@alchemy/cli 0.6.2 → 0.7.0-alpha.11

package/dist/{chunk-NBDWF4ZQ.js → chunk-AFD4Y42F.js}

@@ -5,7 +5,7 @@ import {
   isJSONMode,
   quiet,
   rgb
-} from "./chunk-56ZVYB4G.js";
+} from "./chunk-OLVYWGY6.js";
 
 // src/lib/terminal-ui.ts
 import * as readline from "readline";
@@ -48,6 +48,9 @@ function suspendStdinKeypressListeners() {
 }
 async function runListPrompt(opts) {
   if (!stdin.isTTY || !stdout.isTTY) {
+    if (opts.allowMultiple) {
+      return { value: opts.initialValues ?? [], cancelled: false };
+    }
     const initial = opts.initialValue ?? opts.options.find((o) => !o.disabled)?.value ?? null;
     return { value: initial, cancelled: false };
   }
@@ -61,7 +64,7 @@ async function runListPrompt(opts) {
     0,
     opts.options.findIndex((o) => o.value === opts.initialValue && !o.disabled)
   );
-  const selected = /* @__PURE__ */ new Set();
+  const selected = new Set(opts.initialValues ?? []);
   const maxVisible = 8;
   let renderedLines = 0;
   const getFiltered = () => {
@@ -104,10 +107,11 @@ async function runListPrompt(opts) {
         const active = start + i === cursor;
         const disabled = option.disabled === true;
         const selectedMark = opts.allowMultiple ? selected.has(option.value) ? ansi.green("\u25C6") : ansi.dim("\u25C7") : active ? ansi.cyan("\u25C6") : ansi.dim("\u25C7");
+        const activeMark = active ? ansi.cyan("\u203A") : " ";
         const label = optionLabel(option);
         const value = disabled ? ansi.dim(label) : label;
         const hint = option.hint ? ` ${ansi.dim(`\u2014 ${option.hint}`)}` : "";
-        lines.push(`  ${ansi.dim(FLOW_PIPE)}  ${selectedMark} ${value}${hint}`);
+        lines.push(`  ${ansi.dim(FLOW_PIPE)} ${activeMark} ${selectedMark} ${value}${hint}`);
       }
       if (filtered.length > maxVisible) {
         lines.push(`  ${ansi.dim(FLOW_PIPE)} ${ansi.dim(`${filtered.length} options`)}`);
@@ -217,16 +221,26 @@ async function promptText(opts) {
   const question = `  ${ansi.cyan("\u25C6")} ${opts.message}${opts.placeholder ? ` ${ansi.dim(`(${opts.placeholder})`)}` : ""}: `;
   const previousRawMode = stdin.isRaw;
   if (previousRawMode) stdin.setRawMode(false);
+  const ABORTED = /* @__PURE__ */ Symbol("aborted");
   const value = await new Promise((resolve) => {
     rl.on("SIGINT", () => resolve(null));
     rl.question(question, (answer) => resolve(answer));
+    if (opts.abortSignal) {
+      const onAbort = () => resolve(ABORTED);
+      if (opts.abortSignal.aborted) {
+        onAbort();
+      } else {
+        opts.abortSignal.addEventListener("abort", onAbort, { once: true });
+      }
+    }
   });
   rl.close();
   restoreKeypressListeners();
   if (previousRawMode) stdin.setRawMode(true);
-  if (opts.clearAfterSubmit) {
+  if (opts.clearAfterSubmit || value === ABORTED) {
     clearRenderedLines(2);
   }
+  if (value === ABORTED) return "";
   if (value === null) {
     printCancel(opts.cancelMessage);
     return null;
@@ -281,6 +295,7 @@ async function promptMultiselect(opts) {
   const result = await runListPrompt({
     message: opts.message,
     options: opts.options,
+    initialValues: opts.initialValues,
     allowMultiple: true,
     required: opts.required,
     commitLabel: "Selected"
@@ -362,29 +377,24 @@ async function withSpinner(label, doneLabel, fn) {
   if (isJSONMode() || quiet) return fn();
   return runWithSpinner(label, doneLabel, fn);
 }
-function printKeyValueBox(pairs) {
+function printKeyValue(pairs, withBottomPadding = true) {
   if (isJSONMode()) return;
+  console.log("");
   if (pairs.length === 0) {
-    console.log(`  ${ansi2.brand("\u250C\u2500\u2500\u2510")}`);
