run402 2.43.0 → 2.45.0

package/README.md

@@ -188,7 +188,7 @@ Private keys never leave AWS KMS. $0.04/day rental + $0.000005/call.
 ```bash
 run402 tier set prototype                                    # free on testnet
 run402 tier set hobby                                        # $5 / 30 days
-run402 billing tier-checkout hobby --email me@example.com    # Stripe alternative
+run402 billing checkout <org_id> --product tier --tier hobby  # Stripe alternative
 ```
 
 ## State

package/cli.mjs

@@ -47,7 +47,7 @@ Commands:
   message     Send messages to Run402 developers
   auth        Manage project user authentication (magic link, passwords, settings)
   sender-domain  Manage custom email sender domain (register, status, remove)
-  billing     Email billing accounts, Stripe tier checkout, email packs
+  billing     Email organizations, Stripe tier checkout, email packs
   contracts   KMS contract wallets ($0.04/day rental + $0.000005/sign)
   agent       Manage agent identity (contact info)
   operator    Operator (human/email) session — login, then overview across your wallets

package/lib/admin.mjs

@@ -8,9 +8,9 @@ Usage:
   run402 admin <subcommand> [args...]
 
 Subcommands:
-  lease-perpetual <billing_account_id> (--enable | --disable)
-                                         Toggle the account-level escape hatch.
-                                         When enabled, the account never advances
+  lease-perpetual <organization_id> (--enable | --disable)
+                                         Toggle the organization-level escape hatch.
+                                         When enabled, the organization never advances
                                          past 'active' regardless of lease expiry.
                                          If the account is currently in a grace
                                          state, enabling reactivates it inline
@@ -19,12 +19,12 @@ Subcommands:
 
   archive <project_id> [--reason "..."]  Moderate-archive a single project. Sets
                                          projects.archived_at = NOW(). Independent
-                                         of account lifecycle; the rest of the
-                                         account's projects keep serving.
+                                         of organization lifecycle; the rest of the
+                                         organization's projects keep serving.
 
   reactivate <project_id>                Un-archive a project (flips archived_at
                                          back to NULL). In v1.57 this no longer
-                                         touches account-level lifecycle — to
+                                         touches organization-level lifecycle — to
                                          reactivate a grace-state account, use
                                          \`tier set <tier>\` or enable
                                          lease-perpetual above.
@@ -36,17 +36,17 @@ Notes:
   - Output is JSON.
 
 Examples:
-  run402 admin lease-perpetual ba_abc123 --enable
-  run402 admin lease-perpetual ba_abc123 --disable
+  run402 admin lease-perpetual org_abc123 --enable
+  run402 admin lease-perpetual org_abc123 --disable
   run402 admin archive prj_abuse --reason "ToS violation"
   run402 admin reactivate prj_abuse
 `;
 
 const SUB_HELP = {
-  "lease-perpetual": `run402 admin lease-perpetual — Toggle the account-level escape hatch
+  "lease-perpetual": `run402 admin lease-perpetual — Toggle the organization-level escape hatch
 
 Usage:
-  run402 admin lease-perpetual <billing_account_id> (--enable | --disable)
+  run402 admin lease-perpetual <organization_id> (--enable | --disable)
 
 Options:
   --enable    Set lease_perpetual = true (pins every project on the account)
@@ -59,8 +59,8 @@ Notes:
     the gateway reactivates inline and reports \`reactivated: true\`.
 
 Examples:
-  run402 admin lease-perpetual ba_abc123 --enable
-  run402 admin lease-perpetual ba_abc123 --disable
+  run402 admin lease-perpetual org_abc123 --enable
+  run402 admin lease-perpetual org_abc123 --disable
 `,
   archive: `run402 admin archive — Moderate-archive a single project
 
@@ -71,8 +71,8 @@ Options:
   --reason <text>    Free-text moderation reason recorded in the audit log.
 
