@rhinestone/sdk 1.4.2 → 1.5.0

package/dist/src/jwt-server/express.js

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createExpressRouter = createExpressRouter;
+const handlers_1 = require("./handlers");
+function createExpressRouter(config) {
+    // Dynamic import avoidance: we type the router interface manually
+    // so express doesn't need to be installed unless this function is called.
+    // eslint-disable-next-line @typescript-eslint/no-require-imports
+    const { Router } = require('express');
+    const router = Router();
+    const handleAccessToken = (0, handlers_1.createCoreAccessTokenHandler)(config);
+    const handleExtensionToken = (0, handlers_1.createCoreExtensionTokenHandler)(config);
+    router.get('/access-token', async (_req, res) => {
+        const result = await handleAccessToken();
+        res.status(result.status).json(result.body);
+    });
+    router.post('/extension-token', async (req, res) => {
+        const body = req.body;
+        const intentInput = body?.intentInput;
+        const result = await handleExtensionToken(intentInput);
+        res.status(result.status).json(result.body);
+    });
+    return router;
+}

package/dist/src/jwt-server/handlers.d.ts

@@ -0,0 +1,10 @@
+import { type JwtSignerConfig } from './signer';
+export type JwtHandlerConfig = JwtSignerConfig;
+interface HandlerResult {
+    status: number;
+    body: Record<string, unknown>;
+}
+export declare function createCoreAccessTokenHandler(config: JwtHandlerConfig): () => Promise<HandlerResult>;
+export declare function createCoreExtensionTokenHandler(config: JwtHandlerConfig): (intentInput: unknown) => Promise<HandlerResult>;
+export {};
+//# sourceMappingURL=handlers.d.ts.map

package/dist/src/jwt-server/handlers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"handlers.d.ts","sourceRoot":"","sources":["../../../jwt-server/handlers.ts"],"names":[],"mappings":"AAAA,OAAO,EAAmB,KAAK,eAAe,EAAE,MAAM,UAAU,CAAA;AAGhE,MAAM,MAAM,gBAAgB,GAAG,eAAe,CAAA;AAE9C,UAAU,aAAa;IACrB,MAAM,EAAE,MAAM,CAAA;IACd,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CAC9B;AAED,wBAAgB,4BAA4B,CAC1C,MAAM,EAAE,gBAAgB,GACvB,MAAM,OAAO,CAAC,aAAa,CAAC,CAa9B;AAED,wBAAgB,+BAA+B,CAC7C,MAAM,EAAE,gBAAgB,GACvB,CAAC,WAAW,EAAE,OAAO,KAAK,OAAO,CAAC,aAAa,CAAC,CAuBlD"}

package/dist/src/jwt-server/handlers.js

@@ -0,0 +1,41 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createCoreAccessTokenHandler = createCoreAccessTokenHandler;
+exports.createCoreExtensionTokenHandler = createCoreExtensionTokenHandler;
+const signer_1 = require("./signer");
+const sponsorship_1 = require("./sponsorship");
+function createCoreAccessTokenHandler(config) {
+    const signer = (0, signer_1.createJwtSigner)(config);
+    return async () => {
+        try {
+            const token = await signer.accessToken();
+            return { status: 200, body: { token } };
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : 'Internal server error';
+            return { status: 500, body: { error: message } };
+        }
+    };
+}
+function createCoreExtensionTokenHandler(config) {
+    const signer = (0, signer_1.createJwtSigner)(config);
+    return async (intentInput) => {
+        if (intentInput === undefined || intentInput === null) {
+            return {
+                status: 400,
+                body: { error: 'Missing intentInput in request body' },
+            };
+        }
+        try {
+            const token = await signer.getIntentExtensionToken(intentInput);
+            return { status: 200, body: { token } };
+        }
+        catch (error) {
+            if (error instanceof sponsorship_1.SponsorshipDeniedError) {
+                return { status: 403, body: { error: error.message } };
+            }
+            const message = error instanceof Error ? error.message : 'Internal server error';
+            return { status: 500, body: { error: message } };
+        }
+    };
+}

package/dist/src/jwt-server/index.d.ts

@@ -0,0 +1,8 @@
+export { computeIntentInputDigest } from './digest';
+export { createExpressRouter } from './express';
+export type { JwtHandlerConfig } from './handlers';
+export { jcsCanonicalise } from './jcs';
+export { createJwtSigner, type JwtCredentials, type JwtSignerConfig, } from './signer';
+export { SponsorshipDeniedError, type SponsorshipFilter, shouldSponsor, } from './sponsorship';
+export { createAccessTokenHandler, createExtensionTokenHandler, } from './web';
+//# sourceMappingURL=index.d.ts.map

package/dist/src/jwt-server/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../jwt-server/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,wBAAwB,EAAE,MAAM,UAAU,CAAA;AACnD,OAAO,EAAE,mBAAmB,EAAE,MAAM,WAAW,CAAA;AAC/C,YAAY,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAA;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,OAAO,CAAA;AACvC,OAAO,EACL,eAAe,EACf,KAAK,cAAc,EACnB,KAAK,eAAe,GACrB,MAAM,UAAU,CAAA;AACjB,OAAO,EACL,sBAAsB,EACtB,KAAK,iBAAiB,EACtB,aAAa,GACd,MAAM,eAAe,CAAA;AACtB,OAAO,EACL,wBAAwB,EACxB,2BAA2B,GAC5B,MAAM,OAAO,CAAA"}

package/dist/src/jwt-server/index.js

@@ -0,0 +1,18 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createExtensionTokenHandler = exports.createAccessTokenHandler = exports.shouldSponsor = exports.SponsorshipDeniedError = exports.createJwtSigner = exports.jcsCanonicalise = exports.createExpressRouter = exports.computeIntentInputDigest = void 0;
+// biome-ignore lint/performance/noBarrelFile: subpath entry point for @rhinestone/sdk/jwt-server
+var digest_1 = require("./digest");
+Object.defineProperty(exports, "computeIntentInputDigest", { enumerable: true, get: function () { return digest_1.computeIntentInputDigest; } });
+var express_1 = require("./express");
+Object.defineProperty(exports, "createExpressRouter", { enumerable: true, get: function () { return express_1.createExpressRouter; } });
+var jcs_1 = require("./jcs");
+Object.defineProperty(exports, "jcsCanonicalise", { enumerable: true, get: function () { return jcs_1.jcsCanonicalise; } });
+var signer_1 = require("./signer");
+Object.defineProperty(exports, "createJwtSigner", { enumerable: true, get: function () { return signer_1.createJwtSigner; } });
+var sponsorship_1 = require("./sponsorship");
+Object.defineProperty(exports, "SponsorshipDeniedError", { enumerable: true, get: function () { return sponsorship_1.SponsorshipDeniedError; } });
+Object.defineProperty(exports, "shouldSponsor", { enumerable: true, get: function () { return sponsorship_1.shouldSponsor; } });
+var web_1 = require("./web");
+Object.defineProperty(exports, "createAccessTokenHandler", { enumerable: true, get: function () { return web_1.createAccessTokenHandler; } });
+Object.defineProperty(exports, "createExtensionTokenHandler", { enumerable: true, get: function () { return web_1.createExtensionTokenHandler; } });

