@openfort/openfort-js 0.8.18 → 0.8.20

package/dist/index.cjs

@@ -3339,7 +3339,7 @@ class KeyPair extends signingKey.SigningKey {
     }
 }
 
-const VERSION = '0.8.18';
+const VERSION = '0.8.20';
 
 var Event;
 (function (Event) {
@@ -3350,6 +3350,8 @@ var Event;
     Event["AUTHENTICATION_UPDATED"] = "authentication-updated";
     Event["SIGN"] = "sign";
     Event["SET_RECOVERY_METHOD"] = "set-recovery-method";
+    Event["SWITCH_CHAIN"] = "switch-chain";
+    Event["CHAIN_SWITCHED"] = "chain-switched";
     Event["EXPORT"] = "export";
     Event["SIGNED"] = "signed";
     Event["LOGOUT"] = "logout";
@@ -3419,6 +3421,17 @@ class SignRequest {
         this.requestConfiguration = requestConfiguration;
     }
 }
+class SwitchChainRequest {
+    uuid;
+    action = Event.SWITCH_CHAIN;
+    chainId;
+    requestConfiguration;
+    constructor(uuid, chainId, requestConfiguration) {
+        this.uuid = uuid;
+        this.chainId = chainId;
+        this.requestConfiguration = requestConfiguration;
+    }
+}
 class ExportPrivateKeyRequest {
     uuid;
     action = Event.EXPORT;
@@ -3489,6 +3502,27 @@ class ConfigureResponse {
         this.version = null;
     }
 }
+class SwitchChainResponse {
+    uuid;
+    success;
+    deviceID;
+    address;
+    chainId;
+    accountType;
+    ownerAddress;
+    version;
+    action = Event.CHAIN_SWITCHED;
+    constructor(uuid, deviceID, accountType, chainId, address, ownerAddress) {
+        this.success = true;
+        this.deviceID = deviceID;
+        this.uuid = uuid;
+        this.accountType = accountType;
+        this.chainId = chainId;
+        this.address = address;
+        this.ownerAddress = ownerAddress;
+        this.version = null;
+    }
+}
 class UpdateAuthenticationResponse {
     uuid;
     success;
@@ -3659,6 +3693,7 @@ class IframeManager {
         [Event.AUTHENTICATION_UPDATED]: UpdateAuthenticationResponse,
         [Event.CURRENT_DEVICE]: GetCurrentDeviceResponse,
         [Event.SIGNED]: SignResponse,
+        [Event.CHAIN_SWITCHED]: SwitchChainResponse,
         [Event.LOGGED_OUT]: LogoutResponse,
         [Event.SET_RECOVERY_METHOD]: SetRecoveryMethodResponse,
         [Event.EXPORT]: ExportPrivateKeyResponse,
@@ -3756,6 +3791,33 @@ class IframeManager {
         sessionStorage.setItem('iframe-version', response.version ?? 'undefined');
         return response.signature;
     }
+    async switchChain(iframeConfiguration, chainId) {
+        await this.waitForIframeLoad();
+        const uuid = this.generateShortUUID();
+        const requestConfiguration = {
+            thirdPartyProvider: iframeConfiguration.thirdPartyProvider ?? undefined,
+            thirdPartyTokenType: iframeConfiguration.thirdPartyTokenType ?? undefined,
+            token: iframeConfiguration.accessToken ?? undefined,
+            publishableKey: this.sdkConfiguration.baseConfiguration.publishableKey,
+            openfortURL: this.sdkConfiguration.backendUrl,
+        };
+        const request = new SwitchChainRequest(uuid, chainId, requestConfiguration);
+        this.iframe?.contentWindow?.postMessage(request, '*');
+        let response;
+        try {
+            response = await this.waitForResponse(uuid);
+        }
+        catch (e) {
+            console.log('switchChain', e);
+            if (e instanceof NotConfiguredError) {
+                await this.configure(iframeConfiguration);
+                return this.switchChain(iframeConfiguration, chainId);
+            }
+            throw e;
+        }
+        sessionStorage.setItem('iframe-version', response.version ?? 'undefined');
+        return response;
+    }
     async export(iframeConfiguration) {
         await this.waitForIframeLoad();
         const uuid = this.generateShortUUID();
@@ -4004,6 +4066,30 @@ class Recovery {
     }
 }
 
+class Account {
+    type;
+    address;
+    ownerAddress;
+    chainId;
+    constructor(type, address, chainId, ownerAddress) {
+        this.type = type;
+        this.address = address;
+        this.chainId = chainId;
+        this.ownerAddress = ownerAddress;
+    }
+    static fromStorage(storage) {
+        const account = storage.get(StorageKeys.ACCOUNT);
+        if (!account) {
+            return null;
+        }
+        const accountObj = JSON.parse(account);
+        return new Account(accountObj.type, accountObj.address, accountObj.chainId, accountObj.ownerAddress);
+    }
+    save(storage) {
+        storage.save(StorageKeys.ACCOUNT, JSON.stringify(this));
+    }
+}
+
 class EmbeddedSigner {
     iframeManager;
     iframeConfiguration;
@@ -4019,6 +4105,12 @@ class EmbeddedSigner {
     async export() {
         return await this.iframeManager.export(this.iframeConfiguration);
     }
+    async switchChain({ chainId }) {
+        const deviceAccount = await this.iframeManager
+            .switchChain(this.iframeConfiguration, chainId);
+        new Account(deviceAccount.accountType, deviceAccount.address, deviceAccount.chainId, deviceAccount.ownerAddress).save(this.storage);
+        SignerManager.storage.save(StorageKeys.SIGNER, JSON.stringify(deviceAccount));
+    }
     async setEmbeddedRecovery({ recoveryMethod, recoveryPassword, encryptionSession }) {
         await this.iframeManager
             .setEmbeddedRecovery(this.iframeConfiguration, recoveryMethod, recoveryPassword, encryptionSession);
@@ -4088,6 +4180,10 @@ class SessionSigner {
     updateAuthentication() {
         return Promise.resolve();
     }
+    // eslint-disable-next-line class-methods-use-this
+    switchChain() {
+        return Promise.resolve();
+    }
     async export() {
         return this.sessionKey.getPrivateKey();
     }
@@ -4097,30 +4193,6 @@ class SessionSigner {
     }
 }
 
