feat: add --dry-run flag to all 47 CLI tools

When --dry-run is passed, each CLI prints the HTTP request it would make (method, URL, headers, body) without actually calling fetch(). Auth credentials are masked as "***" in the output. Useful for verifying request shape and API endpoints without needing real API keys or making actual API calls. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-17 11:47:12 -08:00 · 2026-02-17 11:47:12 -08:00 · 2c26f8497b
commit 2c26f8497b
parent 3a85964305
47 changed files with 250 additions and 43 deletions
--- a/tools/clis/activecampaign.js
+++ b/tools/clis/activecampaign.js
@ -16,6 +16,9 @@ if (!API_URL) {
 const BASE_URL = `${API_URL.replace(/\/$/, '')}/api/3`

 async function api(method, path, body) {
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${BASE_URL}${path}`, headers: { 'Api-Token': '***', 'Content-Type': 'application/json', 'Accept': 'application/json' }, body: body || undefined }
+  }
  const res = await fetch(`${BASE_URL}${path}`, {
    method,
    headers: {
--- a/tools/clis/adobe-analytics.js
+++ b/tools/clis/adobe-analytics.js
@ -12,6 +12,9 @@ if (!ACCESS_TOKEN || !CLIENT_ID || !COMPANY_ID) {
 const BASE_URL = `https://analytics.adobe.io/api/${COMPANY_ID}`

 async function api(method, path, body) {
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${BASE_URL}${path}`, headers: { 'Authorization': '***', 'x-api-key': '***', 'Content-Type': 'application/json' }, body: body || undefined }
+  }
  const res = await fetch(`${BASE_URL}${path}`, {
    method,
    headers: {
--- a/tools/clis/ahrefs.js
+++ b/tools/clis/ahrefs.js
@ -9,6 +9,9 @@ if (!API_KEY) {
 }

 async function api(method, path) {
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${BASE_URL}${path}`, headers: { 'Authorization': '***', 'Content-Type': 'application/json' } }
+  }
  const res = await fetch(`${BASE_URL}${path}`, {
    method,
    headers: {
--- a/tools/clis/amplitude.js
+++ b/tools/clis/amplitude.js
@ -11,6 +11,9 @@ if (!API_KEY) {
 }

 async function ingestApi(method, path, body) {
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${INGESTION_URL}${path}`, headers: { 'Content-Type': 'application/json' }, body: body || undefined }
+  }
  const res = await fetch(`${INGESTION_URL}${path}`, {
    method,
    headers: { 'Content-Type': 'application/json' },
@ -28,8 +31,11 @@ async function queryApi(method, path, params) {
  if (!SECRET_KEY) {
    return { error: 'AMPLITUDE_SECRET_KEY required for query/export operations' }
  }
-  const auth = Buffer.from(`${API_KEY}:${SECRET_KEY}`).toString('base64')
  const url = params ? `${QUERY_URL}${path}?${params}` : `${QUERY_URL}${path}`
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url, headers: { 'Authorization': '***', 'Content-Type': 'application/json' } }
+  }
+  const auth = Buffer.from(`${API_KEY}:${SECRET_KEY}`).toString('base64')
  const res = await fetch(url, {
    method,
    headers: {
--- a/tools/clis/apollo.js
+++ b/tools/clis/apollo.js
@ -9,6 +9,9 @@ if (!API_KEY) {
 }

 async function api(method, path, body) {
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${BASE_URL}${path}`, headers: { 'x-api-key': '***', 'Content-Type': 'application/json', 'Accept': 'application/json' }, body: body || undefined }
+  }
  const res = await fetch(`${BASE_URL}${path}`, {
    method,
    headers: {
--- a/tools/clis/beehiiv.js
+++ b/tools/clis/beehiiv.js
@ -9,6 +9,9 @@ if (!API_KEY) {
 }

