@dynamic-labs-sdk/client 1.8.0 → 1.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (52) hide show
  1. package/dist/{InvalidParamError-IHYLdzFd.esm.js → InvalidParamError-BKnC9rcJ.esm.js} +2 -2
  2. package/dist/{InvalidParamError-IHYLdzFd.esm.js.map → InvalidParamError-BKnC9rcJ.esm.js.map} +1 -1
  3. package/dist/{InvalidParamError-Bc6OZBog.native.esm.js → InvalidParamError-Btv8VGSa.native.esm.js} +6 -7
  4. package/dist/InvalidParamError-Btv8VGSa.native.esm.js.map +1 -0
  5. package/dist/{InvalidParamError-S56rFFDP.cjs → InvalidParamError-DGBih-LJ.cjs} +3 -3
  6. package/dist/{InvalidParamError-S56rFFDP.cjs.map → InvalidParamError-DGBih-LJ.cjs.map} +1 -1
  7. package/dist/{NotWaasWalletAccountError-BYEL2l-W.esm.js → NotWaasWalletAccountError-CHr72wTH.esm.js} +3 -3
  8. package/dist/{NotWaasWalletAccountError-BYEL2l-W.esm.js.map → NotWaasWalletAccountError-CHr72wTH.esm.js.map} +1 -1
  9. package/dist/{NotWaasWalletAccountError-BP-bODbJ.native.esm.js → NotWaasWalletAccountError-CRmyVoB3.native.esm.js} +3 -3
  10. package/dist/{NotWaasWalletAccountError-BP-bODbJ.native.esm.js.map → NotWaasWalletAccountError-CRmyVoB3.native.esm.js.map} +1 -1
  11. package/dist/{NotWaasWalletAccountError-CbhIKUDM.cjs → NotWaasWalletAccountError-i1FozGep.cjs} +3 -3
  12. package/dist/{NotWaasWalletAccountError-CbhIKUDM.cjs.map → NotWaasWalletAccountError-i1FozGep.cjs.map} +1 -1
  13. package/dist/core.cjs +5 -5
  14. package/dist/core.esm.js +5 -5
  15. package/dist/core.native.esm.js +5 -5
  16. package/dist/{getNetworkProviderFromNetworkId-BDdcpGHH.cjs → getNetworkProviderFromNetworkId-BdgI7g5U.cjs} +4 -4
  17. package/dist/{getNetworkProviderFromNetworkId-BDdcpGHH.cjs.map → getNetworkProviderFromNetworkId-BdgI7g5U.cjs.map} +1 -1
  18. package/dist/{getNetworkProviderFromNetworkId-DVmF7pH2.native.esm.js → getNetworkProviderFromNetworkId-Bm41knUq.native.esm.js} +4 -4
  19. package/dist/{getNetworkProviderFromNetworkId-DVmF7pH2.native.esm.js.map → getNetworkProviderFromNetworkId-Bm41knUq.native.esm.js.map} +1 -1
  20. package/dist/{getNetworkProviderFromNetworkId-D8rWYXlT.esm.js → getNetworkProviderFromNetworkId-CRuh5pgc.esm.js} +3 -3
  21. package/dist/{getNetworkProviderFromNetworkId-D8rWYXlT.esm.js.map → getNetworkProviderFromNetworkId-CRuh5pgc.esm.js.map} +1 -1
  22. package/dist/{getSignedSessionId-BBaBCi9S.cjs → getSignedSessionId-Cwmt4BkY.cjs} +3 -3
  23. package/dist/{getSignedSessionId-BBaBCi9S.cjs.map → getSignedSessionId-Cwmt4BkY.cjs.map} +1 -1
  24. package/dist/{getSignedSessionId-CND07Eca.esm.js → getSignedSessionId-D2w_IRdt.esm.js} +3 -3
  25. package/dist/{getSignedSessionId-CND07Eca.esm.js.map → getSignedSessionId-D2w_IRdt.esm.js.map} +1 -1
  26. package/dist/{getSignedSessionId-RwV7JPn8.native.esm.js → getSignedSessionId-S6CBWkOn.native.esm.js} +3 -3
  27. package/dist/{getSignedSessionId-RwV7JPn8.native.esm.js.map → getSignedSessionId-S6CBWkOn.native.esm.js.map} +1 -1
  28. package/dist/{getVerifiedCredentialForWalletAccount-FrxYWSuD.cjs → getVerifiedCredentialForWalletAccount-CDuP1kaI.cjs} +3 -3
  29. package/dist/{getVerifiedCredentialForWalletAccount-FrxYWSuD.cjs.map → getVerifiedCredentialForWalletAccount-CDuP1kaI.cjs.map} +1 -1
  30. package/dist/{getVerifiedCredentialForWalletAccount-BVrGV8qf.native.esm.js → getVerifiedCredentialForWalletAccount-D33r7Drd.native.esm.js} +2 -2
  31. package/dist/{getVerifiedCredentialForWalletAccount-BVrGV8qf.native.esm.js.map → getVerifiedCredentialForWalletAccount-D33r7Drd.native.esm.js.map} +1 -1
  32. package/dist/{getVerifiedCredentialForWalletAccount-BiOS65Tk.esm.js → getVerifiedCredentialForWalletAccount-QwfkKHfr.esm.js} +2 -2
  33. package/dist/{getVerifiedCredentialForWalletAccount-BiOS65Tk.esm.js.map → getVerifiedCredentialForWalletAccount-QwfkKHfr.esm.js.map} +1 -1
  34. package/dist/index.cjs +5 -5
  35. package/dist/index.esm.js +5 -5
  36. package/dist/index.native.esm.js +5 -5
  37. package/dist/{isMfaRequiredForAction-BPL_dgIM.esm.js → isMfaRequiredForAction-5p3i98-Z.esm.js} +2 -2
  38. package/dist/{isMfaRequiredForAction-BPL_dgIM.esm.js.map → isMfaRequiredForAction-5p3i98-Z.esm.js.map} +1 -1
  39. package/dist/{isMfaRequiredForAction-DQDoPsi6.native.esm.js → isMfaRequiredForAction-cmElIVof.native.esm.js} +2 -2
  40. package/dist/{isMfaRequiredForAction-DQDoPsi6.native.esm.js.map → isMfaRequiredForAction-cmElIVof.native.esm.js.map} +1 -1
  41. package/dist/{isMfaRequiredForAction-BolTrtCO.cjs → isMfaRequiredForAction-z74isCQ7.cjs} +2 -2
  42. package/dist/{isMfaRequiredForAction-BolTrtCO.cjs.map → isMfaRequiredForAction-z74isCQ7.cjs.map} +1 -1
  43. package/dist/tsconfig.lib.tsbuildinfo +1 -1
  44. package/dist/waas.cjs +4 -4
  45. package/dist/waas.esm.js +3 -3
  46. package/dist/waas.native.esm.js +3 -3
  47. package/dist/waasCore.cjs +3 -3
  48. package/dist/waasCore.esm.js +3 -3
  49. package/dist/waasCore.native.esm.js +4 -4
  50. package/dist/waasCore.native.esm.js.map +1 -1
  51. package/package.json +2 -2
  52. package/dist/InvalidParamError-Bc6OZBog.native.esm.js.map +0 -1
package/dist/waas.cjs CHANGED
@@ -1,7 +1,7 @@
1
- const require_isMfaRequiredForAction = require('./isMfaRequiredForAction-BolTrtCO.cjs');
2
- const require_InvalidParamError = require('./InvalidParamError-S56rFFDP.cjs');
3
- const require_getVerifiedCredentialForWalletAccount = require('./getVerifiedCredentialForWalletAccount-FrxYWSuD.cjs');
4
- const require_NotWaasWalletAccountError = require('./NotWaasWalletAccountError-CbhIKUDM.cjs');
1
+ const require_isMfaRequiredForAction = require('./isMfaRequiredForAction-z74isCQ7.cjs');
2
+ const require_InvalidParamError = require('./InvalidParamError-DGBih-LJ.cjs');
3
+ const require_getVerifiedCredentialForWalletAccount = require('./getVerifiedCredentialForWalletAccount-CDuP1kaI.cjs');
4
+ const require_NotWaasWalletAccountError = require('./NotWaasWalletAccountError-i1FozGep.cjs');
5
5
  let _dynamic_labs_sdk_assert_package_version = require("@dynamic-labs-sdk/assert-package-version");
6
6
  let _dynamic_labs_sdk_api_core = require("@dynamic-labs/sdk-api-core");
7
7
 
package/dist/waas.esm.js CHANGED
@@ -1,6 +1,6 @@
1
- import { U as assertDefined, _ as getChainFromVerifiedCredentialChain, c as getWalletProviderFromWalletAccount, f as NoWalletProviderFoundError, h as formatWalletProviderKey, i as DYNAMIC_WAAS_METADATA, it as BaseError, ot as name, st as version, tt as getDefaultClient } from "./InvalidParamError-IHYLdzFd.esm.js";
2
- import { c as findWaasWalletProviderByChain, l as isWaasWalletProvider, n as getWalletProviderByKey, s as isWaasWalletAccount, t as getVerifiedCredentialForWalletAccount } from "./getVerifiedCredentialForWalletAccount-BiOS65Tk.esm.js";
3
- import { n as __refreshAuth_wrapped, t as NotWaasWalletAccountError } from "./NotWaasWalletAccountError-BYEL2l-W.esm.js";
1
+ import { U as assertDefined, _ as getChainFromVerifiedCredentialChain, c as getWalletProviderFromWalletAccount, f as NoWalletProviderFoundError, h as formatWalletProviderKey, i as DYNAMIC_WAAS_METADATA, it as BaseError, ot as name, st as version, tt as getDefaultClient } from "./InvalidParamError-BKnC9rcJ.esm.js";
2
+ import { c as findWaasWalletProviderByChain, l as isWaasWalletProvider, n as getWalletProviderByKey, s as isWaasWalletAccount, t as getVerifiedCredentialForWalletAccount } from "./getVerifiedCredentialForWalletAccount-QwfkKHfr.esm.js";
3
+ import { n as __refreshAuth_wrapped, t as NotWaasWalletAccountError } from "./NotWaasWalletAccountError-CHr72wTH.esm.js";
4
4
  import { assertPackageVersion } from "@dynamic-labs-sdk/assert-package-version";
5
5
  import { EmbeddedWalletVersionEnum, JwtVerifiedCredentialFormatEnum, WalletProviderEnum } from "@dynamic-labs/sdk-api-core";
6
6
 
@@ -1,6 +1,6 @@
1
- import { H as version, I as getDefaultClient, V as name, i as DYNAMIC_WAAS_METADATA, s as getChainFromVerifiedCredentialChain, w as assertDefined, z as BaseError } from "./InvalidParamError-Bc6OZBog.native.esm.js";
2
- import { c as findWaasWalletProviderByChain, h as getWalletProviderFromWalletAccount, l as isWaasWalletProvider, n as getWalletProviderByKey, s as isWaasWalletAccount, t as getVerifiedCredentialForWalletAccount, x as formatWalletProviderKey, y as NoWalletProviderFoundError } from "./getVerifiedCredentialForWalletAccount-BVrGV8qf.native.esm.js";
3
- import { n as __refreshAuth_wrapped, t as NotWaasWalletAccountError } from "./NotWaasWalletAccountError-BP-bODbJ.native.esm.js";
1
+ import { H as version, I as getDefaultClient, V as name, i as DYNAMIC_WAAS_METADATA, s as getChainFromVerifiedCredentialChain, w as assertDefined, z as BaseError } from "./InvalidParamError-Btv8VGSa.native.esm.js";
2
+ import { c as findWaasWalletProviderByChain, h as getWalletProviderFromWalletAccount, l as isWaasWalletProvider, n as getWalletProviderByKey, s as isWaasWalletAccount, t as getVerifiedCredentialForWalletAccount, x as formatWalletProviderKey, y as NoWalletProviderFoundError } from "./getVerifiedCredentialForWalletAccount-D33r7Drd.native.esm.js";
3
+ import { n as __refreshAuth_wrapped, t as NotWaasWalletAccountError } from "./NotWaasWalletAccountError-CRmyVoB3.native.esm.js";
4
4
  import { assertPackageVersion } from "@dynamic-labs-sdk/assert-package-version";
5
5
  import { EmbeddedWalletVersionEnum, JwtVerifiedCredentialFormatEnum, WalletProviderEnum } from "@dynamic-labs/sdk-api-core";
6
6
 
package/dist/waasCore.cjs CHANGED
@@ -1,6 +1,6 @@
1
- const require_isMfaRequiredForAction = require('./isMfaRequiredForAction-BolTrtCO.cjs');
2
- const require_InvalidParamError = require('./InvalidParamError-S56rFFDP.cjs');
3
- const require_getSignedSessionId = require('./getSignedSessionId-BBaBCi9S.cjs');
1
+ const require_isMfaRequiredForAction = require('./isMfaRequiredForAction-z74isCQ7.cjs');
2
+ const require_InvalidParamError = require('./InvalidParamError-DGBih-LJ.cjs');
3
+ const require_getSignedSessionId = require('./getSignedSessionId-Cwmt4BkY.cjs');
4
4
  let _dynamic_labs_sdk_assert_package_version = require("@dynamic-labs-sdk/assert-package-version");
5
5
  let _dynamic_labs_sdk_api_core = require("@dynamic-labs/sdk-api-core");
6
6
  let _dynamic_labs_wallet_browser_wallet_client = require("@dynamic-labs-wallet/browser-wallet-client");
@@ -1,6 +1,6 @@
1
- import { G as __getElevatedAccessToken_wrapped, H as isCookieEnabled, Q as CLIENT_SDK_NAME, _ as getChainFromVerifiedCredentialChain, at as getCore, i as DYNAMIC_WAAS_METADATA, n as DEFAULT_WAAS_BASE_API_URL, ot as name, r as DEFAULT_WAAS_BASE_MPC_RELAY_API_URL, st as version, t as InvalidParamError, v as CHAINS_INFO_MAP } from "./InvalidParamError-IHYLdzFd.esm.js";
2
- import { i as __logoutWithReason_wrapped } from "./isMfaRequiredForAction-BPL_dgIM.esm.js";
3
- import { n as consumeMfaTokenIfRequiredForAction, t as getSignedSessionId } from "./getSignedSessionId-CND07Eca.esm.js";
1
+ import { G as __getElevatedAccessToken_wrapped, H as isCookieEnabled, Q as CLIENT_SDK_NAME, _ as getChainFromVerifiedCredentialChain, at as getCore, i as DYNAMIC_WAAS_METADATA, n as DEFAULT_WAAS_BASE_API_URL, ot as name, r as DEFAULT_WAAS_BASE_MPC_RELAY_API_URL, st as version, t as InvalidParamError, v as CHAINS_INFO_MAP } from "./InvalidParamError-BKnC9rcJ.esm.js";
2
+ import { i as __logoutWithReason_wrapped } from "./isMfaRequiredForAction-5p3i98-Z.esm.js";
3
+ import { n as consumeMfaTokenIfRequiredForAction, t as getSignedSessionId } from "./getSignedSessionId-D2w_IRdt.esm.js";
4
4
  import { assertPackageVersion } from "@dynamic-labs-sdk/assert-package-version";
5
5
  import { MFAAction, TokenScope, WalletProviderEnum } from "@dynamic-labs/sdk-api-core";
6
6
  import { DynamicWalletClient, ThresholdSignatureScheme, WalletOperation } from "@dynamic-labs-wallet/browser-wallet-client";
@@ -1,6 +1,6 @@
1
- import { B as getCore, C as isCookieEnabled, E as __getElevatedAccessToken_wrapped, H as version, N as CLIENT_SDK_NAME, V as name, c as CHAINS_INFO_MAP, i as DYNAMIC_WAAS_METADATA, n as DEFAULT_WAAS_BASE_API_URL, r as DEFAULT_WAAS_BASE_MPC_RELAY_API_URL, s as getChainFromVerifiedCredentialChain, t as InvalidParamError, z as BaseError } from "./InvalidParamError-Bc6OZBog.native.esm.js";
2
- import { i as NativeModuleNotLinkedError } from "./isMfaRequiredForAction-DQDoPsi6.native.esm.js";
3
- import { n as consumeMfaTokenIfRequiredForAction, t as getSignedSessionId } from "./getSignedSessionId-RwV7JPn8.native.esm.js";
1
+ import { B as getCore, C as isCookieEnabled, E as __getElevatedAccessToken_wrapped, H as version, N as CLIENT_SDK_NAME, V as name, c as CHAINS_INFO_MAP, i as DYNAMIC_WAAS_METADATA, n as DEFAULT_WAAS_BASE_API_URL, r as DEFAULT_WAAS_BASE_MPC_RELAY_API_URL, s as getChainFromVerifiedCredentialChain, t as InvalidParamError, z as BaseError } from "./InvalidParamError-Btv8VGSa.native.esm.js";
2
+ import { i as NativeModuleNotLinkedError } from "./isMfaRequiredForAction-cmElIVof.native.esm.js";
3
+ import { n as consumeMfaTokenIfRequiredForAction, t as getSignedSessionId } from "./getSignedSessionId-S6CBWkOn.native.esm.js";
4
4
  import { assertPackageVersion } from "@dynamic-labs-sdk/assert-package-version";
5
5
  import { MFAAction, TokenScope, WalletProviderEnum } from "@dynamic-labs/sdk-api-core";
6
6
  import { ACCESSIBLE, getGenericPassword, resetGenericPassword, setGenericPassword } from "react-native-keychain";
@@ -106,7 +106,7 @@ const translateNativeOpenError = (err) => {
106
106
  //#region src/modules/waas/createWaasClient/createWaasSDKContainer.native.ts
107
107
  const NATIVE_MODULE_NAME = "DynamicClientWebView";
108
108
  const MESSAGE_EVENT_NAME = "dynamicBridgeMessage";
109
- const generateInstanceId = () => `${Date.now().toString(36)}-${Math.random().toString(36).slice(2, 10)}`;
109
+ const generateInstanceId = () => `${Date.now().toString(36)}-${crypto.randomUUID()}`;
110
110
  /**
111
111
  * Creates a React Native `WaasSDKContainer` backed by a native WebView
112
112
  * (WKWebView on iOS, `android.webkit.WebView` on Android) hosted by the
@@ -1 +1 @@
1
- {"version":3,"file":"waasCore.native.esm.js","names":["REASON_BY_NATIVE_CODE: Record<string, WebViewLoadFailureReason>","reason: WebViewLoadFailureReason","NativeDynamicWebView","messageHandlers: Array<(data: unknown) => void>","errorHandlers: Array<(error: unknown) => void>","subscription: { remove: () => void } | null","createWaasClient: CreateWaasClient","_waasClient: DynamicWalletClient | undefined","getWaasClient: WaasProvider['getWaasClient']","backupKeySharesToGoogleDrive: WaasProvider['backupKeySharesToGoogleDrive']","createWalletAccount: WaasProvider['createWalletAccount']","delegateKeyShares: WaasProvider['delegateKeyShares']","exportClientKeyshares: WaasProvider['exportClientKeyshares']","exportPrivateKey: WaasProvider['exportPrivateKey']","getElevatedAccessToken","restoreUserShareForWalletAccount: WaasProvider['restoreUserShareForWalletAccount']","importPrivateKey: WaasProvider['importPrivateKey']","refreshWalletAccountShares: WaasProvider['refreshWalletAccountShares']","revokeDelegation: WaasProvider['revokeDelegation']","setWaasWalletAccountPassword: WaasProvider['setWaasWalletAccountPassword']","signRawMessage: WaasProvider['signRawMessage']","destroy: WaasProvider['destroy']","updatePassword: WaasProvider['updatePassword']","signMessage: WaasProvider['signMessage']","signSerializedTransaction: WaasProvider['signSerializedTransaction']","getWalletRecoveryState: WaasProvider['getWalletRecoveryState']","unlockWallet: WaasProvider['unlockWallet']","packageName","packageVersion"],"sources":["../src/errors/CorruptedKeyShareError.ts","../src/turboModules/NativeDynamicWebView.ts","../src/errors/WebViewLoadFailedError.ts","../src/modules/waas/createWaasClient/translateNativeOpenError.ts","../src/modules/waas/createWaasClient/createWaasSDKContainer.native.ts","../src/modules/waas/createWaasClient/createWaasClient.native.ts","../src/modules/waas/getWaasChainNameFromChain/getWaasChainNameFromChain.ts","../src/modules/waas/createWaasProvider/createWaasProvider.ts","../src/modules/waas/getAllUserWaasAddressesForChain/getAllUserWaasAddressesForChain.ts","../src/exports/waasCore.ts"],"sourcesContent":["import { BaseError } from './base';\n\ntype CorruptedKeyShareErrorParams = {\n cause?: Error | null;\n};\n\n/**\n * Thrown when a persisted client key share cannot be parsed back into its\n * structured form (e.g. a partially-written or corrupted keychain entry).\n *\n * Surfaced as a typed error rather than swallowed so callers can distinguish\n * \"no key share stored\" (empty result) from \"key share exists but is\n * unreadable\" — the latter must never be silently treated as the former,\n * which could trigger an unintended re-keygen that overwrites recoverable\n * material.\n */\nexport class CorruptedKeyShareError extends BaseError {\n constructor({ cause = null }: CorruptedKeyShareErrorParams = {}) {\n super({\n cause,\n code: 'corrupted_key_share_error',\n details:\n 'The stored client key share could not be parsed. The secure storage entry may be partially written or corrupted.',\n docsUrl: null,\n name: 'CorruptedKeyShareError',\n shortMessage: 'Stored client key share is corrupted and cannot be read.',\n });\n }\n}\n","// This file is a TurboModule spec consumed by React Native codegen.\n// The `interface`, `default export`, and the `react-native` import are hard\n// requirements of the codegen parser and intentionally deviate from the\n// project's conventions. Codegen discovers specs by the `Native*` filename\n// prefix, so this file cannot be renamed to `.native.ts`.\n\nimport { type TurboModule, TurboModuleRegistry } from 'react-native';\nimport type { UnsafeObject } from 'react-native/Libraries/Types/CodegenTypes';\n\nexport interface Spec extends TurboModule {\n addListener(eventName: string): void;\n close(instanceId: string): void;\n /**\n * Creates a WKWebView for the given instanceId and begins loading `url`.\n *\n * Resolves on `didCommit` — i.e. the first byte of a 2xx/3xx HTTP\n * response has been received and content parsing has started. Page-ready\n * (e.g. the hosted iframe's `iframe-ready-*` handshake) is a separate\n * concern and must be observed by the caller via the message bus; this\n * Promise does not wait for it.\n *\n * Rejects with a `code` of `webview_<reason>` where `<reason>` is one of:\n * - `invalid_url` — URL string was not parseable\n * - `no_host_view` — no foreground window to attach the WebView\n * - `http_error` — response status was >= 400 (userInfo contains `DynamicWebViewStatusCode`)\n * - `navigation_failed` — DNS, TLS, connection failure, or post-commit abort\n * - `cancelled` — `close(instanceId)` was called while this open was pending\n * - `instance_busy` — `open` was called for an instanceId that already has an active WebView\n * - `content_process_terminated` — the WKWebView WebContent process died during load\n * - `unsupported` — the device's Android System WebView is too old to support the secure bridge (Android only)\n *\n * rejection codes into typed `WebViewLoadFailedError` instances.\n */\n open(instanceId: string, url: string): Promise<void>;\n removeListeners(count: number): void;\n sendMessage(instanceId: string, data: UnsafeObject): void;\n}\n\n// eslint-disable-next-line import/no-default-export\nexport default TurboModuleRegistry.get<Spec>('DynamicClientWebView');\n","import { BaseError } from './base/BaseError';\n\n/**\n * Discriminator for `WebViewLoadFailedError`. Identifies the specific\n * failure mode so callers can branch on it (e.g. retry on transient\n * navigation failures, abort on invalid URL, treat HTTP errors distinct\n * from network errors).