-class Account {
-    type;
-    address;
-    ownerAddress;
-    chainId;
-    constructor(type, address, chainId, ownerAddress) {
-        this.type = type;
-        this.address = address;
-        this.chainId = chainId;
-        this.ownerAddress = ownerAddress;
-    }
-    static fromStorage(storage) {
-        const account = storage.get(StorageKeys.ACCOUNT);
-        if (!account) {
-            return null;
-        }
-        const accountObj = JSON.parse(account);
-        return new Account(accountObj.type, accountObj.address, accountObj.chainId, accountObj.ownerAddress);
-    }
-    save(storage) {
-        storage.save(StorageKeys.ACCOUNT, JSON.stringify(this));
-    }
-}
-
 let iframeManagerSingleton = null;
 class SignerManager {
     static storage = new LocalStorage();
@@ -4880,6 +4952,7 @@ var BackendTransactionStatus;
 var ProviderEvent;
 (function (ProviderEvent) {
     ProviderEvent["ACCOUNTS_CHANGED"] = "accountsChanged";
+    ProviderEvent["ACCOUNTS_CONNECT"] = "connect";
 })(ProviderEvent || (ProviderEvent = {}));
 
 /**
@@ -4948,7 +5021,14 @@ const sendTransaction = async ({ params, signer, account, authentication, backen
     const openfortTransaction = await buildOpenfortTransactions$4(params, backendClient, account, authentication, policyId);
     let response;
     if (openfortTransaction?.nextAction?.payload?.signableHash) {
-        const signature = await signer.sign(openfortTransaction.nextAction.payload.signableHash);
+        let signature;
+        // zkSync and Sophon test need a different signature
+        if ([300, 531050104, 324, 50104].includes(account.chainId)) {
+            signature = await signer.sign(openfortTransaction.nextAction.payload.signableHash, false, false);
+        }
+        else {
+            signature = await signer.sign(openfortTransaction.nextAction.payload.signableHash);
+        }
         const openfortSignatureResponse = (await backendClient.transactionIntentsApi.signature({
             id: openfortTransaction.id,
             signatureRequest: { signature },
@@ -5062,7 +5142,7 @@ class TypedEventEmitter {
     }
 }
 
-const chain$s = {
+const chain$t = {
     name: 'ZKsync Sepolia Testnet',
     title: 'ZKsync Sepolia Testnet',
     chain: 'zksync-sepolia-testnet',
@@ -5090,6 +5170,34 @@ const chain$s = {
     slug: 'zksync-sepolia-testnet',
 };
 
+const chain$s = {
+    name: 'ZKsync Era',
+    title: 'ZKsync Era',
+    chain: 'zksync-era',
+    rpc: ['https://mainnet.era.zksync.io'],
+    nativeCurrency: {
+        name: 'Ether',
+        symbol: 'ETH',
+        decimals: 18,
+    },
+    shortName: 'zksync-era',
+    chainId: 324,
+    explorers: [
+        {
+            name: 'Etherscan',
+            url: 'https://era.zksync.network/',
+            standard: 'EIP3091',
+        },
+        {
+            name: 'ZKsync Explorer',
+            url: 'https://explorer.zksync.io/',
+            standard: 'EIP3091',
+        },
+    ],
+    testnet: false,
+    slug: 'zksync-era',
+};
+
 const chain$r = {
     chain: 'BSC',
     chainId: 56,
@@ -5476,12 +5584,9 @@ const chain$i = {
     networkId: 11155111,
     redFlags: [],
     rpc: [
-        'https://rpc.sepolia.org',
-        'https://rpc2.sepolia.org',
-        'https://rpc-sepolia.rockx.com',
+        'https://ethereum-sepolia-rpc.publicnode.com',
         'https://rpc.sepolia.ethpandaops.io',
         'https://sepolia.gateway.tenderly.co',
-        'https://ethereum-sepolia.publicnode.com',
     ],
     shortName: 'sep',
     slug: 'sepolia',
@@ -6218,6 +6323,29 @@ const sophonTestnet = {
     slug: 'sophon-testnet',
 };
 
