@layr-labs/ecloud-sdk 0.2.0 → 0.2.2-dev

package/dist/index.cjs

@@ -33,6 +33,7 @@ __export(index_exports, {
   AuthRequiredError: () => AuthRequiredError,
   BUILD_STATUS: () => BUILD_STATUS,
   BadRequestError: () => BadRequestError,
+  BillingApiClient: () => BillingApiClient,
   BuildError: () => BuildError,
   BuildFailedError: () => BuildFailedError,
   ConflictError: () => ConflictError,
@@ -41,6 +42,7 @@ __export(index_exports, {
   NotFoundError: () => NotFoundError,
   PRIMARY_LANGUAGES: () => PRIMARY_LANGUAGES,
   PostHogClient: () => PostHogClient,
+  SessionError: () => SessionError,
   TimeoutError: () => TimeoutError,
   UserApiClient: () => UserApiClient,
   addHexPrefix: () => addHexPrefix,
@@ -57,7 +59,9 @@ __export(index_exports, {
   createComputeModule: () => createComputeModule,
   createECloudClient: () => createECloudClient,
   createMetricsContext: () => createMetricsContext,
+  createSiweMessage: () => createSiweMessage,
   createTelemetryClient: () => createTelemetryClient,
+  createViemClients: () => createClients,
   deleteLegacyPrivateKey: () => deleteLegacyPrivateKey,
   deletePrivateKey: () => deletePrivateKey,
   emitMetrics: () => emitMetrics,
@@ -72,14 +76,18 @@ __export(index_exports, {
   fetchTemplateCatalog: () => fetchTemplateCatalog,
   formatETH: () => formatETH,
   generateNewPrivateKey: () => generateNewPrivateKey,
+  generateNonce: () => generateNonce,
   getAddressFromPrivateKey: () => getAddressFromPrivateKey,
   getAllAppsByDeveloper: () => getAllAppsByDeveloper,
   getAppLatestReleaseBlockNumbers: () => getAppLatestReleaseBlockNumbers,
   getAvailableEnvironments: () => getAvailableEnvironments,
   getAvailableTemplates: () => getAvailableTemplates,
+  getBillingEnvironmentConfig: () => getBillingEnvironmentConfig,
   getBlockTimestamps: () => getBlockTimestamps,
   getBuildType: () => getBuildType,
   getCategoryDescriptions: () => getCategoryDescriptions,
+  getChainFromID: () => getChainFromID,
+  getComputeApiSession: () => getComputeApiSession,
   getCurrentInstanceType: () => getCurrentInstanceType,
   getEnvironmentConfig: () => getEnvironmentConfig,
   getLegacyKeys: () => getLegacyKeys,
@@ -92,10 +100,17 @@ __export(index_exports, {
   isEnvironmentAvailable: () => isEnvironmentAvailable,
   isMainnet: () => isMainnet,
   isNoopClient: () => isNoopClient,
+  isSessionValid: () => isSessionValid,
+  isSiweMessageExpired: () => isSiweMessageExpired,
+  isSiweMessageNotYetValid: () => isSiweMessageNotYetValid,
   isSubscriptionActive: () => isSubscriptionActive,
   keyExists: () => keyExists,
   listStoredKeys: () => listStoredKeys,
+  loginToComputeApi: () => loginToComputeApi,
+  logoutFromComputeApi: () => logoutFromComputeApi,
   logs: () => logs,
+  noopLogger: () => noopLogger,
+  parseSiweMessage: () => parseSiweMessage,
   prepareDeploy: () => prepareDeploy,
   prepareDeployFromVerifiableBuild: () => prepareDeployFromVerifiableBuild,
   prepareUpgrade: () => prepareUpgrade,
@@ -117,7 +132,7 @@ __export(index_exports, {
   validateInstanceTypeSKU: () => validateInstanceTypeSKU,
   validateLogVisibility: () => validateLogVisibility,
   validateLogsParams: () => validateLogsParams,
-  validatePrivateKey: () => validatePrivateKey2,
+  validatePrivateKey: () => validatePrivateKey,
   validatePrivateKeyFormat: () => validatePrivateKeyFormat,
   validateResourceUsageMonitoring: () => validateResourceUsageMonitoring,
   validateURL: () => validateURL,
@@ -130,118 +145,7 @@ __export(index_exports, {
 module.exports = __toCommonJS(index_exports);
 
 // src/client/modules/compute/app/index.ts
-var import_viem9 = require("viem");
-var import_accounts5 = require("viem/accounts");
-
-// src/client/common/config/environment.ts
-var SEPOLIA_CHAIN_ID = 11155111;
-var MAINNET_CHAIN_ID = 1;
-var CommonAddresses = {
-  ERC7702Delegator: "0x63c0c19a282a1b52b07dd5a65b58948a07dae32b"
-};
-var ChainAddresses = {
-  [MAINNET_CHAIN_ID]: {
-    PermissionController: "0x25E5F8B1E7aDf44518d35D5B2271f114e081f0E5"
-  },
-  [SEPOLIA_CHAIN_ID]: {
-    PermissionController: "0x44632dfBdCb6D3E21EF613B0ca8A6A0c618F5a37"
-  }
-};
-var BILLING_ENVIRONMENTS = {
-  dev: {
-    billingApiServerURL: "https://billingapi-dev.eigencloud.xyz"
-  },
-  prod: {
-    billingApiServerURL: "https://billingapi.eigencloud.xyz"
-  }
-};
-var ENVIRONMENTS = {
-  "sepolia-dev": {
-    name: "sepolia",
-    build: "dev",
-    appControllerAddress: "0xa86DC1C47cb2518327fB4f9A1627F51966c83B92",
-    permissionControllerAddress: ChainAddresses[SEPOLIA_CHAIN_ID].PermissionController,
-    erc7702DelegatorAddress: CommonAddresses.ERC7702Delegator,
-    kmsServerURL: "http://10.128.0.57:8080",
-    userApiServerURL: "https://userapi-compute-sepolia-dev.eigencloud.xyz",
-    defaultRPCURL: "https://ethereum-sepolia-rpc.publicnode.com"
-  },
-  sepolia: {
-    name: "sepolia",
-    build: "prod",
-    appControllerAddress: "0x0dd810a6ffba6a9820a10d97b659f07d8d23d4E2",
-    permissionControllerAddress: ChainAddresses[SEPOLIA_CHAIN_ID].PermissionController,
-    erc7702DelegatorAddress: CommonAddresses.ERC7702Delegator,
-    kmsServerURL: "http://10.128.15.203:8080",
-    userApiServerURL: "https://userapi-compute-sepolia-prod.eigencloud.xyz",
-    defaultRPCURL: "https://ethereum-sepolia-rpc.publicnode.com"
-  },
-  "mainnet-alpha": {
-    name: "mainnet-alpha",
-    build: "prod",
-    appControllerAddress: "0xc38d35Fc995e75342A21CBd6D770305b142Fbe67",
-    permissionControllerAddress: ChainAddresses[MAINNET_CHAIN_ID].PermissionController,
-    erc7702DelegatorAddress: CommonAddresses.ERC7702Delegator,
-    kmsServerURL: "http://10.128.0.2:8080",
-    userApiServerURL: "https://userapi-compute.eigencloud.xyz",
-    defaultRPCURL: "https://ethereum-rpc.publicnode.com"
-  }
-};
-var CHAIN_ID_TO_ENVIRONMENT = {
-  [SEPOLIA_CHAIN_ID.toString()]: "sepolia",
-  [MAINNET_CHAIN_ID.toString()]: "mainnet-alpha"
-};
-function getEnvironmentConfig(environment, chainID) {
-  const env = ENVIRONMENTS[environment];
-  if (!env) {
-    throw new Error(`Unknown environment: ${environment}`);
-  }
-  if (!isEnvironmentAvailable(environment)) {
-    throw new Error(
-      `Environment ${environment} is not available in this build type. Available environments: ${getAvailableEnvironments().join(", ")}`
-    );
-  }
-  if (chainID) {
-    const expectedEnv = CHAIN_ID_TO_ENVIRONMENT[chainID.toString()];
-    if (expectedEnv && expectedEnv !== environment) {
-      throw new Error(`Environment ${environment} does not match chain ID ${chainID}`);
-    }
-  }
-  const resolvedChainID = chainID || (environment === "sepolia" || environment === "sepolia-dev" ? SEPOLIA_CHAIN_ID : MAINNET_CHAIN_ID);
-  return {
-    ...env,
-    chainID: BigInt(resolvedChainID)
-  };
-}
-function getBillingEnvironmentConfig(build) {
-  const config = BILLING_ENVIRONMENTS[build];
-  if (!config) {
-    throw new Error(`Unknown billing environment: ${build}`);
-  }
-  return config;
-}
-function getBuildType() {
-  const buildTimeType = true ? "prod"?.toLowerCase() : void 0;
-  const runtimeType = process.env.BUILD_TYPE?.toLowerCase();
-  const buildType = buildTimeType || runtimeType;
-  if (buildType === "dev") {
-    return "dev";
-  }
-  return "prod";
-}
-function getAvailableEnvironments() {
-  const buildType = getBuildType();
-  if (buildType === "dev") {
-    return ["sepolia-dev"];
-  }
-  return ["sepolia", "mainnet-alpha"];
-}
-function isEnvironmentAvailable(environment) {
-  return getAvailableEnvironments().includes(environment);
-}
-function isMainnet(environmentConfig) {
-  return environmentConfig.chainID === BigInt(MAINNET_CHAIN_ID);
-}
+var import_viem6 = require("viem");
 
 // src/client/common/docker/build.ts
 var child_process = __toESM(require("child_process"), 1);
@@ -1341,12 +1245,21 @@ function extractRegistryNameNoDocker(imageRef) {
   return name;
 }
 
-// src/client/common/contract/caller.ts
-var import_accounts2 = require("viem/accounts");
-
 // src/client/common/contract/eip7702.ts
 var import_viem = require("viem");
 
+// src/client/common/types/index.ts
+var noopLogger = {
+  debug: () => {
+  },
+  info: () => {
+  },
+  warn: () => {
+  },
+  error: () => {
+  }
+};
+
 // src/client/common/abis/ERC7702Delegator.json
 var ERC7702Delegator_default = [
   {
@@ -2432,7 +2345,7 @@ async function checkERC7702Delegation(publicClient, account, delegatorAddress) {
   const expectedCode = `0xef0100${delegatorAddress.slice(2)}`;
   return code.toLowerCase() === expectedCode.toLowerCase();
 }
-async function executeBatch(options, logger) {
+async function executeBatch(options, logger = noopLogger) {
   const { walletClient, publicClient, environmentConfig, executions, pendingMessage, gas } = options;
   const account = walletClient.account;
   if (!account) {
@@ -2456,11 +2369,12 @@ async function executeBatch(options, logger) {
     });
     const chainId = await publicClient.getChainId();
     const authorizationNonce = transactionNonce + 1;
+    logger.debug("Using wallet client signing for EIP-7702 authorization");
     const signedAuthorization = await walletClient.signAuthorization({
-      account,
+      account: account.address,
       contractAddress: environmentConfig.erc7702DelegatorAddress,
-      chainId: Number(chainId),
-      nonce: authorizationNonce
+      chainId,
+      nonce: Number(authorizationNonce)
     });
     authorizationList = [signedAuthorization];
   }
@@ -2515,78 +2429,31 @@ async function executeBatch(options, logger) {
 }
 
 // src/client/common/contract/caller.ts
-var import_viem5 = require("viem");
-var import_utils = require("viem/utils");
-var import_accounts3 = require("viem/accounts");
-
-// src/client/common/utils/logger.ts
-var defaultLogger = {
-  info: (...args) => console.info(...args),
-  warn: (...args) => console.warn(...args),
-  error: (...args) => console.error(...args),
-  debug: (...args) => console.debug(...args)
-};
-var getLogger = (verbose) => ({
-  info: (...args) => console.info(...args),
-  warn: (...args) => console.warn(...args),
-  error: (...args) => console.error(...args),
-  debug: (...args) => verbose && console.debug(...args)
-});
-
-// src/client/common/utils/userapi.ts
-var import_axios = __toESM(require("axios"), 1);
-var import_form_data = __toESM(require("form-data"), 1);
-var import_viem4 = require("viem");
-
-// src/client/common/utils/auth.ts
-var import_viem2 = require("viem");
-var APP_CONTROLLER_ABI = (0, import_viem2.parseAbi)([
-  "function calculateApiPermissionDigestHash(bytes4 permission, uint256 expiry) view returns (bytes32)"
-]);
-async function calculatePermissionSignature(options) {
-  const { permission, expiry, appControllerAddress, publicClient, account } = options;
-  const digest = await publicClient.readContract({
-    address: appControllerAddress,
-    abi: APP_CONTROLLER_ABI,
-    functionName: "calculateApiPermissionDigestHash",
-    args: [permission, expiry]
-  });
-  const signature = await account.signMessage({
-    message: { raw: digest }
-  });
-  return { signature, digest };
-}
-async function calculateBillingAuthSignature(options) {
-  const { account, product, expiry } = options;
-  const signature = await account.signTypedData({
-    domain: {
-      name: "EigenCloud Billing API",
-      version: "1"
-    },
-    types: {
-      BillingAuth: [
-        { name: "product", type: "string" },
-        { name: "expiry", type: "uint256" }
-      ]
-    },
-    primaryType: "BillingAuth",
-    message: {
-      product,
-      expiry
-    }
-  });
-  return { signature, expiry };
-}
-
-// src/client/common/utils/userapi.ts
-var import_accounts = require("viem/accounts");
+var import_viem3 = require("viem");
 
 // src/client/common/utils/helpers.ts
-var import_viem3 = require("viem");
+var import_viem2 = require("viem");
 var import_chains2 = require("viem/chains");
+var import_accounts = require("viem/accounts");
 function getChainFromID(chainID, fallback = import_chains2.sepolia) {
   const id = Number(chainID);
-  return (0, import_viem3.extractChain)({ chains: SUPPORTED_CHAINS, id }) || fallback;
+  return (0, import_viem2.extractChain)({ chains: SUPPORTED_CHAINS, id }) || fallback;
+}
+function createClients(options) {
+  const { privateKey, rpcUrl, chainId } = options;
+  const privateKeyHex = addHexPrefix(privateKey);
+  const account = (0, import_accounts.privateKeyToAccount)(privateKeyHex);
+  const chain = getChainFromID(chainId);
+  const publicClient = (0, import_viem2.createPublicClient)({
+    chain,
+    transport: (0, import_viem2.http)(rpcUrl)
+  });
+  const walletClient = (0, import_viem2.createWalletClient)({
+    account,
+    chain,
+    transport: (0, import_viem2.http)(rpcUrl)
+  });
+  return { walletClient, publicClient };
 }
 function addHexPrefix(value) {
   return value.startsWith("0x") ? value : `0x${value}`;
@@ -2595,302 +2462,6 @@ function stripHexPrefix(value) {
   return value.startsWith("0x") ? value.slice(2) : value;
 }
 
