@limitless-exchange/sdk 1.0.3 → 1.0.5

package/dist/index.js

@@ -31,13 +31,16 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 var index_exports = {};
 __export(index_exports, {
   APIError: () => APIError,
+  ApiTokenService: () => ApiTokenService,
   AuthenticationError: () => AuthenticationError,
   BASE_SEPOLIA_CHAIN_ID: () => BASE_SEPOLIA_CHAIN_ID,
   CONTRACT_ADDRESSES: () => CONTRACT_ADDRESSES,
+  Client: () => Client,
   ConsoleLogger: () => ConsoleLogger,
   DEFAULT_API_URL: () => DEFAULT_API_URL,
   DEFAULT_CHAIN_ID: () => DEFAULT_CHAIN_ID,
   DEFAULT_WS_URL: () => DEFAULT_WS_URL,
+  DelegatedOrderService: () => DelegatedOrderService,
   HttpClient: () => HttpClient,
   Market: () => Market,
   MarketFetcher: () => MarketFetcher,
@@ -48,19 +51,27 @@ __export(index_exports, {
   OrderSigner: () => OrderSigner,
   OrderType: () => OrderType,
   OrderValidationError: () => OrderValidationError,
+  PartnerAccountService: () => PartnerAccountService,
   PortfolioFetcher: () => PortfolioFetcher,
   RateLimitError: () => RateLimitError,
   RetryConfig: () => RetryConfig,
   RetryableClient: () => RetryableClient,
   SIGNING_MESSAGE_TEMPLATE: () => SIGNING_MESSAGE_TEMPLATE,
+  ScopeAccountCreation: () => ScopeAccountCreation,
+  ScopeDelegatedSigning: () => ScopeDelegatedSigning,
+  ScopeTrading: () => ScopeTrading,
   Side: () => Side,
   SignatureType: () => SignatureType,
   ValidationError: () => ValidationError,
   WebSocketClient: () => WebSocketClient,
   WebSocketState: () => WebSocketState,
   ZERO_ADDRESS: () => ZERO_ADDRESS,
+  buildHMACMessage: () => buildHMACMessage,
+  computeHMACSignature: () => computeHMACSignature,
   getContractAddress: () => getContractAddress,
   retryOnErrors: () => retryOnErrors,
+  toFiniteInteger: () => toFiniteInteger,
+  toFiniteNumber: () => toFiniteNumber,
   validateOrderArgs: () => validateOrderArgs,
   validateSignedOrder: () => validateSignedOrder,
   validateUnsignedOrder: () => validateUnsignedOrder,
@@ -68,6 +79,11 @@ __export(index_exports, {
 });
 module.exports = __toCommonJS(index_exports);
 
+// src/types/api-tokens.ts
+var ScopeTrading = "trading";
+var ScopeAccountCreation = "account_creation";
+var ScopeDelegatedSigning = "delegated_signing";
+
 // src/types/logger.ts
 var NoOpLogger = class {
   debug() {
@@ -118,6 +134,7 @@ var Side = /* @__PURE__ */ ((Side2) => {
 })(Side || {});
 var OrderType = /* @__PURE__ */ ((OrderType2) => {
   OrderType2["FOK"] = "FOK";
+  OrderType2["FAK"] = "FAK";
   OrderType2["GTC"] = "GTC";
   return OrderType2;
 })(OrderType || {});
@@ -225,6 +242,40 @@ function getContractAddress(contractType, chainId = DEFAULT_CHAIN_ID) {
   return address;
 }
 
+// src/utils/sdk-tracking.ts
+var SDK_ID = "lmts-sdk-ts";
+function isNodeRuntime() {
+  return typeof process !== "undefined" && !!process.versions?.node;
+}
+function resolveSdkVersion() {
+  if ("1.0.5") {
+    return "1.0.5";
+  }
+  return "0.0.0";
+}
+function resolveRuntimeToken() {
+  if (isNodeRuntime()) {
+    return `node/${process.versions.node}`;
+  }
+  return "runtime/unknown";
+}
+function buildSdkTrackingHeaders() {
+  const sdkVersion = resolveSdkVersion();
+  const headers = {
+    "x-sdk-version": `${SDK_ID}/${sdkVersion}`
+  };
+  if (isNodeRuntime()) {
+    headers["user-agent"] = `${SDK_ID}/${sdkVersion} (${resolveRuntimeToken()})`;
+  }
+  return headers;
+}
+function buildWebSocketTrackingHeaders() {
+  if (!isNodeRuntime()) {
+    return {};
+  }
+  return buildSdkTrackingHeaders();
+}
+
 // src/api/errors.ts
 var APIError = class _APIError extends Error {
   /**
@@ -297,6 +348,19 @@ var ValidationError = class _ValidationError extends APIError {
   }
 };
 
+// src/api/hmac.ts
