@alchemy/cli 0.7.4 → 0.8.0

package/dist/{auth-GD7BJOMK.js → auth-JPRZE2MA.js}

@@ -11,8 +11,8 @@ import {
   prepareLogin,
   revokeToken,
   waitForCallback
-} from "./chunk-C5HNQOLB.js";
-import "./chunk-2BALTY22.js";
+} from "./chunk-NGF46GZP.js";
+import "./chunk-46LMXT54.js";
 export {
   AUTH_PORT,
   DEFAULT_EXPIRES_IN_SECONDS,

package/dist/auth-RINQSQDT.js

@@ -0,0 +1,16 @@
+#!/usr/bin/env node
+if(process.argv.includes("--no-color"))process.env.NO_COLOR="1";
+import {
+  registerAuth,
+  selectAppAfterAuth
+} from "./chunk-EKS2THJU.js";
+import "./chunk-NGF46GZP.js";
+import "./chunk-L7VFXQSF.js";
+import "./chunk-JWLZAO7S.js";
+import "./chunk-DGZYRBXR.js";
+import "./chunk-ROBA7SR7.js";
+import "./chunk-46LMXT54.js";
+export {
+  registerAuth,
+  selectAppAfterAuth
+};

package/dist/{chunk-2BALTY22.js → chunk-46LMXT54.js}

@@ -375,6 +375,13 @@ function errAccessKeyRequired() {
     "Get an access key: https://www.alchemy.com/docs/reference/admin-api/overview"
   );
 }
+function errLoginRequired() {
+  return new CLIError(
+    ErrorCode.AUTH_REQUIRED,
+    "Sign in to Alchemy to continue. Run 'alchemy auth login', then retry.",
+    "alchemy auth login"
+  );
+}
 function errInvalidAPIKey(details) {
   return new CLIError(
     ErrorCode.INVALID_API_KEY,
@@ -541,6 +548,7 @@ export {
   CLIError,
   errAuthRequired,
   errAccessKeyRequired,
+  errLoginRequired,
   errInvalidAPIKey,
   errNetworkNotEnabled,
   errNetwork,

