@layr-labs/ecloud-sdk 0.4.0-dev.0 → 0.4.0-dev.2

package/dist/index.d.cts

@@ -1,12 +1,13 @@
-import { C as ComputeModule } from './compute-DccJLbtV.cjs';
-export { d as ComputeModuleConfig, a as CreateAppOpts, L as LogsOptions, P as PRIMARY_LANGUAGES, S as SDKCreateAppOpts, c as createApp, b as createComputeModule, e as encodeStartAppData, f as encodeStopAppData, h as encodeTerminateAppData, g as getAvailableTemplates, l as logs } from './compute-DccJLbtV.cjs';
+import { C as ComputeModule } from './compute-BRDk7QM4.cjs';
+export { d as ComputeModuleConfig, a as CreateAppOpts, L as LogsOptions, P as PRIMARY_LANGUAGES, S as SDKCreateAppOpts, c as createApp, b as createComputeModule, e as encodeStartAppData, f as encodeStopAppData, h as encodeTerminateAppData, g as getAvailableTemplates, l as logs } from './compute-BRDk7QM4.cjs';
 import { BillingModule } from './billing.cjs';
 export { BillingModuleConfig, createBillingModule } from './billing.cjs';
 import { WalletClient, PublicClient, Address, Hex } from 'viem';
-import { L as LogVisibility, aj as ResourceUsageMonitoring } from './helpers-BNeMZYcY.cjs';
-export { F as AppInfo, I as AppMetrics, H as AppProfileInfo, al as AppRelease, am as AppReleaseBuild, an as AppResponse, K as BillingApiClient, C as ComputeApiConfig, z as CreateAppParams, as as DeployParams, Q as EstimateBatchGasOptions, G as GeneratedKey, a4 as LoginRequest, a3 as LoginResult, A as LogsParams, a as SessionError, S as SessionInfo, b as SiweMessageParams, _ as SiweMessageResult, au as UpgradeParams, U as UserApiClient, ah as addHexPrefix, ap as assertValidFilePath, j as assertValidImageReference, n as assertValidPrivateKey, P as checkERC7702Delegation, V as createSiweMessage, ak as createViemClients, N as estimateBatchGas, k as extractAppNameFromImage, D as generateNewPrivateKey, X as generateNonce, d as getAvailableEnvironments, c as getBillingEnvironmentConfig, e as getBuildType, ag as getChainFromID, a1 as getComputeApiSession, g as getEnvironmentConfig, i as isEnvironmentAvailable, f as isMainnet, a2 as isSessionValid, Y as isSiweMessageExpired, Z as isSiweMessageNotYetValid, B as isSubscriptionActive, $ as loginToComputeApi, a0 as logoutFromComputeApi, W as parseSiweMessage, t as sanitizeString, u as sanitizeURL, w as sanitizeXURL, ai as stripHexPrefix, r as validateAppID, v as validateAppName, x as validateCreateAppParams, at as validateDeployParams, q as validateDescription, ao as validateFilePath, aq as validateImagePath, h as validateImageReference, l as validateInstanceTypeSKU, s as validateLogVisibility, y as validateLogsParams, m as validatePrivateKeyFormat, ar as validateResourceUsageMonitoring, o as validateURL, av as validateUpgradeParams, p as validateXURL } from './helpers-BNeMZYcY.cjs';
-import { G as GasEstimate, ad as Logger, a1 as PreparedDeploy, a8 as EnvironmentConfig, a6 as DeployResult, a2 as PreparedUpgrade, A as AppId } from './index-DD7ZLbqD.cjs';
-export { ao as AlreadyActiveResponse, ae as AppProfile, af as AppProfileResponse, a4 as AppRecord, a7 as BillingEnvironmentConfig, at as CancelResponse, ar as CancelSuccessResponse, ah as ChainID, an as CheckoutCreatedResponse, ak as CreateSubscriptionOptions, am as CreateSubscriptionResponse, Q as DeployAppOpts, a5 as DeployOptions, aw as DeployProgressCallback, ax as DeployStep, ac as DockerImageConfig, E as EstimateGasOptions, Z as ExecuteDeployResult, _ as ExecuteUpgradeResult, Y as GasOpts, al as GetSubscriptionOptions, ab as ImageDigestResult, a3 as LifecycleOpts, as as NoActiveSubscriptionResponse, aa as ParsedEnvironment, ap as PaymentIssueResponse, W as PrepareDeployFromVerifiableBuildOpts, T as PrepareDeployOpts, X as PrepareUpgradeFromVerifiableBuildOpts, V