@layr-labs/ecloud-sdk 0.2.0-dev.3 → 0.2.1-dev

package/dist/index.cjs

@@ -33,6 +33,7 @@ __export(index_exports, {
   AuthRequiredError: () => AuthRequiredError,
   BUILD_STATUS: () => BUILD_STATUS,
   BadRequestError: () => BadRequestError,
+  BillingApiClient: () => BillingApiClient,
   BuildError: () => BuildError,
   BuildFailedError: () => BuildFailedError,
   ConflictError: () => ConflictError,
@@ -58,6 +59,7 @@ __export(index_exports, {
   createECloudClient: () => createECloudClient,
   createMetricsContext: () => createMetricsContext,
   createTelemetryClient: () => createTelemetryClient,
+  createViemClients: () => createClients,
   deleteLegacyPrivateKey: () => deleteLegacyPrivateKey,
   deletePrivateKey: () => deletePrivateKey,
   emitMetrics: () => emitMetrics,
@@ -77,9 +79,11 @@ __export(index_exports, {
   getAppLatestReleaseBlockNumbers: () => getAppLatestReleaseBlockNumbers,
   getAvailableEnvironments: () => getAvailableEnvironments,
   getAvailableTemplates: () => getAvailableTemplates,
+  getBillingEnvironmentConfig: () => getBillingEnvironmentConfig,
   getBlockTimestamps: () => getBlockTimestamps,
   getBuildType: () => getBuildType,
   getCategoryDescriptions: () => getCategoryDescriptions,
+  getChainFromID: () => getChainFromID,
   getCurrentInstanceType: () => getCurrentInstanceType,
   getEnvironmentConfig: () => getEnvironmentConfig,
   getLegacyKeys: () => getLegacyKeys,
@@ -117,7 +121,7 @@ __export(index_exports, {
   validateInstanceTypeSKU: () => validateInstanceTypeSKU,
   validateLogVisibility: () => validateLogVisibility,
   validateLogsParams: () => validateLogsParams,
-  validatePrivateKey: () => validatePrivateKey2,
+  validatePrivateKey: () => validatePrivateKey,
   validatePrivateKeyFormat: () => validatePrivateKeyFormat,
   validateResourceUsageMonitoring: () => validateResourceUsageMonitoring,
   validateURL: () => validateURL,
@@ -130,118 +134,7 @@ __export(index_exports, {
 module.exports = __toCommonJS(index_exports);
 
 // src/client/modules/compute/app/index.ts
-var import_viem9 = require("viem");
-var import_accounts5 = require("viem/accounts");
-
-// src/client/common/config/environment.ts
-var SEPOLIA_CHAIN_ID = 11155111;
-var MAINNET_CHAIN_ID = 1;
-var CommonAddresses = {
-  ERC7702Delegator: "0x63c0c19a282a1b52b07dd5a65b58948a07dae32b"
-};
-var ChainAddresses = {
-  [MAINNET_CHAIN_ID]: {
-    PermissionController: "0x25E5F8B1E7aDf44518d35D5B2271f114e081f0E5"
-  },
-  [SEPOLIA_CHAIN_ID]: {
-    PermissionController: "0x44632dfBdCb6D3E21EF613B0ca8A6A0c618F5a37"
-  }
-};
-var BILLING_ENVIRONMENTS = {
-  dev: {
-    billingApiServerURL: "https://billingapi-dev.eigencloud.xyz"
-  },
-  prod: {
-    billingApiServerURL: "https://billingapi.eigencloud.xyz"
-  }
-};
-var ENVIRONMENTS = {
-  "sepolia-dev": {
-    name: "sepolia",
-    build: "dev",
-    appControllerAddress: "0xa86DC1C47cb2518327fB4f9A1627F51966c83B92",
-    permissionControllerAddress: ChainAddresses[SEPOLIA_CHAIN_ID].PermissionController,
-    erc7702DelegatorAddress: CommonAddresses.ERC7702Delegator,
-    kmsServerURL: "http://10.128.0.57:8080",
-    userApiServerURL: "https://userapi-compute-sepolia-dev.eigencloud.xyz",
-    defaultRPCURL: "https://ethereum-sepolia-rpc.publicnode.com"
-  },
-  sepolia: {
-    name: "sepolia",
-    build: "prod",
-    appControllerAddress: "0x0dd810a6ffba6a9820a10d97b659f07d8d23d4E2",
-    permissionControllerAddress: ChainAddresses[SEPOLIA_CHAIN_ID].PermissionController,
-    erc7702DelegatorAddress: CommonAddresses.ERC7702Delegator,
-    kmsServerURL: "http://10.128.15.203:8080",
-    userApiServerURL: "https://userapi-compute-sepolia-prod.eigencloud.xyz",
-    defaultRPCURL: "https://ethereum-sepolia-rpc.publicnode.com"
-  },
-  "mainnet-alpha": {
-    name: "mainnet-alpha",
-    build: "prod",
-    appControllerAddress: "0xc38d35Fc995e75342A21CBd6D770305b142Fbe67",
-    permissionControllerAddress: ChainAddresses[MAINNET_CHAIN_ID].PermissionController,
-    erc7702DelegatorAddress: CommonAddresses.ERC7702Delegator,
-    kmsServerURL: "http://10.128.0.2:8080",
-    userApiServerURL: "https://userapi-compute.eigencloud.xyz",
-    defaultRPCURL: "https://ethereum-rpc.publicnode.com"
-  }
-};
-var CHAIN_ID_TO_ENVIRONMENT = {
-  [SEPOLIA_CHAIN_ID.toString()]: "sepolia",
-  [MAINNET_CHAIN_ID.toString()]: "mainnet-alpha"
-};
-function getEnvironmentConfig(environment, chainID) {
-  const env = ENVIRONMENTS[environment];
-  if (!env) {
-    throw new Error(`Unknown environment: ${environment}`);
-  }
-  if (!isEnvironmentAvailable(environment)) {
-    throw new Error(
-      `Environment ${environment} is not available in this build type. Available environments: ${getAvailableEnvironments().join(", ")}`
-    );
-  }
-  if (chainID) {
-    const expectedEnv = CHAIN_ID_TO_ENVIRONMENT[chainID.toString()];
-    if (expectedEnv && expectedEnv !== environment) {
-      throw new Error(`Environment ${environment} does not match chain ID ${chainID}`);
-    }
-  }
-  const resolvedChainID = chainID || (environment === "sepolia" || environment === "sepolia-dev" ? SEPOLIA_CHAIN_ID : MAINNET_CHAIN_ID);
-  return {
-    ...env,
-    chainID: BigInt(resolvedChainID)
-  };
-}
-function getBillingEnvironmentConfig(build) {
-  const config = BILLING_ENVIRONMENTS[build];
-  if (!config) {
-    throw new Error(`Unknown billing environment: ${build}`);
-  }
-  return config;
-}
-function getBuildType() {
-  const buildTimeType = true ? "dev"?.toLowerCase() : void 0;
-  const runtimeType = process.env.BUILD_TYPE?.toLowerCase();
-  const buildType = buildTimeType || runtimeType;
-  if (buildType === "dev") {
-    return "dev";
-  }
-  return "prod";
-}
-function getAvailableEnvironments() {
-  const buildType = getBuildType();
-  if (buildType === "dev") {
-    return ["sepolia-dev"];
-  }
-  return ["sepolia", "mainnet-alpha"];
-}
-function isEnvironmentAvailable(environment) {
-  return getAvailableEnvironments().includes(environment);
-}
-function isMainnet(environmentConfig) {
-  return environmentConfig.chainID === BigInt(MAINNET_CHAIN_ID);
-}
+var import_viem6 = require("viem");
 
 // src/client/common/docker/build.ts
 var child_process = __toESM(require("child_process"), 1);
@@ -1341,9 +1234,6 @@ function extractRegistryNameNoDocker(imageRef) {
   return name;
 }
 
-// src/client/common/contract/caller.ts
-var import_accounts2 = require("viem/accounts");
-
 // src/client/common/contract/eip7702.ts
 var import_viem = require("viem");
 
@@ -2456,11 +2346,12 @@ async function executeBatch(options, logger) {
     });
     const chainId = await publicClient.getChainId();
     const authorizationNonce = transactionNonce + 1;
+    logger.debug("Using wallet client signing for EIP-7702 authorization");
     const signedAuthorization = await walletClient.signAuthorization({
-      account,
+      account: account.address,
       contractAddress: environmentConfig.erc7702DelegatorAddress,
-      chainId: Number(chainId),
-      nonce: authorizationNonce
+      chainId,
+      nonce: Number(authorizationNonce)
     });
     authorizationList = [signedAuthorization];
   }
@@ -2515,78 +2406,31 @@ async function executeBatch(options, logger) {
 }
 
 // src/client/common/contract/caller.ts
-var import_viem5 = require("viem");
-var import_utils = require("viem/utils");
-var import_accounts3 = require("viem/accounts");
-
-// src/client/common/utils/logger.ts
-var defaultLogger = {
-  info: (...args) => console.info(...args),
-  warn: (...args) => console.warn(...args),
-  error: (...args) => console.error(...args),
-  debug: (...args) => console.debug(...args)
-};
-var getLogger = (verbose) => ({
-  info: (...args) => console.info(...args),
-  warn: (...args) => console.warn(...args),
-  error: (...args) => console.error(...args),
-  debug: (...args) => verbose && console.debug(...args)
-});
-
-// src/client/common/utils/userapi.ts
-var import_axios = __toESM(require("axios"), 1);
-var import_form_data = __toESM(require("form-data"), 1);
-var import_viem4 = require("viem");
-
-// src/client/common/utils/auth.ts
-var import_viem2 = require("viem");
-var APP_CONTROLLER_ABI = (0, import_viem2.parseAbi)([
-  "function calculateApiPermissionDigestHash(bytes4 permission, uint256 expiry) view returns (bytes32)"
-]);
-async function calculatePermissionSignature(options) {
-  const { permission, expiry, appControllerAddress, publicClient, account } = options;
-  const digest = await publicClient.readContract({
-    address: appControllerAddress,
-    abi: APP_CONTROLLER_ABI,
-    functionName: "calculateApiPermissionDigestHash",
-    args: [permission, expiry]
-  });
-  const signature = await account.signMessage({
-    message: { raw: digest }
-  });
-  return { signature, digest };
-}
-async function calculateBillingAuthSignature(options) {
-  const { account, product, expiry } = options;
-  const signature = await account.signTypedData({
-    domain: {
-      name: "EigenCloud Billing API",
-      version: "1"
-    },
-    types: {
-      BillingAuth: [
-        { name: "product", type: "string" },
-        { name: "expiry", type: "uint256" }
-      ]
-    },
-    primaryType: "BillingAuth",
-    message: {
-      product,
-      expiry
-    }
-  });
-  return { signature, expiry };
-}
-
-// src/client/common/utils/userapi.ts
-var import_accounts = require("viem/accounts");
+var import_viem3 = require("viem");
 
 // src/client/common/utils/helpers.ts
-var import_viem3 = require("viem");
+var import_viem2 = require("viem");
 var import_chains2 = require("viem/chains");
+var import_accounts = require("viem/accounts");
 function getChainFromID(chainID, fallback = import_chains2.sepolia) {
   const id = Number(chainID);
-  return (0, import_viem3.extractChain)({ chains: SUPPORTED_CHAINS, id }) || fallback;
+  return (0, import_viem2.extractChain)({ chains: SUPPORTED_CHAINS, id }) || fallback;
+}
+function createClients(options) {
+  const { privateKey, rpcUrl, chainId } = options;
+  const privateKeyHex = addHexPrefix(privateKey);
+  const account = (0, import_accounts.privateKeyToAccount)(privateKeyHex);
+  const chain = getChainFromID(chainId);
+  const publicClient = (0, import_viem2.createPublicClient)({
+    chain,
+    transport: (0, import_viem2.http)(rpcUrl)
+  });
+  const walletClient = (0, import_viem2.createWalletClient)({
+    account,
+    chain,
+    transport: (0, import_viem2.http)(rpcUrl)
+  });
+  return { walletClient, publicClient };
 }
 function addHexPrefix(value) {
   return value.startsWith("0x") ? value : `0x${value}`;
@@ -2595,302 +2439,6 @@ function stripHexPrefix(value) {
   return value.startsWith("0x") ? value.slice(2) : value;
 }
 
