@layr-labs/ecloud-sdk 0.2.1-dev → 0.3.0-dev

package/dist/browser.js

@@ -1,3 +1,162 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+
+// src/client/common/auth/session.ts
+var session_exports = {};
+__export(session_exports, {
+  SessionError: () => SessionError,
+  getComputeApiSession: () => getComputeApiSession,
+  isSessionValid: () => isSessionValid,
+  loginToComputeApi: () => loginToComputeApi,
+  logoutFromComputeApi: () => logoutFromComputeApi
+});
+function stripHexPrefix2(hex) {
+  return hex.startsWith("0x") ? hex.slice(2) : hex;
+}
+async function parseErrorResponse(response) {
+  try {
+    const data = await response.json();
+    return data.error || response.statusText;
+  } catch {
+    return response.statusText;
+  }
+}
+async function loginToComputeApi(config, request) {
+  let response;
+  try {
+    response = await fetch(`${config.baseUrl}/auth/siwe/login`, {
+      method: "POST",
+      credentials: "include",
+      // Include cookies for session management
+      headers: {
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify({
+        message: request.message,
+        signature: stripHexPrefix2(request.signature)
+      })
+    });
+  } catch (error) {
+    throw new SessionError(
+      `Network error connecting to ${config.baseUrl}: ${error instanceof Error ? error.message : String(error)}`,
+      "NETWORK_ERROR"
+    );
+  }
+  if (!response.ok) {
+    const errorMessage = await parseErrorResponse(response);
+    const status = response.status;
+    if (status === 400) {
+      if (errorMessage.toLowerCase().includes("siwe")) {
+        throw new SessionError(`Invalid SIWE message: ${errorMessage}`, "INVALID_MESSAGE", status);
+      }
+      throw new SessionError(`Bad request: ${errorMessage}`, "INVALID_MESSAGE", status);
+    }
+    if (status === 401) {
+      throw new SessionError(`Invalid signature: ${errorMessage}`, "INVALID_SIGNATURE", status);
+    }
+    throw new SessionError(`Login failed: ${errorMessage}`, "UNKNOWN", status);
+  }
+  const data = await response.json();
+  return {
+    success: data.success,
+    address: data.address
+  };
+}
+async function getComputeApiSession(config) {
+  let response;
+  try {
+    response = await fetch(`${config.baseUrl}/auth/session`, {
+      method: "GET",
+      credentials: "include",
+      // Include cookies for session management
+      headers: {
+        "Content-Type": "application/json"
+      }
+    });
+  } catch {
+    return {
+      authenticated: false
+    };
+  }
+  if (response.status === 401) {
+    return {
+      authenticated: false
+    };
+  }
+  if (!response.ok) {
+    const errorMessage = await parseErrorResponse(response);
+    throw new SessionError(`Failed to get session: ${errorMessage}`, "UNKNOWN", response.status);
+  }
+  const data = await response.json();
+  return {
+    authenticated: data.authenticated,
+    address: data.address,
+    chainId: data.chain_id
+  };
+}
+async function logoutFromComputeApi(config) {
+  let response;
+  try {
+    response = await fetch(`${config.baseUrl}/auth/logout`, {
+      method: "POST",
+      credentials: "include",
+      // Include cookies for session management
+      headers: {
+        "Content-Type": "application/json"
+      }
+    });
+  } catch (error) {
+    throw new SessionError(
+      `Network error connecting to ${config.baseUrl}: ${error instanceof Error ? error.message : String(error)}`,
+      "NETWORK_ERROR"
+    );
+  }
+  if (response.status === 401) {
+    return;
+  }
+  if (!response.ok) {
+    const errorMessage = await parseErrorResponse(response);
+    throw new SessionError(`Logout failed: ${errorMessage}`, "UNKNOWN", response.status);
+  }
+}
+async function isSessionValid(config) {
+  const session = await getComputeApiSession(config);
+  return session.authenticated;
+}
+var SessionError;
+var init_session = __esm({
+  "src/client/common/auth/session.ts"() {
+    "use strict";
+    SessionError = class extends Error {
+      constructor(message, code, statusCode) {
+        super(message);
+        this.code = code;
+        this.statusCode = statusCode;
+        this.name = "SessionError";
+      }
+    };
+  }
+});
+
+// src/client/common/types/index.ts
+var noopLogger = {
+  debug: () => {
+  },
+  info: () => {
+  },
+  warn: () => {
+  },
+  error: () => {
+  }
+};
+
 // src/client/common/config/environment.ts
 var SEPOLIA_CHAIN_ID = 11155111;
 var MAINNET_CHAIN_ID = 1;
@@ -12,6 +171,14 @@ var ChainAddresses = {
     PermissionController: "0x44632dfBdCb6D3E21EF613B0ca8A6A0c618F5a37"
   }
 };
+var BILLING_ENVIRONMENTS = {
+  dev: {
+    billingApiServerURL: "https://billingapi-dev.eigencloud.xyz"
+  },
+  prod: {
+    billingApiServerURL: "https://billingapi.eigencloud.xyz"
+  }
+};
 var ENVIRONMENTS = {
   "sepolia-dev": {
     name: "sepolia",
@@ -70,6 +237,13 @@ function getEnvironmentConfig(environment, chainID) {
     chainID: BigInt(resolvedChainID)
   };
 }
+function getBillingEnvironmentConfig(build) {
+  const config = BILLING_ENVIRONMENTS[build];
+  if (!config) {
+    throw new Error(`Unknown billing environment: ${build}`);
+  }
+  return config;
+}
 function getBuildType() {
   const buildTimeType = true ? "dev"?.toLowerCase() : void 0;
   const runtimeType = process.env.BUILD_TYPE?.toLowerCase();
@@ -103,8 +277,13 @@ import { privateKeyToAccount } from "viem/accounts";
 
 // src/client/common/constants.ts
 import { sepolia, mainnet } from "viem/chains";
+var SUPPORTED_CHAINS = [mainnet, sepolia];
 
 // src/client/common/utils/helpers.ts
+function getChainFromID(chainID, fallback = sepolia2) {
+  const id = Number(chainID);
+  return extractChain({ chains: SUPPORTED_CHAINS, id }) || fallback;
+}
 function addHexPrefix(value) {
   return value.startsWith("0x") ? value : `0x${value}`;
 }
@@ -338,8 +517,40 @@ async function calculatePermissionSignature(options) {
   });
   return { signature, digest };
 }
+var generateBillingSigData = (product, expiry) => {
+  return {
+    domain: {
+      name: "EigenCloud Billing API",
+      version: "1"
+    },
+    types: {
+      BillingAuth: [
+        { name: "product", type: "string" },
+        { name: "expiry", type: "uint256" }
+      ]
+    },
+    primaryType: "BillingAuth",
+    message: {
+      product,
+      expiry
+    }
+  };
+};
+async function calculateBillingAuthSignature(options) {
+  const { walletClient, product, expiry } = options;
+  const account = walletClient.account;
+  if (!account) {
+    throw new Error("WalletClient must have an account attached");
+  }
+  const signature = await walletClient.signTypedData({
+    account,
+    ...generateBillingSigData(product, expiry)
+  });
+  return { signature, expiry };
+}
 
 // src/client/common/utils/userapi.ts
+init_session();
 function isJsonObject(value) {
   return typeof value === "object" && value !== null && !Array.isArray(value);
 }
@@ -356,15 +567,16 @@ var CanViewAppLogsPermission = "0x2fd3f2fe";
 var CanViewSensitiveAppInfoPermission = "0x0e67b22f";
 var CanUpdateAppProfilePermission = "0x036fef61";
 function getDefaultClientId() {
-  const version = true ? "0.2.1-dev" : "0.0.0";
+  const version = true ? "0.3.0-dev" : "0.0.0";
   return `ecloud-sdk/v${version}`;
 }
 var UserApiClient = class {
-  constructor(config, walletClient, publicClient, clientId) {
+  constructor(config, walletClient, publicClient, options) {
     this.config = config;
     this.walletClient = walletClient;
     this.publicClient = publicClient;
-    this.clientId = clientId || getDefaultClientId();
+    this.clientId = options?.clientId || getDefaultClientId();
+    this.useSession = options?.useSession ?? false;
   }
   /**
    * Get the address of the connected wallet
@@ -452,7 +664,7 @@ var UserApiClient = class {
     const apps = result.apps || result.Apps || [];
     return apps.map((app, i) => ({
       address: app.address || appIDs[i],
-      status: app.status || app.Status || ""
+      status: app.app_status || app.App_Status || ""
     }));
   }
   /**
@@ -484,9 +696,11 @@ var UserApiClient = class {
     const headers = {
       "x-client-id": this.clientId
     };
-    const expiry = BigInt(Math.floor(Date.now() / 1e3) + 5 * 60);
-    const authHeaders = await this.generateAuthHeaders(CanUpdateAppProfilePermission, expiry);
-    Object.assign(headers, authHeaders);
+    if (!this.useSession) {
+      const expiry = BigInt(Math.floor(Date.now() / 1e3) + 5 * 60);
+      const authHeaders = await this.generateAuthHeaders(CanUpdateAppProfilePermission, expiry);
+      Object.assign(headers, authHeaders);
+    }
     try {
       const response = await axios.post(endpoint, formData, {
         headers,
@@ -495,8 +709,10 @@ var UserApiClient = class {
         // Don't throw on any status
         maxContentLength: Infinity,
         // Allow large file uploads
-        maxBodyLength: Infinity
+        maxBodyLength: Infinity,
         // Allow large file uploads
+        withCredentials: true
+        // Include cookies for session auth
       });
       const status = response.status;
       if (status !== 200 && status !== 201) {
@@ -530,7 +746,7 @@ Please check:
     const headers = {
       "x-client-id": this.clientId
     };
-    if (permission) {
+    if (permission && !this.useSession) {
       const expiry = BigInt(Math.floor(Date.now() / 1e3) + 5 * 60);
       const authHeaders = await this.generateAuthHeaders(permission, expiry);
       Object.assign(headers, authHeaders);
@@ -539,8 +755,10 @@ Please check:
       const response = await axios.get(url, {
         headers,
         maxRedirects: 0,
-        validateStatus: () => true
+        validateStatus: () => true,
         // Don't throw on any status
+        withCredentials: true
+        // Include cookies for session auth
       });
       const status = response.status;
       const statusText = status >= 200 && status < 300 ? "OK" : "Error";
@@ -582,6 +800,65 @@ Please check:
       "X-eigenx-expiry": expiry.toString()
     };
   }
+  // ==========================================================================
+  // SIWE Session Management
+  // ==========================================================================
+  /**
+   * Login to the compute API using SIWE (Sign-In with Ethereum)
+   *
+   * This establishes a session with the compute API by verifying the SIWE message
+   * and signature. On success, a session cookie is set in the browser.
+   *
+   * @param request - Login request containing SIWE message and signature
+   * @returns Login result with the authenticated address
+   *
+   * @example
+   * ```typescript
+   * import { createSiweMessage } from "@layr-labs/ecloud-sdk/browser";
+   *
+   * const { message } = createSiweMessage({
+   *   address: userAddress,
+   *   chainId: 11155111,
+   *   domain: window.location.host,
+   *   uri: window.location.origin,
+   * });
+   *
+   * const signature = await signMessageAsync({ message });
+   * const result = await client.siweLogin({ message, signature });
+   * ```
+   */
+  async siweLogin(request) {
+    return loginToComputeApi({ baseUrl: this.config.userApiServerURL }, request);
+  }
+  /**
+   * Logout from the compute API
+   *
+   * This destroys the current session and clears the session cookie.
