@hogsend/cli 0.11.0 → 0.12.1

package/dist/bin.js

@@ -819,30 +819,1031 @@ var contactsCommand = {
   run: run2
 };
 
+// src/commands/dev.ts
+import { spawnSync as spawnSync2 } from "child_process";
+import { existsSync as existsSync3, readFileSync as readFileSync3 } from "fs";
+import { join as join3, resolve } from "path";
+import { parseArgs as parseArgs5 } from "util";
+
+// src/lib/proc.ts
+import { spawn } from "child_process";
+import { createInterface } from "readline";
+function spawnManaged(opts) {
+  const child = spawn(opts.cmd, opts.args, {
+    cwd: opts.cwd,
+    env: { ...process.env, FORCE_COLOR: "1", ...opts.env },
+    stdio: ["ignore", "pipe", "pipe"],
+    detached: process.platform !== "win32"
+  });
+  const prefix = opts.prefixColor(`[${opts.name}]`);
+  const writeOut = opts.sink ?? ((line2) => process.stdout.write(line2));
+  const writeErr = opts.sink ?? ((line2) => process.stderr.write(line2));
+  if (child.stdout) {
+    const rl = createInterface({ input: child.stdout });
+    rl.on("line", (line2) => writeOut(`${prefix} ${line2}
+`));
+  }
+  if (child.stderr) {
+    const rl = createInterface({ input: child.stderr });
+    rl.on("line", (line2) => writeErr(`${prefix} ${line2}
+`));
+  }
+  const callbacks = [];
+  let exitInfo = null;
+  const exited = new Promise((resolve3) => {
+    const settle = (info) => {
+      if (exitInfo) return;
+      exitInfo = info;
+      resolve3(info);
+      for (const cb of callbacks) cb(info);
+    };
+    child.once("close", (code, signal) => settle({ code, signal }));
+    child.once("error", (err) => {
+      writeErr(`${prefix} failed to start: ${err.message}
+`);
+      settle({ code: null, signal: null });
+    });
+  });
+  return {
+    name: opts.name,
+    child,
+    exited,
+    onExit(cb) {
+      if (exitInfo) {
+        cb(exitInfo);
+        return;
+      }
+      callbacks.push(cb);
+    }
+  };
+}
+function hasExited(proc) {
+  return proc.child.pid === void 0 || proc.child.exitCode !== null || proc.child.signalCode !== null;
+}
+function killTree(proc, signal) {
+  const pid = proc.child.pid;
+  if (pid === void 0 || hasExited(proc)) return;
+  try {
+    if (process.platform !== "win32") {
+      process.kill(-pid, signal);
+    } else {
+      proc.child.kill(signal);
+    }
+  } catch {
+    try {
+      proc.child.kill(signal);
+    } catch {
+    }
+  }
+}
+function sleep(ms) {
+  return new Promise((resolve3) => setTimeout(resolve3, ms));
+}
+async function shutdownAll(procs, opts) {
+  if (procs.length === 0) return;
+  const timeoutMs = opts?.timeoutMs ?? 5e3;
+  for (const proc of procs) killTree(proc, "SIGTERM");
+  const allExited = Promise.all(procs.map((p) => p.exited));
+  await Promise.race([allExited, sleep(timeoutMs)]);
+  const stragglers = procs.filter((p) => !hasExited(p));
+  if (stragglers.length === 0) return;
+  for (const proc of stragglers) killTree(proc, "SIGKILL");
+  await Promise.race([allExited, sleep(2e3)]);
+}
+async function waitForHttp(url, timeoutMs) {
+  const deadline = Date.now() + timeoutMs;
+  let lastError = "no attempt completed";
+  do {
+    try {
+      const res = await fetch(url, { signal: AbortSignal.timeout(2e3) });
+      if (res.ok) return;
+      lastError = `last response: HTTP ${res.status}`;
+    } catch (err) {
+      lastError = `last error: ${err instanceof Error ? err.message : String(err)}`;
+    }
+    await sleep(500);
+  } while (Date.now() < deadline);
+  throw new Error(
+    `timed out after ${Math.round(timeoutMs / 1e3)}s waiting for ${url} (${lastError})`
+  );
+}
+
+// src/lib/setup-steps.ts
+import { spawnSync } from "child_process";
+import { randomBytes } from "crypto";
+import { copyFileSync, existsSync as existsSync2, readFileSync as readFileSync2, writeFileSync } from "fs";
+import { connect } from "net";
+import { join as join2 } from "path";
+
+// src/lib/config.ts
+import { existsSync, readFileSync } from "fs";
+import { join } from "path";
+import { parseArgs as parseArgs3 } from "util";
+var DEFAULT_BASE_URL = "http://localhost:3002";
+function parseGlobalFlags(argv) {
+  const { values: values2, tokens } = parseArgs3({
+    args: argv,
+    allowPositionals: true,
+    strict: false,
+    tokens: true,
+    options: {
+      url: { type: "string" },
+      "admin-key": { type: "string" },
+      "data-key": { type: "string" },
+      json: { type: "boolean", default: false },
+      help: { type: "boolean", short: "h", default: false }
+    }
+  });
+  const owned = /* @__PURE__ */ new Set(["url", "admin-key", "data-key", "json", "help", "h"]);
+  const rest = [];
+  for (const token of tokens) {
+    if (token.kind === "positional") {
+      rest.push(token.value);
+    } else if (token.kind === "option") {
+      if (owned.has(token.name)) continue;
+      rest.push(token.rawName);
+      if (token.value !== void 0 && !token.inlineValue) {
+        rest.push(token.value);
+      } else if (token.inlineValue && token.value !== void 0) {
+        rest[rest.length - 1] = `${token.rawName}=${token.value}`;
+      }
+    }
+  }
+  return {
+    url: typeof values2.url === "string" ? values2.url : void 0,
+    adminKey: typeof values2["admin-key"] === "string" ? values2["admin-key"] : void 0,
+    dataKey: typeof values2["data-key"] === "string" ? values2["data-key"] : void 0,
+    json: values2.json === true,
+    help: values2.help === true,
+    rest
+  };
+}
+function loadDotEnv(cwd = process.cwd()) {
+  const out = {};
+  const file = join(cwd, ".env");
+  if (!existsSync(file)) return out;
+  let raw;
+  try {
+    raw = readFileSync(file, "utf8");
+  } catch {
+    return out;
+  }
+  for (const rawLine of raw.split(/\r?\n/)) {
+    const line2 = rawLine.trim();
+    if (line2 === "" || line2.startsWith("#")) continue;
+    const withoutExport = line2.startsWith("export ") ? line2.slice("export ".length) : line2;
+    const eq2 = withoutExport.indexOf("=");
+    if (eq2 === -1) continue;
+    const key = withoutExport.slice(0, eq2).trim();
+    if (key === "") continue;
+    let value = withoutExport.slice(eq2 + 1).trim();
+    if (value.startsWith('"') && value.endsWith('"') || value.startsWith("'") && value.endsWith("'")) {
+      value = value.slice(1, -1);
+    }
+    out[key] = value;
+  }
+  return out;
+}
+function resolveConfig(flags, cwd = process.cwd()) {
+  const dotenv = loadDotEnv(cwd);
+  const baseUrlRaw = flags.url ?? process.env.HOGSEND_API_URL ?? dotenv.HOGSEND_API_URL ?? DEFAULT_BASE_URL;
+  const adminKey = flags.adminKey ?? process.env.HOGSEND_ADMIN_KEY ?? process.env.ADMIN_API_KEY ?? dotenv.HOGSEND_ADMIN_KEY ?? dotenv.ADMIN_API_KEY;
+  const dataKey = flags.dataKey ?? process.env.HOGSEND_DATA_KEY ?? process.env.HOGSEND_API_KEY ?? dotenv.HOGSEND_DATA_KEY ?? dotenv.HOGSEND_API_KEY;
+  return {
+    baseUrl: baseUrlRaw.replace(/\/+$/, ""),
+    adminKey: adminKey && adminKey.length > 0 ? adminKey : void 0,
+    dataKey: dataKey && dataKey.length > 0 ? dataKey : void 0
+  };
+}
+
+// src/lib/setup-steps.ts
+var SECRET_KEY = "BETTER_AUTH_SECRET";
+var PLACEHOLDER_PREFIX = "change-me";
+var PLACEHOLDER_PREFIXES = [PLACEHOLDER_PREFIX, "REPLACE_ME"];
+function generateSecret() {
+  return randomBytes(32).toString("hex");
+}
+var COMPOSE_FILES = [
+  "docker-compose.yml",
+  "docker-compose.yaml",
+  "compose.yml",
+  "compose.yaml"
+];
+function hasComposeFile(cwd) {
+  return COMPOSE_FILES.some((name) => existsSync2(join2(cwd, name)));
+}
+function readDotEnv(cwd) {
+  return loadDotEnv(cwd);
+}
+function ensureEnvFile(cwd) {
+  const envPath = join2(cwd, ".env");
+  const examplePath = join2(cwd, ".env.example");
+  if (existsSync2(envPath)) {
+    return { step: "env", status: "skipped", detail: ".env already exists" };
+  }
+  if (existsSync2(examplePath)) {
+    copyFileSync(examplePath, envPath);
+    return {
+      step: "env",
+      status: "ok",
+      detail: "copied .env.example -> .env"
+    };
+  }
+  return {
+    step: "env",
+    status: "failed",
+    detail: "no .env and no .env.example to copy from"
+  };
+}
+function ensureAuthSecret(cwd) {
+  const envPath = join2(cwd, ".env");
+  if (!existsSync2(envPath)) {
+    return { step: "secret", status: "skipped", detail: "skipped \u2014 no .env" };
+  }
+  let raw;
+  try {
+    raw = readFileSync2(envPath, "utf8");
+  } catch (err) {
+    return {
+      step: "secret",
+      status: "failed",
+      detail: `could not read .env: ${err instanceof Error ? err.message : String(err)}`
+    };
+  }
+  const lines = raw.split(/\r?\n/);
+  const idx = lines.findIndex(
+    (l) => l.replace(/^export\s+/, "").trimStart().startsWith(`${SECRET_KEY}=`)
+  );
+  const existingLine = idx === -1 ? void 0 : lines[idx];
+  const current = existingLine === void 0 ? void 0 : existingLine.slice(existingLine.indexOf("=") + 1).trim();
+  const isPlaceholder = current === void 0 || current === "" || PLACEHOLDER_PREFIXES.some((prefix) => current.startsWith(prefix));
+  if (!isPlaceholder) {
+    return {
+      step: "secret",
+      status: "skipped",
+      detail: `${SECRET_KEY} already set`
+    };
+  }
+  const secret = generateSecret();
+  const newLine = `${SECRET_KEY}=${secret}`;
+  if (idx === -1) {
+    if (raw.length > 0 && !raw.endsWith("\n")) lines.push("");
+    lines.push(newLine);
+  } else {
+    lines[idx] = newLine;
+  }
+  writeFileSync(envPath, lines.join("\n"));
+  return {
+    step: "secret",
+    status: "ok",
+    detail: `generated ${SECRET_KEY} (64-char hex)`
+  };
+}
+function runCmd(cmd, args, cwd, quiet) {
+  const result = spawnSync(cmd, args, {
+    cwd,
+    stdio: quiet ? "ignore" : "inherit"
+  });
+  return { status: result.status, ok: result.status === 0 };
+}
+async function dockerComposeUp(cwd, opts) {
+  const result = runCmd(
+    "docker",
+    ["compose", "up", "-d"],
+    cwd,
+    opts?.quiet ?? false
+  );
+  return {
+    step: "docker",
+    status: result.ok ? "ok" : "failed",
+    detail: result.ok ? "Postgres + Redis + Hatchet-Lite up" : `docker compose exited with code ${result.status ?? "?"}`
+  };
+}
+async function runMigrations(cwd, opts) {
+  const result = runCmd("pnpm", ["db:migrate"], cwd, opts?.quiet ?? false);
+  return {
+    step: "migrate",
+    status: result.ok ? "ok" : "failed",
+    detail: result.ok ? "engine + client migrations applied" : `pnpm db:migrate exited with code ${result.status ?? "?"}`
+  };
+}
+function probeTcp(opts) {
+  const { port, host = "127.0.0.1", timeoutMs = 750 } = opts;
+  return new Promise((resolve3) => {
+    let settled = false;
+    const socket = connect({ port, host });
+    const done = (ok) => {
+      if (settled) return;
+      settled = true;
+      socket.destroy();
+      resolve3(ok);
+    };
+    socket.once("connect", () => done(true));
+    socket.once("error", () => done(false));
+    socket.setTimeout(timeoutMs, () => done(false));
+  });
+}
+function envPort(env, key, fallback) {
+  const raw = env[key];
+  if (raw === void 0) return fallback;
+  const n = Number(raw);
+  return Number.isInteger(n) && n > 0 && n < 65536 ? n : fallback;
+}
+function parseComposePs(stdout) {
+  const entries = [];
+  const push = (value) => {
+    if (value === null || typeof value !== "object") return;
+    const obj = value;
+    const service = obj.Service ?? obj.Name;
+    const state = obj.State;
+    if (typeof service === "string" && typeof state === "string") {
+      entries.push({ service, state: state.toLowerCase() });
+    }
+  };
+  const trimmed = stdout.trim();
+  if (trimmed === "") return entries;
+  if (trimmed.startsWith("[")) {
+    try {
+      const arr = JSON.parse(trimmed);
+      if (Array.isArray(arr)) for (const item of arr) push(item);
+    } catch {
+    }
+    return entries;
+  }
+  for (const line2 of trimmed.split(/\r?\n/)) {
+    try {
+      push(JSON.parse(line2));
+    } catch {
+    }
+  }
+  return entries;
+}
+async function detectRunningInfra(cwd) {
+  const found = { postgres: false, redis: false, hatchet: false };
+  try {
+    const result = spawnSync("docker", ["compose", "ps", "--format", "json"], {
+      cwd,
+      encoding: "utf8"
+    });
+    if (!result.error && result.status === 0 && typeof result.stdout === "string") {
+      for (const entry of parseComposePs(result.stdout)) {
+        if (entry.state !== "running") continue;
+        if (entry.service === "postgres") {
+          found.postgres = true;
+        } else if (entry.service === "redis") {
+          found.redis = true;
+        } else if (entry.service.startsWith("hatchet") && !entry.service.includes("postgres")) {
+          found.hatchet = true;
+        }
+      }
+    }
+  } catch {
+  }
+  if (found.postgres && found.redis && found.hatchet) return found;
+  try {
+    const env = readDotEnv(cwd);
+    const [postgres2, redis, hatchet] = await Promise.all([
+      found.postgres || probeTcp({ port: envPort(env, "POSTGRES_PORT", 5434) }),
+      found.redis || probeTcp({ port: envPort(env, "REDIS_PORT", 6380) }),
+      found.hatchet || probeTcp({ port: envPort(env, "HATCHET_DASHBOARD_PORT", 8888) })
+    ]);
+    return { postgres: postgres2, redis, hatchet };
+  } catch {
+    return found;
+  }
+}
+
+// src/commands/events.ts
+import { parseArgs as parseArgs4 } from "util";
+var usage3 = `hogsend events <userId> [options]
+hogsend events send <name> [options]
+
+Read a single user's event history (admin API), or send an event into the data
+plane to drive journeys/buckets.
+
+Read mode \u2014 hogsend events <userId>:
+  Stream the event history for a single user, newest first. Wraps
+  GET /v1/admin/events?userId=<userId>.
+
+  Arguments:
+    <userId>          The user (distinct) id to fetch events for. Required.
+
+  Options:
+    --event <name>    Filter to a single event name.
+    --from <iso>      Only events at/after this ISO-8601 timestamp.
+    --to <iso>        Only events at/before this ISO-8601 timestamp.
+    --limit <n>       Max events to return (1-100, default 50).
+    --offset <n>      Pagination offset (default 0).
+
+Send mode \u2014 hogsend events send <name>:
+  Push an event into POST /v1/events (data plane, ingest key). At least one of
+  --email / --user-id is required.
+
+  Options:
+    --email <addr>          Recipient/identity email.
+    --user-id <id>          External (distinct) id.
+    --prop <key=value>      Event property; repeatable. Value parsed as JSON,
+                            falling back to a string.
+    --props <json>          Event properties as one JSON object.
+    --contact-prop <k=v>    Contact property to merge onto the contact; repeatable.
+    --contact-props <json>  Contact properties as one JSON object.
+    --list <id>             Subscribe to a list; repeatable.
+    --unlist <id>           Unsubscribe from a list; repeatable.
+    --idempotency-key <k>   Dedup key (sent as the Idempotency-Key header).
+    --timestamp <iso>       Override the event timestamp.
+
+Global options (handled by the router): --url, --admin-key, --data-key, --json,
+-h/--help.
+
+Examples:
+  hogsend events user_123
+  hogsend events user_123 --event signup --limit 10
+  hogsend events user_123 --from 2026-01-01T00:00:00Z --json
+  hogsend events send signup --user-id user_123 --prop plan=pro
+  hogsend events send purchase --email a@b.com --props '{"amount":49}' --json`;
+async function run3(ctx) {
+  if (ctx.argv[0] === "send") {
+    return runSend2(ctx, ctx.argv.slice(1));
+  }
+  return runRead(ctx, ctx.argv);
+}
+async function runRead(ctx, argv) {
+  const { values: values2, positionals } = parseArgs4({
+    args: argv,
+    allowPositionals: true,
+    options: {
+      event: { type: "string" },
+      from: { type: "string" },
+      to: { type: "string" },
+      limit: { type: "string" },
+      offset: { type: "string" },
+      help: { type: "boolean", short: "h", default: false }
+    }
+  });
+  if (values2.help) {
+    ctx.out.log(usage3);
+    return;
+  }
+  const userId = positionals[0];
+  if (!userId) {
+    ctx.out.fail("events requires a userId, e.g. hogsend events user_123");
+  }
+  const limit = parseNumber(values2.limit, "limit", ctx);
+  const offset = parseNumber(values2.offset, "offset", ctx);
+  const query = {
+    userId,
+    event: values2.event,
+    from: values2.from,
+    to: values2.to,
+    limit,
+    offset
+  };
+  let data;
+  try {
+    data = await ctx.out.step(
+      `Fetching events for ${userId}`,
+      () => ctx.http.get("/v1/admin/events", query)
+    );
+  } catch (error) {
+    if (isHttpError(error)) {
+      ctx.out.fail(error.message);
+    }
