npm - @primitivedotdev/cli - Versions diffs - 0.33.0 → 0.35.0 - Mend

@primitivedotdev/cli 0.33.0 → 0.35.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md +4 -0
package/bin/run.js +2 -2
package/dist/cli-config-SktG2dzR.js +1304 -0
package/dist/oclif/index.js +1517 -1334
package/dist/oclif/root-signup-hint.js +105 -2
package/package.json +10 -3

package/dist/oclif/index.js CHANGED Viewed

@@ -1,4 +1,5 @@
-import { Args, Command, Errors, Flags } from "@oclif/core";
+import { A as createClient, C as saveCliCredentials, D as loadChatConversationByLocalId, E as loadActiveChatState, O as saveActiveChatState, S as resolveCliAuth, T as deleteChatState, _ as deleteCliCredentials, a as normalizeCliEnvironmentName, b as normalizeApiBaseUrl1, c as resolveConfigEnvironment, d as validateCliHeaderName, f as validateCliHeaderValue, g as credentialsPath, h as credentialsLockPath, i as loadCliConfig, j as createConfig, k as PrimitiveApiClient, l as saveCliConfig, m as cliAccessTokenExpiresAt, n as deleteCliConfig, o as redactCliEnvironment, p as acquireCliCredentialsLock, r as emptyCliConfig, s as removeCliEnvironment, u as upsertCliEnvironment, v as deleteCliCredentialsLock, w as chatStatePath, x as normalizeApiBaseUrl2, y as loadCliCredentials } from "../cli-config-SktG2dzR.js";
+import { Args, Command, Errors, Flags, ux } from "@oclif/core";
 import { chmodSync, existsSync, mkdirSync, readFileSync, readdirSync, renameSync, rmSync, statSync, writeFileSync } from "node:fs";
 import { randomUUID } from "node:crypto";
 import { basename, dirname, join, relative, resolve, sep } from "node:path";
@@ -18,614 +19,6 @@ var __exportAll = (all, no_symbols) => {
 	return target;
 };
 //#endregion
-//#region ../packages/api-core/src/api/core/bodySerializer.gen.ts
-const jsonBodySerializer = { bodySerializer: (body) => JSON.stringify(body, (_key, value) => typeof value === "bigint" ? value.toString() : value) };
-//#endregion
-//#region ../packages/api-core/src/api/core/serverSentEvents.gen.ts
-function createSseClient({ onRequest, onSseError, onSseEvent, responseTransformer, responseValidator, sseDefaultRetryDelay, sseMaxRetryAttempts, sseMaxRetryDelay, sseSleepFn, url, ...options }) {
-	let lastEventId;
-	const sleep = sseSleepFn ?? ((ms) => new Promise((resolve) => setTimeout(resolve, ms)));
-	const createStream = async function* () {
-		let retryDelay = sseDefaultRetryDelay ?? 3e3;
-		let attempt = 0;
-		const signal = options.signal ?? new AbortController().signal;
-		while (true) {
-			if (signal.aborted) break;
-			attempt++;
-			const headers = options.headers instanceof Headers ? options.headers : new Headers(options.headers);
-			if (lastEventId !== void 0) headers.set("Last-Event-ID", lastEventId);
-			try {
-				const requestInit = {
-					redirect: "follow",
-					...options,
-					body: options.serializedBody,
-					headers,
-					signal
-				};
-				let request = new Request(url, requestInit);
-				if (onRequest) request = await onRequest(url, requestInit);
-				const response = await (options.fetch ?? globalThis.fetch)(request);
-				if (!response.ok) throw new Error(`SSE failed: ${response.status} ${response.statusText}`);
-				if (!response.body) throw new Error("No body in SSE response");
-				const reader = response.body.pipeThrough(new TextDecoderStream()).getReader();
-				let buffer = "";
-				const abortHandler = () => {
-					try {
-						reader.cancel();
-					} catch {}
-				};
-				signal.addEventListener("abort", abortHandler);
-				try {
-					while (true) {
-						const { done, value } = await reader.read();
-						if (done) break;
-						buffer += value;
-						buffer = buffer.replace(/\r\n?/g, "\n");
-						const chunks = buffer.split("\n\n");
-						buffer = chunks.pop() ?? "";
-						for (const chunk of chunks) {
-							const lines = chunk.split("\n");
-							const dataLines = [];
-							let eventName;
-							for (const line of lines) if (line.startsWith("data:")) dataLines.push(line.replace(/^data:\s*/, ""));
-							else if (line.startsWith("event:")) eventName = line.replace(/^event:\s*/, "");
-							else if (line.startsWith("id:")) lastEventId = line.replace(/^id:\s*/, "");
-							else if (line.startsWith("retry:")) {
-								const parsed = Number.parseInt(line.replace(/^retry:\s*/, ""), 10);
-								if (!Number.isNaN(parsed)) retryDelay = parsed;
-							}
-							let data;
-							let parsedJson = false;
-							if (dataLines.length) {
-								const rawData = dataLines.join("\n");
-								try {
-									data = JSON.parse(rawData);
-									parsedJson = true;
-								} catch {
-									data = rawData;
-								}
-							}
-							if (parsedJson) {
-								if (responseValidator) await responseValidator(data);
-								if (responseTransformer) data = await responseTransformer(data);
-							}
-							onSseEvent?.({
-								data,
-								event: eventName,
-								id: lastEventId,
-								retry: retryDelay
-							});
-							if (dataLines.length) yield data;
-						}
-					}
-				} finally {
-					signal.removeEventListener("abort", abortHandler);
-					reader.releaseLock();
-				}
-				break;
-			} catch (error) {
-				onSseError?.(error);
-				if (sseMaxRetryAttempts !== void 0 && attempt >= sseMaxRetryAttempts) break;
-				await sleep(Math.min(retryDelay * 2 ** (attempt - 1), sseMaxRetryDelay ?? 3e4));
-			}
-		}
-	};
-	return { stream: createStream() };
-}
-//#endregion
-//#region ../packages/api-core/src/api/core/pathSerializer.gen.ts
-const separatorArrayExplode = (style) => {
-	switch (style) {
-		case "label": return ".";
-		case "matrix": return ";";
-		case "simple": return ",";
-		default: return "&";
-	}
-};
-const separatorArrayNoExplode = (style) => {
-	switch (style) {
-		case "form": return ",";
-		case "pipeDelimited": return "|";
-		case "spaceDelimited": return "%20";
-		default: return ",";
-	}
-};
-const separatorObjectExplode = (style) => {
-	switch (style) {
-		case "label": return ".";
-		case "matrix": return ";";
-		case "simple": return ",";
-		default: return "&";
-	}
-};
-const serializeArrayParam = ({ allowReserved, explode, name, style, value }) => {
-	if (!explode) {
-		const joinedValues = (allowReserved ? value : value.map((v) => encodeURIComponent(v))).join(separatorArrayNoExplode(style));
-		switch (style) {
-			case "label": return `.${joinedValues}`;
-			case "matrix": return `;${name}=${joinedValues}`;
-			case "simple": return joinedValues;
-			default: return `${name}=${joinedValues}`;
-		}
-	}
-	const separator = separatorArrayExplode(style);
-	const joinedValues = value.map((v) => {
-		if (style === "label" || style === "simple") return allowReserved ? v : encodeURIComponent(v);
-		return serializePrimitiveParam({
-			allowReserved,
-			name,
-			value: v
-		});
-	}).join(separator);
-	return style === "label" || style === "matrix" ? separator + joinedValues : joinedValues;
-};
-const serializePrimitiveParam = ({ allowReserved, name, value }) => {
-	if (value === void 0 || value === null) return "";
-	if (typeof value === "object") throw new Error("Deeply-nested arrays/objects aren’t supported. Provide your own `querySerializer()` to handle these.");
-	return `${name}=${allowReserved ? value : encodeURIComponent(value)}`;
-};
-const serializeObjectParam = ({ allowReserved, explode, name, style, value, valueOnly }) => {
-	if (value instanceof Date) return valueOnly ? value.toISOString() : `${name}=${value.toISOString()}`;
-	if (style !== "deepObject" && !explode) {
-		let values = [];
-		Object.entries(value).forEach(([key, v]) => {
-			values = [
-				...values,
-				key,
-				allowReserved ? v : encodeURIComponent(v)
-			];
-		});
-		const joinedValues = values.join(",");
-		switch (style) {
-			case "form": return `${name}=${joinedValues}`;
-			case "label": return `.${joinedValues}`;
-			case "matrix": return `;${name}=${joinedValues}`;
-			default: return joinedValues;
-		}
-	}
-	const separator = separatorObjectExplode(style);
-	const joinedValues = Object.entries(value).map(([key, v]) => serializePrimitiveParam({
-		allowReserved,
-		name: style === "deepObject" ? `${name}[${key}]` : key,
-		value: v
-	})).join(separator);
-	return style === "label" || style === "matrix" ? separator + joinedValues : joinedValues;
-};
-//#endregion
-//#region ../packages/api-core/src/api/core/utils.gen.ts
-const PATH_PARAM_RE = /\{[^{}]+\}/g;
-const defaultPathSerializer = ({ path, url: _url }) => {
-	let url = _url;
-	const matches = _url.match(PATH_PARAM_RE);
-	if (matches) for (const match of matches) {
-		let explode = false;
-		let name = match.substring(1, match.length - 1);
-		let style = "simple";
-		if (name.endsWith("*")) {
-			explode = true;
-			name = name.substring(0, name.length - 1);
-		}
-		if (name.startsWith(".")) {
-			name = name.substring(1);
-			style = "label";
-		} else if (name.startsWith(";")) {
-			name = name.substring(1);
-			style = "matrix";
-		}
-		const value = path[name];
-		if (value === void 0 || value === null) continue;
-		if (Array.isArray(value)) {
-			url = url.replace(match, serializeArrayParam({
-				explode,
-				name,
-				style,
-				value
-			}));
-			continue;
-		}
-		if (typeof value === "object") {
-			url = url.replace(match, serializeObjectParam({
-				explode,
-				name,
-				style,
-				value,
-				valueOnly: true
-			}));
-			continue;
-		}
-		if (style === "matrix") {
-			url = url.replace(match, `;${serializePrimitiveParam({
-				name,
-				value
-			})}`);
-			continue;
-		}
-		const replaceValue = encodeURIComponent(style === "label" ? `.${value}` : value);
-		url = url.replace(match, replaceValue);
-	}
-	return url;
-};
-const getUrl = ({ baseUrl, path, query, querySerializer, url: _url }) => {
-	const pathUrl = _url.startsWith("/") ? _url : `/${_url}`;
-	let url = (baseUrl ?? "") + pathUrl;
-	if (path) url = defaultPathSerializer({
-		path,
-		url
-	});
-	let search = query ? querySerializer(query) : "";
-	if (search.startsWith("?")) search = search.substring(1);
-	if (search) url += `?${search}`;
-	return url;
-};
-function getValidRequestBody(options) {
-	const hasBody = options.body !== void 0;
-	if (hasBody && options.bodySerializer) {
-		if ("serializedBody" in options) return options.serializedBody !== void 0 && options.serializedBody !== "" ? options.serializedBody : null;
-		return options.body !== "" ? options.body : null;
-	}
-	if (hasBody) return options.body;
-}
-//#endregion
-//#region ../packages/api-core/src/api/core/auth.gen.ts
-const getAuthToken = async (auth, callback) => {
-	const token = typeof callback === "function" ? await callback(auth) : callback;
-	if (!token) return;
-	if (auth.scheme === "bearer") return `Bearer ${token}`;
-	if (auth.scheme === "basic") return `Basic ${btoa(token)}`;
-	return token;
-};
-//#endregion
-//#region ../packages/api-core/src/api/client/utils.gen.ts
-const createQuerySerializer = ({ parameters = {}, ...args } = {}) => {
-	const querySerializer = (queryParams) => {
-		const search = [];
-		if (queryParams && typeof queryParams === "object") for (const name in queryParams) {
-			const value = queryParams[name];
-			if (value === void 0 || value === null) continue;
-			const options = parameters[name] || args;
-			if (Array.isArray(value)) {
-				const serializedArray = serializeArrayParam({
-					allowReserved: options.allowReserved,
-					explode: true,
-					name,
-					style: "form",
-					value,
-					...options.array
-				});
-				if (serializedArray) search.push(serializedArray);
-			} else if (typeof value === "object") {
-				const serializedObject = serializeObjectParam({
-					allowReserved: options.allowReserved,
-					explode: true,
-					name,
-					style: "deepObject",
-					value,
-					...options.object
-				});
-				if (serializedObject) search.push(serializedObject);
-			} else {
-				const serializedPrimitive = serializePrimitiveParam({
-					allowReserved: options.allowReserved,
-					name,
-					value
-				});
-				if (serializedPrimitive) search.push(serializedPrimitive);
-			}
-		}
-		return search.join("&");
-	};
-	return querySerializer;
-};
-/**
-* Infers parseAs value from provided Content-Type header.
-*/
-const getParseAs = (contentType) => {
-	if (!contentType) return "stream";
-	const cleanContent = contentType.split(";")[0]?.trim();
-	if (!cleanContent) return;
-	if (cleanContent.startsWith("application/json") || cleanContent.endsWith("+json")) return "json";
-	if (cleanContent === "multipart/form-data") return "formData";
-	if ([
-		"application/",
-		"audio/",
-		"image/",
-		"video/"
-	].some((type) => cleanContent.startsWith(type))) return "blob";
-	if (cleanContent.startsWith("text/")) return "text";
-};
-const checkForExistence = (options, name) => {
-	if (!name) return false;
-	if (options.headers.has(name) || options.query?.[name] || options.headers.get("Cookie")?.includes(`${name}=`)) return true;
-	return false;
-};
-const setAuthParams = async ({ security, ...options }) => {
-	for (const auth of security) {
-		if (checkForExistence(options, auth.name)) continue;
-		const token = await getAuthToken(auth, options.auth);
-		if (!token) continue;
-		const name = auth.name ?? "Authorization";
-		switch (auth.in) {
-			case "query":
-				if (!options.query) options.query = {};
-				options.query[name] = token;
-				break;
-			case "cookie":
-				options.headers.append("Cookie", `${name}=${token}`);
-				break;
-			default:
-				options.headers.set(name, token);
-				break;
-		}
-	}
-};
-const buildUrl = (options) => getUrl({
-	baseUrl: options.baseUrl,
-	path: options.path,
-	query: options.query,
-	querySerializer: typeof options.querySerializer === "function" ? options.querySerializer : createQuerySerializer(options.querySerializer),
-	url: options.url
-});
-const mergeConfigs = (a, b) => {
-	const config = {
-		...a,
-		...b
-	};
-	if (config.baseUrl?.endsWith("/")) config.baseUrl = config.baseUrl.substring(0, config.baseUrl.length - 1);
-	config.headers = mergeHeaders$1(a.headers, b.headers);
-	return config;
-};
-const headersEntries = (headers) => {
-	const entries = [];
-	headers.forEach((value, key) => {
-		entries.push([key, value]);
-	});
-	return entries;
-};
-const mergeHeaders$1 = (...headers) => {
-	const mergedHeaders = new Headers();
-	for (const header of headers) {
-		if (!header) continue;
-		const iterator = header instanceof Headers ? headersEntries(header) : Object.entries(header);
-		for (const [key, value] of iterator) if (value === null) mergedHeaders.delete(key);
-		else if (Array.isArray(value)) for (const v of value) mergedHeaders.append(key, v);
-		else if (value !== void 0) mergedHeaders.set(key, typeof value === "object" ? JSON.stringify(value) : value);
-	}
-	return mergedHeaders;
-};
-var Interceptors = class {
-	fns = [];
-	clear() {
-		this.fns = [];
-	}
-	eject(id) {
-		const index = this.getInterceptorIndex(id);
-		if (this.fns[index]) this.fns[index] = null;
-	}
-	exists(id) {
-		const index = this.getInterceptorIndex(id);
-		return Boolean(this.fns[index]);
-	}
-	getInterceptorIndex(id) {
-		if (typeof id === "number") return this.fns[id] ? id : -1;
-		return this.fns.indexOf(id);
-	}
-	update(id, fn) {
-		const index = this.getInterceptorIndex(id);
-		if (this.fns[index]) {
-			this.fns[index] = fn;
-			return id;
-		}
-		return false;
-	}
-	use(fn) {
-		this.fns.push(fn);
-		return this.fns.length - 1;
-	}
-};
-const createInterceptors = () => ({
-	error: new Interceptors(),
-	request: new Interceptors(),
-	response: new Interceptors()
-});
-const defaultQuerySerializer = createQuerySerializer({
-	allowReserved: false,
-	array: {
-		explode: true,
-		style: "form"
-	},
-	object: {
-		explode: true,
-		style: "deepObject"
-	}
-});
-const defaultHeaders = { "Content-Type": "application/json" };
-const createConfig = (override = {}) => ({
-	...jsonBodySerializer,
-	headers: defaultHeaders,
-	parseAs: "auto",
-	querySerializer: defaultQuerySerializer,
-	...override
-});
-//#endregion
-//#region ../packages/api-core/src/api/client/client.gen.ts
-const createClient = (config = {}) => {
-	let _config = mergeConfigs(createConfig(), config);
-	const getConfig = () => ({ ..._config });
-	const setConfig = (config) => {
-		_config = mergeConfigs(_config, config);
-		return getConfig();
-	};
-	const interceptors = createInterceptors();
-	const beforeRequest = async (options) => {
-		const opts = {
-			..._config,
-			...options,
-			fetch: options.fetch ?? _config.fetch ?? globalThis.fetch,
-			headers: mergeHeaders$1(_config.headers, options.headers),
-			serializedBody: void 0
-		};
-		if (opts.security) await setAuthParams({
-			...opts,
-			security: opts.security
-		});
-		if (opts.requestValidator) await opts.requestValidator(opts);
-		if (opts.body !== void 0 && opts.bodySerializer) opts.serializedBody = opts.bodySerializer(opts.body);
-		if (opts.body === void 0 || opts.serializedBody === "") opts.headers.delete("Content-Type");
-		const resolvedOpts = opts;
-		return {
-			opts: resolvedOpts,
-			url: buildUrl(resolvedOpts)
-		};
-	};
-	const request = async (options) => {
-		const { opts, url } = await beforeRequest(options);
-		const requestInit = {
-			redirect: "follow",
-			...opts,
-			body: getValidRequestBody(opts)
-		};
-		let request = new Request(url, requestInit);
-		for (const fn of interceptors.request.fns) if (fn) request = await fn(request, opts);
-		const _fetch = opts.fetch;
-		let response;
-		try {
-			response = await _fetch(request);
-		} catch (error) {
-			let finalError = error;
-			for (const fn of interceptors.error.fns) if (fn) finalError = await fn(error, void 0, request, opts);
-			finalError = finalError || {};
-			if (opts.throwOnError) throw finalError;
-			return opts.responseStyle === "data" ? void 0 : {
-				error: finalError,
-				request,
-				response: void 0
-			};
-		}
-		for (const fn of interceptors.response.fns) if (fn) response = await fn(response, request, opts);
-		const result = {
-			request,
-			response
-		};
-		if (response.ok) {
-			const parseAs = (opts.parseAs === "auto" ? getParseAs(response.headers.get("Content-Type")) : opts.parseAs) ?? "json";
-			if (response.status === 204 || response.headers.get("Content-Length") === "0") {
-				let emptyData;
-				switch (parseAs) {
-					case "arrayBuffer":
-					case "blob":
-					case "text":
-						emptyData = await response[parseAs]();
-						break;
-					case "formData":
-						emptyData = new FormData();
-						break;
-					case "stream":
-						emptyData = response.body;
-						break;
-					default:
-						emptyData = {};
-						break;
-				}
-				return opts.responseStyle === "data" ? emptyData : {
-					data: emptyData,
-					...result
-				};
-			}
-			let data;
-			switch (parseAs) {
-				case "arrayBuffer":
-				case "blob":
-				case "formData":
-				case "text":
-					data = await response[parseAs]();
-					break;
-				case "json": {
-					const text = await response.text();
-					data = text ? JSON.parse(text) : {};
-					break;
-				}
-				case "stream": return opts.responseStyle === "data" ? response.body : {
-					data: response.body,
-					...result
-				};
-			}
-			if (parseAs === "json") {
-				if (opts.responseValidator) await opts.responseValidator(data);
-				if (opts.responseTransformer) data = await opts.responseTransformer(data);
-			}
-			return opts.responseStyle === "data" ? data : {
-				data,
-				...result
-			};
-		}
-		const textError = await response.text();
-		let jsonError;
-		try {
-			jsonError = JSON.parse(textError);
-		} catch {}
-		const error = jsonError ?? textError;
-		let finalError = error;
-		for (const fn of interceptors.error.fns) if (fn) finalError = await fn(error, response, request, opts);
-		finalError = finalError || {};
-		if (opts.throwOnError) throw finalError;
-		return opts.responseStyle === "data" ? void 0 : {
-			error: finalError,
-			...result
-		};
-	};
-	const makeMethodFn = (method) => (options) => request({
-		...options,
-		method
-	});
-	const makeSseFn = (method) => async (options) => {
-		const { opts, url } = await beforeRequest(options);
-		return createSseClient({
-			...opts,
-			body: opts.body,
-			headers: opts.headers,
-			method,
-			onRequest: async (url, init) => {
-				let request = new Request(url, init);
-				for (const fn of interceptors.request.fns) if (fn) request = await fn(request, opts);
-				return request;
-			},
-			serializedBody: getValidRequestBody(opts),
-			url
-		});
-	};
-	const _buildUrl = (options) => buildUrl({
-		..._config,
-		...options
-	});
-	return {
-		buildUrl: _buildUrl,
-		connect: makeMethodFn("CONNECT"),
-		delete: makeMethodFn("DELETE"),
-		get: makeMethodFn("GET"),
-		getConfig,
-		head: makeMethodFn("HEAD"),
-		interceptors,
-		options: makeMethodFn("OPTIONS"),
-		patch: makeMethodFn("PATCH"),
-		post: makeMethodFn("POST"),
-		put: makeMethodFn("PUT"),
-		request,
-		setConfig,
-		sse: {
-			connect: makeSseFn("CONNECT"),
-			delete: makeSseFn("DELETE"),
-			get: makeSseFn("GET"),
-			head: makeSseFn("HEAD"),
-			options: makeSseFn("OPTIONS"),
-			patch: makeSseFn("PATCH"),
-			post: makeSseFn("POST"),
-			put: makeSseFn("PUT"),
-			trace: makeSseFn("TRACE")
-		},
-		trace: makeMethodFn("TRACE")
-	};
-};
-//#endregion
 //#region ../packages/api-core/src/api/client.gen.ts
 const client = createClient(createConfig({ baseUrl: "https://www.primitive.dev/api/v1" }));
 //#endregion
@@ -648,6 +41,7 @@ var sdk_gen_exports = /* @__PURE__ */ __exportAll({
 	downloadDomainZoneFile: () => downloadDomainZoneFile,
 	downloadRawEmail: () => downloadRawEmail,
 	getAccount: () => getAccount,
+	getConversation: () => getConversation,
 	getEmail: () => getEmail,
 	getFunction: () => getFunction,
 	getFunctionTestRunTrace: () => getFunctionTestRunTrace,
@@ -674,6 +68,7 @@ var sdk_gen_exports = /* @__PURE__ */ __exportAll({
 	resendCliSignupVerification: () => resendCliSignupVerification,
 	rotateWebhookSecret: () => rotateWebhookSecret,
 	searchEmails: () => searchEmails,
+	semanticSearch: () => semanticSearch,
 	sendEmail: () => sendEmail,
 	setFunctionSecret: () => setFunctionSecret,
 	startAgentSignup: () => startAgentSignup,
@@ -1201,9 +596,9 @@ const downloadAttachments = (options) => (options.client ?? client).get({
 * derivation (Reply-To, then From, then bare sender), and the
 * `Re:` subject prefix are all derived server-side from the
 * stored inbound row. The request body carries only the message
-* body and optional `wait` flag; passing any header or recipient
-* override is rejected by the schema (`additionalProperties:
-* false`).
