@dynamic-labs-sdk/client 1.13.0 → 1.15.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (93) hide show
  1. package/dist/{InvalidParamError-C7c-OLz1.cjs → InvalidParamError-BPY2yug_.cjs} +842 -852
  2. package/dist/InvalidParamError-BPY2yug_.cjs.map +1 -0
  3. package/dist/{InvalidParamError-BeCPhfVz.esm.js → InvalidParamError-CXCYtY0p.esm.js} +1236 -1246
  4. package/dist/InvalidParamError-CXCYtY0p.esm.js.map +1 -0
  5. package/dist/{InvalidParamError-CGiSxym5.native.esm.js → InvalidParamError-DSXDW6g4.native.esm.js} +1059 -1069
  6. package/dist/InvalidParamError-DSXDW6g4.native.esm.js.map +1 -0
  7. package/dist/core.cjs +6 -6
  8. package/dist/core.esm.js +6 -6
  9. package/dist/core.native.esm.js +7 -7
  10. package/dist/{getNetworkProviderFromNetworkId-D8cpx0xz.cjs → getNetworkProviderFromNetworkId-DCwFIoM3.cjs} +4 -4
  11. package/dist/{getNetworkProviderFromNetworkId-D8cpx0xz.cjs.map → getNetworkProviderFromNetworkId-DCwFIoM3.cjs.map} +1 -1
  12. package/dist/{getNetworkProviderFromNetworkId-CP9gl1B1.esm.js → getNetworkProviderFromNetworkId-_pvqm2fB.esm.js} +3 -3
  13. package/dist/{getNetworkProviderFromNetworkId-CP9gl1B1.esm.js.map → getNetworkProviderFromNetworkId-_pvqm2fB.esm.js.map} +1 -1
  14. package/dist/{getNetworkProviderFromNetworkId-Be_UK4_7.native.esm.js → getNetworkProviderFromNetworkId-b-H_ta9Q.native.esm.js} +5 -5
  15. package/dist/{getNetworkProviderFromNetworkId-Be_UK4_7.native.esm.js.map → getNetworkProviderFromNetworkId-b-H_ta9Q.native.esm.js.map} +1 -1
  16. package/dist/{getSignedSessionId-D9w3Wbhk.native.esm.js → getSignedSessionId-Co8y0azF.native.esm.js} +3 -3
  17. package/dist/{getSignedSessionId-D9w3Wbhk.native.esm.js.map → getSignedSessionId-Co8y0azF.native.esm.js.map} +1 -1
  18. package/dist/{getSignedSessionId-Bq7xBsA3.esm.js → getSignedSessionId-D7Q9q-oy.esm.js} +3 -3
  19. package/dist/{getSignedSessionId-Bq7xBsA3.esm.js.map → getSignedSessionId-D7Q9q-oy.esm.js.map} +1 -1
  20. package/dist/{getSignedSessionId-BeK0vWep.cjs → getSignedSessionId-NZR0A-EZ.cjs} +3 -3
  21. package/dist/{getSignedSessionId-BeK0vWep.cjs.map → getSignedSessionId-NZR0A-EZ.cjs.map} +1 -1
  22. package/dist/{getWaasWalletProviderFromWalletAccount-CfqTF_82.cjs → getWaasWalletProviderFromWalletAccount-CUgNeKaa.cjs} +3 -3
  23. package/dist/{getWaasWalletProviderFromWalletAccount-CfqTF_82.cjs.map → getWaasWalletProviderFromWalletAccount-CUgNeKaa.cjs.map} +1 -1
  24. package/dist/{getWaasWalletProviderFromWalletAccount-BzpLoZTm.native.esm.js → getWaasWalletProviderFromWalletAccount-DLq_TjmC.native.esm.js} +3 -3
  25. package/dist/{getWaasWalletProviderFromWalletAccount-BzpLoZTm.native.esm.js.map → getWaasWalletProviderFromWalletAccount-DLq_TjmC.native.esm.js.map} +1 -1
  26. package/dist/{getWaasWalletProviderFromWalletAccount-BKHO68FO.esm.js → getWaasWalletProviderFromWalletAccount-DNBPKg4j.esm.js} +3 -3
  27. package/dist/{getWaasWalletProviderFromWalletAccount-BKHO68FO.esm.js.map → getWaasWalletProviderFromWalletAccount-DNBPKg4j.esm.js.map} +1 -1
  28. package/dist/{getWalletProviderByKey-BMzoL_69.esm.js → getWalletProviderByKey-C4KTyeYY.esm.js} +2 -2
  29. package/dist/{getWalletProviderByKey-BMzoL_69.esm.js.map → getWalletProviderByKey-C4KTyeYY.esm.js.map} +1 -1
  30. package/dist/{getWalletProviderByKey-DCKYAida.cjs → getWalletProviderByKey-DZrpcmPE.cjs} +3 -3
  31. package/dist/{getWalletProviderByKey-DCKYAida.cjs.map → getWalletProviderByKey-DZrpcmPE.cjs.map} +1 -1
  32. package/dist/{getWalletProviderByKey-DDDxBsdv.native.esm.js → getWalletProviderByKey-Dk_K8Lg8.native.esm.js} +2 -2
  33. package/dist/{getWalletProviderByKey-DDDxBsdv.native.esm.js.map → getWalletProviderByKey-Dk_K8Lg8.native.esm.js.map} +1 -1
  34. package/dist/index.cjs +53 -14
  35. package/dist/index.cjs.map +1 -1
  36. package/dist/index.esm.js +53 -14
  37. package/dist/index.esm.js.map +1 -1
  38. package/dist/index.native.esm.js +53 -14
  39. package/dist/index.native.esm.js.map +1 -1
  40. package/dist/{isDynamicWaasEnabled-BMQq5uNX.esm.js → isDynamicWaasEnabled-C9aVoXek.esm.js} +2 -2
  41. package/dist/{isDynamicWaasEnabled-BMQq5uNX.esm.js.map → isDynamicWaasEnabled-C9aVoXek.esm.js.map} +1 -1
  42. package/dist/{isDynamicWaasEnabled-ChdeBFbN.native.esm.js → isDynamicWaasEnabled-DNtxO0Bc.native.esm.js} +2 -2
  43. package/dist/{isDynamicWaasEnabled-ChdeBFbN.native.esm.js.map → isDynamicWaasEnabled-DNtxO0Bc.native.esm.js.map} +1 -1
  44. package/dist/{isDynamicWaasEnabled-BtbzDbdz.cjs → isDynamicWaasEnabled-DQ1mtWZv.cjs} +3 -3
  45. package/dist/{isDynamicWaasEnabled-BtbzDbdz.cjs.map → isDynamicWaasEnabled-DQ1mtWZv.cjs.map} +1 -1
  46. package/dist/{isMfaRequiredForAction-dAtK8Pl6.native.esm.js → isMfaRequiredForAction-BXnpnD2X.native.esm.js} +2 -2
  47. package/dist/{isMfaRequiredForAction-dAtK8Pl6.native.esm.js.map → isMfaRequiredForAction-BXnpnD2X.native.esm.js.map} +1 -1
  48. package/dist/{isMfaRequiredForAction-Diwsf9GB.esm.js → isMfaRequiredForAction-BhLg6M8J.esm.js} +2 -2
  49. package/dist/{isMfaRequiredForAction-Diwsf9GB.esm.js.map → isMfaRequiredForAction-BhLg6M8J.esm.js.map} +1 -1
  50. package/dist/{isMfaRequiredForAction-CgWBU6kM.cjs → isMfaRequiredForAction-DsOwHl4C.cjs} +2 -2
  51. package/dist/{isMfaRequiredForAction-CgWBU6kM.cjs.map → isMfaRequiredForAction-DsOwHl4C.cjs.map} +1 -1
  52. package/dist/{isUserOnboardingComplete-DO2_gSAp.native.esm.js → isUserOnboardingComplete-BRfyMejK.native.esm.js} +3 -3
  53. package/dist/{isUserOnboardingComplete-DO2_gSAp.native.esm.js.map → isUserOnboardingComplete-BRfyMejK.native.esm.js.map} +1 -1
  54. package/dist/{isUserOnboardingComplete-OP4uyUlE.cjs → isUserOnboardingComplete-DrgtJIFi.cjs} +4 -4
  55. package/dist/{isUserOnboardingComplete-OP4uyUlE.cjs.map → isUserOnboardingComplete-DrgtJIFi.cjs.map} +1 -1
  56. package/dist/{isUserOnboardingComplete-D4Y3sdr3.esm.js → isUserOnboardingComplete-KFfpvN4R.esm.js} +3 -3
  57. package/dist/{isUserOnboardingComplete-D4Y3sdr3.esm.js.map → isUserOnboardingComplete-KFfpvN4R.esm.js.map} +1 -1
  58. package/dist/modules/auth/getElevatedAccessToken/getElevatedAccessToken.d.ts +1 -2
  59. package/dist/modules/auth/getElevatedAccessToken/getElevatedAccessToken.d.ts.map +1 -1
  60. package/dist/modules/flow/attachFlowSource/attachFlowSource.d.ts +12 -1
  61. package/dist/modules/flow/attachFlowSource/attachFlowSource.d.ts.map +1 -1
  62. package/dist/modules/funding/moonpay/getMoonPayUrl/getMoonPayUrl.d.ts +4 -0
  63. package/dist/modules/funding/moonpay/getMoonPayUrl/getMoonPayUrl.d.ts.map +1 -1
  64. package/dist/modules/mfa/registerTotpMfaDevice/registerTotpMfaDevice.d.ts +4 -1
  65. package/dist/modules/mfa/registerTotpMfaDevice/registerTotpMfaDevice.d.ts.map +1 -1
  66. package/dist/modules/wallets/verifyWalletAccountForSignInOrTransfer/verifyWalletAccountForSignInOrTransfer.d.ts.map +1 -1
  67. package/dist/modules/wallets/walletProvider/walletProvider.types.d.ts +8 -0
  68. package/dist/modules/wallets/walletProvider/walletProvider.types.d.ts.map +1 -1
  69. package/dist/{refreshAuth-BTPctQtq.esm.js → refreshAuth-BnkCuIdw.esm.js} +3 -3
  70. package/dist/{refreshAuth-BTPctQtq.esm.js.map → refreshAuth-BnkCuIdw.esm.js.map} +1 -1
  71. package/dist/{refreshAuth-C3issn5b.native.esm.js → refreshAuth-CfUYFXh_.native.esm.js} +3 -3
  72. package/dist/{refreshAuth-C3issn5b.native.esm.js.map → refreshAuth-CfUYFXh_.native.esm.js.map} +1 -1
  73. package/dist/{refreshAuth-ByIVzawo.cjs → refreshAuth-DvHy0g8j.cjs} +3 -3
  74. package/dist/{refreshAuth-ByIVzawo.cjs.map → refreshAuth-DvHy0g8j.cjs.map} +1 -1
  75. package/dist/services/instrumentation/constants.d.ts.map +1 -1
  76. package/dist/tsconfig.lib.tsbuildinfo +1 -1
  77. package/dist/utils/retryOnFetchError/index.d.ts +2 -0
  78. package/dist/utils/retryOnFetchError/index.d.ts.map +1 -0
  79. package/dist/utils/retryOnFetchError/retryOnFetchError.d.ts +36 -0
  80. package/dist/utils/retryOnFetchError/retryOnFetchError.d.ts.map +1 -0
  81. package/dist/waas.cjs +6 -6
  82. package/dist/waas.esm.js +5 -5
  83. package/dist/waas.native.esm.js +5 -5
  84. package/dist/waasCore.cjs +10 -10
  85. package/dist/waasCore.cjs.map +1 -1
  86. package/dist/waasCore.esm.js +10 -10
  87. package/dist/waasCore.esm.js.map +1 -1
  88. package/dist/waasCore.native.esm.js +11 -11
  89. package/dist/waasCore.native.esm.js.map +1 -1
  90. package/package.json +2 -2
  91. package/dist/InvalidParamError-BeCPhfVz.esm.js.map +0 -1
  92. package/dist/InvalidParamError-C7c-OLz1.cjs.map +0 -1
  93. package/dist/InvalidParamError-CGiSxym5.native.esm.js.map +0 -1
@@ -1,9 +1,9 @@
1
- const require_isMfaRequiredForAction = require('./isMfaRequiredForAction-CgWBU6kM.cjs');
1
+ const require_isMfaRequiredForAction = require('./isMfaRequiredForAction-DsOwHl4C.cjs');
2
2
  let _dynamic_labs_sdk_api_core = require("@dynamic-labs/sdk-api-core");
3
3
 
