@limitless-exchange/sdk 1.0.2 → 1.0.4

package/dist/index.js

@@ -31,35 +31,47 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 var index_exports = {};
 __export(index_exports, {
   APIError: () => APIError,
+  ApiTokenService: () => ApiTokenService,
   AuthenticationError: () => AuthenticationError,
   BASE_SEPOLIA_CHAIN_ID: () => BASE_SEPOLIA_CHAIN_ID,
   CONTRACT_ADDRESSES: () => CONTRACT_ADDRESSES,
+  Client: () => Client,
   ConsoleLogger: () => ConsoleLogger,
   DEFAULT_API_URL: () => DEFAULT_API_URL,
   DEFAULT_CHAIN_ID: () => DEFAULT_CHAIN_ID,
   DEFAULT_WS_URL: () => DEFAULT_WS_URL,
+  DelegatedOrderService: () => DelegatedOrderService,
   HttpClient: () => HttpClient,
   Market: () => Market,
   MarketFetcher: () => MarketFetcher,
+  MarketPageFetcher: () => MarketPageFetcher,
   NoOpLogger: () => NoOpLogger,
   OrderBuilder: () => OrderBuilder,
   OrderClient: () => OrderClient,
   OrderSigner: () => OrderSigner,
   OrderType: () => OrderType,
   OrderValidationError: () => OrderValidationError,
+  PartnerAccountService: () => PartnerAccountService,
   PortfolioFetcher: () => PortfolioFetcher,
   RateLimitError: () => RateLimitError,
   RetryConfig: () => RetryConfig,
   RetryableClient: () => RetryableClient,
   SIGNING_MESSAGE_TEMPLATE: () => SIGNING_MESSAGE_TEMPLATE,
+  ScopeAccountCreation: () => ScopeAccountCreation,
+  ScopeDelegatedSigning: () => ScopeDelegatedSigning,
+  ScopeTrading: () => ScopeTrading,
   Side: () => Side,
   SignatureType: () => SignatureType,
   ValidationError: () => ValidationError,
   WebSocketClient: () => WebSocketClient,
   WebSocketState: () => WebSocketState,
   ZERO_ADDRESS: () => ZERO_ADDRESS,
+  buildHMACMessage: () => buildHMACMessage,
+  computeHMACSignature: () => computeHMACSignature,
   getContractAddress: () => getContractAddress,
   retryOnErrors: () => retryOnErrors,
+  toFiniteInteger: () => toFiniteInteger,
+  toFiniteNumber: () => toFiniteNumber,
   validateOrderArgs: () => validateOrderArgs,
   validateSignedOrder: () => validateSignedOrder,
   validateUnsignedOrder: () => validateUnsignedOrder,
@@ -67,6 +79,11 @@ __export(index_exports, {
 });
 module.exports = __toCommonJS(index_exports);
 
+// src/types/api-tokens.ts
+var ScopeTrading = "trading";
+var ScopeAccountCreation = "account_creation";
+var ScopeDelegatedSigning = "delegated_signing";
+
 // src/types/logger.ts
 var NoOpLogger = class {
   debug() {
@@ -224,6 +241,40 @@ function getContractAddress(contractType, chainId = DEFAULT_CHAIN_ID) {
   return address;
 }
 
+// src/utils/sdk-tracking.ts
+var SDK_ID = "lmts-sdk-ts";
+function isNodeRuntime() {
+  return typeof process !== "undefined" && !!process.versions?.node;
+}
+function resolveSdkVersion() {
+  if ("1.0.4") {
+    return "1.0.4";
+  }
+  return "0.0.0";
+}
+function resolveRuntimeToken() {
+  if (isNodeRuntime()) {
+    return `node/${process.versions.node}`;
+  }
+  return "runtime/unknown";
+}
+function buildSdkTrackingHeaders() {
+  const sdkVersion = resolveSdkVersion();
+  const headers = {
+    "x-sdk-version": `${SDK_ID}/${sdkVersion}`
+  };
+  if (isNodeRuntime()) {
+    headers["user-agent"] = `${SDK_ID}/${sdkVersion} (${resolveRuntimeToken()})`;
+  }
+  return headers;
+}
+function buildWebSocketTrackingHeaders() {
+  if (!isNodeRuntime()) {
+    return {};
+  }
+  return buildSdkTrackingHeaders();
+}
+
 // src/api/errors.ts
 var APIError = class _APIError extends Error {
   /**
@@ -296,6 +347,19 @@ var ValidationError = class _ValidationError extends APIError {
   }
 };
 
+// src/api/hmac.ts
+var import_crypto = require("crypto");
+function buildHMACMessage(timestamp, method, path, body) {
+  return `${timestamp}
+${method.toUpperCase()}
+${path}
+${body}`;
+}
+function computeHMACSignature(secret, timestamp, method, path, body) {
+  const key = Buffer.from(secret, "base64");
+  return (0, import_crypto.createHmac)("sha256", key).update(buildHMACMessage(timestamp, method, path, body)).digest("base64");
+}
+
 // src/api/http.ts
 var HttpClient = class {
   /**
@@ -305,10 +369,14 @@ var HttpClient = class {
    */
   constructor(config = {}) {
     this.apiKey = config.apiKey || process.env.LIMITLESS_API_KEY;
+    this.hmacCredentials = config.hmacCredentials ? {
+      tokenId: config.hmacCredentials.tokenId,
+      secret: config.hmacCredentials.secret
+    } : void 0;
     this.logger = config.logger || new NoOpLogger();
-    if (!this.apiKey) {
+    if (!this.apiKey && !this.hmacCredentials) {
       this.logger.warn(
-        "API key not set. Authenticated endpoints will fail. Set LIMITLESS_API_KEY environment variable or pass apiKey parameter."
