run402 1.69.3 → 1.69.5

package/lib/ai.mjs

@@ -1,7 +1,7 @@
 import { resolveProjectId } from "./config.mjs";
 import { getSdk } from "./sdk.mjs";
 import { reportSdkError, fail } from "./sdk-errors.mjs";
-import { resolvePositionalProject } from "./argparse.mjs";
+import { assertKnownFlags, flagValue, normalizeArgv, resolvePositionalProject } from "./argparse.mjs";
 
 const HELP = `run402 ai — AI translation and moderation tools
 
@@ -103,20 +103,19 @@ Examples:
 `,
 };
 
-function parseFlag(args, flag) {
-  for (let i = 0; i < args.length; i++) {
-    if (args[i] === flag && args[i + 1]) return args[i + 1];
-  }
-  return null;
-}
-
 // translate has value-bearing flags (--to, --from, --context, --project) that
 // must not be mistaken for positional bare args when prefix-matching.
 const TRANSLATE_VALUE_FLAGS = ["--to", "--from", "--context", "--project"];
 
 async function translate(args) {
+  args = normalizeArgv(args);
+  assertKnownFlags(args, TRANSLATE_VALUE_FLAGS, TRANSLATE_VALUE_FLAGS);
+
   // --project <id> wins over positional, mirroring previous behavior.
-  const projectOpt = parseFlag(args, "--project");
+  const projectOpt = flagValue(args, "--project");
+  const to = flagValue(args, "--to");
+  const from = flagValue(args, "--from");
+  const context = flagValue(args, "--context");
   let projectId;
   let rest;
   if (projectOpt) {
@@ -139,10 +138,6 @@ async function translate(args) {
     break;
   }
 
-  const to = parseFlag(args, "--to");
-  const from = parseFlag(args, "--from");
-  const context = parseFlag(args, "--context");
-
   if (!text) {
     fail({
       code: "BAD_USAGE",
@@ -165,7 +160,10 @@ async function translate(args) {
 const MODERATE_VALUE_FLAGS = ["--project"];
 
 async function moderate(args) {
-  const projectOpt = parseFlag(args, "--project");
+  args = normalizeArgv(args);
+  assertKnownFlags(args, MODERATE_VALUE_FLAGS, MODERATE_VALUE_FLAGS);
+
+  const projectOpt = flagValue(args, "--project");
   let projectId;
   let rest;
   if (projectOpt) {
@@ -203,7 +201,10 @@ async function moderate(args) {
 }
 
 async function usage(args) {
-  const projectOpt = parseFlag(args, "--project");
+  args = normalizeArgv(args);
+  assertKnownFlags(args, MODERATE_VALUE_FLAGS, MODERATE_VALUE_FLAGS);
+
+  const projectOpt = flagValue(args, "--project");
   let projectId;
   if (projectOpt) {
     projectId = resolveProjectId(projectOpt);

package/lib/allowance.mjs

@@ -1,6 +1,7 @@
 import { readAllowance, saveAllowance, ALLOWANCE_FILE } from "./config.mjs";
 import { getSdk } from "./sdk.mjs";
 import { reportSdkError, fail } from "./sdk-errors.mjs";
+import { assertKnownFlags, flagValue, normalizeArgv, parseIntegerFlag, positionalArgs } from "./argparse.mjs";
 
