@zerodeploy/cli 0.1.2 → 0.1.4

package/dist/cli.js

@@ -2743,13 +2743,168 @@ import http from "node:http";
 import fs6 from "fs";
 import os2 from "os";
 import path2 from "path";
+
+// src/utils/errors.ts
+var ExitCode = {
+  SUCCESS: 0,
+  AUTH_ERROR: 1,
+  NOT_FOUND: 2,
+  VALIDATION_ERROR: 3,
+  RATE_LIMIT: 4,
+  SERVER_ERROR: 5,
+  NETWORK_ERROR: 6,
+  BILLING_ERROR: 7
+};
+function getExitCode(status, errorCode) {
+  if (errorCode) {
+    if (errorCode === "billing_required" || errorCode.includes("billing")) {
+      return ExitCode.BILLING_ERROR;
+    }
+    if (errorCode === "validation_error" || errorCode.includes("invalid")) {
+      return ExitCode.VALIDATION_ERROR;
+    }
+    if (errorCode === "rate_limit_exceeded" || errorCode.includes("rate_limit")) {
+      return ExitCode.RATE_LIMIT;
+    }
+  }
+  if (status === 402) {
+    return ExitCode.BILLING_ERROR;
+  }
+  if (status === 401 || status === 403) {
+    return ExitCode.AUTH_ERROR;
+  }
+  if (status === 404) {
+    return ExitCode.NOT_FOUND;
+  }
+  if (status === 422 || status === 400) {
+    return ExitCode.VALIDATION_ERROR;
+  }
+  if (status === 429) {
+    return ExitCode.RATE_LIMIT;
+  }
+  if (status >= 500) {
+    return ExitCode.SERVER_ERROR;
+  }
+  return ExitCode.AUTH_ERROR;
+}
+function parseApiError(body) {
+  if (!body || typeof body !== "object") {
+    return {
+      code: "unknown_error",
+      message: "Unknown error occurred"
+    };
+  }
+  const response = body;
+  if (typeof response.error === "object" && response.error !== null) {
+    return response.error;
+  }
+  if (typeof response.error === "string") {
+    return {
+      code: "api_error",
+      message: response.error
+    };
+  }
+  if ("message" in response && typeof response.message === "string") {
+    return {
+      code: "api_error",
+      message: response.message
+    };
+  }
+  if ("success" in response && response.success === false) {
+    const zodError = response;
+    if (zodError.error?.issues?.[0]) {
+      const issue = zodError.error.issues[0];
+      const field = issue.path?.join(".") || "";
+      return {
+        code: "validation_error",
+        message: field ? `${field}: ${issue.message}` : issue.message
+      };
+    }
+  }
+  return {
+    code: "unknown_error",
+    message: "Unknown error occurred"
+  };
+}
+function displayError(error) {
+  if (typeof error === "string") {
+    console.error(`
+❌ ${error}
+`);
+    return;
+  }
+  console.error(`
+❌ ${error.message}`);
+  if (error.details && Object.keys(error.details).length > 0) {
+    console.error();
+    for (const [key, value] of Object.entries(error.details)) {
+      const formattedKey = key.replace(/_/g, " ").replace(/^./, (c) => c.toUpperCase());
+      console.error(`   ${formattedKey}: ${value}`);
+    }
+  }
+  if (error.hint) {
+    console.error();
+    console.error(`   Hint: ${error.hint}`);
+  }
+  if (error.docs) {
+    console.error(`   Docs: ${error.docs}`);
+  }
+  console.error();
+}
+async function handleApiError(response) {
+  let body;
+  try {
+    body = await response.json();
+  } catch {
+    body = null;
+  }
+  const error = parseApiError(body);
+  displayError(error);
+  const exitCode = getExitCode(response.status, error.code);
+  process.exit(exitCode);
+}
+function displayNetworkError(error) {
+  if (error.message.includes("fetch failed") || error.message.includes("ECONNREFUSED")) {
+    displayError({
+      code: "connection_error",
+      message: "Could not connect to ZeroDeploy API",
+      hint: "Check your internet connection and try again"
+    });
+  } else if (error.message.includes("timeout")) {
+    displayError({
+      code: "timeout_error",
+      message: "Request timed out",
+      hint: "Check your internet connection and try again"
+    });
+  } else {
+    displayError({
+      code: "network_error",
+      message: error.message || "Network error occurred",
+      hint: "Check your internet connection and try again"
+    });
+  }
+}
+function displayAuthError() {
+  displayError({
+    code: "unauthorized",
+    message: "Not logged in",
+    hint: "For local use: Run `zerodeploy login`\nFor CI/CD: Set ZERODEPLOY_TOKEN environment variable",
+    docs: "https://zerodeploy.dev/docs/cli/auth"
+  });
+}
+function handleAuthError() {
+  displayAuthError();
+  process.exit(ExitCode.AUTH_ERROR);
+}
+
+// src/auth/token.ts
 var DIR = path2.join(os2.homedir(), ".zerodeploy");
 var TOKEN_PATH = path2.join(DIR, "token");
 function saveToken(token) {
   if (!fs6.existsSync(DIR)) {
-    fs6.mkdirSync(DIR);
+    fs6.mkdirSync(DIR, { mode: 448 });
   }
-  fs6.writeFileSync(TOKEN_PATH, token, "utf8");
+  fs6.writeFileSync(TOKEN_PATH, token, { encoding: "utf8", mode: 384 });
 }
 function loadToken() {
   const envToken = process.env.ZERODEPLOY_TOKEN;
@@ -2780,16 +2935,28 @@ var loginCommand = new Command2("login").description("Login via GitHub OAuth wit
     if (req.url?.startsWith(CALLBACK_PATH)) {
       const url = new URL(req.url, `http://localhost:${PORT}`);
       const token = url.searchParams.get("token");
+      const pending = url.searchParams.get("pending") === "true";
       if (!token) {
         res.writeHead(400);
         res.end("Login failed: missing token");
-        console.error("Login failed: no token received");
-        process.exit(1);
+        displayError({ code: "auth_error", message: "Login failed: no token received" });
+        process.exit(ExitCode.AUTH_ERROR);
       }
       saveToken(token);
-      res.writeHead(200, { "Content-Type": "text/plain" });
-      res.end("✅ Login successful! You can close this window.");
-      console.log("✅ Login successful! Token saved locally.");
+      if (pending) {
+        res.writeHead(200, { "Content-Type": "text/plain" });
+        res.end("You're on the waitlist! We'll email you when your account is approved.");
+        console.log("");
+        console.log("\uD83D\uDD50 You're on the waitlist!");
+        console.log("");
+        console.log("Thanks for signing up. Your account is pending approval.");
+        console.log("We'll send you an email when you're approved.");
+        console.log("");
+      } else {
+        res.writeHead(200, { "Content-Type": "text/plain" });
+        res.end("Login successful! You can close this window.");
+        console.log("Login successful! Token saved locally.");
+      }
       server.close();
     } else {
       res.writeHead(404);
@@ -3091,89 +3258,364 @@ var hc = (baseUrl, options) => createProxy(function proxyCallback(opts) {
   return req;
 }, []);
 
+// ../../packages/api-client/src/retry.ts
+var DEFAULT_OPTIONS = {
+  maxRetries: 3,
+  baseDelayMs: 1000,
+  maxDelayMs: 1e4,
+  timeoutMs: 30000
+};
+var RETRYABLE_STATUS_CODES = new Set([
+  408,
+  429,
+  502,
+  503,
+  504
+]);
+function isRetryableError(error) {
+  if (!(error instanceof Error))
+    return false;
+  const message = error.message.toLowerCase();
+  if (message.includes("fetch failed"))
+    return true;
+  if (message.includes("econnrefused"))
+    return true;
+  if (message.includes("econnreset"))
+    return true;
+  if (message.includes("etimedout"))
+    return true;
+  if (message.includes("enotfound"))
+    return true;
+  if (message.includes("enetunreach"))
+    return true;
+  if (message.includes("timeout"))
+    return true;
+  if (message.includes("aborted"))
+    return true;
+  if (message.includes("ssl"))
+    return true;
+  if (message.includes("certificate"))
+    return true;
+  return false;
+}
+function isRetryableStatus(status) {
+  return RETRYABLE_STATUS_CODES.has(status);
+}
+function calculateDelay(attempt, baseDelayMs, maxDelayMs) {
+  const exponentialDelay = baseDelayMs * Math.pow(2, attempt);
+  const cappedDelay = Math.min(exponentialDelay, maxDelayMs);
+  const jitter = cappedDelay * 0.25 * (Math.random() * 2 - 1);
+  return Math.round(cappedDelay + jitter);
+}
+function getDelayFromHeaders(response) {
+  const retryAfter = response.headers.get("Retry-After");
+  if (retryAfter) {
+    const seconds = parseInt(retryAfter, 10);
+    if (!isNaN(seconds)) {
+      return seconds * 1000;
+    }
+    const date = Date.parse(retryAfter);
+    if (!isNaN(date)) {
+      return Math.max(0, date - Date.now());
+    }
+  }
+  const resetAt = response.headers.get("X-RateLimit-Reset");
+  if (resetAt) {
+    const resetTimestamp = parseInt(resetAt, 10);
+    if (!isNaN(resetTimestamp)) {
+      const delayMs = resetTimestamp * 1000 - Date.now();
+      return Math.max(1000, delayMs);
+    }
+  }
+  return null;
+}
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+async function fetchWithRetry(input, init, options) {
+  const opts = { ...DEFAULT_OPTIONS, ...options };
+  let lastError;
+  for (let attempt = 0;attempt <= opts.maxRetries; attempt++) {
+    let controller;
+    let timeoutId;
+    if (opts.timeoutMs > 0) {
+      controller = new AbortController;
+      timeoutId = setTimeout(() => controller.abort(), opts.timeoutMs);
+    }
+    try {
+      const fetchInit = controller ? { ...init, signal: controller.signal } : init ?? {};
+      const response = await fetch(input, fetchInit);
+      if (timeoutId)
+        clearTimeout(timeoutId);
+      if (isRetryableStatus(response.status) && attempt < opts.maxRetries) {
+        const headerDelay = response.status === 429 ? getDelayFromHeaders(response) : null;
+        const delayMs = headerDelay ?? calculateDelay(attempt, opts.baseDelayMs, opts.maxDelayMs);
+        const cappedDelay = Math.min(delayMs, opts.maxDelayMs);
+        opts.onRetry?.(attempt + 1, response, cappedDelay);
+        await sleep(cappedDelay);
+        continue;
+      }
+      return response;
+    } catch (error) {
+      if (timeoutId)
+        clearTimeout(timeoutId);
+      lastError = error instanceof Error ? error : new Error(String(error));
+      if (!isRetryableError(error) || attempt >= opts.maxRetries) {
+        throw lastError;
+      }
+      const delayMs = calculateDelay(attempt, opts.baseDelayMs, opts.maxDelayMs);
+      opts.onRetry?.(attempt + 1, lastError, delayMs);
+      await sleep(delayMs);
+    }
+  }
+  throw lastError ?? new Error("Max retries exceeded");
+}
+function createRetryFetch(options) {
+  return (input, init) => {
+    return fetchWithRetry(input, init, options);
+  };
+}
+function formatRetryMessage(attempt, maxRetries, error) {
+  const errorDesc = error instanceof Response ? `HTTP ${error.status}` : error.message.split(`
+`)[0];
+  return `Retry ${attempt}/${maxRetries} (${errorDesc})`;
+}
+
+// ../../packages/api-client/src/interceptors.ts
+async function applyRequestInterceptors(request, interceptors) {
+  let req = request;
+  for (const interceptor of interceptors) {
+    req = await interceptor(req);
+  }
+  return req;
+}
+async function applyResponseInterceptors(response, interceptors) {
+  let res = response;
+  for (const interceptor of interceptors) {
+    res = await interceptor(res);
+  }
+  return res;
+}
+function createInterceptedFetch(baseFetch, interceptors) {
+  return async (input, init) => {
+    let request = new Request(input, init);
+    if (interceptors.request?.length) {
+      request = await applyRequestInterceptors(request, interceptors.request);
+    }
+    let response = await baseFetch(request);
+    if (interceptors.response?.length) {
+      response = await applyResponseInterceptors(response, interceptors.response);
+    }
+    return response;
+  };
+}
+
 // ../../packages/api-client/src/index.ts
-function createClient(baseUrl, token) {
+var DEFAULT_RETRY_OPTIONS = {
+  maxRetries: 3,
+  baseDelayMs: 1000,
+  maxDelayMs: 1e4
+};
+function createClient(baseUrl, token, options) {
+  let fetchFn = options?.fetch;
+  if (!fetchFn && options?.retry !== false) {
+    const retryOpts = typeof options?.retry === "object" ? options.retry : DEFAULT_RETRY_OPTIONS;
+    fetchFn = createRetryFetch(retryOpts);
+  }
+  if (options?.useCredentials && fetchFn) {
+    const baseFetch = fetchFn;
+    fetchFn = (input, init) => baseFetch(input, { ...init, credentials: "include" });
+  } else if (options?.useCredentials) {
+    fetchFn = (input, init) => fetch(input, { ...init, credentials: "include" });
+  }
+  if (options?.interceptors && (options.interceptors.request?.length || options.interceptors.response?.length)) {
+    const baseFetch = fetchFn || fetch;
+    fetchFn = createInterceptedFetch(baseFetch, options.interceptors);
+  }
   return hc(baseUrl, {
-    headers: token ? { Authorization: `Bearer ${token}` } : undefined
+    headers: token ? { Authorization: `Bearer ${token}` } : undefined,
+    fetch: fetchFn
   });
 }
 
 // src/auth/http.ts
-function getClient(token) {
-  return createClient(API_URL, token);
+var DEFAULT_RETRY_OPTIONS2 = {
+  maxRetries: 3,
+  baseDelayMs: 1000,
+  maxDelayMs: 1e4,
+  onRetry: (attempt, error, delayMs) => {
+    if (process.stderr.isTTY) {
+      const msg = formatRetryMessage(attempt, 3, error);
+      process.stderr.write(`\r\x1B[K  ${msg}, waiting ${Math.round(delayMs / 1000)}s...`);
+    }
+  }
+};
+function getClient(token, retryOptions) {
+  const opts = { ...DEFAULT_RETRY_OPTIONS2, ...retryOptions };
+  return createClient(API_URL, token, { retry: opts });
 }
 
 // src/commands/whoami.ts
-var whoamiCommand = new Command2("whoami").description("Show the currently logged-in user").action(async () => {
+var whoamiCommand = new Command2("whoami").description("Show the currently logged-in user").option("--json", "Output as JSON").action(async (options) => {
   const token = loadToken();
   if (!token) {
-    console.log("❌ You are not logged in. Run `zerodeploy login` first.");
-    process.exit(1);
+    handleAuthError();
   }
   try {
     const client = getClient(token);
     const res = await client.auth.me.$get();
-    if (!res.ok)
-      throw new Error(`API Error ${res.status}`);
+    if (!res.ok) {
+      await handleApiError(res);
+    }
     const data = await res.json();
+    if (options.json) {
+      console.log(JSON.stringify(data, null, 2));
+      return;
+    }
     console.log("Logged in as:");
     console.log(`  Username: ${data.username}`);
+    console.log(`  Email:    ${data.email || "(not set)"}`);
     console.log(`  User ID:  ${data.id}`);
     console.log(`  Admin:    ${data.isAdmin ? "Yes" : "No"}`);
+    if (data.approved === false) {
+      console.log("");
+      console.log("\uD83D\uDD50 Status: Pending approval (waitlist)");
+      console.log("   We'll email you when your account is approved.");
+    }
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    displayError({ code: "network_error", message: `Failed to fetch user info: ${message}` });
+    process.exit(ExitCode.NETWORK_ERROR);
+  }
+});
+
+// src/commands/usage.ts
+function progressBar(current, max, width = 20) {
+  const percentage = Math.min(current / max, 1);
+  const filled = Math.round(percentage * width);
+  const empty = width - filled;
+  const bar = "█".repeat(filled) + "░".repeat(empty);
+  const color = percentage >= 0.9 ? "\x1B[31m" : percentage >= 0.7 ? "\x1B[33m" : "\x1B[32m";
+  const reset = "\x1B[0m";
+  return `${color}${bar}${reset}`;
+}
+function formatUsageLine(label, current, max, suffix = "") {
+  const bar = progressBar(current, max);
+  const percentage = Math.round(current / max * 100);
+  return `  ${label.padEnd(24)} ${bar} ${current}/${max}${suffix} (${percentage}%)`;
+}
+var usageCommand = new Command2("usage").description("Show current usage and limits").option("--json", "Output as JSON").action(async (options) => {
+  const token = loadToken();
+  if (!token) {
+    handleAuthError();
+  }
+  try {
+    const client = getClient(token);
+    const res = await client.auth.me.usage.$get();
+    if (!res.ok) {
+      await handleApiError(res);
+    }
+    const data = await res.json();
+    if (options.json) {
+      console.log(JSON.stringify(data, null, 2));
+      return;
+    }
+    console.log();
+    console.log("Account Usage:");
+    console.log(formatUsageLine("Organizations", data.usage.orgs, data.limits.max_orgs));
+    console.log(formatUsageLine("Total Sites", data.usage.sites, data.limits.max_orgs * data.limits.max_sites_per_org));
+    console.log(formatUsageLine("Deployments (month)", data.usage.deployments_this_month, data.limits.max_deployments_per_month));
+    console.log();
+    console.log("Limits:");
+    console.log(`  Sites per org:           ${data.limits.max_sites_per_org}`);
+    console.log(`  Deployments per day:     ${data.limits.max_deployments_per_day}`);
+    console.log(`  Deployments per month:   ${data.limits.max_deployments_per_month}`);
+    console.log(`  Max deployment size:     ${data.limits.max_deployment_size}`);
+    console.log(`  Storage per org:         ${data.limits.max_storage_per_org}`);
+    console.log(`  Deploy tokens per site:  ${data.limits.max_deploy_tokens_per_site}`);
+    console.log(`  Domains per site:        ${data.limits.max_domains_per_site}`);
+    console.log(`  API requests/min:        ${data.limits.api_requests_per_minute}`);
+    console.log(`  Deploy requests/min:     ${data.limits.deploy_requests_per_minute}`);
+    console.log();
+    if (data.orgs.length > 0) {
+      console.log("Organization Usage:");
+      for (const org of data.orgs) {
+        console.log();
+        console.log(`  ${org.name} (${org.slug}):`);
+        console.log(formatUsageLine("Sites", org.sites_count, org.limits.max_sites));
+        console.log(formatUsageLine("Deployments (month)", org.deployments_this_month, org.limits.max_deployments_per_month));
+        console.log(`    Storage:                 ${org.storage_used} / ${org.limits.max_storage}`);
+      }
+      console.log();
+    }
   } catch (err) {
-    console.error("❌ Failed to fetch user info:", err.message || err);
-    process.exit(1);
+    const message = err instanceof Error ? err.message : String(err);
+    displayError({
+      code: "network_error",
+      message: `Failed to fetch usage info: ${message}`
+    });
+    process.exit(ExitCode.NETWORK_ERROR);
   }
 });
 
