@phala/cloud 0.1.1 → 0.2.0

package/dist/index.js

@@ -32,7 +32,9 @@ var index_exports = {};
 __export(index_exports, {
   AddComposeHashSchema: () => AddComposeHashSchema,
   ApiErrorSchema: () => ApiErrorSchema,
+  AuthError: () => AuthError,
   AvailableNodesSchema: () => AvailableNodesSchema,
+  BusinessError: () => BusinessError,
   CommitCvmComposeFileUpdateRequestSchema: () => CommitCvmComposeFileUpdateRequestSchema,
   CommitCvmComposeFileUpdateSchema: () => CommitCvmComposeFileUpdateSchema,
   CommitCvmProvisionRequestSchema: () => CommitCvmProvisionRequestSchema,
@@ -48,12 +50,15 @@ __export(index_exports, {
   CvmNetworkSchema: () => CvmNetworkSchema,
   CvmNetworkUrlsSchema: () => CvmNetworkUrlsSchema,
   CvmNodeSchema: () => CvmNodeSchema,
+  CvmStateSchema: () => CvmStateSchema,
   CvmSystemInfoSchema: () => CvmSystemInfoSchema,
   DeleteCvmRequestSchema: () => DeleteCvmRequestSchema,
   DeployAppAuthRequestSchema: () => DeployAppAuthRequestSchema,
   DeployAppAuthSchema: () => DeployAppAuthSchema,
   GetAppEnvEncryptPubKeyRequestSchema: () => GetAppEnvEncryptPubKeyRequestSchema,
   GetAppEnvEncryptPubKeySchema: () => GetAppEnvEncryptPubKeySchema,
+  GetAvailableOSImagesRequestSchema: () => GetAvailableOSImagesRequestSchema,
+  GetAvailableOSImagesResponseSchema: () => GetAvailableOSImagesResponseSchema,
   GetCvmAttestationRequestSchema: () => GetCvmAttestationRequestSchema,
   GetCvmComposeFileRequestSchema: () => GetCvmComposeFileRequestSchema,
   GetCvmContainersStatsRequestSchema: () => GetCvmContainersStatsRequestSchema,
@@ -62,6 +67,7 @@ __export(index_exports, {
   GetCvmListRequestSchema: () => GetCvmListRequestSchema,
   GetCvmListSchema: () => GetCvmListSchema,
   GetCvmNetworkRequestSchema: () => GetCvmNetworkRequestSchema,
+  GetCvmStateRequestSchema: () => GetCvmStateRequestSchema,
   GetCvmStatsRequestSchema: () => GetCvmStatsRequestSchema,
   GetKmsInfoRequestSchema: () => GetKmsInfoRequestSchema,
   GetKmsListRequestSchema: () => GetKmsListRequestSchema,
@@ -71,9 +77,14 @@ __export(index_exports, {
   ListInstanceTypesRequestSchema: () => ListInstanceTypesRequestSchema,
   ListWorkspacesSchema: () => ListWorkspacesSchema,
   ManagedUserSchema: () => ManagedUserSchema,
+  MaxRetriesExceededError: () => MaxRetriesExceededError,
   NetworkError: () => NetworkError,
+  NextAppIdsRequestSchema: () => NextAppIdsRequestSchema,
+  NextAppIdsSchema: () => NextAppIdsSchema,
+  OSImageVariantSchema: () => OSImageVariantSchema,
   PaginatedInstanceTypesSchema: () => PaginatedInstanceTypesSchema,
   PaginationMetadataSchema: () => PaginationMetadataSchema,
+  PhalaCloudError: () => PhalaCloudError,
   ProvisionCvmComposeFileUpdateRequestSchema: () => ProvisionCvmComposeFileUpdateRequestSchema,
   ProvisionCvmComposeFileUpdateResultSchema: () => ProvisionCvmComposeFileUpdateResultSchema,
   ProvisionCvmRequestSchema: () => ProvisionCvmRequestSchema,
@@ -81,15 +92,21 @@ __export(index_exports, {
   RequestError: () => RequestError,
   RestartCvmRequestSchema: () => RestartCvmRequestSchema,
   SUPPORTED_CHAINS: () => SUPPORTED_CHAINS,
+  ServerError: () => ServerError,
   ShutdownCvmRequestSchema: () => ShutdownCvmRequestSchema,
   StartCvmRequestSchema: () => StartCvmRequestSchema,
   StopCvmRequestSchema: () => StopCvmRequestSchema,
   TransactionError: () => TransactionError,
+  UnknownError: () => UnknownError,
   UpdateCvmResourcesRequestSchema: () => UpdateCvmResourcesRequestSchema,
   UpdateCvmVisibilityRequestSchema: () => UpdateCvmVisibilityRequestSchema,
+  UpdateOsImageRequestSchema: () => UpdateOsImageRequestSchema,
   VMSchema: () => VMSchema,
+  ValidationError: () => ValidationError,
   VmInfoSchema: () => VmInfoSchema,
   WalletError: () => WalletError,
+  WatchAbortedError: () => WatchAbortedError,
+  WatchCvmStateRequestSchema: () => WatchCvmStateRequestSchema,
   WorkspaceResponseSchema: () => WorkspaceResponseSchema,
   addComposeHash: () => addComposeHash,
   addNetwork: () => addNetwork,
@@ -116,8 +133,11 @@ __export(index_exports, {
   executeTransaction: () => executeTransaction,
   executeTransactionWithRetry: () => executeTransactionWithRetry,
   extractNetworkClients: () => extractNetworkClients,
+  formatErrorMessage: () => formatErrorMessage,
+  formatValidationErrors: () => formatValidationErrors,
   getAppEnvEncryptPubKey: () => getAppEnvEncryptPubKey,
   getAvailableNodes: () => getAvailableNodes,
+  getAvailableOsImages: () => getAvailableOsImages,
   getComposeHash: () => import_get_compose_hash3.getComposeHash,
   getCurrentUser: () => getCurrentUser,
   getCvmAttestation: () => getCvmAttestation,
@@ -127,13 +147,17 @@ __export(index_exports, {
   getCvmInfo: () => getCvmInfo,
   getCvmList: () => getCvmList,
   getCvmNetwork: () => getCvmNetwork,
+  getCvmState: () => getCvmState,
   getCvmStats: () => getCvmStats,
   getErrorMessage: () => getErrorMessage,
   getKmsInfo: () => getKmsInfo,
   getKmsList: () => getKmsList,
+  getValidationFields: () => getValidationFields,
   getWorkspace: () => getWorkspace,
   listInstanceTypes: () => listInstanceTypes,
   listWorkspaces: () => listWorkspaces,
+  nextAppIds: () => nextAppIds,
+  parseApiError: () => parseApiError,
   parseEnv: () => parseEnv,
   parseEnvVars: () => parseEnvVars,
   preprocessAppCompose: () => preprocessAppCompose,
@@ -148,6 +172,7 @@ __export(index_exports, {
   safeDeployAppAuth: () => safeDeployAppAuth,
   safeGetAppEnvEncryptPubKey: () => safeGetAppEnvEncryptPubKey,
   safeGetAvailableNodes: () => safeGetAvailableNodes,
+  safeGetAvailableOsImages: () => safeGetAvailableOsImages,
   safeGetCurrentUser: () => safeGetCurrentUser,
   safeGetCvmAttestation: () => safeGetCvmAttestation,
   safeGetCvmComposeFile: () => safeGetCvmComposeFile,
@@ -156,12 +181,14 @@ __export(index_exports, {
   safeGetCvmInfo: () => safeGetCvmInfo,
   safeGetCvmList: () => safeGetCvmList,
   safeGetCvmNetwork: () => safeGetCvmNetwork,
+  safeGetCvmState: () => safeGetCvmState,
   safeGetCvmStats: () => safeGetCvmStats,
   safeGetKmsInfo: () => safeGetKmsInfo,
   safeGetKmsList: () => safeGetKmsList,
   safeGetWorkspace: () => safeGetWorkspace,
   safeListInstanceTypes: () => safeListInstanceTypes,
   safeListWorkspaces: () => safeListWorkspaces,
+  safeNextAppIds: () => safeNextAppIds,
   safeProvisionCvm: () => safeProvisionCvm,
   safeProvisionCvmComposeFileUpdate: () => safeProvisionCvmComposeFileUpdate,
   safeRestartCvm: () => safeRestartCvm,
@@ -170,6 +197,7 @@ __export(index_exports, {
   safeStopCvm: () => safeStopCvm,
   safeUpdateCvmResources: () => safeUpdateCvmResources,
   safeUpdateCvmVisibility: () => safeUpdateCvmVisibility,
+  safeUpdateOsImage: () => safeUpdateOsImage,
   safeValidateActionParameters: () => safeValidateActionParameters,
   shutdownCvm: () => shutdownCvm,
   sortObject: () => sortObject,
@@ -178,10 +206,12 @@ __export(index_exports, {
   switchToNetwork: () => switchToNetwork,
   updateCvmResources: () => updateCvmResources,
   updateCvmVisibility: () => updateCvmVisibility,
+  updateOsImage: () => updateOsImage,
   validateActionParameters: () => validateActionParameters,
   validateNetworkPrerequisites: () => validateNetworkPrerequisites,
   verifyEnvEncryptPublicKey: () => import_verify_env_encrypt_public_key.verifyEnvEncryptPublicKey,
   waitForTransactionReceipt: () => waitForTransactionReceipt,
+  watchCvmState: () => watchCvmState,
   withComposeMethods: () => withComposeMethods
 });
 module.exports = __toCommonJS(index_exports);
@@ -189,8 +219,9 @@ module.exports = __toCommonJS(index_exports);
 // src/client.ts
 var import_ofetch = require("ofetch");
 var import_debug = __toESM(require("debug"));
+var import_mitt = __toESM(require("mitt"));
 