+* body, optional From override, optional attachments, and optional
+* `wait` flag; passing any header or recipient override is
+* rejected by the schema (`additionalProperties: false`).
 *
 * Forwards through the same gates as `/send-mail`: the response
 * status, error envelope, and `idempotent_replay` flag mirror
@@ -1267,6 +662,37 @@ const discardEmailContent = (options) => (options.client ?? client).post({
 	...options
 });
 /**
+* Get the conversation an email belongs to
+*
+* Returns the full conversation the given inbound email belongs
+* to, as ordered, ready-to-prompt turns WITH bodies. It resolves
+* the thread from the email and returns every message oldest-first,
+* so an agent that received an email can pass `messages` straight
+* to a chat model in one call instead of walking `/threads/{id}`
+* plus `/emails/{id}` and `/sent-emails/{id}` per message.
+*
+* Each message carries a `direction` (`inbound` | `outbound`) and a
+* derived `role`: `inbound` -> `user`, `outbound` -> `assistant`
+* (your own prior replies). The role mapping assumes the caller
+* owns the outbound side, which is the agent-reply case this exists
+* for. If the email has no thread yet (a brand-new message), the
+* conversation is just that one message as a single user turn.
+*
+* The message list is capped; check `truncated` to detect when
+* older messages were omitted. Consecutive same-role turns are not
+* merged here; that normalization is model-specific and left to the
+* caller.
+*
+*/
+const getConversation = (options) => (options.client ?? client).get({
+	security: [{
+		scheme: "bearer",
+		type: "http"
+	}],
+	url: "/emails/{id}/conversation",
+	...options
+});
+/**
 * List webhook endpoints
 *
 * Returns all active (non-deleted) webhook endpoints.
@@ -1531,6 +957,42 @@ const sendEmail = (options) => (options.client ?? client).post({
 	}
 });
 /**
+* Semantic search across received and sent mail
+*
+* Ranked search across both received and sent mail. The `mode`
+* field selects the ranking strategy:
+*
+* - `keyword`: lexical full-text matching only (no embeddings).
+* - `semantic`: meaning-based matching using vector embeddings.
+* - `hybrid` (default): blends the semantic and keyword signals.
+*
+* Results are ordered by a relevance `score`. Every row reports the
+* fields it matched (`matched_fields`), a match-centered excerpt per
+* field (`snippets`), and a `score_breakdown` whose components account
+* for the `score`. Page through results by passing the prior
+* response's `meta.cursor` back as `cursor`.
+*
+* Requires the Pro plan and the `semantic_search_enabled`
+* entitlement; callers without them receive `403`.
+*
+* Host routing: this operation is served only by the search host
+* (`https://api.primitive.dev/v1`). The typed SDKs route it there
+* automatically.
+*
+*/
+const semanticSearch = (options) => (options.client ?? client).post({
+	security: [{
+		scheme: "bearer",
+		type: "http"
+	}],
+	url: "/semantic-search",
+	...options,
+	headers: {
+		...options.body !== void 0 && { "Content-Type": "application/json" },
+		...options.headers
+	}
+});
+/**
 * List outbound sent emails
 *
 * Returns a paginated list of OUTBOUND emails the caller's
@@ -1953,6 +1415,10 @@ const openapiDocument = {
 			"name": "Emails",
 			"description": "List, inspect, and manage received emails"
 		},
+		{
+			"name": "Search",
+			"description": "Semantic and hybrid search across received and sent mail"
+		},
 		{
 			"name": "Sending",
 			"description": "Send outbound emails through the Primitive API"
@@ -2941,7 +2407,14 @@ const openapiDocument = {
 			"post": {
 				"operationId": "replyToEmail",
 				"summary": "Reply to an inbound email",
-				"description": "Sends an outbound reply to the inbound email identified by `id`.\nThreading headers (`In-Reply-To`, `References`), recipient\nderivation (Reply-To, then From, then bare sender), and the\n`Re:` subject prefix are all derived server-side from the\nstored inbound row. The request body carries only the message\nbody and optional `wait` flag; passing any header or recipient\noverride is rejected by the schema (`additionalProperties:\nfalse`).\n\nForwards through the same gates as `/send-mail`: the response\nstatus, error envelope, and `idempotent_replay` flag mirror\nthe send-mail contract verbatim.\n",
+				"description": "Sends an outbound reply to the inbound email identified by `id`.\nThreading headers (`In-Reply-To`, `References`), recipient\nderivation (Reply-To, then From, then bare sender), and the\n`Re:` subject prefix are all derived server-side from the\nstored inbound row. The request body carries only the message\nbody, optional From override, optional attachments, and optional\n`wait` flag; passing any header or recipient override is\nrejected by the schema (`additionalProperties: false`).\n\nForwards through the same gates as `/send-mail`: the response\nstatus, error envelope, and `idempotent_replay` flag mirror\nthe send-mail contract verbatim.\n",
+				"servers": [{
+					"url": "https://api.primitive.dev/v1",
+					"description": "Attachments-supporting send host (recommended)"
+				}, {
+					"url": "https://www.primitive.dev/api/v1",
+					"description": "Primary host (attachment-free replies only)"
+				}],
 				"tags": ["Sending"],
 				"requestBody": {
 					"required": true,
@@ -3026,6 +2499,27 @@ const openapiDocument = {
 				}
 			}
 		},
+		"/emails/{id}/conversation": {
+			"parameters": [{ "$ref": "#/components/parameters/ResourceId" }],
+			"get": {
+				"operationId": "getConversation",
+				"summary": "Get the conversation an email belongs to",
+				"description": "Returns the full conversation the given inbound email belongs\nto, as ordered, ready-to-prompt turns WITH bodies. It resolves\nthe thread from the email and returns every message oldest-first,\nso an agent that received an email can pass `messages` straight\nto a chat model in one call instead of walking `/threads/{id}`\nplus `/emails/{id}` and `/sent-emails/{id}` per message.\n\nEach message carries a `direction` (`inbound` | `outbound`) and a\nderived `role`: `inbound` -> `user`, `outbound` -> `assistant`\n(your own prior replies). The role mapping assumes the caller\nowns the outbound side, which is the agent-reply case this exists\nfor. If the email has no thread yet (a brand-new message), the\nconversation is just that one message as a single user turn.\n\nThe message list is capped; check `truncated` to detect when\nolder messages were omitted. Consecutive same-role turns are not\nmerged here; that normalization is model-specific and left to the\ncaller.\n",
+				"tags": ["Emails"],
+				"responses": {
+					"200": {
+						"description": "Conversation",
+						"content": { "application/json": { "schema": { "allOf": [{ "$ref": "#/components/schemas/SuccessEnvelope" }, {
+							"type": "object",
+							"properties": { "data": { "$ref": "#/components/schemas/Conversation" } }
+						}] } } }
+					},
+					"400": { "$ref": "#/components/responses/ValidationError" },
+					"401": { "$ref": "#/components/responses/Unauthorized" },
+					"404": { "$ref": "#/components/responses/NotFound" }
+				}
+			}
+		},
 		"/endpoints": {
 			"get": {
 				"operationId": "listEndpoints",
@@ -3370,6 +2864,42 @@ const openapiDocument = {
 				"503": { "$ref": "#/components/responses/ServiceUnavailable" }
 			}
 		} },
+		"/semantic-search": { "post": {
+			"operationId": "semanticSearch",
+			"summary": "Semantic search across received and sent mail",
+			"description": "Ranked search across both received and sent mail. The `mode`\nfield selects the ranking strategy:\n\n- `keyword`: lexical full-text matching only (no embeddings).\n- `semantic`: meaning-based matching using vector embeddings.\n- `hybrid` (default): blends the semantic and keyword signals.\n\nResults are ordered by a relevance `score`. Every row reports the\nfields it matched (`matched_fields`), a match-centered excerpt per\nfield (`snippets`), and a `score_breakdown` whose components account\nfor the `score`. Page through results by passing the prior\nresponse's `meta.cursor` back as `cursor`.\n\nRequires the Pro plan and the `semantic_search_enabled`\nentitlement; callers without them receive `403`.\n\nHost routing: this operation is served only by the search host\n(`https://api.primitive.dev/v1`). The typed SDKs route it there\nautomatically.\n",
+			"servers": [{
+				"url": "https://api.primitive.dev/v1",
+				"description": "Search host"
+			}],
+			"tags": ["Search"],
+			"requestBody": {
+				"required": true,
+				"content": { "application/json": { "schema": { "$ref": "#/components/schemas/SemanticSearchInput" } } }
+			},
+			"responses": {
+				"200": {
+					"description": "Ranked search results",
+					"content": { "application/json": { "schema": { "allOf": [{ "$ref": "#/components/schemas/SuccessEnvelope" }, {
+						"type": "object",
+						"properties": {
+							"data": {
+								"type": "array",
+								"items": { "$ref": "#/components/schemas/SemanticSearchResult" }
+							},
+							"meta": { "$ref": "#/components/schemas/SemanticSearchMeta" }
+						},
+						"required": ["data", "meta"]
+					}] } } }
+				},
+				"400": { "$ref": "#/components/responses/ValidationError" },
+				"401": { "$ref": "#/components/responses/Unauthorized" },
+				"403": { "$ref": "#/components/responses/Forbidden" },
+				"429": { "$ref": "#/components/responses/RateLimited" },
+				"500": { "$ref": "#/components/responses/InternalError" },
+				"503": { "$ref": "#/components/responses/ServiceUnavailable" }
+			}
+		} },
 		"/sent-emails": { "get": {
 			"operationId": "listSentEmails",
 			"summary": "List outbound sent emails",
@@ -5864,46 +5394,118 @@ const openapiDocument = {
 				},
 				"required": ["direction", "id"]
 			},
-			"SendMailAttachment": {
+			"Conversation": {
 				"type": "object",
-				"additionalProperties": false,
+				"description": "The full conversation an inbound email belongs to, as ordered,\nready-to-prompt turns with bodies. Resolves the thread from the\nemail and returns every message oldest-first, so an agent that\nreceived an email can pass `messages` straight to a chat model in\none call.\n",
 				"properties": {
-					"filename": {
-						"type": "string",
-						"minLength": 1,
-						"maxLength": 255,
-						"description": "Attachment filename. Control characters are rejected."
+					"thread_id": {
+						"type": ["string", "null"],
+						"format": "uuid",
+						"description": "The thread this email belongs to, or null when the email\nisn't threaded yet (the conversation is then just this one\nmessage).\n"
 					},
-					"content_type": {
-						"type": "string",
-						"minLength": 1,
-						"maxLength": 255,
-						"description": "Optional MIME content type. Control characters are rejected."
+					"subject": {
+						"type": ["string", "null"],
+						"description": "Normalized thread subject (Re/Fwd prefixes stripped), or the\nemail's own subject when it isn't threaded.\n"
 					},
-					"content_base64": {
-						"type": "string",
-						"minLength": 1,
-						"maxLength": 44040192,
-						"description": "Base64-encoded attachment bytes."
+					"message_count": {
+						"type": "integer",
+						"description": "Total messages in the thread. `messages` is capped, so\n`truncated` is true (and this can exceed `messages.length`)\nwhen older messages were omitted.\n"
+					},
+					"truncated": {
+						"type": "boolean",
+						"description": "True when `messages` omits part of the conversation because\nthe thread exceeds the per-call cap.\n"
+					},
+					"messages": {
+						"type": "array",
+						"items": { "$ref": "#/components/schemas/ConversationMessage" }
 					}
 				},
-				"required": ["filename", "content_base64"]
+				"required": [
+					"thread_id",
+					"message_count",
+					"truncated",
+					"messages"
+				]
 			},
-			"SendMailInput": {
+			"ConversationMessage": {
 				"type": "object",
-				"additionalProperties": false,
+				"description": "One message in the conversation, with its body and a chat role.",
 				"properties": {
-					"from": {
+					"role": {
 						"type": "string",
-						"minLength": 3,
-						"maxLength": 998,
-						"description": "RFC 5322 From header. The sender domain must be a verified outbound domain for your organization."
+						"enum": ["user", "assistant"],
+						"description": "Chat role derived from `direction`: `user` for inbound\n(received) messages, `assistant` for outbound (your own prior\nreplies). Lets `messages` be passed directly to a chat model.\n"
 					},
-					"to": {
+					"direction": {
 						"type": "string",
-						"minLength": 3,
-						"maxLength": 320,
-						"description": "Recipient address. Recipient eligibility depends on your account's outbound entitlements."
+						"enum": ["inbound", "outbound"],
+						"description": "`inbound` for a received email (`/emails/{id}`), `outbound`\nfor a send (`/sent-emails/{id}`).\n"
+					},
+					"id": {
+						"type": "string",
+						"format": "uuid"
+					},
+					"message_id": { "type": ["string", "null"] },
+					"from": { "type": ["string", "null"] },
+					"to": { "type": ["string", "null"] },
+					"subject": { "type": ["string", "null"] },
+					"text": {
+						"type": "string",
+						"description": "Plain-text body. Empty string when the message has no text\npart or its content was discarded by retention.\n"
+					},
+					"timestamp": {
+						"type": ["string", "null"],
+						"format": "date-time",
+						"description": "received_at for inbound, created_at for outbound."
+					}
+				},
+				"required": [
+					"role",
+					"direction",
+					"id",
+					"text"
+				]
+			},
+			"SendMailAttachment": {
+				"type": "object",
+				"additionalProperties": false,
+				"properties": {
+					"filename": {
+						"type": "string",
+						"minLength": 1,
+						"maxLength": 255,
+						"description": "Attachment filename. Control characters are rejected."
+					},
+					"content_type": {
+						"type": "string",
+						"minLength": 1,
+						"maxLength": 255,
+						"description": "Optional MIME content type. Control characters are rejected."
+					},
+					"content_base64": {
+						"type": "string",
+						"minLength": 1,
+						"maxLength": 44040192,
+						"description": "Base64-encoded attachment bytes."
+					}
+				},
+				"required": ["filename", "content_base64"]
+			},
+			"SendMailInput": {
+				"type": "object",
+				"additionalProperties": false,
+				"properties": {
+					"from": {
+						"type": "string",
+						"minLength": 3,
+						"maxLength": 998,
+						"description": "RFC 5322 From header. The sender domain must be a verified outbound domain for your organization."
+					},
+					"to": {
+						"type": "string",
+						"minLength": 3,
+						"maxLength": 320,
+						"description": "Recipient address. Recipient eligibility depends on your account's outbound entitlements."
