@dynamic-labs-sdk/client 1.16.1 → 1.17.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (121) hide show
  1. package/dist/core.cjs +53 -53
  2. package/dist/core.cjs.map +1 -1
  3. package/dist/core.esm.js +5 -5
  4. package/dist/core.native.esm.js +5 -5
  5. package/dist/exports/index.d.ts +2 -2
  6. package/dist/exports/index.d.ts.map +1 -1
  7. package/dist/exports/waas.d.ts +2 -1
  8. package/dist/exports/waas.d.ts.map +1 -1
  9. package/dist/exports/waasCore.d.ts +3 -2
  10. package/dist/exports/waasCore.d.ts.map +1 -1
  11. package/dist/{getNetworkProviderFromNetworkId-D79icjmX.native.esm.js → getNetworkProviderFromNetworkId-Bfg-NkNJ.native.esm.js} +12 -4
  12. package/dist/getNetworkProviderFromNetworkId-Bfg-NkNJ.native.esm.js.map +1 -0
  13. package/dist/{getNetworkProviderFromNetworkId-BHxkTbiJ.cjs → getNetworkProviderFromNetworkId-CS4r9hi7.cjs} +43 -44
  14. package/dist/{getNetworkProviderFromNetworkId-BHxkTbiJ.cjs.map → getNetworkProviderFromNetworkId-CS4r9hi7.cjs.map} +1 -1
  15. package/dist/{getNetworkProviderFromNetworkId-BPeOK1Xx.esm.js → getNetworkProviderFromNetworkId-pknqqhk1.esm.js} +2 -3
  16. package/dist/{getNetworkProviderFromNetworkId-BPeOK1Xx.esm.js.map → getNetworkProviderFromNetworkId-pknqqhk1.esm.js.map} +1 -1
  17. package/dist/{getSignedSessionId-DzjHW7Rw.esm.js → getSignedSessionId-CUw7LJ35.esm.js} +3 -3
  18. package/dist/{getSignedSessionId-DzjHW7Rw.esm.js.map → getSignedSessionId-CUw7LJ35.esm.js.map} +1 -1
  19. package/dist/{getSignedSessionId-Dh4Df1mY.native.esm.js → getSignedSessionId-Cl3PEqa8.native.esm.js} +3 -3
  20. package/dist/{getSignedSessionId-Dh4Df1mY.native.esm.js.map → getSignedSessionId-Cl3PEqa8.native.esm.js.map} +1 -1
  21. package/dist/{getSignedSessionId-BjSUL8Br.cjs → getSignedSessionId-cMGkmojJ.cjs} +11 -11
  22. package/dist/{getSignedSessionId-BjSUL8Br.cjs.map → getSignedSessionId-cMGkmojJ.cjs.map} +1 -1
  23. package/dist/getWalletProviderByKey-24co0tBE.native.esm.js +20 -0
  24. package/dist/getWalletProviderByKey-24co0tBE.native.esm.js.map +1 -0
  25. package/dist/getWalletProviderByKey-CP9Te5Sz.cjs +31 -0
  26. package/dist/getWalletProviderByKey-CP9Te5Sz.cjs.map +1 -0
  27. package/dist/getWalletProviderByKey-lQVfIGFi.esm.js +20 -0
  28. package/dist/getWalletProviderByKey-lQVfIGFi.esm.js.map +1 -0
  29. package/dist/index.cjs +560 -541
  30. package/dist/index.cjs.map +1 -1
  31. package/dist/index.esm.js +29 -28
  32. package/dist/index.esm.js.map +1 -1
  33. package/dist/index.native.esm.js +29 -28
  34. package/dist/index.native.esm.js.map +1 -1
  35. package/dist/isDynamicWaasEnabled-BXe0VyI4.native.esm.js +70 -0
  36. package/dist/isDynamicWaasEnabled-BXe0VyI4.native.esm.js.map +1 -0
  37. package/dist/isDynamicWaasEnabled-BYaqAOml.esm.js +70 -0
  38. package/dist/isDynamicWaasEnabled-BYaqAOml.esm.js.map +1 -0
  39. package/dist/isDynamicWaasEnabled-BwP1oowd.cjs +88 -0
  40. package/dist/isDynamicWaasEnabled-BwP1oowd.cjs.map +1 -0
  41. package/dist/{isMfaRequiredForAction-3fWX5MEF.cjs → isMfaRequiredForAction-Btejc5g3.cjs} +38 -29
  42. package/dist/isMfaRequiredForAction-Btejc5g3.cjs.map +1 -0
  43. package/dist/{isMfaRequiredForAction-CkX6CfJf.esm.js → isMfaRequiredForAction-CqEcCTIe.esm.js} +11 -2
  44. package/dist/isMfaRequiredForAction-CqEcCTIe.esm.js.map +1 -0
  45. package/dist/{isMfaRequiredForAction-CBW-d9C6.native.esm.js → isMfaRequiredForAction-Demz9zlH.native.esm.js} +2 -2
  46. package/dist/{isMfaRequiredForAction-CBW-d9C6.native.esm.js.map → isMfaRequiredForAction-Demz9zlH.native.esm.js.map} +1 -1
  47. package/dist/{isUserOnboardingComplete-D0JrQGvR.cjs → isUserOnboardingComplete-C86NDY7I.cjs} +13 -13
  48. package/dist/{isUserOnboardingComplete-D0JrQGvR.cjs.map → isUserOnboardingComplete-C86NDY7I.cjs.map} +1 -1
  49. package/dist/{isUserOnboardingComplete-C4_b3pDb.esm.js → isUserOnboardingComplete-CBrAH0ZF.esm.js} +3 -3
  50. package/dist/{isUserOnboardingComplete-C4_b3pDb.esm.js.map → isUserOnboardingComplete-CBrAH0ZF.esm.js.map} +1 -1
  51. package/dist/{isUserOnboardingComplete-m6E6GbB0.native.esm.js → isUserOnboardingComplete-Cr-YTpcU.native.esm.js} +3 -3
  52. package/dist/{isUserOnboardingComplete-m6E6GbB0.native.esm.js.map → isUserOnboardingComplete-Cr-YTpcU.native.esm.js.map} +1 -1
  53. package/dist/migrateFromFireblocks-B_q8Oawb.cjs +82 -0
  54. package/dist/migrateFromFireblocks-B_q8Oawb.cjs.map +1 -0
  55. package/dist/migrateFromFireblocks-Bbx2wHZD.esm.js +65 -0
  56. package/dist/migrateFromFireblocks-Bbx2wHZD.esm.js.map +1 -0
  57. package/dist/migrateFromFireblocks-D-J6-gRo.native.esm.js +65 -0
  58. package/dist/migrateFromFireblocks-D-J6-gRo.native.esm.js.map +1 -0
  59. package/dist/modules/flow/attachFlowSource/attachFlowSource.d.ts.map +1 -1
  60. package/dist/modules/sessionKeys/generateSessionKeys/generateSessionKeys.d.ts.map +1 -1
  61. package/dist/modules/waas/createWaasProvider/createWaasProvider.d.ts.map +1 -1
  62. package/dist/modules/waas/migrateFromFireblocks/index.d.ts +2 -0
  63. package/dist/modules/waas/migrateFromFireblocks/index.d.ts.map +1 -0
  64. package/dist/modules/waas/migrateFromFireblocks/migrateFromFireblocks.d.ts +52 -0
  65. package/dist/modules/waas/migrateFromFireblocks/migrateFromFireblocks.d.ts.map +1 -0
  66. package/dist/modules/waas/waas.types.d.ts +9 -1
  67. package/dist/modules/waas/waas.types.d.ts.map +1 -1
  68. package/dist/modules/wallets/networks/getTransactionHistory/getTransactionHistory.d.ts +1 -1
  69. package/dist/modules/wallets/networks/getTransactionHistory/getTransactionHistory.d.ts.map +1 -1
  70. package/dist/modules/wallets/walletProviderRegistry/events.d.ts +2 -1
  71. package/dist/modules/wallets/walletProviderRegistry/events.d.ts.map +1 -1
  72. package/dist/tsconfig.lib.tsbuildinfo +1 -1
  73. package/dist/{InvalidParamError-DCpeZMBr.cjs → updateAuthFromVerifyResponse-CElYpi97.cjs} +291 -9
  74. package/dist/updateAuthFromVerifyResponse-CElYpi97.cjs.map +1 -0
  75. package/dist/{InvalidParamError-5AXtm6Zp.native.esm.js → updateAuthFromVerifyResponse-D1w-Aw9P.native.esm.js} +457 -4
  76. package/dist/updateAuthFromVerifyResponse-D1w-Aw9P.native.esm.js.map +1 -0
  77. package/dist/{InvalidParamError-PQ2Xen_o.esm.js → updateAuthFromVerifyResponse-azIi_3FB.esm.js} +237 -3
  78. package/dist/updateAuthFromVerifyResponse-azIi_3FB.esm.js.map +1 -0
  79. package/dist/waas.cjs +53 -67
  80. package/dist/waas.cjs.map +1 -1
  81. package/dist/waas.esm.js +5 -20
  82. package/dist/waas.esm.js.map +1 -1
  83. package/dist/waas.native.esm.js +5 -20
  84. package/dist/waas.native.esm.js.map +1 -1
  85. package/dist/waasCore.cjs +40 -23
  86. package/dist/waasCore.cjs.map +1 -1
  87. package/dist/waasCore.esm.js +23 -7
  88. package/dist/waasCore.esm.js.map +1 -1
  89. package/dist/waasCore.native.esm.js +23 -7
  90. package/dist/waasCore.native.esm.js.map +1 -1
  91. package/package.json +3 -3
  92. package/dist/InvalidParamError-5AXtm6Zp.native.esm.js.map +0 -1
  93. package/dist/InvalidParamError-DCpeZMBr.cjs.map +0 -1
  94. package/dist/InvalidParamError-PQ2Xen_o.esm.js.map +0 -1
  95. package/dist/getNetworkProviderFromNetworkId-D79icjmX.native.esm.js.map +0 -1
  96. package/dist/getWaasWalletProviderFromWalletAccount-BxyUZBpT.cjs +0 -19
  97. package/dist/getWaasWalletProviderFromWalletAccount-BxyUZBpT.cjs.map +0 -1
  98. package/dist/getWaasWalletProviderFromWalletAccount-Ca0SiNEz.native.esm.js +0 -14
  99. package/dist/getWaasWalletProviderFromWalletAccount-Ca0SiNEz.native.esm.js.map +0 -1
  100. package/dist/getWaasWalletProviderFromWalletAccount-CupLo7EC.esm.js +0 -14
  101. package/dist/getWaasWalletProviderFromWalletAccount-CupLo7EC.esm.js.map +0 -1
  102. package/dist/getWalletProviderByKey-B6vtKHJy.esm.js +0 -255
  103. package/dist/getWalletProviderByKey-B6vtKHJy.esm.js.map +0 -1
  104. package/dist/getWalletProviderByKey-DIFBlGlR.cjs +0 -321
  105. package/dist/getWalletProviderByKey-DIFBlGlR.cjs.map +0 -1
  106. package/dist/getWalletProviderByKey-Dh2qnBmw.native.esm.js +0 -474
  107. package/dist/getWalletProviderByKey-Dh2qnBmw.native.esm.js.map +0 -1
  108. package/dist/isDynamicWaasEnabled-A8Humh0r.cjs +0 -49
  109. package/dist/isDynamicWaasEnabled-A8Humh0r.cjs.map +0 -1
  110. package/dist/isDynamicWaasEnabled-BmWqrgz1.esm.js +0 -37
  111. package/dist/isDynamicWaasEnabled-BmWqrgz1.esm.js.map +0 -1
  112. package/dist/isDynamicWaasEnabled-Djp4QuBw.native.esm.js +0 -37
  113. package/dist/isDynamicWaasEnabled-Djp4QuBw.native.esm.js.map +0 -1
  114. package/dist/isMfaRequiredForAction-3fWX5MEF.cjs.map +0 -1
  115. package/dist/isMfaRequiredForAction-CkX6CfJf.esm.js.map +0 -1
  116. package/dist/refreshAuth-BKeW1dSq.cjs +0 -43
  117. package/dist/refreshAuth-BKeW1dSq.cjs.map +0 -1
  118. package/dist/refreshAuth-Cykyxvpz.native.esm.js +0 -38
  119. package/dist/refreshAuth-Cykyxvpz.native.esm.js.map +0 -1
  120. package/dist/refreshAuth-LzA2xxNC.esm.js +0 -38
  121. package/dist/refreshAuth-LzA2xxNC.esm.js.map +0 -1
package/dist/waasCore.cjs CHANGED
@@ -1,9 +1,9 @@
1
- const require_isMfaRequiredForAction = require('./isMfaRequiredForAction-3fWX5MEF.cjs');
2
- const require_InvalidParamError = require('./InvalidParamError-DCpeZMBr.cjs');
3
- require('./isDynamicWaasEnabled-A8Humh0r.cjs');
4
- const require_isUserOnboardingComplete = require('./isUserOnboardingComplete-D0JrQGvR.cjs');
5
- const require_getSignedSessionId = require('./getSignedSessionId-BjSUL8Br.cjs');
6
- const require_getWaasWalletProviderFromWalletAccount = require('./getWaasWalletProviderFromWalletAccount-BxyUZBpT.cjs');
1
+ const require_isMfaRequiredForAction = require('./isMfaRequiredForAction-Btejc5g3.cjs');
2
+ const require_updateAuthFromVerifyResponse = require('./updateAuthFromVerifyResponse-CElYpi97.cjs');
3
+ require('./isDynamicWaasEnabled-BwP1oowd.cjs');
4
+ const require_isUserOnboardingComplete = require('./isUserOnboardingComplete-C86NDY7I.cjs');
5
+ const require_getSignedSessionId = require('./getSignedSessionId-cMGkmojJ.cjs');
6
+ const require_migrateFromFireblocks = require('./migrateFromFireblocks-B_q8Oawb.cjs');
7
7
  let _dynamic_labs_sdk_assert_package_version = require("@dynamic-labs-sdk/assert-package-version");
8
8
  let _dynamic_labs_sdk_api_core = require("@dynamic-labs/sdk-api-core");
9
9
  let _dynamic_labs_wallet_browser_wallet_client = require("@dynamic-labs-wallet/browser-wallet-client");
@@ -11,18 +11,18 @@ let _dynamic_labs_wallet_browser_wallet_client = require("@dynamic-labs-wallet/b
11
11
  //#region src/modules/waas/createWaasClient/createWaasClient.ts
12
12
  /** @notInstrumented */
13
13
  const createWaasClient = ({ chainName }, client) => {
14
- const core = require_InvalidParamError.getCore(client);
14
+ const core = require_updateAuthFromVerifyResponse.getCore(client);
15
15
  const additionalTrustedOrigins = core.waas?.additionalTrustedOrigins;
16
16
  const baseClientKeysharesRelayApiUrl = client.projectSettings?.sdk.waas?.customKeyshareRelayBaseUrl;
17
17
  return new _dynamic_labs_wallet_browser_wallet_client.DynamicWalletClient({
18
- authMode: require_InvalidParamError.isCookieEnabled(client) ? "cookie" : "header",
18
+ authMode: require_updateAuthFromVerifyResponse.isCookieEnabled(client) ? "cookie" : "header",
19
19
  authToken: client.token || "",
20
- baseApiUrl: (core.apiBaseUrl || require_InvalidParamError.DEFAULT_WAAS_BASE_API_URL).replace("/api/v0", ""),
21
- baseMPCRelayApiUrl: client.projectSettings?.sdk.waas?.relayUrl || require_InvalidParamError.DEFAULT_WAAS_BASE_MPC_RELAY_API_URL,
20
+ baseApiUrl: (core.apiBaseUrl || require_updateAuthFromVerifyResponse.DEFAULT_WAAS_BASE_API_URL).replace("/api/v0", ""),
21
+ baseMPCRelayApiUrl: client.projectSettings?.sdk.waas?.relayUrl || require_updateAuthFromVerifyResponse.DEFAULT_WAAS_BASE_MPC_RELAY_API_URL,
22
22
  chainName,
23
23
  eagerlyRecoverKeyShares: true,
24
24
  environmentId: core.environmentId,
25
- sdkVersion: `${require_InvalidParamError.CLIENT_SDK_NAME}/${core.version}`,
25
+ sdkVersion: `${require_updateAuthFromVerifyResponse.CLIENT_SDK_NAME}/${core.version}`,
26
26
  ...additionalTrustedOrigins == void 0 ? {} : { additionalTrustedOrigins },
27
27
  ...baseClientKeysharesRelayApiUrl == void 0 ? {} : { baseClientKeysharesRelayApiUrl }
28
28
  }, {
@@ -39,7 +39,7 @@ const createWaasClient = ({ chainName }, client) => {
39
39
  //#region src/modules/waas/getWaasChainNameFromChain/getWaasChainNameFromChain.ts
40
40
  /** @notInstrumented */
41
41
  const getWaasChainNameFromChain = (chain) => {
42
- return require_InvalidParamError.CHAINS_INFO_MAP[chain].waasChainNameOverride || chain;
42
+ return require_updateAuthFromVerifyResponse.CHAINS_INFO_MAP[chain].waasChainNameOverride || chain;
43
43
  };
44
44
 
45
45
  //#endregion
@@ -47,11 +47,11 @@ const getWaasChainNameFromChain = (chain) => {
47
47
  const RAW_MESSAGE_MESSAGE_REQUIRED_LENGTH = 64;
48
48
  /** @notInstrumented */
49
49
  const createWaasProvider = ({ sdkClient, chain }) => {
50
- const logger = require_InvalidParamError.getCore(sdkClient).logger;
50
+ const logger = require_updateAuthFromVerifyResponse.getCore(sdkClient).logger;
51
51
  let _waasClient;
52
52
  let _waasClientSessionId;
53
53
  const getWaasClient = async () => {
54
- const currentSessionId = require_InvalidParamError.getCore(sdkClient).state.get().user?.sessionId;
54
+ const currentSessionId = require_updateAuthFromVerifyResponse.getCore(sdkClient).state.get().user?.sessionId;
55
55
  if (_waasClient && currentSessionId !== _waasClientSessionId) _waasClient = void 0;
56
56
  if (!_waasClient) {
57
57
  if (!require_isUserOnboardingComplete.isUserOnboardingComplete(sdkClient)) throw new require_isUserOnboardingComplete.WaasOnboardingIncompleteError();
@@ -107,7 +107,7 @@ const createWaasProvider = ({ sdkClient, chain }) => {
107
107
  const { signature: signedSessionId } = await require_getSignedSessionId.getSignedSessionId(sdkClient);
108
108
  const waasClient = await getWaasClient();
109
109
  const mfaToken = await require_getSignedSessionId.consumeMfaTokenIfRequiredForAction({ mfaAction: _dynamic_labs_sdk_api_core.MFAAction.WalletWaasExport }, sdkClient);
110
- const elevatedAccessToken = require_InvalidParamError.getElevatedAccessToken({ scope: _dynamic_labs_sdk_api_core.TokenScope.Walletexport }, sdkClient);
110
+ const elevatedAccessToken = require_updateAuthFromVerifyResponse.getElevatedAccessToken({ scope: _dynamic_labs_sdk_api_core.TokenScope.Walletexport }, sdkClient);
111
111
  await waasClient.exportPrivateKey({
112
112
  accountAddress: walletAccount.address,
113
113
  authToken: sdkClient.token ?? void 0,
@@ -137,6 +137,21 @@ const createWaasProvider = ({ sdkClient, chain }) => {
137
137
  thresholdSignatureScheme
138
138
  });
139
139
  };
140
+ const migrateFromFireblocks$1 = async ({ coinTypes, deviceId, expectedAddresses, jwt, password, storage }) => {
141
+ const { signature: signedSessionId } = await require_getSignedSessionId.getSignedSessionId(sdkClient);
142
+ return (await getWaasClient()).migrateFromFireblocks({
143
+ authToken: sdkClient.token ?? void 0,
144
+ fireblocks: {
145
+ deviceId,
146
+ expectedAddresses,
147
+ jwt,
148
+ ncwStorage: storage,
149
+ walletPassword: password,
150
+ ...coinTypes ? { coinTypes } : {}
151
+ },
152
+ signedSessionId
153
+ });
154
+ };
140
155
  const refreshWalletAccountShares = async ({ password, walletAccount }) => {
141
156
  const { signature: signedSessionId } = await require_getSignedSessionId.getSignedSessionId(sdkClient);
142
157
  const walletClient = await getWaasClient();
@@ -168,10 +183,10 @@ const createWaasProvider = ({ sdkClient, chain }) => {
168
183
  });
169
184
  };
170
185
  const signRawMessage = async ({ message, password, walletAccount }) => {
171
- if (message.length !== RAW_MESSAGE_MESSAGE_REQUIRED_LENGTH) throw new require_InvalidParamError.InvalidParamError(`Message must be ${RAW_MESSAGE_MESSAGE_REQUIRED_LENGTH} characters long`);
186
+ if (message.length !== RAW_MESSAGE_MESSAGE_REQUIRED_LENGTH) throw new require_updateAuthFromVerifyResponse.InvalidParamError(`Message must be ${RAW_MESSAGE_MESSAGE_REQUIRED_LENGTH} characters long`);
172
187
  const { signature: signedSessionId } = await require_getSignedSessionId.getSignedSessionId(sdkClient);
173
188
  const mfaToken = await require_getSignedSessionId.consumeMfaTokenIfRequiredForAction({ mfaAction: _dynamic_labs_sdk_api_core.MFAAction.WalletWaasSign }, sdkClient);
174
- const elevatedAccessToken = require_InvalidParamError.getElevatedAccessToken({ scope: _dynamic_labs_sdk_api_core.TokenScope.Walletsign }, sdkClient);
189
+ const elevatedAccessToken = require_updateAuthFromVerifyResponse.getElevatedAccessToken({ scope: _dynamic_labs_sdk_api_core.TokenScope.Walletsign }, sdkClient);
175
190
  return { signature: await (await getWaasClient()).signRawMessage({
176
191
  accountAddress: walletAccount.address,
177
192
  authToken: sdkClient.token ?? void 0,
@@ -201,7 +216,7 @@ const createWaasProvider = ({ sdkClient, chain }) => {
201
216
  const signMessage = async ({ message, walletAccount }) => {
202
217
  const { signature: signedSessionId } = await require_getSignedSessionId.getSignedSessionId(sdkClient);
203
218
  const mfaToken = await require_getSignedSessionId.consumeMfaTokenIfRequiredForAction({ mfaAction: _dynamic_labs_sdk_api_core.MFAAction.WalletWaasSign }, sdkClient);
