@layr-labs/ecloud-sdk 0.1.1 → 0.2.0-dev

package/dist/index.cjs

@@ -30,10 +30,20 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 // src/index.ts
 var index_exports = {};
 __export(index_exports, {
+  AuthRequiredError: () => AuthRequiredError,
+  BUILD_STATUS: () => BUILD_STATUS,
+  BadRequestError: () => BadRequestError,
+  BuildError: () => BuildError,
+  BuildFailedError: () => BuildFailedError,
+  ConflictError: () => ConflictError,
+  ForbiddenError: () => ForbiddenError,
   NoopClient: () => NoopClient,
+  NotFoundError: () => NotFoundError,
   PRIMARY_LANGUAGES: () => PRIMARY_LANGUAGES,
   PostHogClient: () => PostHogClient,
+  TimeoutError: () => TimeoutError,
   UserApiClient: () => UserApiClient,
+  addHexPrefix: () => addHexPrefix,
   addMetric: () => addMetric,
   addMetricWithDimensions: () => addMetricWithDimensions,
   assertValidFilePath: () => assertValidFilePath,
@@ -43,6 +53,7 @@ __export(index_exports, {
   createApp: () => createApp,
   createAppEnvironment: () => createAppEnvironment,
   createBillingModule: () => createBillingModule,
+  createBuildModule: () => createBuildModule,
   createComputeModule: () => createComputeModule,
   createECloudClient: () => createECloudClient,
   createMetricsContext: () => createMetricsContext,
@@ -86,12 +97,15 @@ __export(index_exports, {
   listStoredKeys: () => listStoredKeys,
   logs: () => logs,
   prepareDeploy: () => prepareDeploy,
+  prepareDeployFromVerifiableBuild: () => prepareDeployFromVerifiableBuild,
   prepareUpgrade: () => prepareUpgrade,
+  prepareUpgradeFromVerifiableBuild: () => prepareUpgradeFromVerifiableBuild,
   requirePrivateKey: () => requirePrivateKey,
   sanitizeString: () => sanitizeString,
   sanitizeURL: () => sanitizeURL,
   sanitizeXURL: () => sanitizeXURL,
   storePrivateKey: () => storePrivateKey,
+  stripHexPrefix: () => stripHexPrefix,
   validateAppID: () => validateAppID,
   validateAppName: () => validateAppName,
   validateCreateAppParams: () => validateCreateAppParams,
@@ -206,7 +220,7 @@ function getBillingEnvironmentConfig(build) {
   return config;
 }
 function getBuildType() {
-  const buildTimeType = true ? "prod"?.toLowerCase() : void 0;
+  const buildTimeType = true ? "dev"?.toLowerCase() : void 0;
   const runtimeType = process.env.BUILD_TYPE?.toLowerCase();
   const buildType = buildTimeType || runtimeType;
   if (buildType === "dev") {
@@ -1264,6 +1278,64 @@ Please verify the image exists: docker manifest inspect ${finalImageRef}`
   };
 }
 
+// src/client/common/release/prebuilt.ts
+async function createReleaseFromImageDigest(options, logger) {
+  const { imageRef, imageDigest, envFilePath, instanceType, environmentConfig, appId } = options;
+  if (!/^sha256:[0-9a-f]{64}$/i.test(imageDigest)) {
+    throw new Error(`imageDigest must be in format sha256:<64 hex>, got: ${imageDigest}`);
+  }
+  let publicEnv = {};
+  let privateEnv = {};
+  if (envFilePath) {
+    logger.info("Parsing environment file...");
+    const parsed = parseAndValidateEnvFile(envFilePath);
+    publicEnv = parsed.public;
+    privateEnv = parsed.private;
+  } else {
+    logger.info("Continuing without environment file");
+  }
+  publicEnv["EIGEN_MACHINE_TYPE_PUBLIC"] = instanceType;
+  logger.info(`Instance type: ${instanceType}`);
+  logger.info("Encrypting environment variables...");
+  const { encryptionKey } = getKMSKeysForEnvironment(environmentConfig.name, environmentConfig.build);
+  const protectedHeaders = getAppProtectedHeaders(appId);
+  const privateEnvBytes = Buffer.from(JSON.stringify(privateEnv));
+  const encryptedEnvStr = await encryptRSAOAEPAndAES256GCM(
+    encryptionKey,
+    privateEnvBytes,
+    protectedHeaders
+  );
+  const digestHex = imageDigest.split(":")[1];
+  const digestBytes = new Uint8Array(Buffer.from(digestHex, "hex"));
+  if (digestBytes.length !== 32) {
+    throw new Error(`Digest must be exactly 32 bytes, got ${digestBytes.length}`);
+  }
+  const registry = extractRegistryNameNoDocker(imageRef);
+  return {
+    rmsRelease: {
+      artifacts: [{ digest: digestBytes, registry }],
+      upgradeByTime: Math.floor(Date.now() / 1e3) + 3600
+    },
+    publicEnv: new Uint8Array(Buffer.from(JSON.stringify(publicEnv))),
+    encryptedEnv: new Uint8Array(Buffer.from(encryptedEnvStr))
+  };
+}
+function extractRegistryNameNoDocker(imageRef) {
+  let name = imageRef;
+  const tagIndex = name.lastIndexOf(":");
+  if (tagIndex !== -1 && !name.substring(tagIndex + 1).includes("/")) {
+    name = name.substring(0, tagIndex);
+  }
+  const digestIndex = name.indexOf("@");
+  if (digestIndex !== -1) {
+    name = name.substring(0, digestIndex);
+  }
+  if ([...name].filter((c) => c === "/").length === 1) {
+    name = `docker.io/${name}`;