package/dist/src/jwt-server/jcs.d.ts

@@ -0,0 +1,12 @@
+/**
+ * RFC 8785 JSON Canonicalization Scheme (JCS).
+ *
+ * Produces a deterministic JSON serialization by:
+ * 1. Sorting object keys lexicographically (Unicode code-point order)
+ * 2. Using ES2015+ `JSON.stringify` number serialization (IEEE 754 → shortest round-trip)
+ * 3. No whitespace
+ *
+ * Reference: https://www.rfc-editor.org/rfc/rfc8785
+ */
+export declare function jcsCanonicalise(value: unknown): string;
+//# sourceMappingURL=jcs.d.ts.map

package/dist/src/jwt-server/jcs.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jcs.d.ts","sourceRoot":"","sources":["../../../jwt-server/jcs.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,wBAAgB,eAAe,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,CAEtD"}

package/dist/src/jwt-server/jcs.js

@@ -0,0 +1,60 @@
+"use strict";
+/**
+ * RFC 8785 JSON Canonicalization Scheme (JCS).
+ *
+ * Produces a deterministic JSON serialization by:
+ * 1. Sorting object keys lexicographically (Unicode code-point order)
+ * 2. Using ES2015+ `JSON.stringify` number serialization (IEEE 754 → shortest round-trip)
+ * 3. No whitespace
+ *
+ * Reference: https://www.rfc-editor.org/rfc/rfc8785
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.jcsCanonicalise = jcsCanonicalise;
+function jcsCanonicalise(value) {
+    return serialize(value);
+}
+function serialize(value) {
+    if (value === null || value === undefined) {
+        return 'null';
+    }
+    switch (typeof value) {
+        case 'boolean':
+            return value ? 'true' : 'false';
+        case 'number':
+            if (!Number.isFinite(value)) {
+                throw new Error(`JCS: non-finite number: ${value}`);
+            }
+            // ES2015 Number-to-String satisfies RFC 8785 §3.2.2.3
+            return Object.is(value, -0) ? '0' : String(value);
+        case 'string':
+            return JSON.stringify(value);
+        case 'bigint':
+            // BigInt is not valid JSON; coerce to bare decimal string.
+            // Values above MAX_SAFE_INTEGER are rejected because downstream
+            // JSON parsers using IEEE 754 doubles would silently lose precision,
+            // producing a different digest.
+            if (value > BigInt(Number.MAX_SAFE_INTEGER) ||
+                value < BigInt(-Number.MAX_SAFE_INTEGER)) {
+                throw new Error(`JCS: BigInt ${value} exceeds safe integer range — convert to string before calling`);
+            }
+            return String(value);
+        default:
+            break;
+    }
+    if (Array.isArray(value)) {
+        const items = value.map((item) => serialize(item));
+        return `[${items.join(',')}]`;
+    }
+    // Object — sort keys by Unicode code-point order
+    const obj = value;
+    const keys = Object.keys(obj).sort();
+    const members = [];
+    for (const key of keys) {
+        const v = obj[key];
+        if (v === undefined)
+            continue; // skip undefined properties
+        members.push(`${JSON.stringify(key)}:${serialize(v)}`);
+    }
+    return `{${members.join(',')}}`;
+}

package/dist/src/jwt-server/signer.d.ts

@@ -0,0 +1,18 @@
+import { type SponsorshipFilter } from './sponsorship';
+export interface JwtCredentials {
+    privateKey: JsonWebKey;
+    integratorId: string;
+    projectId: string;
+    appId: string;
+    keyId: string;
+    audience?: string;
+}
+export interface JwtSignerConfig {
+    jwt: JwtCredentials;
+    shouldSponsor?: SponsorshipFilter;
+}
+export declare function createJwtSigner(config: JwtSignerConfig): {
+    accessToken: () => Promise<string>;
+    getIntentExtensionToken: (intentInput: unknown) => Promise<string>;
+};
+//# sourceMappingURL=signer.d.ts.map

package/dist/src/jwt-server/signer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"signer.d.ts","sourceRoot":"","sources":["../../../jwt-server/signer.ts"],"names":[],"mappings":"AAEA,OAAO,EAGL,KAAK,iBAAiB,EACvB,MAAM,eAAe,CAAA;AAEtB,MAAM,WAAW,cAAc;IAC7B,UAAU,EAAE,UAAU,CAAA;IACtB,YAAY,EAAE,MAAM,CAAA;IACpB,SAAS,EAAE,MAAM,CAAA;IACjB,KAAK,EAAE,MAAM,CAAA;IACb,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,CAAC,EAAE,MAAM,CAAA;CAClB;AAED,MAAM,WAAW,eAAe;IAC9B,GAAG,EAAE,cAAc,CAAA;IACnB,aAAa,CAAC,EAAE,iBAAiB,CAAA;CAClC;AAeD,wBAAgB,eAAe,CAAC,MAAM,EAAE,eAAe,GAAG;IACxD,WAAW,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,CAAA;IAClC,uBAAuB,EAAE,CAAC,WAAW,EAAE,OAAO,KAAK,OAAO,CAAC,MAAM,CAAC,CAAA;CACnE,CAoEA"}

package/dist/src/jwt-server/signer.js

@@ -0,0 +1,71 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createJwtSigner = createJwtSigner;
+const jose_1 = require("jose");
+const digest_1 = require("./digest");
+const sponsorship_1 = require("./sponsorship");
+function pickAlg(jwk) {
+    if (jwk.kty === 'EC') {
+        if (jwk.crv === 'P-256')
+            return 'ES256';
+        if (jwk.crv === 'P-384')
+            return 'ES384';
+        if (jwk.crv === 'P-521')
+            return 'ES512';
+        throw new Error(`Unsupported EC curve: ${jwk.crv}`);
+    }
+    if (jwk.kty === 'RSA')
+        return 'RS256';
+    throw new Error(`Unsupported JWK kty: ${jwk.kty}`);
+}
+function createJwtSigner(config) {
+    const { jwt: { privateKey, integratorId, projectId, appId, keyId, audience = 'rhinestone-api', }, shouldSponsor: filters, } = config;
+    const alg = pickAlg(privateKey);
+    let cachedKey = null;
+    async function getKey() {
+        if (!cachedKey) {
+            cachedKey = (await (0, jose_1.importJWK)(privateKey, alg));
+        }
+        return cachedKey;
+    }
+    async function accessToken() {
+        const key = await getKey();
+        return new jose_1.SignJWT({ typ: 'access', app_id: appId })
+            .setProtectedHeader({ alg, kid: keyId })
+            .setIssuer(integratorId)
+            .setSubject(projectId)
+            .setAudience(audience)
+            .setIssuedAt()
+            .setExpirationTime('1h')
+            .sign(key);
+    }
+    async function getIntentExtensionToken(intentInput) {
+        if (filters) {
+            const allowed = await (0, sponsorship_1.shouldSponsor)(intentInput, filters);
+            if (!allowed) {
+                throw new sponsorship_1.SponsorshipDeniedError();
+            }
+        }
+        const key = await getKey();
+        const digest = await (0, digest_1.computeIntentInputDigest)(intentInput);
+        return new jose_1.SignJWT({
+            typ: 'intent_extension',
+            app_id: appId,
+            jti: crypto.randomUUID(),
+            policy: {
+                sponsorship: {
+                    scope: 'intent',
+                    intent_input: { digest },
+                },
+            },
+        })
+            .setProtectedHeader({ alg, kid: keyId })
+            .setIssuer(integratorId)
+            .setSubject(projectId)
+            .setAudience(audience)
+            .setIssuedAt()
+            .setExpirationTime('5m')
+            .sign(key);
+    }
+    return { accessToken, getIntentExtensionToken };
+}

