@zyfai/sdk 0.1.2 → 0.1.3

package/README.md

@@ -229,25 +229,31 @@ The SDK automatically fetches optimal session configuration from ZyFAI API:
 ```typescript
 // SDK automatically:
 // 1. Authenticates via SIWE (creates user record if needed)
-// 2. Calculates the deterministic Safe address
-// 3. Resolves the userId via /users/by-smart-wallet
+// 2. Checks if user already has an active session key (returns early if so)
+// 3. Calculates the deterministic Safe address
 // 4. Retrieves personalized config via /session-keys/config
 // 5. Signs the session key
 // 6. Calls /session-keys/add so the session becomes active immediately
 
 const result = await sdk.createSessionKey(userAddress, 42161);
 
-console.log("Session created:", result.signature);
-console.log("Safe address:", result.sessionKeyAddress);
+// Check if session key already existed
+if (result.alreadyActive) {
+  console.log("Session key already active:", result.message);
+} else {
+  console.log("Session created:", result.signature);
+  console.log("Safe address:", result.sessionKeyAddress);
+  console.log("Activation ID:", result.sessionActivation?.id);
+}
 console.log("User ID:", result.userId);
-console.log("Activation ID:", result.sessionActivation?.id);
 ```
 
 **Important**:
 
 - `createSessionKey` requires SIWE authentication (prompts wallet signature on first call)
+- The SDK proactively checks if the user already has an active session key (from login response) and returns early without requiring any signature if one exists
 - The user record must have `smartWallet` and `chainId` set (automatically handled after calling `deploySafe` or `updateUserProfile`)
-- The SDK now auto-calls `/users/by-smart-wallet`, `/session-keys/config`, and `/session-keys/add`, so the returned payload already includes the `userId` and the activation record (`sessionActivation`)—no additional API calls are required on your side.
+- When `alreadyActive` is `true`, `sessionKeyAddress` and `signature` are not available in the response
 
 ### 4. Deposit Funds
 
@@ -713,6 +719,24 @@ Make sure to call `connectAccount()` before calling other methods that require s
 
 Check that the chain ID is in the supported chains list: Arbitrum (42161), Base (8453), or Plasma (9745).
 
+### SIWE Authentication Issues in Browser
+
+The SDK automatically detects browser vs Node.js environments for SIWE authentication:
+- **Browser**: Uses `window.location.origin` for the SIWE message domain/uri to match the browser's automatic `Origin` header
+- **Node.js**: Uses the API endpoint URL
+
+If you encounter SIWE authentication failures in a browser, ensure:
+1. Your frontend origin is allowed by the API's CORS configuration
+2. You're using the correct `environment` setting (`staging` or `production`)
+
+### Session Key Already Exists
+
+If `createSessionKey` returns `{ alreadyActive: true }`, the user already has an active session key. This is not an error - the SDK proactively checks before attempting to create a new one.
+
+### Data API CORS Errors
+
+Some Data API endpoints may require server-side CORS configuration. If you see CORS errors for endpoints like `onchain-earnings`, `calculate-onchain-earnings`, or `opportunities`, contact ZyFAI support to ensure your origin is whitelisted.
+
 ## Contributing
 
 Contributions are welcome! Please open an issue or submit a pull request.

package/dist/index.d.mts

@@ -52,11 +52,17 @@ interface AddSessionKeyResponse {
 }
 interface SessionKeyResponse {
     success: boolean;
-    sessionKeyAddress: Address;
-    signature: Hex;
+    /** Session key address (not available when alreadyActive is true) */
+    sessionKeyAddress?: Address;
+    /** Signature (not available when alreadyActive is true) */
+    signature?: Hex;
     sessionNonces?: bigint[];
     userId?: string;
     sessionActivation?: AddSessionKeyResponse;
+    /** Message when session key already exists */
+    message?: string;
+    /** True if a session key was already active for this user */
+    alreadyActive?: boolean;
 }
 interface SmartWalletResponse {
     address: Address;
@@ -117,7 +123,6 @@ interface PositionSlot {
 interface PositionsResponse {
     success: boolean;
     userAddress: string;
-    totalValueUsd: number;
     positions: Position[];
 }
 interface UserDetails {
@@ -142,10 +147,18 @@ interface UserDetailsResponse {
     success: boolean;
     user: UserDetails;
 }
+interface TVLBreakdown {
+    chain_id: number;
+    protocol_id: string | null;
+    protocol_name: string | null;
+    pool: string | null;
+    total_balance: number;
+}
 interface TVLResponse {
     success: boolean;
     totalTvl: number;
-    byChain?: Record<string, number>;
+    byChain?: Record<number, number>;
+    breakdown?: TVLBreakdown[];
 }
 interface VolumeResponse {
     success: boolean;
@@ -397,6 +410,7 @@ declare class ZyfaiSDK {
     private bundlerApiKey?;
     private isAuthenticated;
     private authenticatedUserId;
+    private hasActiveSessionKey;
     private environment;
     constructor(config: SDKConfig | string);
     /**

