@phantom/embedded-provider-core 1.0.0-beta.1 → 1.0.0-beta.10

package/README.md

@@ -60,7 +60,6 @@ const config: EmbeddedProviderConfig = {
   appId: "your-app-id",
   embeddedWalletType: "user-wallet", // or 'app-wallet'
   addressTypes: ["solana", "ethereum"],
-  solanaProvider: "web3js",
   authOptions: {
     authUrl: "https://auth.phantom.app",
     redirectUrl: "https://your-app.com/callback",
@@ -276,7 +275,6 @@ interface EmbeddedProviderConfig {
   addressTypes: [AddressType, ...AddressType[]]; // Supported blockchain addresses
 
   // Optional
-  solanaProvider?: "web3js" | "kit"; // Solana library preference
   authOptions?: {
     authUrl?: string; // Custom auth URL
     redirectUrl?: string; // OAuth redirect URL

package/dist/index.d.mts

@@ -1,8 +1,8 @@
-import { StamperWithKeyManagement } from '@phantom/sdk-types';
+import { StamperWithKeyManagement, Transaction, VersionedTransaction } from '@phantom/sdk-types';
+import { ClientSideSdkHeaders, NetworkId } from '@phantom/constants';
 import { AddressType } from '@phantom/client';
-import { NetworkId } from '@phantom/constants';
 import { ParsedSignatureResult, ParsedTransactionResult } from '@phantom/parsers';
-import { ISolanaChain, IEthereumChain, EthTransactionRequest } from '@phantom/chains';
+import { ISolanaChain, IEthereumChain, EthTransactionRequest } from '@phantom/chain-interfaces';
 
 interface Keypair {
     publicKey: string;
@@ -66,7 +66,6 @@ interface AuthResult {
 }
 interface PhantomConnectOptions {
     organizationId: string;
-    parentOrganizationId: string;
     appId: string;
     provider?: "google" | "apple";
     redirectUrl?: string;
@@ -77,7 +76,6 @@ interface PhantomConnectOptions {
 interface JWTAuthOptions {
     appId: string;
     organizationId: string;
-    parentOrganizationId: string;
     jwtToken: string;
     customAuthData?: Record<string, any>;
 }
@@ -92,6 +90,7 @@ interface PlatformAdapter {
     authProvider: AuthProvider;
     urlParamsAccessor: URLParamsAccessor;
     stamper: StamperWithKeyManagement;
+    analyticsHeaders?: Partial<ClientSideSdkHeaders>;
 }
 interface DebugLogger {
     info(category: string, message: string, data?: any): void;
@@ -115,6 +114,10 @@ interface SignMessageParams {
 }
 interface SignMessageResult extends ParsedSignatureResult {
 }
+interface SignTransactionParams {
+    transaction: any;
+    networkId: NetworkId;
+}
 interface SignAndSendTransactionParams {
     transaction: any;
     networkId: NetworkId;
@@ -129,14 +132,12 @@ interface AuthOptions {
 interface EmbeddedProviderConfig {
     apiBaseUrl: string;
     appId: string;
-    organizationId: string;
-    authOptions?: {
-        authUrl?: string;
-        redirectUrl?: string;
+    authOptions: {
+        authUrl: string;
+        redirectUrl: string;
     };
     embeddedWalletType: "app-wallet" | "user-wallet" | (string & Record<never, never>);
-    addressTypes: [AddressType, ...AddressType[]];
-    solanaProvider: "web3js" | "kit" | (string & Record<never, never>);
+    addressTypes: AddressType[];
 }
 
