@zeroxyz/sdk 0.12.0 → 0.14.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -6,43 +6,46 @@ import { x402Client } from '@x402/core/client';
6
6
  import { x402HTTPClient, decodePaymentResponseHeader, encodePaymentRequiredHeader } from '@x402/core/http';
7
7
  import { registerExactEvmScheme } from '@x402/evm/exact/client';
8
8
  import { createSIWxClientHook } from '@x402/extensions/sign-in-with-x';
9
- import { wrapFetchWithPayment } from '@x402/fetch';
10
9
  import { Receipt, Challenge } from 'mppx';
11
10
  import { Mppx, tempo } from 'mppx/client';
12
11
  import { createHash } from 'crypto';
13
12
  import { z } from 'zod';
14
13
 
15
14
  // src/auth/managed-account.ts
16
- var createManagedAccount = (client, address) => toAccount({
17
- address,
18
- async signMessage({ message }) {
19
- return await client.auth.signMessage(
20
- { message },
21
- { expectedAddress: address }
22
- );
23
- },
24
- async signTypedData(typedData) {
25
- const td = typedData;
26
- return await client.auth.signTypedData(
27
- {
28
- domain: td.domain,
29
- types: td.types,
30
- primaryType: td.primaryType,
31
- message: td.message
32
- },
33
- { expectedAddress: address }
34
- );
35
- },
36
- async signTransaction(transaction, options) {
37
- const serialize = options?.serializer ?? serializeTransaction;
38
- const unsigned = await serialize(transaction);
39
- const signature = await client.auth.signTransaction(
40
- { unsignedTransaction: unsigned },
41
- { expectedAddress: address }
42
- );
43
- return await serialize(transaction, parseSignature(signature));
44
- }
45
- });
15
+ var createManagedAccount = (client, address, opts = {}) => {
16
+ const signOptions = {
17
+ // expectedAddress pins verification to this adapter's frozen address.
18
+ expectedAddress: address,
19
+ ...opts.explicitWallet ? { walletAddress: address } : {}
20
+ };
21
+ return toAccount({
22
+ address,
23
+ async signMessage({ message }) {
24
+ return await client.auth.signMessage({ message }, signOptions);
25
+ },
26
+ async signTypedData(typedData) {
27
+ const td = typedData;
28
+ return await client.auth.signTypedData(
29
+ {
30
+ domain: td.domain,
31
+ types: td.types,
32
+ primaryType: td.primaryType,
33
+ message: td.message
34
+ },
35
+ signOptions
36
+ );
37
+ },
38
+ async signTransaction(transaction, options) {
39
+ const serialize = options?.serializer ?? serializeTransaction;
40
+ const unsigned = await serialize(transaction);
41
+ const signature = await client.auth.signTransaction(
42
+ { unsignedTransaction: unsigned },
43
+ signOptions
44
+ );
45
+ return await serialize(transaction, parseSignature(signature));
46
+ }
47
+ });
48
+ };
46
49
  var USDC_BASE = "0x833589fcd6edb6e08f4c7c32d4f71b54bda02913";
47
50
  var USDC_TEMPO = "0x20c000000000000000000000b9537d11c60e8b50";
48
51
  var TEMPO_CHAIN_ID = 4217;
@@ -639,12 +642,12 @@ var cancelBody = (response) => {
639
642
  } catch {
640
643
  }
641
644
  };
642
- var resolveAccount = async (client, overrideAccount, signal) => {
645
+ var resolveAccount = async (client, overrideAccount, signal, walletAddress) => {
643
646
  if (overrideAccount) return overrideAccount;
644
647
  const credentials = client.getCredentials();
645
648
  if (credentials.kind === "account") return credentials.account;
646
649
  if (credentials.kind === "session") {
647
- return await client.resolveManagedAccount(signal);
650
+ return await client.resolveManagedAccount(signal, walletAddress);
648
651
  }
649
652
  throw new ZeroAuthError(
650
653
  "auth_no_credentials",
@@ -690,9 +693,13 @@ var Payments = class {
690
693
  const account = await resolveAccount(
691
694
  this.client,
692
695
  input.account,
693
- input.signal
696
+ input.signal,
697
+ input.walletAddress
694
698
  );
695
699
  let capturedAmount = null;
700
+ let pendingAmountUnits = 0n;
701
+ let identityChallengeHandled = false;
702
+ let paidChallengeHandled = false;
696
703
  let capturedNetwork;
697
704
  let preflightError = null;
698
705
  const x402 = registerExactEvmScheme(new x402Client(), { signer: account });
@@ -721,11 +728,25 @@ var Payments = class {
721
728
  };
722
729
  }
723
730
  const rawAmountUnits = BigInt(rawAmount);
724
- capturedAmount = formatUnits(rawAmountUnits, 6);
731
+ pendingAmountUnits = rawAmountUnits;
732
+ const challengeAmount = formatUnits(rawAmountUnits, 6);
733
+ if (rawAmountUnits === 0n) {
734
+ if (identityChallengeHandled || paidChallengeHandled) {
735
+ return {
736
+ abort: true,
737
+ reason: "Only one zero-value identity challenge is allowed, and it must precede payment."
