@layr-labs/ecloud-sdk 0.2.0 → 0.2.2-dev

package/dist/compute.cjs

@@ -39,100 +39,7 @@ __export(compute_exports, {
 module.exports = __toCommonJS(compute_exports);
 
 // src/client/modules/compute/app/index.ts
-var import_viem9 = require("viem");
-var import_accounts5 = require("viem/accounts");
-
-// src/client/common/config/environment.ts
-var SEPOLIA_CHAIN_ID = 11155111;
-var MAINNET_CHAIN_ID = 1;
-var CommonAddresses = {
-  ERC7702Delegator: "0x63c0c19a282a1b52b07dd5a65b58948a07dae32b"
-};
-var ChainAddresses = {
-  [MAINNET_CHAIN_ID]: {
-    PermissionController: "0x25E5F8B1E7aDf44518d35D5B2271f114e081f0E5"
-  },
-  [SEPOLIA_CHAIN_ID]: {
-    PermissionController: "0x44632dfBdCb6D3E21EF613B0ca8A6A0c618F5a37"
-  }
-};
-var ENVIRONMENTS = {
-  "sepolia-dev": {
-    name: "sepolia",
-    build: "dev",
-    appControllerAddress: "0xa86DC1C47cb2518327fB4f9A1627F51966c83B92",
-    permissionControllerAddress: ChainAddresses[SEPOLIA_CHAIN_ID].PermissionController,
-    erc7702DelegatorAddress: CommonAddresses.ERC7702Delegator,
-    kmsServerURL: "http://10.128.0.57:8080",
-    userApiServerURL: "https://userapi-compute-sepolia-dev.eigencloud.xyz",
-    defaultRPCURL: "https://ethereum-sepolia-rpc.publicnode.com"
-  },
-  sepolia: {
-    name: "sepolia",
-    build: "prod",
-    appControllerAddress: "0x0dd810a6ffba6a9820a10d97b659f07d8d23d4E2",
-    permissionControllerAddress: ChainAddresses[SEPOLIA_CHAIN_ID].PermissionController,
-    erc7702DelegatorAddress: CommonAddresses.ERC7702Delegator,
-    kmsServerURL: "http://10.128.15.203:8080",
-    userApiServerURL: "https://userapi-compute-sepolia-prod.eigencloud.xyz",
-    defaultRPCURL: "https://ethereum-sepolia-rpc.publicnode.com"
-  },
-  "mainnet-alpha": {
-    name: "mainnet-alpha",
-    build: "prod",
-    appControllerAddress: "0xc38d35Fc995e75342A21CBd6D770305b142Fbe67",
-    permissionControllerAddress: ChainAddresses[MAINNET_CHAIN_ID].PermissionController,
-    erc7702DelegatorAddress: CommonAddresses.ERC7702Delegator,
-    kmsServerURL: "http://10.128.0.2:8080",
-    userApiServerURL: "https://userapi-compute.eigencloud.xyz",
-    defaultRPCURL: "https://ethereum-rpc.publicnode.com"
-  }
-};
-var CHAIN_ID_TO_ENVIRONMENT = {
-  [SEPOLIA_CHAIN_ID.toString()]: "sepolia",
-  [MAINNET_CHAIN_ID.toString()]: "mainnet-alpha"
-};
-function getEnvironmentConfig(environment, chainID) {
-  const env = ENVIRONMENTS[environment];
-  if (!env) {
-    throw new Error(`Unknown environment: ${environment}`);
-  }
-  if (!isEnvironmentAvailable(environment)) {
-    throw new Error(
-      `Environment ${environment} is not available in this build type. Available environments: ${getAvailableEnvironments().join(", ")}`
-    );
-  }
-  if (chainID) {
-    const expectedEnv = CHAIN_ID_TO_ENVIRONMENT[chainID.toString()];
-    if (expectedEnv && expectedEnv !== environment) {
-      throw new Error(`Environment ${environment} does not match chain ID ${chainID}`);
-    }
-  }
-  const resolvedChainID = chainID || (environment === "sepolia" || environment === "sepolia-dev" ? SEPOLIA_CHAIN_ID : MAINNET_CHAIN_ID);
-  return {
-    ...env,
-    chainID: BigInt(resolvedChainID)
-  };
-}
-function getBuildType() {
-  const buildTimeType = true ? "prod"?.toLowerCase() : void 0;
-  const runtimeType = process.env.BUILD_TYPE?.toLowerCase();
-  const buildType = buildTimeType || runtimeType;
-  if (buildType === "dev") {
-    return "dev";
-  }
-  return "prod";
-}
-function getAvailableEnvironments() {
-  const buildType = getBuildType();
-  if (buildType === "dev") {
-    return ["sepolia-dev"];
-  }
-  return ["sepolia", "mainnet-alpha"];
-}
-function isEnvironmentAvailable(environment) {
-  return getAvailableEnvironments().includes(environment);
-}
+var import_viem6 = require("viem");
 
 // src/client/common/docker/build.ts
 var child_process = __toESM(require("child_process"), 1);
@@ -1232,12 +1139,21 @@ function extractRegistryNameNoDocker(imageRef) {
   return name;
 }
 
-// src/client/common/contract/caller.ts
-var import_accounts2 = require("viem/accounts");
-
 // src/client/common/contract/eip7702.ts
 var import_viem = require("viem");
 
+// src/client/common/types/index.ts
+var noopLogger = {
+  debug: () => {
+  },
+  info: () => {
+  },
+  warn: () => {
+  },
+  error: () => {
+  }
+};
+
 // src/client/common/abis/ERC7702Delegator.json
 var ERC7702Delegator_default = [
   {
@@ -2323,7 +2239,7 @@ async function checkERC7702Delegation(publicClient, account, delegatorAddress) {
   const expectedCode = `0xef0100${delegatorAddress.slice(2)}`;
   return code.toLowerCase() === expectedCode.toLowerCase();
 }
-async function executeBatch(options, logger) {
+async function executeBatch(options, logger = noopLogger) {
   const { walletClient, publicClient, environmentConfig, executions, pendingMessage, gas } = options;
   const account = walletClient.account;
   if (!account) {
@@ -2347,11 +2263,12 @@ async function executeBatch(options, logger) {
     });
     const chainId = await publicClient.getChainId();
     const authorizationNonce = transactionNonce + 1;
+    logger.debug("Using wallet client signing for EIP-7702 authorization");
     const signedAuthorization = await walletClient.signAuthorization({
-      account,
+      account: account.address,
       contractAddress: environmentConfig.erc7702DelegatorAddress,
-      chainId: Number(chainId),
-      nonce: authorizationNonce
+      chainId,
+      nonce: Number(authorizationNonce)
     });
     authorizationList = [signedAuthorization];
   }
@@ -2406,57 +2323,15 @@ async function executeBatch(options, logger) {
 }
 
 // src/client/common/contract/caller.ts
-var import_viem5 = require("viem");
-var import_utils = require("viem/utils");
-var import_accounts3 = require("viem/accounts");
-
-// src/client/common/utils/logger.ts
-var defaultLogger = {
-  info: (...args) => console.info(...args),
-  warn: (...args) => console.warn(...args),
-  error: (...args) => console.error(...args),
-  debug: (...args) => console.debug(...args)
-};
-var getLogger = (verbose) => ({
-  info: (...args) => console.info(...args),
-  warn: (...args) => console.warn(...args),
-  error: (...args) => console.error(...args),
-  debug: (...args) => verbose && console.debug(...args)
-});
-
-// src/client/common/utils/userapi.ts
-var import_axios = __toESM(require("axios"), 1);
-var import_form_data = __toESM(require("form-data"), 1);
-var import_viem4 = require("viem");
-
-// src/client/common/utils/auth.ts
-var import_viem2 = require("viem");
-var APP_CONTROLLER_ABI = (0, import_viem2.parseAbi)([
-  "function calculateApiPermissionDigestHash(bytes4 permission, uint256 expiry) view returns (bytes32)"
-]);
-async function calculatePermissionSignature(options) {
-  const { permission, expiry, appControllerAddress, publicClient, account } = options;
-  const digest = await publicClient.readContract({
-    address: appControllerAddress,
-    abi: APP_CONTROLLER_ABI,
-    functionName: "calculateApiPermissionDigestHash",
-    args: [permission, expiry]
-  });
-  const signature = await account.signMessage({
-    message: { raw: digest }
-  });
-  return { signature, digest };
-}
-
-// src/client/common/utils/userapi.ts
-var import_accounts = require("viem/accounts");
+var import_viem3 = require("viem");
 
 // src/client/common/utils/helpers.ts
-var import_viem3 = require("viem");
+var import_viem2 = require("viem");
 var import_chains2 = require("viem/chains");
+var import_accounts = require("viem/accounts");
 function getChainFromID(chainID, fallback = import_chains2.sepolia) {
   const id = Number(chainID);
-  return (0, import_viem3.extractChain)({ chains: SUPPORTED_CHAINS, id }) || fallback;
+  return (0, import_viem2.extractChain)({ chains: SUPPORTED_CHAINS, id }) || fallback;
 }
 function addHexPrefix(value) {
   return value.startsWith("0x") ? value : `0x${value}`;
@@ -2465,297 +2340,6 @@ function stripHexPrefix(value) {
   return value.startsWith("0x") ? value.slice(2) : value;
 }
 