-    console.log(`  ${ansi2.brand("\u2514\u2500\u2500\u2518")}`);
+    if (withBottomPadding) {
+      console.log("");
+    }
     return;
   }
-  const keyWidth = Math.max(...pairs.map(([k]) => stripAnsi(k).length));
-  const contentRows = pairs.map(([key, value]) => {
+  const maxLen = Math.max(...pairs.map(([k]) => stripAnsi(k).length));
+  for (const [key, value] of pairs) {
     const visibleKeyLen = stripAnsi(key).length;
-    const paddedKey = key + " ".repeat(Math.max(0, keyWidth - visibleKeyLen));
-    return `${ansi2.dim(paddedKey)}  ${value}`;
-  });
-  const contentWidth = Math.max(...contentRows.map((row) => stripAnsi(row).length));
-  const top = `\u250C${"\u2500".repeat(contentWidth + 2)}\u2510`;
-  const bottom = `\u2514${"\u2500".repeat(contentWidth + 2)}\u2518`;
-  console.log(`  ${ansi2.dim(top)}`);
-  for (const row of contentRows) {
-    const visibleLen = stripAnsi(row).length;
-    const padded = row + " ".repeat(Math.max(0, contentWidth - visibleLen));
-    console.log(`  ${ansi2.dim("\u2502")} ${padded} ${ansi2.dim("\u2502")}`);
+    const paddedKey = key + " ".repeat(Math.max(0, maxLen - visibleKeyLen));
+    console.log(`  ${ansi2.dim(paddedKey)}  ${value}`);
+  }
+  if (withBottomPadding) {
+    console.log("");
   }
-  console.log(`  ${ansi2.dim(bottom)}`);
 }
 function emptyState(message) {
   if (isJSONMode()) return;
@@ -543,7 +553,7 @@ export {
   successBadge,
   failBadge,
   withSpinner,
-  printKeyValueBox,
+  printKeyValue,
   emptyState,
   printSyntaxJSON,
   printTable,

package/dist/{chunk-FFMNT74F.js → chunk-EKBSQAEG.js}

@@ -2,7 +2,7 @@
 if(process.argv.includes("--no-color"))process.env.NO_COLOR="1";
 import {
   getBaseDomain
-} from "./chunk-56ZVYB4G.js";
+} from "./chunk-OLVYWGY6.js";
 
 // src/lib/auth.ts
 import { createHash, randomBytes } from "crypto";
@@ -130,7 +130,7 @@ ${SHARED_STYLE}
 // src/lib/auth.ts
 var AUTH_PORT = 16424;
 var AUTH_CALLBACK_PATH = "/callback";
-var OAUTH_CLIENT_ID = "alchemy-cli";
+var DEFAULT_EXPIRES_IN_SECONDS = 90 * 24 * 60 * 60;
 function getAuthBaseUrl() {
   return process.env.ALCHEMY_AUTH_URL || `https://auth.${getBaseDomain()}`;
 }
@@ -140,40 +140,56 @@ function generateCodeVerifier() {
 function deriveCodeChallenge(verifier) {
   return createHash("sha256").update(verifier).digest("base64url");
 }
-function generateState() {
-  return randomBytes(32).toString("base64url");
-}
-function getAuthorizeUrl(port, codeChallenge, state) {
+function getLoginUrl(port, codeChallenge) {
   const base = getAuthBaseUrl();
-  const url = new URL(`${base}/oauth/authorize`);
-  url.searchParams.set("response_type", "code");
-  url.searchParams.set("client_id", OAUTH_CLIENT_ID);
-  url.searchParams.set("redirect_uri", `http://localhost:${port}${AUTH_CALLBACK_PATH}`);
-  url.searchParams.set("code_challenge", codeChallenge);
-  url.searchParams.set("code_challenge_method", "S256");
-  url.searchParams.set("state", state);
-  return url.toString();
-}
-function prepareBrowserLogin(port = AUTH_PORT) {
-  const codeVerifier = generateCodeVerifier();
-  const codeChallenge = deriveCodeChallenge(codeVerifier);
-  const state = generateState();
-  return {
-    authorizeUrl: getAuthorizeUrl(port, codeChallenge, state),
-    codeVerifier,
-    state
-  };
+  const redirect = encodeURIComponent(`http://localhost:${port}${AUTH_CALLBACK_PATH}`);
+  let url = `${base}/login?redirectUrl=${redirect}&_t=${Date.now()}`;
+  if (codeChallenge) {
+    url += `&code_challenge=${encodeURIComponent(codeChallenge)}`;
+  }
+  return url;
 }
 function openBrowser(url) {
   const cmd = platform() === "darwin" ? "open" : platform() === "win32" ? "start" : "xdg-open";
   execFile(cmd, [url]);
 }
+function closeServer(args) {
