@layr-labs/ecloud-cli 0.2.0-dev.1 → 0.2.0-dev.2

package/dist/commands/compute/app/upgrade.js

@@ -2,7 +2,14 @@
 
 // src/commands/compute/app/upgrade.ts
 import { Command, Args, Flags as Flags2 } from "@oclif/core";
-import { getEnvironmentConfig as getEnvironmentConfig3, UserApiClient as UserApiClient3, isMainnet } from "@layr-labs/ecloud-sdk";
+import {
+  getEnvironmentConfig as getEnvironmentConfig2,
+  UserApiClient as UserApiClient3,
+  isMainnet,
+  prepareUpgrade,
+  executeUpgrade,
+  watchUpgrade
+} from "@layr-labs/ecloud-sdk";
 
 // src/telemetry.ts
 import {
@@ -64,42 +71,6 @@ function saveGlobalConfig(config) {
   const content = dumpYaml(config, { lineWidth: -1 });
   fs.writeFileSync(configPath, content, { mode: 420 });
 }
-function normalizeDirectoryPath(directoryPath) {
-  const resolved = path.resolve(directoryPath);
-  try {
-    return fs.realpathSync(resolved);
-  } catch {
-    return resolved;
-  }
-}
-function getLinkedAppForDirectory(environment, directoryPath) {
-  if (!directoryPath) {
-    return null;
-  }
-  const config = loadGlobalConfig();
-  const links = config.directory_links?.[environment];
-  if (!links) {
-    return null;
-  }
-  const normalizedPath = normalizeDirectoryPath(directoryPath);
-  const appId = links[normalizedPath];
-  return appId || null;
-}
-function setLinkedAppForDirectory(environment, directoryPath, appId) {
-  if (!directoryPath || !environment) {
-    return;
-  }
-  const config = loadGlobalConfig();
-  if (!config.directory_links) {
-    config.directory_links = {};
-  }
-  if (!config.directory_links[environment]) {
-    config.directory_links[environment] = {};
-  }
-  const normalizedPath = normalizeDirectoryPath(directoryPath);
-  config.directory_links[environment][normalizedPath] = appId.toLowerCase();
-  saveGlobalConfig(config);
-}
 function getDefaultEnvironment() {
   const config = loadGlobalConfig();
   return config.default_environment;
@@ -201,7 +172,6 @@ async function withTelemetry(command, action) {
 
 // src/flags.ts
 import { Flags } from "@oclif/core";
-import { getBuildType as getBuildType3 } from "@layr-labs/ecloud-sdk";
 
 // src/utils/prompts.ts
 import { input, select, password, confirm as inquirerConfirm } from "@inquirer/prompts";
@@ -280,7 +250,7 @@ function listApps(environment) {
 
 // src/utils/version.ts
 function getCliVersion() {
-  return true ? "0.2.0-dev.1" : "0.0.0";
+  return true ? "0.2.0-dev.2" : "0.0.0";
 }
 function getClientId() {
   return `ecloud-cli/v${getCliVersion()}`;
@@ -336,113 +306,6 @@ Found Dockerfile in ${cwd}`);
       throw new Error(`Unexpected choice: ${choice}`);
   }
 }
-async function promptUseVerifiableBuild() {
-  return confirmWithDefault("Build from verifiable source?", false);
-}
-async function promptVerifiableSourceType() {
-  return select({
-    message: "Choose verifiable source type:",
-    choices: [
-      { name: "Build from git source (public repo required)", value: "git" },
-      { name: "Use a prebuilt verifiable image (eigencloud-containers)", value: "prebuilt" }
-    ]
-  });
-}
-async function promptVerifiableGitSourceInputs() {
-  const repoUrl = (await input({
-    message: "Enter public git repository URL:",
-    default: "",
-    validate: (value) => {
-      if (!value.trim()) return "Repository URL is required";
-      try {
-        const url = new URL(value.trim());
-        if (url.protocol !== "https:") return "Repository URL must start with https://";
-        if (url.hostname.toLowerCase() !== "github.com")
-          return "Repository URL must be a public GitHub HTTPS URL (github.com)";
-        const parts = url.pathname.replace(/\/+$/, "").split("/").filter(Boolean);
