@hogsend/cli 0.12.2 → 0.13.1

package/dist/bin.js

@@ -1012,7 +1012,8 @@ function resolveConfig(flags, cwd = process.cwd()) {
   return {
     baseUrl: baseUrlRaw.replace(/\/+$/, ""),
     adminKey: adminKey && adminKey.length > 0 ? adminKey : void 0,
-    dataKey: dataKey && dataKey.length > 0 ? dataKey : void 0
+    dataKey: dataKey && dataKey.length > 0 ? dataKey : void 0,
+    urlExplicit: flags.url !== void 0
   };
 }
 
@@ -3118,9 +3119,310 @@ var emailsCommand = {
   run: run8
 };
 
-// src/commands/journeys.ts
+// src/commands/hatchet.ts
 import { parseArgs as parseArgs10 } from "util";
-var usage9 = `hogsend journeys <subcommand> [options]
+
+// src/lib/hatchet-token.ts
+var SLUG_RE = /^[a-z0-9](?:[a-z0-9-]*[a-z0-9])?$/;
+var HatchetTokenError = class extends Error {
+  status;
+  constructor(message, status) {
+    super(message);
+    this.name = "HatchetTokenError";
+    this.status = status;
+  }
+};
+function extractApiError(body) {
+  if (typeof body !== "object" || body === null) return void 0;
+  const errors = body.errors;
+  if (!Array.isArray(errors)) return void 0;
+  const descriptions = errors.map(
+    (e) => typeof e === "object" && e !== null ? e.description : void 0
+  ).filter((d) => typeof d === "string");
+  return descriptions.length > 0 ? descriptions.join("; ") : void 0;
+}
+async function readBody(res) {
+  try {
+    return await res.json();
+  } catch {
+    return void 0;
+  }
+}
+function cookieHeaderFrom(res) {
+  const setCookies = res.headers.getSetCookie();
+  return setCookies.map((c) => c.split(";", 1)[0] ?? "").filter((c) => c.includes("=")).join("; ");
+}
+async function mintHatchetToken(opts) {
+  const fetchImpl = opts.fetchImpl ?? fetch;
+  const progress = opts.onProgress ?? (() => {
+  });
+  const base = opts.url.replace(/\/+$/, "");
+  if (!/^https?:\/\//.test(base)) {
+    throw new HatchetTokenError(
+      `invalid --url "${opts.url}" (expected http(s)://...)`
+    );
+  }
+  const tenantSlug = opts.tenantSlug ?? "default";
+  if (!SLUG_RE.test(tenantSlug)) {
+    throw new HatchetTokenError(
+      `invalid tenant slug "${tenantSlug}" (lowercase letters, digits, dashes)`
+    );
+  }
+  const tokenName = opts.tokenName ?? "hogsend";
+  const postJson = (path, body, cookie2) => fetchImpl(`${base}${path}`, {
+    method: "POST",
+    headers: {
+      "content-type": "application/json",
+      ...cookie2 ? { cookie: cookie2 } : {}
+    },
+    body: JSON.stringify(body)
+  });
+  let registered = false;
+  progress(`registering ${opts.email} ...`);
+  const registerRes = await postJson("/api/v1/users/register", {
+    name: opts.email.split("@")[0] || opts.email,
+    email: opts.email,
+    password: opts.password
+  });
+  if (registerRes.ok) {
+    registered = true;
+    await readBody(registerRes);
+  } else if (registerRes.status >= 500) {
+    const msg = extractApiError(await readBody(registerRes));
+    throw new HatchetTokenError(
+      `Hatchet register failed (${registerRes.status})${msg ? `: ${msg}` : ""}`,
+      registerRes.status
+    );
+  } else {
+    await readBody(registerRes);
+    progress("registration unavailable or account exists \u2014 logging in ...");
+  }
+  const loginRes = await postJson("/api/v1/users/login", {
+    email: opts.email,
+    password: opts.password
+  });
+  if (!loginRes.ok) {
+    const msg = extractApiError(await readBody(loginRes));
+    throw new HatchetTokenError(
+      `Hatchet login failed (${loginRes.status})${msg ? `: ${msg}` : ""} \u2014 check --email/--password (on a locked-down hatchet-lite these are its ADMIN_EMAIL/ADMIN_PASSWORD)`,
+      loginRes.status
+    );
+  }
+  await readBody(loginRes);
+  const cookie = cookieHeaderFrom(loginRes);
+  if (!cookie) {