 Notes:
-  - Sets projects.archived_at = NOW(). Independent of account-level lifecycle —
-    only this project goes dark; siblings on the same billing account keep
+  - Sets projects.archived_at = NOW(). Independent of organization-level lifecycle —
+    only this project goes dark; siblings on the same organization keep
     serving.
   - No-op when the project is already archived (returns \`note: "already
     archived"\` without changing archived_at).
@@ -88,9 +88,9 @@ Usage:
 
 Notes:
   - Flips projects.archived_at back to NULL. In v1.57 this was narrowed:
-    account-level lifecycle reactivation is NOT triggered. Use
+    organization-level lifecycle reactivation is NOT triggered. Use
     \`run402 tier set <tier>\` (the tier flow runs the lifecycle advance) or
-    \`run402 admin lease-perpetual <ba_id> --enable\` for that.
+    \`run402 admin lease-perpetual <org_id> --enable\` for that.
   - No-op when the project is not archived (returns \`note: "not archived"\`).
 
 Examples:
@@ -110,25 +110,25 @@ function validateFlags(sub, args) {
 }
 
 async function leasePerpetual(args) {
-  const accountId = args.find((a) => typeof a === "string" && !a.startsWith("--"));
+  const organizationId = args.find((a) => typeof a === "string" && !a.startsWith("--"));
   const enable = args.includes("--enable");
   const disable = args.includes("--disable");
-  if (!accountId) {
+  if (!organizationId) {
     fail({
       code: "BAD_USAGE",
-      message: "Missing <billing_account_id>.",
-      hint: "run402 admin lease-perpetual <billing_account_id> --enable | --disable",
+      message: "Missing <organization_id>.",
+      hint: "run402 admin lease-perpetual <organization_id> --enable | --disable",
     });
   }
   if (enable === disable) {
     fail({
       code: "BAD_USAGE",
       message: "Pass exactly one of --enable / --disable.",
-      hint: "run402 admin lease-perpetual <billing_account_id> --enable | --disable",
+      hint: "run402 admin lease-perpetual <organization_id> --enable | --disable",
     });
   }
   try {
-    const data = await getSdk().admin.setLeasePerpetual(accountId, enable);
+    const data = await getSdk().admin.setLeasePerpetual(organizationId, enable);
     console.log(JSON.stringify(data, null, 2));
   } catch (err) {
     reportSdkError(err);

package/lib/allowance.mjs

@@ -14,7 +14,7 @@ Subcommands:
   fund      Request test funds from the faucet (Base Sepolia or Tempo)
   balance   Show on-chain balances and Run402 billing balance
   export    Print the allowance address (useful for scripting)
-  checkout  Create a billing checkout session (--amount <usd_micros>)
+  checkout  Create an org balance checkout session (--amount <usd_micros>)
   history   View billing transaction history (--limit <n>)
 
 Notes:
@@ -33,7 +33,7 @@ Examples:
 `;
 
 const SUB_HELP = {
-  checkout: `run402 allowance checkout — Create a billing checkout session
+  checkout: `run402 allowance checkout — Create an org balance checkout session
 
 Usage:
   run402 allowance checkout --amount <usd_micros>
@@ -238,7 +238,7 @@ async function balance() {
       "base-sepolia_usd_micros": sepoliaUsdc,
       "tempo-moderato_pathusd_micros": tempoPathUsd,
     },
-    run402: billingRes ? { balance_usd_micros: billingRes.available_usd_micros } : "no billing account",
+    run402: billingRes ? { balance_usd_micros: billingRes.available_usd_micros } : "no organization",
   }, null, 2));
 }
 
@@ -280,7 +280,11 @@ async function checkout(args) {
   }
   const amount = parseIntegerFlag("--amount", amountRaw, { min: 1 });
   try {
-    const data = await getSdk().billing.createCheckout(w.address, amount);
+    const org = await getSdk().billing.lookupOrganization(w.address);
+    const data = await getSdk().billing.createCheckout(org.organization_id, {
+      product: "balance_topup",
+      amountUsdMicros: amount,
+    });
     console.log(JSON.stringify(data, null, 2));
   } catch (err) {
     reportSdkError(err);

package/lib/billing.mjs

@@ -2,88 +2,78 @@ import { getSdk } from "./sdk.mjs";
 import { reportSdkError, fail } from "./sdk-errors.mjs";
 import { assertKnownFlags, flagValue, normalizeArgv, parseIntegerFlag, positionalArgs } from "./argparse.mjs";
 
-const HELP = `run402 billing — Email billing accounts, Stripe tier checkout, email packs
+const HELP = `run402 billing — Email organizations and org checkouts
 
 Usage:
   run402 billing <subcommand> [args...]
 