 type EmbeddedProviderEvent = "connect" | "connect_start" | "connect_error" | "disconnect" | "error";
@@ -160,6 +161,10 @@ declare class EmbeddedProvider {
     on(event: EmbeddedProviderEvent, callback: EventCallback): void;
     off(event: EmbeddedProviderEvent, callback: EventCallback): void;
     private emit;
+    /**
+     * Get the appropriate address for a given network ID from available addresses
+     */
+    private getAddressForNetwork;
     private getAndFilterWalletAddresses;
     private validateAndCleanSession;
     private tryExistingConnection;
@@ -170,6 +175,7 @@ declare class EmbeddedProvider {
     connect(authOptions?: AuthOptions): Promise<ConnectResult>;
     disconnect(): Promise<void>;
     signMessage(params: SignMessageParams): Promise<ParsedSignatureResult>;
+    signTransaction(params: SignTransactionParams): Promise<ParsedTransactionResult>;
     signAndSendTransaction(params: SignAndSendTransactionParams): Promise<ParsedTransactionResult>;
     getAddresses(): WalletAddress[];
     isConnected(): boolean;
@@ -207,11 +213,14 @@ declare class EmbeddedSolanaChain implements ISolanaChain {
         signature: Uint8Array;
         publicKey: string;
     }>;
-    signTransaction<T>(_transaction: T): Promise<T>;
-    signAndSendTransaction<T>(transaction: T): Promise<{
+    signTransaction(_transaction: Transaction | VersionedTransaction): Promise<Transaction | VersionedTransaction>;
+    signAndSendTransaction(transaction: Transaction | VersionedTransaction): Promise<{
         signature: string;
     }>;
-    signAllTransactions<T>(transactions: T[]): Promise<T[]>;
+    signAllTransactions(_transactions: (Transaction | VersionedTransaction)[]): Promise<(Transaction | VersionedTransaction)[]>;
+    signAndSendAllTransactions(transactions: (Transaction | VersionedTransaction)[]): Promise<{
+        signatures: string[];
+    }>;
     connect(_options?: {
         onlyIfTrusted?: boolean;
     }): Promise<{
@@ -250,6 +259,7 @@ declare class EmbeddedEthereumChain implements IEthereumChain {
     disconnect(): Promise<void>;
     signPersonalMessage(message: string, address: string): Promise<string>;
     signTypedData(typedData: any, address: string): Promise<string>;
+    signTransaction(transaction: EthTransactionRequest): Promise<string>;
     sendTransaction(transaction: EthTransactionRequest): Promise<string>;
     switchChain(chainId: number): Promise<void>;
     getChainId(): Promise<number>;
@@ -279,4 +289,4 @@ declare const AUTHENTICATOR_EXPIRATION_TIME_MS: number;
  */
 declare const AUTHENTICATOR_RENEWAL_WINDOW_MS: number;
 
-export { AUTHENTICATOR_EXPIRATION_TIME_MS, AUTHENTICATOR_RENEWAL_WINDOW_MS, AuthOptions, AuthProvider, AuthResult, ConnectResult, DebugLogger, EmbeddedEthereumChain, EmbeddedProvider, EmbeddedProviderConfig, EmbeddedProviderEvent, EmbeddedSolanaChain, EmbeddedStorage, EventCallback, JWTAuth, JWTAuthOptions, Keypair, PhantomConnectOptions, PlatformAdapter, Session, SignAndSendTransactionParams, SignMessageParams, SignMessageResult, SignedTransaction, StamperInfo, URLParamsAccessor, WalletAddress, generateSessionId, retryWithBackoff };
+export { AUTHENTICATOR_EXPIRATION_TIME_MS, AUTHENTICATOR_RENEWAL_WINDOW_MS, AuthOptions, AuthProvider, AuthResult, ConnectResult, DebugLogger, EmbeddedEthereumChain, EmbeddedProvider, EmbeddedProviderConfig, EmbeddedProviderEvent, EmbeddedSolanaChain, EmbeddedStorage, EventCallback, JWTAuth, JWTAuthOptions, Keypair, PhantomConnectOptions, PlatformAdapter, Session, SignAndSendTransactionParams, SignMessageParams, SignMessageResult, SignTransactionParams, SignedTransaction, StamperInfo, URLParamsAccessor, WalletAddress, generateSessionId, retryWithBackoff };

package/dist/index.d.ts

@@ -1,8 +1,8 @@
-import { StamperWithKeyManagement } from '@phantom/sdk-types';
+import { StamperWithKeyManagement, Transaction, VersionedTransaction } from '@phantom/sdk-types';
+import { ClientSideSdkHeaders, NetworkId } from '@phantom/constants';
 import { AddressType } from '@phantom/client';
-import { NetworkId } from '@phantom/constants';
 import { ParsedSignatureResult, ParsedTransactionResult } from '@phantom/parsers';
-import { ISolanaChain, IEthereumChain, EthTransactionRequest } from '@phantom/chains';
+import { ISolanaChain, IEthereumChain, EthTransactionRequest } from '@phantom/chain-interfaces';
 
