@primitivedotdev/sdk 0.20.0 → 0.21.0

package/dist/oclif/commands/emails-latest.js

@@ -80,6 +80,9 @@ export function formatRow(email, idWidth) {
     const subjectCol = truncate(subject, SUBJECT_DISPLAY_WIDTH);
     return `${id}  ${received}  ${from}  ${to}  ${subjectCol}`;
 }
+export function formatHeader(idWidth) {
+    return `${"ID".padEnd(idWidth)}  ${"RECEIVED (UTC)".padEnd(RECEIVED_DISPLAY_WIDTH)}  ${"FROM".padEnd(ADDRESS_DISPLAY_WIDTH)}  ${"TO".padEnd(ADDRESS_DISPLAY_WIDTH)}  SUBJECT`;
+}
 class EmailsLatestCommand extends Command {
     static description = `Print the N most recent inbound emails as a one-line-per-row text table. Designed for quick triage and visual scanning. For programmatic access, use \`primitive emails:list-emails\` (full JSON envelope, cursor pagination, filters) or pass \`--json\` here for the same raw shape without pagination/filters.
 
@@ -88,19 +91,25 @@ class EmailsLatestCommand extends Command {
   Output streams: the column header line is written to STDERR so the row data on STDOUT stays grep/awk-friendly. \`--json\` writes everything (including the envelope) to STDOUT and is equivalent to running \`emails:list-emails --limit N\` for the same N.`;
     static summary = "Show the most recent inbound emails as a compact table";
     static examples = [
-        "<%= config.bin %> emails:latest",
-        "<%= config.bin %> emails:latest --limit 25",
-        "<%= config.bin %> emails:latest | head -1 | awk '{print $1}'  # full UUID since piped",
-        "<%= config.bin %> emails:latest --json | jq '.data[0].id'",
+        "<%= config.bin %> emails latest",
+        "<%= config.bin %> emails latest --limit 25",
+        "<%= config.bin %> emails latest | head -1 | awk '{print $1}'  # full UUID since piped",
+        "<%= config.bin %> emails latest --json | jq '.data[0].id'",
     ];
     static flags = {
         "api-key": Flags.string({
             description: "Primitive API key (defaults to PRIMITIVE_API_KEY or saved `primitive login` credentials)",
             env: "PRIMITIVE_API_KEY",
         }),
-        "base-url": Flags.string({
-            description: "API base URL (defaults to PRIMITIVE_API_URL or production)",
-            env: "PRIMITIVE_API_URL",
+        "api-base-url-1": Flags.string({
+            description: "Override the primary API base URL. Internal testing only; not documented to customers.",
+            env: "PRIMITIVE_API_BASE_URL_1",
+            hidden: true,
+        }),
+        "api-base-url-2": Flags.string({
+            description: "Override the attachments-supporting send host base URL. Internal testing only; not documented to customers.",
+            env: "PRIMITIVE_API_BASE_URL_2",
+            hidden: true,
         }),
         limit: Flags.integer({
             description: `Number of rows to print (1-${MAX_LIMIT}, default ${DEFAULT_LIMIT}).`,
@@ -121,15 +130,18 @@ class EmailsLatestCommand extends Command {
     async run() {
         const { flags } = await this.parse(EmailsLatestCommand);
         await runWithTiming(flags.time, async () => {
-            const baseUrlOverridden = flags["base-url"] !== undefined;
+            const baseUrlOverridden = flags["api-base-url-1"] !== undefined ||
+                flags["api-base-url-2"] !== undefined;
             const auth = resolveCliAuth({
                 apiKey: flags["api-key"],
-                baseUrl: flags["base-url"],
+                apiBaseUrl1: flags["api-base-url-1"],
+                apiBaseUrl2: flags["api-base-url-2"],
                 configDir: this.config.configDir,
             });
             const apiClient = new PrimitiveApiClient({
                 apiKey: auth.apiKey,
-                baseUrl: auth.baseUrl,
+                apiBaseUrl1: auth.apiBaseUrl1,
+                apiBaseUrl2: auth.apiBaseUrl2,
             });
             const result = await listEmails({
                 client: apiClient.client,
@@ -163,8 +175,7 @@ class EmailsLatestCommand extends Command {
             }
             const idWidth = pickIdWidth(Boolean(process.stdout.isTTY));
             // Header on stderr so the table itself stays grep-friendly.
-            const header = `${"ID".padEnd(idWidth)}  ${"RECEIVED (UTC)".padEnd(RECEIVED_DISPLAY_WIDTH)}  ${"FROM".padEnd(ADDRESS_DISPLAY_WIDTH)}  ${"TO".padEnd(ADDRESS_DISPLAY_WIDTH)}  SUBJECT`;
-            process.stderr.write(`${header}\n`);
+            process.stderr.write(`${formatHeader(idWidth)}\n`);
             for (const row of rows) {
                 this.log(formatRow(row, idWidth));
             }