-// src/client/common/utils/userapi.ts
-function isJsonObject(value) {
-  return typeof value === "object" && value !== null && !Array.isArray(value);
-}
-function readString(obj, key) {
-  const v = obj[key];
-  return typeof v === "string" ? v : void 0;
-}
-function readNumber(obj, key) {
-  const v = obj[key];
-  return typeof v === "number" && Number.isFinite(v) ? v : void 0;
-}
-var MAX_ADDRESS_COUNT = 5;
-var CanViewAppLogsPermission = "0x2fd3f2fe";
-var CanViewSensitiveAppInfoPermission = "0x0e67b22f";
-var CanUpdateAppProfilePermission = "0x036fef61";
-function getDefaultClientId() {
-  const version = true ? "0.2.0" : "0.0.0";
-  return `ecloud-sdk/v${version}`;
-}
-var UserApiClient = class {
-  constructor(config, privateKey, rpcUrl, clientId) {
-    this.config = config;
-    if (privateKey) {
-      const privateKeyHex = addHexPrefix(privateKey);
-      this.account = (0, import_accounts.privateKeyToAccount)(privateKeyHex);
-    }
-    this.rpcUrl = rpcUrl;
-    this.clientId = clientId || getDefaultClientId();
-  }
-  async getInfos(appIDs, addressCount = 1) {
-    const count = Math.min(addressCount, MAX_ADDRESS_COUNT);
-    const endpoint = `${this.config.userApiServerURL}/info`;
-    const url = `${endpoint}?${new URLSearchParams({ apps: appIDs.join(",") })}`;
-    const res = await this.makeAuthenticatedRequest(url, CanViewSensitiveAppInfoPermission);
-    const result = await res.json();
-    return result.apps.map((app, i) => {
-      const evmAddresses = app.addresses?.data?.evmAddresses?.slice(0, count) || [];
-      const solanaAddresses = app.addresses?.data?.solanaAddresses?.slice(0, count) || [];
-      return {
-        address: appIDs[i],
-        status: app.app_status,
-        ip: app.ip,
-        machineType: app.machine_type,
-        profile: app.profile,
-        metrics: app.metrics,
-        evmAddresses,
-        solanaAddresses
-      };
-    });
-  }
-  /**
-   * Get app details from UserAPI (includes releases and build/provenance info when available).
-   *
-   * Endpoint: GET /apps/:appAddress
-   */
-  async getApp(appAddress) {
-    const endpoint = `${this.config.userApiServerURL}/apps/${appAddress}`;
-    const res = await this.makeAuthenticatedRequest(endpoint);
-    const raw = await res.json();
-    if (!isJsonObject(raw)) {
-      throw new Error("Unexpected /apps/:id response: expected object");
-    }
-    const id = readString(raw, "id");
-    if (!id) {
-      throw new Error("Unexpected /apps/:id response: missing 'id'");
-    }
-    const releasesRaw = raw.releases;
-    const releases = Array.isArray(releasesRaw) ? releasesRaw.map((r) => transformAppRelease(r)).filter((r) => !!r) : [];
-    return {
-      id,
-      creator: readString(raw, "creator"),
-      contractStatus: readString(raw, "contract_status") ?? readString(raw, "contractStatus"),
-      releases
-    };
-  }
-  /**
-   * Get available SKUs (instance types) from UserAPI
-   */
-  async getSKUs() {
-    const endpoint = `${this.config.userApiServerURL}/skus`;
-    const response = await this.makeAuthenticatedRequest(endpoint);
-    const result = await response.json();
-    return {
-      skus: result.skus || result.SKUs || []
-    };
-  }
-  /**
-   * Get logs for an app
-   */
-  async getLogs(appID) {
-    const endpoint = `${this.config.userApiServerURL}/logs/${appID}`;
-    const response = await this.makeAuthenticatedRequest(endpoint, CanViewAppLogsPermission);
-    return await response.text();
-  }
-  /**
-   * Get statuses for apps
-   */
-  async getStatuses(appIDs) {
-    const endpoint = `${this.config.userApiServerURL}/status`;
-    const url = `${endpoint}?${new URLSearchParams({ apps: appIDs.join(",") })}`;
-    const response = await this.makeAuthenticatedRequest(url);
-    const result = await response.json();
-    const apps = result.apps || result.Apps || [];
-    return apps.map((app, i) => ({
-      address: app.address || appIDs[i],
-      status: app.status || app.Status || ""
-    }));
-  }
-  /**
-   * Upload app profile information with optional image
-   */
-  async uploadAppProfile(appAddress, name, website, description, xURL, imagePath) {
-    const endpoint = `${this.config.userApiServerURL}/apps/${appAddress}/profile`;
-    const formData = new import_form_data.default();
-    formData.append("name", name);
-    if (website) {
-      formData.append("website", website);
-    }
-    if (description) {
-      formData.append("description", description);
-    }
-    if (xURL) {
-      formData.append("xURL", xURL);
-    }
-    if (imagePath) {
-      const fs8 = await import("fs");
-      const path7 = await import("path");
-      const fileName = path7.basename(imagePath);
-      const fileBuffer = fs8.readFileSync(imagePath);
-      formData.append("image", fileBuffer, fileName);
-    }
-    const headers = {
-      "x-client-id": this.clientId,
-      ...formData.getHeaders()
-    };
-    if (this.account) {
-      const expiry = BigInt(Math.floor(Date.now() / 1e3) + 5 * 60);
-      const authHeaders = await this.generateAuthHeaders(CanUpdateAppProfilePermission, expiry);
-      Object.assign(headers, authHeaders);
-    }
-    try {
-      const response = await import_axios.default.post(endpoint, formData, {
-        headers,
-        maxRedirects: 0,
-        validateStatus: () => true,
-        // Don't throw on any status
-        maxContentLength: Infinity,
-        // Allow large file uploads
-        maxBodyLength: Infinity
-        // Allow large file uploads
-      });
-      const status = response.status;
-      if (status !== 200 && status !== 201) {
-        const body = typeof response.data === "string" ? response.data : JSON.stringify(response.data);
-        if (status === 403 && body.includes("Cloudflare") && body.includes("challenge-platform")) {
-          throw new Error(
-            `Cloudflare protection is blocking the request. This is likely due to bot detection.
-Status: ${status}`
-          );
-        }
-        throw new Error(
-          `UserAPI request failed: ${status} ${status >= 200 && status < 300 ? "OK" : "Error"} - ${body.substring(0, 500)}${body.length > 500 ? "..." : ""}`
-        );
-      }
-      return response.data;
-    } catch (error) {
-      if (error.message?.includes("fetch failed") || error.message?.includes("ECONNREFUSED") || error.message?.includes("ENOTFOUND") || error.cause) {
-        const cause = error.cause?.message || error.cause || error.message;
-        throw new Error(
-          `Failed to connect to UserAPI at ${endpoint}: ${cause}
-Please check:
-1. Your internet connection
-2. The API server is accessible: ${this.config.userApiServerURL}
-3. Firewall/proxy settings`
-        );
-      }
-      throw error;
-    }
-  }
-  async makeAuthenticatedRequest(url, permission) {
-    const headers = {
-      "x-client-id": this.clientId
-    };
-    if (permission && this.account) {
-      const expiry = BigInt(Math.floor(Date.now() / 1e3) + 5 * 60);
-      const authHeaders = await this.generateAuthHeaders(permission, expiry);
-      Object.assign(headers, authHeaders);
-    }
-    try {
-      const response = await import_axios.default.get(url, {
-        headers,
-        maxRedirects: 0,
-        validateStatus: () => true
-        // Don't throw on any status
-      });
-      const status = response.status;
-      const statusText = status >= 200 && status < 300 ? "OK" : "Error";
-      if (status < 200 || status >= 300) {
-        const body = typeof response.data === "string" ? response.data : JSON.stringify(response.data);
-        throw new Error(`UserAPI request failed: ${status} ${statusText} - ${body}`);
-      }
-      return {
-        json: async () => response.data,
-        text: async () => typeof response.data === "string" ? response.data : JSON.stringify(response.data)
-      };
-    } catch (error) {
-      if (error.message?.includes("fetch failed") || error.message?.includes("ECONNREFUSED") || error.message?.includes("ENOTFOUND") || error.cause) {
-        const cause = error.cause?.message || error.cause || error.message;
-        throw new Error(
-          `Failed to connect to UserAPI at ${url}: ${cause}
-Please check:
-1. Your internet connection
-2. The API server is accessible: ${this.config.userApiServerURL}
-3. Firewall/proxy settings`
-        );
-      }
-      throw error;
-    }
-  }
-  /**
-   * Generate authentication headers for UserAPI requests
-   */
-  async generateAuthHeaders(permission, expiry) {
-    if (!this.account) {
-      throw new Error("Private key required for authenticated requests");
-    }
-    if (!this.rpcUrl) {
-      throw new Error("RPC URL required for authenticated requests");
-    }
-    const chain = getChainFromID(this.config.chainID);
-    const publicClient = (0, import_viem4.createPublicClient)({
-      chain,
-      transport: (0, import_viem4.http)(this.rpcUrl)
-    });
-    const { signature } = await calculatePermissionSignature({
-      permission,
-      expiry,
-      appControllerAddress: this.config.appControllerAddress,
-      publicClient,
-      account: this.account
-    });
-    return {
-      Authorization: `Bearer ${stripHexPrefix(signature)}`,
-      "X-eigenx-expiry": expiry.toString()
-    };
-  }
-};
-function transformAppReleaseBuild(raw) {
-  if (!isJsonObject(raw)) return void 0;
-  const depsRaw = raw.dependencies;
-  const deps = isJsonObject(depsRaw) ? Object.fromEntries(
-    Object.entries(depsRaw).flatMap(([digest, depRaw]) => {
-      const parsed = transformAppReleaseBuild(depRaw);
-      return parsed ? [[digest, parsed]] : [];
-    })
-  ) : void 0;
-  return {
-    buildId: readString(raw, "build_id") ?? readString(raw, "buildId"),
-    billingAddress: readString(raw, "billing_address") ?? readString(raw, "billingAddress"),
-    repoUrl: readString(raw, "repo_url") ?? readString(raw, "repoUrl"),
-    gitRef: readString(raw, "git_ref") ?? readString(raw, "gitRef"),
-    status: readString(raw, "status"),
-    buildType: readString(raw, "build_type") ?? readString(raw, "buildType"),
-    imageName: readString(raw, "image_name") ?? readString(raw, "imageName"),
-    imageDigest: readString(raw, "image_digest") ?? readString(raw, "imageDigest"),
-    imageUrl: readString(raw, "image_url") ?? readString(raw, "imageUrl"),
-    provenanceJson: raw.provenance_json ?? raw.provenanceJson,
-    provenanceSignature: readString(raw, "provenance_signature") ?? readString(raw, "provenanceSignature"),
-    createdAt: readString(raw, "created_at") ?? readString(raw, "createdAt"),
-    updatedAt: readString(raw, "updated_at") ?? readString(raw, "updatedAt"),
-    errorMessage: readString(raw, "error_message") ?? readString(raw, "errorMessage"),
-    dependencies: deps
-  };
-}
-function transformAppRelease(raw) {
-  if (!isJsonObject(raw)) return void 0;
-  return {
-    appId: readString(raw, "appId") ?? readString(raw, "app_id"),
-    rmsReleaseId: readString(raw, "rmsReleaseId") ?? readString(raw, "rms_release_id"),
-    imageDigest: readString(raw, "imageDigest") ?? readString(raw, "image_digest"),
-    registryUrl: readString(raw, "registryUrl") ?? readString(raw, "registry_url"),
-    publicEnv: readString(raw, "publicEnv") ?? readString(raw, "public_env"),
-    encryptedEnv: readString(raw, "encryptedEnv") ?? readString(raw, "encrypted_env"),
-    upgradeByTime: readNumber(raw, "upgradeByTime") ?? readNumber(raw, "upgrade_by_time"),
-    createdAt: readString(raw, "createdAt") ?? readString(raw, "created_at"),
-    createdAtBlock: readString(raw, "createdAtBlock") ?? readString(raw, "created_at_block"),
-    build: raw.build ? transformAppReleaseBuild(raw.build) : void 0
-  };
-}
-
 // src/client/common/abis/AppController.json
 var AppController_default = [
   {
@@ -4310,65 +3894,54 @@ function formatETH(wei) {
   }
   return trimmed;
 }
-async function calculateAppID(privateKey, rpcUrl, environmentConfig, salt) {
-  const privateKeyHex = addHexPrefix(privateKey);
-  const account = (0, import_accounts2.privateKeyToAccount)(privateKeyHex);
-  const chain = getChainFromID(environmentConfig.chainID);
-  const publicClient = (0, import_viem5.createPublicClient)({
-    chain,
-    transport: (0, import_viem5.http)(rpcUrl)
-  });
-  const saltHexString = Buffer.from(salt).toString("hex");
+async function calculateAppID(options) {
+  const { publicClient, environmentConfig, ownerAddress, salt } = options;
+  const saltHexString = (0, import_viem3.bytesToHex)(salt).slice(2);
   const paddedSaltHex = saltHexString.padStart(64, "0");
   const saltHex = `0x${paddedSaltHex}`;
-  const accountAddress = typeof account.address === "string" ? account.address : account.address.toString();
   const appID = await publicClient.readContract({
     address: environmentConfig.appControllerAddress,
     abi: AppController_default,
     functionName: "calculateAppId",
-    args: [accountAddress, saltHex]
+    args: [ownerAddress, saltHex]
   });
   return appID;
 }
-async function prepareDeployBatch(options, logger) {
-  const { privateKey, rpcUrl, environmentConfig, salt, release, publicLogs } = options;
-  const privateKeyHex = addHexPrefix(privateKey);
-  const account = (0, import_accounts2.privateKeyToAccount)(privateKeyHex);
-  const chain = getChainFromID(environmentConfig.chainID);
-  const publicClient = (0, import_viem5.createPublicClient)({
-    chain,
-    transport: (0, import_viem5.http)(rpcUrl)
-  });
-  const walletClient = (0, import_viem5.createWalletClient)({
-    account,
-    chain,
-    transport: (0, import_viem5.http)(rpcUrl)
-  });
+async function prepareDeployBatch(options, logger = noopLogger) {
+  const { walletClient, publicClient, environmentConfig, salt, release, publicLogs } = options;
+  const account = walletClient.account;
+  if (!account) {
+    throw new Error("WalletClient must have an account attached");
+  }
   logger.info("Calculating app ID...");
-  const appId = await calculateAppID(privateKeyHex, rpcUrl, environmentConfig, salt);
-  logger.info(`App ID: ${appId}`);
+  const appId = await calculateAppID({
+    publicClient,
+    environmentConfig,
+    ownerAddress: account.address,
+    salt
+  });
   logger.debug(`App ID calculated: ${appId}`);
   logger.debug(`This address will be used for acceptAdmin call`);
-  const saltHexString = Buffer.from(salt).toString("hex");
+  const saltHexString = (0, import_viem3.bytesToHex)(salt).slice(2);
   const paddedSaltHex = saltHexString.padStart(64, "0");
   const saltHex = `0x${paddedSaltHex}`;
   const releaseForViem = {
     rmsRelease: {
       artifacts: release.rmsRelease.artifacts.map((artifact) => ({
-        digest: `0x${Buffer.from(artifact.digest).toString("hex").padStart(64, "0")}`,
+        digest: `0x${(0, import_viem3.bytesToHex)(artifact.digest).slice(2).padStart(64, "0")}`,
         registry: artifact.registry
       })),
       upgradeByTime: release.rmsRelease.upgradeByTime
     },
-    publicEnv: `0x${Buffer.from(release.publicEnv).toString("hex")}`,
-    encryptedEnv: `0x${Buffer.from(release.encryptedEnv).toString("hex")}`
+    publicEnv: (0, import_viem3.bytesToHex)(release.publicEnv),
+    encryptedEnv: (0, import_viem3.bytesToHex)(release.encryptedEnv)
   };
-  const createData = (0, import_viem5.encodeFunctionData)({
+  const createData = (0, import_viem3.encodeFunctionData)({
     abi: AppController_default,
     functionName: "createApp",
     args: [saltHex, releaseForViem]
   });
-  const acceptAdminData = (0, import_viem5.encodeFunctionData)({
+  const acceptAdminData = (0, import_viem3.encodeFunctionData)({
     abi: PermissionController_default,
     functionName: "acceptAdmin",
     args: [appId]
@@ -4386,7 +3959,7 @@ async function prepareDeployBatch(options, logger) {
     }
   ];
   if (publicLogs) {
-    const anyoneCanViewLogsData = (0, import_viem5.encodeFunctionData)({
+    const anyoneCanViewLogsData = (0, import_viem3.encodeFunctionData)({
       abi: PermissionController_default,
       functionName: "setAppointee",
       args: [
@@ -4414,7 +3987,7 @@ async function prepareDeployBatch(options, logger) {
     environmentConfig
   };
 }
-async function executeDeployBatch(data, context, gas, logger) {
+async function executeDeployBatch(data, context, gas, logger = noopLogger) {
   const pendingMessage = "Deploying new app...";
   const txHash = await executeBatch(
     {
@@ -4429,18 +4002,8 @@ async function executeDeployBatch(data, context, gas, logger) {
   );
   return { appId: data.appId, txHash };
 }
-async function deployApp(options, logger) {
-  const prepared = await prepareDeployBatch(
-    {
-      privateKey: options.privateKey,
-      rpcUrl: options.rpcUrl,
-      environmentConfig: options.environmentConfig,
-      salt: options.salt,
-      release: options.release,
-      publicLogs: options.publicLogs
-    },
-    logger
-  );
+async function deployApp(options, logger = noopLogger) {
+  const prepared = await prepareDeployBatch(options, logger);
   const data = {
     appId: prepared.appId,
     salt: prepared.salt,
@@ -4455,41 +4018,29 @@ async function deployApp(options, logger) {
 }
 async function prepareUpgradeBatch(options) {
   const {
-    privateKey,
-    rpcUrl,
+    walletClient,
+    publicClient,
     environmentConfig,
-    appId,
+    appID,
     release,
     publicLogs,
     needsPermissionChange
   } = options;
-  const privateKeyHex = addHexPrefix(privateKey);
-  const account = (0, import_accounts2.privateKeyToAccount)(privateKeyHex);
-  const chain = getChainFromID(environmentConfig.chainID);
-  const publicClient = (0, import_viem5.createPublicClient)({
-    chain,
-    transport: (0, import_viem5.http)(rpcUrl)
-  });
-  const walletClient = (0, import_viem5.createWalletClient)({
-    account,
-    chain,
-    transport: (0, import_viem5.http)(rpcUrl)
-  });
   const releaseForViem = {
     rmsRelease: {
       artifacts: release.rmsRelease.artifacts.map((artifact) => ({
-        digest: `0x${Buffer.from(artifact.digest).toString("hex").padStart(64, "0")}`,
+        digest: `0x${(0, import_viem3.bytesToHex)(artifact.digest).slice(2).padStart(64, "0")}`,
         registry: artifact.registry
       })),
       upgradeByTime: release.rmsRelease.upgradeByTime
     },
-    publicEnv: `0x${Buffer.from(release.publicEnv).toString("hex")}`,
-    encryptedEnv: `0x${Buffer.from(release.encryptedEnv).toString("hex")}`
+    publicEnv: (0, import_viem3.bytesToHex)(release.publicEnv),
+    encryptedEnv: (0, import_viem3.bytesToHex)(release.encryptedEnv)
   };
-  const upgradeData = (0, import_viem5.encodeFunctionData)({
+  const upgradeData = (0, import_viem3.encodeFunctionData)({
     abi: AppController_default,
     functionName: "upgradeApp",
-    args: [appId, releaseForViem]
+    args: [appID, releaseForViem]
   });
   const executions = [
     {
@@ -4500,11 +4051,11 @@ async function prepareUpgradeBatch(options) {
   ];
   if (needsPermissionChange) {
     if (publicLogs) {
-      const addLogsData = (0, import_viem5.encodeFunctionData)({
+      const addLogsData = (0, import_viem3.encodeFunctionData)({
         abi: PermissionController_default,
         functionName: "setAppointee",
         args: [
-          appId,
+          appID,
           "0x493219d9949348178af1f58740655951a8cd110c",
           // AnyoneCanCallAddress
           "0x57ee1fb74c1087e26446abc4fb87fd8f07c43d8d",
@@ -4519,11 +4070,11 @@ async function prepareUpgradeBatch(options) {
         callData: addLogsData
       });
     } else {
-      const removeLogsData = (0, import_viem5.encodeFunctionData)({
+      const removeLogsData = (0, import_viem3.encodeFunctionData)({
         abi: PermissionController_default,
         functionName: "removeAppointee",
         args: [
-          appId,
+          appID,
           "0x493219d9949348178af1f58740655951a8cd110c",
           // AnyoneCanCallAddress
           "0x57ee1fb74c1087e26446abc4fb87fd8f07c43d8d",
@@ -4540,14 +4091,14 @@ async function prepareUpgradeBatch(options) {
     }
   }
   return {
-    appId,
+    appId: appID,
     executions,
     walletClient,
     publicClient,
     environmentConfig
   };
 }
-async function executeUpgradeBatch(data, context, gas, logger) {
+async function executeUpgradeBatch(data, context, gas, logger = noopLogger) {
   const pendingMessage = `Upgrading app ${data.appId}...`;
   const txHash = await executeBatch(
     {
@@ -4562,16 +4113,8 @@ async function executeUpgradeBatch(data, context, gas, logger) {
   );
   return txHash;
 }
-async function upgradeApp(options, logger) {
-  const prepared = await prepareUpgradeBatch({
-    privateKey: options.privateKey,
-    rpcUrl: options.rpcUrl,
-    environmentConfig: options.environmentConfig,
-    appId: options.appId,
-    release: options.release,
-    publicLogs: options.publicLogs,
-    needsPermissionChange: options.needsPermissionChange
-  });
+async function upgradeApp(options, logger = noopLogger) {
+  const prepared = await prepareUpgradeBatch(options);
   const data = {
     appId: prepared.appId,
     executions: prepared.executions
@@ -4583,10 +4126,10 @@ async function upgradeApp(options, logger) {
   };
   return executeUpgradeBatch(data, context, options.gas, logger);
 }
-async function sendAndWaitForTransaction(options, logger) {
+async function sendAndWaitForTransaction(options, logger = noopLogger) {
   const {
-    privateKey,
-    rpcUrl,
+    walletClient,
+    publicClient,
     environmentConfig,
     to,
     data,
@@ -4595,18 +4138,11 @@ async function sendAndWaitForTransaction(options, logger) {
     txDescription,
     gas
   } = options;
-  const privateKeyHex = addHexPrefix(privateKey);
-  const account = (0, import_accounts2.privateKeyToAccount)(privateKeyHex);
+  const account = walletClient.account;
+  if (!account) {
+    throw new Error("WalletClient must have an account attached");
+  }
   const chain = getChainFromID(environmentConfig.chainID);
-  const publicClient = (0, import_viem5.createPublicClient)({
-    chain,
-    transport: (0, import_viem5.http)(rpcUrl)
-  });
-  const walletClient = (0, import_viem5.createWalletClient)({
-    account,
-    chain,
-    transport: (0, import_viem5.http)(rpcUrl)
-  });
   if (pendingMessage) {
     logger.info(`
 ${pendingMessage}`);
@@ -4617,7 +4153,10 @@ ${pendingMessage}`);
     data,
     value,
     ...gas?.maxFeePerGas && { maxFeePerGas: gas.maxFeePerGas },
-    ...gas?.maxPriorityFeePerGas && { maxPriorityFeePerGas: gas.maxPriorityFeePerGas }
+    ...gas?.maxPriorityFeePerGas && {
+      maxPriorityFeePerGas: gas.maxPriorityFeePerGas
+    },
+    chain
   });
   logger.info(`Transaction sent: ${hash}`);
   const receipt = await publicClient.waitForTransactionReceipt({ hash });
@@ -4632,7 +4171,7 @@ ${pendingMessage}`);
     } catch (callError) {
       if (callError.data) {
         try {
-          const decoded = (0, import_viem5.decodeErrorResult)({
+          const decoded = (0, import_viem3.decodeErrorResult)({
             abi: AppController_default,
             data: callError.data
           });
@@ -4683,12 +4222,7 @@ function formatAppControllerError(decoded) {
       return new Error(`contract error: ${errorName}`);
   }
 }
-async function getActiveAppCount(rpcUrl, environmentConfig, user) {
-  const chain = getChainFromID(environmentConfig.chainID);
-  const publicClient = (0, import_viem5.createPublicClient)({
-    chain,
-    transport: (0, import_viem5.http)(rpcUrl)
-  });
