@alchemy/cli 0.7.4-alpha.37 → 0.8.0

package/dist/{chunk-5HYOZ773.js → chunk-JWLZAO7S.js}

@@ -4,7 +4,7 @@ import {
   configDir,
   load,
   save
-} from "./chunk-PX2YJ7XC.js";
+} from "./chunk-ROBA7SR7.js";
 import {
   CLIError,
   ErrorCode,
@@ -17,6 +17,7 @@ import {
   errInvalidAPIKey,
   errInvalidAccessKey,
   errInvalidArgs,
+  errLoginRequired,
   errNetwork,
   errNetworkNotEnabled,
   errNotFound,
@@ -29,7 +30,7 @@ import {
   parseBaseURLOverride,
   redactSensitiveText,
   verbose
-} from "./chunk-MYHXAACL.js";
+} from "./chunk-46LMXT54.js";
 
 // src/lib/resolve.ts
 import { readFileSync as readFileSync2 } from "fs";
@@ -293,6 +294,12 @@ var NATIVE_TOKEN_SYMBOLS = {
 function isSolanaNetwork(networkId) {
   return networkId.startsWith("solana-");
 }
+function toAdminNetworkId(slug) {
+  return slug.trim().toUpperCase().replace(/-/g, "_");
+}
+function fromAdminNetworkId(id) {
+  return id.trim().toLowerCase().replace(/_/g, "-");
+}
 function nativeTokenSymbol(networkId) {
   const prefix = networkId.replace(/-(mainnet|testnet|sepolia|holesky|hoodi|devnet|amoy|fuji|cardona|saigon|chiado|signet|mocha|blaze|curtis|bepolia).*$/, "");
   return NATIVE_TOKEN_SYMBOLS[prefix] ?? "ETH";
@@ -862,6 +869,166 @@ var AdminClient = class _AdminClient {
   }
 };
 