package/dist/oclif/commands/emails-poll.js

@@ -0,0 +1,121 @@
+import { searchEmails } from "../../api/generated/sdk.gen.js";
+export const DEFAULT_EMAIL_POLL_INTERVAL_SECONDS = 2;
+export const DEFAULT_EMAIL_POLL_PAGE_SIZE = 50;
+export const MAX_EMAIL_POLL_PAGE_SIZE = 100;
+function quoteDslValue(value) {
+    if (/^[^\s"]+$/.test(value))
+        return value;
+    return `"${value.replace(/\\/g, "\\\\").replace(/"/g, '\\"')}"`;
+}
+function combineQ(q, domain) {
+    const parts = [
+        q?.trim(),
+        domain ? `domain:${quoteDslValue(domain.trim())}` : undefined,
+    ].filter((part) => Boolean(part));
+    return parts.length > 0 ? parts.join(" ") : undefined;
+}
+export function normalizeIsoDate(value, label) {
+    const parsed = new Date(value);
+    if (Number.isNaN(parsed.getTime())) {
+        throw new Error(`${label} must be a valid date or ISO-8601 timestamp.`);
+    }
+    return parsed.toISOString();
+}
+export function filtersFromFlags(flags) {
+    return {
+        body: flags.body,
+        domain: flags.domain,
+        domainId: flags["domain-id"],
+        from: flags.from,
+        hasAttachment: flags["has-attachment"],
+        q: flags.q,
+        spamScoreGte: flags["spam-score-gte"],
+        spamScoreLt: flags["spam-score-lt"],
+        subject: flags.subject,
+        to: flags.to,
+    };
+}
+export function sinceFromFlags(flags) {
+    if (flags.since)
+        return normalizeIsoDate(flags.since, "--since");
+    return flags["include-existing"] ? undefined : new Date().toISOString();
+}
+export function buildEmailSearchQuery(params) {
+    const query = {
+        include_facets: "false",
+        limit: params.pageSize,
+        snippet: "false",
+        sort: "received_at_asc",
+    };
+    const q = combineQ(params.filters.q, params.filters.domain);
+    if (q)
+        query.q = q;
+    if (params.filters.body)
+        query.body = params.filters.body;
+    if (params.filters.domainId)
+        query.domain_id = params.filters.domainId;
+    if (params.filters.from)
+        query.from = params.filters.from;
+    if (params.filters.hasAttachment !== undefined) {
+        query.has_attachment = params.filters.hasAttachment ? "true" : "false";
+    }
+    if (params.filters.spamScoreGte !== undefined) {
+        query.spam_score_gte = params.filters.spamScoreGte;
+    }
+    if (params.filters.spamScoreLt !== undefined) {
+        query.spam_score_lt = params.filters.spamScoreLt;
+    }
+    if (params.filters.subject)
+        query.subject = params.filters.subject;
+    if (params.filters.to)
+        query.to = params.filters.to;
+    if (params.since)
+        query.date_from = params.since;
+    if (params.cursor)
+        query.cursor = params.cursor;
+    return query;
+}
+export function encodeReceivedAtSearchCursor(email) {
+    const raw = `r|${new Date(email.received_at).toISOString()}|${email.id}`;
+    return Buffer.from(raw, "utf8").toString("base64url");
+}
+export function cursorFromRows(rows) {
+    const last = rows.at(-1);
+    return last ? encodeReceivedAtSearchCursor(last) : null;
+}
+export function collectNewAcceptedEmails(rows, seenIds) {
+    const fresh = [];
+    for (const row of rows) {
+        if (row.status !== "accepted" && row.status !== "completed")
+            continue;
+        if (seenIds.has(row.id))
+            continue;
+        seenIds.add(row.id);
+        fresh.push(row);
+    }
+    return fresh;
+}
+export async function fetchEmailSearchPage(params) {
+    const result = await searchEmails({
+        client: params.apiClient.client,
+        query: buildEmailSearchQuery({
+            cursor: params.cursor,
+            filters: params.filters,
+            pageSize: params.pageSize,
+            since: params.since,
+        }),
+        responseStyle: "fields",
+    });
+    if (result.error)
+        return { ok: false, error: result.error };
+    const envelope = result.data;
+    const rows = envelope?.data ?? [];
+    return {
+        ok: true,
+        cursor: envelope?.meta.cursor ?? cursorFromRows(rows),
+        rows,
+    };
+}
+export function sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+}

