@talken/talkenkit 2.5.1 → 2.5.3

package/dist/wallets/walletConnectors/chunk-5ERWBR7D.js

@@ -0,0 +1,977 @@
+"use client";
+import {
+  TalkenApiError
+} from "./chunk-4P3SPC44.js";
+import {
+  getCredentialManager
+} from "./chunk-36BJXEBA.js";
+import {
+  DEFAULT_TALKEN_API_CONFIG,
+  TALKEN_API_ENDPOINTS,
+  TOKEN_EXPIRY,
+  loadTgAccessKey
+} from "./chunk-6KRX73ED.js";
+
+// src/wallets/walletConnectors/abcWallet/api/TalkenApiClient.ts
+var STORAGE_KEY_PREFIX = "talken_api_";
+function loadToken(key) {
+  if (typeof window === "undefined")
+    return null;
+  try {
+    return localStorage.getItem(`${STORAGE_KEY_PREFIX}${key}`);
+  } catch {
+    return null;
+  }
+}
+function saveToken(key, value) {
+  if (typeof window === "undefined")
+    return;
+  try {
+    localStorage.setItem(`${STORAGE_KEY_PREFIX}${key}`, value);
+  } catch {
+  }
+}
+function removeToken(key) {
+  if (typeof window === "undefined")
+    return;
+  try {
+    localStorage.removeItem(`${STORAGE_KEY_PREFIX}${key}`);
+  } catch {
+  }
+}
+function normalizeAuthResponse(raw) {
+  const d = raw.data || raw;
+  const loginData = d.login || d;
+  return {
+    accessToken: loginData.access_token || loginData.accessToken || "",
+    refreshToken: loginData.refresh_token || loginData.refreshToken || "",
+    expiresIn: loginData.expires_in || loginData.expire_in || loginData.expiresIn || 3600,
+    uid: d.uid || loginData.uid || "",
+    email: d.email || loginData.email || "",
+    isNewUser: d.isNewUser
+  };
+}
+var TalkenAuthModule = class {
+  constructor(client) {
+    this.client = client;
+  }
+  /**
+   * Login with email and password
+   * POST /wallet/auth { action: 'login', method: 'password', email, password }
+   */
+  async loginWithPassword(email, password) {
+    const raw = await this.client.post(
+      TALKEN_API_ENDPOINTS.AUTH,
+      { action: "login", method: "password", email, password },
+      { skipAuth: true }
+    );
+    const res = normalizeAuthResponse(raw);
+    this.client.handleAuthResponse(res);
+    return res;
+  }
+  /**
+   * Send OTP code to email
+   * POST /wallet/auth { action: 'otp.send', email }
+   */
+  async sendOtp(email) {
+    const raw = await this.client.post(
+      TALKEN_API_ENDPOINTS.AUTH,
+      { action: "otp.send", email },
+      { skipAuth: true }
+    );
+    const res = raw;
+    if (res.success === false) {
+      const data = res.data || {};
+      throw new Error(data.msg || res.error || "OTP send failed");
+    }
+    return res.data || raw;
+  }
+  /**
+   * Verify OTP code
+   * POST /wallet/auth { action: 'otp.verify', email, otpCode }
+   */
+  async verifyOtp(email, otpCode) {
+    const raw = await this.client.post(
+      TALKEN_API_ENDPOINTS.AUTH,
+      { action: "otp.verify", email, otpCode },
+      { skipAuth: true }
+    );
+    const res = raw;
+    if (res.success === false) {
+      const data = res.data || {};
+      throw new Error(data.msg || res.error || "OTP verification failed");
+    }
+    return res.data || raw;
+  }
+  /**
+   * Check if email is already registered
+   * POST /wallet/auth { action: 'email.check', email }
+   * Returns code 606 if email exists
+   */
+  async checkEmail(email) {
+    const raw = await this.client.post(
+      TALKEN_API_ENDPOINTS.AUTH,
+      { action: "email.check", email },
+      { skipAuth: true }
+    );
+    const d = raw.data || raw;
+    return {
+      code: d.code,
+      message: d.message,
+      exists: d.code === 606
+    };
+  }
+  /**
+   * Register a new user (creates account + auto-login)
+   * POST /wallet/auth { action: 'register', email, otpCode, password, name? }
+   */
+  async register(params) {
+    const raw = await this.client.post(
+      TALKEN_API_ENDPOINTS.AUTH,
+      { action: "register", ...params },
+      { skipAuth: true }
+    );
+    const res = normalizeAuthResponse(raw);
+    this.client.handleAuthResponse(res);
+    return res;
+  }
+  /**
+   * Reset password for existing user
+   * POST /wallet/auth { action: 'password.reset', email, newPassword, emailCode }
+   */
+  async resetPassword(email, newPassword, emailCode) {
+    const raw = await this.client.post(
+      TALKEN_API_ENDPOINTS.AUTH,
+      { action: "password.reset", email, newPassword, emailCode },
+      { skipAuth: true }
+    );
+    return raw.data || raw;
+  }
+  /**
+   * Login with social provider (Google, Apple, Kakao, etc.)