 const HELP = `run402 allowance — Manage your agent allowance
 
@@ -258,17 +259,25 @@ async function checkout(args) {
       hint: "Run: run402 allowance create",
     });
   }
-  let amount = null;
-  for (let i = 0; i < args.length; i++) {
-    if (args[i] === "--amount" && args[i + 1]) amount = parseInt(args[++i], 10);
+  const parsedArgs = normalizeArgv(args);
+  assertKnownFlags(parsedArgs, ["--amount", "--help", "-h"], ["--amount"]);
+  const bare = positionalArgs(parsedArgs, ["--amount"]);
+  if (bare.length > 0) {
+    fail({
+      code: "BAD_USAGE",
+      message: `Unexpected argument for allowance checkout: ${bare[0]}`,
+      details: { argument: bare[0] },
+    });
   }
-  if (!amount) {
+  const amountRaw = flagValue(parsedArgs, "--amount");
+  if (amountRaw === null) {
     fail({
       code: "BAD_USAGE",
       message: "Missing --amount <usd_micros>",
       hint: "e.g. --amount 5000000 for $5",
     });
   }
+  const amount = parseIntegerFlag("--amount", amountRaw, { min: 1 });
   try {
     const data = await getSdk().billing.createCheckout(w.address, amount);
     console.log(JSON.stringify(data, null, 2));
@@ -286,10 +295,17 @@ async function history(args) {
       hint: "Run: run402 allowance create",
     });
   }
-  let limit = 20;
-  for (let i = 0; i < args.length; i++) {
-    if (args[i] === "--limit" && args[i + 1]) limit = parseInt(args[++i], 10);
+  const parsedArgs = normalizeArgv(args);
+  assertKnownFlags(parsedArgs, ["--limit", "--help", "-h"], ["--limit"]);
+  const bare = positionalArgs(parsedArgs, ["--limit"]);
+  if (bare.length > 0) {
+    fail({
+      code: "BAD_USAGE",
+      message: `Unexpected argument for allowance history: ${bare[0]}`,
+      details: { argument: bare[0] },
+    });
   }
+  const limit = parseIntegerFlag("--limit", flagValue(parsedArgs, "--limit"), { min: 1, def: 20 });
   try {
     const data = await getSdk().billing.history(w.address, limit);
     console.log(JSON.stringify(data, null, 2));

package/lib/argparse.mjs

@@ -75,6 +75,13 @@ export function parseIntegerFlag(name, value, { min = 1, max = Number.POSITIVE_I
     });
   }
   const n = Number.parseInt(raw, 10);
+  if (!Number.isSafeInteger(n)) {
+    fail({
+      code: "BAD_FLAG",
+      message: `${name} must be a safe integer, got: ${raw}`,
+      details: { flag: name, value: raw },
+    });
+  }
   if (n < min) {
     fail({
       code: "BAD_FLAG",

package/lib/auth.mjs

@@ -1,6 +1,7 @@
 import { resolveProjectId } from "./config.mjs";
 import { getSdk } from "./sdk.mjs";
 import { reportSdkError, fail } from "./sdk-errors.mjs";
+import { assertKnownFlags, hasHelp, normalizeArgv } from "./argparse.mjs";
 
 const HELP = `run402 auth — Manage project user authentication
 
@@ -230,6 +231,61 @@ Examples:
 `,
 };
 
+const AUTH_FLAGS = {
+  "magic-link": {
+    known: ["--email", "--redirect", "--intent", "--state", "--project", "--help", "-h"],
+    values: ["--email", "--redirect", "--intent", "--state", "--project"],
+  },
+  "create-user": {
+    known: ["--email", "--admin", "--invite", "--redirect", "--state", "--project", "--help", "-h"],
+    values: ["--email", "--admin", "--redirect", "--state", "--project"],
+  },
+  "invite-user": {
+    known: ["--email", "--redirect", "--admin", "--state", "--project", "--help", "-h"],
+    values: ["--email", "--redirect", "--admin", "--state", "--project"],
+  },
+  verify: {
+    known: ["--token", "--project", "--help", "-h"],
+    values: ["--token", "--project"],
+  },
+  "set-password": {
+    known: ["--token", "--new", "--current", "--project", "--help", "-h"],
+    values: ["--token", "--new", "--current", "--project"],
+  },
+  settings: {
+    known: ["--allow-password-set", "--preferred", "--public-signup", "--require-admin-passkey", "--project", "--help", "-h"],
+    values: ["--allow-password-set", "--preferred", "--public-signup", "--require-admin-passkey", "--project"],
+  },
+  "passkey-register-options": {
+    known: ["--token", "--app-origin", "--project", "--help", "-h"],
+    values: ["--token", "--app-origin", "--project"],
+  },
+  "passkey-register-verify": {
+    known: ["--token", "--challenge", "--response", "--label", "--project", "--help", "-h"],
+    values: ["--token", "--challenge", "--response", "--label", "--project"],
+  },
+  "passkey-login-options": {
+    known: ["--app-origin", "--email", "--project", "--help", "-h"],
+    values: ["--app-origin", "--email", "--project"],
+  },
+  "passkey-login-verify": {
+    known: ["--challenge", "--response", "--project", "--help", "-h"],
+    values: ["--challenge", "--response", "--project"],
+  },
+  passkeys: {
+    known: ["--token", "--project", "--help", "-h"],
+    values: ["--token", "--project"],
+  },
+  "delete-passkey": {
+    known: ["--token", "--id", "--project", "--help", "-h"],
+    values: ["--token", "--id", "--project"],
+  },
+  providers: {
+    known: ["--project", "--help", "-h"],
+    values: ["--project"],
+  },
+};
+
 function parseFlag(args, flag) {
   for (let i = 0; i < args.length; i++) {
     if (args[i] === flag && args[i + 1]) return args[i + 1];
@@ -557,10 +613,15 @@ async function providers(args) {
 