package/dist/chunk-5Y7UQ27V.js

@@ -0,0 +1,186 @@
+#!/usr/bin/env node
+if(process.argv.includes("--no-color"))process.env.NO_COLOR="1";
+import {
+  gasManagerClientFromFlags,
+  toAdminNetworkId
+} from "./chunk-JWLZAO7S.js";
+import {
+  dim,
+  green,
+  promptAutocomplete,
+  promptConfirm,
+  promptText,
+  withSpinner
+} from "./chunk-DGZYRBXR.js";
+import {
+  load,
+  save
+} from "./chunk-ROBA7SR7.js";
+import {
+  errAppRequired,
+  errInvalidArgs,
+  errLoginRequired
+} from "./chunk-46LMXT54.js";
+
+// src/lib/policy-prompt.ts
+var CREATE_NEW_SENTINEL = "__create_new__";
+var DEFAULT_SPONSORSHIP_EXPIRY_MS = "600000";
+var DEFAULT_SOLANA_MAX_COUNT = "1000";
+function flavorNoun(flavor) {
+  return flavor === "solana" ? "fee sponsorship" : "gas sponsorship";
+}
+async function selectOrCreatePolicy(opts) {
+  const cfg = load();
+  const appId = cfg.app?.id;
+  if (!appId) throw errAppRequired();
+  const client = opts.client ?? gasManagerClientFromFlags(opts.program);
+  const flavorLabel = flavorNoun(opts.flavor);
+  const policies = await withSpinner(
+    "Fetching gas policies\u2026",
+    "Policies fetched",
+    () => client.listAllPolicies({ appId })
+  );
+  const matching = filterPolicies(policies, opts.flavor, opts.network);
+  let selectedId = null;
+  if (matching.length === 0) {
+    console.log(
+      `  ${dim(`No ${flavorLabel} policies found for ${opts.network} on app ${appId}. Let's create one.`)}`
+    );
+    const created = await runCreate(opts, client, appId);
+    if (!created) return null;
+    selectedId = created.policyId;
+  } else {
+    const selected = await promptAutocomplete({
+      message: `Select a ${flavorLabel} policy for ${opts.network}`,
+      placeholder: "Policy name or ID",
+      options: [
+        ...matching.map((p) => ({
+          label: formatPolicyOption(p),
+          value: p.policyId
+        })),
+        { label: "Create a new policy", value: CREATE_NEW_SENTINEL }
+      ],
+      cancelMessage: "Cancelled policy selection.",
+      commitLabel: null
+    });
+    if (selected === null) return null;
+    if (selected === CREATE_NEW_SENTINEL) {
+      const created = await runCreate(opts, client, appId);
+      if (!created) return null;
+      selectedId = created.policyId;
+    } else {
+      selectedId = selected;
+    }
+  }
+  if (!opts.skipPersistPrompt && selectedId) {
+    await maybePersist(opts.flavor, selectedId);
+  }
+  return selectedId;
+}
+async function createPolicyInteractive(opts) {
+  const cfg = load();
+  const appId = cfg.app?.id;
+  if (!appId) throw errAppRequired();
+  const client = opts.client ?? gasManagerClientFromFlags(opts.program);
+  const result = await runCreate(opts, client, appId);
+  return result;
+}
+function filterPolicies(policies, flavor, network) {
+  const adminId = toAdminNetworkId(network);
+  return policies.filter((p) => {
+    if (p.policyType !== flavor) return false;
+    if (!Array.isArray(p.networks)) return false;
+    return p.networks.includes(adminId);
+  });
+}
+function formatPolicyOption(p) {
+  const status = p.status === "active" ? green("active") : dim(p.status);
+  return `${p.policyName} (${p.policyId.slice(0, 10)}\u2026) \u2014 ${status}`;
+}
+async function runCreate(opts, client, appId) {
+  const name = await promptText({
+    message: "Policy name",
+    cancelMessage: "Cancelled policy creation."
+  });
+  if (name === null) return null;
+  if (!name.trim()) {
+    console.log(`  ${dim("Skipped policy creation (no name).")}`);
+    return null;
+  }
+  const adminNetworkId = toAdminNetworkId(opts.network);
+  const nowUnix = String(Math.floor(Date.now() / 1e3));
+  const payload = opts.flavor === "sponsorship" ? {
+    policyName: name.trim(),
+    policyType: "sponsorship",
+    appId,
+    networks: [adminNetworkId],
+    rules: {
+      startTimeUnix: nowUnix,
+      sponsorshipExpiryMs: DEFAULT_SPONSORSHIP_EXPIRY_MS
+    }
+  } : {
+    policyName: name.trim(),
+    policyType: "solana",
+    appId,
+    networks: [adminNetworkId],
+    solanaRules: {
+      startTimeUnix: nowUnix,
+      maxCount: DEFAULT_SOLANA_MAX_COUNT
+    }
+  };
+  const created = await withSpinner(
+    "Creating policy\u2026",
+    "Policy created",
+    () => client.createPolicy(payload)
+  );
+  console.log(`  ${green("\u2713")} Created ${created.policyName} (${created.policyId})`);
+  const activate = await promptConfirm({
+    message: "Activate this policy now? (required before use)",
+    initialValue: true,
+    cancelMessage: "Skipped activation."
+  });
+  let activated = false;
+  if (activate === true) {
+    await withSpinner(
+      "Activating policy\u2026",
+      "Policy active",
+      () => client.setPolicyStatus(created.policyId, "active")
+    );
+    activated = true;
+  } else {
+    console.log(
+      `  ${dim("Policy left inactive. Activate later with `alchemy gas-manager policy activate " + created.policyId + "`.")}`
+    );
+  }
+  return { policyId: created.policyId, status: "created", activated };
+}
+async function maybePersist(flavor, policyId) {
+  const confirmed = await promptConfirm({
+    message: "Save as default policy for this CLI?",
+    initialValue: true,
+    cancelMessage: "Skipped saving default."
+  });
+  if (confirmed !== true) return;
+  const cfg = load();
+  const updated = flavor === "sponsorship" ? { ...cfg, evm_gas_policy_id: policyId } : { ...cfg, solana_fee_policy_id: policyId };
+  save(updated);
+  const key = flavor === "sponsorship" ? "evm-gas-policy-id" : "solana-fee-policy-id";
+  console.log(`  ${green("\u2713")} Saved ${key} = ${policyId}`);
+}
+function errSponsorshipNeedsPolicy(flavor) {
+  const flag = flavor === "sponsorship" ? "--gas-policy-id" : "--fee-policy-id";
+  const label = flavor === "sponsorship" ? "Gas sponsorship" : "Fee sponsorship";
+  return errInvalidArgs(
+    `${label} requires a policy ID. Run 'alchemy gas-manager policy list' to pick one, pass ${flag} <id>, or run interactively to be prompted.`
+  );
+}
+function errNotLoggedInForPolicyLookup() {
+  return errLoginRequired();
+}
+
+export {
+  selectOrCreatePolicy,
+  createPolicyInteractive,
+  errSponsorshipNeedsPolicy,
+  errNotLoggedInForPolicyLookup
+};