 interface Keypair {
     publicKey: string;
@@ -66,7 +66,6 @@ interface AuthResult {
 }
 interface PhantomConnectOptions {
     organizationId: string;
-    parentOrganizationId: string;
     appId: string;
     provider?: "google" | "apple";
     redirectUrl?: string;
@@ -77,7 +76,6 @@ interface PhantomConnectOptions {
 interface JWTAuthOptions {
     appId: string;
     organizationId: string;
-    parentOrganizationId: string;
     jwtToken: string;
     customAuthData?: Record<string, any>;
 }
@@ -92,6 +90,7 @@ interface PlatformAdapter {
     authProvider: AuthProvider;
     urlParamsAccessor: URLParamsAccessor;
     stamper: StamperWithKeyManagement;
+    analyticsHeaders?: Partial<ClientSideSdkHeaders>;
 }
 interface DebugLogger {
     info(category: string, message: string, data?: any): void;
@@ -115,6 +114,10 @@ interface SignMessageParams {
 }
 interface SignMessageResult extends ParsedSignatureResult {
 }
+interface SignTransactionParams {
+    transaction: any;
+    networkId: NetworkId;
+}
 interface SignAndSendTransactionParams {
     transaction: any;
     networkId: NetworkId;
@@ -129,14 +132,12 @@ interface AuthOptions {
 interface EmbeddedProviderConfig {
     apiBaseUrl: string;
     appId: string;
-    organizationId: string;
-    authOptions?: {
-        authUrl?: string;
-        redirectUrl?: string;
+    authOptions: {
+        authUrl: string;
+        redirectUrl: string;
     };
     embeddedWalletType: "app-wallet" | "user-wallet" | (string & Record<never, never>);
-    addressTypes: [AddressType, ...AddressType[]];
-    solanaProvider: "web3js" | "kit" | (string & Record<never, never>);
+    addressTypes: AddressType[];
 }
 
 type EmbeddedProviderEvent = "connect" | "connect_start" | "connect_error" | "disconnect" | "error";
@@ -160,6 +161,10 @@ declare class EmbeddedProvider {
     on(event: EmbeddedProviderEvent, callback: EventCallback): void;
     off(event: EmbeddedProviderEvent, callback: EventCallback): void;
     private emit;
+    /**
+     * Get the appropriate address for a given network ID from available addresses
+     */
+    private getAddressForNetwork;
     private getAndFilterWalletAddresses;
     private validateAndCleanSession;
     private tryExistingConnection;
@@ -170,6 +175,7 @@ declare class EmbeddedProvider {
     connect(authOptions?: AuthOptions): Promise<ConnectResult>;
     disconnect(): Promise<void>;
     signMessage(params: SignMessageParams): Promise<ParsedSignatureResult>;
+    signTransaction(params: SignTransactionParams): Promise<ParsedTransactionResult>;
     signAndSendTransaction(params: SignAndSendTransactionParams): Promise<ParsedTransactionResult>;
     getAddresses(): WalletAddress[];
     isConnected(): boolean;
@@ -207,11 +213,14 @@ declare class EmbeddedSolanaChain implements ISolanaChain {
         signature: Uint8Array;
         publicKey: string;
     }>;
-    signTransaction<T>(_transaction: T): Promise<T>;
-    signAndSendTransaction<T>(transaction: T): Promise<{
+    signTransaction(_transaction: Transaction | VersionedTransaction): Promise<Transaction | VersionedTransaction>;
+    signAndSendTransaction(transaction: Transaction | VersionedTransaction): Promise<{
         signature: string;
     }>;
-    signAllTransactions<T>(transactions: T[]): Promise<T[]>;
+    signAllTransactions(_transactions: (Transaction | VersionedTransaction)[]): Promise<(Transaction | VersionedTransaction)[]>;
+    signAndSendAllTransactions(transactions: (Transaction | VersionedTransaction)[]): Promise<{
+        signatures: string[];
+    }>;
     connect(_options?: {
         onlyIfTrusted?: boolean;
     }): Promise<{
@@ -250,6 +259,7 @@ declare class EmbeddedEthereumChain implements IEthereumChain {
     disconnect(): Promise<void>;
     signPersonalMessage(message: string, address: string): Promise<string>;
     signTypedData(typedData: any, address: string): Promise<string>;
+    signTransaction(transaction: EthTransactionRequest): Promise<string>;
     sendTransaction(transaction: EthTransactionRequest): Promise<string>;
     switchChain(chainId: number): Promise<void>;
     getChainId(): Promise<number>;
@@ -279,4 +289,4 @@ declare const AUTHENTICATOR_EXPIRATION_TIME_MS: number;
  */
 declare const AUTHENTICATOR_RENEWAL_WINDOW_MS: number;
 