738
+ };
739
+ }
740
+ } else if (paidChallengeHandled) {
741
+ return {
742
+ abort: true,
743
+ reason: "A positive-value x402 payment was already attempted for this fetch; refusing a second charge."
744
+ };
745
+ }
725
746
  if (maxPayUnits !== null && rawAmountUnits > maxPayUnits) {
726
747
  return {
727
748
  abort: true,
728
- reason: `Payment of ${capturedAmount} USDC exceeds maxPay ${input.maxPay}`
749
+ reason: `Payment of ${challengeAmount} USDC exceeds maxPay ${input.maxPay}`
729
750
  };
730
751
  }
731
752
  const detected = networkToChain(capturedNetwork);
@@ -745,9 +766,10 @@ var Payments = class {
745
766
  }
746
767
  if (balance !== null && balance < rawAmountUnits) {
747
768
  const have = formatUnits(balance, 6);
769
+ const requiredAmount = formatUnits(rawAmountUnits, 6);
748
770
  preflightError = new ZeroInsufficientFundsError(
749
- `wallet has ${have} USDC on Base, needs ${capturedAmount}.`,
750
- { have, need: capturedAmount }
771
+ `wallet has ${have} USDC on Base, needs ${requiredAmount}.`,
772
+ { have, need: requiredAmount }
751
773
  );
752
774
  return { abort: true, reason: preflightError.message };
753
775
  }
@@ -758,18 +780,64 @@ var Payments = class {
758
780
  const httpClient = new x402HTTPClient(x402).onPaymentRequired(
759
781
  createSIWxClientHook(account)
760
782
  );
761
- const wrappedFetch = wrapFetchWithPayment(
762
- withSynthesizedX402Header(configuredFetch),
763
- httpClient
764
- );
783
+ const paymentFetch = withSynthesizedX402Header(configuredFetch);
765
784
  let response;
766
785
  try {
767
- response = await wrappedFetch(input.url, {
786
+ const request2 = new Request(input.url, {
768
787
  method: input.method ?? "GET",
769
788
  headers: input.headers,
770
789
  body: input.body,
771
790
  signal: input.signal
772
791
  });
792
+ response = await paymentFetch(request2.clone());
793
+ for (let paymentStage = 0; paymentStage < 2; paymentStage++) {
794
+ if (response.status !== 402) break;
795
+ const parseChallenge = async (challengeResponse) => {
796
+ let body;
797
+ try {
798
+ const text = await challengeResponse.clone().text();
799
+ if (text) body = JSON.parse(text);
800
+ } catch {
801
+ }
802
+ return httpClient.getPaymentRequiredResponse(
803
+ (name) => challengeResponse.headers.get(name),
804
+ body
805
+ );
806
+ };
807
+ let paymentRequired = await parseChallenge(response);
808
+ const hookHeaders = await httpClient.handlePaymentRequired(paymentRequired);
809
+ if (hookHeaders) {
810
+ const hookRequest = request2.clone();
811
+ for (const [key, value] of Object.entries(hookHeaders)) {
812
+ hookRequest.headers.set(key, value);
813
+ }
814
+ response = await paymentFetch(hookRequest);
815
+ if (response.status === 402) {
816
+ paymentRequired = await parseChallenge(response);
817
+ } else {
818
+ break;
819
+ }
820
+ }
821
+ pendingAmountUnits = 0n;
822
+ const paymentPayload = await x402.createPaymentPayload(paymentRequired);
823
+ if (pendingAmountUnits === 0n) {
824
+ identityChallengeHandled = true;
825
+ capturedAmount = "0";
826
+ } else {
827
+ paidChallengeHandled = true;
828
+ capturedAmount = formatUnits(pendingAmountUnits, 6);
829
+ }
830