package/dist/{chunk-N36ZNOVV.js → chunk-76ZO4UJ4.js}

@@ -2,10 +2,10 @@
 if(process.argv.includes("--no-color"))process.env.NO_COLOR="1";
 import {
   configPath
-} from "./chunk-JUCUKTP3.js";
+} from "./chunk-ROBA7SR7.js";
 import {
   esc
-} from "./chunk-2BALTY22.js";
+} from "./chunk-46LMXT54.js";
 
 // src/lib/update-check.ts
 import { execFileSync } from "child_process";
@@ -53,7 +53,7 @@ function semverLT(a, b) {
   return false;
 }
 function currentVersion() {
-  return true ? "0.7.4" : "0.0.0";
+  return true ? "0.8.0" : "0.0.0";
 }
 function toUpdateStatus(latestVersion, checkedAt) {
   const current = currentVersion();

package/dist/{chunk-5IL2PMZ6.js → chunk-DGZYRBXR.js}

@@ -5,7 +5,7 @@ import {
   isJSONMode,
   quiet,
   rgb
-} from "./chunk-2BALTY22.js";
+} from "./chunk-46LMXT54.js";
 
 // src/lib/terminal-ui.ts
 import * as readline from "readline";

package/dist/{chunk-XSN4XA5Z.js → chunk-EKS2THJU.js}

@@ -4,14 +4,14 @@ import {
   completeLogin,
   prepareLogin,
   revokeToken
-} from "./chunk-C5HNQOLB.js";
+} from "./chunk-NGF46GZP.js";
 import {
   isInteractiveAllowed
-} from "./chunk-64A5W4M2.js";
+} from "./chunk-L7VFXQSF.js";
 import {
   AdminClient,
   resolveAuthToken
-} from "./chunk-K6V3R7SH.js";
+} from "./chunk-JWLZAO7S.js";
 import {
   bold,
   brand,
@@ -20,13 +20,13 @@ import {
   promptAutocomplete,
   promptText,
   withSpinner
-} from "./chunk-5IL2PMZ6.js";
+} from "./chunk-DGZYRBXR.js";
 import {
   configPath,
   load,
   maskIf,
   save
-} from "./chunk-JUCUKTP3.js";
+} from "./chunk-ROBA7SR7.js";
 import {
   CLIError,
   ErrorCode,
@@ -34,7 +34,7 @@ import {
   exitWithError,
   isJSONMode,
   printHuman
-} from "./chunk-2BALTY22.js";
+} from "./chunk-46LMXT54.js";
 