+        "Authentication not set. Authenticated endpoints will fail. Set LIMITLESS_API_KEY environment variable, pass apiKey, or configure hmacCredentials."
       );
     }
     const keepAlive = config.keepAlive !== false;
@@ -335,6 +403,7 @@ var HttpClient = class {
       headers: {
         "Content-Type": "application/json",
         Accept: "application/json",
+        ...buildSdkTrackingHeaders(),
         ...config.additionalHeaders
       }
     });
@@ -352,21 +421,42 @@ var HttpClient = class {
    */
   setupInterceptors() {
     this.client.interceptors.request.use(
-      (config) => {
-        if (this.apiKey) {
-          config.headers["X-API-Key"] = this.apiKey;
+      (rawConfig) => {
+        const config = rawConfig;
+        const headers = config.headers || (config.headers = {});
+        const identityToken = config.identityToken;
+        delete headers["X-API-Key"];
+        delete headers["lmts-api-key"];
+        delete headers["lmts-timestamp"];
+        delete headers["lmts-signature"];
+        delete headers.identity;
+        if (identityToken) {
+          headers.identity = `Bearer ${identityToken}`;
+        } else if (this.hmacCredentials) {
+          const requestPath = this.getRequestPath(config);
+          const requestBody = this.getRequestBodyForSignature(config.data);
+          const timestamp = (/* @__PURE__ */ new Date()).toISOString();
+          const signature = computeHMACSignature(
+            this.hmacCredentials.secret,
+            timestamp,
+            config.method || "GET",
+            requestPath,
+            requestBody
+          );
+          headers["lmts-api-key"] = this.hmacCredentials.tokenId;
+          headers["lmts-timestamp"] = timestamp;
+          headers["lmts-signature"] = signature;
+        } else if (this.apiKey) {
+          headers["X-API-Key"] = this.apiKey;
         }
         const fullUrl = `${config.baseURL || ""}${config.url || ""}`;
         const method = config.method?.toUpperCase() || "GET";
-        const logHeaders = { ...config.headers };
-        if (logHeaders["X-API-Key"]) {
-          logHeaders["X-API-Key"] = "***";
-        }
+        const logHeaders = this.maskSensitiveHeaders(headers);
         this.logger.debug(`\u2192 ${method} ${fullUrl}`, {
           headers: logHeaders,
           body: config.data
         });
-        return config;
+        return rawConfig;
       },
       (error) => Promise.reject(error)
     );
@@ -421,6 +511,42 @@ var HttpClient = class {
       }
     );
   }
+  /**
+   * Extracts a human-readable error message from API response payload.
+   * @internal
+   */
+  extractErrorMessage(data, fallback) {
+    if (!data) {
+      return fallback;
+    }
+    if (typeof data === "object") {
+      if (Array.isArray(data.message)) {
+        const messages = data.message.map((err) => {
+          const details = Object.entries(err || {}).filter(([_key, val]) => val !== "" && val !== null && val !== void 0).map(([key, val]) => `${key}: ${val}`).join(", ");
+          return details || JSON.stringify(err);
+        }).filter((msg) => msg.trim() !== "").join(" | ");
+        return messages || data.error || JSON.stringify(data);
+      }
+      return data.message || data.error || data.msg || data.errors && JSON.stringify(data.errors) || JSON.stringify(data);
+    }
+    return String(data);
+  }
+  /**
+   * Creates a typed API error class from status code.
+   * @internal
+   */
+  createTypedApiError(status, message, data, url, method) {
+    if (status === 429) {
+      return new RateLimitError(message, status, data, url, method);
+    }
+    if (status === 401 || status === 403) {
+      return new AuthenticationError(message, status, data, url, method);
+    }
+    if (status === 400) {
+      return new ValidationError(message, status, data, url, method);
+    }
+    return new APIError(message, status, data, url, method);
+  }
   /**
    * Sets the API key for authenticated requests.
