@dynamic-labs-sdk/client 1.8.2 → 1.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/android/src/main/java/xyz/dynamic/client/DynamicClientPackage.kt +10 -0
- package/android/src/main/java/xyz/dynamic/client/screenshot/ScreenshotProtectionModule.kt +48 -0
- package/dist/{InvalidParamError-c1J0Vmze.esm.js → InvalidParamError-BmFmxeXx.esm.js} +52 -5
- package/dist/InvalidParamError-BmFmxeXx.esm.js.map +1 -0
- package/dist/{InvalidParamError-BqFQnYCi.native.esm.js → InvalidParamError-BxBgwLQB.native.esm.js} +273 -5
- package/dist/InvalidParamError-BxBgwLQB.native.esm.js.map +1 -0
- package/dist/{InvalidParamError-CmwKWCyr.cjs → InvalidParamError-CGZRSAOn.cjs} +70 -5
- package/dist/InvalidParamError-CGZRSAOn.cjs.map +1 -0
- package/dist/NotWaasWalletAccountError-CkH85cm5.native.esm.js +18 -0
- package/dist/NotWaasWalletAccountError-CkH85cm5.native.esm.js.map +1 -0
- package/dist/NotWaasWalletAccountError-DO313zza.esm.js +18 -0
- package/dist/NotWaasWalletAccountError-DO313zza.esm.js.map +1 -0
- package/dist/NotWaasWalletAccountError-cIj987D7.cjs +23 -0
- package/dist/NotWaasWalletAccountError-cIj987D7.cjs.map +1 -0
- package/dist/core.cjs +29 -10
- package/dist/core.cjs.map +1 -1
- package/dist/core.esm.js +24 -6
- package/dist/core.esm.js.map +1 -1
- package/dist/core.native.esm.js +32 -7
- package/dist/core.native.esm.js.map +1 -1
- package/dist/errors/FlowSessionTokenMissingError.d.ts +7 -0
- package/dist/errors/FlowSessionTokenMissingError.d.ts.map +1 -0
- package/dist/exports/core.d.ts +4 -0
- package/dist/exports/core.d.ts.map +1 -1
- package/dist/exports/index.d.ts +28 -25
- package/dist/exports/index.d.ts.map +1 -1
- package/dist/exports/waasCore.d.ts +2 -0
- package/dist/exports/waasCore.d.ts.map +1 -1
- package/dist/{getNetworkProviderFromNetworkId-DXzopnuR.cjs → getNetworkProviderFromNetworkId-2wYAIZ6w.cjs} +20 -20
- package/dist/{getNetworkProviderFromNetworkId-DXzopnuR.cjs.map → getNetworkProviderFromNetworkId-2wYAIZ6w.cjs.map} +1 -1
- package/dist/{getNetworkProviderFromNetworkId-CGpE_Y95.esm.js → getNetworkProviderFromNetworkId-CsAg0JU7.esm.js} +18 -18
- package/dist/{getNetworkProviderFromNetworkId-CGpE_Y95.esm.js.map → getNetworkProviderFromNetworkId-CsAg0JU7.esm.js.map} +1 -1
- package/dist/{getNetworkProviderFromNetworkId-Cke-DBhx.native.esm.js → getNetworkProviderFromNetworkId-CxGbMwFL.native.esm.js} +13 -8
- package/dist/getNetworkProviderFromNetworkId-CxGbMwFL.native.esm.js.map +1 -0
- package/dist/{getSignedSessionId-C7YR-jNH.native.esm.js → getSignedSessionId-BZHJglv0.native.esm.js} +3 -3
- package/dist/{getSignedSessionId-C7YR-jNH.native.esm.js.map → getSignedSessionId-BZHJglv0.native.esm.js.map} +1 -1
- package/dist/{getSignedSessionId-CbWFH_TM.cjs → getSignedSessionId-E3o2_FL7.cjs} +3 -3
- package/dist/{getSignedSessionId-CbWFH_TM.cjs.map → getSignedSessionId-E3o2_FL7.cjs.map} +1 -1
- package/dist/{getSignedSessionId-C1uLkDjy.esm.js → getSignedSessionId-E9JM9zum.esm.js} +3 -3
- package/dist/{getSignedSessionId-C1uLkDjy.esm.js.map → getSignedSessionId-E9JM9zum.esm.js.map} +1 -1
- package/dist/getWaasWalletProviderFromWalletAccount-BaxUhLEp.cjs +19 -0
- package/dist/getWaasWalletProviderFromWalletAccount-BaxUhLEp.cjs.map +1 -0
- package/dist/getWaasWalletProviderFromWalletAccount-CXv6xEJZ.esm.js +14 -0
- package/dist/getWaasWalletProviderFromWalletAccount-CXv6xEJZ.esm.js.map +1 -0
- package/dist/getWaasWalletProviderFromWalletAccount-CeoFLRbo.native.esm.js +14 -0
- package/dist/getWaasWalletProviderFromWalletAccount-CeoFLRbo.native.esm.js.map +1 -0
- package/dist/{getVerifiedCredentialForWalletAccount-DPTHL1pO.esm.js → getWalletProviderByKey-AQmQQpmk.esm.js} +10 -17
- package/dist/getWalletProviderByKey-AQmQQpmk.esm.js.map +1 -0
- package/dist/{getVerifiedCredentialForWalletAccount-DAmdvMY5.native.esm.js → getWalletProviderByKey-C5w8qJ0f.native.esm.js} +10 -243
- package/dist/getWalletProviderByKey-C5w8qJ0f.native.esm.js.map +1 -0
- package/dist/{getVerifiedCredentialForWalletAccount-DidFNLGP.cjs → getWalletProviderByKey-DMNpwDEn.cjs} +11 -24
- package/dist/{getVerifiedCredentialForWalletAccount-DidFNLGP.cjs.map → getWalletProviderByKey-DMNpwDEn.cjs.map} +1 -1
- package/dist/index.cjs +2475 -2205
- package/dist/index.cjs.map +1 -1
- package/dist/index.esm.js +2439 -2174
- package/dist/index.esm.js.map +1 -1
- package/dist/index.native.esm.js +2479 -2210
- package/dist/index.native.esm.js.map +1 -1
- package/dist/{isMfaRequiredForAction-DCwLx4Ik.esm.js → isMfaRequiredForAction-BNgq1huY.esm.js} +2 -2
- package/dist/{isMfaRequiredForAction-DCwLx4Ik.esm.js.map → isMfaRequiredForAction-BNgq1huY.esm.js.map} +1 -1
- package/dist/{isMfaRequiredForAction-Dx4BPJVg.native.esm.js → isMfaRequiredForAction-BmJKVaMQ.native.esm.js} +2 -2
- package/dist/{isMfaRequiredForAction-Dx4BPJVg.native.esm.js.map → isMfaRequiredForAction-BmJKVaMQ.native.esm.js.map} +1 -1
- package/dist/{isMfaRequiredForAction-BNipdNF5.cjs → isMfaRequiredForAction-C9Fw0v_g.cjs} +2 -2
- package/dist/{isMfaRequiredForAction-BNipdNF5.cjs.map → isMfaRequiredForAction-C9Fw0v_g.cjs.map} +1 -1
- package/dist/modules/auth/social/oauth/signInWithSocialPopUp/signInWithSocialPopUp.d.ts +1 -1
- package/dist/modules/auth/social/oauth/signInWithSocialPopUp/signInWithSocialPopUp.d.ts.map +1 -1
- package/dist/modules/auth/social/oauth/signInWithSocialPopUp/signInWithSocialPopUp.types.d.ts +8 -0
- package/dist/modules/auth/social/oauth/signInWithSocialPopUp/signInWithSocialPopUp.types.d.ts.map +1 -1
- package/dist/modules/auth/social/oauth/unlinkSocialAccount/unlinkSocialAccount.d.ts +7 -1
- package/dist/modules/auth/social/oauth/unlinkSocialAccount/unlinkSocialAccount.d.ts.map +1 -1
- package/dist/modules/balances/getBalances/getBalances.d.ts +5 -2
- package/dist/modules/balances/getBalances/getBalances.d.ts.map +1 -1
- package/dist/modules/balances/getMultichainBalances/getMultichainBalances.d.ts +6 -3
- package/dist/modules/balances/getMultichainBalances/getMultichainBalances.d.ts.map +1 -1
- package/dist/modules/checkout/checkout.types.d.ts +6 -6
- package/dist/modules/checkout/checkout.types.d.ts.map +1 -1
- package/dist/modules/flow/attachFlowSource/attachFlowSource.d.ts +45 -0
- package/dist/modules/flow/attachFlowSource/attachFlowSource.d.ts.map +1 -0
- package/dist/modules/flow/attachFlowSource/index.d.ts +3 -0
- package/dist/modules/flow/attachFlowSource/index.d.ts.map +1 -0
- package/dist/modules/flow/events.d.ts +27 -0
- package/dist/modules/flow/events.d.ts.map +1 -0
- package/dist/modules/flow/flow.types.d.ts +8 -0
- package/dist/modules/flow/flow.types.d.ts.map +1 -0
- package/dist/modules/flow/getFlow/getFlow.d.ts +15 -0
- package/dist/modules/flow/getFlow/getFlow.d.ts.map +1 -0
- package/dist/modules/flow/getFlow/index.d.ts +3 -0
- package/dist/modules/flow/getFlow/index.d.ts.map +1 -0
- package/dist/modules/flow/getFlowQuote/getFlowQuote.d.ts +28 -0
- package/dist/modules/flow/getFlowQuote/getFlowQuote.d.ts.map +1 -0
- package/dist/modules/flow/getFlowQuote/index.d.ts +3 -0
- package/dist/modules/flow/getFlowQuote/index.d.ts.map +1 -0
- package/dist/modules/flow/prepareFlowSigning/index.d.ts +3 -0
- package/dist/modules/flow/prepareFlowSigning/index.d.ts.map +1 -0
- package/dist/modules/flow/prepareFlowSigning/prepareFlowSigning.d.ts +28 -0
- package/dist/modules/flow/prepareFlowSigning/prepareFlowSigning.d.ts.map +1 -0
- package/dist/modules/flow/utils/clearFlowSessionToken/clearFlowSessionToken.d.ts +22 -0
- package/dist/modules/flow/utils/clearFlowSessionToken/clearFlowSessionToken.d.ts.map +1 -0
- package/dist/modules/flow/utils/clearFlowSessionToken/index.d.ts +3 -0
- package/dist/modules/flow/utils/clearFlowSessionToken/index.d.ts.map +1 -0
- package/dist/modules/flow/utils/createFlowApiClient/createFlowApiClient.d.ts +14 -0
- package/dist/modules/flow/utils/createFlowApiClient/createFlowApiClient.d.ts.map +1 -0
- package/dist/modules/flow/utils/createFlowApiClient/index.d.ts +2 -0
- package/dist/modules/flow/utils/createFlowApiClient/index.d.ts.map +1 -0
- package/dist/modules/flow/utils/createFlowSessionTokenStorageKey/createFlowSessionTokenStorageKey.d.ts +3 -0
- package/dist/modules/flow/utils/createFlowSessionTokenStorageKey/createFlowSessionTokenStorageKey.d.ts.map +1 -0
- package/dist/modules/flow/utils/createFlowSessionTokenStorageKey/index.d.ts +2 -0
- package/dist/modules/flow/utils/createFlowSessionTokenStorageKey/index.d.ts.map +1 -0
- package/dist/modules/flow/utils/withFlowSessionTokenCleanupOn401/index.d.ts +3 -0
- package/dist/modules/flow/utils/withFlowSessionTokenCleanupOn401/index.d.ts.map +1 -0
- package/dist/modules/flow/utils/withFlowSessionTokenCleanupOn401/withFlowSessionTokenCleanupOn401.d.ts +16 -0
- package/dist/modules/flow/utils/withFlowSessionTokenCleanupOn401/withFlowSessionTokenCleanupOn401.d.ts.map +1 -0
- package/dist/modules/screenshotProtection/setScreenshotProtection/setScreenshotProtection.d.ts +15 -0
- package/dist/modules/screenshotProtection/setScreenshotProtection/setScreenshotProtection.d.ts.map +1 -0
- package/dist/modules/screenshotProtection/setScreenshotProtection/setScreenshotProtection.types.d.ts +14 -0
- package/dist/modules/screenshotProtection/setScreenshotProtection/setScreenshotProtection.types.d.ts.map +1 -0
- package/dist/modules/waas/createWaasClient/createNativeWaasSDKContainer.d.ts +15 -0
- package/dist/modules/waas/createWaasClient/createNativeWaasSDKContainer.d.ts.map +1 -0
- package/dist/modules/waas/createWaasProvider/createWaasProvider.d.ts.map +1 -1
- package/dist/modules/waas/exportWaasPrivateKeyToContainer/exportWaasPrivateKeyToContainer.d.ts +33 -0
- package/dist/modules/waas/exportWaasPrivateKeyToContainer/exportWaasPrivateKeyToContainer.d.ts.map +1 -0
- package/dist/modules/waas/exportWaasPrivateKeyToContainer/index.d.ts +2 -0
- package/dist/modules/waas/exportWaasPrivateKeyToContainer/index.d.ts.map +1 -0
- package/dist/modules/waas/waas.types.d.ts +3 -1
- package/dist/modules/waas/waas.types.d.ts.map +1 -1
- package/dist/modules/wallets/networks/getBalance/getBalance.d.ts +5 -1
- package/dist/modules/wallets/networks/getBalance/getBalance.d.ts.map +1 -1
- package/dist/{NotWaasWalletAccountError-CgwG_c2-.esm.js → refreshAuth-CVUpYNs6.native.esm.js} +4 -18
- package/dist/refreshAuth-CVUpYNs6.native.esm.js.map +1 -0
- package/dist/{NotWaasWalletAccountError-Be0QB89x.native.esm.js → refreshAuth-D8dU3BLP.esm.js} +4 -18
- package/dist/refreshAuth-D8dU3BLP.esm.js.map +1 -0
- package/dist/{NotWaasWalletAccountError-DKEpLrGc.cjs → refreshAuth-DfcR3CWf.cjs} +4 -24
- package/dist/refreshAuth-DfcR3CWf.cjs.map +1 -0
- package/dist/services/instrumentation/connectLoggerToInstrumentation/connectLoggerToInstrumentation.d.ts.map +1 -1
- package/dist/services/instrumentation/instrumentFunction/instrumentFunction.d.ts.map +1 -1
- package/dist/services/instrumentation/instrumentation.types.d.ts +6 -0
- package/dist/services/instrumentation/instrumentation.types.d.ts.map +1 -1
- package/dist/tsconfig.lib.tsbuildinfo +1 -1
- package/dist/utils/getOperatingSystem/getOperatingSystem.d.ts +13 -0
- package/dist/utils/getOperatingSystem/getOperatingSystem.d.ts.map +1 -0
- package/dist/utils/getOperatingSystem/getOperatingSystem.types.d.ts +8 -0
- package/dist/utils/getOperatingSystem/getOperatingSystem.types.d.ts.map +1 -0
- package/dist/utils/getPlatform/getPlatform.d.ts +11 -0
- package/dist/utils/getPlatform/getPlatform.d.ts.map +1 -0
- package/dist/utils/getPlatform/getPlatform.types.d.ts +8 -0
- package/dist/utils/getPlatform/getPlatform.types.d.ts.map +1 -0
- package/dist/waas.cjs +24 -32
- package/dist/waas.cjs.map +1 -1
- package/dist/waas.esm.js +4 -12
- package/dist/waas.esm.js.map +1 -1
- package/dist/waas.native.esm.js +4 -12
- package/dist/waas.native.esm.js.map +1 -1
- package/dist/waasCore.cjs +39 -4
- package/dist/waasCore.cjs.map +1 -1
- package/dist/waasCore.esm.js +39 -5
- package/dist/waasCore.esm.js.map +1 -1
- package/dist/waasCore.native.esm.js +68 -10
- package/dist/waasCore.native.esm.js.map +1 -1
- package/ios/DynamicClientScreenshotProtection.h +4 -0
- package/ios/DynamicClientScreenshotProtection.mm +137 -0
- package/package.json +5 -5
- package/src/turboModules/NativeScreenshotProtection.native.spec.ts +57 -0
- package/src/turboModules/NativeScreenshotProtection.ts +26 -0
- package/dist/InvalidParamError-BqFQnYCi.native.esm.js.map +0 -1
- package/dist/InvalidParamError-CmwKWCyr.cjs.map +0 -1
- package/dist/InvalidParamError-c1J0Vmze.esm.js.map +0 -1
- package/dist/NotWaasWalletAccountError-Be0QB89x.native.esm.js.map +0 -1
- package/dist/NotWaasWalletAccountError-CgwG_c2-.esm.js.map +0 -1
- package/dist/NotWaasWalletAccountError-DKEpLrGc.cjs.map +0 -1
- package/dist/getNetworkProviderFromNetworkId-Cke-DBhx.native.esm.js.map +0 -1
- package/dist/getVerifiedCredentialForWalletAccount-DAmdvMY5.native.esm.js.map +0 -1
