@veridex/sdk 1.0.1 → 1.1.1

package/dist/index.js

@@ -90,7 +90,7 @@ var init_constants = __esm({
         SOLANA_DEVNET: 1,
         GOERLI: 2,
         BSC_TESTNET: 4,
-        POLYGON_MUMBAI: 5,
+        POLYGON_AMOY: 10007,
         AVALANCHE_FUJI: 6,
         FANTOM_TESTNET: 10,
         CELO_ALFAJORES: 14,
@@ -152,7 +152,7 @@ var init_constants = __esm({
       SOLANA_DEVNET: 1,
       GOERLI: 2,
       BSC_TESTNET: 4,
-      POLYGON_MUMBAI: 5,
+      POLYGON_AMOY: 10007,
       AVALANCHE_FUJI: 6,
       FANTOM_TESTNET: 10,
       CELO_ALFAJORES: 14,
@@ -173,13 +173,12 @@ var init_constants = __esm({
         chainId: 84532,
         wormholeChainId: 10004,
         rpcUrl: "https://sepolia.base.org",
-        // Public CORS-friendly RPC
         explorerUrl: "https://sepolia.basescan.org",
         isEvm: true,
         contracts: {
-          hub: "0x23a39c294891703146c3607e1FEEB5Fe78F7F28d",
-          vaultFactory: "0x31e8dc9428575334739754Ab2bdB0E8b9Dc707FD",
-          vaultImplementation: "0xD65E996CD6d5B01689dc54ad30B51f1D88a100f5",
+          hub: "0xD5D29b6EaeE6FF4b765e704298a7e48D22607059",
+          vaultFactory: "0xb25b73D5FeD5693dcd1Bb78f8e33387B59A022EC",
+          vaultImplementation: "0x2CB8397df988c1880d9e5cFfF65bfC22D7D90EE6",
           wormholeCoreBridge: "0x79A1027a6A159502049F10906D333EC57E95F083",
           tokenBridge: "0x86F55A04690fd7815A3D802bD587e83eA888B239"
         }
@@ -192,8 +191,8 @@ var init_constants = __esm({
         explorerUrl: "https://sepolia.etherscan.io",
         isEvm: true,
         contracts: {
-          vaultFactory: "0x52a6dc19C11b3B53B434Fc7f6D31F8b62ed18F0a",
-          vaultImplementation: "0xfab72dd1fd3AD79f738B49506f32251B60c95f01",
+          vaultFactory: "0x265c10763B4d16AD970bC3d7670c645e37f63AF4",
+          vaultImplementation: "0x942426C94652ebC48f4f404928016B95ADb1DA25",
           wormholeCoreBridge: "0x4a8bc80Ed5a4067f1CCf107057b8270E0cC11A78",
           tokenBridge: "0xDB5492265f6038831E89f495670FF909aDe94bd9"
         }
@@ -206,8 +205,8 @@ var init_constants = __esm({
         explorerUrl: "https://sepolia-optimism.etherscan.io",
         isEvm: true,
         contracts: {
-          vaultFactory: "0x347feeaBB5655a7a80b56D8D554DA30BE6c28225",
-          vaultImplementation: "0x26C4FD8fC66150ef5964562F7A69271fB0cd02A4",
+          vaultFactory: "0x3c5e4aCdC8Cd53ae5ae603B4c511885191fBb868",
+          vaultImplementation: "0xA45dBF322c5A3028687fEEB161603d3BCe02e119",
           wormholeCoreBridge: "0x31377888146f3253211EFEf5c676D41ECe7D58Fe",
           tokenBridge: "0x99737Ec4B815d816c49A385943baf0380e75c0Ac"
         }
@@ -220,24 +219,52 @@ var init_constants = __esm({
         explorerUrl: "https://sepolia.arbiscan.io",
         isEvm: true,
         contracts: {
-          vaultFactory: "0x708eEE22621A64CDF51d98d3e8D97902D7dF52dD",
-          vaultImplementation: "0x9f74Dc14A98E59df7AEC5571a2B9E329153dF5Cd",
+          vaultFactory: "0xB9C3e6bad3c6f26956be4a4bb5a366376Fd3045D",
+          vaultImplementation: "0x8601881b94B68B09b485f407317686103d3CB681",
           wormholeCoreBridge: "0x6b9C8671cdDC8dEab9c719bB87cBd3e782bA6a35",
           tokenBridge: "0xC7A204bDBFe983FCD8d8E61D02b475D4073fF97e"
         }
       },
-      seiTestnet: {
-        name: "Sei Atlantic-2",
-        chainId: 1328,
-        wormholeChainId: 40,
-        rpcUrl: "https://evm-rpc-testnet.sei-apis.com",
-        explorerUrl: "https://seitrace.com/?chain=atlantic-2",
+      monadTestnet: {
+        name: "Monad Testnet",
+        chainId: 10143,
+        wormholeChainId: 10048,
+        rpcUrl: "https://testnet-rpc.monad.xyz",
+        explorerUrl: "https://testnet.monadexplorer.com",
+        isEvm: true,
+        contracts: {
+          vaultFactory: "0xbE9B9c39956448DA75Ac97E5e3dE17e34171660A",
+          vaultImplementation: "0x500853DCc54Fd1A707ec9d443032Bb7748f426d3",
+          wormholeCoreBridge: "0xBB73cB66C26740F31d1FabDC6b7A46a038A300dd",
+          tokenBridge: "0x0000000000000000000000000000000000000000"
+        }
+      },
+      avalancheFuji: {
+        name: "Avalanche Fuji",
+        chainId: 43113,
+        wormholeChainId: 6,
+        rpcUrl: "https://api.avax-test.network/ext/bc/C/rpc",
+        explorerUrl: "https://testnet.snowtrace.io",
+        isEvm: true,
+        contracts: {
+          vaultFactory: "0x50F2c37584823A6cc293bd0d7647D558d05CA4C1",
+          vaultImplementation: "0x53d4D3943d0E524836f0B1955AbB216449F538fF",
+          wormholeCoreBridge: "0x7bbcE28e64B3F8b84d876Ab298393c38ad7aac4C",
+          tokenBridge: "0x61E44E506Ca5659E6c0bba9b678586fA2d729756"
+        }
+      },
+      polygonAmoy: {
+        name: "Polygon Amoy",
+        chainId: 80002,
+        wormholeChainId: 10007,
+        rpcUrl: "https://rpc-amoy.polygon.technology",
+        explorerUrl: "https://amoy.polygonscan.com",
         isEvm: true,
         contracts: {
           vaultFactory: "0x07F608AFf6d63b68029488b726d895c4Bb593038",
           vaultImplementation: "0xD66153fccFB6731fB6c4944FbD607ba86A76a1f6",
-          wormholeCoreBridge: "0x0000000000000000000000000000000000000000"
-          // Mock - not yet deployed
+          wormholeCoreBridge: "0x6b9C8671cdDC8dEab9c719bB87cBd3e782bA6a35",
+          tokenBridge: "0xC7A204bDBFe983FCD8d8E61D02b475D4073fF97e"
         }
       },
       solanaDevnet: {
@@ -274,26 +301,21 @@ var init_constants = __esm({
         explorerUrl: "https://suiscan.xyz/testnet",
         isEvm: false,
         contracts: {
