@progyai/cli 0.0.1

package/dist/lib/format.js

@@ -0,0 +1,67 @@
+"use strict";
+/**
+ * Output helpers — small enough that pulling in a table library would be the
+ * tail wagging the dog. Aligned columns, no colors (tools that want colors
+ * should add them via wrappers; CLI output should be greppable by default).
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ts = ts;
+exports.usd = usd;
+exports.shortId = shortId;
+exports.table = table;
+exports.parseDuration = parseDuration;
+/** Render `Date | string` as a compact local timestamp `YYYY-MM-DD HH:MM:SS`. */
+function ts(input) {
+    if (input === undefined)
+        return '';
+    const d = input instanceof Date ? input : new Date(input);
+    if (Number.isNaN(d.getTime()))
+        return String(input);
+    const pad = (n) => n.toString().padStart(2, '0');
+    return (`${d.getFullYear()}-${pad(d.getMonth() + 1)}-${pad(d.getDate())} ` +
+        `${pad(d.getHours())}:${pad(d.getMinutes())}:${pad(d.getSeconds())}`);
+}
+/** Format a USD string ($N.NN). Accepts string from progy or number. */
+function usd(value, sign = false) {
+    if (value === undefined || value === null)
+        return '$?';
+    const n = typeof value === 'number' ? value : Number(value);
+    if (!Number.isFinite(n))
+        return `$${value}`;
+    const abs = Math.abs(n).toFixed(6).replace(/0+$/, '').replace(/\.$/, '');
+    const body = abs.includes('.') ? abs : `${abs}.00`;
+    if (!sign)
+        return `$${body}`;
+    return n >= 0 ? `+$${body}` : `-$${body}`;
+}
+/** Truncate an id to a short prefix for the table view. */
+function shortId(id, n = 8) {
+    if (!id)
+        return '';
+    return id.length > n ? id.slice(0, n) + '…' : id;
+}
+/** Render `[ [a,b], [c,d] ]` as space-aligned monospace columns. */
+function table(rows, headers) {
+    const all = headers ? [headers, ...rows] : rows;
+    if (all.length === 0)
+        return '';
+    const widths = all[0].map((_, col) => all.reduce((max, r) => Math.max(max, (r[col] ?? '').length), 0));
+    const fmtRow = (r) => r.map((c, i) => (i === r.length - 1 ? (c ?? '') : (c ?? '').padEnd(widths[i]))).join('  ');
+    if (!headers)
+        return all.map(fmtRow).join('\n');
+    const head = fmtRow(headers);
+    const sep = widths.map((w) => '─'.repeat(w)).join('  ');
+    return [head, sep, ...rows.map(fmtRow)].join('\n');
+}
+/** Parse "7d" / "3h" / "30m" → ms; undefined if not a valid duration. */
+function parseDuration(s) {
+    if (!s)
+        return undefined;
+    const m = /^(\d+)([dhm])$/.exec(s.trim());
+    if (!m)
+        return undefined;
+    const n = Number(m[1]);
+    const unit = m[2];
+    const ms = unit === 'd' ? 86_400_000 : unit === 'h' ? 3_600_000 : 60_000;
+    return n * ms;
+}

package/dist/lib/http.js

@@ -0,0 +1,79 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.resolveProfile = resolveProfile;
+exports.resolveClient = resolveClient;
+exports.progyFetch = progyFetch;
+const flags_1 = require("./flags");
+const credentials_1 = require("./credentials");
+/**
+ * Resolve the profile name from --profile flag or PROGY_PROFILE env. Defaults
+ * to "default" — every existing single-profile install transparently uses the
+ * default profile so this change is non-breaking.
+ */
+function resolveProfile(flags) {
+    return (0, flags_1.readFlag)(flags, 'profile', 'PROGY_PROFILE') || credentials_1.DEFAULT_PROFILE;
+}
+/**
+ * Resolve --url / --key into a client context. Resolution chain (most-explicit
+ * wins): CLI flag → env var → ~/.progy/credentials[profile] → default URL
+ * (key has no default; missing key after the chain throws).
+ *
+ * The credentials file is consulted only as the last fallback so an explicit
+ * --key/PROGY_API_KEY can always override a saved profile (the standard "env
+ * shadows file" pattern that gh, aws, etc. use).
+ *
+ * The profile lookup respects `--profile <name>` / `PROGY_PROFILE` so a single
+ * user can swap between staging and prod credentials without re-running
+ * `progy init`.
+ */
+function resolveClient(flags) {
+    const profile = resolveProfile(flags);
+    const saved = (0, credentials_1.loadCredentials)(profile);
+    const url = ((0, flags_1.readFlag)(flags, 'url', 'PROGY_URL') ||
+        saved?.url ||
+        'https://x.progy.ai').replace(/\/$/, '');
+    const key = (0, flags_1.readFlag)(flags, 'key', 'PROGY_API_KEY') || saved?.api_key;
+    if (!key) {
+        const profileHint = profile === credentials_1.DEFAULT_PROFILE ? '' : ` for profile "${profile}"`;
+        throw new Error(`missing --key${profileHint} (or set PROGY_API_KEY, or run \`progy init${profile === credentials_1.DEFAULT_PROFILE ? '' : ` --profile ${profile}`}\` to mint and save one)`);
+    }
+    return { url, key };
+}
+/** Bearer-auth fetch that decodes the upstream-shaped error envelope on failure. */
+async function progyFetch(ctx, path, init = {}) {
+    let resp;
+    try {
+        resp = await fetch(`${ctx.url}${path}`, {
+            method: init.method ?? 'GET',
+            headers: {
+                authorization: `Bearer ${ctx.key}`,
+                ...(init.body !== undefined ? { 'content-type': 'application/json' } : {}),
+                ...(init.extraHeaders ?? {}),
+            },
+            body: init.body !== undefined ? JSON.stringify(init.body) : undefined,
+        });
+    }
+    catch (cause) {
+        // Network/DNS/refused — fetch throws bare "fetch failed" with details in `cause`.
+        const detail = cause?.cause?.code || cause?.code || cause?.message || cause;
+        throw new Error(`could not reach ${ctx.url} (${detail}) — is PROGY_URL correct and the server running?`, { cause });
+    }
+    const text = await resp.text();
+    let json;
+    try {
+        json = text ? JSON.parse(text) : undefined;
+    }
+    catch {
+        json = undefined;
+    }
+    if (!resp.ok) {
+        // Errors come back in the upstream's native envelope (Anthropic or OpenAI
+        // shaped) — surface the inner message if we recognize it, otherwise raw.
+        const msg = json?.error?.message ?? json?.message ?? (text || `HTTP ${resp.status}`);
+        const err = new Error(msg);
+        err.status = resp.status;
+        err.body = json ?? text;
+        throw err;
+    }
+    return json;
+}

package/dist/lib/x402.js

@@ -0,0 +1,207 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.topupViaX402 = topupViaX402;
+exports.offeredNetworks = offeredNetworks;
+const password_1 = __importDefault(require("@inquirer/password"));
+const base_1 = require("@scure/base");
+const accounts_1 = require("viem/accounts");
+const kit_1 = require("@solana/kit");
+const client_1 = require("@x402/core/client");
+const http_1 = require("@x402/core/http");
+const client_2 = require("@x402/evm/exact/client");
+const client_3 = require("@x402/svm/exact/client");
+const svm_1 = require("@x402/svm");
+// x402 v2 settles on CAIP-2 networks (e.g. "eip155:8453"); progy advertises the
+// friendly names operators/users know. These bridge the two for display + the
+// --network flag.
+const EVM_CAIP2 = {
+    base: 'eip155:8453',
+    'base-sepolia': 'eip155:84532',
+    polygon: 'eip155:137',
+    'polygon-amoy': 'eip155:80002',
+    avalanche: 'eip155:43114',
+    'avalanche-fuji': 'eip155:43113',
+    arbitrum: 'eip155:42161',
+    'arbitrum-sepolia': 'eip155:421614',
+    optimism: 'eip155:10',
+};
+const SVM_CAIP2 = {
+    solana: svm_1.SOLANA_MAINNET_CAIP2,
+    'solana-devnet': svm_1.SOLANA_DEVNET_CAIP2,
+};
+const CAIP2_TO_FRIENDLY = Object.fromEntries([...Object.entries(EVM_CAIP2), ...Object.entries(SVM_CAIP2)].map(([name, caip]) => [caip, name]));
+function friendlyName(caip2) {
+    return CAIP2_TO_FRIENDLY[caip2] ?? caip2;
+}
+function isSvm(caip2) {
+    return caip2.startsWith('solana:');
+}
+async function postTopup(ctx, amountUsd, extraHeaders = {}) {
+    let resp;
+    try {
+        resp = await fetch(`${ctx.url}/v1/topup`, {
+            method: 'POST',
+            headers: {
+                authorization: `Bearer ${ctx.key}`,
+                'content-type': 'application/json',
+                ...extraHeaders,
+            },
+            body: JSON.stringify({ amountUsd }),
+        });
+    }
+    catch (cause) {
+        const detail = cause?.cause?.code || cause?.code || cause?.message || cause;
+        throw new Error(`could not reach ${ctx.url} (${detail}) — is PROGY_URL correct and the server running?`, {
+            cause,
+        });
+    }
+    const text = await resp.text();
+    let body;
+    try {
+        body = text ? JSON.parse(text) : undefined;
+    }
+    catch {
+        body = text;
+    }
+    return { status: resp.status, headers: resp.headers, body };
+}
+/** Parse the x402 PaymentRequired out of the 402 challenge (v2 header, with a body fallback). */
+function readPaymentRequired(resp) {
+    const headerVal = resp.headers.get('PAYMENT-REQUIRED');
+    if (headerVal) {
+        try {
+            return (0, http_1.decodePaymentRequiredHeader)(headerVal);
+        }
+        catch {
+            /* fall through to body */
+        }
+    }
+    // Body fallback: the combined challenge carries both stripe + x402 entries; keep
+    // only the x402 ("exact") PaymentRequirements.
+    const accepts = Array.isArray(resp.body?.accepts)
+        ? resp.body.accepts.filter((a) => a?.scheme === 'exact')
+        : [];
+    if (accepts.length === 0) {
+        throw new Error('server did not advertise any x402 payment options for this top-up');
+    }
+    return {
+        x402Version: Number(resp.body?.x402Version) || 2,
+        error: resp.body?.error,
+        resource: resp.body?.resource ?? { url: '/v1/topup' },
+        accepts,
+    };
+}
+/** Pick the x402 requirement to pay, by --network (friendly or CAIP-2) or the sole option. */
+function selectRequirement(accepts, requested) {
+    const exact = accepts.filter((a) => a.scheme === 'exact');
+    if (exact.length === 0)
+        throw new Error('no x402 (exact) payment option offered by the server');
+    if (requested) {
+        const wantCaip2 = EVM_CAIP2[requested] ?? SVM_CAIP2[requested] ?? requested;
+        const match = exact.find((a) => a.network === wantCaip2);
+        if (!match) {
+            const avail = exact.map((a) => friendlyName(a.network)).join(', ');
+            throw new Error(`network "${requested}" is not offered; available: [${avail}]`);
+        }
+        return match;
+    }
+    if (exact.length === 1)
+        return exact[0];
+    const avail = exact.map((a) => friendlyName(a.network)).join(', ');
+    throw new Error(`multiple x402 networks offered — choose one with --network <net>. Available: [${avail}]`);
+}
+/** Resolve a secret from env, else prompt with a hidden input (TTY only). */
+async function resolveSecret(envVar, label) {
+    const fromEnv = process.env[envVar];
+    if (fromEnv && fromEnv.trim())
+        return fromEnv.trim();
+    if (!process.stdin.isTTY) {
+        throw new Error(`missing ${envVar} — set it in your environment (no TTY available to prompt)`);
+    }
+    const entered = await (0, password_1.default)({ message: `Enter ${label} (hidden):` });
+    if (!entered || !entered.trim())
+        throw new Error(`no ${label} provided`);
+    return entered.trim();
+}
+/** Build an x402 client with the one scheme needed for the chosen network. */
+async function buildClient(requirement) {
+    const caip2 = requirement.network;
+    // Pin the selector to the chosen requirement so createPaymentPayload uses it.
+    const client = new client_1.x402Client(() => requirement);
+    if (isSvm(caip2)) {
+        const secret = await resolveSecret('PROGY_SVM_PRIVATE_KEY', 'Solana wallet secret key (base58)');
+        let bytes;
+        try {
+            bytes = base_1.base58.decode(secret);
+        }
+        catch {
+            throw new Error('PROGY_SVM_PRIVATE_KEY is not valid base58');
+        }
+        const signer = await (0, kit_1.createKeyPairSignerFromBytes)(bytes);
+        const rpcUrl = process.env.PROGY_SVM_RPC_URL?.trim() ||
+            (caip2 === svm_1.SOLANA_DEVNET_CAIP2 ? svm_1.DEVNET_RPC_URL : svm_1.MAINNET_RPC_URL);
+        client.register(caip2, new client_3.ExactSvmScheme(signer, { rpcUrl }));
+    }
+    else {
+        const raw = await resolveSecret('PROGY_EVM_PRIVATE_KEY', 'EVM wallet private key (0x…)');
+        const pk = (raw.startsWith('0x') ? raw : `0x${raw}`);
+        let account;
+        try {
+            account = (0, accounts_1.privateKeyToAccount)(pk);
+        }
+        catch {
+            throw new Error('PROGY_EVM_PRIVATE_KEY is not a valid 32-byte hex private key');
+        }
+        (0, client_2.registerExactEvmScheme)(client, { signer: account, networks: [caip2] });
+    }
+    return client;
+}
+/**
+ * Top up the progy balance via the x402 on-chain rail. Fetches the 402 challenge,
+ * selects a network, signs the payment with the user's wallet (EVM EIP-3009 or a
+ * Solana transfer), and settles by replaying the request with the PAYMENT-SIGNATURE
+ * header. Returns the credited amount + new balance reported by the server.
+ */
+async function topupViaX402(ctx, amountUsd, opts = {}) {
+    // 1) Challenge.
+    const challenge = await postTopup(ctx, amountUsd);
+    if (challenge.status !== 402) {
+        const msg = challenge.body?.message || challenge.body?.error || `unexpected status ${challenge.status}`;
+        throw new Error(`expected a 402 challenge from /v1/topup, got ${challenge.status}: ${msg}`);
+    }
+    const paymentRequired = readPaymentRequired(challenge);
+    // 2) Pick network + 3) acquire signer + build client.
+    const requirement = selectRequirement(paymentRequired.accepts, opts.network);
+    const friendly = friendlyName(requirement.network);
+    const client = await buildClient(requirement);
+    // 4) Sign.
+    const httpClient = new client_1.x402HTTPClient(client);
+    let payload;
+    try {
+        payload = await httpClient.createPaymentPayload(paymentRequired);
+    }
+    catch (err) {
+        throw new Error(`failed to build x402 payment on ${friendly}: ${err?.message ?? err}`, { cause: err });
+    }
+    const sigHeaders = httpClient.encodePaymentSignatureHeader(payload);
+    // 5) Settle (replay with the payment header).
+    console.log(`Settling $${amountUsd} on ${friendly} …`);
+    const settled = await postTopup(ctx, amountUsd, sigHeaders);
+    if (settled.status < 200 || settled.status >= 300) {
+        const msg = settled.body?.message || settled.body?.error || `HTTP ${settled.status}`;
+        throw new Error(`x402 settlement failed on ${friendly}: ${msg}`);
+    }
+    return {
+        network: settled.body?.network || friendly,
+        credited: settled.body?.credited,
+        amountUsd: settled.body?.amount_usd,
+        balanceUsd: settled.body?.balance_usd,
+    };
+}
+/** Friendly names of the x402 networks the server is currently offering for an amount. */
+function offeredNetworks(accepts) {
+    return accepts.filter((a) => a.scheme === 'exact').map((a) => friendlyName(a.network));
+}

package/dist/progy.js

@@ -0,0 +1,90 @@
+#!/usr/bin/env node
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const commander_1 = require("commander");
+const topup_1 = require("./commands/topup");
+const balance_1 = require("./commands/balance");
+const usage_1 = require("./commands/usage");
+const init_1 = require("./commands/init");
+const whoami_1 = require("./commands/whoami");
+const logout_1 = require("./commands/logout");
+const config_1 = require("./commands/config");
+const pkg = require('../package.json');
+const program = new commander_1.Command();
+program
+    .name('progy')
+    .description('progy — customer CLI for the permissionless AI proxy')
+    .version(pkg.version, '-v, --version', 'print version');
+// Common connection flags. Added per-command (rather than as global options) so
+// they can appear after the subcommand, e.g. `progy balance --url …`.
+function withConnection(cmd) {
+    return cmd
+        .option('--url <url>', 'progy URL (env PROGY_URL, default https://x.progy.ai)')
+        .option('--key <key>', 'progy api key (env PROGY_API_KEY, or ~/.progy/credentials)')
+        .option('--profile <name>', 'credentials profile (env PROGY_PROFILE, default "default")');
+}
+// Commander hands the action (options, command); normalize to our Flags bag.
+function flagsOf(cmd) {
+    return cmd.opts();
+}
+withConnection(program
+    .command('init')
+    .alias('keygen')
+    .description('Mint a fresh API key and save it to ~/.progy/credentials')
+    .option('--force', 'mint a new key even if one is already configured'))
+    .addHelpText('after', `
+Examples:
+  progy init                         # mint + save under the default profile
+  progy init --profile staging       # mint + save staging creds
+  PROGY_PROFILE=staging progy whoami # env-var equivalent of --profile`)
+    .action((_opts, cmd) => (0, init_1.initCommand)(flagsOf(cmd)));
+withConnection(program
+    .command('whoami')
+    .description('Show which account the CLI is configured to use')).action((_opts, cmd) => (0, whoami_1.whoamiCommand)(flagsOf(cmd)));
+withConnection(program
+    .command('logout')
+    .description('Delete the saved credentials (local only — the account stays on the server)')).action((_opts, cmd) => (0, logout_1.logoutCommand)(flagsOf(cmd)));
+withConnection(program
+    .command('config')
+    .description('View or update saved credentials (e.g. repoint --url without re-minting the key)'))
+    .addHelpText('after', `
+Examples:
+  progy config                          # show saved url + key prefix
+  progy config --url https://x.progy.ai # repoint the saved profile (keeps the key)
+  progy config --key progy_sk_…         # replace the saved key (keeps the url)`)
+    .action((_opts, cmd) => (0, config_1.configCommand)(flagsOf(cmd)));
+withConnection(program
+    .command('topup')
+    .description('Credit your balance (Stripe card rail or x402 on-chain rail)')
+    .option('--amount <usd>', 'USD to top up (required, > 0)')
+    .option('--rail <rail>', 'stripe | x402 (auto-picks based on what is configured)')
+    .option('--network <net>', 'x402 network to pay on, e.g. base, solana, base-sepolia')
+    .option('--pm <pm>', 'Stripe PaymentMethod id (env PROGY_TOPUP_PM_ID)'))
+    .addHelpText('after', `
+Rails:
+  stripe   card charge — needs --pm (or PROGY_TOPUP_PM_ID) and Stripe configured on the proxy
+  x402     on-chain USDC — needs a wallet key in PROGY_EVM_PRIVATE_KEY / PROGY_SVM_PRIVATE_KEY
+           (prompted securely if unset). Solana also uses PROGY_SVM_RPC_URL (optional).
+
+Examples:
+  progy topup --amount 10 --rail x402 --network base
+  progy topup --amount 10 --rail x402 --network solana
+  progy topup --amount 10 --pm pm_card_visa            # stripe`)
+    .action((_opts, cmd) => (0, topup_1.topupCommand)(flagsOf(cmd)));
+withConnection(program
+    .command('balance')
+    .description('Show current balance + recent ledger')).action((_opts, cmd) => (0, balance_1.balanceCommand)(flagsOf(cmd)));
+withConnection(program
+    .command('usage')
+    .description('Show recent per-request usage records')
+    .option('--since <dur>', 'only show records newer than this window, e.g. 7d, 3h, 30m')).action((_opts, cmd) => (0, usage_1.usageCommand)(flagsOf(cmd)));
+program.addHelpText('after', `
+First time?
+  npx @progyai/cli init              # mints a key, saves to ~/.progy/credentials
+  npx @progyai/cli topup --amount 10 --rail x402 --network base
+
+Docs: docs/BILLING.md in the progy repo`);
+program.parseAsync(process.argv).catch((err) => {
+    console.error(`progy: ${err.message}`);
+    process.exit(err.status === 401 ? 3 : 1);
+});

package/package.json

@@ -0,0 +1,58 @@
+{
+  "name": "@progyai/cli",
+  "version": "0.0.1",
+  "description": "Customer-side CLI for progy — top up, view balance and usage against any progy deployment",
+  "license": "SSPL-1.0",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/whatl3y/progy.git",
+    "directory": "apps/cli"
+  },
+  "homepage": "https://github.com/whatl3y/progy/tree/main/apps/cli#readme",
+  "bugs": {
+    "url": "https://github.com/whatl3y/progy/issues"
+  },
+  "bin": {
+    "progy": "./dist/progy.js"
+  },
+  "main": "./dist/progy.js",
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "engines": {
+    "node": ">=20"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "dependencies": {
+    "@inquirer/password": "^4.0.0",
+    "@scure/base": "^1.2.6",
+    "@solana/kit": "^5.5.1",
+    "@x402/core": "^2.13.0",
+    "@x402/evm": "^2.13.0",
+    "@x402/svm": "^2.13.0",
+    "commander": "^14.0.0",
+    "viem": "^2.51.3"
+  },
+  "devDependencies": {
+    "@types/node": "^24.10.1",
+    "ts-node": "^10.9.2",
+    "typescript": "^5.9.3"
+  },
+  "keywords": [
+    "progy",
+    "ai-proxy",
+    "anthropic",
+    "openai",
+    "cli"
+  ],
+  "scripts": {
+    "build": "tsc && chmod +x dist/progy.js",
+    "dev": "ts-node src/progy.ts",
+    "clean": "rm -rf dist",
+    "typecheck": "tsc --noEmit",
+    "test": "vitest run --passWithNoTests"
+  }
+}