@phantom/embedded-provider-core 1.0.0-beta.1 → 1.0.0-beta.3

package/README.md

@@ -60,7 +60,6 @@ const config: EmbeddedProviderConfig = {
   appId: "your-app-id",
   embeddedWalletType: "user-wallet", // or 'app-wallet'
   addressTypes: ["solana", "ethereum"],
-  solanaProvider: "web3js",
   authOptions: {
     authUrl: "https://auth.phantom.app",
     redirectUrl: "https://your-app.com/callback",
@@ -276,7 +275,6 @@ interface EmbeddedProviderConfig {
   addressTypes: [AddressType, ...AddressType[]]; // Supported blockchain addresses
 
   // Optional
-  solanaProvider?: "web3js" | "kit"; // Solana library preference
   authOptions?: {
     authUrl?: string; // Custom auth URL
     redirectUrl?: string; // OAuth redirect URL

package/dist/index.d.mts

@@ -1,6 +1,6 @@
 import { StamperWithKeyManagement } from '@phantom/sdk-types';
+import { ClientSideSdkHeaders, NetworkId } from '@phantom/constants';
 import { AddressType } from '@phantom/client';
-import { NetworkId } from '@phantom/constants';
 import { ParsedSignatureResult, ParsedTransactionResult } from '@phantom/parsers';
 import { ISolanaChain, IEthereumChain, EthTransactionRequest } from '@phantom/chains';
 
@@ -92,6 +92,7 @@ interface PlatformAdapter {
     authProvider: AuthProvider;
     urlParamsAccessor: URLParamsAccessor;
     stamper: StamperWithKeyManagement;
+    analyticsHeaders?: Partial<ClientSideSdkHeaders>;
 }
 interface DebugLogger {
     info(category: string, message: string, data?: any): void;
@@ -115,6 +116,10 @@ interface SignMessageParams {
 }
 interface SignMessageResult extends ParsedSignatureResult {
 }
+interface SignTransactionParams {
+    transaction: any;
+    networkId: NetworkId;
+}
 interface SignAndSendTransactionParams {
     transaction: any;
     networkId: NetworkId;
@@ -130,13 +135,12 @@ interface EmbeddedProviderConfig {
     apiBaseUrl: string;
     appId: string;
     organizationId: string;
-    authOptions?: {
-        authUrl?: string;
-        redirectUrl?: string;
+    authOptions: {
+        authUrl: string;
+        redirectUrl: string;
     };
     embeddedWalletType: "app-wallet" | "user-wallet" | (string & Record<never, never>);
     addressTypes: [AddressType, ...AddressType[]];
-    solanaProvider: "web3js" | "kit" | (string & Record<never, never>);
 }
 
 type EmbeddedProviderEvent = "connect" | "connect_start" | "connect_error" | "disconnect" | "error";
@@ -170,6 +174,7 @@ declare class EmbeddedProvider {
     connect(authOptions?: AuthOptions): Promise<ConnectResult>;
     disconnect(): Promise<void>;
     signMessage(params: SignMessageParams): Promise<ParsedSignatureResult>;
+    signTransaction(params: SignTransactionParams): Promise<ParsedTransactionResult>;
     signAndSendTransaction(params: SignAndSendTransactionParams): Promise<ParsedTransactionResult>;
     getAddresses(): WalletAddress[];
     isConnected(): boolean;
@@ -207,11 +212,14 @@ declare class EmbeddedSolanaChain implements ISolanaChain {
         signature: Uint8Array;
         publicKey: string;
     }>;
-    signTransaction<T>(_transaction: T): Promise<T>;
+    signTransaction<T>(transaction: T): Promise<T>;
     signAndSendTransaction<T>(transaction: T): Promise<{
         signature: string;
     }>;
     signAllTransactions<T>(transactions: T[]): Promise<T[]>;
+    signAndSendAllTransactions<T>(transactions: T[]): Promise<{
+        signatures: string[];
+    }>;
     connect(_options?: {
         onlyIfTrusted?: boolean;
     }): Promise<{
@@ -250,6 +258,7 @@ declare class EmbeddedEthereumChain implements IEthereumChain {
     disconnect(): Promise<void>;
     signPersonalMessage(message: string, address: string): Promise<string>;
     signTypedData(typedData: any, address: string): Promise<string>;
+    signTransaction(transaction: EthTransactionRequest): Promise<string>;
     sendTransaction(transaction: EthTransactionRequest): Promise<string>;
     switchChain(chainId: number): Promise<void>;
     getChainId(): Promise<number>;
@@ -279,4 +288,4 @@ declare const AUTHENTICATOR_EXPIRATION_TIME_MS: number;
  */
 declare const AUTHENTICATOR_RENEWAL_WINDOW_MS: number;
 
