run402 1.57.3 → 1.57.5

package/lib/projects.mjs

@@ -41,7 +41,7 @@ Examples:
   run402 projects sql prj_abc123 --file setup.sql
   run402 projects rest prj_abc123 users "limit=10&select=id,name"
   run402 projects usage prj_abc123
-  RUN402_ADMIN_COOKIE='run402_admin=...' run402 projects costs prj_abc123 --window 30d
+  run402 projects costs prj_abc123 --window 30d
   run402 projects schema prj_abc123
   run402 projects apply-expose prj_abc123 --file manifest.json
   run402 projects get-expose prj_abc123
@@ -122,15 +122,17 @@ Options:
   --window <w>        Finance window (default: 30d). One of: 24h, 7d, 30d, 90d
 
 Environment:
-  RUN402_ADMIN_COOKIE Admin OAuth cookie header, e.g. "run402_admin=..."
+  RUN402_ADMIN_COOKIE Optional admin OAuth cookie header, e.g. "run402_admin=..."
 
 Notes:
-  - Platform-admin only. Project service keys and normal allowance auth are
-    not enough for this endpoint.
+  - Platform-admin only. The configured allowance wallet must be an admin
+    wallet, or RUN402_ADMIN_COOKIE must contain an admin OAuth cookie.
+  - Project service keys are not enough for this endpoint.
   - Output is the gateway's per-project finance JSON: revenue, direct cost,
     direct margin, and direct_cost_breakdown rows.
 
 Examples:
+  run402 projects costs prj_abc123
   RUN402_ADMIN_COOKIE='run402_admin=...' run402 projects costs prj_abc123
   RUN402_ADMIN_COOKIE='run402_admin=...' run402 projects costs --window 7d
 `,
@@ -344,14 +346,7 @@ async function usage(projectId) {
 
 function adminCookieFromEnv() {
   const raw = process.env.RUN402_ADMIN_COOKIE?.trim();
-  if (!raw) {
-    fail({
-      code: "ADMIN_COOKIE_REQUIRED",
-      message: "run402 projects costs requires RUN402_ADMIN_COOKIE.",
-      hint: "Sign in to /admin, then set RUN402_ADMIN_COOKIE to the run402_admin cookie header.",
-      details: { env: "RUN402_ADMIN_COOKIE" },
-    });
-  }
+  if (!raw) return undefined;
   return raw.includes("=") ? raw : `run402_admin=${raw}`;
 }
 
@@ -368,7 +363,7 @@ async function costs(projectId, args = []) {
   try {
     const data = await getSdk().admin.getProjectFinance(projectId, {
       window,
-      cookie,
+      ...(cookie ? { cookie } : {}),
     });
     console.log(JSON.stringify(data, null, 2));
   } catch (err) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "run402",
-  "version": "1.57.3",
+  "version": "1.57.5",
   "description": "CLI for Run402 — provision Postgres databases, deploy static sites, generate images, and manage wallets via x402 and MPP micropayments.",
   "type": "module",
   "bin": {

package/sdk/dist/namespaces/admin.d.ts

@@ -27,8 +27,8 @@ export interface AdminProjectFinanceOptions {
     window?: AdminFinanceWindow;
     /**
      * Optional admin session cookie header. Node operators can pass the value of
-     * RUN402_ADMIN_COOKIE; custom credential providers may instead inject auth
-     * headers through getAuth().
+     * RUN402_ADMIN_COOKIE when they want browser-session auth; otherwise the
+     * credential provider's normal auth headers are used.
      */
     cookie?: string;
 }
@@ -63,9 +63,10 @@ export declare class Admin {
      * Fetch per-project finance for platform operators.
      *
      * This is the same admin-only surface used by the Run402 Finance tab. It is
-     * gated by the gateway's admin OAuth session; project service keys are not
-     * sufficient. Pass `cookie` when using the Node SDK directly, or provide a
-     * credential provider whose `getAuth()` returns suitable admin headers.
+     * gated by platform-admin auth; project service keys are not sufficient.
+     * Use the Node SDK with an admin allowance wallet, pass `cookie` for browser
+     * session auth, or provide a credential provider whose `getAuth()` returns
+     * suitable admin headers.
      */
     getProjectFinance(projectId: string, opts?: AdminProjectFinanceOptions): Promise<AdminProjectFinanceResult>;
 }