+   * POST /wallet/auth { action: 'login', method: 'sns', token, service, audience? }
+   */
+  async loginWithSns(params) {
+    const raw = await this.client.post(
+      TALKEN_API_ENDPOINTS.AUTH,
+      {
+        action: "login",
+        method: "sns",
+        token: params.token,
+        service: params.service,
+        ...params.audience && { audience: params.audience }
+      },
+      { skipAuth: true }
+    );
+    const res = normalizeAuthResponse(raw);
+    this.client.handleAuthResponse(res);
+    return res;
+  }
+  /**
+   * Refresh access token
+   * POST /wallet/auth { action: 'token.refresh', refreshToken }
+   */
+  async refresh() {
+    const refreshToken = this.client.getRefreshToken();
+    if (!refreshToken) {
+      throw new TalkenApiError(
+        "TOKEN_EXPIRED",
+        "No refresh token available",
+        401
+      );
+    }
+    const raw = await this.client.post(
+      TALKEN_API_ENDPOINTS.AUTH,
+      { action: "token.refresh", refreshToken },
+      { skipAuth: true }
+    );
+    const res = normalizeAuthResponse(raw);
+    this.client.handleAuthResponse(res);
+    return res;
+  }
+  /**
+   * Server-side unified onboarding: email + OTP → access key + wallets.
+   * POST /wallet/auth { action: 'ensure-user', email, otpCode, accessKeyName }
+   */
+  async ensureUser(email, otpCode, accessKeyName = "talkenkit") {
+    const raw = await this.client.post(
+      TALKEN_API_ENDPOINTS.AUTH,
+      { action: "ensure-user", email, otpCode, accessKeyName },
+      { skipAuth: true }
+    );
+    return raw.data || raw;
+  }
+  /**
+   * Create an Access Key for delegated authentication
+   * POST /agent/access-keys { name, pin, refreshToken, email, ttlSeconds }
+   */
+  async createAccessKey(params) {
+    const raw = await this.client.post(
+      TALKEN_API_ENDPOINTS.ACCESS_KEYS,
+      params
+    );
+    const d = raw.data || raw;
+    return {
+      accessKey: d.accessKey,
+      keyId: d.keyId,
+      expiresAt: d.expiresAt
+    };
+  }
+  /**
+   * Logout (clear local session only — no server endpoint)
+   */
+  logout() {
+    this.client.clearSession();
+  }
+};
+var TalkenWalletModule = class {
+  constructor(client) {
+    this.client = client;
+  }
+  /**
+   * Generate/recover MPC wallets (create = idempotent generate/recover)
+   * POST /wallet/mpc { action: 'create', email?, pin }
+   *
+   * @param pin - SHA-256 hashed PIN
+   * @param email - User email (optional; server resolves from bearer token if omitted)
+   */
+  async generate(pin, email) {
+    return this.client.post(TALKEN_API_ENDPOINTS.WALLET_MPC, {
+      action: "create",
+      ...email && { email },
+      pin
+    });
+  }
+  /**
+   * Recover is the same as generate (create is idempotent)
+   */
+  async recover(pin, email) {
+    return this.generate(pin, email);
+  }
+  /**
+   * Get wallet info
+   * POST /wallet/mpc { action: 'info' }
+   */
+  async getInfo() {
+    return this.client.post(TALKEN_API_ENDPOINTS.WALLET_MPC, {
+      action: "info"
+    });
+  }
+  /**
+   * Get addresses for all chains
+   * POST /wallet/address { chain: 'all' }
+   */
+  async getAddresses() {
+    return this.client.post(TALKEN_API_ENDPOINTS.WALLET_ADDRESS, {