-export { AUTHENTICATOR_EXPIRATION_TIME_MS, AUTHENTICATOR_RENEWAL_WINDOW_MS, AuthOptions, AuthProvider, AuthResult, ConnectResult, DebugLogger, EmbeddedEthereumChain, EmbeddedProvider, EmbeddedProviderConfig, EmbeddedProviderEvent, EmbeddedSolanaChain, EmbeddedStorage, EventCallback, JWTAuth, JWTAuthOptions, Keypair, PhantomConnectOptions, PlatformAdapter, Session, SignAndSendTransactionParams, SignMessageParams, SignMessageResult, SignedTransaction, StamperInfo, URLParamsAccessor, WalletAddress, generateSessionId, retryWithBackoff };
+export { AUTHENTICATOR_EXPIRATION_TIME_MS, AUTHENTICATOR_RENEWAL_WINDOW_MS, AuthOptions, AuthProvider, AuthResult, ConnectResult, DebugLogger, EmbeddedEthereumChain, EmbeddedProvider, EmbeddedProviderConfig, EmbeddedProviderEvent, EmbeddedSolanaChain, EmbeddedStorage, EventCallback, JWTAuth, JWTAuthOptions, Keypair, PhantomConnectOptions, PlatformAdapter, Session, SignAndSendTransactionParams, SignMessageParams, SignMessageResult, SignTransactionParams, SignedTransaction, StamperInfo, URLParamsAccessor, WalletAddress, generateSessionId, retryWithBackoff };

package/dist/index.d.ts

@@ -1,6 +1,6 @@
 import { StamperWithKeyManagement } from '@phantom/sdk-types';
+import { ClientSideSdkHeaders, NetworkId } from '@phantom/constants';
 import { AddressType } from '@phantom/client';
-import { NetworkId } from '@phantom/constants';
 import { ParsedSignatureResult, ParsedTransactionResult } from '@phantom/parsers';
 import { ISolanaChain, IEthereumChain, EthTransactionRequest } from '@phantom/chains';
 
@@ -92,6 +92,7 @@ interface PlatformAdapter {
     authProvider: AuthProvider;
     urlParamsAccessor: URLParamsAccessor;
     stamper: StamperWithKeyManagement;
+    analyticsHeaders?: Partial<ClientSideSdkHeaders>;
 }
 interface DebugLogger {
     info(category: string, message: string, data?: any): void;
@@ -115,6 +116,10 @@ interface SignMessageParams {
 }
 interface SignMessageResult extends ParsedSignatureResult {
 }
+interface SignTransactionParams {
+    transaction: any;
+    networkId: NetworkId;
+}
 interface SignAndSendTransactionParams {
     transaction: any;
     networkId: NetworkId;
@@ -130,13 +135,12 @@ interface EmbeddedProviderConfig {
     apiBaseUrl: string;
     appId: string;
     organizationId: string;
-    authOptions?: {
-        authUrl?: string;
-        redirectUrl?: string;
+    authOptions: {
+        authUrl: string;
+        redirectUrl: string;
     };
     embeddedWalletType: "app-wallet" | "user-wallet" | (string & Record<never, never>);
     addressTypes: [AddressType, ...AddressType[]];
-    solanaProvider: "web3js" | "kit" | (string & Record<never, never>);
 }
 