204
- const elevatedAccessToken = require_InvalidParamError.getElevatedAccessToken({ scope: _dynamic_labs_sdk_api_core.TokenScope.Walletsign }, sdkClient);
219
+ const elevatedAccessToken = require_updateAuthFromVerifyResponse.getElevatedAccessToken({ scope: _dynamic_labs_sdk_api_core.TokenScope.Walletsign }, sdkClient);
205
220
  return { signature: await (await getWaasClient()).signMessage({
206
221
  accountAddress: walletAccount.address,
207
222
  authToken: sdkClient.token ?? void 0,
@@ -214,7 +229,7 @@ const createWaasProvider = ({ sdkClient, chain }) => {
214
229
  const signSerializedTransaction = async ({ chainId, serializedTransaction, walletAccount }) => {
215
230
  const { signature: signedSessionId } = await require_getSignedSessionId.getSignedSessionId(sdkClient);
216
231
  const mfaToken = await require_getSignedSessionId.consumeMfaTokenIfRequiredForAction({ mfaAction: _dynamic_labs_sdk_api_core.MFAAction.WalletWaasSign }, sdkClient);
217
- const elevatedAccessToken = require_InvalidParamError.getElevatedAccessToken({ scope: _dynamic_labs_sdk_api_core.TokenScope.Walletsign }, sdkClient);
232
+ const elevatedAccessToken = require_updateAuthFromVerifyResponse.getElevatedAccessToken({ scope: _dynamic_labs_sdk_api_core.TokenScope.Walletsign }, sdkClient);
218
233
  return { signature: await (await getWaasClient()).signTransaction({
219
234
  authToken: sdkClient.token ?? void 0,
220
235
  chainId,
@@ -252,6 +267,7 @@ const createWaasProvider = ({ sdkClient, chain }) => {
252
267
  getWaasClient,
253
268
  getWalletRecoveryState,
254
269
  importPrivateKey,
270
+ migrateFromFireblocks: migrateFromFireblocks$1,
255
271
  refreshWalletAccountShares,
256
272
  restoreUserShareForWalletAccount,
257
273
  revokeDelegation,
@@ -289,7 +305,7 @@ const createWaasProvider = ({ sdkClient, chain }) => {
289
305
  * @notInstrumented
290
306
  */
291
307
  const exportWaasPrivateKeyToContainer = async ({ container, password, walletAccount }, client) => {
292
- return require_getWaasWalletProviderFromWalletAccount.getWaasWalletProviderFromWalletAccount({ walletAccount }, client).exportPrivateKey({
308
+ return require_migrateFromFireblocks.getWaasWalletProviderFromWalletAccount({ walletAccount }, client).exportPrivateKey({
293
309
  container,
294
310
  password,
295
311
  walletAccount
@@ -301,19 +317,20 @@ const exportWaasPrivateKeyToContainer = async ({ container, password, walletAcco
301
317
  /** @notInstrumented */
302
318
  const getAllUserWaasAddressesForChain = ({ chain }, client) => {
303
319
  if (!client.user) return [];
304
- return (client.user.verifiedCredentials.filter((credential) => credential.walletProvider === _dynamic_labs_sdk_api_core.WalletProviderEnum.EmbeddedWallet && credential.walletName?.toLowerCase().startsWith(require_InvalidParamError.DYNAMIC_WAAS_METADATA.normalizedWalletName) && credential.address && credential.chain && require_InvalidParamError.getChainFromVerifiedCredentialChain(credential.chain) === chain) ?? []).map((credential) => credential.address);
320
+ return (client.user.verifiedCredentials.filter((credential) => credential.walletProvider === _dynamic_labs_sdk_api_core.WalletProviderEnum.EmbeddedWallet && credential.walletName?.toLowerCase().startsWith(require_updateAuthFromVerifyResponse.DYNAMIC_WAAS_METADATA.normalizedWalletName) && credential.address && credential.chain && require_updateAuthFromVerifyResponse.getChainFromVerifiedCredentialChain(credential.chain) === chain) ?? []).map((credential) => credential.address);
305
321
  };
306
322
 
307
323
  //#endregion
308
324
  //#region src/exports/waasCore.ts
309
- (0, _dynamic_labs_sdk_assert_package_version.assertPackageVersion)(require_InvalidParamError.name, require_InvalidParamError.version);
325
+ (0, _dynamic_labs_sdk_assert_package_version.assertPackageVersion)(require_updateAuthFromVerifyResponse.name, require_updateAuthFromVerifyResponse.version);
310
326
 
311
327
  //#endregion
312
- exports.DYNAMIC_WAAS_METADATA = require_InvalidParamError.DYNAMIC_WAAS_METADATA;
328
+ exports.DYNAMIC_WAAS_METADATA = require_updateAuthFromVerifyResponse.DYNAMIC_WAAS_METADATA;
313
329
  exports.createWaasClient = createWaasClient;
314
330
  exports.createWaasProvider = createWaasProvider;
315
331
  exports.exportWaasPrivateKeyToContainer = exportWaasPrivateKeyToContainer;
316
332
  exports.getAllUserWaasAddressesForChain = getAllUserWaasAddressesForChain;
317
333
  exports.getWaasChainNameFromChain = getWaasChainNameFromChain;
334
+ exports.migrateFromFireblocks = require_migrateFromFireblocks.migrateFromFireblocks;
318
335
  exports.preconnectWaasIframe = require_isUserOnboardingComplete.preconnectWaasIframe;
319
336
  //# sourceMappingURL=waasCore.cjs.map
@@ -1 +1 @@
1
- {"version":3,"file":"waasCore.cjs","names":["createWaasClient: CreateWaasClient","getCore","DynamicWalletClient","isCookieEnabled","DEFAULT_WAAS_BASE_API_URL","DEFAULT_WAAS_BASE_MPC_RELAY_API_URL","CLIENT_SDK_NAME","getSignedSessionId","logoutWithReason","CHAINS_INFO_MAP","getCore","_waasClient: DynamicWalletClient | undefined","_waasClientSessionId: string | undefined","getWaasClient: WaasProvider['getWaasClient']","isUserOnboardingComplete","WaasOnboardingIncompleteError","backupKeySharesToGoogleDrive: WaasProvider['backupKeySharesToGoogleDrive']","getSignedSessionId","createWalletAccount: WaasProvider['createWalletAccount']","ThresholdSignatureScheme","delegateKeyShares: WaasProvider['delegateKeyShares']","exportClientKeyshares: WaasProvider['exportClientKeyshares']","exportPrivateKey: WaasProvider['exportPrivateKey']","consumeMfaTokenIfRequiredForAction","MFAAction","getElevatedAccessToken","TokenScope","restoreUserShareForWalletAccount: WaasProvider['restoreUserShareForWalletAccount']","WalletOperation","importPrivateKey: WaasProvider['importPrivateKey']","refreshWalletAccountShares: WaasProvider['refreshWalletAccountShares']","revokeDelegation: WaasProvider['revokeDelegation']","setWaasWalletAccountPassword: WaasProvider['setWaasWalletAccountPassword']","signRawMessage: WaasProvider['signRawMessage']","InvalidParamError","destroy: WaasProvider['destroy']","updatePassword: WaasProvider['updatePassword']","signMessage: WaasProvider['signMessage']","signSerializedTransaction: WaasProvider['signSerializedTransaction']","getWalletRecoveryState: WaasProvider['getWalletRecoveryState']","unlockWallet: WaasProvider['unlockWallet']","getWaasWalletProviderFromWalletAccount","WalletProviderEnum","DYNAMIC_WAAS_METADATA","getChainFromVerifiedCredentialChain","packageName","packageVersion"],"sources":["../src/modules/waas/createWaasClient/createWaasClient.ts","../src/modules/waas/getWaasChainNameFromChain/getWaasChainNameFromChain.ts","../src/modules/waas/createWaasProvider/createWaasProvider.ts","../src/modules/waas/exportWaasPrivateKeyToContainer/exportWaasPrivateKeyToContainer.ts","../src/modules/waas/getAllUserWaasAddressesForChain/getAllUserWaasAddressesForChain.ts","../src/exports/waasCore.ts"],"sourcesContent":["import type { AuthMode } from '@dynamic-labs-wallet/browser-wallet-client';\nimport { DynamicWalletClient } from '@dynamic-labs-wallet/browser-wallet-client';\n\nimport { getCore } from '../../../client/core/getCore';\nimport { CLIENT_SDK_NAME } from '../../apiClient/constants';\nimport { logoutWithReason } from '../../auth/logoutWithReason';\nimport { isCookieEnabled } from '../../projectSettings/isCookieEnabled';\nimport { getSignedSessionId } from '../../sessionKeys/getSignedSessionId';\nimport type { CreateWaasClient } from './createWaasClient.types';\nimport {\n DEFAULT_WAAS_BASE_API_URL,\n DEFAULT_WAAS_BASE_MPC_RELAY_API_URL,\n} from '../constants';\n\n/** @notInstrumented */\nexport const createWaasClient: CreateWaasClient = ({ chainName }, client) => {\n const core = getCore(client);\n\n const additionalTrustedOrigins = core.waas?.additionalTrustedOrigins;\n\n const baseClientKeysharesRelayApiUrl =\n client.projectSettings?.sdk.waas?.customKeyshareRelayBaseUrl;\n\n return new DynamicWalletClient(\n {\n authMode: (isCookieEnabled(client) ? 'cookie' : 'header') as AuthMode,\n authToken: client.token || '',\n baseApiUrl: (core.apiBaseUrl || DEFAULT_WAAS_BASE_API_URL).replace(\n '/api/v0',\n ''\n ),\n baseMPCRelayApiUrl:\n client.projectSettings?.sdk.waas?.relayUrl ||\n DEFAULT_WAAS_BASE_MPC_RELAY_API_URL,\n chainName,\n // Opt into the SDK self-driving eager key-share recovery on auth-token\n // arrival, so the client no longer restores shares itself on login.\n eagerlyRecoverKeyShares: true,\n environmentId: core.environmentId,\n sdkVersion: `${CLIENT_SDK_NAME}/${core.version}`,\n ...(additionalTrustedOrigins == undefined\n ? {}\n : { additionalTrustedOrigins }),\n ...(baseClientKeysharesRelayApiUrl == undefined\n ? {}\n : { baseClientKeysharesRelayApiUrl }),\n },\n {\n // Lets the iframe mint a fresh signed session id over the reverse channel,\n // which the SDK's eager key-share recovery needs.\n getSignedSessionId: () =>\n getSignedSessionId(client).then(({ signature }) => signature),\n // When the WaaS iframe's own backend call returns 401 (e.g. a forcibly\n // revoked token), the iframe notifies the host via the reverse channel\n // and this fires — log the user out. Mirrors the session-expiry\n // middleware that covers the SDK's own direct API 401s.\n onUnauthorized: () => {\n void logoutWithReason(\n { reason: 'session-refresh-unauthorized' },\n client\n ).catch((error) => {\n core.logger.error(\n 'Failed to log out after WaaS unauthorized response',\n error\n );\n });\n },\n }\n );\n};\n","import type { Chain } from '../../chain';\nimport { CHAINS_INFO_MAP } from '../../wallets/constants';\n\n/** @notInstrumented */\n// eslint-disable-next-line custom-rules/require-single-object-param\nexport const getWaasChainNameFromChain = (chain: Chain): string => {\n return CHAINS_INFO_MAP[chain].waasChainNameOverride || chain;\n};\n","import {\n type BitcoinConfig,\n type DynamicWalletClient,\n ThresholdSignatureScheme,\n WalletOperation,\n} from '@dynamic-labs-wallet/browser-wallet-client';\nimport { MFAAction, TokenScope } from '@dynamic-labs/sdk-api-core';\n\nimport { getCore } from '../../../client/core/getCore';\nimport type { DynamicClient } from '../../../client/types/DynamicClient';\nimport { InvalidParamError } from '../../../errors/InvalidParamError';\nimport { WaasOnboardingIncompleteError } from '../../../errors/WaasOnboardingIncompleteError';\nimport { getElevatedAccessToken } from '../../auth/getElevatedAccessToken';\nimport type { Chain } from '../../chain';\nimport { consumeMfaTokenIfRequiredForAction } from '../../mfa/consumeMfaTokenIfRequiredForAction';\nimport { getSignedSessionId } from '../../sessionKeys/getSignedSessionId';\nimport { isUserOnboardingComplete } from '../../user/isUserOnboardingComplete';\nimport { createWaasClient } from '../createWaasClient';\nimport { getWaasChainNameFromChain } from '../getWaasChainNameFromChain';\nimport type { WaasProvider } from '../waas.types';\n\nconst RAW_MESSAGE_MESSAGE_REQUIRED_LENGTH = 64;\n\ntype CreateWaasProviderParams = {\n chain: Chain;\n sdkClient: DynamicClient;\n};\n\n/** @notInstrumented */\nexport const createWaasProvider = ({\n sdkClient,\n chain,\n}: CreateWaasProviderParams): WaasProvider => {\n const logger = getCore(sdkClient).logger;\n\n let _waasClient: DynamicWalletClient | undefined;\n // The session the cached client was built against. A step-up reauth mints a\n // NEW session (new sessionId + token); see the rebuild guard below.\n let _waasClientSessionId: string | undefined;\n\n // because the waas client needs the authToken to be set, we can only create it\n // the first time it's needed, which is after the user has logged in\n const getWaasClient: WaasProvider['getWaasClient'] = async () => {\n // After a step-up reauthentication a new session is minted. In header auth\n // mode (native webview) the iframe has no cookie jar to fall back on, so a\n // client cached against the previous session keeps presenting the stale\n // token — its next backend call (createRooms/users) 401s and trips the\n // iframe's onUnauthorized → forced logout. Drop the cached client when the\n // session changes so it rebuilds + re-initializes with the fresh token and\n // signed session id. Key shares stay in storage (only client auth resets);\n // routine token refresh keeps the same sessionId, so it does not rebuild.\n const currentSessionId = getCore(sdkClient).state.get().user?.sessionId;\n if (_waasClient && currentSessionId !== _waasClientSessionId) {\n _waasClient = undefined;\n }\n\n if (!_waasClient) {\n // Chokepoint: don't build + initialize the iframe client until onboarding\n // is complete. The iframe's init-time room-cache pre-warm fires\n // `createRooms` using the token captured at construction — before any\n // per-operation token resync exists to correct it. Built while the token\n // is still pre-`user:basic` (MFA / KYC / recovery codes / device\n // registration pending), that pre-warm 401s and trips the iframe's\n // onUnauthorized → forced-logout. This is the single gateway to\n // createWaasClient (web and native), so it covers every WaaS caller.\n if (!isUserOnboardingComplete(sdkClient)) {\n throw new WaasOnboardingIncompleteError();\n }\n\n _waasClient = createWaasClient(\n { chainName: getWaasChainNameFromChain(chain) },\n sdkClient\n );\n _waasClientSessionId = currentSessionId;\n await _waasClient.initialize();\n }\n return _waasClient;\n };\n\n const backupKeySharesToGoogleDrive: WaasProvider['backupKeySharesToGoogleDrive'] =\n async ({ googleDriveAccessToken, password, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n return waasClient.backupKeySharesToGoogleDrive({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n googleDriveAccessToken,\n password,\n signedSessionId,\n });\n };\n\n const createWalletAccount: WaasProvider['createWalletAccount'] = async (\n args = {}\n ) => {\n logger.debug('[createWaasProvider] createWalletAccount', {\n bitcoinConfig: args.bitcoinConfig,\n thresholdSignatureScheme: args.thresholdSignatureScheme,\n });\n\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n const waasWallet = await waasClient.createWalletAccount({\n authToken: sdkClient.token ?? undefined,\n bitcoinConfig: args.bitcoinConfig as BitcoinConfig | undefined,\n password: args.password,\n signedSessionId,\n thresholdSignatureScheme:\n args.thresholdSignatureScheme ?? ThresholdSignatureScheme.TWO_OF_TWO,\n });\n\n return waasWallet;\n };\n\n const delegateKeyShares: WaasProvider['delegateKeyShares'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.delegateKeyShares({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n const exportClientKeyshares: WaasProvider['exportClientKeyshares'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n await waasClient.exportClientKeyshares({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n const exportPrivateKey: WaasProvider['exportPrivateKey'] = async ({\n container,\n displayContainer,\n walletAccount,\n password,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasExport },\n sdkClient\n );\n\n // Forward any elevated access token previously obtained via step-up\n // (e.g. requestExternalAuthElevatedToken) so the backend authorizes\n // the export under the wallet:export scope.\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletexport },\n sdkClient\n );\n\n await waasClient.exportPrivateKey({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n // Exactly one display surface is forwarded: `container` (a\n // WaasSDKContainer, e.g. a React Native visible WebView) or\n // `displayContainer` (a DOM element, web). The upstream client enforces\n // the \"exactly one\" invariant and renders the key inside the surface's\n // own sandboxed document — it never crosses back to the host.\n container,\n displayContainer,\n elevatedAccessToken,\n mfaToken,\n password,\n signedSessionId,\n });\n };\n\n const restoreUserShareForWalletAccount: WaasProvider['restoreUserShareForWalletAccount'] =\n async ({ walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n await waasClient.getWallet({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n signedSessionId,\n walletOperation: WalletOperation.SIGN_MESSAGE,\n });\n };\n\n const importPrivateKey: WaasProvider['importPrivateKey'] = async ({\n privateKey,\n thresholdSignatureScheme = ThresholdSignatureScheme.TWO_OF_TWO,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const walletClient = await getWaasClient();\n\n await walletClient.importPrivateKey({\n authToken: sdkClient.token ?? undefined,\n privateKey,\n signedSessionId,\n thresholdSignatureScheme,\n });\n };\n\n const refreshWalletAccountShares: WaasProvider['refreshWalletAccountShares'] =\n async ({ password, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const walletClient = await getWaasClient();\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasRefresh },\n sdkClient\n );\n\n return walletClient.refreshWalletAccountShares({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n mfaToken,\n password,\n signedSessionId,\n });\n };\n\n const revokeDelegation: WaasProvider['revokeDelegation'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.revokeDelegation({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n const setWaasWalletAccountPassword: WaasProvider['setWaasWalletAccountPassword'] =\n async ({ password, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n return waasClient.setPassword({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n newPassword: password,\n signedSessionId,\n });\n };\n\n const signRawMessage: WaasProvider['signRawMessage'] = async ({\n message,\n password,\n walletAccount,\n }) => {\n if (message.length !