as PrepareUpgradeOpts, $ as PreparedDeployData, a0 as PreparedUpgradeData, ag as ProductID, au as ProductSubscriptionResponse, a9 as Release, ay as SequentialDeployResult, aq as SubscribeResponse, aj as SubscriptionLineItem, av as SubscriptionOpts, ai as SubscriptionStatus, R as UpgradeAppOpts, l as calculateAppID, h as estimateTransactionGas, i as formatETH, g as getAllAppsByDeveloper, az as getAppLatestReleaseBlockNumbers, f as getAppsByBillingAccount, e as getBillingType, aA as getBlockTimestamps, O as logVisibility, N as noopLogger } from './index-DD7ZLbqD.cjs';
+export { AttestClient, AttestClientConfig, JwtProvider } from './attest.cjs';
+import { L as LogVisibility, aj as ResourceUsageMonitoring } from './helpers-DdtPaQr9.cjs';
+export { F as AppInfo, I as AppMetrics, H as AppProfileInfo, al as AppRelease, am as AppReleaseBuild, an as AppResponse, K as BillingApiClient, C as ComputeApiConfig, z as CreateAppParams, as as DeployParams, Q as EstimateBatchGasOptions, G as GeneratedKey, a4 as LoginRequest, a3 as LoginResult, A as LogsParams, a as SessionError, S as SessionInfo, b as SiweMessageParams, _ as SiweMessageResult, au as UpgradeParams, U as UserApiClient, ah as addHexPrefix, ap as assertValidFilePath, j as assertValidImageReference, n as assertValidPrivateKey, P as checkERC7702Delegation, V as createSiweMessage, ak as createViemClients, N as estimateBatchGas, k as extractAppNameFromImage, D as generateNewPrivateKey, X as generateNonce, d as getAvailableEnvironments, c as getBillingEnvironmentConfig, e as getBuildType, ag as getChainFromID, a1 as getComputeApiSession, g as getEnvironmentConfig, i as isEnvironmentAvailable, f as isMainnet, a2 as isSessionValid, Y as isSiweMessageExpired, Z as isSiweMessageNotYetValid, B as isSubscriptionActive, $ as loginToComputeApi, a0 as logoutFromComputeApi, W as parseSiweMessage, t as sanitizeString, u as sanitizeURL, w as sanitizeXURL, ai as stripHexPrefix, r as validateAppID, v as validateAppName, x as validateCreateAppParams, at as validateDeployParams, q as validateDescription, ao as validateFilePath, aq as validateImagePath, h as validateImageReference, l as validateInstanceTypeSKU, s as validateLogVisibility, y as validateLogsParams, m as validatePrivateKeyFormat, ar as validateResourceUsageMonitoring, o as validateURL, av as validateUpgradeParams, p as validateXURL } from './helpers-DdtPaQr9.cjs';
+import { G as GasEstimate, ad as Logger, a1 as PreparedDeploy, a8 as EnvironmentConfig, a6 as DeployResult, a2 as PreparedUpgrade, A as AppId } from './index-BEbhrwWl.cjs';
+export { ao as AlreadyActiveResponse, ae as AppProfile, af as AppProfileResponse, a4 as AppRecord, a7 as BillingEnvironmentConfig, at as CancelResponse, ar as CancelSuccessResponse, ah as ChainID, an as CheckoutCreatedResponse, ak as CreateSubscriptionOptions, am as CreateSubscriptionResponse, Q as DeployAppOpts, a5 as DeployOptions, aw as DeployProgressCallback, ax as DeployStep, ac as DockerImageConfig, E as EstimateGasOptions, Z as ExecuteDeployResult, _ as ExecuteUpgradeResult, Y as GasOpts, al as GetSubscriptionOptions, ab as ImageDigestResult, a3 as LifecycleOpts, as as NoActiveSubscriptionResponse, aa as ParsedEnvironment, ap as PaymentIssueResponse, W as PrepareDeployFromVerifiableBuildOpts, T as PrepareDeployOpts, X as PrepareUpgradeFromVerifiableBuildOpts, V as PrepareUpgradeOpts, $ as PreparedDeployData, a0 as PreparedUpgradeData, ag as ProductID, au as ProductSubscriptionResponse, a9 as Release, ay as SequentialDeployResult, aq as SubscribeResponse, aj as SubscriptionLineItem, av as SubscriptionOpts, ai as SubscriptionStatus, R as UpgradeAppOpts, l as calculateAppID, h as estimateTransactionGas, i as formatETH, g as getAllAppsByDeveloper, az as getAppLatestReleaseBlockNumbers, f as getAppsByBillingAccount, e as getBillingType, aA as getBlockTimestamps, O as logVisibility, N as noopLogger } from './index-BEbhrwWl.cjs';
 
