run402 1.69.4 → 1.69.6

package/lib/billing.mjs

@@ -1,5 +1,6 @@
 import { getSdk } from "./sdk.mjs";
 import { reportSdkError, fail } from "./sdk-errors.mjs";
+import { assertKnownFlags, flagValue, normalizeArgv, parseIntegerFlag, positionalArgs } from "./argparse.mjs";
 
 const HELP = `run402 billing — Email billing accounts, Stripe tier checkout, email packs
 
@@ -121,15 +122,31 @@ Examples:
 `,
 };
 
-function parseFlag(args, flag) {
-  for (let i = 0; i < args.length; i++) {
-    if (args[i] === flag && args[i + 1]) return args[i + 1];
+function requireSingleBillingIdentifier(email, wallet) {
+  if (email && wallet) {
+    fail({
+      code: "BAD_USAGE",
+      message: "Provide either --email or --wallet, not both.",
+      hint: "[--email <e> | --wallet <w>]",
+    });
+  }
+  if (!email && !wallet) {
+    fail({
+      code: "BAD_USAGE",
+      message: "Must provide --email or --wallet",
+      hint: "[--email <e> | --wallet <w>]",
+    });
   }
-  return null;
 }
 
 async function createEmail(args) {
-  const email = args[0];
+  const parsedArgs = normalizeArgv(args);
+  assertKnownFlags(parsedArgs, ["--help", "-h"]);
+  const positionals = positionalArgs(parsedArgs);
+  const email = positionals[0];
+  if (positionals.length > 1) {
+    fail({ code: "BAD_USAGE", message: `Unexpected argument for billing create-email: ${positionals[1]}` });
+  }
   if (!email) {
     fail({
       code: "BAD_USAGE",
@@ -146,8 +163,14 @@ async function createEmail(args) {
 }
 
 async function linkWallet(args) {
-  const accountId = args[0];
-  const wallet = args[1];
+  const parsedArgs = normalizeArgv(args);
+  assertKnownFlags(parsedArgs, ["--help", "-h"]);
+  const positionals = positionalArgs(parsedArgs);
+  const accountId = positionals[0];
+  const wallet = positionals[1];
+  if (positionals.length > 2) {
+    fail({ code: "BAD_USAGE", message: `Unexpected argument for billing link-wallet: ${positionals[2]}` });
+  }
   if (!accountId || !wallet) {
     fail({
       code: "BAD_USAGE",
@@ -164,7 +187,14 @@ async function linkWallet(args) {
 }
 
 async function tierCheckout(args) {
-  const tier = args[0];
+  const parsedArgs = normalizeArgv(args);
+  const valueFlags = ["--email", "--wallet"];
+  assertKnownFlags(parsedArgs, [...valueFlags, "--help", "-h"], valueFlags);
+  const positionals = positionalArgs(parsedArgs, valueFlags);
+  const tier = positionals[0];
+  if (positionals.length > 1) {
+    fail({ code: "BAD_USAGE", message: `Unexpected argument for billing tier-checkout: ${positionals[1]}` });
+  }
   if (!tier) {
     fail({
       code: "BAD_USAGE",
@@ -172,11 +202,9 @@ async function tierCheckout(args) {
       hint: "run402 billing tier-checkout <tier> [--email <e> | --wallet <w>]",
     });
   }
-  const email = parseFlag(args, "--email");
-  const wallet = parseFlag(args, "--wallet");
-  if (!email && !wallet) {
-    fail({ code: "BAD_USAGE", message: "Must provide --email or --wallet" });
-  }
+  const email = flagValue(parsedArgs, "--email");
+  const wallet = flagValue(parsedArgs, "--wallet");
+  requireSingleBillingIdentifier(email, wallet);
   try {
     const data = await getSdk().billing.tierCheckout(tier, { email: email ?? undefined, wallet: wallet ?? undefined });
     console.log(JSON.stringify(data, null, 2));
@@ -186,11 +214,16 @@ async function tierCheckout(args) {
 }
 
