@funkit/connect 9.13.0 → 9.15.0

package/CHANGELOG.md

@@ -1,5 +1,59 @@
 # @funkit/connect
 
+## 9.15.0
+
+### Minor Changes
+
+- 8d525fb: Add Aave deposit fast-path: same-token deposits to supported Aave reserves go directly to the protocol, skipping the quote flow.
+- cc655ee: feat(connect): add Aave V3 supply actions factory + checkout config builder via VaultDepositor
+- e9883ef: Add `display.collateralizationEnabled` to `createAaveSupplyCheckoutConfig`, driving the deposit modal's collateralization subtitle.
+- 11a585d: Register enable-free-usdc-banner feature gate and wire stub component in WithdrawalModal and SourceChange
+- 783d034: feat(api-base, connect): track Lighter Secure withdrawals as `direct_execution` rows.
+
+  - `@funkit/api-base`: add `DirectExecutionType.EXTERNALLY_FULFILLED` for flows fulfilled outside Fun — backend persists the row but never polls for status.
+  - `@funkit/connect`: Lighter Secure withdrawals now post a tracking-only DE row keyed off the L2 tx hash. Fire-and-forget — failures log at warn and never block the UI.
+
+- ab5ab81: feat(connect): add createPerpsGenerateActionParams factory for Polymarket Perps deposits
+- 49b653f: Route Polymarket Perps deposits to pUSD: QR/UDA transfers for the `POLYMARKET_PERPS_DEPOSIT` action now target pUSD instead of the configured target asset.
+
+### Patch Changes
+
+- 650d56e: Skip the redundant approve(0) reset for Aave supply assets outside `TOKENS_REQUIRING_APPROVAL_RESET`.
+- d9e78ce: test(connect): add direct execution history coverage
+- 3d19a04: test(connect): add direct execution polling coverage
+- 2846b98: Add unit tests for evaluateFeeBreakdown covering wallet, brokerage, card, and unsupported payment methods
+- a0353b7: Show user-entered token amount (not USD) on Lighter Secure withdrawal success screen
+- 86300af: test(connect): test useAmountInput
+- b38e78b: test(connect): add domains/quote tests
+- 8207111: test(connect): test useQuoteRefresh
+- 3fd1475: Add exhaustive unit tests for the quoteMode domain builders
+- 9a2c30a: Extract `SAFE_URL_PROTOCOLS` set in `sanitizeUrl`. Internal refactor, no behavior change.
+- 298eec7: feat: add invoice label support on copyinput component
+- 984ce0c: chore(connect): expand bundled statsig fallbacks
+- Updated dependencies [8d525fb]
+- Updated dependencies [783d034]
+  - @funkit/api-base@4.3.0
+
+## 9.14.0
+
+### Minor Changes
+
+- c32bc92: feat(connect): Aave source-select renders Native + Use other assets sections; Native row fast-paths to InputAmount when wallet holds the target asset.
+- ccd1855: Register Bitcoin on Cash App as a payment source on the crypto tab of the checkout modal.
+
+### Patch Changes
+
+- bc5ce6f: test(connect): add checkout transfer init coverage
+- b69e713: Fix CopyAddress button border-radius to account for parent 1px border.
+- c097446: Fix withdrawal modal conflating source-token amount with USD value. No-op for
+  1:1 stablecoin sources; corrects target-amount, receive-fiat, and min-amount
+  math for non-stable sources.
+- beb12ee: test(connect): add unit test coverage
+- Updated dependencies [d67a842]
+- Updated dependencies [e9e960a]
+  - @funkit/api-base@4.2.3
+  - @funkit/chains@1.2.0
+
 ## 9.13.0
 