 					},
 					"subject": {
 						"type": "string",
@@ -6142,6 +5744,236 @@ const openapiDocument = {
 					"body_size_bytes"
 				]
 			},
+			"SemanticSearchField": {
+				"type": "string",
+				"enum": [
+					"subject",
+					"headers",
+					"addresses",
+					"body"
+				],
+				"description": "A searchable email field."
+			},
+			"SemanticSearchInput": {
+				"type": "object",
+				"properties": {
+					"query": {
+						"type": "string",
+						"minLength": 1,
+						"maxLength": 2048,
+						"description": "Free-text query. Required for `semantic` and `hybrid` modes;\noptional for `keyword` mode.\n"
+					},
+					"mode": {
+						"type": "string",
+						"enum": [
+							"hybrid",
+							"semantic",
+							"keyword"
+						],
+						"default": "hybrid",
+						"description": "Ranking strategy. `keyword` is lexical only, `semantic` is\nembedding-based, `hybrid` blends both.\n"
+					},
+					"corpus": {
+						"type": "array",
+						"items": {
+							"type": "string",
+							"enum": ["inbound", "outbound"]
+						},
+						"minItems": 1,
+						"maxItems": 2,
+						"description": "Which mail to search. Defaults to both received (`inbound`)\nand sent (`outbound`).\n"
+					},
+					"search_in": {
+						"type": "array",
+						"items": { "$ref": "#/components/schemas/SemanticSearchField" },
+						"description": "Restrict matching to these fields. Defaults to all."
+					},
+					"exclude": {
+						"type": "array",
+						"items": { "$ref": "#/components/schemas/SemanticSearchField" },
+						"description": "Exclude these fields from matching."
+					},
+					"date_from": {
+						"type": "string",
+						"format": "date-time",
+						"description": "Only include mail at or after this timestamp."
+					},
+					"date_to": {
+						"type": "string",
+						"format": "date-time",
+						"description": "Only include mail at or before this timestamp."
+					},
+					"include": {
+						"type": "array",
+						"items": {
+							"type": "string",
+							"enum": ["coverage"]
+						},
+						"description": "Opt-in extras. `coverage` adds an index-coverage snapshot to\n`meta`. Matched fields, snippets, and the score breakdown are\nalways returned regardless of this field.\n"
+					},
+					"limit": {
+						"type": "integer",
+						"minimum": 1,
+						"maximum": 100,
+						"default": 10,
+						"description": "Maximum number of results to return."
+					},
+					"cursor": {
+						"type": "string",
+						"description": "Opaque pagination cursor from a prior response's `meta.cursor`."
+					}
+				}
+			},
+			"SemanticSearchSnippet": {
+				"type": "object",
+				"properties": {
+					"field": {
+						"type": "string",
+						"description": "The field this excerpt came from."
+					},
+					"text": {
+						"type": "string",
+						"description": "Plain-text excerpt centered on the match (no markup)."
+					}
+				},
+				"required": ["field", "text"]
+			},
+			"SemanticSearchScoreBreakdown": {
+				"type": "object",
+				"description": "Additive contributions to `score`. `semantic` and `keyword` are the\nraw signals times the mode's weight (null when not applicable);\nthese plus `field_boost` and `recency` sum to `score` before each\nvalue is independently rounded to 5 decimal places.\n",
+				"properties": {
+					"semantic": { "type": ["number", "null"] },
+					"keyword": { "type": ["number", "null"] },
+					"field_boost": { "type": "number" },
+					"recency": { "type": "number" }
+				},
+				"required": [
+					"semantic",
+					"keyword",
+					"field_boost",
+					"recency"
+				]
+			},
+			"SemanticSearchResult": {
+				"type": "object",
+				"properties": {
+					"source_type": {
+						"type": "string",
+						"enum": ["inbound_email", "sent_email"],
+						"description": "Whether this row is a received or sent message."
+					},
+					"id": {
+						"type": "string",
+						"description": "Message id. Combine with `api_url` to fetch the full record."
+					},
+					"subject": { "type": ["string", "null"] },
+					"from": { "type": ["string", "null"] },
+					"to": { "type": ["string", "null"] },
+					"timestamp": {
+						"type": "string",
+						"description": "Message timestamp (received_at for inbound, created_at for sent)."
+					},
+					"status": {
+						"type": "string",
+						"description": "Lifecycle status of the message."
+					},
+					"score": {
+						"type": "number",
+						"description": "Overall relevance score; the `score_breakdown` components account for it."
+					},
+					"semantic_score": {
+						"type": ["number", "null"],
+						"description": "Raw semantic similarity signal, or null when not applicable."
+					},
+					"keyword_score": {
+						"type": ["number", "null"],
+						"description": "Raw keyword (lexical) signal, or null when not applicable."
+					},
+					"matched_fields": {
+						"type": "array",
+						"items": { "$ref": "#/components/schemas/SemanticSearchField" },
+						"description": "Fields where the query matched."
+					},
+					"snippets": {
+						"type": "array",
+						"items": { "$ref": "#/components/schemas/SemanticSearchSnippet" },
+						"description": "Match-centered excerpts, one per matched field."
+					},
+					"score_breakdown": { "$ref": "#/components/schemas/SemanticSearchScoreBreakdown" },
+					"api_url": {
+						"type": ["string", "null"],
+						"description": "Relative API path to fetch the full message."
+					}
+				},
+				"required": [
+					"source_type",
+					"id",
+					"subject",
+					"from",
+					"to",
+					"timestamp",
+					"status",
+					"score",
+					"semantic_score",
+					"keyword_score",
+					"matched_fields",
+					"snippets",
+					"score_breakdown",
+					"api_url"
+				]
+			},
+			"SemanticSearchCoverage": {
+				"type": "object",
+				"description": "Index-coverage snapshot for the org, returned only when the `coverage` include option is requested.",
+				"properties": {
+					"embedded_chunks": { "type": "integer" },
+					"pending_chunks": { "type": "integer" },
+					"skipped_plan_chunks": { "type": "integer" },
+					"skipped_quota_chunks": { "type": "integer" },
+					"unsupported_attachment_chunks": { "type": "integer" },
+					"failed_chunks": { "type": "integer" }
+				},
+				"required": [
+					"embedded_chunks",
+					"pending_chunks",
+					"skipped_plan_chunks",
+					"skipped_quota_chunks",
+					"unsupported_attachment_chunks",
+					"failed_chunks"
+				]
+			},
+			"SemanticSearchMeta": {
+				"type": "object",
+				"properties": {
+					"limit": {
+						"type": "integer",
+						"description": "Page size used for this request."
+					},
+					"cursor": {
+						"type": ["string", "null"],
+						"description": "Cursor for the next page, or null if there are no more results."
+					},
+					"mode": {
+						"type": "string",
+						"enum": [
+							"hybrid",
+							"semantic",
+							"keyword"
+						],
+						"description": "Ranking mode used for this response."
+					},
+					"coverage": {
+						"oneOf": [{ "$ref": "#/components/schemas/SemanticSearchCoverage" }, { "type": "null" }],
+						"description": "Index-coverage snapshot, present only when requested via\n`include: [coverage]`; otherwise null.\n"
+					}
+				},
+				"required": [
+					"limit",
+					"cursor",
+					"mode",
+					"coverage"
+				]
+			},
 			"SentEmailDetail": {
 				"description": "Full sent-email record, including `body_text` and\n`body_html`. Returned by /sent-emails/{id}.\n",
 				"allOf": [{ "$ref": "#/components/schemas/SentEmailSummary" }, {
@@ -6180,6 +6012,12 @@ const openapiDocument = {
 					"wait": {
 						"type": "boolean",
 						"description": "When true, wait for the first downstream SMTP delivery outcome before returning, mirroring the send-mail `wait` semantics."
+					},
+					"attachments": {
+						"type": "array",
+						"maxItems": 100,
+						"description": "Inline attachments for this reply. Use https://api.primitive.dev/v1 for replies with attachments. Combined raw decoded attachment bytes must be at most 31457280.",
+						"items": { "$ref": "#/components/schemas/SendMailAttachment" }
 					}
 				}
 			},
@@ -9023,12 +8861,12 @@ const operationManifest = [
 	{
 		"binaryResponse": false,
 		"bodyRequired": false,
-		"command": "get-email",
-		"description": "Returns the full record for an inbound email received at one\nof your verified domains, including the parsed text and HTML\nbodies, threading metadata, SMTP envelope detail, webhook\ndelivery state, and a `replies` array for any outbound sends\nrecorded as replies to this inbound.\n\nFor listing inbound emails (with cursor pagination, status\nand date filters, and free-text search), use\n`/emails`. Outbound (sent) email records are NOT returned\nhere; use `/sent-emails/{id}` for those.\n\nThe response carries four sender-shaped fields whose\nmeanings overlap. `from_email` is the canonical \"who sent\nthis\" field for most use cases (parsed bare address from\nthe `From:` header, with a `sender` fallback). `from_header`\nis the raw header including any display name. `sender` and\n`smtp_mail_from` both carry the SMTP envelope MAIL FROM\n(return-path) and are equal by construction; `sender` is\nthe older field name retained for compatibility. See\n`primitive describe emails:get-email | jq '.responseSchema.properties'`\nfor per-field detail.\n",
+		"command": "get-conversation",
+		"description": "Returns the full conversation the given inbound email belongs\nto, as ordered, ready-to-prompt turns WITH bodies. It resolves\nthe thread from the email and returns every message oldest-first,\nso an agent that received an email can pass `messages` straight\nto a chat model in one call instead of walking `/threads/{id}`\nplus `/emails/{id}` and `/sent-emails/{id}` per message.\n\nEach message carries a `direction` (`inbound` | `outbound`) and a\nderived `role`: `inbound` -> `user`, `outbound` -> `assistant`\n(your own prior replies). The role mapping assumes the caller\nowns the outbound side, which is the agent-reply case this exists\nfor. If the email has no thread yet (a brand-new message), the\nconversation is just that one message as a single user turn.\n\nThe message list is capped; check `truncated` to detect when\nolder messages were omitted. Consecutive same-role turns are not\nmerged here; that normalization is model-specific and left to the\ncaller.\n",
 		"hasJsonBody": false,
 		"method": "GET",
-		"operationId": "getEmail",
-		"path": "/emails/{id}",
+		"operationId": "getConversation",
+		"path": "/emails/{id}/conversation",
 		"pathParams": [{
 			"description": "Resource UUID",
 			"enum": null,
@@ -9040,71 +8878,165 @@ const operationManifest = [
 		"requestSchema": null,
 		"responseSchema": {
 			"type": "object",
+			"description": "The full conversation an inbound email belongs to, as ordered,\nready-to-prompt turns with bodies. Resolves the thread from the\nemail and returns every message oldest-first, so an agent that\nreceived an email can pass `messages` straight to a chat model in\none call.\n",
 			"properties": {
-				"id": {
-					"type": "string",
-					"format": "uuid"
-				},
-				"message_id": { "type": ["string", "null"] },
-				"domain_id": {
-					"type": ["string", "null"],
-					"format": "uuid"
-				},
-				"org_id": {
-					"type": ["string", "null"],
-					"format": "uuid"
-				},
-				"sender": {
-					"type": "string",
-					"description": "SMTP envelope sender (return-path) the inbound mail server\naccepted. Same value as `smtp_mail_from`; both fields exist\nso protocol-aware tooling can use whichever name it expects.\n\nFor most legitimate mail this equals `from_email`; for\nmailing lists, bounce handlers, and forwarders it is\ntypically the bounce-handling address rather than the\nhuman-visible sender.\n\n**For the canonical \"who sent this email\" value, use\n`from_email`.**\n"
-				},
-				"recipient": { "type": "string" },
-				"subject": { "type": ["string", "null"] },
-				"body_text": {
+				"thread_id": {
 					"type": ["string", "null"],
-					"description": "Plain-text body parsed from the inbound MIME, matching the `email.parsed.body_text` field on the webhook payload. Null when the message had no text part or parsing failed."
+					"format": "uuid",
+					"description": "The thread this email belongs to, or null when the email\nisn't threaded yet (the conversation is then just this one\nmessage).\n"
 				},
-				"body_html": {
+				"subject": {
 					"type": ["string", "null"],
-					"description": "HTML body parsed from the inbound MIME, matching the `email.parsed.body_html` field on the webhook payload. Null when the message had no HTML part or parsing failed."
-				},
-				"status": {
-					"type": "string",
-					"description": "Lifecycle status of an INBOUND email (a row in the `emails`\ntable). Distinct from `SentEmailStatus`, which describes\nthe OUTBOUND lifecycle (the `sent_emails` table) and uses\na different vocabulary because the lifecycles differ.\nPossible values:\n\n  - `pending`: the row was inserted at ingestion (mx_main)\n    and has not yet completed the spam / filter / auth\n    pipeline. Body and parsed fields are present; webhook\n    delivery is not yet scheduled. Most rows transition out\n    of `pending` within seconds.\n  - `accepted`: the inbound passed the policy gates and is\n    queued for webhook delivery. The `webhook_status` field\n    tracks the separate webhook-delivery lifecycle from\n    this point.\n  - `completed`: terminal success. Webhook delivery\n    attempted and acknowledged by every active endpoint, OR\n    no endpoints are configured, so the row is durably\n    archived.\n  - `rejected`: terminal failure at ingestion (spam, blocked\n    sender, filter rule, malformed). The body and metadata\n    are stored for auditing but no webhook fires and the\n    row is not repliable.\n\nSee also `webhook_status` (separate enum tracking the\nwebhook-delivery state machine) and `SentEmailStatus` (the\noutbound vocabulary).\n",
-					"enum": [
-						"pending",
-						"accepted",
-						"completed",
-						"rejected"
-					]
-				},
-				"domain": { "type": "string" },
-				"spam_score": { "type": ["number", "null"] },
-				"raw_size_bytes": { "type": ["integer", "null"] },
-				"raw_sha256": { "type": ["string", "null"] },
-				"created_at": {
-					"type": "string",
-					"format": "date-time"
+					"description": "Normalized thread subject (Re/Fwd prefixes stripped), or the\nemail's own subject when it isn't threaded.\n"
 				},
-				"received_at": {
-					"type": "string",
-					"format": "date-time"
+				"message_count": {
+					"type": "integer",
+					"description": "Total messages in the thread. `messages` is capped, so\n`truncated` is true (and this can exceed `messages.length`)\nwhen older messages were omitted.\n"
 				},
-				"rejection_reason": { "type": ["string", "null"] },
-				"webhook_status": {
-					"type": ["string", "null"],
-					"description": "Webhook-delivery state for an inbound email. Tracks a\nSEPARATE lifecycle from the email's `status` field; the\nsame row carries both. Possible values:\n\n  - `pending`: ingestion is past `pending` (the email itself\n    is `accepted`) but the webhook fan-out has not yet\n    started for this row.\n  - `in_flight`: at least one delivery attempt is in flight.\n  - `fired`: terminal success. Every active endpoint\n    acknowledged the delivery (or accepted it after retries).\n  - `failed`: terminal partial-failure. At least one endpoint\n    exhausted its retry budget; some endpoints may still\n    have succeeded.\n  - `exhausted`: terminal failure. Every endpoint exhausted\n    its retry budget without success.\n  - `null`: no endpoints configured, so no webhook lifecycle\n    applies.\n\nNote that the value `pending` here does NOT mean the email\nis `pending`; it means the email is past ingestion but\nwebhook delivery has not yet begun. Two overlapping uses\nof the word `pending` for distinct lifecycle phases.\n",
-					"enum": [
-						"pending",
-						"in_flight",
-						"fired",
-						"failed",
-						"exhausted",
-						null
-					]
+				"truncated": {
+					"type": "boolean",
+					"description": "True when `messages` omits part of the conversation because\nthe thread exceeds the per-call cap.\n"
 				},
-				"webhook_attempt_count": { "type": "integer" },
-				"webhook_last_attempt_at": {
+				"messages": {
+					"type": "array",
+					"items": {
+						"type": "object",
+						"description": "One message in the conversation, with its body and a chat role.",
+						"properties": {
+							"role": {
+								"type": "string",
+								"enum": ["user", "assistant"],
+								"description": "Chat role derived from `direction`: `user` for inbound\n(received) messages, `assistant` for outbound (your own prior\nreplies). Lets `messages` be passed directly to a chat model.\n"
+							},
+							"direction": {
+								"type": "string",
+								"enum": ["inbound", "outbound"],
+								"description": "`inbound` for a received email (`/emails/{id}`), `outbound`\nfor a send (`/sent-emails/{id}`).\n"
+							},
+							"id": {
+								"type": "string",
+								"format": "uuid"
+							},
+							"message_id": { "type": ["string", "null"] },
+							"from": { "type": ["string", "null"] },
+							"to": { "type": ["string", "null"] },
+							"subject": { "type": ["string", "null"] },
+							"text": {
+								"type": "string",
+								"description": "Plain-text body. Empty string when the message has no text\npart or its content was discarded by retention.\n"
+							},
+							"timestamp": {
+								"type": ["string", "null"],
+								"format": "date-time",
+								"description": "received_at for inbound, created_at for outbound."
+							}
+						},
+						"required": [
+							"role",
+							"direction",
+							"id",
+							"text"
+						]
+					}
+				}
+			},
+			"required": [
+				"thread_id",
+				"message_count",
+				"truncated",
+				"messages"
+			]
+		},
+		"sdkName": "getConversation",
+		"summary": "Get the conversation an email belongs to",
+		"tag": "Emails",
+		"tagCommand": "emails"
+	},
+	{
+		"binaryResponse": false,
+		"bodyRequired": false,
+		"command": "get-email",
+		"description": "Returns the full record for an inbound email received at one\nof your verified domains, including the parsed text and HTML\nbodies, threading metadata, SMTP envelope detail, webhook\ndelivery state, and a `replies` array for any outbound sends\nrecorded as replies to this inbound.\n\nFor listing inbound emails (with cursor pagination, status\nand date filters, and free-text search), use\n`/emails`. Outbound (sent) email records are NOT returned\nhere; use `/sent-emails/{id}` for those.\n\nThe response carries four sender-shaped fields whose\nmeanings overlap. `from_email` is the canonical \"who sent\nthis\" field for most use cases (parsed bare address from\nthe `From:` header, with a `sender` fallback). `from_header`\nis the raw header including any display name. `sender` and\n`smtp_mail_from` both carry the SMTP envelope MAIL FROM\n(return-path) and are equal by construction; `sender` is\nthe older field name retained for compatibility. See\n`primitive describe emails:get-email | jq '.responseSchema.properties'`\nfor per-field detail.\n",
+		"hasJsonBody": false,
+		"method": "GET",
+		"operationId": "getEmail",
+		"path": "/emails/{id}",
+		"pathParams": [{
+			"description": "Resource UUID",
+			"enum": null,
+			"name": "id",
+			"required": true,
+			"type": "string"
+		}],
+		"queryParams": [],
+		"requestSchema": null,
+		"responseSchema": {
+			"type": "object",
+			"properties": {
+				"id": {
+					"type": "string",
+					"format": "uuid"
+				},
+				"message_id": { "type": ["string", "null"] },
+				"domain_id": {
+					"type": ["string", "null"],
+					"format": "uuid"
+				},
+				"org_id": {
+					"type": ["string", "null"],
+					"format": "uuid"
+				},
+				"sender": {
+					"type": "string",
+					"description": "SMTP envelope sender (return-path) the inbound mail server\naccepted. Same value as `smtp_mail_from`; both fields exist\nso protocol-aware tooling can use whichever name it expects.\n\nFor most legitimate mail this equals `from_email`; for\nmailing lists, bounce handlers, and forwarders it is\ntypically the bounce-handling address rather than the\nhuman-visible sender.\n\n**For the canonical \"who sent this email\" value, use\n`from_email`.**\n"
+				},
+				"recipient": { "type": "string" },
+				"subject": { "type": ["string", "null"] },
+				"body_text": {
+					"type": ["string", "null"],
+					"description": "Plain-text body parsed from the inbound MIME, matching the `email.parsed.body_text` field on the webhook payload. Null when the message had no text part or parsing failed."