-// src/types/client.ts
+// src/utils/errors.ts
 var import_zod = require("zod");
 var ApiErrorSchema = import_zod.z.object({
   detail: import_zod.z.union([
@@ -203,21 +234,34 @@ var ApiErrorSchema = import_zod.z.object({
       })
     ),
     import_zod.z.record(import_zod.z.unknown())
-  ]),
+  ]).optional(),
   type: import_zod.z.string().optional(),
   code: import_zod.z.string().optional()
 });
-var RequestError = class _RequestError extends Error {
-  constructor(message, options) {
+var PhalaCloudError = class extends Error {
+  constructor(message, data) {
     super(message);
+    this.name = this.constructor.name;
+    this.status = data.status;
+    this.statusText = data.statusText;
+    this.detail = data.detail;
+    if (Error.captureStackTrace) {
+      Error.captureStackTrace(this, this.constructor);
+    }
+  }
+};
+var RequestError = class _RequestError extends PhalaCloudError {
+  constructor(message, options) {
+    super(message, {
+      status: options?.status ?? 0,
+      statusText: options?.statusText ?? "Unknown Error",
+      detail: options?.detail || message
+    });
     this.name = "RequestError";
     this.isRequestError = true;
-    this.status = options?.status;
-    this.statusText = options?.statusText;
     this.data = options?.data;
     this.request = options?.request;
     this.response = options?.response;
-    this.detail = options?.detail || message;
     this.code = options?.code;
     this.type = options?.type;
   }
@@ -258,9 +302,172 @@ var RequestError = class _RequestError extends Error {
     });
   }
 };
+var ValidationError = class extends PhalaCloudError {
+  constructor(message, data) {
+    super(message, data);
+    this.isValidationError = true;
+    this.validationErrors = data.validationErrors;
+  }
+};
+var AuthError = class extends PhalaCloudError {
+  constructor() {
+    super(...arguments);
+    this.isAuthError = true;
+  }
+};
+var BusinessError = class extends PhalaCloudError {
+  constructor() {
+    super(...arguments);
+    this.isBusinessError = true;
+  }
+};
+var ServerError = class extends PhalaCloudError {
+  constructor() {
+    super(...arguments);
+    this.isServerError = true;
+  }
+};
+var UnknownError = class extends PhalaCloudError {
+  constructor() {
+    super(...arguments);
+    this.isUnknownError = true;
+  }
+};
+function extractFieldPath(loc) {
+  const filtered = loc.filter((part) => {
+    if (typeof part === "string") {
+      return !["body", "query", "path", "header"].includes(part);
+    }
+    return true;
+  });
+  return filtered.length > 0 ? filtered.join(".") : "unknown";
+}
+function parseValidationErrors(detail) {
+  if (!Array.isArray(detail)) {
+    return {
+      errors: [],
+      message: typeof detail === "string" ? detail : "Validation error"
+    };
+  }
+  const errors = detail.map((item) => ({
+    field: extractFieldPath(item.loc),
+    message: item.msg,
+    type: item.type,
+    context: item.ctx
+  }));
+  const count = errors.length;
+  const message = count === 1 ? `Validation failed: ${errors[0].message}` : `Validation failed (${count} issue${count > 1 ? "s" : ""})`;
+  return { errors, message };
+}
+function categorizeErrorType(status) {
+  if (status === 422) {
+    return "validation";
+  }
+  if (status === 401) {
+    return "auth";
+  }
+  if (status === 403) {
+    return "auth";
+  }
+  if (status >= 400 && status < 500) {
+    return "business";
+  }
+  if (status >= 500) {
+    return "server";
+  }
+  return "unknown";
+}
+function extractPrimaryMessage(status, detail, defaultMessage) {
+  if (status === 422 && Array.isArray(detail)) {
+    const { message } = parseValidationErrors(detail);
+    return message;
+  }
+  if (typeof detail === "string") {
+    return detail;
+  }
+  if (detail && typeof detail === "object" && "message" in detail) {
+    const msg = detail.message;
+    if (typeof msg === "string") {
+      return msg;
+    }
+  }
+  return defaultMessage;
+}
+function parseApiError(requestError) {
+  const status = requestError.status ?? 0;
+  const statusText = requestError.statusText ?? "Unknown Error";
+  const detail = requestError.detail;
+  const errorType = categorizeErrorType(status);
+  const message = extractPrimaryMessage(status, detail, requestError.message);
+  const commonData = {
+    status,
+    statusText,
+    detail
+  };
+  if (errorType === "validation" && Array.isArray(detail)) {
+    const { errors } = parseValidationErrors(detail);
+    return new ValidationError(message, {
+      ...commonData,
+      validationErrors: errors
+    });
+  }
+  if (errorType === "auth") {
+    return new AuthError(message, commonData);
+  }
+  if (errorType === "business") {
+    return new BusinessError(message, commonData);
+  }
+  if (errorType === "server") {
+    return new ServerError(message, commonData);
+  }
+  return new UnknownError(message, commonData);
+}
+function getValidationFields(error) {
+  if (error instanceof ValidationError) {
+    return error.validationErrors.map((e) => e.field);
+  }
+  return [];
+}
+function formatValidationErrors(errors, options) {
+  const { numbered = true, indent = 2, showFields = true } = options ?? {};
+  const indentStr = " ".repeat(indent);
+  return errors.map((error, index) => {
+    const prefix = numbered ? `${index + 1}. ` : "\u2022 ";
+    const field = showFields ? `${error.field}: ` : "";
+    return `${indentStr}${prefix}${field}${error.message}`;
+  }).join("\n");
+}
+function formatErrorMessage(error, options) {
+  const { showFields = true, showType = false } = options ?? {};
+  const parts = [];
+  if (showType) {
+    parts.push(`[${error.constructor.name.toUpperCase()}]`);
+  }
+  parts.push(error.message);
+  if (error instanceof ValidationError && error.validationErrors.length > 0) {
+    parts.push("");
+    parts.push(formatValidationErrors(error.validationErrors, { showFields }));
+  }
+  return parts.join("\n");
+}
+function getErrorMessage(error) {
+  if (typeof error.detail === "string") {
+    return error.detail;
+  }
+  if (Array.isArray(error.detail)) {
+    if (error.detail.length > 0) {
+      return error.detail[0]?.msg || "Validation error";
+    }
+    return "Validation error";
+  }
+  if (typeof error.detail === "object" && error.detail !== null) {
+    return JSON.stringify(error.detail);
+  }
+  return "Unknown error occurred";
+}
 