4
4
  //#region package.json
5
5
  var name = "@dynamic-labs-sdk/client";
6
- var version = "1.13.0";
6
+ var version = "1.15.0";
7
7
  var dependencies = {
8
8
  "@dynamic-labs-sdk/assert-package-version": "workspace:*",
9
9
  "@dynamic-labs-wallet/browser-wallet-client": "1.0.39",
@@ -152,757 +152,304 @@ const randomString = ({ chars = DEFAULT_CHARS, length }) => {
152
152
  };
153
153
 
154
154
  //#endregion
155
- //#region src/modules/auth/extractSessionId/extractSessionId.ts
155
+ //#region src/modules/auth/getElevatedAccessToken/getElevatedAccessToken.ts
156
156
  /**
157
- * Extracts the session ID (`sid` claim) from a JWT token string.
157
+ * Gets an elevated access token by scope.
158
158
  *
159
- * Decodes the base64url-encoded payload segment of the token and reads the
160
- * `sid` field. This is used to correlate instrumentation events with the
161
- * authenticated session, without ever forwarding the full token.
159
+ * This function retrieves an elevated access token that contains the specified scope.
160
+ * Expired tokens are automatically filtered out.
162
161
  *
163
- * Returns `null` when no token is present, when the token is malformed, or
164
- * when the payload does not contain a `sid` claim.
162
+ * By default, if the token has `singleUse: true`, it will be automatically
163
+ * consumed (removed from state) after retrieval. Pass `consume: false` to
164
+ * check for token existence without consuming it.
165
+ *
166
+ * @param params - The parameters object.
167
+ * @param params.scope - The scope to match (e.g., 'wallet:export').
168
+ * @param params.consume - Whether to consume single-use tokens (default: true).
169
+ * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.
170
+ * @returns The elevated access token if found and not expired, or undefined if not found or expired.
171
+ *
172
+ * @example
173
+ * ```typescript
174
+ * // Retrieve and consume (default)
175
+ * const token = getElevatedAccessToken({ scope: 'wallet:export' });
176
+ *
177
+ * // Check existence without consuming
178
+ * const token = getElevatedAccessToken({ scope: 'credential:unlink', consume: false });
179
+ * ```
165
180
  * @notInstrumented
166
181
  */
167
- const extractSessionId = (token) => {
168
- try {
169
- const payload = token.split(".")[1];
170
- return JSON.parse(atob(payload)).sid ?? null;
171
- } catch {
172
- return null;
182
+ const getElevatedAccessToken = ({ consume = true, scope }, client = getDefaultClient()) => {
183
+ const core = getCore(client);
184
+ const now = /* @__PURE__ */ new Date();
185
+ const elevatedAccessTokens = core.state.get().elevatedAccessTokens || [];
186
+ const validTokens = elevatedAccessTokens.filter((token$1) => !token$1.expiresAt || token$1.expiresAt > now);
187
+ if (validTokens.length !== elevatedAccessTokens.length) core.state.set({ elevatedAccessTokens: validTokens });
188
+ const token = validTokens.find((token$1) => token$1.scopes.includes(scope));
189
+ if (!token) return;
190
+ if (consume && token.singleUse) {
191
+ const updatedTokens = validTokens.filter((t) => t !== token);
192
+ core.state.set({ elevatedAccessTokens: updatedTokens });
173
193
  }
194
+ return token.token;
174
195
  };
175
196
 
176
197
  //#endregion
177
- //#region src/utils/getOperatingSystem/getOperatingSystem.ts
178
- /**
179
- * Detects the operating system from `navigator.userAgent` for web environments.
180
- *
181
- * The React Native bundler (Metro) resolves `getOperatingSystem.native.ts`
182
- * instead when building for React Native, which uses `Platform.OS` directly.
183
- *
184
- * Falls back to `'unknown'` when `navigator` is unavailable (SSR, service
185
- * workers) or when the user-agent string doesn't match a known OS pattern.
186
- * @notInstrumented
187
- */
188
- const getOperatingSystem = () => {
189
- try {
190
- const ua = navigator.userAgent;
191
- if (/iPhone|iPad|iPod/.test(ua)) return "ios";
192
- if (/Android/.test(ua)) return "android";
193
- if (/Windows/.test(ua)) return "windows";
194
- if (/Macintosh|Mac OS X/.test(ua)) return "macos";
195
- if (/Linux/.test(ua)) return "linux";
196
- return "unknown";
197
- } catch {
198
- return "unknown";
198
+ //#region src/errors/ValueMustBeDefinedError.ts
199
+ var ValueMustBeDefinedError = class extends BaseError {
200
+ constructor(message) {
201
+ super({
202
+ cause: null,
203
+ code: "value_must_be_defined_error",
204
+ docsUrl: null,
205
+ name: "ValueMustBeDefined",
206
+ shortMessage: message
207
+ });
199
208
  }
200
209
  };
201
210
 
202
211
  //#endregion
203
- //#region src/utils/getPlatform/getPlatform.ts
212
+ //#region src/utils/assertDefined/assertDefined.ts
204
213
  /**
205
- * Returns the platform the SDK is running on.
214
+ * Asserts that a value is not null or undefined, throwing an error if it is.
215
+ * This function acts as a type guard, narrowing the type to exclude null and undefined.
206
216
  *
207
- * This is the web implementation the React Native bundler resolves
208
- * `getPlatform.native.ts` instead when building for React Native, which
209
- * returns `'react-native'`.
210
- * @notInstrumented
217
+ * @template T - The type of the value being checked
218
+ * @param value - The value to check for null or undefined
219
+ * @param message - The error message to throw if the value is null or undefined
220
+ * @throws Throws an error with the provided message if value is null or undefined
221
+ * @example
222
+ * ```typescript
223
+ * const maybeString: string | null = getValue();
224
+ * assertDefined(maybeString, 'String value is required');
225
+ * // maybeString is now typed as string (null is excluded)
226
+ * ```
211
227
  */
212
- const getPlatform = () => "web";
228
+ function assertDefined(value, message) {
229
+ if (value === null || value === void 0) throw new ValueMustBeDefinedError(message);
230
+ }
213
231
 
214
232
  //#endregion
215
- //#region src/utils/getUserAgent/getUserAgent.ts
233
+ //#region src/modules/projectSettings/isCookieEnabled/isCookieEnabled.ts
216
234
  /**
217
- * Returns the browser's `navigator.userAgent` string for inclusion in
218
- * instrumentation events.
219
- *
220
- * Falls back to an empty string in environments where `navigator` is not
221
- * available (e.g., Node.js SSR, service workers) so that callers never need
222
- * to guard against undefined.
235
+ * Returns true if the client is using Dynamic cookies or a BYO JWT cookie.
223
236
  * @notInstrumented
224
237
  */
225
- const getUserAgent = () => {
226
- try {
227
- return navigator.userAgent;
228
- } catch {
229
- return "";
230
- }
238
+ const isCookieEnabled = (client) => {
239
+ assertDefined(client.projectSettings, "Project settings are not defined");
240
+ const securitySettings = client.projectSettings.security;
241
+ if (!securitySettings) return false;
242
+ const dynamicCookiesEnabled = (securitySettings.auth?.storage || []).includes(_dynamic_labs_sdk_api_core.AuthStorageEnum.Cookie);
243
+ const byoJwtCookieEnabled = Boolean(securitySettings.externalAuth?.cookieName);
244
+ return dynamicCookiesEnabled || byoJwtCookieEnabled;
231
245
  };
232
246
 
233
247
  //#endregion
234
- //#region src/services/instrumentation/constants.ts
235
- /**
236
- * Default key-based PII scrubber list, lowercased and matched against the
237
- * lowercased object key.
238
- *
239
- * Two complementary mechanisms cover credential leakage:
240
- *
241
- * 1. Explicit keys listed here — matched exactly (case-insensitive). Use this
242
- * for keys that don't end in a generic credential suffix (e.g. `mnemonic`,
243
- * `seed`, `verificationCode`, `keyShare`).
244
- * 2. Suffix matching in {@link scrubParameters} for the credential suffixes
245
- * enumerated by {@link PII_KEY_SUFFIXES} — catches any field whose name
246
- * ends in `token` or `jwt` (e.g. `mfaToken`, `minifiedJwt`, `accessToken`,
247
- * `idToken`, `captchaToken`, …) without needing to enumerate them here.
248
- */
249
- const DEFAULT_PII_FIELDS = [
250
- "password",
251
- "token",
252
- "secret",
253
- "privateKey",
254
- "privateJwk",
255
- "mnemonic",
256
- "seed",
257
- "keyShare",
258
- "keyShares",
259
- "email",
260
- "phone",
261
- "ssn",
262
- "address",
263
- "authorization",
264
- "verificationCode",
265
- "recoveryCodes",
266
- "codeVerifier",
267
- "pkce",
268
- "bearer",
269
- "apiKey"
270
- ];
271
- /**
272
- * Lowercased suffixes used by {@link scrubParameters} to match credential-like
273
- * keys without enumerating every variant (e.g. `mfaToken`, `accessToken`,
274
- * `refreshToken`, `legacyToken`, `minifiedJwt`). Only suffixes that are
275
- * unambiguously credentials belong here — `key` (matches `publicKey`) and
276
- * `code` (matches `countryCode`) are too broad and must not be added.
277
- */
278
- const PII_KEY_SUFFIXES = ["token", "jwt"];
279
- const REDACTED_VALUE = "[REDACTED]";
280
- const MAX_STRING_LENGTH = 500;
281
- const TRUNCATED_SUFFIX = "...[truncated]";
282
- /**
283
- * Label prefix for binary data placeholders. The full placeholder includes the
284
- * byte length, e.g. `[Binary:16 bytes]`, so consumers can gauge data size
285
- * without the actual bytes appearing in logs.
286
- */
287
- const BINARY_LABEL = "Binary";
288
- /**
289
- * Placeholder emitted when a circular reference is detected in the value tree.
290
- * Using a named constant makes it easy to search for or filter in downstream
291
- * log tooling.
292
- */
293
- const CIRCULAR_VALUE = "[Circular]";
248
+ //#region src/modules/sessionKeys/getSessionKeys/getSessionKeys.ts
249
+ /** @notInstrumented */
250
+ const getSessionKeys = (client) => {
251
+ const publicKey = getCore(client).state.get().sessionKeys;
252
+ if (!publicKey) return;
253
+ return { publicKey };
254
+ };
294
255
 
