@heroku/skynet 2.3.0 → 2.5.0

package/README.md

@@ -10,6 +10,53 @@ Most Skynet CLI commands require sudo and only the folowing teams are authrozied
 * heroku-cedar
 * heroku-dogwood
 
+### Break-glass direct suspend (`skynet:suspend:user:direct`)
+
+When Skynet is unavailable, you can suspend users or apps directly via the Heroku API using the hidden command `heroku sudo skynet:suspend:user:direct`. The command will prompt for a **Heroku Platform API key** (it is not stored).
+
+**Getting the platform user API token**
+
+Use an account that is authorized for suspension (e.g. a platform/ops user or your own account if you are on an authorized team). Then obtain an API key in one of these ways:
+
+1. **From the Heroku Dashboard**  
+   Log in as the platform user → [Account settings](https://dashboard.heroku.com/account) → **API Key** section → click "Reveal" or "Regenerate API Key" and copy the key.
+
+2. **From the CLI**  
+   Log in as the platform user (`heroku login`) and run:
+   ```bash
+   heroku auth:token
+   ```
+   Use the printed token when the command prompts for "Heroku Platform API Key".
+
+The token is only used for the duration of the command and is not saved. After running a direct suspend, upload the local suspension record to Skynet once it is back up: `heroku skynet:suspensions:upload`.
+
+### Legal Hold Suspensions
+
+User suspensions can be marked with legal hold status using the `--legal-hold` flag. Legal hold suspensions:
+- Cannot be unsuspended until the hold is cleared by authorized personnel
+- Are tracked for legal/compliance purposes
+- May have data retention requirements
+
+```bash
+heroku sudo skynet:suspend:user -u user@example.com -c "legal" -n "legal hold required" --legal-hold
+```
+
+Legal hold is also supported for break-glass direct suspensions.
+
+### Managing Legal Hold Flags
+
+You can add or remove legal hold flags independently of suspension status:
+
+```bash
+# Add legal hold to a user
+heroku skynet:legal-hold:add -u user@example.com
+
+# Remove legal hold from a user
+heroku skynet:legal-hold:remove -u user@example.com
+```
+
+These commands manage legal hold as a standalone flag/marker on user accounts.
+
 ### Installation
 ```
 heroku plugins:install heroku-skynet-cli

package/dist/commands/allowlist/add.d.ts

@@ -5,8 +5,8 @@ export default class AddAllowlist extends Command {
     static description: string;
     static examples: string[];
     static flags: {
-        value: import("@oclif/core/lib/interfaces/parser.js").OptionFlag<string, import("@oclif/core/lib/interfaces/parser.js").CustomOptions>;
-        notes: import("@oclif/core/lib/interfaces/parser.js").OptionFlag<string, import("@oclif/core/lib/interfaces/parser.js").CustomOptions>;
+        value: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        notes: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
     };
     static hiddenAliases: string[];
     run(): Promise<void>;

package/dist/commands/allowlist/remove.d.ts

@@ -5,7 +5,7 @@ export default class RemoveAllowlist extends Command {
     static description: string;
     static examples: string[];
     static flags: {
-        value: import("@oclif/core/lib/interfaces/parser.js").OptionFlag<string, import("@oclif/core/lib/interfaces/parser.js").CustomOptions>;
+        value: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
     };
     static hiddenAliases: string[];
     run(): Promise<void>;

package/dist/commands/categories/add.d.ts

@@ -5,8 +5,8 @@ export default class AddCategory extends Command {
     static description: string;
     static examples: string[];
     static flags: {
-        name: import("@oclif/core/lib/interfaces/parser.js").OptionFlag<string, import("@oclif/core/lib/interfaces/parser.js").CustomOptions>;
-        description: import("@oclif/core/lib/interfaces/parser.js").OptionFlag<string, import("@oclif/core/lib/interfaces/parser.js").CustomOptions>;
+        name: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        description: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
     };
     run(): Promise<void>;
 }

package/dist/commands/categories/remove.d.ts

@@ -5,7 +5,7 @@ export default class RemoveCategory extends Command {
     static description: string;
     static examples: string[];
     static flags: {
-        name: import("@oclif/core/lib/interfaces/parser.js").OptionFlag<string, import("@oclif/core/lib/interfaces/parser.js").CustomOptions>;
+        name: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
     };
     run(): Promise<void>;
 }

package/dist/commands/deprovision.d.ts

@@ -5,12 +5,12 @@ export default class Deprovision extends Command {
     static description: string;
