@layr-labs/ecloud-sdk 0.1.1-dev → 0.2.0-dev

package/dist/index.js

@@ -1,19 +1,6 @@
 import {
-  createBillingModule,
-  deleteLegacyPrivateKey,
-  deletePrivateKey,
-  generateNewPrivateKey,
-  getAddressFromPrivateKey,
-  getLegacyKeys,
-  getLegacyPrivateKey,
-  getPrivateKey,
-  getPrivateKeyWithSource,
-  keyExists,
-  listStoredKeys,
-  requirePrivateKey,
-  storePrivateKey,
-  validatePrivateKey
-} from "./chunk-2R7M3OXI.js";
+  createBillingModule
+} from "./chunk-LINGJMAS.js";
 import {
   PRIMARY_LANGUAGES,
   assertValidFilePath,
@@ -40,7 +27,9 @@ import {
   getTemplate,
   logs,
   prepareDeploy,
+  prepareDeployFromVerifiableBuild,
   prepareUpgrade,
+  prepareUpgradeFromVerifiableBuild,
   sanitizeString,
   sanitizeURL,
   sanitizeXURL,
@@ -62,7 +51,7 @@ import {
   validateXURL,
   watchDeployment,
   watchUpgrade
-} from "./chunk-X4Y6OOUS.js";
+} from "./chunk-HLH3AMQF.js";
 import {
   NoopClient,
   PostHogClient,
@@ -70,6 +59,7 @@ import {
   addHexPrefix,
   addMetric,
   addMetricWithDimensions,
+  calculateBillingAuthSignature,
   createAppEnvironment,
   createMetricsContext,
   createTelemetryClient,
@@ -77,14 +67,609 @@ import {
   getAvailableEnvironments,
   getBuildType,
   getEnvironmentConfig,
+  getLogger,
   getPostHogAPIKey,
   getPostHogEndpoint,
   isEnvironmentAvailable,
   isMainnet,
   isNoopClient,
   isSubscriptionActive,
+  stripHexPrefix,
   withSDKTelemetry
-} from "./chunk-AXSYVG7H.js";
+} from "./chunk-34DXGQ35.js";
+
+// src/client/common/utils/buildapi.ts
+import axios from "axios";
+import { privateKeyToAccount } from "viem/accounts";
+var BuildApiClient = class {
+  constructor(options) {
+    this.baseUrl = options.baseUrl.replace(/\/+$/, "");
+    this.clientId = options.clientId;
+    if (options.privateKey) {
+      this.account = privateKeyToAccount(options.privateKey);
+    }
+  }
+  async submitBuild(payload) {
+    return this.authenticatedJsonRequest("/builds", "POST", payload);
+  }
+  async getBuild(buildId) {
+    return this.publicJsonRequest(`/builds/${encodeURIComponent(buildId)}`);
+  }
+  async getBuildByDigest(digest) {
+    return this.publicJsonRequest(`/builds/image/${encodeURIComponent(digest)}`);
+  }
+  async verify(identifier) {
+    return this.publicJsonRequest(`/builds/verify/${encodeURIComponent(identifier)}`);
+  }
+  async getLogs(buildId) {
+    return this.authenticatedTextRequest(`/builds/${encodeURIComponent(buildId)}/logs`);
+  }
+  async listBuilds(params) {
+    const res = await axios({
+      url: `${this.baseUrl}/builds`,
+      method: "GET",
+      params,
+      headers: this.clientId ? { "x-client-id": this.clientId } : void 0,
+      timeout: 6e4,
+      validateStatus: () => true
+    });
+    if (res.status < 200 || res.status >= 300) throw buildApiHttpError(res);
+    return res.data;
+  }
+  async publicJsonRequest(path) {
+    const res = await axios({
+      url: `${this.baseUrl}${path}`,
+      method: "GET",
+      headers: this.clientId ? { "x-client-id": this.clientId } : void 0,
+      timeout: 6e4,
+      validateStatus: () => true
+    });
+    if (res.status < 200 || res.status >= 300) throw buildApiHttpError(res);
+    return res.data;
+  }
+  async authenticatedJsonRequest(path, method, body) {
+    if (!this.account) throw new Error("Private key required for authenticated requests");
+    const headers = {
+      "Content-Type": "application/json"
+    };
+    if (this.clientId) headers["x-client-id"] = this.clientId;
+    const expiry = BigInt(Math.floor(Date.now() / 1e3) + 60);
+    const { signature } = await calculateBillingAuthSignature({
+      account: this.account,
+      product: "compute",
+      expiry
+    });
+    headers.Authorization = `Bearer ${signature}`;
+    headers["X-eigenx-expiry"] = expiry.toString();
+    headers["X-Account"] = this.account.address;
+    const res = await axios({