- package/dist/getVerifiedCredentialForWalletAccount-DPTHL1pO.esm.js.map +0 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"waasCore.native.esm.js","names":["REASON_BY_NATIVE_CODE: Record<string, WebViewLoadFailureReason>","reason: WebViewLoadFailureReason","NativeDynamicWebView","messageHandlers: Array<(data: unknown) => void>","errorHandlers: Array<(error: unknown) => void>","subscription: { remove: () => void } | null","createWaasClient: CreateWaasClient","_waasClient: DynamicWalletClient | undefined","getWaasClient: WaasProvider['getWaasClient']","backupKeySharesToGoogleDrive: WaasProvider['backupKeySharesToGoogleDrive']","createWalletAccount: WaasProvider['createWalletAccount']","delegateKeyShares: WaasProvider['delegateKeyShares']","exportClientKeyshares: WaasProvider['exportClientKeyshares']","exportPrivateKey: WaasProvider['exportPrivateKey']","getElevatedAccessToken","restoreUserShareForWalletAccount: WaasProvider['restoreUserShareForWalletAccount']","importPrivateKey: WaasProvider['importPrivateKey']","refreshWalletAccountShares: WaasProvider['refreshWalletAccountShares']","revokeDelegation: WaasProvider['revokeDelegation']","setWaasWalletAccountPassword: WaasProvider['setWaasWalletAccountPassword']","signRawMessage: WaasProvider['signRawMessage']","destroy: WaasProvider['destroy']","updatePassword: WaasProvider['updatePassword']","signMessage: WaasProvider['signMessage']","signSerializedTransaction: WaasProvider['signSerializedTransaction']","getWalletRecoveryState: WaasProvider['getWalletRecoveryState']","unlockWallet: WaasProvider['unlockWallet']","packageName","packageVersion"],"sources":["../src/errors/CorruptedKeyShareError.ts","../src/turboModules/NativeDynamicWebView.ts","../src/errors/WebViewLoadFailedError.ts","../src/modules/waas/createWaasClient/translateNativeOpenError.ts","../src/modules/waas/createWaasClient/createWaasSDKContainer.native.ts","../src/modules/waas/createWaasClient/createWaasClient.native.ts","../src/modules/waas/getWaasChainNameFromChain/getWaasChainNameFromChain.ts","../src/modules/waas/createWaasProvider/createWaasProvider.ts","../src/modules/waas/getAllUserWaasAddressesForChain/getAllUserWaasAddressesForChain.ts","../src/exports/waasCore.ts"],"sourcesContent":["import { BaseError } from './base';\n\ntype CorruptedKeyShareErrorParams = {\n cause?: Error | null;\n};\n\n/**\n * Thrown when a persisted client key share cannot be parsed back into its\n * structured form (e.g. a partially-written or corrupted keychain entry).\n *\n * Surfaced as a typed error rather than swallowed so callers can distinguish\n * \"no key share stored\" (empty result) from \"key share exists but is\n * unreadable\" — the latter must never be silently treated as the former,\n * which could trigger an unintended re-keygen that overwrites recoverable\n * material.\n */\nexport class CorruptedKeyShareError extends BaseError {\n constructor({ cause = null }: CorruptedKeyShareErrorParams = {}) {\n super({\n cause,\n code: 'corrupted_key_share_error',\n details:\n 'The stored client key share could not be parsed. The secure storage entry may be partially written or corrupted.',\n docsUrl: null,\n name: 'CorruptedKeyShareError',\n shortMessage: 'Stored client key share is corrupted and cannot be read.',\n });\n }\n}\n","// This file is a TurboModule spec consumed by React Native codegen.\n// The `interface`, `default export`, and the `react-native` import are hard\n// requirements of the codegen parser and intentionally deviate from the\n// project's conventions. Codegen discovers specs by the `Native*` filename\n// prefix, so this file cannot be renamed to `.native.ts`.\n\nimport { type TurboModule, TurboModuleRegistry } from 'react-native';\nimport type { UnsafeObject } from 'react-native/Libraries/Types/CodegenTypes';\n\nexport interface Spec extends TurboModule {\n addListener(eventName: string): void;\n close(instanceId: string): void;\n /**\n * Creates a WKWebView for the given instanceId and begins loading `url`.\n *\n * Resolves on `didCommit` — i.e. the first byte of a 2xx/3xx HTTP\n * response has been received and content parsing has started. Page-ready\n * (e.g. the hosted iframe's `iframe-ready-*` handshake) is a separate\n * concern and must be observed by the caller via the message bus; this\n * Promise does not wait for it.\n *\n * Rejects with a `code` of `webview_<reason>` where `<reason>` is one of:\n * - `invalid_url` — URL string was not parseable\n * - `no_host_view` — no foreground window to attach the WebView\n * - `http_error` — response status was >= 400 (userInfo contains `DynamicWebViewStatusCode`)\n * - `navigation_failed` — DNS, TLS, connection failure, or post-commit abort\n * - `cancelled` — `close(instanceId)` was called while this open was pending\n * - `instance_busy` — `open` was called for an instanceId that already has an active WebView\n * - `content_process_terminated` — the WKWebView WebContent process died during load\n * - `unsupported` — the device's Android System WebView is too old to support the secure bridge (Android only)\n *\n * rejection codes into typed `WebViewLoadFailedError` instances.\n */\n open(instanceId: string, url: string): Promise<void>;\n removeListeners(count: number): void;\n sendMessage(instanceId: string, data: UnsafeObject): void;\n}\n\n// eslint-disable-next-line import/no-default-export\nexport default TurboModuleRegistry.get<Spec>('DynamicClientWebView');\n","import { BaseError } from './base/BaseError';\n\n/**\n * Discriminator for `WebViewLoadFailedError`. Identifies the specific\n * failure mode so callers can branch on it (e.g. retry on transient\n * navigation failures, abort on invalid URL, treat HTTP errors distinct\n * from network errors).\n */\nexport type WebViewLoadFailureReason =\n | 'invalid_url'\n | 'no_host_view'\n | 'http_error'\n | 'navigation_failed'\n | 'cancelled'\n | 'instance_busy'\n | 'content_process_terminated'\n | 'unsupported';\n\ntype WebViewLoadFailedErrorParams = {\n cause?: Error | null;\n reason: WebViewLoadFailureReason;\n shortMessage: string;\n /** HTTP response status code. Populated only when `reason === 'http_error'`. */\n statusCode?: number;\n /** Underlying OS-level error description (e.g. `NSURLErrorDomain`\n * localizedDescription). Populated for `reason === 'navigation_failed'`. */\n underlyingError?: string;\n};\n\n/**\n * Thrown when `DynamicWebView.open()` (via the WaaS transport provider)\n * fails to establish a usable load. Inspect `reason` to distinguish the\n * failure mode; `statusCode` and `underlyingError` provide structured\n * metadata for the cases that have it.\n */\nexport class WebViewLoadFailedError extends BaseError {\n readonly reason: WebViewLoadFailureReason;\n readonly statusCode: number | undefined;\n readonly underlyingError: string | undefined;\n\n constructor({\n reason,\n shortMessage,\n cause = null,\n statusCode,\n underlyingError,\n }: WebViewLoadFailedErrorParams) {\n super({\n cause,\n code: 'webview_load_failed_error',\n details: underlyingError,\n docsUrl: null,\n name: 'WebViewLoadFailedError',\n shortMessage,\n });\n this.reason = reason;\n this.statusCode = statusCode;\n this.underlyingError = underlyingError;\n }\n}\n","import {\n WebViewLoadFailedError,\n type WebViewLoadFailureReason,\n} from '../../../errors/WebViewLoadFailedError';\n\n// Maps the native-side RCT reject codes (emitted by DynamicWebView.mm) to the\n// JS-level discriminator on `WebViewLoadFailedError`. Keys must stay in sync\n// with the `Reason.*` strings in DynamicWebViewImpl.swift.\nconst REASON_BY_NATIVE_CODE: Record<string, WebViewLoadFailureReason> = {\n webview_cancelled: 'cancelled',\n webview_content_process_terminated: 'content_process_terminated',\n webview_http_error: 'http_error',\n webview_instance_busy: 'instance_busy',\n webview_invalid_url: 'invalid_url',\n webview_navigation_failed: 'navigation_failed',\n webview_no_host_view: 'no_host_view',\n webview_unsupported: 'unsupported',\n};\n\n// React Native serializes the native NSError's userInfo onto the JS Error as\n// `userInfo`. These keys must stay in sync with the `errorStatusCodeKey` /\n// `errorUnderlyingDescriptionKey` constants in DynamicWebViewImpl.swift.\ntype NativeRejection = {\n code?: string;\n message?: string;\n userInfo?: {\n DynamicWebViewStatusCode?: number;\n DynamicWebViewUnderlying?: string;\n };\n};\n\n/**\n * Translates a native `DynamicWebView.open()` rejection into a typed\n * `WebViewLoadFailedError`. Maps the native RCT reject code to the JS-level\n * `WebViewLoadFailureReason` discriminator (falling back to\n * `navigation_failed` for unrecognized codes) and carries through the\n * structured `statusCode` / `underlyingError` metadata.\n *\n * The `reason` it produces is the contract `createWaasSDKContainer` branches\n * on — notably `emitError` swallows `cancelled` because that code is only ever\n * produced by our own `close()` teardown (verified on both the iOS and Android\n * native sides). Keep `REASON_BY_NATIVE_CODE` in sync with the native reject\n * codes so that branching stays correct.\n *\n * @not-instrumented\n */\nexport const translateNativeOpenError = (\n err: unknown\n): WebViewLoadFailedError => {\n const rejection = (err ?? {}) as NativeRejection;\n\n // Must check the KEYS of REASON_BY_NATIVE_CODE (the `webview_*` native\n // codes), not its values (the JS-level reasons) — this is called with the\n // native code, so checking values made every code fall through to\n // `navigation_failed` and silently broke the `cancelled` swallow.\n const isNativeRejectionCode = (\n code: string | undefined\n ): code is keyof typeof REASON_BY_NATIVE_CODE =>\n code != undefined && code in REASON_BY_NATIVE_CODE;\n\n const reason: WebViewLoadFailureReason = isNativeRejectionCode(rejection.code)\n ? REASON_BY_NATIVE_CODE[rejection.code]\n : 'navigation_failed';\n return new WebViewLoadFailedError({\n cause: err instanceof Error ? err : null,\n reason,\n shortMessage:\n rejection.message ?? `DynamicWebView open failed (${reason}).`,\n statusCode: rejection.userInfo?.DynamicWebViewStatusCode,\n underlyingError: rejection.userInfo?.DynamicWebViewUnderlying,\n });\n};\n","import type { WaasSDKContainer } from '@dynamic-labs-wallet/core';\nimport { NativeEventEmitter } from 'react-native';\n\nimport { NativeModuleNotLinkedError } from '../../../errors/NativeModuleNotLinkedError';\nimport NativeDynamicWebView from '../../../turboModules/NativeDynamicWebView';\nimport { translateNativeOpenError } from './translateNativeOpenError';\n\nconst NATIVE_MODULE_NAME = 'DynamicClientWebView';\nconst MESSAGE_EVENT_NAME = 'dynamicBridgeMessage';\n\ntype BridgeEventPayload = {\n data: unknown;\n instanceId: string;\n};\n\nconst generateInstanceId = (): string =>\n `${Date.now().toString(36)}-${crypto.randomUUID()}`;\n\n/**\n * Creates a React Native `WaasSDKContainer` backed by a native WebView\n * (WKWebView on iOS, `android.webkit.WebView` on Android) hosted by the\n * `DynamicClientWebView` TurboModule. Each invocation returns an isolated\n * container with its own instance ID, native WebView, and message routing.\n *\n * @not-instrumented\n */\nexport const createWaasSDKContainer = (): WaasSDKContainer => {\n if (!NativeDynamicWebView) {\n throw new NativeModuleNotLinkedError({ moduleName: NATIVE_MODULE_NAME });\n }\n\n const nativeModule = NativeDynamicWebView;\n const instanceId = generateInstanceId();\n // Construct the emitter against the TurboModule itself — on New Arch,\n // `NativeModules[name]` can be a different compatibility-shim object,\n // and binding `addListener`/`removeListeners` on the wrong instance\n // leaves `startObserving` in the native emitter never firing.\n const emitter = new NativeEventEmitter(\n nativeModule as unknown as ConstructorParameters<\n typeof NativeEventEmitter\n >[0]\n );\n\n // IframeManager on the WaaS SDK calls `container.onMessage(handler)` twice\n // on the same container — once to wait for the `iframe-ready-*` handshake,\n // and once later from `setupWaasSDKContainerBridge` to forward transport\n // messages. Both handlers need to receive every message, so the container\n // fans out to all registered handlers instead of enforcing single-register.\n const messageHandlers: Array<(data: unknown) => void> = [];\n const errorHandlers: Array<(error: unknown) => void> = [];\n let subscription: { remove: () => void } | null = null;\n let destroyed = false;\n\n const emitError = (err: unknown): void => {\n if (destroyed) return;\n const translated = translateNativeOpenError(err);\n // `cancelled` is only ever produced by our own `close()` teardown path on\n // the native side. Surfacing it via onError would make consumers like\n // IframeManager interpret their own destroy as a load failure and retry\n // against a provider that no longer exists.\n if (translated.reason === 'cancelled') return;\n for (const handler of errorHandlers) {\n handler(translated);\n }\n };\n\n return {\n destroy() {\n if (destroyed) return;\n destroyed = true;\n\n subscription?.remove();\n subscription = null;\n messageHandlers.length = 0;\n errorHandlers.length = 0;\n nativeModule.close(instanceId);\n },\n\n isAlive: () => !destroyed,\n\n // Signature is dictated by the upstream WaasSDKContainer interface.\n // eslint-disable-next-line custom-rules/require-single-object-param\n onError(handler: (error: unknown) => void) {\n errorHandlers.push(handler);\n return () => {\n const index = errorHandlers.indexOf(handler);\n if (index !== -1) errorHandlers.splice(index, 1);\n };\n },\n\n // Signature is dictated by the upstream WaasSDKContainer interface.\n // eslint-disable-next-line custom-rules/require-single-object-param\n onMessage(handler: (data: unknown) => void) {\n messageHandlers.push(handler);\n\n subscription ??= emitter.addListener(\n MESSAGE_EVENT_NAME,\n (payload: BridgeEventPayload) => {\n if (payload.instanceId !== instanceId) return;\n\n for (const fn of messageHandlers) {\n fn(payload.data);\n }\n }\n );\n\n // WaaS client expects onMessage to return an unsubscribe function —\n // used e.g. to tear down the one-shot handshake handler.\n return () => {\n const index = messageHandlers.indexOf(handler);\n if (index !== -1) messageHandlers.splice(index, 1);\n if (messageHandlers.length === 0) {\n subscription?.remove();\n subscription = null;\n }\n };\n },\n\n sendMessage(data: Record<string, unknown>) {\n nativeModule.sendMessage(instanceId, data);\n },\n /**\n * Hands the URL off to the native WebView and resolves immediately.