+const sophonMainnet = {
+    name: 'Sophon',
+    title: 'Sophon',
+    chain: 'sophon',
+    rpc: ['https://rpc.sophon.xyz'],
+    nativeCurrency: {
+        name: 'Sophon',
+        symbol: 'SOPH',
+        decimals: 18,
+    },
+    shortName: 'sophon',
+    chainId: 50104,
+    explorers: [
+        {
+            name: 'Sophon Block Explorer',
+            url: 'https://explorer.sophon.xyz',
+            standard: 'EIP3091',
+        },
+    ],
+    testnet: false,
+    slug: 'sophon',
+};
+
 const chain$1 = {
     chainId: 2358,
     name: 'Kroma Sepolia',
@@ -6258,7 +6386,9 @@ const chainMap = {
     // eslint-disable-next-line @typescript-eslint/naming-convention
     1: chain$j,
     // eslint-disable-next-line @typescript-eslint/naming-convention
-    300: chain$s,
+    300: chain$t,
+    // eslint-disable-next-line @typescript-eslint/naming-convention
+    324: chain$s,
     // eslint-disable-next-line @typescript-eslint/naming-convention
     56: chain$r,
     // eslint-disable-next-line @typescript-eslint/naming-convention
@@ -6316,6 +6446,8 @@ const chainMap = {
     // eslint-disable-next-line @typescript-eslint/naming-convention
     531050104: sophonTestnet,
     // eslint-disable-next-line @typescript-eslint/naming-convention
+    50104: sophonMainnet,
+    // eslint-disable-next-line @typescript-eslint/naming-convention
     2358: chain$1,
     // eslint-disable-next-line @typescript-eslint/naming-convention
     255: chain,
@@ -6451,6 +6583,7 @@ const buildOpenfortTransactions$3 = async (params, backendApiClients, account, a
     const formattedPermissions = param.permissions.map(formatPermissionRequest);
     const whitelist = formattedPermissions.filter((p) => p.type === 'contract-call'
         || p.type === 'erc20-token-transfer').map((p) => p.data.address);
+    const limit = formattedPermissions[0].policies.find((p) => p.type === 'usage-limit')?.data?.limit;
     if (param.signer && param.signer.type === 'keys') {
         throw new JsonRpcError(RpcErrorCode.INVALID_PARAMS, 'Failed to request permissions - missing session address');
     }
@@ -6458,7 +6591,7 @@ const buildOpenfortTransactions$3 = async (params, backendApiClients, account, a
     if (!sessionAddress) {
         throw new JsonRpcError(RpcErrorCode.INVALID_PARAMS, 'Failed to request permissions - missing session address');
     }
-    const sessionRequest = formatSessionRequest$1(sessionAddress, account.chainId, now, expiry, policyId, false, whitelist, authentication.player);
+    const sessionRequest = formatSessionRequest$1(sessionAddress, account.chainId, now, expiry, policyId, false, whitelist, authentication.player, limit);
     const transactionResponse = await backendApiClients.sessionsApi.createSession({
         createSessionRequest: sessionRequest,
     }, {
@@ -6497,7 +6630,14 @@ const registerSession = async ({ params, signer, account, authentication, backen
     const openfortTransaction = await buildOpenfortTransactions$3(params, backendClient, account, authentication, policyId);
     let response;
     if (openfortTransaction?.nextAction?.payload?.signableHash) {
-        const signature = await signer.sign(openfortTransaction.nextAction.payload.signableHash);
+        let signature;
+        // zkSync and Sophon test need a different signature
+        if ([300, 531050104, 324, 50104].includes(account.chainId)) {
+            signature = await signer.sign(openfortTransaction.nextAction.payload.signableHash, false, false);
+        }
+        else {
+            signature = await signer.sign(openfortTransaction.nextAction.payload.signableHash);
+        }
         const openfortSignatureResponse = await backendClient.sessionsApi.signatureSession({
             id: openfortTransaction.id,
             signatureRequest: { signature },
@@ -6547,7 +6687,14 @@ const revokeSession = async ({ params, signer, account, authentication, backendC
     const openfortTransaction = await buildOpenfortTransactions$2(params, backendClient, account, authentication, policyId);
     let response;
     if (openfortTransaction?.nextAction?.payload?.signableHash) {
-        const signature = await signer.sign(openfortTransaction.nextAction.payload.signableHash);
+        let signature;
+        // zkSync and Sophon test need a different signature
+        if ([300, 531050104, 324, 50104].includes(account.chainId)) {
+            signature = await signer.sign(openfortTransaction.nextAction.payload.signableHash, false, false);
+        }
+        else {
+            signature = await signer.sign(openfortTransaction.nextAction.payload.signableHash);
+        }
         const openfortSignatureResponse = await backendClient.sessionsApi.signatureSession({
             id: openfortTransaction.id,
             signatureRequest: { signature },
@@ -6601,7 +6748,14 @@ const sendCalls = async ({ params, signer, account, authentication, backendClien
     const openfortTransaction = await buildOpenfortTransactions$1(params[0].calls, backendClient, account, authentication, policy);
     let response;
     if (openfortTransaction?.nextAction?.payload?.signableHash) {
-        const signature = await signer.sign(openfortTransaction.nextAction.payload.signableHash);
+        let signature;
+        // zkSync and Sophon test need a different signature
+        if ([300, 531050104, 324, 50104].includes(account.chainId)) {
+            signature = await signer.sign(openfortTransaction.nextAction.payload.signableHash, false, false);
+        }
+        else {
+            signature = await signer.sign(openfortTransaction.nextAction.payload.signableHash);
+        }
         const openfortSignatureResponse = (await backendClient.transactionIntentsApi.signature({
             id: openfortTransaction.id,
             signatureRequest: { signature },
@@ -6660,16 +6814,38 @@ const getCallStatus = async ({ params, authentication, backendClient, }) => {
     };
 };
 
