@dynamic-labs-sdk/client 1.17.0 → 1.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (186) hide show
  1. package/dist/core.cjs +7 -5
  2. package/dist/core.cjs.map +1 -1
  3. package/dist/core.esm.js +8 -8
  4. package/dist/core.esm.js.map +1 -1
  5. package/dist/core.native.esm.js +8 -8
  6. package/dist/core.native.esm.js.map +1 -1
  7. package/dist/errors/DeviceRegistrationIdentityMismatchError.d.ts +5 -0
  8. package/dist/errors/DeviceRegistrationIdentityMismatchError.d.ts.map +1 -0
  9. package/dist/errors/UnsafeDeeplinkUrlError.d.ts +17 -0
  10. package/dist/errors/UnsafeDeeplinkUrlError.d.ts.map +1 -0
  11. package/dist/errors/UnsafeNavigationUrlError.d.ts +16 -0
  12. package/dist/errors/UnsafeNavigationUrlError.d.ts.map +1 -0
  13. package/dist/errors/WalletScreeningBlockedError.d.ts +14 -0
  14. package/dist/errors/WalletScreeningBlockedError.d.ts.map +1 -0
  15. package/dist/exports/core.d.ts +4 -0
  16. package/dist/exports/core.d.ts.map +1 -1
  17. package/dist/exports/index.d.ts +7 -2
  18. package/dist/exports/index.d.ts.map +1 -1
  19. package/dist/{getNetworkProviderFromNetworkId-DC1bhMuB.native.esm.js → getNetworkProviderFromNetworkId-C6DBO0OX.native.esm.js} +96 -13
  20. package/dist/getNetworkProviderFromNetworkId-C6DBO0OX.native.esm.js.map +1 -0
  21. package/dist/{getNetworkProviderFromNetworkId-BVVs3arj.esm.js → getNetworkProviderFromNetworkId-CEs4SGW4.esm.js} +105 -22
  22. package/dist/getNetworkProviderFromNetworkId-CEs4SGW4.esm.js.map +1 -0
  23. package/dist/{getNetworkProviderFromNetworkId-DzzocxRc.cjs → getNetworkProviderFromNetworkId-CMIgKqEH.cjs} +119 -18
  24. package/dist/getNetworkProviderFromNetworkId-CMIgKqEH.cjs.map +1 -0
  25. package/dist/{getSignedSessionId-Bnuz2Aqc.esm.js → getSignedSessionId-CUqILBh8.esm.js} +3 -3
  26. package/dist/{getSignedSessionId-Bnuz2Aqc.esm.js.map → getSignedSessionId-CUqILBh8.esm.js.map} +1 -1
  27. package/dist/{getSignedSessionId-Dx0qQLMP.cjs → getSignedSessionId-De_N_Ofg.cjs} +3 -3
  28. package/dist/{getSignedSessionId-Dx0qQLMP.cjs.map → getSignedSessionId-De_N_Ofg.cjs.map} +1 -1
  29. package/dist/{getSignedSessionId-Pc_5wscD.native.esm.js → getSignedSessionId-Hp1nSbaW.native.esm.js} +3 -3
  30. package/dist/{getSignedSessionId-Pc_5wscD.native.esm.js.map → getSignedSessionId-Hp1nSbaW.native.esm.js.map} +1 -1
  31. package/dist/{getWalletProviderByKey-BL3u0e-d.esm.js → getWalletProviderByKey-CKORCA8l.esm.js} +2 -2
  32. package/dist/{getWalletProviderByKey-BL3u0e-d.esm.js.map → getWalletProviderByKey-CKORCA8l.esm.js.map} +1 -1
  33. package/dist/{getWalletProviderByKey-BLWcueTR.cjs → getWalletProviderByKey-D3e0XMjs.cjs} +2 -2
  34. package/dist/{getWalletProviderByKey-BLWcueTR.cjs.map → getWalletProviderByKey-D3e0XMjs.cjs.map} +1 -1
  35. package/dist/{getWalletProviderByKey-DhqKzh7g.native.esm.js → getWalletProviderByKey-D5M801xH.native.esm.js} +2 -2
  36. package/dist/{getWalletProviderByKey-DhqKzh7g.native.esm.js.map → getWalletProviderByKey-D5M801xH.native.esm.js.map} +1 -1
  37. package/dist/index.cjs +253 -72
  38. package/dist/index.cjs.map +1 -1
  39. package/dist/index.esm.js +248 -94
  40. package/dist/index.esm.js.map +1 -1
  41. package/dist/index.native.esm.js +248 -94
  42. package/dist/index.native.esm.js.map +1 -1
  43. package/dist/{isDynamicWaasEnabled-BEn7FcD9.cjs → isDynamicWaasEnabled-BQuXZne_.cjs} +4 -6
  44. package/dist/isDynamicWaasEnabled-BQuXZne_.cjs.map +1 -0
  45. package/dist/{isDynamicWaasEnabled-DYy0TvLy.esm.js → isDynamicWaasEnabled-BaY09iv6.native.esm.js} +3 -5
  46. package/dist/isDynamicWaasEnabled-BaY09iv6.native.esm.js.map +1 -0
  47. package/dist/{isDynamicWaasEnabled-CvBaMGlR.native.esm.js → isDynamicWaasEnabled-BlVIlXMZ.esm.js} +3 -5
  48. package/dist/isDynamicWaasEnabled-BlVIlXMZ.esm.js.map +1 -0
  49. package/dist/{isMfaRequiredForAction-CJ9qbBUz.native.esm.js → isMfaRequiredForAction-CwOGwiDz.native.esm.js} +3 -5