-export { AUTHENTICATOR_EXPIRATION_TIME_MS, AUTHENTICATOR_RENEWAL_WINDOW_MS, AuthOptions, AuthProvider, AuthResult, ConnectResult, DebugLogger, EmbeddedEthereumChain, EmbeddedProvider, EmbeddedProviderConfig, EmbeddedProviderEvent, EmbeddedSolanaChain, EmbeddedStorage, EventCallback, JWTAuth, JWTAuthOptions, Keypair, PhantomConnectOptions, PlatformAdapter, Session, SignAndSendTransactionParams, SignMessageParams, SignMessageResult, SignedTransaction, StamperInfo, URLParamsAccessor, WalletAddress, generateSessionId, retryWithBackoff };
+export { AUTHENTICATOR_EXPIRATION_TIME_MS, AUTHENTICATOR_RENEWAL_WINDOW_MS, AuthOptions, AuthProvider, AuthResult, ConnectResult, DebugLogger, EmbeddedEthereumChain, EmbeddedProvider, EmbeddedProviderConfig, EmbeddedProviderEvent, EmbeddedSolanaChain, EmbeddedStorage, EventCallback, JWTAuth, JWTAuthOptions, Keypair, PhantomConnectOptions, PlatformAdapter, Session, SignAndSendTransactionParams, SignMessageParams, SignMessageResult, SignTransactionParams, SignedTransaction, StamperInfo, URLParamsAccessor, WalletAddress, generateSessionId, retryWithBackoff };

package/dist/index.js

@@ -43,8 +43,9 @@ module.exports = __toCommonJS(src_exports);
 
 // src/embedded-provider.ts
 var import_client = require("@phantom/client");
-var import_base64url = require("@phantom/base64url");
-var import_bs58 = __toESM(require("bs58"));
+var import_utils = require("@phantom/utils");
+var import_base64url2 = require("@phantom/base64url");
+var import_bs582 = __toESM(require("bs58"));
 var import_parsers = require("@phantom/parsers");
 
