@dynamic-labs-sdk/client 1.8.2 → 1.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (129) hide show
  1. package/android/src/main/java/xyz/dynamic/client/DynamicClientPackage.kt +10 -0
  2. package/android/src/main/java/xyz/dynamic/client/screenshot/ScreenshotProtectionModule.kt +48 -0
  3. package/dist/{InvalidParamError-CmwKWCyr.cjs → InvalidParamError-C7LLi2cZ.cjs} +70 -5
  4. package/dist/InvalidParamError-C7LLi2cZ.cjs.map +1 -0
  5. package/dist/{InvalidParamError-c1J0Vmze.esm.js → InvalidParamError-DIPFT3sS.esm.js} +52 -5
  6. package/dist/InvalidParamError-DIPFT3sS.esm.js.map +1 -0
  7. package/dist/{InvalidParamError-BqFQnYCi.native.esm.js → InvalidParamError-YG7yXCq5.native.esm.js} +273 -5
  8. package/dist/InvalidParamError-YG7yXCq5.native.esm.js.map +1 -0
  9. package/dist/NotWaasWalletAccountError-BWrDQFe8.esm.js +18 -0
  10. package/dist/NotWaasWalletAccountError-BWrDQFe8.esm.js.map +1 -0
  11. package/dist/NotWaasWalletAccountError-C8ex1YA_.cjs +23 -0
  12. package/dist/NotWaasWalletAccountError-C8ex1YA_.cjs.map +1 -0
  13. package/dist/NotWaasWalletAccountError-Cd2o0wr0.native.esm.js +18 -0
  14. package/dist/NotWaasWalletAccountError-Cd2o0wr0.native.esm.js.map +1 -0
  15. package/dist/core.cjs +24 -5
  16. package/dist/core.cjs.map +1 -1
  17. package/dist/core.esm.js +24 -6
  18. package/dist/core.esm.js.map +1 -1
  19. package/dist/core.native.esm.js +34 -9
  20. package/dist/core.native.esm.js.map +1 -1
  21. package/dist/exports/core.d.ts +4 -0
  22. package/dist/exports/core.d.ts.map +1 -1
  23. package/dist/exports/index.d.ts +0 -7
  24. package/dist/exports/index.d.ts.map +1 -1
  25. package/dist/exports/waasCore.d.ts +2 -0
  26. package/dist/exports/waasCore.d.ts.map +1 -1
  27. package/dist/{getNetworkProviderFromNetworkId-Cke-DBhx.native.esm.js → getNetworkProviderFromNetworkId-C46TeXs8.native.esm.js} +17 -12
  28. package/dist/getNetworkProviderFromNetworkId-C46TeXs8.native.esm.js.map +1 -0
  29. package/dist/{getNetworkProviderFromNetworkId-DXzopnuR.cjs → getNetworkProviderFromNetworkId-CBGWQS_K.cjs} +4 -4
  30. package/dist/{getNetworkProviderFromNetworkId-DXzopnuR.cjs.map → getNetworkProviderFromNetworkId-CBGWQS_K.cjs.map} +1 -1
  31. package/dist/{getNetworkProviderFromNetworkId-CGpE_Y95.esm.js → getNetworkProviderFromNetworkId-D-wj5mPl.esm.js} +3 -3
  32. package/dist/{getNetworkProviderFromNetworkId-CGpE_Y95.esm.js.map → getNetworkProviderFromNetworkId-D-wj5mPl.esm.js.map} +1 -1
  33. package/dist/{getSignedSessionId-CbWFH_TM.cjs → getSignedSessionId-CCHKjoeP.cjs} +3 -3
  34. package/dist/{getSignedSessionId-CbWFH_TM.cjs.map → getSignedSessionId-CCHKjoeP.cjs.map} +1 -1
  35. package/dist/{getSignedSessionId-C7YR-jNH.native.esm.js → getSignedSessionId-DdKTM3Rh.native.esm.js} +3 -3
  36. package/dist/{getSignedSessionId-C7YR-jNH.native.esm.js.map → getSignedSessionId-DdKTM3Rh.native.esm.js.map} +1 -1
  37. package/dist/{getSignedSessionId-C1uLkDjy.esm.js → getSignedSessionId-Dy04984p.esm.js} +3 -3
  38. package/dist/{getSignedSessionId-C1uLkDjy.esm.js.map → getSignedSessionId-Dy04984p.esm.js.map} +1 -1
  39. package/dist/{getVerifiedCredentialForWalletAccount-DPTHL1pO.esm.js → getVerifiedCredentialForWalletAccount-BFCM2wnx.esm.js} +3 -10
  40. package/dist/getVerifiedCredentialForWalletAccount-BFCM2wnx.esm.js.map +1 -0
  41. package/dist/{getVerifiedCredentialForWalletAccount-DidFNLGP.cjs → getVerifiedCredentialForWalletAccount-BtIVDer3.cjs} +4 -17
  42. package/dist/getVerifiedCredentialForWalletAccount-BtIVDer3.cjs.map +1 -0
  43. package/dist/{getVerifiedCredentialForWalletAccount-DAmdvMY5.native.esm.js → getVerifiedCredentialForWalletAccount-Dsca691m.native.esm.js} +3 -236
  44. package/dist/getVerifiedCredentialForWalletAccount-Dsca691m.native.esm.js.map +1 -0