-// src/client/common/utils/userapi.ts
-function isJsonObject(value) {
-  return typeof value === "object" && value !== null && !Array.isArray(value);
-}
-function readString(obj, key) {
-  const v = obj[key];
-  return typeof v === "string" ? v : void 0;
-}
-function readNumber(obj, key) {
-  const v = obj[key];
-  return typeof v === "number" && Number.isFinite(v) ? v : void 0;
-}
-var MAX_ADDRESS_COUNT = 5;
-var CanViewAppLogsPermission = "0x2fd3f2fe";
-var CanViewSensitiveAppInfoPermission = "0x0e67b22f";
-var CanUpdateAppProfilePermission = "0x036fef61";
-function getDefaultClientId() {
-  const version = true ? "0.2.0-dev.3" : "0.0.0";
-  return `ecloud-sdk/v${version}`;
-}
-var UserApiClient = class {
-  constructor(config, privateKey, rpcUrl, clientId) {
-    this.config = config;
-    if (privateKey) {
-      const privateKeyHex = addHexPrefix(privateKey);
-      this.account = (0, import_accounts.privateKeyToAccount)(privateKeyHex);
-    }
-    this.rpcUrl = rpcUrl;
-    this.clientId = clientId || getDefaultClientId();
-  }
-  async getInfos(appIDs, addressCount = 1) {
-    const count = Math.min(addressCount, MAX_ADDRESS_COUNT);
-    const endpoint = `${this.config.userApiServerURL}/info`;
-    const url = `${endpoint}?${new URLSearchParams({ apps: appIDs.join(",") })}`;
-    const res = await this.makeAuthenticatedRequest(url, CanViewSensitiveAppInfoPermission);
-    const result = await res.json();
-    return result.apps.map((app, i) => {
-      const evmAddresses = app.addresses?.data?.evmAddresses?.slice(0, count) || [];
-      const solanaAddresses = app.addresses?.data?.solanaAddresses?.slice(0, count) || [];
-      return {
-        address: appIDs[i],
-        status: app.app_status,
-        ip: app.ip,
-        machineType: app.machine_type,
-        profile: app.profile,
-        metrics: app.metrics,
-        evmAddresses,
-        solanaAddresses
-      };
-    });
-  }
-  /**
-   * Get app details from UserAPI (includes releases and build/provenance info when available).
-   *
-   * Endpoint: GET /apps/:appAddress
-   */
-  async getApp(appAddress) {
-    const endpoint = `${this.config.userApiServerURL}/apps/${appAddress}`;
-    const res = await this.makeAuthenticatedRequest(endpoint);
-    const raw = await res.json();
-    if (!isJsonObject(raw)) {
-      throw new Error("Unexpected /apps/:id response: expected object");
-    }
-    const id = readString(raw, "id");
-    if (!id) {
-      throw new Error("Unexpected /apps/:id response: missing 'id'");
-    }
-    const releasesRaw = raw.releases;
-    const releases = Array.isArray(releasesRaw) ? releasesRaw.map((r) => transformAppRelease(r)).filter((r) => !!r) : [];
-    return {
-      id,
-      creator: readString(raw, "creator"),
-      contractStatus: readString(raw, "contract_status") ?? readString(raw, "contractStatus"),
-      releases
-    };
-  }
-  /**
-   * Get available SKUs (instance types) from UserAPI
-   */
-  async getSKUs() {
-    const endpoint = `${this.config.userApiServerURL}/skus`;
-    const response = await this.makeAuthenticatedRequest(endpoint);
-    const result = await response.json();
-    return {
-      skus: result.skus || result.SKUs || []
-    };
-  }
-  /**
-   * Get logs for an app
-   */
-  async getLogs(appID) {
-    const endpoint = `${this.config.userApiServerURL}/logs/${appID}`;
-    const response = await this.makeAuthenticatedRequest(endpoint, CanViewAppLogsPermission);
-    return await response.text();
-  }
-  /**
-   * Get statuses for apps
-   */
-  async getStatuses(appIDs) {
-    const endpoint = `${this.config.userApiServerURL}/status`;
-    const url = `${endpoint}?${new URLSearchParams({ apps: appIDs.join(",") })}`;
-    const response = await this.makeAuthenticatedRequest(url);
-    const result = await response.json();
-    const apps = result.apps || result.Apps || [];
-    return apps.map((app, i) => ({
-      address: app.address || appIDs[i],
-      status: app.status || app.Status || ""
-    }));
-  }
-  /**
-   * Upload app profile information with optional image
-   */
-  async uploadAppProfile(appAddress, name, website, description, xURL, imagePath) {
-    const endpoint = `${this.config.userApiServerURL}/apps/${appAddress}/profile`;
-    const formData = new import_form_data.default();
-    formData.append("name", name);
-    if (website) {
-      formData.append("website", website);
-    }
-    if (description) {
-      formData.append("description", description);
-    }
-    if (xURL) {
-      formData.append("xURL", xURL);
-    }
-    if (imagePath) {
-      const fs8 = await import("fs");
-      const path8 = await import("path");
-      const fileName = path8.basename(imagePath);
-      const fileBuffer = fs8.readFileSync(imagePath);
-      formData.append("image", fileBuffer, fileName);
-    }
-    const headers = {
-      "x-client-id": this.clientId,
-      ...formData.getHeaders()
-    };
-    if (this.account) {
-      const expiry = BigInt(Math.floor(Date.now() / 1e3) + 5 * 60);
-      const authHeaders = await this.generateAuthHeaders(CanUpdateAppProfilePermission, expiry);
-      Object.assign(headers, authHeaders);
-    }
-    try {
-      const response = await import_axios.default.post(endpoint, formData, {
-        headers,
-        maxRedirects: 0,
-        validateStatus: () => true,
-        // Don't throw on any status
-        maxContentLength: Infinity,
-        // Allow large file uploads
-        maxBodyLength: Infinity
-        // Allow large file uploads
-      });
-      const status = response.status;
-      if (status !== 200 && status !== 201) {
-        const body = typeof response.data === "string" ? response.data : JSON.stringify(response.data);
-        if (status === 403 && body.includes("Cloudflare") && body.includes("challenge-platform")) {
-          throw new Error(
-            `Cloudflare protection is blocking the request. This is likely due to bot detection.
-Status: ${status}`
-          );
-        }
-        throw new Error(
-          `UserAPI request failed: ${status} ${status >= 200 && status < 300 ? "OK" : "Error"} - ${body.substring(0, 500)}${body.length > 500 ? "..." : ""}`
-        );
-      }
-      return response.data;
-    } catch (error) {
-      if (error.message?.includes("fetch failed") || error.message?.includes("ECONNREFUSED") || error.message?.includes("ENOTFOUND") || error.cause) {
-        const cause = error.cause?.message || error.cause || error.message;
-        throw new Error(
-          `Failed to connect to UserAPI at ${endpoint}: ${cause}
-Please check:
-1. Your internet connection
-2. The API server is accessible: ${this.config.userApiServerURL}
-3. Firewall/proxy settings`
-        );
-      }
-      throw error;
-    }
-  }
-  async makeAuthenticatedRequest(url, permission) {
-    const headers = {
-      "x-client-id": this.clientId
-    };
-    if (permission && this.account) {
-      const expiry = BigInt(Math.floor(Date.now() / 1e3) + 5 * 60);
-      const authHeaders = await this.generateAuthHeaders(permission, expiry);
-      Object.assign(headers, authHeaders);
-    }
-    try {
-      const response = await import_axios.default.get(url, {
-        headers,
-        maxRedirects: 0,
-        validateStatus: () => true
-        // Don't throw on any status
-      });
-      const status = response.status;
-      const statusText = status >= 200 && status < 300 ? "OK" : "Error";
-      if (status < 200 || status >= 300) {
-        const body = typeof response.data === "string" ? response.data : JSON.stringify(response.data);
-        throw new Error(`UserAPI request failed: ${status} ${statusText} - ${body}`);
-      }
-      return {
-        json: async () => response.data,
-        text: async () => typeof response.data === "string" ? response.data : JSON.stringify(response.data)
-      };
-    } catch (error) {
-      if (error.message?.includes("fetch failed") || error.message?.includes("ECONNREFUSED") || error.message?.includes("ENOTFOUND") || error.cause) {
-        const cause = error.cause?.message || error.cause || error.message;
-        throw new Error(
-          `Failed to connect to UserAPI at ${url}: ${cause}
-Please check:
-1. Your internet connection
-2. The API server is accessible: ${this.config.userApiServerURL}
-3. Firewall/proxy settings`
-        );
-      }
-      throw error;
-    }
-  }
-  /**
-   * Generate authentication headers for UserAPI requests
-   */
-  async generateAuthHeaders(permission, expiry) {
-    if (!this.account) {
-      throw new Error("Private key required for authenticated requests");
-    }
-    if (!this.rpcUrl) {
-      throw new Error("RPC URL required for authenticated requests");
-    }
-    const chain = getChainFromID(this.config.chainID);
-    const publicClient = (0, import_viem4.createPublicClient)({
-      chain,
-      transport: (0, import_viem4.http)(this.rpcUrl)
-    });
-    const { signature } = await calculatePermissionSignature({
-      permission,
-      expiry,
-      appControllerAddress: this.config.appControllerAddress,
-      publicClient,
-      account: this.account
-    });
-    return {
-      Authorization: `Bearer ${stripHexPrefix(signature)}`,
-      "X-eigenx-expiry": expiry.toString()
-    };
-  }
-};
-function transformAppReleaseBuild(raw) {
-  if (!isJsonObject(raw)) return void 0;
-  const depsRaw = raw.dependencies;
-  const deps = isJsonObject(depsRaw) ? Object.fromEntries(
-    Object.entries(depsRaw).flatMap(([digest, depRaw]) => {
-      const parsed = transformAppReleaseBuild(depRaw);
-      return parsed ? [[digest, parsed]] : [];
-    })
-  ) : void 0;
-  return {
-    buildId: readString(raw, "build_id") ?? readString(raw, "buildId"),
-    billingAddress: readString(raw, "billing_address") ?? readString(raw, "billingAddress"),
-    repoUrl: readString(raw, "repo_url") ?? readString(raw, "repoUrl"),
-    gitRef: readString(raw, "git_ref") ?? readString(raw, "gitRef"),
-    status: readString(raw, "status"),
-    buildType: readString(raw, "build_type") ?? readString(raw, "buildType"),
-    imageName: readString(raw, "image_name") ?? readString(raw, "imageName"),
-    imageDigest: readString(raw, "image_digest") ?? readString(raw, "imageDigest"),
-    imageUrl: readString(raw, "image_url") ?? readString(raw, "imageUrl"),
-    provenanceJson: raw.provenance_json ?? raw.provenanceJson,
-    provenanceSignature: readString(raw, "provenance_signature") ?? readString(raw, "provenanceSignature"),
-    createdAt: readString(raw, "created_at") ?? readString(raw, "createdAt"),
-    updatedAt: readString(raw, "updated_at") ?? readString(raw, "updatedAt"),
-    errorMessage: readString(raw, "error_message") ?? readString(raw, "errorMessage"),
-    dependencies: deps
-  };
-}
-function transformAppRelease(raw) {
-  if (!isJsonObject(raw)) return void 0;
-  return {
-    appId: readString(raw, "appId") ?? readString(raw, "app_id"),
-    rmsReleaseId: readString(raw, "rmsReleaseId") ?? readString(raw, "rms_release_id"),
-    imageDigest: readString(raw, "imageDigest") ?? readString(raw, "image_digest"),
-    registryUrl: readString(raw, "registryUrl") ?? readString(raw, "registry_url"),
-    publicEnv: readString(raw, "publicEnv") ?? readString(raw, "public_env"),
-    encryptedEnv: readString(raw, "encryptedEnv") ?? readString(raw, "encrypted_env"),
-    upgradeByTime: readNumber(raw, "upgradeByTime") ?? readNumber(raw, "upgrade_by_time"),
-    createdAt: readString(raw, "createdAt") ?? readString(raw, "created_at"),
-    createdAtBlock: readString(raw, "createdAtBlock") ?? readString(raw, "created_at_block"),
-    build: raw.build ? transformAppReleaseBuild(raw.build) : void 0
-  };
-}
-
-// src/client/common/utils/billing.ts
-function isSubscriptionActive(status) {
-  return status === "active" || status === "trialing";
-}
-
 // src/client/common/abis/AppController.json
 var AppController_default = [
   {
@@ -4446,17 +3994,10 @@ function formatETH(wei) {
   return trimmed;
 }
 async function estimateTransactionGas(options) {
-  const { privateKey, rpcUrl, environmentConfig, to, data, value = 0n } = options;
-  const privateKeyHex = addHexPrefix(privateKey);
-  const account = (0, import_accounts2.privateKeyToAccount)(privateKeyHex);
-  const chain = getChainFromID(environmentConfig.chainID);
-  const publicClient = (0, import_viem5.createPublicClient)({
-    chain,
-    transport: (0, import_viem5.http)(rpcUrl)
-  });
+  const { publicClient, from, to, data, value = 0n } = options;
   const fees = await publicClient.estimateFeesPerGas();
   const gasLimit = await publicClient.estimateGas({
-    account: account.address,
+    account: from,
     to,
     data,
     value
@@ -4473,65 +4014,54 @@ async function estimateTransactionGas(options) {
     maxCostEth
   };
 }
-async function calculateAppID(privateKey, rpcUrl, environmentConfig, salt) {
-  const privateKeyHex = addHexPrefix(privateKey);
-  const account = (0, import_accounts2.privateKeyToAccount)(privateKeyHex);
-  const chain = getChainFromID(environmentConfig.chainID);
-  const publicClient = (0, import_viem5.createPublicClient)({
-    chain,
-    transport: (0, import_viem5.http)(rpcUrl)
-  });
-  const saltHexString = Buffer.from(salt).toString("hex");
+async function calculateAppID(options) {
+  const { publicClient, environmentConfig, ownerAddress, salt } = options;
+  const saltHexString = (0, import_viem3.bytesToHex)(salt).slice(2);
   const paddedSaltHex = saltHexString.padStart(64, "0");
   const saltHex = `0x${paddedSaltHex}`;
-  const accountAddress = typeof account.address === "string" ? account.address : account.address.toString();
   const appID = await publicClient.readContract({
     address: environmentConfig.appControllerAddress,
     abi: AppController_default,
     functionName: "calculateAppId",
-    args: [accountAddress, saltHex]
+    args: [ownerAddress, saltHex]
   });
   return appID;
 }
 async function prepareDeployBatch(options, logger) {
-  const { privateKey, rpcUrl, environmentConfig, salt, release, publicLogs } = options;
-  const privateKeyHex = addHexPrefix(privateKey);
-  const account = (0, import_accounts2.privateKeyToAccount)(privateKeyHex);
-  const chain = getChainFromID(environmentConfig.chainID);
-  const publicClient = (0, import_viem5.createPublicClient)({
-    chain,
-    transport: (0, import_viem5.http)(rpcUrl)
-  });
-  const walletClient = (0, import_viem5.createWalletClient)({
-    account,
-    chain,
-    transport: (0, import_viem5.http)(rpcUrl)
-  });
+  const { walletClient, publicClient, environmentConfig, salt, release, publicLogs } = options;
+  const account = walletClient.account;
+  if (!account) {
+    throw new Error("WalletClient must have an account attached");
+  }
   logger.info("Calculating app ID...");
-  const appId = await calculateAppID(privateKeyHex, rpcUrl, environmentConfig, salt);
-  logger.info(`App ID: ${appId}`);
+  const appId = await calculateAppID({
+    publicClient,
+    environmentConfig,
+    ownerAddress: account.address,
+    salt
+  });
   logger.debug(`App ID calculated: ${appId}`);
   logger.debug(`This address will be used for acceptAdmin call`);
-  const saltHexString = Buffer.from(salt).toString("hex");
+  const saltHexString = (0, import_viem3.bytesToHex)(salt).slice(2);
   const paddedSaltHex = saltHexString.padStart(64, "0");
   const saltHex = `0x${paddedSaltHex}`;
   const releaseForViem = {
     rmsRelease: {
       artifacts: release.rmsRelease.artifacts.map((artifact) => ({
-        digest: `0x${Buffer.from(artifact.digest).toString("hex").padStart(64, "0")}`,
+        digest: `0x${(0, import_viem3.bytesToHex)(artifact.digest).slice(2).padStart(64, "0")}`,
         registry: artifact.registry
       })),
       upgradeByTime: release.rmsRelease.upgradeByTime
     },
-    publicEnv: `0x${Buffer.from(release.publicEnv).toString("hex")}`,
-    encryptedEnv: `0x${Buffer.from(release.encryptedEnv).toString("hex")}`
+    publicEnv: (0, import_viem3.bytesToHex)(release.publicEnv),
+    encryptedEnv: (0, import_viem3.bytesToHex)(release.encryptedEnv)
   };
-  const createData = (0, import_viem5.encodeFunctionData)({
+  const createData = (0, import_viem3.encodeFunctionData)({
     abi: AppController_default,
     functionName: "createApp",
     args: [saltHex, releaseForViem]
   });
-  const acceptAdminData = (0, import_viem5.encodeFunctionData)({
+  const acceptAdminData = (0, import_viem3.encodeFunctionData)({
     abi: PermissionController_default,
     functionName: "acceptAdmin",
     args: [appId]
@@ -4549,7 +4079,7 @@ async function prepareDeployBatch(options, logger) {
     }
   ];
   if (publicLogs) {
-    const anyoneCanViewLogsData = (0, import_viem5.encodeFunctionData)({
+    const anyoneCanViewLogsData = (0, import_viem3.encodeFunctionData)({
       abi: PermissionController_default,
       functionName: "setAppointee",
       args: [
@@ -4593,17 +4123,7 @@ async function executeDeployBatch(data, context, gas, logger) {
   return { appId: data.appId, txHash };
 }
 async function deployApp(options, logger) {
-  const prepared = await prepareDeployBatch(
-    {
-      privateKey: options.privateKey,
-      rpcUrl: options.rpcUrl,
-      environmentConfig: options.environmentConfig,
-      salt: options.salt,
-      release: options.release,
-      publicLogs: options.publicLogs
-    },
-    logger
-  );
+  const prepared = await prepareDeployBatch(options, logger);
   const data = {
     appId: prepared.appId,
     salt: prepared.salt,
@@ -4617,42 +4137,22 @@ async function deployApp(options, logger) {
   return executeDeployBatch(data, context, options.gas, logger);
 }
 async function prepareUpgradeBatch(options) {
-  const {
-    privateKey,
-    rpcUrl,
-    environmentConfig,
-    appId,
-    release,
-    publicLogs,
-    needsPermissionChange
-  } = options;
-  const privateKeyHex = addHexPrefix(privateKey);
-  const account = (0, import_accounts2.privateKeyToAccount)(privateKeyHex);
-  const chain = getChainFromID(environmentConfig.chainID);
-  const publicClient = (0, import_viem5.createPublicClient)({
-    chain,
-    transport: (0, import_viem5.http)(rpcUrl)
-  });
-  const walletClient = (0, import_viem5.createWalletClient)({
-    account,
-    chain,
-    transport: (0, import_viem5.http)(rpcUrl)
-  });
+  const { walletClient, publicClient, environmentConfig, appID, release, publicLogs, needsPermissionChange } = options;
   const releaseForViem = {
     rmsRelease: {
       artifacts: release.rmsRelease.artifacts.map((artifact) => ({
-        digest: `0x${Buffer.from(artifact.digest).toString("hex").padStart(64, "0")}`,
+        digest: `0x${(0, import_viem3.bytesToHex)(artifact.digest).slice(2).padStart(64, "0")}`,
         registry: artifact.registry
       })),
       upgradeByTime: release.rmsRelease.upgradeByTime
     },
-    publicEnv: `0x${Buffer.from(release.publicEnv).toString("hex")}`,
-    encryptedEnv: `0x${Buffer.from(release.encryptedEnv).toString("hex")}`
+    publicEnv: (0, import_viem3.bytesToHex)(release.publicEnv),
+    encryptedEnv: (0, import_viem3.bytesToHex)(release.encryptedEnv)
   };
-  const upgradeData = (0, import_viem5.encodeFunctionData)({
+  const upgradeData = (0, import_viem3.encodeFunctionData)({
     abi: AppController_default,
     functionName: "upgradeApp",
-    args: [appId, releaseForViem]
+    args: [appID, releaseForViem]
   });
   const executions = [
     {
@@ -4663,11 +4163,11 @@ async function prepareUpgradeBatch(options) {
   ];
   if (needsPermissionChange) {
     if (publicLogs) {
-      const addLogsData = (0, import_viem5.encodeFunctionData)({
+      const addLogsData = (0, import_viem3.encodeFunctionData)({
         abi: PermissionController_default,
         functionName: "setAppointee",
         args: [
-          appId,
+          appID,
           "0x493219d9949348178af1f58740655951a8cd110c",
           // AnyoneCanCallAddress
           "0x57ee1fb74c1087e26446abc4fb87fd8f07c43d8d",
@@ -4682,11 +4182,11 @@ async function prepareUpgradeBatch(options) {
         callData: addLogsData
       });
     } else {
-      const removeLogsData = (0, import_viem5.encodeFunctionData)({
+      const removeLogsData = (0, import_viem3.encodeFunctionData)({
         abi: PermissionController_default,
         functionName: "removeAppointee",
         args: [
-          appId,
+          appID,
           "0x493219d9949348178af1f58740655951a8cd110c",
           // AnyoneCanCallAddress
           "0x57ee1fb74c1087e26446abc4fb87fd8f07c43d8d",
@@ -4703,7 +4203,7 @@ async function prepareUpgradeBatch(options) {
     }
   }
   return {
-    appId,
+    appId: appID,
     executions,
     walletClient,
     publicClient,
@@ -4726,15 +4226,7 @@ async function executeUpgradeBatch(data, context, gas, logger) {
   return txHash;
 }
 async function upgradeApp(options, logger) {
-  const prepared = await prepareUpgradeBatch({
-    privateKey: options.privateKey,
-    rpcUrl: options.rpcUrl,
-    environmentConfig: options.environmentConfig,
-    appId: options.appId,
-    release: options.release,
-    publicLogs: options.publicLogs,
-    needsPermissionChange: options.needsPermissionChange
-  });
+  const prepared = await prepareUpgradeBatch(options);
   const data = {
     appId: prepared.appId,
     executions: prepared.executions
@@ -4747,29 +4239,12 @@ async function upgradeApp(options, logger) {
   return executeUpgradeBatch(data, context, options.gas, logger);
 }
 async function sendAndWaitForTransaction(options, logger) {
-  const {
-    privateKey,
-    rpcUrl,
-    environmentConfig,
-    to,
-    data,
-    value = 0n,
-    pendingMessage,
-    txDescription,
-    gas
-  } = options;
-  const privateKeyHex = addHexPrefix(privateKey);
-  const account = (0, import_accounts2.privateKeyToAccount)(privateKeyHex);
+  const { walletClient, publicClient, environmentConfig, to, data, value = 0n, pendingMessage, txDescription, gas } = options;
+  const account = walletClient.account;
+  if (!account) {
+    throw new Error("WalletClient must have an account attached");
+  }
   const chain = getChainFromID(environmentConfig.chainID);
-  const publicClient = (0, import_viem5.createPublicClient)({
-    chain,
-    transport: (0, import_viem5.http)(rpcUrl)
-  });
-  const walletClient = (0, import_viem5.createWalletClient)({
-    account,
-    chain,
-    transport: (0, import_viem5.http)(rpcUrl)
-  });
   if (pendingMessage) {
     logger.info(`
 ${pendingMessage}`);
@@ -4780,7 +4255,10 @@ ${pendingMessage}`);
     data,
     value,
     ...gas?.maxFeePerGas && { maxFeePerGas: gas.maxFeePerGas },
-    ...gas?.maxPriorityFeePerGas && { maxPriorityFeePerGas: gas.maxPriorityFeePerGas }
+    ...gas?.maxPriorityFeePerGas && {
+      maxPriorityFeePerGas: gas.maxPriorityFeePerGas
+    },
+    chain
   });
   logger.info(`Transaction sent: ${hash}`);
   const receipt = await publicClient.waitForTransactionReceipt({ hash });
@@ -4795,7 +4273,7 @@ ${pendingMessage}`);
     } catch (callError) {
       if (callError.data) {
         try {
-          const decoded = (0, import_viem5.decodeErrorResult)({
+          const decoded = (0, import_viem3.decodeErrorResult)({
             abi: AppController_default,
             data: callError.data
           });
@@ -4846,12 +4324,7 @@ function formatAppControllerError(decoded) {
       return new Error(`contract error: ${errorName}`);
   }
 }
-async function getActiveAppCount(rpcUrl, environmentConfig, user) {
-  const chain = getChainFromID(environmentConfig.chainID);
-  const publicClient = (0, import_viem5.createPublicClient)({
-    chain,
-    transport: (0, import_viem5.http)(rpcUrl)
-  });
+async function getActiveAppCount(publicClient, environmentConfig, user) {
   const count = await publicClient.readContract({
     address: environmentConfig.appControllerAddress,
     abi: AppController_default,
@@ -4860,12 +4333,7 @@ async function getActiveAppCount(rpcUrl, environmentConfig, user) {
   });
   return Number(count);
 }
-async function getMaxActiveAppsPerUser(rpcUrl, environmentConfig, user) {
-  const chain = getChainFromID(environmentConfig.chainID);
-  const publicClient = (0, import_viem5.createPublicClient)({
-    chain,
-    transport: (0, import_viem5.http)(rpcUrl)
-  });
+async function getMaxActiveAppsPerUser(publicClient, environmentConfig, user) {
   const quota = await publicClient.readContract({
     address: environmentConfig.appControllerAddress,
     abi: AppController_default,
@@ -4874,12 +4342,7 @@ async function getMaxActiveAppsPerUser(rpcUrl, environmentConfig, user) {
   });
   return Number(quota);
 }
-async function getAppsByDeveloper(rpcUrl, environmentConfig, developer, offset, limit) {
-  const chain = getChainFromID(environmentConfig.chainID);
-  const publicClient = (0, import_viem5.createPublicClient)({
-    chain,
-    transport: (0, import_viem5.http)(rpcUrl)
-  });
+async function getAppsByDeveloper(publicClient, environmentConfig, developer, offset, limit) {
   const result = await publicClient.readContract({
     address: environmentConfig.appControllerAddress,
     abi: AppController_default,
@@ -4891,12 +4354,12 @@ async function getAppsByDeveloper(rpcUrl, environmentConfig, developer, offset,
     appConfigs: result[1]
   };
 }
-async function getAllAppsByDeveloper(rpcUrl, env, developer, pageSize = 100n) {
+async function getAllAppsByDeveloper(publicClient, env, developer, pageSize = 100n) {
   let offset = 0n;
   const allApps = [];
   const allConfigs = [];
   while (true) {
-    const { apps, appConfigs } = await getAppsByDeveloper(rpcUrl, env, developer, offset, pageSize);
+    const { apps, appConfigs } = await getAppsByDeveloper(publicClient, env, developer, offset, pageSize);
     if (apps.length === 0) break;
     allApps.push(...apps);
     allConfigs.push(...appConfigs);
@@ -4908,12 +4371,7 @@ async function getAllAppsByDeveloper(rpcUrl, env, developer, pageSize = 100n) {
     appConfigs: allConfigs
   };
 }
-async function getAppLatestReleaseBlockNumbers(rpcUrl, environmentConfig, appIDs) {
-  const chain = getChainFromID(environmentConfig.chainID);
-  const publicClient = (0, import_viem5.createPublicClient)({
-    chain,
-    transport: (0, import_viem5.http)(rpcUrl)
-  });
+async function getAppLatestReleaseBlockNumbers(publicClient, environmentConfig, appIDs) {
   const results = await Promise.all(
     appIDs.map(
       (appID) => publicClient.readContract({
@@ -4933,12 +4391,7 @@ async function getAppLatestReleaseBlockNumbers(rpcUrl, environmentConfig, appIDs
   }
   return blockNumbers;
 }
-async function getBlockTimestamps(rpcUrl, environmentConfig, blockNumbers) {
-  const chain = getChainFromID(environmentConfig.chainID);
-  const publicClient = (0, import_viem5.createPublicClient)({
-    chain,
-    transport: (0, import_viem5.http)(rpcUrl)
-  });
+async function getBlockTimestamps(publicClient, blockNumbers) {
   const uniqueBlockNumbers = [...new Set(blockNumbers)].filter((n) => n > 0);
   const timestamps = /* @__PURE__ */ new Map();
   const blocks = await Promise.all(
@@ -4955,67 +4408,34 @@ async function getBlockTimestamps(rpcUrl, environmentConfig, blockNumbers) {
   return timestamps;
 }
 async function isDelegated(options) {
-  const { privateKey, rpcUrl, environmentConfig } = options;
-  const privateKeyHex = addHexPrefix(privateKey);
-  const account = (0, import_accounts2.privateKeyToAccount)(privateKeyHex);
-  const chain = getChainFromID(environmentConfig.chainID);
-  const publicClient = (0, import_viem5.createPublicClient)({
-    chain,
-    transport: (0, import_viem5.http)(rpcUrl)
-  });
+  const { publicClient, environmentConfig, address } = options;
   return checkERC7702Delegation(
     publicClient,
-    account.address,
+    address,
     environmentConfig.erc7702DelegatorAddress
   );
 }
 async function undelegate(options, logger) {
-  const { privateKey, rpcUrl, environmentConfig } = options;
-  const privateKeyHex = addHexPrefix(privateKey);
-  const account = (0, import_accounts2.privateKeyToAccount)(privateKeyHex);
+  const { walletClient, publicClient, environmentConfig } = options;
+  const account = walletClient.account;
+  if (!account) {
+    throw new Error("WalletClient must have an account attached");
+  }
   const chain = getChainFromID(environmentConfig.chainID);
-  const publicClient = (0, import_viem5.createPublicClient)({
-    chain,
-    transport: (0, import_viem5.http)(rpcUrl)
-  });
-  const walletClient = (0, import_viem5.createWalletClient)({
-    account,
-    chain,
-    transport: (0, import_viem5.http)(rpcUrl)
-  });
   const transactionNonce = await publicClient.getTransactionCount({
     address: account.address,
     blockTag: "pending"
   });
   const chainId = await publicClient.getChainId();
   const authorizationNonce = BigInt(transactionNonce) + 1n;
-  const authorization = {
-    chainId: Number(chainId),
-    address: "0x0000000000000000000000000000000000000000",
-    // Empty address = undelegate
-    nonce: authorizationNonce
-  };
-  const sighash = (0, import_utils.hashAuthorization)({
-    chainId: authorization.chainId,
-    contractAddress: authorization.address,
-    nonce: Number(authorization.nonce)
-  });
-  const sig = await (0, import_accounts3.sign)({
-    hash: sighash,
-    privateKey: privateKeyHex
+  logger.debug("Signing undelegate authorization");
+  const signedAuthorization = await walletClient.signAuthorization({
+    contractAddress: "0x0000000000000000000000000000000000000000",
+    chainId,
+    nonce: Number(authorizationNonce),
+    account
   });
-  const v = Number(sig.v);
-  const yParity = v === 27 ? 0 : 1;
-  const authorizationList = [
-    {
-      chainId: authorization.chainId,
-      address: authorization.address,
-      nonce: Number(authorization.nonce),
-      r: sig.r,
-      s: sig.s,
-      yParity
-    }
-  ];
+  const authorizationList = [signedAuthorization];
   const hash = await walletClient.sendTransaction({
     account,
     to: account.address,
@@ -5023,7 +4443,8 @@ async function undelegate(options, logger) {
     data: "0x",
     // Empty data
     value: 0n,
-    authorizationList
+    authorizationList,
+    chain
   });
   logger.info(`Transaction sent: ${hash}`);
   const receipt = await publicClient.waitForTransactionReceipt({ hash });
@@ -5034,360 +4455,705 @@ async function undelegate(options, logger) {
   return hash;
 }
 