295
256
  //#endregion
296
- //#region src/services/instrumentation/scrubParameters/scrubParameters.ts
297
- /**
298
- * Returns true when `key` should be redacted based on the configured PII
299
- * field list. A key matches when its lowercased form either equals one of
300
- * `piiFieldsLower` exactly, or ends in one of the curated credential
301
- * suffixes in {@link PII_KEY_SUFFIXES} (currently `token` and `jwt`). The
302
- * suffix check is what catches `mfaToken`, `minifiedJwt`, `accessToken`,
303
- * etc. without needing every variant enumerated explicitly.
304
- */
305
- const keyMatchesPiiField = ({ keyLower, piiFieldsLower }) => {
306
- if (piiFieldsLower.includes(keyLower)) return true;
307
- return PII_KEY_SUFFIXES.some((suffix) => keyLower.endsWith(suffix));
257
+ //#region src/errors/APIError/APIError.ts
258
+ var APIError = class APIError extends BaseError {
259
+ status;
260
+ constructor(message, code, status) {
261
+ super({
262
+ cause: null,
263
+ code,
264
+ docsUrl: null,
265
+ name: "APIError",
266
+ shortMessage: message
267
+ });
268
+ this.status = status;
269
+ }
270
+ static async fromResponse(response) {
271
+ try {
272
+ const errorBody = await response.clone().json();
273
+ if (errorBody && "error" in errorBody && typeof errorBody.error === "string") {
274
+ const errorCode = "code" in errorBody && typeof errorBody.code === "string" ? errorBody.code : "unknown_error";
275
+ return new APIError(errorBody.error, errorCode, response.status);
276
+ }
277
+ return null;
278
+ } catch {
279
+ return null;
280
+ }
281
+ }
308
282
  };
309
- const scrubString = ({ key, piiFieldsLower, redactAll, value }) => {
310
- if (keyMatchesPiiField({
311
- keyLower: key.toLowerCase(),
312
- piiFieldsLower
313
- })) return REDACTED_VALUE;
314
- if (redactAll) return REDACTED_VALUE;
315
- if (value.length > MAX_STRING_LENGTH) return value.slice(0, MAX_STRING_LENGTH) + TRUNCATED_SUFFIX;
316
- return value;
283
+
284
+ //#endregion
285
+ //#region src/errors/InvalidExternalAuthError.ts
286
+ var InvalidExternalAuthError = class extends BaseError {
287
+ constructor({ cause }) {
288
+ super({
289
+ cause,
290
+ code: "invalid_external_auth_error",
291
+ docsUrl: "https://www.dynamic.xyz/docs/external-auth/third-party-auth-overview",
292
+ name: "InvalidExternalAuthError",
293
+ shortMessage: "Error authenticating with external JWT"
294
+ });
295
+ }
317
296
  };
318
- const scrubArray = ({ context, value }) => {
319
- if (context.visited.has(value)) return [CIRCULAR_VALUE];
320
- context.visited.add(value);
321
- const result = value.map((item, index) => scrubValue({
322
- context,
323
- key: String(index),
324
- value: item
325
- }));
326
- context.visited.delete(value);
327
- return result;
328
- };
329
- const scrubObject = ({ context, value }) => {
330
- if (context.visited.has(value)) return { [CIRCULAR_VALUE]: true };
331
- context.visited.add(value);
332
- const result = Object.create(null);
333
- for (const key of Object.keys(value)) result[key] = scrubValue({
334
- context,
335
- key,
336
- value: value[key]
337
- });
338
- context.visited.delete(value);
339
- return result;
297
+
298
+ //#endregion
299
+ //#region src/errors/LinkCredentialError.ts
300
+ var LinkCredentialError = class extends BaseError {
301
+ constructor({ cause }) {
302
+ super({
303
+ cause,
304
+ code: "link_credential_error",
305
+ docsUrl: null,
306
+ name: "LinkCredentialError",
307
+ shortMessage: "The credential you are trying to link is associated with another account and cannot be reassigned."
308
+ });
309
+ }
340
310
  };
341
- const scrubValue = ({ context, key, value }) => {
342
- if (value === null || value === void 0) return value;
343
- if (value instanceof Uint8Array) return `[${BINARY_LABEL}:${value.byteLength} bytes]`;
344
- if (keyMatchesPiiField({
345
- keyLower: key.toLowerCase(),
346
- piiFieldsLower: context.piiFieldsLower
347
- })) return REDACTED_VALUE;
348
- if (typeof value === "string") return scrubString({
349
- key,
350
- piiFieldsLower: context.piiFieldsLower,
351
- redactAll: context.redactAll,
352
- value
353
- });
354
- if (Array.isArray(value)) return scrubArray({
355
- context,
356
- value
357
- });
358
- if (value instanceof Set) {
359
- if (context.visited.has(value)) return [CIRCULAR_VALUE];
360
- context.visited.add(value);
361
- const setResult = scrubArray({
362
- context,
363
- value: [...value]
311
+
312
+ //#endregion
313
+ //#region src/errors/MfaInvalidOtpError.ts
314
+ var MfaInvalidOtpError = class extends BaseError {
315
+ constructor({ cause }) {
316
+ super({
317
+ cause,
318
+ code: "mfa_invalid_otp_error",
319
+ docsUrl: null,
320
+ name: "MfaInvalidOtpError",
321
+ shortMessage: "Invalid OTP"
364
322
  });
365
- context.visited.delete(value);
366
- return setResult;
367
323
  }
368
- if (value instanceof Map) {
369
- if (context.visited.has(value)) return { [CIRCULAR_VALUE]: true };
370
- context.visited.add(value);
371
- const asObject = Object.create(null);
372
- for (const [k, v] of value.entries()) asObject[String(k)] = v;
373
- const mapResult = scrubObject({
374
- context,
375
- value: asObject
324
+ };
325
+
326
+ //#endregion
327
+ //#region src/errors/MfaRateLimitedError.ts
328
+ var MfaRateLimitedError = class extends BaseError {
329
+ constructor({ cause }) {
330
+ super({
331
+ cause,
332
+ code: "mfa_rate_limited_error",
333
+ docsUrl: null,
334
+ name: "MfaRateLimitedError",
335
+ shortMessage: "Rate limited"
376
336
  });
377
- context.visited.delete(value);
378
- return mapResult;
379
337
  }
380
- if (value instanceof WeakMap) return "[WeakMap]";
381
- if (value instanceof WeakSet) return "[WeakSet]";
382
- if (value instanceof Date) return value.toISOString();
383
- if (value instanceof Error) return `[Error: ${value.message}]`;
384
- if (typeof value === "object") return scrubObject({
385
- context,
386
- value
387
- });
388
- return value;
389
338
  };
390
- /** @notInstrumented */
391
- const scrubParameters = ({ piiFields, redactAll, value }) => {
392
- return scrubObject({
393
- context: {
394
- piiFieldsLower: piiFields.map((field) => field.toLowerCase()),
395
- redactAll,
396
- visited: /* @__PURE__ */ new WeakSet()
397
- },
398
- value
399
- });
339
+
340
+ //#endregion
341
+ //#region src/errors/SandboxMaximumThresholdReachedError.ts
342
+ var SandboxMaximumThresholdReachedError = class extends BaseError {
343
+ constructor({ cause }) {
344
+ super({
345
+ cause,
346
+ code: "sandbox_maximum_threshold_reached_error",
347
+ docsUrl: "https://www.dynamic.xyz/docs/developer-dashboard/sandbox-vs-live#sandbox-vs-live",
348
+ name: "SandboxMaximumThresholdReachedError",
349
+ shortMessage: "Your sandbox environment has reached the maximum MAU. Please use a live environment for production traffic."
350
+ });
351
+ }
400
352
  };
401
353
 
402
354
  //#endregion
403
- //#region src/services/instrumentation/instrumentFunction/extractParams/extractParams.ts
355
+ //#region src/modules/apiClient/utils/clientErrorMapper/clientErrorMapper.ts
404
356
  /**
405
- * Normalises the raw positional arguments of an instrumented function call
406
- * into a flat `Record<string, unknown>` suitable for structured logging.
407
- *
408
- * ## Why this is needed
357
+ * Default error mapper for the client that handles common API error codes.
409
358
  *
410
- * Instrumented functions are wrapped with `(...args: unknown[])`, so their
411
- * parameters arrive as an array. Logging a raw array loses the semantic names
412
- * of each argument. This function recovers a named representation:
359
+ * This mapper transforms specific API error codes into more specific error types:
360
+ * - `mfa_invalid_code` `MfaInvalidOtpError`
361
+ * - `mfa_rate_limited` `MfaRateLimitedError`
413
362
  *
414
- * - **No arguments** `{}`
415
- * - **Single plain-object argument** that object is returned as-is, because
416
- * SDK functions follow the single-object-parameter convention, so the object
417
- * already carries named keys (`{ amount, to }`, etc.).
418
- * - **Everything else** (multiple args, a single primitive, a single array) →
419
- * each value is indexed as `arg0`, `arg1`, …
363
+ * @param error - The error to be mapped
364
+ * @returns A transformed error if the error code matches a known pattern, or null if no transformation is needed
420
365
  *
421
- * ## Why arrays are NOT treated as plain objects
366
+ * @example
367
+ * ```typescript
368
+ * // This will be automatically applied to all API errors
369
+ * const apiClient = createApiClient({}, client);
422
370
  *
423
- * `typeof [] === 'object'` and `[] !== null`, so without the `Array.isArray`
424
- * guard a single-array argument would be returned as-is. That would produce
425
- * an object with numeric string keys (`{ '0': ..., '1': ... }`), which is
426
- * misleading and inconsistent with how multi-arg calls are handled. Instead,
427
- * arrays fall through to the indexed `arg0` path.
371
+ * // The clientErrorMapper will automatically convert mfa_invalid_code errors
372
+ * // to MfaInvalidOtpError instances
373
+ * ```
428
374
  * @notInstrumented
429
375
  */
430
- const extractParams = (args) => {
431
- if (args.length === 0) return {};
432
- if (args.length === 1 && typeof args[0] === "object" && args[0] !== null && !Array.isArray(args[0])) return args[0];
433
- const result = {};
434
- for (let i = 0; i < args.length; i++) result[`arg${i}`] = args[i];
435
- return result;
376
+ const clientErrorMapper = (error) => {
377
+ if (error instanceof APIError) {
378
+ if (error.code === "mfa_invalid_code") return new MfaInvalidOtpError({ cause: error });
379
+ if (error.code === "mfa_rate_limited") return new MfaRateLimitedError({ cause: error });
380
+ if (error.code === "invalid_external_auth") return new InvalidExternalAuthError({ cause: error });
381
+ if (error.code === "sandbox_maximum_threshold_reached") return new SandboxMaximumThresholdReachedError({ cause: error });
382
+ if (error.code === "merge_accounts_invalid" || error.code === "reassign_wallet_error") return new LinkCredentialError({ cause: error });
383
+ }
384
+ return null;
436
385
  };
437
386
 
438
387
  //#endregion
439
- //#region src/services/instrumentation/instrumentFunction/scrubResolvedValue/scrubResolvedValue.ts
388
+ //#region src/modules/apiClient/utils/convertToApiErrorMiddleware/convertToApiErrorMiddleware.ts
440
389
  /**
441
- * Scrubs a resolved return value of any type before logging it.
442
- * Routes through `scrubParameters` by wrapping the value so that strings,
443
- * arrays, Dates, Errors, and all other types are handled identically to
444
- * nested object fields.
390
+ * Creates middleware that converts HTTP error responses to APIError instances
391
+ * and optionally applies custom error mappers to transform them into specific error types.
392
+ *
393
+ * @param options.errorMappers - Array of error mappers to apply to API errors
394
+ * @returns A middleware function that handles error conversion and mapping
445
395
  * @notInstrumented
446
396
  */
447
- const scrubResolvedValue = ({ piiFields, redactAll, value }) => scrubParameters({
448
- piiFields,
449
- redactAll,
450
- value: { result: value }
451
- }).result;
397
+ const createConvertToApiErrorMiddleware = ({ errorMappers = [] }) => ({ post: async (context) => {
398
+ if (context.response.status >= 400) {
399
+ const apiError = await APIError.fromResponse(context.response);
400
+ if (apiError) {
401
+ let errorToThrow = apiError;
402
+ for (const mapper of errorMappers) {
403
+ const newError = mapper(apiError);
404
+ if (newError) {
405
+ errorToThrow = newError;
406
+ break;
407
+ }
408
+ }
409
+ throw errorToThrow;
410
+ }
411
+ }
412
+ return context.response;
413
+ } });
452
414
 