 type EmbeddedProviderEvent = "connect" | "connect_start" | "connect_error" | "disconnect" | "error";
@@ -170,6 +174,7 @@ declare class EmbeddedProvider {
     connect(authOptions?: AuthOptions): Promise<ConnectResult>;
     disconnect(): Promise<void>;
     signMessage(params: SignMessageParams): Promise<ParsedSignatureResult>;
+    signTransaction(params: SignTransactionParams): Promise<ParsedTransactionResult>;
     signAndSendTransaction(params: SignAndSendTransactionParams): Promise<ParsedTransactionResult>;
     getAddresses(): WalletAddress[];
     isConnected(): boolean;
@@ -207,11 +212,14 @@ declare class EmbeddedSolanaChain implements ISolanaChain {
         signature: Uint8Array;
         publicKey: string;
     }>;
-    signTransaction<T>(_transaction: T): Promise<T>;
+    signTransaction<T>(transaction: T): Promise<T>;
     signAndSendTransaction<T>(transaction: T): Promise<{
         signature: string;
     }>;
     signAllTransactions<T>(transactions: T[]): Promise<T[]>;
+    signAndSendAllTransactions<T>(transactions: T[]): Promise<{
+        signatures: string[];
+    }>;
     connect(_options?: {
         onlyIfTrusted?: boolean;
     }): Promise<{
@@ -250,6 +258,7 @@ declare class EmbeddedEthereumChain implements IEthereumChain {
     disconnect(): Promise<void>;
     signPersonalMessage(message: string, address: string): Promise<string>;
     signTypedData(typedData: any, address: string): Promise<string>;
+    signTransaction(transaction: EthTransactionRequest): Promise<string>;
     sendTransaction(transaction: EthTransactionRequest): Promise<string>;
     switchChain(chainId: number): Promise<void>;
     getChainId(): Promise<number>;
@@ -279,4 +288,4 @@ declare const AUTHENTICATOR_EXPIRATION_TIME_MS: number;
  */
 declare const AUTHENTICATOR_RENEWAL_WINDOW_MS: number;
 
-export { AUTHENTICATOR_EXPIRATION_TIME_MS, AUTHENTICATOR_RENEWAL_WINDOW_MS, AuthOptions, AuthProvider, AuthResult, ConnectResult, DebugLogger, EmbeddedEthereumChain, EmbeddedProvider, EmbeddedProviderConfig, EmbeddedProviderEvent, EmbeddedSolanaChain, EmbeddedStorage, EventCallback, JWTAuth, JWTAuthOptions, Keypair, PhantomConnectOptions, PlatformAdapter, Session, SignAndSendTransactionParams, SignMessageParams, SignMessageResult, SignedTransaction, StamperInfo, URLParamsAccessor, WalletAddress, generateSessionId, retryWithBackoff };
+export { AUTHENTICATOR_EXPIRATION_TIME_MS, AUTHENTICATOR_RENEWAL_WINDOW_MS, AuthOptions, AuthProvider, AuthResult, ConnectResult, DebugLogger, EmbeddedEthereumChain, EmbeddedProvider, EmbeddedProviderConfig, EmbeddedProviderEvent, EmbeddedSolanaChain, EmbeddedStorage, EventCallback, JWTAuth, JWTAuthOptions, Keypair, PhantomConnectOptions, PlatformAdapter, Session, SignAndSendTransactionParams, SignMessageParams, SignMessageResult, SignTransactionParams, SignedTransaction, StamperInfo, URLParamsAccessor, WalletAddress, generateSessionId, retryWithBackoff };

package/dist/index.js

@@ -43,9 +43,9 @@ module.exports = __toCommonJS(src_exports);
 
 // src/embedded-provider.ts
 var import_client = require("@phantom/client");
-var import_base64url = require("@phantom/base64url");
-var import_bs58 = __toESM(require("bs58"));
-var import_parsers = require("@phantom/parsers");
+var import_base64url2 = require("@phantom/base64url");
+var import_bs582 = __toESM(require("bs58"));
+var import_parsers2 = require("@phantom/parsers");
 
