run402 1.17.0 → 1.18.1

package/cli.mjs

@@ -44,7 +44,7 @@ Examples:
   run402 deploy --manifest app.json
   run402 projects list
   run402 projects sql <project_id> "SELECT * FROM users LIMIT 5"
-  run402 functions deploy <project_id> my-fn --code handler.ts
+  run402 functions deploy <project_id> my-fn --file handler.ts
   run402 secrets set <project_id> API_KEY sk-1234
   run402 image generate "a startup mascot, pixel art" --output logo.png
 

package/lib/functions.mjs

@@ -1,5 +1,6 @@
-import { readFileSync, existsSync } from "fs";
-import { findProject, readAllowance, API, ALLOWANCE_FILE } from "./config.mjs";
+import { readFileSync } from "fs";
+import { findProject, API } from "./config.mjs";
+import { setupPaidFetch } from "./paid-fetch.mjs";
 
 const HELP = `run402 functions — Manage serverless functions
 
@@ -7,7 +8,7 @@ Usage:
   run402 functions <subcommand> [args...]
 
 Subcommands:
-  deploy <id> <name> --code <file> [--timeout <s>] [--memory <mb>] [--deps <pkg,...>]
+  deploy <id> <name> --file <file> [--timeout <s>] [--memory <mb>] [--deps <pkg,...>]
                                        Deploy a function to a project
   invoke <id> <name> [--method <M>] [--body <json>]
                                        Invoke a deployed function
@@ -16,7 +17,7 @@ Subcommands:
   delete <id> <name>                   Delete a function
 
 Examples:
-  run402 functions deploy abc123 stripe-webhook --code handler.ts
+  run402 functions deploy abc123 stripe-webhook --file handler.ts
   run402 functions invoke abc123 stripe-webhook --body '{"event":"test"}'
   run402 functions logs abc123 stripe-webhook --tail 100
   run402 functions list abc123
@@ -27,37 +28,17 @@ Notes:
   - Deploy may require payment if the project lease has expired
 `;
 
-async function setupPaidFetch() {
-  if (!existsSync(ALLOWANCE_FILE)) {
-    console.error(JSON.stringify({ status: "error", message: "No agent allowance found. Run: run402 allowance create && run402 allowance fund" }));
-    process.exit(1);
-  }
-  const allowance = readAllowance();
-  const { privateKeyToAccount } = await import("viem/accounts");
-  const { createPublicClient, http } = await import("viem");
-  const { baseSepolia } = await import("viem/chains");
-  const { x402Client, wrapFetchWithPayment } = await import("@x402/fetch");
-  const { ExactEvmScheme } = await import("@x402/evm/exact/client");
-  const { toClientEvmSigner } = await import("@x402/evm");
-  const account = privateKeyToAccount(allowance.privateKey);
-  const publicClient = createPublicClient({ chain: baseSepolia, transport: http() });
-  const signer = toClientEvmSigner(account, publicClient);
-  const client = new x402Client();
-  client.register("eip155:84532", new ExactEvmScheme(signer));
-  return wrapFetchWithPayment(fetch, client);
-}
-
 async function deploy(projectId, name, args) {
   const p = findProject(projectId);
-  const opts = { code: null, timeout: undefined, memory: undefined, deps: undefined };
+  const opts = { file: null, timeout: undefined, memory: undefined, deps: undefined };
   for (let i = 0; i < args.length; i++) {
-    if (args[i] === "--code" && args[i + 1]) opts.code = args[++i];
+    if (args[i] === "--file" && args[i + 1]) opts.file = args[++i];
     if (args[i] === "--timeout" && args[i + 1]) opts.timeout = parseInt(args[++i]);
     if (args[i] === "--memory" && args[i + 1]) opts.memory = parseInt(args[++i]);
     if (args[i] === "--deps" && args[i + 1]) opts.deps = args[++i].split(",");
   }
-  if (!opts.code) { console.error(JSON.stringify({ status: "error", message: "Missing --code <file>" })); process.exit(1); }
-  const code = readFileSync(opts.code, "utf-8");
+  if (!opts.file) { console.error(JSON.stringify({ status: "error", message: "Missing --file <file>" })); process.exit(1); }
+  const code = readFileSync(opts.file, "utf-8");
   const body = { name, code };
   if (opts.timeout || opts.memory) body.config = {};
   if (opts.timeout) body.config.timeout = opts.timeout;

package/lib/paid-fetch.mjs

@@ -3,11 +3,33 @@
  * Branches on allowance rail:
  *   - "mpp": uses mppx.fetch (Tempo pathUSD)
  *   - "x402" (default): uses @x402/fetch (Base USDC)
+ *
+ * Checks on-chain balances at setup time and selects funded networks.
  */
 
 import { readAllowance, ALLOWANCE_FILE } from "./config.mjs";
 import { existsSync } from "fs";
 
