feat: inngest CLI — complete rewrite from Xero to Inngest

- Full CLI for Inngest Cloud and local dev server
- Commands: auth, functions, runs, events, env, dev, health, metrics, backlog, config, version
- GraphQL + REST API client with signing key and event key auth
- JSON/text/table output formats
- Module: github.com/Coastal-Programs/inggest-cli
- 2 dependencies (cobra, pflag), stdlib for everything else
- Tests across all packages

Author: jakeschepis

.claude/commands/test.md

@@ -14,8 +14,7 @@ go test -race -v ./... 2>&1
 If all tests pass, report success and stop.
 
 If there are failures, parse the output and group by package:
-- `internal/auth` — OAuth flow, PKCE, proxy logic
-- `internal/xero` — API client, pagination, rate limiting
+- `internal/inngest` — API client, GraphQL, REST, dev server
 - `internal/cli/commands` — command behaviour
 - `internal/common/config` — config load/save/resolve
 - `pkg/output` — formatter output

.claude/commands/update-app.md

@@ -38,7 +38,7 @@ Fix all errors before continuing.
 
 ```bash
 make build
-./build/xero version
+./build/inngest version
 ```
 
 Confirm the binary builds and runs cleanly with zero warnings.

.claude/rules/go.md

@@ -11,8 +11,7 @@ paths:
 
 ## HTTP
 - Always set an explicit timeout — never use `http.DefaultClient` bare
-- Auth layer uses `authHTTPClient` (15s timeout) — don't create new clients in auth code
-- Xero API layer uses the shared transport in `internal/xero/client.go`
+- Inngest API layer uses the shared transport in `internal/inngest/client.go`
 
 ## URLs
 - Query params: always `url.Values{}` and `.Encode()` — never string concatenation
@@ -23,13 +22,14 @@ paths:
 - Errors always go to stderr via `output.PrintError(msg, err)`
 - Respect the `--output` flag — never hard-code a format inside a command
 
-## Xero API
-- Xero pagination is 1-indexed — never pass `page=0` to the API
-- `page=0` in CLI flags means auto-paginate: loop until a batch returns < 100 records
-- 429 rate limit handling lives in `client.go` — don't add retry logic elsewhere
+## Inngest API
+- GraphQL API at `api.inngest.com/gql` — used for functions, runs, environments, metrics
+- REST API at `api.inngest.com/v1/` — used for sending events
+- Dev server at `localhost:8288` — no auth required
+- Three auth modes: signing key (GraphQL/REST), event key (events), no auth (dev server)
 
 ## Adding a New Command
-1. `internal/xero/<resource>.go` — API client methods
+1. `internal/inngest/<resource>.go` — API client methods (or add to `client.go`)
 2. `internal/cli/commands/<resource>.go` — Cobra command(s)
 3. Register in `internal/cli/root.go`
 4. Add to Commands section of `README.md`

.claude/rules/release.md

@@ -54,11 +54,11 @@ Example:
 This release adds budget reporting commands and improves error messages across all commands.
 
 ### Added
-- `xero reports budget-summary` — compare actuals vs budget by org
-- `xero reports budget-variance` — line-by-line variance report
+- `inngest runs replay` — replay a function run
+- `inngest backlog` — show queued and running runs per function
 
 ### Fixed
-- Auth refresh no longer silently fails when instance_token is missing
+- GraphQL cursor pagination no longer skips the last page
 ```
 
 ### Steps
@@ -70,3 +70,5 @@ This release adds budget reporting commands and improves error messages across a
 GitHub Actions extracts the CHANGELOG entry and uses it as the release description, then builds 5 platform binaries automatically.
 
 > Never push a tag without a well-written CHANGELOG entry first.
+ry first.
+try first.

.claude/rules/security.md

@@ -1,20 +1,14 @@
 # Security Rules
 
-## Tokens and Secrets
-- Never log or print raw tokens — use `config.Redacted()` or the `redact()` helper
-- `client_secret` must NEVER appear in the CLI binary, config file, or logs
-- It lives exclusively in the Cloudflare Worker as a Cloudflare secret
+## Keys and Secrets
+- Never log or print raw signing keys or event keys — use redaction helpers
+- Signing key (`INNGEST_SIGNING_KEY`) and event key (`INNGEST_EVENT_KEY`) can come from env vars or config file
+- Env vars take precedence over config file values
 
 ## Config File
 - Always written with `0600` permissions — do not change this
-- `XERO_CONFIG` env var is validated: must be absolute path, end in `.json`, no `..` — do not relax this validation
-
-## Auth Proxy
-- `/init-session` is protected by `ZEUS_ADMIN_SECRET` — only the Zeus Electron app holds this
-- `instance_token` must be validated on every `/refresh` call — proves the CLI was authorised through Zeus
-- Session tokens are single-use — consumed (deleted from KV) on first use
-- Admin secret comparison uses `crypto.subtle.timingSafeEqual` — never use `===` for secret comparison
+- `INNGEST_CLI_CONFIG` env var overrides the default path
 
 ## HTTP
 - All HTTP clients must have explicit timeouts — no bare `http.DefaultClient`
-- Error response bodies are truncated to 300 chars before logging — never log full upstream error bodies
+- Error response bodies are truncated before logging — never log full upstream error bodies

.claude/rules/worker.md

@@ -9,7 +9,7 @@ A clear description of what went wrong.
 
 **Command run**
 ```
-xero <command> <flags>
+inngest <command> <flags>
 ```
 
 **Expected behaviour**
@@ -22,5 +22,5 @@ paste output here
 
 **Environment**
 - OS:
-- `xero version`:
+- `inngest version`:
 - Go version (if built from source):

.github/ISSUE_TEMPLATE/bug_report.md

@@ -12,5 +12,5 @@ What problem does this solve?
 
 **Example command**
 ```bash
-xero <proposed command>
+inngest <proposed command>
 ```

.github/ISSUE_TEMPLATE/feature_request.md

@@ -32,9 +32,6 @@ jobs:
           echo "EOF" >> $GITHUB_OUTPUT
 
       - name: Build release binaries
-        env:
-          CLIENT_ID: ${{ secrets.XERO_CLIENT_ID }}
-          PROXY_URL: ${{ secrets.PROXY_URL }}
         run: |
           chmod +x scripts/release.sh
           ./scripts/release.sh ${{ github.ref_name }}

.github/workflows/release.yml

@@ -1,15 +1,16 @@
 # Build artifacts
 /build/
 /dist/
-/xero
-/xero.exe
+/inngest
+/inngest.exe
 *.exe
 *.dll
 *.so
 *.dylib
 
 # Test artifacts
 *.test
+cover.out
 coverage.out
 coverage.html
 
@@ -18,13 +19,8 @@ go.work
 go.work.sum
 vendor/
 
-# Worker
-worker/node_modules/
-worker/package-lock.json
-
-# Config files (may contain OAuth tokens and client secrets)
+# Config files
 config.json
-.xero.json
 *.local.json
 
 # IDE