run402 2.42.0 → 2.44.0

package/cli.mjs

@@ -47,7 +47,7 @@ Commands:
   message     Send messages to Run402 developers
   auth        Manage project user authentication (magic link, passwords, settings)
   sender-domain  Manage custom email sender domain (register, status, remove)
-  billing     Email billing accounts, Stripe tier checkout, email packs
+  billing     Email organizations, Stripe tier checkout, email packs
   contracts   KMS contract wallets ($0.04/day rental + $0.000005/sign)
   agent       Manage agent identity (contact info)
   operator    Operator (human/email) session — login, then overview across your wallets

package/lib/admin.mjs

@@ -8,9 +8,9 @@ Usage:
   run402 admin <subcommand> [args...]
 
 Subcommands:
-  lease-perpetual <billing_account_id> (--enable | --disable)
-                                         Toggle the account-level escape hatch.
-                                         When enabled, the account never advances
+  lease-perpetual <organization_id> (--enable | --disable)
+                                         Toggle the organization-level escape hatch.
+                                         When enabled, the organization never advances
                                          past 'active' regardless of lease expiry.
                                          If the account is currently in a grace
                                          state, enabling reactivates it inline
@@ -19,12 +19,12 @@ Subcommands:
 
   archive <project_id> [--reason "..."]  Moderate-archive a single project. Sets
                                          projects.archived_at = NOW(). Independent
-                                         of account lifecycle; the rest of the
-                                         account's projects keep serving.
+                                         of organization lifecycle; the rest of the
+                                         organization's projects keep serving.
 
   reactivate <project_id>                Un-archive a project (flips archived_at
                                          back to NULL). In v1.57 this no longer
-                                         touches account-level lifecycle — to
+                                         touches organization-level lifecycle — to
                                          reactivate a grace-state account, use
                                          \`tier set <tier>\` or enable
                                          lease-perpetual above.
@@ -36,17 +36,17 @@ Notes:
   - Output is JSON.
 
 Examples:
-  run402 admin lease-perpetual ba_abc123 --enable
-  run402 admin lease-perpetual ba_abc123 --disable
+  run402 admin lease-perpetual org_abc123 --enable
+  run402 admin lease-perpetual org_abc123 --disable
   run402 admin archive prj_abuse --reason "ToS violation"
   run402 admin reactivate prj_abuse
 `;
 
 const SUB_HELP = {
-  "lease-perpetual": `run402 admin lease-perpetual — Toggle the account-level escape hatch
+  "lease-perpetual": `run402 admin lease-perpetual — Toggle the organization-level escape hatch
 
 Usage:
-  run402 admin lease-perpetual <billing_account_id> (--enable | --disable)
+  run402 admin lease-perpetual <organization_id> (--enable | --disable)
 
 Options:
   --enable    Set lease_perpetual = true (pins every project on the account)
@@ -59,8 +59,8 @@ Notes:
     the gateway reactivates inline and reports \`reactivated: true\`.
 
 Examples:
-  run402 admin lease-perpetual ba_abc123 --enable
-  run402 admin lease-perpetual ba_abc123 --disable
+  run402 admin lease-perpetual org_abc123 --enable
+  run402 admin lease-perpetual org_abc123 --disable
 `,
   archive: `run402 admin archive — Moderate-archive a single project
 
@@ -71,8 +71,8 @@ Options:
   --reason <text>    Free-text moderation reason recorded in the audit log.
 
 Notes:
-  - Sets projects.archived_at = NOW(). Independent of account-level lifecycle —
-    only this project goes dark; siblings on the same billing account keep
+  - Sets projects.archived_at = NOW(). Independent of organization-level lifecycle —
+    only this project goes dark; siblings on the same organization keep
     serving.
   - No-op when the project is already archived (returns \`note: "already
     archived"\` without changing archived_at).
@@ -88,9 +88,9 @@ Usage:
 
 Notes:
   - Flips projects.archived_at back to NULL. In v1.57 this was narrowed:
-    account-level lifecycle reactivation is NOT triggered. Use
+    organization-level lifecycle reactivation is NOT triggered. Use
     \`run402 tier set <tier>\` (the tier flow runs the lifecycle advance) or
-    \`run402 admin lease-perpetual <ba_id> --enable\` for that.
+    \`run402 admin lease-perpetual <org_id> --enable\` for that.
   - No-op when the project is not archived (returns \`note: "not archived"\`).
 
