@burnt-labs/account-management 1.0.0-alpha.8 → 1.0.0-alpha.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,5 +1,5 @@
1
1
 
2
- > @burnt-labs/account-management@1.0.0-alpha.8 build /home/runner/work/xion.js/xion.js/packages/account-management
2
+ > @burnt-labs/account-management@1.0.0-alpha.9 build /home/runner/work/xion.js/xion.js/packages/account-management
3
3
  > tsup
4
4
 
5
5
  CLI Building entry: src/index.ts
@@ -11,11 +11,11 @@ CLI Cleaning output folder
11
11
  CJS Build start
12
12
  ESM Build start
13
13
  DTS Build start
14
- CJS dist/index.js 76.23 KB
15
- CJS dist/index.js.map 181.40 KB
16
- CJS ⚡️ Build success in 504ms
17
- ESM dist/index.mjs 74.02 KB
18
- ESM dist/index.mjs.map 181.40 KB
19
- ESM ⚡️ Build success in 505ms
20
- DTS ⚡️ Build success in 2620ms
21
- DTS dist/index.d.ts 50.79 KB
14
+ ESM dist/index.mjs 74.31 KB
15
+ ESM dist/index.mjs.map 182.35 KB
16
+ ESM ⚡️ Build success in 574ms
17
+ CJS dist/index.js 76.52 KB
18
+ CJS dist/index.js.map 182.35 KB
19
+ CJS ⚡️ Build success in 575ms
20
+ DTS ⚡️ Build success in 3038ms
21
+ DTS dist/index.d.ts 51.28 KB
package/CHANGELOG.md CHANGED
@@ -1,5 +1,68 @@
1
1
  # @burnt-labs/account-management
2
2
 
3
+ ## 1.0.0-alpha.9
4
+
5
+ ### Patch Changes
6
+
7
+ - [#340](https://github.com/burnt-labs/xion.js/pull/340) [`1a387ca`](https://github.com/burnt-labs/xion.js/commit/1a387cabe46a20c6a88fc32e51c8f88f99ccddf1) Thanks [@ertemann](https://github.com/ertemann)! - Add embedded wallets with popup, auto, and embedded authentication modes. Also add direct signing (`requireAuth`) for transactions that need meta-account authorization instead of session keys.
8
+
9
+ ## What's new
10
+ - **Popup mode** — opens auth app in a popup window; user stays on the dApp page, popup closes on success
11
+ - **Auto mode** — automatically picks popup (desktop) or redirect (mobile/PWA) based on device detection
12
+ - **Embedded mode** (`type: "embedded"`) — embeds dashboard inside your page via `MessageChannel`-based communication. New `<AbstraxionEmbed>` drop-in component handles all wiring — just place it in your layout and use hooks like any other mode
13
+ - **Direct signing (`requireAuth: true`)** — meta-account signs transactions directly instead of using session keys; user pays gas from their XION balance. For txs that won't be secure using session keys, like big transfers, smart account management etc.
14
+ - **`isDisconnected` flag** — `useAbstraxionAccount` now returns `isDisconnected: boolean`, true only after an explicit user logout. Prevents `<AbstraxionEmbed autoConnect>` from silently re-authenticating after logout
15
+ - **`isAwaitingApproval` flag** — context exposes `isAwaitingApproval: boolean`, true while a `requireAuth` signing request is pending and the iframe needs to be visible
16
+
17
+ Non user facing:
18
+ - **Signing clients per auth mode** — `PopupSigningClient`, `RedirectSigningClient`, `IframeSigningClient` for direct signing in each mode
19
+ - **`resolveAutoAuth` utility** — mobile/standalone detection heuristic (user-agent, touch, viewport, orientation, PWA)
20
+ - **Wrong-wallet signing guard** — prevents signing from a wallet that doesn't match the connected account
21
+ - **UTF-8-safe base64 encoding** — `toBase64`/`fromBase64` in `@burnt-labs/signers` for safe encoding of Unicode payloads (emoji, non-Latin scripts)
22
+ - **Treasury grant restoration fix** — handles ABCI REST format change that broke session restoration (`decodeRestFormatAuthorization` in abstraxion-core)
23
+ - **Embedded URL constants** — `getIframeUrl(chainId)` added to `@burnt-labs/constants` for per-chain dashboard URLs
24
+ - **New core exports** — `MessageChannelManager`, `TypedEventEmitter`, `IframeMessageType`, `MessageTarget` from abstraxion-core; `AAClient`, `IframeController` from abstraxion
25
+ - **`disconnected` state in account state machine** — new `AccountState` status distinct from `idle`, set only after an explicit logout. New `EXPLICITLY_DISCONNECTED` action and `AccountStateGuards.isDisconnected()` type guard. All four controllers dispatch this instead of `RESET` on disconnect
26
+ - **`authMode` derived from controller instance** — `AbstraxionProvider` now derives `authMode` from the live controller type instead of re-running `resolveAutoAuth` on every render, preventing SSR/client hydration mismatches and viewport-resize flips
