@alchemy/cli 0.5.1 → 0.5.2

package/dist/chunk-NM25MEJZ.js

@@ -0,0 +1,724 @@
+#!/usr/bin/env node
+if(process.argv.includes("--no-color"))process.env.NO_COLOR="1";
+import {
+  load,
+  save
+} from "./chunk-BAAQ7ELR.js";
+import {
+  CLIError,
+  ErrorCode,
+  debug,
+  errAccessDenied,
+  errAccessKeyRequired,
+  errAdminAPI,
+  errAppRequired,
+  errAuthRequired,
+  errInvalidAPIKey,
+  errInvalidAccessKey,
+  errInvalidArgs,
+  errNetwork,
+  errNetworkNotEnabled,
+  errNotFound,
+  errRPC,
+  errRateLimited,
+  errWalletKeyRequired,
+  fetchWithTimeout,
+  getBaseDomain,
+  isLocalhost,
+  parseBaseURLOverride,
+  redactSensitiveText,
+  verbose
+} from "./chunk-56ZVYB4G.js";
+
+// src/lib/resolve.ts
+import { readFileSync } from "fs";
+
+// src/lib/client.ts
+var Client = class _Client {
+  apiKey;
+  network;
+  // Test/debug only: used by mock E2E to route CLI requests locally.
+  static RPC_BASE_URL_ENV = "ALCHEMY_RPC_BASE_URL";
+  constructor(apiKey, network) {
+    this.apiKey = apiKey;
+    this.network = network;
+    this.validateNetwork(network);
+  }
+  validateNetwork(network) {
+    if (this.rpcBaseURLOverride()) {
+      return;
+    }
+    const domain = getBaseDomain();
+    const hostname = `${network}.g.${domain}`;
+    let parsed;
+    try {
+      parsed = new URL(`https://${hostname}`);
+    } catch {
+      throw errInvalidArgs(
+        `Unknown network '${network}'. Run 'alchemy network list' to see available networks.`
+      );
+    }
+    if (!parsed.hostname.endsWith(`.g.${domain}`)) {
+      throw errInvalidArgs(
+        `Unknown network '${network}'. Run 'alchemy network list' to see available networks.`
+      );
+    }
+  }
+  rpcBaseURLOverride() {
+    return parseBaseURLOverride(_Client.RPC_BASE_URL_ENV);
+  }
+  rpcBaseURL() {
+    const override = this.rpcBaseURLOverride();
+    if (override) return override;
+    return new URL(`https://${this.network}.g.${getBaseDomain()}`);
+  }
+  rpcURL() {
+    return new URL(`/v2/${this.apiKey}`, this.rpcBaseURL()).toString();
+  }
+  enhancedURL() {
+    return new URL(`/nft/v3/${this.apiKey}`, this.rpcBaseURL()).toString();
+  }
+  parseNetworkNotEnabledError(detail) {
+    const match = detail.match(
+      /([A-Z0-9_]+)\s+is not enabled for this app\.\s+Visit this page to enable the network:\s+(https?:\/\/\S+)/i
+    );
+    if (!match) return null;
+    return errNetworkNotEnabled(match[1], detail);
+  }
+  authErrorFromResponseBody(detail) {
+    const networkNotEnabled = this.parseNetworkNotEnabledError(detail);
+    if (networkNotEnabled) return networkNotEnabled;
+    return errInvalidAPIKey(detail || void 0);
+  }
+  tryParseRPCError(text) {
+    try {
+      const parsed = JSON.parse(text);
+      if (parsed?.error?.code !== void 0 && parsed?.error?.message !== void 0) {
+        return errRPC(parsed.error.code, parsed.error.message);
+      }
+    } catch {
+    }
+    return null;
+  }
+  verboseLog(message) {
+    if (verbose) {
+      process.stderr.write(`[verbose] ${message}
+`);
+    }
+  }
+  async doFetch(url, init) {
+    return fetchWithTimeout(url, init);
+  }
+  async call(method, params = []) {
+    const body = {
+      jsonrpc: "2.0",
+      method,
+      params,
+      id: 1
+    };
+    const redactedURL = redactSensitiveText(this.rpcURL());
+    this.verboseLog(`\u2192 POST ${redactedURL}`);
+    this.verboseLog(`  method: ${method}`);
+    const hasParams = Array.isArray(params) ? params.length > 0 : Object.keys(params).length > 0;