 async function api(method, path, body) {
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${BASE_URL}${path}`, headers: { 'Authorization': '***', 'Content-Type': 'application/json', 'Accept': 'application/json' }, body: body || undefined }
+  }
  const res = await fetch(`${BASE_URL}${path}`, {
    method,
    headers: {
--- a/tools/clis/brevo.js
+++ b/tools/clis/brevo.js
@ -9,6 +9,9 @@ if (!API_KEY) {
 }

 async function api(method, path, body) {
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${BASE_URL}${path}`, headers: { 'api-key': '***', 'Content-Type': 'application/json', 'Accept': 'application/json' }, body: body || undefined }
+  }
  const res = await fetch(`${BASE_URL}${path}`, {
    method,
    headers: {
--- a/tools/clis/buffer.js
+++ b/tools/clis/buffer.js
@ -16,6 +16,9 @@ async function api(method, path, body) {
  if (body && method !== 'GET') {
    headers['Content-Type'] = 'application/x-www-form-urlencoded'
  }
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${BASE_URL}${path}`, headers: { ...headers, 'Authorization': '***' }, body: body || undefined }
+  }
  const res = await fetch(`${BASE_URL}${path}`, {
    method,
    headers,
@ -30,6 +33,9 @@ async function api(method, path, body) {
 }

 async function apiJson(method, path, body) {
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${BASE_URL}${path}`, headers: { 'Authorization': '***', 'Content-Type': 'application/json', 'Accept': 'application/json' }, body: body || undefined }
+  }
  const res = await fetch(`${BASE_URL}${path}`, {
    method,
    headers: {
@ -155,6 +161,10 @@ async function main() {
          if (args.now) formBody.append('now', 'true')
          if (args.top) formBody.append('top', 'true')
          if (args.shorten) formBody.append('shorten', 'true')
+          if (args['dry-run']) {
+            result = { _dry_run: true, method: 'POST', url: `${BASE_URL}/updates/create.json`, headers: { 'Authorization': '***', 'Content-Type': 'application/x-www-form-urlencoded', 'Accept': 'application/json' }, body: formBody.toString() }
+            break
+          }
          const res = await fetch(`${BASE_URL}/updates/create.json`, {
            method: 'POST',
            headers: {
@ -197,6 +207,10 @@ async function main() {
          if (!order) { result = { error: '--order required (comma-separated update IDs)' }; break }
          const formBody = new URLSearchParams()
          order.split(',').forEach(uid => formBody.append('order[]', uid.trim()))
+          if (args['dry-run']) {
+            result = { _dry_run: true, method: 'POST', url: `${BASE_URL}/profiles/${id}/updates/reorder.json`, headers: { 'Authorization': '***', 'Content-Type': 'application/x-www-form-urlencoded', 'Accept': 'application/json' }, body: formBody.toString() }
+            break
+          }
          const res = await fetch(`${BASE_URL}/profiles/${id}/updates/reorder.json`, {
            method: 'POST',
            headers: {
--- a/tools/clis/calendly.js
+++ b/tools/clis/calendly.js
@ -9,6 +9,9 @@ if (!API_KEY) {
 }

 async function api(method, path, body) {
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${BASE_URL}${path}`, headers: { 'Authorization': '***', 'Content-Type': 'application/json', 'Accept': 'application/json' }, body: body || undefined }
+  }
  const res = await fetch(`${BASE_URL}${path}`, {
    method,
    headers: {
--- a/tools/clis/clearbit.js
+++ b/tools/clis/clearbit.js
@ -8,6 +8,9 @@ if (!API_KEY) {
 }

