@openfort/openfort-node 0.8.4 → 0.9.0

package/dist/index.mjs

@@ -5,6 +5,7 @@ var __export = (target, all) => {
 };
 
 // src/index.ts
+import { timingSafeEqual } from "crypto";
 import {
   entropy,
   ShieldAuthProvider,
@@ -374,7 +375,7 @@ function requiresWalletAuth(requestMethod, requestPath) {
 }
 
 // src/version.ts
-var VERSION = "0.8.4";
+var VERSION = "0.9.0";
 var PACKAGE = "@openfort/openfort-node";
 
 // src/openapi-client/openfortApiClient.ts
@@ -2001,6 +2002,76 @@ var deleteEvent = (id, options) => {
   );
 };
 
+// src/openapi-client/generated/fee-sponsorship/fee-sponsorship.ts
+var listFeeSponsorships = (params, options) => {
+  return openfortApiClient(
+    {
+      url: `/v2/fee-sponsorship`,
+      method: "GET",
+      params
+    },
+    options
+  );
+};
+var createFeeSponsorship = (createFeeSponsorshipRequest, options) => {
+  return openfortApiClient(
+    {
+      url: `/v2/fee-sponsorship`,
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      data: createFeeSponsorshipRequest
+    },
+    options
+  );
+};
+var getFeeSponsorship = (feeSponsorshipId, options) => {
+  return openfortApiClient(
+    {
+      url: `/v2/fee-sponsorship/${feeSponsorshipId}`,
+      method: "GET"
+    },
+    options
+  );
+};
+var updateFeeSponsorship = (feeSponsorshipId, updateFeeSponsorshipRequest, options) => {
+  return openfortApiClient(
+    {
+      url: `/v2/fee-sponsorship/${feeSponsorshipId}`,
+      method: "PUT",
+      headers: { "Content-Type": "application/json" },
+      data: updateFeeSponsorshipRequest
+    },
+    options
+  );
+};
+var deleteFeeSponsorship = (feeSponsorshipId, options) => {
+  return openfortApiClient(
+    {
+      url: `/v2/fee-sponsorship/${feeSponsorshipId}`,
+      method: "DELETE"
+    },
+    options
+  );
+};
+var enableFeeSponsorship = (feeSponsorshipId, options) => {
+  return openfortApiClient(
+    {
+      url: `/v2/fee-sponsorship/${feeSponsorshipId}/enable`,
+      method: "PUT"
+    },
+    options
+  );
+};
+var disableFeeSponsorship = (feeSponsorshipId, options) => {
+  return openfortApiClient(
+    {
+      url: `/v2/fee-sponsorship/${feeSponsorshipId}/disable`,
+      method: "PUT"
+    },
+    options
+  );
+};
+
 // src/openapi-client/generated/forwarder-contract/forwarder-contract.ts
 var createForwarderContract = (createForwarderContractRequest, options) => {
   return openfortApiClient(
@@ -2053,6 +2124,160 @@ var deleteForwarderContract = (id, options) => {
   );
 };
 
+// src/openapi-client/generated/gas-policies-legacy/gas-policies-legacy.ts
+var getGasPoliciesLegacy = (params, options) => {
+  return openfortApiClient(
+    {
+      url: `/v1/policies`,
+      method: "GET",
+      params
+    },
+    options
+  );
+};
+var createGasPolicyLegacy = (createPolicyRequest, options) => {
+  return openfortApiClient(
+    {
+      url: `/v1/policies`,
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      data: createPolicyRequest
+    },
+    options
+  );
+};
+var getGasPolicyLegacy = (id, params, options) => {
+  return openfortApiClient(
+    {
+      url: `/v1/policies/${id}`,
+      method: "GET",
+      params
+    },
+    options
+  );
+};
+var updateGasPolicyLegacy = (id, updatePolicyRequest, options) => {
+  return openfortApiClient(
+    {
+      url: `/v1/policies/${id}`,
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      data: updatePolicyRequest
+    },
+    options
+  );
+};
