@hogsend/cli 0.20.0 → 0.21.0

package/dist/bin.js

@@ -61,13 +61,13 @@ async function request(baseUrl, key, missingKeyMessage, method, path, opts) {
     const msg = cause instanceof Error ? cause.message : String(cause);
     throw makeHttpError(`cannot reach ${baseUrl} (${msg})`, 0, void 0);
   }
-  const text3 = await res.text();
+  const text4 = await res.text();
   let parsed;
-  if (text3.length > 0) {
+  if (text4.length > 0) {
     try {
-      parsed = JSON.parse(text3);
+      parsed = JSON.parse(text4);
     } catch {
-      parsed = text3;
+      parsed = text4;
     }
   }
   if (!res.ok) {
@@ -149,7 +149,7 @@ function renderTable(rows, columns) {
   const widths = cols.map(
     (c) => Math.max(c.length, ...rows.map((r) => cell(r[c]).length))
   );
-  const pad = (text3, width) => text3 + " ".repeat(width - text3.length);
+  const pad = (text4, width) => text4 + " ".repeat(width - text4.length);
   const header = cols.map((c, i) => color.bold(pad(c, widths[i] ?? 0))).join("  ");
   const sep4 = cols.map((_, i) => "-".repeat(widths[i] ?? 0)).join("  ");
   const body = rows.map((r) => cols.map((c, i) => pad(cell(r[c]), widths[i] ?? 0)).join("  ")).join("\n");
@@ -472,7 +472,7 @@ var campaignsCommand = {
 
 // src/commands/connect.ts
 import { parseArgs as parseArgs2 } from "util";
-import { confirm } from "@clack/prompts";
+import { confirm, select, text } from "@clack/prompts";
 
 // src/lib/browser.ts
 import { spawn } from "child_process";
@@ -497,7 +497,7 @@ import { createServer } from "http";
 // src/lib/oauth.ts
 import { createHash, randomBytes } from "crypto";
 var POSTHOG_CLIENT_ID = "https://hogsend.com/.well-known/hogsend-posthog-client.json";
-var POSTHOG_SCOPES = "person:read person:write project:read hog_function:write";
+var POSTHOG_SCOPES = "person:read person:write project:read organization:read hog_function:read hog_function:write feature_flag:read cohort:read cohort:write query:read insight:read event_definition:read property_definition:read";
 var LOOPBACK_PORTS = [8423, 8424, 8425];
 var CALLBACK_PATH = "/callback";
 var CALLBACK_TIMEOUT_MS = 3e5;
@@ -584,10 +584,10 @@ async function exchangeCode(opts) {
     })
   });
   if (!res.ok) {
-    const text3 = await res.text().catch(() => "");
-    let detail = text3;
+    const text4 = await res.text().catch(() => "");
+    let detail = text4;
     try {
-      const parsed = JSON.parse(text3);
+      const parsed = JSON.parse(text4);
       if (typeof parsed === "object" && parsed !== null && typeof parsed.error === "string") {
         detail = parsed.error;
       }
@@ -776,7 +776,10 @@ var ConnectError = class extends Error {
     this.hint = hint;
   }
 };
-var HINT_NOT_CONFIGURED = "Set POSTHOG_API_KEY (and POSTHOG_HOST for EU/self-hosted) on the instance, redeploy, then re-run. The server's PostHog config tells the CLI which region to authorize against.";
+var HINT_NOT_CONFIGURED = "Pass --posthog-host https://eu.posthog.com (or https://us.posthog.com, or your self-hosted app URL) to pick the region to authorize against. Alternatively set POSTHOG_HOST on the instance, redeploy, then re-run.";
+var POSTHOG_EU_HOST = "https://eu.posthog.com";
+var POSTHOG_US_HOST = "https://us.posthog.com";
+var normalizeHost = (host) => host.replace(/\/+$/, "");
 var hintOauthUnsupported = (privateHost) => `${privateHost} doesn't advertise an OAuth server (discovery returned 404).
 Self-hosted PostHog builds may not ship OAuth. Use a personal API key instead:
 
@@ -804,12 +807,6 @@ skipped (a destination pointing at localhost would be unreachable).
