@primitivedotdev/cli 0.36.0 → 0.37.0

package/dist/oclif/index.js

@@ -14464,8 +14464,11 @@ const RESERVED_FLAG_NAMES = new Set([
 	"envelope",
 	"output"
 ]);
-function bodyFieldFlag(field) {
-	const common = { description: field.description || field.name };
+function bodyFieldFlag(field, aliases) {
+	const common = {
+		description: field.description || field.name,
+		...aliases && aliases.length > 0 ? { aliases } : {}
+	};
 	if (field.kind === "boolean") return Flags.boolean({
 		...common,
 		allowNo: true
@@ -14507,12 +14510,13 @@ function buildFlags(operation) {
 		flags["raw-body"] = Flags.string({ description: "Full request body as raw JSON. Escape hatch for nested or complex fields (e.g. arrays); prefer per-field flags (e.g. --to, --from, --body-text) when available." });
 		flags["body-file"] = Flags.string({ description: "Path to a JSON file used as the request body. Same role as --raw-body for callers passing a saved payload." });
 		const bodyFields = extractBodyFields(operation.requestSchema);
+		const aliasesForOperation = OPERATION_FLAG_ALIASES[operation.sdkName];
 		for (const field of bodyFields) {
 			if (field.kind === "complex") continue;
 			const name = flagName(field.name);
 			if (RESERVED_FLAG_NAMES.has(name)) continue;
 			if (flags[name] !== void 0) continue;
-			flags[name] = bodyFieldFlag(field);
+			flags[name] = bodyFieldFlag(field, aliasesForOperation?.[field.name]);
 			bodyFieldFlagToProperty.set(name, field.name);
 		}
 	}
@@ -14561,8 +14565,11 @@ const OPERATION_HINTS = {
 	createFunction: "Tip: prefer `primitive functions deploy --name <name> --file <bundle>` for file-input ergonomics. This raw command exists for callers passing JSON.",
 	updateFunction: "Tip: prefer `primitive functions redeploy --id <id> --file <bundle>` for file-input ergonomics. This raw command exists for callers passing JSON.",
 	createFunctionSecret: "Tip: prefer `primitive functions set-secret --id <id> --key <KEY> --value <value> [--redeploy]` for secret writes that also push the binding live. This raw command exists for callers passing JSON.",
-	setFunctionSecret: "Tip: prefer `primitive functions set-secret --id <id> --key <KEY> --value <value> [--redeploy]` for secret writes that also push the binding live. This raw command exists for callers passing JSON."
+	setFunctionSecret: "Tip: prefer `primitive functions set-secret --id <id> --key <KEY> --value <value> [--redeploy]` for secret writes that also push the binding live. This raw command exists for callers passing JSON.",
+	startAgentSignup: "Tip: also pass --signup-code <code> (request from Primitive; invite-only during the agent beta) and --terms-accepted. Capture the signup_token from the response and feed it to `primitive agent verify-agent-signup --signup-token <token> --verification-code <6-digit-code>` (the verify flag accepts --code as an alias). The high-level `primitive signup <email>` command walks an interactive user through both steps with friendlier prompts.",
+	verifyAgentSignup: "Tip: pass --verification-code <code> (or --code; both work). The response carries OAuth tokens but not your assigned inbox domain; run `primitive domains list` (or `primitive whoami`) after success to see the managed *.primitive.email address that routes to this account."
 };
+const OPERATION_FLAG_ALIASES = { verifyAgentSignup: { verification_code: ["code"] } };
 function createOperationCommand(operation) {
 	const { flags, bodyFieldFlagToProperty } = buildFlags(operation);
 	const baseDescription = operation.description !== null && operation.description !== void 0 ? canonicalizeCliReferences(operation.description) : `${operation.method} ${operation.path}`;
@@ -17677,8 +17684,8 @@ const PRIMITIVE_TEAM_AUTHOR = {
 	name: "Primitive Team",
 	url: "https://primitive.dev"
 };
-const SDK_VERSION_RANGE = "^0.36.0";
-const CLI_VERSION_RANGE = "^0.36.0";
+const SDK_VERSION_RANGE = "^0.37.0";
+const CLI_VERSION_RANGE = "^0.37.0";
 const ESBUILD_VERSION_RANGE = "^0.27.0";
 function renderHandler() {
 	return `// env.PRIMITIVE_API_KEY, env.PRIMITIVE_WEBHOOK_SECRET, and
@@ -17753,22 +17760,50 @@ function inboundRecipientDomains(event: EmailReceivedEvent): Set<string> {
 // SMTP recipients instead.