package/dist/oclif/commands/emails-wait.js

@@ -0,0 +1,171 @@
+import { Command, Errors, Flags } from "@oclif/core";
+import { PrimitiveApiClient } from "../../api/index.js";
+import { extractErrorPayload, removeStaleSavedCredentialOnUnauthorized, writeErrorWithHints, } from "../api-command.js";
+import { resolveCliAuth } from "../auth.js";
+import { formatHeader, formatRow, pickIdWidth } from "./emails-latest.js";
+import { collectNewAcceptedEmails, DEFAULT_EMAIL_POLL_INTERVAL_SECONDS, DEFAULT_EMAIL_POLL_PAGE_SIZE, fetchEmailSearchPage, filtersFromFlags, MAX_EMAIL_POLL_PAGE_SIZE, sinceFromFlags, sleep, } from "./emails-poll.js";
+const DEFAULT_WAIT_TIMEOUT_SECONDS = 300;
+function cliError(message) {
+    return new Errors.CLIError(message, { exit: 1 });
+}
+class EmailsWaitCommand extends Command {
+    static description = "Poll until matching inbound emails arrive, printing each match as it is found.";
+    static summary = "Wait for matching inbound emails";
+    static examples = [
+        "<%= config.bin %> emails wait --to test@example.com",
+        "<%= config.bin %> emails wait --subject verify --number 5 --timeout 120",
+        "<%= config.bin %> emails wait --q 'domain:example.com' --table",
+    ];
+    static flags = {
+        "api-key": Flags.string({
+            description: "Primitive API key (defaults to PRIMITIVE_API_KEY or saved `primitive login` credentials)",
+            env: "PRIMITIVE_API_KEY",
+        }),
+        "api-base-url-1": Flags.string({
+            description: "Override the primary API base URL. Internal testing only; not documented to customers.",
+            env: "PRIMITIVE_API_BASE_URL_1",
+            hidden: true,
+        }),
+        "api-base-url-2": Flags.string({
+            description: "Override the attachments-supporting send host base URL. Internal testing only; not documented to customers.",
+            env: "PRIMITIVE_API_BASE_URL_2",
+            hidden: true,
+        }),
+        body: Flags.string({
+            description: "Full-text body filter",
+        }),
+        domain: Flags.string({
+            description: "Filter by inbound email domain",
+        }),
+        "domain-id": Flags.string({
+            description: "Filter by domain UUID",
+        }),
+        from: Flags.string({
+            description: "Filter by sender address or domain",
+        }),
+        "has-attachment": Flags.boolean({
+            description: "Only match emails with one or more attachments",
+        }),
+        "include-existing": Flags.boolean({
+            description: "Start from existing matching emails instead of only new arrivals",
+        }),
+        interval: Flags.integer({
+            default: DEFAULT_EMAIL_POLL_INTERVAL_SECONDS,
+            description: "Seconds to wait between empty polls",
+            min: 1,
+        }),
+        number: Flags.integer({
+            char: "n",
+            default: 1,
+            description: "Exit successfully after this many matching emails",
+            min: 1,
+        }),
+        "page-size": Flags.integer({
+            default: DEFAULT_EMAIL_POLL_PAGE_SIZE,
+            description: `Emails to fetch per poll (1-${MAX_EMAIL_POLL_PAGE_SIZE})`,
+            max: MAX_EMAIL_POLL_PAGE_SIZE,
+            min: 1,
+        }),
+        q: Flags.string({
+            description: "Full-text search DSL query",
+        }),
+        since: Flags.string({
+            description: "Only match emails received on or after this date/time",
+        }),
+        "spam-score-gte": Flags.integer({
+            description: "Only match emails with spam score greater than or equal to this value",
+        }),