 async function api(method, baseUrl, path, body) {
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${baseUrl}${path}`, headers: { 'Authorization': '***', 'Content-Type': 'application/json', 'Accept': 'application/json' }, body: body || undefined }
+  }
  const res = await fetch(`${baseUrl}${path}`, {
    method,
    headers: {
--- a/tools/clis/customer-io.js
+++ b/tools/clis/customer-io.js
@ -21,6 +21,9 @@ async function trackApi(method, path, body) {
  if (!hasTrackAuth) {
    return { error: 'Track API requires CUSTOMERIO_SITE_ID and CUSTOMERIO_API_KEY environment variables' }
  }
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${TRACK_URL}${path}`, headers: { Authorization: '***', 'Content-Type': 'application/json' }, body: body || undefined }
+  }
  const res = await fetch(`${TRACK_URL}${path}`, {
    method,
    headers: {
@ -41,6 +44,9 @@ async function appApi(method, path, body) {
  if (!hasAppAuth) {
    return { error: 'App API requires CUSTOMERIO_APP_KEY environment variable' }
  }
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${APP_URL}${path}`, headers: { Authorization: '***', 'Content-Type': 'application/json' }, body: body || undefined }
+  }
  const res = await fetch(`${APP_URL}${path}`, {
    method,
    headers: {
--- a/tools/clis/dataforseo.js
+++ b/tools/clis/dataforseo.js
@ -12,6 +12,9 @@ if (!LOGIN || !PASSWORD) {
 const AUTH = 'Basic ' + Buffer.from(`${LOGIN}:${PASSWORD}`).toString('base64')

 async function api(method, path, body) {
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${BASE_URL}${path}`, headers: { Authorization: '***', 'Content-Type': 'application/json' }, body: body || undefined }
+  }
  const res = await fetch(`${BASE_URL}${path}`, {
    method,
    headers: {
--- a/tools/clis/demio.js
+++ b/tools/clis/demio.js
@ -15,6 +15,9 @@ if (!API_SECRET) {
 }

 async function api(method, path, body) {
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${BASE_URL}${path}`, headers: { 'Api-Key': '***', 'Api-Secret': '***', 'Content-Type': 'application/json', Accept: 'application/json' }, body: body || undefined }
+  }
  const res = await fetch(`${BASE_URL}${path}`, {
    method,
    headers: {
--- a/tools/clis/dub.js
+++ b/tools/clis/dub.js
@ -9,6 +9,9 @@ if (!API_KEY) {
 }

 async function api(method, path, body) {
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${BASE_URL}${path}`, headers: { Authorization: '***', 'Content-Type': 'application/json' }, body: body || undefined }
+  }
  const res = await fetch(`${BASE_URL}${path}`, {
    method,
    headers: {
--- a/tools/clis/g2.js
+++ b/tools/clis/g2.js
@ -9,6 +9,9 @@ if (!API_TOKEN) {
 }

 async function api(method, path, body) {
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${BASE_URL}${path}`, headers: { Authorization: '***', 'Content-Type': 'application/vnd.api+json', Accept: 'application/vnd.api+json' }, body: body || undefined }
+  }
  const res = await fetch(`${BASE_URL}${path}`, {
    method,
    headers: {
--- a/tools/clis/ga4.js
+++ b/tools/clis/ga4.js
@ -11,6 +11,9 @@ if (!ACCESS_TOKEN) {
 }

 async function api(method, baseUrl, path, body) {
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${baseUrl}${path}`, headers: { Authorization: '***', 'Content-Type': 'application/json' }, body: body || undefined }
+  }
  const res = await fetch(`${baseUrl}${path}`, {
    method,
    headers: {
@ -29,6 +32,9 @@ async function api(method, baseUrl, path, body) {

 async function mpApi(measurementId, apiSecret, body) {
  const params = new URLSearchParams({ measurement_id: measurementId, api_secret: apiSecret })
+  if (args['dry-run']) {
+    return { _dry_run: true, method: 'POST', url: `${MP_URL}?${new URLSearchParams({ measurement_id: measurementId, api_secret: '***' })}`, headers: { 'Content-Type': 'application/json' }, body: body || undefined }
+  }
  const res = await fetch(`${MP_URL}?${params}`, {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
--- a/tools/clis/google-ads.js
+++ b/tools/clis/google-ads.js
@ -11,6 +11,9 @@ if (!TOKEN || !DEV_TOKEN || !CUSTOMER_ID) {
 }