 ### Minor Changes

package/dist/__generated__/default_configs.d.ts

@@ -22,6 +22,8 @@ declare const _default: {
             readonly '0x881D40237659C251811CEC9c364ef91dC08D300C': "Metamask Swap Router";
             readonly '0x07d82CD44cd598ACf355Af8c8089b30b2a13B088': "Polymarket Withdrawal Block";
             readonly '2ygdTkdUtN9PhoMko12bQi6PimJrqxcKmCvQGkCG6SN7': "Polymarket Withdrawal Block";
+            readonly '0xd40cBF452e8D6c9dF3e8bbE24eA8b65f859Ae34b': "Polymarket Withdrawal Block";
+            readonly GZxiVHg1JM6gCWRG7FwhaD6gPYpcLhiJ21s4ga7Ynfus: "Polymarket Withdrawal Block";
         };
     };
     readonly blockedcountries: {
@@ -276,6 +278,9 @@ declare const _default: {
     readonly enablebitcoin: {
         readonly value: true;
     };
+    readonly enablebitcoinlightning: {
+        readonly value: false;
+    };
     readonly enablebluvobrokerage: {
         readonly value: true;
     };
@@ -295,6 +300,9 @@ declare const _default: {
     readonly enablesourcegrouplabels: {
         readonly value: true;
     };
+    readonly enableswapped: {
+        readonly value: false;
+    };
     readonly enableswappeddeposit: {
         readonly value: false;
     };
@@ -658,17 +666,6 @@ declare const _default: {
                 }, {
                     readonly address: "0x5d3a1Ff2b6BAb83b63cd9AD0787074081a52ef34";
                 }];
-            }, {
-                readonly chainId: 2741;
-                readonly assets: readonly [{
-                    readonly address: "0x84A71ccD554Cc1b02749b35d22F684CC8ec987e1";
-                }, {
-                    readonly address: "0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE";
-                }, {
-                    readonly address: "0x3439153EB7AF838Ad19d56E1571FBD09333C2809";
-                }, {
-                    readonly address: "0x0709F39376dEEe2A2dfC94A58EdEb2Eb9DF012bD";
-                }];
             }, {
                 readonly chainId: 5064014;
                 readonly assets: readonly [{

package/dist/__generated__/default_feature_gates.d.ts

@@ -1,7 +1,9 @@
 declare const _default: {
     readonly 'compliance-review-blocker': false;
     readonly 'enable-across-wallet-flow': false;
+    readonly 'enable-add-token-to-wallet': false;
     readonly 'enable-empty-withdrawal-selection': false;
+    readonly 'enable-free-usdc-banner': false;
     readonly 'enable-permit-toggle': false;
     readonly 'enable-polymarket-wallet-withdrawal': false;
     readonly 'enable-swapped-exchanges': false;
@@ -9,9 +11,8 @@ declare const _default: {
     readonly 'faster-notifications': false;
     readonly 'new-token-transfer-config': false;
     readonly 'new-withdrawal-config': false;
-    readonly 'polymarket-pusd-migration': false;
     readonly 'saved-card-defaults-to-fiat-tab': false;
-    readonly 'test-testing-gate': false;
+    readonly 'test-feature-gate': false;
     readonly 'wallet-flow-enable-exact-input-with-actions': false;
     readonly 'you-receive-remove-swap-impact': false;
 };