 export async function run(sub, args) {
   if (!sub || sub === "--help" || sub === "-h") { console.log(HELP); process.exit(0); }
-  if (Array.isArray(args) && (args.includes("--help") || args.includes("-h"))) {
+  args = normalizeArgv(args);
+  if (Array.isArray(args) && hasHelp(args)) {
     console.log(SUB_HELP[sub] || HELP);
     process.exit(0);
   }
+  const flagSpec = AUTH_FLAGS[sub];
+  if (flagSpec) {
+    assertKnownFlags(args, flagSpec.known, flagSpec.values);
+  }
   switch (sub) {
     case "magic-link": await magicLink(args); break;
     case "verify": await verify(args); break;

package/lib/billing.mjs

@@ -1,5 +1,6 @@
 import { getSdk } from "./sdk.mjs";
 import { reportSdkError, fail } from "./sdk-errors.mjs";
+import { parseIntegerFlag } from "./argparse.mjs";
 
 const HELP = `run402 billing — Email billing accounts, Stripe tier checkout, email packs
 
@@ -128,6 +129,23 @@ function parseFlag(args, flag) {
   return null;
 }
 
+function requireSingleBillingIdentifier(email, wallet) {
+  if (email && wallet) {
+    fail({
+      code: "BAD_USAGE",
+      message: "Provide either --email or --wallet, not both.",
+      hint: "[--email <e> | --wallet <w>]",
+    });
+  }
+  if (!email && !wallet) {
+    fail({
+      code: "BAD_USAGE",
+      message: "Must provide --email or --wallet",
+      hint: "[--email <e> | --wallet <w>]",
+    });
+  }
+}
+
 async function createEmail(args) {
   const email = args[0];
   if (!email) {
@@ -174,9 +192,7 @@ async function tierCheckout(args) {
   }
   const email = parseFlag(args, "--email");
   const wallet = parseFlag(args, "--wallet");
-  if (!email && !wallet) {
-    fail({ code: "BAD_USAGE", message: "Must provide --email or --wallet" });
-  }
+  requireSingleBillingIdentifier(email, wallet);
   try {
     const data = await getSdk().billing.tierCheckout(tier, { email: email ?? undefined, wallet: wallet ?? undefined });
     console.log(JSON.stringify(data, null, 2));
@@ -188,9 +204,7 @@ async function tierCheckout(args) {
 async function buyPack(args) {
   const email = parseFlag(args, "--email");
   const wallet = parseFlag(args, "--wallet");
-  if (!email && !wallet) {
-    fail({ code: "BAD_USAGE", message: "Must provide --email or --wallet" });
-  }
+  requireSingleBillingIdentifier(email, wallet);
   try {
     const data = await getSdk().billing.buyEmailPack({ email: email ?? undefined, wallet: wallet ?? undefined });
     console.log(JSON.stringify(data, null, 2));
@@ -210,11 +224,14 @@ async function autoRecharge(args) {
     });
   }
   const thresholdStr = parseFlag(args, "--threshold");
+  const threshold = args.includes("--threshold")
+    ? parseIntegerFlag("--threshold", thresholdStr, { min: 0 })
+    : undefined;
   try {
     await getSdk().billing.setAutoRecharge({
       billingAccountId: accountId,
       enabled: state === "on",
-      threshold: thresholdStr ? Number(thresholdStr) : undefined,
+      threshold,
     });
     console.log(JSON.stringify({ status: "ok", billing_account_id: accountId, enabled: state === "on" }));
   } catch (err) {