+    throw new HatchetTokenError(
+      "Hatchet login succeeded but returned no session cookie"
+    );
+  }
+  progress(`resolving tenant "${tenantSlug}" ...`);
+  const membershipsRes = await fetchImpl(`${base}/api/v1/users/memberships`, {
+    headers: { cookie }
+  });
+  if (!membershipsRes.ok) {
+    const msg = extractApiError(await readBody(membershipsRes));
+    throw new HatchetTokenError(
+      `failed to list tenant memberships (${membershipsRes.status})${msg ? `: ${msg}` : ""}`,
+      membershipsRes.status
+    );
+  }
+  const memberships = await readBody(membershipsRes);
+  let tenant;
+  for (const row of memberships?.rows ?? []) {
+    const id = row.tenant?.metadata?.id;
+    if (id && row.tenant?.slug === tenantSlug) {
+      tenant = { id, slug: tenantSlug };
+      break;
+    }
+  }
+  let createdTenant = false;
+  if (!tenant) {
+    progress(`creating tenant "${tenantSlug}" ...`);
+    const createRes = await postJson(
+      "/api/v1/tenants",
+      { name: tenantSlug, slug: tenantSlug, engineVersion: "V1" },
+      cookie
+    );
+    const createBody = await readBody(createRes);
+    if (!createRes.ok) {
+      const msg = extractApiError(createBody);
+      throw new HatchetTokenError(
+        `failed to create tenant "${tenantSlug}" (${createRes.status})${msg ? `: ${msg}` : ""}`,
+        createRes.status
+      );
+    }
+    const created = createBody;
+    const id = created?.metadata?.id;
+    if (!id) {
+      throw new HatchetTokenError(
+        "tenant create succeeded but the response had no id"
+      );
+    }
+    tenant = { id, slug: tenantSlug };
+    createdTenant = true;
+  }
+  progress(`minting API token "${tokenName}" ...`);
+  const tokenRes = await postJson(
+    `/api/v1/tenants/${tenant.id}/api-tokens`,
+    { name: tokenName },
+    cookie
+  );
+  const tokenBody = await readBody(tokenRes);
+  if (!tokenRes.ok) {
+    const msg = extractApiError(tokenBody);
+    throw new HatchetTokenError(
+      `failed to mint API token (${tokenRes.status})${msg ? `: ${msg}` : ""}`,
+      tokenRes.status
+    );
+  }
+  const token = tokenBody?.token;
+  if (typeof token !== "string" || token.length === 0) {
+    throw new HatchetTokenError(
+      "token create succeeded but the response had no token"
+    );
+  }
+  return {
+    token,
+    tenantId: tenant.id,
+    tenantSlug: tenant.slug,
+    createdTenant,
+    registered
+  };
+}
+
+// src/commands/hatchet.ts
+var usage9 = `hogsend hatchet token [options]
+
+Mint a Hatchet API token (HATCHET_CLIENT_TOKEN) headlessly against a
+hatchet-lite instance. Registers the account if the instance still allows
+signups, otherwise logs in (e.g. with the seeded ADMIN_EMAIL/ADMIN_PASSWORD on
+a locked-down deployment), ensures the tenant exists, and creates the token.
+
+On success the token is the ONLY thing printed to stdout \u2014 pipe it straight
+into your platform's variable store. Progress and errors go to stderr.
+
+Options:
+  --url <hatchet-url>    Hatchet base URL (or HATCHET_URL), e.g. the
+                         hatchet-lite service's public https URL. Required \u2014
+                         this command never falls back to HOGSEND_API_URL or
+                         the localhost default (those target your Hogsend
+                         API, not Hatchet). NOTE: for this command the global
+                         --url targets HATCHET, not your Hogsend API.
+  --email <e>            Account email (or HATCHET_ADMIN_EMAIL).
+  --password <p>         Account password (or HATCHET_ADMIN_PASSWORD). Prefer
+                         the env var \u2014 flags can leak into shell history.
+  --tenant <slug>        Tenant slug (default "default", the seeded tenant).
