npm - @chainstream-io/cli - Versions diffs - 0.0.6 → 0.0.10 - Mend

@chainstream-io/cli 0.0.6 → 0.0.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.js CHANGED Viewed

@@ -10,14 +10,12 @@ var __export = (target, all) => {
 };
 // src/lib/constants.ts
-var CHAINSTREAM_API_URL, CHAINSTREAM_AUTH_URL, TURNKEY_AUTH_PROXY_CONFIG_ID, TURNKEY_SUB_ORG_PREFIX, SOLANA_RPC_URL, BASE_RPC_URL, BASE_CHAIN_ID;
+var CHAINSTREAM_API_URL, CHAINSTREAM_AUTH_URL, SOLANA_RPC_URL, BASE_RPC_URL, BASE_CHAIN_ID;
 var init_constants = __esm({
   "src/lib/constants.ts"() {
     "use strict";
     CHAINSTREAM_API_URL = process.env.CHAINSTREAM_API_URL ?? "https://api.chainstream.io";
-    CHAINSTREAM_AUTH_URL = process.env.CHAINSTREAM_AUTH_URL ?? "https://auth.chainstream.io";
-    TURNKEY_AUTH_PROXY_CONFIG_ID = process.env.TURNKEY_AUTH_PROXY_CONFIG_ID ?? "7550819d-2607-4910-a3d9-8e6e3ff870f9";
-    TURNKEY_SUB_ORG_PREFIX = "chainstream-personal";
+    CHAINSTREAM_AUTH_URL = process.env.CHAINSTREAM_AUTH_URL ?? "https://api.chainstream.io";
     SOLANA_RPC_URL = process.env.SOLANA_RPC_URL ?? "https://api.mainnet-beta.solana.com";
     BASE_RPC_URL = process.env.BASE_RPC_URL ?? "https://mainnet.base.org";
     BASE_CHAIN_ID = Number(process.env.BASE_CHAIN_ID ?? "8453");
@@ -29,6 +27,8 @@ var config_exports = {};
 __export(config_exports, {
   getConfigDir: () => getConfigDir,
   getWalletMode: () => getWalletMode,
+  isEvmChain: () => isEvmChain,
+  isSolanaChain: () => isSolanaChain,
   loadConfig: () => loadConfig,
   saveConfig: () => saveConfig,
   updateConfig: () => updateConfig
@@ -36,6 +36,12 @@ __export(config_exports, {
 import { existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";
 import { homedir } from "os";
 import { join } from "path";
+function isEvmChain(chain) {
+  return chain === "base";
+}
+function isSolanaChain(chain) {
+  return chain === "sol";
+}
 function getConfigDir() {
   if (!existsSync(CONFIG_DIR)) {
     mkdirSync(CONFIG_DIR, { recursive: true });
@@ -78,6 +84,16 @@ var init_config = __esm({
   }
 });
+// src/wallet/types.ts
+function toSdkChain(chain) {
+  return chain === "sol" ? "solana" : "evm";
+}
+var init_types = __esm({
+  "src/wallet/types.ts"() {
+    "use strict";
+  }
+});
 // src/wallet/raw-wallet.ts
 import { privateKeyToAccount } from "viem/accounts";
 import { Keypair, VersionedTransaction } from "@solana/web3.js";
@@ -109,14 +125,18 @@ var RawKeyWallet;
 var init_raw_wallet = __esm({
   "src/wallet/raw-wallet.ts"() {
     "use strict";
+    init_types();
+    init_config();
     RawKeyWallet = class {
       chain;
+      paymentChain;
       address;
       privateKey;
       constructor(key, chain) {
-        this.chain = chain;
+        this.paymentChain = chain;
+        this.chain = toSdkChain(chain);
         this.privateKey = key;
-        if (chain === "evm") {
+        if (isEvmChain(this.paymentChain)) {
           const hex = key.startsWith("0x") ? key : `0x${key}`;
           const account = privateKeyToAccount(hex);
           this.address = account.address;
@@ -127,7 +147,7 @@ var init_raw_wallet = __esm({
         }
       }
       async signMessage(message) {
-        if (this.chain === "evm") {
+        if (isEvmChain(this.paymentChain)) {
           const hex = this.privateKey.startsWith("0x") ? this.privateKey : `0x${this.privateKey}`;
           const account = privateKeyToAccount(hex);
           return account.signMessage({ message });
@@ -142,7 +162,7 @@ var init_raw_wallet = __esm({
       }
       async signTransaction(serializedTx) {
         const txBytes = Buffer.from(serializedTx, "base64");
-        if (this.chain === "solana") {
+        if (!isEvmChain(this.paymentChain)) {
           const tx = VersionedTransaction.deserialize(new Uint8Array(txBytes));
           const decoded = bs58Decode(this.privateKey);
           const keypair = Keypair.fromSecretKey(decoded);
@@ -162,20 +182,12 @@ var init_raw_wallet = __esm({
 var turnkey_exports = {};
 __export(turnkey_exports, {
   TURNKEY_API_BASE: () => TURNKEY_API_BASE,
-  TURNKEY_CONFIG_ID: () => TURNKEY_CONFIG_ID,
-  checkAccount: () => checkAccount,
-  completeLogin: () => completeLogin,
   createApiStamp: () => createApiStamp,
   generateP256KeyPair: () => generateP256KeyPair,
   getEvmAddress: () => getEvmAddress,
   getSolanaAddress: () => getSolanaAddress,
   listWalletAccounts: () => listWalletAccounts,
-  otpInit: () => otpInit,
-  otpLogin: () => otpLogin,
-  otpVerify: () => otpVerify,
   refreshTurnkeySession: () => refreshTurnkeySession,
-  signRawP256: () => signRawP256,
-  signup: () => signup,
   turnkeyRequest: () => turnkeyRequest,
   updateTurnkeyUserEmail: () => updateTurnkeyUserEmail
