@layr-labs/ecloud-sdk 0.2.1-dev → 0.2.2-dev

package/dist/browser.cjs

@@ -30,31 +30,69 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 // src/browser.ts
 var browser_exports = {};
 __export(browser_exports, {
+  BillingApiClient: () => BillingApiClient,
+  BuildApiClient: () => BuildApiClient,
+  SessionError: () => SessionError,
   UserApiClient: () => UserApiClient,
+  addHexPrefix: () => addHexPrefix,
   assertValidImageReference: () => assertValidImageReference,
   assertValidPrivateKey: () => assertValidPrivateKey,
+  calculateAppID: () => calculateAppID,
+  checkERC7702Delegation: () => checkERC7702Delegation,
+  createSiweMessage: () => createSiweMessage,
+  deployApp: () => deployApp,
   encodeStartAppData: () => encodeStartAppData,
   encodeStopAppData: () => encodeStopAppData,
   encodeTerminateAppData: () => encodeTerminateAppData,
+  encryptRSAOAEPAndAES256GCM: () => encryptRSAOAEPAndAES256GCM,
   estimateBatchGas: () => estimateBatchGas,
   estimateTransactionGas: () => estimateTransactionGas,
+  executeBatch: () => executeBatch,
+  executeDeployBatch: () => executeDeployBatch,
+  executeDeployBatched: () => executeDeployBatched,
+  executeDeploySequential: () => executeDeploySequential,
+  executeUpgradeBatch: () => executeUpgradeBatch,
   extractAppNameFromImage: () => extractAppNameFromImage,
   formatETH: () => formatETH,
   generateNewPrivateKey: () => generateNewPrivateKey,
+  generateNonce: () => generateNonce,
   getActiveAppCount: () => getActiveAppCount,
   getAllAppsByDeveloper: () => getAllAppsByDeveloper,
+  getAppProtectedHeaders: () => getAppProtectedHeaders,
   getAppsByCreator: () => getAppsByCreator,
   getAppsByDeveloper: () => getAppsByDeveloper,
   getAvailableEnvironments: () => getAvailableEnvironments,
+  getBillingEnvironmentConfig: () => getBillingEnvironmentConfig,
   getBuildType: () => getBuildType,
+  getChainFromID: () => getChainFromID,
+  getComputeApiSession: () => getComputeApiSession,
   getEnvironmentConfig: () => getEnvironmentConfig,
+  getKMSKeysForEnvironment: () => getKMSKeysForEnvironment,
   getMaxActiveAppsPerUser: () => getMaxActiveAppsPerUser,
+  isDelegated: () => isDelegated,
   isEnvironmentAvailable: () => isEnvironmentAvailable,
   isMainnet: () => isMainnet,
+  isSessionValid: () => isSessionValid,
+  isSiweMessageExpired: () => isSiweMessageExpired,
+  isSiweMessageNotYetValid: () => isSiweMessageNotYetValid,
   isSubscriptionActive: () => isSubscriptionActive,
+  loginToComputeApi: () => loginToComputeApi,
+  logoutFromComputeApi: () => logoutFromComputeApi,
+  noopLogger: () => noopLogger,
+  parseSiweMessage: () => parseSiweMessage,
+  prepareDeployBatch: () => prepareDeployBatch,
+  prepareUpgradeBatch: () => prepareUpgradeBatch,
   sanitizeString: () => sanitizeString,
   sanitizeURL: () => sanitizeURL,
   sanitizeXURL: () => sanitizeXURL,
+  sendAndWaitForTransaction: () => sendAndWaitForTransaction,
+  stripHexPrefix: () => stripHexPrefix,
+  supportsEIP5792: () => supportsEIP5792,
+  supportsEIP7702: () => supportsEIP7702,
+  suspend: () => suspend,
+  undelegate: () => undelegate,
+  upgradeApp: () => upgradeApp,
+  useComputeSession: () => useComputeSession,
   validateAppID: () => validateAppID,
   validateAppName: () => validateAppName,
   validateCreateAppParams: () => validateCreateAppParams,
@@ -69,6 +107,18 @@ __export(browser_exports, {
 });
 module.exports = __toCommonJS(browser_exports);
 
+// src/client/common/types/index.ts
+var noopLogger = {
+  debug: () => {
+  },
+  info: () => {
+  },
+  warn: () => {
+  },
+  error: () => {
+  }
+};
+
 // src/client/common/config/environment.ts
 var SEPOLIA_CHAIN_ID = 11155111;
 var MAINNET_CHAIN_ID = 1;
@@ -83,6 +133,14 @@ var ChainAddresses = {
     PermissionController: "0x44632dfBdCb6D3E21EF613B0ca8A6A0c618F5a37"
   }
 };
+var BILLING_ENVIRONMENTS = {
+  dev: {
+    billingApiServerURL: "https://billingapi-dev.eigencloud.xyz"
+  },
+  prod: {
+    billingApiServerURL: "https://billingapi.eigencloud.xyz"
+  }
+};
 var ENVIRONMENTS = {
   "sepolia-dev": {
     name: "sepolia",
@@ -141,6 +199,13 @@ function getEnvironmentConfig(environment, chainID) {
     chainID: BigInt(resolvedChainID)
   };
 }
+function getBillingEnvironmentConfig(build) {
+  const config = BILLING_ENVIRONMENTS[build];
+  if (!config) {
+    throw new Error(`Unknown billing environment: ${build}`);
+  }
+  return config;
+}
 function getBuildType() {
   const buildTimeType = true ? "dev"?.toLowerCase() : void 0;
   const runtimeType = process.env.BUILD_TYPE?.toLowerCase();
@@ -174,8 +239,13 @@ var import_accounts = require("viem/accounts");
 
 // src/client/common/constants.ts
 var import_chains = require("viem/chains");
+var SUPPORTED_CHAINS = [import_chains.mainnet, import_chains.sepolia];
 
 // src/client/common/utils/helpers.ts
+function getChainFromID(chainID, fallback = import_chains2.sepolia) {
+  const id = Number(chainID);
+  return (0, import_viem.extractChain)({ chains: SUPPORTED_CHAINS, id }) || fallback;
+}
 function addHexPrefix(value) {
   return value.startsWith("0x") ? value : `0x${value}`;
 }
@@ -409,6 +479,160 @@ async function calculatePermissionSignature(options) {
   });
   return { signature, digest };
 }
+var generateBillingSigData = (product, expiry) => {
+  return {
+    domain: {
+      name: "EigenCloud Billing API",
+      version: "1"
+    },
+    types: {
+      BillingAuth: [
+        { name: "product", type: "string" },
+        { name: "expiry", type: "uint256" }
+      ]
+    },
+    primaryType: "BillingAuth",
+    message: {
+      product,
+      expiry
+    }
+  };
+};
+async function calculateBillingAuthSignature(options) {
+  const { walletClient, product, expiry } = options;
+  const account = walletClient.account;
+  if (!account) {
+    throw new Error("WalletClient must have an account attached");
+  }
+  const signature = await walletClient.signTypedData({
+    account,
+    ...generateBillingSigData(product, expiry)
+  });
+  return { signature, expiry };
+}
+
+// src/client/common/auth/session.ts
+var SessionError = class extends Error {
+  constructor(message, code, statusCode) {
+    super(message);
+    this.code = code;
+    this.statusCode = statusCode;
+    this.name = "SessionError";
+  }
+};
+function stripHexPrefix2(hex) {
+  return hex.startsWith("0x") ? hex.slice(2) : hex;
+}
+async function parseErrorResponse(response) {
+  try {
+    const data = await response.json();
+    return data.error || response.statusText;
+  } catch {
+    return response.statusText;
+  }
+}
+async function loginToComputeApi(config, request) {
+  let response;
+  try {
+    response = await fetch(`${config.baseUrl}/auth/siwe/login`, {
+      method: "POST",
+      credentials: "include",
+      // Include cookies for session management
+      headers: {
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify({
+        message: request.message,
+        signature: stripHexPrefix2(request.signature)
+      })
+    });
+  } catch (error) {
+    throw new SessionError(
+      `Network error connecting to ${config.baseUrl}: ${error instanceof Error ? error.message : String(error)}`,
+      "NETWORK_ERROR"
+    );
+  }
+  if (!response.ok) {
+    const errorMessage = await parseErrorResponse(response);
+    const status = response.status;
+    if (status === 400) {
+      if (errorMessage.toLowerCase().includes("siwe")) {
+        throw new SessionError(`Invalid SIWE message: ${errorMessage}`, "INVALID_MESSAGE", status);
+      }
+      throw new SessionError(`Bad request: ${errorMessage}`, "INVALID_MESSAGE", status);
+    }
+    if (status === 401) {
+      throw new SessionError(`Invalid signature: ${errorMessage}`, "INVALID_SIGNATURE", status);
+    }
+    throw new SessionError(`Login failed: ${errorMessage}`, "UNKNOWN", status);
+  }
+  const data = await response.json();
+  return {
+    success: data.success,
+    address: data.address
+  };
+}
+async function getComputeApiSession(config) {
+  let response;
+  try {
+    response = await fetch(`${config.baseUrl}/auth/session`, {
+      method: "GET",
+      credentials: "include",
+      // Include cookies for session management
+      headers: {
+        "Content-Type": "application/json"
+      }
+    });
+  } catch {
+    return {
+      authenticated: false
+    };
+  }
+  if (response.status === 401) {
+    return {
+      authenticated: false
+    };
+  }
+  if (!response.ok) {
+    const errorMessage = await parseErrorResponse(response);
+    throw new SessionError(`Failed to get session: ${errorMessage}`, "UNKNOWN", response.status);
+  }
+  const data = await response.json();
+  return {
+    authenticated: data.authenticated,
+    address: data.address,
+    chainId: data.chain_id
+  };
+}
+async function logoutFromComputeApi(config) {
+  let response;
+  try {
+    response = await fetch(`${config.baseUrl}/auth/logout`, {
+      method: "POST",
+      credentials: "include",
+      // Include cookies for session management
+      headers: {
+        "Content-Type": "application/json"
+      }
+    });
+  } catch (error) {
+    throw new SessionError(
+      `Network error connecting to ${config.baseUrl}: ${error instanceof Error ? error.message : String(error)}`,
+      "NETWORK_ERROR"
+    );
+  }
+  if (response.status === 401) {