    *
@@ -429,12 +555,86 @@ var HttpClient = class {
   setApiKey(apiKey) {
     this.apiKey = apiKey;
   }
+  /**
+   * Returns the configured API key, if any.
+   */
+  getApiKey() {
+    return this.apiKey;
+  }
   /**
    * Clears the API key.
    */
   clearApiKey() {
     this.apiKey = void 0;
   }
+  /**
+   * Sets HMAC credentials for scoped API-token authentication.
+   */
+  setHMACCredentials(credentials) {
+    this.hmacCredentials = {
+      tokenId: credentials.tokenId,
+      secret: credentials.secret
+    };
+  }
+  /**
+   * Clears HMAC credentials.
+   */
+  clearHMACCredentials() {
+    this.hmacCredentials = void 0;
+  }
+  /**
+   * Returns a copy of the configured HMAC credentials, if any.
+   */
+  getHMACCredentials() {
+    if (!this.hmacCredentials) {
+      return void 0;
+    }
+    return {
+      tokenId: this.hmacCredentials.tokenId,
+      secret: this.hmacCredentials.secret
+    };
+  }
+  /**
+   * Returns the logger attached to this HTTP client.
+   */
+  getLogger() {
+    return this.logger;
+  }
+  /**
+   * Returns true when cookie/header-based auth is configured on the underlying client.
+   * This is primarily used for custom authenticated flows that don't use API keys or HMAC.
+   */
+  hasConfiguredHeaderAuth() {
+    const defaultHeaders = this.client.defaults.headers;
+    const candidates = [defaultHeaders?.common, defaultHeaders];
+    for (const headers of candidates) {
+      if (!headers) {
+        continue;
+      }
+      const authValues = [
+        headers.Cookie,
+        headers.cookie,
+        headers.Authorization,
+        headers.authorization,
+        headers.identity
+      ];
+      if (authValues.some((value) => typeof value === "string" && value.trim() !== "")) {
+        return true;
+      }
+    }
+    return false;
+  }
+  /**
+   * Ensures the client has some authenticated transport configured.
+   */
+  requireAuth(operation) {
+    if (this.apiKey || this.hmacCredentials || this.hasConfiguredHeaderAuth()) {
+      return;
+    }
+    throw new Error(
+      `Authentication is required for ${operation}; pass apiKey, hmacCredentials, cookie/auth headers, or set LIMITLESS_API_KEY.`
+    );
+  }
   /**
    * Performs a GET request.
    *
@@ -446,6 +646,38 @@ var HttpClient = class {
     const response = await this.client.get(url, config);
     return response.data;
   }
+  /**
+   * Performs a GET request with identity-token authentication.
+   */
+  async getWithIdentity(url, identityToken, config) {
+    const response = await this.client.get(url, {
+      ...config,
+      identityToken
+    });
+    return response.data;
+  }
+  /**
+   * Performs a GET request and returns raw response metadata.
+   *
+   * @remarks
+   * Use this when callers need access to status code or headers (e.g. redirect `Location`).
+   *
+   * @param url - Request URL
+   * @param config - Additional request configuration
+   * @returns Promise resolving to status, headers, and response data
+   */
+  async getRaw(url, config) {
+    const response = await this.client.get(url, config);
+    if (response.status >= 400) {
+      const message = this.extractErrorMessage(response.data, `Request failed with status ${response.status}`);
+      throw this.createTypedApiError(response.status, message, response.data, url, "GET");
+    }
+    return {
+      status: response.status,
+      headers: response.headers,
+      data: response.data
+    };
+  }
   /**
    * Performs a POST request.
    *
@@ -458,6 +690,36 @@ var HttpClient = class {
     const response = await this.client.post(url, data, config);
     return response.data;
   }
+  /**
+   * Performs a POST request with identity-token authentication.
+   */
+  async postWithIdentity(url, identityToken, data, config) {
+    const response = await this.client.post(url, data, {
+      ...config,
+      identityToken
+    });
+    return response.data;
+  }
+  /**
+   * Performs a POST request with additional per-request headers.
+   */
+  async postWithHeaders(url, data, headers, config) {
+    const response = await this.client.post(url, data, {
+      ...config,
+      headers: {
+        ...config?.headers || {},
+        ...headers || {}
+      }
+    });
+    return response.data;
+  }
+  /**
+   * Performs a PATCH request.
+   */
+  async patch(url, data, config) {
+    const response = await this.client.patch(url, data, config);
+    return response.data;
+  }
   /**
    * Performs a DELETE request.
