@primitivedotdev/cli 0.31.0 → 0.31.1

package/dist/oclif/index.js

@@ -1478,9 +1478,8 @@ const getSentEmail = (options) => (options.client ?? client).get({
 * List functions
 *
 * Returns every active (non-deleted) function in the org, newest
-* first. Each entry carries the deploy status and the gateway URL
-* that the platform's webhook delivery loop posts to. To inspect
-* the source code or deploy errors, use `GET /functions/{id}`.
+* first. Each entry carries deploy status and timestamps. To
+* inspect the source code or deploy errors, use `GET /functions/{id}`.
 *
 */
 const listFunctions = (options) => (options?.client ?? client).get({
@@ -1496,13 +1495,14 @@ const listFunctions = (options) => (options?.client ?? client).get({
 *
 * Creates and deploys a new function. The handler must be a single
 * ESM module whose default export is an object with an async
-* `fetch(request, env)` method (Workers-style). The gateway
-* HMAC-verifies the POST against the org's webhook secret before
-* invoking the handler; the request body parses to an
-* `email.received` event (see `EmailReceivedEvent` and the
-* Webhook payload section for the full schema). Code is bundled
-* before being uploaded; ship a single self-contained file rather
-* than relying on external imports.
+* `fetch(request, env)` method (Workers-style). Primitive signs
+* each delivery and forwards the `Primitive-Signature` header to
+* the handler. Verify the raw request body with
+* `PRIMITIVE_WEBHOOK_SECRET` before parsing JSON; after verification
+* the request body parses to an `email.received` event (see
+* `EmailReceivedEvent` and the Webhook payload section for the full
+* schema). Code is bundled before being uploaded; ship a single
+* self-contained file rather than relying on external imports.
 *
 * **Code limits.** `code` is capped at 1 MiB UTF-8. `sourceMap`
 * (optional) is capped at 5 MiB UTF-8, stored with each deployment
@@ -1512,12 +1512,12 @@ const listFunctions = (options) => (options?.client ?? client).get({
 * **Auto-wiring.** On successful deploy, Primitive automatically
 * creates a webhook endpoint that delivers inbound mail to the
 * function. There is nothing to configure on the Endpoints API
-* for this to work; the gateway URL returned here is for
-* reference only and is not directly callable from outside.
+* for this to work; the internal runtime URL is not returned by
+* the API and is not a customer-facing integration surface.
 *
 * **Secrets.** New functions ship with the managed secrets
-* (`PRIMITIVE_WEBHOOK_SECRET`, `PRIMITIVE_API_KEY`) already
-* bound. Add user-set secrets via
+* (`PRIMITIVE_WEBHOOK_SECRET`, `PRIMITIVE_API_KEY`,
+* `PRIMITIVE_API_BASE_URL`) already bound. Add user-set secrets via
 * `POST /functions/{id}/secrets`; secret writes only land in the
 * running handler on the next redeploy.
 *
@@ -1663,9 +1663,9 @@ const getFunctionTestRunTrace = (options) => (options.client ?? client).get({
 * never returned.** Secret writes are write-only.
 *
 * Managed entries (e.g. `PRIMITIVE_WEBHOOK_SECRET`,
-* `PRIMITIVE_API_KEY`) carry a `description` instead of
-* `created_at` / `updated_at`. They cannot be created, updated,
-* or deleted via this API.
+* `PRIMITIVE_API_KEY`, `PRIMITIVE_API_BASE_URL`) carry a
+* `description` instead of `created_at` / `updated_at`. They
+* cannot be created, updated, or deleted via this API.
