run402 1.32.1 → 1.33.0

package/lib/email.mjs

@@ -13,6 +13,16 @@ Subcommands:
   get    <message_id> [--project <id>]  Get a message with replies
   get-raw <message_id> [--project <id>] [--output <file>]
                                          Fetch raw RFC-822 bytes (inbound only)
+  webhooks <action> [args...]        Manage webhooks (see below)
+
+Webhook subcommands:
+  webhooks list   [--project <id>]                List webhooks
+  webhooks get    <webhook_id> [--project <id>]   Get a webhook
+  webhooks delete <webhook_id> [--project <id>]   Delete a webhook
+  webhooks update <webhook_id> [--url <url>] [--events <e1,e2>] [--project <id>]
+                                                  Update a webhook
+  webhooks register --url <url> --events <e1,e2> [--project <id>]
+                                                  Register a new webhook
 
 Send modes:
   Template:  --template <name> --var key=value [--var ...]
@@ -35,6 +45,8 @@ Examples:
   run402 email list
   run402 email get msg_abc123
   run402 email get-raw msg_abc123 --output reply.eml
+  run402 email webhooks list
+  run402 email webhooks register --url https://example.com/hook --events delivery,bounced
 
 Notes:
   - One mailbox per project
@@ -322,6 +334,11 @@ export async function run(sub, args) {
     case "list":   await list(args); break;
     case "get":    await get(args); break;
     case "get-raw": await getRaw(args); break;
+    case "webhooks": {
+      const { run: runWebhooks } = await import("./webhooks.mjs");
+      await runWebhooks(args[0], args.slice(1));
+      break;
+    }
     default:
       console.error(`Unknown subcommand: ${sub}\n`);
       console.log(HELP);

