@supercheck/cli 0.1.1-beta.2 → 0.1.1-beta.3

package/dist/bin/supercheck.js

@@ -44,6 +44,12 @@ var TimeoutError = class extends CLIError {
     this.name = "TimeoutError";
   }
 };
+var ConfigNotFoundError = class extends CLIError {
+  constructor(message = "No supercheck.config.ts found. Run `supercheck init` to create one.") {
+    super(message, 3 /* ConfigError */);
+    this.name = "ConfigNotFoundError";
+  }
+};
 
 // src/utils/logger.ts
 import pc from "picocolors";
@@ -216,7 +222,7 @@ function requireTriggerKey() {
 }
 
 // src/version.ts
-var CLI_VERSION = true ? "0.1.1-beta.2" : "0.0.0-dev";
+var CLI_VERSION = true ? "0.1.1-beta.3" : "0.0.0-dev";
 
 // src/utils/proxy.ts
 import { ProxyAgent } from "undici";
@@ -314,12 +320,20 @@ var ApiClient = class {
   }
   /**
    * Execute an HTTP request with retries, timeout, and rate limit handling.
+   *
+   * Retry policy:
+   * - 429 (rate limit): retried for all methods (with Retry-After header)
+   * - 5xx (server error): retried only for idempotent methods (GET, PUT, DELETE, HEAD, OPTIONS)
+   * - Network errors: retried only for idempotent methods
+   * - POST and PATCH are NOT retried on 5xx/network errors to prevent duplicate mutations
    */
   async request(method, path, options) {
     const url = this.buildUrl(path, options?.params);
     const parsedUrl = new URL(url);
     const headers = this.buildHeaders(options?.headers);
     const maxRetries = options?.retries ?? MAX_RETRIES;
+    const upperMethod = method.toUpperCase();
+    const isIdempotent = ["GET", "PUT", "DELETE", "HEAD", "OPTIONS"].includes(upperMethod);
     let lastError = null;
     for (let attempt = 0; attempt <= maxRetries; attempt++) {
       let timeoutId = null;
@@ -353,7 +367,7 @@ var ApiClient = class {
           await this.sleep(waitMs);
           continue;
         }
-        if (response.status >= 500 && attempt < maxRetries) {
+        if (response.status >= 500 && attempt < maxRetries && isIdempotent) {
           const waitMs = RETRY_BACKOFF_MS * Math.pow(2, attempt);
           logger.debug(`Server error ${response.status}. Retrying in ${waitMs}ms...`);
           await this.sleep(waitMs);
@@ -385,7 +399,7 @@ var ApiClient = class {
           throw new TimeoutError(`Request timed out after ${this.timeout}ms: ${method} ${path}`);
         }
         lastError = err;
-        if (attempt < maxRetries) {
+        if (attempt < maxRetries && isIdempotent) {
           const waitMs = RETRY_BACKOFF_MS * Math.pow(2, attempt);
           logger.debug(`Network error: ${err.message}. Retrying in ${waitMs}ms...`);
           await this.sleep(waitMs);
@@ -691,6 +705,7 @@ function normalizeAlertConfig(alert) {
 function normalizeMonitorConfig(config) {
   const normalized = { ...config };
   delete normalized.sslLastCheckedAt;
+  delete normalized.aggregatedAlertState;
   if (normalized.playwrightOptions && typeof normalized.playwrightOptions === "object") {
     const opts = { ...normalized.playwrightOptions };
     if (opts.retries === 0) delete opts.retries;
@@ -732,8 +747,8 @@ function normalizeRemoteRaw(type, raw) {
     }
   }
   if (type === "test") {
-    if (normalized.type === "browser") normalized.testType = "playwright";
-    else if (normalized.type === "performance") normalized.testType = "k6";
+    if (normalized.type === "performance") normalized.testType = "k6";
+    else normalized.testType = "playwright";
     delete normalized.type;
     if (typeof normalized.script === "string") {
       normalized.script = stripTitleMetadata(normalized.script);
@@ -1013,7 +1028,12 @@ function formatValue(value, column, row) {
     return value ? pc2.green("\u2713") : pc2.red("\u2717");
   }
   if (value instanceof Date) return formatDate(value);
-  if (Array.isArray(value)) return value.join(", ");
+  if (Array.isArray(value)) {
+    if (value.length > 0 && typeof value[0] === "object" && value[0] !== null) {
+      return JSON.stringify(value);
+    }
+    return value.join(", ");
+  }
   if (typeof value === "number") {
     const dateForNumber = maybeFormatDate(value, column?.key);
     if (dateForNumber) return dateForNumber;
@@ -1044,6 +1064,22 @@ function maybeFormatDate(value, key) {
 function formatDate(date) {
   return date.toISOString().replace("T", " ").replace("Z", "");
 }
+function summarizeArray(_key, items) {
+  if (items.length === 0) return pc2.dim("(none)");
+  if (typeof items[0] !== "object" || items[0] === null) {
+    return items.join(", ");
+  }
+  const previews = [];
+  for (const item of items.slice(0, 3)) {
+    const obj = item;
+    const name = obj.name ?? obj.title ?? obj.key ?? obj.id;
+    if (name) previews.push(String(name));
+  }
+  const countStr = `${items.length} ${items.length === 1 ? "item" : "items"}`;
+  if (previews.length === 0) return countStr;
+  const previewStr = previews.join(", ");
+  return items.length > 3 ? `${countStr} (${previewStr}, ...)` : `${countStr} (${previewStr})`;
+}
