npm - @supercheck/cli - Versions diffs - 0.1.1-beta.1 → 0.1.1-beta.3 - Mend

@supercheck/cli 0.1.1-beta.1 → 0.1.1-beta.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md +58 -18
package/dist/bin/supercheck.js +323 -129
package/dist/bin/supercheck.js.map +1 -1
package/package.json +3 -2

package/dist/bin/supercheck.js CHANGED Viewed

@@ -44,6 +44,12 @@ var TimeoutError = class extends CLIError {
     this.name = "TimeoutError";
   }
 };
+var ConfigNotFoundError = class extends CLIError {
+  constructor(message = "No supercheck.config.ts found. Run `supercheck init` to create one.") {
+    super(message, 3 /* ConfigError */);
+    this.name = "ConfigNotFoundError";
+  }
+};
 // src/utils/logger.ts
 import pc from "picocolors";
@@ -216,7 +222,7 @@ function requireTriggerKey() {
 }
 // src/version.ts
-var CLI_VERSION = true ? "0.1.1-beta.1" : "0.0.0-dev";
+var CLI_VERSION = true ? "0.1.1-beta.3" : "0.0.0-dev";
 // src/utils/proxy.ts
 import { ProxyAgent } from "undici";
@@ -312,55 +318,29 @@ var ApiClient = class {
     }
     return url.toString();
   }
-  getProxyEnv(url) {
-    if (this.proxy) return this.proxy;
-    const noProxyRaw = process.env.NO_PROXY ?? process.env.no_proxy;
-    if (noProxyRaw && this.isNoProxyMatch(url, noProxyRaw)) {
-      return null;
-    }
-    if (url.protocol === "https:") {
-      return process.env.HTTPS_PROXY ?? process.env.https_proxy ?? process.env.HTTP_PROXY ?? process.env.http_proxy ?? null;
-    }
-    if (url.protocol === "http:") {
-      return process.env.HTTP_PROXY ?? process.env.http_proxy ?? null;
-    }
-    return null;
-  }
-  isNoProxyMatch(url, noProxyRaw) {
-    const hostname = url.hostname;
-    const port = url.port || (url.protocol === "https:" ? "443" : "80");
-    const entries = noProxyRaw.split(",").map((entry) => entry.trim()).filter(Boolean);
-    if (entries.includes("*")) return true;
-    for (const entry of entries) {
-      const [hostPart, portPart] = entry.split(":");
-      const host = hostPart.trim();
-      const entryPort = portPart?.trim();
-      if (!host) continue;
-      if (entryPort && entryPort !== port) continue;
-      if (host.startsWith(".")) {
-        if (hostname.endsWith(host)) return true;
-        continue;
-      }
-      if (hostname === host) return true;
-      if (hostname.endsWith(`.${host}`)) return true;
-    }
-    return false;
-  }
   /**
    * Execute an HTTP request with retries, timeout, and rate limit handling.
+   *
+   * Retry policy:
+   * - 429 (rate limit): retried for all methods (with Retry-After header)
+   * - 5xx (server error): retried only for idempotent methods (GET, PUT, DELETE, HEAD, OPTIONS)
+   * - Network errors: retried only for idempotent methods
+   * - POST and PATCH are NOT retried on 5xx/network errors to prevent duplicate mutations
    */
   async request(method, path, options) {
     const url = this.buildUrl(path, options?.params);
     const parsedUrl = new URL(url);
     const headers = this.buildHeaders(options?.headers);
     const maxRetries = options?.retries ?? MAX_RETRIES;
+    const upperMethod = method.toUpperCase();
+    const isIdempotent = ["GET", "PUT", "DELETE", "HEAD", "OPTIONS"].includes(upperMethod);
     let lastError = null;
     for (let attempt = 0; attempt <= maxRetries; attempt++) {
       let timeoutId = null;
       try {
         const controller = new AbortController();
         timeoutId = setTimeout(() => controller.abort(), this.timeout);
-        const proxy = this.getProxyEnv(parsedUrl);
+        const proxy = this.proxy || getProxyEnv(parsedUrl);
         const fetchOptions = {
           method,
           headers,
@@ -387,7 +367,7 @@ var ApiClient = class {
           await this.sleep(waitMs);
           continue;
         }
-        if (response.status >= 500 && attempt < maxRetries) {
+        if (response.status >= 500 && attempt < maxRetries && isIdempotent) {
           const waitMs = RETRY_BACKOFF_MS * Math.pow(2, attempt);
           logger.debug(`Server error ${response.status}. Retrying in ${waitMs}ms...`);
           await this.sleep(waitMs);
@@ -419,7 +399,7 @@ var ApiClient = class {
           throw new TimeoutError(`Request timed out after ${this.timeout}ms: ${method} ${path}`);
         }
         lastError = err;
-        if (attempt < maxRetries) {
+        if (attempt < maxRetries && isIdempotent) {
           const waitMs = RETRY_BACKOFF_MS * Math.pow(2, attempt);
           logger.debug(`Network error: ${err.message}. Retrying in ${waitMs}ms...`);
           await this.sleep(waitMs);
@@ -725,6 +705,7 @@ function normalizeAlertConfig(alert) {
 function normalizeMonitorConfig(config) {
   const normalized = { ...config };
   delete normalized.sslLastCheckedAt;
+  delete normalized.aggregatedAlertState;
   if (normalized.playwrightOptions && typeof normalized.playwrightOptions === "object") {
     const opts = { ...normalized.playwrightOptions };
     if (opts.retries === 0) delete opts.retries;
@@ -766,8 +747,8 @@ function normalizeRemoteRaw(type, raw) {
     }
   }
   if (type === "test") {
-    if (normalized.type === "browser") normalized.testType = "playwright";
-    else if (normalized.type === "performance") normalized.testType = "k6";
+    if (normalized.type === "performance") normalized.testType = "k6";
+    else normalized.testType = "playwright";
     delete normalized.type;
     if (typeof normalized.script === "string") {
       normalized.script = stripTitleMetadata(normalized.script);
@@ -1047,7 +1028,12 @@ function formatValue(value, column, row) {
     return value ? pc2.green("\u2713") : pc2.red("\u2717");
   }
   if (value instanceof Date) return formatDate(value);