 interface SubmitBuildRequest {
     repoUrl: string;

package/dist/index.d.ts

@@ -1,12 +1,13 @@
-import { C as ComputeModule } from './compute-DlilmZYC.js';
-export { d as ComputeModuleConfig, a as CreateAppOpts, L as LogsOptions, P as PRIMARY_LANGUAGES, S as SDKCreateAppOpts, c as createApp, b as createComputeModule, e as encodeStartAppData, f as encodeStopAppData, h as encodeTerminateAppData, g as getAvailableTemplates, l as logs } from './compute-DlilmZYC.js';
+import { C as ComputeModule } from './compute-CC55YQ_a.js';
+export { d as ComputeModuleConfig, a as CreateAppOpts, L as LogsOptions, P as PRIMARY_LANGUAGES, S as SDKCreateAppOpts, c as createApp, b as createComputeModule, e as encodeStartAppData, f as encodeStopAppData, h as encodeTerminateAppData, g as getAvailableTemplates, l as logs } from './compute-CC55YQ_a.js';
 import { BillingModule } from './billing.js';
 export { BillingModuleConfig, createBillingModule } from './billing.js';
 import { WalletClient, PublicClient, Address, Hex } from 'viem';
-import { L as LogVisibility, aj as ResourceUsageMonitoring } from './helpers-D_AbDeP4.js';
-export { F as AppInfo, I as AppMetrics, H as AppProfileInfo, al as AppRelease, am as AppReleaseBuild, an as AppResponse, K as BillingApiClient, C as ComputeApiConfig, z as CreateAppParams, as as DeployParams, Q as EstimateBatchGasOptions, G as GeneratedKey, a4 as LoginRequest, a3 as LoginResult, A as LogsParams, a as SessionError, S as SessionInfo, b as SiweMessageParams, _ as SiweMessageResult, au as UpgradeParams, U as UserApiClient, ah as addHexPrefix, ap as assertValidFilePath, j as assertValidImageReference, n as assertValidPrivateKey, P as checkERC7702Delegation, V as createSiweMessage, ak as createViemClients, N as estimateBatchGas, k as extractAppNameFromImage, D as generateNewPrivateKey, X as generateNonce, d as getAvailableEnvironments, c as getBillingEnvironmentConfig, e as getBuildType, ag as getChainFromID, a1 as getComputeApiSession, g as getEnvironmentConfig, i as isEnvironmentAvailable, f as isMainnet, a2 as isSessionValid, Y as isSiweMessageExpired, Z as isSiweMessageNotYetValid, B as isSubscriptionActive, $ as loginToComputeApi, a0 as logoutFromComputeApi, W as parseSiweMessage, t as sanitizeString, u as sanitizeURL, w as sanitizeXURL, ai as stripHexPrefix, r as validateAppID, v as validateAppName, x as validateCreateAppParams, at as validateDeployParams, q as validateDescription, ao as validateFilePath, aq as validateImagePath, h as validateImageReference, l as validateInstanceTypeSKU, s as validateLogVisibility, y as validateLogsParams, m as validatePrivateKeyFormat, ar as validateResourceUsageMonitoring, o as validateURL, av as validateUpgradeParams, p as validateXURL } from './helpers-D_AbDeP4.js';
-import { G as GasEstimate, ad as Logger, a1 as PreparedDeploy, a8 as EnvironmentConfig, a6 as DeployResult, a2 as PreparedUpgrade, A as AppId } from './index-DD7ZLbqD.js';
