@cartridge/controller 0.13.10-alpha.1 → 0.13.11-alpha.1

package/dist/types.d.ts

@@ -13,11 +13,11 @@ export type KeychainSession = {
         privateKey: string;
     };
 };
-export declare const EMBEDDED_WALLETS: readonly ["google", "webauthn", "discord", "walletconnect", "password"];
+export declare const EMBEDDED_WALLETS: readonly ["google", "webauthn", "discord", "walletconnect", "password", "sms"];
 export type EmbeddedWallet = (typeof EMBEDDED_WALLETS)[number];
-export declare const ALL_AUTH_OPTIONS: readonly ["google", "webauthn", "discord", "walletconnect", "password", "metamask", "rabby", "phantom-evm", "argent", "braavos", "phantom", "base"];
+export declare const ALL_AUTH_OPTIONS: readonly ["google", "webauthn", "discord", "walletconnect", "password", "sms", "metamask", "rabby", "phantom-evm", "argent", "braavos", "phantom", "base"];
 export type AuthOption = (typeof ALL_AUTH_OPTIONS)[number];
-export declare const IMPLEMENTED_AUTH_OPTIONS: ("metamask" | "rabby" | "phantom-evm" | "google" | "webauthn" | "discord" | "walletconnect" | "password")[];
+export declare const IMPLEMENTED_AUTH_OPTIONS: ("metamask" | "rabby" | "phantom-evm" | "google" | "webauthn" | "discord" | "walletconnect" | "password" | "sms")[];
 export type AuthOptions = (typeof IMPLEMENTED_AUTH_OPTIONS)[number][];
 export declare enum ResponseCodes {
     SUCCESS = "SUCCESS",
@@ -102,6 +102,7 @@ export interface Keychain {
     openPurchaseCredits(): void;
     openExecute(calls: Call[]): Promise<void>;
     switchChain(rpcUrl: string): Promise<void>;
+    openBundle(id: number, registryAddress: string, options?: BundleOptions): Promise<void>;
     openStarterPack(id: string | number, options?: StarterpackOptions): Promise<void>;
     navigate(path: string): Promise<void>;
     externalDetectWallets(): Promise<ExternalWallet[]>;
@@ -162,6 +163,8 @@ export type KeychainOptions = IFrameOptions & {
     tokens?: Tokens;
     /** When true, defer iframe mounting until connect() is called. Reduces initial load and resource fetching. */
     lazyload?: boolean;
+    /** When true, force WebAuthn operations to run in a popup window instead of the iframe. Useful for development and testing. */
+    webauthnPopup?: boolean;
 };
 export type ProfileContextTypeVariant = "inventory" | "trophies" | "achievements" | "quests" | "leaderboard" | "activity";
 export type Token = "eth" | "strk" | "lords" | "usdc" | "usdt";
@@ -172,6 +175,15 @@ export type OpenOptions = {
     /** The URL to redirect to after authentication (defaults to current page) */
     redirectUrl?: string;
 };
+export type SocialClaimOptions = {
+    shareMessage: string;
+};
+export type BundleOptions = {
+    /** Callback fired after the Play button closes the starterpack modal */
+    onPurchaseComplete?: () => void;
+    /** Options for social claim conditional starterpack */
+    socialClaimOptions?: SocialClaimOptions;
+};
 export type StarterpackOptions = {
     /** The preimage to use */
     preimage?: string;

package/dist/utils.d.ts

@@ -23,5 +23,4 @@ export declare function toWasmPolicies(policies: ParsedSessionPolicies): Policy[
 export declare function toArray<T>(val: T | T[]): T[];
 export declare function humanizeString(str: string): string;
 export declare function parseChainId(url: URL): ChainId;
-export declare function isMobile(): boolean;
 export declare function sanitizeImageSrc(src: string): string;

package/dist/wallets/ethereum-base.d.ts

@@ -6,12 +6,16 @@ export declare abstract class EthereumWalletBase implements WalletAdapter {
     abstract readonly displayName: string;
     platform: ExternalPlatform | undefined;
     protected account: string | undefined;
-    protected store: import('mipd').Store;
     protected provider: EIP6963ProviderDetail | undefined;
     protected connectedAccounts: string[];
     constructor();
     private getProvider;
     private getEthereumProvider;
+    /**
+     * Fallback provider detection when EIP-6963 announcement is missed.
+     * Subclasses can override to provide wallet-specific fallback logic.
+     */
+    protected getFallbackProvider(): any;
     private initializeIfAvailable;
     private initialized;
     private initializeProvider;

package/dist/wallets/metamask/index.d.ts

@@ -4,4 +4,5 @@ export declare class MetaMaskWallet extends EthereumWalletBase {
     readonly type: ExternalWalletType;
     readonly rdns = "io.metamask";
     readonly displayName = "MetaMask";
+    protected getFallbackProvider(): any;
 }