 Once deployed, wire the loop against the real instance:
 
   hogsend connect posthog --provision-only --url https://your-instance`;
-var WEBHOOK_SECRET_NOTE = `Credential stored \u2014 but the PostHog -> Hogsend event loop needs a shared
-webhook secret, and this instance doesn't have one yet. Finish the loop:
-
-  1. Generate a secret:        openssl rand -hex 32
-  2. Set it on the instance:   POSTHOG_WEBHOOK_SECRET=<secret>  (api AND worker)
-  3. Redeploy, then run:       hogsend connect posthog --provision-only`;
 var errMsg = (err) => err instanceof Error ? err.message : String(err);
 var httpErrorBody = (err) => {
   if (!isHttpError(err)) return void 0;
@@ -843,13 +840,6 @@ function fromLoopbackError(err) {
   }
 }
 async function runProvisionOnly(deps, info, base) {
-  if (info.webhookSecretConfigured === false) {
-    deps.out.note(WEBHOOK_SECRET_NOTE, "Webhook secret missing");
-    throw new ConnectError(
-      "webhook_secret_missing",
-      "POSTHOG_WEBHOOK_SECRET is not set on the instance \u2014 nothing to provision against"
-    );
-  }
   if (isLoopbackUrl(info.apiPublicUrl)) {
     deps.out.note(LOOPBACK_URL_NOTE, "Instance not publicly reachable");
     throw new ConnectError(
@@ -902,24 +892,39 @@ function printProvisioned(out, result) {
     ].join("\n")
   );
 }
+async function resolvePrivateHost(deps, info, opts) {
+  if (info.privateHost !== null) {
+    return info.privateHost;
+  }
+  if (opts.posthogHost) {
+    return normalizeHost(opts.posthogHost);
+  }
+  if (deps.interactive) {
+    if (deps.selectRegion) {
+      return normalizeHost(await deps.selectRegion());
+    }
+    const useUs = await deps.confirm(
+      `Use PostHog US Cloud (${POSTHOG_US_HOST})? (No selects PostHog EU Cloud, ${POSTHOG_EU_HOST})`
+    );
+    return useUs ? POSTHOG_US_HOST : POSTHOG_EU_HOST;
+  }
+  throw new ConnectError(
+    "not_configured",
+    "this instance has no PostHog configuration",
+    HINT_NOT_CONFIGURED
+  );
+}
 async function runConnectPosthog(deps, opts) {
   const base = deps.http.cfg.baseUrl;
   const info = await deps.out.step(
     `GET ${base}/v1/admin/analytics/connect-info`,
     () => deps.http.get("/v1/admin/analytics/connect-info")
   );
-  const privateHost = info.privateHost;
-  if (privateHost === null) {
-    throw new ConnectError(
-      "not_configured",
-      "this instance has no PostHog configuration",
-      HINT_NOT_CONFIGURED
-    );
-  }
   if (opts.provisionOnly) {
     return runProvisionOnly(deps, info, base);
   }
-  if (info.hostExplicit === false) {
+  const privateHost = await resolvePrivateHost(deps, info, opts);
+  if (info.privateHost !== null && info.hostExplicit === false) {
     if (deps.interactive) {
       const proceed = await deps.confirm(
         `No POSTHOG_HOST set on the instance \u2014 assume PostHog US Cloud (${privateHost})?`
@@ -1068,6 +1073,13 @@ async function runConnectPosthog(deps, opts) {
     },
     credential: { stored: true, expiresAt }
   };
+  const requestedScopes = POSTHOG_SCOPES.split(" ");
+  const missingScopes = requestedScopes.filter((s) => !scopes.includes(s));
+  if (missingScopes.length > 0) {
+    deps.out.log(
+      `note: PostHog granted ${scopes.length}/${requestedScopes.length} requested scope(s); missing: ${missingScopes.join(", ")}. Re-run \`hogsend connect posthog\` to grant the full set.`
+    );
+  }
   if (opts.noProvision) {
     return {
       verdict: "connected_no_provision",
@@ -1075,14 +1087,6 @@ async function runConnectPosthog(deps, opts) {
       provision: { attempted: false, skipped: "no_provision_flag" }
     };
   }
-  if (info.webhookSecretConfigured === false) {
-    deps.out.note(WEBHOOK_SECRET_NOTE, "Webhook secret missing");
-    return {
-      verdict: "connected_no_provision",
-      ...stored,
-      provision: { attempted: false, skipped: "webhook_secret_missing" }
-    };
-  }
   if (isLoopbackUrl(info.apiPublicUrl)) {
     deps.out.note(LOOPBACK_URL_NOTE, "Instance not publicly reachable");
     return {
@@ -1135,7 +1139,7 @@ function bail(value) {
 }
 
 // src/commands/connect.ts
-var usage2 = `hogsend connect <provider> [--provision-only] [--no-provision] [--no-browser] [--json]
+var usage2 = `hogsend connect <provider> [--posthog-host <url>] [--provision-only] [--no-provision] [--no-browser] [--json]
 
 Connect this Hogsend instance to an analytics provider via OAuth. Providers:
 
@@ -1149,6 +1153,10 @@ The browser consent must happen on THIS machine (the OAuth callback lands on
 this command from your laptop, not from an SSH session on the server.
 
 Options:
+  --posthog-host     PostHog app/private host to authorize against, e.g.
+                     https://eu.posthog.com or https://us.posthog.com (NOT the
+                     i. ingestion host). Required when the instance has no
+                     PostHog config and you're running non-interactively.
   --provision-only   Skip OAuth; (re-)provision the event loop using the
                      already-stored credential.
   --no-provision     Stop after storing the credential.