 async function api(method, path, body) {
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${BASE_URL}${path}`, headers: { Authorization: '***', 'developer-token': '***', 'Content-Type': 'application/json' }, body: body || undefined }
+  }
  const res = await fetch(`${BASE_URL}${path}`, {
    method,
    headers: {
--- a/tools/clis/google-search-console.js
+++ b/tools/clis/google-search-console.js
@ -9,6 +9,9 @@ if (!ACCESS_TOKEN) {
 }

 async function api(method, path, body) {
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${BASE_URL}${path}`, headers: { Authorization: '***', 'Content-Type': 'application/json' }, body: body || undefined }
+  }
  const res = await fetch(`${BASE_URL}${path}`, {
    method,
    headers: {
--- a/tools/clis/hotjar.js
+++ b/tools/clis/hotjar.js
@ -27,6 +27,9 @@ async function getToken() {
 }

 async function api(method, path) {
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${BASE_URL}${path}`, headers: { Authorization: '***', 'Content-Type': 'application/json', Accept: 'application/json' } }
+  }
  const token = await getToken()
  const res = await fetch(`${BASE_URL}${path}`, {
    method,
--- a/tools/clis/intercom.js
+++ b/tools/clis/intercom.js
@ -9,6 +9,9 @@ if (!API_KEY) {
 }

 async function api(method, path, body) {
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${BASE_URL}${path}`, headers: { Authorization: '***', 'Content-Type': 'application/json', Accept: 'application/json', 'Intercom-Version': '2.11' }, body: body || undefined }
+  }
  const res = await fetch(`${BASE_URL}${path}`, {
    method,
    headers: {
--- a/tools/clis/keywords-everywhere.js
+++ b/tools/clis/keywords-everywhere.js
@ -9,13 +9,17 @@ if (!API_KEY) {
 }

 async function api(method, path, body) {
-  const res = await fetch(`${BASE_URL}${path}`, {
-    method,
-    headers: {
+  const headers = {
    'Authorization': `Bearer ${API_KEY}`,
    'Content-Type': 'application/json',
    'Accept': 'application/json',
-    },
+  }
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${BASE_URL}${path}`, headers: { ...headers, Authorization: '***' }, body: body || undefined }
+  }
+  const res = await fetch(`${BASE_URL}${path}`, {
+    method,
+    headers,
    body: body ? JSON.stringify(body) : undefined,
  })
  const text = await res.text()
--- a/tools/clis/kit.js
+++ b/tools/clis/kit.js
@ -31,6 +31,18 @@ async function api(method, path, body, useSecret = true) {
    }
    opts.body = JSON.stringify(authBody)
  }
+  if (args['dry-run']) {
+    const dryRunHeaders = { ...opts.headers }
+    const dryRunUrl = url.toString().replace(API_SECRET, '***').replace(API_KEY, '***')
+    let dryRunBody = undefined
+    if (opts.body) {
+      const parsed = JSON.parse(opts.body)
+      if (parsed.api_secret) parsed.api_secret = '***'
+      if (parsed.api_key) parsed.api_key = '***'
+      dryRunBody = parsed
+    }
+    return { _dry_run: true, method, url: dryRunUrl, headers: dryRunHeaders, body: dryRunBody }
+  }
  const res = await fetch(url.toString(), opts)
  const text = await res.text()
  try {
--- a/tools/clis/klaviyo.js
+++ b/tools/clis/klaviyo.js
@ -10,14 +10,18 @@ if (!API_KEY) {
 }

 async function api(method, path, body) {
-  const res = await fetch(`${BASE_URL}${path}`, {
-    method,
-    headers: {
+  const headers = {
    'Authorization': `Klaviyo-API-Key ${API_KEY}`,
    'Content-Type': 'application/json',
    'Accept': 'application/json',
    'revision': REVISION,
-    },
+  }
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${BASE_URL}${path}`, headers: { ...headers, Authorization: '***' }, body: body || undefined }
+  }
+  const res = await fetch(`${BASE_URL}${path}`, {
+    method,
+    headers,
    body: body ? JSON.stringify(body) : undefined,
  })
  const text = await res.text()
--- a/tools/clis/linkedin-ads.js
+++ b/tools/clis/linkedin-ads.js
@ -9,12 +9,16 @@ if (!TOKEN) {
 }