package/sdk/dist/namespaces/admin.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"admin.d.ts","sourceRoot":"","sources":["../../src/namespaces/admin.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAG3C,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,MAAM,kBAAkB,GAAG,KAAK,GAAG,IAAI,GAAG,KAAK,GAAG,KAAK,CAAC;AAE9D,MAAM,WAAW,0BAA0B;IACzC,6DAA6D;IAC7D,MAAM,CAAC,EAAE,kBAAkB,CAAC;IAC5B;;;;OAIG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,yBAAyB;IACxC,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,kBAAkB,CAAC;IAC3B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,sBAAsB,EAAE,MAAM,CAAC;IAC/B,wBAAwB,EAAE,MAAM,CAAC;IACjC,iBAAiB,EAAE;QACjB,oBAAoB,EAAE,MAAM,CAAC;QAC7B,sBAAsB,EAAE,MAAM,CAAC;QAC/B,qBAAqB,EAAE,MAAM,CAAC;QAC9B,wBAAwB,EAAE,MAAM,CAAC;QACjC,uBAAuB,EAAE,MAAM,CAAC;KACjC,CAAC;IACF,qBAAqB,EAAE,KAAK,CAAC;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,eAAe,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC5E,KAAK,EAAE,MAAM,CAAC;CACf;AAID,qBAAa,KAAK;IACJ,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,MAAM;IAE3C,wEAAwE;IAClE,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAQ9D,0DAA0D;IACpD,eAAe,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAYzE;;;;;;;OAOG;IACG,iBAAiB,CACrB,SAAS,EAAE,MAAM,EACjB,IAAI,GAAE,0BAA+B,GACpC,OAAO,CAAC,yBAAyB,CAAC;CAoBtC"}
+{"version":3,"file":"admin.d.ts","sourceRoot":"","sources":["../../src/namespaces/admin.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAG3C,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,MAAM,kBAAkB,GAAG,KAAK,GAAG,IAAI,GAAG,KAAK,GAAG,KAAK,CAAC;AAE9D,MAAM,WAAW,0BAA0B;IACzC,6DAA6D;IAC7D,MAAM,CAAC,EAAE,kBAAkB,CAAC;IAC5B;;;;OAIG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,yBAAyB;IACxC,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,kBAAkB,CAAC;IAC3B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,sBAAsB,EAAE,MAAM,CAAC;IAC/B,wBAAwB,EAAE,MAAM,CAAC;IACjC,iBAAiB,EAAE;QACjB,oBAAoB,EAAE,MAAM,CAAC;QAC7B,sBAAsB,EAAE,MAAM,CAAC;QAC/B,qBAAqB,EAAE,MAAM,CAAC;QAC9B,wBAAwB,EAAE,MAAM,CAAC;QACjC,uBAAuB,EAAE,MAAM,CAAC;KACjC,CAAC;IACF,qBAAqB,EAAE,KAAK,CAAC;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,eAAe,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC5E,KAAK,EAAE,MAAM,CAAC;CACf;AAID,qBAAa,KAAK;IACJ,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,MAAM;IAE3C,wEAAwE;IAClE,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAQ9D,0DAA0D;IACpD,eAAe,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAYzE;;;;;;;;OAQG;IACG,iBAAiB,CACrB,SAAS,EAAE,MAAM,EACjB,IAAI,GAAE,0BAA+B,GACpC,OAAO,CAAC,yBAAyB,CAAC;CAoBtC"}

package/sdk/dist/namespaces/admin.js

@@ -37,16 +37,17 @@ export class Admin {
      * Fetch per-project finance for platform operators.
      *
      * This is the same admin-only surface used by the Run402 Finance tab. It is
-     * gated by the gateway's admin OAuth session; project service keys are not
-     * sufficient. Pass `cookie` when using the Node SDK directly, or provide a
-     * credential provider whose `getAuth()` returns suitable admin headers.
+     * gated by platform-admin auth; project service keys are not sufficient.
+     * Use the Node SDK with an admin allowance wallet, pass `cookie` for browser
+     * session auth, or provide a credential provider whose `getAuth()` returns
+     * suitable admin headers.
      */
     async getProjectFinance(projectId, opts = {}) {
         const window = opts.window ?? "30d";
         if (!FINANCE_WINDOWS.has(window)) {
             throw new LocalError(`Invalid finance window: ${String(window)}. Expected one of: 24h, 7d, 30d, 90d.`, "fetching project finance");
         }
-        const headers = {};
+        const headers = { "X-Admin-Mode": "1" };
         if (opts.cookie)
             headers.Cookie = opts.cookie;
         return this.client.request(`/admin/api/finance/project/${encodeURIComponent(projectId)}?window=${encodeURIComponent(window)}`, {