-        if (parts.length < 2) return "Repository URL must be https://github.com/<owner>/<repo>";
-        const [owner, repo] = parts;
-        if (!owner || !repo) return "Repository URL must be https://github.com/<owner>/<repo>";
-        if (repo.toLowerCase() === "settings") return "Repository URL looks invalid";
-        if (url.search || url.hash)
-          return "Repository URL must not include query params or fragments";
-      } catch {
-        return "Invalid URL format";
-      }
-      return true;
-    }
-  })).trim();
-  const gitRef = (await input({
-    message: "Enter git commit SHA (40 hex chars):",
-    default: "",
-    validate: (value) => {
-      const trimmed = value.trim();
-      if (!trimmed) return "Commit SHA is required";
-      if (!/^[0-9a-f]{40}$/i.test(trimmed))
-        return "Commit must be a 40-character hexadecimal SHA";
-      return true;
-    }
-  })).trim();
-  const buildContextPath = (await input({
-    message: "Enter build context path (relative to repo):",
-    default: ".",
-    validate: (value) => value.trim() ? true : "Build context path cannot be empty"
-  })).trim();
-  const dockerfilePath = (await input({
-    message: "Enter Dockerfile path (relative to build context):",
-    default: "Dockerfile",
-    validate: (value) => value.trim() ? true : "Dockerfile path cannot be empty"
-  })).trim();
-  const caddyfileRaw = (await input({
-    message: "Enter Caddyfile path (relative to build context, optional):",
-    default: "",
-    validate: (value) => {
-      const trimmed = value.trim();
-      if (!trimmed) return true;
-      if (trimmed.includes("..")) return "Caddyfile path must not contain '..'";
-      return true;
-    }
-  })).trim();
-  const depsRaw = (await input({
-    message: "Enter dependency digests (comma-separated sha256:..., optional):",
-    default: "",
-    validate: (value) => {
-      const trimmed = value.trim();
-      if (!trimmed) return true;
-      const parts = trimmed.split(",").map((p) => p.trim()).filter(Boolean);
-      for (const p of parts) {
-        if (!/^sha256:[0-9a-f]{64}$/i.test(p)) {
-          return `Invalid dependency digest: ${p} (expected sha256:<64 hex>)`;
-        }
-      }
-      return true;
-    }
-  })).trim();
-  const dependencies = depsRaw === "" ? [] : depsRaw.split(",").map((p) => p.trim()).filter(Boolean);
-  return {
-    repoUrl,
-    gitRef,
-    dockerfilePath,
-    caddyfilePath: caddyfileRaw === "" ? void 0 : caddyfileRaw,
-    buildContextPath,
-    dependencies
-  };
-}
-async function promptVerifiablePrebuiltImageRef() {
-  const ref = await input({
-    message: "Enter prebuilt verifiable image ref:",
-    default: "docker.io/eigenlayer/eigencloud-containers:",
-    validate: (value) => {
-      const trimmed = value.trim();
-      if (!trimmed) return "Image reference is required";
-      if (!/^docker\.io\/eigenlayer\/eigencloud-containers:[^@\s]+$/i.test(trimmed)) {
-        return "Image ref must match docker.io/eigenlayer/eigencloud-containers:<tag>";
-      }
-      return true;
-    }
-  });
-  return ref.trim();
-}
 function extractHostname(registry) {
   let hostname = registry.replace(/^https?:\/\//, "");
   hostname = hostname.split("/")[0];
@@ -582,9 +445,6 @@ function getDefaultAppName() {
     return "myapp";
   }
 }
-function getCurrentProjectPath() {
-  return process.env.INIT_CWD || process.cwd();
-}
 function suggestImageReference(registry, imageName, tag) {
   imageName = imageName.toLowerCase().replace(/_/g, "-");
   if (!tag) {
@@ -931,7 +791,6 @@ Select an app to ${action}:
     switch (action) {
       case "view":
       case "view info for":
-      case "view releases for":