 async function buyPack(args) {
-  const email = parseFlag(args, "--email");
-  const wallet = parseFlag(args, "--wallet");
-  if (!email && !wallet) {
-    fail({ code: "BAD_USAGE", message: "Must provide --email or --wallet" });
+  const parsedArgs = normalizeArgv(args);
+  const valueFlags = ["--email", "--wallet"];
+  assertKnownFlags(parsedArgs, [...valueFlags, "--help", "-h"], valueFlags);
+  const extra = positionalArgs(parsedArgs, valueFlags);
+  if (extra.length > 0) {
+    fail({ code: "BAD_USAGE", message: `Unexpected argument for billing buy-email-pack: ${extra[0]}` });
   }
+  const email = flagValue(parsedArgs, "--email");
+  const wallet = flagValue(parsedArgs, "--wallet");
+  requireSingleBillingIdentifier(email, wallet);
   try {
     const data = await getSdk().billing.buyEmailPack({ email: email ?? undefined, wallet: wallet ?? undefined });
     console.log(JSON.stringify(data, null, 2));
@@ -200,8 +233,15 @@ async function buyPack(args) {
 }
 
 async function autoRecharge(args) {
-  const accountId = args[0];
-  const state = args[1];
+  const parsedArgs = normalizeArgv(args);
+  const valueFlags = ["--threshold"];
+  assertKnownFlags(parsedArgs, [...valueFlags, "--help", "-h"], valueFlags);
+  const positionals = positionalArgs(parsedArgs, valueFlags);
+  const accountId = positionals[0];
+  const state = positionals[1];
+  if (positionals.length > 2) {
+    fail({ code: "BAD_USAGE", message: `Unexpected argument for billing auto-recharge: ${positionals[2]}` });
+  }
   if (!accountId || !state || !["on", "off"].includes(state)) {
     fail({
       code: "BAD_USAGE",
@@ -209,12 +249,15 @@ async function autoRecharge(args) {
       hint: "run402 billing auto-recharge <account_id> <on|off> [--threshold <n>]",
     });
   }
-  const thresholdStr = parseFlag(args, "--threshold");
+  const thresholdStr = flagValue(parsedArgs, "--threshold");
+  const threshold = parsedArgs.includes("--threshold")
+    ? parseIntegerFlag("--threshold", thresholdStr, { min: 0 })
+    : undefined;
   try {
     await getSdk().billing.setAutoRecharge({
       billingAccountId: accountId,
       enabled: state === "on",
-      threshold: thresholdStr ? Number(thresholdStr) : undefined,
+      threshold,
     });
     console.log(JSON.stringify({ status: "ok", billing_account_id: accountId, enabled: state === "on" }));
   } catch (err) {
@@ -223,7 +266,13 @@ async function autoRecharge(args) {
 }
 
 async function balance(args) {
-  const id = args[0];
+  const parsedArgs = normalizeArgv(args);
+  assertKnownFlags(parsedArgs, ["--help", "-h"]);
+  const positionals = positionalArgs(parsedArgs);
+  const id = positionals[0];
+  if (positionals.length > 1) {
+    fail({ code: "BAD_USAGE", message: `Unexpected argument for billing balance: ${positionals[1]}` });
+  }
   if (!id) {
     fail({
       code: "BAD_USAGE",
@@ -240,7 +289,14 @@ async function balance(args) {
 }
 
 async function history(args) {
-  const id = args[0];
+  const parsedArgs = normalizeArgv(args);
+  const valueFlags = ["--limit"];
+  assertKnownFlags(parsedArgs, [...valueFlags, "--help", "-h"], valueFlags);
+  const positionals = positionalArgs(parsedArgs, valueFlags);
+  const id = positionals[0];
+  if (positionals.length > 1) {
+    fail({ code: "BAD_USAGE", message: `Unexpected argument for billing history: ${positionals[1]}` });
+  }
   if (!id) {
     fail({
       code: "BAD_USAGE",
@@ -248,9 +304,11 @@ async function history(args) {
       hint: "run402 billing history <email-or-wallet> [--limit <n>]",
     });
   }
-  const limit = parseFlag(args, "--limit") || "50";
+  const limit = parsedArgs.includes("--limit")
+    ? parseIntegerFlag("--limit", flagValue(parsedArgs, "--limit"), { min: 1 })
+    : 50;
   try {
-    const data = await getSdk().billing.getHistory(id, Number(limit));
+    const data = await getSdk().billing.getHistory(id, limit);
     console.log(JSON.stringify(data, null, 2));
   } catch (err) {
     reportSdkError(err);