+                         Created (engine V1) if it doesn't exist yet.
+  --token-name <n>       Display name for the minted token (default "hogsend").
+  --json                 Emit { token, tenantId, ... } as one JSON document.
+  -h, --help             Show this help.
+
+Examples:
+  hogsend hatchet token --url https://hatchet-lite-production.up.railway.app \\
+    --email admin@example.com --password 'Admin123!!'
+  HATCHET_ADMIN_PASSWORD=... hogsend hatchet token --url https://... --email admin@acme.com
+  railway variables --service hogsend-worker \\
+    --set "HATCHET_CLIENT_TOKEN=$(hogsend hatchet token --url ... --email ... --password ...)"
+
+Lockdown note: hatchet-lite ships with OPEN registration \u2014 anyone who finds the
+public URL can create an account. On a public deployment set
+SERVER_ALLOW_SIGNUP=false (plus a real ADMIN_EMAIL/ADMIN_PASSWORD, which
+hatchet-lite seeds at boot); this command then logs in with those credentials.`;
+function parseTokenFlags(argv) {
+  const { values: values2 } = parseArgs10({
+    args: argv,
+    allowPositionals: true,
+    strict: false,
+    options: {
+      url: { type: "string" },
+      email: { type: "string" },
+      password: { type: "string" },
+      tenant: { type: "string" },
+      "token-name": { type: "string" }
+    }
+  });
+  const str = (v) => typeof v === "string" && v.length > 0 ? v : void 0;
+  return {
+    url: str(values2.url),
+    email: str(values2.email),
+    password: str(values2.password),
+    tenant: str(values2.tenant),
+    tokenName: str(values2["token-name"])
+  };
+}
+function failToStderr(ctx, message) {
+  if (ctx.json) {
+    ctx.out.fail(message);
+  }
+  process.stderr.write(`${color.red("error")} ${message}
+`);
+  process.exit(1);
+}
+async function runToken(ctx, argv) {
+  const flags = parseTokenFlags(argv);
+  const url = flags.url ?? (ctx.cfg.urlExplicit ? ctx.cfg.baseUrl : void 0) ?? process.env.HATCHET_URL;
+  const email = flags.email ?? process.env.HATCHET_ADMIN_EMAIL;
+  const password = flags.password ?? process.env.HATCHET_ADMIN_PASSWORD;
+  const missing = [];
+  if (!url) missing.push("--url (or HATCHET_URL)");
+  if (!email) missing.push("--email (or HATCHET_ADMIN_EMAIL)");
+  if (!password) missing.push("--password (or HATCHET_ADMIN_PASSWORD)");
+  if (missing.length > 0 || !url || !email || !password) {
+    failToStderr(ctx, `missing ${missing.join(", ")}`);
+  }
+  const onProgress = ctx.json ? void 0 : (msg) => process.stderr.write(`${color.dim(msg)}
+`);
+  onProgress?.(`hatchet: ${url}`);
+  try {
+    const result = await mintHatchetToken({
+      url,
+      email,
+      password,
+      tenantSlug: flags.tenant,
+      tokenName: flags.tokenName,
+      onProgress
+    });
+    if (ctx.json) {
+      ctx.out.json(result);
+      return;
+    }
+    process.stdout.write(`${result.token}
+`);
+  } catch (err) {
+    if (err instanceof HatchetTokenError) {
+      failToStderr(ctx, err.message);
+    }
+    throw err;
+  }
+}
+async function run9(ctx) {
+  const sub = ctx.argv[0];
+  const rest = ctx.argv.slice(1);
+  if (!sub || sub === "--help" || sub === "-h" || sub === "help") {
+    ctx.out.log(usage9);
+    return;
+  }
+  if (rest.includes("-h") || rest.includes("--help")) {
+    ctx.out.log(usage9);
+    return;
+  }
+  switch (sub) {
+    case "token":
+      return runToken(ctx, rest);
+    default:
+      failToStderr(ctx, `unknown subcommand "${sub}" \u2014 expected token`);
+  }
+}
+var hatchetCommand = {
+  name: "hatchet",
+  summary: "Hatchet helpers \u2014 mint a HATCHET_CLIENT_TOKEN headlessly",
+  usage: usage9,
+  run: run9
+};
+
+// src/commands/journeys.ts
+import { parseArgs as parseArgs11 } from "util";
+var usage10 = `hogsend journeys <subcommand> [options]
 