453
415
  //#endregion
454
- //#region src/services/instrumentation/instrumentFunction/instrumentFunction.ts
455
- const serializeError = (error) => {
456
- if (error instanceof Error) return {
457
- message: error.message,
458
- name: error.name,
459
- stack: error.stack
460
- };
416
+ //#region src/utils/getNonce/getNonce.ts
417
+ /**
418
+ * Returns a nonce for wallet ownership verification.
419
+ *
420
+ * Pops the first nonce from the prefetched pool. When the pool is running low
421
+ * (≤1 remaining after pop) a background refetch is triggered. If the pool is
422
+ * empty, nonces are fetched on-demand before returning.
423
+ * @notInstrumented
424
+ */
425
+ const getNonce = async (client) => {
426
+ const core = getCore(client);
427
+ const pool = core.state.get().prefetchedNonces;
428
+ if (pool.length > 0) {
429
+ const [nonce, ...remaining] = pool;
430
+ core.state.set({ prefetchedNonces: remaining });
431
+ if (remaining.length <= 1) fetchAndStoreNonces(client);
432
+ return nonce;
433
+ }
434
+ await fetchAndStoreNonces(client);
435
+ return getNonce(client);
436
+ };
437
+
438
+ //#endregion
439
+ //#region src/modules/deviceRegistration/getDeviceSigner/getDeviceSigner.ts
440
+ /** @notInstrumented */
441
+ const getDeviceSigner = async (client) => {
442
+ const { deviceSigner, keychain } = getCore(client);
443
+ /**
444
+ * If the device signer is available, it should handle the device signing.
445
+ * This is used for mobile devices with secure enclave.
446
+ */
447
+ if (deviceSigner) return deviceSigner;
448
+ const keyName = "device";
449
+ if (!await keychain.getPublicKey(keyName)) await keychain.generateKey(keyName);
461
450
  return {
462
- message: String(error),
463
- name: "UnknownError"
464
- };
465
- };
466
- /**
467
- * Wraps a function so that each invocation emits a structured
468
- * `FunctionInstrumentationEvent` at three lifecycle points:
469
- *
470
- * - **started** — immediately before the function body executes, with the
471
- * PII-scrubbed call parameters.
472
- * - **resolved** — after the function (or its returned Promise) settles
473
- * successfully, with the PII-scrubbed return value.
474
- * - **rejected** — if the function throws synchronously or its returned
475
- * Promise rejects.
476
- *
477
- * The original return value (or thrown error) is always forwarded to the
478
- * caller unchanged — instrumentation is purely observational.
479
- *
480
- * ## Usage
481
- *
482
- * ```ts
483
- * const transfer = instrumentFunction({
484
- * fn: rawTransfer,
485
- * functionName: 'transfer',
486
- * getCore: () => core,
487
- * });
488
- *
489
- * // When called, three events are emitted automatically:
490
- * await transfer({ amount: 1, to: '0xabc' });
491
- * ```
492
- *
493
- * ## How functions are wrapped
494
- *
495
- * `instrumentFunction` is not called manually in application code. Instead,
496
- * the esbuild instrumentation plugin (`tools/instrumentation-plugin`) injects
497
- * it at build time: any exported function annotated with `@instrumented` in its
498
- * JSDoc is automatically wrapped by the plugin during the build step.
499
- * The plugin strips the original `export`, renames the function, and re-exports
500
- * it under the original name via `instrumentFunction(...)` — so the public API
501
- * is unchanged and no call sites need to be updated.
502
- *
503
- * ## Opting out
504
- *
505
- * Instrumentation is skipped entirely when:
506
- * - `getCore()` returns `undefined` (SDK not initialised), or
507
- * - `core.instrumentation.config.enabled` is `false`.
508
- *
509
- * In both cases the original function is called directly with no overhead.
510
- *
511
- * ## PII scrubbing
512
- *
513
- * All string values whose key appears in `piiFields` are replaced with
514
- * `"[redacted]"` before events are emitted. Pass `redactAll: true` to redact
515
- * every field, regardless of key name.
516
- * @notInstrumented
517
- */
518
- const instrumentFunction = ({ fn, functionName, getCore: getCore$1, redactAll }) => {
519
- const wrapped = (...args) => {
520
- const core = getCore$1();
521
- if (!core) return fn(...args);
522
- if (!core.instrumentation.config.enabled) return fn(...args);
523
- const instrumentation = core.instrumentation;
524
- const state = core.state.get();
525
- const baseEvent = {
526
- environmentId: core.environmentId,
527
- functionName,
528
- operatingSystem: getOperatingSystem(),
529
- parameters: scrubParameters({
530
- piiFields: instrumentation.config.piiFields,
531
- redactAll,
532
- value: extractParams(args)
533
- }),
534
- platform: getPlatform(),
535
- registeredExtensionKeys: Array.from(core.extensions),
536
- sdkSessionId: core.sdkSessionId,
537
- sdkVersion: core.version,
538
- status: "info",
539
- tokenSessionId: state.token ? extractSessionId(state.token) : null,
540
- userAgent: getUserAgent(),
541
- userId: state.user?.id ?? null
542
- };
543
- instrumentation.logFunction({
544
- ...baseEvent,
545
- phase: "started",
546
- timestamp: (/* @__PURE__ */ new Date()).toISOString()
547
- });
548
- try {
549
- const result = fn(...args);
550
- if (result instanceof Promise) return result.then((value) => {
551
- instrumentation.logFunction({
552
- ...baseEvent,
553
- phase: "resolved",
554
- resolvedValue: scrubResolvedValue({
555
- piiFields: instrumentation.config.piiFields,
556
- redactAll,
557
- value
558
- }),
559
- timestamp: (/* @__PURE__ */ new Date()).toISOString()
560
- });
561
- return value;
562
- }).catch((error) => {
563
- instrumentation.logFunction({
564
- ...baseEvent,
565
- phase: "rejected",
566
- rejectedError: serializeError(error),
567
- timestamp: (/* @__PURE__ */ new Date()).toISOString()
568
- });
569
- throw error;
570
- });
571
- instrumentation.logFunction({
572
- ...baseEvent,
573
- phase: "resolved",
574
- resolvedValue: scrubResolvedValue({
575
- piiFields: instrumentation.config.piiFields,
576
- redactAll,
577
- value: result
578
- }),
579
- timestamp: (/* @__PURE__ */ new Date()).toISOString()
580
- });
581
- return result;
582
- } catch (error) {
583
- instrumentation.logFunction({
584
- ...baseEvent,
585
- phase: "rejected",
586
- rejectedError: serializeError(error),
587
- timestamp: (/* @__PURE__ */ new Date()).toISOString()
588
- });
589
- throw error;
590
- }
591
- };
592
- return wrapped;
593
- };
594
-
595
- //#endregion
596
- //#region src/modules/auth/getElevatedAccessToken/getElevatedAccessToken.ts
597
- /**
598
- * Gets an elevated access token by scope.
599
- *
600
- * This function retrieves an elevated access token that contains the specified scope.
601
- * Expired tokens are automatically filtered out.
602
- *
603
- * By default, if the token has `singleUse: true`, it will be automatically
604
- * consumed (removed from state) after retrieval. Pass `consume: false` to
605
- * check for token existence without consuming it.
606
- *
607
- * @param params - The parameters object.
608
- * @param params.scope - The scope to match (e.g., 'wallet:export').
609
- * @param params.consume - Whether to consume single-use tokens (default: true).
610
- * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.
611
- * @returns The elevated access token if found and not expired, or undefined if not found or expired.
612
- *
613
- * @example
614
- * ```typescript
615
- * // Retrieve and consume (default)
616
- * const token = getElevatedAccessToken({ scope: 'wallet:export' });
617
- *
618
- * // Check existence without consuming
619
- * const token = getElevatedAccessToken({ scope: 'credential:unlink', consume: false });
620
- * ```
621
- * @notInstrumented
622
- */
623
- const getElevatedAccessToken = ({ consume = true, scope }, client = getDefaultClient()) => {
624
- const core = getCore(client);
625
- const now = /* @__PURE__ */ new Date();
626
- const elevatedAccessTokens = core.state.get().elevatedAccessTokens || [];
627
- const validTokens = elevatedAccessTokens.filter((token$1) => !token$1.expiresAt || token$1.expiresAt > now);
628
- if (validTokens.length !== elevatedAccessTokens.length) core.state.set({ elevatedAccessTokens: validTokens });
629
- const token = validTokens.find((token$1) => token$1.scopes.includes(scope));
630
- if (!token) return;
631
- if (consume && token.singleUse) {
632
- const updatedTokens = validTokens.filter((t) => t !== token);
633
- core.state.set({ elevatedAccessTokens: updatedTokens });
634
- }
635
- return token.token;
636
- };
637
- const __getElevatedAccessToken_impl = getElevatedAccessToken;
638
- const __getElevatedAccessToken_wrapped = instrumentFunction({
639
- fn: __getElevatedAccessToken_impl,
640
- functionName: "getElevatedAccessToken",
641
- getCore: () => {
642
- try {
643
- return getCore(getDefaultClient());
644
- } catch {
645
- return;
646
- }
647
- }
648
- });
649
-
650
- //#endregion
651
- //#region src/errors/ValueMustBeDefinedError.ts
652
- var ValueMustBeDefinedError = class extends BaseError {
653
- constructor(message) {
654
- super({
655
- cause: null,
656
- code: "value_must_be_defined_error",
657
- docsUrl: null,
658
- name: "ValueMustBeDefined",
659
- shortMessage: message
660
- });
661
- }
662
- };
663
-
664
- //#endregion
665
- //#region src/utils/assertDefined/assertDefined.ts
666
- /**
667