package/lib/blob.mjs

@@ -438,8 +438,8 @@ async function put(projectId, argv) {
   const resolvedId = resolveProjectId(opts.project);
 
   if (opts.positional.length === 0) die("At least one file path is required");
-  if (opts.immutable && opts.positional.length > 1 && opts.key && !opts.key.endsWith("/")) {
-    die("--key with --immutable across multiple files requires a directory prefix (ending with /)");
+  if (opts.positional.length > 1 && opts.key && !opts.key.endsWith("/")) {
+    die("--key across multiple files requires a directory prefix (ending with /)");
   }
 
   const results = [];

package/lib/cdn.mjs

@@ -16,6 +16,7 @@
 import { resolveProjectId } from "./config.mjs";
 import { getSdk } from "./sdk.mjs";
 import { reportSdkError, fail } from "./sdk-errors.mjs";
+import { assertKnownFlags, flagValue, normalizeArgv, parseIntegerFlag, positionalArgs } from "./argparse.mjs";
 
 const HELP = `run402 cdn — CloudFront CDN diagnostics for public blob URLs
 
@@ -73,14 +74,19 @@ function die(msg, exit_code = 1) {
 }
 
 function parseArgs(args) {
-  const opts = { positional: [] };
-  for (let i = 0; i < args.length; i++) {
-    const a = args[i];
-    if (a === "--sha") opts.sha = args[++i];
-    else if (a === "--timeout") opts.timeout = Number(args[++i]);
-    else if (a === "--project") opts.project = args[++i];
-    else if (a.startsWith("--")) die(`Unknown option: ${a}`);
-    else opts.positional.push(a);
+  const normalized = normalizeArgv(args);
+  const valueFlags = ["--sha", "--timeout", "--project"];
+  assertKnownFlags(normalized, [...valueFlags, "--help", "-h"], valueFlags);
+  const opts = {
+    positional: positionalArgs(normalized, valueFlags),
+    sha: flagValue(normalized, "--sha"),
+    timeout: normalized.includes("--timeout")
+      ? parseIntegerFlag("--timeout", flagValue(normalized, "--timeout"), { min: 1 })
+      : undefined,
+    project: flagValue(normalized, "--project"),
+  };
+  if (opts.positional.length > 1) {
+    die(`Unexpected argument for cdn wait-fresh: ${opts.positional[1]}`);
   }
   return opts;
 }
@@ -92,6 +98,13 @@ async function waitFresh(projectId, argv) {
   if (opts.positional.length === 0) die("URL required");
   const url = opts.positional[0];
   if (!opts.sha) die("--sha is required");
+  if (!/^[a-fA-F0-9]{64}$/.test(opts.sha)) {
+    fail({
+      code: "BAD_FLAG",
+      message: "--sha must be a 64-character hex SHA-256 digest",
+      details: { flag: "--sha", value: opts.sha },
+    });
+  }
 
   const timeoutMs = (opts.timeout ?? 60) * 1000;
   try {

package/lib/contracts.mjs

@@ -1,5 +1,13 @@
 import { getSdk } from "./sdk.mjs";
 import { reportSdkError, fail, parseFlagJson } from "./sdk-errors.mjs";
+import {
+  assertAllowedValue,
+  assertKnownFlags,
+  flagValue,
+  normalizeArgv,
+  positionalArgs,
+  validateEvmAddress,
+} from "./argparse.mjs";
 
 const HELP = `run402 contracts — KMS-backed Ethereum wallets for smart-contract calls
 
@@ -126,32 +134,44 @@ Examples:
 `,
 };
 