+    return;
+  }
+  if (!response.ok) {
+    const errorMessage = await parseErrorResponse(response);
+    throw new SessionError(`Logout failed: ${errorMessage}`, "UNKNOWN", response.status);
+  }
+}
+async function isSessionValid(config) {
+  const session = await getComputeApiSession(config);
+  return session.authenticated;
+}
 
 // src/client/common/utils/userapi.ts
 function isJsonObject(value) {
@@ -427,15 +651,16 @@ var CanViewAppLogsPermission = "0x2fd3f2fe";
 var CanViewSensitiveAppInfoPermission = "0x0e67b22f";
 var CanUpdateAppProfilePermission = "0x036fef61";
 function getDefaultClientId() {
-  const version = true ? "0.2.1-dev" : "0.0.0";
+  const version = true ? "0.2.2-dev" : "0.0.0";
   return `ecloud-sdk/v${version}`;
 }
 var UserApiClient = class {
-  constructor(config, walletClient, publicClient, clientId) {
+  constructor(config, walletClient, publicClient, options) {
     this.config = config;
     this.walletClient = walletClient;
     this.publicClient = publicClient;
-    this.clientId = clientId || getDefaultClientId();
+    this.clientId = options?.clientId || getDefaultClientId();
+    this.useSession = options?.useSession ?? false;
   }
   /**
    * Get the address of the connected wallet
@@ -523,7 +748,7 @@ var UserApiClient = class {
     const apps = result.apps || result.Apps || [];
     return apps.map((app, i) => ({
       address: app.address || appIDs[i],
-      status: app.status || app.Status || ""
+      status: app.app_status || app.App_Status || ""
     }));
   }
   /**
@@ -555,9 +780,11 @@ var UserApiClient = class {
     const headers = {
       "x-client-id": this.clientId
     };
-    const expiry = BigInt(Math.floor(Date.now() / 1e3) + 5 * 60);
-    const authHeaders = await this.generateAuthHeaders(CanUpdateAppProfilePermission, expiry);
-    Object.assign(headers, authHeaders);
+    if (!this.useSession) {
+      const expiry = BigInt(Math.floor(Date.now() / 1e3) + 5 * 60);
+      const authHeaders = await this.generateAuthHeaders(CanUpdateAppProfilePermission, expiry);
+      Object.assign(headers, authHeaders);
+    }
     try {
       const response = await import_axios.default.post(endpoint, formData, {
         headers,
@@ -566,8 +793,10 @@ var UserApiClient = class {
         // Don't throw on any status
         maxContentLength: Infinity,
         // Allow large file uploads
-        maxBodyLength: Infinity
+        maxBodyLength: Infinity,
         // Allow large file uploads
+        withCredentials: true
+        // Include cookies for session auth
       });
       const status = response.status;
       if (status !== 200 && status !== 201) {
@@ -601,7 +830,7 @@ Please check:
     const headers = {
       "x-client-id": this.clientId
     };
-    if (permission) {
+    if (permission && !this.useSession) {
       const expiry = BigInt(Math.floor(Date.now() / 1e3) + 5 * 60);
       const authHeaders = await this.generateAuthHeaders(permission, expiry);
       Object.assign(headers, authHeaders);
@@ -610,8 +839,10 @@ Please check:
       const response = await import_axios.default.get(url, {
         headers,
         maxRedirects: 0,
-        validateStatus: () => true
+        validateStatus: () => true,
         // Don't throw on any status
+        withCredentials: true
+        // Include cookies for session auth
       });
       const status = response.status;
       const statusText = status >= 200 && status < 300 ? "OK" : "Error";
@@ -653,6 +884,65 @@ Please check:
       "X-eigenx-expiry": expiry.toString()
     };
   }
+  // ==========================================================================
+  // SIWE Session Management
+  // ==========================================================================
+  /**
+   * Login to the compute API using SIWE (Sign-In with Ethereum)
+   *
+   * This establishes a session with the compute API by verifying the SIWE message
+   * and signature. On success, a session cookie is set in the browser.
+   *
+   * @param request - Login request containing SIWE message and signature
+   * @returns Login result with the authenticated address
+   *
+   * @example
+   * ```typescript
+   * import { createSiweMessage } from "@layr-labs/ecloud-sdk/browser";
+   *
+   * const { message } = createSiweMessage({
+   *   address: userAddress,
+   *   chainId: 11155111,
+   *   domain: window.location.host,
+   *   uri: window.location.origin,
+   * });
+   *
+   * const signature = await signMessageAsync({ message });
+   * const result = await client.siweLogin({ message, signature });
+   * ```
+   */
+  async siweLogin(request) {
+    return loginToComputeApi({ baseUrl: this.config.userApiServerURL }, request);
+  }
+  /**
+   * Logout from the compute API
+   *
+   * This destroys the current session and clears the session cookie.
+   *
+   * @example
+   * ```typescript
+   * await client.siweLogout();
+   * ```
+   */
+  async siweLogout() {
+    return logoutFromComputeApi({ baseUrl: this.config.userApiServerURL });
+  }
+  /**
+   * Get the current SIWE session status from the compute API
+   *
+   * @returns Session information including authentication status and address
+   *
+   * @example
+   * ```typescript
+   * const session = await client.getSiweSession();
+   * if (session.authenticated) {
+   *   console.log(`Logged in as ${session.address}`);
+   * }
+   * ```
+   */
+  async getSiweSession() {
+    return getComputeApiSession({ baseUrl: this.config.userApiServerURL });
+  }
 };
 function transformAppReleaseBuild(raw) {
   if (!isJsonObject(raw)) return void 0;
@@ -697,6 +987,241 @@ function transformAppRelease(raw) {
   };
 }
 
+// src/client/common/utils/billingapi.ts
+var import_axios2 = __toESM(require("axios"), 1);
+var BillingApiClient = class {
+  constructor(config, walletClient) {
+    this.config = config;
+    this.walletClient = walletClient;
+  }
+  /**
+   * Get the address of the connected wallet
+   */
+  get address() {
+    const account = this.walletClient.account;
+    if (!account) {
+      throw new Error("WalletClient must have an account attached");
+    }
+    return account.address;
+  }
+  async createSubscription(productId = "compute", options) {
+    const endpoint = `${this.config.billingApiServerURL}/products/${productId}/subscription`;
+    const body = options ? {
+      success_url: options.successUrl,
+      cancel_url: options.cancelUrl
+    } : void 0;
+    const resp = await this.makeAuthenticatedRequest(endpoint, "POST", productId, body);
+    return resp.json();
+  }
+  async getSubscription(productId = "compute") {
+    const endpoint = `${this.config.billingApiServerURL}/products/${productId}/subscription`;
+    const resp = await this.makeAuthenticatedRequest(endpoint, "GET", productId);
+    return resp.json();
+  }
+  async cancelSubscription(productId = "compute") {
+    const endpoint = `${this.config.billingApiServerURL}/products/${productId}/subscription`;
+    await this.makeAuthenticatedRequest(endpoint, "DELETE", productId);
+  }
+  /**
+   * Make an authenticated request to the billing API
+   */
+  async makeAuthenticatedRequest(url, method, productId, body) {
+    const expiry = BigInt(Math.floor(Date.now() / 1e3) + 5 * 60);
+    const { signature } = await calculateBillingAuthSignature({
+      walletClient: this.walletClient,
+      product: productId,
+      expiry
+    });
+    const headers = {
+      Authorization: `Bearer ${signature}`,
+      "X-Account": this.address,
+      "X-Expiry": expiry.toString()
+    };
+    if (body) {
+      headers["Content-Type"] = "application/json";
+    }
+    try {
+      const response = await (0, import_axios2.default)({
+        method,
+        url,
+        headers,
+        data: body,
+        timeout: 3e4,
+        maxRedirects: 0,
+        validateStatus: () => true
+        // Don't throw on any status
+      });
+      const status = response.status;
+      const statusText = status >= 200 && status < 300 ? "OK" : "Error";
+      if (status < 200 || status >= 300) {
+        const body2 = typeof response.data === "string" ? response.data : JSON.stringify(response.data);
+        throw new Error(`BillingAPI request failed: ${status} ${statusText} - ${body2}`);
+      }
+      return {
+        json: async () => response.data,
+        text: async () => typeof response.data === "string" ? response.data : JSON.stringify(response.data)
+      };
+    } catch (error) {
+      if (error.message?.includes("fetch failed") || error.message?.includes("ECONNREFUSED") || error.message?.includes("ENOTFOUND") || error.cause) {
+        const cause = error.cause?.message || error.cause || error.message;
+        throw new Error(
+          `Failed to connect to BillingAPI at ${url}: ${cause}
+Please check:
+1. Your internet connection
+2. The API server is accessible: ${this.config.billingApiServerURL}
+3. Firewall/proxy settings`
+        );
+      }
+      throw error;
+    }
+  }
+};
+
+// src/client/common/utils/buildapi.ts
+var import_axios3 = __toESM(require("axios"), 1);
+var MAX_RETRIES = 5;
+var INITIAL_BACKOFF_MS = 1e3;
+var MAX_BACKOFF_MS = 3e4;
+async function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+function getRetryDelay(res, attempt) {
+  const retryAfter = res.headers["retry-after"];
