@burnt-labs/account-management 1.0.0-alpha.7 → 1.0.0-alpha.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.turbo/turbo-build.log +9 -9
- package/CHANGELOG.md +69 -0
- package/dist/index.d.ts +12 -0
- package/dist/index.js +12 -14
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +12 -14
- package/dist/index.mjs.map +1 -1
- package/package.json +4 -4
- package/src/grants/__tests__/construction.test.ts +18 -20
- package/src/grants/__tests__/discovery.test.ts +0 -15
- package/src/grants/construction.ts +5 -1
- package/src/grants/discovery.ts +0 -6
- package/src/grants/strategies/__tests__/treasury-direct-query-strategy.test.ts +28 -21
- package/src/grants/strategies/treasury-direct-query-strategy.ts +6 -11
- package/src/orchestrator/flow/grantCreation.ts +3 -1
- package/src/state/__tests__/accountState.test.ts +109 -0
- package/src/state/accountState.ts +23 -3
package/.turbo/turbo-build.log
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
|
|
2
|
-
> @burnt-labs/account-management@1.0.0-alpha.
|
|
2
|
+
> @burnt-labs/account-management@1.0.0-alpha.9 build /home/runner/work/xion.js/xion.js/packages/account-management
|
|
3
3
|
> tsup
|
|
4
4
|
|
|
5
5
|
CLI Building entry: src/index.ts
|
|
@@ -11,11 +11,11 @@ CLI Cleaning output folder
|
|
|
11
11
|
CJS Build start
|
|
12
12
|
ESM Build start
|
|
13
13
|
DTS Build start
|
|
14
|
-
ESM dist/index.mjs 74.
|
|
15
|
-
ESM dist/index.mjs.map
|
|
16
|
-
ESM ⚡️ Build success in
|
|
17
|
-
CJS dist/index.js 76.
|
|
18
|
-
CJS dist/index.js.map
|
|
19
|
-
CJS ⚡️ Build success in
|
|
20
|
-
DTS ⚡️ Build success in
|
|
21
|
-
DTS dist/index.d.ts
|
|
14
|
+
ESM dist/index.mjs 74.31 KB
|
|
15
|
+
ESM dist/index.mjs.map 182.35 KB
|
|
16
|
+
ESM ⚡️ Build success in 574ms
|
|
17
|
+
CJS dist/index.js 76.52 KB
|
|
18
|
+
CJS dist/index.js.map 182.35 KB
|
|
19
|
+
CJS ⚡️ Build success in 575ms
|
|
20
|
+
DTS ⚡️ Build success in 3038ms
|
|
21
|
+
DTS dist/index.d.ts 51.28 KB
|
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,74 @@
|
|
|
1
1
|
# @burnt-labs/account-management
|
|
2
2
|
|
|
3
|
+
## 1.0.0-alpha.9
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- [#340](https://github.com/burnt-labs/xion.js/pull/340) [`1a387ca`](https://github.com/burnt-labs/xion.js/commit/1a387cabe46a20c6a88fc32e51c8f88f99ccddf1) Thanks [@ertemann](https://github.com/ertemann)! - Add embedded wallets with popup, auto, and embedded authentication modes. Also add direct signing (`requireAuth`) for transactions that need meta-account authorization instead of session keys.
|
|
8
|
+
|
|
9
|
+
## What's new
|
|
10
|
+
- **Popup mode** — opens auth app in a popup window; user stays on the dApp page, popup closes on success
|
|
11
|
+
- **Auto mode** — automatically picks popup (desktop) or redirect (mobile/PWA) based on device detection
|
|
12
|
+
- **Embedded mode** (`type: "embedded"`) — embeds dashboard inside your page via `MessageChannel`-based communication. New `<AbstraxionEmbed>` drop-in component handles all wiring — just place it in your layout and use hooks like any other mode
|
|
13
|
+
- **Direct signing (`requireAuth: true`)** — meta-account signs transactions directly instead of using session keys; user pays gas from their XION balance. For txs that won't be secure using session keys, like big transfers, smart account management etc.