-  if (Array.isArray(value)) return value.join(", ");
+  if (Array.isArray(value)) {
+    if (value.length > 0 && typeof value[0] === "object" && value[0] !== null) {
+      return JSON.stringify(value);
+    }
+    return value.join(", ");
+  }
   if (typeof value === "number") {
     const dateForNumber = maybeFormatDate(value, column?.key);
     if (dateForNumber) return dateForNumber;
@@ -1078,6 +1064,22 @@ function maybeFormatDate(value, key) {
 function formatDate(date) {
   return date.toISOString().replace("T", " ").replace("Z", "");
 }
+function summarizeArray(_key, items) {
+  if (items.length === 0) return pc2.dim("(none)");
+  if (typeof items[0] !== "object" || items[0] === null) {
+    return items.join(", ");
+  }
+  const previews = [];
+  for (const item of items.slice(0, 3)) {
+    const obj = item;
+    const name = obj.name ?? obj.title ?? obj.key ?? obj.id;
+    if (name) previews.push(String(name));
+  }
+  const countStr = `${items.length} ${items.length === 1 ? "item" : "items"}`;
+  if (previews.length === 0) return countStr;
+  const previewStr = previews.join(", ");
+  return items.length > 3 ? `${countStr} (${previewStr}, ...)` : `${countStr} (${previewStr})`;
+}
 function outputDetail(data) {
   if (currentFormat === "json") {
     logger.output(JSON.stringify(data, null, 2));
@@ -1092,10 +1094,47 @@ function outputDetail(data) {
     logger.info("No details available.");
     return;
   }
-  const maxKeyLen = Math.max(...keys.map((k) => k.length));
+  const scalarEntries = [];
+  const nestedEntries = [];
   for (const [key, value] of Object.entries(data)) {
-    const label = key.padEnd(maxKeyLen + 2);
-    logger.output(`  ${label}${formatValue(value, { key, header: key }, data)}`);
+    if (value !== null && typeof value === "object" && !Array.isArray(value) && !(value instanceof Date)) {
+      nestedEntries.push([key, value]);
+    } else {
+      scalarEntries.push([key, value]);
+    }
+  }
+  if (scalarEntries.length > 0) {
+    const maxKeyLen = Math.max(...scalarEntries.map(([k]) => k.length));
+    for (const [key, value] of scalarEntries) {
+      const label = key.padEnd(maxKeyLen + 2);
+      let formatted;
+      if (Array.isArray(value)) {
+        formatted = summarizeArray(key, value);
+      } else {
+        formatted = formatValue(value, { key, header: key }, data);
+      }
+      logger.output(`  ${label}${formatted}`);
+    }
+  }
+  for (const [key, obj] of nestedEntries) {
+    logger.output("");
+    logger.output(`  ${pc2.bold(key)}:`);
+    const subKeys = Object.keys(obj);
+    if (subKeys.length === 0) {
+      logger.output(`    ${pc2.dim("(empty)")}`);
+      continue;
+    }
+    const maxSubKeyLen = Math.max(...subKeys.map((k) => k.length));
+    for (const [subKey, subVal] of Object.entries(obj)) {
+      const subLabel = subKey.padEnd(maxSubKeyLen + 2);
+      let formatted;
+      if (Array.isArray(subVal)) {
+        formatted = summarizeArray(subKey, subVal);
+      } else {
+        formatted = formatValue(subVal, { key: subKey, header: subKey }, obj);
+      }
+      logger.output(`    ${subLabel}${formatted}`);
+    }
   }
 }
@@ -1202,6 +1241,18 @@ var whoamiCommand = new Command("whoami").description("Show current authenticati
     );
     const tokenPreview = safeTokenPreview(token);
     const activeToken = data.tokens?.find((t) => t.start && token.startsWith(t.start.replace(/\.+$/, "")));
+    if (getOutputFormat() === "json") {
+      const jsonData = {
+        user: activeToken?.createdByName ?? null,
+        tokenName: activeToken?.name ?? null,
+        tokenPreview,
+        apiUrl: baseUrl ?? "https://app.supercheck.io",
+        expiresAt: activeToken?.expiresAt ?? null,
+        lastUsed: activeToken?.lastRequest ?? null
+      };
+      logger.output(JSON.stringify(jsonData, null, 2));
+      return;
+    }
     logger.newline();
     logger.header("Current Context");
     logger.newline();
@@ -1439,7 +1490,9 @@ function validateNoSecrets(config) {
   const secretPatterns = [
     /sck_live_[a-zA-Z0-9]+/,
     /sck_trigger_[a-zA-Z0-9]+/,
-    /sck_test_[a-zA-Z0-9]+/
+    /sck_test_[a-zA-Z0-9]+/,
+    // Legacy trigger key format: job_ followed by 32+ hex chars
+    /job_[a-fA-F0-9]{32,}/
   ];
   for (const pattern of secretPatterns) {
     if (pattern.test(configStr)) {
@@ -1453,13 +1506,10 @@ function validateNoSecrets(config) {
 async function loadConfig(options = {}) {
   const cwd = options.cwd ?? process.cwd();
   const { config: loadEnv } = await import("dotenv");
-  loadEnv({ path: resolve2(cwd, ".env") });
+  loadEnv({ path: resolve2(cwd, ".env"), quiet: true });
   const configPath = resolveConfigPath(cwd, options.configPath);
   if (!configPath) {
-    throw new CLIError(
-      "No supercheck.config.ts found. Run `supercheck init` to create one.",
-      3 /* ConfigError */
-    );
+    throw new ConfigNotFoundError();
   }
   let config = await loadConfigFile(configPath);
   const localConfigPath = resolveLocalConfigPath(cwd);
@@ -1487,7 +1537,7 @@ async function tryLoadConfig(options = {}) {
   try {
     return await loadConfig(options);
   } catch (err) {
-    if (err instanceof CLIError && err.message.includes("No supercheck.config.ts found")) {
+    if (err instanceof ConfigNotFoundError) {
       return null;
     }
     throw err;
@@ -1690,6 +1740,11 @@ function isNodeInstalled() {
 }
 async function installPlaywrightBrowsers(cwd, browser = "chromium") {
   try {
+    const allowedBrowsers = ["chromium", "firefox", "webkit", "chrome", "msedge"];
+    if (!allowedBrowsers.includes(browser)) {
+      logger.error(`Invalid browser: ${browser}. Allowed: ${allowedBrowsers.join(", ")}`);