+var deleteGasPolicyLegacy = (id, options) => {
+  return openfortApiClient(
+    {
+      url: `/v1/policies/${id}`,
+      method: "DELETE"
+    },
+    options
+  );
+};
+var disableGasPolicyLegacy = (id, options) => {
+  return openfortApiClient(
+    {
+      url: `/v1/policies/${id}/disable`,
+      method: "PUT"
+    },
+    options
+  );
+};
+var enableGasPolicyLegacy = (id, options) => {
+  return openfortApiClient(
+    {
+      url: `/v1/policies/${id}/enable`,
+      method: "PUT"
+    },
+    options
+  );
+};
+var getGasPolicyTotalGasUsageLegacy = (id, params, options) => {
+  return openfortApiClient(
+    {
+      url: `/v1/policies/${id}/reports`,
+      method: "GET",
+      params
+    },
+    options
+  );
+};
+var getGasPolicyReportTransactionIntentsLegacy = (id, params, options) => {
+  return openfortApiClient(
+    {
+      url: `/v1/policies/${id}/reports/transaction_intents`,
+      method: "GET",
+      params
+    },
+    options
+  );
+};
+var getGasPolicyBalanceLegacy = (id, options) => {
+  return openfortApiClient(
+    {
+      url: `/v1/policies/${id}/withdraw`,
+      method: "GET"
+    },
+    options
+  );
+};
+var createGasPolicyWithdrawalLegacy = (id, withdrawalPolicyRequest, options) => {
+  return openfortApiClient(
+    {
+      url: `/v1/policies/${id}/withdraw`,
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      data: withdrawalPolicyRequest
+    },
+    options
+  );
+};
+
+// src/openapi-client/generated/gas-policy-rules-legacy/gas-policy-rules-legacy.ts
+var getGasPolicyRulesLegacy = (params, options) => {
+  return openfortApiClient(
+    {
+      url: `/v1/policy_rules`,
+      method: "GET",
+      params
+    },
+    options
+  );
+};
+var createGasPolicyRuleLegacy = (createPolicyRuleRequest, options) => {
+  return openfortApiClient(
+    {
+      url: `/v1/policy_rules`,
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      data: createPolicyRuleRequest
+    },
+    options
+  );
+};
+var updateGasPolicyRuleLegacy = (id, updatePolicyRuleRequest, options) => {
+  return openfortApiClient(
+    {
+      url: `/v1/policy_rules/${id}`,
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      data: updatePolicyRuleRequest
+    },
+    options
+  );
+};
+var deleteGasPolicyRuleLegacy = (id, options) => {
+  return openfortApiClient(
+    {
+      url: `/v1/policy_rules/${id}`,
+      method: "DELETE"
+    },
+    options
+  );
+};
+
 // src/openapi-client/generated/graph-q-l/graph-q-l.ts
 var query = (queryBody, options) => {
   return openfortApiClient(
@@ -2365,7 +2590,8 @@ var PregenerateUserRequestV2ChainType = {
 };
 var PolicyV2Scope = {
   project: "project",
-  account: "account"
+  account: "account",
+  transaction: "transaction"
 };
 var PolicyV2Action = {
   accept: "accept",
@@ -2497,9 +2723,10 @@ var EntityTypePOLICYV2RULE = {
 var EntityTypePOLICYV2 = {
   policyV2: "policyV2"
 };
-var PolicyV2ListQueriesScope = {
+var PolicyV2ListQueriesScopeItem = {
   project: "project",
-  account: "account"
+  account: "account",
+  transaction: "transaction"
 };
 var EvmAddressCriterionRequestType = {
   evmAddress: "evmAddress"
@@ -2637,11 +2864,15 @@ var CreatePolicyV2RuleRequestAction = {
 };
 var CreatePolicyV2RequestScope = {
   project: "project",
-  account: "account"
+  account: "account",
+  transaction: "transaction"
 };
 var EvaluatePolicyV2ResponseObject = {
   policy_evaluation: "policy_evaluation"
 };