-export { ao as AlreadyActiveResponse, ae as AppProfile, af as AppProfileResponse, a4 as AppRecord, a7 as BillingEnvironmentConfig, at as CancelResponse, ar as CancelSuccessResponse, ah as ChainID, an as CheckoutCreatedResponse, ak as CreateSubscriptionOptions, am as CreateSubscriptionResponse, Q as DeployAppOpts, a5 as DeployOptions, aw as DeployProgressCallback, ax as DeployStep, ac as DockerImageConfig, E as EstimateGasOptions, Z as ExecuteDeployResult, _ as ExecuteUpgradeResult, Y as GasOpts, al as GetSubscriptionOptions, ab as ImageDigestResult, a3 as LifecycleOpts, as as NoActiveSubscriptionResponse, aa as ParsedEnvironment, ap as PaymentIssueResponse, W as PrepareDeployFromVerifiableBuildOpts, T as PrepareDeployOpts, X as PrepareUpgradeFromVerifiableBuildOpts, V as PrepareUpgradeOpts, $ as PreparedDeployData, a0 as PreparedUpgradeData, ag as ProductID, au as ProductSubscriptionResponse, a9 as Release, ay as SequentialDeployResult, aq as SubscribeResponse, aj as SubscriptionLineItem, av as SubscriptionOpts, ai as SubscriptionStatus, R as UpgradeAppOpts, l as calculateAppID, h as estimateTransactionGas, i as formatETH, g as getAllAppsByDeveloper, az as getAppLatestReleaseBlockNumbers, f as getAppsByBillingAccount, e as getBillingType, aA as getBlockTimestamps, O as logVisibility, N as noopLogger } from './index-DD7ZLbqD.js';
+export { AttestClient, AttestClientConfig, JwtProvider } from './attest.js';
+import { L as LogVisibility, aj as ResourceUsageMonitoring } from './helpers-BcoV07Me.js';
+export { F as AppInfo, I as AppMetrics, H as AppProfileInfo, al as AppRelease, am as AppReleaseBuild, an as AppResponse, K as BillingApiClient, C as ComputeApiConfig, z as CreateAppParams, as as DeployParams, Q as EstimateBatchGasOptions, G as GeneratedKey, a4 as LoginRequest, a3 as LoginResult, A as LogsParams, a as SessionError, S as SessionInfo, b as SiweMessageParams, _ as SiweMessageResult, au as UpgradeParams, U as UserApiClient, ah as addHexPrefix, ap as assertValidFilePath, j as assertValidImageReference, n as assertValidPrivateKey, P as checkERC7702Delegation, V as createSiweMessage, ak as createViemClients, N as estimateBatchGas, k as extractAppNameFromImage, D as generateNewPrivateKey, X as generateNonce, d as getAvailableEnvironments, c as getBillingEnvironmentConfig, e as getBuildType, ag as getChainFromID, a1 as getComputeApiSession, g as getEnvironmentConfig, i as isEnvironmentAvailable, f as isMainnet, a2 as isSessionValid, Y as isSiweMessageExpired, Z as isSiweMessageNotYetValid, B as isSubscriptionActive, $ as loginToComputeApi, a0 as logoutFromComputeApi, W as parseSiweMessage, t as sanitizeString, u as sanitizeURL, w as sanitizeXURL, ai as stripHexPrefix, r as validateAppID, v as validateAppName, x as validateCreateAppParams, at as validateDeployParams, q as validateDescription, ao as validateFilePath, aq as validateImagePath, h as validateImageReference, l as validateInstanceTypeSKU, s as validateLogVisibility, y as validateLogsParams, m as validatePrivateKeyFormat, ar as validateResourceUsageMonitoring, o as validateURL, av as validateUpgradeParams, p as validateXURL } from './helpers-BcoV07Me.js';
+import { G as GasEstimate, ad as Logger, a1 as PreparedDeploy, a8 as EnvironmentConfig, a6 as DeployResult, a2 as PreparedUpgrade, A as AppId } from './index-BEbhrwWl.js';
+export { ao as AlreadyActiveResponse, ae as AppProfile, af as AppProfileResponse, a4 as AppRecord, a7 as BillingEnvironmentConfig, at as CancelResponse, ar as CancelSuccessResponse, ah as ChainID, an as CheckoutCreatedResponse, ak as CreateSubscriptionOptions, am as CreateSubscriptionResponse, Q as DeployAppOpts, a5 as DeployOptions, aw as DeployProgressCallback, ax as DeployStep, ac as DockerImageConfig, E as EstimateGasOptions, Z as ExecuteDeployResult, _ as ExecuteUpgradeResult, Y as GasOpts, al as GetSubscriptionOptions, ab as ImageDigestResult, a3 as LifecycleOpts, as as NoActiveSubscriptionResponse, aa as ParsedEnvironment, ap as PaymentIssueResponse, W as PrepareDeployFromVerifiableBuildOpts, T as PrepareDeployOpts, X as PrepareUpgradeFromVerifiableBuildOpts, V as PrepareUpgradeOpts, $ as PreparedDeployData, a0 as PreparedUpgradeData, ag as ProductID, au as ProductSubscriptionResponse, a9 as Release, ay as SequentialDeployResult, aq as SubscribeResponse, aj as SubscriptionLineItem, av as SubscriptionOpts, ai as SubscriptionStatus, R as UpgradeAppOpts, l as calculateAppID, h as estimateTransactionGas, i as formatETH, g as getAllAppsByDeveloper, az as getAppLatestReleaseBlockNumbers, f as getAppsByBillingAccount, e as getBillingType, aA as getBlockTimestamps, O as logVisibility, N as noopLogger } from './index-BEbhrwWl.js';
 