 // src/constants.ts
 var AUTHENTICATOR_EXPIRATION_TIME_MS = 7 * 24 * 60 * 60 * 1e3;
@@ -171,7 +171,8 @@ async function retryWithBackoff(operation, operationName, logger, maxRetries = 3
 // src/chains/SolanaChain.ts
 var import_eventemitter3 = require("eventemitter3");
 var import_constants = require("@phantom/constants");
-var import_buffer = require("buffer");
+var import_bs58 = __toESM(require("bs58"));
+var import_parsers = require("@phantom/parsers");
 var EmbeddedSolanaChain = class {
   constructor(provider) {
     this.provider = provider;
@@ -202,15 +203,20 @@ var EmbeddedSolanaChain = class {
       message: messageStr,
       networkId: this.currentNetworkId
     });
-    const signature = typeof result.signature === "string" ? new Uint8Array(import_buffer.Buffer.from(result.signature, "base64")) : result.signature;
+    const signature = typeof result.signature === "string" ? new Uint8Array(import_bs58.default.decode(result.signature)) : result.signature;
     return {
       signature,
       publicKey: this._publicKey || ""
     };
   }
-  signTransaction(_transaction) {
+  async signTransaction(transaction) {
     this.ensureConnected();
-    throw new Error("signTransaction not yet implemented for embedded provider");
+    const result = await this.provider.signTransaction({
+      transaction,
+      networkId: this.currentNetworkId
+    });
+    const signatureResult = (0, import_parsers.parseSolanaTransactionSignature)(result.rawTransaction);
+    return signatureResult.signature;
   }
   async signAndSendTransaction(transaction) {
     this.ensureConnected();
@@ -227,6 +233,10 @@ var EmbeddedSolanaChain = class {
     const results = await Promise.all(transactions.map((tx) => this.signTransaction(tx)));
     return results;
   }
+  async signAndSendAllTransactions(transactions) {
+    const results = await Promise.all(transactions.map((tx) => this.signAndSendTransaction(tx)));
+    return { signatures: results.map((result) => result.signature) };
+  }
   connect(_options) {
     if (!this.provider.isConnected()) {
       throw new Error("Provider not connected. Call provider connect first.");
@@ -293,6 +303,8 @@ var EmbeddedSolanaChain = class {
 // src/chains/EthereumChain.ts
 var import_eventemitter32 = require("eventemitter3");
 var import_constants2 = require("@phantom/constants");
+var import_base64url = require("@phantom/base64url");
+var import_buffer = require("buffer");
 var EmbeddedEthereumChain = class {
   constructor(provider) {
     this.provider = provider;
@@ -349,6 +361,18 @@ var EmbeddedEthereumChain = class {
       params: [address, JSON.stringify(typedData)]
     });
   }
+  async signTransaction(transaction) {
+    const result = await this.provider.signTransaction({
+      transaction,
+      networkId: this.currentNetworkId
+    });
+    try {
+      const signatureBytes = (0, import_base64url.base64urlDecode)(result.rawTransaction);
+      return "0x" + import_buffer.Buffer.from(signatureBytes).toString("hex");
+    } catch (error) {
+      return result.rawTransaction.startsWith("0x") ? result.rawTransaction : "0x" + result.rawTransaction;
+    }
+  }
   async sendTransaction(transaction) {
     const result = await this.provider.signAndSendTransaction({
       transaction,
@@ -426,6 +450,17 @@ var EmbeddedEthereumChain = class {
         });
         return typedDataResult.signature;
       }
+      case "eth_signTransaction": {
+        const [transaction] = args.params;
+        const networkIdFromTx = transaction.chainId ? (0, import_constants2.chainIdToNetworkId)(
+          typeof transaction.chainId === "number" ? transaction.chainId : parseInt(transaction.chainId, 16)
+        ) : null;
+        const signResult = await this.provider.signTransaction({
+          transaction,
+          networkId: networkIdFromTx || this.currentNetworkId
+        });
+        return signResult.rawTransaction;
+      }
       case "eth_sendTransaction": {
         const [transaction] = args.params;
         const networkIdFromTx = transaction.chainId ? (0, import_constants2.chainIdToNetworkId)(
@@ -473,6 +508,9 @@ var EmbeddedProvider = class {