\n */\nexport type WebViewLoadFailureReason =\n | 'invalid_url'\n | 'no_host_view'\n | 'http_error'\n | 'navigation_failed'\n | 'cancelled'\n | 'instance_busy'\n | 'content_process_terminated'\n | 'unsupported';\n\ntype WebViewLoadFailedErrorParams = {\n cause?: Error | null;\n reason: WebViewLoadFailureReason;\n shortMessage: string;\n /** HTTP response status code. Populated only when `reason === 'http_error'`. */\n statusCode?: number;\n /** Underlying OS-level error description (e.g. `NSURLErrorDomain`\n * localizedDescription). Populated for `reason === 'navigation_failed'`. */\n underlyingError?: string;\n};\n\n/**\n * Thrown when `DynamicWebView.open()` (via the WaaS transport provider)\n * fails to establish a usable load. Inspect `reason` to distinguish the\n * failure mode; `statusCode` and `underlyingError` provide structured\n * metadata for the cases that have it.\n */\nexport class WebViewLoadFailedError extends BaseError {\n readonly reason: WebViewLoadFailureReason;\n readonly statusCode: number | undefined;\n readonly underlyingError: string | undefined;\n\n constructor({\n reason,\n shortMessage,\n cause = null,\n statusCode,\n underlyingError,\n }: WebViewLoadFailedErrorParams) {\n super({\n cause,\n code: 'webview_load_failed_error',\n details: underlyingError,\n docsUrl: null,\n name: 'WebViewLoadFailedError',\n shortMessage,\n });\n this.reason = reason;\n this.statusCode = statusCode;\n this.underlyingError = underlyingError;\n }\n}\n","import {\n WebViewLoadFailedError,\n type WebViewLoadFailureReason,\n} from '../../../errors/WebViewLoadFailedError';\n\n// Maps the native-side RCT reject codes (emitted by DynamicWebView.mm) to the\n// JS-level discriminator on `WebViewLoadFailedError`. Keys must stay in sync\n// with the `Reason.*` strings in DynamicWebViewImpl.swift.\nconst REASON_BY_NATIVE_CODE: Record<string, WebViewLoadFailureReason> = {\n webview_cancelled: 'cancelled',\n webview_content_process_terminated: 'content_process_terminated',\n webview_http_error: 'http_error',\n webview_instance_busy: 'instance_busy',\n webview_invalid_url: 'invalid_url',\n webview_navigation_failed: 'navigation_failed',\n webview_no_host_view: 'no_host_view',\n webview_unsupported: 'unsupported',\n};\n\n// React Native serializes the native NSError's userInfo onto the JS Error as\n// `userInfo`. These keys must stay in sync with the `errorStatusCodeKey` /\n// `errorUnderlyingDescriptionKey` constants in DynamicWebViewImpl.swift.\ntype NativeRejection = {\n code?: string;\n message?: string;\n userInfo?: {\n DynamicWebViewStatusCode?: number;\n DynamicWebViewUnderlying?: string;\n };\n};\n\n/**\n * Translates a native `DynamicWebView.open()` rejection into a typed\n * `WebViewLoadFailedError`. Maps the native RCT reject code to the JS-level\n * `WebViewLoadFailureReason` discriminator (falling back to\n * `navigation_failed` for unrecognized codes) and carries through the\n * structured `statusCode` / `underlyingError` metadata.\n *\n * The `reason` it produces is the contract `createWaasSDKContainer` branches\n * on — notably `emitError` swallows `cancelled` because that code is only ever\n * produced by our own `close()` teardown (verified on both the iOS and Android\n * native sides). Keep `REASON_BY_NATIVE_CODE` in sync with the native reject\n * codes so that branching stays correct.\n *\n * @not-instrumented\n */\nexport const translateNativeOpenError = (\n err: unknown\n): WebViewLoadFailedError => {\n const rejection = (err ?? {}) as NativeRejection;\n\n // Must check the KEYS of REASON_BY_NATIVE_CODE (the `webview_*` native\n // codes), not its values (the JS-level reasons) — this is called with the\n // native code, so checking values made every code fall through to\n // `navigation_failed` and silently broke the `cancelled` swallow.\n const isNativeRejectionCode = (\n code: string | undefined\n ): code is keyof typeof REASON_BY_NATIVE_CODE =>\n code != undefined && code in REASON_BY_NATIVE_CODE;\n\n const reason: WebViewLoadFailureReason = isNativeRejectionCode(rejection.code)\n ? REASON_BY_NATIVE_CODE[rejection.code]\n : 'navigation_failed';\n return new WebViewLoadFailedError({\n cause: err instanceof Error ? err : null,\n reason,\n shortMessage:\n rejection.message ?? `DynamicWebView open failed (${reason}).`,\n statusCode: rejection.userInfo?.DynamicWebViewStatusCode,\n underlyingError: rejection.userInfo?.DynamicWebViewUnderlying,\n });\n};\n","import type { WaasSDKContainer } from '@dynamic-labs-wallet/core';\nimport { NativeEventEmitter } from 'react-native';\n\nimport { NativeModuleNotLinkedError } from '../../../errors/NativeModuleNotLinkedError';\nimport NativeDynamicWebView from '../../../turboModules/NativeDynamicWebView';\nimport { translateNativeOpenError } from './translateNativeOpenError';\n\nconst NATIVE_MODULE_NAME = 'DynamicClientWebView';\nconst MESSAGE_EVENT_NAME = 'dynamicBridgeMessage';\n\ntype BridgeEventPayload = {\n data: unknown;\n instanceId: string;\n};\n\nconst generateInstanceId = (): string =>\n `${Date.now().toString(36)}-${Math.random().toString(36).slice(2, 10)}`;\n\n/**\n * Creates a React Native `WaasSDKContainer` backed by a native WebView\n * (WKWebView on iOS, `android.webkit.WebView` on Android) hosted by the\n * `DynamicClientWebView` TurboModule. Each invocation returns an isolated\n * container with its own instance ID, native WebView, and message routing.\n *\n * @not-instrumented\n */\nexport const createWaasSDKContainer = (): WaasSDKContainer => {\n if (!NativeDynamicWebView) {\n throw new NativeModuleNotLinkedError({ moduleName: NATIVE_MODULE_NAME });\n }\n\n const nativeModule = NativeDynamicWebView;\n const instanceId = generateInstanceId();\n // Construct the emitter against the TurboModule itself — on New Arch,\n // `NativeModules[name]` can be a different compatibility-shim object,\n // and binding `addListener`/`removeListeners` on the wrong instance\n // leaves `startObserving` in the native emitter never firing.\n const emitter = new NativeEventEmitter(\n nativeModule as unknown as ConstructorParameters<typeof NativeEventEmitter>[0]\n );\n\n // IframeManager on the WaaS SDK calls `container.onMessage(handler)` twice\n // on the same container — once to wait for the `iframe-ready-*` handshake,\n // and once later from `setupWaasSDKContainerBridge` to forward transport\n // messages. Both handlers need to receive every message, so the container\n // fans out to all registered handlers instead of enforcing single-register.\n const messageHandlers: Array<(data: unknown) => void> = [];\n const errorHandlers: Array<(error: unknown) => void> = [];\n let subscription: { remove: () => void } | null = null;\n let destroyed = false;\n\n const emitError = (err: unknown): void => {\n if (destroyed) return;\n const translated = translateNativeOpenError(err);\n // `cancelled` is only ever produced by our own `close()` teardown path on\n // the native side. Surfacing it via onError would make consumers like\n // IframeManager interpret their own destroy as a load failure and retry\n // against a provider that no longer exists.\n if (translated.reason === 'cancelled') return;\n for (const handler of errorHandlers) {\n handler(translated);\n }\n };\n\n return {\n destroy() {\n if (destroyed) return;\n destroyed = true;\n\n subscription?.remove();\n subscription = null;\n messageHandlers.length = 0;\n errorHandlers.length = 0;\n nativeModule.close(instanceId);\n },\n\n isAlive: () => !destroyed,\n\n // Signature is dictated by the upstream WaasSDKContainer interface.\n // eslint-disable-next-line custom-rules/require-single-object-param\n onError(handler: (error: unknown) => void) {\n errorHandlers.push(handler);\n return () => {\n const index = errorHandlers.indexOf(handler);\n if (index !== -1) errorHandlers.splice(index, 1);\n };\n },\n\n // Signature is dictated by the upstream WaasSDKContainer interface.\n // eslint-disable-next-line custom-rules/require-single-object-param\n onMessage(handler: (data: unknown) => void) {\n messageHandlers.push(handler);\n\n subscription ??= emitter.addListener(\n MESSAGE_EVENT_NAME,\n (payload: BridgeEventPayload) => {\n if (payload.instanceId !== instanceId) return;\n\n for (const fn of messageHandlers) {\n fn(payload.data);\n }\n }\n );\n\n // WaaS client expects onMessage to return an unsubscribe function —\n // used e.g. to tear down the one-shot handshake handler.\n return () => {\n const index = messageHandlers.indexOf(handler);\n if (index !== -1) messageHandlers.splice(index, 1);\n if (messageHandlers.length === 0) {\n subscription?.remove();\n subscription = null;\n }\n };\n },\n\n sendMessage(data: Record<string, unknown>) {\n nativeModule.sendMessage(instanceId, data);\n },\n /**\n * Hands the URL off to the native WebView and resolves immediately.\n *\n * Per the `WaasSDKContainer` contract (see `@dynamic-labs-wallet/core`\n * types), `setUrl` resolves once the URL has been handed off to the\n * container — NOT when the page has finished loading. Load completion is\n * signalled later via the `iframe-ready-*` message on `onMessage`, and\n * navigation failures surface via `onError`. This dispatch-and-forget\n * shape is load-bearing: the WaaS handshake sequencing expects `setUrl` to\n * resolve before the first message arrives, so `nativeModule.open` is\n * intentionally NOT awaited/returned — its rejection (HTTP errors,\n * navigation failures, preflight errors, etc.) is routed through\n * `emitError` instead. Do not change this to `return nativeModule.open(...)`.\n */\n // Signature is dictated by the upstream WaasSDKContainer interface.\n // eslint-disable-next-line custom-rules/require-single-object-param\n async setUrl(url: string) {\n nativeModule.open(instanceId, url).catch(emitError);\n },\n };\n};\n","import type { AuthMode } from '@dynamic-labs-wallet/browser-wallet-client';\nimport { DynamicWalletClient } from '@dynamic-labs-wallet/browser-wallet-client';\nimport type { SecureStorageAdapter } from '@dynamic-labs-wallet/core';\nimport {\n ACCESSIBLE,\n getGenericPassword,\n resetGenericPassword,\n setGenericPassword,\n} from 'react-native-keychain';\n\nimport { getCore } from '../../../client/core/getCore';\nimport { CorruptedKeyShareError } from '../../../errors/CorruptedKeyShareError';\nimport { CLIENT_SDK_NAME } from '../../apiClient/constants';\nimport { isCookieEnabled } from '../../projectSettings/isCookieEnabled';\nimport {\n DEFAULT_WAAS_BASE_API_URL,\n DEFAULT_WAAS_BASE_MPC_RELAY_API_URL,\n} from '../constants';\nimport type { CreateWaasClient } from './createWaasClient.types';\nimport { createWaasSDKContainer } from './createWaasSDKContainer.native';\n\n/**\n * Keychain security options for the client key share. The share is wallet\n * key material that cannot be re-derived locally, so the options are pinned\n * explicitly rather than inherited from `react-native-keychain` defaults\n * (which vary across versions and platforms).\n *\n * `WHEN_UNLOCKED_THIS_DEVICE_ONLY` keeps the share readable only while the\n * device is unlocked, excludes it from iCloud Keychain sync, and prevents it\n * migrating to a new device on encrypted-backup restore. It deliberately does\n * NOT set `accessControl` (e.g. biometry) — reads must not surface a Face ID /\n * passcode prompt, since the share is read on routine wallet operations.\n */\nconst KEY_SHARE_KEYCHAIN_OPTIONS = {\n accessible: ACCESSIBLE.WHEN_UNLOCKED_THIS_DEVICE_ONLY,\n} as const;\n\n/** @not-instrumented */\nexport const createWaasClient: CreateWaasClient = ({ chainName }, client) => {\n const core = getCore(client);\n\n const additionalTrustedOrigins = core.waas?.additionalTrustedOrigins;\n\n // Namespace the keychain service by environment so two environmentIds on the\n // same device (or two dApps that observe the same account) can't collide and\n // mix key shares. The account address alone is not unique across environments.\n const getKeyShareService = (accountAddress: string): string =>\n `${core.environmentId}:${accountAddress}`;\n\n return new DynamicWalletClient(\n {\n authMode: (isCookieEnabled(client) ? 'cookie' : 'header') as AuthMode,\n authToken: client.token || '',\n baseApiUrl: (core.apiBaseUrl || DEFAULT_WAAS_BASE_API_URL).replace(\n '/api/v0',\n ''\n ),\n baseMPCRelayApiUrl:\n client.projectSettings?.sdk.waas?.relayUrl ||\n DEFAULT_WAAS_BASE_MPC_RELAY_API_URL,\n chainName,\n environmentId: core.environmentId,\n sdkVersion: `${CLIENT_SDK_NAME}/${core.version}`,\n ...(additionalTrustedOrigins == undefined\n ? {}\n : { additionalTrustedOrigins }),\n },\n {\n createWaasSDKContainer,\n // Typed as the upstream SecureStorageAdapter so the key-share method\n // signatures (and the `shares` payload type) stay compiler-enforced\n // against the WaaS SDK contract rather than re-declared locally.\n secureStorage: {\n getClientKeyShare: async (accountAddress) => {\n const result = await getGenericPassword({\n service: getKeyShareService(accountAddress),\n });\n\n if (!result) {\n return [];\n }\n\n // A corrupted or partially-written keychain entry makes JSON.parse\n // throw mid key-share load. Surface a typed error instead of an\n // unhandled rejection so callers can distinguish \"no share stored\"\n // (empty result above) from \"share exists but is unreadable\".\n try {\n return JSON.parse(result.password);\n } catch (cause) {\n throw new CorruptedKeyShareError({\n cause: cause instanceof Error ? cause : null,\n });\n }\n },\n\n removeClientKeyShare: async (accountAddress) => {\n await resetGenericPassword({\n service: getKeyShareService(accountAddress),\n });\n },\n\n setClientKeyShare: async (accountAddress, shares) => {\n await setGenericPassword(accountAddress, JSON.stringify(shares), {\n ...KEY_SHARE_KEYCHAIN_OPTIONS,\n service: getKeyShareService(accountAddress),\n });\n },\n } satisfies SecureStorageAdapter,\n }\n );\n};\n","import type { Chain } from '../../chain';\nimport { CHAINS_INFO_MAP } from '../../wallets/constants';\n\n/** @not-instrumented */\n// eslint-disable-next-line custom-rules/require-single-object-param\nexport const getWaasChainNameFromChain = (chain: Chain): string => {\n return CHAINS_INFO_MAP[chain].waasChainNameOverride || chain;\n};\n","import {\n type BitcoinConfig,\n type DynamicWalletClient,\n ThresholdSignatureScheme,\n WalletOperation,\n} from '@dynamic-labs-wallet/browser-wallet-client';\nimport { MFAAction, TokenScope } from '@dynamic-labs/sdk-api-core';\n\nimport { getCore } from '../../../client/core/getCore';\nimport type { DynamicClient } from '../../../client/types/DynamicClient';\nimport { InvalidParamError } from '../../../errors/InvalidParamError';\nimport { getElevatedAccessToken } from '../../auth/getElevatedAccessToken';\nimport type { Chain } from '../../chain';\nimport { consumeMfaTokenIfRequiredForAction } from '../../mfa/consumeMfaTokenIfRequiredForAction';\nimport { getSignedSessionId } from '../../sessionKeys/getSignedSessionId';\nimport { createWaasClient } from '../createWaasClient';\nimport { getWaasChainNameFromChain } from '../getWaasChainNameFromChain';\nimport type { WaasProvider } from '../waas.types';\n\nconst RAW_MESSAGE_MESSAGE_REQUIRED_LENGTH = 64;\n\ntype CreateWaasProviderParams = {\n chain: Chain;\n sdkClient: DynamicClient;\n};\n\n/** @not-instrumented */\nexport const createWaasProvider = ({\n sdkClient,\n chain,\n}: CreateWaasProviderParams): WaasProvider => {\n const logger = getCore(sdkClient).logger;\n\n let _waasClient: DynamicWalletClient | undefined;\n\n // because the waas client needs the authToken to be set, we can only create it\n // the first time it's needed, which is after the user has logged in\n const getWaasClient: WaasProvider['getWaasClient'] = async () => {\n if (!_waasClient) {\n _waasClient = createWaasClient(\n { chainName: getWaasChainNameFromChain(chain) },\n sdkClient\n );\n await _waasClient.initialize();\n }\n return _waasClient;\n };\n\n const backupKeySharesToGoogleDrive: WaasProvider['backupKeySharesToGoogleDrive'] =\n async ({ googleDriveAccessToken, password, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n return waasClient.backupKeySharesToGoogleDrive({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n googleDriveAccessToken,\n password,\n signedSessionId,\n });\n };\n\n const createWalletAccount: WaasProvider['createWalletAccount'] = async (\n args = {}\n ) => {\n logger.debug('[createWaasProvider] createWalletAccount', {\n bitcoinConfig: args.bitcoinConfig,\n thresholdSignatureScheme: args.thresholdSignatureScheme,\n });\n\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n const waasWallet = await waasClient.createWalletAccount({\n authToken: sdkClient.token ?? undefined,\n bitcoinConfig: args.bitcoinConfig as BitcoinConfig | undefined,\n password: args.password,\n signedSessionId,\n thresholdSignatureScheme:\n args.thresholdSignatureScheme ?? ThresholdSignatureScheme.TWO_OF_TWO,\n });\n\n return waasWallet;\n };\n\n const delegateKeyShares: WaasProvider['delegateKeyShares'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.delegateKeyShares({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n const exportClientKeyshares: WaasProvider['exportClientKeyshares'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n await waasClient.exportClientKeyshares({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n const exportPrivateKey: WaasProvider['exportPrivateKey'] = async ({\n displayContainer,\n walletAccount,\n password,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasExport },\n sdkClient\n );\n\n // Forward any elevated access token previously obtained via step-up\n // (e.g. requestExternalAuthElevatedToken) so the backend authorizes\n // the export under the wallet:export scope.\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletexport },\n sdkClient\n );\n\n await waasClient.exportPrivateKey({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n displayContainer,\n elevatedAccessToken,\n mfaToken,\n password,\n signedSessionId,\n });\n };\n\n const restoreUserShareForWalletAccount: WaasProvider['restoreUserShareForWalletAccount'] =\n async ({ walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n await waasClient.getWallet({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n signedSessionId,\n walletOperation: WalletOperation.SIGN_MESSAGE,\n });\n };\n\n const importPrivateKey: WaasProvider['importPrivateKey'] = async ({\n privateKey,\n thresholdSignatureScheme = ThresholdSignatureScheme.TWO_OF_TWO,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const walletClient = await getWaasClient();\n\n await walletClient.importPrivateKey({\n authToken: sdkClient.token ?? undefined,\n privateKey,\n signedSessionId,\n thresholdSignatureScheme,\n });\n };\n\n const refreshWalletAccountShares: WaasProvider['refreshWalletAccountShares'] =\n async ({ password, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const walletClient = await getWaasClient();\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasRefresh },\n sdkClient\n );\n\n return walletClient.refreshWalletAccountShares({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n mfaToken,\n password,\n signedSessionId,\n });\n };\n\n const revokeDelegation: WaasProvider['revokeDelegation'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.revokeDelegation({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n const setWaasWalletAccountPassword: WaasProvider['setWaasWalletAccountPassword'] =\n async ({ password, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n return waasClient.setPassword({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n newPassword: password,\n signedSessionId,\n });\n };\n\n const signRawMessage: WaasProvider['signRawMessage'] = async ({\n message,\n password,\n walletAccount,\n }) => {\n if (message.length !