-          hub: "0x7f6b9a3f9dba7ac6b20d180a9274f525c23a2a9f7e5445218c595c3696c55667",
+          hub: "0x1f8f9b79561525275c2de4579a1e5243cfe789656ec666485b7737f4784c1bfc",
           wormholeCoreBridge: "0x31358d198147da50db32eda2562951d53973a0c0ad5ed738e9b17d88b213d790"
         }
       },
       starknetSepolia: {
         name: "Starknet Sepolia",
         chainId: 0,
-        // Native Starknet chain ID (SN_SEPOLIA = 0x534e5f5345504f4c4941)
         wormholeChainId: 50001,
-        // Custom chain ID (50000+ reserved for non-Wormhole chains)
-        rpcUrl: "https://starknet-sepolia.g.alchemy.com/starknet/version/rpc/v0_7/tsOnfTBZDKMXcUA26OED-",
+        rpcUrl: "https://starknet-sepolia-rpc.publicnode.com",
         explorerUrl: "https://sepolia.starkscan.co",
         isEvm: false,
         contracts: {
-          // Starknet spoke contract
-          hub: "0x46139177b8a1d7187cf35fbcddca637882a1d6f50d91f048c59d1322eee9ede",
-          // Custom bridge contract (NOT Wormhole)
-          wormholeCoreBridge: "0x700488242f8f03248b2311edddc394f0408a18c36181446eabd265067809c83"
+          hub: "0x1c87ca930ad46a5fef167f2d03d6df5b1dd6cdb841955c059edabb0566ff2d6",
+          wormholeCoreBridge: "0x30280c19d413eef7515c479186f206498c7f5077e30cb7277ce753d35adab00"
         },
-        // Hub chain ID that Starknet bridge validates (Base Sepolia = 10004)
         hubChainId: 10004
       }
     };
@@ -580,6 +602,65 @@ var init_utils = __esm({
   }
 });
 
+// src/core/relayerUrl.ts
+function trimTrailingSlashes(value) {
+  return value.trim().replace(/\/+$/, "");
+}
+function normalizeRelayerOrigin(value) {
+  const trimmed = trimTrailingSlashes(value);
+  if (!trimmed) {
+    return "";
+  }
+  if (trimmed.startsWith("/")) {
+    return trimmed.replace(/\/api\/v1$/i, "");
+  }
+  try {
+    const url = new URL(trimmed);
+    url.pathname = url.pathname.replace(/\/api\/v1$/i, "").replace(/\/+$/, "");
+    return url.toString().replace(/\/+$/, "");
+  } catch {
+    return trimmed.replace(/\/api\/v1$/i, "");
+  }
+}
+function buildRelayerApiUrl(baseUrl, path) {
+  const normalizedPath = path.startsWith("/") ? path : `/${path}`;
+  const trimmed = trimTrailingSlashes(baseUrl);
+  if (!trimmed) {
+    return `${API_ROOT}${normalizedPath}`;
+  }
+  if (trimmed.startsWith("/")) {
+    if (/\/api\/v1$/i.test(trimmed) || /\/api\/auth\/relay$/i.test(trimmed)) {
+      return `${trimmed}${normalizedPath}`;
+    }
+    return `${trimmed}${normalizedPath}`;
+  }
+  try {
+    const url = new URL(trimmed);
+    if (/\/api\/v1$/i.test(url.pathname) || /\/api\/auth\/relay$/i.test(url.pathname)) {
+      url.pathname = `${url.pathname.replace(/\/+$/, "")}${normalizedPath}`;
+      return url.toString();
+    }
+    if (!url.pathname || url.pathname === "/") {
+      url.pathname = `${API_ROOT}${normalizedPath}`;
+      return url.toString();
+    }
+    url.pathname = `${url.pathname.replace(/\/+$/, "")}${normalizedPath}`;
+    return url.toString();
+  } catch {
+    if (/\/api\/v1$/i.test(trimmed) || /\/api\/auth\/relay$/i.test(trimmed)) {
+      return `${trimmed}${normalizedPath}`;
+    }
+    return `${trimmed}${API_ROOT}${normalizedPath}`;
+  }
+}
+var API_ROOT;
+var init_relayerUrl = __esm({
+  "src/core/relayerUrl.ts"() {
+    "use strict";
+    API_ROOT = "/api/v1";
+  }
+});
+
 // src/core/PasskeyManager.ts
 function detectRpId(forceLocal) {
   if (typeof window === "undefined") return "localhost";
@@ -618,6 +699,7 @@ var init_PasskeyManager = __esm({
     import_browser = require("@simplewebauthn/browser");
     import_ethers2 = require("ethers");
     init_utils();
+    init_relayerUrl();
     VERIDEX_RP_ID = "veridex.network";
     PasskeyManager = class _PasskeyManager {
       config;
@@ -629,7 +711,7 @@ var init_PasskeyManager = __esm({
           timeout: config.timeout ?? 6e4,
           userVerification: config.userVerification ?? "required",
           authenticatorAttachment: config.authenticatorAttachment ?? "platform",
-          relayerUrl: config.relayerUrl ?? ""
+          relayerUrl: normalizeRelayerOrigin(config.relayerUrl ?? "")
         };
       }
       static isSupported() {
@@ -900,7 +982,7 @@ var init_PasskeyManager = __esm({
           return false;
         }
         try {
-          const response = await fetch(`${this.config.relayerUrl}/api/v1/credential`, {
+          const response = await fetch(buildRelayerApiUrl(this.config.relayerUrl, "/credential"), {
             method: "POST",
             headers: { "Content-Type": "application/json" },
             body: JSON.stringify({
@@ -932,7 +1014,7 @@ var init_PasskeyManager = __esm({
         }
         try {
           const response = await fetch(
-            `${this.config.relayerUrl}/api/v1/credential/by-id/${encodeURIComponent(credentialId)}`
+            buildRelayerApiUrl(this.config.relayerUrl, `/credential/by-id/${encodeURIComponent(credentialId)}`)
           );
           if (!response.ok) {
             return null;
@@ -971,7 +1053,7 @@ var init_PasskeyManager = __esm({
         }
         try {
           const response = await fetch(
-            `${this.config.relayerUrl}/api/v1/credential/${encodeURIComponent(keyHash)}`
+            buildRelayerApiUrl(this.config.relayerUrl, `/credential/${encodeURIComponent(keyHash)}`)
           );
           if (!response.ok) {
             return null;
@@ -2228,6 +2310,15 @@ var init_featureFlags = __esm({
 });
 
 // src/presets.ts
+function configureDefaultRpcUrls(overrides) {
+  for (const key of Object.keys(_rpcOverrides)) {