     this.eventListeners = /* @__PURE__ */ new Map();
     this.logger = logger;
     this.logger.log("EMBEDDED_PROVIDER", "Initializing EmbeddedProvider", { config });
+    if (config.embeddedWalletType === "app-wallet") {
+      throw new Error("app-wallet type is not currently supported. Please use 'user-wallet' instead.");
+    }
     this.config = config;
     this.platform = platform;
     this.storage = platform.storage;
@@ -480,7 +518,6 @@ var EmbeddedProvider = class {
     this.urlParamsAccessor = platform.urlParamsAccessor;
     this.stamper = platform.stamper;
     this.jwtAuth = new JWTAuth();
-    config.solanaProvider;
     this.solana = new EmbeddedSolanaChain(this);
     this.ethereum = new EmbeddedEthereumChain(this);
     this.logger.info("EMBEDDED_PROVIDER", "EmbeddedProvider initialized");
@@ -747,7 +784,10 @@ var EmbeddedProvider = class {
     this.logger.log("EMBEDDED_PROVIDER", "Creating temporary PhantomClient");
     const tempClient = new import_client.PhantomClient(
       {
-        apiBaseUrl: this.config.apiBaseUrl
+        apiBaseUrl: this.config.apiBaseUrl,
+        headers: {
+          ...this.platform.analyticsHeaders || {}
+        }
       },
       this.stamper
     );
@@ -759,8 +799,8 @@ var EmbeddedProvider = class {
       publicKey: stamperInfo.publicKey,
       platform: platformName
     });
-    const base64urlPublicKey = (0, import_base64url.base64urlEncode)(import_bs58.default.decode(stamperInfo.publicKey));
-    const expiresAtMs = Date.now() + AUTHENTICATOR_EXPIRATION_TIME_MS;
+    const base64urlPublicKey = (0, import_base64url2.base64urlEncode)(import_bs582.default.decode(stamperInfo.publicKey));
+    const expiresInMs = AUTHENTICATOR_EXPIRATION_TIME_MS;
     const username = `user-${shortPubKey}`;
     const { organizationId } = await tempClient.createOrganization(organizationName, [
       {
@@ -773,13 +813,13 @@ var EmbeddedProvider = class {
             publicKey: base64urlPublicKey,
             algorithm: "Ed25519"
             // Commented for now until KMS supports fully expirable organizations
-            // expiresAtMs: expiresAtMs,
+            // expiresInMs: expiresInMs,
           }
         ]
       }
     ]);
     this.logger.info("EMBEDDED_PROVIDER", "Organization created", { organizationId });
-    return { organizationId, stamperInfo, expiresAtMs, username };
+    return { organizationId, stamperInfo, expiresInMs, username };
   }
   async connect(authOptions) {
     try {
@@ -808,8 +848,8 @@ var EmbeddedProvider = class {
       }
       this.validateAuthOptions(authOptions);
       this.logger.info("EMBEDDED_PROVIDER", "No existing connection, creating new auth flow");
-      const { organizationId, stamperInfo, expiresAtMs, username } = await this.createOrganizationAndStamper();
-      const session = await this.handleAuthFlow(organizationId, stamperInfo, authOptions, expiresAtMs, username);
+      const { organizationId, stamperInfo, expiresInMs, username } = await this.createOrganizationAndStamper();
+      const session = await this.handleAuthFlow(organizationId, stamperInfo, authOptions, expiresInMs, username);
       if (!session) {
         return {
           addresses: [],
@@ -892,7 +932,7 @@ var EmbeddedProvider = class {
       walletId: this.walletId,
       message: params.message
     });
-    const parsedMessage = (0, import_parsers.parseMessage)(params.message);
+    const parsedMessage = (0, import_parsers2.parseMessage)(params.message);
     const session = await this.storage.getSession();
     const derivationIndex = session?.accountDerivationIndex ?? 0;
     const rawResponse = await this.client.signMessage({
@@ -905,7 +945,37 @@ var EmbeddedProvider = class {
       walletId: this.walletId,
       message: params.message
     });
-    return (0, import_parsers.parseSignMessageResponse)(rawResponse, params.networkId);
+    return (0, import_parsers2.parseSignMessageResponse)(rawResponse, params.networkId);
+  }
+  async signTransaction(params) {
+    if (!this.client || !this.walletId) {
+      throw new Error("Not connected");
+    }
+    await this.ensureValidAuthenticator();