 // src/constants.ts
@@ -70,8 +71,7 @@ var JWTAuth = class {
           "X-PHANTOM-APPID": options.appId
         },
         body: JSON.stringify({
-          organizationId: options.organizationId,
-          parentOrganizationId: options.parentOrganizationId,
+          appId: options.appId,
           customAuthData: options.customAuthData
         })
       });
@@ -171,7 +171,7 @@ async function retryWithBackoff(operation, operationName, logger, maxRetries = 3
 // src/chains/SolanaChain.ts
 var import_eventemitter3 = require("eventemitter3");
 var import_constants = require("@phantom/constants");
-var import_buffer = require("buffer");
+var import_bs58 = __toESM(require("bs58"));
 var EmbeddedSolanaChain = class {
   constructor(provider) {
     this.provider = provider;
@@ -202,15 +202,14 @@ var EmbeddedSolanaChain = class {
       message: messageStr,
       networkId: this.currentNetworkId
     });
-    const signature = typeof result.signature === "string" ? new Uint8Array(import_buffer.Buffer.from(result.signature, "base64")) : result.signature;
+    const signature = typeof result.signature === "string" ? new Uint8Array(import_bs58.default.decode(result.signature)) : result.signature;
     return {
       signature,
       publicKey: this._publicKey || ""
     };
   }
   signTransaction(_transaction) {
-    this.ensureConnected();
-    throw new Error("signTransaction not yet implemented for embedded provider");
+    return Promise.reject(new Error("signTransaction is not supported in embedded provider. Use signAndSendTransaction instead."));
   }
   async signAndSendTransaction(transaction) {
     this.ensureConnected();
@@ -223,9 +222,12 @@ var EmbeddedSolanaChain = class {
     }
     return { signature: result.hash };
   }
-  async signAllTransactions(transactions) {
-    const results = await Promise.all(transactions.map((tx) => this.signTransaction(tx)));
-    return results;
+  signAllTransactions(_transactions) {
+    return Promise.reject(new Error("signAllTransactions is not supported in embedded provider. Use signAndSendAllTransactions instead."));
+  }
+  async signAndSendAllTransactions(transactions) {
+    const results = await Promise.all(transactions.map((tx) => this.signAndSendTransaction(tx)));
+    return { signatures: results.map((result) => result.signature) };
   }
   connect(_options) {
     if (!this.provider.isConnected()) {
@@ -293,6 +295,8 @@ var EmbeddedSolanaChain = class {
 // src/chains/EthereumChain.ts
 var import_eventemitter32 = require("eventemitter3");
 var import_constants2 = require("@phantom/constants");
+var import_base64url = require("@phantom/base64url");
+var import_buffer = require("buffer");
 var EmbeddedEthereumChain = class {
   constructor(provider) {
     this.provider = provider;
@@ -349,6 +353,18 @@ var EmbeddedEthereumChain = class {
       params: [address, JSON.stringify(typedData)]
     });
   }
+  async signTransaction(transaction) {
+    const result = await this.provider.signTransaction({
+      transaction,
+      networkId: this.currentNetworkId
+    });
+    try {
+      const signatureBytes = (0, import_base64url.base64urlDecode)(result.rawTransaction);
+      return "0x" + import_buffer.Buffer.from(signatureBytes).toString("hex");
+    } catch (error) {
+      return result.rawTransaction.startsWith("0x") ? result.rawTransaction : "0x" + result.rawTransaction;
+    }
+  }
   async sendTransaction(transaction) {
     const result = await this.provider.signAndSendTransaction({
       transaction,
@@ -426,6 +442,17 @@ var EmbeddedEthereumChain = class {
         });
         return typedDataResult.signature;
       }
+      case "eth_signTransaction": {
+        const [transaction] = args.params;
+        const networkIdFromTx = transaction.chainId ? (0, import_constants2.chainIdToNetworkId)(
+          typeof transaction.chainId === "number" ? transaction.chainId : parseInt(transaction.chainId, 16)
+        ) : null;
+        const signResult = await this.provider.signTransaction({
+          transaction,
+          networkId: networkIdFromTx || this.currentNetworkId
+        });
+        return signResult.rawTransaction;
+      }
       case "eth_sendTransaction": {
         const [transaction] = args.params;
         const networkIdFromTx = transaction.chainId ? (0, import_constants2.chainIdToNetworkId)(
@@ -473,6 +500,9 @@ var EmbeddedProvider = class {
     this.eventListeners = /* @__PURE__ */ new Map();
     this.logger = logger;
     this.logger.log("EMBEDDED_PROVIDER", "Initializing EmbeddedProvider", { config });
+    if (config.embeddedWalletType === "app-wallet") {