package/lib/webhooks.mjs

@@ -0,0 +1,221 @@
+import { findProject, resolveProjectId, API, loadKeyStore, updateProject } from "./config.mjs";
+
+const HELP = `run402 email webhooks — Manage mailbox webhooks
+
+Usage:
+  run402 email webhooks <action> [args...]
+
+Actions:
+  list     [--project <id>]                                  List webhooks
+  get      <webhook_id> [--project <id>]                     Get a webhook
+  delete   <webhook_id> [--project <id>]                     Delete a webhook
+  update   <webhook_id> [--url <url>] [--events <e1,e2>]     Update a webhook
+  register --url <url> --events <e1,e2> [--project <id>]     Register a new webhook
+
+Valid events: delivery, bounced, complained, reply_received
+
+Examples:
+  run402 email webhooks list
+  run402 email webhooks register --url https://example.com/hook --events delivery,bounced
+  run402 email webhooks update whk_123 --url https://new.example.com/hook
+  run402 email webhooks delete whk_123
+`;
+
+function parseFlag(args, flag) {
+  for (let i = 0; i < args.length; i++) {
+    if (args[i] === flag && args[i + 1]) return args[i + 1];
+  }
+  return null;
+}
+
+async function resolveMailboxId(projectId, serviceKey) {
+  const store = loadKeyStore();
+  const proj = store.projects[projectId];
+  if (proj && proj.mailbox_id) return proj.mailbox_id;
+
+  const res = await fetch(`${API}/mailboxes/v1`, {
+    headers: { "Authorization": `Bearer ${serviceKey}` },
+  });
+  if (!res.ok) {
+    const data = await res.json().catch(() => ({}));
+    throw Object.assign(new Error("Failed to resolve mailbox"), { http: res.status, ...data });
+  }
+  const body = await res.json();
+  const mailboxes = body.mailboxes || body;
+  if (!Array.isArray(mailboxes) || mailboxes.length === 0) {
+    throw new Error("No mailbox found. Run: run402 email create <slug>");
+  }
+  const mb = mailboxes[0];
+  updateProject(projectId, { mailbox_id: mb.mailbox_id, mailbox_address: mb.address });
+  return mb.mailbox_id;
+}
+
+async function requireMailboxId(projectId, serviceKey) {
+  try {
+    return await resolveMailboxId(projectId, serviceKey);
+  } catch (err) {
+    const out = { status: "error", message: err.message };
+    if (err.http) out.http = err.http;
+    console.error(JSON.stringify(out));
+    process.exit(1);
+  }
+}
+
+async function list(args) {
+  const projectId = resolveProjectId(parseFlag(args, "--project"));
+  const p = findProject(projectId);
+  const mailboxId = await requireMailboxId(projectId, p.service_key);
+
+  const res = await fetch(`${API}/mailboxes/v1/${mailboxId}/webhooks`, {
+    headers: { "Authorization": `Bearer ${p.service_key}` },
+  });
+  const data = await res.json();
+  if (!res.ok) {
+    console.error(JSON.stringify({ status: "error", http: res.status, ...data }));
+    process.exit(1);
+  }
+  console.log(JSON.stringify(data, null, 2));
+}
+
+async function get(args) {
+  let webhookId = null;
+  let projectOpt = null;
+  for (let i = 0; i < args.length; i++) {
+    if (args[i] === "--project" && args[i + 1]) { projectOpt = args[++i]; }
+    else if (!args[i].startsWith("--") && !webhookId) { webhookId = args[i]; }
+  }
+  const projectId = resolveProjectId(projectOpt);
+  const p = findProject(projectId);
+
+  if (!webhookId) {
+    console.error(JSON.stringify({ status: "error", message: "Missing webhook_id. Usage: run402 email webhooks get <webhook_id>" }));
+    process.exit(1);
+  }
+
+  const mailboxId = await requireMailboxId(projectId, p.service_key);
+  const res = await fetch(`${API}/mailboxes/v1/${mailboxId}/webhooks/${webhookId}`, {
+    headers: { "Authorization": `Bearer ${p.service_key}` },
+  });
+  const data = await res.json();
+  if (!res.ok) {
+    console.error(JSON.stringify({ status: "error", http: res.status, ...data }));
+    process.exit(1);
+  }
+  console.log(JSON.stringify(data, null, 2));
+}
+
+async function del(args) {
+  let webhookId = null;
+  let projectOpt = null;
+  for (let i = 0; i < args.length; i++) {
+    if (args[i] === "--project" && args[i + 1]) { projectOpt = args[++i]; }
+    else if (!args[i].startsWith("--") && !webhookId) { webhookId = args[i]; }
+  }
+  const projectId = resolveProjectId(projectOpt);
+  const p = findProject(projectId);
+
+  if (!webhookId) {
+    console.error(JSON.stringify({ status: "error", message: "Missing webhook_id. Usage: run402 email webhooks delete <webhook_id>" }));
+    process.exit(1);
+  }
+
+  const mailboxId = await requireMailboxId(projectId, p.service_key);
+  const res = await fetch(`${API}/mailboxes/v1/${mailboxId}/webhooks/${webhookId}`, {
+    method: "DELETE",
+    headers: { "Authorization": `Bearer ${p.service_key}` },
+  });
+  if (!res.ok) {
+    let errBody;
+    try { errBody = await res.json(); } catch { errBody = {}; }
+    console.error(JSON.stringify({ status: "error", http: res.status, ...errBody }));
+    process.exit(1);
+  }
+  console.log(JSON.stringify({ status: "ok", webhook_id: webhookId, deleted: true }));
+}
+
+async function update(args) {
+  let webhookId = null;
+  let projectOpt = null;
+  const url = parseFlag(args, "--url");
+  const eventsRaw = parseFlag(args, "--events");
+
+  for (let i = 0; i < args.length; i++) {
+    if (args[i] === "--project" && args[i + 1]) { projectOpt = args[++i]; }
+    else if (args[i] === "--url" || args[i] === "--events") { i++; }
+    else if (!args[i].startsWith("--") && !webhookId) { webhookId = args[i]; }
+  }
+  const projectId = resolveProjectId(projectOpt);
+  const p = findProject(projectId);
+
+  if (!webhookId) {
+    console.error(JSON.stringify({ status: "error", message: "Missing webhook_id. Usage: run402 email webhooks update <webhook_id> [--url <url>] [--events <e1,e2>]" }));
+    process.exit(1);
+  }
+  if (!url && !eventsRaw) {
+    console.error(JSON.stringify({ status: "error", message: "Provide at least --url or --events" }));
+    process.exit(1);
+  }
+
+  const body = {};
+  if (url) body.url = url;
+  if (eventsRaw) body.events = eventsRaw.split(",").map(e => e.trim());
+
+  const mailboxId = await requireMailboxId(projectId, p.service_key);
+  const res = await fetch(`${API}/mailboxes/v1/${mailboxId}/webhooks/${webhookId}`, {
+    method: "PATCH",
+    headers: { "Authorization": `Bearer ${p.service_key}`, "Content-Type": "application/json" },
+    body: JSON.stringify(body),
+  });
+  const data = await res.json();
+  if (!res.ok) {
+    console.error(JSON.stringify({ status: "error", http: res.status, ...data }));
+    process.exit(1);
+  }
+  console.log(JSON.stringify({ status: "ok", ...data }));
+}
+
+async function register(args) {
+  const url = parseFlag(args, "--url");
+  const eventsRaw = parseFlag(args, "--events");
+  const projectOpt = parseFlag(args, "--project");
+  const projectId = resolveProjectId(projectOpt);
+  const p = findProject(projectId);
+
+  if (!url) {
+    console.error(JSON.stringify({ status: "error", message: "Missing --url. Usage: run402 email webhooks register --url <url> --events <e1,e2>" }));
+    process.exit(1);
+  }
+  if (!eventsRaw) {
+    console.error(JSON.stringify({ status: "error", message: "Missing --events. Valid events: delivery, bounced, complained, reply_received" }));
+    process.exit(1);
+  }
+
+  const events = eventsRaw.split(",").map(e => e.trim());
+  const mailboxId = await requireMailboxId(projectId, p.service_key);
+  const res = await fetch(`${API}/mailboxes/v1/${mailboxId}/webhooks`, {
+    method: "POST",
+    headers: { "Authorization": `Bearer ${p.service_key}`, "Content-Type": "application/json" },
+    body: JSON.stringify({ url, events }),
+  });
+  const data = await res.json();
+  if (!res.ok) {
+    console.error(JSON.stringify({ status: "error", http: res.status, ...data }));
+    process.exit(1);
+  }
+  console.log(JSON.stringify({ status: "ok", ...data }));
+}
+
+export async function run(sub, args) {
+  if (!sub || sub === '--help' || sub === '-h') { console.log(HELP); process.exit(0); }
+  switch (sub) {
+    case "list":     await list(args); break;
+    case "get":      await get(args); break;
+    case "delete":   await del(args); break;
+    case "update":   await update(args); break;
+    case "register": await register(args); break;
+    default:
+      console.error(`Unknown webhooks action: ${sub}\n`);
+      console.log(HELP);
+      process.exit(1);
+  }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "run402",
-  "version": "1.32.1",
+  "version": "1.33.0",
   "description": "CLI for Run402 — provision Postgres databases, deploy static sites, generate images, and manage wallets via x402 and MPP micropayments.",
   "type": "module",
   "bin": {

