@layr-labs/ecloud-sdk 0.2.1-dev → 0.3.0-dev

package/dist/index.cjs

@@ -5,6 +5,9 @@ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
 var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
 var __export = (target, all) => {
   for (var name in all)
     __defProp(target, name, { get: all[name], enumerable: true });
@@ -27,6 +30,135 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
 ));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
+// src/client/common/auth/session.ts
+function stripHexPrefix2(hex) {
+  return hex.startsWith("0x") ? hex.slice(2) : hex;
+}
+async function parseErrorResponse(response) {
+  try {
+    const data = await response.json();
+    return data.error || response.statusText;
+  } catch {
+    return response.statusText;
+  }
+}
+async function loginToComputeApi(config, request) {
+  let response;
+  try {
+    response = await fetch(`${config.baseUrl}/auth/siwe/login`, {
+      method: "POST",
+      credentials: "include",
+      // Include cookies for session management
+      headers: {
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify({
+        message: request.message,
+        signature: stripHexPrefix2(request.signature)
+      })
+    });
+  } catch (error) {
+    throw new SessionError(
+      `Network error connecting to ${config.baseUrl}: ${error instanceof Error ? error.message : String(error)}`,
+      "NETWORK_ERROR"
+    );
+  }
+  if (!response.ok) {
+    const errorMessage = await parseErrorResponse(response);
+    const status = response.status;
+    if (status === 400) {
+      if (errorMessage.toLowerCase().includes("siwe")) {
+        throw new SessionError(`Invalid SIWE message: ${errorMessage}`, "INVALID_MESSAGE", status);
+      }
+      throw new SessionError(`Bad request: ${errorMessage}`, "INVALID_MESSAGE", status);
+    }
+    if (status === 401) {
+      throw new SessionError(`Invalid signature: ${errorMessage}`, "INVALID_SIGNATURE", status);
+    }
+    throw new SessionError(`Login failed: ${errorMessage}`, "UNKNOWN", status);
+  }
+  const data = await response.json();
+  return {
+    success: data.success,
+    address: data.address
+  };
+}
+async function getComputeApiSession(config) {
+  let response;
+  try {
+    response = await fetch(`${config.baseUrl}/auth/session`, {
+      method: "GET",
+      credentials: "include",
+      // Include cookies for session management
+      headers: {
+        "Content-Type": "application/json"
+      }
+    });
+  } catch {
+    return {
+      authenticated: false
+    };
+  }
+  if (response.status === 401) {
+    return {
+      authenticated: false
+    };
+  }
+  if (!response.ok) {
+    const errorMessage = await parseErrorResponse(response);
+    throw new SessionError(`Failed to get session: ${errorMessage}`, "UNKNOWN", response.status);
+  }
+  const data = await response.json();
+  return {
+    authenticated: data.authenticated,
+    address: data.address,
+    chainId: data.chain_id
+  };
+}
+async function logoutFromComputeApi(config) {
+  let response;
+  try {
+    response = await fetch(`${config.baseUrl}/auth/logout`, {
+      method: "POST",
+      credentials: "include",
+      // Include cookies for session management
+      headers: {
+        "Content-Type": "application/json"
+      }
+    });
+  } catch (error) {
+    throw new SessionError(
+      `Network error connecting to ${config.baseUrl}: ${error instanceof Error ? error.message : String(error)}`,
+      "NETWORK_ERROR"
+    );
+  }
+  if (response.status === 401) {
+    return;
+  }
+  if (!response.ok) {
+    const errorMessage = await parseErrorResponse(response);
+    throw new SessionError(`Logout failed: ${errorMessage}`, "UNKNOWN", response.status);
+  }
+}
+async function isSessionValid(config) {
+  const session = await getComputeApiSession(config);
+  return session.authenticated;
+}
+var SessionError;
+var init_session = __esm({
+  "src/client/common/auth/session.ts"() {
+    "use strict";
+    SessionError = class extends Error {
+      constructor(message, code, statusCode) {
+        super(message);
+        this.code = code;
+        this.statusCode = statusCode;
+        this.name = "SessionError";
+      }
+    };
+  }
+});
+
 // src/index.ts
 var index_exports = {};
 __export(index_exports, {
@@ -42,6 +174,7 @@ __export(index_exports, {
   NotFoundError: () => NotFoundError,
   PRIMARY_LANGUAGES: () => PRIMARY_LANGUAGES,
   PostHogClient: () => PostHogClient,
+  SessionError: () => SessionError,
   TimeoutError: () => TimeoutError,
   UserApiClient: () => UserApiClient,
   addHexPrefix: () => addHexPrefix,
@@ -58,6 +191,7 @@ __export(index_exports, {
   createComputeModule: () => createComputeModule,
   createECloudClient: () => createECloudClient,
   createMetricsContext: () => createMetricsContext,
+  createSiweMessage: () => createSiweMessage,
   createTelemetryClient: () => createTelemetryClient,
   createViemClients: () => createClients,
   deleteLegacyPrivateKey: () => deleteLegacyPrivateKey,
@@ -74,6 +208,7 @@ __export(index_exports, {
   fetchTemplateCatalog: () => fetchTemplateCatalog,