+      return false;
+    }
     logger.info(`Installing Playwright ${browser} browser...`);
     execSync(`npx playwright install ${browser}`, {
       cwd,
@@ -2034,9 +2089,10 @@ import { readFileSync as readFileSync3 } from "fs";
 import { resolve as resolve6 } from "path";
 // src/api/authenticated-client.ts
-function createAuthenticatedClient() {
+function createAuthenticatedClient(configBaseUrl) {
   const token = requireAuth();
-  const baseUrl = getStoredBaseUrl();
+  const storedBaseUrl = getStoredBaseUrl();
+  const baseUrl = storedBaseUrl ?? configBaseUrl;
   return getApiClient({ token, baseUrl: baseUrl ?? void 0 });
 }
@@ -2065,6 +2121,21 @@ function parseIntStrict(value, name, opts) {
 }
 // src/utils/validation.ts
+var K6_IMPORT_PATTERN = /import\s+.*\s+from\s+['"]k6(?:\/[^'"]*)?['"]/;
+function isK6Script(script) {
+  return K6_IMPORT_PATTERN.test(script);
+}
+function validateScriptTypeMatch(script, declaredType) {
+  if (!script || !declaredType) return void 0;
+  const scriptIsK6 = isK6Script(script);
+  if (scriptIsK6 && declaredType !== "performance") {
+    return `Script contains k6 imports but test type is "${declaredType}". k6 scripts must use type "performance".`;
+  }
+  if (!scriptIsK6 && declaredType === "performance") {
+    return 'Test type is "performance" but script does not contain k6 imports. Performance tests require k6 scripts.';
+  }
+  return void 0;
+}
 function normalizeTestTypeForApi(localType) {
   if (typeof localType !== "string") return void 0;
   const normalized = localType.trim().toLowerCase();
@@ -2128,9 +2199,11 @@ async function validateScripts(client, inputs) {
 import { spawn } from "child_process";
 function runCommand(command, args, cwd) {
   return new Promise((resolve10, reject) => {
-    const child = spawn(command, args, {
+    const executable = process.platform === "win32" && command === "npx" ? "npx.cmd" : command;
+    const child = spawn(executable, args, {
       stdio: "inherit",
-      shell: true,
+      shell: false,
+      // ✓ SECURE: Prevents command injection
       cwd
     });
     child.on("error", (err) => reject(err));
@@ -2197,6 +2270,13 @@ function resolveJobLocalTests(cwd, tests, patterns) {
   });
 }
 async function validateJobTests(client, tests) {
+  for (const test of tests) {
+    const declaredType = normalizeTestTypeForApi(test.type);
+    const mismatch = validateScriptTypeMatch(test.script, declaredType);
+    if (mismatch) {
+      throw new CLIError(`${test.name}: ${mismatch}`, 3 /* ConfigError */);
+    }
+  }
   const inputs = tests.map((test) => ({
     name: test.name,
     script: test.script,
@@ -2324,7 +2404,7 @@ jobCommand.command("get <id>").description("Get job details").action(async (id)
   );
   outputDetail(data);
 });
-jobCommand.command("create").description("Create a new job").requiredOption("--name <name>", "Job name").requiredOption("--tests <tests...>", "Test IDs (space or comma separated)").option("--description <description>", "Job description", "").option("--type <type>", "Job runner type (playwright, k6)").option("--schedule <cron>", "Cron schedule expression").option("--timeout <seconds>", "Timeout in seconds", "300").option("--retries <count>", "Retry count on failure", "0").action(async (options) => {
+jobCommand.command("create").description("Create a new job").requiredOption("--name <name>", "Job name").requiredOption("--tests <tests...>", "Test IDs (space or comma separated)").option("--description <description>", "Job description", "").option("--type <type>", "Job runner type (playwright, k6)").option("--schedule <cron>", "Cron schedule expression").option("--dry-run", "Show what would be sent without creating").action(async (options) => {
   const client = createAuthenticatedClient();
   const tests = (options.tests ?? []).flatMap((value) => value.split(",")).map((value) => value.trim()).filter(Boolean);
   if (tests.length === 0) {
@@ -2333,13 +2413,16 @@ jobCommand.command("create").description("Create a new job").requiredOption("--n
   const body = {
     name: options.name,
     description: options.description,
-    timeoutSeconds: parseIntStrict(options.timeout, "--timeout", { min: 1 }),
-    retryCount: parseIntStrict(options.retries, "--retries", { min: 0 }),
     config: {},
     tests: tests.map((id) => ({ id }))
   };
   if (options.type) body.jobType = options.type;
   if (options.schedule) body.cronSchedule = options.schedule;
+  if (options.dryRun) {
+    logger.header("Dry run \u2014 job create payload:");
+    logger.info(JSON.stringify(body, null, 2));
+    return;
+  }
   const { data } = await withSpinner(
     "Creating job",
     () => client.post("/api/jobs", body)
@@ -2349,17 +2432,20 @@ jobCommand.command("create").description("Create a new job").requiredOption("--n
   logger.success(`Job "${options.name}" created (${jobId ?? "unknown"})`);
   outputDetail(job);
 });
-jobCommand.command("update <id>").description("Update job configuration").option("--name <name>", "Job name").option("--description <description>", "Job description").option("--schedule <cron>", "Cron schedule expression").option("--timeout <seconds>", "Timeout in seconds").option("--retries <count>", "Retry count on failure").option("--status <status>", "Job status (active, paused)").action(async (id, options) => {
+jobCommand.command("update <id>").description("Update job configuration").option("--name <name>", "Job name").option("--description <description>", "Job description").option("--schedule <cron>", "Cron schedule expression").option("--status <status>", "Job status (active, paused)").option("--dry-run", "Show what would be sent without updating").action(async (id, options) => {