+const personalSign = async ({ params, signer, account, }) => {
+    const message = params[0];
+    const fromAddress = params[1];
+    if (!fromAddress || !message) {
+        throw new JsonRpcError(RpcErrorCode.INVALID_PARAMS, 'personal_sign requires an address and a message');
+    }
+    if (fromAddress.toLowerCase() !== account.address.toLowerCase()) {
+        throw new JsonRpcError(RpcErrorCode.INVALID_PARAMS, 'personal_sign requires the signer to be the from address');
+    }
+    const signature = await signer.sign(message, false, true);
+    return signature;
+};
+
 class EvmProvider {
     #storage;
     #policyId;
+    /**
+     * Updates the policy ID for the provider
+     * @param newPolicyId - The new policy ID to use
+     */
+    updatePolicy(newPolicy) {
+        this.#policyId = newPolicy;
+    }
+    #validateAndRefreshSession;
     #eventEmitter;
     #rpcProvider; // Used for read
     #backendApiClients;
     isOpenfort = true;
-    constructor({ storage, backendApiClients, openfortEventEmitter, policyId, }) {
+    constructor({ storage, backendApiClients, openfortEventEmitter, policyId, validateAndRefreshSession, }) {
         this.#storage = storage;
         this.#policyId = policyId;
+        this.#validateAndRefreshSession = validateAndRefreshSession;
         this.#backendApiClients = backendApiClients;
         const account = Account.fromStorage(this.#storage);
         const chainId = account?.chainId || 8453;
@@ -6699,6 +6875,7 @@ class EvmProvider {
             case 'eth_requestAccounts': {
                 let account = Account.fromStorage(this.#storage);
                 if (account) {
+                    this.#eventEmitter.emit(ProviderEvent.ACCOUNTS_CONNECT, { chainId: bytes.hexlify(account.chainId) });
                     return [account.address];
                 }
                 const signer = SignerManager.fromStorage();
@@ -6720,6 +6897,8 @@ class EvmProvider {
                 if (!account || !signer || !authentication) {
                     throw new JsonRpcError(ProviderErrorCode.UNAUTHORIZED, 'Unauthorized - call eth_requestAccounts first');
                 }
+                this.#validateAndRefreshSession();
+                console.log(`eth_sendTransaction ${this.#policyId}`);
                 return await sendTransaction({
                     params: request.params || [],
                     signer,
@@ -6736,6 +6915,7 @@ class EvmProvider {
                 if (!account || !signer) {
                     throw new JsonRpcError(ProviderErrorCode.UNAUTHORIZED, 'Unauthorized - call eth_requestAccounts first');
                 }
+                this.#validateAndRefreshSession();
                 return await signTypedDataV4({
                     method: request.method,
                     params: request.params || [],
@@ -6744,6 +6924,19 @@ class EvmProvider {
                     rpcProvider: this.#rpcProvider,
                 });
             }
+            case 'personal_sign': {
+                const account = Account.fromStorage(this.#storage);
+                const signer = SignerManager.fromStorage();
+                if (!account || !signer) {
+                    throw new JsonRpcError(ProviderErrorCode.UNAUTHORIZED, 'Unauthorized - call eth_requestAccounts first');
+                }
+                this.#validateAndRefreshSession();
+                return await personalSign({
+                    params: request.params || [],
+                    signer,
+                    account,
+                });
+            }
             case 'eth_chainId': {
                 // Call detect network to fetch the chainId so to take advantage of
                 // the caching layer provided by StaticJsonRpcProvider.
@@ -6754,6 +6947,25 @@ class EvmProvider {
                 const { chainId } = await this.#rpcProvider.detectNetwork();
                 return bytes.hexlify(chainId);
             }
+            case 'wallet_switchEthereumChain': {
+                const signer = SignerManager.fromStorage();
+                if (!signer) {
+                    throw new JsonRpcError(ProviderErrorCode.UNAUTHORIZED, 'Unauthorized - must be authenticated and configured with a signer');
+                }
+                if (!request.params || !Array.isArray(request.params) || request.params.length === 0) {
+                    throw new JsonRpcError(RpcErrorCode.INVALID_PARAMS, 'Invalid parameters for wallet_switchEthereumChain');
+                }
+                this.#validateAndRefreshSession();
+                try {
+                    const chainIdNumber = parseInt(request.params[0].chainId, 16);
+                    await signer.switchChain({ chainId: chainIdNumber });
+                    this.#rpcProvider = new providers.StaticJsonRpcProvider(chainMap[chainIdNumber].rpc[0]);
+                }
+                catch (error) {
+                    throw new JsonRpcError(RpcErrorCode.INTERNAL_ERROR, 'Failed to switch chain');
+                }
+                return null;
+            }
             case 'wallet_addEthereumChain': {
                 const signer = SignerManager.fromStorage();
                 if (!signer) {
@@ -6775,6 +6987,7 @@ class EvmProvider {
                 if (!account || !signer || !authentication) {
                     throw new JsonRpcError(ProviderErrorCode.UNAUTHORIZED, 'Unauthorized - call eth_requestAccounts first');
                 }
+                this.#validateAndRefreshSession();
                 return await getCallStatus({
                     params: (request.params || {}),
                     authentication,
@@ -6789,6 +7002,7 @@ class EvmProvider {
                 if (!account || !signer || !authentication) {
                     throw new JsonRpcError(ProviderErrorCode.UNAUTHORIZED, 'Unauthorized - call eth_requestAccounts first');
                 }
+                this.#validateAndRefreshSession();
                 return await sendCalls({
                     params: request.params || [],
                     signer,
@@ -6805,6 +7019,7 @@ class EvmProvider {
                 if (!account || !signer || !authentication) {
                     throw new JsonRpcError(ProviderErrorCode.UNAUTHORIZED, 'Unauthorized - call eth_requestAccounts first');
                 }
+                this.#validateAndRefreshSession();
                 return await registerSession({
                     params: (request.params || []),
                     signer,
@@ -6822,6 +7037,7 @@ class EvmProvider {
                 if (!account || !signer || !authentication) {
                     throw new JsonRpcError(ProviderErrorCode.UNAUTHORIZED, 'Unauthorized - call eth_requestAccounts first');
                 }
+                this.#validateAndRefreshSession();
                 return await revokeSession({
                     params: (request.params || {}),
                     signer,
@@ -6843,6 +7059,9 @@ class EvmProvider {
                         paymasterService: {
                             supported: true,
                         },
+                        atomicBatch: {
+                            supported: true,
+                        },
                     },
                 };
                 return capabilities;
@@ -6983,6 +7202,7 @@ function announceProvider(detail) {
 
 class Openfort {
     storage;
+    provider = null;
     constructor(sdkConfiguration) {
         this.storage = new LocalStorage();
         const configuration = new Configuration(sdkConfiguration.baseConfiguration.publishableKey, sdkConfiguration.overrides?.backendUrl || 'https://api.openfort.xyz', sdkConfiguration.shieldConfiguration?.shieldPublishableKey || '', sdkConfiguration.shieldConfiguration?.shieldEncryptionKey || '', sdkConfiguration.overrides?.shieldUrl || 'https://shield.openfort.xyz', sdkConfiguration.overrides?.iframeUrl || 'https://embedded.openfort.xyz', sdkConfiguration.shieldConfiguration?.debug || false);
@@ -7011,20 +7231,26 @@ class Openfort {
         const authentication = Authentication.fromStorage(this.storage);
         const signer = SignerManager.fromStorage();
         const account = Account.fromStorage(this.storage);
-        const provider = new EvmProvider({
-            storage: this.storage,
-            openfortEventEmitter: new TypedEventEmitter(),
-            signer: signer || undefined,
-            account: account || undefined,
-            authentication: authentication || undefined,
-            backendApiClients: this.backendApiClients,
-            policyId: options.policy,
-        });
-        announceProvider({
-            info: { ...openfortProviderInfo, ...options.providerInfo },
-            provider,
-        });
-        return provider;
+        if (!this.provider) {
+            this.provider = new EvmProvider({
+                storage: this.storage,
+                openfortEventEmitter: new TypedEventEmitter(),
+                signer: signer || undefined,
+                account: account || undefined,
+                authentication: authentication || undefined,
+                backendApiClients: this.backendApiClients,
+                policyId: options.policy,
+                validateAndRefreshSession: this.validateAndRefreshToken.bind(this),
+            });
+            announceProvider({
+                info: { ...openfortProviderInfo, ...options.providerInfo },
+                provider: this.provider,
+            });
+        }
+        else if (this.provider && options.policy) {
+            this.provider.updatePolicy(options.policy);
+        }
+        return this.provider;
     }
     /**
      * Configures a session key and returns the session key details.

package/dist/index.d.ts

@@ -577,6 +577,7 @@ type Provider = {
 
 declare class Openfort {
     private readonly storage;
+    private provider;
     constructor(sdkConfiguration: OpenfortSDKConfiguration);
     /**
      * Logs the user out by flushing the signer and removing credentials.

