run402 1.69.5 → 1.69.6

package/lib/contracts.mjs

@@ -1,5 +1,13 @@
 import { getSdk } from "./sdk.mjs";
 import { reportSdkError, fail, parseFlagJson } from "./sdk-errors.mjs";
+import {
+  assertAllowedValue,
+  assertKnownFlags,
+  flagValue,
+  normalizeArgv,
+  positionalArgs,
+  validateEvmAddress,
+} from "./argparse.mjs";
 
 const HELP = `run402 contracts — KMS-backed Ethereum wallets for smart-contract calls
 
@@ -126,12 +134,6 @@ Examples:
 `,
 };
 
-function parseFlag(args, flag) {
-  for (let i = 0; i < args.length; i++) {
-    if (args[i] === flag && args[i + 1]) return args[i + 1];
-  }
-  return null;
-}
 function hasFlag(args, flag) {
   return args.includes(flag);
 }
@@ -146,21 +148,30 @@ function validateWeiFlag(flag, value) {
 }
 
 async function provisionWallet(projectId, args) {
-  const chain = parseFlag(args, "--chain");
+  const parsedArgs = normalizeArgv(args);
+  const valueFlags = ["--chain", "--recovery"];
+  assertKnownFlags(parsedArgs, [...valueFlags, "--yes", "--help", "-h"], valueFlags);
+  const extra = positionalArgs(parsedArgs, valueFlags);
+  if (extra.length > 0) {
+    fail({ code: "BAD_USAGE", message: `Unexpected argument for contracts provision-wallet: ${extra[0]}` });
+  }
+  const chain = flagValue(parsedArgs, "--chain");
   if (!chain) {
     fail({
       code: "BAD_USAGE",
       message: "Missing --chain (base-mainnet or base-sepolia)",
     });
   }
-  const recovery = parseFlag(args, "--recovery");
+  assertAllowedValue(chain, ["base-mainnet", "base-sepolia"], "--chain");
+  const recovery = flagValue(parsedArgs, "--recovery");
+  if (recovery) validateEvmAddress(recovery, "--recovery");
   // Soft default of one wallet — confirm if project already has one.
   let activeWallets = null;
   try {
     const list = await getSdk().contracts.listWallets(projectId);
     activeWallets = (list.wallets || []).filter((w) => w.status === "active").length;
   } catch { /* best-effort */ }
-  if (activeWallets !== null && activeWallets >= 1 && !hasFlag(args, "--yes")) {
+  if (activeWallets !== null && activeWallets >= 1 && !hasFlag(parsedArgs, "--yes")) {
     fail({
       code: "CONFIRMATION_REQUIRED",
       message: `This project already has ${activeWallets} active wallet(s). Adding another costs $0.04/day each ($1.20/month). Re-run with --yes to confirm.`,
@@ -179,7 +190,13 @@ async function provisionWallet(projectId, args) {
   }
 }
 
-async function getWallet(projectId, walletId) {
+async function getWallet(projectId, walletId, args = []) {
+  const parsedArgs = normalizeArgv(args);
+  assertKnownFlags(parsedArgs, ["--help", "-h"]);
+  const extra = positionalArgs(parsedArgs);
+  if (extra.length > 0) {
+    fail({ code: "BAD_USAGE", message: `Unexpected argument for contracts get-wallet: ${extra[0]}` });
+  }
   try {
     const data = await getSdk().contracts.getWallet(projectId, walletId);
     console.log(JSON.stringify(data, null, 2));
@@ -188,7 +205,13 @@ async function getWallet(projectId, walletId) {
   }
 }
 