package/dist/src/jwt-server/sponsorship.d.ts

@@ -0,0 +1,19 @@
+import type { Address, Hex } from 'viem';
+export declare class SponsorshipDeniedError extends Error {
+    constructor();
+}
+type MaybeAsync<T> = T | Promise<T>;
+export interface SponsorshipFilter {
+    chain?: (chain: {
+        id: number;
+    }) => MaybeAsync<boolean>;
+    account?: (address: Address) => MaybeAsync<boolean>;
+    calls?: (calls: {
+        to: Address;
+        value: bigint;
+        data: Hex;
+    }[]) => MaybeAsync<boolean>;
+}
+export declare function shouldSponsor(intentInput: unknown, filters: SponsorshipFilter): Promise<boolean>;
+export {};
+//# sourceMappingURL=sponsorship.d.ts.map

package/dist/src/jwt-server/sponsorship.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sponsorship.d.ts","sourceRoot":"","sources":["../../../jwt-server/sponsorship.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,MAAM,MAAM,CAAA;AAExC,qBAAa,sBAAuB,SAAQ,KAAK;;CAKhD;AAED,KAAK,UAAU,CAAC,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAA;AAEnC,MAAM,WAAW,iBAAiB;IAChC,KAAK,CAAC,EAAE,CAAC,KAAK,EAAE;QAAE,EAAE,EAAE,MAAM,CAAA;KAAE,KAAK,UAAU,CAAC,OAAO,CAAC,CAAA;IACtD,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,UAAU,CAAC,OAAO,CAAC,CAAA;IACnD,KAAK,CAAC,EAAE,CACN,KAAK,EAAE;QAAE,EAAE,EAAE,OAAO,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,GAAG,CAAA;KAAE,EAAE,KAC/C,UAAU,CAAC,OAAO,CAAC,CAAA;CACzB;AAiDD,wBAAsB,aAAa,CACjC,WAAW,EAAE,OAAO,EACpB,OAAO,EAAE,iBAAiB,GACzB,OAAO,CAAC,OAAO,CAAC,CAclB"}

package/dist/src/jwt-server/sponsorship.js

@@ -0,0 +1,56 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SponsorshipDeniedError = void 0;
+exports.shouldSponsor = shouldSponsor;
+class SponsorshipDeniedError extends Error {
+    constructor() {
+        super('Sponsorship denied');
+        this.name = 'SponsorshipDeniedError';
+    }
+}
+exports.SponsorshipDeniedError = SponsorshipDeniedError;
+function parseIntentInput(intentInput) {
+    if (typeof intentInput !== 'object' || intentInput === null) {
+        throw new Error('intentInput must be a non-null object');
+    }
+    const input = intentInput;
+    const chainId = input.destinationChainId;
+    if (typeof chainId !== 'number') {
+        throw new Error('intentInput.destinationChainId must be a number');
+    }
+    const account = input.account;
+    if (typeof account !== 'object' || account === null) {
+        throw new Error('intentInput.account must be a non-null object');
+    }
+    const address = account.address;
+    if (typeof address !== 'string') {
+        throw new Error('intentInput.account.address must be a string');
+    }
+    const executions = input.destinationExecutions;
+    if (!Array.isArray(executions)) {
+        throw new Error('intentInput.destinationExecutions must be an array');
+    }
+    const calls = executions.map((exec) => ({
+        to: exec.to,
+        value: BigInt(exec.value),
+        data: exec.data,
+    }));
+    return {
+        chain: { id: chainId },
+        account: address,
+        calls,
+    };
+}
+async function shouldSponsor(intentInput, filters) {
+    const parsed = parseIntentInput(intentInput);
+    if (filters.chain && !(await filters.chain(parsed.chain))) {
+        return false;
+    }
+    if (filters.account && !(await filters.account(parsed.account))) {
+        return false;
+    }
+    if (filters.calls && !(await filters.calls(parsed.calls))) {
+        return false;
+    }
+    return true;
+}

package/dist/src/jwt-server/web.d.ts

@@ -0,0 +1,4 @@
+import { type JwtHandlerConfig } from './handlers';
+export declare function createAccessTokenHandler(config: JwtHandlerConfig): (req: Request) => Promise<Response>;
+export declare function createExtensionTokenHandler(config: JwtHandlerConfig): (req: Request) => Promise<Response>;
+//# sourceMappingURL=web.d.ts.map

package/dist/src/jwt-server/web.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"web.d.ts","sourceRoot":"","sources":["../../../jwt-server/web.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,KAAK,gBAAgB,EACtB,MAAM,YAAY,CAAA;AAEnB,wBAAgB,wBAAwB,CACtC,MAAM,EAAE,gBAAgB,GACvB,CAAC,GAAG,EAAE,OAAO,KAAK,OAAO,CAAC,QAAQ,CAAC,CAOrC;AAED,wBAAgB,2BAA2B,CACzC,MAAM,EAAE,gBAAgB,GACvB,CAAC,GAAG,EAAE,OAAO,KAAK,OAAO,CAAC,QAAQ,CAAC,CAerC"}

package/dist/src/jwt-server/web.js

@@ -0,0 +1,27 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createAccessTokenHandler = createAccessTokenHandler;
+exports.createExtensionTokenHandler = createExtensionTokenHandler;
+const handlers_1 = require("./handlers");
+function createAccessTokenHandler(config) {
+    const handle = (0, handlers_1.createCoreAccessTokenHandler)(config);
+    return async () => {
+        const result = await handle();
+        return Response.json(result.body, { status: result.status });
+    };
+}
+function createExtensionTokenHandler(config) {
+    const handle = (0, handlers_1.createCoreExtensionTokenHandler)(config);
+    return async (req) => {
+        let intentInput;
+        try {
+            const body = await req.json();
+            intentInput = body.intentInput;
+        }
+        catch {
+            return Response.json({ error: 'Invalid JSON body' }, { status: 400 });
+        }
+        const result = await handle(intentInput);
+        return Response.json(result.body, { status: result.status });
+    };
+}