@@ -1163,6 +1171,7 @@ async function run2(ctx) {
     allowPositionals: true,
     strict: false,
     options: {
+      "posthog-host": { type: "string" },
       "provision-only": { type: "boolean", default: false },
       "no-provision": { type: "boolean", default: false },
       "no-browser": { type: "boolean", default: false },
@@ -1204,13 +1213,33 @@ async function run2(ctx) {
     exchangeCode,
     openBrowser,
     confirm: async (message) => bail(await confirm({ message })),
+    selectRegion: async () => {
+      const choice = bail(
+        await select({
+          message: "Which PostHog region should Hogsend authorize against?",
+          options: [
+            { value: "https://eu.posthog.com", label: "PostHog EU Cloud" },
+            { value: "https://us.posthog.com", label: "PostHog US Cloud" },
+            { value: "custom", label: "Custom / self-hosted" }
+          ]
+        })
+      );
+      if (choice !== "custom") return choice;
+      return bail(
+        await text({
+          message: "PostHog app/private host URL (e.g. https://posthog.example.com)",
+          placeholder: "https://posthog.example.com"
+        })
+      );
+    },
     now: () => /* @__PURE__ */ new Date()
   };
   try {
     const result = await runConnectPosthog(deps, {
       provisionOnly: Boolean(values2["provision-only"]),
       noProvision: Boolean(values2["no-provision"]),
-      noBrowser: Boolean(values2["no-browser"])
+      noBrowser: Boolean(values2["no-browser"]),
+      posthogHost: typeof values2["posthog-host"] === "string" ? values2["posthog-host"] : void 0
     });
     if (ctx.json) {
       ctx.out.json({ ok: true, ...result });
@@ -4928,7 +4957,7 @@ import { parseArgs as parseArgs18 } from "util";
 
 // src/commands/studio-admin.ts
 import { parseArgs as parseArgs17 } from "util";
-import { password as passwordPrompt, text as text2 } from "@clack/prompts";
+import { password as passwordPrompt, text as text3 } from "@clack/prompts";
 
 // ../../node_modules/.pnpm/postgres@3.4.9/node_modules/postgres/src/index.js
 import os from "os";
@@ -5234,7 +5263,7 @@ function values(first, rest, parameters, types2, options) {
   const columns = rest.length ? rest.flat() : Object.keys(multi ? first[0] : first);
   return valuesBuilder(multi ? first : [first], parameters, types2, columns, options);
 }
-function select(first, rest, parameters, types2, options) {
+function select2(first, rest, parameters, types2, options) {
   typeof first === "string" && (first = [first].concat(rest));
   if (Array.isArray(first))
     return escapeIdentifiers(first, options);
@@ -5251,10 +5280,10 @@ var builders = Object.entries({
     const x = values(...xs);
     return x === "()" ? "(null)" : x;
   },
-  select,
-  as: select,
-  returning: select,
-  "\\(": select,
+  select: select2,
+  as: select2,
+  returning: select2,
+  "\\(": select2,
   update(first, rest, parameters, types2, options) {
     return (rest.length ? rest.flat() : Object.keys(first)).map(
       (x) => escapeIdentifier(options.transform.column.to ? options.transform.column.to(x) : x) + "=" + stringifyValue("values", first[x], parameters, types2, options)
@@ -9602,7 +9631,7 @@ var PgText = class extends PgColumn {
     return "text";
   }
 };
-function text(a, b2 = {}) {
+function text2(a, b2 = {}) {
   const { name, config } = getColumnNameAndConfig(a, b2);
   return new PgTextBuilder(name, config);
 }
@@ -9924,7 +9953,7 @@ function getPgColumnBuilders() {
     serial,
     smallint,
     smallserial,
-    text,
+    text: text2,
     time,
     timestamp,
     uuid,
@@ -10933,14 +10962,14 @@ var PgDialect = class {
     const offsetSql = offset ? sql` offset ${offset}` : void 0;
     return sql`${leftChunk}${operatorChunk}${rightChunk}${orderBySql}${limitSql}${offsetSql}`;
   }
-  buildInsertQuery({ table, values: valuesOrSelect, onConflict, returning, withList, select: select2, overridingSystemValue_ }) {
+  buildInsertQuery({ table, values: valuesOrSelect, onConflict, returning, withList, select: select3, overridingSystemValue_ }) {
     const valuesSqlList = [];
     const columns = table[Table.Symbol.Columns];
     const colEntries = Object.entries(columns).filter(([_, col]) => !col.shouldDisableInsert());
     const insertOrder = colEntries.map(
       ([, column]) => sql.identifier(this.casing.getColumnCasing(column))
     );
-    if (select2) {
+    if (select3) {
       const select22 = valuesOrSelect;
       if (is(select22, SQL)) {
         valuesSqlList.push(select22);
@@ -12513,10 +12542,10 @@ var PgSelectBase = class extends PgSelectQueryBuilderBase {
 applyMixins(PgSelectBase, [QueryPromise]);
 function createSetOperator(type, isAll) {
   return (leftSelect, rightSelect, ...restSelects) => {
-    const setOperators = [rightSelect, ...restSelects].map((select2) => ({
+    const setOperators = [rightSelect, ...restSelects].map((select3) => ({
       type,
       isAll,
-      rightSelect: select2
+      rightSelect: select3
     }));
     for (const setOperator of setOperators) {
       if (!haveSameKeys(leftSelect.getSelectedFields(), setOperator.rightSelect.getSelectedFields())) {
@@ -12572,7 +12601,7 @@ var QueryBuilder = class {
   };
   with(...queries) {
     const self = this;
-    function select2(fields) {
+    function select3(fields) {
       return new PgSelectBuilder({
         fields: fields ?? void 0,
         session: void 0,
@@ -12596,7 +12625,7 @@ var QueryBuilder = class {
         distinct: { on }
       });
     }
-    return { select: select2, selectDistinct, selectDistinctOn };
+    return { select: select3, selectDistinct, selectDistinctOn };
   }
   select(fields) {
     return new PgSelectBuilder({
@@ -12785,21 +12814,21 @@ var PgInsertBuilder = class {
     ).setToken(this.authToken);
   }
   select(selectQuery) {
-    const select2 = typeof selectQuery === "function" ? selectQuery(new QueryBuilder()) : selectQuery;
-    if (!is(select2, SQL) && !haveSameKeys(this.table[Columns], select2._.selectedFields)) {