package/dist/clients/aave.d.ts

@@ -0,0 +1,92 @@
+/**
+ * Aave V3 supply routed through Fun's VaultDepositor proxy.
+ *
+ * Two entry points:
+ * - `createAaveSupplyCheckoutConfig` — high-level; returns a full
+ *   `FunkitCheckoutConfig` or `undefined` if the chain isn't Fun-supported.
+ *   The `undefined` return is the canonical "is this Fun-routed?" signal.
+ * - `createAaveSupplyActions` — low-level; returns just the actions
+ *   closure. Use when you need non-default modal copy.
+ *
+ * Adding a new Aave entrypoint here (e.g. `supplyWithPermit`) requires
+ * coordinating with backend: VaultDepositor selector-whitelists each
+ * forwarded call. Pool addresses, in contrast, are owned by Aave's
+ * registry — callers pass `poolAddress` directly.
+ */
+import { type Address } from 'viem';
+import type { FunkitCheckoutActionParams, FunkitCheckoutConfig } from '../providers/FunkitCheckoutContext/types';
+/** Returns true if Fun has a VaultDepositor deployment on `chainId` ready to route Aave supplies. */
+export declare function isAaveSupplySupported(chainId: number): boolean;
+export interface AaveSupplyActionsConfig {
+    /** Address that receives the aToken receipt. Typically the connected wallet. */
+    onBehalfOf: Address | undefined;
+    /** Underlying asset to be supplied. Matches Aave's `DashboardReserve.underlyingAsset`. */
+    underlyingAsset: Address;
+    /** Aave V3 Pool contract on `chainId`. Aave maintains the registry — pass the value from `@aave-dao/aave-address-book` or your own `marketsData`. */
+    poolAddress: Address;
+    /** Chain ID — selects the Fun VaultDepositor deployment. */
+    chainId: number;
+    /** Aave referral code. Defaults to 0; partners with a registered code pass theirs. */
+    referralCode?: number;
+}
+/**
+ * Builds the `generateActionsParams` callback for an Aave V3 supply routed
+ * through VaultDepositor.
+ *
+ * Usage:
+ * ```ts
+ * const checkoutConfig: FunkitCheckoutConfig = {
+ *   // ...
+ *   generateActionsParams: createAaveSupplyActions({
+ *     onBehalfOf: walletAddress,
+ *     underlyingAsset: usdtAddress,
+ *     poolAddress: AaveV3Ethereum.POOL,
+ *     chainId: mainnet.id,
+ *   }),
+ * }
+ * ```
+ */
+export declare function createAaveSupplyActions(config: AaveSupplyActionsConfig): () => Promise<FunkitCheckoutActionParams[]>;
+export interface AaveSupplyCheckoutInput {
+    /** Underlying asset (Aave's `DashboardReserve.underlyingAsset`). */
+    underlyingAsset: Address;
+    /** Aave V3 Pool contract on `chainId`. From Aave's own registry (`marketsData[market].addresses.LENDING_POOL` or `@aave-dao/aave-address-book`). */
+    poolAddress: Address;
+    /** Chain ID — typically resolved from Aave's `currentMarket` via `marketsData[market].chainId`. */
+    chainId: number;
+    /** Connected wallet — becomes `onBehalfOf` for the aToken receipt. Pass `undefined` if the wallet isn't connected yet; actions throw at exec time. */
+    walletAddress: Address | undefined;
+    /** Reserve metadata used for modal display. Optional, but recommended. */
+    display?: {
+        /** Token symbol (e.g. "USDT") — drives modal title "Supply USDT" and receipt ticker "aUSDT". */
+        symbol: string;
+        /** Supply APY as a display string (e.g. "2.79"). When provided, the modal subtitle includes "{apy}% APY". */
+        supplyAPY?: string;
+        /**
+         * Whether this supply is/will be enabled as collateral for the user —
+         * Aave's "usage as collateral" toggle (the `isCollateral` enablement
+         * concept), NOT the reserve-level "can be collateral" eligibility. When
+         * provided, the modal subtitle includes "Collateralization enabled" /
+         * "disabled".
+         */
+        collateralizationEnabled?: boolean;
+        /** Override modal icon. If omitted, the modal falls back to its own asset-icon resolver. */
+        iconSrc?: string;
+    };
+    /** Aave referral code; defaults to 0. */
+    referralCode?: number;
+}
+/**
+ * High-level builder for an Aave V3 supply checkout. Returns a
+ * `FunkitCheckoutConfig` ready to launch via Fun's checkout, or `undefined`
+ * if `chainId` isn't a Fun-supported chain.
+ *
+ * The `undefined` return is the canonical "is this path Fun-routed?" signal —
+ * callers should fall back to Aave's native supply flow when it's returned.
+ *
+ * Modal copy ("Supply {symbol}", the "{apy}% APY · Collateralization
+ * enabled/disabled" subtitle, "a{symbol}" receipt ticker) is owned here so it
+ * stays consistent across SDK consumers. Subtitle segments only appear when
+ * the corresponding `display` signal is provided.
+ */
+export declare function createAaveSupplyCheckoutConfig(input: AaveSupplyCheckoutInput): FunkitCheckoutConfig | undefined;