package/dist/src/modules/validators/smart-sessions.d.ts

@@ -203,7 +203,7 @@ declare function getSmartSessionValidator(config: RhinestoneConfig): Module | nu
  * The orchestrator slices off the first 20 bytes to identify the validator, then
  * simulates verifyExecution with the mock emissary to estimate gas before the user signs.
  */
-declare function buildMockSignature(session: Session, useDevContracts?: boolean, chainCount?: number): Hex;
+declare function buildMockSignature(session: Session, useDevContracts?: boolean, chainCount?: number, targetChainId?: number): Hex;
 export { SMART_SESSION_EMISSARY_ADDRESS, SMART_SESSION_EMISSARY_ADDRESS_DEV, SMART_SESSIONS_FALLBACK_TARGET_FLAG, SMART_SESSIONS_FALLBACK_TARGET_SELECTOR_FLAG, SMART_SESSIONS_FALLBACK_TARGET_SELECTOR_FLAG_PERMITTED_TO_CALL_SMARTSESSION, DUMMY_PRECLAIMOP_TARGET, DUMMY_PRECLAIMOP_SELECTOR, SPENDING_LIMITS_POLICY_ADDRESS, TIME_FRAME_POLICY_ADDRESS, SUDO_POLICY_ADDRESS, UNIVERSAL_ACTION_POLICY_ADDRESS, USAGE_LIMIT_POLICY_ADDRESS, VALUE_LIMIT_POLICY_ADDRESS, INTENT_EXECUTION_POLICY_ADDRESS, packSignature, getSessionData, getPolicyData, getEnableSessionCall, getPermissionId, getSmartSessionValidator, getSessionDetails, isSessionEnabled, signEnableSession, buildMockSignature, };
 export type { ChainSession, ChainDigest, ResolvedSessionSignerSet, SessionData, SmartSessionModeType, SessionDetails, };
 //# sourceMappingURL=smart-sessions.d.ts.map

