@coinbase/cdp-core 0.0.32 → 0.0.34

package/dist/esm/index.web5.js

@@ -1,128 +1,171 @@
-import { configureCdpApiClient as A, setAuthManager as v, initiateAuthentication as S, createEndUserEvmAccount as E, createEndUserEvmSmartAccount as p, verifyEmailAuthentication as k, verifySmsAuthentication as U, signEvmHashWithEndUserAccount as M, signEvmTransactionWithEndUserAccount as T, sendEvmTransactionWithEndUserAccount as P, signEvmMessageWithEndUserAccount as j, signEvmTypedDataWithEndUserAccount as C, sendUserOperationWithEndUserAccount as O, getUserOperationWithEndUserAccount as x, exportEndUserEvmAccount as H } from "@coinbase/cdp-api-client";
-import { AuthManager as W } from "./index.web6.js";
-import { toAuthState as m } from "./index.web12.js";
+import { configureCdpApiClient as h, setAuthManager as I, initiateAuthentication as A, createEndUserSolanaAccount as v, createEndUserEvmAccount as k, createEndUserEvmSmartAccount as d, verifyEmailAuthentication as S, verifySmsAuthentication as E, signEvmHashWithEndUserAccount as U, signEvmTransactionWithEndUserAccount as T, signSolanaTransactionWithEndUserAccount as M, sendEvmTransactionWithEndUserAccount as j, sendSolanaTransactionWithEndUserAccount as P, signEvmMessageWithEndUserAccount as O, signEvmTypedDataWithEndUserAccount as C, sendUserOperationWithEndUserAccount as x, getUserOperationWithEndUserAccount as W, exportEndUserEvmAccount as H } from "@coinbase/cdp-api-client";
+import { AuthManager as b } from "./index.web6.js";
+import { toAuthState as u } from "./index.web12.js";
 import { withAuth as o } from "./index.web13.js";
-import { MockAuthManager as b } from "./index.web14.js";
-import { mockUser as h } from "./index.web15.js";
-import { getPlatformCrypto as K } from "./index.web2.js";
-import { isChainSupportedForCDPSends as D } from "./index.web16.js";
-import { getConfig as t, setCoreAuthManager as w, getCoreAuthManager as s, setConfig as z } from "./index.web17.js";
+import { MockAuthManager as K } from "./index.web14.js";
+import { mockUser as g } from "./index.web15.js";
+import { getPlatformServices as l, getPlatformCrypto as D } from "./index.web2.js";
+import { isChainSupportedForCDPSends as _ } from "./index.web16.js";
+import { getConfig as n, setCoreAuthManager as m, getCoreAuthManager as a, setConfig as N } from "./index.web17.js";
 import "viem";
-import { serializeTransaction as y } from "./index.web18.js";
-const Y = async (e) => {
+import { serializeTransaction as w } from "./index.web18.js";
+const R = async (e) => {
   if (!e.projectId)
     throw new Error("Project ID is required");
-  let n;
+  let r;
   try {
-    n = t().projectId !== e.projectId;
+    r = n().projectId !== e.projectId;
   } catch {
-    n = !0;
+    r = !0;
   }
-  if (z(e), t().useMock) {
-    w(new b(t().projectId));
+  if (N(e), n().useMock) {
+    m(new K(n().projectId));
     return;
   }
-  if (A({
-    debugging: t().debugging,
-    basePath: t().basePath
-  }), n) {
-    const r = new W(t().projectId);
-    w(r), v(r);
+  let t;
+  try {
+    const s = l();
+    t = s.secureStorage ? {
+      getRefreshToken: () => s.secureStorage.getItem("cdp_refresh_token"),
+      setRefreshToken: (c) => s.secureStorage.setItem("cdp_refresh_token", c),
+      removeRefreshToken: () => s.secureStorage.removeItem("cdp_refresh_token")
+    } : void 0;
+  } catch {
+    t = void 0;
+  }
+  if (h({
+    debugging: n().debugging,
+    basePath: n().basePath,
+    refreshTokenStorage: t
+  }), r) {
+    const s = new b(n().projectId);