  50. package/dist/isMfaRequiredForAction-CwOGwiDz.native.esm.js.map +1 -0
  51. package/dist/{isMfaRequiredForAction-CaNdGc-m.cjs → isMfaRequiredForAction-Dghiguch.cjs} +13 -6
  52. package/dist/isMfaRequiredForAction-Dghiguch.cjs.map +1 -0
  53. package/dist/{isMfaRequiredForAction-B7wNkqQf.esm.js → isMfaRequiredForAction-r9aDdmK5.esm.js} +13 -6
  54. package/dist/isMfaRequiredForAction-r9aDdmK5.esm.js.map +1 -0
  55. package/dist/{isUserOnboardingComplete-FRAIuxdi.native.esm.js → isUserOnboardingComplete-BMNAbXk1.esm.js} +6 -3
  56. package/dist/isUserOnboardingComplete-BMNAbXk1.esm.js.map +1 -0
  57. package/dist/{isUserOnboardingComplete-CGz-9Iyw.esm.js → isUserOnboardingComplete-C-ioFLRR.native.esm.js} +6 -3
  58. package/dist/isUserOnboardingComplete-C-ioFLRR.native.esm.js.map +1 -0
  59. package/dist/{isUserOnboardingComplete-w1IkCC_p.cjs → isUserOnboardingComplete-j4b_q9Pf.cjs} +7 -4
  60. package/dist/isUserOnboardingComplete-j4b_q9Pf.cjs.map +1 -0
  61. package/dist/{migrateFromFireblocks-DXs3odF_.esm.js → migrateFromFireblocks-D--uqWp5.esm.js} +3 -3
  62. package/dist/{migrateFromFireblocks-DXs3odF_.esm.js.map → migrateFromFireblocks-D--uqWp5.esm.js.map} +1 -1
  63. package/dist/{migrateFromFireblocks-C-IqJz3q.native.esm.js → migrateFromFireblocks-D8Y5h0hz.native.esm.js} +3 -3
  64. package/dist/{migrateFromFireblocks-C-IqJz3q.native.esm.js.map → migrateFromFireblocks-D8Y5h0hz.native.esm.js.map} +1 -1
  65. package/dist/{migrateFromFireblocks-CjQWJPZW.cjs → migrateFromFireblocks-D9pJIgt5.cjs} +3 -3
  66. package/dist/{migrateFromFireblocks-CjQWJPZW.cjs.map → migrateFromFireblocks-D9pJIgt5.cjs.map} +1 -1
  67. package/dist/modules/auth/externalAuth/requestExternalAuthElevatedToken/requestExternalAuthElevatedToken.d.ts +0 -1
  68. package/dist/modules/auth/externalAuth/requestExternalAuthElevatedToken/requestExternalAuthElevatedToken.d.ts.map +1 -1
  69. package/dist/modules/auth/externalAuth/signInWithExternalJwt/signInWithExternalJwt.d.ts +0 -1
  70. package/dist/modules/auth/externalAuth/signInWithExternalJwt/signInWithExternalJwt.d.ts.map +1 -1
  71. package/dist/modules/auth/logoutWithReason/logoutWithReason.d.ts.map +1 -1
  72. package/dist/modules/auth/passkeys/registerPasskey/registerPasskey.d.ts +0 -1
  73. package/dist/modules/auth/passkeys/registerPasskey/registerPasskey.d.ts.map +1 -1
  74. package/dist/modules/auth/passkeys/signInWithPasskey/signInWithPasskey.d.ts +0 -1
  75. package/dist/modules/auth/passkeys/signInWithPasskey/signInWithPasskey.d.ts.map +1 -1
  76. package/dist/modules/auth/social/oauth/signInWithSocialRedirect/buildOAuthUrl/getOAuthBaseUrl/getOAuthBaseUrl.d.ts.map +1 -1
  77. package/dist/modules/auth/social/oauth/unlinkSocialAccount/unlinkSocialAccount.d.ts +0 -1
  78. package/dist/modules/auth/social/oauth/unlinkSocialAccount/unlinkSocialAccount.d.ts.map +1 -1
  79. package/dist/modules/auth/updateAuthFromVerifyResponse/updateAuthFromVerifyResponse.d.ts.map +1 -1
  80. package/dist/modules/captcha/getCaptchaSettings/getCaptchaSettings.d.ts +14 -0
  81. package/dist/modules/captcha/getCaptchaSettings/getCaptchaSettings.d.ts.map +1 -0
  82. package/dist/modules/captcha/getCaptchaSettings/index.d.ts +3 -0
  83. package/dist/modules/captcha/getCaptchaSettings/index.d.ts.map +1 -0
  84. package/dist/modules/captcha/isCaptchaRequired/isCaptchaRequired.d.ts.map +1 -1
  85. package/dist/modules/captcha/setCaptchaToken/setCaptchaToken.d.ts +0 -1
  86. package/dist/modules/captcha/setCaptchaToken/setCaptchaToken.d.ts.map +1 -1
  87. package/dist/modules/deviceRegistration/completeDeviceRegistration/completeDeviceRegistration.d.ts.map +1 -1
  88. package/dist/modules/deviceRegistration/isDeviceRegistrationRequired/isDeviceRegistrationRequired.d.ts +1 -0