   formatETH: () => formatETH,
   generateNewPrivateKey: () => generateNewPrivateKey,
+  generateNonce: () => generateNonce,
   getAddressFromPrivateKey: () => getAddressFromPrivateKey,
   getAllAppsByDeveloper: () => getAllAppsByDeveloper,
   getAppLatestReleaseBlockNumbers: () => getAppLatestReleaseBlockNumbers,
@@ -84,6 +219,7 @@ __export(index_exports, {
   getBuildType: () => getBuildType,
   getCategoryDescriptions: () => getCategoryDescriptions,
   getChainFromID: () => getChainFromID,
+  getComputeApiSession: () => getComputeApiSession,
   getCurrentInstanceType: () => getCurrentInstanceType,
   getEnvironmentConfig: () => getEnvironmentConfig,
   getLegacyKeys: () => getLegacyKeys,
@@ -96,10 +232,17 @@ __export(index_exports, {
   isEnvironmentAvailable: () => isEnvironmentAvailable,
   isMainnet: () => isMainnet,
   isNoopClient: () => isNoopClient,
+  isSessionValid: () => isSessionValid,
+  isSiweMessageExpired: () => isSiweMessageExpired,
+  isSiweMessageNotYetValid: () => isSiweMessageNotYetValid,
   isSubscriptionActive: () => isSubscriptionActive,
   keyExists: () => keyExists,
   listStoredKeys: () => listStoredKeys,
+  loginToComputeApi: () => loginToComputeApi,
+  logoutFromComputeApi: () => logoutFromComputeApi,
   logs: () => logs,
+  noopLogger: () => noopLogger,
+  parseSiweMessage: () => parseSiweMessage,
   prepareDeploy: () => prepareDeploy,
   prepareDeployFromVerifiableBuild: () => prepareDeployFromVerifiableBuild,
   prepareUpgrade: () => prepareUpgrade,
@@ -1237,6 +1380,18 @@ function extractRegistryNameNoDocker(imageRef) {
 // src/client/common/contract/eip7702.ts
 var import_viem = require("viem");
 
+// src/client/common/types/index.ts
+var noopLogger = {
+  debug: () => {
+  },
+  info: () => {
+  },
+  warn: () => {
+  },
+  error: () => {
+  }
+};
+
 // src/client/common/abis/ERC7702Delegator.json
 var ERC7702Delegator_default = [
   {
@@ -2322,7 +2477,7 @@ async function checkERC7702Delegation(publicClient, account, delegatorAddress) {
   const expectedCode = `0xef0100${delegatorAddress.slice(2)}`;
   return code.toLowerCase() === expectedCode.toLowerCase();
 }
-async function executeBatch(options, logger) {
+async function executeBatch(options, logger = noopLogger) {
   const { walletClient, publicClient, environmentConfig, executions, pendingMessage, gas } = options;
   const account = walletClient.account;
   if (!account) {
@@ -4027,7 +4182,7 @@ async function calculateAppID(options) {
   });
   return appID;
 }
-async function prepareDeployBatch(options, logger) {
+async function prepareDeployBatch(options, logger = noopLogger) {
   const { walletClient, publicClient, environmentConfig, salt, release, publicLogs } = options;
   const account = walletClient.account;
   if (!account) {
@@ -4107,7 +4262,7 @@ async function prepareDeployBatch(options, logger) {
     environmentConfig
   };
 }
-async function executeDeployBatch(data, context, gas, logger) {
+async function executeDeployBatch(data, context, gas, logger = noopLogger) {
   const pendingMessage = "Deploying new app...";
   const txHash = await executeBatch(
     {
@@ -4122,7 +4277,7 @@ async function executeDeployBatch(data, context, gas, logger) {
   );
   return { appId: data.appId, txHash };
 }
-async function deployApp(options, logger) {
+async function deployApp(options, logger = noopLogger) {
   const prepared = await prepareDeployBatch(options, logger);
   const data = {
     appId: prepared.appId,
@@ -4137,7 +4292,15 @@ async function deployApp(options, logger) {
   return executeDeployBatch(data, context, options.gas, logger);
 }
 async function prepareUpgradeBatch(options) {
-  const { walletClient, publicClient, environmentConfig, appID, release, publicLogs, needsPermissionChange } = options;
+  const {
+    walletClient,
+    publicClient,
+    environmentConfig,
+    appID,
+    release,
+    publicLogs,
+    needsPermissionChange
+  } = options;
   const releaseForViem = {
     rmsRelease: {
       artifacts: release.rmsRelease.artifacts.map((artifact) => ({
@@ -4210,7 +4373,7 @@ async function prepareUpgradeBatch(options) {
     environmentConfig
   };
 }
-async function executeUpgradeBatch(data, context, gas, logger) {
+async function executeUpgradeBatch(data, context, gas, logger = noopLogger) {
   const pendingMessage = `Upgrading app ${data.appId}...`;
   const txHash = await executeBatch(
     {
@@ -4225,7 +4388,7 @@ async function executeUpgradeBatch(data, context, gas, logger) {
   );
   return txHash;
 }
-async function upgradeApp(options, logger) {
+async function upgradeApp(options, logger = noopLogger) {
   const prepared = await prepareUpgradeBatch(options);
   const data = {
     appId: prepared.appId,
@@ -4238,8 +4401,18 @@ async function upgradeApp(options, logger) {
   };
   return executeUpgradeBatch(data, context, options.gas, logger);
 }
-async function sendAndWaitForTransaction(options, logger) {
-  const { walletClient, publicClient, environmentConfig, to, data, value = 0n, pendingMessage, txDescription, gas } = options;
