@tuskydp/cli 0.2.0 → 0.3.0

package/src/commands/trash.ts

@@ -0,0 +1,121 @@
+import type { Command } from 'commander';
+import chalk from 'chalk';
+import inquirer from 'inquirer';
+import { cliConfig } from '../config.js';
+import { getSDKClientFromParent } from '../sdk.js';
+import { createTable, formatBytes, formatDate, shortId } from '../lib/output.js';
+
+export function registerTrashCommands(program: Command) {
+  const trash = program.command('trash').description('Manage trashed items');
+
+  // ── list ────────────────────────────────────────────────────────────
+  trash.command('list')
+    .description('List trashed files and vaults')
+    .action(async () => {
+      const sdk = getSDKClientFromParent(trash);
+      const root = trash.parent || trash;
+      const format = root.opts().format || cliConfig.get('outputFormat');
+      const trashed = await sdk.trash.list();
+
+      if (format === 'json') {
+        console.log(JSON.stringify(trashed, null, 2));
+        return;
+      }
+
+      const totalItems = trashed.files.length + trashed.vaults.length;
+      if (totalItems === 0) {
+        console.log(chalk.dim('Trash is empty.'));
+        return;
+      }
+
+      if (trashed.vaults.length > 0) {
+        console.log(chalk.bold('Trashed Vaults:'));
+        const table = createTable(['Name', 'Visibility', 'Files', 'Size', 'Deleted', 'ID']);
+        for (const v of trashed.vaults) {
+          table.push([
+            v.name,
+            v.visibility,
+            String(v.fileCount),
+            formatBytes(v.totalSizeBytes),
+            v.deletedAt ? formatDate(v.deletedAt) : 'N/A',
+            chalk.dim(shortId(v.id)),
+          ]);
+        }
+        console.log(table.toString());
+      }
+
+      if (trashed.files.length > 0) {
+        if (trashed.vaults.length > 0) console.log('');
+        console.log(chalk.bold('Trashed Files:'));
+        const table = createTable(['Name', 'Size', 'Status', 'Deleted', 'ID']);
+        for (const f of trashed.files) {
+          table.push([
+            f.name,
+            formatBytes(f.plaintextSizeBytes || f.sizeBytes),
+            f.status,
+            f.deletedAt ? formatDate(f.deletedAt) : 'N/A',
+            chalk.dim(shortId(f.id)),
+          ]);
+        }
+        console.log(table.toString());
+      }
+
+      console.log(chalk.dim(`\n${totalItems} item(s) in trash. Items are permanently deleted after 7 days.`));
+    });
+
+  // ── restore ─────────────────────────────────────────────────────────
+  trash.command('restore <id>')
+    .description('Restore a trashed item (file or vault)')
+    .action(async (id: string) => {
+      const sdk = getSDKClientFromParent(trash);
+      const result = await sdk.trash.restore(id);
+      console.log(chalk.green(`Restored ${result.type || 'item'}: ${id}`));
+    });
+
+  // ── delete ──────────────────────────────────────────────────────────
+  trash.command('delete <id>')
+    .description('Permanently delete a single trashed item')
+    .option('--force', 'Skip confirmation prompt')
+    .action(async (id: string, options) => {
+      const sdk = getSDKClientFromParent(trash);
+
+      if (!options.force) {
+        const answers = await inquirer.prompt([{
+          type: 'confirm',
+          name: 'confirm',
+          message: 'Permanently delete this item? This cannot be undone.',
+          default: false,
+        }]);
+        if (!answers.confirm) return;
+      }
+
+      await sdk.trash.delete(id);
+      console.log(chalk.green(`Permanently deleted: ${id}`));
+    });
+
+  // ── empty ───────────────────────────────────────────────────────────
+  trash.command('empty')
+    .description('Permanently delete ALL trashed items')
+    .option('--force', 'Skip confirmation prompt')