+      chain: "all"
+    });
+  }
+  /**
+   * Get addresses for a specific chain
+   * POST /wallet/address { chain, publicKey?, pin? }
+   */
+  async getAddressForChain(chain, publicKey, pin) {
+    return this.client.post(TALKEN_API_ENDPOINTS.WALLET_ADDRESS, {
+      chain,
+      ...publicKey && { publicKey },
+      ...pin && { pin }
+    });
+  }
+};
+function withCachedEvmCreds(params) {
+  if (typeof window === "undefined")
+    return params;
+  try {
+    const creds = getCredentialManager().getEvmSigningCredentials();
+    if (creds)
+      return { ...params, evmCreds: creds };
+  } catch {
+  }
+  return params;
+}
+var TalkenEvmModule = class {
+  constructor(client) {
+    this.client = client;
+  }
+  /**
+   * Sign EVM transaction (sign only, no broadcast)
+   * POST /wallet/sign/evm { network, to, from?, value?, data?, ... }
+   * Server handles SecureChannel internally
+   */
+  async signTransaction(params) {
+    return this.client.post(
+      TALKEN_API_ENDPOINTS.SIGN_EVM,
+      withCachedEvmCreds(params)
+    );
+  }
+  /**
+   * Sign EIP-712 typed data
+   * POST /wallet/sign/evm/typed { network, typedData }
+   */
+  async signTypedData(params) {
+    return this.client.post(
+      TALKEN_API_ENDPOINTS.SIGN_TYPED,
+      withCachedEvmCreds(params)
+    );
+  }
+  /**
+   * Sign personal message (EIP-191)
+   * POST /wallet/sign/evm/personal { network, message, address? }
+   */
+  async signPersonal(params) {
+    const res = await this.client.post(
+      TALKEN_API_ENDPOINTS.SIGN_PERSONAL,
+      withCachedEvmCreds(params)
+    );
+    return {
+      signature: res?.signature ?? res?.serializedTx ?? "",
+      txHash: res?.txHash ?? res?.rawTx
+    };
+  }
+  /**
+   * Sign EIP-7702 authorization payload
+   * POST /wallet/sign/authorization { network, authorization, pin? }
+   */
+  async signAuthorization(params) {
+    return this.client.post(
+      TALKEN_API_ENDPOINTS.SIGN_AUTHORIZATION,
+      withCachedEvmCreds(params)
+    );
+  }
+  /**
+   * Broadcast signed transaction
+   * POST /wallet/tx/raw { network, signedSerializeTx }
+   */
+  async sendRawTransaction(params) {
+    return this.client.post(
+      TALKEN_API_ENDPOINTS.TX_RAW,
+      params
+    );
+  }
+  /**
+   * Integrated EVM transfer (sign + broadcast)
+   * POST /wallet/tx/evm { chainKey, to, amountWei, pin, ... }
+   */
+  async sendTransaction(params) {
+    return this.client.post(
+      TALKEN_API_ENDPOINTS.TX_EVM,
+      withCachedEvmCreds(params)
+    );
+  }
+  /**
+   * Get gas price
+   * GET /wallet/gas/price?network=
+   */
+  async getGasPrice(network) {
+    return this.client.get(
+      `${TALKEN_API_ENDPOINTS.GAS_PRICE}?network=${encodeURIComponent(network)}`
+    );
+  }
+  /**
+   * Get suggested gas fees (EIP-1559)
+   * GET /wallet/gas/suggested?network=
+   */
+  async getGasSuggested(network) {
+    return this.client.get(
+      `${TALKEN_API_ENDPOINTS.GAS_SUGGESTED}?network=${encodeURIComponent(network)}`
+    );
+  }
+  /**
+   * Estimate gas
+   * POST /wallet/gas/estimate { network, from, to, value?, data? }
+   */
+  async estimateGas(params) {
+    return this.client.post(
+      TALKEN_API_ENDPOINTS.GAS_ESTIMATE,
