@primitivedotdev/cli 0.30.3 → 0.31.1

package/dist/oclif/index.js

@@ -1478,9 +1478,8 @@ const getSentEmail = (options) => (options.client ?? client).get({
 * List functions
 *
 * Returns every active (non-deleted) function in the org, newest
-* first. Each entry carries the deploy status and the gateway URL
-* that the platform's webhook delivery loop posts to. To inspect
-* the source code or deploy errors, use `GET /functions/{id}`.
+* first. Each entry carries deploy status and timestamps. To
+* inspect the source code or deploy errors, use `GET /functions/{id}`.
 *
 */
 const listFunctions = (options) => (options?.client ?? client).get({
@@ -1496,13 +1495,14 @@ const listFunctions = (options) => (options?.client ?? client).get({
 *
 * Creates and deploys a new function. The handler must be a single
 * ESM module whose default export is an object with an async
-* `fetch(request, env)` method (Workers-style). The gateway
-* HMAC-verifies the POST against the org's webhook secret before
-* invoking the handler; the request body parses to an
-* `email.received` event (see `EmailReceivedEvent` and the
-* Webhook payload section for the full schema). Code is bundled
-* before being uploaded; ship a single self-contained file rather
-* than relying on external imports.
+* `fetch(request, env)` method (Workers-style). Primitive signs
+* each delivery and forwards the `Primitive-Signature` header to
+* the handler. Verify the raw request body with
+* `PRIMITIVE_WEBHOOK_SECRET` before parsing JSON; after verification
+* the request body parses to an `email.received` event (see
+* `EmailReceivedEvent` and the Webhook payload section for the full
+* schema). Code is bundled before being uploaded; ship a single
+* self-contained file rather than relying on external imports.
 *
 * **Code limits.** `code` is capped at 1 MiB UTF-8. `sourceMap`
 * (optional) is capped at 5 MiB UTF-8, stored with each deployment
@@ -1512,12 +1512,12 @@ const listFunctions = (options) => (options?.client ?? client).get({
 * **Auto-wiring.** On successful deploy, Primitive automatically
 * creates a webhook endpoint that delivers inbound mail to the
 * function. There is nothing to configure on the Endpoints API
-* for this to work; the gateway URL returned here is for
-* reference only and is not directly callable from outside.
+* for this to work; the internal runtime URL is not returned by
+* the API and is not a customer-facing integration surface.
 *
 * **Secrets.** New functions ship with the managed secrets
-* (`PRIMITIVE_WEBHOOK_SECRET`, `PRIMITIVE_API_KEY`) already
-* bound. Add user-set secrets via
+* (`PRIMITIVE_WEBHOOK_SECRET`, `PRIMITIVE_API_KEY`,
+* `PRIMITIVE_API_BASE_URL`) already bound. Add user-set secrets via
 * `POST /functions/{id}/secrets`; secret writes only land in the
 * running handler on the next redeploy.
 *
@@ -1663,9 +1663,9 @@ const getFunctionTestRunTrace = (options) => (options.client ?? client).get({
 * never returned.** Secret writes are write-only.
 *
 * Managed entries (e.g. `PRIMITIVE_WEBHOOK_SECRET`,
-* `PRIMITIVE_API_KEY`) carry a `description` instead of
-* `created_at` / `updated_at`. They cannot be created, updated,
-* or deleted via this API.
+* `PRIMITIVE_API_KEY`, `PRIMITIVE_API_BASE_URL`) carry a
+* `description` instead of `created_at` / `updated_at`. They
+* cannot be created, updated, or deleted via this API.
 *
 */
 const listFunctionSecrets = (options) => (options.client ?? client).get({
@@ -1831,7 +1831,7 @@ const openapiDocument = {
 		},
 		{
 			"name": "Functions",
-			"description": "Deploy JavaScript handlers that run on inbound mail. Each function\nis a single ESM module whose default export is an object with an\nasync `fetch(request, env)` method, in the shape of a Workers-style\nhandler. The gateway HMAC-verifies the inbound POST against the\norg's webhook secret before invoking `fetch`; the request body\nparses to an `email.received` event (see `EmailReceivedEvent` and\nthe Webhook payload section for the full schema). Code runs on\nPrimitive's edge runtime; there is no infrastructure to manage.\nSecrets land in `env` as encrypted bindings and are refreshed on\nevery redeploy.\n"
+			"description": "Deploy JavaScript handlers that run on inbound mail. Each function\nis a single ESM module whose default export is an object with an\nasync `fetch(request, env)` method, in the shape of a Workers-style\nhandler. Primitive signs each delivery and forwards the\n`Primitive-Signature` header to the handler; verify the raw request\nbody with `PRIMITIVE_WEBHOOK_SECRET` before trusting the parsed\n`email.received` event (see `EmailReceivedEvent` and the Webhook\npayload section for the full schema). Code runs on\nPrimitive's edge runtime; there is no infrastructure to manage.\nSecrets land in `env` as encrypted bindings and are refreshed on\nevery redeploy.\n"
 		}
 	],
 	"paths": {
@@ -2413,6 +2413,15 @@ const openapiDocument = {
 					},
 					"description": "Filter by domain ID."
 				},
+				{
+					"name": "reply_to_sent_email_id",
+					"in": "query",
+					"schema": {
+						"type": "string",
+						"format": "uuid"
+					},
+					"description": "Filter to inbound emails that are replies to a specific\noutbound send. The value is a `sent_emails.id` (UUID). At\ninbound ingest, Primitive matches the parsed In-Reply-To\nheader (or References as a fallback) against\n`sent_emails.message_id` in the same org and records the\nresolved id on `emails.reply_to_sent_email_id`. This filter\nis the strict-threading lookup behind `primitive chat` and\nany UI that wants to show the inbound reply to a given\nsend. NULL on inbound that isn't a threaded reply to one\nof your sends, so existing emails received before this\ningestion landed will not match.\n"
+				},
 				{
 					"name": "status",
 					"in": "query",
@@ -3162,7 +3171,7 @@ const openapiDocument = {
 			"get": {
 				"operationId": "listFunctions",
 				"summary": "List functions",
-				"description": "Returns every active (non-deleted) function in the org, newest\nfirst. Each entry carries the deploy status and the gateway URL\nthat the platform's webhook delivery loop posts to. To inspect\nthe source code or deploy errors, use `GET /functions/{id}`.\n",
+				"description": "Returns every active (non-deleted) function in the org, newest\nfirst. Each entry carries deploy status and timestamps. To\ninspect the source code or deploy errors, use `GET /functions/{id}`.\n",
 				"tags": ["Functions"],
 				"responses": {
 					"200": {
@@ -3181,7 +3190,7 @@ const openapiDocument = {
 			"post": {
 				"operationId": "createFunction",
 				"summary": "Deploy a function",
-				"description": "Creates and deploys a new function. The handler must be a single\nESM module whose default export is an object with an async\n`fetch(request, env)` method (Workers-style). The gateway\nHMAC-verifies the POST against the org's webhook secret before\ninvoking the handler; the request body parses to an\n`email.received` event (see `EmailReceivedEvent` and the\nWebhook payload section for the full schema). Code is bundled\nbefore being uploaded; ship a single self-contained file rather\nthan relying on external imports.\n\n**Code limits.** `code` is capped at 1 MiB UTF-8. `sourceMap`\n(optional) is capped at 5 MiB UTF-8, stored with each deployment\nattempt, and sent to the runtime so stack traces can resolve to\noriginal source files.\n\n**Auto-wiring.** On successful deploy, Primitive automatically\ncreates a webhook endpoint that delivers inbound mail to the\nfunction. There is nothing to configure on the Endpoints API\nfor this to work; the gateway URL returned here is for\nreference only and is not directly callable from outside.\n\n**Secrets.** New functions ship with the managed secrets\n(`PRIMITIVE_WEBHOOK_SECRET`, `PRIMITIVE_API_KEY`) already\nbound. Add user-set secrets via\n`POST /functions/{id}/secrets`; secret writes only land in the\nrunning handler on the next redeploy.\n",
+				"description": "Creates and deploys a new function. The handler must be a single\nESM module whose default export is an object with an async\n`fetch(request, env)` method (Workers-style). Primitive signs\neach delivery and forwards the `Primitive-Signature` header to\nthe handler. Verify the raw request body with\n`PRIMITIVE_WEBHOOK_SECRET` before parsing JSON; after verification\nthe request body parses to an `email.received` event (see\n`EmailReceivedEvent` and the Webhook payload section for the full\nschema). Code is bundled before being uploaded; ship a single\nself-contained file rather than relying on external imports.\n\n**Code limits.** `code` is capped at 1 MiB UTF-8. `sourceMap`\n(optional) is capped at 5 MiB UTF-8, stored with each deployment\nattempt, and sent to the runtime so stack traces can resolve to\noriginal source files.\n\n**Auto-wiring.** On successful deploy, Primitive automatically\ncreates a webhook endpoint that delivers inbound mail to the\nfunction. There is nothing to configure on the Endpoints API\nfor this to work; the internal runtime URL is not returned by\nthe API and is not a customer-facing integration surface.\n\n**Secrets.** New functions ship with the managed secrets\n(`PRIMITIVE_WEBHOOK_SECRET`, `PRIMITIVE_API_KEY`,\n`PRIMITIVE_API_BASE_URL`) already bound. Add user-set secrets via\n`POST /functions/{id}/secrets`; secret writes only land in the\nrunning handler on the next redeploy.\n",
