@veridex/sdk 1.1.0 → 1.1.2

package/dist/index.mjs

@@ -1,34 +1,36 @@
 import {
   CHAIN_NAMES,
   CHAIN_PRESETS,
+  configureDefaultRpcUrls,
   getChainConfig,
   getChainPreset,
   getDefaultHub,
   getEffectivePrimaryHub,
   getFeatureFlags,
   getHubChains,
+  getRpcUrlOverride,
   getSupportedChains,
   isChainSupported,
   isHubChain,
   isMultiHubEnabled,
   resetFeatureFlags,
   setFeatureFlags
-} from "./chunk-QDO6NQ7P.mjs";
+} from "./chunk-M3GUNREX.mjs";
 import {
   EVMHubClientAdapter
 } from "./chunk-V636MIV3.mjs";
 import {
   SolanaClient
-} from "./chunk-Q5O3M5LP.mjs";
+} from "./chunk-2TS375ET.mjs";
 import {
   AptosClient
-} from "./chunk-QT4ZZ4GM.mjs";
+} from "./chunk-5FDOTI5G.mjs";
 import {
   SuiClient
-} from "./chunk-SXXGTQIR.mjs";
+} from "./chunk-E3SU36C2.mjs";
 import {
   StarknetClient
-} from "./chunk-MLXQHIH2.mjs";
+} from "./chunk-GM5DKEHD.mjs";
 import {
   STACKS_ACTION_TYPES,
   StacksClient,
@@ -56,13 +58,13 @@ import {
   parseContractPrincipal,
   rsToCompactSignature,
   validatePostConditions
-} from "./chunk-5T6KPH7A.mjs";
+} from "./chunk-CSU4IV2F.mjs";
 import {
   AvalancheClient
-} from "./chunk-N4A2RMUN.mjs";
+} from "./chunk-AFHWA4CZ.mjs";
 import {
   EVMClient
-} from "./chunk-USDA5JTN.mjs";
+} from "./chunk-DZUNCSI5.mjs";
 import {
   CONSISTENCY_LEVELS,
   GUARDIAN_CONFIG,
@@ -85,7 +87,7 @@ import {
   supportsRelayer,
   validateEmitter,
   waitForGuardianSignatures
-} from "./chunk-M3MM4YMF.mjs";
+} from "./chunk-UPO55SBK.mjs";
 import {
   buildChallenge,
   buildGaslessChallenge,
@@ -109,7 +111,7 @@ import {
   parseAmount,
   solanaAddressToBytes32,
   trimTo20Bytes
-} from "./chunk-F3YAGZSW.mjs";
+} from "./chunk-TPEP6XUA.mjs";
 import {
   ARBITRUM_SEPOLIA_TOKENS,
   BASE_SEPOLIA_TOKENS,
@@ -127,13 +129,15 @@ import {
   getTokenBySymbol,
   getTokenList,
   isNativeToken
-} from "./chunk-PDHZ5X5O.mjs";
+} from "./chunk-YYT3V7CI.mjs";
 import {
   PasskeyManager,
   VERIDEX_RP_ID,
+  buildRelayerApiUrl,
   detectRpId,
+  normalizeRelayerOrigin,
   supportsRelatedOrigins
-} from "./chunk-YCUJZ6Z7.mjs";
+} from "./chunk-CTYDGO6E.mjs";
 import {
   base64URLDecode,
   base64URLEncode,
@@ -149,7 +153,7 @@ import {
   isValidWormholeChainId,
   parseDERSignature,
   retryWithBackoff
-} from "./chunk-NUWSMJFJ.mjs";
+} from "./chunk-EFIXFA6V.mjs";
 import {
   ACTION_BRIDGE,
   ACTION_CONFIG,
@@ -165,7 +169,7 @@ import {
   WORMHOLE_API,
   WORMHOLE_CHAIN_IDS,
   WORMHOLE_CHAIN_IDS_FLAT
-} from "./chunk-X7BZMSPQ.mjs";
+} from "./chunk-RD6ZYUVG.mjs";
 
 // src/core/BalanceManager.ts
 import { ethers } from "ethers";
@@ -1014,7 +1018,7 @@ var RelayerClient = class _RelayerClient {
   baseUrl;
   config;
   constructor(config) {
-    this.baseUrl = config.baseUrl.replace(/\/+$/, "");
+    this.baseUrl = normalizeRelayerOrigin(config.baseUrl);
     this.config = { ...DEFAULT_CONFIG2, ...config };
   }
   // ========================================================================
@@ -1281,6 +1285,7 @@ var RelayerClient = class _RelayerClient {
    * Make an HTTP request to the relayer
    */
   async fetch(path, options = {}) {
+    const resolvedUrl = path.startsWith("/api/v1/") ? buildRelayerApiUrl(this.baseUrl, path.replace(/^\/api\/v1/, "")) : `${this.baseUrl}${path}`;
     const headers = {
       "Content-Type": "application/json",
       "User-Agent": `@veridex/sdk/${_RelayerClient.SDK_VERSION}`,
@@ -1294,7 +1299,7 @@ var RelayerClient = class _RelayerClient {
     let lastError = null;
     for (let attempt = 0; attempt <= this.config.maxRetries; attempt++) {
       try {
-        const response = await fetch(`${this.baseUrl}${path}`, {
+        const response = await fetch(resolvedUrl, {
           ...options,
           headers,
           signal: controller.signal
@@ -5300,7 +5305,7 @@ var VeridexSDK = class {
         const wormholeChainId = chainConfig.wormholeChainId;
         const tokenList = getAllTokens(wormholeChainId);
