run402 2.19.1 → 2.21.0

package/cli.mjs

@@ -28,6 +28,7 @@ Commands:
   admin       Platform-admin operations (lease-perpetual, archive, reactivate)
   deploy      Unified deploy operations (requires active tier)
   ci          Link GitHub Actions OIDC deploy bindings
+  transfer    Two-party project transfer (init, preview, list, accept, cancel)
   jobs        Submit and inspect fixed platform-managed jobs
   functions   Manage serverless functions (deploy, invoke, logs, list, delete)
   secrets     Manage project secrets (set, list, delete)
@@ -141,6 +142,11 @@ switch (cmd) {
     await run(sub, rest);
     break;
   }
+  case "transfer": {
+    const { run } = await import("./lib/transfer.mjs");
+    await run(sub, rest);
+    break;
+  }
   case "jobs": {
     const { run } = await import("./lib/jobs.mjs");
     await run(sub, rest);

package/lib/email.mjs

@@ -20,7 +20,7 @@ Subcommands:
                                       Fetch raw RFC-822 bytes (inbound only)
   reply  <message_id> --html "..." [--text "..."] [--subject "..."] [--from-name "..."] [--project <id>]
                                       Reply to an inbound message (threads via In-Reply-To)
-  delete [<mailbox_id>] --confirm [--project <id>]
+  delete [<slug|mailbox_id>] --confirm [--project <id>]
                                       Delete the project's mailbox (irreversible)
   webhooks <action> [args...]        Manage webhooks (see below)
 
@@ -38,6 +38,13 @@ Send modes:
   Raw HTML:  --subject "..." --html "..." [--text "..."]    (both --subject and --html required)
   Both modes support: --from-name "Display Name" --project <id>
 
+Choosing a mailbox:
+  --mailbox <slug|id>  Target a specific mailbox. Accepted by send, list, get,
+                       get-raw, reply, info, and webhooks. Required when the
+                       project has more than one mailbox; omit it only when the
+                       project has exactly one. (delete takes the target as its
+                       positional <slug|mailbox_id>.)
+
 Templates:
   project_invite  — requires --var project_name=... --var invite_url=...
   magic_link      — requires --var project_name=... --var link_url=... --var expires_in=...
@@ -58,7 +65,7 @@ Examples:
   run402 email webhooks register --url https://example.com/hook --events delivery,bounced
 
 Notes:
-  - One mailbox per project
+  - Up to 5 mailboxes per project — pass --mailbox <slug|id> to pick one
   - Single recipient per send (no CC/BCC)
   - Slug: 3-63 chars, lowercase alphanumeric + hyphens, no consecutive hyphens
   - --project defaults to the active project
@@ -82,12 +89,13 @@ Options:
   --html "..."        HTML body (raw HTML mode; required with --subject)
   --text "..."        Plain-text body (raw HTML mode; optional)
   --from-name "..."   Display name for the From header
+  --mailbox <slug|id> Target mailbox (required if the project has more than one)
   --project <id>      Project ID (defaults to the active project)
 `,
   list: `run402 email list — List messages in the mailbox
 
 Usage:
-  run402 email list [--limit <n>] [--after <cursor>] [--project <id>]
+  run402 email list [--mailbox <slug|id>] [--limit <n>] [--after <cursor>] [--project <id>]
 `,
   reply: `run402 email reply — Reply to an inbound message (threaded via In-Reply-To)
 
@@ -97,7 +105,7 @@ Usage:
   delete: `run402 email delete — Delete the project's mailbox (irreversible)
 
 Usage:
-  run402 email delete [<mailbox_id>] --confirm [--project <id>]
+  run402 email delete [<slug|mailbox_id>] --confirm [--project <id>]
 `,
   info: `run402 email info — Show mailbox info (ID, address, slug)
 
@@ -131,7 +139,7 @@ Options:
   --project <id>      Project ID (defaults to the active project)
 