+    .action(async (options) => {
+      const sdk = getSDKClientFromParent(trash);
+
+      if (!options.force) {
+        const answers = await inquirer.prompt([{
+          type: 'confirm',
+          name: 'confirm',
+          message: 'Permanently delete ALL trashed items? This cannot be undone.',
+          default: false,
+        }]);
+        if (!answers.confirm) return;
+      }
+
+      await sdk.trash.empty();
+      console.log(chalk.green('Trash emptied.'));
+    });
+
+  // Default action for `tusky trash` with no subcommand → run list
+  trash.action(async () => {
+    await trash.commands.find(c => c.name() === 'list')?.parseAsync([], { from: 'user' });
+  });
+}

package/src/commands/upload.ts

@@ -9,9 +9,18 @@ import { createSDKClient } from '../sdk.js';
 import { resolveVault } from '../lib/resolve.js';
 import { formatBytes } from '../lib/output.js';
 import { createSpinner } from '../lib/progress.js';
-import { encryptBuffer } from '../crypto.js';
+import { encryptBuffer, encryptMetadata } from '../crypto.js';
 import { loadMasterKey } from '../lib/keyring.js';
-import { isSealConfigured, sealEncrypt, getSuiKeypair } from '../seal.js';
+import { isSealConfigured, sealEncrypt, sealEncryptMetadata, getSuiKeypair } from '../seal.js';
+
+async function readStdin(): Promise<Buffer> {
+  return new Promise((resolve, reject) => {
+    const chunks: Buffer[] = [];
+    process.stdin.on('data', (chunk) => chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk)));
+    process.stdin.on('end', () => resolve(Buffer.concat(chunks)));
+    process.stdin.on('error', reject);
+  });
+}
 
 async function expandPaths(paths: string[], recursive?: boolean): Promise<string[]> {
   const result: string[] = [];
@@ -44,11 +53,120 @@ async function expandPaths(paths: string[], recursive?: boolean): Promise<string
 export async function uploadCommand(paths: string[], options: {
   vault?: string;
   recursive?: boolean;
+  folder?: string;
+  content?: string;
+  stdin?: boolean;
+  name?: string;
 }, program: Command) {
   const apiUrl = getApiUrl(program.opts().apiUrl);
   const apiKey = getApiKey(program.opts().apiKey);
   const sdk = createSDKClient(apiUrl, apiKey);
 
+  // ── Inline content / stdin mode ──────────────────────────────────
+  if (options.content !== undefined || options.stdin) {
+    if (!options.name) {
+      console.error(chalk.red('--name <filename> is required when using --content or --stdin'));
+      process.exit(1);
+    }
+
+    const fileName = options.name;
+    let fileBuffer: Buffer;
+    if (options.stdin) {
+      fileBuffer = await readStdin();
+    } else {
+      fileBuffer = Buffer.from(options.content as string, 'utf8');
+    }
+
+    const vaultId = await resolveVault(sdk, options.vault);
+    const vault = await sdk.vaults.get(vaultId);
+    const isPrivate = vault.visibility === 'private';
+    const isShared = vault.visibility === 'shared' && isSealConfigured(vault);
+
+    let masterKey: Buffer | null = null;
+    if (isPrivate) {
+      masterKey = loadMasterKey();
+      if (!masterKey) {
+        console.error(chalk.red('Encryption session not unlocked. Run: tusky encryption unlock'));
+        process.exit(1);
+      }
+    }
+
+    const spinner = createSpinner(`Uploading ${fileName}`);
+    spinner.start();
+
+    try {
+      const mimeType = lookup(fileName) || 'application/octet-stream';
+      let uploadBody: Buffer;
+      let encryptionMeta: {
+        wrappedKey?: string;
+        encryptionIv?: string;
+        plaintextSizeBytes?: number;
+        plaintextChecksumSha256?: string;
+        sealIdentity?: string;
+        sealEncryptedObject?: string;
+        encryptedName?: string;
+        encryptedMetadata?: string;
+      } = {};