+   *
+   * @example
+   * ```typescript
+   * await client.siweLogout();
+   * ```
+   */
+  async siweLogout() {
+    return logoutFromComputeApi({ baseUrl: this.config.userApiServerURL });
+  }
+  /**
+   * Get the current SIWE session status from the compute API
+   *
+   * @returns Session information including authentication status and address
+   *
+   * @example
+   * ```typescript
+   * const session = await client.getSiweSession();
+   * if (session.authenticated) {
+   *   console.log(`Logged in as ${session.address}`);
+   * }
+   * ```
+   */
+  async getSiweSession() {
+    return getComputeApiSession({ baseUrl: this.config.userApiServerURL });
+  }
 };
 function transformAppReleaseBuild(raw) {
   if (!isJsonObject(raw)) return void 0;
@@ -626,79 +903,658 @@ function transformAppRelease(raw) {
   };
 }
 
-// src/client/common/contract/eip7702.ts
-import { encodeFunctionData, encodeAbiParameters, decodeErrorResult } from "viem";
+// src/client/common/utils/billingapi.ts
+import axios2 from "axios";
 
-// src/client/common/abis/ERC7702Delegator.json
-var ERC7702Delegator_default = [
-  {
-    type: "constructor",
-    inputs: [
-      {
-        name: "_delegationManager",
-        type: "address",
-        internalType: "contractIDelegationManager"
+// src/client/common/auth/billingSession.ts
+var BillingSessionError = class extends Error {
+  constructor(message, code, statusCode) {
+    super(message);
+    this.code = code;
+    this.statusCode = statusCode;
+    this.name = "BillingSessionError";
+  }
+};
+function stripHexPrefix3(hex) {
+  return hex.startsWith("0x") ? hex.slice(2) : hex;
+}
+async function parseErrorResponse2(response) {
+  try {
+    const data = await response.json();
+    return data.error || response.statusText;
+  } catch {
+    return response.statusText;
+  }
+}
+async function loginToBillingApi(config, request) {
+  let response;
+  try {
+    response = await fetch(`${config.baseUrl}/auth/siwe/login`, {
+      method: "POST",
+      credentials: "include",
+      // Include cookies for session management
+      headers: {
+        "Content-Type": "application/json"
       },
-      {
-        name: "_entryPoint",
-        type: "address",
-        internalType: "contractIEntryPoint"
+      body: JSON.stringify({
+        message: request.message,
+        signature: stripHexPrefix3(request.signature)
+      })
+    });
+  } catch (error) {
+    throw new BillingSessionError(
+      `Network error connecting to ${config.baseUrl}: ${error instanceof Error ? error.message : String(error)}`,
+      "NETWORK_ERROR"
+    );
+  }
+  if (!response.ok) {
+    const errorMessage = await parseErrorResponse2(response);
+    const status = response.status;
+    if (status === 400) {
+      if (errorMessage.toLowerCase().includes("siwe")) {
+        throw new BillingSessionError(`Invalid SIWE message: ${errorMessage}`, "INVALID_MESSAGE", status);
       }
-    ],
-    stateMutability: "nonpayable"
-  },
-  {
-    type: "receive",
-    stateMutability: "payable"
-  },
-  {
-    type: "function",
-    name: "DOMAIN_VERSION",
-    inputs: [],
-    outputs: [
-      {
-        name: "",
-        type: "string",
-        internalType: "string"
+      throw new BillingSessionError(`Bad request: ${errorMessage}`, "INVALID_MESSAGE", status);
+    }
+    if (status === 401) {
+      throw new BillingSessionError(`Invalid signature: ${errorMessage}`, "INVALID_SIGNATURE", status);
+    }
+    throw new BillingSessionError(`Login failed: ${errorMessage}`, "UNKNOWN", status);
+  }
+  const data = await response.json();
+  return {
+    success: data.success,
+    address: data.address
+  };
+}
+async function getBillingApiSession(config) {
+  let response;
+  try {
+    response = await fetch(`${config.baseUrl}/auth/session`, {
+      method: "GET",
+      credentials: "include",
+      // Include cookies for session management
+      headers: {
+        "Content-Type": "application/json"
       }
-    ],
-    stateMutability: "view"
-  },
-  {
-    type: "function",
-    name: "NAME",
-    inputs: [],
-    outputs: [
-      {
-        name: "",
-        type: "string",
-        internalType: "string"
+    });
+  } catch {
+    return {
+      authenticated: false
+    };
+  }
+  if (response.status === 401) {
+    return {
+      authenticated: false
+    };
+  }
+  if (!response.ok) {
+    const errorMessage = await parseErrorResponse2(response);
+    throw new BillingSessionError(`Failed to get session: ${errorMessage}`, "UNKNOWN", response.status);
+  }
+  const data = await response.json();
+  return {
+    authenticated: data.authenticated,
+    address: data.address,
+    chainId: data.chainId,
+    authenticatedAt: data.authenticatedAt
+  };
+}
+async function logoutFromBillingApi(config) {
+  let response;
+  try {
+    response = await fetch(`${config.baseUrl}/auth/logout`, {
+      method: "POST",
+      credentials: "include",
+      // Include cookies for session management
+      headers: {
+        "Content-Type": "application/json"
       }
-    ],
-    stateMutability: "view"
-  },
-  {
-    type: "function",
-    name: "PACKED_USER_OP_TYPEHASH",
-    inputs: [],
-    outputs: [
-      {
-        name: "",
-        type: "bytes32",
-        internalType: "bytes32"
+    });
+  } catch (error) {
+    throw new BillingSessionError(
+      `Network error connecting to ${config.baseUrl}: ${error instanceof Error ? error.message : String(error)}`,
+      "NETWORK_ERROR"
+    );
+  }
+  if (response.status === 401) {
+    return;
+  }
+  if (!response.ok) {
+    const errorMessage = await parseErrorResponse2(response);
+    throw new BillingSessionError(`Logout failed: ${errorMessage}`, "UNKNOWN", response.status);
+  }
+}
+async function isBillingSessionValid(config) {
+  const session = await getBillingApiSession(config);
+  return session.authenticated;
+}
+async function loginToBothApis(computeConfig, billingConfig, request) {
+  const { loginToComputeApi: loginToComputeApi2 } = await Promise.resolve().then(() => (init_session(), session_exports));
+  const [compute, billing] = await Promise.all([
+    loginToComputeApi2(computeConfig, request),
+    loginToBillingApi(billingConfig, request)
+  ]);
+  return { compute, billing };
+}
+async function logoutFromBothApis(computeConfig, billingConfig) {
+  const { logoutFromComputeApi: logoutFromComputeApi2 } = await Promise.resolve().then(() => (init_session(), session_exports));
+  await Promise.all([
+    logoutFromComputeApi2(computeConfig),
+    logoutFromBillingApi(billingConfig)
+  ]);
+}
+
+// src/client/common/utils/billingapi.ts
+var BillingApiClient = class {
+  constructor(config, walletClient, options = {}) {
+    this.config = config;
+    this.walletClient = walletClient;
+    this.options = options;
+    this.useSession = options.useSession ?? false;
+    if (!this.useSession && !walletClient) {
+      throw new Error("WalletClient is required when not using session authentication");
+    }
+  }
+  /**
+   * Get the address of the connected wallet
+   * Returns undefined if using session auth without a wallet client
+   */
+  get address() {
+    const account = this.walletClient?.account;
+    if (!account) {
+      if (!this.useSession) {
+        throw new Error("WalletClient must have an account attached");
       }
-    ],
-    stateMutability: "view"
-  },
-  {
-    type: "function",
-    name: "VERSION",
-    inputs: [],
-    outputs: [
-      {
-        name: "",
-        type: "string",
-        internalType: "string"
+      return void 0;
+    }
+    return account.address;
+  }
+  /**
+   * Get the base URL of the billing API
+   */
+  get baseUrl() {
+    return this.config.billingApiServerURL;
+  }
+  // ==========================================================================
+  // SIWE Session Methods
+  // ==========================================================================
+  /**
+   * Login to the billing API using SIWE
+   *
+   * This establishes a session with the billing API by verifying the SIWE message
+   * and signature. On success, a session cookie is set in the browser.
+   *
+   * @param request - Login request containing SIWE message and signature
+   * @returns Login result with the authenticated address
+   *
+   * @example
+   * ```typescript
+   * const { message } = createSiweMessage({
+   *   address: userAddress,
+   *   chainId: 11155111,
+   *   domain: window.location.host,
+   *   uri: window.location.origin,
+   * });
+   *
+   * const signature = await signMessageAsync({ message });
+   * const result = await billingClient.siweLogin({ message, signature });
+   * ```
+   */
+  async siweLogin(request) {
+    return loginToBillingApi({ baseUrl: this.baseUrl }, request);
+  }
+  /**
+   * Logout from the billing API
+   *
+   * This destroys the current session and clears the session cookie.
+   */
+  async siweLogout() {
+    return logoutFromBillingApi({ baseUrl: this.baseUrl });
+  }
+  /**
+   * Get the current session status from the billing API
+   *
+   * @returns Session information including authentication status and address
+   */
+  async getSession() {
+    return getBillingApiSession({ baseUrl: this.baseUrl });
+  }
+  /**
+   * Check if there is a valid session
+   *
+   * @returns True if session is authenticated, false otherwise
+   */
+  async isSessionValid() {
+    const session = await this.getSession();
+    return session.authenticated;
+  }
+  // ==========================================================================
+  // Subscription Methods
+  // ==========================================================================
+  async createSubscription(productId = "compute", options) {
+    const endpoint = `${this.config.billingApiServerURL}/products/${productId}/subscription`;
+    const body = options ? {
+      success_url: options.successUrl,
+      cancel_url: options.cancelUrl
+    } : void 0;
+    const resp = await this.makeAuthenticatedRequest(endpoint, "POST", productId, body);
+    return resp.json();
+  }
+  async getSubscription(productId = "compute") {
+    const endpoint = `${this.config.billingApiServerURL}/products/${productId}/subscription`;
+    const resp = await this.makeAuthenticatedRequest(endpoint, "GET", productId);
+    return resp.json();
+  }
+  async cancelSubscription(productId = "compute") {
+    const endpoint = `${this.config.billingApiServerURL}/products/${productId}/subscription`;
+    await this.makeAuthenticatedRequest(endpoint, "DELETE", productId);
+  }
+  // ==========================================================================
+  // Internal Methods
+  // ==========================================================================
+  /**
+   * Make an authenticated request to the billing API
+   *
+   * Uses session auth if useSession is true, otherwise uses EIP-712 signature auth.
