@zendfi/sdk 0.7.4 → 0.8.1

package/dist/index.d.ts

@@ -1,6 +1,6 @@
-import { C as CreateAgentApiKeyRequest, A as AgentApiKey, b as CreateAgentSessionRequest, c as AgentSession, d as AgentPaymentRequest, e as AgentPaymentResponse, f as AgentAnalytics, g as CreatePaymentIntentRequest, P as PaymentIntent, h as ConfirmPaymentIntentRequest, i as PaymentIntentEvent, j as PPPFactor, k as PricingSuggestionRequest, l as PricingSuggestion, E as EnableAutonomyRequest, m as EnableAutonomyResponse, n as AutonomyStatus, S as SmartPaymentRequest, o as SmartPaymentResponse, p as CreateSessionKeyRequest, q as CreateSessionKeyResponse, r as CreateDeviceBoundSessionKeyRequest$1, s as CreateDeviceBoundSessionKeyResponse$1, t as SubmitSignedTransactionRequest, u as SubmitTransactionResponse, v as SessionKeyStatus, w as SessionKeyListResponse, T as TopUpSessionKeyRequest, x as TopUpSessionKeyResponse, Z as ZendFiConfig, y as CreatePaymentRequest, z as Payment, L as ListPaymentsRequest, B as PaginatedResponse, D as CreateSubscriptionPlanRequest, F as SubscriptionPlan, G as CreateSubscriptionRequest, H as Subscription, I as CreatePaymentLinkRequest, J as PaymentLink, K as CreateInstallmentPlanRequest, M as InstallmentPlan, N as CreateEscrowRequest, O as Escrow, Q as ApproveEscrowRequest, R as RefundEscrowRequest, U as DisputeEscrowRequest, V as CreateInvoiceRequest, X as Invoice, Y as VerifyWebhookRequest, _ as WebhookPayload, $ as ApiKeyMode } from './webhook-handler-D5INiR-l.js';
-export { a6 as AgentKeyId, aD as ApiKeyScope, aJ as AutonomousDelegate, a3 as Brand, aG as CaptureMethod, aA as CreateInstallmentPlanResponse, ap as Currency, ao as Environment, aa as EscrowId, au as EscrowStatus, ab as InstallmentPlanId, at as InstallmentPlanStatus, az as InstallmentScheduleItem, ad as IntentId, a8 as InvoiceId, aC as InvoiceLineItem, av as InvoiceStatus, aO as LinkedSessionInfo, a7 as MerchantId, aI as PPPConfig, a4 as PaymentId, aF as PaymentIntentStatus, ac as PaymentLinkCode, ar as PaymentStatus, aq as PaymentToken, aB as ReleaseCondition, aK as RevokeAutonomyRequest, aP as SecurityStatus, a5 as SessionId, aM as SessionKeyInstructions, aN as SessionKeySecurityInfo, aQ as SessionKeyStats, aE as SessionLimits, aL as SmartPaymentStatus, ay as SplitRecipient, aw as SplitStatus, a9 as SubscriptionId, as as SubscriptionStatus, aH as UserProfile, ax as WebhookEvent, a2 as WebhookEventHandler, W as WebhookHandlerConfig, a as WebhookHandlers, a1 as WebhookResult, ag as asAgentKeyId, ak as asEscrowId, al as asInstallmentPlanId, an as asIntentId, ai as asInvoiceId, ah as asMerchantId, ae as asPaymentId, am as asPaymentLinkCode, af as asSessionId, aj as asSubscriptionId, a0 as processWebhook } from './webhook-handler-D5INiR-l.js';
-import { Transaction, Keypair } from '@solana/web3.js';
+import { C as CreateAgentApiKeyRequest, A as AgentApiKey, b as CreateAgentSessionRequest, c as AgentSession, d as AgentPaymentRequest, e as AgentPaymentResponse, f as AgentAnalytics, g as CreatePaymentIntentRequest, P as PaymentIntent, h as ConfirmPaymentIntentRequest, i as PaymentIntentEvent, j as PPPFactor, k as PricingSuggestionRequest, l as PricingSuggestion, E as EnableAutonomyRequest, m as EnableAutonomyResponse, n as AutonomyStatus, S as SmartPaymentRequest, o as SmartPaymentResponse, Z as ZendFiConfig, p as CreatePaymentRequest, q as Payment, L as ListPaymentsRequest, r as PaginatedResponse, s as CreateSubscriptionPlanRequest, t as SubscriptionPlan, u as CreateSubscriptionRequest, v as Subscription, w as CreatePaymentLinkRequest, x as PaymentLink, y as CreateInstallmentPlanRequest, I as InstallmentPlan, z as CreateEscrowRequest, B as Escrow, D as ApproveEscrowRequest, R as RefundEscrowRequest, F as DisputeEscrowRequest, G as CreateInvoiceRequest, H as Invoice, V as VerifyWebhookRequest, J as WebhookPayload, K as ApiKeyMode } from './webhook-handler-CgaLeGO4.js';
+export { X as AgentKeyId, at as ApiKeyScope, az as AutonomousDelegate, Q as Brand, aw as CaptureMethod, aF as CreateDeviceBoundSessionKeyRequest, aG as CreateDeviceBoundSessionKeyResponse, aq as CreateInstallmentPlanResponse, aC as CreateSessionKeyRequest, aD as CreateSessionKeyResponse, af as Currency, ae as Environment, a0 as EscrowId, ak as EscrowStatus, a1 as InstallmentPlanId, aj as InstallmentPlanStatus, ap as InstallmentScheduleItem, a3 as IntentId, _ as InvoiceId, as as InvoiceLineItem, al as InvoiceStatus, aJ as LinkedSessionInfo, Y as MerchantId, ay as PPPConfig, T as PaymentId, av as PaymentIntentStatus, a2 as PaymentLinkCode, ah as PaymentStatus, ag as PaymentToken, ar as ReleaseCondition, aA as RevokeAutonomyRequest, aK as SecurityStatus, U as SessionId, aE as SessionKeyInstructions, aP as SessionKeyListResponse, aH as SessionKeySecurityInfo, aQ as SessionKeyStats, aI as SessionKeyStatus, au as SessionLimits, aB as SmartPaymentStatus, ao as SplitRecipient, am as SplitStatus, aN as SubmitSignedTransactionRequest, aO as SubmitTransactionResponse, $ as SubscriptionId, ai as SubscriptionStatus, aL as TopUpSessionKeyRequest, aM as TopUpSessionKeyResponse, ax as UserProfile, an as WebhookEvent, O as WebhookEventHandler, W as WebhookHandlerConfig, a as WebhookHandlers, N as WebhookResult, a6 as asAgentKeyId, aa as asEscrowId, ab as asInstallmentPlanId, ad as asIntentId, a8 as asInvoiceId, a7 as asMerchantId, a4 as asPaymentId, ac as asPaymentLinkCode, a5 as asSessionId, a9 as asSubscriptionId, M as processWebhook } from './webhook-handler-CgaLeGO4.js';