== RAW_MESSAGE_MESSAGE_REQUIRED_LENGTH) {\n throw new InvalidParamError(\n `Message must be ${RAW_MESSAGE_MESSAGE_REQUIRED_LENGTH} characters long`\n );\n }\n\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasSign },\n sdkClient\n );\n\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletsign },\n sdkClient\n );\n\n const walletClient = await getWaasClient();\n\n const signature = await walletClient.signRawMessage({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n elevatedAccessToken,\n message,\n mfaToken,\n password,\n signedSessionId,\n });\n\n return { signature };\n };\n\n const destroy: WaasProvider['destroy'] = async (args) => {\n if (!_waasClient) {\n return;\n }\n\n const waasClient = await getWaasClient();\n // When a session token expires, we preserve key shares in storage instead\n // of clearing them. Customers with short-lived sessions (minutes) were\n // hitting excessive server-side share recovery on every re-login, which\n // also forced users to re-enter their wallet password since the unlocked\n // share only lives for the duration of the session.\n //\n // This is safe because the waas-sdk separately fingerprints the user\n // (sub + environment_id) and clears all storage if a different user logs\n // in. On explicit user-initiated logout, shares are always cleared for\n // security.\n if (args?.reason !== 'token-expired') {\n await waasClient.cleanup();\n }\n _waasClient = undefined;\n };\n\n const updatePassword: WaasProvider['updatePassword'] = async ({\n walletAccount,\n currentPassword,\n newPassword,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.updatePassword({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n existingPassword: currentPassword,\n newPassword,\n signedSessionId,\n });\n };\n\n const signMessage: WaasProvider['signMessage'] = async ({\n message,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasSign },\n sdkClient\n );\n\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletsign },\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n const signature = await waasClient.signMessage({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n elevatedAccessToken,\n message,\n mfaToken,\n signedSessionId,\n });\n\n return { signature };\n };\n\n const signSerializedTransaction: WaasProvider['signSerializedTransaction'] =\n async ({ chainId, serializedTransaction, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasSign },\n sdkClient\n );\n\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletsign },\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n const signature = await waasClient.signTransaction({\n authToken: sdkClient.token ?? undefined,\n chainId,\n elevatedAccessToken,\n mfaToken,\n senderAddress: walletAccount.address,\n signedSessionId,\n transaction: serializedTransaction,\n });\n\n return { signature };\n };\n\n const getWalletRecoveryState: WaasProvider['getWalletRecoveryState'] =\n async ({ walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n return waasClient.getWalletRecoveryState({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n signedSessionId,\n });\n };\n\n const unlockWallet: WaasProvider['unlockWallet'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.unlockWallet({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n return {\n backupKeySharesToGoogleDrive,\n createWalletAccount,\n delegateKeyShares,\n destroy,\n exportClientKeyshares,\n exportPrivateKey,\n getWaasClient,\n getWalletRecoveryState,\n importPrivateKey,\n refreshWalletAccountShares,\n restoreUserShareForWalletAccount,\n revokeDelegation,\n setWaasWalletAccountPassword,\n signMessage,\n signRawMessage,\n signSerializedTransaction,\n unlockWallet,\n updatePassword,\n };\n};\n","import { WalletProviderEnum } from '@dynamic-labs/sdk-api-core';\n\nimport type { DynamicClient } from '../../../client/types';\nimport { getChainFromVerifiedCredentialChain } from '../../../utils/getChainFromVerifiedCredentialChain';\nimport type { Chain } from '../../chain';\nimport { DYNAMIC_WAAS_METADATA } from '../constants';\n\ntype GetAllUserWaasAddressesForChainParams = {\n chain: Chain;\n};\n\n/** @not-instrumented */\nexport const getAllUserWaasAddressesForChain = (\n { chain }: GetAllUserWaasAddressesForChainParams,\n client: DynamicClient\n): string[] => {\n if (!client.user) {\n return [];\n }\n\n const waasWalletCredentials =\n client.user.verifiedCredentials.filter(\n (credential) =>\n credential.walletProvider === WalletProviderEnum.EmbeddedWallet &&\n credential.walletName\n ?.toLowerCase()\n .startsWith(DYNAMIC_WAAS_METADATA.normalizedWalletName) &&\n credential.address &&\n credential.chain &&\n getChainFromVerifiedCredentialChain(credential.chain) === chain\n ) ?? [];\n\n const waasAddresses: string[] = waasWalletCredentials.map(\n // casting because we're already filtering out credentials without an address\n (credential) => credential.address as string\n );\n\n return waasAddresses;\n};\n","import { assertPackageVersion } from '@dynamic-labs-sdk/assert-package-version';\n\nimport {\n name as packageName,\n version as packageVersion,\n} from '../../package.json';\nassertPackageVersion(packageName, packageVersion);\n\nexport type {\n BitcoinNetwork,\n DynamicWalletClient,\n ThresholdSignatureScheme\n} from '@dynamic-labs-wallet/browser-wallet-client';\nexport { DYNAMIC_WAAS_METADATA } from '../modules/waas/constants';\nexport { createWaasClient } from '../modules/waas/createWaasClient';\nexport { createWaasProvider } from '../modules/waas/createWaasProvider';\nexport { getAllUserWaasAddressesForChain } from '../modules/waas/getAllUserWaasAddressesForChain';\nexport { getWaasChainNameFromChain } from '../modules/waas/getWaasChainNameFromChain';\nexport type {\n WaasProvider,\n WaasWalletProvider\n} from '../modules/waas/waas.types';\n\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAgBA,IAAa,yBAAb,cAA4C,UAAU;CACpD,YAAY,EAAE,QAAQ,SAAuC,EAAE,EAAE;AAC/D,QAAM;GACJ;GACA,MAAM;GACN,SACE;GACF,SAAS;GACT,MAAM;GACN,cAAc;GACf,CAAC;;;;;;ACaN,mCAAe,oBAAoB,IAAU,uBAAuB;;;;;;;;;;ACJpE,IAAa,yBAAb,cAA4C,UAAU;CACpD,AAAS;CACT,AAAS;CACT,AAAS;CAET,YAAY,EACV,QACA,cACA,QAAQ,MACR,YACA,mBAC+B;AAC/B,QAAM;GACJ;GACA,MAAM;GACN,SAAS;GACT,SAAS;GACT,MAAM;GACN;GACD,CAAC;AACF,OAAK,SAAS;AACd,OAAK,aAAa;AAClB,OAAK,kBAAkB;;;;;;ACjD3B,MAAMA,wBAAkE;CACtE,mBAAmB;CACnB,oCAAoC;CACpC,oBAAoB;CACpB,uBAAuB;CACvB,qBAAqB;CACrB,2BAA2B;CAC3B,sBAAsB;CACtB,qBAAqB;CACtB;;;;;;;;;;;;;;;;AA6BD,MAAa,4BACX,QAC2B;CAC3B,MAAM,YAAa,OAAO,EAAE;CAM5B,MAAM,yBACJ,SAEA,QAAQ,UAAa,QAAQ;CAE/B,MAAMC,SAAmC,sBAAsB,UAAU,KAAK,GAC1E,sBAAsB,UAAU,QAChC;AACJ,QAAO,IAAI,uBAAuB;EAChC,OAAO,eAAe,QAAQ,MAAM;EACpC;EACA,cACE,UAAU,WAAW,+BAA+B,OAAO;EAC7D,YAAY,UAAU,UAAU;EAChC,iBAAiB,UAAU,UAAU;EACtC,CAAC;;;;;AC/DJ,MAAM,qBAAqB;AAC3B,MAAM,qBAAqB;AAO3B,MAAM,2BACJ,GAAG,KAAK,KAAK,CAAC,SAAS,GAAG,CAAC,GAAG,KAAK,QAAQ,CAAC,SAAS,GAAG,CAAC,MAAM,GAAG,GAAG;;;;;;;;;AAUvE,MAAa,+BAAiD;AAC5D,KAAI,CAACC,6BACH,OAAM,IAAI,2BAA2B,EAAE,YAAY,oBAAoB,CAAC;CAG1E,MAAM,eAAeA;CACrB,MAAM,aAAa,oBAAoB;CAKvC,MAAM,UAAU,IAAI,mBAClB,aACD;CAOD,MAAMC,kBAAkD,EAAE;CAC1D,MAAMC,gBAAiD,EAAE;CACzD,IAAIC,eAA8C;CAClD,IAAI,YAAY;CAEhB,MAAM,aAAa,QAAuB;AACxC,MAAI,UAAW;EACf,MAAM,aAAa,yBAAyB,IAAI;AAKhD,MAAI,WAAW,WAAW,YAAa;AACvC,OAAK,MAAM,WAAW,cACpB,SAAQ,WAAW;;AAIvB,QAAO;EACL,UAAU;AACR,OAAI,UAAW;AACf,eAAY;AAEZ,iBAAc,QAAQ;AACtB,kBAAe;AACf,mBAAgB,SAAS;AACzB,iBAAc,SAAS;AACvB,gBAAa,MAAM,WAAW;;EAGhC,eAAe,CAAC;EAIhB,QAAQ,SAAmC;AACzC,iBAAc,KAAK,QAAQ;AAC3B,gBAAa;IACX,MAAM,QAAQ,cAAc,QAAQ,QAAQ;AAC5C,QAAI,UAAU,GAAI,eAAc,OAAO,OAAO,EAAE;;;EAMpD,UAAU,SAAkC;AAC1C,mBAAgB,KAAK,QAAQ;AAE7B,oBAAiB,QAAQ,YACvB,qBACC,YAAgC;AAC/B,QAAI,QAAQ,eAAe,WAAY;AAEvC,SAAK,MAAM,MAAM,gBACf,IAAG,QAAQ,KAAK;KAGrB;AAID,gBAAa;IACX,MAAM,QAAQ,gBAAgB,QAAQ,QAAQ;AAC9C,QAAI,UAAU,GAAI,iBAAgB,OAAO,OAAO,EAAE;AAClD,QAAI,gBAAgB,WAAW,GAAG;AAChC,mBAAc,QAAQ;AACtB,oBAAe;;;;EAKrB,YAAY,MAA+B;AACzC,gBAAa,YAAY,YAAY,KAAK;;EAkB5C,MAAM,OAAO,KAAa;AACxB,gBAAa,KAAK,YAAY,IAAI,CAAC,MAAM,UAAU;;EAEtD;;;;;;;;;;;;;;;;;ACzGH,MAAM,6BAA6B,EACjC,YAAY,WAAW,gCACxB;;AAGD,MAAaC,oBAAsC,EAAE,aAAa,WAAW;CAC3E,MAAM,OAAO,QAAQ,OAAO;CAE5B,MAAM,2BAA2B,KAAK,MAAM;CAK5C,MAAM,sBAAsB,mBAC1B,GAAG,KAAK,cAAc,GAAG;AAE3B,QAAO,IAAI,oBACT;EACE,UAAW,gBAAgB,OAAO,GAAG,WAAW;EAChD,WAAW,OAAO,SAAS;EAC3B,aAAa,KAAK,cAAc,2BAA2B,QACzD,WACA,GACD;EACD,oBACE,OAAO,iBAAiB,IAAI,MAAM,YAClC;EACF;EACA,eAAe,KAAK;EACpB,YAAY,GAAG,gBAAgB,GAAG,KAAK;EACvC,GAAI,4BAA4B,SAC5B,EAAE,GACF,EAAE,0BAA0B;EACjC,EACD;EACE;EAIA,eAAe;GACb,mBAAmB,OAAO,mBAAmB;IAC3C,MAAM,SAAS,MAAM,mBAAmB,EACtC,SAAS,mBAAmB,eAAe,EAC5C,CAAC;AAEF,QAAI,CAAC,OACH,QAAO,EAAE;AAOX,QAAI;AACF,YAAO,KAAK,MAAM,OAAO,SAAS;aAC3B,OAAO;AACd,WAAM,IAAI,uBAAuB,EAC/B,OAAO,iBAAiB,QAAQ,QAAQ,MACzC,CAAC;;;GAIN,sBAAsB,OAAO,mBAAmB;AAC9C,UAAM,qBAAqB,EACzB,SAAS,mBAAmB,eAAe,EAC5C,CAAC;;GAGJ,mBAAmB,OAAO,gBAAgB,WAAW;AACnD,UAAM,mBAAmB,gBAAgB,KAAK,UAAU,OAAO,EAAE;KAC/D,GAAG;KACH,SAAS,mBAAmB,eAAe;KAC5C,CAAC;;GAEL;EACF,CACF;;;;;;ACxGH,MAAa,6BAA6B,UAAyB;AACjE,QAAO,gBAAgB,OAAO,yBAAyB;;;;;ACazD,MAAM,sCAAsC;;AAQ5C,MAAa,sBAAsB,EACjC,WACA,YAC4C;CAC5C,MAAM,SAAS,QAAQ,UAAU,CAAC;CAElC,IAAIC;CAIJ,MAAMC,gBAA+C,YAAY;AAC/D,MAAI,CAAC,aAAa;AAChB,iBAAc,iBACZ,EAAE,WAAW,0BAA0B,MAAM,EAAE,EAC/C,UACD;AACD,SAAM,YAAY,YAAY;;AAEhC,SAAO;;CAGT,MAAMC,+BACJ,OAAO,EAAE,wBAAwB,UAAU,oBAAoB;EAC7D,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;AAID,UAFmB,MAAM,eAAe,EAEtB,6BAA6B;GAC7C,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACD,CAAC;;CAGN,MAAMC,sBAA2D,OAC/D,OAAO,EAAE,KACN;AACH,SAAO,MAAM,4CAA4C;GACvD,eAAe,KAAK;GACpB,0BAA0B,KAAK;GAChC,CAAC;EAEF,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAa1E,SATmB,OAFA,MAAM,eAAe,EAEJ,oBAAoB;GACtD,WAAW,UAAU,SAAS;GAC9B,eAAe,KAAK;GACpB,UAAU,KAAK;GACf;GACA,0BACE,KAAK,4BAA4B,yBAAyB;GAC7D,CAAC;;CAKJ,MAAMC,oBAAuD,OAAO,EAClE,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,kBAAkB;GAClC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;CAGJ,MAAMC,wBAA+D,OAAO,EAC1E,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,SAFmB,MAAM,eAAe,EAEvB,sBAAsB;GACrC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;CAGJ,MAAMC,mBAAqD,OAAO,EAChE,kBACA,eACA,eACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;EAE1E,MAAM,aAAa,MAAM,eAAe;EAExC,MAAM,WAAW,MAAM,mCACrB,EAAE,WAAW,UAAU,kBAAkB,EACzC,UACD;EAKD,MAAM,sBAAsBC,iCAC1B,EAAE,OAAO,WAAW,cAAc,EAClC,UACD;AAED,QAAM,WAAW,iBAAiB;GAChC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACA;GACA;GACD,CAAC;;CAGJ,MAAMC,mCACJ,OAAO,EAAE,oBAAoB;EAC3B,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;AAID,SAFmB,MAAM,eAAe,EAEvB,UAAU;GACzB,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA,iBAAiB,gBAAgB;GAClC,CAAC;;CAGN,MAAMC,mBAAqD,OAAO,EAChE,YACA,2BAA2B,yBAAyB,iBAChD;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,SAFqB,MAAM,eAAe,EAEvB,iBAAiB;GAClC,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACD,CAAC;;CAGJ,MAAMC,6BACJ,OAAO,EAAE,UAAU,oBAAoB;EACrC,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;EAED,MAAM,eAAe,MAAM,eAAe;EAE1C,MAAM,WAAW,MAAM,mCACrB,EAAE,WAAW,UAAU,mBAAmB,EAC1C,UACD;AAED,SAAO,aAAa,2BAA2B;GAC7C,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACD,CAAC;;CAGN,MAAMC,mBAAqD,OAAO,EAChE,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,iBAAiB;GACjC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;CAGJ,MAAMC,+BACJ,OAAO,EAAE,UAAU,oBAAoB;EACrC,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;AAID,UAFmB,MAAM,eAAe,EAEtB,YAAY;GAC5B,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B,aAAa;GACb;GACD,CAAC;;CAGN,MAAMC,iBAAiD,OAAO,EAC5D,SACA,UACA,oBACI;AACJ,MAAI,QAAQ,WAAW,oCACrB,OAAM,IAAI,kBACR,mBAAmB,oCAAoC,kBACxD;EAGH,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;EAE1E,MAAM,WAAW,MAAM,mCACrB,EAAE,WAAW,UAAU,gBAAgB,EACvC,UACD;EAED,MAAM,sBAAsBN,iCAC1B,EAAE,OAAO,WAAW,YAAY,EAChC,UACD;AAcD,SAAO,EAAE,WAVS,OAFG,MAAM,eAAe,EAEL,eAAe;GAClD,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACA;GACA;GACD,CAAC,EAEkB;;CAGtB,MAAMO,UAAmC,OAAO,SAAS;AACvD,MAAI,CAAC,YACH;EAGF,MAAM,aAAa,MAAM,eAAe;AAWxC,MAAI,MAAM,WAAW,gBACnB,OAAM,WAAW,SAAS;AAE5B,gBAAc;;CAGhB,MAAMC,iBAAiD,OAAO,EAC5D,eACA,iBACA,kBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,eAAe;GAC/B,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B,kBAAkB;GAClB;GACA;GACD,CAAC;;CAGJ,MAAMC,cAA2C,OAAO,EACtD,SACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;EAE1E,MAAM,WAAW,MAAM,mCACrB,EAAE,WAAW,UAAU,gBAAgB,EACvC,UACD;EAED,MAAM,sBAAsBT,iCAC1B,EAAE,OAAO,WAAW,YAAY,EAChC,UACD;AAaD,SAAO,EAAE,WATS,OAFC,MAAM,eAAe,EAEL,YAAY;GAC7C,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACA;GACD,CAAC,EAEkB;;CAGtB,MAAMU,4BACJ,OAAO,EAAE,SAAS,uBAAuB,oBAAoB;EAC3D,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;EAED,MAAM,WAAW,MAAM,mCACrB,EAAE,WAAW,UAAU,gBAAgB,EACvC,UACD;EAED,MAAM,sBAAsBV,iCAC1B,EAAE,OAAO,WAAW,YAAY,EAChC,UACD;AAcD,SAAO,EAAE,WAVS,OAFC,MAAM,eAAe,EAEL,gBAAgB;GACjD,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACA,eAAe,cAAc;GAC7B;GACA,aAAa;GACd,CAAC,EAEkB;;CAGxB,MAAMW,yBACJ,OAAO,EAAE,oBAAoB;EAC3B,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;AAID,UAFmB,MAAM,eAAe,EAEtB,uBAAuB;GACvC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACD,CAAC;;CAGN,MAAMC,eAA6C,OAAO,EACxD,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,aAAa;GAC7B,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;AAGJ,QAAO;EACL;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACD;;;;;;ACjaH,MAAa,mCACX,EAAE,SACF,WACa;AACb,KAAI,CAAC,OAAO,KACV,QAAO,EAAE;AAoBX,SAhBE,OAAO,KAAK,oBAAoB,QAC7B,eACC,WAAW,mBAAmB,mBAAmB,kBACjD,WAAW,YACP,aAAa,CACd,WAAW,sBAAsB,qBAAqB,IACzD,WAAW,WACX,WAAW,SACX,oCAAoC,WAAW,MAAM,KAAK,MAC7D,IAAI,EAAE,EAE6C,KAEnD,eAAe,WAAW,QAC5B;;;;;AC7BH,qBAAqBC,MAAaC,QAAe"}
1
+ {"version":3,"file":"waasCore.native.esm.js","names":["REASON_BY_NATIVE_CODE: Record<string, WebViewLoadFailureReason>","reason: WebViewLoadFailureReason","NativeDynamicWebView","messageHandlers: Array<(data: unknown) => void>","errorHandlers: Array<(error: unknown) => void>","subscription: { remove: () => void } | null","createWaasClient: CreateWaasClient","_waasClient: DynamicWalletClient | undefined","getWaasClient: WaasProvider['getWaasClient']","backupKeySharesToGoogleDrive: WaasProvider['backupKeySharesToGoogleDrive']","createWalletAccount: WaasProvider['createWalletAccount']","delegateKeyShares: WaasProvider['delegateKeyShares']","exportClientKeyshares: WaasProvider['exportClientKeyshares']","exportPrivateKey: WaasProvider['exportPrivateKey']","getElevatedAccessToken","restoreUserShareForWalletAccount: WaasProvider['restoreUserShareForWalletAccount']","importPrivateKey: WaasProvider['importPrivateKey']","refreshWalletAccountShares: WaasProvider['refreshWalletAccountShares']","revokeDelegation: WaasProvider['revokeDelegation']","setWaasWalletAccountPassword: WaasProvider['setWaasWalletAccountPassword']","signRawMessage: WaasProvider['signRawMessage']","destroy: WaasProvider['destroy']","updatePassword: WaasProvider['updatePassword']","signMessage: WaasProvider['signMessage']","signSerializedTransaction: WaasProvider['signSerializedTransaction']","getWalletRecoveryState: WaasProvider['getWalletRecoveryState']","unlockWallet: WaasProvider['unlockWallet']","packageName","packageVersion"],"sources":["../src/errors/CorruptedKeyShareError.ts","../src/turboModules/NativeDynamicWebView.ts","../src/errors/WebViewLoadFailedError.ts","../src/modules/waas/createWaasClient/translateNativeOpenError.ts","../src/modules/waas/createWaasClient/createWaasSDKContainer.native.ts","../src/modules/waas/createWaasClient/createWaasClient.native.ts","../src/modules/waas/getWaasChainNameFromChain/getWaasChainNameFromChain.ts","../src/modules/waas/createWaasProvider/createWaasProvider.ts","../src/modules/waas/getAllUserWaasAddressesForChain/getAllUserWaasAddressesForChain.ts","../src/exports/waasCore.ts"],"sourcesContent":["import { BaseError } from './base';\n\ntype CorruptedKeyShareErrorParams = {\n cause?: Error | null;\n};\n\n/**\n * Thrown when a persisted client key share cannot be parsed back into its\n * structured form (e.g. a partially-written or corrupted keychain entry).\n *\n * Surfaced as a typed error rather than swallowed so callers can distinguish\n * \"no key share stored\" (empty result) from \"key share exists but is\n * unreadable\" — the latter must never be silently treated as the former,\n * which could trigger an unintended re-keygen that overwrites recoverable\n * material.\n */\nexport class CorruptedKeyShareError extends BaseError {\n constructor({ cause = null }: CorruptedKeyShareErrorParams = {}) {\n super({\n cause,\n code: 'corrupted_key_share_error',\n details:\n 'The stored client key share could not be parsed. The secure storage entry may be partially written or corrupted.',\n docsUrl: null,\n name: 'CorruptedKeyShareError',\n shortMessage: 'Stored client key share is corrupted and cannot be read.',\n });\n }\n}\n","// This file is a TurboModule spec consumed by React Native codegen.\n// The `interface`, `default export`, and the `react-native` import are hard\n// requirements of the codegen parser and intentionally deviate from the\n// project's conventions. Codegen discovers specs by the `Native*` filename\n// prefix, so this file cannot be renamed to `.native.ts`.\n\nimport { type TurboModule, TurboModuleRegistry } from 'react-native';\nimport type { UnsafeObject } from 'react-native/Libraries/Types/CodegenTypes';\n\nexport interface Spec extends TurboModule {\n addListener(eventName: string): void;\n close(instanceId: string): void;\n /**\n * Creates a WKWebView for the given instanceId and begins loading `url`.\n *\n * Resolves on `didCommit` — i.e. the first byte of a 2xx/3xx HTTP\n * response has been received and content parsing has started. Page-ready\n * (e.g. the hosted iframe's `iframe-ready-*` handshake) is a separate\n * concern and must be observed by the caller via the message bus; this\n * Promise does not wait for it.\n *\n * Rejects with a `code` of `webview_<reason>` where `<reason>` is one of:\n * - `invalid_url` — URL string was not parseable\n * - `no_host_view` — no foreground window to attach the WebView\n * - `http_error` — response status was >= 400 (userInfo contains `DynamicWebViewStatusCode`)\n * - `navigation_failed` — DNS, TLS, connection failure, or post-commit abort\n * - `cancelled` — `close(instanceId)` was called while this open was pending\n * - `instance_busy` — `open` was called for an instanceId that already has an active WebView\n * - `content_process_terminated` — the WKWebView WebContent process died during load\n * - `unsupported` — the device's Android System WebView is too old to support the secure bridge (Android only)\n *\n * rejection codes into typed `WebViewLoadFailedError` instances.\n */\n open(instanceId: string, url: string): Promise<void>;\n removeListeners(count: number): void;\n sendMessage(instanceId: string, data: UnsafeObject): void;\n}\n\n// eslint-disable-next-line import/no-default-export\nexport default TurboModuleRegistry.get<Spec>('DynamicClientWebView');\n","import { BaseError } from './base/BaseError';\n\n/**\n * Discriminator for `WebViewLoadFailedError`. Identifies the specific\n * failure mode so callers can branch on it (e.g. retry on transient\n * navigation failures, abort on invalid URL, treat HTTP errors distinct\n * from network errors).\n */\nexport type WebViewLoadFailureReason =\n | 'invalid_url'\n | 'no_host_view'\n | 'http_error'\n | 'navigation_failed'\n | 'cancelled'\n | 'instance_busy'\n | 'content_process_terminated'\n | 'unsupported';\n\ntype WebViewLoadFailedErrorParams = {\n cause?: Error | null;\n reason: WebViewLoadFailureReason;\n shortMessage: string;\n /** HTTP response status code. Populated only when `reason === 'http_error'`. */\n statusCode?: number;\n /** Underlying OS-level error description (e.g. `NSURLErrorDomain`\n * localizedDescription). Populated for `reason === 'navigation_failed'`. */\n underlyingError?: string;\n};\n\n/**\n * Thrown when `DynamicWebView.open()` (via the WaaS transport provider)\n * fails to establish a usable load. Inspect `reason` to distinguish the\n * failure mode; `statusCode` and `underlyingError` provide structured\n * metadata for the cases that have it.