+async function getActiveAppCount(publicClient, environmentConfig, user) {
   const count = await publicClient.readContract({
     address: environmentConfig.appControllerAddress,
     abi: AppController_default,
@@ -4697,12 +4231,7 @@ async function getActiveAppCount(rpcUrl, environmentConfig, user) {
   });
   return Number(count);
 }
-async function getMaxActiveAppsPerUser(rpcUrl, environmentConfig, user) {
-  const chain = getChainFromID(environmentConfig.chainID);
-  const publicClient = (0, import_viem5.createPublicClient)({
-    chain,
-    transport: (0, import_viem5.http)(rpcUrl)
-  });
+async function getMaxActiveAppsPerUser(publicClient, environmentConfig, user) {
   const quota = await publicClient.readContract({
     address: environmentConfig.appControllerAddress,
     abi: AppController_default,
@@ -4712,83 +4241,550 @@ async function getMaxActiveAppsPerUser(rpcUrl, environmentConfig, user) {
   return Number(quota);
 }
 async function isDelegated(options) {
-  const { privateKey, rpcUrl, environmentConfig } = options;
-  const privateKeyHex = addHexPrefix(privateKey);
-  const account = (0, import_accounts2.privateKeyToAccount)(privateKeyHex);
-  const chain = getChainFromID(environmentConfig.chainID);
-  const publicClient = (0, import_viem5.createPublicClient)({
-    chain,
-    transport: (0, import_viem5.http)(rpcUrl)
-  });
+  const { publicClient, environmentConfig, address } = options;
   return checkERC7702Delegation(
     publicClient,
-    account.address,
+    address,
     environmentConfig.erc7702DelegatorAddress
   );
 }
-async function undelegate(options, logger) {
-  const { privateKey, rpcUrl, environmentConfig } = options;
-  const privateKeyHex = addHexPrefix(privateKey);
-  const account = (0, import_accounts2.privateKeyToAccount)(privateKeyHex);
-  const chain = getChainFromID(environmentConfig.chainID);
-  const publicClient = (0, import_viem5.createPublicClient)({
-    chain,
-    transport: (0, import_viem5.http)(rpcUrl)
-  });
-  const walletClient = (0, import_viem5.createWalletClient)({
-    account,
-    chain,
-    transport: (0, import_viem5.http)(rpcUrl)
-  });
-  const transactionNonce = await publicClient.getTransactionCount({
-    address: account.address,
-    blockTag: "pending"
-  });
-  const chainId = await publicClient.getChainId();
-  const authorizationNonce = BigInt(transactionNonce) + 1n;
-  const authorization = {
-    chainId: Number(chainId),
-    address: "0x0000000000000000000000000000000000000000",
-    // Empty address = undelegate
-    nonce: authorizationNonce
+async function undelegate(options, logger = noopLogger) {
+  const { walletClient, publicClient, environmentConfig } = options;
+  const account = walletClient.account;
+  if (!account) {
+    throw new Error("WalletClient must have an account attached");
+  }
+  const chain = getChainFromID(environmentConfig.chainID);
+  const transactionNonce = await publicClient.getTransactionCount({
+    address: account.address,
+    blockTag: "pending"
+  });
+  const chainId = await publicClient.getChainId();
+  const authorizationNonce = BigInt(transactionNonce) + 1n;
+  logger.debug("Signing undelegate authorization");
+  const signedAuthorization = await walletClient.signAuthorization({
+    contractAddress: "0x0000000000000000000000000000000000000000",
+    chainId,
+    nonce: Number(authorizationNonce),
+    account
+  });
+  const authorizationList = [signedAuthorization];
+  const hash = await walletClient.sendTransaction({
+    account,
+    to: account.address,
+    // Send to self
+    data: "0x",
+    // Empty data
+    value: 0n,
+    authorizationList,
+    chain
+  });
+  logger.info(`Transaction sent: ${hash}`);
+  const receipt = await publicClient.waitForTransactionReceipt({ hash });
+  if (receipt.status === "reverted") {
+    logger.error(`Undelegate transaction (hash: ${hash}) reverted`);
+    throw new Error(`Undelegate transaction (hash: ${hash}) reverted`);
+  }
+  return hash;
+}
+
+// src/client/common/utils/userapi.ts
+var import_axios = __toESM(require("axios"), 1);
+
+// src/client/common/utils/auth.ts
+var import_viem4 = require("viem");
+var APP_CONTROLLER_ABI = (0, import_viem4.parseAbi)([
+  "function calculateApiPermissionDigestHash(bytes4 permission, uint256 expiry) view returns (bytes32)"
+]);
+async function calculatePermissionSignature(options) {
+  const { permission, expiry, appControllerAddress, publicClient, walletClient } = options;
+  const digest = await publicClient.readContract({
+    address: appControllerAddress,
+    abi: APP_CONTROLLER_ABI,
+    functionName: "calculateApiPermissionDigestHash",
+    args: [permission, expiry]
+  });
+  const account = walletClient.account;
+  if (!account) {
+    throw new Error("WalletClient must have an account attached");
+  }
+  const signature = await walletClient.signMessage({
+    account,
+    message: { raw: digest }
+  });
+  return { signature, digest };
+}
+
+// src/client/common/auth/session.ts
+var SessionError = class extends Error {
+  constructor(message, code, statusCode) {
+    super(message);
+    this.code = code;
+    this.statusCode = statusCode;
+    this.name = "SessionError";
+  }
+};
+function stripHexPrefix2(hex) {
+  return hex.startsWith("0x") ? hex.slice(2) : hex;
+}
+async function parseErrorResponse(response) {
+  try {
+    const data = await response.json();
+    return data.error || response.statusText;
+  } catch {
+    return response.statusText;
+  }
+}
+async function loginToComputeApi(config, request) {
+  let response;
+  try {
+    response = await fetch(`${config.baseUrl}/auth/siwe/login`, {
+      method: "POST",
+      credentials: "include",
+      // Include cookies for session management
+      headers: {
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify({
+        message: request.message,
+        signature: stripHexPrefix2(request.signature)
+      })
+    });
+  } catch (error) {
+    throw new SessionError(
+      `Network error connecting to ${config.baseUrl}: ${error instanceof Error ? error.message : String(error)}`,
+      "NETWORK_ERROR"
+    );
+  }
+  if (!response.ok) {
+    const errorMessage = await parseErrorResponse(response);
+    const status = response.status;
+    if (status === 400) {
+      if (errorMessage.toLowerCase().includes("siwe")) {
+        throw new SessionError(`Invalid SIWE message: ${errorMessage}`, "INVALID_MESSAGE", status);
+      }
+      throw new SessionError(`Bad request: ${errorMessage}`, "INVALID_MESSAGE", status);
+    }
+    if (status === 401) {
+      throw new SessionError(`Invalid signature: ${errorMessage}`, "INVALID_SIGNATURE", status);
+    }
+    throw new SessionError(`Login failed: ${errorMessage}`, "UNKNOWN", status);
+  }
+  const data = await response.json();
+  return {
+    success: data.success,
+    address: data.address
+  };
+}
+async function getComputeApiSession(config) {
+  let response;
+  try {
+    response = await fetch(`${config.baseUrl}/auth/session`, {
+      method: "GET",
+      credentials: "include",
+      // Include cookies for session management
+      headers: {
+        "Content-Type": "application/json"
+      }
+    });
+  } catch {
+    return {
+      authenticated: false
+    };
+  }
+  if (response.status === 401) {
+    return {
+      authenticated: false
+    };
+  }
+  if (!response.ok) {
+    const errorMessage = await parseErrorResponse(response);
+    throw new SessionError(`Failed to get session: ${errorMessage}`, "UNKNOWN", response.status);
+  }
+  const data = await response.json();
+  return {
+    authenticated: data.authenticated,
+    address: data.address,
+    chainId: data.chain_id
+  };
+}
+async function logoutFromComputeApi(config) {
+  let response;
+  try {
+    response = await fetch(`${config.baseUrl}/auth/logout`, {
+      method: "POST",
+      credentials: "include",
+      // Include cookies for session management
+      headers: {
+        "Content-Type": "application/json"
+      }
+    });
+  } catch (error) {
+    throw new SessionError(
+      `Network error connecting to ${config.baseUrl}: ${error instanceof Error ? error.message : String(error)}`,
+      "NETWORK_ERROR"
+    );
+  }
+  if (response.status === 401) {
+    return;
+  }
+  if (!response.ok) {
+    const errorMessage = await parseErrorResponse(response);
+    throw new SessionError(`Logout failed: ${errorMessage}`, "UNKNOWN", response.status);
+  }
+}
+
+// src/client/common/utils/userapi.ts
+function isJsonObject(value) {
+  return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function readString(obj, key) {
+  const v = obj[key];
+  return typeof v === "string" ? v : void 0;
+}
+function readNumber(obj, key) {
+  const v = obj[key];
+  return typeof v === "number" && Number.isFinite(v) ? v : void 0;
+}
+var MAX_ADDRESS_COUNT = 5;
+var CanViewAppLogsPermission = "0x2fd3f2fe";
+var CanViewSensitiveAppInfoPermission = "0x0e67b22f";
+var CanUpdateAppProfilePermission = "0x036fef61";
+function getDefaultClientId() {
+  const version = true ? "0.2.2-dev" : "0.0.0";
+  return `ecloud-sdk/v${version}`;
+}
+var UserApiClient = class {
+  constructor(config, walletClient, publicClient, options) {
+    this.config = config;
+    this.walletClient = walletClient;
+    this.publicClient = publicClient;
+    this.clientId = options?.clientId || getDefaultClientId();
+    this.useSession = options?.useSession ?? false;
+  }
+  /**
+   * Get the address of the connected wallet
+   */
+  get address() {
+    const account = this.walletClient.account;
+    if (!account) {
+      throw new Error("WalletClient must have an account attached");
+    }
+    return account.address;
+  }
+  async getInfos(appIDs, addressCount = 1) {
+    const count = Math.min(addressCount, MAX_ADDRESS_COUNT);
+    const endpoint = `${this.config.userApiServerURL}/info`;
+    const url = `${endpoint}?${new URLSearchParams({ apps: appIDs.join(",") })}`;
+    const res = await this.makeAuthenticatedRequest(url, CanViewSensitiveAppInfoPermission);
+    const result = await res.json();
+    return result.apps.map((app, i) => {
+      const evmAddresses = app.addresses?.data?.evmAddresses?.slice(0, count) || [];
+      const solanaAddresses = app.addresses?.data?.solanaAddresses?.slice(0, count) || [];
+      return {
+        address: appIDs[i],
+        status: app.app_status,
+        ip: app.ip,
+        machineType: app.machine_type,
+        profile: app.profile,
+        metrics: app.metrics,
+        evmAddresses,
+        solanaAddresses
+      };
+    });
+  }
+  /**
+   * Get app details from UserAPI (includes releases and build/provenance info when available).
+   *
+   * Endpoint: GET /apps/:appAddress
+   */
+  async getApp(appAddress) {
+    const endpoint = `${this.config.userApiServerURL}/apps/${appAddress}`;
+    const res = await this.makeAuthenticatedRequest(endpoint);
+    const raw = await res.json();
+    if (!isJsonObject(raw)) {
+      throw new Error("Unexpected /apps/:id response: expected object");
+    }
+    const id = readString(raw, "id");
+    if (!id) {
+      throw new Error("Unexpected /apps/:id response: missing 'id'");
+    }
+    const releasesRaw = raw.releases;
+    const releases = Array.isArray(releasesRaw) ? releasesRaw.map((r) => transformAppRelease(r)).filter((r) => !!r) : [];
+    return {
+      id,
+      creator: readString(raw, "creator"),
+      contractStatus: readString(raw, "contract_status") ?? readString(raw, "contractStatus"),
+      releases
+    };
+  }
+  /**
+   * Get available SKUs (instance types) from UserAPI
+   */
+  async getSKUs() {
+    const endpoint = `${this.config.userApiServerURL}/skus`;
+    const response = await this.makeAuthenticatedRequest(endpoint);
+    const result = await response.json();
+    return {
+      skus: result.skus || result.SKUs || []
+    };
+  }
+  /**
+   * Get logs for an app
+   */
+  async getLogs(appID) {
+    const endpoint = `${this.config.userApiServerURL}/logs/${appID}`;
+    const response = await this.makeAuthenticatedRequest(endpoint, CanViewAppLogsPermission);
+    return await response.text();
+  }
+  /**
+   * Get statuses for apps
+   */
+  async getStatuses(appIDs) {
+    const endpoint = `${this.config.userApiServerURL}/status`;
+    const url = `${endpoint}?${new URLSearchParams({ apps: appIDs.join(",") })}`;
+    const response = await this.makeAuthenticatedRequest(url);
+    const result = await response.json();
+    const apps = result.apps || result.Apps || [];
+    return apps.map((app, i) => ({
+      address: app.address || appIDs[i],
+      status: app.app_status || app.App_Status || ""
+    }));
+  }
+  /**
+   * Upload app profile information with optional image
+   *
+   * @param appAddress - The app's contract address
+   * @param name - Display name for the app
+   * @param options - Optional fields including website, description, xURL, and image
+   * @param options.image - Image file as Blob or File (browser: from input element, Node.js: new Blob([buffer]))
+   * @param options.imageName - Filename for the image (required if image is provided)
+   */
+  async uploadAppProfile(appAddress, name, options) {
+    const endpoint = `${this.config.userApiServerURL}/apps/${appAddress}/profile`;
+    const formData = new FormData();
+    formData.append("name", name);
+    if (options?.website) {
+      formData.append("website", options.website);
+    }
+    if (options?.description) {
+      formData.append("description", options.description);
+    }
+    if (options?.xURL) {
+      formData.append("xURL", options.xURL);
+    }
+    if (options?.image) {
+      const fileName = options.image instanceof File ? options.image.name : options.imageName || "image";
+      formData.append("image", options.image, fileName);
+    }
+    const headers = {
+      "x-client-id": this.clientId
+    };
+    if (!this.useSession) {
+      const expiry = BigInt(Math.floor(Date.now() / 1e3) + 5 * 60);
+      const authHeaders = await this.generateAuthHeaders(CanUpdateAppProfilePermission, expiry);
+      Object.assign(headers, authHeaders);
+    }
+    try {
+      const response = await import_axios.default.post(endpoint, formData, {
+        headers,
+        maxRedirects: 0,
+        validateStatus: () => true,
+        // Don't throw on any status
+        maxContentLength: Infinity,
+        // Allow large file uploads
+        maxBodyLength: Infinity,
+        // Allow large file uploads
+        withCredentials: true
+        // Include cookies for session auth
+      });
+      const status = response.status;
+      if (status !== 200 && status !== 201) {
+        const body = typeof response.data === "string" ? response.data : JSON.stringify(response.data);
+        if (status === 403 && body.includes("Cloudflare") && body.includes("challenge-platform")) {
+          throw new Error(
+            `Cloudflare protection is blocking the request. This is likely due to bot detection.
+Status: ${status}`
+          );
+        }
+        throw new Error(
+          `UserAPI request failed: ${status} ${status >= 200 && status < 300 ? "OK" : "Error"} - ${body.substring(0, 500)}${body.length > 500 ? "..." : ""}`
+        );
+      }
+      return response.data;
+    } catch (error) {
+      if (error.message?.includes("fetch failed") || error.message?.includes("ECONNREFUSED") || error.message?.includes("ENOTFOUND") || error.cause) {
+        const cause = error.cause?.message || error.cause || error.message;
+        throw new Error(
+          `Failed to connect to UserAPI at ${endpoint}: ${cause}
+Please check:
+1. Your internet connection
+2. The API server is accessible: ${this.config.userApiServerURL}
+3. Firewall/proxy settings`
+        );
+      }
+      throw error;
+    }
+  }
+  async makeAuthenticatedRequest(url, permission) {
+    const headers = {
+      "x-client-id": this.clientId
+    };
+    if (permission && !this.useSession) {
+      const expiry = BigInt(Math.floor(Date.now() / 1e3) + 5 * 60);
+      const authHeaders = await this.generateAuthHeaders(permission, expiry);
+      Object.assign(headers, authHeaders);
+    }
+    try {
+      const response = await import_axios.default.get(url, {
+        headers,
+        maxRedirects: 0,
+        validateStatus: () => true,
+        // Don't throw on any status
+        withCredentials: true
+        // Include cookies for session auth
+      });
+      const status = response.status;
+      const statusText = status >= 200 && status < 300 ? "OK" : "Error";
+      if (status < 200 || status >= 300) {
+        const body = typeof response.data === "string" ? response.data : JSON.stringify(response.data);
+        throw new Error(`UserAPI request failed: ${status} ${statusText} - ${body}`);
+      }
+      return {
+        json: async () => response.data,
+        text: async () => typeof response.data === "string" ? response.data : JSON.stringify(response.data)
+      };
+    } catch (error) {
+      if (error.message?.includes("fetch failed") || error.message?.includes("ECONNREFUSED") || error.message?.includes("ENOTFOUND") || error.cause) {
+        const cause = error.cause?.message || error.cause || error.message;
+        throw new Error(
+          `Failed to connect to UserAPI at ${url}: ${cause}
+Please check:
+1. Your internet connection
+2. The API server is accessible: ${this.config.userApiServerURL}
+3. Firewall/proxy settings`
+        );
+      }
+      throw error;
+    }
+  }
+  /**
+   * Generate authentication headers for UserAPI requests
+   */
+  async generateAuthHeaders(permission, expiry) {
+    const { signature } = await calculatePermissionSignature({
+      permission,
+      expiry,
+      appControllerAddress: this.config.appControllerAddress,
+      publicClient: this.publicClient,
+      walletClient: this.walletClient
+    });
+    return {
+      Authorization: `Bearer ${stripHexPrefix(signature)}`,
+      "X-eigenx-expiry": expiry.toString()
+    };
+  }
+  // ==========================================================================
+  // SIWE Session Management
+  // ==========================================================================
+  /**
+   * Login to the compute API using SIWE (Sign-In with Ethereum)
+   *
+   * This establishes a session with the compute API by verifying the SIWE message
+   * and signature. On success, a session cookie is set in the browser.
+   *
+   * @param request - Login request containing SIWE message and signature
+   * @returns Login result with the authenticated address
+   *
+   * @example
+   * ```typescript
+   * import { createSiweMessage } from "@layr-labs/ecloud-sdk/browser";
+   *
+   * const { message } = createSiweMessage({
+   *   address: userAddress,
+   *   chainId: 11155111,
+   *   domain: window.location.host,
+   *   uri: window.location.origin,
+   * });
+   *
+   * const signature = await signMessageAsync({ message });
+   * const result = await client.siweLogin({ message, signature });
+   * ```
+   */
+  async siweLogin(request) {
+    return loginToComputeApi({ baseUrl: this.config.userApiServerURL }, request);
+  }
+  /**
+   * Logout from the compute API
+   *
+   * This destroys the current session and clears the session cookie.
+   *
+   * @example
+   * ```typescript
+   * await client.siweLogout();
+   * ```
+   */
+  async siweLogout() {
+    return logoutFromComputeApi({ baseUrl: this.config.userApiServerURL });
+  }
+  /**
+   * Get the current SIWE session status from the compute API
+   *
+   * @returns Session information including authentication status and address
+   *
+   * @example
+   * ```typescript
+   * const session = await client.getSiweSession();
+   * if (session.authenticated) {
+   *   console.log(`Logged in as ${session.address}`);
+   * }
+   * ```
+   */
+  async getSiweSession() {
+    return getComputeApiSession({ baseUrl: this.config.userApiServerURL });
+  }
+};
+function transformAppReleaseBuild(raw) {
+  if (!isJsonObject(raw)) return void 0;
+  const depsRaw = raw.dependencies;
+  const deps = isJsonObject(depsRaw) ? Object.fromEntries(
+    Object.entries(depsRaw).flatMap(([digest, depRaw]) => {
+      const parsed = transformAppReleaseBuild(depRaw);
+      return parsed ? [[digest, parsed]] : [];
+    })
+  ) : void 0;
+  return {
+    buildId: readString(raw, "build_id") ?? readString(raw, "buildId"),
+    billingAddress: readString(raw, "billing_address") ?? readString(raw, "billingAddress"),
+    repoUrl: readString(raw, "repo_url") ?? readString(raw, "repoUrl"),
+    gitRef: readString(raw, "git_ref") ?? readString(raw, "gitRef"),
+    status: readString(raw, "status"),
+    buildType: readString(raw, "build_type") ?? readString(raw, "buildType"),
+    imageName: readString(raw, "image_name") ?? readString(raw, "imageName"),
+    imageDigest: readString(raw, "image_digest") ?? readString(raw, "imageDigest"),
+    imageUrl: readString(raw, "image_url") ?? readString(raw, "imageUrl"),
+    provenanceJson: raw.provenance_json ?? raw.provenanceJson,
+    provenanceSignature: readString(raw, "provenance_signature") ?? readString(raw, "provenanceSignature"),
+    createdAt: readString(raw, "created_at") ?? readString(raw, "createdAt"),
+    updatedAt: readString(raw, "updated_at") ?? readString(raw, "updatedAt"),
+    errorMessage: readString(raw, "error_message") ?? readString(raw, "errorMessage"),
+    dependencies: deps
+  };
+}
+function transformAppRelease(raw) {
+  if (!isJsonObject(raw)) return void 0;
+  return {
+    appId: readString(raw, "appId") ?? readString(raw, "app_id"),
+    rmsReleaseId: readString(raw, "rmsReleaseId") ?? readString(raw, "rms_release_id"),
+    imageDigest: readString(raw, "imageDigest") ?? readString(raw, "image_digest"),
+    registryUrl: readString(raw, "registryUrl") ?? readString(raw, "registry_url"),
+    publicEnv: readString(raw, "publicEnv") ?? readString(raw, "public_env"),
+    encryptedEnv: readString(raw, "encryptedEnv") ?? readString(raw, "encrypted_env"),
+    upgradeByTime: readNumber(raw, "upgradeByTime") ?? readNumber(raw, "upgrade_by_time"),
+    createdAt: readString(raw, "createdAt") ?? readString(raw, "created_at"),
+    createdAtBlock: readString(raw, "createdAtBlock") ?? readString(raw, "created_at_block"),
+    build: raw.build ? transformAppReleaseBuild(raw.build) : void 0
   };
-  const sighash = (0, import_utils.hashAuthorization)({
-    chainId: authorization.chainId,
-    contractAddress: authorization.address,
-    nonce: Number(authorization.nonce)
-  });
-  const sig = await (0, import_accounts3.sign)({
-    hash: sighash,
-    privateKey: privateKeyHex
-  });
-  const v = Number(sig.v);
-  const yParity = v === 27 ? 0 : 1;
-  const authorizationList = [
-    {
-      chainId: authorization.chainId,
-      address: authorization.address,
-      nonce: Number(authorization.nonce),
-      r: sig.r,
-      s: sig.s,
-      yParity
-    }
-  ];
-  const hash = await walletClient.sendTransaction({
-    account,
-    to: account.address,
-    // Send to self
-    data: "0x",
-    // Empty data
-    value: 0n,
-    authorizationList
-  });
-  logger.info(`Transaction sent: ${hash}`);
-  const receipt = await publicClient.waitForTransactionReceipt({ hash });
-  if (receipt.status === "reverted") {
-    logger.error(`Undelegate transaction (hash: ${hash}) reverted`);
-    throw new Error(`Undelegate transaction (hash: ${hash}) reverted`);
-  }
-  return hash;
 }
 