         const erc20Tokens = tokenList.filter((t) => !isNativeToken(t.address)).map((t) => t.address);
-        const { queryPortfolio } = await import("./portfolio-V347KZOL.mjs");
+        const { queryPortfolio } = await import("./portfolio-JA4OTF7Y.mjs");
         const result = await queryPortfolio(credential.keyHash, this.queryApiKey, {
           network: this.testnet ? "testnet" : "mainnet",
           vaultAddresses: { [wormholeChainId]: vaultAddress },
@@ -5663,7 +5668,7 @@ var VeridexSDK = class {
         const tokenList = getAllTokens(wormholeChainId);
         const erc20Tokens = tokenList.filter((t) => !isNativeToken(t.address)).map((t) => t.address);
         const rpcUrl = this.chainRpcUrls?.[wormholeChainId] ?? chainConfig.rpcUrl;
-        const { queryPortfolio } = await import("./portfolio-V347KZOL.mjs");
+        const { queryPortfolio } = await import("./portfolio-JA4OTF7Y.mjs");
         const result = await queryPortfolio(credential.keyHash, this.queryApiKey, {
           network: this.testnet ? "testnet" : "mainnet",
           vaultAddresses: { [wormholeChainId]: vaultAddress },
@@ -6657,7 +6662,7 @@ var CredentialManager = class {
   constructor(config = {}) {
     this.config = {
       storageKey: config.storageKey ?? DEFAULT_STORAGE_KEY,
-      relayerUrl: config.relayerUrl ?? ""
+      relayerUrl: normalizeRelayerOrigin(config.relayerUrl ?? "")
     };
   }
   // ========================================================================
@@ -6805,7 +6810,7 @@ var CredentialManager = class {
     const managed = this.getCredential(credentialId);
     if (!managed) return false;
     try {
-      const response = await fetch(`${this.config.relayerUrl}/api/v1/credential/metadata`, {
+      const response = await fetch(buildRelayerApiUrl(this.config.relayerUrl, "/credential/metadata"), {
         method: "PUT",
         headers: { "Content-Type": "application/json" },
         body: JSON.stringify({
@@ -6831,7 +6836,10 @@ var CredentialManager = class {
     if (!this.config.relayerUrl) return null;
     try {
       const response = await fetch(
-        `${this.config.relayerUrl}/api/v1/credential/metadata?keyHash=${encodeURIComponent(keyHash)}`
+        buildRelayerApiUrl(
+          this.config.relayerUrl,
+          `/credential/metadata?keyHash=${encodeURIComponent(keyHash)}`
+        )
       );
       if (!response.ok) return null;
       const data = await response.json();
@@ -6953,7 +6961,7 @@ var CredentialManager = class {
 
 // src/core/CrossOriginAuth.ts
 var DEFAULT_AUTH_PORTAL_URL = "https://auth.veridex.network";
-var DEFAULT_RELAYER_URL = "https://amused-kameko-veridex-demo-37453117.koyeb.app/api/v1";
+var DEFAULT_RELAYER_URL = "https://relayer.veridex.network";
 var AUTH_MESSAGE_TYPES = {
   AUTH_REQUEST: "VERIDEX_AUTH_REQUEST",
   AUTH_RESPONSE: "VERIDEX_AUTH_RESPONSE",
@@ -6965,7 +6973,7 @@ var CrossOriginAuth = class {
     this.config = {
       rpId: config.rpId ?? VERIDEX_RP_ID,
       authPortalUrl: config.authPortalUrl ?? DEFAULT_AUTH_PORTAL_URL,
-      relayerUrl: config.relayerUrl ?? DEFAULT_RELAYER_URL,
+      relayerUrl: normalizeRelayerOrigin(config.relayerUrl ?? DEFAULT_RELAYER_URL),
       mode: config.mode ?? "popup",
       popupFeatures: config.popupFeatures ?? "width=500,height=600,left=100,top=100",
       timeout: config.timeout ?? 12e4,
@@ -7182,7 +7190,8 @@ var CrossOriginAuth = class {
     return bytes;
   }
   async requestServerSessionChallenge(options) {
-    const response = await fetch(`${this.config.relayerUrl}/session/challenge`, {
+    const challengeUrl = buildRelayerApiUrl(this.config.relayerUrl, "/session/challenge");
+    const response = await fetch(challengeUrl, {
       method: "POST",
       headers: { "Content-Type": "application/json" },
       body: JSON.stringify({
@@ -7228,7 +7237,7 @@ var CrossOriginAuth = class {
     if (!session.serverChallengeId) {
       throw new Error("Session must include a relayer-issued serverChallengeId");