+var EntityTypeFEESPONSORSHIP = {
+  feeSponsorship: "feeSponsorship"
+};
 var CreateEmbeddedRequestAccountType = {
   Externally_Owned_Account: "Externally Owned Account",
   Smart_Account: "Smart Account",
@@ -2920,12 +3151,13 @@ var AuthenticationType = {
   basic: "basic",
   third_party: "third_party"
 };
-var GetPolicyRulesExpandItem = {
+var GetGasPolicyRulesLegacyExpandItem = {
   contract: "contract"
 };
-var ListPoliciesScope = {
+var ListPoliciesScopeItem = {
   project: "project",
-  account: "account"
+  account: "account",
+  transaction: "transaction"
 };
 var ListBackendWalletsChainType = {
   EVM: "EVM",
@@ -3073,115 +3305,6 @@ var cancelTransferAccountOwnership = (id, playerCancelTransferOwnershipRequest,
 };
 
 // src/openapi-client/generated/policies/policies.ts
-var getPolicies = (params, options) => {
-  return openfortApiClient(
-    {
-      url: `/v1/policies`,
-      method: "GET",
-      params
-    },
-    options
-  );
-};
-var createPolicy = (createPolicyRequest, options) => {
-  return openfortApiClient(
-    {
-      url: `/v1/policies`,
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      data: createPolicyRequest
-    },
-    options
-  );
-};
-var getPolicy = (id, params, options) => {
-  return openfortApiClient(
-    {
-      url: `/v1/policies/${id}`,
-      method: "GET",
-      params
-    },
-    options
-  );
-};
-var updatePolicy = (id, updatePolicyRequest, options) => {
-  return openfortApiClient(
-    {
-      url: `/v1/policies/${id}`,
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      data: updatePolicyRequest
-    },
-    options
-  );
-};
-var deletePolicy = (id, options) => {
-  return openfortApiClient(
-    {
-      url: `/v1/policies/${id}`,
-      method: "DELETE"
-    },
-    options
-  );
-};
-var disablePolicy = (id, options) => {
-  return openfortApiClient(
-    {
-      url: `/v1/policies/${id}/disable`,
-      method: "PUT"
-    },
-    options
-  );
-};
-var enablePolicy = (id, options) => {
-  return openfortApiClient(
-    {
-      url: `/v1/policies/${id}/enable`,
-      method: "PUT"
-    },
-    options
-  );
-};
-var getPolicyTotalGasUsage = (id, params, options) => {
-  return openfortApiClient(
-    {
-      url: `/v1/policies/${id}/reports`,
-      method: "GET",
-      params
-    },
-    options
-  );
-};
-var getPolicyReportTransactionIntents = (id, params, options) => {
-  return openfortApiClient(
-    {
-      url: `/v1/policies/${id}/reports/transaction_intents`,
-      method: "GET",
-      params
-    },
-    options
-  );
-};
-var getPolicyBalance = (id, options) => {
-  return openfortApiClient(
-    {
-      url: `/v1/policies/${id}/withdraw`,
-      method: "GET"
-    },
-    options
-  );
-};
-var createPolicyWithdrawal = (id, withdrawalPolicyRequest, options) => {
-  return openfortApiClient(
-    {
-      url: `/v1/policies/${id}/withdraw`,
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      data: withdrawalPolicyRequest
-    },
-    options
-  );
-};
 var listPolicies = (params, options) => {
   return openfortApiClient(
     {
@@ -3244,49 +3367,6 @@ var evaluatePolicyV2 = (evaluatePolicyV2Request, options) => {
   );
 };
 
-// src/openapi-client/generated/policy-rules/policy-rules.ts
-var getPolicyRules = (params, options) => {
-  return openfortApiClient(
-    {
-      url: `/v1/policy_rules`,
-      method: "GET",
-      params
-    },
-    options
-  );
-};
-var createPolicyRule = (createPolicyRuleRequest, options) => {