-async function listWallets(projectId) {
+async function listWallets(projectId, args = []) {
+  const parsedArgs = normalizeArgv(args);
+  assertKnownFlags(parsedArgs, ["--help", "-h"]);
+  const extra = positionalArgs(parsedArgs);
+  if (extra.length > 0) {
+    fail({ code: "BAD_USAGE", message: `Unexpected argument for contracts list-wallets: ${extra[0]}` });
+  }
   try {
     const data = await getSdk().contracts.listWallets(projectId);
     console.log(JSON.stringify(data, null, 2));
@@ -198,14 +221,25 @@ async function listWallets(projectId) {
 }
 
 async function setRecovery(projectId, walletId, args) {
-  const clear = hasFlag(args, "--clear");
-  const address = parseFlag(args, "--address");
+  const parsedArgs = normalizeArgv(args);
+  const valueFlags = ["--address"];
+  assertKnownFlags(parsedArgs, [...valueFlags, "--clear", "--help", "-h"], valueFlags);
+  const extra = positionalArgs(parsedArgs, valueFlags);
+  if (extra.length > 0) {
+    fail({ code: "BAD_USAGE", message: `Unexpected argument for contracts set-recovery: ${extra[0]}` });
+  }
+  const clear = hasFlag(parsedArgs, "--clear");
+  const address = flagValue(parsedArgs, "--address");
+  if (clear && address) {
+    fail({ code: "BAD_USAGE", message: "Provide either --address or --clear, not both." });
+  }
   if (!clear && !address) {
     fail({
       code: "BAD_USAGE",
       message: "Provide --address 0x... or --clear",
     });
   }
+  if (address) validateEvmAddress(address, "--address");
   try {
     await getSdk().contracts.setRecovery(projectId, walletId, clear ? null : address);
     console.log(JSON.stringify({ status: "ok", wallet_id: walletId, recovery_address: clear ? null : address }));
@@ -215,7 +249,14 @@ async function setRecovery(projectId, walletId, args) {
 }
 
 async function setAlert(projectId, walletId, args) {
-  const threshold = parseFlag(args, "--threshold-wei");
+  const parsedArgs = normalizeArgv(args);
+  const valueFlags = ["--threshold-wei"];
+  assertKnownFlags(parsedArgs, [...valueFlags, "--help", "-h"], valueFlags);
+  const extra = positionalArgs(parsedArgs, valueFlags);
+  if (extra.length > 0) {
+    fail({ code: "BAD_USAGE", message: `Unexpected argument for contracts set-alert: ${extra[0]}` });
+  }
+  const threshold = flagValue(parsedArgs, "--threshold-wei");
   if (!threshold) {
     fail({ code: "BAD_USAGE", message: "Missing --threshold-wei <n>" });
   }
@@ -229,13 +270,20 @@ async function setAlert(projectId, walletId, args) {
 }
 
 async function call(projectId, walletId, args) {
-  const to = parseFlag(args, "--to");
-  const abi = parseFlag(args, "--abi");
-  const fn = parseFlag(args, "--fn");
-  const argsJson = parseFlag(args, "--args");
-  const value = parseFlag(args, "--value-wei");
-  const chain = parseFlag(args, "--chain") || "base-mainnet";
-  const idempotency = parseFlag(args, "--idempotency-key");
+  const parsedArgs = normalizeArgv(args);
+  const valueFlags = ["--to", "--abi", "--fn", "--args", "--value-wei", "--chain", "--idempotency-key"];
+  assertKnownFlags(parsedArgs, [...valueFlags, "--help", "-h"], valueFlags);
+  const extra = positionalArgs(parsedArgs, valueFlags);
+  if (extra.length > 0) {
+    fail({ code: "BAD_USAGE", message: `Unexpected argument for contracts call: ${extra[0]}` });
+  }
+  const to = flagValue(parsedArgs, "--to");
+  const abi = flagValue(parsedArgs, "--abi");
+  const fn = flagValue(parsedArgs, "--fn");
+  const argsJson = flagValue(parsedArgs, "--args");
+  const value = flagValue(parsedArgs, "--value-wei");
+  const chain = flagValue(parsedArgs, "--chain") || "base-mainnet";
+  const idempotency = flagValue(parsedArgs, "--idempotency-key");
   if (!to || !abi || !fn || !argsJson) {
     fail({
       code: "BAD_USAGE",
@@ -243,9 +291,11 @@ async function call(projectId, walletId, args) {
       hint: "Cost: chain gas + $0.000005 KMS sign fee.",
     });
   }
+  assertAllowedValue(chain, ["base-mainnet", "base-sepolia"], "--chain");
   if (value !== null) validateWeiFlag("--value-wei", value);
   const abiFragment = parseFlagJson("--abi", abi);
   const callArgs = parseFlagJson("--args", argsJson);
+  validateEvmAddress(to, "--to");
   try {
     const data = await getSdk().contracts.call(projectId, {
       walletId,
@@ -264,19 +314,28 @@ async function call(projectId, walletId, args) {
 }
 