 });
@@ -199,160 +211,12 @@ function generateP256KeyPair() {
     privateKeyDer: Buffer.from(privateKey).toString("base64")
   };
 }
-function signRawP256(message, privateKeyDerBase64) {
-  const signer = createSign("SHA256");
-  signer.update(message);
-  signer.end();
-  const derSig = signer.sign({
-    key: Buffer.from(privateKeyDerBase64, "base64"),
-    format: "der",
-    type: "pkcs8"
-  });
-  return derToRawSignature(derSig);
-}
-function derToRawSignature(der) {
-  let offset = 0;
-  if (der[offset++] !== 48) throw new Error("Invalid DER signature");
-  offset++;
-  if (der[offset++] !== 2) throw new Error("Invalid DER signature");
-  const rLen = der[offset++];
-  const rBytes = der.subarray(offset, offset + rLen);
-  offset += rLen;
-  if (der[offset++] !== 2) throw new Error("Invalid DER signature");
-  const sLen = der[offset++];
-  const sBytes = der.subarray(offset, offset + sLen);
-  const r = padOrTrimTo32(rBytes);
-  const s = padOrTrimTo32(sBytes);
-  return Buffer.concat([r, s]).toString("hex");
-}
-function padOrTrimTo32(buf) {
-  if (buf.length === 32) return buf;
-  if (buf.length === 33 && buf[0] === 0) return buf.subarray(1);
-  if (buf.length < 32) {
-    const padded = Buffer.alloc(32);
-    buf.copy(padded, 32 - buf.length);
-    return padded;
-  }
-  return buf.subarray(buf.length - 32);
-}
 function decodeJwtPayload(jwt) {
   const parts = jwt.split(".");
   if (parts.length !== 3) throw new Error("Invalid JWT");
   const payloadB64 = parts[1].replace(/-/g, "+").replace(/_/g, "/");
   return JSON.parse(Buffer.from(payloadB64, "base64").toString("utf-8"));
 }
-async function proxyRequest(path, body, configId) {
-  if (!configId) throw new Error("TURNKEY_AUTH_PROXY_CONFIG_ID not configured.");
-  const res = await fetch(`${AUTH_PROXY_BASE}${path}`, {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/json",
-      "X-Auth-Proxy-Config-ID": configId
-    },
-    body: JSON.stringify(body)
-  });
-  if (!res.ok) {
-    const text = await res.text().catch(() => "");
-    let detail = text;
-    try {
-      detail = JSON.parse(text).message ?? text;
-    } catch {
-    }
-    throw new Error(`Turnkey auth proxy error (${res.status}): ${detail}`);
-  }
-  return res.json();
-}
-async function otpInit(email, configId) {
-  return proxyRequest("/v1/otp_init", { otpType: "OTP_TYPE_EMAIL", contact: email }, configId);
-}
-async function otpVerify(otpId, otpCode, publicKeyHex, configId) {
-  return proxyRequest("/v1/otp_verify", { otpId, otpCode, publicKey: publicKeyHex }, configId);
-}
-async function checkAccount(email, configId, verificationToken) {
-  try {
-    const result = await proxyRequest(
-      "/v1/account",
-      { filterType: "EMAIL", filterValue: email, ...verificationToken && { verificationToken } },
-      configId
-    );
-    return { exists: !!result.organizationId, organizationId: result.organizationId };
-  } catch {
-    return { exists: false };
-  }
-}
-async function signup(email, configId, verificationToken, publicKeyHex, privateKeyDer) {
-  const decoded = decodeJwtPayload(verificationToken);
-  const verificationPublicKey = decoded.public_key ?? publicKeyHex;
-  const signupBody = {
-    userName: `${TURNKEY_SUB_ORG_PREFIX}-${email.split("@")[0]}`,
-    organizationName: `${TURNKEY_SUB_ORG_PREFIX}-${email}`,
-    userEmail: email,
-    verificationToken,
-    apiKeys: [],
-    authenticators: [],
-    oauthProviders: [],
-    wallet: {
-      walletName: "ChainStream Wallet",
-      accounts: [
-        { curve: "CURVE_SECP256K1", pathFormat: "PATH_FORMAT_BIP32", path: "m/44'/60'/0'/0/0", addressFormat: "ADDRESS_FORMAT_ETHEREUM" },
-        { curve: "CURVE_ED25519", pathFormat: "PATH_FORMAT_BIP32", path: "m/44'/501'/0'/0'", addressFormat: "ADDRESS_FORMAT_SOLANA" }
-      ]
-    }
-  };
-  const signatureMessage = JSON.stringify({
-    signup: { email, apiKeys: signupBody.apiKeys, authenticators: signupBody.authenticators, oauthProviders: signupBody.oauthProviders },
-    tokenId: decoded.id,
-    type: "USAGE_TYPE_SIGNUP"
-  });
-  const signature = signRawP256(signatureMessage, privateKeyDer);
-  return proxyRequest("/v1/signup", {
-    ...signupBody,
-    clientSignature: {
-      message: signatureMessage,
-      publicKey: verificationPublicKey,
-      scheme: "CLIENT_SIGNATURE_SCHEME_API_P256",
-      signature
-    }
-  }, configId);
-}
-async function otpLogin(verificationToken, publicKeyHex, privateKeyDerBase64, configId) {
-  const decoded = decodeJwtPayload(verificationToken);
-  const tokenUsageMessage = JSON.stringify({
-    login: { publicKey: publicKeyHex },
-    tokenId: decoded.id,