 interface SubmitBuildRequest {
     repoUrl: string;

package/dist/index.js

@@ -545,6 +545,10 @@ setup_tls() {
 # Run TLS setup
 setup_tls
 
+# Export KMS variables for attestation-based JWT auth
+export KMS_SERVER_URL="{{kmsServerURL}}"
+export KMS_PUBLIC_KEY="$(cat /usr/local/bin/kms-signing-public-key.pem)"
+
 echo "compute-source-env.sh: Environment sourced."
 
 # Drop privileges to original user for the application command
@@ -4807,7 +4811,7 @@ var CanViewAppLogsPermission = "0x2fd3f2fe";
 var CanViewSensitiveAppInfoPermission = "0x0e67b22f";
 var CanUpdateAppProfilePermission = "0x036fef61";
 function getDefaultClientId() {
-  const version = true ? "0.4.0-dev.0" : "0.0.0";
+  const version = true ? "0.4.0-dev.2" : "0.0.0";
   return `ecloud-sdk/v${version}`;
 }
 var UserApiClient = class {
@@ -5598,7 +5602,8 @@ var ENVIRONMENTS = {
     erc7702DelegatorAddress: CommonAddresses.ERC7702Delegator,
     kmsServerURL: "http://10.128.15.203:8080",
     userApiServerURL: "https://userapi-compute-sepolia-prod.eigencloud.xyz",
-    defaultRPCURL: "https://ethereum-sepolia-rpc.publicnode.com"
+    defaultRPCURL: "https://ethereum-sepolia-rpc.publicnode.com",
+    billingRPCURL: "https://ethereum-rpc.publicnode.com"
   },
   "mainnet-alpha": {
     name: "mainnet-alpha",
@@ -6138,7 +6143,7 @@ function getPostHogAPIKey() {
   if (process.env.ECLOUD_POSTHOG_KEY) {
     return process.env.ECLOUD_POSTHOG_KEY;
   }
-  return typeof POSTHOG_API_KEY_BUILD_TIME !== "undefined" ? POSTHOG_API_KEY_BUILD_TIME : void 0;
+  return true ? "phc_BiKfywNft5iBI8N7MxmuVCkb4GGZj4mDFXYPmOPUAI8" : void 0;
 }
 function getPostHogEndpoint() {
   return process.env.ECLOUD_POSTHOG_ENDPOINT || "https://us.i.posthog.com";
@@ -8047,9 +8052,101 @@ function createComputeModule(config) {
   };
 }
 
+// src/client/modules/billing/index.ts
+import { encodeFunctionData as encodeFunctionData4 } from "viem";
+
+// src/client/common/abis/USDCCredits.json
+var USDCCredits_default = [
+  {
+    type: "function",
+    name: "purchaseCreditsFor",
+    stateMutability: "nonpayable",
+    inputs: [
+      { name: "amount", type: "uint256" },
+      { name: "account", type: "address" }
+    ],
+    outputs: []
+  },
+  {
+    type: "function",
+    name: "purchaseCredits",
+    stateMutability: "nonpayable",
+    inputs: [
+      { name: "amount", type: "uint256" }
+    ],
+    outputs: []
+  },
+  {
+    type: "function",
+    name: "usdc",
+    stateMutability: "view",
+    inputs: [],
+    outputs: [
+      { name: "", type: "address" }
+    ]
+  },
+  {
+    type: "function",
+    name: "minimumPurchase",
+    stateMutability: "view",
+    inputs: [],
+    outputs: [
+      { name: "", type: "uint256" }
+    ]
+  },
+  {
+    type: "event",
+    name: "CreditsPurchased",
+    inputs: [
+      { name: "purchaser", type: "address", indexed: true },
+      { name: "account", type: "address", indexed: true },
+      { name: "amount", type: "uint256", indexed: false }
+    ]
+  }
+];
+
+// src/client/common/abis/ERC20.json
+var ERC20_default = [
+  {
+    type: "function",
+    name: "approve",
+    stateMutability: "nonpayable",
+    inputs: [
+      { name: "spender", type: "address" },
+      { name: "amount", type: "uint256" }
+    ],
+    outputs: [