+
+      if (isPrivate && masterKey) {
+        spinner.text = `Encrypting ${fileName}...`;
+        const { ciphertext, wrappedKey, iv, plaintextChecksum } = encryptBuffer(fileBuffer, masterKey);
+        uploadBody = ciphertext;
+        encryptionMeta = {
+          wrappedKey,
+          encryptionIv: iv,
+          plaintextSizeBytes: fileBuffer.length,
+          plaintextChecksumSha256: plaintextChecksum,
+          encryptedName: encryptMetadata(fileName, mimeType, masterKey),
+        };
+      } else if (isShared) {
+        spinner.text = `SEAL encrypting ${fileName}...`;
+        const fileNonce = randomUUID();
+        const sealResult = await sealEncrypt(new Uint8Array(fileBuffer), vault, fileNonce);
+        uploadBody = Buffer.from(sealResult.encryptedData);
+        encryptionMeta = {
+          sealIdentity: sealResult.sealIdentity,
+          sealEncryptedObject: sealResult.sealEncryptedObject,
+          plaintextSizeBytes: fileBuffer.length,
+          encryptedMetadata: await sealEncryptMetadata(fileName, mimeType, vault, fileNonce),
+        };
+      } else {
+        uploadBody = fileBuffer;
+      }
+
+      spinner.text = `Requesting upload URL for ${fileName}...`;
+      const { fileId, uploadUrl } = await sdk.files.requestUpload({
+        name: fileName,
+        mimeType,
+        sizeBytes: uploadBody.length,
+        vaultId,
+        ...(options.folder ? { folderId: options.folder } : {}),
+        ...encryptionMeta,
+      });
+
+      spinner.text = `Uploading ${fileName} (${formatBytes(uploadBody.length)})...`;
+      const uploadResponse = await fetch(uploadUrl, {
+        method: 'PUT',
+        headers: { 'Content-Type': 'application/octet-stream' },
+        body: new Uint8Array(uploadBody),
+      });
+      if (!uploadResponse.ok) throw new Error(`Upload failed: ${uploadResponse.status}`);
+
+      spinner.text = `Confirming ${fileName}...`;
+      await sdk.files.confirmUpload(fileId);
+
+      spinner.succeed(`${fileName} -> ${fileId} (${formatBytes(uploadBody.length)})`);
+    } catch (err: any) {
+      spinner.fail(`Failed: ${fileName} — ${err.message}`);
+      if (err.statusCode === 402) {
+        console.error(chalk.yellow('  This may require topping up your wallet balance.'));
+        console.error(chalk.dim('  Check your wallet: tusky wallet info'));
+      }
+    }
+    return;
+  }
+
+  // ── File path mode (original behavior) ───────────────────────────
   const vaultId = await resolveVault(sdk, options.vault);
   const vault = await sdk.vaults.get(vaultId);
   const isPrivate = vault.visibility === 'private';
@@ -97,6 +215,8 @@ export async function uploadCommand(paths: string[], options: {
         plaintextChecksumSha256?: string;
         sealIdentity?: string;
         sealEncryptedObject?: string;
+        encryptedName?: string;
+        encryptedMetadata?: string;
       } = {};
 
       if (isPrivate && masterKey) {
@@ -108,6 +228,7 @@ export async function uploadCommand(paths: string[], options: {
           encryptionIv: iv,
           plaintextSizeBytes: stat.size,
           plaintextChecksumSha256: plaintextChecksum,
+          encryptedName: encryptMetadata(basename(filePath), mimeType, masterKey),
         };
       } else if (isShared) {
         spinner.text = `SEAL encrypting ${basename(filePath)}...`;
@@ -118,6 +239,7 @@ export async function uploadCommand(paths: string[], options: {
           sealIdentity: sealResult.sealIdentity,
           sealEncryptedObject: sealResult.sealEncryptedObject,
           plaintextSizeBytes: stat.size,
+          encryptedMetadata: await sealEncryptMetadata(basename(filePath), mimeType, vault, fileNonce),
         };
       } else {
         uploadBody = fileBuffer;