 Subcommands:
-  create-email <email>                     Create an email billing account
-  link-wallet <account_id> <wallet>        Link a wallet to an email account
-  tier-checkout <tier> [--email <e> | --wallet <w>]    Stripe tier checkout
-  buy-email-pack [--email <e> | --wallet <w>]  Buy \$5 email pack (10,000 emails)
-  auto-recharge <account_id> <on|off> [--threshold <n>]
-  balance <identifier>                     Balance by account id (UUID), wallet (0x...), or email
-  history <identifier> [--limit <n>]       Ledger history by account id (UUID), wallet, or email
+  create-email <email>                     Create an email organization
+  link-wallet <org_id> <wallet>            Link a wallet to an email organization
+  checkout <identifier> --product <p>      Create an org checkout
+  auto-recharge <org_id> <on|off> [--threshold <n>]
+  balance <identifier>                     Balance by organization id (UUID), wallet (0x...), or email
+  history <identifier> [--limit <n>]       Ledger history by organization id (UUID), wallet, or email
 
 Examples:
   run402 billing create-email user@example.com
-  run402 billing tier-checkout hobby --email user@example.com
-  run402 billing buy-email-pack --wallet 0x1234...
-  run402 billing auto-recharge acct_abc on --threshold 2000
+  run402 billing checkout 00000000-0000-4000-8000-000000000001 --product tier --tier hobby
+  run402 billing checkout 0x1234... --product email-pack
+  run402 billing checkout 0x1234... --product balance-topup --amount 5000000
+  run402 billing auto-recharge org_abc on --threshold 2000
   run402 billing balance user@example.com
 `;
 
 const SUB_HELP = {
-  "tier-checkout": `run402 billing tier-checkout — Create a Stripe tier checkout session
+  checkout: `run402 billing checkout — Create an org checkout
 
 Usage:
-  run402 billing tier-checkout <tier> [--email <e> | --wallet <w>]
+  run402 billing checkout <identifier> --product <tier|email-pack|balance-topup> [options]
 
 Arguments:
-  <tier>              Tier name (e.g. hobby, pro)
+  <identifier>        Organization id (UUID), wallet (0x...), or email.
+                      Wallet/email are resolved to the organization id first.
 
 Options:
-  --email <e>         Email billing account to charge
-  --wallet <w>        Wallet address (0x...) to associate with the checkout
+  --product <p>       tier, email-pack, or balance-topup
+  --tier <tier>       Tier name for --product tier
+  --amount <n>        USD micros for --product balance-topup
 
 Examples:
-  run402 billing tier-checkout hobby --email user@example.com
-  run402 billing tier-checkout pro --wallet 0x1234...
-`,
-  "buy-email-pack": `run402 billing buy-email-pack — Buy a $5 email pack (10,000 emails)
-
-Usage:
-  run402 billing buy-email-pack [--email <e> | --wallet <w>]
-
-Options:
-  --email <e>         Email billing account to charge
-  --wallet <w>        Wallet address (0x...) to associate with the purchase
-
-Examples:
-  run402 billing buy-email-pack --email user@example.com
-  run402 billing buy-email-pack --wallet 0x1234...
+  run402 billing checkout 00000000-0000-4000-8000-000000000001 --product tier --tier hobby
+  run402 billing checkout 0x1234... --product email-pack
+  run402 billing checkout 0x1234... --product balance-topup --amount 5000000
 `,
   "auto-recharge": `run402 billing auto-recharge — Toggle email-pack auto-recharge
 
 Usage:
-  run402 billing auto-recharge <account_id> <on|off> [--threshold <n>]
+  run402 billing auto-recharge <org_id> <on|off> [--threshold <n>]
 
 Arguments:
-  <account_id>        Billing account ID
+  <org_id>        Organization ID
   <on|off>            Enable or disable auto-recharge
 
 Options:
   --threshold <n>     Remaining-email threshold that triggers auto-recharge
 
 Examples:
-  run402 billing auto-recharge acct_abc on --threshold 2000
-  run402 billing auto-recharge acct_abc off
+  run402 billing auto-recharge org_abc on --threshold 2000
+  run402 billing auto-recharge org_abc off
 `,
-  history: `run402 billing history — Show ledger history for a billing account
+  history: `run402 billing history — Show ledger history for a organization
 
 Usage:
   run402 billing history <identifier> [--limit <n>]
 
 Arguments:
-  <identifier>        Billing account id (UUID), wallet (0x...), or email.
-                      Wallet/email are resolved to the account id first.
+  <identifier>        Organization id (UUID), wallet (0x...), or email.
+                      Wallet/email are resolved to the organization id first.
 