+    delete _rpcOverrides[key];
+  }
+  Object.assign(_rpcOverrides, overrides);
+}
+function getRpcUrlOverride(chain, network) {
+  return _rpcOverrides[chain]?.[network];
+}
 function getChainConfig(chain, network = "testnet") {
   const preset = CHAIN_PRESETS[chain];
   if (!preset) {
@@ -2235,7 +2326,12 @@ function getChainConfig(chain, network = "testnet") {
       `Unknown chain: "${chain}". Supported chains: ${Object.keys(CHAIN_PRESETS).join(", ")}`
     );
   }
-  return preset[network];
+  const config = preset[network];
+  const rpcOverride = getRpcUrlOverride(chain, network);
+  if (rpcOverride) {
+    return { ...config, rpcUrl: rpcOverride };
+  }
+  return config;
 }
 function getChainPreset(chain) {
   const preset = CHAIN_PRESETS[chain];
@@ -2270,7 +2366,7 @@ function getDefaultHub(network = "testnet") {
   const primary = getEffectivePrimaryHub();
   return CHAIN_PRESETS[primary][network];
 }
-var CHAIN_NAMES, CHAIN_PRESETS;
+var CHAIN_NAMES, CHAIN_PRESETS, _rpcOverrides;
 var init_presets = __esm({
   "src/presets.ts"() {
     "use strict";
@@ -2930,7 +3026,7 @@ var init_presets = __esm({
           chainId: 0,
           wormholeChainId: 50001,
           // Custom bridge (non-Wormhole)
-          rpcUrl: "https://starknet-sepolia.g.alchemy.com/starknet/version/rpc/v0_7/tsOnfTBZDKMXcUA26OED-",
+          rpcUrl: "https://starknet-sepolia-rpc.publicnode.com",
           explorerUrl: "https://sepolia.starkscan.co",
           isEvm: false,
           contracts: {
@@ -3029,6 +3125,7 @@ var init_presets = __esm({
         }
       }
     };
+    _rpcOverrides = {};
   }
 });
 
@@ -4143,6 +4240,7 @@ __export(src_exports, {
   calculatePercentage: () => calculatePercentage,
   computeKeyHash: () => computeKeyHash,
   computeSessionKeyHash: () => computeSessionKeyHash,
+  configureDefaultRpcUrls: () => configureDefaultRpcUrls,
   createAuditEntry: () => createAuditEntry,
   createChainClient: () => createChainClient,
   createChainDetector: () => createChainDetector,
@@ -4213,6 +4311,7 @@ __export(src_exports, {
   getExplorerUrl: () => getExplorerUrl,
   getFeatureFlags: () => getFeatureFlags,
   getHubChains: () => getHubChains,
+  getRpcUrlOverride: () => getRpcUrlOverride,
   getSequenceFromTxReceipt: () => getSequenceFromTxReceipt,
   getStacksContractPrincipal: () => getContractPrincipal,
   getStacksExplorerAddressUrl: () => getStacksExplorerAddressUrl,
@@ -5507,6 +5606,7 @@ var CrossChainManager = class {
 var crossChainManager = new CrossChainManager();
 
 // src/core/RelayerClient.ts
+init_relayerUrl();
 var DEFAULT_CONFIG2 = {
   apiKey: "",
   timeoutMs: 3e4,
@@ -5516,7 +5616,7 @@ var RelayerClient = class _RelayerClient {
   baseUrl;
   config;
   constructor(config) {
-    this.baseUrl = config.baseUrl.replace(/\/+$/, "");
+    this.baseUrl = normalizeRelayerOrigin(config.baseUrl);
     this.config = { ...DEFAULT_CONFIG2, ...config };
   }
   // ========================================================================
@@ -5783,6 +5883,7 @@ var RelayerClient = class _RelayerClient {
    * Make an HTTP request to the relayer
    */
   async fetch(path, options = {}) {
+    const resolvedUrl = path.startsWith("/api/v1/") ? buildRelayerApiUrl(this.baseUrl, path.replace(/^\/api\/v1/, "")) : `${this.baseUrl}${path}`;
     const headers = {
       "Content-Type": "application/json",
       "User-Agent": `@veridex/sdk/${_RelayerClient.SDK_VERSION}`,
@@ -5796,7 +5897,7 @@ var RelayerClient = class _RelayerClient {
     let lastError = null;
     for (let attempt = 0; attempt <= this.config.maxRetries; attempt++) {
       try {
-        const response = await fetch(`${this.baseUrl}${path}`, {
+        const response = await fetch(resolvedUrl, {
           ...options,
           headers,
           signal: controller.signal
@@ -7090,7 +7191,7 @@ var SuiClient = class {
    * @param registryObjectId - Shared VaultRegistry object ID
    * @returns Vault object ID or null if not found
    */
-  async getVaultId(ownerKeyHash, registryObjectId) {
+  async getVaultId(_ownerKeyHash, registryObjectId) {
     try {
       const registryObject = await this.client.getObject({
         id: registryObjectId,
@@ -7167,7 +7268,7 @@ var SuiClient = class {
    * @param processedVaasObjectId - ProcessedVAAs shared object ID
    * @returns Whether the VAA has been processed
    */
-  async isVaaProcessed(vaaHash, processedVaasObjectId) {
+  async isVaaProcessed(_vaaHash, processedVaasObjectId) {
     try {
       const processedObject = await this.client.getObject({
         id: processedVaasObjectId,
@@ -7211,7 +7312,6 @@ var SuiClient = class {
 var import_crypto3 = require("crypto");
 var import_starknet = require("starknet");
 init_payload();
-var FELT252_MAX = BigInt("0x0800000000000000000000000000000000000000000000000000000000000000") - 1n;
 var U128_MAX = BigInt("0x100000000000000000000000000000000");
 function toStarknetU256(keyHash) {
   const cleanHash = keyHash.replace("0x", "").padStart(64, "0");
@@ -7454,7 +7554,7 @@ var StarknetClient = class {
    * @param sessionKeyHash - Hash of session key to validate
    * @returns Session validation result with expiry and limits
    */
-  async isSessionActive(userKeyHash, sessionKeyHash) {
+  async isSessionActive(_userKeyHash, _sessionKeyHash) {
     if (!this.hubRpcUrl || !this.hubContractAddress) {
       throw new Error(
         "Hub configuration required for session validation. Provide hubRpcUrl and hubContractAddress in StarknetClientConfig."