   const client = createAuthenticatedClient();
   const body = {};
   if (options.name !== void 0) body.name = options.name;
   if (options.description !== void 0) body.description = options.description;
   if (options.schedule !== void 0) body.cronSchedule = options.schedule;
-  if (options.timeout !== void 0) body.timeoutSeconds = parseIntStrict(options.timeout, "--timeout", { min: 1 });
-  if (options.retries !== void 0) body.retryCount = parseIntStrict(options.retries, "--retries", { min: 0 });
   if (options.status !== void 0) body.status = options.status;
   if (Object.keys(body).length === 0) {
-    logger.warn("No fields to update. Use --name, --description, --schedule, --timeout, --retries, or --status.");
+    logger.warn("No fields to update. Use --name, --description, --schedule, or --status.");
+    return;
+  }
+  if (options.dryRun) {
+    logger.header("Dry run \u2014 job update payload:");
+    logger.info(JSON.stringify(body, null, 2));
     return;
   }
   const { data } = await withSpinner(
@@ -2435,7 +2521,7 @@ jobCommand.command("run").description("Run a job immediately").requiredOption("-
     "Running job",
     () => client.post(
       "/api/jobs/run",
-      { jobId: options.id, tests: payloadTests, trigger: "manual" }
+      { jobId: options.id, tests: payloadTests, trigger: "remote" }
     )
   );
   logger.success(`Job started. Run ID: ${data.runId}`);
@@ -2721,6 +2807,13 @@ function collectLocalTests(cwd, patterns, options) {
   });
 }
 async function validateLocalTests(client, tests) {
+  for (const test of tests) {
+    const declaredType = test.validationType ?? normalizeTestTypeForApi(test.type);
+    const mismatch = validateScriptTypeMatch(test.script, declaredType);
+    if (mismatch) {
+      throw new CLIError(`${test.name}: ${mismatch}`, 3 /* ConfigError */);
+    }
+  }
   const inputs = tests.map((test) => ({
     name: test.name,
     script: test.script,
@@ -2800,7 +2893,7 @@ testCommand.command("get <id>").description("Get test details").option("--includ
   );
   outputDetail(data);
 });
-testCommand.command("create").description("Create a new test").requiredOption("--title <title>", "Test title").requiredOption("--file <path>", "Path to the test script file").option("--type <type>", "Test type (browser, performance, api, database, custom)").option("--description <description>", "Test description").action(async (options) => {
+testCommand.command("create").description("Create a new test").requiredOption("--title <title>", "Test title").requiredOption("--file <path>", "Path to the test script file").option("--type <type>", "Test type (browser, performance, api, database, custom)").option("--description <description>", "Test description").option("--dry-run", "Show what would be sent without creating").action(async (options) => {
   const { readFileSync: readFileSync6 } = await import("fs");
   const { resolve: resolve10 } = await import("path");
   const filePath = resolve10(process.cwd(), options.file);
@@ -2811,7 +2904,10 @@ testCommand.command("create").description("Create a new test").requiredOption("-
     throw new CLIError(`Cannot read file: ${filePath}`, 1 /* GeneralError */);
   }
   const typeArg = options.type || inferTestType(options.file) || "playwright";
-  const client = createAuthenticatedClient();
+  const typeMismatchError = validateScriptTypeMatch(script, normalizeTestTypeForApi(typeArg));
+  if (typeMismatchError) {
+    throw new CLIError(typeMismatchError, 3 /* ConfigError */);
+  }
   const encodedScript = Buffer2.from(script, "utf-8").toString("base64");
   const body = {
     title: options.title,
@@ -2819,6 +2915,13 @@ testCommand.command("create").description("Create a new test").requiredOption("-
     type: normalizeTestType(typeArg)
   };
   if (options.description) body.description = options.description;
+  if (options.dryRun) {
+    const preview = { ...body, script: `<base64 ${encodedScript.length} chars>` };
+    logger.header("Dry run \u2014 test create payload:");
+    logger.info(JSON.stringify(preview, null, 2));
+    return;
+  }
+  const client = createAuthenticatedClient();
   const { data } = await withSpinner(
     "Creating test",
     () => client.post("/api/tests", body)
@@ -2827,7 +2930,7 @@ testCommand.command("create").description("Create a new test").requiredOption("-
   logger.success(`Test "${options.title}" created${createdId ? ` (${createdId})` : ""}`);
   outputDetail(data);
 });
-testCommand.command("update <id>").description("Update a test").option("--title <title>", "Test title").option("--file <path>", "Path to updated test script").option("--description <description>", "Test description").action(async (id, options) => {
+testCommand.command("update <id>").description("Update a test").option("--title <title>", "Test title").option("--file <path>", "Path to updated test script").option("--description <description>", "Test description").option("--dry-run", "Show what would be sent without updating").action(async (id, options) => {
   const client = createAuthenticatedClient();
   const body = {};
   if (options.title !== void 0) body.title = options.title;
@@ -2847,6 +2950,15 @@ testCommand.command("update <id>").description("Update a test").option("--title
     logger.warn("No fields to update. Use --title, --file, or --description.");
     return;
   }
+  if (options.dryRun) {
+    const preview = { ...body };
+    if (typeof preview.script === "string") {
+      preview.script = `<base64 ${preview.script.length} chars>`;
+    }
+    logger.header("Dry run \u2014 test update payload:");
+    logger.info(JSON.stringify(preview, null, 2));
