@b3dotfun/sdk 0.1.68 → 0.1.69-alpha.1

package/dist/cjs/global-account/react/components/SignInWithB3/steps/LoginStep.js

@@ -7,6 +7,7 @@ const react_1 = require("../../../../../global-account/react");
 const constants_1 = require("../../../../../shared/constants");
 const thirdweb_1 = require("../../../../../shared/utils/thirdweb");
 const react_2 = require("thirdweb/react");
+const react_3 = require("react");
 const wallets_1 = require("thirdweb/wallets");
 function LoginStepContainer({ children, partnerId }) {
     const { data: partner } = (0, react_1.useQueryB3)("global-accounts-partners", "find", {
@@ -18,30 +19,17 @@ function LoginStepContainer({ children, partnerId }) {
     const partnerLogo = partner?.data?.[0]?.loginCustomization?.logoUrl;
     return ((0, jsx_runtime_1.jsxs)("div", { className: "bg-b3-react-background flex flex-col items-center justify-center pt-6", children: [partnerLogo && ((0, jsx_runtime_1.jsx)("img", { src: partnerLogo, alt: "Partner Logo", className: "partner-logo mb-6 h-12 w-auto object-contain" })), children] }));
 }
-function LoginStep({ onSuccess, chain }) {
-    const { partnerId, theme } = (0, react_1.useB3Config)();
-    const wallet = (0, wallets_1.ecosystemWallet)(constants_1.ecosystemWalletId, {
-        partnerId: partnerId,
-    });
-    const { onConnect } = (0, react_1.useAuthentication)(partnerId);
-    return ((0, jsx_runtime_1.jsx)(LoginStepContainer, { partnerId: partnerId, children: (0, jsx_runtime_1.jsx)(react_2.ConnectEmbed, { showThirdwebBranding: false, client: thirdweb_1.client, chain: chain, wallets: [wallet], theme: theme === "light"
-                ? (0, react_2.lightTheme)({
-                    colors: {
-                        modalBg: "hsl(var(--b3-react-background))",
-                    },
-                })
-                : (0, react_2.darkTheme)({
-                    colors: {
-                        modalBg: "hsl(var(--b3-react-background))",
-                    },
-                }), style: {
-                width: "100%",
-                height: "100%",
-                border: 0,
-            }, header: {
-                title: "Sign in with B3",
-                titleIcon: "https://cdn.b3.fun/b3_logo.svg",
-            }, className: "b3-login-step", onConnect: async (wallet, allConnectedWallets) => {
+/** Inner component that only mounts when partnerId is a non-empty string.
+ *  Keeps all hooks unconditional without calling useAuthentication(""). */
+function LoginStepContent({ onSuccess, chain, partnerId, theme, }) {
+    const wallet = (0, react_3.useMemo)(() => (0, wallets_1.ecosystemWallet)(constants_1.ecosystemWalletId, { partnerId }), [partnerId]);
+    // skipAutoConnect: AuthenticationProvider already owns the auto-connect instance.
+    // Creating another here would cause a second authentication cycle (another 401 attempt)
+    // that makes the modal flash between spinner and blank before finally showing the login form.
+    const { onConnect } = (0, react_1.useAuthentication)(partnerId, { skipAutoConnect: true });
+    return ((0, jsx_runtime_1.jsx)(LoginStepContainer, { partnerId: partnerId, children: (0, jsx_runtime_1.jsx)(react_2.ConnectEmbed, { showThirdwebBranding: false, autoConnect: false, client: thirdweb_1.client, chain: chain, wallets: [wallet], theme: theme === "light"
+                ? (0, react_2.lightTheme)({ colors: { modalBg: "hsl(var(--b3-react-background))" } })
+                : (0, react_2.darkTheme)({ colors: { modalBg: "hsl(var(--b3-react-background))" } }), style: { width: "100%", height: "100%", border: 0 }, header: { title: "Sign in with B3", titleIcon: "https://cdn.b3.fun/b3_logo.svg" }, className: "b3-login-step", onConnect: async (wallet, allConnectedWallets) => {
                 await onConnect(wallet, allConnectedWallets);
                 const account = wallet.getAccount();
                 if (!account)
@@ -49,3 +37,12 @@ function LoginStep({ onSuccess, chain }) {
                 await onSuccess(account);
             } }) }));
 }
+function LoginStep({ onSuccess, chain }) {
+    const { partnerId, theme } = (0, react_1.useB3Config)();
+    // partnerId may be undefined during the brief B3Provider hydration window.
+    // Return null rather than rendering ConnectEmbed with an invalid ecosystem
+    // wallet config (which causes a blank screen).
+    if (!partnerId)
+        return null;
+    return (0, jsx_runtime_1.jsx)(LoginStepContent, { onSuccess: onSuccess, chain: chain, partnerId: partnerId, theme: theme });
+}