 Inspect and toggle journeys via the admin API (/v1/admin/journeys).
 
@@ -3149,7 +3451,7 @@ function statusColor3(enabled) {
   return enabled ? color.green("enabled") : color.yellow("disabled");
 }
 async function runList2(ctx) {
-  const { values: values2 } = parseArgs10({
+  const { values: values2 } = parseArgs11({
     args: ctx.argv,
     allowPositionals: true,
     options: {
@@ -3160,7 +3462,7 @@ async function runList2(ctx) {
     }
   });
   if (values2.help) {
-    ctx.out.log(usage9);
+    ctx.out.log(usage10);
     return;
   }
   if (values2.enabled !== void 0 && !["true", "false"].includes(values2.enabled)) {
@@ -3296,7 +3598,7 @@ async function runToggle(ctx, id, enabled) {
   );
   ctx.out.outro(`${j.id} is now ${statusColor3(j.enabled)}.`);
 }
-async function run9(ctx) {
+async function run10(ctx) {
   const sub = ctx.argv[0];
   const rest = ctx.argv.slice(1);
   const subCtx = { ...ctx, argv: rest };
@@ -3308,7 +3610,7 @@ async function run9(ctx) {
       case "get": {
         const id = rest.find((a) => !a.startsWith("-"));
         if (rest.includes("--help") || rest.includes("-h")) {
-          ctx.out.log(usage9);
+          ctx.out.log(usage10);
           return;
         }
         await runGet2(subCtx, id);
@@ -3316,7 +3618,7 @@ async function run9(ctx) {
       }
       case "enable": {
         if (rest.includes("--help") || rest.includes("-h")) {
-          ctx.out.log(usage9);
+          ctx.out.log(usage10);
           return;
         }
         await runToggle(
@@ -3328,7 +3630,7 @@ async function run9(ctx) {
       }
       case "disable": {
         if (rest.includes("--help") || rest.includes("-h")) {
-          ctx.out.log(usage9);
+          ctx.out.log(usage10);
           return;
         }
         await runToggle(
@@ -3362,14 +3664,14 @@ async function run9(ctx) {
 var journeysCommand = {
   name: "journeys",
   summary: "List, inspect, enable, and disable journeys",
-  usage: usage9,
-  run: run9
+  usage: usage10,
+  run: run10
 };
 
 // src/commands/patch.ts
 import { spawnSync as spawnSync3 } from "child_process";
-import { parseArgs as parseArgs11 } from "util";
-var usage10 = `hogsend patch <package> [--cwd <dir>]
+import { parseArgs as parseArgs12 } from "util";
+var usage11 = `hogsend patch <package> [--cwd <dir>]
 