\n *\n * Per the `WaasSDKContainer` contract (see `@dynamic-labs-wallet/core`\n * types), `setUrl` resolves once the URL has been handed off to the\n * container — NOT when the page has finished loading. Load completion is\n * signalled later via the `iframe-ready-*` message on `onMessage`, and\n * navigation failures surface via `onError`. This dispatch-and-forget\n * shape is load-bearing: the WaaS handshake sequencing expects `setUrl` to\n * resolve before the first message arrives, so `nativeModule.open` is\n * intentionally NOT awaited/returned — its rejection (HTTP errors,\n * navigation failures, preflight errors, etc.) is routed through\n * `emitError` instead. Do not change this to `return nativeModule.open(...)`.\n */\n // Signature is dictated by the upstream WaasSDKContainer interface.\n // eslint-disable-next-line custom-rules/require-single-object-param\n async setUrl(url: string) {\n nativeModule.open(instanceId, url).catch(emitError);\n },\n };\n};\n","import type { AuthMode } from '@dynamic-labs-wallet/browser-wallet-client';\nimport { DynamicWalletClient } from '@dynamic-labs-wallet/browser-wallet-client';\nimport type { SecureStorageAdapter } from '@dynamic-labs-wallet/core';\nimport {\n ACCESSIBLE,\n getGenericPassword,\n resetGenericPassword,\n setGenericPassword,\n} from 'react-native-keychain';\n\nimport { getCore } from '../../../client/core/getCore';\nimport { CorruptedKeyShareError } from '../../../errors/CorruptedKeyShareError';\nimport { CLIENT_SDK_NAME } from '../../apiClient/constants';\nimport { isCookieEnabled } from '../../projectSettings/isCookieEnabled';\nimport {\n DEFAULT_WAAS_BASE_API_URL,\n DEFAULT_WAAS_BASE_MPC_RELAY_API_URL,\n} from '../constants';\nimport type { CreateWaasClient } from './createWaasClient.types';\nimport { createWaasSDKContainer } from './createWaasSDKContainer.native';\n\n/**\n * Keychain security options for the client key share. The share is wallet\n * key material that cannot be re-derived locally, so the options are pinned\n * explicitly rather than inherited from `react-native-keychain` defaults\n * (which vary across versions and platforms).\n *\n * `WHEN_UNLOCKED_THIS_DEVICE_ONLY` keeps the share readable only while the\n * device is unlocked, excludes it from iCloud Keychain sync, and prevents it\n * migrating to a new device on encrypted-backup restore. It deliberately does\n * NOT set `accessControl` (e.g. biometry) — reads must not surface a Face ID /\n * passcode prompt, since the share is read on routine wallet operations.\n */\nconst KEY_SHARE_KEYCHAIN_OPTIONS = {\n accessible: ACCESSIBLE.WHEN_UNLOCKED_THIS_DEVICE_ONLY,\n} as const;\n\n/** @not-instrumented */\nexport const createWaasClient: CreateWaasClient = ({ chainName }, client) => {\n const core = getCore(client);\n\n const additionalTrustedOrigins = core.waas?.additionalTrustedOrigins;\n\n // Namespace the keychain service by environment so two environmentIds on the\n // same device (or two dApps that observe the same account) can't collide and\n // mix key shares. The account address alone is not unique across environments.\n const getKeyShareService = (accountAddress: string): string =>\n `${core.environmentId}:${accountAddress}`;\n\n return new DynamicWalletClient(\n {\n authMode: (isCookieEnabled(client) ? 'cookie' : 'header') as AuthMode,\n authToken: client.token || '',\n baseApiUrl: (core.apiBaseUrl || DEFAULT_WAAS_BASE_API_URL).replace(\n '/api/v0',\n ''\n ),\n baseMPCRelayApiUrl:\n client.projectSettings?.sdk.waas?.relayUrl ||\n DEFAULT_WAAS_BASE_MPC_RELAY_API_URL,\n chainName,\n environmentId: core.environmentId,\n sdkVersion: `${CLIENT_SDK_NAME}/${core.version}`,\n ...(additionalTrustedOrigins == undefined\n ? {}\n : { additionalTrustedOrigins }),\n },\n {\n createWaasSDKContainer,\n // Typed as the upstream SecureStorageAdapter so the key-share method\n // signatures (and the `shares` payload type) stay compiler-enforced\n // against the WaaS SDK contract rather than re-declared locally.\n secureStorage: {\n getClientKeyShare: async (accountAddress) => {\n const result = await getGenericPassword({\n service: getKeyShareService(accountAddress),\n });\n\n if (!result) {\n return [];\n }\n\n // A corrupted or partially-written keychain entry makes JSON.parse\n // throw mid key-share load. Surface a typed error instead of an\n // unhandled rejection so callers can distinguish \"no share stored\"\n // (empty result above) from \"share exists but is unreadable\".\n try {\n return JSON.parse(result.password);\n } catch (cause) {\n throw new CorruptedKeyShareError({\n cause: cause instanceof Error ? cause : null,\n });\n }\n },\n\n removeClientKeyShare: async (accountAddress) => {\n await resetGenericPassword({\n service: getKeyShareService(accountAddress),\n });\n },\n\n setClientKeyShare: async (accountAddress, shares) => {\n await setGenericPassword(accountAddress, JSON.stringify(shares), {\n ...KEY_SHARE_KEYCHAIN_OPTIONS,\n service: getKeyShareService(accountAddress),\n });\n },\n } satisfies SecureStorageAdapter,\n }\n );\n};\n","import type { Chain } from '../../chain';\nimport { CHAINS_INFO_MAP } from '../../wallets/constants';\n\n/** @not-instrumented */\n// eslint-disable-next-line custom-rules/require-single-object-param\nexport const getWaasChainNameFromChain = (chain: Chain): string => {\n return CHAINS_INFO_MAP[chain].waasChainNameOverride || chain;\n};\n","import {\n type BitcoinConfig,\n type DynamicWalletClient,\n ThresholdSignatureScheme,\n WalletOperation,\n} from '@dynamic-labs-wallet/browser-wallet-client';\nimport { MFAAction, TokenScope } from '@dynamic-labs/sdk-api-core';\n\nimport { getCore } from '../../../client/core/getCore';\nimport type { DynamicClient } from '../../../client/types/DynamicClient';\nimport { InvalidParamError } from '../../../errors/InvalidParamError';\nimport { getElevatedAccessToken } from '../../auth/getElevatedAccessToken';\nimport type { Chain } from '../../chain';\nimport { consumeMfaTokenIfRequiredForAction } from '../../mfa/consumeMfaTokenIfRequiredForAction';\nimport { getSignedSessionId } from '../../sessionKeys/getSignedSessionId';\nimport { createWaasClient } from '../createWaasClient';\nimport { getWaasChainNameFromChain } from '../getWaasChainNameFromChain';\nimport type { WaasProvider } from '../waas.types';\n\nconst RAW_MESSAGE_MESSAGE_REQUIRED_LENGTH = 64;\n\ntype CreateWaasProviderParams = {\n chain: Chain;\n sdkClient: DynamicClient;\n};\n\n/** @not-instrumented */\nexport const createWaasProvider = ({\n sdkClient,\n chain,\n}: CreateWaasProviderParams): WaasProvider => {\n const logger = getCore(sdkClient).logger;\n\n let _waasClient: DynamicWalletClient | undefined;\n\n // because the waas client needs the authToken to be set, we can only create it\n // the first time it's needed, which is after the user has logged in\n const getWaasClient: WaasProvider['getWaasClient'] = async () => {\n if (!_waasClient) {\n _waasClient = createWaasClient(\n { chainName: getWaasChainNameFromChain(chain) },\n sdkClient\n );\n await _waasClient.initialize();\n }\n return _waasClient;\n };\n\n const backupKeySharesToGoogleDrive: WaasProvider['backupKeySharesToGoogleDrive'] =\n async ({ googleDriveAccessToken, password, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n return waasClient.backupKeySharesToGoogleDrive({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n googleDriveAccessToken,\n password,\n signedSessionId,\n });\n };\n\n const createWalletAccount: WaasProvider['createWalletAccount'] = async (\n args = {}\n ) => {\n logger.debug('[createWaasProvider] createWalletAccount', {\n bitcoinConfig: args.bitcoinConfig,\n thresholdSignatureScheme: args.thresholdSignatureScheme,\n });\n\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n const waasWallet = await waasClient.createWalletAccount({\n authToken: sdkClient.token ?? undefined,\n bitcoinConfig: args.bitcoinConfig as BitcoinConfig | undefined,\n password: args.password,\n signedSessionId,\n thresholdSignatureScheme:\n args.thresholdSignatureScheme ?? ThresholdSignatureScheme.TWO_OF_TWO,\n });\n\n return waasWallet;\n };\n\n const delegateKeyShares: WaasProvider['delegateKeyShares'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.delegateKeyShares({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n const exportClientKeyshares: WaasProvider['exportClientKeyshares'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n await waasClient.exportClientKeyshares({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n const exportPrivateKey: WaasProvider['exportPrivateKey'] = async ({\n displayContainer,\n walletAccount,\n password,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasExport },\n sdkClient\n );\n\n // Forward any elevated access token previously obtained via step-up\n // (e.g. requestExternalAuthElevatedToken) so the backend authorizes\n // the export under the wallet:export scope.\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletexport },\n sdkClient\n );\n\n await waasClient.exportPrivateKey({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n displayContainer,\n elevatedAccessToken,\n mfaToken,\n password,\n signedSessionId,\n });\n };\n\n const restoreUserShareForWalletAccount: WaasProvider['restoreUserShareForWalletAccount'] =\n async ({ walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n await waasClient.getWallet({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n signedSessionId,\n walletOperation: WalletOperation.SIGN_MESSAGE,\n });\n };\n\n const importPrivateKey: WaasProvider['importPrivateKey'] = async ({\n privateKey,\n thresholdSignatureScheme = ThresholdSignatureScheme.TWO_OF_TWO,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const walletClient = await getWaasClient();\n\n await walletClient.importPrivateKey({\n authToken: sdkClient.token ?? undefined,\n privateKey,\n signedSessionId,\n thresholdSignatureScheme,\n });\n };\n\n const refreshWalletAccountShares: WaasProvider['refreshWalletAccountShares'] =\n async ({ password, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const walletClient = await getWaasClient();\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasRefresh },\n sdkClient\n );\n\n return walletClient.refreshWalletAccountShares({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n mfaToken,\n password,\n signedSessionId,\n });\n };\n\n const revokeDelegation: WaasProvider['revokeDelegation'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.revokeDelegation({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n const setWaasWalletAccountPassword: WaasProvider['setWaasWalletAccountPassword'] =\n async ({ password, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n return waasClient.setPassword({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n newPassword: password,\n signedSessionId,\n });\n };\n\n const signRawMessage: WaasProvider['signRawMessage'] = async ({\n message,\n password,\n walletAccount,\n }) => {\n if (message.length !== RAW_MESSAGE_MESSAGE_REQUIRED_LENGTH) {\n throw new InvalidParamError(\n `Message must be ${RAW_MESSAGE_MESSAGE_REQUIRED_LENGTH} characters long`\n );\n }\n\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasSign },\n sdkClient\n );\n\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletsign },\n sdkClient\n );\n\n const walletClient = await getWaasClient();\n\n const signature = await walletClient.signRawMessage({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n elevatedAccessToken,\n message,\n mfaToken,\n password,\n signedSessionId,\n });\n\n return { signature };\n };\n\n const destroy: WaasProvider['destroy'] = async (args) => {\n if (!_waasClient) {\n return;\n }\n\n const waasClient = await getWaasClient();\n // When a session token expires, we preserve key shares in storage instead\n // of clearing them. Customers with short-lived sessions (minutes) were\n // hitting excessive server-side share recovery on every re-login, which\n // also forced users to re-enter their wallet password since the unlocked\n // share only lives for the duration of the session.\n //\n // This is safe because the waas-sdk separately fingerprints the user\n // (sub + environment_id) and clears all storage if a different user logs\n // in. On explicit user-initiated logout, shares are always cleared for\n // security.\n if (args?.reason !