 // src/client.ts
-var SUPPORTED_API_VERSIONS = ["2025-05-31"];
+var SUPPORTED_API_VERSIONS = ["2025-05-31", "2025-10-28"];
 var logger = (0, import_debug.default)("phala::api-client");
 function formatHeaders(headers) {
   return Object.entries(headers).map(([key, value]) => `    -H "${key}: ${value}"`).join("\n");
@@ -286,18 +493,14 @@ function formatResponse(status, statusText, headers, body) {
 }
 var Client = class {
   constructor(config = {}) {
+    this.emitter = (0, import_mitt.default)();
     const resolvedConfig = {
       ...config,
       apiKey: config.apiKey || process?.env?.PHALA_CLOUD_API_KEY,
       baseURL: config.baseURL || process?.env?.PHALA_CLOUD_API_PREFIX || "https://cloud-api.phala.network/api/v1"
     };
-    const version = resolvedConfig.version && SUPPORTED_API_VERSIONS.includes(resolvedConfig.version) ? resolvedConfig.version : SUPPORTED_API_VERSIONS[0];
+    const version = resolvedConfig.version && SUPPORTED_API_VERSIONS.includes(resolvedConfig.version) ? resolvedConfig.version : SUPPORTED_API_VERSIONS[SUPPORTED_API_VERSIONS.length - 1];
     this.config = resolvedConfig;
-    if (!resolvedConfig.useCookieAuth && !resolvedConfig.apiKey) {
-      throw new Error(
-        "API key is required. Provide it via config.apiKey or set PHALA_CLOUD_API_KEY environment variable."
-      );
-    }
     const { apiKey, baseURL, timeout, headers, useCookieAuth, onResponseError, ...fetchOptions } = resolvedConfig;
     const requestHeaders = {
       "X-Phala-Version": version,
@@ -380,75 +583,137 @@ var Client = class {
   get raw() {
     return this.fetchInstance;
   }
+  on(type, handler) {
+    this.emitter.on(type, handler);
+  }
+  off(type, handler) {
+    this.emitter.off(type, handler);
+  }
+  once(type, handler) {
+    const wrappedHandler = (event) => {
+      handler(event);
+      this.emitter.off(type, wrappedHandler);
+    };
+    this.emitter.on(type, wrappedHandler);
+  }
   // ===== Direct methods (throw on error) =====
   /**
-   * Perform GET request (throws on error)
+   * Perform GET request (throws PhalaCloudError on error)
    */
   async get(request, options) {
-    return this.fetchInstance(request, {
-      ...options,
-      method: "GET"
-    });
+    try {
+      return await this.fetchInstance(request, {
+        ...options,
+        method: "GET"
+      });
+    } catch (error) {
+      const requestError = this.convertToRequestError(error);
+      const phalaCloudError = this.emitError(requestError);
+      throw phalaCloudError;
+    }
   }
   /**
-   * Perform POST request (throws on error)
+   * Perform POST request (throws PhalaCloudError on error)
    */
   async post(request, body, options) {
-    return this.fetchInstance(request, {
-      ...options,
-      method: "POST",
-      body
-    });
+    try {
+      return await this.fetchInstance(request, {
+        ...options,
+        method: "POST",
+        body
+      });
+    } catch (error) {
+      const requestError = this.convertToRequestError(error);
+      const phalaCloudError = this.emitError(requestError);
+      throw phalaCloudError;
+    }
   }
   /**
-   * Perform PUT request (throws on error)
+   * Perform PUT request (throws PhalaCloudError on error)
    */
   async put(request, body, options) {
-    return this.fetchInstance(request, {
-      ...options,
-      method: "PUT",
-      body
-    });
+    try {
+      return await this.fetchInstance(request, {
+        ...options,
+        method: "PUT",
+        body
+      });
+    } catch (error) {
+      const requestError = this.convertToRequestError(error);
+      const phalaCloudError = this.emitError(requestError);
+      throw phalaCloudError;
+    }
   }
   /**
-   * Perform PATCH request (throws on error)
+   * Perform PATCH request (throws PhalaCloudError on error)
    */
   async patch(request, body, options) {
-    return this.fetchInstance(request, {
-      ...options,
-      method: "PATCH",
-      body
-    });
+    try {
+      return await this.fetchInstance(request, {
+        ...options,
+        method: "PATCH",
+        body
+      });
+    } catch (error) {
+      const requestError = this.convertToRequestError(error);
+      const phalaCloudError = this.emitError(requestError);
+      throw phalaCloudError;
+    }
   }
   /**
-   * Perform DELETE request (throws on error)
+   * Perform DELETE request (throws PhalaCloudError on error)
    */
   async delete(request, options) {
-    return this.fetchInstance(request, {
-      ...options,
-      method: "DELETE"
-    });
+    try {
+      return await this.fetchInstance(request, {
+        ...options,
+        method: "DELETE"
+      });
+    } catch (error) {
+      const requestError = this.convertToRequestError(error);
+      const phalaCloudError = this.emitError(requestError);
+      throw phalaCloudError;
+    }
   }
   // ===== Safe methods (return SafeResult) =====
+  /**
+   * Convert any error to RequestError
+   */
+  convertToRequestError(error) {
+    if (error && typeof error === "object" && "data" in error) {
+      return RequestError.fromFetchError(error);
+    }
+    if (error instanceof Error) {
+      return RequestError.fromError(error);
+    }
+    return new RequestError("Unknown error occurred", {
+      detail: "Unknown error occurred"
+    });
+  }
+  /**
+   * Broadcast error to event listeners (fire-and-forget)
+   * @param requestError - The request error to handle
+   * @returns PhalaCloudError instance to throw immediately
+   */
+  emitError(requestError) {
+    const phalaCloudError = parseApiError(requestError);
+    this.emitter.emit("error", phalaCloudError);
+    return phalaCloudError;
+  }
   /**
    * Safe wrapper for any request method (zod-style result)
+   * Returns PhalaCloudError (all errors extend this base class)
    */
   async safeRequest(fn) {
     try {
       const data = await fn();
       return { success: true, data };
     } catch (error) {
-      if (error && typeof error === "object" && "data" in error) {
-        const requestError2 = RequestError.fromFetchError(error);
-        return { success: false, error: requestError2 };
-      }
-      if (error instanceof Error) {
-        const requestError2 = RequestError.fromError(error);
-        return { success: false, error: requestError2 };
+      if (error instanceof PhalaCloudError) {
+        return { success: false, error };
       }
-      const requestError = new RequestError("Unknown error occurred", {
-        detail: "Unknown error occurred"
-      });
+      const requestError = this.convertToRequestError(error);
+      this.emitError(requestError);
       return { success: false, error: requestError };
     }
   }
@@ -571,7 +836,7 @@ function defineSimpleAction(schema, fn) {
         const data = await fn(client);
         return { success: true, data };
       } catch (error) {
-        if (error && typeof error === "object" && "isRequestError" in error) {
+        if (error && typeof error === "object" && "status" in error) {
           return { success: false, error };
         }
         if (error && typeof error === "object" && "issues" in error) {
@@ -628,7 +893,7 @@ function defineAction(schema, fn) {
         const data = await fn(client, params);
         return { success: true, data };
       } catch (error) {
-        if (error && typeof error === "object" && "isRequestError" in error) {
+        if (error && typeof error === "object" && "status" in error) {
           return { success: false, error };
         }
         if (error && typeof error === "object" && "issues" in error) {
@@ -1213,12 +1478,13 @@ var ProvisionCvmComposeFileUpdateRequestSchema = import_zod13.z.object({
 }).refine(
   (data) => !!(data.id || data.uuid || data.app_id || data.instance_id),
   "One of id, uuid, app_id, or instance_id must be provided"
-).transform((data) => ({
-  cvmId: data.id || data.uuid || data.app_id || data.instance_id,
-  request: data.app_compose,
-  update_env_vars: data.update_env_vars,
-  _raw: data
-}));
+).transform((data) => {
+  return {
+    cvmId: data.id || data.uuid || data.app_id || data.instance_id,
+    request: { ...data.app_compose, update_env_vars: data.update_env_vars },
+    _raw: data
+  };
+});
 var ProvisionCvmComposeFileUpdateResultSchema = import_zod13.z.object({
   app_id: import_zod13.z.string().nullable(),
   device_id: import_zod13.z.string().nullable(),
@@ -1321,6 +1587,26 @@ var { action: getAppEnvEncryptPubKey, safeAction: safeGetAppEnvEncryptPubKey } =
   return await client.get(`/kms/${validatedRequest.kms}/pubkey/${validatedRequest.app_id}`);
 });
 
+// src/actions/kms/next_app_ids.ts
+var import_zod18 = require("zod");
+var NextAppIdsRequestSchema = import_zod18.z.object({
+  counts: import_zod18.z.number().int().min(1).max(20).optional().default(1)
+}).strict();
+var NextAppIdsSchema = import_zod18.z.object({
+  app_ids: import_zod18.z.array(
+    import_zod18.z.object({
+      app_id: import_zod18.z.string(),
+      nonce: import_zod18.z.number().int().min(0)
+    })
+  )
+}).strict();
+var { action: nextAppIds, safeAction: safeNextAppIds } = defineAction(NextAppIdsSchema, async (client, payload) => {
+  const validatedRequest = NextAppIdsRequestSchema.parse(payload ?? {});
+  const params = new URLSearchParams();
+  params.append("counts", validatedRequest.counts.toString());
+  return await client.get(`/kms/phala/next_app_id?${params.toString()}`);
+});
+
 // src/actions/cvms/start_cvm.ts
 var StartCvmRequestSchema = CvmIdSchema;
 var { action: startCvm, safeAction: safeStartCvm } = defineAction(VMSchema, async (client, request) => {
@@ -1346,10 +1632,10 @@ var { action: shutdownCvm, safeAction: safeShutdownCvm } = defineAction(VMSchema
 });
 