 async function read(args) {
-  const chain = parseFlag(args, "--chain");
-  const to = parseFlag(args, "--to");
-  const abi = parseFlag(args, "--abi");
-  const fn = parseFlag(args, "--fn");
-  const argsJson = parseFlag(args, "--args");
+  const parsedArgs = normalizeArgv(args);
+  const valueFlags = ["--chain", "--to", "--abi", "--fn", "--args"];
+  assertKnownFlags(parsedArgs, [...valueFlags, "--help", "-h"], valueFlags);
+  const extra = positionalArgs(parsedArgs, valueFlags);
+  if (extra.length > 0) {
+    fail({ code: "BAD_USAGE", message: `Unexpected argument for contracts read: ${extra[0]}` });
+  }
+  const chain = flagValue(parsedArgs, "--chain");
+  const to = flagValue(parsedArgs, "--to");
+  const abi = flagValue(parsedArgs, "--abi");
+  const fn = flagValue(parsedArgs, "--fn");
+  const argsJson = flagValue(parsedArgs, "--args");
   if (!chain || !to || !abi || !fn || !argsJson) {
     fail({
       code: "BAD_USAGE",
       message: "Required flags: --chain, --to, --abi, --fn, --args",
     });
   }
+  assertAllowedValue(chain, ["base-mainnet", "base-sepolia"], "--chain");
   const abiFragment = parseFlagJson("--abi", abi);
   const callArgs = parseFlagJson("--args", argsJson);
+  validateEvmAddress(to, "--to");
   try {
     const data = await getSdk().contracts.read({
       chain,
@@ -291,7 +350,13 @@ async function read(args) {
   }
 }
 
-async function status(projectId, callId) {
+async function status(projectId, callId, args = []) {
+  const parsedArgs = normalizeArgv(args);
+  assertKnownFlags(parsedArgs, ["--help", "-h"]);
+  const extra = positionalArgs(parsedArgs);
+  if (extra.length > 0) {
+    fail({ code: "BAD_USAGE", message: `Unexpected argument for contracts status: ${extra[0]}` });
+  }
   try {
     const data = await getSdk().contracts.callStatus(projectId, callId);
     console.log(JSON.stringify(data, null, 2));
@@ -301,14 +366,22 @@ async function status(projectId, callId) {
 }
 
 async function drain(projectId, walletId, args) {
-  const to = parseFlag(args, "--to");
-  if (!to || !hasFlag(args, "--confirm")) {
+  const parsedArgs = normalizeArgv(args);
+  const valueFlags = ["--to"];
+  assertKnownFlags(parsedArgs, [...valueFlags, "--confirm", "--help", "-h"], valueFlags);
+  const extra = positionalArgs(parsedArgs, valueFlags);
+  if (extra.length > 0) {
+    fail({ code: "BAD_USAGE", message: `Unexpected argument for contracts drain: ${extra[0]}` });
+  }
+  const to = flagValue(parsedArgs, "--to");
+  if (!to || !hasFlag(parsedArgs, "--confirm")) {
     fail({
       code: "BAD_USAGE",
       message: "Required: --to 0x... and --confirm.",
       hint: "Cost: chain gas + $0.000005 KMS sign fee.",
     });
   }
+  validateEvmAddress(to, "--to");
   try {
     const data = await getSdk().contracts.drain(projectId, walletId, to);
     console.log(JSON.stringify(data, null, 2));
@@ -318,7 +391,13 @@ async function drain(projectId, walletId, args) {
 }
 