+				},
+				"body_html": {
+					"type": ["string", "null"],
+					"description": "HTML body parsed from the inbound MIME, matching the `email.parsed.body_html` field on the webhook payload. Null when the message had no HTML part or parsing failed."
+				},
+				"status": {
+					"type": "string",
+					"description": "Lifecycle status of an INBOUND email (a row in the `emails`\ntable). Distinct from `SentEmailStatus`, which describes\nthe OUTBOUND lifecycle (the `sent_emails` table) and uses\na different vocabulary because the lifecycles differ.\nPossible values:\n\n  - `pending`: the row was inserted at ingestion (mx_main)\n    and has not yet completed the spam / filter / auth\n    pipeline. Body and parsed fields are present; webhook\n    delivery is not yet scheduled. Most rows transition out\n    of `pending` within seconds.\n  - `accepted`: the inbound passed the policy gates and is\n    queued for webhook delivery. The `webhook_status` field\n    tracks the separate webhook-delivery lifecycle from\n    this point.\n  - `completed`: terminal success. Webhook delivery\n    attempted and acknowledged by every active endpoint, OR\n    no endpoints are configured, so the row is durably\n    archived.\n  - `rejected`: terminal failure at ingestion (spam, blocked\n    sender, filter rule, malformed). The body and metadata\n    are stored for auditing but no webhook fires and the\n    row is not repliable.\n\nSee also `webhook_status` (separate enum tracking the\nwebhook-delivery state machine) and `SentEmailStatus` (the\noutbound vocabulary).\n",
+					"enum": [
+						"pending",
+						"accepted",
+						"completed",
+						"rejected"
+					]
+				},
+				"domain": { "type": "string" },
+				"spam_score": { "type": ["number", "null"] },
+				"raw_size_bytes": { "type": ["integer", "null"] },
+				"raw_sha256": { "type": ["string", "null"] },
+				"created_at": {
+					"type": "string",
+					"format": "date-time"
+				},
+				"received_at": {
+					"type": "string",
+					"format": "date-time"
+				},
+				"rejection_reason": { "type": ["string", "null"] },
+				"webhook_status": {
+					"type": ["string", "null"],
+					"description": "Webhook-delivery state for an inbound email. Tracks a\nSEPARATE lifecycle from the email's `status` field; the\nsame row carries both. Possible values:\n\n  - `pending`: ingestion is past `pending` (the email itself\n    is `accepted`) but the webhook fan-out has not yet\n    started for this row.\n  - `in_flight`: at least one delivery attempt is in flight.\n  - `fired`: terminal success. Every active endpoint\n    acknowledged the delivery (or accepted it after retries).\n  - `failed`: terminal partial-failure. At least one endpoint\n    exhausted its retry budget; some endpoints may still\n    have succeeded.\n  - `exhausted`: terminal failure. Every endpoint exhausted\n    its retry budget without success.\n  - `null`: no endpoints configured, so no webhook lifecycle\n    applies.\n\nNote that the value `pending` here does NOT mean the email\nis `pending`; it means the email is past ingestion but\nwebhook delivery has not yet begun. Two overlapping uses\nof the word `pending` for distinct lifecycle phases.\n",
+					"enum": [
+						"pending",
+						"in_flight",
+						"fired",
+						"failed",
+						"exhausted",
+						null
+					]
+				},
+				"webhook_attempt_count": { "type": "integer" },
+				"webhook_last_attempt_at": {
 					"type": ["string", "null"],
 					"format": "date-time"
 				},
@@ -11844,6 +11776,218 @@ const operationManifest = [
 		"tag": "Inbox",
 		"tagCommand": "inbox"
 	},
+	{
+		"binaryResponse": false,
+		"bodyRequired": true,
+		"command": "semantic-search",
+		"description": "Ranked search across both received and sent mail. The `mode`\nfield selects the ranking strategy:\n\n- `keyword`: lexical full-text matching only (no embeddings).\n- `semantic`: meaning-based matching using vector embeddings.\n- `hybrid` (default): blends the semantic and keyword signals.\n\nResults are ordered by a relevance `score`. Every row reports the\nfields it matched (`matched_fields`), a match-centered excerpt per\nfield (`snippets`), and a `score_breakdown` whose components account\nfor the `score`. Page through results by passing the prior\nresponse's `meta.cursor` back as `cursor`.\n\nRequires the Pro plan and the `semantic_search_enabled`\nentitlement; callers without them receive `403`.\n\nHost routing: this operation is served only by the search host\n(`https://api.primitive.dev/v1`). The typed SDKs route it there\nautomatically.\n",
+		"hasJsonBody": true,
+		"method": "POST",
+		"operationId": "semanticSearch",
+		"path": "/semantic-search",
+		"pathParams": [],
+		"queryParams": [],
+		"requestSchema": {
+			"type": "object",
+			"properties": {
+				"query": {
+					"type": "string",
+					"minLength": 1,
+					"maxLength": 2048,
+					"description": "Free-text query. Required for `semantic` and `hybrid` modes;\noptional for `keyword` mode.\n"
+				},
+				"mode": {
+					"type": "string",
+					"enum": [
+						"hybrid",
+						"semantic",
+						"keyword"
+					],
+					"default": "hybrid",
+					"description": "Ranking strategy. `keyword` is lexical only, `semantic` is\nembedding-based, `hybrid` blends both.\n"
+				},
+				"corpus": {
+					"type": "array",
+					"items": {
+						"type": "string",
+						"enum": ["inbound", "outbound"]
+					},
+					"minItems": 1,
+					"maxItems": 2,
+					"description": "Which mail to search. Defaults to both received (`inbound`)\nand sent (`outbound`).\n"
+				},
+				"search_in": {
+					"type": "array",
+					"items": {
+						"type": "string",
+						"enum": [
+							"subject",
+							"headers",
+							"addresses",
+							"body"
+						],
+						"description": "A searchable email field."
+					},
+					"description": "Restrict matching to these fields. Defaults to all."
+				},
+				"exclude": {
+					"type": "array",
+					"items": {
+						"type": "string",
+						"enum": [
+							"subject",
+							"headers",
+							"addresses",
+							"body"
+						],
+						"description": "A searchable email field."
+					},
+					"description": "Exclude these fields from matching."
+				},
+				"date_from": {
+					"type": "string",
+					"format": "date-time",
+					"description": "Only include mail at or after this timestamp."
+				},
+				"date_to": {
+					"type": "string",
+					"format": "date-time",
+					"description": "Only include mail at or before this timestamp."
+				},
+				"include": {
+					"type": "array",
+					"items": {
+						"type": "string",
+						"enum": ["coverage"]
+					},
+					"description": "Opt-in extras. `coverage` adds an index-coverage snapshot to\n`meta`. Matched fields, snippets, and the score breakdown are\nalways returned regardless of this field.\n"
+				},
+				"limit": {
+					"type": "integer",
+					"minimum": 1,
+					"maximum": 100,
+					"default": 10,
+					"description": "Maximum number of results to return."
+				},
+				"cursor": {
+					"type": "string",
+					"description": "Opaque pagination cursor from a prior response's `meta.cursor`."
+				}
+			}
+		},
+		"responseSchema": {
+			"type": "array",
+			"items": {
+				"type": "object",
+				"properties": {
+					"source_type": {
+						"type": "string",
+						"enum": ["inbound_email", "sent_email"],
+						"description": "Whether this row is a received or sent message."
+					},
+					"id": {
+						"type": "string",
+						"description": "Message id. Combine with `api_url` to fetch the full record."
+					},
+					"subject": { "type": ["string", "null"] },
+					"from": { "type": ["string", "null"] },
+					"to": { "type": ["string", "null"] },
+					"timestamp": {
+						"type": "string",
+						"description": "Message timestamp (received_at for inbound, created_at for sent)."
+					},
+					"status": {
+						"type": "string",
+						"description": "Lifecycle status of the message."
+					},
+					"score": {
+						"type": "number",
+						"description": "Overall relevance score; the `score_breakdown` components account for it."
+					},
+					"semantic_score": {
+						"type": ["number", "null"],
+						"description": "Raw semantic similarity signal, or null when not applicable."
+					},
+					"keyword_score": {
+						"type": ["number", "null"],
+						"description": "Raw keyword (lexical) signal, or null when not applicable."
+					},
+					"matched_fields": {
+						"type": "array",
+						"items": {
+							"type": "string",
+							"enum": [
+								"subject",
+								"headers",
+								"addresses",
+								"body"
+							],
+							"description": "A searchable email field."
+						},
+						"description": "Fields where the query matched."
+					},
+					"snippets": {
+						"type": "array",
+						"items": {
+							"type": "object",
+							"properties": {
+								"field": {
+									"type": "string",
+									"description": "The field this excerpt came from."
+								},
+								"text": {
+									"type": "string",
+									"description": "Plain-text excerpt centered on the match (no markup)."
+								}
+							},
+							"required": ["field", "text"]
+						},
+						"description": "Match-centered excerpts, one per matched field."
+					},
+					"score_breakdown": {
+						"type": "object",
+						"description": "Additive contributions to `score`. `semantic` and `keyword` are the\nraw signals times the mode's weight (null when not applicable);\nthese plus `field_boost` and `recency` sum to `score` before each\nvalue is independently rounded to 5 decimal places.\n",
+						"properties": {
+							"semantic": { "type": ["number", "null"] },
+							"keyword": { "type": ["number", "null"] },
+							"field_boost": { "type": "number" },
+							"recency": { "type": "number" }
+						},
+						"required": [
+							"semantic",
+							"keyword",
+							"field_boost",
+							"recency"
+						]
+					},
+					"api_url": {
+						"type": ["string", "null"],
+						"description": "Relative API path to fetch the full message."
+					}
+				},
+				"required": [
+					"source_type",
+					"id",
+					"subject",
+					"from",
+					"to",
+					"timestamp",
+					"status",
+					"score",
+					"semantic_score",
+					"keyword_score",
+					"matched_fields",
+					"snippets",
+					"score_breakdown",
+					"api_url"
+				]
+			}
+		},
+		"sdkName": "semanticSearch",
+		"summary": "Semantic search across received and sent mail",
+		"tag": "Search",
+		"tagCommand": "search"
+	},
 	{
 		"binaryResponse": false,
 		"bodyRequired": false,
@@ -12496,7 +12640,7 @@ const operationManifest = [
 		"binaryResponse": false,
 		"bodyRequired": true,
 		"command": "reply-to-email",
-		"description": "Sends an outbound reply to the inbound email identified by `id`.\nThreading headers (`In-Reply-To`, `References`), recipient\nderivation (Reply-To, then From, then bare sender), and the\n`Re:` subject prefix are all derived server-side from the\nstored inbound row. The request body carries only the message\nbody and optional `wait` flag; passing any header or recipient\noverride is rejected by the schema (`additionalProperties:\nfalse`).\n\nForwards through the same gates as `/send-mail`: the response\nstatus, error envelope, and `idempotent_replay` flag mirror\nthe send-mail contract verbatim.\n",
+		"description": "Sends an outbound reply to the inbound email identified by `id`.\nThreading headers (`In-Reply-To`, `References`), recipient\nderivation (Reply-To, then From, then bare sender), and the\n`Re:` subject prefix are all derived server-side from the\nstored inbound row. The request body carries only the message\nbody, optional From override, optional attachments, and optional\n`wait` flag; passing any header or recipient override is\nrejected by the schema (`additionalProperties: false`).\n\nForwards through the same gates as `/send-mail`: the response\nstatus, error envelope, and `idempotent_replay` flag mirror\nthe send-mail contract verbatim.\n",
 		"hasJsonBody": true,
 		"method": "POST",
 		"operationId": "replyToEmail",
@@ -12531,6 +12675,36 @@ const operationManifest = [
 				"wait": {
 					"type": "boolean",
 					"description": "When true, wait for the first downstream SMTP delivery outcome before returning, mirroring the send-mail `wait` semantics."
+				},
+				"attachments": {
+					"type": "array",
+					"maxItems": 100,
+					"description": "Inline attachments for this reply. Use https://api.primitive.dev/v1 for replies with attachments. Combined raw decoded attachment bytes must be at most 31457280.",
+					"items": {
+						"type": "object",
+						"additionalProperties": false,
+						"properties": {
+							"filename": {
+								"type": "string",
+								"minLength": 1,
+								"maxLength": 255,
+								"description": "Attachment filename. Control characters are rejected."
+							},
+							"content_type": {
+								"type": "string",
+								"minLength": 1,
+								"maxLength": 255,
+								"description": "Optional MIME content type. Control characters are rejected."
+							},
+							"content_base64": {
+								"type": "string",
+								"minLength": 1,
+								"maxLength": 44040192,
+								"description": "Base64-encoded attachment bytes."
+							}
+						},
+						"required": ["filename", "content_base64"]
+					}
 				}
 			}
 		},
@@ -13093,532 +13267,6 @@ const operationManifest = [
 	}
 ];
 //#endregion
-//#region ../packages/api-core/src/client.ts
-/**
-* Host-aware Primitive API client and shared error type.
-*
-* Lives in api-core (instead of sdk-node) so the CLI can build a
-* configured request client without taking a dependency on sdk-node.
-* The higher-level `PrimitiveClient` (with `.send`, `.reply`,
-* `.forward`) still lives in sdk-node because it needs the
-* `ReceivedEmail` type from the webhook parsing surface.
-*/
-const DEFAULT_API_BASE_URL_1 = "https://www.primitive.dev/api/v1";
-const DEFAULT_API_BASE_URL_2 = "https://api.primitive.dev/v1";
-function createDefaultAuth(apiKey) {
-	return (security) => {
-		if (security.type === "http" && security.scheme === "bearer") return apiKey;
-	};
-}
-var PrimitiveApiClient = class {
-	/**
-	* Generated client targeting the primary API host (apiBaseUrl1). Use
-	* this when passing `client: ...` to a generated operation function
-	* for every endpoint EXCEPT /send-mail. The hand-written
-	* PrimitiveClient.send / .reply / .forward methods on the subclass
-	* route /send-mail to the host-2 client internally.
-	*/
-	client;
-	/**
-	* @internal Generated client targeting the attachments-supporting
-	* send host (apiBaseUrl2). Used by PrimitiveClient.send() under the
-	* hood. Exposed for the CLI's hand-rolled send command, which calls
-	* the generated sendEmail directly; not part of the publicly-
-	* documented SDK surface. Customer code should call .send() on the
-	* subclass instead.
-	*/
-	_sendClient;
-	constructor(options = {}) {
-		const { apiKey, auth, apiBaseUrl1 = DEFAULT_API_BASE_URL_1, apiBaseUrl2 = DEFAULT_API_BASE_URL_2, ...config } = options;
-		const resolvedAuth = auth ?? createDefaultAuth(apiKey);
-		this.client = createClient(createConfig({
-			...config,
-			auth: resolvedAuth,
-			baseUrl: apiBaseUrl1
-		}));
-		this._sendClient = createClient(createConfig({
-			...config,
-			auth: resolvedAuth,
-			baseUrl: apiBaseUrl2
-		}));
-	}
-	getConfig() {
-		return this.client.getConfig();
-	}
-	setConfig(config) {
-		return this.client.setConfig(config);
-	}
-};
-//#endregion
-//#region src/oclif/auth.ts
-const CREDENTIALS_FILE = "credentials.json";
-const CREDENTIALS_LOCK_DIR = "credentials.lock";
-const CREDENTIALS_LOCK_OWNER_FILE = "owner.json";
-const CREDENTIALS_LOCK_STALE_MS = 1800 * 1e3;
-const MALFORMED_CREDENTIALS_HINT = "Run `primitive logout` and then `primitive signin`.";
-const CREDENTIALS_LOCK_CLEANUP_SIGNALS = [
-	"SIGINT",
-	"SIGTERM",
-	"SIGHUP"
-];
-function isRecord$2(value) {
-	return value !== null && typeof value === "object" && !Array.isArray(value);
-}
-function requireString(value, key) {
-	const raw = value[key];
-	if (typeof raw !== "string" || raw.trim().length === 0) throw new Error(`Stored Primitive CLI credentials are malformed: ${key} must be a non-empty string. ${MALFORMED_CREDENTIALS_HINT}`);
-	return raw;
-}
-/**
-* Sentinel returned by parseCredentials when the on-disk credentials were
-* written by an API-key-based CLI. The caller treats this as "not logged in"
-* after clearing the local file. The backing API key is intentionally not
-* revoked; API keys still work when passed explicitly via --api-key/env.