     }
-    const response = await fetch(`${this.config.relayerUrl}/session/create`, {
+    const response = await fetch(buildRelayerApiUrl(this.config.relayerUrl, "/session/create"), {
       method: "POST",
       headers: { "Content-Type": "application/json" },
       body: JSON.stringify({
@@ -7251,7 +7260,9 @@ var CrossOriginAuth = class {
    * Returns the session details if valid, null if expired/revoked.
    */
   async validateServerSession(sessionId) {
-    const response = await fetch(`${this.config.relayerUrl}/session/${encodeURIComponent(sessionId)}`);
+    const response = await fetch(
+      buildRelayerApiUrl(this.config.relayerUrl, `/session/${encodeURIComponent(sessionId)}`)
+    );
     if (!response.ok) {
       return null;
     }
@@ -7265,9 +7276,12 @@ var CrossOriginAuth = class {
    * Revoke a server session token.
    */
   async revokeServerSession(sessionId) {
-    const response = await fetch(`${this.config.relayerUrl}/session/${encodeURIComponent(sessionId)}`, {
-      method: "DELETE"
-    });
+    const response = await fetch(
+      buildRelayerApiUrl(this.config.relayerUrl, `/session/${encodeURIComponent(sessionId)}`),
+      {
+        method: "DELETE"
+      }
+    );
     return response.ok;
   }
   /**
@@ -7716,6 +7730,12 @@ function validateSessionConfig(config) {
       "INVALID_CONFIG" /* INVALID_CONFIG */
     );
   }
+  if (config.maxValue === 0n && config.allowUnboundedMaxValue !== true) {
+    throw new SessionError(
+      'Session maxValue=0 means "no per-tx limit" \u2014 the vault daily cap is then the only bound. This is a foot-gun: a compromised session key can drain the vault up to that cap. Pass a non-zero maxValue, or set allowUnboundedMaxValue:true if you have verified the vault daily cap and accept the residual risk.',
+      "INVALID_CONFIG" /* INVALID_CONFIG */
+    );
+  }
 }
 
 // src/sessions/storage.ts
@@ -7824,39 +7844,44 @@ var IndexedDBSessionStorage = class {
       );
     }
   }
+  async decryptSession(stored) {
+    const key = await this.getEncryptionKey();
+    const encryptedPrivateKey = new Uint8Array(stored.encryptedPrivateKey);
+    const privateKey = await decrypt(encryptedPrivateKey, key);
+    return {
+      keyHash: stored.keyHash,
+      publicKey: new Uint8Array(stored.publicKey),
+      privateKey,
+      expiry: stored.expiry,
+      maxValue: BigInt(stored.maxValue),
+      chainScopes: stored.chainScopes ?? [],
+      userKeyHash: stored.userKeyHash
+    };
+  }
+  async pruneExpiredSessions(records) {
+    const now = Date.now();
+    const validRecords = records.filter((record) => record.expiry > now);
+    const expiredRecords = records.filter((record) => record.expiry <= now);
+    if (expiredRecords.length > 0) {
+      await Promise.all(expiredRecords.map((record) => this.remove(record.keyHash)));
+    }
+    return validRecords.sort((left, right) => right.savedAt - left.savedAt);
+  }
   /**
-   * Load the active session (decrypts private key)
+   * Load a session (decrypts private key)
    */
-  async load() {
+  async load(keyHash) {
     try {
       await this.initialize();
       if (!this.db) {
         throw new Error("Database not initialized");
       }
-      const allSessions = await this.getAllSessions();
-      if (allSessions.length === 0) {
-        return null;
-      }
-      const now = Date.now();
-      const validSessions = allSessions.filter((s) => s.expiry > now).sort((a, b) => b.savedAt - a.savedAt);
+      const sessions = keyHash ? await this.getSessionByKeyHash(keyHash) : await this.getAllSessions();
+      const validSessions = await this.pruneExpiredSessions(sessions);
       if (validSessions.length === 0) {
-        await this.clear();
         return null;
       }
-      const stored = validSessions[0];
-      const key = await this.getEncryptionKey();
-      const encryptedPrivateKey = new Uint8Array(stored.encryptedPrivateKey);