 // src/client/common/contract/watcher.ts
@@ -4796,8 +4792,8 @@ var WATCH_POLL_INTERVAL_SECONDS = 5;
 var APP_STATUS_RUNNING = "Running";
 var APP_STATUS_FAILED = "Failed";
 async function watchUntilRunning(options, logger) {
-  const { environmentConfig, appId, privateKey, rpcUrl, clientId } = options;
-  const userApiClient = new UserApiClient(environmentConfig, privateKey, rpcUrl, clientId);
+  const { walletClient, publicClient, environmentConfig, appId } = options;
+  const userApiClient = new UserApiClient(environmentConfig, walletClient, publicClient);
   let initialStatus;
   let initialIP;
   let hasChanged = false;
@@ -4846,8 +4842,8 @@ async function watchUntilRunning(options, logger) {
 }
 var APP_STATUS_STOPPED = "Stopped";
 async function watchUntilUpgradeComplete(options, logger) {
-  const { environmentConfig, appId, privateKey, rpcUrl, clientId } = options;
-  const userApiClient = new UserApiClient(environmentConfig, privateKey, rpcUrl, clientId);
+  const { walletClient, publicClient, environmentConfig, appId } = options;
+  const userApiClient = new UserApiClient(environmentConfig, walletClient, publicClient);
   let initialStatus;
   let initialIP;
   let hasChanged = false;
@@ -4910,7 +4906,7 @@ function sleep(ms) {
 