+      params
+    );
+  }
+  /**
+   * Get nonce for address
+   * GET /wallet/nonce?network=&address=
+   */
+  async getNonce(network, address) {
+    const qs = new URLSearchParams({ network, address }).toString();
+    return this.client.get(`${TALKEN_API_ENDPOINTS.NONCE}?${qs}`);
+  }
+  /**
+   * Get native balance for address
+   * GET /wallet/address/balance?network=&address=
+   */
+  async getBalance(network, address) {
+    const qs = new URLSearchParams({ network, address }).toString();
+    return this.client.get(`${TALKEN_API_ENDPOINTS.ADDRESS_BALANCE}?${qs}`);
+  }
+  /**
+   * Execute read-only eth_call
+   * POST /wallet/contract/eth-call { network, to, data, from? }
+   */
+  async ethCall(params) {
+    return this.client.post(TALKEN_API_ENDPOINTS.ETH_CALL, params);
+  }
+};
+var TalkenSolanaModule = class {
+  constructor(client) {
+    this.client = client;
+  }
+  async getLatestBlockhash(network) {
+    const qs = new URLSearchParams({ network }).toString();
+    return this.client.get(
+      `${TALKEN_API_ENDPOINTS.SOLANA_LATEST_BLOCKHASH}?${qs}`,
+      {
+        skipAuth: true
+      }
+    );
+  }
+  async getTransactionStatus(params) {
+    const qs = new URLSearchParams({
+      network: params.network,
+      signature: params.signature
+    }).toString();
+    return this.client.get(`${TALKEN_API_ENDPOINTS.SOLANA_TX_STATUS}?${qs}`, {
+      skipAuth: true
+    });
+  }
+  /**
+   * Transfer SOL or SPL token (integrated sign + broadcast)
+   * POST /wallet/tx/sol
+   * - kind='native': { toAddress, amountLamports, pin }
+   * - kind='spl':    { toAddress, mintAddress, amount, decimals, network, pin }
+   */
+  async transfer(params) {
+    return this.client.post(
+      TALKEN_API_ENDPOINTS.TX_SOL,
+      params
+    );
+  }
+  /**
+   * Sign Solana transaction or message (sign-only, no broadcast)
+   * POST /wallet/sign/sol
+   *
+   * Two modes:
+   * - PIN mode: { message, pin } — server resolves signing material
+   * - Share mode: { message, keyId, encryptedShare } — no PIN required (for signMessage)
+   *
+   * @returns Ed25519 signature (hex) and optionally public key
+   */
+  async sign(params) {
+    return this.client.post(
+      TALKEN_API_ENDPOINTS.SIGN_SVM,
+      params
+    );
+  }
+};
+var TalkenBitcoinModule = class {
+  constructor(client) {
+    this.client = client;
+  }
+  /**
+   * BTC fee rate lookup
+   * GET /wallet/btc?mode=fee&network=&blocks=
+   */
+  async getFeeRate(network, blocks) {
+    const qs = new URLSearchParams({
+      mode: "fee",
+      network,
+      ...typeof blocks === "number" ? { blocks: String(blocks) } : {}
+    }).toString();
+    return this.client.get(
+      `${TALKEN_API_ENDPOINTS.WALLET_BTC}?${qs}`
+    );
+  }
+  /**
+   * BTC tx status by hash
+   * GET /wallet/btc?mode=txHash&network=&txHash=
+   */
+  async getTxByHash(txHash, network) {
+    const qs = new URLSearchParams({
+      mode: "txHash",
+      network,
+      txHash
+    }).toString();
+    return this.client.get(
+      `${TALKEN_API_ENDPOINTS.WALLET_BTC}?${qs}`
+    );
+  }
+  /**
+   * BTC UTXO list
+   * GET /wallet/btc?mode=utxos&network=&address=
+   */
+  async getUtxos(network, address) {