+import { Keypair, Transaction } from '@solana/web3.js';
 
 /**
  * Request/Response Interceptor System
@@ -886,340 +886,296 @@ declare class SmartPaymentsAPI {
 }
 
 /**
- * Session Keys API - On-chain funded session wallets
+ * Session Keys API - Device-Bound Non-Custodial Session Keys
  *
- * Session keys are dedicated wallets funded by users for AI agents to use.
- * Two modes are supported:
+ * TRUE non-custodial session keys where:
+ * - Client generates keypair (backend NEVER sees private key)
+ * - Client encrypts with PIN + device fingerprint (Argon2id + AES-256-GCM)
+ * - Backend stores encrypted blob (cannot decrypt!)
+ * - Client decrypts and signs for each payment
  *
- * 1. **Custodial Mode**: Backend generates and stores the keypair (simpler)
- * 2. **Device-Bound Mode**: Client generates keypair and encrypts with PIN (more secure)
+ * This is the ONLY supported mode. Custodial session keys are deprecated.
  *
  * @example
  * ```typescript
- * // Create a custodial session key
+ * // Create a session key with PIN encryption
  * const result = await zendfi.sessionKeys.create({
- *   user_wallet: 'Hx7B...abc',
- *   limit_usdc: 100,
- *   duration_days: 7,
- *   device_fingerprint: await getDeviceFingerprint(),
+ *   userWallet: '7xKNH...',
+ *   agentId: 'shopping-assistant-v1',
+ *   agentName: 'AI Shopping Assistant',
+ *   limitUSDC: 100,
+ *   durationDays: 7,
+ *   pin: '123456',
+ *   generateRecoveryQR: true,
  * });
  *
- * // User signs the approval transaction in their wallet
- * const signedTx = await wallet.signTransaction(result.approval_transaction);
+ * console.log(`Session key: ${result.sessionKeyId}`);
+ * console.log(`Works across all apps with agent: ${result.agentId}`);
  *
- * // Submit the signed transaction
- * await zendfi.sessionKeys.submitApproval({
- *   session_key_id: result.session_key_id,
- *   signed_transaction: signedTx,
- * });
+ * // Unlock for auto-signing (one-time PIN entry)
+ * await zendfi.sessionKeys.unlock(result.sessionKeyId, '123456');
  *
- * // Check status
- * const status = await zendfi.sessionKeys.getStatus(result.session_key_id);
- * console.log(`Remaining: $${status.remaining_usdc}`);
+ * // Make payments without PIN (instant!)
+ * const payment = await zendfi.sessionKeys.makePayment({
+ *   sessionKeyId: result.sessionKeyId,
+ *   amount: 5.0,
+ *   recipient: '8xYZA...',
+ *   description: 'Coffee purchase',
+ * });
  * ```
+ *
+ * @module aip/session-keys
  */
-
 type RequestFn = <T>(method: string, endpoint: string, data?: any) => Promise<T>;
+interface CreateSessionKeyOptions {
+    /** User's main wallet address */
+    userWallet: string;
+    /** Agent identifier for cross-app compatibility (e.g., "shopping-assistant-v1") */
+    agentId: string;
+    /** Human-readable agent name (e.g., "AI Shopping Assistant") */
+    agentName?: string;
+    /** Spending limit in USDC */
+    limitUSDC: number;
+    /** Duration in days (1-30) */
+    durationDays: number;
+    /** 6-digit numeric PIN for encryption */
+    pin: string;
+    /** Generate recovery QR code (recommended) */
+    generateRecoveryQR?: boolean;
+    /** Enable Lit Protocol for true autonomous signing (default: true) */
+    enableLitProtocol?: boolean;
+    /** Lit Protocol network (default: 'datil-dev') */
+    litNetwork?: 'datil' | 'datil-dev' | 'datil-test';
+}
+interface SessionKeyResult {
+    /** UUID of the created session key */
+    sessionKeyId: string;
+    /** Agent identifier */
+    agentId: string;
+    /** Agent name (if provided) */
+    agentName?: string;
+    /** Session wallet public key */
+    sessionWallet: string;
+    /** Spending limit in USDC */
+    limitUsdc: number;
+    /** Expiration timestamp */
+    expiresAt: string;
+    /** Recovery QR code data (if generated) */
+    recoveryQR?: string;
+    /** True if this session key works across multiple apps with same agent_id */
+    crossAppCompatible: boolean;
+}
+interface MakePaymentOptions {
+    /** Session key ID to pay from */
+    sessionKeyId: string;
+    /** Payment amount in USD */
+    amount: number;
+    /** Recipient wallet address */
+    recipient: string;
+    /** Token to pay with (default: USDC) */
+    token?: string;
+    /** Payment description */
+    description?: string;
+    /** PIN (only required if session key not unlocked) */
+    pin?: string;
+    /** Whether to cache keypair for future payments (default: true) */
+    enableAutoSign?: boolean;
+}
+interface PaymentResult$1 {
+    paymentId: string;
+    signature: string;
+    status: string;
+}
+interface SessionKeyInfo {
+    sessionKeyId: string;
+    isActive: boolean;
+    isApproved: boolean;
+    limitUsdc: number;
+    usedAmountUsdc: number;
+    remainingUsdc: number;
+    expiresAt: string;
+    daysUntilExpiry: number;
+}
 declare class SessionKeysAPI {
-    private request;
+    private sessionKeys;
+    private sessionMetadata;
+    private requestFn;
+    private debugMode;
     constructor(request: RequestFn);
     /**
-     * Create a custodial session key
-     *
-     * The backend generates and securely stores the keypair.