-  return openfortApiClient(
-    {
-      url: `/v1/policy_rules`,
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      data: createPolicyRuleRequest
-    },
-    options
-  );
-};
-var updatePolicyRule = (id, updatePolicyRuleRequest, options) => {
-  return openfortApiClient(
-    {
-      url: `/v1/policy_rules/${id}`,
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      data: updatePolicyRuleRequest
-    },
-    options
-  );
-};
-var deletePolicyRule = (id, options) => {
-  return openfortApiClient(
-    {
-      url: `/v1/policy_rules/${id}`,
-      method: "DELETE"
-    },
-    options
-  );
-};
-
 // src/openapi-client/generated/rpc/rpc.ts
 var handleRpcRequest = (jsonRpcRequest, options) => {
   return openfortApiClient(
@@ -4432,6 +4512,19 @@ var SignEvmHashRuleSchema = z.object({
   action: ActionEnum,
   operation: z.literal("signEvmHash")
 });
+var SponsorEvmTransactionCriteriaSchema = z.array(
+  z.discriminatedUnion("type", [
+    EthValueCriterionSchema,
+    EvmAddressCriterionSchema,
+    EvmNetworkCriterionSchema,
+    EvmDataCriterionSchema
+  ])
+).max(10);
+var SponsorEvmTransactionRuleSchema = z.object({
+  action: ActionEnum,
+  operation: z.literal("sponsorEvmTransaction"),
+  criteria: SponsorEvmTransactionCriteriaSchema
+});
 
 // src/policies/solanaSchema.ts
 import { z as z2 } from "zod";
@@ -4549,6 +4642,23 @@ var SignSolMessageRuleSchema = z2.object({
   operation: z2.literal("signSolMessage"),
   criteria: SignSolMessageCriteriaSchema
 });
+var SponsorSolTransactionCriteriaSchema = z2.array(
+  z2.discriminatedUnion("type", [
+    SolAddressCriterionSchema,
+    SolValueCriterionSchema,
+    SplAddressCriterionSchema,
+    SplValueCriterionSchema,
+    MintAddressCriterionSchema,
+    SolDataCriterionSchema,
+    ProgramIdCriterionSchema,
+    SolNetworkCriterionSchema
+  ])
+).max(10);
+var SponsorSolTransactionRuleSchema = z2.object({
+  action: ActionEnum,
+  operation: z2.literal("sponsorSolTransaction"),
+  criteria: SponsorSolTransactionCriteriaSchema
+});
 
 // src/policies/types.ts
 import { z as z3 } from "zod";
@@ -4559,9 +4669,11 @@ var RuleSchema = z3.discriminatedUnion("operation", [
   SignEvmMessageRuleSchema,
   SignEvmTypedDataRuleSchema,
   SignEvmHashRuleSchema,
+  SponsorEvmTransactionRuleSchema,
   SignSolTransactionRuleSchema,
   SendSolTransactionRuleSchema,
-  SignSolMessageRuleSchema
+  SignSolMessageRuleSchema,
+  SponsorSolTransactionRuleSchema
 ]);
 var CreatePolicyBodySchema = z3.object({
   /** The scope of the policy. 'project' applies to all accounts, 'account' applies to a specific account. */
@@ -4745,8 +4857,8 @@ var Openfort = class {
   // Players API
   // ============================================
   /**
-   * Player management endpoints
-   * @deprecated
+   * Player management endpoints.
+   * @deprecated Use `openfort.iam.users` for V2 user management.
    */
   get players() {
     return {
@@ -4786,39 +4898,60 @@ var Openfort = class {
   // Policies API
   // ============================================
   /**
-   * Policy management endpoints for controlling account operations.
+   * Policy management endpoints for criteria-based access control.
    *
    * Policies define rules that govern what operations accounts can perform,
-   * including transaction signing, message signing, and more.
+   * including transaction signing, message signing, and gas sponsorship.