+  const { server, sockets } = args;
+  return new Promise((resolve) => {
+    server.close(() => resolve());
+    for (const socket of sockets) {
+      socket.destroy();
+    }
+  });
+}
+async function sendCallbackResponse(args) {
+  const { server, sockets, req, res, statusCode, body } = args;
+  req.socket.setKeepAlive(false);
+  res.shouldKeepAlive = false;
+  res.writeHead(statusCode, {
+    "Content-Type": "text/html",
+    Connection: "close"
+  });
+  await new Promise((resolve) => {
+    res.end(body, () => resolve());
+  });
+  await closeServer({ server, sockets });
+}
 function waitForCallback(port, timeoutMs = 12e4) {
-  return new Promise((resolve, reject) => {
+  let cancelFn;
+  const promise = new Promise((resolve, reject) => {
+    const sockets = /* @__PURE__ */ new Set();
     const timer = setTimeout(() => {
       server.close();
+      for (const socket of sockets) {
+        socket.destroy();
+      }
       reject(new Error("Authentication timed out. Please try again."));
     }, timeoutMs);
+    cancelFn = () => {
+      clearTimeout(timer);
+      closeServer({ server, sockets });
+    };
     const server = createServer((req, res) => {
       const url = new URL(req.url || "/", `http://localhost:${port}`);
       if (url.pathname !== AUTH_CALLBACK_PATH) {
@@ -185,35 +201,52 @@ function waitForCallback(port, timeoutMs = 12e4) {
       if (error) {
         const description = url.searchParams.get("error_description") || error;
         clearTimeout(timer);
-        res.writeHead(200, { "Content-Type": "text/html" });
-        res.end(authErrorHtml(description));
-        server.close();
-        reject(new Error(`Authentication failed: ${description}`));
+        void sendCallbackResponse({
+          server,
+          sockets,
+          req,
+          res,
+          statusCode: 200,
+          body: authErrorHtml(description)
+        }).finally(() => {
+          reject(new Error(`Authentication failed: ${description}`));
+        });
         return;
       }
       const code = url.searchParams.get("code");
       if (!code) {
         clearTimeout(timer);
-        res.writeHead(400);
-        res.end("Missing auth code");
-        server.close();
-        reject(new Error("Authentication callback missing auth code."));
+        void sendCallbackResponse({
+          server,
+          sockets,
+          req,
+          res,
+          statusCode: 400,
+          body: "Missing auth code"
+        }).finally(() => {
+          reject(new Error("Authentication callback missing auth code."));
+        });
         return;
       }
       clearTimeout(timer);
       resolve({
         code,
-        state: url.searchParams.get("state"),
-        sendSuccess: () => {
-          res.writeHead(200, { "Content-Type": "text/html" });
-          res.end(AUTH_SUCCESS_HTML);
-          server.close();
-        },
-        sendError: (message) => {
-          res.writeHead(500, { "Content-Type": "text/html" });
-          res.end(authErrorHtml(message));
-          server.close();
-        }
+        sendSuccess: () => sendCallbackResponse({
+          server,
+          sockets,
+          req,
+          res,
+          statusCode: 200,
+          body: AUTH_SUCCESS_HTML
+        }),
+        sendError: (message) => sendCallbackResponse({
+          server,
+          sockets,
+          req,
+          res,
+          statusCode: 500,
+          body: authErrorHtml(message)
+        })
       });
     });
     server.on("error", (err) => {
@@ -229,60 +262,75 @@ function waitForCallback(port, timeoutMs = 12e4) {
         reject(err);
       }
     });
+    server.on("connection", (socket) => {
