@orbi-wallet/sdk 0.0.3 → 0.1.0

package/README.md

@@ -1,8 +1,8 @@
 # @orbi-wallet/sdk
 
-The official SDK for integrating [Orbi Smart Wallet](https://orbiwallet.xyz) into any Stellar dApp.
+The official SDK for connecting your Stellar dApp to [Orbi Smart Wallet](https://orbiwallet.xyz).
 
-Orbi is a passkey-based smart wallet on Stellar. Users sign transactions with Face ID or Touch ID — no seed phrase, no browser extension. This SDK lets your dApp connect to Orbi wallets and optionally sponsor gas so your users pay nothing.
+Orbi is a passkey-secured **classic Stellar (G) account** wallet. Users sign in and approve transactions with Face ID / Touch ID — no seed phrase, no browser extension.
 
 ---
 
@@ -14,290 +14,90 @@ npm install @orbi-wallet/sdk
 
 ---
 
-## Quick Start
-
-### User pays gas (default)
-
-```ts
-import { OrbiClient } from '@orbi-wallet/sdk';
-
-const orbi = new OrbiClient({
-  apiUrl: 'https://api.orbiwallet.xyz',
-});
-```
-
-### dApp sponsors gas (gasless)
+## Quick start
 
 ```ts
 import { OrbiClient } from '@orbi-wallet/sdk';
 
-const orbi = new OrbiClient({
-  apiUrl: 'https://api.orbiwallet.xyz',
-  apiKey: 'YOUR_API_KEY',  // get this from developers.orbiwallet.xyz
-});
-```
-
-That one line is the only difference. Everything else — connecting, signing, submitting — works exactly the same. Users see the fee crossed out and "Sponsored by [your app]".
+const orbi = new OrbiClient({ network: 'testnet' });
 
----
+// 1. Connect — opens a popup, resolves once the user approves
+const { walletAddress } = await orbi.connect();
 
-## How It Works
+// 2. Build a transaction with @stellar/stellar-sdk and get its XDR
+const xdr = transaction.toXDR();
 
-Orbi uses a **redirect flow** — no popups, no browser extensions. Works on all devices including mobile.
+// 3. Ask the user to review and sign — opens a popup, resolves with the signed XDR
+const { signedXdr } = await orbi.signTransaction({ xdr });
 
-```
-1. orbi.connect()          → redirect user to Orbi to connect wallet
-2. orbi.handleCallback()   → on return, get wallet address + passkey ID
-3. orbi.sign()             → redirect user to approve transaction with passkey
-4. orbi.handleSignCallback() + orbi.bundle()  → submit signed tx to relay
-5. orbi.waitForConfirmation(opId)             → wait for on-chain confirmation (~5s)
+// 4. Submit signedXdr to Horizon yourself (e.g. server.submitTransaction)
 ```
 
 ---
 
-## Full Example
-
-### Step 1 — Connect wallet
+## How it works
 
-On your "Connect" button:
-
-```ts
-orbi.connect({
-  redirectUrl: 'https://yourapp.com/callback',
-});
-// navigates to keys.orbiwallet.xyz, then back to redirectUrl?token=...
-```
-
-On your `/callback` page:
-
-```ts
-const wallet = await orbi.handleCallback();
-if (wallet) {
-  // { walletAddress, passkeyId, email }
-  localStorage.setItem('walletAddress', wallet.walletAddress);
-}
-```
-
-### Step 2 — Sign and submit a transaction
-
-```ts
-// Redirect user to approve
-orbi.sign({
-  walletAddress: localStorage.getItem('walletAddress')!,
-  contractId: 'YOUR_CONTRACT_ID',
-  functionName: 'transfer',
-  argsXdr: ['...', '...'],           // XDR-encoded args
-  redirectUrl: 'https://yourapp.com/sign-callback',
-});
-```
+Orbi uses a **popup + postMessage** handshake — the same integration pattern Coinbase Smart Wallet and most modern wallet SDKs use:
 
-On your `/sign-callback` page:
+1. `orbi.connect()` / `orbi.signTransaction()` opens `keys.orbiwallet.xyz` in a popup
+2. The user approves with their passkey (signs in, or creates a wallet first if new)
+3. The popup posts the result back to your page and closes itself
+4. The returned promise resolves with the result
 
-```ts
-const result = orbi.handleSignCallback();
-if (!result) return; // user cancelled or came directly to this page
-
-const { opId } = await orbi.bundle({
-  walletAddress: result.walletAddress,
-  quoteId: result.quoteId,
-  signedAuthEntryXdr: result.signedAuthEntryXdr,
-  contractId: 'YOUR_CONTRACT_ID',
-  functionName: 'transfer',
-  argsXdr: result.argsXdr,
-});
-
-// Wait for on-chain confirmation via SSE
-const status = await orbi.waitForConfirmation(opId);
-if (status.status === 'confirmed') {
-  console.log('tx hash:', status.txHash);
-}
-```
+The connected wallet is cached in `localStorage`, so later `connect()` calls resolve instantly without reopening the popup. Call `disconnect()` to clear it.
 