+// src/lib/gas-manager-client.ts
+var GasManagerClient = class _GasManagerClient {
+  static get HOST() {
+    return `manage.g.${getBaseDomain()}`;
+  }
+  // Test/debug only: route requests to a local mock.
+  static BASE_URL_ENV = "ALCHEMY_GAS_MANAGER_BASE_URL";
+  credential;
+  constructor(credential) {
+    if (typeof credential === "string") {
+      this.validateAccessKey(credential);
+      this.credential = { type: "access_key", key: credential };
+    } else {
+      if (credential.type === "access_key") {
+        this.validateAccessKey(credential.key);
+      } else if (!credential.token.trim()) {
+        throw errAuthRequired();
+      }
+      this.credential = credential;
+    }
+  }
+  baseURL() {
+    const override = this.baseURLOverride();
+    if (override) return override.toString().replace(/\/$/, "");
+    return `https://manage.g.${getBaseDomain()}`;
+  }
+  allowedHosts() {
+    const hosts = /* @__PURE__ */ new Set([_GasManagerClient.HOST]);
+    const override = this.baseURLOverride();
+    if (override) hosts.add(override.hostname);
+    return hosts;
+  }
+  allowInsecureTransport(hostname) {
+    return isLocalhost(hostname);
+  }
+  baseURLOverride() {
+    return parseBaseURLOverride(_GasManagerClient.BASE_URL_ENV);
+  }
+  validateAccessKey(accessKey) {
+    if (!accessKey.trim() || /\s/.test(accessKey)) {
+      throw errInvalidAccessKey();
+    }
+  }
+  assertSafeRequestTarget(url) {
+    let parsed;
+    try {
+      parsed = new URL(url);
+    } catch {
+      throw errInvalidArgs("Invalid gas manager API URL.");
+    }
+    if (!this.allowedHosts().has(parsed.hostname)) {
+      throw errInvalidArgs(`Refusing to send credentials to unexpected host: ${parsed.hostname}`);
+    }
+    if (parsed.protocol !== "https:" && !this.allowInsecureTransport(parsed.hostname)) {
+      throw errInvalidArgs("Refusing to send credentials over non-HTTPS connection.");
+    }
+  }
+  async request(method, path, body) {
+    const url = `${this.baseURL()}${path}`;
+    debug(`${method} ${url}`);
+    this.assertSafeRequestTarget(url);
+    const token = this.credential.type === "access_key" ? this.credential.key : this.credential.token;
+    const resp = await fetchWithTimeout(url, {
+      method,
+      redirect: "error",
+      headers: {
+        Authorization: `Bearer ${token}`,
+        "Content-Type": "application/json",
+        Accept: "application/json"
+      },
+      ...body !== void 0 && { body: JSON.stringify(body) }
+    });
+    if (resp.status === 401) {
+      throw this.credential.type === "auth_token" ? errLoginRequired() : errInvalidAccessKey();
+    }
+    if (resp.status === 403) {
+      const detail = await resp.text().catch(() => "");
+      let reason;
+      try {
+        const parsed = JSON.parse(detail);
+        reason = parsed?.error?.msg ?? parsed?.message ?? parsed?.error ?? void 0;
+      } catch {
+        reason = detail || void 0;
+      }
+      if (this.credential.type === "auth_token") {
+        const tail = reason ? ` (${reason})` : "";
+        throw new CLIError(
+          ErrorCode.AUTH_REQUIRED,
+          `Access denied for this Alchemy account or app${tail}. Re-authenticate with 'alchemy auth login' or check that the default app is one you have permission to manage.`,
+          "alchemy auth login"
+        );
+      }
+      throw errAccessDenied(typeof reason === "string" ? reason : void 0);
+    }
+    if (resp.status === 404) {
+      const text = await resp.text().catch(() => "");
+      throw errNotFound(text || path);
+    }
+    if (resp.status === 429) throw errRateLimited();
+    if (!resp.ok) {
+      const text = await resp.text().catch(() => "");
+      throw errAdminAPI(resp.status, text);
+    }
+    return resp.json();
+  }
+  async listPolicies(opts) {
+    const params = new URLSearchParams();
+    params.set("appId", opts.appId);
+    if (opts.limit !== void 0) params.set("limit", String(opts.limit));
+    if (opts.after) params.set("after", opts.after);
+    if (opts.before) params.set("before", opts.before);
+    const resp = await this.request(
+      "GET",
+      `/api/gasManager/policies?${params.toString()}`
+    );
+    return resp.data;
+  }
+  async listAllPolicies(opts) {
+    const policies = [];
+    const seen = /* @__PURE__ */ new Set();
+    let after;
+    do {
+      const page = await this.listPolicies({
+        appId: opts.appId,
+        ...opts.limit !== void 0 && { limit: opts.limit },
+        ...after && { after }
+      });
+      policies.push(...page.policies);
+      const next = page.after ?? void 0;
+      if (next && seen.has(next)) break;
+      if (next) seen.add(next);
+      after = next;
+    } while (after);
+    return policies;
+  }
+  async getPolicy(policyId) {
+    const resp = await this.request(
+      "GET",
+      `/api/gasManager/policy/${encodeURIComponent(policyId)}`
+    );
+    return resp.data.policy;
+  }
+  async createPolicy(payload) {
+    const resp = await this.request(
+      "POST",
+      "/api/gasManager/policy",
+      payload
+    );
+    return resp.data.policy;
+  }
+  async setPolicyStatus(policyId, status) {
+    const resp = await this.request(
+      "PUT",
+      `/api/gasManager/policy/${encodeURIComponent(policyId)}/status`,
+      { status }
+    );
+    return resp.data.policy;
+  }
+};
+
 // src/lib/wallet-session.ts
 import { generateKeyPairSync, randomUUID } from "crypto";
 import { readFileSync, writeFileSync, mkdirSync, rmSync, existsSync } from "fs";
@@ -884,20 +1051,7 @@ var walletSessionEnvironmentSchema = z.object({
   clientInstanceId: z.string().uuid().optional(),
   clientInstanceName: z.string().min(1).max(64).optional()
 }).strict();
-var chainWalletSessionSchema = z.object({
-  sessionId: z.string().uuid(),
-  status: z.enum(["pending", "approved", "revoked", "expired"]),
-  expiresAt: z.string().datetime(),
-  chainType: z.enum(["evm", "solana"]),
-  walletId: z.string().min(1).optional(),
-  walletAddress: z.string().min(1).optional(),
-  providerKeyQuorumId: z.string().min(1).optional(),
-  providerSignerId: z.string().min(1).optional(),
-  capabilities: walletSessionCapabilitiesSchema.optional()
-}).strict();
 var walletSessionSchema = z.object({
-  version: z.number().int().positive().optional(),
-  connectionRequestId: z.string().min(1).optional(),
   sessionId: z.string().uuid(),
   status: z.enum(["pending", "approved", "revoked", "expired"]),
   createdAt: z.string().datetime(),
@@ -916,11 +1070,7 @@ var walletSessionSchema = z.object({
   chainType: z.string().min(1).optional(),
   backendBaseUrl: z.string().min(1).optional(),
   environment: walletSessionEnvironmentSchema.optional(),
