@charterlabs/rhinestone-sdk 0.3.9 → 0.4.2

package/dist/src/execution/utils.js

@@ -21,32 +21,67 @@ exports.resolveCallInputs = resolveCallInputs;
 exports.getIntentAccount = getIntentAccount;
 exports.getTargetExecutionSignature = getTargetExecutionSignature;
 exports.hashErc7739TypedDataForSolady = hashErc7739TypedDataForSolady;
+exports.resolveSessionForChain = resolveSessionForChain;
 const viem_1 = require("viem");
 const account_abstraction_1 = require("viem/account-abstraction");
 const erc7739_1 = require("viem/experimental/erc7739");
 const accounts_1 = require("../accounts");
+const common_1 = require("../accounts/signing/common");
 const startale_1 = require("../accounts/startale");
 const utils_1 = require("../accounts/utils");
+const provider_1 = require("../auth/provider");
 const modules_1 = require("../modules");
 const validators_1 = require("../modules/validators");
 const core_1 = require("../modules/validators/core");
+const permit2_1 = require("../modules/validators/policies/claim/permit2");
 const orchestrator_1 = require("../orchestrator");
 const registry_1 = require("../orchestrator/registry");
 const types_1 = require("../orchestrator/types");
+const utils_2 = require("../orchestrator/utils");
 const compact_1 = require("./compact");
 const error_1 = require("./error");
-const permit2_1 = require("./permit2");
+const permit2_2 = require("./permit2");
 const singleChainOps_1 = require("./singleChainOps");
+function isResolvedSessionSignerSet(signers) {
+    return (signers?.type === 'experimental_session' && 'verifyExecutions' in signers);
+}
+async function resolveSignersForChain(config, signers, chainId) {
+    if (signers?.type !== 'experimental_session') {
+        return signers;
+    }
+    const resolved = resolveSessionForChain(signers, chainId);
+    const enabled = await (0, validators_1.isSessionEnabled)((0, accounts_1.getAddress)(config), config.provider, resolved.session, config.useDevContracts);
+    const enableData = enabled ? undefined : resolved.enableData;
+    const hasExplicitActions = !!resolved.session.actions?.length;
+    const verifyExecutions = resolved.verifyExecutions ?? signers.verifyExecutions ?? hasExplicitActions;
+    return {
+        type: 'experimental_session',
+        session: resolved.session,
+        enableData,
+        verifyExecutions,
+    };
+}
+function resolveSessionForChain(signers, chainId) {
+    if ('sessions' in signers) {
+        const config = signers.sessions[chainId];
+        if (!config) {
+            throw new Error(`No session configured for chain ${chainId}`);
+        }
+        return config;
+    }
+    return { session: signers.session, enableData: signers.enableData };
+}
 async function prepareTransaction(config, transaction) {
-    const { sourceChains, targetChain, tokenRequests, signers, sponsored, eip7702InitSignature, settlementLayers, sourceAssets, feeAsset, lockFunds, auxiliaryFunds, account, recipient, } = getTransactionParams(transaction);
+    const { sourceChains, targetChain, tokenRequests, signers, sponsored, eip7702InitSignature, settlementLayers, sourceAssets, feeAsset, lockFunds, auxiliaryFunds, account, recipient, sourceCalls, } = getTransactionParams(transaction);
     const accountAddress = (0, accounts_1.getAddress)(config);
     const isUserOpSigner = signers?.type === 'guardians';
     if (isUserOpSigner) {
         throw new error_1.SignerNotSupportedError();
     }
-    const intentRoute = await prepareTransactionAsIntent(config, sourceChains, targetChain, await resolveCallInputs(transaction.calls, config, targetChain, accountAddress), transaction.gasLimit, tokenRequests, recipient, sponsored, eip7702InitSignature, settlementLayers, sourceAssets, feeAsset, lockFunds, auxiliaryFunds, account, signers);
+    const prepared = await prepareTransactionAsIntent(config, sourceChains, targetChain, await resolveCallInputs(transaction.calls, config, targetChain, accountAddress), transaction.gasLimit, tokenRequests, recipient, sponsored, eip7702InitSignature, settlementLayers, sourceAssets, feeAsset, lockFunds, auxiliaryFunds, account, signers, sourceCalls);
     return {
-        intentRoute,
+        intentRoute: prepared.intentRoute,
+        intentInput: prepared.intentInput,
         transaction,
     };
 }
@@ -95,6 +130,7 @@ async function signTransaction(config, preparedTransaction) {
     const targetExecutionSignature = await getTargetExecutionSignature(config, intentRoute.intentOp, targetChain, signers);
     return {
         intentRoute,
+        intentInput: preparedTransaction.intentInput,
         transaction: preparedTransaction.transaction,
         originSignatures,
         destinationSignature,
@@ -105,6 +141,16 @@ async function getTargetExecutionSignature(config, intentOp, targetChain, signer
     if (signers?.type !== 'experimental_session') {
         return undefined;
     }
+    const settlementLayers = intentOp.elements.map((e) => e.mandate.qualifier.settlementContext.settlementLayer);
+    const hasIntentExecutorOps = settlementLayers.some((l) => l === 'INTENT_EXECUTOR' || l === 'SAME_CHAIN');
+    if (!hasIntentExecutorOps) {
+        return undefined;
+    }
+    const resolvedSigners = await resolveSignersForChain(config, signers, targetChain.id);
+    if (!isResolvedSessionSignerSet(resolvedSigners) ||
+        !resolvedSigners.verifyExecutions) {
+        return undefined;
+    }
     const destination = getTargetExecutionMessage(config, intentOp);
     const validator = getValidator(config, signers);
     if (!validator) {
@@ -112,7 +158,7 @@ async function getTargetExecutionSignature(config, intentOp, targetChain, signer
     }
     const ownerValidator = (0, validators_1.getOwnerValidator)(config);
     const isRoot = validator.address === ownerValidator.address;
-    const signature = await getDestinationSignature(config, signers, validator, isRoot, targetChain, destination, [], true);
+    const signature = await getDestinationSignature(config, resolvedSigners, validator, isRoot, targetChain, destination, [], true);
     return signature;
 }
 async function signUserOperation(config, preparedUserOperation) {
@@ -153,10 +199,23 @@ async function signTypedData(config, parameters, chain, signers, options) {
     const ownerValidator = (0, validators_1.getOwnerValidator)(config);
     const isRoot = validator.address === ownerValidator.address;
     if (signers?.type === 'experimental_session') {
+        const resolved = resolveSessionForChain(signers, chain.id);
         return await signTypedDataWithSession(config, chain, {
             address: validator.address,
             isRoot,
-        }, signers, parameters);
+        }, resolved.session, parameters);
+    }
+    const account = (0, accounts_1.getAccountProvider)(config);
+    if (account.type === 'startale' && (0, core_1.supportsEip712)(validator)) {
+        const isK1 = validator.address.toLowerCase() ===
+            startale_1.K1_DEFAULT_VALIDATOR_ADDRESS.toLowerCase();
+        if (isK1) {
+            const sig = await signErc7739TypedData(config, signers, validator, isRoot, parameters, chain);
+            if (!options?.skipErc6492) {
+                return await (0, accounts_1.toErc6492Signature)(config, sig, chain);