+  }
+  return name;
+}
+
 // src/client/common/contract/caller.ts
 var import_accounts2 = require("viem/accounts");
 
@@ -2520,12 +2592,23 @@ function stripHexPrefix(value) {
 }
 
 // src/client/common/utils/userapi.ts
+function isJsonObject(value) {
+  return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function readString(obj, key) {
+  const v = obj[key];
+  return typeof v === "string" ? v : void 0;
+}
+function readNumber(obj, key) {
+  const v = obj[key];
+  return typeof v === "number" && Number.isFinite(v) ? v : void 0;
+}
 var MAX_ADDRESS_COUNT = 5;
 var CanViewAppLogsPermission = "0x2fd3f2fe";
 var CanViewSensitiveAppInfoPermission = "0x0e67b22f";
 var CanUpdateAppProfilePermission = "0x036fef61";
 function getDefaultClientId() {
-  const version = true ? "0.1.1" : "0.0.0";
+  const version = true ? "0.2.0-dev" : "0.0.0";
   return `ecloud-sdk/v${version}`;
 }
 var UserApiClient = class {
@@ -2559,6 +2642,31 @@ var UserApiClient = class {
       };
     });
   }
+  /**
+   * Get app details from UserAPI (includes releases and build/provenance info when available).
+   *
+   * Endpoint: GET /apps/:appAddress
+   */
+  async getApp(appAddress) {
+    const endpoint = `${this.config.userApiServerURL}/apps/${appAddress}`;
+    const res = await this.makeAuthenticatedRequest(endpoint);
+    const raw = await res.json();
+    if (!isJsonObject(raw)) {
+      throw new Error("Unexpected /apps/:id response: expected object");
+    }
+    const id = readString(raw, "id");
+    if (!id) {
+      throw new Error("Unexpected /apps/:id response: missing 'id'");
+    }
+    const releasesRaw = raw.releases;
+    const releases = Array.isArray(releasesRaw) ? releasesRaw.map((r) => transformAppRelease(r)).filter((r) => !!r) : [];
+    return {
+      id,
+      creator: readString(raw, "creator"),
+      contractStatus: readString(raw, "contract_status") ?? readString(raw, "contractStatus"),
+      releases
+    };
+  }
   /**
    * Get available SKUs (instance types) from UserAPI
    */
@@ -2731,6 +2839,48 @@ Please check:
     };
   }
 };
+function transformAppReleaseBuild(raw) {
+  if (!isJsonObject(raw)) return void 0;
+  const depsRaw = raw.dependencies;
+  const deps = isJsonObject(depsRaw) ? Object.fromEntries(
+    Object.entries(depsRaw).flatMap(([digest, depRaw]) => {
+      const parsed = transformAppReleaseBuild(depRaw);
+      return parsed ? [[digest, parsed]] : [];
+    })
+  ) : void 0;
+  return {
+    buildId: readString(raw, "build_id") ?? readString(raw, "buildId"),
+    billingAddress: readString(raw, "billing_address") ?? readString(raw, "billingAddress"),
+    repoUrl: readString(raw, "repo_url") ?? readString(raw, "repoUrl"),
+    gitRef: readString(raw, "git_ref") ?? readString(raw, "gitRef"),
+    status: readString(raw, "status"),
+    buildType: readString(raw, "build_type") ?? readString(raw, "buildType"),
+    imageName: readString(raw, "image_name") ?? readString(raw, "imageName"),
+    imageDigest: readString(raw, "image_digest") ?? readString(raw, "imageDigest"),
+    imageUrl: readString(raw, "image_url") ?? readString(raw, "imageUrl"),
+    provenanceJson: raw.provenance_json ?? raw.provenanceJson,
+    provenanceSignature: readString(raw, "provenance_signature") ?? readString(raw, "provenanceSignature"),
+    createdAt: readString(raw, "created_at") ?? readString(raw, "createdAt"),
+    updatedAt: readString(raw, "updated_at") ?? readString(raw, "updatedAt"),
+    errorMessage: readString(raw, "error_message") ?? readString(raw, "errorMessage"),
+    dependencies: deps
+  };
+}
+function transformAppRelease(raw) {
+  if (!isJsonObject(raw)) return void 0;
+  return {
+    appId: readString(raw, "appId") ?? readString(raw, "app_id"),
+    rmsReleaseId: readString(raw, "rmsReleaseId") ?? readString(raw, "rms_release_id"),
+    imageDigest: readString(raw, "imageDigest") ?? readString(raw, "image_digest"),
+    registryUrl: readString(raw, "registryUrl") ?? readString(raw, "registry_url"),
+    publicEnv: readString(raw, "publicEnv") ?? readString(raw, "public_env"),
+    encryptedEnv: readString(raw, "encryptedEnv") ?? readString(raw, "encrypted_env"),
+    upgradeByTime: readNumber(raw, "upgradeByTime") ?? readNumber(raw, "upgrade_by_time"),
+    createdAt: readString(raw, "createdAt") ?? readString(raw, "created_at"),
+    createdAtBlock: readString(raw, "createdAtBlock") ?? readString(raw, "created_at_block"),
+    build: raw.build ? transformAppReleaseBuild(raw.build) : void 0
+  };
+}
 
 // src/client/common/utils/billing.ts
 function isSubscriptionActive(status) {
@@ -5533,6 +5683,95 @@ async function withSDKTelemetry(options, action) {
 }
 
 // src/client/modules/compute/app/deploy.ts