+ const paymentHeaders = httpClient.encodePaymentSignatureHeader(paymentPayload);
831
+ const paidRequest = request2.clone();
832
+ for (const [key, value] of Object.entries(paymentHeaders)) {
833
+ paidRequest.headers.set(key, value);
834
+ }
835
+ paidRequest.headers.set(
836
+ "Access-Control-Expose-Headers",
837
+ "PAYMENT-RESPONSE,X-PAYMENT-RESPONSE"
838
+ );
839
+ response = await paymentFetch(paidRequest);
840
+ }
773
841
  } catch (err) {
774
842
  if (preflightError) throw preflightError;
775
843
  if (err instanceof ZeroError) throw err;
@@ -825,7 +893,8 @@ var Payments = class {
825
893
  const account = await resolveAccount(
826
894
  this.client,
827
895
  input.account,
828
- input.signal
896
+ input.signal,
897
+ input.walletAddress
829
898
  );
830
899
  const configuredFetch = buildConfiguredFetch(this.client, {
831
900
  timeoutMs: input.timeoutMs
@@ -1336,8 +1405,17 @@ var cancelBody2 = (response) => {
1336
1405
  } catch {
1337
1406
  }
1338
1407
  };
1339
- var detectPaymentRequirement = async (response) => {
1408
+ var detectPaymentRequirement = async (response, preferredProtocol) => {
1340
1409
  if (response.status !== 402) return null;
1410
+ const wwwAuth = response.headers.get("www-authenticate");
1411
+ const advertisesMpp = wwwAuth ? splitWwwAuthenticateChallenges(wwwAuth).some((challenge) => {
1412
+ const scheme = challenge.trim().split(/\s+/)[0]?.toLowerCase() ?? "";
1413
+ return MPP_SCHEME_TOKENS.has(scheme);
1414
+ }) : false;
1415
+ if (preferredProtocol === "mpp") {
1416
+ cancelBody2(response);
1417
+ return advertisesMpp ? { protocol: "mpp", raw: { "www-authenticate": wwwAuth } } : { protocol: "unknown", raw: { requestedProtocol: "mpp" } };
1418
+ }
1341
1419
  const x402Header = response.headers.get("payment-required") ?? response.headers.get("x-payment-required");
1342
1420
  if (x402Header) {
1343
1421
  cancelBody2(response);
@@ -1367,15 +1445,13 @@ var detectPaymentRequirement = async (response) => {
1367
1445
  } catch {
1368
1446
  }
1369
1447
  }
1370
- const wwwAuth = response.headers.get("www-authenticate");
1371
- if (wwwAuth) {
1372
- const schemes = splitWwwAuthenticateChallenges(wwwAuth).map(
1373
- (challenge) => challenge.trim().split(/\s+/)[0]?.toLowerCase() ?? ""
1374
- );
1375
- if (schemes.some((scheme) => MPP_SCHEME_TOKENS.has(scheme))) {
1376
- cancelBody2(response);
1377
- return { protocol: "mpp", raw: { "www-authenticate": wwwAuth } };
1378
- }
1448
+ if (preferredProtocol === "x402") {
1449
+ cancelBody2(response);
1450
+ return { protocol: "unknown", raw: { requestedProtocol: "x402" } };
1451
+ }
1452
+ if (advertisesMpp) {
1453
+ cancelBody2(response);
1454
+ return { protocol: "mpp", raw: { "www-authenticate": wwwAuth } };
1379
1455
  }
1380
1456
  cancelBody2(response);
1381
1457
  return { protocol: "unknown", raw: {} };
@@ -1605,7 +1681,8 @@ var recordErrorFetchRun = async (client, opts, result, capabilityIdOverride) =>
1605
1681
  ...fetchOriginForRecord && { fetchOrigin: fetchOriginForRecord },
1606
1682
  ...result.status !== null && { status: result.status },
1607
1683
  latencyMs: result.latencyMs,
1608
- ...opts.requestSchema && { requestSchema: opts.requestSchema }
1684