+   */
+  async makeAuthenticatedRequest(url, method, productId, body) {
+    if (this.useSession) {
+      return this.makeSessionAuthenticatedRequest(url, method, body);
+    }
+    return this.makeSignatureAuthenticatedRequest(url, method, productId, body);
+  }
+  /**
+   * Make a request using session-based authentication (cookies)
+   */
+  async makeSessionAuthenticatedRequest(url, method, body) {
+    const headers = {};
+    if (body) {
+      headers["Content-Type"] = "application/json";
+    }
+    try {
+      const response = await fetch(url, {
+        method,
+        credentials: "include",
+        // Include cookies for session management
+        headers,
+        body: body ? JSON.stringify(body) : void 0
+      });
+      const status = response.status;
+      const statusText = status >= 200 && status < 300 ? "OK" : "Error";
+      if (status < 200 || status >= 300) {
+        let errorBody;
+        try {
+          errorBody = await response.text();
+        } catch {
+          errorBody = statusText;
+        }
+        throw new Error(`BillingAPI request failed: ${status} ${statusText} - ${errorBody}`);
+      }
+      const responseData = await response.json();
+      return {
+        json: async () => responseData,
+        text: async () => JSON.stringify(responseData)
+      };
+    } catch (error) {
+      if (error.name === "TypeError" || error.message?.includes("fetch")) {
+        throw new Error(
+          `Failed to connect to BillingAPI at ${url}: ${error.message}
+Please check:
+1. Your internet connection
+2. The API server is accessible: ${this.config.billingApiServerURL}
+3. Firewall/proxy settings`
+        );
+      }
+      throw error;
+    }
+  }
+  /**
+   * Make a request using EIP-712 signature authentication
+   */
+  async makeSignatureAuthenticatedRequest(url, method, productId, body) {
+    if (!this.walletClient) {
+      throw new Error("WalletClient is required for signature authentication");
+    }
+    const expiry = BigInt(Math.floor(Date.now() / 1e3) + 5 * 60);
+    const { signature } = await calculateBillingAuthSignature({
+      walletClient: this.walletClient,
+      product: productId,
+      expiry
+    });
+    const headers = {
+      Authorization: `Bearer ${signature}`,
+      "X-Account": this.address,
+      "X-Expiry": expiry.toString()
+    };
+    if (body) {
+      headers["Content-Type"] = "application/json";
+    }
+    try {
+      const response = await axios2({
+        method,
+        url,
+        headers,
+        data: body,
+        timeout: 3e4,
+        maxRedirects: 0,
+        validateStatus: () => true
+        // Don't throw on any status
+      });
+      const status = response.status;
+      const statusText = status >= 200 && status < 300 ? "OK" : "Error";
+      if (status < 200 || status >= 300) {
+        const body2 = typeof response.data === "string" ? response.data : JSON.stringify(response.data);
+        throw new Error(`BillingAPI request failed: ${status} ${statusText} - ${body2}`);
+      }
+      return {
+        json: async () => response.data,
+        text: async () => typeof response.data === "string" ? response.data : JSON.stringify(response.data)
+      };
+    } catch (error) {
+      if (error.message?.includes("fetch failed") || error.message?.includes("ECONNREFUSED") || error.message?.includes("ENOTFOUND") || error.cause) {
+        const cause = error.cause?.message || error.cause || error.message;
+        throw new Error(
+          `Failed to connect to BillingAPI at ${url}: ${cause}
+Please check:
+1. Your internet connection
+2. The API server is accessible: ${this.config.billingApiServerURL}
+3. Firewall/proxy settings`
+        );
+      }
+      throw error;
+    }
+  }
+};
+
+// src/client/common/utils/buildapi.ts
+import axios3 from "axios";
+var MAX_RETRIES = 5;
+var INITIAL_BACKOFF_MS = 1e3;
+var MAX_BACKOFF_MS = 3e4;
+async function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+function getRetryDelay(res, attempt) {
+  const retryAfter = res.headers["retry-after"];
+  if (retryAfter) {
+    const seconds = parseInt(retryAfter, 10);
+    if (!isNaN(seconds)) {
+      return Math.min(seconds * 1e3, MAX_BACKOFF_MS);
+    }
+  }
+  return Math.min(INITIAL_BACKOFF_MS * Math.pow(2, attempt), MAX_BACKOFF_MS);
+}
+async function requestWithRetry(config) {
+  let lastResponse;
+  for (let attempt = 0; attempt <= MAX_RETRIES; attempt++) {
+    const res = await axios3({ ...config, validateStatus: () => true });
+    lastResponse = res;
+    if (res.status !== 429) {
+      return res;
+    }
+    if (attempt < MAX_RETRIES) {
+      const delay = getRetryDelay(res, attempt);
+      await sleep(delay);
+    }
+  }
+  return lastResponse;
+}
+var BuildApiClient = class {
+  constructor(options) {
+    let url = options.baseUrl;
+    while (url.endsWith("/")) {
+      url = url.slice(0, -1);
+    }
+    this.baseUrl = url;
+    this.clientId = options.clientId;
+    this.walletClient = options.walletClient;
+    this.useSession = options.useSession ?? false;
+    this.billingSessionId = options.billingSessionId;
+  }
+  /**
+   * Update the billing session ID.
+   * Call this after logging into the billing API to enable session-based auth for builds.
+   */
+  setBillingSessionId(sessionId) {
+    this.billingSessionId = sessionId;
+  }
+  /**
+   * Get the address of the connected wallet
+   */
+  get address() {
+    const account = this.walletClient?.account;
+    if (!account) {
+      throw new Error("WalletClient must have an account attached");
+    }
+    return account.address;
+  }
+  /**
+   * Submit a new build request.
+   * Supports two auth modes (session auth is tried first when billingSessionId is available):
+   * 1. Session-based auth: X-Billing-Session header (forwarded billing_session cookie)
+   * 2. Signature-based auth: Authorization + X-Account + X-eigenx-expiry headers (requires walletClient)
+   */
+  async submitBuild(payload) {
+    if (this.useSession && this.billingSessionId) {
+      return this.billingSessionAuthJsonRequest("/builds", "POST", payload);
+    }
+    return this.signatureAuthJsonRequest("/builds", "POST", payload);
+  }
+  async getBuild(buildId) {
+    return this.publicJsonRequest(`/builds/${encodeURIComponent(buildId)}`);
+  }
+  async getBuildByDigest(digest) {
+    return this.publicJsonRequest(`/builds/image/${encodeURIComponent(digest)}`);
+  }
+  async verify(identifier) {
+    return this.publicJsonRequest(`/builds/verify/${encodeURIComponent(identifier)}`);
+  }
+  /**
+   * Get build logs. Supports session auth (identity verification only, no billing check).
+   */
+  async getLogs(buildId) {
+    return this.sessionOrSignatureTextRequest(`/builds/${encodeURIComponent(buildId)}/logs`);
+  }
+  async listBuilds(params) {
+    const res = await requestWithRetry({
+      url: `${this.baseUrl}/builds`,
+      method: "GET",
+      params,
+      headers: this.clientId ? { "x-client-id": this.clientId } : void 0,
+      timeout: 6e4,
+      validateStatus: () => true,
+      withCredentials: this.useSession
+    });
+    if (res.status < 200 || res.status >= 300) throw buildApiHttpError(res);
+    return res.data;
+  }
+  async publicJsonRequest(path) {
+    const res = await requestWithRetry({
+      url: `${this.baseUrl}${path}`,
+      method: "GET",
+      headers: this.clientId ? { "x-client-id": this.clientId } : void 0,
+      timeout: 6e4,
+      validateStatus: () => true,
+      withCredentials: this.useSession
+    });
+    if (res.status < 200 || res.status >= 300) throw buildApiHttpError(res);
+    return res.data;
+  }
+  /**
+   * Make a request that ALWAYS requires signature auth (for billing verification).
+   * Used for endpoints like POST /builds that need to verify subscription status.
+   */
+  async signatureAuthJsonRequest(path, method, body) {
+    if (!this.walletClient?.account) {
+      throw new Error("WalletClient with account required for authenticated requests");
+    }
+    const headers = {
+      "Content-Type": "application/json"
+    };
+    if (this.clientId) headers["x-client-id"] = this.clientId;
+    const expiry = BigInt(Math.floor(Date.now() / 1e3) + 60);
+    const { signature } = await calculateBillingAuthSignature({
+      walletClient: this.walletClient,
+      product: "compute",
+      expiry
+    });
+    headers.Authorization = `Bearer ${signature}`;
+    headers["X-eigenx-expiry"] = expiry.toString();
+    headers["X-Account"] = this.address;
+    const res = await requestWithRetry({
+      url: `${this.baseUrl}${path}`,
+      method,
+      headers,
+      data: body,
+      timeout: 6e4,
+      validateStatus: () => true,
+      withCredentials: this.useSession
+    });
+    if (res.status < 200 || res.status >= 300) throw buildApiHttpError(res);
+    return res.data;
+  }
+  /**
+   * Make a request using billing session auth (for billing verification without wallet signature).
+   * Forwards the billing_session cookie value via X-Billing-Session header.
+   * Used for endpoints that need to verify subscription status when using session-based auth.
+   */
+  async billingSessionAuthJsonRequest(path, method, body) {
+    if (!this.billingSessionId) {
+      throw new Error("billingSessionId required for session-based billing auth");
+    }
+    const headers = {
+      "Content-Type": "application/json",
+      "X-Billing-Session": this.billingSessionId
+    };
+    if (this.clientId) headers["x-client-id"] = this.clientId;
+    const res = await requestWithRetry({
+      url: `${this.baseUrl}${path}`,
+      method,
+      headers,
+      data: body,
+      timeout: 6e4,
+      validateStatus: () => true,
+      withCredentials: this.useSession
+    });
+    if (res.status < 200 || res.status >= 300) throw buildApiHttpError(res);
+    return res.data;
+  }
+  /**
+   * Make an authenticated request that can use session OR signature auth.
+   * When useSession is true, relies on cookies for identity verification.
+   * Used for endpoints that only need identity verification (not billing).