 function outputDetail(data) {
   if (currentFormat === "json") {
     logger.output(JSON.stringify(data, null, 2));
@@ -1058,10 +1094,47 @@ function outputDetail(data) {
     logger.info("No details available.");
     return;
   }
-  const maxKeyLen = Math.max(...keys.map((k) => k.length));
+  const scalarEntries = [];
+  const nestedEntries = [];
   for (const [key, value] of Object.entries(data)) {
-    const label = key.padEnd(maxKeyLen + 2);
-    logger.output(`  ${label}${formatValue(value, { key, header: key }, data)}`);
+    if (value !== null && typeof value === "object" && !Array.isArray(value) && !(value instanceof Date)) {
+      nestedEntries.push([key, value]);
+    } else {
+      scalarEntries.push([key, value]);
+    }
+  }
+  if (scalarEntries.length > 0) {
+    const maxKeyLen = Math.max(...scalarEntries.map(([k]) => k.length));
+    for (const [key, value] of scalarEntries) {
+      const label = key.padEnd(maxKeyLen + 2);
+      let formatted;
+      if (Array.isArray(value)) {
+        formatted = summarizeArray(key, value);
+      } else {
+        formatted = formatValue(value, { key, header: key }, data);
+      }
+      logger.output(`  ${label}${formatted}`);
+    }
+  }
+  for (const [key, obj] of nestedEntries) {
+    logger.output("");
+    logger.output(`  ${pc2.bold(key)}:`);
+    const subKeys = Object.keys(obj);
+    if (subKeys.length === 0) {
+      logger.output(`    ${pc2.dim("(empty)")}`);
+      continue;
+    }
+    const maxSubKeyLen = Math.max(...subKeys.map((k) => k.length));
+    for (const [subKey, subVal] of Object.entries(obj)) {
+      const subLabel = subKey.padEnd(maxSubKeyLen + 2);
+      let formatted;
+      if (Array.isArray(subVal)) {
+        formatted = summarizeArray(subKey, subVal);
+      } else {
+        formatted = formatValue(subVal, { key: subKey, header: subKey }, obj);
+      }
+      logger.output(`    ${subLabel}${formatted}`);
+    }
   }
 }
 
@@ -1168,6 +1241,18 @@ var whoamiCommand = new Command("whoami").description("Show current authenticati
     );
     const tokenPreview = safeTokenPreview(token);
     const activeToken = data.tokens?.find((t) => t.start && token.startsWith(t.start.replace(/\.+$/, "")));
+    if (getOutputFormat() === "json") {
+      const jsonData = {
+        user: activeToken?.createdByName ?? null,
+        tokenName: activeToken?.name ?? null,
+        tokenPreview,
+        apiUrl: baseUrl ?? "https://app.supercheck.io",
+        expiresAt: activeToken?.expiresAt ?? null,
+        lastUsed: activeToken?.lastRequest ?? null
+      };
+      logger.output(JSON.stringify(jsonData, null, 2));
+      return;
+    }
     logger.newline();
     logger.header("Current Context");
     logger.newline();
@@ -1405,7 +1490,9 @@ function validateNoSecrets(config) {
   const secretPatterns = [
     /sck_live_[a-zA-Z0-9]+/,
     /sck_trigger_[a-zA-Z0-9]+/,
-    /sck_test_[a-zA-Z0-9]+/
+    /sck_test_[a-zA-Z0-9]+/,
+    // Legacy trigger key format: job_ followed by 32+ hex chars
+    /job_[a-fA-F0-9]{32,}/
   ];
   for (const pattern of secretPatterns) {
     if (pattern.test(configStr)) {
@@ -1419,13 +1506,10 @@ function validateNoSecrets(config) {
 async function loadConfig(options = {}) {
   const cwd = options.cwd ?? process.cwd();
   const { config: loadEnv } = await import("dotenv");
-  loadEnv({ path: resolve2(cwd, ".env") });
+  loadEnv({ path: resolve2(cwd, ".env"), quiet: true });
   const configPath = resolveConfigPath(cwd, options.configPath);
   if (!configPath) {
-    throw new CLIError(
-      "No supercheck.config.ts found. Run `supercheck init` to create one.",
-      3 /* ConfigError */
-    );
+    throw new ConfigNotFoundError();
   }
   let config = await loadConfigFile(configPath);
   const localConfigPath = resolveLocalConfigPath(cwd);
@@ -1453,7 +1537,7 @@ async function tryLoadConfig(options = {}) {
   try {
     return await loadConfig(options);
   } catch (err) {
-    if (err instanceof CLIError && err.message.includes("No supercheck.config.ts found")) {
+    if (err instanceof ConfigNotFoundError) {
       return null;
     }
     throw err;
@@ -2005,9 +2089,10 @@ import { readFileSync as readFileSync3 } from "fs";
 import { resolve as resolve6 } from "path";
 
 // src/api/authenticated-client.ts
-function createAuthenticatedClient() {
+function createAuthenticatedClient(configBaseUrl) {
   const token = requireAuth();
-  const baseUrl = getStoredBaseUrl();
+  const storedBaseUrl = getStoredBaseUrl();
+  const baseUrl = storedBaseUrl ?? configBaseUrl;
   return getApiClient({ token, baseUrl: baseUrl ?? void 0 });
 }
 
@@ -2036,6 +2121,21 @@ function parseIntStrict(value, name, opts) {
 }
 
 // src/utils/validation.ts
+var K6_IMPORT_PATTERN = /import\s+.*\s+from\s+['"]k6(?:\/[^'"]*)?['"]/;
+function isK6Script(script) {
+  return K6_IMPORT_PATTERN.test(script);
+}
+function validateScriptTypeMatch(script, declaredType) {
+  if (!script || !declaredType) return void 0;
+  const scriptIsK6 = isK6Script(script);