 // src/commands/org/list.ts
-var orgListCommand = new Command2("list").description("List your organizations").action(async () => {
+var orgListCommand = new Command2("list").description("List your organizations").option("--json", "Output as JSON").action(async (options) => {
   const token = loadToken();
   if (!token) {
-    console.log("❌ Not logged in. Run `zerodeploy login` first.");
-    return;
+    handleAuthError();
   }
   try {
     const client = getClient(token);
     const res = await client.orgs.$get();
-    if (!res.ok)
-      throw new Error(`API Error ${res.status}`);
-    const orgs = await res.json();
+    if (!res.ok) {
+      await handleApiError(res);
+    }
+    const { data: orgs } = await res.json();
+    if (options.json) {
+      console.log(JSON.stringify(orgs, null, 2));
+      return;
+    }
     if (orgs.length === 0) {
       console.log("No organizations found.");
     } else {
       console.log("Organizations:");
       for (const o of orgs) {
-        console.log(`  ${o.slug.padEnd(20)} ${o.name} [${o.plan}]`);
+        console.log(`  ${o.slug.padEnd(20)} ${o.name}`);
       }
     }
   } catch (err) {
-    console.error("Failed to fetch orgs:", err.message || err);
+    const message = err instanceof Error ? err.message : String(err);
+    displayError({ code: "network_error", message: `Failed to fetch orgs: ${message}` });
+    process.exit(ExitCode.NETWORK_ERROR);
   }
 });
 
 // src/commands/org/create.ts
-var orgCreateCommand = new Command2("create").description("Create a new organization").argument("<name>", "Organization name").action(async (name) => {
+var orgCreateCommand = new Command2("create").description("Create a new organization").argument("<name>", "Organization name").option("--json", "Output as JSON").action(async (name, options) => {
   const token = loadToken();
   if (!token) {
-    console.log("❌ Not logged in. Run `zerodeploy login` first.");
-    return;
+    handleAuthError();
   }
   try {
     const client = getClient(token);
     const res = await client.orgs.$post({ json: { name } });
     if (!res.ok) {
-      const body = await res.json();
-      const message = body.error || `API Error ${res.status}`;
-      console.error(`❌ ${message}`);
+      await handleApiError(res);
+    }
+    const { data: org } = await res.json();
+    if (options.json) {
+      console.log(JSON.stringify(org, null, 2));
       return;
     }
-    const org = await res.json();
-    console.log(`✅ Created org: ${org.name}`);
+    console.log(`
+Created org: ${org.name}`);
     console.log(`   Slug: ${org.slug}`);
-    console.log(`   ID:   ${org.id}`);
+    console.log(`   ID:   ${org.id}
+`);
   } catch (err) {
-    console.error("Failed to create org:", err.message || err);
+    const message = err instanceof Error ? err.message : String(err);
+    displayError({ code: "network_error", message: `Failed to create org: ${message}` });
+    process.exit(ExitCode.NETWORK_ERROR);
   }
 });
 
@@ -3194,8 +3636,7 @@ function prompt(question) {
 var orgDeleteCommand = new Command2("delete").description("Delete an organization (must have no sites)").argument("<orgSlug>", "Organization slug").option("--force", "Skip confirmation prompt").action(async (orgSlug, options) => {
   const token = loadToken();
   if (!token) {
-    console.log("Not logged in. Run: zerodeploy login");
-    return;
+    handleAuthError();
   }
   if (!options.force) {
     const answer = await prompt(`Are you sure you want to delete organization "${orgSlug}"? This cannot be undone. (y/N) `);
@@ -3210,19 +3651,16 @@ var orgDeleteCommand = new Command2("delete").description("Delete an organizatio
       param: { orgSlug }
     });
     if (!res.ok) {
-      const error = await res.json();
-      if (error.hint) {
-        console.error(`Error: ${error.error}`);
-        console.error(`Hint: ${error.hint}`);
-        return;
-      }
-      throw new Error(error.error || `API Error ${res.status}`);
+      await handleApiError(res);
     }
     const result = await res.json();
-    console.log(`✅ ${result.message}`);
+    console.log(`
+${result.message}
+`);
   } catch (err) {
-    const message = err instanceof Error ? err.message : "Unknown error";
-    console.error("Failed to delete organization:", message);
+    const message = err instanceof Error ? err.message : String(err);
+    displayError({ code: "network_error", message: `Failed to delete organization: ${message}` });
+    process.exit(ExitCode.NETWORK_ERROR);
   }
 });
 
@@ -3230,18 +3668,22 @@ var orgDeleteCommand = new Command2("delete").description("Delete an organizatio
 var orgCommand = new Command2("org").description("Manage organizations").addCommand(orgListCommand).addCommand(orgCreateCommand).addCommand(orgDeleteCommand);
 
 // src/commands/site/list.ts
-var siteListCommand = new Command2("list").description("List sites in an organization").argument("<orgSlug>", "Organization slug").action(async (orgSlug) => {
+var siteListCommand = new Command2("list").description("List sites in an organization").argument("<orgSlug>", "Organization slug").option("--json", "Output as JSON").action(async (orgSlug, options) => {
   const token = loadToken();
   if (!token) {
-    console.log("Not logged in. Run: zerodeploy login");
-    return;
+    handleAuthError();
   }
   try {
     const client = getClient(token);
     const res = await client.orgs[":orgSlug"].sites.$get({ param: { orgSlug } });
-    if (!res.ok)
-      throw new Error(`API Error ${res.status}`);
-    const sites = await res.json();
+    if (!res.ok) {
+      await handleApiError(res);
+    }
+    const { data: sites } = await res.json();
+    if (options.json) {
+      console.log(JSON.stringify(sites, null, 2));
+      return;
+    }
     if (sites.length === 0) {
       console.log("No sites found.");
       return;
@@ -3252,17 +3694,17 @@ var siteListCommand = new Command2("list").description("List sites in an organiz
       console.log(`  ${s.slug.padEnd(20)} ${s.name}${repo}`);
     }
   } catch (err) {
-    const message = err instanceof Error ? err.message : "Unknown error";
-    console.error("Failed to list sites:", message);
+    const message = err instanceof Error ? err.message : String(err);
+    displayError({ code: "network_error", message: `Failed to list sites: ${message}` });
+    process.exit(ExitCode.NETWORK_ERROR);
   }
 });
 
 // src/commands/site/create.ts
-var siteCreateCommand = new Command2("create").description("Create a site in an organization").argument("<orgSlug>", "Organization slug").argument("<name>", "Site name").requiredOption("--subdomain <subdomain>", 'Subdomain for the site (e.g., "my-site" for my-site.zerodeploy.app)').option("--repo <owner/repo>", 'Link to GitHub repository (e.g., "vercel/next.js")').action(async (orgSlug, name, options) => {
+var siteCreateCommand = new Command2("create").description("Create a site in an organization").argument("<orgSlug>", "Organization slug").argument("<name>", "Site name").option("--subdomain <subdomain>", "Subdomain for the site (defaults to slugified name)").option("--repo <owner/repo>", 'Link to GitHub repository (e.g., "vercel/next.js")').option("--json", "Output as JSON").action(async (orgSlug, name, options) => {
   const token = loadToken();
   if (!token) {
-    console.log("Not logged in. Run: zerodeploy login");
-    return;
+    handleAuthError();
   }
   try {
     const client = getClient(token);
@@ -3271,11 +3713,14 @@ var siteCreateCommand = new Command2("create").description("Create a site in an
       json: { name, subdomain: options.subdomain, githubRepo: options.repo }
     });
     if (!res.ok) {
-      const error = await res.json();
-      throw new Error(error.error || `API Error ${res.status}`);
+      await handleApiError(res);
+    }
+    const { data: site } = await res.json();
+    if (options.json) {
+      console.log(JSON.stringify(site, null, 2));
+      return;
     }
-    const site = await res.json();
-    console.log(`✅ Created site: ${site.name}`);
+    console.log(`Created site: ${site.name}`);
     console.log(`   Subdomain: ${site.subdomain}.zerodeploy.app`);
     console.log(`   Slug: ${site.slug}`);
     console.log(`   ID:   ${site.id}`);
@@ -3283,8 +3728,9 @@ var siteCreateCommand = new Command2("create").description("Create a site in an
       console.log(`   Repo: ${site.github_repo}`);
     }
   } catch (err) {
-    const message = err instanceof Error ? err.message : "Unknown error";
-    console.error("Failed to create site:", message);
+    const message = err instanceof Error ? err.message : String(err);
+    displayError({ code: "network_error", message: `Failed to create site: ${message}` });
+    process.exit(ExitCode.NETWORK_ERROR);
   }
 });
 
@@ -3305,8 +3751,7 @@ function prompt2(question) {
 var siteDeleteCommand = new Command2("delete").description("Delete a site and all its deployments").argument("<siteSlug>", "Site slug").requiredOption("--org <orgSlug>", "Organization slug").option("--force", "Skip confirmation prompt").action(async (siteSlug, options) => {
   const token = loadToken();
   if (!token) {
-    console.log("Not logged in. Run: zerodeploy login");
-    return;
+    handleAuthError();
   }
   if (!options.force) {
     const answer = await prompt2(`Are you sure you want to delete site "${siteSlug}" and all its deployments? This cannot be undone. (y/N) `);
@@ -3321,70 +3766,64 @@ var siteDeleteCommand = new Command2("delete").description("Delete a site and al
       param: { orgSlug: options.org, siteSlug }
     });
     if (!res.ok) {
-      const error = await res.json();
-      throw new Error(error.error || `API Error ${res.status}`);
+      await handleApiError(res);
     }
     const result = await res.json();
-    console.log(`✅ ${result.message}`);
+    console.log(result.message);
   } catch (err) {
-    const message = err instanceof Error ? err.message : "Unknown error";
-    console.error("Failed to delete site:", message);
+    const message = err instanceof Error ? err.message : String(err);
+    displayError({ code: "network_error", message: `Failed to delete site: ${message}` });
+    process.exit(ExitCode.NETWORK_ERROR);
   }
 });
 
 // src/commands/site/link.ts
-var siteLinkCommand = new Command2("link").description("Link a site to a GitHub repository").argument("<orgSlug>", "Organization slug").argument("<siteSlug>", "Site slug").argument("<repo>", 'GitHub repository (e.g., "owner/repo")').action(async (orgSlug, siteSlug, repo) => {
+var siteLinkCommand = new Command2("link").description("Link a site to a GitHub repository").argument("<orgSlug>", "Organization slug").argument("<siteSlug>", "Site slug").argument("<repo>", 'GitHub repository (e.g., "owner/repo")').option("--json", "Output as JSON").action(async (orgSlug, siteSlug, repo, options) => {
   const token = loadToken();
   if (!token) {
-    console.log("Not logged in. Run: zerodeploy login");
-    return;
+    handleAuthError();
   }
   try {
-    const res = await fetch(`${API_URL}/orgs/${orgSlug}/sites/${siteSlug}`, {
-      method: "PATCH",
-      headers: {
-        "Content-Type": "application/json",
-        Authorization: `Bearer ${token}`
-      },
-      body: JSON.stringify({ githubRepo: repo })
+    const client = getClient(token);
+    const res = await client.orgs[":orgSlug"].sites[":siteSlug"].$patch({
+      param: { orgSlug, siteSlug },
+      json: { githubRepo: repo }
     });
     if (!res.ok) {
-      const error = await res.json();
-      console.log(`Error: ${error.error || "Failed to link repository"}`);
+      await handleApiError(res);
+    }
+    const { data: site } = await res.json();
+    if (options.json) {
+      console.log(JSON.stringify(site, null, 2));
       return;
     }
-    const site = await res.json();
     console.log(`Site "${site.name}" linked to ${site.github_repo}`);
   } catch (err) {
-    const message = err instanceof Error ? err.message : "Unknown error";
-    console.error("Failed to link repository:", message);
+    const message = err instanceof Error ? err.message : String(err);
+    displayError({ code: "network_error", message: `Failed to link repository: ${message}` });
+    process.exit(ExitCode.NETWORK_ERROR);
   }
 });
 var siteUnlinkCommand = new Command2("unlink").description("Unlink a site from its GitHub repository").argument("<orgSlug>", "Organization slug").argument("<siteSlug>", "Site slug").action(async (orgSlug, siteSlug) => {
   const token = loadToken();
   if (!token) {
-    console.log("Not logged in. Run: zerodeploy login");
-    return;
+    handleAuthError();
   }
   try {
-    const res = await fetch(`${API_URL}/orgs/${orgSlug}/sites/${siteSlug}`, {
-      method: "PATCH",
-      headers: {
-        "Content-Type": "application/json",
-        Authorization: `Bearer ${token}`
-      },
-      body: JSON.stringify({ githubRepo: null })
+    const client = getClient(token);
+    const res = await client.orgs[":orgSlug"].sites[":siteSlug"].$patch({
+      param: { orgSlug, siteSlug },
+      json: { githubRepo: null }
     });
     if (!res.ok) {
-      const error = await res.json();
-      console.log(`Error: ${error.error || "Failed to unlink repository"}`);
-      return;
+      await handleApiError(res);
     }
-    const site = await res.json();
+    const { data: site } = await res.json();
     console.log(`Site "${site.name}" unlinked from GitHub repository`);
   } catch (err) {
-    const message = err instanceof Error ? err.message : "Unknown error";
-    console.error("Failed to unlink repository:", message);
+    const message = err instanceof Error ? err.message : String(err);
+    displayError({ code: "network_error", message: `Failed to unlink repository: ${message}` });
+    process.exit(ExitCode.NETWORK_ERROR);
   }
 });
 