== 'token-expired') {\n await waasClient.cleanup();\n }\n _waasClient = undefined;\n };\n\n const updatePassword: WaasProvider['updatePassword'] = async ({\n walletAccount,\n currentPassword,\n newPassword,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.updatePassword({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n existingPassword: currentPassword,\n newPassword,\n signedSessionId,\n });\n };\n\n const signMessage: WaasProvider['signMessage'] = async ({\n message,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasSign },\n sdkClient\n );\n\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletsign },\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n const signature = await waasClient.signMessage({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n elevatedAccessToken,\n message,\n mfaToken,\n signedSessionId,\n });\n\n return { signature };\n };\n\n const signSerializedTransaction: WaasProvider['signSerializedTransaction'] =\n async ({ chainId, serializedTransaction, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasSign },\n sdkClient\n );\n\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletsign },\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n const signature = await waasClient.signTransaction({\n authToken: sdkClient.token ?? undefined,\n chainId,\n elevatedAccessToken,\n mfaToken,\n senderAddress: walletAccount.address,\n signedSessionId,\n transaction: serializedTransaction,\n });\n\n return { signature };\n };\n\n const getWalletRecoveryState: WaasProvider['getWalletRecoveryState'] =\n async ({ walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n return waasClient.getWalletRecoveryState({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n signedSessionId,\n });\n };\n\n const unlockWallet: WaasProvider['unlockWallet'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.unlockWallet({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n return {\n backupKeySharesToGoogleDrive,\n createWalletAccount,\n delegateKeyShares,\n destroy,\n exportClientKeyshares,\n exportPrivateKey,\n getWaasClient,\n getWalletRecoveryState,\n importPrivateKey,\n refreshWalletAccountShares,\n restoreUserShareForWalletAccount,\n revokeDelegation,\n setWaasWalletAccountPassword,\n signMessage,\n signRawMessage,\n signSerializedTransaction,\n unlockWallet,\n updatePassword,\n };\n};\n","import { WalletProviderEnum } from '@dynamic-labs/sdk-api-core';\n\nimport type { DynamicClient } from '../../../client/types';\nimport { getChainFromVerifiedCredentialChain } from '../../../utils/getChainFromVerifiedCredentialChain';\nimport type { Chain } from '../../chain';\nimport { DYNAMIC_WAAS_METADATA } from '../constants';\n\ntype GetAllUserWaasAddressesForChainParams = {\n chain: Chain;\n};\n\n/** @not-instrumented */\nexport const getAllUserWaasAddressesForChain = (\n { chain }: GetAllUserWaasAddressesForChainParams,\n client: DynamicClient\n): string[] => {\n if (!client.user) {\n return [];\n }\n\n const waasWalletCredentials =\n client.user.verifiedCredentials.filter(\n (credential) =>\n credential.walletProvider === WalletProviderEnum.EmbeddedWallet &&\n credential.walletName\n ?.toLowerCase()\n .startsWith(DYNAMIC_WAAS_METADATA.normalizedWalletName) &&\n credential.address &&\n credential.chain &&\n getChainFromVerifiedCredentialChain(credential.chain) === chain\n ) ?? [];\n\n const waasAddresses: string[] = waasWalletCredentials.map(\n // casting because we're already filtering out credentials without an address\n (credential) => credential.address as string\n );\n\n return waasAddresses;\n};\n","import { assertPackageVersion } from '@dynamic-labs-sdk/assert-package-version';\n\nimport {\n name as packageName,\n version as packageVersion,\n} from '../../package.json';\nassertPackageVersion(packageName, packageVersion);\n\nexport type {\n BitcoinNetwork,\n DynamicWalletClient,\n ThresholdSignatureScheme\n} from '@dynamic-labs-wallet/browser-wallet-client';\nexport { DYNAMIC_WAAS_METADATA } from '../modules/waas/constants';\nexport { createWaasClient } from '../modules/waas/createWaasClient';\nexport { createWaasProvider } from '../modules/waas/createWaasProvider';\nexport { getAllUserWaasAddressesForChain } from '../modules/waas/getAllUserWaasAddressesForChain';\nexport { getWaasChainNameFromChain } from '../modules/waas/getWaasChainNameFromChain';\nexport type {\n WaasProvider,\n WaasWalletProvider\n} from '../modules/waas/waas.types';\n\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAgBA,IAAa,yBAAb,cAA4C,UAAU;CACpD,YAAY,EAAE,QAAQ,SAAuC,EAAE,EAAE;AAC/D,QAAM;GACJ;GACA,MAAM;GACN,SACE;GACF,SAAS;GACT,MAAM;GACN,cAAc;GACf,CAAC;;;;;;ACaN,mCAAe,oBAAoB,IAAU,uBAAuB;;;;;;;;;;ACJpE,IAAa,yBAAb,cAA4C,UAAU;CACpD,AAAS;CACT,AAAS;CACT,AAAS;CAET,YAAY,EACV,QACA,cACA,QAAQ,MACR,YACA,mBAC+B;AAC/B,QAAM;GACJ;GACA,MAAM;GACN,SAAS;GACT,SAAS;GACT,MAAM;GACN;GACD,CAAC;AACF,OAAK,SAAS;AACd,OAAK,aAAa;AAClB,OAAK,kBAAkB;;;;;;ACjD3B,MAAMA,wBAAkE;CACtE,mBAAmB;CACnB,oCAAoC;CACpC,oBAAoB;CACpB,uBAAuB;CACvB,qBAAqB;CACrB,2BAA2B;CAC3B,sBAAsB;CACtB,qBAAqB;CACtB;;;;;;;;;;;;;;;;AA6BD,MAAa,4BACX,QAC2B;CAC3B,MAAM,YAAa,OAAO,EAAE;CAM5B,MAAM,yBACJ,SAEA,QAAQ,UAAa,QAAQ;CAE/B,MAAMC,SAAmC,sBAAsB,UAAU,KAAK,GAC1E,sBAAsB,UAAU,QAChC;AACJ,QAAO,IAAI,uBAAuB;EAChC,OAAO,eAAe,QAAQ,MAAM;EACpC;EACA,cACE,UAAU,WAAW,+BAA+B,OAAO;EAC7D,YAAY,UAAU,UAAU;EAChC,iBAAiB,UAAU,UAAU;EACtC,CAAC;;;;;AC/DJ,MAAM,qBAAqB;AAC3B,MAAM,qBAAqB;AAO3B,MAAM,2BACJ,GAAG,KAAK,KAAK,CAAC,SAAS,GAAG,CAAC,GAAG,OAAO,YAAY;;;;;;;;;AAUnD,MAAa,+BAAiD;AAC5D,KAAI,CAACC,6BACH,OAAM,IAAI,2BAA2B,EAAE,YAAY,oBAAoB,CAAC;CAG1E,MAAM,eAAeA;CACrB,MAAM,aAAa,oBAAoB;CAKvC,MAAM,UAAU,IAAI,mBAClB,aAGD;CAOD,MAAMC,kBAAkD,EAAE;CAC1D,MAAMC,gBAAiD,EAAE;CACzD,IAAIC,eAA8C;CAClD,IAAI,YAAY;CAEhB,MAAM,aAAa,QAAuB;AACxC,MAAI,UAAW;EACf,MAAM,aAAa,yBAAyB,IAAI;AAKhD,MAAI,WAAW,WAAW,YAAa;AACvC,OAAK,MAAM,WAAW,cACpB,SAAQ,WAAW;;AAIvB,QAAO;EACL,UAAU;AACR,OAAI,UAAW;AACf,eAAY;AAEZ,iBAAc,QAAQ;AACtB,kBAAe;AACf,mBAAgB,SAAS;AACzB,iBAAc,SAAS;AACvB,gBAAa,MAAM,WAAW;;EAGhC,eAAe,CAAC;EAIhB,QAAQ,SAAmC;AACzC,iBAAc,KAAK,QAAQ;AAC3B,gBAAa;IACX,MAAM,QAAQ,cAAc,QAAQ,QAAQ;AAC5C,QAAI,UAAU,GAAI,eAAc,OAAO,OAAO,EAAE;;;EAMpD,UAAU,SAAkC;AAC1C,mBAAgB,KAAK,QAAQ;AAE7B,oBAAiB,QAAQ,YACvB,qBACC,YAAgC;AAC/B,QAAI,QAAQ,eAAe,WAAY;AAEvC,SAAK,MAAM,MAAM,gBACf,IAAG,QAAQ,KAAK;KAGrB;AAID,gBAAa;IACX,MAAM,QAAQ,gBAAgB,QAAQ,QAAQ;AAC9C,QAAI,UAAU,GAAI,iBAAgB,OAAO,OAAO,EAAE;AAClD,QAAI,gBAAgB,WAAW,GAAG;AAChC,mBAAc,QAAQ;AACtB,oBAAe;;;;EAKrB,YAAY,MAA+B;AACzC,gBAAa,YAAY,YAAY,KAAK;;EAkB5C,MAAM,OAAO,KAAa;AACxB,gBAAa,KAAK,YAAY,IAAI,CAAC,MAAM,UAAU;;EAEtD;;;;;;;;;;;;;;;;;AC3GH,MAAM,6BAA6B,EACjC,YAAY,WAAW,gCACxB;;AAGD,MAAaC,oBAAsC,EAAE,aAAa,WAAW;CAC3E,MAAM,OAAO,QAAQ,OAAO;CAE5B,MAAM,2BAA2B,KAAK,MAAM;CAK5C,MAAM,sBAAsB,mBAC1B,GAAG,KAAK,cAAc,GAAG;AAE3B,QAAO,IAAI,oBACT;EACE,UAAW,gBAAgB,OAAO,GAAG,WAAW;EAChD,WAAW,OAAO,SAAS;EAC3B,aAAa,KAAK,cAAc,2BAA2B,QACzD,WACA,GACD;EACD,oBACE,OAAO,iBAAiB,IAAI,MAAM,YAClC;EACF;EACA,eAAe,KAAK;EACpB,YAAY,GAAG,gBAAgB,GAAG,KAAK;EACvC,GAAI,4BAA4B,SAC5B,EAAE,GACF,EAAE,0BAA0B;EACjC,EACD;EACE;EAIA,eAAe;GACb,mBAAmB,OAAO,mBAAmB;IAC3C,MAAM,SAAS,MAAM,mBAAmB,EACtC,SAAS,mBAAmB,eAAe,EAC5C,CAAC;AAEF,QAAI,CAAC,OACH,QAAO,EAAE;AAOX,QAAI;AACF,YAAO,KAAK,MAAM,OAAO,SAAS;aAC3B,OAAO;AACd,WAAM,IAAI,uBAAuB,EAC/B,OAAO,iBAAiB,QAAQ,QAAQ,MACzC,CAAC;;;GAIN,sBAAsB,OAAO,mBAAmB;AAC9C,UAAM,qBAAqB,EACzB,SAAS,mBAAmB,eAAe,EAC5C,CAAC;;GAGJ,mBAAmB,OAAO,gBAAgB,WAAW;AACnD,UAAM,mBAAmB,gBAAgB,KAAK,UAAU,OAAO,EAAE;KAC/D,GAAG;KACH,SAAS,mBAAmB,eAAe;KAC5C,CAAC;;GAEL;EACF,CACF;;;;;;ACxGH,MAAa,6BAA6B,UAAyB;AACjE,QAAO,gBAAgB,OAAO,yBAAyB;;;;;ACazD,MAAM,sCAAsC;;AAQ5C,MAAa,sBAAsB,EACjC,WACA,YAC4C;CAC5C,MAAM,SAAS,QAAQ,UAAU,CAAC;CAElC,IAAIC;CAIJ,MAAMC,gBAA+C,YAAY;AAC/D,MAAI,CAAC,aAAa;AAChB,iBAAc,iBACZ,EAAE,WAAW,0BAA0B,MAAM,EAAE,EAC/C,UACD;AACD,SAAM,YAAY,YAAY;;AAEhC,SAAO;;CAGT,MAAMC,+BACJ,OAAO,EAAE,wBAAwB,UAAU,oBAAoB;EAC7D,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;AAID,UAFmB,MAAM,eAAe,EAEtB,6BAA6B;GAC7C,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACD,CAAC;;CAGN,MAAMC,sBAA2D,OAC/D,OAAO,EAAE,KACN;AACH,SAAO,MAAM,4CAA4C;GACvD,eAAe,KAAK;GACpB,0BAA0B,KAAK;GAChC,CAAC;EAEF,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAa1E,SATmB,OAFA,MAAM,eAAe,EAEJ,oBAAoB;GACtD,WAAW,UAAU,SAAS;GAC9B,eAAe,KAAK;GACpB,UAAU,KAAK;GACf;GACA,0BACE,KAAK,4BAA4B,yBAAyB;GAC7D,CAAC;;CAKJ,MAAMC,oBAAuD,OAAO,EAClE,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,kBAAkB;GAClC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;CAGJ,MAAMC,wBAA+D,OAAO,EAC1E,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,SAFmB,MAAM,eAAe,EAEvB,sBAAsB;GACrC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;CAGJ,MAAMC,mBAAqD,OAAO,EAChE,kBACA,eACA,eACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;EAE1E,MAAM,aAAa,MAAM,eAAe;EAExC,MAAM,WAAW,MAAM,mCACrB,EAAE,WAAW,UAAU,kBAAkB,EACzC,UACD;EAKD,MAAM,sBAAsBC,iCAC1B,EAAE,OAAO,WAAW,cAAc,EAClC,UACD;AAED,QAAM,WAAW,iBAAiB;GAChC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACA;GACA;GACD,CAAC;;CAGJ,MAAMC,mCACJ,OAAO,EAAE,oBAAoB;EAC3B,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;AAID,SAFmB,MAAM,eAAe,EAEvB,UAAU;GACzB,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA,iBAAiB,gBAAgB;GAClC,CAAC;;CAGN,MAAMC,mBAAqD,OAAO,EAChE,YACA,2BAA2B,yBAAyB,iBAChD;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,SAFqB,MAAM,eAAe,EAEvB,iBAAiB;GAClC,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACD,CAAC;;CAGJ,MAAMC,6BACJ,OAAO,EAAE,UAAU,oBAAoB;EACrC,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;EAED,MAAM,eAAe,MAAM,eAAe;EAE1C,MAAM,WAAW,MAAM,mCACrB,EAAE,WAAW,UAAU,mBAAmB,EAC1C,UACD;AAED,SAAO,aAAa,2BAA2B;GAC7C,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACD,CAAC;;CAGN,MAAMC,mBAAqD,OAAO,EAChE,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,iBAAiB;GACjC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;CAGJ,MAAMC,+BACJ,OAAO,EAAE,UAAU,oBAAoB;EACrC,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;AAID,UAFmB,MAAM,eAAe,EAEtB,YAAY;GAC5B,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B,aAAa;GACb;GACD,CAAC;;CAGN,MAAMC,iBAAiD,OAAO,EAC5D,SACA,UACA,oBACI;AACJ,MAAI,QAAQ,WAAW,oCACrB,OAAM,IAAI,kBACR,mBAAmB,oCAAoC,kBACxD;EAGH,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;EAE1E,MAAM,WAAW,MAAM,mCACrB,EAAE,WAAW,UAAU,gBAAgB,EACvC,UACD;EAED,MAAM,sBAAsBN,iCAC1B,EAAE,OAAO,WAAW,YAAY,EAChC,UACD;AAcD,SAAO,EAAE,WAVS,OAFG,MAAM,eAAe,EAEL,eAAe;GAClD,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACA;GACA;GACD,CAAC,EAEkB;;CAGtB,MAAMO,UAAmC,OAAO,SAAS;AACvD,MAAI,CAAC,YACH;EAGF,MAAM,aAAa,MAAM,eAAe;AAWxC,MAAI,MAAM,WAAW,gBACnB,OAAM,WAAW,SAAS;AAE5B,gBAAc;;CAGhB,MAAMC,iBAAiD,OAAO,EAC5D,eACA,iBACA,kBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,eAAe;GAC/B,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B,kBAAkB;GAClB;GACA;GACD,CAAC;;CAGJ,MAAMC,cAA2C,OAAO,EACtD,SACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;EAE1E,MAAM,WAAW,MAAM,mCACrB,EAAE,WAAW,UAAU,gBAAgB,EACvC,UACD;EAED,MAAM,sBAAsBT,iCAC1B,EAAE,OAAO,WAAW,YAAY,EAChC,UACD;AAaD,SAAO,EAAE,WATS,OAFC,MAAM,eAAe,EAEL,YAAY;GAC7C,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACA;GACD,CAAC,EAEkB;;CAGtB,MAAMU,4BACJ,OAAO,EAAE,SAAS,uBAAuB,oBAAoB;EAC3D,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;EAED,MAAM,WAAW,MAAM,mCACrB,EAAE,WAAW,UAAU,gBAAgB,EACvC,UACD;EAED,MAAM,sBAAsBV,iCAC1B,EAAE,OAAO,WAAW,YAAY,EAChC,UACD;AAcD,SAAO,EAAE,WAVS,OAFC,MAAM,eAAe,EAEL,gBAAgB;GACjD,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACA,eAAe,cAAc;GAC7B;GACA,aAAa;GACd,CAAC,EAEkB;;CAGxB,MAAMW,yBACJ,OAAO,EAAE,oBAAoB;EAC3B,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;AAID,UAFmB,MAAM,eAAe,EAEtB,uBAAuB;GACvC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACD,CAAC;;CAGN,MAAMC,eAA6C,OAAO,EACxD,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,aAAa;GAC7B,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;AAGJ,QAAO;EACL;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACD;;;;;;ACjaH,MAAa,mCACX,EAAE,SACF,WACa;AACb,KAAI,CAAC,OAAO,KACV,QAAO,EAAE;AAoBX,SAhBE,OAAO,KAAK,oBAAoB,QAC7B,eACC,WAAW,mBAAmB,mBAAmB,kBACjD,WAAW,YACP,aAAa,CACd,WAAW,sBAAsB,qBAAqB,IACzD,WAAW,WACX,WAAW,SACX,oCAAoC,WAAW,MAAM,KAAK,MAC7D,IAAI,EAAE,EAE6C,KAEnD,eAAe,WAAW,QAC5B;;;;;AC7BH,qBAAqBC,MAAaC,QAAe"}
|
|
1
|
+
{"version":3,"file":"waasCore.native.esm.js","names":["REASON_BY_NATIVE_CODE: Record<string, WebViewLoadFailureReason>","reason: WebViewLoadFailureReason","NativeDynamicWebView","messageHandlers: Array<(data: unknown) => void>","errorHandlers: Array<(error: unknown) => void>","subscription: { remove: () => void } | null","createWaasClient: CreateWaasClient","_waasClient: DynamicWalletClient | undefined","getWaasClient: WaasProvider['getWaasClient']","backupKeySharesToGoogleDrive: WaasProvider['backupKeySharesToGoogleDrive']","createWalletAccount: WaasProvider['createWalletAccount']","delegateKeyShares: WaasProvider['delegateKeyShares']","exportClientKeyshares: WaasProvider['exportClientKeyshares']","exportPrivateKey: WaasProvider['exportPrivateKey']","getElevatedAccessToken","restoreUserShareForWalletAccount: WaasProvider['restoreUserShareForWalletAccount']","importPrivateKey: WaasProvider['importPrivateKey']","refreshWalletAccountShares: WaasProvider['refreshWalletAccountShares']","revokeDelegation: WaasProvider['revokeDelegation']","setWaasWalletAccountPassword: WaasProvider['setWaasWalletAccountPassword']","signRawMessage: WaasProvider['signRawMessage']","destroy: WaasProvider['destroy']","updatePassword: WaasProvider['updatePassword']","signMessage: WaasProvider['signMessage']","signSerializedTransaction: WaasProvider['signSerializedTransaction']","getWalletRecoveryState: WaasProvider['getWalletRecoveryState']","unlockWallet: WaasProvider['unlockWallet']","packageName","packageVersion"],"sources":["../src/errors/CorruptedKeyShareError.ts","../src/turboModules/NativeDynamicWebView.ts","../src/errors/WebViewLoadFailedError.ts","../src/modules/waas/createWaasClient/translateNativeOpenError.ts","../src/modules/waas/createWaasClient/createNativeWaasSDKContainer.native.ts","../src/modules/waas/createWaasClient/createWaasSDKContainer.native.ts","../src/modules/waas/createWaasClient/createWaasClient.native.ts","../src/modules/waas/getWaasChainNameFromChain/getWaasChainNameFromChain.ts","../src/modules/waas/createWaasProvider/createWaasProvider.ts","../src/modules/waas/exportWaasPrivateKeyToContainer/exportWaasPrivateKeyToContainer.ts","../src/modules/waas/getAllUserWaasAddressesForChain/getAllUserWaasAddressesForChain.ts","../src/exports/waasCore.ts"],"sourcesContent":["import { BaseError } from './base';\n\ntype CorruptedKeyShareErrorParams = {\n cause?: Error | null;\n};\n\n/**\n * Thrown when a persisted client key share cannot be parsed back into its\n * structured form (e.g. a partially-written or corrupted keychain entry).\n *\n * Surfaced as a typed error rather than swallowed so callers can distinguish\n * \"no key share stored\" (empty result) from \"key share exists but is\n * unreadable\" — the latter must never be silently treated as the former,\n * which could trigger an unintended re-keygen that overwrites recoverable\n * material.\n */\nexport class CorruptedKeyShareError extends BaseError {\n constructor({ cause = null }: CorruptedKeyShareErrorParams = {}) {\n super({\n cause,\n code: 'corrupted_key_share_error',\n details:\n 'The stored client key share could not be parsed. The secure storage entry may be partially written or corrupted.',\n docsUrl: null,\n name: 'CorruptedKeyShareError',\n shortMessage: 'Stored client key share is corrupted and cannot be read.',\n });\n }\n}\n","// This file is a TurboModule spec consumed by React Native codegen.