 				"tags": ["Functions"],
 				"requestBody": {
 					"required": true,
@@ -3350,7 +3359,7 @@ const openapiDocument = {
 			"get": {
 				"operationId": "listFunctionSecrets",
 				"summary": "List a function's secrets",
-				"description": "Returns metadata for every secret bound to the function, with\nmanaged entries (provisioned by Primitive) listed first and\nuser-set entries listed alphabetically after. **Values are\nnever returned.** Secret writes are write-only.\n\nManaged entries (e.g. `PRIMITIVE_WEBHOOK_SECRET`,\n`PRIMITIVE_API_KEY`) carry a `description` instead of\n`created_at` / `updated_at`. They cannot be created, updated,\nor deleted via this API.\n",
+				"description": "Returns metadata for every secret bound to the function, with\nmanaged entries (provisioned by Primitive) listed first and\nuser-set entries listed alphabetically after. **Values are\nnever returned.** Secret writes are write-only.\n\nManaged entries (e.g. `PRIMITIVE_WEBHOOK_SECRET`,\n`PRIMITIVE_API_KEY`, `PRIMITIVE_API_BASE_URL`) carry a\n`description` instead of `created_at` / `updated_at`. They\ncannot be created, updated, or deleted via this API.\n",
 				"tags": ["Functions"],
 				"responses": {
 					"200": {
@@ -4666,6 +4675,11 @@ const openapiDocument = {
 						"type": "array",
 						"description": "Sent emails recorded as replies to this inbound, in send\norder (ascending). Populated when a customer's send-mail\nrequest carries an `in_reply_to` Message-ID that matches\nthis inbound's `message_id` in the same org. Includes\nattempts that were gate-denied, so the array reflects every\nrecorded reply attempt regardless of outcome.\n",
 						"items": { "$ref": "#/components/schemas/EmailDetailReply" }
+					},
+					"reply_to_sent_email_id": {
+						"type": ["string", "null"],
+						"format": "uuid",
+						"description": "The `sent_emails.id` of the outbound this inbound was a\nreply to, when resolvable. Set at inbound ingest by\nmatching the parsed In-Reply-To (or References, as a\nfallback) against `sent_emails.message_id` in the same\norg. The mirror of `sent_emails.in_reply_to_email_id` for\nthe inbound side of a thread. NULL when the inbound is\nnot a threaded reply to one of your sends, when neither\nheader survived the path through intermediate MTAs, or on\ninbound received before this auto-link landed.\n"
 					}
 				},
 				"required": [
@@ -5511,11 +5525,6 @@ const openapiDocument = {
 						"format": "date-time",
 						"description": "Timestamp of the most recent successful deploy. Null until the first deploy succeeds."
 					},
-					"gateway_url": {
-						"type": "string",
-						"format": "uri",
-						"description": "URL the platform's webhook delivery loop posts to in order\nto invoke the function. Reference only; not directly\ncallable from outside.\n"
-					},
 					"created_at": {
 						"type": "string",
 						"format": "date-time"
@@ -5529,7 +5538,6 @@ const openapiDocument = {
 					"id",
 					"name",
 					"deploy_status",
-					"gateway_url",
 					"created_at",
 					"updated_at"
 				]
@@ -5556,10 +5564,6 @@ const openapiDocument = {
 						"type": ["string", "null"],
 						"format": "date-time"
 					},
-					"gateway_url": {
-						"type": "string",
-						"format": "uri"
-					},
 					"created_at": {
 						"type": "string",
 						"format": "date-time"
@@ -5574,7 +5578,6 @@ const openapiDocument = {
 					"name",
 					"code",
 					"deploy_status",
-					"gateway_url",
 					"created_at",
 					"updated_at"
 				]
@@ -5612,17 +5615,12 @@ const openapiDocument = {
 						"format": "uuid"
 					},
 					"name": { "type": "string" },
-					"deploy_status": { "$ref": "#/components/schemas/FunctionDeployStatus" },
-					"gateway_url": {
-						"type": "string",
-						"format": "uri"
-					}
+					"deploy_status": { "$ref": "#/components/schemas/FunctionDeployStatus" }
 				},
 				"required": [
 					"id",
 					"name",
-					"deploy_status",
-					"gateway_url"
+					"deploy_status"
 				]
 			},
 			"UpdateFunctionInput": {
@@ -6098,7 +6096,7 @@ const openapiDocument = {
 					"key": {
 						"type": "string",
 						"pattern": "^[A-Z_][A-Z0-9_]*$",
-						"description": "Uppercase letters, digits, and underscores. Must start with\na letter or underscore. System-managed keys (e.g.\nPRIMITIVE_WEBHOOK_SECRET) are reserved.\n"
+						"description": "Uppercase letters, digits, and underscores. Must start with\na letter or underscore. System-managed keys (e.g.\nPRIMITIVE_WEBHOOK_SECRET, PRIMITIVE_API_KEY, and\nPRIMITIVE_API_BASE_URL) are reserved.\n"
 					},
 					"value": {
 						"type": "string",
@@ -7336,6 +7334,11 @@ const operationManifest = [
 							"created_at"
 						]
 					}
+				},
+				"reply_to_sent_email_id": {
+					"type": ["string", "null"],
+					"format": "uuid",
+					"description": "The `sent_emails.id` of the outbound this inbound was a\nreply to, when resolvable. Set at inbound ingest by\nmatching the parsed In-Reply-To (or References, as a\nfallback) against `sent_emails.message_id` in the same\norg. The mirror of `sent_emails.in_reply_to_email_id` for\nthe inbound side of a thread. NULL when the inbound is\nnot a threaded reply to one of your sends, when neither\nheader survived the path through intermediate MTAs, or on\ninbound received before this auto-link landed.\n"
 				}
 			},
 			"required": [
@@ -7588,6 +7591,13 @@ const operationManifest = [
 				"required": false,
 				"type": "string"
 			},
+			{
+				"description": "Filter to inbound emails that are replies to a specific\noutbound send. The value is a `sent_emails.id` (UUID). At\ninbound ingest, Primitive matches the parsed In-Reply-To\nheader (or References as a fallback) against\n`sent_emails.message_id` in the same org and records the\nresolved id on `emails.reply_to_sent_email_id`. This filter\nis the strict-threading lookup behind `primitive chat` and\nany UI that wants to show the inbound reply to a given\nsend. NULL on inbound that isn't a threaded reply to one\nof your sends, so existing emails received before this\ningestion landed will not match.\n",
+				"enum": null,
+				"name": "reply_to_sent_email_id",
+				"required": false,
+				"type": "string"
+			},
 			{
 				"description": "Filter by inbound email lifecycle status.",
 				"enum": null,
@@ -8411,7 +8421,7 @@ const operationManifest = [
 		"binaryResponse": false,
 		"bodyRequired": true,
 		"command": "create-function",
-		"description": "Creates and deploys a new function. The handler must be a single\nESM module whose default export is an object with an async\n`fetch(request, env)` method (Workers-style). The gateway\nHMAC-verifies the POST against the org's webhook secret before\ninvoking the handler; the request body parses to an\n`email.received` event (see `EmailReceivedEvent` and the\nWebhook payload section for the full schema). Code is bundled\nbefore being uploaded; ship a single self-contained file rather\nthan relying on external imports.\n\n**Code limits.** `code` is capped at 1 MiB UTF-8. `sourceMap`\n(optional) is capped at 5 MiB UTF-8, stored with each deployment\nattempt, and sent to the runtime so stack traces can resolve to\noriginal source files.\n\n**Auto-wiring.** On successful deploy, Primitive automatically\ncreates a webhook endpoint that delivers inbound mail to the\nfunction. There is nothing to configure on the Endpoints API\nfor this to work; the gateway URL returned here is for\nreference only and is not directly callable from outside.\n\n**Secrets.** New functions ship with the managed secrets\n(`PRIMITIVE_WEBHOOK_SECRET`, `PRIMITIVE_API_KEY`) already\nbound. Add user-set secrets via\n`POST /functions/{id}/secrets`; secret writes only land in the\nrunning handler on the next redeploy.\n",
+		"description": "Creates and deploys a new function. The handler must be a single\nESM module whose default export is an object with an async\n`fetch(request, env)` method (Workers-style). Primitive signs\neach delivery and forwards the `Primitive-Signature` header to\nthe handler. Verify the raw request body with\n`PRIMITIVE_WEBHOOK_SECRET` before parsing JSON; after verification\nthe request body parses to an `email.received` event (see\n`EmailReceivedEvent` and the Webhook payload section for the full\nschema). Code is bundled before being uploaded; ship a single\nself-contained file rather than relying on external imports.\n\n**Code limits.** `code` is capped at 1 MiB UTF-8. `sourceMap`\n(optional) is capped at 5 MiB UTF-8, stored with each deployment\nattempt, and sent to the runtime so stack traces can resolve to\noriginal source files.\n\n**Auto-wiring.** On successful deploy, Primitive automatically\ncreates a webhook endpoint that delivers inbound mail to the\nfunction. There is nothing to configure on the Endpoints API\nfor this to work; the internal runtime URL is not returned by\nthe API and is not a customer-facing integration surface.\n\n**Secrets.** New functions ship with the managed secrets\n(`PRIMITIVE_WEBHOOK_SECRET`, `PRIMITIVE_API_KEY`,\n`PRIMITIVE_API_BASE_URL`) already bound. Add user-set secrets via\n`POST /functions/{id}/secrets`; secret writes only land in the\nrunning handler on the next redeploy.\n",