+  if (retryAfter) {
+    const seconds = parseInt(retryAfter, 10);
+    if (!isNaN(seconds)) {
+      return Math.min(seconds * 1e3, MAX_BACKOFF_MS);
+    }
+  }
+  return Math.min(INITIAL_BACKOFF_MS * Math.pow(2, attempt), MAX_BACKOFF_MS);
+}
+async function requestWithRetry(config) {
+  let lastResponse;
+  for (let attempt = 0; attempt <= MAX_RETRIES; attempt++) {
+    const res = await (0, import_axios3.default)({ ...config, validateStatus: () => true });
+    lastResponse = res;
+    if (res.status !== 429) {
+      return res;
+    }
+    if (attempt < MAX_RETRIES) {
+      const delay = getRetryDelay(res, attempt);
+      await sleep(delay);
+    }
+  }
+  return lastResponse;
+}
+var BuildApiClient = class {
+  constructor(options) {
+    this.baseUrl = options.baseUrl.replace(/\/+$/, "");
+    this.clientId = options.clientId;
+    this.walletClient = options.walletClient;
+  }
+  /**
+   * Get the address of the connected wallet
+   */
+  get address() {
+    const account = this.walletClient?.account;
+    if (!account) {
+      throw new Error("WalletClient must have an account attached");
+    }
+    return account.address;
+  }
+  async submitBuild(payload) {
+    return this.authenticatedJsonRequest("/builds", "POST", payload);
+  }
+  async getBuild(buildId) {
+    return this.publicJsonRequest(`/builds/${encodeURIComponent(buildId)}`);
+  }
+  async getBuildByDigest(digest) {
+    return this.publicJsonRequest(`/builds/image/${encodeURIComponent(digest)}`);
+  }
+  async verify(identifier) {
+    return this.publicJsonRequest(`/builds/verify/${encodeURIComponent(identifier)}`);
+  }
+  async getLogs(buildId) {
+    return this.authenticatedTextRequest(`/builds/${encodeURIComponent(buildId)}/logs`);
+  }
+  async listBuilds(params) {
+    const res = await requestWithRetry({
+      url: `${this.baseUrl}/builds`,
+      method: "GET",
+      params,
+      headers: this.clientId ? { "x-client-id": this.clientId } : void 0,
+      timeout: 6e4
+    });
+    if (res.status < 200 || res.status >= 300) throw buildApiHttpError(res);
+    return res.data;
+  }
+  async publicJsonRequest(path) {
+    const res = await requestWithRetry({
+      url: `${this.baseUrl}${path}`,
+      method: "GET",
+      headers: this.clientId ? { "x-client-id": this.clientId } : void 0,
+      timeout: 6e4
+    });
+    if (res.status < 200 || res.status >= 300) throw buildApiHttpError(res);
+    return res.data;
+  }
+  async authenticatedJsonRequest(path, method, body) {
+    if (!this.walletClient?.account) {
+      throw new Error("WalletClient with account required for authenticated requests");
+    }
+    const headers = {
+      "Content-Type": "application/json"
+    };
+    if (this.clientId) headers["x-client-id"] = this.clientId;
+    const expiry = BigInt(Math.floor(Date.now() / 1e3) + 60);
+    const { signature } = await calculateBillingAuthSignature({
+      walletClient: this.walletClient,
+      product: "compute",
+      expiry
+    });
+    headers.Authorization = `Bearer ${signature}`;
+    headers["X-eigenx-expiry"] = expiry.toString();
+    headers["X-Account"] = this.address;
+    const res = await requestWithRetry({
+      url: `${this.baseUrl}${path}`,
+      method,
+      headers,
+      data: body,
+      timeout: 6e4
+    });
+    if (res.status < 200 || res.status >= 300) throw buildApiHttpError(res);
+    return res.data;
+  }
+  async authenticatedTextRequest(path) {
+    if (!this.walletClient?.account) {
+      throw new Error("WalletClient with account required for authenticated requests");
+    }
+    const headers = {};
+    if (this.clientId) headers["x-client-id"] = this.clientId;
+    const expiry = BigInt(Math.floor(Date.now() / 1e3) + 60);
+    const { signature } = await calculateBillingAuthSignature({
+      walletClient: this.walletClient,
+      product: "compute",
+      expiry
+    });
+    headers.Authorization = `Bearer ${signature}`;
+    headers["X-eigenx-expiry"] = expiry.toString();
+    headers["X-Account"] = this.address;
+    const res = await requestWithRetry({
+      url: `${this.baseUrl}${path}`,
+      method: "GET",
+      headers,
+      timeout: 6e4,
+      responseType: "text"
+    });
+    if (res.status < 200 || res.status >= 300) throw buildApiHttpError(res);
+    return typeof res.data === "string" ? res.data : JSON.stringify(res.data);
+  }
+};
+function buildApiHttpError(res) {
+  const status = res.status;
+  const body = typeof res.data === "string" ? res.data : res.data ? JSON.stringify(res.data) : "";
+  const url = res.config?.url ? ` ${res.config.url}` : "";
+  return new Error(`BuildAPI request failed: ${status}${url} - ${body || "Unknown error"}`);
+}
+
 // src/client/common/contract/eip7702.ts
 var import_viem4 = require("viem");
 
@@ -1777,6 +2302,96 @@ async function estimateBatchGas(options) {
     maxCostEth: formatETH(maxCostWei)
   };
 }
+async function checkERC7702Delegation(publicClient, account, delegatorAddress) {
+  const code = await publicClient.getCode({ address: account });
+  if (!code) {
+    return false;
+  }
+  const expectedCode = `0xef0100${delegatorAddress.slice(2)}`;
+  return code.toLowerCase() === expectedCode.toLowerCase();
+}
+async function executeBatch(options, logger = noopLogger) {
+  const { walletClient, publicClient, environmentConfig, executions, pendingMessage, gas } = options;
+  const account = walletClient.account;
+  if (!account) {
+    throw new Error("Wallet client must have an account");
+  }
+  const chain = walletClient.chain;
+  if (!chain) {
+    throw new Error("Wallet client must have a chain");
+  }
+  const executeBatchData = encodeExecuteBatchData(executions);
+  const isDelegated2 = await checkERC7702Delegation(
+    publicClient,
+    account.address,
+    environmentConfig.erc7702DelegatorAddress
+  );
+  let authorizationList = [];
+  if (!isDelegated2) {
+    const transactionNonce = await publicClient.getTransactionCount({
+      address: account.address,
+      blockTag: "pending"
+    });
+    const chainId = await publicClient.getChainId();
+    const authorizationNonce = transactionNonce + 1;
+    logger.debug("Using wallet client signing for EIP-7702 authorization");
+    const signedAuthorization = await walletClient.signAuthorization({
+      account: account.address,
+      contractAddress: environmentConfig.erc7702DelegatorAddress,
+      chainId,
+      nonce: Number(authorizationNonce)
+    });
+    authorizationList = [signedAuthorization];
+  }
+  if (pendingMessage) {
+    logger.info(pendingMessage);
+  }
+  const txRequest = {
+    account: walletClient.account,
+    chain,
+    to: account.address,
+    data: executeBatchData,
+    value: 0n
+  };
+  if (authorizationList.length > 0) {
+    txRequest.authorizationList = authorizationList;
+  }
+  if (gas?.maxFeePerGas) {
+    txRequest.maxFeePerGas = gas.maxFeePerGas;
+  }
+  if (gas?.maxPriorityFeePerGas) {
+    txRequest.maxPriorityFeePerGas = gas.maxPriorityFeePerGas;
+  }
+  const hash = await walletClient.sendTransaction(txRequest);
+  logger.info(`Transaction sent: ${hash}`);
+  const receipt = await publicClient.waitForTransactionReceipt({ hash });
+  if (receipt.status === "reverted") {
+    let revertReason = "Unknown reason";
+    try {
+      await publicClient.call({
+        to: account.address,
+        data: executeBatchData,
+        account: account.address
+      });
+    } catch (callError) {
+      if (callError.data) {
+        try {
+          const decoded = (0, import_viem4.decodeErrorResult)({
+            abi: ERC7702Delegator_default,
+            data: callError.data
+          });
+          revertReason = `${decoded.errorName}: ${JSON.stringify(decoded.args)}`;
+        } catch {
+          revertReason = callError.message || "Unknown reason";
+        }
+      } else {
+        revertReason = callError.message || "Unknown reason";
+      }
+    }
+    throw new Error(`Transaction reverted: ${hash}. Reason: ${revertReason}`);
+  }
+  return hash;
+}
 
 // src/client/common/contract/caller.ts
 var import_viem5 = require("viem");
@@ -2829,57 +3444,1049 @@ var AppController_default = [
   }
 ];
 
-// src/client/common/contract/caller.ts
-function formatETH(wei) {
-  const eth = Number(wei) / 1e18;
-  const costStr = eth.toFixed(6);
-  const trimmed = costStr.replace(/\.?0+$/, "");
-  if (trimmed === "0" && wei > 0n) {
-    return "<0.000001";
-  }
-  return trimmed;
-}
-async function estimateTransactionGas(options) {
-  const { publicClient, from, to, data, value = 0n } = options;
-  const fees = await publicClient.estimateFeesPerGas();
-  const gasLimit = await publicClient.estimateGas({
-    account: from,
-    to,
-    data,
-    value
-  });
-  const maxFeePerGas = fees.maxFeePerGas;
-  const maxPriorityFeePerGas = fees.maxPriorityFeePerGas;
-  const maxCostWei = gasLimit * maxFeePerGas;
-  const maxCostEth = formatETH(maxCostWei);
-  return {
-    gasLimit,
-    maxFeePerGas,
-    maxPriorityFeePerGas,
-    maxCostWei,
-    maxCostEth
-  };
-}
-async function getActiveAppCount(publicClient, environmentConfig, user) {
-  const count = await publicClient.readContract({
-    address: environmentConfig.appControllerAddress,
-    abi: AppController_default,
-    functionName: "getActiveAppCount",