== RAW_MESSAGE_MESSAGE_REQUIRED_LENGTH) {\n throw new InvalidParamError(\n `Message must be ${RAW_MESSAGE_MESSAGE_REQUIRED_LENGTH} characters long`\n );\n }\n\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasSign },\n sdkClient\n );\n\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletsign },\n sdkClient\n );\n\n const walletClient = await getWaasClient();\n\n const signature = await walletClient.signRawMessage({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n elevatedAccessToken,\n message,\n mfaToken,\n password,\n signedSessionId,\n });\n\n return { signature };\n };\n\n const destroy: WaasProvider['destroy'] = async (args) => {\n if (!_waasClient) {\n return;\n }\n\n const waasClient = await getWaasClient();\n // When a session token expires, we preserve key shares in storage instead\n // of clearing them. Customers with short-lived sessions (minutes) were\n // hitting excessive server-side share recovery on every re-login, which\n // also forced users to re-enter their wallet password since the unlocked\n // share only lives for the duration of the session.\n //\n // This is safe because the waas-sdk separately fingerprints the user\n // (sub + environment_id) and clears all storage if a different user logs\n // in. On explicit user-initiated logout, shares are always cleared for\n // security.\n if (args?.reason !== 'token-expired') {\n await waasClient.cleanup();\n }\n _waasClient = undefined;\n };\n\n const updatePassword: WaasProvider['updatePassword'] = async ({\n walletAccount,\n currentPassword,\n newPassword,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.updatePassword({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n existingPassword: currentPassword,\n newPassword,\n signedSessionId,\n });\n };\n\n const signMessage: WaasProvider['signMessage'] = async ({\n message,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasSign },\n sdkClient\n );\n\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletsign },\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n const signature = await waasClient.signMessage({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n elevatedAccessToken,\n message,\n mfaToken,\n signedSessionId,\n });\n\n return { signature };\n };\n\n const signSerializedTransaction: WaasProvider['signSerializedTransaction'] =\n async ({ chainId, serializedTransaction, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasSign },\n sdkClient\n );\n\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletsign },\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n const signature = await waasClient.signTransaction({\n authToken: sdkClient.token ?? undefined,\n chainId,\n elevatedAccessToken,\n mfaToken,\n senderAddress: walletAccount.address,\n signedSessionId,\n transaction: serializedTransaction,\n });\n\n return { signature };\n };\n\n const getWalletRecoveryState: WaasProvider['getWalletRecoveryState'] =\n async ({ walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n return waasClient.getWalletRecoveryState({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n signedSessionId,\n });\n };\n\n const unlockWallet: WaasProvider['unlockWallet'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.unlockWallet({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n return {\n backupKeySharesToGoogleDrive,\n createWalletAccount,\n delegateKeyShares,\n destroy,\n exportClientKeyshares,\n exportPrivateKey,\n getWaasClient,\n getWalletRecoveryState,\n importPrivateKey,\n refreshWalletAccountShares,\n restoreUserShareForWalletAccount,\n revokeDelegation,\n setWaasWalletAccountPassword,\n signMessage,\n signRawMessage,\n signSerializedTransaction,\n unlockWallet,\n updatePassword,\n };\n};\n","import type { WaasSDKContainer } from '@dynamic-labs-wallet/core';\n\nimport type { DynamicClient } from '../../../client/types/DynamicClient';\nimport type { WalletAccount } from '../../wallets/walletAccount';\nimport { getWaasWalletProviderFromWalletAccount } from '../getWaasWalletProviderFromWalletAccount';\n\ntype ExportWaasPrivateKeyToContainerParams = {\n container: WaasSDKContainer;\n password?: string;\n walletAccount: WalletAccount;\n};\n\n/**\n * Exports the private key for a WaaS wallet account into a caller-provided\n * {@link WaasSDKContainer} (e.g. a visible React Native WebView) instead of a\n * DOM element.\n *\n * This is the container-based counterpart to `exportWaasPrivateKey` (which\n * injects an iframe into a DOM `displayContainer` on web). The export ceremony\n * runs — and the private key is rendered — entirely inside the container's own\n * sandboxed document; the key is never exposed to the host JS layer. The caller\n * owns the container's lifecycle and must call `container.destroy()` when the\n * display is dismissed.\n *\n * @param params.walletAccount - The WaaS wallet account to export the private key from.\n * @param params.container - The container that hosts the secure key display.\n * @param [params.password] - Optional password to decrypt the private key.\n * @param client - The Dynamic client instance. This is an internal API (exposed\n * only via `@dynamic-labs-sdk/client/waas/core`), so the client is passed\n * explicitly rather than defaulted — callers resolve it (e.g. via\n * `getDefaultClient()`) and thread it in.\n * @returns A promise that resolves when the private key export is complete.\n * @notInstrumented\n */\nexport const exportWaasPrivateKeyToContainer = async (\n { container, password, walletAccount }: ExportWaasPrivateKeyToContainerParams,\n client: DynamicClient\n) => {\n const provider = getWaasWalletProviderFromWalletAccount(\n { walletAccount },\n client\n );\n\n return provider.exportPrivateKey({\n container,\n password,\n walletAccount,\n });\n};\n","import { WalletProviderEnum } from '@dynamic-labs/sdk-api-core';\n\nimport type { DynamicClient } from '../../../client/types';\nimport { getChainFromVerifiedCredentialChain } from '../../../utils/getChainFromVerifiedCredentialChain';\nimport type { Chain } from '../../chain';\nimport { DYNAMIC_WAAS_METADATA } from '../constants';\n\ntype GetAllUserWaasAddressesForChainParams = {\n chain: Chain;\n};\n\n/** @notInstrumented */\nexport const getAllUserWaasAddressesForChain = (\n { chain }: GetAllUserWaasAddressesForChainParams,\n client: DynamicClient\n): string[] => {\n if (!client.user) {\n return [];\n }\n\n const waasWalletCredentials =\n client.user.verifiedCredentials.filter(\n (credential) =>\n credential.walletProvider === WalletProviderEnum.EmbeddedWallet &&\n credential.walletName\n ?.toLowerCase()\n .startsWith(DYNAMIC_WAAS_METADATA.normalizedWalletName) &&\n credential.address &&\n credential.chain &&\n getChainFromVerifiedCredentialChain(credential.chain) === chain\n ) ?? [];\n\n const waasAddresses: string[] = waasWalletCredentials.map(\n // casting because we're already filtering out credentials without an address\n (credential) => credential.address as string\n );\n\n return waasAddresses;\n};\n","import { assertPackageVersion } from '@dynamic-labs-sdk/assert-package-version';\n\nimport {\n name as packageName,\n version as packageVersion,\n} from '../../package.json';\nassertPackageVersion(packageName, packageVersion);\n\nexport type {\n BitcoinNetwork,\n DynamicWalletClient,\n ThresholdSignatureScheme\n} from '@dynamic-labs-wallet/browser-wallet-client';\nexport type { WaasSDKContainer } from '@dynamic-labs-wallet/core';\nexport { DYNAMIC_WAAS_METADATA } from '../modules/waas/constants';\nexport { createWaasClient } from '../modules/waas/createWaasClient';\nexport { createWaasProvider } from '../modules/waas/createWaasProvider';\nexport { exportWaasPrivateKeyToContainer } from '../modules/waas/exportWaasPrivateKeyToContainer';\nexport { getAllUserWaasAddressesForChain } from '../modules/waas/getAllUserWaasAddressesForChain';\nexport { getWaasChainNameFromChain } from '../modules/waas/getWaasChainNameFromChain';\nexport { preconnectWaasIframe } from '../modules/waas/preconnectWaasIframe';\nexport type {\n WaasProvider,\n WaasWalletProvider\n} from '../modules/waas/waas.types';\n\n"],"mappings":";;;;;;;;;;;;AAeA,MAAaA,oBAAsC,EAAE,aAAa,WAAW;CAC3E,MAAM,OAAOC,kCAAQ,OAAO;CAE5B,MAAM,2BAA2B,KAAK,MAAM;CAE5C,MAAM,iCACJ,OAAO,iBAAiB,IAAI,MAAM;AAEpC,QAAO,IAAIC,+DACT;EACE,UAAWC,0CAAgB,OAAO,GAAG,WAAW;EAChD,WAAW,OAAO,SAAS;EAC3B,aAAa,KAAK,cAAcC,qDAA2B,QACzD,WACA,GACD;EACD,oBACE,OAAO,iBAAiB,IAAI,MAAM,YAClCC;EACF;EAGA,yBAAyB;EACzB,eAAe,KAAK;EACpB,YAAY,GAAGC,0CAAgB,GAAG,KAAK;EACvC,GAAI,4BAA4B,SAC5B,EAAE,GACF,EAAE,0BAA0B;EAChC,GAAI,kCAAkC,SAClC,EAAE,GACF,EAAE,gCAAgC;EACvC,EACD;EAGE,0BACEC,8CAAmB,OAAO,CAAC,MAAM,EAAE,gBAAgB,UAAU;EAK/D,sBAAsB;AACpB,GAAKC,0DACH,EAAE,QAAQ,gCAAgC,EAC1C,OACD,CAAC,OAAO,UAAU;AACjB,SAAK,OAAO,MACV,sDACA,MACD;KACD;;EAEL,CACF;;;;;;AC/DH,MAAa,6BAA6B,UAAyB;AACjE,QAAOC,0CAAgB,OAAO,yBAAyB;;;;;ACezD,MAAM,sCAAsC;;AAQ5C,MAAa,sBAAsB,EACjC,WACA,YAC4C;CAC5C,MAAM,SAASC,kCAAQ,UAAU,CAAC;CAElC,IAAIC;CAGJ,IAAIC;CAIJ,MAAMC,gBAA+C,YAAY;EAS/D,MAAM,mBAAmBH,kCAAQ,UAAU,CAAC,MAAM,KAAK,CAAC,MAAM;AAC9D,MAAI,eAAe,qBAAqB,qBACtC,eAAc;AAGhB,MAAI,CAAC,aAAa;AAShB,OAAI,CAACI,0DAAyB,UAAU,CACtC,OAAM,IAAIC,gEAA+B;AAG3C,iBAAc,iBACZ,EAAE,WAAW,0BAA0B,MAAM,EAAE,EAC/C,UACD;AACD,0BAAuB;AACvB,SAAM,YAAY,YAAY;;AAEhC,SAAO;;CAGT,MAAMC,+BACJ,OAAO,EAAE,wBAAwB,UAAU,oBAAoB;EAC7D,MAAM,EAAE,WAAW,oBAAoB,MAAMC,8CAC3C,UACD;AAID,UAFmB,MAAM,eAAe,EAEtB,6BAA6B;GAC7C,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACD,CAAC;;CAGN,MAAMC,sBAA2D,OAC/D,OAAO,EAAE,KACN;AACH,SAAO,MAAM,4CAA4C;GACvD,eAAe,KAAK;GACpB,0BAA0B,KAAK;GAChC,CAAC;EAEF,MAAM,EAAE,WAAW,oBAAoB,MAAMD,8CAAmB,UAAU;AAa1E,SATmB,OAFA,MAAM,eAAe,EAEJ,oBAAoB;GACtD,WAAW,UAAU,SAAS;GAC9B,eAAe,KAAK;GACpB,UAAU,KAAK;GACf;GACA,0BACE,KAAK,4BAA4BE,oEAAyB;GAC7D,CAAC;;CAKJ,MAAMC,oBAAuD,OAAO,EAClE,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAMH,8CAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,kBAAkB;GAClC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;CAGJ,MAAMI,wBAA+D,OAAO,EAC1E,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAMJ,8CAAmB,UAAU;AAI1E,SAFmB,MAAM,eAAe,EAEvB,sBAAsB;GACrC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;CAGJ,MAAMK,mBAAqD,OAAO,EAChE,WACA,kBACA,eACA,eACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAML,8CAAmB,UAAU;EAE1E,MAAM,aAAa,MAAM,eAAe;EAExC,MAAM,WAAW,MAAMM,8DACrB,EAAE,WAAWC,qCAAU,kBAAkB,EACzC,UACD;EAKD,MAAM,sBAAsBC,iDAC1B,EAAE,OAAOC,sCAAW,cAAc,EAClC,UACD;AAED,QAAM,WAAW,iBAAiB;GAChC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAM9B;GACA;GACA;GACA;GACA;GACA;GACD,CAAC;;CAGJ,MAAMC,mCACJ,OAAO,EAAE,oBAAoB;EAC3B,MAAM,EAAE,WAAW,oBAAoB,MAAMV,8CAC3C,UACD;AAID,SAFmB,MAAM,eAAe,EAEvB,UAAU;GACzB,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA,iBAAiBW,2DAAgB;GAClC,CAAC;;CAGN,MAAMC,mBAAqD,OAAO,EAChE,YACA,2BAA2BV,oEAAyB,iBAChD;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAMF,8CAAmB,UAAU;AAI1E,SAFqB,MAAM,eAAe,EAEvB,iBAAiB;GAClC,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACD,CAAC;;CAGJ,MAAMa,6BACJ,OAAO,EAAE,UAAU,oBAAoB;EACrC,MAAM,EAAE,WAAW,oBAAoB,MAAMb,8CAC3C,UACD;EAED,MAAM,eAAe,MAAM,eAAe;EAE1C,MAAM,WAAW,MAAMM,8DACrB,EAAE,WAAWC,qCAAU,mBAAmB,EAC1C,UACD;AAED,SAAO,aAAa,2BAA2B;GAC7C,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACD,CAAC;;CAGN,MAAMO,mBAAqD,OAAO,EAChE,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAMd,8CAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,iBAAiB;GACjC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;CAGJ,MAAMe,+BACJ,OAAO,EAAE,UAAU,oBAAoB;EACrC,MAAM,EAAE,WAAW,oBAAoB,MAAMf,8CAC3C,UACD;AAID,UAFmB,MAAM,eAAe,EAEtB,YAAY;GAC5B,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B,aAAa;GACb;GACD,CAAC;;CAGN,MAAMgB,iBAAiD,OAAO,EAC5D,SACA,UACA,oBACI;AACJ,MAAI,QAAQ,WAAW,oCACrB,OAAM,IAAIC,4CACR,mBAAmB,oCAAoC,kBACxD;EAGH,MAAM,EAAE,WAAW,oBAAoB,MAAMjB,8CAAmB,UAAU;EAE1E,MAAM,WAAW,MAAMM,8DACrB,EAAE,WAAWC,qCAAU,gBAAgB,EACvC,UACD;EAED,MAAM,sBAAsBC,iDAC1B,EAAE,OAAOC,sCAAW,YAAY,EAChC,UACD;AAcD,SAAO,EAAE,WAVS,OAFG,MAAM,eAAe,EAEL,eAAe;GAClD,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACA;GACA;GACD,CAAC,EAEkB;;CAGtB,MAAMS,UAAmC,OAAO,SAAS;AACvD,MAAI,CAAC,YACH;EAGF,MAAM,aAAa,MAAM,eAAe;AAWxC,MAAI,MAAM,WAAW,gBACnB,OAAM,WAAW,SAAS;AAE5B,gBAAc;;CAGhB,MAAMC,iBAAiD,OAAO,EAC5D,eACA,iBACA,kBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAMnB,8CAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,eAAe;GAC/B,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B,kBAAkB;GAClB;GACA;GACD,CAAC;;CAGJ,MAAMoB,cAA2C,OAAO,EACtD,SACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAMpB,8CAAmB,UAAU;EAE1E,MAAM,WAAW,MAAMM,8DACrB,EAAE,WAAWC,qCAAU,gBAAgB,EACvC,UACD;EAED,MAAM,sBAAsBC,iDAC1B,EAAE,OAAOC,sCAAW,YAAY,EAChC,UACD;AAaD,SAAO,EAAE,WATS,OAFC,MAAM,eAAe,EAEL,YAAY;GAC7C,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACA;GACD,CAAC,EAEkB;;CAGtB,MAAMY,4BACJ,OAAO,EAAE,SAAS,uBAAuB,oBAAoB;EAC3D,MAAM,EAAE,WAAW,oBAAoB,MAAMrB,8CAC3C,UACD;EAED,MAAM,WAAW,MAAMM,8DACrB,EAAE,WAAWC,qCAAU,gBAAgB,EACvC,UACD;EAED,MAAM,sBAAsBC,iDAC1B,EAAE,OAAOC,sCAAW,YAAY,EAChC,UACD;AAcD,SAAO,EAAE,WAVS,OAFC,MAAM,eAAe,EAEL,gBAAgB;GACjD,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACA,eAAe,cAAc;GAC7B;GACA,aAAa;GACd,CAAC,EAEkB;;CAGxB,MAAMa,yBACJ,OAAO,EAAE,oBAAoB;EAC3B,MAAM,EAAE,WAAW,oBAAoB,MAAMtB,8CAC3C,UACD;AAID,UAFmB,MAAM,eAAe,EAEtB,uBAAuB;GACvC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACD,CAAC;;CAGN,MAAMuB,eAA6C,OAAO,EACxD,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAMvB,8CAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,aAAa;GAC7B,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;AAGJ,QAAO;EACL;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACD;;;;;;;;;;;;;;;;;;;;;;;;;;;ACjbH,MAAa,kCAAkC,OAC7C,EAAE,WAAW,UAAU,iBACvB,WACG;AAMH,QALiBwB,sFACf,EAAE,eAAe,EACjB,OACD,CAEe,iBAAiB;EAC/B;EACA;EACA;EACD,CAAC;;;;;;ACnCJ,MAAa,mCACX,EAAE,SACF,WACa;AACb,KAAI,CAAC,OAAO,KACV,QAAO,EAAE;AAoBX,SAhBE,OAAO,KAAK,oBAAoB,QAC7B,eACC,WAAW,mBAAmBC,8CAAmB,kBACjD,WAAW,YACP,aAAa,CACd,WAAWC,gDAAsB,qBAAqB,IACzD,WAAW,WACX,WAAW,SACXC,8DAAoC,WAAW,MAAM,KAAK,MAC7D,IAAI,EAAE,EAE6C,KAEnD,eAAe,WAAW,QAC5B;;;;;mEC7BkBC,gCAAaC,kCAAe"}
1
+ {"version":3,"file":"waasCore.cjs","names":["createWaasClient: CreateWaasClient","getCore","DynamicWalletClient","isCookieEnabled","DEFAULT_WAAS_BASE_API_URL","DEFAULT_WAAS_BASE_MPC_RELAY_API_URL","CLIENT_SDK_NAME","getSignedSessionId","logoutWithReason","CHAINS_INFO_MAP","getCore","_waasClient: DynamicWalletClient | undefined","_waasClientSessionId: string | undefined","getWaasClient: WaasProvider['getWaasClient']","isUserOnboardingComplete","WaasOnboardingIncompleteError","backupKeySharesToGoogleDrive: WaasProvider['backupKeySharesToGoogleDrive']","getSignedSessionId","createWalletAccount: WaasProvider['createWalletAccount']","ThresholdSignatureScheme","delegateKeyShares: WaasProvider['delegateKeyShares']","exportClientKeyshares: WaasProvider['exportClientKeyshares']","exportPrivateKey: WaasProvider['exportPrivateKey']","consumeMfaTokenIfRequiredForAction","MFAAction","getElevatedAccessToken","TokenScope","restoreUserShareForWalletAccount: WaasProvider['restoreUserShareForWalletAccount']","WalletOperation","importPrivateKey: WaasProvider['importPrivateKey']","migrateFromFireblocks: WaasProvider['migrateFromFireblocks']","refreshWalletAccountShares: WaasProvider['refreshWalletAccountShares']","revokeDelegation: WaasProvider['revokeDelegation']","setWaasWalletAccountPassword: WaasProvider['setWaasWalletAccountPassword']","signRawMessage: WaasProvider['signRawMessage']","InvalidParamError","destroy: WaasProvider['destroy']","updatePassword: WaasProvider['updatePassword']","signMessage: WaasProvider['signMessage']","signSerializedTransaction: WaasProvider['signSerializedTransaction']","getWalletRecoveryState: WaasProvider['getWalletRecoveryState']","unlockWallet: WaasProvider['unlockWallet']","getWaasWalletProviderFromWalletAccount","WalletProviderEnum","DYNAMIC_WAAS_METADATA","getChainFromVerifiedCredentialChain","packageName","packageVersion"],"sources":["../src/modules/waas/createWaasClient/createWaasClient.ts","../src/modules/waas/getWaasChainNameFromChain/getWaasChainNameFromChain.ts","../src/modules/waas/createWaasProvider/createWaasProvider.ts","../src/modules/waas/exportWaasPrivateKeyToContainer/exportWaasPrivateKeyToContainer.ts","../src/modules/waas/getAllUserWaasAddressesForChain/getAllUserWaasAddressesForChain.ts","../src/exports/waasCore.ts"],"sourcesContent":["import type { AuthMode } from '@dynamic-labs-wallet/browser-wallet-client';\nimport { DynamicWalletClient } from '@dynamic-labs-wallet/browser-wallet-client';\n\nimport { getCore } from '../../../client/core/getCore';\nimport { CLIENT_SDK_NAME } from '../../apiClient/constants';\nimport { logoutWithReason } from '../../auth/logoutWithReason';\nimport { isCookieEnabled } from '../../projectSettings/isCookieEnabled';\nimport { getSignedSessionId } from '../../sessionKeys/getSignedSessionId';\nimport type { CreateWaasClient } from './createWaasClient.types';\nimport {\n DEFAULT_WAAS_BASE_API_URL,\n DEFAULT_WAAS_BASE_MPC_RELAY_API_URL,\n} from '../constants';\n\n/** @notInstrumented */\nexport const createWaasClient: CreateWaasClient = ({ chainName }, client) => {\n const core = getCore(client);\n\n const additionalTrustedOrigins = core.waas?.additionalTrustedOrigins;\n\n const baseClientKeysharesRelayApiUrl =\n client.projectSettings?.sdk.waas?.customKeyshareRelayBaseUrl;\n\n return new DynamicWalletClient(\n {\n authMode: (isCookieEnabled(client) ? 