+    return;
+  }
   const { data } = await withSpinner(
     "Updating test",
     () => client.patch(`/api/tests/${id}`, body)
@@ -2870,25 +2982,7 @@ testCommand.command("delete <id>").description("Delete a test").option("--force"
   );
   logger.success(`Test ${id} deleted`);
 });
-testCommand.command("run").description("Run tests locally or in the cloud").option("--local", "Run locally").option("--cloud", "Run on cloud").option("--file <path>", "Local test file path").option("--all", "Run all local tests").option("--type <type>", "Local test type filter (browser, performance, api, database, custom)").option("--id <id>", "Cloud test ID").option("--location <location>", "Execution location (k6 cloud only)").action(async (options) => {
-  if (options.local && options.cloud) {
-    throw new CLIError("--local and --cloud are mutually exclusive.", 3 /* ConfigError */);
-  }
-  const useCloud = options.cloud || !options.local && !!options.id;
-  if (useCloud) {
-    if (!options.id) {
-      throw new CLIError("Cloud runs require --id <testId>.", 3 /* ConfigError */);
-    }
-    const client2 = createAuthenticatedClient();
-    const body = {};
-    if (options.location) body.location = options.location;
-    const { data } = await withSpinner(
-      "Executing test",
-      () => client2.post(`/api/tests/${options.id}/execute`, body)
-    );
-    outputDetail(data);
-    return;
-  }
+testCommand.command("run").description("Run tests locally").option("--file <path>", "Local test file path").option("--all", "Run all local tests").option("--type <type>", "Test type filter (browser, performance, api, database, custom)").action(async (options) => {
   if (!options.file && !options.all) {
     throw new CLIError("Local runs require --file <path> or --all.", 3 /* ConfigError */);
   }
@@ -2935,16 +3029,6 @@ testCommand.command("run").description("Run tests locally or in the cloud").opti
     await runK6Tests(k6Tests, cwd);
   }
 });
-testCommand.command("execute <id>").description("Execute a test immediately").option("--location <location>", "Execution location (k6 only)").action(async (id, options) => {
-  const client = createAuthenticatedClient();
-  const body = {};
-  if (options.location) body.location = options.location;
-  const { data } = await withSpinner(
-    "Executing test",
-    () => client.post(`/api/tests/${id}/execute`, body)
-  );
-  outputDetail(data);
-});
 testCommand.command("tags <id>").description("Get test tags").action(async (id) => {
   const client = createAuthenticatedClient();
   const { data } = await withSpinner(
@@ -2969,6 +3053,11 @@ testCommand.command("validate").description("Validate a test script").requiredOp
     throw new CLIError(`Cannot read file: ${filePath}`, 1 /* GeneralError */);
   }
   const typeArg = options.type || inferTestType(options.file) || "playwright";
+  const resolvedApiType = normalizeTestTypeForApi(typeArg);
+  const typeMismatchError = validateScriptTypeMatch(script, resolvedApiType);
+  if (typeMismatchError) {
+    throw new CLIError(typeMismatchError, 3 /* ConfigError */);
+  }
   const client = createAuthenticatedClient();
   const results = await withSpinner(
     "Validating script",
@@ -3097,23 +3186,29 @@ monitorCommand.command("get <id>").description("Get monitor details").action(asy
   );
   outputDetail(data);
 });
-monitorCommand.command("results <id>").description("Get monitor check results").option("--limit <limit>", "Number of results", "20").action(async (id, options) => {
+monitorCommand.command("results <id>").description("Get monitor check results").option("--limit <limit>", "Number of results", "20").option("--page <page>", "Page number", "1").action(async (id, options) => {
   const client = createAuthenticatedClient();
   const { data } = await withSpinner(
     "Fetching monitor results",
     () => client.get(
       `/api/monitors/${id}/results`,
-      { limit: options.limit }
+      { limit: options.limit, page: options.page }
     )
   );
-  output(data.results, {
+  output(data.data, {
     columns: [
-      { key: "timestamp", header: "Time" },
+      { key: "checkedAt", header: "Time" },
       { key: "status", header: "Status" },
       { key: "responseTime", header: "Response (ms)" },
       { key: "location", header: "Location" }
     ]
   });
+  if (data.pagination) {
+    logger.info(
+      `
+Page ${data.pagination.page}/${data.pagination.totalPages} (${data.pagination.total} total)`
+    );
+  }
 });
 monitorCommand.command("stats <id>").description("Get monitor performance statistics").action(async (id) => {
   const client = createAuthenticatedClient();
@@ -3121,7 +3216,28 @@ monitorCommand.command("stats <id>").description("Get monitor performance statis
     "Fetching monitor statistics",
     () => client.get(`/api/monitors/${id}/stats`)
   );
-  outputDetail(data);
+  if (getOutputFormat() === "json") {
+    outputDetail(data);
+    return;
+  }
+  const statsData = data.data ?? data;
+  const period24h = statsData.period24h;
+  const period30d = statsData.period30d;
+  if (period24h) {
+    logger.header("Last 24 Hours");
+    outputDetail(period24h);
+    logger.info("");
+  }
+  if (period30d) {
+    logger.header("Last 30 Days");
+    outputDetail(period30d);
+    logger.info("");
+  }
+  const meta = data.meta;
+  if (meta) {
+    logger.header("Meta");
+    outputDetail(meta);
+  }
 });
 monitorCommand.command("status <id>").description("Get current monitor status").action(async (id) => {
   const client = createAuthenticatedClient();
@@ -3138,10 +3254,22 @@ monitorCommand.command("status <id>").description("Get current monitor status").