 async function deleteWallet(projectId, walletId, args) {
-  if (!hasFlag(args, "--confirm")) {
+  const parsedArgs = normalizeArgv(args);
+  assertKnownFlags(parsedArgs, ["--confirm", "--help", "-h"]);
+  const extra = positionalArgs(parsedArgs);
+  if (extra.length > 0) {
+    fail({ code: "BAD_USAGE", message: `Unexpected argument for contracts delete: ${extra[0]}` });
+  }
+  if (!hasFlag(parsedArgs, "--confirm")) {
     fail({ code: "BAD_USAGE", message: "Required: --confirm" });
   }
   try {
@@ -334,13 +413,13 @@ export async function run(sub, args) {
   if (Array.isArray(args) && (args.includes("--help") || args.includes("-h"))) { console.log(SUB_HELP[sub] || HELP); process.exit(0); }
   switch (sub) {
     case "provision-wallet": await provisionWallet(args[0], args.slice(1)); break;
-    case "get-wallet":       await getWallet(args[0], args[1]); break;
-    case "list-wallets":     await listWallets(args[0]); break;
+    case "get-wallet":       await getWallet(args[0], args[1], args.slice(2)); break;
+    case "list-wallets":     await listWallets(args[0], args.slice(1)); break;
     case "set-recovery":     await setRecovery(args[0], args[1], args.slice(2)); break;
     case "set-alert":        await setAlert(args[0], args[1], args.slice(2)); break;
     case "call":             await call(args[0], args[1], args.slice(2)); break;
     case "read":             await read(args); break;
-    case "status":           await status(args[0], args[1]); break;
+    case "status":           await status(args[0], args[1], args.slice(2)); break;
     case "drain":            await drain(args[0], args[1], args.slice(2)); break;
     case "delete":           await deleteWallet(args[0], args[1], args.slice(2)); break;
     default:

package/lib/domains.mjs

@@ -1,6 +1,7 @@
 import { resolveProjectId } from "./config.mjs";
 import { getSdk } from "./sdk.mjs";
 import { reportSdkError, fail } from "./sdk-errors.mjs";
+import { assertKnownFlags, flagValue, normalizeArgv, positionalArgs } from "./argparse.mjs";
 
 const HELP = `run402 domains — Manage custom domains
 
@@ -94,14 +95,15 @@ Examples:
 `,
 };
 
-function parseProjectFlag(args) {
-  let project = null;
-  const rest = [];
-  for (let i = 0; i < args.length; i++) {
-    if (args[i] === "--project" && args[i + 1]) { project = args[++i]; }
-    else { rest.push(args[i]); }
-  }
-  return { project, rest };
+function parseProjectFlag(args, extraKnown = []) {
+  const parsedArgs = normalizeArgv(args);
+  const valueFlags = ["--project"];
+  assertKnownFlags(parsedArgs, [...valueFlags, ...extraKnown, "--help", "-h"], valueFlags);
+  return {
+    project: flagValue(parsedArgs, "--project"),
+    rest: positionalArgs(parsedArgs, valueFlags),
+    args: parsedArgs,
+  };
 }
 
 async function add(args) {
@@ -115,6 +117,9 @@ async function add(args) {
       hint: "run402 domains add <domain> <subdomain_name> [--project <id>]",
     });
   }
+  if (rest.length > 2) {
+    fail({ code: "BAD_USAGE", message: `Unexpected argument for domains add: ${rest[2]}` });
+  }
   const projectId = resolveProjectId(project);
   try {
     const data = await getSdk().domains.add(projectId, domain, subdomainName);
@@ -153,6 +158,9 @@ async function status(args) {
       hint: "run402 domains status <domain> [--project <id>]",
     });
   }
+  if (rest.length > 1) {
+    fail({ code: "BAD_USAGE", message: `Unexpected argument for domains status: ${rest[1]}` });
+  }
   const projectId = resolveProjectId(project);
   try {
     const data = await getSdk().domains.status(projectId, domain);
@@ -163,8 +171,8 @@ async function status(args) {
 }
 