+ ...opts.requestSchema && { requestSchema: opts.requestSchema },
1685
+ ...opts.walletAddress && !opts.account && { walletAddress: opts.walletAddress }
1609
1686
  });
1610
1687
  result.runId = created.runId;
1611
1688
  delete result.runTrackingSkipped;
@@ -1700,7 +1777,10 @@ var clientFetch = async (client, url, opts = {}) => {
1700
1777
  return result2;
1701
1778
  }
1702
1779
  if (response.status === 402) {
1703
- const requirement = await detectPaymentRequirement(response);
1780
+ const requirement = await detectPaymentRequirement(
1781
+ response,
1782
+ opts.paymentProtocol
1783
+ );
1704
1784
  if (requirement?.protocol === "x402" || requirement?.protocol === "mpp") {
1705
1785
  const payCall = requirement.protocol === "x402" ? client.payments.pay : client.payments.payMpp;
1706
1786
  try {
@@ -1714,6 +1794,7 @@ var clientFetch = async (client, url, opts = {}) => {
1714
1794
  body: requestBody,
1715
1795
  maxPay: opts.maxPay,
1716
1796
  account: opts.account,
1797
+ ...opts.walletAddress && { walletAddress: opts.walletAddress },
1717
1798
  signal: opts.signal,
1718
1799
  timeoutMs: opts.timeoutMs,
1719
1800
  ...opts.displayCostAmount && {
@@ -1771,7 +1852,7 @@ var clientFetch = async (client, url, opts = {}) => {
1771
1852
  } else if (requirement?.protocol === "unknown") {
1772
1853
  const result2 = errorFetchResult(
1773
1854
  startedAt,
1774
- "Capability returned 402 with an unrecognized payment protocol. Neither x402 nor MPP markers were detected in the response headers or body.",
1855
+ opts.paymentProtocol ? `Capability did not advertise the requested ${opts.paymentProtocol} payment protocol.` : "Capability returned 402 with an unrecognized payment protocol. Neither x402 nor MPP markers were detected in the response headers or body.",
1775
1856
  "unrecognized_402_protocol",
1776
1857
  capabilityIdRequested,
1777
1858
  "payment_failed",
@@ -1886,6 +1967,10 @@ var clientFetch = async (client, url, opts = {}) => {
1886
1967
  ...opts.capabilityId === void 0 ? { fetchOrigin: "direct_url" } : opts.fetchOrigin && { fetchOrigin: opts.fetchOrigin },
1887
1968
  status: response.status,
1888
1969
  latencyMs,
1970
+ // Attribute to the selected wallet in session mode. Skipped when a
1971
+ // per-call `account` override records the run — that account's own
1972
+ // EIP-191 identity is the attribution.
1973
+ ...opts.walletAddress && !opts.account && { walletAddress: opts.walletAddress },
1889
1974
  ...opts.requestSchema && { requestSchema: opts.requestSchema },
1890
1975
  ...derived?.responseSchema && {
1891
1976
  responseSchema: derived.responseSchema
@@ -1951,7 +2036,7 @@ var clientFetch = async (client, url, opts = {}) => {
1951
2036
 
1952
2037
  // package.json
1953
2038
  var package_default = {
1954
- version: "0.12.0"};
2039
+ version: "0.14.0"};
1955
2040
 
1956
2041
  // src/version.ts
1957
2042
  var SDK_VERSION = package_default.version;
@@ -2441,6 +2526,9 @@ var userWalletDtoSchema = z.object({
2441
2526
  walletAddress: z.string(),
2442
2527
  source: z.enum(["self_custody", "privy_embedded"]),
2443
2528
  isPrimary: z.boolean(),
2529
+ // Owner-chosen display name; null/absent = unnamed (show the address).