+    const select3 = typeof selectQuery === "function" ? selectQuery(new QueryBuilder()) : selectQuery;
+    if (!is(select3, SQL) && !haveSameKeys(this.table[Columns], select3._.selectedFields)) {
       throw new Error(
         "Insert select error: selected fields are not the same or are in a different order compared to the table definition"
       );
     }
-    return new PgInsertBase(this.table, select2, this.session, this.dialect, this.withList, true);
+    return new PgInsertBase(this.table, select3, this.session, this.dialect, this.withList, true);
   }
 };
 var PgInsertBase = class extends QueryPromise {
-  constructor(table, values2, session2, dialect, withList, select2, overridingSystemValue_) {
+  constructor(table, values2, session2, dialect, withList, select3, overridingSystemValue_) {
     super();
     this.session = session2;
     this.dialect = dialect;
-    this.config = { table, values: values2, withList, select: select2, overridingSystemValue_ };
+    this.config = { table, values: values2, withList, select: select3, overridingSystemValue_ };
   }
   static [entityKind] = "PgInsert";
   config;
@@ -13502,7 +13531,7 @@ var PgDatabase = class {
    */
   with(...queries) {
     const self = this;
-    function select2(fields) {
+    function select3(fields) {
       return new PgSelectBuilder({
         fields: fields ?? void 0,
         session: self.session,
@@ -13537,7 +13566,7 @@ var PgDatabase = class {
     function delete_(table) {
       return new PgDeleteBase(table, self.session, self.dialect, queries);
     }
-    return { select: select2, selectDistinct, selectDistinctOn, update, insert, delete: delete_ };
+    return { select: select3, selectDistinct, selectDistinctOn, update, insert, delete: delete_ };
   }
   select(fields) {
     return new PgSelectBuilder({
@@ -14201,7 +14230,7 @@ var alertRules = pgTable(
   "alert_rules",
   {
     id: uuid("id").defaultRandom().primaryKey(),
-    name: text("name").notNull(),
+    name: text2("name").notNull(),
     type: alertRuleTypeEnum("type").notNull(),
     threshold: jsonb("threshold").$type().notNull(),
     channel: alertChannelEnum("channel").notNull(),
@@ -14226,8 +14255,8 @@ var alertHistory = pgTable(
     id: uuid("id").defaultRandom().primaryKey(),
     alertRuleId: uuid("alert_rule_id").notNull().references(() => alertRules.id),
     payload: jsonb("payload").$type(),
-    deliveryStatus: text("delivery_status").notNull(),
-    error: text("error"),
+    deliveryStatus: text2("delivery_status").notNull(),
+    error: text2("error"),
     ...timestamps
   },
   (table) => [
@@ -14241,12 +14270,12 @@ var apiKeys = pgTable(
   "api_keys",
   {
     id: uuid("id").defaultRandom().primaryKey(),
-    organizationId: text("organization_id"),
-    name: text("name").notNull(),
-    keyPrefix: text("key_prefix").notNull(),
-    keyHash: text("key_hash").notNull().unique(),
+    organizationId: text2("organization_id"),
+    name: text2("name").notNull(),
+    keyPrefix: text2("key_prefix").notNull(),
+    keyHash: text2("key_hash").notNull().unique(),
     scopes: jsonb("scopes").$type().notNull().default(["read"]),
-    createdBy: text("created_by"),
+    createdBy: text2("created_by"),
     lastUsedAt: timestamp("last_used_at", { withTimezone: true }),
     revokedAt: timestamp("revoked_at", { withTimezone: true }),
     expiresAt: timestamp("expires_at", { withTimezone: true }),
@@ -14263,13 +14292,13 @@ var auditLogs = pgTable(
   "audit_logs",
   {
     id: uuid("id").defaultRandom().primaryKey(),
-    actor: text("actor").notNull(),
+    actor: text2("actor").notNull(),
     actorKeyId: uuid("actor_key_id"),
-    action: text("action").notNull(),
-    resource: text("resource").notNull(),
-    resourceId: text("resource_id"),
+    action: text2("action").notNull(),
+    resource: text2("resource").notNull(),
+    resourceId: text2("resource_id"),
     detail: jsonb("detail").$type(),
-    ipAddress: text("ip_address"),
+    ipAddress: text2("ip_address"),
     ...timestamps
   },
   (table) => [
@@ -14281,71 +14310,71 @@ var auditLogs = pgTable(
 
 // ../db/src/schema/auth.ts
 var user = pgTable("user", {
-  id: text("id").primaryKey(),
-  name: text("name").notNull(),
-  email: text("email").notNull().unique(),
+  id: text2("id").primaryKey(),
+  name: text2("name").notNull(),
+  email: text2("email").notNull().unique(),
   emailVerified: boolean("email_verified").notNull().default(false),
-  image: text("image"),
+  image: text2("image"),
   ...timestamps
 });
 var session = pgTable("session", {
-  id: text("id").primaryKey(),
+  id: text2("id").primaryKey(),
   expiresAt: timestamp("expires_at", { withTimezone: true }).notNull(),
-  token: text("token").notNull().unique(),
-  ipAddress: text("ip_address"),
-  userAgent: text("user_agent"),
-  userId: text("user_id").notNull().references(() => user.id, { onDelete: "cascade" }),
-  activeOrganizationId: text("active_organization_id"),
+  token: text2("token").notNull().unique(),
+  ipAddress: text2("ip_address"),
+  userAgent: text2("user_agent"),
+  userId: text2("user_id").notNull().references(() => user.id, { onDelete: "cascade" }),
+  activeOrganizationId: text2("active_organization_id"),
   ...timestamps
 });
 var account = pgTable("account", {
-  id: text("id").primaryKey(),
-  accountId: text("account_id").notNull(),
-  providerId: text("provider_id").notNull(),
-  userId: text("user_id").notNull().references(() => user.id, { onDelete: "cascade" }),
-  accessToken: text("access_token"),
-  refreshToken: text("refresh_token"),
-  idToken: text("id_token"),
+  id: text2("id").primaryKey(),
+  accountId: text2("account_id").notNull(),
+  providerId: text2("provider_id").notNull(),
+  userId: text2("user_id").notNull().references(() => user.id, { onDelete: "cascade" }),
+  accessToken: text2("access_token"),
+  refreshToken: text2("refresh_token"),
+  idToken: text2("id_token"),
   accessTokenExpiresAt: timestamp("access_token_expires_at", {