     static examples: string[];
     static flags: {
-        user: import("@oclif/core/lib/interfaces/parser.js").OptionFlag<string, import("@oclif/core/lib/interfaces/parser.js").CustomOptions>;
-        category: import("@oclif/core/lib/interfaces/parser.js").OptionFlag<string, import("@oclif/core/lib/interfaces/parser.js").CustomOptions>;
-        notes: import("@oclif/core/lib/interfaces/parser.js").OptionFlag<string, import("@oclif/core/lib/interfaces/parser.js").CustomOptions>;
-        bypass: import("@oclif/core/lib/interfaces/parser.js").BooleanFlag<boolean>;
-        notify: import("@oclif/core/lib/interfaces/parser.js").BooleanFlag<boolean>;
-        'no-notify': import("@oclif/core/lib/interfaces/parser.js").BooleanFlag<boolean>;
+        user: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        category: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        notes: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        bypass: import("@oclif/core/interfaces").BooleanFlag<boolean>;
+        notify: import("@oclif/core/interfaces").BooleanFlag<boolean>;
+        'no-notify': import("@oclif/core/interfaces").BooleanFlag<boolean>;
     };
     run(): Promise<void>;
 }

package/dist/commands/deprovision.js

@@ -78,6 +78,6 @@ export default class Deprovision extends Command {
         let response = await skynet.deprovision(user, notes, category, notify, force);
         ux.action.stop();
         response = parseResponse(response);
-        ux.log(`${color.cyan(response.status)}. ${response.message}. Notification ${notificationStatus}`);
+        this.log(`${color.cyan(response.status)}. ${response.message}. Notification ${notificationStatus}`);
     }
 }

package/dist/commands/legal-hold/add.d.ts

@@ -0,0 +1,11 @@
+import { Command } from '@heroku-cli/command';
+export default class AddLegalHold extends Command {
+    static id: string;
+    static aliases: string[];
+    static description: string;
+    static examples: string[];
+    static flags: {
+        user: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+    };
+    run(): Promise<void>;
+}

package/dist/commands/legal-hold/add.js

@@ -0,0 +1,28 @@
+import SkynetAPI from '../../lib/skynet.js';
+import { Command } from '@heroku-cli/command';
+import { color } from '@heroku-cli/color';
+import { Flags, ux } from '@oclif/core';
+export default class AddLegalHold extends Command {
+    static id = 'skynet:legal-hold:add';
+    static aliases = ['skynet:legal-hold:add'];
+    static description = 'add legal hold flag to a user';
+    static examples = [
+        '$ heroku skynet:legal-hold:add -u foo@bar.com'
+    ];
+    static flags = {
+        user: Flags.string({
+            name: 'user',
+            char: 'u',
+            description: 'user to add legal hold to',
+            hasValue: true,
+            required: true
+        })
+    };
+    async run() {
+        const { flags } = await this.parse(AddLegalHold);
+        const skynet = new SkynetAPI(this.heroku.auth);
+        ux.action.start(`adding legal hold to ${color.cyan(flags.user)}`);
+        await skynet.addLegalHold(flags.user);
+        ux.action.stop();
+    }
+}

package/dist/commands/legal-hold/remove.d.ts

@@ -0,0 +1,11 @@
+import { Command } from '@heroku-cli/command';
+export default class RemoveLegalHold extends Command {
+    static id: string;
+    static aliases: string[];
+    static description: string;
+    static examples: string[];
+    static flags: {
+        user: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+    };
+    run(): Promise<void>;
+}

package/dist/commands/legal-hold/remove.js

@@ -0,0 +1,28 @@
+import SkynetAPI from '../../lib/skynet.js';
+import { Command } from '@heroku-cli/command';
+import { color } from '@heroku-cli/color';
+import { Flags, ux } from '@oclif/core';
+export default class RemoveLegalHold extends Command {
+    static id = 'skynet:legal-hold:remove';
+    static aliases = ['skynet:legal-hold:remove'];
+    static description = 'remove legal hold flag from a user';
+    static examples = [
+        '$ heroku skynet:legal-hold:remove -u foo@bar.com'
+    ];
+    static flags = {
+        user: Flags.string({
+            name: 'user',
+            char: 'u',
+            description: 'user to remove legal hold from',
+            hasValue: true,
+            required: true
+        })
+    };
+    async run() {
+        const { flags } = await this.parse(RemoveLegalHold);
+        const skynet = new SkynetAPI(this.heroku.auth);
+        ux.action.start(`removing legal hold from ${color.cyan(flags.user)}`);
+        await skynet.removeLegalHold(flags.user);
+        ux.action.stop();
+    }
+}