+    if (hasParams) {
+      this.verboseLog(`  params: ${JSON.stringify(params)}`);
+    }
+    const startTime = Date.now();
+    const resp = await this.doFetch(this.rpcURL(), {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        Accept: "application/json"
+      },
+      body: JSON.stringify(body)
+    });
+    this.verboseLog(`\u2190 ${resp.status} ${resp.statusText} (${Date.now() - startTime}ms)`);
+    if (resp.status === 429) throw errRateLimited();
+    if (resp.status === 401 || resp.status === 403) {
+      const detail = await resp.text().catch(() => "");
+      throw this.authErrorFromResponseBody(detail);
+    }
+    if (!resp.ok) {
+      const text = await resp.text().catch(() => "");
+      const rpcError = this.tryParseRPCError(text);
+      if (rpcError) throw rpcError;
+      throw errNetwork(`HTTP ${resp.status}: ${text}`);
+    }
+    const rpcResp = await resp.json();
+    if (rpcResp.error) {
+      throw errRPC(rpcResp.error.code, rpcResp.error.message);
+    }
+    return rpcResp.result;
+  }
+  async callEnhanced(path, params) {
+    const url = new URL(`${this.enhancedURL()}/${path}`);
+    for (const [k, v] of Object.entries(params)) {
+      url.searchParams.set(k, v);
+    }
+    const redactedURL = redactSensitiveText(url.toString());
+    this.verboseLog(`\u2192 GET ${redactedURL}`);
+    const startTime = Date.now();
+    const resp = await this.doFetch(url.toString(), {
+      headers: { Accept: "application/json" }
+    });
+    this.verboseLog(`\u2190 ${resp.status} ${resp.statusText} (${Date.now() - startTime}ms)`);
+    if (resp.status === 429) throw errRateLimited();
+    if (resp.status === 401 || resp.status === 403) {
+      const detail = await resp.text().catch(() => "");
+      throw this.authErrorFromResponseBody(detail);
+    }
+    if (!resp.ok) {
+      const text = await resp.text().catch(() => "");
+      const rpcError = this.tryParseRPCError(text);
+      if (rpcError) throw rpcError;
+      throw errNetwork(`HTTP ${resp.status}: ${text}`);
+    }
+    return resp.json();
+  }
+};
+
+// src/lib/x402-client.ts
+import { signSiwe, createPayment } from "@alchemy/x402";
+var X402Client = class _X402Client {
+  network;
+  privateKey;
+  siweToken = null;
+  static X402_BASE_URL_ENV = "ALCHEMY_X402_BASE_URL";
+  static get DEFAULT_BASE() {
+    return `https://x402.${getBaseDomain()}`;
+  }
+  constructor(privateKey, network) {
+    this.privateKey = privateKey;
+    this.network = network;
+    this.validateNetwork(network);
+  }
+  validateNetwork(network) {
+    if (this.baseURLOverride()) return;
+    if (!/^[A-Za-z0-9:_-]{1,128}$/.test(network)) {
+      throw errInvalidArgs(`Invalid network: ${network}`);
+    }
+  }
+  baseURLOverride() {
+    return parseBaseURLOverride(_X402Client.X402_BASE_URL_ENV);
+  }
+  baseURL() {
+    const override = this.baseURLOverride();
+    if (override) return override;
+    return new URL(_X402Client.DEFAULT_BASE);
+  }
+  rpcURL() {
+    return new URL(`/${this.network}/v2`, this.baseURL()).toString();
+  }
+  enhancedURL() {
+    return new URL(`/${this.network}/nft/v3`, this.baseURL()).toString();
+  }
+  static SIWE_TTL = "1h";
+  static SIWE_EXPIRY_BUFFER_MS = 5 * 60 * 1e3;
+  // refresh 5min before expiry
+  async ensureSiweToken() {
+    if (this.siweToken) return this.siweToken;
+    const cfg = load();
+    if (cfg.siwe_token && cfg.siwe_token_expires_at) {