-// src/client/common/contract/watcher.ts
-var WATCH_POLL_INTERVAL_SECONDS = 5;
-var APP_STATUS_RUNNING = "Running";
-var APP_STATUS_FAILED = "Failed";
-async function watchUntilRunning(options, logger) {
-  const { environmentConfig, appId, privateKey, rpcUrl, clientId } = options;
-  const userApiClient = new UserApiClient(environmentConfig, privateKey, rpcUrl, clientId);
-  let initialStatus;
-  let initialIP;
-  let hasChanged = false;
-  const stopCondition = (status, ip) => {
-    if (!initialStatus) {
-      initialStatus = status;
-      initialIP = ip;
-    }
-    if (status !== initialStatus) {
-      hasChanged = true;
-    }
-    if (status === APP_STATUS_RUNNING && ip) {
-      if (hasChanged || initialStatus !== APP_STATUS_RUNNING) {
-        if (!initialIP || initialIP === "No IP assigned") {
-          logger.info(`App is now running with IP: ${ip}`);
-        } else {
-          logger.info("App is now running");
-        }
-        return true;
-      }
-    }
-    if (status === APP_STATUS_FAILED) {
-      throw new Error(`App entered ${status} state`);
-    }
-    return false;
-  };
-  while (true) {
-    try {
-      const info = await userApiClient.getInfos([appId], 1);
-      if (info.length === 0) {
-        await sleep(WATCH_POLL_INTERVAL_SECONDS * 1e3);
-        continue;
-      }
-      const appInfo = info[0];
-      const currentStatus = appInfo.status;
-      const currentIP = appInfo.ip || "";
-      if (stopCondition(currentStatus, currentIP)) {
-        return currentIP || void 0;
-      }
-      await sleep(WATCH_POLL_INTERVAL_SECONDS * 1e3);
-    } catch (error) {
-      logger.warn(`Failed to fetch app info: ${error.message}`);
-      await sleep(WATCH_POLL_INTERVAL_SECONDS * 1e3);
-    }
+// src/client/common/utils/userapi.ts
+var import_axios = __toESM(require("axios"), 1);
+
+// src/client/common/utils/auth.ts
+var import_viem4 = require("viem");
+var APP_CONTROLLER_ABI = (0, import_viem4.parseAbi)([
+  "function calculateApiPermissionDigestHash(bytes4 permission, uint256 expiry) view returns (bytes32)"
+]);
+async function calculatePermissionSignature(options) {
+  const { permission, expiry, appControllerAddress, publicClient, walletClient } = options;
+  const digest = await publicClient.readContract({
+    address: appControllerAddress,
+    abi: APP_CONTROLLER_ABI,
+    functionName: "calculateApiPermissionDigestHash",
+    args: [permission, expiry]
+  });
+  const account = walletClient.account;
+  if (!account) {
+    throw new Error("WalletClient must have an account attached");
   }
+  const signature = await walletClient.signMessage({
+    account,
+    message: { raw: digest }
+  });
+  return { signature, digest };
 }
-var APP_STATUS_STOPPED = "Stopped";
-async function watchUntilUpgradeComplete(options, logger) {
-  const { environmentConfig, appId, privateKey, rpcUrl, clientId } = options;
-  const userApiClient = new UserApiClient(environmentConfig, privateKey, rpcUrl, clientId);
-  let initialStatus;
-  let initialIP;
-  let hasChanged = false;
-  const stopCondition = (status, ip) => {
-    if (!initialStatus) {
-      initialStatus = status;
-      initialIP = ip;
-      if (status === APP_STATUS_STOPPED && ip) {
-        logger.info("App upgrade complete.");
-        logger.info(`Status: ${status}`);
-        logger.info(`To start the app, run: ecloud compute app start ${appId}`);
-        return true;
-      }
-    }
-    if (status !== initialStatus) {
-      hasChanged = true;
-    }
-    if (status === APP_STATUS_STOPPED && ip && hasChanged) {
-      logger.info("App upgrade complete.");
-      logger.info(`Status: ${status}`);
-      logger.info(`To start the app, run: ecloud compute app start ${appId}`);
-      return true;
-    }
-    if (status === APP_STATUS_RUNNING && ip && hasChanged) {
-      if (!initialIP || initialIP === "No IP assigned") {
-        logger.info(`App is now running with IP: ${ip}`);
-      } else {
-        logger.info("App is now running");
-      }
-      return true;
-    }
-    if (status === APP_STATUS_FAILED) {
-      throw new Error(`App entered ${status} state`);
+var generateBillingSigData = (product, expiry) => {
+  return {
+    domain: {
+      name: "EigenCloud Billing API",
+      version: "1"
+    },
+    types: {
+      BillingAuth: [
+        { name: "product", type: "string" },
+        { name: "expiry", type: "uint256" }
+      ]
+    },
+    primaryType: "BillingAuth",
+    message: {
+      product,
+      expiry
     }
-    return false;
   };
-  while (true) {
-    try {
-      const info = await userApiClient.getInfos([appId], 1);
-      if (info.length === 0) {
-        await sleep(WATCH_POLL_INTERVAL_SECONDS * 1e3);
-        continue;
-      }
-      const appInfo = info[0];
-      const currentStatus = appInfo.status;
-      const currentIP = appInfo.ip || "";
-      if (stopCondition(currentStatus, currentIP)) {
-        return;
-      }
-      await sleep(WATCH_POLL_INTERVAL_SECONDS * 1e3);
-    } catch (error) {
-      logger.warn(`Failed to fetch app info: ${error.message}`);
-      await sleep(WATCH_POLL_INTERVAL_SECONDS * 1e3);
-    }
+};
+async function calculateBillingAuthSignature(options) {
+  const { walletClient, product, expiry } = options;
+  const account = walletClient.account;
+  if (!account) {
+    throw new Error("WalletClient must have an account attached");
   }
-}
-function sleep(ms) {
-  return new Promise((resolve2) => setTimeout(resolve2, ms));
+  const signature = await walletClient.signTypedData({
+    account,
+    ...generateBillingSigData(product, expiry)
+  });
+  return { signature, expiry };
 }
 