package/dist/clients/aave.js

@@ -0,0 +1,156 @@
+"use client";
+
+// src/clients/aave.tsx
+import {
+  encodeFunctionData,
+  erc20Abi,
+  getAddress,
+  maxUint256
+} from "viem";
+import { mainnet as mainnet2 } from "viem/chains";
+
+// src/utils/isMainnetUsdt.ts
+import { isTokenEquivalent } from "@funkit/utils";
+import { mainnet } from "viem/chains";
+var USDT_MAINNET_ADDRESS = "0xdAC17F958D2ee523a2206206994597C13D831ec7";
+function isMainnetUsdt(chainId, address) {
+  return isTokenEquivalent({
+    firstTokenAddress: address,
+    firstTokenChainId: chainId.toString(),
+    secondTokenAddress: USDT_MAINNET_ADDRESS,
+    secondTokenChainId: mainnet.id.toString()
+  });
+}
+
+// src/clients/aave.tsx
+var VAULT_DEPOSITOR_BY_CHAIN_ID = {
+  [mainnet2.id]: getAddress("0x40b72bB73B1E9380629B205e7880Fa409ae7fcc9")
+};
+function isAaveSupplySupported(chainId) {
+  return chainId in VAULT_DEPOSITOR_BY_CHAIN_ID;
+}
+var AMOUNT_PLACEHOLDER = 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffdeadbeefn;
+var AAVE_POOL_ABI = [
+  {
+    name: "supply",
+    type: "function",
+    stateMutability: "nonpayable",
+    inputs: [
+      { name: "asset", type: "address" },
+      { name: "amount", type: "uint256" },
+      { name: "onBehalfOf", type: "address" },
+      { name: "referralCode", type: "uint16" }
+    ],
+    outputs: []
+  }
+];
+var VAULT_DEPOSITOR_ABI = [
+  {
+    name: "deposit",
+    type: "function",
+    stateMutability: "nonpayable",
+    inputs: [
+      { name: "token", type: "address" },
+      { name: "vault", type: "address" },
+      { name: "callData", type: "bytes" },
+      { name: "minAmountOut", type: "uint256" }
+    ],
+    outputs: [{ name: "returnData", type: "bytes" }]
+  }
+];
+function createAaveSupplyActions(config) {
+  const {
+    onBehalfOf,
+    underlyingAsset,
+    poolAddress,
+    chainId,
+    referralCode = 0
+  } = config;
+  const vaultDepositor = VAULT_DEPOSITOR_BY_CHAIN_ID[chainId];
+  return async () => {
+    if (!vaultDepositor) {
+      throw new Error(
+        `Aave supply is not yet supported on chain ${chainId}. Supported chain IDs: ${Object.keys(VAULT_DEPOSITOR_BY_CHAIN_ID).join(", ")}`
+      );
+    }
+    if (!onBehalfOf) {
+      throw new Error(
+        "Please connect your wallet before starting an Aave supply"
+      );
+    }
+    const asset = getAddress(underlyingAsset);
+    const supplyCalldata = encodeFunctionData({
+      abi: AAVE_POOL_ABI,
+      functionName: "supply",
+      args: [asset, AMOUNT_PLACEHOLDER, onBehalfOf, referralCode]
+    });
+    const needsApprovalReset = isMainnetUsdt(chainId, asset);
+    const resetApproval = {
+      contractAbi: erc20Abi,
+      contractAddress: asset,
+      functionName: "approve",
+      functionArgs: [vaultDepositor, 0n]
+    };
+    const maxApproval = {
+      contractAbi: erc20Abi,
+      contractAddress: asset,
+      functionName: "approve",
+      functionArgs: [vaultDepositor, maxUint256]
+    };
+    const vaultDeposit = {
+      contractAbi: VAULT_DEPOSITOR_ABI,
+      contractAddress: vaultDepositor,
+      functionName: "deposit",
+      functionArgs: [asset, poolAddress, supplyCalldata, 0n]
+    };
+    return needsApprovalReset ? [resetApproval, maxApproval, vaultDeposit] : [maxApproval, vaultDeposit];
+  };
+}
+function buildSupplyModalTitleMeta(display) {
+  const parts = [];
+  if (display?.supplyAPY !== void 0) {
+    parts.push(`${display.supplyAPY}% APY`);
+  }
+  if (display?.collateralizationEnabled !== void 0) {
+    parts.push(
+      `Collateralization ${display.collateralizationEnabled ? "enabled" : "disabled"}`
+    );
+  }
+  return parts.length > 0 ? parts.join(" \xB7 ") : void 0;
+}
+function createAaveSupplyCheckoutConfig(input) {
+  const {
+    underlyingAsset,
+    poolAddress,
+    chainId,
+    walletAddress,
+    display,
+    referralCode
+  } = input;
+  if (!isAaveSupplySupported(chainId)) {
+    return void 0;
+  }
+  const symbol = display?.symbol ?? "asset";
+  const receiptTicker = `a${symbol}`;
+  return {
+    modalTitle: `Supply ${symbol}`,
+    modalTitleMeta: buildSupplyModalTitleMeta(display),
+    targetChain: chainId.toString(),
+    targetAsset: underlyingAsset,
+    targetAssetTicker: receiptTicker,
+    checkoutItemTitle: receiptTicker,
+    iconSrc: display?.iconSrc,
+    generateActionsParams: createAaveSupplyActions({
+      onBehalfOf: walletAddress,
+      underlyingAsset,
+      poolAddress,
+      chainId,
+      referralCode
+    })
+  };
+}
+export {
+  createAaveSupplyActions,
+  createAaveSupplyCheckoutConfig,
+  isAaveSupplySupported
+};

package/dist/clients/{chunk-LMEQD56M.js → chunk-PLDXBAAH.js}

@@ -125,13 +125,14 @@ function preloadRemoteImages(...imageUrls) {
 import React2, { useMemo, useReducer as useReducer2, useState } from "react";
 