  45. package/dist/getWaasWalletProviderFromWalletAccount-5-EJK6a_.cjs +19 -0
  46. package/dist/getWaasWalletProviderFromWalletAccount-5-EJK6a_.cjs.map +1 -0
  47. package/dist/getWaasWalletProviderFromWalletAccount-AhhyxkKQ.esm.js +14 -0
  48. package/dist/getWaasWalletProviderFromWalletAccount-AhhyxkKQ.esm.js.map +1 -0
  49. package/dist/getWaasWalletProviderFromWalletAccount-EnCRdI3w.native.esm.js +14 -0
  50. package/dist/getWaasWalletProviderFromWalletAccount-EnCRdI3w.native.esm.js.map +1 -0
  51. package/dist/index.cjs +51 -13
  52. package/dist/index.cjs.map +1 -1
  53. package/dist/index.esm.js +47 -9
  54. package/dist/index.esm.js.map +1 -1
  55. package/dist/index.native.esm.js +50 -12
  56. package/dist/index.native.esm.js.map +1 -1
  57. package/dist/{isMfaRequiredForAction-DCwLx4Ik.esm.js → isMfaRequiredForAction-BrmFODJQ.esm.js} +2 -2
  58. package/dist/{isMfaRequiredForAction-DCwLx4Ik.esm.js.map → isMfaRequiredForAction-BrmFODJQ.esm.js.map} +1 -1
  59. package/dist/{isMfaRequiredForAction-Dx4BPJVg.native.esm.js → isMfaRequiredForAction-DAfjBLvz.native.esm.js} +2 -2
  60. package/dist/{isMfaRequiredForAction-Dx4BPJVg.native.esm.js.map → isMfaRequiredForAction-DAfjBLvz.native.esm.js.map} +1 -1
  61. package/dist/{isMfaRequiredForAction-BNipdNF5.cjs → isMfaRequiredForAction-aX0vdwv-.cjs} +2 -2
  62. package/dist/{isMfaRequiredForAction-BNipdNF5.cjs.map → isMfaRequiredForAction-aX0vdwv-.cjs.map} +1 -1
  63. package/dist/modules/balances/getBalances/getBalances.d.ts +5 -2
  64. package/dist/modules/balances/getBalances/getBalances.d.ts.map +1 -1
  65. package/dist/modules/balances/getMultichainBalances/getMultichainBalances.d.ts +6 -3
  66. package/dist/modules/balances/getMultichainBalances/getMultichainBalances.d.ts.map +1 -1
  67. package/dist/modules/checkout/checkout.types.d.ts +6 -6
  68. package/dist/modules/checkout/checkout.types.d.ts.map +1 -1
  69. package/dist/modules/screenshotProtection/setScreenshotProtection/setScreenshotProtection.d.ts +15 -0
  70. package/dist/modules/screenshotProtection/setScreenshotProtection/setScreenshotProtection.d.ts.map +1 -0
  71. package/dist/modules/screenshotProtection/setScreenshotProtection/setScreenshotProtection.types.d.ts +14 -0
  72. package/dist/modules/screenshotProtection/setScreenshotProtection/setScreenshotProtection.types.d.ts.map +1 -0
  73. package/dist/modules/waas/createWaasClient/createNativeWaasSDKContainer.d.ts +15 -0
  74. package/dist/modules/waas/createWaasClient/createNativeWaasSDKContainer.d.ts.map +1 -0
  75. package/dist/modules/waas/createWaasProvider/createWaasProvider.d.ts.map +1 -1
  76. package/dist/modules/waas/exportWaasPrivateKeyToContainer/exportWaasPrivateKeyToContainer.d.ts +33 -0
  77. package/dist/modules/waas/exportWaasPrivateKeyToContainer/exportWaasPrivateKeyToContainer.d.ts.map +1 -0
  78. package/dist/modules/waas/exportWaasPrivateKeyToContainer/index.d.ts +2 -0
  79. package/dist/modules/waas/exportWaasPrivateKeyToContainer/index.d.ts.map +1 -0
  80. package/dist/modules/waas/waas.types.d.ts +3 -1
  81. package/dist/modules/waas/waas.types.d.ts.map +1 -1
  82. package/dist/modules/wallets/networks/getBalance/getBalance.d.ts +5 -1
  83. package/dist/modules/wallets/networks/getBalance/getBalance.d.ts.map +1 -1
  84. package/dist/{NotWaasWalletAccountError-CgwG_c2-.esm.js → refreshAuth-B2kFf0pl.native.esm.js} +4 -18
  85. package/dist/refreshAuth-B2kFf0pl.native.esm.js.map +1 -0
  86. package/dist/{NotWaasWalletAccountError-Be0QB89x.native.esm.js → refreshAuth-B8xd2JUm.esm.js} +4 -18
  87. package/dist/refreshAuth-B8xd2JUm.esm.js.map +1 -0
  88. package/dist/{NotWaasWalletAccountError-DKEpLrGc.cjs → refreshAuth-BMtIp1do.cjs} +3 -23