-      const privateKey = await decrypt(encryptedPrivateKey, key);
-      const session = {
-        keyHash: stored.keyHash,
-        publicKey: new Uint8Array(stored.publicKey),
-        privateKey,
-        expiry: stored.expiry,
-        maxValue: BigInt(stored.maxValue),
-        chainScopes: stored.chainScopes,
-        userKeyHash: stored.userKeyHash
-      };
-      return session;
+      return this.decryptSession(validSessions[0]);
     } catch (error) {
       if (error instanceof SessionError) {
         throw error;
@@ -7889,6 +7914,75 @@ var IndexedDBSessionStorage = class {
       };
     });
   }
+  async getSessionByKeyHash(keyHash) {
+    if (!this.db) {
+      return [];
+    }
+    return new Promise((resolve, reject) => {
+      const transaction = this.db.transaction([STORE_NAME], "readonly");
+      const store = transaction.objectStore(STORE_NAME);
+      const request = store.get(keyHash);
+      request.onsuccess = () => {
+        resolve(request.result ? [request.result] : []);
+      };
+      request.onerror = () => {
+        reject(new SessionError(
+          "Failed to get session",
+          "STORAGE_ERROR" /* STORAGE_ERROR */,
+          request.error
+        ));
+      };
+    });
+  }
+  async loadAll() {
+    try {
+      await this.initialize();
+      if (!this.db) {
+        return [];
+      }
+      const records = await this.pruneExpiredSessions(await this.getAllSessions());
+      return Promise.all(records.map((record) => this.decryptSession(record)));
+    } catch (error) {
+      if (error instanceof SessionError) {
+        throw error;
+      }
+      throw new SessionError(
+        "Failed to load sessions",
+        "STORAGE_ERROR" /* STORAGE_ERROR */,
+        error
+      );
+    }
+  }
+  async remove(keyHash) {
+    try {
+      await this.initialize();
+      if (!this.db) {
+        return;
+      }
+      return new Promise((resolve, reject) => {
+        const transaction = this.db.transaction([STORE_NAME], "readwrite");
+        const store = transaction.objectStore(STORE_NAME);
+        const request = store.delete(keyHash);
+        request.onsuccess = () => resolve();
+        request.onerror = () => {
+          reject(new SessionError(
+            "Failed to remove session",
+            "STORAGE_ERROR" /* STORAGE_ERROR */,
+            request.error
+          ));
+        };
+      });
+    } catch (error) {
+      if (error instanceof SessionError) {
+        throw error;
+      }
+      throw new SessionError(
+        "Failed to remove session",
+        "STORAGE_ERROR" /* STORAGE_ERROR */,
+        error
+      );
+    }
+  }
   /**
    * Clear all sessions
    */
@@ -7925,14 +8019,9 @@ var IndexedDBSessionStorage = class {
   /**
    * Check if any session exists
    */
-  async exists() {
+  async exists(keyHash) {
     try {
-      await this.initialize();
-      if (!this.db) {
-        return false;
-      }
-      const sessions = await this.getAllSessions();
-      return sessions.length > 0;
+      return await this.load(keyHash) !== null;
     } catch {
       return false;
     }
@@ -7951,7 +8040,8 @@ var STORAGE_KEY_PREFIX = "veridex-session-";
 var LocalStorageSessionStorage = class {
   encryptionKey = null;
   credentialId;
-  storageKey;
+  credentialHash;
+  legacyStorageKey;
   /**
    * @param credentialId User's Passkey credential ID (for key derivation)
    */
@@ -7963,7 +8053,60 @@ var LocalStorageSessionStorage = class {
       );
     }
     this.credentialId = credentialId;
-    this.storageKey = STORAGE_KEY_PREFIX + ethers10.keccak256(ethers10.toUtf8Bytes(credentialId));
+    this.credentialHash = ethers10.keccak256(ethers10.toUtf8Bytes(credentialId));
+    this.legacyStorageKey = STORAGE_KEY_PREFIX + this.credentialHash;
+  }
+  getSessionStorageKey(keyHash) {
+    return `${STORAGE_KEY_PREFIX}${this.credentialHash}:${keyHash}`;
+  }
+  getSessionStoragePrefix() {
+    return `${STORAGE_KEY_PREFIX}${this.credentialHash}:`;