   };
   outputDetail(statusInfo);
 });
-monitorCommand.command("create").description("Create a new monitor").requiredOption("--name <name>", "Monitor name").requiredOption("--url <url>", "URL to monitor").option("--type <type>", "Monitor type (http_request, website, ping_host, port_check, synthetic_test)", "http_request").option("--interval <seconds>", "Check interval in seconds", "300").option("--timeout <seconds>", "Request timeout in seconds", "30").option("--method <method>", "HTTP method (GET, POST, HEAD)", "GET").action(async (options) => {
+monitorCommand.command("create").description("Create a new monitor").requiredOption("--name <name>", "Monitor name").requiredOption("--url <url>", "URL to monitor").option("--type <type>", "Monitor type (http_request, website, ping_host, port_check, synthetic_test)", "http_request").option("--interval-minutes <minutes>", "Check interval in minutes (1-1440)", "5").option("--interval <seconds>", "[deprecated: use --interval-minutes] Check interval in seconds").option("--timeout <seconds>", "Request timeout in seconds", "30").option("--method <method>", "HTTP method (GET, POST, HEAD)", "GET").option("--dry-run", "Show what would be sent without creating").action(async (options) => {
   const client = createAuthenticatedClient();
-  const intervalSeconds = parseIntStrict(options.interval, "--interval", { min: 1 });
-  const frequencyMinutes = Math.max(1, Math.ceil(intervalSeconds / 60));
+  let frequencyMinutes;
+  if (options.interval !== void 0) {
+    logger.warn("--interval (seconds) is deprecated. Use --interval-minutes instead.");
+    const intervalSeconds = parseIntStrict(options.interval, "--interval", { min: 60 });
+    if (intervalSeconds % 60 !== 0) {
+      throw new CLIError(
+        `--interval must be a multiple of 60 seconds. Got ${intervalSeconds}s. Use --interval-minutes for direct minute values.`,
+        3 /* ConfigError */
+      );
+    }
+    frequencyMinutes = intervalSeconds / 60;
+  } else {
+    frequencyMinutes = parseIntStrict(options.intervalMinutes, "--interval-minutes", { min: 1, max: 1440 });
+  }
   const body = {
     name: options.name,
     target: options.url,
@@ -3153,6 +3281,11 @@ monitorCommand.command("create").description("Create a new monitor").requiredOpt
       method: options.method
     }
   };
+  if (options.dryRun) {
+    logger.header("Dry run \u2014 monitor create payload:");
+    logger.info(JSON.stringify(body, null, 2));
+    return;
+  }
   const { data } = await withSpinner(
     "Creating monitor",
     () => client.post("/api/monitors", body)
@@ -3160,14 +3293,23 @@ monitorCommand.command("create").description("Create a new monitor").requiredOpt
   logger.success(`Monitor "${options.name}" created (${data.id})`);
   outputDetail(data);
 });
-monitorCommand.command("update <id>").description("Update a monitor").option("--name <name>", "Monitor name").option("--url <url>", "URL to monitor").option("--interval <seconds>", "Check interval in seconds").option("--timeout <seconds>", "Request timeout in seconds").option("--method <method>", "HTTP method").option("--active <boolean>", "Enable or disable monitor (true/false)").action(async (id, options) => {
+monitorCommand.command("update <id>").description("Update a monitor").option("--name <name>", "Monitor name").option("--url <url>", "URL to monitor").option("--interval-minutes <minutes>", "Check interval in minutes (1-1440)").option("--interval <seconds>", "[deprecated: use --interval-minutes] Check interval in seconds").option("--timeout <seconds>", "Request timeout in seconds").option("--method <method>", "HTTP method").option("--active <boolean>", "Enable or disable monitor (true/false)").option("--dry-run", "Show what would be sent without updating").action(async (id, options) => {
   const client = createAuthenticatedClient();
   const body = {};
   if (options.name !== void 0) body.name = options.name;
   if (options.url !== void 0) body.target = options.url;
   if (options.interval !== void 0) {
-    const intervalSeconds = parseIntStrict(options.interval, "--interval", { min: 1 });
-    body.frequencyMinutes = Math.max(1, Math.ceil(intervalSeconds / 60));
+    logger.warn("--interval (seconds) is deprecated. Use --interval-minutes instead.");
+    const intervalSeconds = parseIntStrict(options.interval, "--interval", { min: 60 });
+    if (intervalSeconds % 60 !== 0) {
+      throw new CLIError(
+        `--interval must be a multiple of 60 seconds. Got ${intervalSeconds}s. Use --interval-minutes for direct minute values.`,
+        3 /* ConfigError */
+      );
+    }
+    body.frequencyMinutes = intervalSeconds / 60;
+  } else if (options.intervalMinutes !== void 0) {
+    body.frequencyMinutes = parseIntStrict(options.intervalMinutes, "--interval-minutes", { min: 1, max: 1440 });
   }
   if (options.active !== void 0) body.enabled = options.active === "true";
   const config = {};
@@ -3175,7 +3317,12 @@ monitorCommand.command("update <id>").description("Update a monitor").option("--
   if (options.method !== void 0) config.method = options.method;
   if (Object.keys(config).length > 0) body.config = config;
   if (Object.keys(body).length === 0) {
-    logger.warn("No fields to update. Use --name, --url, --interval, --timeout, --method, or --active.");
+    logger.warn("No fields to update. Use --name, --url, --interval-minutes, --timeout, --method, or --active.");
+    return;
+  }
+  if (options.dryRun) {
+    logger.header("Dry run \u2014 monitor update payload:");
+    logger.info(JSON.stringify(body, null, 2));
     return;
   }
   const { data } = await withSpinner(
@@ -3478,7 +3625,7 @@ function formatChangePlan(changes) {