@@ -3392,8 +3831,7 @@ var siteUnlinkCommand = new Command2("unlink").description("Unlink a site from i
 var siteSubdomainCommand = new Command2("subdomain").description("Update the subdomain for a site").argument("<orgSlug>", "Organization slug").argument("<siteSlug>", "Site slug").argument("<subdomain>", "New subdomain").action(async (orgSlug, siteSlug, subdomain) => {
   const token = loadToken();
   if (!token) {
-    console.log("Not logged in. Run: zerodeploy login");
-    return;
+    handleAuthError();
   }
   try {
     const client = getClient(token);
@@ -3402,49 +3840,185 @@ var siteSubdomainCommand = new Command2("subdomain").description("Update the sub
       json: { subdomain }
     });
     if (!res.ok) {
-      const error = await res.json();
-      throw new Error(error.error || `API Error ${res.status}`);
+      await handleApiError(res);
     }
-    const site = await res.json();
-    console.log(`✅ Updated subdomain for ${site.name}`);
+    const { data: site } = await res.json();
+    console.log(`Updated subdomain for ${site.name}`);
     console.log(`   New URL: ${site.subdomain}.zerodeploy.app`);
   } catch (err) {
-    const message = err instanceof Error ? err.message : "Unknown error";
-    console.error("Failed to update subdomain:", message);
+    const message = err instanceof Error ? err.message : String(err);
+    displayError({ code: "network_error", message: `Failed to update subdomain: ${message}` });
+    process.exit(ExitCode.NETWORK_ERROR);
+  }
+});
+
+// src/commands/site/rename.ts
+var siteRenameCommand = new Command2("rename").description("Rename a site").argument("<siteSlug>", "Site slug").argument("<newName>", "New name for the site").requiredOption("--org <orgSlug>", "Organization slug").action(async (siteSlug, newName, options) => {
+  const token = loadToken();
+  if (!token) {
+    handleAuthError();
+  }
+  try {
+    const client = getClient(token);
+    const res = await client.orgs[":orgSlug"].sites[":siteSlug"].$patch({
+      param: { orgSlug: options.org, siteSlug },
+      json: { name: newName }
+    });
+    if (!res.ok) {
+      await handleApiError(res);
+    }
+    const { data: site } = await res.json();
+    console.log(`Renamed site to: ${site.name}`);
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    displayError({ code: "network_error", message: `Failed to rename site: ${message}` });
+    process.exit(ExitCode.NETWORK_ERROR);
+  }
+});
+
+// src/commands/site/stats.ts
+function formatBytes(bytes) {
+  if (bytes === 0)
+    return "0 B";
+  const k = 1024;
+  const sizes = ["B", "KB", "MB", "GB"];
+  const i = Math.floor(Math.log(bytes) / Math.log(k));
+  return parseFloat((bytes / Math.pow(k, i)).toFixed(1)) + " " + sizes[i];
+}
+function formatNumber(n) {
+  if (n >= 1e6)
+    return (n / 1e6).toFixed(1) + "M";
+  if (n >= 1000)
+    return (n / 1000).toFixed(1) + "K";
+  return n.toString();
+}
+var siteStatsCommand = new Command2("stats").description("View site traffic analytics").argument("<site>", "Site slug").requiredOption("--org <orgSlug>", "Organization slug").option("--period <period>", "Time period: 24h, 7d, or 30d", "7d").option("--json", "Output as JSON").action(async (site, options) => {
+  const token = loadToken();
+  if (!token) {
+    handleAuthError();
+  }
+  const validPeriods = ["24h", "7d", "30d"];
+  if (!validPeriods.includes(options.period)) {
+    displayError({
+      code: "validation_error",
+      message: `Invalid period: ${options.period}`,
+      hint: `Valid periods: ${validPeriods.join(", ")}`
+    });
+    process.exit(ExitCode.VALIDATION_ERROR);
+  }
+  try {
+    const client = getClient(token);
+    const res = await client.orgs[":orgSlug"].sites[":siteSlug"].analytics.$get({
+      param: { orgSlug: options.org, siteSlug: site },
+      query: { period: options.period }
+    });
+    if (!res.ok) {
+      await handleApiError(res);
+    }
+    const { data } = await res.json();
+    if (options.json) {
+      console.log(JSON.stringify(data, null, 2));
+      return;
+    }
+    if (!data.configured) {
+      console.log("Analytics not configured for this site.");
+      return;
+    }
+    const { overview, topPages, countries, statusCodes } = data;
+    const periodLabel = options.period === "24h" ? "Last 24 hours" : options.period === "7d" ? "Last 7 days" : "Last 30 days";
+    console.log(`Analytics for ${options.org}/${site}`);
+    console.log(`Period: ${periodLabel}`);
+    console.log();
+    console.log("Overview");
+    console.log("  " + "-".repeat(40));
+    console.log(`  Requests:        ${formatNumber(overview.totalRequests).padStart(10)}`);
+    console.log(`  Bandwidth:       ${formatBytes(overview.totalBytes).padStart(10)}`);
+    console.log(`  Unique visitors: ${formatNumber(overview.uniqueVisitors).padStart(10)}`);
+    console.log(`  Unique pages:    ${formatNumber(overview.uniquePaths).padStart(10)}`);
+    if (overview.formSubmissions > 0) {
+      console.log(`  Form submissions:${formatNumber(overview.formSubmissions).padStart(10)}`);
+    }
+    if (overview.bounceRate > 0) {
+      console.log(`  Bounce rate:     ${overview.bounceRate.toFixed(1).padStart(9)}%`);
+    }
+    console.log();
+    if (topPages.length > 0) {
+      console.log("Top Pages");
+      console.log("  " + "-".repeat(50));
+      const maxPages = 5;
+      for (const page of topPages.slice(0, maxPages)) {
+        const path3 = page.path.length > 30 ? page.path.slice(0, 27) + "..." : page.path;
+        console.log(`  ${path3.padEnd(32)} ${formatNumber(page.requests).padStart(8)} reqs`);
+      }
+      console.log();
+    }
+    if (countries.length > 0) {
+      console.log("Top Countries");
+      console.log("  " + "-".repeat(40));
+      const maxCountries = 5;
+      for (const c of countries.slice(0, maxCountries)) {
+        console.log(`  ${c.country.padEnd(20)} ${formatNumber(c.requests).padStart(8)} reqs`);
+      }
+      console.log();
+    }
+    if (statusCodes.length > 0) {
+      const grouped = { success: 0, redirect: 0, clientError: 0, serverError: 0 };
+      for (const s of statusCodes) {
+        if (s.statusCode >= 200 && s.statusCode < 300)
+          grouped.success += s.requests;
+        else if (s.statusCode >= 300 && s.statusCode < 400)
+          grouped.redirect += s.requests;
+        else if (s.statusCode >= 400 && s.statusCode < 500)
+          grouped.clientError += s.requests;
+        else if (s.statusCode >= 500)
+          grouped.serverError += s.requests;
+      }
+      console.log("Response Codes");
+      console.log("  " + "-".repeat(40));
+      if (grouped.success > 0)
+        console.log(`  2xx (success):   ${formatNumber(grouped.success).padStart(10)}`);
+      if (grouped.redirect > 0)
+        console.log(`  3xx (redirect):  ${formatNumber(grouped.redirect).padStart(10)}`);
+      if (grouped.clientError > 0)
+        console.log(`  4xx (client err):${formatNumber(grouped.clientError).padStart(10)}`);
+      if (grouped.serverError > 0)
+        console.log(`  5xx (server err):${formatNumber(grouped.serverError).padStart(10)}`);
+      console.log();
+    }
+    console.log("View detailed analytics in the dashboard.");
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    displayError({ code: "network_error", message: `Failed to get analytics: ${message}` });
+    process.exit(ExitCode.NETWORK_ERROR);
   }
 });
 
 // src/commands/site/index.ts
-var siteCommand = new Command2("site").description("Manage sites").addCommand(siteListCommand).addCommand(siteCreateCommand).addCommand(siteDeleteCommand).addCommand(siteLinkCommand).addCommand(siteUnlinkCommand).addCommand(siteSubdomainCommand);
+var siteCommand = new Command2("site").description("Manage sites").addCommand(siteListCommand).addCommand(siteCreateCommand).addCommand(siteDeleteCommand).addCommand(siteRenameCommand).addCommand(siteLinkCommand).addCommand(siteUnlinkCommand).addCommand(siteSubdomainCommand).addCommand(siteStatsCommand);
 
 // src/commands/domain/add.ts
 var domainAddCommand = new Command2("add").description("Add a custom domain to a site").argument("<domain>", "Domain to add (e.g., www.example.com)").requiredOption("--org <orgSlug>", "Organization slug").requiredOption("--site <siteSlug>", "Site slug").action(async (domain, options) => {
   const token = loadToken();
   if (!token) {
-    console.log("Not logged in. Run: zerodeploy login");
-    return;
+    handleAuthError();
   }
   try {
-    const res = await fetch(`${API_URL}/orgs/${options.org}/sites/${options.site}/domains`, {
-      method: "POST",
-      headers: {
-        Authorization: `Bearer ${token}`,
-        "Content-Type": "application/json"
-      },
-      body: JSON.stringify({ domain })
+    const client = getClient(token);
+    const res = await client.orgs[":orgSlug"].sites[":siteSlug"].domains.$post({
+      param: { orgSlug: options.org, siteSlug: options.site },
+      json: { domain }
     });
     if (!res.ok) {
-      const error = await res.json();
-      throw new Error(error.error || `API Error ${res.status}`);
+      await handleApiError(res);
     }
-    const data = await res.json();
+    const { data } = await res.json();
     console.log(`
-✅ Domain added: ${data.domain}`);
+Domain added: ${data.domain}`);
     console.log(`   ID: ${data.id}`);
     console.log(`   Status: ${data.verification_status}`);
     console.log();
-    console.log("\uD83D\uDCCB DNS Verification Required");
-    console.log("━━━━━━━━━━━━━━━━━━━━━━━━━━━━━");
+    console.log("DNS Verification Required");
+    console.log("-------------------------");
     console.log();
     console.log("Add the following TXT record to your DNS:");
     console.log();
@@ -3456,8 +4030,9 @@ var domainAddCommand = new Command2("add").description("Add a custom domain to a
     console.log(`   zerodeploy domain verify ${data.domain} --org ${options.org} --site ${options.site}`);
     console.log();
   } catch (err) {
-    const message = err instanceof Error ? err.message : "Unknown error";
-    console.error("Failed to add domain:", message);
+    const message = err instanceof Error ? err.message : String(err);
+    displayError({ code: "network_error", message: `Failed to add domain: ${message}` });
+    process.exit(ExitCode.NETWORK_ERROR);
   }
 });
 
@@ -3465,11 +4040,11 @@ var domainAddCommand = new Command2("add").description("Add a custom domain to a
 function formatStatus(status) {
   switch (status) {
     case "verified":
-      return "✅ verified";
+      return "verified";
     case "pending":
-      return "⏳ pending";
+      return "pending";
     case "failed":
-      return "❌ failed";
+      return "failed";
     default:
       return status;
   }
@@ -3477,30 +4052,31 @@ function formatStatus(status) {
 function formatRedirect(mode) {
   switch (mode) {
     case "www_to_apex":
-      return "www→apex";
+      return "www->apex";
     case "apex_to_www":
-      return "apex→www";
+      return "apex->www";
     default:
       return "";
   }
 }
-var domainListCommand = new Command2("list").description("List custom domains for a site").requiredOption("--org <orgSlug>", "Organization slug").requiredOption("--site <siteSlug>", "Site slug").action(async (options) => {
+var domainListCommand = new Command2("list").description("List custom domains for a site").requiredOption("--org <orgSlug>", "Organization slug").requiredOption("--site <siteSlug>", "Site slug").option("--json", "Output as JSON").action(async (options) => {
   const token = loadToken();
   if (!token) {
-    console.log("Not logged in. Run: zerodeploy login");
-    return;
+    handleAuthError();
   }
   try {
-    const res = await fetch(`${API_URL}/orgs/${options.org}/sites/${options.site}/domains`, {
-      headers: {
-        Authorization: `Bearer ${token}`
-      }
+    const client = getClient(token);
+    const res = await client.orgs[":orgSlug"].sites[":siteSlug"].domains.$get({
+      param: { orgSlug: options.org, siteSlug: options.site }
     });
     if (!res.ok) {
-      const error = await res.json();
-      throw new Error(error.error || `API Error ${res.status}`);
+      await handleApiError(res);
+    }
+    const { data: domains } = await res.json();
+    if (options.json) {
+      console.log(JSON.stringify(domains, null, 2));
+      return;
     }
-    const domains = await res.json();
     if (domains.length === 0) {
       console.log("No custom domains configured.");
       console.log();
@@ -3517,62 +4093,58 @@ var domainListCommand = new Command2("list").description("List custom domains fo
     }
     console.log();
   } catch (err) {
-    const message = err instanceof Error ? err.message : "Unknown error";
-    console.error("Failed to list domains:", message);
+    const message = err instanceof Error ? err.message : String(err);
+    displayError({ code: "network_error", message: `Failed to list domains: ${message}` });
+    process.exit(ExitCode.NETWORK_ERROR);
   }
 });
 
 // src/commands/domain/verify.ts
-var domainVerifyCommand = new Command2("verify").description("Verify ownership of a custom domain").argument("<domain>", "Domain to verify (e.g., www.example.com)").requiredOption("--org <orgSlug>", "Organization slug").requiredOption("--site <siteSlug>", "Site slug").action(async (domainName, options) => {
+var domainVerifyCommand = new Command2("verify").description("Verify ownership of a custom domain").argument("<domain>", "Domain to verify (e.g., www.example.com)").requiredOption("--org <orgSlug>", "Organization slug").requiredOption("--site <siteSlug>", "Site slug").option("--json", "Output as JSON").action(async (domainName, options) => {
   const token = loadToken();
   if (!token) {
-    console.log("Not logged in. Run: zerodeploy login");
-    return;
+    handleAuthError();
   }
   try {
-    const listRes = await fetch(`${API_URL}/orgs/${options.org}/sites/${options.site}/domains`, {
-      headers: {
-        Authorization: `Bearer ${token}`
-      }
+    const client = getClient(token);
+    const listRes = await client.orgs[":orgSlug"].sites[":siteSlug"].domains.$get({
+      param: { orgSlug: options.org, siteSlug: options.site }
     });
     if (!listRes.ok) {
-      const error = await listRes.json();
-      throw new Error(error.error || `API Error ${listRes.status}`);
+      await handleApiError(listRes);
     }
-    const domains = await listRes.json();
+    const { data: domains } = await listRes.json();
     const domain = domains.find((d) => d.domain === domainName);
     if (!domain) {
-      console.error(`
-❌ Domain not found: ${domainName}`);
-      console.log();
-      console.log("Add it first with:");
-      console.log(`  zerodeploy domain add ${domainName} --org ${options.org} --site ${options.site}`);
-      return;
+      displayError({
+        code: "not_found",
+        message: `Domain not found: ${domainName}`,
+        hint: `Add it first with:
+  zerodeploy domain add ${domainName} --org ${options.org} --site ${options.site}`
+      });
+      process.exit(ExitCode.NOT_FOUND);
     }
-    const res = await fetch(`${API_URL}/orgs/${options.org}/sites/${options.site}/domains/${domain.id}/verify`, {
-      method: "POST",
-      headers: {
-        Authorization: `Bearer ${token}`,
-        "Content-Type": "application/json"
-      }
+    const res = await client.orgs[":orgSlug"].sites[":siteSlug"].domains[":domainId"].verify.$post({
+      param: { orgSlug: options.org, siteSlug: options.site, domainId: domain.id }
     });
-    const data = await res.json();
+    const { data } = await res.json();
     if (!res.ok) {
-      console.error(`
-❌ Verification failed for ${domainName}`);
-      if (data.message) {
-        console.log();
-        console.log(data.message);
-      }
-      console.log();
-      console.log("Tips:");
-      console.log("  • DNS changes can take up to 48 hours to propagate");
-      console.log(`  • Verify the TXT record is set correctly using: dig TXT _zerodeploy.${domainName}`);
-      console.log("  • Try again in a few minutes");
+      displayError({
+        code: "verification_failed",
+        message: `Verification failed for ${domainName}`,
+        hint: `Tips:
+  - DNS changes can take up to 48 hours to propagate
+  - Verify the TXT record is set correctly using: dig TXT _zerodeploy.${domainName}
+  - Try again in a few minutes`
+      });
+      process.exit(ExitCode.VALIDATION_ERROR);
+    }
+    if (options.json) {
+      console.log(JSON.stringify(data, null, 2));
       return;
     }
     console.log(`
-✅ Domain verified: ${data.domain}`);
+Domain verified: ${data.domain}`);
     console.log();
     if (data.cloudflare) {
       console.log(`   Cloudflare SSL: ${data.cloudflare.status}`);
@@ -3581,8 +4153,8 @@ var domainVerifyCommand = new Command2("verify").description("Verify ownership o
     const domainParts = data.domain.split(".");
     const isApexDomain = domainParts.length === 2;
     const target = `${data.siteSubdomain || "your-site"}.zerodeploy.app`;
-    console.log("\uD83D\uDCCB Final DNS Setup");
-    console.log("━━━━━━━━━━━━━━━━━━━");
+    console.log("Final DNS Setup");
+    console.log("---------------");
     console.log();
     if (isApexDomain) {
       console.log("For apex domains, DNS setup depends on your provider:");
@@ -3612,8 +4184,9 @@ var domainVerifyCommand = new Command2("verify").description("Verify ownership o
     console.log(`   https://${data.domain}`);
     console.log();
   } catch (err) {
-    const message = err instanceof Error ? err.message : "Unknown error";
-    console.error("Failed to verify domain:", message);
+    const message = err instanceof Error ? err.message : String(err);
+    displayError({ code: "network_error", message: `Failed to verify domain: ${message}` });
+    process.exit(ExitCode.NETWORK_ERROR);
   }
 });
 