 		"hasJsonBody": true,
 		"method": "POST",
 		"operationId": "createFunction",
@@ -8459,17 +8469,12 @@ const operationManifest = [
 						"failed"
 					],
 					"description": "Lifecycle state of the latest deploy attempt:\n  * `pending` — deploy in flight; the runtime has not yet\n    confirmed the new bundle is live.\n  * `deployed` — the running edge handler is the latest code.\n  * `failed` — the most recent deploy attempt failed; the\n    previously-live code (if any) is still running. The\n    `deploy_error` field carries the error message.\n"
-				},
-				"gateway_url": {
-					"type": "string",
-					"format": "uri"
 				}
 			},
 			"required": [
 				"id",
 				"name",
-				"deploy_status",
-				"gateway_url"
+				"deploy_status"
 			]
 		},
 		"sdkName": "createFunction",
@@ -8502,7 +8507,7 @@ const operationManifest = [
 				"key": {
 					"type": "string",
 					"pattern": "^[A-Z_][A-Z0-9_]*$",
-					"description": "Uppercase letters, digits, and underscores. Must start with\na letter or underscore. System-managed keys (e.g.\nPRIMITIVE_WEBHOOK_SECRET) are reserved.\n"
+					"description": "Uppercase letters, digits, and underscores. Must start with\na letter or underscore. System-managed keys (e.g.\nPRIMITIVE_WEBHOOK_SECRET, PRIMITIVE_API_KEY, and\nPRIMITIVE_API_BASE_URL) are reserved.\n"
 				},
 				"value": {
 					"type": "string",
@@ -8645,10 +8650,6 @@ const operationManifest = [
 					"type": ["string", "null"],
 					"format": "date-time"
 				},
-				"gateway_url": {
-					"type": "string",
-					"format": "uri"
-				},
 				"created_at": {
 					"type": "string",
 					"format": "date-time"
@@ -8663,7 +8664,6 @@ const operationManifest = [
 				"name",
 				"code",
 				"deploy_status",
-				"gateway_url",
 				"created_at",
 				"updated_at"
 			]
@@ -9209,7 +9209,7 @@ const operationManifest = [
 		"binaryResponse": false,
 		"bodyRequired": false,
 		"command": "list-function-secrets",
-		"description": "Returns metadata for every secret bound to the function, with\nmanaged entries (provisioned by Primitive) listed first and\nuser-set entries listed alphabetically after. **Values are\nnever returned.** Secret writes are write-only.\n\nManaged entries (e.g. `PRIMITIVE_WEBHOOK_SECRET`,\n`PRIMITIVE_API_KEY`) carry a `description` instead of\n`created_at` / `updated_at`. They cannot be created, updated,\nor deleted via this API.\n",
+		"description": "Returns metadata for every secret bound to the function, with\nmanaged entries (provisioned by Primitive) listed first and\nuser-set entries listed alphabetically after. **Values are\nnever returned.** Secret writes are write-only.\n\nManaged entries (e.g. `PRIMITIVE_WEBHOOK_SECRET`,\n`PRIMITIVE_API_KEY`, `PRIMITIVE_API_BASE_URL`) carry a\n`description` instead of `created_at` / `updated_at`. They\ncannot be created, updated, or deleted via this API.\n",
 		"hasJsonBody": false,
 		"method": "GET",
 		"operationId": "listFunctionSecrets",
@@ -9265,7 +9265,7 @@ const operationManifest = [
 		"binaryResponse": false,
 		"bodyRequired": false,
 		"command": "list-functions",
-		"description": "Returns every active (non-deleted) function in the org, newest\nfirst. Each entry carries the deploy status and the gateway URL\nthat the platform's webhook delivery loop posts to. To inspect\nthe source code or deploy errors, use `GET /functions/{id}`.\n",
+		"description": "Returns every active (non-deleted) function in the org, newest\nfirst. Each entry carries deploy status and timestamps. To\ninspect the source code or deploy errors, use `GET /functions/{id}`.\n",
 		"hasJsonBody": false,
 		"method": "GET",
 		"operationId": "listFunctions",
@@ -9302,11 +9302,6 @@ const operationManifest = [
 						"format": "date-time",
 						"description": "Timestamp of the most recent successful deploy. Null until the first deploy succeeds."
 					},
-					"gateway_url": {
-						"type": "string",
-						"format": "uri",
-						"description": "URL the platform's webhook delivery loop posts to in order\nto invoke the function. Reference only; not directly\ncallable from outside.\n"
-					},
 					"created_at": {
 						"type": "string",
 						"format": "date-time"
@@ -9320,7 +9315,6 @@ const operationManifest = [
 					"id",
 					"name",
 					"deploy_status",
-					"gateway_url",
 					"created_at",
 					"updated_at"
 				]
@@ -9549,10 +9543,6 @@ const operationManifest = [
 					"type": ["string", "null"],
 					"format": "date-time"
 				},
-				"gateway_url": {
-					"type": "string",
-					"format": "uri"
-				},
 				"created_at": {
 					"type": "string",
 					"format": "date-time"
@@ -9567,7 +9557,6 @@ const operationManifest = [
 				"name",
 				"code",
 				"deploy_status",
-				"gateway_url",
 				"created_at",
 				"updated_at"
 			]
@@ -11062,7 +11051,7 @@ function resolveConfigEnvironment(config) {
 	} : null;
 }
 function upsertCliEnvironment(params) {
-	const name = normalizeCliEnvironmentName(params.environmentName ?? DEFAULT_ENVIRONMENT);
+	const name = normalizeCliEnvironmentName(params.environmentName ?? "default");
 	const existing = params.config.environments[name] ?? {};
 	const nextHeaders = { ...existing.headers ?? {} };
 	for (const assignment of params.headers ?? []) {
@@ -11139,6 +11128,7 @@ function resolveCliApiRequestConfig(params) {
 	const currentEnvironment = resolveConfigEnvironment(loadCliConfig(params.configDir));
 	const configuredApiBaseUrl1 = currentEnvironment?.config.api_base_url_1;
 	const configuredApiBaseUrl2 = currentEnvironment?.config.api_base_url_2;
+	if (currentEnvironment !== null && currentEnvironment.name !== "default" && params.apiBaseUrl1 === void 0 && configuredApiBaseUrl1 === void 0) throw new Errors.CLIError(`The active Primitive CLI environment \`${currentEnvironment.name}\` does not specify an api_base_url_1. Set one with \`primitive config set --environment ${currentEnvironment.name} --api-base-url-1 https://...\`, or switch to a different environment with \`primitive config use <name>\`. Refusing to fall back to the production default for a non-default environment.`, { exit: 1 });
 	const apiBaseUrl1 = params.apiBaseUrl1 !== void 0 ? normalizeApiBaseUrl1(params.apiBaseUrl1) : configuredApiBaseUrl1;
 	const apiBaseUrl2 = params.apiBaseUrl2 !== void 0 ? normalizeApiBaseUrl2(params.apiBaseUrl2) : configuredApiBaseUrl2;
 	return {
@@ -11410,26 +11400,26 @@ function coerceParameterValue(parameter, value) {
 	if (typeof value === "boolean" || typeof value === "number" || typeof value === "string") return value;
 	throw new Errors.CLIError(`Unsupported flag value for --${parameter.name}`);
 }
-function cliError$5(message) {
+function cliError$6(message) {
 	return new Errors.CLIError(message, { exit: 1 });
 }
 function parseJson(source, flagLabel) {
 	try {
 		return JSON.parse(source);
 	} catch (error) {
-		throw cliError$5(`${flagLabel} is not valid JSON: ${error instanceof Error ? error.message : String(error)}`);
+		throw cliError$6(`${flagLabel} is not valid JSON: ${error instanceof Error ? error.message : String(error)}`);
 	}
 }
 function readJsonBody(flags) {
 	const bodyFile = flags["body-file"];
 	const rawBody = flags["raw-body"];
-	if (bodyFile && rawBody) throw cliError$5("Use either --raw-body or --body-file, not both");
+	if (bodyFile && rawBody) throw cliError$6("Use either --raw-body or --body-file, not both");
 	if (typeof bodyFile === "string") {
 		let contents;
 		try {
 			contents = readFileSync(bodyFile, "utf8");
 		} catch (error) {
-			throw cliError$5(`Could not read --body-file ${bodyFile}: ${error instanceof Error ? error.message : String(error)}`);
+			throw cliError$6(`Could not read --body-file ${bodyFile}: ${error instanceof Error ? error.message : String(error)}`);
 		}
 		return parseJson(contents, `--body-file ${bodyFile}`);
 	}
@@ -11439,7 +11429,7 @@ function readTextFileFlag(path, flagLabel) {
 	try {
 		return readFileSync(path, "utf8");
 	} catch (error) {
-		throw cliError$5(`Could not read ${flagLabel} ${path}: ${error instanceof Error ? error.message : String(error)}`);
+		throw cliError$6(`Could not read ${flagLabel} ${path}: ${error instanceof Error ? error.message : String(error)}`);
 	}
 }
 function extractErrorPayload(raw) {
@@ -11504,15 +11494,27 @@ function writeErrorWithHints(payload) {
 	}
 	if (code in NETWORK_ERROR_HINTS) process.stderr.write(`${NETWORK_ERROR_HINTS[code]}\n`);
 }
-function removeStaleSavedCredentialOnUnauthorized(params) {
-	if (extractErrorCode(params.payload) !== API_ERROR_CODES.unauthorized || params.auth.source !== "stored") return false;
+/**
+* Surface a user-facing hint when a request comes back unauthorized.