+async function sendAndWaitForTransaction(options, logger = noopLogger) {
+  const {
+    walletClient,
+    publicClient,
+    environmentConfig,
+    to,
+    data,
+    value = 0n,
+    pendingMessage,
+    txDescription,
+    gas
+  } = options;
   const account = walletClient.account;
   if (!account) {
     throw new Error("WalletClient must have an account attached");
@@ -4359,7 +4532,13 @@ async function getAllAppsByDeveloper(publicClient, env, developer, pageSize = 10
   const allApps = [];
   const allConfigs = [];
   while (true) {
-    const { apps, appConfigs } = await getAppsByDeveloper(publicClient, env, developer, offset, pageSize);
+    const { apps, appConfigs } = await getAppsByDeveloper(
+      publicClient,
+      env,
+      developer,
+      offset,
+      pageSize
+    );
     if (apps.length === 0) break;
     allApps.push(...apps);
     allConfigs.push(...appConfigs);
@@ -4415,7 +4594,7 @@ async function isDelegated(options) {
     environmentConfig.erc7702DelegatorAddress
   );
 }
-async function undelegate(options, logger) {
+async function undelegate(options, logger = noopLogger) {
   const { walletClient, publicClient, environmentConfig } = options;
   const account = walletClient.account;
   if (!account) {
@@ -4514,6 +4693,7 @@ async function calculateBillingAuthSignature(options) {
 }
 
 // src/client/common/utils/userapi.ts
+init_session();
 function isJsonObject(value) {
   return typeof value === "object" && value !== null && !Array.isArray(value);
 }
@@ -4530,15 +4710,16 @@ var CanViewAppLogsPermission = "0x2fd3f2fe";
 var CanViewSensitiveAppInfoPermission = "0x0e67b22f";
 var CanUpdateAppProfilePermission = "0x036fef61";
 function getDefaultClientId() {
-  const version = true ? "0.2.1-dev" : "0.0.0";
+  const version = true ? "0.3.0-dev" : "0.0.0";
   return `ecloud-sdk/v${version}`;
 }
 var UserApiClient = class {
-  constructor(config, walletClient, publicClient, clientId) {
+  constructor(config, walletClient, publicClient, options) {
     this.config = config;
     this.walletClient = walletClient;
     this.publicClient = publicClient;
-    this.clientId = clientId || getDefaultClientId();
+    this.clientId = options?.clientId || getDefaultClientId();
+    this.useSession = options?.useSession ?? false;
   }
   /**
    * Get the address of the connected wallet
@@ -4626,7 +4807,7 @@ var UserApiClient = class {
     const apps = result.apps || result.Apps || [];
     return apps.map((app, i) => ({
       address: app.address || appIDs[i],
-      status: app.status || app.Status || ""
+      status: app.app_status || app.App_Status || ""
     }));
   }
   /**
@@ -4658,9 +4839,11 @@ var UserApiClient = class {
     const headers = {
       "x-client-id": this.clientId
     };
-    const expiry = BigInt(Math.floor(Date.now() / 1e3) + 5 * 60);
-    const authHeaders = await this.generateAuthHeaders(CanUpdateAppProfilePermission, expiry);
-    Object.assign(headers, authHeaders);
+    if (!this.useSession) {
+      const expiry = BigInt(Math.floor(Date.now() / 1e3) + 5 * 60);
+      const authHeaders = await this.generateAuthHeaders(CanUpdateAppProfilePermission, expiry);
+      Object.assign(headers, authHeaders);
+    }
     try {
       const response = await import_axios.default.post(endpoint, formData, {
         headers,
@@ -4669,8 +4852,10 @@ var UserApiClient = class {
         // Don't throw on any status
         maxContentLength: Infinity,
         // Allow large file uploads
-        maxBodyLength: Infinity
+        maxBodyLength: Infinity,
         // Allow large file uploads
+        withCredentials: true
+        // Include cookies for session auth
       });
       const status = response.status;
       if (status !== 200 && status !== 201) {
@@ -4704,7 +4889,7 @@ Please check:
     const headers = {
       "x-client-id": this.clientId
     };
-    if (permission) {
+    if (permission && !this.useSession) {
       const expiry = BigInt(Math.floor(Date.now() / 1e3) + 5 * 60);
       const authHeaders = await this.generateAuthHeaders(permission, expiry);
       Object.assign(headers, authHeaders);
@@ -4713,8 +4898,10 @@ Please check:
       const response = await import_axios.default.get(url, {
         headers,
         maxRedirects: 0,
-        validateStatus: () => true
+        validateStatus: () => true,
         // Don't throw on any status
+        withCredentials: true
+        // Include cookies for session auth
       });
       const status = response.status;
       const statusText = status >= 200 && status < 300 ? "OK" : "Error";
@@ -4756,6 +4943,65 @@ Please check:
       "X-eigenx-expiry": expiry.toString()
     };
   }
+  // ==========================================================================
+  // SIWE Session Management
+  // ==========================================================================
+  /**
+   * Login to the compute API using SIWE (Sign-In with Ethereum)
+   *
+   * This establishes a session with the compute API by verifying the SIWE message
+   * and signature. On success, a session cookie is set in the browser.