|
|
14
|
+
- **`isDisconnected` flag** — `useAbstraxionAccount` now returns `isDisconnected: boolean`, true only after an explicit user logout. Prevents `<AbstraxionEmbed autoConnect>` from silently re-authenticating after logout
|
|
15
|
+
- **`isAwaitingApproval` flag** — context exposes `isAwaitingApproval: boolean`, true while a `requireAuth` signing request is pending and the iframe needs to be visible
|
|
16
|
+
|
|
17
|
+
Non user facing:
|
|
18
|
+
- **Signing clients per auth mode** — `PopupSigningClient`, `RedirectSigningClient`, `IframeSigningClient` for direct signing in each mode
|
|
19
|
+
- **`resolveAutoAuth` utility** — mobile/standalone detection heuristic (user-agent, touch, viewport, orientation, PWA)
|
|
20
|
+
- **Wrong-wallet signing guard** — prevents signing from a wallet that doesn't match the connected account
|
|
21
|
+
- **UTF-8-safe base64 encoding** — `toBase64`/`fromBase64` in `@burnt-labs/signers` for safe encoding of Unicode payloads (emoji, non-Latin scripts)
|
|
22
|
+
- **Treasury grant restoration fix** — handles ABCI REST format change that broke session restoration (`decodeRestFormatAuthorization` in abstraxion-core)
|
|
23
|
+
- **Embedded URL constants** — `getIframeUrl(chainId)` added to `@burnt-labs/constants` for per-chain dashboard URLs
|
|
24
|
+
- **New core exports** — `MessageChannelManager`, `TypedEventEmitter`, `IframeMessageType`, `MessageTarget` from abstraxion-core; `AAClient`, `IframeController` from abstraxion
|
|
25
|
+
- **`disconnected` state in account state machine** — new `AccountState` status distinct from `idle`, set only after an explicit logout. New `EXPLICITLY_DISCONNECTED` action and `AccountStateGuards.isDisconnected()` type guard. All four controllers dispatch this instead of `RESET` on disconnect
|
|
26
|
+
- **`authMode` derived from controller instance** — `AbstraxionProvider` now derives `authMode` from the live controller type instead of re-running `resolveAutoAuth` on every render, preventing SSR/client hydration mismatches and viewport-resize flips
|
|
27
|
+
|
|
28
|
+
## AbstraxionEmbed redesign
|
|
29
|
+
|
|
30
|
+
`<AbstraxionEmbed>` has been redesigned with full lifecycle control props replacing the single `autoConnect` boolean:
|
|
31
|
+
- **`idleView`** (`"button" | "fullview" | "hidden"`, default `"button"`) — what to show before the user logs in
|
|
32
|
+
- **`disconnectedView`** (same options, default: same as `idleView`) — what to show after an explicit logout
|
|
33
|
+
- **`connectedView`** (`"hidden" | "visible"`, default `"hidden"`) — whether to keep the iframe visible after connecting
|
|
34
|
+
- **`approvalView`** (`"modal" | "inline"`, default `"modal"`) — how to display the iframe when a `requireAuth` signing request is pending
|
|
35
|
+
- **`loginLabel`**, **`loginButtonClassName`**, **`loginButtonStyle`** — customise the login button
|
|
36
|
+
- **`modalClassName`**, **`modalStyle`** — customise the approval modal wrapper
|
|
37
|
+
|
|
38
|
+
## Dashboard changes (xion-dashboard-app `feat/embedded-wallets`)
|
|
39
|
+
|
|
40
|
+
These dashboard changes are required for the new SDK modes to work:
|
|
41
|
+
- **Popup mode support** — dashboard can now run inside a popup window opened by the SDK, communicating auth results back via `postMessage` and closing automatically on success
|
|
42
|
+
- **Redirect-within-popup for OAuth** — when using popup mode, OAuth providers (Stytch) redirect inside the popup instead of opening yet another popup
|
|
43
|
+
- **SignTransactionView** — new view for approving individual transactions sent via `requireAuth` / direct signing (popup, redirect, and embedded modes)