+  if (scriptIsK6 && declaredType !== "performance") {
+    return `Script contains k6 imports but test type is "${declaredType}". k6 scripts must use type "performance".`;
+  }
+  if (!scriptIsK6 && declaredType === "performance") {
+    return 'Test type is "performance" but script does not contain k6 imports. Performance tests require k6 scripts.';
+  }
+  return void 0;
+}
 function normalizeTestTypeForApi(localType) {
   if (typeof localType !== "string") return void 0;
   const normalized = localType.trim().toLowerCase();
@@ -2170,6 +2270,13 @@ function resolveJobLocalTests(cwd, tests, patterns) {
   });
 }
 async function validateJobTests(client, tests) {
+  for (const test of tests) {
+    const declaredType = normalizeTestTypeForApi(test.type);
+    const mismatch = validateScriptTypeMatch(test.script, declaredType);
+    if (mismatch) {
+      throw new CLIError(`${test.name}: ${mismatch}`, 3 /* ConfigError */);
+    }
+  }
   const inputs = tests.map((test) => ({
     name: test.name,
     script: test.script,
@@ -2297,7 +2404,7 @@ jobCommand.command("get <id>").description("Get job details").action(async (id)
   );
   outputDetail(data);
 });
-jobCommand.command("create").description("Create a new job").requiredOption("--name <name>", "Job name").requiredOption("--tests <tests...>", "Test IDs (space or comma separated)").option("--description <description>", "Job description", "").option("--type <type>", "Job runner type (playwright, k6)").option("--schedule <cron>", "Cron schedule expression").option("--timeout <seconds>", "Timeout in seconds", "300").option("--retries <count>", "Retry count on failure", "0").action(async (options) => {
+jobCommand.command("create").description("Create a new job").requiredOption("--name <name>", "Job name").requiredOption("--tests <tests...>", "Test IDs (space or comma separated)").option("--description <description>", "Job description", "").option("--type <type>", "Job runner type (playwright, k6)").option("--schedule <cron>", "Cron schedule expression").option("--dry-run", "Show what would be sent without creating").action(async (options) => {
   const client = createAuthenticatedClient();
   const tests = (options.tests ?? []).flatMap((value) => value.split(",")).map((value) => value.trim()).filter(Boolean);
   if (tests.length === 0) {
@@ -2306,13 +2413,16 @@ jobCommand.command("create").description("Create a new job").requiredOption("--n
   const body = {
     name: options.name,
     description: options.description,
-    timeoutSeconds: parseIntStrict(options.timeout, "--timeout", { min: 1 }),
-    retryCount: parseIntStrict(options.retries, "--retries", { min: 0 }),
     config: {},
     tests: tests.map((id) => ({ id }))
   };
   if (options.type) body.jobType = options.type;
   if (options.schedule) body.cronSchedule = options.schedule;
+  if (options.dryRun) {
+    logger.header("Dry run \u2014 job create payload:");
+    logger.info(JSON.stringify(body, null, 2));
+    return;
+  }
   const { data } = await withSpinner(
     "Creating job",
     () => client.post("/api/jobs", body)
@@ -2322,17 +2432,20 @@ jobCommand.command("create").description("Create a new job").requiredOption("--n
   logger.success(`Job "${options.name}" created (${jobId ?? "unknown"})`);
   outputDetail(job);
 });
-jobCommand.command("update <id>").description("Update job configuration").option("--name <name>", "Job name").option("--description <description>", "Job description").option("--schedule <cron>", "Cron schedule expression").option("--timeout <seconds>", "Timeout in seconds").option("--retries <count>", "Retry count on failure").option("--status <status>", "Job status (active, paused)").action(async (id, options) => {
+jobCommand.command("update <id>").description("Update job configuration").option("--name <name>", "Job name").option("--description <description>", "Job description").option("--schedule <cron>", "Cron schedule expression").option("--status <status>", "Job status (active, paused)").option("--dry-run", "Show what would be sent without updating").action(async (id, options) => {
   const client = createAuthenticatedClient();
   const body = {};
   if (options.name !== void 0) body.name = options.name;
   if (options.description !== void 0) body.description = options.description;
   if (options.schedule !== void 0) body.cronSchedule = options.schedule;
-  if (options.timeout !== void 0) body.timeoutSeconds = parseIntStrict(options.timeout, "--timeout", { min: 1 });
-  if (options.retries !== void 0) body.retryCount = parseIntStrict(options.retries, "--retries", { min: 0 });
   if (options.status !== void 0) body.status = options.status;
   if (Object.keys(body).length === 0) {
-    logger.warn("No fields to update. Use --name, --description, --schedule, --timeout, --retries, or --status.");
+    logger.warn("No fields to update. Use --name, --description, --schedule, or --status.");
+    return;
+  }
+  if (options.dryRun) {