@@ -130,6 +252,7 @@ export async function uploadCommand(paths: string[], options: {
         mimeType,
         sizeBytes: uploadBody.length,
         vaultId,
+        ...(options.folder ? { folderId: options.folder } : {}),
         ...encryptionMeta,
       });
 
@@ -154,7 +277,7 @@ export async function uploadCommand(paths: string[], options: {
       // Surface PPU payment details if present (402 errors)
       if (err.statusCode === 402) {
         console.error(chalk.yellow('  This may require topping up your wallet balance.'));
-        console.error(chalk.dim('  Check your wallet: tusky account usage'));
+        console.error(chalk.dim('  Check your wallet: tusky wallet info'));
       }
     }
   }

package/src/commands/wallet.ts

@@ -0,0 +1,183 @@
+import type { Command } from 'commander';
+import chalk from 'chalk';
+import { Ed25519Keypair } from '@mysten/sui/keypairs/ed25519';
+import { cliConfig, getApiUrl, getApiKey } from '../config.js';
+import { createTable, formatDate } from '../lib/output.js';
+
+/**
+ * Lightweight fetch helper that uses the API key for auth.
+ * The SDK does not have a wallet resource, so we call the API directly.
+ */
+async function walletFetch<T>(apiUrl: string, apiKey: string, path: string, init?: RequestInit): Promise<T> {
+  const url = `${apiUrl.replace(/\/$/, '')}${path}`;
+  const response = await fetch(url, {
+    ...init,
+    headers: {
+      'Authorization': `Bearer ${apiKey}`,
+      'Content-Type': 'application/json',
+      ...(init?.headers || {}),
+    },
+  });
+  if (!response.ok) {
+    const body = await response.json().catch(() => ({ error: response.statusText }));
+    throw new Error((body as Record<string, string>).error || `HTTP ${response.status}`);
+  }
+  return response.json() as Promise<T>;
+}
+
+interface WalletInfo {
+  id: string;
+  suiAddress: string;
+  walBalance: string;
+  walBalanceFormatted: string;
+  suiBalance: string;
+  suiBalanceFormatted: string;
+  usdcBalance?: string;
+  usdcBalanceFormatted?: string;
+  createdAt: string;
+}
+
+interface DepositInfo {
+  suiAddress: string;
+  network: string;
+  supportedTokens: string[];
+}
+
+interface PaymentEntry {
+  id: string;
+  fileId: string;
+  type: string;
+  walMist: string;
+  suiGasMist: string;
+  epochs: number;
+  createdAt: string;
+}
+
+interface PaymentsResponse {
+  payments: PaymentEntry[];
+  totalSpentWal: string;
+  totalSpentWalFormatted: string;
+}
+
+export function registerWalletCommands(program: Command) {
+  const wallet = program.command('wallet').description('Manage wallet and payments (PPU)');
+
+  // ── info ────────────────────────────────────────────────────────────
+  wallet.command('info')
+    .description('Show wallet balances and address')
+    .action(async () => {
+      const root = wallet.parent || wallet;
+      const apiUrl = getApiUrl(root.opts().apiUrl);
+      const apiKey = getApiKey(root.opts().apiKey);
+      const format = root.opts().format || cliConfig.get('outputFormat');
+
+      const w = await walletFetch<WalletInfo>(apiUrl, apiKey, '/api/wallet');
+
+      if (format === 'json') {
+        console.log(JSON.stringify(w, null, 2));
+        return;
+      }
+
+      console.log(chalk.bold('Wallet'));
+      console.log(`  Address:  ${w.suiAddress}`);
+      console.log(`  WAL:      ${w.walBalanceFormatted}`);
+      console.log(`  SUI:      ${w.suiBalanceFormatted}`);
+      if (w.usdcBalanceFormatted) {
+        console.log(`  USDC:     ${w.usdcBalanceFormatted}`);
+      }
+      console.log(`  Created:  ${new Date(w.createdAt).toLocaleString()}`);
+    });
+
+  // ── deposit ─────────────────────────────────────────────────────────
+  wallet.command('deposit')
+    .description('Show deposit address and supported tokens')