-// src/client/common/utils/validation.ts
-var import_fs = __toESM(require("fs"), 1);
-var import_path = __toESM(require("path"), 1);
-var import_viem6 = require("viem");
-function validateAppName(name) {
-  if (!name) {
-    throw new Error("App name cannot be empty");
-  }
-  if (name.includes(" ")) {
-    throw new Error("App name cannot contain spaces");
-  }
-  if (name.length > 50) {
-    throw new Error("App name cannot be longer than 50 characters");
-  }
-}
-function validateImageReference(value) {
-  if (!value) {
-    return "Image reference cannot be empty";
-  }
-  if (!value.includes("/")) {
-    return "Image reference must contain at least one /";
-  }
-  return true;
-}
-function assertValidImageReference(value) {
-  const result = validateImageReference(value);
-  if (result !== true) {
-    throw new Error(result);
-  }
+// src/client/common/utils/userapi.ts
+function isJsonObject(value) {
+  return typeof value === "object" && value !== null && !Array.isArray(value);
 }
-function extractAppNameFromImage(imageRef) {
-  const parts = imageRef.split("/");
-  let imageName = parts.length > 1 ? parts[parts.length - 1] : imageRef;
-  if (imageName.includes(":")) {
-    imageName = imageName.split(":")[0];
-  }
-  return imageName;
+function readString(obj, key) {
+  const v = obj[key];
+  return typeof v === "string" ? v : void 0;
 }
-function validateFilePath(value) {
-  if (!value) {
-    return "File path cannot be empty";
-  }
-  if (!import_fs.default.existsSync(value)) {
-    return "File does not exist";
-  }
-  return true;
+function readNumber(obj, key) {
+  const v = obj[key];
+  return typeof v === "number" && Number.isFinite(v) ? v : void 0;
 }
-function assertValidFilePath(value) {
-  const result = validateFilePath(value);
-  if (result !== true) {
-    throw new Error(result);
-  }
+var MAX_ADDRESS_COUNT = 5;
+var CanViewAppLogsPermission = "0x2fd3f2fe";
+var CanViewSensitiveAppInfoPermission = "0x0e67b22f";
+var CanUpdateAppProfilePermission = "0x036fef61";
+function getDefaultClientId() {
+  const version = true ? "0.2.1-dev" : "0.0.0";
+  return `ecloud-sdk/v${version}`;
 }
-function validateInstanceTypeSKU(sku, availableTypes) {
-  if (!sku) {
-    throw new Error("Instance type SKU cannot be empty");
+var UserApiClient = class {
+  constructor(config, walletClient, publicClient, clientId) {
+    this.config = config;
+    this.walletClient = walletClient;
+    this.publicClient = publicClient;
+    this.clientId = clientId || getDefaultClientId();
   }
-  for (const it of availableTypes) {
-    if (it.sku === sku) {
-      return sku;
+  /**
+   * Get the address of the connected wallet
+   */
+  get address() {
+    const account = this.walletClient.account;
+    if (!account) {
+      throw new Error("WalletClient must have an account attached");
     }
+    return account.address;
   }
-  const validSKUs = availableTypes.map((it) => it.sku).join(", ");
-  throw new Error(`Invalid instance-type value: ${sku} (must be one of: ${validSKUs})`);
-}
-function validatePrivateKeyFormat(key) {
-  const keyWithoutPrefix = stripHexPrefix(key);
-  if (!/^[0-9a-fA-F]{64}$/.test(keyWithoutPrefix)) {
-    return false;
-  }
-  return true;
-}
-function assertValidPrivateKey(key) {
-  if (!key) {
-    throw new Error("Private key is required");
+  async getInfos(appIDs, addressCount = 1) {
+    const count = Math.min(addressCount, MAX_ADDRESS_COUNT);
+    const endpoint = `${this.config.userApiServerURL}/info`;
+    const url = `${endpoint}?${new URLSearchParams({ apps: appIDs.join(",") })}`;
+    const res = await this.makeAuthenticatedRequest(url, CanViewSensitiveAppInfoPermission);
+    const result = await res.json();
+    return result.apps.map((app, i) => {
+      const evmAddresses = app.addresses?.data?.evmAddresses?.slice(0, count) || [];
+      const solanaAddresses = app.addresses?.data?.solanaAddresses?.slice(0, count) || [];
+      return {
+        address: appIDs[i],
+        status: app.app_status,
+        ip: app.ip,
+        machineType: app.machine_type,
+        profile: app.profile,
+        metrics: app.metrics,
+        evmAddresses,
+        solanaAddresses
+      };
+    });
   }
-  if (!validatePrivateKeyFormat(key)) {
-    throw new Error(
-      "Invalid private key format (must be 64 hex characters, optionally prefixed with 0x)"
-    );
+  /**
+   * Get app details from UserAPI (includes releases and build/provenance info when available).
+   *
+   * Endpoint: GET /apps/:appAddress
+   */
+  async getApp(appAddress) {
+    const endpoint = `${this.config.userApiServerURL}/apps/${appAddress}`;
+    const res = await this.makeAuthenticatedRequest(endpoint);
+    const raw = await res.json();
+    if (!isJsonObject(raw)) {
+      throw new Error("Unexpected /apps/:id response: expected object");
+    }
+    const id = readString(raw, "id");
+    if (!id) {
+      throw new Error("Unexpected /apps/:id response: missing 'id'");
+    }
+    const releasesRaw = raw.releases;
+    const releases = Array.isArray(releasesRaw) ? releasesRaw.map((r) => transformAppRelease(r)).filter((r) => !!r) : [];
+    return {
+      id,
+      creator: readString(raw, "creator"),
+      contractStatus: readString(raw, "contract_status") ?? readString(raw, "contractStatus"),
+      releases
+    };
   }
-}
-function validateURL(rawURL) {
-  if (!rawURL.trim()) {
-    return "URL cannot be empty";
+  /**
+   * Get available SKUs (instance types) from UserAPI
+   */
+  async getSKUs() {
+    const endpoint = `${this.config.userApiServerURL}/skus`;
+    const response = await this.makeAuthenticatedRequest(endpoint);
+    const result = await response.json();
+    return {
+      skus: result.skus || result.SKUs || []
+    };
   }
-  try {
-    const url = new URL(rawURL);
-    if (url.protocol !== "http:" && url.protocol !== "https:") {
-      return "URL scheme must be http or https";
-    }
-  } catch {
-    return "Invalid URL format";
+  /**
+   * Get logs for an app
+   */
+  async getLogs(appID) {
+    const endpoint = `${this.config.userApiServerURL}/logs/${appID}`;
+    const response = await this.makeAuthenticatedRequest(endpoint, CanViewAppLogsPermission);
+    return await response.text();
   }
-  return void 0;
-}
-var VALID_X_HOSTS = ["twitter.com", "www.twitter.com", "x.com", "www.x.com"];
-function validateXURL(rawURL) {
-  const urlErr = validateURL(rawURL);
-  if (urlErr) {
-    return urlErr;
+  /**
+   * Get statuses for apps
+   */
+  async getStatuses(appIDs) {
+    const endpoint = `${this.config.userApiServerURL}/status`;
+    const url = `${endpoint}?${new URLSearchParams({ apps: appIDs.join(",") })}`;
+    const response = await this.makeAuthenticatedRequest(url);
+    const result = await response.json();
+    const apps = result.apps || result.Apps || [];
+    return apps.map((app, i) => ({
+      address: app.address || appIDs[i],
+      status: app.status || app.Status || ""
+    }));
   }
-  try {
-    const url = new URL(rawURL);
-    const host = url.hostname.toLowerCase();
-    if (!VALID_X_HOSTS.includes(host)) {
-      return "URL must be a valid X/Twitter URL (x.com or twitter.com)";
+  /**
+   * Upload app profile information with optional image
+   *
+   * @param appAddress - The app's contract address
+   * @param name - Display name for the app
+   * @param options - Optional fields including website, description, xURL, and image
+   * @param options.image - Image file as Blob or File (browser: from input element, Node.js: new Blob([buffer]))
+   * @param options.imageName - Filename for the image (required if image is provided)
+   */
+  async uploadAppProfile(appAddress, name, options) {
+    const endpoint = `${this.config.userApiServerURL}/apps/${appAddress}/profile`;
+    const formData = new FormData();
+    formData.append("name", name);
+    if (options?.website) {
+      formData.append("website", options.website);
     }
-    if (!url.pathname || url.pathname === "/") {
-      return "X URL must include a username or profile path";
+    if (options?.description) {
+      formData.append("description", options.description);
+    }
+    if (options?.xURL) {
+      formData.append("xURL", options.xURL);
+    }
+    if (options?.image) {
+      const fileName = options.image instanceof File ? options.image.name : options.imageName || "image";
+      formData.append("image", options.image, fileName);
+    }
+    const headers = {
+      "x-client-id": this.clientId
+    };
+    const expiry = BigInt(Math.floor(Date.now() / 1e3) + 5 * 60);
+    const authHeaders = await this.generateAuthHeaders(CanUpdateAppProfilePermission, expiry);
+    Object.assign(headers, authHeaders);
+    try {
+      const response = await import_axios.default.post(endpoint, formData, {
+        headers,
+        maxRedirects: 0,
+        validateStatus: () => true,
+        // Don't throw on any status
+        maxContentLength: Infinity,
+        // Allow large file uploads
+        maxBodyLength: Infinity
+        // Allow large file uploads
+      });
+      const status = response.status;
+      if (status !== 200 && status !== 201) {
+        const body = typeof response.data === "string" ? response.data : JSON.stringify(response.data);
+        if (status === 403 && body.includes("Cloudflare") && body.includes("challenge-platform")) {
+          throw new Error(
+            `Cloudflare protection is blocking the request. This is likely due to bot detection.
+Status: ${status}`
+          );
+        }
+        throw new Error(
+          `UserAPI request failed: ${status} ${status >= 200 && status < 300 ? "OK" : "Error"} - ${body.substring(0, 500)}${body.length > 500 ? "..." : ""}`
+        );
+      }
+      return response.data;
+    } catch (error) {
+      if (error.message?.includes("fetch failed") || error.message?.includes("ECONNREFUSED") || error.message?.includes("ENOTFOUND") || error.cause) {
+        const cause = error.cause?.message || error.cause || error.message;
+        throw new Error(
+          `Failed to connect to UserAPI at ${endpoint}: ${cause}
+Please check:
+1. Your internet connection
+2. The API server is accessible: ${this.config.userApiServerURL}
+3. Firewall/proxy settings`
+        );
+      }
+      throw error;
     }
-  } catch {
-    return "Invalid X URL format";
   }
-  return void 0;
-}
-var MAX_DESCRIPTION_LENGTH = 1e3;
-function validateDescription(description) {
-  if (!description.trim()) {
-    return "Description cannot be empty";
+  async makeAuthenticatedRequest(url, permission) {
+    const headers = {
+      "x-client-id": this.clientId
+    };
+    if (permission) {
+      const expiry = BigInt(Math.floor(Date.now() / 1e3) + 5 * 60);
+      const authHeaders = await this.generateAuthHeaders(permission, expiry);
+      Object.assign(headers, authHeaders);
+    }
+    try {
+      const response = await import_axios.default.get(url, {
+        headers,
+        maxRedirects: 0,
+        validateStatus: () => true
+        // Don't throw on any status
+      });
+      const status = response.status;
+      const statusText = status >= 200 && status < 300 ? "OK" : "Error";
+      if (status < 200 || status >= 300) {
+        const body = typeof response.data === "string" ? response.data : JSON.stringify(response.data);
+        throw new Error(`UserAPI request failed: ${status} ${statusText} - ${body}`);
+      }
+      return {
+        json: async () => response.data,
+        text: async () => typeof response.data === "string" ? response.data : JSON.stringify(response.data)
+      };
+    } catch (error) {
+      if (error.message?.includes("fetch failed") || error.message?.includes("ECONNREFUSED") || error.message?.includes("ENOTFOUND") || error.cause) {
+        const cause = error.cause?.message || error.cause || error.message;
+        throw new Error(
+          `Failed to connect to UserAPI at ${url}: ${cause}
+Please check:
+1. Your internet connection
+2. The API server is accessible: ${this.config.userApiServerURL}
+3. Firewall/proxy settings`
+        );
+      }
+      throw error;
+    }
   }
-  if (description.length > MAX_DESCRIPTION_LENGTH) {
-    return `Description cannot exceed ${MAX_DESCRIPTION_LENGTH} characters`;
+  /**
+   * Generate authentication headers for UserAPI requests
+   */
+  async generateAuthHeaders(permission, expiry) {
+    const { signature } = await calculatePermissionSignature({
+      permission,
+      expiry,
+      appControllerAddress: this.config.appControllerAddress,
+      publicClient: this.publicClient,
+      walletClient: this.walletClient
+    });
+    return {
+      Authorization: `Bearer ${stripHexPrefix(signature)}`,
+      "X-eigenx-expiry": expiry.toString()
+    };
   }
-  return void 0;
+};
+function transformAppReleaseBuild(raw) {
+  if (!isJsonObject(raw)) return void 0;
+  const depsRaw = raw.dependencies;
+  const deps = isJsonObject(depsRaw) ? Object.fromEntries(
+    Object.entries(depsRaw).flatMap(([digest, depRaw]) => {
+      const parsed = transformAppReleaseBuild(depRaw);
+      return parsed ? [[digest, parsed]] : [];
+    })
+  ) : void 0;
+  return {
+    buildId: readString(raw, "build_id") ?? readString(raw, "buildId"),
+    billingAddress: readString(raw, "billing_address") ?? readString(raw, "billingAddress"),
+    repoUrl: readString(raw, "repo_url") ?? readString(raw, "repoUrl"),
+    gitRef: readString(raw, "git_ref") ?? readString(raw, "gitRef"),
+    status: readString(raw, "status"),
+    buildType: readString(raw, "build_type") ?? readString(raw, "buildType"),
+    imageName: readString(raw, "image_name") ?? readString(raw, "imageName"),
+    imageDigest: readString(raw, "image_digest") ?? readString(raw, "imageDigest"),
+    imageUrl: readString(raw, "image_url") ?? readString(raw, "imageUrl"),
+    provenanceJson: raw.provenance_json ?? raw.provenanceJson,
+    provenanceSignature: readString(raw, "provenance_signature") ?? readString(raw, "provenanceSignature"),
+    createdAt: readString(raw, "created_at") ?? readString(raw, "createdAt"),
+    updatedAt: readString(raw, "updated_at") ?? readString(raw, "updatedAt"),
+    errorMessage: readString(raw, "error_message") ?? readString(raw, "errorMessage"),
+    dependencies: deps
+  };
 }
-var MAX_IMAGE_SIZE = 4 * 1024 * 1024;
-var VALID_IMAGE_EXTENSIONS = [".jpg", ".jpeg", ".png"];
-function validateImagePath(filePath) {
-  const cleanedPath = filePath.trim().replace(/^["']|["']$/g, "");
-  if (!cleanedPath) {
-    return "Image path cannot be empty";
+function transformAppRelease(raw) {
+  if (!isJsonObject(raw)) return void 0;
+  return {
+    appId: readString(raw, "appId") ?? readString(raw, "app_id"),
+    rmsReleaseId: readString(raw, "rmsReleaseId") ?? readString(raw, "rms_release_id"),
+    imageDigest: readString(raw, "imageDigest") ?? readString(raw, "image_digest"),
+    registryUrl: readString(raw, "registryUrl") ?? readString(raw, "registry_url"),
+    publicEnv: readString(raw, "publicEnv") ?? readString(raw, "public_env"),
+    encryptedEnv: readString(raw, "encryptedEnv") ?? readString(raw, "encrypted_env"),
+    upgradeByTime: readNumber(raw, "upgradeByTime") ?? readNumber(raw, "upgrade_by_time"),
+    createdAt: readString(raw, "createdAt") ?? readString(raw, "created_at"),
+    createdAtBlock: readString(raw, "createdAtBlock") ?? readString(raw, "created_at_block"),
+    build: raw.build ? transformAppReleaseBuild(raw.build) : void 0
+  };
+}
+
+// src/client/common/contract/watcher.ts
+var WATCH_POLL_INTERVAL_SECONDS = 5;
+var APP_STATUS_RUNNING = "Running";
+var APP_STATUS_FAILED = "Failed";
+async function watchUntilRunning(options, logger) {
+  const { walletClient, publicClient, environmentConfig, appId } = options;
+  const userApiClient = new UserApiClient(environmentConfig, walletClient, publicClient);
+  let initialStatus;
+  let initialIP;
+  let hasChanged = false;
+  const stopCondition = (status, ip) => {
+    if (!initialStatus) {
+      initialStatus = status;
+      initialIP = ip;
+    }
+    if (status !== initialStatus) {
+      hasChanged = true;
+    }
+    if (status === APP_STATUS_RUNNING && ip) {
+      if (hasChanged || initialStatus !== APP_STATUS_RUNNING) {
+        if (!initialIP || initialIP === "No IP assigned") {
+          logger.info(`App is now running with IP: ${ip}`);
+        } else {
+          logger.info("App is now running");
+        }
+        return true;
+      }
+    }
+    if (status === APP_STATUS_FAILED) {
+      throw new Error(`App entered ${status} state`);
+    }
+    return false;
+  };
+  while (true) {
+    try {
+      const info = await userApiClient.getInfos([appId], 1);
+      if (info.length === 0) {
+        await sleep(WATCH_POLL_INTERVAL_SECONDS * 1e3);
+        continue;
+      }
+      const appInfo = info[0];
+      const currentStatus = appInfo.status;
+      const currentIP = appInfo.ip || "";
+      if (stopCondition(currentStatus, currentIP)) {
+        return currentIP || void 0;
+      }
+      await sleep(WATCH_POLL_INTERVAL_SECONDS * 1e3);
+    } catch (error) {
+      logger.warn(`Failed to fetch app info: ${error.message}`);
+      await sleep(WATCH_POLL_INTERVAL_SECONDS * 1e3);
+    }
   }
-  if (!import_fs.default.existsSync(cleanedPath)) {
-    return `Image file not found: ${cleanedPath}`;
+}
+var APP_STATUS_STOPPED = "Stopped";
+async function watchUntilUpgradeComplete(options, logger) {
+  const { walletClient, publicClient, environmentConfig, appId } = options;
+  const userApiClient = new UserApiClient(environmentConfig, walletClient, publicClient);
+  let initialStatus;
+  let initialIP;
+  let hasChanged = false;
+  const stopCondition = (status, ip) => {
+    if (!initialStatus) {
+      initialStatus = status;
+      initialIP = ip;
+      if (status === APP_STATUS_STOPPED && ip) {
+        logger.info("App upgrade complete.");
+        logger.info(`Status: ${status}`);
+        logger.info(`To start the app, run: ecloud compute app start ${appId}`);
+        return true;
+      }
+    }
+    if (status !== initialStatus) {
+      hasChanged = true;
+    }
+    if (status === APP_STATUS_STOPPED && ip && hasChanged) {
+      logger.info("App upgrade complete.");
+      logger.info(`Status: ${status}`);
+      logger.info(`To start the app, run: ecloud compute app start ${appId}`);
+      return true;
+    }
+    if (status === APP_STATUS_RUNNING && ip && hasChanged) {
+      if (!initialIP || initialIP === "No IP assigned") {
+        logger.info(`App is now running with IP: ${ip}`);
+      } else {
+        logger.info("App is now running");
+      }
+      return true;
+    }
+    if (status === APP_STATUS_FAILED) {
+      throw new Error(`App entered ${status} state`);
+    }
+    return false;
+  };
+  while (true) {
+    try {
+      const info = await userApiClient.getInfos([appId], 1);
+      if (info.length === 0) {
+        await sleep(WATCH_POLL_INTERVAL_SECONDS * 1e3);
+        continue;
+      }
+      const appInfo = info[0];
+      const currentStatus = appInfo.status;
+      const currentIP = appInfo.ip || "";
+      if (stopCondition(currentStatus, currentIP)) {
+        return;
+      }
+      await sleep(WATCH_POLL_INTERVAL_SECONDS * 1e3);
+    } catch (error) {
+      logger.warn(`Failed to fetch app info: ${error.message}`);
+      await sleep(WATCH_POLL_INTERVAL_SECONDS * 1e3);
+    }
   }
-  const stats = import_fs.default.statSync(cleanedPath);
-  if (stats.isDirectory()) {
-    return "Path is a directory, not a file";
+}
+function sleep(ms) {
+  return new Promise((resolve2) => setTimeout(resolve2, ms));
+}
+
+// src/client/common/utils/validation.ts
+var import_fs = __toESM(require("fs"), 1);
+var import_path = __toESM(require("path"), 1);
+var import_viem5 = require("viem");
+function validateAppName(name) {
+  if (!name) {
+    throw new Error("App name cannot be empty");
   }
-  if (stats.size > MAX_IMAGE_SIZE) {
-    const sizeMB = (stats.size / (1024 * 1024)).toFixed(2);
-    return `Image file size (${sizeMB} MB) exceeds maximum allowed size of 4 MB`;
+  if (name.includes(" ")) {
+    throw new Error("App name cannot contain spaces");
   }
-  const ext = import_path.default.extname(cleanedPath).toLowerCase();
-  if (!VALID_IMAGE_EXTENSIONS.includes(ext)) {
-    return "Image must be JPG or PNG format";
+  if (name.length > 50) {
+    throw new Error("App name cannot be longer than 50 characters");
   }
-  return void 0;
 }
-function validateAppID(appID) {
-  if (!appID) {
-    throw new Error("App ID is required");
+function validateImageReference(value) {
+  if (!value) {
+    return "Image reference cannot be empty";
   }
-  const normalized = typeof appID === "string" ? addHexPrefix(appID) : appID;
-  if ((0, import_viem6.isAddress)(normalized)) {
-    return normalized;
+  if (!value.includes("/")) {
+    return "Image reference must contain at least one /";
   }
-  throw new Error(`Invalid app ID: '${appID}' is not a valid address`);
+  return true;
 }
-function validateLogVisibility(logVisibility) {
-  switch (logVisibility) {
-    case "public":
-      return { logRedirect: "always", publicLogs: true };
-    case "private":
-      return { logRedirect: "always", publicLogs: false };
-    case "off":
-      return { logRedirect: "", publicLogs: false };
-    default:
-      throw new Error(
-        `Invalid log-visibility value: ${logVisibility} (must be public, private, or off)`
-      );
+function assertValidImageReference(value) {
+  const result = validateImageReference(value);
+  if (result !== true) {
+    throw new Error(result);
   }
 }
-function validateResourceUsageMonitoring(resourceUsageMonitoring) {
-  if (!resourceUsageMonitoring) {
-    return "always";
-  }
-  switch (resourceUsageMonitoring) {
-    case "enable":
-      return "always";
-    case "disable":
-      return "never";
-    default:
-      throw new Error(
-        `Invalid resource-usage-monitoring value: ${resourceUsageMonitoring} (must be enable or disable)`
-      );
+function extractAppNameFromImage(imageRef) {
+  const parts = imageRef.split("/");
+  let imageName = parts.length > 1 ? parts[parts.length - 1] : imageRef;
+  if (imageName.includes(":")) {
+    imageName = imageName.split(":")[0];
   }
+  return imageName;
 }
-function hasScheme(rawURL) {
-  return rawURL.startsWith("http://") || rawURL.startsWith("https://");
-}
-function sanitizeString(s) {
-  return s.trim().replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#39;");
-}
-function sanitizeURL(rawURL) {
-  rawURL = rawURL.trim();
-  if (!hasScheme(rawURL)) {
-    rawURL = "https://" + rawURL;
+function validateFilePath(value) {
+  if (!value) {
+    return "File path cannot be empty";
   }
-  const err = validateURL(rawURL);
-  if (err) {
-    throw new Error(err);
+  if (!import_fs.default.existsSync(value)) {
+    return "File does not exist";
   }
-  return rawURL;
+  return true;
 }
-function sanitizeXURL(rawURL) {
-  rawURL = rawURL.trim();
-  if (!rawURL.includes("://") && !rawURL.includes(".")) {
-    const username = rawURL.startsWith("@") ? rawURL.slice(1) : rawURL;
-    rawURL = `https://x.com/${username}`;
-  } else if (!hasScheme(rawURL)) {
-    rawURL = "https://" + rawURL;
-  }
-  rawURL = rawURL.replace(/twitter\.com/g, "x.com");
-  rawURL = rawURL.replace(/www\.x\.com/g, "x.com");
-  const err = validateXURL(rawURL);
-  if (err) {
-    throw new Error(err);
+function assertValidFilePath(value) {
+  const result = validateFilePath(value);
+  if (result !== true) {
+    throw new Error(result);
   }
-  return rawURL;
 }
-function validateDeployParams(params) {
-  if (!params.dockerfilePath && !params.imageRef) {
-    throw new Error("Either dockerfilePath or imageRef is required for deployment");
-  }
-  if (params.imageRef) {
-    assertValidImageReference(params.imageRef);
-  }
-  if (params.dockerfilePath) {
-    assertValidFilePath(params.dockerfilePath);
+function validateInstanceTypeSKU(sku, availableTypes) {
+  if (!sku) {
+    throw new Error("Instance type SKU cannot be empty");
   }
-  if (!params.appName) {
-    throw new Error("App name is required");
+  for (const it of availableTypes) {
+    if (it.sku === sku) {
+      return sku;
+    }
   }
-  validateAppName(params.appName);
-  if (!params.instanceType) {
+  const validSKUs = availableTypes.map((it) => it.sku).join(", ");
+  throw new Error(`Invalid instance-type value: ${sku} (must be one of: ${validSKUs})`);
+}
+function validatePrivateKeyFormat(key) {
+  const keyWithoutPrefix = stripHexPrefix(key);
+  if (!/^[0-9a-fA-F]{64}$/.test(keyWithoutPrefix)) {
+    return false;
+  }
+  return true;
+}
+function assertValidPrivateKey(key) {
+  if (!key) {
+    throw new Error("Private key is required");
+  }
+  if (!validatePrivateKeyFormat(key)) {
+    throw new Error(
+      "Invalid private key format (must be 64 hex characters, optionally prefixed with 0x)"
+    );
+  }
+}
+function validateURL(rawURL) {
+  if (!rawURL.trim()) {
+    return "URL cannot be empty";
+  }
+  try {
+    const url = new URL(rawURL);
+    if (url.protocol !== "http:" && url.protocol !== "https:") {
+      return "URL scheme must be http or https";
+    }
+  } catch {
+    return "Invalid URL format";
+  }
+  return void 0;
+}
+var VALID_X_HOSTS = ["twitter.com", "www.twitter.com", "x.com", "www.x.com"];
+function validateXURL(rawURL) {
+  const urlErr = validateURL(rawURL);
+  if (urlErr) {
+    return urlErr;
+  }
+  try {
+    const url = new URL(rawURL);
+    const host = url.hostname.toLowerCase();
+    if (!VALID_X_HOSTS.includes(host)) {
+      return "URL must be a valid X/Twitter URL (x.com or twitter.com)";
+    }
+    if (!url.pathname || url.pathname === "/") {
+      return "X URL must include a username or profile path";
+    }
+  } catch {
+    return "Invalid X URL format";
+  }
+  return void 0;
+}
+var MAX_DESCRIPTION_LENGTH = 1e3;
+function validateDescription(description) {
+  if (!description.trim()) {
+    return "Description cannot be empty";
+  }
+  if (description.length > MAX_DESCRIPTION_LENGTH) {
+    return `Description cannot exceed ${MAX_DESCRIPTION_LENGTH} characters`;
+  }
+  return void 0;
+}
+var MAX_IMAGE_SIZE = 4 * 1024 * 1024;
+var VALID_IMAGE_EXTENSIONS = [".jpg", ".jpeg", ".png"];
+function validateImagePath(filePath) {
+  const cleanedPath = filePath.trim().replace(/^["']|["']$/g, "");
+  if (!cleanedPath) {
+    return "Image path cannot be empty";
+  }
+  if (!import_fs.default.existsSync(cleanedPath)) {
+    return `Image file not found: ${cleanedPath}`;
+  }
+  const stats = import_fs.default.statSync(cleanedPath);
+  if (stats.isDirectory()) {
+    return "Path is a directory, not a file";
+  }
+  if (stats.size > MAX_IMAGE_SIZE) {
+    const sizeMB = (stats.size / (1024 * 1024)).toFixed(2);
+    return `Image file size (${sizeMB} MB) exceeds maximum allowed size of 4 MB`;
+  }
+  const ext = import_path.default.extname(cleanedPath).toLowerCase();
+  if (!VALID_IMAGE_EXTENSIONS.includes(ext)) {
+    return "Image must be JPG or PNG format";
+  }
+  return void 0;
+}
+function validateAppID(appID) {
+  if (!appID) {
+    throw new Error("App ID is required");
+  }
+  const normalized = typeof appID === "string" ? addHexPrefix(appID) : appID;
+  if ((0, import_viem5.isAddress)(normalized)) {
+    return normalized;
+  }
+  throw new Error(`Invalid app ID: '${appID}' is not a valid address`);
+}
+function validateLogVisibility(logVisibility) {
+  switch (logVisibility) {
+    case "public":
+      return { logRedirect: "always", publicLogs: true };
+    case "private":
+      return { logRedirect: "always", publicLogs: false };
+    case "off":
+      return { logRedirect: "", publicLogs: false };
+    default:
+      throw new Error(
+        `Invalid log-visibility value: ${logVisibility} (must be public, private, or off)`
+      );
+  }
+}
+function validateResourceUsageMonitoring(resourceUsageMonitoring) {
+  if (!resourceUsageMonitoring) {
+    return "always";
+  }
+  switch (resourceUsageMonitoring) {
+    case "enable":
+      return "always";
+    case "disable":
+      return "never";
+    default:
+      throw new Error(
+        `Invalid resource-usage-monitoring value: ${resourceUsageMonitoring} (must be enable or disable)`
+      );
+  }
+}
+function hasScheme(rawURL) {
+  return rawURL.startsWith("http://") || rawURL.startsWith("https://");
+}
+function sanitizeString(s) {
+  return s.trim().replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#39;");
+}
+function sanitizeURL(rawURL) {
+  rawURL = rawURL.trim();
+  if (!hasScheme(rawURL)) {
+    rawURL = "https://" + rawURL;
+  }
+  const err = validateURL(rawURL);
+  if (err) {
+    throw new Error(err);
+  }
+  return rawURL;
+}
+function sanitizeXURL(rawURL) {
+  rawURL = rawURL.trim();
+  if (!rawURL.includes("://") && !rawURL.includes(".")) {
+    const username = rawURL.startsWith("@") ? rawURL.slice(1) : rawURL;
+    rawURL = `https://x.com/${username}`;
+  } else if (!hasScheme(rawURL)) {
+    rawURL = "https://" + rawURL;
+  }
+  rawURL = rawURL.replace(/twitter\.com/g, "x.com");
+  rawURL = rawURL.replace(/www\.x\.com/g, "x.com");
+  const err = validateXURL(rawURL);
+  if (err) {
+    throw new Error(err);
+  }
+  return rawURL;
+}
+function validateDeployParams(params) {
+  if (!params.dockerfilePath && !params.imageRef) {
+    throw new Error("Either dockerfilePath or imageRef is required for deployment");
+  }
+  if (params.imageRef) {
+    assertValidImageReference(params.imageRef);
+  }
+  if (params.dockerfilePath) {
+    assertValidFilePath(params.dockerfilePath);
+  }
+  if (!params.appName) {
+    throw new Error("App name is required");
+  }
+  validateAppName(params.appName);
+  if (!params.instanceType) {
     throw new Error("Instance type is required");
   }
   if (!params.logVisibility) {
@@ -5447,69 +5213,245 @@ function validateLogsParams(params) {
   validateAppID(params.appID);
 }
 