-// src/client/common/utils/userapi.ts
-function isJsonObject(value) {
-  return typeof value === "object" && value !== null && !Array.isArray(value);
-}
-function readString(obj, key) {
-  const v = obj[key];
-  return typeof v === "string" ? v : void 0;
-}
-function readNumber(obj, key) {
-  const v = obj[key];
-  return typeof v === "number" && Number.isFinite(v) ? v : void 0;
-}
-var MAX_ADDRESS_COUNT = 5;
-var CanViewAppLogsPermission = "0x2fd3f2fe";
-var CanViewSensitiveAppInfoPermission = "0x0e67b22f";
-var CanUpdateAppProfilePermission = "0x036fef61";
-function getDefaultClientId() {
-  const version = true ? "0.2.0" : "0.0.0";
-  return `ecloud-sdk/v${version}`;
-}
-var UserApiClient = class {
-  constructor(config, privateKey, rpcUrl, clientId) {
-    this.config = config;
-    if (privateKey) {
-      const privateKeyHex = addHexPrefix(privateKey);
-      this.account = (0, import_accounts.privateKeyToAccount)(privateKeyHex);
-    }
-    this.rpcUrl = rpcUrl;
-    this.clientId = clientId || getDefaultClientId();
-  }
-  async getInfos(appIDs, addressCount = 1) {
-    const count = Math.min(addressCount, MAX_ADDRESS_COUNT);
-    const endpoint = `${this.config.userApiServerURL}/info`;
-    const url = `${endpoint}?${new URLSearchParams({ apps: appIDs.join(",") })}`;
-    const res = await this.makeAuthenticatedRequest(url, CanViewSensitiveAppInfoPermission);
-    const result = await res.json();
-    return result.apps.map((app, i) => {
-      const evmAddresses = app.addresses?.data?.evmAddresses?.slice(0, count) || [];
-      const solanaAddresses = app.addresses?.data?.solanaAddresses?.slice(0, count) || [];
-      return {
-        address: appIDs[i],
-        status: app.app_status,
-        ip: app.ip,
-        machineType: app.machine_type,
-        profile: app.profile,
-        metrics: app.metrics,
-        evmAddresses,
-        solanaAddresses
-      };
-    });
-  }
-  /**
-   * Get app details from UserAPI (includes releases and build/provenance info when available).
-   *
-   * Endpoint: GET /apps/:appAddress
-   */
-  async getApp(appAddress) {
-    const endpoint = `${this.config.userApiServerURL}/apps/${appAddress}`;
-    const res = await this.makeAuthenticatedRequest(endpoint);
-    const raw = await res.json();
-    if (!isJsonObject(raw)) {
-      throw new Error("Unexpected /apps/:id response: expected object");
-    }
-    const id = readString(raw, "id");
-    if (!id) {
-      throw new Error("Unexpected /apps/:id response: missing 'id'");
-    }
-    const releasesRaw = raw.releases;
-    const releases = Array.isArray(releasesRaw) ? releasesRaw.map((r) => transformAppRelease(r)).filter((r) => !!r) : [];
-    return {
-      id,
-      creator: readString(raw, "creator"),
-      contractStatus: readString(raw, "contract_status") ?? readString(raw, "contractStatus"),
-      releases
-    };
-  }
-  /**
-   * Get available SKUs (instance types) from UserAPI
-   */
-  async getSKUs() {
-    const endpoint = `${this.config.userApiServerURL}/skus`;
-    const response = await this.makeAuthenticatedRequest(endpoint);
-    const result = await response.json();
-    return {
-      skus: result.skus || result.SKUs || []
-    };
-  }
-  /**
-   * Get logs for an app
-   */
-  async getLogs(appID) {
-    const endpoint = `${this.config.userApiServerURL}/logs/${appID}`;
-    const response = await this.makeAuthenticatedRequest(endpoint, CanViewAppLogsPermission);
-    return await response.text();
-  }
-  /**
-   * Get statuses for apps
-   */
-  async getStatuses(appIDs) {
-    const endpoint = `${this.config.userApiServerURL}/status`;
-    const url = `${endpoint}?${new URLSearchParams({ apps: appIDs.join(",") })}`;
-    const response = await this.makeAuthenticatedRequest(url);
-    const result = await response.json();
-    const apps = result.apps || result.Apps || [];
-    return apps.map((app, i) => ({
-      address: app.address || appIDs[i],
-      status: app.status || app.Status || ""
-    }));
-  }
-  /**
-   * Upload app profile information with optional image
-   */
-  async uploadAppProfile(appAddress, name, website, description, xURL, imagePath) {
-    const endpoint = `${this.config.userApiServerURL}/apps/${appAddress}/profile`;
-    const formData = new import_form_data.default();
-    formData.append("name", name);
-    if (website) {
-      formData.append("website", website);
-    }
-    if (description) {
-      formData.append("description", description);
-    }
-    if (xURL) {
-      formData.append("xURL", xURL);
-    }
-    if (imagePath) {
-      const fs8 = await import("fs");
-      const path8 = await import("path");
-      const fileName = path8.basename(imagePath);
-      const fileBuffer = fs8.readFileSync(imagePath);
-      formData.append("image", fileBuffer, fileName);
-    }
-    const headers = {
-      "x-client-id": this.clientId,
-      ...formData.getHeaders()
-    };
-    if (this.account) {
-      const expiry = BigInt(Math.floor(Date.now() / 1e3) + 5 * 60);
-      const authHeaders = await this.generateAuthHeaders(CanUpdateAppProfilePermission, expiry);
-      Object.assign(headers, authHeaders);
-    }
-    try {
-      const response = await import_axios.default.post(endpoint, formData, {
-        headers,
-        maxRedirects: 0,
-        validateStatus: () => true,
-        // Don't throw on any status
-        maxContentLength: Infinity,
-        // Allow large file uploads
-        maxBodyLength: Infinity
-        // Allow large file uploads
-      });
-      const status = response.status;
-      if (status !== 200 && status !== 201) {
-        const body = typeof response.data === "string" ? response.data : JSON.stringify(response.data);
-        if (status === 403 && body.includes("Cloudflare") && body.includes("challenge-platform")) {
-          throw new Error(
-            `Cloudflare protection is blocking the request. This is likely due to bot detection.
-Status: ${status}`
-          );
-        }
-        throw new Error(
-          `UserAPI request failed: ${status} ${status >= 200 && status < 300 ? "OK" : "Error"} - ${body.substring(0, 500)}${body.length > 500 ? "..." : ""}`
-        );
-      }
-      return response.data;
-    } catch (error) {
-      if (error.message?.includes("fetch failed") || error.message?.includes("ECONNREFUSED") || error.message?.includes("ENOTFOUND") || error.cause) {
-        const cause = error.cause?.message || error.cause || error.message;
-        throw new Error(
-          `Failed to connect to UserAPI at ${endpoint}: ${cause}
-Please check:
-1. Your internet connection
-2. The API server is accessible: ${this.config.userApiServerURL}
-3. Firewall/proxy settings`
-        );
-      }
-      throw error;
-    }
-  }
-  async makeAuthenticatedRequest(url, permission) {
-    const headers = {
-      "x-client-id": this.clientId
-    };
-    if (permission && this.account) {
-      const expiry = BigInt(Math.floor(Date.now() / 1e3) + 5 * 60);
-      const authHeaders = await this.generateAuthHeaders(permission, expiry);
-      Object.assign(headers, authHeaders);
-    }
-    try {
-      const response = await import_axios.default.get(url, {
-        headers,
-        maxRedirects: 0,
-        validateStatus: () => true
-        // Don't throw on any status
-      });
-      const status = response.status;
-      const statusText = status >= 200 && status < 300 ? "OK" : "Error";
-      if (status < 200 || status >= 300) {
-        const body = typeof response.data === "string" ? response.data : JSON.stringify(response.data);
-        throw new Error(`UserAPI request failed: ${status} ${statusText} - ${body}`);
-      }
-      return {
-        json: async () => response.data,
-        text: async () => typeof response.data === "string" ? response.data : JSON.stringify(response.data)
-      };
-    } catch (error) {
-      if (error.message?.includes("fetch failed") || error.message?.includes("ECONNREFUSED") || error.message?.includes("ENOTFOUND") || error.cause) {
-        const cause = error.cause?.message || error.cause || error.message;
-        throw new Error(
-          `Failed to connect to UserAPI at ${url}: ${cause}
-Please check:
-1. Your internet connection
-2. The API server is accessible: ${this.config.userApiServerURL}
-3. Firewall/proxy settings`
-        );
-      }
-      throw error;
-    }
-  }
-  /**
-   * Generate authentication headers for UserAPI requests
-   */
-  async generateAuthHeaders(permission, expiry) {
-    if (!this.account) {
-      throw new Error("Private key required for authenticated requests");
-    }
-    if (!this.rpcUrl) {
-      throw new Error("RPC URL required for authenticated requests");
-    }
-    const chain = getChainFromID(this.config.chainID);
-    const publicClient = (0, import_viem4.createPublicClient)({
-      chain,
-      transport: (0, import_viem4.http)(this.rpcUrl)
-    });
-    const { signature } = await calculatePermissionSignature({
-      permission,
-      expiry,
-      appControllerAddress: this.config.appControllerAddress,
-      publicClient,
-      account: this.account
-    });
-    return {
-      Authorization: `Bearer ${stripHexPrefix(signature)}`,
-      "X-eigenx-expiry": expiry.toString()
-    };
-  }
-};
-function transformAppReleaseBuild(raw) {
-  if (!isJsonObject(raw)) return void 0;
-  const depsRaw = raw.dependencies;
-  const deps = isJsonObject(depsRaw) ? Object.fromEntries(
-    Object.entries(depsRaw).flatMap(([digest, depRaw]) => {
-      const parsed = transformAppReleaseBuild(depRaw);
-      return parsed ? [[digest, parsed]] : [];
-    })
-  ) : void 0;
-  return {
-    buildId: readString(raw, "build_id") ?? readString(raw, "buildId"),
-    billingAddress: readString(raw, "billing_address") ?? readString(raw, "billingAddress"),
-    repoUrl: readString(raw, "repo_url") ?? readString(raw, "repoUrl"),
-    gitRef: readString(raw, "git_ref") ?? readString(raw, "gitRef"),
-    status: readString(raw, "status"),
-    buildType: readString(raw, "build_type") ?? readString(raw, "buildType"),
-    imageName: readString(raw, "image_name") ?? readString(raw, "imageName"),
-    imageDigest: readString(raw, "image_digest") ?? readString(raw, "imageDigest"),
-    imageUrl: readString(raw, "image_url") ?? readString(raw, "imageUrl"),
-    provenanceJson: raw.provenance_json ?? raw.provenanceJson,
-    provenanceSignature: readString(raw, "provenance_signature") ?? readString(raw, "provenanceSignature"),
-    createdAt: readString(raw, "created_at") ?? readString(raw, "createdAt"),
-    updatedAt: readString(raw, "updated_at") ?? readString(raw, "updatedAt"),
-    errorMessage: readString(raw, "error_message") ?? readString(raw, "errorMessage"),
-    dependencies: deps
-  };
-}
-function transformAppRelease(raw) {
-  if (!isJsonObject(raw)) return void 0;
-  return {
-    appId: readString(raw, "appId") ?? readString(raw, "app_id"),
-    rmsReleaseId: readString(raw, "rmsReleaseId") ?? readString(raw, "rms_release_id"),
-    imageDigest: readString(raw, "imageDigest") ?? readString(raw, "image_digest"),
-    registryUrl: readString(raw, "registryUrl") ?? readString(raw, "registry_url"),
-    publicEnv: readString(raw, "publicEnv") ?? readString(raw, "public_env"),
-    encryptedEnv: readString(raw, "encryptedEnv") ?? readString(raw, "encrypted_env"),
-    upgradeByTime: readNumber(raw, "upgradeByTime") ?? readNumber(raw, "upgrade_by_time"),
-    createdAt: readString(raw, "createdAt") ?? readString(raw, "created_at"),
-    createdAtBlock: readString(raw, "createdAtBlock") ?? readString(raw, "created_at_block"),
-    build: raw.build ? transformAppReleaseBuild(raw.build) : void 0
-  };
-}
-
-// src/client/common/utils/billing.ts
-function isSubscriptionActive(status) {
-  return status === "active" || status === "trialing";
-}
-
 // src/client/common/abis/AppController.json
 var AppController_default = [
   {
@@ -4446,17 +4017,10 @@ function formatETH(wei) {
   return trimmed;
 }
 async function estimateTransactionGas(options) {
-  const { privateKey, rpcUrl, environmentConfig, to, data, value = 0n } = options;
-  const privateKeyHex = addHexPrefix(privateKey);
-  const account = (0, import_accounts2.privateKeyToAccount)(privateKeyHex);
-  const chain = getChainFromID(environmentConfig.chainID);
-  const publicClient = (0, import_viem5.createPublicClient)({
-    chain,
-    transport: (0, import_viem5.http)(rpcUrl)
-  });
+  const { publicClient, from, to, data, value = 0n } = options;
   const fees = await publicClient.estimateFeesPerGas();
   const gasLimit = await publicClient.estimateGas({
-    account: account.address,
+    account: from,
     to,
     data,
     value
@@ -4473,65 +4037,54 @@ async function estimateTransactionGas(options) {
     maxCostEth
   };
 }
-async function calculateAppID(privateKey, rpcUrl, environmentConfig, salt) {
-  const privateKeyHex = addHexPrefix(privateKey);
-  const account = (0, import_accounts2.privateKeyToAccount)(privateKeyHex);
-  const chain = getChainFromID(environmentConfig.chainID);
-  const publicClient = (0, import_viem5.createPublicClient)({
-    chain,
-    transport: (0, import_viem5.http)(rpcUrl)
-  });
-  const saltHexString = Buffer.from(salt).toString("hex");
+async function calculateAppID(options) {
+  const { publicClient, environmentConfig, ownerAddress, salt } = options;
+  const saltHexString = (0, import_viem3.bytesToHex)(salt).slice(2);
   const paddedSaltHex = saltHexString.padStart(64, "0");
   const saltHex = `0x${paddedSaltHex}`;
-  const accountAddress = typeof account.address === "string" ? account.address : account.address.toString();
   const appID = await publicClient.readContract({
     address: environmentConfig.appControllerAddress,
     abi: AppController_default,
     functionName: "calculateAppId",
-    args: [accountAddress, saltHex]
+    args: [ownerAddress, saltHex]
   });
   return appID;
 }
-async function prepareDeployBatch(options, logger) {
-  const { privateKey, rpcUrl, environmentConfig, salt, release, publicLogs } = options;
-  const privateKeyHex = addHexPrefix(privateKey);
-  const account = (0, import_accounts2.privateKeyToAccount)(privateKeyHex);
-  const chain = getChainFromID(environmentConfig.chainID);
-  const publicClient = (0, import_viem5.createPublicClient)({
-    chain,
-    transport: (0, import_viem5.http)(rpcUrl)
-  });
-  const walletClient = (0, import_viem5.createWalletClient)({
-    account,
-    chain,
-    transport: (0, import_viem5.http)(rpcUrl)
-  });
+async function prepareDeployBatch(options, logger = noopLogger) {
+  const { walletClient, publicClient, environmentConfig, salt, release, publicLogs } = options;
+  const account = walletClient.account;
+  if (!account) {
+    throw new Error("WalletClient must have an account attached");
+  }
   logger.info("Calculating app ID...");
-  const appId = await calculateAppID(privateKeyHex, rpcUrl, environmentConfig, salt);
-  logger.info(`App ID: ${appId}`);
+  const appId = await calculateAppID({
+    publicClient,
+    environmentConfig,
+    ownerAddress: account.address,
+    salt
+  });
   logger.debug(`App ID calculated: ${appId}`);
   logger.debug(`This address will be used for acceptAdmin call`);
-  const saltHexString = Buffer.from(salt).toString("hex");
+  const saltHexString = (0, import_viem3.bytesToHex)(salt).slice(2);
   const paddedSaltHex = saltHexString.padStart(64, "0");
   const saltHex = `0x${paddedSaltHex}`;
   const releaseForViem = {
     rmsRelease: {
       artifacts: release.rmsRelease.artifacts.map((artifact) => ({
-        digest: `0x${Buffer.from(artifact.digest).toString("hex").padStart(64, "0")}`,
+        digest: `0x${(0, import_viem3.bytesToHex)(artifact.digest).slice(2).padStart(64, "0")}`,
         registry: artifact.registry
       })),
       upgradeByTime: release.rmsRelease.upgradeByTime
     },
-    publicEnv: `0x${Buffer.from(release.publicEnv).toString("hex")}`,
-    encryptedEnv: `0x${Buffer.from(release.encryptedEnv).toString("hex")}`
+    publicEnv: (0, import_viem3.bytesToHex)(release.publicEnv),
+    encryptedEnv: (0, import_viem3.bytesToHex)(release.encryptedEnv)
   };
-  const createData = (0, import_viem5.encodeFunctionData)({
+  const createData = (0, import_viem3.encodeFunctionData)({
     abi: AppController_default,
     functionName: "createApp",
     args: [saltHex, releaseForViem]
   });
-  const acceptAdminData = (0, import_viem5.encodeFunctionData)({
+  const acceptAdminData = (0, import_viem3.encodeFunctionData)({
     abi: PermissionController_default,
     functionName: "acceptAdmin",
     args: [appId]
@@ -4549,7 +4102,7 @@ async function prepareDeployBatch(options, logger) {
     }
   ];
   if (publicLogs) {
-    const anyoneCanViewLogsData = (0, import_viem5.encodeFunctionData)({
+    const anyoneCanViewLogsData = (0, import_viem3.encodeFunctionData)({
       abi: PermissionController_default,
       functionName: "setAppointee",
       args: [
@@ -4577,7 +4130,7 @@ async function prepareDeployBatch(options, logger) {
     environmentConfig
   };
 }
-async function executeDeployBatch(data, context, gas, logger) {
+async function executeDeployBatch(data, context, gas, logger = noopLogger) {
   const pendingMessage = "Deploying new app...";
   const txHash = await executeBatch(
     {
@@ -4592,18 +4145,8 @@ async function executeDeployBatch(data, context, gas, logger) {
   );
   return { appId: data.appId, txHash };
 }
-async function deployApp(options, logger) {
-  const prepared = await prepareDeployBatch(
-    {
-      privateKey: options.privateKey,
-      rpcUrl: options.rpcUrl,
-      environmentConfig: options.environmentConfig,
-      salt: options.salt,
-      release: options.release,
-      publicLogs: options.publicLogs
-    },
-    logger
-  );
+async function deployApp(options, logger = noopLogger) {
+  const prepared = await prepareDeployBatch(options, logger);
   const data = {
     appId: prepared.appId,
     salt: prepared.salt,
@@ -4618,41 +4161,29 @@ async function deployApp(options, logger) {
 }
 async function prepareUpgradeBatch(options) {
   const {
-    privateKey,
-    rpcUrl,
+    walletClient,
+    publicClient,
     environmentConfig,
-    appId,
+    appID,
     release,
     publicLogs,
     needsPermissionChange
   } = options;
-  const privateKeyHex = addHexPrefix(privateKey);
-  const account = (0, import_accounts2.privateKeyToAccount)(privateKeyHex);
-  const chain = getChainFromID(environmentConfig.chainID);
-  const publicClient = (0, import_viem5.createPublicClient)({
-    chain,
-    transport: (0, import_viem5.http)(rpcUrl)
-  });
-  const walletClient = (0, import_viem5.createWalletClient)({
-    account,
-    chain,
-    transport: (0, import_viem5.http)(rpcUrl)
-  });
   const releaseForViem = {
     rmsRelease: {
       artifacts: release.rmsRelease.artifacts.map((artifact) => ({
-        digest: `0x${Buffer.from(artifact.digest).toString("hex").padStart(64, "0")}`,
+        digest: `0x${(0, import_viem3.bytesToHex)(artifact.digest).slice(2).padStart(64, "0")}`,
         registry: artifact.registry
       })),
       upgradeByTime: release.rmsRelease.upgradeByTime
     },
-    publicEnv: `0x${Buffer.from(release.publicEnv).toString("hex")}`,
-    encryptedEnv: `0x${Buffer.from(release.encryptedEnv).toString("hex")}`
+    publicEnv: (0, import_viem3.bytesToHex)(release.publicEnv),
+    encryptedEnv: (0, import_viem3.bytesToHex)(release.encryptedEnv)
   };
-  const upgradeData = (0, import_viem5.encodeFunctionData)({
+  const upgradeData = (0, import_viem3.encodeFunctionData)({
     abi: AppController_default,
     functionName: "upgradeApp",
-    args: [appId, releaseForViem]
+    args: [appID, releaseForViem]
   });
   const executions = [
     {
@@ -4663,11 +4194,11 @@ async function prepareUpgradeBatch(options) {
   ];
   if (needsPermissionChange) {
     if (publicLogs) {
-      const addLogsData = (0, import_viem5.encodeFunctionData)({
+      const addLogsData = (0, import_viem3.encodeFunctionData)({
         abi: PermissionController_default,
         functionName: "setAppointee",
         args: [
-          appId,
+          appID,
           "0x493219d9949348178af1f58740655951a8cd110c",
           // AnyoneCanCallAddress
           "0x57ee1fb74c1087e26446abc4fb87fd8f07c43d8d",
@@ -4682,11 +4213,11 @@ async function prepareUpgradeBatch(options) {
         callData: addLogsData
       });
     } else {
-      const removeLogsData = (0, import_viem5.encodeFunctionData)({
+      const removeLogsData = (0, import_viem3.encodeFunctionData)({
         abi: PermissionController_default,
         functionName: "removeAppointee",
         args: [
-          appId,
+          appID,
           "0x493219d9949348178af1f58740655951a8cd110c",
           // AnyoneCanCallAddress
           "0x57ee1fb74c1087e26446abc4fb87fd8f07c43d8d",
@@ -4703,14 +4234,14 @@ async function prepareUpgradeBatch(options) {
     }
   }
   return {
-    appId,
+    appId: appID,
     executions,
     walletClient,
     publicClient,
     environmentConfig
   };
 }
-async function executeUpgradeBatch(data, context, gas, logger) {
+async function executeUpgradeBatch(data, context, gas, logger = noopLogger) {
   const pendingMessage = `Upgrading app ${data.appId}...`;
   const txHash = await executeBatch(
     {
@@ -4725,16 +4256,8 @@ async function executeUpgradeBatch(data, context, gas, logger) {
   );
   return txHash;
 }
-async function upgradeApp(options, logger) {
-  const prepared = await prepareUpgradeBatch({
-    privateKey: options.privateKey,
-    rpcUrl: options.rpcUrl,
-    environmentConfig: options.environmentConfig,
-    appId: options.appId,
-    release: options.release,
-    publicLogs: options.publicLogs,
-    needsPermissionChange: options.needsPermissionChange
-  });
+async function upgradeApp(options, logger = noopLogger) {
+  const prepared = await prepareUpgradeBatch(options);
   const data = {
     appId: prepared.appId,
     executions: prepared.executions
@@ -4746,10 +4269,10 @@ async function upgradeApp(options, logger) {
   };
   return executeUpgradeBatch(data, context, options.gas, logger);
 }
-async function sendAndWaitForTransaction(options, logger) {
+async function sendAndWaitForTransaction(options, logger = noopLogger) {
   const {
-    privateKey,
-    rpcUrl,
+    walletClient,
+    publicClient,
     environmentConfig,
     to,
     data,
@@ -4758,18 +4281,11 @@ async function sendAndWaitForTransaction(options, logger) {
     txDescription,
     gas
   } = options;
-  const privateKeyHex = addHexPrefix(privateKey);
-  const account = (0, import_accounts2.privateKeyToAccount)(privateKeyHex);
+  const account = walletClient.account;
+  if (!account) {
+    throw new Error("WalletClient must have an account attached");
+  }
   const chain = getChainFromID(environmentConfig.chainID);
-  const publicClient = (0, import_viem5.createPublicClient)({
-    chain,
-    transport: (0, import_viem5.http)(rpcUrl)
-  });
-  const walletClient = (0, import_viem5.createWalletClient)({
-    account,
-    chain,
-    transport: (0, import_viem5.http)(rpcUrl)
-  });
   if (pendingMessage) {
     logger.info(`
 ${pendingMessage}`);
@@ -4780,7 +4296,10 @@ ${pendingMessage}`);
     data,
     value,
     ...gas?.maxFeePerGas && { maxFeePerGas: gas.maxFeePerGas },
-    ...gas?.maxPriorityFeePerGas && { maxPriorityFeePerGas: gas.maxPriorityFeePerGas }
+    ...gas?.maxPriorityFeePerGas && {
+      maxPriorityFeePerGas: gas.maxPriorityFeePerGas
+    },
+    chain
   });
   logger.info(`Transaction sent: ${hash}`);
   const receipt = await publicClient.waitForTransactionReceipt({ hash });
@@ -4795,7 +4314,7 @@ ${pendingMessage}`);
     } catch (callError) {
       if (callError.data) {
         try {
-          const decoded = (0, import_viem5.decodeErrorResult)({
+          const decoded = (0, import_viem3.decodeErrorResult)({
             abi: AppController_default,
             data: callError.data
           });
@@ -4846,12 +4365,7 @@ function formatAppControllerError(decoded) {
       return new Error(`contract error: ${errorName}`);
   }
 }
-async function getActiveAppCount(rpcUrl, environmentConfig, user) {
-  const chain = getChainFromID(environmentConfig.chainID);
-  const publicClient = (0, import_viem5.createPublicClient)({
-    chain,
-    transport: (0, import_viem5.http)(rpcUrl)
-  });
+async function getActiveAppCount(publicClient, environmentConfig, user) {
   const count = await publicClient.readContract({
     address: environmentConfig.appControllerAddress,
     abi: AppController_default,
@@ -4860,12 +4374,7 @@ async function getActiveAppCount(rpcUrl, environmentConfig, user) {
   });
   return Number(count);
 }
-async function getMaxActiveAppsPerUser(rpcUrl, environmentConfig, user) {
-  const chain = getChainFromID(environmentConfig.chainID);
-  const publicClient = (0, import_viem5.createPublicClient)({
-    chain,
-    transport: (0, import_viem5.http)(rpcUrl)
-  });
+async function getMaxActiveAppsPerUser(publicClient, environmentConfig, user) {
   const quota = await publicClient.readContract({
     address: environmentConfig.appControllerAddress,
     abi: AppController_default,
@@ -4874,12 +4383,7 @@ async function getMaxActiveAppsPerUser(rpcUrl, environmentConfig, user) {
   });
   return Number(quota);
 }
-async function getAppsByDeveloper(rpcUrl, environmentConfig, developer, offset, limit) {
-  const chain = getChainFromID(environmentConfig.chainID);
-  const publicClient = (0, import_viem5.createPublicClient)({
-    chain,
-    transport: (0, import_viem5.http)(rpcUrl)
-  });
+async function getAppsByDeveloper(publicClient, environmentConfig, developer, offset, limit) {
   const result = await publicClient.readContract({
     address: environmentConfig.appControllerAddress,
     abi: AppController_default,
@@ -4891,12 +4395,18 @@ async function getAppsByDeveloper(rpcUrl, environmentConfig, developer, offset,
     appConfigs: result[1]
   };
 }
-async function getAllAppsByDeveloper(rpcUrl, env, developer, pageSize = 100n) {
+async function getAllAppsByDeveloper(publicClient, env, developer, pageSize = 100n) {
   let offset = 0n;
   const allApps = [];
   const allConfigs = [];
   while (true) {
-    const { apps, appConfigs } = await getAppsByDeveloper(rpcUrl, env, developer, offset, pageSize);
+    const { apps, appConfigs } = await getAppsByDeveloper(
+      publicClient,
+      env,
+      developer,
+      offset,
+      pageSize
+    );
     if (apps.length === 0) break;
     allApps.push(...apps);
     allConfigs.push(...appConfigs);
@@ -4908,12 +4418,7 @@ async function getAllAppsByDeveloper(rpcUrl, env, developer, pageSize = 100n) {
     appConfigs: allConfigs
   };
 }
-async function getAppLatestReleaseBlockNumbers(rpcUrl, environmentConfig, appIDs) {
-  const chain = getChainFromID(environmentConfig.chainID);
-  const publicClient = (0, import_viem5.createPublicClient)({
-    chain,
-    transport: (0, import_viem5.http)(rpcUrl)
-  });
+async function getAppLatestReleaseBlockNumbers(publicClient, environmentConfig, appIDs) {
   const results = await Promise.all(
     appIDs.map(
       (appID) => publicClient.readContract({
@@ -4933,12 +4438,7 @@ async function getAppLatestReleaseBlockNumbers(rpcUrl, environmentConfig, appIDs
   }
   return blockNumbers;
 }
-async function getBlockTimestamps(rpcUrl, environmentConfig, blockNumbers) {
-  const chain = getChainFromID(environmentConfig.chainID);
-  const publicClient = (0, import_viem5.createPublicClient)({
-    chain,
-    transport: (0, import_viem5.http)(rpcUrl)
-  });
+async function getBlockTimestamps(publicClient, blockNumbers) {
   const uniqueBlockNumbers = [...new Set(blockNumbers)].filter((n) => n > 0);
   const timestamps = /* @__PURE__ */ new Map();
   const blocks = await Promise.all(
@@ -4955,67 +4455,34 @@ async function getBlockTimestamps(rpcUrl, environmentConfig, blockNumbers) {
   return timestamps;
 }
 async function isDelegated(options) {
-  const { privateKey, rpcUrl, environmentConfig } = options;
-  const privateKeyHex = addHexPrefix(privateKey);
-  const account = (0, import_accounts2.privateKeyToAccount)(privateKeyHex);
-  const chain = getChainFromID(environmentConfig.chainID);
-  const publicClient = (0, import_viem5.createPublicClient)({
-    chain,
-    transport: (0, import_viem5.http)(rpcUrl)
-  });
+  const { publicClient, environmentConfig, address } = options;
   return checkERC7702Delegation(
     publicClient,
-    account.address,
+    address,
     environmentConfig.erc7702DelegatorAddress
   );
 }
-async function undelegate(options, logger) {
-  const { privateKey, rpcUrl, environmentConfig } = options;
-  const privateKeyHex = addHexPrefix(privateKey);
-  const account = (0, import_accounts2.privateKeyToAccount)(privateKeyHex);
+async function undelegate(options, logger = noopLogger) {
+  const { walletClient, publicClient, environmentConfig } = options;
+  const account = walletClient.account;
+  if (!account) {
+    throw new Error("WalletClient must have an account attached");
+  }
   const chain = getChainFromID(environmentConfig.chainID);
-  const publicClient = (0, import_viem5.createPublicClient)({
-    chain,
-    transport: (0, import_viem5.http)(rpcUrl)
-  });
-  const walletClient = (0, import_viem5.createWalletClient)({
-    account,
-    chain,
-    transport: (0, import_viem5.http)(rpcUrl)
-  });
   const transactionNonce = await publicClient.getTransactionCount({
     address: account.address,
     blockTag: "pending"
   });
   const chainId = await publicClient.getChainId();
   const authorizationNonce = BigInt(transactionNonce) + 1n;
-  const authorization = {
-    chainId: Number(chainId),
-    address: "0x0000000000000000000000000000000000000000",
-    // Empty address = undelegate
-    nonce: authorizationNonce
-  };
-  const sighash = (0, import_utils.hashAuthorization)({
-    chainId: authorization.chainId,
-    contractAddress: authorization.address,
-    nonce: Number(authorization.nonce)
-  });
-  const sig = await (0, import_accounts3.sign)({
-    hash: sighash,
-    privateKey: privateKeyHex
+  logger.debug("Signing undelegate authorization");
+  const signedAuthorization = await walletClient.signAuthorization({
+    contractAddress: "0x0000000000000000000000000000000000000000",
+    chainId,
+    nonce: Number(authorizationNonce),
+    account
   });
-  const v = Number(sig.v);
-  const yParity = v === 27 ? 0 : 1;
-  const authorizationList = [
-    {
-      chainId: authorization.chainId,
-      address: authorization.address,
-      nonce: Number(authorization.nonce),
-      r: sig.r,
-      s: sig.s,
-      yParity
-    }
-  ];
+  const authorizationList = [signedAuthorization];
   const hash = await walletClient.sendTransaction({
     account,
     to: account.address,
@@ -5023,7 +4490,8 @@ async function undelegate(options, logger) {
     data: "0x",
     // Empty data
     value: 0n,
-    authorizationList
+    authorizationList,
+    chain
   });
   logger.info(`Transaction sent: ${hash}`);
   const receipt = await publicClient.waitForTransactionReceipt({ hash });
@@ -5034,340 +4502,874 @@ async function undelegate(options, logger) {
   return hash;
 }
 