-  capabilities: walletSessionCapabilitiesSchema.optional(),
-  sessionsByChain: z.object({
-    evm: chainWalletSessionSchema.optional(),
-    solana: chainWalletSessionSchema.optional()
-  }).strict().optional()
+  capabilities: walletSessionCapabilitiesSchema.optional()
 }).strict();
 function sessionPath() {
   return join(configDir(), SESSION_FILE);
@@ -928,59 +1078,7 @@ function sessionPath() {
 function parseStoredSession(value) {
   const parsed = walletSessionSchema.safeParse(value);
   if (!parsed.success) return null;
-  return withLegacyChainSessions(parsed.data);
-}
-function withLegacyChainSessions(session) {
-  if (session.sessionsByChain) {
-    return withCompatibilityAliases(session);
-  }
-  const chainType = session.chainType === "solana" ? "solana" : "evm";
-  const walletId = chainType === "solana" ? session.solanaWalletId ?? session.walletId : session.evmWalletId ?? session.walletId;
-  const walletAddress = chainType === "solana" ? session.solanaAddress : session.evmAddress;
-  return withCompatibilityAliases({
-    ...session,
-    version: session.version ?? 1,
-    sessionsByChain: {
-      [chainType]: {
-        sessionId: session.sessionId,
-        status: session.status,
-        expiresAt: session.expiresAt,
-        chainType,
-        ...walletId ? { walletId } : {},
-        ...walletAddress ? { walletAddress } : {},
-        ...session.privyKeyQuorumId ? { providerKeyQuorumId: session.privyKeyQuorumId } : {},
-        ...session.privySignerId ? { providerSignerId: session.privySignerId } : {},
-        ...session.capabilities ? { capabilities: session.capabilities } : {}
-      }
-    }
-  });
-}
-function withCompatibilityAliases(session) {
-  const evm = session.sessionsByChain?.evm;
-  const solana = session.sessionsByChain?.solana;
-  const preferred = evm ?? solana;
-  if (!preferred) {
-    return session;
-  }
-  return {
-    ...session,
-    sessionId: preferred.sessionId,
-    status: preferred.status,
-    expiresAt: preferred.expiresAt,
-    walletId: evm?.walletId ?? solana?.walletId ?? session.walletId,
-    evmWalletId: evm?.walletId ?? session.evmWalletId,
-    evmAddress: evm?.walletAddress ?? session.evmAddress,
-    solanaWalletId: solana?.walletId ?? session.solanaWalletId,
-    solanaAddress: solana?.walletAddress ?? session.solanaAddress,
-    privyKeyQuorumId: evm?.providerKeyQuorumId ?? solana?.providerKeyQuorumId ?? session.privyKeyQuorumId,
-    privySignerId: evm?.providerSignerId ?? solana?.providerSignerId ?? session.privySignerId,
-    chainType: evm && solana ? "both" : preferred.chainType,
-    capabilities: {
-      ...evm?.capabilities ?? {},
-      ...solana?.capabilities ?? {},
-      ...session.capabilities ?? {}
-    }
-  };
+  return parsed.data;
 }
 function loadStoredSessionFromPath(path) {
   if (!existsSync(path)) return null;
@@ -994,23 +1092,13 @@ function isExpired(session) {
   const expiresAt = new Date(session.expiresAt);
   return !Number.isNaN(expiresAt.getTime()) && expiresAt <= /* @__PURE__ */ new Date();
 }
-function isSessionLoadable(session) {
-  if (session.sessionsByChain) {
-    return Object.values(session.sessionsByChain).some((chainSession) => {
-      return Boolean(
-        chainSession && chainSession.status !== "revoked" && !isExpired(chainSession)
-      );
-    });
-  }
-  if (session.status === "revoked") return false;
-  return !isExpired(session);
-}
 function createFileWalletSessionStore(path = sessionPath()) {
   return {
     load() {
       const session = loadStoredSessionFromPath(path);
       if (!session) return null;
-      if (!isSessionLoadable(session)) return null;
+      if (session.status === "revoked") return null;
+      if (isExpired(session)) return null;
       return session;
     },
     loadRaw() {
@@ -1054,7 +1142,6 @@ function createPendingSession() {
   const now = /* @__PURE__ */ new Date();
   const expiresAt = new Date(now.getTime() + SESSION_TTL_DAYS * 24 * 60 * 60 * 1e3);
   const session = {
-    version: 2,
     sessionId: randomUUID(),
     status: "pending",
     createdAt: now.toISOString(),
@@ -1077,12 +1164,12 @@ function loadStoredSession() {
   return store.load();
 }
 function saveSession(session) {
-  getWalletSessionStore().save(withCompatibilityAliases(session));
+  getWalletSessionStore().save(session);
 }
 function updateSession(updates) {
   const session = loadSession();
   if (!session) return null;
-  const updated = withCompatibilityAliases({ ...session, ...updates });
+  const updated = { ...session, ...updates };
   saveSession(updated);
   return updated;
 }
@@ -1090,52 +1177,11 @@ function clearSession() {
   return getWalletSessionStore().clear();
 }
 function isSessionValid(session) {
-  if (session.sessionsByChain) {
-    return Object.values(session.sessionsByChain).some((chainSession) => {
-      return Boolean(chainSession && isChainSessionValid(chainSession));
-    });
-  }
   if (session.status !== "approved") return false;
   const expiresAt = new Date(session.expiresAt);
   if (Number.isNaN(expiresAt.getTime())) return false;
   return expiresAt > /* @__PURE__ */ new Date();
 }
-function isChainSessionValid(session) {
-  if (session.status !== "approved") return false;
-  const expiresAt = new Date(session.expiresAt);
-  if (Number.isNaN(expiresAt.getTime())) return false;
-  return expiresAt > /* @__PURE__ */ new Date();
-}
-function getWalletSessionByChain(session, chainType) {
-  const chainSession = session.sessionsByChain?.[chainType];
-  if (!chainSession) {
-    if (!isSessionValid(session)) return null;
-    if (chainType === "evm" && session.evmAddress) return session;
-    if (chainType === "solana" && session.solanaAddress) return session;
-    return null;
-  }
-  if (!isChainSessionValid(chainSession)) {
-    return null;
-  }
-  return withCompatibilityAliases({
-    ...session,
-    sessionId: chainSession.sessionId,
-    status: chainSession.status,
-    expiresAt: chainSession.expiresAt,
-    walletId: chainSession.walletId,
-    evmWalletId: chainType === "evm" ? chainSession.walletId : session.evmWalletId,
-    evmAddress: chainType === "evm" ? chainSession.walletAddress : session.evmAddress,
-    solanaWalletId: chainType === "solana" ? chainSession.walletId : session.solanaWalletId,
-    solanaAddress: chainType === "solana" ? chainSession.walletAddress : session.solanaAddress,
-    privyKeyQuorumId: chainSession.providerKeyQuorumId,
-    privySignerId: chainSession.providerSignerId,
-    chainType,
-    capabilities: chainSession.capabilities ?? session.capabilities,
-    sessionsByChain: {
-      [chainType]: chainSession
-    }
-  });
-}
 