-    type: "USAGE_TYPE_LOGIN"
-  });
-  const signature = signRawP256(tokenUsageMessage, privateKeyDerBase64);
-  return proxyRequest("/v1/otp_login", {
-    verificationToken,
-    publicKey: publicKeyHex,
-    clientSignature: {
-      message: tokenUsageMessage,
-      publicKey: decoded.public_key ?? publicKeyHex,
-      scheme: "CLIENT_SIGNATURE_SCHEME_API_P256",
-      signature
-    }
-  }, configId);
-}
-async function completeLogin(otpId, otpCode, configId, email) {
-  const keyPair = generateP256KeyPair();
-  const { verificationToken } = await otpVerify(otpId, otpCode, keyPair.publicKeyHex, configId);
-  const account = await checkAccount(email, configId, verificationToken);
-  let isNewUser = false;
-  if (!account.exists) {
-    await signup(email, configId, verificationToken, keyPair.publicKeyHex, keyPair.privateKeyDer);
-    isNewUser = true;
-  }
-  const { session } = await otpLogin(verificationToken, keyPair.publicKeyHex, keyPair.privateKeyDer, configId);
-  const sessionPayload = decodeJwtPayload(session);
-  return {
-    session,
-    keyPair,
-    organizationId: sessionPayload.organization_id ?? "",
-    sessionExpiry: sessionPayload.exp,
-    isNewUser
-  };
-}
 function createApiStamp(body, publicKeyHex, privateKeyDerBase64) {
   const signer = createSign("SHA256");
   signer.update(body);
@@ -454,14 +318,11 @@ async function getSolanaAddress(creds) {
   if (!sol) throw new Error("No Solana wallet found in Turnkey.");
   return sol.address;
 }
-var AUTH_PROXY_BASE, TURNKEY_API_BASE, TURNKEY_CONFIG_ID;
+var TURNKEY_API_BASE;
 var init_turnkey = __esm({
   "src/lib/turnkey.ts"() {
     "use strict";
-    init_constants();
-    AUTH_PROXY_BASE = "https://authproxy.turnkey.com";
     TURNKEY_API_BASE = "https://api.turnkey.com";
-    TURNKEY_CONFIG_ID = TURNKEY_AUTH_PROXY_CONFIG_ID;
   }
 });
@@ -470,14 +331,18 @@ var TurnkeyWallet;
 var init_turnkey_wallet = __esm({
   "src/wallet/turnkey-wallet.ts"() {
     "use strict";
+    init_types();
+    init_config();
     init_turnkey();
     TurnkeyWallet = class _TurnkeyWallet {
       chain;
+      paymentChain;
       address;
       creds;
       constructor(creds, chain, address) {
         this.creds = creds;
-        this.chain = chain;
+        this.paymentChain = chain;
+        this.chain = toSdkChain(chain);
         this.address = address;
       }
       static async create(creds) {
@@ -486,14 +351,14 @@ var init_turnkey_wallet = __esm({
           getSolanaAddress(creds)
         ]);
         return {
-          evm: new _TurnkeyWallet(creds, "evm", evmAddr),
-          solana: new _TurnkeyWallet(creds, "solana", solAddr)
+          base: new _TurnkeyWallet(creds, "base", evmAddr),
+          sol: new _TurnkeyWallet(creds, "sol", solAddr)
         };
       }
       async signMessage(message) {
         let payloadHex;
         let hashFunction;
-        if (this.chain === "evm") {
+        if (isEvmChain(this.paymentChain)) {
           const prefix = `Ethereum Signed Message:
 ${message.length}`;
           const prefixed = Buffer.concat([Buffer.from(prefix, "utf-8"), Buffer.from(message, "utf-8")]);
@@ -520,7 +385,7 @@ ${message.length}`;
         );
         const sigResult = result.activity?.result?.signRawPayloadResult;
         if (!sigResult) throw new Error("Turnkey signMessage: no signature in response");
-        if (this.chain === "evm") {
+        if (isEvmChain(this.paymentChain)) {
           const v = sigResult.v === "00" ? "1b" : "1c";
           return `0x${sigResult.r}${sigResult.s}${v}`;
         }
@@ -529,7 +394,7 @@ ${message.length}`;
       async signTransaction(serializedTx) {
         const txBytes = Buffer.from(serializedTx, "base64");
         const unsignedHex = txBytes.toString("hex");
-        const txType = this.chain === "evm" ? "TRANSACTION_TYPE_ETHEREUM" : "TRANSACTION_TYPE_SOLANA";
+        const txType = isEvmChain(this.paymentChain) ? "TRANSACTION_TYPE_ETHEREUM" : "TRANSACTION_TYPE_SOLANA";
         const result = await turnkeyRequest(
           "/public/v1/submit/sign_transaction",
           {
@@ -563,13 +428,15 @@ function createWallet(config, mode) {
     return new RawKeyWallet(config.rawWallet.key, config.rawWallet.chain);
   }
   if (mode === "turnkey" && config.turnkey) {
-    const address = config.turnkey.evmAddress;
+    const chain = config.walletChain ?? "base";
+    const address = isEvmChain(chain) ? config.turnkey.evmAddress : config.turnkey.solanaAddress;
     if (!address) {
       throw new Error(
-        "Turnkey wallet address not found in config.\nPlease re-login to resolve addresses: chainstream login"
+        `Turnkey ${chain} address not found in config.