 // src/actions/cvms/restart_cvm.ts
-var import_zod18 = require("zod");
+var import_zod19 = require("zod");
 var RestartCvmRequestSchema = refineCvmId(
   CvmIdObjectSchema.extend({
-    force: import_zod18.z.boolean().optional()
+    force: import_zod19.z.boolean().optional()
   })
 );
 var { action: restartCvm, safeAction: safeRestartCvm } = defineAction(VMSchema, async (client, request) => {
@@ -1360,10 +1646,10 @@ var { action: restartCvm, safeAction: safeRestartCvm } = defineAction(VMSchema,
 });
 
 // src/actions/cvms/delete_cvm.ts
-var import_zod19 = require("zod");
+var import_zod20 = require("zod");
 var DeleteCvmRequestSchema = CvmIdSchema;
 var { action: deleteCvm, safeAction: safeDeleteCvm } = defineAction(
-  import_zod19.z.void(),
+  import_zod20.z.void(),
   async (client, request) => {
     const { cvmId } = DeleteCvmRequestSchema.parse(request);
     await client.delete(`/cvms/${cvmId}`);
@@ -1372,41 +1658,41 @@ var { action: deleteCvm, safeAction: safeDeleteCvm } = defineAction(
 );
 
 // src/actions/cvms/get_cvm_stats.ts
-var import_zod20 = require("zod");
-var DiskInfoSchema = import_zod20.z.object({
-  name: import_zod20.z.string(),
-  mount_point: import_zod20.z.string(),
-  total_size: import_zod20.z.number(),
-  free_size: import_zod20.z.number()
+var import_zod21 = require("zod");
+var DiskInfoSchema = import_zod21.z.object({
+  name: import_zod21.z.string(),
+  mount_point: import_zod21.z.string(),
+  total_size: import_zod21.z.number(),
+  free_size: import_zod21.z.number()
 });
-var SystemInfoSchema = import_zod20.z.object({
-  os_name: import_zod20.z.string(),
-  os_version: import_zod20.z.string(),
-  kernel_version: import_zod20.z.string(),
-  cpu_model: import_zod20.z.string(),
-  num_cpus: import_zod20.z.number(),
-  total_memory: import_zod20.z.number(),
-  available_memory: import_zod20.z.number(),
-  used_memory: import_zod20.z.number(),
-  free_memory: import_zod20.z.number(),
-  total_swap: import_zod20.z.number(),
-  used_swap: import_zod20.z.number(),
-  free_swap: import_zod20.z.number(),
-  uptime: import_zod20.z.number(),
-  loadavg_one: import_zod20.z.number(),
-  loadavg_five: import_zod20.z.number(),
-  loadavg_fifteen: import_zod20.z.number(),
-  disks: import_zod20.z.array(DiskInfoSchema)
+var SystemInfoSchema = import_zod21.z.object({
+  os_name: import_zod21.z.string(),
+  os_version: import_zod21.z.string(),
+  kernel_version: import_zod21.z.string(),
+  cpu_model: import_zod21.z.string(),
+  num_cpus: import_zod21.z.number(),
+  total_memory: import_zod21.z.number(),
+  available_memory: import_zod21.z.number(),
+  used_memory: import_zod21.z.number(),
+  free_memory: import_zod21.z.number(),
+  total_swap: import_zod21.z.number(),
+  used_swap: import_zod21.z.number(),
+  free_swap: import_zod21.z.number(),
+  uptime: import_zod21.z.number(),
+  loadavg_one: import_zod21.z.number(),
+  loadavg_five: import_zod21.z.number(),
+  loadavg_fifteen: import_zod21.z.number(),
+  disks: import_zod21.z.array(DiskInfoSchema)
 });
-var CvmSystemInfoSchema = import_zod20.z.object({
-  is_online: import_zod20.z.boolean(),
-  is_public: import_zod20.z.boolean().default(false),
-  error: import_zod20.z.string().nullable(),
+var CvmSystemInfoSchema = import_zod21.z.object({
+  is_online: import_zod21.z.boolean(),
+  is_public: import_zod21.z.boolean().default(false),
+  error: import_zod21.z.string().nullable(),
   sysinfo: SystemInfoSchema.nullable(),
-  status: import_zod20.z.string().nullable(),
-  in_progress: import_zod20.z.boolean().default(false),
-  boot_progress: import_zod20.z.string().nullable(),
-  boot_error: import_zod20.z.string().nullable()
+  status: import_zod21.z.string().nullable(),
+  in_progress: import_zod21.z.boolean().default(false),
+  boot_progress: import_zod21.z.string().nullable(),
+  boot_error: import_zod21.z.string().nullable()
 });
 var GetCvmStatsRequestSchema = CvmIdSchema;
 var { action: getCvmStats, safeAction: safeGetCvmStats } = defineAction(CvmSystemInfoSchema, async (client, request) => {
@@ -1415,18 +1701,18 @@ var { action: getCvmStats, safeAction: safeGetCvmStats } = defineAction(CvmSyste
 });
 
 // src/actions/cvms/get_cvm_network.ts
-var import_zod21 = require("zod");
-var CvmNetworkUrlsSchema2 = import_zod21.z.object({
-  app: import_zod21.z.string(),
-  instance: import_zod21.z.string()
+var import_zod22 = require("zod");
+var CvmNetworkUrlsSchema2 = import_zod22.z.object({
+  app: import_zod22.z.string(),
+  instance: import_zod22.z.string()
 });
-var CvmNetworkSchema = import_zod21.z.object({
-  is_online: import_zod21.z.boolean(),
-  is_public: import_zod21.z.boolean().default(true),
-  error: import_zod21.z.string().nullable(),
-  internal_ip: import_zod21.z.string().nullable(),
-  latest_handshake: import_zod21.z.string().nullable(),
-  public_urls: import_zod21.z.array(CvmNetworkUrlsSchema2).nullable()
+var CvmNetworkSchema = import_zod22.z.object({
+  is_online: import_zod22.z.boolean(),
+  is_public: import_zod22.z.boolean().default(true),
+  error: import_zod22.z.string().nullable(),
+  internal_ip: import_zod22.z.string().nullable(),
+  latest_handshake: import_zod22.z.string().nullable(),
+  public_urls: import_zod22.z.array(CvmNetworkUrlsSchema2).nullable()
 });
 var GetCvmNetworkRequestSchema = CvmIdSchema;
 var { action: getCvmNetwork, safeAction: safeGetCvmNetwork } = defineAction(CvmNetworkSchema, async (client, request) => {
@@ -1435,36 +1721,36 @@ var { action: getCvmNetwork, safeAction: safeGetCvmNetwork } = defineAction(CvmN
 });
 
 // src/actions/cvms/get_cvm_docker_compose.ts
-var import_zod22 = require("zod");
+var import_zod23 = require("zod");
 var GetCvmDockerComposeRequestSchema = CvmIdSchema;
-var { action: getCvmDockerCompose, safeAction: safeGetCvmDockerCompose } = defineAction(import_zod22.z.string(), async (client, request) => {
+var { action: getCvmDockerCompose, safeAction: safeGetCvmDockerCompose } = defineAction(import_zod23.z.string(), async (client, request) => {
   const { cvmId } = GetCvmDockerComposeRequestSchema.parse(request);
   return await client.get(`/cvms/${cvmId}/docker-compose.yml`);
 });
 
