@primitivedotdev/sdk 0.20.0 → 0.21.0

package/dist/{index-C6ObsYjq.d.ts → index-QTYQpSFt.d.ts}

@@ -321,7 +321,7 @@ type Options$1<TData extends TDataShape = TDataShape, ThrowOnError extends boole
 //#endregion
 //#region src/api/generated/types.gen.d.ts
 type ClientOptions = {
-  baseUrl: 'https://www.primitive.dev/api/v1' | (string & {});
+  baseUrl: 'https://www.primitive.dev/api/v1' | 'https://api.primitive.dev/v1' | 'https://api.primitive.dev/v1' | 'https://www.primitive.dev/api/v1' | (string & {});
 };
 type SuccessEnvelope = {
   success: boolean;
@@ -347,7 +347,7 @@ type PaginationMeta = {
 type ErrorResponse = {
   success: boolean;
   error: {
-    code: 'unauthorized' | 'forbidden' | 'not_found' | 'validation_error' | 'rate_limit_exceeded' | 'internal_error' | 'conflict' | 'mx_conflict' | 'outbound_disabled' | 'cannot_send_from_domain' | 'recipient_not_allowed' | 'outbound_key_missing' | 'outbound_unreachable' | 'outbound_key_invalid' | 'outbound_capacity_exhausted' | 'outbound_response_malformed' | 'outbound_relay_failed' | 'discard_not_enabled' | 'inbound_not_repliable' | 'authorization_pending' | 'slow_down' | 'access_denied' | 'expired_token' | 'invalid_device_code';
+    code: 'unauthorized' | 'forbidden' | 'not_found' | 'validation_error' | 'rate_limit_exceeded' | 'internal_error' | 'conflict' | 'mx_conflict' | 'outbound_disabled' | 'cannot_send_from_domain' | 'recipient_not_allowed' | 'outbound_key_missing' | 'outbound_unreachable' | 'outbound_key_invalid' | 'outbound_capacity_exhausted' | 'outbound_response_malformed' | 'outbound_relay_failed' | 'discard_not_enabled' | 'inbound_not_repliable' | 'search_timeout' | 'authorization_pending' | 'slow_down' | 'access_denied' | 'expired_token' | 'invalid_device_code';
     message: string;
     /**
      * Optional structured data that callers can inspect to recover
@@ -644,6 +644,66 @@ type EmailSummary = {
   webhook_status?: EmailWebhookStatus;
   webhook_attempt_count: number;
 };
+type EmailSearchHighlights = {
+  /**
+   * Subject snippets with matching terms highlighted.
+   */
+  subject: Array<string>;
+  /**
+   * Body snippets with matching terms highlighted.
+   */
+  body: Array<string>;
+};
+type EmailSearchResult = EmailSummary & {
+  /**
+   * Number of parsed attachments on the email.
+   */
+  attachment_count: number;
+  /**
+   * Whether the parsed From address is known to this org from prior authenticated inbound mail.
+   */
+  from_known_address: boolean;
+  /**
+   * Relevance score. Present only when sorting by relevance.
+   */
+  score?: number;
+  highlights?: EmailSearchHighlights;
+};
+type EmailSearchMeta = {
+  /**
+   * Total number of matching records, capped when `total_capped` is true.
+   */
+  total: number;
+  /**
+   * Whether `total` was capped instead of counted exactly.
+   */
+  total_capped: boolean;
+  /**
+   * Page size used for this request.
+   */
+  limit: number;
+  /**
+   * Cursor for the next search page, or null if no more results.
+   */
+  cursor: string | null;
+  /**
+   * Sort mode used for the result page.
+   */
+  sort: 'relevance' | 'received_at_desc' | 'received_at_asc';
+};
+type EmailSearchFacetBucket = {
+  value: string | null;
+  count: number;
+};
+type EmailSearchFacets = {
+  by_sender: Array<EmailSearchFacetBucket>;
+  by_domain: Array<EmailSearchFacetBucket>;
+  by_status: Array<EmailSearchFacetBucket>;
+  has_attachment: {
+    true: number;
+    false: number;
+  };
+};
 type EmailDetail = {
   id: string;
   message_id?: string | null;
@@ -2186,6 +2246,109 @@ type ListEmailsResponses = {
   };
 };
 type ListEmailsResponse = ListEmailsResponses[keyof ListEmailsResponses];
+type SearchEmailsData = {
+  body?: never;
+  path?: never;
+  query?: {
+    /**
+     * Full-text search DSL query.
+     */
+    q?: string;
+    /**
+     * Filter by sender address or sender domain.
+     */
+    from?: string;
+    /**
+     * Filter by recipient address or recipient domain.
+     */
+    to?: string;
+    /**
+     * Full-text search restricted to the subject field.
+     */
+    subject?: string;
+    /**
+     * Full-text search restricted to the parsed text body.
+     */
+    body?: string;
+    /**
+     * Filter by domain ID.
+     */
+    domain_id?: string;
+    /**
+     * Filter by inbound email lifecycle status.
+     */
+    status?: EmailStatus;
+    /**
+     * Filter emails received on or after this timestamp.
+     */
+    date_from?: string;
+    /**
+     * Filter emails received on or before this timestamp.
+     */
+    date_to?: string;
+    /**
+     * Filter by whether the email has one or more attachments.
+     */
+    has_attachment?: 'true' | 'false';
+    /**
+     * Filter to emails with spam score below this value.
+     */
+    spam_score_lt?: number;
+    /**
+     * Filter to emails with spam score greater than or equal to this value.
+     */
+    spam_score_gte?: number;
+    /**
+     * Sort mode. Defaults to relevance when a text query is present,
+     * otherwise `received_at_desc`.
+     *
+     */
+    sort?: 'relevance' | 'received_at_desc' | 'received_at_asc';
+    /**
+     * Opaque pagination cursor from a previous search response.
+     */
+    cursor?: string;
+    /**
+     * Number of results per page
+     */
+    limit?: number;
+    /**
+     * Include subject/body highlight snippets when text search is active.
+     */
+    snippet?: 'true' | 'false';
+    /**
+     * Include facet counts for sender, domain, status, and attachment presence.