+    throw error;
+  }
+  if (ctx.json) {
+    ctx.out.json(data);
+    return;
+  }
+  ctx.out.intro(`${color.bgMagenta(color.black(" hogsend "))} events`);
+  if (data.events.length === 0) {
+    ctx.out.note(
+      `No events found for ${color.cyan(userId)}.`,
+      "Empty event stream"
+    );
+    ctx.out.outro(color.dim("Nothing to show."));
+    return;
+  }
+  const rows = data.events.map((e) => ({
+    occurredAt: e.occurredAt,
+    event: e.event,
+    properties: summarizeProps(e.properties),
+    id: e.id
+  }));
+  ctx.out.table(rows, ["occurredAt", "event", "properties", "id"]);
+  const shown = data.events.length;
+  const through = data.offset + shown;
+  ctx.out.outro(
+    `${color.green(String(shown))} event${shown === 1 ? "" : "s"} ` + color.dim(`(${data.offset + 1}-${through} of ${data.total})`)
+  );
+}
+async function runSend2(ctx, argv) {
+  const { values: values2, positionals } = parseArgs4({
+    args: argv,
+    allowPositionals: true,
+    options: {
+      email: { type: "string" },
+      "user-id": { type: "string" },
+      prop: { type: "string", multiple: true },
+      props: { type: "string" },
+      "contact-prop": { type: "string", multiple: true },
+      "contact-props": { type: "string" },
+      list: { type: "string", multiple: true },
+      unlist: { type: "string", multiple: true },
+      "idempotency-key": { type: "string" },
+      timestamp: { type: "string" },
+      help: { type: "boolean", short: "h", default: false }
+    }
+  });
+  if (values2.help) {
+    ctx.out.log(usage3);
+    return;
+  }
+  const name = positionals[0];
+  if (!name) {
+    ctx.out.fail(
+      "events send requires an event name, e.g. hogsend events send signup --user-id user_123"
+    );
+  }
+  const email = values2.email;
+  const userId = values2["user-id"];
+  if (!email && !userId) {
+    ctx.out.fail("events send requires at least one of --email or --user-id");
+  }
+  const eventProperties = parseProps3(ctx, values2.props, values2.prop, "prop");
+  const contactProperties = parseProps3(
+    ctx,
+    values2["contact-props"],
+    values2["contact-prop"],
+    "contact-prop"
+  );
+  const lists = parseLists2(values2.list, values2.unlist);
+  const body = { name };
+  if (email) body.email = email;
+  if (userId) body.userId = userId;
+  if (eventProperties) body.eventProperties = eventProperties;
+  if (contactProperties) body.contactProperties = contactProperties;
+  if (lists) body.lists = lists;
+  if (values2["idempotency-key"]) {
+    body.idempotencyKey = values2["idempotency-key"];
+  }
+  if (values2.timestamp) body.timestamp = values2.timestamp;
+  let res;
+  try {
+    res = await ctx.out.step(
+      `Sending event ${name}`,
+      () => ctx.dataHttp.post("/v1/events", body)
+    );
+  } catch (error) {
+    if (isHttpError(error)) {
+      ctx.out.fail(error.message);
+    }
+    throw error;
+  }
+  if (ctx.json) {
+    ctx.out.json(res);
+    return;
+  }
+  ctx.out.intro(`${color.bgMagenta(color.black(" hogsend "))} events send`);
+  const exited = res.exits.filter((e) => e.exited);
+  ctx.out.kv(
+    {
+      event: name,
+      stored: res.stored,
+      identity: email ?? userId ?? "",
+      exits: res.exits.length,
+      "journeys exited": exited.length
+    },
+    "Event sent"
+  );
+  if (exited.length > 0) {
+    ctx.out.table(
+      exited.map((e) => ({ journeyId: e.journeyId, stateId: e.stateId })),
+      ["journeyId", "stateId"]
+    );
+  }
+  ctx.out.outro(
+    res.stored ? `${color.green("Stored")} ${name}.` : color.dim(`${name} was deduped (not stored).`)
+  );
+}
+function parseProps3(ctx, json2, pairs, flagName) {
+  const out = {};
+  let any = false;
+  if (json2 !== void 0) {
+    let parsed;
+    try {
+      parsed = JSON.parse(json2);
+    } catch {
+      ctx.out.fail(`--${flagName}s must be valid JSON, got: ${json2}`);
+    }
+    if (parsed === null || typeof parsed !== "object" || Array.isArray(parsed)) {
+      ctx.out.fail(`--${flagName}s must be a JSON object`);
+    }
+    Object.assign(out, parsed);
+    any = true;
+  }
+  for (const pair of pairs ?? []) {
+    const eq2 = pair.indexOf("=");
+    if (eq2 === -1) {
+      ctx.out.fail(`--${flagName} must be key=value, got: ${pair}`);
+    }
+    const key = pair.slice(0, eq2).trim();
+    if (key === "") {
+      ctx.out.fail(`--${flagName} key cannot be empty, got: ${pair}`);
+    }
+    out[key] = coerceValue3(pair.slice(eq2 + 1));
+    any = true;
+  }
+  return any ? out : void 0;
+}
+function coerceValue3(raw) {
+  try {
+    return JSON.parse(raw);
+  } catch {
+    return raw;
+  }
+}
+function parseLists2(subscribe, unsubscribe) {
+  const out = {};
+  let any = false;
+  for (const id of subscribe ?? []) {
+    out[id] = true;
+    any = true;
+  }
+  for (const id of unsubscribe ?? []) {
+    out[id] = false;
+    any = true;
+  }
+  return any ? out : void 0;
+}
+function parseNumber(raw, name, ctx) {
+  if (raw === void 0) return void 0;
+  const n = Number(raw);
+  if (!Number.isFinite(n)) {
+    ctx.out.fail(`--${name} must be a number, got "${raw}"`);
+  }
+  return n;
+}
+function summarizeProps(props) {
+  if (!props) return "";
+  const keys = Object.keys(props);
+  if (keys.length === 0) return "";
+  const preview = JSON.stringify(props);
+  return preview.length > 60 ? `${preview.slice(0, 57)}...` : preview;
+}
+var eventsCommand = {
+  name: "events",
+  summary: "Stream a user's event history, or send an event",
+  usage: usage3,
+  run: run3
+};
+
+// src/commands/dev.ts
+var usage4 = `hogsend dev [options]
+hogsend dev --fire <event> [event-send options]
+
+Run the full local stack for a Hogsend app from one command:
+
+  1. infra      detect running containers, docker compose up -d when needed
+  2. .env       cp .env.example -> .env + generate BETTER_AUTH_SECRET
+  3. migrate    pnpm db:migrate (when the app has the script)
+  4. spawn      [api] pnpm run dev  +  [worker] hatchet worker dev
+                (falls back to pnpm run worker:dev without hatchet CLI/config)
+  5. health     wait for GET /v1/health, then print the local URLs
+
+Ctrl+C stops everything \u2014 the API, the worker, and their whole process trees.
+
+Options:
+  --cwd <dir>      Project root to run in (defaults to the current directory).
+  --no-worker      Start the API only (skip the worker process).
+  --no-infra       Skip the docker/.env/migrate steps (infra managed elsewhere).
+  --fire <event>   Don't boot anything \u2014 send a test event to the RUNNING
+                   instance via POST /v1/events (works from a second terminal
+                   while hogsend dev runs in the first). Accepts every
+                   \`hogsend events send\` option: --email, --user-id, --prop,
+                   --props, --contact-prop, --contact-props, --list, --unlist,
+                   --idempotency-key, --timestamp.
+  -h, --help       Show this help.
+
+Examples:
+  hogsend dev
+  hogsend dev --cwd apps/api
+  hogsend dev --no-worker
+  hogsend dev --fire signup --email a@b.com --prop plan=pro`;
+function renderDomainLine(d) {
+  if (d.testMode?.active) {
+    const target = d.testMode.redirectTo ?? "(no redirect address)";
+    const state = d.status?.state;
+    const suffix = d.domain && state && state !== "verified" ? ` (domain ${state})` : "";
+    return color.yellow(
+      `Test mode active \u2014 emails redirect to ${target}${suffix}`
+    );
+  }
+  if (d.domain && d.status) {
+    const state = d.status.state === "verified" ? color.green("verified") : color.yellow(d.status.state);
+    return `${color.dim("Domain")}   ${d.domain} \u2014 ${state}`;
+  }
+  return null;
+}
+async function fetchDomainLine(ctx) {
+  if (!ctx.cfg.adminKey) return null;
+  try {
+    const d = await ctx.http.get("/v1/admin/domain");
+    if (d === null || typeof d !== "object") return null;
+    return renderDomainLine(d);
+  } catch {
+    return null;
+  }
+}
+function extractFire(argv) {
+  for (let i = 0; i < argv.length; i++) {
+    const token = argv[i];
+    if (token === "--fire") {
+      const next = argv[i + 1];
+      if (next === void 0 || next.startsWith("-")) {
+        return {
+          error: "--fire requires an event name, e.g. hogsend dev --fire signup --email a@b.com"
+        };
+      }
+      return {
+        event: next,
+        rest: [...argv.slice(0, i), ...argv.slice(i + 2)]
+      };
+    }
+    if (token.startsWith("--fire=")) {
+      const event = token.slice("--fire=".length);
+      if (event === "") {
+        return { error: "--fire requires an event name" };
+      }
+      return { event, rest: [...argv.slice(0, i), ...argv.slice(i + 1)] };
+    }
+  }
+  return null;
+}
+async function runFire(ctx, event, rest) {
+  if (rest.includes("-h") || rest.includes("--help")) {
+    ctx.out.log(usage4);
+    return;
+  }
+  try {
+    const res = await fetch(`${ctx.cfg.baseUrl}/v1/health`, {
+      signal: AbortSignal.timeout(2e3)
+    });
+    if (!res.ok) throw new Error(`health returned HTTP ${res.status}`);
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    ctx.out.fail(
+      `cannot reach ${ctx.cfg.baseUrl} \u2014 is hogsend dev running? (${msg})`
+    );
+  }
+  await runSend2(ctx, [event, ...rest]);
+}
+function assertHogsendApp(cwd, ctx) {
+  const pkgPath = join3(cwd, "package.json");
+  if (!existsSync3(pkgPath)) {
+    ctx.out.fail(
+      `not a Hogsend app \u2014 no package.json in ${cwd}. Run inside a scaffolded app (pnpm dlx create-hogsend@latest) or pass --cwd <dir>.`
+    );
+  }
+  let pkg;
+  try {
+    pkg = JSON.parse(readFileSync3(pkgPath, "utf8"));
+  } catch (err) {
+    ctx.out.fail(
+      `could not parse ${pkgPath}: ${err instanceof Error ? err.message : String(err)}`
+    );
+  }
+  const scripts = pkg.scripts ?? {};
+  for (const script of ["dev", "worker:dev"]) {
+    if (!scripts[script]) {
+      ctx.out.fail(
+        `not a runnable Hogsend app \u2014 package.json in ${cwd} has no "${script}" script. Scaffold one with pnpm dlx create-hogsend@latest, or pass --cwd <dir>.`
+      );
+    }
+  }
+  const deps = { ...pkg.dependencies, ...pkg.devDependencies };
+  if (!deps["@hogsend/engine"]) {
+    ctx.out.fail(
+      `not a Hogsend app \u2014 @hogsend/engine is not a dependency in ${pkgPath}. Scaffold one with pnpm dlx create-hogsend@latest, or pass --cwd <dir>.`
+    );
+  }
+  return pkg;
+}
+function hatchetOnPath() {
+  try {
+    const result = spawnSync2("hatchet", ["--version"], { stdio: "ignore" });
+    return !result.error && result.status === 0;
+  } catch {
+    return false;
+  }
+}
+function parsePort(raw, fallback) {
+  if (raw === void 0) return fallback;
+  const n = Number(raw);
+  return Number.isInteger(n) && n > 0 && n < 65536 ? n : fallback;
+}
+async function prepareInfra(ctx, cwd, pkg) {
+  if (!hasComposeFile(cwd)) {
+    ctx.out.log(
+      color.dim(
+        "  no docker-compose file \u2014 skipping docker (infra managed elsewhere)"
+      )
+    );
+  } else {
+    const infra = await ctx.out.step(
+      "Checking infra",
+      () => detectRunningInfra(cwd)
+    );
+    if (infra.postgres && infra.redis && infra.hatchet) {
+      ctx.out.log(
+        color.dim("  infra already running \u2014 skipping docker compose up")
+      );
+    } else {
+      const docker = await ctx.out.step(
+        "Starting infra (docker compose up -d)",
+        () => dockerComposeUp(cwd, { quiet: ctx.json })
+      );
+      if (docker.status === "failed") {
+        ctx.out.fail(
+          `${docker.detail}. Is Docker running? Start Docker Desktop (or your docker daemon) and re-run hogsend dev \u2014 or pass --no-infra when infra is managed elsewhere.`
+        );
+      }
+    }
+  }
+  const envFile = ensureEnvFile(cwd);
+  if (envFile.status === "failed") {
+    ctx.out.fail(
+      `${envFile.detail} \u2014 create a .env (or .env.example) in ${cwd} first.`
+    );
+  }
+  const secret = ensureAuthSecret(cwd);
+  ctx.out.log(color.dim(`  env: ${envFile.detail} \xB7 ${secret.detail}`));
+  if (pkg.scripts?.["db:migrate"]) {
+    const migrate = await ctx.out.step(
+      "Running migrations (pnpm db:migrate)",
+      () => runMigrations(cwd, { quiet: ctx.json })
+    );
+    if (migrate.status === "failed") {
+      ctx.out.fail(`${migrate.detail} \u2014 fix, then re-run hogsend dev.`);
+    }
+  } else {
+    ctx.out.log(color.dim("  no db:migrate script \u2014 skipping migrations"));
+  }
+}
+async function run4(ctx) {
+  const fire = extractFire(ctx.argv);
+  if (fire && "error" in fire) {
+    ctx.out.fail(fire.error);
+  }
+  if (fire) {
+    await runFire(ctx, fire.event, fire.rest);
+    return;
+  }
+  const { values: values2 } = parseArgs5({
+    args: ctx.argv,
+    allowPositionals: true,
+    options: {
+      cwd: { type: "string" },
+      "no-worker": { type: "boolean", default: false },
+      "no-infra": { type: "boolean", default: false },
+      help: { type: "boolean", short: "h", default: false }
+    }
+  });
+  if (values2.help) {
+    ctx.out.log(usage4);
+    return;
+  }
+  const cwd = resolve(values2.cwd ?? process.cwd());
+  const pkg = assertHogsendApp(cwd, ctx);
+  ctx.out.intro(
+    `${color.bgMagenta(color.black(" hogsend "))} ${color.dim("dev")}`
+  );
+  if (!values2["no-infra"]) {
+    await prepareInfra(ctx, cwd, pkg);
+  }
+  const dotenv = readDotEnv(cwd);
+  const port = parsePort(dotenv.PORT, 3002);
+  const hatchetPort = parsePort(dotenv.HATCHET_DASHBOARD_PORT, 8888);
+  const apiBase = `http://localhost:${port}`;
+  if (await probeTcp({ port })) {
+    ctx.out.fail(
+      `port ${port} is already in use \u2014 is another dev server (or hogsend dev) already running? Stop it, or change PORT in ${join3(cwd, ".env")}.`
+    );
+  }
+  const procs = [];
+  let shuttingDown = false;
+  const shutdown = async (code) => {
+    shuttingDown = true;
+    await shutdownAll(procs);
+    process.exit(code);
+  };
+  process.once("SIGINT", () => {
+    if (shuttingDown) return;
+    ctx.out.log(`
+${color.dim("Shutting down\u2026")}`);
+    void shutdown(0);
+  });
+  process.once("SIGTERM", () => {
+    if (shuttingDown) return;
+    void shutdown(0);
+  });
+  procs.push(
+    spawnManaged({
+      name: "api",
+      cmd: "pnpm",
+      args: ["run", "dev"],
+      cwd,
+      prefixColor: color.cyan
+    })
+  );
+  if (!values2["no-worker"]) {
+    const useHatchetCli = existsSync3(join3(cwd, "hatchet.yaml")) && hatchetOnPath();
+    const mode = useHatchetCli ? "hatchet worker dev" : "pnpm run worker:dev";
+    ctx.out.log(color.dim(`  worker mode: ${mode}`));
+    procs.push(
+      spawnManaged({
+        name: "worker",
+        cmd: useHatchetCli ? "hatchet" : "pnpm",
+        args: useHatchetCli ? ["worker", "dev"] : ["run", "worker:dev"],
+        cwd,
+        prefixColor: color.magenta
+      })
+    );
+  }
+  for (const proc of procs) {
+    proc.onExit(({ code }) => {
+      if (shuttingDown) return;
+      shuttingDown = true;
+      ctx.out.log(
+        color.red(
+          `
+[${proc.name}] exited with code ${code ?? "?"} \u2014 shutting down.`
+        )
+      );
+      void shutdownAll(procs).then(() => process.exit(code ?? 1));
+    });
+  }
+  try {
+    await ctx.out.step(
+      "Waiting for API health",
+      () => waitForHttp(`${apiBase}/v1/health`, 6e4)
+    );
+  } catch (err) {
+    if (shuttingDown) return;
+    shuttingDown = true;
+    await shutdownAll(procs);
+    const msg = err instanceof Error ? err.message : String(err);
+    ctx.out.fail(
+      `API did not become healthy: ${msg}. Check the [api] log lines above.`
+    );
+  }
+  const domainLine = await fetchDomainLine(ctx);
+  const lines = [
+    `${color.green("\u25CF")}  API      ${color.cyan(apiBase)}`,
+    `${color.green("\u25CF")}  Studio   ${color.cyan(`${apiBase}/studio`)}`,
+    `${color.green("\u25CF")}  Hatchet  ${color.cyan(`http://localhost:${hatchetPort}`)}`,
+    `${color.green("\u25CF")}  Docs     ${color.cyan("https://docs.hogsend.com")}`
+  ];
+  if (domainLine) lines.push("", domainLine);
+  lines.push(
+    "",
+    `${color.dim("Fire a test event:")}  hogsend dev --fire signup --email you@example.com`,
+    color.dim("Press Ctrl+C to stop everything.")
+  );
+  ctx.out.note(lines.join("\n"), "hogsend dev");
+  await new Promise(() => {
+  });
+}
+var devCommand = {
+  name: "dev",
+  summary: "Run the full local stack: infra, API + worker, health, URLs",
+  usage: usage4,
+  run: run4
+};
+
 // src/commands/doctor.ts
-import { parseArgs as parseArgs3 } from "util";
+import { parseArgs as parseArgs6 } from "util";
 