+var import_crypto = require("crypto");
+function buildHMACMessage(timestamp, method, path, body) {
+  return `${timestamp}
+${method.toUpperCase()}
+${path}
+${body}`;
+}
+function computeHMACSignature(secret, timestamp, method, path, body) {
+  const key = Buffer.from(secret, "base64");
+  return (0, import_crypto.createHmac)("sha256", key).update(buildHMACMessage(timestamp, method, path, body)).digest("base64");
+}
+
 // src/api/http.ts
 var HttpClient = class {
   /**
@@ -306,10 +370,14 @@ var HttpClient = class {
    */
   constructor(config = {}) {
     this.apiKey = config.apiKey || process.env.LIMITLESS_API_KEY;
+    this.hmacCredentials = config.hmacCredentials ? {
+      tokenId: config.hmacCredentials.tokenId,
+      secret: config.hmacCredentials.secret
+    } : void 0;
     this.logger = config.logger || new NoOpLogger();
-    if (!this.apiKey) {
+    if (!this.apiKey && !this.hmacCredentials) {
       this.logger.warn(
-        "API key not set. Authenticated endpoints will fail. Set LIMITLESS_API_KEY environment variable or pass apiKey parameter."
+        "Authentication not set. Authenticated endpoints will fail. Set LIMITLESS_API_KEY environment variable, pass apiKey, or configure hmacCredentials."
       );
     }
     const keepAlive = config.keepAlive !== false;
@@ -336,6 +404,7 @@ var HttpClient = class {
       headers: {
         "Content-Type": "application/json",
         Accept: "application/json",
+        ...buildSdkTrackingHeaders(),
         ...config.additionalHeaders
       }
     });
@@ -353,21 +422,42 @@ var HttpClient = class {
    */
   setupInterceptors() {
     this.client.interceptors.request.use(
-      (config) => {
-        if (this.apiKey) {
-          config.headers["X-API-Key"] = this.apiKey;
+      (rawConfig) => {
+        const config = rawConfig;
+        const headers = config.headers || (config.headers = {});
+        const identityToken = config.identityToken;
+        delete headers["X-API-Key"];
+        delete headers["lmts-api-key"];
+        delete headers["lmts-timestamp"];
+        delete headers["lmts-signature"];
+        delete headers.identity;
+        if (identityToken) {
+          headers.identity = `Bearer ${identityToken}`;
+        } else if (this.hmacCredentials) {
+          const requestPath = this.getRequestPath(config);
+          const requestBody = this.getRequestBodyForSignature(config.data);
+          const timestamp = (/* @__PURE__ */ new Date()).toISOString();
+          const signature = computeHMACSignature(
+            this.hmacCredentials.secret,
+            timestamp,
+            config.method || "GET",
+            requestPath,
+            requestBody
+          );
+          headers["lmts-api-key"] = this.hmacCredentials.tokenId;
+          headers["lmts-timestamp"] = timestamp;
+          headers["lmts-signature"] = signature;
+        } else if (this.apiKey) {
+          headers["X-API-Key"] = this.apiKey;
         }
         const fullUrl = `${config.baseURL || ""}${config.url || ""}`;
         const method = config.method?.toUpperCase() || "GET";
-        const logHeaders = { ...config.headers };
-        if (logHeaders["X-API-Key"]) {
-          logHeaders["X-API-Key"] = "***";
-        }
+        const logHeaders = this.maskSensitiveHeaders(headers);
         this.logger.debug(`\u2192 ${method} ${fullUrl}`, {
           headers: logHeaders,
           body: config.data
         });
-        return config;
+        return rawConfig;
       },
       (error) => Promise.reject(error)
     );
@@ -466,12 +556,86 @@ var HttpClient = class {
   setApiKey(apiKey) {
     this.apiKey = apiKey;
   }
+  /**
+   * Returns the configured API key, if any.