+    .action(async () => {
+      const root = wallet.parent || wallet;
+      const apiUrl = getApiUrl(root.opts().apiUrl);
+      const apiKey = getApiKey(root.opts().apiKey);
+      const format = root.opts().format || cliConfig.get('outputFormat');
+
+      const d = await walletFetch<DepositInfo>(apiUrl, apiKey, '/api/wallet/deposit-info');
+
+      if (format === 'json') {
+        console.log(JSON.stringify(d, null, 2));
+        return;
+      }
+
+      console.log(chalk.bold('Deposit Info'));
+      console.log(`  Address:  ${d.suiAddress}`);
+      console.log(`  Network:  ${d.network}`);
+      console.log(`  Tokens:   ${d.supportedTokens.join(', ')}`);
+      console.log('');
+      console.log(chalk.dim('Send WAL, SUI, or USDC to the address above on the Sui network.'));
+    });
+
+  // ── payments ────────────────────────────────────────────────────────
+  wallet.command('payments')
+    .description('List payment history')
+    .option('--limit <n>', 'Max results', '20')
+    .action(async (options) => {
+      const root = wallet.parent || wallet;
+      const apiUrl = getApiUrl(root.opts().apiUrl);
+      const apiKey = getApiKey(root.opts().apiKey);
+      const format = root.opts().format || cliConfig.get('outputFormat');
+
+      const data = await walletFetch<PaymentsResponse>(
+        apiUrl, apiKey,
+        `/api/wallet/payments?limit=${options.limit}`,
+      );
+
+      if (format === 'json') {
+        console.log(JSON.stringify(data, null, 2));
+        return;
+      }
+
+      if (data.payments.length === 0) {
+        console.log(chalk.dim('No payments found.'));
+        return;
+      }
+
+      const table = createTable(['Type', 'WAL', 'SUI Gas', 'Epochs', 'File', 'Date']);
+      for (const p of data.payments) {
+        table.push([
+          p.type,
+          p.walMist,
+          p.suiGasMist,
+          String(p.epochs),
+          chalk.dim(p.fileId.slice(0, 8) + '...'),
+          formatDate(p.createdAt),
+        ]);
+      }
+      console.log(table.toString());
+      console.log(chalk.dim(`\nTotal spent: ${data.totalSpentWalFormatted}`));
+    });
+
+  // ── generate ─────────────────────────────────────────────────────
+  wallet.command('generate')
+    .description('Generate a new Sui Ed25519 keypair for use with shared vaults (SEAL encryption)')
+    .action(async () => {
+      const root = wallet.parent || wallet;
+      const format = root.opts().format || cliConfig.get('outputFormat');
+
+      const keypair = Ed25519Keypair.generate();
+      const address = keypair.toSuiAddress();
+      const privateKey = keypair.getSecretKey(); // bech32 suiprivkey1... format
+
+      if (format === 'json') {
+        console.log(JSON.stringify({ address, privateKey }, null, 2));
+        return;
+      }
+
+      console.log(chalk.bold('Generated Sui Ed25519 Keypair'));
+      console.log(`  Address:     ${chalk.cyan(address)}`);
+      console.log(`  Private key: ${chalk.yellow(privateKey)}`);
+      console.log('');
+      console.log(chalk.dim('Set TUSKYDP_SUI_PRIVATE_KEY=<private key> to use this keypair for shared vault encryption.'));
+      console.log(chalk.dim('Link the address to your Tusky account: tusky account link-sui ' + address));
+    });
+
+  // Default action for `tusky wallet` with no subcommand → run info
+  wallet.action(async () => {
+    await wallet.commands.find(c => c.name() === 'info')?.parseAsync([], { from: 'user' });
+  });
+}

package/src/commands/webhook.ts

@@ -0,0 +1,193 @@
+import type { Command } from 'commander';
+import chalk from 'chalk';
+import inquirer from 'inquirer';
+import { cliConfig } from '../config.js';
+import { getSDKClientFromParent } from '../sdk.js';
+import { createTable, formatDate, shortId } from '../lib/output.js';