 // src/utils/sanitizeUrl.ts
+var SAFE_URL_PROTOCOLS = /* @__PURE__ */ new Set(["https:", "http:"]);
 function sanitizeUrl(url) {
   if (!url) {
     return void 0;
   }
   try {
     const parsed = new URL(url);
-    if (parsed.protocol === "https:" || parsed.protocol === "http:") {
+    if (SAFE_URL_PROTOCOLS.has(parsed.protocol)) {
       return parsed.href;
     }
     return void 0;

package/dist/clients/fanatics.js

@@ -4,7 +4,7 @@ import {
   Box,
   preloadRemoteImages,
   useFunkitTranslation
-} from "./chunk-LMEQD56M.js";
+} from "./chunk-PLDXBAAH.js";
 import "./chunk-H6F75ULR.js";
 
 // src/clients/fanatics.tsx

package/dist/clients/lighter.d.ts

@@ -13,7 +13,7 @@
  * Both callbacks conform to CustomWithdrawalConfig.withdrawCallback; the
  * caller provides the actual on-chain implementation.
  */
-import type { Address } from 'viem';
+import { type Address } from 'viem';
 import type { CustomWithdrawalConfig, MultiMethodWithdrawalConfig } from '../providers/FunkitCheckoutContext/types';
 export type LighterTransferParams = {
     toAccountIndex: number;
@@ -93,6 +93,37 @@ export interface LighterSecureWithdrawalConfig {
      */
     getMinWithdrawalAmount?: (symbol: string) => number;
 }
+/**
+ * Records a Lighter Secure withdrawal in Fun's direct-execution table as
+ * `EXTERNALLY_FULFILLED` — tracking-only, since Fun is not in the execution
+ * path. The row is keyed off the L2 tx hash and exists purely for attribution
+ * and support tooling; the backend writes a one-time terminal `listenerInfo`
+ * and never polls for L1 settlement (see EXTERNALLY_FULFILLED design doc).
+ *
+ * Fire-and-forget: callers should not await this, and any failure here must
+ * not block the withdrawal success UI. Failures log at warn/error and return.
+ */
+export declare function trackLighterSecureWithdrawal({ apiKey, userId, txHash, recipientAddr, assetIndex, mainnetTokenAddress, amountTokenUnits, withdrawalUSD, }: {
+    apiKey: string;
+    userId: string;
+    txHash: string;
+    recipientAddr: Address;
+    /**
+     * Lighter L2 asset index. Used as `fromTokenAddress`
+     * (`pad(toHex(assetIndex))`) and to resolve symbol + mainnet decimals from
+     * {@link LIGHTER_SECURE_ASSETS_BY_INDEX}.
+     */
+    assetIndex: number;
+    /** Mainnet ERC-20 address the L2 asset bridges to (resolved by the modal). */
+    mainnetTokenAddress: Address;
+    /** User-input amount in token units (e.g. "1.5" for 1.5 ETH). */
+    amountTokenUnits: string;
+    /**
+     * USD value of the withdrawal as computed by the modal (token amount × live
+     * spot price). Avoids a separate spot-price round-trip from this helper.
+     */
+    withdrawalUSD: string;
+}): Promise<void>;
 /** Single-method config for Lighter's Secure withdrawal (bridge to Ethereum). */
 export declare function createLighterSecureWithdrawalConfig(config: LighterSecureWithdrawalConfig): CustomWithdrawalConfig;
 /**
@@ -112,7 +143,7 @@ export declare function createLighterSecureWithdrawalConfig(config: LighterSecur
  * ```tsx
  * const { address: l1Address } = useFunkitUserInfo()
  * const lighter = useLighterWithdrawalConfig(
- *   userId && walletClient
+ *   l1Address && walletClient
  *     ? { l1Address, signerClient, sendLighterSecureWithdrawal, ... }
  *     : null,
  * )

package/dist/clients/lighter.js

@@ -3,18 +3,25 @@ import {
   AsyncImage,
   Box,
   useFunkitTranslation