\n */\nexport class WebViewLoadFailedError extends BaseError {\n readonly reason: WebViewLoadFailureReason;\n readonly statusCode: number | undefined;\n readonly underlyingError: string | undefined;\n\n constructor({\n reason,\n shortMessage,\n cause = null,\n statusCode,\n underlyingError,\n }: WebViewLoadFailedErrorParams) {\n super({\n cause,\n code: 'webview_load_failed_error',\n details: underlyingError,\n docsUrl: null,\n name: 'WebViewLoadFailedError',\n shortMessage,\n });\n this.reason = reason;\n this.statusCode = statusCode;\n this.underlyingError = underlyingError;\n }\n}\n","import {\n WebViewLoadFailedError,\n type WebViewLoadFailureReason,\n} from '../../../errors/WebViewLoadFailedError';\n\n// Maps the native-side RCT reject codes (emitted by DynamicWebView.mm) to the\n// JS-level discriminator on `WebViewLoadFailedError`. Keys must stay in sync\n// with the `Reason.*` strings in DynamicWebViewImpl.swift.\nconst REASON_BY_NATIVE_CODE: Record<string, WebViewLoadFailureReason> = {\n webview_cancelled: 'cancelled',\n webview_content_process_terminated: 'content_process_terminated',\n webview_http_error: 'http_error',\n webview_instance_busy: 'instance_busy',\n webview_invalid_url: 'invalid_url',\n webview_navigation_failed: 'navigation_failed',\n webview_no_host_view: 'no_host_view',\n webview_unsupported: 'unsupported',\n};\n\n// React Native serializes the native NSError's userInfo onto the JS Error as\n// `userInfo`. These keys must stay in sync with the `errorStatusCodeKey` /\n// `errorUnderlyingDescriptionKey` constants in DynamicWebViewImpl.swift.\ntype NativeRejection = {\n code?: string;\n message?: string;\n userInfo?: {\n DynamicWebViewStatusCode?: number;\n DynamicWebViewUnderlying?: string;\n };\n};\n\n/**\n * Translates a native `DynamicWebView.open()` rejection into a typed\n * `WebViewLoadFailedError`. Maps the native RCT reject code to the JS-level\n * `WebViewLoadFailureReason` discriminator (falling back to\n * `navigation_failed` for unrecognized codes) and carries through the\n * structured `statusCode` / `underlyingError` metadata.\n *\n * The `reason` it produces is the contract `createWaasSDKContainer` branches\n * on — notably `emitError` swallows `cancelled` because that code is only ever\n * produced by our own `close()` teardown (verified on both the iOS and Android\n * native sides). Keep `REASON_BY_NATIVE_CODE` in sync with the native reject\n * codes so that branching stays correct.\n *\n * @not-instrumented\n */\nexport const translateNativeOpenError = (\n err: unknown\n): WebViewLoadFailedError => {\n const rejection = (err ?? {}) as NativeRejection;\n\n // Must check the KEYS of REASON_BY_NATIVE_CODE (the `webview_*` native\n // codes), not its values (the JS-level reasons) — this is called with the\n // native code, so checking values made every code fall through to\n // `navigation_failed` and silently broke the `cancelled` swallow.\n const isNativeRejectionCode = (\n code: string | undefined\n ): code is keyof typeof REASON_BY_NATIVE_CODE =>\n code != undefined && code in REASON_BY_NATIVE_CODE;\n\n const reason: WebViewLoadFailureReason = isNativeRejectionCode(rejection.code)\n ? REASON_BY_NATIVE_CODE[rejection.code]\n : 'navigation_failed';\n return new WebViewLoadFailedError({\n cause: err instanceof Error ? err : null,\n reason,\n shortMessage:\n rejection.message ?? `DynamicWebView open failed (${reason}).`,\n statusCode: rejection.userInfo?.DynamicWebViewStatusCode,\n underlyingError: rejection.userInfo?.DynamicWebViewUnderlying,\n });\n};\n","import type { WaasSDKContainer } from '@dynamic-labs-wallet/core';\nimport { NativeEventEmitter } from 'react-native';\n\nimport { NativeModuleNotLinkedError } from '../../../errors/NativeModuleNotLinkedError';\nimport NativeDynamicWebView from '../../../turboModules/NativeDynamicWebView';\nimport { translateNativeOpenError } from './translateNativeOpenError';\n\nconst NATIVE_MODULE_NAME = 'DynamicClientWebView';\nconst MESSAGE_EVENT_NAME = 'dynamicBridgeMessage';\n\ntype BridgeEventPayload = {\n data: unknown;\n instanceId: string;\n};\n\nconst generateInstanceId = (): string =>\n `${Date.now().toString(36)}-${crypto.randomUUID()}`;\n\n/**\n * Creates a React Native `WaasSDKContainer` backed by a native WebView\n * (WKWebView on iOS, `android.webkit.WebView` on Android) hosted by the\n * `DynamicClientWebView` TurboModule. Each invocation returns an isolated\n * container with its own instance ID, native WebView, and message routing.\n *\n * @not-instrumented\n */\nexport const createWaasSDKContainer = (): WaasSDKContainer => {\n if (!NativeDynamicWebView) {\n throw new NativeModuleNotLinkedError({ moduleName: NATIVE_MODULE_NAME });\n }\n\n const nativeModule = NativeDynamicWebView;\n const instanceId = generateInstanceId();\n // Construct the emitter against the TurboModule itself — on New Arch,\n // `NativeModules[name]` can be a different compatibility-shim object,\n // and binding `addListener`/`removeListeners` on the wrong instance\n // leaves `startObserving` in the native emitter never firing.\n const emitter = new NativeEventEmitter(\n nativeModule as unknown as ConstructorParameters<\n typeof NativeEventEmitter\n >[0]\n );\n\n // IframeManager on the WaaS SDK calls `container.onMessage(handler)` twice\n // on the same container — once to wait for the `iframe-ready-*` handshake,\n // and once later from `setupWaasSDKContainerBridge` to forward transport\n // messages. Both handlers need to receive every message, so the container\n // fans out to all registered handlers instead of enforcing single-register.\n const messageHandlers: Array<(data: unknown) => void> = [];\n const errorHandlers: Array<(error: unknown) => void> = [];\n let subscription: { remove: () => void } | null = null;\n let destroyed = false;\n\n const emitError = (err: unknown): void => {\n if (destroyed) return;\n const translated = translateNativeOpenError(err);\n // `cancelled` is only ever produced by our own `close()` teardown path on\n // the native side. Surfacing it via onError would make consumers like\n // IframeManager interpret their own destroy as a load failure and retry\n // against a provider that no longer exists.\n if (translated.reason === 'cancelled') return;\n for (const handler of errorHandlers) {\n handler(translated);\n }\n };\n\n return {\n destroy() {\n if (destroyed) return;\n destroyed = true;\n\n subscription?.remove();\n subscription = null;\n messageHandlers.length = 0;\n errorHandlers.length = 0;\n nativeModule.close(instanceId);\n },\n\n isAlive: () => !destroyed,\n\n // Signature is dictated by the upstream WaasSDKContainer interface.\n // eslint-disable-next-line custom-rules/require-single-object-param\n onError(handler: (error: unknown) => void) {\n errorHandlers.push(handler);\n return () => {\n const index = errorHandlers.indexOf(handler);\n if (index !== -1) errorHandlers.splice(index, 1);\n };\n },\n\n // Signature is dictated by the upstream WaasSDKContainer interface.\n // eslint-disable-next-line custom-rules/require-single-object-param\n onMessage(handler: (data: unknown) => void) {\n messageHandlers.push(handler);\n\n subscription ??= emitter.addListener(\n MESSAGE_EVENT_NAME,\n (payload: BridgeEventPayload) => {\n if (payload.instanceId !== instanceId) return;\n\n for (const fn of messageHandlers) {\n fn(payload.data);\n }\n }\n );\n\n // WaaS client expects onMessage to return an unsubscribe function —\n // used e.g. to tear down the one-shot handshake handler.\n return () => {\n const index = messageHandlers.indexOf(handler);\n if (index !== -1) messageHandlers.splice(index, 1);\n if (messageHandlers.length === 0) {\n subscription?.remove();\n subscription = null;\n }\n };\n },\n\n sendMessage(data: Record<string, unknown>) {\n nativeModule.sendMessage(instanceId, data);\n },\n /**\n * Hands the URL off to the native WebView and resolves immediately.\n *\n * Per the `WaasSDKContainer` contract (see `@dynamic-labs-wallet/core`\n * types), `setUrl` resolves once the URL has been handed off to the\n * container — NOT when the page has finished loading. Load completion is\n * signalled later via the `iframe-ready-*` message on `onMessage`, and\n * navigation failures surface via `onError`. This dispatch-and-forget\n * shape is load-bearing: the WaaS handshake sequencing expects `setUrl` to\n * resolve before the first message arrives, so `nativeModule.open` is\n * intentionally NOT awaited/returned — its rejection (HTTP errors,\n * navigation failures, preflight errors, etc.) is routed through\n * `emitError` instead. Do not change this to `return nativeModule.open(...)`.\n */\n // Signature is dictated by the upstream WaasSDKContainer interface.\n // eslint-disable-next-line custom-rules/require-single-object-param\n async setUrl(url: string) {\n nativeModule.open(instanceId, url).catch(emitError);\n },\n };\n};\n","import type { AuthMode } from '@dynamic-labs-wallet/browser-wallet-client';\nimport { DynamicWalletClient } from '@dynamic-labs-wallet/browser-wallet-client';\nimport type { SecureStorageAdapter } from '@dynamic-labs-wallet/core';\nimport {\n ACCESSIBLE,\n getGenericPassword,\n resetGenericPassword,\n setGenericPassword,\n} from 'react-native-keychain';\n\nimport { getCore } from '../../../client/core/getCore';\nimport { CorruptedKeyShareError } from '../../../errors/CorruptedKeyShareError';\nimport { CLIENT_SDK_NAME } from '../../apiClient/constants';\nimport { isCookieEnabled } from '../../projectSettings/isCookieEnabled';\nimport {\n DEFAULT_WAAS_BASE_API_URL,\n DEFAULT_WAAS_BASE_MPC_RELAY_API_URL,\n} from '../constants';\nimport type { CreateWaasClient } from './createWaasClient.types';\nimport { createWaasSDKContainer } from './createWaasSDKContainer.native';\n\n/**\n * Keychain security options for the client key share. The share is wallet\n * key material that cannot be re-derived locally, so the options are pinned\n * explicitly rather than inherited from `react-native-keychain` defaults\n * (which vary across versions and platforms).\n *\n * `WHEN_UNLOCKED_THIS_DEVICE_ONLY` keeps the share readable only while the\n * device is unlocked, excludes it from iCloud Keychain sync, and prevents it\n * migrating to a new device on encrypted-backup restore. It deliberately does\n * NOT set `accessControl` (e.g. biometry) — reads must not surface a Face ID /\n * passcode prompt, since the share is read on routine wallet operations.\n */\nconst KEY_SHARE_KEYCHAIN_OPTIONS = {\n accessible: ACCESSIBLE.WHEN_UNLOCKED_THIS_DEVICE_ONLY,\n} as const;\n\n/** @not-instrumented */\nexport const createWaasClient: CreateWaasClient = ({ chainName }, client) => {\n const core = getCore(client);\n\n const additionalTrustedOrigins = core.waas?.additionalTrustedOrigins;\n\n // Namespace the keychain service by environment so two environmentIds on the\n // same device (or two dApps that observe the same account) can't collide and\n // mix key shares. The account address alone is not unique across environments.\n const getKeyShareService = (accountAddress: string): string =>\n `${core.environmentId}:${accountAddress}`;\n\n return new DynamicWalletClient(\n {\n authMode: (isCookieEnabled(client) ? 'cookie' : 'header') as AuthMode,\n authToken: client.token || '',\n baseApiUrl: (core.apiBaseUrl || DEFAULT_WAAS_BASE_API_URL).replace(\n '/api/v0',\n ''\n ),\n baseMPCRelayApiUrl:\n client.projectSettings?.sdk.waas?.relayUrl ||\n DEFAULT_WAAS_BASE_MPC_RELAY_API_URL,\n chainName,\n environmentId: core.environmentId,\n sdkVersion: `${CLIENT_SDK_NAME}/${core.version}`,\n ...(additionalTrustedOrigins == undefined\n ? {}\n : { additionalTrustedOrigins }),\n },\n {\n createWaasSDKContainer,\n // Typed as the upstream SecureStorageAdapter so the key-share method\n // signatures (and the `shares` payload type) stay compiler-enforced\n // against the WaaS SDK contract rather than re-declared locally.\n secureStorage: {\n getClientKeyShare: async (accountAddress) => {\n const result = await getGenericPassword({\n service: getKeyShareService(accountAddress),\n });\n\n if (!result) {\n return [];\n }\n\n // A corrupted or partially-written keychain entry makes JSON.parse\n // throw mid key-share load. Surface a typed error instead of an\n // unhandled rejection so callers can distinguish \"no share stored\"\n // (empty result above) from \"share exists but is unreadable\".\n try {\n return JSON.parse(result.password);\n } catch (cause) {\n throw new CorruptedKeyShareError({\n cause: cause instanceof Error ? cause : null,\n });\n }\n },\n\n removeClientKeyShare: async (accountAddress) => {\n await resetGenericPassword({\n service: getKeyShareService(accountAddress),\n });\n },\n\n setClientKeyShare: async (accountAddress, shares) => {\n await setGenericPassword(accountAddress, JSON.stringify(shares), {\n ...KEY_SHARE_KEYCHAIN_OPTIONS,\n service: getKeyShareService(accountAddress),\n });\n },\n } satisfies SecureStorageAdapter,\n }\n );\n};\n","import type { Chain } from '../../chain';\nimport { CHAINS_INFO_MAP } from '../../wallets/constants';\n\n/** @not-instrumented */\n// eslint-disable-next-line custom-rules/require-single-object-param\nexport const getWaasChainNameFromChain = (chain: Chain): string => {\n return CHAINS_INFO_MAP[chain].waasChainNameOverride || chain;\n};\n","import {\n type BitcoinConfig,\n type DynamicWalletClient,\n ThresholdSignatureScheme,\n WalletOperation,\n} from '@dynamic-labs-wallet/browser-wallet-client';\nimport { MFAAction, TokenScope } from '@dynamic-labs/sdk-api-core';\n\nimport { getCore } from '../../../client/core/getCore';\nimport type { DynamicClient } from '../../../client/types/DynamicClient';\nimport { InvalidParamError } from '../../../errors/InvalidParamError';\nimport { getElevatedAccessToken } from '../../auth/getElevatedAccessToken';\nimport type { Chain } from '../../chain';\nimport { consumeMfaTokenIfRequiredForAction } from '../../mfa/consumeMfaTokenIfRequiredForAction';\nimport { getSignedSessionId } from '../../sessionKeys/getSignedSessionId';\nimport { createWaasClient } from '../createWaasClient';\nimport { getWaasChainNameFromChain } from '../getWaasChainNameFromChain';\nimport type { WaasProvider } from '../waas.types';\n\nconst RAW_MESSAGE_MESSAGE_REQUIRED_LENGTH = 64;\n\ntype CreateWaasProviderParams = {\n chain: Chain;\n sdkClient: DynamicClient;\n};\n\n/** @not-instrumented */\nexport const createWaasProvider = ({\n sdkClient,\n chain,\n}: CreateWaasProviderParams): WaasProvider => {\n const logger = getCore(sdkClient).logger;\n\n let _waasClient: DynamicWalletClient | undefined;\n\n // because the waas client needs the authToken to be set, we can only create it\n // the first time it's needed, which is after the user has logged in\n const getWaasClient: WaasProvider['getWaasClient'] = async () => {\n if (!_waasClient) {\n _waasClient = createWaasClient(\n { chainName: getWaasChainNameFromChain(chain) },\n sdkClient\n );\n await _waasClient.initialize();\n }\n return _waasClient;\n };\n\n const backupKeySharesToGoogleDrive: WaasProvider['backupKeySharesToGoogleDrive'] =\n async ({ googleDriveAccessToken, password, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n return waasClient.backupKeySharesToGoogleDrive({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n googleDriveAccessToken,\n password,\n signedSessionId,\n });\n };\n\n const createWalletAccount: WaasProvider['createWalletAccount'] = async (\n args = {}\n ) => {\n logger.debug('[createWaasProvider] createWalletAccount', {\n bitcoinConfig: args.bitcoinConfig,\n thresholdSignatureScheme: args.thresholdSignatureScheme,\n });\n\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n const waasWallet = await waasClient.createWalletAccount({\n authToken: sdkClient.token ?? undefined,\n bitcoinConfig: args.bitcoinConfig as BitcoinConfig | undefined,\n password: args.password,\n signedSessionId,\n thresholdSignatureScheme:\n args.thresholdSignatureScheme ?? ThresholdSignatureScheme.TWO_OF_TWO,\n });\n\n return waasWallet;\n };\n\n const delegateKeyShares: WaasProvider['delegateKeyShares'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.delegateKeyShares({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n const exportClientKeyshares: WaasProvider['exportClientKeyshares'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n await waasClient.exportClientKeyshares({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n const exportPrivateKey: WaasProvider['exportPrivateKey'] = async ({\n displayContainer,\n walletAccount,\n password,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasExport },\n sdkClient\n );\n\n // Forward any elevated access token previously obtained via step-up\n // (e.g. requestExternalAuthElevatedToken) so the backend authorizes\n // the export under the wallet:export scope.\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletexport },\n sdkClient\n );\n\n await waasClient.exportPrivateKey({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n displayContainer,\n elevatedAccessToken,\n mfaToken,\n password,\n signedSessionId,\n });\n };\n\n const restoreUserShareForWalletAccount: WaasProvider['restoreUserShareForWalletAccount'] =\n async ({ walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n await waasClient.getWallet({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n signedSessionId,\n walletOperation: WalletOperation.SIGN_MESSAGE,\n });\n };\n\n const importPrivateKey: WaasProvider['importPrivateKey'] = async ({\n privateKey,\n thresholdSignatureScheme = ThresholdSignatureScheme.TWO_OF_TWO,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const walletClient = await getWaasClient();\n\n await walletClient.importPrivateKey({\n authToken: sdkClient.token ?? undefined,\n privateKey,\n signedSessionId,\n thresholdSignatureScheme,\n });\n };\n\n const refreshWalletAccountShares: WaasProvider['refreshWalletAccountShares'] =\n async ({ password, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const walletClient = await getWaasClient();\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasRefresh },\n sdkClient\n );\n\n return walletClient.refreshWalletAccountShares({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n mfaToken,\n password,\n signedSessionId,\n });\n };\n\n const revokeDelegation: WaasProvider['revokeDelegation'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.revokeDelegation({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n const setWaasWalletAccountPassword: WaasProvider['setWaasWalletAccountPassword'] =\n async ({ password, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n return waasClient.setPassword({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n newPassword: password,\n signedSessionId,\n });\n };\n\n const signRawMessage: WaasProvider['signRawMessage'] = async ({\n message,\n password,\n walletAccount,\n }) => {\n if (message.length !== RAW_MESSAGE_MESSAGE_REQUIRED_LENGTH) {\n throw new InvalidParamError(\n `Message must be ${RAW_MESSAGE_MESSAGE_REQUIRED_LENGTH} characters long`\n );\n }\n\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasSign },\n sdkClient\n );\n\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletsign },\n sdkClient\n );\n\n const walletClient = await getWaasClient();\n\n const signature = await walletClient.signRawMessage({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n elevatedAccessToken,\n message,\n mfaToken,\n password,\n signedSessionId,\n });\n\n return { signature };\n };\n\n const destroy: WaasProvider['destroy'] = async (args) => {\n if (!_waasClient) {\n return;\n }\n\n const waasClient = await getWaasClient();\n // When a session token expires, we preserve key shares in storage instead\n // of clearing them. Customers with short-lived sessions (minutes) were\n // hitting excessive server-side share recovery on every re-login, which\n // also forced users to re-enter their wallet password since the unlocked\n // share only lives for the duration of the session.\n //\n // This is safe because the waas-sdk separately fingerprints the user\n // (sub + environment_id) and clears all storage if a different user logs\n // in. On explicit user-initiated logout, shares are always cleared for\n // security.\n if (args?.reason !== 'token-expired') {\n await waasClient.cleanup();\n }\n _waasClient = undefined;\n };\n\n const updatePassword: WaasProvider['updatePassword'] = async ({\n walletAccount,\n currentPassword,\n newPassword,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.updatePassword({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n existingPassword: currentPassword,\n newPassword,\n signedSessionId,\n });\n };\n\n const signMessage: WaasProvider['signMessage'] = async ({\n message,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasSign },\n sdkClient\n );\n\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletsign },\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n const signature = await waasClient.signMessage({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n elevatedAccessToken,\n message,\n mfaToken,\n signedSessionId,\n });\n\n return { signature };\n };\n\n const signSerializedTransaction: WaasProvider['signSerializedTransaction'] =\n async ({ chainId, serializedTransaction, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasSign },\n sdkClient\n );\n\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletsign },\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n const signature = await waasClient.signTransaction({\n authToken: sdkClient.token ?? undefined,\n chainId,\n elevatedAccessToken,\n mfaToken,\n senderAddress: walletAccount.address,\n signedSessionId,\n transaction: serializedTransaction,\n });\n\n return { signature };\n };\n\n const getWalletRecoveryState: WaasProvider['getWalletRecoveryState'] =\n async ({ walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n return waasClient.getWalletRecoveryState({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n signedSessionId,\n });\n };\n\n const unlockWallet: WaasProvider['unlockWallet'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.unlockWallet({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n return {\n backupKeySharesToGoogleDrive,\n createWalletAccount,\n delegateKeyShares,\n destroy,\n exportClientKeyshares,\n exportPrivateKey,\n getWaasClient,\n getWalletRecoveryState,\n importPrivateKey,\n refreshWalletAccountShares,\n restoreUserShareForWalletAccount,\n revokeDelegation,\n setWaasWalletAccountPassword,\n signMessage,\n signRawMessage,\n signSerializedTransaction,\n unlockWallet,\n updatePassword,\n };\n};\n","import { WalletProviderEnum } from '@dynamic-labs/sdk-api-core';\n\nimport type { DynamicClient } from '../../../client/types';\nimport { getChainFromVerifiedCredentialChain } from '../../../utils/getChainFromVerifiedCredentialChain';\nimport type { Chain } from '../../chain';\nimport { DYNAMIC_WAAS_METADATA } from '../constants';\n\ntype GetAllUserWaasAddressesForChainParams = {\n chain: Chain;\n};\n\n/** @not-instrumented */\nexport const getAllUserWaasAddressesForChain = (\n { chain }: GetAllUserWaasAddressesForChainParams,\n client: DynamicClient\n): string[] => {\n if (!client.user) {\n return [];\n }\n\n const waasWalletCredentials =\n client.user.verifiedCredentials.filter(\n (credential) =>\n credential.walletProvider === WalletProviderEnum.EmbeddedWallet &&\n credential.walletName\n ?.toLowerCase()\n .startsWith(DYNAMIC_WAAS_METADATA.normalizedWalletName) &&\n credential.address &&\n credential.chain &&\n getChainFromVerifiedCredentialChain(credential.chain) === chain\n ) ?? [];\n\n const waasAddresses: string[] = waasWalletCredentials.map(\n // casting because we're already filtering out credentials without an address\n (credential) => credential.address as string\n );\n\n return waasAddresses;\n};\n","import { assertPackageVersion } from '@dynamic-labs-sdk/assert-package-version';\n\nimport {\n name as packageName,\n version as packageVersion,\n} from '../../package.json';\nassertPackageVersion(packageName, packageVersion);\n\nexport type {\n BitcoinNetwork,\n DynamicWalletClient,\n ThresholdSignatureScheme\n} from '@dynamic-labs-wallet/browser-wallet-client';\nexport { DYNAMIC_WAAS_METADATA } from '../modules/waas/constants';\nexport { createWaasClient } from '../modules/waas/createWaasClient';\nexport { createWaasProvider } from '../modules/waas/createWaasProvider';\nexport { getAllUserWaasAddressesForChain } from '../modules/waas/getAllUserWaasAddressesForChain';\nexport { getWaasChainNameFromChain } from '../modules/waas/getWaasChainNameFromChain';\nexport type {\n WaasProvider,\n WaasWalletProvider\n} from '../modules/waas/waas.types';\n\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAgBA,IAAa,yBAAb,cAA4C,UAAU;CACpD,YAAY,EAAE,QAAQ,SAAuC,EAAE,EAAE;AAC/D,QAAM;GACJ;GACA,MAAM;GACN,SACE;GACF,SAAS;GACT,MAAM;GACN,cAAc;GACf,CAAC;;;;;;ACaN,mCAAe,oBAAoB,IAAU,uBAAuB;;;;;;;;;;ACJpE,IAAa,yBAAb,cAA4C,UAAU;CACpD,AAAS;CACT,AAAS;CACT,AAAS;CAET,YAAY,EACV,QACA,cACA,QAAQ,MACR,YACA,mBAC+B;AAC/B,QAAM;GACJ;GACA,MAAM;GACN,SAAS;GACT,SAAS;GACT,MAAM;GACN;GACD,CAAC;AACF,OAAK,SAAS;AACd,OAAK,aAAa;AAClB,OAAK,kBAAkB;;;;;;ACjD3B,MAAMA,wBAAkE;CACtE,mBAAmB;CACnB,oCAAoC;CACpC,oBAAoB;CACpB,uBAAuB;CACvB,qBAAqB;CACrB,2BAA2B;CAC3B,sBAAsB;CACtB,qBAAqB;CACtB;;;;;;;;;;;;;;;;AA6BD,MAAa,4BACX,QAC2B;CAC3B,MAAM,YAAa,OAAO,EAAE;CAM5B,MAAM,yBACJ,SAEA,QAAQ,UAAa,QAAQ;CAE/B,MAAMC,SAAmC,sBAAsB,UAAU,KAAK,GAC1E,sBAAsB,UAAU,QAChC;AACJ,QAAO,IAAI,uBAAuB;EAChC,OAAO,eAAe,QAAQ,MAAM;EACpC;EACA,cACE,UAAU,WAAW,+BAA+B,OAAO;EAC7D,YAAY,UAAU,UAAU;EAChC,iBAAiB,UAAU,UAAU;EACtC,CAAC;;;;;AC/DJ,MAAM,qBAAqB;AAC3B,MAAM,qBAAqB;AAO3B,MAAM,2BACJ,GAAG,KAAK,KAAK,CAAC,SAAS,GAAG,CAAC,GAAG,OAAO,YAAY;;;;;;;;;AAUnD,MAAa,+BAAiD;AAC5D,KAAI,CAACC,6BACH,OAAM,IAAI,2BAA2B,EAAE,YAAY,oBAAoB,CAAC;CAG1E,MAAM,eAAeA;CACrB,MAAM,aAAa,oBAAoB;CAKvC,MAAM,UAAU,IAAI,mBAClB,aAGD;CAOD,MAAMC,kBAAkD,EAAE;CAC1D,MAAMC,gBAAiD,EAAE;CACzD,IAAIC,eAA8C;CAClD,IAAI,YAAY;CAEhB,MAAM,aAAa,QAAuB;AACxC,MAAI,UAAW;EACf,MAAM,aAAa,yBAAyB,IAAI;AAKhD,MAAI,WAAW,WAAW,YAAa;AACvC,OAAK,MAAM,WAAW,cACpB,SAAQ,WAAW;;AAIvB,QAAO;EACL,UAAU;AACR,OAAI,UAAW;AACf,eAAY;AAEZ,iBAAc,QAAQ;AACtB,kBAAe;AACf,mBAAgB,SAAS;AACzB,iBAAc,SAAS;AACvB,gBAAa,MAAM,WAAW;;EAGhC,eAAe,CAAC;EAIhB,QAAQ,SAAmC;AACzC,iBAAc,KAAK,QAAQ;AAC3B,gBAAa;IACX,MAAM,QAAQ,cAAc,QAAQ,QAAQ;AAC5C,QAAI,UAAU,GAAI,eAAc,OAAO,OAAO,EAAE;;;EAMpD,UAAU,SAAkC;AAC1C,mBAAgB,KAAK,QAAQ;AAE7B,oBAAiB,QAAQ,YACvB,qBACC,YAAgC;AAC/B,QAAI,QAAQ,eAAe,WAAY;AAEvC,SAAK,MAAM,MAAM,gBACf,IAAG,QAAQ,KAAK;KAGrB;AAID,gBAAa;IACX,MAAM,QAAQ,gBAAgB,QAAQ,QAAQ;AAC9C,QAAI,UAAU,GAAI,iBAAgB,OAAO,OAAO,EAAE;AAClD,QAAI,gBAAgB,WAAW,GAAG;AAChC,mBAAc,QAAQ;AACtB,oBAAe;;;;EAKrB,YAAY,MAA+B;AACzC,gBAAa,YAAY,YAAY,KAAK;;EAkB5C,MAAM,OAAO,KAAa;AACxB,gBAAa,KAAK,YAAY,IAAI,CAAC,MAAM,UAAU;;EAEtD;;;;;;;;;;;;;;;;;AC3GH,MAAM,6BAA6B,EACjC,YAAY,WAAW,gCACxB;;AAGD,MAAaC,oBAAsC,EAAE,aAAa,WAAW;CAC3E,MAAM,OAAO,QAAQ,OAAO;CAE5B,MAAM,2BAA2B,KAAK,MAAM;CAK5C,MAAM,sBAAsB,mBAC1B,GAAG,KAAK,cAAc,GAAG;AAE3B,QAAO,IAAI,oBACT;EACE,UAAW,gBAAgB,OAAO,GAAG,WAAW;EAChD,WAAW,OAAO,SAAS;EAC3B,aAAa,KAAK,cAAc,2BAA2B,QACzD,WACA,GACD;EACD,oBACE,OAAO,iBAAiB,IAAI,MAAM,YAClC;EACF;EACA,eAAe,KAAK;EACpB,YAAY,GAAG,gBAAgB,GAAG,KAAK;EACvC,GAAI,4BAA4B,SAC5B,EAAE,GACF,EAAE,0BAA0B;EACjC,EACD;EACE;EAIA,eAAe;GACb,mBAAmB,OAAO,mBAAmB;IAC3C,MAAM,SAAS,MAAM,mBAAmB,EACtC,SAAS,mBAAmB,eAAe,EAC5C,CAAC;AAEF,QAAI,CAAC,OACH,QAAO,EAAE;AAOX,QAAI;AACF,YAAO,KAAK,MAAM,OAAO,SAAS;aAC3B,OAAO;AACd,WAAM,IAAI,uBAAuB,EAC/B,OAAO,iBAAiB,QAAQ,QAAQ,MACzC,CAAC;;;GAIN,sBAAsB,OAAO,mBAAmB;AAC9C,UAAM,qBAAqB,EACzB,SAAS,mBAAmB,eAAe,EAC5C,CAAC;;GAGJ,mBAAmB,OAAO,gBAAgB,WAAW;AACnD,UAAM,mBAAmB,gBAAgB,KAAK,UAAU,OAAO,EAAE;KAC/D,GAAG;KACH,SAAS,mBAAmB,eAAe;KAC5C,CAAC;;GAEL;EACF,CACF;;;;;;ACxGH,MAAa,6BAA6B,UAAyB;AACjE,QAAO,gBAAgB,OAAO,yBAAyB;;;;;ACazD,MAAM,sCAAsC;;AAQ5C,MAAa,sBAAsB,EACjC,WACA,YAC4C;CAC5C,MAAM,SAAS,QAAQ,UAAU,CAAC;CAElC,IAAIC;CAIJ,MAAMC,gBAA+C,YAAY;AAC/D,MAAI,CAAC,aAAa;AAChB,iBAAc,iBACZ,EAAE,WAAW,0BAA0B,MAAM,EAAE,EAC/C,UACD;AACD,SAAM,YAAY,YAAY;;AAEhC,SAAO;;CAGT,MAAMC,+BACJ,OAAO,EAAE,wBAAwB,UAAU,oBAAoB;EAC7D,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;AAID,UAFmB,MAAM,eAAe,EAEtB,6BAA6B;GAC7C,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACD,CAAC;;CAGN,MAAMC,sBAA2D,OAC/D,OAAO,EAAE,KACN;AACH,SAAO,MAAM,4CAA4C;GACvD,eAAe,KAAK;GACpB,0BAA0B,KAAK;GAChC,CAAC;EAEF,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAa1E,SATmB,OAFA,MAAM,eAAe,EAEJ,oBAAoB;GACtD,WAAW,UAAU,SAAS;GAC9B,eAAe,KAAK;GACpB,UAAU,KAAK;GACf;GACA,0BACE,KAAK,4BAA4B,yBAAyB;GAC7D,CAAC;;CAKJ,MAAMC,oBAAuD,OAAO,EAClE,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,kBAAkB;GAClC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;CAGJ,MAAMC,wBAA+D,OAAO,EAC1E,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,SAFmB,MAAM,eAAe,EAEvB,sBAAsB;GACrC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;CAGJ,MAAMC,mBAAqD,OAAO,EAChE,kBACA,eACA,eACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;EAE1E,MAAM,aAAa,MAAM,eAAe;EAExC,MAAM,WAAW,MAAM,mCACrB,EAAE,WAAW,UAAU,kBAAkB,EACzC,UACD;EAKD,MAAM,sBAAsBC,iCAC1B,EAAE,OAAO,WAAW,cAAc,EAClC,UACD;AAED,QAAM,WAAW,iBAAiB;GAChC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACA;GACA;GACD,CAAC;;CAGJ,MAAMC,mCACJ,OAAO,EAAE,oBAAoB;EAC3B,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;AAID,SAFmB,MAAM,eAAe,EAEvB,UAAU;GACzB,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA,iBAAiB,gBAAgB;GAClC,CAAC;;CAGN,MAAMC,mBAAqD,OAAO,EAChE,YACA,2BAA2B,yBAAyB,iBAChD;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,SAFqB,MAAM,eAAe,EAEvB,iBAAiB;GAClC,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACD,CAAC;;CAGJ,MAAMC,6BACJ,OAAO,EAAE,UAAU,oBAAoB;EACrC,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;EAED,MAAM,eAAe,MAAM,eAAe;EAE1C,MAAM,WAAW,MAAM,mCACrB,EAAE,WAAW,UAAU,mBAAmB,EAC1C,UACD;AAED,SAAO,aAAa,2BAA2B;GAC7C,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACD,CAAC;;CAGN,MAAMC,mBAAqD,OAAO,EAChE,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,iBAAiB;GACjC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;CAGJ,MAAMC,+BACJ,OAAO,EAAE,UAAU,oBAAoB;EACrC,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;AAID,UAFmB,MAAM,eAAe,EAEtB,YAAY;GAC5B,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B,aAAa;GACb;GACD,CAAC;;CAGN,MAAMC,iBAAiD,OAAO,EAC5D,SACA,UACA,oBACI;AACJ,MAAI,QAAQ,WAAW,oCACrB,OAAM,IAAI,kBACR,mBAAmB,oCAAoC,kBACxD;EAGH,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;EAE1E,MAAM,WAAW,MAAM,mCACrB,EAAE,WAAW,UAAU,gBAAgB,EACvC,UACD;EAED,MAAM,sBAAsBN,iCAC1B,EAAE,OAAO,WAAW,YAAY,EAChC,UACD;AAcD,SAAO,EAAE,WAVS,OAFG,MAAM,eAAe,EAEL,eAAe;GAClD,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACA;GACA;GACD,CAAC,EAEkB;;CAGtB,MAAMO,UAAmC,OAAO,SAAS;AACvD,MAAI,CAAC,YACH;EAGF,MAAM,aAAa,MAAM,eAAe;AAWxC,MAAI,MAAM,WAAW,gBACnB,OAAM,WAAW,SAAS;AAE5B,gBAAc;;CAGhB,MAAMC,iBAAiD,OAAO,EAC5D,eACA,iBACA,kBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,eAAe;GAC/B,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B,kBAAkB;GAClB;GACA;GACD,CAAC;;CAGJ,MAAMC,cAA2C,OAAO,EACtD,SACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;EAE1E,MAAM,WAAW,MAAM,mCACrB,EAAE,WAAW,UAAU,gBAAgB,EACvC,UACD;EAED,MAAM,sBAAsBT,iCAC1B,EAAE,OAAO,WAAW,YAAY,EAChC,UACD;AAaD,SAAO,EAAE,WATS,OAFC,MAAM,eAAe,EAEL,YAAY;GAC7C,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACA;GACD,CAAC,EAEkB;;CAGtB,MAAMU,4BACJ,OAAO,EAAE,SAAS,uBAAuB,oBAAoB;EAC3D,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;EAED,MAAM,WAAW,MAAM,mCACrB,EAAE,WAAW,UAAU,gBAAgB,EACvC,UACD;EAED,MAAM,sBAAsBV,iCAC1B,EAAE,OAAO,WAAW,YAAY,EAChC,UACD;AAcD,SAAO,EAAE,WAVS,OAFC,MAAM,eAAe,EAEL,gBAAgB;GACjD,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACA,eAAe,cAAc;GAC7B;GACA,aAAa;GACd,CAAC,EAEkB;;CAGxB,MAAMW,yBACJ,OAAO,EAAE,oBAAoB;EAC3B,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;AAID,UAFmB,MAAM,eAAe,EAEtB,uBAAuB;GACvC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACD,CAAC;;CAGN,MAAMC,eAA6C,OAAO,EACxD,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,aAAa;GAC7B,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;AAGJ,QAAO;EACL;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACD;;;;;;ACjaH,MAAa,mCACX,EAAE,SACF,WACa;AACb,KAAI,CAAC,OAAO,KACV,QAAO,EAAE;AAoBX,SAhBE,OAAO,KAAK,oBAAoB,QAC7B,eACC,WAAW,mBAAmB,mBAAmB,kBACjD,WAAW,YACP,aAAa,CACd,WAAW,sBAAsB,qBAAqB,IACzD,WAAW,WACX,WAAW,SACX,oCAAoC,WAAW,MAAM,KAAK,MAC7D,IAAI,EAAE,EAE6C,KAEnD,eAAe,WAAW,QAC5B;;;;;AC7BH,qBAAqBC,MAAaC,QAAe"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@dynamic-labs-sdk/client",
3
- "version": "1.8.0",
3
+ "version": "1.8.1",
4
4
  "type": "module",
5
5
  "main": "./dist/index.cjs",
6
6
  "module": "./dist/index.esm.js",
@@ -49,7 +49,7 @@
49
49
  "buffer": "6.0.3",
50
50
  "eventemitter3": "5.0.1",
51
51
  "zod": "4.0.5",
52
- "@dynamic-labs-sdk/assert-package-version": "1.8.0"
52
+ "@dynamic-labs-sdk/assert-package-version": "1.8.1"
53
53
  },
54
54
  "devDependencies": {
55
55
  "@inrupt/jest-jsdom-polyfills": "4.0.5",
@@ -1 +0,0 @@
1
- {"version":3,"file":"InvalidParamError-Bc6OZBog.native.esm.js","names":["defaultClient: DynamicClient | null","result: Record<string, unknown>","getCore","baseEvent: Omit<FunctionInstrumentationEvent, 'phase' | 'timestamp'>","clientErrorMapper: ErrorMapper","errorToThrow: Error","cause: Error | null","settings: ISettings","getElevatedAccessToken","CHAINS_INFO_MAP: Record<Chain, ChainInfo>","chain"],"sources":["../package.json","../src/client/core/getCore/getCore.ts","../src/errors/base/BaseError.ts","../src/errors/ClientNotFoundError.ts","../src/client/defaultClient/defaultClient.ts","../src/utils/getNonce/constants.ts","../src/modules/apiClient/constants.ts","../src/utils/randomString/randomString.native.ts","../src/modules/auth/extractSessionId/extractSessionId.ts","../src/utils/getUserAgent/getUserAgent.ts","../src/services/instrumentation/constants.ts","../src/services/instrumentation/scrubParameters/scrubParameters.ts","../src/services/instrumentation/instrumentFunction/extractParams/extractParams.ts","../src/services/instrumentation/instrumentFunction/scrubResolvedValue/scrubResolvedValue.ts","../src/services/instrumentation/instrumentFunction/instrumentFunction.ts","../src/modules/auth/getElevatedAccessToken/getElevatedAccessToken.ts","../src/errors/ValueMustBeDefinedError.ts","../src/utils/assertDefined/assertDefined.ts","../src/modules/projectSettings/isCookieEnabled/isCookieEnabled.ts","../src/modules/sessionKeys/getSessionKeys/getSessionKeys.ts","../src/errors/APIError/APIError.ts","../src/errors/InvalidExternalAuthError.ts","../src/errors/LinkCredentialError.ts","../src/errors/MfaInvalidOtpError.ts","../src/errors/MfaRateLimitedError.ts","../src/errors/SandboxMaximumThresholdReachedError.ts","../src/modules/apiClient/utils/clientErrorMapper/clientErrorMapper.ts","../src/modules/apiClient/utils/convertToApiErrorMiddleware/convertToApiErrorMiddleware.ts","../src/utils/getNonce/getNonce.ts","../src/modules/deviceRegistration/getDeviceSigner/getDeviceSigner.ts","../src/modules/deviceRegistration/getHeadersForNonceSignedByDeviceSigners/getHeadersForNonceSignedByDeviceSigners.ts","../src/modules/apiClient/utils/deviceSignatureHeadersMiddleware/createDeviceSignatureHeadersMiddleware.ts","../src/errors/UnauthorizedError.ts","../src/modules/apiClient/utils/unauthorizedMiddleware/createUnauthorizedMiddleware.ts","../src/modules/apiClient/createApiClient.ts","../src/utils/getNonce/fetchAndStoreNonces/fetchAndStoreNonces.ts","../src/modules/wallets/constants.ts","../src/utils/getChainFromVerifiedCredentialChain/getChainFromVerifiedCredentialChain.ts","../src/constants.ts","../src/modules/waas/constants.ts","../src/errors/InvalidParamError.ts"],"sourcesContent":["","import type { DynamicClient } from '../../types';\nimport type { DynamicCore } from '../types';\n\n/** @not-instrumented */\nexport const getCore = (client: DynamicClient): DynamicCore => {\n // @ts-expect-error - this was hidden from the public API\n return client.__core;\n};\n","/* eslint-disable custom-rules/function-name-matches-filename */\nimport { version } from '../../../package.json';\n\nexport type BaseErrorParameters = {\n /** The underlying error that caused this error, if any */\n cause: Error | null;\n /** The error unique code */\n code: string;\n /** Additional detailed information about the error */\n details?: string;\n /** URL to relevant documentation for this error */\n docsUrl: string | null;\n /** Array of additional contextual messages to be displayed */\n metaMessages?: string[];\n /** Custom name for the error. Defaults to 'BaseError' if not provided */\n name: string;\n /** A brief, human-readable description of the error */\n shortMessage: string;\n};\n\nconst getDetails = ({ details, cause }: BaseErrorParameters) => {\n if (cause instanceof BaseError) {\n return cause.details;\n }\n\n if (cause?.message) {\n return cause.message;\n }\n\n return details;\n};\n\n/**\n * Formats the error message with all available information\n */\n// eslint-disable-next-line custom-rules/one-function-per-file\nconst formatMessage = ({\n shortMessage,\n details,\n docsUrl,\n metaMessages,\n}: BaseErrorParameters) => {\n return [\n '[Dynamic JS SDK]',\n shortMessage,\n '',\n ...(metaMessages ? [...metaMessages, ''] : []),\n ...(docsUrl ? [`Docs: ${docsUrl}`] : []),\n ...(details ? [`Details: ${details}`] : []),\n `Version: ${version}`,\n `Timestamp: ${new Date().toISOString()}`,\n ].join('\\n');\n};\n\n/**\n * Base error class that provides structured error handling with detailed information\n */\nexport abstract class BaseError extends Error {\n /** The error unique code */\n code: string;\n details: string | undefined;\n private readonly formattedMessage: string | undefined;\n override name = 'BaseError';\n override cause: BaseError | Error | undefined;\n\n constructor(args: BaseErrorParameters) {\n const details = getDetails(args);\n const formattedMessage = formatMessage({ ...args, details });\n super(\n args.shortMessage ?? formattedMessage,\n args.cause ? { cause: args.cause } : undefined\n );\n\n // Defined as non-enumerable so it is excluded from structural error\n // comparisons (e.g. `expect(...).toThrow(new SomeError(...))`); the\n // embedded timestamp would otherwise make every such assertion\n // time-dependent.\n Object.defineProperty(this, 'formattedMessage', {\n configurable: true,\n enumerable: false,\n value: formattedMessage,\n writable: true,\n });\n this.details = details;\n this.name = args.name ?? this.name;\n this.cause = args.cause ?? this.cause;\n this.code = args.code;\n }\n\n /**\n * Walks the cause chain of the error and returns the root error\n */\n walk(): Error | undefined {\n const cause = this.cause;\n\n if (cause instanceof BaseError) {\n return cause.walk();\n }\n\n return cause;\n }\n\n override toString() {\n return this.formattedMessage;\n }\n}\n","import { BaseError } from './base';\n\nexport class ClientNotFoundError extends BaseError {\n constructor() {\n super({\n cause: null,\n code: 'client_not_found_error',\n docsUrl: null,\n name: 'ClientNotFoundError',\n shortMessage:\n 'No Dynamic client has been created yet. Make sure you have called createDynamicClient() first.',\n });\n }\n}\n","/* eslint-disable custom-rules/function-name-matches-filename */\nimport { ClientNotFoundError } from '../../errors/ClientNotFoundError';\nimport { getCore } from '../core/getCore';\nimport type { DynamicClient } from '../types';\n\nlet defaultClient: DynamicClient | null = null;\nlet numOfInitializedClients = 0;\n\n/**\n * Returns the DynamicClient instance that was initialized with createDynamicClient.