+    logger.header("Dry run \u2014 job update payload:");
+    logger.info(JSON.stringify(body, null, 2));
     return;
   }
   const { data } = await withSpinner(
@@ -2694,6 +2807,13 @@ function collectLocalTests(cwd, patterns, options) {
   });
 }
 async function validateLocalTests(client, tests) {
+  for (const test of tests) {
+    const declaredType = test.validationType ?? normalizeTestTypeForApi(test.type);
+    const mismatch = validateScriptTypeMatch(test.script, declaredType);
+    if (mismatch) {
+      throw new CLIError(`${test.name}: ${mismatch}`, 3 /* ConfigError */);
+    }
+  }
   const inputs = tests.map((test) => ({
     name: test.name,
     script: test.script,
@@ -2773,7 +2893,7 @@ testCommand.command("get <id>").description("Get test details").option("--includ
   );
   outputDetail(data);
 });
-testCommand.command("create").description("Create a new test").requiredOption("--title <title>", "Test title").requiredOption("--file <path>", "Path to the test script file").option("--type <type>", "Test type (browser, performance, api, database, custom)").option("--description <description>", "Test description").action(async (options) => {
+testCommand.command("create").description("Create a new test").requiredOption("--title <title>", "Test title").requiredOption("--file <path>", "Path to the test script file").option("--type <type>", "Test type (browser, performance, api, database, custom)").option("--description <description>", "Test description").option("--dry-run", "Show what would be sent without creating").action(async (options) => {
   const { readFileSync: readFileSync6 } = await import("fs");
   const { resolve: resolve10 } = await import("path");
   const filePath = resolve10(process.cwd(), options.file);
@@ -2784,7 +2904,10 @@ testCommand.command("create").description("Create a new test").requiredOption("-
     throw new CLIError(`Cannot read file: ${filePath}`, 1 /* GeneralError */);
   }
   const typeArg = options.type || inferTestType(options.file) || "playwright";
-  const client = createAuthenticatedClient();
+  const typeMismatchError = validateScriptTypeMatch(script, normalizeTestTypeForApi(typeArg));
+  if (typeMismatchError) {
+    throw new CLIError(typeMismatchError, 3 /* ConfigError */);
+  }
   const encodedScript = Buffer2.from(script, "utf-8").toString("base64");
   const body = {
     title: options.title,
@@ -2792,6 +2915,13 @@ testCommand.command("create").description("Create a new test").requiredOption("-
     type: normalizeTestType(typeArg)
   };
   if (options.description) body.description = options.description;
+  if (options.dryRun) {
+    const preview = { ...body, script: `<base64 ${encodedScript.length} chars>` };
+    logger.header("Dry run \u2014 test create payload:");
+    logger.info(JSON.stringify(preview, null, 2));
+    return;
+  }
+  const client = createAuthenticatedClient();
   const { data } = await withSpinner(
     "Creating test",
     () => client.post("/api/tests", body)
@@ -2800,7 +2930,7 @@ testCommand.command("create").description("Create a new test").requiredOption("-
   logger.success(`Test "${options.title}" created${createdId ? ` (${createdId})` : ""}`);
   outputDetail(data);
 });
-testCommand.command("update <id>").description("Update a test").option("--title <title>", "Test title").option("--file <path>", "Path to updated test script").option("--description <description>", "Test description").action(async (id, options) => {
+testCommand.command("update <id>").description("Update a test").option("--title <title>", "Test title").option("--file <path>", "Path to updated test script").option("--description <description>", "Test description").option("--dry-run", "Show what would be sent without updating").action(async (id, options) => {
   const client = createAuthenticatedClient();
   const body = {};
   if (options.title !== void 0) body.title = options.title;
@@ -2820,6 +2950,15 @@ testCommand.command("update <id>").description("Update a test").option("--title
     logger.warn("No fields to update. Use --title, --file, or --description.");
     return;
   }
+  if (options.dryRun) {
+    const preview = { ...body };
+    if (typeof preview.script === "string") {
+      preview.script = `<base64 ${preview.script.length} chars>`;
+    }
+    logger.header("Dry run \u2014 test update payload:");
+    logger.info(JSON.stringify(preview, null, 2));
+    return;
+  }
   const { data } = await withSpinner(
     "Updating test",
     () => client.patch(`/api/tests/${id}`, body)
@@ -2843,16 +2982,7 @@ testCommand.command("delete <id>").description("Delete a test").option("--force"
   );
   logger.success(`Test ${id} deleted`);
 });
-testCommand.command("run").description("Run tests locally").option("--local", "Run locally").option("--cloud", "DEPRECATED: Cloud test execution is no longer supported from CLI").option("--file <path>", "Local test file path").option("--all", "Run all local tests").option("--type <type>", "Local test type filter (browser, performance, api, database, custom)").option("--id <id>", "DEPRECATED: Test ID (cloud execution removed)").option("--location <location>", "Execution location (k6 cloud only)").action(async (options) => {