     withTimezone: true
   }),
   refreshTokenExpiresAt: timestamp("refresh_token_expires_at", {
     withTimezone: true
   }),
-  scope: text("scope"),
-  password: text("password"),
+  scope: text2("scope"),
+  password: text2("password"),
   ...timestamps
 });
 var verification = pgTable("verification", {
-  id: text("id").primaryKey(),
-  identifier: text("identifier").notNull(),
-  value: text("value").notNull(),
+  id: text2("id").primaryKey(),
+  identifier: text2("identifier").notNull(),
+  value: text2("value").notNull(),
   expiresAt: timestamp("expires_at", { withTimezone: true }).notNull(),
   ...timestamps
 });
 var organization = pgTable("organization", {
-  id: text("id").primaryKey(),
-  name: text("name").notNull(),
-  slug: text("slug").unique(),
-  logo: text("logo"),
-  metadata: text("metadata"),
+  id: text2("id").primaryKey(),
+  name: text2("name").notNull(),
+  slug: text2("slug").unique(),
+  logo: text2("logo"),
+  metadata: text2("metadata"),
   ...timestamps
 });
 var member = pgTable("member", {
-  id: text("id").primaryKey(),
-  organizationId: text("organization_id").notNull().references(() => organization.id, { onDelete: "cascade" }),
-  userId: text("user_id").notNull().references(() => user.id, { onDelete: "cascade" }),
-  role: text("role").notNull().default("member"),
+  id: text2("id").primaryKey(),
+  organizationId: text2("organization_id").notNull().references(() => organization.id, { onDelete: "cascade" }),
+  userId: text2("user_id").notNull().references(() => user.id, { onDelete: "cascade" }),
+  role: text2("role").notNull().default("member"),
   ...timestamps
 });
 var invitation = pgTable("invitation", {
-  id: text("id").primaryKey(),
-  organizationId: text("organization_id").notNull().references(() => organization.id, { onDelete: "cascade" }),
-  email: text("email").notNull(),
-  role: text("role"),
-  status: text("status").notNull().default("pending"),
+  id: text2("id").primaryKey(),
+  organizationId: text2("organization_id").notNull().references(() => organization.id, { onDelete: "cascade" }),
+  email: text2("email").notNull(),
+  role: text2("role"),
+  status: text2("status").notNull().default("pending"),
   expiresAt: timestamp("expires_at", { withTimezone: true }).notNull(),
-  inviterId: text("inviter_id").notNull().references(() => user.id, { onDelete: "cascade" }),
+  inviterId: text2("inviter_id").notNull().references(() => user.id, { onDelete: "cascade" }),
   ...timestamps
 });
 
@@ -14354,12 +14383,12 @@ var bucketConfigs = pgTable(
   "bucket_configs",
   {
     id: uuid("id").defaultRandom().primaryKey(),
-    bucketId: text("bucket_id").notNull(),
+    bucketId: text2("bucket_id").notNull(),
     enabled: boolean("enabled").notNull().default(true),
     // Stable hash of the normalized ConditionEval, written at boot. Diffed on the
     // next boot to detect a CRITERIA CHANGE and enqueue the re-evaluation job
     // (Section 6.6 B). Nullable until the first registration.
-    criteriaHash: text("criteria_hash"),
+    criteriaHash: text2("criteria_hash"),
     ...timestamps
   },
   (table) => [uniqueIndex("bucket_configs_bucket_id_idx").on(table.bucketId)]
@@ -14371,13 +14400,13 @@ var bucketMemberships = pgTable(
   {
     id: uuid("id").defaultRandom().primaryKey(),
     // multi-tenant insurance (nullable today, NOT in the unique key — see note)
-    organizationId: text("organization_id"),
+    organizationId: text2("organization_id"),
     // logical join to contacts.externalId — NO FK (matches userEvents /
     // journeyStates; membership rows can predate a contacts row).
-    userId: text("user_id").notNull(),
-    userEmail: text("user_email"),
+    userId: text2("user_id").notNull(),
+    userEmail: text2("user_email"),
     // denormalized so emitted events carry it
-    bucketId: text("bucket_id").notNull(),
+    bucketId: text2("bucket_id").notNull(),
     status: bucketMembershipStatusEnum("status").notNull().default("active"),
     enteredAt: timestamp("entered_at", { withTimezone: true }).defaultNow().notNull(),
     leftAt: timestamp("left_at", { withTimezone: true }),
@@ -14390,7 +14419,7 @@ var bucketMemberships = pgTable(
     maxDwellAt: timestamp("max_dwell_at", { withTimezone: true }),
     lastEvaluatedAt: timestamp("last_evaluated_at", { withTimezone: true }),
     entryCount: integer("entry_count").notNull().default(1),
-    source: text("source"),
+    source: text2("source"),
     // "event" | "reconcile" | "backfill" | "manual"
     context: jsonb("context").$type().default({}),
     // Per-membership dwell bookkeeping. JSON map keyed by dwellLabel → ISO of
@@ -14458,18 +14487,18 @@ var campaigns = pgTable(
   "campaigns",
   {
     id: uuid("id").defaultRandom().primaryKey(),
-    organizationId: text("organization_id"),
-    name: text("name").notNull(),
+    organizationId: text2("organization_id"),
+    name: text2("name").notNull(),
     // queued | sending | sent | failed
-    status: text("status").notNull().default("queued"),
+    status: text2("status").notNull().default("queued"),
     // "list" | "bucket"
-    audienceKind: text("audience_kind").notNull(),
+    audienceKind: text2("audience_kind").notNull(),
     // the list id (ListRegistry) or bucket id (BucketRegistry)
-    audienceId: text("audience_id").notNull(),
-    templateKey: text("template_key").notNull(),
+    audienceId: text2("audience_id").notNull(),
+    templateKey: text2("template_key").notNull(),
     props: jsonb("props").$type().default({}),
-    fromEmail: text("from_email"),
-    subject: text("subject"),
+    fromEmail: text2("from_email"),
+    subject: text2("subject"),
     /**
      * Optional client-supplied idempotency key (POST /v1/campaigns
      * `Idempotency-Key` header / body field). A retried create with the same key
@@ -14478,7 +14507,7 @@ var campaigns = pgTable(
      * idempotency key, double-sending the blast). Uniqueness is enforced by the
      * partial-unique index below (NULL keys are unconstrained).