package/dist/src/modules/validators/smart-sessions.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"smart-sessions.d.ts","sourceRoot":"","sources":["../../../../modules/validators/smart-sessions.ts"],"names":[],"mappings":"AACA,OAAO,EACL,KAAK,OAAO,EAMZ,KAAK,GAAG,EAOR,KAAK,mBAAmB,EAKzB,MAAM,MAAM,CAAA;AAcb,OAAO,KAAK,EAEV,MAAM,EACN,cAAc,EACd,uBAAuB,EACvB,gBAAgB,EAChB,OAAO,EACP,iBAAiB,EAElB,MAAM,aAAa,CAAA;AAEpB,OAAO,EAA4B,KAAK,MAAM,EAAE,MAAM,WAAW,CAAA;AACjE,OAAO,EAGL,8BAA8B,EAC9B,kCAAkC,EACnC,MAAM,QAAQ,CAAA;AAYf,UAAU,WAAW;IACnB,gBAAgB,EAAE,OAAO,CAAA;IACzB,wBAAwB,EAAE,GAAG,CAAA;IAC7B,IAAI,EAAE,GAAG,CAAA;IACT,eAAe,EAAE;QACf,qBAAqB,EAAE,SAAS,qBAAqB,EAAE,CAAA;QACvD,eAAe,EAAE,SAAS,aAAa,EAAE,CAAA;KAC1C,CAAA;IACD,OAAO,EAAE,SAAS,UAAU,EAAE,CAAA;IAC9B,aAAa,EAAE,SAAS,UAAU,EAAE,CAAA;CACrC;AAED,UAAU,aAAa;IACrB,MAAM,EAAE,OAAO,CAAA;IACf,QAAQ,EAAE,GAAG,CAAA;CACd;AAED,UAAU,qBAAqB;IAC7B,kBAAkB,EAAE,GAAG,CAAA;IACvB,YAAY,EAAE,SAAS,MAAM,EAAE,CAAA;CAChC;AAED,UAAU,UAAU;IAClB,oBAAoB,EAAE,GAAG,CAAA;IACzB,YAAY,EAAE,OAAO,CAAA;IACrB,cAAc,EAAE,SAAS,UAAU,EAAE,CAAA;CACtC;AAED,UAAU,UAAU;IAClB,MAAM,EAAE,OAAO,CAAA;IACf,QAAQ,EAAE,GAAG,CAAA;CACd;AAaD,KAAK,oBAAoB,GACrB,OAAO,sBAAsB,GAC7B,OAAO,yBAAyB,CAAA;AAEpC,UAAU,WAAW;IACnB,OAAO,EAAE,MAAM,CAAA;IACf,aAAa,EAAE,GAAG,CAAA;CACnB;AAED,UAAU,iBAAiB;IACzB,mBAAmB,EAAE,OAAO,CAAA;IAC5B,iBAAiB,EAAE,OAAO,CAAA;IAC1B,0BAA0B,EAAE,OAAO,CAAA;IACnC,sBAAsB,EAAE,OAAO,CAAA;IAC/B,cAAc,EAAE,SAAS,UAAU,EAAE,CAAA;IACrC,eAAe,EAAE,WAAW,CAAA;IAC5B,OAAO,EAAE,SAAS,UAAU,EAAE,CAAA;CAC/B;AAED,UAAU,aAAa;IACrB,OAAO,EAAE,OAAO,CAAA;IAChB,WAAW,EAAE,iBAAiB,CAAA;IAC9B,gBAAgB,EAAE,OAAO,CAAA;IACzB,wBAAwB,EAAE,GAAG,CAAA;IAC7B,IAAI,EAAE,GAAG,CAAA;IACT,YAAY,EAAE,OAAO,CAAA;IACrB,KAAK,EAAE,MAAM,CAAA;CACd;AAED,UAAU,YAAY;IACpB,OAAO,EAAE,MAAM,CAAA;IACf,OAAO,EAAE,aAAa,CAAA;CACvB;AAED,UAAU,WAAW;IACnB,qBAAqB,EAAE,SAAS,cAAc,EAAE,CAAA;IAChD,eAAe,EAAE,SAAS,UAAU,EAAE,CAAA;CACvC;AAED,UAAU,cAAc;IACtB,kBAAkB,EAAE,GAAG,CAAA;IACvB,WAAW,EAAE,SAAS,MAAM,EAAE,CAAA;CAC/B;AAED,UAAU,cAAc;IACtB,MAAM,EAAE,MAAM,EAAE,CAAA;IAChB,iBAAiB,EAAE,WAAW,EAAE,CAAA;IAChC,IAAI,EAAE,mBAAmB,CAAC,OAAO,KAAK,EAAE,mBAAmB,CAAC,CAAA;CAC7D;AAED,QAAA,MAAM,KAAK;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA2CD,CAAA;AAEV,QAAA,MAAM,sBAAsB,SAAS,CAAA;AACrC,QAAA,MAAM,yBAAyB,SAAS,CAAA;AAExC,QAAA,MAAM,mCAAmC,EAAE,OACG,CAAA;AAC9C,QAAA,MAAM,4CAA4C,EAAE,GAAkB,CAAA;AACtE,QAAA,MAAM,2EAA2E,EAAE,GACrE,CAAA;AASd,QAAA,MAAM,uBAAuB,EAAE,OACe,CAAA;AAC9C,QAAA,MAAM,yBAAyB,EAAE,GAAkB,CAAA;AAEnD,QAAA,MAAM,8BAA8B,EAAE,OACQ,CAAA;AAC9C,QAAA,MAAM,yBAAyB,EAAE,OACa,CAAA;AAC9C,QAAA,MAAM,mBAAmB,EAAE,OACmB,CAAA;AAC9C,QAAA,MAAM,+BAA+B,EAAE,OACO,CAAA;AAC9C,QAAA,MAAM,0BAA0B,EAAE,OACY,CAAA;AAC9C,QAAA,MAAM,0BAA0B,EAAE,OACY,CAAA;AAC9C,QAAA,MAAM,+BAA+B,EAAE,OACO,CAAA;AAY9C,UAAU,wBAAwB;IAChC,IAAI,EAAE,sBAAsB,CAAA;IAC5B,OAAO,EAAE,OAAO,CAAA;IAChB,UAAU,CAAC,EAAE,iBAAiB,CAAA;IAC9B,gBAAgB,EAAE,OAAO,CAAA;IACzB,eAAe,CAAC,EAAE,GAAG,CAAA;CACtB;AAED,iBAAS,aAAa,CACpB,OAAO,EAAE,wBAAwB,EACjC,kBAAkB,EAAE,GAAG,GACtB,GAAG,CA4JL;AAED,iBAAe,iBAAiB,CAC9B,OAAO,EAAE,OAAO,EAChB,QAAQ,EAAE,OAAO,EAAE,EACnB,QAAQ,EAAE,cAAc,GAAG,SAAS,EACpC,eAAe,CAAC,EAAE,OAAO,GACxB,OAAO,CAAC,cAAc,CAAC,CAiDzB;AAED,iBAAe,gBAAgB,CAC7B,OAAO,EAAE,OAAO,EAChB,QAAQ,EAAE,cAAc,GAAG,SAAS,EACpC,OAAO,EAAE,OAAO,EAChB,eAAe,CAAC,EAAE,OAAO,GACxB,OAAO,CAAC,OAAO,CAAC,CAuBlB;AAED,iBAAe,iBAAiB,CAC9B,MAAM,EAAE,uBAAuB,EAC/B,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,GAAG,CAAC,CAyBd;AAwED,iBAAe,oBAAoB,CACjC,OAAO,EAAE,OAAO,EAChB,OAAO,EAAE,OAAO,EAChB,sBAAsB,EAAE,GAAG,EAC3B,iBAAiB,EAAE;IACjB,OAAO,EAAE,MAAM,CAAA;IACf,aAAa,EAAE,GAAG,CAAA;CACnB,EAAE,EACH,oBAAoB,EAAE,MAAM,EAC5B,eAAe,CAAC,EAAE,OAAO;;;GA8B1B;AAED,iBAAS,cAAc,CACrB,OAAO,EAAE,OAAO,EAChB,eAAe,CAAC,EAAE,OAAO,GACxB,WAAW,CA6Fb;AAED,iBAAS,eAAe,CAAC,OAAO,EAAE,OAAO,iBAyBxC;AAED,iBAAS,aAAa,CAAC,MAAM,EAAE,MAAM,EAAE,eAAe,CAAC,EAAE,OAAO,GAAG,UAAU,CA0K5E;AAED,iBAAS,wBAAwB,CAAC,MAAM,EAAE,gBAAgB,GAAG,MAAM,GAAG,IAAI,CAezE;AAQD;;;;;;;GAOG;AACH,iBAAS,kBAAkB,CACzB,OAAO,EAAE,OAAO,EAChB,eAAe,CAAC,EAAE,OAAO,EACzB,UAAU,GAAE,MAAU,GACrB,GAAG,CAyBL;AASD,OAAO,EACL,8BAA8B,EAC9B,kCAAkC,EAClC,mCAAmC,EACnC,4CAA4C,EAC5C,2EAA2E,EAC3E,uBAAuB,EACvB,yBAAyB,EACzB,8BAA8B,EAC9B,yBAAyB,EACzB,mBAAmB,EACnB,+BAA+B,EAC/B,0BAA0B,EAC1B,0BAA0B,EAC1B,+BAA+B,EAC/B,aAAa,EACb,cAAc,EACd,aAAa,EACb,oBAAoB,EACpB,eAAe,EACf,wBAAwB,EACxB,iBAAiB,EACjB,gBAAgB,EAChB,iBAAiB,EACjB,kBAAkB,GACnB,CAAA;AACD,YAAY,EACV,YAAY,EACZ,WAAW,EACX,wBAAwB,EACxB,WAAW,EACX,oBAAoB,EACpB,cAAc,GACf,CAAA"}