2530
+ // Optional so the SDK tolerates servers that predate nicknames.
2531
+ nickname: z.string().nullable().optional(),
2444
2532
  linkedAt: z.union([z.string(), z.date()]).nullable().optional(),
2445
2533
  importedAt: z.union([z.string(), z.date()]).nullable().optional(),
2446
2534
  delegationGranted: z.boolean(),
@@ -2658,7 +2746,10 @@ var Auth = class {
2658
2746
  {
2659
2747
  method: "POST",
2660
2748
  path: "/v1/users/me/sign-message",
2661
- body: { message: normalizeMessage(input.message) }
2749
+ body: {
2750
+ message: normalizeMessage(input.message),
2751
+ ...opts.walletAddress ? { walletAddress: opts.walletAddress } : {}
2752
+ }
2662
2753
  },
2663
2754
  signResponseSchema
2664
2755
  );
@@ -2683,7 +2774,10 @@ var Auth = class {
2683
2774
  {
2684
2775
  method: "POST",
2685
2776
  path: "/v1/users/me/sign-transaction",
2686
- body: { unsignedTransaction: input.unsignedTransaction }
2777
+ body: {
2778
+ unsignedTransaction: input.unsignedTransaction,
2779
+ ...opts.walletAddress ? { walletAddress: opts.walletAddress } : {}
2780
+ }
2687
2781
  },
2688
2782
  signResponseSchema
2689
2783
  );
@@ -2722,7 +2816,10 @@ var Auth = class {
2722
2816
  {
2723
2817
  method: "POST",
2724
2818
  path: "/v1/users/me/sign-typed-data",
2725
- body: { typedData: input }
2819
+ body: {
2820
+ typedData: input,
2821
+ ...opts.walletAddress ? { walletAddress: opts.walletAddress } : {}
2822
+ }
2726
2823
  },
2727
2824
  signResponseSchema
2728
2825
  );
@@ -3099,6 +3196,9 @@ var Runs = class {
3099
3196
  if (params.unreviewed !== void 0) query.unreviewed = params.unreviewed;
3100
3197
  if (params.limit !== void 0) query.limit = params.limit;
3101
3198
  if (params.cursor !== void 0) query.cursor = params.cursor;
3199
+ if (params.walletAddress !== void 0) {
3200
+ query.walletAddress = Array.isArray(params.walletAddress) ? params.walletAddress.join(",") : params.walletAddress;
3201
+ }
3102
3202
  return request(
3103
3203
  this.client,
3104
3204
  {
@@ -3234,6 +3334,50 @@ var Wallet = class {
3234
3334
  },
3235
3335
  userWalletDtoSchema
3236
3336
  );
3337
+ // Re-stamp Zero's signing delegation on a profile wallet (default: the
3338
+ // primary). Session-only. Naming a wallet re-authorizes THAT wallet and
3339
+ // never provisions; the server 404s an address not on the profile.
3340
+ reauthorizeDelegation = (opts = {}) => request(
3341
+ this.client,
3342
+ {
3343
+ method: "POST",
3344
+ path: "/v1/users/me/wallets/provision",
3345
+ ...opts.walletAddress ? { body: { walletAddress: opts.walletAddress } } : {},
3346
+ signal: opts.signal
3347
+ },
3348
+ userWalletDtoSchema
3349
+ );
3350
+ // Revoke Zero's signing delegation on a profile wallet (default: the
3351
+ // primary). Session-only. Managed signing on that wallet 403s until it is
3352
+ // re-authorized. Note: this stamps the server-side gate — removing Zero's
3353
+ // signer cryptographically is owner-authorized and happens in the user's
3354
+ // Privy session (the web profile page does both).