       case "set profile for":
         return true;
       case "start":
@@ -960,19 +819,7 @@ Select an app to ${action}:
       index: i
     });
   }
-  const linkedAppId = getLinkedAppForDirectory(environment, getCurrentProjectPath());
-  const normalizedLinkedAppId = linkedAppId ? linkedAppId.toLowerCase() : "";
   appItems.sort((a, b) => {
-    if (normalizedLinkedAppId) {
-      const aLinked = String(a.addr).toLowerCase() === normalizedLinkedAppId;
-      const bLinked = String(b.addr).toLowerCase() === normalizedLinkedAppId;
-      if (aLinked && !bLinked) {
-        return -1;
-      }
-      if (bLinked && !aLinked) {
-        return 1;
-      }
-    }
     const aPriority = getStatusPriority(a.status, false);
     const bPriority = getStatusPriority(b.status, false);
     if (aPriority !== bPriority) {
@@ -1038,18 +885,7 @@ async function getAppIDInteractiveFromRegistry(environment, action) {
     }
     throw new Error(`Invalid app ID address: ${appIDInput}`);
   }
-  const entries = Object.entries(allApps);
-  const linkedAppId = getLinkedAppForDirectory(environment, getCurrentProjectPath());
-  if (linkedAppId) {
-    const linkedIndex = entries.findIndex(
-      ([, appId]) => String(appId).toLowerCase() === linkedAppId.toLowerCase()
-    );
-    if (linkedIndex > 0) {
-      const [linkedEntry] = entries.splice(linkedIndex, 1);
-      entries.unshift(linkedEntry);
-    }
-  }
-  const choices = entries.map(([name, appID]) => {
+  const choices = Object.entries(allApps).map(([name, appID]) => {
     const displayName = `${name} (${appID})`;
     return { name: displayName, value: appID };
   });
@@ -1127,8 +963,8 @@ async function getPrivateKeyInteractive(privateKey) {
     }
     return privateKey;
   }
-  const { getPrivateKeyWithSource: getPrivateKeyWithSource2 } = await import("@layr-labs/ecloud-sdk");
-  const result = await getPrivateKeyWithSource2({ privateKey: void 0 });
+  const { getPrivateKeyWithSource } = await import("@layr-labs/ecloud-sdk");
+  const result = await getPrivateKeyWithSource({ privateKey: void 0 });
   if (result) {
     return result.key;
   }
@@ -1147,50 +983,6 @@ async function getPrivateKeyInteractive(privateKey) {
   });
   return key.trim();
 }
-async function getEnvironmentInteractive(environment) {
-  if (environment) {
-    try {
-      getEnvironmentConfig(environment);
-      if (!isEnvironmentAvailable(environment)) {
-        throw new Error(`Environment ${environment} is not available in this build`);
-      }
-      return environment;
-    } catch {
-    }
-  }
-  const availableEnvs = getAvailableEnvironments();
-  let defaultEnv;
-  const configDefaultEnv = getDefaultEnvironment();
-  if (configDefaultEnv && availableEnvs.includes(configDefaultEnv)) {
-    try {
-      getEnvironmentConfig(configDefaultEnv);
-      defaultEnv = configDefaultEnv;
-    } catch {
-    }
-  }
-  const choices = [];
-  if (availableEnvs.includes("sepolia")) {
-    choices.push({ name: "sepolia - Ethereum Sepolia testnet", value: "sepolia" });
-  }
-  if (availableEnvs.includes("sepolia-dev")) {
-    choices.push({ name: "sepolia-dev - Ethereum Sepolia testnet (dev)", value: "sepolia-dev" });
-  }
-  if (availableEnvs.includes("mainnet-alpha")) {
-    choices.push({
-      name: "mainnet-alpha - Ethereum mainnet (\u26A0\uFE0F  uses real funds)",
-      value: "mainnet-alpha"
-    });
-  }
-  if (choices.length === 0) {
-    throw new Error("No environments available in this build");
-  }
-  const env = await select({
-    message: "Select environment:",
-    choices,
-    default: defaultEnv
-  });
-  return env;
-}
 var MAX_IMAGE_SIZE = 4 * 1024 * 1024;
 
 // src/flags.ts