+  }
+  async deserializeSession(stored) {
+    const key = await this.getEncryptionKey();
+    const encryptedPrivateKey = typeof stored.encryptedPrivateKey === "string" ? ethers10.getBytes(stored.encryptedPrivateKey) : new Uint8Array(stored.encryptedPrivateKey);
+    const privateKey = await decrypt(encryptedPrivateKey, key);
+    return {
+      keyHash: stored.keyHash,
+      publicKey: typeof stored.publicKey === "string" ? ethers10.getBytes(stored.publicKey) : new Uint8Array(stored.publicKey),
+      privateKey,
+      expiry: stored.expiry,
+      maxValue: BigInt(stored.maxValue),
+      chainScopes: stored.chainScopes ?? [],
+      userKeyHash: stored.userKeyHash
+    };
+  }
+  getRawRecords() {
+    const records = [];
+    const prefix = this.getSessionStoragePrefix();
+    for (let index = 0; index < localStorage.length; index++) {
+      const key = localStorage.key(index);
+      if (!key || !key.startsWith(prefix)) {
+        continue;
+      }
+      const value = localStorage.getItem(key);
+      if (!value) {
+        continue;
+      }
+      records.push(JSON.parse(value));
+    }
+    const legacyValue = localStorage.getItem(this.legacyStorageKey);
+    if (legacyValue) {
+      records.push(JSON.parse(legacyValue));
+    }
+    return records;
+  }
+  async getValidRecords() {
+    const now = Date.now();
+    const validRecords = [];
+    for (const record of this.getRawRecords()) {
+      if (record.expiry <= now) {
+        await this.remove(record.keyHash);
+        continue;
+      }
+      validRecords.push(record);
+    }
+    return validRecords.sort((left, right) => right.savedAt - left.savedAt);
   }
   /**
    * Get or derive encryption key
@@ -7992,7 +8135,7 @@ var LocalStorageSessionStorage = class {
         userKeyHash: session.userKeyHash,
         savedAt: Date.now()
       };
-      localStorage.setItem(this.storageKey, JSON.stringify(storageObject));
+      localStorage.setItem(this.getSessionStorageKey(session.keyHash), JSON.stringify(storageObject));
     } catch (error) {
       if (error instanceof SessionError) {
         throw error;
@@ -8005,32 +8148,15 @@ var LocalStorageSessionStorage = class {
     }
   }
   /**
-   * Load the active session (decrypts private key)
+   * Load a session (decrypts private key)
    */
-  async load() {
+  async load(keyHash) {
     try {
-      const data = localStorage.getItem(this.storageKey);
-      if (!data) {
-        return null;
-      }
-      const stored = JSON.parse(data);
-      if (stored.expiry <= Date.now()) {
-        await this.clear();
+      const records = keyHash ? (await this.getValidRecords()).filter((record) => record.keyHash === keyHash) : await this.getValidRecords();
+      if (records.length === 0) {
         return null;
       }
-      const key = await this.getEncryptionKey();
-      const encryptedPrivateKey = ethers10.getBytes(stored.encryptedPrivateKey);
-      const privateKey = await decrypt(encryptedPrivateKey, key);
-      const session = {
-        keyHash: stored.keyHash,
-        publicKey: ethers10.getBytes(stored.publicKey),
-        privateKey,
-        expiry: stored.expiry,
-        maxValue: BigInt(stored.maxValue),
-        chainScopes: stored.chainScopes,
-        userKeyHash: stored.userKeyHash
-      };
-      return session;
+      return this.deserializeSession(records[0]);
     } catch (error) {
       await this.clear();
       if (error instanceof SessionError) {
@@ -8043,12 +8169,55 @@ var LocalStorageSessionStorage = class {
       );
     }
   }
+  async loadAll() {
+    try {
+      const records = await this.getValidRecords();
+      return Promise.all(records.map((record) => this.deserializeSession(record)));
+    } catch (error) {
+      await this.clear();
+      if (error instanceof SessionError) {
+        throw error;
+      }
+      throw new SessionError(
+        "Failed to load sessions",
+        "STORAGE_ERROR" /* STORAGE_ERROR */,