 *
 */
 const listFunctionSecrets = (options) => (options.client ?? client).get({
@@ -1831,7 +1831,7 @@ const openapiDocument = {
 		},
 		{
 			"name": "Functions",
-			"description": "Deploy JavaScript handlers that run on inbound mail. Each function\nis a single ESM module whose default export is an object with an\nasync `fetch(request, env)` method, in the shape of a Workers-style\nhandler. The gateway HMAC-verifies the inbound POST against the\norg's webhook secret before invoking `fetch`; the request body\nparses to an `email.received` event (see `EmailReceivedEvent` and\nthe Webhook payload section for the full schema). Code runs on\nPrimitive's edge runtime; there is no infrastructure to manage.\nSecrets land in `env` as encrypted bindings and are refreshed on\nevery redeploy.\n"
+			"description": "Deploy JavaScript handlers that run on inbound mail. Each function\nis a single ESM module whose default export is an object with an\nasync `fetch(request, env)` method, in the shape of a Workers-style\nhandler. Primitive signs each delivery and forwards the\n`Primitive-Signature` header to the handler; verify the raw request\nbody with `PRIMITIVE_WEBHOOK_SECRET` before trusting the parsed\n`email.received` event (see `EmailReceivedEvent` and the Webhook\npayload section for the full schema). Code runs on\nPrimitive's edge runtime; there is no infrastructure to manage.\nSecrets land in `env` as encrypted bindings and are refreshed on\nevery redeploy.\n"
 		}
 	],
 	"paths": {
@@ -3171,7 +3171,7 @@ const openapiDocument = {
 			"get": {
 				"operationId": "listFunctions",
 				"summary": "List functions",
-				"description": "Returns every active (non-deleted) function in the org, newest\nfirst. Each entry carries the deploy status and the gateway URL\nthat the platform's webhook delivery loop posts to. To inspect\nthe source code or deploy errors, use `GET /functions/{id}`.\n",
+				"description": "Returns every active (non-deleted) function in the org, newest\nfirst. Each entry carries deploy status and timestamps. To\ninspect the source code or deploy errors, use `GET /functions/{id}`.\n",
 				"tags": ["Functions"],
 				"responses": {
 					"200": {
@@ -3190,7 +3190,7 @@ const openapiDocument = {
 			"post": {
 				"operationId": "createFunction",
 				"summary": "Deploy a function",
-				"description": "Creates and deploys a new function. The handler must be a single\nESM module whose default export is an object with an async\n`fetch(request, env)` method (Workers-style). The gateway\nHMAC-verifies the POST against the org's webhook secret before\ninvoking the handler; the request body parses to an\n`email.received` event (see `EmailReceivedEvent` and the\nWebhook payload section for the full schema). Code is bundled\nbefore being uploaded; ship a single self-contained file rather\nthan relying on external imports.\n\n**Code limits.** `code` is capped at 1 MiB UTF-8. `sourceMap`\n(optional) is capped at 5 MiB UTF-8, stored with each deployment\nattempt, and sent to the runtime so stack traces can resolve to\noriginal source files.\n\n**Auto-wiring.** On successful deploy, Primitive automatically\ncreates a webhook endpoint that delivers inbound mail to the\nfunction. There is nothing to configure on the Endpoints API\nfor this to work; the gateway URL returned here is for\nreference only and is not directly callable from outside.\n\n**Secrets.** New functions ship with the managed secrets\n(`PRIMITIVE_WEBHOOK_SECRET`, `PRIMITIVE_API_KEY`) already\nbound. Add user-set secrets via\n`POST /functions/{id}/secrets`; secret writes only land in the\nrunning handler on the next redeploy.\n",