+      throw new Error("app-wallet type is not currently supported. Please use 'user-wallet' instead.");
+    }
     this.config = config;
     this.platform = platform;
     this.storage = platform.storage;
@@ -480,7 +510,6 @@ var EmbeddedProvider = class {
     this.urlParamsAccessor = platform.urlParamsAccessor;
     this.stamper = platform.stamper;
     this.jwtAuth = new JWTAuth();
-    config.solanaProvider;
     this.solana = new EmbeddedSolanaChain(this);
     this.ethereum = new EmbeddedEthereumChain(this);
     this.logger.info("EMBEDDED_PROVIDER", "EmbeddedProvider initialized");
@@ -515,6 +544,35 @@ var EmbeddedProvider = class {
       });
     }
   }
+  /**
+   * Get the appropriate address for a given network ID from available addresses
+   */
+  getAddressForNetwork(networkId) {
+    const network = networkId.split(":")[0].toLowerCase();
+    let targetAddressType;
+    switch (network) {
+      case "solana":
+        targetAddressType = import_client.AddressType.solana;
+        break;
+      case "eip155":
+        targetAddressType = import_client.AddressType.ethereum;
+        break;
+      case "bitcoin":
+      case "btc":
+        targetAddressType = import_client.AddressType.bitcoinSegwit;
+        break;
+      case "sui":
+        targetAddressType = import_client.AddressType.sui;
+        break;
+      default:
+        targetAddressType = import_client.AddressType.ethereum;
+        break;
+    }
+    const matchingAddress = this.addresses.find(
+      (addr) => addr.addressType.toLowerCase() === targetAddressType.toLowerCase()
+    );
+    return matchingAddress?.address;
+  }
   async getAndFilterWalletAddresses(walletId) {
     const session = await this.storage.getSession();
     const derivationIndex = session?.accountDerivationIndex ?? 0;
@@ -747,21 +805,24 @@ var EmbeddedProvider = class {
     this.logger.log("EMBEDDED_PROVIDER", "Creating temporary PhantomClient");
     const tempClient = new import_client.PhantomClient(
       {
-        apiBaseUrl: this.config.apiBaseUrl
+        apiBaseUrl: this.config.apiBaseUrl,
+        headers: {
+          ...this.platform.analyticsHeaders || {}
+        }
       },
       this.stamper
     );
     const platformName = this.platform.name || "unknown";
     const shortPubKey = stamperInfo.publicKey.slice(0, 8);
-    const organizationName = `${this.config.organizationId}-${platformName}-${shortPubKey}`;
+    const organizationName = `${this.config.appId.substring(0, 8)}-${platformName}-${shortPubKey}`;
     this.logger.log("EMBEDDED_PROVIDER", "Creating organization", {
       organizationName,
       publicKey: stamperInfo.publicKey,
       platform: platformName
     });
-    const base64urlPublicKey = (0, import_base64url.base64urlEncode)(import_bs58.default.decode(stamperInfo.publicKey));
-    const expiresAtMs = Date.now() + AUTHENTICATOR_EXPIRATION_TIME_MS;
-    const username = `user-${shortPubKey}`;
+    const base64urlPublicKey = (0, import_base64url2.base64urlEncode)(import_bs582.default.decode(stamperInfo.publicKey));
+    const expiresInMs = AUTHENTICATOR_EXPIRATION_TIME_MS;
+    const username = `user-${(0, import_utils.randomUUID)()}`;
     const { organizationId } = await tempClient.createOrganization(organizationName, [
       {
         username,
@@ -773,13 +834,13 @@ var EmbeddedProvider = class {
             publicKey: base64urlPublicKey,
             algorithm: "Ed25519"
             // Commented for now until KMS supports fully expirable organizations
-            // expiresAtMs: expiresAtMs,
+            // expiresInMs: expiresInMs,
           }
         ]
       }
     ]);
     this.logger.info("EMBEDDED_PROVIDER", "Organization created", { organizationId });
-    return { organizationId, stamperInfo, expiresAtMs, username };
+    return { organizationId, stamperInfo, expiresInMs, username };
   }
   async connect(authOptions) {
     try {
@@ -808,8 +869,8 @@ var EmbeddedProvider = class {
       }
       this.validateAuthOptions(authOptions);
       this.logger.info("EMBEDDED_PROVIDER", "No existing connection, creating new auth flow");
-      const { organizationId, stamperInfo, expiresAtMs, username } = await this.createOrganizationAndStamper();
-      const session = await this.handleAuthFlow(organizationId, stamperInfo, authOptions, expiresAtMs, username);
+      const { organizationId, stamperInfo, expiresInMs, username } = await this.createOrganizationAndStamper();
+      const session = await this.handleAuthFlow(organizationId, stamperInfo, authOptions, expiresInMs, username);
       if (!session) {
         return {
           addresses: [],
@@ -907,6 +968,37 @@ var EmbeddedProvider = class {