+        "spam-score-lt": Flags.integer({
+            description: "Only match emails with spam score below this value",
+        }),
+        subject: Flags.string({
+            description: "Full-text subject filter",
+        }),
+        table: Flags.boolean({
+            description: "Print a human-readable table instead of JSONL",
+        }),
+        timeout: Flags.integer({
+            default: DEFAULT_WAIT_TIMEOUT_SECONDS,
+            description: "Seconds to wait before exiting nonzero; 0 waits forever",
+            min: 0,
+        }),
+        to: Flags.string({
+            description: "Filter by recipient address or domain",
+        }),
+    };
+    async run() {
+        const { flags } = await this.parse(EmailsWaitCommand);
+        const baseUrlOverridden = flags["api-base-url-1"] !== undefined ||
+            flags["api-base-url-2"] !== undefined;
+        const auth = resolveCliAuth({
+            apiKey: flags["api-key"],
+            apiBaseUrl1: flags["api-base-url-1"],
+            apiBaseUrl2: flags["api-base-url-2"],
+            configDir: this.config.configDir,
+        });
+        const apiClient = new PrimitiveApiClient({
+            apiKey: auth.apiKey,
+            apiBaseUrl1: auth.apiBaseUrl1,
+            apiBaseUrl2: auth.apiBaseUrl2,
+        });
+        let since;
+        try {
+            since = sinceFromFlags(flags);
+        }
+        catch (error) {
+            throw cliError(error instanceof Error ? error.message : String(error));
+        }
+        const filters = filtersFromFlags(flags);
+        const deadline = flags.timeout === 0 ? null : Date.now() + flags.timeout * 1000;
+        const idWidth = pickIdWidth(Boolean(process.stdout.isTTY));
+        const seenIds = new Set();
+        let cursor = null;
+        let matched = 0;
+        let headerPrinted = false;
+        while (deadline === null || Date.now() < deadline) {
+            const page = await fetchEmailSearchPage({
+                apiClient,
+                cursor,
+                filters,
+                pageSize: flags["page-size"],
+                since,
+            });
+            if (!page.ok) {
+                const payload = extractErrorPayload(page.error);
+                writeErrorWithHints(payload);
+                removeStaleSavedCredentialOnUnauthorized({
+                    auth,
+                    baseUrlOverridden,
+                    configDir: this.config.configDir,
+                    payload,
+                });
+                process.exitCode = 1;
+                return;
+            }
+            cursor = page.cursor ?? cursor;
+            for (const email of collectNewAcceptedEmails(page.rows, seenIds)) {
+                if (flags.table) {
+                    if (!headerPrinted) {
+                        process.stderr.write(`${formatHeader(idWidth)}\n`);
+                        headerPrinted = true;
+                    }
+                    this.log(formatRow(email, idWidth));
+                }
+                else {
+                    this.log(JSON.stringify(email));
+                }
+                matched += 1;
+                if (matched >= flags.number)
+                    return;
+            }
+            if (page.rows.length > 0)
+                continue;
+            if (deadline !== null && Date.now() >= deadline)
+                break;
+            await sleep(flags.interval * 1000);
+        }
+        process.stderr.write(`Timed out waiting for ${flags.number} matching email${flags.number === 1 ? "" : "s"}; received ${matched}.\n`);
+        process.exitCode = 1;
+    }
+}
+export default EmailsWaitCommand;