 async function api(method, path, body) {
-  const res = await fetch(`${BASE_URL}${path}`, {
-    method,
-    headers: {
+  const headers = {
    'Authorization': `Bearer ${TOKEN}`,
    'Content-Type': 'application/json',
-    },
+  }
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${BASE_URL}${path}`, headers: { ...headers, Authorization: '***' }, body: body || undefined }
+  }
+  const res = await fetch(`${BASE_URL}${path}`, {
+    method,
+    headers,
    body: body ? JSON.stringify(body) : undefined,
  })
  const text = await res.text()
--- a/tools/clis/livestorm.js
+++ b/tools/clis/livestorm.js
@ -9,13 +9,17 @@ if (!API_TOKEN) {
 }

 async function api(method, path, body) {
-  const res = await fetch(`${BASE_URL}${path}`, {
-    method,
-    headers: {
+  const headers = {
    'Authorization': API_TOKEN,
    'Content-Type': 'application/vnd.api+json',
    'Accept': 'application/vnd.api+json',
-    },
+  }
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${BASE_URL}${path}`, headers: { ...headers, Authorization: '***' }, body: body || undefined }
+  }
+  const res = await fetch(`${BASE_URL}${path}`, {
+    method,
+    headers,
    body: body ? JSON.stringify(body) : undefined,
  })
  const text = await res.text()
--- a/tools/clis/mailchimp.js
+++ b/tools/clis/mailchimp.js
@ -11,12 +11,16 @@ const dc = API_KEY.split('-').pop()
 const BASE_URL = `https://${dc}.api.mailchimp.com/3.0`

 async function api(method, path, body) {
-  const res = await fetch(`${BASE_URL}${path}`, {
-    method,
-    headers: {
+  const headers = {
    'Authorization': `Bearer ${API_KEY}`,
    'Content-Type': 'application/json',
-    },
+  }
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${BASE_URL}${path}`, headers: { ...headers, Authorization: '***' }, body: body || undefined }
+  }
+  const res = await fetch(`${BASE_URL}${path}`, {
+    method,
+    headers,
    body: body ? JSON.stringify(body) : undefined,
  })
  const text = await res.text()
--- a/tools/clis/mention-me.js
+++ b/tools/clis/mention-me.js
@ -9,12 +9,16 @@ if (!API_KEY) {
 }

 async function api(method, path, body) {
-  const res = await fetch(`${BASE_URL}${path}`, {
-    method,
-    headers: {
+  const headers = {
    'Authorization': `Bearer ${API_KEY}`,
    'Content-Type': 'application/json',
-    },
+  }
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${BASE_URL}${path}`, headers: { ...headers, Authorization: '***' }, body: body || undefined }
+  }
+  const res = await fetch(`${BASE_URL}${path}`, {
+    method,
+    headers,
    body: body ? JSON.stringify(body) : undefined,
  })
  const text = await res.text()
--- a/tools/clis/meta-ads.js
+++ b/tools/clis/meta-ads.js
@ -17,6 +17,10 @@ async function api(method, path, body) {
    opts.headers['Content-Type'] = 'application/json'
    opts.body = JSON.stringify(body)
  }
+  if (args['dry-run']) {
+    const dryRunUrl = url.replace(TOKEN, '***')
+    return { _dry_run: true, method, url: dryRunUrl, headers: opts.headers, body: body || undefined }
+  }
  const res = await fetch(url, opts)
  const text = await res.text()
  try {
--- a/tools/clis/mixpanel.js
+++ b/tools/clis/mixpanel.js
@ -13,9 +13,13 @@ if (!TOKEN && !API_KEY) {
 }