 // src/actions/cvms/get_cvm_containers_stats.ts
-var import_zod23 = require("zod");
-var ContainerInfoSchema = import_zod23.z.object({
-  id: import_zod23.z.string(),
-  names: import_zod23.z.array(import_zod23.z.string()),
-  image: import_zod23.z.string(),
-  image_id: import_zod23.z.string(),
-  command: import_zod23.z.string().nullable().optional(),
-  created: import_zod23.z.number(),
-  state: import_zod23.z.string(),
-  status: import_zod23.z.string(),
-  log_endpoint: import_zod23.z.string().nullable()
+var import_zod24 = require("zod");
+var ContainerInfoSchema = import_zod24.z.object({
+  id: import_zod24.z.string(),
+  names: import_zod24.z.array(import_zod24.z.string()),
+  image: import_zod24.z.string(),
+  image_id: import_zod24.z.string(),
+  command: import_zod24.z.string().nullable().optional(),
+  created: import_zod24.z.number(),
+  state: import_zod24.z.string(),
+  status: import_zod24.z.string(),
+  log_endpoint: import_zod24.z.string().nullable()
 });
-var CvmContainersStatsSchema = import_zod23.z.object({
-  is_online: import_zod23.z.boolean(),
-  is_public: import_zod23.z.boolean().default(true),
-  error: import_zod23.z.string().nullable(),
-  docker_compose_file: import_zod23.z.string().nullable(),
-  manifest_version: import_zod23.z.number().nullable(),
-  version: import_zod23.z.string().nullable(),
-  runner: import_zod23.z.string().nullable(),
-  features: import_zod23.z.array(import_zod23.z.string()).nullable(),
-  containers: import_zod23.z.array(ContainerInfoSchema).nullable()
+var CvmContainersStatsSchema = import_zod24.z.object({
+  is_online: import_zod24.z.boolean(),
+  is_public: import_zod24.z.boolean().default(true),
+  error: import_zod24.z.string().nullable(),
+  docker_compose_file: import_zod24.z.string().nullable(),
+  manifest_version: import_zod24.z.number().nullable(),
+  version: import_zod24.z.string().nullable(),
+  runner: import_zod24.z.string().nullable(),
+  features: import_zod24.z.array(import_zod24.z.string()).nullable(),
+  containers: import_zod24.z.array(ContainerInfoSchema).nullable()
 });
 var GetCvmContainersStatsRequestSchema = CvmIdSchema;
 var { action: getCvmContainersStats, safeAction: safeGetCvmContainersStats } = defineAction(CvmContainersStatsSchema, async (client, request) => {
@@ -1473,62 +1759,62 @@ var { action: getCvmContainersStats, safeAction: safeGetCvmContainersStats } = d
 });
 
 // src/actions/cvms/get_cvm_attestation.ts
-var import_zod24 = require("zod");
-var CertificateSubjectSchema = import_zod24.z.object({
-  common_name: import_zod24.z.string().nullable(),
-  organization: import_zod24.z.string().nullable(),
-  country: import_zod24.z.string().nullable(),
-  state: import_zod24.z.string().nullable(),
-  locality: import_zod24.z.string().nullable()
+var import_zod25 = require("zod");
+var CertificateSubjectSchema = import_zod25.z.object({
+  common_name: import_zod25.z.string().nullable(),
+  organization: import_zod25.z.string().nullable(),
+  country: import_zod25.z.string().nullable(),
+  state: import_zod25.z.string().nullable(),
+  locality: import_zod25.z.string().nullable()
 });
-var CertificateIssuerSchema = import_zod24.z.object({
-  common_name: import_zod24.z.string().nullable(),
-  organization: import_zod24.z.string().nullable(),
-  country: import_zod24.z.string().nullable()
+var CertificateIssuerSchema = import_zod25.z.object({
+  common_name: import_zod25.z.string().nullable(),
+  organization: import_zod25.z.string().nullable(),
+  country: import_zod25.z.string().nullable()
 });
-var CertificateSchema = import_zod24.z.object({
+var CertificateSchema = import_zod25.z.object({
   subject: CertificateSubjectSchema,
   issuer: CertificateIssuerSchema,
-  serial_number: import_zod24.z.string(),
-  not_before: import_zod24.z.string(),
+  serial_number: import_zod25.z.string(),
+  not_before: import_zod25.z.string(),
   // datetime serialized as ISO string
-  not_after: import_zod24.z.string(),
+  not_after: import_zod25.z.string(),
   // datetime serialized as ISO string
-  version: import_zod24.z.string(),
-  fingerprint: import_zod24.z.string(),
-  signature_algorithm: import_zod24.z.string(),
-  sans: import_zod24.z.array(import_zod24.z.string()).nullable(),
-  is_ca: import_zod24.z.boolean(),
-  position_in_chain: import_zod24.z.number().nullable(),
-  quote: import_zod24.z.string().nullable(),
-  app_id: import_zod24.z.string().nullable().optional(),
-  cert_usage: import_zod24.z.string().nullable().optional()
+  version: import_zod25.z.string(),
+  fingerprint: import_zod25.z.string(),
+  signature_algorithm: import_zod25.z.string(),
+  sans: import_zod25.z.array(import_zod25.z.string()).nullable(),
+  is_ca: import_zod25.z.boolean(),
+  position_in_chain: import_zod25.z.number().nullable(),
+  quote: import_zod25.z.string().nullable(),
+  app_id: import_zod25.z.string().nullable().optional(),
+  cert_usage: import_zod25.z.string().nullable().optional()
 });
-var EventLogSchema = import_zod24.z.object({
-  imr: import_zod24.z.number(),
-  event_type: import_zod24.z.number(),
-  digest: import_zod24.z.string(),
-  event: import_zod24.z.string(),
-  event_payload: import_zod24.z.string()
+var EventLogSchema = import_zod25.z.object({
+  imr: import_zod25.z.number(),
+  event_type: import_zod25.z.number(),
+  digest: import_zod25.z.string(),
+  event: import_zod25.z.string(),
+  event_payload: import_zod25.z.string()
 });
-var TcbInfoSchema = import_zod24.z.object({
-  mrtd: import_zod24.z.string(),
-  rootfs_hash: import_zod24.z.string().nullable().optional(),
-  rtmr0: import_zod24.z.string(),
-  rtmr1: import_zod24.z.string(),
-  rtmr2: import_zod24.z.string(),
-  rtmr3: import_zod24.z.string(),
-  event_log: import_zod24.z.array(EventLogSchema),
-  app_compose: import_zod24.z.string()
+var TcbInfoSchema = import_zod25.z.object({
+  mrtd: import_zod25.z.string(),
+  rootfs_hash: import_zod25.z.string().nullable().optional(),
+  rtmr0: import_zod25.z.string(),
+  rtmr1: import_zod25.z.string(),
+  rtmr2: import_zod25.z.string(),
+  rtmr3: import_zod25.z.string(),
+  event_log: import_zod25.z.array(EventLogSchema),
+  app_compose: import_zod25.z.string()
 });
-var CvmAttestationSchema = import_zod24.z.object({
-  name: import_zod24.z.string().nullable(),
-  is_online: import_zod24.z.boolean(),
-  is_public: import_zod24.z.boolean().default(true),
-  error: import_zod24.z.string().nullable(),
-  app_certificates: import_zod24.z.array(CertificateSchema).nullable(),
+var CvmAttestationSchema = import_zod25.z.object({
+  name: import_zod25.z.string().nullable(),
+  is_online: import_zod25.z.boolean(),
+  is_public: import_zod25.z.boolean().default(true),
+  error: import_zod25.z.string().nullable(),
+  app_certificates: import_zod25.z.array(CertificateSchema).nullable(),
   tcb_info: TcbInfoSchema.nullable(),
-  compose_file: import_zod24.z.string().nullable()
+  compose_file: import_zod25.z.string().nullable()
 });
 var GetCvmAttestationRequestSchema = CvmIdSchema;
 var { action: getCvmAttestation, safeAction: safeGetCvmAttestation } = defineAction(CvmAttestationSchema, async (client, request) => {
@@ -1537,17 +1823,17 @@ var { action: getCvmAttestation, safeAction: safeGetCvmAttestation } = defineAct
 });
 
 // src/actions/cvms/update_cvm_resources.ts
-var import_zod25 = require("zod");
+var import_zod26 = require("zod");
 var UpdateCvmResourcesRequestSchema = refineCvmId(
   CvmIdObjectSchema.extend({
-    vcpu: import_zod25.z.number().optional(),
-    memory: import_zod25.z.number().optional(),
-    disk_size: import_zod25.z.number().optional(),
-    instance_type: import_zod25.z.string().optional(),
-    allow_restart: import_zod25.z.boolean().optional()
+    vcpu: import_zod26.z.number().optional(),
+    memory: import_zod26.z.number().optional(),
+    disk_size: import_zod26.z.number().optional(),
+    instance_type: import_zod26.z.string().optional(),
+    allow_restart: import_zod26.z.boolean().optional()
   })
 );
-var { action: updateCvmResources, safeAction: safeUpdateCvmResources } = defineAction(import_zod25.z.void(), async (client, request) => {
+var { action: updateCvmResources, safeAction: safeUpdateCvmResources } = defineAction(import_zod26.z.void(), async (client, request) => {
   const parsed = UpdateCvmResourcesRequestSchema.parse(request);
   const { cvmId } = CvmIdSchema.parse(parsed);
   const { ...body } = parsed;
@@ -1556,11 +1842,11 @@ var { action: updateCvmResources, safeAction: safeUpdateCvmResources } = defineA
 });
 