 Notes:
-  - One mailbox per project
+  - Up to 5 mailboxes per project (create distinct slugs, e.g. sign, support)
 
 Examples:
   run402 email create my-app
@@ -229,7 +237,7 @@ async function create(args) {
 }
 
 async function send(args) {
-  const valueFlags = ["--template", "--to", "--subject", "--html", "--text", "--from-name", "--project", "--vars", "--var"];
+  const valueFlags = ["--template", "--to", "--subject", "--html", "--text", "--from-name", "--project", "--vars", "--var", "--mailbox"];
   validateArgs(args, valueFlags);
   const template = strictFlagValue(args, "--template");
   const to = strictFlagValue(args, "--to");
@@ -237,6 +245,7 @@ async function send(args) {
   const html = strictFlagValue(args, "--html");
   const text = strictFlagValue(args, "--text");
   const fromName = strictFlagValue(args, "--from-name");
+  const mailbox = strictFlagValue(args, "--mailbox");
   const projectId = resolveProjectId(strictFlagValue(args, "--project"));
   const variables = parseVars(args);
 
@@ -253,6 +262,7 @@ async function send(args) {
       html: html ?? undefined,
       text: text ?? undefined,
       from_name: fromName ?? undefined,
+      mailbox: mailbox ?? undefined,
     });
     console.log(JSON.stringify({ message_id: data.message_id, to: data.to, template: data.template, subject: data.subject, sent: true }));
   } catch (err) {
@@ -261,15 +271,17 @@ async function send(args) {
 }
 
 async function list(args) {
-  const valueFlags = ["--project", "--limit", "--after"];
+  const valueFlags = ["--project", "--limit", "--after", "--mailbox"];
   validateArgs(args, valueFlags);
   const projectId = resolveProjectId(strictFlagValue(args, "--project"));
   const limit = strictFlagValue(args, "--limit");
   const after = strictFlagValue(args, "--after");
+  const mailbox = strictFlagValue(args, "--mailbox");
   try {
     const data = await getSdk().email.list(projectId, {
       limit: limit ? parseIntegerFlag("--limit", limit) : undefined,
       after: after ?? undefined,
+      mailbox: mailbox ?? undefined,
     });
     console.log(JSON.stringify(data, null, 2));
   } catch (err) {
@@ -278,9 +290,11 @@ async function list(args) {
 }
 
 async function get(args) {
-  validateArgs(args, ["--project"]);
-  const messageId = positionalArgs(args, ["--project"])[0] ?? null;
+  const valueFlags = ["--project", "--mailbox"];
+  validateArgs(args, valueFlags);
+  const messageId = positionalArgs(args, valueFlags)[0] ?? null;
   const projectId = resolveProjectId(strictFlagValue(args, "--project"));
+  const mailbox = strictFlagValue(args, "--mailbox");
   if (!messageId) {
     fail({
       code: "BAD_USAGE",
@@ -289,7 +303,7 @@ async function get(args) {
     });
   }
   try {
-    const data = await getSdk().email.get(projectId, messageId);
+    const data = await getSdk().email.get(projectId, messageId, { mailbox: mailbox ?? undefined });
     console.log(JSON.stringify(data, null, 2));
   } catch (err) {
     reportSdkError(err);
@@ -297,10 +311,11 @@ async function get(args) {
 }
 
 async function getRaw(args) {
-  const valueFlags = ["--project", "--output"];
+  const valueFlags = ["--project", "--output", "--mailbox"];
   validateArgs(args, valueFlags);
   const messageId = positionalArgs(args, valueFlags)[0] ?? null;
   const outputFile = strictFlagValue(args, "--output");
+  const mailbox = strictFlagValue(args, "--mailbox");
   const projectId = resolveProjectId(strictFlagValue(args, "--project"));
   if (!messageId) {
     fail({
@@ -311,7 +326,7 @@ async function getRaw(args) {
   }
 