-     * Returns an approval transaction that the user must sign to fund the session wallet.
-     *
-     * @param request - Session key configuration
-     * @returns Creation response with approval transaction
-     *
-     * @example
-     * ```typescript
-     * // Basic creation
-     * const result = await zendfi.sessionKeys.create({
-     *   user_wallet: 'Hx7B...abc',
-     *   limit_usdc: 100,
-     *   duration_days: 7,
-     *   device_fingerprint: deviceFingerprint,
-     * });
-     *
-     * // Create with linked session for policy enforcement
-     * const result = await zendfi.sessionKeys.create({
-     *   user_wallet: 'Hx7B...abc',
-     *   limit_usdc: 500,
-     *   duration_days: 7,
-     *   device_fingerprint: deviceFingerprint,
-     *   link_session_id: session.id,  // Links to existing session
-     * });
-     *
-     * console.log(`Session key: ${result.session_key_id}`);
-     * console.log('Please sign the approval transaction');
-     * ```
+     * Enable debug logging
      */
-    create(request: CreateSessionKeyRequest): Promise<CreateSessionKeyResponse>;
+    private debug;
     /**
-     * Create a device-bound session key (non-custodial)
+     * Create a new device-bound session key
      *
-     * The client generates the keypair and encrypts it with a PIN before sending.
-     * The backend cannot decrypt the keypair - only the user's device can.
+     * The keypair is generated client-side and encrypted with your PIN.
+     * The backend NEVER sees your private key.
      *
-     * @param request - Device-bound session key configuration
-     * @returns Creation response with session wallet address
+     * @param options - Session key configuration
+     * @returns Created session key info with optional recovery QR
      *
      * @example
      * ```typescript
-     * // Generate keypair client-side
-     * const keypair = Keypair.generate();
-     *
-     * // Encrypt with PIN
-     * const encrypted = await encryptWithPin(keypair.secretKey, pin);
-     *
-     * const result = await zendfi.sessionKeys.createDeviceBound({
-     *   user_wallet: 'Hx7B...abc',
-     *   limit_usdc: 100,
-     *   duration_days: 7,
-     *   encrypted_session_key: encrypted.ciphertext,
-     *   nonce: encrypted.nonce,
-     *   session_public_key: keypair.publicKey.toBase58(),
-     *   device_fingerprint: deviceFingerprint,
+     * const result = await zendfi.sessionKeys.create({
+     *   userWallet: '7xKNH...',
+     *   agentId: 'shopping-assistant-v1',
+     *   agentName: 'AI Shopping Assistant',
+     *   limitUSDC: 100,
+     *   durationDays: 7,
+     *   pin: '123456',
+     *   generateRecoveryQR: true,
      * });
      *
-     * console.log(`Session wallet: ${result.session_wallet}`);
+     * console.log(`Session key: ${result.sessionKeyId}`);
+     * console.log(`Recovery QR: ${result.recoveryQR}`);
      * ```
      */
-    createDeviceBound(request: CreateDeviceBoundSessionKeyRequest$1): Promise<CreateDeviceBoundSessionKeyResponse$1>;
+    create(options: CreateSessionKeyOptions): Promise<SessionKeyResult>;
     /**
-     * Get encrypted session key for device-bound mode
+     * Load an existing session key from backend
      *
-     * Retrieves the encrypted keypair so the client can decrypt it with their PIN.
-     * The device fingerprint must match the one used during creation.
+     * Fetches the encrypted session key and decrypts it with your PIN.
+     * Use this when resuming a session on the same device.
      *
      * @param sessionKeyId - UUID of the session key
-     * @param deviceFingerprint - Current device fingerprint
-     * @returns Encrypted key data
-     */
-    getEncrypted(sessionKeyId: string, deviceFingerprint: string): Promise<{
-        encrypted_session_key: string;
-        nonce: string;
-        device_fingerprint_valid: boolean;
-    }>;
-    /**
-     * Submit a signed approval transaction
-     *
-     * After the user signs the approval transaction from `create()`,
-     * submit it here to activate the session key.