+     */
+    include_facets?: 'true' | 'false';
+  };
+  url: '/emails/search';
+};
+type SearchEmailsErrors = {
+  /**
+   * Invalid request parameters
+   */
+  400: ErrorResponse;
+  /**
+   * Invalid or missing API key
+   */
+  401: ErrorResponse;
+  /**
+   * Search query timed out
+   */
+  504: ErrorResponse;
+};
+type SearchEmailsError = SearchEmailsErrors[keyof SearchEmailsErrors];
+type SearchEmailsResponses = {
+  /**
+   * Search results
+   */
+  200: SuccessEnvelope & {
+    data: Array<EmailSearchResult>;
+    meta: EmailSearchMeta;
+    facets?: EmailSearchFacets;
+  };
+};
+type SearchEmailsResponse = SearchEmailsResponses[keyof SearchEmailsResponses];
 type DeleteEmailData = {
   body?: never;
   path: {
@@ -3409,7 +3572,7 @@ type SetFunctionSecretResponses = {
 };
 type SetFunctionSecretResponse = SetFunctionSecretResponses[keyof SetFunctionSecretResponses];
 declare namespace sdk_gen_d_exports {
-  export { Options, addDomain, cliLogout, createEndpoint, createFilter, createFunction, createFunctionSecret, deleteDomain, deleteEmail, deleteEndpoint, deleteFilter, deleteFunction, deleteFunctionSecret, discardEmailContent, downloadAttachments, downloadRawEmail, getAccount, getEmail, getFunction, getSendPermissions, getSentEmail, getStorageStats, getWebhookSecret, listDeliveries, listDomains, listEmails, listEndpoints, listFilters, listFunctionSecrets, listFunctions, listSentEmails, pollCliLogin, replayDelivery, replayEmailWebhooks, replyToEmail, rotateWebhookSecret, sendEmail, setFunctionSecret, startCliLogin, testEndpoint, testFunction, updateAccount, updateDomain, updateEndpoint, updateFilter, updateFunction, verifyDomain };
+  export { Options, addDomain, cliLogout, createEndpoint, createFilter, createFunction, createFunctionSecret, deleteDomain, deleteEmail, deleteEndpoint, deleteFilter, deleteFunction, deleteFunctionSecret, discardEmailContent, downloadAttachments, downloadRawEmail, getAccount, getEmail, getFunction, getSendPermissions, getSentEmail, getStorageStats, getWebhookSecret, listDeliveries, listDomains, listEmails, listEndpoints, listFilters, listFunctionSecrets, listFunctions, listSentEmails, pollCliLogin, replayDelivery, replayEmailWebhooks, replyToEmail, rotateWebhookSecret, searchEmails, sendEmail, setFunctionSecret, startCliLogin, testEndpoint, testFunction, updateAccount, updateDomain, updateEndpoint, updateFilter, updateFunction, verifyDomain };
 }
 type Options<TData extends TDataShape = TDataShape, ThrowOnError extends boolean = boolean, TResponse = unknown> = Options$1<TData, ThrowOnError, TResponse> & {
   /**
@@ -3557,6 +3720,23 @@ declare const verifyDomain: <ThrowOnError extends boolean = false>(options: Opti
  *
  */
 declare const listEmails: <ThrowOnError extends boolean = false>(options?: Options<ListEmailsData, ThrowOnError>) => RequestResult<ListEmailsResponses, ListEmailsErrors, ThrowOnError, "fields">;
+/**
+ * Search inbound emails
+ *
+ * Searches inbound emails with structured filters and optional
+ * full-text matching across parsed email fields. This endpoint is
+ * optimized for filtered inbox views and CLI polling workflows:
+ * callers that only need new accepted mail can pass
+ * `sort=received_at_asc`, `snippet=false`, `include_facets=false`,
+ * and a `date_from` timestamp.
+ *
+ * `q`, `subject`, and `body` use the same English full-text index
+ * as the web inbox search. Structured filters such as `from`, `to`,
+ * `domain_id`, status, attachment presence, and spam score bounds
+ * are combined with the text query.
+ *
+ */
+declare const searchEmails: <ThrowOnError extends boolean = false>(options?: Options<SearchEmailsData, ThrowOnError>) => RequestResult<SearchEmailsResponses, SearchEmailsErrors, ThrowOnError, "fields">;
 /**
  * Delete an email
  */
@@ -3796,6 +3976,15 @@ declare const getSendPermissions: <ThrowOnError extends boolean = false>(options
  * the request returns once the relay accepts the message for delivery.
  * Set `wait: true` to wait for the first downstream SMTP delivery outcome.
  *
+ * **Host routing.** /send-mail is served by the attachments-
+ * supporting host (`https://api.primitive.dev/v1`) so the
+ * request body can carry inline attachments up to ~30 MiB raw.
+ * The primary host (`https://www.primitive.dev/api/v1`) also
+ * accepts /send-mail for attachment-free sends; sends WITH
+ * attachments to the primary host return 413
+ * `attachments_unsupported_on_this_endpoint`. The typed SDKs
+ * route /send-mail to the attachments host automatically.
+ *
  */
 declare const sendEmail: <ThrowOnError extends boolean = false>(options: Options<SendEmailData, ThrowOnError>) => RequestResult<SendEmailResponses, SendEmailErrors, ThrowOnError, "fields">;
 /**
@@ -3984,11 +4173,15 @@ declare const deleteFunctionSecret: <ThrowOnError extends boolean = false>(optio
 declare const setFunctionSecret: <ThrowOnError extends boolean = false>(options: Options<SetFunctionSecretData, ThrowOnError>) => RequestResult<SetFunctionSecretResponses, SetFunctionSecretErrors, ThrowOnError, "fields">;
 //#endregion
 //#region src/api/index.d.ts
-declare const DEFAULT_BASE_URL = "https://www.primitive.dev/api/v1";
+declare const DEFAULT_API_BASE_URL_1 = "https://www.primitive.dev/api/v1";
+declare const DEFAULT_API_BASE_URL_2 = "https://api.primitive.dev/v1";
 interface PrimitiveApiClientOptions extends Omit<Config, "auth" | "baseUrl"> {
   apiKey?: string;
   auth?: Config["auth"];
-  baseUrl?: string;
+  /** @internal Override for the primary API host. Production default is correct; this exists for staging/local testing only. */
+  apiBaseUrl1?: string;
+  /** @internal Override for the attachments-supporting send host. Production default is correct; this exists for staging/local testing only. */
+  apiBaseUrl2?: string;
 }
 interface SendThreadInput {
   inReplyTo?: string;
@@ -4088,7 +4281,23 @@ declare class PrimitiveApiError extends Error {
   });
 }
 declare class PrimitiveApiClient {
+  /**
+   * Generated client targeting the primary API host (apiBaseUrl1). Use
+   * this when passing `client: ...` to a generated operation function
+   * for every endpoint EXCEPT /send-mail. The hand-written
+   * PrimitiveClient.send / .reply / .forward methods on the subclass
+   * route /send-mail to the host-2 client internally.
+   */
   readonly client: Client;
+  /**
+   * @internal Generated client targeting the attachments-supporting
+   * send host (apiBaseUrl2). Used by PrimitiveClient.send() under the
+   * hood. Exposed for the CLI's hand-rolled send command, which calls
+   * the generated sendEmail directly; not part of the publicly-
+   * documented SDK surface. Customer code should call .send() on the
+   * subclass instead.