package/dist/index.d.ts

@@ -52,11 +52,17 @@ interface AddSessionKeyResponse {
 }
 interface SessionKeyResponse {
     success: boolean;
-    sessionKeyAddress: Address;
-    signature: Hex;
+    /** Session key address (not available when alreadyActive is true) */
+    sessionKeyAddress?: Address;
+    /** Signature (not available when alreadyActive is true) */
+    signature?: Hex;
     sessionNonces?: bigint[];
     userId?: string;
     sessionActivation?: AddSessionKeyResponse;
+    /** Message when session key already exists */
+    message?: string;
+    /** True if a session key was already active for this user */
+    alreadyActive?: boolean;
 }
 interface SmartWalletResponse {
     address: Address;
@@ -117,7 +123,6 @@ interface PositionSlot {
 interface PositionsResponse {
     success: boolean;
     userAddress: string;
-    totalValueUsd: number;
     positions: Position[];
 }
 interface UserDetails {
@@ -142,10 +147,18 @@ interface UserDetailsResponse {
     success: boolean;
     user: UserDetails;
 }
+interface TVLBreakdown {
+    chain_id: number;
+    protocol_id: string | null;
+    protocol_name: string | null;
+    pool: string | null;
+    total_balance: number;
+}
 interface TVLResponse {
     success: boolean;
     totalTvl: number;
-    byChain?: Record<string, number>;
+    byChain?: Record<number, number>;
+    breakdown?: TVLBreakdown[];
 }
 interface VolumeResponse {
     success: boolean;
@@ -397,6 +410,7 @@ declare class ZyfaiSDK {
     private bundlerApiKey?;
     private isAuthenticated;
     private authenticatedUserId;
+    private hasActiveSessionKey;
     private environment;
     constructor(config: SDKConfig | string);
     /**