-*/
-var LegacyApiKeyCredentialFormatError = class extends Error {
-	constructor() {
-		super("legacy_api_key_credential_format");
-		this.name = "LegacyApiKeyCredentialFormatError";
-	}
-};
-function parseCredentials(raw) {
-	if (!isRecord$2(raw)) throw new Error(`Stored Primitive CLI credentials are malformed: expected a JSON object. ${MALFORMED_CREDENTIALS_HINT}`);
-	if (raw.auth_method !== "oauth") {
-		if (typeof raw.api_key === "string" || typeof raw.key_id === "string" || typeof raw.base_url === "string") throw new LegacyApiKeyCredentialFormatError();
-		throw new Error(`Stored Primitive CLI credentials are malformed: auth_method must be oauth. ${MALFORMED_CREDENTIALS_HINT}`);
-	}
-	const orgName = raw.org_name;
-	if (orgName !== null && typeof orgName !== "string") throw new Error(`Stored Primitive CLI credentials are malformed: org_name must be a string or null. ${MALFORMED_CREDENTIALS_HINT}`);
-	if (requireString(raw, "token_type") !== "Bearer") throw new Error(`Stored Primitive CLI credentials are malformed: token_type must be Bearer. ${MALFORMED_CREDENTIALS_HINT}`);
-	return {
-		auth_method: "oauth",
-		access_token: requireString(raw, "access_token"),
-		refresh_token: requireString(raw, "refresh_token"),
-		token_type: "Bearer",
-		expires_at: requireString(raw, "expires_at"),
-		oauth_grant_id: requireString(raw, "oauth_grant_id"),
-		oauth_client_id: requireString(raw, "oauth_client_id"),
-		org_id: requireString(raw, "org_id"),
-		org_name: orgName,
-		api_base_url_1: requireString(raw, "api_base_url_1"),
-		created_at: requireString(raw, "created_at")
-	};
-}
-function credentialsPath(configDir) {
-	return join(configDir, CREDENTIALS_FILE);
-}
-function credentialsLockPath(configDir) {
-	return join(configDir, CREDENTIALS_LOCK_DIR);
-}
-function normalize(url, fallback) {
-	const trimmed = url?.trim();
-	if (!trimmed) return fallback;
-	return trimmed.replace(/\/+$/, "");
-}
-function normalizeApiBaseUrl1(url) {
-	return normalize(url, DEFAULT_API_BASE_URL_1);
-}
-function normalizeApiBaseUrl2(url) {
-	return normalize(url, DEFAULT_API_BASE_URL_2);
-}
-function cliAccessTokenExpiresAt(expiresInSeconds, now = Date.now) {
-	return new Date(now() + expiresInSeconds * 1e3).toISOString();
-}
-function loadCliCredentials(configDir) {
-	const path = credentialsPath(configDir);
-	let contents;
-	try {
-		contents = readFileSync(path, "utf8");
-	} catch (error) {
-		if (error && typeof error === "object" && error.code === "ENOENT") return null;
-		const detail = error instanceof Error ? error.message : String(error);
-		throw new Error(`Could not read Primitive CLI credentials: ${detail}`);
-	}
-	try {
-		return parseCredentials(JSON.parse(contents));
-	} catch (error) {
-		if (error instanceof LegacyApiKeyCredentialFormatError) {
-			try {
-				rmSync(path, { force: true });
-			} catch {}
-			process.stderr.write("Removed local Primitive CLI API-key login state. API keys are still valid when passed explicitly, but saved CLI auth now uses OAuth. Run `primitive signin` to create an OAuth session. No API key was revoked.\n");
-			return null;
-		}
-		if (error instanceof SyntaxError) throw new Error("Stored Primitive CLI credentials are not valid JSON. Run `primitive logout` and then `primitive signin`.");
-		throw error;
-	}
-}
-function saveCliCredentials(configDir, credentials) {
-	mkdirSync(configDir, {
-		mode: 448,
-		recursive: true
-	});
-	const path = credentialsPath(configDir);
-	const tempPath = join(configDir, `${CREDENTIALS_FILE}.${process.pid}.${randomUUID()}.tmp`);
-	try {
-		writeFileSync(tempPath, `${JSON.stringify(credentials, null, 2)}\n`, { mode: 384 });
-		chmodSync(tempPath, 384);
-		renameSync(tempPath, path);
-		chmodSync(path, 384);
-	} catch (error) {
-		rmSync(tempPath, { force: true });
-		throw error;
-	}
-}
-function deleteCliCredentials(configDir) {
-	rmSync(credentialsPath(configDir), { force: true });
-}
-function deleteCliCredentialsLock(configDir) {
-	rmSync(credentialsLockPath(configDir), {
-		force: true,
-		recursive: true
-	});
-}
-function errorCode(error) {
-	return error && typeof error === "object" ? error.code : void 0;
-}
-function removeStaleCliCredentialsLock(lockPath, staleMs, now) {
-	try {
-		const stats = statSync(lockPath);
-		if (now() - stats.mtimeMs < staleMs) return false;
-	} catch (error) {
-		if (errorCode(error) === "ENOENT") return true;
-		throw error;
-	}
-	rmSync(lockPath, {
-		force: true,
-		recursive: true
-	});
-	return true;
-}
-function readCliCredentialsLockOwner(lockPath) {
-	let raw;
-	try {
-		raw = readFileSync(join(lockPath, CREDENTIALS_LOCK_OWNER_FILE), "utf8");
-	} catch (error) {
-		if (errorCode(error) === "ENOENT") return null;
-		throw error;
-	}
-	try {
-		const pid = JSON.parse(raw)?.pid;
-		return Number.isInteger(pid) && pid > 0 ? { pid } : null;
-	} catch {
-		return null;
-	}
-}
-function processIsRunning(pid) {
-	try {
-		process.kill(pid, 0);
-		return true;
-	} catch (error) {
-		if (errorCode(error) === "ESRCH") return false;
-		return true;
-	}
-}
-function removeRecoverableCliCredentialsLock(params) {
-	const owner = readCliCredentialsLockOwner(params.lockPath);
-	if (owner && params.isRunning(owner.pid)) return false;
-	if (owner) {
-		rmSync(params.lockPath, {
-			force: true,
-			recursive: true
-		});
-		return true;
-	}
-	return removeStaleCliCredentialsLock(params.lockPath, params.staleMs, params.now);
-}
-function writeCliCredentialsLockOwner(lockPath) {
-	const ownerPath = join(lockPath, CREDENTIALS_LOCK_OWNER_FILE);
-	writeFileSync(ownerPath, `${JSON.stringify({
-		created_at: (/* @__PURE__ */ new Date()).toISOString(),
-		pid: process.pid
-	})}\n`, { mode: 384 });
-	chmodSync(ownerPath, 384);
-}
-function installCredentialsLockSignalCleanup(lockPath) {
-	let active = true;
-	const listeners = CREDENTIALS_LOCK_CLEANUP_SIGNALS.map((signal) => {
-		const listener = () => {
-			if (!active) return;
-			active = false;
-			rmSync(lockPath, {
-				force: true,
-				recursive: true
-			});
-			process.exit(signal === "SIGINT" ? 130 : signal === "SIGTERM" ? 143 : 129);
-		};
-		process.once(signal, listener);
-		return {
-			listener,
-			signal
-		};
-	});
-	return () => {
-		if (!active) return;
-		active = false;
-		for (const { listener, signal } of listeners) process.removeListener(signal, listener);
-	};
-}
-function credentialsLockInProgressMessage(lockPath) {
-	return `Another Primitive CLI credential operation is already in progress. Wait for it to finish, then retry. If no Primitive auth command is still running, run \`primitive logout --force\` to clear local CLI auth state and remove ${lockPath}.`;
-}
-function acquireCliCredentialsLock(configDir, options = {}) {
-	mkdirSync(configDir, {
-		mode: 448,
-		recursive: true
-	});
-	const lockPath = credentialsLockPath(configDir);
-	const installSignalHandlers = options.installSignalHandlers ?? true;
-	const isRunning = options.isProcessRunning ?? processIsRunning;
-	const now = options.now ?? Date.now;
-	const staleMs = options.staleMs ?? CREDENTIALS_LOCK_STALE_MS;
-	let acquired = false;
-	for (let attempt = 0; attempt < 2; attempt += 1) try {
-		mkdirSync(lockPath, { mode: 448 });
-		acquired = true;
-		break;
-	} catch (error) {
-		if (errorCode(error) !== "EEXIST") throw error;
-		if (removeRecoverableCliCredentialsLock({
-			isRunning,
-			lockPath,
-			now,
-			staleMs
-		})) continue;
-		throw new Error(credentialsLockInProgressMessage(lockPath));
-	}
-	if (!acquired) throw new Error(credentialsLockInProgressMessage(lockPath));
-	try {
-		writeCliCredentialsLockOwner(lockPath);
-	} catch (error) {
-		rmSync(lockPath, {
-			force: true,
-			recursive: true
-		});
-		throw error;
-	}
-	const removeSignalCleanup = installSignalHandlers ? installCredentialsLockSignalCleanup(lockPath) : () => void 0;
-	let released = false;
-	return () => {
-		if (released) return;
-		released = true;
-		removeSignalCleanup();
-		rmSync(lockPath, {
-			force: true,
-			recursive: true
-		});
-	};
-}
-function resolveCliAuth(params) {
-	const apiKey = params.apiKey?.trim();
-	const apiBaseUrl2 = normalizeApiBaseUrl2(params.apiBaseUrl2);
-	if (apiKey) return {
-		apiKey,
-		apiBaseUrl1: normalizeApiBaseUrl1(params.apiBaseUrl1),
-		apiBaseUrl2,
-		credentials: null,
-		source: "flag-or-env"
-	};
-	const credentials = loadCliCredentials(params.configDir);
-	if (credentials) return {
-		apiKey: credentials.access_token,
-		apiBaseUrl1: credentials.api_base_url_1,
-		apiBaseUrl2,
-		credentials,
-		source: "stored"
-	};
-	return {
-		apiKey: void 0,
-		apiBaseUrl1: normalizeApiBaseUrl1(params.apiBaseUrl1),
-		apiBaseUrl2,
-		credentials: null,
-		source: "none"
-	};
-}
-//#endregion
-//#region src/oclif/cli-config.ts
-const CONFIG_FILE = "config.json";
-const CONFIG_VERSION = 1;
-const DEFAULT_ENVIRONMENT = "default";
-function cliConfigPath(configDir) {
-	return join(configDir, CONFIG_FILE);
-}
-function cliConfigError(message) {
-	return new Errors.CLIError(`${message} Run \`primitive config reset\` to clear the local CLI config.`, { exit: 1 });
-}
-function isRecord$1(value) {
-	return value !== null && typeof value === "object" && !Array.isArray(value);
-}
-function normalizeCliEnvironmentName(name) {
-	const trimmed = name?.trim();
-	if (!trimmed) throw new Errors.CLIError("Environment name must be a non-empty string.", { exit: 1 });
-	if (!/^[A-Za-z0-9][A-Za-z0-9._-]{0,62}$/.test(trimmed)) throw new Errors.CLIError("Environment name must start with a letter or number and may only contain letters, numbers, '.', '_', or '-'.", { exit: 1 });
-	return trimmed;
-}
-function validateCliHeaderName(name) {
-	const trimmed = name.trim();
-	if (!trimmed) throw new Errors.CLIError("Header name must be a non-empty string.", { exit: 1 });
-	if (!/^[!#$%&'*+\-.^_`|~0-9A-Za-z]+$/.test(trimmed)) throw new Errors.CLIError(`Invalid header name: ${name}`, { exit: 1 });
-	if (trimmed.toLowerCase() === "authorization") throw new Errors.CLIError("The Authorization header is managed by PRIMITIVE_API_KEY or saved OAuth CLI credentials.", { exit: 1 });
-	return trimmed;
-}
-function validateCliHeaderValue(value, name) {
-	if (value.length === 0) throw new Errors.CLIError(`Header ${name} value must not be empty.`, { exit: 1 });
-	if (/[\r\n\0]/.test(value)) throw new Errors.CLIError(`Header ${name} value must not contain CR, LF, or NUL characters.`, { exit: 1 });
-	return value;
-}
-function parseHeaderAssignment(assignment) {
-	const separator = assignment.indexOf("=");
-	if (separator <= 0) throw new Errors.CLIError("Header values must use name=value syntax, for example `x-custom=secret`.", { exit: 1 });
-	const name = validateCliHeaderName(assignment.slice(0, separator));
-	return [name, validateCliHeaderValue(assignment.slice(separator + 1), name)];
-}
-function parseHeaders(raw, context) {
-	if (raw === void 0) return {};
-	if (!isRecord$1(raw)) throw cliConfigError(`${context} headers must be a JSON object.`);
-	const headers = {};
-	for (const [rawName, rawValue] of Object.entries(raw)) {
-		const name = validateCliHeaderName(rawName);
-		if (typeof rawValue !== "string") throw cliConfigError(`${context} header ${name} must be a string.`);
-		headers[name] = validateCliHeaderValue(rawValue, name);
-	}
-	return headers;
-}
-function parseEnvironmentConfig(raw, context) {
-	if (!isRecord$1(raw)) throw cliConfigError(`${context} must be a JSON object.`);
-	const env = {};
-	if (raw.api_base_url_1 !== void 0) {
-		if (typeof raw.api_base_url_1 !== "string") throw cliConfigError(`${context}.api_base_url_1 must be a string.`);
-		env.api_base_url_1 = normalizeApiBaseUrl1(raw.api_base_url_1);
-	}
-	if (raw.api_base_url_2 !== void 0) {
-		if (typeof raw.api_base_url_2 !== "string") throw cliConfigError(`${context}.api_base_url_2 must be a string.`);
-		env.api_base_url_2 = normalizeApiBaseUrl2(raw.api_base_url_2);
-	}
-	const headers = parseHeaders(raw.headers, context);
-	if (Object.keys(headers).length > 0) env.headers = headers;
-	return env;
-}
-function parseStoredCliConfig(raw) {
-	if (!isRecord$1(raw)) throw cliConfigError("Primitive CLI config must be a JSON object.");
-	if (raw.version !== CONFIG_VERSION) throw cliConfigError(`Primitive CLI config version must be ${CONFIG_VERSION}.`);
-	const currentRaw = raw.current_environment;
-	const current_environment = currentRaw === null || currentRaw === void 0 ? null : typeof currentRaw === "string" ? normalizeCliEnvironmentName(currentRaw) : (() => {
-		throw cliConfigError("Primitive CLI config current_environment must be a string or null.");
-	})();
-	if (!isRecord$1(raw.environments)) throw cliConfigError("Primitive CLI config environments must be an object.");
-	const environments = {};
-	for (const [rawName, rawEnv] of Object.entries(raw.environments)) {
-		const name = normalizeCliEnvironmentName(rawName);
-		environments[name] = parseEnvironmentConfig(rawEnv, `Primitive CLI config environment ${name}`);
-	}
-	if (current_environment && !environments[current_environment]) throw cliConfigError(`Primitive CLI config current environment ${current_environment} does not exist.`);
-	return {
-		version: CONFIG_VERSION,
-		current_environment,
-		environments
-	};
-}
-function emptyCliConfig() {
-	return {
-		version: CONFIG_VERSION,
-		current_environment: null,
-		environments: {}
-	};
-}
-function loadCliConfig(configDir) {
-	const path = cliConfigPath(configDir);
-	let contents;
-	try {
-		contents = readFileSync(path, "utf8");
-	} catch (error) {
-		if (error && typeof error === "object" && error.code === "ENOENT") return null;
-		throw cliConfigError(`Could not read Primitive CLI config: ${error instanceof Error ? error.message : String(error)}.`);
-	}
-	try {
-		return parseStoredCliConfig(JSON.parse(contents));
-	} catch (error) {
-		if (error instanceof SyntaxError) throw cliConfigError("Primitive CLI config is not valid JSON.");
-		throw error;
-	}
-}
-function saveCliConfig(configDir, config) {
-	mkdirSync(configDir, {
-		mode: 448,
-		recursive: true
-	});
-	const path = cliConfigPath(configDir);
-	const tempPath = join(configDir, `${CONFIG_FILE}.${process.pid}.${randomUUID()}.tmp`);
-	try {
-		writeFileSync(tempPath, `${JSON.stringify(config, null, 2)}\n`, { mode: 384 });
-		renameSync(tempPath, path);
-	} catch (error) {
-		rmSync(tempPath, { force: true });
-		throw error;
-	}
-}
-function deleteCliConfig(configDir) {
-	rmSync(cliConfigPath(configDir), { force: true });
-}
-function resolveConfigEnvironment(config) {
-	if (!config) return null;
-	const current = config.current_environment;
-	if (current) {
-		const environment = config.environments[current];
-		return environment ? {
-			name: current,
-			config: environment
-		} : null;
-	}
-	const defaultEnvironment = config.environments[DEFAULT_ENVIRONMENT];
-	return defaultEnvironment ? {
-		name: DEFAULT_ENVIRONMENT,
-		config: defaultEnvironment
-	} : null;
-}
-function upsertCliEnvironment(params) {
-	const name = normalizeCliEnvironmentName(params.environmentName ?? "default");
-	const existing = params.config.environments[name] ?? {};
-	const nextHeaders = { ...existing.headers ?? {} };
-	for (const assignment of params.headers ?? []) {
-		const [headerName, value] = parseHeaderAssignment(assignment);
-		nextHeaders[headerName] = value;
-	}
-	for (const rawName of params.unsetHeaders ?? []) delete nextHeaders[validateCliHeaderName(rawName)];
-	const nextEnvironment = {
-		...existing,
-		...params.apiBaseUrl1 !== void 0 ? { api_base_url_1: normalizeApiBaseUrl1(params.apiBaseUrl1) } : {},
-		...params.apiBaseUrl2 !== void 0 ? { api_base_url_2: normalizeApiBaseUrl2(params.apiBaseUrl2) } : {},
-		...Object.keys(nextHeaders).length > 0 ? { headers: nextHeaders } : {}
-	};
-	if (Object.keys(nextHeaders).length === 0) delete nextEnvironment.headers;
-	return {
-		...params.config,
-		current_environment: params.use === false ? params.config.current_environment : name,
-		environments: {
-			...params.config.environments,
-			[name]: nextEnvironment
-		}
-	};
-}
-function removeCliEnvironment(config, environmentName) {
-	const name = normalizeCliEnvironmentName(environmentName);
-	const environments = { ...config.environments };
-	delete environments[name];
-	return {
-		...config,
-		current_environment: config.current_environment === name ? null : config.current_environment,
-		environments
-	};
-}
-function redactCliEnvironment(environment) {
-	const headers = environment.headers && Object.keys(environment.headers).length > 0 ? Object.fromEntries(Object.keys(environment.headers).map((name) => [name, "***"])) : void 0;
-	return {
-		...environment,
-		...headers ? { headers } : {}
-	};
-}
-//#endregion
 //#region src/oclif/api-client.ts
 const API_HEADERS_ENV = "PRIMITIVE_API_HEADERS";
 const OAUTH_REFRESH_SKEW_MS = 60 * 1e3;
@@ -14163,7 +13811,7 @@ async function runWithTiming(enabled, fn) {
 const TIME_FLAG_DESCRIPTION = "Print the wall-clock duration of this command to stderr after it completes (e.g. `[time: 1.34s]`). Useful for measuring `--wait` send latency, comparing CLI overhead, or capturing timing in scripts.";
 const API_BASE_URL_1_FLAG_DESCRIPTION = "Override the primary API base URL. Internal testing only; not documented to customers.";
 const API_BASE_URL_2_FLAG_DESCRIPTION = "Override the attachments-supporting send host base URL. Internal testing only; not documented to customers.";
-const HOST_2_OPERATIONS = new Set(["sendEmail"]);
+const HOST_2_OPERATIONS = new Set(["sendEmail", "replyToEmail"]);
 const RESERVED_FLAG_NAMES = new Set([
 	"api-key",
 	"api-base-url-1",
@@ -14394,6 +14042,39 @@ function canonicalizeCliReferences(description) {
 	return description.replaceAll("`primitive emails:latest`", "`primitive emails latest`").replaceAll("`primitive describe emails:get-email | jq '.responseSchema.properties'`", "`primitive describe emails:get | jq '.responseSchema.properties'`");
 }
 //#endregion
+//#region src/oclif/attachments.ts
+function readAttachmentBytes(path, readFile) {
+	try {
+		return Buffer.from(readFile(path));
+	} catch (error) {
+		const detail = error instanceof Error ? error.message : String(error);
+		throw new Errors.CLIError(`Could not read --attachment ${path}: ${detail}`, { exit: 1 });
+	}
+}
+function hasControlCharacter(value) {
+	return Array.from(value).some((character) => {
+		const code = character.charCodeAt(0);
+		return code <= 31 || code >= 127 && code <= 159;
+	});
+}
+function validateAttachmentFilename(path, filename) {
+	if (!filename) throw new Errors.CLIError(`Could not derive an attachment filename from ${path}. Pass a file path.`, { exit: 1 });
+	if (hasControlCharacter(filename)) throw new Errors.CLIError(`Attachment filename ${filename} contains control characters.`, { exit: 1 });
+}
+function readAttachmentFiles(paths, readFile = readFileSync) {
+	if (!paths || paths.length === 0) return void 0;
+	return paths.map((path) => {