 // src/lib/skills.ts
 import {
   cpSync,
-  existsSync,
+  existsSync as existsSync4,
   mkdirSync,
   readdirSync,
-  readFileSync,
+  readFileSync as readFileSync4,
   statSync,
-  writeFileSync
+  writeFileSync as writeFileSync2
 } from "fs";
 import { createRequire } from "module";
-import { join } from "path";
+import { join as join4 } from "path";
 import { fileURLToPath } from "url";
 function bundledSkillsDir() {
   return fileURLToPath(new URL("../skills", import.meta.url));
 }
 function installDir(cwd) {
-  return join(cwd, ".claude", "skills");
+  return join4(cwd, ".claude", "skills");
 }
 function stampPath(cwd) {
-  return join(cwd, ".claude", ".hogsend-skills.json");
+  return join4(cwd, ".claude", ".hogsend-skills.json");
 }
 function cliVersion() {
   try {
@@ -855,14 +1856,14 @@ function cliVersion() {
 }
 function readFileSyncSafe(path) {
   try {
-    return readFileSync(path, "utf8");
+    return readFileSync4(path, "utf8");
   } catch {
     return "";
   }
 }
 function readFrontmatterField(skillDir, field) {
-  const skillFile = join(skillDir, "SKILL.md");
-  if (!existsSync(skillFile)) return "";
+  const skillFile = join4(skillDir, "SKILL.md");
+  if (!existsSync4(skillFile)) return "";
   const raw = readFileSyncSafe(skillFile);
   const fmMatch = raw.match(/^---\n([\s\S]*?)\n---/);
   if (!fmMatch) return "";
@@ -877,22 +1878,22 @@ function readFrontmatterField(skillDir, field) {
 }
 function listBundledSkills(cwd) {
   const dir = bundledSkillsDir();
-  if (!existsSync(dir)) return [];
+  if (!existsSync4(dir)) return [];
   const target = installDir(cwd);
   const entries = readdirSync(dir).filter((name) => {
-    const full = join(dir, name);
-    return statSync(full).isDirectory() && existsSync(join(full, "SKILL.md"));
+    const full = join4(dir, name);
+    return statSync(full).isDirectory() && existsSync4(join4(full, "SKILL.md"));
   });
   return entries.sort().map((name) => ({
     name,
-    description: readFrontmatterField(join(dir, name), "description"),
-    installed: existsSync(join(target, name))
+    description: readFrontmatterField(join4(dir, name), "description"),
+    installed: existsSync4(join4(target, name))
   }));
 }
 function copySkill(name, cwd, force) {
-  const src = join(bundledSkillsDir(), name);
-  const dest = join(installDir(cwd), name);
-  const exists2 = existsSync(dest);
+  const src = join4(bundledSkillsDir(), name);
+  const dest = join4(installDir(cwd), name);
+  const exists2 = existsSync4(dest);
   if (exists2 && !force) {
     return { name, installed: false, skipped: true, path: dest };
   }
@@ -906,13 +1907,13 @@ function writeSkillsStamp(cwd, skills) {
     skills: [...skills].sort(),
     updatedAt: (/* @__PURE__ */ new Date()).toISOString()
   };
-  mkdirSync(join(cwd, ".claude"), { recursive: true });
-  writeFileSync(stampPath(cwd), `${JSON.stringify(stamp, null, 2)}
+  mkdirSync(join4(cwd, ".claude"), { recursive: true });
+  writeFileSync2(stampPath(cwd), `${JSON.stringify(stamp, null, 2)}
 `);
 }
 function readSkillsStamp(cwd) {
   try {
-    const parsed = JSON.parse(readFileSync(stampPath(cwd), "utf8"));
+    const parsed = JSON.parse(readFileSync4(stampPath(cwd), "utf8"));
     return parsed && typeof parsed.cliVersion === "string" ? parsed : null;
   } catch {
     return null;
@@ -952,7 +1953,7 @@ function skillsNudge(ctx) {
     "Skills out of date"
   );
 }
-var usage3 = `hogsend doctor [--url <baseUrl>] [--admin-key <key>] [--json]
+var usage5 = `hogsend doctor [--url <baseUrl>] [--admin-key <key>] [--json]
 