-// src/client/common/utils/preflight.ts
-var import_viem7 = require("viem");
-var import_accounts4 = require("viem/accounts");
-async function doPreflightChecks(options, logger) {
-  logger.debug("Checking authentication...");
-  const privateKey = await getPrivateKeyOrFail(options.privateKey);
-  logger.debug("Determining environment...");
-  const environmentConfig = getEnvironmentConfig(options.environment || "sepolia");
-  let rpcUrl = options.rpcUrl;
-  if (!rpcUrl) {
-    rpcUrl = process.env.RPC_URL ?? environmentConfig.defaultRPCURL;
+// src/client/common/config/environment.ts
+var SEPOLIA_CHAIN_ID = 11155111;
+var MAINNET_CHAIN_ID = 1;
+var CommonAddresses = {
+  ERC7702Delegator: "0x63c0c19a282a1b52b07dd5a65b58948a07dae32b"
+};
+var ChainAddresses = {
+  [MAINNET_CHAIN_ID]: {
+    PermissionController: "0x25E5F8B1E7aDf44518d35D5B2271f114e081f0E5"
+  },
+  [SEPOLIA_CHAIN_ID]: {
+    PermissionController: "0x44632dfBdCb6D3E21EF613B0ca8A6A0c618F5a37"
   }
-  if (!rpcUrl) {
+};
+var BILLING_ENVIRONMENTS = {
+  dev: {
+    billingApiServerURL: "https://billingapi-dev.eigencloud.xyz"
+  },
+  prod: {
+    billingApiServerURL: "https://billingapi.eigencloud.xyz"
+  }
+};
+var ENVIRONMENTS = {
+  "sepolia-dev": {
+    name: "sepolia",
+    build: "dev",
+    appControllerAddress: "0xa86DC1C47cb2518327fB4f9A1627F51966c83B92",
+    permissionControllerAddress: ChainAddresses[SEPOLIA_CHAIN_ID].PermissionController,
+    erc7702DelegatorAddress: CommonAddresses.ERC7702Delegator,
+    kmsServerURL: "http://10.128.0.57:8080",
+    userApiServerURL: "https://userapi-compute-sepolia-dev.eigencloud.xyz",
+    defaultRPCURL: "https://ethereum-sepolia-rpc.publicnode.com"
+  },
+  sepolia: {
+    name: "sepolia",
+    build: "prod",
+    appControllerAddress: "0x0dd810a6ffba6a9820a10d97b659f07d8d23d4E2",
+    permissionControllerAddress: ChainAddresses[SEPOLIA_CHAIN_ID].PermissionController,
+    erc7702DelegatorAddress: CommonAddresses.ERC7702Delegator,
+    kmsServerURL: "http://10.128.15.203:8080",
+    userApiServerURL: "https://userapi-compute-sepolia-prod.eigencloud.xyz",
+    defaultRPCURL: "https://ethereum-sepolia-rpc.publicnode.com"
+  },
+  "mainnet-alpha": {
+    name: "mainnet-alpha",
+    build: "prod",
+    appControllerAddress: "0xc38d35Fc995e75342A21CBd6D770305b142Fbe67",
+    permissionControllerAddress: ChainAddresses[MAINNET_CHAIN_ID].PermissionController,
+    erc7702DelegatorAddress: CommonAddresses.ERC7702Delegator,
+    kmsServerURL: "http://10.128.0.2:8080",
+    userApiServerURL: "https://userapi-compute.eigencloud.xyz",
+    defaultRPCURL: "https://ethereum-rpc.publicnode.com"
+  }
+};
+var CHAIN_ID_TO_ENVIRONMENT = {
+  [SEPOLIA_CHAIN_ID.toString()]: "sepolia",
+  [MAINNET_CHAIN_ID.toString()]: "mainnet-alpha"
+};
+function getEnvironmentConfig(environment, chainID) {
+  const env = ENVIRONMENTS[environment];
+  if (!env) {
+    throw new Error(`Unknown environment: ${environment}`);
+  }
+  if (!isEnvironmentAvailable(environment)) {
     throw new Error(
-      `RPC URL is required. Provide via options.rpcUrl, RPC_URL env var, or ensure environment has default RPC URL`
+      `Environment ${environment} is not available in this build type. Available environments: ${getAvailableEnvironments().join(", ")}`
     );
   }
-  logger.debug("Testing network connectivity...");
-  const publicClient = (0, import_viem7.createPublicClient)({
-    transport: (0, import_viem7.http)(rpcUrl)
-  });
-  try {
-    const chainID = await publicClient.getChainId();
-    if (BigInt(chainID) !== environmentConfig.chainID) {
-      throw new Error(`Chain ID mismatch: expected ${environmentConfig.chainID}, got ${chainID}`);
+  if (chainID) {
+    const expectedEnv = CHAIN_ID_TO_ENVIRONMENT[chainID.toString()];
+    if (expectedEnv && expectedEnv !== environment) {
+      throw new Error(`Environment ${environment} does not match chain ID ${chainID}`);
     }
-  } catch (err) {
-    throw new Error(`Cannot connect to ${environmentConfig.name} RPC at ${rpcUrl}: ${err.message}`);
   }
-  const privateKeyHex = addHexPrefix(privateKey);
-  const account = (0, import_accounts4.privateKeyToAccount)(privateKeyHex);
-  const selfAddress = account.address;
+  const resolvedChainID = chainID || (environment === "sepolia" || environment === "sepolia-dev" ? SEPOLIA_CHAIN_ID : MAINNET_CHAIN_ID);
   return {
-    privateKey: privateKeyHex,
-    rpcUrl,
-    environmentConfig,
-    account,
-    selfAddress
+    ...env,
+    chainID: BigInt(resolvedChainID)
   };
 }
-async function getPrivateKeyOrFail(privateKey) {
-  if (privateKey) {
-    validatePrivateKey(privateKey);
-    return privateKey;
+function getBillingEnvironmentConfig(build) {
+  const config = BILLING_ENVIRONMENTS[build];
+  if (!config) {
+    throw new Error(`Unknown billing environment: ${build}`);
   }
-  if (process.env.PRIVATE_KEY) {
-    validatePrivateKey(process.env.PRIVATE_KEY);
-    return process.env.PRIVATE_KEY;
+  return config;
+}
+function getBuildType() {
+  const buildTimeType = true ? "dev"?.toLowerCase() : void 0;
+  const runtimeType = process.env.BUILD_TYPE?.toLowerCase();
+  const buildType = buildTimeType || runtimeType;
+  if (buildType === "dev") {
+    return "dev";
   }
-  throw new Error(
-    `private key required. Please provide it via:
-  \u2022 Option: privateKey in deploy options
-  \u2022 Environment: export PRIVATE_KEY=YOUR_KEY
-  \u2022 Keyring: (not yet implemented)`
-  );
+  return "prod";
 }
-function validatePrivateKey(key) {
-  const cleaned = stripHexPrefix(key);
-  if (!/^[0-9a-fA-F]{64}$/.test(cleaned)) {
-    throw new Error("Invalid private key format (must be 64 hex characters)");
+function getAvailableEnvironments() {
+  const buildType = getBuildType();
+  if (buildType === "dev") {
+    return ["sepolia-dev"];
   }
+  return ["sepolia", "mainnet-alpha"];
+}
+function isEnvironmentAvailable(environment) {
+  return getAvailableEnvironments().includes(environment);
+}
+function isMainnet(environmentConfig) {
+  return environmentConfig.chainID === BigInt(MAINNET_CHAIN_ID);
+}
+
+// src/client/common/utils/preflight.ts
+async function doPreflightChecks(options, logger) {
+  const { walletClient, publicClient } = options;
+  logger.debug("Determining environment...");
+  const environmentConfig = getEnvironmentConfig(options.environment || "sepolia");
+  const account = walletClient.account;
+  if (!account) {
+    throw new Error("WalletClient must have an account attached");
+  }
+  logger.debug("Validating chain ID...");
+  try {
+    const chainID = await publicClient.getChainId();
+    if (BigInt(chainID) !== environmentConfig.chainID) {
+      throw new Error(`Chain ID mismatch: expected ${environmentConfig.chainID}, got ${chainID}`);
+    }
+  } catch (err) {
+    throw new Error(
+      `Cannot connect to ${environmentConfig.name} RPC at ${publicClient.transport.url}: ${err.message}`
+    );
+  }
+  return {
+    walletClient,
+    publicClient,
+    environmentConfig,
+    selfAddress: account.address
+  };
+}
+
+// src/client/common/utils/logger.ts
+var defaultLogger = {
+  info: (...args) => console.info(...args),
+  warn: (...args) => console.warn(...args),
+  error: (...args) => console.error(...args),
+  debug: (...args) => console.debug(...args)
+};
+var getLogger = (verbose) => ({
+  info: (...args) => console.info(...args),
+  warn: (...args) => console.warn(...args),
+  error: (...args) => console.error(...args),
+  debug: (...args) => verbose && console.debug(...args)
+});
+
+// src/client/common/utils/billing.ts
+function isSubscriptionActive(status) {
+  return status === "active" || status === "trialing";
 }
 