  89. package/dist/modules/deviceRegistration/isDeviceRegistrationRequired/isDeviceRegistrationRequired.d.ts.map +1 -1
  90. package/dist/modules/flow/attachFlowSource/attachFlowSource.d.ts.map +1 -1
  91. package/dist/modules/flow/attachFlowSource/attachFlowSource.instrumentation.d.ts +9 -0
  92. package/dist/modules/flow/attachFlowSource/attachFlowSource.instrumentation.d.ts.map +1 -0
  93. package/dist/modules/flow/broadcastFlow/broadcastFlow.instrumentation.d.ts +9 -0
  94. package/dist/modules/flow/broadcastFlow/broadcastFlow.instrumentation.d.ts.map +1 -0
  95. package/dist/modules/flow/cancelFlow/cancelFlow.instrumentation.d.ts +8 -0
  96. package/dist/modules/flow/cancelFlow/cancelFlow.instrumentation.d.ts.map +1 -0
  97. package/dist/modules/flow/prepareFlowSigning/prepareFlowSigning.instrumentation.d.ts +9 -0
  98. package/dist/modules/flow/prepareFlowSigning/prepareFlowSigning.instrumentation.d.ts.map +1 -0
  99. package/dist/modules/flow/submitFlowTransaction/submitFlowTransaction.instrumentation.d.ts +9 -0
  100. package/dist/modules/flow/submitFlowTransaction/submitFlowTransaction.instrumentation.d.ts.map +1 -0
  101. package/dist/modules/funding/moonpay/getMoonPayUrl/getMoonPayUrl.d.ts +0 -4
  102. package/dist/modules/funding/moonpay/getMoonPayUrl/getMoonPayUrl.d.ts.map +1 -1
  103. package/dist/modules/mfa/consumeMfaToken/consumeMfaToken.d.ts +0 -1
  104. package/dist/modules/mfa/consumeMfaToken/consumeMfaToken.d.ts.map +1 -1
  105. package/dist/modules/mfa/createNewMfaRecoveryCodes/createNewMfaRecoveryCodes.d.ts +0 -1
  106. package/dist/modules/mfa/createNewMfaRecoveryCodes/createNewMfaRecoveryCodes.d.ts.map +1 -1
  107. package/dist/modules/mfa/isPendingRecoveryCodesAcknowledgment/isPendingRecoveryCodesAcknowledgment.d.ts +1 -0
  108. package/dist/modules/mfa/isPendingRecoveryCodesAcknowledgment/isPendingRecoveryCodesAcknowledgment.d.ts.map +1 -1
  109. package/dist/modules/mfa/isUserMissingMfaAuth/isUserMissingMfaAuth.d.ts +1 -0
  110. package/dist/modules/mfa/isUserMissingMfaAuth/isUserMissingMfaAuth.d.ts.map +1 -1
  111. package/dist/modules/mfa/registerTotpMfaDevice/registerTotpMfaDevice.d.ts +0 -3
  112. package/dist/modules/mfa/registerTotpMfaDevice/registerTotpMfaDevice.d.ts.map +1 -1
  113. package/dist/modules/otp/sendEmailOTP/sendEmailOTP.d.ts +0 -1
  114. package/dist/modules/otp/sendEmailOTP/sendEmailOTP.d.ts.map +1 -1
  115. package/dist/modules/otp/sendSmsOTP/sendSmsOTP.d.ts +0 -1
  116. package/dist/modules/otp/sendSmsOTP/sendSmsOTP.d.ts.map +1 -1
  117. package/dist/modules/otp/verifyOTP/verifyOTP.d.ts +0 -1
  118. package/dist/modules/otp/verifyOTP/verifyOTP.d.ts.map +1 -1
  119. package/dist/modules/sessionKeys/generateSessionKeys/generateSessionKeys.d.ts.map +1 -1
  120. package/dist/modules/user/isUserOnboardingComplete/isUserOnboardingComplete.d.ts +1 -0
  121. package/dist/modules/user/isUserOnboardingComplete/isUserOnboardingComplete.d.ts.map +1 -1
  122. package/dist/modules/user/refreshAuth/refreshAuth.d.ts +0 -1
  123. package/dist/modules/user/refreshAuth/refreshAuth.d.ts.map +1 -1
  124. package/dist/modules/user/updateUser/updateUser.d.ts +0 -1
  125. package/dist/modules/user/updateUser/updateUser.d.ts.map +1 -1
  126. package/dist/modules/wallets/getWalletProviderDataByKey/getWalletProviderDataByKey.d.ts +2 -1
  127. package/dist/modules/wallets/getWalletProviderDataByKey/getWalletProviderDataByKey.d.ts.map +1 -1
  128. package/dist/modules/wallets/networks/getTransactionHistory/getTransactionHistory.d.ts +1 -1
  129. package/dist/modules/wallets/networks/getTransactionHistory/getTransactionHistory.d.ts.map +1 -1
  130. package/dist/modules/wallets/verifyMessageSignatureOwnership/verifyMessageSignatureOwnership.d.ts +2 -0
  131. package/dist/modules/wallets/verifyMessageSignatureOwnership/verifyMessageSignatureOwnership.d.ts.map +1 -1
  132. package/dist/modules/wallets/walletProviderRegistry/events.d.ts +2 -1