 Examples:
@@ -110,25 +110,25 @@ function validateFlags(sub, args) {
 }
 
 async function leasePerpetual(args) {
-  const accountId = args.find((a) => typeof a === "string" && !a.startsWith("--"));
+  const organizationId = args.find((a) => typeof a === "string" && !a.startsWith("--"));
   const enable = args.includes("--enable");
   const disable = args.includes("--disable");
-  if (!accountId) {
+  if (!organizationId) {
     fail({
       code: "BAD_USAGE",
-      message: "Missing <billing_account_id>.",
-      hint: "run402 admin lease-perpetual <billing_account_id> --enable | --disable",
+      message: "Missing <organization_id>.",
+      hint: "run402 admin lease-perpetual <organization_id> --enable | --disable",
     });
   }
   if (enable === disable) {
     fail({
       code: "BAD_USAGE",
       message: "Pass exactly one of --enable / --disable.",
-      hint: "run402 admin lease-perpetual <billing_account_id> --enable | --disable",
+      hint: "run402 admin lease-perpetual <organization_id> --enable | --disable",
     });
   }
   try {
-    const data = await getSdk().admin.setLeasePerpetual(accountId, enable);
+    const data = await getSdk().admin.setLeasePerpetual(organizationId, enable);
     console.log(JSON.stringify(data, null, 2));
   } catch (err) {
     reportSdkError(err);

package/lib/allowance.mjs

@@ -238,7 +238,7 @@ async function balance() {
       "base-sepolia_usd_micros": sepoliaUsdc,
       "tempo-moderato_pathusd_micros": tempoPathUsd,
     },
-    run402: billingRes ? { balance_usd_micros: billingRes.available_usd_micros } : "no billing account",
+    run402: billingRes ? { balance_usd_micros: billingRes.available_usd_micros } : "no organization",
   }, null, 2));
 }
 

package/lib/billing.mjs

@@ -2,25 +2,25 @@ import { getSdk } from "./sdk.mjs";
 import { reportSdkError, fail } from "./sdk-errors.mjs";
 import { assertKnownFlags, flagValue, normalizeArgv, parseIntegerFlag, positionalArgs } from "./argparse.mjs";
 
-const HELP = `run402 billing — Email billing accounts, Stripe tier checkout, email packs
+const HELP = `run402 billing — Email organizations, Stripe tier checkout, email packs
 
 Usage:
   run402 billing <subcommand> [args...]
 
 Subcommands:
-  create-email <email>                     Create an email billing account
-  link-wallet <account_id> <wallet>        Link a wallet to an email account
+  create-email <email>                     Create an email organization
+  link-wallet <org_id> <wallet>        Link a wallet to an email organization
   tier-checkout <tier> [--email <e> | --wallet <w>]    Stripe tier checkout
   buy-email-pack [--email <e> | --wallet <w>]  Buy \$5 email pack (10,000 emails)
-  auto-recharge <account_id> <on|off> [--threshold <n>]
-  balance <identifier>                     Balance by account id (UUID), wallet (0x...), or email
-  history <identifier> [--limit <n>]       Ledger history by account id (UUID), wallet, or email
+  auto-recharge <org_id> <on|off> [--threshold <n>]
+  balance <identifier>                     Balance by organization id (UUID), wallet (0x...), or email
+  history <identifier> [--limit <n>]       Ledger history by organization id (UUID), wallet, or email
 
 Examples:
   run402 billing create-email user@example.com
   run402 billing tier-checkout hobby --email user@example.com
   run402 billing buy-email-pack --wallet 0x1234...
-  run402 billing auto-recharge acct_abc on --threshold 2000
+  run402 billing auto-recharge org_abc on --threshold 2000
   run402 billing balance user@example.com
 `;
 
@@ -34,7 +34,7 @@ Arguments:
   <tier>              Tier name (e.g. hobby, pro)
 
 Options:
-  --email <e>         Email billing account to charge
+  --email <e>         Email organization to charge
   --wallet <w>        Wallet address (0x...) to associate with the checkout
 
 Examples:
@@ -47,7 +47,7 @@ Usage:
   run402 billing buy-email-pack [--email <e> | --wallet <w>]
 
 Options:
-  --email <e>         Email billing account to charge
+  --email <e>         Email organization to charge
   --wallet <w>        Wallet address (0x...) to associate with the purchase
 