package/dist/cjs/global-account/react/components/SignInWithB3/steps/LoginStepCustom.js

@@ -16,7 +16,7 @@ function LoginStepCustom({ onSuccess, onError, chain, strategies, maxInitialWall
     const { connect } = (0, react_1.useConnect)(partnerId, chain);
     const setIsAuthenticating = (0, react_1.useAuthStore)(state => state.setIsAuthenticating);
     const setIsAuthenticated = (0, react_1.useAuthStore)(state => state.setIsAuthenticated);
-    const { logout } = (0, react_1.useAuthentication)(partnerId);
+    const { logout } = (0, react_1.useAuthentication)(partnerId, { skipAutoConnect: true });
     const { connect: connectTW } = (0, react_3.useConnect)();
     // Split strategies into auth and wallet types
     const authStrategies = strategies.filter(s => !(0, react_1.isWalletType)(s));

package/dist/cjs/global-account/react/hooks/useAuth.js

@@ -44,7 +44,7 @@ function useAuth() {
     const useAutoConnectLoadingPrevious = (0, react_2.useRef)(false);
     const referralCode = (0, useSearchParamsSSR_1.useSearchParam)("referralCode");
     const { partnerId } = (0, react_1.useB3Config)();
-    const wagmiConfig = (0, createWagmiConfig_1.createWagmiConfig)({ partnerId });
+    const wagmiConfig = (0, createWagmiConfig_1.getCachedWagmiConfig)({ partnerId });
     const { connect } = (0, wagmi_1.useConnect)();
     const activeWagmiAccount = (0, wagmi_1.useAccount)();
     const { switchAccount } = (0, wagmi_1.useSwitchAccount)();

package/dist/cjs/global-account/react/hooks/useAuthentication.d.ts

@@ -1,6 +1,8 @@
 import { Wallet } from "thirdweb/wallets";
 import { preAuthenticate } from "thirdweb/wallets/in-app";
-export declare function useAuthentication(partnerId: string): {
+export declare function useAuthentication(partnerId: string, { skipAutoConnect }?: {
+    skipAutoConnect?: boolean;
+}): {
     logout: (callback?: () => void) => Promise<void>;
     isAuthenticated: boolean;
     isReady: boolean;