|
|
44
|
+
- **Embedded mode** — dashboard renders inside an iframe with transparent background; old `IframeApp/` components removed in favor of the main app with `?iframe=true` search param
|
|
45
|
+
- **LoginConnectConfirm** — new approval screen for no-grant-config flows (empty treasury or direct-signing-only grantee); shows app branding and "Connect / Deny / Use a different account"
|
|
46
|
+
- **Empty treasury support** — treasury address present but no grant configs no longer throws; dashboard routes to `LoginConnectConfirm` instead of `LoginGrantApproval`
|
|
47
|
+
- **SDK-only disconnect** — disconnect from the SDK side sends `HARD_DISCONNECT` and tears down the iframe; "Use a different account" stays within the iframe (no parent notification) so the user can re-login without a white-screen flash
|
|
48
|
+
- **`switchAccount()`** hook function — new export from `useXionDisconnect`; clears session locally without notifying parent, used by "Use a different account" buttons
|
|
49
|
+
- **Origin validation on callbacks** — `postMessage` origin checks upgraded for security in embedded/popup communication
|
|
50
|
+
- **Wrong-address signing guard** — dashboard rejects signing requests if the requested signer doesn't match the logged-in account
|
|
51
|
+
|
|
52
|
+
## Packages changed
|
|
53
|
+
- **`@burnt-labs/abstraxion`** — new `<AbstraxionEmbed>` component (redesigned), new controllers (`PopupController`, `IframeController`), signing clients, auto mode resolution, expanded `useAbstraxionSigningClient` with `requireAuth` support, `isDisconnected`/`isAwaitingApproval` context values, `authMode` derived from controller instance, new type exports (`EmbeddedAuthentication`, `PopupAuthentication`, `AutoAuthentication`, `SignResult`, `SigningClient`)
|
|
54
|
+
- **`@burnt-labs/abstraxion-core`** — `MessageChannelManager`, `TypedEventEmitter`, iframe message types, `decodeRestFormatAuthorization` grant decoding, treasury grant restoration fix
|
|
55
|
+
- **`@burnt-labs/account-management`** — `disconnected` account state, `EXPLICITLY_DISCONNECTED` action, `AccountStateGuards.isDisconnected()` type guard
|
|
56
|
+
- **`@burnt-labs/constants`** — `getIframeUrl(chainId)`, per-chain dashboard URL constants for mainnet/testnet
|
|
57
|
+
- **`@burnt-labs/signers`** — `toBase64`/`fromBase64` encoding utils, `ZKEmail` authenticator type support
|
|
58
|
+
- **`demo-app`** — new demos: `popup-demo/`, `embedded-dynamic/`, `embedded-inline/`, `direct-signing-demo/` (with MetaMask via `useMetamask` hook); removed old `inline-demo/`
|
|
59
|
+
|
|
60
|
+
For full details, usage examples, and migration guide see [`LATEST_VERSION_OVERVIEW.md`](../LATEST_VERSION_OVERVIEW.md) and the demo apps in [`apps/demo-app/`](../apps/demo-app/).
|
|
61
|
+
|
|
62
|
+
- Updated dependencies [[`1a387ca`](https://github.com/burnt-labs/xion.js/commit/1a387cabe46a20c6a88fc32e51c8f88f99ccddf1)]:
|
|
63
|
+
- @burnt-labs/abstraxion-core@1.0.0-alpha.68
|
|
64
|
+
- @burnt-labs/signers@1.0.0-alpha.7
|
|
65
|
+
|
|
66
|
+
## 1.0.0-alpha.8
|
|
67
|
+
|
|
68
|
+
### Patch Changes
|
|
69
|
+
|
|
70
|
+
- [#348](https://github.com/burnt-labs/xion.js/pull/348) [`00ac279`](https://github.com/burnt-labs/xion.js/commit/00ac279a15f1845f62d63507ceb02ec70e5c5dc1) Thanks [@justinbarry](https://github.com/justinbarry)! - Fix treasury queries failing for contracts with no grant configs. `DirectQueryTreasuryStrategy` now returns empty `grantConfigs` instead of throwing "Treasury config not found".