+const USDC_ABI = [{ name: "balanceOf", type: "function", stateMutability: "view", inputs: [{ name: "account", type: "address" }], outputs: [{ name: "", type: "uint256" }] }];
+const USDC_MAINNET = "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913";
+const USDC_SEPOLIA = "0x036CbD53842c5426634e7929541eC2318f3dCF7e";
+const PATH_USD = "0x20c0000000000000000000000000000000000000";
+const TEMPO_RPC = "https://rpc.moderato.tempo.xyz/";
+
+async function checkBalance(publicClient, tokenAddress, walletAddress) {
+  try {
+    const raw = await publicClient.readContract({
+      address: tokenAddress,
+      abi: USDC_ABI,
+      functionName: "balanceOf",
+      args: [walletAddress],
+    });
+    return Number(raw);
+  } catch {
+    return 0;
+  }
+}
+
 export async function setupPaidFetch() {
   if (!existsSync(ALLOWANCE_FILE)) {
     console.error(JSON.stringify({ status: "error", message: "No agent allowance found. Run: run402 allowance create && run402 allowance fund" }));
@@ -18,6 +40,23 @@ export async function setupPaidFetch() {
   const account = privateKeyToAccount(allowance.privateKey);
 
   if (allowance.rail === "mpp") {
+    const { createPublicClient, http, defineChain } = await import("viem");
+    const tempoModerato = defineChain({
+      id: 42431,
+      name: "Tempo Moderato",
+      nativeCurrency: { name: "pathUSD", symbol: "pathUSD", decimals: 6 },
+      rpcUrls: { default: { http: [TEMPO_RPC] } },
+    });
+    const tempoClient = createPublicClient({ chain: tempoModerato, transport: http() });
+    const balance = await checkBalance(tempoClient, PATH_USD, allowance.address);
+    if (balance === 0) {
+      console.error(JSON.stringify({
+        status: "error",
+        message: `No pathUSD balance on Tempo Moderato (0). Fund your wallet: run402 allowance fund`,
+      }));
+      process.exit(1);
+    }
+
     const { Mppx, tempo } = await import("mppx/client");
     const mppx = Mppx.create({
       polyfill: false,
@@ -26,7 +65,7 @@ export async function setupPaidFetch() {
     return mppx.fetch;
   }
 
-  // Default: x402 (existing behavior)
+  // Default: x402
   const { createPublicClient, http } = await import("viem");
   const { base, baseSepolia } = await import("viem/chains");
   const { x402Client, wrapFetchWithPayment } = await import("@x402/fetch");
@@ -36,8 +75,33 @@ export async function setupPaidFetch() {
   const mainnetClient = createPublicClient({ chain: base, transport: http() });
   const sepoliaClient = createPublicClient({ chain: baseSepolia, transport: http() });
 
+  // Check balances in parallel
+  const [mainnetBalance, sepoliaBalance] = await Promise.all([
+    checkBalance(mainnetClient, USDC_MAINNET, allowance.address),
+    checkBalance(sepoliaClient, USDC_SEPOLIA, allowance.address),
+  ]);
+
+  if (mainnetBalance === 0 && sepoliaBalance === 0) {
+    console.error(JSON.stringify({
+      status: "error",
+      message: `No USDC balance on any supported network (Base: $${(mainnetBalance / 1e6).toFixed(2)}, Base Sepolia: $${(sepoliaBalance / 1e6).toFixed(2)}). Fund your wallet or run: run402 allowance fund`,
+    }));
+    process.exit(1);
+  }
+
   const client = new x402Client();
   client.register("eip155:8453", new ExactEvmScheme(toClientEvmSigner(account, mainnetClient)));
   client.register("eip155:84532", new ExactEvmScheme(toClientEvmSigner(account, sepoliaClient)));
+
+  // Policy: only allow networks where the wallet has funds
+  client.registerPolicy((_version, reqs) => {
+    const funded = reqs.filter((r) => {
+      if (r.network === "eip155:8453") return mainnetBalance > 0;
+      if (r.network === "eip155:84532") return sepoliaBalance > 0;
+      return false;
+    });
+    return funded.length > 0 ? funded : reqs;
+  });
+
   return wrapFetchWithPayment(fetch, client);
 }

package/lib/projects.mjs

@@ -1,3 +1,4 @@
+import { readFileSync } from "fs";
 import { findProject, loadKeyStore, saveProject, removeProject, API, allowanceAuthHeaders, setActiveProjectId, getActiveProjectId } from "./config.mjs";
 
 const HELP = `run402 projects — Manage your deployed Run402 projects
@@ -12,7 +13,7 @@ Subcommands:
   list                                    List all your projects (IDs, URLs, active marker)
   info  <id>                              Show project details: REST URL, keys
   keys  <id>                              Print anon_key and service_key as JSON
-  sql   <id> "<query>"                    Run a SQL query against a project's Postgres DB
+  sql   <id> "<query>" [--file <path>]     Run a SQL query against a project's Postgres DB
   rest  <id> <table> [params]             Query a table via the REST API (PostgREST)
   usage <id>                              Show compute/storage usage for a project
   schema <id>                             Inspect the database schema
@@ -28,6 +29,7 @@ Examples:
   run402 projects list
   run402 projects info abc123
   run402 projects sql abc123 "SELECT * FROM users LIMIT 5"
+  run402 projects sql abc123 --file setup.sql
   run402 projects rest abc123 users "limit=10&select=id,name"
   run402 projects usage abc123
   run402 projects schema abc123
@@ -115,9 +117,17 @@ async function keys(projectId) {
   console.log(JSON.stringify({ project_id: projectId, anon_key: p.anon_key, service_key: p.service_key }, null, 2));
 }
 