+				"description": "Creates and deploys a new function. The handler must be a single\nESM module whose default export is an object with an async\n`fetch(request, env)` method (Workers-style). Primitive signs\neach delivery and forwards the `Primitive-Signature` header to\nthe handler. Verify the raw request body with\n`PRIMITIVE_WEBHOOK_SECRET` before parsing JSON; after verification\nthe request body parses to an `email.received` event (see\n`EmailReceivedEvent` and the Webhook payload section for the full\nschema). Code is bundled before being uploaded; ship a single\nself-contained file rather than relying on external imports.\n\n**Code limits.** `code` is capped at 1 MiB UTF-8. `sourceMap`\n(optional) is capped at 5 MiB UTF-8, stored with each deployment\nattempt, and sent to the runtime so stack traces can resolve to\noriginal source files.\n\n**Auto-wiring.** On successful deploy, Primitive automatically\ncreates a webhook endpoint that delivers inbound mail to the\nfunction. There is nothing to configure on the Endpoints API\nfor this to work; the internal runtime URL is not returned by\nthe API and is not a customer-facing integration surface.\n\n**Secrets.** New functions ship with the managed secrets\n(`PRIMITIVE_WEBHOOK_SECRET`, `PRIMITIVE_API_KEY`,\n`PRIMITIVE_API_BASE_URL`) already bound. Add user-set secrets via\n`POST /functions/{id}/secrets`; secret writes only land in the\nrunning handler on the next redeploy.\n",
 				"tags": ["Functions"],
 				"requestBody": {
 					"required": true,
@@ -3359,7 +3359,7 @@ const openapiDocument = {
 			"get": {
 				"operationId": "listFunctionSecrets",
 				"summary": "List a function's secrets",
-				"description": "Returns metadata for every secret bound to the function, with\nmanaged entries (provisioned by Primitive) listed first and\nuser-set entries listed alphabetically after. **Values are\nnever returned.** Secret writes are write-only.\n\nManaged entries (e.g. `PRIMITIVE_WEBHOOK_SECRET`,\n`PRIMITIVE_API_KEY`) carry a `description` instead of\n`created_at` / `updated_at`. They cannot be created, updated,\nor deleted via this API.\n",
+				"description": "Returns metadata for every secret bound to the function, with\nmanaged entries (provisioned by Primitive) listed first and\nuser-set entries listed alphabetically after. **Values are\nnever returned.** Secret writes are write-only.\n\nManaged entries (e.g. `PRIMITIVE_WEBHOOK_SECRET`,\n`PRIMITIVE_API_KEY`, `PRIMITIVE_API_BASE_URL`) carry a\n`description` instead of `created_at` / `updated_at`. They\ncannot be created, updated, or deleted via this API.\n",
 				"tags": ["Functions"],
 				"responses": {
 					"200": {
@@ -5525,11 +5525,6 @@ const openapiDocument = {
 						"format": "date-time",
 						"description": "Timestamp of the most recent successful deploy. Null until the first deploy succeeds."
 					},
-					"gateway_url": {
-						"type": "string",
-						"format": "uri",
-						"description": "URL the platform's webhook delivery loop posts to in order\nto invoke the function. Reference only; not directly\ncallable from outside.\n"
-					},
 					"created_at": {
 						"type": "string",
 						"format": "date-time"
@@ -5543,7 +5538,6 @@ const openapiDocument = {
 					"id",
 					"name",
 					"deploy_status",
-					"gateway_url",
 					"created_at",
 					"updated_at"
 				]
@@ -5570,10 +5564,6 @@ const openapiDocument = {
 						"type": ["string", "null"],
 						"format": "date-time"
 					},
-					"gateway_url": {
-						"type": "string",
-						"format": "uri"
-					},
 					"created_at": {
 						"type": "string",
 						"format": "date-time"
@@ -5588,7 +5578,6 @@ const openapiDocument = {
 					"name",
 					"code",
 					"deploy_status",
-					"gateway_url",
 					"created_at",
 					"updated_at"
 				]
@@ -5626,17 +5615,12 @@ const openapiDocument = {
 						"format": "uuid"
 					},
 					"name": { "type": "string" },
-					"deploy_status": { "$ref": "#/components/schemas/FunctionDeployStatus" },
-					"gateway_url": {
-						"type": "string",
-						"format": "uri"
-					}
+					"deploy_status": { "$ref": "#/components/schemas/FunctionDeployStatus" }
 				},
 				"required": [
 					"id",
 					"name",
-					"deploy_status",
-					"gateway_url"
+					"deploy_status"
 				]
 			},
 			"UpdateFunctionInput": {
@@ -6112,7 +6096,7 @@ const openapiDocument = {
 					"key": {
 						"type": "string",
 						"pattern": "^[A-Z_][A-Z0-9_]*$",
-						"description": "Uppercase letters, digits, and underscores. Must start with\na letter or underscore. System-managed keys (e.g.\nPRIMITIVE_WEBHOOK_SECRET) are reserved.\n"
+						"description": "Uppercase letters, digits, and underscores. Must start with\na letter or underscore. System-managed keys (e.g.\nPRIMITIVE_WEBHOOK_SECRET, PRIMITIVE_API_KEY, and\nPRIMITIVE_API_BASE_URL) are reserved.\n"
 					},
 					"value": {
 						"type": "string",