 Options:
   --limit <n>         Max entries to return (default: 50)
 
 Auth:
-  Requires SIWX from a wallet linked to the account (signed automatically from
+  Requires SIWX from a wallet linked to the organization (signed automatically from
   the local allowance), or an admin key. Email lookups require an admin key.
 
 Examples:
@@ -91,17 +81,17 @@ Examples:
   run402 billing history 0x1234... --limit 100
   run402 billing history 00000000-0000-4000-8000-000000000001
 `,
-  balance: `run402 billing balance — Show balance for a billing account
+  balance: `run402 billing balance — Show balance for a organization
 
 Usage:
   run402 billing balance <identifier>
 
 Arguments:
-  <identifier>        Billing account id (UUID), wallet (0x...), or email.
-                      Wallet/email are resolved via the accounts lookup.
+  <identifier>        Organization id (UUID), wallet (0x...), or email.
+                      Wallet/email are resolved via the organization lookup.
 
 Auth:
-  Requires SIWX from a wallet linked to the account (signed automatically from
+  Requires SIWX from a wallet linked to the organization (signed automatically from
   the local allowance), or an admin key. Email lookups require an admin key.
 
 Examples:
@@ -109,56 +99,111 @@ Examples:
   run402 billing balance 0x1234abcd...
   run402 billing balance 00000000-0000-4000-8000-000000000001
 `,
-  "create-email": `run402 billing create-email — Create an email billing account
+  "create-email": `run402 billing create-email — Create an email organization
 
 Usage:
   run402 billing create-email <email>
 
 Arguments:
-  <email>             Email address to register as a billing account
+  <email>             Email address to register as a organization
 
 Examples:
   run402 billing create-email user@example.com
 `,
-  "link-wallet": `run402 billing link-wallet — Link a wallet to an email billing account
+  "link-wallet": `run402 billing link-wallet — Link a wallet to an email organization
 
 Usage:
-  run402 billing link-wallet <account_id> <wallet>
+  run402 billing link-wallet <org_id> <wallet>
 
 Arguments:
-  <account_id>        Billing account ID (e.g. acct_abc123)
+  <org_id>        Organization ID (e.g. org_abc123)
   <wallet>            Wallet address (0x...) to link
 
 Notes:
-  - Tier and quotas are per-billing-account. Linking a wallet merges its
-    spend into the account-wide pool that already includes every project
-    on this billing account.
+  - Tier and quotas are per-organization. Linking a wallet merges its
+    spend into the organization-wide pool that already includes every project
+    on this organization.
   - The response includes a 'pool_implications' block on v1.46+ gateways:
-    tier, projects_in_pool_count, account_api_calls_current,
-    account_storage_bytes_current, tier_limits, over_limit. Inspect
+    tier, projects_in_pool_count, organization_api_calls_current,
+    organization_storage_bytes_current, tier_limits, over_limit. Inspect
     'over_limit' before linking a wallet whose existing usage might push
     the merged pool past the tier cap.
 
 Examples:
-  run402 billing link-wallet acct_abc123 0x1234abcd...
+  run402 billing link-wallet org_abc123 0x1234abcd...
 `,
 };
 
