npm - @limitless-exchange/sdk - Versions diffs - 1.0.3 → 1.0.4 - Mend

@limitless-exchange/sdk 1.0.3 → 1.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/index.js CHANGED Viewed

@@ -31,13 +31,16 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 var index_exports = {};
 __export(index_exports, {
   APIError: () => APIError,
+  ApiTokenService: () => ApiTokenService,
   AuthenticationError: () => AuthenticationError,
   BASE_SEPOLIA_CHAIN_ID: () => BASE_SEPOLIA_CHAIN_ID,
   CONTRACT_ADDRESSES: () => CONTRACT_ADDRESSES,
+  Client: () => Client,
   ConsoleLogger: () => ConsoleLogger,
   DEFAULT_API_URL: () => DEFAULT_API_URL,
   DEFAULT_CHAIN_ID: () => DEFAULT_CHAIN_ID,
   DEFAULT_WS_URL: () => DEFAULT_WS_URL,
+  DelegatedOrderService: () => DelegatedOrderService,
   HttpClient: () => HttpClient,
   Market: () => Market,
   MarketFetcher: () => MarketFetcher,
@@ -48,19 +51,27 @@ __export(index_exports, {
   OrderSigner: () => OrderSigner,
   OrderType: () => OrderType,
   OrderValidationError: () => OrderValidationError,
+  PartnerAccountService: () => PartnerAccountService,
   PortfolioFetcher: () => PortfolioFetcher,
   RateLimitError: () => RateLimitError,
   RetryConfig: () => RetryConfig,
   RetryableClient: () => RetryableClient,
   SIGNING_MESSAGE_TEMPLATE: () => SIGNING_MESSAGE_TEMPLATE,
+  ScopeAccountCreation: () => ScopeAccountCreation,
+  ScopeDelegatedSigning: () => ScopeDelegatedSigning,
+  ScopeTrading: () => ScopeTrading,
   Side: () => Side,
   SignatureType: () => SignatureType,
   ValidationError: () => ValidationError,
   WebSocketClient: () => WebSocketClient,
   WebSocketState: () => WebSocketState,
   ZERO_ADDRESS: () => ZERO_ADDRESS,
+  buildHMACMessage: () => buildHMACMessage,
+  computeHMACSignature: () => computeHMACSignature,
   getContractAddress: () => getContractAddress,
   retryOnErrors: () => retryOnErrors,
+  toFiniteInteger: () => toFiniteInteger,
+  toFiniteNumber: () => toFiniteNumber,
   validateOrderArgs: () => validateOrderArgs,
   validateSignedOrder: () => validateSignedOrder,
   validateUnsignedOrder: () => validateUnsignedOrder,
@@ -68,6 +79,11 @@ __export(index_exports, {
 });
 module.exports = __toCommonJS(index_exports);
+// src/types/api-tokens.ts
+var ScopeTrading = "trading";
+var ScopeAccountCreation = "account_creation";
+var ScopeDelegatedSigning = "delegated_signing";
 // src/types/logger.ts
 var NoOpLogger = class {
   debug() {
@@ -225,6 +241,40 @@ function getContractAddress(contractType, chainId = DEFAULT_CHAIN_ID) {
   return address;
 }
+// src/utils/sdk-tracking.ts
+var SDK_ID = "lmts-sdk-ts";
+function isNodeRuntime() {
+  return typeof process !== "undefined" && !!process.versions?.node;
+}
+function resolveSdkVersion() {
+  if ("1.0.4") {
+    return "1.0.4";
+  }
+  return "0.0.0";
+}
+function resolveRuntimeToken() {
+  if (isNodeRuntime()) {
+    return `node/${process.versions.node}`;
+  }
+  return "runtime/unknown";
+}
+function buildSdkTrackingHeaders() {
+  const sdkVersion = resolveSdkVersion();
+  const headers = {
+    "x-sdk-version": `${SDK_ID}/${sdkVersion}`
+  };
+  if (isNodeRuntime()) {
+    headers["user-agent"] = `${SDK_ID}/${sdkVersion} (${resolveRuntimeToken()})`;
+  }
+  return headers;
+}
+function buildWebSocketTrackingHeaders() {
+  if (!isNodeRuntime()) {
+    return {};
+  }
+  return buildSdkTrackingHeaders();
+}
 // src/api/errors.ts
 var APIError = class _APIError extends Error {
   /**
@@ -297,6 +347,19 @@ var ValidationError = class _ValidationError extends APIError {
   }
 };
+// src/api/hmac.ts
+var import_crypto = require("crypto");
+function buildHMACMessage(timestamp, method, path, body) {
+  return `${timestamp}
+${method.toUpperCase()}
+${path}
+${body}`;
+}