 ---
 
-## API Reference
+## API
 
-### `new OrbiClient(config)`
+### `new OrbiClient(config?)`
 
-| Parameter | Type | Required | Description |
+| Option | Type | Default | Description |
 |---|---|---|---|
-| `apiUrl` | `string` | Yes | Orbi relay URL — use `https://api.orbiwallet.xyz` |
-| `apiKey` | `string` | No | Your developer API key. Enables gas sponsorship. |
-
----
-
-### Wallet Connection
-
-#### `connect(params)`
-
-Redirects the user to Orbi to connect their wallet.
-
-```ts
-orbi.connect({ redirectUrl: 'https://yourapp.com/callback' });
-```
-
-#### `handleCallback()`
-
-Call on your callback page after `connect()` redirects back. Returns wallet data or `null` if no token in URL.
-
-```ts
-const wallet = await orbi.handleCallback();
-// { walletAddress: string, passkeyId: string, email: string } | null
-```
-
----
-
-### Transaction Signing
-
-#### `sign(params)`
-
-Redirects the user to Orbi to approve a transaction with their passkey.
-
-```ts
-orbi.sign({
-  walletAddress: string,
-  contractId: string,
-  functionName: string,
-  argsXdr: string[],       // XDR-encoded Soroban args
-  redirectUrl: string,
-});
-```
+| `network` | `'testnet' \| 'mainnet'` | `'testnet'` | Stellar network — passed through so Orbi shows the right network badge and validates the transaction against the matching ledger |
 
-If `apiKey` is set, the user sees the fee as sponsored — they pay nothing.
+### `connect(): Promise<ConnectedWallet>`
 
-#### `handleSignCallback()`
-
-Call on your sign-callback page. Returns the signed data needed to call `bundle()`, or `null` if nothing to process.
-
-```ts
-const result = orbi.handleSignCallback();
-// { signedAuthEntryXdr, quoteId, argsXdr, nativeSacId, walletAddress } | null
-```
-
----
-
-### Relay
-
-#### `bundle(params)`
-
-Submit a signed operation to the Orbi relay for on-chain execution.
-
-```ts
-const { opId } = await orbi.bundle({
-  walletAddress: string,
-  quoteId: string,
-  signedAuthEntryXdr: string,
-  contractId: string,
-  functionName: string,
-  argsXdr: string[],
-});
-```
-
-#### `waitForConfirmation(opId)`
-
-Wait for the operation to be confirmed or fail. Uses SSE — resolves in ~5s on Stellar.
-
-```ts
-const status = await orbi.waitForConfirmation(opId);
-// { opId, status: 'confirmed' | 'failed', txHash: string | null, error: string | null }
-```
-
-#### `getStatus(opId)`
-
-One-shot status check (non-blocking alternative to `waitForConfirmation`).
-
-```ts
-const status = await orbi.getStatus(opId);
-```
-
----
-
-### Token Management
-
-#### `watchAsset(params)`
-
-Redirect the user to add a Soroban token to their Orbi wallet.
-
-```ts
-orbi.watchAsset({
-  contractId: 'TOKEN_CONTRACT_ID',
-  redirectUrl: 'https://yourapp.com/callback',
-});
-```
-
-#### `handleWatchAssetCallback()`
-
-Call on your callback page after `watchAsset()` redirects back.
+Connects the user's wallet. Returns a cached session instantly if one exists; otherwise opens the connect popup and resolves once the user approves.
 
 ```ts
-const result = orbi.handleWatchAssetCallback();
-// { contractId: string, added: boolean } | null
+const { walletAddress, credentialId, passkeyId } = await orbi.connect();
 ```
 
----
-
-### Gas Sponsorship (Developer Setup)
-
-These methods are for onboarding your dApp to gas sponsorship. You can also do this through the [developer portal](https://developers.orbiwallet.xyz).
+### `signTransaction({ xdr, walletAddress? }): Promise<SignResult>`
 
-#### `register(params)`
+Opens the sign popup so the user can review and approve a transaction with their passkey.
 
-Register a new developer account. Returns a one-time API key — save it immediately.
+- `xdr` — base64-encoded `TransactionEnvelope` XDR for a classic G account (build it with `@stellar/stellar-sdk`)
+- `walletAddress` — optional; defaults to the currently connected address
 
 ```ts
-const { apiKey } = await orbi.register({
-  developerName: 'My App',
-  email: 'you@example.com',
-});
+const { signedXdr, walletAddress } = await orbi.signTransaction({ xdr });
 ```
 
-#### `setDeployer(deployerPublicKey)`
-
-Set the Stellar G... address that will fund gas for your users. Requires `apiKey` in constructor.
-
-```ts
-await orbi.setDeployer('GABC...XYZ');
-```
-
-#### `getDeployerBalance()`
-
-Check your gas tank balance. Requires `apiKey` in constructor.
-
-```ts
-const { balanceXlm } = await orbi.getDeployerBalance();
-console.log(`${balanceXlm} XLM remaining`);
-```
-
----
+Orbi only signs — it does not submit. Submit `signedXdr` to Horizon yourself.
 