+      url: `${this.baseUrl}${path}`,
+      method,
+      headers,
+      data: body,
+      timeout: 6e4,
+      validateStatus: () => true
+    });
+    if (res.status < 200 || res.status >= 300) throw buildApiHttpError(res);
+    return res.data;
+  }
+  async authenticatedTextRequest(path) {
+    if (!this.account) throw new Error("Private key required for authenticated requests");
+    const headers = {};
+    if (this.clientId) headers["x-client-id"] = this.clientId;
+    const expiry = BigInt(Math.floor(Date.now() / 1e3) + 60);
+    const { signature } = await calculateBillingAuthSignature({
+      account: this.account,
+      product: "compute",
+      expiry
+    });
+    headers.Authorization = `Bearer ${signature}`;
+    headers["X-eigenx-expiry"] = expiry.toString();
+    headers["X-Account"] = this.account.address;
+    const res = await axios({
+      url: `${this.baseUrl}${path}`,
+      method: "GET",
+      headers,
+      timeout: 6e4,
+      responseType: "text",
+      validateStatus: () => true
+    });
+    if (res.status < 200 || res.status >= 300) throw buildApiHttpError(res);
+    return typeof res.data === "string" ? res.data : JSON.stringify(res.data);
+  }
+};
+function buildApiHttpError(res) {
+  const status = res.status;
+  const body = typeof res.data === "string" ? res.data : res.data ? JSON.stringify(res.data) : "";
+  const url = res.config?.url ? ` ${res.config.url}` : "";
+  return new Error(`BuildAPI request failed: ${status}${url} - ${body || "Unknown error"}`);
+}
+
+// src/client/modules/build/types.ts
+var BUILD_STATUS = {
+  BUILDING: "building",
+  SUCCESS: "success",
+  FAILED: "failed"
+};
+
+// src/client/modules/build/errors.ts
+var BuildError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "BuildError";
+  }
+};
+var AuthRequiredError = class extends BuildError {
+  constructor(message = "Authentication required") {
+    super(message);
+    this.name = "AuthRequiredError";
+  }
+};
+var BuildFailedError = class extends BuildError {
+  constructor(message, buildId) {
+    super(message);
+    this.buildId = buildId;
+    this.name = "BuildFailedError";
+  }
+};
+var ConflictError = class extends BuildError {
+  constructor(message = "Build already in progress") {
+    super(message);
+    this.name = "ConflictError";
+  }
+};
+var NotFoundError = class extends BuildError {
+  constructor(message = "Build not found") {
+    super(message);
+    this.name = "NotFoundError";
+  }
+};
+var ForbiddenError = class extends BuildError {
+  constructor(message = "Permission denied") {
+    super(message);
+    this.name = "ForbiddenError";
+  }
+};
+var TimeoutError = class extends BuildError {
+  constructor(message = "Operation timed out") {
+    super(message);
+    this.name = "TimeoutError";
+  }
+};
+var BadRequestError = class extends BuildError {
+  constructor(message = "Bad request") {
+    super(message);
+    this.name = "BadRequestError";
+  }
+};
+
+// src/client/modules/build/index.ts
+var DEFAULT_POLL_INTERVAL = 2e3;
+var DEFAULT_TIMEOUT = 30 * 60 * 1e3;
+function createBuildModule(config) {
+  const { verbose = false, skipTelemetry = false } = config;
+  const logger = getLogger(verbose);
+  const environment = config.environment || "sepolia";
+  const environmentConfig = getEnvironmentConfig(environment);
+  const api = new BuildApiClient({
+    baseUrl: environmentConfig.userApiServerURL,
+    privateKey: config.privateKey ? addHexPrefix(config.privateKey) : void 0,
+    clientId: config.clientId
+  });
+  return {
+    async submit(request) {
+      return withSDKTelemetry(
+        {
+          functionName: "build.submit",
+          skipTelemetry,
+          properties: { environment, repoUrl: request.repoUrl }
+        },
+        async () => {
+          if (!config.privateKey) throw new AuthRequiredError("Private key required for submit()");
