@rhinestone/sdk 1.4.2 → 2.0.0-beta.0

package/README.md

@@ -31,6 +31,94 @@ npm install viem @rhinestone/sdk
 bun install viem @rhinestone/sdk
 ```
 
+## Authentication
+
+The SDK supports two authentication modes: **API key** and **JWT**.
+
+### API Key
+
+Pass the API key from the [Rhinestone dashboard](https://dashboard.rhinestone.dev):
+
+```ts
+const rhinestone = new RhinestoneSDK({
+  auth: {
+    mode: 'apiKey',
+    apiKey: 'your-api-key',
+  },
+})
+```
+
+### JWT (Experimental)
+
+JWT authentication uses RS256-signed tokens for fine-grained access control. There are two integration patterns depending on your architecture:
+
+#### Client-server (SDK runs in browser/client)
+
+When the SDK runs on the client and a separate backend holds the signing key, fetch tokens via HTTP:
+
+```ts
+const rhinestone = new RhinestoneSDK({
+  auth: {
+    mode: 'experimental_jwt',
+    accessToken: async () => {
+      const res = await fetch('/api/auth/token')
+      const { token } = await res.json()
+      return token
+    },
+    // Only needed for sponsored intents:
+    getIntentExtensionToken: async (intentInput) => {
+      const res = await fetch('/api/auth/extension-token', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ intentInput }),
+      })
+      const { token } = await res.json()
+      return token
+    },
+  },
+})
+```
+
+Your backend is responsible for signing JWTs with the correct claims. See the [JWT documentation](https://docs.rhinestone.dev) for the required token format.
+
+#### Same-host (SDK and signing key on the same server)
+
+When the SDK runs server-side with access to the private key, use `createJwtSigner` to sign tokens in-process without an HTTP round-trip:
+
+```ts
+import { createJwtSigner } from '@rhinestone/sdk/jwt-server'
+
+const signer = createJwtSigner({
+  jwt: {
+    privateKey: myJwk, // RS256 private key in JWK format
+    integratorId: 'int_abc',
+    projectId: 'proj_xyz',
+    appId: 'app_prod',
+    keyId: 'key_1',
+  },
+})
+
+const rhinestone = new RhinestoneSDK({
+  auth: { mode: 'experimental_jwt', ...signer },
+})
+```
+
+`createJwtSigner` returns `{ accessToken, getIntentExtensionToken }` — the same shape as the `auth` config, so you can spread it directly. It handles all claim structure, key caching, and intent digest computation internally.
+
+To control which intents your backend sponsors, pass `shouldSponsor` filters. The signer checks them before signing — denied requests throw a `SponsorshipDeniedError`:
+
+```ts
+import { createJwtSigner } from '@rhinestone/sdk/jwt-server'
+
+const signer = createJwtSigner({
+  // ...
+  shouldSponsor: {
+    chain: ({ id }) => [1, 8453, 10].includes(id),
+    account: async (address) => isUser(address),
+  },
+})
+```
+
 ## Quickstart
 
 Create a smart account:
@@ -38,7 +126,7 @@ Create a smart account:
 ```ts
 import { RhinestoneSDK } from '@rhinestone/sdk'
 
-const rhinestone = new RhinestoneSDK()
+const rhinestone = new RhinestoneSDK({ apiKey: 'your-api-key' })
 const account = await rhinestone.createAccount({
   owners: {
     type: 'ecdsa',

package/dist/src/accounts/error.d.ts

@@ -1,4 +1,4 @@
-import type { AccountType } from '../types';
+import type { AccountType } from '../types.js';
 declare class AccountError extends Error {
     private readonly _message;
     private readonly _context;