+   */
+  getApiKey() {
+    return this.apiKey;
+  }
   /**
    * Clears the API key.
    */
   clearApiKey() {
     this.apiKey = void 0;
   }
+  /**
+   * Sets HMAC credentials for scoped API-token authentication.
+   */
+  setHMACCredentials(credentials) {
+    this.hmacCredentials = {
+      tokenId: credentials.tokenId,
+      secret: credentials.secret
+    };
+  }
+  /**
+   * Clears HMAC credentials.
+   */
+  clearHMACCredentials() {
+    this.hmacCredentials = void 0;
+  }
+  /**
+   * Returns a copy of the configured HMAC credentials, if any.
+   */
+  getHMACCredentials() {
+    if (!this.hmacCredentials) {
+      return void 0;
+    }
+    return {
+      tokenId: this.hmacCredentials.tokenId,
+      secret: this.hmacCredentials.secret
+    };
+  }
+  /**
+   * Returns the logger attached to this HTTP client.
+   */
+  getLogger() {
+    return this.logger;
+  }
+  /**
+   * Returns true when cookie/header-based auth is configured on the underlying client.
+   * This is primarily used for custom authenticated flows that don't use API keys or HMAC.
+   */
+  hasConfiguredHeaderAuth() {
+    const defaultHeaders = this.client.defaults.headers;
+    const candidates = [defaultHeaders?.common, defaultHeaders];
+    for (const headers of candidates) {
+      if (!headers) {
+        continue;
+      }
+      const authValues = [
+        headers.Cookie,
+        headers.cookie,
+        headers.Authorization,
+        headers.authorization,
+        headers.identity
+      ];
+      if (authValues.some((value) => typeof value === "string" && value.trim() !== "")) {
+        return true;
+      }
+    }
+    return false;
+  }
+  /**
+   * Ensures the client has some authenticated transport configured.
+   */
+  requireAuth(operation) {
+    if (this.apiKey || this.hmacCredentials || this.hasConfiguredHeaderAuth()) {
+      return;
+    }
+    throw new Error(
+      `Authentication is required for ${operation}; pass apiKey, hmacCredentials, cookie/auth headers, or set LIMITLESS_API_KEY.`
+    );
+  }
   /**
    * Performs a GET request.
    *
@@ -483,6 +647,16 @@ var HttpClient = class {
     const response = await this.client.get(url, config);
     return response.data;
   }
+  /**
+   * Performs a GET request with identity-token authentication.
+   */
+  async getWithIdentity(url, identityToken, config) {
+    const response = await this.client.get(url, {
+      ...config,
+      identityToken
+    });
+    return response.data;
+  }
   /**
    * Performs a GET request and returns raw response metadata.
    *
@@ -517,6 +691,36 @@ var HttpClient = class {
     const response = await this.client.post(url, data, config);
     return response.data;
   }
+  /**
+   * Performs a POST request with identity-token authentication.
+   */
+  async postWithIdentity(url, identityToken, data, config) {
+    const response = await this.client.post(url, data, {
+      ...config,
+      identityToken
+    });
+    return response.data;
+  }
+  /**
+   * Performs a POST request with additional per-request headers.