 Examples:
@@ -57,33 +57,33 @@ Examples:
   "auto-recharge": `run402 billing auto-recharge — Toggle email-pack auto-recharge
 
 Usage:
-  run402 billing auto-recharge <account_id> <on|off> [--threshold <n>]
+  run402 billing auto-recharge <org_id> <on|off> [--threshold <n>]
 
 Arguments:
-  <account_id>        Billing account ID
+  <org_id>        Organization ID
   <on|off>            Enable or disable auto-recharge
 
 Options:
   --threshold <n>     Remaining-email threshold that triggers auto-recharge
 
 Examples:
-  run402 billing auto-recharge acct_abc on --threshold 2000
-  run402 billing auto-recharge acct_abc off
+  run402 billing auto-recharge org_abc on --threshold 2000
+  run402 billing auto-recharge org_abc off
 `,
-  history: `run402 billing history — Show ledger history for a billing account
+  history: `run402 billing history — Show ledger history for a organization
 
 Usage:
   run402 billing history <identifier> [--limit <n>]
 
 Arguments:
-  <identifier>        Billing account id (UUID), wallet (0x...), or email.
-                      Wallet/email are resolved to the account id first.
+  <identifier>        Organization id (UUID), wallet (0x...), or email.
+                      Wallet/email are resolved to the organization id first.
 
 Options:
   --limit <n>         Max entries to return (default: 50)
 
 Auth:
-  Requires SIWX from a wallet linked to the account (signed automatically from
+  Requires SIWX from a wallet linked to the organization (signed automatically from
   the local allowance), or an admin key. Email lookups require an admin key.
 
 Examples:
@@ -91,17 +91,17 @@ Examples:
   run402 billing history 0x1234... --limit 100
   run402 billing history 00000000-0000-4000-8000-000000000001
 `,
-  balance: `run402 billing balance — Show balance for a billing account
+  balance: `run402 billing balance — Show balance for a organization
 
 Usage:
   run402 billing balance <identifier>
 
 Arguments:
-  <identifier>        Billing account id (UUID), wallet (0x...), or email.
-                      Wallet/email are resolved via the accounts lookup.
+  <identifier>        Organization id (UUID), wallet (0x...), or email.
+                      Wallet/email are resolved via the organization lookup.
 
 Auth:
-  Requires SIWX from a wallet linked to the account (signed automatically from
+  Requires SIWX from a wallet linked to the organization (signed automatically from
   the local allowance), or an admin key. Email lookups require an admin key.
 
 Examples:
@@ -109,38 +109,38 @@ Examples:
   run402 billing balance 0x1234abcd...
   run402 billing balance 00000000-0000-4000-8000-000000000001
 `,
-  "create-email": `run402 billing create-email — Create an email billing account
+  "create-email": `run402 billing create-email — Create an email organization
 
 Usage:
   run402 billing create-email <email>
 
 Arguments:
-  <email>             Email address to register as a billing account
+  <email>             Email address to register as a organization
 
 Examples:
   run402 billing create-email user@example.com
 `,
-  "link-wallet": `run402 billing link-wallet — Link a wallet to an email billing account
+  "link-wallet": `run402 billing link-wallet — Link a wallet to an email organization
 
 Usage:
-  run402 billing link-wallet <account_id> <wallet>
+  run402 billing link-wallet <org_id> <wallet>
 
 Arguments:
-  <account_id>        Billing account ID (e.g. acct_abc123)
+  <org_id>        Organization ID (e.g. org_abc123)
   <wallet>            Wallet address (0x...) to link
 
 Notes:
-  - Tier and quotas are per-billing-account. Linking a wallet merges its
-    spend into the account-wide pool that already includes every project
-    on this billing account.
+  - Tier and quotas are per-organization. Linking a wallet merges its
+    spend into the organization-wide pool that already includes every project
+    on this organization.
   - The response includes a 'pool_implications' block on v1.46+ gateways:
-    tier, projects_in_pool_count, account_api_calls_current,
-    account_storage_bytes_current, tier_limits, over_limit. Inspect
+    tier, projects_in_pool_count, organization_api_calls_current,
+    organization_storage_bytes_current, tier_limits, over_limit. Inspect
     'over_limit' before linking a wallet whose existing usage might push
     the merged pool past the tier cap.
 