@@ -7546,17 +7646,6 @@ var StarknetClient = class {
     const hash = (0, import_crypto3.createHash)("sha256").update(combined).digest("hex");
     return "0x" + hash;
   }
-  buildMessageHash(keyHash, targetChain, actionPayload, nonce) {
-    const keyHashBuffer = Buffer.from(keyHash.replace(/^0x/, ""), "hex");
-    const targetChainBuffer = Buffer.alloc(2);
-    targetChainBuffer.writeUInt16BE(targetChain);
-    const payloadBuffer = Buffer.from(actionPayload.replace(/^0x/, ""), "hex");
-    const nonceHex = nonce.toString(16).padStart(64, "0");
-    const nonceBuffer = Buffer.from(nonceHex, "hex");
-    const combined = Buffer.concat([keyHashBuffer, targetChainBuffer, payloadBuffer, nonceBuffer]);
-    const hash = (0, import_crypto3.createHash)("sha256").update(combined).digest("hex");
-    return "0x" + hash;
-  }
   // ============================================================================
   // Social Recovery Methods (Issue #23)
   // ============================================================================
@@ -15381,13 +15470,14 @@ function inferBackupEligibility(platform) {
 }
 
 // src/core/CredentialManager.ts
+init_relayerUrl();
 var DEFAULT_STORAGE_KEY = "veridex_credential_metadata";
 var CredentialManager = class {
   config;
   constructor(config = {}) {
     this.config = {
       storageKey: config.storageKey ?? DEFAULT_STORAGE_KEY,
-      relayerUrl: config.relayerUrl ?? ""
+      relayerUrl: normalizeRelayerOrigin(config.relayerUrl ?? "")
     };
   }
   // ========================================================================
@@ -15535,7 +15625,7 @@ var CredentialManager = class {
     const managed = this.getCredential(credentialId);
     if (!managed) return false;
     try {
-      const response = await fetch(`${this.config.relayerUrl}/api/v1/credential/metadata`, {
+      const response = await fetch(buildRelayerApiUrl(this.config.relayerUrl, "/credential/metadata"), {
         method: "PUT",
         headers: { "Content-Type": "application/json" },
         body: JSON.stringify({
@@ -15561,7 +15651,10 @@ var CredentialManager = class {
     if (!this.config.relayerUrl) return null;
     try {
       const response = await fetch(
-        `${this.config.relayerUrl}/api/v1/credential/metadata?keyHash=${encodeURIComponent(keyHash)}`
+        buildRelayerApiUrl(
+          this.config.relayerUrl,
+          `/credential/metadata?keyHash=${encodeURIComponent(keyHash)}`
+        )
       );
       if (!response.ok) return null;
       const data = await response.json();
@@ -15683,9 +15776,10 @@ var CredentialManager = class {
 
 // src/core/CrossOriginAuth.ts
 init_PasskeyManager();
+init_relayerUrl();
 init_PasskeyManager();
 var DEFAULT_AUTH_PORTAL_URL = "https://auth.veridex.network";
-var DEFAULT_RELAYER_URL = "https://amused-kameko-veridex-demo-37453117.koyeb.app/api/v1";
+var DEFAULT_RELAYER_URL = "https://relayer.veridex.network";
 var AUTH_MESSAGE_TYPES = {
   AUTH_REQUEST: "VERIDEX_AUTH_REQUEST",
   AUTH_RESPONSE: "VERIDEX_AUTH_RESPONSE",
@@ -15697,7 +15791,7 @@ var CrossOriginAuth = class {
     this.config = {
       rpId: config.rpId ?? VERIDEX_RP_ID,
       authPortalUrl: config.authPortalUrl ?? DEFAULT_AUTH_PORTAL_URL,
-      relayerUrl: config.relayerUrl ?? DEFAULT_RELAYER_URL,
+      relayerUrl: normalizeRelayerOrigin(config.relayerUrl ?? DEFAULT_RELAYER_URL),
       mode: config.mode ?? "popup",
       popupFeatures: config.popupFeatures ?? "width=500,height=600,left=100,top=100",
       timeout: config.timeout ?? 12e4,
@@ -15793,6 +15887,15 @@ var CrossOriginAuth = class {
       if (options?.sessionChallenge) {
         authUrl.searchParams.set("challenge", options.sessionChallenge);
       }
+      if (options?.register) {
+        authUrl.searchParams.set("register", "true");
+      }
+      if (options?.username) {
+        authUrl.searchParams.set("username", options.username);
+      }
+      if (options?.displayName) {
+        authUrl.searchParams.set("display_name", options.displayName);
+      }
       const popup = window.open(
         authUrl.toString(),
         "veridex-auth",
@@ -15846,6 +15949,15 @@ var CrossOriginAuth = class {
     if (options?.sessionChallenge) {
       authUrl.searchParams.set("challenge", options.sessionChallenge);
     }
+    if (options?.register) {
+      authUrl.searchParams.set("register", "true");
+    }
+    if (options?.username) {
+      authUrl.searchParams.set("username", options.username);
+    }
+    if (options?.displayName) {
+      authUrl.searchParams.set("display_name", options.displayName);
+    }
     window.location.href = authUrl.toString();
     return new Promise(() => {
     });
@@ -15896,7 +16008,8 @@ var CrossOriginAuth = class {
     return bytes;
   }
   async requestServerSessionChallenge(options) {
-    const response = await fetch(`${this.config.relayerUrl}/session/challenge`, {
+    const challengeUrl = buildRelayerApiUrl(this.config.relayerUrl, "/session/challenge");
+    const response = await fetch(challengeUrl, {
       method: "POST",
       headers: { "Content-Type": "application/json" },
       body: JSON.stringify({
@@ -15942,7 +16055,7 @@ var CrossOriginAuth = class {
     if (!session.serverChallengeId) {
       throw new Error("Session must include a relayer-issued serverChallengeId");
     }
-    const response = await fetch(`${this.config.relayerUrl}/session/create`, {
+    const response = await fetch(buildRelayerApiUrl(this.config.relayerUrl, "/session/create"), {
       method: "POST",
       headers: { "Content-Type": "application/json" },
       body: JSON.stringify({
@@ -15965,7 +16078,9 @@ var CrossOriginAuth = class {
    * Returns the session details if valid, null if expired/revoked.