+   */
+  async postWithHeaders(url, data, headers, config) {
+    const response = await this.client.post(url, data, {
+      ...config,
+      headers: {
+        ...config?.headers || {},
+        ...headers || {}
+      }
+    });
+    return response.data;
+  }
+  /**
+   * Performs a PATCH request.
+   */
+  async patch(url, data, config) {
+    const response = await this.client.patch(url, data, config);
+    return response.data;
+  }
   /**
    * Performs a DELETE request.
    *
@@ -539,6 +743,28 @@ var HttpClient = class {
     const response = await this.client.delete(url, deleteConfig);
     return response.data;
   }
+  getRequestPath(config) {
+    const resolved = new URL(config.url || "", config.baseURL || this.client.defaults.baseURL || DEFAULT_API_URL);
+    return `${resolved.pathname}${resolved.search}`;
+  }
+  getRequestBodyForSignature(data) {
+    if (data === void 0 || data === null || data === "") {
+      return "";
+    }
+    if (typeof data === "string") {
+      return data;
+    }
+    return JSON.stringify(data);
+  }
+  maskSensitiveHeaders(headers) {
+    const masked = { ...headers };
+    for (const key of ["X-API-Key", "lmts-api-key", "lmts-timestamp", "lmts-signature", "identity"]) {
+      if (masked[key] !== void 0) {
+        masked[key] = key === "identity" ? "Bearer ***" : "***";
+      }
+    }
+    return masked;
+  }
 };
 
 // src/api/retry.ts
@@ -722,6 +948,75 @@ var RetryableClient = class {
   }
 };
 
+// src/api-tokens/service.ts
+var ApiTokenService = class {
+  constructor(httpClient, logger) {
+    this.httpClient = httpClient;
+    this.logger = logger || new NoOpLogger();
+  }
+  async deriveToken(identityToken, input) {
+    if (!identityToken) {
+      throw new Error("Identity token is required for deriveToken");
+    }
+    this.logger.debug("Deriving API token", { scopes: input.scopes, label: input.label });
+    return this.httpClient.postWithIdentity("/auth/api-tokens/derive", identityToken, input);
+  }
+  async listTokens() {
+    this.httpClient.requireAuth("listTokens");
+    return this.httpClient.get("/auth/api-tokens");
+  }
+  async getCapabilities(identityToken) {
+    if (!identityToken) {
+      throw new Error("Identity token is required for getCapabilities");
+    }
+    return this.httpClient.getWithIdentity("/auth/api-tokens/capabilities", identityToken);
+  }
+  async revokeToken(tokenId) {
+    this.httpClient.requireAuth("revokeToken");
+    const response = await this.httpClient.delete(`/auth/api-tokens/${encodeURIComponent(tokenId)}`);
+    return response.message;
+  }
+};
+
+// src/partner-accounts/service.ts
+var _PartnerAccountService = class _PartnerAccountService {
+  constructor(httpClient, logger) {
+    this.httpClient = httpClient;
+    this.logger = logger || new NoOpLogger();
+  }
+  async createAccount(input, eoaHeaders) {
+    this.httpClient.requireAuth("createPartnerAccount");
+    const serverWalletMode = input.createServerWallet === true;
+    if (!serverWalletMode && !eoaHeaders) {
+      throw new Error("EOA headers are required when createServerWallet is not true");
+    }
+    if (input.displayName && input.displayName.length > _PartnerAccountService.DISPLAY_NAME_MAX_LENGTH) {
+      throw new Error(
+        `displayName must be at most ${_PartnerAccountService.DISPLAY_NAME_MAX_LENGTH} characters`
+      );
+    }
+    this.logger.debug("Creating partner account", {
+      displayName: input.displayName,
+      createServerWallet: input.createServerWallet
+    });
+    const payload = {
+      displayName: input.displayName,
+      createServerWallet: input.createServerWallet
+    };
+    return this.httpClient.postWithHeaders(
+      "/profiles/partner-accounts",
+      payload,
+      eoaHeaders ? {
+        "x-account": eoaHeaders.account,
+        "x-signing-message": eoaHeaders.signingMessage,
+        "x-signature": eoaHeaders.signature