+async function prepareDeployFromVerifiableBuild(options, logger = defaultLogger) {
+  return withSDKTelemetry(
+    {
+      functionName: "prepareDeployFromVerifiableBuild",
+      skipTelemetry: options.skipTelemetry,
+      properties: {
+        environment: options.environment || "sepolia"
+      }
+    },
+    async () => {
+      if (!options.privateKey) throw new Error("privateKey is required for deployment");
+      if (!options.imageRef) throw new Error("imageRef is required for deployment");
+      if (!options.imageDigest) throw new Error("imageDigest is required for deployment");
+      assertValidImageReference(options.imageRef);
+      validateAppName(options.appName);
+      validateLogVisibility(options.logVisibility);
+      if (!/^sha256:[0-9a-f]{64}$/i.test(options.imageDigest)) {
+        throw new Error(`imageDigest must be in format sha256:<64 hex>, got: ${options.imageDigest}`);
+      }
+      const { publicLogs } = validateLogVisibility(options.logVisibility);
+      validateResourceUsageMonitoring(options.resourceUsageMonitoring);
+      logger.debug("Performing preflight checks...");
+      const preflightCtx = await doPreflightChecks(
+        {
+          privateKey: options.privateKey,
+          rpcUrl: options.rpcUrl,
+          environment: options.environment
+        },
+        logger
+      );
+      logger.debug("Checking quota availability...");
+      await checkQuotaAvailable(preflightCtx);
+      const salt = generateRandomSalt();
+      logger.debug(`Generated salt: ${Buffer.from(salt).toString("hex")}`);
+      logger.debug("Calculating app ID...");
+      const appIDToBeDeployed = await calculateAppID(
+        preflightCtx.privateKey,
+        options.rpcUrl || preflightCtx.rpcUrl,
+        preflightCtx.environmentConfig,
+        salt
+      );
+      logger.info(``);
+      logger.info(`App ID: ${appIDToBeDeployed}`);
+      logger.info(``);
+      const release = await createReleaseFromImageDigest(
+        {
+          imageRef: options.imageRef,
+          imageDigest: options.imageDigest,
+          envFilePath: options.envFilePath,
+          instanceType: options.instanceType,
+          environmentConfig: preflightCtx.environmentConfig,
+          appId: appIDToBeDeployed
+        },
+        logger
+      );
+      logger.debug("Preparing deploy batch...");
+      const batch = await prepareDeployBatch(
+        {
+          privateKey: preflightCtx.privateKey,
+          rpcUrl: options.rpcUrl || preflightCtx.rpcUrl,
+          environmentConfig: preflightCtx.environmentConfig,
+          salt,
+          release,
+          publicLogs
+        },
+        logger
+      );
+      logger.debug("Estimating gas...");
+      const gasEstimate = await estimateBatchGas({
+        publicClient: batch.publicClient,
+        environmentConfig: batch.environmentConfig,
+        executions: batch.executions
+      });
+      return {
+        prepared: {
+          batch,
+          appName: options.appName,
+          imageRef: options.imageRef,
+          preflightCtx: {
+            privateKey: preflightCtx.privateKey,
+            rpcUrl: preflightCtx.rpcUrl,
+            environmentConfig: preflightCtx.environmentConfig
+          }
+        },
+        gasEstimate
+      };
+    }
+  );
+}
 function validateDeployOptions(options) {
   if (!options.privateKey) {
     throw new Error("privateKey is required for deployment");
@@ -5842,6 +6081,82 @@ async function checkAppLogPermission(preflightCtx, appAddress, logger) {
 }
 
 // src/client/modules/compute/app/upgrade.ts
+async function prepareUpgradeFromVerifiableBuild(options, logger = defaultLogger) {
+  return withSDKTelemetry(
+    {
+      functionName: "prepareUpgradeFromVerifiableBuild",
+      skipTelemetry: options.skipTelemetry,
+      properties: {
+        environment: options.environment || "sepolia"
+      }
+    },
+    async () => {
+      logger.debug("Performing preflight checks...");
+      const preflightCtx = await doPreflightChecks(
+        {
+          privateKey: options.privateKey,
+          rpcUrl: options.rpcUrl,
+          environment: options.environment
+        },
+        logger
+      );
+      const appID = validateUpgradeOptions(options);
+      assertValidImageReference(options.imageRef);
+      if (!/^sha256:[0-9a-f]{64}$/i.test(options.imageDigest)) {
+        throw new Error(
+          `imageDigest must be in format sha256:<64 hex>, got: ${options.imageDigest}`
+        );
+      }
+      const { publicLogs } = validateLogVisibility(options.logVisibility);
+      validateResourceUsageMonitoring(options.resourceUsageMonitoring);
+      const envFilePath = options.envFilePath || "";
+      logger.info("Preparing release (verifiable build, no local layering)...");