+    this.logger.info("EMBEDDED_PROVIDER", "Signing transaction", {
+      walletId: this.walletId,
+      networkId: params.networkId
+    });
+    const parsedTransaction = await (0, import_parsers2.parseTransactionToBase64Url)(params.transaction, params.networkId);
+    const session = await this.storage.getSession();
+    const derivationIndex = session?.accountDerivationIndex ?? 0;
+    this.logger.log("EMBEDDED_PROVIDER", "Parsed transaction for signing", {
+      walletId: this.walletId,
+      transaction: parsedTransaction,
+      derivationIndex
+    });
+    const rawResponse = await this.client.signTransaction({
+      walletId: this.walletId,
+      transaction: parsedTransaction.base64url,
+      networkId: params.networkId,
+      derivationIndex
+    });
+    this.logger.info("EMBEDDED_PROVIDER", "Transaction signed successfully", {
+      walletId: this.walletId,
+      networkId: params.networkId,
+      rawTransaction: rawResponse.rawTransaction
+    });
+    return await (0, import_parsers2.parseTransactionResponse)(rawResponse.rawTransaction, params.networkId);
   }
   async signAndSendTransaction(params) {
     if (!this.client || !this.walletId) {
@@ -916,7 +986,7 @@ var EmbeddedProvider = class {
       walletId: this.walletId,
       networkId: params.networkId
     });
-    const parsedTransaction = await (0, import_parsers.parseTransactionToBase64Url)(params.transaction, params.networkId);
+    const parsedTransaction = await (0, import_parsers2.parseTransactionToBase64Url)(params.transaction, params.networkId);
     const session = await this.storage.getSession();
     const derivationIndex = session?.accountDerivationIndex ?? 0;
     this.logger.log("EMBEDDED_PROVIDER", "Parsed transaction for signing", {
@@ -936,7 +1006,7 @@ var EmbeddedProvider = class {
       hash: rawResponse.hash,
       rawTransaction: rawResponse.rawTransaction
     });
-    return await (0, import_parsers.parseTransactionResponse)(rawResponse.rawTransaction, params.networkId, rawResponse.hash);
+    return await (0, import_parsers2.parseTransactionResponse)(rawResponse.rawTransaction, params.networkId, rawResponse.hash);
   }
   getAddresses() {
     return this.addresses;
@@ -949,13 +1019,13 @@ var EmbeddedProvider = class {
    * It handles app-wallet creation directly or routes to JWT/redirect authentication for user-wallets.
    * Returns null for redirect flows since they don't complete synchronously.
    */
-  async handleAuthFlow(organizationId, stamperInfo, authOptions, expiresAtMs, username) {
+  async handleAuthFlow(organizationId, stamperInfo, authOptions, expiresInMs, username) {
     if (this.config.embeddedWalletType === "user-wallet") {
       this.logger.info("EMBEDDED_PROVIDER", "Creating user-wallet, routing authentication", {
         authProvider: authOptions?.provider || "phantom-connect"
       });
       if (authOptions?.provider === "jwt") {
-        return await this.handleJWTAuth(organizationId, stamperInfo, authOptions, expiresAtMs, username);
+        return await this.handleJWTAuth(organizationId, stamperInfo, authOptions, expiresInMs, username);
       } else {
         this.logger.info("EMBEDDED_PROVIDER", "Starting redirect-based authentication flow", {
           organizationId,
@@ -971,7 +1041,10 @@ var EmbeddedProvider = class {
       const tempClient = new import_client.PhantomClient(
         {
           apiBaseUrl: this.config.apiBaseUrl,
-          organizationId
+          organizationId,
+          headers: {
+            ...this.platform.analyticsHeaders || {}
+          }
         },
         this.stamper
       );
@@ -992,7 +1065,7 @@ var EmbeddedProvider = class {
         createdAt: now,
         lastUsed: now,
         authenticatorCreatedAt: now,
-        authenticatorExpiresAt: expiresAtMs,
+        authenticatorExpiresAt: Date.now() + expiresInMs,
         lastRenewalAttempt: void 0,
         username
       };
@@ -1005,7 +1078,7 @@ var EmbeddedProvider = class {
    * We use this method to handle JWT-based authentication for user-wallets.
    * It authenticates using the provided JWT token and creates a completed session.
    */