package/dist/src/accounts/error.js

@@ -1,7 +1,3 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.OwnersFieldRequiredError = exports.EoaSigningMethodNotConfiguredError = exports.EoaSigningNotSupportedError = exports.ModuleInstallationNotSupportedError = exports.WalletClientNoConnectedAccountError = exports.AccountConfigurationNotSupportedError = exports.Eip7702NotSupportedForAccountError = exports.SigningNotSupportedForAccountError = exports.SmartSessionsNotEnabledError = exports.FactoryArgsNotAvailableError = exports.EoaAccountMustHaveAccountError = exports.ExistingEip7702AccountsNotSupportedError = exports.Eip7702AccountMustHaveEoaError = exports.Eip712DomainNotAvailableError = exports.AccountError = void 0;
-exports.isAccountError = isAccountError;
 class AccountError extends Error {
     _message;
     _context;
@@ -27,7 +23,6 @@ class AccountError extends Error {
         return this._traceId;
     }
 }
-exports.AccountError = AccountError;
 class Eip7702AccountMustHaveEoaError extends AccountError {
     constructor(params) {
         super({
@@ -36,7 +31,6 @@ class Eip7702AccountMustHaveEoaError extends AccountError {
         });
     }
 }
-exports.Eip7702AccountMustHaveEoaError = Eip7702AccountMustHaveEoaError;
 class ExistingEip7702AccountsNotSupportedError extends AccountError {
     constructor(params) {
         super({
@@ -45,7 +39,6 @@ class ExistingEip7702AccountsNotSupportedError extends AccountError {
         });
     }
 }
-exports.ExistingEip7702AccountsNotSupportedError = ExistingEip7702AccountsNotSupportedError;
 class EoaAccountMustHaveAccountError extends AccountError {
     constructor(params) {
         super({
@@ -54,7 +47,6 @@ class EoaAccountMustHaveAccountError extends AccountError {
         });
     }
 }
-exports.EoaAccountMustHaveAccountError = EoaAccountMustHaveAccountError;
 class FactoryArgsNotAvailableError extends AccountError {
     constructor(params) {
         super({
@@ -63,7 +55,6 @@ class FactoryArgsNotAvailableError extends AccountError {
         });
     }
 }
-exports.FactoryArgsNotAvailableError = FactoryArgsNotAvailableError;
 class SmartSessionsNotEnabledError extends AccountError {
     constructor(params) {
         super({
@@ -72,7 +63,6 @@ class SmartSessionsNotEnabledError extends AccountError {
         });
     }
 }
-exports.SmartSessionsNotEnabledError = SmartSessionsNotEnabledError;
 class SigningNotSupportedForAccountError extends AccountError {
     constructor(params) {
         super({
@@ -81,7 +71,6 @@ class SigningNotSupportedForAccountError extends AccountError {
         });
     }
 }
-exports.SigningNotSupportedForAccountError = SigningNotSupportedForAccountError;
 class Eip7702NotSupportedForAccountError extends AccountError {
     constructor(account, params) {
         const accountName = getAccountName(account);
@@ -91,7 +80,6 @@ class Eip7702NotSupportedForAccountError extends AccountError {
         });
     }
 }
-exports.Eip7702NotSupportedForAccountError = Eip7702NotSupportedForAccountError;
 class AccountConfigurationNotSupportedError extends AccountError {
     constructor(message, account, params) {
         super({
@@ -100,7 +88,6 @@ class AccountConfigurationNotSupportedError extends AccountError {
         });
     }
 }
-exports.AccountConfigurationNotSupportedError = AccountConfigurationNotSupportedError;
 class WalletClientNoConnectedAccountError extends AccountError {
     constructor(params) {
         super({
@@ -109,7 +96,6 @@ class WalletClientNoConnectedAccountError extends AccountError {
         });
     }
 }
-exports.WalletClientNoConnectedAccountError = WalletClientNoConnectedAccountError;
 class ModuleInstallationNotSupportedError extends AccountError {
     constructor(account, params) {
         const accountName = getAccountName(account);
@@ -119,7 +105,6 @@ class ModuleInstallationNotSupportedError extends AccountError {
         });
     }
 }
-exports.ModuleInstallationNotSupportedError = ModuleInstallationNotSupportedError;
 class EoaSigningNotSupportedError extends AccountError {
     constructor(method, params) {
         super({
@@ -128,7 +113,6 @@ class EoaSigningNotSupportedError extends AccountError {
         });
     }
 }
-exports.EoaSigningNotSupportedError = EoaSigningNotSupportedError;
 class EoaSigningMethodNotConfiguredError extends AccountError {
     constructor(method, params) {
         super({
@@ -137,7 +121,6 @@ class EoaSigningMethodNotConfiguredError extends AccountError {
         });
     }
 }
-exports.EoaSigningMethodNotConfiguredError = EoaSigningMethodNotConfiguredError;
 class OwnersFieldRequiredError extends AccountError {
     constructor(params) {
         super({
@@ -146,7 +129,6 @@ class OwnersFieldRequiredError extends AccountError {
         });
     }
 }
-exports.OwnersFieldRequiredError = OwnersFieldRequiredError;
 class Eip712DomainNotAvailableError extends AccountError {
     constructor(message) {
         super({
@@ -154,7 +136,6 @@ class Eip712DomainNotAvailableError extends AccountError {
         });
     }
 }
-exports.Eip712DomainNotAvailableError = Eip712DomainNotAvailableError;
 function isAccountError(error) {
     return error instanceof AccountError;
 }
@@ -172,3 +153,4 @@ function getAccountName(account) {
             return 'EOA';
     }
 }
+export { isAccountError, AccountError, Eip712DomainNotAvailableError, Eip7702AccountMustHaveEoaError, ExistingEip7702AccountsNotSupportedError, EoaAccountMustHaveAccountError, FactoryArgsNotAvailableError, SmartSessionsNotEnabledError, SigningNotSupportedForAccountError, Eip7702NotSupportedForAccountError, AccountConfigurationNotSupportedError, WalletClientNoConnectedAccountError, ModuleInstallationNotSupportedError, EoaSigningNotSupportedError, EoaSigningMethodNotConfiguredError, OwnersFieldRequiredError, };