+Please re-login to resolve addresses: chainstream login`
       );
     }
-    return new TurnkeyWallet(config.turnkey, "evm", address);
+    return new TurnkeyWallet(config.turnkey, chain, address);
   }
   throw new Error(
     "No wallet configured. Run:\n  chainstream login           # Create Turnkey wallet\n  chainstream wallet set-raw  # Use raw private key (dev)"
@@ -578,17 +445,18 @@ function createWallet(config, mode) {
 async function createWalletWithAddresses(config, mode) {
   if (mode === "raw" && config.rawWallet) {
     const w = new RawKeyWallet(config.rawWallet.key, config.rawWallet.chain);
-    return config.rawWallet.chain === "evm" ? { evm: w } : { solana: w };
+    return isEvmChain(config.rawWallet.chain) ? { base: w } : { sol: w };
   }
   if (mode === "turnkey" && config.turnkey) {
     const wallets = await TurnkeyWallet.create(config.turnkey);
-    return { evm: wallets.evm, solana: wallets.solana };
+    return { base: wallets.base, sol: wallets.sol };
   }
   throw new Error("No wallet configured.");
 }
 var init_wallet = __esm({
   "src/wallet/index.ts"() {
     "use strict";
+    init_config();
     init_raw_wallet();
     init_turnkey_wallet();
   }
@@ -597,15 +465,18 @@ var init_wallet = __esm({
 // src/lib/x402.ts
 var x402_exports = {};
 __export(x402_exports, {
-  autoPurchaseOnDemand: () => autoPurchaseOnDemand,
   getPricing: () => getPricing,
-  getX402Fetch: () => getX402Fetch
+  getX402Fetch: () => getX402Fetch,
+  selectPlanInteractive: () => selectPlanInteractive
 });
 import { x402Client } from "@x402/core/client";
 import { wrapFetchWithPayment } from "@x402/fetch";
 import { ExactEvmScheme } from "@x402/evm/exact/client";
+import { ExactSvmScheme } from "@x402/svm/exact/client";
 import { privateKeyToAccount as privateKeyToAccount2 } from "viem/accounts";
 import { hashTypedData } from "viem";
+import { createKeyPairSignerFromBytes } from "@solana/kit";
+import * as readline from "readline/promises";
 function createTurnkeyPaymentAccount(creds) {
   const address = creds.evmAddress;
   return {
@@ -637,55 +508,136 @@ function createTurnkeyPaymentAccount(creds) {
     }
   };
 }
-function getX402Fetch(config) {
+async function turnkeySolanaSign(creds, payload) {
+  const payloadHex = Buffer.from(payload).toString("hex");
+  const result = await turnkeyRequest(
+    "/public/v1/submit/sign_raw_payload",
+    {
+      type: "ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2",
+      timestampMs: Date.now().toString(),
+      organizationId: creds.organizationId,
+      parameters: {
+        signWith: creds.solanaAddress,
+        payload: payloadHex,
+        encoding: "PAYLOAD_ENCODING_HEXADECIMAL",
+        hashFunction: "HASH_FUNCTION_NOT_APPLICABLE"
+      }
+    },
+    creds
+  );
+  const sig = result.activity?.result?.signRawPayloadResult;
+  if (!sig) throw new Error("Turnkey Solana sign: no signature");
+  return new Uint8Array(Buffer.from(sig.r + sig.s, "hex"));
+}
+async function createTurnkeySolanaSigner(creds) {
+  const { createNoopSigner, address: solAddress } = await import("@solana/kit");
+  return createNoopSigner(solAddress(creds.solanaAddress));
+}
+function createTurnkeySvmScheme(creds, noopSigner) {
+  const inner = new ExactSvmScheme(noopSigner, { rpcUrl: "https://api.mainnet-beta.solana.com" });
+  return {
+    scheme: "exact",
+    async createPaymentPayload(x402Version, paymentRequirements) {