package/dist/oclif/commands/emails-watch.js

@@ -0,0 +1,165 @@
+import { Command, Errors, Flags } from "@oclif/core";
+import { PrimitiveApiClient } from "../../api/index.js";
+import { extractErrorPayload, removeStaleSavedCredentialOnUnauthorized, writeErrorWithHints, } from "../api-command.js";
+import { resolveCliAuth } from "../auth.js";
+import { formatHeader, formatRow, pickIdWidth } from "./emails-latest.js";
+import { collectNewAcceptedEmails, DEFAULT_EMAIL_POLL_INTERVAL_SECONDS, DEFAULT_EMAIL_POLL_PAGE_SIZE, fetchEmailSearchPage, filtersFromFlags, MAX_EMAIL_POLL_PAGE_SIZE, sinceFromFlags, sleep, } from "./emails-poll.js";
+function cliError(message) {
+    return new Errors.CLIError(message, { exit: 1 });
+}
+class EmailsWatchCommand extends Command {
+    static description = "Poll for new inbound emails and print matching messages as they arrive.";
+    static summary = "Watch inbound emails with filters";
+    static examples = [
+        "<%= config.bin %> emails watch --to support@example.com",
+        "<%= config.bin %> emails watch --subject verify --seconds 300",
+        "<%= config.bin %> emails watch --number 20 --jsonl",
+    ];
+    static flags = {
+        "api-key": Flags.string({
+            description: "Primitive API key (defaults to PRIMITIVE_API_KEY or saved `primitive login` credentials)",
+            env: "PRIMITIVE_API_KEY",
+        }),
+        "api-base-url-1": Flags.string({
+            description: "Override the primary API base URL. Internal testing only; not documented to customers.",
+            env: "PRIMITIVE_API_BASE_URL_1",
+            hidden: true,
+        }),
+        "api-base-url-2": Flags.string({
+            description: "Override the attachments-supporting send host base URL. Internal testing only; not documented to customers.",
+            env: "PRIMITIVE_API_BASE_URL_2",
+            hidden: true,
+        }),
+        body: Flags.string({
+            description: "Full-text body filter",
+        }),
+        domain: Flags.string({
+            description: "Filter by inbound email domain",
+        }),
+        "domain-id": Flags.string({
+            description: "Filter by domain UUID",
+        }),
+        from: Flags.string({
+            description: "Filter by sender address or domain",
+        }),
+        "has-attachment": Flags.boolean({
+            description: "Only show emails with one or more attachments",
+        }),
+        "include-existing": Flags.boolean({
+            description: "Start from existing matching emails instead of only new arrivals",
+        }),
+        interval: Flags.integer({
+            default: DEFAULT_EMAIL_POLL_INTERVAL_SECONDS,
+            description: "Seconds to wait between empty polls",
+            min: 1,
+        }),
+        jsonl: Flags.boolean({
+            description: "Print each email as one JSON object per line",
+        }),
+        number: Flags.integer({
+            description: "Exit after printing this many matching emails",
+            min: 1,
+        }),
+        "page-size": Flags.integer({
+            default: DEFAULT_EMAIL_POLL_PAGE_SIZE,
+            description: `Emails to fetch per poll (1-${MAX_EMAIL_POLL_PAGE_SIZE})`,
+            max: MAX_EMAIL_POLL_PAGE_SIZE,
+            min: 1,
+        }),
+        q: Flags.string({
+            description: "Full-text search DSL query",
+        }),
+        seconds: Flags.integer({
+            description: "Exit after this many seconds",