package/dist/cjs/global-account/react/hooks/useAuthentication.js

@@ -21,11 +21,26 @@ const createWagmiConfig_1 = require("../utils/createWagmiConfig");
 const useTWAuth_1 = require("./useTWAuth");
 const useUserQuery_1 = require("./useUserQuery");
 const debug = (0, debug_1.debugB3React)("useAuthentication");
-function useAuthentication(partnerId) {
+function useAuthentication(partnerId, { skipAutoConnect = false } = {}) {
     const { onConnectCallback, onLogoutCallback } = (0, react_2.useContext)(LocalSDKProvider_1.LocalSDKContext);
     const { disconnect } = (0, react_3.useDisconnect)();
     const wallets = (0, react_3.useConnectedWallets)();
+    // Keep refs so logout() always disconnects current wallets, not stale closure values.
+    // autoConnectCore captures onConnect (and thus logout) from the first render before wallets
+    // are populated — without these refs, logout() would capture wallets=[] and disconnect nothing.
+    const walletsRef = (0, react_2.useRef)(wallets);
+    (0, react_2.useEffect)(() => {
+        walletsRef.current = wallets;
+    }, [wallets]);
     const activeWallet = (0, react_3.useActiveWallet)();
+    // Track the active wallet by ref so logout() can disconnect the exact reference
+    // stored in thirdweb's activeWalletStore. walletsRef.current (from useConnectedWallets)
+    // may hold a different object reference than what thirdweb considers "active",
+    // causing the identity check in onWalletDisconnect to fail silently.
+    const activeWalletRef = (0, react_2.useRef)(activeWallet);
+    (0, react_2.useEffect)(() => {
+        activeWalletRef.current = activeWallet;
+    }, [activeWallet]);
     const isAuthenticated = (0, react_1.useAuthStore)(state => state.isAuthenticated);
     const setIsAuthenticated = (0, react_1.useAuthStore)(state => state.setIsAuthenticated);
     const setIsConnected = (0, react_1.useAuthStore)(state => state.setIsConnected);
@@ -132,21 +147,37 @@ function useAuthentication(partnerId) {
         }
     }, [activeWallet, partnerId, authenticate, setIsAuthenticated, setIsAuthenticating, setUser, setHasStartedConnecting]);
     const logout = (0, react_2.useCallback)(async (callback) => {
-        if (activeWallet) {
-            debug("@@logout:activeWallet", activeWallet);
-            disconnect(activeWallet);
-            debug("@@logout:activeWallet", activeWallet);
-        }
-        // Log out of each wallet
-        wallets.forEach(wallet => {
-            console.log("@@logging out", wallet);
-            disconnect(wallet);
+        // Disconnect ecosystem/smart wallets from the connected wallets list.
+        // EOA wallets (MetaMask, Coinbase Wallet) are left in the list so they can
+        // auto-reconnect on next login without requiring a new approval popup.
+        // Use walletsRef.current (not the stale closure value) so we always get current wallets —
+        // autoConnectCore captures logout from the first render when wallets is still [].
+        walletsRef.current.forEach(wallet => {
+            debug("@@logout:wallet", wallet.id);
+            if (wallet.id.startsWith("ecosystem.") || wallet.id === "smart") {
+                disconnect(wallet);
+            }
         });
-        // Delete localStorage thirdweb:connected-wallet-ids
-        // https://npc-labs.slack.com/archives/C070E6HNG85/p1750185115273099
+        // Unconditionally disconnect the active wallet to clear thirdweb's activeAccountStore.
+        // This is separate from the loop above: even if the active wallet is an EOA (e.g.
+        // Coinbase Wallet), we must disconnect it so activeAccount becomes undefined.
+        // Without this, ConnectEmbed renders show=false (blank modal) because it checks
+        // show = !activeAccount. Note: thirdweb's disconnect() is idempotent — calling it
+        // on an already-disconnected wallet (from the loop above) is a no-op.
+        // We use the exact reference from activeWalletRef because thirdweb's
+        // onWalletDisconnect uses strict identity (===) to decide whether to clear
+        // activeAccountStore.
+        // Tradeoff: EOA wallets (MetaMask, Coinbase Wallet) will be removed from
+        // connectedWallets and require a new approval popup on next login.
+        // This is acceptable because a working login form is more critical than
+        // skipping one wallet approval step.
+        if (activeWalletRef.current) {
+            debug("@@logout:disconnecting active wallet", activeWalletRef.current.id);
+            disconnect(activeWalletRef.current);
+        }
+        // Clear user-specific storage (auth tokens, cached user data).
+        // Thirdweb's wallet connection state is managed separately via disconnect() above.
         if (typeof localStorage !== "undefined") {
-            localStorage.removeItem("thirdweb:connected-wallet-ids");
-            localStorage.removeItem("wagmi.store");
             localStorage.removeItem("lastAuthProvider");
             localStorage.removeItem("b3-user");
         }
@@ -154,33 +185,62 @@ function useAuthentication(partnerId) {
         debug("@@logout:loggedOut");
         setIsAuthenticated(false);
         setIsConnected(false);
+        // Reset isAuthenticating so any in-flight page-load auto-connect that set it true
+        // does not keep the login modal spinner stuck after logout() is called.
+        setIsAuthenticating(false);
         setUser();
         callback?.();
         if (onLogoutCallback) {
             await onLogoutCallback();
         }