+   * Each policy has a scope (project, account, or transaction), a priority,
+   * and an ordered list of rules. Each rule specifies an action (accept/reject),
+   * an operation, and criteria that must all match (AND logic).
+   *
+   * **Supported operations:**
+   * - EVM: `signEvmTransaction`, `sendEvmTransaction`, `signEvmTypedData`, `signEvmMessage`, `signEvmHash`, `sponsorEvmTransaction`
+   * - Solana: `signSolTransaction`, `sendSolTransaction`, `signSolMessage`, `sponsorSolTransaction`
+   *
+   * **Supported criteria types:**
+   * - EVM: `evmAddress`, `ethValue`, `evmNetwork`, `evmData`, `evmMessage`, `evmTypedDataVerifyingContract`, `evmTypedDataField`
+   * - Solana: `solAddress`, `solValue`, `splAddress`, `splValue`, `mintAddress`, `programId`, `solNetwork`, `solMessage`, `solData`
+   *
+   * Policies are evaluated in priority order (highest first). The first matching rule determines the outcome.
+   * If policies exist but no rule matches, the operation is rejected (fail-closed).
    *
    * @example
    * ```typescript
-   * // List all policies
-   * const all = await openfort.policies.list();
-   *
-   * // Create a policy
+   * // Create a policy that only allows transactions to specific addresses on certain chains
    * const policy = await openfort.policies.create({
    *   scope: 'project',
-   *   rules: [{ action: 'reject', operation: 'signEvmHash' }],
+   *   rules: [{
+   *     action: 'accept',
+   *     operation: 'sponsorEvmTransaction',
+   *     criteria: [
+   *       { type: 'evmNetwork', operator: 'in', chainIds: [1, 137] },
+   *       { type: 'evmAddress', operator: 'in', addresses: ['0x...'] },
+   *     ],
+   *   }],
    * });
    *
    * // Evaluate whether an operation would be allowed
-   * const result = await openfort.policies.evaluate({ operation: 'signEvmTransaction', accountId: 'acc_...' });
+   * const result = await openfort.policies.evaluate({
+   *   operation: 'signEvmTransaction',
+   *   accountId: 'acc_...',
+   * });
    * ```
    */
   get policies() {
     return {
-      /** List policies */
+      /** List policies, optionally filtered by scope, enabled status, or account */
       list: listPolicies,
-      /** Create a policy */
+      /** Create a policy with scope, priority, and criteria-based rules */
       create: createPolicyV2,
-      /** Get a policy by ID */
+      /** Get a policy by ID (ply_...) */
       get: getPolicyV2,
-      /** Update a policy */
+      /** Update a policy's description, priority, enabled status, or rules */
       update: updatePolicyV2,
-      /** Delete a policy */
+      /** Soft-delete a policy */
       delete: deletePolicyV2,
-      /** Evaluate an operation against policies */
+      /** Pre-flight check: evaluate whether an operation would be allowed without executing it */
       evaluate: evaluatePolicyV2
     };
   }
@@ -4826,56 +4959,83 @@ var Openfort = class {
   // Fee Sponsorship API
   // ============================================
   /**
-   * Fee sponsorship (gas policy) management endpoints
+   * Fee sponsorship endpoints for sponsoring gas costs on behalf of users.
+   *
+   * A fee sponsorship links a strategy (how gas is paid) to a policy (which
+   * transactions qualify). Create a policy first via `openfort.policies.create()`,
+   * then create a fee sponsorship referencing it.
+   *
+   * **Strategies (`sponsorSchema`):**
+   * - `pay_for_user` — Developer fully sponsors gas costs
+   * - `charge_custom_tokens` — User pays in ERC-20 tokens (fixed or dynamic exchange rate)
+   * - `fixed_rate` — User pays a fixed token amount per transaction
+   *
+   * **Workflow:**
+   * 1. Create a policy via `openfort.policies.create()` with criteria rules
+   * 2. Create a fee sponsorship via `openfort.feeSponsorship.create()` linking to that policy
+   *
+   * When a transaction is submitted without an explicit policy, project-scoped fee
+   * sponsorships are auto-discovered and the first matching one is applied.