 Probe a running Hogsend instance via GET /v1/health and report its health:
 component status (database, redis), two-track schema state (engine + client),
@@ -994,8 +1995,8 @@ function trackLine(name, track) {
   const required = track.required ?? color.dim("none");
   return `${color.bold(name.padEnd(7))} applied ${applied} -> required ${required}  ${sync}`;
 }
-async function run3(ctx) {
-  const { values: values2 } = parseArgs3({
+async function run5(ctx) {
+  const { values: values2 } = parseArgs6({
     args: ctx.argv,
     allowPositionals: true,
     options: {
@@ -1005,7 +2006,7 @@ async function run3(ctx) {
     strict: false
   });
   if (values2.help) {
-    ctx.out.log(usage3);
+    ctx.out.log(usage5);
     return;
   }
   const { baseUrl } = ctx.http.cfg;
@@ -1066,49 +2067,687 @@ async function run3(ctx) {
     if (!ok) process.exit(1);
     return;
   }
-  const badge6 = `${color.bgMagenta(color.black(" hogsend "))} doctor`;
-  ctx.out.intro(badge6);
-  const verdictColor = verdict === "ok" ? color.green : verdict === "degraded" ? color.red : color.yellow;
-  const lines = [
-    `${verdictColor("\u25CF")} ${color.bold(verdict)}`,
-    color.dim(
-      `${baseUrl}  v${health.version}  up ${Math.round(health.uptime)}s`
-    ),
-    "",
-    color.bold("Components"),
-    `  database  ${componentSymbol(health.components.database.status)}${health.components.database.latencyMs !== void 0 ? color.dim(` ${health.components.database.latencyMs}ms`) : ""}`,
-    `  redis     ${componentSymbol(health.components.redis.status)}${health.components.redis.latencyMs !== void 0 ? color.dim(` ${health.components.redis.latencyMs}ms`) : ""}`,
-    "",
-    color.bold("Schema"),
-    `  ${trackLine("engine", health.schema.engine)}`,
-    `  ${trackLine("client", health.schema.client)}`
-  ];
-  ctx.out.note(lines.join("\n"), "Doctor");
-  skillsNudge(ctx);
-  if (ok) {
-    ctx.out.outro(color.green("doctor: ok"));
+  const badge7 = `${color.bgMagenta(color.black(" hogsend "))} doctor`;
+  ctx.out.intro(badge7);
+  const verdictColor = verdict === "ok" ? color.green : verdict === "degraded" ? color.red : color.yellow;
+  const lines = [
+    `${verdictColor("\u25CF")} ${color.bold(verdict)}`,
+    color.dim(
+      `${baseUrl}  v${health.version}  up ${Math.round(health.uptime)}s`
+    ),
+    "",
+    color.bold("Components"),
+    `  database  ${componentSymbol(health.components.database.status)}${health.components.database.latencyMs !== void 0 ? color.dim(` ${health.components.database.latencyMs}ms`) : ""}`,
+    `  redis     ${componentSymbol(health.components.redis.status)}${health.components.redis.latencyMs !== void 0 ? color.dim(` ${health.components.redis.latencyMs}ms`) : ""}`,
+    "",
+    color.bold("Schema"),
+    `  ${trackLine("engine", health.schema.engine)}`,
+    `  ${trackLine("client", health.schema.client)}`
+  ];
+  ctx.out.note(lines.join("\n"), "Doctor");
+  skillsNudge(ctx);
+  if (ok) {
+    ctx.out.outro(color.green("doctor: ok"));
+    return;
+  }
+  ctx.out.outro(verdictColor(`doctor: ${verdict}`));
+  process.exit(1);
+}
+var doctorCommand = {
+  name: "doctor",
+  summary: "Probe a running instance's health (GET /v1/health)",
+  usage: usage5,
+  run: run5
+};
+
+// src/commands/domain.ts
+import { parseArgs as parseArgs7 } from "util";
+import { confirm } from "@clack/prompts";
+
+// src/lib/dns.ts
+import { resolveNs as nodeResolveNs } from "dns/promises";
+var DNS_HOSTS = {
+  cloudflare: {
+    id: "cloudflare",
+    label: "Cloudflare",
+    nsSuffixes: ["ns.cloudflare.com"],
+    panelUrl: (domain) => `https://dash.cloudflare.com/?to=/:account/${domain}/dns/records`
+  },
+  vercel: {
+    id: "vercel",
+    label: "Vercel",
+    nsSuffixes: ["vercel-dns.com"],
+    panelUrl: (domain) => `https://vercel.com/dashboard/domains/${domain}`
+  },
+  route53: {
+    id: "route53",
+    label: "AWS Route 53",
+    nsSuffixes: ["awsdns-"],
+    panelUrl: () => "https://console.aws.amazon.com/route53/v2/hostedzones"
+  },
+  godaddy: {
+    id: "godaddy",
+    label: "GoDaddy",
+    nsSuffixes: ["domaincontrol.com"],
+    panelUrl: (domain) => `https://dcc.godaddy.com/control/portfolio/${domain}/settings`
+  },
+  namecheap: {
+    id: "namecheap",
+    label: "Namecheap",
+    nsSuffixes: ["registrar-servers.com"],
+    panelUrl: (domain) => `https://ap.www.namecheap.com/domains/domaincontrolpanel/${domain}/advancedns`
+  },
+  porkbun: {
+    id: "porkbun",
+    label: "Porkbun",
+    nsSuffixes: ["porkbun.com"],
+    panelUrl: (domain) => `https://porkbun.com/account/domain/${domain}`
+  },
+  google: {
+    id: "google",
+    label: "Google Domains",
+    nsSuffixes: ["googledomains.com", "google.com"],
+    panelUrl: () => "https://domains.google.com/registrar"
+  },
+  unknown: {
+    id: "unknown",
+    label: "your DNS host",
+    nsSuffixes: [],
+    panelUrl: (domain) => `https://${domain}`
+  }
+};
+async function detectDnsHost(domain, opts = {}) {
+  const resolveNs = opts.resolveNs ?? nodeResolveNs;
+  const labels = domain.toLowerCase().split(".").filter(Boolean);
+  for (let i = 0; i <= labels.length - 2; i++) {
+    const candidate = labels.slice(i).join(".");
+    let nameservers;
+    try {
+      nameservers = await resolveNs(candidate);
+    } catch {
+      continue;
+    }
+    if (nameservers.length === 0) continue;
+    const lowered = nameservers.map((ns) => ns.toLowerCase());
+    for (const host of Object.values(DNS_HOSTS)) {
+      if (host.id === "unknown") continue;
+      const matched = host.nsSuffixes.some(
+        (suffix) => lowered.some((ns) => ns.includes(suffix))
+      );
+      if (matched) return host;
+    }
+    return DNS_HOSTS.unknown;
+  }
+  return DNS_HOSTS.unknown;
+}
+var RELATIVE_HOST_IDS = /* @__PURE__ */ new Set(["namecheap", "godaddy"]);
+function relativeName(name, domain) {
+  const lowered = name.toLowerCase();
+  const suffix = `.${domain.toLowerCase()}`;
+  if (lowered === domain.toLowerCase()) return "@";
+  if (lowered.endsWith(suffix))
+    return name.slice(0, name.length - suffix.length);
+  return name;
+}
+function renderTable2(rows, header) {
+  const all = [header, ...rows];
+  const widths = header.map(
+    (_, col) => Math.max(...all.map((row) => (row[col] ?? "").length))
+  );
+  const line2 = (row) => row.map((cell, col) => cell.padEnd(widths[col] ?? 0)).join("  ").trimEnd();
+  return [
+    line2(header),
+    line2(widths.map((w) => "-".repeat(w))),
+    ...rows.map(line2)
+  ].join("\n");
+}
+function hostGuidance(host, domain) {
+  switch (host.id) {
+    case "cloudflare":
+      return [
+        "Cloudflare: set Proxy status to DNS only (grey cloud) on every record \u2014",
+        "proxied (orange-cloud) records break email verification."
+      ];
+    case "namecheap":
+    case "godaddy":
+      return [
+        `${host.label}: enter the host RELATIVE to ${domain ?? "your domain"} (the table above is already relative).`
+      ];
+    case "vercel":
+      return [
+        "Vercel: add the records under the domain's DNS tab (they apply instantly)."
+      ];
+    default:
+      return [
+        "Add these records in your DNS host's panel exactly as shown, then run",
+        "`hogsend domain check` to poll verification."
+      ];
+  }
+}
+function formatRecordsFor(host, records, opts = {}) {
+  if (records.length === 0) {
+    return "No DNS records reported by the provider yet.";
+  }
+  const relative2 = RELATIVE_HOST_IDS.has(host.id) && opts.domain !== void 0;
+  const rows = records.map((r) => [
+    r.type,
+    relative2 && opts.domain ? relativeName(r.name, opts.domain) : r.name,
+    r.value,
+    r.priority !== void 0 ? String(r.priority) : "",
+    r.status
+  ]);
+  const table = renderTable2(rows, [
+    "type",
+    "name",
+    "value",
+    "priority",
+    "status"
+  ]);
+  return [table, "", ...hostGuidance(host, opts.domain)].join("\n");
+}
+
+// src/lib/dns-apply.ts
+function canAutoApply(host, env) {
+  switch (host) {
+    case "cloudflare":
+      return Boolean(env.CLOUDFLARE_API_TOKEN);
+    case "vercel":
+      return Boolean(env.VERCEL_TOKEN);
+    default:
+      return false;
+  }
+}
+var CF_DUPLICATE_CODES = /* @__PURE__ */ new Set([81057, 81053]);
+function registrableDomain(domain) {
+  const labels = domain.split(".").filter(Boolean);
+  if (labels.length <= 2) return domain;
+  return labels.slice(-2).join(".");
+}
+async function parseJson(res) {
+  try {
+    return await res.json();
+  } catch {
+    return void 0;
+  }
+}
+async function applyCloudflare(opts, fetchImpl) {
+  const result = { applied: [], skipped: [], errors: [] };
+  const token = opts.env.CLOUDFLARE_API_TOKEN ?? "";
+  const headers = {
+    Authorization: `Bearer ${token}`,
+    "Content-Type": "application/json"
+  };
+  const zoneName = registrableDomain(opts.domain);
+  let zoneId;
+  try {
+    const res = await fetchImpl(
+      `https://api.cloudflare.com/client/v4/zones?name=${encodeURIComponent(zoneName)}`,
+      { headers }
+    );
+    const body = await parseJson(res);
+    zoneId = body?.result?.[0]?.id;
+  } catch (cause) {
+    result.errors.push(
+      `Cloudflare zone lookup failed: ${cause instanceof Error ? cause.message : String(cause)}`
+    );
+    return result;
+  }
+  if (!zoneId) {
+    result.errors.push(
+      `could not resolve a Cloudflare zone for ${zoneName} \u2014 is the domain on this account?`
+    );
+    return result;
+  }
+  for (const record of opts.records) {
+    try {
+      const res = await fetchImpl(
+        `https://api.cloudflare.com/client/v4/zones/${zoneId}/dns_records`,
+        {
+          method: "POST",
+          headers,
+          body: JSON.stringify({
+            type: record.type,
+            name: record.name,
+            content: record.value,
+            ttl: record.ttl ?? 1,
+            // 1 = automatic
+            ...record.priority !== void 0 ? { priority: record.priority } : {},
+            // NEVER proxy mail-verification records — orange-cloud breaks them.
+            proxied: false
+          })
+        }
+      );
+      if (res.ok) {
+        result.applied.push(record);
+        continue;
+      }
+      const body = await parseJson(res);
+      const codes = (body?.errors ?? []).map((e) => e.code ?? 0);
+      if (codes.some((code) => CF_DUPLICATE_CODES.has(code))) {
+        result.skipped.push(record);
+        continue;
+      }
+      const message = body?.errors?.[0]?.message ?? `Cloudflare API status ${res.status}`;
+      result.errors.push(`${record.type} ${record.name}: ${message}`);
+    } catch (cause) {
+      result.errors.push(
+        `${record.type} ${record.name}: ${cause instanceof Error ? cause.message : String(cause)}`
+      );
+    }
+  }
+  return result;
+}
+async function applyVercel(opts, fetchImpl) {
+  const result = { applied: [], skipped: [], errors: [] };
+  const token = opts.env.VERCEL_TOKEN ?? "";
+  const teamId = opts.env.VERCEL_TEAM_ID;
+  const base = `https://api.vercel.com/v2/domains/${encodeURIComponent(opts.domain)}/records`;
+  const url = teamId ? `${base}?teamId=${encodeURIComponent(teamId)}` : base;
+  for (const record of opts.records) {
+    try {
+      const res = await fetchImpl(url, {
+        method: "POST",
+        headers: {
+          Authorization: `Bearer ${token}`,
+          "Content-Type": "application/json"
+        },
+        body: JSON.stringify({
+          type: record.type,
+          name: record.name,
+          value: record.value,
+          ...record.ttl !== void 0 ? { ttl: record.ttl } : {},
+          ...record.priority !== void 0 ? { mxPriority: record.priority } : {}
+        })
+      });
+      if (res.ok) {
+        result.applied.push(record);
+        continue;
+      }
+      const body = await parseJson(res);
+      const code = body?.error?.code ?? "";
+      const message = body?.error?.message ?? "";
+      if (/duplicate/i.test(code) || /already exists/i.test(message)) {
+        result.skipped.push(record);
+        continue;
+      }
+      result.errors.push(
+        `${record.type} ${record.name}: ${message || `Vercel API status ${res.status}`}`
+      );
+    } catch (cause) {
+      result.errors.push(
+        `${record.type} ${record.name}: ${cause instanceof Error ? cause.message : String(cause)}`
+      );
+    }
+  }
+  return result;
+}
+async function applyRecords(opts) {
+  const fetchImpl = opts.fetchImpl ?? fetch;
+  if (!canAutoApply(opts.host, opts.env)) {
+    return {
+      applied: [],
+      skipped: [...opts.records],
+      errors: [
+        `auto-apply is not available for ${opts.host} \u2014 add the records manually in your DNS panel`
+      ]
+    };
+  }
+  if (opts.host === "cloudflare") return applyCloudflare(opts, fetchImpl);
+  return applyVercel(opts, fetchImpl);
+}
+
+// src/lib/prompt.ts
+import { cancel as cancel2, isCancel } from "@clack/prompts";
+function bail(value) {
+  if (isCancel(value)) {
+    cancel2("Cancelled.");
+    process.exit(0);
+  }
+  return value;
+}
+
+// src/commands/domain.ts
+var usage6 = `hogsend domain <subcommand> [options]
+
+Manage the sending domain through the RUNNING instance's admin routes
+(/v1/admin/domain) \u2014 provider API keys never touch the CLI. Requires an admin
+key (--admin-key / HOGSEND_ADMIN_KEY).
+
+Subcommands:
+  add <domain>          Register the domain with the email provider, then print
+                        the DNS records formatted for YOUR DNS host (detected
+                        via NS lookup) with a panel deep link. When a
+                        CLOUDFLARE_API_TOKEN / VERCEL_TOKEN is set, offers to
+                        apply the records automatically.
+  check [<domain>]      Trigger a provider verification pass, then poll status
+                        every 15s until verified (exit 0) or timeout (exit 1).
+  status                Show domain, provider, verification state, DNS records,
+                        and the test-mode banner.
+
+add options:
+  --apply               Apply records via the DNS host API without prompting.
+  --no-apply            Never apply records (skip the prompt).
+
+check options:
+  --timeout <s>         Give up after this many seconds (default 300).
+  --once                Poll exactly once; exit per the current state.
+
+status options:
+  --refresh             Bypass the server-side cache (forces a provider call).
+
+Global options (handled by the router): --url, --admin-key, --json, -h/--help.
+
+Examples:
+  hogsend domain add mysite.com
+  hogsend domain add mysite.com --apply
+  hogsend domain check --timeout 600
+  hogsend domain status --json`;
+var badge3 = `${color.bgMagenta(color.black(" hogsend "))} domain`;
+var DOMAIN_RE = /^([a-z0-9]([a-z0-9-]*[a-z0-9])?\.)+[a-z]{2,}$/i;
+var POLL_INTERVAL_MS = 15e3;
+var sleep2 = (ms) => new Promise((resolve3) => setTimeout(resolve3, ms));
+function getStatus(ctx, opts = {}) {
+  const query = opts.refresh ? { refresh: "true" } : void 0;
+  return ctx.http.get("/v1/admin/domain", query);
+}
+async function providerLabel(ctx) {
+  try {
+    const status = await getStatus(ctx);
+    return status.providerId;
+  } catch {
+    return "the active email provider";
+  }
+}
+async function failUnsupported(ctx, err) {
+  if (isHttpError(err) && err.status === 501) {
+    const provider = await providerLabel(ctx);
+    ctx.out.fail(
+      `provider ${provider} does not support domain management \u2014 verify the domain in your provider's dashboard instead`
+    );
+  }
+  throw err;
+}
+function recordTicks(records) {
+  return records.map((r) => {
+    const tick = r.status === "verified" ? color.green("\u2713") : r.status === "failed" ? color.red("\u2717") : color.yellow("\u2026");
+    return `  ${tick} ${r.type.padEnd(5)} ${r.name}  ${color.dim(r.status)}`;
+  }).join("\n");
+}
+function renderStatus(ctx, status) {
+  ctx.out.kv({
+    domain: status.domain ?? "(not configured)",
+    provider: status.providerId,
+    supported: status.supported,
+    state: status.status?.state ?? "n/a",
+    checkedAt: status.status?.checkedAt ?? ""
+  });
+  const records = status.status?.records ?? [];
+  if (records.length > 0) {
+    ctx.out.log("");
+    ctx.out.table(
+      records.map((r) => ({
+        type: r.type,
+        name: r.name,
+        value: r.value,
+        priority: r.priority ?? "",
+        purpose: r.purpose,
+        status: r.status
+      }))
+    );
+  }
+  if (status.testMode.active) {
+    ctx.out.log("");
+    ctx.out.log(
+      `${color.bgYellow(color.black(" TEST MODE "))} ${color.yellow(
+        `all sends redirect to ${status.testMode.redirectTo ?? "(no redirect address!)"} \u2014 reason: ${status.testMode.reason ?? "unknown"}`
+      )}`
+    );
+    if (!status.testMode.redirectTo) {
+      ctx.out.log(
+        color.dim(
+          "  set HOGSEND_TEST_EMAIL (or STUDIO_ADMIN_EMAIL) \u2014 sends are BLOCKED until one is configured"
+        )
+      );
+    }
+  } else if (status.status?.state === "verified") {
+    ctx.out.log("");
+    ctx.out.log(`${color.green("\u2713")} sends live`);
+  }
+}
+async function runAdd(ctx, argv) {
+  const { values: values2, positionals } = parseArgs7({
+    args: argv,
+    allowPositionals: true,
+    options: {
+      apply: { type: "boolean", default: false },
+      "no-apply": { type: "boolean", default: false },
+      help: { type: "boolean", short: "h", default: false }
+    }
+  });
+  if (values2.help) {
+    ctx.out.log(usage6);
+    return;
+  }
+  const domain = positionals[0];
+  if (!domain) {
+    ctx.out.fail("missing <domain> \u2014 usage: hogsend domain add <domain>");
+  }
+  if (!DOMAIN_RE.test(domain)) {
+    ctx.out.fail(`invalid domain "${domain}" (expected e.g. mysite.com)`);
+  }
+  ctx.out.intro(badge3);
+  let status;
+  try {
+    status = await ctx.out.step(
+      `Registering ${domain} with the provider`,
+      () => ctx.http.post("/v1/admin/domain", { domain })
+    );
+  } catch (err) {
+    return failUnsupported(ctx, err);
+  }
+  const records = status.status?.records ?? [];
+  const host = await detectDnsHost(domain);
+  let applyResult = null;
+  const autoAvailable = canAutoApply(host.id, process.env);
+  if (autoAvailable && records.length > 0) {
+    const doApply = values2.apply ? true : values2["no-apply"] ? false : ctx.out.interactive ? bail(
+      await confirm({
+        message: `Apply these records via the ${host.label} API?`,
+        initialValue: true
+      })
+    ) : false;
+    if (doApply) {
+      applyResult = await ctx.out.step(
+        `Applying ${records.length} record(s) via ${host.label}`,
+        () => applyRecords({ host: host.id, domain, records, env: process.env })
+      );
+    }
+  }
+  if (ctx.json) {
+    ctx.out.json({
+      status,
+      dnsHost: host.id,
+      panelUrl: host.panelUrl(domain),
+      autoApplyAvailable: autoAvailable,
+      applied: applyResult
+    });
+    return;
+  }
+  ctx.out.log("");
+  ctx.out.log(formatRecordsFor(host, records, { domain }));
+  ctx.out.log("");
+  ctx.out.log(
+    `${color.dim("DNS panel:")} ${color.cyan(host.panelUrl(domain))}`
+  );
+  if (applyResult) {
+    ctx.out.log("");
+    ctx.out.log(
+      `${color.green("applied")} ${applyResult.applied.length}  ${color.yellow("skipped")} ${applyResult.skipped.length}  ${color.red("errors")} ${applyResult.errors.length}`
+    );
+    for (const error of applyResult.errors) {
+      ctx.out.log(`  ${color.red("\u2717")} ${error}`);
+    }
+  } else if (autoAvailable && records.length > 0) {
+    ctx.out.log("");
+    ctx.out.log(
+      color.dim(
+        `Auto-apply available \u2014 rerun with --apply to write them via ${host.label}.`
+      )
+    );
+  }
+  ctx.out.outro(
+    `Records added? Run ${color.cyan("hogsend domain check")} to poll verification.`
+  );
+}
+async function runCheck(ctx, argv) {
+  const { values: values2, positionals } = parseArgs7({
+    args: argv,
+    allowPositionals: true,
+    options: {
+      timeout: { type: "string", default: "300" },
+      once: { type: "boolean", default: false },
+      help: { type: "boolean", short: "h", default: false }
+    }
+  });
+  if (values2.help) {
+    ctx.out.log(usage6);
+    return;
+  }
+  const timeoutSecs = Number(values2.timeout);
+  if (!Number.isFinite(timeoutSecs) || timeoutSecs <= 0) {
+    ctx.out.fail(`invalid --timeout "${values2.timeout}" (expected seconds)`);
+  }
+  ctx.out.intro(badge3);
+  const requested = positionals[0];
+  if (requested) {
+    const current = await getStatus(ctx);
+    if (current.domain && current.domain !== requested.toLowerCase()) {
+      ctx.out.log(
+        color.yellow(
+          `note: the instance's configured sending domain is ${current.domain}; checking that (not ${requested}). Set EMAIL_DOMAIN to change it.`
+        )
+      );
+    }
+  }
+  try {
+    await ctx.out.step(
+      "Triggering provider verification",
+      () => ctx.http.post("/v1/admin/domain/verify", {})
+    );
+  } catch (err) {
+    if (isHttpError(err) && err.status === 400) {
+      ctx.out.fail(
+        "no sending domain configured \u2014 set EMAIL_DOMAIN (or EMAIL_FROM), or run `hogsend domain add <domain>` first"
+      );
+    }
+    return failUnsupported(ctx, err);
+  }
+  const deadline = Date.now() + timeoutSecs * 1e3;
+  for (; ; ) {
+    const status = await getStatus(ctx, { refresh: true });
+    const records = status.status?.records ?? [];
+    if (records.length > 0) {
+      ctx.out.log(recordTicks(records));
+    }
+    if (status.status?.state === "verified") {
+      if (ctx.json) {
+        ctx.out.json(status);
+        return;
+      }
+      renderStatus(ctx, status);
+      ctx.out.outro(`${color.green("Verified.")} ${status.domain} is live.`);
+      return;
+    }
+    if (values2.once) {
+      if (ctx.json) {
+        ctx.out.json(status);
+        process.exitCode = 1;
+        return;
+      }
+      ctx.out.fail(
+        `domain is ${status.status?.state ?? "not configured"} (not verified)`
+      );
+    }
+    if (Date.now() + POLL_INTERVAL_MS > deadline) {
+      ctx.out.fail(
+        `timed out after ${timeoutSecs}s \u2014 DNS can take a while to propagate; rerun \`hogsend domain check\` later`
+      );
+    }
+    ctx.out.log(
+      color.dim(
+        `state: ${status.status?.state ?? "unknown"} \u2014 polling again in 15s ...`
+      )
+    );
+    await sleep2(POLL_INTERVAL_MS);
+  }
+}
+async function runStatus2(ctx, argv) {
+  const { values: values2 } = parseArgs7({
+    args: argv,
+    allowPositionals: false,
+    options: {
+      refresh: { type: "boolean", default: false },
+      help: { type: "boolean", short: "h", default: false }
+    }
+  });
+  if (values2.help) {
+    ctx.out.log(usage6);
+    return;
+  }
+  const status = await getStatus(ctx, { refresh: values2.refresh });
+  if (ctx.json) {
+    ctx.out.json(status);
     return;
   }
-  ctx.out.outro(verdictColor(`doctor: ${verdict}`));
-  process.exit(1);
+  ctx.out.intro(badge3);
+  renderStatus(ctx, status);
+  if (!status.supported) {
+    ctx.out.log("");
+    ctx.out.log(
+      color.dim(
+        `provider ${status.providerId} does not support domain management \u2014 verify the domain in your provider's dashboard`
+      )
+    );
+  }
+  ctx.out.outro("Done.");
 }
-var doctorCommand = {
-  name: "doctor",
-  summary: "Probe a running instance's health (GET /v1/health)",
-  usage: usage3,
-  run: run3
+async function run6(ctx) {
+  const sub = ctx.argv[0];
+  const rest = ctx.argv.slice(1);
+  if (!sub || sub === "--help" || sub === "-h" || sub === "help") {
+    ctx.out.log(usage6);
+    return;
+  }
+  switch (sub) {
+    case "add":
+      return runAdd(ctx, rest);
+    case "check":
+      return runCheck(ctx, rest);
+    case "status":
+      return runStatus2(ctx, rest);
+    default:
+      ctx.out.fail(
+        `unknown subcommand "${sub}" \u2014 expected add | check | status`
+      );
+  }
+}
+var domainCommand = {
+  name: "domain",
+  summary: "Set up + verify the sending domain (DNS records, auto-apply)",
+  usage: usage6,
+  run: run6
 };
 
 // src/commands/eject.ts
-import { existsSync as existsSync3, realpathSync } from "fs";
+import { existsSync as existsSync6, realpathSync } from "fs";
 import { createRequire as createRequire2 } from "module";
-import { dirname, join as join3, sep as sep2 } from "path";
-import { parseArgs as parseArgs4 } from "util";
+import { dirname, join as join6, sep as sep2 } from "path";
+import { parseArgs as parseArgs8 } from "util";
 
 // src/eject.ts
-import { existsSync as existsSync2 } from "fs";
+import { existsSync as existsSync5 } from "fs";
 import { cp, readFile, rm, stat, writeFile } from "fs/promises";
-import { basename, join as join2, relative, sep } from "path";
+import { basename, join as join5, relative, sep } from "path";
 var EjectError = class extends Error {
   constructor(message) {
     super(message);
@@ -1133,8 +2772,8 @@ async function writePackageJson(file, value) {
 async function eject(opts) {
   const { pkg, consumerRoot, sourceDir, force = false } = opts;
   const vendorName = basename(pkg);
-  const vendorPath = join2(consumerRoot, "vendor", vendorName);
-  const consumerPkgPath = join2(consumerRoot, "package.json");
+  const vendorPath = join5(consumerRoot, "vendor", vendorName);
+  const consumerPkgPath = join5(consumerRoot, "package.json");
   const consumerPkg = await readPackageJson(consumerPkgPath);
   let depMap;
   let depSpecBefore;
@@ -1150,7 +2789,7 @@ async function eject(opts) {
       `${pkg} is not a dependency of the consumer package.json`
     );
   }
-  if (existsSync2(vendorPath)) {
+  if (existsSync5(vendorPath)) {
     if (!force) {
       throw new EjectError(
         `vendor/${vendorName} already exists; pass --force to overwrite`
@@ -1178,7 +2817,7 @@ async function eject(opts) {
     }
   });
   copiedFiles = await countFiles(vendorPath);
-  const vendoredPkgPath = join2(vendorPath, "package.json");
+  const vendoredPkgPath = join5(vendorPath, "package.json");
   const vendoredPkg = await readPackageJson(vendoredPkgPath);
   if (vendoredPkg.private === true) {
     delete vendoredPkg.private;
@@ -1201,7 +2840,7 @@ async function countFiles(dir) {
   let count = 0;
   const entries = await readdir(dir, { withFileTypes: true });
   for (const entry of entries) {
-    const full = join2(dir, entry.name);
+    const full = join5(dir, entry.name);
     if (entry.isDirectory()) {
       count += await countFiles(full);
     } else if (entry.isFile()) {
@@ -1217,7 +2856,7 @@ async function countFiles(dir) {
 }
 
 // src/commands/eject.ts
-var usage4 = `hogsend eject <package> [--force] [--cwd <dir>]
+var usage7 = `hogsend eject <package> [--force] [--cwd <dir>]
 
 Copy a @hogsend/* package's source into vendor/<name> and rewrite the consumer
 dependency to file:./vendor/<name>. Every other dependency keeps upgrading.
@@ -1229,8 +2868,8 @@ Options:
 