 // src/client/common/utils/validation.ts
 var import_fs = __toESM(require("fs"), 1);
-var import_viem6 = require("viem");
+var import_viem5 = require("viem");
 function validateAppName(name) {
   if (!name) {
     throw new Error("App name cannot be empty");
@@ -4958,7 +4954,7 @@ function validateAppID(appID) {
     throw new Error("App ID is required");
   }
   const normalized = typeof appID === "string" ? addHexPrefix(appID) : appID;
-  if ((0, import_viem6.isAddress)(normalized)) {
+  if ((0, import_viem5.isAddress)(normalized)) {
     return normalized;
   }
   throw new Error(`Invalid app ID: '${appID}' is not a valid address`);
@@ -4993,68 +4989,142 @@ function validateResourceUsageMonitoring(resourceUsageMonitoring) {
   }
 }
 
+// src/client/common/config/environment.ts
+var SEPOLIA_CHAIN_ID = 11155111;
+var MAINNET_CHAIN_ID = 1;
+var CommonAddresses = {
+  ERC7702Delegator: "0x63c0c19a282a1b52b07dd5a65b58948a07dae32b"
+};
+var ChainAddresses = {
+  [MAINNET_CHAIN_ID]: {
+    PermissionController: "0x25E5F8B1E7aDf44518d35D5B2271f114e081f0E5"
+  },
+  [SEPOLIA_CHAIN_ID]: {
+    PermissionController: "0x44632dfBdCb6D3E21EF613B0ca8A6A0c618F5a37"
+  }
+};
+var ENVIRONMENTS = {
+  "sepolia-dev": {
+    name: "sepolia",
+    build: "dev",
+    appControllerAddress: "0xa86DC1C47cb2518327fB4f9A1627F51966c83B92",
+    permissionControllerAddress: ChainAddresses[SEPOLIA_CHAIN_ID].PermissionController,
+    erc7702DelegatorAddress: CommonAddresses.ERC7702Delegator,
+    kmsServerURL: "http://10.128.0.57:8080",
+    userApiServerURL: "https://userapi-compute-sepolia-dev.eigencloud.xyz",
+    defaultRPCURL: "https://ethereum-sepolia-rpc.publicnode.com"
+  },
+  sepolia: {
+    name: "sepolia",
+    build: "prod",
+    appControllerAddress: "0x0dd810a6ffba6a9820a10d97b659f07d8d23d4E2",
+    permissionControllerAddress: ChainAddresses[SEPOLIA_CHAIN_ID].PermissionController,
+    erc7702DelegatorAddress: CommonAddresses.ERC7702Delegator,
+    kmsServerURL: "http://10.128.15.203:8080",
+    userApiServerURL: "https://userapi-compute-sepolia-prod.eigencloud.xyz",
+    defaultRPCURL: "https://ethereum-sepolia-rpc.publicnode.com"
+  },
+  "mainnet-alpha": {
+    name: "mainnet-alpha",
+    build: "prod",
+    appControllerAddress: "0xc38d35Fc995e75342A21CBd6D770305b142Fbe67",
+    permissionControllerAddress: ChainAddresses[MAINNET_CHAIN_ID].PermissionController,
+    erc7702DelegatorAddress: CommonAddresses.ERC7702Delegator,
+    kmsServerURL: "http://10.128.0.2:8080",
+    userApiServerURL: "https://userapi-compute.eigencloud.xyz",
+    defaultRPCURL: "https://ethereum-rpc.publicnode.com"
+  }
+};
+var CHAIN_ID_TO_ENVIRONMENT = {
+  [SEPOLIA_CHAIN_ID.toString()]: "sepolia",
+  [MAINNET_CHAIN_ID.toString()]: "mainnet-alpha"
+};
+function getEnvironmentConfig(environment, chainID) {
+  const env = ENVIRONMENTS[environment];
+  if (!env) {
+    throw new Error(`Unknown environment: ${environment}`);
+  }
+  if (!isEnvironmentAvailable(environment)) {
+    throw new Error(
+      `Environment ${environment} is not available in this build type. Available environments: ${getAvailableEnvironments().join(", ")}`
+    );
+  }
+  if (chainID) {
+    const expectedEnv = CHAIN_ID_TO_ENVIRONMENT[chainID.toString()];
+    if (expectedEnv && expectedEnv !== environment) {
+      throw new Error(`Environment ${environment} does not match chain ID ${chainID}`);
+    }
+  }
+  const resolvedChainID = chainID || (environment === "sepolia" || environment === "sepolia-dev" ? SEPOLIA_CHAIN_ID : MAINNET_CHAIN_ID);
+  return {
+    ...env,
+    chainID: BigInt(resolvedChainID)
+  };
+}
+function getBuildType() {
+  const buildTimeType = true ? "dev"?.toLowerCase() : void 0;
+  const runtimeType = process.env.BUILD_TYPE?.toLowerCase();
+  const buildType = buildTimeType || runtimeType;
+  if (buildType === "dev") {
+    return "dev";
+  }
+  return "prod";
+}
+function getAvailableEnvironments() {
+  const buildType = getBuildType();
+  if (buildType === "dev") {
+    return ["sepolia-dev"];
+  }
+  return ["sepolia", "mainnet-alpha"];
+}
+function isEnvironmentAvailable(environment) {
+  return getAvailableEnvironments().includes(environment);
+}
+
 // src/client/common/utils/preflight.ts
-var import_viem7 = require("viem");
-var import_accounts4 = require("viem/accounts");
 async function doPreflightChecks(options, logger) {
-  logger.debug("Checking authentication...");
-  const privateKey = await getPrivateKeyOrFail(options.privateKey);
+  const { walletClient, publicClient } = options;
   logger.debug("Determining environment...");
   const environmentConfig = getEnvironmentConfig(options.environment || "sepolia");
-  let rpcUrl = options.rpcUrl;
-  if (!rpcUrl) {
-    rpcUrl = process.env.RPC_URL ?? environmentConfig.defaultRPCURL;
-  }
-  if (!rpcUrl) {
-    throw new Error(
-      `RPC URL is required. Provide via options.rpcUrl, RPC_URL env var, or ensure environment has default RPC URL`
-    );
+  const account = walletClient.account;
+  if (!account) {
+    throw new Error("WalletClient must have an account attached");
   }
-  logger.debug("Testing network connectivity...");
-  const publicClient = (0, import_viem7.createPublicClient)({
-    transport: (0, import_viem7.http)(rpcUrl)
-  });
+  logger.debug("Validating chain ID...");
   try {
     const chainID = await publicClient.getChainId();
     if (BigInt(chainID) !== environmentConfig.chainID) {
       throw new Error(`Chain ID mismatch: expected ${environmentConfig.chainID}, got ${chainID}`);
     }
   } catch (err) {
-    throw new Error(`Cannot connect to ${environmentConfig.name} RPC at ${rpcUrl}: ${err.message}`);
+    throw new Error(
+      `Cannot connect to ${environmentConfig.name} RPC at ${publicClient.transport.url}: ${err.message}`
+    );
   }
-  const privateKeyHex = addHexPrefix(privateKey);
-  const account = (0, import_accounts4.privateKeyToAccount)(privateKeyHex);
-  const selfAddress = account.address;
   return {
-    privateKey: privateKeyHex,
-    rpcUrl,
+    walletClient,
+    publicClient,
     environmentConfig,
-    account,
-    selfAddress
+    selfAddress: account.address
   };
 }
-async function getPrivateKeyOrFail(privateKey) {
-  if (privateKey) {
-    validatePrivateKey(privateKey);
-    return privateKey;
-  }
-  if (process.env.PRIVATE_KEY) {
-    validatePrivateKey(process.env.PRIVATE_KEY);
-    return process.env.PRIVATE_KEY;
-  }
-  throw new Error(
-    `private key required. Please provide it via:
-  \u2022 Option: privateKey in deploy options
-  \u2022 Environment: export PRIVATE_KEY=YOUR_KEY
-  \u2022 Keyring: (not yet implemented)`
-  );
-}
-function validatePrivateKey(key) {
-  const cleaned = stripHexPrefix(key);
-  if (!/^[0-9a-fA-F]{64}$/.test(cleaned)) {
-    throw new Error("Invalid private key format (must be 64 hex characters)");
-  }
-}
+
+// src/client/common/utils/logger.ts
+var defaultLogger = {
+  info: (...args) => console.info(...args),
+  warn: (...args) => console.warn(...args),
+  error: (...args) => console.error(...args),
+  debug: (...args) => console.debug(...args)
+};
+var getLogger = (verbose) => ({
+  info: (...args) => console.info(...args),
+  warn: (...args) => console.warn(...args),
+  error: (...args) => console.error(...args),
+  debug: (...args) => verbose && console.debug(...args)
+});
+
+// src/client/common/utils/billingapi.ts
+var import_axios2 = __toESM(require("axios"), 1);
 