 // src/lib/resolve.ts
 function getCommandOptions(program) {
@@ -1215,6 +1261,15 @@ function adminClientFromFlags(program) {
   if (authToken) return new AdminClient({ type: "auth_token", token: authToken });
   throw errAccessKeyRequired();
 }
+function hasAuthLoginToken(cfg) {
+  return Boolean(resolveAuthToken(cfg));
+}
+function gasManagerClientFromFlags(_program) {
+  const cfg = load();
+  const authToken = resolveAuthToken(cfg);
+  if (!authToken) throw errLoginRequired();
+  return new GasManagerClient({ type: "auth_token", token: authToken });
+}
 function resolveX402(program, cfg) {
   const opts = getCommandOptions(program);
   if (opts.x402) return true;
@@ -1361,6 +1416,8 @@ export {
   getRPCNetworks,
   getRPCNetworkIds,
   isSolanaNetwork,
+  toAdminNetworkId,
+  fromAdminNetworkId,
   nativeTokenSymbol,
   AdminClient,
   createPendingSession,
@@ -1370,7 +1427,6 @@ export {
   updateSession,
   clearSession,
   isSessionValid,
-  getWalletSessionByChain,
   resolveAPIKey,
   resolveAccessKey,
   resolveNetwork,
@@ -1378,6 +1434,8 @@ export {
   resolveAppId,
   resolveAuthToken,
   adminClientFromFlags,
+  hasAuthLoginToken,
+  gasManagerClientFromFlags,
   resolveX402,
   resolveX402Client,
   resolveWalletKey,