package/dist/index.js

@@ -3316,7 +3316,7 @@ class KeyPair extends SigningKey {
     }
 }
 
-const VERSION = '0.8.18';
+const VERSION = '0.8.20';
 
 var Event;
 (function (Event) {
@@ -3327,6 +3327,8 @@ var Event;
     Event["AUTHENTICATION_UPDATED"] = "authentication-updated";
     Event["SIGN"] = "sign";
     Event["SET_RECOVERY_METHOD"] = "set-recovery-method";
+    Event["SWITCH_CHAIN"] = "switch-chain";
+    Event["CHAIN_SWITCHED"] = "chain-switched";
     Event["EXPORT"] = "export";
     Event["SIGNED"] = "signed";
     Event["LOGOUT"] = "logout";
@@ -3396,6 +3398,17 @@ class SignRequest {
         this.requestConfiguration = requestConfiguration;
     }
 }
+class SwitchChainRequest {
+    uuid;
+    action = Event.SWITCH_CHAIN;
+    chainId;
+    requestConfiguration;
+    constructor(uuid, chainId, requestConfiguration) {
+        this.uuid = uuid;
+        this.chainId = chainId;
+        this.requestConfiguration = requestConfiguration;
+    }
+}
 class ExportPrivateKeyRequest {
     uuid;
     action = Event.EXPORT;
@@ -3466,6 +3479,27 @@ class ConfigureResponse {
         this.version = null;
     }
 }
+class SwitchChainResponse {
+    uuid;
+    success;
+    deviceID;
+    address;
+    chainId;
+    accountType;
+    ownerAddress;
+    version;
+    action = Event.CHAIN_SWITCHED;
+    constructor(uuid, deviceID, accountType, chainId, address, ownerAddress) {
+        this.success = true;
+        this.deviceID = deviceID;
+        this.uuid = uuid;
+        this.accountType = accountType;
+        this.chainId = chainId;
+        this.address = address;
+        this.ownerAddress = ownerAddress;
+        this.version = null;
+    }
+}
 class UpdateAuthenticationResponse {
     uuid;
     success;
@@ -3636,6 +3670,7 @@ class IframeManager {
         [Event.AUTHENTICATION_UPDATED]: UpdateAuthenticationResponse,
         [Event.CURRENT_DEVICE]: GetCurrentDeviceResponse,
         [Event.SIGNED]: SignResponse,
+        [Event.CHAIN_SWITCHED]: SwitchChainResponse,
         [Event.LOGGED_OUT]: LogoutResponse,
         [Event.SET_RECOVERY_METHOD]: SetRecoveryMethodResponse,
         [Event.EXPORT]: ExportPrivateKeyResponse,
@@ -3733,6 +3768,33 @@ class IframeManager {
         sessionStorage.setItem('iframe-version', response.version ?? 'undefined');
         return response.signature;
     }
+    async switchChain(iframeConfiguration, chainId) {
+        await this.waitForIframeLoad();
+        const uuid = this.generateShortUUID();
+        const requestConfiguration = {
+            thirdPartyProvider: iframeConfiguration.thirdPartyProvider ?? undefined,
+            thirdPartyTokenType: iframeConfiguration.thirdPartyTokenType ?? undefined,
+            token: iframeConfiguration.accessToken ?? undefined,
+            publishableKey: this.sdkConfiguration.baseConfiguration.publishableKey,
+            openfortURL: this.sdkConfiguration.backendUrl,
+        };
+        const request = new SwitchChainRequest(uuid, chainId, requestConfiguration);
+        this.iframe?.contentWindow?.postMessage(request, '*');
+        let response;
+        try {
+            response = await this.waitForResponse(uuid);
+        }
+        catch (e) {
+            console.log('switchChain', e);
+            if (e instanceof NotConfiguredError) {
+                await this.configure(iframeConfiguration);
+                return this.switchChain(iframeConfiguration, chainId);
+            }
+            throw e;
+        }
+        sessionStorage.setItem('iframe-version', response.version ?? 'undefined');
+        return response;
+    }
     async export(iframeConfiguration) {
         await this.waitForIframeLoad();
         const uuid = this.generateShortUUID();
@@ -3981,6 +4043,30 @@ class Recovery {
     }
 }
 
+class Account {
+    type;
+    address;
+    ownerAddress;
+    chainId;
+    constructor(type, address, chainId, ownerAddress) {
+        this.type = type;
+        this.address = address;
+        this.chainId = chainId;
+        this.ownerAddress = ownerAddress;
+    }
+    static fromStorage(storage) {
+        const account = storage.get(StorageKeys.ACCOUNT);
+        if (!account) {
+            return null;
+        }
+        const accountObj = JSON.parse(account);
+        return new Account(accountObj.type, accountObj.address, accountObj.chainId, accountObj.ownerAddress);
+    }
+    save(storage) {
+        storage.save(StorageKeys.ACCOUNT, JSON.stringify(this));
+    }
+}
+
 class EmbeddedSigner {
     iframeManager;
     iframeConfiguration;
@@ -3996,6 +4082,12 @@ class EmbeddedSigner {
     async export() {
         return await this.iframeManager.export(this.iframeConfiguration);
     }
+    async switchChain({ chainId }) {
+        const deviceAccount = await this.iframeManager
+            .switchChain(this.iframeConfiguration, chainId);
+        new Account(deviceAccount.accountType, deviceAccount.address, deviceAccount.chainId, deviceAccount.ownerAddress).save(this.storage);
+        SignerManager.storage.save(StorageKeys.SIGNER, JSON.stringify(deviceAccount));
+    }
     async setEmbeddedRecovery({ recoveryMethod, recoveryPassword, encryptionSession }) {
         await this.iframeManager
             .setEmbeddedRecovery(this.iframeConfiguration, recoveryMethod, recoveryPassword, encryptionSession);
@@ -4065,6 +4157,10 @@ class SessionSigner {
     updateAuthentication() {
         return Promise.resolve();
     }
+    // eslint-disable-next-line class-methods-use-this
+    switchChain() {
+        return Promise.resolve();
+    }
     async export() {
         return this.sessionKey.getPrivateKey();
     }
@@ -4074,30 +4170,6 @@ class SessionSigner {
     }
 }
 