+      const expiry = new Date(cfg.siwe_token_expires_at);
+      const remaining = expiry.getTime() - Date.now();
+      debug(`SIWE: found cached token (length=${cfg.siwe_token.length}, remaining=${Math.round(remaining / 1e3)}s)`);
+      if (!Number.isNaN(expiry.getTime()) && remaining > _X402Client.SIWE_EXPIRY_BUFFER_MS) {
+        this.siweToken = cfg.siwe_token;
+        return this.siweToken;
+      }
+      debug("SIWE: cached token expired or expiring soon");
+    } else {
+      debug("SIWE: no cached token in config");
+    }
+    debug("SIWE: generating fresh token");
+    this.siweToken = await signSiwe({
+      privateKey: this.privateKey,
+      expiresAfter: _X402Client.SIWE_TTL
+    });
+    const expiresAt = new Date(Date.now() + 60 * 60 * 1e3).toISOString();
+    debug(`SIWE: saving token to config (length=${this.siweToken.length}, expires=${expiresAt})`);
+    save({ ...load(), siwe_token: this.siweToken, siwe_token_expires_at: expiresAt });
+    return this.siweToken;
+  }
+  refreshSiweToken() {
+    this.siweToken = null;
+    const cfg = load();
+    save({ ...cfg, siwe_token: void 0, siwe_token_expires_at: void 0 });
+  }
+  async call(method, params = []) {
+    const body = { jsonrpc: "2.0", method, params, id: 1 };
+    const jsonBody = JSON.stringify(body);
+    const buildInit = (extra) => ({
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        Accept: "application/json",
+        Authorization: `SIWE ${this.siweToken}`,
+        ...extra
+      },
+      body: jsonBody
+    });
+    await this.ensureSiweToken();
+    let resp = await this.doFetch(this.rpcURL(), buildInit());
+    resp = await this.handleAuthAndPayment(resp, {
+      authRetry: async () => {
+        this.refreshSiweToken();
+        await this.ensureSiweToken();
+        return this.doFetch(this.rpcURL(), buildInit());
+      },
+      paymentRetry: async (paymentSig) => this.doFetch(this.rpcURL(), buildInit({ "Payment-Signature": paymentSig }))
+    });
+    if (resp.status === 429) throw errRateLimited();
+    if (resp.status === 402) throw await this.parsePaymentError(resp);
+    if (!resp.ok) {
+      const text = await resp.text().catch(() => "");
+      throw errNetwork(`HTTP ${resp.status}: ${text}`);
+    }
+    const rpcResp = await resp.json();
+    if (rpcResp.error) {
+      throw errRPC(rpcResp.error.code, rpcResp.error.message);
+    }
+    return rpcResp.result;
+  }
+  async callEnhanced(path, params) {
+    const url = new URL(`${this.enhancedURL()}/${path}`);
+    for (const [k, v] of Object.entries(params)) {
+      url.searchParams.set(k, v);
+    }
+    const urlStr = url.toString();
+    const buildInit = (extra) => ({
+      headers: {
+        Accept: "application/json",
+        Authorization: `SIWE ${this.siweToken}`,
+        ...extra
+      }
+    });
+    await this.ensureSiweToken();
+    let resp = await this.doFetch(urlStr, buildInit());
+    resp = await this.handleAuthAndPayment(resp, {
+      authRetry: async () => {
+        this.refreshSiweToken();
+        await this.ensureSiweToken();
+        return this.doFetch(urlStr, buildInit());
+      },
+      paymentRetry: async (paymentSig) => this.doFetch(urlStr, buildInit({ "Payment-Signature": paymentSig }))
+    });
+    if (resp.status === 429) throw errRateLimited();
+    if (resp.status === 402) throw await this.parsePaymentError(resp);
+    if (!resp.ok) {
+      const text = await resp.text().catch(() => "");