package/dist/commands/suspend/app-owner.d.ts

@@ -5,13 +5,13 @@ export default class SuspendAppOwner extends Command {
     static description: string;
     static examples: string[];
     static flags: {
-        app: import("@oclif/core/lib/interfaces/parser.js").OptionFlag<string, import("@oclif/core/lib/interfaces/parser.js").CustomOptions>;
-        infile: import("@oclif/core/lib/interfaces/parser.js").OptionFlag<string, import("@oclif/core/lib/interfaces/parser.js").CustomOptions>;
-        category: import("@oclif/core/lib/interfaces/parser.js").OptionFlag<string, import("@oclif/core/lib/interfaces/parser.js").CustomOptions>;
-        notes: import("@oclif/core/lib/interfaces/parser.js").OptionFlag<string, import("@oclif/core/lib/interfaces/parser.js").CustomOptions>;
-        bypass: import("@oclif/core/lib/interfaces/parser.js").BooleanFlag<boolean>;
-        deprovision: import("@oclif/core/lib/interfaces/parser.js").BooleanFlag<boolean>;
-        async: import("@oclif/core/lib/interfaces/parser.js").BooleanFlag<boolean>;
+        app: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        infile: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        category: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        notes: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        bypass: import("@oclif/core/interfaces").BooleanFlag<boolean>;
+        deprovision: import("@oclif/core/interfaces").BooleanFlag<boolean>;
+        async: import("@oclif/core/interfaces").BooleanFlag<boolean>;
     };
     run(): Promise<void>;
 }

package/dist/commands/suspend/app-owner.js

@@ -73,9 +73,9 @@ export default class SuspendAppOwner extends Command {
             const apps = await readlines(file);
             const chunks = arrayChunks(apps, chunkSize);
             for (const chunk of chunks) {
-                ux.log('Suspending app owners: ' + chunk.join());
+                this.log('Suspending app owners: ' + chunk.join());
                 const response = await skynet.bulkSuspendAppOwner(apps.join(), notes, category, deprovision);
-                ux.log(`${color.cyan(response.status)}. ${response.message}`);
+                this.log(`${color.cyan(response.status)}. ${response.message}`);
             }
         }
         else {

package/dist/commands/suspend/apps.d.ts

@@ -5,11 +5,11 @@ export default class SuspendApp extends Command {
     static description: string;
     static examples: string[];
     static flags: {
-        app: import("@oclif/core/lib/interfaces/parser.js").OptionFlag<string, import("@oclif/core/lib/interfaces/parser.js").CustomOptions>;
-        notes: import("@oclif/core/lib/interfaces/parser.js").OptionFlag<string, import("@oclif/core/lib/interfaces/parser.js").CustomOptions>;
-        category: import("@oclif/core/lib/interfaces/parser.js").OptionFlag<string, import("@oclif/core/lib/interfaces/parser.js").CustomOptions>;
-        bypass: import("@oclif/core/lib/interfaces/parser.js").BooleanFlag<boolean>;
-        async: import("@oclif/core/lib/interfaces/parser.js").BooleanFlag<boolean>;
+        app: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        notes: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        category: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        bypass: import("@oclif/core/interfaces").BooleanFlag<boolean>;
+        async: import("@oclif/core/interfaces").BooleanFlag<boolean>;
     };
     run(): Promise<void>;
 }

package/dist/commands/suspend/user/direct.d.ts

@@ -0,0 +1,24 @@
+import { Command } from '@heroku-cli/command';
+export default class SuspendDirect extends Command {
+    static id: string;
+    static aliases: string[];
+    static description: string;
+    static hidden: boolean;
+    static examples: string[];
+    static flags: {
+        user: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        app: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        'app-owner': import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        category: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        notes: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        bypass: import("@oclif/core/interfaces").BooleanFlag<boolean>;
+        'no-notify': import("@oclif/core/interfaces").BooleanFlag<boolean>;
+        notify: import("@oclif/core/interfaces").BooleanFlag<boolean>;
+        deprovision: import("@oclif/core/interfaces").BooleanFlag<boolean>;
+        'legal-hold': import("@oclif/core/interfaces").BooleanFlag<boolean>;
+    };
+    run(): Promise<void>;
+    private suspendUserDirect;
+    private suspendAppDirect;
+    private getAppOwnerDirect;
+}

package/dist/commands/suspend/user/direct.js