   try {
-    const result = await getSdk().email.getRaw(projectId, messageId);
+    const result = await getSdk().email.getRaw(projectId, messageId, { mailbox: mailbox ?? undefined });
     const buf = Buffer.from(result.bytes);
 
     if (outputFile) {
@@ -327,13 +342,14 @@ async function getRaw(args) {
 }
 
 async function reply(args) {
-  const valueFlags = ["--project", "--html", "--text", "--subject", "--from-name"];
+  const valueFlags = ["--project", "--html", "--text", "--subject", "--from-name", "--mailbox"];
   validateArgs(args, valueFlags);
   const messageId = positionalArgs(args, valueFlags)[0] ?? null;
   const html = strictFlagValue(args, "--html");
   const text = strictFlagValue(args, "--text");
   const subjectOverride = strictFlagValue(args, "--subject");
   const fromName = strictFlagValue(args, "--from-name");
+  const mailbox = strictFlagValue(args, "--mailbox");
   const projectId = resolveProjectId(strictFlagValue(args, "--project"));
 
   if (!messageId) {
@@ -352,7 +368,7 @@ async function reply(args) {
 
   try {
     // Fetch the original message to derive the reply-to address and subject.
-    const original = await getSdk().email.get(projectId, messageId);
+    const original = await getSdk().email.get(projectId, messageId, { mailbox: mailbox ?? undefined });
     const replyTo = original.from || original.from_address || original.sender || null;
     if (!replyTo) {
       fail({
@@ -374,6 +390,7 @@ async function reply(args) {
       text: text ?? undefined,
       from_name: fromName ?? undefined,
       in_reply_to: messageId,
+      mailbox: mailbox ?? undefined,
     });
     console.log(JSON.stringify({ message_id: data.message_id, to: data.to, subject: replySubject, in_reply_to: messageId, sent: true }));
   } catch (err) {
@@ -403,10 +420,12 @@ async function deleteMailbox(args) {
 }
 
 async function status(args) {
-  validateArgs(args, ["--project"]);
+  const valueFlags = ["--project", "--mailbox"];
+  validateArgs(args, valueFlags);
   const projectId = resolveProjectId(strictFlagValue(args, "--project"));
+  const mailbox = strictFlagValue(args, "--mailbox");
   try {
-    const mb = await getSdk().email.getMailbox(projectId);
+    const mb = await getSdk().email.getMailbox(projectId, mailbox ?? undefined);
     console.log(JSON.stringify({ mailbox_id: mb.mailbox_id, address: mb.address, slug: mb.slug }));
   } catch (err) {
     reportSdkError(err);