+
+// Import canonical event list from shared — keep in sync
+import { WEBHOOK_EVENTS } from '@tuskydp/shared/constants.js';
+
+export function registerWebhookCommands(program: Command) {
+  const webhook = program.command('webhook').description('Manage webhook endpoints');
+
+  // ── create ──────────────────────────────────────────────────────────
+  webhook.command('create <url>')
+    .description('Create a webhook endpoint')
+    .requiredOption('--events <events>', 'Comma-separated list of events to subscribe to')
+    .option('--description <text>', 'Webhook description')
+    .action(async (url: string, options) => {
+      const sdk = getSDKClientFromParent(webhook);
+      const events = options.events.split(',').map((e: string) => e.trim());
+
+      const created = await sdk.webhooks.create({
+        url,
+        events: events as any,
+        description: options.description,
+      });
+
+      console.log(chalk.green(`Webhook created: ${created.id}`));
+      console.log(`URL:    ${created.url}`);
+      console.log(`Events: ${created.events.join(', ')}`);
+      if (created.secret) {
+        console.log(chalk.yellow.bold(`Secret: ${created.secret}`));
+        console.log(chalk.yellow('  Save this secret — it will not be shown again.'));
+      }
+    });
+
+  // ── list ────────────────────────────────────────────────────────────
+  webhook.command('list')
+    .description('List webhook endpoints')
+    .action(async () => {
+      const sdk = getSDKClientFromParent(webhook);
+      const root = webhook.parent || webhook;
+      const format = root.opts().format || cliConfig.get('outputFormat');
+      const webhooks = await sdk.webhooks.list();
+
+      if (format === 'json') {
+        console.log(JSON.stringify(webhooks, null, 2));
+        return;
+      }
+
+      if (webhooks.length === 0) {
+        console.log(chalk.dim('No webhook endpoints found.'));
+        return;
+      }
+
+      const table = createTable(['URL', 'Events', 'Active', 'Failures', 'ID']);
+      for (const w of webhooks) {
+        table.push([
+          w.url.length > 40 ? w.url.slice(0, 39) + '...' : w.url,
+          String(w.events.length) + ' event(s)',
+          w.active ? chalk.green('Yes') : chalk.red('No'),
+          w.failureCount > 0 ? chalk.yellow(String(w.failureCount)) : '0',
+          chalk.dim(shortId(w.id)),
+        ]);
+      }
+      console.log(table.toString());
+    });
+
+  // ── info ────────────────────────────────────────────────────────────
+  webhook.command('info <webhook-id>')
+    .description('Show webhook endpoint details')
+    .action(async (webhookId: string) => {
+      const sdk = getSDKClientFromParent(webhook);
+      const root = webhook.parent || webhook;
+      const format = root.opts().format || cliConfig.get('outputFormat');
+      const w = await sdk.webhooks.get(webhookId);
+
+      if (format === 'json') {
+        console.log(JSON.stringify(w, null, 2));
+        return;
+      }
+
+      console.log(`URL:         ${w.url}`);
+      console.log(`Active:      ${w.active ? chalk.green('Yes') : chalk.red('No')}`);
+      console.log(`Events:      ${w.events.join(', ')}`);
+      console.log(`Description: ${w.description || chalk.dim('(none)')}`);
+      console.log(`Failures:    ${w.failureCount}`);
+      if (w.lastDeliveryAt) {
+        console.log(`Last Delivery: ${formatDate(w.lastDeliveryAt)} (${w.lastDeliveryStatus})`);
+      }
+      console.log(`Created:     ${new Date(w.createdAt).toLocaleString()}`);
+      console.log(`ID:          ${w.id}`);
+    });
+
+  // ── update ──────────────────────────────────────────────────────────
+  webhook.command('update <webhook-id>')
+    .description('Update a webhook endpoint')
+    .option('--url <url>', 'New webhook URL')