package/dist/wallets/phantom-evm/index.d.ts

@@ -4,4 +4,5 @@ export declare class PhantomEVMWallet extends EthereumWalletBase {
     readonly type: ExternalWalletType;
     readonly rdns = "app.phantom";
     readonly displayName = "Phantom";
+    protected getFallbackProvider(): any;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cartridge/controller",
-  "version": "0.13.10-alpha.1",
+  "version": "0.13.11-alpha.1",
   "description": "Cartridge Controller",
   "repository": {
     "type": "git",
@@ -26,15 +26,14 @@
     }
   },
   "dependencies": {
-    "@cartridge/controller-wasm": "0.9.4",
+    "@cartridge/controller-wasm": "0.10.0",
     "@cartridge/penpal": "^6.2.4",
     "micro-sol-signer": "^0.5.0",
     "bs58": "^6.0.0",
     "ethers": "^6.13.5",
     "@starknet-io/get-starknet-wallet-standard": "5.0.0-beta.0",
     "@starknet-io/types-js": "0.9.1",
-    "@telegram-apps/sdk": "^2.4.0",
-    "@turnkey/sdk-browser": "^4.0.0",
+    "@turnkey/sdk-browser": "^5.15.2",
     "cbor-x": "^1.5.0",
     "starknet": "^8.5.2",
     "mipd": "^0.0.7",
@@ -56,7 +55,7 @@
     "vite-plugin-node-polyfills": "^0.23.0",
     "vite-plugin-top-level-await": "^1.4.4",
     "vite-plugin-wasm": "^3.4.1",
-    "@cartridge/tsconfig": "0.13.10-alpha.1"
+    "@cartridge/tsconfig": "0.13.11-alpha.1"
   },
   "scripts": {
     "build:deps": "pnpm build:browser && pnpm build:node",

package/src/controller.ts

@@ -32,6 +32,7 @@ import {
   HeadlessUsernameLookupResult,
   StarterpackOptions,
   UpdateSessionOptions,
+  BundleOptions,
 } from "./types";
 import { validateRedirectUrl } from "./url-validator";
 import { parseChainId } from "./utils";
@@ -309,8 +310,9 @@ export default class ControllerProvider extends BaseProvider {
         return this.account;
       }
 
-      // Only open modal if NOT headless
-      this.iframes.keychain.open();
+      if (!headless) {
+        this.iframes.keychain.open();
+      }
 
       // Use connect() parameter if provided, otherwise fall back to constructor options
       const effectiveOptions = Array.isArray(options)
@@ -353,7 +355,6 @@ export default class ControllerProvider extends BaseProvider {
       }
       console.log(e);
     } finally {
-      // Only close modal if it was opened (not headless)
       if (!headless) {
         this.iframes.keychain.close();
       }
@@ -391,7 +392,6 @@ export default class ControllerProvider extends BaseProvider {
 
   async disconnect() {
     this.account = undefined;
-    this.emitAccountsChanged([]);
 
     try {
       if (typeof localStorage !== "undefined") {
@@ -413,8 +413,13 @@ export default class ControllerProvider extends BaseProvider {
       return;
     }
 
+    // Disconnect the keychain (clears iframe localStorage) before emitting
+    // state changes, because emitAccountsChanged can trigger framework
+    // re-renders that navigate or reload the page.
     await this.keychain.disconnect();
-    return this.close();
+    this.close();
+
+    this.emitAccountsChanged([]);
   }
 
   async openProfile(tab: ProfileContextTypeVariant = "inventory") {
@@ -607,6 +612,31 @@ export default class ControllerProvider extends BaseProvider {
     });
   }
 
+  async openBundle(
+    id: number,
+    registryAddress: string,
+    options?: BundleOptions,
+  ): Promise<void> {
+    if (!this.iframes) {
+      return;
+    }
+
+    if (!this.keychain || !this.iframes.keychain) {
+      console.error(new NotReadyToConnect().message);
+      return;
+    }
+
+    const { onPurchaseComplete, ...bundleOptions } = options ?? {};
+    this.iframes.keychain.setOnStarterpackPlay(onPurchaseComplete);
+    const sanitizedOptions =
+      Object.keys(bundleOptions).length > 0
+        ? (bundleOptions as Omit<BundleOptions, "onPurchaseComplete">)
+        : undefined;
+
+    await this.keychain.openBundle(id, registryAddress, sanitizedOptions);
+    this.iframes.keychain?.open();
+  }
+
   async openStarterPack(
     id: string | number,
     options?: StarterpackOptions,

package/src/iframe/keychain.ts

@@ -40,6 +40,7 @@ export class KeychainIFrame extends IFrame<Keychain> {
     encryptedBlob,
     propagateSessionErrors,
     errorDisplayMode,
+    webauthnPopup,
     ...iframeOptions
   }: KeychainIframeOptions) {
     let onStarterpackPlayHandler: (() => Promise<void>) | undefined;
@@ -101,6 +102,10 @@ export class KeychainIFrame extends IFrame<Keychain> {
       _url.searchParams.set("should_override_preset_policies", "true");
     }
 