@@ -1198,8 +990,7 @@ var commonFlags = {
   environment: Flags.string({
     required: false,
     description: "Deployment environment to use",
-    env: "ECLOUD_ENV",
-    default: async () => getDefaultEnvironment() || (getBuildType3() === "dev" ? "sepolia-dev" : "sepolia")
+    env: "ECLOUD_ENV"
   }),
   "private-key": Flags.string({
     required: false,
@@ -1217,227 +1008,9 @@ var commonFlags = {
     default: false
   })
 };
-async function validateCommonFlags(flags, options) {
-  flags["environment"] = await getEnvironmentInteractive(flags["environment"]);
-  if (options?.requirePrivateKey !== false) {
-    flags["private-key"] = await getPrivateKeyInteractive(flags["private-key"]);
-  }
-  return flags;
-}
-
-// src/client.ts
-import {
-  createComputeModule,
-  createBillingModule,
-  createBuildModule,
-  getEnvironmentConfig as getEnvironmentConfig2,
-  requirePrivateKey,
-  getPrivateKeyWithSource
-} from "@layr-labs/ecloud-sdk";
-async function createComputeClient(flags) {
-  flags = await validateCommonFlags(flags);
-  const environment = flags.environment;
-  const environmentConfig = getEnvironmentConfig2(environment);
-  const rpcUrl = flags["rpc-url"] || environmentConfig.defaultRPCURL;
-  const { key: privateKey, source } = await requirePrivateKey({
-    privateKey: flags["private-key"]
-  });
-  if (flags.verbose) {
-    console.log(`Using private key from: ${source}`);
-  }
-  return createComputeModule({
-    verbose: flags.verbose,
-    privateKey,
-    rpcUrl,
-    environment,
-    clientId: getClientId(),
-    skipTelemetry: true
-    // CLI already has telemetry, skip SDK telemetry
-  });
-}
-async function createBuildClient(flags) {
-  flags = await validateCommonFlags(flags, { requirePrivateKey: false });
-  return createBuildModule({
-    verbose: flags.verbose,
-    privateKey: flags["private-key"],
-    environment: flags.environment,
-    clientId: getClientId(),
-    skipTelemetry: true
-    // CLI already has telemetry, skip SDK telemetry
-  });
-}
 
 // src/commands/compute/app/upgrade.ts
 import chalk from "chalk";
-
-// src/utils/build.ts
-function formatSourceLink(repoUrl, gitRef) {
-  const normalizedRepo = repoUrl.replace(/\.git$/, "");
-  try {
-    const url = new URL(normalizedRepo);
-    const host = url.host.toLowerCase();
-    if (host === "github.com") {
-      const path4 = url.pathname.replace(/\/+$/, "");
-      if (path4.split("/").filter(Boolean).length >= 2) {
-        return `https://github.com${path4}/tree/${gitRef}`;
-      }
-    }
-  } catch {
-  }
-  return `${repoUrl}@${gitRef}`;
-}
-function extractRepoName(repoUrl) {
-  const normalized = repoUrl.replace(/\.git$/, "");
-  const match = normalized.match(/\/([^/]+?)$/);
-  return match?.[1];
-}
-function formatDependencyLines(dependencies) {
-  if (!dependencies || Object.keys(dependencies).length === 0) return [];
-  const lines = [];
-  lines.push("Dependencies (resolved builds):");
-  for (const [digest, dep] of Object.entries(dependencies)) {
-    const name = extractRepoName(dep.repoUrl);
-    const depSource = formatSourceLink(dep.repoUrl, dep.gitRef);
-    lines.push(`  - ${digest} \u2713${name ? ` ${name}` : ""}`);
-    lines.push(`    ${depSource}`);
-  }
-  return lines;
-}
-function formatVerifiableBuildSummary(options) {
-  const lines = [];
-  lines.push("Build completed successfully \u2713");
-  lines.push("");
-  lines.push(`Image:  ${options.imageUrl}`);
-  lines.push(`Digest: ${options.imageDigest}`);
-  lines.push(`Source: ${formatSourceLink(options.repoUrl, options.gitRef)}`);
-  const depLines = formatDependencyLines(options.dependencies);
-  if (depLines.length) {
-    lines.push("");
-    lines.push(...depLines);