\n// The `interface`, `default export`, and the `react-native` import are hard\n// requirements of the codegen parser and intentionally deviate from the\n// project's conventions. Codegen discovers specs by the `Native*` filename\n// prefix, so this file cannot be renamed to `.native.ts`.\n\nimport { type TurboModule, TurboModuleRegistry } from 'react-native';\nimport type { UnsafeObject } from 'react-native/Libraries/Types/CodegenTypes';\n\nexport interface Spec extends TurboModule {\n addListener(eventName: string): void;\n close(instanceId: string): void;\n /**\n * Creates a WKWebView for the given instanceId and begins loading `url`.\n *\n * Resolves on `didCommit` — i.e. the first byte of a 2xx/3xx HTTP\n * response has been received and content parsing has started. Page-ready\n * (e.g. the hosted iframe's `iframe-ready-*` handshake) is a separate\n * concern and must be observed by the caller via the message bus; this\n * Promise does not wait for it.\n *\n * Rejects with a `code` of `webview_<reason>` where `<reason>` is one of:\n * - `invalid_url` — URL string was not parseable\n * - `no_host_view` — no foreground window to attach the WebView\n * - `http_error` — response status was >= 400 (userInfo contains `DynamicWebViewStatusCode`)\n * - `navigation_failed` — DNS, TLS, connection failure, or post-commit abort\n * - `cancelled` — `close(instanceId)` was called while this open was pending\n * - `instance_busy` — `open` was called for an instanceId that already has an active WebView\n * - `content_process_terminated` — the WKWebView WebContent process died during load\n * - `unsupported` — the device's Android System WebView is too old to support the secure bridge (Android only)\n *\n * rejection codes into typed `WebViewLoadFailedError` instances.\n */\n open(instanceId: string, url: string): Promise<void>;\n removeListeners(count: number): void;\n sendMessage(instanceId: string, data: UnsafeObject): void;\n}\n\n// eslint-disable-next-line import/no-default-export\nexport default TurboModuleRegistry.get<Spec>('DynamicClientWebView');\n","import { BaseError } from './base/BaseError';\n\n/**\n * Discriminator for `WebViewLoadFailedError`. Identifies the specific\n * failure mode so callers can branch on it (e.g. retry on transient\n * navigation failures, abort on invalid URL, treat HTTP errors distinct\n * from network errors).\n */\nexport type WebViewLoadFailureReason =\n | 'invalid_url'\n | 'no_host_view'\n | 'http_error'\n | 'navigation_failed'\n | 'cancelled'\n | 'instance_busy'\n | 'content_process_terminated'\n | 'unsupported';\n\ntype WebViewLoadFailedErrorParams = {\n cause?: Error | null;\n reason: WebViewLoadFailureReason;\n shortMessage: string;\n /** HTTP response status code. Populated only when `reason === 'http_error'`. */\n statusCode?: number;\n /** Underlying OS-level error description (e.g. `NSURLErrorDomain`\n * localizedDescription). Populated for `reason === 'navigation_failed'`. */\n underlyingError?: string;\n};\n\n/**\n * Thrown when `DynamicWebView.open()` (via the WaaS transport provider)\n * fails to establish a usable load. Inspect `reason` to distinguish the\n * failure mode; `statusCode` and `underlyingError` provide structured\n * metadata for the cases that have it.\n */\nexport class WebViewLoadFailedError extends BaseError {\n readonly reason: WebViewLoadFailureReason;\n readonly statusCode: number | undefined;\n readonly underlyingError: string | undefined;\n\n constructor({\n reason,\n shortMessage,\n cause = null,\n statusCode,\n underlyingError,\n }: WebViewLoadFailedErrorParams) {\n super({\n cause,\n code: 'webview_load_failed_error',\n details: underlyingError,\n docsUrl: null,\n name: 'WebViewLoadFailedError',\n shortMessage,\n });\n this.reason = reason;\n this.statusCode = statusCode;\n this.underlyingError = underlyingError;\n }\n}\n","import {\n WebViewLoadFailedError,\n type WebViewLoadFailureReason,\n} from '../../../errors/WebViewLoadFailedError';\n\n// Maps the native-side RCT reject codes (emitted by DynamicWebView.mm) to the\n// JS-level discriminator on `WebViewLoadFailedError`. Keys must stay in sync\n// with the `Reason.*` strings in DynamicWebViewImpl.swift.\nconst REASON_BY_NATIVE_CODE: Record<string, WebViewLoadFailureReason> = {\n webview_cancelled: 'cancelled',\n webview_content_process_terminated: 'content_process_terminated',\n webview_http_error: 'http_error',\n webview_instance_busy: 'instance_busy',\n webview_invalid_url: 'invalid_url',\n webview_navigation_failed: 'navigation_failed',\n webview_no_host_view: 'no_host_view',\n webview_unsupported: 'unsupported',\n};\n\n// React Native serializes the native NSError's userInfo onto the JS Error as\n// `userInfo`. These keys must stay in sync with the `errorStatusCodeKey` /\n// `errorUnderlyingDescriptionKey` constants in DynamicWebViewImpl.swift.\ntype NativeRejection = {\n code?: string;\n message?: string;\n userInfo?: {\n DynamicWebViewStatusCode?: number;\n DynamicWebViewUnderlying?: string;\n };\n};\n\n/**\n * Translates a native `DynamicWebView.open()` rejection into a typed\n * `WebViewLoadFailedError`. Maps the native RCT reject code to the JS-level\n * `WebViewLoadFailureReason` discriminator (falling back to\n * `navigation_failed` for unrecognized codes) and carries through the\n * structured `statusCode` / `underlyingError` metadata.\n *\n * The `reason` it produces is the contract `createWaasSDKContainer` branches\n * on — notably `emitError` swallows `cancelled` because that code is only ever\n * produced by our own `close()` teardown (verified on both the iOS and Android\n * native sides). Keep `REASON_BY_NATIVE_CODE` in sync with the native reject\n * codes so that branching stays correct.\n *\n * @not-instrumented\n */\nexport const translateNativeOpenError = (\n err: unknown\n): WebViewLoadFailedError => {\n const rejection = (err ?? {}) as NativeRejection;\n\n // Must check the KEYS of REASON_BY_NATIVE_CODE (the `webview_*` native\n // codes), not its values (the JS-level reasons) — this is called with the\n // native code, so checking values made every code fall through to\n // `navigation_failed` and silently broke the `cancelled` swallow.\n const isNativeRejectionCode = (\n code: string | undefined\n ): code is keyof typeof REASON_BY_NATIVE_CODE =>\n code != undefined && code in REASON_BY_NATIVE_CODE;\n\n const reason: WebViewLoadFailureReason = isNativeRejectionCode(rejection.code)\n ? REASON_BY_NATIVE_CODE[rejection.code]\n : 'navigation_failed';\n return new WebViewLoadFailedError({\n cause: err instanceof Error ? err : null,\n reason,\n shortMessage:\n rejection.message ?? `DynamicWebView open failed (${reason}).`,\n statusCode: rejection.userInfo?.DynamicWebViewStatusCode,\n underlyingError: rejection.userInfo?.DynamicWebViewUnderlying,\n });\n};\n","import type { WaasSDKContainer } from '@dynamic-labs-wallet/core';\nimport { NativeEventEmitter } from 'react-native';\n\nimport { NativeModuleNotLinkedError } from '../../../errors/NativeModuleNotLinkedError';\nimport NativeDynamicWebView from '../../../turboModules/NativeDynamicWebView';\nimport { translateNativeOpenError } from './translateNativeOpenError';\n\nconst NATIVE_MODULE_NAME = 'DynamicClientWebView';\nconst MESSAGE_EVENT_NAME = 'dynamicBridgeMessage';\n\ntype BridgeEventPayload = {\n data: unknown;\n instanceId: string;\n};\n\n// The instance ID routes bridge messages to the right container, so it must be\n// globally unique. Use a crypto-random UUID (no Math.random) keyed by timestamp\n// for readability across app reloads.\nconst generateInstanceId = (): string =>\n `${Date.now().toString(36)}-${crypto.randomUUID()}`;\n\n/**\n * Creates a React Native `WaasSDKContainer` backed by a hidden, headless native\n * WebView (WKWebView on iOS, `android.webkit.WebView` on Android) hosted by the\n * `DynamicClientWebView` TurboModule. Each invocation returns an isolated\n * container with its own instance ID, native WebView, and message routing.\n *\n * Used for MPC operations (signing, key-share management) where there is\n * nothing for the user to see. The VISIBLE private-key export display is no\n * longer a native overlay — it is rendered by the `ExportPrivateKey` component\n * (`@dynamic-labs-sdk/react-native-embedded-wallet-export`) on top of\n * `react-native-webview`, so it scrolls and positions like any RN view.\n *\n * @not-instrumented\n */\nexport const createNativeWaasSDKContainer = (): WaasSDKContainer => {\n if (!NativeDynamicWebView) {\n throw new NativeModuleNotLinkedError({ moduleName: NATIVE_MODULE_NAME });\n }\n\n const nativeModule = NativeDynamicWebView;\n const instanceId = generateInstanceId();\n // Construct the emitter against the TurboModule itself — on New Arch,\n // `NativeModules[name]` can be a different compatibility-shim object,\n // and binding `addListener`/`removeListeners` on the wrong instance\n // leaves `startObserving` in the native emitter never firing.\n const emitter = new NativeEventEmitter(\n nativeModule as unknown as ConstructorParameters<typeof NativeEventEmitter>[0]\n );\n\n // IframeManager on the WaaS SDK calls `container.onMessage(handler)` twice\n // on the same container — once to wait for the `iframe-ready-*` handshake,\n // and once later from `setupWaasSDKContainerBridge` to forward transport\n // messages. Both handlers need to receive every message, so the container\n // fans out to all registered handlers instead of enforcing single-register.\n const messageHandlers: Array<(data: unknown) => void> = [];\n const errorHandlers: Array<(error: unknown) => void> = [];\n let subscription: { remove: () => void } | null = null;\n let destroyed = false;\n\n const emitError = (err: unknown): void => {\n if (destroyed) return;\n const translated = translateNativeOpenError(err);\n // `cancelled` is only ever produced by our own `close()` teardown path on\n // the native side. Surfacing it via onError would make consumers like\n // IframeManager interpret their own destroy as a load failure and retry\n // against a provider that no longer exists.\n if (translated.reason === 'cancelled') return;\n for (const handler of errorHandlers) {\n handler(translated);\n }\n };\n\n return {\n destroy() {\n if (destroyed) return;\n destroyed = true;\n\n subscription?.remove();\n subscription = null;\n messageHandlers.length = 0;\n errorHandlers.length = 0;\n nativeModule.close(instanceId);\n },\n\n isAlive: () => !destroyed,\n\n // Signature is dictated by the upstream WaasSDKContainer interface.\n // eslint-disable-next-line custom-rules/require-single-object-param\n onError(handler: (error: unknown) => void) {\n errorHandlers.push(handler);\n return () => {\n const index = errorHandlers.indexOf(handler);\n if (index !== -1) errorHandlers.splice(index, 1);\n };\n },\n\n // Signature is dictated by the upstream WaasSDKContainer interface.\n // eslint-disable-next-line custom-rules/require-single-object-param\n onMessage(handler: (data: unknown) => void) {\n messageHandlers.push(handler);\n\n subscription ??= emitter.addListener(\n MESSAGE_EVENT_NAME,\n (payload: BridgeEventPayload) => {\n if (payload.instanceId !== instanceId) return;\n\n for (const fn of messageHandlers) {\n fn(payload.data);\n }\n }\n );\n\n // WaaS client expects onMessage to return an unsubscribe function —\n // used e.g. to tear down the one-shot handshake handler.\n return () => {\n const index = messageHandlers.indexOf(handler);\n if (index !== -1) messageHandlers.splice(index, 1);\n if (messageHandlers.length === 0) {\n subscription?.remove();\n subscription = null;\n }\n };\n },\n\n sendMessage(data: Record<string, unknown>) {\n nativeModule.sendMessage(instanceId, data);\n },\n /**\n * Hands the URL off to the native WebView and resolves immediately.\n *\n * Per the `WaasSDKContainer` contract (see `@dynamic-labs-wallet/core`\n * types), `setUrl` resolves once the URL has been handed off to the\n * container — NOT when the page has finished loading. Load completion is\n * signalled later via the `iframe-ready-*` message on `onMessage`, and\n * navigation failures surface via `onError`. This dispatch-and-forget\n * shape is load-bearing: the WaaS handshake sequencing expects `setUrl` to\n * resolve before the first message arrives, so the native open is\n * intentionally NOT awaited/returned — its rejection (HTTP errors,\n * navigation failures, preflight errors, etc.) is routed through\n * `emitError` instead. Do not change this to `return nativeModule.open(...)`.\n */\n // Signature is dictated by the upstream WaasSDKContainer interface.\n // eslint-disable-next-line custom-rules/require-single-object-param\n async setUrl(url: string) {\n nativeModule.open(instanceId, url).catch(emitError);\n },\n };\n};\n","import type { WaasSDKContainer } from '@dynamic-labs-wallet/core';\n\nimport { createNativeWaasSDKContainer } from './createNativeWaasSDKContainer.native';\n\n/**\n * Creates a React Native `WaasSDKContainer` backed by a hidden, headless native\n * WebView (WKWebView on iOS, `android.webkit.WebView` on Android) hosted by the\n * `DynamicClientWebView` TurboModule. Used for MPC operations (signing, key-share\n * management) where there is nothing for the user to see.\n *\n * For the private-key export display — where the hosted page must render the\n * key for the user — use the `ExportPrivateKey` component from\n * `@dynamic-labs-sdk/react-native-embedded-wallet-export`, which renders the\n * key inside a `react-native-webview` instead of a native overlay.