package/dist/index.js

@@ -87,7 +87,7 @@ var DATA_ENDPOINTS = {
   // Portfolio
   DEBANK_PORTFOLIO_MULTICHAIN: (address) => `/debank/portfolio/multichain/${address}`,
   // Opportunities
-  OPPORTUNITIES_SAFE: (chainId) => chainId ? `/opportunities/safes?chainId=${chainId}` : "/opportunities/safes",
+  OPPORTUNITIES_SAFE: (chainId) => chainId ? `/opportunities/safe?chainId=${chainId}` : "/opportunities/safe",
   OPPORTUNITIES_DEGEN: (chainId) => chainId ? `/opportunities/degen-strategies?chainId=${chainId}` : "/opportunities/degen-strategies",
   // APY History
   DAILY_APY_HISTORY_WEIGHTED: (walletAddress, days) => `/daily-apy-history/weighted/${walletAddress}${days ? `?days=${days}` : ""}`,
@@ -116,8 +116,7 @@ var HttpClient = class {
       baseURL: `${endpoint}${API_VERSION}`,
       headers: {
         "Content-Type": "application/json",
-        "X-API-Key": this.apiKey,
-        Origin: this.origin
+        "X-API-Key": this.apiKey
       },
       timeout: 3e4
     });
@@ -149,7 +148,6 @@ var HttpClient = class {
     this.client.interceptors.request.use(
       (config) => {
         config.headers["X-API-Key"] = this.apiKey;
-        config.headers["Origin"] = this.origin;
         if (this.authToken) {
           config.headers["Authorization"] = `Bearer ${this.authToken}`;
         }
@@ -218,6 +216,9 @@ var HttpClient = class {
     this.dataClient.interceptors.request.use(
       (config) => {
         config.headers["X-API-Key"] = this.dataApiKey;
+        if (this.authToken) {
+          config.headers["Authorization"] = `Bearer ${this.authToken}`;
+        }
         return config;
       },
       (error) => Promise.reject(error)
@@ -404,7 +405,6 @@ var getBundlerUrl = (chainId, bundlerApiKey, bundlerProvider = "pimlico") => {
 // src/utils/safe-account.ts
 var import_module_sdk = require("@rhinestone/module-sdk");
 var import_permissionless = require("permissionless");
-var import_actions = require("permissionless/actions");
 var import_erc7579 = require("permissionless/actions/erc7579");
 var import_pimlico = require("permissionless/clients/pimlico");
 var import_accounts = require("permissionless/accounts");
@@ -412,27 +412,36 @@ var import_viem3 = require("viem");
 var import_account_abstraction = require("viem/account-abstraction");
 var SAFE_7579_ADDRESS = "0x7579EE8307284F293B1927136486880611F20002";
 var ERC7579_LAUNCHPAD_ADDRESS = "0x7579011aB74c46090561ea277Ba79D510c6C00ff";
-var DEFAULT_ACCOUNT_SALT = "zyfai-staging";
+var ACCOUNT_SALTS = {
+  staging: "zyfai-staging",
+  production: "zyfai-production"
+};
 var getSafeAccount = async (config) => {
   const {
     owner,
     safeOwnerAddress,
     publicClient,
-    accountSalt = DEFAULT_ACCOUNT_SALT
+    environment = "production"
   } = config;
+  const effectiveSalt = ACCOUNT_SALTS[environment];
   if (!owner || !owner.account) {
     throw new Error("Wallet not connected. Please connect your wallet first.");
   }
-  const actualOwnerAddress = safeOwnerAddress || owner.account.address;
+  const signerAddress = owner.account.address;
+  if (safeOwnerAddress && safeOwnerAddress.toLowerCase() !== signerAddress.toLowerCase()) {
+    throw new Error(
+      `Connected wallet address (${signerAddress}) must match the Safe owner address (${safeOwnerAddress}). Please connect with the correct wallet.`
+    );
+  }
   const ownableValidator = (0, import_module_sdk.getOwnableValidator)({
-    owners: [actualOwnerAddress],
+    owners: [signerAddress],
     threshold: 1
   });
-  const saltHex = (0, import_viem3.fromHex)((0, import_viem3.toHex)(accountSalt), "bigint");
+  const saltHex = (0, import_viem3.fromHex)((0, import_viem3.toHex)(effectiveSalt), "bigint");
   const safeAccount = await (0, import_accounts.toSafeSmartAccount)({
     client: publicClient,
     owners: [owner.account],
-    // Use connected wallet for signing
+    // Pass the account object with address and signMessage capability
     version: "1.4.1",
     entryPoint: {
       address: import_account_abstraction.entryPoint07Address,
@@ -565,8 +574,8 @@ var deploySafeAccount = async (config) => {
     );
   }
 };
-var signSessionKey = async (config, sessions) => {
-  const { owner, publicClient, chain } = config;