 After ejecting, run: pnpm install`;
 function resolveSourceDir(pkg, consumerRoot) {
-  const direct = join3(consumerRoot, "node_modules", pkg, "package.json");
-  if (existsSync3(direct)) {
+  const direct = join6(consumerRoot, "node_modules", pkg, "package.json");
+  if (existsSync6(direct)) {
     return dirname(realpathSync(direct));
   }
   const require2 = createRequire2(`${consumerRoot}${sep2}`);
@@ -1238,15 +2877,15 @@ function resolveSourceDir(pkg, consumerRoot) {
     const entry = require2.resolve(pkg);
     let dir = dirname(entry);
     while (dir !== dirname(dir)) {
-      if (existsSync3(join3(dir, "package.json"))) return dir;
+      if (existsSync6(join6(dir, "package.json"))) return dir;
       dir = dirname(dir);
     }
   } catch {
   }
   return null;
 }
-async function run4(ctx) {
-  const { values: values2, positionals } = parseArgs4({
+async function run7(ctx) {
+  const { values: values2, positionals } = parseArgs8({
     args: ctx.argv,
     allowPositionals: true,
     options: {
@@ -1256,7 +2895,7 @@ async function run4(ctx) {
     }
   });
   if (values2.help) {
-    ctx.out.log(usage4);
+    ctx.out.log(usage7);
     return;
   }
   const pkg = positionals[0];
@@ -1300,13 +2939,13 @@ async function run4(ctx) {
 var ejectCommand = {
   name: "eject",
   summary: "Vendor a @hogsend/* package into vendor/<name>",
-  usage: usage4,
-  run: run4
+  usage: usage7,
+  run: run7
 };
 
 // src/commands/emails.ts
-import { parseArgs as parseArgs5 } from "util";
-var usage5 = `hogsend emails <subcommand> [options]
+import { parseArgs as parseArgs9 } from "util";
+var usage8 = `hogsend emails <subcommand> [options]
 
 Send a transactional email through the data plane (POST /v1/emails). The send
 runs through the full preferences + tracking pipeline (link-click + open).
@@ -1334,330 +2973,106 @@ Global options (handled by the router): --url, --admin-key, --data-key, --json,
 Examples:
   hogsend emails send welcome --to a@b.com --prop name=Ada
   hogsend emails send welcome --user-id user_123 --props '{"name":"Ada"}' --json`;
-var badge3 = `${color.bgMagenta(color.black(" hogsend "))} emails`;
-function parseProps3(ctx, propsJson, propPairs) {
+var badge4 = `${color.bgMagenta(color.black(" hogsend "))} emails`;
+function parseProps4(ctx, propsJson, propPairs) {
   const out = {};
   let any = false;
   if (propsJson !== void 0) {
     let parsed;
     try {
       parsed = JSON.parse(propsJson);
-    } catch {
-      ctx.out.fail(`--props must be valid JSON, got: ${propsJson}`);
-    }
-    if (parsed === null || typeof parsed !== "object" || Array.isArray(parsed)) {
-      ctx.out.fail("--props must be a JSON object");
-    }
-    Object.assign(out, parsed);
-    any = true;
-  }
-  for (const pair of propPairs ?? []) {
-    const eq2 = pair.indexOf("=");
-    if (eq2 === -1) {
-      ctx.out.fail(`--prop must be key=value, got: ${pair}`);
-    }
-    const key = pair.slice(0, eq2).trim();
-    if (key === "") {
-      ctx.out.fail(`--prop key cannot be empty, got: ${pair}`);
-    }
-    out[key] = coerceValue3(pair.slice(eq2 + 1));
-    any = true;
-  }
-  return any ? out : void 0;
-}
-function coerceValue3(raw) {
-  try {
-    return JSON.parse(raw);
-  } catch {
-    return raw;
-  }
-}
-function statusColor2(status) {
-  switch (status) {
-    case "queued":
-    case "sent":
-      return color.green(status);
-    case "skipped":
-      return color.dim(status);
-    default:
-      return color.yellow(status);
-  }
-}
-async function runSend2(ctx, argv) {
-  const { values: values2, positionals } = parseArgs5({
-    args: argv,
-    allowPositionals: true,
-    options: {
-      to: { type: "string" },
-      "user-id": { type: "string" },
-      prop: { type: "string", multiple: true },
-      props: { type: "string" },
-      from: { type: "string" },
-      subject: { type: "string" },
-      "reply-to": { type: "string" },
-      category: { type: "string" },
-      "skip-preference-check": { type: "boolean", default: false },
-      "idempotency-key": { type: "string" },
-      help: { type: "boolean", short: "h", default: false }
-    }
-  });
-  if (values2.help) {
-    ctx.out.log(usage5);
-    return;
-  }
-  const template = positionals[0];
-  if (!template) {
-    ctx.out.fail(
-      "emails send requires a template, e.g. hogsend emails send welcome --to a@b.com"
-    );
-  }
-  const to = values2.to;
-  const userId = values2["user-id"];
-  if (!to && !userId) {
-    ctx.out.fail("emails send requires at least one of --to or --user-id");
-  }
-  const props = parseProps3(ctx, values2.props, values2.prop);
-  const body = { template };
-  if (to) body.to = to;
-  if (userId) body.userId = userId;
-  if (props) body.props = props;
-  if (values2.from) body.from = values2.from;
-  if (values2.subject) body.subject = values2.subject;
-  if (values2["reply-to"]) body.replyTo = values2["reply-to"];
-  if (values2.category) body.category = values2.category;
-  if (values2["skip-preference-check"]) body.skipPreferenceCheck = true;
-  if (values2["idempotency-key"]) {
-    body.idempotencyKey = values2["idempotency-key"];
-  }
-  let res;
-  try {
-    res = await ctx.out.step(
-      `Sending ${template}`,
-      () => ctx.dataHttp.post("/v1/emails", body)
-    );
-  } catch (error) {
-    if (isHttpError(error)) {
-      ctx.out.fail(error.message);
-    }
-    throw error;
-  }
-  if (ctx.json) {
-    ctx.out.json(res);
-    return;
-  }
-  ctx.out.intro(`${badge3} send`);
-  ctx.out.kv(
-    {
-      emailSendId: res.emailSendId,
-      template,
-      recipient: to ?? userId ?? "",
-      status: statusColor2(res.status),
-      reason: res.reason ?? ""
-    },
-    "Email send"
-  );
-  ctx.out.outro(`${template} \u2192 ${statusColor2(res.status)}.`);
-}
-async function run5(ctx) {
-  const sub = ctx.argv[0];
-  switch (sub) {
-    case "send":
-      return runSend2(ctx, ctx.argv.slice(1));
-    case void 0:
-      ctx.out.fail(
-        "emails requires a subcommand: send (see hogsend emails --help)"
-      );
-      break;
-    default:
-      ctx.out.fail(`unknown emails subcommand "${sub}" \u2014 expected send`);
-  }
-}
-var emailsCommand = {
-  name: "emails",
-  summary: "Send a transactional email through the data plane",
-  usage: usage5,
-  run: run5
-};
-
-// src/commands/events.ts
-import { parseArgs as parseArgs6 } from "util";
-var usage6 = `hogsend events <userId> [options]
-hogsend events send <name> [options]
-
-Read a single user's event history (admin API), or send an event into the data
-plane to drive journeys/buckets.
-
-Read mode \u2014 hogsend events <userId>:
-  Stream the event history for a single user, newest first. Wraps
-  GET /v1/admin/events?userId=<userId>.
-
-  Arguments:
-    <userId>          The user (distinct) id to fetch events for. Required.
-
-  Options:
-    --event <name>    Filter to a single event name.
-    --from <iso>      Only events at/after this ISO-8601 timestamp.
-    --to <iso>        Only events at/before this ISO-8601 timestamp.
-    --limit <n>       Max events to return (1-100, default 50).
-    --offset <n>      Pagination offset (default 0).
-
-Send mode \u2014 hogsend events send <name>:
-  Push an event into POST /v1/events (data plane, ingest key). At least one of
-  --email / --user-id is required.
-
-  Options:
-    --email <addr>          Recipient/identity email.
-    --user-id <id>          External (distinct) id.
-    --prop <key=value>      Event property; repeatable. Value parsed as JSON,
-                            falling back to a string.
-    --props <json>          Event properties as one JSON object.
-    --contact-prop <k=v>    Contact property to merge onto the contact; repeatable.
-    --contact-props <json>  Contact properties as one JSON object.
-    --list <id>             Subscribe to a list; repeatable.
-    --unlist <id>           Unsubscribe from a list; repeatable.
-    --idempotency-key <k>   Dedup key (sent as the Idempotency-Key header).
-    --timestamp <iso>       Override the event timestamp.
-
-Global options (handled by the router): --url, --admin-key, --data-key, --json,
--h/--help.
-
-Examples:
-  hogsend events user_123
-  hogsend events user_123 --event signup --limit 10
-  hogsend events user_123 --from 2026-01-01T00:00:00Z --json
-  hogsend events send signup --user-id user_123 --prop plan=pro
-  hogsend events send purchase --email a@b.com --props '{"amount":49}' --json`;
-async function run6(ctx) {
-  if (ctx.argv[0] === "send") {
-    return runSend3(ctx, ctx.argv.slice(1));
-  }
-  return runRead(ctx, ctx.argv);
-}
-async function runRead(ctx, argv) {
-  const { values: values2, positionals } = parseArgs6({
-    args: argv,
-    allowPositionals: true,
-    options: {
-      event: { type: "string" },
-      from: { type: "string" },
-      to: { type: "string" },
-      limit: { type: "string" },
-      offset: { type: "string" },
-      help: { type: "boolean", short: "h", default: false }
+    } catch {
+      ctx.out.fail(`--props must be valid JSON, got: ${propsJson}`);
     }
-  });
-  if (values2.help) {
-    ctx.out.log(usage6);
-    return;
-  }
-  const userId = positionals[0];
-  if (!userId) {
-    ctx.out.fail("events requires a userId, e.g. hogsend events user_123");
+    if (parsed === null || typeof parsed !== "object" || Array.isArray(parsed)) {
+      ctx.out.fail("--props must be a JSON object");
+    }
+    Object.assign(out, parsed);
+    any = true;
   }
-  const limit = parseNumber(values2.limit, "limit", ctx);
-  const offset = parseNumber(values2.offset, "offset", ctx);
-  const query = {
-    userId,
-    event: values2.event,
-    from: values2.from,
-    to: values2.to,
-    limit,
-    offset
-  };
-  let data;
-  try {
-    data = await ctx.out.step(
-      `Fetching events for ${userId}`,
-      () => ctx.http.get("/v1/admin/events", query)
-    );
-  } catch (error) {
-    if (isHttpError(error)) {
-      ctx.out.fail(error.message);
+  for (const pair of propPairs ?? []) {
+    const eq2 = pair.indexOf("=");
+    if (eq2 === -1) {
+      ctx.out.fail(`--prop must be key=value, got: ${pair}`);
     }
-    throw error;
+    const key = pair.slice(0, eq2).trim();
+    if (key === "") {
+      ctx.out.fail(`--prop key cannot be empty, got: ${pair}`);
+    }
+    out[key] = coerceValue4(pair.slice(eq2 + 1));
+    any = true;
   }
-  if (ctx.json) {
-    ctx.out.json(data);
-    return;
+  return any ? out : void 0;
+}
+function coerceValue4(raw) {
+  try {
+    return JSON.parse(raw);
+  } catch {
+    return raw;
   }
-  ctx.out.intro(`${color.bgMagenta(color.black(" hogsend "))} events`);
-  if (data.events.length === 0) {
-    ctx.out.note(
-      `No events found for ${color.cyan(userId)}.`,
-      "Empty event stream"
-    );
-    ctx.out.outro(color.dim("Nothing to show."));
-    return;
+}
+function statusColor2(status) {
+  switch (status) {
+    case "queued":
+    case "sent":
+      return color.green(status);
+    case "skipped":
+      return color.dim(status);
+    default:
+      return color.yellow(status);
   }
-  const rows = data.events.map((e) => ({
-    occurredAt: e.occurredAt,
-    event: e.event,
-    properties: summarizeProps(e.properties),
-    id: e.id
-  }));
-  ctx.out.table(rows, ["occurredAt", "event", "properties", "id"]);
-  const shown = data.events.length;
-  const through = data.offset + shown;
-  ctx.out.outro(
-    `${color.green(String(shown))} event${shown === 1 ? "" : "s"} ` + color.dim(`(${data.offset + 1}-${through} of ${data.total})`)
-  );
 }
 async function runSend3(ctx, argv) {
-  const { values: values2, positionals } = parseArgs6({
+  const { values: values2, positionals } = parseArgs9({
     args: argv,
     allowPositionals: true,
     options: {
-      email: { type: "string" },
+      to: { type: "string" },
       "user-id": { type: "string" },
       prop: { type: "string", multiple: true },
       props: { type: "string" },
-      "contact-prop": { type: "string", multiple: true },
-      "contact-props": { type: "string" },
-      list: { type: "string", multiple: true },
-      unlist: { type: "string", multiple: true },
+      from: { type: "string" },
+      subject: { type: "string" },
+      "reply-to": { type: "string" },
+      category: { type: "string" },
+      "skip-preference-check": { type: "boolean", default: false },
       "idempotency-key": { type: "string" },
-      timestamp: { type: "string" },
       help: { type: "boolean", short: "h", default: false }
     }
   });
   if (values2.help) {
-    ctx.out.log(usage6);
+    ctx.out.log(usage8);
     return;
   }
-  const name = positionals[0];
-  if (!name) {
+  const template = positionals[0];
+  if (!template) {
     ctx.out.fail(
-      "events send requires an event name, e.g. hogsend events send signup --user-id user_123"
+      "emails send requires a template, e.g. hogsend emails send welcome --to a@b.com"
     );
   }
-  const email = values2.email;
+  const to = values2.to;
   const userId = values2["user-id"];
-  if (!email && !userId) {
-    ctx.out.fail("events send requires at least one of --email or --user-id");
+  if (!to && !userId) {
+    ctx.out.fail("emails send requires at least one of --to or --user-id");
   }
-  const eventProperties = parseProps4(ctx, values2.props, values2.prop, "prop");
-  const contactProperties = parseProps4(
-    ctx,
-    values2["contact-props"],
-    values2["contact-prop"],
-    "contact-prop"
-  );
-  const lists = parseLists2(values2.list, values2.unlist);
-  const body = { name };
-  if (email) body.email = email;
+  const props = parseProps4(ctx, values2.props, values2.prop);
+  const body = { template };
+  if (to) body.to = to;
   if (userId) body.userId = userId;
-  if (eventProperties) body.eventProperties = eventProperties;
-  if (contactProperties) body.contactProperties = contactProperties;
-  if (lists) body.lists = lists;
+  if (props) body.props = props;
+  if (values2.from) body.from = values2.from;
+  if (values2.subject) body.subject = values2.subject;
+  if (values2["reply-to"]) body.replyTo = values2["reply-to"];
+  if (values2.category) body.category = values2.category;
+  if (values2["skip-preference-check"]) body.skipPreferenceCheck = true;
   if (values2["idempotency-key"]) {
     body.idempotencyKey = values2["idempotency-key"];
   }
-  if (values2.timestamp) body.timestamp = values2.timestamp;
   let res;
   try {
     res = await ctx.out.step(
-      `Sending event ${name}`,
-      () => ctx.dataHttp.post("/v1/events", body)
+      `Sending ${template}`,
+      () => ctx.dataHttp.post("/v1/emails", body)
     );
   } catch (error) {
     if (isHttpError(error)) {
@@ -1669,103 +3084,43 @@ async function runSend3(ctx, argv) {
     ctx.out.json(res);
     return;
   }
-  ctx.out.intro(`${color.bgMagenta(color.black(" hogsend "))} events send`);
-  const exited = res.exits.filter((e) => e.exited);
+  ctx.out.intro(`${badge4} send`);
   ctx.out.kv(
     {
-      event: name,
-      stored: res.stored,
-      identity: email ?? userId ?? "",
-      exits: res.exits.length,
-      "journeys exited": exited.length
+      emailSendId: res.emailSendId,
+      template,
+      recipient: to ?? userId ?? "",
+      status: statusColor2(res.status),
+      reason: res.reason ?? ""
     },
-    "Event sent"
-  );
-  if (exited.length > 0) {
-    ctx.out.table(
-      exited.map((e) => ({ journeyId: e.journeyId, stateId: e.stateId })),
-      ["journeyId", "stateId"]
-    );
-  }
-  ctx.out.outro(
-    res.stored ? `${color.green("Stored")} ${name}.` : color.dim(`${name} was deduped (not stored).`)
+    "Email send"
   );
+  ctx.out.outro(`${template} \u2192 ${statusColor2(res.status)}.`);
 }
-function parseProps4(ctx, json2, pairs, flagName) {
-  const out = {};
-  let any = false;
-  if (json2 !== void 0) {
-    let parsed;
-    try {
-      parsed = JSON.parse(json2);
-    } catch {
-      ctx.out.fail(`--${flagName}s must be valid JSON, got: ${json2}`);
-    }
-    if (parsed === null || typeof parsed !== "object" || Array.isArray(parsed)) {
-      ctx.out.fail(`--${flagName}s must be a JSON object`);
-    }
-    Object.assign(out, parsed);
-    any = true;
-  }
-  for (const pair of pairs ?? []) {
-    const eq2 = pair.indexOf("=");
-    if (eq2 === -1) {
-      ctx.out.fail(`--${flagName} must be key=value, got: ${pair}`);
-    }
-    const key = pair.slice(0, eq2).trim();
-    if (key === "") {
-      ctx.out.fail(`--${flagName} key cannot be empty, got: ${pair}`);
-    }
-    out[key] = coerceValue4(pair.slice(eq2 + 1));
-    any = true;
-  }
-  return any ? out : void 0;
-}
-function coerceValue4(raw) {
-  try {
-    return JSON.parse(raw);
-  } catch {
-    return raw;
-  }
-}
-function parseLists2(subscribe, unsubscribe) {
-  const out = {};
-  let any = false;
-  for (const id of subscribe ?? []) {
-    out[id] = true;
-    any = true;
-  }
-  for (const id of unsubscribe ?? []) {
-    out[id] = false;
-    any = true;
-  }
-  return any ? out : void 0;
-}
-function parseNumber(raw, name, ctx) {
-  if (raw === void 0) return void 0;
-  const n = Number(raw);
-  if (!Number.isFinite(n)) {
-    ctx.out.fail(`--${name} must be a number, got "${raw}"`);
+async function run8(ctx) {
+  const sub = ctx.argv[0];
+  switch (sub) {
+    case "send":
+      return runSend3(ctx, ctx.argv.slice(1));
+    case void 0:
+      ctx.out.fail(
+        "emails requires a subcommand: send (see hogsend emails --help)"
+      );
+      break;
+    default:
+      ctx.out.fail(`unknown emails subcommand "${sub}" \u2014 expected send`);
   }
-  return n;
-}
-function summarizeProps(props) {
-  if (!props) return "";
-  const keys = Object.keys(props);
-  if (keys.length === 0) return "";
-  const preview = JSON.stringify(props);
-  return preview.length > 60 ? `${preview.slice(0, 57)}...` : preview;
 }
-var eventsCommand = {
-  name: "events",
-  summary: "Stream a user's event history, or send an event",
-  usage: usage6,
-  run: run6
+var emailsCommand = {
+  name: "emails",
+  summary: "Send a transactional email through the data plane",
+  usage: usage8,
+  run: run8
 };
 
 // src/commands/journeys.ts
-import { parseArgs as parseArgs7 } from "util";
-var usage7 = `hogsend journeys <subcommand> [options]
+import { parseArgs as parseArgs10 } from "util";
+var usage9 = `hogsend journeys <subcommand> [options]
 
 Inspect and toggle journeys via the admin API (/v1/admin/journeys).
 