-    }, [activeWallet, disconnect, wallets, setIsAuthenticated, setUser, setIsConnected, onLogoutCallback]);
+    }, 
+    // wallets intentionally omitted — we use walletsRef.current so this callback stays stable
+    // and always operates on current wallets even when captured in stale closures.
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+    [disconnect, setIsAuthenticated, setIsAuthenticating, setUser, setIsConnected, onLogoutCallback]);
     const onConnect = (0, react_2.useCallback)(async (_walleAutoConnectedWith, allConnectedWallets) => {
         debug("@@useAuthentication:onConnect", { _walleAutoConnectedWith, allConnectedWallets });
+        const connectedEcosystemWallet = allConnectedWallets.find(w => w.id.startsWith("ecosystem."));
         try {
-            const wallet = allConnectedWallets.find(wallet => wallet.id.startsWith("ecosystem."));
-            if (!wallet) {
+            if (!connectedEcosystemWallet) {
                 throw new Error("No smart wallet found during auto-connect");
             }
-            debug("@@useAuthentication:onConnect", { wallet });
+            debug("@@useAuthentication:onConnect", { wallet: connectedEcosystemWallet });
             setHasStartedConnecting(true);
             setIsConnected(true);
             setIsAuthenticating(true);
-            await setActiveWallet(wallet);
-            const userAuth = await authenticateUser(wallet);
+            await setActiveWallet(connectedEcosystemWallet);
+            const userAuth = await authenticateUser(connectedEcosystemWallet);
             if (userAuth && onConnectCallback) {
-                await onConnectCallback(wallet, userAuth.accessToken);
+                await onConnectCallback(connectedEcosystemWallet, userAuth.accessToken);
             }
         }
         catch (error) {
             debug("@@useAuthentication:onConnect:failed", { error });
             setIsAuthenticated(false);
             setUser(undefined);
+            // Directly disconnect the ecosystem wallet we set active above.
+            // We can't rely on logout()'s activeWalletRef here because it's updated
+            // via useEffect (deferred until after paint), but this callback may run
+            // entirely within a single React commit cycle — before the ref updates.
+            // Note: logout() below may also call disconnect() on the same wallet via
+            // activeWalletRef — thirdweb's disconnect() is idempotent so this is safe.
+            if (connectedEcosystemWallet) {
+                debug("@@useAuthentication:onConnect:disconnecting ecosystem wallet", connectedEcosystemWallet.id);
+                disconnect(connectedEcosystemWallet);
+            }
+            // Also disconnect the wallet that autoConnectCore set as active.
+            // When only a non-ecosystem wallet (e.g. MetaMask) auto-reconnects,
+            // connectedEcosystemWallet is undefined, so the block above is skipped.
+            // But autoConnectCore already set this wallet as thirdweb's activeWallet,
+            // leaving activeAccount set. ConnectEmbed checks show = !activeAccount,
+            // so if we don't clear it, the login form renders blank.
+            // Uses object identity (===) which is safe because thirdweb returns
+            // stable references for connected wallet instances.
+            if (_walleAutoConnectedWith && _walleAutoConnectedWith !== connectedEcosystemWallet) {
+                debug("@@useAuthentication:onConnect:disconnecting auto-connected wallet", _walleAutoConnectedWith.id);
+                disconnect(_walleAutoConnectedWith);
+            }
             await logout();
         }
         finally {
@@ -195,6 +255,7 @@ function useAuthentication(partnerId) {
         isAuthenticated,
         isAuthenticating,
         isConnected,
+        disconnect,
         setHasStartedConnecting,
         setIsConnected,
         setIsAuthenticating,
@@ -207,23 +268,32 @@ function useAuthentication(partnerId) {
     ]);
     const { isLoading: useAutoConnectLoading } = (0, react_3.useAutoConnect)({
         client: thirdweb_1.client,
-        wallets: [wallet],
+        // When skipAutoConnect is true (e.g. LoginStepContent, SignInWithB3Flow), pass an empty
+        // wallets array so useAutoConnect completes immediately without firing onConnect.
+        // Only AuthenticationProvider (the primary instance) should own auto-connect.
+        wallets: skipAutoConnect ? [] : [wallet],
         onConnect,
         onTimeout: () => {
+            if (skipAutoConnect)
+                return;
             logout().catch(error => {
                 debug("@@useAuthentication:logout on timeout failed", { error });
             });
         },
     });
     /**
-     * useAutoConnectLoading starts as false
+     * useAutoConnectLoading starts as false.
+     * Only the primary (non-skip) instance manages isAuthenticating via this effect
+     * to avoid race conditions when multiple useAuthentication instances are mounted.
      */
     (0, react_2.useEffect)(() => {
+        if (skipAutoConnect)
+            return;
         if (!useAutoConnectLoading && useAutoConnectLoadingPrevious.current && !hasStartedConnecting) {
             setIsAuthenticating(false);
         }
         useAutoConnectLoadingPrevious.current = useAutoConnectLoading;
-    }, [useAutoConnectLoading, hasStartedConnecting, setIsAuthenticating]);
+    }, [useAutoConnectLoading, hasStartedConnecting, setIsAuthenticating, skipAutoConnect]);
     const isReady = isAuthenticated && !isAuthenticating;
     return {
         logout,