-} from "./chunk-LMEQD56M.js";
+} from "./chunk-PLDXBAAH.js";
 import {
   logger
 } from "./chunk-H6F75ULR.js";
 
 // src/clients/lighter.tsx
-import { SOLANA_MAINNET_CHAIN_ID } from "@funkit/chains";
+import {
+  DirectExecutionType,
+  LIGHTERXYZ_API_KEY as LIGHTERXYZ_API_KEY2,
+  createDirectExecution
+} from "@funkit/api-base";
+import { LIGHTER_CHAIN_ID, SOLANA_MAINNET_CHAIN_ID } from "@funkit/chains";
 import { RELAY_LIGHTER_CHAIN_ID } from "@funkit/fun-relay";
 import { retry } from "@lifeomic/attempt";
 import { useQuery as useQuery2 } from "@tanstack/react-query";
 import i18next from "i18next";
 import React2, { useMemo as useMemo2 } from "react";
+import { v4 as uuid } from "uuid";
+import { pad, parseUnits, toHex } from "viem";
 import { arbitrum, base, bsc, mainnet as mainnet2, optimism } from "viem/chains";
 
 // src/components/Icons/EvmWallet.tsx
@@ -48,6 +55,7 @@ import { useQuery } from "@tanstack/react-query";
 
 // src/consts/customers.ts
 import {
+  AAVE_API_KEY,
   AVANTIS_API_KEY,
   BASED_API_KEY,
   BSX_API_KEY,
@@ -82,6 +90,7 @@ var DEFAULT_TEXT_CUSTOMIZATIONS = {
   sourceMethodTitle: "Your source",
   tokensListTitle: "Your tokens",
   transferTokens: "Transfer Crypto",
+  bitcoinLightning: "Bitcoin on Cash App",
   receiveDropdownTitle: "",
   // Default to empty
   receiveDropdownLabel: "Asset to Receive",
@@ -165,6 +174,7 @@ function useFunkitConfig() {
       sourceMethodTitle: t("textCustomizations.sourceMethodTitle"),
       tokensListTitle: t("textCustomizations.tokensListTitle"),
       transferTokens: t("textCustomizations.transferTokens"),
+      bitcoinLightning: t("textCustomizations.bitcoinLightning"),
       receiveDropdownTitle: t("textCustomizations.receiveDropdownTitle"),
       receiveDropdownLabel: t("textCustomizations.receiveDropdownLabel"),
       confirmationScreen: {
@@ -288,6 +298,17 @@ function formatSecondsTranslated(seconds, t, specifyUnderMinute = false, omitSec
 // src/clients/lighter.tsx
 var LIGHTER_USDC_PERPS_ADDRESS = "0x0000000000000000000000000000000000000000";
 var MAINNET_USDC = "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48";
+var LIGHTER_SECURE_ASSETS_BY_INDEX = {
+  1: { symbol: "ETH", decimals: 18 },
+  2: { symbol: "LIT", decimals: 18 },
+  3: { symbol: "USDC", decimals: 6 },
+  5: { symbol: "LINK", decimals: 18 },
+  6: { symbol: "UNI", decimals: 18 },
+  7: { symbol: "AAVE", decimals: 18 },
+  8: { symbol: "SKY", decimals: 18 },
+  9: { symbol: "LDO", decimals: 18 },
+  10: { symbol: "AZTEC", decimals: 18 }
+};
 var LIGHTER_API_BASE = "https://mainnet.zklighter.elliot.ai";
 async function getLighterWithdrawalDelay() {
   const response = await fetch(`${LIGHTER_API_BASE}/api/v1/withdrawalDelay`);
@@ -453,6 +474,86 @@ var LIGHTER_DEFAULT_SECURE_MIN_WITHDRAWAL_AMOUNTS = {
   LDO: 2,
   AZTEC: 100
 };
+function truncateAmountToDecimals(amount, decimals) {
+  const [whole = "0", frac = ""] = amount.split(".");
+  if (frac.length <= decimals) {
+    return amount;
+  }
+  const truncated = frac.slice(0, decimals);
+  return truncated ? `${whole}.${truncated}` : whole;
+}
+async function trackLighterSecureWithdrawal({
+  apiKey,
+  userId,
+  txHash,
+  recipientAddr,
+  assetIndex,
+  mainnetTokenAddress,
+  amountTokenUnits,
+  withdrawalUSD
+}) {
+  const assetMeta = LIGHTER_SECURE_ASSETS_BY_INDEX[assetIndex];
+  if (!assetMeta) {
+    logger.error(