'cookie' : 'header') as AuthMode,\n authToken: client.token || '',\n baseApiUrl: (core.apiBaseUrl || DEFAULT_WAAS_BASE_API_URL).replace(\n '/api/v0',\n ''\n ),\n baseMPCRelayApiUrl:\n client.projectSettings?.sdk.waas?.relayUrl ||\n DEFAULT_WAAS_BASE_MPC_RELAY_API_URL,\n chainName,\n // Opt into the SDK self-driving eager key-share recovery on auth-token\n // arrival, so the client no longer restores shares itself on login.\n eagerlyRecoverKeyShares: true,\n environmentId: core.environmentId,\n sdkVersion: `${CLIENT_SDK_NAME}/${core.version}`,\n ...(additionalTrustedOrigins == undefined\n ? {}\n : { additionalTrustedOrigins }),\n ...(baseClientKeysharesRelayApiUrl == undefined\n ? {}\n : { baseClientKeysharesRelayApiUrl }),\n },\n {\n // Lets the iframe mint a fresh signed session id over the reverse channel,\n // which the SDK's eager key-share recovery needs.\n getSignedSessionId: () =>\n getSignedSessionId(client).then(({ signature }) => signature),\n // When the WaaS iframe's own backend call returns 401 (e.g. a forcibly\n // revoked token), the iframe notifies the host via the reverse channel\n // and this fires — log the user out. Mirrors the session-expiry\n // middleware that covers the SDK's own direct API 401s.\n onUnauthorized: () => {\n void logoutWithReason(\n { reason: 'session-refresh-unauthorized' },\n client\n ).catch((error) => {\n core.logger.error(\n 'Failed to log out after WaaS unauthorized response',\n error\n );\n });\n },\n }\n );\n};\n","import type { Chain } from '../../chain';\nimport { CHAINS_INFO_MAP } from '../../wallets/constants';\n\n/** @notInstrumented */\n// eslint-disable-next-line custom-rules/require-single-object-param\nexport const getWaasChainNameFromChain = (chain: Chain): string => {\n return CHAINS_INFO_MAP[chain].waasChainNameOverride || chain;\n};\n","import {\n type BitcoinConfig,\n type DynamicWalletClient,\n ThresholdSignatureScheme,\n WalletOperation,\n} from '@dynamic-labs-wallet/browser-wallet-client';\nimport { MFAAction, TokenScope } from '@dynamic-labs/sdk-api-core';\n\nimport { getCore } from '../../../client/core/getCore';\nimport type { DynamicClient } from '../../../client/types/DynamicClient';\nimport { InvalidParamError } from '../../../errors/InvalidParamError';\nimport { WaasOnboardingIncompleteError } from '../../../errors/WaasOnboardingIncompleteError';\nimport { getElevatedAccessToken } from '../../auth/getElevatedAccessToken';\nimport type { Chain } from '../../chain';\nimport { consumeMfaTokenIfRequiredForAction } from '../../mfa/consumeMfaTokenIfRequiredForAction';\nimport { getSignedSessionId } from '../../sessionKeys/getSignedSessionId';\nimport { isUserOnboardingComplete } from '../../user/isUserOnboardingComplete';\nimport { createWaasClient } from '../createWaasClient';\nimport { getWaasChainNameFromChain } from '../getWaasChainNameFromChain';\nimport type { WaasProvider } from '../waas.types';\n\nconst RAW_MESSAGE_MESSAGE_REQUIRED_LENGTH = 64;\n\ntype CreateWaasProviderParams = {\n chain: Chain;\n sdkClient: DynamicClient;\n};\n\n/** @notInstrumented */\nexport const createWaasProvider = ({\n sdkClient,\n chain,\n}: CreateWaasProviderParams): WaasProvider => {\n const logger = getCore(sdkClient).logger;\n\n let _waasClient: DynamicWalletClient | undefined;\n // The session the cached client was built against. A step-up reauth mints a\n // NEW session (new sessionId + token); see the rebuild guard below.\n let _waasClientSessionId: string | undefined;\n\n // because the waas client needs the authToken to be set, we can only create it\n // the first time it's needed, which is after the user has logged in\n const getWaasClient: WaasProvider['getWaasClient'] = async () => {\n // After a step-up reauthentication a new session is minted. In header auth\n // mode (native webview) the iframe has no cookie jar to fall back on, so a\n // client cached against the previous session keeps presenting the stale\n // token — its next backend call (createRooms/users) 401s and trips the\n // iframe's onUnauthorized → forced logout. Drop the cached client when the\n // session changes so it rebuilds + re-initializes with the fresh token and\n // signed session id. Key shares stay in storage (only client auth resets);\n // routine token refresh keeps the same sessionId, so it does not rebuild.\n const currentSessionId = getCore(sdkClient).state.get().user?.sessionId;\n if (_waasClient && currentSessionId !== _waasClientSessionId) {\n _waasClient = undefined;\n }\n\n if (!_waasClient) {\n // Chokepoint: don't build + initialize the iframe client until onboarding\n // is complete. The iframe's init-time room-cache pre-warm fires\n // `createRooms` using the token captured at construction — before any\n // per-operation token resync exists to correct it. Built while the token\n // is still pre-`user:basic` (MFA / KYC / recovery codes / device\n // registration pending), that pre-warm 401s and trips the iframe's\n // onUnauthorized → forced-logout. This is the single gateway to\n // createWaasClient (web and native), so it covers every WaaS caller.\n if (!isUserOnboardingComplete(sdkClient)) {\n throw new WaasOnboardingIncompleteError();\n }\n\n _waasClient = createWaasClient(\n { chainName: getWaasChainNameFromChain(chain) },\n sdkClient\n );\n _waasClientSessionId = currentSessionId;\n await _waasClient.initialize();\n }\n return _waasClient;\n };\n\n const backupKeySharesToGoogleDrive: WaasProvider['backupKeySharesToGoogleDrive'] =\n async ({ googleDriveAccessToken, password, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n return waasClient.backupKeySharesToGoogleDrive({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n googleDriveAccessToken,\n password,\n signedSessionId,\n });\n };\n\n const createWalletAccount: WaasProvider['createWalletAccount'] = async (\n args = {}\n ) => {\n logger.debug('[createWaasProvider] createWalletAccount', {\n bitcoinConfig: args.bitcoinConfig,\n thresholdSignatureScheme: args.thresholdSignatureScheme,\n });\n\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n const waasWallet = await waasClient.createWalletAccount({\n authToken: sdkClient.token ?? undefined,\n bitcoinConfig: args.bitcoinConfig as BitcoinConfig | undefined,\n password: args.password,\n signedSessionId,\n thresholdSignatureScheme:\n args.thresholdSignatureScheme ?? ThresholdSignatureScheme.TWO_OF_TWO,\n });\n\n return waasWallet;\n };\n\n const delegateKeyShares: WaasProvider['delegateKeyShares'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.delegateKeyShares({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n const exportClientKeyshares: WaasProvider['exportClientKeyshares'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n await waasClient.exportClientKeyshares({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n const exportPrivateKey: WaasProvider['exportPrivateKey'] = async ({\n container,\n displayContainer,\n walletAccount,\n password,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasExport },\n sdkClient\n );\n\n // Forward any elevated access token previously obtained via step-up\n // (e.g. requestExternalAuthElevatedToken) so the backend authorizes\n // the export under the wallet:export scope.\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletexport },\n sdkClient\n );\n\n await waasClient.exportPrivateKey({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n // Exactly one display surface is forwarded: `container` (a\n // WaasSDKContainer, e.g. a React Native visible WebView) or\n // `displayContainer` (a DOM element, web). The upstream client enforces\n // the \"exactly one\" invariant and renders the key inside the surface's\n // own sandboxed document — it never crosses back to the host.\n container,\n displayContainer,\n elevatedAccessToken,\n mfaToken,\n password,\n signedSessionId,\n });\n };\n\n const restoreUserShareForWalletAccount: WaasProvider['restoreUserShareForWalletAccount'] =\n async ({ walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n await waasClient.getWallet({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n signedSessionId,\n walletOperation: WalletOperation.SIGN_MESSAGE,\n });\n };\n\n const importPrivateKey: WaasProvider['importPrivateKey'] = async ({\n privateKey,\n thresholdSignatureScheme = ThresholdSignatureScheme.TWO_OF_TWO,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const walletClient = await getWaasClient();\n\n await walletClient.importPrivateKey({\n authToken: sdkClient.token ?? undefined,\n privateKey,\n signedSessionId,\n thresholdSignatureScheme,\n });\n };\n\n const migrateFromFireblocks: WaasProvider['migrateFromFireblocks'] = async ({\n coinTypes,\n deviceId,\n expectedAddresses,\n jwt,\n password,\n storage,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const walletClient = await getWaasClient();\n\n return walletClient.migrateFromFireblocks({\n authToken: sdkClient.token ?? undefined,\n fireblocks: {\n deviceId,\n expectedAddresses,\n jwt,\n ncwStorage: storage,\n walletPassword: password,\n ...(coinTypes ? { coinTypes } : {}),\n },\n signedSessionId,\n });\n };\n\n const refreshWalletAccountShares: WaasProvider['refreshWalletAccountShares'] =\n async ({ password, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const walletClient = await getWaasClient();\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasRefresh },\n sdkClient\n );\n\n return walletClient.refreshWalletAccountShares({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n mfaToken,\n password,\n signedSessionId,\n });\n };\n\n const revokeDelegation: WaasProvider['revokeDelegation'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.revokeDelegation({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n const setWaasWalletAccountPassword: WaasProvider['setWaasWalletAccountPassword'] =\n async ({ password, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n return waasClient.setPassword({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n newPassword: password,\n signedSessionId,\n });\n };\n\n const signRawMessage: WaasProvider['signRawMessage'] = async ({\n message,\n password,\n walletAccount,\n }) => {\n if (message.length !== RAW_MESSAGE_MESSAGE_REQUIRED_LENGTH) {\n throw new InvalidParamError(\n `Message must be ${RAW_MESSAGE_MESSAGE_REQUIRED_LENGTH} characters long`\n );\n }\n\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasSign },\n sdkClient\n );\n\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletsign },\n sdkClient\n );\n\n const walletClient = await getWaasClient();\n\n const signature = await walletClient.signRawMessage({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n elevatedAccessToken,\n message,\n mfaToken,\n password,\n signedSessionId,\n });\n\n return { signature };\n };\n\n const destroy: WaasProvider['destroy'] = async (args) => {\n if (!_waasClient) {\n return;\n }\n\n const waasClient = await getWaasClient();\n // When a session token expires, we preserve key shares in storage instead\n // of clearing them. Customers with short-lived sessions (minutes) were\n // hitting excessive server-side share recovery on every re-login, which\n // also forced users to re-enter their wallet password since the unlocked\n // share only lives for the duration of the session.\n //\n // This is safe because the waas-sdk separately fingerprints the user\n // (sub + environment_id) and clears all storage if a different user logs\n // in. On explicit user-initiated logout, shares are always cleared for\n // security.\n if (args?.reason !== 'token-expired') {\n await waasClient.cleanup();\n }\n _waasClient = undefined;\n };\n\n const updatePassword: WaasProvider['updatePassword'] = async ({\n walletAccount,\n currentPassword,\n newPassword,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.updatePassword({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n existingPassword: currentPassword,\n newPassword,\n signedSessionId,\n });\n };\n\n const signMessage: WaasProvider['signMessage'] = async ({\n message,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasSign },\n sdkClient\n );\n\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletsign },\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n const signature = await waasClient.signMessage({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n elevatedAccessToken,\n message,\n mfaToken,\n signedSessionId,\n });\n\n return { signature };\n };\n\n const signSerializedTransaction: WaasProvider['signSerializedTransaction'] =\n async ({ chainId, serializedTransaction, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasSign },\n sdkClient\n );\n\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletsign },\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n const signature = await waasClient.signTransaction({\n authToken: sdkClient.token ?? undefined,\n chainId,\n elevatedAccessToken,\n mfaToken,\n senderAddress: walletAccount.address,\n signedSessionId,\n transaction: serializedTransaction,\n });\n\n return { signature };\n };\n\n const getWalletRecoveryState: WaasProvider['getWalletRecoveryState'] =\n async ({ walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n return waasClient.getWalletRecoveryState({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n signedSessionId,\n });\n };\n\n const unlockWallet: WaasProvider['unlockWallet'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.unlockWallet({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n return {\n backupKeySharesToGoogleDrive,\n createWalletAccount,\n delegateKeyShares,\n destroy,\n exportClientKeyshares,\n exportPrivateKey,\n getWaasClient,\n getWalletRecoveryState,\n importPrivateKey,\n migrateFromFireblocks,\n refreshWalletAccountShares,\n restoreUserShareForWalletAccount,\n revokeDelegation,\n setWaasWalletAccountPassword,\n signMessage,\n signRawMessage,\n signSerializedTransaction,\n unlockWallet,\n updatePassword,\n };\n};\n","import type { WaasSDKContainer } from '@dynamic-labs-wallet/core';\n\nimport type { DynamicClient } from '../../../client/types/DynamicClient';\nimport type { WalletAccount } from '../../wallets/walletAccount';\nimport { getWaasWalletProviderFromWalletAccount } from '../getWaasWalletProviderFromWalletAccount';\n\ntype ExportWaasPrivateKeyToContainerParams = {\n container: WaasSDKContainer;\n password?: string;\n walletAccount: WalletAccount;\n};\n\n/**\n * Exports the private key for a WaaS wallet account into a caller-provided\n * {@link WaasSDKContainer} (e.g. a visible React Native WebView) instead of a\n * DOM element.\n *\n * This is the container-based counterpart to `exportWaasPrivateKey` (which\n * injects an iframe into a DOM `displayContainer` on web). The export ceremony\n * runs — and the private key is rendered — entirely inside the container's own\n * sandboxed document; the key is never exposed to the host JS layer. The caller\n * owns the container's lifecycle and must call `container.destroy()` when the\n * display is dismissed.\n *\n * @param params.walletAccount - The WaaS wallet account to export the private key from.\n * @param params.container - The container that hosts the secure key display.\n * @param [params.password] - Optional password to decrypt the private key.\n * @param client - The Dynamic client instance. This is an internal API (exposed\n * only via `@dynamic-labs-sdk/client/waas/core`), so the client is passed\n * explicitly rather than defaulted — callers resolve it (e.g. via\n * `getDefaultClient()`) and thread it in.\n * @returns A promise that resolves when the private key export is complete.