package/lib/contracts.mjs

@@ -135,6 +135,15 @@ function parseFlag(args, flag) {
 function hasFlag(args, flag) {
   return args.includes(flag);
 }
+function validateWeiFlag(flag, value) {
+  if (!/^\d+$/.test(String(value))) {
+    fail({
+      code: "BAD_FLAG",
+      message: `${flag} must be a decimal non-negative integer string in wei`,
+      details: { flag, value: String(value) },
+    });
+  }
+}
 
 async function provisionWallet(projectId, args) {
   const chain = parseFlag(args, "--chain");
@@ -210,6 +219,7 @@ async function setAlert(projectId, walletId, args) {
   if (!threshold) {
     fail({ code: "BAD_USAGE", message: "Missing --threshold-wei <n>" });
   }
+  validateWeiFlag("--threshold-wei", threshold);
   try {
     await getSdk().contracts.setLowBalanceAlert(projectId, walletId, threshold);
     console.log(JSON.stringify({ status: "ok", wallet_id: walletId, threshold_wei: threshold }));
@@ -233,6 +243,7 @@ async function call(projectId, walletId, args) {
       hint: "Cost: chain gas + $0.000005 KMS sign fee.",
     });
   }
+  if (value !== null) validateWeiFlag("--value-wei", value);
   const abiFragment = parseFlagJson("--abi", abi);
   const callArgs = parseFlagJson("--args", argsJson);
   try {

package/lib/deploy-v2.mjs

@@ -21,7 +21,7 @@
  * UTF-8 is the default; binary files pass `"encoding": "base64"`.
  */
 
-import { readFileSync } from "node:fs";
+import { fstatSync, readFileSync } from "node:fs";
 import { resolve, dirname, isAbsolute } from "node:path";
 import {
   buildDeployResolveSummary,
@@ -266,6 +266,15 @@ async function readStdin() {
   return Buffer.concat(chunks).toString("utf-8");
 }
 
+function hasStdinSource() {
+  try {
+    const stats = fstatSync(0);
+    return stats.isFIFO() || stats.isFile();
+  } catch {
+    return false;
+  }
+}
+
 function makeStderrEventWriter(quiet) {
   if (quiet) return undefined;
   return (event) => {
@@ -273,22 +282,97 @@ function makeStderrEventWriter(quiet) {
   };
 }
 
-async function applyCmd(args) {
+function parseApplyArgs(args) {
   const opts = { manifest: null, spec: null, project: null, quiet: false, allowWarnings: false };
+  const allowedFlags = ["--manifest", "--spec", "--project", "--quiet", "--allow-warnings", "--help", "-h"];
+
   for (let i = 0; i < args.length; i++) {
-    if (args[i] === "--help" || args[i] === "-h") { console.log(APPLY_HELP); process.exit(0); }
-    if (args[i] === "--manifest" && args[i + 1]) { opts.manifest = args[++i]; continue; }
-    if (args[i] === "--spec" && args[i + 1]) { opts.spec = args[++i]; continue; }
-    if (args[i] === "--project" && args[i + 1]) { opts.project = args[++i]; continue; }
-    if (args[i] === "--quiet") { opts.quiet = true; continue; }
-    if (args[i] === "--allow-warnings") { opts.allowWarnings = true; continue; }
+    const arg = args[i];
+    if (arg === "--help" || arg === "-h") {
+      console.log(APPLY_HELP);
+      process.exit(0);
+    }
+    if (arg === "--manifest" || arg === "--spec" || arg === "--project") {
+      const value = args[i + 1];
+      if (value === undefined || (typeof value === "string" && value.startsWith("--"))) {
+        fail({
+          code: "BAD_USAGE",
+          message: `${arg} requires a value`,
+          details: { flag: arg },
+        });
+      }
+      if (arg === "--manifest") {
+        if (opts.manifest !== null) {
+          fail({
+            code: "BAD_USAGE",
+            message: "--manifest may only be provided once",
+            details: { flag: "--manifest" },
+          });
+        }
+        opts.manifest = value;
+      } else if (arg === "--spec") {
+        if (opts.spec !== null) {
+          fail({
+            code: "BAD_USAGE",
+            message: "--spec may only be provided once",
+            details: { flag: "--spec" },
+          });
+        }
+        opts.spec = value;
+      } else {
+        opts.project = value;
+      }
+      i += 1;
+      continue;
+    }
+    if (arg === "--quiet") { opts.quiet = true; continue; }
+    if (arg === "--allow-warnings") { opts.allowWarnings = true; continue; }
+    if (typeof arg === "string" && arg.startsWith("-")) {
+      fail({
+        code: "BAD_USAGE",
+        message: `Unknown flag for deploy apply: ${arg}`,
+        details: { flag: arg, allowed_flags: allowedFlags },
+      });
+    }
+    fail({
+      code: "BAD_USAGE",
+      message: `Unexpected argument for deploy apply: ${arg}`,
+      details: { argument: arg },
+    });
+  }
+
+  return opts;
+}
+
+function applySourceField(opts) {
+  if (opts.manifest !== null) return "manifest";
+  if (opts.spec !== null) return "spec";
+  return "stdin";
+}
+
+function validateApplySources(opts) {
+  const sources = [];
+  if (opts.manifest !== null) sources.push("--manifest");
+  if (opts.spec !== null) sources.push("--spec");
+  if (hasStdinSource()) sources.push("stdin");
+  if (sources.length > 1) {
+    fail({
+      code: "BAD_USAGE",
+      message: "Only one deploy manifest source may be provided: --spec, --manifest, or stdin.",
+      details: { sources },
+    });
   }
+}
+
+async function applyCmd(args) {
+  const opts = parseApplyArgs(args);
+  validateApplySources(opts);
 