-  async handleJWTAuth(organizationId, stamperInfo, authOptions, expiresAtMs, username) {
+  async handleJWTAuth(organizationId, stamperInfo, authOptions, expiresInMs, username) {
     this.logger.info("EMBEDDED_PROVIDER", "Using JWT authentication flow");
     if (!authOptions.jwtToken) {
       this.logger.error("EMBEDDED_PROVIDER", "JWT token missing for JWT authentication");
@@ -1035,7 +1108,7 @@ var EmbeddedProvider = class {
       createdAt: now,
       lastUsed: now,
       authenticatorCreatedAt: now,
-      authenticatorExpiresAt: expiresAtMs,
+      authenticatorExpiresAt: Date.now() + expiresInMs,
       lastRenewalAttempt: void 0,
       username
     };
@@ -1051,8 +1124,8 @@ var EmbeddedProvider = class {
   async handleRedirectAuth(organizationId, stamperInfo, authOptions, username) {
     this.logger.info("EMBEDDED_PROVIDER", "Using Phantom Connect authentication flow (redirect-based)", {
       provider: authOptions?.provider,
-      hasRedirectUrl: !!this.config.authOptions?.redirectUrl,
-      authUrl: this.config.authOptions?.authUrl
+      hasRedirectUrl: !!this.config.authOptions.redirectUrl,
+      authUrl: this.config.authOptions.authUrl
     });
     const now = Date.now();
     const sessionId = generateSessionId();
@@ -1086,16 +1159,16 @@ var EmbeddedProvider = class {
       parentOrganizationId: this.config.organizationId,
       appId: this.config.appId,
       provider: authOptions?.provider,
-      authUrl: this.config.authOptions?.authUrl
+      authUrl: this.config.authOptions.authUrl
     });
     const authResult = await this.authProvider.authenticate({
       organizationId,
       appId: this.config.appId,
       parentOrganizationId: this.config.organizationId,
       provider: authOptions?.provider,
-      redirectUrl: this.config.authOptions?.redirectUrl,
+      redirectUrl: this.config.authOptions.redirectUrl,
       customAuthData: authOptions?.customAuthData,
-      authUrl: this.config.authOptions?.authUrl,
+      authUrl: this.config.authOptions.authUrl,
       sessionId
     });
     if (authResult && "walletId" in authResult) {
@@ -1190,8 +1263,8 @@ var EmbeddedProvider = class {
         newKeyId: newKeyInfo.keyId,
         newPublicKey: newKeyInfo.publicKey
       });
-      const base64urlPublicKey = (0, import_base64url.base64urlEncode)(import_bs58.default.decode(newKeyInfo.publicKey));
-      const expiresAtMs = Date.now() + AUTHENTICATOR_EXPIRATION_TIME_MS;
+      const base64urlPublicKey = (0, import_base64url2.base64urlEncode)(import_bs582.default.decode(newKeyInfo.publicKey));
+      const expiresInMs = AUTHENTICATOR_EXPIRATION_TIME_MS;
       let authenticatorResult;
       try {
         authenticatorResult = await this.client.createAuthenticator({
@@ -1204,7 +1277,7 @@ var EmbeddedProvider = class {
             publicKey: base64urlPublicKey,
             algorithm: "Ed25519"
             // Commented for now until KMS supports fully expiring organizations
-            // expiresAtMs: expiresAtMs,
+            // expiresInMs: expiresInMs,
           },
           replaceExpirable: true
         });
@@ -1224,12 +1297,12 @@ var EmbeddedProvider = class {
       const now = Date.now();
       session.stamperInfo = newKeyInfo;
       session.authenticatorCreatedAt = now;
-      session.authenticatorExpiresAt = expiresAtMs;
+      session.authenticatorExpiresAt = Date.now() + expiresInMs;
       session.lastRenewalAttempt = now;
       await this.storage.saveSession(session);
       this.logger.info("EMBEDDED_PROVIDER", "Authenticator renewal completed successfully", {
         newKeyId: newKeyInfo.keyId,
-        expiresAt: new Date(expiresAtMs).toISOString()
+        expiresAt: new Date(Date.now() + expiresInMs).toISOString()
       });
     } catch (error) {
       await this.stamper.rollbackRotation();
@@ -1252,7 +1325,10 @@ var EmbeddedProvider = class {
     this.client = new import_client.PhantomClient(
       {
         apiBaseUrl: this.config.apiBaseUrl,
-        organizationId: session.organizationId
+        organizationId: session.organizationId,
+        headers: {
+          ...this.platform.analyticsHeaders || {}
+        }
       },
       this.stamper
     );