      */
-    idempotencyKey: text("idempotency_key"),
+    idempotencyKey: text2("idempotency_key"),
     totalRecipients: integer("total_recipients").notNull().default(0),
     sentCount: integer("sent_count").notNull().default(0),
     skippedCount: integer("skipped_count").notNull().default(0),
@@ -14502,7 +14531,7 @@ var contacts = pgTable(
   "contacts",
   {
     id: uuid("id").defaultRandom().primaryKey(),
-    organizationId: text("organization_id"),
+    organizationId: text2("organization_id"),
     /**
      * Stable external/distinct id (= the `user_id` text key joined by every
      * contact-referencing table). NULLABLE since D1: contacts can be email-only
@@ -14511,21 +14540,21 @@ var contacts = pgTable(
      * — a soft-deleted loser row must be able to keep its stale external_id
      * until a merge re-points it.
      */
-    externalId: text("external_id"),
-    email: text("email"),
+    externalId: text2("external_id"),
+    email: text2("email"),
     /**
      * Stable anonymous/distinct id for the future anonymous→identified path.
      * NULLABLE. Like external_id, uniqueness is enforced by a partial-unique
      * index scoped to live, non-deleted rows.
      */
-    anonymousId: text("anonymous_id"),
+    anonymousId: text2("anonymous_id"),
     /**
      * Opportunistic IANA-timezone cache (e.g. "America/New_York"). Populated
      * best-effort when a tz is resolved from PostHog person props. PostHog and
      * `properties` jsonb remain authoritative sources — this column sits below
      * them in the resolution precedence, so nothing is blocked on it.
      */
-    timezone: text("timezone"),
+    timezone: text2("timezone"),
     properties: jsonb("properties").$type().default({}),
     firstSeenAt: timestamp("first_seen_at", { withTimezone: true }).defaultNow().notNull(),
     lastSeenAt: timestamp("last_seen_at", { withTimezone: true }).defaultNow().notNull(),
@@ -14556,15 +14585,15 @@ var contactAliases = pgTable(
     // The SURVIVOR a stale key resolves TO.
     contactId: uuid("contact_id").notNull().references(() => contacts.id, { onDelete: "cascade" }),
     // 'email' | 'external' | 'anonymous'
-    aliasKind: text("alias_kind").notNull(),
+    aliasKind: text2("alias_kind").notNull(),
     // The stale key value (the loser's old external_id / normalized email /
     // anonymous_id).
-    aliasValue: text("alias_value").notNull(),
+    aliasValue: text2("alias_value").notNull(),
     // Provenance: the loser contact id this alias came from (nullable — a
     // 'promote' alias may have no distinct loser row).
     fromContactId: uuid("from_contact_id"),
     // 'merge' | 'promote'
-    reason: text("reason").notNull(),
+    reason: text2("reason").notNull(),
     ...timestamps
   },
   (table) => [
@@ -14582,10 +14611,10 @@ var deadLetterQueue = pgTable(
   "dead_letter_queue",
   {
     id: uuid("id").defaultRandom().primaryKey(),
-    source: text("source").notNull(),
-    sourceId: text("source_id"),
+    source: text2("source").notNull(),
+    sourceId: text2("source_id"),
     payload: jsonb("payload").$type().notNull(),
-    error: text("error").notNull(),
+    error: text2("error").notNull(),
     retryCount: integer("retry_count").notNull().default(0),
     status: dlqStatusEnum("status").notNull().default("pending"),
     retriedAt: timestamp("retried_at", { withTimezone: true }),
@@ -14603,8 +14632,8 @@ var emailPreferences = pgTable(
   "email_preferences",
   {
     id: uuid("id").defaultRandom().primaryKey(),
-    userId: text("user_id").notNull(),
-    email: text("email").notNull(),
+    userId: text2("user_id").notNull(),
+    email: text2("email").notNull(),
     unsubscribedAll: boolean("unsubscribed_all").notNull().default(false),
     suppressed: boolean("suppressed").notNull().default(false),
     bounceCount: integer("bounce_count").notNull().default(0),
@@ -14626,15 +14655,15 @@ var journeyStates = pgTable(
   "journey_states",
   {
     id: uuid("id").defaultRandom().primaryKey(),
-    organizationId: text("organization_id"),
-    userId: text("user_id").notNull(),
-    userEmail: text("user_email").notNull(),
-    journeyId: text("journey_id").notNull(),
-    currentNodeId: text("current_node_id").notNull(),
+    organizationId: text2("organization_id"),
+    userId: text2("user_id").notNull(),
+    userEmail: text2("user_email").notNull(),
+    journeyId: text2("journey_id").notNull(),
+    currentNodeId: text2("current_node_id").notNull(),
     status: journeyStatusEnum("status").notNull().default("active"),
-    hatchetRunId: text("hatchet_run_id"),
+    hatchetRunId: text2("hatchet_run_id"),
     context: jsonb("context").$type().default({}),
-    errorMessage: text("error_message"),
+    errorMessage: text2("error_message"),
     entryCount: integer("entry_count").notNull().default(1),
     completedAt: timestamp("completed_at", { withTimezone: true }),
     exitedAt: timestamp("exited_at", { withTimezone: true }),
@@ -14672,19 +14701,19 @@ var emailSends = pgTable(
   "email_sends",
   {
     id: uuid("id").defaultRandom().primaryKey(),
-    organizationId: text("organization_id"),
+    organizationId: text2("organization_id"),
     journeyStateId: uuid("journey_state_id").references(() => journeyStates.id),
     // Denormalized recipient identity, set at send time. Lets reporting attribute
     // a send to a contact without joining journey_states, and captures journeyless
     // (raw/batch) sends that have no journey linkage. Both nullable.