+            }
+            return sig;
+        }
     }
     const signature = await (0, accounts_1.getTypedDataPackedSignature)(config, signers, chain, {
         address: validator.address,
@@ -167,8 +226,9 @@ async function signTypedData(config, parameters, chain, signers, options) {
     }
     return signature;
 }
-async function signTypedDataWithSession(config, chain, validator, signers, parameters) {
+async function signTypedDataWithSession(config, chain, validator, session, parameters) {
     const { name, version, chainId, verifyingContract, salt } = (0, accounts_1.getEip712Domain)(config, chain);
+    const signers = (0, common_1.convertOwnerSetToSignerSet)(session.owners);
     const signature = await (0, accounts_1.getTypedDataPackedSignature)(config, signers, chain, validator, {
         domain: parameters.domain,
         primaryType: 'TypedDataSign',
@@ -199,7 +259,7 @@ async function signTypedDataWithSession(config, chain, validator, signers, param
             message: parameters.message,
             signature,
         });
-        return (0, viem_1.encodePacked)(['bytes32', 'bytes'], [(0, validators_1.getPermissionId)(signers.session), erc7739Signature]);
+        return (0, viem_1.encodePacked)(['bytes32', 'bytes'], [(0, validators_1.getPermissionId)(session), erc7739Signature]);
     });
     return await (0, accounts_1.toErc6492Signature)(config, signature, chain);
 }
@@ -240,10 +300,10 @@ async function signAuthorizationsInternal(config, data) {
     return authorizations;
 }
 async function submitTransaction(config, signedTransaction, authorizations, dryRun = false) {
-    const { intentRoute, transaction, originSignatures, destinationSignature, targetExecutionSignature, } = signedTransaction;
+    const { intentRoute, intentInput, transaction, originSignatures, destinationSignature, targetExecutionSignature, } = signedTransaction;
     const { sourceChains, targetChain } = getTransactionParams(transaction);
     const intentOp = intentRoute.intentOp;
-    return await submitIntent(config, sourceChains, targetChain, intentOp, originSignatures, destinationSignature, targetExecutionSignature, authorizations, dryRun);
+    return await submitIntent(config, sourceChains, targetChain, intentOp, originSignatures, destinationSignature, targetExecutionSignature, authorizations, dryRun, intentInput);
 }
 async function submitUserOperation(config, signedUserOperation) {
     const chain = signedUserOperation.transaction.chain;
@@ -267,6 +327,7 @@ function getTransactionParams(transaction) {
     const auxiliaryFunds = transaction.auxiliaryFunds;
     const account = transaction.experimental_accountOverride;
     const recipient = transaction.recipient;
+    const sourceCalls = transaction.sourceCalls;
     const tokenRequests = getTokenRequests(targetChain, initialTokenRequests);
     return {
         sourceChains,
@@ -283,6 +344,7 @@ function getTransactionParams(transaction) {
         auxiliaryFunds,
         account,
         recipient,
+        sourceCalls,
     };
 }
 function getTokenRequests(targetChain, initialTokenRequests) {
@@ -336,7 +398,7 @@ function getIntentAccount(config, eip7702InitSignature, account) {
         delegations,
     };
 }
-async function prepareTransactionAsIntent(config, sourceChains, targetChain, callInputs, gasLimit, tokenRequests, recipientInput, sponsored, eip7702InitSignature, settlementLayers, sourceAssets, feeAsset, lockFunds, auxiliaryFunds, account, signers) {
+async function prepareTransactionAsIntent(config, sourceChains, targetChain, callInputs, gasLimit, tokenRequests, recipientInput, sponsored, eip7702InitSignature, settlementLayers, sourceAssets, feeAsset, lockFunds, auxiliaryFunds, account, signers, sourceCalls) {
     const calls = parseCalls(callInputs, targetChain.id);
     const accountAccessList = createAccountAccessList(sourceChains, sourceAssets);
     function getRecipient(recipient) {
@@ -357,13 +419,76 @@ async function prepareTransactionAsIntent(config, sourceChains, targetChain, cal
     const intentAccount = {
         ...getIntentAccount(config, eip7702InitSignature, account),
         ...(signers?.type === 'experimental_session' && {
-            mockSignature: (0, validators_1.buildMockSignature)(signers.session, config.useDevContracts, sourceChains?.length),
+            // Global fallback: target-chain sig for backward-compat with older orchestrators
+            mockSignature: (0, validators_1.buildMockSignature)(resolveSessionForChain(signers, targetChain.id).session, config.useDevContracts, sourceChains?.length ?? 1),
+            // Per-chain map: enables accurate per-chain session validation gas simulation
+            mockSignatures: Object.fromEntries([
+                ...new Set([
+                    ...(sourceChains ?? []).map((c) => c.id),
+                    targetChain.id,
+                ]),
+            ].map((chainId) => [
+                String(chainId),
+                (0, validators_1.buildMockSignature)(resolveSessionForChain(signers, chainId).session, config.useDevContracts, sourceChains?.length ?? 1, chainId),
+            ])),
         }),
     };
     const recipient = getRecipient(recipientInput);
     const signatureMode = signers?.type === 'experimental_session'
         ? types_1.SIG_MODE_EMISSARY_EXECUTION_ERC1271
         : types_1.SIG_MODE_ERC1271_EMISSARY;
+    // For session signers that need enabling, pass a dummy preclaimop per source chain
+    // so the orchestrator bakes it into the bundle before computing its HMAC. The filler
+    // executes the op via verifyExecution in ENABLE mode, enabling the session on-chain
+    // without a separate UserOp. Must be sent in the routing request — not injected
+    // post-facto — because the orchestrator HMAC covers preClaimOps.
+    const preClaimExecutions = {};
+    if (signers?.type === 'experimental_session' && sourceChains) {
+        const resolvedPerChain = await Promise.all(sourceChains.map(async (chain) => ({
+            chainId: chain.id,
+            resolved: await resolveSignersForChain(config, signers, chain.id),
+        })));
+        for (const { chainId, resolved } of resolvedPerChain) {
+            if (!isResolvedSessionSignerSet(resolved))
+                continue;
+            const { enableData, verifyExecutions } = resolved;
+            if (!verifyExecutions || !enableData)
+                continue;
+            preClaimExecutions[chainId] = [
+                {
+                    to: validators_1.DUMMY_PRECLAIMOP_TARGET,
+                    value: 0n,
+                    data: validators_1.DUMMY_PRECLAIMOP_SELECTOR,
+                },
+            ];
+        }
+    }
+    if (sourceCalls) {
+        const accountAddress = (0, accounts_1.getAddress)(config);
+        const allowedChainIds = new Set([
+            ...(sourceChains ?? []).map((c) => c.id),
+            targetChain.id,
+        ]);
+        for (const [chainIdStr, calls] of Object.entries(sourceCalls)) {
+            const chainId = Number(chainIdStr);
+            if (!allowedChainIds.has(chainId)) {
+                throw new error_1.InvalidSourceCallsError({ chainId });
+            }
+            const chain = sourceChains?.find((c) => c.id === chainId) ??