\n *\n * If more than one instance of DynamicClient was initialized, you should not use this function.\n * Instead, you should pass the client instance you stored to the function that needs it.\n * @not-instrumented\n */\nexport const getDefaultClient = (): DynamicClient => {\n if (!defaultClient) {\n throw new ClientNotFoundError();\n }\n\n if (numOfInitializedClients > 1) {\n const core = getCore(defaultClient);\n core.logger.debug(\n 'Multiple instances of DynamicClient found. If you are only using one client (recommended), make sure you are not calling ' +\n '\"createDynamicClient\" multiple times. If you are using multiple clients, make sure you are passing which client to use as ' +\n 'the last param of all Dynamic functions.'\n );\n }\n\n return defaultClient;\n};\n\n/** @not-instrumented */\n// eslint-disable-next-line custom-rules/one-function-per-file\nexport const setDefaultClient = (client: DynamicClient) => {\n defaultClient = client;\n numOfInitializedClients++;\n};\n","export const NONCE_POOL_EXPIRATION_TIME = 60000 * 60 * 24;\n\nexport const NONCE_POOL_SIZE = 5;\n","import { dependencies } from '../../../package.json';\n\nexport const DYNAMIC_API_VERSION_HEADER = 'x-dyn-api-version';\n\nexport const DYNAMIC_REQUEST_ID_HEADER = 'x-dyn-request-id';\n\nexport const DYNAMIC_SDK_VERSION_HEADER = 'x-dyn-version';\n\nexport const ELEVATED_ACCESS_TOKEN_HEADER = 'x-dyn-elevated-access-token';\n\nexport const MFA_TOKEN_HEADER = 'x-mfa-auth-token';\n\nexport const SESSION_PUBLIC_KEY_HEADER = 'x-dyn-session-public-key';\n\nexport const DYNAMIC_SDK_API_VERSION =\n dependencies['@dynamic-labs/sdk-api-core'];\n\nexport const DYNAMIC_SDK_SESSION_ID_HEADER = 'x-dyn-session-id';\n\nexport const CLIENT_SDK_NAME = 'ClientSDK';\n","const DEFAULT_CHARS =\n 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';\n\ntype RandomStringParams = {\n chars?: string;\n length: number;\n};\n\n/** @not-instrumented */\nexport const randomString = ({\n chars = DEFAULT_CHARS,\n length,\n}: RandomStringParams) => {\n /**\n * React native does not include crypto.getRandomValues, so we use Math.random instead.\n */\n let result = '';\n for (let i = 0; i < length; i++) {\n result += chars[Math.floor(Math.random() * chars.length)];\n }\n return result;\n};\n","/**\n * Extracts the session ID (`sid` claim) from a JWT token string.\n *\n * Decodes the base64url-encoded payload segment of the token and reads the\n * `sid` field. This is used to correlate instrumentation events with the\n * authenticated session, without ever forwarding the full token.\n *\n * Returns `null` when no token is present, when the token is malformed, or\n * when the payload does not contain a `sid` claim.\n * @not-instrumented\n */\n// eslint-disable-next-line custom-rules/require-single-object-param\nexport const extractSessionId = (token: string): string | null => {\n try {\n const payload = token.split('.')[1];\n const decoded = JSON.parse(atob(payload));\n\n return decoded.sid ?? null;\n } catch {\n return null;\n }\n};\n","/**\n * Returns the browser's `navigator.userAgent` string for inclusion in\n * instrumentation events.\n *\n * Falls back to an empty string in environments where `navigator` is not\n * available (e.g., Node.js SSR, service workers) so that callers never need\n * to guard against undefined.\n * @not-instrumented\n */\nexport const getUserAgent = (): string => {\n try {\n // eslint-disable-next-line no-restricted-globals\n return navigator.userAgent;\n } catch {\n return '';\n }\n};\n","/**\n * Default key-based PII scrubber list, lowercased and matched against the\n * lowercased object key.\n *\n * Two complementary mechanisms cover credential leakage:\n *\n * 1. Explicit keys listed here — matched exactly (case-insensitive). Use this\n * for keys that don't end in a generic credential suffix (e.g. `mnemonic`,\n * `seed`, `verificationCode`, `keyShare`).\n * 2. Suffix matching in {@link scrubParameters} for the credential suffixes\n * enumerated by {@link PII_KEY_SUFFIXES} — catches any field whose name\n * ends in `token` or `jwt` (e.g. `mfaToken`, `minifiedJwt`, `accessToken`,\n * `idToken`, `captchaToken`, …) without needing to enumerate them here.\n */\nexport const DEFAULT_PII_FIELDS = [\n 'password',\n 'token',\n 'secret',\n 'privateKey',\n 'privateJwk',\n 'mnemonic',\n 'seed',\n 'keyShare',\n 'keyShares',\n 'email',\n 'phone',\n 'ssn',\n 'address',\n 'authorization',\n 'verificationCode',\n 'recoveryCodes',\n 'codeVerifier',\n 'pkce',\n 'bearer',\n 'apiKey',\n];\n\n/**\n * Lowercased suffixes used by {@link scrubParameters} to match credential-like\n * keys without enumerating every variant (e.g. `mfaToken`, `accessToken`,\n * `refreshToken`, `legacyToken`, `minifiedJwt`). Only suffixes that are\n * unambiguously credentials belong here — `key` (matches `publicKey`) and\n * `code` (matches `countryCode`) are too broad and must not be added.\n */\nexport const PII_KEY_SUFFIXES = ['token', 'jwt'];\n\nexport const REDACTED_VALUE = '[REDACTED]';\n\nexport const MAX_STRING_LENGTH = 500;\n\nexport const TRUNCATED_SUFFIX = '...[truncated]';\n\n/**\n * Label prefix for binary data placeholders. The full placeholder includes the\n * byte length, e.g. `[Binary:16 bytes]`, so consumers can gauge data size\n * without the actual bytes appearing in logs.\n */\nexport const BINARY_LABEL = 'Binary';\n\n/**\n * Placeholder emitted when a circular reference is detected in the value tree.\n * Using a named constant makes it easy to search for or filter in downstream\n * log tooling.\n */\nexport const CIRCULAR_VALUE = '[Circular]';\n","import {\n BINARY_LABEL,\n CIRCULAR_VALUE,\n MAX_STRING_LENGTH,\n PII_KEY_SUFFIXES,\n REDACTED_VALUE,\n TRUNCATED_SUFFIX,\n} from '../constants';\n\ntype ScrubContext = {\n piiFieldsLower: string[];\n redactAll?: boolean;\n visited: WeakSet<object>;\n};\n\ntype KeyMatchesPiiFieldParams = {\n keyLower: string;\n piiFieldsLower: string[];\n};\n\n/**\n * Returns true when `key` should be redacted based on the configured PII\n * field list. A key matches when its lowercased form either equals one of\n * `piiFieldsLower` exactly, or ends in one of the curated credential\n * suffixes in {@link PII_KEY_SUFFIXES} (currently `token` and `jwt`). The\n * suffix check is what catches `mfaToken`, `minifiedJwt`, `accessToken`,\n * etc. without needing every variant enumerated explicitly.\n */\nconst keyMatchesPiiField = ({\n keyLower,\n piiFieldsLower,\n}: KeyMatchesPiiFieldParams): boolean => {\n if (piiFieldsLower.includes(keyLower)) {\n return true;\n }\n\n return PII_KEY_SUFFIXES.some((suffix) => keyLower.endsWith(suffix));\n};\n\ntype ScrubParametersParams = {\n piiFields: string[];\n redactAll?: boolean;\n value: Record<string, unknown>;\n};\n\ntype ScrubStringParams = {\n key: string;\n piiFieldsLower: string[];\n redactAll?: boolean;\n value: string;\n};\n\ntype ScrubArrayParams = {\n context: ScrubContext;\n value: unknown[];\n};\n\ntype ScrubObjectParams = {\n context: ScrubContext;\n value: Record<string, unknown>;\n};\n\ntype ScrubValueParams = {\n context: ScrubContext;\n key: string;\n value: unknown;\n};\n\n// eslint-disable-next-line custom-rules/one-function-per-file\nconst scrubString = ({\n key,\n piiFieldsLower,\n redactAll,\n value,\n}: ScrubStringParams): string => {\n if (keyMatchesPiiField({ keyLower: key.toLowerCase(), piiFieldsLower })) {\n return REDACTED_VALUE;\n }\n\n if (redactAll) {\n return REDACTED_VALUE;\n }\n\n if (value.length > MAX_STRING_LENGTH) {\n return value.slice(0, MAX_STRING_LENGTH) + TRUNCATED_SUFFIX;\n }\n\n return value;\n};\n\n// eslint-disable-next-line custom-rules/one-function-per-file\nconst scrubArray = ({ context, value }: ScrubArrayParams): unknown[] => {\n if (context.visited.has(value)) {\n return [CIRCULAR_VALUE];\n }\n\n context.visited.add(value);\n\n const result = value.map((item, index) =>\n scrubValue({ context, key: String(index), value: item })\n );\n\n context.visited.delete(value);\n\n return result;\n};\n\n// eslint-disable-next-line custom-rules/one-function-per-file\nconst scrubObject = ({\n context,\n value,\n}: ScrubObjectParams): Record<string, unknown> => {\n if (context.visited.has(value)) {\n return { [CIRCULAR_VALUE]: true };\n }\n\n context.visited.add(value);\n\n // Object.create(null) prevents prototype pollution when keys like '__proto__'\n // are present (e.g. from a Map converted to a plain object).\n const result = Object.create(null) as Record<string, unknown>;\n\n for (const key of Object.keys(value)) {\n result[key] = scrubValue({ context, key, value: value[key] });\n }\n\n context.visited.delete(value);\n\n return result;\n};\n\n// eslint-disable-next-line custom-rules/one-function-per-file\nconst scrubValue = ({ context, key, value }: ScrubValueParams): unknown => {\n if (value === null || value === undefined) {\n return value;\n }\n\n if (value instanceof Uint8Array) {\n return `[${BINARY_LABEL}:${value.byteLength} bytes]`;\n }\n\n if (\n keyMatchesPiiField({\n keyLower: key.toLowerCase(),\n piiFieldsLower: context.piiFieldsLower,\n })\n ) {\n return REDACTED_VALUE;\n }\n\n if (typeof value === 'string') {\n return scrubString({\n key,\n piiFieldsLower: context.piiFieldsLower,\n redactAll: context.redactAll,\n value,\n });\n }\n\n if (Array.isArray(value)) {\n return scrubArray({ context, value });\n }\n\n if (value instanceof Set) {\n if (context.visited.has(value)) {\n return [CIRCULAR_VALUE];\n }\n\n context.visited.add(value);\n const setResult = scrubArray({ context, value: [...value] });\n context.visited.delete(value);\n\n return setResult;\n }\n\n if (value instanceof Map) {\n if (context.visited.has(value)) {\n return { [CIRCULAR_VALUE]: true };\n }\n\n context.visited.add(value);\n // Object.create(null) avoids prototype pollution when Map keys include\n // '__proto__', 'constructor', or 'prototype'\n const asObject = Object.create(null) as Record<string, unknown>;\n\n for (const [k, v] of value.entries()) {\n asObject[String(k)] = v;\n }\n\n const mapResult = scrubObject({ context, value: asObject });\n context.visited.delete(value);\n\n return mapResult;\n }\n\n // WeakMap and WeakSet are not iterable and expose no `.size` or enumeration\n // methods by design — their entries are held weakly and are not accessible\n // programmatically. We emit a tagged placeholder that identifies the type so\n // the log record remains self-describing without attempting enumeration.\n if (value instanceof WeakMap) {\n return '[WeakMap]';\n }\n\n if (value instanceof WeakSet) {\n return '[WeakSet]';\n }\n\n if (value instanceof Date) {\n return value.toISOString();\n }\n\n if (value instanceof Error) {\n return `[Error: ${value.message}]`;\n }\n\n if (typeof value === 'object') {\n return scrubObject({ context, value: value as Record<string, unknown> });\n }\n\n return value;\n};\n\n/** @not-instrumented */\n// eslint-disable-next-line custom-rules/one-function-per-file\nexport const scrubParameters = ({\n piiFields,\n redactAll,\n value,\n}: ScrubParametersParams): Record<string, unknown> => {\n const context: ScrubContext = {\n piiFieldsLower: piiFields.map((field) => field.toLowerCase()),\n redactAll,\n visited: new WeakSet<object>(),\n };\n\n return scrubObject({ context, value });\n};\n","/**\n * Normalises the raw positional arguments of an instrumented function call\n * into a flat `Record<string, unknown>` suitable for structured logging.\n *\n * ## Why this is needed\n *\n * Instrumented functions are wrapped with `(...args: unknown[])`, so their\n * parameters arrive as an array. Logging a raw array loses the semantic names\n * of each argument. This function recovers a named representation:\n *\n * - **No arguments** → `{}`\n * - **Single plain-object argument** → that object is returned as-is, because\n * SDK functions follow the single-object-parameter convention, so the object\n * already carries named keys (`{ amount, to }`, etc.).\n * - **Everything else** (multiple args, a single primitive, a single array) →\n * each value is indexed as `arg0`, `arg1`, …\n *\n * ## Why arrays are NOT treated as plain objects\n *\n * `typeof [] === 'object'` and `[] !== null`, so without the `Array.isArray`\n * guard a single-array argument would be returned as-is. That would produce\n * an object with numeric string keys (`{ '0': ..., '1': ... }`), which is\n * misleading and inconsistent with how multi-arg calls are handled. Instead,\n * arrays fall through to the indexed `arg0` path.\n * @not-instrumented\n */\n// eslint-disable-next-line custom-rules/require-single-object-param\nexport const extractParams = (args: unknown[]): Record<string, unknown> => {\n if (args.length === 0) {\n return {};\n }\n\n if (\n args.length === 1 &&\n typeof args[0] === 'object' &&\n args[0] !== null &&\n !Array.isArray(args[0])\n ) {\n // Single plain-object argument: return it directly so named keys are preserved.\n return args[0] as Record<string, unknown>;\n }\n\n // Multiple args, a primitive, or an array: index each value positionally.\n const result: Record<string, unknown> = {};\n\n for (let i = 0; i < args.length; i++) {\n result[`arg${i}`] = args[i];\n }\n\n return result;\n};\n","import { scrubParameters } from '../../scrubParameters';\n\ntype ScrubResolvedValueParams = {\n piiFields: string[];\n redactAll?: boolean;\n value: unknown;\n};\n\n/**\n * Scrubs a resolved return value of any type before logging it.\n * Routes through `scrubParameters` by wrapping the value so that strings,\n * arrays, Dates, Errors, and all other types are handled identically to\n * nested object fields.\n * @not-instrumented\n */\nexport const scrubResolvedValue = ({\n piiFields,\n redactAll,\n value,\n}: ScrubResolvedValueParams): unknown =>\n scrubParameters({\n piiFields,\n redactAll,\n value: { result: value },\n }).result;\n","import type { DynamicCore } from '../../../client/core/types/DynamicCore';\nimport { extractSessionId } from '../../../modules/auth/extractSessionId/extractSessionId';\nimport { getUserAgent } from '../../../utils/getUserAgent/getUserAgent';\nimport type {\n FunctionInstrumentationEvent,\n SerializedError,\n} from '../instrumentation.types';\nimport { scrubParameters } from '../scrubParameters';\nimport { extractParams } from './extractParams/extractParams';\nimport { scrubResolvedValue } from './scrubResolvedValue/scrubResolvedValue';\n\n// Error properties (message, name, stack) are non-enumerable so JSON.stringify\n// produces {} for raw Error objects. This helper extracts them explicitly.\nconst serializeError = (error: unknown): SerializedError => {\n if (error instanceof Error) {\n return { message: error.message, name: error.name, stack: error.stack };\n }\n return { message: String(error), name: 'UnknownError' };\n};\n\ntype InstrumentFunctionParams<T extends (...args: unknown[]) => unknown> = {\n /** The original function to wrap. */\n fn: T;\n /** Human-readable name recorded in every emitted event. */\n functionName: string;\n /**\n * Returns the current `DynamicCore` instance, or `undefined` when the SDK\n * has not yet been initialised. Instrumentation is skipped when this returns\n * `undefined` or when `core.instrumentation.config.enabled` is `false`.\n */\n getCore: () => DynamicCore | undefined;\n /**\n * When `true`, every field in `parameters` and `resolvedValue` is replaced\n * with `\"[redacted]\"` regardless of `piiFields`. Use this for functions\n * whose arguments are inherently sensitive (e.g., signing, authentication).\n */\n redactAll?: boolean;\n};\n\n/**\n * Wraps a function so that each invocation emits a structured\n * `FunctionInstrumentationEvent` at three lifecycle points:\n *\n * - **started** — immediately before the function body executes, with the\n * PII-scrubbed call parameters.\n * - **resolved** — after the function (or its returned Promise) settles\n * successfully, with the PII-scrubbed return value.\n * - **rejected** — if the function throws synchronously or its returned\n * Promise rejects.\n *\n * The original return value (or thrown error) is always forwarded to the\n * caller unchanged — instrumentation is purely observational.\n *\n * ## Usage\n *\n * ```ts\n * const transfer = instrumentFunction({\n * fn: rawTransfer,\n * functionName: 'transfer',\n * getCore: () => core,\n * });\n *\n * // When called, three events are emitted automatically:\n * await transfer({ amount: 1, to: '0xabc' });\n * ```\n *\n * ## How functions are wrapped\n *\n * `instrumentFunction` is not called manually in application code. Instead,\n * the esbuild instrumentation plugin (`tools/instrumentation-plugin`) injects\n * it at build time: any exported function annotated with `@instrumented` in its\n * JSDoc is automatically wrapped by the plugin during the build step.\n * The plugin strips the original `export`, renames the function, and re-exports\n * it under the original name via `instrumentFunction(...)` — so the public API\n * is unchanged and no call sites need to be updated.\n *\n * ## Opting out\n *\n * Instrumentation is skipped entirely when:\n * - `getCore()` returns `undefined` (SDK not initialised), or\n * - `core.instrumentation.config.enabled` is `false`.\n *\n * In both cases the original function is called directly with no overhead.\n *\n * ## PII scrubbing\n *\n * All string values whose key appears in `piiFields` are replaced with\n * `\"[redacted]\"` before events are emitted. Pass `redactAll: true` to redact\n * every field, regardless of key name.\n * @not-instrumented\n */\n// eslint-disable-next-line custom-rules/one-function-per-file\nexport const instrumentFunction = <T extends (...args: unknown[]) => unknown>({\n fn,\n functionName,\n getCore,\n redactAll,\n}: InstrumentFunctionParams<T>): T => {\n const wrapped = (...args: unknown[]) => {\n const core = getCore();\n\n if (!core) {\n return fn(...args);\n }\n\n if (!core.instrumentation.config.enabled) {\n return fn(...args);\n }\n\n const instrumentation = core.instrumentation;\n const state = core.state.get();\n\n const baseEvent: Omit<FunctionInstrumentationEvent, 'phase' | 'timestamp'> =\n {\n environmentId: core.environmentId,\n functionName,\n parameters: scrubParameters({\n piiFields: instrumentation.config.piiFields,\n redactAll,\n value: extractParams(args),\n }),\n registeredExtensionKeys: Array.from(core.extensions),\n sdkSessionId: core.sdkSessionId,\n sdkVersion: core.version,\n // Function events always use 'info' — phase already conveys whether the call\n // succeeded or failed, so status is not needed to signal severity here.\n status: 'info',\n tokenSessionId: state.token ? extractSessionId(state.token) : null,\n userAgent: getUserAgent(),\n userId: state.user?.id ?? null,\n };\n\n instrumentation.logFunction({\n ...baseEvent,\n phase: 'started',\n timestamp: new Date().toISOString(),\n });\n\n try {\n const result = fn(...args);\n\n if (result instanceof Promise) {\n return result\n .then((value) => {\n instrumentation.logFunction({\n ...baseEvent,\n phase: 'resolved',\n resolvedValue: scrubResolvedValue({\n piiFields: instrumentation.config.piiFields,\n redactAll,\n value,\n }),\n timestamp: new Date().toISOString(),\n });\n\n return value;\n })\n .catch((error) => {\n instrumentation.logFunction({\n ...baseEvent,\n phase: 'rejected',\n rejectedError: serializeError(error),\n timestamp: new Date().toISOString(),\n });\n throw error;\n });\n }\n\n instrumentation.logFunction({\n ...baseEvent,\n phase: 'resolved',\n resolvedValue: scrubResolvedValue({\n piiFields: instrumentation.config.piiFields,\n redactAll,\n value: result,\n }),\n timestamp: new Date().toISOString(),\n });\n\n return result;\n } catch (error) {\n instrumentation.logFunction({\n ...baseEvent,\n phase: 'rejected',\n rejectedError: serializeError(error),\n timestamp: new Date().toISOString(),\n });\n\n throw error;\n }\n };\n\n return wrapped as T;\n};\n","import { getCore } from '../../../client/core/getCore';\nimport { getDefaultClient } from '../../../client/defaultClient';\n\ntype GetElevatedAccessTokenParams = {\n /**\n * Whether to consume single-use tokens after retrieval.