+function computeHMACSignature(secret, timestamp, method, path, body) {
+  const key = Buffer.from(secret, "base64");
+  return (0, import_crypto.createHmac)("sha256", key).update(buildHMACMessage(timestamp, method, path, body)).digest("base64");
+}
 // src/api/http.ts
 var HttpClient = class {
   /**
@@ -306,10 +369,14 @@ var HttpClient = class {
    */
   constructor(config = {}) {
     this.apiKey = config.apiKey || process.env.LIMITLESS_API_KEY;
+    this.hmacCredentials = config.hmacCredentials ? {
+      tokenId: config.hmacCredentials.tokenId,
+      secret: config.hmacCredentials.secret
+    } : void 0;
     this.logger = config.logger || new NoOpLogger();
-    if (!this.apiKey) {
+    if (!this.apiKey && !this.hmacCredentials) {
       this.logger.warn(
-        "API key not set. Authenticated endpoints will fail. Set LIMITLESS_API_KEY environment variable or pass apiKey parameter."
+        "Authentication not set. Authenticated endpoints will fail. Set LIMITLESS_API_KEY environment variable, pass apiKey, or configure hmacCredentials."
       );
     }
     const keepAlive = config.keepAlive !== false;
@@ -336,6 +403,7 @@ var HttpClient = class {
       headers: {
         "Content-Type": "application/json",
         Accept: "application/json",
+        ...buildSdkTrackingHeaders(),
         ...config.additionalHeaders
       }
     });
@@ -353,21 +421,42 @@ var HttpClient = class {
    */
   setupInterceptors() {
     this.client.interceptors.request.use(
-      (config) => {
-        if (this.apiKey) {
-          config.headers["X-API-Key"] = this.apiKey;
+      (rawConfig) => {
+        const config = rawConfig;
+        const headers = config.headers || (config.headers = {});
+        const identityToken = config.identityToken;
+        delete headers["X-API-Key"];
+        delete headers["lmts-api-key"];
+        delete headers["lmts-timestamp"];
+        delete headers["lmts-signature"];
+        delete headers.identity;
+        if (identityToken) {
+          headers.identity = `Bearer ${identityToken}`;
+        } else if (this.hmacCredentials) {
+          const requestPath = this.getRequestPath(config);
+          const requestBody = this.getRequestBodyForSignature(config.data);
+          const timestamp = (/* @__PURE__ */ new Date()).toISOString();
+          const signature = computeHMACSignature(
+            this.hmacCredentials.secret,
+            timestamp,
+            config.method || "GET",
+            requestPath,
+            requestBody
+          );
+          headers["lmts-api-key"] = this.hmacCredentials.tokenId;
+          headers["lmts-timestamp"] = timestamp;
+          headers["lmts-signature"] = signature;
+        } else if (this.apiKey) {
+          headers["X-API-Key"] = this.apiKey;
         }
         const fullUrl = `${config.baseURL || ""}${config.url || ""}`;
         const method = config.method?.toUpperCase() || "GET";
-        const logHeaders = { ...config.headers };
-        if (logHeaders["X-API-Key"]) {
-          logHeaders["X-API-Key"] = "***";
-        }
+        const logHeaders = this.maskSensitiveHeaders(headers);
         this.logger.debug(`\u2192 ${method} ${fullUrl}`, {
           headers: logHeaders,
           body: config.data
         });
-        return config;
+        return rawConfig;
       },
       (error) => Promise.reject(error)
     );
@@ -466,12 +555,86 @@ var HttpClient = class {
   setApiKey(apiKey) {
     this.apiKey = apiKey;
   }
+  /**
+   * Returns the configured API key, if any.
+   */
+  getApiKey() {
+    return this.apiKey;
+  }
   /**
    * Clears the API key.
    */
   clearApiKey() {
     this.apiKey = void 0;
   }
+  /**
+   * Sets HMAC credentials for scoped API-token authentication.