-  if (options.local && options.cloud) {
-    throw new CLIError("--local and --cloud are mutually exclusive.", 3 /* ConfigError */);
-  }
-  if (options.cloud || options.id || options.location) {
-    throw new CLIError(
-      "Cloud execution for single tests has been removed from CLI because results are not persisted as job runs. Use `supercheck test run --local ...` for local validation or create/trigger a job (`supercheck job run` / `supercheck job trigger`) for remote executions with run history.",
-      3 /* ConfigError */
-    );
-  }
+testCommand.command("run").description("Run tests locally").option("--file <path>", "Local test file path").option("--all", "Run all local tests").option("--type <type>", "Test type filter (browser, performance, api, database, custom)").action(async (options) => {
   if (!options.file && !options.all) {
     throw new CLIError("Local runs require --file <path> or --all.", 3 /* ConfigError */);
   }
@@ -2899,12 +3029,6 @@ testCommand.command("run").description("Run tests locally").option("--local", "R
     await runK6Tests(k6Tests, cwd);
   }
 });
-testCommand.command("execute <id>").description("DEPRECATED: test execute has been removed").action(async () => {
-  throw new CLIError(
-    "The `test execute` command has been removed. Use `supercheck test run --local ...` for local validation or create/trigger a job (`supercheck job run` / `supercheck job trigger`) for remote executions with run history.",
-    3 /* ConfigError */
-  );
-});
 testCommand.command("tags <id>").description("Get test tags").action(async (id) => {
   const client = createAuthenticatedClient();
   const { data } = await withSpinner(
@@ -2929,6 +3053,11 @@ testCommand.command("validate").description("Validate a test script").requiredOp
     throw new CLIError(`Cannot read file: ${filePath}`, 1 /* GeneralError */);
   }
   const typeArg = options.type || inferTestType(options.file) || "playwright";
+  const resolvedApiType = normalizeTestTypeForApi(typeArg);
+  const typeMismatchError = validateScriptTypeMatch(script, resolvedApiType);
+  if (typeMismatchError) {
+    throw new CLIError(typeMismatchError, 3 /* ConfigError */);
+  }
   const client = createAuthenticatedClient();
   const results = await withSpinner(
     "Validating script",
@@ -3057,23 +3186,29 @@ monitorCommand.command("get <id>").description("Get monitor details").action(asy
   );
   outputDetail(data);
 });
-monitorCommand.command("results <id>").description("Get monitor check results").option("--limit <limit>", "Number of results", "20").action(async (id, options) => {
+monitorCommand.command("results <id>").description("Get monitor check results").option("--limit <limit>", "Number of results", "20").option("--page <page>", "Page number", "1").action(async (id, options) => {
   const client = createAuthenticatedClient();
   const { data } = await withSpinner(
     "Fetching monitor results",
     () => client.get(
       `/api/monitors/${id}/results`,
-      { limit: options.limit }
+      { limit: options.limit, page: options.page }
     )
   );
-  output(data.results, {
+  output(data.data, {
     columns: [
-      { key: "timestamp", header: "Time" },
+      { key: "checkedAt", header: "Time" },
       { key: "status", header: "Status" },
       { key: "responseTime", header: "Response (ms)" },
       { key: "location", header: "Location" }
     ]
   });
+  if (data.pagination) {
+    logger.info(
+      `
+Page ${data.pagination.page}/${data.pagination.totalPages} (${data.pagination.total} total)`
+    );
+  }
 });
 monitorCommand.command("stats <id>").description("Get monitor performance statistics").action(async (id) => {
   const client = createAuthenticatedClient();
@@ -3081,7 +3216,28 @@ monitorCommand.command("stats <id>").description("Get monitor performance statis
     "Fetching monitor statistics",
     () => client.get(`/api/monitors/${id}/stats`)
   );
-  outputDetail(data);
+  if (getOutputFormat() === "json") {
+    outputDetail(data);
+    return;
+  }
+  const statsData = data.data ?? data;
+  const period24h = statsData.period24h;
+  const period30d = statsData.period30d;
+  if (period24h) {
+    logger.header("Last 24 Hours");
+    outputDetail(period24h);
+    logger.info("");
+  }
+  if (period30d) {
+    logger.header("Last 30 Days");
+    outputDetail(period30d);
+    logger.info("");
+  }
+  const meta = data.meta;
+  if (meta) {
+    logger.header("Meta");
+    outputDetail(meta);
+  }
 });
 monitorCommand.command("status <id>").description("Get current monitor status").action(async (id) => {
   const client = createAuthenticatedClient();
@@ -3098,10 +3254,22 @@ monitorCommand.command("status <id>").description("Get current monitor status").