-  }
-  lines.push("");
-  lines.push("Provenance signature verified \u2713");
-  lines.push(`provenance_signature: ${options.provenanceSignature}`);
-  if (options.buildId) {
-    lines.push("");
-    lines.push(`Build ID: ${options.buildId}`);
-  }
-  return lines;
-}
-
-// src/utils/verifiableBuild.ts
-import { BUILD_STATUS } from "@layr-labs/ecloud-sdk";
-function assertCommitSha40(commit) {
-  if (!/^[0-9a-f]{40}$/i.test(commit)) {
-    throw new Error("Commit must be a 40-character hexadecimal SHA");
-  }
-}
-async function runVerifiableBuildAndVerify(client, request, options = {}) {
-  const { buildId } = await client.submit(request);
-  const completed = await client.waitForBuild(buildId, { onLog: options.onLog });
-  if (completed.status !== BUILD_STATUS.SUCCESS) {
-    throw new Error(`Build did not complete successfully (status: ${completed.status})`);
-  }
-  const [build, verify] = await Promise.all([client.get(buildId), client.verify(buildId)]);
-  if (verify.status !== "verified") {
-    throw new Error(`Provenance verification failed: ${verify.error}`);
-  }
-  return { build, verified: verify };
-}
-
-// src/utils/dockerhub.ts
-var DOCKERHUB_OWNER = "eigenlayer";
-var DOCKERHUB_REPO = "eigencloud-containers";
-function parseEigencloudContainersImageRef(imageRef) {
-  const trimmed = imageRef.trim();
-  const match = /^docker\.io\/([^/]+)\/([^:@]+):([^@\s]+)$/i.exec(trimmed);
-  if (!match) {
-    throw new Error("Image ref must match docker.io/eigenlayer/eigencloud-containers:<tag>");
-  }
-  const owner = match[1].toLowerCase();
-  const repo = match[2].toLowerCase();
-  const tag = match[3];
-  if (owner !== DOCKERHUB_OWNER || repo !== DOCKERHUB_REPO) {
-    throw new Error(`Image ref must be from docker.io/${DOCKERHUB_OWNER}/${DOCKERHUB_REPO}:<tag>`);
-  }
-  if (!tag.trim()) {
-    throw new Error("Image tag cannot be empty");
-  }
-  return { owner, repo, tag };
-}
-function assertEigencloudContainersImageRef(imageRef) {
-  parseEigencloudContainersImageRef(imageRef);
-}
-async function getDockerHubToken(owner, repo) {
-  const url = new URL("https://auth.docker.io/token");
-  url.searchParams.set("service", "registry.docker.io");
-  url.searchParams.set("scope", `repository:${owner}/${repo}:pull`);
-  const res = await fetch(url.toString(), { method: "GET" });
-  if (!res.ok) {
-    const body = await safeReadText(res);
-    throw new Error(`Failed to fetch Docker Hub token (${res.status}): ${body || res.statusText}`);
-  }
-  const data = await res.json();
-  if (!data.token) {
-    throw new Error("Docker Hub token response missing 'token'");
-  }
-  return data.token;
-}
-async function safeReadText(res) {
-  try {
-    return (await res.text()).trim();
-  } catch {
-    return "";
-  }
-}
-async function resolveDockerHubImageDigest(imageRef) {
-  const { owner, repo, tag } = parseEigencloudContainersImageRef(imageRef);
-  const token = await getDockerHubToken(owner, repo);
-  const manifestUrl = `https://registry-1.docker.io/v2/${owner}/${repo}/manifests/${encodeURIComponent(tag)}`;
-  const headers = {
-    Authorization: `Bearer ${token}`,
-    Accept: "application/vnd.docker.distribution.manifest.v2+json"
-  };
-  let res = await fetch(manifestUrl, { method: "HEAD", headers });
-  if (!res.ok) {
-    res = await fetch(manifestUrl, { method: "GET", headers });
-  }
-  if (!res.ok) {
-    const body = await safeReadText(res);
-    throw new Error(
-      `Failed to resolve digest for ${imageRef} (${res.status}) at ${manifestUrl}: ${body || res.statusText}`
-    );
-  }
-  const digest = res.headers.get("docker-content-digest") || res.headers.get("Docker-Content-Digest");
-  if (!digest) {
-    throw new Error(