+var signSessionKey = async (config, sessions, allPublicClients) => {
+  const { owner, publicClient } = config;
   if (!owner || !owner.account) {
     throw new Error("Wallet not connected. Please connect your wallet first.");
   }
@@ -575,21 +584,24 @@ var signSessionKey = async (config, sessions) => {
     address: safeAccount.address,
     type: "safe"
   });
+  const clients = allPublicClients || [publicClient];
   const sessionNonces = await Promise.all(
-    sessions.map(
-      (session) => (0, import_module_sdk.getSessionNonce)({
-        client: publicClient,
+    sessions.map((session) => {
+      const sessionChainId = Number(session.chainId);
+      const client = clients.find((c) => c.chain?.id === sessionChainId) || publicClient;
+      return (0, import_module_sdk.getSessionNonce)({
+        client,
         account,
         permissionId: (0, import_module_sdk.getPermissionId)({
           session
         })
-      })
-    )
+      });
+    })
   );
   const sessionDetails = await (0, import_module_sdk.getEnableSessionDetails)({
     sessions,
     account,
-    clients: [publicClient],
+    clients,
     permitGenericPolicy: true,
     sessionNonces
   });
@@ -614,6 +626,8 @@ var ZyfaiSDK = class {
     this.walletClient = null;
     this.isAuthenticated = false;
     this.authenticatedUserId = null;
+    // Stored from login response
+    this.hasActiveSessionKey = false;
     const sdkConfig = typeof config === "string" ? { apiKey: config } : config;
     const { apiKey, dataApiKey, environment, bundlerApiKey } = sdkConfig;
     if (!apiKey) {
@@ -636,11 +650,19 @@ var ZyfaiSDK = class {
         return;
       }
       const walletClient = this.getWalletClient();
-      const userAddress = walletClient.account.address;
+      const userAddress = (0, import_viem4.getAddress)(walletClient.account.address);
       const chainId = walletClient.chain?.id || 8453;
       const challengeResponse = await this.httpClient.post(ENDPOINTS.AUTH_CHALLENGE, {});
-      const domain = API_ENDPOINTS[this.environment].split("//")[1];
-      const uri = API_ENDPOINTS[this.environment];
+      let uri;
+      let domain;
+      const globalWindow = typeof globalThis !== "undefined" ? globalThis.window : void 0;
+      if (globalWindow?.location?.origin) {
+        uri = globalWindow.location.origin;
+        domain = globalWindow.location.host;
+      } else {
+        uri = API_ENDPOINTS[this.environment];
+        domain = API_ENDPOINTS[this.environment].split("//")[1];
+      }
       const messageObj = new import_siwe.SiweMessage({
         address: userAddress,
         chainId,
@@ -661,11 +683,6 @@ var ZyfaiSDK = class {
         {
           message: messageObj,
           signature
-        },
-        {
-          headers: {
-            Origin: uri
-          }
         }
       );
       const authToken = loginResponse.accessToken || loginResponse.token;
@@ -674,6 +691,7 @@ var ZyfaiSDK = class {
       }
       this.httpClient.setAuthToken(authToken);
       this.authenticatedUserId = loginResponse.userId || null;
+      this.hasActiveSessionKey = loginResponse.hasActiveSessionKey || false;
       this.isAuthenticated = true;
     } catch (error) {
       throw new Error(
@@ -823,7 +841,8 @@ var ZyfaiSDK = class {
       owner: walletClient,
       safeOwnerAddress: userAddress,
       chain: chainConfig.chain,
-      publicClient: chainConfig.publicClient
+      publicClient: chainConfig.publicClient,
+      environment: this.environment
     });
     const isDeployed = await isSafeDeployed(
       safeAddress,
@@ -871,7 +890,8 @@ var ZyfaiSDK = class {
         safeOwnerAddress: userAddress,
         chain: chainConfig.chain,
         publicClient: chainConfig.publicClient,
-        bundlerUrl
+        bundlerUrl,
+        environment: this.environment
       });
       try {
         await this.updateUserProfile({
@@ -918,14 +938,14 @@ var ZyfaiSDK = class {
           "User ID not available. Please ensure authentication completed successfully."
         );
       }
-      const walletClient = this.getWalletClient();
-      const chainConfig = getChainConfig(chainId);
-      const safeAddress = await getDeterministicSafeAddress({
-        owner: walletClient,