\n * Set to `false` to check for token existence without side-effects.\n * @default true\n * @instrumented\n */\n consume?: boolean;\n scope: string;\n};\n\n/**\n * Gets an elevated access token by scope.\n *\n * This function retrieves an elevated access token that contains the specified scope.\n * Expired tokens are automatically filtered out.\n *\n * By default, if the token has `singleUse: true`, it will be automatically\n * consumed (removed from state) after retrieval. Pass `consume: false` to\n * check for token existence without consuming it.\n *\n * @param params - The parameters object.\n * @param params.scope - The scope to match (e.g., 'wallet:export').\n * @param params.consume - Whether to consume single-use tokens (default: true).\n * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.\n * @returns The elevated access token if found and not expired, or undefined if not found or expired.\n *\n * @example\n * ```typescript\n * // Retrieve and consume (default)\n * const token = getElevatedAccessToken({ scope: 'wallet:export' });\n *\n * // Check existence without consuming\n * const token = getElevatedAccessToken({ scope: 'credential:unlink', consume: false });\n * ```\n * @not-instrumented\n */\nexport const getElevatedAccessToken = (\n { consume = true, scope }: GetElevatedAccessTokenParams,\n client = getDefaultClient()\n): string | undefined => {\n const core = getCore(client);\n\n const now = new Date();\n const elevatedAccessTokens = core.state.get().elevatedAccessTokens || [];\n\n // Filter out expired tokens\n const validTokens = elevatedAccessTokens.filter(\n (token) => !token.expiresAt || token.expiresAt > now\n );\n\n // Remove expired tokens from state if any were found\n if (validTokens.length !== elevatedAccessTokens.length) {\n core.state.set({\n elevatedAccessTokens: validTokens,\n });\n }\n\n const token = validTokens.find((token) => token.scopes.includes(scope));\n\n if (!token) {\n return undefined;\n }\n\n // Check if token should be consumed based on singleUse property\n if (consume && token.singleUse) {\n const updatedTokens = validTokens.filter((t) => t !== token);\n core.state.set({\n elevatedAccessTokens: updatedTokens,\n });\n }\n\n return token.token;\n};\n","import { BaseError } from './base';\n\nexport class ValueMustBeDefinedError extends BaseError {\n // eslint-disable-next-line custom-rules/require-single-object-param\n constructor(message: string) {\n super({\n cause: null,\n code: 'value_must_be_defined_error',\n docsUrl: null,\n name: 'ValueMustBeDefined',\n shortMessage: message,\n });\n }\n}\n","/* eslint-disable func-style -- javascript requires this to be a function */\n\nimport { ValueMustBeDefinedError } from './../../errors/ValueMustBeDefinedError';\n\n/**\n * Asserts that a value is not null or undefined, throwing an error if it is.\n * This function acts as a type guard, narrowing the type to exclude null and undefined.\n *\n * @template T - The type of the value being checked\n * @param value - The value to check for null or undefined\n * @param message - The error message to throw if the value is null or undefined\n * @throws Throws an error with the provided message if value is null or undefined\n * @example\n * ```typescript\n * const maybeString: string | null = getValue();\n * assertDefined(maybeString, 'String value is required');\n * // maybeString is now typed as string (null is excluded)\n * ```\n */\n// eslint-disable-next-line custom-rules/require-single-object-param\nexport function assertDefined<T>(\n value: T,\n message: string\n): asserts value is Exclude<NonNullable<T>, void> {\n if (value === null || value === undefined) {\n throw new ValueMustBeDefinedError(message);\n }\n}\n","import { AuthStorageEnum } from '@dynamic-labs/sdk-api-core';\n\nimport type { DynamicClient } from '../../../client/types';\nimport { assertDefined } from '../../../utils/assertDefined';\n\n/**\n * Returns true if the client is using Dynamic cookies or a BYO JWT cookie.\n * @not-instrumented\n */\nexport const isCookieEnabled = (client: DynamicClient): boolean => {\n assertDefined(client.projectSettings, 'Project settings are not defined');\n\n const securitySettings = client.projectSettings.security;\n\n if (!securitySettings) return false;\n\n // client uses Dynamic cookies\n const dynamicCookiesEnabled = (securitySettings.auth?.storage || []).includes(\n AuthStorageEnum.Cookie\n );\n\n // BYO JWT client puts their non-Dynamic JWT in a cookie\n const byoJwtCookieEnabled = Boolean(\n securitySettings.externalAuth?.cookieName\n );\n\n // should return true for both of these scenarios\n // because we also need to do `credentials: true` in api.ts when\n // a byo jwt client sets their named cookie for their jwt and\n // needs to send it to our backend\n return dynamicCookiesEnabled || byoJwtCookieEnabled;\n};\n","import { getCore } from '../../../client/core/getCore';\nimport type { DynamicClient } from '../../../client/types';\nimport type { SessionKeys } from '../sessionKeys.types';\n\n/** @not-instrumented */\nexport const getSessionKeys = (client: DynamicClient): SessionKeys | undefined => {\n const core = getCore(client);\n\n const publicKey = core.state.get().sessionKeys;\n\n if (!publicKey) {\n return undefined;\n }\n\n return { publicKey };\n};\n","import { BaseError } from '../base';\n\nexport class APIError extends BaseError {\n status: number;\n\n // eslint-disable-next-line custom-rules/require-single-object-param\n constructor(message: string, code: string, status: number) {\n super({\n cause: null,\n code,\n docsUrl: null,\n name: 'APIError',\n shortMessage: message,\n });\n\n this.status = status;\n }\n\n static async fromResponse(response: Response) {\n try {\n const errorBody = await response.clone().json();\n\n if (\n errorBody &&\n 'error' in errorBody &&\n typeof errorBody.error === 'string'\n ) {\n const errorCode =\n 'code' in errorBody && typeof errorBody.code === 'string'\n ? errorBody.code\n : 'unknown_error';\n\n return new APIError(errorBody.error, errorCode, response.status);\n }\n\n return null;\n } catch {\n return null;\n }\n }\n}\n","import { BaseError, type BaseErrorParameters } from './base';\n\nexport class InvalidExternalAuthError extends BaseError {\n constructor({ cause }: Pick<BaseErrorParameters, 'cause'>) {\n super({\n cause,\n code: 'invalid_external_auth_error',\n docsUrl:\n 'https://www.dynamic.xyz/docs/external-auth/third-party-auth-overview',\n name: 'InvalidExternalAuthError',\n shortMessage: 'Error authenticating with external JWT',\n });\n }\n}\n","import { BaseError, type BaseErrorParameters } from './base';\n\nexport class LinkCredentialError extends BaseError {\n constructor({ cause }: Pick<BaseErrorParameters, 'cause'>) {\n super({\n cause,\n code: 'link_credential_error',\n docsUrl: null,\n name: 'LinkCredentialError',\n shortMessage:\n 'The credential you are trying to link is associated with another account and cannot be reassigned.',\n });\n }\n}\n","import { BaseError, type BaseErrorParameters } from './base';\n\nexport class MfaInvalidOtpError extends BaseError {\n constructor({ cause }: Pick<BaseErrorParameters, 'cause'>) {\n super({\n cause,\n code: 'mfa_invalid_otp_error',\n docsUrl: null,\n name: 'MfaInvalidOtpError',\n shortMessage: 'Invalid OTP',\n });\n }\n}\n","import { BaseError, type BaseErrorParameters } from './base';\n\nexport class MfaRateLimitedError extends BaseError {\n constructor({ cause }: Pick<BaseErrorParameters, 'cause'>) {\n super({\n cause,\n code: 'mfa_rate_limited_error',\n docsUrl: null,\n name: 'MfaRateLimitedError',\n shortMessage: 'Rate limited',\n });\n }\n}\n","import { BaseError, type BaseErrorParameters } from './base';\n\nexport class SandboxMaximumThresholdReachedError extends BaseError {\n constructor({ cause }: Pick<BaseErrorParameters, 'cause'>) {\n super({\n cause,\n code: 'sandbox_maximum_threshold_reached_error',\n docsUrl:\n 'https://www.dynamic.xyz/docs/developer-dashboard/sandbox-vs-live#sandbox-vs-live',\n name: 'SandboxMaximumThresholdReachedError',\n shortMessage:\n 'Your sandbox environment has reached the maximum MAU. Please use a live environment for production traffic.',\n });\n }\n}\n","import { APIError } from '../../../../errors/APIError';\nimport { InvalidExternalAuthError } from '../../../../errors/InvalidExternalAuthError';\nimport { LinkCredentialError } from '../../../../errors/LinkCredentialError';\nimport { MfaInvalidOtpError } from '../../../../errors/MfaInvalidOtpError';\nimport { MfaRateLimitedError } from '../../../../errors/MfaRateLimitedError';\nimport { SandboxMaximumThresholdReachedError } from '../../../../errors/SandboxMaximumThresholdReachedError';\nimport type { ErrorMapper } from '../../apiClient.types';\n\n/**\n * Default error mapper for the client that handles common API error codes.\n *\n * This mapper transforms specific API error codes into more specific error types:\n * - `mfa_invalid_code` → `MfaInvalidOtpError`\n * - `mfa_rate_limited` → `MfaRateLimitedError`\n *\n * @param error - The error to be mapped\n * @returns A transformed error if the error code matches a known pattern, or null if no transformation is needed\n *\n * @example\n * ```typescript\n * // This will be automatically applied to all API errors\n * const apiClient = createApiClient({}, client);\n *\n * // The clientErrorMapper will automatically convert mfa_invalid_code errors\n * // to MfaInvalidOtpError instances\n * ```\n * @not-instrumented\n */\nexport const clientErrorMapper: ErrorMapper = (error) => {\n if (error instanceof APIError) {\n if (error.code === 'mfa_invalid_code') {\n return new MfaInvalidOtpError({ cause: error });\n }\n\n if (error.code === 'mfa_rate_limited') {\n return new MfaRateLimitedError({ cause: error });\n }\n\n if (error.code === 'invalid_external_auth') {\n return new InvalidExternalAuthError({ cause: error });\n }\n\n if (error.code === 'sandbox_maximum_threshold_reached') {\n return new SandboxMaximumThresholdReachedError({ cause: error });\n }\n\n if (\n error.code === 'merge_accounts_invalid' ||\n error.code === 'reassign_wallet_error'\n ) {\n return new LinkCredentialError({ cause: error });\n }\n }\n\n return null;\n};\n","/* eslint-disable custom-rules/function-name-matches-filename */\nimport type { Middleware, ResponseContext } from '@dynamic-labs/sdk-api-core';\n\nimport { APIError } from '../../../../errors/APIError';\nimport type { ErrorMapper } from '../../apiClient.types';\n\ntype CreateConvertToApiErrorMiddlewareOptions = {\n errorMappers?: ErrorMapper[];\n};\n\n/**\n * Creates middleware that converts HTTP error responses to APIError instances\n * and optionally applies custom error mappers to transform them into specific error types.\n *\n * @param options.errorMappers - Array of error mappers to apply to API errors\n * @returns A middleware function that handles error conversion and mapping\n * @not-instrumented\n */\nexport const createConvertToApiErrorMiddleware = ({\n errorMappers = [],\n}: CreateConvertToApiErrorMiddlewareOptions): Middleware => ({\n post: async (context: ResponseContext) => {\n if (context.response.status >= 400) {\n const apiError = await APIError.fromResponse(context.response);\n\n if (apiError) {\n let errorToThrow: Error = apiError;\n\n for (const mapper of errorMappers) {\n const newError = mapper(apiError);\n\n if (newError) {\n errorToThrow = newError;\n break;\n }\n }\n\n throw errorToThrow;\n }\n }\n\n return context.response;\n },\n});\n","import { getCore } from '../../client/core/getCore';\nimport type { DynamicClient } from '../../client/types';\nimport { fetchAndStoreNonces } from './fetchAndStoreNonces/fetchAndStoreNonces';\n\n/**\n * Returns a nonce for wallet ownership verification.\n *\n * Pops the first nonce from the prefetched pool. When the pool is running low\n * (≤1 remaining after pop) a background refetch is triggered. If the pool is\n * empty, nonces are fetched on-demand before returning.\n * @not-instrumented\n */\nexport const getNonce = async (\n client: DynamicClient\n): Promise<string> => {\n const core = getCore(client);\n const pool = core.state.get().prefetchedNonces;\n\n if (pool.length > 0) {\n const [nonce, ...remaining] = pool;\n\n core.state.set({ prefetchedNonces: remaining });\n\n if (remaining.length <= 1) {\n void fetchAndStoreNonces(client);\n }\n\n return nonce;\n }\n\n await fetchAndStoreNonces(client);\n\n return getNonce(client);\n};\n","import { getCore } from '../../../client/core/getCore';\nimport type { DynamicClient } from '../../../client/types';\nimport type { DeviceSigner } from '../../../services/deviceSigner';\n\n/** @not-instrumented */\nexport const getDeviceSigner = async (\n client: DynamicClient\n): Promise<DeviceSigner> => {\n const { deviceSigner, keychain } = getCore(client);\n\n /**\n * If the device signer is available, it should handle the device signing.\n * This is used for mobile devices with secure enclave.\n */\n if (deviceSigner) {\n return deviceSigner;\n }\n\n const keyName = 'device';\n\n const existingPublicKey = await keychain.getPublicKey(keyName);\n\n if (!existingPublicKey) {\n await keychain.generateKey(keyName);\n }\n\n return {\n getPublicKey: () => keychain.getPublicKey(keyName) as Promise<string>,\n sign: (payload: string) => keychain.sign(keyName, payload),\n };\n};\n","import type { DynamicClient } from '../../../client/types';\nimport { assertDefined } from '../../../utils/assertDefined';\nimport { getNonce } from '../../../utils/getNonce';\nimport { isCookieEnabled } from '../../projectSettings/isCookieEnabled';\nimport { getDeviceSigner } from '../getDeviceSigner';\n\n/** @not-instrumented */\nexport const getHeadersForNonceSignedByDeviceSigners = async (\n client: DynamicClient\n): Promise<Record<string, string>> => {\n const { projectSettings } = client;\n\n assertDefined(projectSettings, 'Project settings not found');\n\n /**\n * For cookie based environments, the device registration is handled\n * by settings the cookie in the browser.\n * Then we dont need to provide the headers\n */\n if (isCookieEnabled(client)) {\n return {};\n }\n\n const deviceSigner = await getDeviceSigner(client);\n\n const nonce = await getNonce(client);\n\n const signedNonce = await deviceSigner.sign(nonce);\n const publicKey = await deviceSigner.getPublicKey();\n\n return {\n 'x-dynamic-device-nonce': nonce,\n 'x-dynamic-device-publickey': publicKey,\n 'x-dynamic-device-signed-nonce': signedNonce,\n };\n};\n","import type { Middleware } from '@dynamic-labs/sdk-api-core';\nimport { isDeviceNonceSignatureRequiredForUrl } from '@dynamic-labs/sdk-api-core';\n\nimport type { DynamicClient } from '../../../../client/types';\nimport { getHeadersForNonceSignedByDeviceSigners } from '../../../deviceRegistration/getHeadersForNonceSignedByDeviceSigners';\nimport { isCookieEnabled } from '../../../projectSettings/isCookieEnabled';\n\n/** @not-instrumented */\nexport const createDeviceSignatureHeadersMiddleware = (\n client: DynamicClient\n): Middleware => {\n return {\n pre: async (context) => {\n /**\n * The signed nonce is not required for cookie based environments.\n */\n if (\n isDeviceNonceSignatureRequiredForUrl(context.url) &&\n !isCookieEnabled(client)\n ) {\n const deviceSignerHeaders = await getHeadersForNonceSignedByDeviceSigners(\n client\n );\n\n return {\n init: {\n ...context.init,\n headers: {\n ...context.init.headers,\n ...deviceSignerHeaders,\n },\n },\n url: context.url,\n };\n }\n\n return;\n },\n };\n};\n","import { BaseError, type BaseErrorParameters } from './base';\n\nexport class UnauthorizedError extends BaseError {\n constructor({ cause }: Pick<BaseErrorParameters, 'cause'>) {\n super({\n cause,\n code: 'unauthorized_error',\n docsUrl: null,\n name: 'UnauthorizedError',\n shortMessage: 'Unauthorized',\n });\n }\n}\n","import type { Middleware, ResponseContext } from '@dynamic-labs/sdk-api-core';\n\nimport { UnauthorizedError } from '../../../../errors/UnauthorizedError';\n\n/** @not-instrumented */\nexport const createUnauthorizedMiddleware = (): Middleware => ({\n post: async (context: ResponseContext) => {\n if (context.response.status === 401) {\n let cause: Error | null = null;\n\n try {\n const errorBody = await context.response.clone().json();\n\n if (\n errorBody &&\n 'error' in errorBody &&\n typeof errorBody.error === 'string'\n ) {\n // eslint-disable-next-line no-restricted-syntax\n cause = new Error(errorBody.error);\n }\n } catch {\n // Response body isn't valid JSON — proceed without a cause\n }\n\n throw new UnauthorizedError({ cause });\n }\n\n return context.response;\n },\n});\n","import { Configuration, SDKApi } from '@dynamic-labs/sdk-api-core';\n\nimport { version } from '../../../package.json';\nimport { getCore } from '../../client/core/getCore';\nimport type { DynamicClient } from '../../client/types';\nimport { randomString } from '../../utils/randomString';\nimport { getElevatedAccessToken } from '../auth/getElevatedAccessToken';\nimport { isCookieEnabled } from '../projectSettings/isCookieEnabled';\nimport { getSessionKeys } from '../sessionKeys/getSessionKeys';\nimport type { CreateApiClientOptions } from './apiClient.types';\nimport {\n CLIENT_SDK_NAME,\n DYNAMIC_API_VERSION_HEADER,\n DYNAMIC_REQUEST_ID_HEADER,\n DYNAMIC_SDK_API_VERSION,\n DYNAMIC_SDK_SESSION_ID_HEADER,\n DYNAMIC_SDK_VERSION_HEADER,\n ELEVATED_ACCESS_TOKEN_HEADER,\n MFA_TOKEN_HEADER,\n SESSION_PUBLIC_KEY_HEADER,\n} from './constants';\nimport { clientErrorMapper } from './utils/clientErrorMapper';\nimport { createConvertToApiErrorMiddleware } from './utils/convertToApiErrorMiddleware/convertToApiErrorMiddleware';\nimport { createDeviceSignatureHeadersMiddleware } from './utils/deviceSignatureHeadersMiddleware';\nimport { createUnauthorizedMiddleware } from './utils/unauthorizedMiddleware/createUnauthorizedMiddleware';\n\ntype ISettings = {\n basePath: string;\n credentials?: 'include';\n headers: {\n Authorization?: string;\n 'Content-Type': string;\n [DYNAMIC_API_VERSION_HEADER]: string;\n [DYNAMIC_REQUEST_ID_HEADER]: string;\n [DYNAMIC_SDK_SESSION_ID_HEADER]: string;\n [DYNAMIC_SDK_VERSION_HEADER]: string;\n [ELEVATED_ACCESS_TOKEN_HEADER]?: string;\n [MFA_TOKEN_HEADER]?: string;\n [SESSION_PUBLIC_KEY_HEADER]?: string;\n };\n};\n\n/**\n * Returns a new instance of the SDK API client.\n *\n * This is not meant for storing, as it is very light we can create it whenever needed.\n * @not-instrumented\n */\nexport const createApiClient = (\n options: CreateApiClientOptions = {},\n client: DynamicClient\n) => {\n const core = getCore(client);\n const coreState = core.state.get();\n\n const settings: ISettings = {\n basePath: core.apiBaseUrl,\n headers: {\n 'Content-Type': 'application/json',\n [DYNAMIC_API_VERSION_HEADER]: `API/${DYNAMIC_SDK_API_VERSION}`,\n [DYNAMIC_REQUEST_ID_HEADER]: randomString({ length: 50 }),\n [DYNAMIC_SDK_SESSION_ID_HEADER]: core.sdkSessionId,\n [DYNAMIC_SDK_VERSION_HEADER]: `${CLIENT_SDK_NAME}/${version}`,\n ...core.getApiHeaders(),\n ...options.headers,\n },\n };\n\n if (core.metadata?.universalLink) {\n (settings.headers as Record<string, string>)['Origin'] =\n core.metadata.universalLink;\n }\n\n if (client.token) {\n settings.headers.Authorization = `Bearer ${client.token}`;\n }\n\n if (client.projectSettings && isCookieEnabled(client)) {\n settings.credentials = 'include';\n }\n\n if (options.includeMfaToken && coreState.mfaToken) {\n settings.headers[MFA_TOKEN_HEADER] = coreState.mfaToken;\n }\n\n if (options.elevatedAccessTokenScope) {\n const elevatedToken = getElevatedAccessToken(\n { scope: options.elevatedAccessTokenScope },\n client\n );\n if (elevatedToken) {\n settings.headers[ELEVATED_ACCESS_TOKEN_HEADER] = elevatedToken;\n }\n }\n\n const sessionPublicKey = getSessionKeys(client)?.publicKey;\n\n // This check is required to avoid overriding the session public key header\n // that is set by any of our other SDKs using the Dynamic Client SDK.