+      "lighter:withdrawal:secure:tracking:unknownAssetIndex",
+      new Error(`Unknown Lighter Secure asset index: ${assetIndex}`),
+      { assetIndex, txHash }
+    );
+    return;
+  }
+  const { symbol, decimals } = assetMeta;
+  const estTotalUsd = Number(withdrawalUSD);
+  const safeAmount = truncateAmountToDecimals(amountTokenUnits, decimals);
+  const baseUnitAmount = parseUnits(safeAmount, decimals).toString();
+  const fromTokenAddress = pad(toHex(assetIndex), { size: 20 });
+  await createDirectExecution({
+    apiKey,
+    logger,
+    // Lighter L2 tx hashes are not 0x-prefixed EVM hashes — they're the L2's
+    // own format. We cast here for convenience to satisfy the DE row type;
+    // the backend stores the literal string and we never use it as an EVM hash.
+    txHash,
+    type: DirectExecutionType.EXTERNALLY_FULFILLED,
+    userId,
+    recipientAddr,
+    fromChainId: LIGHTER_CHAIN_ID.toString(),
+    fromTokenAddress,
+    toChainId: mainnet2.id.toString(),
+    toTokenAddress: mainnetTokenAddress,
+    fromAmountBaseUnit: baseUnitAmount,
+    toAmountBaseUnit: baseUnitAmount,
+    estTotalUsd,
+    // Secure withdrawals come out of the user's Lighter account balance; the
+    // L1 owner of that account is the recipient (Secure locks to connected wallet).
+    sourceOfFund: `balance|lighter-secure|${recipientAddr}`,
+    clientMetadata: {
+      id: uuid(),
+      startTimestampMs: Date.now(),
+      finalDollarValue: estTotalUsd,
+      latestQuote: null,
+      depositAddress: null,
+      initSettings: {
+        config: {
+          targetAsset: mainnetTokenAddress,
+          targetChain: mainnet2.id.toString(),
+          targetAssetTicker: symbol
+        }
+      },
+      selectedSourceAssetInfo: {
+        address: fromTokenAddress,
+        symbol,
+        chainId: LIGHTER_CHAIN_ID.toString(),
+        iconSrc: null
+      },
+      selectedPaymentMethodInfo: {
+        paymentMethod: "LIGHTER_SECURE_WITHDRAWAL",
+        title: "",
+        description: ""
+      },
+      isWithdrawal: true
+    }
+  });
+}
 function buildSecureWithdrawalCallback({
   exec
 }) {
@@ -476,6 +577,7 @@ function buildSecureWithdrawalCallback({
       );
       return;
     }
+    const withdrawalUSD = param.withdrawalUSD ?? "0";
     logger.info("lighter:withdrawal:secure:start", {
       assetIndex,
       amountTokenUnits,
@@ -491,6 +593,25 @@ function buildSecureWithdrawalCallback({
       assetIndex,
       txHash
     });
+    void trackLighterSecureWithdrawal({
+      apiKey: LIGHTERXYZ_API_KEY2,
+      // Secure locks the destination to the connected wallet, so the L1
+      // recipient address doubles as the userId for tracking purposes.
+      userId: destinationAddress,
+      txHash,
+      recipientAddr: destinationAddress,
+      assetIndex,
+      mainnetTokenAddress: targetAssetAddress,
+      amountTokenUnits,
+      withdrawalUSD
+    }).catch((err) => {
+      logger.warn("lighter:withdrawal:secure:trackingFailed", {
+        error: err instanceof Error ? err.message : String(err),
+        txHash,
+        assetIndex,
+        amountTokenUnits
+      });
+    });
     return txHash;
   };
 }
@@ -655,5 +776,6 @@ function useLighterWithdrawalConfig(config) {
 export {
   LIGHTER_DEFAULT_SECURE_MIN_WITHDRAWAL_AMOUNTS,
   createLighterSecureWithdrawalConfig,
+  trackLighterSecureWithdrawal,
   useLighterWithdrawalConfig
 };