27
+
28
+ ## AbstraxionEmbed redesign
29
+
30
+ `<AbstraxionEmbed>` has been redesigned with full lifecycle control props replacing the single `autoConnect` boolean:
31
+ - **`idleView`** (`"button" | "fullview" | "hidden"`, default `"button"`) — what to show before the user logs in
32
+ - **`disconnectedView`** (same options, default: same as `idleView`) — what to show after an explicit logout
33
+ - **`connectedView`** (`"hidden" | "visible"`, default `"hidden"`) — whether to keep the iframe visible after connecting
34
+ - **`approvalView`** (`"modal" | "inline"`, default `"modal"`) — how to display the iframe when a `requireAuth` signing request is pending
35
+ - **`loginLabel`**, **`loginButtonClassName`**, **`loginButtonStyle`** — customise the login button
36
+ - **`modalClassName`**, **`modalStyle`** — customise the approval modal wrapper
37
+
38
+ ## Dashboard changes (xion-dashboard-app `feat/embedded-wallets`)
39
+
40
+ These dashboard changes are required for the new SDK modes to work:
41
+ - **Popup mode support** — dashboard can now run inside a popup window opened by the SDK, communicating auth results back via `postMessage` and closing automatically on success
42
+ - **Redirect-within-popup for OAuth** — when using popup mode, OAuth providers (Stytch) redirect inside the popup instead of opening yet another popup
43
+ - **SignTransactionView** — new view for approving individual transactions sent via `requireAuth` / direct signing (popup, redirect, and embedded modes)
44
+ - **Embedded mode** — dashboard renders inside an iframe with transparent background; old `IframeApp/` components removed in favor of the main app with `?iframe=true` search param
45
+ - **LoginConnectConfirm** — new approval screen for no-grant-config flows (empty treasury or direct-signing-only grantee); shows app branding and "Connect / Deny / Use a different account"
46
+ - **Empty treasury support** — treasury address present but no grant configs no longer throws; dashboard routes to `LoginConnectConfirm` instead of `LoginGrantApproval`
47
+ - **SDK-only disconnect** — disconnect from the SDK side sends `HARD_DISCONNECT` and tears down the iframe; "Use a different account" stays within the iframe (no parent notification) so the user can re-login without a white-screen flash
48
+ - **`switchAccount()`** hook function — new export from `useXionDisconnect`; clears session locally without notifying parent, used by "Use a different account" buttons
49
+ - **Origin validation on callbacks** — `postMessage` origin checks upgraded for security in embedded/popup communication
50
+ - **Wrong-address signing guard** — dashboard rejects signing requests if the requested signer doesn't match the logged-in account
51
+
52
+ ## Packages changed
53
+ - **`@burnt-labs/abstraxion`** — new `<AbstraxionEmbed>` component (redesigned), new controllers (`PopupController`, `IframeController`), signing clients, auto mode resolution, expanded `useAbstraxionSigningClient` with `requireAuth` support, `isDisconnected`/`isAwaitingApproval` context values, `authMode` derived from controller instance, new type exports (`EmbeddedAuthentication`, `PopupAuthentication`, `AutoAuthentication`, `SignResult`, `SigningClient`)
54
+ - **`@burnt-labs/abstraxion-core`** — `MessageChannelManager`, `TypedEventEmitter`, iframe message types, `decodeRestFormatAuthorization` grant decoding, treasury grant restoration fix
55
+ - **`@burnt-labs/account-management`** — `disconnected` account state, `EXPLICITLY_DISCONNECTED` action, `AccountStateGuards.isDisconnected()` type guard
56
+ - **`@burnt-labs/constants`** — `getIframeUrl(chainId)`, per-chain dashboard URL constants for mainnet/testnet
57
+ - **`@burnt-labs/signers`** — `toBase64`/`fromBase64` encoding utils, `ZKEmail` authenticator type support
58
+ - **`demo-app`** — new demos: `popup-demo/`, `embedded-dynamic/`, `embedded-inline/`, `direct-signing-demo/` (with MetaMask via `useMetamask` hook); removed old `inline-demo/`
59
+
60
+ For full details, usage examples, and migration guide see [`LATEST_VERSION_OVERVIEW.md`](../LATEST_VERSION_OVERVIEW.md) and the demo apps in [`apps/demo-app/`](../apps/demo-app/).