@@ -1787,14 +3142,14 @@ Examples:
   hogsend journeys list --enabled true
   hogsend journeys get activation-welcome --json
   hogsend journeys disable churn-prevention`;
-function badge4() {
+function badge5() {
   return `${color.bgMagenta(color.black(" hogsend "))} journeys`;
 }
 function statusColor3(enabled) {
   return enabled ? color.green("enabled") : color.yellow("disabled");
 }
 async function runList2(ctx) {
-  const { values: values2 } = parseArgs7({
+  const { values: values2 } = parseArgs10({
     args: ctx.argv,
     allowPositionals: true,
     options: {
@@ -1805,7 +3160,7 @@ async function runList2(ctx) {
     }
   });
   if (values2.help) {
-    ctx.out.log(usage7);
+    ctx.out.log(usage9);
     return;
   }
   if (values2.enabled !== void 0 && !["true", "false"].includes(values2.enabled)) {
@@ -1816,7 +3171,7 @@ async function runList2(ctx) {
     limit: values2.limit,
     offset: values2.offset
   };
-  if (!ctx.json) ctx.out.intro(badge4());
+  if (!ctx.json) ctx.out.intro(badge5());
   const data = await ctx.out.step(
     "Fetching journeys",
     () => ctx.http.get("/v1/admin/journeys", query)
@@ -1861,7 +3216,7 @@ async function runGet2(ctx, id) {
       "journeys get requires a journey id, e.g. hogsend journeys get activation-welcome"
     );
   }
-  if (!ctx.json) ctx.out.intro(badge4());
+  if (!ctx.json) ctx.out.intro(badge5());
   const data = await ctx.out.step(
     `Fetching journey ${id}`,
     () => ctx.http.get(
@@ -1918,7 +3273,7 @@ async function runToggle(ctx, id, enabled) {
       `journeys ${verb} requires a journey id, e.g. hogsend journeys ${verb} activation-welcome`
     );
   }
-  if (!ctx.json) ctx.out.intro(badge4());
+  if (!ctx.json) ctx.out.intro(badge5());
   const data = await ctx.out.step(
     `${enabled ? "Enabling" : "Disabling"} ${id}`,
     () => ctx.http.patch(
@@ -1941,7 +3296,7 @@ async function runToggle(ctx, id, enabled) {
   );
   ctx.out.outro(`${j.id} is now ${statusColor3(j.enabled)}.`);
 }
-async function run7(ctx) {
+async function run9(ctx) {
   const sub = ctx.argv[0];
   const rest = ctx.argv.slice(1);
   const subCtx = { ...ctx, argv: rest };
@@ -1953,7 +3308,7 @@ async function run7(ctx) {
       case "get": {
         const id = rest.find((a) => !a.startsWith("-"));
         if (rest.includes("--help") || rest.includes("-h")) {
-          ctx.out.log(usage7);
+          ctx.out.log(usage9);
           return;
         }
         await runGet2(subCtx, id);
@@ -1961,7 +3316,7 @@ async function run7(ctx) {
       }
       case "enable": {
         if (rest.includes("--help") || rest.includes("-h")) {
-          ctx.out.log(usage7);
+          ctx.out.log(usage9);
           return;
         }
         await runToggle(
@@ -1973,7 +3328,7 @@ async function run7(ctx) {
       }
       case "disable": {
         if (rest.includes("--help") || rest.includes("-h")) {
-          ctx.out.log(usage7);
+          ctx.out.log(usage9);
           return;
         }
         await runToggle(
@@ -2007,14 +3362,14 @@ async function run7(ctx) {
 var journeysCommand = {
   name: "journeys",
   summary: "List, inspect, enable, and disable journeys",
-  usage: usage7,
-  run: run7
+  usage: usage9,
+  run: run9
 };
 
-// src/commands/patch.ts
-import { spawnSync } from "child_process";
-import { parseArgs as parseArgs8 } from "util";
-var usage8 = `hogsend patch <package> [--cwd <dir>]
+// src/commands/patch.ts
+import { spawnSync as spawnSync3 } from "child_process";
+import { parseArgs as parseArgs11 } from "util";
+var usage10 = `hogsend patch <package> [--cwd <dir>]
 
 Thin wrapper over pnpm's native patch flow. Runs \`pnpm patch <package>\`, which
 extracts the package into a temp dir and prints the path to edit. After editing,
@@ -2025,8 +3380,8 @@ This does NOT replace scripts/patch-check.sh (the patch re-apply contract).
 Options:
   --cwd <dir>    Project root to run pnpm in (defaults to current directory).
   -h, --help     Show this help.`;
-async function run8(ctx) {
-  const { values: values2, positionals } = parseArgs8({
+async function run10(ctx) {
+  const { values: values2, positionals } = parseArgs11({
     args: ctx.argv,
     allowPositionals: true,
     options: {
@@ -2035,7 +3390,7 @@ async function run8(ctx) {
     }
   });
   if (values2.help) {
-    ctx.out.log(usage8);
+    ctx.out.log(usage10);
     return;
   }
   const pkg = positionals[0];
@@ -2045,7 +3400,7 @@ async function run8(ctx) {
     );
   }
   const cwd = values2.cwd ?? process.cwd();
-  const result = spawnSync("pnpm", ["patch", pkg], {
+  const result = spawnSync3("pnpm", ["patch", pkg], {
     cwd,
     stdio: ctx.json ? "ignore" : "inherit"
   });
@@ -2075,30 +3430,16 @@ async function run8(ctx) {
 var patchCommand = {
   name: "patch",
   summary: "Patch a package via pnpm's native patch flow",
-  usage: usage8,
-  run: run8
+  usage: usage10,
+  run: run10
 };
 
 // src/commands/setup.ts
-import { spawnSync as spawnSync2 } from "child_process";
-import { randomBytes } from "crypto";
-import { copyFileSync, existsSync as existsSync4, readFileSync as readFileSync2, writeFileSync as writeFileSync2 } from "fs";
-import { join as join4 } from "path";
-import { parseArgs as parseArgs9 } from "util";
-import { confirm } from "@clack/prompts";
-
-// src/lib/prompt.ts
-import { cancel as cancel2, isCancel } from "@clack/prompts";
-function bail(value) {
-  if (isCancel(value)) {
-    cancel2("Cancelled.");
-    process.exit(0);
-  }
-  return value;
-}
-
-// src/commands/setup.ts
-var usage9 = `hogsend setup [--cwd <dir>] [--yes] [--json]
+import { existsSync as existsSync7 } from "fs";
+import { join as join7 } from "path";
+import { parseArgs as parseArgs12 } from "util";
+import { confirm as confirm2 } from "@clack/prompts";
+var usage11 = `hogsend setup [--cwd <dir>] [--yes] [--json]
 
 Interactive local onboarding for a scaffolded Hogsend app. Mirrors the
 create-hogsend "next steps":
@@ -2115,102 +3456,8 @@ Options:
   -h, --help     Show this help.
 
 Run ${color.cyan("hogsend doctor")} afterwards to verify the instance is healthy.`;
-function generateSecret() {
-  return randomBytes(32).toString("hex");
-}
-var SECRET_KEY = "BETTER_AUTH_SECRET";
-var PLACEHOLDER_PREFIX = "change-me";
-function ensureEnv(cwd) {
-  const envPath = join4(cwd, ".env");
-  const examplePath = join4(cwd, ".env.example");
-  let copied;
-  if (existsSync4(envPath)) {
-    copied = {
-      step: "env",
-      status: "skipped",
-      detail: ".env already exists"
-    };
-  } else if (existsSync4(examplePath)) {
-    copyFileSync(examplePath, envPath);
-    copied = {
-      step: "env",
-      status: "ok",
-      detail: "copied .env.example -> .env"
-    };
-  } else {
-    copied = {
-      step: "env",
-      status: "failed",
-      detail: "no .env and no .env.example to copy from"
-    };
-    return {
-      copied,
-      secret: {
-        step: "secret",
-        status: "skipped",
-        detail: "skipped \u2014 no .env"
-      }
-    };
-  }
-  let raw;
-  try {
-    raw = readFileSync2(envPath, "utf8");
-  } catch (err) {
-    return {
-      copied,
-      secret: {
-        step: "secret",
-        status: "failed",
-        detail: `could not read .env: ${err instanceof Error ? err.message : String(err)}`
-      }
-    };
-  }
-  const lines = raw.split(/\r?\n/);
-  const idx = lines.findIndex(
-    (l) => l.replace(/^export\s+/, "").trimStart().startsWith(`${SECRET_KEY}=`)
-  );
-  const existingLine = idx === -1 ? void 0 : lines[idx];
-  const current = existingLine === void 0 ? void 0 : existingLine.slice(existingLine.indexOf("=") + 1).trim();
-  const isPlaceholder = current === void 0 || current === "" || current.startsWith(PLACEHOLDER_PREFIX);
-  if (!isPlaceholder) {
-    return {
-      copied,
-      secret: {
-        step: "secret",
-        status: "skipped",
-        detail: `${SECRET_KEY} already set`
-      }
-    };
-  }
-  const secret = generateSecret();
-  const newLine = `${SECRET_KEY}=${secret}`;
-  if (idx === -1) {
-    if (raw.length > 0 && !raw.endsWith("\n")) lines.push("");
-    lines.push(newLine);
-  } else {
-    lines[idx] = newLine;
-  }
-  writeFileSync2(envPath, lines.join("\n"));
-  return {
-    copied,
-    secret: {
-      step: "secret",
-      status: "ok",
-      detail: `generated ${SECRET_KEY} (64-char hex)`
-    }
-  };
-}
-function runCmd(cmd, args, cwd, json2) {
-  const result = spawnSync2(cmd, args, {
-    cwd,
-    // In json mode stay silent (we report structured status); otherwise stream
-    // so the user sees docker / migration output inline.
-    stdio: json2 ? "ignore" : "inherit"
-  });
-  return { status: result.status, ok: result.status === 0 };
-}
-async function run9(ctx) {
-  const { values: values2 } = parseArgs9({
+async function run11(ctx) {
+  const { values: values2 } = parseArgs12({
     args: ctx.argv,
     allowPositionals: true,
     options: {
@@ -2220,16 +3467,16 @@ async function run9(ctx) {
     }
   });
   if (values2.help) {
-    ctx.out.log(usage9);
+    ctx.out.log(usage11);
     return;
   }
   const cwd = values2.cwd ?? process.cwd();
-  if (!existsSync4(join4(cwd, "package.json"))) {
+  if (!existsSync7(join7(cwd, "package.json"))) {
     ctx.out.fail(
       `no package.json in ${cwd} \u2014 run setup from a scaffolded Hogsend app (or pass --cwd).`
     );
   }
-  const hasCompose = existsSync4(join4(cwd, "docker-compose.yml")) || existsSync4(join4(cwd, "docker-compose.yaml")) || existsSync4(join4(cwd, "compose.yml")) || existsSync4(join4(cwd, "compose.yaml"));
+  const hasCompose = hasComposeFile(cwd);
   const skipConfirm = ctx.json || values2.yes;
   if (!ctx.json) {
     ctx.out.intro(
@@ -2238,7 +3485,7 @@ async function run9(ctx) {
   }
   if (ctx.out.interactive && !skipConfirm) {
     const proceed = bail(
-      await confirm({
+      await confirm2({
         message: `Set up local infra in ${color.cyan(cwd)}? (docker compose up, .env, db:migrate)`
       })
     );
@@ -2249,15 +3496,23 @@ async function run9(ctx) {
   }
   const results = [];
   if (hasCompose) {
-    const docker = await ctx.out.step(
-      "Starting infra (docker compose up -d)",
-      async () => runCmd("docker", ["compose", "up", "-d"], cwd, ctx.json)
+    const infra = await ctx.out.step(
+      "Checking infra",
+      async () => detectRunningInfra(cwd)
     );
-    results.push({
-      step: "docker",
-      status: docker.ok ? "ok" : "failed",
-      detail: docker.ok ? "Postgres + Redis + Hatchet-Lite up" : `docker compose exited with code ${docker.status ?? "?"}`
-    });
+    if (infra.postgres && infra.redis && infra.hatchet) {
+      results.push({
+        step: "docker",
+        status: "skipped",
+        detail: "infra already running"
+      });
+    } else {
+      const docker = await ctx.out.step(
+        "Starting infra (docker compose up -d)",
+        async () => dockerComposeUp(cwd, { quiet: ctx.json })
+      );
+      results.push(docker);
+    }
   } else {
     results.push({
       step: "docker",
@@ -2265,10 +3520,10 @@ async function run9(ctx) {
       detail: "no docker-compose file found"
     });
   }
-  const env = await ctx.out.step(
-    "Preparing .env + auth secret",
-    async () => ensureEnv(cwd)
-  );
+  const env = await ctx.out.step("Preparing .env + auth secret", async () => ({
+    copied: ensureEnvFile(cwd),
+    secret: ensureAuthSecret(cwd)
+  }));
   results.push(env.copied, env.secret);
   const dockerFailed = results.some(
     (r) => r.step === "docker" && r.status === "failed"
@@ -2282,13 +3537,9 @@ async function run9(ctx) {
   } else {
     const migrate = await ctx.out.step(
       "Running migrations (pnpm db:migrate)",
-      async () => runCmd("pnpm", ["db:migrate"], cwd, ctx.json)
+      async () => runMigrations(cwd, { quiet: ctx.json })
     );
-    results.push({
-      step: "migrate",
-      status: migrate.ok ? "ok" : "failed",
-      detail: migrate.ok ? "engine + client migrations applied" : `pnpm db:migrate exited with code ${migrate.status ?? "?"}`
-    });
+    results.push(migrate);
   }
   const failed = results.filter((r) => r.status === "failed");
   const ok = failed.length === 0;
@@ -2331,16 +3582,16 @@ async function run9(ctx) {
 var setupCommand = {
   name: "setup",
   summary: "Local onboarding: docker compose up, gen secret, db:migrate",
-  usage: usage9,
-  run: run9
+  usage: usage11,
+  run: run11
 };
 
 // src/commands/skills.ts
-import { existsSync as existsSync5 } from "fs";
-import { join as join5 } from "path";
-import { parseArgs as parseArgs10 } from "util";
+import { existsSync as existsSync8 } from "fs";
+import { join as join8 } from "path";
+import { parseArgs as parseArgs13 } from "util";
 import { multiselect } from "@clack/prompts";
-var usage10 = `hogsend skills <subcommand> [options]
+var usage12 = `hogsend skills <subcommand> [options]
 