-// src/client/common/contract/watcher.ts
-var WATCH_POLL_INTERVAL_SECONDS = 5;
-var APP_STATUS_RUNNING = "Running";
-var APP_STATUS_FAILED = "Failed";
-async function watchUntilRunning(options, logger) {
-  const { environmentConfig, appId, privateKey, rpcUrl, clientId } = options;
-  const userApiClient = new UserApiClient(environmentConfig, privateKey, rpcUrl, clientId);
-  let initialStatus;
-  let initialIP;
-  let hasChanged = false;
-  const stopCondition = (status, ip) => {
-    if (!initialStatus) {
-      initialStatus = status;
-      initialIP = ip;
-    }
-    if (status !== initialStatus) {
-      hasChanged = true;
-    }
-    if (status === APP_STATUS_RUNNING && ip) {
-      if (hasChanged || initialStatus !== APP_STATUS_RUNNING) {
-        if (!initialIP || initialIP === "No IP assigned") {
-          logger.info(`App is now running with IP: ${ip}`);
-        } else {
-          logger.info("App is now running");
-        }
-        return true;
-      }
-    }
-    if (status === APP_STATUS_FAILED) {
-      throw new Error(`App entered ${status} state`);
-    }
-    return false;
-  };
-  while (true) {
-    try {
-      const info = await userApiClient.getInfos([appId], 1);
-      if (info.length === 0) {
-        await sleep(WATCH_POLL_INTERVAL_SECONDS * 1e3);
-        continue;
-      }
-      const appInfo = info[0];
-      const currentStatus = appInfo.status;
-      const currentIP = appInfo.ip || "";
-      if (stopCondition(currentStatus, currentIP)) {
-        return currentIP || void 0;
-      }
-      await sleep(WATCH_POLL_INTERVAL_SECONDS * 1e3);
-    } catch (error) {
-      logger.warn(`Failed to fetch app info: ${error.message}`);
-      await sleep(WATCH_POLL_INTERVAL_SECONDS * 1e3);
-    }
+// src/client/common/utils/userapi.ts
+var import_axios = __toESM(require("axios"), 1);
+
+// src/client/common/utils/auth.ts
+var import_viem4 = require("viem");
+var APP_CONTROLLER_ABI = (0, import_viem4.parseAbi)([
+  "function calculateApiPermissionDigestHash(bytes4 permission, uint256 expiry) view returns (bytes32)"
+]);
+async function calculatePermissionSignature(options) {
+  const { permission, expiry, appControllerAddress, publicClient, walletClient } = options;
+  const digest = await publicClient.readContract({
+    address: appControllerAddress,
+    abi: APP_CONTROLLER_ABI,
+    functionName: "calculateApiPermissionDigestHash",
+    args: [permission, expiry]
+  });
+  const account = walletClient.account;
+  if (!account) {
+    throw new Error("WalletClient must have an account attached");
   }
+  const signature = await walletClient.signMessage({
+    account,
+    message: { raw: digest }
+  });
+  return { signature, digest };
 }
-var APP_STATUS_STOPPED = "Stopped";
-async function watchUntilUpgradeComplete(options, logger) {
-  const { environmentConfig, appId, privateKey, rpcUrl, clientId } = options;
-  const userApiClient = new UserApiClient(environmentConfig, privateKey, rpcUrl, clientId);
-  let initialStatus;
-  let initialIP;
-  let hasChanged = false;
-  const stopCondition = (status, ip) => {
-    if (!initialStatus) {
-      initialStatus = status;
-      initialIP = ip;
-      if (status === APP_STATUS_STOPPED && ip) {
-        logger.info("App upgrade complete.");
-        logger.info(`Status: ${status}`);
-        logger.info(`To start the app, run: ecloud compute app start ${appId}`);
-        return true;
-      }
-    }
-    if (status !== initialStatus) {
-      hasChanged = true;
-    }
-    if (status === APP_STATUS_STOPPED && ip && hasChanged) {
-      logger.info("App upgrade complete.");
-      logger.info(`Status: ${status}`);
-      logger.info(`To start the app, run: ecloud compute app start ${appId}`);
-      return true;
-    }
-    if (status === APP_STATUS_RUNNING && ip && hasChanged) {
-      if (!initialIP || initialIP === "No IP assigned") {
-        logger.info(`App is now running with IP: ${ip}`);
-      } else {
-        logger.info("App is now running");
-      }
-      return true;
-    }
-    if (status === APP_STATUS_FAILED) {
-      throw new Error(`App entered ${status} state`);
+var generateBillingSigData = (product, expiry) => {
+  return {
+    domain: {
+      name: "EigenCloud Billing API",
+      version: "1"
+    },
+    types: {
+      BillingAuth: [
+        { name: "product", type: "string" },
+        { name: "expiry", type: "uint256" }
+      ]
+    },
+    primaryType: "BillingAuth",
+    message: {
+      product,
+      expiry
     }
-    return false;
   };
-  while (true) {
-    try {
-      const info = await userApiClient.getInfos([appId], 1);
-      if (info.length === 0) {
-        await sleep(WATCH_POLL_INTERVAL_SECONDS * 1e3);
-        continue;
-      }
-      const appInfo = info[0];
-      const currentStatus = appInfo.status;
-      const currentIP = appInfo.ip || "";
-      if (stopCondition(currentStatus, currentIP)) {
-        return;
-      }
-      await sleep(WATCH_POLL_INTERVAL_SECONDS * 1e3);
-    } catch (error) {
-      logger.warn(`Failed to fetch app info: ${error.message}`);
-      await sleep(WATCH_POLL_INTERVAL_SECONDS * 1e3);
-    }
+};
+async function calculateBillingAuthSignature(options) {
+  const { walletClient, product, expiry } = options;
+  const account = walletClient.account;
+  if (!account) {
+    throw new Error("WalletClient must have an account attached");
   }
-}
-function sleep(ms) {
-  return new Promise((resolve2) => setTimeout(resolve2, ms));
+  const signature = await walletClient.signTypedData({
+    account,
+    ...generateBillingSigData(product, expiry)
+  });
+  return { signature, expiry };
 }
 