 Examples:
-  run402 billing link-wallet acct_abc123 0x1234abcd...
+  run402 billing link-wallet org_abc123 0x1234abcd...
 `,
 };
 
@@ -177,7 +177,7 @@ async function createEmail(args) {
     });
   }
   try {
-    const data = await getSdk().billing.createEmailAccount(email);
+    const data = await getSdk().billing.createEmailOrganization(email);
     console.log(JSON.stringify(data, null, 2));
   } catch (err) {
     reportSdkError(err);
@@ -188,23 +188,23 @@ async function linkWallet(args) {
   const parsedArgs = normalizeArgv(args);
   assertKnownFlags(parsedArgs, ["--help", "-h"]);
   const positionals = positionalArgs(parsedArgs);
-  const accountId = positionals[0];
+  const organizationId = positionals[0];
   const wallet = positionals[1];
   if (positionals.length > 2) {
     fail({ code: "BAD_USAGE", message: `Unexpected argument for billing link-wallet: ${positionals[2]}` });
   }
-  if (!accountId || !wallet) {
+  if (!organizationId || !wallet) {
     fail({
       code: "BAD_USAGE",
-      message: "Missing <account_id> and/or <wallet>.",
-      hint: "run402 billing link-wallet <account_id> <wallet>",
+      message: "Missing <org_id> and/or <wallet>.",
+      hint: "run402 billing link-wallet <org_id> <wallet>",
     });
   }
   try {
-    const data = await getSdk().billing.linkWallet(accountId, wallet);
+    const data = await getSdk().billing.linkWallet(organizationId, wallet);
     const output = {
       status: data?.status ?? "ok",
-      billing_account_id: data?.billing_account_id ?? accountId,
+      organization_id: data?.organization_id ?? organizationId,
       wallet: data?.wallet ?? wallet.toLowerCase(),
       ...(data?.pool_implications ? { pool_implications: data.pool_implications } : {}),
     };
@@ -265,16 +265,16 @@ async function autoRecharge(args) {
   const valueFlags = ["--threshold"];
   assertKnownFlags(parsedArgs, [...valueFlags, "--help", "-h"], valueFlags);
   const positionals = positionalArgs(parsedArgs, valueFlags);
-  const accountId = positionals[0];
+  const organizationId = positionals[0];
   const state = positionals[1];
   if (positionals.length > 2) {
     fail({ code: "BAD_USAGE", message: `Unexpected argument for billing auto-recharge: ${positionals[2]}` });
   }
-  if (!accountId || !state || !["on", "off"].includes(state)) {
+  if (!organizationId || !state || !["on", "off"].includes(state)) {
     fail({
       code: "BAD_USAGE",
-      message: "Missing <account_id> and/or <on|off>.",
-      hint: "run402 billing auto-recharge <account_id> <on|off> [--threshold <n>]",
+      message: "Missing <org_id> and/or <on|off>.",
+      hint: "run402 billing auto-recharge <org_id> <on|off> [--threshold <n>]",
     });
   }
   const thresholdStr = flagValue(parsedArgs, "--threshold");
@@ -283,11 +283,11 @@ async function autoRecharge(args) {
     : undefined;
   try {
     await getSdk().billing.setAutoRecharge({
-      billingAccountId: accountId,
+      organizationId: organizationId,
       enabled: state === "on",
       threshold,
     });
-    console.log(JSON.stringify({ billing_account_id: accountId, enabled: state === "on", updated: true }));
+    console.log(JSON.stringify({ organization_id: organizationId, enabled: state === "on", updated: true }));
   } catch (err) {
     reportSdkError(err);
   }
@@ -305,11 +305,11 @@ async function balance(args) {
     fail({
       code: "BAD_USAGE",
       message: "Missing <identifier>.",
-      hint: "run402 billing balance <account-id | wallet | email>",
+      hint: "run402 billing balance <org-id | wallet | email>",
     });
   }
   try {
-    const data = await getSdk().billing.getAccount(id);
+    const data = await getSdk().billing.getOrganization(id);
     console.log(JSON.stringify(data, null, 2));
   } catch (err) {
     reportSdkError(err);
@@ -329,7 +329,7 @@ async function history(args) {
     fail({
       code: "BAD_USAGE",
       message: "Missing <identifier>.",
-      hint: "run402 billing history <account-id | wallet | email> [--limit <n>]",
+      hint: "run402 billing history <org-id | wallet | email> [--limit <n>]",
     });
   }
   const limit = parsedArgs.includes("--limit")