+    if (webauthnPopup) {
+      _url.searchParams.set("webauthn_popup", "true");
+    }
+
     // Policy precedence logic:
     // 1. If shouldOverridePresetPolicies is true and policies are provided, use policies
     // 2. Otherwise, if preset is defined, ignore provided policies

package/src/lookup.ts

@@ -119,10 +119,13 @@ const HEADLESS_AUTH_OPTIONS: AuthOption[] = [
   "discord",
   "walletconnect",
   "password",
+  "sms",
   "metamask",
   "rabby",
   "phantom-evm",
-].filter((option) => IMPLEMENTED_AUTH_OPTIONS.includes(option));
+].filter((option) =>
+  IMPLEMENTED_AUTH_OPTIONS.includes(option as AuthOption),
+) as AuthOption[];
 
 function normalizeSignerOptions(
   signers: LookupSigner[] | undefined,

package/src/types.ts

@@ -38,6 +38,7 @@ export const EMBEDDED_WALLETS = [
   "discord",
   "walletconnect",
   "password",
+  "sms",
 ] as const;
 
 export type EmbeddedWallet = (typeof EMBEDDED_WALLETS)[number];
@@ -171,6 +172,11 @@ export interface Keychain {
   openPurchaseCredits(): void;
   openExecute(calls: Call[]): Promise<void>;
   switchChain(rpcUrl: string): Promise<void>;
+  openBundle(
+    id: number,
+    registryAddress: string,
+    options?: BundleOptions,
+  ): Promise<void>;
   openStarterPack(
     id: string | number,
     options?: StarterpackOptions,
@@ -259,6 +265,8 @@ export type KeychainOptions = IFrameOptions & {
   tokens?: Tokens;
   /** When true, defer iframe mounting until connect() is called. Reduces initial load and resource fetching. */
   lazyload?: boolean;
+  /** When true, force WebAuthn operations to run in a popup window instead of the iframe. Useful for development and testing. */
+  webauthnPopup?: boolean;
 };
 
 export type ProfileContextTypeVariant =
@@ -280,6 +288,17 @@ export type OpenOptions = {
   redirectUrl?: string;
 };
 
+export type SocialClaimOptions = {
+  shareMessage: string;
+};
+
+export type BundleOptions = {
+  /** Callback fired after the Play button closes the starterpack modal */
+  onPurchaseComplete?: () => void;
+  /** Options for social claim conditional starterpack */
+  socialClaimOptions?: SocialClaimOptions;
+};
+
 export type StarterpackOptions = {
   /** The preimage to use */
   preimage?: string;

package/src/utils.ts

@@ -256,14 +256,6 @@ export function parseChainId(url: URL): ChainId {
   throw new Error(`Chain ${url.toString()} not supported`);
 }
 
-export function isMobile() {
-  return (
-    window.matchMedia("(max-width: 768px)").matches ||
-    "ontouchstart" in window ||
-    navigator.maxTouchPoints > 0
-  );
-}
-
 // Sanitize image src to prevent XSS
 export function sanitizeImageSrc(src: string): string {
   // Allow only http/https URLs (absolute)

package/src/wallets/ethereum-base.ts

@@ -1,6 +1,5 @@
 import { getAddress } from "ethers/address";
-import { createStore, EIP6963ProviderDetail } from "mipd";
-import { isMobile } from "../utils";
+import { createStore, EIP6963ProviderDetail, Store } from "mipd";
 import { chainIdToPlatform } from "./platform";
 import {
   ExternalPlatform,
@@ -10,6 +9,17 @@ import {
   WalletAdapter,
 } from "./types";
 
+// Shared store across all EthereumWalletBase instances so late EIP-6963
+// announcements are captured once and visible to every wallet adapter.
+let sharedStore: Store | undefined;
+
+function getSharedStore(): Store {
+  if (!sharedStore) {
+    sharedStore = createStore();
+  }
+  return sharedStore;
+}
+
 export abstract class EthereumWalletBase implements WalletAdapter {
   abstract readonly type: ExternalWalletType;
   abstract readonly rdns: string;
@@ -17,7 +27,6 @@ export abstract class EthereumWalletBase implements WalletAdapter {
 
   platform: ExternalPlatform | undefined;
   protected account: string | undefined = undefined;
-  protected store = createStore();
   protected provider: EIP6963ProviderDetail | undefined;
   protected connectedAccounts: string[] = [];
 