 // src/client/common/telemetry/noop.ts
 var NoopClient = class {
@@ -5262,7 +5332,9 @@ async function prepareDeployFromVerifiableBuild(options, logger = defaultLogger)
       }
     },
     async () => {
-      if (!options.privateKey) throw new Error("privateKey is required for deployment");
+      if (!options.walletClient.account) {
+        throw new Error("WalletClient must have an account attached");
+      }
       if (!options.imageRef) throw new Error("imageRef is required for deployment");
       if (!options.imageDigest) throw new Error("imageDigest is required for deployment");
       assertValidImageReference(options.imageRef);
@@ -5278,8 +5350,8 @@ async function prepareDeployFromVerifiableBuild(options, logger = defaultLogger)
       logger.debug("Performing preflight checks...");
       const preflightCtx = await doPreflightChecks(
         {
-          privateKey: options.privateKey,
-          rpcUrl: options.rpcUrl,
+          walletClient: options.walletClient,
+          publicClient: options.publicClient,
           environment: options.environment
         },
         logger
@@ -5289,12 +5361,12 @@ async function prepareDeployFromVerifiableBuild(options, logger = defaultLogger)
       const salt = generateRandomSalt();
       logger.debug(`Generated salt: ${Buffer.from(salt).toString("hex")}`);
       logger.debug("Calculating app ID...");
-      const appIDToBeDeployed = await calculateAppID(
-        preflightCtx.privateKey,
-        options.rpcUrl || preflightCtx.rpcUrl,
-        preflightCtx.environmentConfig,
+      const appIDToBeDeployed = await calculateAppID({
+        publicClient: preflightCtx.publicClient,
+        environmentConfig: preflightCtx.environmentConfig,
+        ownerAddress: preflightCtx.selfAddress,
         salt
-      );
+      });
       logger.info(``);
       logger.info(`App ID: ${appIDToBeDeployed}`);
       logger.info(``);
@@ -5312,12 +5384,13 @@ async function prepareDeployFromVerifiableBuild(options, logger = defaultLogger)
       logger.debug("Preparing deploy batch...");
       const batch = await prepareDeployBatch(
         {
-          privateKey: preflightCtx.privateKey,
-          rpcUrl: options.rpcUrl || preflightCtx.rpcUrl,
+          walletClient: preflightCtx.walletClient,
+          publicClient: preflightCtx.publicClient,
           environmentConfig: preflightCtx.environmentConfig,
           salt,
           release,
-          publicLogs
+          publicLogs,
+          imageRef: options.imageRef
         },
         logger
       );
@@ -5344,8 +5417,8 @@ async function prepareDeployFromVerifiableBuild(options, logger = defaultLogger)
   );
 }
 function validateDeployOptions(options) {
-  if (!options.privateKey) {
-    throw new Error("privateKey is required for deployment");
+  if (!options.walletClient.account) {
+    throw new Error("WalletClient must have an account attached");
   }
   if (!options.dockerfilePath && !options.imageRef) {
     throw new Error("Either dockerfilePath or imageRef is required for deployment");
@@ -5384,8 +5457,8 @@ async function deploy(options, logger = defaultLogger) {
       logger.debug("Performing preflight checks...");
       const preflightCtx = await doPreflightChecks(
         {
-          privateKey: options.privateKey,
-          rpcUrl: options.rpcUrl,
+          walletClient: options.walletClient,
+          publicClient: options.publicClient,
           environment: options.environment
         },
         logger
@@ -5402,12 +5475,12 @@ async function deploy(options, logger = defaultLogger) {
       const salt = generateRandomSalt();
       logger.debug(`Generated salt: ${Buffer.from(salt).toString("hex")}`);
       logger.debug("Calculating app ID...");
-      const appIDToBeDeployed = await calculateAppID(
-        preflightCtx.privateKey,
-        options.rpcUrl || preflightCtx.rpcUrl,
-        preflightCtx.environmentConfig,
+      const appIDToBeDeployed = await calculateAppID({
+        publicClient: preflightCtx.publicClient,
+        environmentConfig: preflightCtx.environmentConfig,
+        ownerAddress: preflightCtx.selfAddress,
         salt
-      );
+      });
       logger.info(``);
       logger.info(`App ID: ${appIDToBeDeployed}`);
       logger.info(``);
@@ -5428,8 +5501,8 @@ async function deploy(options, logger = defaultLogger) {
       logger.info("Deploying on-chain...");
       const deployResult = await deployApp(
         {
-          privateKey: preflightCtx.privateKey,
-          rpcUrl: options.rpcUrl || preflightCtx.rpcUrl,
+          walletClient: preflightCtx.walletClient,
+          publicClient: preflightCtx.publicClient,
           environmentConfig: preflightCtx.environmentConfig,
           salt,
           release,
@@ -5442,8 +5515,8 @@ async function deploy(options, logger = defaultLogger) {
       logger.info("Waiting for app to start...");
       const ipAddress = await watchUntilRunning(
         {
-          privateKey: preflightCtx.privateKey,
-          rpcUrl: options.rpcUrl || preflightCtx.rpcUrl,
+          walletClient: preflightCtx.walletClient,
+          publicClient: preflightCtx.publicClient,
           environmentConfig: preflightCtx.environmentConfig,
           appId: deployResult.appId
         },
@@ -5460,12 +5533,10 @@ async function deploy(options, logger = defaultLogger) {
   );
 }
 async function checkQuotaAvailable(preflightCtx) {
-  const rpcUrl = preflightCtx.rpcUrl;
-  const environmentConfig = preflightCtx.environmentConfig;
-  const userAddress = preflightCtx.selfAddress;
+  const { publicClient, environmentConfig, selfAddress: userAddress } = preflightCtx;
   let maxQuota;
   try {
-    maxQuota = await getMaxActiveAppsPerUser(rpcUrl, environmentConfig, userAddress);
+    maxQuota = await getMaxActiveAppsPerUser(publicClient, environmentConfig, userAddress);
   } catch (err) {
     throw new Error(`failed to get quota limit: ${err.message}`);
   }
@@ -5476,7 +5547,7 @@ async function checkQuotaAvailable(preflightCtx) {
   }
   let activeCount;
   try {
-    activeCount = await getActiveAppCount(rpcUrl, environmentConfig, userAddress);
+    activeCount = await getActiveAppCount(publicClient, environmentConfig, userAddress);
   } catch (err) {
     throw new Error(`failed to get active app count: ${err.message}`);
   }
@@ -5507,8 +5578,8 @@ async function prepareDeploy(options, logger = defaultLogger) {
       logger.debug("Performing preflight checks...");
       const preflightCtx = await doPreflightChecks(
         {
-          privateKey: options.privateKey,
-          rpcUrl: options.rpcUrl,
+          walletClient: options.walletClient,
+          publicClient: options.publicClient,
           environment: options.environment
         },
         logger
@@ -5525,12 +5596,12 @@ async function prepareDeploy(options, logger = defaultLogger) {
       const salt = generateRandomSalt();
       logger.debug(`Generated salt: ${Buffer.from(salt).toString("hex")}`);
       logger.debug("Calculating app ID...");
-      const appIDToBeDeployed = await calculateAppID(
-        preflightCtx.privateKey,
-        options.rpcUrl || preflightCtx.rpcUrl,
-        preflightCtx.environmentConfig,
+      const appIDToBeDeployed = await calculateAppID({
+        publicClient: preflightCtx.publicClient,
+        environmentConfig: preflightCtx.environmentConfig,
+        ownerAddress: preflightCtx.selfAddress,
         salt
-      );
+      });
       logger.info(``);
       logger.info(`App ID: ${appIDToBeDeployed}`);
       logger.info(``);
@@ -5551,12 +5622,13 @@ async function prepareDeploy(options, logger = defaultLogger) {
       logger.debug("Preparing deploy batch...");
       const batch = await prepareDeployBatch(
         {
-          privateKey: preflightCtx.privateKey,
-          rpcUrl: options.rpcUrl || preflightCtx.rpcUrl,
+          walletClient: preflightCtx.walletClient,
+          publicClient: preflightCtx.publicClient,
           environmentConfig: preflightCtx.environmentConfig,
           salt,
           release,
-          publicLogs
+          publicLogs,
+          imageRef: finalImageRef
         },
         logger
       );
@@ -5601,25 +5673,23 @@ async function executeDeploy(options) {
     }
   );
 }
-async function watchDeployment(appId, privateKey, rpcUrl, environment, logger = defaultLogger, clientId, skipTelemetry) {
+async function watchDeployment(appId, walletClient, publicClient, environmentConfig, logger = defaultLogger, skipTelemetry) {
   return withSDKTelemetry(
     {
       functionName: "watchDeployment",
       skipTelemetry,
       properties: {
-        environment
+        environment: environmentConfig.name
       }
     },
     async () => {
-      const environmentConfig = getEnvironmentConfig(environment);
       logger.info("Waiting for app to start...");
       return watchUntilRunning(
         {
-          privateKey,
-          rpcUrl,
+          walletClient,
+          publicClient,
           environmentConfig,
-          appId,
-          clientId
+          appId
         },
         logger
       );
@@ -5628,18 +5698,12 @@ async function watchDeployment(appId, privateKey, rpcUrl, environment, logger =
 }
 