+    const qs = new URLSearchParams({
+      mode: "utxos",
+      network,
+      ...address ? { address } : {}
+    }).toString();
+    return this.client.get(
+      `${TALKEN_API_ENDPOINTS.WALLET_BTC}?${qs}`
+    );
+  }
+  /**
+   * BTC address validation
+   * GET /wallet/btc?mode=validateAddress&network=&address=
+   */
+  async validateAddress(address, network) {
+    const qs = new URLSearchParams({
+      mode: "validateAddress",
+      network,
+      address
+    }).toString();
+    return this.client.get(
+      `${TALKEN_API_ENDPOINTS.WALLET_BTC}?${qs}`
+    );
+  }
+  /**
+   * Send BTC (integrated sign + broadcast, action=transfer)
+   * POST /wallet/tx/btc
+   */
+  async sendTransaction(params) {
+    const payload = { action: "transfer", ...params };
+    return this.client.post(
+      TALKEN_API_ENDPOINTS.TX_BTC,
+      withCachedEvmCreds(payload)
+    );
+  }
+  /**
+   * Execute BTC action endpoint (transfer|generate|signHash|finalize)
+   * POST /wallet/tx/btc
+   */
+  async execute(params) {
+    return this.client.post(
+      TALKEN_API_ENDPOINTS.TX_BTC,
+      withCachedEvmCreds(params)
+    );
+  }
+  /**
+   * Sign raw hash via secp256k1 MPC (universal: EVM/BTC/TVM)
+   * POST /wallet/sign/hash { hash, pin, network? }
+   */
+  async signHash(params) {
+    return this.client.post(
+      TALKEN_API_ENDPOINTS.SIGN_HASH,
+      withCachedEvmCreds(params)
+    );
+  }
+  /**
+   * Broadcast raw BTC transaction
+   * POST /wallet/tx/raw { network, signedSerializeTx }
+   */
+  async broadcastRawTransaction(params) {
+    return this.client.post(TALKEN_API_ENDPOINTS.TX_RAW, {
+      network: params.network,
+      signedSerializeTx: params.rawTransaction
+    });
+  }
+};
+var TalkenTronModule = class {
+  constructor(client) {
+    this.client = client;
+  }
+  /**
+   * Execute TVM(TRON) transfer/call (integrated sign + broadcast)
+   * POST /wallet/tx/tvm
+   * - kind=native: TRX transfer (amountSun)
+   * - kind=trc20: TRC-20 transfer (contractAddress + amount)
+   * - kind=contract: arbitrary contract call (contractAddress + data)
+   */
+  async transferTrx(params) {
+    return this.client.post(
+      TALKEN_API_ENDPOINTS.TX_TVM,
+      params
+    );
+  }
+  /**
+   * Get TRON account info (balance, resource, permissions)
+   * GET /wallet/tron?mode=account&network=&address=
+   */
+  async getAccount(network, address) {
+    return this.client.get(
+      `${TALKEN_API_ENDPOINTS.TRON_UTIL}?mode=account&network=${encodeURIComponent(network)}&address=${encodeURIComponent(address)}`
+    );
+  }
+  /**
+   * Get TRC20 token balance
+   * GET /wallet/tron?mode=trc20Balance&network=&address=&contractAddress=
+   */
+  async getTrc20Balance(network, address, contractAddress) {
+    return this.client.get(
+      `${TALKEN_API_ENDPOINTS.TRON_UTIL}?mode=trc20Balance&network=${encodeURIComponent(network)}&address=${encodeURIComponent(address)}&contractAddress=${encodeURIComponent(contractAddress)}`
+    );
+  }
+};
+var TalkenWalletscanModule = class {
+  constructor(client) {
+    this.client = client;
+  }
+  /**
+   * Get all wallet tokens with balances
+   * GET /wallet/scan?type=tokens&chainKeys=...&walletAddress=...