+      } : void 0
+    );
+  }
+};
+_PartnerAccountService.DISPLAY_NAME_MAX_LENGTH = 44;
+var PartnerAccountService = _PartnerAccountService;
+
 // src/orders/builder.ts
 var import_ethers = require("ethers");
 var ZERO_ADDRESS2 = "0x0000000000000000000000000000000000000000";
@@ -1010,6 +1305,106 @@ var OrderBuilder = class {
   }
 };
 
+// src/delegated-orders/service.ts
+var DEFAULT_DELEGATED_FEE_RATE_BPS = 300;
+var DelegatedOrderService = class {
+  constructor(httpClient, logger) {
+    this.httpClient = httpClient;
+    this.logger = logger || new NoOpLogger();
+  }
+  async createOrder(params) {
+    this.httpClient.requireAuth("createDelegatedOrder");
+    if (!Number.isInteger(params.onBehalfOf) || params.onBehalfOf <= 0) {
+      throw new Error("onBehalfOf must be a positive integer");
+    }
+    const feeRateBps = params.feeRateBps && params.feeRateBps > 0 ? params.feeRateBps : DEFAULT_DELEGATED_FEE_RATE_BPS;
+    const builder = new OrderBuilder(ZERO_ADDRESS, feeRateBps);
+    const unsignedOrder = builder.buildOrder(params.args);
+    const postOnly = params.orderType === "GTC" /* GTC */ && "postOnly" in params.args && params.args.postOnly !== void 0 ? params.args.postOnly : void 0;
+    const payload = {
+      order: {
+        salt: unsignedOrder.salt,
+        maker: unsignedOrder.maker,
+        signer: unsignedOrder.signer,
+        taker: unsignedOrder.taker,
+        tokenId: unsignedOrder.tokenId,
+        makerAmount: unsignedOrder.makerAmount,
+        takerAmount: unsignedOrder.takerAmount,
+        expiration: unsignedOrder.expiration,
+        nonce: unsignedOrder.nonce,
+        feeRateBps: unsignedOrder.feeRateBps,
+        side: unsignedOrder.side,
+        signatureType: 0 /* EOA */,
+        ...unsignedOrder.price !== void 0 ? { price: unsignedOrder.price } : {}
+      },
+      orderType: params.orderType,
+      marketSlug: params.marketSlug,
+      ownerId: params.onBehalfOf,
+      onBehalfOf: params.onBehalfOf,
+      ...postOnly !== void 0 ? { postOnly } : {}
+    };
+    this.logger.debug("Creating delegated order", {
+      marketSlug: params.marketSlug,
+      onBehalfOf: params.onBehalfOf,
+      feeRateBps
+    });
+    return this.httpClient.post("/orders", payload);
+  }
+  async cancel(orderId) {
+    this.httpClient.requireAuth("cancelDelegatedOrder");
+    const response = await this.httpClient.delete(`/orders/${encodeURIComponent(orderId)}`);
+    return response.message;
+  }
+  async cancelOnBehalfOf(orderId, onBehalfOf) {
+    this.httpClient.requireAuth("cancelDelegatedOrder");
+    if (!Number.isInteger(onBehalfOf) || onBehalfOf <= 0) {
+      throw new Error("onBehalfOf must be a positive integer");
+    }
+    const response = await this.httpClient.delete(
+      `/orders/${encodeURIComponent(orderId)}?onBehalfOf=${onBehalfOf}`
+    );
+    return response.message;
+  }
+  async cancelAll(marketSlug) {
+    this.httpClient.requireAuth("cancelAllDelegatedOrders");
+    const response = await this.httpClient.delete(`/orders/all/${encodeURIComponent(marketSlug)}`);
+    return response.message;
+  }
+  async cancelAllOnBehalfOf(marketSlug, onBehalfOf) {
+    this.httpClient.requireAuth("cancelAllDelegatedOrders");
+    if (!Number.isInteger(onBehalfOf) || onBehalfOf <= 0) {
+      throw new Error("onBehalfOf must be a positive integer");
+    }
+    const response = await this.httpClient.delete(
+      `/orders/all/${encodeURIComponent(marketSlug)}?onBehalfOf=${onBehalfOf}`
+    );
+    return response.message;
+  }
+};
+
+// src/utils/number-flex.ts
+function toFiniteNumber(value) {
+  if (typeof value === "number") {
+    return Number.isFinite(value) ? value : void 0;
+  }
+  if (typeof value === "string") {
+    const trimmed = value.trim();
+    if (trimmed.length === 0) {
+      return void 0;
+    }
+    const parsed = Number(trimmed);
+    return Number.isFinite(parsed) ? parsed : void 0;