 // src/commands/auth.ts
 function registerAuth(program) {

package/dist/{chunk-R4W44A6E.js → chunk-GNOTKJF4.js}

@@ -2,11 +2,11 @@
 if(process.argv.includes("--no-color"))process.env.NO_COLOR="1";
 import {
   isInteractiveAllowed
-} from "./chunk-64A5W4M2.js";
+} from "./chunk-L7VFXQSF.js";
 import {
   resolveAuthToken,
   resolveWalletSession
-} from "./chunk-K6V3R7SH.js";
+} from "./chunk-JWLZAO7S.js";
 
 // src/lib/onboarding.ts
 var SETUP_CAPABILITY_ORDER = [

package/dist/{chunk-K6V3R7SH.js → chunk-JWLZAO7S.js}

@@ -4,7 +4,7 @@ import {
   configDir,
   load,
   save
-} from "./chunk-JUCUKTP3.js";
+} from "./chunk-ROBA7SR7.js";
 import {
   CLIError,
   ErrorCode,
@@ -17,6 +17,7 @@ import {
   errInvalidAPIKey,
   errInvalidAccessKey,
   errInvalidArgs,
+  errLoginRequired,
   errNetwork,
   errNetworkNotEnabled,
   errNotFound,
@@ -29,7 +30,7 @@ import {
   parseBaseURLOverride,
   redactSensitiveText,
   verbose
-} from "./chunk-2BALTY22.js";
+} from "./chunk-46LMXT54.js";
 
 // src/lib/resolve.ts
 import { readFileSync as readFileSync2 } from "fs";
@@ -293,6 +294,12 @@ var NATIVE_TOKEN_SYMBOLS = {
 function isSolanaNetwork(networkId) {
   return networkId.startsWith("solana-");
 }
+function toAdminNetworkId(slug) {
+  return slug.trim().toUpperCase().replace(/-/g, "_");
+}
+function fromAdminNetworkId(id) {
+  return id.trim().toLowerCase().replace(/_/g, "-");
+}
 function nativeTokenSymbol(networkId) {
   const prefix = networkId.replace(/-(mainnet|testnet|sepolia|holesky|hoodi|devnet|amoy|fuji|cardona|saigon|chiado|signet|mocha|blaze|curtis|bepolia).*$/, "");
   return NATIVE_TOKEN_SYMBOLS[prefix] ?? "ETH";
@@ -862,6 +869,166 @@ var AdminClient = class _AdminClient {
   }
 };
 