+      { name: "", type: "bool" }
+    ]
+  },
+  {
+    type: "function",
+    name: "balanceOf",
+    stateMutability: "view",
+    inputs: [
+      { name: "account", type: "address" }
+    ],
+    outputs: [
+      { name: "", type: "uint256" }
+    ]
+  },
+  {
+    type: "function",
+    name: "allowance",
+    stateMutability: "view",
+    inputs: [
+      { name: "owner", type: "address" },
+      { name: "spender", type: "address" }
+    ],
+    outputs: [
+      { name: "", type: "uint256" }
+    ]
+  }
+];
+
 // src/client/modules/billing/index.ts
 function createBillingModule(config) {
-  const { verbose = false, skipTelemetry = false, walletClient } = config;
+  const { verbose = false, skipTelemetry = false, walletClient, publicClient, environment } = config;
   if (!walletClient.account) {
     throw new Error("WalletClient must have an account attached");
   }
@@ -8057,8 +8154,85 @@ function createBillingModule(config) {
   const logger = getLogger(verbose);
   const billingEnvConfig = getBillingEnvironmentConfig(getBuildType());
   const billingApi = new BillingApiClient(billingEnvConfig, walletClient);
-  return {
+  const environmentConfig = getEnvironmentConfig(environment);
+  const usdcCreditsAddress = environmentConfig.usdcCreditsAddress;
+  if (!usdcCreditsAddress) {
+    throw new Error(`USDCCredits contract address not configured for environment "${environment}"`);
+  }
+  const module = {
     address,
+    async getTopUpInfo() {
+      const usdcAddress = await publicClient.readContract({
+        address: usdcCreditsAddress,
+        abi: USDCCredits_default,
+        functionName: "usdc"
+      });
+      const [minimumPurchase, usdcBalance, currentAllowance] = await Promise.all([
+        publicClient.readContract({
+          address: usdcCreditsAddress,
+          abi: USDCCredits_default,
+          functionName: "minimumPurchase"
+        }),
+        publicClient.readContract({
+          address: usdcAddress,
+          abi: ERC20_default,
+          functionName: "balanceOf",
+          args: [address]
+        }),
+        publicClient.readContract({
+          address: usdcAddress,
+          abi: ERC20_default,
+          functionName: "allowance",
+          args: [address, usdcCreditsAddress]
+        })
+      ]);
+      return { usdcAddress, minimumPurchase, usdcBalance, currentAllowance };
+    },
+    async topUp(opts) {
+      return withSDKTelemetry(
+        {
+          functionName: "topUp",
+          skipTelemetry,
+          properties: { amount: opts.amount.toString() }
+        },
+        async () => {
+          const targetAccount = opts.account ?? address;
+          const { usdcAddress, currentAllowance } = await module.getTopUpInfo();
+          const executions = [];
+          if (currentAllowance < opts.amount) {
+            executions.push({
+              target: usdcAddress,
+              value: 0n,
+              callData: encodeFunctionData4({
+                abi: ERC20_default,
+                functionName: "approve",
+                args: [usdcCreditsAddress, opts.amount]
+              })
+            });
+          }
+          executions.push({
+            target: usdcCreditsAddress,
+            value: 0n,
+            callData: encodeFunctionData4({
+              abi: USDCCredits_default,
+              functionName: "purchaseCreditsFor",
+              args: [opts.amount, targetAccount]
+            })
+          });
+          const txHash = await executeBatch(
+            {
+              walletClient,
+              publicClient,
+              environmentConfig,
+              executions,
+              pendingMessage: "Submitting credit purchase..."