@@ -0,0 +1,286 @@
+import { Command } from '@heroku-cli/command';
+import { color } from '@heroku-cli/color';
+import { Flags, ux } from '@oclif/core';
+import { requireSudo } from '../../../lib/sudo.js';
+import { saveSuspensionRecord } from '../../../lib/local-storage.js';
+import { confirmLegalHold, confirm, promptHidden } from '../../../lib/utils.js';
+import got from 'got';
+export default class SuspendDirect extends Command {
+    static id = 'skynet:suspend:user:direct';
+    static aliases = ['skynet:suspend:user:direct'];
+    static description = '(requires sudo) suspends a user, app, or app-owner directly via Heroku API';
+    static hidden = true;
+    static examples = [
+        '$ heroku sudo skynet:suspend:user:direct -u foo@bar.com -n "helpful suspend message" -c "ddos"',
+        '$ heroku sudo skynet:suspend:user:direct -a myapp -n "helpful suspend message" -c "malware"',
+        '$ heroku sudo skynet:suspend:user:direct --app-owner myapp -n "helpful suspend message" -c "cryptocurrency"'
+    ];
+    static flags = {
+        user: Flags.string({
+            name: 'user',
+            char: 'u',
+            description: 'user to suspend',
+            hasValue: true
+        }),
+        app: Flags.string({
+            name: 'app',
+            char: 'a',
+            description: 'app to suspend',
+            hasValue: true
+        }),
+        'app-owner': Flags.string({
+            name: 'app-owner',
+            description: 'app whose owner should be suspended',
+            hasValue: true
+        }),
+        category: Flags.string({
+            name: 'category',
+            char: 'c',
+            description: 'suspension category',
+            hasValue: true,
+            required: true
+        }),
+        notes: Flags.string({
+            name: 'notes',
+            char: 'n',
+            description: 'suspend notes',
+            hasValue: true,
+            required: true
+        }),
+        bypass: Flags.boolean({
+            name: 'bypass',
+            description: 'force suspension, bypassing skynet safety checks (N/A for direct suspension)',
+            required: false
+        }),
+        'no-notify': Flags.boolean({
+            name: 'no-notify',
+            description: 'skip user suspension email notification (user suspensions only)',
+            required: false
+        }),
+        notify: Flags.boolean({
+            name: 'notify',
+            description: 'send user suspension email notification (user suspensions only)',
+            required: false
+        }),
+        deprovision: Flags.boolean({
+            name: 'deprovision',
+            char: 'd',
+            description: 'put user into the fast resource deletion flow (user/app-owner only)',
+            required: false
+        }),
+        'legal-hold': Flags.boolean({
+            name: 'legal-hold',
+            description: 'mark suspension with legal hold status (prevents unsuspension until cleared)',
+            required: false
+        })
+    };
+    async run() {
+        requireSudo();
+        const { flags } = await this.parse(SuspendDirect);
+        // Validate that exactly one of user/app/app-owner is specified
+        const targetCount = [flags.user, flags.app, flags['app-owner']].filter(Boolean).length;
+        if (targetCount === 0) {
+            ux.error('Must specify one of: --user, --app, or --app-owner');
+        }
+        if (targetCount > 1) {
+            ux.error('Cannot specify more than one of: --user, --app, or --app-owner');
+        }
+        if (flags.notify && flags['no-notify']) {
+            ux.error('Flag --notify and --no-notify cannot be used together');
+        }
+        // Determine suspension level and target
+        let level;
+        let target;
+        let isApp;
+        if (flags.user) {
+            level = 'user';
+            target = flags.user;
+            isApp = false;
+        }
+        else if (flags.app) {
+            level = 'app';
+            target = flags.app;
+            isApp = true;
+        }
+        else {
+            level = 'app-owner';
+            target = flags['app-owner'];
+            isApp = false; // We'll get the user email from the app
+        }
+        // Determine notification setting (only for user suspensions)
+        let notify = process.env.SKYNET_NOTIFICATION !== 'false';
+        if (flags['no-notify']) {
+            notify = false;
+        }
+        else if (flags.notify) {
+            notify = true;
+        }
+        const notes = flags.notes;
+        const category = flags.category;
+        const deprovision = flags.deprovision || false;
+        const legalHold = flags['legal-hold'] || false;
