@layr-labs/ecloud-sdk 0.2.2-dev → 0.3.0-dev.0

package/dist/index.js

@@ -1,3 +1,137 @@
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+
+// src/client/common/auth/session.ts
+function stripHexPrefix2(hex) {
+  return hex.startsWith("0x") ? hex.slice(2) : hex;
+}
+async function parseErrorResponse(response) {
+  try {
+    const data = await response.json();
+    return data.error || response.statusText;
+  } catch {
+    return response.statusText;
+  }
+}
+async function loginToComputeApi(config, request) {
+  let response;
+  try {
+    response = await fetch(`${config.baseUrl}/auth/siwe/login`, {
+      method: "POST",
+      credentials: "include",
+      // Include cookies for session management
+      headers: {
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify({
+        message: request.message,
+        signature: stripHexPrefix2(request.signature)
+      })
+    });
+  } catch (error) {
+    throw new SessionError(
+      `Network error connecting to ${config.baseUrl}: ${error instanceof Error ? error.message : String(error)}`,
+      "NETWORK_ERROR"
+    );
+  }
+  if (!response.ok) {
+    const errorMessage = await parseErrorResponse(response);
+    const status = response.status;
+    if (status === 400) {
+      if (errorMessage.toLowerCase().includes("siwe")) {
+        throw new SessionError(`Invalid SIWE message: ${errorMessage}`, "INVALID_MESSAGE", status);
+      }
+      throw new SessionError(`Bad request: ${errorMessage}`, "INVALID_MESSAGE", status);
+    }
+    if (status === 401) {
+      throw new SessionError(`Invalid signature: ${errorMessage}`, "INVALID_SIGNATURE", status);
+    }
+    throw new SessionError(`Login failed: ${errorMessage}`, "UNKNOWN", status);
+  }
+  const data = await response.json();
+  return {
+    success: data.success,
+    address: data.address
+  };
+}
+async function getComputeApiSession(config) {
+  let response;
+  try {
+    response = await fetch(`${config.baseUrl}/auth/session`, {
+      method: "GET",
+      credentials: "include",
+      // Include cookies for session management
+      headers: {
+        "Content-Type": "application/json"
+      }
+    });
+  } catch {
+    return {
+      authenticated: false
+    };
+  }
+  if (response.status === 401) {
+    return {
+      authenticated: false
+    };
+  }
+  if (!response.ok) {
+    const errorMessage = await parseErrorResponse(response);
+    throw new SessionError(`Failed to get session: ${errorMessage}`, "UNKNOWN", response.status);
+  }
+  const data = await response.json();
+  return {
+    authenticated: data.authenticated,
+    address: data.address,
+    chainId: data.chain_id
+  };
+}
+async function logoutFromComputeApi(config) {
+  let response;
+  try {
+    response = await fetch(`${config.baseUrl}/auth/logout`, {
+      method: "POST",
+      credentials: "include",
+      // Include cookies for session management
+      headers: {
+        "Content-Type": "application/json"
+      }
+    });
+  } catch (error) {
+    throw new SessionError(
+      `Network error connecting to ${config.baseUrl}: ${error instanceof Error ? error.message : String(error)}`,
+      "NETWORK_ERROR"
+    );
+  }
+  if (response.status === 401) {
+    return;
+  }
+  if (!response.ok) {
+    const errorMessage = await parseErrorResponse(response);
+    throw new SessionError(`Logout failed: ${errorMessage}`, "UNKNOWN", response.status);
+  }
+}
+async function isSessionValid(config) {
+  const session = await getComputeApiSession(config);
+  return session.authenticated;
+}
+var SessionError;
+var init_session = __esm({
+  "src/client/common/auth/session.ts"() {
+    "use strict";
+    SessionError = class extends Error {
+      constructor(message, code, statusCode) {
+        super(message);
+        this.code = code;
+        this.statusCode = statusCode;
+        this.name = "SessionError";
+      }
+    };
+  }
+});
+
 // src/client/modules/compute/app/index.ts
 import { parseAbi as parseAbi2, encodeFunctionData as encodeFunctionData3 } from "viem";
 
@@ -2167,7 +2301,7 @@ function encodeExecuteBatchData(executions) {
   });
 }
 async function estimateBatchGas(options) {
-  const { publicClient, account, executions } = options;
+  const { publicClient, account, executions, authorizationList } = options;
   const executeBatchData = encodeExecuteBatchData(executions);
   const [gasTipCap, block, estimatedGas] = await Promise.all([
     publicClient.estimateMaxPriorityFeePerGas(),
@@ -2175,7 +2309,8 @@ async function estimateBatchGas(options) {
     publicClient.estimateGas({
       account,
       to: account,
-      data: executeBatchData
+      data: executeBatchData,
+      authorizationList
     })
   ]);
   const baseFee = block.baseFeePerGas ?? 0n;
@@ -2198,8 +2333,44 @@ async function checkERC7702Delegation(publicClient, account, delegatorAddress) {
   const expectedCode = `0xef0100${delegatorAddress.slice(2)}`;
   return code.toLowerCase() === expectedCode.toLowerCase();
 }
+async function createAuthorizationList(options) {
+  const { walletClient, publicClient, environmentConfig } = options;
+  const account = walletClient.account;
+  if (!account) {
+    throw new Error("Wallet client must have an account");
+  }
+  const isDelegated2 = await checkERC7702Delegation(
+    publicClient,
+    account.address,
+    environmentConfig.erc7702DelegatorAddress
+  );
+  if (isDelegated2) {
+    return void 0;
+  }
+  const transactionNonce = await publicClient.getTransactionCount({
+    address: account.address,
+    blockTag: "pending"
+  });
+  const chainId = await publicClient.getChainId();
+  const authorizationNonce = transactionNonce + 1;
+  const signedAuthorization = await walletClient.signAuthorization({
+    account,
+    contractAddress: environmentConfig.erc7702DelegatorAddress,
+    chainId,
+    nonce: Number(authorizationNonce)
+  });
+  return [signedAuthorization];
+}
 async function executeBatch(options, logger = noopLogger) {
-  const { walletClient, publicClient, environmentConfig, executions, pendingMessage, gas } = options;
+  const {
+    walletClient,
+    publicClient,
+    environmentConfig,
+    executions,
+    pendingMessage,
+    gas,
+    authorizationList: providedAuthList
+  } = options;
   const account = walletClient.account;
   if (!account) {
     throw new Error("Wallet client must have an account");
@@ -2209,27 +2380,29 @@ async function executeBatch(options, logger = noopLogger) {
     throw new Error("Wallet client must have a chain");
   }
   const executeBatchData = encodeExecuteBatchData(executions);
-  const isDelegated2 = await checkERC7702Delegation(
-    publicClient,
-    account.address,
-    environmentConfig.erc7702DelegatorAddress
-  );
-  let authorizationList = [];
-  if (!isDelegated2) {
-    const transactionNonce = await publicClient.getTransactionCount({
-      address: account.address,
-      blockTag: "pending"
-    });
-    const chainId = await publicClient.getChainId();
-    const authorizationNonce = transactionNonce + 1;
-    logger.debug("Using wallet client signing for EIP-7702 authorization");
-    const signedAuthorization = await walletClient.signAuthorization({
-      account: account.address,
-      contractAddress: environmentConfig.erc7702DelegatorAddress,
-      chainId,
-      nonce: Number(authorizationNonce)
-    });
-    authorizationList = [signedAuthorization];
+  let authorizationList = providedAuthList || [];
+  if (authorizationList.length === 0) {
+    const isDelegated2 = await checkERC7702Delegation(
+      publicClient,
+      account.address,
+      environmentConfig.erc7702DelegatorAddress
+    );
+    if (!isDelegated2) {
+      const transactionNonce = await publicClient.getTransactionCount({
+        address: account.address,
+        blockTag: "pending"
+      });
+      const chainId = await publicClient.getChainId();
+      const authorizationNonce = transactionNonce + 1;
+      logger.debug("Using wallet client signing for EIP-7702 authorization");
+      const signedAuthorization = await walletClient.signAuthorization({
+        account,
+        contractAddress: environmentConfig.erc7702DelegatorAddress,
+        chainId,
+        nonce: Number(authorizationNonce)
+      });
+      authorizationList = [signedAuthorization];
+    }
   }
   if (pendingMessage) {
     logger.info(pendingMessage);
@@ -2244,6 +2417,9 @@ async function executeBatch(options, logger = noopLogger) {
   if (authorizationList.length > 0) {
     txRequest.authorizationList = authorizationList;
   }
+  if (gas?.gasLimit) {
+    txRequest.gas = gas.gasLimit;
+  }
   if (gas?.maxFeePerGas) {
     txRequest.maxFeePerGas = gas.maxFeePerGas;
   }
@@ -3992,7 +4168,8 @@ async function executeDeployBatch(data, context, gas, logger = noopLogger) {
       environmentConfig: context.environmentConfig,
       executions: data.executions,
       pendingMessage,
-      gas
+      gas,
+      authorizationList: data.authorizationList
     },
     logger
   );
@@ -4103,7 +4280,8 @@ async function executeUpgradeBatch(data, context, gas, logger = noopLogger) {
       environmentConfig: context.environmentConfig,
       executions: data.executions,
       pendingMessage,
-      gas
+      gas,
+      authorizationList: data.authorizationList
     },
     logger
   );
@@ -4413,166 +4591,44 @@ async function calculateBillingAuthSignature(options) {
   return { signature, expiry };
 }
 
-// src/client/common/auth/session.ts
-var SessionError = class extends Error {
-  constructor(message, code, statusCode) {
-    super(message);
-    this.code = code;
-    this.statusCode = statusCode;
-    this.name = "SessionError";
-  }
-};
-function stripHexPrefix2(hex) {
-  return hex.startsWith("0x") ? hex.slice(2) : hex;
+// src/client/common/utils/userapi.ts
+init_session();
+function isJsonObject(value) {
+  return typeof value === "object" && value !== null && !Array.isArray(value);
 }
-async function parseErrorResponse(response) {
-  try {
-    const data = await response.json();
-    return data.error || response.statusText;
-  } catch {
-    return response.statusText;
-  }
+function readString(obj, key) {
+  const v = obj[key];
+  return typeof v === "string" ? v : void 0;
 }
-async function loginToComputeApi(config, request) {
-  let response;
-  try {
-    response = await fetch(`${config.baseUrl}/auth/siwe/login`, {
-      method: "POST",
-      credentials: "include",
-      // Include cookies for session management
-      headers: {
-        "Content-Type": "application/json"
-      },
-      body: JSON.stringify({
-        message: request.message,
-        signature: stripHexPrefix2(request.signature)
-      })
-    });
-  } catch (error) {
-    throw new SessionError(
-      `Network error connecting to ${config.baseUrl}: ${error instanceof Error ? error.message : String(error)}`,
-      "NETWORK_ERROR"
-    );
+function readNumber(obj, key) {
+  const v = obj[key];
+  return typeof v === "number" && Number.isFinite(v) ? v : void 0;
+}
+var MAX_ADDRESS_COUNT = 5;
+var CanViewAppLogsPermission = "0x2fd3f2fe";
+var CanViewSensitiveAppInfoPermission = "0x0e67b22f";
+var CanUpdateAppProfilePermission = "0x036fef61";
+function getDefaultClientId() {
+  const version = true ? "0.3.0-dev.0" : "0.0.0";
+  return `ecloud-sdk/v${version}`;
+}
+var UserApiClient = class {
+  constructor(config, walletClient, publicClient, options) {
+    this.config = config;
+    this.walletClient = walletClient;
+    this.publicClient = publicClient;
+    this.clientId = options?.clientId || getDefaultClientId();
+    this.useSession = options?.useSession ?? false;
   }
-  if (!response.ok) {
-    const errorMessage = await parseErrorResponse(response);
-    const status = response.status;
-    if (status === 400) {
-      if (errorMessage.toLowerCase().includes("siwe")) {
-        throw new SessionError(`Invalid SIWE message: ${errorMessage}`, "INVALID_MESSAGE", status);
-      }
-      throw new SessionError(`Bad request: ${errorMessage}`, "INVALID_MESSAGE", status);
-    }
-    if (status === 401) {
-      throw new SessionError(`Invalid signature: ${errorMessage}`, "INVALID_SIGNATURE", status);
+  /**
+   * Get the address of the connected wallet
+   */
+  get address() {
+    const account = this.walletClient.account;
+    if (!account) {
+      throw new Error("WalletClient must have an account attached");
     }
-    throw new SessionError(`Login failed: ${errorMessage}`, "UNKNOWN", status);
-  }
-  const data = await response.json();
-  return {
-    success: data.success,
-    address: data.address
-  };
-}
-async function getComputeApiSession(config) {
-  let response;
-  try {
-    response = await fetch(`${config.baseUrl}/auth/session`, {
-      method: "GET",
-      credentials: "include",
-      // Include cookies for session management
-      headers: {
-        "Content-Type": "application/json"
-      }
-    });
-  } catch {
-    return {
-      authenticated: false
-    };
-  }
-  if (response.status === 401) {
-    return {
-      authenticated: false
-    };
-  }
-  if (!response.ok) {
-    const errorMessage = await parseErrorResponse(response);
-    throw new SessionError(`Failed to get session: ${errorMessage}`, "UNKNOWN", response.status);
-  }
-  const data = await response.json();
-  return {
-    authenticated: data.authenticated,
-    address: data.address,
-    chainId: data.chain_id
-  };
-}
-async function logoutFromComputeApi(config) {
-  let response;
-  try {
-    response = await fetch(`${config.baseUrl}/auth/logout`, {
-      method: "POST",
-      credentials: "include",
-      // Include cookies for session management
-      headers: {
-        "Content-Type": "application/json"
-      }
-    });
-  } catch (error) {
-    throw new SessionError(
-      `Network error connecting to ${config.baseUrl}: ${error instanceof Error ? error.message : String(error)}`,
-      "NETWORK_ERROR"
-    );
-  }
-  if (response.status === 401) {
-    return;
-  }
-  if (!response.ok) {
-    const errorMessage = await parseErrorResponse(response);
-    throw new SessionError(`Logout failed: ${errorMessage}`, "UNKNOWN", response.status);
-  }
-}
-async function isSessionValid(config) {
-  const session = await getComputeApiSession(config);
-  return session.authenticated;
-}
-
-// src/client/common/utils/userapi.ts
-function isJsonObject(value) {
-  return typeof value === "object" && value !== null && !Array.isArray(value);
-}
-function readString(obj, key) {
-  const v = obj[key];
-  return typeof v === "string" ? v : void 0;
-}
-function readNumber(obj, key) {
-  const v = obj[key];
-  return typeof v === "number" && Number.isFinite(v) ? v : void 0;
-}
-var MAX_ADDRESS_COUNT = 5;
-var CanViewAppLogsPermission = "0x2fd3f2fe";
-var CanViewSensitiveAppInfoPermission = "0x0e67b22f";
-var CanUpdateAppProfilePermission = "0x036fef61";
-function getDefaultClientId() {
-  const version = true ? "0.2.2-dev" : "0.0.0";
-  return `ecloud-sdk/v${version}`;
-}
-var UserApiClient = class {
-  constructor(config, walletClient, publicClient, options) {
-    this.config = config;
-    this.walletClient = walletClient;
-    this.publicClient = publicClient;
-    this.clientId = options?.clientId || getDefaultClientId();
-    this.useSession = options?.useSession ?? false;
-  }
-  /**
-   * Get the address of the connected wallet
-   */
-  get address() {
-    const account = this.walletClient.account;
-    if (!account) {
-      throw new Error("WalletClient must have an account attached");
-    }
-    return account.address;
+    return account.address;
   }
   async getInfos(appIDs, addressCount = 1) {
     const count = Math.min(addressCount, MAX_ADDRESS_COUNT);
@@ -5461,21 +5517,214 @@ function isSubscriptionActive(status) {
 
 // src/client/common/utils/billingapi.ts
 import axios2 from "axios";
+
+// src/client/common/auth/billingSession.ts
+var BillingSessionError = class extends Error {
+  constructor(message, code, statusCode) {
+    super(message);
+    this.code = code;
+    this.statusCode = statusCode;
+    this.name = "BillingSessionError";
+  }
+};
+function stripHexPrefix3(hex) {
+  return hex.startsWith("0x") ? hex.slice(2) : hex;
+}
+async function parseErrorResponse2(response) {
+  try {
+    const data = await response.json();
+    return data.error || response.statusText;
+  } catch {
+    return response.statusText;
+  }
+}
+async function loginToBillingApi(config, request) {
+  let response;
+  try {
+    response = await fetch(`${config.baseUrl}/auth/siwe/login`, {
+      method: "POST",
+      credentials: "include",
+      // Include cookies for session management
+      headers: {
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify({
+        message: request.message,
+        signature: stripHexPrefix3(request.signature)
+      })
+    });
+  } catch (error) {
+    throw new BillingSessionError(
+      `Network error connecting to ${config.baseUrl}: ${error instanceof Error ? error.message : String(error)}`,
+      "NETWORK_ERROR"
+    );
+  }
+  if (!response.ok) {
+    const errorMessage = await parseErrorResponse2(response);
+    const status = response.status;
+    if (status === 400) {
+      if (errorMessage.toLowerCase().includes("siwe")) {
+        throw new BillingSessionError(`Invalid SIWE message: ${errorMessage}`, "INVALID_MESSAGE", status);
+      }
+      throw new BillingSessionError(`Bad request: ${errorMessage}`, "INVALID_MESSAGE", status);
+    }
+    if (status === 401) {
+      throw new BillingSessionError(`Invalid signature: ${errorMessage}`, "INVALID_SIGNATURE", status);
+    }
+    throw new BillingSessionError(`Login failed: ${errorMessage}`, "UNKNOWN", status);
+  }
+  const data = await response.json();
+  return {
+    success: data.success,
+    address: data.address
+  };
+}
+async function getBillingApiSession(config) {
+  let response;
+  try {
+    response = await fetch(`${config.baseUrl}/auth/session`, {
+      method: "GET",
+      credentials: "include",
+      // Include cookies for session management
+      headers: {
+        "Content-Type": "application/json"
+      }
+    });
+  } catch {
+    return {
+      authenticated: false
+    };
+  }
+  if (response.status === 401) {
+    return {
+      authenticated: false
+    };
+  }
+  if (!response.ok) {
+    const errorMessage = await parseErrorResponse2(response);
+    throw new BillingSessionError(`Failed to get session: ${errorMessage}`, "UNKNOWN", response.status);
+  }
+  const data = await response.json();
+  return {
+    authenticated: data.authenticated,
+    address: data.address,
+    chainId: data.chainId,
+    authenticatedAt: data.authenticatedAt
+  };
+}
+async function logoutFromBillingApi(config) {
+  let response;
+  try {
+    response = await fetch(`${config.baseUrl}/auth/logout`, {
+      method: "POST",
+      credentials: "include",
+      // Include cookies for session management
+      headers: {
+        "Content-Type": "application/json"
+      }
+    });
+  } catch (error) {
+    throw new BillingSessionError(
+      `Network error connecting to ${config.baseUrl}: ${error instanceof Error ? error.message : String(error)}`,
+      "NETWORK_ERROR"
+    );
+  }
+  if (response.status === 401) {
+    return;
+  }
+  if (!response.ok) {
+    const errorMessage = await parseErrorResponse2(response);
+    throw new BillingSessionError(`Logout failed: ${errorMessage}`, "UNKNOWN", response.status);
+  }
+}
+
+// src/client/common/utils/billingapi.ts
 var BillingApiClient = class {
-  constructor(config, walletClient) {
+  constructor(config, walletClient, options = {}) {
     this.config = config;
     this.walletClient = walletClient;
+    this.options = options;
+    this.useSession = options.useSession ?? false;
+    if (!this.useSession && !walletClient) {
+      throw new Error("WalletClient is required when not using session authentication");
+    }
   }
   /**
    * Get the address of the connected wallet
+   * Returns undefined if using session auth without a wallet client
    */
   get address() {
-    const account = this.walletClient.account;
+    const account = this.walletClient?.account;
     if (!account) {
-      throw new Error("WalletClient must have an account attached");
+      if (!this.useSession) {
+        throw new Error("WalletClient must have an account attached");
+      }
+      return void 0;
     }
     return account.address;
   }
+  /**
+   * Get the base URL of the billing API
+   */
+  get baseUrl() {
+    return this.config.billingApiServerURL;
+  }
+  // ==========================================================================
+  // SIWE Session Methods
+  // ==========================================================================
+  /**
+   * Login to the billing API using SIWE
+   *
+   * This establishes a session with the billing API by verifying the SIWE message
+   * and signature. On success, a session cookie is set in the browser.
+   *
+   * @param request - Login request containing SIWE message and signature
+   * @returns Login result with the authenticated address
+   *
+   * @example
+   * ```typescript
+   * const { message } = createSiweMessage({
+   *   address: userAddress,
+   *   chainId: 11155111,
+   *   domain: window.location.host,
+   *   uri: window.location.origin,
+   * });
+   *
+   * const signature = await signMessageAsync({ message });
+   * const result = await billingClient.siweLogin({ message, signature });
+   * ```
+   */
+  async siweLogin(request) {
+    return loginToBillingApi({ baseUrl: this.baseUrl }, request);
+  }
+  /**
+   * Logout from the billing API
+   *
+   * This destroys the current session and clears the session cookie.
+   */
+  async siweLogout() {
+    return logoutFromBillingApi({ baseUrl: this.baseUrl });
+  }
+  /**
+   * Get the current session status from the billing API
+   *
+   * @returns Session information including authentication status and address
+   */
+  async getSession() {
+    return getBillingApiSession({ baseUrl: this.baseUrl });
+  }
+  /**
+   * Check if there is a valid session
+   *
+   * @returns True if session is authenticated, false otherwise
+   */
+  async isSessionValid() {
+    const session = await this.getSession();
+    return session.authenticated;
+  }
+  // ==========================================================================
+  // Subscription Methods
+  // ==========================================================================
   async createSubscription(productId = "compute", options) {
     const endpoint = `${this.config.billingApiServerURL}/products/${productId}/subscription`;
     const body = options ? {
@@ -5494,10 +5743,72 @@ var BillingApiClient = class {
     const endpoint = `${this.config.billingApiServerURL}/products/${productId}/subscription`;
     await this.makeAuthenticatedRequest(endpoint, "DELETE", productId);
   }
+  // ==========================================================================
+  // Internal Methods
+  // ==========================================================================
   /**
    * Make an authenticated request to the billing API
+   *
+   * Uses session auth if useSession is true, otherwise uses EIP-712 signature auth.
    */
   async makeAuthenticatedRequest(url, method, productId, body) {
+    if (this.useSession) {
+      return this.makeSessionAuthenticatedRequest(url, method, body);
+    }
+    return this.makeSignatureAuthenticatedRequest(url, method, productId, body);
+  }
+  /**
+   * Make a request using session-based authentication (cookies)
+   */
+  async makeSessionAuthenticatedRequest(url, method, body) {
+    const headers = {};
+    if (body) {
+      headers["Content-Type"] = "application/json";
+    }
+    try {
+      const response = await fetch(url, {
+        method,
+        credentials: "include",
+        // Include cookies for session management
+        headers,
+        body: body ? JSON.stringify(body) : void 0
+      });
+      const status = response.status;
+      const statusText = status >= 200 && status < 300 ? "OK" : "Error";
+      if (status < 200 || status >= 300) {
+        let errorBody;
+        try {
+          errorBody = await response.text();
+        } catch {
+          errorBody = statusText;
+        }
+        throw new Error(`BillingAPI request failed: ${status} ${statusText} - ${errorBody}`);
+      }
+      const responseData = await response.json();
+      return {
+        json: async () => responseData,
+        text: async () => JSON.stringify(responseData)
+      };
+    } catch (error) {
+      if (error.name === "TypeError" || error.message?.includes("fetch")) {
+        throw new Error(
+          `Failed to connect to BillingAPI at ${url}: ${error.message}
+Please check:
+1. Your internet connection
+2. The API server is accessible: ${this.config.billingApiServerURL}
+3. Firewall/proxy settings`
+        );
+      }
+      throw error;
+    }
+  }
+  /**
+   * Make a request using EIP-712 signature authentication
+   */
+  async makeSignatureAuthenticatedRequest(url, method, productId, body) {
+    if (!this.walletClient) {
+      throw new Error("WalletClient is required for signature authentication");
+    }
     const expiry = BigInt(Math.floor(Date.now() / 1e3) + 5 * 60);
     const { signature } = await calculateBillingAuthSignature({
       walletClient: this.walletClient,
@@ -5817,16 +6128,24 @@ async function prepareDeployFromVerifiableBuild(options, logger = defaultLogger)
         },
         logger
       );
+      logger.debug("Checking delegation status...");
+      const authorizationList = await createAuthorizationList({
+        walletClient: batch.walletClient,
+        publicClient: batch.publicClient,
+        environmentConfig: batch.environmentConfig
+      });
       logger.debug("Estimating gas...");
       const gasEstimate = await estimateBatchGas({
         publicClient: batch.publicClient,
         account: batch.walletClient.account.address,
-        executions: batch.executions
+        executions: batch.executions,
+        authorizationList
       });
       const data = {
         appId: batch.appId,
         salt: batch.salt,
-        executions: batch.executions
+        executions: batch.executions,
+        authorizationList
       };
       return {
         prepared: {
@@ -6055,16 +6374,24 @@ async function prepareDeploy(options, logger = defaultLogger) {
         },
         logger
       );
+      logger.debug("Checking delegation status...");
+      const authorizationList = await createAuthorizationList({
+        walletClient: batch.walletClient,
+        publicClient: batch.publicClient,
+        environmentConfig: batch.environmentConfig
+      });
       logger.debug("Estimating gas...");
       const gasEstimate = await estimateBatchGas({
         publicClient: batch.publicClient,
         account: batch.walletClient.account.address,
-        executions: batch.executions
+        executions: batch.executions,
+        authorizationList
       });
       const data = {
         appId: batch.appId,
         salt: batch.salt,
-        executions: batch.executions
+        executions: batch.executions,
+        authorizationList
       };
       return {
         prepared: {
@@ -6195,15 +6522,23 @@ async function prepareUpgradeFromVerifiableBuild(options, logger = defaultLogger
         needsPermissionChange,
         imageRef: options.imageRef
       });
+      logger.debug("Checking delegation status...");
+      const authorizationList = await createAuthorizationList({
+        walletClient: batch.walletClient,
+        publicClient: batch.publicClient,
+        environmentConfig: batch.environmentConfig
+      });
       logger.debug("Estimating gas...");
       const gasEstimate = await estimateBatchGas({
         publicClient: batch.publicClient,
         account: batch.walletClient.account.address,
-        executions: batch.executions
+        executions: batch.executions,
+        authorizationList
       });
       const data = {
         appId: batch.appId,
-        executions: batch.executions
+        executions: batch.executions,
+        authorizationList
       };
       return {
         prepared: {
@@ -6376,15 +6711,23 @@ async function prepareUpgrade(options, logger = defaultLogger) {
         needsPermissionChange,
         imageRef: finalImageRef
       });
+      logger.debug("Checking delegation status...");
+      const authorizationList = await createAuthorizationList({
+        walletClient: batch.walletClient,
+        publicClient: batch.publicClient,
+        environmentConfig: batch.environmentConfig
+      });
       logger.debug("Estimating gas...");
       const gasEstimate = await estimateBatchGas({
         publicClient: batch.publicClient,
         account: batch.walletClient.account.address,
-        executions: batch.executions
+        executions: batch.executions,
+        authorizationList
       });
       const data = {
         appId: batch.appId,
-        executions: batch.executions
+        executions: batch.executions,
+        authorizationList
       };
       return {
         prepared: {
@@ -7512,7 +7855,10 @@ function createBillingModule(config) {
             };
           }
           logger.debug(`Creating subscription for ${productId}...`);
-          const result = await billingApi.createSubscription(productId);
+          const result = await billingApi.createSubscription(productId, {
+            successUrl: opts?.successUrl,
+            cancelUrl: opts?.cancelUrl
+          });
           logger.debug(`Checkout URL: ${result.checkoutUrl}`);
           return {
             type: "checkout_created",
@@ -7604,9 +7950,22 @@ async function requestWithRetry(config) {
 }
 var BuildApiClient = class {
   constructor(options) {
-    this.baseUrl = options.baseUrl.replace(/\/+$/, "");
+    let url = options.baseUrl;
+    while (url.endsWith("/")) {
+      url = url.slice(0, -1);
+    }
+    this.baseUrl = url;
     this.clientId = options.clientId;
     this.walletClient = options.walletClient;
+    this.useSession = options.useSession ?? false;
+    this.billingSessionId = options.billingSessionId;
+  }
+  /**
+   * Update the billing session ID.
+   * Call this after logging into the billing API to enable session-based auth for builds.
+   */
+  setBillingSessionId(sessionId) {
+    this.billingSessionId = sessionId;
   }
   /**
    * Get the address of the connected wallet
@@ -7618,8 +7977,17 @@ var BuildApiClient = class {
     }
     return account.address;
   }
+  /**
+   * Submit a new build request.
+   * Supports two auth modes (session auth is tried first when billingSessionId is available):
+   * 1. Session-based auth: X-Billing-Session header (forwarded billing_session cookie)
+   * 2. Signature-based auth: Authorization + X-Account + X-eigenx-expiry headers (requires walletClient)
+   */
   async submitBuild(payload) {
-    return this.authenticatedJsonRequest("/builds", "POST", payload);
+    if (this.useSession && this.billingSessionId) {
+      return this.billingSessionAuthJsonRequest("/builds", "POST", payload);
+    }
+    return this.signatureAuthJsonRequest("/builds", "POST", payload);
   }
   async getBuild(buildId) {
     return this.publicJsonRequest(`/builds/${encodeURIComponent(buildId)}`);
@@ -7630,8 +7998,11 @@ var BuildApiClient = class {
   async verify(identifier) {
     return this.publicJsonRequest(`/builds/verify/${encodeURIComponent(identifier)}`);
   }
+  /**
+   * Get build logs. Supports session auth (identity verification only, no billing check).
+   */
   async getLogs(buildId) {
-    return this.authenticatedTextRequest(`/builds/${encodeURIComponent(buildId)}/logs`);
+    return this.sessionOrSignatureTextRequest(`/builds/${encodeURIComponent(buildId)}/logs`);
   }
   async listBuilds(params) {
     const res = await requestWithRetry({
@@ -7639,7 +8010,9 @@ var BuildApiClient = class {
       method: "GET",
       params,
       headers: this.clientId ? { "x-client-id": this.clientId } : void 0,
-      timeout: 6e4
+      timeout: 6e4,
+      validateStatus: () => true,
+      withCredentials: this.useSession
     });
     if (res.status < 200 || res.status >= 300) throw buildApiHttpError(res);
     return res.data;
@@ -7649,12 +8022,18 @@ var BuildApiClient = class {
       url: `${this.baseUrl}${path8}`,
       method: "GET",
       headers: this.clientId ? { "x-client-id": this.clientId } : void 0,
-      timeout: 6e4
+      timeout: 6e4,
+      validateStatus: () => true,
+      withCredentials: this.useSession
     });
     if (res.status < 200 || res.status >= 300) throw buildApiHttpError(res);
     return res.data;
   }
-  async authenticatedJsonRequest(path8, method, body) {
+  /**
+   * Make a request that ALWAYS requires signature auth (for billing verification).
+   * Used for endpoints like POST /builds that need to verify subscription status.
+   */
+  async signatureAuthJsonRequest(path8, method, body) {
     if (!this.walletClient?.account) {
       throw new Error("WalletClient with account required for authenticated requests");
     }
@@ -7676,32 +8055,69 @@ var BuildApiClient = class {
       method,
       headers,
       data: body,
-      timeout: 6e4
+      timeout: 6e4,
+      validateStatus: () => true,
+      withCredentials: this.useSession
     });
     if (res.status < 200 || res.status >= 300) throw buildApiHttpError(res);
     return res.data;
   }
-  async authenticatedTextRequest(path8) {
-    if (!this.walletClient?.account) {
-      throw new Error("WalletClient with account required for authenticated requests");
+  /**
+   * Make a request using billing session auth (for billing verification without wallet signature).
+   * Forwards the billing_session cookie value via X-Billing-Session header.
+   * Used for endpoints that need to verify subscription status when using session-based auth.
+   */
+  async billingSessionAuthJsonRequest(path8, method, body) {
+    if (!this.billingSessionId) {
+      throw new Error("billingSessionId required for session-based billing auth");
     }
-    const headers = {};
+    const headers = {
+      "Content-Type": "application/json",
+      "X-Billing-Session": this.billingSessionId
+    };
     if (this.clientId) headers["x-client-id"] = this.clientId;
-    const expiry = BigInt(Math.floor(Date.now() / 1e3) + 60);
-    const { signature } = await calculateBillingAuthSignature({
-      walletClient: this.walletClient,
-      product: "compute",
-      expiry
+    const res = await requestWithRetry({
+      url: `${this.baseUrl}${path8}`,
+      method,
+      headers,
+      data: body,
+      timeout: 6e4,
+      validateStatus: () => true,
+      withCredentials: this.useSession
     });
-    headers.Authorization = `Bearer ${signature}`;
-    headers["X-eigenx-expiry"] = expiry.toString();
-    headers["X-Account"] = this.address;
+    if (res.status < 200 || res.status >= 300) throw buildApiHttpError(res);
+    return res.data;
+  }
+  /**
+   * Make an authenticated request that can use session OR signature auth.
+   * When useSession is true, relies on cookies for identity verification.
+   * Used for endpoints that only need identity verification (not billing).
+   */
+  async sessionOrSignatureTextRequest(path8) {
+    const headers = {};
+    if (this.clientId) headers["x-client-id"] = this.clientId;
+    if (!this.useSession) {
+      if (!this.walletClient?.account) {
+        throw new Error("WalletClient with account required for authenticated requests");
+      }
+      const expiry = BigInt(Math.floor(Date.now() / 1e3) + 60);
+      const { signature } = await calculateBillingAuthSignature({
+        walletClient: this.walletClient,
+        product: "compute",
+        expiry
+      });
+      headers.Authorization = `Bearer ${signature}`;
+      headers["X-eigenx-expiry"] = expiry.toString();
+      headers["X-Account"] = this.address;
+    }
     const res = await requestWithRetry({
       url: `${this.baseUrl}${path8}`,
       method: "GET",
       headers,
       timeout: 6e4,
-      responseType: "text"
+      responseType: "text",
+      validateStatus: () => true,
+      withCredentials: this.useSession
     });
     if (res.status < 200 || res.status >= 300) throw buildApiHttpError(res);
     return typeof res.data === "string" ? res.data : JSON.stringify(res.data);
@@ -8268,6 +8684,9 @@ function isSiweMessageNotYetValid(params) {
   return /* @__PURE__ */ new Date() < params.notBefore;
 }
 
+// src/client/common/auth/index.ts
+init_session();
+
 // src/client/common/utils/instance.ts
 async function getCurrentInstanceType(preflightCtx, appID, logger, clientId) {
   try {