+  }
+  return void 0;
+}
+function toFiniteInteger(value) {
+  const parsed = toFiniteNumber(value);
+  if (parsed === void 0) {
+    return void 0;
+  }
+  return Number.isSafeInteger(parsed) ? parsed : void 0;
+}
+
 // src/orders/signer.ts
 var OrderSigner = class {
   /**
@@ -1673,9 +2068,14 @@ var OrderClient = class {
       });
       const portfolioFetcher = new PortfolioFetcher(this.httpClient);
       const profile = await portfolioFetcher.getProfile(this.wallet.address);
+      const userId = toFiniteInteger(profile.id);
+      const feeRateBps = toFiniteInteger(profile.rank?.feeRateBps) ?? 300;
+      if (userId === void 0) {
+        throw new Error(`Invalid user profile id: ${profile.id}`);
+      }
       this.cachedUserData = {
-        userId: profile.id,
-        feeRateBps: profile.rank?.feeRateBps || 300
+        userId,
+        feeRateBps
       };
       this.orderBuilder = new OrderBuilder(
         this.wallet.address,
@@ -1762,6 +2162,7 @@ var OrderClient = class {
       takerAmount: unsignedOrder.takerAmount
     });
     const signature = await this.orderSigner.signOrder(unsignedOrder, dynamicSigningConfig);
+    const postOnly = params.orderType === "GTC" /* GTC */ && "postOnly" in params && params.postOnly !== void 0 ? params.postOnly : void 0;
     const payload = {
       order: {
         ...unsignedOrder,
@@ -1769,7 +2170,8 @@ var OrderClient = class {
       },
       orderType: params.orderType,
       marketSlug: params.marketSlug,
-      ownerId: userData.userId
+      ownerId: userData.userId,
+      ...postOnly !== void 0 ? { postOnly } : {}
     };
     this.logger.debug("Submitting order to API", payload);
     const apiResponse = await this.httpClient.post("/orders", payload);
@@ -1787,26 +2189,27 @@ var OrderClient = class {
    * @internal
    */
   transformOrderResponse(apiResponse) {
+    const order = apiResponse.order;
     const cleanOrder = {
       order: {
-        id: apiResponse.order.id,
-        createdAt: apiResponse.order.createdAt,
-        makerAmount: apiResponse.order.makerAmount,
-        takerAmount: apiResponse.order.takerAmount,
-        expiration: apiResponse.order.expiration,
-        signatureType: apiResponse.order.signatureType,
-        salt: apiResponse.order.salt,
-        maker: apiResponse.order.maker,
-        signer: apiResponse.order.signer,
-        taker: apiResponse.order.taker,
-        tokenId: apiResponse.order.tokenId,
-        side: apiResponse.order.side,
-        feeRateBps: apiResponse.order.feeRateBps,
-        nonce: apiResponse.order.nonce,
-        signature: apiResponse.order.signature,
-        orderType: apiResponse.order.orderType,
-        price: apiResponse.order.price,
-        marketId: apiResponse.order.marketId
+        id: order.id,
+        createdAt: order.createdAt,
+        makerAmount: toFiniteNumber(order.makerAmount) ?? order.makerAmount,
+        takerAmount: toFiniteNumber(order.takerAmount) ?? order.takerAmount,
+        expiration: order.expiration,
+        signatureType: order.signatureType,
+        salt: toFiniteInteger(order.salt) ?? order.salt,
+        maker: order.maker,
+        signer: order.signer,
+        taker: order.taker,
+        tokenId: order.tokenId,
+        side: order.side,
+        feeRateBps: order.feeRateBps,
+        nonce: order.nonce,
+        signature: order.signature,
+        orderType: order.orderType,
+        price: order.price === void 0 || order.price === null ? order.price : toFiniteNumber(order.price) ?? order.price,
+        marketId: order.marketId
       }
     };
     if (apiResponse.makerMatches && apiResponse.makerMatches.length > 0) {
@@ -2125,6 +2528,7 @@ var WebSocketClient = class {
     this.config = {
       url: config.url || DEFAULT_WS_URL,
       apiKey: config.apiKey || process.env.LIMITLESS_API_KEY || "",
+      hmacCredentials: config.hmacCredentials,