+        // Show warning and get confirmation
+        this.log(color.yellow.bold('⚠ WARNING: Direct suspension bypasses ALL Skynet safety checks!'));
+        this.log(color.yellow('This command directly calls the Heroku API without any whitelist or classification checks.'));
+        this.log('');
+        this.log('Suspension details:');
+        this.log(`  Level:    ${color.cyan(level)}`);
+        this.log(`  Target:   ${color.cyan(target)}`);
+        this.log(`  Category: ${color.cyan(category)}`);
+        this.log(`  Notes:    ${notes}`);
+        if (level === 'user') {
+            this.log(`  Notify:   ${notify ? color.green('yes') : color.red('no')}`);
+        }
+        if (deprovision) {
+            this.log(`  ${color.red.bold('Deprovision: yes (fast resource deletion)')}`);
+        }
+        if (legalHold) {
+            this.log(`  ${color.yellow.bold('Legal Hold: yes (prevents unsuspension)')}`);
+        }
+        this.log('');
+        const confirmed = await confirm(`Are you sure you want to suspend ${color.cyan(target)} WITHOUT Skynet safety checks? (y/n)`);
+        if (!confirmed) {
+            this.log(color.yellow('Suspension cancelled'));
+            return;
+        }
+        // Legal hold confirmation (only for user and app-owner suspensions)
+        if (legalHold && (level === 'user' || level === 'app-owner')) {
+            const legalHoldConfirmed = await confirmLegalHold();
+            if (!legalHoldConfirmed) {
+                this.log(color.yellow('Legal hold suspension cancelled'));
+                return;
+            }
+        }
+        // Prompt for Heroku Platform API Key
+        const apiKey = await promptHidden('Enter Heroku Platform API Key');
+        if (!apiKey || apiKey.trim().length === 0) {
+            ux.error('API Key is required');
+        }
+        ux.action.start(color.blue.bold(`Suspending ${level} ${color.cyan(target)} directly via Heroku API...`));
+        try {
+            let response;
+            let actualResourceId = target;
+            let actualIsApp = isApp;
+            // Handle different suspension levels
+            if (level === 'user') {
+                response = await this.suspendUserDirect(apiKey, target, notes, notify, legalHold);
+            }
+            else if (level === 'app') {
+                response = await this.suspendAppDirect(apiKey, target, notes);
+            }
+            else if (level === 'app-owner') {
+                // First, get the app owner
+                const ownerEmail = await this.getAppOwnerDirect(apiKey, target);
+                actualResourceId = ownerEmail;
+                actualIsApp = false;
+                this.log(color.dim(`App owner: ${color.cyan(ownerEmail)}`));
+                // Then suspend the owner
+                response = await this.suspendUserDirect(apiKey, ownerEmail, notes, notify, legalHold);
+            }
+            ux.action.stop();
+            // Store result locally for later upload to Skynet
+            const record = {
+                resourceId: actualResourceId,
+                isApp: actualIsApp,
+                reason: notes,
+                category,
+                action: 'suspend',
+                createdAt: new Date().toISOString(),
+                method: 'skynet-cli-direct',
+                notify: level === 'user' || level === 'app-owner' ? notify : undefined,
+                deprovision: level === 'user' || level === 'app-owner' ? deprovision : undefined,
+                legalHold: level === 'user' || level === 'app-owner' ? legalHold : undefined
+            };
+            const filepath = await saveSuspensionRecord(record);
+            this.log(color.green(`✓ ${level === 'user' ? 'User' : level === 'app' ? 'App' : 'App owner'} ${color.cyan(actualResourceId)} suspended successfully`));
+            this.log(color.dim(`Suspension record saved locally: ${filepath}`));
+            this.log(color.yellow('⚠ Remember to upload suspension records to Skynet using: heroku skynet:suspensions:upload'));
+            if (response && response.message) {
+                this.log(color.dim(`API Response: ${response.message}`));
+            }
+        }
+        catch (error) {
+            ux.action.stop();
+            if (error.response) {
+                const status = error.response.statusCode;
+                const body = error.response.body;
+                let errorMessage = `Failed to suspend ${target}`;
+                if (typeof body === 'string') {
+                    errorMessage += `: ${body}`;
+                }
+                else if (body && body.message) {
+                    errorMessage += `: ${body.message}`;