+   */
+  async getTokens(params) {
+    const qs = new URLSearchParams({
+      type: "tokens",
+      chainKeys: params.chainKeys,
+      walletAddress: params.walletAddress
+    }).toString();
+    return this.client.get(
+      `${TALKEN_API_ENDPOINTS.WALLET_SCAN}?${qs}`
+    );
+  }
+  /**
+   * Get token metadata by contract address
+   * GET /wallet/scan?type=tokens&chainKeys=...&contractAddress=...
+   */
+  async getToken(params) {
+    const qs = new URLSearchParams({
+      type: "tokens",
+      chainKeys: params.chainKeys,
+      contractAddress: params.contractAddress
+    }).toString();
+    return this.client.get(
+      `${TALKEN_API_ENDPOINTS.WALLET_SCAN}?${qs}`
+    );
+  }
+  /**
+   * Get native coin balances
+   * GET /wallet/scan?type=natives&chainKeys=...&walletAddress=...
+   */
+  async getNativeTokens(params) {
+    const qs = new URLSearchParams({
+      type: "natives",
+      chainKeys: params.chainKeys,
+      walletAddress: params.walletAddress
+    }).toString();
+    return this.client.get(
+      `${TALKEN_API_ENDPOINTS.WALLET_SCAN}?${qs}`
+    );
+  }
+  /**
+   * Get NFT metadata
+   * GET /wallet/scan?type=nfts&chainKeys=...&walletAddress=...
+   */
+  async getNfts(params) {
+    const qs = new URLSearchParams({
+      type: "nfts",
+      chainKeys: params.chainKeys,
+      walletAddress: params.walletAddress
+    }).toString();
+    return this.client.get(
+      `${TALKEN_API_ENDPOINTS.WALLET_SCAN}?${qs}`
+    );
+  }
+};
+var TalkenApiClient = class _TalkenApiClient {
+  constructor(config) {
+    this.accessToken = null;
+    this.refreshToken_ = null;
+    this.expiresAt = null;
+    this.accessKeyRaw = null;
+    this.isRefreshing = false;
+    this.refreshPromise = null;
+    this.config = {
+      baseUrl: config?.baseUrl || DEFAULT_TALKEN_API_CONFIG.baseUrl || "",
+      timeout: config?.timeout || DEFAULT_TALKEN_API_CONFIG.timeout,
+      environment: config?.environment || "development",
+      defaultChainId: config?.defaultChainId,
+      debug: config?.debug || false
+    };
+    this.auth = new TalkenAuthModule(this);
+    this.wallet = new TalkenWalletModule(this);
+    this.evm = new TalkenEvmModule(this);
+    this.solana = new TalkenSolanaModule(this);
+    this.bitcoin = new TalkenBitcoinModule(this);
+    this.tron = new TalkenTronModule(this);
+    this.walletscan = new TalkenWalletscanModule(this);
+    this.restoreSession();
+  }
+  // ── Session Management ──────────────────────────────────────────────
+  restoreSession() {
+    this.accessKeyRaw = loadToken("access_key_raw");
+    if (this.accessKeyRaw) {
+      return;
+    }
+    this.accessToken = loadToken("access_token");
+    this.refreshToken_ = loadToken("refresh_token");
+    const expiresAtStr = loadToken("expires_at");
+    this.expiresAt = expiresAtStr ? Number(expiresAtStr) : null;
+  }
+  /** @internal Called by auth module after successful login/register */
+  handleAuthResponse(response) {
+    this.accessToken = response.accessToken;
+    this.refreshToken_ = response.refreshToken;
+    this.expiresAt = Date.now() + response.expiresIn * 1e3;
+    saveToken("access_token", response.accessToken);
+    saveToken("refresh_token", response.refreshToken);
+    saveToken("expires_at", String(this.expiresAt));
+  }
+  /** @internal Clear all session data */
+  clearSession() {
+    this.accessToken = null;
+    this.refreshToken_ = null;
+    this.expiresAt = null;
+    this.accessKeyRaw = null;
+    removeToken("access_token");
+    removeToken("refresh_token");
+    removeToken("expires_at");
+    removeToken("access_key_raw");
+  }
+  static {
+    /** All known access key prefixes (any environment). */
+    this.KNOWN_AK_PREFIXES = [
+      "talken_live_",
+      "talken_stg_",
+      "talken_dev_",
+      "talken_local_"
+    ];
+  }
+  /** Validate access key format: talken_<env>_<publicId>.<secret> */
+  static isValidAccessKeyFormat(key) {
+    const trimmed = key.trim();
+    for (const prefix of _TalkenApiClient.KNOWN_AK_PREFIXES) {
+      if (trimmed.startsWith(prefix)) {
+        const payload = trimmed.slice(prefix.length);
+        const dot = payload.indexOf(".");
+        if (dot < 1)
+          return false;
+        return payload.slice(0, dot).length > 0 && payload.slice(dot + 1).length > 0;
+      }
+    }
+    return false;
+  }
+  /**
+   * Set Access Key and switch to Access Key mode.