   };
   outputDetail(statusInfo);
 });
-monitorCommand.command("create").description("Create a new monitor").requiredOption("--name <name>", "Monitor name").requiredOption("--url <url>", "URL to monitor").option("--type <type>", "Monitor type (http_request, website, ping_host, port_check, synthetic_test)", "http_request").option("--interval <seconds>", "Check interval in seconds", "300").option("--timeout <seconds>", "Request timeout in seconds", "30").option("--method <method>", "HTTP method (GET, POST, HEAD)", "GET").action(async (options) => {
+monitorCommand.command("create").description("Create a new monitor").requiredOption("--name <name>", "Monitor name").requiredOption("--url <url>", "URL to monitor").option("--type <type>", "Monitor type (http_request, website, ping_host, port_check, synthetic_test)", "http_request").option("--interval-minutes <minutes>", "Check interval in minutes (1-1440)", "5").option("--interval <seconds>", "[deprecated: use --interval-minutes] Check interval in seconds").option("--timeout <seconds>", "Request timeout in seconds", "30").option("--method <method>", "HTTP method (GET, POST, HEAD)", "GET").option("--dry-run", "Show what would be sent without creating").action(async (options) => {
   const client = createAuthenticatedClient();
-  const intervalSeconds = parseIntStrict(options.interval, "--interval", { min: 1 });
-  const frequencyMinutes = Math.max(1, Math.ceil(intervalSeconds / 60));
+  let frequencyMinutes;
+  if (options.interval !== void 0) {
+    logger.warn("--interval (seconds) is deprecated. Use --interval-minutes instead.");
+    const intervalSeconds = parseIntStrict(options.interval, "--interval", { min: 60 });
+    if (intervalSeconds % 60 !== 0) {
+      throw new CLIError(
+        `--interval must be a multiple of 60 seconds. Got ${intervalSeconds}s. Use --interval-minutes for direct minute values.`,
+        3 /* ConfigError */
+      );
+    }
+    frequencyMinutes = intervalSeconds / 60;
+  } else {
+    frequencyMinutes = parseIntStrict(options.intervalMinutes, "--interval-minutes", { min: 1, max: 1440 });
+  }
   const body = {
     name: options.name,
     target: options.url,
@@ -3113,6 +3281,11 @@ monitorCommand.command("create").description("Create a new monitor").requiredOpt
       method: options.method
     }
   };
+  if (options.dryRun) {
+    logger.header("Dry run \u2014 monitor create payload:");
+    logger.info(JSON.stringify(body, null, 2));
+    return;
+  }
   const { data } = await withSpinner(
     "Creating monitor",
     () => client.post("/api/monitors", body)
@@ -3120,14 +3293,23 @@ monitorCommand.command("create").description("Create a new monitor").requiredOpt
   logger.success(`Monitor "${options.name}" created (${data.id})`);
   outputDetail(data);
 });
-monitorCommand.command("update <id>").description("Update a monitor").option("--name <name>", "Monitor name").option("--url <url>", "URL to monitor").option("--interval <seconds>", "Check interval in seconds").option("--timeout <seconds>", "Request timeout in seconds").option("--method <method>", "HTTP method").option("--active <boolean>", "Enable or disable monitor (true/false)").action(async (id, options) => {
+monitorCommand.command("update <id>").description("Update a monitor").option("--name <name>", "Monitor name").option("--url <url>", "URL to monitor").option("--interval-minutes <minutes>", "Check interval in minutes (1-1440)").option("--interval <seconds>", "[deprecated: use --interval-minutes] Check interval in seconds").option("--timeout <seconds>", "Request timeout in seconds").option("--method <method>", "HTTP method").option("--active <boolean>", "Enable or disable monitor (true/false)").option("--dry-run", "Show what would be sent without updating").action(async (id, options) => {
   const client = createAuthenticatedClient();
   const body = {};
   if (options.name !== void 0) body.name = options.name;
   if (options.url !== void 0) body.target = options.url;
   if (options.interval !== void 0) {
-    const intervalSeconds = parseIntStrict(options.interval, "--interval", { min: 1 });
-    body.frequencyMinutes = Math.max(1, Math.ceil(intervalSeconds / 60));
+    logger.warn("--interval (seconds) is deprecated. Use --interval-minutes instead.");
+    const intervalSeconds = parseIntStrict(options.interval, "--interval", { min: 60 });
+    if (intervalSeconds % 60 !== 0) {
+      throw new CLIError(
+        `--interval must be a multiple of 60 seconds. Got ${intervalSeconds}s. Use --interval-minutes for direct minute values.`,
+        3 /* ConfigError */
+      );
+    }
+    body.frequencyMinutes = intervalSeconds / 60;
+  } else if (options.intervalMinutes !== void 0) {
+    body.frequencyMinutes = parseIntStrict(options.intervalMinutes, "--interval-minutes", { min: 1, max: 1440 });