+      throw errNetwork(`HTTP ${resp.status}: ${text}`);
+    }
+    return resp.json();
+  }
+  async callRest(path, options = {}) {
+    const base = new URL(`/${path.replace(/^\//, "")}`, this.baseURL());
+    if (options.query) {
+      for (const [k, v] of Object.entries(options.query)) {
+        if (v !== void 0 && v !== "") base.searchParams.set(k, v);
+      }
+    }
+    const urlStr = base.toString();
+    const method = options.method ?? "GET";
+    const buildInit = (extra) => ({
+      method,
+      headers: {
+        "Content-Type": "application/json",
+        Accept: "application/json",
+        Authorization: `SIWE ${this.siweToken}`,
+        ...extra
+      },
+      ...options.body !== void 0 ? { body: JSON.stringify(options.body) } : {}
+    });
+    await this.ensureSiweToken();
+    let resp = await this.doFetch(urlStr, buildInit());
+    resp = await this.handleAuthAndPayment(resp, {
+      authRetry: async () => {
+        this.refreshSiweToken();
+        await this.ensureSiweToken();
+        return this.doFetch(urlStr, buildInit());
+      },
+      paymentRetry: async (paymentSig) => this.doFetch(urlStr, buildInit({ "Payment-Signature": paymentSig }))
+    });
+    if (resp.status === 429) throw errRateLimited();
+    if (resp.status === 402) throw await this.parsePaymentError(resp);
+    if (!resp.ok) {
+      const text = await resp.text().catch(() => "");
+      throw errNetwork(`HTTP ${resp.status}: ${text}`);
+    }
+    return resp.json();
+  }
+  async doFetch(url, init) {
+    return fetchWithTimeout(url, init);
+  }
+  async parsePaymentError(resp) {
+    const text = await resp.text().catch(() => "");
+    try {
+      const body = JSON.parse(text);
+      const reason = body?.extensions?.paymentError?.info?.reason;
+      const message = body?.extensions?.paymentError?.info?.message;
+      const payer = body?.extensions?.paymentError?.info?.payer;
+      if (reason === "insufficient_funds") {
+        const network = body?.accepts?.[0]?.network;
+        const asset = body?.accepts?.[0]?.extra?.name ?? "USDC";
+        const networkLabel = network === "eip155:8453" ? "Base" : network ?? "the payment network";
+        return new CLIError(
+          ErrorCode.PAYMENT_REQUIRED,
+          `Insufficient ${asset} balance on ${networkLabel}. ${message ?? ""}`.trim(),
+          `Fund wallet ${payer ?? ""} with ${asset} on ${networkLabel} to use x402.`.trim()
+        );
+      }
+      return new CLIError(
+        ErrorCode.PAYMENT_REQUIRED,
+        `x402 payment failed: ${message || body?.error || text}`
+      );
+    } catch {
+      return new CLIError(
+        ErrorCode.PAYMENT_REQUIRED,
+        `x402 payment failed: ${text}`
+      );
+    }
+  }
+  async handleAuthAndPayment(resp, retries) {
+    if (resp.status === 401) {
+      const detail = await resp.text().catch(() => "");
+      if (detail.includes("MESSAGE_EXPIRED")) {
+        return retries.authRetry();
+      }
+      throw new CLIError(
+        ErrorCode.AUTH_REQUIRED,
+        `x402 authentication failed: ${detail || "unauthorized"}`,
+        "Check your wallet key and try again."
+      );
+    }
+    if (resp.status === 402) {
+      const paymentRequiredHeader = resp.headers.get("payment-required");
+      if (!paymentRequiredHeader) {
+        throw new CLIError(
+          ErrorCode.PAYMENT_REQUIRED,
+          "x402 payment required but no Payment-Required header received."