+      const payload = await inner.createPaymentPayload(x402Version, paymentRequirements);
+      const wrapped = payload;
+      const txB64 = wrapped.payload.transaction;
+      const txBytes = new Uint8Array(Buffer.from(txB64, "base64"));
+      const sigCount = txBytes[0];
+      const messageStart = 1 + sigCount * 64;
+      const messageBytes = txBytes.slice(messageStart);
+      const sig = await turnkeySolanaSign(creds, messageBytes);
+      txBytes.set(sig, 1 + 64);
+      wrapped.payload.transaction = Buffer.from(txBytes).toString("base64");
+      return payload;
+    }
+  };
+}
+function bs58Decode2(str) {
+  const ALPHABET = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+  const BASE = 58;
+  const result = [0];
+  for (const char of str) {
+    let carry = ALPHABET.indexOf(char);
+    if (carry < 0) throw new Error(`Invalid base58 character: ${char}`);
+    for (let j = 0; j < result.length; j++) {
+      carry += result[j] * BASE;
+      result[j] = carry & 255;
+      carry >>= 8;
+    }
+    while (carry > 0) {
+      result.push(carry & 255);
+      carry >>= 8;
+    }
+  }
+  for (const char of str) {
+    if (char !== "1") break;
+    result.push(0);
+  }
+  return new Uint8Array(result.reverse());
+}
+async function getX402Fetch(config) {
   if (_x402Fetch) return _x402Fetch;
   const client = new x402Client();
-  if (config.rawWallet?.chain === "evm") {
-    const hex = config.rawWallet.key.startsWith("0x") ? config.rawWallet.key : `0x${config.rawWallet.key}`;
-    const account = privateKeyToAccount2(hex);
-    client.register("eip155:*", new ExactEvmScheme(account));
-  } else if (config.turnkey?.evmAddress && config.turnkey?.organizationId) {
-    const account = createTurnkeyPaymentAccount(config.turnkey);
-    client.register("eip155:*", new ExactEvmScheme(account));
+  if (config.rawWallet) {
+    if (isEvmChain(config.rawWallet.chain)) {
+      const hex = config.rawWallet.key.startsWith("0x") ? config.rawWallet.key : `0x${config.rawWallet.key}`;
+      const account = privateKeyToAccount2(hex);
+      client.register("eip155:8453", new ExactEvmScheme(account));
+    } else if (isSolanaChain(config.rawWallet.chain)) {
+      const decoded = bs58Decode2(config.rawWallet.key);
+      const signer = await createKeyPairSignerFromBytes(new Uint8Array(decoded));
+      client.register("solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp", new ExactSvmScheme(signer, { rpcUrl: "https://api.mainnet-beta.solana.com" }));
+    }
+  } else if (config.turnkey?.organizationId) {
+    const preferredChain = config.walletChain ?? "base";
+    if (isEvmChain(preferredChain) && config.turnkey.evmAddress) {
+      const account = createTurnkeyPaymentAccount(config.turnkey);
+      client.register("eip155:8453", new ExactEvmScheme(account));
+    } else if (isSolanaChain(preferredChain) && config.turnkey.solanaAddress) {
+      const noopSigner = await createTurnkeySolanaSigner(config.turnkey);
+      const scheme = createTurnkeySvmScheme(config.turnkey, noopSigner);
+      client.register("solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp", scheme);
+    }
   }
   _x402Fetch = wrapFetchWithPayment(fetch, client);
   return _x402Fetch;
 }
-async function autoPurchaseOnDemand(config, plan = "nano") {
-  const x402Fetch = getX402Fetch(config);
-  process.stderr.write(`[chainstream] No active subscription. Auto-purchasing ${plan} plan...