-        safeOwnerAddress: userAddress,
-        chain: chainConfig.chain,
-        publicClient: chainConfig.publicClient
-      });
+      if (this.hasActiveSessionKey) {
+        return {
+          success: true,
+          userId: this.authenticatedUserId,
+          message: "Session key already exists and is active",
+          alreadyActive: true
+        };
+      }
       const sessionConfig = await this.httpClient.get(
         ENDPOINTS.SESSION_KEYS_CONFIG
       );
@@ -941,10 +961,14 @@ var ZyfaiSDK = class {
         chainId,
         sessions
       );
+      if (!signatureResult.signature) {
+        throw new Error("Failed to obtain session key signature");
+      }
       const activation = await this.activateSessionKey(
         signatureResult.signature,
         signatureResult.sessionNonces
       );
+      this.hasActiveSessionKey = true;
       return {
         ...signatureResult,
         userId: this.authenticatedUserId,
@@ -982,20 +1006,27 @@ var ZyfaiSDK = class {
           `Invalid account type for ${userAddress}. Must be an EOA.`
         );
       }
+      const sessionChainIds = [
+        ...new Set(sessions.map((s) => Number(s.chainId)))
+      ];
+      const allPublicClients = sessionChainIds.filter(isSupportedChain).map((id) => getChainConfig(id).publicClient);
       const { signature, sessionNonces } = await signSessionKey(
         {
           owner: walletClient,
           safeOwnerAddress: userAddress,
           chain: chainConfig.chain,
-          publicClient: chainConfig.publicClient
+          publicClient: chainConfig.publicClient,
+          environment: this.environment
         },
-        sessions
+        sessions,
+        allPublicClients
       );
       const safeAddress = await getDeterministicSafeAddress({
         owner: walletClient,
         safeOwnerAddress: userAddress,
         chain: chainConfig.chain,
-        publicClient: chainConfig.publicClient
+        publicClient: chainConfig.publicClient,
+        environment: this.environment
       });
       return {
         success: true,
@@ -1081,7 +1112,8 @@ var ZyfaiSDK = class {
         owner: walletClient,
         safeOwnerAddress: userAddress,
         chain: chainConfig.chain,
-        publicClient: chainConfig.publicClient
+        publicClient: chainConfig.publicClient,
+        environment: this.environment
       });
       const isDeployed = await isSafeDeployed(
         safeAddress,
@@ -1156,7 +1188,8 @@ var ZyfaiSDK = class {
         owner: walletClient,
         safeOwnerAddress: userAddress,
         chain: chainConfig.chain,
-        publicClient: chainConfig.publicClient
+        publicClient: chainConfig.publicClient,
+        environment: this.environment
       });
       const isDeployed = await isSafeDeployed(
         safeAddress,
@@ -1256,7 +1289,8 @@ var ZyfaiSDK = class {
         owner: walletClient,
         safeOwnerAddress: userAddress,
         chain: chainConfig.chain,
-        publicClient: chainConfig.publicClient
+        publicClient: chainConfig.publicClient,
+        environment: this.environment
       });
       const response = await this.httpClient.get(
         ENDPOINTS.DATA_POSITION(safeAddress)
@@ -1264,8 +1298,6 @@ var ZyfaiSDK = class {
       return {
         success: true,
         userAddress,
-        totalValueUsd: 0,
-        // API doesn't return this yet
         positions: response ? [response] : []
       };
     } catch (error) {
@@ -1337,10 +1369,18 @@ var ZyfaiSDK = class {
   async getTVL() {
     try {
       const response = await this.httpClient.get(ENDPOINTS.DATA_TVL);
+      const byChain = {};
+      for (const key of Object.keys(response)) {
+        const numKey = parseInt(key, 10);
+        if (!isNaN(numKey) && typeof response[key] === "number") {
+          byChain[numKey] = response[key];
+        }
+      }
       return {
         success: true,
-        totalTvl: response.totalTvl || response.tvl || 0,
-        byChain: response.byChain
+        totalTvl: response.total || response.totalTvl || response.tvl || 0,
+        byChain,
+        breakdown: response.breakdown
       };
     } catch (error) {
       throw new Error(`Failed to get TVL: ${error.message}`);