-      `Docker registry response missing Docker-Content-Digest header for ${imageRef}`
-    );
-  }
-  if (!/^sha256:[0-9a-f]{64}$/i.test(digest)) {
-    throw new Error(`Unexpected digest format from Docker registry: ${digest}`);
-  }
-  return digest;
-}
-
-// src/utils/tls.ts
-import fs4 from "fs";
-function isTlsEnabledFromDomain(domain) {
-  const d = (domain ?? "").trim();
-  if (!d) return false;
-  if (d.toLowerCase() === "localhost") return false;
-  return true;
-}
-function isTlsEnabledFromEnvFile(envFilePath) {
-  if (!envFilePath) return false;
-  if (!fs4.existsSync(envFilePath)) return false;
-  const envContent = fs4.readFileSync(envFilePath, "utf-8");
-  const match = envContent.match(/^DOMAIN=(.+)$/m);
-  if (!match?.[1]) return false;
-  return isTlsEnabledFromDomain(match[1]);
-}
-
-// src/commands/compute/app/upgrade.ts
 var AppUpgrade = class _AppUpgrade extends Command {
   static description = "Upgrade existing deployment";
   static args = {
@@ -1480,43 +1053,21 @@ var AppUpgrade = class _AppUpgrade extends Command {
       description: "Resource usage monitoring: enable or disable",
       options: ["enable", "disable"],
       env: "ECLOUD_RESOURCE_USAGE_MONITORING"
-    }),
-    // Verifiable build flags
-    verifiable: Flags2.boolean({
-      description: "Enable verifiable build mode (either build from git source via --repo/--commit, or upgrade to a prebuilt verifiable image via --image-ref)",
-      default: false
-    }),
-    repo: Flags2.string({
-      description: "Git repository URL (required with --verifiable git source mode)",
-      env: "ECLOUD_BUILD_REPO"
-    }),
-    commit: Flags2.string({
-      description: "Git commit SHA (required with --verifiable git source mode)",
-      env: "ECLOUD_BUILD_COMMIT"
-    }),
-    "build-dockerfile": Flags2.string({
-      description: "Dockerfile path for verifiable build (git source mode)",
-      default: "Dockerfile",
-      env: "ECLOUD_BUILD_DOCKERFILE"
-    }),
-    "build-context": Flags2.string({
-      description: "Build context path for verifiable build (git source mode)",
-      default: ".",
-      env: "ECLOUD_BUILD_CONTEXT"
-    }),
-    "build-dependencies": Flags2.string({
-      description: "Dependency digests for verifiable build (git source mode) (sha256:...)",
-      multiple: true
     })
   };
   async run() {
     return withTelemetry(this, async () => {
       const { args, flags } = await this.parse(_AppUpgrade);
-      const compute = await createComputeClient(flags);
-      const environment = flags.environment;
-      const environmentConfig = getEnvironmentConfig3(environment);
+      const logger = {
+        info: (msg) => this.log(msg),
+        warn: (msg) => this.warn(msg),
+        error: (msg) => this.error(msg),
+        debug: (msg) => flags.verbose && this.log(msg)
+      };
+      const environment = flags.environment || "sepolia";
+      const environmentConfig = getEnvironmentConfig2(environment);
       const rpcUrl = flags["rpc-url"] || environmentConfig.defaultRPCURL;
-      const privateKey = flags["private-key"];
+      const privateKey = await getPrivateKeyInteractive(flags["private-key"]);
       const appID = await getOrPromptAppID({
         appID: args["app-id"],
         environment,
@@ -1524,125 +1075,10 @@ var AppUpgrade = class _AppUpgrade extends Command {
         rpcUrl,
         action: "upgrade"
       });
-      let buildClient;
-      const getBuildClient = async () => {
-        if (buildClient) return buildClient;
-        buildClient = await createBuildClient({
-          ...flags,
-          "private-key": privateKey
-        });
-        return buildClient;
-      };