|
|
71
|
+
|
|
3
72
|
## 1.0.0-alpha.7
|
|
4
73
|
|
|
5
74
|
### Patch Changes
|
package/dist/index.d.ts
CHANGED
|
@@ -917,9 +917,15 @@ interface AccountInfo {
|
|
|
917
917
|
*
|
|
918
918
|
* Note: The 'configuring-permissions' status represents setting up session permissions/authorization,
|
|
919
919
|
* not creating the session key itself (which happens during connecting).
|
|
920
|
+
*
|
|
921
|
+
* 'disconnected' is distinct from 'idle': it means the user explicitly logged out in this
|
|
922
|
+
* page session. Consumers (e.g. AbstraxionEmbed's autoConnect) should not auto-connect from
|
|
923
|
+
* this state — the user must deliberately initiate a new login.
|
|
920
924
|
*/
|
|
921
925
|
type AccountState = {
|
|
922
926
|
status: "idle";
|
|
927
|
+
} | {
|
|
928
|
+
status: "disconnected";
|
|
923
929
|
} | {
|
|
924
930
|
status: "initializing";
|
|
925
931
|
} | {
|
|
@@ -962,6 +968,8 @@ type AccountStateAction = {
|
|
|
962
968
|
error: string;
|
|
963
969
|
} | {
|
|
964
970
|
type: "RESET";
|
|
971
|
+
} | {
|
|
972
|
+
type: "EXPLICITLY_DISCONNECTED";
|
|
965
973
|
};
|
|
966
974
|
/**
|
|
967
975
|
* State transition guard functions
|
|
@@ -971,6 +979,10 @@ declare const AccountStateGuards: {
|
|
|
971
979
|
isIdle: (state: AccountState) => state is {
|
|
972
980
|
status: "idle";
|
|
973
981
|
};
|
|
982
|
+
/** Check if state is disconnected (user explicitly logged out) */
|
|
983
|
+
isDisconnected: (state: AccountState) => state is {
|
|
984
|
+
status: "disconnected";
|
|
985
|
+
};
|
|
974
986
|
/** Check if state is initializing */
|
|
975
987
|
isInitializing: (state: AccountState) => state is {
|
|
976
988
|
status: "initializing";
|
package/dist/index.js
CHANGED
|
@@ -374,11 +374,6 @@ async function queryTreasuryContractWithPermissions(contractAddress, client, acc
|
|
|
374
374
|
contractAddress,
|
|
375
375
|
client
|
|
376
376
|
);
|
|
377
|
-
if (!treasuryConfig) {
|
|
378
|
-
throw new Error(
|
|
379
|
-
"Something went wrong querying the treasury contract for grants"
|
|
380
|
-
);
|
|
381
|
-
}
|
|
382
377
|
const decodedGrantsWithDappDescription = treasuryConfig.grantConfigs.map((grantConfig) => {
|
|
383
378
|
return {
|
|
384
379
|
...abstraxionCore.decodeAuthorization(
|
|
@@ -452,7 +447,7 @@ async function generateTreasuryGrants(contractAddress, client, granter, grantee,
|
|
|
452
447
|
);
|
|
453
448
|
}
|
|
454
449
|
if (!treasuryConfig.grantConfigs || treasuryConfig.grantConfigs.length === 0) {
|
|
455
|
-
|
|
450
|
+
return [];
|
|
456
451
|
}
|
|
457
452
|
const grantMessages = treasuryConfig.grantConfigs.map((grantConfig) => {
|
|
458
453
|
return constructTreasuryGrantMessage(
|
|
@@ -1087,11 +1082,7 @@ var DirectQueryTreasuryStrategy = class {
|
|
|
1087
1082
|
const chainId = await client.getChainId();
|
|
1088
1083
|
const cacheKey = `${treasuryAddress}:${chainId}`;
|
|
1089
1084
|
return await this.cache.get(cacheKey, async () => {
|
|
1090
|
-
|
|