+   *
+   * @example
+   * ```typescript
+   * // 1. Create a policy to sponsor transactions on Polygon
+   * const policy = await openfort.policies.create({
+   *   scope: 'project',
+   *   rules: [{
+   *     action: 'accept',
+   *     operation: 'sponsorEvmTransaction',
+   *     criteria: [{ type: 'evmNetwork', operator: 'in', chainIds: [137] }],
+   *   }],
+   * });
+   *
+   * // 2. Create a fee sponsorship with pay_for_user strategy
+   * const sponsorship = await openfort.feeSponsorship.create({
+   *   name: 'Polygon Gas Sponsorship',
+   *   strategy: { sponsorSchema: 'pay_for_user' },
+   *   policyId: policy.id,
+   * });
+   * ```
    */
   get feeSponsorship() {
     return {
-      /** List fee sponsorship policies */
-      list: getPolicies,
-      /** Create a fee sponsorship policy */
-      create: createPolicy,
-      /** Get a fee sponsorship policy by ID */
-      get: getPolicy,
-      /** Update a fee sponsorship policy */
-      update: updatePolicy,
-      /** Delete a fee sponsorship policy */
-      delete: deletePolicy,
-      /** Disable a fee sponsorship policy */
-      disable: disablePolicy,
-      /** Enable a fee sponsorship policy */
-      enable: enablePolicy,
-      /** Get fee sponsorship policy total gas usage */
-      getTotalGasUsage: getPolicyTotalGasUsage,
-      /** Fee sponsorship policy rules */
-      rules: {
-        /** List policy rules */
-        list: getPolicyRules,
-        /** Create a policy rule */
-        create: createPolicyRule,
-        /** Update a policy rule */
-        update: updatePolicyRule,
-        /** Delete a policy rule */
-        delete: deletePolicyRule
-      }
+      /** List fee sponsorships, optionally filtered by name, chainId, or enabled status */
+      list: listFeeSponsorships,
+      /** Create a fee sponsorship linked to a policy (policyId required) */
+      create: createFeeSponsorship,
+      /** Get a fee sponsorship by ID (pol_...) */
+      get: getFeeSponsorship,
+      /** Update a fee sponsorship's name, strategy, or linked policy */
+      update: updateFeeSponsorship,
+      /** Soft-delete a fee sponsorship */
+      delete: deleteFeeSponsorship,
+      /** Disable a fee sponsorship (stops it from being applied to transactions) */
+      disable: disableFeeSponsorship,
+      /** Enable a previously disabled fee sponsorship */
+      enable: enableFeeSponsorship
     };
   }
   // ============================================
   // Transaction Intents API
   // ============================================
   /**
-   * Transaction intent management endpoints
+   * Transaction intent endpoints for creating and managing on-chain transactions.
+   *
+   * Transaction intents represent a desired on-chain action (contract calls, transfers).
+   * When a fee sponsorship policy is provided (or auto-discovered from project-scoped policies),
+   * gas costs are sponsored according to the policy's strategy.