- * Asserts that a value is not null or undefined, throwing an error if it is.
668
- * This function acts as a type guard, narrowing the type to exclude null and undefined.
669
- *
670
- * @template T - The type of the value being checked
671
- * @param value - The value to check for null or undefined
672
- * @param message - The error message to throw if the value is null or undefined
673
- * @throws Throws an error with the provided message if value is null or undefined
674
- * @example
675
- * ```typescript
676
- * const maybeString: string | null = getValue();
677
- * assertDefined(maybeString, 'String value is required');
678
- * // maybeString is now typed as string (null is excluded)
679
- * ```
680
- */
681
- function assertDefined(value, message) {
682
- if (value === null || value === void 0) throw new ValueMustBeDefinedError(message);
683
- }
684
-
685
- //#endregion
686
- //#region src/modules/projectSettings/isCookieEnabled/isCookieEnabled.ts
687
- /**
688
- * Returns true if the client is using Dynamic cookies or a BYO JWT cookie.
689
- * @notInstrumented
690
- */
691
- const isCookieEnabled = (client) => {
692
- assertDefined(client.projectSettings, "Project settings are not defined");
693
- const securitySettings = client.projectSettings.security;
694
- if (!securitySettings) return false;
695
- const dynamicCookiesEnabled = (securitySettings.auth?.storage || []).includes(_dynamic_labs_sdk_api_core.AuthStorageEnum.Cookie);
696
- const byoJwtCookieEnabled = Boolean(securitySettings.externalAuth?.cookieName);
697
- return dynamicCookiesEnabled || byoJwtCookieEnabled;
698
- };
699
-
700
- //#endregion
701
- //#region src/modules/sessionKeys/getSessionKeys/getSessionKeys.ts
702
- /** @notInstrumented */
703
- const getSessionKeys = (client) => {
704
- const publicKey = getCore(client).state.get().sessionKeys;
705
- if (!publicKey) return;
706
- return { publicKey };
707
- };
708
-
709
- //#endregion
710
- //#region src/errors/APIError/APIError.ts
711
- var APIError = class APIError extends BaseError {
712
- status;
713
- constructor(message, code, status) {
714
- super({
715
- cause: null,
716
- code,
717
- docsUrl: null,
718
- name: "APIError",
719
- shortMessage: message
720
- });
721
- this.status = status;
722
- }
723
- static async fromResponse(response) {
724
- try {
725
- const errorBody = await response.clone().json();
726
- if (errorBody && "error" in errorBody && typeof errorBody.error === "string") {
727
- const errorCode = "code" in errorBody && typeof errorBody.code === "string" ? errorBody.code : "unknown_error";
728
- return new APIError(errorBody.error, errorCode, response.status);
729
- }
730
- return null;
731
- } catch {
732
- return null;
733
- }
734
- }
735
- };
736
-
737
- //#endregion
738
- //#region src/errors/InvalidExternalAuthError.ts
739
- var InvalidExternalAuthError = class extends BaseError {
740
- constructor({ cause }) {
741
- super({
742
- cause,
743
- code: "invalid_external_auth_error",
744
- docsUrl: "https://www.dynamic.xyz/docs/external-auth/third-party-auth-overview",
745
- name: "InvalidExternalAuthError",
746
- shortMessage: "Error authenticating with external JWT"
747
- });
748
- }
749
- };
750
-
751
- //#endregion
752
- //#region src/errors/LinkCredentialError.ts
753
- var LinkCredentialError = class extends BaseError {
754
- constructor({ cause }) {
755
- super({
756
- cause,
757
- code: "link_credential_error",
758
- docsUrl: null,
759
- name: "LinkCredentialError",
760
- shortMessage: "The credential you are trying to link is associated with another account and cannot be reassigned."
761
- });
762
- }
763
- };
764
-
765
- //#endregion
766
- //#region src/errors/MfaInvalidOtpError.ts
767
- var MfaInvalidOtpError = class extends BaseError {
768
- constructor({ cause }) {
769
- super({
770
- cause,
771
- code: "mfa_invalid_otp_error",
772
- docsUrl: null,
773
- name: "MfaInvalidOtpError",
774
- shortMessage: "Invalid OTP"
775
- });
776
- }
777
- };
778
-
779
- //#endregion
780
- //#region src/errors/MfaRateLimitedError.ts
781
- var MfaRateLimitedError = class extends BaseError {
782
- constructor({ cause }) {
783
- super({
784
- cause,
785
- code: "mfa_rate_limited_error",
786
- docsUrl: null,
787
- name: "MfaRateLimitedError",
788
- shortMessage: "Rate limited"
789
- });
790
- }
791
- };
792
-
793
- //#endregion
794
- //#region src/errors/SandboxMaximumThresholdReachedError.ts
795
- var SandboxMaximumThresholdReachedError = class extends BaseError {
796
- constructor({ cause }) {
797
- super({
798
- cause,
799
- code: "sandbox_maximum_threshold_reached_error",
800
- docsUrl: "https://www.dynamic.xyz/docs/developer-dashboard/sandbox-vs-live#sandbox-vs-live",
801
- name: "SandboxMaximumThresholdReachedError",
802
- shortMessage: "Your sandbox environment has reached the maximum MAU. Please use a live environment for production traffic."
803
- });
804
- }
805
- };
806
-
807
- //#endregion
808
- //#region src/modules/apiClient/utils/clientErrorMapper/clientErrorMapper.ts
809
- /**
810
- * Default error mapper for the client that handles common API error codes.
811
- *
812
- * This mapper transforms specific API error codes into more specific error types:
813
- * - `mfa_invalid_code` → `MfaInvalidOtpError`
814
- * - `mfa_rate_limited` → `MfaRateLimitedError`
815
- *
816
- * @param error - The error to be mapped
817
- * @returns A transformed error if the error code matches a known pattern, or null if no transformation is needed
818
- *
819
- * @example
820
- * ```typescript
821
- * // This will be automatically applied to all API errors
822
- * const apiClient = createApiClient({}, client);
823
- *
824
- * // The clientErrorMapper will automatically convert mfa_invalid_code errors
825
- * // to MfaInvalidOtpError instances
826
- * ```
827
- * @notInstrumented
828
- */
829
- const clientErrorMapper = (error) => {
830
- if (error instanceof APIError) {
831
- if (error.code === "mfa_invalid_code") return new MfaInvalidOtpError({ cause: error });
832
- if (error.code === "mfa_rate_limited") return new MfaRateLimitedError({ cause: error });
833
- if (error.code === "invalid_external_auth") return new InvalidExternalAuthError({ cause: error });
834
- if (error.code === "sandbox_maximum_threshold_reached") return new SandboxMaximumThresholdReachedError({ cause: error });
835
- if (error.code === "merge_accounts_invalid" || error.code === "reassign_wallet_error") return new LinkCredentialError({ cause: error });
836
- }
837
- return null;
838
- };
839
-
840
- //#endregion
841
- //#region src/modules/apiClient/utils/convertToApiErrorMiddleware/convertToApiErrorMiddleware.ts
842
- /**
843
- * Creates middleware that converts HTTP error responses to APIError instances
844
- * and optionally applies custom error mappers to transform them into specific error types.
845
- *
846
- * @param options.errorMappers - Array of error mappers to apply to API errors
847
- * @returns A middleware function that handles error conversion and mapping
848
- * @notInstrumented
849
- */
850
- const createConvertToApiErrorMiddleware = ({ errorMappers = [] }) => ({ post: async (context) => {
851
- if (context.response.status >= 400) {
852
- const apiError = await APIError.fromResponse(context.response);
853
- if (apiError) {
854
- let errorToThrow = apiError;
855
- for (const mapper of errorMappers) {
856
- const newError = mapper(apiError);
857
- if (newError) {
858
- errorToThrow = newError;
859
- break;
860
- }
861
- }
862
- throw errorToThrow;
863
- }
864
- }
865
- return context.response;
866
- } });
867
-
868
- //#endregion
869
- //#region src/utils/getNonce/getNonce.ts
870
- /**
871
- * Returns a nonce for wallet ownership verification.
872
- *
873
- * Pops the first nonce from the prefetched pool. When the pool is running low
874
- * (≤1 remaining after pop) a background refetch is triggered. If the pool is
875
- * empty, nonces are fetched on-demand before returning.
876
- * @notInstrumented
877
- */
878
- const getNonce = async (client) => {
879
- const core = getCore(client);
880
- const pool = core.state.get().prefetchedNonces;
881
- if (pool.length > 0) {
882
- const [nonce, ...remaining] = pool;
883
- core.state.set({ prefetchedNonces: remaining });
884
- if (remaining.length <= 1) fetchAndStoreNonces(client);
885
- return nonce;
886
- }
887
- await fetchAndStoreNonces(client);
888
- return getNonce(client);
889
- };
890
-
891
- //#endregion
892
- //#region src/modules/deviceRegistration/getDeviceSigner/getDeviceSigner.ts
893
- /** @notInstrumented */
894
- const getDeviceSigner = async (client) => {
895
- const { deviceSigner, keychain } = getCore(client);
896
- /**
897
- * If the device signer is available, it should handle the device signing.
898
- * This is used for mobile devices with secure enclave.
899
- */
900
- if (deviceSigner) return deviceSigner;
901
- const keyName = "device";
902
- if (!await keychain.getPublicKey(keyName)) await keychain.generateKey(keyName);
903
- return {
904
- getPublicKey: () => keychain.getPublicKey(keyName),
905
- sign: (payload) => keychain.sign(keyName, payload)
451
+ getPublicKey: () => keychain.getPublicKey(keyName),
452
+ sign: (payload) => keychain.sign(keyName, payload)
906
453
  };
907
454
  };
908
455
 