+   */
+  readonly _sendClient: Client;
   constructor(options?: PrimitiveApiClientOptions);
   getConfig(): Config<ClientOptions$1>;
   setConfig(config: Config): Config<ClientOptions$1>;
@@ -4118,4 +4327,4 @@ declare function createPrimitiveClient(options?: PrimitiveClientOptions): Primit
 declare function client(options?: PrimitiveClientOptions): PrimitiveClient;
 declare const operations: typeof sdk_gen_d_exports;
 //#endregion
-export { rotateWebhookSecret as $, UpdateAccountData as $a, ReplyToEmailData as $i, EmailStatus as $n, ListDomainsData as $r, CreateFunctionSecretResponses as $t, deleteFunctionSecret as A, SetFunctionSecretResponse as Aa, ListSentEmailsData as Ai, DeleteFunctionSecretResponses as An, VerifyDomainData as Ao, GetSendPermissionsResponse as Ar, CreateEndpointError as At, getWebhookSecret as B, TestEndpointData as Ba, PollCliLoginResponse as Bi, DomainVerifyResult as Bn, Options$1 as Bo, GetStorageStatsResponse as Br, CreateFilterResponses as Bt, createFunction as C, SentEmailDetail as Ca, ListFunctionSecretsResponse as Ci, DeleteFunctionErrors as Cn, UpdateFunctionData as Co, GetFunctionError as Cr, CliLogoutErrors as Ct, deleteEndpoint as D, SetFunctionSecretError as Da, ListFunctionsErrors as Di, DeleteFunctionSecretError as Dn, UpdateFunctionResponse as Do, GetSendPermissionsData as Dr, CliLogoutResult as Dt, deleteEmail as E, SetFunctionSecretData as Ea, ListFunctionsError as Ei, DeleteFunctionSecretData as En, UpdateFunctionInput as Eo, GetFunctionResponses as Er, CliLogoutResponses as Et, getEmail as F, StartCliLoginInput as Fa, PaginationMeta as Fi, DiscardEmailContentError as Fn, WebhookSecret as Fo, GetSentEmailResponse as Fr, CreateFilterData as Ft, listFilters as G, TestFunctionData as Ga, ReplayDeliveryResponse as Gi, DownloadAttachmentsResponses as Gn, GetWebhookSecretResponse as Gr, CreateFunctionResponse as Gt, listDomains as H, TestEndpointErrors as Ha, ReplayDeliveryData as Hi, DownloadAttachmentsError as Hn, RequestResult as Ho, GetWebhookSecretData as Hr, CreateFunctionError as Ht, getFunction as I, StartCliLoginResponse as Ia, PollCliLoginData as Ii, DiscardEmailContentErrors as In, Client as Io, GetSentEmailResponses as Ir, CreateFilterError as It, listSentEmails as J, TestFunctionResponse as Ja, ReplayEmailWebhooksError as Ji, DownloadRawEmailErrors as Jn, ListDeliveriesData as Jr, CreateFunctionSecretData as Jt, listFunctionSecrets as K, TestFunctionError as Ka, ReplayDeliveryResponses as Ki, DownloadRawEmailData as Kn, GetWebhookSecretResponses as Kr, CreateFunctionResponses as Kt, getSendPermissions as L, StartCliLoginResponses as La, PollCliLoginError as Li, DiscardEmailContentResponse as Ln, ClientOptions$1 as Lo, GetStorageStatsData as Lr, CreateFilterErrors as Lt, downloadAttachments as M, StartCliLoginData as Ma, ListSentEmailsErrors as Mi, DeliverySummary as Mn, VerifyDomainErrors as Mo, GetSentEmailData as Mr, CreateEndpointInput as Mt, downloadRawEmail as N, StartCliLoginError as Na, ListSentEmailsResponse as Ni, DiscardContentResult as Nn, VerifyDomainResponse as No, GetSentEmailError as Nr, CreateEndpointResponse as Nt, deleteFilter as O, SetFunctionSecretErrors as Oa, ListFunctionsResponse as Oi, DeleteFunctionSecretErrors as On, UpdateFunctionResponses as Oo, GetSendPermissionsError as Or, ClientOptions as Ot, getAccount as P, StartCliLoginErrors as Pa, ListSentEmailsResponses as Pi, DiscardEmailContentData as Pn, VerifyDomainResponses as Po, GetSentEmailErrors as Pr, CreateEndpointResponses as Pt, replyToEmail as Q, UnverifiedDomain as Qa, ReplayResult as Qi, EmailDetailReply as Qn, ListDeliveriesResponses as Qr, CreateFunctionSecretResponse as Qt, getSentEmail as R, StorageStats as Ra, PollCliLoginErrors as Ri, DiscardEmailContentResponses as Rn, Config as Ro, GetStorageStatsError as Rr, CreateFilterInput as Rt, createFilter as S, SendPermissionsMeta as Sa, ListFunctionSecretsErrors as Si, DeleteFunctionError as Sn, UpdateFilterResponses as So, GetFunctionData as Sr, CliLogoutError as St, deleteDomain as T, SentEmailSummary as Ta, ListFunctionsData as Ti, DeleteFunctionResponses as Tn, UpdateFunctionErrors as To, GetFunctionResponse as Tr, CliLogoutResponse as Tt, listEmails as U, TestEndpointResponse as Ua, ReplayDeliveryError as Ui, DownloadAttachmentsErrors as Un, ResponseStyle as Uo, GetWebhookSecretError as Ur, CreateFunctionErrors as Ut, listDeliveries as V, TestEndpointError as Va, PollCliLoginResponses as Vi, DownloadAttachmentsData as Vn, RequestOptions$1 as Vo, GetStorageStatsResponses as Vr, CreateFunctionData as Vt, listEndpoints as W, TestEndpointResponses as Wa, ReplayDeliveryErrors as Wi, DownloadAttachmentsResponse as Wn, Auth as Wo, GetWebhookSecretErrors as Wr, CreateFunctionInput as Wt, replayDelivery as X, TestInvocationResult as Xa, ReplayEmailWebhooksResponse as Xi, DownloadRawEmailResponses as Xn, ListDeliveriesErrors as Xr, CreateFunctionSecretErrors as Xt, pollCliLogin as Y, TestFunctionResponses as Ya, ReplayEmailWebhooksErrors as Yi, DownloadRawEmailResponse as Yn, ListDeliveriesError as Yr, CreateFunctionSecretError as Yt, replayEmailWebhooks as Z, TestResult as Za, ReplayEmailWebhooksResponses as Zi, EmailDetail as Zn, ListDeliveriesResponse as Zr, CreateFunctionSecretInput as Zt, operations as _, SendPermissionAddress as _a, ListFiltersErrors as _i, DeleteFilterError as _n, UpdateFilterData as _o, GetEmailData as _r, AddDomainResponse as _t, PrimitiveApiError as a, RotateWebhookSecretData as aa, ListEmailsError as ai, DeleteDomainResponses as an, UpdateDomainData as ao, FunctionDeployStatus as ar, updateAccount as at, cliLogout as b, SendPermissionRule as ba, ListFunctionSecretsData as bi, DeleteFilterResponses as bn, UpdateFilterInput as bo, GetEmailResponse as br, CliLoginStartResult as bt, PrimitiveClientOptions as c, RotateWebhookSecretResponse as ca, ListEmailsResponses as ci, DeleteEmailErrors as cn, UpdateDomainInput as co, FunctionSecretListItem as cr, updateFilter as ct, SendInput as d, SendEmailError as da, ListEndpointsErrors as di, DeleteEndpointData as dn, UpdateEndpointData as do, GateFix as dr, Account as dt, ReplyToEmailError as ea, ListDomainsError as ei, Cursor as en, UpdateAccountError as eo, EmailSummary as er, sendEmail as et, SendResult as f, SendEmailErrors as fa, ListEndpointsResponse as fi, DeleteEndpointError as fn, UpdateEndpointError