package/dist/cjs/global-account/react/hooks/useAutoSelectWallet.d.ts

@@ -1,7 +1,10 @@
+import { EIP1193 } from "thirdweb/wallets";
 /**
- * Hook to automatically select the first EOA wallet when user is authenticated
- * Only auto-selects if the last auth was via wallet or no previous auth provider
+ * Hook to automatically connect a default EOA provider (if given) and
+ * select the first EOA wallet when user is authenticated.
+ * Only auto-selects if the last auth was via wallet or no previous auth provider.
  */
-export declare function useAutoSelectWallet({ enabled }: {
+export declare function useAutoSelectWallet({ enabled, defaultEoaProvider, }: {
     enabled: boolean;
+    defaultEoaProvider?: EIP1193.EIP1193Provider;
 }): void;

package/dist/cjs/global-account/react/hooks/useAutoSelectWallet.js

@@ -1,19 +1,47 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.useAutoSelectWallet = useAutoSelectWallet;
+const thirdweb_1 = require("../../../shared/utils/thirdweb");
 const debug_1 = require("../../../shared/utils/debug");
 const react_1 = require("react");
 const react_2 = require("thirdweb/react");
+const wallets_1 = require("thirdweb/wallets");
 const stores_1 = require("../stores");
 const debug = (0, debug_1.debugB3React)("useAutoSelectWallet");
 /**
- * Hook to automatically select the first EOA wallet when user is authenticated
- * Only auto-selects if the last auth was via wallet or no previous auth provider
+ * Hook to automatically connect a default EOA provider (if given) and
+ * select the first EOA wallet when user is authenticated.
+ * Only auto-selects if the last auth was via wallet or no previous auth provider.
  */
-function useAutoSelectWallet({ enabled }) {
+function useAutoSelectWallet({ enabled, defaultEoaProvider, }) {
     const isAuthenticated = (0, stores_1.useAuthStore)(state => state.isAuthenticated);
     const wallets = (0, react_2.useConnectedWallets)();
     const setActiveWallet = (0, react_2.useSetActiveWallet)();
+    const addConnectedWallet = (0, react_2.useAddConnectedWallet)();
+    const hasConnectedProvider = (0, react_1.useRef)(false);
+    // Auto-connect the default EOA provider (e.g. Farcaster frame wallet) on mount.
+    // Uses useAddConnectedWallet instead of useConnect so the wallet is added to
+    // connectedWallets WITHOUT becoming the active wallet. This prevents
+    // useAuthentication's logout/onTimeout from disconnecting it (logout only
+    // disconnects ecosystem wallets and the active wallet).
+    (0, react_1.useEffect)(() => {
+        if (!defaultEoaProvider || hasConnectedProvider.current)
+            return;
+        hasConnectedProvider.current = true;
+        const connectDefaultProvider = async () => {
+            try {
+                const wallet = wallets_1.EIP1193.fromProvider({ provider: defaultEoaProvider });
+                await wallet.connect({ client: thirdweb_1.client });
+                addConnectedWallet(wallet);
+                debug("Auto-connected default EOA provider", wallet.id);
+            }
+            catch (error) {
+                debug("Failed to auto-connect default EOA provider", error);
+                hasConnectedProvider.current = false;
+            }
+        };
+        connectDefaultProvider();
+    }, [defaultEoaProvider, addConnectedWallet]);
     const setWallet = (0, react_1.useCallback)((wallet) => {
         debug("@@setWallet", wallet.id, wallet.getAccount()?.address);
         setActiveWallet(wallet);