+      const release = await createReleaseFromImageDigest(
+        {
+          imageRef: options.imageRef,
+          imageDigest: options.imageDigest,
+          envFilePath,
+          instanceType: options.instanceType,
+          environmentConfig: preflightCtx.environmentConfig,
+          appId: appID
+        },
+        logger
+      );
+      logger.debug("Checking current log permission state...");
+      const currentlyPublic = await checkAppLogPermission(preflightCtx, appID, logger);
+      const needsPermissionChange = currentlyPublic !== publicLogs;
+      logger.debug("Preparing upgrade batch...");
+      const batch = await prepareUpgradeBatch({
+        privateKey: preflightCtx.privateKey,
+        rpcUrl: options.rpcUrl || preflightCtx.rpcUrl,
+        environmentConfig: preflightCtx.environmentConfig,
+        appId: appID,
+        release,
+        publicLogs,
+        needsPermissionChange
+      });
+      logger.debug("Estimating gas...");
+      const gasEstimate = await estimateBatchGas({
+        publicClient: batch.publicClient,
+        environmentConfig: batch.environmentConfig,
+        executions: batch.executions
+      });
+      return {
+        prepared: {
+          batch,
+          appId: appID,
+          imageRef: options.imageRef,
+          preflightCtx: {
+            privateKey: preflightCtx.privateKey,
+            rpcUrl: preflightCtx.rpcUrl,
+            environmentConfig: preflightCtx.environmentConfig
+          }
+        },
+        gasEstimate
+      };
+    }
+  );
+}
 function validateUpgradeOptions(options) {
   if (!options.privateKey) {
     throw new Error("privateKey is required for upgrade");
@@ -7026,9 +7341,456 @@ Please check:
   }
 };
 
+// src/client/modules/billing/index.ts
+function createBillingModule(config) {
+  const { verbose = false, skipTelemetry = false } = config;
+  const privateKey = addHexPrefix(config.privateKey);
+  const logger = getLogger(verbose);
+  const billingEnvConfig = getBillingEnvironmentConfig(getBuildType());
+  const billingApi = new BillingApiClient(billingEnvConfig, privateKey);
+  return {
+    async subscribe(opts) {
+      return withSDKTelemetry(
+        {
+          functionName: "subscribe",
+          skipTelemetry,
+          // Skip if called from CLI
+          properties: { productId: opts?.productId || "compute" }
+        },
+        async () => {
+          const productId = opts?.productId || "compute";
+          logger.debug(`Checking existing subscription for ${productId}...`);
+          const currentStatus = await billingApi.getSubscription(productId);
+          if (isSubscriptionActive(currentStatus.subscriptionStatus)) {
+            logger.debug(`Subscription already active: ${currentStatus.subscriptionStatus}`);
+            return {
+              type: "already_active",
+              status: currentStatus.subscriptionStatus
+            };
+          }
+          if (currentStatus.subscriptionStatus === "past_due" || currentStatus.subscriptionStatus === "unpaid") {
+            logger.debug(`Subscription has payment issue: ${currentStatus.subscriptionStatus}`);
+            return {
+              type: "payment_issue",
+              status: currentStatus.subscriptionStatus,
+              portalUrl: currentStatus.portalUrl
+            };
+          }
+          logger.debug(`Creating subscription for ${productId}...`);
+          const result = await billingApi.createSubscription(productId);
+          logger.debug(`Checkout URL: ${result.checkoutUrl}`);
+          return {
+            type: "checkout_created",
+            checkoutUrl: result.checkoutUrl
+          };
+        }
+      );
+    },
+    async getStatus(opts) {
+      return withSDKTelemetry(
+        {
+          functionName: "getStatus",
+          skipTelemetry,
+          // Skip if called from CLI
+          properties: { productId: opts?.productId || "compute" }
+        },
+        async () => {
+          const productId = opts?.productId || "compute";
+          logger.debug(`Fetching subscription status for ${productId}...`);
+          const result = await billingApi.getSubscription(productId);
+          logger.debug(`Subscription status: ${result.subscriptionStatus}`);
+          return result;
+        }
+      );
+    },
+    async cancel(opts) {
+      return withSDKTelemetry(
+        {
+          functionName: "cancel",
+          skipTelemetry,
+          // Skip if called from CLI
+          properties: { productId: opts?.productId || "compute" }
+        },
+        async () => {
+          const productId = opts?.productId || "compute";
+          logger.debug(`Checking subscription status for ${productId}...`);