 // src/actions/cvms/update_cvm_visibility.ts
-var import_zod26 = require("zod");
+var import_zod27 = require("zod");
 var UpdateCvmVisibilityRequestSchema = refineCvmId(
   CvmIdObjectSchema.extend({
-    public_sysinfo: import_zod26.z.boolean(),
-    public_logs: import_zod26.z.boolean()
+    public_sysinfo: import_zod27.z.boolean(),
+    public_logs: import_zod27.z.boolean()
   })
 );
 var { action: updateCvmVisibility, safeAction: safeUpdateCvmVisibility } = defineAction(CvmLegacyDetailSchema, async (client, request) => {
@@ -1570,6 +1856,59 @@ var { action: updateCvmVisibility, safeAction: safeUpdateCvmVisibility } = defin
   return await client.patch(`/cvms/${cvmId}/visibility`, { public_sysinfo, public_logs });
 });
 
+// src/actions/cvms/get_available_os_images.ts
+var import_zod28 = require("zod");
+var OSImageVariantSchema = import_zod28.z.object({
+  name: import_zod28.z.string(),
+  os_image_hash: import_zod28.z.string().nullable(),
+  is_current: import_zod28.z.boolean()
+});
+var AvailableOSImageSchema2 = import_zod28.z.object({
+  version: import_zod28.z.union([
+    import_zod28.z.tuple([import_zod28.z.number(), import_zod28.z.number(), import_zod28.z.number(), import_zod28.z.number()]),
+    import_zod28.z.tuple([import_zod28.z.number(), import_zod28.z.number(), import_zod28.z.number()])
+  ]),
+  prod: OSImageVariantSchema.nullable(),
+  dev: OSImageVariantSchema.nullable()
+});
+var GetAvailableOSImagesResponseSchema = import_zod28.z.array(AvailableOSImageSchema2);
+var GetAvailableOSImagesRequestSchema = CvmIdSchema;
+var { action: getAvailableOsImages, safeAction: safeGetAvailableOsImages } = defineAction(GetAvailableOSImagesResponseSchema, async (client, request) => {
+  const { cvmId } = GetAvailableOSImagesRequestSchema.parse(request);
+  return await client.get(`/cvms/${cvmId}/available-os-images`);
+});
+
+// src/actions/cvms/update_os_image.ts
+var import_zod29 = require("zod");
+var UpdateOsImageRequestSchema = refineCvmId(
+  CvmIdObjectSchema.extend({
+    os_image_name: import_zod29.z.string().min(1, "OS image name is required")
+  })
+);
+var { action: updateOsImage, safeAction: safeUpdateOsImage } = defineAction(import_zod29.z.void(), async (client, request) => {
+  const parsed = UpdateOsImageRequestSchema.parse(request);
+  const { cvmId } = CvmIdSchema.parse(parsed);
+  const { os_image_name } = parsed;
+  await client.patch(`/cvms/${cvmId}/os-image`, { os_image_name });
+  return void 0;
+});
+
+// src/actions/cvms/get_cvm_state.ts
+var import_zod30 = require("zod");
+var CvmStateSchema = import_zod30.z.object({
+  status: import_zod30.z.string(),
+  derived_status: import_zod30.z.string().optional(),
+  vm_uuid: import_zod30.z.string().optional(),
+  instance_id: import_zod30.z.string().optional(),
+  uptime: import_zod30.z.string().optional()
+  // Add other state fields as needed
+});
+var GetCvmStateRequestSchema = CvmIdSchema;
+var { action: getCvmState, safeAction: safeGetCvmState } = defineAction(CvmStateSchema, async (client, request) => {
+  const { cvmId } = GetCvmStateRequestSchema.parse(request);
+  return await client.get(`/cvms/${cvmId}/state`);
+});
+
 // src/create-client.ts
 function createClient2(config = {}) {
   const client = createClient(config);
@@ -1622,41 +1961,32 @@ function createClient2(config = {}) {
     safeUpdateCvmResources,
     updateCvmVisibility,
     safeUpdateCvmVisibility,
+    getAvailableOsImages,
+    safeGetAvailableOsImages,
+    updateOsImage,
+    safeUpdateOsImage,
     getKmsInfo,
     safeGetKmsInfo,
     getKmsList,
     safeGetKmsList,
     getAppEnvEncryptPubKey,
-    safeGetAppEnvEncryptPubKey
+    safeGetAppEnvEncryptPubKey,
+    nextAppIds,
+    safeNextAppIds,
+    getCvmState,
+    safeGetCvmState
   };
   return client.extend(allActions);
 }
 
 // src/actions/blockchains/deploy_app_auth.ts
-var import_zod27 = require("zod");
+var import_zod31 = require("zod");
 var import_viem3 = require("viem");
 var import_accounts2 = require("viem/accounts");
 
 // src/utils/index.ts
 var import_encrypt_env_vars = require("@phala/dstack-sdk/encrypt-env-vars");
 
-// src/utils/get_error_message.ts
-function getErrorMessage(error) {
-  if (typeof error.detail === "string") {
-    return error.detail;
-  }
-  if (Array.isArray(error.detail)) {
-    if (error.detail.length > 0) {
-      return error.detail[0]?.msg || "Validation error";
-    }
-    return "Validation error";
-  }
-  if (typeof error.detail === "object" && error.detail !== null) {
-    return JSON.stringify(error.detail);
-  }
-  return "Unknown error occurred";
-}
-
 // src/utils/as-hex.ts
 var import_viem = require("viem");
 function asHex(value) {
@@ -2300,25 +2630,25 @@ var kmsAuthAbi = [
     anonymous: false
   }
 ];
-var DeployAppAuthRequestBaseSchema = import_zod27.z.object({
+var DeployAppAuthRequestBaseSchema = import_zod31.z.object({
   // Chain configuration (conditionally required)
-  chain: import_zod27.z.unknown().optional(),
-  rpcUrl: import_zod27.z.string().optional(),
+  chain: import_zod31.z.unknown().optional(),
+  rpcUrl: import_zod31.z.string().optional(),
   // Contract configuration (required)
-  kmsContractAddress: import_zod27.z.string(),
+  kmsContractAddress: import_zod31.z.string(),
   // Authentication mode: either privateKey OR walletClient (required, mutually exclusive)
-  privateKey: import_zod27.z.string().optional(),
-  walletClient: import_zod27.z.unknown().optional(),
+  privateKey: import_zod31.z.string().optional(),
+  walletClient: import_zod31.z.unknown().optional(),
   // Public client (optional, will create default if not provided)
-  publicClient: import_zod27.z.unknown().optional(),
+  publicClient: import_zod31.z.unknown().optional(),
   // App configuration (optional)
-  allowAnyDevice: import_zod27.z.boolean().optional().default(false),
-  deviceId: import_zod27.z.string().optional().default("0000000000000000000000000000000000000000000000000000000000000000"),
-  composeHash: import_zod27.z.string().optional().default("0000000000000000000000000000000000000000000000000000000000000000"),
-  disableUpgrades: import_zod27.z.boolean().optional().default(false),
+  allowAnyDevice: import_zod31.z.boolean().optional().default(false),
+  deviceId: import_zod31.z.string().optional().default("0000000000000000000000000000000000000000000000000000000000000000"),
+  composeHash: import_zod31.z.string().optional().default("0000000000000000000000000000000000000000000000000000000000000000"),
+  disableUpgrades: import_zod31.z.boolean().optional().default(false),
   // Validation configuration (optional)
-  skipPrerequisiteChecks: import_zod27.z.boolean().optional().default(false),
-  minBalance: import_zod27.z.string().optional()
+  skipPrerequisiteChecks: import_zod31.z.boolean().optional().default(false),
+  minBalance: import_zod31.z.string().optional()
   // ETH amount as string, e.g., "0.01"
 }).passthrough();
 var DeployAppAuthRequestSchema = DeployAppAuthRequestBaseSchema.refine(
@@ -2346,13 +2676,13 @@ var DeployAppAuthRequestSchema = DeployAppAuthRequestBaseSchema.refine(
     path: ["chain"]
   }
 );
-var DeployAppAuthSchema = import_zod27.z.object({
-  appId: import_zod27.z.string(),
-  appAuthAddress: import_zod27.z.string(),
-  deployer: import_zod27.z.string(),
-  transactionHash: import_zod27.z.string(),
-  blockNumber: import_zod27.z.bigint().optional(),
-  gasUsed: import_zod27.z.bigint().optional()
+var DeployAppAuthSchema = import_zod31.z.object({
+  appId: import_zod31.z.string(),
+  appAuthAddress: import_zod31.z.string(),
+  deployer: import_zod31.z.string(),
+  transactionHash: import_zod31.z.string(),
+  blockNumber: import_zod31.z.bigint().optional(),
+  gasUsed: import_zod31.z.bigint().optional()
 }).passthrough();
 function parseDeploymentResult(receipt, deployer, kmsContractAddress) {
   try {
@@ -2598,7 +2928,7 @@ async function safeDeployAppAuth(request, parameters) {
 }
 