+      sockets.add(socket);
+      socket.on("close", () => {
+        sockets.delete(socket);
+      });
+    });
     server.listen(port, "127.0.0.1");
     server.unref();
   });
+  return { promise, cancel: () => cancelFn() };
 }
 async function exchangeCodeForToken(code, port, options) {
   const baseUrl = getAuthBaseUrl();
   const redirectUri = `http://localhost:${port}${AUTH_CALLBACK_PATH}`;
-  const body = new URLSearchParams({
-    grant_type: "authorization_code",
+  const body = {
     code,
-    redirect_uri: redirectUri,
-    client_id: OAUTH_CLIENT_ID,
-    code_verifier: options.codeVerifier
-  });
-  const response = await fetch(`${baseUrl}/oauth/token`, {
+    redirect_uri: redirectUri
+  };
+  if (options?.expiresInSeconds) {
+    body.expires_in_seconds = options.expiresInSeconds;
+  }
+  if (options?.codeVerifier) {
+    body.code_verifier = options.codeVerifier;
+  }
+  const response = await fetch(`${baseUrl}/api/cli/token`, {
     method: "POST",
-    headers: { "Content-Type": "application/x-www-form-urlencoded" },
-    body: body.toString()
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify(body)
   });
   if (!response.ok) {
     const errBody = await response.json().catch(() => ({}));
-    const errMsg = errBody.error_description || errBody.error || `Token exchange failed (HTTP ${response.status})`;
-    throw new Error(errMsg);
+    throw new Error(
+      errBody.error || `Token exchange failed (HTTP ${response.status})`
+    );
   }
   const data = await response.json();
-  if (!data.access_token) {
-    throw new Error("Token exchange response missing access_token");
+  if (!data.authToken) {
+    throw new Error("Token exchange response missing authToken");
   }
-  const expiresAt = new Date(Date.now() + data.expires_in * 1e3).toISOString();
-  return { token: data.access_token, expiresAt };
+  return { token: data.authToken, expiresAt: data.expiresAt };
+}
+function prepareLogin(port = AUTH_PORT) {
+  const codeVerifier = generateCodeVerifier();
+  const codeChallenge = deriveCodeChallenge(codeVerifier);
+  const loginUrl = getLoginUrl(port, codeChallenge);
+  const handle = waitForCallback(port);
+  return { loginUrl, callbackPromise: handle.promise, codeVerifier, port, cancel: handle.cancel };
 }
-async function performBrowserLogin(prepared, options) {
-  const port = options?.port ?? AUTH_PORT;
-  const { authorizeUrl, codeVerifier, state } = prepared ?? prepareBrowserLogin(port);
-  const callbackPromise = waitForCallback(port);
+async function completeLogin(prepared, options) {
   if (!options?.skipBrowserOpen) {
-    openBrowser(authorizeUrl);
-  }
-  const callback = await callbackPromise;
-  if (callback.state !== state) {
-    callback.sendError("State mismatch \u2014 possible CSRF attack.");
-    throw new Error("OAuth state mismatch. Authentication aborted.");
+    openBrowser(prepared.loginUrl);
   }
+  const callback = await prepared.callbackPromise;
   try {
-    const result = await exchangeCodeForToken(callback.code, port, {
-      codeVerifier
+    const result = await exchangeCodeForToken(callback.code, prepared.port, {
+      expiresInSeconds: options?.expiresInSeconds ?? DEFAULT_EXPIRES_IN_SECONDS,
+      codeVerifier: prepared.codeVerifier
     });
-    callback.sendSuccess();
+    await callback.sendSuccess();
     return result;
   } catch (err) {
-    callback.sendError("Failed to complete authentication. Please try again.");
+    await callback.sendError("Failed to complete authentication. Please try again.");
     throw err;
   }
 }
+async function performBrowserLogin(port = AUTH_PORT, options) {
+  const prepared = prepareLogin(port);