+    m(s), I(s);
   }
-  await s().ensureInitialized();
-}, Z = async (e) => l({
+  await a().ensureInitialized();
+}, ee = async (e) => p({
   email: e.email,
   type: "email"
-}), _ = async (e) => l({
+}), re = async (e) => p({
   phoneNumber: e.phoneNumber,
   type: "sms"
-}), ee = async (e) => f(
+}), te = async (e) => y(
   e,
   "Mock email OTP verified",
-  (n, r) => k(n, r)
-), te = async (e) => f(
+  (r, t) => S(r, t)
+), ne = async (e) => y(
   e,
   "Mock SMS OTP verified",
-  (n, r) => U(n, r)
-), re = async () => s().getUser(), ne = async () => s().isSignedIn(), se = async () => {
-  if (t().useMock) {
-    await s().signOut();
+  (r, t) => E(r, t)
+), se = async () => a().getUser(), ae = async () => a().isSignedIn(), ce = async () => {
+  if (n().useMock) {
+    await a().signOut();
     return;
   }
-  if (!await s().isSignedIn())
+  if (!await a().isSignedIn())
     throw new Error("User not signed in");
-  await s().signOut();
-}, ae = async () => s().getToken(), ce = (e) => {
-  s().addAuthStateChangeCallback(e);
-}, ie = async (e) => t().useMock ? { signature: "0x0" } : o(e, s(), async ({ user: n, walletSecretId: r }) => ({
-  signature: (await M(t().projectId, n.userId, {
+  await a().signOut();
+  try {
+    const r = l();
+    if (r.secureStorage)
+      try {
+        await r.secureStorage.removeItem("cdp_refresh_token");
+      } catch (t) {
+        console.warn("Failed to clear stored refresh token:", t);
+      }
+  } catch {
+  }
+}, oe = async () => a().getToken(), ie = (e) => {
+  a().addAuthStateChangeCallback(e);
+}, ue = async (e) => n().useMock ? { signature: "0x0" } : o(e, a(), async ({ user: r, walletSecretId: t }) => ({
+  signature: (await U(n().projectId, r.userId, {
     hash: e.hash,
     address: e.evmAccount,
-    walletSecretId: r
+    walletSecretId: t
   })).signature
-})), oe = async (e) => t().useMock ? { signedTransaction: "0x0" } : o(e, s(), async ({ user: n, walletSecretId: r }) => {
-  const i = y(e.transaction);
+})), de = async (e) => n().useMock ? { signedTransaction: "0x0" } : o(e, a(), async ({ user: r, walletSecretId: t }) => {
+  const s = w(e.transaction);
   return {
     signedTransaction: (await T(
-      t().projectId,
-      n.userId,
+      n().projectId,
+      r.userId,
       {
-        transaction: i,
+        transaction: s,
         address: e.evmAccount,
-        walletSecretId: r
+        walletSecretId: t
       }
     )).signedTransaction
   };
-}), ue = async (e) => {
-  if (!D(e.network))
+}), ge = async (e) => n().useMock ? { signedTransaction: "mock-signed-transaction" } : o(e, a(), async ({ user: r, walletSecretId: t }) => ({
+  signedTransaction: (await M(
+    n().projectId,
+    r.userId,
+    {
+      transaction: e.transaction,
+      address: e.solanaAccount,
+      walletSecretId: t
+    }
+  )).signedTransaction
+})), me = async (e) => {
+  if (!_(e.network))
     throw new Error(`Chain ${e.network} is not supported by the CDP Apis`);
-  if (t().useMock)
+  if (n().useMock)
     return { transactionHash: "0x0" };
-  const n = y(e.transaction);
-  return o(e, s(), async ({ user: r, walletSecretId: i }) => ({
-    transactionHash: (await P(
-      t().projectId,
-      r.userId,
+  const r = w(e.transaction);
+  return o(e, a(), async ({ user: t, walletSecretId: s }) => ({
+    transactionHash: (await j(
+      n().projectId,
+      t.userId,
       {
-        transaction: n,
+        transaction: r,
         address: e.evmAccount,
-        walletSecretId: i,
+        walletSecretId: s,