-    args: [user]
-  });
-  return Number(count);
-}
-async function getMaxActiveAppsPerUser(publicClient, environmentConfig, user) {
-  const quota = await publicClient.readContract({
-    address: environmentConfig.appControllerAddress,
-    abi: AppController_default,
-    functionName: "getMaxActiveAppsPerUser",
-    args: [user]
-  });
-  return Number(quota);
-}
-async function getAppsByCreator(publicClient, environmentConfig, creator, offset, limit) {
-  const result = await publicClient.readContract({
+// src/client/common/abis/PermissionController.json
+var PermissionController_default = [
+  {
+    type: "function",
+    name: "acceptAdmin",
+    inputs: [
+      {
+        name: "account",
+        type: "address",
+        internalType: "address"
+      }
+    ],
+    outputs: [],
+    stateMutability: "nonpayable"
+  },
+  {
+    type: "function",
+    name: "addPendingAdmin",
+    inputs: [
+      {
+        name: "account",
+        type: "address",
+        internalType: "address"
+      },
+      {
+        name: "admin",
+        type: "address",
+        internalType: "address"
+      }
+    ],
+    outputs: [],
+    stateMutability: "nonpayable"
+  },
+  {
+    type: "function",
+    name: "canCall",
+    inputs: [
+      {
+        name: "account",
+        type: "address",
+        internalType: "address"
+      },
+      {
+        name: "caller",
+        type: "address",
+        internalType: "address"
+      },
+      {
+        name: "target",
+        type: "address",
+        internalType: "address"
+      },
+      {
+        name: "selector",
+        type: "bytes4",
+        internalType: "bytes4"
+      }
+    ],
+    outputs: [
+      {
+        name: "",
+        type: "bool",
+        internalType: "bool"
+      }
+    ],
+    stateMutability: "nonpayable"
+  },
+  {
+    type: "function",
+    name: "getAdmins",
+    inputs: [
+      {
+        name: "account",
+        type: "address",
+        internalType: "address"
+      }
+    ],
+    outputs: [
+      {
+        name: "",
+        type: "address[]",
+        internalType: "address[]"
+      }
+    ],
+    stateMutability: "view"
+  },
+  {
+    type: "function",
+    name: "getAppointeePermissions",
+    inputs: [
+      {
+        name: "account",
+        type: "address",
+        internalType: "address"
+      },
+      {
+        name: "appointee",
+        type: "address",
+        internalType: "address"
+      }
+    ],
+    outputs: [
+      {
+        name: "",
+        type: "address[]",
+        internalType: "address[]"
+      },
+      {
+        name: "",
+        type: "bytes4[]",
+        internalType: "bytes4[]"
+      }
+    ],
+    stateMutability: "nonpayable"
+  },
+  {
+    type: "function",
+    name: "getAppointees",
+    inputs: [
+      {
+        name: "account",
+        type: "address",
+        internalType: "address"
+      },
+      {
+        name: "target",
+        type: "address",
+        internalType: "address"
+      },
+      {
+        name: "selector",
+        type: "bytes4",
+        internalType: "bytes4"
+      }
+    ],
+    outputs: [
+      {
+        name: "",
+        type: "address[]",
+        internalType: "address[]"
+      }
+    ],
+    stateMutability: "nonpayable"
+  },
+  {
+    type: "function",
+    name: "getPendingAdmins",
+    inputs: [
+      {
+        name: "account",
+        type: "address",
+        internalType: "address"
+      }
+    ],
+    outputs: [
+      {
+        name: "",
+        type: "address[]",
+        internalType: "address[]"
+      }
+    ],
+    stateMutability: "view"
+  },
+  {
+    type: "function",
+    name: "isAdmin",
+    inputs: [
+      {
+        name: "account",
+        type: "address",
+        internalType: "address"
+      },
+      {
+        name: "caller",
+        type: "address",
+        internalType: "address"
+      }
+    ],
+    outputs: [
+      {
+        name: "",
+        type: "bool",
+        internalType: "bool"
+      }
+    ],
+    stateMutability: "view"
+  },
+  {
+    type: "function",
+    name: "isPendingAdmin",
+    inputs: [
+      {
+        name: "account",
+        type: "address",
+        internalType: "address"
+      },
+      {
+        name: "pendingAdmin",
+        type: "address",
+        internalType: "address"
+      }
+    ],
+    outputs: [
+      {
+        name: "",
+        type: "bool",
+        internalType: "bool"
+      }
+    ],
+    stateMutability: "view"
+  },
+  {
+    type: "function",
+    name: "removeAdmin",
+    inputs: [
+      {
+        name: "account",
+        type: "address",
+        internalType: "address"
+      },
+      {
+        name: "admin",
+        type: "address",
+        internalType: "address"
+      }
+    ],
+    outputs: [],
+    stateMutability: "nonpayable"
+  },
+  {
+    type: "function",
+    name: "removeAppointee",
+    inputs: [
+      {
+        name: "account",
+        type: "address",
+        internalType: "address"
+      },
+      {
+        name: "appointee",
+        type: "address",
+        internalType: "address"
+      },
+      {
+        name: "target",
+        type: "address",
+        internalType: "address"
+      },
+      {
+        name: "selector",
+        type: "bytes4",
+        internalType: "bytes4"
+      }
+    ],
+    outputs: [],
+    stateMutability: "nonpayable"
+  },
+  {
+    type: "function",
+    name: "removePendingAdmin",
+    inputs: [
+      {
+        name: "account",
+        type: "address",
+        internalType: "address"
+      },
+      {
+        name: "admin",
+        type: "address",
+        internalType: "address"
+      }
+    ],
+    outputs: [],
+    stateMutability: "nonpayable"
+  },
+  {
+    type: "function",
+    name: "setAppointee",
+    inputs: [
+      {
+        name: "account",
+        type: "address",
+        internalType: "address"
+      },
+      {
+        name: "appointee",
+        type: "address",
+        internalType: "address"
+      },
+      {
+        name: "target",
+        type: "address",
+        internalType: "address"
+      },
+      {
+        name: "selector",
+        type: "bytes4",
+        internalType: "bytes4"
+      }
+    ],
+    outputs: [],
+    stateMutability: "nonpayable"
+  },
+  {
+    type: "function",
+    name: "version",
+    inputs: [],
+    outputs: [
+      {
+        name: "",
+        type: "string",
+        internalType: "string"
+      }
+    ],
+    stateMutability: "view"
+  },
+  {
+    type: "event",
+    name: "AdminRemoved",
+    inputs: [
+      {
+        name: "account",
+        type: "address",
+        indexed: true,
+        internalType: "address"
+      },
+      {
+        name: "admin",
+        type: "address",
+        indexed: false,
+        internalType: "address"
+      }
+    ],
+    anonymous: false
+  },
+  {
+    type: "event",
+    name: "AdminSet",
+    inputs: [
+      {
+        name: "account",
+        type: "address",
+        indexed: true,
+        internalType: "address"
+      },
+      {
+        name: "admin",
+        type: "address",
+        indexed: false,
+        internalType: "address"
+      }
+    ],
+    anonymous: false
+  },
+  {
+    type: "event",
+    name: "AppointeeRemoved",
+    inputs: [
+      {
+        name: "account",
+        type: "address",
+        indexed: true,
+        internalType: "address"
+      },
+      {
+        name: "appointee",
+        type: "address",
+        indexed: true,
+        internalType: "address"
+      },
+      {
+        name: "target",
+        type: "address",
+        indexed: false,
+        internalType: "address"
+      },
+      {
+        name: "selector",
+        type: "bytes4",
+        indexed: false,
+        internalType: "bytes4"
+      }
+    ],
+    anonymous: false
+  },
+  {
+    type: "event",
+    name: "AppointeeSet",
+    inputs: [
+      {
+        name: "account",
+        type: "address",
+        indexed: true,
+        internalType: "address"
+      },
+      {
+        name: "appointee",
+        type: "address",
+        indexed: true,
+        internalType: "address"
+      },
+      {
+        name: "target",
+        type: "address",
+        indexed: false,
+        internalType: "address"
+      },
+      {
+        name: "selector",
+        type: "bytes4",
+        indexed: false,
+        internalType: "bytes4"
+      }
+    ],
+    anonymous: false
+  },
+  {
+    type: "event",
+    name: "PendingAdminAdded",
+    inputs: [
+      {
+        name: "account",
+        type: "address",
+        indexed: true,
+        internalType: "address"
+      },
+      {
+        name: "admin",
+        type: "address",
+        indexed: false,
+        internalType: "address"
+      }
+    ],
+    anonymous: false
+  },
+  {
+    type: "event",
+    name: "PendingAdminRemoved",
+    inputs: [
+      {
+        name: "account",
+        type: "address",
+        indexed: true,
+        internalType: "address"
+      },
+      {
+        name: "admin",
+        type: "address",
+        indexed: false,
+        internalType: "address"
+      }
+    ],
+    anonymous: false
+  },
+  {
+    type: "error",
+    name: "AdminAlreadyPending",
+    inputs: []
+  },
+  {
+    type: "error",
+    name: "AdminAlreadySet",