as fo, GetAccountData as fr, AccountUpdated as ft, createPrimitiveClient as g, SendMailResult as ga, ListFiltersError as gi, DeleteFilterData as gn, UpdateEndpointResponses as go, GetAccountResponses as gr, AddDomainInput as gt, createPrimitiveApiClient as h, SendMailInput as ha, ListFiltersData as hi, DeleteEndpointResponses as hn, UpdateEndpointResponse as ho, GetAccountResponse as hr, AddDomainErrors as ht, PrimitiveApiClientOptions as i, ResourceId as ia, ListEmailsData as ii, DeleteDomainResponse as in, UpdateAccountResponses as io, Filter as ir, testFunction as it, discardEmailContent as j, SetFunctionSecretResponses as ja, ListSentEmailsError as ji, DeliveryStatus as jn, VerifyDomainError as jo, GetSendPermissionsResponses as jr, CreateEndpointErrors as jt, deleteFunction as k, SetFunctionSecretInput as ka, ListFunctionsResponses as ki, DeleteFunctionSecretResponse as kn, VerifiedDomain as ko, GetSendPermissionsErrors as kr, CreateEndpointData as kt, ReplyInput as l, RotateWebhookSecretResponses as la, ListEndpointsData as li, DeleteEmailResponse as ln, UpdateDomainResponse as lo, FunctionSecretWriteResult as lr, updateFunction as lt, client as m, SendEmailResponses as ma, ListEnvelope as mi, DeleteEndpointResponse as mn, UpdateEndpointInput as mo, GetAccountErrors as mr, AddDomainError as mt, ForwardInput as n, ReplyToEmailResponse as na, ListDomainsResponse as ni, DeleteDomainError as nn, UpdateAccountInput as no, Endpoint as nr, startCliLogin as nt, PrimitiveApiErrorDetails as o, RotateWebhookSecretError as oa, ListEmailsErrors as oi, DeleteEmailData as on, UpdateDomainError as oo, FunctionDetail as or, updateDomain as ot, SendThreadInput as p, SendEmailResponse as pa, ListEndpointsResponses as pi, DeleteEndpointErrors as pn, UpdateEndpointErrors as po, GetAccountError as pr, AddDomainData as pt, listFunctions as q, TestFunctionErrors as qa, ReplayEmailWebhooksData as qi, DownloadRawEmailError as qn, Limit as qr, CreateFunctionResult as qt, PrimitiveApiClient as r, ReplyToEmailResponses as ra, ListDomainsResponses as ri, DeleteDomainErrors as rn, UpdateAccountResponse as ro, ErrorResponse as rr, testEndpoint as rt, PrimitiveClient as s, RotateWebhookSecretErrors as sa, ListEmailsResponse as si, DeleteEmailError as sn, UpdateDomainErrors as so, FunctionListItem as sr, updateEndpoint as st, DEFAULT_BASE_URL as t, ReplyToEmailErrors as ta, ListDomainsErrors as ti, DeleteDomainData as tn, UpdateAccountErrors as to, EmailWebhookStatus as tr, setFunctionSecret as tt, RequestOptions as u, SendEmailData as ua, ListEndpointsError as ui, DeleteEmailResponses as un, UpdateDomainResponses as uo, GateDenial as ur, verifyDomain as ut, Options as v, SendPermissionAnyRecipient as va, ListFiltersResponse as vi, DeleteFilterErrors as vn, UpdateFilterError as vo, GetEmailError as vr, AddDomainResponses as vt, createFunctionSecret as w, SentEmailStatus as wa, ListFunctionSecretsResponses as wi, DeleteFunctionResponse as wn, UpdateFunctionError as wo, GetFunctionErrors as wr, CliLogoutInput as wt, createEndpoint as x, SendPermissionYourDomain as xa, ListFunctionSecretsError as xi, DeleteFunctionData as xn, UpdateFilterResponse as xo, GetEmailResponses as xr, CliLogoutData as xt, addDomain as y, SendPermissionManagedZone as ya, ListFiltersResponses as yi, DeleteFilterResponse as yn, UpdateFilterErrors as yo, GetEmailErrors as yr, CliLoginPollResult as yt, getStorageStats as z, SuccessEnvelope as za, PollCliLoginInput as zi, Domain as zn, CreateClientConfig as zo, GetStorageStatsErrors as zr, CreateFilterResponse as zt };
+export { replyToEmail as $, TestEndpointError as $a, ReplayDeliveryResponses as $i, EmailDetail as $n, RequestOptions$1 as $o, GetWebhookSecretResponses as $r, CreateFunctionSecretInput as $t, deleteFunction as A, SendPermissionAnyRecipient as Aa, ListFunctionSecretsResponse as Ai, DeleteFunctionSecretErrors as An, UpdateFilterError as Ao, GetFunctionError as Ar, ClientOptions as At, getStorageStats as B, SetFunctionSecretErrors as Ba, ListSentEmailsResponse as Bi, DiscardEmailContentResponses as Bn, UpdateFunctionResponses as Bo, GetSentEmailError as Br, CreateFilterInput as Bt, createFilter as C, SendEmailError as Ca, ListFiltersError as Ci, DeleteFunctionData as Cn, UpdateEndpointData as Co, GetAccountResponses as Cr, CliLogoutData as Ct, deleteEmail as D, SendMailInput as Da, ListFunctionSecretsData as Di, DeleteFunctionResponses as Dn, UpdateEndpointResponse as Do, GetEmailResponse as Dr, CliLogoutResponse as Dt, deleteDomain as E, SendEmailResponses as Ea, ListFiltersResponses as Ei, DeleteFunctionResponse as En, UpdateEndpointInput as Eo, GetEmailErrors as Er, CliLogoutInput as Et, getAccount as F, SentEmailDetail as Fa, ListFunctionsResponse as Fi, DiscardContentResult as Fn, UpdateFunctionData as Fo, GetSendPermissionsError as Fr, CreateEndpointResponse as Ft, listEndpoints as G, StartCliLoginError as Ga, PollCliLoginErrors as Gi, DownloadAttachmentsErrors as Gn, VerifyDomainResponse as Go, GetStorageStatsError as Gr, CreateFunctionErrors as Gt, listDeliveries as H, SetFunctionSecretResponse as Ha, PaginationMeta as Hi, DomainVerifyResult as Hn, VerifyDomainData as Ho, GetSentEmailResponse as Hr, CreateFilterResponses as Ht, getEmail as I, SentEmailStatus as Ia, ListFunctionsResponses as Ii, DiscardEmailContentData as In, UpdateFunctionError as Io, GetSendPermissionsErrors as Ir, CreateEndpointResponses as It, listFunctions as J, StartCliLoginResponse as Ja, PollCliLoginResponses as Ji, DownloadRawEmailData as Jn, Client as Jo, GetStorageStatsResponses as Jr, CreateFunctionResponses as Jt, listFilters as K, StartCliLoginErrors as Ka, PollCliLoginInput as Ki, DownloadAttachmentsResponse as Kn, VerifyDomainResponses as Ko, GetStorageStatsErrors as Kr, CreateFunctionInput as Kt, getFunction as L, SentEmailSummary as La, ListSentEmailsData as Li, DiscardEmailContentError as Ln, UpdateFunctionErrors as Lo, GetSendPermissionsResponse as Lr, CreateFilterData as Lt, discardEmailContent as M, SendPermissionRule as Ma, ListFunctionsData as Mi, DeleteFunctionSecretResponses as Mn, UpdateFilterInput as Mo, GetFunctionResponse as Mr, CreateEndpointError as Mt, downloadAttachments as N, SendPermissionYourDomain as Na, ListFunctionsError as Ni, DeliveryStatus as Nn, UpdateFilterResponse as No, GetFunctionResponses as Nr, CreateEndpointErrors