+  return completeLogin(prepared, { expiresInSeconds: options?.expiresInSeconds });
+}
 async function revokeToken(token) {
   const baseUrl = getAuthBaseUrl();
   try {
@@ -307,12 +355,13 @@ async function revokeToken(token) {
 
 export {
   AUTH_PORT,
-  OAUTH_CLIENT_ID,
-  getAuthorizeUrl,
-  prepareBrowserLogin,
+  DEFAULT_EXPIRES_IN_SECONDS,
+  getLoginUrl,
   openBrowser,
   waitForCallback,
   exchangeCodeForToken,
+  prepareLogin,
+  completeLogin,
   performBrowserLogin,
   revokeToken
 };

package/dist/chunk-HGZTGSXO.js

@@ -0,0 +1,261 @@
+#!/usr/bin/env node
+if(process.argv.includes("--no-color"))process.env.NO_COLOR="1";
+import {
+  isRevealMode
+} from "./chunk-OLVYWGY6.js";
+
+// src/lib/secrets.ts
+function maskSecret(value) {
+  if (value.length <= 8) return "\u2022".repeat(value.length);
+  return value.slice(0, 4) + "\u2022".repeat(value.length - 8) + value.slice(-4);
+}
+function maskIf(value) {
+  return isRevealMode() ? value : maskSecret(value);
+}
+
+// src/lib/config.ts
+import { readFileSync, writeFileSync, mkdirSync, existsSync } from "fs";
+import { createHash, randomUUID } from "crypto";
+import { homedir } from "os";
+import { join, dirname } from "path";
+import { z } from "zod";
+var KEY_MAP = {
+  "api-key": "api_key",
+  api_key: "api_key",
+  "access-key": "access_key",
+  access_key: "access_key",
+  "webhook-api-key": "webhook_api_key",
+  webhook_api_key: "webhook_api_key",
+  network: "network",
+  verbose: "verbose",
+  "wallet-key-file": "wallet_key_file",
+  wallet_key_file: "wallet_key_file",
+  "wallet-address": "wallet_address",
+  wallet_address: "wallet_address",
+  x402: "x402",
+  "auth-token": "auth_token",
+  auth_token: "auth_token",
+  "auth-token-expires-at": "auth_token_expires_at",
+  auth_token_expires_at: "auth_token_expires_at",
+  "solana-wallet-key-file": "solana_wallet_key_file",
+  solana_wallet_key_file: "solana_wallet_key_file",
+  "solana-wallet-address": "solana_wallet_address",
+  solana_wallet_address: "solana_wallet_address",
+  "evm-gas-sponsored": "evm_gas_sponsored",
+  evm_gas_sponsored: "evm_gas_sponsored",
+  "evm-gas-policy-id": "evm_gas_policy_id",
+  evm_gas_policy_id: "evm_gas_policy_id",
+  "solana-fee-sponsored": "solana_fee_sponsored",
+  solana_fee_sponsored: "solana_fee_sponsored",
+  "solana-fee-policy-id": "solana_fee_policy_id",
+  solana_fee_policy_id: "solana_fee_policy_id",
+  "delegated-wallet": "delegated_wallet",
+  delegated_wallet: "delegated_wallet",
+  "active-signer": "active_signer",
+  active_signer: "active_signer",
+  "wallet-client-instance-name": "wallet_client_instance_name",
+  wallet_client_instance_name: "wallet_client_instance_name"
+};
+var SAFE_ID_RE = /^[A-Za-z0-9:_-]{1,128}$/;
+var SAFE_NETWORK_RE = /^[A-Za-z0-9:_-]{1,128}$/;
+var UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
+var MAX_SECRET_LEN = 512;
+var MAX_APP_NAME_LEN = 128;
+var MAX_WALLET_CLIENT_INSTANCE_NAME_LEN = 64;
+var CONTROL_CHAR_RE = /[\u0000-\u001f\u007f]/;
+var WALLET_CLIENT_INSTANCE_ID_NAMESPACE = "alchemy-cli:wallet-client-instance-name:v1";
+var safeTextSchema = (maxLen) => z.string().min(1).max(maxLen).refine((value) => !CONTROL_CHAR_RE.test(value));
+var appConfigSchema = z.object({
+  id: z.string().regex(SAFE_ID_RE),
+  name: safeTextSchema(MAX_APP_NAME_LEN),
+  apiKey: safeTextSchema(MAX_SECRET_LEN),
+  webhookApiKey: safeTextSchema(MAX_SECRET_LEN).optional().catch(void 0)
+}).strip();
+var MAX_PATH_LEN = 4096;
+var configSchema = z.object({
+  api_key: safeTextSchema(MAX_SECRET_LEN).optional().catch(void 0),
+  access_key: safeTextSchema(MAX_SECRET_LEN).optional().catch(void 0),
+  webhook_api_key: safeTextSchema(MAX_SECRET_LEN).optional().catch(void 0),