+    inputs: []
+  },
+  {
+    type: "error",
+    name: "AdminNotPending",
+    inputs: []
+  },
+  {
+    type: "error",
+    name: "AdminNotSet",
+    inputs: []
+  },
+  {
+    type: "error",
+    name: "AppointeeAlreadySet",
+    inputs: []
+  },
+  {
+    type: "error",
+    name: "AppointeeNotSet",
+    inputs: []
+  },
+  {
+    type: "error",
+    name: "CannotHaveZeroAdmins",
+    inputs: []
+  },
+  {
+    type: "error",
+    name: "NotAdmin",
+    inputs: []
+  }
+];
+
+// src/client/common/contract/caller.ts
+function formatETH(wei) {
+  const eth = Number(wei) / 1e18;
+  const costStr = eth.toFixed(6);
+  const trimmed = costStr.replace(/\.?0+$/, "");
+  if (trimmed === "0" && wei > 0n) {
+    return "<0.000001";
+  }
+  return trimmed;
+}
+async function estimateTransactionGas(options) {
+  const { publicClient, from, to, data, value = 0n } = options;
+  const fees = await publicClient.estimateFeesPerGas();
+  const gasLimit = await publicClient.estimateGas({
+    account: from,
+    to,
+    data,
+    value
+  });
+  const maxFeePerGas = fees.maxFeePerGas;
+  const maxPriorityFeePerGas = fees.maxPriorityFeePerGas;
+  const maxCostWei = gasLimit * maxFeePerGas;
+  const maxCostEth = formatETH(maxCostWei);
+  return {
+    gasLimit,
+    maxFeePerGas,
+    maxPriorityFeePerGas,
+    maxCostWei,
+    maxCostEth
+  };
+}
+async function calculateAppID(options) {
+  const { publicClient, environmentConfig, ownerAddress, salt } = options;
+  const saltHexString = (0, import_viem5.bytesToHex)(salt).slice(2);
+  const paddedSaltHex = saltHexString.padStart(64, "0");
+  const saltHex = `0x${paddedSaltHex}`;
+  const appID = await publicClient.readContract({
+    address: environmentConfig.appControllerAddress,
+    abi: AppController_default,
+    functionName: "calculateAppId",
+    args: [ownerAddress, saltHex]
+  });
+  return appID;
+}
+async function prepareDeployBatch(options, logger = noopLogger) {
+  const { walletClient, publicClient, environmentConfig, salt, release, publicLogs } = options;
+  const account = walletClient.account;
+  if (!account) {
+    throw new Error("WalletClient must have an account attached");
+  }
+  logger.info("Calculating app ID...");
+  const appId = await calculateAppID({
+    publicClient,
+    environmentConfig,
+    ownerAddress: account.address,
+    salt
+  });
+  logger.debug(`App ID calculated: ${appId}`);
+  logger.debug(`This address will be used for acceptAdmin call`);
+  const saltHexString = (0, import_viem5.bytesToHex)(salt).slice(2);
+  const paddedSaltHex = saltHexString.padStart(64, "0");
+  const saltHex = `0x${paddedSaltHex}`;
+  const releaseForViem = {
+    rmsRelease: {
+      artifacts: release.rmsRelease.artifacts.map((artifact) => ({
+        digest: `0x${(0, import_viem5.bytesToHex)(artifact.digest).slice(2).padStart(64, "0")}`,
+        registry: artifact.registry
+      })),
+      upgradeByTime: release.rmsRelease.upgradeByTime
+    },
+    publicEnv: (0, import_viem5.bytesToHex)(release.publicEnv),
+    encryptedEnv: (0, import_viem5.bytesToHex)(release.encryptedEnv)
+  };
+  const createData = (0, import_viem5.encodeFunctionData)({
+    abi: AppController_default,
+    functionName: "createApp",
+    args: [saltHex, releaseForViem]
+  });
+  const acceptAdminData = (0, import_viem5.encodeFunctionData)({
+    abi: PermissionController_default,
+    functionName: "acceptAdmin",
+    args: [appId]
+  });
+  const executions = [
+    {
+      target: environmentConfig.appControllerAddress,
+      value: 0n,
+      callData: createData
+    },
+    {
+      target: environmentConfig.permissionControllerAddress,
+      value: 0n,
+      callData: acceptAdminData
+    }
+  ];
+  if (publicLogs) {
+    const anyoneCanViewLogsData = (0, import_viem5.encodeFunctionData)({
+      abi: PermissionController_default,
+      functionName: "setAppointee",
+      args: [
+        appId,
+        "0x493219d9949348178af1f58740655951a8cd110c",
+        // AnyoneCanCallAddress
+        "0x57ee1fb74c1087e26446abc4fb87fd8f07c43d8d",
+        // ApiPermissionsTarget
+        "0x2fd3f2fe"
+        // CanViewAppLogsPermission
+      ]
+    });
+    executions.push({
+      target: environmentConfig.permissionControllerAddress,
+      value: 0n,
+      callData: anyoneCanViewLogsData
+    });
+  }
+  return {
+    appId,
+    salt,
+    executions,
+    walletClient,
+    publicClient,
+    environmentConfig
+  };
+}
+async function executeDeployBatch(data, context, gas, logger = noopLogger) {
+  const pendingMessage = "Deploying new app...";
+  const txHash = await executeBatch(
+    {
+      walletClient: context.walletClient,
+      publicClient: context.publicClient,
+      environmentConfig: context.environmentConfig,
+      executions: data.executions,
+      pendingMessage,
+      gas
+    },
+    logger
+  );
+  return { appId: data.appId, txHash };
+}
+async function deployApp(options, logger = noopLogger) {
+  const prepared = await prepareDeployBatch(options, logger);
+  const data = {
+    appId: prepared.appId,
+    salt: prepared.salt,
+    executions: prepared.executions
+  };
+  const context = {
+    walletClient: prepared.walletClient,
+    publicClient: prepared.publicClient,
+    environmentConfig: prepared.environmentConfig
+  };
+  return executeDeployBatch(data, context, options.gas, logger);
+}
+function supportsEIP7702(walletClient) {
+  const account = walletClient.account;
+  if (!account) return false;
+  return account.type === "local";
+}
+async function executeDeploySequential(options, logger = noopLogger) {
+  const { walletClient, publicClient, environmentConfig, data, publicLogs, onProgress } = options;
+  const account = walletClient.account;
+  if (!account) {
+    throw new Error("WalletClient must have an account attached");
+  }
+  const chain = getChainFromID(environmentConfig.chainID);
+  const txHashes = {
+    createApp: "0x",
+    acceptAdmin: "0x"
+  };
+  logger.info("Step 1/3: Creating app...");
+  onProgress?.("createApp");
+  const createAppExecution = data.executions[0];
+  const createAppHash = await walletClient.sendTransaction({
+    account,
+    to: createAppExecution.target,
+    data: createAppExecution.callData,
+    value: createAppExecution.value,
+    chain
+  });
+  logger.info(`createApp transaction sent: ${createAppHash}`);
+  const createAppReceipt = await publicClient.waitForTransactionReceipt({ hash: createAppHash });
+  if (createAppReceipt.status === "reverted") {
+    throw new Error(`createApp transaction reverted: ${createAppHash}`);
+  }
+  txHashes.createApp = createAppHash;
+  logger.info(`createApp confirmed in block ${createAppReceipt.blockNumber}`);
+  logger.info("Step 2/3: Accepting admin role...");
+  onProgress?.("acceptAdmin", createAppHash);
+  const acceptAdminExecution = data.executions[1];
+  const acceptAdminHash = await walletClient.sendTransaction({
+    account,
+    to: acceptAdminExecution.target,
+    data: acceptAdminExecution.callData,
+    value: acceptAdminExecution.value,
+    chain
+  });
+  logger.info(`acceptAdmin transaction sent: ${acceptAdminHash}`);
+  const acceptAdminReceipt = await publicClient.waitForTransactionReceipt({
+    hash: acceptAdminHash
+  });
+  if (acceptAdminReceipt.status === "reverted") {
+    throw new Error(`acceptAdmin transaction reverted: ${acceptAdminHash}`);
+  }
+  txHashes.acceptAdmin = acceptAdminHash;
+  logger.info(`acceptAdmin confirmed in block ${acceptAdminReceipt.blockNumber}`);
+  if (publicLogs && data.executions.length > 2) {
+    logger.info("Step 3/3: Setting public logs permission...");
+    onProgress?.("setPublicLogs", acceptAdminHash);
+    const setAppointeeExecution = data.executions[2];
+    const setAppointeeHash = await walletClient.sendTransaction({
+      account,
+      to: setAppointeeExecution.target,
+      data: setAppointeeExecution.callData,
+      value: setAppointeeExecution.value,
+      chain
+    });
+    logger.info(`setAppointee transaction sent: ${setAppointeeHash}`);
+    const setAppointeeReceipt = await publicClient.waitForTransactionReceipt({
+      hash: setAppointeeHash
+    });
+    if (setAppointeeReceipt.status === "reverted") {
+      throw new Error(`setAppointee transaction reverted: ${setAppointeeHash}`);
+    }
+    txHashes.setPublicLogs = setAppointeeHash;
+    logger.info(`setAppointee confirmed in block ${setAppointeeReceipt.blockNumber}`);
+  }
+  onProgress?.("complete", txHashes.setPublicLogs || txHashes.acceptAdmin);
+  logger.info(`Deployment complete! App ID: ${data.appId}`);
+  return {
+    appId: data.appId,
+    txHashes
+  };
+}
+async function supportsEIP5792(walletClient) {
+  try {
+    if (typeof walletClient.getCapabilities !== "function") {
+      return false;
+    }
+    const account = walletClient.account;
+    if (!account) return false;
+    const capabilities = await walletClient.getCapabilities({
+      account: account.address
+    });
+    return capabilities !== null && capabilities !== void 0 && Object.keys(capabilities).length > 0;
+  } catch {
+    return false;
+  }
+}
+async function executeDeployBatched(options, logger = noopLogger) {
+  const { walletClient, environmentConfig, data, publicLogs, onProgress } = options;
+  const account = walletClient.account;