    */
   async validateServerSession(sessionId) {
-    const response = await fetch(`${this.config.relayerUrl}/session/${encodeURIComponent(sessionId)}`);
+    const response = await fetch(
+      buildRelayerApiUrl(this.config.relayerUrl, `/session/${encodeURIComponent(sessionId)}`)
+    );
     if (!response.ok) {
       return null;
     }
@@ -15979,9 +16094,12 @@ var CrossOriginAuth = class {
    * Revoke a server session token.
    */
   async revokeServerSession(sessionId) {
-    const response = await fetch(`${this.config.relayerUrl}/session/${encodeURIComponent(sessionId)}`, {
-      method: "DELETE"
-    });
+    const response = await fetch(
+      buildRelayerApiUrl(this.config.relayerUrl, `/session/${encodeURIComponent(sessionId)}`),
+      {
+        method: "DELETE"
+      }
+    );
     return response.ok;
   }
   /**
@@ -16541,39 +16659,44 @@ var IndexedDBSessionStorage = class {
       );
     }
   }
+  async decryptSession(stored) {
+    const key = await this.getEncryptionKey();
+    const encryptedPrivateKey = new Uint8Array(stored.encryptedPrivateKey);
+    const privateKey = await decrypt(encryptedPrivateKey, key);
+    return {
+      keyHash: stored.keyHash,
+      publicKey: new Uint8Array(stored.publicKey),
+      privateKey,
+      expiry: stored.expiry,
+      maxValue: BigInt(stored.maxValue),
+      chainScopes: stored.chainScopes ?? [],
+      userKeyHash: stored.userKeyHash
+    };
+  }
+  async pruneExpiredSessions(records) {
+    const now = Date.now();
+    const validRecords = records.filter((record) => record.expiry > now);
+    const expiredRecords = records.filter((record) => record.expiry <= now);
+    if (expiredRecords.length > 0) {
+      await Promise.all(expiredRecords.map((record) => this.remove(record.keyHash)));
+    }
+    return validRecords.sort((left, right) => right.savedAt - left.savedAt);
+  }
   /**
-   * Load the active session (decrypts private key)
+   * Load a session (decrypts private key)
    */
-  async load() {
+  async load(keyHash) {
     try {
       await this.initialize();
       if (!this.db) {
         throw new Error("Database not initialized");
       }
-      const allSessions = await this.getAllSessions();
-      if (allSessions.length === 0) {
-        return null;
-      }
-      const now = Date.now();
-      const validSessions = allSessions.filter((s) => s.expiry > now).sort((a, b) => b.savedAt - a.savedAt);
+      const sessions = keyHash ? await this.getSessionByKeyHash(keyHash) : await this.getAllSessions();
+      const validSessions = await this.pruneExpiredSessions(sessions);
       if (validSessions.length === 0) {
-        await this.clear();
         return null;
       }
-      const stored = validSessions[0];
-      const key = await this.getEncryptionKey();
-      const encryptedPrivateKey = new Uint8Array(stored.encryptedPrivateKey);
-      const privateKey = await decrypt(encryptedPrivateKey, key);
-      const session = {
-        keyHash: stored.keyHash,
-        publicKey: new Uint8Array(stored.publicKey),
-        privateKey,
-        expiry: stored.expiry,
-        maxValue: BigInt(stored.maxValue),
-        chainScopes: stored.chainScopes,
-        userKeyHash: stored.userKeyHash
-      };
-      return session;
+      return this.decryptSession(validSessions[0]);
     } catch (error) {
       if (error instanceof SessionError) {
         throw error;
@@ -16606,6 +16729,75 @@ var IndexedDBSessionStorage = class {
       };
     });
   }
+  async getSessionByKeyHash(keyHash) {
+    if (!this.db) {
+      return [];
+    }
+    return new Promise((resolve, reject) => {
+      const transaction = this.db.transaction([STORE_NAME], "readonly");
+      const store = transaction.objectStore(STORE_NAME);
+      const request = store.get(keyHash);
+      request.onsuccess = () => {
+        resolve(request.result ? [request.result] : []);
+      };
+      request.onerror = () => {
+        reject(new SessionError(
+          "Failed to get session",
+          "STORAGE_ERROR" /* STORAGE_ERROR */,
+          request.error
+        ));
+      };
+    });
+  }
+  async loadAll() {
+    try {
+      await this.initialize();
+      if (!this.db) {
+        return [];
+      }
+      const records = await this.pruneExpiredSessions(await this.getAllSessions());
+      return Promise.all(records.map((record) => this.decryptSession(record)));
+    } catch (error) {
+      if (error instanceof SessionError) {
+        throw error;
+      }
+      throw new SessionError(
+        "Failed to load sessions",
+        "STORAGE_ERROR" /* STORAGE_ERROR */,
+        error
+      );
+    }
+  }
+  async remove(keyHash) {
+    try {
+      await this.initialize();
+      if (!this.db) {
+        return;
+      }
+      return new Promise((resolve, reject) => {
+        const transaction = this.db.transaction([STORE_NAME], "readwrite");
+        const store = transaction.objectStore(STORE_NAME);
+        const request = store.delete(keyHash);
+        request.onsuccess = () => resolve();
+        request.onerror = () => {
+          reject(new SessionError(
+            "Failed to remove session",
+            "STORAGE_ERROR" /* STORAGE_ERROR */,
+            request.error
+          ));
+        };
+      });
+    } catch (error) {
+      if (error instanceof SessionError) {
+        throw error;
+      }
+      throw new SessionError(
+        "Failed to remove session",
+        "STORAGE_ERROR" /* STORAGE_ERROR */,
+        error
+      );
+    }
+  }
   /**
    * Clear all sessions
    */
@@ -16642,14 +16834,9 @@ var IndexedDBSessionStorage = class {