+          const currentStatus = await billingApi.getSubscription(productId);
+          if (!isSubscriptionActive(currentStatus.subscriptionStatus)) {
+            logger.debug(`No active subscription to cancel: ${currentStatus.subscriptionStatus}`);
+            return {
+              type: "no_active_subscription",
+              status: currentStatus.subscriptionStatus
+            };
+          }
+          logger.debug(`Canceling subscription for ${productId}...`);
+          await billingApi.cancelSubscription(productId);
+          logger.debug(`Subscription canceled successfully`);
+          return {
+            type: "canceled"
+          };
+        }
+      );
+    }
+  };
+}
+
+// src/client/common/utils/buildapi.ts
+var import_axios3 = __toESM(require("axios"), 1);
+var import_accounts6 = require("viem/accounts");
+var BuildApiClient = class {
+  constructor(options) {
+    this.baseUrl = options.baseUrl.replace(/\/+$/, "");
+    this.clientId = options.clientId;
+    if (options.privateKey) {
+      this.account = (0, import_accounts6.privateKeyToAccount)(options.privateKey);
+    }
+  }
+  async submitBuild(payload) {
+    return this.authenticatedJsonRequest("/builds", "POST", payload);
+  }
+  async getBuild(buildId) {
+    return this.publicJsonRequest(`/builds/${encodeURIComponent(buildId)}`);
+  }
+  async getBuildByDigest(digest) {
+    return this.publicJsonRequest(`/builds/image/${encodeURIComponent(digest)}`);
+  }
+  async verify(identifier) {
+    return this.publicJsonRequest(`/builds/verify/${encodeURIComponent(identifier)}`);
+  }
+  async getLogs(buildId) {
+    return this.authenticatedTextRequest(`/builds/${encodeURIComponent(buildId)}/logs`);
+  }
+  async listBuilds(params) {
+    const res = await (0, import_axios3.default)({
+      url: `${this.baseUrl}/builds`,
+      method: "GET",
+      params,
+      headers: this.clientId ? { "x-client-id": this.clientId } : void 0,
+      timeout: 6e4,
+      validateStatus: () => true
+    });
+    if (res.status < 200 || res.status >= 300) throw buildApiHttpError(res);
+    return res.data;
+  }
+  async publicJsonRequest(path8) {
+    const res = await (0, import_axios3.default)({
+      url: `${this.baseUrl}${path8}`,
+      method: "GET",
+      headers: this.clientId ? { "x-client-id": this.clientId } : void 0,
+      timeout: 6e4,
+      validateStatus: () => true
+    });
+    if (res.status < 200 || res.status >= 300) throw buildApiHttpError(res);
+    return res.data;
+  }
+  async authenticatedJsonRequest(path8, method, body) {
+    if (!this.account) throw new Error("Private key required for authenticated requests");
+    const headers = {
+      "Content-Type": "application/json"
+    };
+    if (this.clientId) headers["x-client-id"] = this.clientId;
+    const expiry = BigInt(Math.floor(Date.now() / 1e3) + 60);
+    const { signature } = await calculateBillingAuthSignature({
+      account: this.account,
+      product: "compute",
+      expiry
+    });
+    headers.Authorization = `Bearer ${signature}`;
+    headers["X-eigenx-expiry"] = expiry.toString();
+    headers["X-Account"] = this.account.address;
+    const res = await (0, import_axios3.default)({
+      url: `${this.baseUrl}${path8}`,
+      method,
+      headers,
+      data: body,
+      timeout: 6e4,
+      validateStatus: () => true
+    });
+    if (res.status < 200 || res.status >= 300) throw buildApiHttpError(res);
+    return res.data;
+  }
+  async authenticatedTextRequest(path8) {
+    if (!this.account) throw new Error("Private key required for authenticated requests");
+    const headers = {};
+    if (this.clientId) headers["x-client-id"] = this.clientId;
+    const expiry = BigInt(Math.floor(Date.now() / 1e3) + 60);
+    const { signature } = await calculateBillingAuthSignature({
+      account: this.account,
+      product: "compute",
+      expiry
+    });
+    headers.Authorization = `Bearer ${signature}`;
+    headers["X-eigenx-expiry"] = expiry.toString();
+    headers["X-Account"] = this.account.address;
+    const res = await (0, import_axios3.default)({
+      url: `${this.baseUrl}${path8}`,
+      method: "GET",
+      headers,
+      timeout: 6e4,
+      responseType: "text",
+      validateStatus: () => true
+    });
+    if (res.status < 200 || res.status >= 300) throw buildApiHttpError(res);
+    return typeof res.data === "string" ? res.data : JSON.stringify(res.data);
+  }
+};
+function buildApiHttpError(res) {
+  const status = res.status;
+  const body = typeof res.data === "string" ? res.data : res.data ? JSON.stringify(res.data) : "";
+  const url = res.config?.url ? ` ${res.config.url}` : "";
+  return new Error(`BuildAPI request failed: ${status}${url} - ${body || "Unknown error"}`);