-## Gas Sponsorship Setup
+### `getAddress(): string | null`
 
-To sponsor gas for your users:
+Returns the cached wallet address from a previous `connect()`, or `null` if not connected.
 
-1. **Create a developer account** at [developers.orbiwallet.xyz](https://developers.orbiwallet.xyz) — get your API key
-2. **Create a Stellar keypair** for your gas tank (a regular G... account)
-3. **Fund it with XLM** — each sponsored transaction deducts the exact network fee
-4. **Set the deployer** in the developer portal (or via `setDeployer()`)
-5. **Add `apiKey`** to your `OrbiClient` constructor
+### `disconnect(): void`
 
-That's it. Users with Orbi wallets will see fees as sponsored. Users on other wallets are unaffected.
+Clears the cached session on your side. Doesn't revoke anything on Orbi — the user can reconnect any time with their passkey.
 
 ---
 
 ## Notes
 
-- Works on all browsers and mobile — redirect flow, no popups or extensions
-- Only works with Orbi smart wallets — other Stellar wallets (Freighter, Lobstr) are unaffected
-- Stellar ledger closes every ~5s, so `waitForConfirmation` typically resolves in under 10s
-- XDR arg encoding: use `@stellar/stellar-sdk` to build and encode Soroban contract args
+- Requires popups to be allowed for your site — `connect()`/`signTransaction()` reject with a clear error if the popup is blocked or the user closes it
+- Works with Orbi G-wallets only (classic Stellar accounts)
+- Results are only ever accepted from `https://keys.orbiwallet.xyz`, verified by both message origin and source window — never trust `postMessage` from elsewhere
 
 ---
 
 ## Links
 
 - [Orbi Wallet](https://orbiwallet.xyz)
-- [Developer Portal](https://developers.orbiwallet.xyz)
-- [npm](https://npmjs.com/package/@orbi-wallet/sdk)
 - [GitHub](https://github.com/Novablitz404/orbi-smart-wallet)
 
 ---

package/dist/client.d.ts

@@ -1,99 +1,38 @@
 /**
- * @orbi-wallet/sdk — Orbi Smart Wallet SDK
+ * @orbi-wallet/sdk — Orbi Smart Wallet SDK (G-wallet)
  *
- * Lets any Stellar dApp integrate Orbi passkey wallets using a redirect flow.
- * Works on all devices and browsers — no popups, no extensions needed.
+ * Connects a Stellar dApp to Orbi passkey wallets via a popup + postMessage
+ * handshake — the same integration pattern Coinbase Smart Wallet uses.
  *
- * Quick start (user pays gas):
- *   const orbi = new OrbiClient({ apiUrl: 'https://api.orbiwallet.xyz' });
- *
- * Quick start (dApp sponsors gas):
- *   const orbi = new OrbiClient({
- *     apiUrl: 'https://api.orbiwallet.xyz',
- *     apiKey: 'YOUR_API_KEY',  // <-- enables gasless
- *   });
- *
- * Flow:
- *   1. orbi.connect({ redirectUrl })          — redirect user to connect wallet
- *   2. orbi.handleCallback()                  — on return, exchange token for wallet data
- *   3. orbi.sign({ ..., redirectUrl })        — redirect user to approve transaction
- *   4. orbi.handleSignCallback() → bundle()   — on return, submit signed tx
- *   5. orbi.waitForConfirmation(opId)         — wait for on-chain confirmation
+ *   const orbi = new OrbiClient();
+ *   const { walletAddress } = await orbi.connect();
+ *   const { signedXdr } = await orbi.signTransaction({ xdr });
  */
-import type { OrbiClientConfig, OpStatus, DeployerBalance } from './types';
+import type { ConnectedWallet, OrbiClientConfig, SignResult } from './types';
 export declare class OrbiClient {
-    private apiUrl;
-    private apiKey?;
-    constructor(config: OrbiClientConfig);
-    private authHeaders;
-    /** Redirect the user to Orbi to connect their wallet. */
-    connect(params: {
-        redirectUrl: string;
-    }): void;
-    /** Call this on your callback page after orbi.connect() redirects back. */
-    handleCallback(): Promise<{
-        walletAddress: string;
-        passkeyId: string;
-        email: string;
-    } | null>;
+    private network;
+    constructor(config?: OrbiClientConfig);
+    /** Wallet address from a previous `connect()`, restored from local storage. */
+    getAddress(): string | null;
+    /** Forget the cached session. The next `connect()` reopens the Orbi popup. */
+    disconnect(): void;
+    private getSession;
     /**
-     * Redirect the user to Orbi to approve a transaction with their passkey.
-     * If apiKey is set, the user will see the fee as sponsored — they pay nothing.
+     * Connect the user's Orbi wallet. Resolves immediately from a cached
+     * session if one exists; otherwise opens the Orbi connect popup and
+     * resolves once the user approves.
      */
-    sign(params: {
-        walletAddress: string;
-        contractId: string;
-        functionName: string;
-        argsXdr: string[];
-        redirectUrl: string;
-    }): void;
-    /** Call this on your sign-callback page after orbi.sign() redirects back. */
-    handleSignCallback(): {
-        signedAuthEntryXdr: string;
-        quoteId: string;
-        argsXdr: string[];
-        nativeSacId: string;
-        walletAddress: string;
-    } | null;
-    /** Redirect the user to add a token to their Orbi wallet. */
-    watchAsset(params: {
-        contractId: string;
-        redirectUrl: string;
-    }): void;
-    /** Call this on your callback page after orbi.watchAsset() redirects back. */
-    handleWatchAssetCallback(): {
-        contractId: string;
-        added: boolean;
-    } | null;
+    connect(): Promise<ConnectedWallet>;
     /**
-     * Submit a signed operation to the Orbi relay.
-     * If apiKey is set and a deployer is configured, gas is sponsored automatically.
+     * Ask the user to review and approve a transaction with their passkey.
+     *
+     * `xdr` is a base64-encoded TransactionEnvelope for a classic G account —
+     * build it with `@stellar/stellar-sdk` on your end. Orbi only signs; submit
+     * the returned `signedXdr` to Horizon yourself.
      */
-    bundle(params: {
-        walletAddress: string;
-        quoteId: string;
-        signedAuthEntryXdr: string;
-        contractId: string;
-        functionName: string;
-        argsXdr: string[];
-    }): Promise<{
-        opId: string;
-    }>;
-    /** One-shot status check for an operation. */
-    getStatus(opId: string): Promise<OpStatus>;
-    /** Wait for confirmed or failed via SSE (~5s on Stellar). */
-    waitForConfirmation(opId: string): Promise<OpStatus>;
-    /** Register a new developer account. Returns a one-time API key — save it. */
-    register(params: {
-        developerName: string;
-        email: string;
-        deployerPublicKey?: string;
-    }): Promise<{
-        apiKey: string;
-        message: string;
-    }>;
-    /** Set or update the deployer (gas tank) address for this API key. */
-    setDeployer(deployerPublicKey: string): Promise<void>;
-    /** Check the XLM balance of your gas tank. */
-    getDeployerBalance(): Promise<DeployerBalance>;
+    signTransaction(params: {
+        xdr: string;
+        walletAddress?: string;
+    }): Promise<SignResult>;
+    private openPopup;
 }