@@ -3621,44 +4194,39 @@ var domainVerifyCommand = new Command2("verify").description("Verify ownership o
 var domainRemoveCommand = new Command2("remove").description("Remove a custom domain from a site").argument("<domain>", "Domain to remove (e.g., www.example.com)").requiredOption("--org <orgSlug>", "Organization slug").requiredOption("--site <siteSlug>", "Site slug").action(async (domainName, options) => {
   const token = loadToken();
   if (!token) {
-    console.log("Not logged in. Run: zerodeploy login");
-    return;
+    handleAuthError();
   }
   try {
-    const listRes = await fetch(`${API_URL}/orgs/${options.org}/sites/${options.site}/domains`, {
-      headers: {
-        Authorization: `Bearer ${token}`
-      }
+    const client = getClient(token);
+    const listRes = await client.orgs[":orgSlug"].sites[":siteSlug"].domains.$get({
+      param: { orgSlug: options.org, siteSlug: options.site }
     });
     if (!listRes.ok) {
-      const error = await listRes.json();
-      throw new Error(error.error || `API Error ${listRes.status}`);
+      await handleApiError(listRes);
     }
-    const domains = await listRes.json();
+    const { data: domains } = await listRes.json();
     const domain = domains.find((d) => d.domain === domainName);
     if (!domain) {
-      console.error(`
-❌ Domain not found: ${domainName}`);
-      console.log();
-      console.log("List domains with:");
-      console.log(`  zerodeploy domain list --org ${options.org} --site ${options.site}`);
-      return;
+      displayError({
+        code: "not_found",
+        message: `Domain not found: ${domainName}`,
+        hint: `List domains with:
+  zerodeploy domain list --org ${options.org} --site ${options.site}`
+      });
+      process.exit(ExitCode.NOT_FOUND);
     }
-    const res = await fetch(`${API_URL}/orgs/${options.org}/sites/${options.site}/domains/${domain.id}`, {
-      method: "DELETE",
-      headers: {
-        Authorization: `Bearer ${token}`
-      }
+    const res = await client.orgs[":orgSlug"].sites[":siteSlug"].domains[":domainId"].$delete({
+      param: { orgSlug: options.org, siteSlug: options.site, domainId: domain.id }
     });
     if (!res.ok) {
-      const error = await res.json();
-      throw new Error(error.error || `API Error ${res.status}`);
+      await handleApiError(res);
     }
     const data = await res.json();
-    console.log(`✅ ${data.message}`);
+    console.log(data.message);
   } catch (err) {
-    const message = err instanceof Error ? err.message : "Unknown error";
-    console.error("Failed to remove domain:", message);
+    const message = err instanceof Error ? err.message : String(err);
+    displayError({ code: "network_error", message: `Failed to remove domain: ${message}` });
+    process.exit(ExitCode.NETWORK_ERROR);
   }
 });
 
@@ -3668,71 +4236,311 @@ function formatRedirectMode(mode) {
     case "none":
       return "No redirect";
     case "www_to_apex":
-      return "www → apex (e.g., www.example.com → example.com)";
+      return "www -> apex (e.g., www.example.com -> example.com)";
     case "apex_to_www":
-      return "apex → www (e.g., example.com → www.example.com)";
+      return "apex -> www (e.g., example.com -> www.example.com)";
     default:
       return mode;
   }
 }
-var domainRedirectCommand = new Command2("redirect").description("Set redirect mode for a custom domain").argument("<domain>", "Domain name (e.g., example.com)").requiredOption("--org <orgSlug>", "Organization slug").requiredOption("--site <siteSlug>", "Site slug").requiredOption("--mode <mode>", "Redirect mode: none, www_to_apex, or apex_to_www").action(async (domain, options) => {
+var domainRedirectCommand = new Command2("redirect").description("Set redirect mode for a custom domain").argument("<domain>", "Domain name (e.g., example.com)").requiredOption("--org <orgSlug>", "Organization slug").requiredOption("--site <siteSlug>", "Site slug").requiredOption("--mode <mode>", "Redirect mode: none, www_to_apex, or apex_to_www").option("--json", "Output as JSON").action(async (domain, options) => {
   const token = loadToken();
   if (!token) {
-    console.log("Not logged in. Run: zerodeploy login");
-    return;
+    handleAuthError();
   }
   const validModes = ["none", "www_to_apex", "apex_to_www"];
   if (!validModes.includes(options.mode)) {
-    console.error(`Invalid mode: ${options.mode}`);
-    console.error("Valid modes: none, www_to_apex, apex_to_www");
-    return;
+    displayError({
+      code: "validation_error",
+      message: `Invalid mode: ${options.mode}`,
+      hint: "Valid modes: none, www_to_apex, apex_to_www"
+    });
+    process.exit(ExitCode.VALIDATION_ERROR);
   }
   try {
-    const listRes = await fetch(`${API_URL}/orgs/${options.org}/sites/${options.site}/domains`, {
-      headers: {
-        Authorization: `Bearer ${token}`
-      }
+    const client = getClient(token);
+    const listRes = await client.orgs[":orgSlug"].sites[":siteSlug"].domains.$get({
+      param: { orgSlug: options.org, siteSlug: options.site }
     });
     if (!listRes.ok) {
-      const error = await listRes.json();
-      throw new Error(error.error || `API Error ${listRes.status}`);
+      await handleApiError(listRes);
     }
-    const domains = await listRes.json();
+    const { data: domains } = await listRes.json();
     const targetDomain = domains.find((d) => d.domain === domain.toLowerCase());
     if (!targetDomain) {
-      console.error(`Domain not found: ${domain}`);
-      console.error(`Run 'zerodeploy domain list --org ${options.org} --site ${options.site}' to see configured domains.`);
-      return;
+      displayError({
+        code: "not_found",
+        message: `Domain not found: ${domain}`,
+        hint: `Run 'zerodeploy domain list --org ${options.org} --site ${options.site}' to see configured domains.`
+      });
+      process.exit(ExitCode.NOT_FOUND);
     }
-    const res = await fetch(`${API_URL}/orgs/${options.org}/sites/${options.site}/domains/${targetDomain.id}/redirect`, {
-      method: "PATCH",
-      headers: {
-        Authorization: `Bearer ${token}`,
-        "Content-Type": "application/json"
-      },
-      body: JSON.stringify({ redirectMode: options.mode })
+    const res = await client.orgs[":orgSlug"].sites[":siteSlug"].domains[":domainId"].redirect.$patch({
+      param: { orgSlug: options.org, siteSlug: options.site, domainId: targetDomain.id },
+      json: { redirectMode: options.mode }
     });
     if (!res.ok) {
-      const error = await res.json();
-      throw new Error(error.error || `API Error ${res.status}`);
+      await handleApiError(res);
+    }
+    const { data } = await res.json();
+    if (options.json) {
+      console.log(JSON.stringify(data, null, 2));
+      return;
     }
-    const data = await res.json();
     console.log(`
-✅ Redirect mode updated for ${data.domain}`);
+Redirect mode updated for ${data.domain}`);
     console.log(`   Mode: ${formatRedirectMode(data.redirect_mode)}`);
     console.log();
   } catch (err) {
-    const message = err instanceof Error ? err.message : "Unknown error";
-    console.error("Failed to update redirect mode:", message);
+    const message = err instanceof Error ? err.message : String(err);
+    displayError({ code: "network_error", message: `Failed to update redirect mode: ${message}` });
+    process.exit(ExitCode.NETWORK_ERROR);
   }
 });
 
 // src/commands/domain/index.ts
 var domainCommand = new Command2("domain").description("Manage custom domains").addCommand(domainAddCommand).addCommand(domainListCommand).addCommand(domainVerifyCommand).addCommand(domainRemoveCommand).addCommand(domainRedirectCommand);
 
+// src/commands/form/list.ts
+var formListCommand = new Command2("list").description("List forms for a site").requiredOption("--org <orgSlug>", "Organization slug").requiredOption("--site <siteSlug>", "Site slug").option("--json", "Output as JSON").action(async (options) => {
+  const token = loadToken();
+  if (!token) {
+    handleAuthError();
+  }
+  try {
+    const client = getClient(token);
+    const res = await client.orgs[":orgSlug"].sites[":siteSlug"].forms.$get({
+      param: { orgSlug: options.org, siteSlug: options.site }
+    });
+    if (!res.ok) {
+      await handleApiError(res);
+    }
+    const { data: forms } = await res.json();
+    if (options.json) {
+      console.log(JSON.stringify(forms, null, 2));
+      return;
+    }
+    if (forms.length === 0) {
+      console.log("No forms found.");
+      console.log();
+      console.log("Forms are created automatically when visitors submit to /_forms/<name>");
+      return;
+    }
+    console.log("Forms:");
+    console.log();
+    console.log("  NAME                          SUBMISSIONS  CREATED");
+    console.log("  " + "-".repeat(60));
+    for (const f of forms) {
+      const created = new Date(f.created_at).toLocaleDateString();
+      console.log(`  ${f.name.padEnd(30)} ${String(f.submission_count).padStart(11)}  ${created}`);
+    }
+    console.log();
+    console.log("Export submissions with:");
+    console.log(`  zerodeploy form export <name> --org ${options.org} --site ${options.site}`);
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    displayError({ code: "network_error", message: `Failed to list forms: ${message}` });
+    process.exit(ExitCode.NETWORK_ERROR);
+  }
+});
+
+// src/commands/form/submissions.ts
+var formSubmissionsCommand = new Command2("submissions").description("View recent form submissions").argument("<name>", "Form name").requiredOption("--org <orgSlug>", "Organization slug").requiredOption("--site <siteSlug>", "Site slug").option("--limit <n>", "Number of submissions to show", "10").option("--offset <n>", "Offset for pagination", "0").option("--json", "Output as JSON").action(async (name, options) => {
+  const token = loadToken();
+  if (!token) {
+    handleAuthError();
+  }
+  try {
+    const client = getClient(token);
+    const res = await client.orgs[":orgSlug"].sites[":siteSlug"].forms[":formName"].submissions.$get({
+      param: { orgSlug: options.org, siteSlug: options.site, formName: name },
+      query: { limit: options.limit, offset: options.offset }
+    });
+    if (!res.ok) {
+      await handleApiError(res);
+    }
+    const data = await res.json();
+    const { form, submissions, total, limit, offset } = data;
+    if (options.json) {
+      console.log(JSON.stringify(data, null, 2));
+      return;
+    }
+    if (submissions.length === 0) {
+      console.log(`No submissions found for form "${name}".`);
+      return;
+    }
+    console.log(`Form: ${form.name}`);
+    console.log(`Total submissions: ${total}`);
+    if (form.notification_email) {
+      console.log(`Notifications: ${form.notification_email}`);
+    }
+    console.log();
+    if (total > limit) {
+      const start = offset + 1;
+      const end = Math.min(offset + submissions.length, total);
+      console.log(`Showing ${start}-${end} of ${total}`);
+      console.log();
+    }
+    for (const sub of submissions) {
+      const date = new Date(sub.created_at).toLocaleString();
+      const shortId = sub.id.slice(0, 8);
+      console.log(`  ${shortId}  ${date}`);
+      const entries = Object.entries(sub.data);
+      for (const [key, value] of entries) {
+        const displayValue = typeof value === "string" ? value : JSON.stringify(value);
+        const truncated = displayValue.length > 60 ? displayValue.slice(0, 57) + "..." : displayValue;
+        console.log(`    ${key}: ${truncated}`);
+      }
+      const meta = [];
+      if (sub.ip_address)
+        meta.push(`IP: ${sub.ip_address}`);
+      if (sub.referrer)
+        meta.push(`from: ${sub.referrer}`);
+      if (meta.length > 0) {
+        console.log(`    [${meta.join(", ")}]`);
+      }
+      console.log();
+    }
+    if (total > offset + submissions.length) {
+      const nextOffset = offset + parseInt(options.limit);
+      console.log(`View more with: --offset ${nextOffset}`);
+    }
+    console.log("Export all to CSV with:");
+    console.log(`  zerodeploy form export ${name} --org ${options.org} --site ${options.site}`);
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    displayError({ code: "network_error", message: `Failed to get submissions: ${message}` });
+    process.exit(ExitCode.NETWORK_ERROR);
+  }
+});
+
+// src/commands/form/export.ts
+import { writeFile } from "fs/promises";
+import { resolve } from "path";
+var formExportCommand = new Command2("export").description("Export form submissions as CSV").argument("<name>", "Form name").requiredOption("--org <orgSlug>", "Organization slug").requiredOption("--site <siteSlug>", "Site slug").option("-o, --output <file>", "Output file path (default: <name>-submissions.csv)").action(async (name, options) => {
+  const token = loadToken();
+  if (!token) {
+    handleAuthError();
+  }
+  try {
+    const client = getClient(token);
+    const res = await client.orgs[":orgSlug"].sites[":siteSlug"].forms[":formName"].export.$get({
+      param: { orgSlug: options.org, siteSlug: options.site, formName: name }
+    });
+    if (res.status === 204) {
+      console.log("No submissions to export.");
+      return;
+    }
+    if (!res.ok) {
+      await handleApiError(res);
+    }
+    const csv = await res.text();
+    const outputPath = options.output || `${name}-submissions.csv`;
+    const fullPath = resolve(process.cwd(), outputPath);
+    await writeFile(fullPath, csv, "utf-8");
+    const lineCount = csv.split(`
+`).length - 1;
+    console.log(`Exported ${lineCount} submissions to ${outputPath}`);
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    displayError({ code: "network_error", message: `Failed to export form: ${message}` });
+    process.exit(ExitCode.NETWORK_ERROR);
+  }
+});
+
+// src/commands/form/delete.ts
+import * as readline3 from "readline";
+function prompt3(question) {
+  const rl = readline3.createInterface({
+    input: process.stdin,
+    output: process.stdout
+  });
+  return new Promise((resolve2) => {
+    rl.question(question, (answer) => {
+      rl.close();
+      resolve2(answer);
+    });
+  });
+}
+var formDeleteCommand = new Command2("delete").description("Delete a form and all its submissions").argument("<name>", "Form name").requiredOption("--org <orgSlug>", "Organization slug").requiredOption("--site <siteSlug>", "Site slug").option("--force", "Skip confirmation prompt").action(async (name, options) => {
+  const token = loadToken();
+  if (!token) {
+    handleAuthError();
+  }
+  if (!options.force) {
+    const answer = await prompt3(`Are you sure you want to delete form "${name}" and all its submissions? This cannot be undone. (y/N) `);
+    if (answer.toLowerCase() !== "y") {
+      console.log("Cancelled.");
+      return;
+    }
+  }
+  try {
+    const client = getClient(token);
+    const res = await client.orgs[":orgSlug"].sites[":siteSlug"].forms[":formName"].$delete({
+      param: { orgSlug: options.org, siteSlug: options.site, formName: name }
+    });
+    if (!res.ok) {
+      await handleApiError(res);
+    }
+    const result = await res.json();
+    console.log(`${result.message}`);
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    displayError({ code: "network_error", message: `Failed to delete form: ${message}` });
+    process.exit(ExitCode.NETWORK_ERROR);
+  }
+});
+
+// src/commands/form/notify.ts
+var formNotifyCommand = new Command2("notify").description("Configure email notifications for form submissions").argument("<name>", "Form name").requiredOption("--org <orgSlug>", "Organization slug").requiredOption("--site <siteSlug>", "Site slug").option("--email <email>", "Email address to receive notifications").option("--disable", "Disable email notifications").action(async (name, options) => {
+  const token = loadToken();
+  if (!token) {
+    handleAuthError();
+  }
+  if (options.email && options.disable) {
+    displayError({ code: "validation_error", message: "Cannot use both --email and --disable options" });
+    process.exit(ExitCode.VALIDATION_ERROR);
+  }
+  if (!options.email && !options.disable) {
+    displayError({
+      code: "validation_error",
+      message: "Please specify --email <email> or --disable",
+      hint: `Examples:
+  zerodeploy form notify ${name} --org ${options.org} --site ${options.site} --email alerts@example.com
+  zerodeploy form notify ${name} --org ${options.org} --site ${options.site} --disable`
+    });
+    process.exit(ExitCode.VALIDATION_ERROR);
+  }
+  try {
+    const client = getClient(token);
+    const notificationEmail = options.disable ? null : options.email;
+    const res = await client.orgs[":orgSlug"].sites[":siteSlug"].forms[":formName"].$patch({
+      param: { orgSlug: options.org, siteSlug: options.site, formName: name },
+      json: { notification_email: notificationEmail }
+    });
+    if (!res.ok) {
+      await handleApiError(res);
+    }
+    const { form } = await res.json();
+    if (form.notification_email) {
+      console.log(`Email notifications enabled for form "${name}"`);
+      console.log(`  Notifications will be sent to: ${form.notification_email}`);
+    } else {
+      console.log(`Email notifications disabled for form "${name}"`);
+    }
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    displayError({ code: "network_error", message: `Failed to update form notifications: ${message}` });
+    process.exit(ExitCode.NETWORK_ERROR);
+  }
+});
+
+// src/commands/form/index.ts
+var formCommand = new Command2("form").description("Manage form submissions").addCommand(formListCommand).addCommand(formSubmissionsCommand).addCommand(formExportCommand).addCommand(formDeleteCommand).addCommand(formNotifyCommand);
+
 // src/commands/deploy/index.ts
-import { resolve as resolve3, basename } from "node:path";
-import { stat as stat2, writeFile } from "node:fs/promises";
+import { resolve as resolve4, basename } from "node:path";
+import { stat as stat2, writeFile as writeFile2 } from "node:fs/promises";
 import { spawn } from "node:child_process";
 
 // src/utils/files.ts
@@ -3772,7 +4580,7 @@ async function scanDirectory(rootDir) {
   await scan(rootDir);
   return files;
 }
-function formatBytes(bytes) {
+function formatBytes2(bytes) {
   if (bytes === 0)
     return "0 B";
   const k = 1024;
@@ -3783,7 +4591,7 @@ function formatBytes(bytes) {
 