package/dist/index.mjs

@@ -48,7 +48,7 @@ var DATA_ENDPOINTS = {
   // Portfolio
   DEBANK_PORTFOLIO_MULTICHAIN: (address) => `/debank/portfolio/multichain/${address}`,
   // Opportunities
-  OPPORTUNITIES_SAFE: (chainId) => chainId ? `/opportunities/safes?chainId=${chainId}` : "/opportunities/safes",
+  OPPORTUNITIES_SAFE: (chainId) => chainId ? `/opportunities/safe?chainId=${chainId}` : "/opportunities/safe",
   OPPORTUNITIES_DEGEN: (chainId) => chainId ? `/opportunities/degen-strategies?chainId=${chainId}` : "/opportunities/degen-strategies",
   // APY History
   DAILY_APY_HISTORY_WEIGHTED: (walletAddress, days) => `/daily-apy-history/weighted/${walletAddress}${days ? `?days=${days}` : ""}`,
@@ -77,8 +77,7 @@ var HttpClient = class {
       baseURL: `${endpoint}${API_VERSION}`,
       headers: {
         "Content-Type": "application/json",
-        "X-API-Key": this.apiKey,
-        Origin: this.origin
+        "X-API-Key": this.apiKey
       },
       timeout: 3e4
     });
@@ -110,7 +109,6 @@ var HttpClient = class {
     this.client.interceptors.request.use(
       (config) => {
         config.headers["X-API-Key"] = this.apiKey;
-        config.headers["Origin"] = this.origin;
         if (this.authToken) {
           config.headers["Authorization"] = `Bearer ${this.authToken}`;
         }
@@ -179,6 +177,9 @@ var HttpClient = class {
     this.dataClient.interceptors.request.use(
       (config) => {
         config.headers["X-API-Key"] = this.dataApiKey;
+        if (this.authToken) {
+          config.headers["Authorization"] = `Bearer ${this.authToken}`;
+        }
         return config;
       },
       (error) => Promise.reject(error)
@@ -293,7 +294,8 @@ import { privateKeyToAccount } from "viem/accounts";
 import {
   createWalletClient,
   custom,
-  http as http3
+  http as http3,
+  getAddress
 } from "viem";
 