1091
|
-
if (!result) {
|
|
1092
|
-
throw new Error("Treasury config not found");
|
|
1093
|
-
}
|
|
1094
|
-
return result;
|
|
1085
|
+
return this.queryContract(treasuryAddress, client);
|
|
1095
1086
|
});
|
|
1096
1087
|
}
|
|
1097
1088
|
async queryContract(treasuryAddress, client) {
|
|
@@ -1103,8 +1094,9 @@ var DirectQueryTreasuryStrategy = class {
|
|
|
1103
1094
|
treasuryAddress,
|
|
1104
1095
|
queryTreasuryContractMsg
|
|
1105
1096
|
);
|
|
1097
|
+
const params = await this.fetchTreasuryParams(client, treasuryAddress);
|
|
1106
1098
|
if (!queryAllTypeUrlsResponse || queryAllTypeUrlsResponse.length === 0) {
|
|
1107
|
-
return
|
|
1099
|
+
return { grantConfigs: [], params };
|
|
1108
1100
|
}
|
|
1109
1101
|
const grantConfigs = await Promise.all(
|
|
1110
1102
|
queryAllTypeUrlsResponse.map(async (typeUrl) => {
|
|
@@ -1123,7 +1115,6 @@ var DirectQueryTreasuryStrategy = class {
|
|
|
1123
1115
|
return grantConfig;
|
|
1124
1116
|
})
|
|
1125
1117
|
);
|
|
1126
|
-
const params = await this.fetchTreasuryParams(client, treasuryAddress);
|
|
1127
1118
|
return {
|
|
1128
1119
|
grantConfigs,
|
|
1129
1120
|
params
|
|
@@ -2175,6 +2166,8 @@ var ConnectionOrchestrator = class {
|
|
|
2175
2166
|
var AccountStateGuards = {
|
|
2176
2167
|
/** Check if state is idle */
|
|
2177
2168
|
isIdle: (state) => state.status === "idle",
|
|
2169
|
+
/** Check if state is disconnected (user explicitly logged out) */
|
|
2170
|
+
isDisconnected: (state) => state.status === "disconnected",
|
|
2178
2171
|
/** Check if state is initializing */
|
|
2179
2172
|
isInitializing: (state) => state.status === "initializing",
|
|
2180
2173
|
/** Check if state is redirecting */
|
|
@@ -2214,6 +2207,8 @@ function accountStateReducer(state, action) {
|
|
|
2214
2207
|
return { status: "error", error: action.error };
|
|
2215
2208
|
case "RESET":
|
|
2216
2209
|
return { status: "idle" };
|
|
2210
|
+
case "EXPLICITLY_DISCONNECTED":
|
|
2211
|
+
return { status: "disconnected" };
|
|
2217
2212
|
default:
|
|
2218
2213
|
return state;
|
|
2219
2214
|
}
|
|
@@ -2222,13 +2217,16 @@ function isValidTransition(from, to) {
|
|
|
2222
2217
|
if (to === "RESET") {
|
|
2223
2218
|
return true;
|
|
2224
2219
|
}
|
|
2220
|
+
if (to === "EXPLICITLY_DISCONNECTED") {
|
|
2221
|
+
return true;
|
|
2222
|
+
}
|
|
2225
2223
|
if (to === "INITIALIZE" && from.status === "idle") {
|
|
2226
2224
|
return true;
|
|
2227
2225
|
}
|
|
2228
2226
|
if (to === "START_REDIRECT" && from.status === "initializing") {
|
|
2229
2227
|
return true;
|
|
2230
2228
|
}
|
|
2231
|
-
if (to === "START_CONNECT" && (from.status === "initializing" || from.status === "idle")) {
|
|
2229
|
+
if (to === "START_CONNECT" && (from.status === "initializing" || from.status === "idle" || from.status === "disconnected")) {
|
|
2232
2230
|
return true;
|
|
2233
2231
|
}
|
|
2234
2232
|
if (to === "START_CONFIGURING_PERMISSIONS" && from.status === "connecting") {
|