package/dist/client.js

@@ -1,237 +1,142 @@
 "use strict";
 /**
- * @orbi-wallet/sdk — Orbi Smart Wallet SDK
+ * @orbi-wallet/sdk — Orbi Smart Wallet SDK (G-wallet)
  *
- * Lets any Stellar dApp integrate Orbi passkey wallets using a redirect flow.
- * Works on all devices and browsers — no popups, no extensions needed.
+ * Connects a Stellar dApp to Orbi passkey wallets via a popup + postMessage
+ * handshake — the same integration pattern Coinbase Smart Wallet uses.
  *
- * Quick start (user pays gas):
- *   const orbi = new OrbiClient({ apiUrl: 'https://api.orbiwallet.xyz' });
- *
- * Quick start (dApp sponsors gas):
- *   const orbi = new OrbiClient({
- *     apiUrl: 'https://api.orbiwallet.xyz',
- *     apiKey: 'YOUR_API_KEY',  // <-- enables gasless
- *   });
- *
- * Flow:
- *   1. orbi.connect({ redirectUrl })          — redirect user to connect wallet
- *   2. orbi.handleCallback()                  — on return, exchange token for wallet data
- *   3. orbi.sign({ ..., redirectUrl })        — redirect user to approve transaction
- *   4. orbi.handleSignCallback() → bundle()   — on return, submit signed tx
- *   5. orbi.waitForConfirmation(opId)         — wait for on-chain confirmation
+ *   const orbi = new OrbiClient();
+ *   const { walletAddress } = await orbi.connect();
+ *   const { signedXdr } = await orbi.signTransaction({ xdr });
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.OrbiClient = void 0;
+// Generated from package.json at build time (see scripts/generate-version.js)
+// — package.json stays the single source of truth for name/version.
+const version_1 = require("./version");
 const KEYS_URL = 'https://keys.orbiwallet.xyz';
-function _patchBuffer() {
-    if (typeof window === 'undefined')
-        return;
-    function dv(b) { return new DataView(b.buffer, b.byteOffset, b.byteLength); }
-    function def(p, n, fn) {
-        if (typeof p[n] !== 'function')
-            Object.defineProperty(p, n, { value: fn, writable: true, configurable: true });
-    }
-    function patch(p) {
-        if (!p)
-            return;
-        def(p, 'readBigInt64BE', function (o = 0) { return dv(this).getBigInt64(o, false); });
-        def(p, 'readBigUInt64BE', function (o = 0) { return dv(this).getBigUint64(o, false); });
-        def(p, 'readBigInt64LE', function (o = 0) { return dv(this).getBigInt64(o, true); });
-        def(p, 'readBigUInt64LE', function (o = 0) { return dv(this).getBigUint64(o, true); });
-        def(p, 'writeBigInt64BE', function (v, o = 0) { dv(this).setBigInt64(o, v, false); return o + 8; });
-        def(p, 'writeBigUInt64BE', function (v, o = 0) { dv(this).setBigUint64(o, v, false); return o + 8; });
-        def(p, 'writeBigInt64LE', function (v, o = 0) { dv(this).setBigInt64(o, v, true); return o + 8; });
-        def(p, 'writeBigUInt64LE', function (v, o = 0) { dv(this).setBigUint64(o, v, true); return o + 8; });
-    }
-    patch(Uint8Array.prototype);
-    patch(globalThis.Buffer?.prototype);
-}
+const KEYS_ORIGIN = new URL(KEYS_URL).origin;
+const SESSION_KEY = 'orbi_session';
+const POPUP_WIDTH = 420;
+const POPUP_HEIGHT = 640;
 class OrbiClient {
-    constructor(config) {
-        this.apiUrl = config.apiUrl.replace(/\/$/, '');
-        this.apiKey = config.apiKey;
-        _patchBuffer();
+    constructor(config = {}) {
+        this.network = config.network ?? 'testnet';
     }
-    authHeaders() {
-        return this.apiKey ? { Authorization: `Bearer ${this.apiKey}` } : {};
+    // ── Session ─────────────────────────────────────────────────────────────────
+    /** Wallet address from a previous `connect()`, restored from local storage. */
+    getAddress() {
+        return this.getSession()?.walletAddress ?? null;
     }
-    // ── Wallet connection ───────────────────────────────────────────────────────
-    /** Redirect the user to Orbi to connect their wallet. */
-    connect(params) {
-        const url = new URL(`${KEYS_URL}/connect`);
-        url.searchParams.set('redirect', params.redirectUrl);
-        url.searchParams.set('origin', window.location.origin);
-        window.location.href = url.toString();
+    /** Forget the cached session. The next `connect()` reopens the Orbi popup. */
+    disconnect() {
+        if (typeof window === 'undefined')
+            return;
+        localStorage.removeItem(SESSION_KEY);
     }
-    /** Call this on your callback page after orbi.connect() redirects back. */
-    async handleCallback() {
-        const params = new URLSearchParams(window.location.search);
-        const token = params.get('token');
-        if (!token)
+    getSession() {
+        if (typeof window === 'undefined')
             return null;
-        const res = await fetch(`${this.apiUrl}/v1/auth/tokens/${token}`);
-        if (!res.ok)
-            throw new Error('Invalid or expired Orbi token');
-        return res.json();
+        const raw = localStorage.getItem(SESSION_KEY);
+        return raw ? JSON.parse(raw) : null;
     }
-    // ── Transaction signing ─────────────────────────────────────────────────────
+    // ── Wallet connection ───────────────────────────────────────────────────────
     /**
-     * Redirect the user to Orbi to approve a transaction with their passkey.
-     * If apiKey is set, the user will see the fee as sponsored — they pay nothing.
+     * Connect the user's Orbi wallet. Resolves immediately from a cached
+     * session if one exists; otherwise opens the Orbi connect popup and