     });
     return (0, import_parsers.parseSignMessageResponse)(rawResponse, params.networkId);
   }
+  async signTransaction(params) {
+    if (!this.client || !this.walletId) {
+      throw new Error("Not connected");
+    }
+    await this.ensureValidAuthenticator();
+    this.logger.info("EMBEDDED_PROVIDER", "Signing transaction", {
+      walletId: this.walletId,
+      networkId: params.networkId
+    });
+    const parsedTransaction = await (0, import_parsers.parseTransactionToBase64Url)(params.transaction, params.networkId);
+    const session = await this.storage.getSession();
+    const derivationIndex = session?.accountDerivationIndex ?? 0;
+    this.logger.log("EMBEDDED_PROVIDER", "Parsed transaction for signing", {
+      walletId: this.walletId,
+      transaction: parsedTransaction,
+      derivationIndex
+    });
+    const rawResponse = await this.client.signTransaction({
+      walletId: this.walletId,
+      transaction: parsedTransaction.base64url,
+      networkId: params.networkId,
+      derivationIndex,
+      account: this.getAddressForNetwork(params.networkId)
+    });
+    this.logger.info("EMBEDDED_PROVIDER", "Transaction signed successfully", {
+      walletId: this.walletId,
+      networkId: params.networkId,
+      rawTransaction: rawResponse.rawTransaction
+    });
+    return await (0, import_parsers.parseTransactionResponse)(rawResponse.rawTransaction, params.networkId);
+  }
   async signAndSendTransaction(params) {
     if (!this.client || !this.walletId) {
       throw new Error("Not connected");
@@ -928,7 +1020,8 @@ var EmbeddedProvider = class {
       walletId: this.walletId,
       transaction: parsedTransaction.base64url,
       networkId: params.networkId,
-      derivationIndex
+      derivationIndex,
+      account: this.getAddressForNetwork(params.networkId)
     });
     this.logger.info("EMBEDDED_PROVIDER", "Transaction signed and sent successfully", {
       walletId: this.walletId,
@@ -949,17 +1042,16 @@ var EmbeddedProvider = class {
    * It handles app-wallet creation directly or routes to JWT/redirect authentication for user-wallets.
    * Returns null for redirect flows since they don't complete synchronously.
    */
-  async handleAuthFlow(organizationId, stamperInfo, authOptions, expiresAtMs, username) {
+  async handleAuthFlow(organizationId, stamperInfo, authOptions, expiresInMs, username) {
     if (this.config.embeddedWalletType === "user-wallet") {
       this.logger.info("EMBEDDED_PROVIDER", "Creating user-wallet, routing authentication", {
         authProvider: authOptions?.provider || "phantom-connect"
       });
       if (authOptions?.provider === "jwt") {
-        return await this.handleJWTAuth(organizationId, stamperInfo, authOptions, expiresAtMs, username);
+        return await this.handleJWTAuth(organizationId, stamperInfo, authOptions, expiresInMs, username);
       } else {
         this.logger.info("EMBEDDED_PROVIDER", "Starting redirect-based authentication flow", {
           organizationId,
-          parentOrganizationId: this.config.organizationId,
           provider: authOptions?.provider
         });
         return await this.handleRedirectAuth(organizationId, stamperInfo, authOptions, username);
@@ -971,7 +1063,10 @@ var EmbeddedProvider = class {
       const tempClient = new import_client.PhantomClient(
         {
           apiBaseUrl: this.config.apiBaseUrl,
-          organizationId
+          organizationId,
+          headers: {
+            ...this.platform.analyticsHeaders || {}
+          }
         },
         this.stamper
       );
@@ -992,7 +1087,7 @@ var EmbeddedProvider = class {
         createdAt: now,
         lastUsed: now,
         authenticatorCreatedAt: now,
-        authenticatorExpiresAt: expiresAtMs,
+        authenticatorExpiresAt: Date.now() + expiresInMs,
         lastRenewalAttempt: void 0,
         username
       };
@@ -1005,7 +1100,7 @@ var EmbeddedProvider = class {
    * We use this method to handle JWT-based authentication for user-wallets.
    * It authenticates using the provided JWT token and creates a completed session.
    */
-  async handleJWTAuth(organizationId, stamperInfo, authOptions, expiresAtMs, username) {
+  async handleJWTAuth(organizationId, stamperInfo, authOptions, expiresInMs, username) {
     this.logger.info("EMBEDDED_PROVIDER", "Using JWT authentication flow");
     if (!authOptions.jwtToken) {
       this.logger.error("EMBEDDED_PROVIDER", "JWT token missing for JWT authentication");
@@ -1015,7 +1110,6 @@ var EmbeddedProvider = class {
     const authResult = await this.jwtAuth.authenticate({
       organizationId,