   /**
    * Check if any session exists
    */
-  async exists() {
+  async exists(keyHash) {
     try {
-      await this.initialize();
-      if (!this.db) {
-        return false;
-      }
-      const sessions = await this.getAllSessions();
-      return sessions.length > 0;
+      return await this.load(keyHash) !== null;
     } catch {
       return false;
     }
@@ -16668,7 +16855,8 @@ var STORAGE_KEY_PREFIX = "veridex-session-";
 var LocalStorageSessionStorage = class {
   encryptionKey = null;
   credentialId;
-  storageKey;
+  credentialHash;
+  legacyStorageKey;
   /**
    * @param credentialId User's Passkey credential ID (for key derivation)
    */
@@ -16680,7 +16868,60 @@ var LocalStorageSessionStorage = class {
       );
     }
     this.credentialId = credentialId;
-    this.storageKey = STORAGE_KEY_PREFIX + import_ethers20.ethers.keccak256(import_ethers20.ethers.toUtf8Bytes(credentialId));
+    this.credentialHash = import_ethers20.ethers.keccak256(import_ethers20.ethers.toUtf8Bytes(credentialId));
+    this.legacyStorageKey = STORAGE_KEY_PREFIX + this.credentialHash;
+  }
+  getSessionStorageKey(keyHash) {
+    return `${STORAGE_KEY_PREFIX}${this.credentialHash}:${keyHash}`;
+  }
+  getSessionStoragePrefix() {
+    return `${STORAGE_KEY_PREFIX}${this.credentialHash}:`;
+  }
+  async deserializeSession(stored) {
+    const key = await this.getEncryptionKey();
+    const encryptedPrivateKey = typeof stored.encryptedPrivateKey === "string" ? import_ethers20.ethers.getBytes(stored.encryptedPrivateKey) : new Uint8Array(stored.encryptedPrivateKey);
+    const privateKey = await decrypt(encryptedPrivateKey, key);
+    return {
+      keyHash: stored.keyHash,
+      publicKey: typeof stored.publicKey === "string" ? import_ethers20.ethers.getBytes(stored.publicKey) : new Uint8Array(stored.publicKey),
+      privateKey,
+      expiry: stored.expiry,
+      maxValue: BigInt(stored.maxValue),
+      chainScopes: stored.chainScopes ?? [],
+      userKeyHash: stored.userKeyHash
+    };
+  }
+  getRawRecords() {
+    const records = [];
+    const prefix = this.getSessionStoragePrefix();
+    for (let index = 0; index < localStorage.length; index++) {
+      const key = localStorage.key(index);
+      if (!key || !key.startsWith(prefix)) {
+        continue;
+      }
+      const value = localStorage.getItem(key);
+      if (!value) {
+        continue;
+      }
+      records.push(JSON.parse(value));
+    }
+    const legacyValue = localStorage.getItem(this.legacyStorageKey);
+    if (legacyValue) {
+      records.push(JSON.parse(legacyValue));
+    }
+    return records;
+  }
+  async getValidRecords() {
+    const now = Date.now();
+    const validRecords = [];
+    for (const record of this.getRawRecords()) {
+      if (record.expiry <= now) {
+        await this.remove(record.keyHash);
+        continue;
+      }
+      validRecords.push(record);
+    }
+    return validRecords.sort((left, right) => right.savedAt - left.savedAt);
   }
   /**
    * Get or derive encryption key
@@ -16709,7 +16950,7 @@ var LocalStorageSessionStorage = class {
         userKeyHash: session.userKeyHash,
         savedAt: Date.now()
       };
-      localStorage.setItem(this.storageKey, JSON.stringify(storageObject));
+      localStorage.setItem(this.getSessionStorageKey(session.keyHash), JSON.stringify(storageObject));
     } catch (error) {
       if (error instanceof SessionError) {
         throw error;
@@ -16722,32 +16963,15 @@ var LocalStorageSessionStorage = class {
     }
   }
   /**
-   * Load the active session (decrypts private key)
+   * Load a session (decrypts private key)
    */
-  async load() {
+  async load(keyHash) {
     try {
-      const data = localStorage.getItem(this.storageKey);
-      if (!data) {
+      const records = keyHash ? (await this.getValidRecords()).filter((record) => record.keyHash === keyHash) : await this.getValidRecords();
+      if (records.length === 0) {
         return null;
       }
-      const stored = JSON.parse(data);
-      if (stored.expiry <= Date.now()) {
-        await this.clear();
-        return null;
-      }
-      const key = await this.getEncryptionKey();
-      const encryptedPrivateKey = import_ethers20.ethers.getBytes(stored.encryptedPrivateKey);
-      const privateKey = await decrypt(encryptedPrivateKey, key);
-      const session = {
-        keyHash: stored.keyHash,
-        publicKey: import_ethers20.ethers.getBytes(stored.publicKey),
-        privateKey,
-        expiry: stored.expiry,
-        maxValue: BigInt(stored.maxValue),
-        chainScopes: stored.chainScopes,
-        userKeyHash: stored.userKeyHash
-      };
-      return session;
+      return this.deserializeSession(records[0]);
     } catch (error) {
       await this.clear();
       if (error instanceof SessionError) {
@@ -16760,12 +16984,55 @@ var LocalStorageSessionStorage = class {
       );
     }
   }
+  async loadAll() {
+    try {
+      const records = await this.getValidRecords();
+      return Promise.all(records.map((record) => this.deserializeSession(record)));
+    } catch (error) {
+      await this.clear();
+      if (error instanceof SessionError) {
+        throw error;
+      }
+      throw new SessionError(
+        "Failed to load sessions",
+        "STORAGE_ERROR" /* STORAGE_ERROR */,
+        error
+      );
+    }
+  }
+  async remove(keyHash) {
+    try {
+      localStorage.removeItem(this.getSessionStorageKey(keyHash));
+      const legacyValue = localStorage.getItem(this.legacyStorageKey);
+      if (legacyValue) {
+        const legacyRecord = JSON.parse(legacyValue);