+     * resolves once the user approves.
      */
-    sign(params) {
-        const url = new URL(`${KEYS_URL}/sign`);
-        url.searchParams.set('redirect', params.redirectUrl);
-        url.searchParams.set('origin', window.location.origin);
-        url.searchParams.set('walletAddress', params.walletAddress);
-        url.searchParams.set('contractId', params.contractId);
-        url.searchParams.set('functionName', params.functionName);
-        url.searchParams.set('argsXdr', JSON.stringify(params.argsXdr));
-        if (this.apiKey)
-            url.searchParams.set('apiKey', this.apiKey);
-        window.location.href = url.toString();
-    }
-    /** Call this on your sign-callback page after orbi.sign() redirects back. */
-    handleSignCallback() {
-        const params = new URLSearchParams(window.location.search);
-        const signedXdr = params.get('signedXdr');
-        const quoteId = params.get('quoteId');
-        const argsXdrRaw = params.get('argsXdr');
-        const nativeSacId = params.get('nativeSacId');
-        const walletAddress = params.get('walletAddress');
-        if (!signedXdr || !quoteId || !argsXdrRaw || !nativeSacId || !walletAddress)
-            return null;
-        return {
-            signedAuthEntryXdr: signedXdr,
-            quoteId,
-            argsXdr: JSON.parse(argsXdrRaw),
-            nativeSacId,
-            walletAddress,
-        };
-    }
-    // ── Token management ────────────────────────────────────────────────────────
-    /** Redirect the user to add a token to their Orbi wallet. */
-    watchAsset(params) {
-        const url = new URL(`${KEYS_URL}/watch-asset`);
-        url.searchParams.set('contractId', params.contractId);
-        url.searchParams.set('redirect', params.redirectUrl);
-        url.searchParams.set('origin', window.location.origin);
-        window.location.href = url.toString();
-    }
-    /** Call this on your callback page after orbi.watchAsset() redirects back. */
-    handleWatchAssetCallback() {
-        const params = new URLSearchParams(window.location.search);
-        const contractId = params.get('watchedContractId');
-        if (!contractId)
-            return null;
-        return { contractId, added: params.get('watched') === 'true' };
+    async connect() {
+        const cached = this.getSession();
+        if (cached)
+            return cached;
+        const wallet = await this.openPopup({
+            path: '/connect',
+            successType: 'orbi_connected',
+            mapSuccess: (msg) => ({
+                walletAddress: msg.address,
+                credentialId: msg.credentialId ?? '',
+                passkeyId: msg.passkeyId ?? '',
+            }),
+        });
+        localStorage.setItem(SESSION_KEY, JSON.stringify(wallet));
+        return wallet;
     }
-    // ── Relay API ───────────────────────────────────────────────────────────────
+    // ── Transaction signing ─────────────────────────────────────────────────────
     /**
-     * Submit a signed operation to the Orbi relay.
-     * If apiKey is set and a deployer is configured, gas is sponsored automatically.
+     * Ask the user to review and approve a transaction with their passkey.
+     *
+     * `xdr` is a base64-encoded TransactionEnvelope for a classic G account —
+     * build it with `@stellar/stellar-sdk` on your end. Orbi only signs; submit
+     * the returned `signedXdr` to Horizon yourself.
      */
-    async bundle(params) {
-        const res = await fetch(`${this.apiUrl}/v1/bundle`, {
-            method: 'POST',
-            headers: {
-                'Content-Type': 'application/json',
-                ...this.authHeaders(),
+    signTransaction(params) {
+        const walletAddress = params.walletAddress ?? this.getAddress() ?? undefined;
+        return this.openPopup({
+            path: '/sign',
+            params: {
+                xdr: params.xdr,
+                network: this.network,
+                ...(walletAddress ? { walletAddress } : {}),
             },
-            body: JSON.stringify({
-                walletAddress: params.walletAddress,
-                quoteId: params.quoteId,
-                authEntryXdr: params.signedAuthEntryXdr,
-                call: {
-                    contractId: params.contractId,
-                    function: params.functionName,
-                    argsXdr: params.argsXdr,
-                },
+            successType: 'orbi_g_signed',
+            mapSuccess: (msg) => ({
+                signedXdr: msg.signedXdr,
+                walletAddress: msg.walletAddress,
             }),
         });
-        if (!res.ok) {
-            const err = await res.json().catch(() => ({}));
-            throw new Error(err.error ?? `Bundle failed: ${res.status}`);
-        }
-        return res.json();
     }
-    /** One-shot status check for an operation. */
-    async getStatus(opId) {
-        const res = await fetch(`${this.apiUrl}/v1/status/${opId}`);
-        if (!res.ok)
-            throw new Error(`Status check failed: ${res.status}`);
-        return res.json();
-    }
-    /** Wait for confirmed or failed via SSE (~5s on Stellar). */
-    waitForConfirmation(opId) {
+    // ── Popup + postMessage handshake ───────────────────────────────────────────
+    openPopup(req) {
+        if (typeof window === 'undefined') {
+            return Promise.reject(new Error('Orbi requires a browser environment'));