-`);
-  try {
-    const resp = await x402Fetch(`${config.baseUrl}/x402/purchase?plan=${encodeURIComponent(plan)}`);
-    if (!resp.ok) {
-      const text = await resp.text().catch(() => "");
-      process.stderr.write(`[chainstream] Purchase failed (${resp.status}): ${text}
-`);
-      return { success: false };
-    }
-    const result = await resp.json();
-    process.stderr.write(`[chainstream] Subscription activated: ${result.plan} (expires: ${result.expires_at})
-`);
-    return {
-      success: true,
-      plan: result.plan,
-      expiresAt: result.expires_at
-    };
-  } catch (err) {
-    process.stderr.write(`[chainstream] Auto-purchase error: ${err instanceof Error ? err.message : err}
-`);
-    return { success: false };
-  }
-}
 async function getPricing(baseUrl) {
   const resp = await fetch(`${baseUrl}/x402/pricing`);
   if (!resp.ok) throw new Error(`Failed to get pricing (${resp.status})`);
   return resp.json();
 }
+async function selectPlanInteractive(baseUrl) {
+  const pricing = await getPricing(baseUrl);
+  const plans = pricing.plans.sort((a, b) => a.price_usd - b.price_usd);
+  process.stderr.write("\n[chainstream] No active subscription. Available plans:\n\n");
+  process.stderr.write("  #  Plan       Price     Quota           Duration\n");
+  process.stderr.write("  \u2500\u2500 \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n");
+  for (let i = 0; i < plans.length; i++) {
+    const p = plans[i];
+    const num = String(i + 1).padStart(2);
+    const name = p.name.padEnd(10);
+    const price = `$${p.price_usd}`.padEnd(8);
+    const quota = p.quota_total.toLocaleString().padStart(14) + " CU";
+    const days = `${p.duration_days} days`;
+    process.stderr.write(`  ${num} ${name} ${price} ${quota}  ${days}
+`);
+  }
+  process.stderr.write("\n");
+  const rl = readline.createInterface({ input: process.stdin, output: process.stderr });
+  const answer = await rl.question(`Select plan (1-${plans.length}): `);
+  rl.close();
+  const idx = parseInt(answer.trim(), 10) - 1;
+  if (idx < 0 || idx >= plans.length || Number.isNaN(idx)) {
+    throw new Error("Invalid plan selection. Aborting purchase.");
+  }
+  return plans[idx].name;
+}
 var _x402Fetch;
 var init_x402 = __esm({
   "src/lib/x402.ts"() {
     "use strict";
+    init_config();
     init_turnkey();
     _x402Fetch = null;
   }
@@ -721,7 +673,7 @@ function createClient() {
     return _client;
   }
   throw new Error(
-    "Not authenticated. Run one of:\n  chainstream login                  # Email OTP (creates Turnkey wallet)\n  chainstream login --key            # P-256 key (no email)\n  chainstream wallet set-raw         # Raw private key (dev)\n  chainstream config set --key apiKey --value <key>  # API key only"
+    "Not authenticated. Run one of:\n  chainstream login                  # Create Turnkey wallet (no email)\n  chainstream login --email          # Email OTP login\n  chainstream wallet set-raw         # Import private key (dev)\n  chainstream config set --key apiKey --value <key>  # API key only"
   );
 }
 function requireWallet() {
@@ -738,27 +690,78 @@ async function callWithAutoPayment(fn, retried = false) {
   try {
     return await fn();
   } catch (err) {
-    const is402 = isPaymentRequired(err);
-    if (is402 && !retried && _wallet) {
+    const paymentInfo = extractPaymentInfo(err);
+    if (paymentInfo && !retried && _wallet) {
       const config = loadConfig();
-      const result = await autoPurchaseOnDemand(config);
-      if (result.success) {
+      let purchaseUrl = resolvePurchaseUrl(config.baseUrl, paymentInfo);
+      if (config.plan) {
+        purchaseUrl = replacePlanInUrl(purchaseUrl, config.plan);
+        process.stderr.write(`[chainstream] No active subscription. Purchasing ${config.plan} plan...
+`);
+      } else if (process.stdin.isTTY) {
+        const chosenPlan = await selectPlanInteractive(config.baseUrl);
+        purchaseUrl = replacePlanInUrl(purchaseUrl, chosenPlan);
+        process.stderr.write(`[chainstream] Purchasing ${chosenPlan} plan...
+`);
+      } else {
+        process.stderr.write(`[chainstream] No active subscription. Purchasing via x402...
+`);
+        process.stderr.write(`[chainstream] Resource: ${purchaseUrl}
+`);
+      }
+      const x402Fetch = await getX402Fetch(config);
+      const resp = await x402Fetch(purchaseUrl);
+      if (resp.ok) {
+        const result = await resp.json();
+        process.stderr.write(`[chainstream] Subscription activated: ${result.plan} (expires: ${result.expires_at})
+`);
         _client = null;
         createClient();
         return callWithAutoPayment(fn, true);
       }
+      const text = await resp.text().catch(() => "");
+      process.stderr.write(`[chainstream] Purchase failed (${resp.status}): ${text}
+`);
     }
     throw err;
   }
 }
-function isPaymentRequired(err) {
-  if (!err || typeof err !== "object") return false;
+function extractPaymentInfo(err) {
+  if (!err || typeof err !== "object") return null;
   const axiosErr = err;
-  if (axiosErr.response?.status === 402) return true;
-  if (axiosErr.status === 402) return true;
-  if (axiosErr.message?.includes("402")) return true;
-  if (axiosErr.message?.includes("PAYMENT_REQUIRED")) return true;
-  return false;
+  const status = axiosErr.response?.status ?? axiosErr.status;
+  const message = axiosErr.message ?? "";
+  if (status === 402) {