+        );
+      }
+      const paymentSignature = await createPayment({
+        privateKey: this.privateKey,
+        paymentRequiredHeader
+      });
+      return retries.paymentRetry(paymentSignature);
+    }
+    return resp;
+  }
+};
+
+// src/lib/admin-client.ts
+var AdminClient = class _AdminClient {
+  static get ADMIN_API_HOST() {
+    return `admin-api.${getBaseDomain()}`;
+  }
+  // Test/debug only: used by mock E2E to route admin requests locally.
+  static ADMIN_API_BASE_URL_ENV = "ALCHEMY_ADMIN_API_BASE_URL";
+  credential;
+  constructor(credential) {
+    if (typeof credential === "string") {
+      this.validateAccessKey(credential);
+      this.credential = { type: "access_key", key: credential };
+    } else {
+      if (credential.type === "access_key") {
+        this.validateAccessKey(credential.key);
+      } else if (!credential.token.trim()) {
+        throw errAuthRequired();
+      }
+      this.credential = credential;
+    }
+  }
+  baseURL() {
+    const override = this.baseURLOverride();
+    if (override) return override.toString().replace(/\/$/, "");
+    return `https://admin-api.${getBaseDomain()}`;
+  }
+  allowedHosts() {
+    const hosts = /* @__PURE__ */ new Set([_AdminClient.ADMIN_API_HOST]);
+    const override = this.baseURLOverride();
+    if (override) hosts.add(override.hostname);
+    return hosts;
+  }
+  allowInsecureTransport(hostname) {
+    return isLocalhost(hostname);
+  }
+  baseURLOverride() {
+    return parseBaseURLOverride(_AdminClient.ADMIN_API_BASE_URL_ENV);
+  }
+  validateAccessKey(accessKey) {
+    if (!accessKey.trim() || /\s/.test(accessKey)) {
+      throw errInvalidAccessKey();
+    }
+  }
+  assertSafeRequestTarget(url) {
+    let parsed;
+    try {
+      parsed = new URL(url);
+    } catch {
+      throw errInvalidArgs("Invalid admin API URL.");
+    }
+    if (!this.allowedHosts().has(parsed.hostname)) {
+      throw errInvalidArgs(`Refusing to send credentials to unexpected host: ${parsed.hostname}`);
+    }
+    if (parsed.protocol !== "https:" && !this.allowInsecureTransport(parsed.hostname)) {
+      throw errInvalidArgs("Refusing to send credentials over non-HTTPS connection.");
+    }
+  }
+  async request(method, path, body) {
+    const url = `${this.baseURL()}${path}`;
+    debug(`${method} ${url}`);
+    this.assertSafeRequestTarget(url);
+    const resp = await fetchWithTimeout(url, {
+      method,
+      redirect: "error",
+      headers: {
+        Authorization: `Bearer ${this.credential.type === "access_key" ? this.credential.key : this.credential.token}`,
+        "Content-Type": "application/json",
+        Accept: "application/json"
+      },
+      ...body !== void 0 && { body: JSON.stringify(body) }
+    });
+    if (resp.status === 401) {
+      debug(`401 Unauthorized from ${url}`);
+      throw errInvalidAccessKey();
+    }
+    if (resp.status === 403) {
+      const detail = await resp.text().catch(() => "");
+      let reason;
+      try {
+        const parsed = JSON.parse(detail);
+        reason = parsed?.message || parsed?.error?.message || parsed?.error || void 0;
+      } catch {
+        reason = detail || void 0;
+      }
+      throw errAccessDenied(typeof reason === "string" ? reason : void 0);
+    }
+    if (resp.status === 404) {
+      const text = await resp.text().catch(() => "");
+      throw errNotFound(text || path);
+    }
+    if (resp.status === 429) throw errRateLimited();
+    if (!resp.ok) {
+      const text = await resp.text().catch(() => "");
+      throw errAdminAPI(resp.status, text);
+    }
+    return resp.json();
+  }