package/sdk/dist/namespaces/admin.js.map

@@ -1 +1 @@
-{"version":3,"file":"admin.js","sourceRoot":"","sources":["../../src/namespaces/admin.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAmD1C,MAAM,eAAe,GAAG,IAAI,GAAG,CAAqB,CAAC,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;AAEjF,MAAM,OAAO,KAAK;IACa;IAA7B,YAA6B,MAAc;QAAd,WAAM,GAAN,MAAM,CAAQ;IAAG,CAAC;IAE/C,wEAAwE;IACxE,KAAK,CAAC,WAAW,CAAC,OAAe;QAC/B,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAoB,aAAa,EAAE;YAC3D,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,EAAE,OAAO,EAAE;YACjB,OAAO,EAAE,iBAAiB;SAC3B,CAAC,CAAC;IACL,CAAC;IAED,0DAA0D;IAC1D,KAAK,CAAC,eAAe,CAAC,OAAqB;QACzC,MAAM,IAAI,GAA2B,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC;QAC5D,IAAI,OAAO,CAAC,KAAK;YAAE,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAC9C,IAAI,OAAO,CAAC,OAAO;YAAE,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAEpD,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAqB,mBAAmB,EAAE;YAClE,MAAM,EAAE,MAAM;YACd,IAAI;YACJ,OAAO,EAAE,uBAAuB;SACjC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,iBAAiB,CACrB,SAAiB,EACjB,OAAmC,EAAE;QAErC,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,KAAK,CAAC;QACpC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YACjC,MAAM,IAAI,UAAU,CAClB,2BAA2B,MAAM,CAAC,MAAM,CAAC,uCAAuC,EAChF,0BAA0B,CAC3B,CAAC;QACJ,CAAC;QAED,MAAM,OAAO,GAA2B,EAAE,CAAC;QAC3C,IAAI,IAAI,CAAC,MAAM;YAAE,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;QAE9C,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CACxB,8BAA8B,kBAAkB,CAAC,SAAS,CAAC,WAAW,kBAAkB,CAAC,MAAM,CAAC,EAAE,EAClG;YACE,OAAO;YACP,OAAO,EAAE,0BAA0B;SACpC,CACF,CAAC;IACJ,CAAC;CACF"}
+{"version":3,"file":"admin.js","sourceRoot":"","sources":["../../src/namespaces/admin.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAmD1C,MAAM,eAAe,GAAG,IAAI,GAAG,CAAqB,CAAC,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;AAEjF,MAAM,OAAO,KAAK;IACa;IAA7B,YAA6B,MAAc;QAAd,WAAM,GAAN,MAAM,CAAQ;IAAG,CAAC;IAE/C,wEAAwE;IACxE,KAAK,CAAC,WAAW,CAAC,OAAe;QAC/B,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAoB,aAAa,EAAE;YAC3D,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,EAAE,OAAO,EAAE;YACjB,OAAO,EAAE,iBAAiB;SAC3B,CAAC,CAAC;IACL,CAAC;IAED,0DAA0D;IAC1D,KAAK,CAAC,eAAe,CAAC,OAAqB;QACzC,MAAM,IAAI,GAA2B,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC;QAC5D,IAAI,OAAO,CAAC,KAAK;YAAE,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAC9C,IAAI,OAAO,CAAC,OAAO;YAAE,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAEpD,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAqB,mBAAmB,EAAE;YAClE,MAAM,EAAE,MAAM;YACd,IAAI;YACJ,OAAO,EAAE,uBAAuB;SACjC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,iBAAiB,CACrB,SAAiB,EACjB,OAAmC,EAAE;QAErC,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,KAAK,CAAC;QACpC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YACjC,MAAM,IAAI,UAAU,CAClB,2BAA2B,MAAM,CAAC,MAAM,CAAC,uCAAuC,EAChF,0BAA0B,CAC3B,CAAC;QACJ,CAAC;QAED,MAAM,OAAO,GAA2B,EAAE,cAAc,EAAE,GAAG,EAAE,CAAC;QAChE,IAAI,IAAI,CAAC,MAAM;YAAE,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;QAE9C,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CACxB,8BAA8B,kBAAkB,CAAC,SAAS,CAAC,WAAW,kBAAkB,CAAC,MAAM,CAAC,EAAE,EAClG;YACE,OAAO;YACP,OAAO,EAAE,0BAA0B;SACpC,CACF,CAAC;IACJ,CAAC;CACF"}