package/lib/operator.mjs

@@ -4,7 +4,7 @@
  * The operator is YOU, the human, identified by email — distinct from the
  * AGENT (your wallet / SIWX identity). One browser login spans every wallet
  * that verified your email, so `operator overview` returns the cross-wallet
- * union. For a single wallet's account state, use `run402 status`.
+ * union. For a single wallet's organization state, use `run402 status`.
  *
  * Auth: browser-delegated device-authorization grant (RFC 8628, the
  * `aws sso login` model). The CLI never performs WebAuthn — the browser does,
@@ -47,7 +47,7 @@ const HELP = `run402 operator — operator (human / email) session
 
 The operator is YOU, the human, identified by email — distinct from the agent
 (your wallet). One browser login spans every wallet that verified your email.
-For a single wallet's account state, use 'run402 status'.
+For a single wallet's organization state, use 'run402 status'.
 
 Usage:
   run402 operator login [--no-open]              (read session, device-flow)
@@ -289,7 +289,7 @@ async function loopbackLogin(args, { stepUp }) {
     if (memberships.length) {
       process.stderr.write(
         `Member of ${memberships.length} org(s):\n` +
-          memberships.map((m) => `  - ${m.billing_account_id} (${m.role}, ${m.status})`).join("\n") +
+          memberships.map((m) => `  - ${m.display_name || m.org_id || m.organization_id || "unknown"} (${m.role}, ${m.status})`).join("\n") +
           "\n",
       );
     }

package/lib/projects.mjs

@@ -1,5 +1,6 @@
 import { readFileSync } from "fs";
 import { loadKeyStore, API, allowanceAuthHeaders, resolveProjectId, getActiveProjectId } from "./config.mjs";
+import { loadLiveOperatorSession } from "../core-dist/operator-session.js";
 import { getSdk } from "./sdk.mjs";
 import { reportSdkError, fail, parseFlagJson } from "./sdk-errors.mjs";
 import { assertKnownFlags, failBadProjectId, flagValue, hasHelp, normalizeArgv, positionalArgs, resolvePositionalProject, validateRegularFile } from "./argparse.mjs";
@@ -13,7 +14,8 @@ Subcommands:
   quote                                   Show pricing tiers
   provision [--tier <tier>] [--name <n>] [--org <id>]  Provision a new Postgres project (pays via x402)
   use   <id>                              Set the active project (used as default for other commands)
-  list                                    List all your projects (IDs, URLs, active marker)
+  list [--org <id>] [--all]               List your projects from the server (name, site_url, custom domains, org_id, active marker)
+  rename <id> --name <label>              Rename a project (fix an auto-generated name)
   info  [id]                              Show project details: REST URL, keys
   keys  [id]                              Print anon_key and service_key as JSON
   sql   [id] "<query>" [--file <path>] [--params '<json>']  Run a SQL query (supports parameterized queries)
@@ -36,6 +38,9 @@ Examples:
   run402 projects provision --tier hobby --name my-app
   run402 projects use prj_abc123
   run402 projects list
+  run402 projects list --org 11111111-2222-3333-4444-555555555555
+  run402 projects list --all
+  run402 projects rename prj_abc123 --name "My Site"
   run402 projects info prj_abc123
   run402 projects sql prj_abc123 "SELECT * FROM users LIMIT 5"
   run402 projects sql prj_abc123 "SELECT * FROM users WHERE id = $1" --params '[42]'
@@ -50,11 +55,25 @@ Examples:
   run402 projects keys prj_abc123
   run402 projects delete prj_abc123 --confirm
 