 // src/actions/blockchains/add_compose_hash.ts
-var import_zod28 = require("zod");
+var import_zod32 = require("zod");
 var import_viem4 = require("viem");
 var import_accounts3 = require("viem/accounts");
 var appAuthAbi = [
@@ -2616,29 +2946,29 @@ var appAuthAbi = [
     anonymous: false
   }
 ];
-var AddComposeHashRequestSchema = import_zod28.z.object({
+var AddComposeHashRequestSchema = import_zod32.z.object({
   // Chain configuration (conditionally required)
-  chain: import_zod28.z.unknown().optional(),
-  rpcUrl: import_zod28.z.string().optional(),
-  appId: import_zod28.z.string(),
-  composeHash: import_zod28.z.string(),
+  chain: import_zod32.z.unknown().optional(),
+  rpcUrl: import_zod32.z.string().optional(),
+  appId: import_zod32.z.string(),
+  composeHash: import_zod32.z.string(),
   // Authentication mode: either privateKey OR walletClient (required, mutually exclusive)
-  privateKey: import_zod28.z.string().optional(),
-  walletClient: import_zod28.z.unknown().optional(),
+  privateKey: import_zod32.z.string().optional(),
+  walletClient: import_zod32.z.unknown().optional(),
   // Public client (optional, will create default if not provided)
-  publicClient: import_zod28.z.unknown().optional(),
+  publicClient: import_zod32.z.unknown().optional(),
   // Validation configuration (optional)
-  skipPrerequisiteChecks: import_zod28.z.boolean().optional().default(false),
-  minBalance: import_zod28.z.string().optional(),
+  skipPrerequisiteChecks: import_zod32.z.boolean().optional().default(false),
+  minBalance: import_zod32.z.string().optional(),
   // ETH amount as string, e.g., "0.01"
   // Transaction control options
-  timeout: import_zod28.z.number().optional().default(12e4),
-  retryOptions: import_zod28.z.unknown().optional(),
-  signal: import_zod28.z.unknown().optional(),
+  timeout: import_zod32.z.number().optional().default(12e4),
+  retryOptions: import_zod32.z.unknown().optional(),
+  signal: import_zod32.z.unknown().optional(),
   // Progress callbacks
-  onTransactionStateChange: import_zod28.z.function().optional(),
-  onTransactionSubmitted: import_zod28.z.function().optional(),
-  onTransactionConfirmed: import_zod28.z.function().optional()
+  onTransactionStateChange: import_zod32.z.function().optional(),
+  onTransactionSubmitted: import_zod32.z.function().optional(),
+  onTransactionConfirmed: import_zod32.z.function().optional()
 }).passthrough().refine(
   (data) => {
     const hasPrivateKey = !!data.privateKey;
@@ -2662,12 +2992,12 @@ var AddComposeHashRequestSchema = import_zod28.z.object({
     path: ["chain"]
   }
 );
-var AddComposeHashSchema = import_zod28.z.object({
-  composeHash: import_zod28.z.string(),
-  appId: import_zod28.z.string(),
-  transactionHash: import_zod28.z.string(),
-  blockNumber: import_zod28.z.bigint().optional(),
-  gasUsed: import_zod28.z.bigint().optional()
+var AddComposeHashSchema = import_zod32.z.object({
+  composeHash: import_zod32.z.string(),
+  appId: import_zod32.z.string(),
+  transactionHash: import_zod32.z.string(),
+  blockNumber: import_zod32.z.bigint().optional(),
+  gasUsed: import_zod32.z.bigint().optional()
 }).passthrough();
 function parseComposeHashResult(receipt, composeHash, appAuthAddress, appId) {
   console.log(receipt.logs);
@@ -2858,6 +3188,200 @@ async function safeAddComposeHash(request, parameters) {
   }
 }
 