-class Account {
-    type;
-    address;
-    ownerAddress;
-    chainId;
-    constructor(type, address, chainId, ownerAddress) {
-        this.type = type;
-        this.address = address;
-        this.chainId = chainId;
-        this.ownerAddress = ownerAddress;
-    }
-    static fromStorage(storage) {
-        const account = storage.get(StorageKeys.ACCOUNT);
-        if (!account) {
-            return null;
-        }
-        const accountObj = JSON.parse(account);
-        return new Account(accountObj.type, accountObj.address, accountObj.chainId, accountObj.ownerAddress);
-    }
-    save(storage) {
-        storage.save(StorageKeys.ACCOUNT, JSON.stringify(this));
-    }
-}
-
 let iframeManagerSingleton = null;
 class SignerManager {
     static storage = new LocalStorage();
@@ -4857,6 +4929,7 @@ var BackendTransactionStatus;
 var ProviderEvent;
 (function (ProviderEvent) {
     ProviderEvent["ACCOUNTS_CHANGED"] = "accountsChanged";
+    ProviderEvent["ACCOUNTS_CONNECT"] = "connect";
 })(ProviderEvent || (ProviderEvent = {}));
 
 /**
@@ -4925,7 +4998,14 @@ const sendTransaction = async ({ params, signer, account, authentication, backen
     const openfortTransaction = await buildOpenfortTransactions$4(params, backendClient, account, authentication, policyId);
     let response;
     if (openfortTransaction?.nextAction?.payload?.signableHash) {
-        const signature = await signer.sign(openfortTransaction.nextAction.payload.signableHash);
+        let signature;
+        // zkSync and Sophon test need a different signature
+        if ([300, 531050104, 324, 50104].includes(account.chainId)) {
+            signature = await signer.sign(openfortTransaction.nextAction.payload.signableHash, false, false);
+        }
+        else {
+            signature = await signer.sign(openfortTransaction.nextAction.payload.signableHash);
+        }
         const openfortSignatureResponse = (await backendClient.transactionIntentsApi.signature({
             id: openfortTransaction.id,
             signatureRequest: { signature },
@@ -5039,7 +5119,7 @@ class TypedEventEmitter {
     }
 }
 
-const chain$s = {
+const chain$t = {
     name: 'ZKsync Sepolia Testnet',
     title: 'ZKsync Sepolia Testnet',
     chain: 'zksync-sepolia-testnet',
@@ -5067,6 +5147,34 @@ const chain$s = {
     slug: 'zksync-sepolia-testnet',
 };
 
+const chain$s = {
+    name: 'ZKsync Era',
+    title: 'ZKsync Era',
+    chain: 'zksync-era',
+    rpc: ['https://mainnet.era.zksync.io'],
+    nativeCurrency: {
+        name: 'Ether',
+        symbol: 'ETH',
+        decimals: 18,
+    },
+    shortName: 'zksync-era',
+    chainId: 324,
+    explorers: [
+        {
+            name: 'Etherscan',
+            url: 'https://era.zksync.network/',
+            standard: 'EIP3091',
+        },
+        {
+            name: 'ZKsync Explorer',
+            url: 'https://explorer.zksync.io/',
+            standard: 'EIP3091',
+        },
+    ],
+    testnet: false,
+    slug: 'zksync-era',
+};
+
 const chain$r = {
     chain: 'BSC',
     chainId: 56,
@@ -5453,12 +5561,9 @@ const chain$i = {
     networkId: 11155111,
     redFlags: [],
     rpc: [
-        'https://rpc.sepolia.org',
-        'https://rpc2.sepolia.org',
-        'https://rpc-sepolia.rockx.com',
+        'https://ethereum-sepolia-rpc.publicnode.com',
         'https://rpc.sepolia.ethpandaops.io',
         'https://sepolia.gateway.tenderly.co',
-        'https://ethereum-sepolia.publicnode.com',
     ],
     shortName: 'sep',
     slug: 'sepolia',
@@ -6195,6 +6300,29 @@ const sophonTestnet = {
     slug: 'sophon-testnet',
 };
 