+   * Accepts any known env prefix (talken_live_, talken_stg_, talken_dev_, talken_local_).
+   */
+  setAccessKey(key) {
+    const trimmed = key.trim();
+    if (!_TalkenApiClient.isValidAccessKeyFormat(trimmed)) {
+      throw new Error(
+        "Invalid access key format. Expected: talken_<env>_<publicId>.<secret>"
+      );
+    }
+    this.accessKeyRaw = trimmed;
+    saveToken("access_key_raw", trimmed);
+    this.accessToken = null;
+    this.refreshToken_ = null;
+    this.expiresAt = null;
+    removeToken("access_token");
+    removeToken("refresh_token");
+    removeToken("expires_at");
+  }
+  /**
+   * Clear Access Key
+   */
+  clearAccessKey() {
+    this.accessKeyRaw = null;
+    removeToken("access_key_raw");
+  }
+  /**
+   * Check if running in Access Key mode
+   */
+  isAccessKeyMode() {
+    return !!this.accessKeyRaw;
+  }
+  /**
+   * Check if user is authenticated (has valid access token)
+   */
+  isAuthenticated() {
+    if (this.accessKeyRaw)
+      return true;
+    return !!this.accessToken && !this.isTokenExpired();
+  }
+  /**
+   * Check if current access token is expired
+   */
+  isTokenExpired() {
+    if (!this.expiresAt)
+      return true;
+    return Date.now() >= this.expiresAt - TOKEN_EXPIRY.REFRESH_BUFFER;
+  }
+  /**
+   * Get current access token
+   */
+  getAccessToken() {
+    return this.accessToken;
+  }
+  /**
+   * Get current refresh token
+   * @internal Used by auth module for token refresh
+   */
+  getRefreshToken() {
+    return this.refreshToken_;
+  }
+  /**
+   * Get client configuration
+   */
+  getConfig() {
+    return { ...this.config };
+  }
+  /**
+   * Set tokens externally (useful for SSR or state management integration)
+   */
+  setTokens(accessToken, refreshToken, expiresAt) {
+    this.accessToken = accessToken;
+    this.refreshToken_ = refreshToken;
+    this.expiresAt = expiresAt;
+    saveToken("access_token", accessToken);
+    saveToken("refresh_token", refreshToken);
+    saveToken("expires_at", String(expiresAt));
+  }
+  // ── HTTP Methods (Internal) ─────────────────────────────────────────
+  /** @internal Make a GET request */
+  async get(endpoint, options) {
+    return this.request(endpoint, { method: "GET", ...options });
+  }
+  /** @internal Make a POST request */
+  async post(endpoint, body, options) {
+    return this.request(endpoint, { method: "POST", body, ...options });
+  }
+  /**
+   * Core HTTP request handler with automatic token refresh
+   * @internal
+   */
+  async request(endpoint, options) {
+    const { method, body, skipAuth = false } = options;
+    if (!skipAuth && !this.accessKeyRaw && this.isTokenExpired() && this.refreshToken_) {
+      await this.ensureTokenRefreshed();
+    }
+    const url = `${this.config.baseUrl}${endpoint}`;
+    const headers = {
+      "Content-Type": "application/json",
+      Accept: "application/json"
+    };
+    if (!skipAuth) {
+      if (this.accessKeyRaw) {
+        headers["X-Access-Key"] = this.accessKeyRaw;
+      } else if (this.accessToken) {
+        headers.Authorization = `Bearer ${this.accessToken}`;
+      } else {
+        const tgAk = loadTgAccessKey();
+        if (tgAk) {
+          headers["X-Access-Key"] = tgAk;
+        }
+      }
+    }
+    if (this.config.debug) {
+      console.log(`[TalkenApiClient] ${method} ${url}`);
+    }
+    try {
+      const controller = new AbortController();
