fix(billing): address accounts by :account_id; harden /wallets/:address/projects auth#433
Merged
Merged
Conversation
…ss/projects auth Mirror the gateway api-cleanup-batch-1-accounts contract in SDK/CLI/MCP: - Account reads are keyed by the canonical billing_account_id (UUID). SDK getAccount/checkBalance route a UUID to GET /billing/v1/accounts/:account_id and a wallet/email through the new GET /billing/v1/accounts?wallet=|?email= lookup; getHistory resolves wallet/email to the account id first, then reads /accounts/:account_id/history. Add billing.lookupAccount as the resolve primitive. Response shape drops identifier_type and adds billing_account_id (BillingBalance kept as a deprecated alias of BillingAccountDetail). - Exposure hardening: projects.list (GET /wallets/v1/:address/projects) now sends SIWX — the endpoint went from public to owner-only (admin bypasses). - MCP tool descriptions, CLI billing help, and the comprehensive docs (llms-cli.txt, llms-sdk.txt, sdk/README.md, SKILL/openclaw SKILL) updated. - Tests: rewrote billing/projects URL+auth assertions, added lookupAccount coverage and a CLI-e2e lookup mock; sync.test endpoint registry updated. Closes #432 Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Mirrors the gateway
api-cleanup-batch-1-accountscontract (Batch 1, piece 3 + exposure hardening) in the public SDK/CLI/MCP. Verified against the gateway implementation + tests onrun402-private.Account reads →
:account_id(UUID)GET /billing/v1/accounts/:id(wallet|email-in-path) → canonical:account_id. NewGET /billing/v1/accounts?wallet=|?email=lookup resolves a wallet/email → account.getAccount/checkBalance: UUID → by-id read; wallet/email → lookup (returns detail directly).getHistory/history: resolve to account id, then/accounts/:account_id/history.billing.lookupAccount(identifier)primitive.identifier_type, addedbilling_account_id.BillingBalance→ deprecated alias ofBillingAccountDetail;BillingHistoryResultkeyed bybilling_account_id.Exposure hardening
projects.list(GET /wallets/v1/:address/projects) now signs SIWX — endpoint went from public to owner-only (admin bypasses).Surfaces
check_balance,list_projects,billing_history), CLIbillinghelp, and comprehensive docs (llms-cli.txt,llms-sdk.txt,sdk/README.md, bothSKILL.md).lookupAccountcoverage, CLI-e2e lookup mock,sync.test.tsendpoint registry.Full suite green (1282 unit/sync/skill + 619 e2e, 0 fail; 43 doc snippets compile).
Closes #432
🤖 Generated with Claude Code