+}
+
+// src/client/modules/build/types.ts
+var BUILD_STATUS = {
+  BUILDING: "building",
+  SUCCESS: "success",
+  FAILED: "failed"
+};
+
+// src/client/modules/build/errors.ts
+var BuildError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "BuildError";
+  }
+};
+var AuthRequiredError = class extends BuildError {
+  constructor(message = "Authentication required") {
+    super(message);
+    this.name = "AuthRequiredError";
+  }
+};
+var BuildFailedError = class extends BuildError {
+  constructor(message, buildId) {
+    super(message);
+    this.buildId = buildId;
+    this.name = "BuildFailedError";
+  }
+};
+var ConflictError = class extends BuildError {
+  constructor(message = "Build already in progress") {
+    super(message);
+    this.name = "ConflictError";
+  }
+};
+var NotFoundError = class extends BuildError {
+  constructor(message = "Build not found") {
+    super(message);
+    this.name = "NotFoundError";
+  }
+};
+var ForbiddenError = class extends BuildError {
+  constructor(message = "Permission denied") {
+    super(message);
+    this.name = "ForbiddenError";
+  }
+};
+var TimeoutError = class extends BuildError {
+  constructor(message = "Operation timed out") {
+    super(message);
+    this.name = "TimeoutError";
+  }
+};
+var BadRequestError = class extends BuildError {
+  constructor(message = "Bad request") {
+    super(message);
+    this.name = "BadRequestError";
+  }
+};
+
+// src/client/modules/build/index.ts
+var DEFAULT_POLL_INTERVAL = 2e3;
+var DEFAULT_TIMEOUT = 30 * 60 * 1e3;
+function createBuildModule(config) {
+  const { verbose = false, skipTelemetry = false } = config;
+  const logger = getLogger(verbose);
+  const environment = config.environment || "sepolia";
+  const environmentConfig = getEnvironmentConfig(environment);
+  const api = new BuildApiClient({
+    baseUrl: environmentConfig.userApiServerURL,
+    privateKey: config.privateKey ? addHexPrefix(config.privateKey) : void 0,
+    clientId: config.clientId
+  });
+  return {
+    async submit(request) {
+      return withSDKTelemetry(
+        {
+          functionName: "build.submit",
+          skipTelemetry,
+          properties: { environment, repoUrl: request.repoUrl }
+        },
+        async () => {
+          if (!config.privateKey) throw new AuthRequiredError("Private key required for submit()");
+          const data = await api.submitBuild({
+            repo_url: request.repoUrl,
+            git_ref: request.gitRef,
+            dockerfile_path: request.dockerfilePath ?? "Dockerfile",
+            caddyfile_path: request.caddyfilePath,
+            build_context_path: request.buildContextPath ?? ".",
+            dependencies: request.dependencies ?? []
+          });
+          logger.debug(`Submitted build: ${data.build_id}`);
+          return { buildId: data.build_id };
+        }
+      );
+    },
+    async list(options) {
+      const { billingAddress, limit, offset } = options;
+      return withSDKTelemetry(
+        {
+          functionName: "build.list",
+          skipTelemetry,
+          properties: {
+            environment,
+            billingAddress,
+            ...limit !== void 0 ? { limit: String(limit) } : {},
+            ...offset !== void 0 ? { offset: String(offset) } : {}
+          }
+        },
+        async () => {
+          const data = await api.listBuilds({
+            billing_address: billingAddress,
+            limit,
+            offset
+          });
+          return Array.isArray(data) ? data.map(transformBuild) : [];
+        }
+      );
+    },
+    async get(buildId) {
+      return withSDKTelemetry(
+        { functionName: "build.get", skipTelemetry, properties: { environment, buildId } },
+        async () => transformBuild(await api.getBuild(buildId))
+      );
+    },
+    async getByDigest(digest) {
+      return withSDKTelemetry(
+        { functionName: "build.getByDigest", skipTelemetry, properties: { environment, digest } },
+        async () => transformBuild(await api.getBuildByDigest(digest))
+      );
+    },
+    async verify(identifier) {
+      return withSDKTelemetry(
+        { functionName: "build.verify", skipTelemetry, properties: { environment, identifier } },
+        async () => transformVerifyResult(await api.verify(identifier))
+      );
+    },
+    async getLogs(buildId) {
+      return withSDKTelemetry(
+        { functionName: "build.getLogs", skipTelemetry, properties: { environment, buildId } },
+        async () => {
+          if (!config.privateKey) throw new AuthRequiredError("Private key required for getLogs()");
+          return api.getLogs(buildId);
+        }
+      );
+    },
+    async submitAndWait(request, options = {}) {