 var diffCommand = new Command11("diff").description("Preview changes between local config and the remote Supercheck project").option("--config <path>", "Path to config file").action(async (options) => {
   const cwd = process.cwd();
   const { config } = await loadConfig({ cwd, configPath: options.config });
-  const client = createAuthenticatedClient();
+  const client = createAuthenticatedClient(config.api?.baseUrl);
   logger.newline();
   const { localResources, remoteResources } = await withSpinner(
     "Comparing local and remote resources...",
@@ -3522,7 +3669,8 @@ function prepareBodyForApi(type, body) {
     if (Array.isArray(payload.tests)) {
       payload.tests = payload.tests.map((t) => {
         const match = /([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})/i.exec(t);
-        return match ? match[1] : t;
+        const id = match ? match[1] : t;
+        return { id };
       });
     }
   }
@@ -3539,7 +3687,8 @@ async function applyChange(client, change, opts) {
     const endpoint = getApiEndpoint(change.type);
     switch (change.action) {
       case "create": {
-        const { id: _id, ...rawBody } = change.local.definition;
+        const rawBody = { ...change.local.definition };
+        delete rawBody.id;
         const body = prepareBodyForApi(change.type, rawBody);
         const response = await client.post(endpoint, body);
         if (change.type === "test") {
@@ -3562,7 +3711,8 @@ async function applyChange(client, change, opts) {
       }
       case "update": {
         const id = change.id ?? change.remote.id;
-        const { id: _id, ...rawBody } = change.local.definition;
+        const rawBody = { ...change.local.definition };
+        delete rawBody.id;
         const body = prepareBodyForApi(change.type, rawBody);
         await client.put(`${endpoint}/${id}`, body);
         return { success: true };
@@ -3583,7 +3733,7 @@ async function applyChange(client, change, opts) {
 var deployCommand = new Command12("deploy").description("Push local config resources to the Supercheck project").option("--config <path>", "Path to config file").option("--dry-run", "Show what would change without applying").option("--force", "Skip confirmation prompt").option("--no-delete", "Do not delete remote resources missing from config").action(async (options) => {
   const cwd = process.cwd();
   const { config } = await loadConfig({ cwd, configPath: options.config });
-  const client = createAuthenticatedClient();
+  const client = createAuthenticatedClient(config.api?.baseUrl);
   logger.newline();
   logger.header("Deploying from config...");
   logger.newline();
@@ -3601,6 +3751,15 @@ var deployCommand = new Command12("deploy").description("Push local config resou
     changes = changes.filter((c) => c.action !== "delete");
   }
   const actionable = changes.filter((c) => c.action !== "no-change");
+  const unsupportedStatusPageMutations = actionable.filter(
+    (c) => c.type === "statusPage" && (c.action === "create" || c.action === "update")
+  );
+  if (unsupportedStatusPageMutations.length > 0) {
+    throw new CLIError(
+      "Status page create/update is not supported by the current API. Remove statusPages create/update changes from config (or apply them in the dashboard) and run deploy again.",
+      3 /* ConfigError */
+    );
+  }
   if (actionable.length === 0) {
     logger.success("No changes to deploy. Everything is in sync.");
     return;
@@ -3613,6 +3772,14 @@ var deployCommand = new Command12("deploy").description("Push local config resou
   const testsToValidate = actionable.filter((c) => c.type === "test" && (c.action === "create" || c.action === "update"));
   if (testsToValidate.length > 0) {
     await withSpinner("Validating test scripts...", async () => {
+      for (const change of testsToValidate) {
+        const script = String(change.local?.definition?.script ?? "");
+        const declaredType = normalizeTestTypeForApi(change.local?.definition?.testType);
+        const mismatch = validateScriptTypeMatch(script, declaredType);
+        if (mismatch) {
+          throw new CLIError(`${change.name}: ${mismatch}`, 3 /* ConfigError */);
+        }
+      }
       const inputs = testsToValidate.map((change) => ({
         name: change.name,
         script: String(change.local?.definition?.script ?? ""),
@@ -3710,7 +3877,6 @@ async function fetchManagedResources(client, config) {
       if (sp.id) managedIds.add(`statusPage:${sp.id}`);
     }
   }
-  const UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
   const patterns = {
     playwright: config.tests?.playwright?.testMatch,
     k6: config.tests?.k6?.testMatch
@@ -3719,9 +3885,9 @@ async function fetchManagedResources(client, config) {
   const files = discoverFiles(cwd, patterns);
   const testIds = /* @__PURE__ */ new Set();
   for (const f of files) {
-    const stem = f.filename.replace(/\.(pw|k6)\.ts$/, "");
-    if (UUID_RE.test(stem)) {
-      testIds.add(stem);
+    const uuid = extractUuidFromFilename(f.filename);
+    if (uuid) {
+      testIds.add(uuid);
     }
   }
   try {
@@ -3797,7 +3963,7 @@ function logDestroyFetchError(resourceType, err) {
 var destroyCommand = new Command13("destroy").description("Tear down managed resources from the Supercheck project").option("--config <path>", "Path to config file").option("--dry-run", "Show what would be destroyed without applying").option("--force", "Skip confirmation prompt").action(async (options) => {
   const cwd = process.cwd();
   const { config } = await loadConfig({ cwd, configPath: options.config });
-  const client = createAuthenticatedClient();
+  const client = createAuthenticatedClient(config.api?.baseUrl);
   logger.newline();
   const managed = await withSpinner(
     "Scanning for managed resources...",