       autoReconnect: config.autoReconnect ?? true,
       reconnectDelay: config.reconnectDelay || 1e3,
       maxReconnectAttempts: config.maxReconnectAttempts || Infinity,
@@ -2164,6 +2568,32 @@ var WebSocketClient = class {
       this.reconnectWithNewAuth();
     }
   }
+  /**
+   * Sets HMAC credentials for authenticated subscriptions.
+   *
+   * @remarks
+   * When configured alongside `apiKey`, this client uses HMAC headers for authenticated subscriptions.
+   */
+  setHMACCredentials(hmacCredentials) {
+    this.config.hmacCredentials = {
+      tokenId: hmacCredentials.tokenId,
+      secret: hmacCredentials.secret
+    };
+    if (this.socket?.connected) {
+      this.logger.info("HMAC credentials updated, reconnecting...");
+      this.reconnectWithNewAuth();
+    }
+  }
+  /**
+   * Clears HMAC credentials.
+   */
+  clearHMACCredentials() {
+    this.config.hmacCredentials = void 0;
+    if (this.socket?.connected) {
+      this.logger.info("HMAC credentials cleared, reconnecting...");
+      this.reconnectWithNewAuth();
+    }
+  }
   /**
    * Reconnects with new authentication credentials.
    * @internal
@@ -2209,10 +2639,29 @@ var WebSocketClient = class {
         // Add jitter to prevent thundering herd
         timeout: this.config.timeout
       };
-      if (this.config.apiKey) {
+      const extraHeaders = buildWebSocketTrackingHeaders();
+      if (this.config.hmacCredentials) {
+        const timestamp = (/* @__PURE__ */ new Date()).toISOString();
+        const signature = computeHMACSignature(
+          this.config.hmacCredentials.secret,
+          timestamp,
+          "GET",
+          "/socket.io/?EIO=4&transport=websocket",
+          ""
+        );
         socketOptions.extraHeaders = {
+          ...extraHeaders,
+          "lmts-api-key": this.config.hmacCredentials.tokenId,
+          "lmts-timestamp": timestamp,
+          "lmts-signature": signature
+        };
+      } else if (this.config.apiKey) {
+        socketOptions.extraHeaders = {
+          ...extraHeaders,
           "X-API-Key": this.config.apiKey
         };
+      } else if (Object.keys(extraHeaders).length > 0) {
+        socketOptions.extraHeaders = extraHeaders;
       }
       this.socket = (0, import_socket.io)(wsUrl + "/markets", socketOptions);
       this.attachPendingListeners();
@@ -2281,9 +2730,9 @@ var WebSocketClient = class {
       "subscribe_positions",
       "subscribe_transactions"
     ];
-    if (authenticatedChannels.includes(channel) && !this.config.apiKey) {
+    if (authenticatedChannels.includes(channel) && !this.config.apiKey && !this.config.hmacCredentials) {
       throw new Error(
-        `API key is required for '${channel}' subscription. Please provide an API key in the constructor or set LIMITLESS_API_KEY environment variable. You can generate an API key at https://limitless.exchange`
+        `Authentication is required for '${channel}' subscription. Please provide either apiKey or hmacCredentials when creating the WebSocket client.`
       );
     }
     const subscriptionKey = this.getSubscriptionKey(channel, options);
@@ -2477,16 +2926,75 @@ var WebSocketClient = class {
     return key.split(":")[0];
   }
 };
+
+// src/client.ts
+var import_ethers3 = require("ethers");
+var Client = class _Client {
+  constructor(config = {}) {
+    this.http = new HttpClient(config);
+    const logger = this.http.getLogger?.() || new NoOpLogger();
+    this.markets = new MarketFetcher(this.http, logger);
+    this.portfolio = new PortfolioFetcher(this.http, logger);
+    this.pages = new MarketPageFetcher(this.http, logger);
+    this.apiTokens = new ApiTokenService(this.http, logger);
+    this.partnerAccounts = new PartnerAccountService(this.http, logger);
+    this.delegatedOrders = new DelegatedOrderService(this.http, logger);
+  }
+  /**
+   * Creates a root client around an existing shared HTTP client.