as Nt, deleteEndpoint as O, SendMailResult as Oa, ListFunctionSecretsError as Oi, DeleteFunctionSecretData as On, UpdateEndpointResponses as Oo, GetEmailResponses as Or, CliLogoutResponses as Ot, downloadRawEmail as P, SendPermissionsMeta as Pa, ListFunctionsErrors as Pi, DeliverySummary as Pn, UpdateFilterResponses as Po, GetSendPermissionsData as Pr, CreateEndpointInput as Pt, replayEmailWebhooks as Q, TestEndpointData as Qa, ReplayDeliveryResponse as Qi, DownloadRawEmailResponses as Qn, Options$1 as Qo, GetWebhookSecretResponse as Qr, CreateFunctionSecretErrors as Qt, getSendPermissions as R, SetFunctionSecretData as Ra, ListSentEmailsError as Ri, DiscardEmailContentErrors as Rn, UpdateFunctionInput as Ro, GetSendPermissionsResponses as Rr, CreateFilterError as Rt, createEndpoint as S, SendEmailData as Sa, ListFiltersData as Si, DeleteFilterResponses as Sn, UpdateDomainResponses as So, GetAccountResponse as Sr, CliLoginStartResult as St, createFunctionSecret as T, SendEmailResponse as Ta, ListFiltersResponse as Ti, DeleteFunctionErrors as Tn, UpdateEndpointErrors as To, GetEmailError as Tr, CliLogoutErrors as Tt, listDomains as U, SetFunctionSecretResponses as Ua, PollCliLoginData as Ui, DownloadAttachmentsData as Un, VerifyDomainError as Uo, GetSentEmailResponses as Ur, CreateFunctionData as Ut, getWebhookSecret as V, SetFunctionSecretInput as Va, ListSentEmailsResponses as Vi, Domain as Vn, VerifiedDomain as Vo, GetSentEmailErrors as Vr, CreateFilterResponse as Vt, listEmails as W, StartCliLoginData as Wa, PollCliLoginError as Wi, DownloadAttachmentsError as Wn, VerifyDomainErrors as Wo, GetStorageStatsData as Wr, CreateFunctionError as Wt, pollCliLogin as X, StorageStats as Xa, ReplayDeliveryError as Xi, DownloadRawEmailErrors as Xn, Config as Xo, GetWebhookSecretError as Xr, CreateFunctionSecretData as Xt, listSentEmails as Y, StartCliLoginResponses as Ya, ReplayDeliveryData as Yi, DownloadRawEmailError as Yn, ClientOptions$1 as Yo, GetWebhookSecretData as Yr, CreateFunctionResult as Yt, replayDelivery as Z, SuccessEnvelope as Za, ReplayDeliveryErrors as Zi, DownloadRawEmailResponse as Zn, CreateClientConfig as Zo, GetWebhookSecretErrors as Zr, CreateFunctionSecretError as Zt, createPrimitiveClient as _, SearchEmailsData as _a, ListEndpointsError as _i, DeleteEndpointResponses as _n, UpdateDomainData as _o, GateDenial as _r, AddDomainErrors as _t, PrimitiveApiClientOptions as a, ReplayResult as aa, ListDeliveriesResponses as ai, DeleteDomainErrors as an, TestFunctionErrors as ao, EmailSearchResult as ar, testEndpoint as at, addDomain as b, SearchEmailsResponse as ba, ListEndpointsResponses as bi, DeleteFilterErrors as bn, UpdateDomainInput as bo, GetAccountError as br, AddDomainResponses as bt, PrimitiveClient as c, ReplyToEmailErrors as ca, ListDomainsErrors as ci, DeleteEmailData as cn, TestInvocationResult as co, EmailWebhookStatus as cr, updateDomain as ct, RequestOptions as d, ResourceId as da, ListEmailsData as di, DeleteEmailResponse as dn, UpdateAccountData as do, Filter as dr, updateFunction as dt, ReplayEmailWebhooksData as ea, Limit as ei, CreateFunctionSecretResponse as en, TestEndpointErrors as eo, EmailDetailReply as er, RequestResult as es, rotateWebhookSecret as et, SendInput as f, RotateWebhookSecretData as fa, ListEmailsError as fi, DeleteEmailResponses as fn, UpdateAccountError as fo, FunctionDeployStatus as fr, verifyDomain as ft, createPrimitiveApiClient as g, RotateWebhookSecretResponses as ga, ListEndpointsData as gi, DeleteEndpointResponse as gn, UpdateAccountResponses as go, FunctionSecretWriteResult as gr, AddDomainError as gt, client as h, RotateWebhookSecretResponse as ha, ListEmailsResponses as hi, DeleteEndpointErrors as hn, UpdateAccountResponse as ho, FunctionSecretListItem as hr, AddDomainData as ht, PrimitiveApiClient as i, ReplayEmailWebhooksResponses as ia, ListDeliveriesResponse as ii, DeleteDomainError as in, TestFunctionError as io, EmailSearchMeta as ir, startCliLogin as it, deleteFunctionSecret as j, SendPermissionManagedZone as ja, ListFunctionSecretsResponses as ji, DeleteFunctionSecretResponse as jn, UpdateFilterErrors as jo, GetFunctionErrors as jr, CreateEndpointData as jt, deleteFilter as k, SendPermissionAddress as ka, ListFunctionSecretsErrors as ki, DeleteFunctionSecretError as kn, UpdateFilterData as ko, GetFunctionData as kr, CliLogoutResult as kt, PrimitiveClientOptions as l, ReplyToEmailResponse as la, ListDomainsResponse as li, DeleteEmailError as ln, TestResult as lo, Endpoint as lr, updateEndpoint as lt, SendThreadInput as m, RotateWebhookSecretErrors as ma, ListEmailsResponse as mi, DeleteEndpointError as mn, UpdateAccountInput as mo, FunctionListItem as mr, AccountUpdated as mt, DEFAULT_API_BASE_URL_2 as n, ReplayEmailWebhooksErrors as na, ListDeliveriesError as ni, Cursor as nn, TestEndpointResponses as no, EmailSearchFacets as nr, Auth as ns, sendEmail as nt, PrimitiveApiError as o, ReplyToEmailData as oa, ListDomainsData as oi, DeleteDomainResponse as on, TestFunctionResponse as oo, EmailStatus as or, testFunction as ot, SendResult as p, RotateWebhookSecretError as pa, ListEmailsErrors as pi, DeleteEndpointData as pn, UpdateAccountErrors as po, FunctionDetail as pr, Account as pt, listFunctionSecrets as q, StartCliLoginInput as qa, PollCliLoginResponse as qi, DownloadAttachmentsResponses as qn, WebhookSecret as qo, GetStorageStatsResponse as qr, CreateFunctionResponse as qt, ForwardInput as r, ReplayEmailWebhooksResponse as ra, ListDeliveriesErrors as ri, DeleteDomainData as rn, TestFunctionData as ro, EmailSearchHighlights as rr, setFunctionSecret as rt, PrimitiveApiErrorDetails as s, ReplyToEmailError as sa, ListDomainsError as si, DeleteDomainResponses as sn, TestFunctionResponses as so, EmailSummary as sr, updateAccount as st, DEFAULT_API_BASE_URL_1 as t, ReplayEmailWebhooksError as ta, ListDeliveriesData as ti, CreateFunctionSecretResponses as tn, TestEndpointResponse as to, EmailSearchFacetBucket as tr, ResponseStyle as ts, searchEmails as tt, ReplyInput as u, ReplyToEmailResponses as ua, ListDomainsResponses as ui, DeleteEmailErrors as un, UnverifiedDomain as uo, ErrorResponse as ur, updateFilter as ut, operations as v, SearchEmailsError as va, ListEndpointsErrors as vi, DeleteFilterData as vn, UpdateDomainError as vo, GateFix as vr, AddDomainInput as vt, createFunction as w, SendEmailErrors as wa, ListFiltersErrors as wi, DeleteFunctionError as wn, UpdateEndpointError as wo, GetEmailData as wr, CliLogoutError as wt, cliLogout as x, SearchEmailsResponses as xa, ListEnvelope as xi, DeleteFilterResponse as xn, UpdateDomainResponse as xo, GetAccountErrors as xr, CliLoginPollResult as xt, Options as y, SearchEmailsErrors as ya, ListEndpointsResponse as yi, DeleteFilterError as yn, UpdateDomainErrors as yo, GetAccountData as yr, AddDomainResponse as yt, getSentEmail as z, SetFunctionSecretError as za, ListSentEmailsErrors as zi, DiscardEmailContentResponse as zn, UpdateFunctionResponse as zo, GetSentEmailData as zr, CreateFilterErrors as zt };