package/lib/transfer.mjs

@@ -0,0 +1,266 @@
+import { allowanceAuthHeaders, resolveProjectId } from "./config.mjs";
+import { getSdk } from "./sdk.mjs";
+import { reportSdkError, fail } from "./sdk-errors.mjs";
+import {
+  assertKnownFlags,
+  flagValue,
+  hasHelp,
+  normalizeArgv,
+  parseIntegerFlag,
+  positionalArgs,
+} from "./argparse.mjs";
+
+const HELP = `run402 transfer — Two-party project transfer (v1.59)
+
+Usage:
+  run402 transfer init --to <wallet> [--project <id>] [--billing-policy migrate] [--message <text>] [--kysigned <record_id>]
+  run402 transfer preview <transfer_id>
+  run402 transfer list [--incoming | --outgoing] [--limit N] [--offset N]
+  run402 transfer accept <transfer_id>
+  run402 transfer cancel <transfer_id> [--reason <text>]
+
+Subcommands:
+  init        Initiate a transfer to a new owner (you must currently own the project)
+  preview     Fetch the safe review document (either party may view)
+  list        List pending transfers (incoming by default, or --outgoing)
+  accept      Accept an incoming transfer (your wallet must be the to_wallet)
+  cancel      Cancel a pending transfer (either party may cancel)
+
+Notes:
+  - Owner-side mutations on a project with a pending transfer return 409
+    PROJECT_HAS_PENDING_TRANSFER. Cancel the transfer or wait 72h for expiry.
+  - Phase 1A supports only billing_policy=migrate (default).
+  - Secret VALUES are inherited by the recipient on accept; rotation is advised.
+  - GitHub repo ownership is NOT transferred — handle that out of band.
+`;
+
+const SUB_HELP = {
+  init: `run402 transfer init — Initiate a project transfer
+
+Usage:
+  run402 transfer init --to <wallet> [--project <id>] [--billing-policy migrate] [--message <text>] [--kysigned <record_id>]
+
+Options:
+  --project <id>         Project id (defaults to the active project)
+  --to <wallet>          Recipient wallet (required). Any case; lowercased server-side.
+  --billing-policy <p>   Billing policy. Phase 1A only allows 'migrate' (default).
+  --message <text>       Optional note shown to the recipient in preview + emails.
+  --kysigned <record_id> Optional KySigned record id (Phase 1A: informational only).
+
+Notes:
+  - Caller's wallet must currently own the project (gateway re-checks fresh DB).
+  - Owner-side mutations on the project are frozen until accept/cancel/expiry.
+  - The project lease stays with your billing account; it is NOT refunded.
+`,
+  preview: `run402 transfer preview — Fetch the preview document
+
+Usage:
+  run402 transfer preview <transfer_id>
+
+Returns project name, custom domains, subdomains, function names, secret NAMES
+(values are never returned), CI bindings that will be revoked on accept, and
+billing implications. Either the from_wallet or the to_wallet may preview.
+`,
+  list: `run402 transfer list — List pending transfers
+
+Usage:
+  run402 transfer list [--incoming | --outgoing] [--limit N] [--offset N]
+
+Options:
+  --incoming    List transfers OFFERED TO your wallet (default).
+  --outgoing    List transfers INITIATED BY your wallet.
+  --limit N     Page size (default 50).
+  --offset N    Pagination offset (default 0).
+`,
+  accept: `run402 transfer accept — Accept an incoming transfer
+
+Usage:
+  run402 transfer accept <transfer_id>
+
+Your wallet must equal the transfer's to_wallet. The accept transaction
+atomically: flips ownership, revokes the previous owner's CI bindings on the
+project, enqueues notifications to both parties, and stamps a
+'secrets_rotation_advised' advisory on the project.
+`,
+  cancel: `run402 transfer cancel — Cancel a pending transfer
+
+Usage:
+  run402 transfer cancel <transfer_id> [--reason <text>]
+
+Either the from_wallet or the to_wallet may cancel. Already-processed
+transfers return 409 TRANSFER_ALREADY_PROCESSED.
+`,
+};
+
+const BILLING_POLICIES = new Set(["migrate"]);
+
+async function init(args) {
+  const parsedArgs = normalizeArgv(args);
+  const valueFlags = ["--project", "--to", "--billing-policy", "--message", "--kysigned"];
+  assertKnownFlags(parsedArgs, [...valueFlags, "--help", "-h"], valueFlags);
+  const extra = positionalArgs(parsedArgs, valueFlags);
+  if (extra.length > 0) {
+    fail({ code: "BAD_USAGE", message: `Unexpected argument for transfer init: ${extra[0]}` });
+  }
+  const toWallet = flagValue(parsedArgs, "--to");
+  if (!toWallet) {
+    fail({ code: "BAD_USAGE", message: "Missing --to <wallet>" });
+  }
+  const projectFlag = flagValue(parsedArgs, "--project");
+  const projectId = await resolveProjectId(projectFlag);
+  if (!projectId) {
+    fail({ code: "NO_PROJECT", message: "No project id. Pass --project <id> or set an active project with 'run402 projects use <id>'." });
+  }
+  const billingPolicy = flagValue(parsedArgs, "--billing-policy");
+  if (billingPolicy !== null && !BILLING_POLICIES.has(billingPolicy)) {
+    fail({
+      code: "BAD_FLAG",