+                (targetChain.id === chainId ? targetChain : undefined);
+            if (!chain) {
+                throw new error_1.InvalidSourceCallsError({ chainId });
+            }
+            const resolved = await resolveCallInputs(calls, config, chain, accountAddress);
+            const userExecutions = parseCalls(resolved, chainId);
+            if (userExecutions.length === 0)
+                continue;
+            preClaimExecutions[chainId] = [
+                ...(preClaimExecutions[chainId] ?? []),
+                ...userExecutions,
+            ];
+        }
+    }
     const metaIntent = {
         destinationChainId: targetChain.id,
         tokenRequests: tokenRequests.map((tokenRequest) => ({
@@ -395,10 +520,12 @@ async function prepareTransactionAsIntent(config, sourceChains, targetChain, cal
             signatureMode,
             auxiliaryFunds,
         },
+        ...(Object.keys(preClaimExecutions).length > 0 && { preClaimExecutions }),
     };
-    const orchestrator = (0, orchestrator_1.getOrchestrator)(config.apiKey, config.endpointUrl, config.headers);
+    const serializedIntent = (0, utils_2.convertBigIntFields)(metaIntent);
+    const orchestrator = (0, orchestrator_1.getOrchestrator)(config._authProvider ?? (0, provider_1.createAuthProvider)(config), config.endpointUrl, config.headers);
     const intentRoute = await orchestrator.getIntentRoute(metaIntent);
-    return intentRoute;
+    return { intentRoute, intentInput: serializedIntent };
 }
 async function signIntent(config, intentOp, targetChain, signers, targetExecution) {
     const { origin, destination } = getIntentMessages(config, intentOp);
@@ -432,23 +559,12 @@ async function signIntent(config, intentOp, targetChain, signers, targetExecutio
     const originSignatures = [];
     for (const typedData of origin) {
         const chain = (0, registry_1.getChainById)(typedData.domain?.chainId);
-        // For same chain transactions, we need to modify the origin signers
-        // Specifically, we need to remove the enable data in this case
-        const matchesTargetChain = chain.id === targetChain.id;
-        const originSigners = signers?.type === 'experimental_session'
-            ? {
-                type: 'experimental_session',
-                session: signers.session,
-                verifyExecutions: matchesTargetChain
-                    ? signers.verifyExecutions
-                    : undefined,
-                enableData: matchesTargetChain ? signers.enableData : undefined,
-            }
-            : signers;
+        const originSigners = await resolveSignersForChain(config, signers, chain.id);
         const signature = await signIntentTypedData(config, originSigners, validator, isRoot, typedData, chain, targetExecution ?? false);
         originSignatures.push(signature);
     }
-    const destinationSignature = await getDestinationSignature(config, signers, validator, isRoot, targetChain, destination, originSignatures, targetExecution ?? false);
+    const destinationSigners = await resolveSignersForChain(config, signers, targetChain.id);
+    const destinationSignature = await getDestinationSignature(config, destinationSigners, validator, isRoot, targetChain, destination, originSignatures, targetExecution ?? false);
     return {
         originSignatures,
         destinationSignature,
@@ -493,7 +609,7 @@ function getIntentMessages(config, intentOp) {
             origin.push(typedData);
         }
         else if (withPermit2) {
-            const typedData = (0, permit2_1.getTypedData)(element, BigInt(intentOp.nonce), BigInt(intentOp.expires));
+            const typedData = (0, permit2_2.getTypedData)(element, BigInt(intentOp.nonce), BigInt(intentOp.expires));
             origin.push(typedData);
         }
         else {
@@ -519,12 +635,28 @@ function getTargetExecutionMessage(config, intentOp) {
     };
     return typedData;
 }
+/** Computes claim policy calldata when parameters are Permit2 typed data with claim policies. */
+function resolveClaimPolicyData(signers, parameters) {
+    if (parameters.primaryType !== 'PermitBatchWitnessTransferFrom' ||
+        !signers.session.claimPolicies?.length) {
+        return undefined;
+    }
+    const msg = parameters.message;
+    if (!msg.permitted ||
+        !msg.mandate ||
+        typeof msg.spender !== 'string' ||
+        typeof msg.nonce !== 'bigint' ||
+        typeof msg.deadline !== 'bigint') {
+        return undefined;
+    }
+    return (0, permit2_1.buildPermit2ClaimPolicyCalldata)(signers.session.claimPolicies[0], parameters.message);
+}
 async function signIntentTypedData(config, signers, validator, isRoot, parameters, chain, targetExecution) {
     if ((0, core_1.supportsEip712)(validator)) {
         const isK1Validator = validator.address.toLowerCase() ===
             startale_1.K1_DEFAULT_VALIDATOR_ADDRESS.toLowerCase();
         if (isK1Validator) {
-            return await signErc7739IntentTypedData(config, signers, validator, isRoot, parameters, chain);
+            return await signErc7739TypedData(config, signers, validator, isRoot, parameters, chain);
         }
         return await (0, accounts_1.getTypedDataPackedSignature)(config, signers, chain, {
             address: validator.address,
@@ -532,20 +664,27 @@ async function signIntentTypedData(config, signers, validator, isRoot, parameter
         }, parameters);
     }
     const hash = (0, viem_1.hashTypedData)(parameters);
-    if (signers?.type === 'experimental_session' && signers.verifyExecutions) {
+    if (isResolvedSessionSignerSet(signers) && signers.verifyExecutions) {
         if (targetExecution) {
-            return await (0, accounts_1.getEmissarySignature)(config, {
+            const targetSigners = {
                 type: 'experimental_session',
                 session: signers.session,
                 verifyExecutions: true,
-            }, chain, hash);
+                enableData: signers.enableData,
+            };
+            // signWithSession (called inside getEmissarySignature) already calls packSignature
+            // internally, so no transform is needed here
+            return await (0, accounts_1.getEmissarySignature)(config, targetSigners, chain, hash);
         }
-        const eip1271Signature = await (0, accounts_1.getEip1271Signature)(config, {
+        const claimPolicyData = resolveClaimPolicyData(signers, parameters);
+        const sessionSignersForEip1271 = {
             type: 'experimental_session',
             session: signers.session,
             verifyExecutions: false,
             enableData: signers.enableData,
-        }, chain, {
+            claimPolicyData,
+        };
+        const eip1271Signature = await (0, accounts_1.getEip1271Signature)(config, sessionSignersForEip1271, chain, {
             address: validator.address,
             isRoot,
         }, hash);
@@ -560,6 +699,13 @@ async function signIntentTypedData(config, signers, validator, isRoot, parameter
             notarizedClaimSig: eip1271Signature,
         };
     }
+    if (isResolvedSessionSignerSet(signers)) {
+        const claimPolicyData = resolveClaimPolicyData(signers, parameters);
+        return await (0, accounts_1.getEip1271Signature)(config, claimPolicyData !== undefined ? { ...signers, claimPolicyData } : signers, chain, {
+            address: validator.address,
+            isRoot,
+        }, hash);
+    }
     return await (0, accounts_1.getEip1271Signature)(config, signers, chain, {
         address: validator.address,
         isRoot,
@@ -619,8 +765,8 @@ async function submitUserOp(config, chain, userOp, signature) {
         chain: chain.id,
     };
 }
-async function submitIntent(config, sourceChains, targetChain, intentOp, originSignatures, destinationSignature, targetExecutionSignature, authorizations, dryRun) {
-    return submitIntentInternal(config, sourceChains, targetChain, intentOp, originSignatures, destinationSignature, targetExecutionSignature, authorizations, dryRun);
+async function submitIntent(config, sourceChains, targetChain, intentOp, originSignatures, destinationSignature, targetExecutionSignature, authorizations, dryRun, intentInput) {
+    return submitIntentInternal(config, sourceChains, targetChain, intentOp, originSignatures, destinationSignature, targetExecutionSignature, authorizations, dryRun, intentInput);
 }
 function createSignedIntentOp(intentOp, originSignatures, destinationSignature, targetExecutionSignature, authorizations) {
     return {
@@ -640,13 +786,17 @@ function createSignedIntentOp(intentOp, originSignatures, destinationSignature,
             : undefined,
     };
 }
-async function submitIntentInternal(config, sourceChains, targetChain, intentOp, originSignatures, destinationSignature, targetExecutionSignature, authorizations, dryRun) {
+async function submitIntentInternal(config, sourceChains, targetChain, intentOp, originSignatures, destinationSignature, targetExecutionSignature, authorizations, dryRun, intentInput) {
     const signedIntentOp = createSignedIntentOp(intentOp, originSignatures, destinationSignature, targetExecutionSignature, authorizations);
-    const orchestrator = (0, orchestrator_1.getOrchestrator)(config.apiKey, config.endpointUrl, config.headers);
-    const intentResults = await orchestrator.submitIntent(signedIntentOp, dryRun);
+    const isSponsored = !!intentInput?.options?.sponsorSettings;
+    const orchestrator = (0, orchestrator_1.getOrchestrator)(config._authProvider ?? (0, provider_1.createAuthProvider)(config), config.endpointUrl, config.headers);
+    const intentResults = await orchestrator.submitIntent(signedIntentOp, dryRun, intentInput ? { intentInput, isSponsored } : undefined);
+    // Some settlement paths (e.g. SAME_CHAIN) may not return a result.id — fall
+    // back to the nonce which the orchestrator also accepts as an intent identifier.
+    const intentId = intentResults.result.id ?? intentOp.nonce;
     return {
         type: 'intent',
-        id: BigInt(intentResults.result.id),
+        id: BigInt(intentId),
         sourceChains: sourceChains?.map((chain) => chain.id),
         targetChain: targetChain.id,
     };
@@ -807,10 +957,10 @@ function validateTokenSymbols(chain, tokenAddressOrSymbols) {
         }
     }
 }
-// Signs intent typed data using ERC-7739 nested EIP-712 for Startale accounts.
+// Signs typed data using ERC-7739 nested EIP-712 for Startale accounts.
 // Uses a Solady-compatible TypedDataSign hash and wraps the signature with
 // the app domain separator and contents hash for on-chain verification.