-function parseFlag(args, flag) {
-  for (let i = 0; i < args.length; i++) {
-    if (args[i] === flag && args[i + 1]) return args[i + 1];
-  }
-  return null;
-}
 function hasFlag(args, flag) {
   return args.includes(flag);
 }
+function validateWeiFlag(flag, value) {
+  if (!/^\d+$/.test(String(value))) {
+    fail({
+      code: "BAD_FLAG",
+      message: `${flag} must be a decimal non-negative integer string in wei`,
+      details: { flag, value: String(value) },
+    });
+  }
+}
 
 async function provisionWallet(projectId, args) {
-  const chain = parseFlag(args, "--chain");
+  const parsedArgs = normalizeArgv(args);
+  const valueFlags = ["--chain", "--recovery"];
+  assertKnownFlags(parsedArgs, [...valueFlags, "--yes", "--help", "-h"], valueFlags);
+  const extra = positionalArgs(parsedArgs, valueFlags);
+  if (extra.length > 0) {
+    fail({ code: "BAD_USAGE", message: `Unexpected argument for contracts provision-wallet: ${extra[0]}` });
+  }
+  const chain = flagValue(parsedArgs, "--chain");
   if (!chain) {
     fail({
       code: "BAD_USAGE",
       message: "Missing --chain (base-mainnet or base-sepolia)",
     });
   }
-  const recovery = parseFlag(args, "--recovery");
+  assertAllowedValue(chain, ["base-mainnet", "base-sepolia"], "--chain");
+  const recovery = flagValue(parsedArgs, "--recovery");
+  if (recovery) validateEvmAddress(recovery, "--recovery");
   // Soft default of one wallet — confirm if project already has one.
   let activeWallets = null;
   try {
     const list = await getSdk().contracts.listWallets(projectId);
     activeWallets = (list.wallets || []).filter((w) => w.status === "active").length;
   } catch { /* best-effort */ }
-  if (activeWallets !== null && activeWallets >= 1 && !hasFlag(args, "--yes")) {
+  if (activeWallets !== null && activeWallets >= 1 && !hasFlag(parsedArgs, "--yes")) {
     fail({
       code: "CONFIRMATION_REQUIRED",
       message: `This project already has ${activeWallets} active wallet(s). Adding another costs $0.04/day each ($1.20/month). Re-run with --yes to confirm.`,
@@ -170,7 +190,13 @@ async function provisionWallet(projectId, args) {
   }
 }
 
-async function getWallet(projectId, walletId) {
+async function getWallet(projectId, walletId, args = []) {
+  const parsedArgs = normalizeArgv(args);
+  assertKnownFlags(parsedArgs, ["--help", "-h"]);
+  const extra = positionalArgs(parsedArgs);
+  if (extra.length > 0) {
+    fail({ code: "BAD_USAGE", message: `Unexpected argument for contracts get-wallet: ${extra[0]}` });
+  }
   try {
     const data = await getSdk().contracts.getWallet(projectId, walletId);
     console.log(JSON.stringify(data, null, 2));
@@ -179,7 +205,13 @@ async function getWallet(projectId, walletId) {
   }
 }
 
-async function listWallets(projectId) {
+async function listWallets(projectId, args = []) {
+  const parsedArgs = normalizeArgv(args);
+  assertKnownFlags(parsedArgs, ["--help", "-h"]);
+  const extra = positionalArgs(parsedArgs);
+  if (extra.length > 0) {
+    fail({ code: "BAD_USAGE", message: `Unexpected argument for contracts list-wallets: ${extra[0]}` });
+  }
   try {
     const data = await getSdk().contracts.listWallets(projectId);
     console.log(JSON.stringify(data, null, 2));
@@ -189,14 +221,25 @@ async function listWallets(projectId) {
 }
 
 async function setRecovery(projectId, walletId, args) {
-  const clear = hasFlag(args, "--clear");
-  const address = parseFlag(args, "--address");
+  const parsedArgs = normalizeArgv(args);
+  const valueFlags = ["--address"];
+  assertKnownFlags(parsedArgs, [...valueFlags, "--clear", "--help", "-h"], valueFlags);
+  const extra = positionalArgs(parsedArgs, valueFlags);
+  if (extra.length > 0) {
+    fail({ code: "BAD_USAGE", message: `Unexpected argument for contracts set-recovery: ${extra[0]}` });
+  }
+  const clear = hasFlag(parsedArgs, "--clear");
+  const address = flagValue(parsedArgs, "--address");
+  if (clear && address) {
+    fail({ code: "BAD_USAGE", message: "Provide either --address or --clear, not both." });
+  }
   if (!clear && !address) {
     fail({
       code: "BAD_USAGE",
       message: "Provide --address 0x... or --clear",
     });
   }
+  if (address) validateEvmAddress(address, "--address");
   try {
     await getSdk().contracts.setRecovery(projectId, walletId, clear ? null : address);
     console.log(JSON.stringify({ status: "ok", wallet_id: walletId, recovery_address: clear ? null : address }));
@@ -206,10 +249,18 @@ async function setRecovery(projectId, walletId, args) {
 }
 