    *
@@ -480,6 +742,28 @@ var HttpClient = class {
     const response = await this.client.delete(url, deleteConfig);
     return response.data;
   }
+  getRequestPath(config) {
+    const resolved = new URL(config.url || "", config.baseURL || this.client.defaults.baseURL || DEFAULT_API_URL);
+    return `${resolved.pathname}${resolved.search}`;
+  }
+  getRequestBodyForSignature(data) {
+    if (data === void 0 || data === null || data === "") {
+      return "";
+    }
+    if (typeof data === "string") {
+      return data;
+    }
+    return JSON.stringify(data);
+  }
+  maskSensitiveHeaders(headers) {
+    const masked = { ...headers };
+    for (const key of ["X-API-Key", "lmts-api-key", "lmts-timestamp", "lmts-signature", "identity"]) {
+      if (masked[key] !== void 0) {
+        masked[key] = key === "identity" ? "Bearer ***" : "***";
+      }
+    }
+    return masked;
+  }
 };
 
 // src/api/retry.ts
@@ -663,6 +947,75 @@ var RetryableClient = class {
   }
 };
 
+// src/api-tokens/service.ts
+var ApiTokenService = class {
+  constructor(httpClient, logger) {
+    this.httpClient = httpClient;
+    this.logger = logger || new NoOpLogger();
+  }
+  async deriveToken(identityToken, input) {
+    if (!identityToken) {
+      throw new Error("Identity token is required for deriveToken");
+    }
+    this.logger.debug("Deriving API token", { scopes: input.scopes, label: input.label });
+    return this.httpClient.postWithIdentity("/auth/api-tokens/derive", identityToken, input);
+  }
+  async listTokens() {
+    this.httpClient.requireAuth("listTokens");
+    return this.httpClient.get("/auth/api-tokens");
+  }
+  async getCapabilities(identityToken) {
+    if (!identityToken) {
+      throw new Error("Identity token is required for getCapabilities");
+    }
+    return this.httpClient.getWithIdentity("/auth/api-tokens/capabilities", identityToken);
+  }
+  async revokeToken(tokenId) {
+    this.httpClient.requireAuth("revokeToken");
+    const response = await this.httpClient.delete(`/auth/api-tokens/${encodeURIComponent(tokenId)}`);
+    return response.message;
+  }
+};
+
+// src/partner-accounts/service.ts
+var _PartnerAccountService = class _PartnerAccountService {
+  constructor(httpClient, logger) {
+    this.httpClient = httpClient;
+    this.logger = logger || new NoOpLogger();
+  }
+  async createAccount(input, eoaHeaders) {
+    this.httpClient.requireAuth("createPartnerAccount");
+    const serverWalletMode = input.createServerWallet === true;
+    if (!serverWalletMode && !eoaHeaders) {
+      throw new Error("EOA headers are required when createServerWallet is not true");
+    }
+    if (input.displayName && input.displayName.length > _PartnerAccountService.DISPLAY_NAME_MAX_LENGTH) {
+      throw new Error(
+        `displayName must be at most ${_PartnerAccountService.DISPLAY_NAME_MAX_LENGTH} characters`
+      );
+    }
+    this.logger.debug("Creating partner account", {
+      displayName: input.displayName,
+      createServerWallet: input.createServerWallet
+    });
+    const payload = {
+      displayName: input.displayName,
+      createServerWallet: input.createServerWallet
+    };
+    return this.httpClient.postWithHeaders(
+      "/profiles/partner-accounts",
+      payload,
+      eoaHeaders ? {
+        "x-account": eoaHeaders.account,
+        "x-signing-message": eoaHeaders.signingMessage,
+        "x-signature": eoaHeaders.signature
+      } : void 0
+    );
+  }
+};
+_PartnerAccountService.DISPLAY_NAME_MAX_LENGTH = 44;
+var PartnerAccountService = _PartnerAccountService;
+
 // src/orders/builder.ts
 var import_ethers = require("ethers");
 var ZERO_ADDRESS2 = "0x0000000000000000000000000000000000000000";
@@ -951,6 +1304,104 @@ var OrderBuilder = class {
   }
 };
 
+// src/delegated-orders/service.ts
+var DEFAULT_DELEGATED_FEE_RATE_BPS = 300;
+var DelegatedOrderService = class {
+  constructor(httpClient, logger) {
+    this.httpClient = httpClient;
+    this.logger = logger || new NoOpLogger();
+  }
+  async createOrder(params) {
+    this.httpClient.requireAuth("createDelegatedOrder");
+    if (!Number.isInteger(params.onBehalfOf) || params.onBehalfOf <= 0) {
+      throw new Error("onBehalfOf must be a positive integer");
+    }
+    const feeRateBps = params.feeRateBps && params.feeRateBps > 0 ? params.feeRateBps : DEFAULT_DELEGATED_FEE_RATE_BPS;
+    const builder = new OrderBuilder(ZERO_ADDRESS, feeRateBps);
+    const unsignedOrder = builder.buildOrder(params.args);