+            min: 1,
+        }),
+        since: Flags.string({
+            description: "Only show emails received on or after this date/time",
+        }),
+        "spam-score-gte": Flags.integer({
+            description: "Only show emails with spam score greater than or equal to this value",
+        }),
+        "spam-score-lt": Flags.integer({
+            description: "Only show emails with spam score below this value",
+        }),
+        subject: Flags.string({
+            description: "Full-text subject filter",
+        }),
+        to: Flags.string({
+            description: "Filter by recipient address or domain",
+        }),
+    };
+    async run() {
+        const { flags } = await this.parse(EmailsWatchCommand);
+        const baseUrlOverridden = flags["api-base-url-1"] !== undefined ||
+            flags["api-base-url-2"] !== undefined;
+        const auth = resolveCliAuth({
+            apiKey: flags["api-key"],
+            apiBaseUrl1: flags["api-base-url-1"],
+            apiBaseUrl2: flags["api-base-url-2"],
+            configDir: this.config.configDir,
+        });
+        const apiClient = new PrimitiveApiClient({
+            apiKey: auth.apiKey,
+            apiBaseUrl1: auth.apiBaseUrl1,
+            apiBaseUrl2: auth.apiBaseUrl2,
+        });
+        let since;
+        try {
+            since = sinceFromFlags(flags);
+        }
+        catch (error) {
+            throw cliError(error instanceof Error ? error.message : String(error));
+        }
+        const filters = filtersFromFlags(flags);
+        const deadline = flags.seconds ? Date.now() + flags.seconds * 1000 : null;
+        const idWidth = pickIdWidth(Boolean(process.stdout.isTTY));
+        const seenIds = new Set();
+        let cursor = null;
+        let printed = 0;
+        let headerPrinted = false;
+        while (deadline === null || Date.now() < deadline) {
+            const page = await fetchEmailSearchPage({
+                apiClient,
+                cursor,
+                filters,
+                pageSize: flags["page-size"],
+                since,
+            });
+            if (!page.ok) {
+                const payload = extractErrorPayload(page.error);
+                writeErrorWithHints(payload);
+                removeStaleSavedCredentialOnUnauthorized({
+                    auth,
+                    baseUrlOverridden,
+                    configDir: this.config.configDir,
+                    payload,
+                });
+                process.exitCode = 1;
+                return;
+            }
+            cursor = page.cursor ?? cursor;
+            for (const email of collectNewAcceptedEmails(page.rows, seenIds)) {
+                if (flags.jsonl) {
+                    this.log(JSON.stringify(email));
+                }
+                else {
+                    if (!headerPrinted) {
+                        process.stderr.write(`${formatHeader(idWidth)}\n`);
+                        headerPrinted = true;
+                    }
+                    this.log(formatRow(email, idWidth));
+                }
+                printed += 1;
+                if (flags.number && printed >= flags.number)
+                    return;
+            }
+            if (page.rows.length > 0)
+                continue;
+            if (deadline !== null && Date.now() >= deadline)
+                break;
+            await sleep(flags.interval * 1000);
+        }
+    }
+}
+export default EmailsWatchCommand;