 Manage the Claude Code skills bundled with @hogsend/cli. Bundled skills teach
 agents how to drive the hogsend CLI; \`add\` copies them into your project's
@@ -2400,8 +3651,8 @@ function runList3(ctx) {
     `Install with ${color.cyan("hogsend skills add <name>")} (or ${color.cyan("hogsend skills add --all")}). Refresh after an engine upgrade with ${color.cyan("--force")}.`
   );
 }
-async function runAdd(ctx, argv) {
-  const { values: values2, positionals } = parseArgs10({
+async function runAdd2(ctx, argv) {
+  const { values: values2, positionals } = parseArgs13({
     args: argv,
     allowPositionals: true,
     options: {
@@ -2411,7 +3662,7 @@ async function runAdd(ctx, argv) {
     }
   });
   if (values2.help) {
-    ctx.out.log(usage10);
+    ctx.out.log(usage12);
     return;
   }
   const cwd = process.cwd();
@@ -2452,7 +3703,7 @@ async function runAdd(ctx, argv) {
     (name) => copySkill(name, cwd, force)
   );
   if (results.some((r) => r.installed)) {
-    const installedNames = listBundledSkills(cwd).filter((s) => existsSync5(join5(installDir(cwd), s.name))).map((s) => s.name);
+    const installedNames = listBundledSkills(cwd).filter((s) => existsSync8(join8(installDir(cwd), s.name))).map((s) => s.name);
     writeSkillsStamp(cwd, installedNames);
   }
   if (ctx.json) {
@@ -2479,19 +3730,19 @@ async function runAdd(ctx, argv) {
     `Installed ${installedCount} skill${installedCount === 1 ? "" : "s"}` + (skippedCount > 0 ? `, skipped ${skippedCount}.` : ".")
   );
 }
-async function run10(ctx) {
+async function run12(ctx) {
   const sub = ctx.argv[0];
   switch (sub) {
     case "list":
       runList3(ctx);
       return;
     case "add":
-      await runAdd(ctx, ctx.argv.slice(1));
+      await runAdd2(ctx, ctx.argv.slice(1));
       return;
     case void 0:
     case "-h":
     case "--help":
-      ctx.out.log(usage10);
+      ctx.out.log(usage12);
       return;
     default:
       ctx.out.fail(
@@ -2502,13 +3753,13 @@ async function run10(ctx) {
 var skillsCommand = {
   name: "skills",
   summary: "List + install bundled Claude Code skills into .claude/skills",
-  usage: usage10,
-  run: run10
+  usage: usage12,
+  run: run12
 };
 
 // src/commands/stats.ts
-import { parseArgs as parseArgs11 } from "util";
-var usage11 = `hogsend stats [--json]
+import { parseArgs as parseArgs14 } from "util";
+var usage13 = `hogsend stats [--json]
 
 Show system-wide overview metrics from a running Hogsend instance.
 Wraps GET /v1/admin/metrics/overview.
@@ -2530,8 +3781,8 @@ Options:
 function pct(rate) {
   return `${(rate * 100).toFixed(2)}%`;
 }
-async function run11(ctx) {
-  const { values: values2 } = parseArgs11({
+async function run13(ctx) {
+  const { values: values2 } = parseArgs14({
     args: ctx.argv,
     allowPositionals: true,
     options: {
@@ -2539,7 +3790,7 @@ async function run11(ctx) {
     }
   });
   if (values2.help) {
-    ctx.out.log(usage11);
+    ctx.out.log(usage13);
     return;
   }
   const metrics = await ctx.out.step(
@@ -2568,20 +3819,20 @@ async function run11(ctx) {
 var statsCommand = {
   name: "stats",
   summary: "Show system-wide overview metrics",
-  usage: usage11,
-  run: run11
+  usage: usage13,
+  run: run13
 };
 
 // src/commands/studio.ts
-import { spawn } from "child_process";
-import { createReadStream, existsSync as existsSync6, readFileSync as readFileSync3, statSync as statSync2 } from "fs";
+import { spawn as spawn2 } from "child_process";
+import { createReadStream, existsSync as existsSync9, readFileSync as readFileSync5, statSync as statSync2 } from "fs";
 import { createServer } from "http";
-import { extname, join as join6, normalize, resolve, sep as sep3 } from "path";
+import { extname, join as join9, normalize, resolve as resolve2, sep as sep3 } from "path";
 import { fileURLToPath as fileURLToPath2 } from "url";
-import { parseArgs as parseArgs13 } from "util";
+import { parseArgs as parseArgs16 } from "util";
 
 // src/commands/studio-admin.ts
-import { parseArgs as parseArgs12 } from "util";
+import { parseArgs as parseArgs15 } from "util";
 import { password as passwordPrompt, text as text2 } from "@clack/prompts";
 
 // ../../node_modules/.pnpm/postgres@3.4.9/node_modules/postgres/src/index.js
@@ -2595,9 +3846,9 @@ var originError = /* @__PURE__ */ Symbol("OriginError");
 var CLOSE = {};
 var Query = class extends Promise {
   constructor(strings, args, handler, canceller, options = {}) {
-    let resolve2, reject;
+    let resolve3, reject;
     super((a, b2) => {
-      resolve2 = a;
+      resolve3 = a;
       reject = b2;
     });
     this.tagged = Array.isArray(strings.raw);
@@ -2608,7 +3859,7 @@ var Query = class extends Promise {
     this.options = options;
     this.state = null;
     this.statement = null;
-    this.resolve = (x) => (this.active = false, resolve2(x));
+    this.resolve = (x) => (this.active = false, resolve3(x));
     this.reject = (x) => (this.active = false, reject(x));
     this.active = false;
     this.cancelled = null;
@@ -2656,12 +3907,12 @@ var Query = class extends Promise {
           if (this.executed && !this.active)
             return { done: true };
           prev && prev();
-          const promise = new Promise((resolve2, reject) => {
+          const promise = new Promise((resolve3, reject) => {
             this.cursorFn = (value) => {
-              resolve2({ value, done: false });
+              resolve3({ value, done: false });
               return new Promise((r) => prev = r);
             };
-            this.resolve = () => (this.active = false, resolve2({ done: true }));
+            this.resolve = () => (this.active = false, resolve3({ done: true }));
             this.reject = (x) => (this.active = false, reject(x));
           });
           this.execute();
@@ -3288,12 +4539,12 @@ function Connection(options, queues = {}, { onopen = noop, onend = noop, onclose
     x.on("drain", drain);
     return x;
   }
-  async function cancel3({ pid, secret }, resolve2, reject) {
+  async function cancel3({ pid, secret }, resolve3, reject) {
     try {
       cancelMessage = bytes_default().i32(16).i32(80877102).i32(pid).i32(secret).end(16);
-      await connect();
+      await connect2();
       socket.once("error", reject);
-      socket.once("close", resolve2);
+      socket.once("close", resolve3);
     } catch (error2) {
       reject(error2);
     }
@@ -3424,7 +4675,7 @@ function Connection(options, queues = {}, { onopen = noop, onend = noop, onclose
       incomings = null;
     }
   }
-  async function connect() {
+  async function connect2() {
     terminated = false;
     backendParameters = {};
     socket || (socket = await createSocket());
@@ -3443,7 +4694,7 @@ function Connection(options, queues = {}, { onopen = noop, onend = noop, onclose
     hostIndex = (hostIndex + 1) % port.length;
   }
   function reconnect() {
-    setTimeout(connect, closedTime ? Math.max(0, closedTime + delay - performance.now()) : 0);
+    setTimeout(connect2, closedTime ? Math.max(0, closedTime + delay - performance.now()) : 0);
   }
   function connected() {
     try {
@@ -4240,7 +5491,7 @@ function parseEvent(x) {
 // ../../node_modules/.pnpm/postgres@3.4.9/node_modules/postgres/src/large.js
 import Stream2 from "stream";
 function largeObject(sql2, oid, mode = 131072 | 262144) {
-  return new Promise(async (resolve2, reject) => {
+  return new Promise(async (resolve3, reject) => {
     await sql2.begin(async (sql3) => {
       let finish;
       !oid && ([{ oid }] = await sql3`select lo_creat(-1) as oid`);
@@ -4266,7 +5517,7 @@ function largeObject(sql2, oid, mode = 131072 | 262144) {
           ) seek
         `
       };
-      resolve2(lo);
+      resolve3(lo);
       return new Promise(async (r) => finish = r);
       async function readable({
         highWaterMark = 2048 * 8,
@@ -4440,10 +5691,10 @@ function Postgres(a, b2) {
   }
   async function reserve() {
     const queue = queue_default();
-    const c = open.length ? open.shift() : await new Promise((resolve2, reject) => {
-      const query = { reserve: resolve2, reject };
+    const c = open.length ? open.shift() : await new Promise((resolve3, reject) => {
+      const query = { reserve: resolve3, reject };
       queries.push(query);
-      closed.length && connect(closed.shift(), query);
+      closed.length && connect2(closed.shift(), query);
     });
     move(c, reserved);
     c.reserved = () => queue.length ? c.execute(queue.shift()) : move(c, reserved);
@@ -4478,9 +5729,9 @@ function Postgres(a, b2) {
       let uncaughtError, result;
       name && await sql3`savepoint ${sql3(name)}`;
       try {
-        result = await new Promise((resolve2, reject) => {
+        result = await new Promise((resolve3, reject) => {
           const x = fn2(sql3);
-          Promise.resolve(Array.isArray(x) ? Promise.all(x) : x).then(resolve2, reject);
+          Promise.resolve(Array.isArray(x) ? Promise.all(x) : x).then(resolve3, reject);
         });
         if (uncaughtError)
           throw uncaughtError;
@@ -4530,15 +5781,15 @@ function Postgres(a, b2) {
     if (open.length)
       return go(open.shift(), query);
     if (closed.length)
-      return connect(closed.shift(), query);
+      return connect2(closed.shift(), query);
     busy.length ? go(busy.shift(), query) : queries.push(query);
   }
   function go(c, query) {
     return c.execute(query) ? move(c, busy) : move(c, full);
   }
   function cancel3(query) {
-    return new Promise((resolve2, reject) => {
-      query.state ? query.active ? connection_default(options).cancel(query.state, resolve2, reject) : query.cancelled = { resolve: resolve2, reject } : (queries.remove(query), query.cancelled = true, query.reject(Errors.generic("57014", "canceling statement due to user request")), resolve2());
+    return new Promise((resolve3, reject) => {
+      query.state ? query.active ? connection_default(options).cancel(query.state, resolve3, reject) : query.cancelled = { resolve: resolve3, reject } : (queries.remove(query), query.cancelled = true, query.reject(Errors.generic("57014", "canceling statement due to user request")), resolve3());
     });
   }
   async function end({ timeout = null } = {}) {
@@ -4557,13 +5808,13 @@ function Postgres(a, b2) {
   async function close() {
     await Promise.all(connections.map((c) => c.end()));
   }
-  async function destroy(resolve2) {
+  async function destroy(resolve3) {
     await Promise.all(connections.map((c) => c.terminate()));
     while (queries.length)
       queries.shift().reject(Errors.connection("CONNECTION_DESTROYED", options));
-    resolve2();
+    resolve3();
   }
-  function connect(c, query) {
+  function connect2(c, query) {
     move(c, connecting);
     c.connect(query);
     return c;
@@ -4588,7 +5839,7 @@ function Postgres(a, b2) {
     c.reserved = null;
     c.onclose && (c.onclose(e), c.onclose = null);
     options.onclose && options.onclose(c.id);
-    queries.length && connect(c, queries.shift());
+    queries.length && connect2(c, queries.shift());
   }
 }
 function parseOptions(a, b2) {
@@ -5818,7 +7069,7 @@ function sql(strings, ...params) {
     return new SQL([new StringChunk(str)]);
   }
   sql2.raw = raw;
-  function join9(chunks, separator) {
+  function join11(chunks, separator) {
     const result = [];
     for (const [i, chunk] of chunks.entries()) {
       if (i > 0 && separator !== void 0) {
@@ -5828,7 +7079,7 @@ function sql(strings, ...params) {
     }
     return new SQL(result);
   }
-  sql2.join = join9;
+  sql2.join = join11;
   function identifier(value) {
     return new Name(value);
   }
@@ -9478,7 +10729,7 @@ var PgSelectQueryBuilderBase = class extends TypedQueryBuilder {
       const baseTableName = this.tableName;
       const tableName = getTableLikeName(table);
       for (const item of extractUsedTable(table)) this.usedTables.add(item);
-      if (typeof tableName === "string" && this.config.joins?.some((join9) => join9.alias === tableName)) {
+      if (typeof tableName === "string" && this.config.joins?.some((join11) => join11.alias === tableName)) {
         throw new Error(`Alias "${tableName}" is already used in this query`);
       }
       if (!this.isPartialSelect) {
@@ -10699,7 +11950,7 @@ var PgUpdateBase = class extends QueryPromise {
   createJoin(joinType) {
     return (table, on) => {
       const tableName = getTableLikeName(table);
-      if (typeof tableName === "string" && this.config.joins.some((join9) => join9.alias === tableName)) {
+      if (typeof tableName === "string" && this.config.joins.some((join11) => join11.alias === tableName)) {
         throw new Error(`Alias "${tableName}" is already used in this query`);
       }
       if (typeof on === "function") {
@@ -10795,10 +12046,10 @@ var PgUpdateBase = class extends QueryPromise {
           const fromFields = this.getTableLikeFields(this.config.from);
           fields[tableName] = fromFields;
         }
-        for (const join9 of this.config.joins) {
-          const tableName2 = getTableLikeName(join9.table);
-          if (typeof tableName2 === "string" && !is(join9.table, SQL)) {
-            const fromFields = this.getTableLikeFields(join9.table);
+        for (const join11 of this.config.joins) {
+          const tableName2 = getTableLikeName(join11.table);
+          if (typeof tableName2 === "string" && !is(join11.table, SQL)) {
+            const fromFields = this.getTableLikeFields(join11.table);
             fields[tableName2] = fromFields;
           }
         }
@@ -12350,6 +13601,12 @@ var emailSends = pgTable(
     // mirrors the user_events idempotency pattern. Nullable: journey/system sends
     // don't set it.
     idempotencyKey: text("idempotency_key"),
+    // Free-form per-send annotations. Set ONLY by test-mode redirected sends
+    // today — `{ testMode: true, originalTo: <real recipient> }` — so Studio can
+    // flag a TEST row and show who the mail was REALLY for. Nullable: normal
+    // (live) sends leave it unset. jsonb (mirrors alert-history.payload) leaves
+    // room for future markers without another migration.
+    metadata: jsonb("metadata").$type(),
     ...timestamps
   },
   (table) => [
@@ -12946,7 +14203,7 @@ Examples:
 Security: passwords are written ONLY via better-auth (scrypt) \u2014 never raw SQL,
 never plaintext at rest, never logged. Prefer the masked prompt over --password.`;
 function parseAdminFlags(argv) {
-  const { values: values2 } = parseArgs12({
+  const { values: values2 } = parseArgs15({
     args: argv,
     allowPositionals: true,
     strict: false,
@@ -13147,7 +14404,7 @@ async function runStudioAdmin(ctx, argv) {
 }
 
 // src/commands/studio.ts
-var usage12 = `hogsend studio [options]
+var usage14 = `hogsend studio [options]
 
 Subcommands:
   admin create | reset | list   Shell-gated Studio admin recovery (DB + secret).
@@ -13179,16 +14436,16 @@ Examples:
 function resolveStudioDist(distFlag) {
   const candidates = [];
   if (distFlag && distFlag.length > 0) {
-    candidates.push(resolve(process.cwd(), distFlag));
+    candidates.push(resolve2(process.cwd(), distFlag));
   }
   candidates.push(fileURLToPath2(new URL("../studio", import.meta.url)));
   candidates.push(
     fileURLToPath2(new URL("../../studio/dist", import.meta.url)),
     fileURLToPath2(new URL("../../../studio/dist", import.meta.url))
   );
-  candidates.push(resolve(process.cwd(), "packages/studio/dist"));
+  candidates.push(resolve2(process.cwd(), "packages/studio/dist"));
   for (const dir of candidates) {
-    if (existsSync6(join6(dir, "index.html"))) {
+    if (existsSync9(join9(dir, "index.html"))) {
       return dir;
     }
   }
@@ -13215,7 +14472,7 @@ function mimeFor(path) {
   return MIME[extname(path).toLowerCase()] ?? "application/octet-stream";
 }
 function indexHtml(distPath, baseUrl) {
-  const raw = readFileSync3(join6(distPath, "index.html"), "utf8");
+  const raw = readFileSync5(join9(distPath, "index.html"), "utf8");
   if (!baseUrl) return raw;
   const inject = `<script>window.__HOGSEND_STUDIO__=${JSON.stringify({
     baseUrl
@@ -13230,19 +14487,19 @@ function openBrowser(url) {
   const cmd = platform === "darwin" ? "open" : platform === "win32" ? "cmd" : "xdg-open";
   const args = platform === "win32" ? ["/c", "start", "", url] : [url];
   try {
-    const child = spawn(cmd, args, { stdio: "ignore", detached: true });
+    const child = spawn2(cmd, args, { stdio: "ignore", detached: true });
     child.on("error", () => {
     });
     child.unref();
   } catch {
   }
 }
-async function run12(ctx) {
+async function run14(ctx) {
   if (ctx.argv[0] === "admin") {
     await runStudioAdmin(ctx, ctx.argv.slice(1));
     return;
   }
-  const { values: values2, positionals } = parseArgs13({
+  const { values: values2, positionals } = parseArgs16({
     args: ctx.argv,
     allowPositionals: true,
     strict: false,
@@ -13255,7 +14512,7 @@ async function run12(ctx) {
     }
   });
   if (values2.help) {
-    ctx.out.log(usage12);
+    ctx.out.log(usage14);
     return;
   }
   const port = Number(values2.port ?? "3333");
@@ -13281,13 +14538,13 @@ async function run12(ctx) {
       res.end(index2);
       return;
     }
-    const target = normalize(join6(distPath, rel));
+    const target = normalize(join9(distPath, rel));
     if (target !== distPath && !target.startsWith(distPath + sep3)) {
       res.writeHead(403);
       res.end("Forbidden");
       return;
     }
-    if (existsSync6(target) && statSync2(target).isFile()) {
+    if (existsSync9(target) && statSync2(target).isFile()) {
       res.writeHead(200, { "content-type": mimeFor(target) });
       createReadStream(target).pipe(res);
       return;
@@ -13341,17 +14598,17 @@ async function run12(ctx) {
 var studioCommand = {
   name: "studio",
   summary: "Serve the bundled Hogsend Studio admin SPA locally",
-  usage: usage12,
-  run: run12
+  usage: usage14,
+  run: run14
 };
 