+          const data = await api.submitBuild({
+            repo_url: request.repoUrl,
+            git_ref: request.gitRef,
+            dockerfile_path: request.dockerfilePath ?? "Dockerfile",
+            caddyfile_path: request.caddyfilePath,
+            build_context_path: request.buildContextPath ?? ".",
+            dependencies: request.dependencies ?? []
+          });
+          logger.debug(`Submitted build: ${data.build_id}`);
+          return { buildId: data.build_id };
+        }
+      );
+    },
+    async list(options) {
+      const { billingAddress, limit, offset } = options;
+      return withSDKTelemetry(
+        {
+          functionName: "build.list",
+          skipTelemetry,
+          properties: {
+            environment,
+            billingAddress,
+            ...limit !== void 0 ? { limit: String(limit) } : {},
+            ...offset !== void 0 ? { offset: String(offset) } : {}
+          }
+        },
+        async () => {
+          const data = await api.listBuilds({
+            billing_address: billingAddress,
+            limit,
+            offset
+          });
+          return Array.isArray(data) ? data.map(transformBuild) : [];
+        }
+      );
+    },
+    async get(buildId) {
+      return withSDKTelemetry(
+        { functionName: "build.get", skipTelemetry, properties: { environment, buildId } },
+        async () => transformBuild(await api.getBuild(buildId))
+      );
+    },
+    async getByDigest(digest) {
+      return withSDKTelemetry(
+        { functionName: "build.getByDigest", skipTelemetry, properties: { environment, digest } },
+        async () => transformBuild(await api.getBuildByDigest(digest))
+      );
+    },
+    async verify(identifier) {
+      return withSDKTelemetry(
+        { functionName: "build.verify", skipTelemetry, properties: { environment, identifier } },
+        async () => transformVerifyResult(await api.verify(identifier))
+      );
+    },
+    async getLogs(buildId) {
+      return withSDKTelemetry(
+        { functionName: "build.getLogs", skipTelemetry, properties: { environment, buildId } },
+        async () => {
+          if (!config.privateKey) throw new AuthRequiredError("Private key required for getLogs()");
+          return api.getLogs(buildId);
+        }
+      );
+    },
+    async submitAndWait(request, options = {}) {
+      const { buildId } = await this.submit(request);
+      return this.waitForBuild(buildId, options);
+    },
+    async waitForBuild(buildId, options = {}) {
+      const {
+        onLog,
+        onProgress,
+        pollIntervalMs = DEFAULT_POLL_INTERVAL,
+        timeoutMs = DEFAULT_TIMEOUT
+      } = options;
+      const startTime = Date.now();
+      let lastLogLength = 0;
+      while (true) {
+        if (Date.now() - startTime > timeoutMs) {
+          throw new TimeoutError(`Build timed out after ${timeoutMs}ms`);
+        }
+        const build = await this.get(buildId);
+        let logs2 = "";
+        try {
+          logs2 = await this.getLogs(buildId);
+          if (onLog && logs2.length > lastLogLength) {
+            onLog(logs2.slice(lastLogLength));
+            lastLogLength = logs2.length;
+          }
+        } catch {
+        }
+        onProgress?.({ build, logs: logs2 });
+        if (build.status === BUILD_STATUS.SUCCESS) return build;
+        if (build.status === BUILD_STATUS.FAILED) {
+          throw new BuildFailedError(build.errorMessage ?? "Build failed", buildId);
+        }
+        await sleep(pollIntervalMs);
+      }
+    },
+    async *streamLogs(buildId, pollIntervalMs = DEFAULT_POLL_INTERVAL) {
+      let lastLength = 0;
+      while (true) {
+        const build = await this.get(buildId);
+        let logs2 = "";
+        try {
+          logs2 = await this.getLogs(buildId);
+        } catch {
+        }
+        if (logs2.length > lastLength) {