+            },
+            logger
+          );
+          return { txHash, walletAddress: address };
+        }
+      );
+    },
     async subscribe(opts) {
       return withSDKTelemetry(
         {
@@ -8145,6 +8319,7 @@ function createBillingModule(config) {
       );
     }
   };
+  return module;
 }
 
 // src/client/common/utils/buildapi.ts
@@ -8907,95 +9082,6 @@ async function getCurrentInstanceType(preflightCtx, appID, logger, clientId) {
   }
 }
 
-// src/client/common/abis/USDCCredits.json
-var USDCCredits_default = [
-  {
-    type: "function",
-    name: "purchaseCreditsFor",
-    stateMutability: "nonpayable",
-    inputs: [
-      { name: "amount", type: "uint256" },
-      { name: "account", type: "address" }
-    ],
-    outputs: []
-  },
-  {
-    type: "function",
-    name: "purchaseCredits",
-    stateMutability: "nonpayable",
-    inputs: [
-      { name: "amount", type: "uint256" }
-    ],
-    outputs: []
-  },
-  {
-    type: "function",
-    name: "usdc",
-    stateMutability: "view",
-    inputs: [],
-    outputs: [
-      { name: "", type: "address" }
-    ]
-  },
-  {
-    type: "function",
-    name: "minimumPurchase",
-    stateMutability: "view",
-    inputs: [],
-    outputs: [
-      { name: "", type: "uint256" }
-    ]
-  },
-  {
-    type: "event",
-    name: "CreditsPurchased",
-    inputs: [
-      { name: "purchaser", type: "address", indexed: true },
-      { name: "account", type: "address", indexed: true },
-      { name: "amount", type: "uint256", indexed: false }
-    ]
-  }
-];
-
-// src/client/common/abis/ERC20.json
-var ERC20_default = [
-  {
-    type: "function",
-    name: "approve",
-    stateMutability: "nonpayable",
-    inputs: [
-      { name: "spender", type: "address" },
-      { name: "amount", type: "uint256" }
-    ],
-    outputs: [
-      { name: "", type: "bool" }
-    ]
-  },
-  {
-    type: "function",
-    name: "balanceOf",
-    stateMutability: "view",
-    inputs: [
-      { name: "account", type: "address" }
-    ],
-    outputs: [
-      { name: "", type: "uint256" }
-    ]
-  },
-  {
-    type: "function",
-    name: "allowance",
-    stateMutability: "view",
-    inputs: [
-      { name: "owner", type: "address" },
-      { name: "spender", type: "address" }
-    ],
-    outputs: [
-      { name: "", type: "uint256" }
-    ]
-  }
-];
-
 // src/client/index.ts
 function createECloudClient(cfg) {
   cfg.privateKey = addHexPrefix(cfg.privateKey);
@@ -9029,11 +9115,157 @@ function createECloudClient(cfg) {
     }),
     billing: createBillingModule({
       verbose: cfg.verbose,
-      walletClient
+      walletClient,
+      publicClient,
+      environment: cfg.environment
     })
   };
 }
+
+// src/client/modules/attest/attest-client.ts
+import { generateKeyPairSync, createHash, verify } from "crypto";
+import http2 from "http";
+import { compactDecrypt } from "jose";
+var DEFAULT_SOCKET_PATH = "/run/container_launcher/teeserver.sock";
+var CHALLENGE_PREFIX = "COMPUTE_APP_JWT_REQUEST_RSA_KEY_V1";
+var SIGNATURE_PREFIX = "COMPUTE_APP_KMS_SIGNATURE_V1";
+var NULL_BYTE = Buffer.from([0]);
+var AttestClient = class {
+  constructor(config) {
+    this.config = config;
+  }
+  async attest() {
+    const { publicKey, privateKey } = generateKeyPairSync("rsa", {
+      modulusLength: 4096,
+      publicKeyEncoding: { type: "spki", format: "pem" },
+      privateKeyEncoding: { type: "pkcs8", format: "pem" }
+    });
+    const challengeHash = createHash("sha256").update(CHALLENGE_PREFIX).update(NULL_BYTE).update(publicKey).digest();
+    const socketPath = this.config.socketPath ?? DEFAULT_SOCKET_PATH;
+    const attestationBytes = await this.getAttestation(socketPath, challengeHash);
+    const attestResponse = await this.postAttest(attestationBytes, publicKey);
+    this.verifySignature(JSON.stringify(attestResponse.data), attestResponse.signature);