-     *
-     * @param request - Signed transaction data
-     * @returns Submission result with signature
+     * @param pin - PIN to decrypt the session key
      *
      * @example
      * ```typescript
-     * const result = await zendfi.sessionKeys.submitApproval({
-     *   session_key_id: sessionKeyId,
-     *   signed_transaction: signedTxBase64,
-     * });
+     * // Resume session on same device
+     * await zendfi.sessionKeys.load('uuid-of-session-key', '123456');
      *
-     * console.log(`Approved! Signature: ${result.signature}`);
+     * // Now you can make payments
+     * await zendfi.sessionKeys.makePayment({...});
      * ```
      */
-    submitApproval(request: SubmitSignedTransactionRequest & {
-        session_key_id: string;
-    }): Promise<SubmitTransactionResponse>;
+    load(sessionKeyId: string, pin: string): Promise<void>;
     /**
-     * Submit a signed top-up transaction
-     *
-     * After the user signs the top-up transaction from `topUp()`,
-     * submit it here to add funds.
+     * Unlock a session key for auto-signing
      *
-     * @param sessionKeyId - UUID of the session key
-     * @param signedTransaction - Base64 encoded signed transaction
-     * @returns Submission result with new limit
-     */
-    submitTopUp(sessionKeyId: string, signedTransaction: string): Promise<SubmitTransactionResponse>;
-    /**
-     * Get session key status
+     * After unlocking, payments can be made without entering PIN.
+     * The decrypted keypair is cached in memory with a TTL.
      *
      * @param sessionKeyId - UUID of the session key
-     * @returns Current status with remaining balance
+     * @param pin - PIN to decrypt the session key
+     * @param cacheTTL - How long to cache (default: 30 minutes)
      *
      * @example
      * ```typescript
-     * const status = await zendfi.sessionKeys.getStatus(sessionKeyId);
+     * // Unlock once
+     * await zendfi.sessionKeys.unlock('uuid', '123456');
      *
-     * console.log(`Active: ${status.is_active}`);
-     * console.log(`Limit: $${status.limit_usdc}`);
-     * console.log(`Used: $${status.used_amount_usdc}`);
-     * console.log(`Remaining: $${status.remaining_usdc}`);
-     * console.log(`Expires in ${status.days_until_expiry} days`);
+     * // Make payments instantly (no PIN!)
+     * await zendfi.sessionKeys.makePayment({...}); // Instant!
+     * await zendfi.sessionKeys.makePayment({...}); // Instant!
      * ```
      */
-    getStatus(sessionKeyId: string): Promise<SessionKeyStatus>;
+    unlock(sessionKeyId: string, pin: string, cacheTTL?: number): Promise<void>;
     /**
-     * List all session keys for the merchant
+     * Make a payment using a session key
+     *
+     * If the session key is unlocked (cached), no PIN is needed.
+     * Otherwise, you must provide the PIN.
      *
-     * @returns List of session keys with stats
+     * @param options - Payment configuration
+     * @returns Payment result with signature
      *
      * @example
      * ```typescript
-     * const { session_keys, stats } = await zendfi.sessionKeys.list();
-     *
-     * console.log(`Total keys: ${stats.total_keys}`);
-     * console.log(`Active: ${stats.active_keys}`);
+     * // With unlocked session key (no PIN)
+     * const result = await zendfi.sessionKeys.makePayment({
+     *   sessionKeyId: 'uuid',
+     *   amount: 5.0,
+     *   recipient: '8xYZA...',
+     *   description: 'Coffee purchase',
+     * });
      *
-     * session_keys.forEach(key => {
-     *   console.log(`${key.session_key_id}: $${key.remaining_usdc} remaining`);
+     * // Or with PIN (one-time)
+     * const result = await zendfi.sessionKeys.makePayment({
+     *   sessionKeyId: 'uuid',
+     *   amount: 5.0,
+     *   recipient: '8xYZA...',
+     *   pin: '123456',
      * });
      * ```
      */
-    list(): Promise<SessionKeyListResponse>;
+    makePayment(options: MakePaymentOptions): Promise<PaymentResult$1>;
     /**
-     * Top up a session key with additional funds
-     *
-     * Returns a transaction that the user must sign to add funds.
+     * Get session key status
      *
      * @param sessionKeyId - UUID of the session key
-     * @param request - Top-up configuration
-     * @returns Top-up transaction to sign
-     *
-     * @example
-     * ```typescript
-     * const topUp = await zendfi.sessionKeys.topUp(sessionKeyId, {
-     *   user_wallet: 'Hx7B...abc',
-     *   amount_usdc: 50,
-     *   device_fingerprint: deviceFingerprint,
-     * });
-     *
-     * console.log(`Adding $${topUp.added_amount}`);
-     * console.log(`New limit will be: $${topUp.new_limit}`);
-     *
-     * // User signs the transaction
-     * const signedTx = await wallet.signTransaction(topUp.top_up_transaction);
-     *
-     * // Submit it
-     * await zendfi.sessionKeys.submitTopUp(sessionKeyId, signedTx);
-     * ```
+     * @returns Current status including balance and expiry
      */
-    topUp(sessionKeyId: string, request: TopUpSessionKeyRequest): Promise<TopUpSessionKeyResponse>;
+    getStatus(sessionKeyId: string): Promise<SessionKeyInfo>;
     /**
      * Revoke a session key
      *
-     * Immediately deactivates the session key. Any remaining funds
-     * are refunded to the user's wallet.
+     * Permanently deactivates the session key. Cannot be undone.