   }
   if (options.active !== void 0) body.enabled = options.active === "true";
   const config = {};
@@ -3135,7 +3317,12 @@ monitorCommand.command("update <id>").description("Update a monitor").option("--
   if (options.method !== void 0) config.method = options.method;
   if (Object.keys(config).length > 0) body.config = config;
   if (Object.keys(body).length === 0) {
-    logger.warn("No fields to update. Use --name, --url, --interval, --timeout, --method, or --active.");
+    logger.warn("No fields to update. Use --name, --url, --interval-minutes, --timeout, --method, or --active.");
+    return;
+  }
+  if (options.dryRun) {
+    logger.header("Dry run \u2014 monitor update payload:");
+    logger.info(JSON.stringify(body, null, 2));
     return;
   }
   const { data } = await withSpinner(
@@ -3438,7 +3625,7 @@ function formatChangePlan(changes) {
 var diffCommand = new Command11("diff").description("Preview changes between local config and the remote Supercheck project").option("--config <path>", "Path to config file").action(async (options) => {
   const cwd = process.cwd();
   const { config } = await loadConfig({ cwd, configPath: options.config });
-  const client = createAuthenticatedClient();
+  const client = createAuthenticatedClient(config.api?.baseUrl);
   logger.newline();
   const { localResources, remoteResources } = await withSpinner(
     "Comparing local and remote resources...",
@@ -3482,7 +3669,8 @@ function prepareBodyForApi(type, body) {
     if (Array.isArray(payload.tests)) {
       payload.tests = payload.tests.map((t) => {
         const match = /([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})/i.exec(t);
-        return match ? match[1] : t;
+        const id = match ? match[1] : t;
+        return { id };
       });
     }
   }
@@ -3545,7 +3733,7 @@ async function applyChange(client, change, opts) {
 var deployCommand = new Command12("deploy").description("Push local config resources to the Supercheck project").option("--config <path>", "Path to config file").option("--dry-run", "Show what would change without applying").option("--force", "Skip confirmation prompt").option("--no-delete", "Do not delete remote resources missing from config").action(async (options) => {
   const cwd = process.cwd();
   const { config } = await loadConfig({ cwd, configPath: options.config });
-  const client = createAuthenticatedClient();
+  const client = createAuthenticatedClient(config.api?.baseUrl);
   logger.newline();
   logger.header("Deploying from config...");
   logger.newline();
@@ -3584,6 +3772,14 @@ var deployCommand = new Command12("deploy").description("Push local config resou
   const testsToValidate = actionable.filter((c) => c.type === "test" && (c.action === "create" || c.action === "update"));
   if (testsToValidate.length > 0) {
     await withSpinner("Validating test scripts...", async () => {
+      for (const change of testsToValidate) {
+        const script = String(change.local?.definition?.script ?? "");
+        const declaredType = normalizeTestTypeForApi(change.local?.definition?.testType);
+        const mismatch = validateScriptTypeMatch(script, declaredType);
+        if (mismatch) {
+          throw new CLIError(`${change.name}: ${mismatch}`, 3 /* ConfigError */);
+        }
+      }
       const inputs = testsToValidate.map((change) => ({
         name: change.name,
         script: String(change.local?.definition?.script ?? ""),
@@ -3681,7 +3877,6 @@ async function fetchManagedResources(client, config) {
       if (sp.id) managedIds.add(`statusPage:${sp.id}`);
     }
   }
-  const UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
   const patterns = {
     playwright: config.tests?.playwright?.testMatch,
     k6: config.tests?.k6?.testMatch
@@ -3690,9 +3885,9 @@ async function fetchManagedResources(client, config) {
   const files = discoverFiles(cwd, patterns);
   const testIds = /* @__PURE__ */ new Set();
   for (const f of files) {
-    const stem = f.filename.replace(/\.(pw|k6)\.ts$/, "");
-    if (UUID_RE.test(stem)) {
-      testIds.add(stem);
+    const uuid = extractUuidFromFilename(f.filename);
+    if (uuid) {
+      testIds.add(uuid);
     }
   }
   try {
@@ -3768,7 +3963,7 @@ function logDestroyFetchError(resourceType, err) {
 var destroyCommand = new Command13("destroy").description("Tear down managed resources from the Supercheck project").option("--config <path>", "Path to config file").option("--dry-run", "Show what would be destroyed without applying").option("--force", "Skip confirmation prompt").action(async (options) => {
   const cwd = process.cwd();
   const { config } = await loadConfig({ cwd, configPath: options.config });
-  const client = createAuthenticatedClient();
+  const client = createAuthenticatedClient(config.api?.baseUrl);