 // src/client/common/utils/permissions.ts
-var import_viem8 = require("viem");
 var AnyoneCanCallAddress = "0x493219d9949348178af1f58740655951a8cd110c";
 var ApiPermissionsTarget = "0x57ee1fb74c1087e26446abc4fb87fd8f07c43d8d";
 var CanViewAppLogsPermission2 = "0x2fd3f2fe";
 async function checkAppLogPermission(preflightCtx, appAddress, logger) {
-  const chain = getChainFromID(preflightCtx.environmentConfig.chainID);
-  const publicClient = (0, import_viem8.createPublicClient)({
-    chain,
-    transport: (0, import_viem8.http)(preflightCtx.rpcUrl)
-  });
   try {
-    const canCall = await publicClient.readContract({
+    const canCall = await preflightCtx.publicClient.readContract({
       address: preflightCtx.environmentConfig.permissionControllerAddress,
       abi: PermissionController_default,
       functionName: "canCall",
@@ -5666,8 +5730,8 @@ async function prepareUpgradeFromVerifiableBuild(options, logger = defaultLogger
       logger.debug("Performing preflight checks...");
       const preflightCtx = await doPreflightChecks(
         {
-          privateKey: options.privateKey,
-          rpcUrl: options.rpcUrl,
+          walletClient: options.walletClient,
+          publicClient: options.publicClient,
           environment: options.environment
         },
         logger
@@ -5699,13 +5763,14 @@ async function prepareUpgradeFromVerifiableBuild(options, logger = defaultLogger
       const needsPermissionChange = currentlyPublic !== publicLogs;
       logger.debug("Preparing upgrade batch...");
       const batch = await prepareUpgradeBatch({
-        privateKey: preflightCtx.privateKey,
-        rpcUrl: options.rpcUrl || preflightCtx.rpcUrl,
+        walletClient: preflightCtx.walletClient,
+        publicClient: preflightCtx.publicClient,
         environmentConfig: preflightCtx.environmentConfig,
-        appId: appID,
+        appID,
         release,
         publicLogs,
-        needsPermissionChange
+        needsPermissionChange,
+        imageRef: options.imageRef
       });
       logger.debug("Estimating gas...");
       const gasEstimate = await estimateBatchGas({
@@ -5729,8 +5794,8 @@ async function prepareUpgradeFromVerifiableBuild(options, logger = defaultLogger
   );
 }
 function validateUpgradeOptions(options) {
-  if (!options.privateKey) {
-    throw new Error("privateKey is required for upgrade");
+  if (!options.walletClient?.account) {
+    throw new Error("walletClient with account is required for upgrade");
   }
   if (!options.appId) {
     throw new Error("appId is required for upgrade");
@@ -5767,8 +5832,8 @@ async function upgrade(options, logger = defaultLogger) {
       logger.debug("Performing preflight checks...");
       const preflightCtx = await doPreflightChecks(
         {
-          privateKey: options.privateKey,
-          rpcUrl: options.rpcUrl,
+          walletClient: options.walletClient,
+          publicClient: options.publicClient,
           environment: options.environment
         },
         logger
@@ -5802,10 +5867,10 @@ async function upgrade(options, logger = defaultLogger) {
       logger.info("Upgrading on-chain...");
       const txHash = await upgradeApp(
         {
-          privateKey: preflightCtx.privateKey,
-          rpcUrl: options.rpcUrl || preflightCtx.rpcUrl,
+          walletClient: preflightCtx.walletClient,
+          publicClient: preflightCtx.publicClient,
           environmentConfig: preflightCtx.environmentConfig,
-          appId: appID,
+          appID,
           release,
           publicLogs,
           needsPermissionChange,
@@ -5817,8 +5882,8 @@ async function upgrade(options, logger = defaultLogger) {
       logger.info("Waiting for upgrade to complete...");
       await watchUntilUpgradeComplete(
         {
-          privateKey: preflightCtx.privateKey,
-          rpcUrl: options.rpcUrl || preflightCtx.rpcUrl,
+          walletClient: preflightCtx.walletClient,
+          publicClient: preflightCtx.publicClient,
           environmentConfig: preflightCtx.environmentConfig,
           appId: appID
         },
@@ -5845,8 +5910,8 @@ async function prepareUpgrade(options, logger = defaultLogger) {
       logger.debug("Performing preflight checks...");
       const preflightCtx = await doPreflightChecks(
         {
-          privateKey: options.privateKey,
-          rpcUrl: options.rpcUrl,
+          walletClient: options.walletClient,
+          publicClient: options.publicClient,
           environment: options.environment
         },
         logger
@@ -5879,13 +5944,14 @@ async function prepareUpgrade(options, logger = defaultLogger) {
       const needsPermissionChange = currentlyPublic !== publicLogs;
       logger.debug("Preparing upgrade batch...");
       const batch = await prepareUpgradeBatch({
-        privateKey: preflightCtx.privateKey,
-        rpcUrl: options.rpcUrl || preflightCtx.rpcUrl,
+        walletClient: preflightCtx.walletClient,
+        publicClient: preflightCtx.publicClient,
         environmentConfig: preflightCtx.environmentConfig,
-        appId: appID,
+        appID,
         release,
         publicLogs,
-        needsPermissionChange
+        needsPermissionChange,
+        imageRef: finalImageRef
       });
       logger.debug("Estimating gas...");
       const gasEstimate = await estimateBatchGas({
@@ -5926,25 +5992,23 @@ async function executeUpgrade(options) {
     }
   );
 }
-async function watchUpgrade(appId, privateKey, rpcUrl, environment, logger = defaultLogger, clientId, skipTelemetry) {
+async function watchUpgrade(appId, walletClient, publicClient, environmentConfig, logger = defaultLogger, skipTelemetry) {
   return withSDKTelemetry(
     {
       functionName: "watchUpgrade",
       skipTelemetry,
       properties: {
-        environment
+        environment: environmentConfig.name
       }
     },
     async () => {
-      const environmentConfig = getEnvironmentConfig(environment);
       logger.info("Waiting for upgrade to complete...");
       await watchUntilUpgradeComplete(
         {
-          privateKey,
-          rpcUrl,
+          walletClient,
+          publicClient,
           environmentConfig,
-          appId,
-          clientId
+          appId
         },
         logger
       );
@@ -6508,32 +6572,25 @@ async function watchLogs(appID, userApiClient, initialLogs) {
   }
   console.log("\nStopped watching");
 }
-async function logs(options, logger = defaultLogger, skipTelemetry = false) {
-  const skipTelemetryFlag = skipTelemetry || options.skipTelemetry || false;
+async function logs(options, walletClient, publicClient, environmentConfig, logger = defaultLogger, skipTelemetry = false) {
   return withSDKTelemetry(
     {
       functionName: "logs",
-      skipTelemetry: skipTelemetryFlag,
-      properties: { environment: options.environment || "sepolia" }
+      skipTelemetry,
+      properties: { environment: environmentConfig.name }
     },
     async () => {
       console.log();
       if (!options.appID) {
         throw new Error("appID is required for viewing logs");
       }
-      const environment = options.environment || "sepolia";
-      const environmentConfig = getEnvironmentConfig(environment);
-      const rpcUrl = options.rpcUrl || environmentConfig.defaultRPCURL;
-      if (!rpcUrl) {
-        throw new Error("RPC URL is required for authenticated requests");
-      }
       const appID = validateAppID(options.appID);
       const formattedApp = formatAppDisplay(environmentConfig.name, appID, "");
       const userApiClient = new UserApiClient(
         environmentConfig,
-        options.privateKey,
-        rpcUrl,
-        options.clientId
+        walletClient,
+        publicClient,
+        options.clientId ? { clientId: options.clientId } : void 0
       );
       let logsText;
       let logsError = null;
@@ -6609,35 +6666,39 @@ async function logs(options, logger = defaultLogger, skipTelemetry = false) {
 }
 