+  async listChains() {
+    const result = await this.request("GET", "/v1/chains");
+    const chains = (Array.isArray(result.data) ? result.data : void 0) ?? (!Array.isArray(result.data) ? result.data?.networks : void 0) ?? (!Array.isArray(result.data) ? result.data?.chains : void 0) ?? result.networks ?? result.chains;
+    if (!Array.isArray(chains)) {
+      throw errAdminAPI(200, "Unexpected response shape for /v1/chains.");
+    }
+    return chains;
+  }
+  async listApps(opts) {
+    const params = new URLSearchParams();
+    if (opts?.cursor) params.set("cursor", opts.cursor);
+    if (opts?.limit) params.set("limit", String(opts.limit));
+    const qs = params.toString();
+    const resp = await this.request(
+      "GET",
+      `/v1/apps${qs ? `?${qs}` : ""}`
+    );
+    return resp.data;
+  }
+  async listAllApps(opts) {
+    const apps = [];
+    const seenCursors = /* @__PURE__ */ new Set();
+    let cursor;
+    let pages = 0;
+    do {
+      const page = await this.listApps({
+        ...cursor && { cursor },
+        ...opts?.limit !== void 0 && { limit: opts.limit }
+      });
+      pages += 1;
+      apps.push(...page.apps);
+      cursor = page.cursor;
+      if (cursor && seenCursors.has(cursor)) break;
+      if (cursor) seenCursors.add(cursor);
+    } while (cursor);
+    return { apps, pages };
+  }
+  async getApp(id) {
+    const resp = await this.request("GET", `/v1/apps/${id}`);
+    return resp.data;
+  }
+  async createApp(opts) {
+    const resp = await this.request("POST", "/v1/apps", {
+      name: opts.name,
+      chainNetworks: opts.networks,
+      ...opts.description && { description: opts.description },
+      ...opts.products && { products: opts.products }
+    });
+    return resp.data;
+  }
+  async deleteApp(id) {
+    await this.request("DELETE", `/v1/apps/${id}`);
+  }
+  async updateApp(id, opts) {
+    const resp = await this.request("PATCH", `/v1/apps/${id}`, opts);
+    return resp.data;
+  }
+  async updateNetworkAllowlist(id, networks) {
+    const resp = await this.request("PUT", `/v1/apps/${id}/networks`, {
+      chainNetworks: networks
+    });
+    return resp.data;
+  }
+  async updateAddressAllowlist(id, addresses) {
+    const resp = await this.request("PUT", `/v1/apps/${id}/address-allowlist`, {
+      addressAllowlist: addresses
+    });
+    return resp.data;
+  }
+  async updateOriginAllowlist(id, origins) {
+    const resp = await this.request("PUT", `/v1/apps/${id}/origin-allowlist`, {
+      originAllowlist: origins
+    });
+    return resp.data;
+  }
+  async updateIpAllowlist(id, ips) {
+    const resp = await this.request("PUT", `/v1/apps/${id}/ip-allowlist`, {
+      ipAllowlist: ips
+    });
+    return resp.data;
+  }
+};
+
+// src/lib/resolve.ts
+function resolveAPIKey(program, cfg) {
+  const opts = program.opts();
+  if (opts.apiKey) return opts.apiKey;
+  if (process.env.ALCHEMY_API_KEY) return process.env.ALCHEMY_API_KEY;
+  const config = cfg ?? load();
+  if (config.api_key) return config.api_key;
+  if (config.app?.apiKey) return config.app.apiKey;
+  return void 0;
+}
+function resolveAccessKey(program, cfg) {
+  const opts = program.opts();
+  if (opts.accessKey) return opts.accessKey;
+  if (process.env.ALCHEMY_ACCESS_KEY) return process.env.ALCHEMY_ACCESS_KEY;
+  const config = cfg ?? load();
+  if (config.access_key) return config.access_key;
+  return void 0;
+}
+function resolveNetwork(program, cfg, defaultNetwork) {
+  const opts = program.opts();
+  if (opts.network) return opts.network;
+  if (process.env.ALCHEMY_NETWORK) return process.env.ALCHEMY_NETWORK;