 // src/commands/upgrade.ts
-import { spawnSync as spawnSync3 } from "child_process";
-import { existsSync as existsSync7, readFileSync as readFileSync4 } from "fs";
-import { join as join7 } from "path";
-import { parseArgs as parseArgs14 } from "util";
-import { confirm as confirm2 } from "@clack/prompts";
-var usage13 = `hogsend upgrade [--cwd <dir>] [--pm <pnpm|npm|yarn|bun>] [options]
+import { spawnSync as spawnSync4 } from "child_process";
+import { existsSync as existsSync10, readFileSync as readFileSync6 } from "fs";
+import { join as join10 } from "path";
+import { parseArgs as parseArgs17 } from "util";
+import { confirm as confirm3 } from "@clack/prompts";
+var usage15 = `hogsend upgrade [--cwd <dir>] [--pm <pnpm|npm|yarn|bun>] [options]
 
 Upgrade a scaffolded Hogsend app in one step:
   1. bump every @hogsend/* dependency to latest (or --to <version>), then
@@ -13372,23 +14629,23 @@ Options:
   -h, --help         Show this help.`;
 var VALID_PMS = ["pnpm", "npm", "yarn", "bun"];
 function detectPm(cwd) {
-  if (existsSync7(join7(cwd, "pnpm-lock.yaml"))) return "pnpm";
-  if (existsSync7(join7(cwd, "yarn.lock"))) return "yarn";
-  if (existsSync7(join7(cwd, "bun.lockb")) || existsSync7(join7(cwd, "bun.lock")))
+  if (existsSync10(join10(cwd, "pnpm-lock.yaml"))) return "pnpm";
+  if (existsSync10(join10(cwd, "yarn.lock"))) return "yarn";
+  if (existsSync10(join10(cwd, "bun.lockb")) || existsSync10(join10(cwd, "bun.lock")))
     return "bun";
-  if (existsSync7(join7(cwd, "package-lock.json"))) return "npm";
+  if (existsSync10(join10(cwd, "package-lock.json"))) return "npm";
   return "pnpm";
 }
 function hogsendDeps(cwd) {
-  const pkg = JSON.parse(readFileSync4(join7(cwd, "package.json"), "utf8"));
+  const pkg = JSON.parse(readFileSync6(join10(cwd, "package.json"), "utf8"));
   const all = { ...pkg.dependencies, ...pkg.devDependencies };
   return Object.keys(all).filter((n) => n.startsWith("@hogsend/")).sort();
 }
 function addArgs(pm, specs) {
   return [pm === "npm" ? "install" : "add", ...specs];
 }
-async function run13(ctx) {
-  const { values: values2 } = parseArgs14({
+async function run15(ctx) {
+  const { values: values2 } = parseArgs17({
     args: ctx.argv,
     allowPositionals: true,
     options: {
@@ -13402,14 +14659,14 @@ async function run13(ctx) {
     }
   });
   if (values2.help) {
-    ctx.out.log(usage13);
+    ctx.out.log(usage15);
     return;
   }
   if (values2["deps-only"] && values2["skills-only"]) {
     ctx.out.fail("--deps-only and --skills-only are mutually exclusive.");
   }
   const cwd = values2.cwd ?? process.cwd();
-  if (!existsSync7(join7(cwd, "package.json"))) {
+  if (!existsSync10(join10(cwd, "package.json"))) {
     ctx.out.fail(
       `no package.json in ${cwd} \u2014 run upgrade from a scaffolded Hogsend app (or pass --cwd).`
     );
@@ -13431,7 +14688,7 @@ async function run13(ctx) {
   const deps = doDeps ? hogsendDeps(cwd) : [];
   if (doDeps && deps.length === 0) {
     ctx.out.fail(
-      `no @hogsend/* dependencies found in ${join7(cwd, "package.json")}.`
+      `no @hogsend/* dependencies found in ${join10(cwd, "package.json")}.`
     );
   }
   const skipConfirm = ctx.json || values2.yes;
@@ -13446,7 +14703,7 @@ async function run13(ctx) {
       doSkills ? "refresh .claude/skills" : null
     ].filter(Boolean).join(" + ");
     const proceed = bail(
-      await confirm2({ message: `Upgrade ${color.cyan(cwd)}: ${plan}?` })
+      await confirm3({ message: `Upgrade ${color.cyan(cwd)}: ${plan}?` })
     );
     if (!proceed) {
       ctx.out.outro(color.dim("Nothing changed."));
@@ -13458,7 +14715,7 @@ async function run13(ctx) {
     const specs = deps.map((n) => `${n}@${target}`);
     const dep = await ctx.out.step(
       `Bumping @hogsend/* -> ${target} (${pm})`,
-      async () => spawnSync3(pm, addArgs(pm, specs), {
+      async () => spawnSync4(pm, addArgs(pm, specs), {
         cwd,
         stdio: ctx.json ? "ignore" : "inherit",
         shell: process.platform === "win32"
@@ -13527,12 +14784,12 @@ async function run13(ctx) {
 var upgradeCommand = {
   name: "upgrade",
   summary: "Bump @hogsend/* deps to latest + refresh vendored skills",
-  usage: usage13,
-  run: run13
+  usage: usage15,
+  run: run15
 };
 
 // src/commands/webhooks.ts
-import { parseArgs as parseArgs15 } from "util";
+import { parseArgs as parseArgs18 } from "util";
 var WEBHOOK_EVENT_TYPES = [
   "contact.created",
   "contact.updated",
@@ -13548,7 +14805,7 @@ var WEBHOOK_EVENT_TYPES = [
   "bucket.entered",
   "bucket.left"
 ];
-var usage14 = `hogsend webhooks <subcommand> [options]
+var usage16 = `hogsend webhooks <subcommand> [options]
 
 Manage outbound webhook endpoints \u2014 the Svix-style signed event stream Hogsend
 emits to your URLs. Wraps the admin routes (/v1/admin/webhooks), so this command
@@ -13594,7 +14851,7 @@ Examples:
   hogsend webhooks list --include-disabled
   hogsend webhooks rotate-secret we_123
   hogsend webhooks test we_123`;
-var badge5 = `${color.bgMagenta(color.black(" hogsend "))} webhooks`;
+var badge6 = `${color.bgMagenta(color.black(" hogsend "))} webhooks`;
 async function fetchOrFail2(ctx, label, fn) {
   try {
     return await ctx.out.step(label, fn);
@@ -13638,7 +14895,7 @@ ${color.bold(secret)}`,
   );
 }
 async function runList5(ctx, argv) {
-  const { values: values2 } = parseArgs15({
+  const { values: values2 } = parseArgs18({
     args: argv,
     allowPositionals: true,
     options: {
@@ -13649,7 +14906,7 @@ async function runList5(ctx, argv) {
     }
   });
   if (values2.help) {
-    ctx.out.log(usage14);
+    ctx.out.log(usage16);
     return;
   }
   const query = {
@@ -13657,7 +14914,7 @@ async function runList5(ctx, argv) {
     limit: values2.limit,
     offset: values2.offset
   };
-  if (!ctx.json) ctx.out.intro(`${badge5} list`);
+  if (!ctx.json) ctx.out.intro(`${badge6} list`);
   const res = await fetchOrFail2(
     ctx,
     "Fetching webhooks",
@@ -13698,13 +14955,13 @@ function renderEndpoint(ctx, ep, title) {
   );
 }
 async function runGet3(ctx, argv) {
-  const { values: values2, positionals } = parseArgs15({
+  const { values: values2, positionals } = parseArgs18({
     args: argv,
     allowPositionals: true,
     options: { help: { type: "boolean", short: "h", default: false } }
   });
   if (values2.help) {
-    ctx.out.log(usage14);
+    ctx.out.log(usage16);
     return;
   }
   const id = positionals[0];
@@ -13713,7 +14970,7 @@ async function runGet3(ctx, argv) {
       "webhooks get requires an endpoint id, e.g. hogsend webhooks get we_123"
     );
   }
-  if (!ctx.json) ctx.out.intro(`${badge5} get`);
+  if (!ctx.json) ctx.out.intro(`${badge6} get`);
   const res = await fetchOrFail2(
     ctx,
     "Fetching webhook",
@@ -13729,7 +14986,7 @@ async function runGet3(ctx, argv) {
   ctx.out.outro(`${res.url} \u2192 ${res.status}`);
 }
 async function runCreate2(ctx, argv) {
-  const { values: values2 } = parseArgs15({
+  const { values: values2 } = parseArgs18({
     args: argv,
     allowPositionals: true,
     options: {
@@ -13742,7 +14999,7 @@ async function runCreate2(ctx, argv) {
     }
   });
   if (values2.help) {
-    ctx.out.log(usage14);
+    ctx.out.log(usage16);
     return;
   }
   const url = values2.url;
@@ -13760,7 +15017,7 @@ async function runCreate2(ctx, argv) {
   const body = { url, eventTypes };
   if (values2.description !== void 0) body.description = values2.description;
   if (values2.disabled) body.disabled = true;
-  if (!ctx.json) ctx.out.intro(`${badge5} create`);
+  if (!ctx.json) ctx.out.intro(`${badge6} create`);
   const res = await fetchOrFail2(
     ctx,
     "Creating webhook",
@@ -13776,7 +15033,7 @@ async function runCreate2(ctx, argv) {
   ctx.out.outro(`${color.green("Created")} ${res.id} \u2192 ${res.url}`);
 }
 async function runUpdate(ctx, argv) {
-  const { values: values2, positionals } = parseArgs15({
+  const { values: values2, positionals } = parseArgs18({
     args: argv,
     allowPositionals: true,
     options: {
@@ -13790,7 +15047,7 @@ async function runUpdate(ctx, argv) {
     }
   });
   if (values2.help) {
-    ctx.out.log(usage14);
+    ctx.out.log(usage16);
     return;
   }
   const id = positionals[0];
@@ -13814,7 +15071,7 @@ async function runUpdate(ctx, argv) {
       "webhooks update: nothing to change \u2014 pass --url / --event / --description / --disabled / --enabled"
     );
   }
-  if (!ctx.json) ctx.out.intro(`${badge5} update`);
+  if (!ctx.json) ctx.out.intro(`${badge6} update`);
   const res = await fetchOrFail2(
     ctx,
     "Updating webhook",
@@ -13831,13 +15088,13 @@ async function runUpdate(ctx, argv) {
   ctx.out.outro(`${color.green("Updated")} ${res.id} \u2192 ${res.status}`);
 }
 async function runDelete(ctx, argv) {
-  const { values: values2, positionals } = parseArgs15({
+  const { values: values2, positionals } = parseArgs18({
     args: argv,
     allowPositionals: true,
     options: { help: { type: "boolean", short: "h", default: false } }
   });
   if (values2.help) {
-    ctx.out.log(usage14);
+    ctx.out.log(usage16);
     return;
   }
   const id = positionals[0];
@@ -13846,7 +15103,7 @@ async function runDelete(ctx, argv) {
       "webhooks delete requires an endpoint id, e.g. hogsend webhooks delete we_123"
     );
   }
-  if (!ctx.json) ctx.out.intro(`${badge5} delete`);
+  if (!ctx.json) ctx.out.intro(`${badge6} delete`);
   const res = await fetchOrFail2(
     ctx,
     "Deleting webhook",
@@ -13861,13 +15118,13 @@ async function runDelete(ctx, argv) {
   ctx.out.outro(`${color.green("Deleted")} ${id}`);
 }
 async function runRotate(ctx, argv) {
-  const { values: values2, positionals } = parseArgs15({
+  const { values: values2, positionals } = parseArgs18({
     args: argv,
     allowPositionals: true,
     options: { help: { type: "boolean", short: "h", default: false } }
   });
   if (values2.help) {
-    ctx.out.log(usage14);
+    ctx.out.log(usage16);
     return;
   }
   const id = positionals[0];
@@ -13876,7 +15133,7 @@ async function runRotate(ctx, argv) {
       "webhooks rotate-secret requires an endpoint id, e.g. hogsend webhooks rotate-secret we_123"
     );
   }
-  if (!ctx.json) ctx.out.intro(`${badge5} rotate-secret`);
+  if (!ctx.json) ctx.out.intro(`${badge6} rotate-secret`);
   const res = await fetchOrFail2(
     ctx,
     "Rotating signing secret",
@@ -13896,13 +15153,13 @@ async function runRotate(ctx, argv) {
   );
 }
 async function runTest(ctx, argv) {
-  const { values: values2, positionals } = parseArgs15({
+  const { values: values2, positionals } = parseArgs18({
     args: argv,
     allowPositionals: true,
     options: { help: { type: "boolean", short: "h", default: false } }
   });
   if (values2.help) {
-    ctx.out.log(usage14);
+    ctx.out.log(usage16);
     return;
   }
   const id = positionals[0];
@@ -13911,7 +15168,7 @@ async function runTest(ctx, argv) {
       "webhooks test requires an endpoint id, e.g. hogsend webhooks test we_123"
     );
   }
-  if (!ctx.json) ctx.out.intro(`${badge5} test`);
+  if (!ctx.json) ctx.out.intro(`${badge6} test`);
   const res = await fetchOrFail2(
     ctx,
     "Enqueuing test delivery",
@@ -13928,7 +15185,7 @@ async function runTest(ctx, argv) {
     `${color.green("Enqueued")} a ${color.cyan(res.eventType)} delivery to ${id}.`
   );
 }
-async function run14(ctx) {
+async function run16(ctx) {
   const sub = ctx.argv[0];
   switch (sub) {
     case "list":
@@ -13959,8 +15216,8 @@ async function run14(ctx) {
 var webhooksCommand = {
   name: "webhooks",
   summary: "Manage outbound webhook endpoints (create, rotate, test)",
-  usage: usage14,
-  run: run14
+  usage: usage16,
+  run: run16
 };
 
 // src/commands/index.ts
@@ -13973,7 +15230,9 @@ var commands = [
   emailsCommand,
   campaignsCommand,
   webhooksCommand,
+  domainCommand,
   studioCommand,
+  devCommand,
   setupCommand,
   skillsCommand,
   upgradeCommand,
@@ -13981,87 +15240,6 @@ var commands = [
   patchCommand
 ];
 
-// src/lib/config.ts
-import { existsSync as existsSync8, readFileSync as readFileSync5 } from "fs";
-import { join as join8 } from "path";
-import { parseArgs as parseArgs16 } from "util";
-var DEFAULT_BASE_URL = "http://localhost:3002";
-function parseGlobalFlags(argv) {
-  const { values: values2, tokens } = parseArgs16({
-    args: argv,
-    allowPositionals: true,
-    strict: false,
-    tokens: true,
-    options: {
-      url: { type: "string" },
-      "admin-key": { type: "string" },
-      "data-key": { type: "string" },
-      json: { type: "boolean", default: false },
-      help: { type: "boolean", short: "h", default: false }
-    }
-  });
-  const owned = /* @__PURE__ */ new Set(["url", "admin-key", "data-key", "json", "help", "h"]);
-  const rest = [];
-  for (const token of tokens) {
-    if (token.kind === "positional") {
-      rest.push(token.value);
-    } else if (token.kind === "option") {
-      if (owned.has(token.name)) continue;
-      rest.push(token.rawName);
-      if (token.value !== void 0 && !token.inlineValue) {
-        rest.push(token.value);
-      } else if (token.inlineValue && token.value !== void 0) {
-        rest[rest.length - 1] = `${token.rawName}=${token.value}`;
-      }
-    }
-  }
-  return {
-    url: typeof values2.url === "string" ? values2.url : void 0,
-    adminKey: typeof values2["admin-key"] === "string" ? values2["admin-key"] : void 0,
-    dataKey: typeof values2["data-key"] === "string" ? values2["data-key"] : void 0,
-    json: values2.json === true,
-    help: values2.help === true,
-    rest
-  };
-}
-function loadDotEnv(cwd = process.cwd()) {
-  const out = {};
-  const file = join8(cwd, ".env");
-  if (!existsSync8(file)) return out;
-  let raw;
-  try {
-    raw = readFileSync5(file, "utf8");
-  } catch {
-    return out;
-  }
-  for (const rawLine of raw.split(/\r?\n/)) {
-    const line2 = rawLine.trim();
-    if (line2 === "" || line2.startsWith("#")) continue;
-    const withoutExport = line2.startsWith("export ") ? line2.slice("export ".length) : line2;
-    const eq2 = withoutExport.indexOf("=");
-    if (eq2 === -1) continue;
-    const key = withoutExport.slice(0, eq2).trim();
-    if (key === "") continue;
-    let value = withoutExport.slice(eq2 + 1).trim();
-    if (value.startsWith('"') && value.endsWith('"') || value.startsWith("'") && value.endsWith("'")) {
-      value = value.slice(1, -1);
-    }
-    out[key] = value;
-  }
-  return out;
-}
-function resolveConfig(flags, cwd = process.cwd()) {
-  const dotenv = loadDotEnv(cwd);
-  const baseUrlRaw = flags.url ?? process.env.HOGSEND_API_URL ?? dotenv.HOGSEND_API_URL ?? DEFAULT_BASE_URL;
-  const adminKey = flags.adminKey ?? process.env.HOGSEND_ADMIN_KEY ?? process.env.ADMIN_API_KEY ?? dotenv.HOGSEND_ADMIN_KEY ?? dotenv.ADMIN_API_KEY;
-  const dataKey = flags.dataKey ?? process.env.HOGSEND_DATA_KEY ?? process.env.HOGSEND_API_KEY ?? dotenv.HOGSEND_DATA_KEY ?? dotenv.HOGSEND_API_KEY;
-  return {
-    baseUrl: baseUrlRaw.replace(/\/+$/, ""),
-    adminKey: adminKey && adminKey.length > 0 ? adminKey : void 0,
-    dataKey: dataKey && dataKey.length > 0 ? dataKey : void 0
-  };
-}
-
 // src/bin.ts
 function version2() {
   try {