+  if (!account) {
+    throw new Error("WalletClient must have an account attached");
+  }
+  const chain = getChainFromID(environmentConfig.chainID);
+  const calls = data.executions.map(
+    (execution) => ({
+      to: execution.target,
+      data: execution.callData,
+      value: execution.value
+    })
+  );
+  const filteredCalls = publicLogs ? calls : calls.slice(0, 2);
+  logger.info(`Deploying with EIP-5792 sendCalls (${filteredCalls.length} calls)...`);
+  onProgress?.("createApp");
+  try {
+    const { id: batchId } = await walletClient.sendCalls({
+      account,
+      chain,
+      calls: filteredCalls,
+      forceAtomic: true
+    });
+    logger.info(`Batch submitted with ID: ${batchId}`);
+    onProgress?.("acceptAdmin");
+    let status;
+    let attempts = 0;
+    const maxAttempts = 120;
+    while (attempts < maxAttempts) {
+      try {
+        status = await walletClient.getCallsStatus({ id: batchId });
+        if (status.status === "success" || status.status === "confirmed") {
+          logger.info(`Batch confirmed with ${status.receipts?.length || 0} receipts`);
+          break;
+        }
+        if (status.status === "failed" || status.status === "reverted") {
+          throw new Error(`Batch transaction failed: ${status.status}`);
+        }
+      } catch (statusError) {
+        if (statusError.message?.includes("not supported")) {
+          logger.warn("getCallsStatus not supported, waiting for chain confirmation...");
+          await new Promise((resolve) => setTimeout(resolve, 15e3));
+          break;
+        }
+        throw statusError;
+      }
+      await new Promise((resolve) => setTimeout(resolve, 5e3));
+      attempts++;
+    }
+    if (attempts >= maxAttempts) {
+      throw new Error("Timeout waiting for batch confirmation");
+    }
+    if (publicLogs) {
+      onProgress?.("setPublicLogs");
+    }
+    onProgress?.("complete");
+    const receipts = (status?.receipts || []).map((r) => ({
+      transactionHash: r.transactionHash || r.hash
+    }));
+    logger.info(`Deployment complete! App ID: ${data.appId}`);
+    return {
+      appId: data.appId,
+      batchId,
+      receipts
+    };
+  } catch (error) {
+    if (error.message?.includes("not supported") || error.message?.includes("wallet_sendCalls") || error.code === -32601) {
+      throw new Error("EIP5792_NOT_SUPPORTED");
+    }
+    throw error;
+  }
+}
+async function prepareUpgradeBatch(options) {
+  const {
+    walletClient,
+    publicClient,
+    environmentConfig,
+    appID,
+    release,
+    publicLogs,
+    needsPermissionChange
+  } = options;
+  const releaseForViem = {
+    rmsRelease: {
+      artifacts: release.rmsRelease.artifacts.map((artifact) => ({
+        digest: `0x${(0, import_viem5.bytesToHex)(artifact.digest).slice(2).padStart(64, "0")}`,
+        registry: artifact.registry
+      })),
+      upgradeByTime: release.rmsRelease.upgradeByTime
+    },
+    publicEnv: (0, import_viem5.bytesToHex)(release.publicEnv),
+    encryptedEnv: (0, import_viem5.bytesToHex)(release.encryptedEnv)
+  };
+  const upgradeData = (0, import_viem5.encodeFunctionData)({
+    abi: AppController_default,
+    functionName: "upgradeApp",
+    args: [appID, releaseForViem]
+  });
+  const executions = [
+    {
+      target: environmentConfig.appControllerAddress,
+      value: 0n,
+      callData: upgradeData
+    }
+  ];
+  if (needsPermissionChange) {
+    if (publicLogs) {
+      const addLogsData = (0, import_viem5.encodeFunctionData)({
+        abi: PermissionController_default,
+        functionName: "setAppointee",
+        args: [
+          appID,
+          "0x493219d9949348178af1f58740655951a8cd110c",
+          // AnyoneCanCallAddress
+          "0x57ee1fb74c1087e26446abc4fb87fd8f07c43d8d",
+          // ApiPermissionsTarget
+          "0x2fd3f2fe"
+          // CanViewAppLogsPermission
+        ]
+      });
+      executions.push({
+        target: environmentConfig.permissionControllerAddress,
+        value: 0n,
+        callData: addLogsData
+      });
+    } else {
+      const removeLogsData = (0, import_viem5.encodeFunctionData)({
+        abi: PermissionController_default,
+        functionName: "removeAppointee",
+        args: [
+          appID,
+          "0x493219d9949348178af1f58740655951a8cd110c",
+          // AnyoneCanCallAddress
+          "0x57ee1fb74c1087e26446abc4fb87fd8f07c43d8d",
+          // ApiPermissionsTarget
+          "0x2fd3f2fe"
+          // CanViewAppLogsPermission
+        ]
+      });
+      executions.push({
+        target: environmentConfig.permissionControllerAddress,
+        value: 0n,
+        callData: removeLogsData
+      });
+    }
+  }
+  return {
+    appId: appID,
+    executions,
+    walletClient,
+    publicClient,
+    environmentConfig
+  };
+}
+async function executeUpgradeBatch(data, context, gas, logger = noopLogger) {
+  const pendingMessage = `Upgrading app ${data.appId}...`;
+  const txHash = await executeBatch(
+    {
+      walletClient: context.walletClient,
+      publicClient: context.publicClient,
+      environmentConfig: context.environmentConfig,
+      executions: data.executions,
+      pendingMessage,
+      gas
+    },
+    logger
+  );
+  return txHash;
+}
+async function upgradeApp(options, logger = noopLogger) {
+  const prepared = await prepareUpgradeBatch(options);
+  const data = {
+    appId: prepared.appId,
+    executions: prepared.executions
+  };
+  const context = {
+    walletClient: prepared.walletClient,
+    publicClient: prepared.publicClient,
+    environmentConfig: prepared.environmentConfig
+  };
+  return executeUpgradeBatch(data, context, options.gas, logger);
+}
+async function sendAndWaitForTransaction(options, logger = noopLogger) {
+  const {
+    walletClient,
+    publicClient,
+    environmentConfig,
+    to,
+    data,
+    value = 0n,
+    pendingMessage,
+    txDescription,
+    gas
+  } = options;
+  const account = walletClient.account;
+  if (!account) {
+    throw new Error("WalletClient must have an account attached");
+  }
+  const chain = getChainFromID(environmentConfig.chainID);
+  if (pendingMessage) {
+    logger.info(`
+${pendingMessage}`);
+  }
+  const hash = await walletClient.sendTransaction({
+    account,
+    to,
+    data,
+    value,
+    ...gas?.maxFeePerGas && { maxFeePerGas: gas.maxFeePerGas },
+    ...gas?.maxPriorityFeePerGas && {
+      maxPriorityFeePerGas: gas.maxPriorityFeePerGas
+    },
+    chain
+  });
+  logger.info(`Transaction sent: ${hash}`);
+  const receipt = await publicClient.waitForTransactionReceipt({ hash });
+  if (receipt.status === "reverted") {
+    let revertReason = "Unknown reason";
+    try {
+      await publicClient.call({
+        to,
+        data,
+        account: account.address
+      });
+    } catch (callError) {
+      if (callError.data) {
+        try {
+          const decoded = (0, import_viem5.decodeErrorResult)({
+            abi: AppController_default,
+            data: callError.data
+          });
+          const formattedError = formatAppControllerError(decoded);
+          revertReason = formattedError.message;
+        } catch {
+          revertReason = callError.message || "Unknown reason";
+        }
+      } else {
+        revertReason = callError.message || "Unknown reason";
+      }
+    }
+    logger.error(`${txDescription} transaction (hash: ${hash}) reverted: ${revertReason}`);
+    throw new Error(`${txDescription} transaction (hash: ${hash}) reverted: ${revertReason}`);
+  }
+  return hash;
+}
+function formatAppControllerError(decoded) {
+  const errorName = decoded.errorName;
+  switch (errorName) {
+    case "MaxActiveAppsExceeded":
+      return new Error(
+        "you have reached your app deployment limit. To request access or increase your limit, please visit https://onboarding.eigencloud.xyz/ or reach out to the Eigen team"
+      );
+    case "GlobalMaxActiveAppsExceeded":
+      return new Error(
+        "the platform has reached the maximum number of active apps. please try again later"
+      );
+    case "InvalidPermissions":
+      return new Error("you don't have permission to perform this operation");
+    case "AppAlreadyExists":
+      return new Error("an app with this owner and salt already exists");
+    case "AppDoesNotExist":
+      return new Error("the specified app does not exist");
+    case "InvalidAppStatus":
+      return new Error("the app is in an invalid state for this operation");
+    case "MoreThanOneArtifact":
+      return new Error("only one artifact is allowed per release");
+    case "InvalidSignature":
+      return new Error("invalid signature provided");
+    case "SignatureExpired":
+      return new Error("the provided signature has expired");
+    case "InvalidReleaseMetadataURI":
+      return new Error("invalid release metadata URI provided");
+    case "InvalidShortString":
+      return new Error("invalid short string format");
+    default:
+      return new Error(`contract error: ${errorName}`);
+  }
+}
+async function getActiveAppCount(publicClient, environmentConfig, user) {
+  const count = await publicClient.readContract({
+    address: environmentConfig.appControllerAddress,
+    abi: AppController_default,
+    functionName: "getActiveAppCount",