-function requireSingleBillingIdentifier(email, wallet) {
-  if (email && wallet) {
+function normalizeCheckoutProduct(raw) {
+  if (!raw) {
     fail({
       code: "BAD_USAGE",
-      message: "Provide either --email or --wallet, not both.",
-      hint: "[--email <e> | --wallet <w>]",
+      message: "Missing --product.",
+      hint: "Use --product tier, --product email-pack, or --product balance-topup.",
     });
   }
-  if (!email && !wallet) {
+  const product = String(raw).replace(/-/g, "_");
+  if (product === "tier" || product === "email_pack" || product === "balance_topup") {
+    return product;
+  }
+  fail({
+    code: "BAD_USAGE",
+    message: `Unknown checkout product: ${raw}`,
+    hint: "Use tier, email-pack, or balance-topup.",
+  });
+}
+
+async function checkout(args) {
+  const parsedArgs = normalizeArgv(args);
+  const valueFlags = ["--product", "--tier", "--amount"];
+  assertKnownFlags(parsedArgs, [...valueFlags, "--help", "-h"], valueFlags);
+  const positionals = positionalArgs(parsedArgs, valueFlags);
+  const identifier = positionals[0];
+  if (positionals.length > 1) {
+    fail({ code: "BAD_USAGE", message: `Unexpected argument for billing checkout: ${positionals[1]}` });
+  }
+  if (!identifier) {
     fail({
       code: "BAD_USAGE",
-      message: "Must provide --email or --wallet",
-      hint: "[--email <e> | --wallet <w>]",
+      message: "Missing <identifier>.",
+      hint: "run402 billing checkout <identifier> --product <tier|email-pack|balance-topup>",
     });
   }
+  const product = normalizeCheckoutProduct(flagValue(parsedArgs, "--product"));
+  let checkoutRequest;
+  if (product === "tier") {
+    const tier = flagValue(parsedArgs, "--tier");
+    if (!tier) {
+      fail({
+        code: "BAD_USAGE",
+        message: "Missing --tier for tier checkout.",
+        hint: "run402 billing checkout <identifier> --product tier --tier hobby",
+      });
+    }
+    checkoutRequest = { product: "tier", tier };
+  } else if (product === "email_pack") {
+    checkoutRequest = { product: "email_pack" };
+  } else {
+    const amountRaw = flagValue(parsedArgs, "--amount");
+    if (amountRaw === null) {
+      fail({
+        code: "BAD_USAGE",
+        message: "Missing --amount for balance-topup checkout.",
+        hint: "run402 billing checkout <identifier> --product balance-topup --amount 5000000",
+      });
+    }
+    checkoutRequest = {
+      product: "balance_topup",
+      amountUsdMicros: parseIntegerFlag("--amount", amountRaw, { min: 1 }),
+    };
+  }
+  try {
+    const org = await getSdk().billing.lookupOrganization(identifier);
+    const data = await getSdk().billing.createCheckout(org.organization_id, checkoutRequest);
+    console.log(JSON.stringify(data, null, 2));
+  } catch (err) {
+    reportSdkError(err);
+  }
 }
 
 async function createEmail(args) {
@@ -177,7 +222,7 @@ async function createEmail(args) {
     });
   }
   try {
-    const data = await getSdk().billing.createEmailAccount(email);
+    const data = await getSdk().billing.createEmailOrganization(email);
     console.log(JSON.stringify(data, null, 2));
   } catch (err) {
     reportSdkError(err);
@@ -188,23 +233,23 @@ async function linkWallet(args) {
   const parsedArgs = normalizeArgv(args);
   assertKnownFlags(parsedArgs, ["--help", "-h"]);
   const positionals = positionalArgs(parsedArgs);
-  const accountId = positionals[0];
+  const organizationId = positionals[0];
   const wallet = positionals[1];
   if (positionals.length > 2) {
     fail({ code: "BAD_USAGE", message: `Unexpected argument for billing link-wallet: ${positionals[2]}` });
   }
-  if (!accountId || !wallet) {
+  if (!organizationId || !wallet) {
     fail({
       code: "BAD_USAGE",
-      message: "Missing <account_id> and/or <wallet>.",
-      hint: "run402 billing link-wallet <account_id> <wallet>",
+      message: "Missing <org_id> and/or <wallet>.",
+      hint: "run402 billing link-wallet <org_id> <wallet>",
     });
   }
   try {
-    const data = await getSdk().billing.linkWallet(accountId, wallet);
+    const data = await getSdk().billing.linkWallet(organizationId, wallet);
     const output = {
       status: data?.status ?? "ok",
-      billing_account_id: data?.billing_account_id ?? accountId,
+      organization_id: data?.organization_id ?? organizationId,
       wallet: data?.wallet ?? wallet.toLowerCase(),
       ...(data?.pool_implications ? { pool_implications: data.pool_implications } : {}),
     };
@@ -214,67 +259,21 @@ async function linkWallet(args) {
   }
 }
 