3355
+ revokeDelegation = (opts = {}) => request(
3356
+ this.client,
3357
+ {
3358
+ method: "DELETE",
3359
+ path: "/v1/users/me/wallets/delegation",
3360
+ ...opts.walletAddress ? { query: { walletAddress: opts.walletAddress } } : {},
3361
+ signal: opts.signal
3362
+ },
3363
+ userWalletDtoSchema
3364
+ );
3365
+ // Set, change, or clear (null / empty string) the owner-chosen nickname on
3366
+ // a profile wallet. Session-only. Nicknames are private to the
3367
+ // authenticated user — they never appear on reviews or public surfaces.
3368
+ setNickname = (opts) => request(
3369
+ this.client,
3370
+ {
3371
+ method: "PATCH",
3372
+ path: "/v1/users/me/wallets/nickname",
3373
+ body: {
3374
+ walletAddress: opts.walletAddress,
3375
+ nickname: opts.nickname
3376
+ },
3377
+ signal: opts.signal
3378
+ },
3379
+ userWalletDtoSchema
3380
+ );
3237
3381
  // Link an existing self-custody wallet to the session user by private key.
3238
3382
  // Session-only. 409s when the wallet is already linked (to this or another
3239
3383
  // profile — the error message says which).
@@ -3244,7 +3388,8 @@ var Wallet = class {
3244
3388
  path: "/v1/users/me/wallets/import",
3245
3389
  body: {
3246
3390
  privateKey: opts.privateKey,
3247
- ...opts.makePrimary !== void 0 ? { makePrimary: opts.makePrimary } : {}
3391
+ ...opts.makePrimary !== void 0 ? { makePrimary: opts.makePrimary } : {},
3392
+ ...opts.nickname !== void 0 ? { nickname: opts.nickname } : {}
3248
3393
  },
3249
3394
  signal: opts.signal
3250
3395
  },
@@ -3447,6 +3592,9 @@ var ZeroClient = class _ZeroClient {
3447
3592
  managedAccountInFlight = null;
3448
3593
  managedAccountAC = null;
3449
3594
  managedAccountGen = 0;
3595
+ // Explicitly-selected (non-default) managed wallets, keyed by lowercased
3596
+ // address. Same lifecycle as managedAccount: cleared on clearManagedAccount.
3597
+ managedAccountByAddress = /* @__PURE__ */ new Map();
3450
3598
  // Multi-tenant servers calling `client.fetch(url, { account: tenantAccount })`
3451
3599
  // on every request would otherwise construct a new ZeroClient (with
3452
3600
  // five namespace instances) per call. Keyed by lowercased account
@@ -3668,8 +3816,16 @@ var ZeroClient = class _ZeroClient {
3668
3816
  }
3669
3817
  this.withAccountCache.clear();
3670
3818
  };
3671
- /** @internal — used by payments.pay() in session mode. Cached, dedupes concurrent lookups. */
3672
- resolveManagedAccount = (signal) => {
3819
+ /**
3820
+ * @internal — used by payments.pay() in session mode. Cached, dedupes
3821
+ * concurrent lookups. Pass `walletAddress` to sign as a specific profile
3822
+ * wallet instead of the primary; explicit wallets are cached per address
3823
+ * and their sign requests carry the address so intent and signer agree.
3824
+ */
3825
+ resolveManagedAccount = (signal, walletAddress) => {
3826
+ if (walletAddress) {
3827
+ return this.resolveManagedAccountByAddress(walletAddress, signal);
3828
+ }
3673
3829
  if (this.managedAccount) return Promise.resolve(this.managedAccount);
3674
3830
  if (this.managedAccountInFlight) {
3675
3831
  return this.raceWithSignal(this.managedAccountInFlight, signal);
@@ -3711,6 +3867,42 @@ var ZeroClient = class _ZeroClient {
3711
3867
  });
3712
3868
  return this.raceWithSignal(this.managedAccountInFlight, signal);
3713
3869
  };
3870
+ // Explicit-wallet variant of resolveManagedAccount. No in-flight dedupe:
3871
+ // this is the rare path (per-wallet pay), the resolution is idempotent, and
3872
+ // the per-address cache absorbs repeat calls.