\n * @notInstrumented\n */\nexport const exportWaasPrivateKeyToContainer = async (\n { container, password, walletAccount }: ExportWaasPrivateKeyToContainerParams,\n client: DynamicClient\n) => {\n const provider = getWaasWalletProviderFromWalletAccount(\n { walletAccount },\n client\n );\n\n return provider.exportPrivateKey({\n container,\n password,\n walletAccount,\n });\n};\n","import { WalletProviderEnum } from '@dynamic-labs/sdk-api-core';\n\nimport type { DynamicClient } from '../../../client/types';\nimport { getChainFromVerifiedCredentialChain } from '../../../utils/getChainFromVerifiedCredentialChain';\nimport type { Chain } from '../../chain';\nimport { DYNAMIC_WAAS_METADATA } from '../constants';\n\ntype GetAllUserWaasAddressesForChainParams = {\n chain: Chain;\n};\n\n/** @notInstrumented */\nexport const getAllUserWaasAddressesForChain = (\n { chain }: GetAllUserWaasAddressesForChainParams,\n client: DynamicClient\n): string[] => {\n if (!client.user) {\n return [];\n }\n\n const waasWalletCredentials =\n client.user.verifiedCredentials.filter(\n (credential) =>\n credential.walletProvider === WalletProviderEnum.EmbeddedWallet &&\n credential.walletName\n ?.toLowerCase()\n .startsWith(DYNAMIC_WAAS_METADATA.normalizedWalletName) &&\n credential.address &&\n credential.chain &&\n getChainFromVerifiedCredentialChain(credential.chain) === chain\n ) ?? [];\n\n const waasAddresses: string[] = waasWalletCredentials.map(\n // casting because we're already filtering out credentials without an address\n (credential) => credential.address as string\n );\n\n return waasAddresses;\n};\n","import { assertPackageVersion } from '@dynamic-labs-sdk/assert-package-version';\n\nimport {\n name as packageName,\n version as packageVersion,\n} from '../../package.json';\nassertPackageVersion(packageName, packageVersion);\n\nexport type {\n BitcoinNetwork,\n DynamicWalletClient,\n MigrateFromFireblocksResponse,\n ThresholdSignatureScheme,\n} from '@dynamic-labs-wallet/browser-wallet-client';\nexport type { WaasSDKContainer } from '@dynamic-labs-wallet/core';\nexport { DYNAMIC_WAAS_METADATA } from '../modules/waas/constants';\nexport { createWaasClient } from '../modules/waas/createWaasClient';\nexport { createWaasProvider } from '../modules/waas/createWaasProvider';\nexport { exportWaasPrivateKeyToContainer } from '../modules/waas/exportWaasPrivateKeyToContainer';\nexport { getAllUserWaasAddressesForChain } from '../modules/waas/getAllUserWaasAddressesForChain';\nexport { getWaasChainNameFromChain } from '../modules/waas/getWaasChainNameFromChain';\nexport { migrateFromFireblocks } from '../modules/waas/migrateFromFireblocks';\nexport { preconnectWaasIframe } from '../modules/waas/preconnectWaasIframe';\nexport type {\n WaasProvider,\n WaasWalletProvider,\n} from '../modules/waas/waas.types';\n"],"mappings":";;;;;;;;;;;;AAeA,MAAaA,oBAAsC,EAAE,aAAa,WAAW;CAC3E,MAAM,OAAOC,6CAAQ,OAAO;CAE5B,MAAM,2BAA2B,KAAK,MAAM;CAE5C,MAAM,iCACJ,OAAO,iBAAiB,IAAI,MAAM;AAEpC,QAAO,IAAIC,+DACT;EACE,UAAWC,qDAAgB,OAAO,GAAG,WAAW;EAChD,WAAW,OAAO,SAAS;EAC3B,aAAa,KAAK,cAAcC,gEAA2B,QACzD,WACA,GACD;EACD,oBACE,OAAO,iBAAiB,IAAI,MAAM,YAClCC;EACF;EAGA,yBAAyB;EACzB,eAAe,KAAK;EACpB,YAAY,GAAGC,qDAAgB,GAAG,KAAK;EACvC,GAAI,4BAA4B,SAC5B,EAAE,GACF,EAAE,0BAA0B;EAChC,GAAI,kCAAkC,SAClC,EAAE,GACF,EAAE,gCAAgC;EACvC,EACD;EAGE,0BACEC,8CAAmB,OAAO,CAAC,MAAM,EAAE,gBAAgB,UAAU;EAK/D,sBAAsB;AACpB,GAAKC,0DACH,EAAE,QAAQ,gCAAgC,EAC1C,OACD,CAAC,OAAO,UAAU;AACjB,SAAK,OAAO,MACV,sDACA,MACD;KACD;;EAEL,CACF;;;;;;AC/DH,MAAa,6BAA6B,UAAyB;AACjE,QAAOC,qDAAgB,OAAO,yBAAyB;;;;;ACezD,MAAM,sCAAsC;;AAQ5C,MAAa,sBAAsB,EACjC,WACA,YAC4C;CAC5C,MAAM,SAASC,6CAAQ,UAAU,CAAC;CAElC,IAAIC;CAGJ,IAAIC;CAIJ,MAAMC,gBAA+C,YAAY;EAS/D,MAAM,mBAAmBH,6CAAQ,UAAU,CAAC,MAAM,KAAK,CAAC,MAAM;AAC9D,MAAI,eAAe,qBAAqB,qBACtC,eAAc;AAGhB,MAAI,CAAC,aAAa;AAShB,OAAI,CAACI,0DAAyB,UAAU,CACtC,OAAM,IAAIC,gEAA+B;AAG3C,iBAAc,iBACZ,EAAE,WAAW,0BAA0B,MAAM,EAAE,EAC/C,UACD;AACD,0BAAuB;AACvB,SAAM,YAAY,YAAY;;AAEhC,SAAO;;CAGT,MAAMC,+BACJ,OAAO,EAAE,wBAAwB,UAAU,oBAAoB;EAC7D,MAAM,EAAE,WAAW,oBAAoB,MAAMC,8CAC3C,UACD;AAID,UAFmB,MAAM,eAAe,EAEtB,6BAA6B;GAC7C,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACD,CAAC;;CAGN,MAAMC,sBAA2D,OAC/D,OAAO,EAAE,KACN;AACH,SAAO,MAAM,4CAA4C;GACvD,eAAe,KAAK;GACpB,0BAA0B,KAAK;GAChC,CAAC;EAEF,MAAM,EAAE,WAAW,oBAAoB,MAAMD,8CAAmB,UAAU;AAa1E,SATmB,OAFA,MAAM,eAAe,EAEJ,oBAAoB;GACtD,WAAW,UAAU,SAAS;GAC9B,eAAe,KAAK;GACpB,UAAU,KAAK;GACf;GACA,0BACE,KAAK,4BAA4BE,oEAAyB;GAC7D,CAAC;;CAKJ,MAAMC,oBAAuD,OAAO,EAClE,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAMH,8CAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,kBAAkB;GAClC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;CAGJ,MAAMI,wBAA+D,OAAO,EAC1E,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAMJ,8CAAmB,UAAU;AAI1E,SAFmB,MAAM,eAAe,EAEvB,sBAAsB;GACrC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;CAGJ,MAAMK,mBAAqD,OAAO,EAChE,WACA,kBACA,eACA,eACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAML,8CAAmB,UAAU;EAE1E,MAAM,aAAa,MAAM,eAAe;EAExC,MAAM,WAAW,MAAMM,8DACrB,EAAE,WAAWC,qCAAU,kBAAkB,EACzC,UACD;EAKD,MAAM,sBAAsBC,4DAC1B,EAAE,OAAOC,sCAAW,cAAc,EAClC,UACD;AAED,QAAM,WAAW,iBAAiB;GAChC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAM9B;GACA;GACA;GACA;GACA;GACA;GACD,CAAC;;CAGJ,MAAMC,mCACJ,OAAO,EAAE,oBAAoB;EAC3B,MAAM,EAAE,WAAW,oBAAoB,MAAMV,8CAC3C,UACD;AAID,SAFmB,MAAM,eAAe,EAEvB,UAAU;GACzB,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA,iBAAiBW,2DAAgB;GAClC,CAAC;;CAGN,MAAMC,mBAAqD,OAAO,EAChE,YACA,2BAA2BV,oEAAyB,iBAChD;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAMF,8CAAmB,UAAU;AAI1E,SAFqB,MAAM,eAAe,EAEvB,iBAAiB;GAClC,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACD,CAAC;;CAGJ,MAAMa,0BAA+D,OAAO,EAC1E,WACA,UACA,mBACA,KACA,UACA,cACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAMb,8CAAmB,UAAU;AAI1E,UAFqB,MAAM,eAAe,EAEtB,sBAAsB;GACxC,WAAW,UAAU,SAAS;GAC9B,YAAY;IACV;IACA;IACA;IACA,YAAY;IACZ,gBAAgB;IAChB,GAAI,YAAY,EAAE,WAAW,GAAG,EAAE;IACnC;GACD;GACD,CAAC;;CAGJ,MAAMc,6BACJ,OAAO,EAAE,UAAU,oBAAoB;EACrC,MAAM,EAAE,WAAW,oBAAoB,MAAMd,8CAC3C,UACD;EAED,MAAM,eAAe,MAAM,eAAe;EAE1C,MAAM,WAAW,MAAMM,8DACrB,EAAE,WAAWC,qCAAU,mBAAmB,EAC1C,UACD;AAED,SAAO,aAAa,2BAA2B;GAC7C,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACD,CAAC;;CAGN,MAAMQ,mBAAqD,OAAO,EAChE,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAMf,8CAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,iBAAiB;GACjC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;CAGJ,MAAMgB,+BACJ,OAAO,EAAE,UAAU,oBAAoB;EACrC,MAAM,EAAE,WAAW,oBAAoB,MAAMhB,8CAC3C,UACD;AAID,UAFmB,MAAM,eAAe,EAEtB,YAAY;GAC5B,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B,aAAa;GACb;GACD,CAAC;;CAGN,MAAMiB,iBAAiD,OAAO,EAC5D,SACA,UACA,oBACI;AACJ,MAAI,QAAQ,WAAW,oCACrB,OAAM,IAAIC,uDACR,mBAAmB,oCAAoC,kBACxD;EAGH,MAAM,EAAE,WAAW,oBAAoB,MAAMlB,8CAAmB,UAAU;EAE1E,MAAM,WAAW,MAAMM,8DACrB,EAAE,WAAWC,qCAAU,gBAAgB,EACvC,UACD;EAED,MAAM,sBAAsBC,4DAC1B,EAAE,OAAOC,sCAAW,YAAY,EAChC,UACD;AAcD,SAAO,EAAE,WAVS,OAFG,MAAM,eAAe,EAEL,eAAe;GAClD,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACA;GACA;GACD,CAAC,EAEkB;;CAGtB,MAAMU,UAAmC,OAAO,SAAS;AACvD,MAAI,CAAC,YACH;EAGF,MAAM,aAAa,MAAM,eAAe;AAWxC,MAAI,MAAM,WAAW,gBACnB,OAAM,WAAW,SAAS;AAE5B,gBAAc;;CAGhB,MAAMC,iBAAiD,OAAO,EAC5D,eACA,iBACA,kBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAMpB,8CAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,eAAe;GAC/B,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B,kBAAkB;GAClB;GACA;GACD,CAAC;;CAGJ,MAAMqB,cAA2C,OAAO,EACtD,SACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAMrB,8CAAmB,UAAU;EAE1E,MAAM,WAAW,MAAMM,8DACrB,EAAE,WAAWC,qCAAU,gBAAgB,EACvC,UACD;EAED,MAAM,sBAAsBC,4DAC1B,EAAE,OAAOC,sCAAW,YAAY,EAChC,UACD;AAaD,SAAO,EAAE,WATS,OAFC,MAAM,eAAe,EAEL,YAAY;GAC7C,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACA;GACD,CAAC,EAEkB;;CAGtB,MAAMa,4BACJ,OAAO,EAAE,SAAS,uBAAuB,oBAAoB;EAC3D,MAAM,EAAE,WAAW,oBAAoB,MAAMtB,8CAC3C,UACD;EAED,MAAM,WAAW,MAAMM,8DACrB,EAAE,WAAWC,qCAAU,gBAAgB,EACvC,UACD;EAED,MAAM,sBAAsBC,4DAC1B,EAAE,OAAOC,sCAAW,YAAY,EAChC,UACD;AAcD,SAAO,EAAE,WAVS,OAFC,MAAM,eAAe,EAEL,gBAAgB;GACjD,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACA,eAAe,cAAc;GAC7B;GACA,aAAa;GACd,CAAC,EAEkB;;CAGxB,MAAMc,yBACJ,OAAO,EAAE,oBAAoB;EAC3B,MAAM,EAAE,WAAW,oBAAoB,MAAMvB,8CAC3C,UACD;AAID,UAFmB,MAAM,eAAe,EAEtB,uBAAuB;GACvC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACD,CAAC;;CAGN,MAAMwB,eAA6C,OAAO,EACxD,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAMxB,8CAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,aAAa;GAC7B,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;AAGJ,QAAO;EACL;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACD;;;;;;;;;;;;;;;;;;;;;;;;;;;AC5cH,MAAa,kCAAkC,OAC7C,EAAE,WAAW,UAAU,iBACvB,WACG;AAMH,QALiByB,qEACf,EAAE,eAAe,EACjB,OACD,CAEe,iBAAiB;EAC/B;EACA;EACA;EACD,CAAC;;;;;;ACnCJ,MAAa,mCACX,EAAE,SACF,WACa;AACb,KAAI,CAAC,OAAO,KACV,QAAO,EAAE;AAoBX,SAhBE,OAAO,KAAK,oBAAoB,QAC7B,eACC,WAAW,mBAAmBC,8CAAmB,kBACjD,WAAW,YACP,aAAa,CACd,WAAWC,2DAAsB,qBAAqB,IACzD,WAAW,WACX,WAAW,SACXC,yEAAoC,WAAW,MAAM,KAAK,MAC7D,IAAI,EAAE,EAE6C,KAEnD,eAAe,WAAW,QAC5B;;;;;mEC7BkBC,2CAAaC,6CAAe"}
@@ -1,9 +1,9 @@
1
- import { D as CHAINS_INFO_MAP, E as getChainFromVerifiedCredentialChain, Z as isCookieEnabled, a as DYNAMIC_WAAS_METADATA, dt as version, et as getElevatedAccessToken, i as DEFAULT_WAAS_BASE_MPC_RELAY_API_URL, lt as getCore, nt as CLIENT_SDK_NAME, r as DEFAULT_WAAS_BASE_API_URL, t as InvalidParamError, ut as name } from "./InvalidParamError-PQ2Xen_o.esm.js";
2
- import { i as __logoutWithReason_wrapped } from "./isMfaRequiredForAction-CkX6CfJf.esm.js";
3
- import "./isDynamicWaasEnabled-BmWqrgz1.esm.js";
4
- import { a as WaasOnboardingIncompleteError, i as preconnectWaasIframe, t as isUserOnboardingComplete } from "./isUserOnboardingComplete-C4_b3pDb.esm.js";
5
- import { n as consumeMfaTokenIfRequiredForAction, t as getSignedSessionId } from "./getSignedSessionId-DzjHW7Rw.esm.js";
6
- import { t as getWaasWalletProviderFromWalletAccount } from "./getWaasWalletProviderFromWalletAccount-CupLo7EC.esm.js";
1
+ import { F as CHAINS_INFO_MAP, P as getChainFromVerifiedCredentialChain, _t as getCore, at as isCookieEnabled, ct as getElevatedAccessToken, d as DYNAMIC_WAAS_METADATA, i as InvalidParamError, l as DEFAULT_WAAS_BASE_API_URL, u as DEFAULT_WAAS_BASE_MPC_RELAY_API_URL, ut as CLIENT_SDK_NAME, vt as name, yt as version } from "./updateAuthFromVerifyResponse-azIi_3FB.esm.js";
2
+ import { i as __logoutWithReason_wrapped } from "./isMfaRequiredForAction-CqEcCTIe.esm.js";
3
+ import "./isDynamicWaasEnabled-BYaqAOml.esm.js";
4
+ import { a as WaasOnboardingIncompleteError, i as preconnectWaasIframe, t as isUserOnboardingComplete } from "./isUserOnboardingComplete-CBrAH0ZF.esm.js";
5
+ import { n as consumeMfaTokenIfRequiredForAction, t as getSignedSessionId } from "./getSignedSessionId-CUw7LJ35.esm.js";
6
+ import { n as getWaasWalletProviderFromWalletAccount, t as migrateFromFireblocks } from "./migrateFromFireblocks-Bbx2wHZD.esm.js";
7
7
  import { assertPackageVersion } from "@dynamic-labs-sdk/assert-package-version";
8
8
  import { MFAAction, TokenScope, WalletProviderEnum } from "@dynamic-labs/sdk-api-core";
9
9
  import { DynamicWalletClient, ThresholdSignatureScheme, WalletOperation } from "@dynamic-labs-wallet/browser-wallet-client";
@@ -137,6 +137,21 @@ const createWaasProvider = ({ sdkClient, chain }) => {
137
137
  thresholdSignatureScheme
138
138
  });
139
139
  };
140
+ const migrateFromFireblocks$1 = async ({ coinTypes, deviceId, expectedAddresses, jwt, password, storage }) => {
141
+ const { signature: signedSessionId } = await getSignedSessionId(sdkClient);
142
+ return (await getWaasClient()).migrateFromFireblocks({
143
+ authToken: sdkClient.token ?? void 0,
144
+ fireblocks: {
145
+ deviceId,
146
+ expectedAddresses,
147
+ jwt,
148
+ ncwStorage: storage,
149
+ walletPassword: password,
150
+ ...coinTypes ? { coinTypes } : {}
151
+ },
152
+ signedSessionId
153
+ });
154
+ };
140
155
  const refreshWalletAccountShares = async ({ password, walletAccount }) => {
141
156
  const { signature: signedSessionId } = await getSignedSessionId(sdkClient);
142
157
  const walletClient = await getWaasClient();
@@ -252,6 +267,7 @@ const createWaasProvider = ({ sdkClient, chain }) => {
252
267
  getWaasClient,
253
268
  getWalletRecoveryState,
254
269
  importPrivateKey,
270
+ migrateFromFireblocks: migrateFromFireblocks$1,
255
271
  refreshWalletAccountShares,
256
272
  restoreUserShareForWalletAccount,
257
273
  revokeDelegation,
@@ -309,5 +325,5 @@ const getAllUserWaasAddressesForChain = ({ chain }, client) => {
309
325
  assertPackageVersion(name, version);
310
326
 
311
327
  //#endregion
312
- export { DYNAMIC_WAAS_METADATA, createWaasClient, createWaasProvider, exportWaasPrivateKeyToContainer, getAllUserWaasAddressesForChain, getWaasChainNameFromChain, preconnectWaasIframe };
328
+ export { DYNAMIC_WAAS_METADATA, createWaasClient, createWaasProvider, exportWaasPrivateKeyToContainer, getAllUserWaasAddressesForChain, getWaasChainNameFromChain, migrateFromFireblocks, preconnectWaasIframe };
313
329
  //# sourceMappingURL=waasCore.esm.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"waasCore.esm.js","names":["createWaasClient: CreateWaasClient","logoutWithReason","_waasClient: DynamicWalletClient | undefined","_waasClientSessionId: string | undefined","getWaasClient: WaasProvider['getWaasClient']","backupKeySharesToGoogleDrive: WaasProvider['backupKeySharesToGoogleDrive']","createWalletAccount: WaasProvider['createWalletAccount']","delegateKeyShares: WaasProvider['delegateKeyShares']","exportClientKeyshares: WaasProvider['exportClientKeyshares']","exportPrivateKey: WaasProvider['exportPrivateKey']","restoreUserShareForWalletAccount: WaasProvider['restoreUserShareForWalletAccount']","importPrivateKey: WaasProvider['importPrivateKey']","refreshWalletAccountShares: WaasProvider['refreshWalletAccountShares']","revokeDelegation: WaasProvider['revokeDelegation']","setWaasWalletAccountPassword: WaasProvider['setWaasWalletAccountPassword']","signRawMessage: WaasProvider['signRawMessage']","destroy: WaasProvider['destroy']","updatePassword: WaasProvider['updatePassword']","signMessage: WaasProvider['signMessage']","signSerializedTransaction: WaasProvider['signSerializedTransaction']","getWalletRecoveryState: WaasProvider['getWalletRecoveryState']","unlockWallet: WaasProvider['unlockWallet']","packageName","packageVersion"],"sources":["../src/modules/waas/createWaasClient/createWaasClient.ts","../src/modules/waas/getWaasChainNameFromChain/getWaasChainNameFromChain.ts","../src/modules/waas/createWaasProvider/createWaasProvider.ts","../src/modules/waas/exportWaasPrivateKeyToContainer/exportWaasPrivateKeyToContainer.ts","../src/modules/waas/getAllUserWaasAddressesForChain/getAllUserWaasAddressesForChain.ts","../src/exports/waasCore.ts"],"sourcesContent":["import type { AuthMode } from '@dynamic-labs-wallet/browser-wallet-client';\nimport { DynamicWalletClient } from '@dynamic-labs-wallet/browser-wallet-client';\n\nimport { getCore } from '../../../client/core/getCore';\nimport { CLIENT_SDK_NAME } from '../../apiClient/constants';\nimport { logoutWithReason } from '../../auth/logoutWithReason';\nimport { isCookieEnabled } from '../../projectSettings/isCookieEnabled';\nimport { getSignedSessionId } from '../../sessionKeys/getSignedSessionId';\nimport type { CreateWaasClient } from './createWaasClient.types';\nimport {\n DEFAULT_WAAS_BASE_API_URL,\n DEFAULT_WAAS_BASE_MPC_RELAY_API_URL,\n} from '../constants';\n\n/** @notInstrumented */\nexport const createWaasClient: CreateWaasClient = ({ chainName }, client) => {\n const core = getCore(client);\n\n const additionalTrustedOrigins = core.waas?.additionalTrustedOrigins;\n\n const baseClientKeysharesRelayApiUrl =\n client.projectSettings?.sdk.waas?.customKeyshareRelayBaseUrl;\n\n return new DynamicWalletClient(\n {\n authMode: (isCookieEnabled(client) ? 'cookie' : 'header') as AuthMode,\n authToken: client.token || '',\n baseApiUrl: (core.apiBaseUrl || DEFAULT_WAAS_BASE_API_URL).replace(\n '/api/v0',\n ''\n ),\n baseMPCRelayApiUrl:\n client.projectSettings?.sdk.waas?.relayUrl ||\n DEFAULT_WAAS_BASE_MPC_RELAY_API_URL,\n chainName,\n // Opt into the SDK self-driving eager key-share recovery on auth-token\n // arrival, so the client no longer restores shares itself on login.\n eagerlyRecoverKeyShares: true,\n environmentId: core.environmentId,\n sdkVersion: `${CLIENT_SDK_NAME}/${core.version}`,\n ...(additionalTrustedOrigins == undefined\n ? {}\n : { additionalTrustedOrigins }),\n ...(baseClientKeysharesRelayApiUrl == undefined\n ? {}\n : { baseClientKeysharesRelayApiUrl }),\n },\n {\n // Lets the iframe mint a fresh signed session id over the reverse channel,\n // which the SDK's eager key-share recovery needs.\n getSignedSessionId: () =>\n getSignedSessionId(client).then(({ signature }) => signature),\n // When the WaaS iframe's own backend call returns 401 (e.g. a forcibly\n // revoked token), the iframe notifies the host via the reverse channel\n // and this fires — log the user out. Mirrors the session-expiry\n // middleware that covers the SDK's own direct API 401s.\n onUnauthorized: () => {\n void logoutWithReason(\n { reason: 'session-refresh-unauthorized' },\n client\n ).catch((error) => {\n core.logger.error(\n 'Failed to log out after WaaS unauthorized response',\n error\n );\n });\n },\n }\n );\n};\n","import type { Chain } from '../../chain';\nimport { CHAINS_INFO_MAP } from '../../wallets/constants';\n\n/** @notInstrumented */\n// eslint-disable-next-line custom-rules/require-single-object-param\nexport const getWaasChainNameFromChain = (chain: Chain): string => {\n return CHAINS_INFO_MAP[chain].waasChainNameOverride || chain;\n};\n","import {\n type BitcoinConfig,\n type DynamicWalletClient,\n ThresholdSignatureScheme,\n WalletOperation,\n} from '@dynamic-labs-wallet/browser-wallet-client';\nimport { MFAAction, TokenScope } from '@dynamic-labs/sdk-api-core';\n\nimport { getCore } from '../../../client/core/getCore';\nimport type { DynamicClient } from '../../../client/types/DynamicClient';\nimport { InvalidParamError } from '../../../errors/InvalidParamError';\nimport { WaasOnboardingIncompleteError } from '../../../errors/WaasOnboardingIncompleteError';\nimport { getElevatedAccessToken } from '../../auth/getElevatedAccessToken';\nimport type { Chain } from '../../chain';\nimport { consumeMfaTokenIfRequiredForAction } from '../../mfa/consumeMfaTokenIfRequiredForAction';\nimport { getSignedSessionId } from '../../sessionKeys/getSignedSessionId';\nimport { isUserOnboardingComplete } from '../../user/isUserOnboardingComplete';\nimport { createWaasClient } from '../createWaasClient';\nimport { getWaasChainNameFromChain } from '../getWaasChainNameFromChain';\nimport type { WaasProvider } from '../waas.types';\n\nconst RAW_MESSAGE_MESSAGE_REQUIRED_LENGTH = 64;\n\ntype CreateWaasProviderParams = {\n chain: Chain;\n sdkClient: DynamicClient;\n};\n\n/** @notInstrumented */\nexport const createWaasProvider = ({\n sdkClient,\n chain,\n}: CreateWaasProviderParams): WaasProvider => {\n const logger = getCore(sdkClient).logger;\n\n let _waasClient: DynamicWalletClient | undefined;\n // The session the cached client was built against. A step-up reauth mints a\n // NEW session (new sessionId + token); see the rebuild guard below.