+    args: [user]
+  });
+  return Number(count);
+}
+async function getMaxActiveAppsPerUser(publicClient, environmentConfig, user) {
+  const quota = await publicClient.readContract({
+    address: environmentConfig.appControllerAddress,
+    abi: AppController_default,
+    functionName: "getMaxActiveAppsPerUser",
+    args: [user]
+  });
+  return Number(quota);
+}
+async function getAppsByCreator(publicClient, environmentConfig, creator, offset, limit) {
+  const result = await publicClient.readContract({
     address: environmentConfig.appControllerAddress,
     abi: AppController_default,
     functionName: "getAppsByCreator",
@@ -2907,7 +4514,13 @@ async function getAllAppsByDeveloper(publicClient, env, developer, pageSize = 10
   const allApps = [];
   const allConfigs = [];
   while (true) {
-    const { apps, appConfigs } = await getAppsByDeveloper(publicClient, env, developer, offset, pageSize);
+    const { apps, appConfigs } = await getAppsByDeveloper(
+      publicClient,
+      env,
+      developer,
+      offset,
+      pageSize
+    );
     if (apps.length === 0) break;
     allApps.push(...apps);
     allConfigs.push(...appConfigs);
@@ -2919,6 +4532,74 @@ async function getAllAppsByDeveloper(publicClient, env, developer, pageSize = 10
     appConfigs: allConfigs
   };
 }
+async function suspend(options, logger = noopLogger) {
+  const { walletClient, publicClient, environmentConfig, account, apps } = options;
+  const suspendData = (0, import_viem5.encodeFunctionData)({
+    abi: AppController_default,
+    functionName: "suspend",
+    args: [account, apps]
+  });
+  const pendingMessage = `Suspending ${apps.length} app(s)...`;
+  return sendAndWaitForTransaction(
+    {
+      walletClient,
+      publicClient,
+      environmentConfig,
+      to: environmentConfig.appControllerAddress,
+      data: suspendData,
+      pendingMessage,
+      txDescription: "Suspend"
+    },
+    logger
+  );
+}
+async function isDelegated(options) {
+  const { publicClient, environmentConfig, address } = options;
+  return checkERC7702Delegation(
+    publicClient,
+    address,
+    environmentConfig.erc7702DelegatorAddress
+  );
+}
+async function undelegate(options, logger = noopLogger) {
+  const { walletClient, publicClient, environmentConfig } = options;
+  const account = walletClient.account;
+  if (!account) {
+    throw new Error("WalletClient must have an account attached");
+  }
+  const chain = getChainFromID(environmentConfig.chainID);
+  const transactionNonce = await publicClient.getTransactionCount({
+    address: account.address,
+    blockTag: "pending"
+  });
+  const chainId = await publicClient.getChainId();
+  const authorizationNonce = BigInt(transactionNonce) + 1n;
+  logger.debug("Signing undelegate authorization");
+  const signedAuthorization = await walletClient.signAuthorization({
+    contractAddress: "0x0000000000000000000000000000000000000000",
+    chainId,
+    nonce: Number(authorizationNonce),
+    account
+  });
+  const authorizationList = [signedAuthorization];
+  const hash = await walletClient.sendTransaction({
+    account,
+    to: account.address,
+    // Send to self
+    data: "0x",
+    // Empty data
+    value: 0n,
+    authorizationList,
+    chain
+  });
+  logger.info(`Transaction sent: ${hash}`);
+  const receipt = await publicClient.waitForTransactionReceipt({ hash });
+  if (receipt.status === "reverted") {
+    logger.error(`Undelegate transaction (hash: ${hash}) reverted`);
+    throw new Error(`Undelegate transaction (hash: ${hash}) reverted`);
+  }
+  return hash;
+}
 
 // src/client/common/contract/encoders.ts
 var import_viem6 = require("viem");
@@ -2948,33 +4629,396 @@ function encodeTerminateAppData(appId) {
     args: [appId]
   });
 }
+
+// src/client/common/auth/siwe.ts
+var import_siwe = require("siwe");
+var generateNonce = import_siwe.generateNonce;
+function createSiweMessage(params) {
+  const now = /* @__PURE__ */ new Date();
+  const nonce = params.nonce || generateNonce();
+  const issuedAt = params.issuedAt || now;
+  const expirationTime = params.expirationTime || new Date(now.getTime() + 24 * 60 * 60 * 1e3);
+  const siweMessage = new import_siwe.SiweMessage({
+    domain: params.domain,
+    address: params.address,
+    statement: params.statement,
+    uri: params.uri,
+    version: "1",
+    chainId: params.chainId,
+    nonce,
+    issuedAt: issuedAt.toISOString(),
+    expirationTime: expirationTime.toISOString(),
+    notBefore: params.notBefore?.toISOString(),
+    requestId: params.requestId,
+    resources: params.resources
+  });
+  return {
+    message: siweMessage.prepareMessage(),
+    params: {
+      address: params.address,
+      chainId: params.chainId,
+      domain: params.domain,
+      uri: params.uri,
+      nonce,
+      issuedAt,
+      statement: params.statement,
+      expirationTime,
+      notBefore: params.notBefore,
+      requestId: params.requestId,
+      resources: params.resources
+    }
+  };
+}
+function parseSiweMessage(message) {
+  try {
+    const siweMessage = new import_siwe.SiweMessage(message);
+    return {
+      address: siweMessage.address,
+      chainId: siweMessage.chainId,
+      domain: siweMessage.domain,
+      uri: siweMessage.uri,
+      nonce: siweMessage.nonce,
+      statement: siweMessage.statement,
+      issuedAt: siweMessage.issuedAt ? new Date(siweMessage.issuedAt) : void 0,
+      expirationTime: siweMessage.expirationTime ? new Date(siweMessage.expirationTime) : void 0,
+      notBefore: siweMessage.notBefore ? new Date(siweMessage.notBefore) : void 0,
+      requestId: siweMessage.requestId,
+      resources: siweMessage.resources
+    };
+  } catch {
+    return null;
+  }
+}
+function isSiweMessageExpired(params) {
+  if (!params.expirationTime) return false;
+  return /* @__PURE__ */ new Date() > params.expirationTime;
+}
+function isSiweMessageNotYetValid(params) {
+  if (!params.notBefore) return false;
+  return /* @__PURE__ */ new Date() < params.notBefore;
+}
+
+// src/client/common/hooks/useComputeSession.ts
+var import_react = require("react");
+function useComputeSession(config) {
+  const {
+    baseUrl,
+    refreshInterval = 6e4,
+    // 1 minute default
+    checkOnMount = true,
+    onSessionExpired,
+    onSessionRefreshed,
+    onError
+  } = config;
+  const [session, setSession] = (0, import_react.useState)(null);
+  const [isLoading, setIsLoading] = (0, import_react.useState)(checkOnMount);
+  const [error, setError] = (0, import_react.useState)(null);
+  const wasAuthenticatedRef = (0, import_react.useRef)(false);
+  const isMountedRef = (0, import_react.useRef)(true);
+  const refreshIntervalRef = (0, import_react.useRef)(null);
+  const apiConfig = { baseUrl };
+  const checkSession = (0, import_react.useCallback)(async () => {
+    try {
+      const sessionInfo = await getComputeApiSession(apiConfig);
+      if (!isMountedRef.current) {
+        return sessionInfo;
+      }
+      setSession(sessionInfo);
+      setError(null);
+      if (wasAuthenticatedRef.current && !sessionInfo.authenticated) {
+        onSessionExpired?.();
+      }
+      wasAuthenticatedRef.current = sessionInfo.authenticated;
+      if (sessionInfo.authenticated) {
+        onSessionRefreshed?.(sessionInfo);
+      }
+      return sessionInfo;
+    } catch (err) {
+      if (!isMountedRef.current) {
+        throw err;
+      }
+      const sessionError = err instanceof SessionError ? err : new SessionError(`Failed to check session: ${String(err)}`, "UNKNOWN");
+      setError(sessionError);
+      onError?.(sessionError);
+      const fallbackSession = { authenticated: false };
+      setSession(fallbackSession);
+      return fallbackSession;
+    }
+  }, [baseUrl, onSessionExpired, onSessionRefreshed, onError]);
+  const refresh = (0, import_react.useCallback)(async () => {
+    setIsLoading(true);
+    try {
+      return await checkSession();
+    } finally {
+      if (isMountedRef.current) {
+        setIsLoading(false);
+      }
+    }
+  }, [checkSession]);
+  const login = (0, import_react.useCallback)(
+    async (params, signMessage) => {
+      setIsLoading(true);
+      setError(null);
+      try {
+        let domain = params.domain;
+        let uri = params.uri;
+        if (typeof window !== "undefined") {
+          domain = domain || window.location.host;
+          uri = uri || window.location.origin;
+        }
+        if (!domain || !uri) {
+          throw new SessionError(
+            "domain and uri are required when not in browser environment",
+            "INVALID_MESSAGE"
+          );
+        }
+        const siweMessage = createSiweMessage({
+          ...params,
+          domain,
+          uri,
+          statement: params.statement || "Sign in to EigenCloud Compute API"
+        });
+        const signature = await signMessage({ message: siweMessage.message });
+        await loginToComputeApi(apiConfig, {
+          message: siweMessage.message,
+          signature
+        });
+        const sessionInfo = await checkSession();
+        if (!isMountedRef.current) {
+          return sessionInfo;
+        }
+        wasAuthenticatedRef.current = sessionInfo.authenticated;
+        return sessionInfo;
+      } catch (err) {