-async function tierCheckout(args) {
-  const parsedArgs = normalizeArgv(args);
-  const valueFlags = ["--email", "--wallet"];
-  assertKnownFlags(parsedArgs, [...valueFlags, "--help", "-h"], valueFlags);
-  const positionals = positionalArgs(parsedArgs, valueFlags);
-  const tier = positionals[0];
-  if (positionals.length > 1) {
-    fail({ code: "BAD_USAGE", message: `Unexpected argument for billing tier-checkout: ${positionals[1]}` });
-  }
-  if (!tier) {
-    fail({
-      code: "BAD_USAGE",
-      message: "Missing <tier>.",
-      hint: "run402 billing tier-checkout <tier> [--email <e> | --wallet <w>]",
-    });
-  }
-  const email = flagValue(parsedArgs, "--email");
-  const wallet = flagValue(parsedArgs, "--wallet");
-  requireSingleBillingIdentifier(email, wallet);
-  try {
-    const data = await getSdk().billing.tierCheckout(tier, { email: email ?? undefined, wallet: wallet ?? undefined });
-    console.log(JSON.stringify(data, null, 2));
-  } catch (err) {
-    reportSdkError(err);
-  }
-}
-
-async function buyPack(args) {
-  const parsedArgs = normalizeArgv(args);
-  const valueFlags = ["--email", "--wallet"];
-  assertKnownFlags(parsedArgs, [...valueFlags, "--help", "-h"], valueFlags);
-  const extra = positionalArgs(parsedArgs, valueFlags);
-  if (extra.length > 0) {
-    fail({ code: "BAD_USAGE", message: `Unexpected argument for billing buy-email-pack: ${extra[0]}` });
-  }
-  const email = flagValue(parsedArgs, "--email");
-  const wallet = flagValue(parsedArgs, "--wallet");
-  requireSingleBillingIdentifier(email, wallet);
-  try {
-    const data = await getSdk().billing.buyEmailPack({ email: email ?? undefined, wallet: wallet ?? undefined });
-    console.log(JSON.stringify(data, null, 2));
-  } catch (err) {
-    reportSdkError(err);
-  }
-}
-
 async function autoRecharge(args) {
   const parsedArgs = normalizeArgv(args);
   const valueFlags = ["--threshold"];
   assertKnownFlags(parsedArgs, [...valueFlags, "--help", "-h"], valueFlags);
   const positionals = positionalArgs(parsedArgs, valueFlags);
-  const accountId = positionals[0];
+  const organizationId = positionals[0];
   const state = positionals[1];
   if (positionals.length > 2) {
     fail({ code: "BAD_USAGE", message: `Unexpected argument for billing auto-recharge: ${positionals[2]}` });
   }
-  if (!accountId || !state || !["on", "off"].includes(state)) {
+  if (!organizationId || !state || !["on", "off"].includes(state)) {
     fail({
       code: "BAD_USAGE",
-      message: "Missing <account_id> and/or <on|off>.",
-      hint: "run402 billing auto-recharge <account_id> <on|off> [--threshold <n>]",
+      message: "Missing <org_id> and/or <on|off>.",
+      hint: "run402 billing auto-recharge <org_id> <on|off> [--threshold <n>]",
     });
   }
   const thresholdStr = flagValue(parsedArgs, "--threshold");
@@ -283,11 +282,11 @@ async function autoRecharge(args) {
     : undefined;
   try {
     await getSdk().billing.setAutoRecharge({
-      billingAccountId: accountId,
+      organizationId: organizationId,
       enabled: state === "on",
       threshold,
     });
-    console.log(JSON.stringify({ billing_account_id: accountId, enabled: state === "on", updated: true }));
+    console.log(JSON.stringify({ organization_id: organizationId, enabled: state === "on", updated: true }));
   } catch (err) {
     reportSdkError(err);
   }
@@ -305,11 +304,11 @@ async function balance(args) {
     fail({
       code: "BAD_USAGE",
       message: "Missing <identifier>.",
-      hint: "run402 billing balance <account-id | wallet | email>",
+      hint: "run402 billing balance <org-id | wallet | email>",
     });
   }
   try {
-    const data = await getSdk().billing.getAccount(id);
+    const data = await getSdk().billing.getOrganization(id);
     console.log(JSON.stringify(data, null, 2));
   } catch (err) {
     reportSdkError(err);
@@ -329,7 +328,7 @@ async function history(args) {
     fail({
       code: "BAD_USAGE",
       message: "Missing <identifier>.",
-      hint: "run402 billing history <account-id | wallet | email> [--limit <n>]",
+      hint: "run402 billing history <org-id | wallet | email> [--limit <n>]",
     });
   }
   const limit = parsedArgs.includes("--limit")
@@ -349,8 +348,7 @@ export async function run(sub, args) {
   switch (sub) {
     case "create-email": await createEmail(args); break;
     case "link-wallet": await linkWallet(args); break;
-    case "tier-checkout": await tierCheckout(args); break;
-    case "buy-email-pack": await buyPack(args); break;
+    case "checkout": await checkout(args); break;
     case "auto-recharge": await autoRecharge(args); break;
     case "balance": await balance(args); break;
     case "history": await history(args); break;