@@ -3830,7 +3996,7 @@ var destroyCommand = new Command13("destroy").description("Tear down managed res
   logger.newline();
   let succeeded = 0;
   let failed = 0;
-  const deleteOrder = ["test", "monitor", "statusPage", "job", "variable", "tag"];
+  const deleteOrder = ["statusPage", "job", "monitor", "variable", "tag", "test"];
   const sorted = [...managed].sort((a, b) => deleteOrder.indexOf(a.type) - deleteOrder.indexOf(b.type));
   for (const resource of sorted) {
     try {
@@ -3885,7 +4051,11 @@ function decodeScript(script) {
     if (reEncoded !== trimmed) {
       return script;
     }
-    if (/^[\x09\x0a\x0d\x20-\x7e\u00a0-\uffff]*$/.test(decoded) && decoded.length > 0) {
+    const isTextLike = decoded.length > 0 && Array.from(decoded).every((char) => {
+      const code = char.codePointAt(0) ?? 0;
+      return code === 9 || code === 10 || code === 13 || code >= 32;
+    });
+    if (isTextLike) {
       return decoded;
     }
   } catch {
@@ -4035,6 +4205,7 @@ function buildMonitorDefinitions(monitors) {
     if (m.config && typeof m.config === "object") {
       const config = { ...m.config };
       delete config.sslLastCheckedAt;
+      delete config.aggregatedAlertState;
       if (config.playwrightOptions && typeof config.playwrightOptions === "object") {
         const opts = { ...config.playwrightOptions };
         if (opts.retries === 0) delete opts.retries;
@@ -4228,7 +4399,7 @@ function generateConfigContent(opts) {
   parts.push(" *");
   parts.push(" *   supercheck test list           List all tests");
   parts.push(" *   supercheck test validate       Validate a local test script");
-  parts.push(" *   supercheck test execute <id>   Execute a test immediately");
+  parts.push(" *   supercheck test run --local    Run local test scripts");
   parts.push(" *");
   parts.push(" *   supercheck monitor list        List all monitors");
   parts.push(" *   supercheck job list            List all jobs");
@@ -4305,8 +4476,8 @@ var pullCommand = new Command14("pull").description("Pull tests, monitors, jobs,
     );
   }
   const cwd = process.cwd();
-  const client = createAuthenticatedClient();
   const existing = await tryLoadConfig({ cwd, configPath: options.config });
+  const client = createAuthenticatedClient(existing?.config?.api?.baseUrl);
   logger.newline();
   logger.header("Pulling from Supercheck cloud...");
   logger.newline();
@@ -4553,6 +4724,19 @@ var validateCommand = new Command15("validate").description("Validate local test
     logger.warn("No local tests found to validate.");
     return;
   }
+  let preflightFailed = false;
+  for (const test of tests) {
+    const script = String(test.definition?.script ?? "");
+    const declaredType = normalizeTestTypeForApi(test.definition?.testType);
+    const mismatch = validateScriptTypeMatch(script, declaredType);
+    if (mismatch) {
+      logger.error(`${pc8.red("\u2717")} ${test.name}: ${mismatch}`);
+      preflightFailed = true;
+    }
+  }
+  if (preflightFailed) {
+    throw new CLIError("Script-type mismatch detected. Fix the test type or script content before validating.", 3 /* ConfigError */);
+  }
   const inputs = tests.map((test) => ({
     name: test.name,
     script: String(test.definition?.script ?? ""),
@@ -4639,7 +4823,7 @@ notificationCommand.command("create").description("Create a notification provide
   logger.success(`Notification provider "${options.name}" created (${data.id})`);
   outputDetail(data);
 });
-notificationCommand.command("update <id>").description("Update a notification provider").option("--name <name>", "Provider name").option("--type <type>", "Provider type").option("--config <json>", "Provider config as JSON string").action(async (id, options) => {
+notificationCommand.command("update <id>").description("Update a notification provider").option("--name <name>", "Provider name").option("--type <type>", "Provider type").option("--config <json>", "Provider config as JSON string (replaces entire config \u2014 include all fields)").action(async (id, options) => {
   const client = createAuthenticatedClient();
   if (!options.name && !options.type && !options.config) {
     logger.warn("No fields to update. Use --name, --type, or --config.");
@@ -4649,22 +4833,32 @@ notificationCommand.command("update <id>").description("Update a notification pr
     "Fetching existing provider",
     () => client.get(`/api/notification-providers/${id}`)
   );
-  let updatedConfig = existing.config ?? {};
+  const maskedFields = existing.maskedFields ?? [];
+  const updatedName = options.name ?? String(existing.name ?? "");
+  const updatedType = options.type ?? String(existing.type ?? "");
+  let updatedConfig;
   if (options.config) {
     try {
-      updatedConfig = { ...updatedConfig, ...JSON.parse(options.config) };
+      updatedConfig = JSON.parse(options.config);
     } catch {
       throw new CLIError("Invalid JSON in --config", 1 /* GeneralError */);
     }
+  } else if (maskedFields.length > 0) {
+    logger.debug("Skipping config field (contains masked secrets that cannot be round-tripped safely)");
+    updatedConfig = void 0;
+  } else {
+    updatedConfig = existing.config ?? {};
+  }
+  if (updatedConfig) {
+    updatedConfig.name = updatedName;
   }
-  const updatedName = options.name ?? String(existing.name ?? "");
-  const updatedType = options.type ?? String(existing.type ?? "");
-  updatedConfig.name = updatedName;
   const body = {
     name: updatedName,
-    type: updatedType,
-    config: updatedConfig
+    type: updatedType
   };
+  if (updatedConfig) {
+    body.config = updatedConfig;
+  }
   const { data } = await withSpinner(
     "Updating notification provider",
     () => client.put(`/api/notification-providers/${id}`, body)