\n let _waasClientSessionId: string | undefined;\n\n // because the waas client needs the authToken to be set, we can only create it\n // the first time it's needed, which is after the user has logged in\n const getWaasClient: WaasProvider['getWaasClient'] = async () => {\n // After a step-up reauthentication a new session is minted. In header auth\n // mode (native webview) the iframe has no cookie jar to fall back on, so a\n // client cached against the previous session keeps presenting the stale\n // token — its next backend call (createRooms/users) 401s and trips the\n // iframe's onUnauthorized → forced logout. Drop the cached client when the\n // session changes so it rebuilds + re-initializes with the fresh token and\n // signed session id. Key shares stay in storage (only client auth resets);\n // routine token refresh keeps the same sessionId, so it does not rebuild.\n const currentSessionId = getCore(sdkClient).state.get().user?.sessionId;\n if (_waasClient && currentSessionId !== _waasClientSessionId) {\n _waasClient = undefined;\n }\n\n if (!_waasClient) {\n // Chokepoint: don't build + initialize the iframe client until onboarding\n // is complete. The iframe's init-time room-cache pre-warm fires\n // `createRooms` using the token captured at construction — before any\n // per-operation token resync exists to correct it. Built while the token\n // is still pre-`user:basic` (MFA / KYC / recovery codes / device\n // registration pending), that pre-warm 401s and trips the iframe's\n // onUnauthorized → forced-logout. This is the single gateway to\n // createWaasClient (web and native), so it covers every WaaS caller.\n if (!isUserOnboardingComplete(sdkClient)) {\n throw new WaasOnboardingIncompleteError();\n }\n\n _waasClient = createWaasClient(\n { chainName: getWaasChainNameFromChain(chain) },\n sdkClient\n );\n _waasClientSessionId = currentSessionId;\n await _waasClient.initialize();\n }\n return _waasClient;\n };\n\n const backupKeySharesToGoogleDrive: WaasProvider['backupKeySharesToGoogleDrive'] =\n async ({ googleDriveAccessToken, password, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n return waasClient.backupKeySharesToGoogleDrive({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n googleDriveAccessToken,\n password,\n signedSessionId,\n });\n };\n\n const createWalletAccount: WaasProvider['createWalletAccount'] = async (\n args = {}\n ) => {\n logger.debug('[createWaasProvider] createWalletAccount', {\n bitcoinConfig: args.bitcoinConfig,\n thresholdSignatureScheme: args.thresholdSignatureScheme,\n });\n\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n const waasWallet = await waasClient.createWalletAccount({\n authToken: sdkClient.token ?? undefined,\n bitcoinConfig: args.bitcoinConfig as BitcoinConfig | undefined,\n password: args.password,\n signedSessionId,\n thresholdSignatureScheme:\n args.thresholdSignatureScheme ?? ThresholdSignatureScheme.TWO_OF_TWO,\n });\n\n return waasWallet;\n };\n\n const delegateKeyShares: WaasProvider['delegateKeyShares'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.delegateKeyShares({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n const exportClientKeyshares: WaasProvider['exportClientKeyshares'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n await waasClient.exportClientKeyshares({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n const exportPrivateKey: WaasProvider['exportPrivateKey'] = async ({\n container,\n displayContainer,\n walletAccount,\n password,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasExport },\n sdkClient\n );\n\n // Forward any elevated access token previously obtained via step-up\n // (e.g. requestExternalAuthElevatedToken) so the backend authorizes\n // the export under the wallet:export scope.\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletexport },\n sdkClient\n );\n\n await waasClient.exportPrivateKey({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n // Exactly one display surface is forwarded: `container` (a\n // WaasSDKContainer, e.g. a React Native visible WebView) or\n // `displayContainer` (a DOM element, web). The upstream client enforces\n // the \"exactly one\" invariant and renders the key inside the surface's\n // own sandboxed document — it never crosses back to the host.\n container,\n displayContainer,\n elevatedAccessToken,\n mfaToken,\n password,\n signedSessionId,\n });\n };\n\n const restoreUserShareForWalletAccount: WaasProvider['restoreUserShareForWalletAccount'] =\n async ({ walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n await waasClient.getWallet({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n signedSessionId,\n walletOperation: WalletOperation.SIGN_MESSAGE,\n });\n };\n\n const importPrivateKey: WaasProvider['importPrivateKey'] = async ({\n privateKey,\n thresholdSignatureScheme = ThresholdSignatureScheme.TWO_OF_TWO,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const walletClient = await getWaasClient();\n\n await walletClient.importPrivateKey({\n authToken: sdkClient.token ?? undefined,\n privateKey,\n signedSessionId,\n thresholdSignatureScheme,\n });\n };\n\n const refreshWalletAccountShares: WaasProvider['refreshWalletAccountShares'] =\n async ({ password, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const walletClient = await getWaasClient();\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasRefresh },\n sdkClient\n );\n\n return walletClient.refreshWalletAccountShares({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n mfaToken,\n password,\n signedSessionId,\n });\n };\n\n const revokeDelegation: WaasProvider['revokeDelegation'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.revokeDelegation({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n const setWaasWalletAccountPassword: WaasProvider['setWaasWalletAccountPassword'] =\n async ({ password, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n return waasClient.setPassword({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n newPassword: password,\n signedSessionId,\n });\n };\n\n const signRawMessage: WaasProvider['signRawMessage'] = async ({\n message,\n password,\n walletAccount,\n }) => {\n if (message.length !== RAW_MESSAGE_MESSAGE_REQUIRED_LENGTH) {\n throw new InvalidParamError(\n `Message must be ${RAW_MESSAGE_MESSAGE_REQUIRED_LENGTH} characters long`\n );\n }\n\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasSign },\n sdkClient\n );\n\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletsign },\n sdkClient\n );\n\n const walletClient = await getWaasClient();\n\n const signature = await walletClient.signRawMessage({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n elevatedAccessToken,\n message,\n mfaToken,\n password,\n signedSessionId,\n });\n\n return { signature };\n };\n\n const destroy: WaasProvider['destroy'] = async (args) => {\n if (!_waasClient) {\n return;\n }\n\n const waasClient = await getWaasClient();\n // When a session token expires, we preserve key shares in storage instead\n // of clearing them. Customers with short-lived sessions (minutes) were\n // hitting excessive server-side share recovery on every re-login, which\n // also forced users to re-enter their wallet password since the unlocked\n // share only lives for the duration of the session.\n //\n // This is safe because the waas-sdk separately fingerprints the user\n // (sub + environment_id) and clears all storage if a different user logs\n // in. On explicit user-initiated logout, shares are always cleared for\n // security.\n if (args?.reason !== 'token-expired') {\n await waasClient.cleanup();\n }\n _waasClient = undefined;\n };\n\n const updatePassword: WaasProvider['updatePassword'] = async ({\n walletAccount,\n currentPassword,\n newPassword,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.updatePassword({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n existingPassword: currentPassword,\n newPassword,\n signedSessionId,\n });\n };\n\n const signMessage: WaasProvider['signMessage'] = async ({\n message,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasSign },\n sdkClient\n );\n\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletsign },\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n const signature = await waasClient.signMessage({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n elevatedAccessToken,\n message,\n mfaToken,\n signedSessionId,\n });\n\n return { signature };\n };\n\n const signSerializedTransaction: WaasProvider['signSerializedTransaction'] =\n async ({ chainId, serializedTransaction, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasSign },\n sdkClient\n );\n\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletsign },\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n const signature = await waasClient.signTransaction({\n authToken: sdkClient.token ?? undefined,\n chainId,\n elevatedAccessToken,\n mfaToken,\n senderAddress: walletAccount.address,\n signedSessionId,\n transaction: serializedTransaction,\n });\n\n return { signature };\n };\n\n const getWalletRecoveryState: WaasProvider['getWalletRecoveryState'] =\n async ({ walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n return waasClient.getWalletRecoveryState({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n signedSessionId,\n });\n };\n\n const unlockWallet: WaasProvider['unlockWallet'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.unlockWallet({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n return {\n backupKeySharesToGoogleDrive,\n createWalletAccount,\n delegateKeyShares,\n destroy,\n exportClientKeyshares,\n exportPrivateKey,\n getWaasClient,\n getWalletRecoveryState,\n importPrivateKey,\n refreshWalletAccountShares,\n restoreUserShareForWalletAccount,\n revokeDelegation,\n setWaasWalletAccountPassword,\n signMessage,\n signRawMessage,\n signSerializedTransaction,\n unlockWallet,\n updatePassword,\n };\n};\n","import type { WaasSDKContainer } from '@dynamic-labs-wallet/core';\n\nimport type { DynamicClient } from '../../../client/types/DynamicClient';\nimport type { WalletAccount } from '../../wallets/walletAccount';\nimport { getWaasWalletProviderFromWalletAccount } from '../getWaasWalletProviderFromWalletAccount';\n\ntype ExportWaasPrivateKeyToContainerParams = {\n container: WaasSDKContainer;\n password?: string;\n walletAccount: WalletAccount;\n};\n\n/**\n * Exports the private key for a WaaS wallet account into a caller-provided\n * {@link WaasSDKContainer} (e.g. a visible React Native WebView) instead of a\n * DOM element.\n *\n * This is the container-based counterpart to `exportWaasPrivateKey` (which\n * injects an iframe into a DOM `displayContainer` on web). The export ceremony\n * runs — and the private key is rendered — entirely inside the container's own\n * sandboxed document; the key is never exposed to the host JS layer. The caller\n * owns the container's lifecycle and must call `container.destroy()` when the\n * display is dismissed.\n *\n * @param params.walletAccount - The WaaS wallet account to export the private key from.\n * @param params.container - The container that hosts the secure key display.\n * @param [params.password] - Optional password to decrypt the private key.\n * @param client - The Dynamic client instance. This is an internal API (exposed\n * only via `@dynamic-labs-sdk/client/waas/core`), so the client is passed\n * explicitly rather than defaulted — callers resolve it (e.g. via\n * `getDefaultClient()`) and thread it in.\n * @returns A promise that resolves when the private key export is complete.\n * @notInstrumented\n */\nexport const exportWaasPrivateKeyToContainer = async (\n { container, password, walletAccount }: ExportWaasPrivateKeyToContainerParams,\n client: DynamicClient\n) => {\n const provider = getWaasWalletProviderFromWalletAccount(\n { walletAccount },\n client\n );\n\n return provider.exportPrivateKey({\n container,\n password,\n walletAccount,\n });\n};\n","import { WalletProviderEnum } from '@dynamic-labs/sdk-api-core';\n\nimport type { DynamicClient } from '../../../client/types';\nimport { getChainFromVerifiedCredentialChain } from '../../../utils/getChainFromVerifiedCredentialChain';\nimport type { Chain } from '../../chain';\nimport { DYNAMIC_WAAS_METADATA } from '../constants';\n\ntype GetAllUserWaasAddressesForChainParams = {\n chain: Chain;\n};\n\n/** @notInstrumented */\nexport const getAllUserWaasAddressesForChain = (\n { chain }: GetAllUserWaasAddressesForChainParams,\n client: DynamicClient\n): string[] => {\n if (!client.user) {\n return [];\n }\n\n const waasWalletCredentials =\n client.user.verifiedCredentials.filter(\n (credential) =>\n credential.walletProvider === WalletProviderEnum.EmbeddedWallet &&\n credential.walletName\n ?.toLowerCase()\n .startsWith(DYNAMIC_WAAS_METADATA.normalizedWalletName) &&\n credential.address &&\n credential.chain &&\n getChainFromVerifiedCredentialChain(credential.chain) === chain\n ) ?? [];\n\n const waasAddresses: string[] = waasWalletCredentials.map(\n // casting because we're already filtering out credentials without an address\n (credential) => credential.address as string\n );\n\n return waasAddresses;\n};\n","import { assertPackageVersion } from '@dynamic-labs-sdk/assert-package-version';\n\nimport {\n name as packageName,\n version as packageVersion,\n} from '../../package.json';\nassertPackageVersion(packageName, packageVersion);\n\nexport type {\n BitcoinNetwork,\n DynamicWalletClient,\n ThresholdSignatureScheme\n} from '@dynamic-labs-wallet/browser-wallet-client';\nexport type { WaasSDKContainer } from '@dynamic-labs-wallet/core';\nexport { DYNAMIC_WAAS_METADATA } from '../modules/waas/constants';\nexport { createWaasClient } from '../modules/waas/createWaasClient';\nexport { createWaasProvider } from '../modules/waas/createWaasProvider';\nexport { exportWaasPrivateKeyToContainer } from '../modules/waas/exportWaasPrivateKeyToContainer';\nexport { getAllUserWaasAddressesForChain } from '../modules/waas/getAllUserWaasAddressesForChain';\nexport { getWaasChainNameFromChain } from '../modules/waas/getWaasChainNameFromChain';\nexport { preconnectWaasIframe } from '../modules/waas/preconnectWaasIframe';\nexport type {\n WaasProvider,\n WaasWalletProvider\n} from '../modules/waas/waas.types';\n\n"],"mappings":";;;;;;;;;;;;AAeA,MAAaA,oBAAsC,EAAE,aAAa,WAAW;CAC3E,MAAM,OAAO,QAAQ,OAAO;CAE5B,MAAM,2BAA2B,KAAK,MAAM;CAE5C,MAAM,iCACJ,OAAO,iBAAiB,IAAI,MAAM;AAEpC,QAAO,IAAI,oBACT;EACE,UAAW,gBAAgB,OAAO,GAAG,WAAW;EAChD,WAAW,OAAO,SAAS;EAC3B,aAAa,KAAK,cAAc,2BAA2B,QACzD,WACA,GACD;EACD,oBACE,OAAO,iBAAiB,IAAI,MAAM,YAClC;EACF;EAGA,yBAAyB;EACzB,eAAe,KAAK;EACpB,YAAY,GAAG,gBAAgB,GAAG,KAAK;EACvC,GAAI,4BAA4B,SAC5B,EAAE,GACF,EAAE,0BAA0B;EAChC,GAAI,kCAAkC,SAClC,EAAE,GACF,EAAE,gCAAgC;EACvC,EACD;EAGE,0BACE,mBAAmB,OAAO,CAAC,MAAM,EAAE,gBAAgB,UAAU;EAK/D,sBAAsB;AACpB,GAAKC,2BACH,EAAE,QAAQ,gCAAgC,EAC1C,OACD,CAAC,OAAO,UAAU;AACjB,SAAK,OAAO,MACV,sDACA,MACD;KACD;;EAEL,CACF;;;;;;AC/DH,MAAa,6BAA6B,UAAyB;AACjE,QAAO,gBAAgB,OAAO,yBAAyB;;;;;ACezD,MAAM,sCAAsC;;AAQ5C,MAAa,sBAAsB,EACjC,WACA,YAC4C;CAC5C,MAAM,SAAS,QAAQ,UAAU,CAAC;CAElC,IAAIC;CAGJ,IAAIC;CAIJ,MAAMC,gBAA+C,YAAY;EAS/D,MAAM,mBAAmB,QAAQ,UAAU,CAAC,MAAM,KAAK,CAAC,MAAM;AAC9D,MAAI,eAAe,qBAAqB,qBACtC,eAAc;AAGhB,MAAI,CAAC,aAAa;AAShB,OAAI,CAAC,yBAAyB,UAAU,CACtC,OAAM,IAAI,+BAA+B;AAG3C,iBAAc,iBACZ,EAAE,WAAW,0BAA0B,MAAM,EAAE,EAC/C,UACD;AACD,0BAAuB;AACvB,SAAM,YAAY,YAAY;;AAEhC,SAAO;;CAGT,MAAMC,+BACJ,OAAO,EAAE,wBAAwB,UAAU,oBAAoB;EAC7D,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;AAID,UAFmB,MAAM,eAAe,EAEtB,6BAA6B;GAC7C,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACD,CAAC;;CAGN,MAAMC,sBAA2D,OAC/D,OAAO,EAAE,KACN;AACH,SAAO,MAAM,4CAA4C;GACvD,eAAe,KAAK;GACpB,0BAA0B,KAAK;GAChC,CAAC;EAEF,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAa1E,SATmB,OAFA,MAAM,eAAe,EAEJ,oBAAoB;GACtD,WAAW,UAAU,SAAS;GAC9B,eAAe,KAAK;GACpB,UAAU,KAAK;GACf;GACA,0BACE,KAAK,4BAA4B,yBAAyB;GAC7D,CAAC;;CAKJ,MAAMC,oBAAuD,OAAO,EAClE,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,kBAAkB;GAClC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;CAGJ,MAAMC,wBAA+D,OAAO,EAC1E,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,SAFmB,MAAM,eAAe,EAEvB,sBAAsB;GACrC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;CAGJ,MAAMC,mBAAqD,OAAO,EAChE,WACA,kBACA,eACA,eACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;EAE1E,MAAM,aAAa,MAAM,eAAe;EAExC,MAAM,WAAW,MAAM,mCACrB,EAAE,WAAW,UAAU,kBAAkB,EACzC,UACD;EAKD,MAAM,sBAAsB,uBAC1B,EAAE,OAAO,WAAW,cAAc,EAClC,UACD;AAED,QAAM,WAAW,iBAAiB;GAChC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAM9B;GACA;GACA;GACA;GACA;GACA;GACD,CAAC;;CAGJ,MAAMC,mCACJ,OAAO,EAAE,oBAAoB;EAC3B,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;AAID,SAFmB,MAAM,eAAe,EAEvB,UAAU;GACzB,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA,iBAAiB,gBAAgB;GAClC,CAAC;;CAGN,MAAMC,mBAAqD,OAAO,EAChE,YACA,2BAA2B,yBAAyB,iBAChD;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,SAFqB,MAAM,eAAe,EAEvB,iBAAiB;GAClC,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACD,CAAC;;CAGJ,MAAMC,6BACJ,OAAO,EAAE,UAAU,oBAAoB;EACrC,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;EAED,MAAM,eAAe,MAAM,eAAe;EAE1C,MAAM,WAAW,MAAM,mCACrB,EAAE,WAAW,UAAU,mBAAmB,EAC1C,UACD;AAED,SAAO,aAAa,2BAA2B;GAC7C,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACD,CAAC;;CAGN,MAAMC,mBAAqD,OAAO,EAChE,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,iBAAiB;GACjC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;CAGJ,MAAMC,+BACJ,OAAO,EAAE,UAAU,oBAAoB;EACrC,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;AAID,UAFmB,MAAM,eAAe,EAEtB,YAAY;GAC5B,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B,aAAa;GACb;GACD,CAAC;;CAGN,MAAMC,iBAAiD,OAAO,EAC5D,SACA,UACA,oBACI;AACJ,MAAI,QAAQ,WAAW,oCACrB,OAAM,IAAI,kBACR,mBAAmB,oCAAoC,kBACxD;EAGH,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;EAE1E,MAAM,WAAW,MAAM,mCACrB,EAAE,WAAW,UAAU,gBAAgB,EACvC,UACD;EAED,MAAM,sBAAsB,uBAC1B,EAAE,OAAO,WAAW,YAAY,EAChC,UACD;AAcD,SAAO,EAAE,WAVS,OAFG,MAAM,eAAe,EAEL,eAAe;GAClD,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACA;GACA;GACD,CAAC,EAEkB;;CAGtB,MAAMC,UAAmC,OAAO,SAAS;AACvD,MAAI,CAAC,YACH;EAGF,MAAM,aAAa,MAAM,eAAe;AAWxC,MAAI,MAAM,WAAW,gBACnB,OAAM,WAAW,SAAS;AAE5B,gBAAc;;CAGhB,MAAMC,iBAAiD,OAAO,EAC5D,eACA,iBACA,kBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,eAAe;GAC/B,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B,kBAAkB;GAClB;GACA;GACD,CAAC;;CAGJ,MAAMC,cAA2C,OAAO,EACtD,SACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;EAE1E,MAAM,WAAW,MAAM,mCACrB,EAAE,WAAW,UAAU,gBAAgB,EACvC,UACD;EAED,MAAM,sBAAsB,uBAC1B,EAAE,OAAO,WAAW,YAAY,EAChC,UACD;AAaD,SAAO,EAAE,WATS,OAFC,MAAM,eAAe,EAEL,YAAY;GAC7C,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACA;GACD,CAAC,EAEkB;;CAGtB,MAAMC,4BACJ,OAAO,EAAE,SAAS,uBAAuB,oBAAoB;EAC3D,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;EAED,MAAM,WAAW,MAAM,mCACrB,EAAE,WAAW,UAAU,gBAAgB,EACvC,UACD;EAED,MAAM,sBAAsB,uBAC1B,EAAE,OAAO,WAAW,YAAY,EAChC,UACD;AAcD,SAAO,EAAE,WAVS,OAFC,MAAM,eAAe,EAEL,gBAAgB;GACjD,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACA,eAAe,cAAc;GAC7B;GACA,aAAa;GACd,CAAC,EAEkB;;CAGxB,MAAMC,yBACJ,OAAO,EAAE,oBAAoB;EAC3B,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;AAID,UAFmB,MAAM,eAAe,EAEtB,uBAAuB;GACvC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACD,CAAC;;CAGN,MAAMC,eAA6C,OAAO,EACxD,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,aAAa;GAC7B,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;AAGJ,QAAO;EACL;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACD;;;;;;;;;;;;;;;;;;;;;;;;;;;ACjbH,MAAa,kCAAkC,OAC7C,EAAE,WAAW,UAAU,iBACvB,WACG;AAMH,QALiB,uCACf,EAAE,eAAe,EACjB,OACD,CAEe,iBAAiB;EAC/B;EACA;EACA;EACD,CAAC;;;;;;ACnCJ,MAAa,mCACX,EAAE,SACF,WACa;AACb,KAAI,CAAC,OAAO,KACV,QAAO,EAAE;AAoBX,SAhBE,OAAO,KAAK,oBAAoB,QAC7B,eACC,WAAW,mBAAmB,mBAAmB,kBACjD,WAAW,YACP,aAAa,CACd,WAAW,sBAAsB,qBAAqB,IACzD,WAAW,WACX,WAAW,SACX,oCAAoC,WAAW,MAAM,KAAK,MAC7D,IAAI,EAAE,EAE6C,KAEnD,eAAe,WAAW,QAC5B;;;;;AC7BH,qBAAqBC,MAAaC,QAAe"}
1
+ {"version":3,"file":"waasCore.esm.js","names":["createWaasClient: CreateWaasClient","logoutWithReason","_waasClient: DynamicWalletClient | undefined","_waasClientSessionId: string | undefined","getWaasClient: WaasProvider['getWaasClient']","backupKeySharesToGoogleDrive: WaasProvider['backupKeySharesToGoogleDrive']","createWalletAccount: WaasProvider['createWalletAccount']","delegateKeyShares: WaasProvider['delegateKeyShares']","exportClientKeyshares: WaasProvider['exportClientKeyshares']","exportPrivateKey: WaasProvider['exportPrivateKey']","restoreUserShareForWalletAccount: WaasProvider['restoreUserShareForWalletAccount']","importPrivateKey: WaasProvider['importPrivateKey']","migrateFromFireblocks: WaasProvider['migrateFromFireblocks']","refreshWalletAccountShares: WaasProvider['refreshWalletAccountShares']","revokeDelegation: WaasProvider['revokeDelegation']","setWaasWalletAccountPassword: WaasProvider['setWaasWalletAccountPassword']","signRawMessage: WaasProvider['signRawMessage']","destroy: WaasProvider['destroy']","updatePassword: WaasProvider['updatePassword']","signMessage: WaasProvider['signMessage']","signSerializedTransaction: WaasProvider['signSerializedTransaction']","getWalletRecoveryState: WaasProvider['getWalletRecoveryState']","unlockWallet: WaasProvider['unlockWallet']","packageName","packageVersion"],"sources":["../src/modules/waas/createWaasClient/createWaasClient.ts","../src/modules/waas/getWaasChainNameFromChain/getWaasChainNameFromChain.ts","../src/modules/waas/createWaasProvider/createWaasProvider.ts","../src/modules/waas/exportWaasPrivateKeyToContainer/exportWaasPrivateKeyToContainer.ts","../src/modules/waas/getAllUserWaasAddressesForChain/getAllUserWaasAddressesForChain.ts","../src/exports/waasCore.ts"],"sourcesContent":["import type { AuthMode } from '@dynamic-labs-wallet/browser-wallet-client';\nimport { DynamicWalletClient } from '@dynamic-labs-wallet/browser-wallet-client';\n\nimport { getCore } from '../../../client/core/getCore';\nimport { CLIENT_SDK_NAME } from '../../apiClient/constants';\nimport { logoutWithReason } from '../../auth/logoutWithReason';\nimport { isCookieEnabled } from '../../projectSettings/isCookieEnabled';\nimport { getSignedSessionId } from '../../sessionKeys/getSignedSessionId';\nimport type { CreateWaasClient } from './createWaasClient.types';\nimport {\n DEFAULT_WAAS_BASE_API_URL,\n DEFAULT_WAAS_BASE_MPC_RELAY_API_URL,\n} from '../constants';\n\n/** @notInstrumented */\nexport const createWaasClient: CreateWaasClient = ({ chainName }, client) => {\n const core = getCore(client);\n\n const additionalTrustedOrigins = core.waas?.additionalTrustedOrigins;\n\n const baseClientKeysharesRelayApiUrl =\n client.projectSettings?.sdk.waas?.customKeyshareRelayBaseUrl;\n\n return new DynamicWalletClient(\n {\n authMode: (isCookieEnabled(client) ? 'cookie' : 'header') as AuthMode,\n authToken: client.token || '',\n baseApiUrl: (core.apiBaseUrl || DEFAULT_WAAS_BASE_API_URL).replace(\n '/api/v0',\n ''\n ),\n baseMPCRelayApiUrl:\n client.projectSettings?.sdk.waas?.relayUrl ||\n DEFAULT_WAAS_BASE_MPC_RELAY_API_URL,\n chainName,\n // Opt into the SDK self-driving eager key-share recovery on auth-token\n // arrival, so the client no longer restores shares itself on login.\n eagerlyRecoverKeyShares: true,\n environmentId: core.environmentId,\n sdkVersion: `${CLIENT_SDK_NAME}/${core.version}`,\n ...(additionalTrustedOrigins == undefined\n ? {}\n : { additionalTrustedOrigins }),\n ...(baseClientKeysharesRelayApiUrl == undefined\n ? {}\n : { baseClientKeysharesRelayApiUrl }),\n },\n {\n // Lets the iframe mint a fresh signed session id over the reverse channel,\n // which the SDK's eager key-share recovery needs.\n getSignedSessionId: () =>\n getSignedSessionId(client).then(({ signature }) => signature),\n // When the WaaS iframe's own backend call returns 401 (e.g. a forcibly\n // revoked token), the iframe notifies the host via the reverse channel\n // and this fires — log the user out. Mirrors the session-expiry\n // middleware that covers the SDK's own direct API 401s.\n onUnauthorized: () => {\n void logoutWithReason(\n { reason: 'session-refresh-unauthorized' },\n client\n ).catch((error) => {\n core.logger.error(\n 'Failed to log out after WaaS unauthorized response',\n error\n );\n });\n },\n }\n );\n};\n","import type { Chain } from '../../chain';\nimport { CHAINS_INFO_MAP } from '../../wallets/constants';\n\n/** @notInstrumented */\n// eslint-disable-next-line custom-rules/require-single-object-param\nexport const getWaasChainNameFromChain = (chain: Chain): string => {\n return CHAINS_INFO_MAP[chain].waasChainNameOverride || chain;\n};\n","import {\n type BitcoinConfig,\n type DynamicWalletClient,\n ThresholdSignatureScheme,\n WalletOperation,\n} from '@dynamic-labs-wallet/browser-wallet-client';\nimport { MFAAction, TokenScope } from '@dynamic-labs/sdk-api-core';\n\nimport { getCore } from '../../../client/core/getCore';\nimport type { DynamicClient } from '../../../client/types/DynamicClient';\nimport { InvalidParamError } from '../../../errors/InvalidParamError';\nimport { WaasOnboardingIncompleteError } from '../../../errors/WaasOnboardingIncompleteError';\nimport { getElevatedAccessToken } from '../../auth/getElevatedAccessToken';\nimport type { Chain } from '../../chain';\nimport { consumeMfaTokenIfRequiredForAction } from '../../mfa/consumeMfaTokenIfRequiredForAction';\nimport { getSignedSessionId } from '../../sessionKeys/getSignedSessionId';\nimport { isUserOnboardingComplete } from '../../user/isUserOnboardingComplete';\nimport { createWaasClient } from '../createWaasClient';\nimport { getWaasChainNameFromChain } from '../getWaasChainNameFromChain';\nimport type { WaasProvider } from '../waas.types';\n\nconst RAW_MESSAGE_MESSAGE_REQUIRED_LENGTH = 64;\n\ntype CreateWaasProviderParams = {\n chain: Chain;\n sdkClient: DynamicClient;\n};\n\n/** @notInstrumented */\nexport const createWaasProvider = ({\n sdkClient,\n chain,\n}: CreateWaasProviderParams): WaasProvider => {\n const logger = getCore(sdkClient).logger;\n\n let _waasClient: DynamicWalletClient | undefined;\n // The session the cached client was built against. A step-up reauth mints a\n // NEW session (new sessionId + token); see the rebuild guard below.\n let _waasClientSessionId: string | undefined;\n\n // because the waas client needs the authToken to be set, we can only create it\n // the first time it's needed, which is after the user has logged in\n const getWaasClient: WaasProvider['getWaasClient'] = async () => {\n // After a step-up reauthentication a new session is minted. In header auth\n // mode (native webview) the iframe has no cookie jar to fall back on, so a\n // client cached against the previous session keeps presenting the stale\n // token — its next backend call (createRooms/users) 401s and trips the\n // iframe's onUnauthorized → forced logout. Drop the cached client when the\n // session changes so it rebuilds + re-initializes with the fresh token and\n // signed session id. Key shares stay in storage (only client auth resets);\n // routine token refresh keeps the same sessionId, so it does not rebuild.\n const currentSessionId = getCore(sdkClient).state.get().user?.sessionId;\n if (_waasClient && currentSessionId !== _waasClientSessionId) {\n _waasClient = undefined;\n }\n\n if (!_waasClient) {\n // Chokepoint: don't build + initialize the iframe client until onboarding\n // is complete. The iframe's init-time room-cache pre-warm fires\n // `createRooms` using the token captured at construction — before any\n // per-operation token resync exists to correct it. Built while the token\n // is still pre-`user:basic` (MFA / KYC / recovery codes / device\n // registration pending), that pre-warm 401s and trips the iframe's\n // onUnauthorized → forced-logout. This is the single gateway to\n // createWaasClient (web and native), so it covers every WaaS caller.\n if (!isUserOnboardingComplete(sdkClient)) {\n throw new WaasOnboardingIncompleteError();\n }\n\n _waasClient = createWaasClient(\n { chainName: getWaasChainNameFromChain(chain) },\n sdkClient\n );\n _waasClientSessionId = currentSessionId;\n await _waasClient.initialize();\n }\n return _waasClient;\n };\n\n const backupKeySharesToGoogleDrive: WaasProvider['backupKeySharesToGoogleDrive'] =\n async ({ googleDriveAccessToken, password, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n return waasClient.backupKeySharesToGoogleDrive({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n googleDriveAccessToken,\n password,\n signedSessionId,\n });\n };\n\n const createWalletAccount: WaasProvider['createWalletAccount'] = async (\n args = {}\n ) => {\n logger.debug('[createWaasProvider] createWalletAccount', {\n bitcoinConfig: args.bitcoinConfig,\n thresholdSignatureScheme: args.thresholdSignatureScheme,\n });\n\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n const waasWallet = await waasClient.createWalletAccount({\n authToken: sdkClient.token ?? undefined,\n bitcoinConfig: args.bitcoinConfig as BitcoinConfig | undefined,\n password: args.password,\n signedSessionId,\n thresholdSignatureScheme:\n args.thresholdSignatureScheme ?? ThresholdSignatureScheme.TWO_OF_TWO,\n });\n\n return waasWallet;\n };\n\n const delegateKeyShares: WaasProvider['delegateKeyShares'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.delegateKeyShares({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n const exportClientKeyshares: WaasProvider['exportClientKeyshares'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n await waasClient.exportClientKeyshares({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n const exportPrivateKey: WaasProvider['exportPrivateKey'] = async ({\n container,\n displayContainer,\n walletAccount,\n password,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasExport },\n sdkClient\n );\n\n // Forward any elevated access token previously obtained via step-up\n // (e.g. requestExternalAuthElevatedToken) so the backend authorizes\n // the export under the wallet:export scope.\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletexport },\n sdkClient\n );\n\n await waasClient.exportPrivateKey({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n // Exactly one display surface is forwarded: `container` (a\n // WaasSDKContainer, e.g. a React Native visible WebView) or\n // `displayContainer` (a DOM element, web). The upstream client enforces\n // the \"exactly one\" invariant and renders the key inside the surface's\n // own sandboxed document — it never crosses back to the host.\n container,\n displayContainer,\n elevatedAccessToken,\n mfaToken,\n password,\n signedSessionId,\n });\n };\n\n const restoreUserShareForWalletAccount: WaasProvider['restoreUserShareForWalletAccount'] =\n async ({ walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n await waasClient.getWallet({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n signedSessionId,\n walletOperation: WalletOperation.SIGN_MESSAGE,\n });\n };\n\n const importPrivateKey: WaasProvider['importPrivateKey'] = async ({\n privateKey,\n thresholdSignatureScheme = ThresholdSignatureScheme.TWO_OF_TWO,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const walletClient = await getWaasClient();\n\n await walletClient.importPrivateKey({\n authToken: sdkClient.token ?? undefined,\n privateKey,\n signedSessionId,\n thresholdSignatureScheme,\n });\n };\n\n const migrateFromFireblocks: WaasProvider['migrateFromFireblocks'] = async ({\n coinTypes,\n deviceId,\n expectedAddresses,\n jwt,\n password,\n storage,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const walletClient = await getWaasClient();\n\n return walletClient.migrateFromFireblocks({\n authToken: sdkClient.token ?? undefined,\n fireblocks: {\n deviceId,\n expectedAddresses,\n jwt,\n ncwStorage: storage,\n walletPassword: password,\n ...(coinTypes ? { coinTypes } : {}),\n },\n signedSessionId,\n });\n };\n\n const refreshWalletAccountShares: WaasProvider['refreshWalletAccountShares'] =\n async ({ password, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const walletClient = await getWaasClient();\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasRefresh },\n sdkClient\n );\n\n return walletClient.refreshWalletAccountShares({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n mfaToken,\n password,\n signedSessionId,\n });\n };\n\n const revokeDelegation: WaasProvider['revokeDelegation'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.revokeDelegation({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n const setWaasWalletAccountPassword: WaasProvider['setWaasWalletAccountPassword'] =\n async ({ password, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n return waasClient.setPassword({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n newPassword: password,\n signedSessionId,\n });\n };\n\n const signRawMessage: WaasProvider['signRawMessage'] = async ({\n message,\n password,\n walletAccount,\n }) => {\n if (message.length !== RAW_MESSAGE_MESSAGE_REQUIRED_LENGTH) {\n throw new InvalidParamError(\n `Message must be ${RAW_MESSAGE_MESSAGE_REQUIRED_LENGTH} characters long`\n );\n }\n\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasSign },\n sdkClient\n );\n\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletsign },\n sdkClient\n );\n\n const walletClient = await getWaasClient();\n\n const signature = await walletClient.signRawMessage({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n elevatedAccessToken,\n message,\n mfaToken,\n password,\n signedSessionId,\n });\n\n return { signature };\n };\n\n const destroy: WaasProvider['destroy'] = async (args) => {\n if (!_waasClient) {\n return;\n }\n\n const waasClient = await getWaasClient();\n // When a session token expires, we preserve key shares in storage instead\n // of clearing them. Customers with short-lived sessions (minutes) were\n // hitting excessive server-side share recovery on every re-login, which\n // also forced users to re-enter their wallet password since the unlocked\n // share only lives for the duration of the session.