package/dist/cjs/global-account/react/hooks/useGetAllTWSigners.js

@@ -68,7 +68,8 @@ function useGetAllTWSigners({ chain, accountAddress, queryOptions }) {
             });
             return result;
         },
-        enabled: Boolean(chain && accountAddress),
+        // Respect queryOptions.enabled if explicitly set (e.g. signersEnabled=false from SignInWithB3Flow)
+        enabled: queryOptions?.enabled !== false && Boolean(chain && accountAddress),
         refetchOnMount: true,
         refetchOnWindowFocus: true,
         refetchOnReconnect: true,

package/dist/cjs/global-account/react/stores/useModalStore.d.ts

@@ -657,6 +657,10 @@ interface ModalState {
     setLinkingState: (isLinking: boolean, method?: string | null) => void;
     /** Function to update closable property of current content without adding to history */
     setClosable: (closable: boolean) => void;
+    /** Whether a third-party iframe (e.g. Persona KYC) is currently active over the modal */
+    personaActive: boolean;
+    /** Function to mark a third-party iframe as active/inactive */
+    setPersonaActive: (active: boolean) => void;
 }
 /**
  * Zustand store for managing modal state

package/dist/cjs/global-account/react/stores/useModalStore.js

@@ -39,4 +39,6 @@ exports.useModalStore = (0, zustand_1.create)(set => ({
     setClosable: (closable) => set(state => ({
         contentType: state.contentType ? { ...state.contentType, closable } : null,
     })),
+    personaActive: false,
+    setPersonaActive: (active) => set({ personaActive: active }),
 }));

package/dist/cjs/global-account/react/utils/createWagmiConfig.d.ts

@@ -25,3 +25,21 @@ export declare function createWagmiConfig(options: CreateWagmiConfigOptions): im
 }, {
     "thirdweb:lastChainId": number;
 }>)[]>;
+/**
+ * Returns a cached wagmi config for the given partnerId.
+ * Use this instead of calling createWagmiConfig() directly inside React components or hooks
+ * to avoid registering duplicate EventEmitter listeners on every render.
+ */
+export declare function getCachedWagmiConfig(options: CreateWagmiConfigOptions): import("wagmi").Config<readonly [import("viem").Chain, ...import("viem").Chain[]], {
+    [k: string]: import("viem").HttpTransport<undefined, false>;
+}, (CreateConnectorFn | CreateConnectorFn<import("thirdweb/dist/types/adapters/eip1193").EIP1193Provider | undefined, {
+    connect<withCapabilities extends boolean = false>(parameters?: import("@thirdweb-dev/wagmi-adapter").ConnectionOptions<withCapabilities> | undefined): Promise<{
+        accounts: withCapabilities extends true ? readonly {
+            address: `0x${string}`;
+            capabilities: Record<string, unknown>;
+        }[] : readonly `0x${string}`[];
+        chainId: number;
+    }>;
+}, {
+    "thirdweb:lastChainId": number;
+}>)[]>;

package/dist/cjs/global-account/react/utils/createWagmiConfig.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.createWagmiConfig = createWagmiConfig;
+exports.getCachedWagmiConfig = getCachedWagmiConfig;
 const constants_1 = require("../../../shared/constants");
 const supported_1 = require("../../../shared/constants/chains/supported");
 const thirdweb_1 = require("../../../shared/utils/thirdweb");
@@ -30,3 +31,19 @@ function createWagmiConfig(options) {
         connectors: finalConnectors,
     });
 }
+/** Module-level cache — wagmi configs must not be recreated on every render. */
+const wagmiConfigCache = new Map();
+/**
+ * Returns a cached wagmi config for the given partnerId.
+ * Use this instead of calling createWagmiConfig() directly inside React components or hooks
+ * to avoid registering duplicate EventEmitter listeners on every render.
+ */
+function getCachedWagmiConfig(options) {
+    const key = options.partnerId;
+    let config = wagmiConfigCache.get(key);
+    if (!config) {
+        config = createWagmiConfig(options);
+        wagmiConfigCache.set(key, config);
+    }
+    return config;
+}

package/dist/esm/anyspend/platform/client.d.ts

@@ -0,0 +1,35 @@
+/**
+ * Core HTTP client for the AnySpend Platform API.
+ * Handles authentication, retries, error parsing, and idempotency.
+ */
+export interface ClientConfig {
+    baseUrl?: string;
+    timeout?: number;
+    maxRetries?: number;
+    idempotencyKeyGenerator?: () => string;
+}
+export declare const DEFAULT_BASE_URL = "https://platform-api.anyspend.com/api/v1";
+export declare class HttpClient {
+    private apiKey;
+    private baseUrl;
+    private timeout;
+    private maxRetries;
+    private generateIdempotencyKey;
+    constructor(apiKey: string, config?: ClientConfig);
+    get<T>(path: string, params?: object): Promise<T>;
+    post<T>(path: string, body?: object): Promise<T>;
+    patch<T>(path: string, body: object): Promise<T>;
+    delete<T>(path: string, body?: object): Promise<T>;
+    postFormData<T>(path: string, formData: FormData): Promise<T>;
+    private buildUrl;
+    private request;
+    private requestRaw;
+    private executeWithRetry;
+    private sleep;
+}
+/**
+ * Static HTTP client for unauthenticated requests (quick-pay).
+ */
+export declare class StaticHttpClient {
+    static post<T>(baseUrl: string, path: string, body: Record<string, unknown>): Promise<T>;
+}