+{"version":3,"file":"smart-sessions.d.ts","sourceRoot":"","sources":["../../../../modules/validators/smart-sessions.ts"],"names":[],"mappings":"AACA,OAAO,EACL,KAAK,OAAO,EAMZ,KAAK,GAAG,EAOR,KAAK,mBAAmB,EAKzB,MAAM,MAAM,CAAA;AAcb,OAAO,KAAK,EAEV,MAAM,EACN,cAAc,EACd,uBAAuB,EACvB,gBAAgB,EAChB,OAAO,EACP,iBAAiB,EAElB,MAAM,aAAa,CAAA;AAEpB,OAAO,EAA4B,KAAK,MAAM,EAAE,MAAM,WAAW,CAAA;AACjE,OAAO,EAGL,8BAA8B,EAC9B,kCAAkC,EACnC,MAAM,QAAQ,CAAA;AAYf,UAAU,WAAW;IACnB,gBAAgB,EAAE,OAAO,CAAA;IACzB,wBAAwB,EAAE,GAAG,CAAA;IAC7B,IAAI,EAAE,GAAG,CAAA;IACT,eAAe,EAAE;QACf,qBAAqB,EAAE,SAAS,qBAAqB,EAAE,CAAA;QACvD,eAAe,EAAE,SAAS,aAAa,EAAE,CAAA;KAC1C,CAAA;IACD,OAAO,EAAE,SAAS,UAAU,EAAE,CAAA;IAC9B,aAAa,EAAE,SAAS,UAAU,EAAE,CAAA;CACrC;AAED,UAAU,aAAa;IACrB,MAAM,EAAE,OAAO,CAAA;IACf,QAAQ,EAAE,GAAG,CAAA;CACd;AAED,UAAU,qBAAqB;IAC7B,kBAAkB,EAAE,GAAG,CAAA;IACvB,YAAY,EAAE,SAAS,MAAM,EAAE,CAAA;CAChC;AAED,UAAU,UAAU;IAClB,oBAAoB,EAAE,GAAG,CAAA;IACzB,YAAY,EAAE,OAAO,CAAA;IACrB,cAAc,EAAE,SAAS,UAAU,EAAE,CAAA;CACtC;AAED,UAAU,UAAU;IAClB,MAAM,EAAE,OAAO,CAAA;IACf,QAAQ,EAAE,GAAG,CAAA;CACd;AAaD,KAAK,oBAAoB,GACrB,OAAO,sBAAsB,GAC7B,OAAO,yBAAyB,CAAA;AAEpC,UAAU,WAAW;IACnB,OAAO,EAAE,MAAM,CAAA;IACf,aAAa,EAAE,GAAG,CAAA;CACnB;AAED,UAAU,iBAAiB;IACzB,mBAAmB,EAAE,OAAO,CAAA;IAC5B,iBAAiB,EAAE,OAAO,CAAA;IAC1B,0BAA0B,EAAE,OAAO,CAAA;IACnC,sBAAsB,EAAE,OAAO,CAAA;IAC/B,cAAc,EAAE,SAAS,UAAU,EAAE,CAAA;IACrC,eAAe,EAAE,WAAW,CAAA;IAC5B,OAAO,EAAE,SAAS,UAAU,EAAE,CAAA;CAC/B;AAED,UAAU,aAAa;IACrB,OAAO,EAAE,OAAO,CAAA;IAChB,WAAW,EAAE,iBAAiB,CAAA;IAC9B,gBAAgB,EAAE,OAAO,CAAA;IACzB,wBAAwB,EAAE,GAAG,CAAA;IAC7B,IAAI,EAAE,GAAG,CAAA;IACT,YAAY,EAAE,OAAO,CAAA;IACrB,KAAK,EAAE,MAAM,CAAA;CACd;AAED,UAAU,YAAY;IACpB,OAAO,EAAE,MAAM,CAAA;IACf,OAAO,EAAE,aAAa,CAAA;CACvB;AAED,UAAU,WAAW;IACnB,qBAAqB,EAAE,SAAS,cAAc,EAAE,CAAA;IAChD,eAAe,EAAE,SAAS,UAAU,EAAE,CAAA;CACvC;AAED,UAAU,cAAc;IACtB,kBAAkB,EAAE,GAAG,CAAA;IACvB,WAAW,EAAE,SAAS,MAAM,EAAE,CAAA;CAC/B;AAED,UAAU,cAAc;IACtB,MAAM,EAAE,MAAM,EAAE,CAAA;IAChB,iBAAiB,EAAE,WAAW,EAAE,CAAA;IAChC,IAAI,EAAE,mBAAmB,CAAC,OAAO,KAAK,EAAE,mBAAmB,CAAC,CAAA;CAC7D;AAED,QAAA,MAAM,KAAK;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA2CD,CAAA;AAEV,QAAA,MAAM,sBAAsB,SAAS,CAAA;AACrC,QAAA,MAAM,yBAAyB,SAAS,CAAA;AAExC,QAAA,MAAM,mCAAmC,EAAE,OACG,CAAA;AAC9C,QAAA,MAAM,4CAA4C,EAAE,GAAkB,CAAA;AACtE,QAAA,MAAM,2EAA2E,EAAE,GACrE,CAAA;AASd,QAAA,MAAM,uBAAuB,EAAE,OACe,CAAA;AAC9C,QAAA,MAAM,yBAAyB,EAAE,GAAkB,CAAA;AAEnD,QAAA,MAAM,8BAA8B,EAAE,OACQ,CAAA;AAC9C,QAAA,MAAM,yBAAyB,EAAE,OACa,CAAA;AAC9C,QAAA,MAAM,mBAAmB,EAAE,OACmB,CAAA;AAC9C,QAAA,MAAM,+BAA+B,EAAE,OACO,CAAA;AAC9C,QAAA,MAAM,0BAA0B,EAAE,OACY,CAAA;AAC9C,QAAA,MAAM,0BAA0B,EAAE,OACY,CAAA;AAC9C,QAAA,MAAM,+BAA+B,EAAE,OACO,CAAA;AAY9C,UAAU,wBAAwB;IAChC,IAAI,EAAE,sBAAsB,CAAA;IAC5B,OAAO,EAAE,OAAO,CAAA;IAChB,UAAU,CAAC,EAAE,iBAAiB,CAAA;IAC9B,gBAAgB,EAAE,OAAO,CAAA;IACzB,eAAe,CAAC,EAAE,GAAG,CAAA;CACtB;AAED,iBAAS,aAAa,CACpB,OAAO,EAAE,wBAAwB,EACjC,kBAAkB,EAAE,GAAG,GACtB,GAAG,CA4JL;AAED,iBAAe,iBAAiB,CAC9B,OAAO,EAAE,OAAO,EAChB,QAAQ,EAAE,OAAO,EAAE,EACnB,QAAQ,EAAE,cAAc,GAAG,SAAS,EACpC,eAAe,CAAC,EAAE,OAAO,GACxB,OAAO,CAAC,cAAc,CAAC,CAiDzB;AAED,iBAAe,gBAAgB,CAC7B,OAAO,EAAE,OAAO,EAChB,QAAQ,EAAE,cAAc,GAAG,SAAS,EACpC,OAAO,EAAE,OAAO,EAChB,eAAe,CAAC,EAAE,OAAO,GACxB,OAAO,CAAC,OAAO,CAAC,CAuBlB;AAED,iBAAe,iBAAiB,CAC9B,MAAM,EAAE,uBAAuB,EAC/B,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,GAAG,CAAC,CAyBd;AAwED,iBAAe,oBAAoB,CACjC,OAAO,EAAE,OAAO,EAChB,OAAO,EAAE,OAAO,EAChB,sBAAsB,EAAE,GAAG,EAC3B,iBAAiB,EAAE;IACjB,OAAO,EAAE,MAAM,CAAA;IACf,aAAa,EAAE,GAAG,CAAA;CACnB,EAAE,EACH,oBAAoB,EAAE,MAAM,EAC5B,eAAe,CAAC,EAAE,OAAO;;;GA8B1B;AAED,iBAAS,cAAc,CACrB,OAAO,EAAE,OAAO,EAChB,eAAe,CAAC,EAAE,OAAO,GACxB,WAAW,CA6Fb;AAED,iBAAS,eAAe,CAAC,OAAO,EAAE,OAAO,iBAyBxC;AAED,iBAAS,aAAa,CAAC,MAAM,EAAE,MAAM,EAAE,eAAe,CAAC,EAAE,OAAO,GAAG,UAAU,CA0K5E;AAED,iBAAS,wBAAwB,CAAC,MAAM,EAAE,gBAAgB,GAAG,MAAM,GAAG,IAAI,CAezE;AAQD;;;;;;;GAOG;AACH,iBAAS,kBAAkB,CACzB,OAAO,EAAE,OAAO,EAChB,eAAe,CAAC,EAAE,OAAO,EACzB,UAAU,GAAE,MAAU,EACtB,aAAa,CAAC,EAAE,MAAM,GACrB,GAAG,CAgCL;AASD,OAAO,EACL,8BAA8B,EAC9B,kCAAkC,EAClC,mCAAmC,EACnC,4CAA4C,EAC5C,2EAA2E,EAC3E,uBAAuB,EACvB,yBAAyB,EACzB,8BAA8B,EAC9B,yBAAyB,EACzB,mBAAmB,EACnB,+BAA+B,EAC/B,0BAA0B,EAC1B,0BAA0B,EAC1B,+BAA+B,EAC/B,aAAa,EACb,cAAc,EACd,aAAa,EACb,oBAAoB,EACpB,eAAe,EACf,wBAAwB,EACxB,iBAAiB,EACjB,gBAAgB,EAChB,iBAAiB,EACjB,kBAAkB,GACnB,CAAA;AACD,YAAY,EACV,YAAY,EACZ,WAAW,EACX,wBAAwB,EACxB,WAAW,EACX,oBAAoB,EACpB,cAAc,GACf,CAAA"}