+*
+* Deliberately does NOT mutate the saved credentials.json. Auto-
+* deleting on any 401 made transient rejections look like permanent
+* credential failures and forced unnecessary re-login cycles; we
+* surface a hint and let the user decide whether to re-authenticate.
+*
+* The one legitimate auto-delete case lives in `primitive login`'s
+* `checkExistingLogin`: the user has explicitly asked to log in,
+* existing credentials are probed, and if they fail we clean up
+* before minting a new key. That path calls `deleteCliCredentials`
+* directly rather than going through this function.
+*/
+function surfaceUnauthorizedHint(params) {
+	if (extractErrorCode(params.payload) !== API_ERROR_CODES.unauthorized || params.auth.source !== "stored") return;
 	if (params.baseUrlOverridden && params.auth.credentials !== null && params.auth.apiBaseUrl1 !== params.auth.credentials.api_base_url_1) {
-		process.stderr.write("Saved Primitive CLI credentials were rejected by the overridden API base URL. The local credential was not removed; unset PRIMITIVE_API_BASE_URL_1, run `primitive config reset` to clear configured URL overrides, or run `primitive logout` to remove the stored credential.\n");
-		return false;
+		process.stderr.write("Saved Primitive CLI credentials were rejected by the overridden API base URL. The saved credential is preserved; unset PRIMITIVE_API_BASE_URL_1, run `primitive config reset` to clear configured URL overrides, or run `primitive logout` to remove the stored credential.\n");
+		return;
 	}
-	deleteCliCredentials(params.configDir);
-	process.stderr.write("Removed saved Primitive CLI credentials because the backing API key is no longer valid. Run `primitive login` to create a new one.\n");
-	return true;
+	process.stderr.write("Your saved Primitive CLI credential was rejected. If the command was working a moment ago, please retry; brief retries often clear transient rejections. If it keeps failing, run `primitive logout && primitive login` to mint a fresh credential.\n");
 }
 function formatElapsed(ms) {
 	const seconds = ms / 1e3;
@@ -11676,7 +11678,7 @@ function createOperationCommand(operation) {
 				if (result.error) {
 					const errorPayload = extractErrorPayload(result.error);
 					writeErrorWithHints(errorPayload);
-					removeStaleSavedCredentialOnUnauthorized({
+					surfaceUnauthorizedHint({
 						auth,
 						baseUrlOverridden,
 						configDir: this.config.configDir,
@@ -11737,6 +11739,384 @@ function canonicalizeCliReferences(description) {
 	return description.replaceAll("`primitive emails:latest`", "`primitive emails latest`").replaceAll("`primitive describe emails:get-email | jq '.responseSchema.properties'`", "`primitive describe emails:get | jq '.responseSchema.properties'`");
 }
 //#endregion
+//#region src/oclif/outbound-defaults.ts
+const SUBJECT_MAX_LENGTH = 200;
+function deriveSubject(body) {
+	for (const line of body.split("\n")) {
+		const trimmed = line.trim();
+		if (!trimmed) continue;
+		return trimmed.length > SUBJECT_MAX_LENGTH ? `${trimmed.slice(0, SUBJECT_MAX_LENGTH - 3)}...` : trimmed;
+	}
+	return "Message";
+}
+function isVerifiedDomain(domain) {
+	return domain.is_active === true;
+}
+async function pickDefaultFromAddress(apiClient, authFailureContext) {
+	const result = await listDomains({
+		client: apiClient.client,
+		responseStyle: "fields"
+	});
+	if (result.error) {
+		const errorPayload = extractErrorPayload(result.error);
+		if (extractErrorCode(errorPayload) === API_ERROR_CODES.unauthorized) {
+			writeErrorWithHints(errorPayload);
+			surfaceUnauthorizedHint({
+				...authFailureContext,
+				payload: errorPayload
+			});
+			throw new Errors.CLIError("Cannot send: API key is missing or invalid (see hint above).", { exit: 1 });
+		}
+		throw new Errors.CLIError(`Could not look up your verified domains to default --from. Pass --from explicitly. Underlying error: ${formatErrorPayload(errorPayload)}`);
+	}
+	const first = result.data?.data?.find(isVerifiedDomain);
+	if (!first) throw new Errors.CLIError("No active verified outbound domain found on this account; pass --from explicitly. To set up outbound, claim a domain via `primitive domains add` and verify it.");
+	return `agent@${first.domain}`;
+}
+//#endregion
+//#region src/oclif/commands/emails-poll.ts
+function quoteDslValue(value) {
+	if (/^[^\s"]+$/.test(value)) return value;
+	return `"${value.replace(/\\/g, "\\\\").replace(/"/g, "\\\"")}"`;
+}
+function combineQ(q, domain) {
+	const parts = [q?.trim(), domain ? `domain:${quoteDslValue(domain.trim())}` : void 0].filter((part) => Boolean(part));
+	return parts.length > 0 ? parts.join(" ") : void 0;
+}
+function normalizeIsoDate(value, label) {
+	const parsed = new Date(value);
+	if (Number.isNaN(parsed.getTime())) throw new Error(`${label} must be a valid date or ISO-8601 timestamp.`);
+	return parsed.toISOString();
+}
+function filtersFromFlags(flags) {
+	return {
+		body: flags.body,
+		domain: flags.domain,
+		domainId: flags["domain-id"],
+		from: flags.from,
+		hasAttachment: flags["has-attachment"],
+		q: flags.q,
+		replyToSentEmailId: flags["reply-to-sent-email-id"],
+		spamScoreGte: flags["spam-score-gte"],
+		spamScoreLt: flags["spam-score-lt"],
+		subject: flags.subject,
+		to: flags.to
+	};
+}
+function sinceFromFlags(flags) {
+	if (flags.since) return normalizeIsoDate(flags.since, "--since");
+	return flags["include-existing"] ? void 0 : (/* @__PURE__ */ new Date()).toISOString();
+}
+function buildEmailSearchQuery(params) {
+	const query = {
+		include_facets: "false",
+		limit: params.pageSize,
+		snippet: "false",
+		sort: "received_at_asc"
+	};
+	const q = combineQ(params.filters.q, params.filters.domain);
+	if (q) query.q = q;
+	if (params.filters.body) query.body = params.filters.body;
+	if (params.filters.domainId) query.domain_id = params.filters.domainId;
+	if (params.filters.from) query.from = params.filters.from;
+	if (params.filters.hasAttachment !== void 0) query.has_attachment = params.filters.hasAttachment ? "true" : "false";
+	if (params.filters.spamScoreGte !== void 0) query.spam_score_gte = params.filters.spamScoreGte;
+	if (params.filters.spamScoreLt !== void 0) query.spam_score_lt = params.filters.spamScoreLt;
+	if (params.filters.replyToSentEmailId) query.reply_to_sent_email_id = params.filters.replyToSentEmailId;
+	if (params.filters.subject) query.subject = params.filters.subject;
+	if (params.filters.to) query.to = params.filters.to;
+	if (params.since) query.date_from = params.since;
+	if (params.cursor) query.cursor = params.cursor;
+	return query;
+}
+function encodeReceivedAtSearchCursor(email) {
+	const raw = `r|${new Date(email.received_at).toISOString()}|${email.id}`;
+	return Buffer.from(raw, "utf8").toString("base64url");
+}
+function cursorFromRows(rows) {
+	const last = rows.at(-1);
+	return last ? encodeReceivedAtSearchCursor(last) : null;
+}
+function collectNewAcceptedEmails(rows, seenIds) {
+	const fresh = [];
+	for (const row of rows) {
+		if (row.status !== "accepted" && row.status !== "completed") continue;