package/dist/oclif/commands/functions-deploy.js

@@ -36,9 +36,15 @@ class FunctionsDeployCommand extends Command {
             description: "Primitive API key (defaults to PRIMITIVE_API_KEY or saved `primitive login` credentials)",
             env: "PRIMITIVE_API_KEY",
         }),
-        "base-url": Flags.string({
-            description: "API base URL (defaults to PRIMITIVE_API_URL or production)",
-            env: "PRIMITIVE_API_URL",
+        "api-base-url-1": Flags.string({
+            description: "Override the primary API base URL. Internal testing only; not documented to customers.",
+            env: "PRIMITIVE_API_BASE_URL_1",
+            hidden: true,
+        }),
+        "api-base-url-2": Flags.string({
+            description: "Override the attachments-supporting send host base URL. Internal testing only; not documented to customers.",
+            env: "PRIMITIVE_API_BASE_URL_2",
+            hidden: true,
         }),
         name: Flags.string({
             description: "Slug-style name. Lowercase letters, digits, hyphens, underscores. 1-64 chars. Must be unique within the org.",
@@ -66,15 +72,18 @@ class FunctionsDeployCommand extends Command {
             const sourceMap = flags["source-map-file"]
                 ? readTextFileFlag(flags["source-map-file"], "--source-map-file")
                 : undefined;
-            const baseUrlOverridden = flags["base-url"] !== undefined;
+            const baseUrlOverridden = flags["api-base-url-1"] !== undefined ||
+                flags["api-base-url-2"] !== undefined;
             const auth = resolveCliAuth({
                 apiKey: flags["api-key"],
-                baseUrl: flags["base-url"],
+                apiBaseUrl1: flags["api-base-url-1"],
+                apiBaseUrl2: flags["api-base-url-2"],
                 configDir: this.config.configDir,
             });
             const apiClient = new PrimitiveApiClient({
                 apiKey: auth.apiKey,
-                baseUrl: auth.baseUrl,
+                apiBaseUrl1: auth.apiBaseUrl1,
+                apiBaseUrl2: auth.apiBaseUrl2,
             });
             const authFailureContext = {
                 auth,

package/dist/oclif/commands/functions-redeploy.js

@@ -27,9 +27,15 @@ class FunctionsRedeployCommand extends Command {
             description: "Primitive API key (defaults to PRIMITIVE_API_KEY or saved `primitive login` credentials)",
             env: "PRIMITIVE_API_KEY",
         }),
-        "base-url": Flags.string({
-            description: "API base URL (defaults to PRIMITIVE_API_URL or production)",
-            env: "PRIMITIVE_API_URL",
+        "api-base-url-1": Flags.string({
+            description: "Override the primary API base URL. Internal testing only; not documented to customers.",
+            env: "PRIMITIVE_API_BASE_URL_1",
+            hidden: true,
+        }),
+        "api-base-url-2": Flags.string({
+            description: "Override the attachments-supporting send host base URL. Internal testing only; not documented to customers.",
+            env: "PRIMITIVE_API_BASE_URL_2",
+            hidden: true,
         }),
         id: Flags.string({
             description: "Function id (UUID). The function must already exist.",
@@ -55,15 +61,18 @@ class FunctionsRedeployCommand extends Command {
             const sourceMap = flags["source-map-file"]
                 ? readTextFileFlag(flags["source-map-file"], "--source-map-file")
                 : undefined;
-            const baseUrlOverridden = flags["base-url"] !== undefined;
+            const baseUrlOverridden = flags["api-base-url-1"] !== undefined ||
+                flags["api-base-url-2"] !== undefined;
             const auth = resolveCliAuth({
                 apiKey: flags["api-key"],
-                baseUrl: flags["base-url"],
+                apiBaseUrl1: flags["api-base-url-1"],
+                apiBaseUrl2: flags["api-base-url-2"],
                 configDir: this.config.configDir,
             });
             const apiClient = new PrimitiveApiClient({
                 apiKey: auth.apiKey,
-                baseUrl: auth.baseUrl,
+                apiBaseUrl1: auth.apiBaseUrl1,
+                apiBaseUrl2: auth.apiBaseUrl2,
             });
             const authFailureContext = {
                 auth,