+   */
+  async sessionOrSignatureTextRequest(path) {
+    const headers = {};
+    if (this.clientId) headers["x-client-id"] = this.clientId;
+    if (!this.useSession) {
+      if (!this.walletClient?.account) {
+        throw new Error("WalletClient with account required for authenticated requests");
+      }
+      const expiry = BigInt(Math.floor(Date.now() / 1e3) + 60);
+      const { signature } = await calculateBillingAuthSignature({
+        walletClient: this.walletClient,
+        product: "compute",
+        expiry
+      });
+      headers.Authorization = `Bearer ${signature}`;
+      headers["X-eigenx-expiry"] = expiry.toString();
+      headers["X-Account"] = this.address;
+    }
+    const res = await requestWithRetry({
+      url: `${this.baseUrl}${path}`,
+      method: "GET",
+      headers,
+      timeout: 6e4,
+      responseType: "text",
+      validateStatus: () => true,
+      withCredentials: this.useSession
+    });
+    if (res.status < 200 || res.status >= 300) throw buildApiHttpError(res);
+    return typeof res.data === "string" ? res.data : JSON.stringify(res.data);
+  }
+};
+function buildApiHttpError(res) {
+  const status = res.status;
+  const body = typeof res.data === "string" ? res.data : res.data ? JSON.stringify(res.data) : "";
+  const url = res.config?.url ? ` ${res.config.url}` : "";
+  return new Error(`BuildAPI request failed: ${status}${url} - ${body || "Unknown error"}`);
+}
+
+// src/client/common/contract/eip7702.ts
+import { encodeFunctionData, encodeAbiParameters, decodeErrorResult } from "viem";
+
+// src/client/common/abis/ERC7702Delegator.json
+var ERC7702Delegator_default = [
+  {
+    type: "constructor",
+    inputs: [
+      {
+        name: "_delegationManager",
+        type: "address",
+        internalType: "contractIDelegationManager"
+      },
+      {
+        name: "_entryPoint",
+        type: "address",
+        internalType: "contractIEntryPoint"
+      }
+    ],
+    stateMutability: "nonpayable"
+  },
+  {
+    type: "receive",
+    stateMutability: "payable"
+  },
+  {
+    type: "function",
+    name: "DOMAIN_VERSION",
+    inputs: [],
+    outputs: [
+      {
+        name: "",
+        type: "string",
+        internalType: "string"
+      }
+    ],
+    stateMutability: "view"
+  },
+  {
+    type: "function",
+    name: "NAME",
+    inputs: [],
+    outputs: [
+      {
+        name: "",
+        type: "string",
+        internalType: "string"
+      }
+    ],
+    stateMutability: "view"
+  },
+  {
+    type: "function",
+    name: "PACKED_USER_OP_TYPEHASH",
+    inputs: [],
+    outputs: [
+      {
+        name: "",
+        type: "bytes32",
+        internalType: "bytes32"
+      }
+    ],
+    stateMutability: "view"
+  },
+  {
+    type: "function",
+    name: "VERSION",
+    inputs: [],
+    outputs: [
+      {
+        name: "",
+        type: "string",
+        internalType: "string"
       }
     ],
     stateMutability: "view"
@@ -1706,13 +2562,99 @@ async function estimateBatchGas(options) {
     maxCostEth: formatETH(maxCostWei)
   };
 }
+async function checkERC7702Delegation(publicClient, account, delegatorAddress) {
+  const code = await publicClient.getCode({ address: account });
+  if (!code) {
+    return false;
+  }
+  const expectedCode = `0xef0100${delegatorAddress.slice(2)}`;
+  return code.toLowerCase() === expectedCode.toLowerCase();
+}
+async function executeBatch(options, logger = noopLogger) {
+  const { walletClient, publicClient, environmentConfig, executions, pendingMessage, gas } = options;
+  const account = walletClient.account;
+  if (!account) {
+    throw new Error("Wallet client must have an account");
+  }
+  const chain = walletClient.chain;
+  if (!chain) {
+    throw new Error("Wallet client must have a chain");
+  }
+  const executeBatchData = encodeExecuteBatchData(executions);
+  const isDelegated2 = await checkERC7702Delegation(
+    publicClient,
+    account.address,
+    environmentConfig.erc7702DelegatorAddress
+  );
+  let authorizationList = [];
+  if (!isDelegated2) {
+    const transactionNonce = await publicClient.getTransactionCount({
+      address: account.address,
+      blockTag: "pending"
+    });
+    const chainId = await publicClient.getChainId();
+    const authorizationNonce = transactionNonce + 1;
+    logger.debug("Using wallet client signing for EIP-7702 authorization");
+    const signedAuthorization = await walletClient.signAuthorization({
+      account: account.address,
+      contractAddress: environmentConfig.erc7702DelegatorAddress,
+      chainId,
+      nonce: Number(authorizationNonce)
+    });
+    authorizationList = [signedAuthorization];
+  }
+  if (pendingMessage) {
+    logger.info(pendingMessage);
+  }
+  const txRequest = {
+    account: walletClient.account,
+    chain,
+    to: account.address,
+    data: executeBatchData,
+    value: 0n
+  };
+  if (authorizationList.length > 0) {
+    txRequest.authorizationList = authorizationList;
+  }
+  if (gas?.maxFeePerGas) {
+    txRequest.maxFeePerGas = gas.maxFeePerGas;
+  }
+  if (gas?.maxPriorityFeePerGas) {
+    txRequest.maxPriorityFeePerGas = gas.maxPriorityFeePerGas;
+  }
+  const hash = await walletClient.sendTransaction(txRequest);
+  logger.info(`Transaction sent: ${hash}`);
+  const receipt = await publicClient.waitForTransactionReceipt({ hash });
+  if (receipt.status === "reverted") {
+    let revertReason = "Unknown reason";
+    try {
+      await publicClient.call({
+        to: account.address,
+        data: executeBatchData,
+        account: account.address
+      });
+    } catch (callError) {
+      if (callError.data) {
+        try {
+          const decoded = decodeErrorResult({
+            abi: ERC7702Delegator_default,
+            data: callError.data
+          });
+          revertReason = `${decoded.errorName}: ${JSON.stringify(decoded.args)}`;
+        } catch {
+          revertReason = callError.message || "Unknown reason";
+        }
+      } else {
+        revertReason = callError.message || "Unknown reason";
+      }
+    }
+    throw new Error(`Transaction reverted: ${hash}. Reason: ${revertReason}`);
+  }
+  return hash;
+}
 
 // src/client/common/contract/caller.ts
-import {
-  encodeFunctionData as encodeFunctionData2,
-  decodeErrorResult as decodeErrorResult2,
-  bytesToHex
-} from "viem";
+import { encodeFunctionData as encodeFunctionData2, decodeErrorResult as decodeErrorResult2, bytesToHex } from "viem";
 
 // src/client/common/abis/AppController.json
 var AppController_default = [
@@ -2762,55 +3704,1047 @@ var AppController_default = [
   }
 ];
 
-// src/client/common/contract/caller.ts
-function formatETH(wei) {
-  const eth = Number(wei) / 1e18;
-  const costStr = eth.toFixed(6);
-  const trimmed = costStr.replace(/\.?0+$/, "");
-  if (trimmed === "0" && wei > 0n) {
-    return "<0.000001";
-  }
-  return trimmed;
-}
-async function estimateTransactionGas(options) {
-  const { publicClient, from, to, data, value = 0n } = options;
-  const fees = await publicClient.estimateFeesPerGas();
-  const gasLimit = await publicClient.estimateGas({
-    account: from,
-    to,
-    data,
-    value
-  });
-  const maxFeePerGas = fees.maxFeePerGas;
-  const maxPriorityFeePerGas = fees.maxPriorityFeePerGas;
-  const maxCostWei = gasLimit * maxFeePerGas;
-  const maxCostEth = formatETH(maxCostWei);
-  return {
-    gasLimit,
-    maxFeePerGas,
-    maxPriorityFeePerGas,
-    maxCostWei,
-    maxCostEth
-  };
-}
-async function getActiveAppCount(publicClient, environmentConfig, user) {
-  const count = await publicClient.readContract({
-    address: environmentConfig.appControllerAddress,
-    abi: AppController_default,
-    functionName: "getActiveAppCount",
-    args: [user]
-  });
-  return Number(count);
-}
-async function getMaxActiveAppsPerUser(publicClient, environmentConfig, user) {
-  const quota = await publicClient.readContract({
-    address: environmentConfig.appControllerAddress,
-    abi: AppController_default,
-    functionName: "getMaxActiveAppsPerUser",
-    args: [user]
-  });
-  return Number(quota);
-}
+// src/client/common/abis/PermissionController.json
+var PermissionController_default = [
+  {
+    type: "function",
+    name: "acceptAdmin",
+    inputs: [
+      {
+        name: "account",
+        type: "address",
+        internalType: "address"
+      }
+    ],
+    outputs: [],
+    stateMutability: "nonpayable"
+  },
+  {
+    type: "function",
+    name: "addPendingAdmin",
+    inputs: [
+      {
+        name: "account",
+        type: "address",
+        internalType: "address"
+      },
+      {
+        name: "admin",
+        type: "address",
+        internalType: "address"
+      }
+    ],
+    outputs: [],
+    stateMutability: "nonpayable"
+  },
+  {
+    type: "function",
+    name: "canCall",
+    inputs: [
+      {
+        name: "account",
+        type: "address",
+        internalType: "address"
+      },
+      {
+        name: "caller",
+        type: "address",
+        internalType: "address"
+      },
+      {
+        name: "target",
+        type: "address",
+        internalType: "address"
+      },
+      {
+        name: "selector",
+        type: "bytes4",
+        internalType: "bytes4"
+      }
+    ],
+    outputs: [
+      {
+        name: "",
+        type: "bool",
+        internalType: "bool"
+      }
+    ],
+    stateMutability: "nonpayable"
+  },
+  {
+    type: "function",
+    name: "getAdmins",
+    inputs: [
+      {
+        name: "account",
+        type: "address",
+        internalType: "address"
+      }
+    ],
+    outputs: [
+      {
+        name: "",
+        type: "address[]",
+        internalType: "address[]"
+      }
+    ],
+    stateMutability: "view"
+  },
+  {
+    type: "function",
+    name: "getAppointeePermissions",
+    inputs: [
+      {
+        name: "account",
+        type: "address",
+        internalType: "address"
+      },
+      {
+        name: "appointee",
+        type: "address",
+        internalType: "address"
+      }
+    ],
+    outputs: [
+      {
+        name: "",
+        type: "address[]",
+        internalType: "address[]"
+      },
+      {
+        name: "",
+        type: "bytes4[]",
+        internalType: "bytes4[]"
+      }
+    ],
+    stateMutability: "nonpayable"
+  },
+  {
+    type: "function",
+    name: "getAppointees",
+    inputs: [
+      {
+        name: "account",
+        type: "address",
+        internalType: "address"
+      },
+      {
+        name: "target",
+        type: "address",
+        internalType: "address"
+      },
+      {
+        name: "selector",
+        type: "bytes4",
+        internalType: "bytes4"
+      }
+    ],
+    outputs: [
+      {
+        name: "",