      *
-     * @param sessionKeyId - UUID of the session key
-     * @returns Revocation result with optional refund details
-     *
-     * @example
-     * ```typescript
-     * const result = await zendfi.sessionKeys.revoke(sessionKeyId);
-     *
-     * console.log('Session key revoked');
-     * if (result.refund?.refunded) {
-     *   console.log(`Refunded: ${result.refund.transaction_signature}`);
-     * }
-     * ```
+     * @param sessionKeyId - UUID of the session key to revoke
      */
-    revoke(sessionKeyId: string): Promise<{
-        message: string;
-        session_key_id: string;
-        note: string;
-        refund?: {
-            refunded: boolean;
-            transaction_signature: string;
-            message: string;
-        };
-    }>;
+    revoke(sessionKeyId: string): Promise<void>;
     /**
-     * Link a session key to an AI session for policy enforcement
+     * Recover session key on new device
      *
-     * When linked, payments through this session key will check both:
-     * 1. Session key balance (hard cap)
-     * 2. AI session limits (per-tx, daily, weekly, monthly)
+     * Use this when moving to a new device with a recovery QR code.
      *
-     * This provides defense-in-depth: the session key provides signing
-     * capability while the session enforces granular spending policies.
-     *
-     * @param sessionKeyId - UUID of the session key
-     * @param sessionId - UUID of the AI session to link
-     * @returns Updated session key status
+     * @param options - Recovery configuration
      *
      * @example
      * ```typescript
-     * // Create a session with limits
-     * const session = await zendfi.agent.createSession({
-     *   agent_id: 'shopping-bot',
-     *   user_wallet: userWallet,
-     *   limits: {
-     *     max_per_transaction: 25,
-     *     max_per_day: 100,
-     *   },
-     *   duration_hours: 24,
-     * });
-     *
-     * // Create and fund a session key
-     * const key = await zendfi.sessionKeys.create({
-     *   user_wallet: userWallet,
-     *   limit_usdc: 500,  // Fund with $500
-     *   duration_days: 7,
-     *   device_fingerprint: fp,
+     * await zendfi.sessionKeys.recover({
+     *   sessionKeyId: 'uuid',
+     *   recoveryQR: '{"encryptedSessionKey":"..."}',
+     *   oldPin: '123456',
+     *   newPin: '654321',
      * });
+     * ```
+     */
+    recover(options: {
+        sessionKeyId: string;
+        recoveryQR: string;
+        oldPin: string;
+        newPin: string;
+    }): Promise<void>;
+    /**
+     * Clear cached keypair for a session key
      *
-     * // Link them together
-     * await zendfi.sessionKeys.linkSession(key.session_key_id, session.id);
+     * Use this on logout or when session ends.
      *
-     * // Now payments will:
-     * // - Be limited to $25 per transaction (session policy)
-     * // - Be limited to $100 per day (session policy)
-     * // - Never exceed $500 total (session key balance)
-     * ```
+     * @param sessionKeyId - UUID of the session key (or all if not specified)
      */
-    linkSession(sessionKeyId: string, sessionId: string): Promise<{
-        success: boolean;
-        session_key_id: string;
-        linked_session_id: string;
-        message: string;
-    }>;
+    clearCache(sessionKeyId?: string): void;
     /**
-     * Unlink a session key from its AI session
+     * Check if a session key is cached (unlocked)
      *
-     * After unlinking, the session key will only be limited by its funded balance.
+     * @param sessionKeyId - UUID of the session key
+     * @returns True if keypair is cached and auto-signing is enabled
+     */
+    isCached(sessionKeyId: string): boolean;
+    /**
+     * Get time remaining until cache expires
      *
      * @param sessionKeyId - UUID of the session key
-     * @returns Result of the unlink operation
+     * @returns Milliseconds until cache expires
      */
-    unlinkSession(sessionKeyId: string): Promise<{
-        success: boolean;
-        session_key_id: string;
-        message: string;
-    }>;
+    getCacheTimeRemaining(sessionKeyId: string): number;
     /**
-     * Check if a payment amount is allowed
+     * Extend cache expiry time
      *
-     * Checks both session key balance and linked session limits (if any).
-     * Useful for pre-validating payments before attempting them.
+     * Useful to keep session active during user activity.