+		if (seenIds.has(row.id)) continue;
+		seenIds.add(row.id);
+		fresh.push(row);
+	}
+	return fresh;
+}
+async function fetchEmailSearchPage(params) {
+	const result = await searchEmails({
+		client: params.apiClient.client,
+		query: buildEmailSearchQuery({
+			cursor: params.cursor,
+			filters: params.filters,
+			pageSize: params.pageSize,
+			since: params.since
+		}),
+		responseStyle: "fields"
+	});
+	if (result.error) return {
+		ok: false,
+		error: result.error
+	};
+	const envelope = result.data;
+	const rows = envelope?.data ?? [];
+	return {
+		ok: true,
+		cursor: envelope?.meta.cursor ?? cursorFromRows(rows),
+		rows
+	};
+}
+function sleep$1(ms) {
+	return new Promise((resolve) => setTimeout(resolve, ms));
+}
+//#endregion
+//#region src/oclif/commands/chat.ts
+const DEFAULT_CHAT_TIMEOUT_SECONDS = 120;
+const DEFAULT_STRICT_PHASE_SECONDS = 60;
+function cliError$5(message) {
+	return new Errors.CLIError(message, { exit: 1 });
+}
+async function readStdinToString() {
+	if (process.stdin.isTTY) throw cliError$5("No message provided. Pass the message as the second positional argument or pipe it via stdin.");
+	const chunks = [];
+	for await (const chunk of process.stdin) chunks.push(typeof chunk === "string" ? Buffer.from(chunk) : chunk);
+	return Buffer.concat(chunks).toString("utf8");
+}
+var ChatCommand = class ChatCommand extends Command {
+	static description = `Send a message to an address and wait for the reply.
+
+  This is the first-party verb for talking to agents that live behind
+  email addresses. \`primitive send\` is transport (fire-and-forget);
+  \`primitive chat\` is semantic (send + wait for the threaded reply).
+
+  The message body can be given as the second positional argument or
+  piped via stdin. The reply body is written to stdout; --json emits a
+  structured envelope with both sides of the exchange.
+
+  Matching the reply: the wait phase polls inbound mail filtered by
+  the recipient as sender and the send time as a lower bound. The
+  first match is taken; the full inbound row is then fetched for the
+  body. Exits non-zero on timeout.`;
+	static summary = "Chat with an agent over email (send and wait for the reply)";
+	static examples = [
+		"<%= config.bin %> chat help@agent.acme.dev 'how do I rotate my API key?'",
+		"cat error.log | <%= config.bin %> chat help@agent.acme.dev --subject 'webhook 401s'",
+		"<%= config.bin %> chat help@agent.acme.dev 'follow up question' --json",
+		"<%= config.bin %> chat help@agent.acme.dev 'one more thing' --timeout 300"
+	];
+	static args = {
+		recipient: Args.string({
+			description: "Address to chat with (e.g. help@agent.acme.dev).",
+			required: true
+		}),
+		message: Args.string({ description: "Message body. If omitted, read from stdin." })
+	};
+	static flags = {
+		"api-key": Flags.string({
+			description: "Primitive API key (defaults to PRIMITIVE_API_KEY or saved `primitive login` credentials)",
+			env: "PRIMITIVE_API_KEY"
+		}),
+		"api-base-url-1": Flags.string({
+			description: "Override the primary API base URL. Internal testing only; not documented to customers.",
+			env: "PRIMITIVE_API_BASE_URL_1",
+			hidden: true
+		}),
+		"api-base-url-2": Flags.string({
+			description: "Override the attachments-supporting send host base URL. Internal testing only; not documented to customers.",
+			env: "PRIMITIVE_API_BASE_URL_2",
+			hidden: true
+		}),
+		from: Flags.string({ description: "Sender address. Defaults to agent@<your-first-verified-outbound-domain>." }),
+		subject: Flags.string({ description: "Subject line. Defaults to the first line of the message when omitted." }),
+		"in-reply-to": Flags.string({ description: "Message-Id of the parent email to thread this against. Use when continuing a prior conversation from outside the CLI; for an inbound you received via Primitive, prefer `primitive reply --id <inbound-id>`." }),
+		json: Flags.boolean({ description: "Emit a structured JSON envelope { sent, reply } on stdout instead of just the reply body." }),
+		timeout: Flags.integer({
+			default: DEFAULT_CHAT_TIMEOUT_SECONDS,
+			description: "Seconds to wait for a reply before exiting non-zero; 0 waits forever.",
+			min: 0
+		}),
+		"strict-phase-seconds": Flags.integer({
+			default: DEFAULT_STRICT_PHASE_SECONDS,
+			description: "Seconds to wait in strict-threading mode (filter by reply_to_sent_email_id) before falling back to time-window matching. Set to the full --timeout to disable the fallback; --strict-only is the explicit way to do that.",
+			min: 1
+		}),
+		"strict-only": Flags.boolean({ description: "Disable the time-window fallback. Only accept inbounds whose threading headers (In-Reply-To / References) resolve to this send. Recommended when correctness matters more than success rate (e.g. agents talking to agents)." }),
+		interval: Flags.integer({
+			default: 2,
+			description: "Seconds between polls while waiting for the reply.",
+			min: 1
+		}),
+		"page-size": Flags.integer({
+			default: 50,
+			description: "Inbound emails to fetch per poll while waiting (1-100). Internal tuning knob.",
+			max: 100,
+			min: 1,
+			hidden: true
+		}),
+		time: Flags.boolean({ description: TIME_FLAG_DESCRIPTION })
+	};
+	async run() {
+		const { args, flags } = await this.parse(ChatCommand);
+		const message = args.message !== void 0 && args.message !== "" ? args.message : await readStdinToString();
+		if (!message.trim()) throw cliError$5("Message body is empty.");
+		await runWithTiming(flags.time, async () => {
+			const { apiClient, auth, baseUrlOverridden } = createAuthenticatedCliApiClient({
+				apiKey: flags["api-key"],
+				apiBaseUrl1: flags["api-base-url-1"],
+				apiBaseUrl2: flags["api-base-url-2"],
+				configDir: this.config.configDir
+			});
+			const authFailureContext = {
+				auth,
+				baseUrlOverridden,
+				configDir: this.config.configDir
+			};
+			const from = flags.from ?? await pickDefaultFromAddress(apiClient, authFailureContext);
+			const subject = flags.subject ?? deriveSubject(message);
+			const sentAtIso = (/* @__PURE__ */ new Date()).toISOString();
+			const sendResult = await sendEmail({
+				body: {
+					from,
+					to: args.recipient,
+					subject,
+					body_text: message,
+					...flags["in-reply-to"] !== void 0 ? { in_reply_to: flags["in-reply-to"] } : {}
+				},
+				client: apiClient._sendClient,
+				responseStyle: "fields"
+			});
+			if (sendResult.error) {
+				const errorPayload = extractErrorPayload(sendResult.error);
+				writeErrorWithHints(errorPayload);
+				surfaceUnauthorizedHint({
+					...authFailureContext,
+					payload: errorPayload
+				});
+				process.exitCode = 1;
+				return;
+			}
+			const sent = sendResult.data?.data;
+			if (!sent) throw cliError$5("Send succeeded but the API returned no data.");
+			const reply = await waitForReply({
+				apiClient,
+				authFailureContext,
+				from,
+				interval: flags.interval,
+				pageSize: flags["page-size"],
+				recipient: args.recipient,
+				sentAtIso,