+        type: "address[]",
+        internalType: "address[]"
+      }
+    ],
+    stateMutability: "nonpayable"
+  },
+  {
+    type: "function",
+    name: "getPendingAdmins",
+    inputs: [
+      {
+        name: "account",
+        type: "address",
+        internalType: "address"
+      }
+    ],
+    outputs: [
+      {
+        name: "",
+        type: "address[]",
+        internalType: "address[]"
+      }
+    ],
+    stateMutability: "view"
+  },
+  {
+    type: "function",
+    name: "isAdmin",
+    inputs: [
+      {
+        name: "account",
+        type: "address",
+        internalType: "address"
+      },
+      {
+        name: "caller",
+        type: "address",
+        internalType: "address"
+      }
+    ],
+    outputs: [
+      {
+        name: "",
+        type: "bool",
+        internalType: "bool"
+      }
+    ],
+    stateMutability: "view"
+  },
+  {
+    type: "function",
+    name: "isPendingAdmin",
+    inputs: [
+      {
+        name: "account",
+        type: "address",
+        internalType: "address"
+      },
+      {
+        name: "pendingAdmin",
+        type: "address",
+        internalType: "address"
+      }
+    ],
+    outputs: [
+      {
+        name: "",
+        type: "bool",
+        internalType: "bool"
+      }
+    ],
+    stateMutability: "view"
+  },
+  {
+    type: "function",
+    name: "removeAdmin",
+    inputs: [
+      {
+        name: "account",
+        type: "address",
+        internalType: "address"
+      },
+      {
+        name: "admin",
+        type: "address",
+        internalType: "address"
+      }
+    ],
+    outputs: [],
+    stateMutability: "nonpayable"
+  },
+  {
+    type: "function",
+    name: "removeAppointee",
+    inputs: [
+      {
+        name: "account",
+        type: "address",
+        internalType: "address"
+      },
+      {
+        name: "appointee",
+        type: "address",
+        internalType: "address"
+      },
+      {
+        name: "target",
+        type: "address",
+        internalType: "address"
+      },
+      {
+        name: "selector",
+        type: "bytes4",
+        internalType: "bytes4"
+      }
+    ],
+    outputs: [],
+    stateMutability: "nonpayable"
+  },
+  {
+    type: "function",
+    name: "removePendingAdmin",
+    inputs: [
+      {
+        name: "account",
+        type: "address",
+        internalType: "address"
+      },
+      {
+        name: "admin",
+        type: "address",
+        internalType: "address"
+      }
+    ],
+    outputs: [],
+    stateMutability: "nonpayable"
+  },
+  {
+    type: "function",
+    name: "setAppointee",
+    inputs: [
+      {
+        name: "account",
+        type: "address",
+        internalType: "address"
+      },
+      {
+        name: "appointee",
+        type: "address",
+        internalType: "address"
+      },
+      {
+        name: "target",
+        type: "address",
+        internalType: "address"
+      },
+      {
+        name: "selector",
+        type: "bytes4",
+        internalType: "bytes4"
+      }
+    ],
+    outputs: [],
+    stateMutability: "nonpayable"
+  },
+  {
+    type: "function",
+    name: "version",
+    inputs: [],
+    outputs: [
+      {
+        name: "",
+        type: "string",
+        internalType: "string"
+      }
+    ],
+    stateMutability: "view"
+  },
+  {
+    type: "event",
+    name: "AdminRemoved",
+    inputs: [
+      {
+        name: "account",
+        type: "address",
+        indexed: true,
+        internalType: "address"
+      },
+      {
+        name: "admin",
+        type: "address",
+        indexed: false,
+        internalType: "address"
+      }
+    ],
+    anonymous: false
+  },
+  {
+    type: "event",
+    name: "AdminSet",
+    inputs: [
+      {
+        name: "account",
+        type: "address",
+        indexed: true,
+        internalType: "address"
+      },
+      {
+        name: "admin",
+        type: "address",
+        indexed: false,
+        internalType: "address"
+      }
+    ],
+    anonymous: false
+  },
+  {
+    type: "event",
+    name: "AppointeeRemoved",
+    inputs: [
+      {
+        name: "account",
+        type: "address",
+        indexed: true,
+        internalType: "address"
+      },
+      {
+        name: "appointee",
+        type: "address",
+        indexed: true,
+        internalType: "address"
+      },
+      {
+        name: "target",
+        type: "address",
+        indexed: false,
+        internalType: "address"
+      },
+      {
+        name: "selector",
+        type: "bytes4",
+        indexed: false,
+        internalType: "bytes4"
+      }
+    ],
+    anonymous: false
+  },
+  {
+    type: "event",
+    name: "AppointeeSet",
+    inputs: [
+      {
+        name: "account",
+        type: "address",
+        indexed: true,
+        internalType: "address"
+      },
+      {
+        name: "appointee",
+        type: "address",
+        indexed: true,
+        internalType: "address"
+      },
+      {
+        name: "target",
+        type: "address",
+        indexed: false,
+        internalType: "address"
+      },
+      {
+        name: "selector",
+        type: "bytes4",
+        indexed: false,
+        internalType: "bytes4"
+      }
+    ],
+    anonymous: false
+  },
+  {
+    type: "event",
+    name: "PendingAdminAdded",
+    inputs: [
+      {
+        name: "account",
+        type: "address",
+        indexed: true,
+        internalType: "address"
+      },
+      {
+        name: "admin",
+        type: "address",
+        indexed: false,
+        internalType: "address"
+      }
+    ],
+    anonymous: false
+  },
+  {
+    type: "event",
+    name: "PendingAdminRemoved",
+    inputs: [
+      {
+        name: "account",
+        type: "address",
+        indexed: true,
+        internalType: "address"
+      },
+      {
+        name: "admin",
+        type: "address",
+        indexed: false,
+        internalType: "address"
+      }
+    ],
+    anonymous: false
+  },
+  {
+    type: "error",
+    name: "AdminAlreadyPending",
+    inputs: []
+  },
+  {
+    type: "error",
+    name: "AdminAlreadySet",
+    inputs: []
+  },
+  {
+    type: "error",
+    name: "AdminNotPending",
+    inputs: []
+  },
+  {
+    type: "error",
+    name: "AdminNotSet",
+    inputs: []
+  },
+  {
+    type: "error",
+    name: "AppointeeAlreadySet",
+    inputs: []
+  },
+  {
+    type: "error",
+    name: "AppointeeNotSet",
+    inputs: []
+  },
+  {
+    type: "error",
+    name: "CannotHaveZeroAdmins",
+    inputs: []
+  },
+  {
+    type: "error",
+    name: "NotAdmin",
+    inputs: []
+  }
+];
+
+// src/client/common/contract/caller.ts
+function formatETH(wei) {
+  const eth = Number(wei) / 1e18;
+  const costStr = eth.toFixed(6);
+  const trimmed = costStr.replace(/\.?0+$/, "");
+  if (trimmed === "0" && wei > 0n) {
+    return "<0.000001";
+  }
+  return trimmed;
+}
+async function estimateTransactionGas(options) {
+  const { publicClient, from, to, data, value = 0n } = options;
+  const fees = await publicClient.estimateFeesPerGas();
+  const gasLimit = await publicClient.estimateGas({
+    account: from,
+    to,
+    data,
+    value
+  });
+  const maxFeePerGas = fees.maxFeePerGas;
+  const maxPriorityFeePerGas = fees.maxPriorityFeePerGas;
+  const maxCostWei = gasLimit * maxFeePerGas;
+  const maxCostEth = formatETH(maxCostWei);
+  return {
+    gasLimit,
+    maxFeePerGas,
+    maxPriorityFeePerGas,
+    maxCostWei,
+    maxCostEth
+  };
+}
+async function calculateAppID(options) {
+  const { publicClient, environmentConfig, ownerAddress, salt } = options;
+  const saltHexString = bytesToHex(salt).slice(2);
+  const paddedSaltHex = saltHexString.padStart(64, "0");
+  const saltHex = `0x${paddedSaltHex}`;
+  const appID = await publicClient.readContract({
+    address: environmentConfig.appControllerAddress,
+    abi: AppController_default,
+    functionName: "calculateAppId",
+    args: [ownerAddress, saltHex]
+  });
+  return appID;
+}
+async function prepareDeployBatch(options, logger = noopLogger) {
+  const { walletClient, publicClient, environmentConfig, salt, release, publicLogs } = options;
+  const account = walletClient.account;
+  if (!account) {
+    throw new Error("WalletClient must have an account attached");
+  }
+  logger.info("Calculating app ID...");
+  const appId = await calculateAppID({
+    publicClient,
+    environmentConfig,
+    ownerAddress: account.address,
+    salt
+  });
+  logger.debug(`App ID calculated: ${appId}`);
+  logger.debug(`This address will be used for acceptAdmin call`);
+  const saltHexString = bytesToHex(salt).slice(2);
+  const paddedSaltHex = saltHexString.padStart(64, "0");
+  const saltHex = `0x${paddedSaltHex}`;
+  const releaseForViem = {
+    rmsRelease: {
+      artifacts: release.rmsRelease.artifacts.map((artifact) => ({
+        digest: `0x${bytesToHex(artifact.digest).slice(2).padStart(64, "0")}`,
+        registry: artifact.registry
+      })),
+      upgradeByTime: release.rmsRelease.upgradeByTime
+    },
+    publicEnv: bytesToHex(release.publicEnv),
+    encryptedEnv: bytesToHex(release.encryptedEnv)
+  };
+  const createData = encodeFunctionData2({
+    abi: AppController_default,
+    functionName: "createApp",
+    args: [saltHex, releaseForViem]
+  });
+  const acceptAdminData = encodeFunctionData2({
+    abi: PermissionController_default,
+    functionName: "acceptAdmin",
+    args: [appId]
+  });
+  const executions = [
+    {
+      target: environmentConfig.appControllerAddress,
+      value: 0n,
+      callData: createData
+    },
+    {
+      target: environmentConfig.permissionControllerAddress,
+      value: 0n,
+      callData: acceptAdminData
+    }
+  ];
+  if (publicLogs) {
+    const anyoneCanViewLogsData = encodeFunctionData2({
+      abi: PermissionController_default,
+      functionName: "setAppointee",
+      args: [
+        appId,
+        "0x493219d9949348178af1f58740655951a8cd110c",
+        // AnyoneCanCallAddress
+        "0x57ee1fb74c1087e26446abc4fb87fd8f07c43d8d",
+        // ApiPermissionsTarget
+        "0x2fd3f2fe"
+        // CanViewAppLogsPermission
+      ]
+    });
+    executions.push({
+      target: environmentConfig.permissionControllerAddress,
+      value: 0n,
+      callData: anyoneCanViewLogsData
+    });
+  }
+  return {
+    appId,
+    salt,
+    executions,
+    walletClient,
+    publicClient,
+    environmentConfig
+  };
+}
+async function executeDeployBatch(data, context, gas, logger = noopLogger) {
+  const pendingMessage = "Deploying new app...";
+  const txHash = await executeBatch(
+    {
+      walletClient: context.walletClient,
+      publicClient: context.publicClient,