 async function ingestApi(method, path, body) {
+  const headers = { 'Content-Type': 'application/json' }
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${INGESTION_URL}${path}`, headers, body: body || undefined }
+  }
  const res = await fetch(`${INGESTION_URL}${path}`, {
    method,
-    headers: { 'Content-Type': 'application/json' },
+    headers,
    body: body ? JSON.stringify(body) : undefined,
  })
  const text = await res.text()
@ -32,12 +36,16 @@ async function queryApi(method, baseUrl, path, params) {
  }
  const auth = Buffer.from(`${API_KEY}:${SECRET}`).toString('base64')
  const url = params ? `${baseUrl}${path}?${params}` : `${baseUrl}${path}`
-  const res = await fetch(url, {
-    method,
-    headers: {
+  const headers = {
    'Authorization': `Basic ${auth}`,
    'Content-Type': 'application/json',
-    },
+  }
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url, headers: { ...headers, Authorization: '***' } }
+  }
+  const res = await fetch(url, {
+    method,
+    headers,
  })
  const text = await res.text()
  try {
@ -52,12 +60,16 @@ async function queryApiPost(path, body) {
    return { error: 'MIXPANEL_API_KEY and MIXPANEL_SECRET required for query/export operations' }
  }
  const auth = Buffer.from(`${API_KEY}:${SECRET}`).toString('base64')
-  const res = await fetch(`${QUERY_URL}${path}`, {
-    method: 'POST',
-    headers: {
+  const headers = {
    'Authorization': `Basic ${auth}`,
    'Content-Type': 'application/json',
-    },
+  }
+  if (args['dry-run']) {
+    return { _dry_run: true, method: 'POST', url: `${QUERY_URL}${path}`, headers: { ...headers, Authorization: '***' }, body: body || undefined }
+  }
+  const res = await fetch(`${QUERY_URL}${path}`, {
+    method: 'POST',
+    headers,
    body: JSON.stringify(body),
  })
  const text = await res.text()
--- a/tools/clis/onesignal.js
+++ b/tools/clis/onesignal.js
@ -15,13 +15,17 @@ if (!APP_ID) {
 }

 async function api(method, path, body) {
-  const res = await fetch(`${BASE_URL}${path}`, {
-    method,
-    headers: {
+  const headers = {
    'Authorization': `Basic ${REST_API_KEY}`,
    'Content-Type': 'application/json',
    'Accept': 'application/json',
-    },
+  }
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${BASE_URL}${path}`, headers: { ...headers, Authorization: '***' }, body: body || undefined }
+  }
+  const res = await fetch(`${BASE_URL}${path}`, {
+    method,
+    headers,
    body: body ? JSON.stringify(body) : undefined,
  })
  const text = await res.text()
--- a/tools/clis/optimizely.js
+++ b/tools/clis/optimizely.js
@ -9,6 +9,9 @@ if (!API_KEY) {
 }

 async function api(method, path, body) {
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${BASE_URL}${path}`, headers: { Authorization: '***', 'Content-Type': 'application/json', 'Accept': 'application/json' }, body: body || undefined }
+  }
  const res = await fetch(`${BASE_URL}${path}`, {
    method,
    headers: {
--- a/tools/clis/paddle.js
+++ b/tools/clis/paddle.js
@ -11,6 +11,9 @@ if (!API_KEY) {
 }

 async function api(method, path, body) {
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${BASE_URL}${path}`, headers: { Authorization: '***', 'Content-Type': 'application/json', 'Accept': 'application/json' }, body: body || undefined }
+  }
  const res = await fetch(`${BASE_URL}${path}`, {
    method,
    headers: {
--- a/tools/clis/partnerstack.js
+++ b/tools/clis/partnerstack.js
@ -12,6 +12,9 @@ if (!PUBLIC_KEY || !SECRET_KEY) {
 const AUTH = 'Basic ' + Buffer.from(`${PUBLIC_KEY}:${SECRET_KEY}`).toString('base64')

 async function api(method, path, body) {
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${BASE_URL}${path}`, headers: { Authorization: '***', 'Content-Type': 'application/json', 'Accept': 'application/json' }, body: body || undefined }
+  }
  const res = await fetch(`${BASE_URL}${path}`, {
    method,
    headers: {
--- a/tools/clis/plausible.js
+++ b/tools/clis/plausible.js
@ -9,6 +9,9 @@ if (!API_KEY) {
 }