3873
+ resolveManagedAccountByAddress = async (walletAddress, signal) => {
3874
+ if (this.credentials.kind !== "session") {
3875
+ throw new ZeroAuthError(
3876
+ "auth_no_credentials",
3877
+ "resolveManagedAccount() requires session credentials."
3878
+ );
3879
+ }
3880
+ const canonical = getAddress(walletAddress);
3881
+ const cached = this.managedAccountByAddress.get(canonical.toLowerCase());
3882
+ if (cached) return cached;
3883
+ const startedAtGen = this.managedAccountGen;
3884
+ const wallets = await this.auth.wallets({ signal });
3885
+ const match = wallets.find(
3886
+ (w) => w.walletAddress.toLowerCase() === canonical.toLowerCase()
3887
+ );
3888
+ if (!match || match.source !== "privy_embedded") {
3889
+ throw new ZeroAuthError(
3890
+ "auth_error",
3891
+ `Wallet ${canonical} is not a Privy-embedded wallet on this profile. Managed signing can only use profile wallets (see client.wallet.list()).`
3892
+ );
3893
+ }
3894
+ if (this.managedAccountGen !== startedAtGen) {
3895
+ throw new ZeroAuthError(
3896
+ "auth_session_expired",
3897
+ "Session cleared during managed-account resolution. Retry to rebuild against the current session."
3898
+ );
3899
+ }
3900
+ const acc = createManagedAccount(this, canonical, {
3901
+ explicitWallet: true
3902
+ });
3903
+ this.managedAccountByAddress.set(canonical.toLowerCase(), acc);
3904
+ return acc;
3905
+ };
3714
3906
  // Per-caller signal gate: each caller can reject on their own abort
3715
3907
  // without cancelling the shared underlying promise.
3716
3908
  raceWithSignal = (p, signal) => {
@@ -3741,6 +3933,7 @@ var ZeroClient = class _ZeroClient {
3741
3933
  this.managedAccountAC?.abort();
3742
3934
  this.managedAccountInFlight = null;
3743
3935
  this.managedAccountAC = null;
3936
+ this.managedAccountByAddress.clear();
3744
3937
  this.managedAccountGen++;
3745
3938
  };
3746
3939
  /** @internal — Read cached managed account without triggering resolution. */
@@ -3794,5 +3987,5 @@ var ZeroClient = class _ZeroClient {
3794
3987
  };
3795
3988
 
3796
3989
  export { Auth, AuthAgent, AuthDevice, BUG_REPORT_CATEGORIES, BugReports, Capabilities, DEFAULT_BASE_URL, DEFAULT_MAX_RETRIES, DEFAULT_TIMEOUT_MS, FETCH_SKIP_REASONS, FETCH_WARNINGS, Payments, Runs, SDK_VERSION, TEMPO_CHAIN_ID2 as TEMPO_CHAIN_ID, TEMPO_TESTNET_CHAIN_ID, USDC_BASE, USDC_DECIMALS, USDC_TEMPO, Wallet, ZeroAgentAuthError, ZeroApiError, ZeroAuthError, ZeroClient, ZeroConfigurationError, ZeroError, ZeroPaymentError, ZeroSessionCloseFailedError, ZeroTimeoutError, ZeroValidationError, ZeroWalletError, asSchemaNode, coerceTempoChainId, createManagedAccount, extractInputEnvelope, isShortToken, normalizeTransportEnvelopeRequest, paymentHasAnchor, tempoChainLabelFromId, unwrapTransportEnvelope };
3797
- //# sourceMappingURL=chunk-KDWESC42.js.map
3798
- //# sourceMappingURL=chunk-KDWESC42.js.map
3990
+ //# sourceMappingURL=chunk-FWHVWIO2.js.map
3991
+ //# sourceMappingURL=chunk-FWHVWIO2.js.map