+   *
+   * @param request - Login request containing SIWE message and signature
+   * @returns Login result with the authenticated address
+   *
+   * @example
+   * ```typescript
+   * import { createSiweMessage } from "@layr-labs/ecloud-sdk/browser";
+   *
+   * const { message } = createSiweMessage({
+   *   address: userAddress,
+   *   chainId: 11155111,
+   *   domain: window.location.host,
+   *   uri: window.location.origin,
+   * });
+   *
+   * const signature = await signMessageAsync({ message });
+   * const result = await client.siweLogin({ message, signature });
+   * ```
+   */
+  async siweLogin(request) {
+    return loginToComputeApi({ baseUrl: this.config.userApiServerURL }, request);
+  }
+  /**
+   * Logout from the compute API
+   *
+   * This destroys the current session and clears the session cookie.
+   *
+   * @example
+   * ```typescript
+   * await client.siweLogout();
+   * ```
+   */
+  async siweLogout() {
+    return logoutFromComputeApi({ baseUrl: this.config.userApiServerURL });
+  }
+  /**
+   * Get the current SIWE session status from the compute API
+   *
+   * @returns Session information including authentication status and address
+   *
+   * @example
+   * ```typescript
+   * const session = await client.getSiweSession();
+   * if (session.authenticated) {
+   *   console.log(`Logged in as ${session.address}`);
+   * }
+   * ```
+   */
+  async getSiweSession() {
+    return getComputeApiSession({ baseUrl: this.config.userApiServerURL });
+  }
 };
 function transformAppReleaseBuild(raw) {
   if (!isJsonObject(raw)) return void 0;
@@ -5372,24 +5618,221 @@ function isSubscriptionActive(status) {
 
 // src/client/common/utils/billingapi.ts
 var import_axios2 = __toESM(require("axios"), 1);
+
+// src/client/common/auth/billingSession.ts
+var BillingSessionError = class extends Error {
+  constructor(message, code, statusCode) {
+    super(message);
+    this.code = code;
+    this.statusCode = statusCode;
+    this.name = "BillingSessionError";
+  }
+};
+function stripHexPrefix3(hex) {
+  return hex.startsWith("0x") ? hex.slice(2) : hex;
+}
+async function parseErrorResponse2(response) {
+  try {
+    const data = await response.json();
+    return data.error || response.statusText;
+  } catch {
+    return response.statusText;
+  }
+}
+async function loginToBillingApi(config, request) {
+  let response;
+  try {
+    response = await fetch(`${config.baseUrl}/auth/siwe/login`, {
+      method: "POST",
+      credentials: "include",
+      // Include cookies for session management
+      headers: {
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify({
+        message: request.message,
+        signature: stripHexPrefix3(request.signature)
+      })
+    });
+  } catch (error) {
+    throw new BillingSessionError(
+      `Network error connecting to ${config.baseUrl}: ${error instanceof Error ? error.message : String(error)}`,
+      "NETWORK_ERROR"
+    );
+  }
+  if (!response.ok) {
+    const errorMessage = await parseErrorResponse2(response);
+    const status = response.status;
+    if (status === 400) {
+      if (errorMessage.toLowerCase().includes("siwe")) {
+        throw new BillingSessionError(`Invalid SIWE message: ${errorMessage}`, "INVALID_MESSAGE", status);
+      }
+      throw new BillingSessionError(`Bad request: ${errorMessage}`, "INVALID_MESSAGE", status);
+    }
+    if (status === 401) {
+      throw new BillingSessionError(`Invalid signature: ${errorMessage}`, "INVALID_SIGNATURE", status);
+    }
+    throw new BillingSessionError(`Login failed: ${errorMessage}`, "UNKNOWN", status);
+  }
+  const data = await response.json();
+  return {
+    success: data.success,
+    address: data.address
+  };
+}
+async function getBillingApiSession(config) {
+  let response;
+  try {
+    response = await fetch(`${config.baseUrl}/auth/session`, {
+      method: "GET",
+      credentials: "include",
+      // Include cookies for session management
+      headers: {
+        "Content-Type": "application/json"
+      }
+    });
+  } catch {
+    return {
+      authenticated: false
+    };
+  }
+  if (response.status === 401) {
+    return {
+      authenticated: false
+    };
+  }
+  if (!response.ok) {
+    const errorMessage = await parseErrorResponse2(response);
+    throw new BillingSessionError(`Failed to get session: ${errorMessage}`, "UNKNOWN", response.status);
+  }
+  const data = await response.json();
+  return {
+    authenticated: data.authenticated,
+    address: data.address,
+    chainId: data.chainId,
+    authenticatedAt: data.authenticatedAt
+  };
+}
+async function logoutFromBillingApi(config) {
+  let response;
+  try {
+    response = await fetch(`${config.baseUrl}/auth/logout`, {
+      method: "POST",
+      credentials: "include",
+      // Include cookies for session management
+      headers: {
+        "Content-Type": "application/json"
+      }
+    });
+  } catch (error) {
+    throw new BillingSessionError(
+      `Network error connecting to ${config.baseUrl}: ${error instanceof Error ? error.message : String(error)}`,
+      "NETWORK_ERROR"
+    );
+  }
+  if (response.status === 401) {
+    return;
+  }
+  if (!response.ok) {
+    const errorMessage = await parseErrorResponse2(response);
+    throw new BillingSessionError(`Logout failed: ${errorMessage}`, "UNKNOWN", response.status);
+  }
+}
+
+// src/client/common/utils/billingapi.ts
 var BillingApiClient = class {
-  constructor(config, walletClient) {
+  constructor(config, walletClient, options = {}) {
     this.config = config;
     this.walletClient = walletClient;
+    this.options = options;
+    this.useSession = options.useSession ?? false;
+    if (!this.useSession && !walletClient) {
+      throw new Error("WalletClient is required when not using session authentication");
+    }
   }
   /**
    * Get the address of the connected wallet
+   * Returns undefined if using session auth without a wallet client
    */
   get address() {
-    const account = this.walletClient.account;
+    const account = this.walletClient?.account;
     if (!account) {
-      throw new Error("WalletClient must have an account attached");
+      if (!this.useSession) {
+        throw new Error("WalletClient must have an account attached");
+      }
+      return void 0;
     }
     return account.address;
   }
-  async createSubscription(productId = "compute") {
+  /**
+   * Get the base URL of the billing API
+   */
+  get baseUrl() {
+    return this.config.billingApiServerURL;
+  }
+  // ==========================================================================
+  // SIWE Session Methods
+  // ==========================================================================
+  /**
+   * Login to the billing API using SIWE
+   *
+   * This establishes a session with the billing API by verifying the SIWE message
+   * and signature. On success, a session cookie is set in the browser.