+        error
+      );
+    }
+  }
+  async remove(keyHash) {
+    try {
+      localStorage.removeItem(this.getSessionStorageKey(keyHash));
+      const legacyValue = localStorage.getItem(this.legacyStorageKey);
+      if (legacyValue) {
+        const legacyRecord = JSON.parse(legacyValue);
+        if (legacyRecord.keyHash === keyHash) {
+          localStorage.removeItem(this.legacyStorageKey);
+        }
+      }
+    } catch (error) {
+      throw new SessionError(
+        "Failed to remove session",
+        "STORAGE_ERROR" /* STORAGE_ERROR */,
+        error
+      );
+    }
+  }
   /**
    * Clear all sessions
    */
   async clear() {
     try {
-      localStorage.removeItem(this.storageKey);
+      const keysToRemove = [];
+      const prefix = this.getSessionStoragePrefix();
+      for (let index = 0; index < localStorage.length; index++) {
+        const key = localStorage.key(index);
+        if (key && key.startsWith(prefix)) {
+          keysToRemove.push(key);
+        }
+      }
+      keysToRemove.forEach((key) => localStorage.removeItem(key));
+      localStorage.removeItem(this.legacyStorageKey);
     } catch (error) {
       throw new SessionError(
         "Failed to clear sessions",
@@ -8060,9 +8229,9 @@ var LocalStorageSessionStorage = class {
   /**
    * Check if any session exists
    */
-  async exists() {
+  async exists(keyHash) {
     try {
-      return localStorage.getItem(this.storageKey) !== null;
+      return await this.load(keyHash) !== null;
     } catch {
       return false;
     }
@@ -8112,7 +8281,8 @@ var SessionManager = class {
       maxValue: config.maxValue ?? 0n,
       autoRefresh: config.autoRefresh ?? true,
       refreshBuffer: config.refreshBuffer ?? DEFAULT_REFRESH_BUFFER,
-      chainScopes: config.chainScopes ?? []
+      chainScopes: config.chainScopes ?? [],
+      allowUnboundedMaxValue: config.allowUnboundedMaxValue ?? false
     };
     validateSessionConfig(this.config);
     this.debug = managerConfig?.debug ?? false;
@@ -8127,6 +8297,14 @@ var SessionManager = class {
   refreshTimer = null;
   eventCallbacks = [];
   debug;
+  resolveConfig(configOverride) {
+    const resolvedConfig = {
+      ...this.config,
+      ...configOverride
+    };
+    validateSessionConfig(resolvedConfig);
+    return resolvedConfig;
+  }
   // ========================================================================
   // Session Lifecycle
   // ========================================================================
@@ -8143,15 +8321,16 @@ var SessionManager = class {
    * @returns Created session key
    * @throws SessionError if registration fails
    */
-  async createSession() {
+  async createSession(configOverride) {
     try {
       this.log("Creating new session...");
+      const sessionConfig = this.resolveConfig(configOverride);
       const keyPair = generateSecp256k1KeyPair();
       const keyHash = computeSessionKeyHash(keyPair.publicKey);
       this.log("Generated session key:", keyHash);
       const challenge = ethers11.solidityPacked(
         ["string", "bytes32", "uint256", "uint256"],
-        ["registerSession", keyHash, this.config.duration, this.config.maxValue]
+        ["registerSession", keyHash, sessionConfig.duration, sessionConfig.maxValue]
       );
       this.log("Challenge prepared, requesting Passkey signature...");
       const signature = await this.passkeySign(ethers11.getBytes(challenge));
@@ -8161,20 +8340,20 @@ var SessionManager = class {
         publicKeyX: this.credential.publicKeyX,
         publicKeyY: this.credential.publicKeyY,
         sessionKeyHash: keyHash,
-        duration: this.config.duration,
-        maxValue: this.config.maxValue,
+        duration: sessionConfig.duration,
+        maxValue: sessionConfig.maxValue,
         requireUV: true
       };
       await this.hubClient.registerSession(registerParams);
       this.log("Session registered on Hub");