-    userId: text("user_id"),
-    userEmail: text("user_email"),
-    templateKey: text("template_key"),
-    messageId: text("message_id"),
-    fromEmail: text("from_email").notNull(),
-    toEmail: text("to_email").notNull(),
-    subject: text("subject").notNull(),
-    category: text("category"),
+    userId: text2("user_id"),
+    userEmail: text2("user_email"),
+    templateKey: text2("template_key"),
+    messageId: text2("message_id"),
+    fromEmail: text2("from_email").notNull(),
+    toEmail: text2("to_email").notNull(),
+    subject: text2("subject").notNull(),
+    category: text2("category"),
     status: emailSendStatusEnum("status").notNull().default("queued"),
     sentAt: timestamp("sent_at", { withTimezone: true }),
     deliveredAt: timestamp("delivered_at", { withTimezone: true }),
@@ -14693,13 +14722,13 @@ var emailSends = pgTable(
     bouncedAt: timestamp("bounced_at", { withTimezone: true }),
     complainedAt: timestamp("complained_at", { withTimezone: true }),
     // Bounce classification from the Resend webhook (hard/soft/transient + reason).
-    bounceType: text("bounce_type"),
-    bounceReason: text("bounce_reason"),
+    bounceType: text2("bounce_type"),
+    bounceReason: text2("bounce_reason"),
     // Caller-supplied idempotency key (POST /v1/emails). A retry with the same
     // key short-circuits to the prior send instead of dispatching a duplicate —
     // mirrors the user_events idempotency pattern. Nullable: journey/system sends
     // don't set it.
-    idempotencyKey: text("idempotency_key"),
+    idempotencyKey: text2("idempotency_key"),
     // Free-form per-send annotations. Set ONLY by test-mode redirected sends
     // today — `{ testMode: true, originalTo: <real recipient> }` — so Studio can
     // flag a TEST row and show who the mail was REALLY for. Nullable: normal
@@ -14735,8 +14764,8 @@ var importJobs = pgTable(
   "import_jobs",
   {
     id: uuid("id").defaultRandom().primaryKey(),
-    fileName: text("file_name"),
-    format: text("format").notNull(),
+    fileName: text2("file_name"),
+    format: text2("format").notNull(),
     status: importJobStatusEnum("status").notNull().default("pending"),
     totalRows: integer("total_rows"),
     processedRows: integer("processed_rows").notNull().default(0),
@@ -14752,7 +14781,7 @@ var journeyConfigs = pgTable(
   "journey_configs",
   {
     id: uuid("id").defaultRandom().primaryKey(),
-    journeyId: text("journey_id").notNull(),
+    journeyId: text2("journey_id").notNull(),
     enabled: boolean("enabled").notNull().default(true),
     ...timestamps
   },
@@ -14767,9 +14796,9 @@ var journeyLogs = pgTable(
   {
     id: uuid("id").defaultRandom().primaryKey(),
     journeyStateId: uuid("journey_state_id").notNull().references(() => journeyStates.id, { onDelete: "cascade" }),
-    fromNodeId: text("from_node_id"),
-    toNodeId: text("to_node_id"),
-    action: text("action").notNull(),
+    fromNodeId: text2("from_node_id"),
+    toNodeId: text2("to_node_id"),
+    action: text2("action").notNull(),
     detail: jsonb("detail").$type(),
     ...timestamps
   },
@@ -14784,12 +14813,12 @@ var trackedLinks = pgTable(
   {
     id: uuid("id").defaultRandom().primaryKey(),
     emailSendId: uuid("email_send_id").notNull().references(() => emailSends.id, { onDelete: "cascade" }),
-    originalUrl: text("original_url").notNull(),
+    originalUrl: text2("original_url").notNull(),
     clickCount: integer("click_count").notNull().default(0),
     // Semantic link metadata, lifted from the template's data-hs-* attributes
     // at send time. NULL for plain tracked links. `event` is the consumer event
     // name emitted at click time; `eventProperties` its scalar payload.