package/dist/src/modules/validators/smart-sessions.js

@@ -712,13 +712,22 @@ function getSmartSessionEmissaryAddress(useDevContracts) {
  * The orchestrator slices off the first 20 bytes to identify the validator, then
  * simulates verifyExecution with the mock emissary to estimate gas before the user signs.
  */
-function buildMockSignature(session, useDevContracts, chainCount = 1) {
+function buildMockSignature(session, useDevContracts, chainCount = 1, targetChainId) {
     const emissaryAddress = getSmartSessionEmissaryAddress(useDevContracts);
+    // Use targetChainId when provided (per-chain mockSignatures path) so the
+    // mock emissary's chainId check passes on the correct chain. Falls back to
+    // session.chain.id for the global mockSignature (single-chain path).
+    const primaryChainId = targetChainId ?? session.chain.id;
+    // Normalize chainCount to a finite positive integer. Guards against
+    // accidental NaN/undefined from caller (e.g. `sourceChains?.length` when
+    // sourceChains is undefined) which would otherwise make Array.from produce
+    // an empty array and silently drop the ChainId check.
+    const safeChainCount = Number.isFinite(chainCount) && chainCount > 0 ? Math.floor(chainCount) : 1;
     // Build one entry per chain — first entry is the real chain ID (for the ChainId check),
     // remaining entries use chainId 0 as placeholders. Hash mismatch is skipped by the
     // mock emissary, so sessionDigest can be zeroHash throughout.
-    const hashesAndChainIds = Array.from({ length: Math.max(1, chainCount) }, (_, i) => ({
-        chainId: i === 0 ? BigInt(session.chain.id) : 0n,
+    const hashesAndChainIds = Array.from({ length: safeChainCount }, (_, i) => ({
+        chainId: i === 0 ? BigInt(primaryChainId) : 0n,
         sessionDigest: viem_1.zeroHash,
     }));
     const dummySigners = {

package/dist/src/orchestrator/client.d.ts

@@ -1,10 +1,11 @@
 import type { Address } from 'viem';
+import type { AuthProvider } from '../auth/provider';
 import type { IntentInput, IntentOpStatus, IntentResult, IntentRoute, Portfolio, SignedIntentOp, SplitIntentsInput, SplitIntentsResult } from './types';
 export declare class Orchestrator {
     private serverUrl;
-    private apiKey?;
-    private headers?;
-    constructor(serverUrl: string, apiKey?: string, headers?: Record<string, string>);
+    private authProvider;
+    private extraHeaders?;
+    constructor(serverUrl: string, authProvider: AuthProvider, headers?: Record<string, string>);
     getPortfolio(userAddress: Address, filter?: {
         chainIds?: number[];
         tokens?: {
@@ -13,9 +14,13 @@ export declare class Orchestrator {
     }): Promise<Portfolio>;
     getIntentRoute(input: IntentInput): Promise<IntentRoute>;
     splitIntents(input: SplitIntentsInput): Promise<SplitIntentsResult>;
-    submitIntent(signedIntentOpUnformatted: SignedIntentOp, dryRun: boolean): Promise<IntentResult>;
+    submitIntent(signedIntentOpUnformatted: SignedIntentOp, dryRun: boolean, policyContext?: {
+        intentInput: unknown;
+        isSponsored: boolean;
+    }): Promise<IntentResult>;
     getIntentOpStatus(intentId: bigint): Promise<IntentOpStatus>;
     private getHeaders;
+    private getSubmitHeaders;
     private fetch;
     private parseError;
     private parseErrorMessage;

package/dist/src/orchestrator/client.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../../orchestrator/client.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,MAAM,CAAA;AA2BnC,OAAO,KAAK,EACV,WAAW,EACX,cAAc,EACd,YAAY,EACZ,WAAW,EACX,SAAS,EAET,cAAc,EACd,iBAAiB,EACjB,kBAAkB,EACnB,MAAM,SAAS,CAAA;AAchB,qBAAa,YAAY;IACvB,OAAO,CAAC,SAAS,CAAQ;IACzB,OAAO,CAAC,MAAM,CAAC,CAAQ;IACvB,OAAO,CAAC,OAAO,CAAC,CAAwB;gBAGtC,SAAS,EAAE,MAAM,EACjB,MAAM,CAAC,EAAE,MAAM,EACf,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC;IAO5B,YAAY,CAChB,WAAW,EAAE,OAAO,EACpB,MAAM,CAAC,EAAE;QACP,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAA;QACnB,MAAM,CAAC,EAAE;YACP,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,EAAE,CAAA;SAC7B,CAAA;KACF,GACA,OAAO,CAAC,SAAS,CAAC;IA+Cf,cAAc,CAAC,KAAK,EAAE,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;IASxD,YAAY,CAAC,KAAK,EAAE,iBAAiB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAwDnE,YAAY,CAChB,yBAAyB,EAAE,cAAc,EACzC,MAAM,EAAE,OAAO,GACd,OAAO,CAAC,YAAY,CAAC;IAelB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC;IASlE,OAAO,CAAC,UAAU;YAYJ,KAAK;IA4BnB,OAAO,CAAC,UAAU;IA6GlB,OAAO,CAAC,iBAAiB;CAmG1B"}
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../../orchestrator/client.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,MAAM,CAAA;AACnC,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAA;AA2BpD,OAAO,KAAK,EACV,WAAW,EACX,cAAc,EACd,YAAY,EACZ,WAAW,EACX,SAAS,EAET,cAAc,EACd,iBAAiB,EACjB,kBAAkB,EACnB,MAAM,SAAS,CAAA;AAchB,qBAAa,YAAY;IACvB,OAAO,CAAC,SAAS,CAAQ;IACzB,OAAO,CAAC,YAAY,CAAc;IAClC,OAAO,CAAC,YAAY,CAAC,CAAwB;gBAG3C,SAAS,EAAE,MAAM,EACjB,YAAY,EAAE,YAAY,EAC1B,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC;IAO5B,YAAY,CAChB,WAAW,EAAE,OAAO,EACpB,MAAM,CAAC,EAAE;QACP,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAA;QACnB,MAAM,CAAC,EAAE;YACP,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,EAAE,CAAA;SAC7B,CAAA;KACF,GACA,OAAO,CAAC,SAAS,CAAC;IA+Cf,cAAc,CAAC,KAAK,EAAE,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;IASxD,YAAY,CAAC,KAAK,EAAE,iBAAiB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAwDnE,YAAY,CAChB,yBAAyB,EAAE,cAAc,EACzC,MAAM,EAAE,OAAO,EACf,aAAa,CAAC,EAAE;QAAE,WAAW,EAAE,OAAO,CAAC;QAAC,WAAW,EAAE,OAAO,CAAA;KAAE,GAC7D,OAAO,CAAC,YAAY,CAAC;IAqBlB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC;YASpD,UAAU;YAWV,gBAAgB;YAgBhB,KAAK;IA4BnB,OAAO,CAAC,UAAU;IA6GlB,OAAO,CAAC,iBAAiB;CAmG1B"}