+    const payload = {
+      order: {
+        salt: unsignedOrder.salt,
+        maker: unsignedOrder.maker,
+        signer: unsignedOrder.signer,
+        taker: unsignedOrder.taker,
+        tokenId: unsignedOrder.tokenId,
+        makerAmount: unsignedOrder.makerAmount,
+        takerAmount: unsignedOrder.takerAmount,
+        expiration: unsignedOrder.expiration,
+        nonce: unsignedOrder.nonce,
+        feeRateBps: unsignedOrder.feeRateBps,
+        side: unsignedOrder.side,
+        signatureType: 0 /* EOA */,
+        ...unsignedOrder.price !== void 0 ? { price: unsignedOrder.price } : {}
+      },
+      orderType: params.orderType,
+      marketSlug: params.marketSlug,
+      ownerId: params.onBehalfOf,
+      onBehalfOf: params.onBehalfOf
+    };
+    this.logger.debug("Creating delegated order", {
+      marketSlug: params.marketSlug,
+      onBehalfOf: params.onBehalfOf,
+      feeRateBps
+    });
+    return this.httpClient.post("/orders", payload);
+  }
+  async cancel(orderId) {
+    this.httpClient.requireAuth("cancelDelegatedOrder");
+    const response = await this.httpClient.delete(`/orders/${encodeURIComponent(orderId)}`);
+    return response.message;
+  }
+  async cancelOnBehalfOf(orderId, onBehalfOf) {
+    this.httpClient.requireAuth("cancelDelegatedOrder");
+    if (!Number.isInteger(onBehalfOf) || onBehalfOf <= 0) {
+      throw new Error("onBehalfOf must be a positive integer");
+    }
+    const response = await this.httpClient.delete(
+      `/orders/${encodeURIComponent(orderId)}?onBehalfOf=${onBehalfOf}`
+    );
+    return response.message;
+  }
+  async cancelAll(marketSlug) {
+    this.httpClient.requireAuth("cancelAllDelegatedOrders");
+    const response = await this.httpClient.delete(`/orders/all/${encodeURIComponent(marketSlug)}`);
+    return response.message;
+  }
+  async cancelAllOnBehalfOf(marketSlug, onBehalfOf) {
+    this.httpClient.requireAuth("cancelAllDelegatedOrders");
+    if (!Number.isInteger(onBehalfOf) || onBehalfOf <= 0) {
+      throw new Error("onBehalfOf must be a positive integer");
+    }
+    const response = await this.httpClient.delete(
+      `/orders/all/${encodeURIComponent(marketSlug)}?onBehalfOf=${onBehalfOf}`
+    );
+    return response.message;
+  }
+};
+
+// src/utils/number-flex.ts
+function toFiniteNumber(value) {
+  if (typeof value === "number") {
+    return Number.isFinite(value) ? value : void 0;
+  }
+  if (typeof value === "string") {
+    const trimmed = value.trim();
+    if (trimmed.length === 0) {
+      return void 0;
+    }
+    const parsed = Number(trimmed);
+    return Number.isFinite(parsed) ? parsed : void 0;
+  }
+  return void 0;
+}
+function toFiniteInteger(value) {
+  const parsed = toFiniteNumber(value);
+  if (parsed === void 0) {
+    return void 0;
+  }
+  return Number.isSafeInteger(parsed) ? parsed : void 0;
+}
+
 // src/orders/signer.ts
 var OrderSigner = class {
   /**
@@ -1092,7 +1543,7 @@ var OrderValidationError = class extends Error {
   }
 };
 function isFOKOrder(args) {
-  return "amount" in args;
+  return "makerAmount" in args;
 }
 function validateOrderArgs(args) {
   if (!args.tokenId) {
@@ -1614,9 +2065,14 @@ var OrderClient = class {
       });
       const portfolioFetcher = new PortfolioFetcher(this.httpClient);
       const profile = await portfolioFetcher.getProfile(this.wallet.address);
+      const userId = toFiniteInteger(profile.id);
+      const feeRateBps = toFiniteInteger(profile.rank?.feeRateBps) ?? 300;
+      if (userId === void 0) {
+        throw new Error(`Invalid user profile id: ${profile.id}`);
+      }
       this.cachedUserData = {
-        userId: profile.id,
-        feeRateBps: profile.rank?.feeRateBps || 300
+        userId,
+        feeRateBps
       };
       this.orderBuilder = new OrderBuilder(
         this.wallet.address,
@@ -1728,26 +2184,27 @@ var OrderClient = class {
    * @internal
    */
   transformOrderResponse(apiResponse) {
+    const order = apiResponse.order;
     const cleanOrder = {
       order: {
-        id: apiResponse.order.id,
-        createdAt: apiResponse.order.createdAt,
-        makerAmount: apiResponse.order.makerAmount,
-        takerAmount: apiResponse.order.takerAmount,
-        expiration: apiResponse.order.expiration,
-        signatureType: apiResponse.order.signatureType,
-        salt: apiResponse.order.salt,
-        maker: apiResponse.order.maker,
-        signer: apiResponse.order.signer,
-        taker: apiResponse.order.taker,