 async function setAlert(projectId, walletId, args) {
-  const threshold = parseFlag(args, "--threshold-wei");
+  const parsedArgs = normalizeArgv(args);
+  const valueFlags = ["--threshold-wei"];
+  assertKnownFlags(parsedArgs, [...valueFlags, "--help", "-h"], valueFlags);
+  const extra = positionalArgs(parsedArgs, valueFlags);
+  if (extra.length > 0) {
+    fail({ code: "BAD_USAGE", message: `Unexpected argument for contracts set-alert: ${extra[0]}` });
+  }
+  const threshold = flagValue(parsedArgs, "--threshold-wei");
   if (!threshold) {
     fail({ code: "BAD_USAGE", message: "Missing --threshold-wei <n>" });
   }
+  validateWeiFlag("--threshold-wei", threshold);
   try {
     await getSdk().contracts.setLowBalanceAlert(projectId, walletId, threshold);
     console.log(JSON.stringify({ status: "ok", wallet_id: walletId, threshold_wei: threshold }));
@@ -219,13 +270,20 @@ async function setAlert(projectId, walletId, args) {
 }
 
 async function call(projectId, walletId, args) {
-  const to = parseFlag(args, "--to");
-  const abi = parseFlag(args, "--abi");
-  const fn = parseFlag(args, "--fn");
-  const argsJson = parseFlag(args, "--args");
-  const value = parseFlag(args, "--value-wei");
-  const chain = parseFlag(args, "--chain") || "base-mainnet";
-  const idempotency = parseFlag(args, "--idempotency-key");
+  const parsedArgs = normalizeArgv(args);
+  const valueFlags = ["--to", "--abi", "--fn", "--args", "--value-wei", "--chain", "--idempotency-key"];
+  assertKnownFlags(parsedArgs, [...valueFlags, "--help", "-h"], valueFlags);
+  const extra = positionalArgs(parsedArgs, valueFlags);
+  if (extra.length > 0) {
+    fail({ code: "BAD_USAGE", message: `Unexpected argument for contracts call: ${extra[0]}` });
+  }
+  const to = flagValue(parsedArgs, "--to");
+  const abi = flagValue(parsedArgs, "--abi");
+  const fn = flagValue(parsedArgs, "--fn");
+  const argsJson = flagValue(parsedArgs, "--args");
+  const value = flagValue(parsedArgs, "--value-wei");
+  const chain = flagValue(parsedArgs, "--chain") || "base-mainnet";
+  const idempotency = flagValue(parsedArgs, "--idempotency-key");
   if (!to || !abi || !fn || !argsJson) {
     fail({
       code: "BAD_USAGE",
@@ -233,8 +291,11 @@ async function call(projectId, walletId, args) {
       hint: "Cost: chain gas + $0.000005 KMS sign fee.",
     });
   }
+  assertAllowedValue(chain, ["base-mainnet", "base-sepolia"], "--chain");
+  if (value !== null) validateWeiFlag("--value-wei", value);
   const abiFragment = parseFlagJson("--abi", abi);
   const callArgs = parseFlagJson("--args", argsJson);
+  validateEvmAddress(to, "--to");
   try {
     const data = await getSdk().contracts.call(projectId, {
       walletId,
@@ -253,19 +314,28 @@ async function call(projectId, walletId, args) {
 }
 