package/dist/src/orchestrator/client.js

@@ -12,12 +12,12 @@ function parseTokenAmountsRecord(record) {
 }
 class Orchestrator {
     serverUrl;
-    apiKey;
-    headers;
-    constructor(serverUrl, apiKey, headers) {
+    authProvider;
+    extraHeaders;
+    constructor(serverUrl, authProvider, headers) {
         this.serverUrl = serverUrl;
-        this.apiKey = apiKey;
-        this.headers = headers;
+        this.authProvider = authProvider;
+        this.extraHeaders = headers;
     }
     async getPortfolio(userAddress, filter) {
         const params = new URLSearchParams();
@@ -32,7 +32,7 @@ class Orchestrator {
         const url = new URL(`${this.serverUrl}/accounts/${userAddress}/portfolio`);
         url.search = params.toString();
         const json = await this.fetch(url.toString(), {
-            headers: this.getHeaders(),
+            headers: await this.getHeaders(),
         });
         const portfolioResponse = json.portfolio;
         const portfolio = portfolioResponse.map((tokenResponse) => ({
@@ -55,14 +55,14 @@ class Orchestrator {
         const body = (0, utils_1.convertBigIntFields)(input);
         return await this.fetch(`${this.serverUrl}/intents/route`, {
             method: 'POST',
-            headers: this.getHeaders(),
+            headers: await this.getHeaders(),
             body: JSON.stringify(body),
         });
     }
     async splitIntents(input) {
         const response = await fetch(`${this.serverUrl}/intents/split`, {
             method: 'POST',
-            headers: this.getHeaders(),
+            headers: await this.getHeaders(),
             body: JSON.stringify((0, utils_1.convertBigIntFields)({
                 chainId: input.chain.id,
                 tokens: input.tokens,
@@ -104,7 +104,7 @@ class Orchestrator {
         });
         throw new error_1.OrchestratorError({ message: 'Unexpected error' });
     }
-    async submitIntent(signedIntentOpUnformatted, dryRun) {
+    async submitIntent(signedIntentOpUnformatted, dryRun, policyContext) {
         const signedIntentOp = (0, utils_1.convertBigIntFields)(signedIntentOpUnformatted);
         if (dryRun) {
             signedIntentOp.options = {
@@ -112,27 +112,38 @@ class Orchestrator {
             };
         }
         const body = { signedIntentOp };
+        const headers = policyContext
+            ? await this.getSubmitHeaders(policyContext.intentInput, policyContext.isSponsored)
+            : await this.getHeaders();
         return await this.fetch(`${this.serverUrl}/intent-operations`, {
             method: 'POST',
-            headers: this.getHeaders(),
+            headers,
             body: JSON.stringify(body),
         });
     }
     async getIntentOpStatus(intentId) {
         return await this.fetch(`${this.serverUrl}/intent-operation/${intentId.toString()}`, {
-            headers: this.getHeaders(),
+            headers: await this.getHeaders(),
         });
     }
-    getHeaders() {
-        const headers = {
+    async getHeaders() {
+        const auth = await this.authProvider.getHeaders();
+        return {
             'Content-Type': 'application/json',
             'x-sdk-version': consts_1.SDK_VERSION,
             'x-api-version': consts_1.API_VERSION,
+            ...auth,
+            ...this.extraHeaders,
+        };
+    }
+    async getSubmitHeaders(intentInput, isSponsored) {
+        const auth = await this.authProvider.getSubmitHeaders(intentInput, isSponsored);
+        return {
+            'Content-Type': 'application/json',
+            'x-sdk-version': consts_1.SDK_VERSION,
+            ...auth,
+            ...this.extraHeaders,
         };
-        if (this.apiKey) {
-            headers['x-api-key'] = this.apiKey;
-        }
-        return { ...headers, ...this.headers };
     }
     async fetch(url, options) {
         const response = await fetch(url, options);

package/dist/src/orchestrator/consts.d.ts

@@ -1,6 +1,6 @@
 declare const PROD_ORCHESTRATOR_URL = "https://v1.orchestrator.rhinestone.dev";
 declare const RHINESTONE_SPOKE_POOL_ADDRESS = "0x000000000060f6e853447881951574cdd0663530";
-declare const SDK_VERSION = "1.4.2";
+declare const SDK_VERSION = "1.5.0";
 declare const API_VERSION = "2026-01.alps";
 export { PROD_ORCHESTRATOR_URL, RHINESTONE_SPOKE_POOL_ADDRESS, SDK_VERSION, API_VERSION, };
 //# sourceMappingURL=consts.d.ts.map

package/dist/src/orchestrator/consts.js

@@ -5,7 +5,7 @@ const PROD_ORCHESTRATOR_URL = 'https://v1.orchestrator.rhinestone.dev';
 exports.PROD_ORCHESTRATOR_URL = PROD_ORCHESTRATOR_URL;
 const RHINESTONE_SPOKE_POOL_ADDRESS = '0x000000000060f6e853447881951574cdd0663530';
 exports.RHINESTONE_SPOKE_POOL_ADDRESS = RHINESTONE_SPOKE_POOL_ADDRESS;
-const SDK_VERSION = '1.4.2';
+const SDK_VERSION = '1.5.0';
 exports.SDK_VERSION = SDK_VERSION;
 const API_VERSION = '2026-01.alps';
 exports.API_VERSION = API_VERSION;