+        if (legacyRecord.keyHash === keyHash) {
+          localStorage.removeItem(this.legacyStorageKey);
+        }
+      }
+    } catch (error) {
+      throw new SessionError(
+        "Failed to remove session",
+        "STORAGE_ERROR" /* STORAGE_ERROR */,
+        error
+      );
+    }
+  }
   /**
    * Clear all sessions
    */
   async clear() {
     try {
-      localStorage.removeItem(this.storageKey);
+      const keysToRemove = [];
+      const prefix = this.getSessionStoragePrefix();
+      for (let index = 0; index < localStorage.length; index++) {
+        const key = localStorage.key(index);
+        if (key && key.startsWith(prefix)) {
+          keysToRemove.push(key);
+        }
+      }
+      keysToRemove.forEach((key) => localStorage.removeItem(key));
+      localStorage.removeItem(this.legacyStorageKey);
     } catch (error) {
       throw new SessionError(
         "Failed to clear sessions",
@@ -16777,9 +17044,9 @@ var LocalStorageSessionStorage = class {
   /**
    * Check if any session exists
    */
-  async exists() {
+  async exists(keyHash) {
     try {
-      return localStorage.getItem(this.storageKey) !== null;
+      return await this.load(keyHash) !== null;
     } catch {
       return false;
     }
@@ -16844,6 +17111,14 @@ var SessionManager = class {
   refreshTimer = null;
   eventCallbacks = [];
   debug;
+  resolveConfig(configOverride) {
+    const resolvedConfig = {
+      ...this.config,
+      ...configOverride
+    };
+    validateSessionConfig(resolvedConfig);
+    return resolvedConfig;
+  }
   // ========================================================================
   // Session Lifecycle
   // ========================================================================
@@ -16860,15 +17135,16 @@ var SessionManager = class {
    * @returns Created session key
    * @throws SessionError if registration fails
    */
-  async createSession() {
+  async createSession(configOverride) {
     try {
       this.log("Creating new session...");
+      const sessionConfig = this.resolveConfig(configOverride);
       const keyPair = generateSecp256k1KeyPair();
       const keyHash = computeSessionKeyHash(keyPair.publicKey);
       this.log("Generated session key:", keyHash);
       const challenge = import_ethers21.ethers.solidityPacked(
         ["string", "bytes32", "uint256", "uint256"],
-        ["registerSession", keyHash, this.config.duration, this.config.maxValue]
+        ["registerSession", keyHash, sessionConfig.duration, sessionConfig.maxValue]
       );
       this.log("Challenge prepared, requesting Passkey signature...");
       const signature = await this.passkeySign(import_ethers21.ethers.getBytes(challenge));
@@ -16878,20 +17154,20 @@ var SessionManager = class {
         publicKeyX: this.credential.publicKeyX,
         publicKeyY: this.credential.publicKeyY,
         sessionKeyHash: keyHash,
-        duration: this.config.duration,
-        maxValue: this.config.maxValue,
+        duration: sessionConfig.duration,
+        maxValue: sessionConfig.maxValue,
         requireUV: true
       };
       await this.hubClient.registerSession(registerParams);
       this.log("Session registered on Hub");
-      const expiry = Date.now() + this.config.duration * 1e3;
+      const expiry = Date.now() + sessionConfig.duration * 1e3;
       this.currentSession = {
         publicKey: keyPair.publicKey,
         privateKey: keyPair.privateKey,
         keyHash,
         expiry,
-        maxValue: this.config.maxValue,
-        chainScopes: this.config.chainScopes,
+        maxValue: sessionConfig.maxValue,
+        chainScopes: sessionConfig.chainScopes,
         userKeyHash: this.credential.keyHash
       };
       await this.storage.save(this.currentSession);
@@ -16916,12 +17192,15 @@ var SessionManager = class {
    * 
    * @returns Loaded session or null if no valid session exists
    */
-  async loadSession() {
+  async loadSession(keyHash) {
     try {
-      this.log("Loading session from storage...");
-      const session = await this.storage.load();
+      this.log("Loading session from storage...", keyHash ?? "latest");
+      const session = await this.storage.load(keyHash);
       if (!session) {
         this.log("No session found in storage");
+        if (!keyHash) {
+          this.currentSession = null;
+        }
         return null;
       }
       if (session.expiry <= Date.now()) {
@@ -16938,27 +17217,43 @@ var SessionManager = class {
       return session;
     } catch (error) {
       this.log("Failed to load session:", error);
-      await this.storage.clear();
+      if (!keyHash) {
+        await this.storage.clear();
+      }
       return null;
     }
   }
+  async listSessions() {
+    return this.storage.loadAll();
+  }
+  async selectSession(keyHash) {
+    const session = await this.loadSession(keyHash);
+    if (!session) {
+      throw new SessionError(
+        `Session ${keyHash} not found`,
+        "SESSION_NOT_FOUND" /* SESSION_NOT_FOUND */
+      );
+    }
+    return session;
+  }
   /**
    * Revoke the current session (requires biometric authentication)
    * 
    * @throws SessionError if no active session or revocation fails
    */
-  async revokeSession() {
-    if (!this.currentSession) {
+  async revokeSession(keyHash) {
+    const targetSession = keyHash ? await this.storage.load(keyHash) : this.currentSession;
+    if (!targetSession) {
       throw new SessionError(
-        "No active session to revoke",
-        "NO_ACTIVE_SESSION" /* NO_ACTIVE_SESSION */
+        keyHash ? `Session ${keyHash} not found` : "No active session to revoke",