+// src/lib/gas-manager-client.ts
+var GasManagerClient = class _GasManagerClient {
+  static get HOST() {
+    return `manage.g.${getBaseDomain()}`;
+  }
+  // Test/debug only: route requests to a local mock.
+  static BASE_URL_ENV = "ALCHEMY_GAS_MANAGER_BASE_URL";
+  credential;
+  constructor(credential) {
+    if (typeof credential === "string") {
+      this.validateAccessKey(credential);
+      this.credential = { type: "access_key", key: credential };
+    } else {
+      if (credential.type === "access_key") {
+        this.validateAccessKey(credential.key);
+      } else if (!credential.token.trim()) {
+        throw errAuthRequired();
+      }
+      this.credential = credential;
+    }
+  }
+  baseURL() {
+    const override = this.baseURLOverride();
+    if (override) return override.toString().replace(/\/$/, "");
+    return `https://manage.g.${getBaseDomain()}`;
+  }
+  allowedHosts() {
+    const hosts = /* @__PURE__ */ new Set([_GasManagerClient.HOST]);
+    const override = this.baseURLOverride();
+    if (override) hosts.add(override.hostname);
+    return hosts;
+  }
+  allowInsecureTransport(hostname) {
+    return isLocalhost(hostname);
+  }
+  baseURLOverride() {
+    return parseBaseURLOverride(_GasManagerClient.BASE_URL_ENV);
+  }
+  validateAccessKey(accessKey) {
+    if (!accessKey.trim() || /\s/.test(accessKey)) {
+      throw errInvalidAccessKey();
+    }
+  }
+  assertSafeRequestTarget(url) {
+    let parsed;
+    try {
+      parsed = new URL(url);
+    } catch {
+      throw errInvalidArgs("Invalid gas manager API URL.");
+    }
+    if (!this.allowedHosts().has(parsed.hostname)) {
+      throw errInvalidArgs(`Refusing to send credentials to unexpected host: ${parsed.hostname}`);
+    }
+    if (parsed.protocol !== "https:" && !this.allowInsecureTransport(parsed.hostname)) {
+      throw errInvalidArgs("Refusing to send credentials over non-HTTPS connection.");
+    }
+  }
+  async request(method, path, body) {
+    const url = `${this.baseURL()}${path}`;
+    debug(`${method} ${url}`);
+    this.assertSafeRequestTarget(url);
+    const token = this.credential.type === "access_key" ? this.credential.key : this.credential.token;
+    const resp = await fetchWithTimeout(url, {
+      method,
+      redirect: "error",
+      headers: {
+        Authorization: `Bearer ${token}`,
+        "Content-Type": "application/json",
+        Accept: "application/json"
+      },
+      ...body !== void 0 && { body: JSON.stringify(body) }
+    });
+    if (resp.status === 401) {
+      throw this.credential.type === "auth_token" ? errLoginRequired() : errInvalidAccessKey();
+    }
+    if (resp.status === 403) {
+      const detail = await resp.text().catch(() => "");
+      let reason;
+      try {
+        const parsed = JSON.parse(detail);
+        reason = parsed?.error?.msg ?? parsed?.message ?? parsed?.error ?? void 0;
+      } catch {
+        reason = detail || void 0;
+      }
+      if (this.credential.type === "auth_token") {
+        const tail = reason ? ` (${reason})` : "";
+        throw new CLIError(
+          ErrorCode.AUTH_REQUIRED,
+          `Access denied for this Alchemy account or app${tail}. Re-authenticate with 'alchemy auth login' or check that the default app is one you have permission to manage.`,
+          "alchemy auth login"
+        );
+      }
+      throw errAccessDenied(typeof reason === "string" ? reason : void 0);
+    }
+    if (resp.status === 404) {
+      const text = await resp.text().catch(() => "");
+      throw errNotFound(text || path);
+    }
+    if (resp.status === 429) throw errRateLimited();
+    if (!resp.ok) {
+      const text = await resp.text().catch(() => "");
+      throw errAdminAPI(resp.status, text);
+    }
+    return resp.json();
+  }
+  async listPolicies(opts) {
+    const params = new URLSearchParams();
+    params.set("appId", opts.appId);
+    if (opts.limit !== void 0) params.set("limit", String(opts.limit));
+    if (opts.after) params.set("after", opts.after);
+    if (opts.before) params.set("before", opts.before);
+    const resp = await this.request(
+      "GET",
+      `/api/gasManager/policies?${params.toString()}`
+    );
+    return resp.data;
+  }
+  async listAllPolicies(opts) {
+    const policies = [];
+    const seen = /* @__PURE__ */ new Set();
+    let after;
+    do {
+      const page = await this.listPolicies({
+        appId: opts.appId,
+        ...opts.limit !== void 0 && { limit: opts.limit },
+        ...after && { after }
+      });
+      policies.push(...page.policies);
+      const next = page.after ?? void 0;
+      if (next && seen.has(next)) break;
+      if (next) seen.add(next);
+      after = next;
+    } while (after);
+    return policies;
+  }
+  async getPolicy(policyId) {
+    const resp = await this.request(
+      "GET",
+      `/api/gasManager/policy/${encodeURIComponent(policyId)}`
+    );
+    return resp.data.policy;
+  }
+  async createPolicy(payload) {
+    const resp = await this.request(
+      "POST",
+      "/api/gasManager/policy",
+      payload
+    );
+    return resp.data.policy;
+  }
+  async setPolicyStatus(policyId, status) {
+    const resp = await this.request(
+      "PUT",
+      `/api/gasManager/policy/${encodeURIComponent(policyId)}/status`,
+      { status }
+    );
+    return resp.data.policy;
+  }
+};
+
 // src/lib/wallet-session.ts
 import { generateKeyPairSync, randomUUID } from "crypto";
 import { readFileSync, writeFileSync, mkdirSync, rmSync, existsSync } from "fs";
@@ -1094,6 +1261,15 @@ function adminClientFromFlags(program) {
   if (authToken) return new AdminClient({ type: "auth_token", token: authToken });
   throw errAccessKeyRequired();
 }
+function hasAuthLoginToken(cfg) {
+  return Boolean(resolveAuthToken(cfg));
+}
+function gasManagerClientFromFlags(_program) {
+  const cfg = load();
+  const authToken = resolveAuthToken(cfg);
+  if (!authToken) throw errLoginRequired();
+  return new GasManagerClient({ type: "auth_token", token: authToken });
+}
 function resolveX402(program, cfg) {
   const opts = getCommandOptions(program);
   if (opts.x402) return true;
@@ -1240,6 +1416,8 @@ export {
   getRPCNetworks,
   getRPCNetworkIds,
   isSolanaNetwork,
+  toAdminNetworkId,
+  fromAdminNetworkId,
   nativeTokenSymbol,
   AdminClient,
   createPendingSession,
@@ -1256,6 +1434,8 @@ export {
   resolveAppId,
   resolveAuthToken,
   adminClientFromFlags,
+  hasAuthLoginToken,
+  gasManagerClientFromFlags,
   resolveX402,
   resolveX402Client,
   resolveWalletKey,