+const sophonMainnet = {
+    name: 'Sophon',
+    title: 'Sophon',
+    chain: 'sophon',
+    rpc: ['https://rpc.sophon.xyz'],
+    nativeCurrency: {
+        name: 'Sophon',
+        symbol: 'SOPH',
+        decimals: 18,
+    },
+    shortName: 'sophon',
+    chainId: 50104,
+    explorers: [
+        {
+            name: 'Sophon Block Explorer',
+            url: 'https://explorer.sophon.xyz',
+            standard: 'EIP3091',
+        },
+    ],
+    testnet: false,
+    slug: 'sophon',
+};
+
 const chain$1 = {
     chainId: 2358,
     name: 'Kroma Sepolia',
@@ -6235,7 +6363,9 @@ const chainMap = {
     // eslint-disable-next-line @typescript-eslint/naming-convention
     1: chain$j,
     // eslint-disable-next-line @typescript-eslint/naming-convention
-    300: chain$s,
+    300: chain$t,
+    // eslint-disable-next-line @typescript-eslint/naming-convention
+    324: chain$s,
     // eslint-disable-next-line @typescript-eslint/naming-convention
     56: chain$r,
     // eslint-disable-next-line @typescript-eslint/naming-convention
@@ -6293,6 +6423,8 @@ const chainMap = {
     // eslint-disable-next-line @typescript-eslint/naming-convention
     531050104: sophonTestnet,
     // eslint-disable-next-line @typescript-eslint/naming-convention
+    50104: sophonMainnet,
+    // eslint-disable-next-line @typescript-eslint/naming-convention
     2358: chain$1,
     // eslint-disable-next-line @typescript-eslint/naming-convention
     255: chain,
@@ -6428,6 +6560,7 @@ const buildOpenfortTransactions$3 = async (params, backendApiClients, account, a
     const formattedPermissions = param.permissions.map(formatPermissionRequest);
     const whitelist = formattedPermissions.filter((p) => p.type === 'contract-call'
         || p.type === 'erc20-token-transfer').map((p) => p.data.address);
+    const limit = formattedPermissions[0].policies.find((p) => p.type === 'usage-limit')?.data?.limit;
     if (param.signer && param.signer.type === 'keys') {
         throw new JsonRpcError(RpcErrorCode.INVALID_PARAMS, 'Failed to request permissions - missing session address');
     }
@@ -6435,7 +6568,7 @@ const buildOpenfortTransactions$3 = async (params, backendApiClients, account, a
     if (!sessionAddress) {
         throw new JsonRpcError(RpcErrorCode.INVALID_PARAMS, 'Failed to request permissions - missing session address');
     }
-    const sessionRequest = formatSessionRequest$1(sessionAddress, account.chainId, now, expiry, policyId, false, whitelist, authentication.player);
+    const sessionRequest = formatSessionRequest$1(sessionAddress, account.chainId, now, expiry, policyId, false, whitelist, authentication.player, limit);
     const transactionResponse = await backendApiClients.sessionsApi.createSession({
         createSessionRequest: sessionRequest,
     }, {
@@ -6474,7 +6607,14 @@ const registerSession = async ({ params, signer, account, authentication, backen
     const openfortTransaction = await buildOpenfortTransactions$3(params, backendClient, account, authentication, policyId);
     let response;
     if (openfortTransaction?.nextAction?.payload?.signableHash) {
-        const signature = await signer.sign(openfortTransaction.nextAction.payload.signableHash);
+        let signature;
+        // zkSync and Sophon test need a different signature
+        if ([300, 531050104, 324, 50104].includes(account.chainId)) {
+            signature = await signer.sign(openfortTransaction.nextAction.payload.signableHash, false, false);
+        }
+        else {
+            signature = await signer.sign(openfortTransaction.nextAction.payload.signableHash);
+        }
         const openfortSignatureResponse = await backendClient.sessionsApi.signatureSession({
             id: openfortTransaction.id,
             signatureRequest: { signature },
@@ -6524,7 +6664,14 @@ const revokeSession = async ({ params, signer, account, authentication, backendC
     const openfortTransaction = await buildOpenfortTransactions$2(params, backendClient, account, authentication, policyId);
     let response;
     if (openfortTransaction?.nextAction?.payload?.signableHash) {
-        const signature = await signer.sign(openfortTransaction.nextAction.payload.signableHash);
+        let signature;
+        // zkSync and Sophon test need a different signature
+        if ([300, 531050104, 324, 50104].includes(account.chainId)) {
+            signature = await signer.sign(openfortTransaction.nextAction.payload.signableHash, false, false);
+        }
+        else {
+            signature = await signer.sign(openfortTransaction.nextAction.payload.signableHash);
+        }
         const openfortSignatureResponse = await backendClient.sessionsApi.signatureSession({
             id: openfortTransaction.id,
             signatureRequest: { signature },
@@ -6578,7 +6725,14 @@ const sendCalls = async ({ params, signer, account, authentication, backendClien
     const openfortTransaction = await buildOpenfortTransactions$1(params[0].calls, backendClient, account, authentication, policy);
     let response;
     if (openfortTransaction?.nextAction?.payload?.signableHash) {
-        const signature = await signer.sign(openfortTransaction.nextAction.payload.signableHash);
+        let signature;
+        // zkSync and Sophon test need a different signature
+        if ([300, 531050104, 324, 50104].includes(account.chainId)) {
+            signature = await signer.sign(openfortTransaction.nextAction.payload.signableHash, false, false);
+        }
+        else {
+            signature = await signer.sign(openfortTransaction.nextAction.payload.signableHash);
+        }
         const openfortSignatureResponse = (await backendClient.transactionIntentsApi.signature({
             id: openfortTransaction.id,
             signatureRequest: { signature },
@@ -6637,16 +6791,38 @@ const getCallStatus = async ({ params, authentication, backendClient, }) => {
     };
 };
 