+Global options (any command):
+  --wallet <name>   Use a named wallet (profile) for this command. Precedence:
+                    --wallet > RUN402_WALLET env > nearest .run402.json binding >
+                    'run402 wallets use' default > 'default'. See 'run402 wallets'.
+
 Notes:
   - <id> is the project_id shown in 'run402 projects list' (prefix: 'prj_')
   - Most commands that take <id> default to the active project when omitted
     (set it with 'run402 projects use <id>'). Project IDs start with 'prj_';
     any first positional that doesn't is treated as the next argument instead.
+  - 'list' is a SERVER read, not the local keystore: it shows every project the
+    active wallet can reach (membership-scoped), with name, site_url, custom
+    domains, and org_id. '--org <id>' filters to one org; '--all' reads the
+    cross-wallet inventory for every wallet controlling your operator email
+    (run 'run402 operator login' first for the union, else it falls back to the
+    current wallet's slice). The 'active' marker still comes from local state.
+  - 'rename' fixes a project's display name. You must be an org admin (or hold a
+    project:write grant) on the owning org; it works even if the project was
+    never provisioned from this machine.
   - 'rest' uses PostgREST query syntax (table name + optional query string)
   - 'provision' requires a funded allowance — payment is automatic via x402
   - 'apply-expose' declares the full authorization surface (tables, views, RPCs)
@@ -76,6 +95,53 @@ Notes:
 `;
 
 const SUB_HELP = {
+  list: `run402 projects list — List your projects from the server
+
+Usage:
+  run402 projects list [--org <id>] [--all]
+
+Options:
+  --org <id>          Filter to projects owned by one org (organization).
+                      Authorize-before-reveal: a non-member or guessed id is a
+                      403; a non-UUID id is a 400.
+  --all               Read the cross-wallet inventory across every wallet
+                      controlling your operator email. Run 'run402 operator
+                      login' first for the union; without a session it falls
+                      back to the current wallet's slice. Mutually exclusive
+                      with --org.
+
+Notes:
+  - This is a SERVER read (membership-scoped), not the local keystore. Each row
+    has project_id, name, site_url, custom_domains, org_id, status, and an
+    'active' marker derived from local state.
+  - Tier and lifecycle live on the organization, not each project — use
+    'run402 status' or 'run402 tier status' for the account view.
+
+Examples:
+  run402 projects list
+  run402 projects list --org 11111111-2222-3333-4444-555555555555
+  run402 projects list --all
+  run402 projects list --wallet work
+`,
+  rename: `run402 projects rename — Rename a project
+
+Usage:
+  run402 projects rename <id> --name <label>
+
+Arguments:
+  <id>                Project ID (prefix: 'prj_'). Required.
+
+Options:
+  --name <label>      New display name (1-200 chars, no control characters).
+
+Notes:
+  - You must be an org admin (or hold a project:write grant) on the owning org.
+    Authorize-before-reveal: an unauthorized or guessed id returns 403, never a
+    not-found oracle. Works even if the project isn't in the local keystore.
+
+Examples:
+  run402 projects rename prj_abc123 --name "My Site"
+`,
   provision: `run402 projects provision — Provision a new Postgres project
 
 Usage:
@@ -375,12 +441,71 @@ async function getExpose(projectId) {
   }
 }
 
-async function list() {
-  const store = loadKeyStore();
-  const entries = Object.entries(store.projects);
-  if (entries.length === 0) { console.log(JSON.stringify([])); return; }
-  const activeId = store.active_project_id;
-  console.log(JSON.stringify(entries.map(([id, p]) => ({ project_id: id, active: id === activeId, site_url: p.site_url })), null, 2));
+async function list(args = []) {
+  const org = flagValue(args, "--org");
+  const all = Array.isArray(args) && args.includes("--all");
+  if (all && org) {
+    fail({
+      code: "BAD_USAGE",
+      message: "--all and --org are mutually exclusive.",
+      hint: "--all reads the cross-wallet operator inventory; --org filters the membership-scoped list to one org.",
+    });
+  }
+
+  // `--all` reads the operator email-union inventory across every wallet
+  // controlling your verified email. Pass the cached operator-session token
+  // when present (cross-wallet union); otherwise the SDK falls back to SIWX
+  // wallet auth and the gateway returns just this wallet's slice.
+  const opts = {};
+  if (all) {
+    opts.all = true;
+    const session = loadLiveOperatorSession();
+    if (session) opts.token = session.operator_session_token;
+  } else if (org) {
+    opts.org = org;
+  }
+
+  // Active marker comes from local state; the inventory itself is the server
+  // read (NOT the keystore), so it surfaces every project the wallet/email can
+  // reach — including ones never provisioned from this machine.
+  const activeId = getActiveProjectId();
+
+  try {
+    const data = await getSdk().projects.list(opts);
+    const rows = (data.projects || []).map((p) => ({
+      project_id: p.id,
+      name: p.name ?? null,
+      active: p.id === activeId,
+      site_url: p.site_url ?? null,
+      custom_domains: p.custom_domains ?? [],
+      org_id: p.organization_id ?? null,
+      status: p.status ?? p.effective_status ?? null,
+    }));
+    const out = { projects: rows };
+    if (data.scope !== undefined) out.scope = data.scope;
+    if (data.has_more !== undefined) out.has_more = data.has_more;
+    if (data.next_cursor !== undefined && data.next_cursor !== null) out.next_cursor = data.next_cursor;
+    console.log(JSON.stringify(out, null, 2));
+  } catch (err) {
+    reportSdkError(err);
+  }
+}
+
+async function rename(projectId, args = []) {
+  const name = flagValue(args, "--name");
+  if (!name) {
+    fail({
+      code: "BAD_USAGE",
+      message: "Missing --name.",
+      hint: "run402 projects rename <id> --name \"My Site\"",
+    });
+  }
+  try {
+    const data = await getSdk().projects.rename(projectId, name);
+    console.log(JSON.stringify({ project_id: data.project_id, name: data.name, renamed: true }, null, 2));
+  } catch (err) {
+    reportSdkError(err);
+  }
 }
 