-async function sqlCmd(projectId, query) {
+async function sqlCmd(projectId, args = []) {
   const p = findProject(projectId);
-  const res = await fetch(`${API}/projects/v1/admin/${projectId}/sql`, { method: "POST", headers: { "Authorization": `Bearer ${p.service_key}`, "Content-Type": "text/plain" }, body: query });
+  let file = null;
+  let query = null;
+  for (let i = 0; i < args.length; i++) {
+    if (args[i] === "--file" && args[i + 1]) { file = args[++i]; }
+    else if (!query && !args[i].startsWith("--")) { query = args[i]; }
+  }
+  const sql = file ? readFileSync(file, "utf-8") : query;
+  if (!sql) { console.error(JSON.stringify({ status: "error", message: "Missing SQL query. Provide inline or use --file <path>" })); process.exit(1); }
+  const res = await fetch(`${API}/projects/v1/admin/${projectId}/sql`, { method: "POST", headers: { "Authorization": `Bearer ${p.service_key}`, "Content-Type": "text/plain" }, body: sql });
   console.log(JSON.stringify(await res.json(), null, 2));
 }
 
@@ -193,7 +203,7 @@ export async function run(sub, args) {
     case "list":      await list(); break;
     case "info":      await info(args[0]); break;
     case "keys":      await keys(args[0]); break;
-    case "sql":       await sqlCmd(args[0], args[1]); break;
+    case "sql":       await sqlCmd(args[0], args.slice(1)); break;
     case "rest":      await rest(args[0], args[1], args[2]); break;
     case "usage":     await usage(args[0]); break;
     case "schema":    await schema(args[0]); break;

package/lib/secrets.mjs

@@ -1,3 +1,4 @@
+import { readFileSync } from "fs";
 import { findProject, API } from "./config.mjs";
 
 const HELP = `run402 secrets — Manage project secrets
@@ -6,12 +7,13 @@ Usage:
   run402 secrets <subcommand> [args...]
 
 Subcommands:
-  set    <id> <key> <value>    Set a secret on a project
+  set    <id> <key> <value> [--file <path>]  Set a secret on a project
   list   <id>                  List all secrets for a project
   delete <id> <key>            Delete a secret from a project
 
 Examples:
   run402 secrets set abc123 STRIPE_KEY sk-1234
+  run402 secrets set abc123 TLS_CERT --file cert.pem
   run402 secrets list abc123
   run402 secrets delete abc123 STRIPE_KEY
 
@@ -20,12 +22,20 @@ Notes:
   - Values are never shown after being set
 `;
 
-async function set(projectId, key, value) {
+async function set(projectId, key, args = []) {
   const p = findProject(projectId);
+  let file = null;
+  let value = null;
+  for (let i = 0; i < args.length; i++) {
+    if (args[i] === "--file" && args[i + 1]) { file = args[++i]; }
+    else if (!value && !args[i].startsWith("--")) { value = args[i]; }
+  }
+  const val = file ? readFileSync(file, "utf-8") : value;
+  if (!val) { console.error(JSON.stringify({ status: "error", message: "Missing secret value. Provide inline or use --file <path>" })); process.exit(1); }
   const res = await fetch(`${API}/projects/v1/admin/${projectId}/secrets`, {
     method: "POST",
     headers: { "Authorization": `Bearer ${p.service_key}`, "Content-Type": "application/json" },
-    body: JSON.stringify({ key, value }),
+    body: JSON.stringify({ key, value: val }),
   });
   const data = await res.json();
   if (!res.ok) { console.error(JSON.stringify({ status: "error", http: res.status, ...data })); process.exit(1); }
@@ -59,7 +69,7 @@ async function deleteSecret(projectId, key) {
 export async function run(sub, args) {
   if (!sub || sub === '--help' || sub === '-h') { console.log(HELP); process.exit(0); }
   switch (sub) {
-    case "set":    await set(args[0], args[1], args[2]); break;
+    case "set":    await set(args[0], args[1], args.slice(2)); break;
     case "list":   await list(args[0]); break;
     case "delete": await deleteSecret(args[0], args[1]); break;
     default:

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "run402",
-  "version": "1.17.0",
+  "version": "1.18.1",
   "description": "CLI for Run402 — provision Postgres databases, deploy static sites, generate images, and manage wallets via x402 and MPP micropayments.",
   "type": "module",
   "bin": {