+  app: appConfigSchema.optional().catch(void 0),
+  network: z.string().regex(SAFE_NETWORK_RE).optional().catch(void 0),
+  verbose: z.boolean().optional().catch(void 0),
+  wallet_key_file: safeTextSchema(MAX_PATH_LEN).optional().catch(void 0),
+  wallet_address: safeTextSchema(MAX_SECRET_LEN).optional().catch(void 0),
+  x402: z.boolean().optional().catch(void 0),
+  auth_token: safeTextSchema(MAX_SECRET_LEN).optional().catch(void 0),
+  auth_token_expires_at: safeTextSchema(MAX_SECRET_LEN).optional().catch(void 0),
+  siwe_token: safeTextSchema(MAX_PATH_LEN).optional().catch(void 0),
+  siwe_token_expires_at: safeTextSchema(MAX_SECRET_LEN).optional().catch(void 0),
+  solana_wallet_key_file: safeTextSchema(MAX_PATH_LEN).optional().catch(void 0),
+  solana_wallet_address: safeTextSchema(MAX_SECRET_LEN).optional().catch(void 0),
+  evm_gas_sponsored: z.boolean().optional().catch(void 0),
+  evm_gas_policy_id: safeTextSchema(MAX_SECRET_LEN).optional().catch(void 0),
+  solana_fee_sponsored: z.boolean().optional().catch(void 0),
+  solana_fee_policy_id: safeTextSchema(MAX_SECRET_LEN).optional().catch(void 0),
+  delegated_wallet: z.boolean().optional().catch(void 0),
+  active_signer: z.enum(["session", "local"]).optional().catch(void 0),
+  wallet_client_instance_id: z.string().regex(UUID_RE).optional().catch(void 0),
+  wallet_client_instance_name: z.string().transform(normalizeWhitespace).pipe(safeTextSchema(MAX_WALLET_CLIENT_INSTANCE_NAME_LEN)).optional().catch(void 0)
+}).strip();
+function normalizeWhitespace(value) {
+  return value.trim().replace(/\s+/g, " ");
+}
+function sanitizeConfig(input) {
+  const parsed = configSchema.safeParse(input);
+  if (!parsed.success) {
+    return {};
+  }
+  return parsed.data;
+}
+function applyLegacyMigration(cfg) {
+  if (cfg.active_signer === void 0 && cfg.delegated_wallet === true) {
+    const { delegated_wallet: _, ...rest } = cfg;
+    return { ...rest, active_signer: "session" };
+  }
+  return cfg;
+}
+function getHome() {
+  return process.env.HOME || homedir();
+}
+function configPath() {
+  if (process.env.ALCHEMY_CONFIG) return process.env.ALCHEMY_CONFIG;
+  const configHome = process.env.XDG_CONFIG_HOME || join(getHome(), ".config");
+  return join(configHome, "alchemy", "config.json");
+}
+function configDir() {
+  return dirname(configPath());
+}
+function load() {
+  const p = configPath();
+  if (!existsSync(p)) return {};
+  try {
+    const data = readFileSync(p, "utf-8");
+    return applyLegacyMigration(sanitizeConfig(JSON.parse(data)));
+  } catch {
+    console.error(`warning: could not parse config file at ${p} \u2014 using defaults`);
+    return {};
+  }
+}
+function save(cfg) {
+  const p = configPath();
+  const sanitized = sanitizeConfig(cfg);
+  delete sanitized.delegated_wallet;
+  mkdirSync(dirname(p), { recursive: true, mode: 493 });
+  writeFileSync(p, JSON.stringify(sanitized, null, 2) + "\n", {
+    mode: 384
+  });
+}
+function normalizeWalletClientInstanceName(value) {
+  const normalized = normalizeWhitespace(value);
+  const parsed = safeTextSchema(MAX_WALLET_CLIENT_INSTANCE_NAME_LEN).safeParse(normalized);
+  return parsed.success ? parsed.data : void 0;
+}
+function deriveWalletClientInstanceIdFromName(name) {
+  const normalized = normalizeWalletClientInstanceName(name);
+  if (normalized === void 0) {
+    throw new Error("Invalid wallet client instance name.");
+  }
+  const digest = createHash("sha256").update(WALLET_CLIENT_INSTANCE_ID_NAMESPACE).update("\0").update(normalized.toLowerCase()).digest();
+  const bytes = Buffer.from(digest.subarray(0, 16));
+  bytes[6] = bytes[6] & 15 | 80;
+  bytes[8] = bytes[8] & 63 | 128;
