefault === void 0 && input2.colorTag === void 0) {
       throw new CliInputError("At least one project field must be provided.");
     }
     return await (dependencies.updateProjectCommand ?? updateProjectWithAuthCommand)(input2);
@@ -36537,7 +36910,7 @@ async function handleCaptureRuleCommand2(parsedArgv, dependencies) {
 // package.json
 var package_default = {
   name: "@debugbundle/cli",
-  version: "1.5.0",
+  version: "1.5.2",
   private: false,
   description: "Command-line interface for DebugBundle",
   license: "AGPL-3.0-only",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@debugbundle/cli",
-  "version": "1.5.0",
+  "version": "1.5.2",
   "private": false,
   "description": "Command-line interface for DebugBundle",
   "license": "AGPL-3.0-only",