   let raw;
   let manifestPath = null;
-  if (opts.spec) {
+  if (opts.spec !== null) {
     raw = opts.spec;
-  } else if (opts.manifest) {
+  } else if (opts.manifest !== null) {
     try {
       manifestPath = isAbsolute(opts.manifest) ? opts.manifest : resolve(process.cwd(), opts.manifest);
       raw = readFileSync(manifestPath, "utf-8");
@@ -310,11 +394,11 @@ async function applyCmd(args) {
     fail({
       code: "BAD_USAGE",
       message: `Manifest is not valid JSON: ${err.message}`,
-      details: { source: opts.manifest ? "manifest" : opts.spec ? "spec" : "stdin", parse_error: err.message },
+      details: { source: applySourceField(opts), parse_error: err.message },
     });
   }
   rejectLegacySecretManifest(spec, {
-    source: opts.manifest ? "manifest" : opts.spec ? "spec" : "stdin",
+    source: applySourceField(opts),
     ...(manifestPath ? { path: manifestPath } : {}),
   });
 
@@ -355,7 +439,7 @@ async function applyCmd(args) {
       message: `Manifest contains no deployable sections. Expected at least one of: ${meaningful.join(", ")}`,
       hint: "Did you mean to write a 'site.replace' or 'database.migrations' block? See https://run402.com/schemas/manifest.v1.json",
       details: {
-        field: opts.manifest ? "manifest" : opts.spec ? "spec" : "stdin",
+        field: applySourceField(opts),
         ...(manifestPath ? { path: manifestPath } : {}),
         meaningful_keys: meaningful,
       },
@@ -725,7 +809,7 @@ async function listCmd(args) {
   for (let i = 0; i < args.length; i++) {
     if (args[i] === "--help" || args[i] === "-h") { console.log(LIST_HELP); process.exit(0); }
     if (args[i] === "--project" && args[i + 1]) { opts.project = args[++i]; continue; }
-    if (args[i] === "--limit" && args[i + 1]) { opts.limit = Number(args[++i]); continue; }
+    if (args[i] === "--limit") { opts.limit = parsePositiveInt(args[++i], "--limit"); continue; }
   }
 
   const project = resolveProjectId(opts.project);
@@ -733,7 +817,7 @@ async function listCmd(args) {
 
   try {
     const sdkOpts = { project };
-    if (opts.limit !== null && Number.isFinite(opts.limit)) sdkOpts.limit = opts.limit;
+    if (opts.limit !== null) sdkOpts.limit = opts.limit;
     const result = await getSdk().deploy.list(sdkOpts);
     console.log(JSON.stringify({ status: "ok", ...result }, null, 2));
   } catch (err) {