 // src/config/chains.ts
@@ -376,43 +378,49 @@ import {
   getSessionNonce
 } from "@rhinestone/module-sdk";
 import { createSmartAccountClient } from "permissionless";
-import { getAccountNonce } from "permissionless/actions";
 import { erc7579Actions } from "permissionless/actions/erc7579";
 import { createPimlicoClient } from "permissionless/clients/pimlico";
 import { toSafeSmartAccount } from "permissionless/accounts";
 import {
   http as http2,
   fromHex,
-  pad,
   toHex
 } from "viem";
 import {
-  entryPoint07Address,
-  getUserOperationHash
+  entryPoint07Address
 } from "viem/account-abstraction";
 var SAFE_7579_ADDRESS = "0x7579EE8307284F293B1927136486880611F20002";
 var ERC7579_LAUNCHPAD_ADDRESS = "0x7579011aB74c46090561ea277Ba79D510c6C00ff";
-var DEFAULT_ACCOUNT_SALT = "zyfai-staging";
+var ACCOUNT_SALTS = {
+  staging: "zyfai-staging",
+  production: "zyfai-production"
+};
 var getSafeAccount = async (config) => {
   const {
     owner,
     safeOwnerAddress,
     publicClient,
-    accountSalt = DEFAULT_ACCOUNT_SALT
+    environment = "production"
   } = config;
+  const effectiveSalt = ACCOUNT_SALTS[environment];
   if (!owner || !owner.account) {
     throw new Error("Wallet not connected. Please connect your wallet first.");
   }
-  const actualOwnerAddress = safeOwnerAddress || owner.account.address;
+  const signerAddress = owner.account.address;
+  if (safeOwnerAddress && safeOwnerAddress.toLowerCase() !== signerAddress.toLowerCase()) {
+    throw new Error(
+      `Connected wallet address (${signerAddress}) must match the Safe owner address (${safeOwnerAddress}). Please connect with the correct wallet.`
+    );
+  }
   const ownableValidator = getOwnableValidator({
-    owners: [actualOwnerAddress],
+    owners: [signerAddress],
     threshold: 1
   });
-  const saltHex = fromHex(toHex(accountSalt), "bigint");
+  const saltHex = fromHex(toHex(effectiveSalt), "bigint");
   const safeAccount = await toSafeSmartAccount({
     client: publicClient,
     owners: [owner.account],
-    // Use connected wallet for signing
+    // Pass the account object with address and signMessage capability
     version: "1.4.1",
     entryPoint: {
       address: entryPoint07Address,
@@ -545,8 +553,8 @@ var deploySafeAccount = async (config) => {
     );
   }
 };
-var signSessionKey = async (config, sessions) => {
-  const { owner, publicClient, chain } = config;
+var signSessionKey = async (config, sessions, allPublicClients) => {
+  const { owner, publicClient } = config;
   if (!owner || !owner.account) {
     throw new Error("Wallet not connected. Please connect your wallet first.");
   }
@@ -555,21 +563,24 @@ var signSessionKey = async (config, sessions) => {
     address: safeAccount.address,
     type: "safe"
   });
+  const clients = allPublicClients || [publicClient];
   const sessionNonces = await Promise.all(
-    sessions.map(
-      (session) => getSessionNonce({
-        client: publicClient,
+    sessions.map((session) => {
+      const sessionChainId = Number(session.chainId);
+      const client = clients.find((c) => c.chain?.id === sessionChainId) || publicClient;
+      return getSessionNonce({
+        client,
         account,
         permissionId: getPermissionId({
           session
         })
-      })
-    )
+      });
+    })
   );
   const sessionDetails = await getEnableSessionDetails({
     sessions,
     account,
-    clients: [publicClient],
+    clients,
     permitGenericPolicy: true,
     sessionNonces
   });
@@ -594,6 +605,8 @@ var ZyfaiSDK = class {
     this.walletClient = null;
     this.isAuthenticated = false;
     this.authenticatedUserId = null;
+    // Stored from login response
+    this.hasActiveSessionKey = false;
     const sdkConfig = typeof config === "string" ? { apiKey: config } : config;
     const { apiKey, dataApiKey, environment, bundlerApiKey } = sdkConfig;
     if (!apiKey) {
@@ -616,11 +629,19 @@ var ZyfaiSDK = class {
         return;
       }
       const walletClient = this.getWalletClient();
-      const userAddress = walletClient.account.address;
+      const userAddress = getAddress(walletClient.account.address);
       const chainId = walletClient.chain?.id || 8453;
       const challengeResponse = await this.httpClient.post(ENDPOINTS.AUTH_CHALLENGE, {});
-      const domain = API_ENDPOINTS[this.environment].split("//")[1];
-      const uri = API_ENDPOINTS[this.environment];
+      let uri;
+      let domain;
+      const globalWindow = typeof globalThis !== "undefined" ? globalThis.window : void 0;
+      if (globalWindow?.location?.origin) {
+        uri = globalWindow.location.origin;
+        domain = globalWindow.location.host;
+      } else {
+        uri = API_ENDPOINTS[this.environment];
+        domain = API_ENDPOINTS[this.environment].split("//")[1];
+      }
       const messageObj = new SiweMessage({
         address: userAddress,
         chainId,
@@ -641,11 +662,6 @@ var ZyfaiSDK = class {
         {
           message: messageObj,
           signature
-        },
-        {
-          headers: {
-            Origin: uri
-          }
         }
       );
       const authToken = loginResponse.accessToken || loginResponse.token;
@@ -654,6 +670,7 @@ var ZyfaiSDK = class {
       }
       this.httpClient.setAuthToken(authToken);
       this.authenticatedUserId = loginResponse.userId || null;
+      this.hasActiveSessionKey = loginResponse.hasActiveSessionKey || false;
       this.isAuthenticated = true;
     } catch (error) {
       throw new Error(
@@ -803,7 +820,8 @@ var ZyfaiSDK = class {
       owner: walletClient,
       safeOwnerAddress: userAddress,
       chain: chainConfig.chain,
-      publicClient: chainConfig.publicClient
+      publicClient: chainConfig.publicClient,
+      environment: this.environment
     });
     const isDeployed = await isSafeDeployed(
       safeAddress,
@@ -851,7 +869,8 @@ var ZyfaiSDK = class {
         safeOwnerAddress: userAddress,
         chain: chainConfig.chain,
         publicClient: chainConfig.publicClient,
-        bundlerUrl
+        bundlerUrl,
+        environment: this.environment
       });
       try {
         await this.updateUserProfile({
@@ -898,14 +917,14 @@ var ZyfaiSDK = class {
           "User ID not available. Please ensure authentication completed successfully."
         );
       }
-      const walletClient = this.getWalletClient();
-      const chainConfig = getChainConfig(chainId);
-      const safeAddress = await getDeterministicSafeAddress({
-        owner: walletClient,
-        safeOwnerAddress: userAddress,
-        chain: chainConfig.chain,
-        publicClient: chainConfig.publicClient
-      });
+      if (this.hasActiveSessionKey) {
+        return {
+          success: true,
+          userId: this.authenticatedUserId,
+          message: "Session key already exists and is active",
+          alreadyActive: true
+        };
+      }
       const sessionConfig = await this.httpClient.get(
         ENDPOINTS.SESSION_KEYS_CONFIG
       );
@@ -921,10 +940,14 @@ var ZyfaiSDK = class {
         chainId,
         sessions
       );
+      if (!signatureResult.signature) {
+        throw new Error("Failed to obtain session key signature");
+      }
       const activation = await this.activateSessionKey(
         signatureResult.signature,
         signatureResult.sessionNonces
       );
+      this.hasActiveSessionKey = true;
       return {
         ...signatureResult,
         userId: this.authenticatedUserId,
@@ -962,20 +985,27 @@ var ZyfaiSDK = class {
           `Invalid account type for ${userAddress}. Must be an EOA.`
         );
       }
+      const sessionChainIds = [
+        ...new Set(sessions.map((s) => Number(s.chainId)))
+      ];
+      const allPublicClients = sessionChainIds.filter(isSupportedChain).map((id) => getChainConfig(id).publicClient);
       const { signature, sessionNonces } = await signSessionKey(
         {
           owner: walletClient,
           safeOwnerAddress: userAddress,
           chain: chainConfig.chain,
-          publicClient: chainConfig.publicClient
+          publicClient: chainConfig.publicClient,
+          environment: this.environment
         },
-        sessions
+        sessions,
+        allPublicClients
       );
       const safeAddress = await getDeterministicSafeAddress({
         owner: walletClient,
         safeOwnerAddress: userAddress,
         chain: chainConfig.chain,
-        publicClient: chainConfig.publicClient
+        publicClient: chainConfig.publicClient,
+        environment: this.environment
       });
       return {
         success: true,
@@ -1061,7 +1091,8 @@ var ZyfaiSDK = class {
         owner: walletClient,
         safeOwnerAddress: userAddress,
         chain: chainConfig.chain,
-        publicClient: chainConfig.publicClient
+        publicClient: chainConfig.publicClient,
+        environment: this.environment
       });
       const isDeployed = await isSafeDeployed(
         safeAddress,
@@ -1136,7 +1167,8 @@ var ZyfaiSDK = class {
         owner: walletClient,
         safeOwnerAddress: userAddress,
         chain: chainConfig.chain,
-        publicClient: chainConfig.publicClient
+        publicClient: chainConfig.publicClient,
+        environment: this.environment
       });
       const isDeployed = await isSafeDeployed(
         safeAddress,
@@ -1236,7 +1268,8 @@ var ZyfaiSDK = class {
         owner: walletClient,
         safeOwnerAddress: userAddress,
         chain: chainConfig.chain,
-        publicClient: chainConfig.publicClient
+        publicClient: chainConfig.publicClient,
+        environment: this.environment
       });
       const response = await this.httpClient.get(
         ENDPOINTS.DATA_POSITION(safeAddress)
@@ -1244,8 +1277,6 @@ var ZyfaiSDK = class {
       return {
         success: true,
         userAddress,
-        totalValueUsd: 0,
-        // API doesn't return this yet
         positions: response ? [response] : []
       };
     } catch (error) {
@@ -1317,10 +1348,18 @@ var ZyfaiSDK = class {
   async getTVL() {
     try {
       const response = await this.httpClient.get(ENDPOINTS.DATA_TVL);
+      const byChain = {};
+      for (const key of Object.keys(response)) {
+        const numKey = parseInt(key, 10);
+        if (!isNaN(numKey) && typeof response[key] === "number") {
+          byChain[numKey] = response[key];
+        }
+      }
       return {
         success: true,
-        totalTvl: response.totalTvl || response.tvl || 0,
-        byChain: response.byChain
+        totalTvl: response.total || response.totalTvl || response.tvl || 0,
+        byChain,
+        breakdown: response.breakdown
       };
     } catch (error) {
       throw new Error(`Failed to get TVL: ${error.message}`);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zyfai/sdk",
-  "version": "0.1.2",
+  "version": "0.1.3",
   "description": "TypeScript SDK for ZyFAI Yield Optimization Engine - Deploy Safe smart wallets, manage session keys, and interact with DeFi protocols",
   "main": "dist/index.js",
   "module": "dist/index.mjs",