+   */
+  setHMACCredentials(credentials) {
+    this.hmacCredentials = {
+      tokenId: credentials.tokenId,
+      secret: credentials.secret
+    };
+  }
+  /**
+   * Clears HMAC credentials.
+   */
+  clearHMACCredentials() {
+    this.hmacCredentials = void 0;
+  }
+  /**
+   * Returns a copy of the configured HMAC credentials, if any.
+   */
+  getHMACCredentials() {
+    if (!this.hmacCredentials) {
+      return void 0;
+    }
+    return {
+      tokenId: this.hmacCredentials.tokenId,
+      secret: this.hmacCredentials.secret
+    };
+  }
+  /**
+   * Returns the logger attached to this HTTP client.
+   */
+  getLogger() {
+    return this.logger;
+  }
+  /**
+   * Returns true when cookie/header-based auth is configured on the underlying client.
+   * This is primarily used for custom authenticated flows that don't use API keys or HMAC.
+   */
+  hasConfiguredHeaderAuth() {
+    const defaultHeaders = this.client.defaults.headers;
+    const candidates = [defaultHeaders?.common, defaultHeaders];
+    for (const headers of candidates) {
+      if (!headers) {
+        continue;
+      }
+      const authValues = [
+        headers.Cookie,
+        headers.cookie,
+        headers.Authorization,
+        headers.authorization,
+        headers.identity
+      ];
+      if (authValues.some((value) => typeof value === "string" && value.trim() !== "")) {
+        return true;
+      }
+    }
+    return false;
+  }
+  /**
+   * Ensures the client has some authenticated transport configured.
+   */
+  requireAuth(operation) {
+    if (this.apiKey || this.hmacCredentials || this.hasConfiguredHeaderAuth()) {
+      return;
+    }
+    throw new Error(
+      `Authentication is required for ${operation}; pass apiKey, hmacCredentials, cookie/auth headers, or set LIMITLESS_API_KEY.`
+    );
+  }
   /**
    * Performs a GET request.
    *
@@ -483,6 +646,16 @@ var HttpClient = class {
     const response = await this.client.get(url, config);
     return response.data;
   }
+  /**
+   * Performs a GET request with identity-token authentication.
+   */
+  async getWithIdentity(url, identityToken, config) {
+    const response = await this.client.get(url, {
+      ...config,
+      identityToken
+    });
+    return response.data;
+  }
   /**
    * Performs a GET request and returns raw response metadata.
    *
@@ -517,6 +690,36 @@ var HttpClient = class {
     const response = await this.client.post(url, data, config);
     return response.data;
   }
+  /**
+   * Performs a POST request with identity-token authentication.
+   */
+  async postWithIdentity(url, identityToken, data, config) {
+    const response = await this.client.post(url, data, {
+      ...config,
+      identityToken
+    });
+    return response.data;
+  }
+  /**
+   * Performs a POST request with additional per-request headers.
+   */
+  async postWithHeaders(url, data, headers, config) {
+    const response = await this.client.post(url, data, {
+      ...config,
+      headers: {
+        ...config?.headers || {},
+        ...headers || {}
+      }
+    });
+    return response.data;
+  }
+  /**
+   * Performs a PATCH request.
+   */
+  async patch(url, data, config) {
+    const response = await this.client.patch(url, data, config);
+    return response.data;
+  }
   /**
    * Performs a DELETE request.