-        tokenId: apiResponse.order.tokenId,
-        side: apiResponse.order.side,
-        feeRateBps: apiResponse.order.feeRateBps,
-        nonce: apiResponse.order.nonce,
-        signature: apiResponse.order.signature,
-        orderType: apiResponse.order.orderType,
-        price: apiResponse.order.price,
-        marketId: apiResponse.order.marketId
+        id: order.id,
+        createdAt: order.createdAt,
+        makerAmount: toFiniteNumber(order.makerAmount) ?? order.makerAmount,
+        takerAmount: toFiniteNumber(order.takerAmount) ?? order.takerAmount,
+        expiration: order.expiration,
+        signatureType: order.signatureType,
+        salt: toFiniteInteger(order.salt) ?? order.salt,
+        maker: order.maker,
+        signer: order.signer,
+        taker: order.taker,
+        tokenId: order.tokenId,
+        side: order.side,
+        feeRateBps: order.feeRateBps,
+        nonce: order.nonce,
+        signature: order.signature,
+        orderType: order.orderType,
+        price: order.price === void 0 || order.price === null ? order.price : toFiniteNumber(order.price) ?? order.price,
+        marketId: order.marketId
       }
     };
     if (apiResponse.makerMatches && apiResponse.makerMatches.length > 0) {
@@ -1880,6 +2337,174 @@ var OrderClient = class {
   }
 };
 
+// src/market-pages/fetcher.ts
+var MAX_REDIRECT_DEPTH = 3;
+var MarketPageFetcher = class {
+  /**
+   * Creates a new market-pages fetcher.
+   *
+   * @param httpClient - HTTP client for API calls
+   * @param logger - Optional logger
+   */
+  constructor(httpClient, logger) {
+    this.httpClient = httpClient;
+    this.logger = logger || new NoOpLogger();
+  }
+  /**
+   * Gets the navigation tree.
+   */
+  async getNavigation() {
+    this.logger.debug("Fetching navigation tree");
+    return this.httpClient.get("/navigation");
+  }
+  /**
+   * Resolves a market page by path.
+   *
+   * @remarks
+   * Handles 301 redirects manually by re-requesting `/market-pages/by-path` with the
+   * redirected path value from `Location` header.
+   */
+  async getMarketPageByPath(path) {
+    return this.getMarketPageByPathInternal(path, 0);
+  }
+  async getMarketPageByPathInternal(path, depth) {
+    const query = new URLSearchParams({ path }).toString();
+    const endpoint = `/market-pages/by-path?${query}`;
+    const requestConfig = {
+      maxRedirects: 0,
+      validateStatus: (status) => status === 200 || status === 301
+    };
+    this.logger.debug("Resolving market page by path", { path, depth });
+    const response = await this.httpClient.getRaw(endpoint, requestConfig);
+    if (response.status === 200) {
+      return response.data;
+    }
+    if (response.status !== 301) {
+      throw new Error(`Unexpected response status: ${response.status}`);
+    }
+    if (depth >= MAX_REDIRECT_DEPTH) {
+      throw new Error(
+        `Too many redirects while resolving market page path '${path}' (max ${MAX_REDIRECT_DEPTH})`
+      );
+    }
+    const locationHeader = response.headers?.location;
+    const location = Array.isArray(locationHeader) ? locationHeader[0] : locationHeader;
+    if (!location || typeof location !== "string") {
+      throw new Error("Redirect response missing valid Location header");
+    }
+    const redirectedPath = this.extractRedirectPath(location);
+    this.logger.info("Following market page redirect", {
+      from: path,
+      to: redirectedPath,
+      depth: depth + 1
+    });
+    return this.getMarketPageByPathInternal(redirectedPath, depth + 1);
+  }
+  extractRedirectPath(location) {
+    const directByPathPrefix = "/market-pages/by-path";
+    if (location.startsWith(directByPathPrefix)) {
+      const url = new URL(location, "https://api.limitless.exchange");
+      const path = url.searchParams.get("path");
+      if (!path) {
+        throw new Error("Redirect location '/market-pages/by-path' is missing required 'path' query parameter");
+      }
+      return path;
+    }
+    if (/^https?:\/\//i.test(location)) {
+      const url = new URL(location);
+      if (url.pathname === directByPathPrefix) {
+        const path = url.searchParams.get("path");
+        if (!path) {
+          throw new Error("Redirect location '/market-pages/by-path' is missing required 'path' query parameter");
+        }
+        return path;
+      }
+      return url.pathname || "/";
+    }
+    return location;
+  }
+  /**
+   * Gets markets for a market page with optional filtering and pagination.