+                }
+                else if (body && body.error) {
+                    errorMessage += `: ${body.error}`;
+                }
+                ux.error(`${errorMessage} (HTTP ${status})`);
+            }
+            else {
+                ux.error(`Failed to suspend ${target}: ${error.message}`);
+            }
+        }
+    }
+    async suspendUserDirect(apiKey, email, notes, notify, legalHold) {
+        const herokuApiUrl = 'https://api.heroku.com/abuse/bulk-suspend';
+        const requestBody = {
+            notes,
+            users: [email],
+            notify,
+            legal_hold: legalHold
+        };
+        const response = await got.put(herokuApiUrl, {
+            headers: {
+                'Authorization': `Bearer ${apiKey}`,
+                'X-Heroku-Sudo': 'true',
+                'Accept': 'application/vnd.heroku+json; version=3',
+                'Content-Type': 'application/json'
+            },
+            json: requestBody,
+            responseType: 'json',
+            timeout: {
+                request: 60000 // 60 second timeout
+            }
+        });
+        return response.body;
+    }
+    async suspendAppDirect(apiKey, appName, notes) {
+        const herokuApiUrl = `https://api.heroku.com/apps/${appName}`;
+        const formData = new URLSearchParams();
+        formData.append('suspended', 'true');
+        formData.append('suspended_notes', notes);
+        const response = await got.patch(herokuApiUrl, {
+            headers: {
+                'Authorization': `Bearer ${apiKey}`,
+                'X-Heroku-Sudo': 'true',
+                'Accept': 'application/vnd.heroku+json; version=3',
+                'Content-Type': 'application/x-www-form-urlencoded'
+            },
+            body: formData.toString(),
+            responseType: 'json',
+            timeout: {
+                request: 60000 // 60 second timeout
+            }
+        });
+        return response.body;
+    }
+    async getAppOwnerDirect(apiKey, appName) {
+        const herokuApiUrl = `https://api.heroku.com/apps/${appName}`;
+        const response = await got.get(herokuApiUrl, {
+            headers: {
+                'Authorization': `Bearer ${apiKey}`,
+                'X-Heroku-Sudo': 'true',
+                'Accept': 'application/vnd.heroku+json; version=3'
+            },
+            responseType: 'json',
+            timeout: {
+                request: 60000 // 60 second timeout
+            }
+        });
+        const body = response.body;
+        if (!body.owner || !body.owner.email) {
+            throw new Error('Unable to determine app owner from API response');
+        }
+        return body.owner.email;
+    }
+}

package/dist/commands/suspend/user.d.ts

@@ -5,15 +5,16 @@ export default class SuspendUser extends Command {
     static description: string;
     static examples: string[];
     static flags: {
-        user: import("@oclif/core/lib/interfaces/parser.js").OptionFlag<string, import("@oclif/core/lib/interfaces/parser.js").CustomOptions>;
-        infile: import("@oclif/core/lib/interfaces/parser.js").OptionFlag<string, import("@oclif/core/lib/interfaces/parser.js").CustomOptions>;
-        category: import("@oclif/core/lib/interfaces/parser.js").OptionFlag<string, import("@oclif/core/lib/interfaces/parser.js").CustomOptions>;
-        notes: import("@oclif/core/lib/interfaces/parser.js").OptionFlag<string, import("@oclif/core/lib/interfaces/parser.js").CustomOptions>;
-        bypass: import("@oclif/core/lib/interfaces/parser.js").BooleanFlag<boolean>;
-        'no-notify': import("@oclif/core/lib/interfaces/parser.js").BooleanFlag<boolean>;
-        notify: import("@oclif/core/lib/interfaces/parser.js").BooleanFlag<boolean>;
-        deprovision: import("@oclif/core/lib/interfaces/parser.js").BooleanFlag<boolean>;
-        async: import("@oclif/core/lib/interfaces/parser.js").BooleanFlag<boolean>;
+        user: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        infile: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        category: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        notes: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        bypass: import("@oclif/core/interfaces").BooleanFlag<boolean>;
+        'no-notify': import("@oclif/core/interfaces").BooleanFlag<boolean>;
+        notify: import("@oclif/core/interfaces").BooleanFlag<boolean>;
+        deprovision: import("@oclif/core/interfaces").BooleanFlag<boolean>;
+        async: import("@oclif/core/interfaces").BooleanFlag<boolean>;
+        'legal-hold': import("@oclif/core/interfaces").BooleanFlag<boolean>;
     };
     run(): Promise<void>;
 }