 //
 // The default check skips:
+//   - bounce notifications, which RFC 5321 requires to use an empty
+//     SMTP envelope sender (MAIL FROM:<>). Replying to a null sender
+//     is forbidden and would itself bounce, producing a
+//     bounce-of-bounce chain. The body header on a bounce typically
+//     reads "From: MAILER-DAEMON@..." which a naive From-only check
+//     would treat as a normal sender, so we gate on the envelope here.
 //   - direct self-mail where From equals one of the inbound recipients;
-//   - mailer-daemon/postmaster bounces from the same domain as the inbound;
+//   - mailer-daemon/postmaster bounces from the same domain as the
+//     inbound, as a backup for bounces that arrive with a non-empty
+//     envelope sender;
 //   - any address explicitly listed in EXTRA_SELF_ADDRESSES.
 //
-// Extend this helper if you need stricter detection. Common additions:
-//   - Honor RFC 3834 auto-response headers: skip when
-//     event.email.headers["auto-submitted"] is anything other than "no",
-//     or when a List-Unsubscribe / Precedence: bulk header is present.
+// Anything with no identifiable sender at all (envelope + From both
+// empty) is treated as a loop terminator: better to drop one ambiguous
+// message than to reply blindly and loop on a bounce.
+//
+// Extend this helper if you need stricter detection. Common additions
+// not implemented here today:
+//   - Honor RFC 3834 auto-response headers: skip when an
+//     auto-submitted header is anything other than "no", or when a
+//     list-unsubscribe / precedence: bulk header is present. The
+//     EmailReceivedEvent.email.headers shape does not currently surface
+//     these, so detection requires either a parsed-headers field on
+//     the event or a parse of the raw RFC 822 body.
 //   - Track Message-ID / In-Reply-To chains to break ping-pong loops
 //     between two cooperating handlers on different domains.
+//   - Rate-limit replies per sender per hour as a safety net.
 export function isLoop(event: EmailReceivedEvent): boolean {
+  // RFC 5321: bounce notifications use the null MAIL FROM (envelope
+  // sender = empty string). Some MTAs report this as "<>" verbatim.
+  // Treat either as an unambiguous bounce signal.
+  const envelopeSender = (event.email.smtp.mail_from || "").trim();
+  if (envelopeSender === "" || envelopeSender === "<>") return true;
+
   const fromAddresses = [
     ...extractEmailAddresses(event.email.headers.from),
     ...extractEmailAddresses(event.email.smtp.mail_from),
   ];
-  if (fromAddresses.length === 0) return false;
+  // No identifiable sender across either envelope or header: treat as
+  // a loop terminator. Was return false in the original template; that
+  // returned mail with empty headers straight back into the handler
+  // and let bounces with malformed bodies slip past the bounce guard
+  // above.