@@ -8437,7 +8421,7 @@ const operationManifest = [
 		"binaryResponse": false,
 		"bodyRequired": true,
 		"command": "create-function",
-		"description": "Creates and deploys a new function. The handler must be a single\nESM module whose default export is an object with an async\n`fetch(request, env)` method (Workers-style). The gateway\nHMAC-verifies the POST against the org's webhook secret before\ninvoking the handler; the request body parses to an\n`email.received` event (see `EmailReceivedEvent` and the\nWebhook payload section for the full schema). Code is bundled\nbefore being uploaded; ship a single self-contained file rather\nthan relying on external imports.\n\n**Code limits.** `code` is capped at 1 MiB UTF-8. `sourceMap`\n(optional) is capped at 5 MiB UTF-8, stored with each deployment\nattempt, and sent to the runtime so stack traces can resolve to\noriginal source files.\n\n**Auto-wiring.** On successful deploy, Primitive automatically\ncreates a webhook endpoint that delivers inbound mail to the\nfunction. There is nothing to configure on the Endpoints API\nfor this to work; the gateway URL returned here is for\nreference only and is not directly callable from outside.\n\n**Secrets.** New functions ship with the managed secrets\n(`PRIMITIVE_WEBHOOK_SECRET`, `PRIMITIVE_API_KEY`) already\nbound. Add user-set secrets via\n`POST /functions/{id}/secrets`; secret writes only land in the\nrunning handler on the next redeploy.\n",
+		"description": "Creates and deploys a new function. The handler must be a single\nESM module whose default export is an object with an async\n`fetch(request, env)` method (Workers-style). Primitive signs\neach delivery and forwards the `Primitive-Signature` header to\nthe handler. Verify the raw request body with\n`PRIMITIVE_WEBHOOK_SECRET` before parsing JSON; after verification\nthe request body parses to an `email.received` event (see\n`EmailReceivedEvent` and the Webhook payload section for the full\nschema). Code is bundled before being uploaded; ship a single\nself-contained file rather than relying on external imports.\n\n**Code limits.** `code` is capped at 1 MiB UTF-8. `sourceMap`\n(optional) is capped at 5 MiB UTF-8, stored with each deployment\nattempt, and sent to the runtime so stack traces can resolve to\noriginal source files.\n\n**Auto-wiring.** On successful deploy, Primitive automatically\ncreates a webhook endpoint that delivers inbound mail to the\nfunction. There is nothing to configure on the Endpoints API\nfor this to work; the internal runtime URL is not returned by\nthe API and is not a customer-facing integration surface.\n\n**Secrets.** New functions ship with the managed secrets\n(`PRIMITIVE_WEBHOOK_SECRET`, `PRIMITIVE_API_KEY`,\n`PRIMITIVE_API_BASE_URL`) already bound. Add user-set secrets via\n`POST /functions/{id}/secrets`; secret writes only land in the\nrunning handler on the next redeploy.\n",
 		"hasJsonBody": true,
 		"method": "POST",
 		"operationId": "createFunction",
@@ -8485,17 +8469,12 @@ const operationManifest = [
 						"failed"
 					],
 					"description": "Lifecycle state of the latest deploy attempt:\n  * `pending` — deploy in flight; the runtime has not yet\n    confirmed the new bundle is live.\n  * `deployed` — the running edge handler is the latest code.\n  * `failed` — the most recent deploy attempt failed; the\n    previously-live code (if any) is still running. The\n    `deploy_error` field carries the error message.\n"
-				},
-				"gateway_url": {
-					"type": "string",
-					"format": "uri"
 				}
 			},
 			"required": [
 				"id",
 				"name",
-				"deploy_status",
-				"gateway_url"
+				"deploy_status"
 			]
 		},
 		"sdkName": "createFunction",
@@ -8528,7 +8507,7 @@ const operationManifest = [
 				"key": {
 					"type": "string",
 					"pattern": "^[A-Z_][A-Z0-9_]*$",
-					"description": "Uppercase letters, digits, and underscores. Must start with\na letter or underscore. System-managed keys (e.g.\nPRIMITIVE_WEBHOOK_SECRET) are reserved.\n"
+					"description": "Uppercase letters, digits, and underscores. Must start with\na letter or underscore. System-managed keys (e.g.\nPRIMITIVE_WEBHOOK_SECRET, PRIMITIVE_API_KEY, and\nPRIMITIVE_API_BASE_URL) are reserved.\n"
 				},
 				"value": {