         network: e.network
       }
     )).transactionHash
   }));
-}, de = async (e) => t().useMock ? { signature: "0x0" } : o(e, s(), async ({ user: n, walletSecretId: r }) => ({
-  signature: (await j(t().projectId, n.userId, {
+}, le = async (e) => n().useMock ? { transactionSignature: "mock-signature" } : o(e, a(), async ({ user: r, walletSecretId: t }) => ({
+  transactionSignature: (await P(
+    n().projectId,
+    r.userId,
+    {
+      transaction: e.transaction,
+      address: e.solanaAccount,
+      walletSecretId: t,
+      network: e.network
+    }
+  )).transactionSignature
+})), we = async (e) => n().useMock ? { signature: "0x0" } : o(e, a(), async ({ user: r, walletSecretId: t }) => ({
+  signature: (await O(n().projectId, r.userId, {
     message: e.message,
     address: e.evmAccount,
-    walletSecretId: r
+    walletSecretId: t
   })).signature
-})), me = async (e) => t().useMock ? { signature: "0x0" } : o(e, s(), async ({ user: n, walletSecretId: r }) => ({
-  signature: (await C(t().projectId, n.userId, {
+})), pe = async (e) => n().useMock ? { signature: "0x0" } : o(e, a(), async ({ user: r, walletSecretId: t }) => ({
+  signature: (await C(n().projectId, r.userId, {
     typedData: e.typedData,
     address: e.evmAccount,
-    walletSecretId: r
+    walletSecretId: t
   })).signature
-})), ge = async (e) => t().useMock ? {
+})), ye = async (e) => n().useMock ? {
   userOperationHash: "0x1234567890123456789012345678901234567890123456789012345678901234"
-} : o(e, s(), async ({ user: n, walletSecretId: r }) => ({
-  userOperationHash: (await O(
-    t().projectId,
-    n.userId,
+} : o(e, a(), async ({ user: r, walletSecretId: t }) => ({
+  userOperationHash: (await x(
+    n().projectId,
+    r.userId,
     e.evmSmartAccount,
     {
       network: e.network,
-      calls: e.calls.map((a) => ({
-        to: a.to,
-        value: String(a.value ?? 0n),
-        data: a.data ?? "0x"
+      calls: e.calls.map((c) => ({
+        to: c.to,
+        value: String(c.value ?? 0n),
+        data: c.data ?? "0x"
       })),
-      walletSecretId: r,
+      walletSecretId: t,
       useCdpPaymaster: e.useCdpPaymaster ?? !1,
       paymasterUrl: e.paymasterUrl
     }
   )).userOpHash
-})), pe = async (e) => t().useMock ? {
+})), fe = async (e) => n().useMock ? {
   userOpHash: e.userOperationHash,
   network: e.network,
   calls: [
@@ -135,122 +178,155 @@ const Y = async (e) => {
   status: "complete",
   transactionHash: "0x9876543210987654321098765432109876543210987654321098765432109876",
   receipts: []
-} : o(e, s(), async ({ user: n }) => await x(
-  t().projectId,
-  n.userId,
+} : o(e, a(), async ({ user: r }) => await W(
+  n().projectId,
+  r.userId,
   e.evmSmartAccount,
   e.userOperationHash
 )), he = async (e) => {
-  if (t().useMock)
+  if (n().useMock)
     return {
       privateKey: "mock-private-key"
     };
-  const n = K(), r = await n.createExportKeyPair();
-  return o(e, s(), async ({ user: i, walletSecretId: a }) => {
-    const c = await H(t().projectId, i.userId, {
+  const r = D(), t = await r.createExportKeyPair();
+  return o(e, a(), async ({ user: s, walletSecretId: c }) => {
+    const i = await H(n().projectId, s.userId, {
       address: e.evmAccount,
-      walletSecretId: a,
-      exportEncryptionKey: r.publicKeyBase64
+      walletSecretId: c,
+      exportEncryptionKey: t.publicKeyBase64
     });
     return {
-      privateKey: await n.decryptWithPrivateKey(
-        r.privateKey,
-        c.encryptedPrivateKey