package/dist/index.d.ts

@@ -1,6 +1,6 @@
 import { A as UnknownEvent, C as ParsedDataFailed, D as RawContentDownloadOnly, E as RawContent, M as WebhookAttachment, N as WebhookEvent, O as RawContentInline, S as ParsedDataComplete, T as ParsedStatus, _ as ForwardResultInline, a as DmarcPolicy, b as KnownWebhookEvent, c as EmailAnalysis, d as EventType, f as ForwardAnalysis, g as ForwardResultAttachmentSkipped, h as ForwardResultAttachmentAnalyzed, i as DkimSignature, j as ValidateEmailAuthResult, k as SpfResult, l as EmailAuth, m as ForwardResult, n as AuthVerdict, o as DmarcResult, p as ForwardOriginalSender, r as DkimResult, s as EmailAddress, t as AuthConfidence, u as EmailReceivedEvent, v as ForwardVerdict, w as ParsedError, x as ParsedData, y as ForwardVerification } from "./types-9vXGZjPd.js";
 import { a as buildReplySubject, c as parseHeaderAddress, i as buildForwardSubject, n as ReceivedEmailAddress, o as formatAddress, r as ReceivedEmailThread, s as normalizeReceivedEmail, t as ReceivedEmail } from "./received-email-DNjpq_Wt.js";
-import { a as PrimitiveApiError, c as PrimitiveClientOptions, d as SendInput, f as SendResult, g as createPrimitiveClient, l as ReplyInput, m as client, n as ForwardInput, p as SendThreadInput, s as PrimitiveClient } from "./index-C6ObsYjq.js";
+import { _ as createPrimitiveClient, c as PrimitiveClient, f as SendInput, h as client, l as PrimitiveClientOptions, m as SendThreadInput, o as PrimitiveApiError, p as SendResult, r as ForwardInput, u as ReplyInput } from "./index-QTYQpSFt.js";
 import { A as VerifyOptions, B as PAYLOAD_ERRORS, C as signStandardWebhooksPayload, D as PRIMITIVE_CONFIRMED_HEADER, E as LEGACY_SIGNATURE_HEADER, F as VerifyDownloadTokenResult, G as VERIFICATION_ERRORS, H as RAW_EMAIL_ERRORS, I as generateDownloadToken, J as WebhookPayloadErrorCode, K as WebhookErrorCode, L as verifyDownloadToken, M as verifyWebhookSignature, N as GenerateDownloadTokenOptions, O as PRIMITIVE_SIGNATURE_HEADER, P as VerifyDownloadTokenOptions, Q as WebhookVerificationErrorCode, R as safeValidateEmailReceivedEvent, S as StandardWebhooksVerifyOptions, T as LEGACY_CONFIRMED_HEADER, U as RawEmailDecodeError, V as PrimitiveWebhookError, W as RawEmailDecodeErrorCode, X as WebhookValidationErrorCode, Y as WebhookValidationError, Z as WebhookVerificationError, _ as emailReceivedEventJsonSchema, a as confirmedHeaders, b as STANDARD_WEBHOOK_TIMESTAMP_HEADER, c as handleWebhook, d as isRawIncluded, f as parseWebhookEvent, g as validateEmailAuth, h as WEBHOOK_VERSION, i as WebhookHeaders, j as signWebhookPayload, k as SignResult, l as isDownloadExpired, m as verifyRawEmailDownload, n as HandleWebhookOptions, o as decodeRawEmail, p as receive, q as WebhookPayloadError, r as ReceiveRequestOptions, s as getDownloadTimeRemaining, t as DecodeRawEmailOptions, u as isEmailReceivedEvent, v as STANDARD_WEBHOOK_ID_HEADER, w as verifyStandardWebhooksSignature, x as StandardWebhooksSignResult, y as STANDARD_WEBHOOK_SIGNATURE_HEADER, z as validateEmailReceivedEvent } from "./index-CDlwyxdp.js";
 
 //#region src/index.d.ts

package/dist/index.js

@@ -1,5 +1,5 @@
 import { a as parseHeaderAddress, i as normalizeReceivedEmail, n as buildReplySubject, r as formatAddress, t as buildForwardSubject } from "./received-email-D6tKtWwW.js";
-import { a as client, i as PrimitiveClient, r as PrimitiveApiError, s as createPrimitiveClient } from "./api-DNF21MDo.js";
+import { a as PrimitiveClient, c as createPrimitiveClient, i as PrimitiveApiError, o as client } from "./api-BjzvA2Fy.js";
 import { A as PRIMITIVE_CONFIRMED_HEADER, B as RAW_EMAIL_ERRORS, C as STANDARD_WEBHOOK_ID_HEADER, D as verifyStandardWebhooksSignature, E as signStandardWebhooksPayload, F as verifyDownloadToken, G as WebhookVerificationError, H as VERIFICATION_ERRORS, I as safeValidateEmailReceivedEvent, L as validateEmailReceivedEvent, M as signWebhookPayload, N as verifyWebhookSignature, O as LEGACY_CONFIRMED_HEADER, P as generateDownloadToken, R as PAYLOAD_ERRORS, S as emailReceivedEventJsonSchema, T as STANDARD_WEBHOOK_TIMESTAMP_HEADER, U as WebhookPayloadError, V as RawEmailDecodeError, W as WebhookValidationError, _ as DmarcResult, a as isDownloadExpired, b as ParsedStatus, c as parseWebhookEvent, d as WEBHOOK_VERSION, f as validateEmailAuth, g as DmarcPolicy, h as DkimResult, i as handleWebhook, j as PRIMITIVE_SIGNATURE_HEADER, k as LEGACY_SIGNATURE_HEADER, l as receive, m as AuthVerdict, n as decodeRawEmail, o as isEmailReceivedEvent, p as AuthConfidence, r as getDownloadTimeRemaining, s as isRawIncluded, t as confirmedHeaders, u as verifyRawEmailDownload, v as EventType, w as STANDARD_WEBHOOK_SIGNATURE_HEADER, x as SpfResult, y as ForwardVerdict, z as PrimitiveWebhookError } from "./webhook-rUjGV6Zu.js";
 //#region src/index.ts
 const primitive = {

package/dist/oclif/api-command.js

@@ -333,9 +333,12 @@ export function removeStaleSavedCredentialOnUnauthorized(params) {
     }
     const baseUrlDiffersFromSaved = params.baseUrlOverridden &&
         params.auth.credentials !== null &&
-        params.auth.baseUrl !== params.auth.credentials.base_url;
+        params.auth.apiBaseUrl1 !== params.auth.credentials.api_base_url_1;
     if (baseUrlDiffersFromSaved) {
-        process.stderr.write("Saved Primitive CLI credentials were rejected by the overridden API base URL. The local credential was not removed; check --base-url / PRIMITIVE_API_URL, or run `primitive logout` to remove it.\n");
+        // Override env vars (PRIMITIVE_API_BASE_URL_1 / _2) are intentionally
+        // not advertised in --help; this hint is the only customer-visible
+        // mention. They're for internal staging/local testing.