+   *
+   * @param request - Login request containing SIWE message and signature
+   * @returns Login result with the authenticated address
+   *
+   * @example
+   * ```typescript
+   * const { message } = createSiweMessage({
+   *   address: userAddress,
+   *   chainId: 11155111,
+   *   domain: window.location.host,
+   *   uri: window.location.origin,
+   * });
+   *
+   * const signature = await signMessageAsync({ message });
+   * const result = await billingClient.siweLogin({ message, signature });
+   * ```
+   */
+  async siweLogin(request) {
+    return loginToBillingApi({ baseUrl: this.baseUrl }, request);
+  }
+  /**
+   * Logout from the billing API
+   *
+   * This destroys the current session and clears the session cookie.
+   */
+  async siweLogout() {
+    return logoutFromBillingApi({ baseUrl: this.baseUrl });
+  }
+  /**
+   * Get the current session status from the billing API
+   *
+   * @returns Session information including authentication status and address
+   */
+  async getSession() {
+    return getBillingApiSession({ baseUrl: this.baseUrl });
+  }
+  /**
+   * Check if there is a valid session
+   *
+   * @returns True if session is authenticated, false otherwise
+   */
+  async isSessionValid() {
+    const session = await this.getSession();
+    return session.authenticated;
+  }
+  // ==========================================================================
+  // Subscription Methods
+  // ==========================================================================
+  async createSubscription(productId = "compute", options) {
     const endpoint = `${this.config.billingApiServerURL}/products/${productId}/subscription`;
-    const resp = await this.makeAuthenticatedRequest(endpoint, "POST", productId);
+    const body = options ? {
+      success_url: options.successUrl,
+      cancel_url: options.cancelUrl
+    } : void 0;
+    const resp = await this.makeAuthenticatedRequest(endpoint, "POST", productId, body);
     return resp.json();
   }
   async getSubscription(productId = "compute") {
@@ -5401,10 +5844,72 @@ var BillingApiClient = class {
     const endpoint = `${this.config.billingApiServerURL}/products/${productId}/subscription`;
     await this.makeAuthenticatedRequest(endpoint, "DELETE", productId);
   }
+  // ==========================================================================
+  // Internal Methods
+  // ==========================================================================
   /**
    * Make an authenticated request to the billing API
+   *
+   * Uses session auth if useSession is true, otherwise uses EIP-712 signature auth.
+   */
+  async makeAuthenticatedRequest(url, method, productId, body) {
+    if (this.useSession) {
+      return this.makeSessionAuthenticatedRequest(url, method, body);
+    }
+    return this.makeSignatureAuthenticatedRequest(url, method, productId, body);
+  }
+  /**
+   * Make a request using session-based authentication (cookies)
    */
-  async makeAuthenticatedRequest(url, method, productId) {
+  async makeSessionAuthenticatedRequest(url, method, body) {
+    const headers = {};
+    if (body) {
+      headers["Content-Type"] = "application/json";
+    }
+    try {
+      const response = await fetch(url, {
+        method,
+        credentials: "include",
+        // Include cookies for session management
+        headers,
+        body: body ? JSON.stringify(body) : void 0
+      });
+      const status = response.status;
+      const statusText = status >= 200 && status < 300 ? "OK" : "Error";
+      if (status < 200 || status >= 300) {
+        let errorBody;
+        try {
+          errorBody = await response.text();
+        } catch {
+          errorBody = statusText;
+        }
+        throw new Error(`BillingAPI request failed: ${status} ${statusText} - ${errorBody}`);
+      }
+      const responseData = await response.json();
+      return {
+        json: async () => responseData,
+        text: async () => JSON.stringify(responseData)
+      };
+    } catch (error) {
+      if (error.name === "TypeError" || error.message?.includes("fetch")) {
+        throw new Error(
+          `Failed to connect to BillingAPI at ${url}: ${error.message}
+Please check:
+1. Your internet connection
+2. The API server is accessible: ${this.config.billingApiServerURL}
+3. Firewall/proxy settings`
+        );
+      }
+      throw error;
+    }
+  }
+  /**
+   * Make a request using EIP-712 signature authentication
+   */
+  async makeSignatureAuthenticatedRequest(url, method, productId, body) {
+    if (!this.walletClient) {
+      throw new Error("WalletClient is required for signature authentication");
+    }
     const expiry = BigInt(Math.floor(Date.now() / 1e3) + 5 * 60);
     const { signature } = await calculateBillingAuthSignature({
       walletClient: this.walletClient,
@@ -5416,11 +5921,15 @@ var BillingApiClient = class {
       "X-Account": this.address,
       "X-Expiry": expiry.toString()
     };
+    if (body) {
+      headers["Content-Type"] = "application/json";
+    }
     try {