 					"type": "string",
@@ -8671,10 +8650,6 @@ const operationManifest = [
 					"type": ["string", "null"],
 					"format": "date-time"
 				},
-				"gateway_url": {
-					"type": "string",
-					"format": "uri"
-				},
 				"created_at": {
 					"type": "string",
 					"format": "date-time"
@@ -8689,7 +8664,6 @@ const operationManifest = [
 				"name",
 				"code",
 				"deploy_status",
-				"gateway_url",
 				"created_at",
 				"updated_at"
 			]
@@ -9235,7 +9209,7 @@ const operationManifest = [
 		"binaryResponse": false,
 		"bodyRequired": false,
 		"command": "list-function-secrets",
-		"description": "Returns metadata for every secret bound to the function, with\nmanaged entries (provisioned by Primitive) listed first and\nuser-set entries listed alphabetically after. **Values are\nnever returned.** Secret writes are write-only.\n\nManaged entries (e.g. `PRIMITIVE_WEBHOOK_SECRET`,\n`PRIMITIVE_API_KEY`) carry a `description` instead of\n`created_at` / `updated_at`. They cannot be created, updated,\nor deleted via this API.\n",
+		"description": "Returns metadata for every secret bound to the function, with\nmanaged entries (provisioned by Primitive) listed first and\nuser-set entries listed alphabetically after. **Values are\nnever returned.** Secret writes are write-only.\n\nManaged entries (e.g. `PRIMITIVE_WEBHOOK_SECRET`,\n`PRIMITIVE_API_KEY`, `PRIMITIVE_API_BASE_URL`) carry a\n`description` instead of `created_at` / `updated_at`. They\ncannot be created, updated, or deleted via this API.\n",
 		"hasJsonBody": false,
 		"method": "GET",
 		"operationId": "listFunctionSecrets",
@@ -9291,7 +9265,7 @@ const operationManifest = [
 		"binaryResponse": false,
 		"bodyRequired": false,
 		"command": "list-functions",
-		"description": "Returns every active (non-deleted) function in the org, newest\nfirst. Each entry carries the deploy status and the gateway URL\nthat the platform's webhook delivery loop posts to. To inspect\nthe source code or deploy errors, use `GET /functions/{id}`.\n",
+		"description": "Returns every active (non-deleted) function in the org, newest\nfirst. Each entry carries deploy status and timestamps. To\ninspect the source code or deploy errors, use `GET /functions/{id}`.\n",
 		"hasJsonBody": false,
 		"method": "GET",
 		"operationId": "listFunctions",
@@ -9328,11 +9302,6 @@ const operationManifest = [
 						"format": "date-time",
 						"description": "Timestamp of the most recent successful deploy. Null until the first deploy succeeds."
 					},
-					"gateway_url": {
-						"type": "string",
-						"format": "uri",
-						"description": "URL the platform's webhook delivery loop posts to in order\nto invoke the function. Reference only; not directly\ncallable from outside.\n"
-					},
 					"created_at": {
 						"type": "string",
 						"format": "date-time"
@@ -9346,7 +9315,6 @@ const operationManifest = [
 					"id",
 					"name",
 					"deploy_status",
-					"gateway_url",
 					"created_at",
 					"updated_at"
 				]
@@ -9575,10 +9543,6 @@ const operationManifest = [
 					"type": ["string", "null"],
 					"format": "date-time"
 				},
-				"gateway_url": {
-					"type": "string",
-					"format": "uri"
-				},
 				"created_at": {
 					"type": "string",
 					"format": "date-time"
@@ -9593,7 +9557,6 @@ const operationManifest = [
 				"name",
 				"code",
 				"deploy_status",
-				"gateway_url",
 				"created_at",
 				"updated_at"
 			]
@@ -12913,7 +12876,6 @@ function toDeployWaitSnapshot(value) {
 		...value.deploy_error !== void 0 ? { deploy_error: value.deploy_error } : {},
 		deploy_status: value.deploy_status,
 		...value.deployed_at !== void 0 ? { deployed_at: value.deployed_at } : {},
-		gateway_url: value.gateway_url,
 		id: value.id,
 		name: value.name,
 		...value.updated_at !== void 0 ? { updated_at: value.updated_at } : {}
@@ -13637,22 +13599,33 @@ const PRIMITIVE_TEAM_AUTHOR = {
 	name: "Primitive Team",
 	url: "https://primitive.dev"
 };
-const SDK_VERSION_RANGE = "^0.31.0";
-const CLI_VERSION_RANGE = "^0.31.0";
+const SDK_VERSION_RANGE = "^0.31.1";
+const CLI_VERSION_RANGE = "^0.31.1";
 const ESBUILD_VERSION_RANGE = "^0.27.0";
 function renderHandler() {
-	return `// env.PRIMITIVE_API_KEY is auto-injected by the Primitive Functions runtime.