package/dist/src/accounts/index.d.ts

@@ -1,9 +1,9 @@
 import { type Chain, type HashTypedDataParameters, type Hex, type PublicClient, type TypedData } from 'viem';
-import type { Module } from '../modules/common';
-import type { ResolvedSessionSignerSet } from '../modules/validators/smart-sessions';
-import type { AccountProviderConfig, Call, OwnerSet, RhinestoneConfig, SignerSet } from '../types';
-import { AccountConfigurationNotSupportedError, AccountError, Eip712DomainNotAvailableError, Eip7702AccountMustHaveEoaError, Eip7702NotSupportedForAccountError, EoaAccountMustHaveAccountError, EoaSigningMethodNotConfiguredError, EoaSigningNotSupportedError, ExistingEip7702AccountsNotSupportedError, FactoryArgsNotAvailableError, isAccountError, ModuleInstallationNotSupportedError, OwnersFieldRequiredError, SigningNotSupportedForAccountError, SmartSessionsNotEnabledError, WalletClientNoConnectedAccountError } from './error';
-import { type ValidatorConfig } from './utils';
+import type { Module } from '../modules/common.js';
+import type { ResolvedSessionSignerSet } from '../modules/validators/smart-sessions.js';
+import type { AccountProviderConfig, Call, OwnerSet, RhinestoneConfig, SignerSet } from '../types.js';
+import { AccountConfigurationNotSupportedError, AccountError, Eip712DomainNotAvailableError, Eip7702AccountMustHaveEoaError, Eip7702NotSupportedForAccountError, EoaAccountMustHaveAccountError, EoaSigningMethodNotConfiguredError, EoaSigningNotSupportedError, ExistingEip7702AccountsNotSupportedError, FactoryArgsNotAvailableError, isAccountError, ModuleInstallationNotSupportedError, OwnersFieldRequiredError, SigningNotSupportedForAccountError, SmartSessionsNotEnabledError, WalletClientNoConnectedAccountError } from './error.js';
+import { type ValidatorConfig } from './utils.js';
 type InternalSignerSet = SignerSet | ResolvedSessionSignerSet;
 declare function getInitCode(config: RhinestoneConfig): {
     address: import("viem").Address;