-// src/client/common/utils/validation.ts
-var import_fs = __toESM(require("fs"), 1);
-var import_path = __toESM(require("path"), 1);
-var import_viem6 = require("viem");
-function validateAppName(name) {
-  if (!name) {
-    throw new Error("App name cannot be empty");
-  }
-  if (name.includes(" ")) {
-    throw new Error("App name cannot contain spaces");
+// src/client/common/auth/session.ts
+var SessionError = class extends Error {
+  constructor(message, code, statusCode) {
+    super(message);
+    this.code = code;
+    this.statusCode = statusCode;
+    this.name = "SessionError";
   }
-  if (name.length > 50) {
-    throw new Error("App name cannot be longer than 50 characters");
+};
+function stripHexPrefix2(hex) {
+  return hex.startsWith("0x") ? hex.slice(2) : hex;
+}
+async function parseErrorResponse(response) {
+  try {
+    const data = await response.json();
+    return data.error || response.statusText;
+  } catch {
+    return response.statusText;
   }
 }
-function validateImageReference(value) {
-  if (!value) {
-    return "Image reference cannot be empty";
+async function loginToComputeApi(config, request) {
+  let response;
+  try {
+    response = await fetch(`${config.baseUrl}/auth/siwe/login`, {
+      method: "POST",
+      credentials: "include",
+      // Include cookies for session management
+      headers: {
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify({
+        message: request.message,
+        signature: stripHexPrefix2(request.signature)
+      })
+    });
+  } catch (error) {
+    throw new SessionError(
+      `Network error connecting to ${config.baseUrl}: ${error instanceof Error ? error.message : String(error)}`,
+      "NETWORK_ERROR"
+    );
   }
-  if (!value.includes("/")) {
-    return "Image reference must contain at least one /";
+  if (!response.ok) {
+    const errorMessage = await parseErrorResponse(response);
+    const status = response.status;
+    if (status === 400) {
+      if (errorMessage.toLowerCase().includes("siwe")) {
+        throw new SessionError(`Invalid SIWE message: ${errorMessage}`, "INVALID_MESSAGE", status);
+      }
+      throw new SessionError(`Bad request: ${errorMessage}`, "INVALID_MESSAGE", status);
+    }
+    if (status === 401) {
+      throw new SessionError(`Invalid signature: ${errorMessage}`, "INVALID_SIGNATURE", status);
+    }
+    throw new SessionError(`Login failed: ${errorMessage}`, "UNKNOWN", status);
   }
-  return true;
+  const data = await response.json();
+  return {
+    success: data.success,
+    address: data.address
+  };
 }
-function assertValidImageReference(value) {
-  const result = validateImageReference(value);
-  if (result !== true) {
-    throw new Error(result);
+async function getComputeApiSession(config) {
+  let response;
+  try {
+    response = await fetch(`${config.baseUrl}/auth/session`, {
+      method: "GET",
+      credentials: "include",
+      // Include cookies for session management
+      headers: {
+        "Content-Type": "application/json"
+      }
+    });
+  } catch {
+    return {
+      authenticated: false
+    };
   }
-}
-function extractAppNameFromImage(imageRef) {
-  const parts = imageRef.split("/");
-  let imageName = parts.length > 1 ? parts[parts.length - 1] : imageRef;
-  if (imageName.includes(":")) {
-    imageName = imageName.split(":")[0];
+  if (response.status === 401) {
+    return {
+      authenticated: false
+    };
   }
-  return imageName;
+  if (!response.ok) {
+    const errorMessage = await parseErrorResponse(response);
+    throw new SessionError(`Failed to get session: ${errorMessage}`, "UNKNOWN", response.status);
+  }
+  const data = await response.json();
+  return {
+    authenticated: data.authenticated,
+    address: data.address,
+    chainId: data.chain_id
+  };
 }
-function validateFilePath(value) {
-  if (!value) {
-    return "File path cannot be empty";
+async function logoutFromComputeApi(config) {
+  let response;
+  try {
+    response = await fetch(`${config.baseUrl}/auth/logout`, {
+      method: "POST",
+      credentials: "include",
+      // Include cookies for session management
+      headers: {
+        "Content-Type": "application/json"
+      }
+    });
+  } catch (error) {
+    throw new SessionError(
+      `Network error connecting to ${config.baseUrl}: ${error instanceof Error ? error.message : String(error)}`,
+      "NETWORK_ERROR"
+    );
   }
-  if (!import_fs.default.existsSync(value)) {
-    return "File does not exist";
+  if (response.status === 401) {
+    return;
   }
-  return true;
-}
-function assertValidFilePath(value) {
-  const result = validateFilePath(value);
-  if (result !== true) {
-    throw new Error(result);
+  if (!response.ok) {
+    const errorMessage = await parseErrorResponse(response);
+    throw new SessionError(`Logout failed: ${errorMessage}`, "UNKNOWN", response.status);
   }
 }
-function validateInstanceTypeSKU(sku, availableTypes) {
-  if (!sku) {
-    throw new Error("Instance type SKU cannot be empty");
-  }
-  for (const it of availableTypes) {
-    if (it.sku === sku) {
-      return sku;
-    }
-  }
-  const validSKUs = availableTypes.map((it) => it.sku).join(", ");
-  throw new Error(`Invalid instance-type value: ${sku} (must be one of: ${validSKUs})`);
+async function isSessionValid(config) {
+  const session = await getComputeApiSession(config);
+  return session.authenticated;
 }
-function validatePrivateKeyFormat(key) {
-  const keyWithoutPrefix = stripHexPrefix(key);
-  if (!/^[0-9a-fA-F]{64}$/.test(keyWithoutPrefix)) {
-    return false;
-  }
-  return true;
+
+// src/client/common/utils/userapi.ts
+function isJsonObject(value) {
+  return typeof value === "object" && value !== null && !Array.isArray(value);
 }
-function assertValidPrivateKey(key) {
-  if (!key) {
-    throw new Error("Private key is required");
-  }
-  if (!validatePrivateKeyFormat(key)) {
-    throw new Error(
-      "Invalid private key format (must be 64 hex characters, optionally prefixed with 0x)"
-    );
-  }
+function readString(obj, key) {
+  const v = obj[key];
+  return typeof v === "string" ? v : void 0;
 }
-function validateURL(rawURL) {
-  if (!rawURL.trim()) {
-    return "URL cannot be empty";
+function readNumber(obj, key) {
+  const v = obj[key];
+  return typeof v === "number" && Number.isFinite(v) ? v : void 0;
+}
+var MAX_ADDRESS_COUNT = 5;
+var CanViewAppLogsPermission = "0x2fd3f2fe";
+var CanViewSensitiveAppInfoPermission = "0x0e67b22f";
+var CanUpdateAppProfilePermission = "0x036fef61";
+function getDefaultClientId() {
+  const version = true ? "0.2.2-dev" : "0.0.0";
+  return `ecloud-sdk/v${version}`;
+}
+var UserApiClient = class {
+  constructor(config, walletClient, publicClient, options) {
+    this.config = config;
+    this.walletClient = walletClient;
+    this.publicClient = publicClient;
+    this.clientId = options?.clientId || getDefaultClientId();
+    this.useSession = options?.useSession ?? false;
   }
-  try {
-    const url = new URL(rawURL);
-    if (url.protocol !== "http:" && url.protocol !== "https:") {
-      return "URL scheme must be http or https";
+  /**
+   * Get the address of the connected wallet
+   */
+  get address() {
+    const account = this.walletClient.account;
+    if (!account) {
+      throw new Error("WalletClient must have an account attached");
     }
-  } catch {
-    return "Invalid URL format";
+    return account.address;
   }
-  return void 0;
-}
-var VALID_X_HOSTS = ["twitter.com", "www.twitter.com", "x.com", "www.x.com"];
-function validateXURL(rawURL) {
-  const urlErr = validateURL(rawURL);
-  if (urlErr) {
-    return urlErr;
+  async getInfos(appIDs, addressCount = 1) {
+    const count = Math.min(addressCount, MAX_ADDRESS_COUNT);
+    const endpoint = `${this.config.userApiServerURL}/info`;
+    const url = `${endpoint}?${new URLSearchParams({ apps: appIDs.join(",") })}`;
+    const res = await this.makeAuthenticatedRequest(url, CanViewSensitiveAppInfoPermission);
+    const result = await res.json();
+    return result.apps.map((app, i) => {
+      const evmAddresses = app.addresses?.data?.evmAddresses?.slice(0, count) || [];
+      const solanaAddresses = app.addresses?.data?.solanaAddresses?.slice(0, count) || [];
+      return {
+        address: appIDs[i],
+        status: app.app_status,
+        ip: app.ip,
+        machineType: app.machine_type,
+        profile: app.profile,
+        metrics: app.metrics,
+        evmAddresses,
+        solanaAddresses
+      };
+    });
   }
-  try {
-    const url = new URL(rawURL);
-    const host = url.hostname.toLowerCase();
-    if (!VALID_X_HOSTS.includes(host)) {
-      return "URL must be a valid X/Twitter URL (x.com or twitter.com)";
+  /**
+   * Get app details from UserAPI (includes releases and build/provenance info when available).
+   *
+   * Endpoint: GET /apps/:appAddress
+   */
+  async getApp(appAddress) {
+    const endpoint = `${this.config.userApiServerURL}/apps/${appAddress}`;
+    const res = await this.makeAuthenticatedRequest(endpoint);
+    const raw = await res.json();
+    if (!isJsonObject(raw)) {
+      throw new Error("Unexpected /apps/:id response: expected object");
     }
-    if (!url.pathname || url.pathname === "/") {
-      return "X URL must include a username or profile path";
+    const id = readString(raw, "id");
+    if (!id) {
+      throw new Error("Unexpected /apps/:id response: missing 'id'");
     }
-  } catch {
-    return "Invalid X URL format";
+    const releasesRaw = raw.releases;
+    const releases = Array.isArray(releasesRaw) ? releasesRaw.map((r) => transformAppRelease(r)).filter((r) => !!r) : [];
+    return {
+      id,
+      creator: readString(raw, "creator"),
+      contractStatus: readString(raw, "contract_status") ?? readString(raw, "contractStatus"),
+      releases
+    };
   }
-  return void 0;
-}
-var MAX_DESCRIPTION_LENGTH = 1e3;
-function validateDescription(description) {
-  if (!description.trim()) {
-    return "Description cannot be empty";
+  /**
+   * Get available SKUs (instance types) from UserAPI
+   */
+  async getSKUs() {
+    const endpoint = `${this.config.userApiServerURL}/skus`;
+    const response = await this.makeAuthenticatedRequest(endpoint);
+    const result = await response.json();
+    return {
+      skus: result.skus || result.SKUs || []
+    };
   }
-  if (description.length > MAX_DESCRIPTION_LENGTH) {
-    return `Description cannot exceed ${MAX_DESCRIPTION_LENGTH} characters`;
+  /**
+   * Get logs for an app
+   */
+  async getLogs(appID) {
+    const endpoint = `${this.config.userApiServerURL}/logs/${appID}`;
+    const response = await this.makeAuthenticatedRequest(endpoint, CanViewAppLogsPermission);
+    return await response.text();
   }
-  return void 0;
-}
-var MAX_IMAGE_SIZE = 4 * 1024 * 1024;
-var VALID_IMAGE_EXTENSIONS = [".jpg", ".jpeg", ".png"];
-function validateImagePath(filePath) {
-  const cleanedPath = filePath.trim().replace(/^["']|["']$/g, "");
-  if (!cleanedPath) {
-    return "Image path cannot be empty";
+  /**
+   * Get statuses for apps
+   */
+  async getStatuses(appIDs) {
+    const endpoint = `${this.config.userApiServerURL}/status`;
+    const url = `${endpoint}?${new URLSearchParams({ apps: appIDs.join(",") })}`;
+    const response = await this.makeAuthenticatedRequest(url);
+    const result = await response.json();
+    const apps = result.apps || result.Apps || [];
+    return apps.map((app, i) => ({
+      address: app.address || appIDs[i],
+      status: app.app_status || app.App_Status || ""
+    }));
   }
-  if (!import_fs.default.existsSync(cleanedPath)) {
-    return `Image file not found: ${cleanedPath}`;
+  /**
+   * Upload app profile information with optional image
+   *
+   * @param appAddress - The app's contract address
+   * @param name - Display name for the app
+   * @param options - Optional fields including website, description, xURL, and image
+   * @param options.image - Image file as Blob or File (browser: from input element, Node.js: new Blob([buffer]))
+   * @param options.imageName - Filename for the image (required if image is provided)
+   */
+  async uploadAppProfile(appAddress, name, options) {
+    const endpoint = `${this.config.userApiServerURL}/apps/${appAddress}/profile`;
+    const formData = new FormData();
+    formData.append("name", name);
+    if (options?.website) {
+      formData.append("website", options.website);
+    }
+    if (options?.description) {
+      formData.append("description", options.description);
+    }
+    if (options?.xURL) {
+      formData.append("xURL", options.xURL);
+    }
+    if (options?.image) {
+      const fileName = options.image instanceof File ? options.image.name : options.imageName || "image";
+      formData.append("image", options.image, fileName);
+    }
+    const headers = {
+      "x-client-id": this.clientId
+    };
+    if (!this.useSession) {
+      const expiry = BigInt(Math.floor(Date.now() / 1e3) + 5 * 60);
+      const authHeaders = await this.generateAuthHeaders(CanUpdateAppProfilePermission, expiry);
+      Object.assign(headers, authHeaders);
+    }
+    try {
+      const response = await import_axios.default.post(endpoint, formData, {
+        headers,
+        maxRedirects: 0,
+        validateStatus: () => true,
+        // Don't throw on any status
+        maxContentLength: Infinity,
+        // Allow large file uploads
+        maxBodyLength: Infinity,
+        // Allow large file uploads
+        withCredentials: true
+        // Include cookies for session auth
+      });
+      const status = response.status;
+      if (status !== 200 && status !== 201) {
+        const body = typeof response.data === "string" ? response.data : JSON.stringify(response.data);
+        if (status === 403 && body.includes("Cloudflare") && body.includes("challenge-platform")) {
+          throw new Error(
+            `Cloudflare protection is blocking the request. This is likely due to bot detection.
+Status: ${status}`
+          );
+        }
+        throw new Error(
+          `UserAPI request failed: ${status} ${status >= 200 && status < 300 ? "OK" : "Error"} - ${body.substring(0, 500)}${body.length > 500 ? "..." : ""}`
+        );
+      }
+      return response.data;
+    } catch (error) {
+      if (error.message?.includes("fetch failed") || error.message?.includes("ECONNREFUSED") || error.message?.includes("ENOTFOUND") || error.cause) {
+        const cause = error.cause?.message || error.cause || error.message;
+        throw new Error(
+          `Failed to connect to UserAPI at ${endpoint}: ${cause}
+Please check:
+1. Your internet connection
+2. The API server is accessible: ${this.config.userApiServerURL}
+3. Firewall/proxy settings`
+        );
+      }
+      throw error;
+    }
   }
-  const stats = import_fs.default.statSync(cleanedPath);
-  if (stats.isDirectory()) {
-    return "Path is a directory, not a file";
+  async makeAuthenticatedRequest(url, permission) {
+    const headers = {
+      "x-client-id": this.clientId
+    };
+    if (permission && !this.useSession) {
+      const expiry = BigInt(Math.floor(Date.now() / 1e3) + 5 * 60);
+      const authHeaders = await this.generateAuthHeaders(permission, expiry);
+      Object.assign(headers, authHeaders);
+    }
+    try {
+      const response = await import_axios.default.get(url, {
+        headers,
+        maxRedirects: 0,
+        validateStatus: () => true,
+        // Don't throw on any status
+        withCredentials: true
+        // Include cookies for session auth
+      });
+      const status = response.status;
+      const statusText = status >= 200 && status < 300 ? "OK" : "Error";
+      if (status < 200 || status >= 300) {
+        const body = typeof response.data === "string" ? response.data : JSON.stringify(response.data);
+        throw new Error(`UserAPI request failed: ${status} ${statusText} - ${body}`);
+      }
+      return {
+        json: async () => response.data,
+        text: async () => typeof response.data === "string" ? response.data : JSON.stringify(response.data)
+      };
+    } catch (error) {
+      if (error.message?.includes("fetch failed") || error.message?.includes("ECONNREFUSED") || error.message?.includes("ENOTFOUND") || error.cause) {
+        const cause = error.cause?.message || error.cause || error.message;
+        throw new Error(
+          `Failed to connect to UserAPI at ${url}: ${cause}
+Please check:
+1. Your internet connection
+2. The API server is accessible: ${this.config.userApiServerURL}
+3. Firewall/proxy settings`
+        );
+      }
+      throw error;
+    }
   }
-  if (stats.size > MAX_IMAGE_SIZE) {
-    const sizeMB = (stats.size / (1024 * 1024)).toFixed(2);
-    return `Image file size (${sizeMB} MB) exceeds maximum allowed size of 4 MB`;
+  /**
+   * Generate authentication headers for UserAPI requests
+   */
+  async generateAuthHeaders(permission, expiry) {
+    const { signature } = await calculatePermissionSignature({
+      permission,
+      expiry,
+      appControllerAddress: this.config.appControllerAddress,
+      publicClient: this.publicClient,
+      walletClient: this.walletClient
+    });
+    return {
+      Authorization: `Bearer ${stripHexPrefix(signature)}`,
+      "X-eigenx-expiry": expiry.toString()
+    };
   }
-  const ext = import_path.default.extname(cleanedPath).toLowerCase();
-  if (!VALID_IMAGE_EXTENSIONS.includes(ext)) {
-    return "Image must be JPG or PNG format";
+  // ==========================================================================
+  // SIWE Session Management
+  // ==========================================================================
+  /**
+   * Login to the compute API using SIWE (Sign-In with Ethereum)
+   *
+   * This establishes a session with the compute API by verifying the SIWE message
+   * and signature. On success, a session cookie is set in the browser.
+   *
+   * @param request - Login request containing SIWE message and signature
+   * @returns Login result with the authenticated address
+   *
+   * @example
+   * ```typescript
+   * import { createSiweMessage } from "@layr-labs/ecloud-sdk/browser";
+   *
+   * const { message } = createSiweMessage({
+   *   address: userAddress,
+   *   chainId: 11155111,
+   *   domain: window.location.host,
+   *   uri: window.location.origin,
+   * });
+   *
+   * const signature = await signMessageAsync({ message });
+   * const result = await client.siweLogin({ message, signature });
+   * ```
+   */
+  async siweLogin(request) {
+    return loginToComputeApi({ baseUrl: this.config.userApiServerURL }, request);
   }
-  return void 0;
-}
-function validateAppID(appID) {
-  if (!appID) {
-    throw new Error("App ID is required");
+  /**
+   * Logout from the compute API
+   *
+   * This destroys the current session and clears the session cookie.
+   *
+   * @example
+   * ```typescript
+   * await client.siweLogout();
+   * ```
+   */
+  async siweLogout() {
+    return logoutFromComputeApi({ baseUrl: this.config.userApiServerURL });
   }
-  const normalized = typeof appID === "string" ? addHexPrefix(appID) : appID;
-  if ((0, import_viem6.isAddress)(normalized)) {
-    return normalized;
+  /**
+   * Get the current SIWE session status from the compute API
+   *
+   * @returns Session information including authentication status and address
+   *
+   * @example
+   * ```typescript
+   * const session = await client.getSiweSession();
+   * if (session.authenticated) {
+   *   console.log(`Logged in as ${session.address}`);
+   * }
+   * ```
+   */
+  async getSiweSession() {
+    return getComputeApiSession({ baseUrl: this.config.userApiServerURL });
   }
-  throw new Error(`Invalid app ID: '${appID}' is not a valid address`);
+};
+function transformAppReleaseBuild(raw) {
+  if (!isJsonObject(raw)) return void 0;
+  const depsRaw = raw.dependencies;
+  const deps = isJsonObject(depsRaw) ? Object.fromEntries(
+    Object.entries(depsRaw).flatMap(([digest, depRaw]) => {
+      const parsed = transformAppReleaseBuild(depRaw);
+      return parsed ? [[digest, parsed]] : [];
+    })
+  ) : void 0;
+  return {
+    buildId: readString(raw, "build_id") ?? readString(raw, "buildId"),
+    billingAddress: readString(raw, "billing_address") ?? readString(raw, "billingAddress"),
+    repoUrl: readString(raw, "repo_url") ?? readString(raw, "repoUrl"),
+    gitRef: readString(raw, "git_ref") ?? readString(raw, "gitRef"),
+    status: readString(raw, "status"),
+    buildType: readString(raw, "build_type") ?? readString(raw, "buildType"),
+    imageName: readString(raw, "image_name") ?? readString(raw, "imageName"),
+    imageDigest: readString(raw, "image_digest") ?? readString(raw, "imageDigest"),
+    imageUrl: readString(raw, "image_url") ?? readString(raw, "imageUrl"),
+    provenanceJson: raw.provenance_json ?? raw.provenanceJson,
+    provenanceSignature: readString(raw, "provenance_signature") ?? readString(raw, "provenanceSignature"),
+    createdAt: readString(raw, "created_at") ?? readString(raw, "createdAt"),
+    updatedAt: readString(raw, "updated_at") ?? readString(raw, "updatedAt"),
+    errorMessage: readString(raw, "error_message") ?? readString(raw, "errorMessage"),
+    dependencies: deps
+  };
 }
-function validateLogVisibility(logVisibility) {
-  switch (logVisibility) {
-    case "public":
-      return { logRedirect: "always", publicLogs: true };
-    case "private":
-      return { logRedirect: "always", publicLogs: false };
-    case "off":
-      return { logRedirect: "", publicLogs: false };
-    default:
-      throw new Error(
-        `Invalid log-visibility value: ${logVisibility} (must be public, private, or off)`
-      );
-  }
+function transformAppRelease(raw) {
+  if (!isJsonObject(raw)) return void 0;
+  return {
+    appId: readString(raw, "appId") ?? readString(raw, "app_id"),
+    rmsReleaseId: readString(raw, "rmsReleaseId") ?? readString(raw, "rms_release_id"),
+    imageDigest: readString(raw, "imageDigest") ?? readString(raw, "image_digest"),
+    registryUrl: readString(raw, "registryUrl") ?? readString(raw, "registry_url"),
+    publicEnv: readString(raw, "publicEnv") ?? readString(raw, "public_env"),
+    encryptedEnv: readString(raw, "encryptedEnv") ?? readString(raw, "encrypted_env"),
+    upgradeByTime: readNumber(raw, "upgradeByTime") ?? readNumber(raw, "upgrade_by_time"),
+    createdAt: readString(raw, "createdAt") ?? readString(raw, "created_at"),
+    createdAtBlock: readString(raw, "createdAtBlock") ?? readString(raw, "created_at_block"),
+    build: raw.build ? transformAppReleaseBuild(raw.build) : void 0
+  };
 }
-function validateResourceUsageMonitoring(resourceUsageMonitoring) {
-  if (!resourceUsageMonitoring) {
-    return "always";
-  }
-  switch (resourceUsageMonitoring) {
-    case "enable":
-      return "always";
-    case "disable":
-      return "never";
-    default:
-      throw new Error(
-        `Invalid resource-usage-monitoring value: ${resourceUsageMonitoring} (must be enable or disable)`
-      );
+
+// src/client/common/contract/watcher.ts
+var WATCH_POLL_INTERVAL_SECONDS = 5;
+var APP_STATUS_RUNNING = "Running";
+var APP_STATUS_FAILED = "Failed";
+async function watchUntilRunning(options, logger) {
+  const { walletClient, publicClient, environmentConfig, appId } = options;
+  const userApiClient = new UserApiClient(environmentConfig, walletClient, publicClient);
+  let initialStatus;
+  let initialIP;
+  let hasChanged = false;
+  const stopCondition = (status, ip) => {
+    if (!initialStatus) {
+      initialStatus = status;
+      initialIP = ip;
+    }
+    if (status !== initialStatus) {
+      hasChanged = true;
+    }
+    if (status === APP_STATUS_RUNNING && ip) {
+      if (hasChanged || initialStatus !== APP_STATUS_RUNNING) {
+        if (!initialIP || initialIP === "No IP assigned") {
+          logger.info(`App is now running with IP: ${ip}`);
+        } else {
+          logger.info("App is now running");
+        }
+        return true;
+      }
+    }
+    if (status === APP_STATUS_FAILED) {
+      throw new Error(`App entered ${status} state`);
+    }
+    return false;
+  };
+  while (true) {
+    try {
+      const info = await userApiClient.getInfos([appId], 1);
+      if (info.length === 0) {
+        await sleep(WATCH_POLL_INTERVAL_SECONDS * 1e3);
+        continue;
+      }
+      const appInfo = info[0];
+      const currentStatus = appInfo.status;
+      const currentIP = appInfo.ip || "";
+      if (stopCondition(currentStatus, currentIP)) {
+        return currentIP || void 0;
+      }
+      await sleep(WATCH_POLL_INTERVAL_SECONDS * 1e3);
+    } catch (error) {
+      logger.warn(`Failed to fetch app info: ${error.message}`);
+      await sleep(WATCH_POLL_INTERVAL_SECONDS * 1e3);
+    }
   }
 }
-function hasScheme(rawURL) {
-  return rawURL.startsWith("http://") || rawURL.startsWith("https://");
+var APP_STATUS_STOPPED = "Stopped";
+async function watchUntilUpgradeComplete(options, logger) {
+  const { walletClient, publicClient, environmentConfig, appId } = options;
+  const userApiClient = new UserApiClient(environmentConfig, walletClient, publicClient);
+  let initialStatus;
+  let initialIP;
+  let hasChanged = false;
+  const stopCondition = (status, ip) => {
+    if (!initialStatus) {
+      initialStatus = status;
+      initialIP = ip;
+      if (status === APP_STATUS_STOPPED && ip) {
+        logger.info("App upgrade complete.");
+        logger.info(`Status: ${status}`);
+        logger.info(`To start the app, run: ecloud compute app start ${appId}`);
+        return true;
+      }
+    }
+    if (status !== initialStatus) {
+      hasChanged = true;
+    }
+    if (status === APP_STATUS_STOPPED && ip && hasChanged) {
+      logger.info("App upgrade complete.");
+      logger.info(`Status: ${status}`);
+      logger.info(`To start the app, run: ecloud compute app start ${appId}`);
+      return true;
+    }
+    if (status === APP_STATUS_RUNNING && ip && hasChanged) {
+      if (!initialIP || initialIP === "No IP assigned") {
+        logger.info(`App is now running with IP: ${ip}`);
+      } else {
+        logger.info("App is now running");
+      }
+      return true;
+    }
+    if (status === APP_STATUS_FAILED) {
+      throw new Error(`App entered ${status} state`);
+    }
+    return false;
+  };
+  while (true) {
+    try {
+      const info = await userApiClient.getInfos([appId], 1);
+      if (info.length === 0) {
+        await sleep(WATCH_POLL_INTERVAL_SECONDS * 1e3);
+        continue;
+      }
+      const appInfo = info[0];
+      const currentStatus = appInfo.status;
+      const currentIP = appInfo.ip || "";
+      if (stopCondition(currentStatus, currentIP)) {
+        return;
+      }
+      await sleep(WATCH_POLL_INTERVAL_SECONDS * 1e3);
+    } catch (error) {
+      logger.warn(`Failed to fetch app info: ${error.message}`);
+      await sleep(WATCH_POLL_INTERVAL_SECONDS * 1e3);
+    }
+  }
 }
-function sanitizeString(s) {
-  return s.trim().replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#39;");
+function sleep(ms) {
+  return new Promise((resolve2) => setTimeout(resolve2, ms));
 }
-function sanitizeURL(rawURL) {
-  rawURL = rawURL.trim();
-  if (!hasScheme(rawURL)) {
-    rawURL = "https://" + rawURL;
+
+// src/client/common/utils/validation.ts
+var import_fs = __toESM(require("fs"), 1);
+var import_path = __toESM(require("path"), 1);
+var import_viem5 = require("viem");
+function validateAppName(name) {
+  if (!name) {
+    throw new Error("App name cannot be empty");
   }
-  const err = validateURL(rawURL);
-  if (err) {
-    throw new Error(err);
+  if (name.includes(" ")) {
+    throw new Error("App name cannot contain spaces");
+  }
+  if (name.length > 50) {
+    throw new Error("App name cannot be longer than 50 characters");
   }
-  return rawURL;
 }
-function sanitizeXURL(rawURL) {
-  rawURL = rawURL.trim();
-  if (!rawURL.includes("://") && !rawURL.includes(".")) {
-    const username = rawURL.startsWith("@") ? rawURL.slice(1) : rawURL;
-    rawURL = `https://x.com/${username}`;
-  } else if (!hasScheme(rawURL)) {
-    rawURL = "https://" + rawURL;
+function validateImageReference(value) {
+  if (!value) {
+    return "Image reference cannot be empty";
   }
-  rawURL = rawURL.replace(/twitter\.com/g, "x.com");
-  rawURL = rawURL.replace(/www\.x\.com/g, "x.com");
-  const err = validateXURL(rawURL);
+  if (!value.includes("/")) {
+    return "Image reference must contain at least one /";
+  }
+  return true;
+}
+function assertValidImageReference(value) {
+  const result = validateImageReference(value);
+  if (result !== true) {
+    throw new Error(result);
+  }
+}
+function extractAppNameFromImage(imageRef) {
+  const parts = imageRef.split("/");
+  let imageName = parts.length > 1 ? parts[parts.length - 1] : imageRef;
+  if (imageName.includes(":")) {
+    imageName = imageName.split(":")[0];
+  }
+  return imageName;
+}
+function validateFilePath(value) {
+  if (!value) {
+    return "File path cannot be empty";
+  }
+  if (!import_fs.default.existsSync(value)) {
+    return "File does not exist";
+  }
+  return true;
+}
+function assertValidFilePath(value) {
+  const result = validateFilePath(value);
+  if (result !== true) {
+    throw new Error(result);
+  }
+}
+function validateInstanceTypeSKU(sku, availableTypes) {
+  if (!sku) {
+    throw new Error("Instance type SKU cannot be empty");
+  }
+  for (const it of availableTypes) {
+    if (it.sku === sku) {
+      return sku;
+    }
+  }
+  const validSKUs = availableTypes.map((it) => it.sku).join(", ");
+  throw new Error(`Invalid instance-type value: ${sku} (must be one of: ${validSKUs})`);
+}
+function validatePrivateKeyFormat(key) {
+  const keyWithoutPrefix = stripHexPrefix(key);
+  if (!/^[0-9a-fA-F]{64}$/.test(keyWithoutPrefix)) {
+    return false;
+  }
+  return true;
+}
+function assertValidPrivateKey(key) {
+  if (!key) {
+    throw new Error("Private key is required");
+  }
+  if (!validatePrivateKeyFormat(key)) {
+    throw new Error(
+      "Invalid private key format (must be 64 hex characters, optionally prefixed with 0x)"
+    );
+  }
+}
+function validateURL(rawURL) {
+  if (!rawURL.trim()) {
+    return "URL cannot be empty";
+  }
+  try {
+    const url = new URL(rawURL);
+    if (url.protocol !== "http:" && url.protocol !== "https:") {
+      return "URL scheme must be http or https";
+    }
+  } catch {
+    return "Invalid URL format";
+  }
+  return void 0;
+}
+var VALID_X_HOSTS = ["twitter.com", "www.twitter.com", "x.com", "www.x.com"];
+function validateXURL(rawURL) {
+  const urlErr = validateURL(rawURL);
+  if (urlErr) {
+    return urlErr;
+  }
+  try {
+    const url = new URL(rawURL);
+    const host = url.hostname.toLowerCase();
+    if (!VALID_X_HOSTS.includes(host)) {
+      return "URL must be a valid X/Twitter URL (x.com or twitter.com)";
+    }
+    if (!url.pathname || url.pathname === "/") {
+      return "X URL must include a username or profile path";
+    }
+  } catch {
+    return "Invalid X URL format";
+  }
+  return void 0;
+}
+var MAX_DESCRIPTION_LENGTH = 1e3;
+function validateDescription(description) {
+  if (!description.trim()) {
+    return "Description cannot be empty";
+  }
+  if (description.length > MAX_DESCRIPTION_LENGTH) {
+    return `Description cannot exceed ${MAX_DESCRIPTION_LENGTH} characters`;
+  }
+  return void 0;
+}
+var MAX_IMAGE_SIZE = 4 * 1024 * 1024;
+var VALID_IMAGE_EXTENSIONS = [".jpg", ".jpeg", ".png"];
+function validateImagePath(filePath) {
+  const cleanedPath = filePath.trim().replace(/^["']|["']$/g, "");
+  if (!cleanedPath) {
+    return "Image path cannot be empty";
+  }
+  if (!import_fs.default.existsSync(cleanedPath)) {
+    return `Image file not found: ${cleanedPath}`;
+  }
+  const stats = import_fs.default.statSync(cleanedPath);
+  if (stats.isDirectory()) {
+    return "Path is a directory, not a file";
+  }
+  if (stats.size > MAX_IMAGE_SIZE) {
+    const sizeMB = (stats.size / (1024 * 1024)).toFixed(2);
+    return `Image file size (${sizeMB} MB) exceeds maximum allowed size of 4 MB`;
+  }
+  const ext = import_path.default.extname(cleanedPath).toLowerCase();
+  if (!VALID_IMAGE_EXTENSIONS.includes(ext)) {
+    return "Image must be JPG or PNG format";
+  }
+  return void 0;
+}
+function validateAppID(appID) {
+  if (!appID) {
+    throw new Error("App ID is required");
+  }
+  const normalized = typeof appID === "string" ? addHexPrefix(appID) : appID;
+  if ((0, import_viem5.isAddress)(normalized)) {
+    return normalized;
+  }
+  throw new Error(`Invalid app ID: '${appID}' is not a valid address`);
+}
+function validateLogVisibility(logVisibility) {
+  switch (logVisibility) {
+    case "public":
+      return { logRedirect: "always", publicLogs: true };
+    case "private":
+      return { logRedirect: "always", publicLogs: false };
+    case "off":
+      return { logRedirect: "", publicLogs: false };
+    default:
+      throw new Error(
+        `Invalid log-visibility value: ${logVisibility} (must be public, private, or off)`
+      );
+  }
+}
+function validateResourceUsageMonitoring(resourceUsageMonitoring) {
+  if (!resourceUsageMonitoring) {
+    return "always";
+  }
+  switch (resourceUsageMonitoring) {
+    case "enable":
+      return "always";
+    case "disable":
+      return "never";
+    default:
+      throw new Error(
+        `Invalid resource-usage-monitoring value: ${resourceUsageMonitoring} (must be enable or disable)`
+      );
+  }
+}
+function hasScheme(rawURL) {
+  return rawURL.startsWith("http://") || rawURL.startsWith("https://");
+}
+function sanitizeString(s) {
+  return s.trim().replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#39;");
+}
+function sanitizeURL(rawURL) {
+  rawURL = rawURL.trim();
+  if (!hasScheme(rawURL)) {
+    rawURL = "https://" + rawURL;
+  }
+  const err = validateURL(rawURL);
+  if (err) {
+    throw new Error(err);
+  }
+  return rawURL;
+}
+function sanitizeXURL(rawURL) {
+  rawURL = rawURL.trim();
+  if (!rawURL.includes("://") && !rawURL.includes(".")) {
+    const username = rawURL.startsWith("@") ? rawURL.slice(1) : rawURL;
+    rawURL = `https://x.com/${username}`;
+  } else if (!hasScheme(rawURL)) {
+    rawURL = "https://" + rawURL;
+  }
+  rawURL = rawURL.replace(/twitter\.com/g, "x.com");
+  rawURL = rawURL.replace(/www\.x\.com/g, "x.com");
+  const err = validateXURL(rawURL);
   if (err) {
     throw new Error(err);
   }
@@ -5447,84 +5449,268 @@ function validateLogsParams(params) {
   validateAppID(params.appID);
 }
 