 // src/utils/framework.ts
 import { readFile as readFile2 } from "node:fs/promises";
-import { resolve } from "node:path";
+import { resolve as resolve2 } from "node:path";
 var FRAMEWORKS = [
   {
     name: "Vite",
@@ -3857,7 +4665,7 @@ function hasDep(pkg, dep) {
 }
 async function detectFramework(cwd) {
   try {
-    const pkgPath = resolve(cwd, "package.json");
+    const pkgPath = resolve2(cwd, "package.json");
     const pkgContent = await readFile2(pkgPath, "utf-8");
     const pkg = JSON.parse(pkgContent);
     for (const framework of FRAMEWORKS) {
@@ -4400,9 +5208,12 @@ function padToBlock(data) {
   padded.set(data);
   return padded;
 }
-async function createTarArchive(files) {
+async function createTarArchive(files, onProgress) {
   const parts = [];
-  for (const file of files) {
+  const total = files.length;
+  for (let i2 = 0;i2 < files.length; i2++) {
+    const file = files[i2];
+    onProgress?.(i2 + 1, total, file.path);
     const content = await readFile3(file.absolutePath);
     const header = createTarHeader(file.path, content.length);
     const paddedContent = padToBlock(new Uint8Array(content));
@@ -4419,8 +5230,8 @@ async function createTarArchive(files) {
   }
   return tar;
 }
-async function createTarGz(files) {
-  const tar = await createTarArchive(files);
+async function createTarGz(files, onProgress) {
+  const tar = await createTarArchive(files, onProgress);
   return gzipSync(tar, { level: 6 });
 }
 function formatCompression(original, compressed) {
@@ -4430,10 +5241,10 @@ function formatCompression(original, compressed) {
 
 // src/utils/project-config.ts
 import { existsSync, readFileSync } from "node:fs";
-import { resolve as resolve2 } from "node:path";
+import { resolve as resolve3 } from "node:path";
 var CONFIG_FILENAME = "zerodeploy.json";
 function loadProjectConfig(cwd = process.cwd()) {
-  const configPath = resolve2(cwd, CONFIG_FILENAME);
+  const configPath = resolve3(cwd, CONFIG_FILENAME);
   if (!existsSync(configPath)) {
     return {};
   }
@@ -4447,32 +5258,242 @@ function loadProjectConfig(cwd = process.cwd()) {
   }
 }
 function getConfigPath(cwd = process.cwd()) {
-  return resolve2(cwd, CONFIG_FILENAME);
+  return resolve3(cwd, CONFIG_FILENAME);
 }
 
 // src/utils/prompt.ts
-import * as readline3 from "node:readline";
+import * as readline4 from "node:readline";
 async function confirm(message, defaultValue = true) {
-  const rl = readline3.createInterface({
+  const rl = readline4.createInterface({
     input: process.stdin,
     output: process.stdout
   });
   const hint = defaultValue ? "[Y/n]" : "[y/N]";
-  return new Promise((resolve3) => {
+  return new Promise((resolve4) => {
     rl.question(`${message} ${hint} `, (answer) => {
       rl.close();
       const normalized = answer.trim().toLowerCase();
       if (normalized === "") {
-        resolve3(defaultValue);
+        resolve4(defaultValue);
       } else if (normalized === "y" || normalized === "yes") {
-        resolve3(true);
+        resolve4(true);
       } else {
-        resolve3(false);
+        resolve4(false);
       }
     });
   });
 }
 