@@ -1010,7 +557,7 @@ const createApiClient = (options = {}, client) => {
1010
557
  if (client.projectSettings && isCookieEnabled(client)) settings.credentials = "include";
1011
558
  if (options.includeMfaToken && coreState.mfaToken) settings.headers[MFA_TOKEN_HEADER] = coreState.mfaToken;
1012
559
  if (options.elevatedAccessTokenScope) {
1013
- const elevatedToken = __getElevatedAccessToken_wrapped({ scope: options.elevatedAccessTokenScope }, client);
560
+ const elevatedToken = getElevatedAccessToken({ scope: options.elevatedAccessTokenScope }, client);
1014
561
  if (elevatedToken) settings.headers[ELEVATED_ACCESS_TOKEN_HEADER] = elevatedToken;
1015
562
  }
1016
563
  const sessionPublicKey = getSessionKeys(client)?.publicKey;
@@ -1439,187 +986,630 @@ const getWalletAccountsFromState = ({ unverifiedWalletAccounts, user }, client)
1439
986
  };
1440
987
 
1441
988
  //#endregion
1442
- //#region src/modules/wallets/getWalletAccounts/getWalletAccounts.ts
989
+ //#region src/modules/wallets/getWalletAccounts/getWalletAccounts.ts
990
+ /**
991
+ * Retrieves all wallet accounts associated with the current session.
992
+ *
993
+ * This function returns both verified and unverified wallet accounts,
994
+ * combining data from user credentials and local unverified accounts.
995
+ * You can differentiate between verified and unverified wallet accounts by
996
+ * checking the `verifiedCredentialId` property.
997
+ *
998
+ * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.
999
+ * @returns An array of wallet accounts associated with the session.
1000
+ * @notInstrumented
1001
+ * @hook Exposed as a hook so consumers get the reactive list of wallet accounts.
1002
+ */
1003
+ const getWalletAccounts = (client = getDefaultClient()) => {
1004
+ const { unverifiedWalletAccounts, user } = getCore(client).state.get();
1005
+ return getWalletAccountsFromState({
1006
+ unverifiedWalletAccounts,
1007
+ user
1008
+ }, client);
1009
+ };
1010
+
1011
+ //#endregion
1012
+ //#region src/errors/NoWalletProviderFoundError.ts
1013
+ var NoWalletProviderFoundError = class extends BaseError {
1014
+ constructor({ walletProviderKey }) {
1015
+ super({
1016
+ cause: null,
1017
+ code: "no_wallet_provider_found_error",
1018
+ docsUrl: null,
1019
+ name: "NoWalletProviderFoundError",
1020
+ shortMessage: `No wallet provider found with key: ${walletProviderKey}`
1021
+ });
1022
+ }
1023
+ };
1024
+
1025
+ //#endregion
1026
+ //#region src/services/runtimeServices/createRuntimeServiceAccessKey/createRuntimeServiceAccessKey.ts
1027
+ /**
1028
+ * Creates a service accessor function that manages service instantiation and caching.
1029
+ * The returned function will either retrieve an existing service from the registry or
1030
+ * create a new one using the provided builder function.
1031
+ *
1032
+ * @template - The type of service to be created/accessed
1033
+ * @param key - Unique identifier for the service in the registry
1034
+ * @param builder - Function that creates the service instance when called with a DynamicClient
1035
+ * @notInstrumented
1036
+ */
1037
+ const createRuntimeServiceAccessKey = (key, builder) => (client) => {
1038
+ const { runtimeServices } = getCore(client);
1039
+ const currentService = runtimeServices.getByKey(key);
1040
+ if (currentService) return currentService;
1041
+ const service = builder(client);
1042
+ runtimeServices.register(key, service);
1043
+ return service;
1044
+ };
1045
+
1046
+ //#endregion
1047
+ //#region src/modules/wallets/walletProviderRegistry/createWalletProviderRegistry/createWalletProviderRegistry.ts
1048
+ /**
1049
+ * Creates a new wallet provider registry that manages wallet providers with priority-based registration.
1050
+ *
1051
+ * @returns The wallet provider registry instance
1052
+ *
1053
+ * @example
1054
+ * ```typescript
1055
+ * const registry = createWalletProviderRegistry();
1056
+ *
1057
+ * registry.register({
1058
+ * priority: WalletProviderPriority.WALLET_SDK,
1059
+ * walletProvider: myWalletProvider
1060
+ * });
1061
+ *
1062
+ * const provider = registry.getByKey('my-wallet-key');
1063
+ * const providers = registry.listProviders();
1064
+ * ```
1065
+ * @notInstrumented
1066
+ */
1067
+ const createWalletProviderRegistry = (client) => {
1068
+ const registry = /* @__PURE__ */ new Map();
1069
+ return {
1070
+ getByKey: (key) => registry.get(key)?.walletProvider,
1071
+ listProviderEntries: () => Array.from(registry.values()),
1072
+ listProviders: () => Array.from(registry.values()).map((v) => v.walletProvider),
1073
+ register: (args) => {
1074
+ const existingEntry = registry.get(args.walletProvider.key);
1075
+ if (existingEntry) {
1076
+ if (existingEntry.priority < args.priority) {
1077
+ registry.set(args.walletProvider.key, args);
1078
+ emitEvent({
1079
+ args: { walletProviderKey: args.walletProvider.key },
1080
+ event: "walletProviderChanged"
1081
+ }, client);
1082
+ }
1083
+ } else {
1084
+ registry.set(args.walletProvider.key, args);
1085
+ emitEvent({
1086
+ args: { walletProvider: args.walletProvider },
1087
+ event: "walletProviderRegistered"
1088
+ }, client);
1089
+ emitEvent({
1090
+ args: { walletProviderKey: args.walletProvider.key },
1091
+ event: "walletProviderChanged"
1092
+ }, client);
1093
+ }
1094
+ },
1095
+ unregister: (key) => {
1096
+ registry.delete(key);
1097
+ emitEvent({
1098
+ args: { walletProviderKey: key },
1099
+ event: "walletProviderUnregistered"
1100
+ }, client);
1101
+ }
1102
+ };
1103
+ };
1104
+
1105
+ //#endregion
1106
+ //#region src/modules/wallets/walletProviderRegistry/getWalletProviderRegistry/getWalletProviderRegistry.ts
1107
+ /**
1108
+ * This function provides access to a shared instance of the wallet provider registry.
1109
+ *
1110
+ * It ensures that the same registry instance is used throughout the client to maintaining
1111
+ * consistency of registered wallet providers across different parts of the codebase.
1112
+ *
1113
+ * @returns The wallet provider registry instance
1114
+ *
1115
+ * @example
1116
+ * ```typescript
1117
+ * // Get the registry instance
1118
+ * const registry = getWalletProviderRegistry();
1119
+ *
1120
+ * // Register a wallet provider
1121
+ * registry.register({
1122
+ * priority: WalletProviderPriority.WALLET_SDK,
1123
+ * walletProvider: myWalletProvider
1124
+ * });
1125
+ *
1126
+ * // Retrieve a specific provider
1127
+ * const provider = registry.getByKey('metamaskevm');
1128
+ * ```
1129
+ */
1130
+ const getWalletProviderRegistry = createRuntimeServiceAccessKey("walletProviderRegistry", (client) => createWalletProviderRegistry(client));
1131
+
1132
+ //#endregion
1133
+ //#region src/modules/wallets/walletProviderRegistry/walletProviderRegistry.types.ts
1134
+ let WalletProviderPriority = /* @__PURE__ */ function(WalletProviderPriority$1) {
1135
+ /**
1136
+ * Highest priority should be used by wallet providers that implement
1137
+ * the most reliable wallet integration.
1138
+ * example: The SDK provided by the wallet provider.
1139
+ */
1140
+ WalletProviderPriority$1[WalletProviderPriority$1["WALLET_SDK"] = 100] = "WALLET_SDK";
1141
+ /**
1142
+ * Medium priority should be used by wallet providers that implement
1143
+ * a wallet integration via some reliable standard.
1144
+ * example: A wallet provider that uses EIP6963 announcement.
1145
+ */
1146
+ WalletProviderPriority$1[WalletProviderPriority$1["WALLET_SELF_ANNOUNCEMENT_STANDARD"] = 50] = "WALLET_SELF_ANNOUNCEMENT_STANDARD";
1147
+ /**
1148
+ * Low priority should be used by wallet providers that implement
1149
+ * a wallet integration on a less reliable standard.
1150
+ * example: A wallet provider that uses window.ethereum, where the
1151
+ * window key can be overridden by other extensions.
1152
+ */
1153
+ WalletProviderPriority$1[WalletProviderPriority$1["WINDOW_INJECT"] = 20] = "WINDOW_INJECT";
1154
+ return WalletProviderPriority$1;
1155
+ }({});
1156
+
1157
+ //#endregion
1158
+ //#region src/modules/wallets/utils/getWalletProviderFromWalletAccount/getWalletProviderFromWalletAccount.ts
1159
+ /** @notInstrumented */
1160
+ const getWalletProviderFromWalletAccount = ({ walletAccount }, client) => {
1161
+ const walletProvider = getWalletProviderRegistry(client).getByKey(walletAccount.walletProviderKey);
1162
+ if (!walletProvider) throw new NoWalletProviderFoundError({ walletProviderKey: walletAccount.walletProviderKey });
1163
+ return walletProvider;
1164
+ };
1165
+
1166
+ //#endregion
1167
+ //#region src/modules/auth/consts.ts
1168
+ const DYNAMIC_AUTH_COOKIE_NAME = "DYNAMIC_JWT_TOKEN";
1169
+
1170
+ //#endregion
1171
+ //#region src/modules/auth/extractSessionId/extractSessionId.ts
1172
+ /**
1173
+ * Extracts the session ID (`sid` claim) from a JWT token string.
1174
+ *
1175
+ * Decodes the base64url-encoded payload segment of the token and reads the
1176
+ * `sid` field. This is used to correlate instrumentation events with the
1177
+ * authenticated session, without ever forwarding the full token.
1178
+ *
1179
+ * Returns `null` when no token is present, when the token is malformed, or
1180
+ * when the payload does not contain a `sid` claim.
1181
+ * @notInstrumented
1182
+ */
1183
+ const extractSessionId = (token) => {
1184
+ try {
1185
+ const payload = token.split(".")[1];
1186
+ return JSON.parse(atob(payload)).sid ?? null;
1187
+ } catch {
1188
+ return null;
1189
+ }
1190
+ };
1191
+
1192
+ //#endregion
1193
+ //#region src/utils/getOperatingSystem/getOperatingSystem.ts
1194
+ /**
1195
+ * Detects the operating system from `navigator.userAgent` for web environments.
1196
+ *
1197
+ * The React Native bundler (Metro) resolves `getOperatingSystem.native.ts`
1198
+ * instead when building for React Native, which uses `Platform.OS` directly.
1199
+ *
1200
+ * Falls back to `'unknown'` when `navigator` is unavailable (SSR, service
1201
+ * workers) or when the user-agent string doesn't match a known OS pattern.
1202
+ * @notInstrumented
1203
+ */
1204
+ const getOperatingSystem = () => {
1205
+ try {
1206
+ const ua = navigator.userAgent;
1207
+ if (/iPhone|iPad|iPod/.test(ua)) return "ios";
1208
+ if (/Android/.test(ua)) return "android";
1209
+ if (/Windows/.test(ua)) return "windows";
1210
+ if (/Macintosh|Mac OS X/.test(ua)) return "macos";
1211
+ if (/Linux/.test(ua)) return "linux";
1212
+ return "unknown";
1213
+ } catch {
1214
+ return "unknown";
1215
+ }
1216
+ };
1217
+
1218
+ //#endregion
1219
+ //#region src/utils/getPlatform/getPlatform.ts
1443
1220
  /**
1444
- * Retrieves all wallet accounts associated with the current session.
1221
+ * Returns the platform the SDK is running on.
1445
1222
  *
1446
- * This function returns both verified and unverified wallet accounts,
1447
- * combining data from user credentials and local unverified accounts.
1448
- * You can differentiate between verified and unverified wallet accounts by
1449
- * checking the `verifiedCredentialId` property.
1223
+ * This is the web implementation the React Native bundler resolves
1224
+ * `getPlatform.native.ts` instead when building for React Native, which
1225
+ * returns `'react-native'`.
1226
+ * @notInstrumented
1227
+ */
1228
+ const getPlatform = () => "web";
1229
+
1230
+ //#endregion
1231
+ //#region src/utils/getUserAgent/getUserAgent.ts
1232
+ /**
1233
+ * Returns the browser's `navigator.userAgent` string for inclusion in
1234
+ * instrumentation events.
1450
1235
  *
1451
- * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.
1452
- * @returns An array of wallet accounts associated with the session.
1236
+ * Falls back to an empty string in environments where `navigator` is not
1237
+ * available (e.g., Node.js SSR, service workers) so that callers never need
1238
+ * to guard against undefined.
1453
1239
  * @notInstrumented
1454
- * @hook Exposed as a hook so consumers get the reactive list of wallet accounts.
1455
1240
  */
1456
- const getWalletAccounts = (client = getDefaultClient()) => {
1457
- const { unverifiedWalletAccounts, user } = getCore(client).state.get();
1458
- return getWalletAccountsFromState({
1459
- unverifiedWalletAccounts,
1460
- user
1461
- }, client);
1241
+ const getUserAgent = () => {
1242
+ try {
1243
+ return navigator.userAgent;
1244
+ } catch {
1245
+ return "";
1246
+ }
1462
1247
  };
1463
1248
 