  133. package/dist/modules/wallets/walletProviderRegistry/events.d.ts.map +1 -1
  134. package/dist/services/instrumentation/createInstrumentation/createInstrumentation.d.ts.map +1 -1
  135. package/dist/services/instrumentation/instrumentFunction/instrumentFunction.d.ts +40 -34
  136. package/dist/services/instrumentation/instrumentFunction/instrumentFunction.d.ts.map +1 -1
  137. package/dist/services/instrumentation/instrumentation.types.d.ts +50 -19
  138. package/dist/services/instrumentation/instrumentation.types.d.ts.map +1 -1
  139. package/dist/services/keychain/createKeychainService/createKeychainService.d.ts.map +1 -1
  140. package/dist/services/navigate/createNavigationHandler/createNavigationHandler.d.ts.map +1 -1
  141. package/dist/services/openDeeplink/createWebDeeplinkOpener/createWebDeeplinkOpener.d.ts.map +1 -1
  142. package/dist/tsconfig.lib.tsbuildinfo +1 -1
  143. package/dist/{updateAuthFromVerifyResponse-BdokPJ21.esm.js → updateAuthFromVerifyResponse-BQes11vz.esm.js} +145 -145
  144. package/dist/updateAuthFromVerifyResponse-BQes11vz.esm.js.map +1 -0
  145. package/dist/{updateAuthFromVerifyResponse-CUnvs5Af.cjs → updateAuthFromVerifyResponse-Deg9em9o.cjs} +151 -145
  146. package/dist/updateAuthFromVerifyResponse-Deg9em9o.cjs.map +1 -0
  147. package/dist/{updateAuthFromVerifyResponse-DW-tPgdV.native.esm.js → updateAuthFromVerifyResponse-wVY_DoiL.native.esm.js} +145 -145
  148. package/dist/updateAuthFromVerifyResponse-wVY_DoiL.native.esm.js.map +1 -0
  149. package/dist/utils/assertSafeDeeplinkUrl/assertSafeDeeplinkUrl.d.ts +12 -0
  150. package/dist/utils/assertSafeDeeplinkUrl/assertSafeDeeplinkUrl.d.ts.map +1 -0
  151. package/dist/utils/assertSafeDeeplinkUrl/index.d.ts +2 -0
  152. package/dist/utils/assertSafeDeeplinkUrl/index.d.ts.map +1 -0
  153. package/dist/utils/assertSafeNavigationUrl/assertSafeNavigationUrl.d.ts +12 -0
  154. package/dist/utils/assertSafeNavigationUrl/assertSafeNavigationUrl.d.ts.map +1 -0
  155. package/dist/utils/assertSafeNavigationUrl/index.d.ts +2 -0
  156. package/dist/utils/assertSafeNavigationUrl/index.d.ts.map +1 -0
  157. package/dist/utils/getSecureCookieAttribute/getSecureCookieAttribute.d.ts +18 -0
  158. package/dist/utils/getSecureCookieAttribute/getSecureCookieAttribute.d.ts.map +1 -0
  159. package/dist/utils/getSecureCookieAttribute/index.d.ts +2 -0
  160. package/dist/utils/getSecureCookieAttribute/index.d.ts.map +1 -0
  161. package/dist/waas.cjs +5 -5
  162. package/dist/waas.esm.js +4 -4
  163. package/dist/waas.native.esm.js +4 -4
  164. package/dist/waasCore.cjs +6 -6
  165. package/dist/waasCore.esm.js +6 -6
  166. package/dist/waasCore.native.esm.js +6 -6
  167. package/package.json +3 -3
  168. package/dist/getNetworkProviderFromNetworkId-BVVs3arj.esm.js.map +0 -1
  169. package/dist/getNetworkProviderFromNetworkId-DC1bhMuB.native.esm.js.map +0 -1
  170. package/dist/getNetworkProviderFromNetworkId-DzzocxRc.cjs.map +0 -1
  171. package/dist/isDynamicWaasEnabled-BEn7FcD9.cjs.map +0 -1
  172. package/dist/isDynamicWaasEnabled-CvBaMGlR.native.esm.js.map +0 -1
  173. package/dist/isDynamicWaasEnabled-DYy0TvLy.esm.js.map +0 -1
  174. package/dist/isMfaRequiredForAction-B7wNkqQf.esm.js.map +0 -1
  175. package/dist/isMfaRequiredForAction-CJ9qbBUz.native.esm.js.map +0 -1
  176. package/dist/isMfaRequiredForAction-CaNdGc-m.cjs.map +0 -1
  177. package/dist/isUserOnboardingComplete-CGz-9Iyw.esm.js.map +0 -1
  178. package/dist/isUserOnboardingComplete-FRAIuxdi.native.esm.js.map +0 -1
  179. package/dist/isUserOnboardingComplete-w1IkCC_p.cjs.map +0 -1
  180. package/dist/services/instrumentation/instrumentFunction/extractParams/extractParams.d.ts +0 -28
  181. package/dist/services/instrumentation/instrumentFunction/extractParams/extractParams.d.ts.map +0 -1
  182. package/dist/services/instrumentation/instrumentFunction/scrubResolvedValue/scrubResolvedValue.d.ts +0 -15
  183. package/dist/services/instrumentation/instrumentFunction/scrubResolvedValue/scrubResolvedValue.d.ts.map +0 -1
  184. package/dist/updateAuthFromVerifyResponse-BdokPJ21.esm.js.map +0 -1
  185. package/dist/updateAuthFromVerifyResponse-CUnvs5Af.cjs.map +0 -1
  186. package/dist/updateAuthFromVerifyResponse-DW-tPgdV.native.esm.js.map +0 -1
@@ -1,9 +1,9 @@
1
- const require_isMfaRequiredForAction = require('./isMfaRequiredForAction-CaNdGc-m.cjs');
1
+ const require_isMfaRequiredForAction = require('./isMfaRequiredForAction-Dghiguch.cjs');
2
2
  let _dynamic_labs_sdk_api_core = require("@dynamic-labs/sdk-api-core");
3
3
 
4
4
  //#region package.json
5
5
  var name = "@dynamic-labs-sdk/client";
6
- var version = "1.17.0";
6
+ var version = "1.18.0";
7
7
  var dependencies = {
8
8
  "@dynamic-labs-sdk/assert-package-version": "workspace:*",
9
9
  "@dynamic-labs-wallet/browser-wallet-client": "1.0.46",
@@ -617,6 +617,28 @@ const fetchAndStoreNonces = async (client) => {
617
617
  return fetchPromise;
618
618
  };
619
619
 
620
+ //#endregion
621
+ //#region src/utils/getSecureCookieAttribute/getSecureCookieAttribute.ts
622
+ /**
623
+ * Returns the cookie `Secure` attribute suffix (`'; Secure'`) when the current
624
+ * document is running in a secure context, or an empty string otherwise.
625
+ *
626
+ * The `Secure` attribute prevents the browser from ever transmitting the cookie
627
+ * over an unencrypted `http://` connection, which mitigates cleartext token
628
+ * capture (CWE-614). It is intentionally omitted on insecure/localhost dev,
629
+ * because browsers reject `Secure` cookies set over `http://` and that would
630
+ * silently break local testing.
631
+ *
632
+ * Used when building the Dynamic auth JWT cookie string so the attribute is
633
+ * applied consistently on both the write (sign-in/refresh) and clear (logout)
634
+ * paths.
635
+ *
636
+ * @notInstrumented
637
+ */
638
+ const getSecureCookieAttribute = () => {
639
+ return Boolean(globalThis.window?.isSecureContext) || globalThis.location?.protocol === "https:" ? "; Secure" : "";
640
+ };
641
+
620
642
  //#endregion
621
643
  //#region src/utils/setCookie/setCookie.ts
622
644
  /**
@@ -1417,193 +1439,170 @@ const scrubParameters = ({ piiFields, redactAll, value }) => {
1417
1439
  });
1418
1440
  };
1419
1441
 
1420
- //#endregion
1421
- //#region src/services/instrumentation/instrumentFunction/extractParams/extractParams.ts
1422
- /**
1423
- * Normalises the raw positional arguments of an instrumented function call
1424
- * into a flat `Record<string, unknown>` suitable for structured logging.
1425
- *
1426
- * ## Why this is needed
1427
- *
1428
- * Instrumented functions are wrapped with `(...args: unknown[])`, so their
1429
- * parameters arrive as an array. Logging a raw array loses the semantic names
1430
- * of each argument. This function recovers a named representation:
1431
- *
1432
- * - **No arguments** → `{}`
1433
- * - **Single plain-object argument** → that object is returned as-is, because
1434
- * SDK functions follow the single-object-parameter convention, so the object
1435
- * already carries named keys (`{ amount, to }`, etc.).
1436
- * - **Everything else** (multiple args, a single primitive, a single array) →
1437
- * each value is indexed as `arg0`, `arg1`, …
1438
- *
1439
- * ## Why arrays are NOT treated as plain objects
1440
- *
1441
- * `typeof [] === 'object'` and `[] !== null`, so without the `Array.isArray`
1442
- * guard a single-array argument would be returned as-is. That would produce
1443
- * an object with numeric string keys (`{ '0': ..., '1': ... }`), which is
1444
- * misleading and inconsistent with how multi-arg calls are handled. Instead,
1445
- * arrays fall through to the indexed `arg0` path.