      *
      * @param sessionKeyId - UUID of the session key
-     * @param amount - Amount in USD to check
-     * @returns Whether the payment is allowed and the effective limit
-     *
-     * @example
-     * ```typescript
-     * const check = await zendfi.sessionKeys.canAfford(keyId, 50);
+     * @param additionalTTL - Additional time in milliseconds
+     */
+    extendCache(sessionKeyId: string, additionalTTL: number): void;
+    /**
+     * Get all loaded session key IDs
      *
-     * if (check.allowed) {
-     *   await zendfi.smart.execute({ ... });
-     * } else {
-     *   console.log(`Cannot afford: ${check.reason}`);
-     *   console.log(`Effective limit: $${check.effective_limit}`);
-     * }
-     * ```
+     * @returns Array of session key UUIDs currently loaded
      */
-    canAfford(sessionKeyId: string, amount: number): Promise<{
-        allowed: boolean;
-        reason?: string;
-        effective_limit: number;
-        session_key_remaining: number;
-        session_remaining_today?: number;
-    }>;
+    getLoadedSessionKeys(): string[];
 }
 
 /**
@@ -2204,6 +2160,7 @@ declare class DeviceBoundSessionKey {
     private deviceFingerprint;
     private sessionKeyId;
     private recoveryQR;
+    private originalKeypair;
     private cachedKeypair;
     private cacheExpiry;
     private readonly DEFAULT_CACHE_TTL_MS;
@@ -2211,6 +2168,12 @@ declare class DeviceBoundSessionKey {
      * Create a new device-bound session key
      */
     static create(options: DeviceBoundSessionKeyOptions): Promise<DeviceBoundSessionKey>;
+    /**
+     * Get the original keypair (only available immediately after creation)
+     * Used for Lit Protocol encryption during session creation
+     * @internal
+     */
+    getKeypair(): Keypair;
     /**
      * Get encrypted data for backend storage
      */
@@ -2315,230 +2278,6 @@ declare class DeviceBoundSessionKey {
     getSessionKeyId(): string;
 }
 
-/**
- * Device-Bound Session Keys - SDK Integration
- *
- * High-level API for managing non-custodial session keys
- * Integrates with ZendFi backend API
- *
- * @module device-bound-session-keys
- */
-
-interface CreateDeviceBoundSessionKeyRequest {
-    userWallet: string;
-    agentId: string;
-    agentName?: string;
-    limitUsdc: number;
-    durationDays: number;
-    encryptedSessionKey: string;
-    nonce: string;
-    sessionPublicKey: string;
-    deviceFingerprint: string;
-    recoveryQrData?: string;
-}
-interface CreateDeviceBoundSessionKeyResponse {
-    sessionKeyId: string;
-    mode: 'device_bound';
-    isCustodial: false;
-    userWallet: string;
-    agentId: string;
-    agentName?: string;
-    sessionWallet: string;
-    limitUsdc: number;
-    expiresAt: string;
-    requiresClientSigning: true;
-    crossAppCompatible: boolean;
-    securityInfo: {
-        encryptionType: string;
-        deviceBound: boolean;
-        backendCanDecrypt: boolean;
-        recoveryQrSaved: boolean;
-    };
-}
-interface SessionKeyPaymentRequest {
-    amount: number;
-    recipient: string;
-    token?: string;
-    description?: string;
-    pin?: string;
-    enableAutoSign?: boolean;
-}
-declare class ZendFiSessionKeyManager {
-    private baseURL;
-    private apiKey;
-    private sessionKey;
-    private sessionKeyId;
-    constructor(apiKey: string, baseURL?: string);
-    /**
-     * Create a new device-bound session key
-     *
-     * @example
-     * ```typescript
-     * const manager = new ZendFiSessionKeyManager('your-api-key');
-     *
-     * const sessionKey = await manager.createSessionKey({
-     *   userWallet: '7xKNH....',
-     *   agentId: 'shopping-assistant-v1',
-     *   agentName: 'AI Shopping Assistant',
-     *   limitUSDC: 100,
-     *   durationDays: 7,
-     *   pin: '123456',
-     *   generateRecoveryQR: true,
-     * });
-     *
-     * console.log('Session key created:', sessionKey.sessionKeyId);
-     * console.log('Works across all apps with agent:', sessionKey.agentId);
-     * console.log('Recovery QR:', sessionKey.recoveryQR);
-     * ```
-     */
-    createSessionKey(options: {
-        userWallet: string;
-        agentId: string;
-        agentName?: string;
-        limitUSDC: number;
-        durationDays: number;
-        pin: string;
-        generateRecoveryQR?: boolean;
-    }): Promise<{
-        sessionKeyId: string;
-        agentId: string;
-        agentName?: string;
-        sessionWallet: string;
-        expiresAt: string;
-        recoveryQR?: string;
-        limitUsdc: number;
-        crossAppCompatible: boolean;
-    }>;
-    /**
-     * Load an existing session key from backend
-     * Requires PIN to decrypt
-     */
-    loadSessionKey(sessionKeyId: string, pin: string): Promise<void>;
-    /**
-     * Make a payment using the session key
-     *
-     * First payment: Requires PIN to decrypt session key
-     * Subsequent payments: Uses cached keypair (no PIN needed!) ✨
-     *
-     * @example
-     * ```typescript
-     * // First payment: requires PIN
-     * const result1 = await manager.makePayment({
-     *   amount: 5.0,
-     *   recipient: '7xKNH....',
-     *   pin: '123456',
-     *   description: 'Coffee purchase',
-     * });
-     *
-     * // Second payment: NO PIN NEEDED! Instant signing!
-     * const result2 = await manager.makePayment({
-     *   amount: 3.0,
-     *   recipient: '7xKNH....',
-     *   description: 'Donut purchase',
-     * }); // <- No PIN! Uses cached keypair
-     *
-     * console.log('Payment signature:', result2.signature);
-     *
-     * // Disable auto-signing for single payment
-     * const result3 = await manager.makePayment({
-     *   amount: 100.0,
-     *   recipient: '7xKNH....',
-     *   pin: '123456',
-     *   enableAutoSign: false, // Will require PIN every time
-     * });
-     * ```
-     */
-    makePayment(options: SessionKeyPaymentRequest): Promise<{
-        paymentId: string;
-        signature: string;
-        status: string;
-    }>;
-    /**
-     * Recover session key on new device
-     * Requires recovery QR and PIN from original device
-     *
-     * @example
-     * ```typescript
-     * const recovered = await manager.recoverSessionKey({
-     *   sessionKeyId: 'uuid...',
-     *   recoveryQR: '{"encryptedSessionKey":"..."}',
-     *   oldPin: '123456',
-     *   newPin: '654321',
-     * });
-     * ```
-     */
-    recoverSessionKey(options: {
-        sessionKeyId: string;
-        recoveryQR: string;
-        oldPin: string;
-        newPin: string;
-    }): Promise<void>;
-    /**
-     * Revoke session key
-     */
-    revokeSessionKey(sessionKeyId?: string): Promise<void>;
-    /**
-     * Unlock session key with PIN and cache for auto-signing
-     * Call this after creating/loading session key to enable instant payments
-     *
-     * @example
-     * ```typescript
-     * // Create session key
-     * await manager.createSessionKey({...});
-     *
-     * // Unlock with PIN (one-time)
-     * await manager.unlockSessionKey('123456');
-     *
-     * // Now all payments are instant (no PIN!)