+          yield {
+            content: logs2.slice(lastLength),
+            totalLength: logs2.length,
+            isComplete: build.status !== BUILD_STATUS.BUILDING,
+            finalStatus: build.status !== BUILD_STATUS.BUILDING ? build.status : void 0
+          };
+          lastLength = logs2.length;
+        }
+        if (build.status !== BUILD_STATUS.BUILDING) break;
+        await sleep(pollIntervalMs);
+      }
+    }
+  };
+}
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+function transformBuild(raw) {
+  return {
+    buildId: raw.build_id,
+    billingAddress: raw.billing_address,
+    repoUrl: raw.repo_url,
+    gitRef: raw.git_ref,
+    status: raw.status,
+    buildType: raw.build_type,
+    imageName: raw.image_name,
+    imageUrl: raw.image_url,
+    imageDigest: raw.image_digest,
+    provenanceJson: raw.provenance_json ?? void 0,
+    provenanceSignature: raw.provenance_signature ?? void 0,
+    errorMessage: raw.error_message ?? void 0,
+    createdAt: raw.created_at,
+    updatedAt: raw.updated_at,
+    dependencies: raw.dependencies ? Object.fromEntries(Object.entries(raw.dependencies).map(([k, v]) => [k, transformBuild(v)])) : void 0
+  };
+}
+function transformVerifyResult(raw) {
+  if (raw.status === "verified") {
+    return {
+      status: "verified",
+      buildId: raw.build_id,
+      imageUrl: raw.image_url,
+      imageDigest: raw.image_digest,
+      repoUrl: raw.repo_url,
+      gitRef: raw.git_ref,
+      provenanceJson: raw.provenance_json,
+      provenanceSignature: raw.provenance_signature,
+      payloadType: raw.payload_type,
+      payload: raw.payload
+    };
+  }
+  return {
+    status: "failed",
+    error: raw.error,
+    buildId: raw.build_id
+  };
+}
+
+// src/client/common/auth/keyring.ts
+import { AsyncEntry, findCredentials } from "@napi-rs/keyring";
+import { privateKeyToAddress } from "viem/accounts";
+var SERVICE_NAME = "ecloud";
+var ACCOUNT_NAME = "key";
+var EIGENX_SERVICE_NAME = "eigenx-cli";
+var EIGENX_DEV_SERVICE_NAME = "eigenx-cli-dev";
+var EIGENX_ACCOUNT_PREFIX = "eigenx-";
+var GO_KEYRING_BASE64_PREFIX = "go-keyring-base64:";
+var GO_KEYRING_ENCODED_PREFIX = "go-keyring-encoded:";
+async function storePrivateKey(privateKey) {
+  const normalizedKey = normalizePrivateKey(privateKey);
+  const isValid = validatePrivateKey(normalizedKey);
+  if (!isValid) {
+    throw new Error("Invalid private key format");
+  }
+  const entry = new AsyncEntry(SERVICE_NAME, ACCOUNT_NAME);
+  try {
+    await entry.setPassword(normalizedKey);
+  } catch (err) {
+    throw new Error(
+      `Failed to store key in OS keyring: ${err?.message ?? err}. Ensure keyring service is available.`
+    );
+  }
+}
+async function getPrivateKey() {
+  const entry = new AsyncEntry(SERVICE_NAME, ACCOUNT_NAME);
+  try {
+    const key = await entry.getPassword();
+    if (key && validatePrivateKey(key)) {
+      return key;
+    }
+  } catch {
+  }
+  return null;
+}
+async function deletePrivateKey() {
+  const entry = new AsyncEntry(SERVICE_NAME, ACCOUNT_NAME);
+  try {
+    await entry.deletePassword();
+    return true;
+  } catch {
+    console.warn("No key found in keyring");
+    return false;
+  }
+}
+async function listStoredKeys() {
+  const keys = [];
+  const creds = findCredentials(SERVICE_NAME);
+  for (const cred of creds) {
+    if (cred.account === ACCOUNT_NAME) {
+      try {
+        const address = getAddressFromPrivateKey(cred.password);
+        keys.push({ address });
+      } catch (err) {
+        console.warn(`Warning: Invalid key found, skipping: ${err}`);
+      }
+    }
+  }
+  return keys;
+}
+async function keyExists() {
+  const key = await getPrivateKey();
+  return key !== null;
+}
+async function getLegacyKeys() {
+  const keys = [];
+  try {
+    const eigenxCreds = findCredentials(EIGENX_SERVICE_NAME);