 Thin wrapper over pnpm's native patch flow. Runs \`pnpm patch <package>\`, which
 extracts the package into a temp dir and prints the path to edit. After editing,
@@ -3380,8 +3682,8 @@ This does NOT replace scripts/patch-check.sh (the patch re-apply contract).
 Options:
   --cwd <dir>    Project root to run pnpm in (defaults to current directory).
   -h, --help     Show this help.`;
-async function run10(ctx) {
-  const { values: values2, positionals } = parseArgs11({
+async function run11(ctx) {
+  const { values: values2, positionals } = parseArgs12({
     args: ctx.argv,
     allowPositionals: true,
     options: {
@@ -3390,7 +3692,7 @@ async function run10(ctx) {
     }
   });
   if (values2.help) {
-    ctx.out.log(usage10);
+    ctx.out.log(usage11);
     return;
   }
   const pkg = positionals[0];
@@ -3430,16 +3732,16 @@ async function run10(ctx) {
 var patchCommand = {
   name: "patch",
   summary: "Patch a package via pnpm's native patch flow",
-  usage: usage10,
-  run: run10
+  usage: usage11,
+  run: run11
 };
 
 // src/commands/setup.ts
 import { existsSync as existsSync7 } from "fs";
 import { join as join7 } from "path";
-import { parseArgs as parseArgs12 } from "util";
+import { parseArgs as parseArgs13 } from "util";
 import { confirm as confirm2 } from "@clack/prompts";
-var usage11 = `hogsend setup [--cwd <dir>] [--yes] [--json]
+var usage12 = `hogsend setup [--cwd <dir>] [--yes] [--json]
 
 Interactive local onboarding for a scaffolded Hogsend app. Mirrors the
 create-hogsend "next steps":
@@ -3456,8 +3758,8 @@ Options:
   -h, --help     Show this help.
 
 Run ${color.cyan("hogsend doctor")} afterwards to verify the instance is healthy.`;
-async function run11(ctx) {
-  const { values: values2 } = parseArgs12({
+async function run12(ctx) {
+  const { values: values2 } = parseArgs13({
     args: ctx.argv,
     allowPositionals: true,
     options: {
@@ -3467,7 +3769,7 @@ async function run11(ctx) {
     }
   });
   if (values2.help) {
-    ctx.out.log(usage11);
+    ctx.out.log(usage12);
     return;
   }
   const cwd = values2.cwd ?? process.cwd();
@@ -3582,16 +3884,16 @@ async function run11(ctx) {
 var setupCommand = {
   name: "setup",
   summary: "Local onboarding: docker compose up, gen secret, db:migrate",
-  usage: usage11,
-  run: run11
+  usage: usage12,
+  run: run12
 };
 
 // src/commands/skills.ts
 import { existsSync as existsSync8 } from "fs";
 import { join as join8 } from "path";
-import { parseArgs as parseArgs13 } from "util";
+import { parseArgs as parseArgs14 } from "util";
 import { multiselect } from "@clack/prompts";
-var usage12 = `hogsend skills <subcommand> [options]
+var usage13 = `hogsend skills <subcommand> [options]
 
 Manage the Claude Code skills bundled with @hogsend/cli. Bundled skills teach
 agents how to drive the hogsend CLI; \`add\` copies them into your project's
@@ -3652,7 +3954,7 @@ function runList3(ctx) {
   );
 }
 async function runAdd2(ctx, argv) {
-  const { values: values2, positionals } = parseArgs13({
+  const { values: values2, positionals } = parseArgs14({
     args: argv,
     allowPositionals: true,
     options: {
@@ -3662,7 +3964,7 @@ async function runAdd2(ctx, argv) {
     }
   });
   if (values2.help) {
-    ctx.out.log(usage12);
+    ctx.out.log(usage13);
     return;
   }
   const cwd = process.cwd();
@@ -3730,7 +4032,7 @@ async function runAdd2(ctx, argv) {
     `Installed ${installedCount} skill${installedCount === 1 ? "" : "s"}` + (skippedCount > 0 ? `, skipped ${skippedCount}.` : ".")
   );
 }
-async function run12(ctx) {
+async function run13(ctx) {
   const sub = ctx.argv[0];
   switch (sub) {
     case "list":
@@ -3742,7 +4044,7 @@ async function run12(ctx) {
     case void 0:
     case "-h":
     case "--help":
-      ctx.out.log(usage12);
+      ctx.out.log(usage13);
       return;
     default:
       ctx.out.fail(
@@ -3753,13 +4055,13 @@ async function run12(ctx) {
 var skillsCommand = {
   name: "skills",
   summary: "List + install bundled Claude Code skills into .claude/skills",
-  usage: usage12,
-  run: run12
+  usage: usage13,
+  run: run13
 };
 