+      privateKey: await r.decryptWithPrivateKey(
+        t.privateKey,
+        i.encryptedPrivateKey
       )
     };
   });
-}, l = async (e) => {
-  if (t().useMock)
+}, p = async (e) => {
+  if (n().useMock)
     return {
       message: "Mock sign in initiated",
       flowId: "mock-flow-id"
     };
-  if (await s().isSignedIn())
+  if (await a().isSignedIn())
     throw new Error("User is already authenticated. Please sign out first.");
-  const r = await S(t().projectId, e);
+  const t = await A(n().projectId, e);
   return {
-    flowId: r.flowId,
-    message: r.message
+    flowId: t.flowId,
+    message: t.message
   };
-}, f = async (e, n, r) => {
-  if (t().useMock)
-    return await s().setAuthState({
+}, y = async (e, r, t) => {
+  if (n().useMock)
+    return await a().setAuthState({
       accessToken: "mock-access-token",
       expiresAt: Date.now() + 1e3 * 60 * 60 * 24,
-      user: h
+      user: g
     }), {
-      message: n,
-      user: h,
+      message: r,
+      user: g,
       isNewUser: !1
     };
-  if (await s().isSignedIn())
+  if (await a().isSignedIn())
     throw new Error("User is already authenticated. Please sign out first.");
-  const a = await r(t().projectId, {
+  const c = await t(n().projectId, {
     flowId: e.flowId,
     otp: e.otp
-  });
-  let c = m(a.accessToken, a.validUntil, a.endUser);
-  if (await s().setAuthState(c), !c.user.evmAccounts || c.user.evmAccounts.length === 0)
+  }), i = u(
+    c.accessToken,
+    c.validUntil,
+    c.endUser
+  );
+  return await a().setAuthState(i), n().createAccountOnLogin === "solana" ? F({ authResponse: c, authState: i }) : z({ authResponse: c, authState: i });
+}, z = async ({
+  authResponse: e,
+  authState: r
+}) => {
+  if (!r.user.evmAccounts || r.user.evmAccounts.length === 0)
     try {
-      const u = await s().getWalletSecretId();
-      let d = await E(t().projectId, c.user.userId, {
-        walletSecretId: u
+      const s = await a().getWalletSecretId();
+      let c = await k(n().projectId, r.user.userId, {
+        walletSecretId: s
       });
-      if (t().createAccountOnLogin === "evm-smart") {
-        const [I] = d.evmAccounts;
-        d = await p(
-          t().projectId,
-          c.user.userId,
+      if (n().createAccountOnLogin === "evm-smart") {
+        const [i] = c.evmAccounts;
+        c = await d(
+          n().projectId,
+          r.user.userId,
           {
-            owner: I,
+            owner: i,
             enableSpendPermissions: !1
             // Defaulting to false until the feature is ready.
           }
         );
       }
-      c = m(a.accessToken, a.validUntil, d), await s().setAuthState(c);
-    } catch (u) {
-      throw new Error(`Failed to create EVM account: ${u}`);
+      r = u(e.accessToken, e.validUntil, c), await a().setAuthState(r);
+    } catch (s) {
+      throw new Error(`Failed to create EVM account: ${s}`);
     }
-  if (t().createAccountOnLogin === "evm-smart" && (!c.user.evmSmartAccounts || c.user.evmSmartAccounts.length === 0))
+  if (n().createAccountOnLogin === "evm-smart" && (!r.user.evmSmartAccounts || r.user.evmSmartAccounts.length === 0))
     try {
-      const [u] = c.user.evmAccounts, d = await p(
-        t().projectId,
-        c.user.userId,
+      const [s] = r.user.evmAccounts, c = await d(
+        n().projectId,
+        r.user.userId,
         {
-          owner: u,
+          owner: s,
           enableSpendPermissions: !1
           // Defaulting to false until the feature is ready.