+        if (!isMountedRef.current) {
+          throw err;
+        }
+        const sessionError = err instanceof SessionError ? err : new SessionError(`Login failed: ${String(err)}`, "UNKNOWN");
+        setError(sessionError);
+        onError?.(sessionError);
+        throw sessionError;
+      } finally {
+        if (isMountedRef.current) {
+          setIsLoading(false);
+        }
+      }
+    },
+    [baseUrl, checkSession, onError]
+  );
+  const logout = (0, import_react.useCallback)(async () => {
+    setIsLoading(true);
+    setError(null);
+    try {
+      await logoutFromComputeApi(apiConfig);
+      if (!isMountedRef.current) {
+        return;
+      }
+      const newSession = { authenticated: false };
+      setSession(newSession);
+      wasAuthenticatedRef.current = false;
+    } catch (err) {
+      if (!isMountedRef.current) {
+        throw err;
+      }
+      const sessionError = err instanceof SessionError ? err : new SessionError(`Logout failed: ${String(err)}`, "UNKNOWN");
+      setError(sessionError);
+      onError?.(sessionError);
+      setSession({ authenticated: false });
+      wasAuthenticatedRef.current = false;
+    } finally {
+      if (isMountedRef.current) {
+        setIsLoading(false);
+      }
+    }
+  }, [baseUrl, onError]);
+  const clearError = (0, import_react.useCallback)(() => {
+    setError(null);
+  }, []);
+  (0, import_react.useEffect)(() => {
+    isMountedRef.current = true;
+    if (checkOnMount) {
+      checkSession().finally(() => {
+        if (isMountedRef.current) {
+          setIsLoading(false);
+        }
+      });
+    }
+    return () => {
+      isMountedRef.current = false;
+    };
+  }, [checkOnMount, checkSession]);
+  (0, import_react.useEffect)(() => {
+    if (refreshInterval <= 0) {
+      return;
+    }
+    if (refreshIntervalRef.current) {
+      clearInterval(refreshIntervalRef.current);
+    }
+    refreshIntervalRef.current = setInterval(() => {
+      if (wasAuthenticatedRef.current) {
+        checkSession();
+      }
+    }, refreshInterval);
+    return () => {
+      if (refreshIntervalRef.current) {
+        clearInterval(refreshIntervalRef.current);
+        refreshIntervalRef.current = null;
+      }
+    };
+  }, [refreshInterval, checkSession]);
+  return {
+    session,
+    isLoading,
+    error,
+    isAuthenticated: session?.authenticated ?? false,
+    login,
+    logout,
+    refresh,
+    clearError
+  };
+}
+
+// src/client/common/encryption/kms.ts
+var import_jose = require("jose");
+function getAppProtectedHeaders(appID) {
+  return {
+    "x-eigenx-app-id": appID
+  };
+}
+async function encryptRSAOAEPAndAES256GCM(encryptionKeyPEM, plaintext, protectedHeaders) {
+  const pemString = typeof encryptionKeyPEM === "string" ? encryptionKeyPEM : encryptionKeyPEM.toString("utf-8");
+  const publicKey = await (0, import_jose.importSPKI)(pemString, "RSA-OAEP-256", {
+    extractable: true
+  });
+  const header = {
+    alg: "RSA-OAEP-256",
+    // Key encryption algorithm (SHA-256)
+    enc: "A256GCM",
+    // Content encryption algorithm
+    ...protectedHeaders || {}
+    // Add custom protected headers
+  };
+  const plaintextBytes = new Uint8Array(plaintext);
+  const jwe = await new import_jose.CompactEncrypt(plaintextBytes).setProtectedHeader(header).encrypt(publicKey);
+  return jwe;
+}
+
+// keys/mainnet-alpha/prod/kms-encryption-public-key.pem
+var kms_encryption_public_key_default = "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0kHU86k17ofCIGcJKDcf\nAFurFhSLeWmOL0bwWLCeVnTPG0MMHtJOq+woE0XXSWw6lzm+jzavBBTwKde1dgal\nAp91vULAZFMUpiUdd2dNUVtvU89qW0Pgf1Eu5FDj7BkY/SnyECbWJM4ga0BmpiGy\nnQwLNN9mMGhjVoVLn2zwEGZ7JzS9Nz11EZKO/k/9DcO6LaoIFmKuvVf3jl6lvZg8\naeA0LoZXjkycHlRUt/kfKwZnhakUaYHP1ksV7ZNmolS5GYDTSKGB2KPPNR1s4/Xu\nu8zeEFC8HuGRU8XuuBeaAunitnGhbNVREUNJGff6HZOGB6CIFNXjbQETeZ3p5uro\n0v+hd1QqQYBv7+DEaMCmGnJNGAyIMr2mn4vr7wGsIj0HonlSHmQ8rmdUhL2ocNTc\nLhKgZiZmBuDpSbFW/r53R2G7CHcqaqGeUBnT54QCH4zsYKw0/4dOtwFxQpTyBf9/\n+k+KaWEJYKkx9d9OzKGyAvzrTDVOFoajddiJ6LPvRlMdOUQr3hl4IAC0/nh9lhHq\nD0R+i5WAU96TkdAe7B7iTGH2D22k0KUPR6Q9W3aF353SLxQAMPNrgG4QQufAdRJn\nAF+8ntun5TkTqjTWRSwAsUJZ1z4wb96DympWJbDi0OciJRZ3Fz3j9+amC43yCHGg\naaEMjdt35ewbztUSc04F10MCAwEAAQ==\n-----END PUBLIC KEY-----";
+
+// keys/mainnet-alpha/prod/kms-signing-public-key.pem
+var kms_signing_public_key_default = "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfxbhXJjH4D0DH/iW5/rK1HzWS+f9\nEyooZTrCYjCfezuOEmRuOWNaZLvwXN8SdzrvjWA7gSvOS85hLzp4grANRQ==\n-----END PUBLIC KEY-----";
+
+// keys/sepolia/dev/kms-encryption-public-key.pem
+var kms_encryption_public_key_default2 = "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr/vqttU6aXX35HtsXavU\n5teysunDzZB3HyaFM4qcuRnqj+70KxqLOwZsERN5SwZ/56Jm8T2ds1CcXsQCMUMw\n+MPlsF6KMGfzghLtYHONwvKLnn+U9y886aAay6W8a0A7O7YCZehNYD3kQnCXjOIc\nMj6v8AEvMw+w/lNabjRXnwSBMKVIGp/cSL0hGwt8fGoC3TsxQN9opzvU1Z4rAw9K\na119l6dlPnqezDva378TCaXDjqKe/jSZOI1CcYpaSK2SJ+95Wbvte5j3lXbg1oT2\n0rXeJUHEJ68QxMtJplfw0Sg+Ek4CUJ2c/kbdg0u7sIIO5wcB4WHL/Lfbw2XPmcBI\nt0r0EC575D3iHF/aI01Ms2IRA0GDeHnNcr5FJLWJljTjNLEt4tFITrXwBe1Ealm3\nNCxamApl5bBSwQ72Gb5fiQFwB8Fl2/XG3wfGTFInFEvWE4c/H8dtu1wHTsyEFZcG\nB47IkD5GBSZq90Hd9xuZva55dxGpqUVrEJO88SqHGP9Oa+HLTYdEe5AR5Hitw4Mu\ndk1cCH+X5OqY9dfpdoCNbKAM0N2SJvNAnDTU2JKGYheXrnDslXR6atBmU5gDkH+W\nQVryDYl9xbwWIACMQsAQjrrtKw5xqJ4V89+06FN/wyEVF7KWAcJ4AhKiVnCvLqzb\nBbISc+gOkRsefhCDJVPEKDkCAwEAAQ==\n-----END PUBLIC KEY-----";
+
+// keys/sepolia/dev/kms-signing-public-key.pem
+var kms_signing_public_key_default2 = "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEb2Q88/cxdic2xi4jS2V0dtYHjLwq\n4wVFBFmaY8TTXoMXNggKEdU6PuE8EovocVKMpw3SIlaM27z9uxksNVL2xw==\n-----END PUBLIC KEY-----\n";
+
+// keys/sepolia/prod/kms-encryption-public-key.pem
+var kms_encryption_public_key_default3 = "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApDvk8pAivkgtiC5li5MP\nxMTJDduTeorBl18ynrooTxp2BwwgPwXfXbJaCA0qRubvc0aO2uh2VDrPM27CqMLH\no2S9YLtpLii4A1Nl7SE/MdWKWdG6v94xNGpc2YyPP7yWtHfqOkgDWp8sokl3Uq/9\nMS0pjUaI7RyS5boCTy8Qw90BxGMpucjOmqm+luw4EdPWZCrgriUR2bbGRRgAmrT1\nK4ou4IgPp799r120hwHbCWxnOvLdQdpiv2507b900xS/3yZahhnHCAn66146LU/f\nBrRpQKSM0qSpktXrrc9MH/ru2VLR5cGLp89ZcZMQA9cRGglWM5XWVY3Ti2TPJ6Kd\nAn1d7qNkGJaSdVa3x3HkOf6c6HeTyqis5/L/6L+PFhUsTRbmKg1FtwD+3xxdyf7h\nabFxryE9rv+WatHL6r6z5ztV0znJ/Fpfs5A45FWA6pfb28fA59RGpi/DQ8RxgdCH\nnZRNvdz8dTgRaXSPgkfGXBcCFqb/QhFmad7XbWDthGzfhbPOxNPtiaGRQ1Dr/Pgq\nn0ugdLbRQLmDOAFgaQcnr0U4y1TUlWJnvoZMETkVN7gmITtXA4F324ALT7Rd+Lgk\nHikW5vG+NjAEwXfPsK0YzT+VbHd7o1lbru9UxiDlN03XVEkz/oRQi47CvSTo3FSr\n5dB4lz8kov3UUcNJfQFZolMCAwEAAQ==\n-----END PUBLIC KEY-----";
+
+// keys/sepolia/prod/kms-signing-public-key.pem
+var kms_signing_public_key_default3 = "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEsk6ZdmmvBqFfKHs+1cYjIemRGN7h\n1NatIEitFRyx+3q8wmTJ9LknTE1FwWBLcCNTseJDti8Rh+SaVxfGOyJuuA==\n-----END PUBLIC KEY-----";
+
+// src/client/common/utils/keys.ts
+var KEYS = {
+  "mainnet-alpha": {
+    prod: {
+      encryption: kms_encryption_public_key_default,
+      signing: kms_signing_public_key_default
+    }
+  },
+  sepolia: {
+    dev: {
+      encryption: kms_encryption_public_key_default2,
+      signing: kms_signing_public_key_default2
+    },
+    prod: {
+      encryption: kms_encryption_public_key_default3,
+      signing: kms_signing_public_key_default3
+    }
+  }
+};
+function getKMSKeysForEnvironment(environment, build = "prod") {
+  const envKeys = KEYS[environment];
+  if (!envKeys) {
+    throw new Error(`No keys found for environment: ${environment}`);
+  }
+  const buildKeys = envKeys[build];
+  if (!buildKeys) {
+    throw new Error(`No keys found for environment: ${environment}, build: ${build}`);
+  }
+  return {
+    encryptionKey: Buffer.from(buildKeys.encryption),
+    signingKey: Buffer.from(buildKeys.signing)
+  };
+}
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
+  BillingApiClient,
+  BuildApiClient,
+  SessionError,
   UserApiClient,
+  addHexPrefix,
   assertValidImageReference,
   assertValidPrivateKey,
+  calculateAppID,
+  checkERC7702Delegation,
+  createSiweMessage,
+  deployApp,
   encodeStartAppData,
   encodeStopAppData,
   encodeTerminateAppData,
+  encryptRSAOAEPAndAES256GCM,
   estimateBatchGas,
   estimateTransactionGas,
+  executeBatch,
+  executeDeployBatch,
+  executeDeployBatched,
+  executeDeploySequential,
+  executeUpgradeBatch,
   extractAppNameFromImage,
   formatETH,
   generateNewPrivateKey,
+  generateNonce,
   getActiveAppCount,
   getAllAppsByDeveloper,
+  getAppProtectedHeaders,
   getAppsByCreator,
   getAppsByDeveloper,
   getAvailableEnvironments,
+  getBillingEnvironmentConfig,
   getBuildType,
+  getChainFromID,
+  getComputeApiSession,
   getEnvironmentConfig,
+  getKMSKeysForEnvironment,
   getMaxActiveAppsPerUser,
+  isDelegated,
   isEnvironmentAvailable,
   isMainnet,
+  isSessionValid,
+  isSiweMessageExpired,
+  isSiweMessageNotYetValid,
   isSubscriptionActive,
+  loginToComputeApi,
+  logoutFromComputeApi,
+  noopLogger,
+  parseSiweMessage,
+  prepareDeployBatch,
+  prepareUpgradeBatch,
   sanitizeString,
   sanitizeURL,
   sanitizeXURL,
+  sendAndWaitForTransaction,
+  stripHexPrefix,
+  supportsEIP5792,
+  supportsEIP7702,
+  suspend,
+  undelegate,
+  upgradeApp,
+  useComputeSession,
   validateAppID,
   validateAppName,
   validateCreateAppParams,