   logger.newline();
   const managed = await withSpinner(
     "Scanning for managed resources...",
@@ -3801,7 +3996,7 @@ var destroyCommand = new Command13("destroy").description("Tear down managed res
   logger.newline();
   let succeeded = 0;
   let failed = 0;
-  const deleteOrder = ["test", "monitor", "statusPage", "job", "variable", "tag"];
+  const deleteOrder = ["statusPage", "job", "monitor", "variable", "tag", "test"];
   const sorted = [...managed].sort((a, b) => deleteOrder.indexOf(a.type) - deleteOrder.indexOf(b.type));
   for (const resource of sorted) {
     try {
@@ -4010,6 +4205,7 @@ function buildMonitorDefinitions(monitors) {
     if (m.config && typeof m.config === "object") {
       const config = { ...m.config };
       delete config.sslLastCheckedAt;
+      delete config.aggregatedAlertState;
       if (config.playwrightOptions && typeof config.playwrightOptions === "object") {
         const opts = { ...config.playwrightOptions };
         if (opts.retries === 0) delete opts.retries;
@@ -4280,8 +4476,8 @@ var pullCommand = new Command14("pull").description("Pull tests, monitors, jobs,
     );
   }
   const cwd = process.cwd();
-  const client = createAuthenticatedClient();
   const existing = await tryLoadConfig({ cwd, configPath: options.config });
+  const client = createAuthenticatedClient(existing?.config?.api?.baseUrl);
   logger.newline();
   logger.header("Pulling from Supercheck cloud...");
   logger.newline();
@@ -4528,6 +4724,19 @@ var validateCommand = new Command15("validate").description("Validate local test
     logger.warn("No local tests found to validate.");
     return;
   }
+  let preflightFailed = false;
+  for (const test of tests) {
+    const script = String(test.definition?.script ?? "");
+    const declaredType = normalizeTestTypeForApi(test.definition?.testType);
+    const mismatch = validateScriptTypeMatch(script, declaredType);
+    if (mismatch) {
+      logger.error(`${pc8.red("\u2717")} ${test.name}: ${mismatch}`);
+      preflightFailed = true;
+    }
+  }
+  if (preflightFailed) {
+    throw new CLIError("Script-type mismatch detected. Fix the test type or script content before validating.", 3 /* ConfigError */);
+  }
   const inputs = tests.map((test) => ({
     name: test.name,
     script: String(test.definition?.script ?? ""),
@@ -4614,7 +4823,7 @@ notificationCommand.command("create").description("Create a notification provide
   logger.success(`Notification provider "${options.name}" created (${data.id})`);
   outputDetail(data);
 });
-notificationCommand.command("update <id>").description("Update a notification provider").option("--name <name>", "Provider name").option("--type <type>", "Provider type").option("--config <json>", "Provider config as JSON string").action(async (id, options) => {
+notificationCommand.command("update <id>").description("Update a notification provider").option("--name <name>", "Provider name").option("--type <type>", "Provider type").option("--config <json>", "Provider config as JSON string (replaces entire config \u2014 include all fields)").action(async (id, options) => {
   const client = createAuthenticatedClient();
   if (!options.name && !options.type && !options.config) {
     logger.warn("No fields to update. Use --name, --type, or --config.");
@@ -4624,22 +4833,32 @@ notificationCommand.command("update <id>").description("Update a notification pr
     "Fetching existing provider",
     () => client.get(`/api/notification-providers/${id}`)
   );
-  let updatedConfig = existing.config ?? {};
+  const maskedFields = existing.maskedFields ?? [];
+  const updatedName = options.name ?? String(existing.name ?? "");
+  const updatedType = options.type ?? String(existing.type ?? "");
+  let updatedConfig;
   if (options.config) {
     try {
-      updatedConfig = { ...updatedConfig, ...JSON.parse(options.config) };
+      updatedConfig = JSON.parse(options.config);
     } catch {
       throw new CLIError("Invalid JSON in --config", 1 /* GeneralError */);
     }
+  } else if (maskedFields.length > 0) {
+    logger.debug("Skipping config field (contains masked secrets that cannot be round-tripped safely)");
+    updatedConfig = void 0;
+  } else {
+    updatedConfig = existing.config ?? {};
+  }
+  if (updatedConfig) {
+    updatedConfig.name = updatedName;
   }
-  const updatedName = options.name ?? String(existing.name ?? "");
-  const updatedType = options.type ?? String(existing.type ?? "");
-  updatedConfig.name = updatedName;
   const body = {
     name: updatedName,
-    type: updatedType,
-    config: updatedConfig
+    type: updatedType
   };
+  if (updatedConfig) {
+    body.config = updatedConfig;
+  }
   const { data } = await withSpinner(
     "Updating notification provider",
     () => client.put(`/api/notification-providers/${id}`, body)