-async function signErc7739IntentTypedData(config, signers, validator, isRoot, parameters, chain) {
+async function signErc7739TypedData(config, signers, validator, isRoot, parameters, chain) {
     const verifierDomain = (0, accounts_1.getEip712Domain)(config, chain);
     const hash = hashErc7739TypedDataForSolady({
         domain: parameters.domain,

package/dist/src/index.d.ts

@@ -1,4 +1,4 @@
-import type { Address, Chain, HashTypedDataParameters, Hex, SignableMessage, SignedAuthorizationList, TypedData, TypedDataDefinition, Account } from 'viem';
+import type { Account, Address, Chain, HashTypedDataParameters, Hex, SignableMessage, SignedAuthorizationList, TypedData, TypedDataDefinition } from 'viem';
 import type { UserOperationReceipt } from 'viem/account-abstraction';
 import { deployStandaloneWithEoa as deployStandaloneWithEoaInternal } from './accounts';
 import { walletClientToAccount, wrapParaAccount } from './accounts/walletClient';
@@ -9,7 +9,7 @@ import { type IntentRoute, type PreparedTransactionData, type PreparedUserOperat
 import { MULTI_FACTOR_VALIDATOR_ADDRESS, OWNABLE_VALIDATOR_ADDRESS, SMART_SESSION_EMISSARY_ADDRESS, WEBAUTHN_VALIDATOR_ADDRESS } from './modules';
 import { type SessionDetails } from './modules/validators/smart-sessions';
 import { type ApprovalRequired, type AuxiliaryFunds, getAllSupportedChainsAndTokens, getSupportedTokens, getTokenAddress, getTokenDecimals, type IntentInput, type IntentOp, type IntentOpStatus, type Portfolio, type SettlementLayer, type SignedIntentOp, type SplitIntentsInput, type SplitIntentsResult, type TokenRequirements, type WrapRequired } from './orchestrator';
-import type { AccountProviderConfig, AccountType, BundlerConfig, Call, CallInput, MultiFactorValidatorConfig, OwnableValidatorConfig, OwnerSet, PaymasterConfig, Policy, ProviderConfig, Recovery, RhinestoneAccountConfig, RhinestoneConfig, RhinestoneSDKConfig, Session, SignerSet, TokenRequest, TokenSymbol, Transaction, UniversalActionPolicyParamCondition, UserOperationTransaction, WebauthnValidatorConfig } from './types';
+import type { AccountProviderConfig, AccountType, BundlerConfig, Call, CallInput, ChainSessionConfig, MultiFactorValidatorConfig, OwnableValidatorConfig, OwnerSet, PaymasterConfig, Permit2ClaimPolicy, Policy, ProviderConfig, Recovery, RhinestoneAccountConfig, RhinestoneConfig, RhinestoneSDKConfig, Session, SignerSet, TokenRequest, TokenSymbol, Transaction, UniversalActionPolicyParamCondition, UserOperationTransaction, WebauthnValidatorConfig } from './types';
 interface RhinestoneAccount {
     config: RhinestoneAccountConfig;
     deploy: (chain: Chain, params?: {
@@ -62,7 +62,7 @@ interface RhinestoneAccount {
  */
 declare function createRhinestoneAccount(config: RhinestoneConfig): Promise<RhinestoneAccount>;
 declare class RhinestoneSDK {
-    private apiKey;
+    private authProvider;
     private endpointUrl?;
     private provider?;
     private bundler?;
@@ -77,7 +77,7 @@ declare class RhinestoneSDK {
     splitIntents(input: SplitIntentsInput): Promise<SplitIntentsResult>;
 }
 export { RhinestoneSDK, createRhinestoneAccount, deployAccountsForOwners, walletClientToAccount, wrapParaAccount, OWNABLE_VALIDATOR_ADDRESS, WEBAUTHN_VALIDATOR_ADDRESS, MULTI_FACTOR_VALIDATOR_ADDRESS, SMART_SESSION_EMISSARY_ADDRESS, getSupportedTokens, getTokenAddress, getTokenDecimals, getAllSupportedChainsAndTokens, deployStandaloneWithEoaInternal as deployStandaloneWithEoa, checkERC20AllowanceDirect, getPermit2Address, signPermit2Batch, signPermit2Sequential, };
-export type { RhinestoneAccount, AccountType, RhinestoneAccountConfig, AccountProviderConfig, ProviderConfig, BundlerConfig, PaymasterConfig, Transaction, TokenSymbol, CallInput, Call, TokenRequest, OwnerSet, OwnableValidatorConfig, WebauthnValidatorConfig, MultiFactorValidatorConfig, SignerSet, Session, Recovery, Policy, UniversalActionPolicyParamCondition, PreparedTransactionData, SignedTransactionData, TransactionResult, PreparedUserOperationData, SignedUserOperationData, UserOperationResult, AuxiliaryFunds, IntentInput, IntentOp, IntentOpStatus, IntentRoute, SettlementLayer, SignedIntentOp, SplitIntentsInput, SplitIntentsResult, Portfolio, TokenRequirements, WrapRequired, ApprovalRequired, MultiChainPermit2Config, MultiChainPermit2Result, BatchPermit2Result, };
-export { generateCredentialId, getCredentialIds, hasCredentialById, hasCredential, addCredential, removeCredential, setThreshold, getCredentialInfo, getThreshold, getCredentials, WEBAUTHN_VALIDATOR_ABI, } from './modules/validators/webauthn-contract';
+export type { RhinestoneAccount, AccountType, RhinestoneAccountConfig, AccountProviderConfig, ProviderConfig, BundlerConfig, PaymasterConfig, Transaction, TokenSymbol, CallInput, Call, TokenRequest, OwnerSet, OwnableValidatorConfig, WebauthnValidatorConfig, MultiFactorValidatorConfig, SignerSet, ChainSessionConfig, Session, Recovery, Policy, Permit2ClaimPolicy, UniversalActionPolicyParamCondition, PreparedTransactionData, SignedTransactionData, TransactionResult, PreparedUserOperationData, SignedUserOperationData, UserOperationResult, AuxiliaryFunds, IntentInput, IntentOp, IntentOpStatus, IntentRoute, SettlementLayer, SignedIntentOp, SplitIntentsInput, SplitIntentsResult, Portfolio, TokenRequirements, WrapRequired, ApprovalRequired, MultiChainPermit2Config, MultiChainPermit2Result, BatchPermit2Result, };