+// src/client/common/utils/billingapi.ts
+var import_axios2 = __toESM(require("axios"), 1);
+var BillingApiClient = class {
+  constructor(config, walletClient) {
+    this.config = config;
+    this.walletClient = walletClient;
+  }
+  /**
+   * Get the address of the connected wallet
+   */
+  get address() {
+    const account = this.walletClient.account;
+    if (!account) {
+      throw new Error("WalletClient must have an account attached");
+    }
+    return account.address;
+  }
+  async createSubscription(productId = "compute") {
+    const endpoint = `${this.config.billingApiServerURL}/products/${productId}/subscription`;
+    const resp = await this.makeAuthenticatedRequest(endpoint, "POST", productId);
+    return resp.json();
+  }
+  async getSubscription(productId = "compute") {
+    const endpoint = `${this.config.billingApiServerURL}/products/${productId}/subscription`;
+    const resp = await this.makeAuthenticatedRequest(endpoint, "GET", productId);
+    return resp.json();
+  }
+  async cancelSubscription(productId = "compute") {
+    const endpoint = `${this.config.billingApiServerURL}/products/${productId}/subscription`;
+    await this.makeAuthenticatedRequest(endpoint, "DELETE", productId);
+  }
+  /**
+   * Make an authenticated request to the billing API
+   */
+  async makeAuthenticatedRequest(url, method, productId) {
+    const expiry = BigInt(Math.floor(Date.now() / 1e3) + 5 * 60);
+    const { signature } = await calculateBillingAuthSignature({
+      walletClient: this.walletClient,
+      product: productId,
+      expiry
+    });
+    const headers = {
+      Authorization: `Bearer ${signature}`,
+      "X-Account": this.address,
+      "X-Expiry": expiry.toString()
+    };
+    try {
+      const response = await (0, import_axios2.default)({
+        method,
+        url,
+        headers,
+        timeout: 3e4,
+        maxRedirects: 0,
+        validateStatus: () => true
+        // Don't throw on any status
+      });
+      const status = response.status;
+      const statusText = status >= 200 && status < 300 ? "OK" : "Error";
+      if (status < 200 || status >= 300) {
+        const body = typeof response.data === "string" ? response.data : JSON.stringify(response.data);
+        throw new Error(`BillingAPI request failed: ${status} ${statusText} - ${body}`);
+      }
+      return {
+        json: async () => response.data,
+        text: async () => typeof response.data === "string" ? response.data : JSON.stringify(response.data)
+      };
+    } catch (error) {
+      if (error.message?.includes("fetch failed") || error.message?.includes("ECONNREFUSED") || error.message?.includes("ENOTFOUND") || error.cause) {
+        const cause = error.cause?.message || error.cause || error.message;
+        throw new Error(
+          `Failed to connect to BillingAPI at ${url}: ${cause}
+Please check:
+1. Your internet connection
+2. The API server is accessible: ${this.config.billingApiServerURL}
+3. Firewall/proxy settings`
+        );
+      }
+      throw error;
+    }
+  }
+};
+
 // src/client/common/telemetry/noop.ts
 var NoopClient = class {
   /**
@@ -5716,7 +5658,9 @@ async function prepareDeployFromVerifiableBuild(options, logger = defaultLogger)
       }
     },
     async () => {
-      if (!options.privateKey) throw new Error("privateKey is required for deployment");
+      if (!options.walletClient.account) {
+        throw new Error("WalletClient must have an account attached");
+      }
       if (!options.imageRef) throw new Error("imageRef is required for deployment");
       if (!options.imageDigest) throw new Error("imageDigest is required for deployment");
       assertValidImageReference(options.imageRef);
@@ -5732,8 +5676,8 @@ async function prepareDeployFromVerifiableBuild(options, logger = defaultLogger)
       logger.debug("Performing preflight checks...");
       const preflightCtx = await doPreflightChecks(
         {
-          privateKey: options.privateKey,
-          rpcUrl: options.rpcUrl,
+          walletClient: options.walletClient,
+          publicClient: options.publicClient,
           environment: options.environment
         },
         logger
@@ -5743,12 +5687,12 @@ async function prepareDeployFromVerifiableBuild(options, logger = defaultLogger)
       const salt = generateRandomSalt();
       logger.debug(`Generated salt: ${Buffer.from(salt).toString("hex")}`);
       logger.debug("Calculating app ID...");
-      const appIDToBeDeployed = await calculateAppID(
-        preflightCtx.privateKey,
-        options.rpcUrl || preflightCtx.rpcUrl,
-        preflightCtx.environmentConfig,
+      const appIDToBeDeployed = await calculateAppID({
+        publicClient: preflightCtx.publicClient,
+        environmentConfig: preflightCtx.environmentConfig,
+        ownerAddress: preflightCtx.selfAddress,
         salt
-      );
+      });
       logger.info(``);
       logger.info(`App ID: ${appIDToBeDeployed}`);
       logger.info(``);
@@ -5766,12 +5710,13 @@ async function prepareDeployFromVerifiableBuild(options, logger = defaultLogger)
       logger.debug("Preparing deploy batch...");
       const batch = await prepareDeployBatch(
         {
-          privateKey: preflightCtx.privateKey,
-          rpcUrl: options.rpcUrl || preflightCtx.rpcUrl,
+          walletClient: preflightCtx.walletClient,
+          publicClient: preflightCtx.publicClient,
           environmentConfig: preflightCtx.environmentConfig,
           salt,
           release,
-          publicLogs
+          publicLogs,
+          imageRef: options.imageRef
         },
         logger
       );
@@ -5798,8 +5743,8 @@ async function prepareDeployFromVerifiableBuild(options, logger = defaultLogger)
   );
 }
 function validateDeployOptions(options) {
-  if (!options.privateKey) {
-    throw new Error("privateKey is required for deployment");
+  if (!options.walletClient.account) {
+    throw new Error("WalletClient must have an account attached");
   }
   if (!options.dockerfilePath && !options.imageRef) {
     throw new Error("Either dockerfilePath or imageRef is required for deployment");
@@ -5838,8 +5783,8 @@ async function deploy(options, logger = defaultLogger) {
       logger.debug("Performing preflight checks...");
       const preflightCtx = await doPreflightChecks(
         {
-          privateKey: options.privateKey,
-          rpcUrl: options.rpcUrl,
+          walletClient: options.walletClient,
+          publicClient: options.publicClient,
           environment: options.environment
         },
         logger
@@ -5856,12 +5801,12 @@ async function deploy(options, logger = defaultLogger) {
       const salt = generateRandomSalt();
       logger.debug(`Generated salt: ${Buffer.from(salt).toString("hex")}`);
       logger.debug("Calculating app ID...");
-      const appIDToBeDeployed = await calculateAppID(
-        preflightCtx.privateKey,
-        options.rpcUrl || preflightCtx.rpcUrl,
-        preflightCtx.environmentConfig,
+      const appIDToBeDeployed = await calculateAppID({
+        publicClient: preflightCtx.publicClient,
+        environmentConfig: preflightCtx.environmentConfig,
+        ownerAddress: preflightCtx.selfAddress,
         salt
-      );
+      });
       logger.info(``);
       logger.info(`App ID: ${appIDToBeDeployed}`);
       logger.info(``);
@@ -5882,8 +5827,8 @@ async function deploy(options, logger = defaultLogger) {
       logger.info("Deploying on-chain...");
       const deployResult = await deployApp(
         {
-          privateKey: preflightCtx.privateKey,
-          rpcUrl: options.rpcUrl || preflightCtx.rpcUrl,
+          walletClient: preflightCtx.walletClient,
+          publicClient: preflightCtx.publicClient,
           environmentConfig: preflightCtx.environmentConfig,
           salt,
           release,
@@ -5896,8 +5841,8 @@ async function deploy(options, logger = defaultLogger) {
       logger.info("Waiting for app to start...");
       const ipAddress = await watchUntilRunning(
         {
-          privateKey: preflightCtx.privateKey,
-          rpcUrl: options.rpcUrl || preflightCtx.rpcUrl,
+          walletClient: preflightCtx.walletClient,
+          publicClient: preflightCtx.publicClient,
           environmentConfig: preflightCtx.environmentConfig,
           appId: deployResult.appId
         },
@@ -5914,12 +5859,10 @@ async function deploy(options, logger = defaultLogger) {
   );
 }
 async function checkQuotaAvailable(preflightCtx) {
-  const rpcUrl = preflightCtx.rpcUrl;
-  const environmentConfig = preflightCtx.environmentConfig;
-  const userAddress = preflightCtx.selfAddress;
+  const { publicClient, environmentConfig, selfAddress: userAddress } = preflightCtx;
   let maxQuota;
   try {
-    maxQuota = await getMaxActiveAppsPerUser(rpcUrl, environmentConfig, userAddress);
+    maxQuota = await getMaxActiveAppsPerUser(publicClient, environmentConfig, userAddress);
   } catch (err) {
     throw new Error(`failed to get quota limit: ${err.message}`);
   }
@@ -5930,7 +5873,7 @@ async function checkQuotaAvailable(preflightCtx) {
   }
   let activeCount;
   try {
-    activeCount = await getActiveAppCount(rpcUrl, environmentConfig, userAddress);
+    activeCount = await getActiveAppCount(publicClient, environmentConfig, userAddress);
   } catch (err) {
     throw new Error(`failed to get active app count: ${err.message}`);
   }
@@ -5961,8 +5904,8 @@ async function prepareDeploy(options, logger = defaultLogger) {
       logger.debug("Performing preflight checks...");
       const preflightCtx = await doPreflightChecks(
         {
-          privateKey: options.privateKey,
-          rpcUrl: options.rpcUrl,
+          walletClient: options.walletClient,
+          publicClient: options.publicClient,
           environment: options.environment
         },
         logger
@@ -5979,12 +5922,12 @@ async function prepareDeploy(options, logger = defaultLogger) {
       const salt = generateRandomSalt();
       logger.debug(`Generated salt: ${Buffer.from(salt).toString("hex")}`);
       logger.debug("Calculating app ID...");
-      const appIDToBeDeployed = await calculateAppID(
-        preflightCtx.privateKey,
-        options.rpcUrl || preflightCtx.rpcUrl,
-        preflightCtx.environmentConfig,
+      const appIDToBeDeployed = await calculateAppID({
+        publicClient: preflightCtx.publicClient,
+        environmentConfig: preflightCtx.environmentConfig,
+        ownerAddress: preflightCtx.selfAddress,
         salt
-      );
+      });
       logger.info(``);
       logger.info(`App ID: ${appIDToBeDeployed}`);
       logger.info(``);
@@ -6005,12 +5948,13 @@ async function prepareDeploy(options, logger = defaultLogger) {
       logger.debug("Preparing deploy batch...");
       const batch = await prepareDeployBatch(
         {
-          privateKey: preflightCtx.privateKey,
-          rpcUrl: options.rpcUrl || preflightCtx.rpcUrl,
+          walletClient: preflightCtx.walletClient,
+          publicClient: preflightCtx.publicClient,
           environmentConfig: preflightCtx.environmentConfig,
           salt,
           release,
-          publicLogs
+          publicLogs,
+          imageRef: finalImageRef
         },
         logger
       );
@@ -6055,25 +5999,23 @@ async function executeDeploy(options) {
     }
   );
 }
-async function watchDeployment(appId, privateKey, rpcUrl, environment, logger = defaultLogger, clientId, skipTelemetry) {
+async function watchDeployment(appId, walletClient, publicClient, environmentConfig, logger = defaultLogger, skipTelemetry) {
   return withSDKTelemetry(
     {
       functionName: "watchDeployment",
       skipTelemetry,
       properties: {
-        environment
+        environment: environmentConfig.name
       }
     },
     async () => {
-      const environmentConfig = getEnvironmentConfig(environment);
       logger.info("Waiting for app to start...");
       return watchUntilRunning(
         {
-          privateKey,
-          rpcUrl,
+          walletClient,
+          publicClient,
           environmentConfig,
-          appId,
-          clientId
+          appId
         },
         logger
       );
@@ -6082,18 +6024,12 @@ async function watchDeployment(appId, privateKey, rpcUrl, environment, logger =
 }
 
 // src/client/common/utils/permissions.ts
-var import_viem8 = require("viem");
 var AnyoneCanCallAddress = "0x493219d9949348178af1f58740655951a8cd110c";
 var ApiPermissionsTarget = "0x57ee1fb74c1087e26446abc4fb87fd8f07c43d8d";
 var CanViewAppLogsPermission2 = "0x2fd3f2fe";
 async function checkAppLogPermission(preflightCtx, appAddress, logger) {
-  const chain = getChainFromID(preflightCtx.environmentConfig.chainID);
-  const publicClient = (0, import_viem8.createPublicClient)({
-    chain,
-    transport: (0, import_viem8.http)(preflightCtx.rpcUrl)
-  });
   try {
-    const canCall = await publicClient.readContract({
+    const canCall = await preflightCtx.publicClient.readContract({
       address: preflightCtx.environmentConfig.permissionControllerAddress,
       abi: PermissionController_default,
       functionName: "canCall",
@@ -6120,8 +6056,8 @@ async function prepareUpgradeFromVerifiableBuild(options, logger = defaultLogger
       logger.debug("Performing preflight checks...");
       const preflightCtx = await doPreflightChecks(
         {
-          privateKey: options.privateKey,
-          rpcUrl: options.rpcUrl,
+          walletClient: options.walletClient,
+          publicClient: options.publicClient,
           environment: options.environment
         },
         logger
@@ -6153,13 +6089,14 @@ async function prepareUpgradeFromVerifiableBuild(options, logger = defaultLogger
       const needsPermissionChange = currentlyPublic !== publicLogs;
       logger.debug("Preparing upgrade batch...");
       const batch = await prepareUpgradeBatch({
-        privateKey: preflightCtx.privateKey,
-        rpcUrl: options.rpcUrl || preflightCtx.rpcUrl,
+        walletClient: preflightCtx.walletClient,
+        publicClient: preflightCtx.publicClient,
         environmentConfig: preflightCtx.environmentConfig,
-        appId: appID,
+        appID,
         release,
         publicLogs,
-        needsPermissionChange
+        needsPermissionChange,
+        imageRef: options.imageRef
       });
       logger.debug("Estimating gas...");
       const gasEstimate = await estimateBatchGas({
@@ -6183,8 +6120,8 @@ async function prepareUpgradeFromVerifiableBuild(options, logger = defaultLogger
   );
 }
 function validateUpgradeOptions(options) {
-  if (!options.privateKey) {
-    throw new Error("privateKey is required for upgrade");
+  if (!options.walletClient?.account) {
+    throw new Error("walletClient with account is required for upgrade");
   }
   if (!options.appId) {
     throw new Error("appId is required for upgrade");
@@ -6221,8 +6158,8 @@ async function upgrade(options, logger = defaultLogger) {
       logger.debug("Performing preflight checks...");
       const preflightCtx = await doPreflightChecks(
         {
-          privateKey: options.privateKey,
-          rpcUrl: options.rpcUrl,
+          walletClient: options.walletClient,
+          publicClient: options.publicClient,
           environment: options.environment
         },
         logger
@@ -6256,10 +6193,10 @@ async function upgrade(options, logger = defaultLogger) {
       logger.info("Upgrading on-chain...");
       const txHash = await upgradeApp(
         {
-          privateKey: preflightCtx.privateKey,
-          rpcUrl: options.rpcUrl || preflightCtx.rpcUrl,
+          walletClient: preflightCtx.walletClient,
+          publicClient: preflightCtx.publicClient,
           environmentConfig: preflightCtx.environmentConfig,
-          appId: appID,
+          appID,
           release,
           publicLogs,
           needsPermissionChange,
@@ -6271,8 +6208,8 @@ async function upgrade(options, logger = defaultLogger) {
       logger.info("Waiting for upgrade to complete...");
       await watchUntilUpgradeComplete(
         {
-          privateKey: preflightCtx.privateKey,
-          rpcUrl: options.rpcUrl || preflightCtx.rpcUrl,
+          walletClient: preflightCtx.walletClient,
+          publicClient: preflightCtx.publicClient,
           environmentConfig: preflightCtx.environmentConfig,
           appId: appID
         },
@@ -6299,8 +6236,8 @@ async function prepareUpgrade(options, logger = defaultLogger) {
       logger.debug("Performing preflight checks...");
       const preflightCtx = await doPreflightChecks(
         {
-          privateKey: options.privateKey,
-          rpcUrl: options.rpcUrl,
+          walletClient: options.walletClient,
+          publicClient: options.publicClient,
           environment: options.environment
         },
         logger
@@ -6333,13 +6270,14 @@ async function prepareUpgrade(options, logger = defaultLogger) {
       const needsPermissionChange = currentlyPublic !== publicLogs;
       logger.debug("Preparing upgrade batch...");
       const batch = await prepareUpgradeBatch({
-        privateKey: preflightCtx.privateKey,
-        rpcUrl: options.rpcUrl || preflightCtx.rpcUrl,
+        walletClient: preflightCtx.walletClient,
+        publicClient: preflightCtx.publicClient,
         environmentConfig: preflightCtx.environmentConfig,
-        appId: appID,
+        appID,
         release,
         publicLogs,
-        needsPermissionChange
+        needsPermissionChange,
+        imageRef: finalImageRef
       });
       logger.debug("Estimating gas...");
       const gasEstimate = await estimateBatchGas({
@@ -6380,25 +6318,23 @@ async function executeUpgrade(options) {
     }
   );
 }
-async function watchUpgrade(appId, privateKey, rpcUrl, environment, logger = defaultLogger, clientId, skipTelemetry) {
+async function watchUpgrade(appId, walletClient, publicClient, environmentConfig, logger = defaultLogger, skipTelemetry) {
   return withSDKTelemetry(
     {
       functionName: "watchUpgrade",
       skipTelemetry,
       properties: {
-        environment
+        environment: environmentConfig.name
       }
     },
     async () => {
-      const environmentConfig = getEnvironmentConfig(environment);
       logger.info("Waiting for upgrade to complete...");
       await watchUntilUpgradeComplete(
         {
-          privateKey,
-          rpcUrl,
+          walletClient,
+          publicClient,
           environmentConfig,
-          appId,
-          clientId
+          appId
         },
         logger
       );
@@ -6962,31 +6898,24 @@ async function watchLogs(appID, userApiClient, initialLogs) {
   }
   console.log("\nStopped watching");
 }
-async function logs(options, logger = defaultLogger, skipTelemetry = false) {
-  const skipTelemetryFlag = skipTelemetry || options.skipTelemetry || false;
+async function logs(options, walletClient, publicClient, environmentConfig, logger = defaultLogger, skipTelemetry = false) {
   return withSDKTelemetry(
     {
       functionName: "logs",
-      skipTelemetry: skipTelemetryFlag,
-      properties: { environment: options.environment || "sepolia" }
+      skipTelemetry,
+      properties: { environment: environmentConfig.name }
     },
     async () => {
       console.log();
       if (!options.appID) {
         throw new Error("appID is required for viewing logs");
       }
-      const environment = options.environment || "sepolia";
-      const environmentConfig = getEnvironmentConfig(environment);
-      const rpcUrl = options.rpcUrl || environmentConfig.defaultRPCURL;
-      if (!rpcUrl) {
-        throw new Error("RPC URL is required for authenticated requests");
-      }
       const appID = validateAppID(options.appID);
       const formattedApp = formatAppDisplay(environmentConfig.name, appID, "");
       const userApiClient = new UserApiClient(
         environmentConfig,
-        options.privateKey,
-        rpcUrl,
+        walletClient,
+        publicClient,
         options.clientId
       );
       let logsText;
@@ -7063,35 +6992,39 @@ async function logs(options, logger = defaultLogger, skipTelemetry = false) {
 }
 