package/core-dist/wallet-auth.js

@@ -1,62 +0,0 @@
-/**
- * Wallet auth helper — generates EIP-191 signature headers for Run402 API.
- * Uses @noble/curves (lighter than viem) for signing.
- */
-import { secp256k1 } from "@noble/curves/secp256k1.js";
-import { keccak_256 } from "@noble/hashes/sha3.js";
-import { bytesToHex } from "@noble/hashes/utils.js";
-import { readWallet } from "./wallet.js";
-/**
- * EIP-191 personal_sign: sign a message with the wallet's private key.
- */
-function personalSign(privateKeyHex, address, message) {
-    const msgBytes = new TextEncoder().encode(message);
-    const prefix = new TextEncoder().encode(`\x19Ethereum Signed Message:\n${msgBytes.length}`);
-    const prefixed = new Uint8Array(prefix.length + msgBytes.length);
-    prefixed.set(prefix);
-    prefixed.set(msgBytes, prefix.length);
-    const hash = keccak_256(prefixed);
-    const pkHex = privateKeyHex.startsWith("0x")
-        ? privateKeyHex.slice(2)
-        : privateKeyHex;
-    const pkBytes = Uint8Array.from(Buffer.from(pkHex, "hex"));
-    const rawSig = secp256k1.sign(hash, pkBytes);
-    const sig = secp256k1.Signature.fromBytes(rawSig);
-    // Determine recovery bit by trying both and matching the address
-    let recovery = 0;
-    for (const v of [0, 1]) {
-        try {
-            const recovered = sig.addRecoveryBit(v).recoverPublicKey(hash);
-            const pubBytes = recovered.toBytes(false).slice(1); // uncompressed, drop 04 prefix
-            const addrBytes = keccak_256(pubBytes).slice(-20);
-            if ("0x" + bytesToHex(addrBytes) === address.toLowerCase()) {
-                recovery = v;
-                break;
-            }
-        }
-        catch {
-            continue;
-        }
-    }
-    const r = sig.r.toString(16).padStart(64, "0");
-    const s = sig.s.toString(16).padStart(64, "0");
-    const vHex = (recovery + 27).toString(16).padStart(2, "0");
-    return "0x" + r + s + vHex;
-}
-/**
- * Get wallet auth headers for the Run402 API.
- * Returns null if no wallet is configured.
- */
-export function getWalletAuthHeaders(walletPath) {
-    const wallet = readWallet(walletPath);
-    if (!wallet || !wallet.address || !wallet.privateKey)
-        return null;
-    const timestamp = Math.floor(Date.now() / 1000).toString();
-    const signature = personalSign(wallet.privateKey, wallet.address, `run402:${timestamp}`);
-    return {
-        "X-Run402-Wallet": wallet.address,
-        "X-Run402-Signature": signature,
-        "X-Run402-Timestamp": timestamp,
-    };
-}
-//# sourceMappingURL=wallet-auth.js.map

package/core-dist/wallet.js

@@ -1,25 +0,0 @@
-import { readFileSync, writeFileSync, mkdirSync, existsSync, chmodSync, renameSync } from "node:fs";
-import { dirname, join } from "node:path";
-import { randomBytes } from "node:crypto";
-import { getWalletPath } from "./config.js";
-export function readWallet(path) {
-    const p = path ?? getWalletPath();
-    if (!existsSync(p))
-        return null;
-    try {
-        return JSON.parse(readFileSync(p, "utf-8"));
-    }
-    catch {
-        return null;
-    }
-}
-export function saveWallet(data, path) {
-    const p = path ?? getWalletPath();
-    const dir = dirname(p);
-    mkdirSync(dir, { recursive: true });
-    const tmp = join(dir, `.wallet.${randomBytes(4).toString("hex")}.tmp`);
-    writeFileSync(tmp, JSON.stringify(data, null, 2), { mode: 0o600 });
-    renameSync(tmp, p);
-    chmodSync(p, 0o600);
-}
-//# sourceMappingURL=wallet.js.map