    */
   get transactionIntents() {
     return {
       /** List transaction intents */
       list: getTransactionIntents,
-      /** Create a transaction intent */
+      /** Create a transaction intent with contract interactions */
       create: createTransactionIntent,
       /** Get a transaction intent by ID */
       get: getTransactionIntent,
       /** Sign a transaction intent */
       signature,
-      /** Estimate cost */
+      /** Estimate gas cost for a transaction before creating it */
       estimateCost: estimateTransactionIntentCost
     };
   }
@@ -4900,27 +5060,6 @@ var Openfort = class {
     };
   }
   // ============================================
-  // Settings API
-  // ============================================
-  /**
-   * Settings / Developer account management endpoints
-   * @deprecated
-   */
-  get settings() {
-    return {
-      /** List developer accounts */
-      getDeveloperAccounts,
-      /** Create a developer account */
-      createDeveloperAccount,
-      /** Get a developer account by ID */
-      getDeveloperAccount,
-      /** Delete a developer account */
-      deleteDeveloperAccount,
-      /** Get verification payload */
-      getVerificationPayload
-    };
-  }
-  // ============================================
   // Subscriptions API
   // ============================================
   /**
@@ -5069,7 +5208,10 @@ var Openfort = class {
       const { recoveryShare: _, ...accountResponse } = response;
       return accountResponse;
     } catch (error) {
-      await deleteUser(response.user);
+      try {
+        await deleteUser(response.user);
+      } catch {
+      }
       throw error;
     }
   }
@@ -5100,6 +5242,11 @@ var Openfort = class {
    * @internal
    */
   async preRegisterWithShield(recoveryShare, openfortUserId, thirdPartyUserId, config) {
+    if (!config.shieldApiKey || !config.shieldApiSecret || !config.encryptionShare) {
+      throw new Error(
+        "Shield configuration requires shieldApiKey, shieldApiSecret, and encryptionShare"
+      );
+    }
     let externalUserId;
     if (config.shieldAuthProvider === ShieldAuthProvider.OPENFORT) {
       externalUserId = openfortUserId;
@@ -5134,13 +5281,16 @@ var Openfort = class {
   // Paymasters API
   // ============================================
   /**
-   * Paymaster endpoints
+   * Paymaster endpoints for managing ERC-4337 paymasters.
+   *
+   * Paymasters handle gas payment on-chain for account abstraction (ERC-4337).
+   * Fee sponsorships reference a paymaster to determine how user operations are sponsored.
    */
   get paymasters() {
     return {
       /** Create a paymaster */
       create: createPaymaster,
-      /** Get a paymaster by ID */
+      /** Get a paymaster by ID (pay_...) */
       get: getPaymaster,
       /** Update a paymaster */
       update: updatePaymaster,
@@ -5159,10 +5309,16 @@ var Openfort = class {
    */
   async constructWebhookEvent(body, signature2) {
     const signedPayload = await sign2(this._apiKey, body);
-    if (signedPayload !== signature2) {
-      throw Error("Invalid signature");
+    const expectedBuffer = Buffer.from(signedPayload, "hex");
+    const receivedBuffer = Buffer.from(signature2, "hex");
+    if (expectedBuffer.length !== receivedBuffer.length || !timingSafeEqual(expectedBuffer, receivedBuffer)) {
+      throw new Error("Invalid signature");
+    }
+    try {
+      return JSON.parse(body);
+    } catch {
+      throw new Error("Failed to parse webhook payload");
     }
-    return JSON.parse(body);
   }
   /**
    * Creates an encryption session with Shield.
@@ -5272,6 +5428,7 @@ export {