+        process.stderr.write("Saved Primitive CLI credentials were rejected by the overridden API base URL. The local credential was not removed; unset PRIMITIVE_API_BASE_URL_1, or run `primitive logout` to remove the stored credential.\n");
         return false;
     }
     deleteCliCredentials(params.configDir);
@@ -381,10 +384,45 @@ export async function runWithTiming(enabled, fn) {
 // own static flags. Lives here so the flag's description and short
 // name stay consistent across the hand-coded and generated commands.
 export const TIME_FLAG_DESCRIPTION = "Print the wall-clock duration of this command to stderr after it completes (e.g. `[time: 1.34s]`). Useful for measuring `--wait` send latency, comparing CLI overhead, or capturing timing in scripts.";
+// Shared description text for the api-base-url override flags. Keeps
+// the wording identical across every command that includes them. The
+// flags themselves are hidden from --help (internal staging/local-only).
+export const API_BASE_URL_1_FLAG_DESCRIPTION = "Override the primary API base URL. Internal testing only; not documented to customers.";
+export const API_BASE_URL_2_FLAG_DESCRIPTION = "Override the attachments-supporting send host base URL. Internal testing only; not documented to customers.";
+// Helper: was either api-base-url override set by the caller? Used by
+// removeStaleSavedCredentialOnUnauthorized to decide whether to
+// preserve the saved credential when a 401 comes back.
+export function baseUrlOverriddenFromFlags(flags) {
+    return (typeof flags["api-base-url-1"] === "string" ||
+        typeof flags["api-base-url-2"] === "string");
+}
+// Helper: resolve auth from a parsed-flags bag. Mirrors what every CLI
+// command does inline so the api-base-url-1 / api-base-url-2 mapping
+// stays in one place as we add more migration knobs.
+export function resolveCliAuthFromFlags(flags, configDir) {
+    return resolveCliAuth({
+        apiKey: typeof flags["api-key"] === "string"
+            ? flags["api-key"]
+            : undefined,
+        apiBaseUrl1: typeof flags["api-base-url-1"] === "string"
+            ? flags["api-base-url-1"]
+            : undefined,
+        apiBaseUrl2: typeof flags["api-base-url-2"] === "string"
+            ? flags["api-base-url-2"]
+            : undefined,
+        configDir,
+    });
+}
+// Operations that route to the attachments-supporting host
+// (apiBaseUrl2) instead of the primary API host. Internal to the CLI:
+// as more operations migrate to host 2 over time, add their generated
+// sdkName here. Today it is just /send-mail.
+const HOST_2_OPERATIONS = new Set(["sendEmail"]);
 // Reserved flag names the body-field expander must never overwrite.
 // `--raw-body` and `--body-file` are the JSON escape hatches.
-// `--api-key`, `--base-url`, `--output` are infra. Path and query
-// params get added before body fields and take precedence.
+// `--api-key`, `--api-base-url-1`, `--api-base-url-2`, `--output` are
+// infra. Path and query params get added before body fields and take
+// precedence.
 //
 // Note: `--body` is intentionally NOT reserved here. The naive
 // agent expectation (per AGX walkthrough) is that --body means
@@ -399,7 +437,8 @@ export const TIME_FLAG_DESCRIPTION = "Print the wall-clock duration of this comm
 // send` defines its own --body for the message text.
 const RESERVED_FLAG_NAMES = new Set([
     "api-key",
-    "base-url",
+    "api-base-url-1",
+    "api-base-url-2",
     "raw-body",
     "body-file",
     "output",
@@ -438,9 +477,20 @@ function buildFlags(operation) {
             description: "Primitive API key (defaults to PRIMITIVE_API_KEY or saved `primitive login` credentials)",
             env: "PRIMITIVE_API_KEY",
         }),
-        "base-url": Flags.string({
-            description: "API base URL (defaults to PRIMITIVE_API_URL or production)",
-            env: "PRIMITIVE_API_URL",
+        // Two override knobs for the dual-host setup. Hidden because they
+        // are for internal staging/local testing only. Production users
+        // should not override; the defaults route correctly. Env vars
+        // PRIMITIVE_API_BASE_URL_1 and PRIMITIVE_API_BASE_URL_2 carry the
+        // same semantics. Both are intentionally absent from --help output.
+        "api-base-url-1": Flags.string({
+            description: "Override the primary API base URL. Internal testing only; not documented to customers.",
+            env: "PRIMITIVE_API_BASE_URL_1",
+            hidden: true,
+        }),
+        "api-base-url-2": Flags.string({
+            description: "Override the attachments-supporting send host base URL. Internal testing only; not documented to customers.",
+            env: "PRIMITIVE_API_BASE_URL_2",
+            hidden: true,
         }),
         time: Flags.boolean({
             description: TIME_FLAG_DESCRIPTION,
@@ -543,19 +593,24 @@ export function createOperationCommand(operation) {
             const { flags } = await this.parse(OperationCommand);
             const parsedFlags = flags;
             await runWithTiming(parsedFlags.time === true, async () => {
-                const baseUrlOverridden = typeof parsedFlags["base-url"] === "string";
+                const baseUrlOverridden = typeof parsedFlags["api-base-url-1"] === "string" ||
+                    typeof parsedFlags["api-base-url-2"] === "string";
                 const auth = resolveCliAuth({
                     apiKey: typeof parsedFlags["api-key"] === "string"
                         ? parsedFlags["api-key"]
                         : undefined,
-                    baseUrl: typeof parsedFlags["base-url"] === "string"
-                        ? parsedFlags["base-url"]
+                    apiBaseUrl1: typeof parsedFlags["api-base-url-1"] === "string"
+                        ? parsedFlags["api-base-url-1"]
+                        : undefined,
+                    apiBaseUrl2: typeof parsedFlags["api-base-url-2"] === "string"
+                        ? parsedFlags["api-base-url-2"]
                         : undefined,
                     configDir: this.config.configDir,
                 });
                 const apiClient = new PrimitiveApiClient({
                     apiKey: auth.apiKey,
-                    baseUrl: auth.baseUrl,
+                    apiBaseUrl1: auth.apiBaseUrl1,
+                    apiBaseUrl2: auth.apiBaseUrl2,
                 });
                 // Two body sources, merged: explicit JSON via --body /
                 // --body-file (the base) plus per-field flags (the
@@ -601,9 +656,15 @@ export function createOperationCommand(operation) {
                     throw new Errors.CLIError(`Operation ${operation.operationId} requires a body. Pass each field as a --flag (see --help) or supply JSON via --raw-body / --body-file.`);
                 }
                 const operationFn = operations[operation.sdkName];
+                // Operations in HOST_2_OPERATIONS route to the attachments-
+                // supporting send host (apiBaseUrl2). Today that's only
+                // sendEmail; the list grows as we migrate more endpoints.