+		const filename = basename(path);
+		validateAttachmentFilename(path, filename);
+		const bytes = readAttachmentBytes(path, readFile);
+		if (bytes.length === 0) throw new Errors.CLIError(`Attachment file ${path} is empty. Attachments must contain at least one byte.`, { exit: 1 });
+		return {
+			content_base64: bytes.toString("base64"),
+			filename
+		};
+	});
+}
+//#endregion
 //#region src/oclif/outbound-defaults.ts
 const SUBJECT_MAX_LENGTH = 200;
 function deriveSubject(body) {
@@ -14535,19 +14216,39 @@ async function fetchEmailSearchPage(params) {
 function sleep$1(ms) {
 	return new Promise((resolve) => setTimeout(resolve, ms));
 }
-//#endregion
-//#region src/oclif/commands/chat.ts
-const DEFAULT_CHAT_TIMEOUT_SECONDS = 120;
-const DEFAULT_STRICT_PHASE_SECONDS = 60;
 function cliError$6(message) {
 	return new Errors.CLIError(message, { exit: 1 });
 }
-async function readStdinToString() {
-	if (process.stdin.isTTY) throw cliError$6("No message provided. Pass the message as the second positional argument or pipe it via stdin.");
+async function readStdinToString(missingMessage = "No message provided. Pass the message as the second positional argument or pipe it via stdin.") {
+	if (process.stdin.isTTY) throw cliError$6(missingMessage);
 	const chunks = [];
 	for await (const chunk of process.stdin) chunks.push(typeof chunk === "string" ? Buffer.from(chunk) : chunk);
 	return Buffer.concat(chunks).toString("utf8");
 }
+function chatColor(color, text) {
+	return ux.colorize(color, text);
+}
+function chatCommandText(command) {
+	return chatColor("cyan", command);
+}
+function chatDetailLine(line) {
+	return chatColor("dim", line);
+}
+function chatFailureText(message) {
+	return chatColor("red", message);
+}
+function chatHeading(text) {
+	return chatColor("bold", text);
+}
+function chatNoticeText(message) {
+	return chatColor("yellow", message);
+}
+function chatProgressText(message) {
+	return chatColor("cyan", message);
+}
+function chatSuccessText(message) {
+	return chatColor("greenBright", message);
+}
 var ChatProgressIndicator = class {
 	currentMessage = null;
 	frameIndex = 0;
@@ -14568,7 +14269,7 @@ var ChatProgressIndicator = class {
 			this.timer.unref?.();
 			return;
 		}
-		this.stream.write(`${message}\n`);
+		this.stream.write(`${chatProgressText(message)}\n`);
 	}
 	update(message, options = {}) {
 		this.currentMessage = message;
@@ -14581,10 +14282,10 @@ var ChatProgressIndicator = class {
 			return;
 		}
 		this.stopTimer();
-		this.stream.write(`${message}\n`);
+		this.stream.write(`${chatProgressText(message)}\n`);
 		if (options.heartbeatMs !== void 0) {
 			this.timer = setInterval(() => {
-				this.stream.write(`${formatWaitingHeartbeat(message, this.now() - this.startedAt, options.timeoutSeconds)}\n`);
+				this.stream.write(`${chatProgressText(formatWaitingHeartbeat(message, this.now() - this.startedAt, options.timeoutSeconds))}\n`);
 			}, options.heartbeatMs);
 			this.timer.unref?.();
 		}
@@ -14593,17 +14294,17 @@ var ChatProgressIndicator = class {
 		if (this.stream.isTTY) {
 			const currentMessage = this.currentMessage;
 			this.clearLine();
-			this.stream.write(`${message}\n`);
+			this.stream.write(`${chatNoticeText(message)}\n`);
 			if (currentMessage !== null && this.timer !== null) this.render(currentMessage);
 			return;
 		}
-		this.stream.write(`${message}\n`);
+		this.stream.write(`${chatNoticeText(message)}\n`);
 	}
 	succeed(message) {
-		this.finish(`${message} after ${formatElapsed(this.now() - this.startedAt)}.`);
+		this.finish(chatSuccessText(`${message} after ${formatElapsed(this.now() - this.startedAt)}.`));
 	}
 	fail(message) {
-		this.finish(message);
+		this.finish(chatFailureText(message));
 	}
 	finish(message) {
 		this.stopTimer();
@@ -14620,9 +14321,10 @@ var ChatProgressIndicator = class {
 		];
 		const frame = frames[this.frameIndex % frames.length];
 		this.frameIndex += 1;
-		const line = `${frame} ${message} (${formatElapsed(this.now() - this.startedAt)})`;
-		this.lastLineLength = Math.max(this.lastLineLength, line.length);
-		this.stream.write(`\r${line}`);
+		const elapsed = `(${formatElapsed(this.now() - this.startedAt)})`;
+		const plainLine = `${frame} ${message} ${elapsed}`;
+		this.lastLineLength = Math.max(this.lastLineLength, plainLine.length);
+		this.stream.write(`\r${chatProgressText(`${frame} ${message}`)} ${chatColor("dim", elapsed)}`);
 	}
 	clearLine() {
 		if (this.lastLineLength > 0) {
@@ -14655,6 +14357,11 @@ function shellQuote(value) {
 function commandFromArgv(argv) {
 	return argv.map(shellQuote).join(" ");
 }
+function parseLocalChatIdArg(value) {
+	if (value === void 0 || !/^(0|[1-9]\d*)$/.test(value)) return null;
+	const parsed = Number(value);
+	return Number.isSafeInteger(parsed) ? parsed : null;
+}
 function resolveChatResponseBody(reply) {
 	if (reply.body_text && reply.body_text.length > 0) return {
 		body: reply.body_text,
@@ -14709,10 +14416,35 @@ function buildCommand(kind, description, argv, options = {}) {
 		requires_message: requiresMessage
 	};
 }
+function shouldPreferStrictContinuation(context) {
+	const hasCustomStrictPhase = context.strictPhaseSeconds !== 60;
+	return context.strictOnly || context.matchStrategy === "strict" && !hasCustomStrictPhase;
+}
 function buildChatFollowUpCommands(context) {
 	const commands = [];
-	const hasCustomStrictPhase = context.strictPhaseSeconds !== DEFAULT_STRICT_PHASE_SECONDS;
-	const shouldPreferStrictContinuation = context.strictOnly || context.matchStrategy === "strict" && !hasCustomStrictPhase;
+	const hasCustomStrictPhase = context.strictPhaseSeconds !== 60;
+	const preferStrictContinuation = shouldPreferStrictContinuation(context);
+	if (context.localChatId !== void 0) {
+		const localContinueParts = [
+			"primitive",
+			"chat",
+			"reply",
+			String(context.localChatId),
+			"<message>"
+		];
+		if (context.json) localContinueParts.push("--json");
+		if (context.quiet) localContinueParts.push("--quiet");
+		commands.push(buildCommand("continue_chat", "Continue this chat", localContinueParts, { requiresMessage: true }));
+		const activeContinueParts = [
+			"primitive",
+			"chat",
+			"reply",
+			"<message>"
+		];
+		if (context.json) activeContinueParts.push("--json");
+		if (context.quiet) activeContinueParts.push("--quiet");
+		commands.push(buildCommand("continue_active_chat", "Continue the active chat", activeContinueParts, { requiresMessage: true }));
+	}
 	const continueParts = [
 		"primitive",
 		"chat",
@@ -14728,9 +14460,9 @@ function buildChatFollowUpCommands(context) {
 	];
 	if (context.json) continueParts.push("--json");
 	if (context.quiet) continueParts.push("--quiet");
-	if (shouldPreferStrictContinuation) continueParts.push("--strict-only");
+	if (preferStrictContinuation) continueParts.push("--strict-only");
 	else if (hasCustomStrictPhase) continueParts.push("--strict-phase-seconds", String(context.strictPhaseSeconds));
-	commands.push(buildCommand("continue_chat", "Continue this chat", continueParts, { requiresMessage: true }));
+	commands.push(buildCommand(context.localChatId === void 0 ? "continue_chat" : "continue_chat_explicit", context.localChatId === void 0 ? "Continue this chat" : "Continue this chat explicitly", continueParts, { requiresMessage: true }));
 	commands.push(buildCommand("reply_direct", "Reply directly to the inbound email", [
 		"primitive",
 		"reply",
@@ -14804,6 +14536,7 @@ function buildChatJsonEnvelope(context) {
 	return {
 		sent: context.sent,
 		reply: context.reply,
+		local_chat_id: context.localChatId ?? null,
 		response_body: responseBody.body,
 		response_body_format: responseBody.format,
 		match: {
@@ -14814,48 +14547,69 @@ function buildChatJsonEnvelope(context) {
 		follow_up_commands: buildChatFollowUpCommands(context)
 	};
 }
+function persistActiveChat(params) {
+	try {
+		return saveActiveChatState(params.configDir, {
+			from: params.context.from,
+			last_reply_email_id: params.context.reply.id,
+			last_reply_received_at: params.context.reply.received_at,
+			last_sent_email_id: params.context.sent.id,
+			recipient: params.context.recipient,
+			strict_only: shouldPreferStrictContinuation(params.context),
+			strict_phase_seconds: params.context.strictPhaseSeconds,
+			thread_id: params.context.reply.thread_id ?? null,
+			timeout_seconds: params.context.timeoutSeconds
+		}, { preferredLocalId: params.preferredLocalId }).local_id;
+	} catch (error) {
+		const detail = error instanceof Error ? error.message : String(error);
+		params.writeWarning?.(`Warning: could not save local chat state: ${detail}\n`);
+		return null;
+	}
+}
 function formatChatResponse(context) {
 	const accepted = context.sent.accepted.join(", ") || context.recipient;
 	const responseBody = resolveChatResponseBody(context.reply);
 	const lines = [
-		"Reply received",
+		chatSuccessText("Reply received"),
 		"",
-		"Sent",
-		`  To: ${accepted}`,
-		`  From: ${context.sent.from || context.from}`,
-		`  Subject: ${context.subject}`,
-		`  Sent email id: ${context.sent.id}`,
-		`  Delivery status: ${context.sent.delivery_status ?? context.sent.status}`,
+		chatHeading("Sent"),
+		chatDetailLine(`  To: ${accepted}`),
+		chatDetailLine(`  From: ${context.sent.from || context.from}`),
+		chatDetailLine(`  Subject: ${context.subject}`),
+		chatDetailLine(`  Sent email id: ${context.sent.id}`),
+		chatColor("green", `  Delivery status: ${context.sent.delivery_status ?? context.sent.status}`),
 		"",
-		"Reply",
-		`  Email id: ${context.reply.id}`,
-		`  From: ${context.reply.from_email}`,
-		`  To: ${context.reply.to_email}`,
-		`  Subject: ${context.reply.subject ?? "(no subject)"}`,
-		`  Received: ${context.reply.received_at}`,
-		`  Match: ${matchDescription(context.matchStrategy)}`
+		chatHeading("Reply"),
+		chatDetailLine(`  Email id: ${context.reply.id}`),
+		chatDetailLine(`  From: ${context.reply.from_email}`),
+		chatDetailLine(`  To: ${context.reply.to_email}`),
+		chatDetailLine(`  Subject: ${context.reply.subject ?? "(no subject)"}`),
+		chatDetailLine(`  Received: ${context.reply.received_at}`),
+		chatDetailLine(`  Match: ${matchDescription(context.matchStrategy)}`)
 	];
-	if (context.reply.reply_to_sent_email_id) lines.push(`  Reply to sent email id: ${context.reply.reply_to_sent_email_id}`);
-	if (context.reply.message_id) lines.push(`  Message-Id: ${context.reply.message_id}`);
-	lines.push("", "Helpful follow-up commands", "  Replace <message> before running commands that include it.", "  Commands are templates; use --json for parse-safe output.", "  When shown, --strict-only prefers timing out over matching the wrong reply.");
-	for (const { description, command } of buildChatFollowUpCommands(context)) lines.push(`  ${description}:`, `    ${command}`);
-	lines.push("", `Response body (${responseBody.format}; use --json for parsing)`, "----- BEGIN RESPONSE -----", responseBody.body || "(empty response)", "----- END RESPONSE -----");
+	if (context.reply.reply_to_sent_email_id) lines.push(chatDetailLine(`  Reply to sent email id: ${context.reply.reply_to_sent_email_id}`));
+	if (context.reply.message_id) lines.push(chatDetailLine(`  Message-Id: ${context.reply.message_id}`));
+	if (context.localChatId !== void 0) lines.push(chatDetailLine(`  Local chat id: ${context.localChatId}`));
+	lines.push("", chatHeading("Helpful follow-up commands"), chatDetailLine("  Replace <message> before running commands that include it."), chatDetailLine("  Commands are templates; use --json for parse-safe output."), chatDetailLine("  When shown, --strict-only prefers timing out over matching the wrong reply."));
+	for (const { description, command } of buildChatFollowUpCommands(context)) lines.push(chatHeading(`  ${description}:`), `    ${chatCommandText(command)}`);
+	lines.push("", chatHeading(`Response body (${responseBody.format}; use --json for parsing)`), "----- BEGIN RESPONSE -----", responseBody.body || "(empty response)", "----- END RESPONSE -----");
 	return lines.join("\n");
 }
 function formatChatRecoveryContext(context) {
+	const accepted = context.sent.accepted.join(", ") || context.recipient;
 	const lines = [
 		"",
-		"Sent message context",
-		`  To: ${context.sent.accepted.join(", ") || context.recipient}`,
-		`  From: ${context.sent.from || context.from}`,
-		`  Subject: ${context.subject}`,
-		`  Sent email id: ${context.sent.id}`,
-		`  Delivery status: ${context.sent.delivery_status ?? context.sent.status}`,
-		`  Poll since: ${context.sentAtIso}`,
+		chatHeading("Sent message context"),
+		chatDetailLine(`  To: ${accepted}`),
+		chatDetailLine(`  From: ${context.sent.from || context.from}`),
+		chatDetailLine(`  Subject: ${context.subject}`),
+		chatDetailLine(`  Sent email id: ${context.sent.id}`),
+		chatColor("green", `  Delivery status: ${context.sent.delivery_status ?? context.sent.status}`),
+		chatDetailLine(`  Poll since: ${context.sentAtIso}`),
 		"",
-		"Helpful recovery commands"
+		chatHeading("Helpful recovery commands")
 	];
-	for (const { description, command } of buildChatRecoveryCommands(context)) lines.push(`  ${description}:`, `    ${command}`);
+	for (const { description, command } of buildChatRecoveryCommands(context)) lines.push(chatHeading(`  ${description}:`), `    ${chatCommandText(command)}`);
 	return lines.join("\n");
 }
 async function loadInboundEmailDetail(params) {
@@ -14926,6 +14680,8 @@ var ChatCommand = class ChatCommand extends Command {
   --reply-to-email-id <inbound-email-id>. Reply mode uses Primitive's
   reply endpoint, so the reply subject and threading headers are
   derived from the inbound email instead of copied into CLI flags.
+  Successful chat turns also save an active local chat, so the next
+  follow-up can be sent with \`primitive chat reply '<message>'\`.
   --json emits a structured envelope with both sides of the exchange,
   a direct response_body field, match details, and follow-up command
@@ -14945,8 +14701,11 @@ var ChatCommand = class ChatCommand extends Command {
 	static examples = [
 		"<%= config.bin %> chat help@agent.acme.dev 'how do I rotate my API key?'",
 		"cat error.log | <%= config.bin %> chat help@agent.acme.dev",
+		"<%= config.bin %> chat reply 'one more thing'",
+		"<%= config.bin %> chat reply 'see attached' --attachment ./report.pdf",
 		"<%= config.bin %> chat help@agent.acme.dev --reply 'one more thing'",
 		"<%= config.bin %> chat help@agent.acme.dev --reply 'one more thing' --reply-to-email-id <inbound-email-id>",
+		"<%= config.bin %> chat help@agent.acme.dev 'can you review this?' --attachment ./report.pdf",
 		"<%= config.bin %> chat help@agent.acme.dev 'follow up question' --json",
 		"<%= config.bin %> chat help@agent.acme.dev 'one more thing' --timeout 300"
 	];
@@ -14980,15 +14739,25 @@ var ChatCommand = class ChatCommand extends Command {
 		reply: Flags.string({ description: "Reply body. Continues the latest inbound email from the recipient to your sender address; pass --reply-to-email-id for an exact thread." }),
 		"reply-to-email-id": Flags.string({ description: "Inbound email id to continue exactly. Uses Primitive's reply endpoint, so recipient, subject, and threading headers are derived from the inbound email." }),
 		"in-reply-to": Flags.string({ description: "Raw Message-Id of the parent email to thread a new send against. Prefer --reply-to-email-id with --reply when continuing an inbound email stored by Primitive." }),
+		attachment: Flags.string({
+			char: "a",
+			description: "Attach a file to this chat message. Repeat --attachment to attach multiple files.",
+			multiple: true
+		}),
+		"chat-local-id": Flags.integer({
+			description: "Local chat id to update after this command succeeds. Internal plumbing for `primitive chat reply`.",
+			hidden: true,
+			min: 0
+		}),
 		json: Flags.boolean({ description: "Emit a structured JSON envelope { sent, reply, response_body, response_body_format, match, follow_up_commands } on stdout instead of the human-readable transcript." }),
 		quiet: Flags.boolean({ description: "Suppress stderr progress updates while sending and waiting. Errors and recovery commands are still written to stderr." }),
 		timeout: Flags.integer({
-			default: DEFAULT_CHAT_TIMEOUT_SECONDS,
+			default: 120,
 			description: "Seconds to wait for a reply before exiting non-zero; 0 waits forever.",
 			min: 0
 		}),
 		"strict-phase-seconds": Flags.integer({
-			default: DEFAULT_STRICT_PHASE_SECONDS,
+			default: 60,
 			description: "Seconds to wait in strict-threading mode (filter by reply_to_sent_email_id) before falling back to time-window matching. Set to the full --timeout to disable the fallback; --strict-only is the explicit way to do that.",
 			min: 1
 		}),
@@ -15028,6 +14797,7 @@ var ChatCommand = class ChatCommand extends Command {
 				configDir: this.config.configDir
 			};
 			const progress = flags.quiet ? null : new ChatProgressIndicator(process.stderr);
+			const attachments = readAttachmentFiles(flags.attachment);
 			let from;
 			let parentReply;
 			let subject;
@@ -15086,9 +14856,10 @@ var ChatCommand = class ChatCommand extends Command {
 			const sendResult = parentReply !== void 0 ? await replyToEmail({
 				body: {
 					body_text: message,
-					from
+					from,
+					...attachments !== void 0 ? { attachments } : {}
 				},
-				client: apiClient.client,
+				client: apiClient._sendClient,
 				path: { id: parentReply.id },
 				responseStyle: "fields"
 			}) : await sendEmail({
@@ -15097,7 +14868,8 @@ var ChatCommand = class ChatCommand extends Command {
 					to: args.recipient,
 					subject,
 					body_text: message,
-					...flags["in-reply-to"] !== void 0 ? { in_reply_to: flags["in-reply-to"] } : {}
+					...flags["in-reply-to"] !== void 0 ? { in_reply_to: flags["in-reply-to"] } : {},
+					...attachments !== void 0 ? { attachments } : {}
 				},
 				client: apiClient._sendClient,
 				responseStyle: "fields"
@@ -15172,16 +14944,140 @@ var ChatCommand = class ChatCommand extends Command {
 				return;
 			}
 			progress?.succeed(`Reply received from ${replyResult.reply.from_email}`);
-			const outputContext = {
+			let outputContext = {
 				...baseContext,
 				matchStrategy: replyResult.matchStrategy,
 				reply: replyResult.reply
 			};
+			const localChatId = persistActiveChat({
+				configDir: this.config.configDir,
+				context: outputContext,
+				preferredLocalId: flags["chat-local-id"],
+				writeWarning: (message) => process.stderr.write(message)
+			});
+			if (localChatId !== null) outputContext = {
+				...outputContext,
+				localChatId
+			};
 			if (flags.json) this.log(JSON.stringify(buildChatJsonEnvelope(outputContext), null, 2));
 			else this.log(formatChatResponse(outputContext));
 		});
 	}
 };
+var ChatReplyCommand = class ChatReplyCommand extends Command {
+	static description = `Reply in the active chat.