 async function api(method, path, body) {
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${BASE_URL}${path}`, headers: { Authorization: '***', 'Content-Type': 'application/json', 'Accept': 'application/json' }, body: body || undefined }
+  }
  const res = await fetch(`${BASE_URL}${path}`, {
    method,
    headers: {
--- a/tools/clis/postmark.js
+++ b/tools/clis/postmark.js
@ -9,6 +9,15 @@ if (!API_KEY) {
 }

 async function api(method, path, body, useAccountToken) {
+  if (args['dry-run']) {
+    const maskedHeaders = { 'Content-Type': 'application/json', 'Accept': 'application/json' }
+    if (useAccountToken) {
+      maskedHeaders['X-Postmark-Account-Token'] = '***'
+    } else {
+      maskedHeaders['X-Postmark-Server-Token'] = '***'
+    }
+    return { _dry_run: true, method, url: `${BASE_URL}${path}`, headers: maskedHeaders, body: body || undefined }
+  }
  const headers = {
    'Content-Type': 'application/json',
    'Accept': 'application/json',
--- a/tools/clis/resend.js
+++ b/tools/clis/resend.js
@ -9,6 +9,9 @@ if (!API_KEY) {
 }

 async function api(method, path, body) {
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${BASE_URL}${path}`, headers: { Authorization: '***', 'Content-Type': 'application/json' }, body: body || undefined }
+  }
  const res = await fetch(`${BASE_URL}${path}`, {
    method,
    headers: {
--- a/tools/clis/rewardful.js
+++ b/tools/clis/rewardful.js
@ -9,6 +9,9 @@ if (!API_KEY) {
 }

 async function api(method, path, body) {
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${BASE_URL}${path}`, headers: { Authorization: '***', 'Content-Type': 'application/json' }, body: body || undefined }
+  }
  const res = await fetch(`${BASE_URL}${path}`, {
    method,
    headers: {
--- a/tools/clis/savvycal.js
+++ b/tools/clis/savvycal.js
@ -9,6 +9,9 @@ if (!API_KEY) {
 }

 async function api(method, path, body) {
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${BASE_URL}${path}`, headers: { Authorization: '***', 'Content-Type': 'application/json', 'Accept': 'application/json' }, body: body || undefined }
+  }
  const res = await fetch(`${BASE_URL}${path}`, {
    method,
    headers: {
--- a/tools/clis/segment.js
+++ b/tools/clis/segment.js
@ -14,6 +14,9 @@ async function trackApi(method, path, body) {
  if (!WRITE_KEY) {
    return { error: 'SEGMENT_WRITE_KEY required for tracking operations' }
  }
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${TRACKING_URL}${path}`, headers: { Authorization: '***', 'Content-Type': 'application/json' }, body: body || undefined }
+  }
  const auth = Buffer.from(`${WRITE_KEY}:`).toString('base64')
  const res = await fetch(`${TRACKING_URL}${path}`, {
    method,
@ -35,6 +38,9 @@ async function profileApi(method, path) {
  if (!ACCESS_TOKEN) {
    return { error: 'SEGMENT_ACCESS_TOKEN required for profile operations' }
  }
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${PROFILE_URL}${path}`, headers: { Authorization: '***', 'Content-Type': 'application/json' } }
+  }
  const auth = Buffer.from(`${ACCESS_TOKEN}:`).toString('base64')
  const res = await fetch(`${PROFILE_URL}${path}`, {
    method,
--- a/tools/clis/semrush.js
+++ b/tools/clis/semrush.js
@ -28,6 +28,11 @@ function parseCSV(text) {
 async function api(params) {
  params.set('key', API_KEY)
  params.set('export_escape', '1')
+  if (args['dry-run']) {
+    const maskedParams = new URLSearchParams(params)
+    maskedParams.set('key', '***')
+    return { _dry_run: true, method: 'GET', url: `${BASE_URL}?${maskedParams}`, headers: {}, body: undefined }
+  }
  const res = await fetch(`${BASE_URL}?${params}`)
  const text = await res.text()
  if (!res.ok) {
--- a/tools/clis/sendgrid.js
+++ b/tools/clis/sendgrid.js
@ -9,6 +9,9 @@ if (!API_KEY) {
 }