+export { addCredential, generateCredentialId, getCredentialIds, getCredentialInfo, getCredentials, getThreshold, hasCredential, hasCredentialById, removeCredential, setThreshold, WEBAUTHN_VALIDATOR_ABI, } from './modules/validators/webauthn-contract';
 export { getOrchestrator } from './orchestrator';
 //# sourceMappingURL=index.d.ts.map

package/dist/src/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,OAAO,EACP,KAAK,EACL,uBAAuB,EACvB,GAAG,EACH,eAAe,EACf,uBAAuB,EACvB,SAAS,EACT,mBAAmB,EACnB,OAAO,EACR,MAAM,MAAM,CAAA;AACb,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAA;AACpE,OAAO,EAWL,uBAAuB,IAAI,+BAA+B,EAC3D,MAAM,YAAY,CAAA;AACnB,OAAO,EAAE,qBAAqB,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAA;AAChF,OAAO,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAA;AAC9D,OAAO,EAML,KAAK,iBAAiB,EACtB,KAAK,iBAAiB,EACtB,KAAK,mBAAmB,EAEzB,MAAM,aAAa,CAAA;AACpB,OAAO,EACL,KAAK,kBAAkB,EACvB,yBAAyB,EAEzB,iBAAiB,EACjB,KAAK,uBAAuB,EAC5B,KAAK,uBAAuB,EAC5B,gBAAgB,EAChB,qBAAqB,EACtB,MAAM,qBAAqB,CAAA;AAC5B,OAAO,EAEL,KAAK,WAAW,EAChB,KAAK,uBAAuB,EAC5B,KAAK,yBAAyB,EAG9B,KAAK,qBAAqB,EAC1B,KAAK,uBAAuB,EAQ7B,MAAM,mBAAmB,CAAA;AAC1B,OAAO,EAKL,8BAA8B,EAC9B,yBAAyB,EACzB,8BAA8B,EAE9B,0BAA0B,EAC3B,MAAM,WAAW,CAAA;AAClB,OAAO,EAEL,KAAK,cAAc,EACpB,MAAM,qCAAqC,CAAA;AAC5C,OAAO,EACL,KAAK,gBAAgB,EACrB,KAAK,cAAc,EACnB,8BAA8B,EAC9B,kBAAkB,EAClB,eAAe,EACf,gBAAgB,EAChB,KAAK,WAAW,EAChB,KAAK,QAAQ,EACb,KAAK,cAAc,EACnB,KAAK,SAAS,EACd,KAAK,eAAe,EACpB,KAAK,cAAc,EACnB,KAAK,iBAAiB,EACtB,KAAK,kBAAkB,EACvB,KAAK,iBAAiB,EACtB,KAAK,YAAY,EAClB,MAAM,gBAAgB,CAAA;AACvB,OAAO,KAAK,EACV,qBAAqB,EACrB,WAAW,EACX,aAAa,EACb,IAAI,EACJ,SAAS,EACT,0BAA0B,EAC1B,sBAAsB,EACtB,QAAQ,EACR,eAAe,EACf,MAAM,EACN,cAAc,EACd,QAAQ,EACR,uBAAuB,EACvB,gBAAgB,EAChB,mBAAmB,EACnB,OAAO,EACP,SAAS,EACT,YAAY,EACZ,WAAW,EACX,WAAW,EACX,mCAAmC,EACnC,wBAAwB,EACxB,uBAAuB,EACxB,MAAM,SAAS,CAAA;AAEhB,UAAU,iBAAiB;IACzB,MAAM,EAAE,uBAAuB,CAAA;IAC/B,MAAM,EAAE,CACN,KAAK,EAAE,KAAK,EACZ,MAAM,CAAC,EAAE;QAAE,OAAO,CAAC,EAAE,OAAO,CAAC;QAAC,SAAS,CAAC,EAAE,OAAO,CAAA;KAAE,KAChD,OAAO,CAAC,OAAO,CAAC,CAAA;IACrB,UAAU,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,OAAO,CAAC,OAAO,CAAC,CAAA;IAC9C,KAAK,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,OAAO,CAAC,OAAO,CAAC,CAAA;IACzC,uBAAuB,EAAE,CACvB,KAAK,EAAE,KAAK,EACZ,MAAM,EAAE,uBAAuB,EAC/B,QAAQ,EAAE,OAAO,KACd,OAAO,CAAC,IAAI,CAAC,CAAA;IAClB,WAAW,IAAI;QACb,OAAO,EAAE,OAAO,CAAA;QAChB,WAAW,EAAE,GAAG,CAAA;KACjB,CAAA;IACD,mBAAmB,EAAE,MAAM,OAAO,CAAC,GAAG,CAAC,CAAA;IACvC,kBAAkB,EAAE,CAClB,WAAW,EAAE,WAAW,KACrB,OAAO,CAAC,uBAAuB,CAAC,CAAA;IACrC,sBAAsB,EAAE,CAAC,mBAAmB,EAAE,uBAAuB,KAAK;QACxE,MAAM,EAAE,mBAAmB,EAAE,CAAA;QAC7B,WAAW,EAAE,mBAAmB,CAAA;KACjC,CAAA;IACD,eAAe,EAAE,CACf,mBAAmB,EAAE,uBAAuB,KACzC,OAAO,CAAC,qBAAqB,CAAC,CAAA;IACnC,kBAAkB,EAAE,CAClB,mBAAmB,EAAE,uBAAuB,KACzC,OAAO,CAAC,uBAAuB,CAAC,CAAA;IACrC,WAAW,EAAE,CACX,OAAO,EAAE,eAAe,EACxB,KAAK,EAAE,KAAK,EACZ,OAAO,EAAE,SAAS,GAAG,SAAS,KAC3B,OAAO,CAAC,GAAG,CAAC,CAAA;IACjB,aAAa,EAAE,CACb,SAAS,SAAS,SAAS,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,SAAS,EACjE,WAAW,SAAS,MAAM,SAAS,GAAG,cAAc,GAAG,MAAM,SAAS,EAEtE,UAAU,EAAE,uBAAuB,CAAC,SAAS,EAAE,WAAW,CAAC,EAC3D,KAAK,EAAE,KAAK,EACZ,OAAO,EAAE,SAAS,GAAG,SAAS,KAC3B,OAAO,CAAC,GAAG,CAAC,CAAA;IACjB,iBAAiB,EAAE,CACjB,iBAAiB,EAAE,qBAAqB,EACxC,cAAc,CAAC,EAAE,uBAAuB,EACxC,MAAM,CAAC,EAAE,OAAO,KACb,OAAO,CAAC,iBAAiB,CAAC,CAAA;IAC/B,eAAe,EAAE,CAAC,WAAW,EAAE,WAAW,KAAK,OAAO,CAAC,iBAAiB,CAAC,CAAA;IACzE,oBAAoB,EAAE,CACpB,WAAW,EAAE,wBAAwB,KAClC,OAAO,CAAC,yBAAyB,CAAC,CAAA;IACvC,iBAAiB,EAAE,CACjB,qBAAqB,EAAE,yBAAyB,KAC7C,OAAO,CAAC,uBAAuB,CAAC,CAAA;IACrC,mBAAmB,EAAE,CACnB,mBAAmB,EAAE,uBAAuB,KACzC,OAAO,CAAC,mBAAmB,CAAC,CAAA;IACjC,iBAAiB,EAAE,CACjB,WAAW,EAAE,wBAAwB,KAClC,OAAO,CAAC,mBAAmB,CAAC,CAAA;IACjC,gBAAgB,CACd,MAAM,EAAE,iBAAiB,EACzB,uBAAuB,CAAC,EAAE,OAAO,GAChC,OAAO,CAAC,iBAAiB,CAAC,CAAA;IAC7B,gBAAgB,CACd,MAAM,EAAE,mBAAmB,EAC3B,uBAAuB,CAAC,EAAE,OAAO,GAChC,OAAO,CAAC,oBAAoB,CAAC,CAAA;IAChC,UAAU,EAAE,MAAM,OAAO,CAAA;IACzB,YAAY,EAAE,CAAC,UAAU,CAAC,EAAE,OAAO,KAAK,OAAO,CAAC,SAAS,CAAC,CAAA;IAC1D,8BAA8B,EAAE,CAC9B,QAAQ,EAAE,OAAO,EAAE,KAChB,OAAO,CAAC,cAAc,CAAC,CAAA;IAC5B,6BAA6B,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,OAAO,CAAC,CAAA;IACrE,8BAA8B,EAAE,CAAC,OAAO,EAAE,cAAc,KAAK,OAAO,CAAC,GAAG,CAAC,CAAA;IACzE,SAAS,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,OAAO,CAAC;QACnC,QAAQ,EAAE,OAAO,EAAE,CAAA;QACnB,SAAS,EAAE,MAAM,CAAA;KAClB,GAAG,IAAI,CAAC,CAAA;IACT,aAAa,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,OAAO,CAAC,OAAO,EAAE,CAAC,CAAA;IACnD,YAAY,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,OAAO,CAAC,OAAO,EAAE,CAAC,CAAA;IAClD,mBAAmB,EAAE,CAAC,YAAY,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,KAAK,OAAO,CAAC,MAAM,CAAC,CAAA;CAC9E;AAED;;;;;GAKG;AACH,iBAAe,uBAAuB,CACpC,MAAM,EAAE,gBAAgB,GACvB,OAAO,CAAC,iBAAiB,CAAC,CAoW5B;AAED,cAAM,aAAa;IACjB,OAAO,CAAC,MAAM,CAAQ;IACtB,OAAO,CAAC,WAAW,CAAC,CAAQ;IAC5B,OAAO,CAAC,QAAQ,CAAC,CAAgB;IACjC,OAAO,CAAC,OAAO,CAAC,CAAe;IAC/B,OAAO,CAAC,SAAS,CAAC,CAAiB;IACnC,OAAO,CAAC,eAAe,CAAC,CAAS;IACjC,OAAO,CAAC,OAAO,CAAC,CAAwB;gBAE5B,OAAO,EAAE,mBAAmB;IAUxC,aAAa,CAAC,MAAM,EAAE,uBAAuB;IAc7C,eAAe,CAAC,QAAQ,EAAE,MAAM;;;IAShC,YAAY,CAAC,KAAK,EAAE,iBAAiB;CAQtC;AAED,OAAO,EACL,aAAa,EACb,uBAAuB,EACvB,uBAAuB,EACvB,qBAAqB,EACrB,eAAe,EAEf,yBAAyB,EACzB,0BAA0B,EAC1B,8BAA8B,EAC9B,8BAA8B,EAE9B,kBAAkB,EAClB,eAAe,EACf,gBAAgB,EAChB,8BAA8B,EAE9B,+BAA+B,IAAI,uBAAuB,EAE1D,yBAAyB,EACzB,iBAAiB,EAEjB,gBAAgB,EAChB,qBAAqB,GACtB,CAAA;AACD,YAAY,EACV,iBAAiB,EACjB,WAAW,EACX,uBAAuB,EACvB,qBAAqB,EACrB,cAAc,EACd,aAAa,EACb,eAAe,EACf,WAAW,EACX,WAAW,EACX,SAAS,EACT,IAAI,EACJ,YAAY,EACZ,QAAQ,EACR,sBAAsB,EACtB,uBAAuB,EACvB,0BAA0B,EAC1B,SAAS,EACT,OAAO,EACP,QAAQ,EACR,MAAM,EACN,mCAAmC,EACnC,uBAAuB,EACvB,qBAAqB,EACrB,iBAAiB,EACjB,yBAAyB,EACzB,uBAAuB,EACvB,mBAAmB,EACnB,cAAc,EACd,WAAW,EACX,QAAQ,EACR,cAAc,EACd,WAAW,EACX,eAAe,EACf,cAAc,EACd,iBAAiB,EACjB,kBAAkB,EAClB,SAAS,EACT,iBAAiB,EACjB,YAAY,EACZ,gBAAgB,EAEhB,uBAAuB,EACvB,uBAAuB,EACvB,kBAAkB,GACnB,CAAA;AAGD,OAAO,EACL,oBAAoB,EACpB,gBAAgB,EAChB,iBAAiB,EACjB,aAAa,EACb,aAAa,EACb,gBAAgB,EAChB,YAAY,EACZ,iBAAiB,EACjB,YAAY,EACZ,cAAc,EACd,sBAAsB,GACvB,MAAM,wCAAwC,CAAA;AAG/C,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,OAAO,EACP,OAAO,EACP,KAAK,EACL,uBAAuB,EACvB,GAAG,EACH,eAAe,EACf,uBAAuB,EACvB,SAAS,EACT,mBAAmB,EACpB,MAAM,MAAM,CAAA;AACb,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAA;AACpE,OAAO,EAGL,uBAAuB,IAAI,+BAA+B,EAS3D,MAAM,YAAY,CAAA;AACnB,OAAO,EAAE,qBAAqB,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAA;AAChF,OAAO,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAA;AAE9D,OAAO,EAML,KAAK,iBAAiB,EACtB,KAAK,iBAAiB,EACtB,KAAK,mBAAmB,EAEzB,MAAM,aAAa,CAAA;AACpB,OAAO,EACL,KAAK,kBAAkB,EACvB,yBAAyB,EAEzB,iBAAiB,EACjB,KAAK,uBAAuB,EAC5B,KAAK,uBAAuB,EAC5B,gBAAgB,EAChB,qBAAqB,EACtB,MAAM,qBAAqB,CAAA;AAC5B,OAAO,EAEL,KAAK,WAAW,EAChB,KAAK,uBAAuB,EAC5B,KAAK,yBAAyB,EAG9B,KAAK,qBAAqB,EAC1B,KAAK,uBAAuB,EAQ7B,MAAM,mBAAmB,CAAA;AAC1B,OAAO,EAKL,8BAA8B,EAC9B,yBAAyB,EACzB,8BAA8B,EAE9B,0BAA0B,EAC3B,MAAM,WAAW,CAAA;AAClB,OAAO,EAEL,KAAK,cAAc,EACpB,MAAM,qCAAqC,CAAA;AAC5C,OAAO,EACL,KAAK,gBAAgB,EACrB,KAAK,cAAc,EACnB,8BAA8B,EAC9B,kBAAkB,EAClB,eAAe,EACf,gBAAgB,EAChB,KAAK,WAAW,EAChB,KAAK,QAAQ,EACb,KAAK,cAAc,EACnB,KAAK,SAAS,EACd,KAAK,eAAe,EACpB,KAAK,cAAc,EACnB,KAAK,iBAAiB,EACtB,KAAK,kBAAkB,EACvB,KAAK,iBAAiB,EACtB,KAAK,YAAY,EAClB,MAAM,gBAAgB,CAAA;AACvB,OAAO,KAAK,EACV,qBAAqB,EACrB,WAAW,EACX,aAAa,EACb,IAAI,EACJ,SAAS,EACT,kBAAkB,EAClB,0BAA0B,EAC1B,sBAAsB,EACtB,QAAQ,EACR,eAAe,EACf,kBAAkB,EAClB,MAAM,EACN,cAAc,EACd,QAAQ,EACR,uBAAuB,EACvB,gBAAgB,EAChB,mBAAmB,EACnB,OAAO,EACP,SAAS,EACT,YAAY,EACZ,WAAW,EACX,WAAW,EACX,mCAAmC,EACnC,wBAAwB,EACxB,uBAAuB,EACxB,MAAM,SAAS,CAAA;AAEhB,UAAU,iBAAiB;IACzB,MAAM,EAAE,uBAAuB,CAAA;IAC/B,MAAM,EAAE,CACN,KAAK,EAAE,KAAK,EACZ,MAAM,CAAC,EAAE;QAAE,OAAO,CAAC,EAAE,OAAO,CAAC;QAAC,SAAS,CAAC,EAAE,OAAO,CAAA;KAAE,KAChD,OAAO,CAAC,OAAO,CAAC,CAAA;IACrB,UAAU,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,OAAO,CAAC,OAAO,CAAC,CAAA;IAC9C,KAAK,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,OAAO,CAAC,OAAO,CAAC,CAAA;IACzC,uBAAuB,EAAE,CACvB,KAAK,EAAE,KAAK,EACZ,MAAM,EAAE,uBAAuB,EAC/B,QAAQ,EAAE,OAAO,KACd,OAAO,CAAC,IAAI,CAAC,CAAA;IAClB,WAAW,IAAI;QACb,OAAO,EAAE,OAAO,CAAA;QAChB,WAAW,EAAE,GAAG,CAAA;KACjB,CAAA;IACD,mBAAmB,EAAE,MAAM,OAAO,CAAC,GAAG,CAAC,CAAA;IACvC,kBAAkB,EAAE,CAClB,WAAW,EAAE,WAAW,KACrB,OAAO,CAAC,uBAAuB,CAAC,CAAA;IACrC,sBAAsB,EAAE,CAAC,mBAAmB,EAAE,uBAAuB,KAAK;QACxE,MAAM,EAAE,mBAAmB,EAAE,CAAA;QAC7B,WAAW,EAAE,mBAAmB,CAAA;KACjC,CAAA;IACD,eAAe,EAAE,CACf,mBAAmB,EAAE,uBAAuB,KACzC,OAAO,CAAC,qBAAqB,CAAC,CAAA;IACnC,kBAAkB,EAAE,CAClB,mBAAmB,EAAE,uBAAuB,KACzC,OAAO,CAAC,uBAAuB,CAAC,CAAA;IACrC,WAAW,EAAE,CACX,OAAO,EAAE,eAAe,EACxB,KAAK,EAAE,KAAK,EACZ,OAAO,EAAE,SAAS,GAAG,SAAS,KAC3B,OAAO,CAAC,GAAG,CAAC,CAAA;IACjB,aAAa,EAAE,CACb,SAAS,SAAS,SAAS,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,SAAS,EACjE,WAAW,SAAS,MAAM,SAAS,GAAG,cAAc,GAAG,MAAM,SAAS,EAEtE,UAAU,EAAE,uBAAuB,CAAC,SAAS,EAAE,WAAW,CAAC,EAC3D,KAAK,EAAE,KAAK,EACZ,OAAO,EAAE,SAAS,GAAG,SAAS,KAC3B,OAAO,CAAC,GAAG,CAAC,CAAA;IACjB,iBAAiB,EAAE,CACjB,iBAAiB,EAAE,qBAAqB,EACxC,cAAc,CAAC,EAAE,uBAAuB,EACxC,MAAM,CAAC,EAAE,OAAO,KACb,OAAO,CAAC,iBAAiB,CAAC,CAAA;IAC/B,eAAe,EAAE,CAAC,WAAW,EAAE,WAAW,KAAK,OAAO,CAAC,iBAAiB,CAAC,CAAA;IACzE,oBAAoB,EAAE,CACpB,WAAW,EAAE,wBAAwB,KAClC,OAAO,CAAC,yBAAyB,CAAC,CAAA;IACvC,iBAAiB,EAAE,CACjB,qBAAqB,EAAE,yBAAyB,KAC7C,OAAO,CAAC,uBAAuB,CAAC,CAAA;IACrC,mBAAmB,EAAE,CACnB,mBAAmB,EAAE,uBAAuB,KACzC,OAAO,CAAC,mBAAmB,CAAC,CAAA;IACjC,iBAAiB,EAAE,CACjB,WAAW,EAAE,wBAAwB,KAClC,OAAO,CAAC,mBAAmB,CAAC,CAAA;IACjC,gBAAgB,CACd,MAAM,EAAE,iBAAiB,EACzB,uBAAuB,CAAC,EAAE,OAAO,GAChC,OAAO,CAAC,iBAAiB,CAAC,CAAA;IAC7B,gBAAgB,CACd,MAAM,EAAE,mBAAmB,EAC3B,uBAAuB,CAAC,EAAE,OAAO,GAChC,OAAO,CAAC,oBAAoB,CAAC,CAAA;IAChC,UAAU,EAAE,MAAM,OAAO,CAAA;IACzB,YAAY,EAAE,CAAC,UAAU,CAAC,EAAE,OAAO,KAAK,OAAO,CAAC,SAAS,CAAC,CAAA;IAC1D,8BAA8B,EAAE,CAC9B,QAAQ,EAAE,OAAO,EAAE,KAChB,OAAO,CAAC,cAAc,CAAC,CAAA;IAC5B,6BAA6B,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,OAAO,CAAC,CAAA;IACrE,8BAA8B,EAAE,CAAC,OAAO,EAAE,cAAc,KAAK,OAAO,CAAC,GAAG,CAAC,CAAA;IACzE,SAAS,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,OAAO,CAAC;QACnC,QAAQ,EAAE,OAAO,EAAE,CAAA;QACnB,SAAS,EAAE,MAAM,CAAA;KAClB,GAAG,IAAI,CAAC,CAAA;IACT,aAAa,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,OAAO,CAAC,OAAO,EAAE,CAAC,CAAA;IACnD,YAAY,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,OAAO,CAAC,OAAO,EAAE,CAAC,CAAA;IAClD,mBAAmB,EAAE,CAAC,YAAY,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,KAAK,OAAO,CAAC,MAAM,CAAC,CAAA;CAC9E;AAED;;;;;GAKG;AACH,iBAAe,uBAAuB,CACpC,MAAM,EAAE,gBAAgB,GACvB,OAAO,CAAC,iBAAiB,CAAC,CAoW5B;AAED,cAAM,aAAa;IACjB,OAAO,CAAC,YAAY,CAAc;IAClC,OAAO,CAAC,WAAW,CAAC,CAAQ;IAC5B,OAAO,CAAC,QAAQ,CAAC,CAAgB;IACjC,OAAO,CAAC,OAAO,CAAC,CAAe;IAC/B,OAAO,CAAC,SAAS,CAAC,CAAiB;IACnC,OAAO,CAAC,eAAe,CAAC,CAAS;IACjC,OAAO,CAAC,OAAO,CAAC,CAAwB;gBAE5B,OAAO,EAAE,mBAAmB;IAUxC,aAAa,CAAC,MAAM,EAAE,uBAAuB;IAc7C,eAAe,CAAC,QAAQ,EAAE,MAAM;;;IAShC,YAAY,CAAC,KAAK,EAAE,iBAAiB;CAQtC;AAED,OAAO,EACL,aAAa,EACb,uBAAuB,EACvB,uBAAuB,EACvB,qBAAqB,EACrB,eAAe,EAEf,yBAAyB,EACzB,0BAA0B,EAC1B,8BAA8B,EAC9B,8BAA8B,EAE9B,kBAAkB,EAClB,eAAe,EACf,gBAAgB,EAChB,8BAA8B,EAE9B,+BAA+B,IAAI,uBAAuB,EAE1D,yBAAyB,EACzB,iBAAiB,EAEjB,gBAAgB,EAChB,qBAAqB,GACtB,CAAA;AACD,YAAY,EACV,iBAAiB,EACjB,WAAW,EACX,uBAAuB,EACvB,qBAAqB,EACrB,cAAc,EACd,aAAa,EACb,eAAe,EACf,WAAW,EACX,WAAW,EACX,SAAS,EACT,IAAI,EACJ,YAAY,EACZ,QAAQ,EACR,sBAAsB,EACtB,uBAAuB,EACvB,0BAA0B,EAC1B,SAAS,EACT,kBAAkB,EAClB,OAAO,EACP,QAAQ,EACR,MAAM,EACN,kBAAkB,EAClB,mCAAmC,EACnC,uBAAuB,EACvB,qBAAqB,EACrB,iBAAiB,EACjB,yBAAyB,EACzB,uBAAuB,EACvB,mBAAmB,EACnB,cAAc,EACd,WAAW,EACX,QAAQ,EACR,cAAc,EACd,WAAW,EACX,eAAe,EACf,cAAc,EACd,iBAAiB,EACjB,kBAAkB,EAClB,SAAS,EACT,iBAAiB,EACjB,YAAY,EACZ,gBAAgB,EAEhB,uBAAuB,EACvB,uBAAuB,EACvB,kBAAkB,GACnB,CAAA;AAID,OAAO,EACL,aAAa,EACb,oBAAoB,EACpB,gBAAgB,EAChB,iBAAiB,EACjB,cAAc,EACd,YAAY,EACZ,aAAa,EACb,iBAAiB,EACjB,gBAAgB,EAChB,YAAY,EACZ,sBAAsB,GACvB,MAAM,wCAAwC,CAAA;AAG/C,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAA"}

package/dist/src/index.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getOrchestrator = exports.WEBAUTHN_VALIDATOR_ABI = exports.getCredentials = exports.getThreshold = exports.getCredentialInfo = exports.setThreshold = exports.removeCredential = exports.addCredential = exports.hasCredential = exports.hasCredentialById = exports.getCredentialIds = exports.generateCredentialId = exports.signPermit2Sequential = exports.signPermit2Batch = exports.getPermit2Address = exports.checkERC20AllowanceDirect = exports.deployStandaloneWithEoa = exports.getAllSupportedChainsAndTokens = exports.getTokenDecimals = exports.getTokenAddress = exports.getSupportedTokens = exports.SMART_SESSION_EMISSARY_ADDRESS = exports.MULTI_FACTOR_VALIDATOR_ADDRESS = exports.WEBAUTHN_VALIDATOR_ADDRESS = exports.OWNABLE_VALIDATOR_ADDRESS = exports.wrapParaAccount = exports.walletClientToAccount = exports.deployAccountsForOwners = exports.RhinestoneSDK = void 0;
+exports.getOrchestrator = exports.WEBAUTHN_VALIDATOR_ABI = exports.setThreshold = exports.removeCredential = exports.hasCredentialById = exports.hasCredential = exports.getThreshold = exports.getCredentials = exports.getCredentialInfo = exports.getCredentialIds = exports.generateCredentialId = exports.addCredential = exports.signPermit2Sequential = exports.signPermit2Batch = exports.getPermit2Address = exports.checkERC20AllowanceDirect = exports.deployStandaloneWithEoa = exports.getAllSupportedChainsAndTokens = exports.getTokenDecimals = exports.getTokenAddress = exports.getSupportedTokens = exports.SMART_SESSION_EMISSARY_ADDRESS = exports.MULTI_FACTOR_VALIDATOR_ADDRESS = exports.WEBAUTHN_VALIDATOR_ADDRESS = exports.OWNABLE_VALIDATOR_ADDRESS = exports.wrapParaAccount = exports.walletClientToAccount = exports.deployAccountsForOwners = exports.RhinestoneSDK = void 0;
 exports.createRhinestoneAccount = createRhinestoneAccount;
 const accounts_1 = require("./accounts");
 Object.defineProperty(exports, "deployStandaloneWithEoa", { enumerable: true, get: function () { return accounts_1.deployStandaloneWithEoa; } });
@@ -9,6 +9,7 @@ Object.defineProperty(exports, "walletClientToAccount", { enumerable: true, get:
 Object.defineProperty(exports, "wrapParaAccount", { enumerable: true, get: function () { return walletClient_1.wrapParaAccount; } });
 const deployment_1 = require("./actions/deployment");
 Object.defineProperty(exports, "deployAccountsForOwners", { enumerable: true, get: function () { return deployment_1.deployAccountsForOwners; } });
+const provider_1 = require("./auth/provider");
 const execution_1 = require("./execution");
 const permit2_1 = require("./execution/permit2");
 Object.defineProperty(exports, "checkERC20AllowanceDirect", { enumerable: true, get: function () { return permit2_1.checkERC20AllowanceDirect; } });
@@ -298,7 +299,7 @@ async function createRhinestoneAccount(config) {
     };
 }
 class RhinestoneSDK {
-    apiKey;
+    authProvider;
     endpointUrl;
     provider;
     bundler;
@@ -306,7 +307,7 @@ class RhinestoneSDK {
     useDevContracts;
     headers;
     constructor(options) {
-        this.apiKey = options.apiKey;
+        this.authProvider = (0, provider_1.createAuthProvider)(options);
         this.endpointUrl = options.endpointUrl;
         this.provider = options.provider;
         this.bundler = options.bundler;
@@ -317,7 +318,7 @@ class RhinestoneSDK {
     createAccount(config) {
         const rhinestoneConfig = {
             ...config,
-            apiKey: this.apiKey,
+            _authProvider: this.authProvider,
             endpointUrl: this.endpointUrl,
             provider: this.provider,
             bundler: this.bundler,
@@ -328,25 +329,26 @@ class RhinestoneSDK {
         return createRhinestoneAccount(rhinestoneConfig);
     }
     getIntentStatus(intentId) {
-        return (0, execution_1.getIntentStatus)(this.apiKey, this.endpointUrl, intentId, this.headers);
+        return (0, execution_1.getIntentStatus)(this.authProvider, this.endpointUrl, intentId, this.headers);
     }
     splitIntents(input) {
-        return (0, execution_1.splitIntents)(this.apiKey, this.endpointUrl, input, this.headers);
+        return (0, execution_1.splitIntents)(this.authProvider, this.endpointUrl, input, this.headers);
     }
 }
 exports.RhinestoneSDK = RhinestoneSDK;
 // WebAuthn Validator contract helpers (keep Charter API stable)
+// biome-ignore lint/performance/noBarrelFile: required to preserve Charter's public API surface
 var webauthn_contract_1 = require("./modules/validators/webauthn-contract");