package/lib/operator.mjs

@@ -4,7 +4,7 @@
  * The operator is YOU, the human, identified by email — distinct from the
  * AGENT (your wallet / SIWX identity). One browser login spans every wallet
  * that verified your email, so `operator overview` returns the cross-wallet
- * union. For a single wallet's account state, use `run402 status`.
+ * union. For a single wallet's organization state, use `run402 status`.
  *
  * Auth: browser-delegated device-authorization grant (RFC 8628, the
  * `aws sso login` model). The CLI never performs WebAuthn — the browser does,
@@ -47,7 +47,7 @@ const HELP = `run402 operator — operator (human / email) session
 
 The operator is YOU, the human, identified by email — distinct from the agent
 (your wallet). One browser login spans every wallet that verified your email.
-For a single wallet's account state, use 'run402 status'.
+For a single wallet's organization state, use 'run402 status'.
 
 Usage:
   run402 operator login [--no-open]              (read session, device-flow)
@@ -289,7 +289,7 @@ async function loopbackLogin(args, { stepUp }) {
     if (memberships.length) {
       process.stderr.write(
         `Member of ${memberships.length} org(s):\n` +
-          memberships.map((m) => `  - ${m.billing_account_id} (${m.role}, ${m.status})`).join("\n") +
+          memberships.map((m) => `  - ${m.display_name || m.org_id || m.organization_id || "unknown"} (${m.role}, ${m.status})`).join("\n") +
           "\n",
       );
     }

package/lib/projects.mjs

@@ -101,7 +101,7 @@ Usage:
   run402 projects list [--org <id>] [--all]
 
 Options:
-  --org <id>          Filter to projects owned by one org (billing account).
+  --org <id>          Filter to projects owned by one org (organization).
                       Authorize-before-reveal: a non-member or guessed id is a
                       403; a non-UUID id is a 400.
   --all               Read the cross-wallet inventory across every wallet
@@ -114,7 +114,7 @@ Notes:
   - This is a SERVER read (membership-scoped), not the local keystore. Each row
     has project_id, name, site_url, custom_domains, org_id, status, and an
     'active' marker derived from local state.
-  - Tier and lifecycle live on the billing account, not each project — use
+  - Tier and lifecycle live on the organization, not each project — use
     'run402 status' or 'run402 tier status' for the account view.
 
 Examples:
@@ -478,7 +478,7 @@ async function list(args = []) {
       active: p.id === activeId,
       site_url: p.site_url ?? null,
       custom_domains: p.custom_domains ?? [],
-      org_id: p.billing_account_id ?? null,
+      org_id: p.organization_id ?? null,
       status: p.status ?? p.effective_status ?? null,
     }));
     const out = { projects: rows };
@@ -724,7 +724,7 @@ export async function run(sub, args) {
     fail({
       code: "REMOVED_COMMAND",
       message: "`run402 projects pin` was removed in v1.57.",
-      hint: "Per-project pin is superseded by the account-level escape hatch. Use `run402 admin lease-perpetual <billing_account_id> --enable` (platform-admin only).",
+      hint: "Per-project pin is superseded by the organization-level escape hatch. Use `run402 admin lease-perpetual <organization_id> --enable` (platform-admin only).",
     });
   }
   args = normalizeArgv(args);