    *
@@ -539,6 +742,28 @@ var HttpClient = class {
     const response = await this.client.delete(url, deleteConfig);
     return response.data;
   }
+  getRequestPath(config) {
+    const resolved = new URL(config.url || "", config.baseURL || this.client.defaults.baseURL || DEFAULT_API_URL);
+    return `${resolved.pathname}${resolved.search}`;
+  }
+  getRequestBodyForSignature(data) {
+    if (data === void 0 || data === null || data === "") {
+      return "";
+    }
+    if (typeof data === "string") {
+      return data;
+    }
+    return JSON.stringify(data);
+  }
+  maskSensitiveHeaders(headers) {
+    const masked = { ...headers };
+    for (const key of ["X-API-Key", "lmts-api-key", "lmts-timestamp", "lmts-signature", "identity"]) {
+      if (masked[key] !== void 0) {
+        masked[key] = key === "identity" ? "Bearer ***" : "***";
+      }
+    }
+    return masked;
+  }
 };
 // src/api/retry.ts
@@ -722,6 +947,75 @@ var RetryableClient = class {
   }
 };
+// src/api-tokens/service.ts
+var ApiTokenService = class {
+  constructor(httpClient, logger) {
+    this.httpClient = httpClient;
+    this.logger = logger || new NoOpLogger();
+  }
+  async deriveToken(identityToken, input) {
+    if (!identityToken) {
+      throw new Error("Identity token is required for deriveToken");
+    }
+    this.logger.debug("Deriving API token", { scopes: input.scopes, label: input.label });
+    return this.httpClient.postWithIdentity("/auth/api-tokens/derive", identityToken, input);
+  }
+  async listTokens() {
+    this.httpClient.requireAuth("listTokens");
+    return this.httpClient.get("/auth/api-tokens");
+  }
+  async getCapabilities(identityToken) {
+    if (!identityToken) {
+      throw new Error("Identity token is required for getCapabilities");
+    }
+    return this.httpClient.getWithIdentity("/auth/api-tokens/capabilities", identityToken);
+  }
+  async revokeToken(tokenId) {
+    this.httpClient.requireAuth("revokeToken");
+    const response = await this.httpClient.delete(`/auth/api-tokens/${encodeURIComponent(tokenId)}`);
+    return response.message;
+  }
+};
+// src/partner-accounts/service.ts
+var _PartnerAccountService = class _PartnerAccountService {
+  constructor(httpClient, logger) {
+    this.httpClient = httpClient;
+    this.logger = logger || new NoOpLogger();
+  }
+  async createAccount(input, eoaHeaders) {
+    this.httpClient.requireAuth("createPartnerAccount");
+    const serverWalletMode = input.createServerWallet === true;
+    if (!serverWalletMode && !eoaHeaders) {
+      throw new Error("EOA headers are required when createServerWallet is not true");
+    }
+    if (input.displayName && input.displayName.length > _PartnerAccountService.DISPLAY_NAME_MAX_LENGTH) {
+      throw new Error(
+        `displayName must be at most ${_PartnerAccountService.DISPLAY_NAME_MAX_LENGTH} characters`
+      );
+    }
+    this.logger.debug("Creating partner account", {
+      displayName: input.displayName,
+      createServerWallet: input.createServerWallet
+    });
+    const payload = {
+      displayName: input.displayName,
+      createServerWallet: input.createServerWallet
+    };
+    return this.httpClient.postWithHeaders(
+      "/profiles/partner-accounts",
+      payload,
+      eoaHeaders ? {
+        "x-account": eoaHeaders.account,
+        "x-signing-message": eoaHeaders.signingMessage,
+        "x-signature": eoaHeaders.signature
+      } : void 0
+    );
+  }
+};
+_PartnerAccountService.DISPLAY_NAME_MAX_LENGTH = 44;
+var PartnerAccountService = _PartnerAccountService;
 // src/orders/builder.ts
 var import_ethers = require("ethers");
 var ZERO_ADDRESS2 = "0x0000000000000000000000000000000000000000";
@@ -1010,6 +1304,104 @@ var OrderBuilder = class {
   }
 };
+// src/delegated-orders/service.ts
+var DEFAULT_DELEGATED_FEE_RATE_BPS = 300;
+var DelegatedOrderService = class {
+  constructor(httpClient, logger) {
+    this.httpClient = httpClient;
+    this.logger = logger || new NoOpLogger();
+  }
+  async createOrder(params) {
+    this.httpClient.requireAuth("createDelegatedOrder");
+    if (!Number.isInteger(params.onBehalfOf) || params.onBehalfOf <= 0) {