 async function read(args) {
-  const chain = parseFlag(args, "--chain");
-  const to = parseFlag(args, "--to");
-  const abi = parseFlag(args, "--abi");
-  const fn = parseFlag(args, "--fn");
-  const argsJson = parseFlag(args, "--args");
+  const parsedArgs = normalizeArgv(args);
+  const valueFlags = ["--chain", "--to", "--abi", "--fn", "--args"];
+  assertKnownFlags(parsedArgs, [...valueFlags, "--help", "-h"], valueFlags);
+  const extra = positionalArgs(parsedArgs, valueFlags);
+  if (extra.length > 0) {
+    fail({ code: "BAD_USAGE", message: `Unexpected argument for contracts read: ${extra[0]}` });
+  }
+  const chain = flagValue(parsedArgs, "--chain");
+  const to = flagValue(parsedArgs, "--to");
+  const abi = flagValue(parsedArgs, "--abi");
+  const fn = flagValue(parsedArgs, "--fn");
+  const argsJson = flagValue(parsedArgs, "--args");
   if (!chain || !to || !abi || !fn || !argsJson) {
     fail({
       code: "BAD_USAGE",
       message: "Required flags: --chain, --to, --abi, --fn, --args",
     });
   }
+  assertAllowedValue(chain, ["base-mainnet", "base-sepolia"], "--chain");
   const abiFragment = parseFlagJson("--abi", abi);
   const callArgs = parseFlagJson("--args", argsJson);
+  validateEvmAddress(to, "--to");
   try {
     const data = await getSdk().contracts.read({
       chain,
@@ -280,7 +350,13 @@ async function read(args) {
   }
 }
 
-async function status(projectId, callId) {
+async function status(projectId, callId, args = []) {
+  const parsedArgs = normalizeArgv(args);
+  assertKnownFlags(parsedArgs, ["--help", "-h"]);
+  const extra = positionalArgs(parsedArgs);
+  if (extra.length > 0) {
+    fail({ code: "BAD_USAGE", message: `Unexpected argument for contracts status: ${extra[0]}` });
+  }
   try {
     const data = await getSdk().contracts.callStatus(projectId, callId);
     console.log(JSON.stringify(data, null, 2));
@@ -290,14 +366,22 @@ async function status(projectId, callId) {
 }
 
 async function drain(projectId, walletId, args) {
-  const to = parseFlag(args, "--to");
-  if (!to || !hasFlag(args, "--confirm")) {
+  const parsedArgs = normalizeArgv(args);
+  const valueFlags = ["--to"];
+  assertKnownFlags(parsedArgs, [...valueFlags, "--confirm", "--help", "-h"], valueFlags);
+  const extra = positionalArgs(parsedArgs, valueFlags);
+  if (extra.length > 0) {
+    fail({ code: "BAD_USAGE", message: `Unexpected argument for contracts drain: ${extra[0]}` });
+  }
+  const to = flagValue(parsedArgs, "--to");
+  if (!to || !hasFlag(parsedArgs, "--confirm")) {
     fail({
       code: "BAD_USAGE",
       message: "Required: --to 0x... and --confirm.",
       hint: "Cost: chain gas + $0.000005 KMS sign fee.",
     });
   }
+  validateEvmAddress(to, "--to");
   try {
     const data = await getSdk().contracts.drain(projectId, walletId, to);
     console.log(JSON.stringify(data, null, 2));
@@ -307,7 +391,13 @@ async function drain(projectId, walletId, args) {
 }
 