+      message: `Unsupported --billing-policy: ${billingPolicy}. Phase 1A allows only 'migrate'.`,
+      details: { flag: "--billing-policy", value: billingPolicy, allowed: [...BILLING_POLICIES] },
+    });
+  }
+  const message = flagValue(parsedArgs, "--message");
+  const kysigned = flagValue(parsedArgs, "--kysigned");
+
+  allowanceAuthHeaders(`/projects/v1/${projectId}/transfers`);
+
+  try {
+    const res = await getSdk().admin.transfers.initiate({
+      projectId,
+      toWallet,
+      billingPolicy: billingPolicy ?? undefined,
+      message: message ?? undefined,
+      kysignedRecordId: kysigned ?? undefined,
+    });
+    console.log(JSON.stringify(res, null, 2));
+  } catch (err) {
+    reportSdkError(err);
+  }
+}
+
+async function preview(args) {
+  const parsedArgs = normalizeArgv(args);
+  assertKnownFlags(parsedArgs, ["--help", "-h"]);
+  const positionals = positionalArgs(parsedArgs);
+  if (positionals.length !== 1) {
+    fail({ code: "BAD_USAGE", message: "Usage: run402 transfer preview <transfer_id>" });
+  }
+  const transferId = positionals[0];
+  allowanceAuthHeaders(`/agent/v1/transfers/${transferId}`);
+
+  try {
+    const data = await getSdk().admin.transfers.preview(transferId);
+    console.log(JSON.stringify(data, null, 2));
+  } catch (err) {
+    reportSdkError(err);
+  }
+}
+
+async function list(args) {
+  const parsedArgs = normalizeArgv(args);
+  const valueFlags = ["--limit", "--offset"];
+  assertKnownFlags(parsedArgs, [...valueFlags, "--incoming", "--outgoing", "--help", "-h"], valueFlags);
+  const extra = positionalArgs(parsedArgs, valueFlags);
+  if (extra.length > 0) {
+    fail({ code: "BAD_USAGE", message: `Unexpected argument for transfer list: ${extra[0]}` });
+  }
+  const incoming = parsedArgs.includes("--incoming");
+  const outgoing = parsedArgs.includes("--outgoing");
+  if (incoming && outgoing) {
+    fail({ code: "BAD_USAGE", message: "Cannot pass both --incoming and --outgoing." });
+  }
+  const direction = outgoing ? "outgoing" : "incoming";
+
+  const limitFlag = flagValue(parsedArgs, "--limit");
+  const offsetFlag = flagValue(parsedArgs, "--offset");
+  const limit =
+    limitFlag === null
+      ? undefined
+      : parseIntegerFlag("--limit", limitFlag, { min: 1, max: 1000 });
+  const offset =
+    offsetFlag === null
+      ? undefined
+      : parseIntegerFlag("--offset", offsetFlag, { min: 0 });
+
+  allowanceAuthHeaders(`/agent/v1/transfers/${direction}`);
+
+  try {
+    const data =
+      direction === "incoming"
+        ? await getSdk().admin.transfers.listIncoming({ limit, offset })
+        : await getSdk().admin.transfers.listOutgoing({ limit, offset });
+    console.log(JSON.stringify({ direction, transfers: data }, null, 2));
+  } catch (err) {
+    reportSdkError(err);
+  }
+}
+
+async function accept(args) {
+  const parsedArgs = normalizeArgv(args);
+  assertKnownFlags(parsedArgs, ["--help", "-h"]);
+  const positionals = positionalArgs(parsedArgs);
+  if (positionals.length !== 1) {
+    fail({ code: "BAD_USAGE", message: "Usage: run402 transfer accept <transfer_id>" });
+  }
+  const transferId = positionals[0];
+  allowanceAuthHeaders(`/agent/v1/transfers/${transferId}/accept`);
+
+  try {
+    const data = await getSdk().admin.transfers.accept(transferId);
+    console.log(JSON.stringify(data, null, 2));
+  } catch (err) {
+    reportSdkError(err);
+  }
+}
+
+async function cancel(args) {
+  const parsedArgs = normalizeArgv(args);
+  const valueFlags = ["--reason"];
+  assertKnownFlags(parsedArgs, [...valueFlags, "--help", "-h"], valueFlags);
+  const positionals = positionalArgs(parsedArgs, valueFlags);
+  if (positionals.length !== 1) {
+    fail({ code: "BAD_USAGE", message: "Usage: run402 transfer cancel <transfer_id> [--reason <text>]" });
+  }
+  const transferId = positionals[0];
+  const reason = flagValue(parsedArgs, "--reason");
+  allowanceAuthHeaders(`/agent/v1/transfers/${transferId}/cancel`);
+
+  try {
+    const data = await getSdk().admin.transfers.cancel(transferId, reason ?? undefined);
+    console.log(JSON.stringify(data, null, 2));
+  } catch (err) {
+    reportSdkError(err);
+  }
+}
+
+export async function run(sub, args) {
+  if (!sub || sub === "--help" || sub === "-h") {
+    console.log(HELP);
+    process.exit(0);
+  }
+  if (Array.isArray(args) && hasHelp(args) && SUB_HELP[sub]) {
+    console.log(SUB_HELP[sub]);
+    process.exit(0);
+  }
+  switch (sub) {
+    case "init":
+      await init(args);
+      return;
+    case "preview":
+      await preview(args);
+      return;
+    case "list":
+      await list(args);
+      return;
+    case "accept":
+      await accept(args);
+      return;
+    case "cancel":
+      await cancel(args);
+      return;
+    default:
+      console.error(`Unknown subcommand: ${sub}\n`);
+      console.log(HELP);
+      process.exit(1);
+  }
+}