         }
       );
-      c = m(a.accessToken, a.validUntil, d), await s().setAuthState(c);
-    } catch (u) {
-      throw new Error(`Failed to create EVM Smart Account: ${u}`);
+      r = u(e.accessToken, e.validUntil, c), await a().setAuthState(r);
+    } catch (s) {
+      throw new Error(`Failed to create EVM Smart Account: ${s}`);
     }
-  const g = await s().getUser();
+  const t = await a().getUser();
   return {
-    message: a.message,
-    user: g,
-    isNewUser: a.isNewEndUser
+    message: e.message,
+    user: t,
+    isNewUser: e.isNewEndUser
+  };
+}, F = async ({
+  authResponse: e,
+  authState: r
+}) => {
+  if (!r.user.solanaAccounts || r.user.solanaAccounts.length === 0)
+    try {
+      const s = await a().getWalletSecretId(), c = await v(
+        n().projectId,
+        r.user.userId,
+        {
+          walletSecretId: s
+        }
+      );
+      r = u(e.accessToken, e.validUntil, c), await a().setAuthState(r);
+    } catch (s) {
+      throw new Error(`Failed to create Solana account: ${s}`);
+    }
+  const t = await a().getUser();
+  return {
+    message: e.message,
+    user: t,
+    isNewUser: e.isNewEndUser
   };
 };
 export {
   he as exportEvmAccount,
-  ae as getAccessToken,
-  re as getCurrentUser,
-  pe as getUserOperation,
-  Y as initialize,
-  ne as isSignedIn,
-  ce as onAuthStateChange,
-  ue as sendEvmTransaction,
-  ge as sendUserOperation,
-  ie as signEvmHash,
-  de as signEvmMessage,
-  oe as signEvmTransaction,
-  me as signEvmTypedData,
-  Z as signInWithEmail,
-  _ as signInWithSms,
-  se as signOut,
-  ee as verifyEmailOTP,
-  te as verifySmsOTP
+  oe as getAccessToken,
+  se as getCurrentUser,
+  fe as getUserOperation,
+  R as initialize,
+  ae as isSignedIn,
+  ie as onAuthStateChange,
+  me as sendEvmTransaction,
+  le as sendSolanaTransaction,
+  ye as sendUserOperation,
+  ue as signEvmHash,
+  we as signEvmMessage,
+  de as signEvmTransaction,
+  pe as signEvmTypedData,
+  ee as signInWithEmail,
+  re as signInWithSms,
+  ce as signOut,
+  ge as signSolanaTransaction,
+  te as verifyEmailOTP,
+  ne as verifySmsOTP
 };

package/dist/esm/index.web6.js

@@ -1,23 +1,24 @@
 import { logOutEndUser as l, refreshAccessToken as c, registerTemporaryWalletSecret as o } from "@coinbase/cdp-api-client";
 import { SignJWT as u } from "./index.web19.js";
 import "viem";
-import { toAuthState as S } from "./index.web12.js";
+import { toAuthState as f } from "./index.web12.js";
 import { getPlatformCrypto as n } from "./index.web2.js";
-import { sortKeys as w } from "./index.web16.js";
-const h = 60 * 1e3;
-class A {
+import { sortKeys as S } from "./index.web16.js";
+const i = 60 * 1e3;
+class p {
   projectId;
   authState = null;
   walletSecret = null;
   authStateChangeCallbacks = [];
   initPromise = null;
+  refreshTimeout = null;
   /**
    * Initializes the token manager.
    *
    * @param projectId - The project ID.
    */
-  constructor(t) {
-    this.projectId = t, this.initPromise = this._doInitialize();
+  constructor(e) {
+    this.projectId = e, this.initPromise = this._doInitialize();
   }
   /**
    * Gets the current user, or null if there is no user signed in.
@@ -29,12 +30,20 @@ class A {
   }
   /**
    * Returns whether the user is signed in - i.e., whether there is an unexpired
-   * access token and user.
+   * access token and user. Attempts to refresh the token if it's expired.
    *
    * @returns True if the user is signed in, false otherwise.
    */
   async isSignedIn() {
-    return this.authState ? Promise.resolve(this.authState.expiresAt > Date.now()) : Promise.resolve(!1);
+    if (!this.authState)
+      return !1;
+    if (this.authState.expiresAt > Date.now() + i)
+      return !0;
+    try {
+      return await this.getToken() !== null;
+    } catch {
+      return !1;
+    }
   }
   /**
    * Signs out the user, clearing all authentication state.
@@ -52,8 +61,8 @@ class A {
    *
    * @param callback - The function to call when the auth state changes.
    */
-  addAuthStateChangeCallback(t) {
-    this.authStateChangeCallbacks.push(t), t(this.authState?.user ?? null);
+  addAuthStateChangeCallback(e) {
+    this.authStateChangeCallbacks.push(e), e(this.authState?.user ?? null);
   }
   /**
    * Gets the access token, refreshing it if it is expired. Returns null if the user is not
@@ -84,32 +93,32 @@ class A {
    * @param options.requestData - The data of the request.
    * @returns The X-Wallet-Auth header.
    */
-  async getXWalletAuth(t) {
+  async getXWalletAuth(e) {
     if (!await this.isSignedIn())
       throw new Error("Cannot get X-Wallet-Auth header if the user is not signed in");
     this.shouldRefreshWalletSecret() && await this.refreshWalletSecret();
-    const e = `${t.requestMethod} ${t.requestHost}${t.requestPath}`, a = Math.floor(Date.now() / 1e3), r = n(), s = {
-      uris: [e]
+    const t = `${e.requestMethod} ${e.requestHost}${e.requestPath}`, r = Math.floor(Date.now() / 1e3), s = n(), a = {
+      uris: [t]
     };
-    if (t.requestData && Object.keys(t.requestData).length > 0) {
-      const i = w(t.requestData);
-      s.reqHash = await r.hash(new TextEncoder().encode(JSON.stringify(i)));
+    if (e.requestData && Object.keys(e.requestData).length > 0) {
+      const h = S(e.requestData);
+      a.reqHash = await s.hash(new TextEncoder().encode(JSON.stringify(h)));
     }
-    return await new u(s).setProtectedHeader({ alg: "ES256", typ: "JWT" }).setIssuedAt(a).setNotBefore(a).setJti(r.generateRandomId()).sign(this.walletSecret.keyPair.privateKey);
+    return await new u(a).setProtectedHeader({ alg: "ES256", typ: "JWT" }).setIssuedAt(r).setNotBefore(r).setJti(s.generateRandomId()).sign(this.walletSecret.keyPair.privateKey);
   }
   /**
    * Sets the authentication state.
    *
    * @param authState - The authentication state.
    */
-  async setAuthState(t) {
-    this.authState = t, this.authStateChangeCallbacks.forEach((e) => e(this.authState?.user ?? null));
+  async setAuthState(e) {
+    this.authState = e, this.authStateChangeCallbacks.forEach((t) => t(this.authState?.user ?? null)), this.scheduleTokenRefresh();
   }
   /**
    * Clears the authentication state.
    */
   async clearAuthState() {
-    this.authState = null, this.walletSecret = null, this.authStateChangeCallbacks.forEach((t) => t(null));
+    this.authState = null, this.walletSecret = null, this.cancelTokenRefresh(), this.authStateChangeCallbacks.forEach((e) => e(null));
   }
   /**
    * Ensures the AuthManager is initialized before proceeding.