+  const hex = bytes.toString("hex");
+  return [
+    hex.slice(0, 8),
+    hex.slice(8, 12),
+    hex.slice(12, 16),
+    hex.slice(16, 20),
+    hex.slice(20, 32)
+  ].join("-");
+}
+function getOrCreateWalletClientInstance(input = {}) {
+  const cfg = load();
+  const instanceName = input.instanceName === void 0 ? cfg.wallet_client_instance_name : normalizeWalletClientInstanceName(input.instanceName);
+  if (input.instanceName !== void 0 && instanceName === void 0) {
+    throw new Error("Invalid wallet client instance name.");
+  }
+  if (instanceName !== void 0) {
+    const walletClientInstanceId2 = deriveWalletClientInstanceIdFromName(instanceName);
+    save({
+      ...cfg,
+      wallet_client_instance_id: walletClientInstanceId2,
+      wallet_client_instance_name: instanceName
+    });
+    return {
+      id: walletClientInstanceId2,
+      name: instanceName
+    };
+  }
+  if (cfg.wallet_client_instance_id) {
+    return { id: cfg.wallet_client_instance_id };
+  }
+  const walletClientInstanceId = randomUUID();
+  save({
+    ...cfg,
+    wallet_client_instance_id: walletClientInstanceId
+  });
+  return { id: walletClientInstanceId };
+}
+function get(cfg, key) {
+  if (key === "app") {
+    if (!cfg.app) return void 0;
+    return `${cfg.app.name} (${cfg.app.id})`;
+  }
+  const mapped = KEY_MAP[key];
+  if (!mapped) return void 0;
+  const value = cfg[mapped];
+  if (value === void 0) return void 0;
+  if (typeof value === "boolean") return String(value);
+  if (typeof value === "string") return value;
+  return void 0;
+}
+function validKeys() {
+  return [
+    "api-key",
+    "access-key",
+    "webhook-api-key",
+    "network",
+    "verbose",
+    "wallet-key-file",
+    "x402",
+    "evm-gas-sponsored",
+    "evm-gas-policy-id",
+    "solana-fee-sponsored",
+    "solana-fee-policy-id"
+  ];
+}
+function toMap(cfg) {
+  const m = {};
+  if (cfg.api_key) m["api-key"] = maskIf(cfg.api_key);
+  if (cfg.access_key) m["access-key"] = maskIf(cfg.access_key);
+  if (cfg.webhook_api_key) m["webhook-api-key"] = maskIf(cfg.webhook_api_key);
+  if (cfg.app) m["app"] = `${cfg.app.name} (${cfg.app.id})`;
+  if (cfg.network) m["network"] = cfg.network;
+  if (cfg.verbose !== void 0) m["verbose"] = String(cfg.verbose);
+  if (cfg.wallet_key_file) m["wallet-key-file"] = cfg.wallet_key_file;
+  if (cfg.wallet_address) m["wallet-address"] = cfg.wallet_address;
+  if (cfg.x402 !== void 0) m["x402"] = String(cfg.x402);
+  if (cfg.auth_token) m["auth-token"] = maskIf(cfg.auth_token);
+  if (cfg.auth_token_expires_at) m["auth-token-expires-at"] = cfg.auth_token_expires_at;
+  if (cfg.solana_wallet_key_file) m["solana-wallet-key-file"] = cfg.solana_wallet_key_file;
+  if (cfg.solana_wallet_address) m["solana-wallet-address"] = cfg.solana_wallet_address;
+  if (cfg.evm_gas_sponsored !== void 0) m["evm-gas-sponsored"] = String(cfg.evm_gas_sponsored);
+  if (cfg.evm_gas_policy_id) m["evm-gas-policy-id"] = cfg.evm_gas_policy_id;
+  if (cfg.solana_fee_sponsored !== void 0) m["solana-fee-sponsored"] = String(cfg.solana_fee_sponsored);
+  if (cfg.solana_fee_policy_id) m["solana-fee-policy-id"] = cfg.solana_fee_policy_id;
+  if (cfg.active_signer !== void 0) m["active-signer"] = cfg.active_signer;
+  return m;
+}
+
+export {
+  maskIf,
+  KEY_MAP,
+  configPath,
+  configDir,
+  load,
+  save,
+  getOrCreateWalletClientInstance,
+  get,
+  validKeys,
+  toMap
+};

package/dist/{chunk-KDMIWPZH.js → chunk-JMDBEC5L.js}

@@ -2,7 +2,7 @@
 if(process.argv.includes("--no-color"))process.env.NO_COLOR="1";
 import {
   isJSONMode
-} from "./chunk-56ZVYB4G.js";
+} from "./chunk-OLVYWGY6.js";
 
 // src/lib/interaction.ts
 import { stdin, stdout } from "process";