       const response = await (0, import_axios2.default)({
         method,
         url,
         headers,
+        data: body,
         timeout: 3e4,
         maxRedirects: 0,
         validateStatus: () => true
@@ -5429,8 +5938,8 @@ var BillingApiClient = class {
       const status = response.status;
       const statusText = status >= 200 && status < 300 ? "OK" : "Error";
       if (status < 200 || status >= 300) {
-        const body = typeof response.data === "string" ? response.data : JSON.stringify(response.data);
-        throw new Error(`BillingAPI request failed: ${status} ${statusText} - ${body}`);
+        const body2 = typeof response.data === "string" ? response.data : JSON.stringify(response.data);
+        throw new Error(`BillingAPI request failed: ${status} ${statusText} - ${body2}`);
       }
       return {
         json: async () => response.data,
@@ -6916,7 +7425,7 @@ async function logs(options, walletClient, publicClient, environmentConfig, logg
         environmentConfig,
         walletClient,
         publicClient,
-        options.clientId
+        options.clientId ? { clientId: options.clientId } : void 0
       );
       let logsText;
       let logsError = null;
@@ -7215,7 +7724,7 @@ function createAppModule(ctx) {
             environment,
             walletClient,
             publicClient,
-            ctx.clientId
+            ctx.clientId ? { clientId: ctx.clientId } : void 0
           );
           return userApiClient.uploadAppProfile(appId, profile.name, {
             website: profile.website,
@@ -7415,7 +7924,10 @@ function createBillingModule(config) {
             };
           }
           logger.debug(`Creating subscription for ${productId}...`);
-          const result = await billingApi.createSubscription(productId);
+          const result = await billingApi.createSubscription(productId, {
+            successUrl: opts?.successUrl,
+            cancelUrl: opts?.cancelUrl
+          });
           logger.debug(`Checkout URL: ${result.checkoutUrl}`);
           return {
             type: "checkout_created",
@@ -7474,11 +7986,55 @@ function createBillingModule(config) {
 
 // src/client/common/utils/buildapi.ts
 var import_axios3 = __toESM(require("axios"), 1);
+var MAX_RETRIES = 5;
+var INITIAL_BACKOFF_MS = 1e3;
+var MAX_BACKOFF_MS = 3e4;
+async function sleep2(ms) {
+  return new Promise((resolve2) => setTimeout(resolve2, ms));
+}
+function getRetryDelay(res, attempt) {
+  const retryAfter = res.headers["retry-after"];
+  if (retryAfter) {
+    const seconds = parseInt(retryAfter, 10);
+    if (!isNaN(seconds)) {
+      return Math.min(seconds * 1e3, MAX_BACKOFF_MS);
+    }
+  }
+  return Math.min(INITIAL_BACKOFF_MS * Math.pow(2, attempt), MAX_BACKOFF_MS);
+}
+async function requestWithRetry(config) {
+  let lastResponse;
+  for (let attempt = 0; attempt <= MAX_RETRIES; attempt++) {
+    const res = await (0, import_axios3.default)({ ...config, validateStatus: () => true });
+    lastResponse = res;
+    if (res.status !== 429) {
+      return res;
+    }
+    if (attempt < MAX_RETRIES) {
+      const delay = getRetryDelay(res, attempt);
+      await sleep2(delay);
+    }
+  }
+  return lastResponse;
+}
 var BuildApiClient = class {
   constructor(options) {
-    this.baseUrl = options.baseUrl.replace(/\/+$/, "");
+    let url = options.baseUrl;
+    while (url.endsWith("/")) {
+      url = url.slice(0, -1);
+    }
+    this.baseUrl = url;
     this.clientId = options.clientId;
     this.walletClient = options.walletClient;
+    this.useSession = options.useSession ?? false;
+    this.billingSessionId = options.billingSessionId;
+  }
+  /**
+   * Update the billing session ID.
+   * Call this after logging into the billing API to enable session-based auth for builds.
+   */
+  setBillingSessionId(sessionId) {
+    this.billingSessionId = sessionId;
   }
   /**
    * Get the address of the connected wallet
@@ -7490,8 +8046,17 @@ var BuildApiClient = class {
     }
     return account.address;
   }
+  /**
+   * Submit a new build request.
+   * Supports two auth modes (session auth is tried first when billingSessionId is available):
+   * 1. Session-based auth: X-Billing-Session header (forwarded billing_session cookie)
+   * 2. Signature-based auth: Authorization + X-Account + X-eigenx-expiry headers (requires walletClient)
+   */
   async submitBuild(payload) {
-    return this.authenticatedJsonRequest("/builds", "POST", payload);
+    if (this.useSession && this.billingSessionId) {
+      return this.billingSessionAuthJsonRequest("/builds", "POST", payload);
+    }
+    return this.signatureAuthJsonRequest("/builds", "POST", payload);
   }
   async getBuild(buildId) {
     return this.publicJsonRequest(`/builds/${encodeURIComponent(buildId)}`);
@@ -7502,33 +8067,42 @@ var BuildApiClient = class {
   async verify(identifier) {
     return this.publicJsonRequest(`/builds/verify/${encodeURIComponent(identifier)}`);
   }
+  /**
+   * Get build logs. Supports session auth (identity verification only, no billing check).