@@ -128,8 +137,8 @@ class A {
   async _doInitialize() {
     try {
       await this.refreshAccessToken();
-    } catch (t) {
-      console.warn("Failed to refresh access token during initialization:", t);
+    } catch (e) {
+      console.warn("Failed to refresh access token during initialization:", e);
     }
   }
   /**
@@ -138,7 +147,7 @@ class A {
    * @returns True if the token should be refreshed, false otherwise.
    */
   shouldRefreshToken() {
-    return !(this.authState && this.authState.expiresAt > Date.now() + h);
+    return !(this.authState && this.authState.expiresAt > Date.now() + i);
   }
   /**
    * Refreshes the access token and transitions the auth state accordingly.
@@ -148,14 +157,14 @@ class A {
    */
   async refreshAccessToken() {
     try {
-      const t = await c(this.projectId, {
+      const e = await c(this.projectId, {
         grantType: "refresh_token"
-      }), e = S(
-        t.accessToken,
-        t.validUntil,
-        t.endUser
+      }), t = f(
+        e.accessToken,
+        e.validUntil,
+        e.endUser
       );
-      await this.setAuthState(e);
+      await this.setAuthState(t);
     } catch {
       await this.signOut();
     }
@@ -166,7 +175,7 @@ class A {
    * @returns True if the wallet secret should be refreshed, false otherwise.
    */
   shouldRefreshWalletSecret() {
-    return !(this.walletSecret && this.walletSecret.expiresAt > Date.now() + h);
+    return !(this.walletSecret && this.walletSecret.expiresAt > Date.now() + i);
   }
   /**
    * Refreshes the wallet secret. Assumes the user is signed in.
@@ -174,19 +183,37 @@ class A {
    * @returns The wallet secret.
    */
   async refreshWalletSecret() {
-    const t = n(), e = this.walletSecret?.walletSecretId ?? t.generateRandomId(), a = this.walletSecret?.keyPair ?? await t.createKeyPair(), r = this.authState.expiresAt, s = new Date(r).toISOString();
-    this.walletSecret = { walletSecretId: e, keyPair: a, expiresAt: r };
+    const e = n(), t = this.walletSecret?.walletSecretId ?? e.generateRandomId(), r = this.walletSecret?.keyPair ?? await e.createKeyPair(), s = this.authState.expiresAt, a = new Date(s).toISOString();
+    this.walletSecret = { walletSecretId: t, keyPair: r, expiresAt: s };
     try {
       await o(this.projectId, this.authState.user.userId, {
-        walletSecretId: e,
-        publicKey: a.publicKeyBase64,
-        validUntil: s
+        walletSecretId: t,
+        publicKey: r.publicKeyBase64,
+        validUntil: a
       });
-    } catch (i) {
-      throw this.walletSecret = null, i;
+    } catch (h) {
+      throw this.walletSecret = null, h;
     }
   }
+  /**
+   * Schedules a token refresh to occur exactly when shouldRefreshToken() would return true.
+   * Uses the same REFRESH_CREDENTIALS_BUFFER_MS timing as the rest of the auth system.
+   */
+  scheduleTokenRefresh() {
+    if (this.cancelTokenRefresh(), !this.authState)
+      return;
+    const t = this.authState.expiresAt - i - Date.now();
+    t <= 0 || (this.refreshTimeout = setTimeout(async () => {
+      await this.refreshAccessToken(), this.scheduleTokenRefresh();
+    }, t));
+  }
+  /**
+   * Cancels any scheduled token refresh.
+   */
+  cancelTokenRefresh() {
+    this.refreshTimeout && (clearTimeout(this.refreshTimeout), this.refreshTimeout = null);
+  }
 }
 export {
-  A as AuthManager
+  p as AuthManager
 };