-// src/client/common/utils/preflight.ts
-var import_viem7 = require("viem");
-var import_accounts4 = require("viem/accounts");
-async function doPreflightChecks(options, logger) {
-  logger.debug("Checking authentication...");
-  const privateKey = await getPrivateKeyOrFail(options.privateKey);
-  logger.debug("Determining environment...");
-  const environmentConfig = getEnvironmentConfig(options.environment || "sepolia");
-  let rpcUrl = options.rpcUrl;
-  if (!rpcUrl) {
-    rpcUrl = process.env.RPC_URL ?? environmentConfig.defaultRPCURL;
-  }
-  if (!rpcUrl) {
-    throw new Error(
-      `RPC URL is required. Provide via options.rpcUrl, RPC_URL env var, or ensure environment has default RPC URL`
-    );
-  }
-  logger.debug("Testing network connectivity...");
-  const publicClient = (0, import_viem7.createPublicClient)({
-    transport: (0, import_viem7.http)(rpcUrl)
-  });
-  try {
-    const chainID = await publicClient.getChainId();
-    if (BigInt(chainID) !== environmentConfig.chainID) {
-      throw new Error(`Chain ID mismatch: expected ${environmentConfig.chainID}, got ${chainID}`);
-    }
-  } catch (err) {
-    throw new Error(`Cannot connect to ${environmentConfig.name} RPC at ${rpcUrl}: ${err.message}`);
-  }
-  const privateKeyHex = addHexPrefix(privateKey);
-  const account = (0, import_accounts4.privateKeyToAccount)(privateKeyHex);
-  const selfAddress = account.address;
-  return {
-    privateKey: privateKeyHex,
-    rpcUrl,
-    environmentConfig,
-    account,
-    selfAddress
-  };
-}
-async function getPrivateKeyOrFail(privateKey) {
-  if (privateKey) {
-    validatePrivateKey(privateKey);
-    return privateKey;
-  }
-  if (process.env.PRIVATE_KEY) {
-    validatePrivateKey(process.env.PRIVATE_KEY);
-    return process.env.PRIVATE_KEY;
-  }
-  throw new Error(
-    `private key required. Please provide it via:
-  \u2022 Option: privateKey in deploy options
-  \u2022 Environment: export PRIVATE_KEY=YOUR_KEY
-  \u2022 Keyring: (not yet implemented)`
-  );
-}
-function validatePrivateKey(key) {
-  const cleaned = stripHexPrefix(key);
-  if (!/^[0-9a-fA-F]{64}$/.test(cleaned)) {
-    throw new Error("Invalid private key format (must be 64 hex characters)");
-  }
-}
-
-// src/client/common/telemetry/noop.ts
-var NoopClient = class {
-  /**
-   * AddMetric implements the TelemetryClient interface
-   */
-  async addMetric(_metric) {
-  }
-  /**
-   * Close implements the TelemetryClient interface
-   */
-  async close() {
+// src/client/common/config/environment.ts
+var SEPOLIA_CHAIN_ID = 11155111;
+var MAINNET_CHAIN_ID = 1;
+var CommonAddresses = {
+  ERC7702Delegator: "0x63c0c19a282a1b52b07dd5a65b58948a07dae32b"
+};
+var ChainAddresses = {
+  [MAINNET_CHAIN_ID]: {
+    PermissionController: "0x25E5F8B1E7aDf44518d35D5B2271f114e081f0E5"
+  },
+  [SEPOLIA_CHAIN_ID]: {
+    PermissionController: "0x44632dfBdCb6D3E21EF613B0ca8A6A0c618F5a37"
   }
 };
-function isNoopClient(client) {
-  return client instanceof NoopClient;
+var BILLING_ENVIRONMENTS = {
+  dev: {
+    billingApiServerURL: "https://billingapi-dev.eigencloud.xyz"
+  },
+  prod: {
+    billingApiServerURL: "https://billingapi.eigencloud.xyz"
+  }
+};
+var ENVIRONMENTS = {
+  "sepolia-dev": {
+    name: "sepolia",
+    build: "dev",
+    appControllerAddress: "0xa86DC1C47cb2518327fB4f9A1627F51966c83B92",
+    permissionControllerAddress: ChainAddresses[SEPOLIA_CHAIN_ID].PermissionController,
+    erc7702DelegatorAddress: CommonAddresses.ERC7702Delegator,
+    kmsServerURL: "http://10.128.0.57:8080",
+    userApiServerURL: "https://userapi-compute-sepolia-dev.eigencloud.xyz",
+    defaultRPCURL: "https://ethereum-sepolia-rpc.publicnode.com"
+  },
+  sepolia: {
+    name: "sepolia",
+    build: "prod",
+    appControllerAddress: "0x0dd810a6ffba6a9820a10d97b659f07d8d23d4E2",
+    permissionControllerAddress: ChainAddresses[SEPOLIA_CHAIN_ID].PermissionController,
+    erc7702DelegatorAddress: CommonAddresses.ERC7702Delegator,
+    kmsServerURL: "http://10.128.15.203:8080",
+    userApiServerURL: "https://userapi-compute-sepolia-prod.eigencloud.xyz",
+    defaultRPCURL: "https://ethereum-sepolia-rpc.publicnode.com"
+  },
+  "mainnet-alpha": {
+    name: "mainnet-alpha",
+    build: "prod",
+    appControllerAddress: "0xc38d35Fc995e75342A21CBd6D770305b142Fbe67",
+    permissionControllerAddress: ChainAddresses[MAINNET_CHAIN_ID].PermissionController,
+    erc7702DelegatorAddress: CommonAddresses.ERC7702Delegator,
+    kmsServerURL: "http://10.128.0.2:8080",
+    userApiServerURL: "https://userapi-compute.eigencloud.xyz",
+    defaultRPCURL: "https://ethereum-rpc.publicnode.com"
+  }
+};
+var CHAIN_ID_TO_ENVIRONMENT = {
+  [SEPOLIA_CHAIN_ID.toString()]: "sepolia",
+  [MAINNET_CHAIN_ID.toString()]: "mainnet-alpha"
+};
+function getEnvironmentConfig(environment, chainID) {
+  const env = ENVIRONMENTS[environment];
+  if (!env) {
+    throw new Error(`Unknown environment: ${environment}`);
+  }
+  if (!isEnvironmentAvailable(environment)) {
+    throw new Error(
+      `Environment ${environment} is not available in this build type. Available environments: ${getAvailableEnvironments().join(", ")}`
+    );
+  }
+  if (chainID) {
+    const expectedEnv = CHAIN_ID_TO_ENVIRONMENT[chainID.toString()];
+    if (expectedEnv && expectedEnv !== environment) {
+      throw new Error(`Environment ${environment} does not match chain ID ${chainID}`);
+    }
+  }
+  const resolvedChainID = chainID || (environment === "sepolia" || environment === "sepolia-dev" ? SEPOLIA_CHAIN_ID : MAINNET_CHAIN_ID);
+  return {
+    ...env,
+    chainID: BigInt(resolvedChainID)
+  };
+}
+function getBillingEnvironmentConfig(build) {
+  const config = BILLING_ENVIRONMENTS[build];
+  if (!config) {
+    throw new Error(`Unknown billing environment: ${build}`);
+  }
+  return config;
+}
+function getBuildType() {
+  const buildTimeType = true ? "dev"?.toLowerCase() : void 0;
+  const runtimeType = process.env.BUILD_TYPE?.toLowerCase();
+  const buildType = buildTimeType || runtimeType;
+  if (buildType === "dev") {
+    return "dev";
+  }
+  return "prod";
+}
+function getAvailableEnvironments() {
+  const buildType = getBuildType();
+  if (buildType === "dev") {
+    return ["sepolia-dev"];
+  }
+  return ["sepolia", "mainnet-alpha"];
+}
+function isEnvironmentAvailable(environment) {
+  return getAvailableEnvironments().includes(environment);
+}
+function isMainnet(environmentConfig) {
+  return environmentConfig.chainID === BigInt(MAINNET_CHAIN_ID);
+}
+
+// src/client/common/utils/preflight.ts
+async function doPreflightChecks(options, logger) {
+  const { walletClient, publicClient } = options;
+  logger.debug("Determining environment...");
+  const environmentConfig = getEnvironmentConfig(options.environment || "sepolia");
+  const account = walletClient.account;
+  if (!account) {
+    throw new Error("WalletClient must have an account attached");
+  }
+  logger.debug("Validating chain ID...");
+  try {
+    const chainID = await publicClient.getChainId();
+    if (BigInt(chainID) !== environmentConfig.chainID) {
+      throw new Error(`Chain ID mismatch: expected ${environmentConfig.chainID}, got ${chainID}`);
+    }
+  } catch (err) {
+    throw new Error(
+      `Cannot connect to ${environmentConfig.name} RPC at ${publicClient.transport.url}: ${err.message}`
+    );
+  }
+  return {
+    walletClient,
+    publicClient,
+    environmentConfig,
+    selfAddress: account.address
+  };
+}
+
+// src/client/common/utils/logger.ts
+var defaultLogger = {
+  info: (...args) => console.info(...args),
+  warn: (...args) => console.warn(...args),
+  error: (...args) => console.error(...args),
+  debug: (...args) => console.debug(...args)
+};
+var getLogger = (verbose) => ({
+  info: (...args) => console.info(...args),
+  warn: (...args) => console.warn(...args),
+  error: (...args) => console.error(...args),
+  debug: (...args) => verbose && console.debug(...args)
+});
+
+// src/client/common/utils/billing.ts
+function isSubscriptionActive(status) {
+  return status === "active" || status === "trialing";
+}
+
+// src/client/common/utils/billingapi.ts
+var import_axios2 = __toESM(require("axios"), 1);
+var BillingApiClient = class {
+  constructor(config, walletClient) {
+    this.config = config;
+    this.walletClient = walletClient;
+  }
+  /**
+   * Get the address of the connected wallet
+   */
+  get address() {
+    const account = this.walletClient.account;
+    if (!account) {
+      throw new Error("WalletClient must have an account attached");
+    }
+    return account.address;
+  }
+  async createSubscription(productId = "compute", options) {
+    const endpoint = `${this.config.billingApiServerURL}/products/${productId}/subscription`;
+    const body = options ? {
+      success_url: options.successUrl,
+      cancel_url: options.cancelUrl
+    } : void 0;
+    const resp = await this.makeAuthenticatedRequest(endpoint, "POST", productId, body);
+    return resp.json();
+  }
+  async getSubscription(productId = "compute") {
+    const endpoint = `${this.config.billingApiServerURL}/products/${productId}/subscription`;
+    const resp = await this.makeAuthenticatedRequest(endpoint, "GET", productId);
+    return resp.json();
+  }
+  async cancelSubscription(productId = "compute") {
+    const endpoint = `${this.config.billingApiServerURL}/products/${productId}/subscription`;
+    await this.makeAuthenticatedRequest(endpoint, "DELETE", productId);
+  }
+  /**
+   * Make an authenticated request to the billing API
+   */
+  async makeAuthenticatedRequest(url, method, productId, body) {
+    const expiry = BigInt(Math.floor(Date.now() / 1e3) + 5 * 60);
+    const { signature } = await calculateBillingAuthSignature({
+      walletClient: this.walletClient,
+      product: productId,
+      expiry
+    });
+    const headers = {
+      Authorization: `Bearer ${signature}`,
+      "X-Account": this.address,
+      "X-Expiry": expiry.toString()
+    };
+    if (body) {
+      headers["Content-Type"] = "application/json";
+    }
+    try {
+      const response = await (0, import_axios2.default)({
+        method,
+        url,
+        headers,
+        data: body,
+        timeout: 3e4,
+        maxRedirects: 0,
+        validateStatus: () => true
+        // Don't throw on any status
+      });
+      const status = response.status;
+      const statusText = status >= 200 && status < 300 ? "OK" : "Error";
+      if (status < 200 || status >= 300) {
+        const body2 = typeof response.data === "string" ? response.data : JSON.stringify(response.data);
+        throw new Error(`BillingAPI request failed: ${status} ${statusText} - ${body2}`);
+      }
+      return {
+        json: async () => response.data,
+        text: async () => typeof response.data === "string" ? response.data : JSON.stringify(response.data)
+      };
+    } catch (error) {
+      if (error.message?.includes("fetch failed") || error.message?.includes("ECONNREFUSED") || error.message?.includes("ENOTFOUND") || error.cause) {
+        const cause = error.cause?.message || error.cause || error.message;
+        throw new Error(
+          `Failed to connect to BillingAPI at ${url}: ${cause}
+Please check:
+1. Your internet connection
+2. The API server is accessible: ${this.config.billingApiServerURL}
+3. Firewall/proxy settings`
+        );
+      }
+      throw error;
+    }
+  }
+};
+
+// src/client/common/telemetry/noop.ts
+var NoopClient = class {
+  /**
+   * AddMetric implements the TelemetryClient interface
+   */
+  async addMetric(_metric) {
+  }
+  /**
+   * Close implements the TelemetryClient interface
+   */
+  async close() {
+  }
+};
+function isNoopClient(client) {
+  return client instanceof NoopClient;
 }
 