+const personalSign = async ({ params, signer, account, }) => {
+    const message = params[0];
+    const fromAddress = params[1];
+    if (!fromAddress || !message) {
+        throw new JsonRpcError(RpcErrorCode.INVALID_PARAMS, 'personal_sign requires an address and a message');
+    }
+    if (fromAddress.toLowerCase() !== account.address.toLowerCase()) {
+        throw new JsonRpcError(RpcErrorCode.INVALID_PARAMS, 'personal_sign requires the signer to be the from address');
+    }
+    const signature = await signer.sign(message, false, true);
+    return signature;
+};
+
 class EvmProvider {
     #storage;
     #policyId;
+    /**
+     * Updates the policy ID for the provider
+     * @param newPolicyId - The new policy ID to use
+     */
+    updatePolicy(newPolicy) {
+        this.#policyId = newPolicy;
+    }
+    #validateAndRefreshSession;
     #eventEmitter;
     #rpcProvider; // Used for read
     #backendApiClients;
     isOpenfort = true;
-    constructor({ storage, backendApiClients, openfortEventEmitter, policyId, }) {
+    constructor({ storage, backendApiClients, openfortEventEmitter, policyId, validateAndRefreshSession, }) {
         this.#storage = storage;
         this.#policyId = policyId;
+        this.#validateAndRefreshSession = validateAndRefreshSession;
         this.#backendApiClients = backendApiClients;
         const account = Account.fromStorage(this.#storage);
         const chainId = account?.chainId || 8453;
@@ -6676,6 +6852,7 @@ class EvmProvider {
             case 'eth_requestAccounts': {
                 let account = Account.fromStorage(this.#storage);
                 if (account) {
+                    this.#eventEmitter.emit(ProviderEvent.ACCOUNTS_CONNECT, { chainId: hexlify(account.chainId) });
                     return [account.address];
                 }
                 const signer = SignerManager.fromStorage();
@@ -6697,6 +6874,8 @@ class EvmProvider {
                 if (!account || !signer || !authentication) {
                     throw new JsonRpcError(ProviderErrorCode.UNAUTHORIZED, 'Unauthorized - call eth_requestAccounts first');
                 }
+                this.#validateAndRefreshSession();
+                console.log(`eth_sendTransaction ${this.#policyId}`);
                 return await sendTransaction({
                     params: request.params || [],
                     signer,
@@ -6713,6 +6892,7 @@ class EvmProvider {
                 if (!account || !signer) {
                     throw new JsonRpcError(ProviderErrorCode.UNAUTHORIZED, 'Unauthorized - call eth_requestAccounts first');
                 }
+                this.#validateAndRefreshSession();
                 return await signTypedDataV4({
                     method: request.method,
                     params: request.params || [],
@@ -6721,6 +6901,19 @@ class EvmProvider {
                     rpcProvider: this.#rpcProvider,
                 });
             }
+            case 'personal_sign': {
+                const account = Account.fromStorage(this.#storage);
+                const signer = SignerManager.fromStorage();
+                if (!account || !signer) {
+                    throw new JsonRpcError(ProviderErrorCode.UNAUTHORIZED, 'Unauthorized - call eth_requestAccounts first');
+                }
+                this.#validateAndRefreshSession();
+                return await personalSign({
+                    params: request.params || [],
+                    signer,
+                    account,
+                });
+            }
             case 'eth_chainId': {
                 // Call detect network to fetch the chainId so to take advantage of
                 // the caching layer provided by StaticJsonRpcProvider.
@@ -6731,6 +6924,25 @@ class EvmProvider {
                 const { chainId } = await this.#rpcProvider.detectNetwork();
                 return hexlify(chainId);
             }
+            case 'wallet_switchEthereumChain': {
+                const signer = SignerManager.fromStorage();
+                if (!signer) {
+                    throw new JsonRpcError(ProviderErrorCode.UNAUTHORIZED, 'Unauthorized - must be authenticated and configured with a signer');
+                }
+                if (!request.params || !Array.isArray(request.params) || request.params.length === 0) {
+                    throw new JsonRpcError(RpcErrorCode.INVALID_PARAMS, 'Invalid parameters for wallet_switchEthereumChain');
+                }
+                this.#validateAndRefreshSession();
+                try {
+                    const chainIdNumber = parseInt(request.params[0].chainId, 16);
+                    await signer.switchChain({ chainId: chainIdNumber });
+                    this.#rpcProvider = new StaticJsonRpcProvider(chainMap[chainIdNumber].rpc[0]);
+                }
+                catch (error) {
+                    throw new JsonRpcError(RpcErrorCode.INTERNAL_ERROR, 'Failed to switch chain');
+                }
+                return null;
+            }
             case 'wallet_addEthereumChain': {
                 const signer = SignerManager.fromStorage();
                 if (!signer) {
@@ -6752,6 +6964,7 @@ class EvmProvider {
                 if (!account || !signer || !authentication) {
                     throw new JsonRpcError(ProviderErrorCode.UNAUTHORIZED, 'Unauthorized - call eth_requestAccounts first');
                 }
+                this.#validateAndRefreshSession();
                 return await getCallStatus({
                     params: (request.params || {}),
                     authentication,
@@ -6766,6 +6979,7 @@ class EvmProvider {
                 if (!account || !signer || !authentication) {
                     throw new JsonRpcError(ProviderErrorCode.UNAUTHORIZED, 'Unauthorized - call eth_requestAccounts first');
                 }
+                this.#validateAndRefreshSession();
                 return await sendCalls({
                     params: request.params || [],
                     signer,
@@ -6782,6 +6996,7 @@ class EvmProvider {
                 if (!account || !signer || !authentication) {
                     throw new JsonRpcError(ProviderErrorCode.UNAUTHORIZED, 'Unauthorized - call eth_requestAccounts first');
                 }
+                this.#validateAndRefreshSession();
                 return await registerSession({
                     params: (request.params || []),
                     signer,
@@ -6799,6 +7014,7 @@ class EvmProvider {
                 if (!account || !signer || !authentication) {
                     throw new JsonRpcError(ProviderErrorCode.UNAUTHORIZED, 'Unauthorized - call eth_requestAccounts first');
                 }
+                this.#validateAndRefreshSession();
                 return await revokeSession({
                     params: (request.params || {}),
                     signer,
@@ -6820,6 +7036,9 @@ class EvmProvider {
                         paymasterService: {
                             supported: true,
                         },
+                        atomicBatch: {
+                            supported: true,
+                        },
                     },
                 };
                 return capabilities;
@@ -6960,6 +7179,7 @@ function announceProvider(detail) {
 
 class Openfort {
     storage;
+    provider = null;
     constructor(sdkConfiguration) {
         this.storage = new LocalStorage();
         const configuration = new Configuration(sdkConfiguration.baseConfiguration.publishableKey, sdkConfiguration.overrides?.backendUrl || 'https://api.openfort.xyz', sdkConfiguration.shieldConfiguration?.shieldPublishableKey || '', sdkConfiguration.shieldConfiguration?.shieldEncryptionKey || '', sdkConfiguration.overrides?.shieldUrl || 'https://shield.openfort.xyz', sdkConfiguration.overrides?.iframeUrl || 'https://embedded.openfort.xyz', sdkConfiguration.shieldConfiguration?.debug || false);
@@ -6988,20 +7208,26 @@ class Openfort {
         const authentication = Authentication.fromStorage(this.storage);
         const signer = SignerManager.fromStorage();
         const account = Account.fromStorage(this.storage);
-        const provider = new EvmProvider({
-            storage: this.storage,
-            openfortEventEmitter: new TypedEventEmitter(),
-            signer: signer || undefined,
-            account: account || undefined,
-            authentication: authentication || undefined,
-            backendApiClients: this.backendApiClients,
-            policyId: options.policy,
-        });
-        announceProvider({
-            info: { ...openfortProviderInfo, ...options.providerInfo },
-            provider,
-        });
-        return provider;
+        if (!this.provider) {
+            this.provider = new EvmProvider({
+                storage: this.storage,
+                openfortEventEmitter: new TypedEventEmitter(),
+                signer: signer || undefined,
+                account: account || undefined,
+                authentication: authentication || undefined,
+                backendApiClients: this.backendApiClients,
+                policyId: options.policy,
+                validateAndRefreshSession: this.validateAndRefreshToken.bind(this),
+            });
+            announceProvider({
+                info: { ...openfortProviderInfo, ...options.providerInfo },
+                provider: this.provider,
+            });
+        }
+        else if (this.provider && options.policy) {
+            this.provider.updatePolicy(options.policy);
+        }
+        return this.provider;
     }
     /**
      * Configures a session key and returns the session key details.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openfort/openfort-js",
-  "version": "0.8.18",
+  "version": "0.8.20",
   "author": "Openfort (https://www.openfort.xyz)",
   "bugs": "https://github.com/openfort-xyz/openfort-js/issues",
   "repository": "openfort-xyz/openfort-js.git",