+      const { buildId } = await this.submit(request);
+      return this.waitForBuild(buildId, options);
+    },
+    async waitForBuild(buildId, options = {}) {
+      const {
+        onLog,
+        onProgress,
+        pollIntervalMs = DEFAULT_POLL_INTERVAL,
+        timeoutMs = DEFAULT_TIMEOUT
+      } = options;
+      const startTime = Date.now();
+      let lastLogLength = 0;
+      while (true) {
+        if (Date.now() - startTime > timeoutMs) {
+          throw new TimeoutError(`Build timed out after ${timeoutMs}ms`);
+        }
+        const build = await this.get(buildId);
+        let logs2 = "";
+        try {
+          logs2 = await this.getLogs(buildId);
+          if (onLog && logs2.length > lastLogLength) {
+            onLog(logs2.slice(lastLogLength));
+            lastLogLength = logs2.length;
+          }
+        } catch {
+        }
+        onProgress?.({ build, logs: logs2 });
+        if (build.status === BUILD_STATUS.SUCCESS) return build;
+        if (build.status === BUILD_STATUS.FAILED) {
+          throw new BuildFailedError(build.errorMessage ?? "Build failed", buildId);
+        }
+        await sleep2(pollIntervalMs);
+      }
+    },
+    async *streamLogs(buildId, pollIntervalMs = DEFAULT_POLL_INTERVAL) {
+      let lastLength = 0;
+      while (true) {
+        const build = await this.get(buildId);
+        let logs2 = "";
+        try {
+          logs2 = await this.getLogs(buildId);
+        } catch {
+        }
+        if (logs2.length > lastLength) {
+          yield {
+            content: logs2.slice(lastLength),
+            totalLength: logs2.length,
+            isComplete: build.status !== BUILD_STATUS.BUILDING,
+            finalStatus: build.status !== BUILD_STATUS.BUILDING ? build.status : void 0
+          };
+          lastLength = logs2.length;
+        }
+        if (build.status !== BUILD_STATUS.BUILDING) break;
+        await sleep2(pollIntervalMs);
+      }
+    }
+  };
+}
+function sleep2(ms) {
+  return new Promise((resolve2) => setTimeout(resolve2, ms));
+}
+function transformBuild(raw) {
+  return {
+    buildId: raw.build_id,
+    billingAddress: raw.billing_address,
+    repoUrl: raw.repo_url,
+    gitRef: raw.git_ref,
+    status: raw.status,
+    buildType: raw.build_type,
+    imageName: raw.image_name,
+    imageUrl: raw.image_url,
+    imageDigest: raw.image_digest,
+    provenanceJson: raw.provenance_json ?? void 0,
+    provenanceSignature: raw.provenance_signature ?? void 0,
+    errorMessage: raw.error_message ?? void 0,
+    createdAt: raw.created_at,
+    updatedAt: raw.updated_at,
+    dependencies: raw.dependencies ? Object.fromEntries(Object.entries(raw.dependencies).map(([k, v]) => [k, transformBuild(v)])) : void 0
+  };
+}
+function transformVerifyResult(raw) {
+  if (raw.status === "verified") {
+    return {
+      status: "verified",
+      buildId: raw.build_id,
+      imageUrl: raw.image_url,
+      imageDigest: raw.image_digest,
+      repoUrl: raw.repo_url,
+      gitRef: raw.git_ref,
+      provenanceJson: raw.provenance_json,
+      provenanceSignature: raw.provenance_signature,
+      payloadType: raw.payload_type,
+      payload: raw.payload
+    };
+  }
+  return {
+    status: "failed",
+    error: raw.error,
+    buildId: raw.build_id
+  };
+}
+
 // src/client/common/auth/keyring.ts
 var import_keyring = require("@napi-rs/keyring");
-var import_accounts6 = require("viem/accounts");
+var import_accounts7 = require("viem/accounts");
 var SERVICE_NAME = "ecloud";
 var ACCOUNT_NAME = "key";
 var EIGENX_SERVICE_NAME = "eigenx-cli";
@@ -7173,7 +7935,7 @@ function validatePrivateKey2(privateKey) {
 }
 function getAddressFromPrivateKey(privateKey) {
   const normalized = normalizePrivateKey(privateKey);
-  return (0, import_accounts6.privateKeyToAddress)(normalized);
+  return (0, import_accounts7.privateKeyToAddress)(normalized);
 }
 function decodeGoKeyringValue(rawValue) {
   if (rawValue.startsWith(GO_KEYRING_BASE64_PREFIX)) {
@@ -7255,111 +8017,16 @@ async function requirePrivateKey(options) {
 }
 
 // src/client/common/auth/generate.ts
-var import_accounts7 = require("viem/accounts");
+var import_accounts8 = require("viem/accounts");
 function generateNewPrivateKey() {
-  const privateKey = (0, import_accounts7.generatePrivateKey)();
-  const address = (0, import_accounts7.privateKeyToAddress)(privateKey);
+  const privateKey = (0, import_accounts8.generatePrivateKey)();
+  const address = (0, import_accounts8.privateKeyToAddress)(privateKey);
   return {
     privateKey,
     address
   };
 }
 
-// src/client/modules/billing/index.ts
-function createBillingModule(config) {
-  const { verbose = false, skipTelemetry = false } = config;
-  const privateKey = addHexPrefix(config.privateKey);