-      const expiry = Date.now() + this.config.duration * 1e3;
+      const expiry = Date.now() + sessionConfig.duration * 1e3;
       this.currentSession = {
         publicKey: keyPair.publicKey,
         privateKey: keyPair.privateKey,
         keyHash,
         expiry,
-        maxValue: this.config.maxValue,
-        chainScopes: this.config.chainScopes,
+        maxValue: sessionConfig.maxValue,
+        chainScopes: sessionConfig.chainScopes,
         userKeyHash: this.credential.keyHash
       };
       await this.storage.save(this.currentSession);
@@ -8199,12 +8378,15 @@ var SessionManager = class {
    * 
    * @returns Loaded session or null if no valid session exists
    */
-  async loadSession() {
+  async loadSession(keyHash) {
     try {
-      this.log("Loading session from storage...");
-      const session = await this.storage.load();
+      this.log("Loading session from storage...", keyHash ?? "latest");
+      const session = await this.storage.load(keyHash);
       if (!session) {
         this.log("No session found in storage");
+        if (!keyHash) {
+          this.currentSession = null;
+        }
         return null;
       }
       if (session.expiry <= Date.now()) {
@@ -8221,27 +8403,43 @@ var SessionManager = class {
       return session;
     } catch (error) {
       this.log("Failed to load session:", error);
-      await this.storage.clear();
+      if (!keyHash) {
+        await this.storage.clear();
+      }
       return null;
     }
   }
+  async listSessions() {
+    return this.storage.loadAll();
+  }
+  async selectSession(keyHash) {
+    const session = await this.loadSession(keyHash);
+    if (!session) {
+      throw new SessionError(
+        `Session ${keyHash} not found`,
+        "SESSION_NOT_FOUND" /* SESSION_NOT_FOUND */
+      );
+    }
+    return session;
+  }
   /**
    * Revoke the current session (requires biometric authentication)
    * 
    * @throws SessionError if no active session or revocation fails
    */
-  async revokeSession() {
-    if (!this.currentSession) {
+  async revokeSession(keyHash) {
+    const targetSession = keyHash ? await this.storage.load(keyHash) : this.currentSession;
+    if (!targetSession) {
       throw new SessionError(
-        "No active session to revoke",
-        "NO_ACTIVE_SESSION" /* NO_ACTIVE_SESSION */
+        keyHash ? `Session ${keyHash} not found` : "No active session to revoke",
+        keyHash ? "SESSION_NOT_FOUND" /* SESSION_NOT_FOUND */ : "NO_ACTIVE_SESSION" /* NO_ACTIVE_SESSION */
       );
     }
     try {
-      this.log("Revoking session:", this.currentSession.keyHash);
+      this.log("Revoking session:", targetSession.keyHash);
       const challenge = ethers11.solidityPacked(
         ["string", "bytes32"],
-        ["revokeSession", this.currentSession.keyHash]
+        ["revokeSession", targetSession.keyHash]
       );
       const signature = await this.passkeySign(ethers11.getBytes(challenge));
       this.log("Passkey signature obtained, revoking on Hub...");
@@ -8249,18 +8447,24 @@ var SessionManager = class {
         signature,
         publicKeyX: this.credential.publicKeyX,
         publicKeyY: this.credential.publicKeyY,
-        sessionKeyHash: this.currentSession.keyHash,
+        sessionKeyHash: targetSession.keyHash,
         requireUV: true
       };
       await this.hubClient.revokeSession(revokeParams);
       this.log("Session revoked on Hub");
-      await this.storage.clear();
-      if (this.refreshTimer) {
-        clearTimeout(this.refreshTimer);
-        this.refreshTimer = null;
+      await this.storage.remove(targetSession.keyHash);
+      const revokedKeyHash = targetSession.keyHash;
+      const revokedCurrentSession = this.currentSession?.keyHash === revokedKeyHash;
+      if (revokedCurrentSession) {
+        if (this.refreshTimer) {
+          clearTimeout(this.refreshTimer);
+          this.refreshTimer = null;
+        }
+        this.currentSession = await this.storage.load();