+// src/utils/progress.ts
+var SPINNER_FRAMES = ["⠋", "⠙", "⠹", "⠸", "⠼", "⠴", "⠦", "⠧", "⠇", "⠏"];
+var SPINNER_INTERVAL = 80;
+var isTTY = process.stdout.isTTY;
+function clearLine() {
+  if (isTTY) {
+    process.stdout.write("\r\x1B[K");
+  }
+}
+function createSpinner(message) {
+  let frameIndex = 0;
+  let interval = null;
+  let currentMessage = message;
+  function render() {
+    if (!isTTY)
+      return;
+    const frame = SPINNER_FRAMES[frameIndex];
+    clearLine();
+    process.stdout.write(`${frame} ${currentMessage}`);
+    frameIndex = (frameIndex + 1) % SPINNER_FRAMES.length;
+  }
+  return {
+    start() {
+      if (!isTTY) {
+        console.log(currentMessage);
+        return;
+      }
+      render();
+      interval = setInterval(render, SPINNER_INTERVAL);
+    },
+    stop(finalMessage) {
+      if (interval) {
+        clearInterval(interval);
+        interval = null;
+      }
+      clearLine();
+      if (finalMessage) {
+        console.log(finalMessage);
+      }
+    },
+    update(message2) {
+      currentMessage = message2;
+      if (!isTTY) {
+        console.log(message2);
+      }
+    },
+    succeed(message2) {
+      if (interval) {
+        clearInterval(interval);
+        interval = null;
+      }
+      clearLine();
+      console.log(`✓ ${message2}`);
+    },
+    fail(message2) {
+      if (interval) {
+        clearInterval(interval);
+        interval = null;
+      }
+      clearLine();
+      console.log(`✗ ${message2}`);
+    },
+    warn(message2) {
+      if (interval) {
+        clearInterval(interval);
+        interval = null;
+      }
+      clearLine();
+      console.log(`⚠ ${message2}`);
+    }
+  };
+}
+function createProgressBar(options) {
+  const { total, label, width = 20 } = options;
+  let started = false;
+  function render(current, suffix) {
+    const percent = Math.min(current / total, 1);
+    const filled = Math.round(percent * width);
+    const empty = width - filled;
+    const bar = "█".repeat(filled) + "░".repeat(empty);
+    const countStr = `${current}/${total}`;
+    const suffixStr = suffix ? ` ${suffix}` : "";
+    if (isTTY) {
+      clearLine();
+      process.stdout.write(`${label} [${bar}] ${countStr}${suffixStr}`);
+    }
+  }
+  return {
+    update(current, suffix) {
+      if (!isTTY) {
+        if (!started) {
+          console.log(`${label}... ${total} files`);
+          started = true;
+        }
+        return;
+      }
+      render(current, suffix);
+    },
+    done(message) {
+      clearLine();
+      if (message) {
+        console.log(message);
+      }
+    }
+  };
+}
+
+// src/utils/ci.ts
+function detectCI() {
+  if (process.env.GITHUB_ACTIONS === "true") {
+    return {
+      name: "github-actions",
+      prNumber: extractGitHubPRNumber(),
+      prTitle: null,
+      commitSha: process.env.GITHUB_SHA || null,
+      branch: process.env.GITHUB_HEAD_REF || process.env.GITHUB_REF_NAME || null,
+      commitMessage: null
+    };
+  }
+  if (process.env.CIRCLECI === "true") {
+    return {
+      name: "circleci",
+      prNumber: extractCircleCIPRNumber(),
+      prTitle: null,
+      commitSha: process.env.CIRCLE_SHA1 || null,
+      branch: process.env.CIRCLE_BRANCH || null,
+      commitMessage: null
+    };
+  }
+  if (process.env.GITLAB_CI === "true") {
+    return {
+      name: "gitlab-ci",
+      prNumber: process.env.CI_MERGE_REQUEST_IID ? parseInt(process.env.CI_MERGE_REQUEST_IID, 10) : null,
+      prTitle: process.env.CI_MERGE_REQUEST_TITLE || null,
+      commitSha: process.env.CI_COMMIT_SHA || null,
+      branch: process.env.CI_COMMIT_REF_NAME || null,
+      commitMessage: process.env.CI_COMMIT_MESSAGE || null
+    };
+  }
+  if (process.env.BITBUCKET_BUILD_NUMBER) {
+    return {
+      name: "bitbucket-pipelines",
+      prNumber: process.env.BITBUCKET_PR_ID ? parseInt(process.env.BITBUCKET_PR_ID, 10) : null,
+      prTitle: null,
+      commitSha: process.env.BITBUCKET_COMMIT || null,
+      branch: process.env.BITBUCKET_BRANCH || null,
+      commitMessage: process.env.BITBUCKET_COMMIT_MESSAGE || null
+    };
+  }
+  if (process.env.TF_BUILD === "True") {
+    return {
+      name: "azure-pipelines",
+      prNumber: process.env.SYSTEM_PULLREQUEST_PULLREQUESTID ? parseInt(process.env.SYSTEM_PULLREQUEST_PULLREQUESTID, 10) : null,
+      prTitle: null,
+      commitSha: process.env.BUILD_SOURCEVERSION || null,
+      branch: process.env.SYSTEM_PULLREQUEST_SOURCEBRANCH || process.env.BUILD_SOURCEBRANCHNAME || null,
+      commitMessage: process.env.BUILD_SOURCEVERSIONMESSAGE || null
+    };
+  }
+  if (process.env.TRAVIS === "true") {
+    const travisPR = process.env.TRAVIS_PULL_REQUEST;
+    return {
+      name: "travis-ci",
+      prNumber: travisPR && travisPR !== "false" ? parseInt(travisPR, 10) : null,
+      prTitle: null,
+      commitSha: process.env.TRAVIS_COMMIT || null,
+      branch: process.env.TRAVIS_PULL_REQUEST_BRANCH || process.env.TRAVIS_BRANCH || null,
+      commitMessage: process.env.TRAVIS_COMMIT_MESSAGE || null
+    };
+  }
+  if (process.env.JENKINS_URL) {
+    return {
+      name: "jenkins",
+      prNumber: extractJenkinsPRNumber(),
+      prTitle: null,
+      commitSha: process.env.GIT_COMMIT || null,
+      branch: process.env.CHANGE_BRANCH || process.env.GIT_BRANCH || null,
+      commitMessage: null
+    };
+  }
+  return null;
+}
+function extractGitHubPRNumber() {
+  const ref = process.env.GITHUB_REF;
+  if (process.env.GITHUB_EVENT_NAME === "pull_request" && ref) {
+    const match = ref.match(/refs\/pull\/(\d+)/);
+    if (match?.[1])
+      return parseInt(match[1], 10);
+  }
+  return null;
+}
+function extractCircleCIPRNumber() {
+  const url = process.env.CIRCLE_PULL_REQUEST;
+  if (url) {
+    const match = url.match(/\/pull\/(\d+)/);
+    if (match?.[1])
+      return parseInt(match[1], 10);
+  }
+  return null;
+}
+function extractJenkinsPRNumber() {
+  const changeId = process.env.CHANGE_ID;
+  if (changeId) {
+    const num = parseInt(changeId, 10);
+    if (!isNaN(num))
+      return num;
+  }
+  return null;
+}
+
 // src/commands/deploy/list.ts
 var deployListCommand = new Command2("list").description("List deployments for a site").argument("<siteSlug>", "Site slug").requiredOption("--org <orgSlug>", "Organization slug").option("--limit <number>", "Number of deployments to show", "10").action(async (siteSlug, options) => {
   const token = loadToken();
@@ -4490,7 +5511,7 @@ var deployListCommand = new Command2("list").description("List deployments for a
       console.error(`❌ ${error.error}`);
       return;
     }
-    const deployments = await res.json();
+    const { data: deployments } = await res.json();
     const limit = parseInt(options.limit, 10);
     const shown = deployments.slice(0, limit);
     if (shown.length === 0) {
@@ -4501,7 +5522,7 @@ var deployListCommand = new Command2("list").description("List deployments for a
 Deployments for ${options.org}/${siteSlug}:
 `);
     for (const d of shown) {
-      const current = d.isCurrent ? " ← current" : "";
+      const current = d.is_current ? " ← current" : "";
       const status = formatStatus2(d.status);
       const date = new Date(d.created_at).toLocaleString();
       console.log(`  ${d.id.slice(0, 8)}  ${status}  ${date}${current}`);
@@ -4545,8 +5566,8 @@ var deployRollbackCommand = new Command2("rollback").description("Rollback to a
     }
     const result = await res.json();
     console.log(`✅ ${result.message}`);
-    console.log(`   Deployment: ${result.deployment.id}`);
-    console.log(`   URL: ${result.deployment.url}`);
+    console.log(`   Deployment: ${result.data.deployment.id}`);
+    console.log(`   URL: ${result.data.deployment.url}`);
   } catch (err) {
     console.error("Failed to rollback:", err.message);
   }
@@ -4571,8 +5592,8 @@ var deployPromoteCommand = new Command2("promote").description("Promote a previe
     }
     const result = await res.json();
     console.log("Deployment promoted to production!");
-    console.log(`   Deployment: ${result.deployment.id}`);
-    console.log(`   URL: ${result.deployment.url}`);
+    console.log(`   Deployment: ${result.data.deployment.id}`);
+    console.log(`   URL: ${result.data.deployment.url}`);
   } catch (err) {
     const message = err instanceof Error ? err.message : "Unknown error";
     console.error("Failed to promote deployment:", message);
@@ -4583,21 +5604,82 @@ var deployPromoteCommand = new Command2("promote").description("Promote a previe
 function slugify(input) {
   return input.toLowerCase().trim().replace(/[^a-z0-9]+/g, "-").replace(/(^-|-$)+/g, "");
 }
+async function verifyDeployment(url, maxRetries = 3, delayMs = 2000) {
+  for (let attempt = 1;attempt <= maxRetries; attempt++) {
+    try {
+      const controller = new AbortController;
+      const timeout = setTimeout(() => controller.abort(), 1e4);
+      const res = await fetch(url, {
+        method: "GET",
+        signal: controller.signal
+      });
+      clearTimeout(timeout);
+      if (res.ok) {
+        return { success: true, status: res.status };
+      }
+      if (attempt < maxRetries) {
+        await new Promise((resolve5) => setTimeout(resolve5, delayMs));
+        continue;
+      }
+      return { success: false, status: res.status };
+    } catch (err) {
+      if (attempt < maxRetries) {
+        await new Promise((resolve5) => setTimeout(resolve5, delayMs));
+        continue;
+      }
+      const error = err instanceof Error ? err.message : "Unknown error";
+      return { success: false, error };
+    }
+  }
+  return { success: false, error: "Max retries exceeded" };
+}
+async function autoRollback(token, orgSlug, siteSlug, currentDeploymentId) {
+  try {
+    const client = getClient(token);
+    const listRes = await client.orgs[":orgSlug"].sites[":siteSlug"].deployments.$get({
+      param: { orgSlug, siteSlug }
+    });
+    if (!listRes.ok) {
+      return { success: false, error: "Failed to fetch deployments" };
+    }
+    const { data: deployments } = await listRes.json();
+    const previousDeployment = deployments.find((d) => d.id !== currentDeploymentId && d.status === "ready");
+    if (!previousDeployment) {
+      return { success: false, error: "No previous deployment to rollback to" };
+    }
+    const rollbackRes = await client.deployments[":id"].rollback.$post({
+      param: { id: previousDeployment.id }
+    });
+    if (!rollbackRes.ok) {
+      return { success: false, error: "Rollback request failed" };
+    }
+    return { success: true, deploymentId: previousDeployment.id };
+  } catch (err) {
+    const error = err instanceof Error ? err.message : "Unknown error";
+    return { success: false, error };
+  }
+}
 async function runCommand(command, cwd) {
   return new Promise((promiseResolve) => {
-    const [cmd, ...args] = command.split(" ");
+    const parts = command.split(" ");
+    const cmd = parts[0];
+    if (!cmd) {
+      promiseResolve({ success: false, output: "Empty command" });
+      return;
+    }
+    const args = parts.slice(1);
     const proc = spawn(cmd, args, {
       cwd,
       shell: true,
       stdio: ["inherit", "pipe", "pipe"]
     });
     let output = "";
-    proc.stdout?.on("data", (data) => {
+    proc.stdout.on("data", (data) => {
       const text = data.toString();
       output += text;
       process.stdout.write(text);
     });
-    proc.stderr?.on("data", (data) => {
+    proc.stderr.on("data", (data) => {
       const text = data.toString();
       output += text;
       process.stderr.write(text);
@@ -4613,12 +5695,12 @@ async function runCommand(command, cwd) {
 async function findBuildDirectory(cwd) {
   const candidates = ["dist", "build", "out", "public", "."];
   for (const dir of candidates) {
-    const fullPath = resolve3(cwd, dir);
+    const fullPath = resolve4(cwd, dir);
     try {
       const stats = await stat2(fullPath);
       if (stats.isDirectory()) {
         try {
-          await stat2(resolve3(fullPath, "index.html"));
+          await stat2(resolve4(fullPath, "index.html"));
           return fullPath;
         } catch {
           if (dir !== ".")
@@ -4630,22 +5712,25 @@ async function findBuildDirectory(cwd) {
   }
   return null;
 }
-async function uploadArchive(token, uploadUrl, archive) {
-  const res = await fetch(uploadUrl, {
+async function uploadArchive(token, uploadUrl, archive, onRetry) {
+  const res = await fetchWithRetry(uploadUrl, {
     method: "POST",
     headers: {
       "Content-Type": "application/gzip",
       Authorization: `Bearer ${token}`
     },
     body: archive
+  }, {
+    maxRetries: 3,
+    onRetry
   });
   return res.ok;
 }
-var deployCommand = new Command2("deploy").description("Deploy a site").argument("[site]", "Site slug").option("--org <org>", "Organization slug").option("--dir <directory>", "Directory to deploy (default: auto-detect)").option("--build", "Run build command before deploying").option("--no-build", "Skip build step").option("--build-command <command>", "Override build command").option("--install", "Run install command before building").option("--preview", "Deploy without setting as current (preview only)").option("--pr <number>", "PR number (for GitHub Actions)").option("--pr-title <title>", "PR title").option("--commit <sha>", "Commit SHA").option("--commit-message <message>", "Commit message").option("--branch <branch>", "Branch name").option("--github-output", "Output deployment info in GitHub Actions format").enablePositionalOptions().addCommand(deployListCommand).addCommand(deployRollbackCommand).addCommand(deployPromoteCommand).action(async (siteSlugArg, options) => {
+var deployCommand = new Command2("deploy").description("Deploy a site").argument("[site]", "Site slug").option("--org <org>", "Organization slug").option("--dir <directory>", "Directory to deploy (default: auto-detect)").option("--build", "Run build command before deploying").option("--no-build", "Skip build step").option("--build-command <command>", "Override build command").option("--install", "Run install command before building").option("--preview", "Deploy without setting as current (preview only)").option("--prod", "Force production deploy (override auto-preview for PRs)").option("--no-verify", "Skip deployment verification").option("--no-auto-rollback", "Disable automatic rollback on verification failure").option("--pr <number>", "PR number (for GitHub Actions)").option("--pr-title <title>", "PR title").option("--commit <sha>", "Commit SHA").option("--commit-message <message>", "Commit message").option("--branch <branch>", "Branch name").option("--github-output", "Output deployment info in GitHub Actions format").enablePositionalOptions().addCommand(deployListCommand).addCommand(deployRollbackCommand).addCommand(deployPromoteCommand).action(async (siteSlugArg, options) => {
   const cwd = process.cwd();
   const token = loadToken();
   if (!token) {
-    console.log("Not logged in. Run: zerodeploy login");
+    displayAuthError();
     return;
   }
   const config = loadProjectConfig(cwd);
@@ -4687,12 +5772,12 @@ var deployCommand = new Command2("deploy").description("Deploy a site").argument
         console.log(`Error: ${error.error || "Failed to create site"}`);
         return;
       }
-      const site = await createRes.json();
+      const { data: site } = await createRes.json();
       siteSlug = site.slug;
       console.log(`Created site: ${site.subdomain}.zerodeploy.app`);
       const configPath = getConfigPath(cwd);
       const newConfig = { org: orgSlug, site: siteSlug, dir: dirOption || config.dir };
-      await writeFile(configPath, JSON.stringify(newConfig, null, 2) + `
+      await writeFile2(configPath, JSON.stringify(newConfig, null, 2) + `
 `);
       console.log(`Saved config to zerodeploy.json`);
       console.log("");
@@ -4703,13 +5788,57 @@ var deployCommand = new Command2("deploy").description("Deploy a site").argument
     console.log(`Detected: ${framework.name}`);
   }
   const shouldBuild = options.build === true;
-  if (options.install) {
-    const installCmd = config.install || framework?.installCommand || "npm install";
-    console.log(`
-Installing dependencies...`);
-    console.log(`> ${installCmd}
-`);
-    const installResult = await runCommand(installCmd, cwd);
+  if (shouldBuild || options.install) {
+    const spinner = createSpinner("Checking deployment limits...");
+    spinner.start();
+    try {
+      const client = getClient(token);
+      const sitesRes = await client.orgs[":orgSlug"].sites.$get({
+        param: { orgSlug }
+      });
+      if (!sitesRes.ok) {
+        spinner.fail("Pre-flight check failed");
+        const body = await sitesRes.json();
+        displayError(parseApiError(body));
+        return;
+      }
+      const { data: sites } = await sitesRes.json();
+      const siteExists = sites.some((s) => s.slug === siteSlug);
+      if (!siteExists) {
+        spinner.fail("Pre-flight check failed");
+        displayError({ code: "site_not_found", message: `Site "${siteSlug}" not found in organization "${orgSlug}"` });
+        return;
+      }
+      const usageRes = await client.auth.me.usage.$get();
+      if (usageRes.ok) {
+        const usage = await usageRes.json();
+        const org = usage.orgs.find((o) => o.slug === orgSlug);
+        if (org) {
+          const monthlyUsage = org.deployments_this_month;
+          const monthlyLimit = usage.limits.max_deployments_per_month;
+          const percentUsed = Math.round(monthlyUsage / monthlyLimit * 100);
+          if (percentUsed >= 90) {
+            spinner.warn(`Approaching monthly deployment limit (${monthlyUsage}/${monthlyLimit})`);
+          } else {
+            spinner.succeed("Pre-flight check passed");
+          }
+        } else {
+          spinner.succeed("Pre-flight check passed");
+        }
+      } else {
+        spinner.succeed("Pre-flight check passed");
+      }
+    } catch (err) {
+      spinner.warn("Could not verify limits (will check during deploy)");
+    }
+  }
+  if (options.install) {
+    const installCmd = config.install || framework?.installCommand || "npm install";
+    console.log(`
+Installing dependencies...`);
+    console.log(`> ${installCmd}
+`);
+    const installResult = await runCommand(installCmd, cwd);
     if (!installResult.success) {
       console.log(`
 Error: Install failed`);
@@ -4733,7 +5862,7 @@ Error: Build failed`);
   }
   let deployDir;
   if (dirOption) {
-    deployDir = resolve3(cwd, dirOption);
+    deployDir = resolve4(cwd, dirOption);
     try {
       const stats = await stat2(deployDir);
       if (!stats.isDirectory()) {
@@ -4745,7 +5874,7 @@ Error: Build failed`);
       return;
     }
   } else {
-    const detected = framework ? resolve3(cwd, framework.outputDir) : await findBuildDirectory(cwd);
+    const detected = framework ? resolve4(cwd, framework.outputDir) : await findBuildDirectory(cwd);
     if (!detected) {
       console.log("Error: Could not find build directory. Use --dir to specify.");
       return;
@@ -4770,92 +5899,150 @@ Error: Build failed`);
     return;
   }
   const totalSize = files.reduce((sum, f) => sum + f.size, 0);
-  console.log(`Found ${files.length} files (${formatBytes(totalSize)})`);
+  console.log(`Found ${files.length} files (${formatBytes2(totalSize)})`);
   try {
     const client = getClient(token);
+    const ci = detectCI();
+    if (ci) {
+      console.log(`Detected CI: ${ci.name}`);
+      if (ci.prNumber)
+        console.log(`  PR: #${ci.prNumber}`);
+      if (ci.commitSha)
+        console.log(`  Commit: ${ci.commitSha.slice(0, 7)}`);
+      if (ci.branch)
+        console.log(`  Branch: ${ci.branch}`);
+      console.log("");
+    }
+    const isPreview = options.preview === true || !options.prod && ci?.prNumber != null;
+    if (!options.preview && !options.prod && ci?.prNumber != null) {
+      console.log("Auto-preview enabled for PR deployment");
+      console.log("  Use --prod to deploy to production instead");
+      console.log("");
+    }
     const deployPayload = { siteSlug, orgSlug };
-    if (options.pr) {
-      deployPayload.prNumber = parseInt(options.pr, 10);
+    const prNumber = options.pr ? parseInt(options.pr, 10) : ci?.prNumber;
+    if (prNumber) {
+      deployPayload.prNumber = prNumber;
     }
-    if (options.prTitle) {
-      deployPayload.prTitle = options.prTitle;
+    const prTitle = options.prTitle ?? ci?.prTitle;
+    if (prTitle) {
+      deployPayload.prTitle = prTitle;
     }
-    if (options.commit) {
-      deployPayload.commitSha = options.commit;
+    const commitSha = options.commit ?? ci?.commitSha;
+    if (commitSha) {
+      deployPayload.commitSha = commitSha;
     }
-    if (options.commitMessage) {
-      deployPayload.commitMessage = options.commitMessage;
+    const commitMessage = options.commitMessage ?? ci?.commitMessage;
+    if (commitMessage) {
+      deployPayload.commitMessage = commitMessage;
     }
-    if (options.branch) {
-      deployPayload.branch = options.branch;
+    const branch = options.branch ?? ci?.branch;
+    if (branch) {
+      deployPayload.branch = branch;
     }
     const createRes = await client.deployments.$post({
       json: deployPayload
     });
     if (!createRes.ok) {
       const body = await createRes.json();
-      let message = "Failed to create deployment";
-      if (typeof body.error === "string") {
-        message = body.error;
-      } else if (typeof body.message === "string") {
-        message = body.message;
-      } else if (body.success === false && body.error && typeof body.error === "object") {
-        const zodError = body.error;
-        if (zodError.issues?.[0]) {
-          const issue = zodError.issues[0];
-          const field = issue.path?.join(".") || "";
-          message = field ? `${field}: ${issue.message}` : issue.message;
-        } else if (zodError.message) {
-          try {
-            const issues = JSON.parse(zodError.message);
-            if (issues[0]) {
-              const field = issues[0].path?.join(".") || "";
-              message = field ? `${field}: ${issues[0].message}` : issues[0].message;
-            }
-          } catch {
-            message = zodError.message;
-          }
-        }
-      }
-      console.log(`Error: ${message}`);
+      displayError(parseApiError(body));
       return;
     }
-    const deployment = await createRes.json();
+    const { data: deployment } = await createRes.json();
     console.log(`Created deployment: ${deployment.id}`);
-    console.log("Creating archive...");
-    const archive = await createTarGz(files);
-    console.log(`  ${formatBytes(totalSize)} -> ${formatBytes(archive.length)} (${formatCompression(totalSize, archive.length)})`);
-    console.log("Uploading...");
+    const progressBar2 = createProgressBar({ total: files.length, label: "Archiving" });
+    const archive = await createTarGz(files, (current, total) => {
+      progressBar2.update(current);
+    });
+    progressBar2.done();
+    console.log(`  ${formatBytes2(totalSize)} -> ${formatBytes2(archive.length)} (${formatCompression(totalSize, archive.length)})`);
+    const uploadSpinner = createSpinner(`Uploading (${formatBytes2(archive.length)})...`);
+    uploadSpinner.start();
     const uploadUrl = deployment.uploadUrl || `${API_URL}/deployments/${deployment.id}/upload`;
-    const uploadSuccess = await uploadArchive(token, uploadUrl, archive);
+    const uploadSuccess = await uploadArchive(token, uploadUrl, archive, (attempt, error, delayMs) => {
+      uploadSpinner.update(`Uploading... ${formatRetryMessage(attempt, 3, error)}, retrying in ${Math.round(delayMs / 1000)}s`);
+    });
     if (!uploadSuccess) {
-      console.log("Error: Failed to upload archive");
+      uploadSpinner.stop("Error: Failed to upload archive");
       return;
     }
-    console.log(`  Uploaded ${formatBytes(archive.length)}`);
-    console.log("Finalizing...");
-    const finalizeRes = await fetch(`${API_URL}/deployments/${deployment.id}/finalize`, {
+    uploadSpinner.stop(`  Uploaded ${formatBytes2(archive.length)}`);
+    const finalizeSpinner = createSpinner("Finalizing...");
+    finalizeSpinner.start();
+    const finalizeRes = await fetchWithRetry(`${API_URL}/deployments/${deployment.id}/finalize`, {
       method: "POST",
       headers: {
         "Content-Type": "application/json",
         Authorization: `Bearer ${token}`
       },
-      body: JSON.stringify({ preview: options.preview || false })
+      body: JSON.stringify({ preview: isPreview })
+    }, {
+      maxRetries: 3,
+      onRetry: (attempt, error, delayMs) => {
+        finalizeSpinner.update(`Finalizing... ${formatRetryMessage(attempt, 3, error)}, retrying in ${Math.round(delayMs / 1000)}s`);
+      }
     });
     if (!finalizeRes.ok) {
-      console.log("Error: Failed to finalize deployment");
+      finalizeSpinner.stop("Error: Failed to finalize deployment");
       return;
     }
+    finalizeSpinner.stop();
+    const verifyUrl = isPreview ? deployment.previewUrl : deployment.url;
+    let verified = false;
+    if (options.verify !== false) {
+      const verifySpinner = createSpinner("Verifying...");
+      verifySpinner.start();
+      const verification = await verifyDeployment(verifyUrl);
+      verified = verification.success;
+      if (!verified) {
+        verifySpinner.stop();
+        console.log("");
+        console.log("Warning: Could not verify deployment");
+        if (verification.status) {
+          console.log(`  Received status ${verification.status}`);
+        } else if (verification.error) {
+          console.log(`  ${verification.error}`);
+        }
+        if (options.autoRollback !== false && !isPreview) {
+          console.log("");
+          console.log("Auto-rolling back to previous deployment...");
+          const rollback = await autoRollback(token, orgSlug, siteSlug, deployment.id);
+          if (rollback.success) {
+            console.log(`Rolled back to ${rollback.deploymentId?.slice(0, 8)}`);
+            console.log("");
+            console.log("Deployment failed verification and was rolled back.");
+            console.log(`Failed deployment: ${deployment.id.slice(0, 8)}`);
+            console.log(`Check manually: ${verifyUrl}`);
+            return;
+          } else {
+            console.log(`  Could not auto-rollback: ${rollback.error}`);
+            console.log(`  The site may still be propagating. Check manually: ${verifyUrl}`);
+          }
+        } else {
+          console.log(`  The site may still be propagating. Check manually: ${verifyUrl}`);
+        }
+      } else {
+        verifySpinner.stop();
+      }
+    }
     console.log("");
-    if (options.preview) {
+    if (isPreview) {
       console.log("Preview deployment created!");
-      console.log(`Preview: ${deployment.previewUrl}`);
+      if (verified) {
+        console.log(`Preview: ${deployment.previewUrl} (verified)`);
+      } else {
+        console.log(`Preview: ${deployment.previewUrl}`);
+      }
       console.log("");
       console.log(`To make this deployment live, run:`);
       console.log(`  zerodeploy deploy promote ${deployment.id.slice(0, 8)}`);
     } else {
       console.log("Deployment successful!");
-      console.log(`URL:     ${deployment.url}`);
+      if (verified) {
+        console.log(`URL:     ${deployment.url} (verified)`);
+      } else {
+        console.log(`URL:     ${deployment.url}`);
+      }
       console.log(`Preview: ${deployment.previewUrl}`);
     }
     if (options.githubOutput) {
@@ -4867,35 +6054,48 @@ Error: Build failed`);
         appendFileSync(githubOutputFile, `deployment_url=${deployment.url}
 `);
         appendFileSync(githubOutputFile, `preview_url=${deployment.previewUrl}
+`);
+        appendFileSync(githubOutputFile, `is_preview=${isPreview}
 `);
       } else {
         console.log("");
         console.log("::set-output name=deployment_id::" + deployment.id);
         console.log("::set-output name=deployment_url::" + deployment.url);
         console.log("::set-output name=preview_url::" + deployment.previewUrl);
+        console.log("::set-output name=is_preview::" + isPreview);
       }
     }
   } catch (err) {
-    const message = err instanceof Error ? err.message : "Unknown error";
-    console.log(`Deploy failed: ${message}`);
+    if (err instanceof Error) {
+      displayNetworkError(err);
+    } else {
+      displayError({
+        code: "unknown_error",
+        message: "Deploy failed: Unknown error"
+      });
+    }
   }
 });
 