+   */
+  static fromHttpClient(httpClient) {
+    const client = Object.create(_Client.prototype);
+    const logger = httpClient.getLogger?.() || new NoOpLogger();
+    client.http = httpClient;
+    client.markets = new MarketFetcher(httpClient, logger);
+    client.portfolio = new PortfolioFetcher(httpClient, logger);
+    client.pages = new MarketPageFetcher(httpClient, logger);
+    client.apiTokens = new ApiTokenService(httpClient, logger);
+    client.partnerAccounts = new PartnerAccountService(httpClient, logger);
+    client.delegatedOrders = new DelegatedOrderService(httpClient, logger);
+    return client;
+  }
+  /**
+   * Creates a regular EIP-712 order client reusing the shared transport and market cache.
+   */
+  newOrderClient(walletOrPrivateKey, config = {}) {
+    const wallet = typeof walletOrPrivateKey === "string" ? new import_ethers3.ethers.Wallet(walletOrPrivateKey) : walletOrPrivateKey;
+    return new OrderClient({
+      httpClient: this.http,
+      wallet,
+      marketFetcher: this.markets,
+      logger: this.http.getLogger(),
+      ...config
+    });
+  }
+  /**
+   * Creates a WebSocket client reusing shared auth where possible.
+   */
+  newWebSocketClient(config = {}) {
+    return new WebSocketClient(
+      {
+        apiKey: config.apiKey || this.http.getApiKey(),
+        hmacCredentials: config.hmacCredentials || this.http.getHMACCredentials(),
+        ...config
+      },
+      this.http.getLogger()
+    );
+  }
+};
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   APIError,
+  ApiTokenService,
   AuthenticationError,
   BASE_SEPOLIA_CHAIN_ID,
   CONTRACT_ADDRESSES,
+  Client,
   ConsoleLogger,
   DEFAULT_API_URL,
   DEFAULT_CHAIN_ID,
   DEFAULT_WS_URL,
+  DelegatedOrderService,
   HttpClient,
   Market,
   MarketFetcher,
@@ -2497,19 +3005,27 @@ var WebSocketClient = class {
   OrderSigner,
   OrderType,
   OrderValidationError,
+  PartnerAccountService,
   PortfolioFetcher,
   RateLimitError,
   RetryConfig,
   RetryableClient,
   SIGNING_MESSAGE_TEMPLATE,
+  ScopeAccountCreation,
+  ScopeDelegatedSigning,
+  ScopeTrading,
   Side,
   SignatureType,
   ValidationError,
   WebSocketClient,
   WebSocketState,
   ZERO_ADDRESS,
+  buildHMACMessage,
+  computeHMACSignature,
   getContractAddress,
   retryOnErrors,
+  toFiniteInteger,
+  toFiniteNumber,
   validateOrderArgs,
   validateSignedOrder,
   validateUnsignedOrder,