\n *\n * @not-instrumented\n */\nexport const createWaasSDKContainer = (): WaasSDKContainer =>\n createNativeWaasSDKContainer();\n","import type { AuthMode } from '@dynamic-labs-wallet/browser-wallet-client';\nimport { DynamicWalletClient } from '@dynamic-labs-wallet/browser-wallet-client';\nimport type { SecureStorageAdapter } from '@dynamic-labs-wallet/core';\nimport {\n ACCESSIBLE,\n getGenericPassword,\n resetGenericPassword,\n setGenericPassword,\n} from 'react-native-keychain';\n\nimport { getCore } from '../../../client/core/getCore';\nimport { CorruptedKeyShareError } from '../../../errors/CorruptedKeyShareError';\nimport { CLIENT_SDK_NAME } from '../../apiClient/constants';\nimport { isCookieEnabled } from '../../projectSettings/isCookieEnabled';\nimport {\n DEFAULT_WAAS_BASE_API_URL,\n DEFAULT_WAAS_BASE_MPC_RELAY_API_URL,\n} from '../constants';\nimport type { CreateWaasClient } from './createWaasClient.types';\nimport { createWaasSDKContainer } from './createWaasSDKContainer.native';\n\n/**\n * Keychain security options for the client key share. The share is wallet\n * key material that cannot be re-derived locally, so the options are pinned\n * explicitly rather than inherited from `react-native-keychain` defaults\n * (which vary across versions and platforms).\n *\n * `WHEN_UNLOCKED_THIS_DEVICE_ONLY` keeps the share readable only while the\n * device is unlocked, excludes it from iCloud Keychain sync, and prevents it\n * migrating to a new device on encrypted-backup restore. It deliberately does\n * NOT set `accessControl` (e.g. biometry) — reads must not surface a Face ID /\n * passcode prompt, since the share is read on routine wallet operations.\n */\nconst KEY_SHARE_KEYCHAIN_OPTIONS = {\n accessible: ACCESSIBLE.WHEN_UNLOCKED_THIS_DEVICE_ONLY,\n} as const;\n\n/** @not-instrumented */\nexport const createWaasClient: CreateWaasClient = ({ chainName }, client) => {\n const core = getCore(client);\n\n const additionalTrustedOrigins = core.waas?.additionalTrustedOrigins;\n\n // Namespace the keychain service by environment so two environmentIds on the\n // same device (or two dApps that observe the same account) can't collide and\n // mix key shares. The account address alone is not unique across environments.\n const getKeyShareService = (accountAddress: string): string =>\n `${core.environmentId}:${accountAddress}`;\n\n return new DynamicWalletClient(\n {\n authMode: (isCookieEnabled(client) ? 'cookie' : 'header') as AuthMode,\n authToken: client.token || '',\n baseApiUrl: (core.apiBaseUrl || DEFAULT_WAAS_BASE_API_URL).replace(\n '/api/v0',\n ''\n ),\n baseMPCRelayApiUrl:\n client.projectSettings?.sdk.waas?.relayUrl ||\n DEFAULT_WAAS_BASE_MPC_RELAY_API_URL,\n chainName,\n environmentId: core.environmentId,\n // On React Native there is no real `window.location.origin`, so the hosted\n // iframe is told the app's universalLink as its host origin. This must be\n // allowlisted in the environment's CORS/allowed origins, just like a web\n // app's domain. Without it the WaaS server rejects the iframe load (400).\n hostOrigin: core.metadata?.universalLink,\n sdkVersion: `${CLIENT_SDK_NAME}/${core.version}`,\n ...(additionalTrustedOrigins == undefined\n ? {}\n : { additionalTrustedOrigins }),\n },\n {\n createWaasSDKContainer,\n // Typed as the upstream SecureStorageAdapter so the key-share method\n // signatures (and the `shares` payload type) stay compiler-enforced\n // against the WaaS SDK contract rather than re-declared locally.\n secureStorage: {\n getClientKeyShare: async (accountAddress) => {\n const result = await getGenericPassword({\n service: getKeyShareService(accountAddress),\n });\n\n if (!result) {\n return [];\n }\n\n // A corrupted or partially-written keychain entry makes JSON.parse\n // throw mid key-share load. Surface a typed error instead of an\n // unhandled rejection so callers can distinguish \"no share stored\"\n // (empty result above) from \"share exists but is unreadable\".\n try {\n return JSON.parse(result.password);\n } catch (cause) {\n throw new CorruptedKeyShareError({\n cause: cause instanceof Error ? cause : null,\n });\n }\n },\n\n removeClientKeyShare: async (accountAddress) => {\n await resetGenericPassword({\n service: getKeyShareService(accountAddress),\n });\n },\n\n setClientKeyShare: async (accountAddress, shares) => {\n await setGenericPassword(accountAddress, JSON.stringify(shares), {\n ...KEY_SHARE_KEYCHAIN_OPTIONS,\n service: getKeyShareService(accountAddress),\n });\n },\n } satisfies SecureStorageAdapter,\n }\n );\n};\n","import type { Chain } from '../../chain';\nimport { CHAINS_INFO_MAP } from '../../wallets/constants';\n\n/** @not-instrumented */\n// eslint-disable-next-line custom-rules/require-single-object-param\nexport const getWaasChainNameFromChain = (chain: Chain): string => {\n return CHAINS_INFO_MAP[chain].waasChainNameOverride || chain;\n};\n","import {\n type BitcoinConfig,\n type DynamicWalletClient,\n ThresholdSignatureScheme,\n WalletOperation,\n} from '@dynamic-labs-wallet/browser-wallet-client';\nimport { MFAAction, TokenScope } from '@dynamic-labs/sdk-api-core';\n\nimport { getCore } from '../../../client/core/getCore';\nimport type { DynamicClient } from '../../../client/types/DynamicClient';\nimport { InvalidParamError } from '../../../errors/InvalidParamError';\nimport { getElevatedAccessToken } from '../../auth/getElevatedAccessToken';\nimport type { Chain } from '../../chain';\nimport { consumeMfaTokenIfRequiredForAction } from '../../mfa/consumeMfaTokenIfRequiredForAction';\nimport { getSignedSessionId } from '../../sessionKeys/getSignedSessionId';\nimport { createWaasClient } from '../createWaasClient';\nimport { getWaasChainNameFromChain } from '../getWaasChainNameFromChain';\nimport type { WaasProvider } from '../waas.types';\n\nconst RAW_MESSAGE_MESSAGE_REQUIRED_LENGTH = 64;\n\ntype CreateWaasProviderParams = {\n chain: Chain;\n sdkClient: DynamicClient;\n};\n\n/** @not-instrumented */\nexport const createWaasProvider = ({\n sdkClient,\n chain,\n}: CreateWaasProviderParams): WaasProvider => {\n const logger = getCore(sdkClient).logger;\n\n let _waasClient: DynamicWalletClient | undefined;\n\n // because the waas client needs the authToken to be set, we can only create it\n // the first time it's needed, which is after the user has logged in\n const getWaasClient: WaasProvider['getWaasClient'] = async () => {\n if (!_waasClient) {\n _waasClient = createWaasClient(\n { chainName: getWaasChainNameFromChain(chain) },\n sdkClient\n );\n await _waasClient.initialize();\n }\n return _waasClient;\n };\n\n const backupKeySharesToGoogleDrive: WaasProvider['backupKeySharesToGoogleDrive'] =\n async ({ googleDriveAccessToken, password, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n return waasClient.backupKeySharesToGoogleDrive({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n googleDriveAccessToken,\n password,\n signedSessionId,\n });\n };\n\n const createWalletAccount: WaasProvider['createWalletAccount'] = async (\n args = {}\n ) => {\n logger.debug('[createWaasProvider] createWalletAccount', {\n bitcoinConfig: args.bitcoinConfig,\n thresholdSignatureScheme: args.thresholdSignatureScheme,\n });\n\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n const waasWallet = await waasClient.createWalletAccount({\n authToken: sdkClient.token ?? undefined,\n bitcoinConfig: args.bitcoinConfig as BitcoinConfig | undefined,\n password: args.password,\n signedSessionId,\n thresholdSignatureScheme:\n args.thresholdSignatureScheme ?? ThresholdSignatureScheme.TWO_OF_TWO,\n });\n\n return waasWallet;\n };\n\n const delegateKeyShares: WaasProvider['delegateKeyShares'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.delegateKeyShares({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n const exportClientKeyshares: WaasProvider['exportClientKeyshares'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n await waasClient.exportClientKeyshares({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n const exportPrivateKey: WaasProvider['exportPrivateKey'] = async ({\n container,\n displayContainer,\n walletAccount,\n password,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasExport },\n sdkClient\n );\n\n // Forward any elevated access token previously obtained via step-up\n // (e.g. requestExternalAuthElevatedToken) so the backend authorizes\n // the export under the wallet:export scope.\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletexport },\n sdkClient\n );\n\n await waasClient.exportPrivateKey({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n // Exactly one display surface is forwarded: `container` (a\n // WaasSDKContainer, e.g. a React Native visible WebView) or\n // `displayContainer` (a DOM element, web). The upstream client enforces\n // the \"exactly one\" invariant and renders the key inside the surface's\n // own sandboxed document — it never crosses back to the host.\n container,\n displayContainer,\n elevatedAccessToken,\n mfaToken,\n password,\n signedSessionId,\n });\n };\n\n const restoreUserShareForWalletAccount: WaasProvider['restoreUserShareForWalletAccount'] =\n async ({ walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n await waasClient.getWallet({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n signedSessionId,\n walletOperation: WalletOperation.SIGN_MESSAGE,\n });\n };\n\n const importPrivateKey: WaasProvider['importPrivateKey'] = async ({\n privateKey,\n thresholdSignatureScheme = ThresholdSignatureScheme.TWO_OF_TWO,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const walletClient = await getWaasClient();\n\n await walletClient.importPrivateKey({\n authToken: sdkClient.token ?? undefined,\n privateKey,\n signedSessionId,\n thresholdSignatureScheme,\n });\n };\n\n const refreshWalletAccountShares: WaasProvider['refreshWalletAccountShares'] =\n async ({ password, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const walletClient = await getWaasClient();\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasRefresh },\n sdkClient\n );\n\n return walletClient.refreshWalletAccountShares({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n mfaToken,\n password,\n signedSessionId,\n });\n };\n\n const revokeDelegation: WaasProvider['revokeDelegation'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.revokeDelegation({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n const setWaasWalletAccountPassword: WaasProvider['setWaasWalletAccountPassword'] =\n async ({ password, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n return waasClient.setPassword({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n newPassword: password,\n signedSessionId,\n });\n };\n\n const signRawMessage: WaasProvider['signRawMessage'] = async ({\n message,\n password,\n walletAccount,\n }) => {\n if (message.length !== RAW_MESSAGE_MESSAGE_REQUIRED_LENGTH) {\n throw new InvalidParamError(\n `Message must be ${RAW_MESSAGE_MESSAGE_REQUIRED_LENGTH} characters long`\n );\n }\n\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasSign },\n sdkClient\n );\n\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletsign },\n sdkClient\n );\n\n const walletClient = await getWaasClient();\n\n const signature = await walletClient.signRawMessage({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n elevatedAccessToken,\n message,\n mfaToken,\n password,\n signedSessionId,\n });\n\n return { signature };\n };\n\n const destroy: WaasProvider['destroy'] = async (args) => {\n if (!_waasClient) {\n return;\n }\n\n const waasClient = await getWaasClient();\n // When a session token expires, we preserve key shares in storage instead\n // of clearing them. Customers with short-lived sessions (minutes) were\n // hitting excessive server-side share recovery on every re-login, which\n // also forced users to re-enter their wallet password since the unlocked\n // share only lives for the duration of the session.\n //\n // This is safe because the waas-sdk separately fingerprints the user\n // (sub + environment_id) and clears all storage if a different user logs\n // in. On explicit user-initiated logout, shares are always cleared for\n // security.\n if (args?.reason !== 'token-expired') {\n await waasClient.cleanup();\n }\n _waasClient = undefined;\n };\n\n const updatePassword: WaasProvider['updatePassword'] = async ({\n walletAccount,\n currentPassword,\n newPassword,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.updatePassword({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n existingPassword: currentPassword,\n newPassword,\n signedSessionId,\n });\n };\n\n const signMessage: WaasProvider['signMessage'] = async ({\n message,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasSign },\n sdkClient\n );\n\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletsign },\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n const signature = await waasClient.signMessage({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n elevatedAccessToken,\n message,\n mfaToken,\n signedSessionId,\n });\n\n return { signature };\n };\n\n const signSerializedTransaction: WaasProvider['signSerializedTransaction'] =\n async ({ chainId, serializedTransaction, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasSign },\n sdkClient\n );\n\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletsign },\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n const signature = await waasClient.signTransaction({\n authToken: sdkClient.token ?? undefined,\n chainId,\n elevatedAccessToken,\n mfaToken,\n senderAddress: walletAccount.address,\n signedSessionId,\n transaction: serializedTransaction,\n });\n\n return { signature };\n };\n\n const getWalletRecoveryState: WaasProvider['getWalletRecoveryState'] =\n async ({ walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n return waasClient.getWalletRecoveryState({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n signedSessionId,\n });\n };\n\n const unlockWallet: WaasProvider['unlockWallet'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.unlockWallet({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n return {\n backupKeySharesToGoogleDrive,\n createWalletAccount,\n delegateKeyShares,\n destroy,\n exportClientKeyshares,\n exportPrivateKey,\n getWaasClient,\n getWalletRecoveryState,\n importPrivateKey,\n refreshWalletAccountShares,\n restoreUserShareForWalletAccount,\n revokeDelegation,\n setWaasWalletAccountPassword,\n signMessage,\n signRawMessage,\n signSerializedTransaction,\n unlockWallet,\n updatePassword,\n };\n};\n","import type { WaasSDKContainer } from '@dynamic-labs-wallet/core';\n\nimport type { DynamicClient } from '../../../client/types/DynamicClient';\nimport type { WalletAccount } from '../../wallets/walletAccount';\nimport { getWaasWalletProviderFromWalletAccount } from '../getWaasWalletProviderFromWalletAccount';\n\ntype ExportWaasPrivateKeyToContainerParams = {\n container: WaasSDKContainer;\n password?: string;\n walletAccount: WalletAccount;\n};\n\n/**\n * Exports the private key for a WaaS wallet account into a caller-provided\n * {@link WaasSDKContainer} (e.g. a visible React Native WebView) instead of a\n * DOM element.