 async function info(projectId) {
@@ -571,6 +696,8 @@ async function deleteProject(projectId, args = []) {
 
 const FLAGS_BY_SUB = {
   provision: { known: ["--tier", "--name", "--org"], values: ["--tier", "--name", "--org"] },
+  list: { known: ["--org", "--all"], values: ["--org"] },
+  rename: { known: ["--name"], values: ["--name"] },
   sql: { known: ["--file", "--params"], values: ["--file", "--params"] },
   costs: { known: ["--window"], values: ["--window"] },
   "apply-expose": { known: ["--file"], values: ["--file"] },
@@ -597,7 +724,7 @@ export async function run(sub, args) {
     fail({
       code: "REMOVED_COMMAND",
       message: "`run402 projects pin` was removed in v1.57.",
-      hint: "Per-project pin is superseded by the account-level escape hatch. Use `run402 admin lease-perpetual <billing_account_id> --enable` (platform-admin only).",
+      hint: "Per-project pin is superseded by the organization-level escape hatch. Use `run402 admin lease-perpetual <organization_id> --enable` (platform-admin only).",
     });
   }
   args = normalizeArgv(args);
@@ -610,7 +737,8 @@ export async function run(sub, args) {
     case "quote":     await quote(); break;
     case "provision": await provision(args); break;
     case "use":       await use(args[0]); break;
-    case "list":      await list(); break;
+    case "list":      await list(args); break;
+    case "rename":    { const { projectId, rest } = resolvePositionalProject(args, { rejectBareFirst: true, valueFlags: FLAGS_BY_SUB.rename.values }); await rename(projectId, rest); break; }
     case "info":      { const { projectId } = resolvePositionalProject(args, { rejectBareFirst: true }); await info(projectId); break; }
     case "keys":      { const { projectId } = resolvePositionalProject(args, { rejectBareFirst: true }); await keys(projectId); break; }
     case "sql":       { const { projectId, rest } = resolvePositionalProject(args, { maxBarePositionals: 1, valueFlags: FLAGS_BY_SUB.sql.values, rejectBareFirstWhenFlagPresent: ["--file"] }); await sqlCmd(projectId, rest); break; }

package/lib/sdk-errors.mjs

@@ -111,7 +111,7 @@ export function reportSdkError(err) {
     if (d?.required_capability) need.push(`capability \`${d.required_capability}\``);
     const needStr = need.length > 0 ? ` (needs ${need.join(" or ")})` : "";
     payload.hint =
-      `Authorization denied${needStr}: a wallet authenticates, but the owning org (billing account) ` +
+      `Authorization denied${needStr}: a wallet authenticates, but the owning org (organization) ` +
       "decides access via membership role (owner > admin > developer > billing > viewer) or a per-project grant. " +
       "High-stakes actions (delete, transfer, membership change) require an active `owner` membership. " +
       "Returned as 403 even when the project does not exist, so verify the project id too.";

package/lib/service.mjs

@@ -22,7 +22,7 @@ Usage:
 Notes:
   - Unauthenticated and free; no allowance required
   - Returns uptime, supported capabilities, operator, and deployment info
-  - For account state (allowance, balance, tier, projects), use
+  - For organization state (allowance, balance, tier, projects), use
     'run402 status' instead
 
 Examples: