@zyfai/sdk 0.1.13 → 0.1.15

package/README.md

@@ -40,8 +40,7 @@ pnpm add @zyfai/sdk viem
 import { ZyfaiSDK } from "@zyfai/sdk";
 
 const sdk = new ZyfaiSDK({
-  apiKey: "your-execution-api-key", // Execution API (transactions, Safe deployment)
-  dataApiKey: "your-data-api-key", // Data API (analytics, earnings, opportunities)
+  apiKey: "your-api-key", // API key for both Execution API and Data API
   bundlerApiKey: "your-bundler-api-key", // Required for Safe deployment
   environment: "production", // or 'staging' (default: 'production')
 });
@@ -49,12 +48,11 @@ const sdk = new ZyfaiSDK({
 
 **Configuration Options:**
 
-| Option          | Required | Description                                                                                     |
-| --------------- | -------- | ----------------------------------------------------------------------------------------------- |
-| `apiKey`        | Yes      | API key for Execution API (Safe deployment, transactions, session keys)                         |
-| `dataApiKey`    | No       | API key for Data API (earnings, opportunities, analytics). Defaults to `apiKey` if not provided |
-| `bundlerApiKey` | No\*     | Pimlico API key for Safe deployment (\*required for `deploySafe`)                               |
-| `environment`   | No       | `"production"` or `"staging"` (default: `"production"`)                                         |
+| Option          | Required | Description                                                                                          |
+| --------------- | -------- | ---------------------------------------------------------------------------------------------------- |
+| `apiKey`        | Yes      | API key for both Execution API and Data API (Safe deployment, transactions, session keys, analytics) |
+| `bundlerApiKey` | No\*     | Pimlico API key for Safe deployment (\*required for `deploySafe`)                                    |
+| `environment`   | No       | `"production"` or `"staging"` (default: `"production"`)                                              |
 
 **API Endpoints by Environment:**
 
@@ -69,7 +67,7 @@ The SDK accepts either a private key or a modern wallet provider. **The SDK auto
 
 ```typescript
 // Option 1: With private key (chainId required)
-await sdk.connectAccount("0x...", 42161);
+await sdk.connectAccount("0x...", 8453);
 
 // Option 2: With wallet provider (chainId optional - uses provider's chain)
 const provider = await connector.getProvider();
@@ -81,7 +79,7 @@ await sdk.connectAccount(provider); // Automatically uses provider's current cha
 
 // Now call methods with explicit user addresses
 const userAddress = "0xUser...";
-await sdk.deploySafe(userAddress, 42161);
+await sdk.deploySafe(userAddress, 8453);
 ```
 
 **Note:**
@@ -116,12 +114,12 @@ Deploy a Safe smart wallet:
 const userAddress = "0xUser..."; // User's EOA address
 
 // Get the deterministic Safe address (before deployment)
-const walletInfo = await sdk.getSmartWalletAddress(userAddress, 42161);
+const walletInfo = await sdk.getSmartWalletAddress(userAddress, 8453);
 console.log("Safe Address:", walletInfo.address);
 console.log("Is Deployed:", walletInfo.isDeployed);
 
 // Deploy the Safe (automatically checks if already deployed)
-const result = await sdk.deploySafe(userAddress, 42161);
+const result = await sdk.deploySafe(userAddress, 8453);
 
 if (result.success) {
   console.log("Safe Address:", result.safeAddress);
@@ -157,9 +155,9 @@ const chains = getSupportedChainIds();
 console.log("Supported chains:", chains);
 
 // Check if a chain is supported
-if (isSupportedChain(42161)) {
+if (isSupportedChain(8453)) {
   const userAddress = "0xUser...";
-  const result = await sdk.deploySafe(userAddress, 42161); // Arbitrum
+  const result = await sdk.deploySafe(userAddress, 8453); // Base
 }
 ```
 
@@ -192,7 +190,7 @@ Connect account for signing transactions and authenticate via SIWE. Accepts eith
 - `chainId`: Target chain ID
   - **Required** for private key
   - **Optional** for wallet providers (auto-detects from provider)
-  - Default: 42161 (Arbitrum)
+  - Default: 8453 (Base)
 
 **Returns:** Connected wallet address
 
@@ -206,7 +204,7 @@ Connect account for signing transactions and authenticate via SIWE. Accepts eith
 
 ```typescript
 // With private key (chainId required)
-await sdk.connectAccount("0x...", 42161);
+await sdk.connectAccount("0x...", 8453);
 
 // With wallet provider (chainId optional)
 const provider = await connector.getProvider();
@@ -307,7 +305,7 @@ The SDK automatically fetches optimal session configuration from ZyFAI API:
 // 5. Signs the session key
 // 6. Calls /session-keys/add so the session becomes active immediately
 
-const result = await sdk.createSessionKey(userAddress, 42161);
+const result = await sdk.createSessionKey(userAddress, 8453);
 
 // Check if session key already existed
 if (result.alreadyActive) {
@@ -332,11 +330,11 @@ console.log("User ID:", result.userId);
 Transfer tokens to your Safe smart wallet:
 
 ```typescript
-// Deposit 100 USDC (6 decimals) to Safe on Arbitrum
+// Deposit 100 USDC (6 decimals) to Safe on Base
 const result = await sdk.depositFunds(
   userAddress,
-  42161, // Chain ID
-  "0xaf88d065e77c8cc2239327c5edb3a432268e5831", // USDC on Arbitrum
+  8453, // Chain ID
+  "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913", // USDC on Base
   "100000000" // Amount: 100 USDC = 100 * 10^6
 );
 
@@ -355,12 +353,12 @@ Initiate a withdrawal from your Safe. **Note: Withdrawals are processed asynchro
 
 ```typescript
 // Full withdrawal
-const result = await sdk.withdrawFunds(userAddress, 42161);
+const result = await sdk.withdrawFunds(userAddress, 8453);
 
 // Partial withdrawal of 50 USDC (6 decimals)
 const result = await sdk.withdrawFunds(
   userAddress,
-  42161,
+  8453,
   "50000000", // Amount: 50 USDC = 50 * 10^6
   "0xReceiverAddress" // Optional: receiver address
 );
@@ -389,7 +387,7 @@ if (result.success) {
 Retrieve all available DeFi protocols and pools for a specific chain:
 
 ```typescript
-const protocols = await sdk.getAvailableProtocols(42161);
+const protocols = await sdk.getAvailableProtocols(8453);
 
 console.log(`Found ${protocols.protocols.length} protocols`);
 protocols.protocols.forEach((protocol) => {
@@ -626,7 +624,7 @@ pnpm tsx examples/end-to-end.ts
 
 ## Complete Examples
 
-### Example 1: Deploy Safe on Arbitrum
+### Example 1: Deploy Safe on Base
 
 ```typescript
 import { ZyfaiSDK } from "@zyfai/sdk";
@@ -638,12 +636,12 @@ async function main() {
   });
 
   // Connect account (automatically authenticates via SIWE)
-  await sdk.connectAccount(process.env.PRIVATE_KEY!, 42161);
+  await sdk.connectAccount(process.env.PRIVATE_KEY!, 8453);
 
   const userAddress = "0xUser..."; // User's EOA address
 
   // Check if Safe already exists
-  const walletInfo = await sdk.getSmartWalletAddress(userAddress, 42161);
+  const walletInfo = await sdk.getSmartWalletAddress(userAddress, 8453);
 
   if (walletInfo.isDeployed) {
     console.log("Safe already deployed at:", walletInfo.address);
@@ -651,7 +649,7 @@ async function main() {
   }
 
   // Deploy Safe
-  const result = await sdk.deploySafe(userAddress, 42161);
+  const result = await sdk.deploySafe(userAddress, 8453);
 
   if (result.success) {
     console.log("✅ Successfully deployed Safe");
@@ -692,7 +690,7 @@ function SafeDeployment() {
       console.log("Connected and authenticated:", address);
 
       // Get Safe address for this user
-      const walletInfo = await sdk.getSmartWalletAddress(address, 42161);
+      const walletInfo = await sdk.getSmartWalletAddress(address, 8453);
       setSafeAddress(walletInfo.address);
     } catch (error) {
       console.error("Connection failed:", error);
@@ -704,7 +702,7 @@ function SafeDeployment() {
 
     setIsDeploying(true);
     try {
-      const result = await sdk.deploySafe(userAddress, 42161);
+      const result = await sdk.deploySafe(userAddress, 8453);
       if (result.success) {
         alert(`Safe deployed at ${result.safeAddress}`);
       }
@@ -761,7 +759,7 @@ The SDK is built on top of:
 ```typescript
 try {
   const userAddress = "0xUser...";
-  const result = await sdk.deploySafe(userAddress, 42161);
+  const result = await sdk.deploySafe(userAddress, 8453);
   if (!result.success) {
     console.error("Deployment failed:", result.status);
   }
@@ -786,12 +784,8 @@ try {
 For running the examples, set up the following environment variables:
 
 ```bash
-# Required: Execution API key (Safe deployment, transactions, session keys)
-ZYFAI_API_KEY=your-execution-api-key
-
-# Optional: Data API key (earnings, opportunities, analytics)
-# Falls back to ZYFAI_API_KEY if not provided
-ZYFAI_DATA_API_KEY=your-data-api-key
+# Required: API key for both Execution API and Data API
+ZYFAI_API_KEY=your-api-key
 
 # Required for Safe deployment: Bundler API key (e.g., Pimlico)
 BUNDLER_API_KEY=your-pimlico-api-key

package/dist/index.d.mts

@@ -7,10 +7,8 @@ type Address = `0x${string}`;
 type Hex = `0x${string}`;
 type Environment = "staging" | "production";
 interface SDKConfig {
-    /** API key for the Execution API */
+    /** API key for both Execution API and Data API */
     apiKey: string;
-    /** API key for the Data API - defaults to apiKey if not provided */
-    dataApiKey?: string;
     /** Environment: 'staging' or 'production' (default: 'production') */
     environment?: Environment;
     /** Bundler API key for Safe deployment (e.g., Pimlico) */
@@ -437,7 +435,7 @@ declare class ZyfaiSDK {
      * ```typescript
      * await sdk.updateUserProfile({
      *   smartWallet: "0x1396730...",
-     *   chains: [8453, 42161],
+     *   chains: [8453],
      * });
      * ```
      */
@@ -468,7 +466,7 @@ declare class ZyfaiSDK {
      * Accepts either a private key string or a modern wallet provider
      *
      * @param account - Private key string or wallet provider object
-     * @param chainId - Target chain ID (default: 42161 - Arbitrum)
+     * @param chainId - Target chain ID (default: 8453 - Base)
      * @returns The connected EOA address
      *
      * @example
@@ -563,10 +561,10 @@ declare class ZyfaiSDK {
      *
      * @example
      * ```typescript
-     * // Deposit 100 USDC (6 decimals) to Safe on Arbitrum
+     * // Deposit 100 USDC (6 decimals) to Safe on Base
      * const result = await sdk.depositFunds(
      *   "0xUser...",
-     *   42161,
+     *   8453,
      *   "0xaf88d065e77c8cc2239327c5edb3a432268e5831", // USDC
      *   "100000000" // 100 USDC = 100 * 10^6
      * );
@@ -587,13 +585,13 @@ declare class ZyfaiSDK {
      * @example
      * ```typescript
      * // Full withdrawal
-     * const result = await sdk.withdrawFunds("0xUser...", 42161);
+     * const result = await sdk.withdrawFunds("0xUser...", 8453);
      * console.log(result.message); // "Withdrawal request sent"
      *
      * // Partial withdrawal of 50 USDC (6 decimals)
      * const result = await sdk.withdrawFunds(
      *   "0xUser...",
-     *   42161,
+     *   8453,
      *   "50000000", // 50 USDC = 50 * 10^6
      *   "0xReceiver..."
      * );
@@ -608,7 +606,7 @@ declare class ZyfaiSDK {
      *
      * @example
      * ```typescript
-     * const protocols = await sdk.getAvailableProtocols(42161);
+     * const protocols = await sdk.getAvailableProtocols(8453);
      * protocols.forEach(protocol => {
      *   console.log(`${protocol.name}: ${protocol.minApy}% - ${protocol.maxApy}% APY`);
      * });
@@ -628,7 +626,7 @@ declare class ZyfaiSDK {
      * const positions = await sdk.getPositions(userAddress);
      *
      * // Get positions on a specific chain
-     * const arbPositions = await sdk.getPositions(userAddress, 42161);
+     * const basePositions = await sdk.getPositions(userAddress, 8453);
      * ```
      */
     getPositions(userAddress: string, chainId?: SupportedChainId): Promise<PositionsResponse>;

package/dist/index.d.ts

@@ -7,10 +7,8 @@ type Address = `0x${string}`;
 type Hex = `0x${string}`;
 type Environment = "staging" | "production";
 interface SDKConfig {
-    /** API key for the Execution API */
+    /** API key for both Execution API and Data API */
     apiKey: string;
-    /** API key for the Data API - defaults to apiKey if not provided */
-    dataApiKey?: string;
     /** Environment: 'staging' or 'production' (default: 'production') */
     environment?: Environment;
     /** Bundler API key for Safe deployment (e.g., Pimlico) */
@@ -437,7 +435,7 @@ declare class ZyfaiSDK {
      * ```typescript
      * await sdk.updateUserProfile({
      *   smartWallet: "0x1396730...",
-     *   chains: [8453, 42161],
+     *   chains: [8453],
      * });
      * ```
      */
@@ -468,7 +466,7 @@ declare class ZyfaiSDK {
      * Accepts either a private key string or a modern wallet provider
      *
      * @param account - Private key string or wallet provider object
-     * @param chainId - Target chain ID (default: 42161 - Arbitrum)
+     * @param chainId - Target chain ID (default: 8453 - Base)
      * @returns The connected EOA address
      *
      * @example
@@ -563,10 +561,10 @@ declare class ZyfaiSDK {
      *
      * @example
      * ```typescript
-     * // Deposit 100 USDC (6 decimals) to Safe on Arbitrum
+     * // Deposit 100 USDC (6 decimals) to Safe on Base
      * const result = await sdk.depositFunds(
      *   "0xUser...",
-     *   42161,
+     *   8453,
      *   "0xaf88d065e77c8cc2239327c5edb3a432268e5831", // USDC
      *   "100000000" // 100 USDC = 100 * 10^6
      * );
@@ -587,13 +585,13 @@ declare class ZyfaiSDK {
      * @example
      * ```typescript
      * // Full withdrawal
-     * const result = await sdk.withdrawFunds("0xUser...", 42161);
+     * const result = await sdk.withdrawFunds("0xUser...", 8453);
      * console.log(result.message); // "Withdrawal request sent"
      *
      * // Partial withdrawal of 50 USDC (6 decimals)
      * const result = await sdk.withdrawFunds(
      *   "0xUser...",
-     *   42161,
+     *   8453,
      *   "50000000", // 50 USDC = 50 * 10^6
      *   "0xReceiver..."
      * );
@@ -608,7 +606,7 @@ declare class ZyfaiSDK {
      *
      * @example
      * ```typescript
-     * const protocols = await sdk.getAvailableProtocols(42161);
+     * const protocols = await sdk.getAvailableProtocols(8453);
      * protocols.forEach(protocol => {
      *   console.log(`${protocol.name}: ${protocol.minApy}% - ${protocol.maxApy}% APY`);
      * });
@@ -628,7 +626,7 @@ declare class ZyfaiSDK {
      * const positions = await sdk.getPositions(userAddress);
      *
      * // Get positions on a specific chain
-     * const arbPositions = await sdk.getPositions(userAddress, 42161);
+     * const basePositions = await sdk.getPositions(userAddress, 8453);
      * ```
      */
     getPositions(userAddress: string, chainId?: SupportedChainId): Promise<PositionsResponse>;

package/dist/index.js

@@ -102,14 +102,12 @@ var HttpClient = class {
   /**
    * Create HTTP client for both Execution API and Data API
    *
-   * @param apiKey - API key for Execution API
+   * @param apiKey - API key for both Execution API and Data API
    * @param environment - 'staging' or 'production'
-   * @param dataApiKey - API key for Data API - defaults to apiKey
    */
-  constructor(apiKey, environment = "production", dataApiKey) {
+  constructor(apiKey, environment = "production") {
     this.authToken = null;
     this.apiKey = apiKey;
-    this.dataApiKey = dataApiKey || apiKey;
     this.environment = environment;
     const endpoint = API_ENDPOINTS[environment];
     const parsedUrl = new URL(endpoint);
@@ -128,7 +126,7 @@ var HttpClient = class {
       baseURL: `${dataEndpoint}${DATA_API_VERSION}`,
       headers: {
         "Content-Type": "application/json",
-        "X-API-Key": this.dataApiKey
+        "X-API-Key": this.apiKey
       },
       timeout: 3e4
     });
@@ -227,7 +225,7 @@ var HttpClient = class {
     const fullUrl = `${DATA_API_ENDPOINTS[this.environment]}${path}`;
     const headers = {
       "Content-Type": "application/json",
-      "X-API-Key": this.dataApiKey,
+      "X-API-Key": this.apiKey,
       ...config?.headers
     };
     if (this.authToken) {
@@ -243,7 +241,7 @@ var HttpClient = class {
   setupDataInterceptors() {
     this.dataClient.interceptors.request.use(
       (config) => {
-        config.headers["X-API-Key"] = this.dataApiKey;
+        config.headers["X-API-Key"] = this.apiKey;
         if (this.authToken) {
           config.headers["Authorization"] = `Bearer ${this.authToken}`;
         }
@@ -476,10 +474,30 @@ var getSafeAccount = async (config) => {
     threshold: 1
   });
   const saltHex = (0, import_viem3.fromHex)((0, import_viem3.toHex)(effectiveSalt), "bigint");
+  const signer = {
+    ...owner.account,
+    address: signerAddress,
+    // Override with the signer address at top level
+    signMessage: async (message) => {
+      if (typeof message === "string") {
+        return await owner.signMessage({
+          account: owner.account,
+          message
+        });
+      } else {
+        return await owner.signMessage({
+          account: owner.account,
+          message: {
+            raw: message.raw
+          }
+        });
+      }
+    }
+  };
   const safeAccount = await (0, import_accounts.toSafeSmartAccount)({
     client: publicClient,
-    owners: [owner],
-    // Pass the owner object with address and signMessage capability
+    owners: [signer],
+    // Pass the signer object with address at top level and signMessage capability
     version: "1.4.1",
     entryPoint: {
       address: import_account_abstraction.entryPoint07Address,
@@ -612,7 +630,7 @@ var deploySafeAccount = async (config) => {
     );
   }
 };
-var signSessionKey = async (config, sessions, allPublicClients) => {
+var signSessionKey = async (config, sessions, allPublicClients, signingParams) => {
   const { owner, publicClient } = config;
   if (!owner || !owner.account) {
     throw new Error("Wallet not connected. Please connect your wallet first.");
@@ -640,8 +658,9 @@ var signSessionKey = async (config, sessions, allPublicClients) => {
     sessions,
     account,
     clients,
-    permitGenericPolicy: true,
-    sessionNonces
+    permitGenericPolicy: signingParams?.permitGenericPolicy ?? true,
+    sessionNonces,
+    ignoreSecurityAttestations: signingParams?.ignoreSecurityAttestations ?? false
   });
   const signature = await owner.signMessage({
     account: owner.account,
@@ -670,12 +689,12 @@ var ZyfaiSDK = class {
     // Store reference to current provider for event handling
     this.currentChainId = null;
     const sdkConfig = typeof config === "string" ? { apiKey: config } : config;
-    const { apiKey, dataApiKey, environment, bundlerApiKey } = sdkConfig;
+    const { apiKey, environment, bundlerApiKey } = sdkConfig;
     if (!apiKey) {
       throw new Error("API key is required");
     }
     this.environment = environment || "production";
-    this.httpClient = new HttpClient(apiKey, this.environment, dataApiKey);
+    this.httpClient = new HttpClient(apiKey, this.environment);
     this.bundlerApiKey = bundlerApiKey;
   }
   /**
@@ -697,6 +716,7 @@ var ZyfaiSDK = class {
       let uri;
       let domain;
       const globalWindow = typeof globalThis !== "undefined" ? globalThis.window : void 0;
+      const isNodeJs = !globalWindow?.location?.origin;
       if (globalWindow?.location?.origin) {
         uri = globalWindow.location.origin;
         domain = globalWindow.location.host;
@@ -724,7 +744,13 @@ var ZyfaiSDK = class {
         {
           message: messageObj,
           signature
-        }
+        },
+        // Set Origin header in Node.js to match message.uri (required by backend validation)
+        isNodeJs ? {
+          headers: {
+            Origin: uri
+          }
+        } : void 0
       );
       const authToken = loginResponse.accessToken;
       if (!authToken) {
@@ -750,7 +776,7 @@ var ZyfaiSDK = class {
    * ```typescript
    * await sdk.updateUserProfile({
    *   smartWallet: "0x1396730...",
-   *   chains: [8453, 42161],
+   *   chains: [8453],
    * });
    * ```
    */
@@ -827,7 +853,7 @@ var ZyfaiSDK = class {
     this.httpClient.clearAuthToken();
     if (this.walletClient && this.currentProvider) {
       const chainConfig = getChainConfig(
-        this.walletClient.chain?.id || 42161
+        this.walletClient.chain?.id || 8453
       );
       this.walletClient = (0, import_viem4.createWalletClient)({
         account: newAddress,
@@ -850,7 +876,7 @@ var ZyfaiSDK = class {
    * Accepts either a private key string or a modern wallet provider
    *
    * @param account - Private key string or wallet provider object
-   * @param chainId - Target chain ID (default: 42161 - Arbitrum)
+   * @param chainId - Target chain ID (default: 8453 - Base)
    * @returns The connected EOA address
    *
    * @example
@@ -862,7 +888,7 @@ var ZyfaiSDK = class {
    * const provider = await connector.getProvider();
    * await sdk.connectAccount(provider);
    */
-  async connectAccount(account, chainId = 42161) {
+  async connectAccount(account, chainId = 8453) {
     if (!isSupportedChain(chainId)) {
       throw new Error(`Unsupported chain ID: ${chainId}`);
     }
@@ -1146,9 +1172,10 @@ var ZyfaiSDK = class {
           alreadyActive: true
         };
       }
-      const sessionConfig = await this.httpClient.get(
+      const sessionConfigResponse = await this.httpClient.get(
         ENDPOINTS.SESSION_KEYS_CONFIG
       );
+      const sessionConfig = Array.isArray(sessionConfigResponse) ? sessionConfigResponse : sessionConfigResponse.sessions;
       if (!sessionConfig || sessionConfig.length === 0) {
         throw new Error("No session configuration available from API");
       }
@@ -1156,16 +1183,37 @@ var ZyfaiSDK = class {
         ...session,
         chainId: BigInt(session.chainId)
       }));
+      const DEFAULT_ACTION_TARGET = "0x0000000000000000000000000000000000000001";
+      const DEFAULT_ACTION_SELECTOR = "0x00000001";
+      const permitGenericPolicy = sessionConfig.some(
+        (session) => session.actions?.some(
+          (action) => action.actionTarget === DEFAULT_ACTION_TARGET && action.actionTargetSelector === DEFAULT_ACTION_SELECTOR
+        )
+      );
+      const chainConfig = getChainConfig(chainId);
+      const accountType = await getAccountType(
+        userAddress,
+        chainConfig.publicClient
+      );
+      const signingParams = {
+        permitGenericPolicy,
+        ignoreSecurityAttestations: accountType === "Safe"
+      };
       const signatureResult = await this.signSessionKey(
         userAddress,
         chainId,
-        sessions
+        sessions,
+        signingParams
       );
       if (!signatureResult.signature) {
         throw new Error("Failed to obtain session key signature");
       }
       await this.updateUserProtocols(chainId);
+      const signer = sessions[0].sessionValidator;
+      console.log("Session validator:", signer);
       const activation = await this.activateSessionKey(
+        signer || "0x2483DA3A338895199E5e538530213157e931Bf06",
+        // TODO: This is a temporary fix to avoid the session validator being null
         signatureResult.signature,
         signatureResult.sessionNonces
       );
@@ -1185,7 +1233,7 @@ var ZyfaiSDK = class {
    * Internal method to sign session key
    * @private
    */
-  async signSessionKey(userAddress, chainId, sessions) {
+  async signSessionKey(userAddress, chainId, sessions, signingParams) {
     try {
       if (!userAddress) {
         throw new Error("User address is required");
@@ -1220,7 +1268,8 @@ var ZyfaiSDK = class {
           environment: this.environment
         },
         sessions,
-        allPublicClients
+        allPublicClients,
+        signingParams
       );
       const safeAddress = await getDeterministicSafeAddress({
         owner: walletClient,
@@ -1267,9 +1316,10 @@ var ZyfaiSDK = class {
   /**
    * Activate session key via ZyFAI API
    */
-  async activateSessionKey(signature, sessionNonces) {
+  async activateSessionKey(signer, signature, sessionNonces) {
     const nonces = this.normalizeSessionNonces(sessionNonces);
     const payload = {
+      signer,
       hash: signature,
       nonces
     };
@@ -1307,10 +1357,10 @@ var ZyfaiSDK = class {
    *
    * @example
    * ```typescript
-   * // Deposit 100 USDC (6 decimals) to Safe on Arbitrum
+   * // Deposit 100 USDC (6 decimals) to Safe on Base
    * const result = await sdk.depositFunds(
    *   "0xUser...",
-   *   42161,
+   *   8453,
    *   "0xaf88d065e77c8cc2239327c5edb3a432268e5831", // USDC
    *   "100000000" // 100 USDC = 100 * 10^6
    * );
@@ -1388,13 +1438,13 @@ var ZyfaiSDK = class {
    * @example
    * ```typescript
    * // Full withdrawal
-   * const result = await sdk.withdrawFunds("0xUser...", 42161);
+   * const result = await sdk.withdrawFunds("0xUser...", 8453);
    * console.log(result.message); // "Withdrawal request sent"
    *
    * // Partial withdrawal of 50 USDC (6 decimals)
    * const result = await sdk.withdrawFunds(
    *   "0xUser...",
-   *   42161,
+   *   8453,
    *   "50000000", // 50 USDC = 50 * 10^6
    *   "0xReceiver..."
    * );
@@ -1480,7 +1530,7 @@ var ZyfaiSDK = class {
    *
    * @example
    * ```typescript
-   * const protocols = await sdk.getAvailableProtocols(42161);
+   * const protocols = await sdk.getAvailableProtocols(8453);
    * protocols.forEach(protocol => {
    *   console.log(`${protocol.name}: ${protocol.minApy}% - ${protocol.maxApy}% APY`);
    * });
@@ -1518,7 +1568,7 @@ var ZyfaiSDK = class {
    * const positions = await sdk.getPositions(userAddress);
    *
    * // Get positions on a specific chain
-   * const arbPositions = await sdk.getPositions(userAddress, 42161);
+   * const basePositions = await sdk.getPositions(userAddress, 8453);
    * ```
    */
   async getPositions(userAddress, chainId) {

package/dist/index.mjs

@@ -63,14 +63,12 @@ var HttpClient = class {
   /**
    * Create HTTP client for both Execution API and Data API
    *
-   * @param apiKey - API key for Execution API
+   * @param apiKey - API key for both Execution API and Data API
    * @param environment - 'staging' or 'production'
-   * @param dataApiKey - API key for Data API - defaults to apiKey
    */
-  constructor(apiKey, environment = "production", dataApiKey) {
+  constructor(apiKey, environment = "production") {
     this.authToken = null;
     this.apiKey = apiKey;
-    this.dataApiKey = dataApiKey || apiKey;
     this.environment = environment;
     const endpoint = API_ENDPOINTS[environment];
     const parsedUrl = new URL(endpoint);
@@ -89,7 +87,7 @@ var HttpClient = class {
       baseURL: `${dataEndpoint}${DATA_API_VERSION}`,
       headers: {
         "Content-Type": "application/json",
-        "X-API-Key": this.dataApiKey
+        "X-API-Key": this.apiKey
       },
       timeout: 3e4
     });
@@ -188,7 +186,7 @@ var HttpClient = class {
     const fullUrl = `${DATA_API_ENDPOINTS[this.environment]}${path}`;
     const headers = {
       "Content-Type": "application/json",
-      "X-API-Key": this.dataApiKey,
+      "X-API-Key": this.apiKey,
       ...config?.headers
     };
     if (this.authToken) {
@@ -204,7 +202,7 @@ var HttpClient = class {
   setupDataInterceptors() {
     this.dataClient.interceptors.request.use(
       (config) => {
-        config.headers["X-API-Key"] = this.dataApiKey;
+        config.headers["X-API-Key"] = this.apiKey;
         if (this.authToken) {
           config.headers["Authorization"] = `Bearer ${this.authToken}`;
         }
@@ -456,10 +454,30 @@ var getSafeAccount = async (config) => {
     threshold: 1
   });
   const saltHex = fromHex(toHex(effectiveSalt), "bigint");
+  const signer = {
+    ...owner.account,
+    address: signerAddress,
+    // Override with the signer address at top level
+    signMessage: async (message) => {
+      if (typeof message === "string") {
+        return await owner.signMessage({
+          account: owner.account,
+          message
+        });
+      } else {
+        return await owner.signMessage({
+          account: owner.account,
+          message: {
+            raw: message.raw
+          }
+        });
+      }
+    }
+  };
   const safeAccount = await toSafeSmartAccount({
     client: publicClient,
-    owners: [owner],
-    // Pass the owner object with address and signMessage capability
+    owners: [signer],
+    // Pass the signer object with address at top level and signMessage capability
     version: "1.4.1",
     entryPoint: {
       address: entryPoint07Address,
@@ -592,7 +610,7 @@ var deploySafeAccount = async (config) => {
     );
   }
 };
-var signSessionKey = async (config, sessions, allPublicClients) => {
+var signSessionKey = async (config, sessions, allPublicClients, signingParams) => {
   const { owner, publicClient } = config;
   if (!owner || !owner.account) {
     throw new Error("Wallet not connected. Please connect your wallet first.");
@@ -620,8 +638,9 @@ var signSessionKey = async (config, sessions, allPublicClients) => {
     sessions,
     account,
     clients,
-    permitGenericPolicy: true,
-    sessionNonces
+    permitGenericPolicy: signingParams?.permitGenericPolicy ?? true,
+    sessionNonces,
+    ignoreSecurityAttestations: signingParams?.ignoreSecurityAttestations ?? false
   });
   const signature = await owner.signMessage({
     account: owner.account,
@@ -650,12 +669,12 @@ var ZyfaiSDK = class {
     // Store reference to current provider for event handling
     this.currentChainId = null;
     const sdkConfig = typeof config === "string" ? { apiKey: config } : config;
-    const { apiKey, dataApiKey, environment, bundlerApiKey } = sdkConfig;
+    const { apiKey, environment, bundlerApiKey } = sdkConfig;
     if (!apiKey) {
       throw new Error("API key is required");
     }
     this.environment = environment || "production";
-    this.httpClient = new HttpClient(apiKey, this.environment, dataApiKey);
+    this.httpClient = new HttpClient(apiKey, this.environment);
     this.bundlerApiKey = bundlerApiKey;
   }
   /**
@@ -677,6 +696,7 @@ var ZyfaiSDK = class {
       let uri;
       let domain;
       const globalWindow = typeof globalThis !== "undefined" ? globalThis.window : void 0;
+      const isNodeJs = !globalWindow?.location?.origin;
       if (globalWindow?.location?.origin) {
         uri = globalWindow.location.origin;
         domain = globalWindow.location.host;
@@ -704,7 +724,13 @@ var ZyfaiSDK = class {
         {
           message: messageObj,
           signature
-        }
+        },
+        // Set Origin header in Node.js to match message.uri (required by backend validation)
+        isNodeJs ? {
+          headers: {
+            Origin: uri
+          }
+        } : void 0
       );
       const authToken = loginResponse.accessToken;
       if (!authToken) {
@@ -730,7 +756,7 @@ var ZyfaiSDK = class {
    * ```typescript
    * await sdk.updateUserProfile({
    *   smartWallet: "0x1396730...",
-   *   chains: [8453, 42161],
+   *   chains: [8453],
    * });
    * ```
    */
@@ -807,7 +833,7 @@ var ZyfaiSDK = class {
     this.httpClient.clearAuthToken();
     if (this.walletClient && this.currentProvider) {
       const chainConfig = getChainConfig(
-        this.walletClient.chain?.id || 42161
+        this.walletClient.chain?.id || 8453
       );
       this.walletClient = createWalletClient({
         account: newAddress,
@@ -830,7 +856,7 @@ var ZyfaiSDK = class {
    * Accepts either a private key string or a modern wallet provider
    *
    * @param account - Private key string or wallet provider object
-   * @param chainId - Target chain ID (default: 42161 - Arbitrum)
+   * @param chainId - Target chain ID (default: 8453 - Base)
    * @returns The connected EOA address
    *
    * @example
@@ -842,7 +868,7 @@ var ZyfaiSDK = class {
    * const provider = await connector.getProvider();
    * await sdk.connectAccount(provider);
    */
-  async connectAccount(account, chainId = 42161) {
+  async connectAccount(account, chainId = 8453) {
     if (!isSupportedChain(chainId)) {
       throw new Error(`Unsupported chain ID: ${chainId}`);
     }
@@ -1126,9 +1152,10 @@ var ZyfaiSDK = class {
           alreadyActive: true
         };
       }
-      const sessionConfig = await this.httpClient.get(
+      const sessionConfigResponse = await this.httpClient.get(
         ENDPOINTS.SESSION_KEYS_CONFIG
       );
+      const sessionConfig = Array.isArray(sessionConfigResponse) ? sessionConfigResponse : sessionConfigResponse.sessions;
       if (!sessionConfig || sessionConfig.length === 0) {
         throw new Error("No session configuration available from API");
       }
@@ -1136,16 +1163,37 @@ var ZyfaiSDK = class {
         ...session,
         chainId: BigInt(session.chainId)
       }));
+      const DEFAULT_ACTION_TARGET = "0x0000000000000000000000000000000000000001";
+      const DEFAULT_ACTION_SELECTOR = "0x00000001";
+      const permitGenericPolicy = sessionConfig.some(
+        (session) => session.actions?.some(
+          (action) => action.actionTarget === DEFAULT_ACTION_TARGET && action.actionTargetSelector === DEFAULT_ACTION_SELECTOR
+        )
+      );
+      const chainConfig = getChainConfig(chainId);
+      const accountType = await getAccountType(
+        userAddress,
+        chainConfig.publicClient
+      );
+      const signingParams = {
+        permitGenericPolicy,
+        ignoreSecurityAttestations: accountType === "Safe"
+      };
       const signatureResult = await this.signSessionKey(
         userAddress,
         chainId,
-        sessions
+        sessions,
+        signingParams
       );
       if (!signatureResult.signature) {
         throw new Error("Failed to obtain session key signature");
       }
       await this.updateUserProtocols(chainId);
+      const signer = sessions[0].sessionValidator;
+      console.log("Session validator:", signer);
       const activation = await this.activateSessionKey(
+        signer || "0x2483DA3A338895199E5e538530213157e931Bf06",
+        // TODO: This is a temporary fix to avoid the session validator being null
         signatureResult.signature,
         signatureResult.sessionNonces
       );
@@ -1165,7 +1213,7 @@ var ZyfaiSDK = class {
    * Internal method to sign session key
    * @private
    */
-  async signSessionKey(userAddress, chainId, sessions) {
+  async signSessionKey(userAddress, chainId, sessions, signingParams) {
     try {
       if (!userAddress) {
         throw new Error("User address is required");
@@ -1200,7 +1248,8 @@ var ZyfaiSDK = class {
           environment: this.environment
         },
         sessions,
-        allPublicClients
+        allPublicClients,
+        signingParams
       );
       const safeAddress = await getDeterministicSafeAddress({
         owner: walletClient,
@@ -1247,9 +1296,10 @@ var ZyfaiSDK = class {
   /**
    * Activate session key via ZyFAI API
    */
-  async activateSessionKey(signature, sessionNonces) {
+  async activateSessionKey(signer, signature, sessionNonces) {
     const nonces = this.normalizeSessionNonces(sessionNonces);
     const payload = {
+      signer,
       hash: signature,
       nonces
     };
@@ -1287,10 +1337,10 @@ var ZyfaiSDK = class {
    *
    * @example
    * ```typescript
-   * // Deposit 100 USDC (6 decimals) to Safe on Arbitrum
+   * // Deposit 100 USDC (6 decimals) to Safe on Base
    * const result = await sdk.depositFunds(
    *   "0xUser...",
-   *   42161,
+   *   8453,
    *   "0xaf88d065e77c8cc2239327c5edb3a432268e5831", // USDC
    *   "100000000" // 100 USDC = 100 * 10^6
    * );
@@ -1368,13 +1418,13 @@ var ZyfaiSDK = class {
    * @example
    * ```typescript
    * // Full withdrawal
-   * const result = await sdk.withdrawFunds("0xUser...", 42161);
+   * const result = await sdk.withdrawFunds("0xUser...", 8453);
    * console.log(result.message); // "Withdrawal request sent"
    *
    * // Partial withdrawal of 50 USDC (6 decimals)
    * const result = await sdk.withdrawFunds(
    *   "0xUser...",
-   *   42161,
+   *   8453,
    *   "50000000", // 50 USDC = 50 * 10^6
    *   "0xReceiver..."
    * );
@@ -1460,7 +1510,7 @@ var ZyfaiSDK = class {
    *
    * @example
    * ```typescript
-   * const protocols = await sdk.getAvailableProtocols(42161);
+   * const protocols = await sdk.getAvailableProtocols(8453);
    * protocols.forEach(protocol => {
    *   console.log(`${protocol.name}: ${protocol.minApy}% - ${protocol.maxApy}% APY`);
    * });
@@ -1498,7 +1548,7 @@ var ZyfaiSDK = class {
    * const positions = await sdk.getPositions(userAddress);
    *
    * // Get positions on a specific chain
-   * const arbPositions = await sdk.getPositions(userAddress, 42161);
+   * const basePositions = await sdk.getPositions(userAddress, 8453);
    * ```
    */
   async getPositions(userAddress, chainId) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zyfai/sdk",
-  "version": "0.1.13",
+  "version": "0.1.15",
   "description": "TypeScript SDK for ZyFAI Yield Optimization Engine - Deploy Safe smart wallets, manage session keys, and interact with DeFi protocols",
   "main": "dist/index.js",
   "module": "dist/index.mjs",