+        }
+        const url = new URL(`${KEYS_URL}${req.path}`);
+        url.searchParams.set('origin', window.location.origin);
+        url.searchParams.set('sdkName', version_1.SDK_NAME);
+        url.searchParams.set('sdkVersion', version_1.SDK_VERSION);
+        for (const [key, value] of Object.entries(req.params ?? {}))
+            url.searchParams.set(key, value);
+        const left = window.screenX + Math.max(0, (window.outerWidth - POPUP_WIDTH) / 2);
+        const top = window.screenY + Math.max(0, (window.outerHeight - POPUP_HEIGHT) / 2);
+        const popup = window.open(url.toString(), 'orbi-wallet', `width=${POPUP_WIDTH},height=${POPUP_HEIGHT},left=${left},top=${top}`);
+        if (!popup) {
+            return Promise.reject(new Error('Popup blocked — allow popups for this site to use Orbi'));
+        }
         return new Promise((resolve, reject) => {
-            const es = new EventSource(`${this.apiUrl}/v1/wallet/events/${opId}`);
-            es.onmessage = (e) => {
-                try {
-                    const data = JSON.parse(e.data);
-                    es.close();
-                    if (data.status === 'confirmed') {
-                        resolve({ opId, status: 'confirmed', txHash: data.txHash ?? null, error: null });
-                    }
-                    else if (data.status === 'failed') {
-                        resolve({ opId, status: 'failed', txHash: null, error: data.error ?? 'Transaction failed' });
-                    }
-                    else if (data.status === 'timeout') {
-                        reject(new Error(`Op ${opId} timed out`));
-                    }
+            let settled = false;
+            const settle = (fn) => {
+                if (settled)
+                    return;
+                settled = true;
+                window.removeEventListener('message', onMessage);
+                clearInterval(closedCheck);
+                fn();
+            };
+            const onMessage = (event) => {
+                // event.origin is never affected by Cross-Origin-Opener-Policy and
+                // can't be spoofed — always required. event.source (the popup window
+                // reference) adds extra anti-spoofing when the browser provides it,
+                // but COOP isolation can null it out on either side, so we only
+                // enforce it when present rather than rejecting legit messages.
+                if (event.origin !== KEYS_ORIGIN)
+                    return;
+                if (event.source !== null && event.source !== popup)
+                    return;
+                const data = event.data;
+                if (data?.type === req.successType) {
+                    settle(() => resolve(req.mapSuccess(data)));
                 }
-                catch {
-                    es.close();
-                    reject(new Error('Invalid SSE response'));
+                else if (data?.type === 'orbi_cancelled') {
+                    settle(() => reject(new Error('Cancelled in Orbi')));
                 }
             };
-            es.onerror = () => {
-                es.close();
-                reject(new Error(`Lost connection waiting for op ${opId}`));
-            };
+            const closedCheck = setInterval(() => {
+                if (popup.closed)
+                    settle(() => reject(new Error('Orbi window closed before completing')));
+            }, 500);
+            window.addEventListener('message', onMessage);
         });
     }
-    // ── Gas sponsorship onboarding ──────────────────────────────────────────────
-    /** Register a new developer account. Returns a one-time API key — save it. */
-    async register(params) {
-        const res = await fetch(`${this.apiUrl}/v1/account/register`, {
-            method: 'POST',
-            headers: { 'Content-Type': 'application/json' },
-            body: JSON.stringify(params),
-        });
-        if (!res.ok) {
-            const err = await res.json().catch(() => ({}));
-            throw new Error(err.error ?? `Registration failed: ${res.status}`);
-        }
-        return res.json();
-    }
-    /** Set or update the deployer (gas tank) address for this API key. */
-    async setDeployer(deployerPublicKey) {
-        if (!this.apiKey)
-            throw new Error('apiKey required — pass it in the OrbiClient constructor');
-        const res = await fetch(`${this.apiUrl}/v1/account/deployer`, {
-            method: 'PATCH',
-            headers: { 'Content-Type': 'application/json', ...this.authHeaders() },
-            body: JSON.stringify({ deployerPublicKey }),
-        });
-        if (!res.ok) {
-            const err = await res.json().catch(() => ({}));
-            throw new Error(err.error ?? `Set deployer failed: ${res.status}`);
-        }
-    }
-    /** Check the XLM balance of your gas tank. */
-    async getDeployerBalance() {
-        if (!this.apiKey)
-            throw new Error('apiKey required — pass it in the OrbiClient constructor');
-        const res = await fetch(`${this.apiUrl}/v1/account/balance`, {
-            headers: this.authHeaders(),
-        });
-        if (!res.ok) {
-            const err = await res.json().catch(() => ({}));
-            throw new Error(err.error ?? `Balance fetch failed: ${res.status}`);
-        }
-        return res.json();
-    }
 }
 exports.OrbiClient = OrbiClient;