+        if (this.currentSession && this.config.autoRefresh) {
+          this.scheduleRefresh();
+        }
       }
-      const revokedKeyHash = this.currentSession.keyHash;
-      this.currentSession = null;
       this.emit({ type: "session-revoked", keyHash: revokedKeyHash });
       this.log("Session revoked successfully");
     } catch (error) {
@@ -8338,45 +8542,46 @@ var SessionManager = class {
    * @returns Session signature
    * @throws SessionError if no active session, expired, or value exceeds limit
    */
-  async signWithSession(action) {
-    if (!this.currentSession) {
+  async signWithSession(action, keyHash) {
+    const session = keyHash ? await this.storage.load(keyHash) : this.currentSession;
+    if (!session) {
       throw new SessionError(
-        "No active session available",
-        "NO_ACTIVE_SESSION" /* NO_ACTIVE_SESSION */
+        keyHash ? `Session ${keyHash} not found` : "No active session available",
+        keyHash ? "SESSION_NOT_FOUND" /* SESSION_NOT_FOUND */ : "NO_ACTIVE_SESSION" /* NO_ACTIVE_SESSION */
       );
     }
     const now = Date.now();
-    if (now >= this.currentSession.expiry) {
-      this.emit({ type: "session-expired", keyHash: this.currentSession.keyHash });
+    if (now >= session.expiry) {
+      this.emit({ type: "session-expired", keyHash: session.keyHash });
       throw new SessionError(
         "Session has expired",
         "SESSION_EXPIRED" /* SESSION_EXPIRED */
       );
     }
-    if (this.currentSession.maxValue > 0n && action.value > this.currentSession.maxValue) {
+    if (session.maxValue > 0n && action.value > session.maxValue) {
       throw new SessionError(
-        `Transaction value (${action.value}) exceeds session limit (${this.currentSession.maxValue})`,
+        `Transaction value (${action.value}) exceeds session limit (${session.maxValue})`,
         "VALUE_EXCEEDS_LIMIT" /* VALUE_EXCEEDS_LIMIT */,
-        { value: action.value, limit: this.currentSession.maxValue }
+        { value: action.value, limit: session.maxValue }
       );
     }
-    if (this.currentSession.chainScopes.length > 0 && !this.currentSession.chainScopes.includes(action.targetChain)) {
+    if (session.chainScopes.length > 0 && !session.chainScopes.includes(action.targetChain)) {
       throw new SessionError(
         `Chain ${action.targetChain} not in session scope`,
         "CHAIN_NOT_ALLOWED" /* CHAIN_NOT_ALLOWED */,
-        { chain: action.targetChain, allowedChains: this.currentSession.chainScopes }
+        { chain: action.targetChain, allowedChains: session.chainScopes }
       );
     }
     this.log("Signing action with session key...");
     const messageHash = hashAction(action);
     const { signature } = signWithSessionKey(
-      this.currentSession.privateKey,
+      session.privateKey,
       messageHash
     );
     const sessionSignature = {
       signature,
-      sessionKeyHash: this.currentSession.keyHash,
-      userKeyHash: this.currentSession.userKeyHash,
+      sessionKeyHash: session.keyHash,
+      userKeyHash: session.userKeyHash,
       timestamp: now,
       nonce: action.nonce
     };
@@ -8389,8 +8594,8 @@ var SessionManager = class {
    * @param action Action parameters
    * @returns Session-signed action ready for submission
    */
-  async signAction(action) {
-    const signature = await this.signWithSession(action);
+  async signAction(action, keyHash) {
+    const signature = await this.signWithSession(action, keyHash);
     return {
       action,
       signature,
@@ -9253,6 +9458,7 @@ export {
   calculatePercentage,
   computeKeyHash,
   computeSessionKeyHash,
+  configureDefaultRpcUrls,
   createAuditEntry,
   createChainClient,
   createChainDetector,
@@ -9323,6 +9529,7 @@ export {
   getExplorerUrl,
   getFeatureFlags,
   getHubChains,
+  getRpcUrlOverride,
   getSequenceFromTxReceipt,
   getContractPrincipal as getStacksContractPrincipal,
   getStacksExplorerAddressUrl,