 // src/client/common/telemetry/posthog.ts
@@ -5716,7 +5902,9 @@ async function prepareDeployFromVerifiableBuild(options, logger = defaultLogger)
       }
     },
     async () => {
-      if (!options.privateKey) throw new Error("privateKey is required for deployment");
+      if (!options.walletClient.account) {
+        throw new Error("WalletClient must have an account attached");
+      }
       if (!options.imageRef) throw new Error("imageRef is required for deployment");
       if (!options.imageDigest) throw new Error("imageDigest is required for deployment");
       assertValidImageReference(options.imageRef);
@@ -5732,8 +5920,8 @@ async function prepareDeployFromVerifiableBuild(options, logger = defaultLogger)
       logger.debug("Performing preflight checks...");
       const preflightCtx = await doPreflightChecks(
         {
-          privateKey: options.privateKey,
-          rpcUrl: options.rpcUrl,
+          walletClient: options.walletClient,
+          publicClient: options.publicClient,
           environment: options.environment
         },
         logger
@@ -5743,12 +5931,12 @@ async function prepareDeployFromVerifiableBuild(options, logger = defaultLogger)
       const salt = generateRandomSalt();
       logger.debug(`Generated salt: ${Buffer.from(salt).toString("hex")}`);
       logger.debug("Calculating app ID...");
-      const appIDToBeDeployed = await calculateAppID(
-        preflightCtx.privateKey,
-        options.rpcUrl || preflightCtx.rpcUrl,
-        preflightCtx.environmentConfig,
+      const appIDToBeDeployed = await calculateAppID({
+        publicClient: preflightCtx.publicClient,
+        environmentConfig: preflightCtx.environmentConfig,
+        ownerAddress: preflightCtx.selfAddress,
         salt
-      );
+      });
       logger.info(``);
       logger.info(`App ID: ${appIDToBeDeployed}`);
       logger.info(``);
@@ -5766,12 +5954,13 @@ async function prepareDeployFromVerifiableBuild(options, logger = defaultLogger)
       logger.debug("Preparing deploy batch...");
       const batch = await prepareDeployBatch(
         {
-          privateKey: preflightCtx.privateKey,
-          rpcUrl: options.rpcUrl || preflightCtx.rpcUrl,
+          walletClient: preflightCtx.walletClient,
+          publicClient: preflightCtx.publicClient,
           environmentConfig: preflightCtx.environmentConfig,
           salt,
           release,
-          publicLogs
+          publicLogs,
+          imageRef: options.imageRef
         },
         logger
       );
@@ -5798,8 +5987,8 @@ async function prepareDeployFromVerifiableBuild(options, logger = defaultLogger)
   );
 }
 function validateDeployOptions(options) {
-  if (!options.privateKey) {
-    throw new Error("privateKey is required for deployment");
+  if (!options.walletClient.account) {
+    throw new Error("WalletClient must have an account attached");
   }
   if (!options.dockerfilePath && !options.imageRef) {
     throw new Error("Either dockerfilePath or imageRef is required for deployment");
@@ -5838,8 +6027,8 @@ async function deploy(options, logger = defaultLogger) {
       logger.debug("Performing preflight checks...");
       const preflightCtx = await doPreflightChecks(
         {
-          privateKey: options.privateKey,
-          rpcUrl: options.rpcUrl,
+          walletClient: options.walletClient,
+          publicClient: options.publicClient,
           environment: options.environment
         },
         logger
@@ -5856,12 +6045,12 @@ async function deploy(options, logger = defaultLogger) {
       const salt = generateRandomSalt();
       logger.debug(`Generated salt: ${Buffer.from(salt).toString("hex")}`);
       logger.debug("Calculating app ID...");
-      const appIDToBeDeployed = await calculateAppID(
-        preflightCtx.privateKey,
-        options.rpcUrl || preflightCtx.rpcUrl,
-        preflightCtx.environmentConfig,
+      const appIDToBeDeployed = await calculateAppID({
+        publicClient: preflightCtx.publicClient,
+        environmentConfig: preflightCtx.environmentConfig,
+        ownerAddress: preflightCtx.selfAddress,
         salt
-      );
+      });
       logger.info(``);
       logger.info(`App ID: ${appIDToBeDeployed}`);
       logger.info(``);
@@ -5882,8 +6071,8 @@ async function deploy(options, logger = defaultLogger) {
       logger.info("Deploying on-chain...");
       const deployResult = await deployApp(
         {
-          privateKey: preflightCtx.privateKey,
-          rpcUrl: options.rpcUrl || preflightCtx.rpcUrl,
+          walletClient: preflightCtx.walletClient,
+          publicClient: preflightCtx.publicClient,
           environmentConfig: preflightCtx.environmentConfig,
           salt,
           release,
@@ -5896,8 +6085,8 @@ async function deploy(options, logger = defaultLogger) {
       logger.info("Waiting for app to start...");
       const ipAddress = await watchUntilRunning(
         {
-          privateKey: preflightCtx.privateKey,
-          rpcUrl: options.rpcUrl || preflightCtx.rpcUrl,
+          walletClient: preflightCtx.walletClient,
+          publicClient: preflightCtx.publicClient,
           environmentConfig: preflightCtx.environmentConfig,
           appId: deployResult.appId
         },
@@ -5914,12 +6103,10 @@ async function deploy(options, logger = defaultLogger) {
   );
 }
 async function checkQuotaAvailable(preflightCtx) {
-  const rpcUrl = preflightCtx.rpcUrl;
-  const environmentConfig = preflightCtx.environmentConfig;
-  const userAddress = preflightCtx.selfAddress;
+  const { publicClient, environmentConfig, selfAddress: userAddress } = preflightCtx;
   let maxQuota;
   try {
-    maxQuota = await getMaxActiveAppsPerUser(rpcUrl, environmentConfig, userAddress);
+    maxQuota = await getMaxActiveAppsPerUser(publicClient, environmentConfig, userAddress);
   } catch (err) {
     throw new Error(`failed to get quota limit: ${err.message}`);
   }
@@ -5930,7 +6117,7 @@ async function checkQuotaAvailable(preflightCtx) {
   }
   let activeCount;
   try {
-    activeCount = await getActiveAppCount(rpcUrl, environmentConfig, userAddress);
+    activeCount = await getActiveAppCount(publicClient, environmentConfig, userAddress);
   } catch (err) {
     throw new Error(`failed to get active app count: ${err.message}`);
   }
@@ -5961,8 +6148,8 @@ async function prepareDeploy(options, logger = defaultLogger) {
       logger.debug("Performing preflight checks...");
       const preflightCtx = await doPreflightChecks(
         {
-          privateKey: options.privateKey,
-          rpcUrl: options.rpcUrl,
+          walletClient: options.walletClient,
+          publicClient: options.publicClient,
           environment: options.environment
         },
         logger
@@ -5979,12 +6166,12 @@ async function prepareDeploy(options, logger = defaultLogger) {
       const salt = generateRandomSalt();
       logger.debug(`Generated salt: ${Buffer.from(salt).toString("hex")}`);
       logger.debug("Calculating app ID...");
-      const appIDToBeDeployed = await calculateAppID(
-        preflightCtx.privateKey,
-        options.rpcUrl || preflightCtx.rpcUrl,
-        preflightCtx.environmentConfig,
+      const appIDToBeDeployed = await calculateAppID({
+        publicClient: preflightCtx.publicClient,
+        environmentConfig: preflightCtx.environmentConfig,
+        ownerAddress: preflightCtx.selfAddress,
         salt
-      );
+      });
       logger.info(``);
       logger.info(`App ID: ${appIDToBeDeployed}`);
       logger.info(``);
@@ -6005,12 +6192,13 @@ async function prepareDeploy(options, logger = defaultLogger) {
       logger.debug("Preparing deploy batch...");
       const batch = await prepareDeployBatch(
         {
-          privateKey: preflightCtx.privateKey,
-          rpcUrl: options.rpcUrl || preflightCtx.rpcUrl,
+          walletClient: preflightCtx.walletClient,
+          publicClient: preflightCtx.publicClient,
           environmentConfig: preflightCtx.environmentConfig,
           salt,
           release,
-          publicLogs
+          publicLogs,
+          imageRef: finalImageRef
         },
         logger
       );
@@ -6055,25 +6243,23 @@ async function executeDeploy(options) {
     }
   );
 }
-async function watchDeployment(appId, privateKey, rpcUrl, environment, logger = defaultLogger, clientId, skipTelemetry) {
+async function watchDeployment(appId, walletClient, publicClient, environmentConfig, logger = defaultLogger, skipTelemetry) {
   return withSDKTelemetry(
     {
       functionName: "watchDeployment",
       skipTelemetry,
       properties: {
-        environment
+        environment: environmentConfig.name
       }
     },
     async () => {
-      const environmentConfig = getEnvironmentConfig(environment);
       logger.info("Waiting for app to start...");
       return watchUntilRunning(
         {
-          privateKey,
-          rpcUrl,
+          walletClient,
+          publicClient,
           environmentConfig,
-          appId,
-          clientId
+          appId
         },
         logger
       );
@@ -6082,18 +6268,12 @@ async function watchDeployment(appId, privateKey, rpcUrl, environment, logger =
 }
 
 // src/client/common/utils/permissions.ts
-var import_viem8 = require("viem");
 var AnyoneCanCallAddress = "0x493219d9949348178af1f58740655951a8cd110c";
 var ApiPermissionsTarget = "0x57ee1fb74c1087e26446abc4fb87fd8f07c43d8d";
 var CanViewAppLogsPermission2 = "0x2fd3f2fe";
 async function checkAppLogPermission(preflightCtx, appAddress, logger) {
-  const chain = getChainFromID(preflightCtx.environmentConfig.chainID);
-  const publicClient = (0, import_viem8.createPublicClient)({
-    chain,
-    transport: (0, import_viem8.http)(preflightCtx.rpcUrl)
-  });
   try {
-    const canCall = await publicClient.readContract({
+    const canCall = await preflightCtx.publicClient.readContract({
       address: preflightCtx.environmentConfig.permissionControllerAddress,
       abi: PermissionController_default,
       functionName: "canCall",
@@ -6120,8 +6300,8 @@ async function prepareUpgradeFromVerifiableBuild(options, logger = defaultLogger
       logger.debug("Performing preflight checks...");
       const preflightCtx = await doPreflightChecks(
         {
-          privateKey: options.privateKey,
-          rpcUrl: options.rpcUrl,
+          walletClient: options.walletClient,
+          publicClient: options.publicClient,
           environment: options.environment
         },
         logger
@@ -6153,13 +6333,14 @@ async function prepareUpgradeFromVerifiableBuild(options, logger = defaultLogger
       const needsPermissionChange = currentlyPublic !== publicLogs;
       logger.debug("Preparing upgrade batch...");
       const batch = await prepareUpgradeBatch({
-        privateKey: preflightCtx.privateKey,
-        rpcUrl: options.rpcUrl || preflightCtx.rpcUrl,
+        walletClient: preflightCtx.walletClient,
+        publicClient: preflightCtx.publicClient,
         environmentConfig: preflightCtx.environmentConfig,
-        appId: appID,
+        appID,
         release,
         publicLogs,
-        needsPermissionChange
+        needsPermissionChange,
+        imageRef: options.imageRef
       });
       logger.debug("Estimating gas...");
       const gasEstimate = await estimateBatchGas({
@@ -6183,8 +6364,8 @@ async function prepareUpgradeFromVerifiableBuild(options, logger = defaultLogger
   );
 }
 function validateUpgradeOptions(options) {
-  if (!options.privateKey) {
-    throw new Error("privateKey is required for upgrade");
+  if (!options.walletClient?.account) {
+    throw new Error("walletClient with account is required for upgrade");
   }
   if (!options.appId) {
     throw new Error("appId is required for upgrade");
@@ -6221,8 +6402,8 @@ async function upgrade(options, logger = defaultLogger) {
       logger.debug("Performing preflight checks...");
       const preflightCtx = await doPreflightChecks(
         {
-          privateKey: options.privateKey,
-          rpcUrl: options.rpcUrl,
+          walletClient: options.walletClient,
+          publicClient: options.publicClient,
           environment: options.environment
         },
         logger
@@ -6256,10 +6437,10 @@ async function upgrade(options, logger = defaultLogger) {
       logger.info("Upgrading on-chain...");
       const txHash = await upgradeApp(
         {
-          privateKey: preflightCtx.privateKey,
-          rpcUrl: options.rpcUrl || preflightCtx.rpcUrl,
+          walletClient: preflightCtx.walletClient,
+          publicClient: preflightCtx.publicClient,
           environmentConfig: preflightCtx.environmentConfig,
-          appId: appID,
+          appID,
           release,
           publicLogs,
           needsPermissionChange,
@@ -6271,8 +6452,8 @@ async function upgrade(options, logger = defaultLogger) {
       logger.info("Waiting for upgrade to complete...");
       await watchUntilUpgradeComplete(
         {
-          privateKey: preflightCtx.privateKey,
-          rpcUrl: options.rpcUrl || preflightCtx.rpcUrl,
+          walletClient: preflightCtx.walletClient,
+          publicClient: preflightCtx.publicClient,
           environmentConfig: preflightCtx.environmentConfig,
           appId: appID
         },
@@ -6299,8 +6480,8 @@ async function prepareUpgrade(options, logger = defaultLogger) {
       logger.debug("Performing preflight checks...");
       const preflightCtx = await doPreflightChecks(
         {
-          privateKey: options.privateKey,
-          rpcUrl: options.rpcUrl,
+          walletClient: options.walletClient,
+          publicClient: options.publicClient,
           environment: options.environment
         },
         logger
@@ -6333,13 +6514,14 @@ async function prepareUpgrade(options, logger = defaultLogger) {
       const needsPermissionChange = currentlyPublic !== publicLogs;
       logger.debug("Preparing upgrade batch...");
       const batch = await prepareUpgradeBatch({
-        privateKey: preflightCtx.privateKey,
-        rpcUrl: options.rpcUrl || preflightCtx.rpcUrl,
+        walletClient: preflightCtx.walletClient,
+        publicClient: preflightCtx.publicClient,
         environmentConfig: preflightCtx.environmentConfig,
-        appId: appID,
+        appID,
         release,
         publicLogs,
-        needsPermissionChange
+        needsPermissionChange,
+        imageRef: finalImageRef
       });
       logger.debug("Estimating gas...");
       const gasEstimate = await estimateBatchGas({
@@ -6380,25 +6562,23 @@ async function executeUpgrade(options) {
     }
   );
 }
-async function watchUpgrade(appId, privateKey, rpcUrl, environment, logger = defaultLogger, clientId, skipTelemetry) {
+async function watchUpgrade(appId, walletClient, publicClient, environmentConfig, logger = defaultLogger, skipTelemetry) {
   return withSDKTelemetry(
     {
       functionName: "watchUpgrade",
       skipTelemetry,
       properties: {
-        environment
+        environment: environmentConfig.name
       }
     },
     async () => {
-      const environmentConfig = getEnvironmentConfig(environment);
       logger.info("Waiting for upgrade to complete...");
       await watchUntilUpgradeComplete(
         {
-          privateKey,
-          rpcUrl,
+          walletClient,
+          publicClient,
           environmentConfig,
-          appId,
-          clientId
+          appId
         },
         logger
       );
@@ -6962,32 +7142,25 @@ async function watchLogs(appID, userApiClient, initialLogs) {
   }
   console.log("\nStopped watching");
 }
-async function logs(options, logger = defaultLogger, skipTelemetry = false) {
-  const skipTelemetryFlag = skipTelemetry || options.skipTelemetry || false;
+async function logs(options, walletClient, publicClient, environmentConfig, logger = defaultLogger, skipTelemetry = false) {
   return withSDKTelemetry(
     {
       functionName: "logs",
-      skipTelemetry: skipTelemetryFlag,
-      properties: { environment: options.environment || "sepolia" }
+      skipTelemetry,
+      properties: { environment: environmentConfig.name }
     },
     async () => {
       console.log();
       if (!options.appID) {
         throw new Error("appID is required for viewing logs");
       }
-      const environment = options.environment || "sepolia";
-      const environmentConfig = getEnvironmentConfig(environment);
-      const rpcUrl = options.rpcUrl || environmentConfig.defaultRPCURL;
-      if (!rpcUrl) {
-        throw new Error("RPC URL is required for authenticated requests");
-      }
       const appID = validateAppID(options.appID);
       const formattedApp = formatAppDisplay(environmentConfig.name, appID, "");
       const userApiClient = new UserApiClient(
         environmentConfig,
-        options.privateKey,
-        rpcUrl,
-        options.clientId
+        walletClient,
+        publicClient,
+        options.clientId ? { clientId: options.clientId } : void 0
       );
       let logsText;
       let logsError = null;
@@ -7063,35 +7236,39 @@ async function logs(options, logger = defaultLogger, skipTelemetry = false) {
 }
 