 async function deleteDomain(args) {
-  const { project, rest } = parseProjectFlag(args);
-  const domain = rest.find((a) => !a.startsWith("--"));
+  const { project, rest, args: parsedArgs } = parseProjectFlag(args, ["--confirm"]);
+  const domain = rest[0];
   if (!domain) {
     fail({
       code: "BAD_USAGE",
@@ -172,7 +180,10 @@ async function deleteDomain(args) {
       hint: "run402 domains delete <domain> --confirm [--project <id>]",
     });
   }
-  if (!Array.isArray(args) || !args.includes("--confirm")) {
+  if (rest.length > 1) {
+    fail({ code: "BAD_USAGE", message: `Unexpected argument for domains delete: ${rest[1]}` });
+  }
+  if (!parsedArgs.includes("--confirm")) {
     fail({
       code: "CONFIRMATION_REQUIRED",
       message: `Destructive: releasing custom domain '${domain}' detaches it from this project and clears its DNS/SSL configuration. This is irreversible. Re-run with --confirm to proceed.`,

package/lib/image.mjs

@@ -1,6 +1,7 @@
 import { writeFileSync } from "fs";
 import { getSdk } from "./sdk.mjs";
 import { reportSdkError, fail } from "./sdk-errors.mjs";
+import { assertAllowedValue, assertKnownFlags, flagValue, normalizeArgv, positionalArgs } from "./argparse.mjs";
 
 const HELP = `run402 image — Generate AI images via x402 micropayments
 
@@ -71,15 +72,22 @@ export async function run(sub, args) {
     process.exit(1);
   }
 
-  const opts = { prompt: null, aspect: "square", output: null };
-  let i = 0;
-  if (i < args.length && !args[i].startsWith("--")) opts.prompt = args[i++];
-  while (i < args.length) {
-    if (args[i] === "--help" || args[i] === "-h") { console.log(SUB_HELP[sub] || HELP); process.exit(0); }
-    else if (args[i] === "--aspect" && args[i + 1]) { opts.aspect = args[++i]; }
-    else if (args[i] === "--output" && args[i + 1]) { opts.output = args[++i]; }
-    i++;
+  const parsedArgs = normalizeArgv(args);
+  const valueFlags = ["--aspect", "--output"];
+  assertKnownFlags(parsedArgs, [...valueFlags, "--help", "-h"], valueFlags);
+  const positionals = positionalArgs(parsedArgs, valueFlags);
+  if (positionals.length > 1) {
+    fail({
+      code: "BAD_USAGE",
+      message: `Unexpected argument for image generate: ${positionals[1]}`,
+      hint: 'Quote multi-word prompts, e.g. run402 image generate "your prompt".',
+    });
   }
+  const opts = {
+    prompt: positionals[0] ?? null,
+    aspect: flagValue(parsedArgs, "--aspect") ?? "square",
+    output: flagValue(parsedArgs, "--output"),
+  };
 
   if (!opts.prompt) {
     fail({
@@ -88,6 +96,7 @@ export async function run(sub, args) {
       hint: 'run402 image generate "your prompt"',
     });
   }
+  assertAllowedValue(opts.aspect, ["square", "landscape", "portrait"], "--aspect");
 
   try {
     const data = await getSdk().ai.generateImage({ prompt: opts.prompt, aspect: opts.aspect });

package/lib/message.mjs

@@ -1,6 +1,7 @@
 import { allowanceAuthHeaders } from "./config.mjs";
 import { getSdk } from "./sdk.mjs";
 import { reportSdkError, fail } from "./sdk-errors.mjs";
+import { assertKnownFlags, normalizeArgv } from "./argparse.mjs";
 