+      throw new Error("onBehalfOf must be a positive integer");
+    }
+    const feeRateBps = params.feeRateBps && params.feeRateBps > 0 ? params.feeRateBps : DEFAULT_DELEGATED_FEE_RATE_BPS;
+    const builder = new OrderBuilder(ZERO_ADDRESS, feeRateBps);
+    const unsignedOrder = builder.buildOrder(params.args);
+    const payload = {
+      order: {
+        salt: unsignedOrder.salt,
+        maker: unsignedOrder.maker,
+        signer: unsignedOrder.signer,
+        taker: unsignedOrder.taker,
+        tokenId: unsignedOrder.tokenId,
+        makerAmount: unsignedOrder.makerAmount,
+        takerAmount: unsignedOrder.takerAmount,
+        expiration: unsignedOrder.expiration,
+        nonce: unsignedOrder.nonce,
+        feeRateBps: unsignedOrder.feeRateBps,
+        side: unsignedOrder.side,
+        signatureType: 0 /* EOA */,
+        ...unsignedOrder.price !== void 0 ? { price: unsignedOrder.price } : {}
+      },
+      orderType: params.orderType,
+      marketSlug: params.marketSlug,
+      ownerId: params.onBehalfOf,
+      onBehalfOf: params.onBehalfOf
+    };
+    this.logger.debug("Creating delegated order", {
+      marketSlug: params.marketSlug,
+      onBehalfOf: params.onBehalfOf,
+      feeRateBps
+    });
+    return this.httpClient.post("/orders", payload);
+  }
+  async cancel(orderId) {
+    this.httpClient.requireAuth("cancelDelegatedOrder");
+    const response = await this.httpClient.delete(`/orders/${encodeURIComponent(orderId)}`);
+    return response.message;
+  }
+  async cancelOnBehalfOf(orderId, onBehalfOf) {
+    this.httpClient.requireAuth("cancelDelegatedOrder");
+    if (!Number.isInteger(onBehalfOf) || onBehalfOf <= 0) {
+      throw new Error("onBehalfOf must be a positive integer");
+    }
+    const response = await this.httpClient.delete(
+      `/orders/${encodeURIComponent(orderId)}?onBehalfOf=${onBehalfOf}`
+    );
+    return response.message;
+  }
+  async cancelAll(marketSlug) {
+    this.httpClient.requireAuth("cancelAllDelegatedOrders");
+    const response = await this.httpClient.delete(`/orders/all/${encodeURIComponent(marketSlug)}`);
+    return response.message;
+  }
+  async cancelAllOnBehalfOf(marketSlug, onBehalfOf) {
+    this.httpClient.requireAuth("cancelAllDelegatedOrders");
+    if (!Number.isInteger(onBehalfOf) || onBehalfOf <= 0) {
+      throw new Error("onBehalfOf must be a positive integer");
+    }
+    const response = await this.httpClient.delete(
+      `/orders/all/${encodeURIComponent(marketSlug)}?onBehalfOf=${onBehalfOf}`
+    );
+    return response.message;
+  }
+};
+// src/utils/number-flex.ts
+function toFiniteNumber(value) {
+  if (typeof value === "number") {
+    return Number.isFinite(value) ? value : void 0;
+  }
+  if (typeof value === "string") {
+    const trimmed = value.trim();
+    if (trimmed.length === 0) {
+      return void 0;
+    }
+    const parsed = Number(trimmed);
+    return Number.isFinite(parsed) ? parsed : void 0;
+  }
+  return void 0;
+}
+function toFiniteInteger(value) {
+  const parsed = toFiniteNumber(value);
+  if (parsed === void 0) {
+    return void 0;
+  }
+  return Number.isSafeInteger(parsed) ? parsed : void 0;
+}
 // src/orders/signer.ts
 var OrderSigner = class {
   /**
@@ -1673,9 +2065,14 @@ var OrderClient = class {
       });
       const portfolioFetcher = new PortfolioFetcher(this.httpClient);
       const profile = await portfolioFetcher.getProfile(this.wallet.address);
+      const userId = toFiniteInteger(profile.id);
+      const feeRateBps = toFiniteInteger(profile.rank?.feeRateBps) ?? 300;
+      if (userId === void 0) {
+        throw new Error(`Invalid user profile id: ${profile.id}`);
+      }
       this.cachedUserData = {
-        userId: profile.id,
-        feeRateBps: profile.rank?.feeRateBps || 300
+        userId,
+        feeRateBps
       };
       this.orderBuilder = new OrderBuilder(
         this.wallet.address,
@@ -1787,26 +2184,27 @@ var OrderClient = class {
    * @internal
    */
   transformOrderResponse(apiResponse) {
+    const order = apiResponse.order;
     const cleanOrder = {
       order: {