 // src/client/modules/compute/app/index.ts
-var CONTROLLER_ABI = (0, import_viem9.parseAbi)([
+var CONTROLLER_ABI = (0, import_viem6.parseAbi)([
   "function startApp(address appId)",
   "function stopApp(address appId)",
   "function terminateApp(address appId)"
 ]);
 function encodeStartAppData(appId) {
-  return (0, import_viem9.encodeFunctionData)({
+  return (0, import_viem6.encodeFunctionData)({
     abi: CONTROLLER_ABI,
     functionName: "startApp",
     args: [appId]
   });
 }
 function encodeStopAppData(appId) {
-  return (0, import_viem9.encodeFunctionData)({
+  return (0, import_viem6.encodeFunctionData)({
     abi: CONTROLLER_ABI,
     functionName: "stopApp",
     args: [appId]
   });
 }
 function encodeTerminateAppData(appId) {
-  return (0, import_viem9.encodeFunctionData)({
+  return (0, import_viem6.encodeFunctionData)({
     abi: CONTROLLER_ABI,
     functionName: "terminateApp",
     args: [appId]
   });
 }
 function createAppModule(ctx) {
-  const privateKey = addHexPrefix(ctx.privateKey);
+  const { walletClient, publicClient } = ctx;
   const skipTelemetry = ctx.skipTelemetry || false;
+  if (!walletClient.account) {
+    throw new Error("WalletClient must have an account attached");
+  }
+  const account = walletClient.account;
   const environment = getEnvironmentConfig(ctx.environment);
   const logger = getLogger(ctx.verbose);
   return {
@@ -6648,8 +6709,8 @@ function createAppModule(ctx) {
     async deploy(opts) {
       const result = await deploy(
         {
-          privateKey,
-          rpcUrl: ctx.rpcUrl,
+          walletClient,
+          publicClient,
           environment: ctx.environment,
           appName: opts.name,
           instanceType: opts.instanceType,
@@ -6673,8 +6734,8 @@ function createAppModule(ctx) {
       const result = await upgrade(
         {
           appId,
-          privateKey,
-          rpcUrl: ctx.rpcUrl,
+          walletClient,
+          publicClient,
           environment: ctx.environment,
           instanceType: opts.instanceType,
           dockerfilePath: opts.dockerfile,
@@ -6695,8 +6756,8 @@ function createAppModule(ctx) {
     async prepareDeploy(opts) {
       return prepareDeploy(
         {
-          privateKey,
-          rpcUrl: ctx.rpcUrl,
+          walletClient,
+          publicClient,
           environment: ctx.environment,
           appName: opts.name,
           instanceType: opts.instanceType,
@@ -6713,8 +6774,8 @@ function createAppModule(ctx) {
     async prepareDeployFromVerifiableBuild(opts) {
       return prepareDeployFromVerifiableBuild(
         {
-          privateKey,
-          rpcUrl: ctx.rpcUrl,
+          walletClient,
+          publicClient,
           environment: ctx.environment,
           appName: opts.name,
           instanceType: opts.instanceType,
@@ -6729,17 +6790,6 @@ function createAppModule(ctx) {
       );
     },
     async executeDeploy(prepared, gas) {
-      const account = (0, import_accounts5.privateKeyToAccount)(privateKey);
-      const chain = getChainFromID(environment.chainID);
-      const publicClient = (0, import_viem9.createPublicClient)({
-        chain,
-        transport: (0, import_viem9.http)(ctx.rpcUrl)
-      });
-      const walletClient = (0, import_viem9.createWalletClient)({
-        account,
-        chain,
-        transport: (0, import_viem9.http)(ctx.rpcUrl)
-      });
       const result = await executeDeploy({
         prepared,
         context: {
@@ -6761,11 +6811,10 @@ function createAppModule(ctx) {
     async watchDeployment(appId) {
       return watchDeployment(
         appId,
-        privateKey,
-        ctx.rpcUrl,
-        ctx.environment,
+        walletClient,
+        publicClient,
+        environment,
         logger,
-        ctx.clientId,
         skipTelemetry
       );
     },
@@ -6774,8 +6823,8 @@ function createAppModule(ctx) {
       return prepareUpgrade(
         {
           appId,
-          privateKey,
-          rpcUrl: ctx.rpcUrl,
+          walletClient,
+          publicClient,
           environment: ctx.environment,
           instanceType: opts.instanceType,
           dockerfilePath: opts.dockerfile,
@@ -6792,8 +6841,8 @@ function createAppModule(ctx) {
       return prepareUpgradeFromVerifiableBuild(
         {
           appId,
-          privateKey,
-          rpcUrl: ctx.rpcUrl,
+          walletClient,
+          publicClient,
           environment: ctx.environment,
           instanceType: opts.instanceType,
           envFilePath: opts.envFile,
@@ -6807,17 +6856,6 @@ function createAppModule(ctx) {
       );
     },
     async executeUpgrade(prepared, gas) {
-      const account = (0, import_accounts5.privateKeyToAccount)(privateKey);
-      const chain = getChainFromID(environment.chainID);
-      const publicClient = (0, import_viem9.createPublicClient)({
-        chain,
-        transport: (0, import_viem9.http)(ctx.rpcUrl)
-      });
-      const walletClient = (0, import_viem9.createWalletClient)({
-        account,
-        chain,
-        transport: (0, import_viem9.http)(ctx.rpcUrl)
-      });
       const result = await executeUpgrade({
         prepared,
         context: {
@@ -6836,15 +6874,7 @@ function createAppModule(ctx) {
       };
     },
     async watchUpgrade(appId) {
-      return watchUpgrade(
-        appId,
-        privateKey,
-        ctx.rpcUrl,
-        ctx.environment,
-        logger,
-        ctx.clientId,
-        skipTelemetry
-      );
+      return watchUpgrade(appId, walletClient, publicClient, environment, logger, skipTelemetry);
     },
     // Profile management
     async setProfile(appId, profile) {
@@ -6857,33 +6887,32 @@ function createAppModule(ctx) {
         async () => {
           const userApiClient = new UserApiClient(
             environment,
-            privateKey,
-            ctx.rpcUrl,
-            ctx.clientId
-          );
-          return userApiClient.uploadAppProfile(
-            appId,
-            profile.name,
-            profile.website,
-            profile.description,
-            profile.xURL,
-            profile.imagePath
+            walletClient,
+            publicClient,
+            ctx.clientId ? { clientId: ctx.clientId } : void 0
           );
+          return userApiClient.uploadAppProfile(appId, profile.name, {
+            website: profile.website,
+            description: profile.description,
+            xURL: profile.xURL,
+            image: profile.image,
+            imageName: profile.imageName
+          });
         }
       );
     },
     async logs(opts) {
       return logs(
         {
-          privateKey,
           appID: opts.appID,
           watch: opts.watch,
-          environment: ctx.environment,
           clientId: ctx.clientId
         },
+        walletClient,
+        publicClient,
+        environment,
         logger,
         skipTelemetry
-        // Skip if called from CLI
       );
     },
     async start(appId, opts) {
@@ -6896,15 +6925,15 @@ function createAppModule(ctx) {
         },
         async () => {
           const pendingMessage = `Starting app ${appId}...`;
-          const data = (0, import_viem9.encodeFunctionData)({
+          const data = (0, import_viem6.encodeFunctionData)({
             abi: CONTROLLER_ABI,
             functionName: "startApp",
             args: [appId]
           });
           const tx = await sendAndWaitForTransaction(
             {
-              privateKey,
-              rpcUrl: ctx.rpcUrl,
+              walletClient,
+              publicClient,
               environmentConfig: environment,
               to: environment.appControllerAddress,
               data,
@@ -6928,15 +6957,15 @@ function createAppModule(ctx) {
         },
         async () => {
           const pendingMessage = `Stopping app ${appId}...`;
-          const data = (0, import_viem9.encodeFunctionData)({
+          const data = (0, import_viem6.encodeFunctionData)({
             abi: CONTROLLER_ABI,
             functionName: "stopApp",
             args: [appId]
           });
           const tx = await sendAndWaitForTransaction(
             {
-              privateKey,
-              rpcUrl: ctx.rpcUrl,
+              walletClient,
+              publicClient,
               environmentConfig: environment,
               to: environment.appControllerAddress,
               data,
@@ -6960,15 +6989,15 @@ function createAppModule(ctx) {
         },
         async () => {
           const pendingMessage = `Terminating app ${appId}...`;
-          const data = (0, import_viem9.encodeFunctionData)({
+          const data = (0, import_viem6.encodeFunctionData)({
             abi: CONTROLLER_ABI,
             functionName: "terminateApp",
             args: [appId]
           });
           const tx = await sendAndWaitForTransaction(
             {
-              privateKey,
-              rpcUrl: ctx.rpcUrl,
+              walletClient,
+              publicClient,
               environmentConfig: environment,
               to: environment.appControllerAddress,
               data,
@@ -6984,9 +7013,9 @@ function createAppModule(ctx) {
     },
     async isDelegated() {
       return isDelegated({
-        privateKey,
-        rpcUrl: ctx.rpcUrl,
-        environmentConfig: environment
+        publicClient,
+        environmentConfig: environment,
+        address: account.address
       });
     },
     async undelegate() {
@@ -7000,8 +7029,8 @@ function createAppModule(ctx) {
         async () => {
           const tx = await undelegate(
             {
-              privateKey,
-              rpcUrl: ctx.rpcUrl,
+              walletClient,
+              publicClient,
               environmentConfig: environment
             },
             logger