-     * await manager.makePayment({amount: 5, ...}); // Instant!
-     * await manager.makePayment({amount: 3, ...}); // Instant!
-     * ```
-     */
-    unlockSessionKey(pin: string, cacheTTL?: number): Promise<void>;
-    /**
-     * Clear cached keypair
-     * Should be called on logout or when session ends
-     *
-     * @example
-     * ```typescript
-     * // Clear on logout
-     * manager.clearCache();
-     *
-     * // Or auto-clear on tab close
-     * window.addEventListener('beforeunload', () => {
-     *   manager.clearCache();
-     * });
-     * ```
-     */
-    clearCache(): void;
-    /**
-     * Check if keypair is cached (auto-signing enabled)
-     */
-    isCached(): boolean;
-    /**
-     * Get time remaining until cache expires (in milliseconds)
-     */
-    getCacheTimeRemaining(): number;
-    /**
-     * Extend cache expiry time
-     * Useful to keep session active during user activity
-     */
-    extendCache(additionalTTL: number): void;
-    /**
-     * Get session key status
-     */
-    getStatus(sessionKeyId?: string): Promise<{
-        isActive: boolean;
-        isApproved: boolean;
-        limitUsdc: number;
-        usedAmountUsdc: number;
-        remainingUsdc: number;
-        expiresAt: string;
-        daysUntilExpiry: number;
-    }>;
-    private request;
-}
-
 /**
  * Lit Protocol PKP Session Identity Module
  *
@@ -3392,12 +3131,11 @@ declare class SessionKeyLifecycle {
     private config;
     private sessionKeyId;
     private sessionWallet;
-    private encryptedKey;
-    private deviceFingerprint;
     constructor(client: ZendFiClient, config?: LifecycleConfig);
     /**
      * Create and fund session key in one call
-     * Handles: keypair generation → encryption → backend registration → funding
+     * Handles: keypair generation → encryption → backend registration
+     * Note: The SDK now handles all crypto internally
      */
     createAndFund(config: CreateAndFundConfig): Promise<{
         sessionKeyId: string;
@@ -3405,17 +3143,28 @@ declare class SessionKeyLifecycle {
     }>;
     /**
      * Make a payment using the session key
-     * Auto-handles caching, PIN prompts, and signing
+     * Uses the new SDK's makePayment which handles caching internally
      */
     pay(amount: number, description: string): Promise<PaymentResult>;
     /**
      * Check session key status
      */
-    getStatus(): Promise<SessionKeyStatus>;
+    getStatus(): Promise<{
+        sessionKeyId: string;
+        isActive: boolean;
+        isApproved: boolean;
+        limitUsdc: number;
+        usedAmountUsdc: number;
+        remainingUsdc: number;
+        expiresAt: string;
+        daysUntilExpiry: number;
+    }>;
     /**
      * Top up session key
+     * @deprecated Device-bound session keys are funded directly by the user.
+     * Use the session wallet address to send funds directly.
      */
-    topUp(amount: number, userWallet: string, onApprovalNeeded?: (tx: string) => Promise<void>): Promise<void>;
+    topUp(_amount: number, _userWallet: string, _onApprovalNeeded?: (tx: string) => Promise<void>): Promise<void>;
     /**
      * Revoke session key
      */
@@ -3432,10 +3181,7 @@ declare class SessionKeyLifecycle {
      * Check if session is active
      */
     isActive(): boolean;
-    private decryptKeypair;
-    private generateDeviceFingerprint;
     private promptForPIN;
-    private getSolanaWeb3;
 }
 /**
  * Quick setup function for common use case
@@ -3625,4 +3371,4 @@ declare class PerformanceMonitor {
     clear(): void;
 }
 
-export { AgentAPI, AgentAnalytics, AgentApiKey, AgentPaymentRequest, AgentPaymentResponse, AgentSession, AnthropicAdapter, ApiError, ApiKeyMode, ApproveEscrowRequest, AuthenticationError, AutonomyAPI, AutonomyStatus, type CachedKeypair, type CheckoutError, type CheckoutTheme, ConfigLoader, ConfirmPaymentIntentRequest, type ConnectedWallet, CreateAgentApiKeyRequest, CreateAgentSessionRequest, type CreateAndFundConfig, type CreateDeviceBoundSessionKeyRequest, type CreateDeviceBoundSessionKeyResponse, CreateEscrowRequest, CreateInstallmentPlanRequest, CreateInvoiceRequest, CreatePaymentIntentRequest, CreatePaymentLinkRequest, CreatePaymentRequest, CreateSessionKeyRequest, CreateSessionKeyResponse, CreateSubscriptionPlanRequest, CreateSubscriptionRequest, type CustomStorageAdapter, DevTools, DeviceBoundSessionKey, type DeviceBoundSessionKeyOptions, DeviceFingerprintGenerator, DisputeEscrowRequest, ERROR_CODES, type