 async function deleteWallet(projectId, walletId, args) {
-  if (!hasFlag(args, "--confirm")) {
+  const parsedArgs = normalizeArgv(args);
+  assertKnownFlags(parsedArgs, ["--confirm", "--help", "-h"]);
+  const extra = positionalArgs(parsedArgs);
+  if (extra.length > 0) {
+    fail({ code: "BAD_USAGE", message: `Unexpected argument for contracts delete: ${extra[0]}` });
+  }
+  if (!hasFlag(parsedArgs, "--confirm")) {
     fail({ code: "BAD_USAGE", message: "Required: --confirm" });
   }
   try {
@@ -323,13 +413,13 @@ export async function run(sub, args) {
   if (Array.isArray(args) && (args.includes("--help") || args.includes("-h"))) { console.log(SUB_HELP[sub] || HELP); process.exit(0); }
   switch (sub) {
     case "provision-wallet": await provisionWallet(args[0], args.slice(1)); break;
-    case "get-wallet":       await getWallet(args[0], args[1]); break;
-    case "list-wallets":     await listWallets(args[0]); break;
+    case "get-wallet":       await getWallet(args[0], args[1], args.slice(2)); break;
+    case "list-wallets":     await listWallets(args[0], args.slice(1)); break;
     case "set-recovery":     await setRecovery(args[0], args[1], args.slice(2)); break;
     case "set-alert":        await setAlert(args[0], args[1], args.slice(2)); break;
     case "call":             await call(args[0], args[1], args.slice(2)); break;
     case "read":             await read(args); break;
-    case "status":           await status(args[0], args[1]); break;
+    case "status":           await status(args[0], args[1], args.slice(2)); break;
     case "drain":            await drain(args[0], args[1], args.slice(2)); break;
     case "delete":           await deleteWallet(args[0], args[1], args.slice(2)); break;
     default:

package/lib/domains.mjs

@@ -1,6 +1,7 @@
 import { resolveProjectId } from "./config.mjs";
 import { getSdk } from "./sdk.mjs";
 import { reportSdkError, fail } from "./sdk-errors.mjs";
+import { assertKnownFlags, flagValue, normalizeArgv, positionalArgs } from "./argparse.mjs";
 
 const HELP = `run402 domains — Manage custom domains
 
@@ -94,14 +95,15 @@ Examples:
 `,
 };
 
-function parseProjectFlag(args) {
-  let project = null;
-  const rest = [];
-  for (let i = 0; i < args.length; i++) {
-    if (args[i] === "--project" && args[i + 1]) { project = args[++i]; }
-    else { rest.push(args[i]); }
-  }
-  return { project, rest };
+function parseProjectFlag(args, extraKnown = []) {
+  const parsedArgs = normalizeArgv(args);
+  const valueFlags = ["--project"];
+  assertKnownFlags(parsedArgs, [...valueFlags, ...extraKnown, "--help", "-h"], valueFlags);
+  return {
+    project: flagValue(parsedArgs, "--project"),
+    rest: positionalArgs(parsedArgs, valueFlags),
+    args: parsedArgs,
+  };
 }
 
 async function add(args) {
@@ -115,6 +117,9 @@ async function add(args) {
       hint: "run402 domains add <domain> <subdomain_name> [--project <id>]",
     });
   }
+  if (rest.length > 2) {
+    fail({ code: "BAD_USAGE", message: `Unexpected argument for domains add: ${rest[2]}` });
+  }
   const projectId = resolveProjectId(project);
   try {
     const data = await getSdk().domains.add(projectId, domain, subdomainName);
@@ -153,6 +158,9 @@ async function status(args) {
       hint: "run402 domains status <domain> [--project <id>]",
     });
   }
+  if (rest.length > 1) {
+    fail({ code: "BAD_USAGE", message: `Unexpected argument for domains status: ${rest[1]}` });
+  }
   const projectId = resolveProjectId(project);
   try {
     const data = await getSdk().domains.status(projectId, domain);
@@ -163,8 +171,8 @@ async function status(args) {
 }
 
 async function deleteDomain(args) {
-  const { project, rest } = parseProjectFlag(args);
-  const domain = rest.find((a) => !a.startsWith("--"));
+  const { project, rest, args: parsedArgs } = parseProjectFlag(args, ["--confirm"]);
+  const domain = rest[0];
   if (!domain) {
     fail({
       code: "BAD_USAGE",
@@ -172,7 +180,10 @@ async function deleteDomain(args) {
       hint: "run402 domains delete <domain> --confirm [--project <id>]",
     });
   }
-  if (!Array.isArray(args) || !args.includes("--confirm")) {
+  if (rest.length > 1) {
+    fail({ code: "BAD_USAGE", message: `Unexpected argument for domains delete: ${rest[1]}` });
+  }
+  if (!parsedArgs.includes("--confirm")) {
     fail({
       code: "CONFIRMATION_REQUIRED",
       message: `Destructive: releasing custom domain '${domain}' detaches it from this project and clears its DNS/SSL configuration. This is irreversible. Re-run with --confirm to proceed.`,