 // src/commands/stats.ts
-import { parseArgs as parseArgs14 } from "util";
-var usage13 = `hogsend stats [--json]
+import { parseArgs as parseArgs15 } from "util";
+var usage14 = `hogsend stats [--json]
 
 Show system-wide overview metrics from a running Hogsend instance.
 Wraps GET /v1/admin/metrics/overview.
@@ -3781,8 +4083,8 @@ Options:
 function pct(rate) {
   return `${(rate * 100).toFixed(2)}%`;
 }
-async function run13(ctx) {
-  const { values: values2 } = parseArgs14({
+async function run14(ctx) {
+  const { values: values2 } = parseArgs15({
     args: ctx.argv,
     allowPositionals: true,
     options: {
@@ -3790,7 +4092,7 @@ async function run13(ctx) {
     }
   });
   if (values2.help) {
-    ctx.out.log(usage13);
+    ctx.out.log(usage14);
     return;
   }
   const metrics = await ctx.out.step(
@@ -3819,8 +4121,8 @@ async function run13(ctx) {
 var statsCommand = {
   name: "stats",
   summary: "Show system-wide overview metrics",
-  usage: usage13,
-  run: run13
+  usage: usage14,
+  run: run14
 };
 
 // src/commands/studio.ts
@@ -3829,10 +4131,10 @@ import { createReadStream, existsSync as existsSync9, readFileSync as readFileSy
 import { createServer } from "http";
 import { extname, join as join9, normalize, resolve as resolve2, sep as sep3 } from "path";
 import { fileURLToPath as fileURLToPath2 } from "url";
-import { parseArgs as parseArgs16 } from "util";
+import { parseArgs as parseArgs17 } from "util";
 
 // src/commands/studio-admin.ts
-import { parseArgs as parseArgs15 } from "util";
+import { parseArgs as parseArgs16 } from "util";
 import { password as passwordPrompt, text as text2 } from "@clack/prompts";
 
 // ../../node_modules/.pnpm/postgres@3.4.9/node_modules/postgres/src/index.js
@@ -13564,7 +13866,10 @@ var journeyStates = pgTable(
     index("journey_states_journey_id_status_idx").on(
       table.journeyId,
       table.status
-    )
+    ),
+    // Time-windowed activity counts (GET /v1/health) range-scan on updatedAt —
+    // without this the healthcheck seq-scans the whole table on every hit.
+    index("journey_states_updated_at_idx").on(table.updatedAt)
   ]
 );
 
@@ -14203,7 +14508,7 @@ Examples:
 Security: passwords are written ONLY via better-auth (scrypt) \u2014 never raw SQL,
 never plaintext at rest, never logged. Prefer the masked prompt over --password.`;
 function parseAdminFlags(argv) {
-  const { values: values2 } = parseArgs15({
+  const { values: values2 } = parseArgs16({
     args: argv,
     allowPositionals: true,
     strict: false,
@@ -14404,7 +14709,7 @@ async function runStudioAdmin(ctx, argv) {
 }
 
 // src/commands/studio.ts
-var usage14 = `hogsend studio [options]
+var usage15 = `hogsend studio [options]
 