+      const timeoutId = setTimeout(
+        () => controller.abort(),
+        this.config.timeout || 3e4
+      );
+      const response = await fetch(url, {
+        method,
+        headers,
+        body: body ? JSON.stringify(body) : void 0,
+        signal: controller.signal,
+        credentials: "include"
+      });
+      clearTimeout(timeoutId);
+      const text = await response.text();
+      let data;
+      if (text) {
+        try {
+          data = JSON.parse(text);
+        } catch {
+          throw new TalkenApiError(
+            "PARSE_ERROR",
+            "Invalid JSON response from server",
+            response.status,
+            { text: text.substring(0, 200) }
+          );
+        }
+      } else {
+        data = { success: true };
+      }
+      if (response.status === 401 && !skipAuth) {
+        if (this.accessKeyRaw) {
+          if (typeof window !== "undefined") {
+            window.dispatchEvent(
+              new CustomEvent("talkenkit:access_key_expired")
+            );
+          }
+          throw new TalkenApiError(
+            "ACCESS_KEY_EXPIRED",
+            "Access key expired. Please login again.",
+            401
+          );
+        }
+        if (this.refreshToken_) {
+          try {
+            await this.forceTokenRefresh();
+            return this.request(endpoint, { ...options, skipAuth: true });
+          } catch {
+            this.clearSession();
+            throw new TalkenApiError(
+              "TOKEN_EXPIRED",
+              "Session expired. Please login again.",
+              401
+            );
+          }
+        }
+      }
+      if (!response.ok) {
+        const errCode = data.error?.code || "UNKNOWN_ERROR";
+        const errMsg = data.error?.message || `Request failed with status ${response.status}`;
+        if (this.config.debug) {
+          console.error(`[TalkenApiClient] Error: ${errCode} - ${errMsg}`);
+        }
+        throw new TalkenApiError(
+          errCode,
+          errMsg,
+          response.status,
+          data.error?.details || data.details
+        );
+      }
+      return data.data ?? data;
+    } catch (error) {
+      if (error instanceof TalkenApiError) {
+        throw error;
+      }
+      if (error instanceof DOMException && error.name === "AbortError") {
+        throw new TalkenApiError("TIMEOUT", "Request timed out", 408);
+      }
+      const errorMessage = error instanceof Error ? error.message : "Network request failed";
+      throw new TalkenApiError("NETWORK_ERROR", errorMessage, 0);
+    }
+  }
+  /**
+   * Ensure token is refreshed (handles concurrent requests)
+   */
+  async ensureTokenRefreshed() {
+    if (this.isRefreshing && this.refreshPromise) {
+      await this.refreshPromise;
+      return;
+    }
+    await this.forceTokenRefresh();
+  }
+  /**
+   * Force a token refresh
+   */
+  async forceTokenRefresh() {
+    if (this.isRefreshing && this.refreshPromise) {
+      await this.refreshPromise;
+      return;
+    }
+    this.isRefreshing = true;
+    this.refreshPromise = (async () => {
+      try {
+        await this.auth.refresh();
+      } finally {
+        this.isRefreshing = false;
+        this.refreshPromise = null;
+      }
+    })();
+    await this.refreshPromise;
+  }
+};
+function createTalkenApiClient(config) {
+  return new TalkenApiClient(config);
+}
+
+export {
+  TalkenApiClient,
+  createTalkenApiClient
+};