1446
- * @notInstrumented
1447
- */
1448
- const extractParams = (args) => {
1449
- if (args.length === 0) return {};
1450
- if (args.length === 1 && typeof args[0] === "object" && args[0] !== null && !Array.isArray(args[0])) return args[0];
1451
- const result = {};
1452
- for (let i = 0; i < args.length; i++) result[`arg${i}`] = args[i];
1453
- return result;
1454
- };
1455
-
1456
- //#endregion
1457
- //#region src/services/instrumentation/instrumentFunction/scrubResolvedValue/scrubResolvedValue.ts
1458
- /**
1459
- * Scrubs a resolved return value of any type before logging it.
1460
- * Routes through `scrubParameters` by wrapping the value so that strings,
1461
- * arrays, Dates, Errors, and all other types are handled identically to
1462
- * nested object fields.
1463
- * @notInstrumented
1464
- */
1465
- const scrubResolvedValue = ({ piiFields, redactAll, value }) => scrubParameters({
1466
- piiFields,
1467
- redactAll,
1468
- value: { result: value }
1469
- }).result;
1470
-
1471
1442
  //#endregion
1472
1443
  //#region src/services/instrumentation/instrumentFunction/instrumentFunction.ts
1473
- const serializeError = (error) => {
1474
- if (error instanceof Error) return {
1475
- message: error.message,
1476
- name: error.name,
1477
- stack: error.stack
1444
+ const toErrorFields = (error) => {
1445
+ if (error instanceof BaseError) return {
1446
+ errorCode: error.code,
1447
+ errorName: error.name
1478
1448
  };
1449
+ if (error instanceof Error) return { errorName: error.name };
1450
+ return { errorName: "UnknownError" };
1451
+ };
1452
+ const buildContext = (core) => {
1453
+ const state = core.state.get();
1479
1454
  return {
1480
- message: String(error),
1481
- name: "UnknownError"
1455
+ environmentId: core.environmentId,
1456
+ operatingSystem: getOperatingSystem(),
1457
+ platform: getPlatform(),
1458
+ registeredExtensionKeys: Array.from(core.extensions),
1459
+ sdkSessionId: core.sdkSessionId,
1460
+ sdkVersion: core.version,
1461
+ tokenSessionId: state.token ? extractSessionId(state.token) : null,
1462
+ userAgent: getUserAgent(),
1463
+ userId: state.user?.id ?? null
1482
1464
  };
1483
1465
  };
1484
1466
  /**
1467
+ * Runs an explicit payload selector and scrubs its output. Returns `undefined`
1468
+ * when there is no selector. Selector (and scrub) errors are swallowed so a
1469
+ * faulty selector can never break the wrapped function or fabricate a
1470
+ * 'rejected' event — instrumentation stays purely observational. The swallowed
1471
+ * error is surfaced on the `debug` logger so internal devs can still spot a
1472
+ * broken selector without it ever reaching a transport.
1473
+ */
1474
+ const safeSelect = ({ functionName, logger, piiFields, selector, value }) => {
1475
+ if (!selector) return;
1476
+ try {
1477
+ return scrubParameters({
1478
+ piiFields,
1479
+ value: selector(value)
1480
+ });
1481
+ } catch (error) {
1482
+ logger.debug(`[instrumentFunction] payload selector for "${functionName}" threw; emitting event without payload`, error);
1483
+ return;
1484
+ }
1485
+ };
1486
+ /**
1485
1487
  * Wraps a function so that each invocation emits a structured
1486
1488
  * `FunctionInstrumentationEvent` at three lifecycle points:
1487
1489
  *
1488
- * - **started** — immediately before the function body executes, with the
1489
- * PII-scrubbed call parameters.
1490
+ * - **started** — immediately before the function body executes.
1490
1491
  * - **resolved** — after the function (or its returned Promise) settles
1491
- * successfully, with the PII-scrubbed return value.
1492
+ * successfully, with the call duration.
1492
1493
  * - **rejected** — if the function throws synchronously or its returned
1493
- * Promise rejects.
1494
+ * Promise rejects, with the duration and the error's class name/code.
1495
+ *
1496
+ * Events carry only the safe envelope (function name, phase, timing, error
1497
+ * class, SDK/runtime metadata, identifiers). **Raw arguments and return values
1498
+ * are never captured.** A function that needs additional fields supplies
1499
+ * `selectors` that build an explicit, primitive-only {@link SafePayload} — the
1500
+ * only path from arguments/return value into a log.
1494
1501
  *
1495
1502
  * The original return value (or thrown error) is always forwarded to the
1496
- * caller unchanged — instrumentation is purely observational.
1503
+ * caller unchanged — instrumentation is purely observational, and a throwing
1504
+ * selector cannot change that.
1497
1505
  *
1498
- * ## Usage
1506
+ * ## Providing selectors
1507
+ *
1508
+ * A function opts into a payload by supplying selectors that map its arguments
1509
+ * (`started`) and/or its awaited return value (`resolved`) to a primitive-only
1510
+ * {@link SafePayload}. Pick individual known-safe fields — never spread a whole
1511
+ * object, which is exactly what the model prevents.