+Object.defineProperty(exports, "addCredential", { enumerable: true, get: function () { return webauthn_contract_1.addCredential; } });
 Object.defineProperty(exports, "generateCredentialId", { enumerable: true, get: function () { return webauthn_contract_1.generateCredentialId; } });
 Object.defineProperty(exports, "getCredentialIds", { enumerable: true, get: function () { return webauthn_contract_1.getCredentialIds; } });
-Object.defineProperty(exports, "hasCredentialById", { enumerable: true, get: function () { return webauthn_contract_1.hasCredentialById; } });
+Object.defineProperty(exports, "getCredentialInfo", { enumerable: true, get: function () { return webauthn_contract_1.getCredentialInfo; } });
+Object.defineProperty(exports, "getCredentials", { enumerable: true, get: function () { return webauthn_contract_1.getCredentials; } });
+Object.defineProperty(exports, "getThreshold", { enumerable: true, get: function () { return webauthn_contract_1.getThreshold; } });
 Object.defineProperty(exports, "hasCredential", { enumerable: true, get: function () { return webauthn_contract_1.hasCredential; } });
-Object.defineProperty(exports, "addCredential", { enumerable: true, get: function () { return webauthn_contract_1.addCredential; } });
+Object.defineProperty(exports, "hasCredentialById", { enumerable: true, get: function () { return webauthn_contract_1.hasCredentialById; } });
 Object.defineProperty(exports, "removeCredential", { enumerable: true, get: function () { return webauthn_contract_1.removeCredential; } });
 Object.defineProperty(exports, "setThreshold", { enumerable: true, get: function () { return webauthn_contract_1.setThreshold; } });
-Object.defineProperty(exports, "getCredentialInfo", { enumerable: true, get: function () { return webauthn_contract_1.getCredentialInfo; } });
-Object.defineProperty(exports, "getThreshold", { enumerable: true, get: function () { return webauthn_contract_1.getThreshold; } });
-Object.defineProperty(exports, "getCredentials", { enumerable: true, get: function () { return webauthn_contract_1.getCredentials; } });
 Object.defineProperty(exports, "WEBAUTHN_VALIDATOR_ABI", { enumerable: true, get: function () { return webauthn_contract_1.WEBAUTHN_VALIDATOR_ABI; } });
 // Orchestrator helpers
 var orchestrator_2 = require("./orchestrator");

package/dist/src/jwt-server/digest.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Compute a deterministic hex-encoded SHA-256 digest of an intent input object.
+ *
+ * 1. JCS-canonicalise the intent input (RFC 8785)
+ * 2. SHA-256 hash the UTF-8 bytes
+ * 3. Return lowercase hex string
+ *
+ * Uses the Web Crypto API (available in Node.js ≥ 15 and all modern browsers).
+ */
+export declare function computeIntentInputDigest(intentInput: unknown): Promise<string>;
+//# sourceMappingURL=digest.d.ts.map

package/dist/src/jwt-server/digest.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"digest.d.ts","sourceRoot":"","sources":["../../../jwt-server/digest.ts"],"names":[],"mappings":"AAEA;;;;;;;;GAQG;AACH,wBAAsB,wBAAwB,CAC5C,WAAW,EAAE,OAAO,GACnB,OAAO,CAAC,MAAM,CAAC,CAQjB"}

package/dist/src/jwt-server/digest.js

@@ -0,0 +1,22 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.computeIntentInputDigest = computeIntentInputDigest;
+const jcs_1 = require("./jcs");
+/**
+ * Compute a deterministic hex-encoded SHA-256 digest of an intent input object.
+ *
+ * 1. JCS-canonicalise the intent input (RFC 8785)
+ * 2. SHA-256 hash the UTF-8 bytes
+ * 3. Return lowercase hex string
+ *
+ * Uses the Web Crypto API (available in Node.js ≥ 15 and all modern browsers).
+ */
+async function computeIntentInputDigest(intentInput) {
+    const canonical = (0, jcs_1.jcsCanonicalise)(intentInput);
+    const encoded = new TextEncoder().encode(canonical);
+    const hashBuffer = await crypto.subtle.digest('SHA-256', encoded);
+    const hashArray = new Uint8Array(hashBuffer);
+    return Array.from(hashArray)
+        .map((b) => b.toString(16).padStart(2, '0'))
+        .join('');
+}

package/dist/src/jwt-server/express.d.ts

@@ -0,0 +1,16 @@
+import { type JwtHandlerConfig } from './handlers';
+interface ExpressRequest {
+    body?: unknown;
+}
+interface ExpressResponse {
+    status(code: number): ExpressResponse;
+    json(body: unknown): void;
+}
+type ExpressHandler = (req: ExpressRequest, res: ExpressResponse) => void;
+interface ExpressRouter {
+    get(path: string, handler: ExpressHandler): ExpressRouter;
+    post(path: string, handler: ExpressHandler): ExpressRouter;
+}
+export declare function createExpressRouter(config: JwtHandlerConfig): ExpressRouter;
+export {};
+//# sourceMappingURL=express.d.ts.map

package/dist/src/jwt-server/express.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"express.d.ts","sourceRoot":"","sources":["../../../jwt-server/express.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,KAAK,gBAAgB,EACtB,MAAM,YAAY,CAAA;AAEnB,UAAU,cAAc;IACtB,IAAI,CAAC,EAAE,OAAO,CAAA;CACf;AAED,UAAU,eAAe;IACvB,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,eAAe,CAAA;IACrC,IAAI,CAAC,IAAI,EAAE,OAAO,GAAG,IAAI,CAAA;CAC1B;AAED,KAAK,cAAc,GAAG,CAAC,GAAG,EAAE,cAAc,EAAE,GAAG,EAAE,eAAe,KAAK,IAAI,CAAA;AAEzE,UAAU,aAAa;IACrB,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,cAAc,GAAG,aAAa,CAAA;IACzD,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,cAAc,GAAG,aAAa,CAAA;CAC3D;AAED,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,gBAAgB,GAAG,aAAa,CAyB3E"}