package/dist/index.d.ts

@@ -1,3 +1,2 @@
 export { OrbiClient } from './client';
-export { deriveWalletAddress } from './wallet';
-export type { OrbiClientConfig, QuoteResult, BundleResult, OpStatus, OrbiNetwork, DeployerBalance } from './types';
+export type { ConnectedWallet, OrbiClientConfig, OrbiNetwork, SignResult } from './types';

package/dist/index.js

@@ -1,7 +1,5 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.deriveWalletAddress = exports.OrbiClient = void 0;
+exports.OrbiClient = void 0;
 var client_1 = require("./client");
 Object.defineProperty(exports, "OrbiClient", { enumerable: true, get: function () { return client_1.OrbiClient; } });
-var wallet_1 = require("./wallet");
-Object.defineProperty(exports, "deriveWalletAddress", { enumerable: true, get: function () { return wallet_1.deriveWalletAddress; } });

package/dist/types.d.ts

@@ -1,32 +1,14 @@
 export type OrbiNetwork = 'testnet' | 'mainnet';
 export interface OrbiClientConfig {
-    /** Orbi relay API URL — https://api.orbiwallet.xyz */
-    apiUrl: string;
-    /** Optional: your API key if required by the relay */
-    apiKey?: string;
+    /** Stellar network the dApp is operating on. Defaults to 'testnet'. */
     network?: OrbiNetwork;
 }
-export interface QuoteResult {
-    quoteId: string;
-    feeStroops: number;
-    feeXlm: string;
-    expiresAtLedger: number;
-    currentLedger: number;
-    nativeSacId: string;
-    feeCollectorAddress: string;
-    authEntryXdr: string;
+export interface ConnectedWallet {
+    walletAddress: string;
+    credentialId: string;
+    passkeyId: string;
 }
-export interface BundleResult {
-    opId: string;
-}
-export interface OpStatus {
-    opId: string;
-    status: 'pending' | 'batched' | 'confirmed' | 'failed';
-    txHash: string | null;
-    error: string | null;
-}
-export interface DeployerBalance {
-    address: string;
-    balanceXlm: string;
-    balanceStroops: string;
+export interface SignResult {
+    signedXdr: string;
+    walletAddress: string;
 }