package/lib/webhooks.mjs

@@ -9,14 +9,16 @@ Usage:
   run402 email webhooks <action> [args...]
 
 Actions:
-  list     [--project <id>]                                  List webhooks
-  get      <webhook_id> [--project <id>]                     Get a webhook
-  delete   <webhook_id> [--project <id>]                     Delete a webhook
-  update   <webhook_id> [--url <url>] [--events <e1,e2>]     Update a webhook
-  register --url <url> --events <e1,e2> [--project <id>]     Register a new webhook
+  list     [--mailbox <slug|id>] [--project <id>]            List webhooks
+  get      <webhook_id> [--mailbox <slug|id>] [--project <id>]   Get a webhook
+  delete   <webhook_id> [--mailbox <slug|id>] [--project <id>]   Delete a webhook
+  update   <webhook_id> [--url <url>] [--events <e1,e2>] [--mailbox <slug|id>]  Update a webhook
+  register --url <url> --events <e1,e2> [--mailbox <slug|id>] [--project <id>]  Register a new webhook
 
 Valid events: delivery, bounced, complained, reply_received
 
+Pass --mailbox <slug|id> to target a specific mailbox when the project has more than one.
+
 Examples:
   run402 email webhooks list
   run402 email webhooks register --url https://example.com/hook --events delivery,bounced
@@ -67,10 +69,12 @@ function validateArgs(args, knownFlags, flagsWithValues = knownFlags) {
 }
 
 async function list(args) {
-  validateArgs(args, ["--project"]);
+  const valueFlags = ["--project", "--mailbox"];
+  validateArgs(args, valueFlags);
   const projectId = resolveProjectId(strictFlagValue(args, "--project"));
+  const mailbox = strictFlagValue(args, "--mailbox");
   try {
-    const data = await getSdk().email.webhooks.list(projectId);
+    const data = await getSdk().email.webhooks.list(projectId, { mailbox: mailbox ?? undefined });
     console.log(JSON.stringify(data, null, 2));
   } catch (err) {
     reportSdkError(err);
@@ -78,9 +82,11 @@ async function list(args) {
 }
 
