@bounded-sh/core 0.0.19 → 0.0.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -2,12 +2,13 @@ import { AuthProvider } from '../types';
2
2
  export interface ClientConfig {
3
3
  name: string;
4
4
  logoUrl: string;
5
- /** Auth method. 'email' = Bounded Auth human login (email OTP, inline) —
6
- * the default for most apps. OAuth/social uses loginWithRedirect/
5
+ /** Auth method. Configure exactly one method at init time.
6
+ * 'email' = Bounded Auth human login (email OTP, inline).
7
+ * OAuth/social uses loginWithRedirect/
7
8
  * loginWithPopup rather than authMethod. Text OTP uses hosted/headless OTP
8
9
  * helpers only when explicitly enabled by the Bounded issuer. 'phantom' = connect a Solana wallet (Phantom), for
9
- * crypto/onchain apps that need a real @user.address. 'guest' = zero-config
10
- * anonymous (device keypair). All coexist. */
10
+ * crypto/onchain apps that need a real @user.address. 'guest' = anonymous
11
+ * device-key auth. */
11
12
  authMethod: 'none' | 'email' | 'guest' | 'wallet' | 'rainbowkit' | 'coinbase-smart-wallet' | 'onboard' | 'phantom' | 'mobile-wallet-adapter' | 'privy' | 'privy-expo';
12
13
  wsApiUrl: string;
13
14
  apiUrl: string;
@@ -75,7 +76,6 @@ export interface ClientConfig {
75
76
  cluster?: string;
76
77
  theme?: 'light' | 'dark';
77
78
  };
78
- mockAuth?: boolean;
79
79
  }
80
80
  export declare let clientConfig: ClientConfig;
81
81
  type BoundedEndpoints = Pick<ClientConfig, 'wsApiUrl' | 'apiUrl' | 'authApiUrl' | 'humanAuthApiUrl' | 'functionsUrl'>;
package/dist/index.js CHANGED
@@ -30,8 +30,8 @@ let clientConfig = {
30
30
  // User configured settings
31
31
  name: '',
32
32
  logoUrl: '',
33
- // Bounded production is the out-of-the-box default a Bounded app needs only
34
- // `{ appId }`. Pass `network: 'bounded-staging'` to target staging.
33
+ // Bounded production is the endpoint default. Apps still choose one explicit
34
+ // auth method at init time. Pass `network: 'bounded-staging'` to target staging.
35
35
  network: 'bounded-production',
36
36
  wsApiUrl: 'wss://realtime.bounded.sh',
37
37
  apiUrl: 'https://realtime.bounded.sh',
@@ -39,14 +39,15 @@ let clientConfig = {
39
39
  humanAuthApiUrl: 'https://auth.bounded.sh',
40
40
  functionsUrl: 'https://functions.bounded.sh',
41
41
  appId: '',
42
- // 'email' = Bounded Auth human login (inline email OTP) — the out-of-box default
43
- // for normal apps. Hosted OAuth/social uses loginWithRedirect/loginWithPopup.
42
+ // No hidden auth fallback: browser clients must pass authMethod explicitly
43
+ // (for example 'email', 'guest', 'phantom', 'privy', or 'privy-expo').
44
+ // Hosted OAuth/social uses loginWithRedirect/loginWithPopup with authMethod:'email'.
44
45
  // Text OTP is off by default and uses hosted/headless text helpers only when
45
46
  // Bounded explicitly enables it for the issuer. For
46
47
  // crypto/onchain wallet login use authMethod:'phantom' (Solana / Phantom), or
47
48
  // signInAnonymously() for zero-friction 'guest' accounts. ('wallet' is an
48
49
  // unimplemented stub; don't use.)
49
- authMethod: 'email',
50
+ authMethod: 'none',
50
51
  chain: '',
51
52
  rpcUrl: '',
52
53
  skipBackendInit: true,
@@ -112,10 +113,14 @@ function init(newConfig) {
112
113
  }
113
114
  // Bounded is client-driven: defaults are Bounded production, `network`
114
115
  // switches the whole endpoint set (e.g. 'bounded-staging'), and anything
115
- // passed explicitly wins. No `/config` round-trip `init({ appId })` is
116
- // synchronous and works out of the box.
116
+ // passed explicitly wins. No `/config` round-trip; browser SDKs still pass
117
+ // one explicit authMethod so there is no hidden auth-provider fallback.
117
118
  // defaults (bounded-production) < network preset < explicit newConfig
118
- const preset = (newConfig.network && BOUNDED_NETWORKS[newConfig.network]) || {};
119
+ if (newConfig.network !== undefined && !(newConfig.network in BOUNDED_NETWORKS)) {
120
+ reject(new Error(`Unsupported Bounded network "${String(newConfig.network)}". Expected bounded, bounded-staging, or bounded-production.`));
121
+ return;
122
+ }
123
+ const preset = newConfig.network ? BOUNDED_NETWORKS[newConfig.network] : {};
119
124
  clientConfig = Object.assign(Object.assign(Object.assign({}, clientConfig), preset), newConfig);
120
125
  isInitialized = true;
121
126
  resolve();
@@ -5169,11 +5174,8 @@ async function setMany(many, options) {
5169
5174
  async function handleOffchainTransaction(tx, authProvider, options) {
5170
5175
  var _a, _b, _c, _d, _e, _f;
5171
5176
  const config = await getConfig();
5172
- // 1. Sign the transaction message using mock signing for offchain transactions
5173
- // Use signMessageMock if available (OffchainAuthProvider), otherwise fall back to signMessage
5174
- const signature = authProvider.signMessageMock
5175
- ? await authProvider.signMessageMock(tx.message)
5176
- : await authProvider.signMessage(tx.message);
5177
+ // 1. Sign the transaction message using the provider's canonical signer.
5178
+ const signature = await authProvider.signMessage(tx.message);
5177
5179
  // 2. Create signed transaction
5178
5180
  const signedTx = {
5179
5181
  transaction: tx,