-        id: apiResponse.order.id,
-        createdAt: apiResponse.order.createdAt,
-        makerAmount: apiResponse.order.makerAmount,
-        takerAmount: apiResponse.order.takerAmount,
-        expiration: apiResponse.order.expiration,
-        signatureType: apiResponse.order.signatureType,
-        salt: apiResponse.order.salt,
-        maker: apiResponse.order.maker,
-        signer: apiResponse.order.signer,
-        taker: apiResponse.order.taker,
-        tokenId: apiResponse.order.tokenId,
-        side: apiResponse.order.side,
-        feeRateBps: apiResponse.order.feeRateBps,
-        nonce: apiResponse.order.nonce,
-        signature: apiResponse.order.signature,
-        orderType: apiResponse.order.orderType,
-        price: apiResponse.order.price,
-        marketId: apiResponse.order.marketId
+        id: order.id,
+        createdAt: order.createdAt,
+        makerAmount: toFiniteNumber(order.makerAmount) ?? order.makerAmount,
+        takerAmount: toFiniteNumber(order.takerAmount) ?? order.takerAmount,
+        expiration: order.expiration,
+        signatureType: order.signatureType,
+        salt: toFiniteInteger(order.salt) ?? order.salt,
+        maker: order.maker,
+        signer: order.signer,
+        taker: order.taker,
+        tokenId: order.tokenId,
+        side: order.side,
+        feeRateBps: order.feeRateBps,
+        nonce: order.nonce,
+        signature: order.signature,
+        orderType: order.orderType,
+        price: order.price === void 0 || order.price === null ? order.price : toFiniteNumber(order.price) ?? order.price,
+        marketId: order.marketId
       }
     };
     if (apiResponse.makerMatches && apiResponse.makerMatches.length > 0) {
@@ -2125,6 +2523,7 @@ var WebSocketClient = class {
     this.config = {
       url: config.url || DEFAULT_WS_URL,
       apiKey: config.apiKey || process.env.LIMITLESS_API_KEY || "",
+      hmacCredentials: config.hmacCredentials,
       autoReconnect: config.autoReconnect ?? true,
       reconnectDelay: config.reconnectDelay || 1e3,
       maxReconnectAttempts: config.maxReconnectAttempts || Infinity,
@@ -2164,6 +2563,32 @@ var WebSocketClient = class {
       this.reconnectWithNewAuth();
     }
   }
+  /**
+   * Sets HMAC credentials for authenticated subscriptions.
+   *
+   * @remarks
+   * When configured alongside `apiKey`, this client uses HMAC headers for authenticated subscriptions.
+   */
+  setHMACCredentials(hmacCredentials) {
+    this.config.hmacCredentials = {
+      tokenId: hmacCredentials.tokenId,
+      secret: hmacCredentials.secret
+    };
+    if (this.socket?.connected) {
+      this.logger.info("HMAC credentials updated, reconnecting...");
+      this.reconnectWithNewAuth();
+    }
+  }
+  /**
+   * Clears HMAC credentials.
+   */
+  clearHMACCredentials() {
+    this.config.hmacCredentials = void 0;
+    if (this.socket?.connected) {
+      this.logger.info("HMAC credentials cleared, reconnecting...");
+      this.reconnectWithNewAuth();
+    }
+  }
   /**
    * Reconnects with new authentication credentials.
    * @internal
@@ -2209,10 +2634,29 @@ var WebSocketClient = class {
         // Add jitter to prevent thundering herd
         timeout: this.config.timeout
       };
-      if (this.config.apiKey) {
+      const extraHeaders = buildWebSocketTrackingHeaders();
+      if (this.config.hmacCredentials) {
+        const timestamp = (/* @__PURE__ */ new Date()).toISOString();
+        const signature = computeHMACSignature(
+          this.config.hmacCredentials.secret,
+          timestamp,
+          "GET",
+          "/socket.io/?EIO=4&transport=websocket",
+          ""
+        );
         socketOptions.extraHeaders = {
+          ...extraHeaders,
+          "lmts-api-key": this.config.hmacCredentials.tokenId,
+          "lmts-timestamp": timestamp,
+          "lmts-signature": signature
+        };
+      } else if (this.config.apiKey) {
+        socketOptions.extraHeaders = {
+          ...extraHeaders,
           "X-API-Key": this.config.apiKey
         };
+      } else if (Object.keys(extraHeaders).length > 0) {