1464
1249
  //#endregion
1465
- //#region src/errors/NoWalletProviderFoundError.ts
1466
- var NoWalletProviderFoundError = class extends BaseError {
1467
- constructor({ walletProviderKey }) {
1468
- super({
1469
- cause: null,
1470
- code: "no_wallet_provider_found_error",
1471
- docsUrl: null,
1472
- name: "NoWalletProviderFoundError",
1473
- shortMessage: `No wallet provider found with key: ${walletProviderKey}`
1250
+ //#region src/services/instrumentation/constants.ts
1251
+ /**
1252
+ * Default key-based PII scrubber list, lowercased and matched against the
1253
+ * lowercased object key.
1254
+ *
1255
+ * Two complementary mechanisms cover credential leakage:
1256
+ *
1257
+ * 1. Explicit keys listed here — matched exactly (case-insensitive). Use this
1258
+ * for keys that don't end in a generic credential suffix (e.g. `mnemonic`,
1259
+ * `seed`, `verificationCode`, `keyShare`).
1260
+ * 2. Suffix matching in {@link scrubParameters} for the credential suffixes
1261
+ * enumerated by {@link PII_KEY_SUFFIXES} — catches any field whose name
1262
+ * ends in `token` or `jwt` (e.g. `mfaToken`, `minifiedJwt`, `accessToken`,
1263
+ * `idToken`, `captchaToken`, …) without needing to enumerate them here.
1264
+ */
1265
+ const DEFAULT_PII_FIELDS = [
1266
+ "password",
1267
+ "token",
1268
+ "secret",
1269
+ "privateKey",
1270
+ "privateJwk",
1271
+ "mnemonic",
1272
+ "seed",
1273
+ "keyShare",
1274
+ "keyShares",
1275
+ "email",
1276
+ "phone",
1277
+ "ssn",
1278
+ "address",
1279
+ "authorization",
1280
+ "verificationCode",
1281
+ "recoveryCodes",
1282
+ "codeVerifier",
1283
+ "pkce",
1284
+ "bearer",
1285
+ "apiKey",
1286
+ "alias",
1287
+ "publicIdentifier"
1288
+ ];
1289
+ /**
1290
+ * Lowercased suffixes used by {@link scrubParameters} to match credential-like
1291
+ * keys without enumerating every variant (e.g. `mfaToken`, `accessToken`,
1292
+ * `refreshToken`, `legacyToken`, `minifiedJwt`). Only suffixes that are
1293
+ * unambiguously credentials belong here — `key` (matches `publicKey`) and
1294
+ * `code` (matches `countryCode`) are too broad and must not be added.
1295
+ */
1296
+ const PII_KEY_SUFFIXES = ["token", "jwt"];
1297
+ const REDACTED_VALUE = "[REDACTED]";
1298
+ const MAX_STRING_LENGTH = 500;
1299
+ const TRUNCATED_SUFFIX = "...[truncated]";
1300
+ /**
1301
+ * Label prefix for binary data placeholders. The full placeholder includes the
1302
+ * byte length, e.g. `[Binary:16 bytes]`, so consumers can gauge data size
1303
+ * without the actual bytes appearing in logs.
1304
+ */
1305
+ const BINARY_LABEL = "Binary";
1306
+ /**
1307
+ * Placeholder emitted when a circular reference is detected in the value tree.
1308
+ * Using a named constant makes it easy to search for or filter in downstream
1309
+ * log tooling.
1310
+ */
1311
+ const CIRCULAR_VALUE = "[Circular]";
1312
+
1313
+ //#endregion
1314
+ //#region src/services/instrumentation/scrubParameters/scrubParameters.ts
1315
+ /**
1316
+ * Returns true when `key` should be redacted based on the configured PII
1317
+ * field list. A key matches when its lowercased form either equals one of
1318
+ * `piiFieldsLower` exactly, or ends in one of the curated credential
1319
+ * suffixes in {@link PII_KEY_SUFFIXES} (currently `token` and `jwt`). The
1320
+ * suffix check is what catches `mfaToken`, `minifiedJwt`, `accessToken`,
1321
+ * etc. without needing every variant enumerated explicitly.
1322
+ */
1323
+ const keyMatchesPiiField = ({ keyLower, piiFieldsLower }) => {
1324
+ if (piiFieldsLower.includes(keyLower)) return true;
1325
+ return PII_KEY_SUFFIXES.some((suffix) => keyLower.endsWith(suffix));
1326
+ };
1327
+ const scrubString = ({ key, piiFieldsLower, redactAll, value }) => {
1328
+ if (keyMatchesPiiField({
1329
+ keyLower: key.toLowerCase(),
1330
+ piiFieldsLower
1331
+ })) return REDACTED_VALUE;
1332
+ if (redactAll) return REDACTED_VALUE;
1333
+ if (value.length > MAX_STRING_LENGTH) return value.slice(0, MAX_STRING_LENGTH) + TRUNCATED_SUFFIX;
1334
+ return value;
1335
+ };
1336
+ const scrubArray = ({ context, value }) => {
1337
+ if (context.visited.has(value)) return [CIRCULAR_VALUE];
1338
+ context.visited.add(value);
1339
+ const result = value.map((item, index) => scrubValue({
1340
+ context,
1341
+ key: String(index),
1342
+ value: item
1343
+ }));
1344
+ context.visited.delete(value);
1345
+ return result;
1346
+ };
1347
+ const scrubObject = ({ context, value }) => {
1348
+ if (context.visited.has(value)) return { [CIRCULAR_VALUE]: true };
1349
+ context.visited.add(value);
1350
+ const result = Object.create(null);
1351
+ for (const key of Object.keys(value)) result[key] = scrubValue({
1352
+ context,
1353
+ key,
1354
+ value: value[key]
1355
+ });
1356
+ context.visited.delete(value);
1357
+ return result;
1358
+ };
1359
+ const scrubValue = ({ context, key, value }) => {
1360
+ if (value === null || value === void 0) return value;
1361
+ if (value instanceof Uint8Array) return `[${BINARY_LABEL}:${value.byteLength} bytes]`;
1362
+ if (keyMatchesPiiField({
1363
+ keyLower: key.toLowerCase(),
1364
+ piiFieldsLower: context.piiFieldsLower
1365
+ })) return REDACTED_VALUE;
1366
+ if (typeof value === "string") return scrubString({
1367
+ key,
1368
+ piiFieldsLower: context.piiFieldsLower,
1369
+ redactAll: context.redactAll,
1370
+ value
1371
+ });
1372
+ if (Array.isArray(value)) return scrubArray({
1373
+ context,
1374
+ value
1375
+ });
1376
+ if (value instanceof Set) {
1377
+ if (context.visited.has(value)) return [CIRCULAR_VALUE];
1378
+ context.visited.add(value);
1379
+ const setResult = scrubArray({
1380
+ context,
1381
+ value: [...value]
1382
+ });
1383
+ context.visited.delete(value);
1384
+ return setResult;
1385
+ }
1386
+ if (value instanceof Map) {
1387
+ if (context.visited.has(value)) return { [CIRCULAR_VALUE]: true };
1388
+ context.visited.add(value);
1389
+ const asObject = Object.create(null);
1390
+ for (const [k, v] of value.entries()) asObject[String(k)] = v;
1391
+ const mapResult = scrubObject({
1392
+ context,
1393
+ value: asObject
1474
1394
  });
1395
+ context.visited.delete(value);
1396
+ return mapResult;
1475
1397
  }
1398
+ if (value instanceof WeakMap) return "[WeakMap]";
1399
+ if (value instanceof WeakSet) return "[WeakSet]";
1400
+ if (value instanceof Date) return value.toISOString();
1401
+ if (value instanceof Error) return `[Error: ${value.message}]`;
1402
+ if (typeof value === "object") return scrubObject({
1403
+ context,
1404
+ value
1405
+ });
1406
+ return value;
1407
+ };
1408
+ /** @notInstrumented */
1409
+ const scrubParameters = ({ piiFields, redactAll, value }) => {
1410
+ return scrubObject({
1411
+ context: {
1412
+ piiFieldsLower: piiFields.map((field) => field.toLowerCase()),
1413
+ redactAll,
1414
+ visited: /* @__PURE__ */ new WeakSet()
1415
+ },
1416
+ value
1417
+ });
1476
1418
  };
1477
1419
 
1478
1420
  //#endregion
1479
- //#region src/services/runtimeServices/createRuntimeServiceAccessKey/createRuntimeServiceAccessKey.ts
1421
+ //#region src/services/instrumentation/instrumentFunction/extractParams/extractParams.ts
1480
1422
  /**
1481
- * Creates a service accessor function that manages service instantiation and caching.
1482
- * The returned function will either retrieve an existing service from the registry or
1483
- * create a new one using the provided builder function.
1423
+ * Normalises the raw positional arguments of an instrumented function call
1424
+ * into a flat `Record<string, unknown>` suitable for structured logging.
1484
1425
  *
1485
- * @template - The type of service to be created/accessed
1486
- * @param key - Unique identifier for the service in the registry
1487
- * @param builder - Function that creates the service instance when called with a DynamicClient
1426
+ * ## Why this is needed
1427
+ *
1428
+ * Instrumented functions are wrapped with `(...args: unknown[])`, so their
1429
+ * parameters arrive as an array. Logging a raw array loses the semantic names
1430
+ * of each argument. This function recovers a named representation:
1431
+ *
1432
+ * - **No arguments** → `{}`
1433
+ * - **Single plain-object argument** → that object is returned as-is, because
1434
+ * SDK functions follow the single-object-parameter convention, so the object
1435
+ * already carries named keys (`{ amount, to }`, etc.).
1436
+ * - **Everything else** (multiple args, a single primitive, a single array) →
1437
+ * each value is indexed as `arg0`, `arg1`, …
1438
+ *
1439
+ * ## Why arrays are NOT treated as plain objects
1440
+ *
1441
+ * `typeof [] === 'object'` and `[] !== null`, so without the `Array.isArray`
1442
+ * guard a single-array argument would be returned as-is. That would produce
1443
+ * an object with numeric string keys (`{ '0': ..., '1': ... }`), which is
1444
+ * misleading and inconsistent with how multi-arg calls are handled. Instead,
1445
+ * arrays fall through to the indexed `arg0` path.
1488
1446
  * @notInstrumented
1489
1447
  */
1490
- const createRuntimeServiceAccessKey = (key, builder) => (client) => {
1491
- const { runtimeServices } = getCore(client);
1492
- const currentService = runtimeServices.getByKey(key);
1493
- if (currentService) return currentService;
1494
- const service = builder(client);
1495
- runtimeServices.register(key, service);
1496
- return service;
1448
+ const extractParams = (args) => {
1449
+ if (args.length === 0) return {};
1450
+ if (args.length === 1 && typeof args[0] === "object" && args[0] !== null && !Array.isArray(args[0])) return args[0];
1451
+ const result = {};
1452
+ for (let i = 0; i < args.length; i++) result[`arg${i}`] = args[i];
1453
+ return result;
1497
1454
  };
1498
1455
 