-    event: text("event"),
+    event: text2("event"),
     eventProperties: jsonb("event_properties").$type(),
     // Set exactly once by the click route when the semantic event is emitted —
     // the per-link emit-once gate today, and the provisional-then-confirm
@@ -14808,8 +14837,8 @@ var linkClicks = pgTable(
   {
     id: uuid("id").defaultRandom().primaryKey(),
     trackedLinkId: uuid("tracked_link_id").notNull().references(() => trackedLinks.id, { onDelete: "cascade" }),
-    ipAddress: text("ip_address"),
-    userAgent: text("user_agent"),
+    ipAddress: text2("ip_address"),
+    userAgent: text2("user_agent"),
     clickedAt: timestamp("clicked_at", { withTimezone: true }).defaultNow().notNull()
   },
   (table) => [
@@ -14825,11 +14854,11 @@ var providerCredentials = pgTable(
     id: uuid("id").defaultRandom().primaryKey(),
     // e.g. "posthog" — matches an AnalyticsProvider meta.id by convention,
     // but deliberately NOT foreign-keyed: providers are code-defined.
-    providerId: text("provider_id").notNull(),
+    providerId: text2("provider_id").notNull(),
     // "oauth" today; "api_key" is the anticipated future kind.
-    kind: text("kind").notNull().default("oauth"),
+    kind: text2("kind").notNull().default("oauth"),
     // Encrypted JSON: base64url(iv || ciphertext || gcmTag).
-    payload: text("payload").notNull(),
+    payload: text2("payload").notNull(),
     ...timestamps
   },
   (table) => [
@@ -14847,11 +14876,11 @@ var userEvents = pgTable(
   "user_events",
   {
     id: uuid("id").defaultRandom().primaryKey(),
-    organizationId: text("organization_id"),
-    userId: text("user_id").notNull(),
-    event: text("event").notNull(),
+    organizationId: text2("organization_id"),
+    userId: text2("user_id").notNull(),
+    event: text2("event").notNull(),
     properties: jsonb("properties").$type(),
-    idempotencyKey: text("idempotency_key"),
+    idempotencyKey: text2("idempotency_key"),
     occurredAt: timestamp("occurred_at", { withTimezone: true }).defaultNow().notNull()
   },
   (table) => [
@@ -14872,15 +14901,15 @@ var webhookEndpoints = pgTable(
   "webhook_endpoints",
   {
     id: uuid("id").defaultRandom().primaryKey(),
-    organizationId: text("organization_id"),
-    url: text("url").notNull(),
-    description: text("description"),
+    organizationId: text2("organization_id"),
+    url: text2("url").notNull(),
+    description: text2("description"),
     // The delivery adapter selector. "webhook" (the default) is the signed
     // Standard-Webhooks POST that existing subscribers receive — byte-identical
     // to before this column existed. Any other value (e.g. "posthog") selects a
     // delivery-time TRANSFORM adapter that reuses the same durable delivery
     // machinery but rewrites url/headers/body for a vendor destination.
-    kind: text("kind").notNull().default("webhook"),
+    kind: text2("kind").notNull().default("webhook"),
     // Per-destination configuration for keyed adapters (e.g. PostHog's
     // `{ apiKey, host }`). Null for `kind="webhook"` (it reads `secret` instead).
     // Keyed destinations keep their credentials HERE, not in a fake `whsec_`.
@@ -14889,9 +14918,9 @@ var webhookEndpoints = pgTable(
     // Nullable: only `kind="webhook"` carries a signing secret; keyed
     // destinations authenticate via `config` and the webhook adapter is the only
     // reader of this column.
-    secret: text("secret"),
+    secret: text2("secret"),
     // e.g. "whsec_AbCd" — safe to show on list/get. Nullable alongside `secret`.
-    secretPrefix: text("secret_prefix"),
+    secretPrefix: text2("secret_prefix"),
     eventTypes: jsonb("event_types").$type().notNull().default([]),
     disabled: boolean("disabled").notNull().default(false),
     // written by the delivery task on a successful (2xx) delivery.
@@ -14912,13 +14941,13 @@ var webhookDeliveries = pgTable(
     id: uuid("id").defaultRandom().primaryKey(),
     endpointId: uuid("endpoint_id").notNull().references(() => webhookEndpoints.id, { onDelete: "cascade" }),
     // denormalized, nullable (MT deferred).
-    organizationId: text("organization_id"),
+    organizationId: text2("organization_id"),
     // == Webhook-Id header; ONE per logical event, shared across endpoints +
     // reused across retries.
-    webhookId: text("webhook_id").notNull(),
-    eventType: text("event_type").notNull(),
+    webhookId: text2("webhook_id").notNull(),
+    eventType: text2("event_type").notNull(),
     // producer-side dedup (idempotencyKey/stateId/emailSendId/...).
-    dedupeKey: text("dedupe_key"),
+    dedupeKey: text2("dedupe_key"),
     // the EXACT signed envelope { id, type, timestamp, data }.
     payload: jsonb("payload").$type().notNull(),
     status: webhookDeliveryStatusEnum("status").notNull().default("pending"),
@@ -14927,9 +14956,9 @@ var webhookDeliveries = pgTable(
     lastAttemptAt: timestamp("last_attempt_at", { withTimezone: true }),
     responseStatus: integer("response_status"),
     // truncated to ≤1KB in app.
-    responseBodySnippet: text("response_body_snippet"),
+    responseBodySnippet: text2("response_body_snippet"),
     deliveredAt: timestamp("delivered_at", { withTimezone: true }),
-    lastError: text("last_error"),
+    lastError: text2("last_error"),
     ...timestamps
   },
   (table) => [
@@ -15386,7 +15415,7 @@ async function resolveEmail(ctx, flags, defaultEmail) {
     ctx.out.fail("--email is required (no TTY to prompt).");
   }
   const value = bail(
-    await text2({
+    await text3({
       message: "Admin email",
       placeholder: defaultEmail ?? "admin@example.com",
       initialValue: defaultEmail,