+        socketOptions.extraHeaders = extraHeaders;
       }
       this.socket = (0, import_socket.io)(wsUrl + "/markets", socketOptions);
       this.attachPendingListeners();
@@ -2281,9 +2725,9 @@ var WebSocketClient = class {
       "subscribe_positions",
       "subscribe_transactions"
     ];
-    if (authenticatedChannels.includes(channel) && !this.config.apiKey) {
+    if (authenticatedChannels.includes(channel) && !this.config.apiKey && !this.config.hmacCredentials) {
       throw new Error(
-        `API key is required for '${channel}' subscription. Please provide an API key in the constructor or set LIMITLESS_API_KEY environment variable. You can generate an API key at https://limitless.exchange`
+        `Authentication is required for '${channel}' subscription. Please provide either apiKey or hmacCredentials when creating the WebSocket client.`
       );
     }
     const subscriptionKey = this.getSubscriptionKey(channel, options);
@@ -2477,16 +2921,75 @@ var WebSocketClient = class {
     return key.split(":")[0];
   }
 };
+// src/client.ts
+var import_ethers3 = require("ethers");
+var Client = class _Client {
+  constructor(config = {}) {
+    this.http = new HttpClient(config);
+    const logger = this.http.getLogger?.() || new NoOpLogger();
+    this.markets = new MarketFetcher(this.http, logger);
+    this.portfolio = new PortfolioFetcher(this.http, logger);
+    this.pages = new MarketPageFetcher(this.http, logger);
+    this.apiTokens = new ApiTokenService(this.http, logger);
+    this.partnerAccounts = new PartnerAccountService(this.http, logger);
+    this.delegatedOrders = new DelegatedOrderService(this.http, logger);
+  }
+  /**
+   * Creates a root client around an existing shared HTTP client.
+   */
+  static fromHttpClient(httpClient) {
+    const client = Object.create(_Client.prototype);
+    const logger = httpClient.getLogger?.() || new NoOpLogger();
+    client.http = httpClient;
+    client.markets = new MarketFetcher(httpClient, logger);
+    client.portfolio = new PortfolioFetcher(httpClient, logger);
+    client.pages = new MarketPageFetcher(httpClient, logger);
+    client.apiTokens = new ApiTokenService(httpClient, logger);
+    client.partnerAccounts = new PartnerAccountService(httpClient, logger);
+    client.delegatedOrders = new DelegatedOrderService(httpClient, logger);
+    return client;
+  }
+  /**
+   * Creates a regular EIP-712 order client reusing the shared transport and market cache.
+   */
+  newOrderClient(walletOrPrivateKey, config = {}) {
+    const wallet = typeof walletOrPrivateKey === "string" ? new import_ethers3.ethers.Wallet(walletOrPrivateKey) : walletOrPrivateKey;
+    return new OrderClient({
+      httpClient: this.http,
+      wallet,
+      marketFetcher: this.markets,
+      logger: this.http.getLogger(),
+      ...config
+    });
+  }
+  /**
+   * Creates a WebSocket client reusing shared auth where possible.
+   */
+  newWebSocketClient(config = {}) {
+    return new WebSocketClient(
+      {
+        apiKey: config.apiKey || this.http.getApiKey(),
+        hmacCredentials: config.hmacCredentials || this.http.getHMACCredentials(),
+        ...config
+      },
+      this.http.getLogger()
+    );
+  }
+};
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   APIError,
+  ApiTokenService,
   AuthenticationError,
   BASE_SEPOLIA_CHAIN_ID,
   CONTRACT_ADDRESSES,
+  Client,
   ConsoleLogger,
   DEFAULT_API_URL,
   DEFAULT_CHAIN_ID,
   DEFAULT_WS_URL,
+  DelegatedOrderService,
   HttpClient,
   Market,
   MarketFetcher,
@@ -2497,19 +3000,27 @@ var WebSocketClient = class {
   OrderSigner,
   OrderType,
   OrderValidationError,
+  PartnerAccountService,
   PortfolioFetcher,
   RateLimitError,
   RetryConfig,
   RetryableClient,
   SIGNING_MESSAGE_TEMPLATE,
+  ScopeAccountCreation,
+  ScopeDelegatedSigning,
+  ScopeTrading,
   Side,
   SignatureType,
   ValidationError,
   WebSocketClient,
   WebSocketState,
   ZERO_ADDRESS,
+  buildHMACMessage,
+  computeHMACSignature,
   getContractAddress,
   retryOnErrors,
+  toFiniteInteger,
+  toFiniteNumber,
   validateOrderArgs,
   validateSignedOrder,
   validateUnsignedOrder,