+      environmentConfig: context.environmentConfig,
+      executions: data.executions,
+      pendingMessage,
+      gas
+    },
+    logger
+  );
+  return { appId: data.appId, txHash };
+}
+async function deployApp(options, logger = noopLogger) {
+  const prepared = await prepareDeployBatch(options, logger);
+  const data = {
+    appId: prepared.appId,
+    salt: prepared.salt,
+    executions: prepared.executions
+  };
+  const context = {
+    walletClient: prepared.walletClient,
+    publicClient: prepared.publicClient,
+    environmentConfig: prepared.environmentConfig
+  };
+  return executeDeployBatch(data, context, options.gas, logger);
+}
+function supportsEIP7702(walletClient) {
+  const account = walletClient.account;
+  if (!account) return false;
+  return account.type === "local";
+}
+async function executeDeploySequential(options, logger = noopLogger) {
+  const { walletClient, publicClient, environmentConfig, data, publicLogs, onProgress } = options;
+  const account = walletClient.account;
+  if (!account) {
+    throw new Error("WalletClient must have an account attached");
+  }
+  const chain = getChainFromID(environmentConfig.chainID);
+  const txHashes = {
+    createApp: "0x",
+    acceptAdmin: "0x"
+  };
+  logger.info("Step 1/3: Creating app...");
+  onProgress?.("createApp");
+  const createAppExecution = data.executions[0];
+  const createAppHash = await walletClient.sendTransaction({
+    account,
+    to: createAppExecution.target,
+    data: createAppExecution.callData,
+    value: createAppExecution.value,
+    chain
+  });
+  logger.info(`createApp transaction sent: ${createAppHash}`);
+  const createAppReceipt = await publicClient.waitForTransactionReceipt({ hash: createAppHash });
+  if (createAppReceipt.status === "reverted") {
+    throw new Error(`createApp transaction reverted: ${createAppHash}`);
+  }
+  txHashes.createApp = createAppHash;
+  logger.info(`createApp confirmed in block ${createAppReceipt.blockNumber}`);
+  logger.info("Step 2/3: Accepting admin role...");
+  onProgress?.("acceptAdmin", createAppHash);
+  const acceptAdminExecution = data.executions[1];
+  const acceptAdminHash = await walletClient.sendTransaction({
+    account,
+    to: acceptAdminExecution.target,
+    data: acceptAdminExecution.callData,
+    value: acceptAdminExecution.value,
+    chain
+  });
+  logger.info(`acceptAdmin transaction sent: ${acceptAdminHash}`);
+  const acceptAdminReceipt = await publicClient.waitForTransactionReceipt({
+    hash: acceptAdminHash
+  });
+  if (acceptAdminReceipt.status === "reverted") {
+    throw new Error(`acceptAdmin transaction reverted: ${acceptAdminHash}`);
+  }
+  txHashes.acceptAdmin = acceptAdminHash;
+  logger.info(`acceptAdmin confirmed in block ${acceptAdminReceipt.blockNumber}`);
+  if (publicLogs && data.executions.length > 2) {
+    logger.info("Step 3/3: Setting public logs permission...");
+    onProgress?.("setPublicLogs", acceptAdminHash);
+    const setAppointeeExecution = data.executions[2];
+    const setAppointeeHash = await walletClient.sendTransaction({
+      account,
+      to: setAppointeeExecution.target,
+      data: setAppointeeExecution.callData,
+      value: setAppointeeExecution.value,
+      chain
+    });
+    logger.info(`setAppointee transaction sent: ${setAppointeeHash}`);
+    const setAppointeeReceipt = await publicClient.waitForTransactionReceipt({
+      hash: setAppointeeHash
+    });
+    if (setAppointeeReceipt.status === "reverted") {
+      throw new Error(`setAppointee transaction reverted: ${setAppointeeHash}`);
+    }
+    txHashes.setPublicLogs = setAppointeeHash;
+    logger.info(`setAppointee confirmed in block ${setAppointeeReceipt.blockNumber}`);
+  }
+  onProgress?.("complete", txHashes.setPublicLogs || txHashes.acceptAdmin);
+  logger.info(`Deployment complete! App ID: ${data.appId}`);
+  return {
+    appId: data.appId,
+    txHashes
+  };
+}
+async function supportsEIP5792(walletClient) {
+  try {
+    if (typeof walletClient.getCapabilities !== "function") {
+      return false;
+    }
+    const account = walletClient.account;
+    if (!account) return false;
+    const capabilities = await walletClient.getCapabilities({
+      account: account.address
+    });
+    return capabilities !== null && capabilities !== void 0 && Object.keys(capabilities).length > 0;
+  } catch {
+    return false;
+  }
+}
+async function executeDeployBatched(options, logger = noopLogger) {
+  const { walletClient, environmentConfig, data, publicLogs, onProgress } = options;
+  const account = walletClient.account;
+  if (!account) {
+    throw new Error("WalletClient must have an account attached");
+  }
+  const chain = getChainFromID(environmentConfig.chainID);
+  const calls = data.executions.map(
+    (execution) => ({
+      to: execution.target,
+      data: execution.callData,
+      value: execution.value
+    })
+  );
+  const filteredCalls = publicLogs ? calls : calls.slice(0, 2);
+  logger.info(`Deploying with EIP-5792 sendCalls (${filteredCalls.length} calls)...`);
+  onProgress?.("createApp");
+  try {
+    const { id: batchId } = await walletClient.sendCalls({
+      account,
+      chain,
+      calls: filteredCalls,
+      forceAtomic: true
+    });
+    logger.info(`Batch submitted with ID: ${batchId}`);
+    onProgress?.("acceptAdmin");
+    let status;
+    let attempts = 0;
+    const maxAttempts = 120;
+    while (attempts < maxAttempts) {
+      try {
+        status = await walletClient.getCallsStatus({ id: batchId });
+        if (status.status === "success" || status.status === "confirmed") {
+          logger.info(`Batch confirmed with ${status.receipts?.length || 0} receipts`);
+          break;
+        }
+        if (status.status === "failed" || status.status === "reverted") {
+          throw new Error(`Batch transaction failed: ${status.status}`);
+        }
+      } catch (statusError) {
+        if (statusError.message?.includes("not supported")) {
+          logger.warn("getCallsStatus not supported, waiting for chain confirmation...");
+          await new Promise((resolve) => setTimeout(resolve, 15e3));
+          break;
+        }
+        throw statusError;
+      }
+      await new Promise((resolve) => setTimeout(resolve, 5e3));
+      attempts++;
+    }
+    if (attempts >= maxAttempts) {
+      throw new Error("Timeout waiting for batch confirmation");
+    }
+    if (publicLogs) {
+      onProgress?.("setPublicLogs");
+    }
+    onProgress?.("complete");
+    const receipts = (status?.receipts || []).map((r) => ({
+      transactionHash: r.transactionHash || r.hash
+    }));
+    logger.info(`Deployment complete! App ID: ${data.appId}`);
+    return {
+      appId: data.appId,
+      batchId,
+      receipts
+    };
+  } catch (error) {
+    if (error.message?.includes("not supported") || error.message?.includes("wallet_sendCalls") || error.code === -32601) {
+      throw new Error("EIP5792_NOT_SUPPORTED");
+    }
+    throw error;
+  }
+}
+async function prepareUpgradeBatch(options) {
+  const {
+    walletClient,
+    publicClient,
+    environmentConfig,
+    appID,
+    release,
+    publicLogs,
+    needsPermissionChange
+  } = options;
+  const releaseForViem = {
+    rmsRelease: {
+      artifacts: release.rmsRelease.artifacts.map((artifact) => ({
+        digest: `0x${bytesToHex(artifact.digest).slice(2).padStart(64, "0")}`,
+        registry: artifact.registry
+      })),
+      upgradeByTime: release.rmsRelease.upgradeByTime
+    },
+    publicEnv: bytesToHex(release.publicEnv),
+    encryptedEnv: bytesToHex(release.encryptedEnv)
+  };
+  const upgradeData = encodeFunctionData2({
+    abi: AppController_default,
+    functionName: "upgradeApp",
+    args: [appID, releaseForViem]
+  });
+  const executions = [
+    {
+      target: environmentConfig.appControllerAddress,
+      value: 0n,
+      callData: upgradeData
+    }
+  ];
+  if (needsPermissionChange) {
+    if (publicLogs) {
+      const addLogsData = encodeFunctionData2({
+        abi: PermissionController_default,
+        functionName: "setAppointee",
+        args: [
+          appID,
+          "0x493219d9949348178af1f58740655951a8cd110c",
+          // AnyoneCanCallAddress
+          "0x57ee1fb74c1087e26446abc4fb87fd8f07c43d8d",
+          // ApiPermissionsTarget
+          "0x2fd3f2fe"
+          // CanViewAppLogsPermission
+        ]
+      });
+      executions.push({
+        target: environmentConfig.permissionControllerAddress,
+        value: 0n,
+        callData: addLogsData
+      });
+    } else {
+      const removeLogsData = encodeFunctionData2({
+        abi: PermissionController_default,
+        functionName: "removeAppointee",
+        args: [
+          appID,
+          "0x493219d9949348178af1f58740655951a8cd110c",
+          // AnyoneCanCallAddress
+          "0x57ee1fb74c1087e26446abc4fb87fd8f07c43d8d",
+          // ApiPermissionsTarget
+          "0x2fd3f2fe"
+          // CanViewAppLogsPermission
+        ]
+      });
+      executions.push({
+        target: environmentConfig.permissionControllerAddress,
+        value: 0n,
+        callData: removeLogsData
+      });
+    }
+  }
+  return {
+    appId: appID,
+    executions,
+    walletClient,
+    publicClient,
+    environmentConfig
+  };
+}
+async function executeUpgradeBatch(data, context, gas, logger = noopLogger) {
+  const pendingMessage = `Upgrading app ${data.appId}...`;
+  const txHash = await executeBatch(
+    {
+      walletClient: context.walletClient,
+      publicClient: context.publicClient,
+      environmentConfig: context.environmentConfig,
+      executions: data.executions,
+      pendingMessage,
+      gas
+    },
+    logger
+  );
+  return txHash;
+}
+async function upgradeApp(options, logger = noopLogger) {
+  const prepared = await prepareUpgradeBatch(options);
+  const data = {
+    appId: prepared.appId,
+    executions: prepared.executions
+  };
+  const context = {
+    walletClient: prepared.walletClient,
+    publicClient: prepared.publicClient,
+    environmentConfig: prepared.environmentConfig
+  };
+  return executeUpgradeBatch(data, context, options.gas, logger);
+}
+async function sendAndWaitForTransaction(options, logger = noopLogger) {
+  const {
+    walletClient,
+    publicClient,
+    environmentConfig,
+    to,
+    data,
+    value = 0n,
+    pendingMessage,
+    txDescription,
+    gas
+  } = options;
+  const account = walletClient.account;
+  if (!account) {
+    throw new Error("WalletClient must have an account attached");
+  }
+  const chain = getChainFromID(environmentConfig.chainID);
+  if (pendingMessage) {
+    logger.info(`
+${pendingMessage}`);
+  }
+  const hash = await walletClient.sendTransaction({
+    account,
+    to,
+    data,
+    value,
+    ...gas?.maxFeePerGas && { maxFeePerGas: gas.maxFeePerGas },
+    ...gas?.maxPriorityFeePerGas && {
+      maxPriorityFeePerGas: gas.maxPriorityFeePerGas
+    },
+    chain
+  });
+  logger.info(`Transaction sent: ${hash}`);
+  const receipt = await publicClient.waitForTransactionReceipt({ hash });
+  if (receipt.status === "reverted") {
+    let revertReason = "Unknown reason";
+    try {
+      await publicClient.call({
+        to,
+        data,
+        account: account.address
+      });
+    } catch (callError) {
+      if (callError.data) {
+        try {
+          const decoded = decodeErrorResult2({
+            abi: AppController_default,
+            data: callError.data
+          });
+          const formattedError = formatAppControllerError(decoded);
+          revertReason = formattedError.message;
+        } catch {
+          revertReason = callError.message || "Unknown reason";
+        }
+      } else {
+        revertReason = callError.message || "Unknown reason";
+      }
+    }
+    logger.error(`${txDescription} transaction (hash: ${hash}) reverted: ${revertReason}`);
+    throw new Error(`${txDescription} transaction (hash: ${hash}) reverted: ${revertReason}`);
+  }
+  return hash;
+}
+function formatAppControllerError(decoded) {
+  const errorName = decoded.errorName;
+  switch (errorName) {
+    case "MaxActiveAppsExceeded":
+      return new Error(
+        "you have reached your app deployment limit. To request access or increase your limit, please visit https://onboarding.eigencloud.xyz/ or reach out to the Eigen team"
+      );
+    case "GlobalMaxActiveAppsExceeded":
+      return new Error(
+        "the platform has reached the maximum number of active apps. please try again later"
+      );
+    case "InvalidPermissions":
+      return new Error("you don't have permission to perform this operation");
+    case "AppAlreadyExists":
+      return new Error("an app with this owner and salt already exists");
+    case "AppDoesNotExist":
+      return new Error("the specified app does not exist");
+    case "InvalidAppStatus":
+      return new Error("the app is in an invalid state for this operation");
+    case "MoreThanOneArtifact":
+      return new Error("only one artifact is allowed per release");
+    case "InvalidSignature":
+      return new Error("invalid signature provided");
+    case "SignatureExpired":
+      return new Error("the provided signature has expired");
+    case "InvalidReleaseMetadataURI":
+      return new Error("invalid release metadata URI provided");
+    case "InvalidShortString":
+      return new Error("invalid short string format");
+    default:
+      return new Error(`contract error: ${errorName}`);
+  }
+}
+async function getActiveAppCount(publicClient, environmentConfig, user) {
+  const count = await publicClient.readContract({
+    address: environmentConfig.appControllerAddress,
+    abi: AppController_default,
+    functionName: "getActiveAppCount",
+    args: [user]
+  });
+  return Number(count);
+}
+async function getMaxActiveAppsPerUser(publicClient, environmentConfig, user) {
+  const quota = await publicClient.readContract({
+    address: environmentConfig.appControllerAddress,
+    abi: AppController_default,
+    functionName: "getMaxActiveAppsPerUser",
+    args: [user]
+  });
+  return Number(quota);
+}
 async function getAppsByCreator(publicClient, environmentConfig, creator, offset, limit) {
   const result = await publicClient.readContract({
     address: environmentConfig.appControllerAddress,
@@ -2840,7 +4774,13 @@ async function getAllAppsByDeveloper(publicClient, env, developer, pageSize = 10
   const allApps = [];
   const allConfigs = [];
   while (true) {
-    const { apps, appConfigs } = await getAppsByDeveloper(publicClient, env, developer, offset, pageSize);
+    const { apps, appConfigs } = await getAppsByDeveloper(
+      publicClient,
+      env,
+      developer,
+      offset,
+      pageSize
+    );
     if (apps.length === 0) break;
     allApps.push(...apps);
     allConfigs.push(...appConfigs);
@@ -2852,6 +4792,74 @@ async function getAllAppsByDeveloper(publicClient, env, developer, pageSize = 10
     appConfigs: allConfigs
   };
 }
+async function suspend(options, logger = noopLogger) {
+  const { walletClient, publicClient, environmentConfig, account, apps } = options;
+  const suspendData = encodeFunctionData2({
+    abi: AppController_default,
+    functionName: "suspend",
+    args: [account, apps]
+  });
+  const pendingMessage = `Suspending ${apps.length} app(s)...`;
+  return sendAndWaitForTransaction(
+    {
+      walletClient,
+      publicClient,
+      environmentConfig,
+      to: environmentConfig.appControllerAddress,
+      data: suspendData,
+      pendingMessage,
+      txDescription: "Suspend"
+    },
+    logger
+  );
+}
+async function isDelegated(options) {
+  const { publicClient, environmentConfig, address } = options;
+  return checkERC7702Delegation(
+    publicClient,
+    address,
+    environmentConfig.erc7702DelegatorAddress
+  );
+}
+async function undelegate(options, logger = noopLogger) {
+  const { walletClient, publicClient, environmentConfig } = options;
+  const account = walletClient.account;
+  if (!account) {
+    throw new Error("WalletClient must have an account attached");
+  }
+  const chain = getChainFromID(environmentConfig.chainID);
+  const transactionNonce = await publicClient.getTransactionCount({
+    address: account.address,
+    blockTag: "pending"
+  });
+  const chainId = await publicClient.getChainId();
+  const authorizationNonce = BigInt(transactionNonce) + 1n;
+  logger.debug("Signing undelegate authorization");
+  const signedAuthorization = await walletClient.signAuthorization({
+    contractAddress: "0x0000000000000000000000000000000000000000",
+    chainId,
+    nonce: Number(authorizationNonce),
+    account
+  });
+  const authorizationList = [signedAuthorization];
+  const hash = await walletClient.sendTransaction({
+    account,
+    to: account.address,
+    // Send to self
+    data: "0x",
+    // Empty data
+    value: 0n,
+    authorizationList,
+    chain
+  });
+  logger.info(`Transaction sent: ${hash}`);
+  const receipt = await publicClient.waitForTransactionReceipt({ hash });
+  if (receipt.status === "reverted") {
+    logger.error(`Undelegate transaction (hash: ${hash}) reverted`);
+    throw new Error(`Undelegate transaction (hash: ${hash}) reverted`);
+  }
+  return hash;
+}
 
 // src/client/common/contract/encoders.ts
 import { parseAbi as parseAbi2, encodeFunctionData as encodeFunctionData3 } from "viem";
@@ -2881,32 +4889,406 @@ function encodeTerminateAppData(appId) {
     args: [appId]
   });
 }
+
+// src/client/common/auth/siwe.ts
+import { SiweMessage, generateNonce as siweGenerateNonce } from "siwe";
+var generateNonce = siweGenerateNonce;
+function createSiweMessage(params) {
+  const now = /* @__PURE__ */ new Date();
+  const nonce = params.nonce || generateNonce();
+  const issuedAt = params.issuedAt || now;
+  const expirationTime = params.expirationTime || new Date(now.getTime() + 24 * 60 * 60 * 1e3);
+  const siweMessage = new SiweMessage({
+    domain: params.domain,
+    address: params.address,
+    statement: params.statement,
+    uri: params.uri,
+    version: "1",
+    chainId: params.chainId,
+    nonce,
+    issuedAt: issuedAt.toISOString(),
+    expirationTime: expirationTime.toISOString(),
+    notBefore: params.notBefore?.toISOString(),
+    requestId: params.requestId,
+    resources: params.resources
+  });
+  return {
+    message: siweMessage.prepareMessage(),
+    params: {
+      address: params.address,
+      chainId: params.chainId,
+      domain: params.domain,
+      uri: params.uri,
+      nonce,
+      issuedAt,
+      statement: params.statement,
+      expirationTime,
+      notBefore: params.notBefore,
+      requestId: params.requestId,
+      resources: params.resources
+    }
+  };
+}
+function parseSiweMessage(message) {
+  try {
+    const siweMessage = new SiweMessage(message);
+    return {
+      address: siweMessage.address,
+      chainId: siweMessage.chainId,
+      domain: siweMessage.domain,
+      uri: siweMessage.uri,
+      nonce: siweMessage.nonce,
+      statement: siweMessage.statement,
+      issuedAt: siweMessage.issuedAt ? new Date(siweMessage.issuedAt) : void 0,
+      expirationTime: siweMessage.expirationTime ? new Date(siweMessage.expirationTime) : void 0,
+      notBefore: siweMessage.notBefore ? new Date(siweMessage.notBefore) : void 0,
+      requestId: siweMessage.requestId,
+      resources: siweMessage.resources
+    };
+  } catch {
+    return null;
+  }
+}
+function isSiweMessageExpired(params) {
+  if (!params.expirationTime) return false;
+  return /* @__PURE__ */ new Date() > params.expirationTime;
+}
+function isSiweMessageNotYetValid(params) {
+  if (!params.notBefore) return false;
+  return /* @__PURE__ */ new Date() < params.notBefore;
+}
+
+// src/browser.ts
+init_session();
+
+// src/client/common/hooks/useComputeSession.ts
+init_session();
+import { useCallback, useEffect, useRef, useState } from "react";
+function useComputeSession(config) {
+  const {
+    baseUrl,
+    refreshInterval = 6e4,
+    // 1 minute default
+    checkOnMount = true,
+    onSessionExpired,
+    onSessionRefreshed,
+    onError
+  } = config;
+  const [session, setSession] = useState(null);
+  const [isLoading, setIsLoading] = useState(checkOnMount);
+  const [error, setError] = useState(null);
+  const wasAuthenticatedRef = useRef(false);
+  const isMountedRef = useRef(true);
+  const refreshIntervalRef = useRef(null);
+  const apiConfig = { baseUrl };
+  const checkSession = useCallback(async () => {
+    try {
+      const sessionInfo = await getComputeApiSession(apiConfig);
+      if (!isMountedRef.current) {
+        return sessionInfo;
+      }
+      setSession(sessionInfo);
+      setError(null);
+      if (wasAuthenticatedRef.current && !sessionInfo.authenticated) {
+        onSessionExpired?.();
+      }
+      wasAuthenticatedRef.current = sessionInfo.authenticated;
+      if (sessionInfo.authenticated) {
+        onSessionRefreshed?.(sessionInfo);
+      }
+      return sessionInfo;
+    } catch (err) {
+      if (!isMountedRef.current) {
+        throw err;
+      }
+      const sessionError = err instanceof SessionError ? err : new SessionError(`Failed to check session: ${String(err)}`, "UNKNOWN");
+      setError(sessionError);
+      onError?.(sessionError);
+      const fallbackSession = { authenticated: false };
+      setSession(fallbackSession);
+      return fallbackSession;
+    }
+  }, [baseUrl, onSessionExpired, onSessionRefreshed, onError]);
+  const refresh = useCallback(async () => {
+    setIsLoading(true);
+    try {
+      return await checkSession();
+    } finally {
+      if (isMountedRef.current) {
+        setIsLoading(false);
+      }
+    }
+  }, [checkSession]);
+  const login = useCallback(
+    async (params, signMessage) => {
+      setIsLoading(true);
+      setError(null);
+      try {
+        let domain = params.domain;
+        let uri = params.uri;
+        if (typeof window !== "undefined") {
+          domain = domain || window.location.host;
+          uri = uri || window.location.origin;
+        }
+        if (!domain || !uri) {
+          throw new SessionError(
+            "domain and uri are required when not in browser environment",
+            "INVALID_MESSAGE"
+          );
+        }
+        const siweMessage = createSiweMessage({
+          ...params,
+          domain,
+          uri,
+          statement: params.statement || "Sign in to EigenCloud Compute API"
+        });
+        const signature = await signMessage({ message: siweMessage.message });
+        await loginToComputeApi(apiConfig, {
+          message: siweMessage.message,
+          signature
+        });
+        const sessionInfo = await checkSession();
+        if (!isMountedRef.current) {
+          return sessionInfo;
+        }
+        wasAuthenticatedRef.current = sessionInfo.authenticated;
+        return sessionInfo;
+      } catch (err) {
+        if (!isMountedRef.current) {
+          throw err;
+        }
+        const sessionError = err instanceof SessionError ? err : new SessionError(`Login failed: ${String(err)}`, "UNKNOWN");
+        setError(sessionError);
+        onError?.(sessionError);
+        throw sessionError;
+      } finally {
+        if (isMountedRef.current) {
+          setIsLoading(false);
+        }
+      }
+    },
+    [baseUrl, checkSession, onError]
+  );
+  const logout = useCallback(async () => {
+    setIsLoading(true);
+    setError(null);
+    try {
+      await logoutFromComputeApi(apiConfig);
+      if (!isMountedRef.current) {
+        return;
+      }
+      const newSession = { authenticated: false };
+      setSession(newSession);
+      wasAuthenticatedRef.current = false;
+    } catch (err) {
+      if (!isMountedRef.current) {
+        throw err;
+      }
+      const sessionError = err instanceof SessionError ? err : new SessionError(`Logout failed: ${String(err)}`, "UNKNOWN");
+      setError(sessionError);
+      onError?.(sessionError);
+      setSession({ authenticated: false });
+      wasAuthenticatedRef.current = false;
+    } finally {
+      if (isMountedRef.current) {
+        setIsLoading(false);
+      }
+    }
+  }, [baseUrl, onError]);
+  const clearError = useCallback(() => {
+    setError(null);
+  }, []);
+  useEffect(() => {
+    isMountedRef.current = true;
+    if (checkOnMount) {
+      checkSession().finally(() => {
+        if (isMountedRef.current) {
+          setIsLoading(false);
+        }
+      });
+    }
+    return () => {
+      isMountedRef.current = false;
+    };
+  }, [checkOnMount, checkSession]);
+  useEffect(() => {
+    if (refreshInterval <= 0) {
+      return;
+    }
+    if (refreshIntervalRef.current) {
+      clearInterval(refreshIntervalRef.current);
+    }
+    refreshIntervalRef.current = setInterval(() => {
+      if (wasAuthenticatedRef.current) {
+        checkSession();
+      }
+    }, refreshInterval);
+    return () => {
+      if (refreshIntervalRef.current) {
+        clearInterval(refreshIntervalRef.current);
+        refreshIntervalRef.current = null;
+      }
+    };
+  }, [refreshInterval, checkSession]);
+  return {
+    session,
+    isLoading,
+    error,
+    isAuthenticated: session?.authenticated ?? false,
+    login,
+    logout,
+    refresh,
+    clearError
+  };
+}
+
+// src/client/common/encryption/kms.ts
+import { importSPKI, CompactEncrypt } from "jose";
+function getAppProtectedHeaders(appID) {
+  return {
+    "x-eigenx-app-id": appID
+  };
+}
+async function encryptRSAOAEPAndAES256GCM(encryptionKeyPEM, plaintext, protectedHeaders) {
+  const pemString = typeof encryptionKeyPEM === "string" ? encryptionKeyPEM : encryptionKeyPEM.toString("utf-8");
+  const publicKey = await importSPKI(pemString, "RSA-OAEP-256", {
+    extractable: true
+  });
+  const header = {
+    alg: "RSA-OAEP-256",
+    // Key encryption algorithm (SHA-256)
+    enc: "A256GCM",
+    // Content encryption algorithm
+    ...protectedHeaders || {}
+    // Add custom protected headers
+  };
+  const plaintextBytes = new Uint8Array(plaintext);
+  const jwe = await new CompactEncrypt(plaintextBytes).setProtectedHeader(header).encrypt(publicKey);
+  return jwe;
+}
+
+// keys/mainnet-alpha/prod/kms-encryption-public-key.pem
+var kms_encryption_public_key_default = "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0kHU86k17ofCIGcJKDcf\nAFurFhSLeWmOL0bwWLCeVnTPG0MMHtJOq+woE0XXSWw6lzm+jzavBBTwKde1dgal\nAp91vULAZFMUpiUdd2dNUVtvU89qW0Pgf1Eu5FDj7BkY/SnyECbWJM4ga0BmpiGy\nnQwLNN9mMGhjVoVLn2zwEGZ7JzS9Nz11EZKO/k/9DcO6LaoIFmKuvVf3jl6lvZg8\naeA0LoZXjkycHlRUt/kfKwZnhakUaYHP1ksV7ZNmolS5GYDTSKGB2KPPNR1s4/Xu\nu8zeEFC8HuGRU8XuuBeaAunitnGhbNVREUNJGff6HZOGB6CIFNXjbQETeZ3p5uro\n0v+hd1QqQYBv7+DEaMCmGnJNGAyIMr2mn4vr7wGsIj0HonlSHmQ8rmdUhL2ocNTc\nLhKgZiZmBuDpSbFW/r53R2G7CHcqaqGeUBnT54QCH4zsYKw0/4dOtwFxQpTyBf9/\n+k+KaWEJYKkx9d9OzKGyAvzrTDVOFoajddiJ6LPvRlMdOUQr3hl4IAC0/nh9lhHq\nD0R+i5WAU96TkdAe7B7iTGH2D22k0KUPR6Q9W3aF353SLxQAMPNrgG4QQufAdRJn\nAF+8ntun5TkTqjTWRSwAsUJZ1z4wb96DympWJbDi0OciJRZ3Fz3j9+amC43yCHGg\naaEMjdt35ewbztUSc04F10MCAwEAAQ==\n-----END PUBLIC KEY-----";
+
+// keys/mainnet-alpha/prod/kms-signing-public-key.pem
+var kms_signing_public_key_default = "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfxbhXJjH4D0DH/iW5/rK1HzWS+f9\nEyooZTrCYjCfezuOEmRuOWNaZLvwXN8SdzrvjWA7gSvOS85hLzp4grANRQ==\n-----END PUBLIC KEY-----";
+
+// keys/sepolia/dev/kms-encryption-public-key.pem
+var kms_encryption_public_key_default2 = "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr/vqttU6aXX35HtsXavU\n5teysunDzZB3HyaFM4qcuRnqj+70KxqLOwZsERN5SwZ/56Jm8T2ds1CcXsQCMUMw\n+MPlsF6KMGfzghLtYHONwvKLnn+U9y886aAay6W8a0A7O7YCZehNYD3kQnCXjOIc\nMj6v8AEvMw+w/lNabjRXnwSBMKVIGp/cSL0hGwt8fGoC3TsxQN9opzvU1Z4rAw9K\na119l6dlPnqezDva378TCaXDjqKe/jSZOI1CcYpaSK2SJ+95Wbvte5j3lXbg1oT2\n0rXeJUHEJ68QxMtJplfw0Sg+Ek4CUJ2c/kbdg0u7sIIO5wcB4WHL/Lfbw2XPmcBI\nt0r0EC575D3iHF/aI01Ms2IRA0GDeHnNcr5FJLWJljTjNLEt4tFITrXwBe1Ealm3\nNCxamApl5bBSwQ72Gb5fiQFwB8Fl2/XG3wfGTFInFEvWE4c/H8dtu1wHTsyEFZcG\nB47IkD5GBSZq90Hd9xuZva55dxGpqUVrEJO88SqHGP9Oa+HLTYdEe5AR5Hitw4Mu\ndk1cCH+X5OqY9dfpdoCNbKAM0N2SJvNAnDTU2JKGYheXrnDslXR6atBmU5gDkH+W\nQVryDYl9xbwWIACMQsAQjrrtKw5xqJ4V89+06FN/wyEVF7KWAcJ4AhKiVnCvLqzb\nBbISc+gOkRsefhCDJVPEKDkCAwEAAQ==\n-----END PUBLIC KEY-----";
+
+// keys/sepolia/dev/kms-signing-public-key.pem
+var kms_signing_public_key_default2 = "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEb2Q88/cxdic2xi4jS2V0dtYHjLwq\n4wVFBFmaY8TTXoMXNggKEdU6PuE8EovocVKMpw3SIlaM27z9uxksNVL2xw==\n-----END PUBLIC KEY-----\n";
+
+// keys/sepolia/prod/kms-encryption-public-key.pem
+var kms_encryption_public_key_default3 = "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApDvk8pAivkgtiC5li5MP\nxMTJDduTeorBl18ynrooTxp2BwwgPwXfXbJaCA0qRubvc0aO2uh2VDrPM27CqMLH\no2S9YLtpLii4A1Nl7SE/MdWKWdG6v94xNGpc2YyPP7yWtHfqOkgDWp8sokl3Uq/9\nMS0pjUaI7RyS5boCTy8Qw90BxGMpucjOmqm+luw4EdPWZCrgriUR2bbGRRgAmrT1\nK4ou4IgPp799r120hwHbCWxnOvLdQdpiv2507b900xS/3yZahhnHCAn66146LU/f\nBrRpQKSM0qSpktXrrc9MH/ru2VLR5cGLp89ZcZMQA9cRGglWM5XWVY3Ti2TPJ6Kd\nAn1d7qNkGJaSdVa3x3HkOf6c6HeTyqis5/L/6L+PFhUsTRbmKg1FtwD+3xxdyf7h\nabFxryE9rv+WatHL6r6z5ztV0znJ/Fpfs5A45FWA6pfb28fA59RGpi/DQ8RxgdCH\nnZRNvdz8dTgRaXSPgkfGXBcCFqb/QhFmad7XbWDthGzfhbPOxNPtiaGRQ1Dr/Pgq\nn0ugdLbRQLmDOAFgaQcnr0U4y1TUlWJnvoZMETkVN7gmITtXA4F324ALT7Rd+Lgk\nHikW5vG+NjAEwXfPsK0YzT+VbHd7o1lbru9UxiDlN03XVEkz/oRQi47CvSTo3FSr\n5dB4lz8kov3UUcNJfQFZolMCAwEAAQ==\n-----END PUBLIC KEY-----";
+
+// keys/sepolia/prod/kms-signing-public-key.pem
+var kms_signing_public_key_default3 = "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEsk6ZdmmvBqFfKHs+1cYjIemRGN7h\n1NatIEitFRyx+3q8wmTJ9LknTE1FwWBLcCNTseJDti8Rh+SaVxfGOyJuuA==\n-----END PUBLIC KEY-----";
+
+// src/client/common/utils/keys.ts
+var KEYS = {
+  "mainnet-alpha": {
+    prod: {
+      encryption: kms_encryption_public_key_default,
+      signing: kms_signing_public_key_default
+    }
+  },
+  sepolia: {
+    dev: {
+      encryption: kms_encryption_public_key_default2,
+      signing: kms_signing_public_key_default2
+    },
+    prod: {
+      encryption: kms_encryption_public_key_default3,
+      signing: kms_signing_public_key_default3
+    }
+  }
+};
+function getKMSKeysForEnvironment(environment, build = "prod") {
+  const envKeys = KEYS[environment];
+  if (!envKeys) {
+    throw new Error(`No keys found for environment: ${environment}`);
+  }
+  const buildKeys = envKeys[build];
+  if (!buildKeys) {
+    throw new Error(`No keys found for environment: ${environment}, build: ${build}`);
+  }
+  return {
+    encryptionKey: Buffer.from(buildKeys.encryption),
+    signingKey: Buffer.from(buildKeys.signing)
+  };
+}
 export {
+  BillingApiClient,
+  BillingSessionError,
+  BuildApiClient,
+  SessionError,
   UserApiClient,
+  addHexPrefix,
   assertValidImageReference,
   assertValidPrivateKey,
+  calculateAppID,
+  checkERC7702Delegation,
+  createSiweMessage,
+  deployApp,
   encodeStartAppData,
   encodeStopAppData,
   encodeTerminateAppData,
+  encryptRSAOAEPAndAES256GCM,
   estimateBatchGas,
   estimateTransactionGas,
+  executeBatch,
+  executeDeployBatch,
+  executeDeployBatched,
+  executeDeploySequential,
+  executeUpgradeBatch,
   extractAppNameFromImage,
   formatETH,
   generateNewPrivateKey,
+  generateNonce,
   getActiveAppCount,
   getAllAppsByDeveloper,
+  getAppProtectedHeaders,
   getAppsByCreator,
   getAppsByDeveloper,
   getAvailableEnvironments,
+  getBillingApiSession,
+  getBillingEnvironmentConfig,
   getBuildType,
+  getChainFromID,
+  getComputeApiSession,
   getEnvironmentConfig,
+  getKMSKeysForEnvironment,
   getMaxActiveAppsPerUser,
+  isBillingSessionValid,
+  isDelegated,
   isEnvironmentAvailable,
   isMainnet,
+  isSessionValid,
+  isSiweMessageExpired,
+  isSiweMessageNotYetValid,
   isSubscriptionActive,
+  loginToBillingApi,
+  loginToBothApis,
+  loginToComputeApi,
+  logoutFromBillingApi,
+  logoutFromBothApis,
+  logoutFromComputeApi,
+  noopLogger,
+  parseSiweMessage,
+  prepareDeployBatch,
+  prepareUpgradeBatch,
   sanitizeString,
   sanitizeURL,
   sanitizeXURL,
+  sendAndWaitForTransaction,
+  stripHexPrefix,
+  supportsEIP5792,
+  supportsEIP7702,
+  suspend,
+  undelegate,
+  upgradeApp,
+  useComputeSession,
   validateAppID,
   validateAppName,
   validateCreateAppParams,