package/dist/{chunk-64A5W4M2.js → chunk-L7VFXQSF.js}

@@ -2,7 +2,7 @@
 if(process.argv.includes("--no-color"))process.env.NO_COLOR="1";
 import {
   isJSONMode
-} from "./chunk-2BALTY22.js";
+} from "./chunk-46LMXT54.js";
 
 // src/lib/interaction.ts
 import { stdin, stdout } from "process";

package/dist/{chunk-C5HNQOLB.js → chunk-NGF46GZP.js}

@@ -2,7 +2,7 @@
 if(process.argv.includes("--no-color"))process.env.NO_COLOR="1";
 import {
   getBaseDomain
-} from "./chunk-2BALTY22.js";
+} from "./chunk-46LMXT54.js";
 
 // src/lib/auth.ts
 import { createHash, randomBytes } from "crypto";

package/dist/{chunk-JUCUKTP3.js → chunk-ROBA7SR7.js}

@@ -2,7 +2,7 @@
 if(process.argv.includes("--no-color"))process.env.NO_COLOR="1";
 import {
   isRevealMode
-} from "./chunk-2BALTY22.js";
+} from "./chunk-46LMXT54.js";
 
 // src/lib/secrets.ts
 function maskSecret(value) {

package/dist/{errors-E2P6WHTX.js → errors-A53DVJDY.js}

@@ -12,6 +12,7 @@ import {
   errInvalidAPIKey,
   errInvalidAccessKey,
   errInvalidArgs,
+  errLoginRequired,
   errNetwork,
   errNetworkNotEnabled,
   errNoActiveSession,
@@ -26,7 +27,7 @@ import {
   exitWithError,
   isReplMode,
   setReplMode
-} from "./chunk-2BALTY22.js";
+} from "./chunk-46LMXT54.js";
 export {
   CLIError,
   EXIT_CODES,
@@ -39,6 +40,7 @@ export {
   errInvalidAPIKey,
   errInvalidAccessKey,
   errInvalidArgs,
+  errLoginRequired,
   errNetwork,
   errNetworkNotEnabled,
   errNoActiveSession,