+    const header = axiosErr.response?.headers?.["payment-required"] ?? axiosErr.response?.headers?.["x-payment-required"];
+    if (header) {
+      try {
+        const decoded = JSON.parse(Buffer.from(header, "base64").toString());
+        return { resourceUrl: decoded.resource?.url };
+      } catch {
+      }
+    }
+    return {};
+  }
+  if (message.includes("402") || message.includes("PAYMENT_REQUIRED") || message.includes("no active x402 subscription")) {
+    return {};
+  }
+  return null;
+}
+function resolvePurchaseUrl(baseUrl, info) {
+  if (info.resourceUrl) {
+    if (info.resourceUrl.startsWith("http")) return info.resourceUrl;
+    return `${baseUrl}${info.resourceUrl}`;
+  }
+  return `${baseUrl}/x402/purchase?plan=nano`;
+}
+function replacePlanInUrl(url, plan) {
+  try {
+    const u = new URL(url);
+    u.searchParams.set("plan", plan);
+    return u.toString();
+  } catch {
+    return url.replace(/plan=[^&]+/, `plan=${encodeURIComponent(plan)}`);
+  }
 }
 // src/lib/validate.ts
@@ -971,7 +974,7 @@ function registerMarketCommands(program2) {
 // src/commands/wallet.ts
 init_config();
-import * as readline from "readline/promises";
+import * as readline2 from "readline/promises";
 function registerWalletCommands(program2) {
   const wallet = program2.command("wallet").description("Wallet analytics and management");
   wallet.command("profile").description("Wallet profile: PnL + net worth + top holdings").requiredOption("--chain <chain>", "Chain: sol/bsc/eth").requiredOption("--address <address>", "Wallet address").option("--raw", "Single-line JSON output").action(async (opts) => {
@@ -1040,22 +1043,22 @@ function registerWalletCommands(program2) {
       const walletMode = (await Promise.resolve().then(() => (init_config(), config_exports))).getWalletMode(config);
       if (walletMode === "turnkey" && config.turnkey) {
         if (config.turnkey.evmAddress || config.turnkey.solanaAddress) {
-          if (config.turnkey.evmAddress) process.stdout.write(`EVM:    ${config.turnkey.evmAddress}
+          if (config.turnkey.evmAddress) process.stdout.write(`Base:   ${config.turnkey.evmAddress}
 `);
           if (config.turnkey.solanaAddress) process.stdout.write(`Solana: ${config.turnkey.solanaAddress}
 `);
         } else {
           const { createWalletWithAddresses: createWalletWithAddresses2 } = await Promise.resolve().then(() => (init_wallet(), wallet_exports));
           const wallets = await createWalletWithAddresses2(config, "turnkey");
-          if (wallets.evm) process.stdout.write(`EVM:    ${wallets.evm.address}
+          if (wallets.base) process.stdout.write(`Base:   ${wallets.base.address}
 `);
-          if (wallets.solana) process.stdout.write(`Solana: ${wallets.solana.address}
+          if (wallets.sol) process.stdout.write(`Solana: ${wallets.sol.address}
 `);
         }
       } else if (config.rawWallet) {
         const { createWallet: createWallet2 } = await Promise.resolve().then(() => (init_wallet(), wallet_exports));
         const w = createWallet2(config, "raw");
-        process.stdout.write(`${w.chain.toUpperCase()}: ${w.address}
+        process.stdout.write(`${w.paymentChain.toUpperCase()}: ${w.address}
 `);
       } else {
         process.stdout.write("No wallet configured. Run: chainstream login\n");
@@ -1091,9 +1094,9 @@ function registerWalletCommands(program2) {
       exitOnError(err);
     }
   });
-  wallet.command("set-raw").description("Set raw private key (dev/testing only)").requiredOption("--chain <chain>", "Chain: evm/solana").action(async (opts) => {
+  wallet.command("set-raw").description("Set raw private key (dev/testing only)").requiredOption("--chain <chain>", "Chain: base/sol").action(async (opts) => {
     try {
-      const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+      const rl = readline2.createInterface({ input: process.stdin, output: process.stdout });
       process.stdout.write("\u26A0 WARNING: Raw private key will be stored in plaintext.\n");
       process.stdout.write("  Use Turnkey (chainstream login) for production.\n\n");
       const key = await rl.question("Enter private key: ");
@@ -1139,7 +1142,7 @@ function registerKytCommands(program2) {
 }
 // src/commands/dex.ts
-import * as readline2 from "readline/promises";
+import * as readline3 from "readline/promises";
 function registerDexCommands(program2) {
   const dex = program2.command("dex").description("DEX swap, quote, and token creation");
   dex.command("quote").description("Get swap quote (read-only)").requiredOption("--chain <chain>", "Chain: sol/bsc/eth").requiredOption("--input-token <addr>", "Input token (address or SOL/ETH/BNB/USDC)").requiredOption("--output-token <addr>", "Output token (address or SOL/ETH/BNB/USDC)").requiredOption("--amount <amount>", "Input amount (smallest unit)").option("--raw", "Single-line JSON output").action(async (opts) => {
@@ -1191,7 +1194,7 @@ function registerDexCommands(program2) {
 `);
       process.stderr.write("--------------------\n\n");
       if (!opts.yes) {
-        const rl = readline2.createInterface({ input: process.stdin, output: process.stderr });
+        const rl = readline3.createInterface({ input: process.stdin, output: process.stderr });
         const answer = await rl.question("Confirm swap? (y/N): ");
         rl.close();
         if (answer.toLowerCase() !== "y") {
@@ -1346,7 +1349,7 @@ function saveKey(keyPair, profile = DEFAULT_PROFILE) {