\n //\n // This is safe because the waas-sdk separately fingerprints the user\n // (sub + environment_id) and clears all storage if a different user logs\n // in. On explicit user-initiated logout, shares are always cleared for\n // security.\n if (args?.reason !== 'token-expired') {\n await waasClient.cleanup();\n }\n _waasClient = undefined;\n };\n\n const updatePassword: WaasProvider['updatePassword'] = async ({\n walletAccount,\n currentPassword,\n newPassword,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.updatePassword({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n existingPassword: currentPassword,\n newPassword,\n signedSessionId,\n });\n };\n\n const signMessage: WaasProvider['signMessage'] = async ({\n message,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasSign },\n sdkClient\n );\n\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletsign },\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n const signature = await waasClient.signMessage({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n elevatedAccessToken,\n message,\n mfaToken,\n signedSessionId,\n });\n\n return { signature };\n };\n\n const signSerializedTransaction: WaasProvider['signSerializedTransaction'] =\n async ({ chainId, serializedTransaction, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasSign },\n sdkClient\n );\n\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletsign },\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n const signature = await waasClient.signTransaction({\n authToken: sdkClient.token ?? undefined,\n chainId,\n elevatedAccessToken,\n mfaToken,\n senderAddress: walletAccount.address,\n signedSessionId,\n transaction: serializedTransaction,\n });\n\n return { signature };\n };\n\n const getWalletRecoveryState: WaasProvider['getWalletRecoveryState'] =\n async ({ walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n return waasClient.getWalletRecoveryState({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n signedSessionId,\n });\n };\n\n const unlockWallet: WaasProvider['unlockWallet'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.unlockWallet({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n return {\n backupKeySharesToGoogleDrive,\n createWalletAccount,\n delegateKeyShares,\n destroy,\n exportClientKeyshares,\n exportPrivateKey,\n getWaasClient,\n getWalletRecoveryState,\n importPrivateKey,\n migrateFromFireblocks,\n refreshWalletAccountShares,\n restoreUserShareForWalletAccount,\n revokeDelegation,\n setWaasWalletAccountPassword,\n signMessage,\n signRawMessage,\n signSerializedTransaction,\n unlockWallet,\n updatePassword,\n };\n};\n","import type { WaasSDKContainer } from '@dynamic-labs-wallet/core';\n\nimport type { DynamicClient } from '../../../client/types/DynamicClient';\nimport type { WalletAccount } from '../../wallets/walletAccount';\nimport { getWaasWalletProviderFromWalletAccount } from '../getWaasWalletProviderFromWalletAccount';\n\ntype ExportWaasPrivateKeyToContainerParams = {\n container: WaasSDKContainer;\n password?: string;\n walletAccount: WalletAccount;\n};\n\n/**\n * Exports the private key for a WaaS wallet account into a caller-provided\n * {@link WaasSDKContainer} (e.g. a visible React Native WebView) instead of a\n * DOM element.\n *\n * This is the container-based counterpart to `exportWaasPrivateKey` (which\n * injects an iframe into a DOM `displayContainer` on web). The export ceremony\n * runs — and the private key is rendered — entirely inside the container's own\n * sandboxed document; the key is never exposed to the host JS layer. The caller\n * owns the container's lifecycle and must call `container.destroy()` when the\n * display is dismissed.\n *\n * @param params.walletAccount - The WaaS wallet account to export the private key from.\n * @param params.container - The container that hosts the secure key display.\n * @param [params.password] - Optional password to decrypt the private key.\n * @param client - The Dynamic client instance. This is an internal API (exposed\n * only via `@dynamic-labs-sdk/client/waas/core`), so the client is passed\n * explicitly rather than defaulted — callers resolve it (e.g. via\n * `getDefaultClient()`) and thread it in.\n * @returns A promise that resolves when the private key export is complete.\n * @notInstrumented\n */\nexport const exportWaasPrivateKeyToContainer = async (\n { container, password, walletAccount }: ExportWaasPrivateKeyToContainerParams,\n client: DynamicClient\n) => {\n const provider = getWaasWalletProviderFromWalletAccount(\n { walletAccount },\n client\n );\n\n return provider.exportPrivateKey({\n container,\n password,\n walletAccount,\n });\n};\n","import { WalletProviderEnum } from '@dynamic-labs/sdk-api-core';\n\nimport type { DynamicClient } from '../../../client/types';\nimport { getChainFromVerifiedCredentialChain } from '../../../utils/getChainFromVerifiedCredentialChain';\nimport type { Chain } from '../../chain';\nimport { DYNAMIC_WAAS_METADATA } from '../constants';\n\ntype GetAllUserWaasAddressesForChainParams = {\n chain: Chain;\n};\n\n/** @notInstrumented */\nexport const getAllUserWaasAddressesForChain = (\n { chain }: GetAllUserWaasAddressesForChainParams,\n client: DynamicClient\n): string[] => {\n if (!client.user) {\n return [];\n }\n\n const waasWalletCredentials =\n client.user.verifiedCredentials.filter(\n (credential) =>\n credential.walletProvider === WalletProviderEnum.EmbeddedWallet &&\n credential.walletName\n ?.toLowerCase()\n .startsWith(DYNAMIC_WAAS_METADATA.normalizedWalletName) &&\n credential.address &&\n credential.chain &&\n getChainFromVerifiedCredentialChain(credential.chain) === chain\n ) ?? [];\n\n const waasAddresses: string[] = waasWalletCredentials.map(\n // casting because we're already filtering out credentials without an address\n (credential) => credential.address as string\n );\n\n return waasAddresses;\n};\n","import { assertPackageVersion } from '@dynamic-labs-sdk/assert-package-version';\n\nimport {\n name as packageName,\n version as packageVersion,\n} from '../../package.json';\nassertPackageVersion(packageName, packageVersion);\n\nexport type {\n BitcoinNetwork,\n DynamicWalletClient,\n MigrateFromFireblocksResponse,\n ThresholdSignatureScheme,\n} from '@dynamic-labs-wallet/browser-wallet-client';\nexport type { WaasSDKContainer } from '@dynamic-labs-wallet/core';\nexport { DYNAMIC_WAAS_METADATA } from '../modules/waas/constants';\nexport { createWaasClient } from '../modules/waas/createWaasClient';\nexport { createWaasProvider } from '../modules/waas/createWaasProvider';\nexport { exportWaasPrivateKeyToContainer } from '../modules/waas/exportWaasPrivateKeyToContainer';\nexport { getAllUserWaasAddressesForChain } from '../modules/waas/getAllUserWaasAddressesForChain';\nexport { getWaasChainNameFromChain } from '../modules/waas/getWaasChainNameFromChain';\nexport { migrateFromFireblocks } from '../modules/waas/migrateFromFireblocks';\nexport { preconnectWaasIframe } from '../modules/waas/preconnectWaasIframe';\nexport type {\n WaasProvider,\n WaasWalletProvider,\n} from '../modules/waas/waas.types';\n"],"mappings":";;;;;;;;;;;;AAeA,MAAaA,oBAAsC,EAAE,aAAa,WAAW;CAC3E,MAAM,OAAO,QAAQ,OAAO;CAE5B,MAAM,2BAA2B,KAAK,MAAM;CAE5C,MAAM,iCACJ,OAAO,iBAAiB,IAAI,MAAM;AAEpC,QAAO,IAAI,oBACT;EACE,UAAW,gBAAgB,OAAO,GAAG,WAAW;EAChD,WAAW,OAAO,SAAS;EAC3B,aAAa,KAAK,cAAc,2BAA2B,QACzD,WACA,GACD;EACD,oBACE,OAAO,iBAAiB,IAAI,MAAM,YAClC;EACF;EAGA,yBAAyB;EACzB,eAAe,KAAK;EACpB,YAAY,GAAG,gBAAgB,GAAG,KAAK;EACvC,GAAI,4BAA4B,SAC5B,EAAE,GACF,EAAE,0BAA0B;EAChC,GAAI,kCAAkC,SAClC,EAAE,GACF,EAAE,gCAAgC;EACvC,EACD;EAGE,0BACE,mBAAmB,OAAO,CAAC,MAAM,EAAE,gBAAgB,UAAU;EAK/D,sBAAsB;AACpB,GAAKC,2BACH,EAAE,QAAQ,gCAAgC,EAC1C,OACD,CAAC,OAAO,UAAU;AACjB,SAAK,OAAO,MACV,sDACA,MACD;KACD;;EAEL,CACF;;;;;;AC/DH,MAAa,6BAA6B,UAAyB;AACjE,QAAO,gBAAgB,OAAO,yBAAyB;;;;;ACezD,MAAM,sCAAsC;;AAQ5C,MAAa,sBAAsB,EACjC,WACA,YAC4C;CAC5C,MAAM,SAAS,QAAQ,UAAU,CAAC;CAElC,IAAIC;CAGJ,IAAIC;CAIJ,MAAMC,gBAA+C,YAAY;EAS/D,MAAM,mBAAmB,QAAQ,UAAU,CAAC,MAAM,KAAK,CAAC,MAAM;AAC9D,MAAI,eAAe,qBAAqB,qBACtC,eAAc;AAGhB,MAAI,CAAC,aAAa;AAShB,OAAI,CAAC,yBAAyB,UAAU,CACtC,OAAM,IAAI,+BAA+B;AAG3C,iBAAc,iBACZ,EAAE,WAAW,0BAA0B,MAAM,EAAE,EAC/C,UACD;AACD,0BAAuB;AACvB,SAAM,YAAY,YAAY;;AAEhC,SAAO;;CAGT,MAAMC,+BACJ,OAAO,EAAE,wBAAwB,UAAU,oBAAoB;EAC7D,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;AAID,UAFmB,MAAM,eAAe,EAEtB,6BAA6B;GAC7C,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACD,CAAC;;CAGN,MAAMC,sBAA2D,OAC/D,OAAO,EAAE,KACN;AACH,SAAO,MAAM,4CAA4C;GACvD,eAAe,KAAK;GACpB,0BAA0B,KAAK;GAChC,CAAC;EAEF,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAa1E,SATmB,OAFA,MAAM,eAAe,EAEJ,oBAAoB;GACtD,WAAW,UAAU,SAAS;GAC9B,eAAe,KAAK;GACpB,UAAU,KAAK;GACf;GACA,0BACE,KAAK,4BAA4B,yBAAyB;GAC7D,CAAC;;CAKJ,MAAMC,oBAAuD,OAAO,EAClE,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,kBAAkB;GAClC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;CAGJ,MAAMC,wBAA+D,OAAO,EAC1E,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,SAFmB,MAAM,eAAe,EAEvB,sBAAsB;GACrC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;CAGJ,MAAMC,mBAAqD,OAAO,EAChE,WACA,kBACA,eACA,eACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;EAE1E,MAAM,aAAa,MAAM,eAAe;EAExC,MAAM,WAAW,MAAM,mCACrB,EAAE,WAAW,UAAU,kBAAkB,EACzC,UACD;EAKD,MAAM,sBAAsB,uBAC1B,EAAE,OAAO,WAAW,cAAc,EAClC,UACD;AAED,QAAM,WAAW,iBAAiB;GAChC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAM9B;GACA;GACA;GACA;GACA;GACA;GACD,CAAC;;CAGJ,MAAMC,mCACJ,OAAO,EAAE,oBAAoB;EAC3B,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;AAID,SAFmB,MAAM,eAAe,EAEvB,UAAU;GACzB,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA,iBAAiB,gBAAgB;GAClC,CAAC;;CAGN,MAAMC,mBAAqD,OAAO,EAChE,YACA,2BAA2B,yBAAyB,iBAChD;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,SAFqB,MAAM,eAAe,EAEvB,iBAAiB;GAClC,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACD,CAAC;;CAGJ,MAAMC,0BAA+D,OAAO,EAC1E,WACA,UACA,mBACA,KACA,UACA,cACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,UAFqB,MAAM,eAAe,EAEtB,sBAAsB;GACxC,WAAW,UAAU,SAAS;GAC9B,YAAY;IACV;IACA;IACA;IACA,YAAY;IACZ,gBAAgB;IAChB,GAAI,YAAY,EAAE,WAAW,GAAG,EAAE;IACnC;GACD;GACD,CAAC;;CAGJ,MAAMC,6BACJ,OAAO,EAAE,UAAU,oBAAoB;EACrC,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;EAED,MAAM,eAAe,MAAM,eAAe;EAE1C,MAAM,WAAW,MAAM,mCACrB,EAAE,WAAW,UAAU,mBAAmB,EAC1C,UACD;AAED,SAAO,aAAa,2BAA2B;GAC7C,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACD,CAAC;;CAGN,MAAMC,mBAAqD,OAAO,EAChE,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,iBAAiB;GACjC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;CAGJ,MAAMC,+BACJ,OAAO,EAAE,UAAU,oBAAoB;EACrC,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;AAID,UAFmB,MAAM,eAAe,EAEtB,YAAY;GAC5B,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B,aAAa;GACb;GACD,CAAC;;CAGN,MAAMC,iBAAiD,OAAO,EAC5D,SACA,UACA,oBACI;AACJ,MAAI,QAAQ,WAAW,oCACrB,OAAM,IAAI,kBACR,mBAAmB,oCAAoC,kBACxD;EAGH,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;EAE1E,MAAM,WAAW,MAAM,mCACrB,EAAE,WAAW,UAAU,gBAAgB,EACvC,UACD;EAED,MAAM,sBAAsB,uBAC1B,EAAE,OAAO,WAAW,YAAY,EAChC,UACD;AAcD,SAAO,EAAE,WAVS,OAFG,MAAM,eAAe,EAEL,eAAe;GAClD,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACA;GACA;GACD,CAAC,EAEkB;;CAGtB,MAAMC,UAAmC,OAAO,SAAS;AACvD,MAAI,CAAC,YACH;EAGF,MAAM,aAAa,MAAM,eAAe;AAWxC,MAAI,MAAM,WAAW,gBACnB,OAAM,WAAW,SAAS;AAE5B,gBAAc;;CAGhB,MAAMC,iBAAiD,OAAO,EAC5D,eACA,iBACA,kBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,eAAe;GAC/B,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B,kBAAkB;GAClB;GACA;GACD,CAAC;;CAGJ,MAAMC,cAA2C,OAAO,EACtD,SACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;EAE1E,MAAM,WAAW,MAAM,mCACrB,EAAE,WAAW,UAAU,gBAAgB,EACvC,UACD;EAED,MAAM,sBAAsB,uBAC1B,EAAE,OAAO,WAAW,YAAY,EAChC,UACD;AAaD,SAAO,EAAE,WATS,OAFC,MAAM,eAAe,EAEL,YAAY;GAC7C,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACA;GACD,CAAC,EAEkB;;CAGtB,MAAMC,4BACJ,OAAO,EAAE,SAAS,uBAAuB,oBAAoB;EAC3D,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;EAED,MAAM,WAAW,MAAM,mCACrB,EAAE,WAAW,UAAU,gBAAgB,EACvC,UACD;EAED,MAAM,sBAAsB,uBAC1B,EAAE,OAAO,WAAW,YAAY,EAChC,UACD;AAcD,SAAO,EAAE,WAVS,OAFC,MAAM,eAAe,EAEL,gBAAgB;GACjD,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACA,eAAe,cAAc;GAC7B;GACA,aAAa;GACd,CAAC,EAEkB;;CAGxB,MAAMC,yBACJ,OAAO,EAAE,oBAAoB;EAC3B,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;AAID,UAFmB,MAAM,eAAe,EAEtB,uBAAuB;GACvC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACD,CAAC;;CAGN,MAAMC,eAA6C,OAAO,EACxD,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,aAAa;GAC7B,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;AAGJ,QAAO;EACL;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACD;;;;;;;;;;;;;;;;;;;;;;;;;;;AC5cH,MAAa,kCAAkC,OAC7C,EAAE,WAAW,UAAU,iBACvB,WACG;AAMH,QALiB,uCACf,EAAE,eAAe,EACjB,OACD,CAEe,iBAAiB;EAC/B;EACA;EACA;EACD,CAAC;;;;;;ACnCJ,MAAa,mCACX,EAAE,SACF,WACa;AACb,KAAI,CAAC,OAAO,KACV,QAAO,EAAE;AAoBX,SAhBE,OAAO,KAAK,oBAAoB,QAC7B,eACC,WAAW,mBAAmB,mBAAmB,kBACjD,WAAW,YACP,aAAa,CACd,WAAW,sBAAsB,qBAAqB,IACzD,WAAW,WACX,WAAW,SACX,oCAAoC,WAAW,MAAM,KAAK,MAC7D,IAAI,EAAE,EAE6C,KAEnD,eAAe,WAAW,QAC5B;;;;;AC7BH,qBAAqBC,MAAaC,QAAe"}
@@ -1,9 +1,9 @@
1
- import { $ as getCore, K as CLIENT_SDK_NAME, Q as BaseError, S as CHAINS_INFO_MAP, V as isCookieEnabled, W as getElevatedAccessToken, a as DYNAMIC_WAAS_METADATA, et as name, i as DEFAULT_WAAS_BASE_MPC_RELAY_API_URL, r as DEFAULT_WAAS_BASE_API_URL, t as InvalidParamError, tt as version, x as getChainFromVerifiedCredentialChain } from "./InvalidParamError-5AXtm6Zp.native.esm.js";
2
- import { i as NativeModuleNotLinkedError } from "./isMfaRequiredForAction-CBW-d9C6.native.esm.js";
3
- import "./isDynamicWaasEnabled-Djp4QuBw.native.esm.js";
4
- import { a as WaasOnboardingIncompleteError, i as preconnectWaasIframe, t as isUserOnboardingComplete } from "./isUserOnboardingComplete-m6E6GbB0.native.esm.js";
5
- import { n as consumeMfaTokenIfRequiredForAction, t as getSignedSessionId } from "./getSignedSessionId-Dh4Df1mY.native.esm.js";
6
- import { t as getWaasWalletProviderFromWalletAccount } from "./getWaasWalletProviderFromWalletAccount-Ca0SiNEz.native.esm.js";
1
+ import { F as CHAINS_INFO_MAP, P as getChainFromVerifiedCredentialChain, _t as getCore, at as isCookieEnabled, ct as getElevatedAccessToken, d as DYNAMIC_WAAS_METADATA, gt as BaseError, i as InvalidParamError, l as DEFAULT_WAAS_BASE_API_URL, u as DEFAULT_WAAS_BASE_MPC_RELAY_API_URL, ut as CLIENT_SDK_NAME, vt as name, yt as version } from "./updateAuthFromVerifyResponse-D1w-Aw9P.native.esm.js";
2
+ import "./isDynamicWaasEnabled-BXe0VyI4.native.esm.js";
3
+ import { i as NativeModuleNotLinkedError } from "./isMfaRequiredForAction-Demz9zlH.native.esm.js";
4
+ import { a as WaasOnboardingIncompleteError, i as preconnectWaasIframe, t as isUserOnboardingComplete } from "./isUserOnboardingComplete-Cr-YTpcU.native.esm.js";
5
+ import { n as consumeMfaTokenIfRequiredForAction, t as getSignedSessionId } from "./getSignedSessionId-Cl3PEqa8.native.esm.js";
6
+ import { n as getWaasWalletProviderFromWalletAccount, t as migrateFromFireblocks } from "./migrateFromFireblocks-D-J6-gRo.native.esm.js";
7
7
  import { assertPackageVersion } from "@dynamic-labs-sdk/assert-package-version";
8
8
  import { MFAAction, TokenScope, WalletProviderEnum } from "@dynamic-labs/sdk-api-core";
9
9
  import { ACCESSIBLE, getGenericPassword, resetGenericPassword, setGenericPassword } from "react-native-keychain";
@@ -355,6 +355,21 @@ const createWaasProvider = ({ sdkClient, chain }) => {
355
355
  thresholdSignatureScheme
356
356
  });
357
357
  };
358
+ const migrateFromFireblocks$1 = async ({ coinTypes, deviceId, expectedAddresses, jwt, password, storage }) => {
359
+ const { signature: signedSessionId } = await getSignedSessionId(sdkClient);
360
+ return (await getWaasClient()).migrateFromFireblocks({
361
+ authToken: sdkClient.token ?? void 0,
362
+ fireblocks: {
363
+ deviceId,
364
+ expectedAddresses,
365
+ jwt,
366
+ ncwStorage: storage,
367
+ walletPassword: password,
368
+ ...coinTypes ? { coinTypes } : {}
369
+ },
370
+ signedSessionId
371
+ });
372
+ };
358
373
  const refreshWalletAccountShares = async ({ password, walletAccount }) => {
359
374
  const { signature: signedSessionId } = await getSignedSessionId(sdkClient);
360
375
  const walletClient = await getWaasClient();
@@ -470,6 +485,7 @@ const createWaasProvider = ({ sdkClient, chain }) => {
470
485
  getWaasClient,
471
486
  getWalletRecoveryState,
472
487
  importPrivateKey,
488
+ migrateFromFireblocks: migrateFromFireblocks$1,
473
489
  refreshWalletAccountShares,
474
490
  restoreUserShareForWalletAccount,
475
491
  revokeDelegation,
@@ -527,5 +543,5 @@ const getAllUserWaasAddressesForChain = ({ chain }, client) => {
527
543
  assertPackageVersion(name, version);
528
544
 
529
545
  //#endregion
530
- export { DYNAMIC_WAAS_METADATA, createWaasClient, createWaasProvider, exportWaasPrivateKeyToContainer, getAllUserWaasAddressesForChain, getWaasChainNameFromChain, preconnectWaasIframe };
546
+ export { DYNAMIC_WAAS_METADATA, createWaasClient, createWaasProvider, exportWaasPrivateKeyToContainer, getAllUserWaasAddressesForChain, getWaasChainNameFromChain, migrateFromFireblocks, preconnectWaasIframe };
531
547
  //# sourceMappingURL=waasCore.native.esm.js.map