 // src/client/modules/compute/app/index.ts
-var CONTROLLER_ABI = (0, import_viem9.parseAbi)([
+var CONTROLLER_ABI = (0, import_viem6.parseAbi)([
   "function startApp(address appId)",
   "function stopApp(address appId)",
   "function terminateApp(address appId)"
 ]);
 function encodeStartAppData(appId) {
-  return (0, import_viem9.encodeFunctionData)({
+  return (0, import_viem6.encodeFunctionData)({
     abi: CONTROLLER_ABI,
     functionName: "startApp",
     args: [appId]
   });
 }
 function encodeStopAppData(appId) {
-  return (0, import_viem9.encodeFunctionData)({
+  return (0, import_viem6.encodeFunctionData)({
     abi: CONTROLLER_ABI,
     functionName: "stopApp",
     args: [appId]
   });
 }
 function encodeTerminateAppData(appId) {
-  return (0, import_viem9.encodeFunctionData)({
+  return (0, import_viem6.encodeFunctionData)({
     abi: CONTROLLER_ABI,
     functionName: "terminateApp",
     args: [appId]
   });
 }
 function createAppModule(ctx) {
-  const privateKey = addHexPrefix(ctx.privateKey);
+  const { walletClient, publicClient } = ctx;
   const skipTelemetry = ctx.skipTelemetry || false;
+  if (!walletClient.account) {
+    throw new Error("WalletClient must have an account attached");
+  }
+  const account = walletClient.account;
   const environment = getEnvironmentConfig(ctx.environment);
   const logger = getLogger(ctx.verbose);
   return {
@@ -7102,8 +7035,8 @@ function createAppModule(ctx) {
     async deploy(opts) {
       const result = await deploy(
         {
-          privateKey,
-          rpcUrl: ctx.rpcUrl,
+          walletClient,
+          publicClient,
           environment: ctx.environment,
           appName: opts.name,
           instanceType: opts.instanceType,
@@ -7127,8 +7060,8 @@ function createAppModule(ctx) {
       const result = await upgrade(
         {
           appId,
-          privateKey,
-          rpcUrl: ctx.rpcUrl,
+          walletClient,
+          publicClient,
           environment: ctx.environment,
           instanceType: opts.instanceType,
           dockerfilePath: opts.dockerfile,
@@ -7149,8 +7082,8 @@ function createAppModule(ctx) {
     async prepareDeploy(opts) {
       return prepareDeploy(
         {
-          privateKey,
-          rpcUrl: ctx.rpcUrl,
+          walletClient,
+          publicClient,
           environment: ctx.environment,
           appName: opts.name,
           instanceType: opts.instanceType,
@@ -7167,8 +7100,8 @@ function createAppModule(ctx) {
     async prepareDeployFromVerifiableBuild(opts) {
       return prepareDeployFromVerifiableBuild(
         {
-          privateKey,
-          rpcUrl: ctx.rpcUrl,
+          walletClient,
+          publicClient,
           environment: ctx.environment,
           appName: opts.name,
           instanceType: opts.instanceType,
@@ -7183,17 +7116,6 @@ function createAppModule(ctx) {
       );
     },
     async executeDeploy(prepared, gas) {
-      const account = (0, import_accounts5.privateKeyToAccount)(privateKey);
-      const chain = getChainFromID(environment.chainID);
-      const publicClient = (0, import_viem9.createPublicClient)({
-        chain,
-        transport: (0, import_viem9.http)(ctx.rpcUrl)
-      });
-      const walletClient = (0, import_viem9.createWalletClient)({
-        account,
-        chain,
-        transport: (0, import_viem9.http)(ctx.rpcUrl)
-      });
       const result = await executeDeploy({
         prepared,
         context: {
@@ -7215,11 +7137,10 @@ function createAppModule(ctx) {
     async watchDeployment(appId) {
       return watchDeployment(
         appId,
-        privateKey,
-        ctx.rpcUrl,
-        ctx.environment,
+        walletClient,
+        publicClient,
+        environment,
         logger,
-        ctx.clientId,
         skipTelemetry
       );
     },
@@ -7228,8 +7149,8 @@ function createAppModule(ctx) {
       return prepareUpgrade(
         {
           appId,
-          privateKey,
-          rpcUrl: ctx.rpcUrl,
+          walletClient,
+          publicClient,
           environment: ctx.environment,
           instanceType: opts.instanceType,
           dockerfilePath: opts.dockerfile,
@@ -7246,8 +7167,8 @@ function createAppModule(ctx) {
       return prepareUpgradeFromVerifiableBuild(
         {
           appId,
-          privateKey,
-          rpcUrl: ctx.rpcUrl,
+          walletClient,
+          publicClient,
           environment: ctx.environment,
           instanceType: opts.instanceType,
           envFilePath: opts.envFile,
@@ -7261,17 +7182,6 @@ function createAppModule(ctx) {
       );
     },
     async executeUpgrade(prepared, gas) {
-      const account = (0, import_accounts5.privateKeyToAccount)(privateKey);
-      const chain = getChainFromID(environment.chainID);
-      const publicClient = (0, import_viem9.createPublicClient)({
-        chain,
-        transport: (0, import_viem9.http)(ctx.rpcUrl)
-      });
-      const walletClient = (0, import_viem9.createWalletClient)({
-        account,
-        chain,
-        transport: (0, import_viem9.http)(ctx.rpcUrl)
-      });
       const result = await executeUpgrade({
         prepared,
         context: {
@@ -7290,15 +7200,7 @@ function createAppModule(ctx) {
       };
     },
     async watchUpgrade(appId) {
-      return watchUpgrade(
-        appId,
-        privateKey,
-        ctx.rpcUrl,
-        ctx.environment,
-        logger,
-        ctx.clientId,
-        skipTelemetry
-      );
+      return watchUpgrade(appId, walletClient, publicClient, environment, logger, skipTelemetry);
     },
     // Profile management
     async setProfile(appId, profile) {
@@ -7311,33 +7213,32 @@ function createAppModule(ctx) {
         async () => {
           const userApiClient = new UserApiClient(
             environment,
-            privateKey,
-            ctx.rpcUrl,
+            walletClient,
+            publicClient,
             ctx.clientId
           );
-          return userApiClient.uploadAppProfile(
-            appId,
-            profile.name,
-            profile.website,
-            profile.description,
-            profile.xURL,
-            profile.imagePath
-          );
+          return userApiClient.uploadAppProfile(appId, profile.name, {
+            website: profile.website,
+            description: profile.description,
+            xURL: profile.xURL,
+            image: profile.image,
+            imageName: profile.imageName
+          });
         }
       );
     },
     async logs(opts) {
       return logs(
         {
-          privateKey,
           appID: opts.appID,
           watch: opts.watch,
-          environment: ctx.environment,
           clientId: ctx.clientId
         },
+        walletClient,
+        publicClient,
+        environment,
         logger,
         skipTelemetry
-        // Skip if called from CLI
       );
     },
     async start(appId, opts) {
@@ -7350,15 +7251,15 @@ function createAppModule(ctx) {
         },
         async () => {
           const pendingMessage = `Starting app ${appId}...`;
-          const data = (0, import_viem9.encodeFunctionData)({
+          const data = (0, import_viem6.encodeFunctionData)({
             abi: CONTROLLER_ABI,
             functionName: "startApp",
             args: [appId]
           });
           const tx = await sendAndWaitForTransaction(
             {
-              privateKey,
-              rpcUrl: ctx.rpcUrl,
+              walletClient,
+              publicClient,
               environmentConfig: environment,
               to: environment.appControllerAddress,
               data,
@@ -7382,15 +7283,15 @@ function createAppModule(ctx) {
         },
         async () => {
           const pendingMessage = `Stopping app ${appId}...`;
-          const data = (0, import_viem9.encodeFunctionData)({
+          const data = (0, import_viem6.encodeFunctionData)({
             abi: CONTROLLER_ABI,
             functionName: "stopApp",
             args: [appId]
           });
           const tx = await sendAndWaitForTransaction(
             {
-              privateKey,
-              rpcUrl: ctx.rpcUrl,
+              walletClient,
+              publicClient,
               environmentConfig: environment,
               to: environment.appControllerAddress,
               data,
@@ -7414,15 +7315,15 @@ function createAppModule(ctx) {
         },
         async () => {
           const pendingMessage = `Terminating app ${appId}...`;
-          const data = (0, import_viem9.encodeFunctionData)({
+          const data = (0, import_viem6.encodeFunctionData)({
             abi: CONTROLLER_ABI,
             functionName: "terminateApp",
             args: [appId]
           });
           const tx = await sendAndWaitForTransaction(
             {
-              privateKey,
-              rpcUrl: ctx.rpcUrl,
+              walletClient,
+              publicClient,
               environmentConfig: environment,
               to: environment.appControllerAddress,
               data,
@@ -7438,9 +7339,9 @@ function createAppModule(ctx) {
     },
     async isDelegated() {
       return isDelegated({
-        privateKey,
-        rpcUrl: ctx.rpcUrl,
-        environmentConfig: environment
+        publicClient,
+        environmentConfig: environment,
+        address: account.address
       });
     },
     async undelegate() {
@@ -7454,346 +7355,36 @@ function createAppModule(ctx) {
         async () => {
           const tx = await undelegate(
             {
-              privateKey,
-              rpcUrl: ctx.rpcUrl,
-              environmentConfig: environment
-            },
-            logger
-          );
-          return { tx };
-        }
-      );
-    }
-  };
-}
-
-// src/client/modules/compute/index.ts
-function createComputeModule(config) {
-  return {
-    app: createAppModule(config)
-  };
-}
-
-// src/client/common/utils/billingapi.ts
-var import_axios2 = __toESM(require("axios"), 1);
-var import_accounts6 = require("viem/accounts");
-var BillingApiClient = class {
-  constructor(config, privateKey) {
-    this.account = (0, import_accounts6.privateKeyToAccount)(privateKey);
-    this.config = config;
-  }
-  async createSubscription(productId = "compute") {
-    const endpoint = `${this.config.billingApiServerURL}/products/${productId}/subscription`;
-    const resp = await this.makeAuthenticatedRequest(endpoint, "POST", productId);
-    return resp.json();
-  }
-  async getSubscription(productId = "compute") {
-    const endpoint = `${this.config.billingApiServerURL}/products/${productId}/subscription`;
-    const resp = await this.makeAuthenticatedRequest(endpoint, "GET", productId);
-    return resp.json();
-  }
-  async cancelSubscription(productId = "compute") {
-    const endpoint = `${this.config.billingApiServerURL}/products/${productId}/subscription`;
-    await this.makeAuthenticatedRequest(endpoint, "DELETE", productId);
-  }
-  /**
-   * Make an authenticated request to the billing API
-   */
-  async makeAuthenticatedRequest(url, method, productId) {
-    const expiry = BigInt(Math.floor(Date.now() / 1e3) + 5 * 60);
-    const { signature } = await calculateBillingAuthSignature({
-      account: this.account,
-      product: productId,
-      expiry
-    });
-    const headers = {
-      Authorization: `Bearer ${signature}`,
-      "X-Account": this.account.address,
-      "X-Expiry": expiry.toString()
-    };
-    try {
-      const response = await (0, import_axios2.default)({
-        method,
-        url,
-        headers,
-        timeout: 3e4,
-        maxRedirects: 0,
-        validateStatus: () => true
-        // Don't throw on any status
-      });
-      const status = response.status;
-      const statusText = status >= 200 && status < 300 ? "OK" : "Error";
-      if (status < 200 || status >= 300) {
-        const body = typeof response.data === "string" ? response.data : JSON.stringify(response.data);
-        throw new Error(`BillingAPI request failed: ${status} ${statusText} - ${body}`);
-      }
-      return {
-        json: async () => response.data,
-        text: async () => typeof response.data === "string" ? response.data : JSON.stringify(response.data)
-      };
-    } catch (error) {
-      if (error.message?.includes("fetch failed") || error.message?.includes("ECONNREFUSED") || error.message?.includes("ENOTFOUND") || error.cause) {
-        const cause = error.cause?.message || error.cause || error.message;
-        throw new Error(
-          `Failed to connect to BillingAPI at ${url}: ${cause}
-Please check:
-1. Your internet connection
-2. The API server is accessible: ${this.config.billingApiServerURL}
-3. Firewall/proxy settings`
-        );
-      }
-      throw error;
-    }
-  }
-};
-
-// src/client/common/auth/keyring.ts
-var import_keyring = require("@napi-rs/keyring");
-var import_accounts7 = require("viem/accounts");
-var SERVICE_NAME = "ecloud";
-var ACCOUNT_NAME = "key";
-var EIGENX_SERVICE_NAME = "eigenx-cli";
-var EIGENX_DEV_SERVICE_NAME = "eigenx-cli-dev";
-var EIGENX_ACCOUNT_PREFIX = "eigenx-";
-var GO_KEYRING_BASE64_PREFIX = "go-keyring-base64:";
-var GO_KEYRING_ENCODED_PREFIX = "go-keyring-encoded:";
-async function storePrivateKey(privateKey) {
-  const normalizedKey = normalizePrivateKey(privateKey);
-  const isValid = validatePrivateKey2(normalizedKey);
-  if (!isValid) {
-    throw new Error("Invalid private key format");
-  }
-  const entry = new import_keyring.AsyncEntry(SERVICE_NAME, ACCOUNT_NAME);
-  try {
-    await entry.setPassword(normalizedKey);
-  } catch (err) {
-    throw new Error(
-      `Failed to store key in OS keyring: ${err?.message ?? err}. Ensure keyring service is available.`
-    );
-  }
-}
-async function getPrivateKey() {
-  const entry = new import_keyring.AsyncEntry(SERVICE_NAME, ACCOUNT_NAME);
-  try {
-    const key = await entry.getPassword();
-    if (key && validatePrivateKey2(key)) {
-      return key;
-    }
-  } catch {
-  }
-  return null;
-}
-async function deletePrivateKey() {
-  const entry = new import_keyring.AsyncEntry(SERVICE_NAME, ACCOUNT_NAME);
-  try {
-    await entry.deletePassword();
-    return true;
-  } catch {
-    console.warn("No key found in keyring");
-    return false;
-  }
-}
-async function listStoredKeys() {
-  const keys = [];
-  const creds = (0, import_keyring.findCredentials)(SERVICE_NAME);
-  for (const cred of creds) {
-    if (cred.account === ACCOUNT_NAME) {
-      try {
-        const address = getAddressFromPrivateKey(cred.password);
-        keys.push({ address });
-      } catch (err) {
-        console.warn(`Warning: Invalid key found, skipping: ${err}`);
-      }
-    }
-  }
-  return keys;
-}
-async function keyExists() {
-  const key = await getPrivateKey();
-  return key !== null;
-}
-async function getLegacyKeys() {
-  const keys = [];
-  try {
-    const eigenxCreds = (0, import_keyring.findCredentials)(EIGENX_SERVICE_NAME);
-    for (const cred of eigenxCreds) {
-      const accountName = cred.account;
-      if (!accountName.startsWith(EIGENX_ACCOUNT_PREFIX)) {
-        continue;
-      }
-      const environment = accountName.substring(EIGENX_ACCOUNT_PREFIX.length);
-      try {
-        const decodedKey = decodeGoKeyringValue(cred.password);
-        const address = getAddressFromPrivateKey(decodedKey);
-        keys.push({ environment, address, source: "eigenx" });
-      } catch (err) {
-        console.warn(
-          `Warning: Invalid key found for ${environment} (eigenx-cli), skipping: ${err}`
-        );
-      }
-    }
-  } catch {
-  }
-  try {
-    const eigenxDevCreds = (0, import_keyring.findCredentials)(EIGENX_DEV_SERVICE_NAME);
-    for (const cred of eigenxDevCreds) {
-      const accountName = cred.account;
-      if (!accountName.startsWith(EIGENX_ACCOUNT_PREFIX)) {
-        continue;
-      }
-      const environment = accountName.substring(EIGENX_ACCOUNT_PREFIX.length);
-      try {
-        const decodedKey = decodeGoKeyringValue(cred.password);
-        const address = getAddressFromPrivateKey(decodedKey);
-        keys.push({ environment, address, source: "eigenx-dev" });
-      } catch (err) {
-        console.warn(
-          `Warning: Invalid key found for ${environment} (eigenx-dev), skipping: ${err}`
-        );
-      }
-    }
-  } catch {
-  }
-  return keys;
-}
-async function getLegacyPrivateKey(environment, source) {
-  const serviceName = source === "eigenx" ? EIGENX_SERVICE_NAME : EIGENX_DEV_SERVICE_NAME;
-  const accountName = EIGENX_ACCOUNT_PREFIX + environment;
-  const entry = new import_keyring.AsyncEntry(serviceName, accountName);
-  try {
-    const rawKey = await entry.getPassword();
-    if (rawKey) {
-      const decodedKey = decodeGoKeyringValue(rawKey);
-      if (validatePrivateKey2(decodedKey)) {
-        return decodedKey;
-      }
-    }
-  } catch {
-  }
-  return null;
-}
-async function deleteLegacyPrivateKey(environment, source) {
-  const serviceName = source === "eigenx" ? EIGENX_SERVICE_NAME : EIGENX_DEV_SERVICE_NAME;
-  const accountName = EIGENX_ACCOUNT_PREFIX + environment;
-  const entry = new import_keyring.AsyncEntry(serviceName, accountName);
-  try {
-    await entry.deletePassword();
-    return true;
-  } catch {
-    console.warn(`No key found for ${environment} in ${source}`);
-    return false;
-  }
-}
-function validatePrivateKey2(privateKey) {
-  try {
-    getAddressFromPrivateKey(privateKey);
-    return true;
-  } catch {
-    return false;
-  }
-}
-function getAddressFromPrivateKey(privateKey) {
-  const normalized = normalizePrivateKey(privateKey);
-  return (0, import_accounts7.privateKeyToAddress)(normalized);
-}
-function decodeGoKeyringValue(rawValue) {
-  if (rawValue.startsWith(GO_KEYRING_BASE64_PREFIX)) {
-    const encoded = rawValue.substring(GO_KEYRING_BASE64_PREFIX.length);
-    try {
-      const decoded = Buffer.from(encoded, "base64").toString("utf8");
-      return decoded;
-    } catch (err) {
-      console.warn(`Warning: Failed to decode go-keyring base64 value: ${err}`);
-      return rawValue;
-    }
-  }
-  if (rawValue.startsWith(GO_KEYRING_ENCODED_PREFIX)) {
-    const encoded = rawValue.substring(GO_KEYRING_ENCODED_PREFIX.length);
-    try {
-      const decoded = Buffer.from(encoded, "hex").toString("utf8");
-      return decoded;
-    } catch (err) {
-      console.warn(`Warning: Failed to decode go-keyring hex value: ${err}`);
-      return rawValue;
-    }
-  }
-  return rawValue;
-}
-function normalizePrivateKey(privateKey) {
-  if (!privateKey.startsWith("0x")) {
-    return `0x${privateKey}`;
-  }
-  return privateKey;
-}
-
-// src/client/common/auth/resolver.ts
-async function getPrivateKeyWithSource(options) {
-  if (options.privateKey) {
-    if (!validatePrivateKey2(options.privateKey)) {
-      throw new Error(
-        "Invalid private key format provided via command flag. Please check and try again."
-      );
-    }
-    return {
-      key: options.privateKey,
-      source: "command flag"
-    };
-  }
-  const envKey = process.env.ECLOUD_PRIVATE_KEY;
-  if (envKey) {
-    if (!validatePrivateKey2(envKey)) {
-      throw new Error(
-        "Invalid private key format provided via environment variable. Please check and try again."
-      );
-    }
-    return {
-      key: envKey,
-      source: "environment variable (ECLOUD_PRIVATE_KEY)"
-    };
-  }
-  const keyringKey = await getPrivateKey();
-  if (keyringKey) {
-    return {
-      key: keyringKey,
-      source: "stored credentials"
-    };
-  }
-  return null;
-}
-async function requirePrivateKey(options) {
-  const result = await getPrivateKeyWithSource({
-    privateKey: options.privateKey
-  });
-  if (!result) {
-    throw new Error(
-      `Private key required. Please provide it via:
-  \u2022 Keyring: ecloud auth login
-  \u2022 Flag: --private-key YOUR_KEY
-  \u2022 Environment: export ECLOUD_PRIVATE_KEY=YOUR_KEY`
-    );
-  }
-  return result;
+              walletClient,
+              publicClient,
+              environmentConfig: environment
+            },
+            logger
+          );
+          return { tx };
+        }
+      );
+    }
+  };
 }
 