1499
1512
  *
1500
1513
  * ```ts
1501
1514
  * const transfer = instrumentFunction({
1502
1515
  * fn: rawTransfer,
1503
1516
  * functionName: 'transfer',
1504
1517
  * getCore: () => core,
1518
+ * selectors: {
1519
+ * // `args` is the argument tuple the wrapped function was called with.
1520
+ * started: ([{ chainId, amount }]) => ({ amount, chainId }),
1521
+ * // `result` is the awaited return value (never the Promise).
1522
+ * resolved: ({ txHash }) => ({ txHash }),
1523
+ * },
1505
1524
  * });
1506
- *
1507
- * // When called, three events are emitted automatically:
1508
- * await transfer({ amount: 1, to: '0xabc' });
1509
1525
  * ```
1510
1526
  *
1527
+ * A selector that throws (or whose output fails scrubbing) is swallowed: the
1528
+ * event is still emitted without a payload, and the error is logged at `debug`.
1529
+ *
1511
1530
  * ## How functions are wrapped
1512
1531
  *
1513
- * `instrumentFunction` is not called manually in application code. Instead,
1514
- * the esbuild instrumentation plugin (`tools/instrumentation-plugin`) injects
1515
- * it at build time: any exported function annotated with `@instrumented` in its
1516
- * JSDoc is automatically wrapped by the plugin during the build step.
1517
- * The plugin strips the original `export`, renames the function, and re-exports
1518
- * it under the original name via `instrumentFunction(...)` — so the public API
1519
- * is unchanged and no call sites need to be updated.
1532
+ * `instrumentFunction` is not called manually in application code. The esbuild
1533
+ * instrumentation plugin (`tools/instrumentation-plugin`) injects it at build
1534
+ * time for any exported function annotated with `@instrumented` in its JSDoc.
1520
1535
  *
1521
1536
  * ## Opting out
1522
1537
  *
1523
- * Instrumentation is skipped entirely when:
1524
- * - `getCore()` returns `undefined` (SDK not initialised), or
1525
- * - `core.instrumentation.config.enabled` is `false`.
1526
- *
1527
- * In both cases the original function is called directly with no overhead.
1528
- *
1529
- * ## PII scrubbing
1530
- *
1531
- * All string values whose key appears in `piiFields` are replaced with
1532
- * `"[redacted]"` before events are emitted. Pass `redactAll: true` to redact
1533
- * every field, regardless of key name.
1538
+ * Instrumentation is skipped entirely when `getCore()` returns `undefined`
1539
+ * (SDK not initialised) or when `core.instrumentation.config.enabled` is
1540
+ * `false`; in both cases the original function is called directly.
1534
1541
  * @notInstrumented
1535
1542
  */
1536
- const instrumentFunction = ({ fn, functionName, getCore: getCore$1, redactAll }) => {
1543
+ const instrumentFunction = ({ fn, functionName, getCore: getCore$1, selectors }) => {
1537
1544
  const wrapped = (...args) => {
1538
1545
  const core = getCore$1();
1539
- if (!core) return fn(...args);
1540
- if (!core.instrumentation.config.enabled) return fn(...args);
1541
- const instrumentation = core.instrumentation;
1542
- const state = core.state.get();
1543
- const baseEvent = {
1544
- environmentId: core.environmentId,
1545
- functionName,
1546
- operatingSystem: getOperatingSystem(),
1547
- parameters: scrubParameters({
1548
- piiFields: instrumentation.config.piiFields,
1549
- redactAll,
1550
- value: extractParams(args)
1551
- }),
1552
- platform: getPlatform(),
1553
- registeredExtensionKeys: Array.from(core.extensions),
1554
- sdkSessionId: core.sdkSessionId,
1555
- sdkVersion: core.version,
1556
- status: "info",
1557
- tokenSessionId: state.token ? extractSessionId(state.token) : null,
1558
- userAgent: getUserAgent(),
1559
- userId: state.user?.id ?? null
1546
+ if (!core?.instrumentation.config.enabled) return fn(...args);
1547
+ const { instrumentation, logger } = core;
1548
+ const { piiFields } = instrumentation.config;
1549
+ const base = {
1550
+ ...buildContext(core),
1551
+ functionName
1560
1552
  };
1553
+ const startedAt = Date.now();
1561
1554
  instrumentation.logFunction({
1562
- ...baseEvent,
1555
+ ...base,
1556
+ payload: safeSelect({
1557
+ functionName,
1558
+ logger,
1559
+ piiFields,
1560
+ selector: selectors?.started,
1561
+ value: args
1562
+ }),
1563
1563
  phase: "started",
1564
+ status: "info",
1564
1565
  timestamp: (/* @__PURE__ */ new Date()).toISOString()
1565