-      let verifiableImageUrl;
-      let verifiableImageDigest;
-      let verifiableMode = "none";
-      let envFilePath;
-      if (flags.verifiable) {
-        if (flags.repo || flags.commit) {
-          verifiableMode = "git";
-          if (!flags.repo)
-            this.error("--repo is required when using --verifiable (git source mode)");
-          if (!flags.commit)
-            this.error("--commit is required when using --verifiable (git source mode)");
-          try {
-            assertCommitSha40(flags.commit);
-          } catch (e) {
-            this.error(e?.message || String(e));
-          }
-        } else if (flags["image-ref"]) {
-          verifiableMode = "prebuilt";
-          try {
-            assertEigencloudContainersImageRef(flags["image-ref"]);
-          } catch (e) {
-            this.error(e?.message || String(e));
-          }
-        } else {
-          this.error(
-            "When using --verifiable, you must provide either --repo/--commit or --image-ref"
-          );
-        }
-      } else {
-        if (!flags.dockerfile) {
-          const useVerifiable = await promptUseVerifiableBuild();
-          if (useVerifiable) {
-            const sourceType = await promptVerifiableSourceType();
-            verifiableMode = sourceType;
-          }
-        }
-      }
-      if (verifiableMode === "git") {
-        const inputs = flags.verifiable ? {
-          repoUrl: flags.repo,
-          gitRef: flags.commit,
-          dockerfilePath: flags["build-dockerfile"],
-          caddyfilePath: void 0,
-          buildContextPath: flags["build-context"],
-          dependencies: flags["build-dependencies"]
-        } : await promptVerifiableGitSourceInputs();
-        envFilePath = await getEnvFileInteractive(flags["env-file"]);
-        const includeTlsCaddyfile = isTlsEnabledFromEnvFile(envFilePath);
-        if (includeTlsCaddyfile && !inputs.caddyfilePath) {
-          inputs.caddyfilePath = "Caddyfile";
-        }
-        this.log(chalk.blue("Building from source with verifiable build..."));
-        this.log("");
-        const buildClient2 = await getBuildClient();
-        const { build, verified } = await runVerifiableBuildAndVerify(buildClient2, inputs, {
-          onLog: (chunk) => process.stdout.write(chunk)
-        });
-        if (!build.imageUrl || !build.imageDigest) {
-          this.error(
-            "Build completed but did not return imageUrl/imageDigest; cannot upgrade verifiable build"
-          );
-        }
-        verifiableImageUrl = build.imageUrl;
-        verifiableImageDigest = build.imageDigest;
-        for (const line of formatVerifiableBuildSummary({
-          buildId: build.buildId,
-          imageUrl: build.imageUrl,
-          imageDigest: build.imageDigest,
-          repoUrl: build.repoUrl,
-          gitRef: build.gitRef,
-          dependencies: build.dependencies,
-          provenanceSignature: verified.provenanceSignature
-        })) {
-          this.log(line);
-        }
-      }
-      if (verifiableMode === "prebuilt") {
-        const imageRef2 = flags.verifiable ? flags["image-ref"] : await promptVerifiablePrebuiltImageRef();
-        try {
-          assertEigencloudContainersImageRef(imageRef2);
-        } catch (e) {
-          this.error(e?.message || String(e));
-        }
-        this.log(chalk.blue("Resolving and verifying prebuilt verifiable image..."));
-        this.log("");
-        const digest = await resolveDockerHubImageDigest(imageRef2);
-        const buildClient2 = await getBuildClient();
-        const verify = await buildClient2.verify(digest);
-        if (verify.status !== "verified") {