package/dist/esm/anyspend/platform/client.js

@@ -0,0 +1,153 @@
+/**
+ * Core HTTP client for the AnySpend Platform API.
+ * Handles authentication, retries, error parsing, and idempotency.
+ */
+import { parseApiError } from "./errors.js";
+import { generateIdempotencyKey } from "./utils/idempotency.js";
+export const DEFAULT_BASE_URL = "https://platform-api.anyspend.com/api/v1";
+const DEFAULT_TIMEOUT = 30000;
+const DEFAULT_MAX_RETRIES = 3;
+export class HttpClient {
+    constructor(apiKey, config = {}) {
+        this.apiKey = apiKey;
+        this.baseUrl = (config.baseUrl || DEFAULT_BASE_URL).replace(/\/$/, "");
+        this.timeout = config.timeout || DEFAULT_TIMEOUT;
+        this.maxRetries = config.maxRetries || DEFAULT_MAX_RETRIES;
+        this.generateIdempotencyKey = config.idempotencyKeyGenerator || generateIdempotencyKey;
+    }
+    async get(path, params) {
+        const url = this.buildUrl(path, params);
+        return this.request("GET", url);
+    }
+    async post(path, body) {
+        const url = this.buildUrl(path);
+        return this.request("POST", url, body);
+    }
+    async patch(path, body) {
+        const url = this.buildUrl(path);
+        return this.request("PATCH", url, body);
+    }
+    async delete(path, body) {
+        const url = this.buildUrl(path);
+        return this.request("DELETE", url, body);
+    }
+    async postFormData(path, formData) {
+        const url = this.buildUrl(path);
+        return this.requestRaw("POST", url, formData);
+    }
+    buildUrl(path, params) {
+        const url = new URL(`${this.baseUrl}${path}`);
+        if (params) {
+            for (const [key, value] of Object.entries(params)) {
+                if (value !== undefined && value !== null)
+                    url.searchParams.set(key, String(value));
+            }
+        }
+        return url.toString();
+    }
+    async request(method, url, body) {
+        const headers = {
+            Authorization: `Bearer ${this.apiKey}`,
+            "Content-Type": "application/json",
+        };
+        // Auto-generate idempotency key for POST/PATCH
+        if (method === "POST" || method === "PATCH") {
+            headers["Idempotency-Key"] = this.generateIdempotencyKey();
+        }
+        return this.executeWithRetry(method, url, headers, body ? JSON.stringify(body) : undefined);
+    }
+    async requestRaw(method, url, body) {
+        const headers = {
+            Authorization: `Bearer ${this.apiKey}`,
+        };
+        return this.executeWithRetry(method, url, headers, body);
+    }
+    async executeWithRetry(method, url, headers, body) {
+        let lastError;
+        for (let attempt = 0; attempt <= this.maxRetries; attempt++) {
+            try {
+                const controller = new AbortController();
+                const timeoutId = setTimeout(() => controller.abort(), this.timeout);
+                const response = await fetch(url, {
+                    method,
+                    headers,
+                    body,
+                    signal: controller.signal,
+                });
+                clearTimeout(timeoutId);
+                if (response.ok) {
+                    // Handle CSV/text responses
+                    const contentType = response.headers.get("Content-Type") || "";
+                    if (contentType.includes("text/csv")) {
+                        return (await response.text());
+                    }
+                    return (await response.json());
+                }
+                // Parse error response
+                const errorBody = (await response.json().catch(() => ({
+                    error: { type: "api_error", code: "internal_error", message: "Unknown error" },
+                })));
+                const error = parseApiError(response.status, errorBody, response.headers);
+                // Don't retry 4xx errors (except 429 rate limits)
+                if (response.status < 500 && response.status !== 429) {
+                    throw error;
+                }
+                // For 429, wait the specified retry-after time
+                if (response.status === 429) {
+                    const retryAfter = parseInt(response.headers.get("Retry-After") || "1", 10);
+                    await this.sleep(retryAfter * 1000);
+                    lastError = error;
+                    continue;
+                }
+                // For 5xx, retry with exponential backoff
+                lastError = error;
+                if (attempt < this.maxRetries) {
+                    await this.sleep(Math.pow(2, attempt) * 1000);
+                }
+            }
+            catch (err) {
+                if (err instanceof Error && err.name === "AbortError") {
+                    lastError = new Error(`Request timed out after ${this.timeout}ms`);
+                }
+                else if (err instanceof Error && "type" in err) {
+                    // Already a parsed ApiError, re-throw
+                    throw err;
+                }
+                else {
+                    lastError = err instanceof Error ? err : new Error(String(err));
+                }
+                if (attempt < this.maxRetries) {
+                    await this.sleep(Math.pow(2, attempt) * 1000);
+                }
+            }
+        }
+        throw lastError || new Error("Request failed after retries");
+    }
+    sleep(ms) {
+        return new Promise(resolve => setTimeout(resolve, ms));
+    }
+}
+/**
+ * Static HTTP client for unauthenticated requests (quick-pay).
+ */
+export class StaticHttpClient {
+    static async post(baseUrl, path, body) {
+        const url = `${baseUrl.replace(/\/$/, "")}${path}`;
+        const controller = new AbortController();
+        const timeoutId = setTimeout(() => controller.abort(), DEFAULT_TIMEOUT);
+        const response = await fetch(url, {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify(body),
+            signal: controller.signal,
+        });
+        clearTimeout(timeoutId);
+        if (response.ok) {
+            return (await response.json());
+        }
+        const errorBody = (await response.json().catch(() => ({
+            error: { type: "api_error", code: "internal_error", message: "Unknown error" },
+        })));
+        throw parseApiError(response.status, errorBody, response.headers);
+    }
+}