package/core-dist/wallet-auth.js

@@ -1,62 +0,0 @@
-/**
- * Wallet auth helper — generates EIP-191 signature headers for Run402 API.
- * Uses @noble/curves (lighter than viem) for signing.
- */
-import { secp256k1 } from "@noble/curves/secp256k1.js";
-import { keccak_256 } from "@noble/hashes/sha3.js";
-import { bytesToHex } from "@noble/hashes/utils.js";
-import { readWallet } from "./wallet.js";
-/**
- * EIP-191 personal_sign: sign a message with the wallet's private key.
- */
-function personalSign(privateKeyHex, address, message) {
-    const msgBytes = new TextEncoder().encode(message);
-    const prefix = new TextEncoder().encode(`\x19Ethereum Signed Message:\n${msgBytes.length}`);
-    const prefixed = new Uint8Array(prefix.length + msgBytes.length);
-    prefixed.set(prefix);
-    prefixed.set(msgBytes, prefix.length);
-    const hash = keccak_256(prefixed);
-    const pkHex = privateKeyHex.startsWith("0x")
-        ? privateKeyHex.slice(2)
-        : privateKeyHex;
-    const pkBytes = Uint8Array.from(Buffer.from(pkHex, "hex"));
-    const rawSig = secp256k1.sign(hash, pkBytes);
-    const sig = secp256k1.Signature.fromBytes(rawSig);
-    // Determine recovery bit by trying both and matching the address
-    let recovery = 0;
-    for (const v of [0, 1]) {
-        try {
-            const recovered = sig.addRecoveryBit(v).recoverPublicKey(hash);
-            const pubBytes = recovered.toBytes(false).slice(1); // uncompressed, drop 04 prefix
-            const addrBytes = keccak_256(pubBytes).slice(-20);
-            if ("0x" + bytesToHex(addrBytes) === address.toLowerCase()) {
-                recovery = v;
-                break;
-            }
-        }
-        catch {
-            continue;
-        }
-    }
-    const r = sig.r.toString(16).padStart(64, "0");
-    const s = sig.s.toString(16).padStart(64, "0");
-    const vHex = (recovery + 27).toString(16).padStart(2, "0");
-    return "0x" + r + s + vHex;
-}
-/**
- * Get wallet auth headers for the Run402 API.
- * Returns null if no wallet is configured.
- */
-export function getWalletAuthHeaders(walletPath) {
-    const wallet = readWallet(walletPath);
-    if (!wallet || !wallet.address || !wallet.privateKey)
-        return null;
-    const timestamp = Math.floor(Date.now() / 1000).toString();
-    const signature = personalSign(wallet.privateKey, wallet.address, `run402:${timestamp}`);
-    return {
-        "X-Run402-Wallet": wallet.address,
-        "X-Run402-Signature": signature,
-        "X-Run402-Timestamp": timestamp,
-    };
-}
-//# sourceMappingURL=wallet-auth.js.map

package/core-dist/wallet.js

@@ -1,25 +0,0 @@
-import { readFileSync, writeFileSync, mkdirSync, existsSync, chmodSync, renameSync } from "node:fs";
-import { dirname, join } from "node:path";
-import { randomBytes } from "node:crypto";
-import { getWalletPath } from "./config.js";
-export function readWallet(path) {
-    const p = path ?? getWalletPath();
-    if (!existsSync(p))
-        return null;
-    try {
-        return JSON.parse(readFileSync(p, "utf-8"));
-    }
-    catch {
-        return null;
-    }
-}
-export function saveWallet(data, path) {
-    const p = path ?? getWalletPath();
-    const dir = dirname(p);
-    mkdirSync(dir, { recursive: true });
-    const tmp = join(dir, `.wallet.${randomBytes(4).toString("hex")}.tmp`);
-    writeFileSync(tmp, JSON.stringify(data, null, 2), { mode: 0o600 });
-    renameSync(tmp, p);
-    chmodSync(p, 0o600);
-}
-//# sourceMappingURL=wallet.js.map