+   */
+  async getMarkets(pageId, params = {}) {
+    if (params.cursor !== void 0 && params.page !== void 0) {
+      throw new Error("Parameters `cursor` and `page` are mutually exclusive");
+    }
+    const query = new URLSearchParams();
+    if (params.page !== void 0) {
+      query.append("page", String(params.page));
+    }
+    if (params.limit !== void 0) {
+      query.append("limit", String(params.limit));
+    }
+    if (params.sort) {
+      query.append("sort", params.sort);
+    }
+    if (params.cursor !== void 0) {
+      query.append("cursor", params.cursor);
+    }
+    if (params.filters) {
+      for (const [key, value] of Object.entries(params.filters)) {
+        if (Array.isArray(value)) {
+          for (const item of value) {
+            query.append(key, this.stringifyFilterValue(item));
+          }
+        } else {
+          query.append(key, this.stringifyFilterValue(value));
+        }
+      }
+    }
+    const queryString = query.toString();
+    const endpoint = `/market-pages/${pageId}/markets${queryString ? `?${queryString}` : ""}`;
+    this.logger.debug("Fetching market-page markets", { pageId, params });
+    const response = await this.httpClient.get(endpoint);
+    const markets = (response.data || []).map((marketData) => new Market(marketData, this.httpClient));
+    if (response.pagination) {
+      return {
+        data: markets,
+        pagination: response.pagination
+      };
+    }
+    if (response.cursor) {
+      return {
+        data: markets,
+        cursor: response.cursor
+      };
+    }
+    throw new Error("Invalid market-page response: expected `pagination` or `cursor` metadata");
+  }
+  /**
+   * Lists all property keys with options.
+   */
+  async getPropertyKeys() {
+    return this.httpClient.get("/property-keys");
+  }
+  /**
+   * Gets a single property key by ID.
+   */
+  async getPropertyKey(id) {
+    return this.httpClient.get(`/property-keys/${id}`);
+  }
+  /**
+   * Lists options for a property key, optionally filtered by parent option ID.
+   */
+  async getPropertyOptions(keyId, parentId) {
+    const query = new URLSearchParams();
+    if (parentId) {
+      query.append("parentId", parentId);
+    }
+    const queryString = query.toString();
+    const endpoint = `/property-keys/${keyId}/options${queryString ? `?${queryString}` : ""}`;
+    return this.httpClient.get(endpoint);
+  }
+  stringifyFilterValue(value) {
+    if (typeof value === "boolean") {
+      return value ? "true" : "false";
+    }
+    return String(value);
+  }
+};
+
 // src/websocket/client.ts
 var import_socket = require("socket.io-client");
 var WebSocketClient = class {
@@ -1898,6 +2523,7 @@ var WebSocketClient = class {
     this.config = {
       url: config.url || DEFAULT_WS_URL,
       apiKey: config.apiKey || process.env.LIMITLESS_API_KEY || "",
+      hmacCredentials: config.hmacCredentials,
       autoReconnect: config.autoReconnect ?? true,
       reconnectDelay: config.reconnectDelay || 1e3,
       maxReconnectAttempts: config.maxReconnectAttempts || Infinity,
@@ -1937,6 +2563,32 @@ var WebSocketClient = class {
       this.reconnectWithNewAuth();
     }
   }
+  /**
+   * Sets HMAC credentials for authenticated subscriptions.
+   *
+   * @remarks
+   * When configured alongside `apiKey`, this client uses HMAC headers for authenticated subscriptions.
+   */
+  setHMACCredentials(hmacCredentials) {
+    this.config.hmacCredentials = {
+      tokenId: hmacCredentials.tokenId,
+      secret: hmacCredentials.secret
+    };
+    if (this.socket?.connected) {
+      this.logger.info("HMAC credentials updated, reconnecting...");
+      this.reconnectWithNewAuth();
+    }
+  }
+  /**
+   * Clears HMAC credentials.
+   */
+  clearHMACCredentials() {
+    this.config.hmacCredentials = void 0;
+    if (this.socket?.connected) {
+      this.logger.info("HMAC credentials cleared, reconnecting...");
+      this.reconnectWithNewAuth();
+    }
+  }
   /**
    * Reconnects with new authentication credentials.