       appId: this.config.appId,
-      parentOrganizationId: this.config.organizationId,
       jwtToken: authOptions.jwtToken,
       customAuthData: authOptions.customAuthData
     });
@@ -1035,7 +1129,7 @@ var EmbeddedProvider = class {
       createdAt: now,
       lastUsed: now,
       authenticatorCreatedAt: now,
-      authenticatorExpiresAt: expiresAtMs,
+      authenticatorExpiresAt: Date.now() + expiresInMs,
       lastRenewalAttempt: void 0,
       username
     };
@@ -1051,8 +1145,8 @@ var EmbeddedProvider = class {
   async handleRedirectAuth(organizationId, stamperInfo, authOptions, username) {
     this.logger.info("EMBEDDED_PROVIDER", "Using Phantom Connect authentication flow (redirect-based)", {
       provider: authOptions?.provider,
-      hasRedirectUrl: !!this.config.authOptions?.redirectUrl,
-      authUrl: this.config.authOptions?.authUrl
+      hasRedirectUrl: !!this.config.authOptions.redirectUrl,
+      authUrl: this.config.authOptions.authUrl
     });
     const now = Date.now();
     const sessionId = generateSessionId();
@@ -1073,7 +1167,7 @@ var EmbeddedProvider = class {
       authenticatorCreatedAt: now,
       authenticatorExpiresAt: now + AUTHENTICATOR_EXPIRATION_TIME_MS,
       lastRenewalAttempt: void 0,
-      username: username || `user-${stamperInfo.keyId.substring(0, 8)}`
+      username: username || `user-${(0, import_utils.randomUUID)()}`
     };
     this.logger.log("EMBEDDED_PROVIDER", "Saving temporary session before redirect", {
       sessionId: tempSession.sessionId,
@@ -1083,19 +1177,17 @@ var EmbeddedProvider = class {
     await this.storage.saveSession(tempSession);
     this.logger.info("EMBEDDED_PROVIDER", "Starting Phantom Connect redirect", {
       organizationId,
-      parentOrganizationId: this.config.organizationId,
       appId: this.config.appId,
       provider: authOptions?.provider,
-      authUrl: this.config.authOptions?.authUrl
+      authUrl: this.config.authOptions.authUrl
     });
     const authResult = await this.authProvider.authenticate({
       organizationId,
       appId: this.config.appId,
-      parentOrganizationId: this.config.organizationId,
       provider: authOptions?.provider,
-      redirectUrl: this.config.authOptions?.redirectUrl,
+      redirectUrl: this.config.authOptions.redirectUrl,
       customAuthData: authOptions?.customAuthData,
-      authUrl: this.config.authOptions?.authUrl,
+      authUrl: this.config.authOptions.authUrl,
       sessionId
     });
     if (authResult && "walletId" in authResult) {
@@ -1190,8 +1282,8 @@ var EmbeddedProvider = class {
         newKeyId: newKeyInfo.keyId,
         newPublicKey: newKeyInfo.publicKey
       });
-      const base64urlPublicKey = (0, import_base64url.base64urlEncode)(import_bs58.default.decode(newKeyInfo.publicKey));
-      const expiresAtMs = Date.now() + AUTHENTICATOR_EXPIRATION_TIME_MS;
+      const base64urlPublicKey = (0, import_base64url2.base64urlEncode)(import_bs582.default.decode(newKeyInfo.publicKey));
+      const expiresInMs = AUTHENTICATOR_EXPIRATION_TIME_MS;
       let authenticatorResult;
       try {
         authenticatorResult = await this.client.createAuthenticator({
@@ -1204,7 +1296,7 @@ var EmbeddedProvider = class {
             publicKey: base64urlPublicKey,
             algorithm: "Ed25519"
             // Commented for now until KMS supports fully expiring organizations
-            // expiresAtMs: expiresAtMs,
+            // expiresInMs: expiresInMs,
           },
           replaceExpirable: true
         });
@@ -1224,12 +1316,12 @@ var EmbeddedProvider = class {
       const now = Date.now();
       session.stamperInfo = newKeyInfo;
       session.authenticatorCreatedAt = now;
-      session.authenticatorExpiresAt = expiresAtMs;
+      session.authenticatorExpiresAt = Date.now() + expiresInMs;
       session.lastRenewalAttempt = now;
       await this.storage.saveSession(session);
       this.logger.info("EMBEDDED_PROVIDER", "Authenticator renewal completed successfully", {
         newKeyId: newKeyInfo.keyId,
-        expiresAt: new Date(expiresAtMs).toISOString()
+        expiresAt: new Date(Date.now() + expiresInMs).toISOString()
       });
     } catch (error) {
       await this.stamper.rollbackRotation();
@@ -1252,7 +1344,10 @@ var EmbeddedProvider = class {
     this.client = new import_client.PhantomClient(
       {
         apiBaseUrl: this.config.apiBaseUrl,
-        organizationId: session.organizationId
+        organizationId: session.organizationId,
+        headers: {
+          ...this.platform.analyticsHeaders || {}
+        }
       },
       this.stamper
     );