 Subcommands:
   admin create | reset | list   Shell-gated Studio admin recovery (DB + secret).
@@ -14494,12 +14799,12 @@ function openBrowser(url) {
   } catch {
   }
 }
-async function run14(ctx) {
+async function run15(ctx) {
   if (ctx.argv[0] === "admin") {
     await runStudioAdmin(ctx, ctx.argv.slice(1));
     return;
   }
-  const { values: values2, positionals } = parseArgs16({
+  const { values: values2, positionals } = parseArgs17({
     args: ctx.argv,
     allowPositionals: true,
     strict: false,
@@ -14512,7 +14817,7 @@ async function run14(ctx) {
     }
   });
   if (values2.help) {
-    ctx.out.log(usage14);
+    ctx.out.log(usage15);
     return;
   }
   const port = Number(values2.port ?? "3333");
@@ -14598,17 +14903,17 @@ async function run14(ctx) {
 var studioCommand = {
   name: "studio",
   summary: "Serve the bundled Hogsend Studio admin SPA locally",
-  usage: usage14,
-  run: run14
+  usage: usage15,
+  run: run15
 };
 
 // src/commands/upgrade.ts
 import { spawnSync as spawnSync4 } from "child_process";
 import { existsSync as existsSync10, readFileSync as readFileSync6 } from "fs";
 import { join as join10 } from "path";
-import { parseArgs as parseArgs17 } from "util";
+import { parseArgs as parseArgs18 } from "util";
 import { confirm as confirm3 } from "@clack/prompts";
-var usage15 = `hogsend upgrade [--cwd <dir>] [--pm <pnpm|npm|yarn|bun>] [options]
+var usage16 = `hogsend upgrade [--cwd <dir>] [--pm <pnpm|npm|yarn|bun>] [options]
 
 Upgrade a scaffolded Hogsend app in one step:
   1. bump every @hogsend/* dependency to latest (or --to <version>), then
@@ -14644,8 +14949,8 @@ function hogsendDeps(cwd) {
 function addArgs(pm, specs) {
   return [pm === "npm" ? "install" : "add", ...specs];
 }
-async function run15(ctx) {
-  const { values: values2 } = parseArgs17({
+async function run16(ctx) {
+  const { values: values2 } = parseArgs18({
     args: ctx.argv,
     allowPositionals: true,
     options: {
@@ -14659,7 +14964,7 @@ async function run15(ctx) {
     }
   });
   if (values2.help) {
-    ctx.out.log(usage15);
+    ctx.out.log(usage16);
     return;
   }
   if (values2["deps-only"] && values2["skills-only"]) {
@@ -14784,12 +15089,12 @@ async function run15(ctx) {
 var upgradeCommand = {
   name: "upgrade",
   summary: "Bump @hogsend/* deps to latest + refresh vendored skills",
-  usage: usage15,
-  run: run15
+  usage: usage16,
+  run: run16
 };
 
 // src/commands/webhooks.ts
-import { parseArgs as parseArgs18 } from "util";
+import { parseArgs as parseArgs19 } from "util";
 var WEBHOOK_EVENT_TYPES = [
   "contact.created",
   "contact.updated",
@@ -14805,7 +15110,7 @@ var WEBHOOK_EVENT_TYPES = [
   "bucket.entered",
   "bucket.left"
 ];
-var usage16 = `hogsend webhooks <subcommand> [options]
+var usage17 = `hogsend webhooks <subcommand> [options]
 