+  if (fromAddresses.length === 0) return true;
 
   const inboundAddresses = new Set(inboundRecipientAddresses(event));
   const inboundDomains = inboundRecipientDomains(event);
@@ -18244,6 +18279,25 @@ function emitLogRows(rows, jsonl) {
 		process.stdout.write(`${line}\n`);
 	}
 }
+async function readFunctionInvocations(client, id) {
+	try {
+		const result = await getFunction({
+			client,
+			path: { id },
+			responseStyle: "fields",
+			signal: AbortSignal.timeout(3e3)
+		});
+		if (result.error) return null;
+		const fn = result.data?.data;
+		if (!fn) return null;
+		return {
+			invocations_total: typeof fn.invocations_total === "number" ? fn.invocations_total : 0,
+			invocations_24h: typeof fn.invocations_24h === "number" ? fn.invocations_24h : 0
+		};
+	} catch {
+		return null;
+	}
+}
 var FunctionsLogsCommand = class FunctionsLogsCommand extends Command {
 	static description = "List or follow function execution logs. Defaults to compact text output; use --jsonl for one JSON object per log row.";
 	static summary = "List or follow a function's execution logs";
@@ -18342,7 +18396,14 @@ var FunctionsLogsCommand = class FunctionsLogsCommand extends Command {
 					cursor = page.next_cursor;
 				}
 				if (rows.length === 0 && !wroteEmptyHint) {
-					process.stderr.write(flags.follow ? hasObservedLogs ? "Waiting for new function logs...\n" : "No function logs yet. Waiting for new rows...\n" : "No function logs yet. Trigger the function, then run this command again.\n");
+					let emptyHint;
+					if (flags.follow) emptyHint = hasObservedLogs ? "Waiting for new function logs...\n" : "No function logs yet. Waiting for new rows...\n";
+					else if (flags.cursor) emptyHint = "No more function logs after this cursor.\n";
+					else {
+						const fnInvocations = await readFunctionInvocations(apiClient.client, flags.id);
+						emptyHint = fnInvocations && fnInvocations.invocations_total > 0 ? `No function logs yet, but this function has been invoked ${fnInvocations.invocations_total} time(s) (${fnInvocations.invocations_24h} in the last 24h). Your handler likely has no console.log/console.error calls on the path that fired. Add logging and redeploy to surface details.\n` : "No function logs yet. Trigger the function, then run this command again.\n";
+					}
+					process.stderr.write(emptyHint);
 					wroteEmptyHint = true;
 				}
 				emitLogRows(rows, flags.jsonl);
@@ -21504,12 +21565,14 @@ var OtpResendCommand = class extends SigninOtpResendCommand {
 };
 //#endregion
 //#region src/oclif/commands/whoami.ts
-function formatWhoamiSummary(account) {
-	return [
+function formatWhoamiSummary(account, managedInboxDomain) {
+	const lines = [
 		`Authenticated as ${account.email}`,
 		`Account id: ${account.id}`,
 		`Plan: ${account.plan}`
-	].join("\n");
+	];
+	if (managedInboxDomain) lines.push(`Managed inbox: any-local-part@${managedInboxDomain}`);
+	return lines.join("\n");
 }
 var WhoamiCommand = class WhoamiCommand extends Command {
 	static description = `Print the account currently authenticated by saved OAuth credentials or an explicit API key. Useful as a credentials smoke test: confirms auth is live and shows which account it belongs to.
@@ -21563,11 +21626,22 @@ var WhoamiCommand = class WhoamiCommand extends Command {
 				process.stderr.write("Server returned an empty account body; this should not happen for a valid key.\n");
 				throw new Errors.CLIError("unexpected empty response");
 			}
+			let managedInboxDomain = null;
+			try {
+				const domainsResult = await listDomains({
+					client: apiClient.client,
+					responseStyle: "fields"
+				});
+				if (!domainsResult.error) managedInboxDomain = (domainsResult.data?.data ?? []).find((row) => row.verified && row.managed_zone !== null)?.domain ?? null;
+			} catch {}
 			if (flags.json) {
-				this.log(JSON.stringify(account, null, 2));
+				this.log(JSON.stringify({
+					...account,
+					managed_inbox_domain: managedInboxDomain
+				}, null, 2));
 				return;
 			}
-			this.log(formatWhoamiSummary(account));
+			this.log(formatWhoamiSummary(account, managedInboxDomain));
 		});
 	}
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@primitivedotdev/cli",
-  "version": "0.36.0",
+  "version": "0.37.0",
   "description": "Official Primitive CLI: deploy Primitive Functions, send and inspect mail, manage endpoints, all from the terminal. Wraps the @primitivedotdev/sdk runtime client with one-shot commands.",
   "type": "module",
   "sideEffects": false,