 // src/client/modules/compute/app/index.ts
-var CONTROLLER_ABI = (0, import_viem9.parseAbi)([
+var CONTROLLER_ABI = (0, import_viem6.parseAbi)([
   "function startApp(address appId)",
   "function stopApp(address appId)",
   "function terminateApp(address appId)"
 ]);
 function encodeStartAppData(appId) {
-  return (0, import_viem9.encodeFunctionData)({
+  return (0, import_viem6.encodeFunctionData)({
     abi: CONTROLLER_ABI,
     functionName: "startApp",
     args: [appId]
   });
 }
 function encodeStopAppData(appId) {
-  return (0, import_viem9.encodeFunctionData)({
+  return (0, import_viem6.encodeFunctionData)({
     abi: CONTROLLER_ABI,
     functionName: "stopApp",
     args: [appId]
   });
 }
 function encodeTerminateAppData(appId) {
-  return (0, import_viem9.encodeFunctionData)({
+  return (0, import_viem6.encodeFunctionData)({
     abi: CONTROLLER_ABI,
     functionName: "terminateApp",
     args: [appId]
   });
 }
 function createAppModule(ctx) {
-  const privateKey = addHexPrefix(ctx.privateKey);
+  const { walletClient, publicClient } = ctx;
   const skipTelemetry = ctx.skipTelemetry || false;
+  if (!walletClient.account) {
+    throw new Error("WalletClient must have an account attached");
+  }
+  const account = walletClient.account;
   const environment = getEnvironmentConfig(ctx.environment);
   const logger = getLogger(ctx.verbose);
   return {
@@ -7102,8 +7279,8 @@ function createAppModule(ctx) {
     async deploy(opts) {
       const result = await deploy(
         {
-          privateKey,
-          rpcUrl: ctx.rpcUrl,
+          walletClient,
+          publicClient,
           environment: ctx.environment,
           appName: opts.name,
           instanceType: opts.instanceType,
@@ -7127,8 +7304,8 @@ function createAppModule(ctx) {
       const result = await upgrade(
         {
           appId,
-          privateKey,
-          rpcUrl: ctx.rpcUrl,
+          walletClient,
+          publicClient,
           environment: ctx.environment,
           instanceType: opts.instanceType,
           dockerfilePath: opts.dockerfile,
@@ -7149,8 +7326,8 @@ function createAppModule(ctx) {
     async prepareDeploy(opts) {
       return prepareDeploy(
         {
-          privateKey,
-          rpcUrl: ctx.rpcUrl,
+          walletClient,
+          publicClient,
           environment: ctx.environment,
           appName: opts.name,
           instanceType: opts.instanceType,
@@ -7167,9 +7344,9 @@ function createAppModule(ctx) {
     async prepareDeployFromVerifiableBuild(opts) {
       return prepareDeployFromVerifiableBuild(
         {
-          privateKey,
-          rpcUrl: ctx.rpcUrl,
-          environment: ctx.environment,
+          walletClient,
+          publicClient,
+          environment: ctx.environment,
           appName: opts.name,
           instanceType: opts.instanceType,
           envFilePath: opts.envFile,
@@ -7183,17 +7360,6 @@ function createAppModule(ctx) {
       );
     },
     async executeDeploy(prepared, gas) {
-      const account = (0, import_accounts5.privateKeyToAccount)(privateKey);
-      const chain = getChainFromID(environment.chainID);
-      const publicClient = (0, import_viem9.createPublicClient)({
-        chain,
-        transport: (0, import_viem9.http)(ctx.rpcUrl)
-      });
-      const walletClient = (0, import_viem9.createWalletClient)({
-        account,
-        chain,
-        transport: (0, import_viem9.http)(ctx.rpcUrl)
-      });
       const result = await executeDeploy({
         prepared,
         context: {
@@ -7209,591 +7375,260 @@ function createAppModule(ctx) {
         appId: result.appId,
         txHash: result.txHash,
         appName: result.appName,
-        imageRef: result.imageRef
-      };
-    },
-    async watchDeployment(appId) {
-      return watchDeployment(
-        appId,
-        privateKey,
-        ctx.rpcUrl,
-        ctx.environment,
-        logger,
-        ctx.clientId,
-        skipTelemetry
-      );
-    },
-    // Granular upgrade control
-    async prepareUpgrade(appId, opts) {
-      return prepareUpgrade(
-        {
-          appId,
-          privateKey,
-          rpcUrl: ctx.rpcUrl,
-          environment: ctx.environment,
-          instanceType: opts.instanceType,
-          dockerfilePath: opts.dockerfile,
-          envFilePath: opts.envFile,
-          imageRef: opts.imageRef,
-          logVisibility: opts.logVisibility,
-          resourceUsageMonitoring: opts.resourceUsageMonitoring,
-          skipTelemetry
-        },
-        logger
-      );
-    },
-    async prepareUpgradeFromVerifiableBuild(appId, opts) {
-      return prepareUpgradeFromVerifiableBuild(
-        {
-          appId,
-          privateKey,
-          rpcUrl: ctx.rpcUrl,
-          environment: ctx.environment,
-          instanceType: opts.instanceType,
-          envFilePath: opts.envFile,
-          imageRef: opts.imageRef,
-          imageDigest: opts.imageDigest,
-          logVisibility: opts.logVisibility,
-          resourceUsageMonitoring: opts.resourceUsageMonitoring,
-          skipTelemetry
-        },
-        logger
-      );
-    },
-    async executeUpgrade(prepared, gas) {
-      const account = (0, import_accounts5.privateKeyToAccount)(privateKey);
-      const chain = getChainFromID(environment.chainID);
-      const publicClient = (0, import_viem9.createPublicClient)({
-        chain,
-        transport: (0, import_viem9.http)(ctx.rpcUrl)
-      });
-      const walletClient = (0, import_viem9.createWalletClient)({
-        account,
-        chain,
-        transport: (0, import_viem9.http)(ctx.rpcUrl)
-      });
-      const result = await executeUpgrade({
-        prepared,
-        context: {
-          walletClient,
-          publicClient,
-          environmentConfig: environment
-        },
-        gas,
-        logger,
-        skipTelemetry
-      });
-      return {
-        appId: result.appId,
-        txHash: result.txHash,
-        imageRef: result.imageRef
-      };
-    },
-    async watchUpgrade(appId) {
-      return watchUpgrade(
-        appId,
-        privateKey,
-        ctx.rpcUrl,
-        ctx.environment,
-        logger,
-        ctx.clientId,
-        skipTelemetry
-      );
-    },
-    // Profile management
-    async setProfile(appId, profile) {
-      return withSDKTelemetry(
-        {
-          functionName: "setProfile",
-          skipTelemetry,
-          properties: { environment: ctx.environment }
-        },
-        async () => {
-          const userApiClient = new UserApiClient(
-            environment,
-            privateKey,
-            ctx.rpcUrl,
-            ctx.clientId
-          );
-          return userApiClient.uploadAppProfile(
-            appId,
-            profile.name,
-            profile.website,
-            profile.description,
-            profile.xURL,
-            profile.imagePath
-          );
-        }
-      );
-    },
-    async logs(opts) {
-      return logs(
-        {
-          privateKey,
-          appID: opts.appID,
-          watch: opts.watch,
-          environment: ctx.environment,
-          clientId: ctx.clientId
-        },
-        logger,
-        skipTelemetry
-        // Skip if called from CLI
-      );
-    },
-    async start(appId, opts) {
-      return withSDKTelemetry(
-        {
-          functionName: "start",
-          skipTelemetry,
-          // Skip if called from CLI
-          properties: { environment: ctx.environment }
-        },
-        async () => {
-          const pendingMessage = `Starting app ${appId}...`;
-          const data = (0, import_viem9.encodeFunctionData)({
-            abi: CONTROLLER_ABI,
-            functionName: "startApp",
-            args: [appId]
-          });
-          const tx = await sendAndWaitForTransaction(
-            {
-              privateKey,
-              rpcUrl: ctx.rpcUrl,
-              environmentConfig: environment,
-              to: environment.appControllerAddress,
-              data,
-              pendingMessage,
-              txDescription: "StartApp",
-              gas: opts?.gas
-            },
-            logger
-          );
-          return { tx };
-        }
-      );
-    },
-    async stop(appId, opts) {
-      return withSDKTelemetry(
-        {
-          functionName: "stop",
-          skipTelemetry,
-          // Skip if called from CLI
-          properties: { environment: ctx.environment }
-        },
-        async () => {
-          const pendingMessage = `Stopping app ${appId}...`;
-          const data = (0, import_viem9.encodeFunctionData)({
-            abi: CONTROLLER_ABI,
-            functionName: "stopApp",
-            args: [appId]
-          });
-          const tx = await sendAndWaitForTransaction(
-            {
-              privateKey,
-              rpcUrl: ctx.rpcUrl,
-              environmentConfig: environment,
-              to: environment.appControllerAddress,
-              data,
-              pendingMessage,
-              txDescription: "StopApp",
-              gas: opts?.gas
-            },
-            logger
-          );
-          return { tx };
-        }
-      );
-    },
-    async terminate(appId, opts) {
-      return withSDKTelemetry(
-        {
-          functionName: "terminate",
-          skipTelemetry,
-          // Skip if called from CLI
-          properties: { environment: ctx.environment }
-        },
-        async () => {
-          const pendingMessage = `Terminating app ${appId}...`;
-          const data = (0, import_viem9.encodeFunctionData)({
-            abi: CONTROLLER_ABI,
-            functionName: "terminateApp",
-            args: [appId]
-          });
-          const tx = await sendAndWaitForTransaction(
-            {
-              privateKey,
-              rpcUrl: ctx.rpcUrl,
-              environmentConfig: environment,
-              to: environment.appControllerAddress,
-              data,
-              pendingMessage,
-              txDescription: "TerminateApp",
-              gas: opts?.gas
-            },
-            logger
-          );
-          return { tx };
-        }
-      );
-    },
-    async isDelegated() {
-      return isDelegated({
-        privateKey,
-        rpcUrl: ctx.rpcUrl,
-        environmentConfig: environment
-      });
-    },
-    async undelegate() {
-      return withSDKTelemetry(
-        {
-          functionName: "undelegate",
-          skipTelemetry,
-          // Skip if called from CLI
-          properties: { environment: ctx.environment }
-        },
-        async () => {
-          const tx = await undelegate(
-            {
-              privateKey,
-              rpcUrl: ctx.rpcUrl,
-              environmentConfig: environment
-            },
-            logger
-          );
-          return { tx };
-        }
-      );
-    }
-  };
-}
-
-// src/client/modules/compute/index.ts
-function createComputeModule(config) {
-  return {
-    app: createAppModule(config)
-  };
-}
-
-// src/client/common/utils/billingapi.ts
-var import_axios2 = __toESM(require("axios"), 1);
-var import_accounts6 = require("viem/accounts");
-var BillingApiClient = class {
-  constructor(config, privateKey) {
-    this.account = (0, import_accounts6.privateKeyToAccount)(privateKey);
-    this.config = config;
-  }
-  async createSubscription(productId = "compute") {
-    const endpoint = `${this.config.billingApiServerURL}/products/${productId}/subscription`;
-    const resp = await this.makeAuthenticatedRequest(endpoint, "POST", productId);
-    return resp.json();
-  }
-  async getSubscription(productId = "compute") {
-    const endpoint = `${this.config.billingApiServerURL}/products/${productId}/subscription`;
-    const resp = await this.makeAuthenticatedRequest(endpoint, "GET", productId);
-    return resp.json();
-  }
-  async cancelSubscription(productId = "compute") {
-    const endpoint = `${this.config.billingApiServerURL}/products/${productId}/subscription`;
-    await this.makeAuthenticatedRequest(endpoint, "DELETE", productId);
-  }
-  /**
-   * Make an authenticated request to the billing API
-   */
-  async makeAuthenticatedRequest(url, method, productId) {
-    const expiry = BigInt(Math.floor(Date.now() / 1e3) + 5 * 60);
-    const { signature } = await calculateBillingAuthSignature({
-      account: this.account,
-      product: productId,
-      expiry
-    });
-    const headers = {
-      Authorization: `Bearer ${signature}`,
-      "X-Account": this.account.address,
-      "X-Expiry": expiry.toString()
-    };
-    try {
-      const response = await (0, import_axios2.default)({
-        method,
-        url,
-        headers,
-        timeout: 3e4,
-        maxRedirects: 0,
-        validateStatus: () => true
-        // Don't throw on any status
-      });
-      const status = response.status;
-      const statusText = status >= 200 && status < 300 ? "OK" : "Error";
-      if (status < 200 || status >= 300) {
-        const body = typeof response.data === "string" ? response.data : JSON.stringify(response.data);
-        throw new Error(`BillingAPI request failed: ${status} ${statusText} - ${body}`);
-      }
-      return {
-        json: async () => response.data,
-        text: async () => typeof response.data === "string" ? response.data : JSON.stringify(response.data)
-      };
-    } catch (error) {
-      if (error.message?.includes("fetch failed") || error.message?.includes("ECONNREFUSED") || error.message?.includes("ENOTFOUND") || error.cause) {
-        const cause = error.cause?.message || error.cause || error.message;
-        throw new Error(
-          `Failed to connect to BillingAPI at ${url}: ${cause}
-Please check:
-1. Your internet connection
-2. The API server is accessible: ${this.config.billingApiServerURL}
-3. Firewall/proxy settings`
-        );
-      }
-      throw error;
-    }
-  }
-};
-
-// src/client/common/auth/keyring.ts
-var import_keyring = require("@napi-rs/keyring");
-var import_accounts7 = require("viem/accounts");
-var SERVICE_NAME = "ecloud";
-var ACCOUNT_NAME = "key";
-var EIGENX_SERVICE_NAME = "eigenx-cli";
-var EIGENX_DEV_SERVICE_NAME = "eigenx-cli-dev";
-var EIGENX_ACCOUNT_PREFIX = "eigenx-";
-var GO_KEYRING_BASE64_PREFIX = "go-keyring-base64:";
-var GO_KEYRING_ENCODED_PREFIX = "go-keyring-encoded:";
-async function storePrivateKey(privateKey) {
-  const normalizedKey = normalizePrivateKey(privateKey);
-  const isValid = validatePrivateKey2(normalizedKey);
-  if (!isValid) {
-    throw new Error("Invalid private key format");
-  }
-  const entry = new import_keyring.AsyncEntry(SERVICE_NAME, ACCOUNT_NAME);
-  try {
-    await entry.setPassword(normalizedKey);
-  } catch (err) {
-    throw new Error(
-      `Failed to store key in OS keyring: ${err?.message ?? err}. Ensure keyring service is available.`
-    );
-  }
-}
-async function getPrivateKey() {
-  const entry = new import_keyring.AsyncEntry(SERVICE_NAME, ACCOUNT_NAME);
-  try {
-    const key = await entry.getPassword();
-    if (key && validatePrivateKey2(key)) {
-      return key;
-    }
-  } catch {
-  }
-  return null;
-}
-async function deletePrivateKey() {
-  const entry = new import_keyring.AsyncEntry(SERVICE_NAME, ACCOUNT_NAME);
-  try {
-    await entry.deletePassword();
-    return true;
-  } catch {
-    console.warn("No key found in keyring");
-    return false;
-  }
-}
-async function listStoredKeys() {
-  const keys = [];
-  const creds = (0, import_keyring.findCredentials)(SERVICE_NAME);
-  for (const cred of creds) {
-    if (cred.account === ACCOUNT_NAME) {
-      try {
-        const address = getAddressFromPrivateKey(cred.password);
-        keys.push({ address });
-      } catch (err) {
-        console.warn(`Warning: Invalid key found, skipping: ${err}`);
-      }
-    }
-  }
-  return keys;
-}
-async function keyExists() {
-  const key = await getPrivateKey();
-  return key !== null;
-}
-async function getLegacyKeys() {
-  const keys = [];
-  try {
-    const eigenxCreds = (0, import_keyring.findCredentials)(EIGENX_SERVICE_NAME);
-    for (const cred of eigenxCreds) {
-      const accountName = cred.account;
-      if (!accountName.startsWith(EIGENX_ACCOUNT_PREFIX)) {
-        continue;
-      }
-      const environment = accountName.substring(EIGENX_ACCOUNT_PREFIX.length);
-      try {
-        const decodedKey = decodeGoKeyringValue(cred.password);
-        const address = getAddressFromPrivateKey(decodedKey);
-        keys.push({ environment, address, source: "eigenx" });
-      } catch (err) {
-        console.warn(
-          `Warning: Invalid key found for ${environment} (eigenx-cli), skipping: ${err}`
-        );
-      }
-    }
-  } catch {
-  }
-  try {
-    const eigenxDevCreds = (0, import_keyring.findCredentials)(EIGENX_DEV_SERVICE_NAME);
-    for (const cred of eigenxDevCreds) {
-      const accountName = cred.account;
-      if (!accountName.startsWith(EIGENX_ACCOUNT_PREFIX)) {
-        continue;
-      }
-      const environment = accountName.substring(EIGENX_ACCOUNT_PREFIX.length);
-      try {
-        const decodedKey = decodeGoKeyringValue(cred.password);
-        const address = getAddressFromPrivateKey(decodedKey);
-        keys.push({ environment, address, source: "eigenx-dev" });
-      } catch (err) {
-        console.warn(
-          `Warning: Invalid key found for ${environment} (eigenx-dev), skipping: ${err}`
-        );
-      }
-    }
-  } catch {
-  }
-  return keys;
-}
-async function getLegacyPrivateKey(environment, source) {
-  const serviceName = source === "eigenx" ? EIGENX_SERVICE_NAME : EIGENX_DEV_SERVICE_NAME;
-  const accountName = EIGENX_ACCOUNT_PREFIX + environment;
-  const entry = new import_keyring.AsyncEntry(serviceName, accountName);
-  try {
-    const rawKey = await entry.getPassword();
-    if (rawKey) {
-      const decodedKey = decodeGoKeyringValue(rawKey);
-      if (validatePrivateKey2(decodedKey)) {
-        return decodedKey;
-      }
-    }
-  } catch {
-  }
-  return null;
-}
-async function deleteLegacyPrivateKey(environment, source) {
-  const serviceName = source === "eigenx" ? EIGENX_SERVICE_NAME : EIGENX_DEV_SERVICE_NAME;
-  const accountName = EIGENX_ACCOUNT_PREFIX + environment;
-  const entry = new import_keyring.AsyncEntry(serviceName, accountName);
-  try {
-    await entry.deletePassword();
-    return true;
-  } catch {
-    console.warn(`No key found for ${environment} in ${source}`);
-    return false;
-  }
-}
-function validatePrivateKey2(privateKey) {
-  try {
-    getAddressFromPrivateKey(privateKey);
-    return true;
-  } catch {
-    return false;
-  }
-}
-function getAddressFromPrivateKey(privateKey) {
-  const normalized = normalizePrivateKey(privateKey);
-  return (0, import_accounts7.privateKeyToAddress)(normalized);
-}
-function decodeGoKeyringValue(rawValue) {
-  if (rawValue.startsWith(GO_KEYRING_BASE64_PREFIX)) {
-    const encoded = rawValue.substring(GO_KEYRING_BASE64_PREFIX.length);
-    try {
-      const decoded = Buffer.from(encoded, "base64").toString("utf8");
-      return decoded;
-    } catch (err) {
-      console.warn(`Warning: Failed to decode go-keyring base64 value: ${err}`);
-      return rawValue;
-    }
-  }
-  if (rawValue.startsWith(GO_KEYRING_ENCODED_PREFIX)) {
-    const encoded = rawValue.substring(GO_KEYRING_ENCODED_PREFIX.length);
-    try {
-      const decoded = Buffer.from(encoded, "hex").toString("utf8");
-      return decoded;
-    } catch (err) {
-      console.warn(`Warning: Failed to decode go-keyring hex value: ${err}`);
-      return rawValue;
-    }
-  }
-  return rawValue;
-}
-function normalizePrivateKey(privateKey) {
-  if (!privateKey.startsWith("0x")) {
-    return `0x${privateKey}`;
-  }
-  return privateKey;
-}
-
-// src/client/common/auth/resolver.ts
-async function getPrivateKeyWithSource(options) {
-  if (options.privateKey) {
-    if (!validatePrivateKey2(options.privateKey)) {
-      throw new Error(
-        "Invalid private key format provided via command flag. Please check and try again."
+        imageRef: result.imageRef
+      };
+    },
+    async watchDeployment(appId) {
+      return watchDeployment(
+        appId,
+        walletClient,
+        publicClient,
+        environment,
+        logger,
+        skipTelemetry
       );
-    }
-    return {
-      key: options.privateKey,
-      source: "command flag"
-    };
-  }
-  const envKey = process.env.ECLOUD_PRIVATE_KEY;
-  if (envKey) {
-    if (!validatePrivateKey2(envKey)) {
-      throw new Error(
-        "Invalid private key format provided via environment variable. Please check and try again."
+    },
+    // Granular upgrade control
+    async prepareUpgrade(appId, opts) {
+      return prepareUpgrade(
+        {
+          appId,
+          walletClient,
+          publicClient,
+          environment: ctx.environment,
+          instanceType: opts.instanceType,
+          dockerfilePath: opts.dockerfile,
+          envFilePath: opts.envFile,
+          imageRef: opts.imageRef,
+          logVisibility: opts.logVisibility,
+          resourceUsageMonitoring: opts.resourceUsageMonitoring,
+          skipTelemetry
+        },
+        logger
+      );
+    },
+    async prepareUpgradeFromVerifiableBuild(appId, opts) {
+      return prepareUpgradeFromVerifiableBuild(
+        {
+          appId,
+          walletClient,
+          publicClient,
+          environment: ctx.environment,
+          instanceType: opts.instanceType,
+          envFilePath: opts.envFile,
+          imageRef: opts.imageRef,
+          imageDigest: opts.imageDigest,
+          logVisibility: opts.logVisibility,
+          resourceUsageMonitoring: opts.resourceUsageMonitoring,
+          skipTelemetry
+        },
+        logger
+      );
+    },
+    async executeUpgrade(prepared, gas) {
+      const result = await executeUpgrade({
+        prepared,
+        context: {
+          walletClient,
+          publicClient,
+          environmentConfig: environment
+        },
+        gas,
+        logger,
+        skipTelemetry
+      });
+      return {
+        appId: result.appId,
+        txHash: result.txHash,
+        imageRef: result.imageRef
+      };
+    },
+    async watchUpgrade(appId) {
+      return watchUpgrade(appId, walletClient, publicClient, environment, logger, skipTelemetry);
+    },
+    // Profile management
+    async setProfile(appId, profile) {
+      return withSDKTelemetry(
+        {
+          functionName: "setProfile",
+          skipTelemetry,
+          properties: { environment: ctx.environment }
+        },
+        async () => {
+          const userApiClient = new UserApiClient(
+            environment,
+            walletClient,
+            publicClient,
+            ctx.clientId ? { clientId: ctx.clientId } : void 0
+          );
+          return userApiClient.uploadAppProfile(appId, profile.name, {
+            website: profile.website,
+            description: profile.description,
+            xURL: profile.xURL,
+            image: profile.image,
+            imageName: profile.imageName
+          });
+        }
+      );
+    },
+    async logs(opts) {
+      return logs(
+        {
+          appID: opts.appID,
+          watch: opts.watch,
+          clientId: ctx.clientId
+        },
+        walletClient,
+        publicClient,
+        environment,
+        logger,
+        skipTelemetry
+      );
+    },
+    async start(appId, opts) {
+      return withSDKTelemetry(
+        {
+          functionName: "start",
+          skipTelemetry,
+          // Skip if called from CLI
+          properties: { environment: ctx.environment }
+        },
+        async () => {
+          const pendingMessage = `Starting app ${appId}...`;
+          const data = (0, import_viem6.encodeFunctionData)({
+            abi: CONTROLLER_ABI,
+            functionName: "startApp",
+            args: [appId]
+          });
+          const tx = await sendAndWaitForTransaction(
+            {
+              walletClient,
+              publicClient,
+              environmentConfig: environment,
+              to: environment.appControllerAddress,
+              data,
+              pendingMessage,
+              txDescription: "StartApp",
+              gas: opts?.gas
+            },
+            logger
+          );
+          return { tx };
+        }
+      );
+    },
+    async stop(appId, opts) {
+      return withSDKTelemetry(
+        {
+          functionName: "stop",
+          skipTelemetry,
+          // Skip if called from CLI
+          properties: { environment: ctx.environment }
+        },
+        async () => {
+          const pendingMessage = `Stopping app ${appId}...`;
+          const data = (0, import_viem6.encodeFunctionData)({
+            abi: CONTROLLER_ABI,
+            functionName: "stopApp",
+            args: [appId]
+          });
+          const tx = await sendAndWaitForTransaction(
+            {
+              walletClient,
+              publicClient,
+              environmentConfig: environment,
+              to: environment.appControllerAddress,
+              data,
+              pendingMessage,
+              txDescription: "StopApp",
+              gas: opts?.gas
+            },
+            logger
+          );
+          return { tx };
+        }
+      );
+    },
+    async terminate(appId, opts) {
+      return withSDKTelemetry(
+        {
+          functionName: "terminate",
+          skipTelemetry,
+          // Skip if called from CLI
+          properties: { environment: ctx.environment }
+        },
+        async () => {
+          const pendingMessage = `Terminating app ${appId}...`;
+          const data = (0, import_viem6.encodeFunctionData)({
+            abi: CONTROLLER_ABI,
+            functionName: "terminateApp",
+            args: [appId]
+          });
+          const tx = await sendAndWaitForTransaction(
+            {
+              walletClient,
+              publicClient,
+              environmentConfig: environment,
+              to: environment.appControllerAddress,
+              data,
+              pendingMessage,
+              txDescription: "TerminateApp",
+              gas: opts?.gas
+            },
+            logger
+          );
+          return { tx };
+        }
+      );
+    },
+    async isDelegated() {
+      return isDelegated({
+        publicClient,
+        environmentConfig: environment,
+        address: account.address
+      });
+    },
+    async undelegate() {
+      return withSDKTelemetry(
+        {
+          functionName: "undelegate",
+          skipTelemetry,
+          // Skip if called from CLI
+          properties: { environment: ctx.environment }
+        },
+        async () => {
+          const tx = await undelegate(
+            {
+              walletClient,
+              publicClient,
+              environmentConfig: environment
+            },
+            logger
+          );
+          return { tx };
+        }
       );
     }
-    return {
-      key: envKey,
-      source: "environment variable (ECLOUD_PRIVATE_KEY)"
-    };
-  }
-  const keyringKey = await getPrivateKey();
-  if (keyringKey) {
-    return {
-      key: keyringKey,
-      source: "stored credentials"
-    };
-  }
-  return null;
-}
-async function requirePrivateKey(options) {
-  const result = await getPrivateKeyWithSource({
-    privateKey: options.privateKey
-  });
-  if (!result) {
-    throw new Error(
-      `Private key required. Please provide it via:
-  \u2022 Keyring: ecloud auth login
-  \u2022 Flag: --private-key YOUR_KEY
-  \u2022 Environment: export ECLOUD_PRIVATE_KEY=YOUR_KEY`
-    );
-  }
-  return result;
+  };
 }
 
-// src/client/common/auth/generate.ts
-var import_accounts8 = require("viem/accounts");
-function generateNewPrivateKey() {
-  const privateKey = (0, import_accounts8.generatePrivateKey)();
-  const address = (0, import_accounts8.privateKeyToAddress)(privateKey);
+// src/client/modules/compute/index.ts
+function createComputeModule(config) {
   return {
-    privateKey,
-    address
+    app: createAppModule(config)
   };
 }
 
 // src/client/modules/billing/index.ts
 function createBillingModule(config) {
-  const { verbose = false, skipTelemetry = false } = config;
-  const privateKey = addHexPrefix(config.privateKey);
-  const address = getAddressFromPrivateKey(privateKey);
+  const { verbose = false, skipTelemetry = false, walletClient } = config;
+  if (!walletClient.account) {
+    throw new Error("WalletClient must have an account attached");
+  }
+  const address = walletClient.account.address;
   const logger = getLogger(verbose);
   const billingEnvConfig = getBillingEnvironmentConfig(getBuildType());
-  const billingApi = new BillingApiClient(billingEnvConfig, privateKey);
+  const billingApi = new BillingApiClient(billingEnvConfig, walletClient);
   return {
     address,
     async subscribe(opts) {
@@ -7883,14 +7718,52 @@ function createBillingModule(config) {
 