 Manage outbound webhook endpoints \u2014 the Svix-style signed event stream Hogsend
 emits to your URLs. Wraps the admin routes (/v1/admin/webhooks), so this command
@@ -14895,7 +15200,7 @@ ${color.bold(secret)}`,
   );
 }
 async function runList5(ctx, argv) {
-  const { values: values2 } = parseArgs18({
+  const { values: values2 } = parseArgs19({
     args: argv,
     allowPositionals: true,
     options: {
@@ -14906,7 +15211,7 @@ async function runList5(ctx, argv) {
     }
   });
   if (values2.help) {
-    ctx.out.log(usage16);
+    ctx.out.log(usage17);
     return;
   }
   const query = {
@@ -14955,13 +15260,13 @@ function renderEndpoint(ctx, ep, title) {
   );
 }
 async function runGet3(ctx, argv) {
-  const { values: values2, positionals } = parseArgs18({
+  const { values: values2, positionals } = parseArgs19({
     args: argv,
     allowPositionals: true,
     options: { help: { type: "boolean", short: "h", default: false } }
   });
   if (values2.help) {
-    ctx.out.log(usage16);
+    ctx.out.log(usage17);
     return;
   }
   const id = positionals[0];
@@ -14986,7 +15291,7 @@ async function runGet3(ctx, argv) {
   ctx.out.outro(`${res.url} \u2192 ${res.status}`);
 }
 async function runCreate2(ctx, argv) {
-  const { values: values2 } = parseArgs18({
+  const { values: values2 } = parseArgs19({
     args: argv,
     allowPositionals: true,
     options: {
@@ -14999,7 +15304,7 @@ async function runCreate2(ctx, argv) {
     }
   });
   if (values2.help) {
-    ctx.out.log(usage16);
+    ctx.out.log(usage17);
     return;
   }
   const url = values2.url;
@@ -15033,7 +15338,7 @@ async function runCreate2(ctx, argv) {
   ctx.out.outro(`${color.green("Created")} ${res.id} \u2192 ${res.url}`);
 }
 async function runUpdate(ctx, argv) {
-  const { values: values2, positionals } = parseArgs18({
+  const { values: values2, positionals } = parseArgs19({
     args: argv,
     allowPositionals: true,
     options: {
@@ -15047,7 +15352,7 @@ async function runUpdate(ctx, argv) {
     }
   });
   if (values2.help) {
-    ctx.out.log(usage16);
+    ctx.out.log(usage17);
     return;
   }
   const id = positionals[0];
@@ -15088,13 +15393,13 @@ async function runUpdate(ctx, argv) {
   ctx.out.outro(`${color.green("Updated")} ${res.id} \u2192 ${res.status}`);
 }
 async function runDelete(ctx, argv) {
-  const { values: values2, positionals } = parseArgs18({
+  const { values: values2, positionals } = parseArgs19({
     args: argv,
     allowPositionals: true,
     options: { help: { type: "boolean", short: "h", default: false } }
   });
   if (values2.help) {
-    ctx.out.log(usage16);
+    ctx.out.log(usage17);
     return;
   }
   const id = positionals[0];
@@ -15118,13 +15423,13 @@ async function runDelete(ctx, argv) {
   ctx.out.outro(`${color.green("Deleted")} ${id}`);
 }
 async function runRotate(ctx, argv) {
-  const { values: values2, positionals } = parseArgs18({
+  const { values: values2, positionals } = parseArgs19({
     args: argv,
     allowPositionals: true,
     options: { help: { type: "boolean", short: "h", default: false } }
   });
   if (values2.help) {
-    ctx.out.log(usage16);
+    ctx.out.log(usage17);
     return;
   }
   const id = positionals[0];
@@ -15153,13 +15458,13 @@ async function runRotate(ctx, argv) {
   );
 }
 async function runTest(ctx, argv) {
-  const { values: values2, positionals } = parseArgs18({
+  const { values: values2, positionals } = parseArgs19({
     args: argv,
     allowPositionals: true,
     options: { help: { type: "boolean", short: "h", default: false } }
   });
   if (values2.help) {
-    ctx.out.log(usage16);
+    ctx.out.log(usage17);
     return;
   }
   const id = positionals[0];
@@ -15185,7 +15490,7 @@ async function runTest(ctx, argv) {
     `${color.green("Enqueued")} a ${color.cyan(res.eventType)} delivery to ${id}.`
   );
 }
-async function run16(ctx) {
+async function run17(ctx) {
   const sub = ctx.argv[0];
   switch (sub) {
     case "list":
@@ -15216,8 +15521,8 @@ async function run16(ctx) {
 var webhooksCommand = {
   name: "webhooks",
   summary: "Manage outbound webhook endpoints (create, rotate, test)",
-  usage: usage16,
-  run: run16
+  usage: usage17,
+  run: run17
 };
 
 // src/commands/index.ts
@@ -15231,6 +15536,7 @@ var commands = [
   campaignsCommand,
   webhooksCommand,
   domainCommand,
+  hatchetCommand,
   studioCommand,
   devCommand,
   setupCommand,