+	return `// env.PRIMITIVE_API_KEY, env.PRIMITIVE_WEBHOOK_SECRET, and
+// env.PRIMITIVE_API_BASE_URL are auto-injected by the Primitive Functions runtime.
 //
 // Imports are taken from the \`/api\` subpath, NOT the package root.
 // The root export pulls in webhook signing helpers that depend on
 // \`node:crypto\`, which breaks Workers-style bundles. The \`/api\`
-// subpath is Workers-safe and exposes everything a handler needs.
+// subpath is Workers-safe and exposes everything a handler needs,
+// including Web Crypto signature verification.
 import {
   createPrimitiveClient,
   normalizeReceivedEmail,
+  PRIMITIVE_SIGNATURE_HEADER,
   type EmailReceivedEvent,
+  verifyWebhookSignature,
+  WebhookVerificationError,
 } from "@primitivedotdev/sdk/api";
 
+interface Env {
+  PRIMITIVE_API_KEY: string;
+  PRIMITIVE_API_BASE_URL: string;
+  PRIMITIVE_WEBHOOK_SECRET: string;
+}
+
 // Loop-protection knob. Only used by the isLoop helper below; the
 // handler's outbound reply address is server-defaulted (no
 // from-address parameter is passed to client.reply). Update this if
@@ -13702,10 +13675,26 @@ export function isLoop(event: EmailReceivedEvent): boolean {
 export default {
   async fetch(
     req: Request,
-    env: { PRIMITIVE_API_KEY: string },
+    env: Env,
   ): Promise<Response> {
     try {
-      const event = (await req.json()) as EmailReceivedEvent;
+      const rawBody = await req.text();
+      const signatureHeader = req.headers.get(PRIMITIVE_SIGNATURE_HEADER) ?? "";
+
+      try {
+        await verifyWebhookSignature({
+          rawBody,
+          signatureHeader,
+          secret: env.PRIMITIVE_WEBHOOK_SECRET,
+        });
+      } catch (signatureError) {
+        if (signatureError instanceof WebhookVerificationError) {
+          return new Response("invalid signature", { status: 401 });
+        }
+        throw signatureError;
+      }
+
+      const event = JSON.parse(rawBody) as EmailReceivedEvent;
 
       // Only "email.received" exists today. Future event types will
       // arrive with a different discriminator; return 2xx so the
@@ -13715,15 +13704,17 @@ export default {
         return Response.json({ ok: true, skipped: event.event });
       }
 
-      // Loop protection runs immediately after the event-type check
-      // (the gateway has already HMAC-verified the request before it
-      // reaches this handler). See isLoop above for what's covered and
-      // how to extend it.
+      // Loop protection runs immediately after signature verification
+      // and the event-type check. See isLoop above for what's covered
+      // and how to extend it.
       if (isLoop(event)) {
         return Response.json({ ok: true, skipped: "loop" });
       }
 
-      const client = createPrimitiveClient({ apiKey: env.PRIMITIVE_API_KEY });
+      const client = createPrimitiveClient({
+        apiKey: env.PRIMITIVE_API_KEY,
+        apiBaseUrl1: env.PRIMITIVE_API_BASE_URL,
+      });
 
       // Recipient gate
       // https://www.primitive.dev/docs/sending#who-you-can-send-to
@@ -13891,7 +13882,7 @@ function renderEmailReplyTemplateFiles(name) {
 const FUNCTION_TEMPLATES = [{
 	author: PRIMITIVE_TEAM_AUTHOR,
 	dependencies: ["@primitivedotdev/sdk"],
-	description: "A deployable TypeScript email handler that validates email.received events, skips likely loops, and replies with the Primitive SDK.",
+	description: "A deployable TypeScript email handler that verifies signed email.received events, skips likely loops, and replies with the Primitive SDK.",
 	devDependencies: [
 		"@primitivedotdev/cli",
 		"esbuild",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@primitivedotdev/cli",
-  "version": "0.31.0",
+  "version": "0.31.1",
   "description": "Official Primitive CLI: deploy Primitive Functions, send and inspect mail, manage endpoints, all from the terminal. Wraps the @primitivedotdev/sdk runtime client with one-shot commands.",
   "type": "module",
   "sideEffects": false,