+   */
   async getLogs(buildId) {
-    return this.authenticatedTextRequest(`/builds/${encodeURIComponent(buildId)}/logs`);
+    return this.sessionOrSignatureTextRequest(`/builds/${encodeURIComponent(buildId)}/logs`);
   }
   async listBuilds(params) {
-    const res = await (0, import_axios3.default)({
+    const res = await requestWithRetry({
       url: `${this.baseUrl}/builds`,
       method: "GET",
       params,
       headers: this.clientId ? { "x-client-id": this.clientId } : void 0,
       timeout: 6e4,
-      validateStatus: () => true
+      validateStatus: () => true,
+      withCredentials: this.useSession
     });
     if (res.status < 200 || res.status >= 300) throw buildApiHttpError(res);
     return res.data;
   }
   async publicJsonRequest(path8) {
-    const res = await (0, import_axios3.default)({
+    const res = await requestWithRetry({
       url: `${this.baseUrl}${path8}`,
       method: "GET",
       headers: this.clientId ? { "x-client-id": this.clientId } : void 0,
       timeout: 6e4,
-      validateStatus: () => true
+      validateStatus: () => true,
+      withCredentials: this.useSession
     });
     if (res.status < 200 || res.status >= 300) throw buildApiHttpError(res);
     return res.data;
   }
-  async authenticatedJsonRequest(path8, method, body) {
+  /**
+   * Make a request that ALWAYS requires signature auth (for billing verification).
+   * Used for endpoints like POST /builds that need to verify subscription status.
+   */
+  async signatureAuthJsonRequest(path8, method, body) {
     if (!this.walletClient?.account) {
       throw new Error("WalletClient with account required for authenticated requests");
     }
@@ -7545,39 +8119,74 @@ var BuildApiClient = class {
     headers.Authorization = `Bearer ${signature}`;
     headers["X-eigenx-expiry"] = expiry.toString();
     headers["X-Account"] = this.address;
-    const res = await (0, import_axios3.default)({
+    const res = await requestWithRetry({
       url: `${this.baseUrl}${path8}`,
       method,
       headers,
       data: body,
       timeout: 6e4,
-      validateStatus: () => true
+      validateStatus: () => true,
+      withCredentials: this.useSession
     });
     if (res.status < 200 || res.status >= 300) throw buildApiHttpError(res);
     return res.data;
   }
-  async authenticatedTextRequest(path8) {
-    if (!this.walletClient?.account) {
-      throw new Error("WalletClient with account required for authenticated requests");
+  /**
+   * Make a request using billing session auth (for billing verification without wallet signature).
+   * Forwards the billing_session cookie value via X-Billing-Session header.
+   * Used for endpoints that need to verify subscription status when using session-based auth.
+   */
+  async billingSessionAuthJsonRequest(path8, method, body) {
+    if (!this.billingSessionId) {
+      throw new Error("billingSessionId required for session-based billing auth");
     }
-    const headers = {};
+    const headers = {
+      "Content-Type": "application/json",
+      "X-Billing-Session": this.billingSessionId
+    };
     if (this.clientId) headers["x-client-id"] = this.clientId;
-    const expiry = BigInt(Math.floor(Date.now() / 1e3) + 60);
-    const { signature } = await calculateBillingAuthSignature({
-      walletClient: this.walletClient,
-      product: "compute",
-      expiry
+    const res = await requestWithRetry({
+      url: `${this.baseUrl}${path8}`,
+      method,
+      headers,
+      data: body,
+      timeout: 6e4,
+      validateStatus: () => true,
+      withCredentials: this.useSession
     });
-    headers.Authorization = `Bearer ${signature}`;
-    headers["X-eigenx-expiry"] = expiry.toString();
-    headers["X-Account"] = this.address;
-    const res = await (0, import_axios3.default)({
+    if (res.status < 200 || res.status >= 300) throw buildApiHttpError(res);
+    return res.data;
+  }
+  /**
+   * Make an authenticated request that can use session OR signature auth.
+   * When useSession is true, relies on cookies for identity verification.
+   * Used for endpoints that only need identity verification (not billing).