-          this.error(`Provenance verification failed: ${verify.error}`);
-        }
-        verifiableImageUrl = imageRef2;
-        verifiableImageDigest = digest;
-        for (const line of formatVerifiableBuildSummary({
-          buildId: verify.buildId,
-          imageUrl: imageRef2,
-          imageDigest: digest,
-          repoUrl: verify.repoUrl,
-          gitRef: verify.gitRef,
-          dependencies: void 0,
-          provenanceSignature: verify.provenanceSignature
-        })) {
-          this.log(line);
-        }
-      }
-      const isVerifiable = verifiableMode !== "none";
-      const dockerfilePath = isVerifiable ? "" : await getDockerfileInteractive(flags.dockerfile);
+      const dockerfilePath = await getDockerfileInteractive(flags.dockerfile);
       const buildFromDockerfile = dockerfilePath !== "";
-      const imageRef = verifiableImageUrl ? verifiableImageUrl : await getImageReferenceInteractive(flags["image-ref"], buildFromDockerfile);
-      envFilePath = envFilePath ?? await getEnvFileInteractive(flags["env-file"]);
+      const imageRef = await getImageReferenceInteractive(flags["image-ref"], buildFromDockerfile);
+      const envFilePath = await getEnvFileInteractive(flags["env-file"]);
       let currentInstanceType = "";
       try {
         const userApiClient = new UserApiClient3(
@@ -1674,21 +1110,22 @@ var AppUpgrade = class _AppUpgrade extends Command {
         flags["resource-usage-monitoring"]
       );
       const logVisibility = logSettings.publicLogs ? "public" : logSettings.logRedirect ? "private" : "off";
-      const { prepared, gasEstimate } = isVerifiable ? await compute.app.prepareUpgradeFromVerifiableBuild(appID, {
-        imageRef,
-        imageDigest: verifiableImageDigest,
-        envFile: envFilePath,
-        instanceType,
-        logVisibility,
-        resourceUsageMonitoring
-      }) : await compute.app.prepareUpgrade(appID, {
-        dockerfile: dockerfilePath,
-        imageRef,
-        envFile: envFilePath,
-        instanceType,
-        logVisibility,
-        resourceUsageMonitoring
-      });
+      const { prepared, gasEstimate } = await prepareUpgrade(
+        {
+          appId: appID,
+          privateKey,
+          rpcUrl,
+          environment,
+          dockerfilePath,
+          imageRef,
+          envFilePath,
+          instanceType,
+          logVisibility,
+          resourceUsageMonitoring,
+          skipTelemetry: true
+        },
+        logger
+      );
       this.log(`
 Estimated transaction cost: ${chalk.cyan(gasEstimate.maxCostEth)} ETH`);
       if (isMainnet(environmentConfig)) {
@@ -1699,17 +1136,17 @@ ${chalk.gray(`Upgrade cancelled`)}`);
           return;
         }
       }
-      const res = await compute.app.executeUpgrade(prepared, {
-        maxFeePerGas: gasEstimate.maxFeePerGas,
-        maxPriorityFeePerGas: gasEstimate.maxPriorityFeePerGas
-      });
-      await compute.app.watchUpgrade(res.appId);
-      try {
-        const cwd = process.env.INIT_CWD || process.cwd();
-        setLinkedAppForDirectory(environment, cwd, res.appId);
-      } catch (err) {
-        this.debug(`Failed to link directory to app: ${err.message}`);
-      }
+      const res = await executeUpgrade(
+        prepared,
+        {
+          maxFeePerGas: gasEstimate.maxFeePerGas,
+          maxPriorityFeePerGas: gasEstimate.maxPriorityFeePerGas
+        },
+        logger,
+        true
+        // skipTelemetry
+      );
+      await watchUpgrade(res.appId, privateKey, rpcUrl, environment, logger, getClientId(), true);
       this.log(
         `
 \u2705 ${chalk.green(`App upgraded successfully ${chalk.bold(`(id: ${res.appId}, image: ${res.imageRef})`)}`)}`