+    .option('--events <events>', 'Comma-separated list of events')
+    .option('--active <bool>', 'Enable or disable (true/false)')
+    .option('--description <text>', 'New description')
+    .action(async (webhookId: string, options) => {
+      const sdk = getSDKClientFromParent(webhook);
+
+      const params: { url?: string; events?: any[]; active?: boolean; description?: string } = {};
+      if (options.url) params.url = options.url;
+      if (options.events) params.events = options.events.split(',').map((e: string) => e.trim());
+      if (options.active !== undefined) params.active = options.active === 'true';
+      if (options.description) params.description = options.description;
+
+      if (Object.keys(params).length === 0) {
+        console.error(chalk.red('Provide at least one option to update (--url, --events, --active, --description).'));
+        return;
+      }
+
+      await sdk.webhooks.update(webhookId, params);
+      console.log(chalk.green('Webhook updated.'));
+    });
+
+  // ── delete ──────────────────────────────────────────────────────────
+  webhook.command('delete <webhook-id>')
+    .description('Delete a webhook endpoint')
+    .option('--force', 'Skip confirmation prompt')
+    .action(async (webhookId: string, options) => {
+      const sdk = getSDKClientFromParent(webhook);
+
+      if (!options.force) {
+        const answers = await inquirer.prompt([{
+          type: 'confirm',
+          name: 'confirm',
+          message: 'Delete this webhook endpoint?',
+          default: false,
+        }]);
+        if (!answers.confirm) return;
+      }
+
+      await sdk.webhooks.delete(webhookId);
+      console.log(chalk.green('Webhook deleted.'));
+    });
+
+  // ── test ────────────────────────────────────────────────────────────
+  webhook.command('test <webhook-id>')
+    .description('Send a test delivery to the webhook')
+    .action(async (webhookId: string) => {
+      const sdk = getSDKClientFromParent(webhook);
+      const delivery = await sdk.webhooks.test(webhookId);
+      console.log(chalk.green('Test delivery sent.'));
+      console.log(`Delivery ID: ${delivery.id}`);
+      console.log(`Event:       ${delivery.event}`);
+      console.log(`Status:      ${delivery.status}`);
+    });
+
+  // ── deliveries ──────────────────────────────────────────────────────
+  webhook.command('deliveries <webhook-id>')
+    .description('List recent webhook deliveries')
+    .option('--limit <n>', 'Max results', '20')
+    .action(async (webhookId: string, options) => {
+      const sdk = getSDKClientFromParent(webhook);
+      const root = webhook.parent || webhook;
+      const format = root.opts().format || cliConfig.get('outputFormat');
+      const deliveries = await sdk.webhooks.listDeliveries(webhookId, { limit: parseInt(options.limit) });
+
+      if (format === 'json') {
+        console.log(JSON.stringify(deliveries, null, 2));
+        return;
+      }
+
+      if (deliveries.length === 0) {
+        console.log(chalk.dim('No deliveries found.'));
+        return;
+      }
+
+      const table = createTable(['Event', 'Status', 'HTTP', 'Attempts', 'Created', 'ID']);
+      const statusColors: Record<string, typeof chalk.green> = {
+        success: chalk.green,
+        failed: chalk.red,
+        pending: chalk.yellow,
+      };
+      for (const d of deliveries) {
+        const sc = statusColors[d.status] || chalk.white;
+        table.push([
+          d.event,
+          sc(d.status),
+          d.httpStatus ? String(d.httpStatus) : '-',
+          `${d.attempts}/${d.maxAttempts}`,
+          formatDate(d.createdAt),
+          chalk.dim(shortId(d.id)),
+        ]);
+      }
+      console.log(table.toString());
+    });
+}