    * @internal
@@ -1982,10 +2634,29 @@ var WebSocketClient = class {
         // Add jitter to prevent thundering herd
         timeout: this.config.timeout
       };
-      if (this.config.apiKey) {
+      const extraHeaders = buildWebSocketTrackingHeaders();
+      if (this.config.hmacCredentials) {
+        const timestamp = (/* @__PURE__ */ new Date()).toISOString();
+        const signature = computeHMACSignature(
+          this.config.hmacCredentials.secret,
+          timestamp,
+          "GET",
+          "/socket.io/?EIO=4&transport=websocket",
+          ""
+        );
+        socketOptions.extraHeaders = {
+          ...extraHeaders,
+          "lmts-api-key": this.config.hmacCredentials.tokenId,
+          "lmts-timestamp": timestamp,
+          "lmts-signature": signature
+        };
+      } else if (this.config.apiKey) {
         socketOptions.extraHeaders = {
+          ...extraHeaders,
           "X-API-Key": this.config.apiKey
         };
+      } else if (Object.keys(extraHeaders).length > 0) {
+        socketOptions.extraHeaders = extraHeaders;
       }
       this.socket = (0, import_socket.io)(wsUrl + "/markets", socketOptions);
       this.attachPendingListeners();
@@ -2054,9 +2725,9 @@ var WebSocketClient = class {
       "subscribe_positions",
       "subscribe_transactions"
     ];
-    if (authenticatedChannels.includes(channel) && !this.config.apiKey) {
+    if (authenticatedChannels.includes(channel) && !this.config.apiKey && !this.config.hmacCredentials) {
       throw new Error(
-        `API key is required for '${channel}' subscription. Please provide an API key in the constructor or set LIMITLESS_API_KEY environment variable. You can generate an API key at https://limitless.exchange`
+        `Authentication is required for '${channel}' subscription. Please provide either apiKey or hmacCredentials when creating the WebSocket client.`
       );
     }
     const subscriptionKey = this.getSubscriptionKey(channel, options);
@@ -2250,38 +2921,106 @@ var WebSocketClient = class {
     return key.split(":")[0];
   }
 };
+
+// src/client.ts
+var import_ethers3 = require("ethers");
+var Client = class _Client {
+  constructor(config = {}) {
+    this.http = new HttpClient(config);
+    const logger = this.http.getLogger?.() || new NoOpLogger();
+    this.markets = new MarketFetcher(this.http, logger);
+    this.portfolio = new PortfolioFetcher(this.http, logger);
+    this.pages = new MarketPageFetcher(this.http, logger);
+    this.apiTokens = new ApiTokenService(this.http, logger);
+    this.partnerAccounts = new PartnerAccountService(this.http, logger);
+    this.delegatedOrders = new DelegatedOrderService(this.http, logger);
+  }
+  /**
+   * Creates a root client around an existing shared HTTP client.
+   */
+  static fromHttpClient(httpClient) {
+    const client = Object.create(_Client.prototype);
+    const logger = httpClient.getLogger?.() || new NoOpLogger();
+    client.http = httpClient;
+    client.markets = new MarketFetcher(httpClient, logger);
+    client.portfolio = new PortfolioFetcher(httpClient, logger);
+    client.pages = new MarketPageFetcher(httpClient, logger);
+    client.apiTokens = new ApiTokenService(httpClient, logger);
+    client.partnerAccounts = new PartnerAccountService(httpClient, logger);
+    client.delegatedOrders = new DelegatedOrderService(httpClient, logger);
+    return client;
+  }
+  /**
+   * Creates a regular EIP-712 order client reusing the shared transport and market cache.
+   */
+  newOrderClient(walletOrPrivateKey, config = {}) {
+    const wallet = typeof walletOrPrivateKey === "string" ? new import_ethers3.ethers.Wallet(walletOrPrivateKey) : walletOrPrivateKey;
+    return new OrderClient({
+      httpClient: this.http,
+      wallet,
+      marketFetcher: this.markets,
+      logger: this.http.getLogger(),
+      ...config
+    });
+  }
+  /**
+   * Creates a WebSocket client reusing shared auth where possible.
+   */
+  newWebSocketClient(config = {}) {
+    return new WebSocketClient(
+      {
+        apiKey: config.apiKey || this.http.getApiKey(),
+        hmacCredentials: config.hmacCredentials || this.http.getHMACCredentials(),
+        ...config
+      },
+      this.http.getLogger()
+    );
+  }
+};
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   APIError,
+  ApiTokenService,
   AuthenticationError,
   BASE_SEPOLIA_CHAIN_ID,
   CONTRACT_ADDRESSES,
+  Client,
   ConsoleLogger,
   DEFAULT_API_URL,
   DEFAULT_CHAIN_ID,
   DEFAULT_WS_URL,
+  DelegatedOrderService,
   HttpClient,
   Market,
   MarketFetcher,
+  MarketPageFetcher,
   NoOpLogger,
   OrderBuilder,
   OrderClient,
   OrderSigner,
   OrderType,
   OrderValidationError,
+  PartnerAccountService,
   PortfolioFetcher,
   RateLimitError,
   RetryConfig,
   RetryableClient,
   SIGNING_MESSAGE_TEMPLATE,
+  ScopeAccountCreation,
+  ScopeDelegatedSigning,
+  ScopeTrading,
   Side,
   SignatureType,
   ValidationError,
   WebSocketClient,
   WebSocketState,
   ZERO_ADDRESS,
+  buildHMACMessage,
+  computeHMACSignature,
   getContractAddress,
   retryOnErrors,
+  toFiniteInteger,
+  toFiniteNumber,
   validateOrderArgs,
   validateSignedOrder,
   validateUnsignedOrder,