 async function get(args) {
-  validateArgs(args, ["--project"]);
-  const webhookId = positionalArgs(args, ["--project"])[0] ?? null;
+  const valueFlags = ["--project", "--mailbox"];
+  validateArgs(args, valueFlags);
+  const webhookId = positionalArgs(args, valueFlags)[0] ?? null;
   const projectId = resolveProjectId(strictFlagValue(args, "--project"));
+  const mailbox = strictFlagValue(args, "--mailbox");
   if (!webhookId) {
     fail({
       code: "BAD_USAGE",
@@ -89,7 +95,7 @@ async function get(args) {
     });
   }
   try {
-    const data = await getSdk().email.webhooks.get(projectId, webhookId);
+    const data = await getSdk().email.webhooks.get(projectId, webhookId, { mailbox: mailbox ?? undefined });
     console.log(JSON.stringify(data, null, 2));
   } catch (err) {
     reportSdkError(err);
@@ -97,9 +103,11 @@ async function get(args) {
 }
 
 async function del(args) {
-  validateArgs(args, ["--project"]);
-  const webhookId = positionalArgs(args, ["--project"])[0] ?? null;
+  const valueFlags = ["--project", "--mailbox"];
+  validateArgs(args, valueFlags);
+  const webhookId = positionalArgs(args, valueFlags)[0] ?? null;
   const projectId = resolveProjectId(strictFlagValue(args, "--project"));
+  const mailbox = strictFlagValue(args, "--mailbox");
   if (!webhookId) {
     fail({
       code: "BAD_USAGE",
@@ -108,7 +116,7 @@ async function del(args) {
     });
   }
   try {
-    await getSdk().email.webhooks.delete(projectId, webhookId);
+    await getSdk().email.webhooks.delete(projectId, webhookId, { mailbox: mailbox ?? undefined });
     console.log(JSON.stringify({ webhook_id: webhookId, project_id: projectId, deleted: true }));
   } catch (err) {
     reportSdkError(err);
@@ -116,11 +124,12 @@ async function del(args) {
 }
 
 async function update(args) {
-  const valueFlags = ["--project", "--url", "--events"];
+  const valueFlags = ["--project", "--url", "--events", "--mailbox"];
   validateArgs(args, valueFlags);
   const webhookId = positionalArgs(args, valueFlags)[0] ?? null;
   const url = strictFlagValue(args, "--url");
   const eventsRaw = strictFlagValue(args, "--events");
+  const mailbox = strictFlagValue(args, "--mailbox");
   const projectId = resolveProjectId(strictFlagValue(args, "--project"));
   if (!webhookId) {
     fail({
@@ -142,6 +151,7 @@ async function update(args) {
     const data = await getSdk().email.webhooks.update(projectId, webhookId, {
       url: url ?? undefined,
       events: eventsRaw ? eventsRaw.split(",").map((e) => e.trim()) : undefined,
+      mailbox: mailbox ?? undefined,
     });
     console.log(JSON.stringify(data));
   } catch (err) {
@@ -150,10 +160,11 @@ async function update(args) {
 }
 
 async function register(args) {
-  const valueFlags = ["--project", "--url", "--events"];
+  const valueFlags = ["--project", "--url", "--events", "--mailbox"];
   validateArgs(args, valueFlags);
   const url = strictFlagValue(args, "--url");
   const eventsRaw = strictFlagValue(args, "--events");
+  const mailbox = strictFlagValue(args, "--mailbox");
   const projectOpt = strictFlagValue(args, "--project");
   const projectId = resolveProjectId(projectOpt);
 