 const HELP = `run402 message — Send messages to Run402 developers
 
@@ -88,5 +89,7 @@ export async function run(sub, args) {
     console.log(HELP);
     process.exit(1);
   }
-  await send(args.join(" "));
+  const parsedArgs = normalizeArgv(args);
+  assertKnownFlags(parsedArgs, ["--help", "-h"]);
+  await send(parsedArgs.join(" "));
 }

package/lib/secrets.mjs

@@ -1,7 +1,7 @@
 import { readFileSync } from "fs";
 import { getSdk } from "./sdk.mjs";
 import { reportSdkError, fail } from "./sdk-errors.mjs";
-import { validateRegularFile } from "./argparse.mjs";
+import { assertKnownFlags, flagValue, normalizeArgv, positionalArgs, validateRegularFile } from "./argparse.mjs";
 
 const HELP = `run402 secrets — Manage project secrets
 
@@ -78,15 +78,20 @@ Examples:
 };
 
 async function set(projectId, key, args = []) {
-  let file = null;
-  let value = null;
-  for (let i = 0; i < args.length; i++) {
-    if (args[i] === "--file" && args[i + 1]) { file = args[++i]; }
-    else if (!value && !args[i].startsWith("--")) { value = args[i]; }
+  const parsedArgs = normalizeArgv(args);
+  const valueFlags = ["--file"];
+  assertKnownFlags(parsedArgs, [...valueFlags, "--help", "-h"], valueFlags);
+  const values = positionalArgs(parsedArgs, valueFlags);
+  if (values.length > 1) {
+    fail({ code: "BAD_USAGE", message: `Unexpected argument for secrets set: ${values[1]}` });
+  }
+  const file = flagValue(parsedArgs, "--file");
+  if (file && values.length > 0) {
+    fail({ code: "BAD_USAGE", message: "Provide either an inline value or --file, not both." });
   }
   if (file) validateRegularFile(file, "--file");
-  const val = file ? readFileSync(file, "utf-8") : value;
-  if (!val) {
+  const val = file ? readFileSync(file, "utf-8") : values.length === 1 ? values[0] : undefined;
+  if (val === undefined) {
     fail({
       code: "BAD_USAGE",
       message: "Missing secret value.",
@@ -101,7 +106,13 @@ async function set(projectId, key, args = []) {
   }
 }
 
-async function list(projectId) {
+async function list(projectId, args = []) {
+  const parsedArgs = normalizeArgv(args);
+  assertKnownFlags(parsedArgs, ["--help", "-h"]);
+  const extra = positionalArgs(parsedArgs);
+  if (extra.length > 0) {
+    fail({ code: "BAD_USAGE", message: `Unexpected argument for secrets list: ${extra[0]}` });
+  }
   try {
     const data = await getSdk().secrets.list(projectId);
     const sanitized = {
@@ -117,7 +128,13 @@ async function list(projectId) {
   }
 }
 
-async function deleteSecret(projectId, key) {
+async function deleteSecret(projectId, key, args = []) {
+  const parsedArgs = normalizeArgv(args);
+  assertKnownFlags(parsedArgs, ["--help", "-h"]);
+  const extra = positionalArgs(parsedArgs);
+  if (extra.length > 0) {
+    fail({ code: "BAD_USAGE", message: `Unexpected argument for secrets delete: ${extra[0]}` });
+  }
   try {
     await getSdk().secrets.delete(projectId, key);
     console.log(JSON.stringify({ status: "ok", message: `Secret '${key}' deleted.` }));
@@ -134,8 +151,8 @@ export async function run(sub, args) {
   }
   switch (sub) {
     case "set":    await set(args[0], args[1], args.slice(2)); break;
-    case "list":   await list(args[0]); break;
-    case "delete": await deleteSecret(args[0], args[1]); break;
+    case "list":   await list(args[0], args.slice(1)); break;
+    case "delete": await deleteSecret(args[0], args[1], args.slice(2)); break;
     default:
       console.error(`Unknown subcommand: ${sub}\n`);
       console.log(HELP);