package/dist/version.d.ts

@@ -0,0 +1,2 @@
+export declare const SDK_NAME = "@orbi-wallet/sdk";
+export declare const SDK_VERSION = "0.1.0";

package/dist/version.js

@@ -0,0 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SDK_VERSION = exports.SDK_NAME = void 0;
+// Generated by scripts/generate-version.js from package.json — do not edit.
+exports.SDK_NAME = "@orbi-wallet/sdk";
+exports.SDK_VERSION = "0.1.0";

package/package.json

@@ -1,32 +1,35 @@
 {
   "name": "@orbi-wallet/sdk",
-  "version": "0.0.3",
-  "description": "Orbi Smart Wallet SDK — connect any dApp to Orbi passkey wallets with optional gasless transactions",
+  "version": "0.1.0",
+  "description": "Orbi Smart Wallet SDK — connect any Stellar dApp to Orbi passkey wallets",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
-  "files": ["dist"],
+  "files": [
+    "dist"
+  ],
   "license": "MIT",
-  "keywords": ["stellar", "smart-wallet", "passkey", "gasless", "soroban", "sdk"],
+  "keywords": [
+    "stellar",
+    "wallet",
+    "passkey",
+    "sdk"
+  ],
   "homepage": "https://orbiwallet.xyz",
   "repository": {
     "type": "git",
-    "url": "https://github.com/Novablitz404/orbi-smart-wallet"
+    "url": "git+https://github.com/Novablitz404/orbi-wallet-sdk.git"
   },
   "bugs": {
-    "url": "https://github.com/Novablitz404/orbi-smart-wallet/issues"
+    "url": "https://github.com/Novablitz404/orbi-wallet-sdk/issues"
   },
   "scripts": {
+    "prebuild": "node scripts/generate-version.js",
     "build": "tsc",
+    "predev": "node scripts/generate-version.js",
     "dev": "tsc --watch"
   },
-  "dependencies": {
-    "@stellar/stellar-sdk": "^15.1.0"
-  },
   "devDependencies": {
     "@types/node": "^20.14.2",
     "typescript": "^5.5.2"
-  },
-  "peerDependencies": {
-    "@stellar/stellar-sdk": "^15.1.0"
   }
 }

package/dist/wallet.d.ts

@@ -1,16 +0,0 @@
-export type OrbiNetwork = 'testnet' | 'mainnet';
-/**
- * Derive the deterministic wallet C-address for a passkey ID.
- *
- * Matches the relay's deriveWalletAddress — same formula:
- *   salt    = sha256(passkey_id)
- *   address = sha256(networkId + deployer_G_address + salt)
- *
- * Call this immediately after passkey creation to show the user their
- * address — no transaction or network call needed.
- */
-export declare function deriveWalletAddress(params: {
-    passkeyId: Uint8Array;
-    deployerPublicKey: string;
-    network?: OrbiNetwork;
-}): string;

package/dist/wallet.js

@@ -1,33 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.deriveWalletAddress = deriveWalletAddress;
-const stellar_sdk_1 = require("@stellar/stellar-sdk");
-const PASSPHRASES = {
-    testnet: stellar_sdk_1.Networks.TESTNET,
-    mainnet: stellar_sdk_1.Networks.PUBLIC,
-};
-/**
- * Derive the deterministic wallet C-address for a passkey ID.
- *
- * Matches the relay's deriveWalletAddress — same formula:
- *   salt    = sha256(passkey_id)
- *   address = sha256(networkId + deployer_G_address + salt)
- *
- * Call this immediately after passkey creation to show the user their
- * address — no transaction or network call needed.
- */
-function deriveWalletAddress(params) {
-    const { passkeyId, deployerPublicKey, network = 'testnet' } = params;
-    const networkPassphrase = PASSPHRASES[network];
-    const salt = (0, stellar_sdk_1.hash)(Buffer.from(passkeyId));
-    const networkId = (0, stellar_sdk_1.hash)(Buffer.from(networkPassphrase));
-    const preimage = stellar_sdk_1.xdr.HashIdPreimage.envelopeTypeContractId(new stellar_sdk_1.xdr.HashIdPreimageContractId({
-        networkId: Buffer.from(networkId),
-        contractIdPreimage: stellar_sdk_1.xdr.ContractIdPreimage.contractIdPreimageFromAddress(new stellar_sdk_1.xdr.ContractIdPreimageFromAddress({
-            address: new stellar_sdk_1.Address(deployerPublicKey).toScAddress(),
-            salt: Buffer.from(salt),
-        })),
-    }));
-    const contractId = (0, stellar_sdk_1.hash)(preimage.toXDR());
-    return stellar_sdk_1.StrKey.encodeContract(contractId);
-}