+				sentId: sent.id,
+				strictOnly: flags["strict-only"],
+				strictPhaseSeconds: flags["strict-phase-seconds"],
+				timeoutSeconds: flags.timeout
+			});
+			if (reply === null) {
+				process.stderr.write(`Timed out after ${flags.timeout}s waiting for a reply from ${args.recipient}.\n`);
+				process.exitCode = 1;
+				return;
+			}
+			if (flags.json) {
+				const envelope = {
+					sent,
+					reply
+				};
+				this.log(JSON.stringify(envelope, null, 2));
+			} else {
+				const body = reply.body_text ?? reply.body_html ?? "";
+				this.log(body);
+			}
+		});
+	}
+};
+async function waitForReply(params) {
+	const totalDeadline = params.timeoutSeconds === 0 ? null : Date.now() + params.timeoutSeconds * 1e3;
+	const strictDeadlineFromBudget = Date.now() + params.strictPhaseSeconds * 1e3;
+	const strictDeadline = params.strictOnly ? totalDeadline : totalDeadline === null ? strictDeadlineFromBudget : Math.min(strictDeadlineFromBudget, totalDeadline);
+	const phases = [{
+		label: "strict",
+		filters: { replyToSentEmailId: params.sentId },
+		deadline: strictDeadline
+	}];
+	if (!params.strictOnly) phases.push({
+		label: "fallback",
+		filters: {
+			from: params.recipient,
+			to: params.from
+		},
+		deadline: totalDeadline
+	});
+	let strictFilterUnsupported = false;
+	for (const phase of phases) {
+		if (phase.label === "strict" && strictFilterUnsupported) continue;
+		const seenIds = /* @__PURE__ */ new Set();
+		let cursor = null;
+		while (true) {
+			if (phase.deadline !== null && Date.now() >= phase.deadline) break;
+			const page = await fetchEmailSearchPage({
+				apiClient: params.apiClient,
+				cursor,
+				filters: phase.filters,
+				pageSize: params.pageSize,
+				since: params.sentAtIso
+			});
+			if (!page.ok) {
+				const payload = extractErrorPayload(page.error);
+				writeErrorWithHints(payload);
+				surfaceUnauthorizedHint({
+					...params.authFailureContext,
+					payload
+				});
+				throw new Errors.CLIError("Failed to poll for reply.", { exit: 1 });
+			}
+			let lastAccepted;
+			for (let i = page.rows.length - 1; i >= 0; i--) {
+				const row = page.rows[i];
+				if (row.status === "accepted" || row.status === "completed") {
+					lastAccepted = row;
+					break;
+				}
+			}
+			if (lastAccepted) cursor = encodeReceivedAtSearchCursor(lastAccepted);
+			const matches = collectNewAcceptedEmails(page.rows, seenIds);
+			for (const match of matches) {
+				const full = await getEmail({
+					client: params.apiClient.client,
+					path: { id: match.id },
+					responseStyle: "fields"
+				});
+				if (full.error) {
+					const payload = extractErrorPayload(full.error);
+					writeErrorWithHints(payload);
+					surfaceUnauthorizedHint({
+						...params.authFailureContext,
+						payload
+					});
+					throw new Errors.CLIError(`Reply landed but fetching the full body failed (id=${match.id}).`, { exit: 1 });
+				}
+				const envelope = full.data;
+				const detail = envelope?.data ?? envelope ?? null;
+				if (!detail) throw new Errors.CLIError(`Reply landed but the email body could not be loaded (id=${match.id}).`, { exit: 1 });
+				if (phase.label === "strict" && detail.reply_to_sent_email_id !== params.sentId) {
+					if (!strictFilterUnsupported) process.stderr.write(params.strictOnly ? "Strict-phase reply matching is not supported by this Primitive API host; --strict-only requires server support so the command will exit without a match.\n" : "Strict-phase reply matching is not supported by this Primitive API host; falling back to time-window matching.\n");
+					strictFilterUnsupported = true;
+					continue;
+				}
+				return detail;
+			}
+			if (strictFilterUnsupported && phase.label === "strict") break;
+			if (lastAccepted !== void 0) continue;
+			if (phase.deadline !== null && Date.now() >= phase.deadline) break;
+			if (totalDeadline !== null && Date.now() >= totalDeadline) return null;
+			await sleep$1(params.interval * 1e3);
+		}
+	}
+	return null;
+}
+//#endregion
 //#region src/oclif/commands/config.ts
 function loadOrCreateConfig(configDir) {
 	return loadCliConfig(configDir) ?? emptyCliConfig();
@@ -12197,7 +12577,7 @@ var EmailsLatestCommand = class EmailsLatestCommand extends Command {
 			if (result.error) {
 				const errorPayload = extractErrorPayload(result.error);
 				writeErrorWithHints(errorPayload);
-				removeStaleSavedCredentialOnUnauthorized({
+				surfaceUnauthorizedHint({
 					auth,
 					baseUrlOverridden,
 					configDir: this.config.configDir,
@@ -12223,104 +12603,6 @@ var EmailsLatestCommand = class EmailsLatestCommand extends Command {
 	}
 };
 //#endregion
-//#region src/oclif/commands/emails-poll.ts
-function quoteDslValue(value) {
-	if (/^[^\s"]+$/.test(value)) return value;
-	return `"${value.replace(/\\/g, "\\\\").replace(/"/g, "\\\"")}"`;
-}
-function combineQ(q, domain) {
-	const parts = [q?.trim(), domain ? `domain:${quoteDslValue(domain.trim())}` : void 0].filter((part) => Boolean(part));
-	return parts.length > 0 ? parts.join(" ") : void 0;
-}
-function normalizeIsoDate(value, label) {
-	const parsed = new Date(value);
-	if (Number.isNaN(parsed.getTime())) throw new Error(`${label} must be a valid date or ISO-8601 timestamp.`);
-	return parsed.toISOString();
-}
-function filtersFromFlags(flags) {
-	return {
-		body: flags.body,
-		domain: flags.domain,
-		domainId: flags["domain-id"],
-		from: flags.from,
-		hasAttachment: flags["has-attachment"],
-		q: flags.q,
-		spamScoreGte: flags["spam-score-gte"],
-		spamScoreLt: flags["spam-score-lt"],
-		subject: flags.subject,
-		to: flags.to
-	};
-}
-function sinceFromFlags(flags) {
-	if (flags.since) return normalizeIsoDate(flags.since, "--since");
-	return flags["include-existing"] ? void 0 : (/* @__PURE__ */ new Date()).toISOString();
-}
-function buildEmailSearchQuery(params) {
-	const query = {
-		include_facets: "false",
-		limit: params.pageSize,
-		snippet: "false",
-		sort: "received_at_asc"
-	};
-	const q = combineQ(params.filters.q, params.filters.domain);
-	if (q) query.q = q;
-	if (params.filters.body) query.body = params.filters.body;
-	if (params.filters.domainId) query.domain_id = params.filters.domainId;
-	if (params.filters.from) query.from = params.filters.from;
-	if (params.filters.hasAttachment !== void 0) query.has_attachment = params.filters.hasAttachment ? "true" : "false";
-	if (params.filters.spamScoreGte !== void 0) query.spam_score_gte = params.filters.spamScoreGte;
-	if (params.filters.spamScoreLt !== void 0) query.spam_score_lt = params.filters.spamScoreLt;
-	if (params.filters.subject) query.subject = params.filters.subject;
-	if (params.filters.to) query.to = params.filters.to;
-	if (params.since) query.date_from = params.since;
-	if (params.cursor) query.cursor = params.cursor;
-	return query;
-}
-function encodeReceivedAtSearchCursor(email) {
-	const raw = `r|${new Date(email.received_at).toISOString()}|${email.id}`;
-	return Buffer.from(raw, "utf8").toString("base64url");
-}
-function cursorFromRows(rows) {
-	const last = rows.at(-1);