 // src/commands/deployments/list.ts
-var deploymentsListCommand = new Command2("list").description("List deployments for a site").argument("<site>", "Site slug").requiredOption("--org <org>", "Organization slug").action(async (site, options) => {
+var deploymentsListCommand = new Command2("list").description("List deployments for a site").argument("<site>", "Site slug").requiredOption("--org <org>", "Organization slug").option("--json", "Output as JSON").action(async (site, options) => {
   const token = loadToken();
   if (!token) {
-    console.log("Not logged in. Run: zerodeploy login");
-    return;
+    handleAuthError();
   }
   try {
     const client = getClient(token);
     const res = await client.orgs[":orgSlug"].sites[":siteSlug"].deployments.$get({
       param: { orgSlug: options.org, siteSlug: site }
     });
-    if (!res.ok)
-      throw new Error(`API Error ${res.status}`);
-    const deployments = await res.json();
+    if (!res.ok) {
+      await handleApiError(res);
+    }
+    const { data: deployments } = await res.json();
+    if (options.json) {
+      console.log(JSON.stringify(deployments, null, 2));
+      return;
+    }
     if (deployments.length === 0) {
       console.log("No deployments found.");
       return;
@@ -4903,7 +6103,7 @@ var deploymentsListCommand = new Command2("list").description("List deployments
     console.log("Deployments:");
     console.log();
     for (const d of deployments) {
-      const current = d.isCurrent ? " (current)" : "";
+      const current = d.is_current ? " (current)" : "";
       const date = new Date(d.created_at).toLocaleString();
       const shortId = d.id.slice(0, 8);
       const commit = d.commit_sha ? ` [${d.commit_sha.slice(0, 7)}]` : "";
@@ -4911,26 +6111,133 @@ var deploymentsListCommand = new Command2("list").description("List deployments
       const message = d.commit_message ? ` - ${(d.commit_message.split(`
 `)[0] ?? "").slice(0, 50)}` : "";
       console.log(`  ${shortId}  ${d.status.padEnd(10)}  ${date}${current}`);
+      console.log(`           ${d.preview_url}`);
       if (commit || message) {
-        console.log(`           ${commit}${branch}${message}`);
+        console.log(`          ${commit}${branch}${message}`);
       }
       console.log();
     }
   } catch (err) {
-    const message = err instanceof Error ? err.message : "Unknown error";
-    console.error("Failed to list deployments:", message);
+    const message = err instanceof Error ? err.message : String(err);
+    displayError({ code: "network_error", message: `Failed to list deployments: ${message}` });
+    process.exit(ExitCode.NETWORK_ERROR);
+  }
+});
+
+// src/commands/deployments/show.ts
+function formatBytes3(bytes) {
+  if (bytes === 0)
+    return "0 B";
+  const k = 1024;
+  const sizes = ["B", "KB", "MB", "GB"];
+  const i2 = Math.floor(Math.log(bytes) / Math.log(k));
+  return parseFloat((bytes / Math.pow(k, i2)).toFixed(1)) + " " + sizes[i2];
+}
+function formatStatus3(status) {
+  switch (status) {
+    case "pending":
+      return "Pending";
+    case "uploading":
+      return "Uploading";
+    case "processing":
+      return "Processing";
+    case "ready":
+      return "Ready";
+    case "failed":
+      return "Failed";
+    default:
+      return status;
+  }
+}
+var deploymentsShowCommand = new Command2("show").description("View deployment details").argument("<id>", "Deployment ID (full or short)").option("--json", "Output as JSON").action(async (id, options) => {
+  const token = loadToken();
+  if (!token) {
+    handleAuthError();
+  }
+  try {
+    const client = getClient(token);
+    const res = await client.deployments[":id"].$get({
+      param: { id }
+    });
+    if (!res.ok) {
+      if (res.status === 404) {
+        displayError({
+          code: "not_found",
+          message: `Deployment not found: ${id}`,
+          hint: "Use the full deployment ID or at least 8 characters."
+        });
+        process.exit(ExitCode.NOT_FOUND);
+      }
+      await handleApiError(res);
+    }
+    const { data: d } = await res.json();
+    if (options.json) {
+      console.log(JSON.stringify(d, null, 2));
+      return;
+    }
+    console.log("Deployment Details");
+    console.log("=".repeat(50));
+    console.log();
+    console.log(`ID:        ${d.id}`);
+    console.log(`Status:    ${formatStatus3(d.status)}`);
+    console.log(`Created:   ${new Date(d.created_at).toLocaleString()}`);
+    console.log();
+    console.log("URLs");
+    console.log("-".repeat(50));
+    console.log(`Production:  ${d.url}`);
+    console.log(`Preview:     ${d.preview_url}`);
+    console.log();
+    if (d.commit_sha || d.branch || d.pr_number) {
+      console.log("Git Info");
+      console.log("-".repeat(50));
+      if (d.branch) {
+        console.log(`Branch:    ${d.branch}`);
+      }
+      if (d.commit_sha) {
+        console.log(`Commit:    ${d.commit_sha}`);
+      }
+      if (d.commit_message) {
+        const firstLine = d.commit_message.split(`
+`)[0] ?? "";
+        console.log(`Message:   ${firstLine.slice(0, 60)}${firstLine.length > 60 ? "..." : ""}`);
+      }
+      if (d.pr_number) {
+        console.log(`PR:        #${d.pr_number}${d.pr_title ? ` - ${d.pr_title}` : ""}`);
+      }
+      console.log();
+    }
+    console.log("Files");
+    console.log("-".repeat(50));
+    console.log(`Count:     ${d.file_count.toLocaleString()} files`);
+    console.log(`Size:      ${formatBytes3(d.total_size_bytes)}`);
+    console.log();
+    if (d.status === "failed" && d.error_message) {
+      console.log("Error");
+      console.log("-".repeat(50));
+      console.log(d.error_message);
+      console.log();
+    }
+    if (d.status === "ready") {
+      console.log("Actions");
+      console.log("-".repeat(50));
+      console.log(`Rollback to this deployment:`);
+      console.log(`  zerodeploy rollback <site> --org <org> --to ${d.id.slice(0, 8)}`);
+    }
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    displayError({ code: "network_error", message: `Failed to get deployment: ${message}` });
+    process.exit(ExitCode.NETWORK_ERROR);
   }
 });
 
 // src/commands/deployments/index.ts
-var deploymentsCommand = new Command2("deployments").description("Manage deployments").addCommand(deploymentsListCommand);
+var deploymentsCommand = new Command2("deployments").description("Manage deployments").addCommand(deploymentsListCommand).addCommand(deploymentsShowCommand);
 
 // src/commands/rollback.ts
 var rollbackCommand = new Command2("rollback").description("Rollback a site to a previous deployment").argument("<site>", "Site slug").requiredOption("--org <org>", "Organization slug").option("--to <deploymentId>", "Deployment ID to rollback to (defaults to previous deployment)").action(async (site, options) => {
   const token = loadToken();
   if (!token) {
-    console.log("Not logged in. Run: zerodeploy login");
-    return;
+    handleAuthError();
   }
   try {
     const client = getClient(token);
@@ -4939,15 +6246,16 @@ var rollbackCommand = new Command2("rollback").description("Rollback a site to a
       const listRes = await client.orgs[":orgSlug"].sites[":siteSlug"].deployments.$get({
         param: { orgSlug: options.org, siteSlug: site }
       });
-      if (!listRes.ok)
-        throw new Error(`API Error ${listRes.status}`);
-      const deployments = await listRes.json();
+      if (!listRes.ok) {
+        await handleApiError(listRes);
+      }
+      const { data: deployments } = await listRes.json();
       const readyDeployments = deployments.filter((d) => d.status === "ready");
       if (readyDeployments.length < 2) {
-        console.log("No previous deployment to rollback to.");
-        return;
+        displayError({ code: "validation_error", message: "No previous deployment to rollback to." });
+        process.exit(ExitCode.VALIDATION_ERROR);
       }
-      const currentIndex = readyDeployments.findIndex((d) => d.isCurrent);
+      const currentIndex = readyDeployments.findIndex((d) => d.is_current);
       if (currentIndex === -1 || currentIndex >= readyDeployments.length - 1) {
         deploymentId = readyDeployments[1].id;
       } else {
@@ -4958,146 +6266,402 @@ var rollbackCommand = new Command2("rollback").description("Rollback a site to a
       param: { id: deploymentId }
     });
     if (!res.ok) {
-      const error = await res.json();
-      throw new Error(error.error || `API Error ${res.status}`);
+      await handleApiError(res);
     }
     const result = await res.json();
-    const shortId = result.deployment.id.slice(0, 8);
-    const commit = result.deployment.commit_sha ? ` (${result.deployment.commit_sha.slice(0, 7)})` : "";
+    const shortId = result.data.deployment.id.slice(0, 8);
+    const commit = result.data.deployment.commit_sha ? ` (${result.data.deployment.commit_sha.slice(0, 7)})` : "";
     console.log(`Rolled back to deployment ${shortId}${commit}`);
-    console.log(`URL: ${result.deployment.url}`);
+    console.log(`URL: ${result.data.deployment.url}`);
   } catch (err) {
-    const message = err instanceof Error ? err.message : "Unknown error";
-    console.error("Failed to rollback:", message);
+    const message = err instanceof Error ? err.message : String(err);
+    displayError({ code: "network_error", message: `Failed to rollback: ${message}` });
+    process.exit(ExitCode.NETWORK_ERROR);
   }
 });
 
 // src/commands/token/create.ts
-var tokenCreateCommand = new Command2("create").description("Create a deploy token for a site").argument("<name>", 'Token name (e.g., "GitHub Actions")').requiredOption("--org <orgSlug>", "Organization slug").requiredOption("--site <siteSlug>", "Site slug").action(async (name, options) => {
+var tokenCreateCommand = new Command2("create").description("Create an API token").argument("<name>", 'Token name (e.g., "GitHub Actions", "CI Pipeline")').option("--site <siteId>", "Create a site-scoped deploy token (instead of a PAT)").option("--org <orgSlug>", "Create an org-scoped deploy token (instead of a PAT)").option("--expires <days>", "Token expiration in days (default: never)", parseInt).option("--json", "Output as JSON").action(async (name, options) => {
   const token = loadToken();
   if (!token) {
-    console.log("Not logged in. Run: zerodeploy login");
-    return;
+    handleAuthError();
+  }
+  if (options.site && options.org) {
+    displayError({ code: "validation_error", message: "--site and --org cannot be used together" });
+    process.exit(ExitCode.VALIDATION_ERROR);
   }
   try {
-    const res = await fetch(`${API_URL}/orgs/${options.org}/sites/${options.site}/tokens`, {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-        Authorization: `Bearer ${token}`
-      },
-      body: JSON.stringify({ name })
-    });
+    const client = getClient(token);
+    let scopeType = "user";
+    let permissions = ["*"];
+    if (options.site) {
+      scopeType = "site";
+      permissions = ["deploy"];
+    } else if (options.org) {
+      scopeType = "org";
+      permissions = ["deploy"];
+    }
+    const body = {
+      name,
+      scope_type: scopeType,
+      permissions
+    };
+    if (options.site) {
+      body.site_id = options.site;
+    }
+    if (options.org) {
+      body.org_slug = options.org;
+    }
+    if (options.expires) {
+      body.expires_in_days = options.expires;
+    }
+    const res = await client.tokens.$post({ json: body });
     if (!res.ok) {
-      const error = await res.json();
-      console.log(`Error: ${error.error || "Failed to create token"}`);
+      await handleApiError(res);
+    }
+    const { data: result } = await res.json();
+    if (options.json) {
+      console.log(JSON.stringify(result, null, 2));
       return;
     }
-    const result = await res.json();
+    let typeLabel = "Personal Access Token (PAT)";
+    if (result.scope_type === "site") {
+      typeLabel = "Site Deploy Token";
+    } else if (result.scope_type === "org") {
+      typeLabel = "Org Deploy Token";
+    }
     console.log("");
-    console.log("Deploy token created successfully!");
+    console.log(`${typeLabel} created successfully!`);
     console.log("");
-    console.log(`Name:  ${result.name}`);
-    console.log(`ID:    ${result.id}`);
+    console.log(`Name:        ${result.name}`);
+    console.log(`ID:          ${result.id}`);
+    console.log(`Prefix:      ${result.token_prefix}`);
+    console.log(`Permissions: ${result.permissions.join(", ")}`);
+    if (result.org_slug) {
+      console.log(`Org:         ${result.org_slug}`);
+    }
+    if (result.expires_at) {
+      console.log(`Expires:     ${new Date(result.expires_at).toLocaleDateString()}`);
+    }
     console.log("");
     console.log("Token (save this - it will not be shown again):");
     console.log("");
     console.log(`  ${result.token}`);
     console.log("");
-    console.log("Usage in GitHub Actions:");
-    console.log("  Add this token as a repository secret named ZERODEPLOY_TOKEN");
+    if (result.scope_type === "site" || result.scope_type === "org") {
+      console.log("Usage in GitHub Actions:");
+      console.log("  Add this token as a repository secret named ZERODEPLOY_TOKEN");
+      if (result.scope_type === "org") {
+        console.log("  This token can deploy to any site in the organization.");
+      }
+    } else {
+      console.log("Usage:");
+      console.log("  Use this token in the Authorization header:");
+      console.log("  Authorization: Bearer <token>");
+    }
     console.log("");
   } catch (err) {
-    const message = err instanceof Error ? err.message : "Unknown error";
-    console.log(`Failed to create token: ${message}`);
+    const message = err instanceof Error ? err.message : String(err);
+    displayError({ code: "network_error", message: `Failed to create token: ${message}` });
+    process.exit(ExitCode.NETWORK_ERROR);
   }
 });
 
 // src/commands/token/list.ts
-var tokenListCommand = new Command2("list").description("List deploy tokens for a site").requiredOption("--org <orgSlug>", "Organization slug").requiredOption("--site <siteSlug>", "Site slug").action(async (options) => {
+var tokenListCommand = new Command2("list").description("List API tokens").option("--site <siteId>", "Filter by site ID (for site-scoped deploy tokens)").option("--org <orgId>", "Filter by org ID (for org-scoped deploy tokens)").option("--type <type>", "Filter by type: user (PAT), site, or org (deploy tokens)", "all").option("--json", "Output as JSON").action(async (options) => {
   const token = loadToken();
   if (!token) {
-    console.log("Not logged in. Run: zerodeploy login");
-    return;
+    handleAuthError();
   }
   try {
-    const res = await fetch(`${API_URL}/orgs/${options.org}/sites/${options.site}/tokens`, {
-      headers: {
-        Authorization: `Bearer ${token}`
-      }
-    });
+    const client = getClient(token);
+    const query = {};
+    if (options.type === "user") {
+      query.scope_type = "user";
+    } else if (options.type === "site") {
+      query.scope_type = "site";
+    } else if (options.type === "org") {
+      query.scope_type = "org";
+    }
+    if (options.site) {
+      query.site_id = options.site;
+    }
+    if (options.org) {
+      query.org_id = options.org;
+    }
+    const res = await client.tokens.$get({ query });
     if (!res.ok) {
-      const error = await res.json();
-      console.log(`Error: ${error.error || "Failed to list tokens"}`);
+      await handleApiError(res);
+    }
+    const { data: tokens } = await res.json();
+    if (options.json) {
+      console.log(JSON.stringify(tokens, null, 2));
       return;
     }
-    const tokens = await res.json();
     if (tokens.length === 0) {
-      console.log(`No deploy tokens for ${options.org}/${options.site}`);
+      console.log("No API tokens found");
+      if (options.type !== "all") {
+        console.log(`(filtered by type: ${options.type})`);
+      }
       return;
     }
-    console.log(`Deploy tokens for ${options.org}/${options.site}:`);
+    console.log("API Tokens:");
     console.log("");
     for (const t of tokens) {
       const created = new Date(t.created_at).toLocaleDateString();
       const lastUsed = t.last_used_at ? new Date(t.last_used_at).toLocaleDateString() : "Never";
-      console.log(`  ${t.id.slice(0, 8)}  ${t.name.padEnd(20)}  Created: ${created}  Last used: ${lastUsed}`);
+      const expires = t.expires_at ? new Date(t.expires_at).toLocaleDateString() : "Never";
+      let typeLabel = "PAT";
+      if (t.scope_type === "site") {
+        typeLabel = "Site";
+      } else if (t.scope_type === "org") {
+        typeLabel = "Org";
+      }
+      const permissions = t.permissions.join(", ");
+      console.log(`  ${t.token_prefix.padEnd(14)}  ${t.name.padEnd(20)}  [${typeLabel}]`);
+      console.log(`                  Created: ${created}  Last used: ${lastUsed}  Expires: ${expires}`);
+      console.log(`                  Permissions: ${permissions}`);
+      if (t.site_id) {
+        console.log(`                  Site ID: ${t.site_id}`);
+      }
+      if (t.org_slug) {
+        console.log(`                  Org: ${t.org_slug}`);
+      }
+      console.log("");
     }
-    console.log("");
   } catch (err) {
-    const message = err instanceof Error ? err.message : "Unknown error";
-    console.log(`Failed to list tokens: ${message}`);
+    const message = err instanceof Error ? err.message : String(err);
+    displayError({ code: "network_error", message: `Failed to list tokens: ${message}` });
+    process.exit(ExitCode.NETWORK_ERROR);
   }
 });
 
 // src/commands/token/delete.ts
-var tokenDeleteCommand = new Command2("delete").description("Delete a deploy token").argument("<tokenId>", "Token ID (or first 8 characters)").requiredOption("--org <orgSlug>", "Organization slug").requiredOption("--site <siteSlug>", "Site slug").action(async (tokenId, options) => {
+var tokenDeleteCommand = new Command2("delete").description("Delete an API token").argument("<tokenId>", 'Token ID or token prefix (e.g., "zd_abc12345")').action(async (tokenIdOrPrefix) => {
   const token = loadToken();
   if (!token) {
-    console.log("Not logged in. Run: zerodeploy login");
-    return;
+    handleAuthError();
   }
   try {
-    let fullTokenId = tokenId;
-    if (tokenId.length < 36) {
-      const listRes = await fetch(`${API_URL}/orgs/${options.org}/sites/${options.site}/tokens`, {
-        headers: {
-          Authorization: `Bearer ${token}`
-        }
-      });
+    const client = getClient(token);
+    let fullTokenId = tokenIdOrPrefix;
+    if (tokenIdOrPrefix.length < 36) {
+      const listRes = await client.tokens.$get({ query: {} });
       if (!listRes.ok) {
-        const error = await listRes.json();
-        console.log(`Error: ${error.error || "Failed to find token"}`);
-        return;
+        await handleApiError(listRes);
       }
-      const tokens = await listRes.json();
-      const match = tokens.find((t) => t.id.startsWith(tokenId));
+      const { data: tokens } = await listRes.json();
+      const match = tokens.find((t) => t.token_prefix === tokenIdOrPrefix || t.token_prefix.startsWith(tokenIdOrPrefix) || t.id.startsWith(tokenIdOrPrefix));
       if (!match) {
-        console.log(`Error: No token found starting with "${tokenId}"`);
-        return;
+        displayError({ code: "not_found", message: `No token found matching "${tokenIdOrPrefix}"`, hint: "Use `zerodeploy token list` to see available tokens" });
+        process.exit(ExitCode.NOT_FOUND);
       }
       fullTokenId = match.id;
+      console.log(`Found token: ${match.name} (${match.token_prefix})`);
     }
-    const res = await fetch(`${API_URL}/orgs/${options.org}/sites/${options.site}/tokens/${fullTokenId}`, {
-      method: "DELETE",
-      headers: {
-        Authorization: `Bearer ${token}`
-      }
+    const res = await client.tokens[":tokenId"].$delete({
+      param: { tokenId: fullTokenId }
     });
     if (!res.ok) {
-      const error = await res.json();
-      console.log(`Error: ${error.error || "Failed to delete token"}`);
-      return;
+      await handleApiError(res);
     }
     console.log("Token deleted successfully");
   } catch (err) {
-    const message = err instanceof Error ? err.message : "Unknown error";
-    console.log(`Failed to delete token: ${message}`);
+    const message = err instanceof Error ? err.message : String(err);
+    displayError({ code: "network_error", message: `Failed to delete token: ${message}` });
+    process.exit(ExitCode.NETWORK_ERROR);
   }
 });
 