+   */
+  async sessionOrSignatureTextRequest(path8) {
+    const headers = {};
+    if (this.clientId) headers["x-client-id"] = this.clientId;
+    if (!this.useSession) {
+      if (!this.walletClient?.account) {
+        throw new Error("WalletClient with account required for authenticated requests");
+      }
+      const expiry = BigInt(Math.floor(Date.now() / 1e3) + 60);
+      const { signature } = await calculateBillingAuthSignature({
+        walletClient: this.walletClient,
+        product: "compute",
+        expiry
+      });
+      headers.Authorization = `Bearer ${signature}`;
+      headers["X-eigenx-expiry"] = expiry.toString();
+      headers["X-Account"] = this.address;
+    }
+    const res = await requestWithRetry({
       url: `${this.baseUrl}${path8}`,
       method: "GET",
       headers,
       timeout: 6e4,
       responseType: "text",
-      validateStatus: () => true
+      validateStatus: () => true,
+      withCredentials: this.useSession
     });
     if (res.status < 200 || res.status >= 300) throw buildApiHttpError(res);
     return typeof res.data === "string" ? res.data : JSON.stringify(res.data);
@@ -7766,7 +8375,7 @@ function createBuildModule(config) {
         if (build.status === BUILD_STATUS.FAILED) {
           throw new BuildFailedError(build.errorMessage ?? "Build failed", buildId);
         }
-        await sleep2(pollIntervalMs);
+        await sleep3(pollIntervalMs);
       }
     },
     async *streamLogs(buildId, pollIntervalMs = DEFAULT_POLL_INTERVAL) {
@@ -7788,12 +8397,12 @@ function createBuildModule(config) {
           lastLength = logs2.length;
         }
         if (build.status !== BUILD_STATUS.BUILDING) break;
-        await sleep2(pollIntervalMs);
+        await sleep3(pollIntervalMs);
       }
     }
   };
 }
-function sleep2(ms) {
+function sleep3(ms) {
   return new Promise((resolve2) => setTimeout(resolve2, ms));
 }
 function transformBuild(raw) {
@@ -8076,6 +8685,77 @@ function generateNewPrivateKey() {
   };
 }
 
+// src/client/common/auth/siwe.ts
+var import_siwe = require("siwe");
+var generateNonce = import_siwe.generateNonce;
+function createSiweMessage(params) {
+  const now = /* @__PURE__ */ new Date();
+  const nonce = params.nonce || generateNonce();
+  const issuedAt = params.issuedAt || now;
+  const expirationTime = params.expirationTime || new Date(now.getTime() + 24 * 60 * 60 * 1e3);
+  const siweMessage = new import_siwe.SiweMessage({
+    domain: params.domain,
+    address: params.address,
+    statement: params.statement,
+    uri: params.uri,
+    version: "1",
+    chainId: params.chainId,
+    nonce,
+    issuedAt: issuedAt.toISOString(),
+    expirationTime: expirationTime.toISOString(),
+    notBefore: params.notBefore?.toISOString(),
+    requestId: params.requestId,
+    resources: params.resources
+  });
+  return {
+    message: siweMessage.prepareMessage(),
+    params: {
+      address: params.address,
+      chainId: params.chainId,
+      domain: params.domain,
+      uri: params.uri,
+      nonce,
+      issuedAt,
+      statement: params.statement,
+      expirationTime,
+      notBefore: params.notBefore,
+      requestId: params.requestId,
+      resources: params.resources
+    }
+  };
+}
+function parseSiweMessage(message) {
+  try {
+    const siweMessage = new import_siwe.SiweMessage(message);
+    return {
+      address: siweMessage.address,
+      chainId: siweMessage.chainId,
+      domain: siweMessage.domain,
+      uri: siweMessage.uri,
+      nonce: siweMessage.nonce,
+      statement: siweMessage.statement,
+      issuedAt: siweMessage.issuedAt ? new Date(siweMessage.issuedAt) : void 0,
+      expirationTime: siweMessage.expirationTime ? new Date(siweMessage.expirationTime) : void 0,
+      notBefore: siweMessage.notBefore ? new Date(siweMessage.notBefore) : void 0,
+      requestId: siweMessage.requestId,
+      resources: siweMessage.resources
+    };
+  } catch {
+    return null;
+  }
+}
+function isSiweMessageExpired(params) {
+  if (!params.expirationTime) return false;
+  return /* @__PURE__ */ new Date() > params.expirationTime;
+}
+function isSiweMessageNotYetValid(params) {
+  if (!params.notBefore) return false;
+  return /* @__PURE__ */ new Date() < params.notBefore;
+}
+
+// src/client/common/auth/index.ts
+init_session();
+
 // src/client/common/utils/instance.ts
 async function getCurrentInstanceType(preflightCtx, appID, logger, clientId) {
   try {
@@ -8083,7 +8763,7 @@ async function getCurrentInstanceType(preflightCtx, appID, logger, clientId) {
       preflightCtx.environmentConfig,
       preflightCtx.walletClient,
       preflightCtx.publicClient,
-      clientId
+      clientId ? { clientId } : void 0
     );
     const infos = await userApiClient.getInfos([appID], 1);
     if (infos.length === 0) {
@@ -8147,6 +8827,7 @@ function createECloudClient(cfg) {
   NotFoundError,
   PRIMARY_LANGUAGES,
   PostHogClient,
+  SessionError,
   TimeoutError,
   UserApiClient,
   addHexPrefix,
@@ -8163,6 +8844,7 @@ function createECloudClient(cfg) {
   createComputeModule,
   createECloudClient,
   createMetricsContext,
+  createSiweMessage,
   createTelemetryClient,
   createViemClients,
   deleteLegacyPrivateKey,
@@ -8179,6 +8861,7 @@ function createECloudClient(cfg) {
   fetchTemplateCatalog,
   formatETH,
   generateNewPrivateKey,
+  generateNonce,
   getAddressFromPrivateKey,
   getAllAppsByDeveloper,
   getAppLatestReleaseBlockNumbers,
@@ -8189,6 +8872,7 @@ function createECloudClient(cfg) {
   getBuildType,
   getCategoryDescriptions,
   getChainFromID,
+  getComputeApiSession,
   getCurrentInstanceType,
   getEnvironmentConfig,
   getLegacyKeys,
@@ -8201,10 +8885,17 @@ function createECloudClient(cfg) {
   isEnvironmentAvailable,
   isMainnet,
   isNoopClient,
+  isSessionValid,
+  isSiweMessageExpired,
+  isSiweMessageNotYetValid,
   isSubscriptionActive,
   keyExists,
   listStoredKeys,
+  loginToComputeApi,
+  logoutFromComputeApi,
   logs,
+  noopLogger,
+  parseSiweMessage,
   prepareDeploy,
   prepareDeployFromVerifiableBuild,
   prepareUpgrade,