+    for (const cred of eigenxCreds) {
+      const accountName = cred.account;
+      if (!accountName.startsWith(EIGENX_ACCOUNT_PREFIX)) {
+        continue;
+      }
+      const environment = accountName.substring(EIGENX_ACCOUNT_PREFIX.length);
+      try {
+        const decodedKey = decodeGoKeyringValue(cred.password);
+        const address = getAddressFromPrivateKey(decodedKey);
+        keys.push({ environment, address, source: "eigenx" });
+      } catch (err) {
+        console.warn(
+          `Warning: Invalid key found for ${environment} (eigenx-cli), skipping: ${err}`
+        );
+      }
+    }
+  } catch {
+  }
+  try {
+    const eigenxDevCreds = findCredentials(EIGENX_DEV_SERVICE_NAME);
+    for (const cred of eigenxDevCreds) {
+      const accountName = cred.account;
+      if (!accountName.startsWith(EIGENX_ACCOUNT_PREFIX)) {
+        continue;
+      }
+      const environment = accountName.substring(EIGENX_ACCOUNT_PREFIX.length);
+      try {
+        const decodedKey = decodeGoKeyringValue(cred.password);
+        const address = getAddressFromPrivateKey(decodedKey);
+        keys.push({ environment, address, source: "eigenx-dev" });
+      } catch (err) {
+        console.warn(
+          `Warning: Invalid key found for ${environment} (eigenx-dev), skipping: ${err}`
+        );
+      }
+    }
+  } catch {
+  }
+  return keys;
+}
+async function getLegacyPrivateKey(environment, source) {
+  const serviceName = source === "eigenx" ? EIGENX_SERVICE_NAME : EIGENX_DEV_SERVICE_NAME;
+  const accountName = EIGENX_ACCOUNT_PREFIX + environment;
+  const entry = new AsyncEntry(serviceName, accountName);
+  try {
+    const rawKey = await entry.getPassword();
+    if (rawKey) {
+      const decodedKey = decodeGoKeyringValue(rawKey);
+      if (validatePrivateKey(decodedKey)) {
+        return decodedKey;
+      }
+    }
+  } catch {
+  }
+  return null;
+}
+async function deleteLegacyPrivateKey(environment, source) {
+  const serviceName = source === "eigenx" ? EIGENX_SERVICE_NAME : EIGENX_DEV_SERVICE_NAME;
+  const accountName = EIGENX_ACCOUNT_PREFIX + environment;
+  const entry = new AsyncEntry(serviceName, accountName);
+  try {
+    await entry.deletePassword();
+    return true;
+  } catch {
+    console.warn(`No key found for ${environment} in ${source}`);
+    return false;
+  }
+}
+function validatePrivateKey(privateKey) {
+  try {
+    getAddressFromPrivateKey(privateKey);
+    return true;
+  } catch {
+    return false;
+  }
+}
+function getAddressFromPrivateKey(privateKey) {
+  const normalized = normalizePrivateKey(privateKey);
+  return privateKeyToAddress(normalized);
+}
+function decodeGoKeyringValue(rawValue) {
+  if (rawValue.startsWith(GO_KEYRING_BASE64_PREFIX)) {
+    const encoded = rawValue.substring(GO_KEYRING_BASE64_PREFIX.length);
+    try {
+      const decoded = Buffer.from(encoded, "base64").toString("utf8");
+      return decoded;
+    } catch (err) {
+      console.warn(`Warning: Failed to decode go-keyring base64 value: ${err}`);
+      return rawValue;
+    }
+  }
+  if (rawValue.startsWith(GO_KEYRING_ENCODED_PREFIX)) {
+    const encoded = rawValue.substring(GO_KEYRING_ENCODED_PREFIX.length);
+    try {
+      const decoded = Buffer.from(encoded, "hex").toString("utf8");
+      return decoded;
+    } catch (err) {
+      console.warn(`Warning: Failed to decode go-keyring hex value: ${err}`);
+      return rawValue;
+    }
+  }
+  return rawValue;
+}
+function normalizePrivateKey(privateKey) {
+  if (!privateKey.startsWith("0x")) {
+    return `0x${privateKey}`;
+  }
+  return privateKey;
+}
+
+// src/client/common/auth/resolver.ts
+async function getPrivateKeyWithSource(options) {
+  if (options.privateKey) {
+    if (!validatePrivateKey(options.privateKey)) {
+      throw new Error(
+        "Invalid private key format provided via command flag. Please check and try again."