-	return last ? encodeReceivedAtSearchCursor(last) : null;
-}
-function collectNewAcceptedEmails(rows, seenIds) {
-	const fresh = [];
-	for (const row of rows) {
-		if (row.status !== "accepted" && row.status !== "completed") continue;
-		if (seenIds.has(row.id)) continue;
-		seenIds.add(row.id);
-		fresh.push(row);
-	}
-	return fresh;
-}
-async function fetchEmailSearchPage(params) {
-	const result = await searchEmails({
-		client: params.apiClient.client,
-		query: buildEmailSearchQuery({
-			cursor: params.cursor,
-			filters: params.filters,
-			pageSize: params.pageSize,
-			since: params.since
-		}),
-		responseStyle: "fields"
-	});
-	if (result.error) return {
-		ok: false,
-		error: result.error
-	};
-	const envelope = result.data;
-	const rows = envelope?.data ?? [];
-	return {
-		ok: true,
-		cursor: envelope?.meta.cursor ?? cursorFromRows(rows),
-		rows
-	};
-}
-function sleep$1(ms) {
-	return new Promise((resolve) => setTimeout(resolve, ms));
-}
-//#endregion
 //#region src/oclif/commands/emails-wait.ts
 const DEFAULT_WAIT_TIMEOUT_SECONDS$1 = 300;
 function cliError$4(message) {
@@ -12373,6 +12655,7 @@ var EmailsWaitCommand = class EmailsWaitCommand extends Command {
 			min: 1
 		}),
 		q: Flags.string({ description: "Full-text search DSL query" }),
+		"reply-to-sent-email-id": Flags.string({ description: "Filter to inbound emails that are threaded replies to a specific outbound send (UUID from a /v1/send-mail response). Combine with --to and --since for the strictest version of the wait-for-reply pattern." }),
 		since: Flags.string({ description: "Only match emails received on or after this date/time" }),
 		"spam-score-gte": Flags.integer({ description: "Only match emails with spam score greater than or equal to this value" }),
 		"spam-score-lt": Flags.integer({ description: "Only match emails with spam score below this value" }),
@@ -12417,7 +12700,7 @@ var EmailsWaitCommand = class EmailsWaitCommand extends Command {
 			if (!page.ok) {
 				const payload = extractErrorPayload(page.error);
 				writeErrorWithHints(payload);
-				removeStaleSavedCredentialOnUnauthorized({
+				surfaceUnauthorizedHint({
 					auth,
 					baseUrlOverridden,
 					configDir: this.config.configDir,
@@ -12539,7 +12822,7 @@ var EmailsWatchCommand = class EmailsWatchCommand extends Command {
 			if (!page.ok) {
 				const payload = extractErrorPayload(page.error);
 				writeErrorWithHints(payload);
-				removeStaleSavedCredentialOnUnauthorized({
+				surfaceUnauthorizedHint({
 					auth,
 					baseUrlOverridden,
 					configDir: this.config.configDir,
@@ -12593,7 +12876,6 @@ function toDeployWaitSnapshot(value) {
 		...value.deploy_error !== void 0 ? { deploy_error: value.deploy_error } : {},
 		deploy_status: value.deploy_status,
 		...value.deployed_at !== void 0 ? { deployed_at: value.deployed_at } : {},
-		gateway_url: value.gateway_url,
 		id: value.id,
 		name: value.name,
 		...value.updated_at !== void 0 ? { updated_at: value.updated_at } : {}
@@ -13261,7 +13543,7 @@ var FunctionsDeployCommand = class FunctionsDeployCommand extends Command {
 					process.stderr.write(`Function ${outcome.created.name} (${outcome.created.id}) was created and secrets [${succeeded}] were written, but the final redeploy failed; the new bindings are NOT yet live. Re-run \`primitive functions redeploy --id ${outcome.created.id} --file <bundle>\` once the cause is fixed.\n`);
 				}
 				writeErrorWithHints(outcome.payload);
-				removeStaleSavedCredentialOnUnauthorized({
+				surfaceUnauthorizedHint({
 					...authFailureContext,
 					payload: outcome.payload
 				});
@@ -13284,7 +13566,7 @@ var FunctionsDeployCommand = class FunctionsDeployCommand extends Command {
 				});
 				if (waitResult.kind === "error") {
 					writeErrorWithHints(waitResult.payload);
-					removeStaleSavedCredentialOnUnauthorized({
+					surfaceUnauthorizedHint({
 						...authFailureContext,
 						payload: waitResult.payload
 					});
@@ -13317,22 +13599,33 @@ const PRIMITIVE_TEAM_AUTHOR = {
 	name: "Primitive Team",
 	url: "https://primitive.dev"
 };
-const SDK_VERSION_RANGE = "^0.30.3";
-const CLI_VERSION_RANGE = "^0.30.3";
+const SDK_VERSION_RANGE = "^0.31.1";
+const CLI_VERSION_RANGE = "^0.31.1";
 const ESBUILD_VERSION_RANGE = "^0.27.0";
 function renderHandler() {
-	return `// env.PRIMITIVE_API_KEY is auto-injected by the Primitive Functions runtime.
+	return `// env.PRIMITIVE_API_KEY, env.PRIMITIVE_WEBHOOK_SECRET, and
+// env.PRIMITIVE_API_BASE_URL are auto-injected by the Primitive Functions runtime.
 //
 // Imports are taken from the \`/api\` subpath, NOT the package root.
 // The root export pulls in webhook signing helpers that depend on
 // \`node:crypto\`, which breaks Workers-style bundles. The \`/api\`
-// subpath is Workers-safe and exposes everything a handler needs.
+// subpath is Workers-safe and exposes everything a handler needs,
+// including Web Crypto signature verification.
 import {
   createPrimitiveClient,
   normalizeReceivedEmail,
+  PRIMITIVE_SIGNATURE_HEADER,
   type EmailReceivedEvent,
+  verifyWebhookSignature,
+  WebhookVerificationError,
 } from "@primitivedotdev/sdk/api";
 
+interface Env {
+  PRIMITIVE_API_KEY: string;
+  PRIMITIVE_API_BASE_URL: string;
+  PRIMITIVE_WEBHOOK_SECRET: string;
+}
+
 // Loop-protection knob. Only used by the isLoop helper below; the
 // handler's outbound reply address is server-defaulted (no
 // from-address parameter is passed to client.reply). Update this if
@@ -13382,10 +13675,26 @@ export function isLoop(event: EmailReceivedEvent): boolean {
 export default {
   async fetch(
     req: Request,
-    env: { PRIMITIVE_API_KEY: string },
+    env: Env,
   ): Promise<Response> {
     try {
-      const event = (await req.json()) as EmailReceivedEvent;
+      const rawBody = await req.text();
+      const signatureHeader = req.headers.get(PRIMITIVE_SIGNATURE_HEADER) ?? "";
+
+      try {
+        await verifyWebhookSignature({
+          rawBody,
+          signatureHeader,
+          secret: env.PRIMITIVE_WEBHOOK_SECRET,
+        });
+      } catch (signatureError) {
+        if (signatureError instanceof WebhookVerificationError) {
+          return new Response("invalid signature", { status: 401 });
+        }
+        throw signatureError;
+      }
+
+      const event = JSON.parse(rawBody) as EmailReceivedEvent;
 
       // Only "email.received" exists today. Future event types will
       // arrive with a different discriminator; return 2xx so the
@@ -13395,15 +13704,17 @@ export default {
         return Response.json({ ok: true, skipped: event.event });
       }
 
-      // Loop protection runs immediately after the event-type check
-      // (the gateway has already HMAC-verified the request before it
-      // reaches this handler). See isLoop above for what's covered and
-      // how to extend it.
+      // Loop protection runs immediately after signature verification
+      // and the event-type check. See isLoop above for what's covered
+      // and how to extend it.