+  const config = cfg ?? load();
+  if (config.network) return config.network;
+  return defaultNetwork ?? "eth-mainnet";
+}
+function resolveAppId(program, cfg) {
+  const opts = program.opts();
+  if (opts.appId) return opts.appId;
+  const config = cfg ?? load();
+  if (config.app?.id) return config.app.id;
+  return void 0;
+}
+function resolveAuthToken(cfg) {
+  const config = cfg ?? load();
+  if (!config.auth_token?.trim()) return void 0;
+  if (config.auth_token_expires_at) {
+    const expiry = new Date(config.auth_token_expires_at);
+    if (!Number.isNaN(expiry.getTime()) && expiry <= /* @__PURE__ */ new Date()) {
+      return void 0;
+    }
+  }
+  return config.auth_token;
+}
+function adminClientFromFlags(program) {
+  const cfg = load();
+  const accessKey = resolveAccessKey(program, cfg);
+  if (accessKey) return new AdminClient(accessKey);
+  const authToken = resolveAuthToken(cfg);
+  if (authToken) return new AdminClient({ type: "auth_token", token: authToken });
+  throw errAccessKeyRequired();
+}
+function resolveX402(program, cfg) {
+  const opts = program.opts();
+  if (opts.x402) return true;
+  const config = cfg ?? load();
+  return config.x402 === true;
+}
+function resolveX402Client(program) {
+  const cfg = load();
+  if (!resolveX402(program, cfg)) return null;
+  const walletKey = resolveWalletKey(program, cfg);
+  if (!walletKey) return null;
+  return new X402Client(walletKey, resolveNetwork(program, cfg));
+}
+function resolveWalletKey(program, cfg) {
+  const opts = program.opts();
+  if (opts.walletKeyFile) {
+    return readFileSync(opts.walletKeyFile, "utf-8").trim();
+  }
+  if (process.env.ALCHEMY_WALLET_KEY) {
+    return process.env.ALCHEMY_WALLET_KEY;
+  }
+  const config = cfg ?? load();
+  if (config.wallet_key_file) {
+    return readFileSync(config.wallet_key_file, "utf-8").trim();
+  }
+  return void 0;
+}
+function clientFromFlags(program, opts) {
+  const cfg = load();
+  const network = resolveNetwork(program, cfg, opts?.defaultNetwork);
+  debug(`using network=${network}`);
+  const programOpts = program.opts();
+  if (programOpts.accessKey) {
+    throw errInvalidArgs(
+      "--access-key is for admin commands (apps, chains, webhooks). Use --api-key for RPC commands."
+    );
+  }
+  if (resolveX402(program, cfg)) {
+    const walletKey = resolveWalletKey(program, cfg);
+    if (!walletKey) throw errWalletKeyRequired();
+    return new X402Client(walletKey, network);
+  }
+  const apiKey = resolveAPIKey(program, cfg);
+  if (!apiKey) throw errAuthRequired();
+  return new Client(apiKey, network);
+}
+function appNetworkToSlug(rpcUrl) {
+  let parsed;
+  try {
+    parsed = new URL(rpcUrl);
+  } catch {
+    return null;
+  }
+  const suffix = `.g.${getBaseDomain()}`;
+  if (!parsed.hostname.endsWith(suffix)) return null;
+  const slug = parsed.hostname.slice(0, -suffix.length);
+  return slug || null;
+}
+async function resolveConfiguredNetworkSlugs(program, appIdOverride) {
+  const appId = appIdOverride || resolveAppId(program);
+  if (!appId) throw errAppRequired();
+  const admin = adminClientFromFlags(program);
+  const app = await admin.getApp(appId);
+  const slugs = app.chainNetworks.map((network) => appNetworkToSlug(network.rpcUrl)).filter((slug) => Boolean(slug));
+  return Array.from(new Set(slugs)).sort((a, b) => a.localeCompare(b));
+}
+
+export {
+  AdminClient,
+  resolveAPIKey,
+  resolveAccessKey,
+  resolveNetwork,
+  resolveAppId,
+  resolveAuthToken,
+  adminClientFromFlags,
+  resolveX402,
+  resolveX402Client,
+  resolveWalletKey,
+  clientFromFlags,
+  resolveConfiguredNetworkSlugs
+};