+      );
+    }
+    return {
+      key: options.privateKey,
+      source: "command flag"
+    };
+  }
+  const envKey = process.env.ECLOUD_PRIVATE_KEY;
+  if (envKey) {
+    if (!validatePrivateKey(envKey)) {
+      throw new Error(
+        "Invalid private key format provided via environment variable. Please check and try again."
+      );
+    }
+    return {
+      key: envKey,
+      source: "environment variable (ECLOUD_PRIVATE_KEY)"
+    };
+  }
+  const keyringKey = await getPrivateKey();
+  if (keyringKey) {
+    return {
+      key: keyringKey,
+      source: "stored credentials"
+    };
+  }
+  return null;
+}
+async function requirePrivateKey(options) {
+  const result = await getPrivateKeyWithSource({
+    privateKey: options.privateKey
+  });
+  if (!result) {
+    throw new Error(
+      `Private key required. Please provide it via:
+  \u2022 Keyring: ecloud auth login
+  \u2022 Flag: --private-key YOUR_KEY
+  \u2022 Environment: export ECLOUD_PRIVATE_KEY=YOUR_KEY`
+    );
+  }
+  return result;
+}
+
+// src/client/common/auth/generate.ts
+import { generatePrivateKey, privateKeyToAddress as privateKeyToAddress2 } from "viem/accounts";
+function generateNewPrivateKey() {
+  const privateKey = generatePrivateKey();
+  const address = privateKeyToAddress2(privateKey);
+  return {
+    privateKey,
+    address
+  };
+}
 
 // src/client/common/utils/instance.ts
 async function getCurrentInstanceType(preflightCtx, appID, logger, clientId) {
@@ -139,10 +724,20 @@ function createECloudClient(cfg) {
   };
 }
 export {
+  AuthRequiredError,
+  BUILD_STATUS,
+  BadRequestError,
+  BuildError,
+  BuildFailedError,
+  ConflictError,
+  ForbiddenError,
   NoopClient,
+  NotFoundError,
   PRIMARY_LANGUAGES,
   PostHogClient,
+  TimeoutError,
   UserApiClient,
+  addHexPrefix,
   addMetric,
   addMetricWithDimensions,
   assertValidFilePath,
@@ -152,6 +747,7 @@ export {
   createApp,
   createAppEnvironment,
   createBillingModule,
+  createBuildModule,
   createComputeModule,
   createECloudClient,
   createMetricsContext,
@@ -195,12 +791,15 @@ export {
   listStoredKeys,
   logs,
   prepareDeploy,
+  prepareDeployFromVerifiableBuild,
   prepareUpgrade,
+  prepareUpgradeFromVerifiableBuild,
   requirePrivateKey,
   sanitizeString,
   sanitizeURL,
   sanitizeXURL,
   storePrivateKey,
+  stripHexPrefix,
   validateAppID,
   validateAppName,
   validateCreateAppParams,