       if (isLoop(event)) {
         return Response.json({ ok: true, skipped: "loop" });
       }
 
-      const client = createPrimitiveClient({ apiKey: env.PRIMITIVE_API_KEY });
+      const client = createPrimitiveClient({
+        apiKey: env.PRIMITIVE_API_KEY,
+        apiBaseUrl1: env.PRIMITIVE_API_BASE_URL,
+      });
 
       // Recipient gate
       // https://www.primitive.dev/docs/sending#who-you-can-send-to
@@ -13571,7 +13882,7 @@ function renderEmailReplyTemplateFiles(name) {
 const FUNCTION_TEMPLATES = [{
 	author: PRIMITIVE_TEAM_AUTHOR,
 	dependencies: ["@primitivedotdev/sdk"],
-	description: "A deployable TypeScript email handler that validates email.received events, skips likely loops, and replies with the Primitive SDK.",
+	description: "A deployable TypeScript email handler that verifies signed email.received events, skips likely loops, and replies with the Primitive SDK.",
 	devDependencies: [
 		"@primitivedotdev/cli",
 		"esbuild",
@@ -13828,7 +14139,7 @@ var FunctionsLogsCommand = class FunctionsLogsCommand extends Command {
 					if (result.error) {
 						const errorPayload = extractErrorPayload(result.error);
 						writeErrorWithHints(errorPayload);
-						removeStaleSavedCredentialOnUnauthorized({
+						surfaceUnauthorizedHint({
 							auth,
 							baseUrlOverridden,
 							configDir: this.config.configDir,
@@ -14084,7 +14395,7 @@ var FunctionsRedeployCommand = class FunctionsRedeployCommand extends Command {
 					process.stderr.write(`Secrets [${succeeded}] were written, but the redeploy step failed; the new bindings are NOT yet live. Re-run \`primitive functions redeploy --id ${flags.id} --file <bundle>\` once the cause is fixed.\n`);
 				}
 				writeErrorWithHints(outcome.payload);
-				removeStaleSavedCredentialOnUnauthorized({
+				surfaceUnauthorizedHint({
 					...authFailureContext,
 					payload: outcome.payload
 				});
@@ -14106,7 +14417,7 @@ var FunctionsRedeployCommand = class FunctionsRedeployCommand extends Command {
 				});
 				if (waitResult.kind === "error") {
 					writeErrorWithHints(waitResult.payload);
-					removeStaleSavedCredentialOnUnauthorized({
+					surfaceUnauthorizedHint({
 						...authFailureContext,
 						payload: waitResult.payload
 					});
@@ -14307,7 +14618,7 @@ var FunctionsSetSecretCommand = class FunctionsSetSecretCommand extends Command
 				if (outcome.stage === "get-function") process.stderr.write("Secret was written, but reading current function code for redeploy failed; the secret is NOT yet live. Re-run with --redeploy, or call `primitive functions redeploy --id <id> --file <bundle>` once you have the bundle.\n");
 				else if (outcome.stage === "redeploy") process.stderr.write("Secret was written, but the redeploy step failed; the secret is NOT yet live. Inspect the function's deploy_error and re-run `primitive functions redeploy --id <id> --file <bundle>` once the cause is fixed.\n");
 				writeErrorWithHints(outcome.payload);
-				removeStaleSavedCredentialOnUnauthorized({
+				surfaceUnauthorizedHint({
 					...authFailureContext,
 					payload: outcome.payload
 				});
@@ -14495,7 +14806,7 @@ var FunctionsTestFunctionCommand = class FunctionsTestFunctionCommand extends Co
 			if (triggerResult.error) {
 				const payload = extractErrorPayload(triggerResult.error);
 				writeErrorWithHints(payload);
-				removeStaleSavedCredentialOnUnauthorized({
+				surfaceUnauthorizedHint({
 					auth,
 					baseUrlOverridden,
 					configDir: this.config.configDir,
@@ -14533,7 +14844,7 @@ var FunctionsTestFunctionCommand = class FunctionsTestFunctionCommand extends Co
 				if (!page.ok) {
 					const payload = extractErrorPayload(page.error);
 					writeErrorWithHints(payload);
-					removeStaleSavedCredentialOnUnauthorized({
+					surfaceUnauthorizedHint({
 						auth,
 						baseUrlOverridden,
 						configDir: this.config.configDir,
@@ -14561,7 +14872,7 @@ var FunctionsTestFunctionCommand = class FunctionsTestFunctionCommand extends Co
 				if (result.error) {
 					const payload = extractErrorPayload(result.error);
 					writeErrorWithHints(payload);
-					removeStaleSavedCredentialOnUnauthorized({
+					surfaceUnauthorizedHint({
 						auth,
 						baseUrlOverridden,
 						configDir: this.config.configDir,
@@ -14641,22 +14952,17 @@ async function checkExistingLogin(params) {
 	})))(apiClient);
 	if (!result.error) return { status: "valid" };
 	const payload = extractErrorPayload(result.error);
-	if (removeStaleSavedCredentialOnUnauthorized({
-		auth: {
-			apiKey: params.credentials.api_key,
-			apiBaseUrl1: probeApiBaseUrl1,
-			apiBaseUrl2: normalizeApiBaseUrl2(void 0),
-			credentials: params.credentials,
-			source: "stored"
-		},
-		baseUrlOverridden: requestConfig.baseUrlOverridden,
-		configDir: params.configDir,
-		payload
-	})) return { status: "removed_stale" };
+	const code = extractErrorCode(payload);
+	const baseUrlDiffersFromSaved = requestConfig.baseUrlOverridden && requestConfig.apiBaseUrl1 !== params.credentials.api_base_url_1;
+	if (code === API_ERROR_CODES.unauthorized && !baseUrlDiffersFromSaved) {
+		deleteCliCredentials(params.configDir);
+		process.stderr.write("Removed saved Primitive CLI credentials because the existing key was rejected during login. Continuing with a fresh login.\n");
+		return { status: "removed_stale" };
+	}
 	return {
 		status: "blocked",
 		payload,
-		message: extractErrorCode(payload) === API_ERROR_CODES.unauthorized ? "Saved Primitive CLI credentials were rejected. Run `primitive logout` to remove them before logging in again." : "A saved Primitive CLI login exists, but the CLI could not verify whether it is still valid. Run `primitive logout` before logging in again."
+		message: code === API_ERROR_CODES.unauthorized ? "Saved Primitive CLI credentials were rejected by an API URL different from the one they were saved with. Run `primitive logout` to remove them, or switch back to the original environment before logging in again." : "A saved Primitive CLI login exists, but the CLI could not verify whether it is still valid. Run `primitive logout` before logging in again."
 	};
 }
 var LoginCommand = class LoginCommand extends Command {
@@ -15041,7 +15347,7 @@ var ReplyCommand = class ReplyCommand extends Command {
 			if (result.error) {
 				const errorPayload = extractErrorPayload(result.error);
 				writeErrorWithHints(errorPayload);
-				removeStaleSavedCredentialOnUnauthorized({
+				surfaceUnauthorizedHint({
 					auth,
 					baseUrlOverridden,
 					configDir: this.config.configDir,
@@ -15060,39 +15366,6 @@ var ReplyCommand = class ReplyCommand extends Command {
 };
 //#endregion
 //#region src/oclif/commands/send.ts
-const SUBJECT_MAX_LENGTH = 200;
-function deriveSubject(body) {
-	for (const line of body.split("\n")) {
-		const trimmed = line.trim();
-		if (!trimmed) continue;
-		return trimmed.length > SUBJECT_MAX_LENGTH ? `${trimmed.slice(0, SUBJECT_MAX_LENGTH - 3)}...` : trimmed;
-	}
-	return "Message";
-}
-function isVerifiedDomain(domain) {
-	return domain.is_active === true;
-}
-async function pickDefaultFromAddress(apiClient, authFailureContext) {
-	const result = await listDomains({
-		client: apiClient.client,
-		responseStyle: "fields"
-	});
-	if (result.error) {
-		const errorPayload = extractErrorPayload(result.error);
-		if (extractErrorCode(errorPayload) === API_ERROR_CODES.unauthorized) {
-			writeErrorWithHints(errorPayload);
-			removeStaleSavedCredentialOnUnauthorized({
-				...authFailureContext,
-				payload: errorPayload
-			});
-			throw new Errors.CLIError("Cannot send: API key is missing or invalid (see hint above).", { exit: 1 });
-		}
-		throw new Errors.CLIError(`Could not look up your verified domains to default --from. Pass --from explicitly. Underlying error: ${formatErrorPayload(errorPayload)}`);
-	}
-	const first = result.data?.data?.find(isVerifiedDomain);
-	if (!first) throw new Errors.CLIError("No active verified outbound domain found on this account; pass --from explicitly. To set up outbound, claim a domain via `primitive domains add` and verify it.");
-	return `agent@${first.domain}`;
-}
 var SendCommand = class SendCommand extends Command {
 	static description = `Send an outbound email. Agent-grade shortcut for \`sending send\` with sensible defaults.
 
@@ -15184,7 +15457,7 @@ var SendCommand = class SendCommand extends Command {
 			if (result.error) {
 				const errorPayload = extractErrorPayload(result.error);
 				writeErrorWithHints(errorPayload);
-				removeStaleSavedCredentialOnUnauthorized({
+				surfaceUnauthorizedHint({
 					...authFailureContext,
 					payload: errorPayload
 				});
@@ -15629,7 +15902,7 @@ var WhoamiCommand = class WhoamiCommand extends Command {
 			if (result.error) {
 				const errorPayload = extractErrorPayload(result.error);
 				writeErrorWithHints(errorPayload);
-				removeStaleSavedCredentialOnUnauthorized({
+				surfaceUnauthorizedHint({
 					auth,
 					baseUrlOverridden,
 					configDir: this.config.configDir,
@@ -15860,6 +16133,7 @@ const COMMANDS = {
 	describe: DescribeCommand,
 	send: SendCommand,
 	reply: ReplyCommand,
+	chat: ChatCommand,
 	login: LoginCommand,
 	signup: SignupCommand,
 	logout: LogoutCommand,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@primitivedotdev/cli",
-  "version": "0.30.3",
+  "version": "0.31.1",
   "description": "Official Primitive CLI: deploy Primitive Functions, send and inspect mail, manage endpoints, all from the terminal. Wraps the @primitivedotdev/sdk runtime client with one-shot commands.",
   "type": "module",
   "sideEffects": false,