\n const isSessionPublicKeyHeaderPresent =\n settings.headers[SESSION_PUBLIC_KEY_HEADER] !== undefined;\n\n if (sessionPublicKey && !isSessionPublicKeyHeaderPresent) {\n settings.headers[SESSION_PUBLIC_KEY_HEADER] = sessionPublicKey;\n }\n\n return new SDKApi(\n new Configuration({\n ...settings,\n fetchApi: core.fetch,\n middleware: [\n createDeviceSignatureHeadersMiddleware(client),\n createConvertToApiErrorMiddleware({\n errorMappers: [...(options.errorMappers || []), clientErrorMapper],\n }),\n createUnauthorizedMiddleware(),\n ],\n })\n );\n};\n","import { getCore } from '../../../client/core/getCore';\nimport type { DynamicClient } from '../../../client/types';\nimport { createApiClient } from '../../../modules/apiClient';\nimport { NONCE_POOL_EXPIRATION_TIME, NONCE_POOL_SIZE } from '../constants';\n\n/**\n * Fetches a batch of nonces from the API.\n *\n * Prefetching is critical for iOS deep link wallet providers (e.g. Phantom\n * redirect). On iOS, a network request (like fetching a nonce) between a user\n * action and a deeplink call will break the gesture chain, causing iOS to\n * silently ignore the deeplink. By prefetching nonces ahead of time,\n * `getNonce` can return synchronously from cache and the deeplink fires\n * without an interrupting network round-trip.\n *\n * New nonces are **appended** to the existing pool so that unconsumed entries\n * are not discarded by a background refetch.\n * @not-instrumented\n */\nexport const fetchAndStoreNonces = async (\n client: DynamicClient\n): Promise<void> => {\n const core = getCore(client);\n\n const { environmentId } = core;\n\n const apiClient = createApiClient({}, client);\n\n const { nonces } = await apiClient.getNonces({\n count: NONCE_POOL_SIZE,\n environmentId,\n });\n\n const existing = core.state.get().prefetchedNonces;\n\n core.state.set({\n prefetchedNonces: [...existing, ...nonces],\n prefetchedNoncesExpiration: Date.now() + NONCE_POOL_EXPIRATION_TIME,\n });\n};\n","import type { Chain } from '../chain';\n\ntype ChainInfo = {\n apiChainName: string;\n blockchainName: string;\n /**\n * Extra identifiers the wallet book may use to refer to this chain in\n * `injectedConfig[].chain` or embedded in a wallet key, in addition to\n * `apiChainName`. e.g. `bitcoin` uses apiChainName but `btc` is also\n * accepted in wallet book entries.\n */\n legacyWalletBookAliases?: string[];\n verifiedCredentialChainName: string;\n waasChainNameOverride?: string;\n};\n\nexport const CHAINS_INFO_MAP: Record<Chain, ChainInfo> = {\n ALEO: {\n apiChainName: 'aleo',\n blockchainName: 'Aleo',\n verifiedCredentialChainName: 'aleo',\n },\n ALGO: {\n apiChainName: 'algo',\n blockchainName: 'Algorand',\n verifiedCredentialChainName: 'algorand',\n },\n APTOS: {\n apiChainName: 'aptos',\n blockchainName: 'Aptos',\n verifiedCredentialChainName: 'aptos',\n },\n BTC: {\n apiChainName: 'bitcoin',\n blockchainName: 'Bitcoin',\n legacyWalletBookAliases: ['btc'],\n verifiedCredentialChainName: 'bip122',\n },\n COSMOS: {\n apiChainName: 'cosmos',\n blockchainName: 'Cosmos',\n verifiedCredentialChainName: 'cosmos',\n },\n ECLIPSE: {\n apiChainName: 'eclipse',\n blockchainName: 'Eclipse',\n verifiedCredentialChainName: 'eclipse',\n },\n EVM: {\n apiChainName: 'evm',\n // eslint-disable-next-line custom-rules/ban-ethereum-eth-terms\n blockchainName: 'Ethereum',\n verifiedCredentialChainName: 'eip155',\n },\n FLOW: {\n apiChainName: 'flow',\n blockchainName: 'Flow',\n verifiedCredentialChainName: 'flow',\n },\n MIDNIGHT: {\n apiChainName: 'midnight',\n blockchainName: 'Midnight',\n verifiedCredentialChainName: 'midnight',\n },\n SOL: {\n apiChainName: 'solana',\n blockchainName: 'Solana',\n legacyWalletBookAliases: ['sol'],\n verifiedCredentialChainName: 'solana',\n waasChainNameOverride: 'SVM',\n },\n SPARK: {\n apiChainName: 'spark',\n blockchainName: 'Spark',\n verifiedCredentialChainName: 'spark',\n },\n STARK: {\n apiChainName: 'starknet',\n blockchainName: 'Starknet',\n legacyWalletBookAliases: ['stark'],\n verifiedCredentialChainName: 'starknet',\n },\n STELLAR: {\n apiChainName: 'stellar',\n blockchainName: 'Stellar',\n verifiedCredentialChainName: 'stellar',\n },\n SUI: {\n apiChainName: 'sui',\n blockchainName: 'Sui',\n verifiedCredentialChainName: 'sui',\n },\n TEMPO: {\n apiChainName: 'tempo',\n blockchainName: 'Tempo',\n verifiedCredentialChainName: 'tempo',\n },\n TON: {\n apiChainName: 'ton',\n blockchainName: 'TON',\n verifiedCredentialChainName: 'ton',\n },\n TRON: {\n apiChainName: 'tron',\n blockchainName: 'Tron',\n verifiedCredentialChainName: 'tron',\n },\n};\n","import type { Chain } from '../../modules/chain';\nimport { CHAINS_INFO_MAP } from '../../modules/wallets/constants';\nimport { assertDefined } from '../assertDefined';\n\n/** @not-instrumented */\n// eslint-disable-next-line custom-rules/require-single-object-param\nexport const getChainFromVerifiedCredentialChain = (\n verifiedCredentialChain: string\n): Chain => {\n const chains = Object.keys(CHAINS_INFO_MAP) as Chain[];\n\n const chain = chains.find(\n (chain) =>\n CHAINS_INFO_MAP[chain].verifiedCredentialChainName ===\n verifiedCredentialChain\n );\n\n assertDefined(chain, `Unknown chain: ${verifiedCredentialChain}`);\n\n return chain;\n};\n","import { dependencies } from '../package.json';\n\nexport const SDK_API_CORE_VERSION = dependencies['@dynamic-labs/sdk-api-core'];\n\nexport const DYNAMIC_ICONIC_SPRITE_URL =\n 'https://iconic.dynamic-static-assets.com/icons/sprite.svg';\n","import { DYNAMIC_ICONIC_SPRITE_URL } from '../../constants';\n\nexport const DEFAULT_WAAS_BASE_API_URL = 'https://app.dynamicauth.com';\nexport const DEFAULT_WAAS_BASE_MPC_RELAY_API_URL =\n 'https://relay.dynamicauth.com';\n\nexport const DYNAMIC_WAAS_METADATA = {\n displayName: 'Dynamic WaaS',\n icon: `${DYNAMIC_ICONIC_SPRITE_URL}#dynamicwaas`,\n normalizedWalletName: 'dynamicwaas',\n};\n","import { BaseError } from './base';\n\nexport class InvalidParamError extends BaseError {\n // eslint-disable-next-line custom-rules/require-single-object-param\n constructor(message: string) {\n super({\n cause: null,\n code: 'invalid_param_error',\n docsUrl: null,\n name: 'InvalidParamError',\n shortMessage: message,\n });\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;ACIA,MAAa,WAAW,WAAuC;AAE7D,QAAO,OAAO;;;;;ACchB,MAAM,cAAc,EAAE,SAAS,YAAiC;AAC9D,KAAI,iBAAiB,UACnB,QAAO,MAAM;AAGf,KAAI,OAAO,QACT,QAAO,MAAM;AAGf,QAAO;;;;;AAOT,MAAM,iBAAiB,EACrB,cACA,SACA,SACA,mBACyB;AACzB,QAAO;EACL;EACA;EACA;EACA,GAAI,eAAe,CAAC,GAAG,cAAc,GAAG,GAAG,EAAE;EAC7C,GAAI,UAAU,CAAC,SAAS,UAAU,GAAG,EAAE;EACvC,GAAI,UAAU,CAAC,YAAY,UAAU,GAAG,EAAE;EAC1C,YAAY;EACZ,+BAAc,IAAI,MAAM,EAAC,aAAa;EACvC,CAAC,KAAK,KAAK;;;;;AAMd,IAAsB,YAAtB,MAAsB,kBAAkB,MAAM;;CAE5C;CACA;CACA,AAAiB;CACjB,AAAS,OAAO;CAChB,AAAS;CAET,YAAY,MAA2B;EACrC,MAAM,UAAU,WAAW,KAAK;EAChC,MAAM,mBAAmB,cAAc;GAAE,GAAG;GAAM;GAAS,CAAC;AAC5D,QACE,KAAK,gBAAgB,kBACrB,KAAK,QAAQ,EAAE,OAAO,KAAK,OAAO,GAAG,OACtC;AAMD,SAAO,eAAe,MAAM,oBAAoB;GAC9C,cAAc;GACd,YAAY;GACZ,OAAO;GACP,UAAU;GACX,CAAC;AACF,OAAK,UAAU;AACf,OAAK,OAAO,KAAK,QAAQ,KAAK;AAC9B,OAAK,QAAQ,KAAK,SAAS,KAAK;AAChC,OAAK,OAAO,KAAK;;;;;CAMnB,OAA0B;EACxB,MAAM,QAAQ,KAAK;AAEnB,MAAI,iBAAiB,UACnB,QAAO,MAAM,MAAM;AAGrB,SAAO;;CAGT,AAAS,WAAW;AAClB,SAAO,KAAK;;;;;;ACrGhB,IAAa,sBAAb,cAAyC,UAAU;CACjD,cAAc;AACZ,QAAM;GACJ,OAAO;GACP,MAAM;GACN,SAAS;GACT,MAAM;GACN,cACE;GACH,CAAC;;;;;;ACNN,IAAIA,gBAAsC;AAC1C,IAAI,0BAA0B;;;;;;;;AAS9B,MAAa,yBAAwC;AACnD,KAAI,CAAC,cACH,OAAM,IAAI,qBAAqB;AAGjC,KAAI,0BAA0B,EAE5B,CADa,QAAQ,cAAc,CAC9B,OAAO,MACV,gSAGD;AAGH,QAAO;;;AAKT,MAAa,oBAAoB,WAA0B;AACzD,iBAAgB;AAChB;;;;;ACpCF,MAAa,6BAA6B,MAAQ,KAAK;AAEvD,MAAa,kBAAkB;;;;ACA/B,MAAa,6BAA6B;AAE1C,MAAa,4BAA4B;AAEzC,MAAa,6BAA6B;AAE1C,MAAa,+BAA+B;AAE5C,MAAa,mBAAmB;AAEhC,MAAa,4BAA4B;AAEzC,MAAa,0BACX,aAAa;AAEf,MAAa,gCAAgC;AAE7C,MAAa,kBAAkB;;;;ACnB/B,MAAM,gBACJ;;AAQF,MAAa,gBAAgB,EAC3B,QAAQ,eACR,aACwB;;;;CAIxB,IAAI,SAAS;AACb,MAAK,IAAI,IAAI,GAAG,IAAI,QAAQ,IAC1B,WAAU,MAAM,KAAK,MAAM,KAAK,QAAQ,GAAG,MAAM,OAAO;AAE1D,QAAO;;;;;;;;;;;;;;;;ACRT,MAAa,oBAAoB,UAAiC;AAChE,KAAI;EACF,MAAM,UAAU,MAAM,MAAM,IAAI,CAAC;AAGjC,SAFgB,KAAK,MAAM,KAAK,QAAQ,CAAC,CAE1B,OAAO;SAChB;AACN,SAAO;;;;;;;;;;;;;;;ACVX,MAAa,qBAA6B;AACxC,KAAI;AAEF,SAAO,UAAU;SACX;AACN,SAAO;;;;;;;;;;;;;;;;;;;;ACAX,MAAa,qBAAqB;CAChC;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACD;;;;;;;;AASD,MAAa,mBAAmB,CAAC,SAAS,MAAM;AAEhD,MAAa,iBAAiB;AAE9B,MAAa,oBAAoB;AAEjC,MAAa,mBAAmB;;;;;;AAOhC,MAAa,eAAe;;;;;;AAO5B,MAAa,iBAAiB;;;;;;;;;;;;ACpC9B,MAAM,sBAAsB,EAC1B,UACA,qBACuC;AACvC,KAAI,eAAe,SAAS,SAAS,CACnC,QAAO;AAGT,QAAO,iBAAiB,MAAM,WAAW,SAAS,SAAS,OAAO,CAAC;;AAiCrE,MAAM,eAAe,EACnB,KACA,gBACA,WACA,YAC+B;AAC/B,KAAI,mBAAmB;EAAE,UAAU,IAAI,aAAa;EAAE;EAAgB,CAAC,CACrE,QAAO;AAGT,KAAI,UACF,QAAO;AAGT,KAAI,MAAM,SAAS,kBACjB,QAAO,MAAM,MAAM,GAAG,kBAAkB,GAAG;AAG7C,QAAO;;AAIT,MAAM,cAAc,EAAE,SAAS,YAAyC;AACtE,KAAI,QAAQ,QAAQ,IAAI,MAAM,CAC5B,QAAO,CAAC,eAAe;AAGzB,SAAQ,QAAQ,IAAI,MAAM;CAE1B,MAAM,SAAS,MAAM,KAAK,MAAM,UAC9B,WAAW;EAAE;EAAS,KAAK,OAAO,MAAM;EAAE,OAAO;EAAM,CAAC,CACzD;AAED,SAAQ,QAAQ,OAAO,MAAM;AAE7B,QAAO;;AAIT,MAAM,eAAe,EACnB,SACA,YACgD;AAChD,KAAI,QAAQ,QAAQ,IAAI,MAAM,CAC5B,QAAO,GAAG,iBAAiB,MAAM;AAGnC,SAAQ,QAAQ,IAAI,MAAM;CAI1B,MAAM,SAAS,OAAO,OAAO,KAAK;AAElC,MAAK,MAAM,OAAO,OAAO,KAAK,MAAM,CAClC,QAAO,OAAO,WAAW;EAAE;EAAS;EAAK,OAAO,MAAM;EAAM,CAAC;AAG/D,SAAQ,QAAQ,OAAO,MAAM;AAE7B,QAAO;;AAIT,MAAM,cAAc,EAAE,SAAS,KAAK,YAAuC;AACzE,KAAI,UAAU,QAAQ,UAAU,OAC9B,QAAO;AAGT,KAAI,iBAAiB,WACnB,QAAO,IAAI,aAAa,GAAG,MAAM,WAAW;AAG9C,KACE,mBAAmB;EACjB,UAAU,IAAI,aAAa;EAC3B,gBAAgB,QAAQ;EACzB,CAAC,CAEF,QAAO;AAGT,KAAI,OAAO,UAAU,SACnB,QAAO,YAAY;EACjB;EACA,gBAAgB,QAAQ;EACxB,WAAW,QAAQ;EACnB;EACD,CAAC;AAGJ,KAAI,MAAM,QAAQ,MAAM,CACtB,QAAO,WAAW;EAAE;EAAS;EAAO,CAAC;AAGvC,KAAI,iBAAiB,KAAK;AACxB,MAAI,QAAQ,QAAQ,IAAI,MAAM,CAC5B,QAAO,CAAC,eAAe;AAGzB,UAAQ,QAAQ,IAAI,MAAM;EAC1B,MAAM,YAAY,WAAW;GAAE;GAAS,OAAO,CAAC,GAAG,MAAM;GAAE,CAAC;AAC5D,UAAQ,QAAQ,OAAO,MAAM;AAE7B,SAAO;;AAGT,KAAI,iBAAiB,KAAK;AACxB,MAAI,QAAQ,QAAQ,IAAI,MAAM,CAC5B,QAAO,GAAG,iBAAiB,MAAM;AAGnC,UAAQ,QAAQ,IAAI,MAAM;EAG1B,MAAM,WAAW,OAAO,OAAO,KAAK;AAEpC,OAAK,MAAM,CAAC,GAAG,MAAM,MAAM,SAAS,CAClC,UAAS,OAAO,EAAE,IAAI;EAGxB,MAAM,YAAY,YAAY;GAAE;GAAS,OAAO;GAAU,CAAC;AAC3D,UAAQ,QAAQ,OAAO,MAAM;AAE7B,SAAO;;AAOT,KAAI,iBAAiB,QACnB,QAAO;AAGT,KAAI,iBAAiB,QACnB,QAAO;AAGT,KAAI,iBAAiB,KACnB,QAAO,MAAM,aAAa;AAG5B,KAAI,iBAAiB,MACnB,QAAO,WAAW,MAAM,QAAQ;AAGlC,KAAI,OAAO,UAAU,SACnB,QAAO,YAAY;EAAE;EAAgB;EAAkC,CAAC;AAG1E,QAAO;;;AAKT,MAAa,mBAAmB,EAC9B,WACA,WACA,YACoD;AAOpD,QAAO,YAAY;EAAE,SANS;GAC5B,gBAAgB,UAAU,KAAK,UAAU,MAAM,aAAa,CAAC;GAC7D;GACA,yBAAS,IAAI,SAAiB;GAC/B;EAE6B;EAAO,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AChNxC,MAAa,iBAAiB,SAA6C;AACzE,KAAI,KAAK,WAAW,EAClB,QAAO,EAAE;AAGX,KACE,KAAK,WAAW,KAChB,OAAO,KAAK,OAAO,YACnB,KAAK,OAAO,QACZ,CAAC,MAAM,QAAQ,KAAK,GAAG,CAGvB,QAAO,KAAK;CAId,MAAMC,SAAkC,EAAE;AAE1C,MAAK,IAAI,IAAI,GAAG,IAAI,KAAK,QAAQ,IAC/B,QAAO,MAAM,OAAO,KAAK;AAG3B,QAAO;;;;;;;;;;;;AClCT,MAAa,sBAAsB,EACjC,WACA,WACA,YAEA,gBAAgB;CACd;CACA;CACA,OAAO,EAAE,QAAQ,OAAO;CACzB,CAAC,CAAC;;;;ACXL,MAAM,kBAAkB,UAAoC;AAC1D,KAAI,iBAAiB,MACnB,QAAO;EAAE,SAAS,MAAM;EAAS,MAAM,MAAM;EAAM,OAAO,MAAM;EAAO;AAEzE,QAAO;EAAE,SAAS,OAAO,MAAM;EAAE,MAAM;EAAgB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA2EzD,MAAa,sBAAiE,EAC5E,IACA,cACA,oBACA,gBACoC;CACpC,MAAM,WAAW,GAAG,SAAoB;EACtC,MAAM,OAAOC,WAAS;AAEtB,MAAI,CAAC,KACH,QAAO,GAAG,GAAG,KAAK;AAGpB,MAAI,CAAC,KAAK,gBAAgB,OAAO,QAC/B,QAAO,GAAG,GAAG,KAAK;EAGpB,MAAM,kBAAkB,KAAK;EAC7B,MAAM,QAAQ,KAAK,MAAM,KAAK;EAE9B,MAAMC,YACJ;GACE,eAAe,KAAK;GACpB;GACA,YAAY,gBAAgB;IAC1B,WAAW,gBAAgB,OAAO;IAClC;IACA,OAAO,cAAc,KAAK;IAC3B,CAAC;GACF,yBAAyB,MAAM,KAAK,KAAK,WAAW;GACpD,cAAc,KAAK;GACnB,YAAY,KAAK;GAGjB,QAAQ;GACR,gBAAgB,MAAM,QAAQ,iBAAiB,MAAM,MAAM,GAAG;GAC9D,WAAW,cAAc;GACzB,QAAQ,MAAM,MAAM,MAAM;GAC3B;AAEH,kBAAgB,YAAY;GAC1B,GAAG;GACH,OAAO;GACP,4BAAW,IAAI,MAAM,EAAC,aAAa;GACpC,CAAC;AAEF,MAAI;GACF,MAAM,SAAS,GAAG,GAAG,KAAK;AAE1B,OAAI,kBAAkB,QACpB,QAAO,OACJ,MAAM,UAAU;AACf,oBAAgB,YAAY;KAC1B,GAAG;KACH,OAAO;KACP,eAAe,mBAAmB;MAChC,WAAW,gBAAgB,OAAO;MAClC;MACA;MACD,CAAC;KACF,4BAAW,IAAI,MAAM,EAAC,aAAa;KACpC,CAAC;AAEF,WAAO;KACP,CACD,OAAO,UAAU;AAChB,oBAAgB,YAAY;KAC1B,GAAG;KACH,OAAO;KACP,eAAe,eAAe,MAAM;KACpC,4BAAW,IAAI,MAAM,EAAC,aAAa;KACpC,CAAC;AACF,UAAM;KACN;AAGN,mBAAgB,YAAY;IAC1B,GAAG;IACH,OAAO;IACP,eAAe,mBAAmB;KAChC,WAAW,gBAAgB,OAAO;KAClC;KACA,OAAO;KACR,CAAC;IACF,4BAAW,IAAI,MAAM,EAAC,aAAa;IACpC,CAAC;AAEF,UAAO;WACA,OAAO;AACd,mBAAgB,YAAY;IAC1B,GAAG;IACH,OAAO;IACP,eAAe,eAAe,MAAM;IACpC,4BAAW,IAAI,MAAM,EAAC,aAAa;IACpC,CAAC;AAEF,SAAM;;;AAIV,QAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACrJT,MAAG,0BACD,EAAA,UAAY,MAAC,yCAES;CACtB,MAAM,OAAA,QAAA,OAAsB;CAE5B,MAAG,sBAAO,IAAI,MAAQ;CACtB,MAAM,uBAAc,KAAA,MAAoB,KAAC,CAAA,wBAAM,EAAA;kDAI5C,YAAO,CAAA,QAAQ,aAAY,QAAS,YAAS,IAChD;AAGA,KAAI,YAAA,WAAA,qBAAA,OACJ,MAAA,MAAA,IAAA,qCAEA,CAAA;CAGA,MAAE,QAAO,YAAS,MAAA,YAAA,QAAA,OAAA,SAAA,MAAA,CAAA;YAGhB;AAIF,KAAI,WAAA,MAAA,WAAsB;EACxB,MAAE,gBAAA,YAAA,QAAA,MAAA,MAAA,MAAA;AACJ,OAAA,MAAA,IAAA,uCAEA,CAAA;;;;;;;;;;;;;;;;;;;ACzEF,IAAa,0BAAb,cAA6C,UAAU;CAErD,YAAY,SAAiB;AAC3B,QAAM;GACJ,OAAO;GACP,MAAM;GACN,SAAS;GACT,MAAM;GACN,cAAc;GACf,CAAC;;;;;;;;;;;;;;;;;;;;;ACSN,SAAgB,cACd,OACA,SACgD;AAChD,KAAI,UAAU,QAAQ,UAAU,OAC9B,OAAM,IAAI,wBAAwB,QAAQ;;;;;;;;;AChB9C,MAAa,mBAAmB,WAAmC;AACjE,eAAc,OAAO,iBAAiB,mCAAmC;CAEzE,MAAM,mBAAmB,OAAO,gBAAgB;AAEhD,KAAI,CAAC,iBAAkB,QAAO;CAG9B,MAAM,yBAAyB,iBAAiB,MAAM,WAAW,EAAE,EAAE,SACnE,gBAAgB,OACjB;CAGD,MAAM,sBAAsB,QAC1B,iBAAiB,cAAc,WAChC;AAMD,QAAO,yBAAyB;;;;;;ACzBlC,MAAa,kBAAkB,WAAmD;CAGhF,MAAM,YAFO,QAAQ,OAAO,CAEL,MAAM,KAAK,CAAC;AAEnC,KAAI,CAAC,UACH;AAGF,QAAO,EAAE,WAAW;;;;;ACZtB,IAAa,WAAb,MAAa,iBAAiB,UAAU;CACtC;CAGA,YAAY,SAAiB,MAAc,QAAgB;AACzD,QAAM;GACJ,OAAO;GACP;GACA,SAAS;GACT,MAAM;GACN,cAAc;GACf,CAAC;AAEF,OAAK,SAAS;;CAGhB,aAAa,aAAa,UAAoB;AAC5C,MAAI;GACF,MAAM,YAAY,MAAM,SAAS,OAAO,CAAC,MAAM;AAE/C,OACE,aACA,WAAW,aACX,OAAO,UAAU,UAAU,UAC3B;IACA,MAAM,YACJ,UAAU,aAAa,OAAO,UAAU,SAAS,WAC7C,UAAU,OACV;AAEN,WAAO,IAAI,SAAS,UAAU,OAAO,WAAW,SAAS,OAAO;;AAGlE,UAAO;UACD;AACN,UAAO;;;;;;;ACnCb,IAAa,2BAAb,cAA8C,UAAU;CACtD,YAAY,EAAE,SAA6C;AACzD,QAAM;GACJ;GACA,MAAM;GACN,SACE;GACF,MAAM;GACN,cAAc;GACf,CAAC;;;;;;ACTN,IAAa,sBAAb,cAAyC,UAAU;CACjD,YAAY,EAAE,SAA6C;AACzD,QAAM;GACJ;GACA,MAAM;GACN,SAAS;GACT,MAAM;GACN,cACE;GACH,CAAC;;;;;;ACTN,IAAa,qBAAb,cAAwC,UAAU;CAChD,YAAY,EAAE,SAA6C;AACzD,QAAM;GACJ;GACA,MAAM;GACN,SAAS;GACT,MAAM;GACN,cAAc;GACf,CAAC;;;;;;ACRN,IAAa,sBAAb,cAAyC,UAAU;CACjD,YAAY,EAAE,SAA6C;AACzD,QAAM;GACJ;GACA,MAAM;GACN,SAAS;GACT,MAAM;GACN,cAAc;GACf,CAAC;;;;;;ACRN,IAAa,sCAAb,cAAyD,UAAU;CACjE,YAAY,EAAE,SAA6C;AACzD,QAAM;GACJ;GACA,MAAM;GACN,SACE;GACF,MAAM;GACN,cACE;GACH,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;ACgBN,MAAaC,qBAAkC,UAAU;AACvD,KAAI,iBAAiB,UAAU;AAC7B,MAAI,MAAM,SAAS,mBACjB,QAAO,IAAI,mBAAmB,EAAE,OAAO,OAAO,CAAC;AAGjD,MAAI,MAAM,SAAS,mBACjB,QAAO,IAAI,oBAAoB,EAAE,OAAO,OAAO,CAAC;AAGlD,MAAI,MAAM,SAAS,wBACjB,QAAO,IAAI,yBAAyB,EAAE,OAAO,OAAO,CAAC;AAGvD,MAAI,MAAM,SAAS,oCACjB,QAAO,IAAI,oCAAoC,EAAE,OAAO,OAAO,CAAC;AAGlE,MACE,MAAM,SAAS,4BACf,MAAM,SAAS,wBAEf,QAAO,IAAI,oBAAoB,EAAE,OAAO,OAAO,CAAC;;AAIpD,QAAO;;;;;;;;;;;;;ACpCT,MAAa,qCAAqC,EAChD,eAAe,EAAE,QAC0C,EAC3D,MAAM,OAAO,YAA6B;AACxC,KAAI,QAAQ,SAAS,UAAU,KAAK;EAClC,MAAM,WAAW,MAAM,SAAS,aAAa,QAAQ,SAAS;AAE9D,MAAI,UAAU;GACZ,IAAIC,eAAsB;AAE1B,QAAK,MAAM,UAAU,cAAc;IACjC,MAAM,WAAW,OAAO,SAAS;AAEjC,QAAI,UAAU;AACZ,oBAAe;AACf;;;AAIJ,SAAM;;;AAIV,QAAO,QAAQ;GAElB;;;;;;;;;;;;AC/BD,MAAa,WAAW,OACtB,WACoB;CACpB,MAAM,OAAO,QAAQ,OAAO;CAC5B,MAAM,OAAO,KAAK,MAAM,KAAK,CAAC;AAE9B,KAAI,KAAK,SAAS,GAAG;EACnB,MAAM,CAAC,OAAO,GAAG,aAAa;AAE9B,OAAK,MAAM,IAAI,EAAE,kBAAkB,WAAW,CAAC;AAE/C,MAAI,UAAU,UAAU,EACtB,CAAK,oBAAoB,OAAO;AAGlC,SAAO;;AAGT,OAAM,oBAAoB,OAAO;AAEjC,QAAO,SAAS,OAAO;;;;;;AC3BzB,MAAa,kBAAkB,OAC7B,WAC0B;CAC1B,MAAM,EAAE,cAAc,aAAa,QAAQ,OAAO;;;;;AAMlD,KAAI,aACF,QAAO;CAGT,MAAM,UAAU;AAIhB,KAAI,CAFsB,MAAM,SAAS,aAAa,QAAQ,CAG5D,OAAM,SAAS,YAAY,QAAQ;AAGrC,QAAO;EACL,oBAAoB,SAAS,aAAa,QAAQ;EAClD,OAAO,YAAoB,SAAS,KAAK,SAAS,QAAQ;EAC3D;;;;;;ACtBH,MAAa,0CAA0C,OACrD,WACoC;CACpC,MAAM,EAAE,oBAAoB;AAE5B,eAAc,iBAAiB,6BAA6B;;;;;;AAO5D,KAAI,gBAAgB,OAAO,CACzB,QAAO,EAAE;CAGX,MAAM,eAAe,MAAM,gBAAgB,OAAO;CAElD,MAAM,QAAQ,MAAM,SAAS,OAAO;CAEpC,MAAM,cAAc,MAAM,aAAa,KAAK,MAAM;CAClD,MAAM,YAAY,MAAM,aAAa,cAAc;AAEnD,QAAO;EACL,0BAA0B;EAC1B,8BAA8B;EAC9B,iCAAiC;EAClC;;;;;;AC1BH,MAAa,0CACX,WACe;AACf,QAAO,EACL,KAAK,OAAO,YAAY;;;;AAItB,MACE,qCAAqC,QAAQ,IAAI,IACjD,CAAC,gBAAgB,OAAO,EACxB;GACA,MAAM,sBAAsB,MAAM,wCAChC,OACD;AAED,UAAO;IACL,MAAM;KACJ,GAAG,QAAQ;KACX,SAAS;MACP,GAAG,QAAQ,KAAK;MAChB,GAAG;MACJ;KACF;IACD,KAAK,QAAQ;IACd;;IAKN;;;;;ACpCH,IAAa,oBAAb,cAAuC,UAAU;CAC/C,YAAY,EAAE,SAA6C;AACzD,QAAM;GACJ;GACA,MAAM;GACN,SAAS;GACT,MAAM;GACN,cAAc;GACf,CAAC;;;;;;;ACLN,MAAa,sCAAkD,EAC7D,MAAM,OAAO,YAA6B;AACxC,KAAI,QAAQ,SAAS,WAAW,KAAK;EACnC,IAAIC,QAAsB;AAE1B,MAAI;GACF,MAAM,YAAY,MAAM,QAAQ,SAAS,OAAO,CAAC,MAAM;AAEvD,OACE,aACA,WAAW,aACX,OAAO,UAAU,UAAU,SAG3B,SAAQ,IAAI,MAAM,UAAU,MAAM;UAE9B;AAIR,QAAM,IAAI,kBAAkB,EAAE,OAAO,CAAC;;AAGxC,QAAO,QAAQ;GAElB;;;;;;;;;;ACkBD,MAAa,mBACX,UAAkC,EAAE,EACpC,WACG;CACH,MAAM,OAAO,QAAQ,OAAO;CAC5B,MAAM,YAAY,KAAK,MAAM,KAAK;CAElC,MAAMC,WAAsB;EAC1B,UAAU,KAAK;EACf,SAAS;GACP,gBAAgB;IACf,6BAA6B,OAAO;IACpC,4BAA4B,aAAa,EAAE,QAAQ,IAAI,CAAC;IACxD,gCAAgC,KAAK;IACrC,6BAA6B,GAAG,gBAAgB,GAAG;GACpD,GAAG,KAAK,eAAe;GACvB,GAAG,QAAQ;GACZ;EACF;AAED,KAAI,KAAK,UAAU,cACjB,CAAC,SAAS,QAAmC,YAC3C,KAAK,SAAS;AAGlB,KAAI,OAAO,MACT,UAAS,QAAQ,gBAAgB,UAAU,OAAO;AAGpD,KAAI,OAAO,mBAAmB,gBAAgB,OAAO,CACnD,UAAS,cAAc;AAGzB,KAAI,QAAQ,mBAAmB,UAAU,SACvC,UAAS,QAAQ,oBAAoB,UAAU;AAGjD,KAAI,QAAQ,0BAA0B;EACpC,MAAM,gBAAgBC,iCACpB,EAAE,OAAO,QAAQ,0BAA0B,EAC3C,OACD;AACD,MAAI,cACF,UAAS,QAAQ,gCAAgC;;CAIrD,MAAM,mBAAmB,eAAe,OAAO,EAAE;CAIjD,MAAM,kCACJ,SAAS,QAAQ,+BAA+B;AAElD,KAAI,oBAAoB,CAAC,gCACvB,UAAS,QAAQ,6BAA6B;AAGhD,QAAO,IAAI,OACT,IAAI,cAAc;EAChB,GAAG;EACH,UAAU,KAAK;EACf,YAAY;GACV,uCAAuC,OAAO;GAC9C,kCAAkC,EAChC,cAAc,CAAC,GAAI,QAAQ,gBAAgB,EAAE,EAAG,kBAAkB,EACnE,CAAC;GACF,8BAA8B;GAC/B;EACF,CAAC,CACH;;;;;;;;;;;;;;;;;;;ACnGH,MAAa,sBAAsB,OACjC,WACkB;CAClB,MAAM,OAAO,QAAQ,OAAO;CAE5B,MAAM,EAAE,kBAAkB;CAI1B,MAAM,EAAE,WAAW,MAFD,gBAAgB,EAAE,EAAE,OAAO,CAEV,UAAU;EAC3C,OAAO;EACP;EACD,CAAC;CAEF,MAAM,WAAW,KAAK,MAAM,KAAK,CAAC;AAElC,MAAK,MAAM,IAAI;EACb,kBAAkB,CAAC,GAAG,UAAU,GAAG,OAAO;EAC1C,4BAA4B,KAAK,KAAK,GAAG;EAC1C,CAAC;;;;;ACtBJ,MAAaC,kBAA4C;CACvD,MAAM;EACJ,cAAc;EACd,gBAAgB;EAChB,6BAA6B;EAC9B;CACD,MAAM;EACJ,cAAc;EACd,gBAAgB;EAChB,6BAA6B;EAC9B;CACD,OAAO;EACL,cAAc;EACd,gBAAgB;EAChB,6BAA6B;EAC9B;CACD,KAAK;EACH,cAAc;EACd,gBAAgB;EAChB,yBAAyB,CAAC,MAAM;EAChC,6BAA6B;EAC9B;CACD,QAAQ;EACN,cAAc;EACd,gBAAgB;EAChB,6BAA6B;EAC9B;CACD,SAAS;EACP,cAAc;EACd,gBAAgB;EAChB,6BAA6B;EAC9B;CACD,KAAK;EACH,cAAc;EAEd,gBAAgB;EAChB,6BAA6B;EAC9B;CACD,MAAM;EACJ,cAAc;EACd,gBAAgB;EAChB,6BAA6B;EAC9B;CACD,UAAU;EACR,cAAc;EACd,gBAAgB;EAChB,6BAA6B;EAC9B;CACD,KAAK;EACH,cAAc;EACd,gBAAgB;EAChB,yBAAyB,CAAC,MAAM;EAChC,6BAA6B;EAC7B,uBAAuB;EACxB;CACD,OAAO;EACL,cAAc;EACd,gBAAgB;EAChB,6BAA6B;EAC9B;CACD,OAAO;EACL,cAAc;EACd,gBAAgB;EAChB,yBAAyB,CAAC,QAAQ;EAClC,6BAA6B;EAC9B;CACD,SAAS;EACP,cAAc;EACd,gBAAgB;EAChB,6BAA6B;EAC9B;CACD,KAAK;EACH,cAAc;EACd,gBAAgB;EAChB,6BAA6B;EAC9B;CACD,OAAO;EACL,cAAc;EACd,gBAAgB;EAChB,6BAA6B;EAC9B;CACD,KAAK;EACH,cAAc;EACd,gBAAgB;EAChB,6BAA6B;EAC9B;CACD,MAAM;EACJ,cAAc;EACd,gBAAgB;EAChB,6BAA6B;EAC9B;CACF;;;;;ACrGD,MAAa,uCACX,4BACU;CAGV,MAAM,QAFS,OAAO,KAAK,gBAAgB,CAEtB,MAClB,YACC,gBAAgBC,SAAO,gCACvB,wBACH;AAED,eAAc,OAAO,kBAAkB,0BAA0B;AAEjE,QAAO;;;;;ACjBT,MAAa,uBAAuB,aAAa;AAEjD,MAAa,4BACX;;;;ACHF,MAAa,4BAA4B;AACzC,MAAa,sCACX;AAEF,MAAa,wBAAwB;CACnC,aAAa;CACb,MAAM,GAAG,0BAA0B;CACnC,sBAAsB;CACvB;;;;ACRD,IAAa,oBAAb,cAAuC,UAAU;CAE/C,YAAY,SAAiB;AAC3B,QAAM;GACJ,OAAO;GACP,MAAM;GACN,SAAS;GACT,MAAM;GACN,cAAc;GACf,CAAC"}