package/sdk/core-dist/wallet-auth.js

@@ -1,62 +0,0 @@
-/**
- * Wallet auth helper — generates EIP-191 signature headers for Run402 API.
- * Uses @noble/curves (lighter than viem) for signing.
- */
-import { secp256k1 } from "@noble/curves/secp256k1.js";
-import { keccak_256 } from "@noble/hashes/sha3.js";
-import { bytesToHex } from "@noble/hashes/utils.js";
-import { readWallet } from "./wallet.js";
-/**
- * EIP-191 personal_sign: sign a message with the wallet's private key.
- */
-function personalSign(privateKeyHex, address, message) {
-    const msgBytes = new TextEncoder().encode(message);
-    const prefix = new TextEncoder().encode(`\x19Ethereum Signed Message:\n${msgBytes.length}`);
-    const prefixed = new Uint8Array(prefix.length + msgBytes.length);
-    prefixed.set(prefix);
-    prefixed.set(msgBytes, prefix.length);
-    const hash = keccak_256(prefixed);
-    const pkHex = privateKeyHex.startsWith("0x")
-        ? privateKeyHex.slice(2)
-        : privateKeyHex;
-    const pkBytes = Uint8Array.from(Buffer.from(pkHex, "hex"));
-    const rawSig = secp256k1.sign(hash, pkBytes);
-    const sig = secp256k1.Signature.fromBytes(rawSig);
-    // Determine recovery bit by trying both and matching the address
-    let recovery = 0;
-    for (const v of [0, 1]) {
-        try {
-            const recovered = sig.addRecoveryBit(v).recoverPublicKey(hash);
-            const pubBytes = recovered.toBytes(false).slice(1); // uncompressed, drop 04 prefix
-            const addrBytes = keccak_256(pubBytes).slice(-20);
-            if ("0x" + bytesToHex(addrBytes) === address.toLowerCase()) {
-                recovery = v;
-                break;
-            }
-        }
-        catch {
-            continue;
-        }
-    }
-    const r = sig.r.toString(16).padStart(64, "0");
-    const s = sig.s.toString(16).padStart(64, "0");
-    const vHex = (recovery + 27).toString(16).padStart(2, "0");
-    return "0x" + r + s + vHex;
-}
-/**
- * Get wallet auth headers for the Run402 API.
- * Returns null if no wallet is configured.
- */
-export function getWalletAuthHeaders(walletPath) {
-    const wallet = readWallet(walletPath);
-    if (!wallet || !wallet.address || !wallet.privateKey)
-        return null;
-    const timestamp = Math.floor(Date.now() / 1000).toString();
-    const signature = personalSign(wallet.privateKey, wallet.address, `run402:${timestamp}`);
-    return {
-        "X-Run402-Wallet": wallet.address,
-        "X-Run402-Signature": signature,
-        "X-Run402-Timestamp": timestamp,
-    };
-}
-//# sourceMappingURL=wallet-auth.js.map

package/sdk/core-dist/wallet.js

@@ -1,25 +0,0 @@
-import { readFileSync, writeFileSync, mkdirSync, existsSync, chmodSync, renameSync } from "node:fs";
-import { dirname, join } from "node:path";
-import { randomBytes } from "node:crypto";
-import { getWalletPath } from "./config.js";
-export function readWallet(path) {
-    const p = path ?? getWalletPath();
-    if (!existsSync(p))
-        return null;
-    try {
-        return JSON.parse(readFileSync(p, "utf-8"));
-    }
-    catch {
-        return null;
-    }
-}
-export function saveWallet(data, path) {
-    const p = path ?? getWalletPath();
-    const dir = dirname(p);
-    mkdirSync(dir, { recursive: true });
-    const tmp = join(dir, `.wallet.${randomBytes(4).toString("hex")}.tmp`);
-    writeFileSync(tmp, JSON.stringify(data, null, 2), { mode: 0o600 });
-    renameSync(tmp, p);
-    chmodSync(p, 0o600);
-}
-//# sourceMappingURL=wallet.js.map