 // src/commands/auth.ts
 init_turnkey();
 init_constants();
-import * as readline3 from "readline/promises";
+import * as readline4 from "readline/promises";
 async function resolveAndStoreAddresses(turnkeyCreds) {
   process.stderr.write("Resolving wallet addresses...\n");
   const [evmAddress, solanaAddress] = await Promise.all([
@@ -1358,7 +1361,7 @@ async function resolveAndStoreAddresses(turnkeyCreds) {
   });
 }
 function registerAuthCommands(program2) {
-  program2.command("login").description("Create wallet (default) or login via email OTP (--email)").argument("[email]", "Email address for OTP login (optional)").option("--email", "Use email OTP login instead of key-based").action(async (emailArg, opts) => {
+  program2.command("login").description("Create wallet (default: --key) or login via email OTP").argument("[email]", "Email address for OTP login").option("--key", "Key-based login \u2014 no email required (default)").option("--email", "Email OTP login").action(async (emailArg, opts) => {
     try {
       if (opts.email || emailArg) {
         await doEmailLogin(emailArg);
@@ -1519,7 +1522,7 @@ async function doKeyLogin() {
 }
 async function doEmailLogin(email) {
   if (!email) {
-    const rl2 = readline3.createInterface({ input: process.stdin, output: process.stderr });
+    const rl2 = readline4.createInterface({ input: process.stdin, output: process.stderr });
     email = await rl2.question("Enter your email: ");
     rl2.close();
     if (!email?.trim()) throw new Error("Email required.");
@@ -1535,7 +1538,7 @@ async function doEmailLogin(email) {
 `);
     return;
   }
-  const rl = readline3.createInterface({ input: process.stdin, output: process.stderr });
+  const rl = readline4.createInterface({ input: process.stdin, output: process.stderr });
   const code = await rl.question("Enter OTP code: ");
   rl.close();
   if (!code?.trim()) throw new Error("OTP code required.");
@@ -1584,7 +1587,7 @@ async function doBindEmail(email) {
     throw new Error("No wallet found. Run 'chainstream login' first.");
   }
   if (!email) {
-    const rl2 = readline3.createInterface({ input: process.stdin, output: process.stderr });
+    const rl2 = readline4.createInterface({ input: process.stdin, output: process.stderr });
     email = await rl2.question("Enter email to bind: ");
     rl2.close();
     if (!email?.trim()) throw new Error("Email required.");
@@ -1592,14 +1595,15 @@ async function doBindEmail(email) {
   }
   process.stderr.write(`Sending verification code to ${email}...
 `);
-  const { otpId } = await callOtpInit(email, config.turnkey.organizationId);
+  const { otpId } = await callOtpInit(email);
   if (!process.stdin.isTTY) {
-    process.stdout.write(JSON.stringify({ otpId, email }) + "\n");
-    process.stderr.write("Non-interactive mode. To complete binding, verify the OTP\n");
-    process.stderr.write("and call the Turnkey update_user_email API with the verificationToken.\n");
+    process.stdout.write(JSON.stringify({ otpId, email, step: "verify" }) + "\n");
+    process.stderr.write("Non-interactive mode. Complete with:\n");
+    process.stderr.write(`  chainstream bind-email-verify --otp-id ${otpId} --code <code> --email ${email}
+`);
     return;
   }
-  const rl = readline3.createInterface({ input: process.stdin, output: process.stderr });
+  const rl = readline4.createInterface({ input: process.stdin, output: process.stderr });
   const code = await rl.question("Enter verification code: ");
   rl.close();
   if (!code?.trim()) throw new Error("Verification code required.");
@@ -1607,14 +1611,13 @@ async function doBindEmail(email) {
   const { verificationToken } = await callOtpVerify(
     otpId,
     code.trim(),
-    config.turnkey.publicKeyHex,
-    config.turnkey.organizationId
+    config.turnkey.publicKeyHex
   );
-  process.stderr.write("Binding email to Turnkey wallet...\n");
+  process.stderr.write("Binding email to wallet...\n");
   await updateTurnkeyUserEmail(email, verificationToken, config.turnkey);
   process.stdout.write(`Email ${email} bound successfully.
 `);
-  process.stdout.write("You can now use this email for account recovery.\n");
+  process.stdout.write("You can now use 'chainstream login --email' with this email.\n");
 }
 // src/commands/config-cmd.ts
@@ -1623,7 +1626,7 @@ function registerConfigCommands(program2) {
   const config = program2.command("config").description("Configuration management");
   config.command("set").description("Set a configuration value").requiredOption("--key <key>", "Config key (apiKey, baseUrl)").requiredOption("--value <value>", "Config value").action((opts) => {
     try {
-      const allowedKeys = ["apiKey", "baseUrl"];
+      const allowedKeys = ["apiKey", "baseUrl", "walletChain", "plan"];
       if (!allowedKeys.includes(opts.key)) {
         throw new Error(`Invalid key "${opts.key}". Allowed: ${allowedKeys.join(", ")}`);
       }
@@ -1683,7 +1686,7 @@ function registerConfigCommands(program2) {
       } else {
         process.stdout.write("Auth: Not configured\n");
         process.stdout.write("  Run: chainstream login           # Turnkey wallet\n");
-        process.stdout.write("  Run: chainstream config set apiKey <key>  # API key\n");
+        process.stdout.write("  Run: chainstream config set --key apiKey --value <key>  # API key\n");
       }
     } catch (err) {
       exitOnError(err);