1499
1456
  //#endregion
1500
- //#region src/modules/wallets/walletProviderRegistry/createWalletProviderRegistry/createWalletProviderRegistry.ts
1457
+ //#region src/services/instrumentation/instrumentFunction/scrubResolvedValue/scrubResolvedValue.ts
1501
1458
  /**
1502
- * Creates a new wallet provider registry that manages wallet providers with priority-based registration.
1503
- *
1504
- * @returns The wallet provider registry instance
1505
- *
1506
- * @example
1507
- * ```typescript
1508
- * const registry = createWalletProviderRegistry();
1509
- *
1510
- * registry.register({
1511
- * priority: WalletProviderPriority.WALLET_SDK,
1512
- * walletProvider: myWalletProvider
1513
- * });
1514
- *
1515
- * const provider = registry.getByKey('my-wallet-key');
1516
- * const providers = registry.listProviders();
1517
- * ```
1459
+ * Scrubs a resolved return value of any type before logging it.
1460
+ * Routes through `scrubParameters` by wrapping the value so that strings,
1461
+ * arrays, Dates, Errors, and all other types are handled identically to
1462
+ * nested object fields.
1518
1463
  * @notInstrumented
1519
1464
  */
1520
- const createWalletProviderRegistry = (client) => {
1521
- const registry = /* @__PURE__ */ new Map();
1465
+ const scrubResolvedValue = ({ piiFields, redactAll, value }) => scrubParameters({
1466
+ piiFields,
1467
+ redactAll,
1468
+ value: { result: value }
1469
+ }).result;
1470
+
1471
+ //#endregion
1472
+ //#region src/services/instrumentation/instrumentFunction/instrumentFunction.ts
1473
+ const serializeError = (error) => {
1474
+ if (error instanceof Error) return {
1475
+ message: error.message,
1476
+ name: error.name,
1477
+ stack: error.stack
1478
+ };
1522
1479
  return {
1523
- getByKey: (key) => registry.get(key)?.walletProvider,
1524
- listProviderEntries: () => Array.from(registry.values()),
1525
- listProviders: () => Array.from(registry.values()).map((v) => v.walletProvider),
1526
- register: (args) => {
1527
- const existingEntry = registry.get(args.walletProvider.key);
1528
- if (existingEntry) {
1529
- if (existingEntry.priority < args.priority) {
1530
- registry.set(args.walletProvider.key, args);
1531
- emitEvent({
1532
- args: { walletProviderKey: args.walletProvider.key },
1533
- event: "walletProviderChanged"
1534
- }, client);
1535
- }
1536
- } else {
1537
- registry.set(args.walletProvider.key, args);
1538
- emitEvent({
1539
- args: { walletProvider: args.walletProvider },
1540
- event: "walletProviderRegistered"
1541
- }, client);
1542
- emitEvent({
1543
- args: { walletProviderKey: args.walletProvider.key },
1544
- event: "walletProviderChanged"
1545
- }, client);
1546
- }
1547
- },
1548
- unregister: (key) => {
1549
- registry.delete(key);
1550
- emitEvent({
1551
- args: { walletProviderKey: key },
1552
- event: "walletProviderUnregistered"
1553
- }, client);
1554
- }
1480
+ message: String(error),
1481
+ name: "UnknownError"
1555
1482
  };
1556
1483
  };
1557
-
1558
- //#endregion
1559
- //#region src/modules/wallets/walletProviderRegistry/getWalletProviderRegistry/getWalletProviderRegistry.ts
1560
1484
  /**
1561
- * This function provides access to a shared instance of the wallet provider registry.
1485
+ * Wraps a function so that each invocation emits a structured
1486
+ * `FunctionInstrumentationEvent` at three lifecycle points:
1562
1487
  *
1563
- * It ensures that the same registry instance is used throughout the client to maintaining
1564
- * consistency of registered wallet providers across different parts of the codebase.
1488
+ * - **started** immediately before the function body executes, with the
1489
+ * PII-scrubbed call parameters.
1490
+ * - **resolved** — after the function (or its returned Promise) settles
1491
+ * successfully, with the PII-scrubbed return value.
1492
+ * - **rejected** — if the function throws synchronously or its returned
1493
+ * Promise rejects.
1565
1494
  *
1566
- * @returns The wallet provider registry instance
1495
+ * The original return value (or thrown error) is always forwarded to the
1496
+ * caller unchanged — instrumentation is purely observational.
1567
1497
  *
1568
- * @example
1569
- * ```typescript
1570
- * // Get the registry instance
1571
- * const registry = getWalletProviderRegistry();
1498
+ * ## Usage
1572
1499
  *
1573
- * // Register a wallet provider
1574
- * registry.register({
1575
- * priority: WalletProviderPriority.WALLET_SDK,
1576
- * walletProvider: myWalletProvider
1500
+ * ```ts
1501
+ * const transfer = instrumentFunction({
1502
+ * fn: rawTransfer,
1503
+ * functionName: 'transfer',
1504
+ * getCore: () => core,
1577
1505
  * });
1578
1506
  *
1579
- * // Retrieve a specific provider
1580
- * const provider = registry.getByKey('metamaskevm');
1507
+ * // When called, three events are emitted automatically:
1508
+ * await transfer({ amount: 1, to: '0xabc' });
1581
1509
  * ```
1510
+ *
1511
+ * ## How functions are wrapped
1512
+ *
1513
+ * `instrumentFunction` is not called manually in application code. Instead,
1514
+ * the esbuild instrumentation plugin (`tools/instrumentation-plugin`) injects
1515
+ * it at build time: any exported function annotated with `@instrumented` in its
1516
+ * JSDoc is automatically wrapped by the plugin during the build step.
1517
+ * The plugin strips the original `export`, renames the function, and re-exports
1518
+ * it under the original name via `instrumentFunction(...)` — so the public API
1519
+ * is unchanged and no call sites need to be updated.
1520
+ *
1521
+ * ## Opting out
1522
+ *
1523
+ * Instrumentation is skipped entirely when:
1524
+ * - `getCore()` returns `undefined` (SDK not initialised), or
1525
+ * - `core.instrumentation.config.enabled` is `false`.
1526
+ *
1527
+ * In both cases the original function is called directly with no overhead.
1528
+ *
1529
+ * ## PII scrubbing
1530
+ *
1531
+ * All string values whose key appears in `piiFields` are replaced with
1532
+ * `"[redacted]"` before events are emitted. Pass `redactAll: true` to redact
1533
+ * every field, regardless of key name.
1534
+ * @notInstrumented
1582
1535
  */
1583
- const getWalletProviderRegistry = createRuntimeServiceAccessKey("walletProviderRegistry", (client) => createWalletProviderRegistry(client));
1584
-
1585
- //#endregion
1586
- //#region src/modules/wallets/walletProviderRegistry/walletProviderRegistry.types.ts
1587
- let WalletProviderPriority = /* @__PURE__ */ function(WalletProviderPriority$1) {
1588
- /**
1589
- * Highest priority should be used by wallet providers that implement
1590
- * the most reliable wallet integration.
1591
- * example: The SDK provided by the wallet provider.
1592
- */
1593
- WalletProviderPriority$1[WalletProviderPriority$1["WALLET_SDK"] = 100] = "WALLET_SDK";
1594
- /**
1595
- * Medium priority should be used by wallet providers that implement
1596
- * a wallet integration via some reliable standard.
1597
- * example: A wallet provider that uses EIP6963 announcement.
1598
- */
1599
- WalletProviderPriority$1[WalletProviderPriority$1["WALLET_SELF_ANNOUNCEMENT_STANDARD"] = 50] = "WALLET_SELF_ANNOUNCEMENT_STANDARD";
1600
- /**
1601
- * Low priority should be used by wallet providers that implement
1602
- * a wallet integration on a less reliable standard.
1603
- * example: A wallet provider that uses window.ethereum, where the
1604
- * window key can be overridden by other extensions.
1605
- */
1606
- WalletProviderPriority$1[WalletProviderPriority$1["WINDOW_INJECT"] = 20] = "WINDOW_INJECT";
1607
- return WalletProviderPriority$1;
1608
- }({});
1609
-
1610
- //#endregion
1611
- //#region src/modules/wallets/utils/getWalletProviderFromWalletAccount/getWalletProviderFromWalletAccount.ts
1612
- /** @notInstrumented */
1613
- const getWalletProviderFromWalletAccount = ({ walletAccount }, client) => {
1614
- const walletProvider = getWalletProviderRegistry(client).getByKey(walletAccount.walletProviderKey);
1615
- if (!walletProvider) throw new NoWalletProviderFoundError({ walletProviderKey: walletAccount.walletProviderKey });
1616
- return walletProvider;
1536
+ const instrumentFunction = ({ fn, functionName, getCore: getCore$1, redactAll }) => {
1537
+ const wrapped = (...args) => {
1538
+ const core = getCore$1();
1539
+ if (!core) return fn(...args);
1540
+ if (!core.instrumentation.config.enabled) return fn(...args);
1541
+ const instrumentation = core.instrumentation;
1542
+ const state = core.state.get();
1543
+ const baseEvent = {
1544
+ environmentId: core.environmentId,
1545
+ functionName,
1546
+ operatingSystem: getOperatingSystem(),
1547
+ parameters: scrubParameters({
1548
+ piiFields: instrumentation.config.piiFields,
1549
+ redactAll,
1550
+ value: extractParams(args)
1551
+ }),
1552
+ platform: getPlatform(),
1553
+ registeredExtensionKeys: Array.from(core.extensions),
1554
+ sdkSessionId: core.sdkSessionId,
1555
+ sdkVersion: core.version,
1556
+ status: "info",
1557
+ tokenSessionId: state.token ? extractSessionId(state.token) : null,
1558
+ userAgent: getUserAgent(),
1559
+ userId: state.user?.id ?? null
1560
+ };
1561
+ instrumentation.logFunction({
1562
+ ...baseEvent,
1563
+ phase: "started",
1564
+ timestamp: (/* @__PURE__ */ new Date()).toISOString()
1565
+ });
1566
+ try {
1567
+ const result = fn(...args);
1568
+ if (result instanceof Promise) return result.then((value) => {
1569
+ instrumentation.logFunction({
1570
+ ...baseEvent,
1571
+ phase: "resolved",
1572
+ resolvedValue: scrubResolvedValue({
1573
+ piiFields: instrumentation.config.piiFields,
1574
+ redactAll,
1575
+ value
1576
+ }),
1577
+ timestamp: (/* @__PURE__ */ new Date()).toISOString()
1578
+ });
1579
+ return value;
1580
+ }).catch((error) => {
1581
+ instrumentation.logFunction({
1582
+ ...baseEvent,
1583
+ phase: "rejected",
1584
+ rejectedError: serializeError(error),
1585
+ timestamp: (/* @__PURE__ */ new Date()).toISOString()
1586
+ });
1587
+ throw error;
1588
+ });
1589
+ instrumentation.logFunction({
1590
+ ...baseEvent,
1591
+ phase: "resolved",
1592
+ resolvedValue: scrubResolvedValue({
1593
+ piiFields: instrumentation.config.piiFields,
1594
+ redactAll,
1595
+ value: result
1596
+ }),
1597
+ timestamp: (/* @__PURE__ */ new Date()).toISOString()
1598
+ });
1599
+ return result;
1600
+ } catch (error) {
1601
+ instrumentation.logFunction({
1602
+ ...baseEvent,
1603
+ phase: "rejected",
1604
+ rejectedError: serializeError(error),
1605
+ timestamp: (/* @__PURE__ */ new Date()).toISOString()
1606
+ });
1607
+ throw error;
1608
+ }
1609
+ };
1610
+ return wrapped;
1617
1611
  };
1618
1612
 
1619
- //#endregion
1620
- //#region src/modules/auth/consts.ts
1621
- const DYNAMIC_AUTH_COOKIE_NAME = "DYNAMIC_JWT_TOKEN";
1622
-
1623
1613
  //#endregion
1624
1614
  //#region src/constants.ts
1625
1615
  const SDK_API_CORE_VERSION = dependencies["@dynamic-labs/sdk-api-core"];
@@ -1825,12 +1815,6 @@ Object.defineProperty(exports, 'WalletProviderPriority', {
1825
1815
  return WalletProviderPriority;
1826
1816
  }
1827
1817
  });
1828
- Object.defineProperty(exports, '__getElevatedAccessToken_wrapped', {
1829
- enumerable: true,
1830
- get: function () {
1831
- return __getElevatedAccessToken_wrapped;
1832
- }
1833
- });
1834
1818
  Object.defineProperty(exports, 'assertDefined', {
1835
1819
  enumerable: true,
1836
1820
  get: function () {
@@ -1909,6 +1893,12 @@ Object.defineProperty(exports, 'getDeviceSigner', {
1909
1893
  return getDeviceSigner;
1910
1894
  }
1911
1895
  });
1896
+ Object.defineProperty(exports, 'getElevatedAccessToken', {
1897
+ enumerable: true,
1898
+ get: function () {
1899
+ return getElevatedAccessToken;
1900
+ }
1901
+ });
1912
1902
  Object.defineProperty(exports, 'getHeadersForNonceSignedByDeviceSigners', {
1913
1903
  enumerable: true,
1914
1904
  get: function () {
@@ -2065,4 +2055,4 @@ Object.defineProperty(exports, 'version', {
2065
2055
  return version;
2066
2056
  }
2067
2057
  });
2068
- //# sourceMappingURL=InvalidParamError-C7c-OLz1.cjs.map
2058
+ //# sourceMappingURL=InvalidParamError-BPY2yug_.cjs.map