 // src/client/common/utils/buildapi.ts
 var import_axios3 = __toESM(require("axios"), 1);
-var import_accounts9 = require("viem/accounts");
+var MAX_RETRIES = 5;
+var INITIAL_BACKOFF_MS = 1e3;
+var MAX_BACKOFF_MS = 3e4;
+async function sleep2(ms) {
+  return new Promise((resolve2) => setTimeout(resolve2, ms));
+}
+function getRetryDelay(res, attempt) {
+  const retryAfter = res.headers["retry-after"];
+  if (retryAfter) {
+    const seconds = parseInt(retryAfter, 10);
+    if (!isNaN(seconds)) {
+      return Math.min(seconds * 1e3, MAX_BACKOFF_MS);
+    }
+  }
+  return Math.min(INITIAL_BACKOFF_MS * Math.pow(2, attempt), MAX_BACKOFF_MS);
+}
+async function requestWithRetry(config) {
+  let lastResponse;
+  for (let attempt = 0; attempt <= MAX_RETRIES; attempt++) {
+    const res = await (0, import_axios3.default)({ ...config, validateStatus: () => true });
+    lastResponse = res;
+    if (res.status !== 429) {
+      return res;
+    }
+    if (attempt < MAX_RETRIES) {
+      const delay = getRetryDelay(res, attempt);
+      await sleep2(delay);
+    }
+  }
+  return lastResponse;
+}
 var BuildApiClient = class {
   constructor(options) {
     this.baseUrl = options.baseUrl.replace(/\/+$/, "");
     this.clientId = options.clientId;
-    if (options.privateKey) {
-      this.account = (0, import_accounts9.privateKeyToAccount)(options.privateKey);
+    this.walletClient = options.walletClient;
+  }
+  /**
+   * Get the address of the connected wallet
+   */
+  get address() {
+    const account = this.walletClient?.account;
+    if (!account) {
+      throw new Error("WalletClient must have an account attached");
     }
+    return account.address;
   }
   async submitBuild(payload) {
     return this.authenticatedJsonRequest("/builds", "POST", payload);
@@ -7908,74 +7781,74 @@ var BuildApiClient = class {
     return this.authenticatedTextRequest(`/builds/${encodeURIComponent(buildId)}/logs`);
   }
   async listBuilds(params) {
-    const res = await (0, import_axios3.default)({
+    const res = await requestWithRetry({
       url: `${this.baseUrl}/builds`,
       method: "GET",
       params,
       headers: this.clientId ? { "x-client-id": this.clientId } : void 0,
-      timeout: 6e4,
-      validateStatus: () => true
+      timeout: 6e4
     });
     if (res.status < 200 || res.status >= 300) throw buildApiHttpError(res);
     return res.data;
   }
   async publicJsonRequest(path8) {
-    const res = await (0, import_axios3.default)({
+    const res = await requestWithRetry({
       url: `${this.baseUrl}${path8}`,
       method: "GET",
       headers: this.clientId ? { "x-client-id": this.clientId } : void 0,
-      timeout: 6e4,
-      validateStatus: () => true
+      timeout: 6e4
     });
     if (res.status < 200 || res.status >= 300) throw buildApiHttpError(res);
     return res.data;
   }
   async authenticatedJsonRequest(path8, method, body) {
-    if (!this.account) throw new Error("Private key required for authenticated requests");
+    if (!this.walletClient?.account) {
+      throw new Error("WalletClient with account required for authenticated requests");
+    }
     const headers = {
       "Content-Type": "application/json"
     };
     if (this.clientId) headers["x-client-id"] = this.clientId;
     const expiry = BigInt(Math.floor(Date.now() / 1e3) + 60);
     const { signature } = await calculateBillingAuthSignature({
-      account: this.account,
+      walletClient: this.walletClient,
       product: "compute",
       expiry
     });
     headers.Authorization = `Bearer ${signature}`;
     headers["X-eigenx-expiry"] = expiry.toString();
-    headers["X-Account"] = this.account.address;
-    const res = await (0, import_axios3.default)({
+    headers["X-Account"] = this.address;
+    const res = await requestWithRetry({
       url: `${this.baseUrl}${path8}`,
       method,
       headers,
       data: body,
-      timeout: 6e4,
-      validateStatus: () => true
+      timeout: 6e4
     });
     if (res.status < 200 || res.status >= 300) throw buildApiHttpError(res);
     return res.data;
   }
   async authenticatedTextRequest(path8) {
-    if (!this.account) throw new Error("Private key required for authenticated requests");
+    if (!this.walletClient?.account) {
+      throw new Error("WalletClient with account required for authenticated requests");
+    }
     const headers = {};
     if (this.clientId) headers["x-client-id"] = this.clientId;
     const expiry = BigInt(Math.floor(Date.now() / 1e3) + 60);
     const { signature } = await calculateBillingAuthSignature({
-      account: this.account,
+      walletClient: this.walletClient,
       product: "compute",
       expiry
     });
     headers.Authorization = `Bearer ${signature}`;
     headers["X-eigenx-expiry"] = expiry.toString();
-    headers["X-Account"] = this.account.address;
-    const res = await (0, import_axios3.default)({
+    headers["X-Account"] = this.address;
+    const res = await requestWithRetry({
       url: `${this.baseUrl}${path8}`,
       method: "GET",
       headers,
       timeout: 6e4,
-      responseType: "text",
-      validateStatus: () => true
+      responseType: "text"
     });
     if (res.status < 200 || res.status >= 300) throw buildApiHttpError(res);
     return typeof res.data === "string" ? res.data : JSON.stringify(res.data);
@@ -8050,13 +7923,13 @@ var BadRequestError = class extends BuildError {
 var DEFAULT_POLL_INTERVAL = 2e3;
 var DEFAULT_TIMEOUT = 30 * 60 * 1e3;
 function createBuildModule(config) {
-  const { verbose = false, skipTelemetry = false } = config;
+  const { verbose = false, skipTelemetry = false, walletClient } = config;
   const logger = getLogger(verbose);
   const environment = config.environment || "sepolia";
   const environmentConfig = getEnvironmentConfig(environment);
   const api = new BuildApiClient({
     baseUrl: environmentConfig.userApiServerURL,
-    privateKey: config.privateKey ? addHexPrefix(config.privateKey) : void 0,
+    walletClient,
     clientId: config.clientId
   });
   return {
@@ -8068,7 +7941,7 @@ function createBuildModule(config) {
           properties: { environment, repoUrl: request.repoUrl }
         },
         async () => {
-          if (!config.privateKey) throw new AuthRequiredError("Private key required for submit()");
+          if (!walletClient) throw new AuthRequiredError("walletClient required for submit()");
           const data = await api.submitBuild({
             repo_url: request.repoUrl,
             git_ref: request.gitRef,
@@ -8127,7 +8000,7 @@ function createBuildModule(config) {
       return withSDKTelemetry(
         { functionName: "build.getLogs", skipTelemetry, properties: { environment, buildId } },
         async () => {
-          if (!config.privateKey) throw new AuthRequiredError("Private key required for getLogs()");
+          if (!walletClient) throw new AuthRequiredError("walletClient required for getLogs()");
           return api.getLogs(buildId);
         }
       );
@@ -8164,7 +8037,7 @@ function createBuildModule(config) {
         if (build.status === BUILD_STATUS.FAILED) {
           throw new BuildFailedError(build.errorMessage ?? "Build failed", buildId);
         }
-        await sleep2(pollIntervalMs);
+        await sleep3(pollIntervalMs);
       }
     },
     async *streamLogs(buildId, pollIntervalMs = DEFAULT_POLL_INTERVAL) {
@@ -8186,12 +8059,12 @@ function createBuildModule(config) {
           lastLength = logs2.length;
         }
         if (build.status !== BUILD_STATUS.BUILDING) break;
-        await sleep2(pollIntervalMs);
+        await sleep3(pollIntervalMs);
       }
     }
   };
 }
-function sleep2(ms) {
+function sleep3(ms) {
   return new Promise((resolve2) => setTimeout(resolve2, ms));
 }
 function transformBuild(raw) {
@@ -8235,14 +8108,321 @@ function transformVerifyResult(raw) {
   };
 }
 
+// src/client/common/auth/keyring.ts
+var import_keyring = require("@napi-rs/keyring");
+var import_accounts2 = require("viem/accounts");
+var SERVICE_NAME = "ecloud";
+var ACCOUNT_NAME = "key";
+var EIGENX_SERVICE_NAME = "eigenx-cli";
+var EIGENX_DEV_SERVICE_NAME = "eigenx-cli-dev";
+var EIGENX_ACCOUNT_PREFIX = "eigenx-";
+var GO_KEYRING_BASE64_PREFIX = "go-keyring-base64:";
+var GO_KEYRING_ENCODED_PREFIX = "go-keyring-encoded:";
+async function storePrivateKey(privateKey) {
+  const normalizedKey = normalizePrivateKey(privateKey);
+  const isValid = validatePrivateKey(normalizedKey);
+  if (!isValid) {
+    throw new Error("Invalid private key format");
+  }
+  const entry = new import_keyring.AsyncEntry(SERVICE_NAME, ACCOUNT_NAME);
+  try {
+    await entry.setPassword(normalizedKey);
+  } catch (err) {
+    throw new Error(
+      `Failed to store key in OS keyring: ${err?.message ?? err}. Ensure keyring service is available.`
+    );
+  }
+}
+async function getPrivateKey() {
+  const entry = new import_keyring.AsyncEntry(SERVICE_NAME, ACCOUNT_NAME);
+  try {
+    const key = await entry.getPassword();
+    if (key && validatePrivateKey(key)) {
+      return key;
+    }
+  } catch {
+  }
+  return null;
+}
+async function deletePrivateKey() {
+  const entry = new import_keyring.AsyncEntry(SERVICE_NAME, ACCOUNT_NAME);
+  try {
+    await entry.deletePassword();
+    return true;
+  } catch {
+    console.warn("No key found in keyring");
+    return false;
+  }
+}
+async function listStoredKeys() {
+  const keys = [];
+  const creds = (0, import_keyring.findCredentials)(SERVICE_NAME);
+  for (const cred of creds) {
+    if (cred.account === ACCOUNT_NAME) {
+      try {
+        const address = getAddressFromPrivateKey(cred.password);
+        keys.push({ address });
+      } catch (err) {
+        console.warn(`Warning: Invalid key found, skipping: ${err}`);
+      }
+    }
+  }
+  return keys;
+}
+async function keyExists() {
+  const key = await getPrivateKey();
+  return key !== null;
+}
+async function getLegacyKeys() {
+  const keys = [];
+  try {
+    const eigenxCreds = (0, import_keyring.findCredentials)(EIGENX_SERVICE_NAME);
+    for (const cred of eigenxCreds) {
+      const accountName = cred.account;
+      if (!accountName.startsWith(EIGENX_ACCOUNT_PREFIX)) {
+        continue;
+      }
+      const environment = accountName.substring(EIGENX_ACCOUNT_PREFIX.length);
+      try {
+        const decodedKey = decodeGoKeyringValue(cred.password);
+        const address = getAddressFromPrivateKey(decodedKey);
+        keys.push({ environment, address, source: "eigenx" });
+      } catch (err) {
+        console.warn(
+          `Warning: Invalid key found for ${environment} (eigenx-cli), skipping: ${err}`
+        );
+      }
+    }
+  } catch {
+  }
+  try {
+    const eigenxDevCreds = (0, import_keyring.findCredentials)(EIGENX_DEV_SERVICE_NAME);
+    for (const cred of eigenxDevCreds) {
+      const accountName = cred.account;
+      if (!accountName.startsWith(EIGENX_ACCOUNT_PREFIX)) {
+        continue;
+      }
+      const environment = accountName.substring(EIGENX_ACCOUNT_PREFIX.length);
+      try {
+        const decodedKey = decodeGoKeyringValue(cred.password);
+        const address = getAddressFromPrivateKey(decodedKey);
+        keys.push({ environment, address, source: "eigenx-dev" });
+      } catch (err) {
+        console.warn(
+          `Warning: Invalid key found for ${environment} (eigenx-dev), skipping: ${err}`
+        );
+      }
+    }
+  } catch {
+  }
+  return keys;
+}
+async function getLegacyPrivateKey(environment, source) {
+  const serviceName = source === "eigenx" ? EIGENX_SERVICE_NAME : EIGENX_DEV_SERVICE_NAME;
+  const accountName = EIGENX_ACCOUNT_PREFIX + environment;
+  const entry = new import_keyring.AsyncEntry(serviceName, accountName);
+  try {
+    const rawKey = await entry.getPassword();
+    if (rawKey) {
+      const decodedKey = decodeGoKeyringValue(rawKey);
+      if (validatePrivateKey(decodedKey)) {
+        return decodedKey;
+      }
+    }
+  } catch {
+  }
+  return null;
+}
+async function deleteLegacyPrivateKey(environment, source) {
+  const serviceName = source === "eigenx" ? EIGENX_SERVICE_NAME : EIGENX_DEV_SERVICE_NAME;
+  const accountName = EIGENX_ACCOUNT_PREFIX + environment;
+  const entry = new import_keyring.AsyncEntry(serviceName, accountName);
+  try {
+    await entry.deletePassword();
+    return true;
+  } catch {
+    console.warn(`No key found for ${environment} in ${source}`);
+    return false;
+  }
+}
+function validatePrivateKey(privateKey) {
+  try {
+    getAddressFromPrivateKey(privateKey);
+    return true;
+  } catch {
+    return false;
+  }
+}
+function getAddressFromPrivateKey(privateKey) {
+  const normalized = normalizePrivateKey(privateKey);
+  return (0, import_accounts2.privateKeyToAddress)(normalized);
+}
+function decodeGoKeyringValue(rawValue) {
+  if (rawValue.startsWith(GO_KEYRING_BASE64_PREFIX)) {
+    const encoded = rawValue.substring(GO_KEYRING_BASE64_PREFIX.length);
+    try {
+      const decoded = Buffer.from(encoded, "base64").toString("utf8");
+      return decoded;
+    } catch (err) {
+      console.warn(`Warning: Failed to decode go-keyring base64 value: ${err}`);
+      return rawValue;
+    }
+  }
+  if (rawValue.startsWith(GO_KEYRING_ENCODED_PREFIX)) {
+    const encoded = rawValue.substring(GO_KEYRING_ENCODED_PREFIX.length);
+    try {
+      const decoded = Buffer.from(encoded, "hex").toString("utf8");
+      return decoded;
+    } catch (err) {
+      console.warn(`Warning: Failed to decode go-keyring hex value: ${err}`);
+      return rawValue;
+    }
+  }
+  return rawValue;
+}
+function normalizePrivateKey(privateKey) {
+  if (!privateKey.startsWith("0x")) {
+    return `0x${privateKey}`;
+  }
+  return privateKey;
+}
+
+// src/client/common/auth/resolver.ts
+async function getPrivateKeyWithSource(options) {
+  if (options.privateKey) {
+    if (!validatePrivateKey(options.privateKey)) {
+      throw new Error(
+        "Invalid private key format provided via command flag. Please check and try again."
+      );
+    }
+    return {
+      key: options.privateKey,
+      source: "command flag"
+    };
+  }
+  const envKey = process.env.ECLOUD_PRIVATE_KEY;
+  if (envKey) {
+    if (!validatePrivateKey(envKey)) {
+      throw new Error(
+        "Invalid private key format provided via environment variable. Please check and try again."
+      );
+    }
+    return {
+      key: envKey,
+      source: "environment variable (ECLOUD_PRIVATE_KEY)"
+    };
+  }
+  const keyringKey = await getPrivateKey();
+  if (keyringKey) {
+    return {
+      key: keyringKey,
+      source: "stored credentials"
+    };
+  }
+  return null;
+}
+async function requirePrivateKey(options) {
+  const result = await getPrivateKeyWithSource({
+    privateKey: options.privateKey
+  });
+  if (!result) {
+    throw new Error(
+      `Private key required. Please provide it via:
+  \u2022 Keyring: ecloud auth login
+  \u2022 Flag: --private-key YOUR_KEY
+  \u2022 Environment: export ECLOUD_PRIVATE_KEY=YOUR_KEY`
+    );
+  }
+  return result;
+}
+
+// src/client/common/auth/generate.ts
+var import_accounts3 = require("viem/accounts");
+function generateNewPrivateKey() {
+  const privateKey = (0, import_accounts3.generatePrivateKey)();
+  const address = (0, import_accounts3.privateKeyToAddress)(privateKey);
+  return {
+    privateKey,
+    address
+  };
+}
+
+// src/client/common/auth/siwe.ts
+var import_siwe = require("siwe");
+var generateNonce = import_siwe.generateNonce;
+function createSiweMessage(params) {
+  const now = /* @__PURE__ */ new Date();
+  const nonce = params.nonce || generateNonce();
+  const issuedAt = params.issuedAt || now;
+  const expirationTime = params.expirationTime || new Date(now.getTime() + 24 * 60 * 60 * 1e3);
+  const siweMessage = new import_siwe.SiweMessage({
+    domain: params.domain,
+    address: params.address,
+    statement: params.statement,
+    uri: params.uri,
+    version: "1",
+    chainId: params.chainId,
+    nonce,
+    issuedAt: issuedAt.toISOString(),
+    expirationTime: expirationTime.toISOString(),
+    notBefore: params.notBefore?.toISOString(),
+    requestId: params.requestId,
+    resources: params.resources
+  });
+  return {
+    message: siweMessage.prepareMessage(),
+    params: {
+      address: params.address,
+      chainId: params.chainId,
+      domain: params.domain,
+      uri: params.uri,
+      nonce,
+      issuedAt,
+      statement: params.statement,
+      expirationTime,
+      notBefore: params.notBefore,
+      requestId: params.requestId,
+      resources: params.resources
+    }
+  };
+}
+function parseSiweMessage(message) {
+  try {
+    const siweMessage = new import_siwe.SiweMessage(message);
+    return {
+      address: siweMessage.address,
+      chainId: siweMessage.chainId,
+      domain: siweMessage.domain,
+      uri: siweMessage.uri,
+      nonce: siweMessage.nonce,
+      statement: siweMessage.statement,
+      issuedAt: siweMessage.issuedAt ? new Date(siweMessage.issuedAt) : void 0,
+      expirationTime: siweMessage.expirationTime ? new Date(siweMessage.expirationTime) : void 0,
+      notBefore: siweMessage.notBefore ? new Date(siweMessage.notBefore) : void 0,
+      requestId: siweMessage.requestId,
+      resources: siweMessage.resources
+    };
+  } catch {
+    return null;
+  }
+}
+function isSiweMessageExpired(params) {
+  if (!params.expirationTime) return false;
+  return /* @__PURE__ */ new Date() > params.expirationTime;
+}
+function isSiweMessageNotYetValid(params) {
+  if (!params.notBefore) return false;
+  return /* @__PURE__ */ new Date() < params.notBefore;
+}
+
 // src/client/common/utils/instance.ts
 async function getCurrentInstanceType(preflightCtx, appID, logger, clientId) {
   try {
     const userApiClient = new UserApiClient(
       preflightCtx.environmentConfig,
-      preflightCtx.privateKey,
-      preflightCtx.rpcUrl,
-      clientId
+      preflightCtx.walletClient,
+      preflightCtx.publicClient,
+      clientId ? { clientId } : void 0
     );
     const infos = await userApiClient.getInfos([appID], 1);
     if (infos.length === 0) {
@@ -8274,16 +8454,21 @@ function createECloudClient(cfg) {
       `RPC URL is required. Provide via options.rpcUrl, RPC_URL env var, or ensure environment has default RPC URL`
     );
   }
+  const { walletClient, publicClient } = createClients({
+    privateKey: cfg.privateKey,
+    rpcUrl,
+    chainId: environmentConfig.chainID
+  });
   return {
     compute: createComputeModule({
-      rpcUrl,
       verbose: cfg.verbose,
-      privateKey: cfg.privateKey,
+      walletClient,
+      publicClient,
       environment: cfg.environment
     }),
     billing: createBillingModule({
       verbose: cfg.verbose,
-      privateKey: cfg.privateKey
+      walletClient
     })
   };
 }
@@ -8292,6 +8477,7 @@ function createECloudClient(cfg) {
   AuthRequiredError,
   BUILD_STATUS,
   BadRequestError,
+  BillingApiClient,
   BuildError,
   BuildFailedError,
   ConflictError,
@@ -8300,6 +8486,7 @@ function createECloudClient(cfg) {
   NotFoundError,
   PRIMARY_LANGUAGES,
   PostHogClient,
+  SessionError,
   TimeoutError,
   UserApiClient,
   addHexPrefix,
@@ -8316,7 +8503,9 @@ function createECloudClient(cfg) {
   createComputeModule,
   createECloudClient,
   createMetricsContext,
+  createSiweMessage,
   createTelemetryClient,
+  createViemClients,
   deleteLegacyPrivateKey,
   deletePrivateKey,
   emitMetrics,
@@ -8331,14 +8520,18 @@ function createECloudClient(cfg) {
   fetchTemplateCatalog,
   formatETH,
   generateNewPrivateKey,
+  generateNonce,
   getAddressFromPrivateKey,
   getAllAppsByDeveloper,
   getAppLatestReleaseBlockNumbers,
   getAvailableEnvironments,
   getAvailableTemplates,
+  getBillingEnvironmentConfig,
   getBlockTimestamps,
   getBuildType,
   getCategoryDescriptions,
+  getChainFromID,
+  getComputeApiSession,
   getCurrentInstanceType,
   getEnvironmentConfig,
   getLegacyKeys,
@@ -8351,10 +8544,17 @@ function createECloudClient(cfg) {
   isEnvironmentAvailable,
   isMainnet,
   isNoopClient,
+  isSessionValid,
+  isSiweMessageExpired,
+  isSiweMessageNotYetValid,
   isSubscriptionActive,
   keyExists,
   listStoredKeys,
+  loginToComputeApi,
+  logoutFromComputeApi,
   logs,
+  noopLogger,
+  parseSiweMessage,
   prepareDeploy,
   prepareDeployFromVerifiableBuild,
   prepareUpgrade,