-  const address = getAddressFromPrivateKey(privateKey);
-  const logger = getLogger(verbose);
-  const billingEnvConfig = getBillingEnvironmentConfig(getBuildType());
-  const billingApi = new BillingApiClient(billingEnvConfig, privateKey);
-  return {
-    address,
-    async subscribe(opts) {
-      return withSDKTelemetry(
-        {
-          functionName: "subscribe",
-          skipTelemetry,
-          // Skip if called from CLI
-          properties: { productId: opts?.productId || "compute" }
-        },
-        async () => {
-          const productId = opts?.productId || "compute";
-          logger.debug(`Checking existing subscription for ${productId}...`);
-          const currentStatus = await billingApi.getSubscription(productId);
-          if (isSubscriptionActive(currentStatus.subscriptionStatus)) {
-            logger.debug(`Subscription already active: ${currentStatus.subscriptionStatus}`);
-            return {
-              type: "already_active",
-              status: currentStatus.subscriptionStatus
-            };
-          }
-          if (currentStatus.subscriptionStatus === "past_due" || currentStatus.subscriptionStatus === "unpaid") {
-            logger.debug(`Subscription has payment issue: ${currentStatus.subscriptionStatus}`);
-            return {
-              type: "payment_issue",
-              status: currentStatus.subscriptionStatus,
-              portalUrl: currentStatus.portalUrl
-            };
-          }
-          logger.debug(`Creating subscription for ${productId}...`);
-          const result = await billingApi.createSubscription(productId);
-          logger.debug(`Checkout URL: ${result.checkoutUrl}`);
-          return {
-            type: "checkout_created",
-            checkoutUrl: result.checkoutUrl
-          };
-        }
-      );
-    },
-    async getStatus(opts) {
-      return withSDKTelemetry(
-        {
-          functionName: "getStatus",
-          skipTelemetry,
-          // Skip if called from CLI
-          properties: { productId: opts?.productId || "compute" }
-        },
-        async () => {
-          const productId = opts?.productId || "compute";
-          logger.debug(`Fetching subscription status for ${productId}...`);
-          const result = await billingApi.getSubscription(productId);
-          logger.debug(`Subscription status: ${result.subscriptionStatus}`);
-          return result;
-        }
-      );
-    },
-    async cancel(opts) {
-      return withSDKTelemetry(
-        {
-          functionName: "cancel",
-          skipTelemetry,
-          // Skip if called from CLI
-          properties: { productId: opts?.productId || "compute" }
-        },
-        async () => {
-          const productId = opts?.productId || "compute";
-          logger.debug(`Checking subscription status for ${productId}...`);
-          const currentStatus = await billingApi.getSubscription(productId);
-          if (!isSubscriptionActive(currentStatus.subscriptionStatus)) {
-            logger.debug(`No active subscription to cancel: ${currentStatus.subscriptionStatus}`);
-            return {
-              type: "no_active_subscription",
-              status: currentStatus.subscriptionStatus
-            };
-          }
-          logger.debug(`Canceling subscription for ${productId}...`);
-          await billingApi.cancelSubscription(productId);
-          logger.debug(`Subscription canceled successfully`);
-          return {
-            type: "canceled"
-          };
-        }
-      );
-    }
-  };
-}
-
 // src/client/common/utils/instance.ts
 async function getCurrentInstanceType(preflightCtx, appID, logger, clientId) {
   try {
@@ -7414,10 +8081,20 @@ function createECloudClient(cfg) {
 }
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
+  AuthRequiredError,
+  BUILD_STATUS,
+  BadRequestError,
+  BuildError,
+  BuildFailedError,
+  ConflictError,
+  ForbiddenError,
   NoopClient,
+  NotFoundError,
   PRIMARY_LANGUAGES,
   PostHogClient,
+  TimeoutError,
   UserApiClient,
+  addHexPrefix,
   addMetric,
   addMetricWithDimensions,
   assertValidFilePath,
@@ -7427,6 +8104,7 @@ function createECloudClient(cfg) {
   createApp,
   createAppEnvironment,
   createBillingModule,
+  createBuildModule,
   createComputeModule,
   createECloudClient,
   createMetricsContext,
@@ -7470,12 +8148,15 @@ function createECloudClient(cfg) {
   listStoredKeys,
   logs,
   prepareDeploy,
+  prepareDeployFromVerifiableBuild,
   prepareUpgrade,
+  prepareUpgradeFromVerifiableBuild,
   requirePrivateKey,
   sanitizeString,
   sanitizeURL,
   sanitizeXURL,
   storePrivateKey,
+  stripHexPrefix,
   validateAppID,
   validateAppName,
   validateCreateAppParams,