EmbeddedCheckoutConfig, EnableAutonomyRequest, EnableAutonomyResponse, type EncryptedSessionKey, type ErrorInterceptor, ErrorRecovery, Escrow, GeminiAdapter, InstallmentPlan, InterceptorManager, type Interceptors, Invoice, type LifecycleConfig, ListPaymentsRequest, LitCryptoSigner, type LitCryptoSignerConfig, type LitNetwork, type MockWallet, NetworkError, OpenAIAdapter, PINRateLimiter, type PINValidationResult, PINValidator, PPPFactor, PaginatedResponse, type ParsedIntent, Payment, PaymentError, PaymentIntent, PaymentIntentEvent, PaymentIntentParser, PaymentIntentsAPI, PaymentLink, type PaymentResult, type PaymentSuccessData, PerformanceMonitor, type PollingOptions, PricingAPI, PricingSuggestion, PricingSuggestionRequest, QuickCaches, RateLimitError, RateLimiter, type RecoveryQR, RecoveryQRGenerator, RefundEscrowRequest, type RequestConfig, type RequestInterceptor, type ResponseData, type ResponseInterceptor, type RetryOptions, RetryStrategy, SPENDING_LIMIT_ACTION_CID, SecureStorage, SessionKeyCache, type SessionKeyCacheConfig, SessionKeyCrypto, SessionKeyLifecycle, SessionKeyListResponse, type SessionKeyPaymentRequest, SessionKeyStatus, SessionKeysAPI, type SignPaymentParams, type SignPaymentResult, SmartPaymentRequest, SmartPaymentResponse, SmartPaymentsAPI, SubmitSignedTransactionRequest, SubmitTransactionResponse, Subscription, SubscriptionPlan, type TestSessionKey, TopUpSessionKeyRequest, TopUpSessionKeyResponse, TransactionMonitor, TransactionPoller, type TransactionStatus, ValidationError, VerifyWebhookRequest, WalletConnector, WebhookError, WebhookPayload, ZendFiClient, ZendFiConfig, ZendFiEmbeddedCheckout, ZendFiError, type ZendFiErrorData, type ZendFiErrorType, ZendFiSessionKeyManager, createWalletHook, createZendFiError, decodeSignatureFromLit, encodeTransactionForLit, generateIdempotencyKey, isZendFiError, requiresLitSigning, setupQuickSessionKey, sleep, verifyExpressWebhook, verifyNextWebhook, verifyWebhookSignature, zendfi };
+export { AgentAPI, AgentAnalytics, AgentApiKey, AgentPaymentRequest, AgentPaymentResponse, AgentSession, AnthropicAdapter, ApiError, ApiKeyMode, ApproveEscrowRequest, AuthenticationError, AutonomyAPI, AutonomyStatus, type CachedKeypair, type CheckoutError, type CheckoutTheme, ConfigLoader, ConfirmPaymentIntentRequest, type ConnectedWallet, CreateAgentApiKeyRequest, CreateAgentSessionRequest, type CreateAndFundConfig, CreateEscrowRequest, CreateInstallmentPlanRequest, CreateInvoiceRequest, CreatePaymentIntentRequest, CreatePaymentLinkRequest, CreatePaymentRequest, CreateSubscriptionPlanRequest, CreateSubscriptionRequest, type CustomStorageAdapter, DevTools, DeviceBoundSessionKey, type DeviceBoundSessionKeyOptions, DeviceFingerprintGenerator, DisputeEscrowRequest, ERROR_CODES, type EmbeddedCheckoutConfig, EnableAutonomyRequest, EnableAutonomyResponse, type EncryptedSessionKey, type ErrorInterceptor, ErrorRecovery, Escrow, GeminiAdapter, InstallmentPlan, InterceptorManager, type Interceptors, Invoice, type LifecycleConfig, ListPaymentsRequest, LitCryptoSigner, type LitCryptoSignerConfig, type LitNetwork, type MockWallet, NetworkError, OpenAIAdapter, PINRateLimiter, type PINValidationResult, PINValidator, PPPFactor, PaginatedResponse, type ParsedIntent, Payment, PaymentError, PaymentIntent, PaymentIntentEvent, PaymentIntentParser, PaymentIntentsAPI, PaymentLink, type PaymentResult, type PaymentSuccessData, PerformanceMonitor, type PollingOptions, PricingAPI, PricingSuggestion, PricingSuggestionRequest, QuickCaches, RateLimitError, RateLimiter, type RecoveryQR, RecoveryQRGenerator, RefundEscrowRequest, type RequestConfig, type RequestInterceptor, type ResponseData, type ResponseInterceptor, type RetryOptions, RetryStrategy, SPENDING_LIMIT_ACTION_CID, SecureStorage, SessionKeyCache, type SessionKeyCacheConfig, SessionKeyCrypto, SessionKeyLifecycle, SessionKeysAPI, type SignPaymentParams, type SignPaymentResult, SmartPaymentRequest, SmartPaymentResponse, SmartPaymentsAPI, Subscription, SubscriptionPlan, type TestSessionKey, TransactionMonitor, TransactionPoller, type TransactionStatus, ValidationError, VerifyWebhookRequest, WalletConnector, WebhookError, WebhookPayload, ZendFiClient, ZendFiConfig, ZendFiEmbeddedCheckout, ZendFiError, type ZendFiErrorData, type ZendFiErrorType, createWalletHook, createZendFiError, decodeSignatureFromLit, encodeTransactionForLit, generateIdempotencyKey, isZendFiError, requiresLitSigning, setupQuickSessionKey, sleep, verifyExpressWebhook, verifyNextWebhook, verifyWebhookSignature, zendfi };