   EntityTypeDEVICE,
   EntityTypeEMAILSAMPLE,
   EntityTypeEVENT,
+  EntityTypeFEESPONSORSHIP,
   EntityTypeFORWARDERCONTRACT,
   EntityTypeLOG,
   EntityTypePAYMASTER,
@@ -5332,7 +5489,7 @@ export {
   GetAccountsV2AccountType,
   GetAccountsV2ChainType,
   GetAccountsV2Custody,
-  GetPolicyRulesExpandItem,
+  GetGasPolicyRulesLegacyExpandItem,
   IMPORT_ENCRYPTION_PUBLIC_KEY,
   ImportPrivateKeyRequestChainType,
   ImportPrivateKeyResponseChainType,
@@ -5344,7 +5501,7 @@ export {
   JsonRpcRequestJsonrpc,
   JsonRpcSuccessResponseAnyJsonrpc,
   ListBackendWalletsChainType,
-  ListPoliciesScope,
+  ListPoliciesScopeItem,
   MintAddressCriterionOperator,
   MintAddressCriterionRequestOperator,
   MintAddressCriterionRequestType,
@@ -5380,7 +5537,7 @@ export {
   PolicyRuleTypeCONTRACT,
   PolicyRuleTypeRATELIMIT,
   PolicyV2Action,
-  PolicyV2ListQueriesScope,
+  PolicyV2ListQueriesScopeItem,
   PolicyV2Scope,
   PregenerateAccountResponseCustody,
   PregenerateUserRequestV2AccountType,
@@ -5450,10 +5607,12 @@ export {
   SplValueCriterionRequestOperator,
   SplValueCriterionRequestType,
   SplValueCriterionSchema,
+  SponsorEvmTransactionRuleSchema,
   SponsorSchema,
   SponsorSchemaCHARGECUSTOMTOKENS,
   SponsorSchemaFIXEDRATE,
   SponsorSchemaPAYFORUSER,
+  SponsorSolTransactionRuleSchema,
   Status,
   ThirdPartyOAuthProvider,
   ThirdPartyOAuthProviderACCELBYTE,
@@ -5494,15 +5653,16 @@ export {
   createContract,
   createDeveloperAccount,
   createEvent,
+  createFeeSponsorship,
   createForwarderContract,
+  createGasPolicyLegacy,
+  createGasPolicyRuleLegacy,
+  createGasPolicyWithdrawalLegacy,
   createOAuthConfig,
   createOnrampSession,
   createPaymaster,
   createPlayer,
-  createPolicy,
-  createPolicyRule,
   createPolicyV2,
-  createPolicyWithdrawal,
   createSession,
   createSubscription,
   createTransactionIntent,
@@ -5514,20 +5674,23 @@ export {
   deleteContract,
   deleteDeveloperAccount,
   deleteEvent,
+  deleteFeeSponsorship,
   deleteForwarderContract,
+  deleteGasPolicyLegacy,
+  deleteGasPolicyRuleLegacy,
   deleteOAuthConfig,
   deletePaymaster,
   deletePlayer,
-  deletePolicy,
-  deletePolicyRule,
   deletePolicyV2,
   deleteSubscription,
   deleteTrigger,
   deleteUser,
   deprecatedCallbackOAuth,
   disableAccount,
-  disablePolicy,
-  enablePolicy,
+  disableFeeSponsorship,
+  disableGasPolicyLegacy,
+  enableFeeSponsorship,
+  enableGasPolicyLegacy,
   encryptForImport,
   estimateTransactionIntentCost,
   evaluatePolicyV2,
@@ -5549,7 +5712,14 @@ export {
   getDeveloperAccounts,
   getEvent,
   getEvents,
+  getFeeSponsorship,
   getForwarderContract,
+  getGasPoliciesLegacy,
+  getGasPolicyBalanceLegacy,
+  getGasPolicyLegacy,
+  getGasPolicyReportTransactionIntentsLegacy,
+  getGasPolicyRulesLegacy,
+  getGasPolicyTotalGasUsageLegacy,
   getJwks,
   getOAuthConfig,
   getOnrampQuote,
@@ -5557,12 +5727,6 @@ export {
   getPlayer,
   getPlayerSessions,
   getPlayers,
-  getPolicies,
-  getPolicy,
-  getPolicyBalance,
-  getPolicyReportTransactionIntents,
-  getPolicyRules,
-  getPolicyTotalGasUsage,
   getPolicyV2,
   getProjectLogs,
   getSession,
@@ -5590,6 +5754,7 @@ export {
   linkThirdParty,
   list,
   listBackendWallets,
+  listFeeSponsorships,
   listForwarderContracts,
   listOAuthConfig,
   listPaymasters,
@@ -5632,11 +5797,12 @@ export {
   unlinkSIWE,
   updateContract,
   updateDeveloperAccount,
+  updateFeeSponsorship,
   updateForwarderContract,
+  updateGasPolicyLegacy,
+  updateGasPolicyRuleLegacy,
   updatePaymaster,
   updatePlayer,
-  updatePolicy,
-  updatePolicyRule,
   updatePolicyV2,
   verifyAuthToken,
   verifyEmail,