\n *\n * This is the container-based counterpart to `exportWaasPrivateKey` (which\n * injects an iframe into a DOM `displayContainer` on web). The export ceremony\n * runs — and the private key is rendered — entirely inside the container's own\n * sandboxed document; the key is never exposed to the host JS layer. The caller\n * owns the container's lifecycle and must call `container.destroy()` when the\n * display is dismissed.\n *\n * @param params.walletAccount - The WaaS wallet account to export the private key from.\n * @param params.container - The container that hosts the secure key display.\n * @param [params.password] - Optional password to decrypt the private key.\n * @param client - The Dynamic client instance. This is an internal API (exposed\n * only via `@dynamic-labs-sdk/client/waas/core`), so the client is passed\n * explicitly rather than defaulted — callers resolve it (e.g. via\n * `getDefaultClient()`) and thread it in.\n * @returns A promise that resolves when the private key export is complete.\n * @not-instrumented\n */\nexport const exportWaasPrivateKeyToContainer = async (\n { container, password, walletAccount }: ExportWaasPrivateKeyToContainerParams,\n client: DynamicClient\n) => {\n const provider = getWaasWalletProviderFromWalletAccount(\n { walletAccount },\n client\n );\n\n return provider.exportPrivateKey({\n container,\n password,\n walletAccount,\n });\n};\n","import { WalletProviderEnum } from '@dynamic-labs/sdk-api-core';\n\nimport type { DynamicClient } from '../../../client/types';\nimport { getChainFromVerifiedCredentialChain } from '../../../utils/getChainFromVerifiedCredentialChain';\nimport type { Chain } from '../../chain';\nimport { DYNAMIC_WAAS_METADATA } from '../constants';\n\ntype GetAllUserWaasAddressesForChainParams = {\n chain: Chain;\n};\n\n/** @not-instrumented */\nexport const getAllUserWaasAddressesForChain = (\n { chain }: GetAllUserWaasAddressesForChainParams,\n client: DynamicClient\n): string[] => {\n if (!client.user) {\n return [];\n }\n\n const waasWalletCredentials =\n client.user.verifiedCredentials.filter(\n (credential) =>\n credential.walletProvider === WalletProviderEnum.EmbeddedWallet &&\n credential.walletName\n ?.toLowerCase()\n .startsWith(DYNAMIC_WAAS_METADATA.normalizedWalletName) &&\n credential.address &&\n credential.chain &&\n getChainFromVerifiedCredentialChain(credential.chain) === chain\n ) ?? [];\n\n const waasAddresses: string[] = waasWalletCredentials.map(\n // casting because we're already filtering out credentials without an address\n (credential) => credential.address as string\n );\n\n return waasAddresses;\n};\n","import { assertPackageVersion } from '@dynamic-labs-sdk/assert-package-version';\n\nimport {\n name as packageName,\n version as packageVersion,\n} from '../../package.json';\nassertPackageVersion(packageName, packageVersion);\n\nexport type {\n BitcoinNetwork,\n DynamicWalletClient,\n ThresholdSignatureScheme\n} from '@dynamic-labs-wallet/browser-wallet-client';\nexport type { WaasSDKContainer } from '@dynamic-labs-wallet/core';\nexport { DYNAMIC_WAAS_METADATA } from '../modules/waas/constants';\nexport { createWaasClient } from '../modules/waas/createWaasClient';\nexport { createWaasProvider } from '../modules/waas/createWaasProvider';\nexport { exportWaasPrivateKeyToContainer } from '../modules/waas/exportWaasPrivateKeyToContainer';\nexport { getAllUserWaasAddressesForChain } from '../modules/waas/getAllUserWaasAddressesForChain';\nexport { getWaasChainNameFromChain } from '../modules/waas/getWaasChainNameFromChain';\nexport type {\n WaasProvider,\n WaasWalletProvider\n} from '../modules/waas/waas.types';\n\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;AAgBA,IAAa,yBAAb,cAA4C,UAAU;CACpD,YAAY,EAAE,QAAQ,SAAuC,EAAE,EAAE;AAC/D,QAAM;GACJ;GACA,MAAM;GACN,SACE;GACF,SAAS;GACT,MAAM;GACN,cAAc;GACf,CAAC;;;;;;ACaN,mCAAe,oBAAoB,IAAU,uBAAuB;;;;;;;;;;ACJpE,IAAa,yBAAb,cAA4C,UAAU;CACpD,AAAS;CACT,AAAS;CACT,AAAS;CAET,YAAY,EACV,QACA,cACA,QAAQ,MACR,YACA,mBAC+B;AAC/B,QAAM;GACJ;GACA,MAAM;GACN,SAAS;GACT,SAAS;GACT,MAAM;GACN;GACD,CAAC;AACF,OAAK,SAAS;AACd,OAAK,aAAa;AAClB,OAAK,kBAAkB;;;;;;ACjD3B,MAAMA,wBAAkE;CACtE,mBAAmB;CACnB,oCAAoC;CACpC,oBAAoB;CACpB,uBAAuB;CACvB,qBAAqB;CACrB,2BAA2B;CAC3B,sBAAsB;CACtB,qBAAqB;CACtB;;;;;;;;;;;;;;;;AA6BD,MAAa,4BACX,QAC2B;CAC3B,MAAM,YAAa,OAAO,EAAE;CAM5B,MAAM,yBACJ,SAEA,QAAQ,UAAa,QAAQ;CAE/B,MAAMC,SAAmC,sBAAsB,UAAU,KAAK,GAC1E,sBAAsB,UAAU,QAChC;AACJ,QAAO,IAAI,uBAAuB;EAChC,OAAO,eAAe,QAAQ,MAAM;EACpC;EACA,cACE,UAAU,WAAW,+BAA+B,OAAO;EAC7D,YAAY,UAAU,UAAU;EAChC,iBAAiB,UAAU,UAAU;EACtC,CAAC;;;;;AC/DJ,MAAM,qBAAqB;AAC3B,MAAM,qBAAqB;AAU3B,MAAM,2BACJ,GAAG,KAAK,KAAK,CAAC,SAAS,GAAG,CAAC,GAAG,OAAO,YAAY;;;;;;;;;;;;;;;AAgBnD,MAAa,qCAAuD;AAClE,KAAI,CAACC,6BACH,OAAM,IAAI,2BAA2B,EAAE,YAAY,oBAAoB,CAAC;CAG1E,MAAM,eAAeA;CACrB,MAAM,aAAa,oBAAoB;CAKvC,MAAM,UAAU,IAAI,mBAClB,aACD;CAOD,MAAMC,kBAAkD,EAAE;CAC1D,MAAMC,gBAAiD,EAAE;CACzD,IAAIC,eAA8C;CAClD,IAAI,YAAY;CAEhB,MAAM,aAAa,QAAuB;AACxC,MAAI,UAAW;EACf,MAAM,aAAa,yBAAyB,IAAI;AAKhD,MAAI,WAAW,WAAW,YAAa;AACvC,OAAK,MAAM,WAAW,cACpB,SAAQ,WAAW;;AAIvB,QAAO;EACL,UAAU;AACR,OAAI,UAAW;AACf,eAAY;AAEZ,iBAAc,QAAQ;AACtB,kBAAe;AACf,mBAAgB,SAAS;AACzB,iBAAc,SAAS;AACvB,gBAAa,MAAM,WAAW;;EAGhC,eAAe,CAAC;EAIhB,QAAQ,SAAmC;AACzC,iBAAc,KAAK,QAAQ;AAC3B,gBAAa;IACX,MAAM,QAAQ,cAAc,QAAQ,QAAQ;AAC5C,QAAI,UAAU,GAAI,eAAc,OAAO,OAAO,EAAE;;;EAMpD,UAAU,SAAkC;AAC1C,mBAAgB,KAAK,QAAQ;AAE7B,oBAAiB,QAAQ,YACvB,qBACC,YAAgC;AAC/B,QAAI,QAAQ,eAAe,WAAY;AAEvC,SAAK,MAAM,MAAM,gBACf,IAAG,QAAQ,KAAK;KAGrB;AAID,gBAAa;IACX,MAAM,QAAQ,gBAAgB,QAAQ,QAAQ;AAC9C,QAAI,UAAU,GAAI,iBAAgB,OAAO,OAAO,EAAE;AAClD,QAAI,gBAAgB,WAAW,GAAG;AAChC,mBAAc,QAAQ;AACtB,oBAAe;;;;EAKrB,YAAY,MAA+B;AACzC,gBAAa,YAAY,YAAY,KAAK;;EAkB5C,MAAM,OAAO,KAAa;AACxB,gBAAa,KAAK,YAAY,IAAI,CAAC,MAAM,UAAU;;EAEtD;;;;;;;;;;;;;;;;;;AClIH,MAAa,+BACX,8BAA8B;;;;;;;;;;;;;;;;ACehC,MAAM,6BAA6B,EACjC,YAAY,WAAW,gCACxB;;AAGD,MAAaC,oBAAsC,EAAE,aAAa,WAAW;CAC3E,MAAM,OAAO,QAAQ,OAAO;CAE5B,MAAM,2BAA2B,KAAK,MAAM;CAK5C,MAAM,sBAAsB,mBAC1B,GAAG,KAAK,cAAc,GAAG;AAE3B,QAAO,IAAI,oBACT;EACE,UAAW,gBAAgB,OAAO,GAAG,WAAW;EAChD,WAAW,OAAO,SAAS;EAC3B,aAAa,KAAK,cAAc,2BAA2B,QACzD,WACA,GACD;EACD,oBACE,OAAO,iBAAiB,IAAI,MAAM,YAClC;EACF;EACA,eAAe,KAAK;EAKpB,YAAY,KAAK,UAAU;EAC3B,YAAY,GAAG,gBAAgB,GAAG,KAAK;EACvC,GAAI,4BAA4B,SAC5B,EAAE,GACF,EAAE,0BAA0B;EACjC,EACD;EACE;EAIA,eAAe;GACb,mBAAmB,OAAO,mBAAmB;IAC3C,MAAM,SAAS,MAAM,mBAAmB,EACtC,SAAS,mBAAmB,eAAe,EAC5C,CAAC;AAEF,QAAI,CAAC,OACH,QAAO,EAAE;AAOX,QAAI;AACF,YAAO,KAAK,MAAM,OAAO,SAAS;aAC3B,OAAO;AACd,WAAM,IAAI,uBAAuB,EAC/B,OAAO,iBAAiB,QAAQ,QAAQ,MACzC,CAAC;;;GAIN,sBAAsB,OAAO,mBAAmB;AAC9C,UAAM,qBAAqB,EACzB,SAAS,mBAAmB,eAAe,EAC5C,CAAC;;GAGJ,mBAAmB,OAAO,gBAAgB,WAAW;AACnD,UAAM,mBAAmB,gBAAgB,KAAK,UAAU,OAAO,EAAE;KAC/D,GAAG;KACH,SAAS,mBAAmB,eAAe;KAC5C,CAAC;;GAEL;EACF,CACF;;;;;;AC7GH,MAAa,6BAA6B,UAAyB;AACjE,QAAO,gBAAgB,OAAO,yBAAyB;;;;;ACazD,MAAM,sCAAsC;;AAQ5C,MAAa,sBAAsB,EACjC,WACA,YAC4C;CAC5C,MAAM,SAAS,QAAQ,UAAU,CAAC;CAElC,IAAIC;CAIJ,MAAMC,gBAA+C,YAAY;AAC/D,MAAI,CAAC,aAAa;AAChB,iBAAc,iBACZ,EAAE,WAAW,0BAA0B,MAAM,EAAE,EAC/C,UACD;AACD,SAAM,YAAY,YAAY;;AAEhC,SAAO;;CAGT,MAAMC,+BACJ,OAAO,EAAE,wBAAwB,UAAU,oBAAoB;EAC7D,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;AAID,UAFmB,MAAM,eAAe,EAEtB,6BAA6B;GAC7C,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACD,CAAC;;CAGN,MAAMC,sBAA2D,OAC/D,OAAO,EAAE,KACN;AACH,SAAO,MAAM,4CAA4C;GACvD,eAAe,KAAK;GACpB,0BAA0B,KAAK;GAChC,CAAC;EAEF,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAa1E,SATmB,OAFA,MAAM,eAAe,EAEJ,oBAAoB;GACtD,WAAW,UAAU,SAAS;GAC9B,eAAe,KAAK;GACpB,UAAU,KAAK;GACf;GACA,0BACE,KAAK,4BAA4B,yBAAyB;GAC7D,CAAC;;CAKJ,MAAMC,oBAAuD,OAAO,EAClE,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,kBAAkB;GAClC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;CAGJ,MAAMC,wBAA+D,OAAO,EAC1E,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,SAFmB,MAAM,eAAe,EAEvB,sBAAsB;GACrC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;CAGJ,MAAMC,mBAAqD,OAAO,EAChE,WACA,kBACA,eACA,eACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;EAE1E,MAAM,aAAa,MAAM,eAAe;EAExC,MAAM,WAAW,MAAM,mCACrB,EAAE,WAAW,UAAU,kBAAkB,EACzC,UACD;EAKD,MAAM,sBAAsBC,iCAC1B,EAAE,OAAO,WAAW,cAAc,EAClC,UACD;AAED,QAAM,WAAW,iBAAiB;GAChC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAM9B;GACA;GACA;GACA;GACA;GACA;GACD,CAAC;;CAGJ,MAAMC,mCACJ,OAAO,EAAE,oBAAoB;EAC3B,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;AAID,SAFmB,MAAM,eAAe,EAEvB,UAAU;GACzB,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA,iBAAiB,gBAAgB;GAClC,CAAC;;CAGN,MAAMC,mBAAqD,OAAO,EAChE,YACA,2BAA2B,yBAAyB,iBAChD;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,SAFqB,MAAM,eAAe,EAEvB,iBAAiB;GAClC,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACD,CAAC;;CAGJ,MAAMC,6BACJ,OAAO,EAAE,UAAU,oBAAoB;EACrC,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;EAED,MAAM,eAAe,MAAM,eAAe;EAE1C,MAAM,WAAW,MAAM,mCACrB,EAAE,WAAW,UAAU,mBAAmB,EAC1C,UACD;AAED,SAAO,aAAa,2BAA2B;GAC7C,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACD,CAAC;;CAGN,MAAMC,mBAAqD,OAAO,EAChE,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,iBAAiB;GACjC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;CAGJ,MAAMC,+BACJ,OAAO,EAAE,UAAU,oBAAoB;EACrC,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;AAID,UAFmB,MAAM,eAAe,EAEtB,YAAY;GAC5B,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B,aAAa;GACb;GACD,CAAC;;CAGN,MAAMC,iBAAiD,OAAO,EAC5D,SACA,UACA,oBACI;AACJ,MAAI,QAAQ,WAAW,oCACrB,OAAM,IAAI,kBACR,mBAAmB,oCAAoC,kBACxD;EAGH,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;EAE1E,MAAM,WAAW,MAAM,mCACrB,EAAE,WAAW,UAAU,gBAAgB,EACvC,UACD;EAED,MAAM,sBAAsBN,iCAC1B,EAAE,OAAO,WAAW,YAAY,EAChC,UACD;AAcD,SAAO,EAAE,WAVS,OAFG,MAAM,eAAe,EAEL,eAAe;GAClD,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACA;GACA;GACD,CAAC,EAEkB;;CAGtB,MAAMO,UAAmC,OAAO,SAAS;AACvD,MAAI,CAAC,YACH;EAGF,MAAM,aAAa,MAAM,eAAe;AAWxC,MAAI,MAAM,WAAW,gBACnB,OAAM,WAAW,SAAS;AAE5B,gBAAc;;CAGhB,MAAMC,iBAAiD,OAAO,EAC5D,eACA,iBACA,kBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,eAAe;GAC/B,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B,kBAAkB;GAClB;GACA;GACD,CAAC;;CAGJ,MAAMC,cAA2C,OAAO,EACtD,SACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;EAE1E,MAAM,WAAW,MAAM,mCACrB,EAAE,WAAW,UAAU,gBAAgB,EACvC,UACD;EAED,MAAM,sBAAsBT,iCAC1B,EAAE,OAAO,WAAW,YAAY,EAChC,UACD;AAaD,SAAO,EAAE,WATS,OAFC,MAAM,eAAe,EAEL,YAAY;GAC7C,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACA;GACD,CAAC,EAEkB;;CAGtB,MAAMU,4BACJ,OAAO,EAAE,SAAS,uBAAuB,oBAAoB;EAC3D,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;EAED,MAAM,WAAW,MAAM,mCACrB,EAAE,WAAW,UAAU,gBAAgB,EACvC,UACD;EAED,MAAM,sBAAsBV,iCAC1B,EAAE,OAAO,WAAW,YAAY,EAChC,UACD;AAcD,SAAO,EAAE,WAVS,OAFC,MAAM,eAAe,EAEL,gBAAgB;GACjD,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACA,eAAe,cAAc;GAC7B;GACA,aAAa;GACd,CAAC,EAEkB;;CAGxB,MAAMW,yBACJ,OAAO,EAAE,oBAAoB;EAC3B,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;AAID,UAFmB,MAAM,eAAe,EAEtB,uBAAuB;GACvC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACD,CAAC;;CAGN,MAAMC,eAA6C,OAAO,EACxD,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,aAAa;GAC7B,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;AAGJ,QAAO;EACL;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACD;;;;;;;;;;;;;;;;;;;;;;;;;;;AClZH,MAAa,kCAAkC,OAC7C,EAAE,WAAW,UAAU,iBACvB,WACG;AAMH,QALiB,uCACf,EAAE,eAAe,EACjB,OACD,CAEe,iBAAiB;EAC/B;EACA;EACA;EACD,CAAC;;;;;;ACnCJ,MAAa,mCACX,EAAE,SACF,WACa;AACb,KAAI,CAAC,OAAO,KACV,QAAO,EAAE;AAoBX,SAhBE,OAAO,KAAK,oBAAoB,QAC7B,eACC,WAAW,mBAAmB,mBAAmB,kBACjD,WAAW,YACP,aAAa,CACd,WAAW,sBAAsB,qBAAqB,IACzD,WAAW,WACX,WAAW,SACX,oCAAoC,WAAW,MAAM,KAAK,MAC7D,IAAI,EAAE,EAE6C,KAEnD,eAAe,WAAW,QAC5B;;;;;AC7BH,qBAAqBC,MAAaC,QAAe"}
|
|
@@ -0,0 +1,137 @@
|
|
|
1
|
+
#import "DynamicClientScreenshotProtection.h"
|
|
2
|
+
#import <UIKit/UIKit.h>
|
|
3
|
+
#import <React/RCTBridgeModule.h>
|
|
4
|
+
#import <DynamicClientSpec/DynamicClientSpec.h>
|
|
5
|
+
|
|
6
|
+
@interface DynamicClientScreenshotProtection () <NativeScreenshotProtectionSpec> {
|
|
7
|
+
// Screenshot/recording protection state (see setEnabled:). All three are only
|
|
8
|
+
// touched on the main thread. `_secureField` doubles as the "are we currently
|
|
9
|
+
// protecting?" guard so setEnabled:NO never tears down a state we did not set
|
|
10
|
+
// up. `_originalWindowSuperlayer` is captured on enable so disable can restore
|
|
11
|
+
// the window layer to exactly where it was reparented from.