+    const rsaPrivateKey = await crypto.subtle.importKey(
+      "pkcs8",
+      pemToBuffer(privateKey),
+      { name: "RSA-OAEP", hash: "SHA-256" },
+      false,
+      ["decrypt"]
+    );
+    const { plaintext } = await compactDecrypt(
+      attestResponse.data.encryptedToken,
+      rsaPrivateKey
+    );
+    const decrypted = JSON.parse(new TextDecoder().decode(plaintext));
+    return decrypted.token;
+  }
+  verifySignature(dataJson, signature) {
+    const message = Buffer.concat([
+      Buffer.from(SIGNATURE_PREFIX),
+      NULL_BYTE,
+      Buffer.from(dataJson)
+    ]);
+    const valid = verify(
+      "sha256",
+      message,
+      this.config.kmsPublicKey,
+      Buffer.from(signature, "base64")
+    );
+    if (!valid) {
+      throw new Error("KMS response signature verification failed");
+    }
+  }
+  getAttestation(socketPath, challenge) {
+    return new Promise((resolve2, reject) => {
+      const body = JSON.stringify({ challenge: challenge.toString("base64") });
+      const req = http2.request(
+        {
+          socketPath,
+          path: "/v1/bound_evidence",
+          method: "POST",
+          headers: {
+            "Content-Type": "application/json",
+            "Content-Length": Buffer.byteLength(body)
+          }
+        },
+        (res) => {
+          const chunks = [];
+          res.on("data", (chunk) => chunks.push(chunk));
+          res.on("end", () => {
+            if (res.statusCode !== 200) {
+              reject(new Error(`TEE attestation failed (${res.statusCode}): ${Buffer.concat(chunks).toString()}`));
+              return;
+            }
+            resolve2(Buffer.concat(chunks));
+          });
+        }
+      );
+      req.on("error", (err) => reject(new Error(`TEE attestation request failed: ${err.message}`)));
+      req.write(body);
+      req.end();
+    });
+  }
+  async postAttest(attestationBytes, rsaPublicKey) {
+    const url = `${this.config.kmsServerURL}/auth/attest`;
+    const body = JSON.stringify({
+      version: 3,
+      attestation: attestationBytes.toString("base64"),
+      rsaKey: rsaPublicKey,
+      audience: this.config.audience
+    });
+    const response = await fetch(url, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body
+    });
+    if (!response.ok) {
+      const text = await response.text();
+      throw new Error(`KMS attest failed (${response.status}): ${text}`);
+    }
+    return response.json();
+  }
+};
+function pemToBuffer(pem) {
+  const b64 = pem.replace(/-----[A-Z ]+-----/g, "").replace(/\s/g, "");
+  const buf = Buffer.from(b64, "base64");
+  return buf.buffer.slice(buf.byteOffset, buf.byteOffset + buf.byteLength);
+}
+
+// src/client/modules/attest/jwt-provider.ts
+var JwtProvider = class {
+  constructor(attestClient, bufferSeconds = 30) {
+    this.attestClient = attestClient;
+    this.bufferSeconds = bufferSeconds;
+  }
+  async getToken() {
+    if (this.cachedToken && !this.isExpiringSoon()) {
+      return this.cachedToken;
+    }
+    if (this.pending) {
+      return this.pending;
+    }
+    this.pending = this.attestClient.attest().then((token) => {
+      this.cachedToken = token;
+      this.expiresAt = this.decodeJwtExp(token);
+      return token;
+    }).finally(() => {
+      this.pending = void 0;
+    });
+    return this.pending;
+  }
+  isExpiringSoon() {
+    if (!this.expiresAt) return true;
+    return Date.now() / 1e3 >= this.expiresAt - this.bufferSeconds;
+  }
+  decodeJwtExp(jwt) {
+    const payload = jwt.split(".")[1];
+    if (!payload) return void 0;
+    const decoded = JSON.parse(Buffer.from(payload, "base64url").toString());
+    return decoded.exp;
+  }
+};
 export {
+  AttestClient,
   AuthRequiredError,
   BUILD_STATUS,
   BadRequestError,
@@ -9043,6 +9275,7 @@ export {
   ConflictError,
   ERC20_default as ERC20ABI,
   ForbiddenError,
+  JwtProvider,
   NoopClient,
   NotFoundError,
   PRIMARY_LANGUAGES,