+                const targetClient = HOST_2_OPERATIONS.has(operation.sdkName)
+                    ? apiClient._sendClient
+                    : apiClient.client;
                 const result = await operationFn({
                     body,
-                    client: apiClient.client,
+                    client: targetClient,
                     parseAs: operation.binaryResponse ? "blob" : "auto",
                     path: collectValues(operation.pathParams, parsedFlags),
                     query: collectValues(operation.queryParams, parsedFlags),

package/dist/oclif/auth.js

@@ -1,7 +1,7 @@
 import { randomUUID } from "node:crypto";
 import { chmodSync, mkdirSync, readFileSync, renameSync, rmSync, statSync, writeFileSync, } from "node:fs";
 import { join } from "node:path";
-import { DEFAULT_BASE_URL } from "../api/index.js";
+import { DEFAULT_API_BASE_URL_1, DEFAULT_API_BASE_URL_2, } from "../api/index.js";
 const CREDENTIALS_FILE = "credentials.json";
 const CREDENTIALS_LOCK_DIR = "credentials.lock";
 const CREDENTIALS_LOCK_STALE_MS = 30 * 60 * 1000;
@@ -16,10 +16,34 @@ function requireString(value, key) {
     }
     return raw;
 }
+/**
+ * Sentinel returned by parseCredentials when the on-disk credentials
+ * were written by a pre-dual-host CLI version (i.e. they have
+ * `base_url` instead of `api_base_url_1`). The caller treats this as
+ * "no saved credentials" after auto-cleaning the stale file. Defined
+ * as a class-tagged error so loadCliCredentials can distinguish it
+ * from a genuine malformed-credentials error.
+ */
+class StaleCredentialFormatError extends Error {
+    constructor() {
+        super("stale_credential_format");
+        this.name = "StaleCredentialFormatError";
+    }
+}
 function parseCredentials(raw) {
     if (!isRecord(raw)) {
         throw new Error(`Stored Primitive CLI credentials are malformed: expected a JSON object. ${MALFORMED_CREDENTIALS_HINT}`);
     }
+    // Stored credentials from an older CLI version used the field name
+    // `base_url`; the dual-host rename moved this to `api_base_url_1`.
+    // Detect the old shape specifically so loadCliCredentials can wipe
+    // the stale file and emit a clear "you've been logged out" notice
+    // instead of every command hard-failing with a generic "malformed"
+    // error that doesn't surface the actual fix (re-login).
+    if (typeof raw.api_base_url_1 !== "string" &&
+        typeof raw.base_url === "string") {
+        throw new StaleCredentialFormatError();
+    }
     const orgName = raw.org_name;
     if (orgName !== null && typeof orgName !== "string") {
         throw new Error(`Stored Primitive CLI credentials are malformed: org_name must be a string or null. ${MALFORMED_CREDENTIALS_HINT}`);
@@ -30,19 +54,25 @@ function parseCredentials(raw) {
         key_prefix: requireString(raw, "key_prefix"),
         org_id: requireString(raw, "org_id"),
         org_name: orgName,
-        base_url: requireString(raw, "base_url"),
+        api_base_url_1: requireString(raw, "api_base_url_1"),
         created_at: requireString(raw, "created_at"),
     };
 }
 export function credentialsPath(configDir) {
     return join(configDir, CREDENTIALS_FILE);
 }
-export function normalizeBaseUrl(baseUrl) {
-    const trimmed = baseUrl?.trim();
+function normalize(url, fallback) {
+    const trimmed = url?.trim();
     if (!trimmed)
-        return DEFAULT_BASE_URL;
+        return fallback;
     return trimmed.replace(/\/+$/, "");
 }
+export function normalizeApiBaseUrl1(url) {
+    return normalize(url, DEFAULT_API_BASE_URL_1);
+}
+export function normalizeApiBaseUrl2(url) {
+    return normalize(url, DEFAULT_API_BASE_URL_2);
+}
 export function loadCliCredentials(configDir) {
     const path = credentialsPath(configDir);
     let contents;
@@ -62,6 +92,24 @@ export function loadCliCredentials(configDir) {
         return parseCredentials(JSON.parse(contents));
     }
     catch (error) {
+        if (error instanceof StaleCredentialFormatError) {
+            // Saved credentials were written by a pre-dual-host CLI version.
+            // The format is incompatible (base_url vs api_base_url_1) and
+            // cannot be recovered. Clear the file so the caller sees "no
+            // saved credentials" and emit a one-shot notice telling the
+            // user they need to log back in. Idempotent: once the file is
+            // gone, this branch never fires again.
+            try {
+                rmSync(path, { force: true });
+            }
+            catch {
+                // Best-effort cleanup; if the unlink fails (permissions,
+                // racing process), the next CLI invocation will hit this
+                // path again and try once more.
+            }
+            process.stderr.write("You've been logged out: your saved Primitive CLI credentials were created by an older CLI version and are no longer compatible. Run `primitive login` to re-authenticate.\n");
+            return null;
+        }
         if (error instanceof SyntaxError) {
             throw new Error("Stored Primitive CLI credentials are not valid JSON. Run `primitive logout` and then `primitive login`.");
         }
@@ -140,10 +188,15 @@ export function acquireCliCredentialsLock(configDir, options = {}) {
 }
 export function resolveCliAuth(params) {
     const apiKey = params.apiKey?.trim();
+    // Host 2 (api_base_url_2) is never stored; either set by env/flag or
+    // falls back to the production default. The login flow only deals
+    // with host 1.
+    const apiBaseUrl2 = normalizeApiBaseUrl2(params.apiBaseUrl2);
     if (apiKey) {
         return {
             apiKey,
-            baseUrl: normalizeBaseUrl(params.baseUrl),
+            apiBaseUrl1: normalizeApiBaseUrl1(params.apiBaseUrl1),
+            apiBaseUrl2,
             credentials: null,
             source: "flag-or-env",
         };
@@ -152,16 +205,18 @@ export function resolveCliAuth(params) {
     if (credentials) {
         return {
             apiKey: credentials.api_key,
-            baseUrl: params.baseUrl
-                ? normalizeBaseUrl(params.baseUrl)
-                : credentials.base_url,
+            apiBaseUrl1: params.apiBaseUrl1
+                ? normalizeApiBaseUrl1(params.apiBaseUrl1)
+                : credentials.api_base_url_1,
+            apiBaseUrl2,
             credentials,
             source: "stored",
         };
     }
     return {
         apiKey: undefined,
-        baseUrl: normalizeBaseUrl(params.baseUrl),
+        apiBaseUrl1: normalizeApiBaseUrl1(params.apiBaseUrl1),
+        apiBaseUrl2,
         credentials: null,
         source: "none",
     };