+  A successful \`primitive chat <email> <message>\` saves the latest
+  inbound reply as a local chat and makes it active. Use
+  \`primitive chat reply <message>\` for the active chat, or
+  \`primitive chat reply <local-id> <message>\` / \`--id <local-id>\`
+  for a specific local chat. The command uses Primitive's real reply
+  endpoint against the stored inbound email id, so the recipient,
+  subject, and threading headers are derived server-side from the
+  thread.
+  If no chat is open, start one with \`primitive chat <email> '<message>'\`.
+  For explicit control, use \`primitive chat <email> --reply '<message>'
+  --reply-to-email-id <inbound-email-id>\`.`;
+	static summary = "Reply in the active chat";
+	static examples = [
+		"<%= config.bin %> chat reply 'one more thing'",
+		"<%= config.bin %> chat reply 0 'one more thing'",
+		"<%= config.bin %> chat reply --id 0 'one more thing'",
+		"<%= config.bin %> chat reply 'see attached' --attachment ./report.pdf",
+		"cat follow-up.txt | <%= config.bin %> chat reply"
+	];
+	static args = {
+		idOrMessage: Args.string({ description: "Reply body, or a local chat id when followed by a separate message." }),
+		message: Args.string({ description: "Reply body when the first positional argument is an id." })
+	};
+	static flags = {
+		"api-key": Flags.string({
+			description: "Primitive API key (defaults to PRIMITIVE_API_KEY or saved `primitive signin` credentials)",
+			env: "PRIMITIVE_API_KEY"
+		}),
+		"api-base-url-1": Flags.string({
+			description: "Override the primary API base URL. Internal testing only; not documented to customers.",
+			env: "PRIMITIVE_API_BASE_URL_1",
+			hidden: true
+		}),
+		"api-base-url-2": Flags.string({
+			description: "Override the attachments-supporting send host base URL. Internal testing only; not documented to customers.",
+			env: "PRIMITIVE_API_BASE_URL_2",
+			hidden: true
+		}),
+		id: Flags.integer({
+			description: "Local chat id to reply in. Omit to use the most recent active chat.",
+			min: 0
+		}),
+		json: Flags.boolean({ description: "Emit a structured JSON envelope { sent, reply, response_body, response_body_format, match, follow_up_commands } on stdout instead of the human-readable transcript." }),
+		quiet: Flags.boolean({ description: "Suppress stderr progress updates while sending and waiting. Errors and recovery commands are still written to stderr." }),
+		timeout: Flags.integer({
+			description: "Seconds to wait for a reply before exiting non-zero. Defaults to the active chat's last timeout.",
+			min: 0
+		}),
+		"strict-phase-seconds": Flags.integer({
+			description: "Seconds to wait in strict-threading mode before falling back. Defaults to the active chat's last setting.",
+			min: 1
+		}),
+		"strict-only": Flags.boolean({ description: "Disable the time-window fallback. If the active chat was saved from a strict match, this is already the default." }),
+		attachment: Flags.string({
+			char: "a",
+			description: "Attach a file to the reply. Repeat --attachment to attach multiple files.",
+			multiple: true
+		}),
+		interval: Flags.integer({
+			description: "Seconds between polls while waiting for the reply.",
+			min: 1
+		}),
+		"page-size": Flags.integer({
+			description: "Inbound emails to fetch per poll while waiting (1-100). Internal tuning knob.",
+			max: 100,
+			min: 1,
+			hidden: true
+		}),
+		time: Flags.boolean({ description: TIME_FLAG_DESCRIPTION })
+	};
+	async run() {
+		const { args, flags } = await this.parse(ChatReplyCommand);
+		const positionalLocalId = flags.id === void 0 && args.message !== void 0 ? parseLocalChatIdArg(args.idOrMessage) : void 0;
+		if (flags.id === void 0 && args.message !== void 0 && positionalLocalId === null) throw cliError$6("When passing two positional arguments to `primitive chat reply`, the first must be a local chat id. Use `primitive chat reply '<message>'` for the active chat or `primitive chat reply --id <id> '<message>'` for a specific chat.");
+		if (flags.id !== void 0 && args.message !== void 0) throw cliError$6("With --id, pass the reply body as a single positional argument or pipe it via stdin.");
+		const localId = flags.id ?? (typeof positionalLocalId === "number" ? positionalLocalId : void 0);
+		const state = localId === void 0 ? loadActiveChatState(this.config.configDir) : loadChatConversationByLocalId(this.config.configDir, localId);
+		if (!state) throw cliError$6(localId === void 0 ? "No open chat. Start one with `primitive chat <email> '<message>'`." : `No local chat ${localId}. Start one with \`primitive chat <email> '<message>'\` or omit --id to use the active chat.`);
+		const message = args.message !== void 0 ? args.message : args.idOrMessage !== void 0 && args.idOrMessage !== "" ? args.idOrMessage : await readStdinToString("No reply body provided. Pass the reply body as a positional argument or pipe it via stdin.");
+		if (!message.trim()) throw cliError$6("Reply body is empty.");
+		const argv = [
+			state.recipient,
+			"--reply",
+			message,
+			"--from",
+			state.from,
+			"--reply-to-email-id",
+			state.last_reply_email_id,
+			"--timeout",
+			String(flags.timeout ?? state.timeout_seconds),
+			"--strict-phase-seconds",
+			String(flags["strict-phase-seconds"] ?? state.strict_phase_seconds),
+			"--interval",
+			String(flags.interval ?? 2),
+			"--page-size",
+			String(flags["page-size"] ?? 50),
+			"--chat-local-id",
+			String(state.local_id)
+		];
+		if (flags["api-key"] !== void 0) argv.push("--api-key", flags["api-key"]);
+		if (flags["api-base-url-1"] !== void 0) argv.push("--api-base-url-1", flags["api-base-url-1"]);
+		if (flags["api-base-url-2"] !== void 0) argv.push("--api-base-url-2", flags["api-base-url-2"]);
+		if (flags.json) argv.push("--json");
+		if (flags.quiet) argv.push("--quiet");
+		for (const attachment of flags.attachment ?? []) argv.push("--attachment", attachment);
+		if (state.strict_only || flags["strict-only"]) argv.push("--strict-only");
+		if (flags.time) argv.push("--time");
+		await ChatCommand.run(argv, { root: this.config.root });
+	}
+};
 async function waitForReply(params) {
 	const notice = params.notice ?? ((message) => {
 		process.stderr.write(`${message}\n`);
@@ -17186,8 +17082,8 @@ const PRIMITIVE_TEAM_AUTHOR = {
 	name: "Primitive Team",
 	url: "https://primitive.dev"
 };
-const SDK_VERSION_RANGE = "^0.33.0";
-const CLI_VERSION_RANGE = "^0.33.0";
+const SDK_VERSION_RANGE = "^0.35.0";
+const CLI_VERSION_RANGE = "^0.35.0";
 const ESBUILD_VERSION_RANGE = "^0.27.0";
 function renderHandler() {
 	return `// env.PRIMITIVE_API_KEY, env.PRIMITIVE_WEBHOOK_SECRET, and
@@ -18560,6 +18456,7 @@ const DOMAIN_DISPLAY_WIDTH = 34;
 const STATUS_DISPLAY_WIDTH = 12;
 const BOOL_DISPLAY_WIDTH = 7;
 const NUM_DISPLAY_WIDTH = 6;
+const DEFAULT_PRIMITIVE_LOCAL_PART = "agent";
 function plural(count, singular, pluralValue = `${singular}s`) {
 	return `${count} ${count === 1 ? singular : pluralValue}`;
 }
@@ -18595,6 +18492,14 @@ function domainSummary(domain) {
 		default: return `${domain.domain} has status ${String(domain.status)}.`;
 	}
 }
+function findSuggestedPrimitiveAddress(domains) {
+	const domain = domains.find((entry) => entry.managed && entry.active && entry.receiving_ready);
+	if (!domain) return null;
+	return {
+		address: `${DEFAULT_PRIMITIVE_LOCAL_PART}@${domain.domain}`,
+		domain: domain.domain
+	};
+}
 function focusInboxStatus(status, domainName) {
 	const normalized = domainName.toLowerCase();
 	const domain = status.domains.find((entry) => entry.domain.toLowerCase() === normalized);
@@ -18641,12 +18546,14 @@ function formatInboxStatus(status) {
 		"",
 		"Domains"
 	];
+	const suggestedAddress = findSuggestedPrimitiveAddress(status.domains);
 	if (status.domains.length === 0) lines.push("No domains configured.");
 	else {
 		lines.push(formatDomainHeader());
 		for (const domain of status.domains) lines.push(formatDomainRow(domain));
 	}
 	lines.push("", `Endpoints: ${status.endpoints.enabled}/${status.endpoints.total} enabled (${status.endpoints.fallback_enabled} fallback, ${status.endpoints.domain_scoped_enabled} domain-scoped, ${status.endpoints.function_enabled} function)`, `Functions: ${status.functions.deployed}/${status.functions.total} deployed (${status.functions.pending} pending, ${status.functions.failed} failed)`, `Recent inbound: ${plural(status.recent_emails.total, "email")} latest ${formatInboxDate(status.recent_emails.latest_received_at)}`);
+	if (suggestedAddress) lines.push("", `Primitive address: ${suggestedAddress.address}`, `  Any local-part at ${suggestedAddress.domain} can receive mail.`, `  Try: primitive send --to ${suggestedAddress.address} --subject "hello" --body "test"`);
 	if (status.next_actions.length > 0) {
 		lines.push("", "Next actions");
 		for (const action of status.next_actions) lines.push(formatNextAction(action));
@@ -18723,6 +18630,180 @@ var InboxStatusCommand = class InboxStatusCommand extends Command {
 	}
 };
 //#endregion
+//#region src/oclif/commands/inbox-setup.ts
+const DEFAULT_FUNCTION_NAME = "inbound-reply";
+const DEFAULT_LOCAL_PART = "inbox";
+const FUNCTION_ID_PLACEHOLDER = "<function-id>";
+function firstUsableManagedDomain(status) {
+	return status.domains.find((domain) => domain.managed && domain.receiving_ready && domain.active) ?? status.domains.find((domain) => domain.managed && domain.receiving_ready) ?? null;
+}
+function buildInboxSetupCommands(functionName = DEFAULT_FUNCTION_NAME) {
+	return {
+		scaffold: [
+			`primitive functions init ${functionName}`,
+			`cd ${functionName}`,
+			"npm install",
+			"npm run build",
+			`primitive functions deploy --name ${functionName} --file ./dist/handler.js --wait`,
+			`primitive functions test --id ${FUNCTION_ID_PLACEHOLDER} --wait --show-sends`
+		],
+		logs: `primitive functions logs --id ${FUNCTION_ID_PLACEHOLDER}`,
+		status: "primitive inbox status"
+	};
+}
+function buildInboxSetupProof(commands) {
+	return {
+		after_test: [
+			"inbound id for the generated test email",
+			"function id matching the deployed Function",
+			"invocation status completed, failed, or send_failed",
+			"reply/send result emitted by the handler"
+		],
+		logs_command: commands.logs
+	};
+}
+function buildInboxSetupGuide(status) {
+	const domain = firstUsableManagedDomain(status);
+	const commands = buildInboxSetupCommands();
+	const mode = !status.receiving_ready ? "not_receiving" : status.processing_ready ? "actively_processed" : "stored_only";
+	return {
+		readiness: {
+			ready: status.ready,
+			receiving_ready: status.receiving_ready,
+			processing_ready: status.processing_ready,
+			mode,
+			summary: status.summary
+		},
+		receive: {
+			address: domain ? `${DEFAULT_LOCAL_PART}@${domain.domain}` : null,
+			domain: domain?.domain ?? null,
+			managed: domain?.managed ?? false,
+			placeholder_local_part: domain ? DEFAULT_LOCAL_PART : null
+		},
+		processing: {
+			stored_only: status.receiving_ready && !status.processing_ready,
+			active: status.processing_ready,
+			enabled_endpoints: status.endpoints.enabled,
+			deployed_functions: status.functions.deployed
+		},
+		commands,
+		proof: buildInboxSetupProof(commands),
+		status
+	};
+}
+function formatReadiness(guide) {
+	const readiness = guide.readiness.ready ? "ready" : "not ready";
+	const receiving = guide.readiness.receiving_ready ? "yes" : "no";
+	const processing = guide.readiness.processing_ready ? "yes" : "no";
+	const mode = guide.readiness.mode === "actively_processed" ? "actively processed" : guide.readiness.mode === "stored_only" ? "stored-only" : "not receiving";
+	return [
+		`Readiness: ${readiness}`,
+		`Receiving: ${receiving}`,
+		`Processing: ${processing}`,
+		`Mode: ${mode}`
+	].join("\n");
+}
+function formatReceiveAddress(guide) {
+	if (!guide.receive.domain || !guide.receive.address) return "Receive address: none found on a receiving-ready Primitive-managed domain";
+	return [`Receive address: ${guide.receive.address}`, `Receive domain: ${guide.receive.domain} (Primitive-managed)`].join("\n");
+}
+function formatDomainDetails(status) {
+	if (status.domains.length === 0) return ["Domains: none configured"];
+	return status.domains.map((domain) => `- ${domain.domain}: ${statusText(domain.status)}, receive ${domain.receiving_ready ? "yes" : "no"}, process ${domain.processing_ready ? "yes" : "no"}, routes ${domain.processing_route_count}`);
+}
+function formatScaffoldCommands(commands) {
+	return commands.scaffold.map((command) => `  ${command}`);
+}
+function formatInboxSetupGuide(guide) {
+	const lines = [
+		"Inbound setup",
+		"",
+		guide.readiness.summary,
+		"",
+		formatReadiness(guide),
+		"",
+		formatReceiveAddress(guide),
+		"",
+		"Domains",
+		...formatDomainDetails(guide.status),
+		"",
+		`Processing routes: ${guide.processing.enabled_endpoints} enabled endpoint(s), ${guide.processing.deployed_functions} deployed Function(s)`
+	];
+	if (guide.readiness.mode === "not_receiving") lines.push("", "Next actions", "Make a receiving-ready domain available, then re-run:", `  ${guide.commands.status}`);
+	else if (!guide.processing.active) lines.push("", "Next actions", "No processing route is enabled. Scaffold, deploy, and test an email Function:", ...formatScaffoldCommands(guide.commands));
+	else lines.push("", "Next actions", "Inbound mail has an active processing route. Run a Function test when you know the Function id:", `  primitive functions test --id ${FUNCTION_ID_PLACEHOLDER} --wait --show-sends`);
+	if (guide.status.next_actions.length > 0) {
+		lines.push("", "API suggested actions");
+		for (const action of guide.status.next_actions) lines.push(action.command ? `- ${action.message}\n  ${action.command}` : `- ${action.message}`);
+	}
+	lines.push("", "Proof after functions test", "- Inbound id: the generated test email should have an inbound id.", "- Function id: the run should point at the Function id you deployed.", "- Invocation status: expect completed; failed or send_failed identifies the failing stage.", "- Reply/send result: --show-sends should show the handler's outbound result when it replies or sends.", "- Logs:", `  ${guide.proof.logs_command}`);
+	return lines.join("\n");
+}
+var InboxSetupCommand = class InboxSetupCommand extends Command {
+	static description = `Guide inbound email setup from the server-owned inbox status API.