 // src/commands/token/index.ts
-var tokenCommand = new Command2("token").description("Manage deploy tokens for CI/CD").addCommand(tokenCreateCommand).addCommand(tokenListCommand).addCommand(tokenDeleteCommand);
+var tokenCommand = new Command2("token").description("Manage API tokens (PATs and deploy tokens)").addCommand(tokenCreateCommand).addCommand(tokenListCommand).addCommand(tokenDeleteCommand);
+
+// src/commands/billing/index.ts
+function formatCents(cents) {
+  return `$${(cents / 100).toFixed(2)}`;
+}
+function formatDate(dateStr) {
+  return new Date(dateStr).toLocaleDateString("en-US", {
+    year: "numeric",
+    month: "short",
+    day: "numeric"
+  });
+}
+function formatMonth(monthStr) {
+  const [year, month] = monthStr.split("-");
+  return new Date(Number(year), Number(month) - 1).toLocaleDateString("en-US", {
+    year: "numeric",
+    month: "long"
+  });
+}
+function getReasonLabel(reason) {
+  const labels = {
+    beta_credit: "Beta Credit",
+    promo_credit: "Promotional Credit",
+    support_credit: "Support Credit",
+    refund: "Refund"
+  };
+  return labels[reason] || reason;
+}
+var billingUsageCommand = new Command2("usage").description("Show account balance and current period usage").option("--json", "Output as JSON").action(async (options) => {
+  const token = loadToken();
+  if (!token) {
+    handleAuthError();
+  }
+  try {
+    const client = getClient(token);
+    const res = await client.billing.usage.$get();
+    if (!res.ok) {
+      await handleApiError(res);
+    }
+    const { data } = await res.json();
+    if (options.json) {
+      console.log(JSON.stringify(data, null, 2));
+      return;
+    }
+    console.log();
+    console.log("Account Balance");
+    console.log("───────────────");
+    const balanceColor = data.balance_cents > 0 ? "\x1B[32m" : "\x1B[33m";
+    const reset = "\x1B[0m";
+    console.log(`  Balance:     ${balanceColor}${data.balance_formatted}${reset}`);
+    console.log(`  Status:      ${data.billing_status}`);
+    console.log(`  Can Deploy:  ${data.can_deploy ? "\x1B[32mYes\x1B[0m" : "\x1B[31mNo\x1B[0m"}`);
+    if (!data.can_deploy) {
+      console.log();
+      console.log("\x1B[33m  ⚠ Add balance to enable deployments\x1B[0m");
+    }
+    console.log();
+    console.log("Current Period Usage");
+    console.log("────────────────────");
+    console.log(`  Period: ${formatDate(data.current_period.start)} - ${formatDate(data.current_period.end)}`);
+    console.log();
+    const usage = data.current_period.usage;
+    const included = data.current_period.included;
+    const cost = data.current_period.estimated_cost;
+    console.log("  Resource              Used        Included    Overage");
+    console.log("  ─────────────────────────────────────────────────────");
+    console.log(`  Storage               ${usage.storage_gb.toFixed(2)} GB     ${included.storage_gb} GB       ${cost.storage_cents > 0 ? formatCents(cost.storage_cents) : "-"}`);
+    console.log(`  Requests              ${usage.requests_millions.toFixed(2)}M       ${included.requests_millions}M         ${cost.requests_cents > 0 ? formatCents(cost.requests_cents) : "-"}`);
+    console.log(`  Form Submissions      ${usage.form_submissions}          ${included.form_submissions}         ${cost.forms_cents > 0 ? formatCents(cost.forms_cents) : "-"}`);
+    console.log(`  Custom Domains        ${usage.domains_count}            ${included.domains_count}           ${cost.domains_cents > 0 ? formatCents(cost.domains_cents) : "-"}`);
+    console.log();
+    console.log(`  Base:            ${formatCents(cost.base_cents)}/month`);
+    if (cost.usage_total_cents > 0) {
+      console.log(`  Usage:           +${formatCents(cost.usage_total_cents)}`);
+    }
+    console.log(`  ─────────────────────────────────────────────────────`);
+    console.log(`  Estimated Total: ${formatCents(cost.total_cents)}`);
+    console.log();
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    displayError({
+      code: "network_error",
+      message: `Failed to fetch billing info: ${message}`
+    });
+    process.exit(ExitCode.NETWORK_ERROR);
+  }
+});
+var billingBillsCommand = new Command2("bills").description("Show billing history").option("--json", "Output as JSON").option("--limit <n>", "Number of bills to show", "10").action(async (options) => {
+  const token = loadToken();
+  if (!token) {
+    handleAuthError();
+  }
+  try {
+    const client = getClient(token);
+    const res = await client.billing.bills.$get({
+      query: { limit: options.limit }
+    });
+    if (!res.ok) {
+      await handleApiError(res);
+    }
+    const { data: bills, pagination } = await res.json();
+    if (options.json) {
+      console.log(JSON.stringify({ bills, pagination }, null, 2));
+      return;
+    }
+    console.log();
+    console.log("Billing History");
+    console.log("───────────────");
+    if (bills.length === 0) {
+      console.log("  No billing history yet");
+      console.log();
+      return;
+    }
+    console.log();
+    console.log("  Period              Status      Total");
+    console.log("  ─────────────────────────────────────");
+    for (const bill of bills) {
+      const statusColor = bill.status === "paid" ? "\x1B[32m" : bill.status === "finalized" ? "\x1B[33m" : "\x1B[90m";
+      const reset = "\x1B[0m";
+      console.log(`  ${formatMonth(bill.billing_month).padEnd(18)} ${statusColor}${bill.status.padEnd(10)}${reset} ${formatCents(bill.final_amount_cents)}`);
+    }
+    console.log();
+    if (pagination.total > bills.length) {
+      console.log(`  Showing ${bills.length} of ${pagination.total} bills`);
+      console.log();
+    }
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    displayError({
+      code: "network_error",
+      message: `Failed to fetch bills: ${message}`
+    });
+    process.exit(ExitCode.NETWORK_ERROR);
+  }
+});
+var billingAdjustmentsCommand = new Command2("adjustments").description("Show balance adjustment history (credits)").option("--json", "Output as JSON").option("--limit <n>", "Number of adjustments to show", "10").action(async (options) => {
+  const token = loadToken();
+  if (!token) {
+    handleAuthError();
+  }
+  try {
+    const client = getClient(token);
+    const res = await client.billing.adjustments.$get({
+      query: { limit: options.limit }
+    });
+    if (!res.ok) {
+      await handleApiError(res);
+    }
+    const { data: adjustments, pagination } = await res.json();
+    if (options.json) {
+      console.log(JSON.stringify({ adjustments, pagination }, null, 2));
+      return;
+    }
+    console.log();
+    console.log("Balance Adjustments");
+    console.log("───────────────────");
+    if (adjustments.length === 0) {
+      console.log("  No balance adjustments yet");
+      console.log();
+      return;
+    }
+    console.log();
+    console.log("  Date          Reason              Amount");
+    console.log("  ────────────────────────────────────────");
+    for (const adj of adjustments) {
+      console.log(`  ${formatDate(adj.created_at).padEnd(12)}  ${getReasonLabel(adj.reason).padEnd(18)} \x1B[32m+${formatCents(adj.amount_cents)}\x1B[0m`);
+      if (adj.description) {
+        console.log(`                ${adj.description}`);
+      }
+    }
+    console.log();
+    if (pagination.total > adjustments.length) {
+      console.log(`  Showing ${adjustments.length} of ${pagination.total} adjustments`);
+      console.log();
+    }
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    displayError({
+      code: "network_error",
+      message: `Failed to fetch adjustments: ${message}`
+    });
+    process.exit(ExitCode.NETWORK_ERROR);
+  }
+});
+var billingCommand = new Command2("billing").description("View account balance and billing information").addCommand(billingUsageCommand).addCommand(billingBillsCommand).addCommand(billingAdjustmentsCommand).action(async () => {
+  await billingUsageCommand.parseAsync(["usage"], { from: "user" });
+});
 
 // src/commands/init.ts
 import { writeFileSync, existsSync as existsSync2 } from "node:fs";
@@ -5150,18 +6714,250 @@ var initCommand = new Command2("init").description("Create a zerodeploy.json con
   console.log("  zerodeploy deploy --build   # build + deploy");
 });
 
+// src/commands/account-delete.ts
+import * as readline5 from "readline";
+function prompt4(question) {
+  const rl = readline5.createInterface({
+    input: process.stdin,
+    output: process.stdout
+  });
+  return new Promise((resolve5) => {
+    rl.question(question, (answer) => {
+      rl.close();
+      resolve5(answer);
+    });
+  });
+}
+var accountCommand = new Command2("account").description("Manage your ZeroDeploy account").addCommand(new Command2("email").description("Set your email address for notifications").argument("<email>", "Email address").action(async (email) => {
+  const token = loadToken();
+  if (!token) {
+    displayAuthError();
+    return;
+  }
+  const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+  if (!emailRegex.test(email)) {
+    displayError({ code: "validation_error", message: "Invalid email address format" });
+    return;
+  }
+  try {
+    const client = getClient(token);
+    const res = await client.auth.me.$patch({
+      json: { email }
+    });
+    if (!res.ok) {
+      const body = await res.json();
+      displayError(parseApiError(body));
+      return;
+    }
+    console.log(`
+✅ Email updated to: ${email}`);
+    console.log(`   You will now receive deployment notifications at this address.
+`);
+  } catch (err) {
+    if (err instanceof Error) {
+      displayNetworkError(err);
+    } else {
+      displayError({ code: "unknown_error", message: "Failed to update email" });
+    }
+  }
+})).addCommand(new Command2("delete").description("Permanently delete your account and all data").option("--force", "Skip confirmation prompts").action(async (options) => {
+  const token = loadToken();
+  if (!token) {
+    displayAuthError();
+    return;
+  }
+  if (!options.force) {
+    console.log(`
+⚠️  WARNING: This will permanently delete:`);
+    console.log("   - Your account");
+    console.log("   - All organizations you own");
+    console.log("   - All sites and deployments");
+    console.log("   - All custom domains");
+    console.log("   - All deploy tokens");
+    console.log(`
+   This action CANNOT be undone.
+`);
+    const answer1 = await prompt4('Type "delete my account" to confirm: ');
+    if (answer1 !== "delete my account") {
+      console.log("Cancelled.");
+      return;
+    }
+    const answer2 = await prompt4("Are you absolutely sure? (y/N) ");
+    if (answer2.toLowerCase() !== "y") {
+      console.log("Cancelled.");
+      return;
+    }
+  }
+  try {
+    const client = getClient(token);
+    const res = await client.auth.me.$delete();
+    if (!res.ok) {
+      const body = await res.json();
+      displayError(parseApiError(body));
+      return;
+    }
+    const result = await res.json();
+    deleteToken();
+    console.log(`
+✅ Account deleted successfully.`);
+    console.log(`   Deleted: ${result.deleted.orgs} org(s), ${result.deleted.sites} site(s), ${result.deleted.deployments} deployment(s)`);
+    console.log(`
+   Your local authentication token has been removed.`);
+    console.log(`   Thank you for using ZeroDeploy.
+`);
+  } catch (err) {
+    if (err instanceof Error) {
+      displayNetworkError(err);
+    } else {
+      displayError({ code: "unknown_error", message: "Failed to delete account" });
+    }
+  }
+}));
+
+// src/commands/inspect.ts
+var VERSION = "0.1.3";
+function getCommandByPath(rootCommand, path3) {
+  let current = rootCommand;
+  for (const name of path3) {
+    const subcommand = current.commands.find((cmd) => cmd.name() === name);
+    if (!subcommand) {
+      return null;
+    }
+    current = subcommand;
+  }
+  return current;
+}
+function extractArguments(cmd) {
+  const args = cmd.registeredArguments || [];
+  return args.map((arg) => {
+    const metadata = {
+      name: arg.name(),
+      description: arg.description || "",
+      required: arg.required
+    };
+    if (arg.defaultValue !== undefined) {
+      metadata.default = String(arg.defaultValue);
+    }
+    return metadata;
+  });
+}
+function extractOptions(cmd) {
+  const options = cmd.options || [];
+  return options.filter((opt) => {
+    const longName = opt.long?.replace(/^--/, "") || "";
+    return longName !== "help" && longName !== "version";
+  }).map((opt) => {
+    const longName = opt.long?.replace(/^--/, "") || "";
+    const shortName = opt.short?.replace(/^-/, "");
+    const metadata = {
+      name: longName,
+      description: opt.description || "",
+      required: opt.mandatory || false
+    };
+    if (shortName) {
+      metadata.short = shortName;
+    }
+    if (opt.flags.includes("<") || opt.flags.includes("[")) {
+      metadata.type = "string";
+    } else {
+      metadata.type = "boolean";
+    }
+    if (opt.defaultValue !== undefined && opt.defaultValue !== false) {
+      metadata.default = String(opt.defaultValue);
+    }
+    return metadata;
+  });
+}
+function generateExamples(cmd, fullPath) {
+  const examples = [];
+  const cmdPath = ["zerodeploy", ...fullPath].join(" ");
+  const args = cmd.registeredArguments || [];
+  let basicExample = cmdPath;
+  for (const arg of args) {
+    if (arg.required) {
+      basicExample += ` <${arg.name()}>`;
+    }
+  }
+  if (basicExample !== cmdPath || args.length === 0) {
+    examples.push(basicExample);
+  }
+  const cmdName = fullPath[fullPath.length - 1];
+  const parentName = fullPath[fullPath.length - 2];
+  if (cmdName === "list" && parentName === "org") {
+    examples.push("zerodeploy org list");
+  } else if (cmdName === "create" && parentName === "org") {
+    examples.push("zerodeploy org create my-company");
+  } else if (cmdName === "list" && parentName === "site") {
+    examples.push("zerodeploy site list acme");
+  } else if (cmdName === "create" && parentName === "site") {
+    examples.push('zerodeploy site create acme "My Site"');
+  } else if (cmdName === "deploy") {
+    examples.push("zerodeploy deploy");
+    examples.push("zerodeploy deploy ./dist --org acme --site web");
+  }
+  return examples;
+}
+function getCommandMetadata(rootCommand, path3) {
+  if (path3.length === 0) {
+    const commands = rootCommand.commands.map((cmd2) => cmd2.name()).filter((name) => name !== "help").sort();
+    return {
+      name: "zerodeploy",
+      version: VERSION,
+      commands
+    };
+  }
+  const cmd = getCommandByPath(rootCommand, path3);
+  if (!cmd) {
+    return { error: `Command not found: ${path3.join(" ")}` };
+  }
+  const metadata = {
+    name: cmd.name(),
+    description: cmd.description() || ""
+  };
+  const subcommands = cmd.commands.map((sub) => sub.name()).filter((name) => name !== "help");
+  if (subcommands.length > 0) {
+    metadata.subcommands = subcommands.sort();
+    return metadata;
+  }
+  metadata.usage = `zerodeploy ${path3.join(" ")}` + (cmd.registeredArguments || []).map((arg) => arg.required ? ` <${arg.name()}>` : ` [${arg.name()}]`).join("");
+  const args = extractArguments(cmd);
+  if (args.length > 0) {
+    metadata.arguments = args;
+  }
+  const options = extractOptions(cmd);
+  if (options.length > 0) {
+    metadata.options = options;
+  }
+  const examples = generateExamples(cmd, path3);
+  if (examples.length > 0) {
+    metadata.examples = [...new Set(examples)];
+  }
+  return metadata;
+}
+function createInspectCommand(rootProgram) {
+  return new Command2("inspect").description("Output command metadata as JSON (for LLM/automation use)").argument("[command...]", 'Command path to inspect (e.g., "org create")').action((commandPath) => {
+    const metadata = getCommandMetadata(rootProgram, commandPath || []);
+    console.log(JSON.stringify(metadata, null, 2));
+  });
+}
+
 // src/index.ts
 var program3 = new Command;
-program3.name("zerodeploy").description("ZeroDeploy CLI").version("0.1.0").enablePositionalOptions();
+program3.name("zerodeploy").description("ZeroDeploy CLI").version("0.1.3").enablePositionalOptions();
 program3.addCommand(loginCommand);
 program3.addCommand(logoutCommand);
 program3.addCommand(whoamiCommand);
+program3.addCommand(usageCommand);
 program3.addCommand(orgCommand);
 program3.addCommand(siteCommand);
 program3.addCommand(domainCommand);
+program3.addCommand(formCommand);
 program3.addCommand(deployCommand);
 program3.addCommand(deploymentsCommand);
 program3.addCommand(rollbackCommand);
 program3.addCommand(tokenCommand);
+program3.addCommand(billingCommand);
 program3.addCommand(initCommand);
+program3.addCommand(accountCommand);
+program3.addCommand(createInspectCommand(program3));
 program3.parse(process.argv);