@@ -178,7 +189,7 @@ async function register(args) {
 
   const events = eventsRaw.split(",").map((e) => e.trim());
   try {
-    const data = await getSdk().email.webhooks.register(projectId, { url, events });
+    const data = await getSdk().email.webhooks.register(projectId, { url, events, mailbox: mailbox ?? undefined });
     console.log(JSON.stringify(data));
   } catch (err) {
     reportSdkError(err);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "run402",
-  "version": "2.19.1",
+  "version": "2.21.0",
   "description": "CLI for Run402 — provision Postgres databases, deploy static sites, generate images, and manage wallets via x402 and MPP micropayments.",
   "type": "module",
   "bin": {

package/sdk/dist/errors.d.ts

@@ -15,7 +15,7 @@
  * (or the exported `is*` guards) to branch on errors safely across SDK copies
  * and realms — value comparison, no class-identity dependency.
  */
-export type Run402ErrorKind = "payment_required" | "project_not_found" | "unauthorized" | "api_error" | "network_error" | "local_error" | "deploy_error";
+export type Run402ErrorKind = "payment_required" | "project_not_found" | "unauthorized" | "api_error" | "network_error" | "local_error" | "deploy_error" | "transfer_freeze";
 /**
  * Quota-denial scope discriminator (v1.46+). Indicates whether a quota-related
  * denial was enforced against the pooled billing-account total (`"account"`)
@@ -187,6 +187,33 @@ export declare class Run402DeployError extends Run402Error {
     });
     toJSON(): Record<string, unknown>;
 }
+/**
+ * Project has a pending transfer (v1.59+). Gateway returns 409 with
+ * `code: "PROJECT_HAS_PENDING_TRANSFER"` from the transfer-freeze middleware
+ * mounted on owner-side mutations (deploy, secrets, custom domains, function
+ * CRUD, scheduled-function changes, mailbox config, CI bindings, project
+ * rename, etc.). The pending transfer must be accepted, cancelled, or
+ * allowed to expire (72h) before owner-side mutations resume.
+ *
+ * The error carries `transferId` (when the gateway resolved it) and
+ * `cancelPath` lifted from `next_actions[].path`, so callers can present an
+ * actionable resolution path. `previewPath` mirrors the view-transfer
+ * next_action when present.
+ */
+export declare class TransferFreezeError extends Run402Error {
+    static readonly DEFAULT_CODE = "PROJECT_HAS_PENDING_TRANSFER";
+    static readonly DEFAULT_CATEGORY = "validation";
+    static readonly DEFAULT_RETRYABLE = false;
+    readonly kind: "transfer_freeze";
+    /** The pending transfer id when the gateway resolved one. */
+    readonly transferId: string | null;
+    /** API path to cancel the pending transfer (e.g. `/agent/v1/transfers/<id>/cancel`). */
+    readonly cancelPath: string | null;
+    /** API path to view the pending transfer preview. */
+    readonly previewPath: string | null;
+    readonly projectId: string | null;
+    constructor(message: string, status: number, body: unknown, context: string);
+}
 /** True if `e` is any {@link Run402Error} subclass instance, regardless of which SDK copy created it. */
 export declare function isRun402Error(e: unknown): e is Run402Error;
 /** True if `e` is a {@link PaymentRequired}. Survives duplicate SDK copies and realms. */
@@ -203,6 +230,8 @@ export declare function isNetworkError(e: unknown): e is NetworkError;
 export declare function isLocalError(e: unknown): e is LocalError;
 /** True if `e` is a {@link Run402DeployError}. */
 export declare function isDeployError(e: unknown): e is Run402DeployError;
+/** True if `e` is a {@link TransferFreezeError}. */
+export declare function isTransferFreezeError(e: unknown): e is TransferFreezeError;
 /**
  * Extract the v1.46+ quota-denial scope from an error. Returns `"account"`
  * for pooled denials, `"project"` for the orphan fallback, or `undefined`