+// src/actions/cvms/watch_cvm_state.ts
+var import_zod33 = require("zod");
+var WatchCvmStateParamsSchema = import_zod33.z.object({
+  target: import_zod33.z.string().describe("Target status to wait for (e.g., 'running', 'stopped')"),
+  interval: import_zod33.z.number().min(5).max(30).default(5).describe("Polling interval in seconds"),
+  timeout: import_zod33.z.number().min(10).max(600).default(300).describe("Timeout per attempt in seconds"),
+  maxRetries: import_zod33.z.number().min(0).default(Number.POSITIVE_INFINITY).describe("Maximum number of retry attempts (Infinity for unlimited)"),
+  retryDelay: import_zod33.z.number().min(0).default(5e3).describe("Delay between retries in milliseconds")
+});
+var WatchCvmStateRequestSchema = WatchCvmStateParamsSchema;
+var WatchAbortedError = class extends Error {
+  constructor() {
+    super("Watch operation was aborted");
+    this.name = "WatchAbortedError";
+  }
+};
+var MaxRetriesExceededError = class extends Error {
+  constructor(attempts) {
+    super(`Maximum retry attempts (${attempts}) exceeded`);
+    this.attempts = attempts;
+    this.name = "MaxRetriesExceededError";
+  }
+};
+function parseSSEEvent(eventType, data) {
+  try {
+    const parsed = JSON.parse(data);
+    return { type: eventType, data: parsed };
+  } catch {
+    return { type: "error", data: { error: "Failed to parse SSE event" } };
+  }
+}
+async function watchCvmState(client, request, options = {}) {
+  const { cvmId } = CvmIdSchema.parse(request);
+  const { target, interval, timeout, maxRetries, retryDelay } = WatchCvmStateParamsSchema.parse(request);
+  const { signal, onEvent } = options;
+  let attempt = 0;
+  while (attempt < maxRetries) {
+    if (signal?.aborted) {
+      throw new WatchAbortedError();
+    }
+    attempt++;
+    try {
+      const result = await watchSingleAttempt(
+        client,
+        cvmId,
+        target,
+        interval,
+        timeout,
+        signal,
+        onEvent
+      );
+      if (result) {
+        return result;
+      }
+      if (attempt >= maxRetries) {
+        throw new MaxRetriesExceededError(attempt);
+      }
+      await sleep(retryDelay, signal);
+    } catch (error) {
+      if (signal?.aborted) {
+        throw new WatchAbortedError();
+      }
+      if (error instanceof WatchAbortedError || error instanceof MaxRetriesExceededError) {
+        throw error;
+      }
+      if (attempt >= maxRetries) {
+        throw error;
+      }
+      if (onEvent) {
+        onEvent({
+          type: "error",
+          data: { error: error instanceof Error ? error.message : String(error) }
+        });
+      }
+      await sleep(retryDelay, signal);
+    }
+  }
+  throw new MaxRetriesExceededError(attempt);
+}
+async function watchSingleAttempt(client, cvmId, target, interval, timeout, signal, onEvent) {
+  const params = new URLSearchParams({
+    target,
+    interval: String(interval),
+    timeout: String(timeout)
+  });
+  const baseURL = client.config.baseURL || "";
+  const fullUrl = `${baseURL}/cvms/${cvmId}/state?${params.toString()}`;
+  const headers = {
+    Accept: "text/event-stream",
+    "Cache-Control": "no-cache"
+  };
+  if (!client.config.useCookieAuth && client.config.apiKey) {
+    headers["X-API-Key"] = client.config.apiKey;
+  }
+  if (client.config.headers) {
+    Object.entries(client.config.headers).forEach(([key, value]) => {
+      if (typeof value === "string") {
+        headers[key] = value;
+      }
+    });
+  }
+  const response = await client.raw.native(fullUrl, {
+    method: "GET",
+    headers,
+    signal,
+    ...client.config.useCookieAuth ? { credentials: "include" } : {}
+  });
+  if (!response.ok) {
+    throw new Error(`HTTP ${response.status}: ${response.statusText}`);
+  }
+  if (!response.body) {
+    throw new Error("Response body is null");
+  }
+  return parseSSEStream(response.body, signal, onEvent);
+}
+async function parseSSEStream(stream, signal, onEvent) {
+  const reader = stream.getReader();
+  const decoder = new TextDecoder();
+  let buffer = "";
+  let finalState = null;
+  let currentEvent = "";
+  let currentData = "";
+  const processLine = (line) => {
+    if (line.startsWith("event:")) {
+      currentEvent = line.slice(6).trim();
+    } else if (line.startsWith("data:")) {
+      currentData = line.slice(5).trim();
+    } else if (line === "") {
+      if (currentEvent && currentData) {
+        const event = parseSSEEvent(currentEvent, currentData);
+        if (event.type === "state") {
+          finalState = event.data;
+        }
+        onEvent?.(event);
+        if (event.type === "complete") {
+          return "complete";
+        }
+        if (event.type === "timeout") {
+          return "timeout";
+        }
+      }
+      currentEvent = "";
+      currentData = "";
+    }
+    return null;
+  };
+  try {
+    while (true) {
+      if (signal?.aborted) {
+        throw new WatchAbortedError();
+      }
+      const { done, value } = await reader.read();
+      if (done) {
+        break;
+      }
+      buffer += decoder.decode(value, { stream: true });
+      const lines = buffer.split("\n");
+      buffer = lines.pop() || "";
+      for (const line of lines) {
+        const result = processLine(line.trim());
+        if (result === "complete") {
+          return finalState;
+        }
+        if (result === "timeout") {
+          return null;
+        }
+      }
+    }
+    return finalState;
+  } catch (error) {
+    if (error instanceof WatchAbortedError) {
+      throw error;
+    }
+    throw new Error(`SSE stream error: ${error instanceof Error ? error.message : String(error)}`);
+  } finally {
+    reader.releaseLock();
+  }
+}
+function sleep(ms, signal) {
+  return new Promise((resolve, reject) => {
+    if (signal?.aborted) {
+      reject(new WatchAbortedError());
+      return;
+    }
+    const timer = setTimeout(resolve, ms);
+    if (signal) {
+      signal.addEventListener("abort", () => {
+        clearTimeout(timer);
+        reject(new WatchAbortedError());
+      });
+    }
+  });
+}
+
 // src/parse_dotenv.ts
 var LINE = /(?:^|^)\s*(?:export\s+)?([\w.-]+)(?:\s*=\s*?|:\s+?)(\s*'(?:\\'|[^'])*'|\s*"(?:\\"|[^"])*"|\s*`(?:\\`|[^`])*`|[^#\r\n]+)?\s*(?:#.*)?(?:$|$)/gm;
 function parseEnv(input) {
@@ -2897,7 +3421,9 @@ var import_verify_env_encrypt_public_key = require("@phala/dstack-sdk/verify-env
 0 && (module.exports = {
   AddComposeHashSchema,
   ApiErrorSchema,
+  AuthError,
   AvailableNodesSchema,
+  BusinessError,
   CommitCvmComposeFileUpdateRequestSchema,
   CommitCvmComposeFileUpdateSchema,
   CommitCvmProvisionRequestSchema,
@@ -2913,12 +3439,15 @@ var import_verify_env_encrypt_public_key = require("@phala/dstack-sdk/verify-env
   CvmNetworkSchema,
   CvmNetworkUrlsSchema,
   CvmNodeSchema,
+  CvmStateSchema,
   CvmSystemInfoSchema,
   DeleteCvmRequestSchema,
   DeployAppAuthRequestSchema,
   DeployAppAuthSchema,
   GetAppEnvEncryptPubKeyRequestSchema,
   GetAppEnvEncryptPubKeySchema,
+  GetAvailableOSImagesRequestSchema,
+  GetAvailableOSImagesResponseSchema,
   GetCvmAttestationRequestSchema,
   GetCvmComposeFileRequestSchema,
   GetCvmContainersStatsRequestSchema,
@@ -2927,6 +3456,7 @@ var import_verify_env_encrypt_public_key = require("@phala/dstack-sdk/verify-env
   GetCvmListRequestSchema,
   GetCvmListSchema,
   GetCvmNetworkRequestSchema,
+  GetCvmStateRequestSchema,
   GetCvmStatsRequestSchema,
   GetKmsInfoRequestSchema,
   GetKmsListRequestSchema,
@@ -2936,9 +3466,14 @@ var import_verify_env_encrypt_public_key = require("@phala/dstack-sdk/verify-env
   ListInstanceTypesRequestSchema,
   ListWorkspacesSchema,
   ManagedUserSchema,
+  MaxRetriesExceededError,
   NetworkError,
+  NextAppIdsRequestSchema,
+  NextAppIdsSchema,
+  OSImageVariantSchema,
   PaginatedInstanceTypesSchema,
   PaginationMetadataSchema,
+  PhalaCloudError,
   ProvisionCvmComposeFileUpdateRequestSchema,
   ProvisionCvmComposeFileUpdateResultSchema,
   ProvisionCvmRequestSchema,
@@ -2946,15 +3481,21 @@ var import_verify_env_encrypt_public_key = require("@phala/dstack-sdk/verify-env
   RequestError,
   RestartCvmRequestSchema,
   SUPPORTED_CHAINS,
+  ServerError,
   ShutdownCvmRequestSchema,
   StartCvmRequestSchema,
   StopCvmRequestSchema,
   TransactionError,
+  UnknownError,
   UpdateCvmResourcesRequestSchema,
   UpdateCvmVisibilityRequestSchema,
+  UpdateOsImageRequestSchema,
   VMSchema,
+  ValidationError,
   VmInfoSchema,
   WalletError,
+  WatchAbortedError,
+  WatchCvmStateRequestSchema,
   WorkspaceResponseSchema,
   addComposeHash,
   addNetwork,
@@ -2981,8 +3522,11 @@ var import_verify_env_encrypt_public_key = require("@phala/dstack-sdk/verify-env
   executeTransaction,
   executeTransactionWithRetry,
   extractNetworkClients,
+  formatErrorMessage,
+  formatValidationErrors,
   getAppEnvEncryptPubKey,
   getAvailableNodes,
+  getAvailableOsImages,
   getComposeHash,
   getCurrentUser,
   getCvmAttestation,
@@ -2992,13 +3536,17 @@ var import_verify_env_encrypt_public_key = require("@phala/dstack-sdk/verify-env
   getCvmInfo,
   getCvmList,
   getCvmNetwork,
+  getCvmState,
   getCvmStats,
   getErrorMessage,
   getKmsInfo,
   getKmsList,
+  getValidationFields,
   getWorkspace,
   listInstanceTypes,
   listWorkspaces,
+  nextAppIds,
+  parseApiError,
   parseEnv,
   parseEnvVars,
   preprocessAppCompose,
@@ -3013,6 +3561,7 @@ var import_verify_env_encrypt_public_key = require("@phala/dstack-sdk/verify-env
   safeDeployAppAuth,
   safeGetAppEnvEncryptPubKey,
   safeGetAvailableNodes,
+  safeGetAvailableOsImages,
   safeGetCurrentUser,
   safeGetCvmAttestation,
   safeGetCvmComposeFile,
@@ -3021,12 +3570,14 @@ var import_verify_env_encrypt_public_key = require("@phala/dstack-sdk/verify-env
   safeGetCvmInfo,
   safeGetCvmList,
   safeGetCvmNetwork,
+  safeGetCvmState,
   safeGetCvmStats,
   safeGetKmsInfo,
   safeGetKmsList,
   safeGetWorkspace,
   safeListInstanceTypes,
   safeListWorkspaces,
+  safeNextAppIds,
   safeProvisionCvm,
   safeProvisionCvmComposeFileUpdate,
   safeRestartCvm,
@@ -3035,6 +3586,7 @@ var import_verify_env_encrypt_public_key = require("@phala/dstack-sdk/verify-env
   safeStopCvm,
   safeUpdateCvmResources,
   safeUpdateCvmVisibility,
+  safeUpdateOsImage,
   safeValidateActionParameters,
   shutdownCvm,
   sortObject,
@@ -3043,9 +3595,11 @@ var import_verify_env_encrypt_public_key = require("@phala/dstack-sdk/verify-env
   switchToNetwork,
   updateCvmResources,
   updateCvmVisibility,
+  updateOsImage,
   validateActionParameters,
   validateNetworkPrerequisites,
   verifyEnvEncryptPublicKey,
   waitForTransactionReceipt,
+  watchCvmState,
   withComposeMethods
 });