@@ -26,10 +35,10 @@ export abstract class EthereumWalletBase implements WalletAdapter {
   }
 
   private getProvider(): EIP6963ProviderDetail | undefined {
-    if (!this.provider) {
-      this.provider = this.store
-        .getProviders()
-        .find((provider) => provider.info.rdns === this.rdns);
+    // Use shared store's findProvider which reflects late announcements
+    const found = getSharedStore().findProvider({ rdns: this.rdns as any });
+    if (found) {
+      this.provider = found;
     }
     return this.provider;
   }
@@ -40,15 +49,14 @@ export abstract class EthereumWalletBase implements WalletAdapter {
       return provider.provider;
     }
 
-    // Fallback for MetaMask when not announced via EIP-6963
-    if (
-      this.rdns === "io.metamask" &&
-      typeof window !== "undefined" &&
-      (window as any).ethereum?.isMetaMask
-    ) {
-      return (window as any).ethereum;
-    }
+    return this.getFallbackProvider();
+  }
 
+  /**
+   * Fallback provider detection when EIP-6963 announcement is missed.
+   * Subclasses can override to provide wallet-specific fallback logic.
+   */
+  protected getFallbackProvider(): any {
     return null;
   }
 
@@ -101,29 +109,20 @@ export abstract class EthereumWalletBase implements WalletAdapter {
   }
 
   isAvailable(): boolean {
-    if (isMobile()) {
-      return false;
-    }
-
     // Check dynamically each time, as the provider might be announced after instantiation
     const provider = this.getProvider();
 
-    // Also check for MetaMask via window.ethereum as a fallback for MetaMask specifically
-    if (
-      !provider &&
-      this.rdns === "io.metamask" &&
-      typeof window !== "undefined"
-    ) {
-      // MetaMask might be available via window.ethereum even if not announced via EIP-6963 yet
-      return !!(window as any).ethereum?.isMetaMask;
-    }
-
     // Initialize if we just found the provider
     if (provider && !this.initialized) {
       this.initializeIfAvailable();
     }
 
-    return typeof window !== "undefined" && !!provider;
+    if (provider) {
+      return true;
+    }
+
+    // Fall back to wallet-specific detection when EIP-6963 announcement is missed
+    return typeof window !== "undefined" && !!this.getFallbackProvider();
   }
 
   getInfo(): ExternalWallet {
@@ -158,18 +157,7 @@ export abstract class EthereumWalletBase implements WalletAdapter {
         throw new Error(`${this.displayName} is not available`);
       }
 
-      let ethereum: any;
-      const provider = this.getProvider();
-
-      if (provider) {
-        ethereum = provider.provider;
-      } else if (
-        this.rdns === "io.metamask" &&
-        (window as any).ethereum?.isMetaMask
-      ) {
-        // Fallback for MetaMask when not announced via EIP-6963
-        ethereum = (window as any).ethereum;
-      }
+      const ethereum = this.getEthereumProvider();
 
       if (!ethereum) {
         throw new Error(`${this.displayName} provider not found`);
@@ -183,15 +171,14 @@ export abstract class EthereumWalletBase implements WalletAdapter {
         this.account = getAddress(accounts[0]);
         this.connectedAccounts = accounts.map(getAddress);
 
-        // If we used the fallback, store the ethereum provider for future use
-        if (!provider && this.rdns === "io.metamask") {
-          // Create a mock EIP6963ProviderDetail for consistency
+        // If we used a fallback provider, store it for future use
+        if (!this.getProvider()) {
           this.provider = {
             info: {
-              uuid: "metamask-fallback",
-              name: "MetaMask",
+              uuid: `${this.rdns}-fallback`,
+              name: this.displayName,
               icon: "data:image/svg+xml;base64,",
-              rdns: "io.metamask",
+              rdns: this.rdns,
             },
             provider: ethereum,
           } as EIP6963ProviderDetail;

package/src/wallets/metamask/index.ts

@@ -5,4 +5,10 @@ export class MetaMaskWallet extends EthereumWalletBase {
   readonly type: ExternalWalletType = "metamask";
   readonly rdns = "io.metamask";
   readonly displayName = "MetaMask";
+
+  protected getFallbackProvider(): any {
+    return (window as any).ethereum?.isMetaMask
+      ? (window as any).ethereum
+      : null;
+  }
 }

package/src/wallets/phantom-evm/index.ts

@@ -5,4 +5,8 @@ export class PhantomEVMWallet extends EthereumWalletBase {
   readonly type: ExternalWalletType = "phantom-evm";
   readonly rdns = "app.phantom";
   readonly displayName = "Phantom";
+
+  protected getFallbackProvider(): any {
+    return (window as any).phantom?.ethereum ?? null;
+  }
 }