61
+
62
+ - Updated dependencies [[`1a387ca`](https://github.com/burnt-labs/xion.js/commit/1a387cabe46a20c6a88fc32e51c8f88f99ccddf1)]:
63
+ - @burnt-labs/abstraxion-core@1.0.0-alpha.68
64
+ - @burnt-labs/signers@1.0.0-alpha.7
65
+
3
66
  ## 1.0.0-alpha.8
4
67
 
5
68
  ### Patch Changes
package/dist/index.d.ts CHANGED
@@ -917,9 +917,15 @@ interface AccountInfo {
917
917
  *
918
918
  * Note: The 'configuring-permissions' status represents setting up session permissions/authorization,
919
919
  * not creating the session key itself (which happens during connecting).
920
+ *
921
+ * 'disconnected' is distinct from 'idle': it means the user explicitly logged out in this
922
+ * page session. Consumers (e.g. AbstraxionEmbed's autoConnect) should not auto-connect from
923
+ * this state — the user must deliberately initiate a new login.
920
924
  */
921
925
  type AccountState = {
922
926
  status: "idle";
927
+ } | {
928
+ status: "disconnected";
923
929
  } | {
924
930
  status: "initializing";
925
931
  } | {
@@ -962,6 +968,8 @@ type AccountStateAction = {
962
968
  error: string;
963
969
  } | {
964
970
  type: "RESET";
971
+ } | {
972
+ type: "EXPLICITLY_DISCONNECTED";
965
973
  };
966
974
  /**
967
975
  * State transition guard functions
@@ -971,6 +979,10 @@ declare const AccountStateGuards: {
971
979
  isIdle: (state: AccountState) => state is {
972
980
  status: "idle";
973
981
  };
982
+ /** Check if state is disconnected (user explicitly logged out) */
983
+ isDisconnected: (state: AccountState) => state is {
984
+ status: "disconnected";
985
+ };
974
986
  /** Check if state is initializing */
975
987
  isInitializing: (state: AccountState) => state is {
976
988
  status: "initializing";
package/dist/index.js CHANGED
@@ -2166,6 +2166,8 @@ var ConnectionOrchestrator = class {
2166
2166
  var AccountStateGuards = {
2167
2167
  /** Check if state is idle */
2168
2168
  isIdle: (state) => state.status === "idle",
2169
+ /** Check if state is disconnected (user explicitly logged out) */
2170
+ isDisconnected: (state) => state.status === "disconnected",
2169
2171
  /** Check if state is initializing */
2170
2172
  isInitializing: (state) => state.status === "initializing",
2171
2173
  /** Check if state is redirecting */
@@ -2205,6 +2207,8 @@ function accountStateReducer(state, action) {
2205
2207
  return { status: "error", error: action.error };
2206
2208
  case "RESET":
2207
2209
  return { status: "idle" };
2210
+ case "EXPLICITLY_DISCONNECTED":
2211
+ return { status: "disconnected" };
2208
2212
  default:
2209
2213
  return state;
2210
2214
  }
@@ -2213,13 +2217,16 @@ function isValidTransition(from, to) {
2213
2217
  if (to === "RESET") {
2214
2218
  return true;
2215
2219
  }
2220
+ if (to === "EXPLICITLY_DISCONNECTED") {
2221
+ return true;
2222
+ }
2216
2223
  if (to === "INITIALIZE" && from.status === "idle") {
2217
2224
  return true;
2218
2225
  }
2219
2226
  if (to === "START_REDIRECT" && from.status === "initializing") {
2220
2227
  return true;
2221
2228
  }
2222
- if (to === "START_CONNECT" && (from.status === "initializing" || from.status === "idle")) {
2229
+ if (to === "START_CONNECT" && (from.status === "initializing" || from.status === "idle" || from.status === "disconnected")) {
2223
2230
  return true;
2224
2231
  }
2225
2232
  if (to === "START_CONFIGURING_PERMISSIONS" && from.status === "connecting") {