package/dist/{chunk-AUGBYMHT.js → chunk-L7VFXQSF.js}

@@ -2,7 +2,7 @@
 if(process.argv.includes("--no-color"))process.env.NO_COLOR="1";
 import {
   isJSONMode
-} from "./chunk-MYHXAACL.js";
+} from "./chunk-46LMXT54.js";
 
 // src/lib/interaction.ts
 import { stdin, stdout } from "process";

package/dist/{chunk-WCZIVY4O.js → chunk-NGF46GZP.js}

@@ -2,7 +2,7 @@
 if(process.argv.includes("--no-color"))process.env.NO_COLOR="1";
 import {
   getBaseDomain
-} from "./chunk-MYHXAACL.js";
+} from "./chunk-46LMXT54.js";
 
 // src/lib/auth.ts
 import { createHash, randomBytes } from "crypto";

package/dist/{chunk-PX2YJ7XC.js → chunk-ROBA7SR7.js}

@@ -2,7 +2,7 @@
 if(process.argv.includes("--no-color"))process.env.NO_COLOR="1";
 import {
   isRevealMode
-} from "./chunk-MYHXAACL.js";
+} from "./chunk-46LMXT54.js";
 
 // src/lib/secrets.ts
 function maskSecret(value) {

package/dist/{errors-UL3W4ECQ.js → errors-A53DVJDY.js}

@@ -12,6 +12,7 @@ import {
   errInvalidAPIKey,
   errInvalidAccessKey,
   errInvalidArgs,
+  errLoginRequired,
   errNetwork,
   errNetworkNotEnabled,
   errNoActiveSession,
@@ -26,7 +27,7 @@ import {
   exitWithError,
   isReplMode,
   setReplMode
-} from "./chunk-MYHXAACL.js";
+} from "./chunk-46LMXT54.js";
 export {
   CLIError,
   EXIT_CODES,
@@ -39,6 +40,7 @@ export {
   errInvalidAPIKey,
   errInvalidAccessKey,
   errInvalidArgs,
+  errLoginRequired,
   errNetwork,
   errNetworkNotEnabled,
   errNoActiveSession,