+  This command does not scaffold, deploy, or run tests. It verifies auth, fetches inbox readiness, shows the first usable Primitive-managed receive address/domain, explains whether inbound mail is stored-only or actively processed, and prints the exact commands to add a Function processing route when one is missing.`;
+	static summary = "Guide inbound email setup";
+	static examples = ["<%= config.bin %> inbox setup", "<%= config.bin %> inbox setup --json"];
+	static flags = {
+		"api-key": Flags.string({
+			description: "Primitive API key override (defaults to PRIMITIVE_API_KEY or saved OAuth login credentials)",
+			env: "PRIMITIVE_API_KEY"
+		}),
+		"api-base-url-1": Flags.string({
+			description: API_BASE_URL_1_FLAG_DESCRIPTION,
+			env: "PRIMITIVE_API_BASE_URL_1",
+			hidden: true
+		}),
+		"api-base-url-2": Flags.string({
+			description: API_BASE_URL_2_FLAG_DESCRIPTION,
+			env: "PRIMITIVE_API_BASE_URL_2",
+			hidden: true
+		}),
+		json: Flags.boolean({ description: "Print structured readiness, receive address, commands, proof metadata, and raw status as JSON." }),
+		time: Flags.boolean({ description: TIME_FLAG_DESCRIPTION })
+	};
+	async run() {
+		const { flags } = await this.parse(InboxSetupCommand);
+		await runWithTiming(flags.time, async () => {
+			const { apiClient, auth, baseUrlOverridden } = await createAuthenticatedCliApiClient({
+				apiKey: flags["api-key"],
+				apiBaseUrl1: flags["api-base-url-1"],
+				apiBaseUrl2: flags["api-base-url-2"],
+				configDir: this.config.configDir
+			});
+			const result = await getInboxStatus({
+				client: apiClient.client,
+				responseStyle: "fields"
+			});
+			if (result.error) {
+				const errorPayload = extractErrorPayload(result.error);
+				writeErrorWithHints(errorPayload);
+				surfaceUnauthorizedHint({
+					auth,
+					baseUrlOverridden,
+					configDir: this.config.configDir,
+					payload: errorPayload
+				});
+				process.exitCode = 1;
+				return;
+			}
+			const envelope = result.data ?? {};
+			const status = envelope.data;
+			if (!status) throw new Errors.CLIError("Primitive API returned no inbox status.", { exit: 1 });
+			const guide = buildInboxSetupGuide(status);
+			if (flags.json) {
+				this.log(JSON.stringify({
+					...envelope,
+					data: guide
+				}, null, 2));
+				return;
+			}
+			this.log(formatInboxSetupGuide(guide));
+		});
+	}
+};
+//#endregion
 //#region src/oclif/commands/login.ts
 const MAX_CLI_LOGIN_POLL_INTERVAL_SECONDS = 60;
 function cliError$3(message) {
@@ -18904,6 +18985,7 @@ var LoginCommand$1 = class extends Command {
 			if (polled.data) {
 				const login = unwrapData$2(polled.data);
 				if (!login) throw cliError$3("Primitive API returned an empty CLI poll response.");
+				deleteChatState(this.config.configDir);
 				saveCliCredentials(this.config.configDir, {
 					access_token: login.access_token,
 					api_base_url_1: apiBaseUrl1,
@@ -19044,11 +19126,100 @@ function loadPendingAgentSignup(configDir, apiBaseUrl1) {
 		expires_in: Math.max(0, Math.ceil((new Date(pending.expires_at).getTime() - Date.now()) / 1e3))
 	};
 }
+function readPendingAgentSignupState(configDir, apiBaseUrl1) {
+	const path = pendingSignupPath(configDir);
+	let contents;
+	try {
+		contents = readFileSync(path, "utf8");
+	} catch (error) {
+		if (error && typeof error === "object" && error.code === "ENOENT") return null;
+		throw error;
+	}
+	let pending;
+	try {
+		pending = pendingSignupFromJson(JSON.parse(contents));
+	} catch {
+		pending = null;
+	}
+	if (!pending) {
+		deletePendingAgentSignup(configDir);
+		return null;
+	}
+	if (pending.api_base_url_1 !== apiBaseUrl1) return null;
+	return pending;
+}
+function pendingSignupStartCommand(email) {
+	return `primitive signup ${email ?? "<email>"} --signup-code <invite-code> --accept-terms`;
+}
+function buildSignupStatus(params) {
+	const copy = params.copy ?? DEFAULT_SIGNUP_COMMAND_COPY;
+	const pending = readPendingAgentSignupState(params.configDir, params.apiBaseUrl1);
+	if (!pending) return {
+		code_length: null,
+		confirm_command: null,
+		email: null,
+		expired: false,
+		expires_at: null,
+		expires_in: null,
+		pending: false,
+		resend_after: null,
+		resend_command: null,
+		signup_command: pendingSignupStartCommand(params.email)
+	};
+	if (params.email && normalizeEmail(pending.email) !== normalizeEmail(params.email)) throw cliError$2(`Pending ${copy.actionNoun} is for ${pending.email}, not ${params.email}. Run \`primitive signup status\` without an email argument to inspect it.`);
+	const expiresAtMs = new Date(pending.expires_at).getTime();
+	const expiresIn = Number.isFinite(expiresAtMs) ? Math.ceil((expiresAtMs - Date.now()) / 1e3) : null;
+	return {
+		code_length: pending.verification_code_length,
+		confirm_command: `primitive ${copy.confirmCommand(pending.email)}`,
+		email: pending.email,
+		expired: expiresIn !== null && expiresIn <= 0,
+		expires_at: pending.expires_at,
+		expires_in: expiresIn === null ? null : Math.max(0, expiresIn),
+		pending: true,
+		resend_after: pending.resend_after,
+		resend_command: `primitive ${copy.resendCommand(pending.email)}`
+	};
+}
+function writeSignupStatus(status) {
+	if (!status.pending) {
+		process$1.stdout.write("No pending Primitive signup found.\n");
+		process$1.stdout.write(`Start one with \`${status.signup_command ?? pendingSignupStartCommand()}\`.\n`);
+		return;
+	}
+	process$1.stdout.write(`Pending Primitive signup for ${status.email}.\n`);
+	if (status.code_length !== null) process$1.stdout.write(`Verification code length: ${status.code_length}\n`);
+	if (status.expires_at) if (status.expired) process$1.stdout.write(`Expired at: ${status.expires_at}\n`);
+	else {
+		process$1.stdout.write(`Expires at: ${status.expires_at}\n`);
+		process$1.stdout.write(`Expires in: ${formatSignupSeconds(status.expires_in)}\n`);
+	}
+	if (status.resend_after !== null) process$1.stdout.write(`Resend after: ${formatSignupSeconds(status.resend_after)}\n`);
+	if (status.confirm_command) process$1.stdout.write(`Confirm: ${status.confirm_command}\n`);
+	if (status.resend_command) process$1.stdout.write(`Resend: ${status.resend_command}\n`);
+}
+function runSignupStatus(params) {
+	const { requestConfig } = createCliApiClient({
+		apiBaseUrl1: params.flags["api-base-url-1"],
+		configDir: params.configDir
+	});
+	const status = buildSignupStatus({
+		apiBaseUrl1: requestConfig.resolvedApiBaseUrl1,
+		configDir: params.configDir,
+		copy: params.copy,
+		email: params.email
+	});
+	if (params.flags.json) {
+		process$1.stdout.write(`${JSON.stringify(status, null, 2)}\n`);
+		return;
+	}
+	writeSignupStatus(status);
+}
 function requirePendingSignupForEmail(params) {
 	const copy = params.copy ?? DEFAULT_SIGNUP_COMMAND_COPY;
 	const pending = loadPendingAgentSignup(params.configDir, params.apiBaseUrl1);
-	if (!pending) throw cliError$2(`No pending ${copy.actionNoun} for ${params.email}. Run \`primitive ${copy.startCommand(params.email)}\` first.`);
-	if (normalizeEmail(pending.email) !== normalizeEmail(params.email)) throw cliError$2(`Pending ${copy.actionNoun} is for ${pending.email}, not ${params.email}. Run \`primitive ${copy.startCommand(params.email)} --force\` to replace it.`);
+	if (!pending) throw cliError$2(`No pending ${copy.actionNoun} for ${params.email}. Run \`primitive signup status ${params.email}\` to inspect pending state, or \`primitive ${copy.startCommand(params.email)}\` first.`);
+	if (normalizeEmail(pending.email) !== normalizeEmail(params.email)) throw cliError$2(`Pending ${copy.actionNoun} is for ${pending.email}, not ${params.email}. Run \`primitive signup status\` to inspect it, or \`primitive ${copy.startCommand(params.email)} --force\` to replace it.`);
 	return pending;
 }
 function retryAfterSeconds(result) {
@@ -19125,6 +19296,7 @@ async function checkExistingCredentials(params) {
 	throw cliError$2(`Already logged in${existing.org_name ? ` for ${existing.org_name}` : ""}. Run \`primitive logout\` before ${copy.actionGerund}.`);
 }
 function saveSignupCredentials(params) {
+	deleteChatState(params.configDir);
 	saveCliCredentials(params.configDir, {
 		access_token: params.signup.access_token,
 		api_base_url_1: params.apiBaseUrl1,
@@ -19150,13 +19322,13 @@ async function startSignup(params) {
 	if (existingPending && !params.flags.force) {
 		if (normalizeEmail(existingPending.email) === normalizeEmail(params.email)) {
 			process$1.stderr.write(`Continuing pending Primitive ${copy.actionNoun} for ${existingPending.email}.\n`);
-			process$1.stderr.write(`Run \`primitive ${copy.confirmCommand(existingPending.email)}\` to finish, or \`primitive ${copy.resendCommand(existingPending.email)}\` to send a new code.\n`);
+			process$1.stderr.write(`Run \`primitive ${copy.confirmCommand(existingPending.email)}\` to finish, \`primitive ${copy.resendCommand(existingPending.email)}\` to send a new code, or \`primitive signup status\` to inspect it.\n`);
 			return {
 				pending: existingPending,
 				started: false
 			};
 		}
-		throw cliError$2(`Pending ${copy.actionNoun} is for ${existingPending.email}. Run \`primitive ${copy.startCommand(params.email)} --force\` to replace it.`);
+		throw cliError$2(`Pending ${copy.actionNoun} is for ${existingPending.email}. Run \`primitive signup status\` to inspect it, or \`primitive ${copy.startCommand(params.email)} --force\` to replace it.`);
 	}
 	if (params.flags.force) deletePendingAgentSignup(params.configDir);
 	const promptRequiredFn = params.deps.promptRequired ?? promptRequired;
@@ -19292,23 +19464,25 @@ async function runSignupConfirmWithCredentialLock(params) {
 	}
 	const payload = extractErrorPayload(verified.error);
 	const code = extractErrorCode(payload);
-	if (code === INVALID_VERIFICATION_CODE) throw cliError$2(`Invalid verification code. Try again or run ${(params.copy ?? DEFAULT_SIGNUP_COMMAND_COPY).resendCommand(params.email)}.`);
+	if (code === INVALID_VERIFICATION_CODE) throw cliError$2(`Invalid verification code. Try again, run ${(params.copy ?? DEFAULT_SIGNUP_COMMAND_COPY).resendCommand(params.email)}, or run primitive signup status.`);
 	if (code === EXPIRED_TOKEN || code === INVALID_SIGNUP_TOKEN) deletePendingAgentSignup(configDir);
 	writeErrorWithHints(payload);
 	throw cliError$2("Primitive agent signup failed while verifying the account.");
 }
 async function runSignupResendWithCredentialLock(params) {
 	const deps = params.deps ?? {};
+	const copy = params.copy ?? DEFAULT_SIGNUP_COMMAND_COPY;
 	const { apiClient, requestConfig } = createCliApiClient({
 		apiBaseUrl1: params.flags["api-base-url-1"],
 		configDir: params.configDir
 	});
-	const pending = requirePendingSignupForEmail({
+	const pending = params.email ? requirePendingSignupForEmail({
 		apiBaseUrl1: requestConfig.resolvedApiBaseUrl1,
-		copy: params.copy,
+		copy,
 		configDir: params.configDir,
 		email: params.email
-	});
+	}) : loadPendingAgentSignup(params.configDir, requestConfig.resolvedApiBaseUrl1);
+	if (!pending) throw cliError$2(`No pending ${copy.actionNoun} found. Run \`primitive signup status\` to inspect pending state, or start one with \`${pendingSignupStartCommand()}\`.`);
 	const resend = await resendVerificationCode({
 		apiBaseUrl1: requestConfig.resolvedApiBaseUrl1,
 		apiClient,
@@ -19481,12 +19655,12 @@ var SignupConfirmCommand = class SignupConfirmCommand extends Command {
 };
 var SignupResendCommand = class SignupResendCommand extends Command {
 	static args = { email: Args.string({
-		description: "Email address used to start signup",
-		required: true
+		description: "Email address used to start signup. Defaults to the saved pending signup.",
+		required: false
 	}) };
 	static description = "Resend the verification code for a pending signup.";
 	static summary = "Resend signup verification code";
-	static examples = ["<%= config.bin %> signup resend user@example.com"];
+	static examples = ["<%= config.bin %> signup resend", "<%= config.bin %> signup resend user@example.com"];
 	static flags = { "api-base-url-1": Flags.string({
 		description: "Override the primary API base URL. Internal testing only; not documented to customers.",
 		env: "PRIMITIVE_API_BASE_URL_1",
@@ -19511,6 +19685,35 @@ var SignupResendCommand = class SignupResendCommand extends Command {
 		}
 	}
 };
+var SignupStatusCommand = class SignupStatusCommand extends Command {
+	static args = { email: Args.string({
+		description: "Email address expected in the pending signup",
+		required: false
+	}) };
+	static description = "Inspect the locally saved pending Primitive signup state.";
+	static summary = "Show pending signup status";
+	static examples = [
+		"<%= config.bin %> signup status",
+		"<%= config.bin %> signup status user@example.com",
+		"<%= config.bin %> signup status --json"
+	];
+	static flags = {
+		"api-base-url-1": Flags.string({
+			description: "Override the primary API base URL. Internal testing only; not documented to customers.",
+			env: "PRIMITIVE_API_BASE_URL_1",
+			hidden: true
+		}),
+		json: Flags.boolean({ description: "Print pending signup status as JSON" })
+	};
+	async run() {
+		const { args, flags } = await this.parse(SignupStatusCommand);
+		runSignupStatus({
+			configDir: this.config.configDir,
+			email: args.email,
+			flags
+		});
+	}
+};
 var SignupInteractiveCommand = class SignupInteractiveCommand extends Command {
 	static description = "Run the full signup flow in one interactive terminal session.";
 	static summary = "Run interactive account signup";
@@ -19606,6 +19809,7 @@ function runForceLogout(params) {
 	const lockPath = credentialsLockPath(params.configDir);
 	const removed = [
 		existsSync(localCredentialsPath) ? "local Primitive CLI credentials" : null,
+		existsSync(chatStatePath(params.configDir)) ? "local chat reply state" : null,
 		existsSync(pendingPath) ? "pending email-code auth state" : null,
 		existsSync(lockPath) ? "credential lock" : null
 	].filter((value) => value !== null);
@@ -19770,6 +19974,7 @@ var ReplyCommand = class ReplyCommand extends Command {
 	static examples = [
 		"<%= config.bin %> reply --id <inbound-email-id> --body 'Thanks, got it.'",
 		"<%= config.bin %> reply --id <inbound-email-id> --body-file ./reply.txt",
+		"<%= config.bin %> reply --id <inbound-email-id> --body 'See attached.' --attachment ./report.pdf",
 		"<%= config.bin %> reply --id <inbound-email-id> --html '<p>Thanks, got it.</p>' --wait",
 		"<%= config.bin %> reply --id <inbound-email-id> --from 'Support <support@example.com>' --body 'Thanks!'"
 	];
@@ -19793,12 +19998,17 @@ var ReplyCommand = class ReplyCommand extends Command {
 			required: true
 		}),
 		body: Flags.string({ description: "Plain-text reply body. Either --body or --html (or both) is required." }),
-		"body-file": Flags.string({ description: "Read the plain-text reply body from a UTF-8 file. Mutually exclusive with --body and --body-stdin." }),
+		"body-file": Flags.string({ description: "Read the plain-text reply body from a UTF-8 file; this does not attach the file. Use --attachment for attachments. Mutually exclusive with --body and --body-stdin." }),
 		"body-stdin": Flags.boolean({ description: "Read the plain-text reply body from stdin. Mutually exclusive with --body and --body-file. Stdin can only be consumed once." }),
 		html: Flags.string({ description: "HTML reply body. Either --body or --html (or both) is required." }),
-		"html-file": Flags.string({ description: "Read the HTML reply body from a UTF-8 file. Mutually exclusive with --html and --html-stdin." }),
+		"html-file": Flags.string({ description: "Read the HTML reply body from a UTF-8 file; this does not attach the file. Use --attachment for attachments. Mutually exclusive with --html and --html-stdin." }),
 		"html-stdin": Flags.boolean({ description: "Read the HTML reply body from stdin. Mutually exclusive with --html and --html-file. Stdin can only be consumed once." }),
 		from: Flags.string({ description: "Optional From header override. Defaults to the inbound recipient." }),
+		attachment: Flags.string({
+			char: "a",
+			description: "Attach a file to the reply. Repeat --attachment to attach multiple files.",
+			multiple: true
+		}),
 		wait: Flags.boolean({ description: "Block until the receiving MTA returns an outcome. Without --wait, the call returns once Primitive has accepted the reply for delivery." }),
 		time: Flags.boolean({ description: TIME_FLAG_DESCRIPTION })
 	};
@@ -19820,14 +20030,16 @@ var ReplyCommand = class ReplyCommand extends Command {
 				apiBaseUrl2: flags["api-base-url-2"],
 				configDir: this.config.configDir
 			});
+			const attachments = readAttachmentFiles(flags.attachment);
 			const result = await replyToEmail({
 				body: {
 					...bodies.body !== void 0 ? { body_text: bodies.body } : {},
 					...bodies.html !== void 0 ? { body_html: bodies.html } : {},
 					...flags.from !== void 0 ? { from: flags.from } : {},
+					...attachments !== void 0 ? { attachments } : {},
 					...flags.wait !== void 0 ? { wait: flags.wait } : {}
 				},
-				client: apiClient.client,
+				client: apiClient._sendClient,
 				path: { id: flags.id },
 				responseStyle: "fields"
 			});
@@ -19852,39 +20064,6 @@ var ReplyCommand = class ReplyCommand extends Command {
 	}
 };
 //#endregion
-//#region src/oclif/attachments.ts
-function readAttachmentBytes(path, readFile) {
-	try {
-		return Buffer.from(readFile(path));
-	} catch (error) {
-		const detail = error instanceof Error ? error.message : String(error);
-		throw new Errors.CLIError(`Could not read --attachment ${path}: ${detail}`, { exit: 1 });
-	}
-}
-function hasControlCharacter(value) {
-	return Array.from(value).some((character) => {
-		const code = character.charCodeAt(0);
-		return code <= 31 || code >= 127 && code <= 159;
-	});
-}
-function validateAttachmentFilename(path, filename) {
-	if (!filename) throw new Errors.CLIError(`Could not derive an attachment filename from ${path}. Pass a file path.`, { exit: 1 });
-	if (hasControlCharacter(filename)) throw new Errors.CLIError(`Attachment filename ${filename} contains control characters.`, { exit: 1 });
-}
-function readAttachmentFiles(paths, readFile = readFileSync) {
-	if (!paths || paths.length === 0) return void 0;
-	return paths.map((path) => {
-		const filename = basename(path);
-		validateAttachmentFilename(path, filename);
-		const bytes = readAttachmentBytes(path, readFile);
-		if (bytes.length === 0) throw new Errors.CLIError(`Attachment file ${path} is empty. Attachments must contain at least one byte.`, { exit: 1 });
-		return {
-			content_base64: bytes.toString("base64"),
-			filename
-		};
-	});
-}
-//#endregion
 //#region src/oclif/commands/send.ts
 var SendCommand = class SendCommand extends Command {
 	static description = `Send an outbound email. Agent-grade shortcut for \`sending send\` with sensible defaults.
@@ -20659,6 +20838,7 @@ const CANONICAL_OPERATION_ALIASES = {
 	"domains:list": "domains:list-domains",
 	"domains:update": "domains:update-domain",
 	"domains:verify": "domains:verify-domain",
+	"emails:conversation": "emails:get-conversation",
 	"emails:delete": "emails:delete-email",
 	"emails:discard-content": "emails:discard-email-content",
 	"emails:download-raw": "emails:download-raw-email",
@@ -20718,6 +20898,7 @@ const COMMANDS = {
 	send: SendCommand,
 	reply: ReplyCommand,
 	chat: ChatCommand,
+	"chat:reply": ChatReplyCommand,
 	login: LoginCommand,
 	"login:browser": LoginBrowserCommand,
 	"login:confirm": LoginConfirmCommand,
@@ -20739,6 +20920,7 @@ const COMMANDS = {
 	"signup:confirm": SignupConfirmCommand,
 	"signup:interactive": SignupInteractiveCommand,
 	"signup:resend": SignupResendCommand,
+	"signup:status": SignupStatusCommand,
 	logout: LogoutCommand,
 	whoami: WhoamiCommand,
 	doctor: DoctorCommand,
@@ -20747,6 +20929,7 @@ const COMMANDS = {
 	"emails:wait": EmailsWaitCommand,
 	"domains:zone-file": DomainsZoneFileCommand,
 	"domains:download-domain-zone-file": DomainsZoneFileCommand,
+	"inbox:setup": InboxSetupCommand,
 	"inbox:status": InboxStatusCommand,
 	"inbox:get-inbox-status": InboxStatusCommand,
 	"functions:init": FunctionsInitCommand,