 async function api(method, path, body) {
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${BASE_URL}${path}`, headers: { 'Authorization': '***', 'Content-Type': 'application/json' }, body: body || undefined }
+  }
  const res = await fetch(`${BASE_URL}${path}`, {
    method,
    headers: {
--- a/tools/clis/tiktok-ads.js
+++ b/tools/clis/tiktok-ads.js
@ -10,6 +10,9 @@ if (!TOKEN) {
 }

 async function api(method, path, body) {
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${BASE_URL}${path}`, headers: { 'Access-Token': '***', 'Content-Type': 'application/json' }, body: body || undefined }
+  }
  const opts = {
    method,
    headers: {
--- a/tools/clis/tolt.js
+++ b/tools/clis/tolt.js
@ -9,6 +9,9 @@ if (!API_KEY) {
 }

 async function api(method, path, body) {
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${BASE_URL}${path}`, headers: { 'Authorization': '***', 'Content-Type': 'application/json' }, body: body || undefined }
+  }
  const res = await fetch(`${BASE_URL}${path}`, {
    method,
    headers: {
--- a/tools/clis/trustpilot.js
+++ b/tools/clis/trustpilot.js
@ -32,6 +32,15 @@ async function getAccessToken() {
 }

 async function api(method, path, body, auth = 'apikey') {
+  if (args['dry-run']) {
+    const maskedHeaders = { 'Content-Type': 'application/json', 'Accept': 'application/json' }
+    if (auth === 'bearer') {
+      maskedHeaders['Authorization'] = '***'
+    } else {
+      maskedHeaders['apikey'] = '***'
+    }
+    return { _dry_run: true, method, url: `${BASE_URL}${path}`, headers: maskedHeaders, body: body || undefined }
+  }
  const headers = {
    'Content-Type': 'application/json',
    'Accept': 'application/json',
--- a/tools/clis/typeform.js
+++ b/tools/clis/typeform.js
@ -9,6 +9,9 @@ if (!API_KEY) {
 }

 async function api(method, path, body) {
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${BASE_URL}${path}`, headers: { 'Authorization': '***', 'Content-Type': 'application/json', 'Accept': 'application/json' }, body: body || undefined }
+  }
  const res = await fetch(`${BASE_URL}${path}`, {
    method,
    headers: {
--- a/tools/clis/wistia.js
+++ b/tools/clis/wistia.js
@ -9,6 +9,9 @@ if (!API_KEY) {
 }

 async function api(method, path, body) {
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${BASE_URL}${path}`, headers: { 'Authorization': '***', 'Content-Type': 'application/json', 'Accept': 'application/json' }, body: body || undefined }
+  }
  const res = await fetch(`${BASE_URL}${path}`, {
    method,
    headers: {
--- a/tools/clis/zapier.js
+++ b/tools/clis/zapier.js
@ -9,6 +9,9 @@ if (!API_KEY) {
 }

 async function api(method, path, body) {
+  if (args['dry-run']) {
+    return { _dry_run: true, method, url: `${BASE_URL}${path}`, headers: { 'X-API-Key': '***', 'Content-Type': 'application/json' }, body: body || undefined }
+  }
  const res = await fetch(`${BASE_URL}${path}`, {
    method,
    headers: {
@ -26,6 +29,9 @@ async function api(method, path, body) {
 }

 async function webhookPost(url, data) {
+  if (args['dry-run']) {
+    return { _dry_run: true, method: 'POST', url, headers: { 'Content-Type': 'application/json' }, body: data || undefined }
+  }
  const res = await fetch(url, {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },