@layr-labs/ecloud-sdk 0.5.0 → 1.0.0-dev.1

package/dist/index.d.cts

@@ -1,13 +1,13 @@
-import { C as ComputeModule } from './compute-Ckyn8ils.cjs';
-export { a as ComputeModuleConfig, b as CreateAppOpts, L as LogsOptions, P as PRIMARY_LANGUAGES, S as SDKCreateAppOpts, c as createApp, d as createComputeModule, e as encodeStartAppData, f as encodeStopAppData, g as encodeTerminateAppData, h as getAvailableTemplates, l as logs } from './compute-Ckyn8ils.cjs';
+import { C as ComputeModule } from './compute-Bn6KcW3x.cjs';
+export { a as ComputeModuleConfig, b as CreateAppOpts, L as LogsOptions, P as PRIMARY_LANGUAGES, S as SDKCreateAppOpts, c as createApp, d as createComputeModule, e as encodeStartAppData, f as encodeStopAppData, g as encodeTerminateAppData, h as getAvailableTemplates, l as logs } from './compute-Bn6KcW3x.cjs';
 import { BillingModule } from './billing.cjs';
 export { BillingModuleConfig, createBillingModule } from './billing.cjs';
 import { WalletClient, PublicClient, Address, Hex } from 'viem';
 export { AttestClient, AttestClientConfig, JwtProvider } from './attest.cjs';
-import { S as PreparedDeploy, G as GasEstimate, E as EnvironmentConfig, F as Logger, p as DeployResult, V as PreparedUpgrade, A as AppId } from './index-U2vKBrry.cjs';
-export { a as AlreadyActiveResponse, c as AppProfile, d as AppProfileResponse, e as AppRecord, f as BillingEnvironmentConfig, g as CancelResponse, h as CancelSuccessResponse, i as ChainID, j as CheckoutCreatedResponse, k as CreateSubscriptionOptions, l as CreateSubscriptionResponse, m as DeployAppOpts, n as DeployOptions, o as DeployProgressCallback, q as DeployStep, r as DockerImageConfig, s as EstimateGasOptions, u as ExecuteDeployResult, w as ExecuteUpgradeResult, x as GasOpts, y as GetSubscriptionOptions, I as ImageDigestResult, L as LifecycleOpts, N as NoActiveSubscriptionResponse, P as ParsedEnvironment, H as PaymentIssueResponse, K as PrepareDeployFromVerifiableBuildOpts, M as PrepareDeployOpts, Q as PrepareUpgradeFromVerifiableBuildOpts, R as PrepareUpgradeOpts, U as PreparedDeployData, X as PreparedUpgradeData, Y as ProductID, Z as ProductSubscriptionResponse, _ as Release, a0 as SequentialDeployResult, a1 as SubscribeResponse, a2 as SubscriptionLineItem, a3 as SubscriptionOpts, a4 as SubscriptionStatus, a8 as UpgradeAppOpts, a9 as calculateAppID, ab as estimateTransactionGas, ag as formatETH, ai as getAllAppsByDeveloper, az as getAppLatestReleaseBlockNumbers, aj as getAppsByBillingAccount, am as getBillingType, aA as getBlockTimestamps, ap as logVisibility, aq as noopLogger } from './index-U2vKBrry.cjs';
-import { L as LogVisibility, aj as ResourceUsageMonitoring } from './helpers-DZL2bg9p.cjs';
-export { A as AppInfo, d as AppMetrics, e as AppProfileInfo, ak as AppRelease, al as AppReleaseBuild, am as AppResponse, B as BillingApiClient, C as ComputeApiConfig, l as CreateAppParams, an as DeployParams, E as EstimateBatchGasOptions, G as GeneratedKey, o as LoginRequest, p as LoginResult, q as LogsParams, a as SessionError, S as SessionInfo, b as SiweMessageParams, r as SiweMessageResult, ao as UpgradeParams, U as UserApiClient, t as addHexPrefix, ap as assertValidFilePath, u as assertValidImageReference, v as assertValidPrivateKey, w as checkERC7702Delegation, x as createSiweMessage, aq as createViemClients, y as estimateBatchGas, D as extractAppNameFromImage, F as generateNewPrivateKey, H as generateNonce, I as getAvailableEnvironments, K as getBillingEnvironmentConfig, M as getBuildType, N as getChainFromID, O as getComputeApiSession, P as getEnvironmentConfig, R as isEnvironmentAvailable, T as isMainnet, V as isSessionValid, W as isSiweMessageExpired, X as isSiweMessageNotYetValid, Y as isSubscriptionActive, $ as loginToComputeApi, a2 as logoutFromComputeApi, a3 as parseSiweMessage, a4 as sanitizeString, a5 as sanitizeURL, a6 as sanitizeXURL, a7 as stripHexPrefix, a8 as validateAppID, a9 as validateAppName, aa as validateCreateAppParams, ar as validateDeployParams, ab as validateDescription, as as validateFilePath, at as validateImagePath, ac as validateImageReference, ad as validateInstanceTypeSKU, ae as validateLogVisibility, af as validateLogsParams, ag as validatePrivateKeyFormat, au as validateResourceUsageMonitoring, ah as validateURL, av as validateUpgradeParams, ai as validateXURL } from './helpers-DZL2bg9p.cjs';
+import { V as PreparedDeploy, G as GasEstimate, E as EnvironmentConfig, H as Logger, q as DeployResult, Y as PreparedUpgrade, A as AppId } from './index-BbH7ZCIu.cjs';
+export { a as AlreadyActiveResponse, c as AppProfile, d as AppProfileResponse, e as AppRecord, f as BillingEnvironmentConfig, g as CancelResponse, h as CancelSuccessResponse, i as ChainID, j as CheckoutCreatedResponse, k as CreateSubscriptionOptions, l as CreateSubscriptionResponse, m as CreditPurchaseResponse, n as DeployAppOpts, o as DeployOptions, p as DeployProgressCallback, r as DeployStep, s as DockerImageConfig, t as EstimateGasOptions, v as ExecuteDeployResult, x as ExecuteUpgradeResult, y as GasOpts, z as GetSubscriptionOptions, I as ImageDigestResult, L as LifecycleOpts, N as NoActiveSubscriptionResponse, P as ParsedEnvironment, J as PaymentIssueResponse, K as PaymentMethod, M as PaymentMethodsResponse, Q as PrepareDeployFromVerifiableBuildOpts, R as PrepareDeployOpts, T as PrepareUpgradeFromVerifiableBuildOpts, U as PrepareUpgradeOpts, X as PreparedDeployData, _ as PreparedUpgradeData, $ as ProductID, a0 as ProductSubscriptionResponse, a1 as Release, a3 as SequentialDeployResult, a4 as SubscribeResponse, a5 as SubscriptionLineItem, a6 as SubscriptionOpts, a7 as SubscriptionStatus, ab as UpgradeAppOpts, ac as calculateAppID, ae as estimateTransactionGas, aj as formatETH, al as getAllAppsByDeveloper, aC as getAppLatestReleaseBlockNumbers, am as getAppsByBillingAccount, ap as getBillingType, aD as getBlockTimestamps, as as logVisibility, at as noopLogger } from './index-BbH7ZCIu.cjs';
+import { L as LogVisibility, aj as ResourceUsageMonitoring } from './helpers-CfsfcGJO.cjs';
+export { A as AppInfo, d as AppMetrics, e as AppProfileInfo, ak as AppRelease, al as AppReleaseBuild, am as AppResponse, B as BillingApiClient, C as ComputeApiConfig, l as CreateAppParams, an as DeployParams, E as EstimateBatchGasOptions, G as GeneratedKey, o as LoginRequest, p as LoginResult, q as LogsParams, a as SessionError, S as SessionInfo, b as SiweMessageParams, r as SiweMessageResult, ao as UpgradeParams, U as UserApiClient, t as addHexPrefix, ap as assertValidFilePath, u as assertValidImageReference, v as assertValidPrivateKey, w as checkERC7702Delegation, x as createSiweMessage, aq as createViemClients, y as estimateBatchGas, D as extractAppNameFromImage, F as generateNewPrivateKey, H as generateNonce, I as getAvailableEnvironments, K as getBillingEnvironmentConfig, M as getBuildType, N as getChainFromID, O as getComputeApiSession, P as getEnvironmentConfig, R as isEnvironmentAvailable, T as isMainnet, V as isSessionValid, W as isSiweMessageExpired, X as isSiweMessageNotYetValid, Y as isSubscriptionActive, $ as loginToComputeApi, a2 as logoutFromComputeApi, a3 as parseSiweMessage, a4 as sanitizeString, a5 as sanitizeURL, a6 as sanitizeXURL, a7 as stripHexPrefix, a8 as validateAppID, a9 as validateAppName, aa as validateCreateAppParams, ar as validateDeployParams, ab as validateDescription, as as validateFilePath, at as validateImagePath, ac as validateImageReference, ad as validateInstanceTypeSKU, ae as validateLogVisibility, af as validateLogsParams, ag as validatePrivateKeyFormat, au as validateResourceUsageMonitoring, ah as validateURL, av as validateUpgradeParams, ai as validateXURL } from './helpers-CfsfcGJO.cjs';
 
 interface SubmitBuildRequest {
     repoUrl: string;

package/dist/index.d.ts

@@ -1,13 +1,13 @@
-import { C as ComputeModule } from './compute-Cnw6rwSB.js';
-export { a as ComputeModuleConfig, b as CreateAppOpts, L as LogsOptions, P as PRIMARY_LANGUAGES, S as SDKCreateAppOpts, c as createApp, d as createComputeModule, e as encodeStartAppData, f as encodeStopAppData, g as encodeTerminateAppData, h as getAvailableTemplates, l as logs } from './compute-Cnw6rwSB.js';
+import { C as ComputeModule } from './compute-Do2t0Fo8.js';
+export { a as ComputeModuleConfig, b as CreateAppOpts, L as LogsOptions, P as PRIMARY_LANGUAGES, S as SDKCreateAppOpts, c as createApp, d as createComputeModule, e as encodeStartAppData, f as encodeStopAppData, g as encodeTerminateAppData, h as getAvailableTemplates, l as logs } from './compute-Do2t0Fo8.js';
 import { BillingModule } from './billing.js';
 export { BillingModuleConfig, createBillingModule } from './billing.js';
 import { WalletClient, PublicClient, Address, Hex } from 'viem';
 export { AttestClient, AttestClientConfig, JwtProvider } from './attest.js';
-import { S as PreparedDeploy, G as GasEstimate, E as EnvironmentConfig, F as Logger, p as DeployResult, V as PreparedUpgrade, A as AppId } from './index-U2vKBrry.js';
-export { a as AlreadyActiveResponse, c as AppProfile, d as AppProfileResponse, e as AppRecord, f as BillingEnvironmentConfig, g as CancelResponse, h as CancelSuccessResponse, i as ChainID, j as CheckoutCreatedResponse, k as CreateSubscriptionOptions, l as CreateSubscriptionResponse, m as DeployAppOpts, n as DeployOptions, o as DeployProgressCallback, q as DeployStep, r as DockerImageConfig, s as EstimateGasOptions, u as ExecuteDeployResult, w as ExecuteUpgradeResult, x as GasOpts, y as GetSubscriptionOptions, I as ImageDigestResult, L as LifecycleOpts, N as NoActiveSubscriptionResponse, P as ParsedEnvironment, H as PaymentIssueResponse, K as PrepareDeployFromVerifiableBuildOpts, M as PrepareDeployOpts, Q as PrepareUpgradeFromVerifiableBuildOpts, R as PrepareUpgradeOpts, U as PreparedDeployData, X as PreparedUpgradeData, Y as ProductID, Z as ProductSubscriptionResponse, _ as Release, a0 as SequentialDeployResult, a1 as SubscribeResponse, a2 as SubscriptionLineItem, a3 as SubscriptionOpts, a4 as SubscriptionStatus, a8 as UpgradeAppOpts, a9 as calculateAppID, ab as estimateTransactionGas, ag as formatETH, ai as getAllAppsByDeveloper, az as getAppLatestReleaseBlockNumbers, aj as getAppsByBillingAccount, am as getBillingType, aA as getBlockTimestamps, ap as logVisibility, aq as noopLogger } from './index-U2vKBrry.js';
-import { L as LogVisibility, aj as ResourceUsageMonitoring } from './helpers-Dj2ME5rp.js';
-export { A as AppInfo, d as AppMetrics, e as AppProfileInfo, ak as AppRelease, al as AppReleaseBuild, am as AppResponse, B as BillingApiClient, C as ComputeApiConfig, l as CreateAppParams, an as DeployParams, E as EstimateBatchGasOptions, G as GeneratedKey, o as LoginRequest, p as LoginResult, q as LogsParams, a as SessionError, S as SessionInfo, b as SiweMessageParams, r as SiweMessageResult, ao as UpgradeParams, U as UserApiClient, t as addHexPrefix, ap as assertValidFilePath, u as assertValidImageReference, v as assertValidPrivateKey, w as checkERC7702Delegation, x as createSiweMessage, aq as createViemClients, y as estimateBatchGas, D as extractAppNameFromImage, F as generateNewPrivateKey, H as generateNonce, I as getAvailableEnvironments, K as getBillingEnvironmentConfig, M as getBuildType, N as getChainFromID, O as getComputeApiSession, P as getEnvironmentConfig, R as isEnvironmentAvailable, T as isMainnet, V as isSessionValid, W as isSiweMessageExpired, X as isSiweMessageNotYetValid, Y as isSubscriptionActive, $ as loginToComputeApi, a2 as logoutFromComputeApi, a3 as parseSiweMessage, a4 as sanitizeString, a5 as sanitizeURL, a6 as sanitizeXURL, a7 as stripHexPrefix, a8 as validateAppID, a9 as validateAppName, aa as validateCreateAppParams, ar as validateDeployParams, ab as validateDescription, as as validateFilePath, at as validateImagePath, ac as validateImageReference, ad as validateInstanceTypeSKU, ae as validateLogVisibility, af as validateLogsParams, ag as validatePrivateKeyFormat, au as validateResourceUsageMonitoring, ah as validateURL, av as validateUpgradeParams, ai as validateXURL } from './helpers-Dj2ME5rp.js';
+import { V as PreparedDeploy, G as GasEstimate, E as EnvironmentConfig, H as Logger, q as DeployResult, Y as PreparedUpgrade, A as AppId } from './index-BbH7ZCIu.js';
+export { a as AlreadyActiveResponse, c as AppProfile, d as AppProfileResponse, e as AppRecord, f as BillingEnvironmentConfig, g as CancelResponse, h as CancelSuccessResponse, i as ChainID, j as CheckoutCreatedResponse, k as CreateSubscriptionOptions, l as CreateSubscriptionResponse, m as CreditPurchaseResponse, n as DeployAppOpts, o as DeployOptions, p as DeployProgressCallback, r as DeployStep, s as DockerImageConfig, t as EstimateGasOptions, v as ExecuteDeployResult, x as ExecuteUpgradeResult, y as GasOpts, z as GetSubscriptionOptions, I as ImageDigestResult, L as LifecycleOpts, N as NoActiveSubscriptionResponse, P as ParsedEnvironment, J as PaymentIssueResponse, K as PaymentMethod, M as PaymentMethodsResponse, Q as PrepareDeployFromVerifiableBuildOpts, R as PrepareDeployOpts, T as PrepareUpgradeFromVerifiableBuildOpts, U as PrepareUpgradeOpts, X as PreparedDeployData, _ as PreparedUpgradeData, $ as ProductID, a0 as ProductSubscriptionResponse, a1 as Release, a3 as SequentialDeployResult, a4 as SubscribeResponse, a5 as SubscriptionLineItem, a6 as SubscriptionOpts, a7 as SubscriptionStatus, ab as UpgradeAppOpts, ac as calculateAppID, ae as estimateTransactionGas, aj as formatETH, al as getAllAppsByDeveloper, aC as getAppLatestReleaseBlockNumbers, am as getAppsByBillingAccount, ap as getBillingType, aD as getBlockTimestamps, as as logVisibility, at as noopLogger } from './index-BbH7ZCIu.js';
+import { L as LogVisibility, aj as ResourceUsageMonitoring } from './helpers-BRamdfGn.js';
+export { A as AppInfo, d as AppMetrics, e as AppProfileInfo, ak as AppRelease, al as AppReleaseBuild, am as AppResponse, B as BillingApiClient, C as ComputeApiConfig, l as CreateAppParams, an as DeployParams, E as EstimateBatchGasOptions, G as GeneratedKey, o as LoginRequest, p as LoginResult, q as LogsParams, a as SessionError, S as SessionInfo, b as SiweMessageParams, r as SiweMessageResult, ao as UpgradeParams, U as UserApiClient, t as addHexPrefix, ap as assertValidFilePath, u as assertValidImageReference, v as assertValidPrivateKey, w as checkERC7702Delegation, x as createSiweMessage, aq as createViemClients, y as estimateBatchGas, D as extractAppNameFromImage, F as generateNewPrivateKey, H as generateNonce, I as getAvailableEnvironments, K as getBillingEnvironmentConfig, M as getBuildType, N as getChainFromID, O as getComputeApiSession, P as getEnvironmentConfig, R as isEnvironmentAvailable, T as isMainnet, V as isSessionValid, W as isSiweMessageExpired, X as isSiweMessageNotYetValid, Y as isSubscriptionActive, $ as loginToComputeApi, a2 as logoutFromComputeApi, a3 as parseSiweMessage, a4 as sanitizeString, a5 as sanitizeURL, a6 as sanitizeXURL, a7 as stripHexPrefix, a8 as validateAppID, a9 as validateAppName, aa as validateCreateAppParams, ar as validateDeployParams, ab as validateDescription, as as validateFilePath, at as validateImagePath, ac as validateImageReference, ad as validateInstanceTypeSKU, ae as validateLogVisibility, af as validateLogsParams, ag as validatePrivateKeyFormat, au as validateResourceUsageMonitoring, ah as validateURL, av as validateUpgradeParams, ai as validateXURL } from './helpers-BRamdfGn.js';
 
 interface SubmitBuildRequest {
     repoUrl: string;

package/dist/index.js

@@ -4837,7 +4837,7 @@ var CanViewAppLogsPermission = "0x2fd3f2fe";
 var CanViewSensitiveAppInfoPermission = "0x0e67b22f";
 var CanUpdateAppProfilePermission = "0x036fef61";
 function getDefaultClientId() {
-  const version = true ? "0.5.0" : "0.0.0";
+  const version = true ? "1.0.0-dev.1" : "0.0.0";
   return `ecloud-sdk/v${version}`;
 }
 var UserApiClient = class {
@@ -5674,7 +5674,13 @@ function getEnvironmentConfig(environment, chainID) {
   const resolvedChainID = chainID || (environment === "sepolia" || environment === "sepolia-dev" ? SEPOLIA_CHAIN_ID : MAINNET_CHAIN_ID);
   return {
     ...env,
-    chainID: BigInt(resolvedChainID)
+    chainID: BigInt(resolvedChainID),
+    ...process.env.ECLOUD_USER_API_URL && {
+      userApiServerURL: process.env.ECLOUD_USER_API_URL
+    },
+    ...process.env.ECLOUD_RPC_URL && {
+      defaultRPCURL: process.env.ECLOUD_RPC_URL
+    }
   };
 }
 function getBillingEnvironmentConfig(build) {
@@ -5682,10 +5688,15 @@ function getBillingEnvironmentConfig(build) {
   if (!config) {
     throw new Error(`Unknown billing environment: ${build}`);
   }
-  return config;
+  return {
+    ...config,
+    ...process.env.ECLOUD_BILLING_API_URL && {
+      billingApiServerURL: process.env.ECLOUD_BILLING_API_URL
+    }
+  };
 }
 function getBuildType() {
-  const buildTimeType = true ? "prod"?.toLowerCase() : void 0;
+  const buildTimeType = true ? "dev"?.toLowerCase() : void 0;
   const runtimeType = process.env.BUILD_TYPE?.toLowerCase();
   const buildType = buildTimeType || runtimeType;
   if (buildType === "dev") {
@@ -5987,6 +5998,20 @@ var BillingApiClient = class {
     const endpoint = `${this.config.billingApiServerURL}/products/${productId}/subscription`;
     await this.makeAuthenticatedRequest(endpoint, "DELETE", productId);
   }
+  async getPaymentMethods() {
+    const endpoint = `${this.config.billingApiServerURL}/v1/payment-methods`;
+    const resp = await this.makeAuthenticatedRequest(endpoint, "GET", "compute");
+    return resp.json();
+  }
+  async purchaseCredits(amountCents, paymentMethodId) {
+    const endpoint = `${this.config.billingApiServerURL}/v1/credits/purchase`;
+    const body = { amountCents };
+    if (paymentMethodId) {
+      body.paymentMethodId = paymentMethodId;
+    }
+    const resp = await this.makeAuthenticatedRequest(endpoint, "POST", "compute", body);
+    return resp.json();
+  }
   // ==========================================================================
   // Internal Methods
   // ==========================================================================
@@ -5996,10 +6021,19 @@ var BillingApiClient = class {
    * Uses session auth if useSession is true, otherwise uses EIP-712 signature auth.
    */
   async makeAuthenticatedRequest(url, method, productId, body) {
-    if (this.useSession) {
-      return this.makeSessionAuthenticatedRequest(url, method, body);
+    if (this.options.verbose) {
+      console.debug(`[BillingAPI] ${method} ${url}`);
+    }
+    const resp = this.useSession ? await this.makeSessionAuthenticatedRequest(url, method, body) : await this.makeSignatureAuthenticatedRequest(url, method, productId, body);
+    if (this.options.verbose) {
+      const data = await resp.json();
+      console.debug(`[BillingAPI] Response:`, JSON.stringify(data, null, 2));
+      return {
+        json: async () => data,
+        text: async () => JSON.stringify(data)
+      };
     }
-    return this.makeSignatureAuthenticatedRequest(url, method, productId, body);
+    return resp;
   }
   /**
    * Make a request using session-based authentication (cookies)
@@ -8188,7 +8222,7 @@ function createBillingModule(config) {
   const address = walletClient.account.address;
   const logger = getLogger(verbose);
   const billingEnvConfig = getBillingEnvironmentConfig(getBuildType());
-  const billingApi = new BillingApiClient(billingEnvConfig, walletClient);
+  const billingApi = new BillingApiClient(billingEnvConfig, walletClient, { verbose });
   const environmentConfig = getEnvironmentConfig(environment);
   const usdcCreditsAddress = environmentConfig.usdcCreditsAddress;
   if (!usdcCreditsAddress) {
@@ -8352,6 +8386,12 @@ function createBillingModule(config) {
           };
         }
       );
+    },
+    async getPaymentMethods() {
+      return billingApi.getPaymentMethods();
+    },
+    async purchaseCredits(amountCents, paymentMethodId) {
+      return billingApi.purchaseCredits(amountCents, paymentMethodId);
     }
   };
   return module;
@@ -9169,7 +9209,10 @@ var AttestClient = class {
   constructor(config) {
     this.config = config;
   }
-  async attest() {
+  async attest(extraData) {
+    if (extraData && extraData.length > 1048576) {
+      throw new Error(`extraData exceeds 1MB limit (${extraData.length} bytes)`);
+    }
     const { publicKey, privateKey } = generateKeyPairSync("rsa", {
       modulusLength: 4096,
       publicKeyEncoding: { type: "spki", format: "pem" },
@@ -9177,8 +9220,8 @@ var AttestClient = class {
     });
     const challengeHash = createHash("sha256").update(CHALLENGE_PREFIX).update(NULL_BYTE).update(publicKey).digest();
     const socketPath = this.config.socketPath ?? DEFAULT_SOCKET_PATH;
-    const attestationBytes = await this.getAttestation(socketPath, challengeHash);
-    const attestResponse = await this.postAttest(attestationBytes, publicKey);
+    const attestationBytes = await this.getAttestation(socketPath, challengeHash, extraData);
+    const attestResponse = await this.postAttest(attestationBytes, publicKey, extraData);
     this.verifySignature(JSON.stringify(attestResponse.data), attestResponse.signature);
     const rsaPrivateKey = await crypto.subtle.importKey(
       "pkcs8",
@@ -9210,9 +9253,13 @@ var AttestClient = class {
       throw new Error("KMS response signature verification failed");
     }
   }
-  getAttestation(socketPath, challenge) {
+  getAttestation(socketPath, challenge, extraData) {
     return new Promise((resolve2, reject) => {
-      const body = JSON.stringify({ challenge: challenge.toString("base64") });
+      const requestBody = { challenge: challenge.toString("base64") };
+      if (extraData && extraData.length > 0) {
+        requestBody.extra_data = extraData.toString("base64");
+      }
+      const body = JSON.stringify(requestBody);
       const req = http2.request(
         {
           socketPath,
@@ -9240,14 +9287,18 @@ var AttestClient = class {
       req.end();
     });
   }
-  async postAttest(attestationBytes, rsaPublicKey) {
+  async postAttest(attestationBytes, rsaPublicKey, extraData) {
     const url = `${this.config.kmsServerURL}/auth/attest`;
-    const body = JSON.stringify({
+    const requestBody = {
       version: 3,
       attestation: attestationBytes.toString("base64"),
       rsaKey: rsaPublicKey,
       audience: this.config.audience
-    });
+    };
+    if (extraData && extraData.length > 0) {
+      requestBody.extra_data = extraData.toString("base64");
+    }
+    const body = JSON.stringify(requestBody);
     const response = await fetch(url, {
       method: "POST",
       headers: { "Content-Type": "application/json" },
@@ -9269,10 +9320,21 @@ function pemToBuffer(pem) {
 // src/client/modules/attest/jwt-provider.ts
 var JwtProvider = class {
   constructor(attestClient, bufferSeconds = 30) {
+    this.pendingExtraData = /* @__PURE__ */ new Map();
     this.attestClient = attestClient;
     this.bufferSeconds = bufferSeconds;
   }
-  async getToken() {
+  async getToken(extraData) {
+    if (extraData && extraData.length > 0) {
+      const key = extraData.toString("hex");
+      const existing = this.pendingExtraData.get(key);
+      if (existing) return existing;
+      const promise = this.attestClient.attest(extraData).finally(() => {
+        this.pendingExtraData.delete(key);
+      });
+      this.pendingExtraData.set(key, promise);
+      return promise;
+    }
     if (this.cachedToken && !this.isExpiringSoon()) {
       return this.cachedToken;
     }