1566
  });
1566
- try {
1567
- const result = fn(...args);
1568
- if (result instanceof Promise) return result.then((value) => {
1569
- instrumentation.logFunction({
1570
- ...baseEvent,
1571
- phase: "resolved",
1572
- resolvedValue: scrubResolvedValue({
1573
- piiFields: instrumentation.config.piiFields,
1574
- redactAll,
1575
- value
1576
- }),
1577
- timestamp: (/* @__PURE__ */ new Date()).toISOString()
1578
- });
1579
- return value;
1580
- }).catch((error) => {
1581
- instrumentation.logFunction({
1582
- ...baseEvent,
1583
- phase: "rejected",
1584
- rejectedError: serializeError(error),
1585
- timestamp: (/* @__PURE__ */ new Date()).toISOString()
1586
- });
1587
- throw error;
1588
- });
1567
+ const emitResolved = (value) => {
1589
1568
  instrumentation.logFunction({
1590
- ...baseEvent,
1591
- phase: "resolved",
1592
- resolvedValue: scrubResolvedValue({
1593
- piiFields: instrumentation.config.piiFields,
1594
- redactAll,
1595
- value: result
1569
+ ...base,
1570
+ durationMs: Date.now() - startedAt,
1571
+ payload: safeSelect({
1572
+ functionName,
1573
+ logger,
1574
+ piiFields,
1575
+ selector: selectors?.resolved,
1576
+ value
1596
1577
  }),
1578
+ phase: "resolved",
1579
+ status: "info",
1597
1580
  timestamp: (/* @__PURE__ */ new Date()).toISOString()
1598
1581
  });
1599
- return result;
1600
- } catch (error) {
1582
+ };
1583
+ const emitRejected = (error) => {
1601
1584
  instrumentation.logFunction({
1602
- ...baseEvent,
1585
+ ...base,
1586
+ ...toErrorFields(error),
1587
+ durationMs: Date.now() - startedAt,
1603
1588
  phase: "rejected",
1604
- rejectedError: serializeError(error),
1589
+ status: "error",
1605
1590
  timestamp: (/* @__PURE__ */ new Date()).toISOString()
1606
1591
  });
1592
+ };
1593
+ try {
1594
+ const result = fn(...args);
1595
+ if (result instanceof Promise) return result.then((value) => {
1596
+ emitResolved(value);
1597
+ return value;
1598
+ }, (error) => {
1599
+ emitRejected(error);
1600
+ throw error;
1601
+ });
1602
+ emitResolved(result);
1603
+ return result;
1604
+ } catch (error) {
1605
+ emitRejected(error);
1607
1606
  throw error;
1608
1607
  }
1609
1608
  };
@@ -1648,6 +1647,7 @@ const getWalletAccountsHash = (state, client) => getWalletAccountsFromState(stat
1648
1647
  * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.
1649
1648
  * @returns True if the user needs additional MFA authentication, false otherwise.
1650
1649
  * @notInstrumented
1650
+ * @hook Exposed as a hook so consumers reactively know when MFA is still required, updated when the user changes.
1651
1651
  */
1652
1652
  const isUserMissingMfaAuth = (client = getDefaultClient()) => {
1653
1653
  const user = client.user;
@@ -1893,7 +1893,7 @@ const updateAuthFromVerifyResponse = ({ response }, client) => {
1893
1893
  * programmatically because Redcoast won't set the cookie via headers. We set the cookie programmatically
1894
1894
  * so customers can access the cookie from document.cookie consistently between sandbox and live environments.
1895
1895
  */
1896
- if (minifiedJwt && isCookieEnabled(client)) setCookie(`${DYNAMIC_AUTH_COOKIE_NAME}=${minifiedJwt}; expires=${sessionExpiresAt.toUTCString()}; path=/; SameSite=Lax`);
1896
+ if (minifiedJwt && isCookieEnabled(client)) setCookie(`${DYNAMIC_AUTH_COOKIE_NAME}=${minifiedJwt}; expires=${sessionExpiresAt.toUTCString()}; path=/; SameSite=Lax${getSecureCookieAttribute()}`);
1897
1897
  checkAndRaiseWalletAccountsChangedEvent({ previousState }, client);
1898
1898
  if (!previousState.user && Boolean(newState.user)) initializeWaasClientsForEagerRecovery(client);
1899
1899
  };
@@ -2175,6 +2175,12 @@ Object.defineProperty(exports, 'getPlatform', {
2175
2175
  return getPlatform;
2176
2176
  }
2177
2177
  });
2178
+ Object.defineProperty(exports, 'getSecureCookieAttribute', {
2179
+ enumerable: true,
2180
+ get: function () {
2181
+ return getSecureCookieAttribute;
2182
+ }
2183
+ });
2178
2184
  Object.defineProperty(exports, 'getSessionKeys', {
2179
2185
  enumerable: true,
2180
2186
  get: function () {
@@ -2337,4 +2343,4 @@ Object.defineProperty(exports, 'version', {
2337
2343
  return version;
2338
2344
  }
2339
2345
  });
2340
- //# sourceMappingURL=updateAuthFromVerifyResponse-CUnvs5Af.cjs.map
2346
+ //# sourceMappingURL=updateAuthFromVerifyResponse-Deg9em9o.cjs.map