-// src/client/common/auth/generate.ts
-var import_accounts8 = require("viem/accounts");
-function generateNewPrivateKey() {
-  const privateKey = (0, import_accounts8.generatePrivateKey)();
-  const address = (0, import_accounts8.privateKeyToAddress)(privateKey);
+// src/client/modules/compute/index.ts
+function createComputeModule(config) {
   return {
-    privateKey,
-    address
+    app: createAppModule(config)
   };
 }
 
 // src/client/modules/billing/index.ts
 function createBillingModule(config) {
-  const { verbose = false, skipTelemetry = false } = config;
-  const privateKey = addHexPrefix(config.privateKey);
-  const address = getAddressFromPrivateKey(privateKey);
+  const { verbose = false, skipTelemetry = false, walletClient } = config;
+  if (!walletClient.account) {
+    throw new Error("WalletClient must have an account attached");
+  }
+  const address = walletClient.account.address;
   const logger = getLogger(verbose);
   const billingEnvConfig = getBillingEnvironmentConfig(getBuildType());
-  const billingApi = new BillingApiClient(billingEnvConfig, privateKey);
+  const billingApi = new BillingApiClient(billingEnvConfig, walletClient);
   return {
     address,
     async subscribe(opts) {
@@ -7883,14 +7474,21 @@ function createBillingModule(config) {
 
 // src/client/common/utils/buildapi.ts
 var import_axios3 = __toESM(require("axios"), 1);
-var import_accounts9 = require("viem/accounts");
 var BuildApiClient = class {
   constructor(options) {
     this.baseUrl = options.baseUrl.replace(/\/+$/, "");
     this.clientId = options.clientId;
-    if (options.privateKey) {
-      this.account = (0, import_accounts9.privateKeyToAccount)(options.privateKey);
+    this.walletClient = options.walletClient;
+  }
+  /**
+   * Get the address of the connected wallet
+   */
+  get address() {
+    const account = this.walletClient?.account;
+    if (!account) {
+      throw new Error("WalletClient must have an account attached");
     }
+    return account.address;
   }
   async submitBuild(payload) {
     return this.authenticatedJsonRequest("/builds", "POST", payload);
@@ -7931,20 +7529,22 @@ var BuildApiClient = class {
     return res.data;
   }
   async authenticatedJsonRequest(path8, method, body) {
-    if (!this.account) throw new Error("Private key required for authenticated requests");
+    if (!this.walletClient?.account) {
+      throw new Error("WalletClient with account required for authenticated requests");
+    }
     const headers = {
       "Content-Type": "application/json"
     };
     if (this.clientId) headers["x-client-id"] = this.clientId;
     const expiry = BigInt(Math.floor(Date.now() / 1e3) + 60);
     const { signature } = await calculateBillingAuthSignature({
-      account: this.account,
+      walletClient: this.walletClient,
       product: "compute",
       expiry
     });
     headers.Authorization = `Bearer ${signature}`;
     headers["X-eigenx-expiry"] = expiry.toString();
-    headers["X-Account"] = this.account.address;
+    headers["X-Account"] = this.address;
     const res = await (0, import_axios3.default)({
       url: `${this.baseUrl}${path8}`,
       method,
@@ -7957,18 +7557,20 @@ var BuildApiClient = class {
     return res.data;
   }
   async authenticatedTextRequest(path8) {
-    if (!this.account) throw new Error("Private key required for authenticated requests");
+    if (!this.walletClient?.account) {
+      throw new Error("WalletClient with account required for authenticated requests");
+    }
     const headers = {};
     if (this.clientId) headers["x-client-id"] = this.clientId;
     const expiry = BigInt(Math.floor(Date.now() / 1e3) + 60);
     const { signature } = await calculateBillingAuthSignature({
-      account: this.account,
+      walletClient: this.walletClient,
       product: "compute",
       expiry
     });
     headers.Authorization = `Bearer ${signature}`;
     headers["X-eigenx-expiry"] = expiry.toString();
-    headers["X-Account"] = this.account.address;
+    headers["X-Account"] = this.address;
     const res = await (0, import_axios3.default)({
       url: `${this.baseUrl}${path8}`,
       method: "GET",
@@ -8050,13 +7652,13 @@ var BadRequestError = class extends BuildError {
 var DEFAULT_POLL_INTERVAL = 2e3;
 var DEFAULT_TIMEOUT = 30 * 60 * 1e3;
 function createBuildModule(config) {
-  const { verbose = false, skipTelemetry = false } = config;
+  const { verbose = false, skipTelemetry = false, walletClient } = config;
   const logger = getLogger(verbose);
   const environment = config.environment || "sepolia";
   const environmentConfig = getEnvironmentConfig(environment);
   const api = new BuildApiClient({
     baseUrl: environmentConfig.userApiServerURL,
-    privateKey: config.privateKey ? addHexPrefix(config.privateKey) : void 0,
+    walletClient,
     clientId: config.clientId
   });
   return {
@@ -8068,7 +7670,7 @@ function createBuildModule(config) {
           properties: { environment, repoUrl: request.repoUrl }
         },
         async () => {
-          if (!config.privateKey) throw new AuthRequiredError("Private key required for submit()");
+          if (!walletClient) throw new AuthRequiredError("walletClient required for submit()");
           const data = await api.submitBuild({
             repo_url: request.repoUrl,
             git_ref: request.gitRef,
@@ -8127,7 +7729,7 @@ function createBuildModule(config) {
       return withSDKTelemetry(
         { functionName: "build.getLogs", skipTelemetry, properties: { environment, buildId } },
         async () => {
-          if (!config.privateKey) throw new AuthRequiredError("Private key required for getLogs()");
+          if (!walletClient) throw new AuthRequiredError("walletClient required for getLogs()");
           return api.getLogs(buildId);
         }
       );
@@ -8235,13 +7837,252 @@ function transformVerifyResult(raw) {
   };
 }
 
+// src/client/common/auth/keyring.ts
+var import_keyring = require("@napi-rs/keyring");
+var import_accounts2 = require("viem/accounts");
+var SERVICE_NAME = "ecloud";
+var ACCOUNT_NAME = "key";
+var EIGENX_SERVICE_NAME = "eigenx-cli";
+var EIGENX_DEV_SERVICE_NAME = "eigenx-cli-dev";
+var EIGENX_ACCOUNT_PREFIX = "eigenx-";
+var GO_KEYRING_BASE64_PREFIX = "go-keyring-base64:";
+var GO_KEYRING_ENCODED_PREFIX = "go-keyring-encoded:";
+async function storePrivateKey(privateKey) {
+  const normalizedKey = normalizePrivateKey(privateKey);
+  const isValid = validatePrivateKey(normalizedKey);
+  if (!isValid) {
+    throw new Error("Invalid private key format");
+  }
+  const entry = new import_keyring.AsyncEntry(SERVICE_NAME, ACCOUNT_NAME);
+  try {
+    await entry.setPassword(normalizedKey);
+  } catch (err) {
+    throw new Error(
+      `Failed to store key in OS keyring: ${err?.message ?? err}. Ensure keyring service is available.`
+    );
+  }
+}
+async function getPrivateKey() {
+  const entry = new import_keyring.AsyncEntry(SERVICE_NAME, ACCOUNT_NAME);
+  try {
+    const key = await entry.getPassword();
+    if (key && validatePrivateKey(key)) {
+      return key;
+    }
+  } catch {
+  }
+  return null;
+}
+async function deletePrivateKey() {
+  const entry = new import_keyring.AsyncEntry(SERVICE_NAME, ACCOUNT_NAME);
+  try {
+    await entry.deletePassword();
+    return true;
+  } catch {
+    console.warn("No key found in keyring");
+    return false;
+  }
+}
+async function listStoredKeys() {
+  const keys = [];
+  const creds = (0, import_keyring.findCredentials)(SERVICE_NAME);
+  for (const cred of creds) {
+    if (cred.account === ACCOUNT_NAME) {
+      try {
+        const address = getAddressFromPrivateKey(cred.password);
+        keys.push({ address });
+      } catch (err) {
+        console.warn(`Warning: Invalid key found, skipping: ${err}`);
+      }
+    }
+  }
+  return keys;
+}
+async function keyExists() {
+  const key = await getPrivateKey();
+  return key !== null;
+}
+async function getLegacyKeys() {
+  const keys = [];
+  try {
+    const eigenxCreds = (0, import_keyring.findCredentials)(EIGENX_SERVICE_NAME);
+    for (const cred of eigenxCreds) {
+      const accountName = cred.account;
+      if (!accountName.startsWith(EIGENX_ACCOUNT_PREFIX)) {
+        continue;
+      }
+      const environment = accountName.substring(EIGENX_ACCOUNT_PREFIX.length);
+      try {
+        const decodedKey = decodeGoKeyringValue(cred.password);
+        const address = getAddressFromPrivateKey(decodedKey);
+        keys.push({ environment, address, source: "eigenx" });
+      } catch (err) {
+        console.warn(
+          `Warning: Invalid key found for ${environment} (eigenx-cli), skipping: ${err}`
+        );
+      }
+    }
+  } catch {
+  }
+  try {
+    const eigenxDevCreds = (0, import_keyring.findCredentials)(EIGENX_DEV_SERVICE_NAME);
+    for (const cred of eigenxDevCreds) {
+      const accountName = cred.account;
+      if (!accountName.startsWith(EIGENX_ACCOUNT_PREFIX)) {
+        continue;
+      }
+      const environment = accountName.substring(EIGENX_ACCOUNT_PREFIX.length);
+      try {
+        const decodedKey = decodeGoKeyringValue(cred.password);
+        const address = getAddressFromPrivateKey(decodedKey);
+        keys.push({ environment, address, source: "eigenx-dev" });
+      } catch (err) {
+        console.warn(
+          `Warning: Invalid key found for ${environment} (eigenx-dev), skipping: ${err}`
+        );
+      }
+    }
+  } catch {
+  }
+  return keys;
+}
+async function getLegacyPrivateKey(environment, source) {
+  const serviceName = source === "eigenx" ? EIGENX_SERVICE_NAME : EIGENX_DEV_SERVICE_NAME;
+  const accountName = EIGENX_ACCOUNT_PREFIX + environment;
+  const entry = new import_keyring.AsyncEntry(serviceName, accountName);
+  try {
+    const rawKey = await entry.getPassword();
+    if (rawKey) {
+      const decodedKey = decodeGoKeyringValue(rawKey);
+      if (validatePrivateKey(decodedKey)) {
+        return decodedKey;
+      }
+    }
+  } catch {
+  }
+  return null;
+}
+async function deleteLegacyPrivateKey(environment, source) {
+  const serviceName = source === "eigenx" ? EIGENX_SERVICE_NAME : EIGENX_DEV_SERVICE_NAME;
+  const accountName = EIGENX_ACCOUNT_PREFIX + environment;
+  const entry = new import_keyring.AsyncEntry(serviceName, accountName);
+  try {
+    await entry.deletePassword();
+    return true;
+  } catch {
+    console.warn(`No key found for ${environment} in ${source}`);
+    return false;
+  }
+}
+function validatePrivateKey(privateKey) {
+  try {
+    getAddressFromPrivateKey(privateKey);
+    return true;
+  } catch {
+    return false;
+  }
+}
+function getAddressFromPrivateKey(privateKey) {
+  const normalized = normalizePrivateKey(privateKey);
+  return (0, import_accounts2.privateKeyToAddress)(normalized);
+}
+function decodeGoKeyringValue(rawValue) {
+  if (rawValue.startsWith(GO_KEYRING_BASE64_PREFIX)) {
+    const encoded = rawValue.substring(GO_KEYRING_BASE64_PREFIX.length);
+    try {
+      const decoded = Buffer.from(encoded, "base64").toString("utf8");
+      return decoded;
+    } catch (err) {
+      console.warn(`Warning: Failed to decode go-keyring base64 value: ${err}`);
+      return rawValue;
+    }
+  }
+  if (rawValue.startsWith(GO_KEYRING_ENCODED_PREFIX)) {
+    const encoded = rawValue.substring(GO_KEYRING_ENCODED_PREFIX.length);
+    try {
+      const decoded = Buffer.from(encoded, "hex").toString("utf8");
+      return decoded;
+    } catch (err) {
+      console.warn(`Warning: Failed to decode go-keyring hex value: ${err}`);
+      return rawValue;
+    }
+  }
+  return rawValue;
+}
+function normalizePrivateKey(privateKey) {
+  if (!privateKey.startsWith("0x")) {
+    return `0x${privateKey}`;
+  }
+  return privateKey;
+}
+
+// src/client/common/auth/resolver.ts
+async function getPrivateKeyWithSource(options) {
+  if (options.privateKey) {
+    if (!validatePrivateKey(options.privateKey)) {
+      throw new Error(
+        "Invalid private key format provided via command flag. Please check and try again."
+      );
+    }
+    return {
+      key: options.privateKey,
+      source: "command flag"
+    };
+  }
+  const envKey = process.env.ECLOUD_PRIVATE_KEY;
+  if (envKey) {
+    if (!validatePrivateKey(envKey)) {
+      throw new Error(
+        "Invalid private key format provided via environment variable. Please check and try again."
+      );
+    }
+    return {
+      key: envKey,
+      source: "environment variable (ECLOUD_PRIVATE_KEY)"
+    };
+  }
+  const keyringKey = await getPrivateKey();
+  if (keyringKey) {
+    return {
+      key: keyringKey,
+      source: "stored credentials"
+    };
+  }
+  return null;
+}
+async function requirePrivateKey(options) {
+  const result = await getPrivateKeyWithSource({
+    privateKey: options.privateKey
+  });
+  if (!result) {
+    throw new Error(
+      `Private key required. Please provide it via:
+  \u2022 Keyring: ecloud auth login
+  \u2022 Flag: --private-key YOUR_KEY
+  \u2022 Environment: export ECLOUD_PRIVATE_KEY=YOUR_KEY`
+    );
+  }
+  return result;
+}
+
+// src/client/common/auth/generate.ts
+var import_accounts3 = require("viem/accounts");
+function generateNewPrivateKey() {
+  const privateKey = (0, import_accounts3.generatePrivateKey)();
+  const address = (0, import_accounts3.privateKeyToAddress)(privateKey);
+  return {
+    privateKey,
+    address
+  };
+}
+
 // src/client/common/utils/instance.ts
 async function getCurrentInstanceType(preflightCtx, appID, logger, clientId) {
   try {
     const userApiClient = new UserApiClient(
       preflightCtx.environmentConfig,
-      preflightCtx.privateKey,
-      preflightCtx.rpcUrl,
+      preflightCtx.walletClient,
+      preflightCtx.publicClient,
       clientId
     );
     const infos = await userApiClient.getInfos([appID], 1);
@@ -8274,16 +8115,21 @@ function createECloudClient(cfg) {
       `RPC URL is required. Provide via options.rpcUrl, RPC_URL env var, or ensure environment has default RPC URL`
     );
   }
+  const { walletClient, publicClient } = createClients({
+    privateKey: cfg.privateKey,
+    rpcUrl,
+    chainId: environmentConfig.chainID
+  });
   return {
     compute: createComputeModule({
-      rpcUrl,
       verbose: cfg.verbose,
-      privateKey: cfg.privateKey,
+      walletClient,
+      publicClient,
       environment: cfg.environment
     }),
     billing: createBillingModule({
       verbose: cfg.verbose,
-      privateKey: cfg.privateKey
+      walletClient
     })
   };
 }
@@ -8292,6 +8138,7 @@ function createECloudClient(cfg) {
   AuthRequiredError,
   BUILD_STATUS,
   BadRequestError,
+  BillingApiClient,
   BuildError,
   BuildFailedError,
   ConflictError,
@@ -8317,6 +8164,7 @@ function createECloudClient(cfg) {
   createECloudClient,
   createMetricsContext,
   createTelemetryClient,
+  createViemClients,
   deleteLegacyPrivateKey,
   deletePrivateKey,
   emitMetrics,
@@ -8336,9 +8184,11 @@ function createECloudClient(cfg) {
   getAppLatestReleaseBlockNumbers,
   getAvailableEnvironments,
   getAvailableTemplates,
+  getBillingEnvironmentConfig,
   getBlockTimestamps,
   getBuildType,
   getCategoryDescriptions,
+  getChainFromID,
   getCurrentInstanceType,
   getEnvironmentConfig,
   getLegacyKeys,