+        keyHash ? "SESSION_NOT_FOUND" /* SESSION_NOT_FOUND */ : "NO_ACTIVE_SESSION" /* NO_ACTIVE_SESSION */
       );
     }
     try {
-      this.log("Revoking session:", this.currentSession.keyHash);
+      this.log("Revoking session:", targetSession.keyHash);
       const challenge = import_ethers21.ethers.solidityPacked(
         ["string", "bytes32"],
-        ["revokeSession", this.currentSession.keyHash]
+        ["revokeSession", targetSession.keyHash]
       );
       const signature = await this.passkeySign(import_ethers21.ethers.getBytes(challenge));
       this.log("Passkey signature obtained, revoking on Hub...");
@@ -16966,18 +17261,24 @@ var SessionManager = class {
         signature,
         publicKeyX: this.credential.publicKeyX,
         publicKeyY: this.credential.publicKeyY,
-        sessionKeyHash: this.currentSession.keyHash,
+        sessionKeyHash: targetSession.keyHash,
         requireUV: true
       };
       await this.hubClient.revokeSession(revokeParams);
       this.log("Session revoked on Hub");
-      await this.storage.clear();
-      if (this.refreshTimer) {
-        clearTimeout(this.refreshTimer);
-        this.refreshTimer = null;
+      await this.storage.remove(targetSession.keyHash);
+      const revokedKeyHash = targetSession.keyHash;
+      const revokedCurrentSession = this.currentSession?.keyHash === revokedKeyHash;
+      if (revokedCurrentSession) {
+        if (this.refreshTimer) {
+          clearTimeout(this.refreshTimer);
+          this.refreshTimer = null;
+        }
+        this.currentSession = await this.storage.load();
+        if (this.currentSession && this.config.autoRefresh) {
+          this.scheduleRefresh();
+        }
       }
-      const revokedKeyHash = this.currentSession.keyHash;
-      this.currentSession = null;
       this.emit({ type: "session-revoked", keyHash: revokedKeyHash });
       this.log("Session revoked successfully");
     } catch (error) {
@@ -17055,45 +17356,46 @@ var SessionManager = class {
    * @returns Session signature
    * @throws SessionError if no active session, expired, or value exceeds limit
    */
-  async signWithSession(action) {
-    if (!this.currentSession) {
+  async signWithSession(action, keyHash) {
+    const session = keyHash ? await this.storage.load(keyHash) : this.currentSession;
+    if (!session) {
       throw new SessionError(
-        "No active session available",
-        "NO_ACTIVE_SESSION" /* NO_ACTIVE_SESSION */
+        keyHash ? `Session ${keyHash} not found` : "No active session available",
+        keyHash ? "SESSION_NOT_FOUND" /* SESSION_NOT_FOUND */ : "NO_ACTIVE_SESSION" /* NO_ACTIVE_SESSION */
       );
     }
     const now = Date.now();
-    if (now >= this.currentSession.expiry) {
-      this.emit({ type: "session-expired", keyHash: this.currentSession.keyHash });
+    if (now >= session.expiry) {
+      this.emit({ type: "session-expired", keyHash: session.keyHash });
       throw new SessionError(
         "Session has expired",
         "SESSION_EXPIRED" /* SESSION_EXPIRED */
       );
     }
-    if (this.currentSession.maxValue > 0n && action.value > this.currentSession.maxValue) {
+    if (session.maxValue > 0n && action.value > session.maxValue) {
       throw new SessionError(
-        `Transaction value (${action.value}) exceeds session limit (${this.currentSession.maxValue})`,
+        `Transaction value (${action.value}) exceeds session limit (${session.maxValue})`,
         "VALUE_EXCEEDS_LIMIT" /* VALUE_EXCEEDS_LIMIT */,
-        { value: action.value, limit: this.currentSession.maxValue }
+        { value: action.value, limit: session.maxValue }
       );
     }
-    if (this.currentSession.chainScopes.length > 0 && !this.currentSession.chainScopes.includes(action.targetChain)) {
+    if (session.chainScopes.length > 0 && !session.chainScopes.includes(action.targetChain)) {
       throw new SessionError(
         `Chain ${action.targetChain} not in session scope`,
         "CHAIN_NOT_ALLOWED" /* CHAIN_NOT_ALLOWED */,
-        { chain: action.targetChain, allowedChains: this.currentSession.chainScopes }
+        { chain: action.targetChain, allowedChains: session.chainScopes }
       );
     }
     this.log("Signing action with session key...");
     const messageHash = hashAction(action);
     const { signature } = signWithSessionKey(
-      this.currentSession.privateKey,
+      session.privateKey,
       messageHash
     );
     const sessionSignature = {
       signature,
-      sessionKeyHash: this.currentSession.keyHash,
-      userKeyHash: this.currentSession.userKeyHash,
+      sessionKeyHash: session.keyHash,
+      userKeyHash: session.userKeyHash,
       timestamp: now,
       nonce: action.nonce
     };
@@ -17106,8 +17408,8 @@ var SessionManager = class {
    * @param action Action parameters
    * @returns Session-signed action ready for submission
    */
-  async signAction(action) {
-    const signature = await this.signWithSession(action);
+  async signAction(action, keyHash) {
+    const signature = await this.signWithSession(action, keyHash);
     return {
       action,
       signature,
@@ -18091,6 +18393,7 @@ var VALIDATION_REGISTRY_ABI = [
   calculatePercentage,
   computeKeyHash,
   computeSessionKeyHash,
+  configureDefaultRpcUrls,
   createAuditEntry,
   createChainClient,
   createChainDetector,
@@ -18160,6 +18463,7 @@ var VALIDATION_REGISTRY_ABI = [
   getExplorerUrl,
   getFeatureFlags,
   getHubChains,
+  getRpcUrlOverride,
   getSequenceFromTxReceipt,
   getStacksContractPrincipal,
   getStacksExplorerAddressUrl,