package/lib/sender-domain.mjs

@@ -1,6 +1,7 @@
 import { resolveProjectId } from "./config.mjs";
 import { getSdk } from "./sdk.mjs";
 import { reportSdkError, fail } from "./sdk-errors.mjs";
+import { assertKnownFlags, flagValue, normalizeArgv, positionalArgs } from "./argparse.mjs";
 
 const HELP = `run402 sender-domain — Manage custom email sender domain
 
@@ -100,18 +101,18 @@ Examples:
 };
 
 function parseFlag(args, flag) {
-  for (let i = 0; i < args.length; i++) {
-    if (args[i] === flag && args[i + 1]) return args[i + 1];
-  }
-  return null;
+  return flagValue(normalizeArgv(args), flag);
 }
 
 async function register(args) {
-  let domain = null;
-  let projectOpt = null;
-  for (let i = 0; i < args.length; i++) {
-    if (args[i] === "--project" && args[i + 1]) { projectOpt = args[++i]; }
-    else if (!args[i].startsWith("--") && !domain) { domain = args[i]; }
+  const parsedArgs = normalizeArgv(args);
+  const valueFlags = ["--project"];
+  assertKnownFlags(parsedArgs, [...valueFlags, "--help", "-h"], valueFlags);
+  const positionals = positionalArgs(parsedArgs, valueFlags);
+  let domain = positionals[0] ?? null;
+  let projectOpt = flagValue(parsedArgs, "--project");
+  if (positionals.length > 1) {
+    fail({ code: "BAD_USAGE", message: `Unexpected argument for sender-domain register: ${positionals[1]}` });
   }
   const projectId = resolveProjectId(projectOpt);
 
@@ -132,6 +133,13 @@ async function register(args) {
 }
 
 async function status(args) {
+  const parsedArgs = normalizeArgv(args);
+  const valueFlags = ["--project"];
+  assertKnownFlags(parsedArgs, [...valueFlags, "--help", "-h"], valueFlags);
+  const extra = positionalArgs(parsedArgs, valueFlags);
+  if (extra.length > 0) {
+    fail({ code: "BAD_USAGE", message: `Unexpected argument for sender-domain status: ${extra[0]}` });
+  }
   const projectId = resolveProjectId(parseFlag(args, "--project"));
   try {
     const data = await getSdk().senderDomain.status(projectId);
@@ -142,6 +150,13 @@ async function status(args) {
 }
 
 async function remove(args) {
+  const parsedArgs = normalizeArgv(args);
+  const valueFlags = ["--project"];
+  assertKnownFlags(parsedArgs, [...valueFlags, "--help", "-h"], valueFlags);
+  const extra = positionalArgs(parsedArgs, valueFlags);
+  if (extra.length > 0) {
+    fail({ code: "BAD_USAGE", message: `Unexpected argument for sender-domain remove: ${extra[0]}` });
+  }
   const projectId = resolveProjectId(parseFlag(args, "--project"));
   try {
     await getSdk().senderDomain.remove(projectId);
@@ -152,11 +167,14 @@ async function remove(args) {
 }
 
 async function inboundToggle(action, args) {
-  let domain = null;
-  let projectOpt = null;
-  for (let i = 0; i < args.length; i++) {
-    if (args[i] === "--project" && args[i + 1]) { projectOpt = args[++i]; }
-    else if (!args[i].startsWith("--") && !domain) { domain = args[i]; }
+  const parsedArgs = normalizeArgv(args);
+  const valueFlags = ["--project"];
+  assertKnownFlags(parsedArgs, [...valueFlags, "--help", "-h"], valueFlags);
+  const positionals = positionalArgs(parsedArgs, valueFlags);
+  let domain = positionals[0] ?? null;
+  let projectOpt = flagValue(parsedArgs, "--project");
+  if (positionals.length > 1) {
+    fail({ code: "BAD_USAGE", message: `Unexpected argument for sender-domain inbound-${action}: ${positionals[1]}` });
   }
   const projectId = resolveProjectId(projectOpt);