|
|
12
|
+
UITextField *_secureField;
|
|
13
|
+
UIWindow *_secureWindow;
|
|
14
|
+
CALayer *_originalWindowSuperlayer;
|
|
15
|
+
}
|
|
16
|
+
@end
|
|
17
|
+
|
|
18
|
+
@implementation DynamicClientScreenshotProtection
|
|
19
|
+
|
|
20
|
+
RCT_EXPORT_MODULE()
|
|
21
|
+
|
|
22
|
+
- (void)setEnabled:(BOOL)enabled {
|
|
23
|
+
// iOS has no public equivalent of Android's FLAG_SECURE, so we use the
|
|
24
|
+
// well-established "secure text entry canvas" technique: a UITextField with
|
|
25
|
+
// secureTextEntry == YES owns a special render layer that the system excludes
|
|
26
|
+
// from screenshots and screen recordings. By reparenting the key window's
|
|
27
|
+
// layer underneath that secure canvas, the entire window renders blank in any
|
|
28
|
+
// capture while staying fully visible on the physical screen. This relies on
|
|
29
|
+
// the secure canvas being the text field layer's first sublayer — undocumented
|
|
30
|
+
// but stable across iOS releases and free of private API symbols. Best-effort:
|
|
31
|
+
// if the window/layer can't be resolved we silently skip rather than block the
|
|
32
|
+
// calling flow.
|
|
33
|
+
//
|
|
34
|
+
// UIKit layer surgery must run on the main thread.
|
|
35
|
+
dispatch_async(dispatch_get_main_queue(), ^{
|
|
36
|
+
if (enabled) {
|
|
37
|
+
// Already protecting — setEnabled:YES is idempotent.
|
|
38
|
+
if (self->_secureField) {
|
|
39
|
+
return;
|
|
40
|
+
}
|
|
41
|
+
UIWindow *window = [self dynamicKeyWindow];
|
|
42
|
+
CALayer *originalSuperlayer = window.layer.superlayer;
|
|
43
|
+
if (!window || !originalSuperlayer) {
|
|
44
|
+
return;
|
|
45
|
+
}
|
|
46
|
+
UITextField *field = [[UITextField alloc] initWithFrame:window.bounds];
|
|
47
|
+
field.secureTextEntry = YES;
|
|
48
|
+
// Purely a protection shim — must never intercept touches.
|
|
49
|
+
field.userInteractionEnabled = NO;
|
|
50
|
+
[window addSubview:field];
|
|
51
|
+
// The secure-entry "canvas" (the layer iOS excludes from screenshots/
|
|
52
|
+
// recordings) is a private subview that UIKit does NOT create until the
|
|
53
|
+
// field has been laid out inside a window. Force a layout pass first,
|
|
54
|
+
// otherwise the lookup below finds nothing and protection silently no-ops.
|
|
55
|
+
[field layoutIfNeeded];
|
|
56
|
+
CALayer *secureLayer = [self secureCanvasLayerForField:field];
|
|
57
|
+
if (!secureLayer) {
|
|
58
|
+
// UIKit internals changed and the secure canvas couldn't be found — bail
|
|
59
|
+
// without reparenting so the window is never left half-detached.
|
|
60
|
+
[field removeFromSuperview];
|
|
61
|
+
return;
|
|
62
|
+
}
|
|
63
|
+
// Move the window's layer underneath the secure canvas so the whole window
|
|
64
|
+
// inherits the "not captured" property; keep the field's own layer as a
|
|
65
|
+
// sibling under the original superlayer so the canvas stays in the tree.
|
|
66
|
+
[originalSuperlayer addSublayer:field.layer];
|
|
67
|
+
[secureLayer addSublayer:window.layer];
|
|
68
|
+
self->_secureField = field;
|
|
69
|
+
self->_secureWindow = window;
|
|
70
|
+
self->_originalWindowSuperlayer = originalSuperlayer;
|
|
71
|
+
} else {
|
|
72
|
+
// Not protecting (or never were) — nothing to undo.
|
|
73
|
+
if (!self->_secureField) {
|
|
74
|
+
return;
|
|
75
|
+
}
|
|
76
|
+
// Move the window layer back out of the secure canvas to its original
|
|
77
|
+
// parent, then drop our shim field entirely.
|
|
78
|
+
[self->_originalWindowSuperlayer addSublayer:self->_secureWindow.layer];
|
|
79
|
+
[self->_secureField.layer removeFromSuperlayer];
|
|
80
|
+
[self->_secureField removeFromSuperview];
|
|
81
|
+
self->_secureField = nil;
|
|
82
|
+
self->_secureWindow = nil;
|
|
83
|
+
self->_originalWindowSuperlayer = nil;
|
|
84
|
+
}
|
|
85
|
+
});
|
|
86
|
+
}
|
|
87
|
+
|
|
88
|
+
// Finds the secure-entry "canvas" layer of a secureTextEntry field — the layer
|
|
89
|
+
// iOS excludes from screenshots/recordings. Its position in the field's
|
|
90
|
+
// view/layer tree varies across iOS versions, so probe defensively: prefer a
|
|
91
|
+
// subview whose class name marks it as the canvas/content host, then fall back
|
|
92
|
+
// to the first sublayer of the field's own layer. Returns nil if neither is
|
|
93
|
+
// present (UIKit internals changed), so the caller can skip cleanly.
|
|
94
|
+
- (CALayer *)secureCanvasLayerForField:(UITextField *)field {
|
|
95
|
+
for (UIView *subview in field.subviews) {
|
|
96
|
+
NSString *className = NSStringFromClass(subview.class);
|
|
97
|
+
if ([className containsString:@"Canvas"] ||
|
|
98
|
+
[className containsString:@"Content"]) {
|
|
99
|
+
return subview.layer;
|
|
100
|
+
}
|
|
101
|
+
}
|
|
102
|
+
return field.layer.sublayers.firstObject;
|
|
103
|
+
}
|
|
104
|
+
|
|
105
|
+
// Resolves the foreground-active key window across connected scenes, falling
|
|
106
|
+
// back to the first window of any window scene. Used by setEnabled: to apply
|
|
107
|
+
// screenshot protection at the window level.
|
|
108
|
+
- (UIWindow *)dynamicKeyWindow {
|
|
109
|
+
UIWindow *fallback = nil;
|
|
110
|
+
for (UIScene *scene in UIApplication.sharedApplication.connectedScenes) {
|
|
111
|
+
if (![scene isKindOfClass:[UIWindowScene class]]) {
|
|
112
|
+
continue;
|
|
113
|
+
}
|
|
114
|
+
UIWindowScene *windowScene = (UIWindowScene *)scene;
|
|
115
|
+
for (UIWindow *window in windowScene.windows) {
|
|
116
|
+
if (window.isKeyWindow) {
|
|
117
|
+
return window;
|
|
118
|
+
}
|
|
119
|
+
if (!fallback) {
|
|
120
|
+
fallback = window;
|
|
121
|
+
}
|
|
122
|
+
}
|
|
123
|
+
}
|
|
124
|
+
return fallback;
|
|
125
|
+
}
|
|
126
|
+
|
|
127
|
+
- (std::shared_ptr<facebook::react::TurboModule>)getTurboModule:
|
|
128
|
+
(const facebook::react::ObjCTurboModule::InitParams &)params {
|
|
129
|
+
return std::make_shared<facebook::react::NativeScreenshotProtectionSpecJSI>(
|
|
130
|
+
params);
|
|
131
|
+
}
|
|
132
|
+
|
|
133
|
+
+ (BOOL)requiresMainQueueSetup {
|
|
134
|
+
return NO;
|
|
135
|
+
}
|
|
136
|
+
|
|
137
|
+
@end
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@dynamic-labs-sdk/client",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.10.0",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"main": "./dist/index.cjs",
|
|
6
6
|
"module": "./dist/index.esm.js",
|
|
@@ -48,15 +48,15 @@
|
|
|
48
48
|
}
|
|
49
49
|
},
|
|
50
50
|
"dependencies": {
|
|
51
|
-
"@dynamic-labs-wallet/browser-wallet-client": "1.0.
|
|
52
|
-
"@dynamic-labs-wallet/forward-mpc-client": "0.
|
|
53
|
-
"@dynamic-labs/sdk-api-core": "0.0.
|
|
51
|
+
"@dynamic-labs-wallet/browser-wallet-client": "1.0.38",
|
|
52
|
+
"@dynamic-labs-wallet/forward-mpc-client": "0.12.0",
|
|
53
|
+
"@dynamic-labs/sdk-api-core": "0.0.1046",
|
|
54
54
|
"@simplewebauthn/browser": "13.1.0",
|
|
55
55
|
"ably": "2.17.1",
|
|
56
56
|
"buffer": "6.0.3",
|
|
57
57
|
"eventemitter3": "5.0.1",
|
|
58
58
|
"zod": "4.0.5",
|
|
59
|
-
"@dynamic-labs-sdk/assert-package-version": "1.
|
|
59
|
+
"@dynamic-labs-sdk/assert-package-version": "1.10.0"
|
|
60
60
|
},
|
|
61
61
|
"devDependencies": {
|
|
62
62
|
"@inrupt/jest-jsdom-polyfills": "4.0.5",
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
/// <reference types="vitest/globals" />
|
|
2
|
+
|
|
3
|
+
const turboModuleGetMock = vi.fn();
|
|
4
|
+
|
|
5
|
+
vi.mock('react-native', () => ({
|
|
6
|
+
TurboModuleRegistry: {
|
|
7
|
+
get get() {
|
|
8
|
+
return turboModuleGetMock;
|
|
9
|
+
},
|
|
10
|
+
},
|
|
11
|
+
}));
|
|
12
|
+
|
|
13
|
+
describe('NativeScreenshotProtection', () => {
|
|
14
|
+
beforeEach(() => {
|
|
15
|
+
vi.resetModules();
|
|
16
|
+
});
|
|
17
|
+
|
|
18
|
+
describe('when the TurboModuleRegistry resolves the native module', () => {
|
|
19
|
+
const resolvedModule = { setEnabled: vi.fn() };
|
|
20
|
+
|
|
21
|
+
beforeEach(() => {
|
|
22
|
+
turboModuleGetMock.mockReturnValue(resolvedModule);
|
|
23
|
+
});
|
|
24
|
+
|
|
25
|
+
it('should expose the resolved module as the default export', async () => {
|
|
26
|
+
const imported = await import('./NativeScreenshotProtection');
|
|
27
|
+
|
|
28
|
+
expect(imported.default).toBe(resolvedModule);
|
|
29
|
+
});
|
|
30
|
+
|
|
31
|
+
it("should look up the native module under the 'DynamicClientScreenshotProtection' key that matches the iOS and Android registration", async () => {
|
|
32
|
+
await import('./NativeScreenshotProtection');
|
|
33
|
+
|
|
34
|
+
expect(turboModuleGetMock).toHaveBeenCalledWith(
|
|
35
|
+
'DynamicClientScreenshotProtection'
|
|
36
|
+
);
|
|
37
|
+
});
|
|
38
|
+
|
|
39
|
+
it('should resolve the native module exactly once at import time', async () => {
|
|
40
|
+
await import('./NativeScreenshotProtection');
|
|
41
|
+
|
|
42
|
+
expect(turboModuleGetMock).toHaveBeenCalledOnce();
|
|
43
|
+
});
|
|
44
|
+
});
|
|
45
|
+
|
|
46
|
+
describe('when the TurboModuleRegistry cannot resolve the native module', () => {
|
|
47
|
+
beforeEach(() => {
|
|
48
|
+
turboModuleGetMock.mockReturnValue(null);
|
|
49
|
+
});
|
|
50
|
+
|
|
51
|
+
it('should expose null as the default export so consumers can surface a linking error', async () => {
|
|
52
|
+
const imported = await import('./NativeScreenshotProtection');
|
|
53
|
+
|
|
54
|
+
expect(imported.default).toBeNull();
|
|
55
|
+
});
|
|
56
|
+
});
|
|
57
|
+
});
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
// This file is a TurboModule spec consumed by React Native codegen.
|
|
2
|
+
// The `interface`, `default export`, and the `react-native` import are hard
|
|
3
|
+
// requirements of the codegen parser and intentionally deviate from the
|
|
4
|
+
// project's conventions. Codegen discovers specs by the `Native*` filename
|
|
5
|
+
// prefix, so this file cannot be renamed to `.native.ts`.
|
|
6
|
+
|
|
7
|
+
import { type TurboModule, TurboModuleRegistry } from 'react-native';
|
|
8
|
+
|
|
9
|
+
export interface Spec extends TurboModule {
|
|
10
|
+
/**
|
|
11
|
+
* Toggles window-level screenshot/screen-recording protection on the
|
|
12
|
+
* foreground window while a sensitive surface (e.g. the private-key export
|
|
13
|
+
* display) is visible.
|
|
14
|
+
*
|
|
15
|
+
* Android applies `FLAG_SECURE` on the current Activity window when `enabled`
|
|
16
|
+
* is `true` and clears it when `false` (only if it set the flag itself, so a
|
|
17
|
+
* host app's own `FLAG_SECURE` is never cleared). iOS reparents the key
|
|
18
|
+
* window under a `secureTextEntry` field's canvas so captures render blank.
|
|
19
|
+
* The protection is window-level and independent of any WebView, so it works
|
|
20
|
+
* regardless of how the protected UI is rendered.
|
|
21
|
+
*/
|
|
22
|
+
setEnabled(enabled: boolean): void;
|
|
23
|
+
}
|
|
24
|
+
|
|
25
|
+
// eslint-disable-next-line import/no-default-export
|
|
26
|
+
export default TurboModuleRegistry.get<Spec>('DynamicClientScreenshotProtection');
|