  89. package/dist/refreshAuth-BMtIp1do.cjs.map +1 -0
  90. package/dist/services/instrumentation/connectLoggerToInstrumentation/connectLoggerToInstrumentation.d.ts.map +1 -1
  91. package/dist/services/instrumentation/instrumentFunction/instrumentFunction.d.ts.map +1 -1
  92. package/dist/services/instrumentation/instrumentation.types.d.ts +6 -0
  93. package/dist/services/instrumentation/instrumentation.types.d.ts.map +1 -1
  94. package/dist/tsconfig.lib.tsbuildinfo +1 -1
  95. package/dist/utils/getOperatingSystem/getOperatingSystem.d.ts +13 -0
  96. package/dist/utils/getOperatingSystem/getOperatingSystem.d.ts.map +1 -0
  97. package/dist/utils/getOperatingSystem/getOperatingSystem.types.d.ts +8 -0
  98. package/dist/utils/getOperatingSystem/getOperatingSystem.types.d.ts.map +1 -0
  99. package/dist/utils/getPlatform/getPlatform.d.ts +11 -0
  100. package/dist/utils/getPlatform/getPlatform.d.ts.map +1 -0
  101. package/dist/utils/getPlatform/getPlatform.types.d.ts +8 -0
  102. package/dist/utils/getPlatform/getPlatform.types.d.ts.map +1 -0
  103. package/dist/waas.cjs +20 -28
  104. package/dist/waas.cjs.map +1 -1
  105. package/dist/waas.esm.js +4 -12
  106. package/dist/waas.esm.js.map +1 -1
  107. package/dist/waas.native.esm.js +4 -12
  108. package/dist/waas.native.esm.js.map +1 -1
  109. package/dist/waasCore.cjs +39 -4
  110. package/dist/waasCore.cjs.map +1 -1
  111. package/dist/waasCore.esm.js +39 -5
  112. package/dist/waasCore.esm.js.map +1 -1
  113. package/dist/waasCore.native.esm.js +68 -10
  114. package/dist/waasCore.native.esm.js.map +1 -1
  115. package/ios/DynamicClientScreenshotProtection.h +4 -0
  116. package/ios/DynamicClientScreenshotProtection.mm +137 -0
  117. package/package.json +5 -5
  118. package/src/turboModules/NativeScreenshotProtection.native.spec.ts +57 -0
  119. package/src/turboModules/NativeScreenshotProtection.ts +26 -0
  120. package/dist/InvalidParamError-BqFQnYCi.native.esm.js.map +0 -1
  121. package/dist/InvalidParamError-CmwKWCyr.cjs.map +0 -1
  122. package/dist/InvalidParamError-c1J0Vmze.esm.js.map +0 -1
  123. package/dist/NotWaasWalletAccountError-Be0QB89x.native.esm.js.map +0 -1
  124. package/dist/NotWaasWalletAccountError-CgwG_c2-.esm.js.map +0 -1
  125. package/dist/NotWaasWalletAccountError-DKEpLrGc.cjs.map +0 -1
  126. package/dist/getNetworkProviderFromNetworkId-Cke-DBhx.native.esm.js.map +0 -1
  127. package/dist/getVerifiedCredentialForWalletAccount-DAmdvMY5.native.esm.js.map +0 -1
  128. package/dist/getVerifiedCredentialForWalletAccount-DPTHL1pO.esm.js.map +0 -1
  129. package/dist/getVerifiedCredentialForWalletAccount-DidFNLGP.cjs.map +0 -1
@@ -1 +1 @@
1
- {"version":3,"file":"waasCore.cjs","names":["createWaasClient: CreateWaasClient","getCore","DynamicWalletClient","isCookieEnabled","DEFAULT_WAAS_BASE_API_URL","DEFAULT_WAAS_BASE_MPC_RELAY_API_URL","CLIENT_SDK_NAME","logoutWithReason","CHAINS_INFO_MAP","getCore","_waasClient: DynamicWalletClient | undefined","getWaasClient: WaasProvider['getWaasClient']","backupKeySharesToGoogleDrive: WaasProvider['backupKeySharesToGoogleDrive']","getSignedSessionId","createWalletAccount: WaasProvider['createWalletAccount']","ThresholdSignatureScheme","delegateKeyShares: WaasProvider['delegateKeyShares']","exportClientKeyshares: WaasProvider['exportClientKeyshares']","exportPrivateKey: WaasProvider['exportPrivateKey']","consumeMfaTokenIfRequiredForAction","MFAAction","getElevatedAccessToken","TokenScope","restoreUserShareForWalletAccount: WaasProvider['restoreUserShareForWalletAccount']","WalletOperation","importPrivateKey: WaasProvider['importPrivateKey']","refreshWalletAccountShares: WaasProvider['refreshWalletAccountShares']","revokeDelegation: WaasProvider['revokeDelegation']","setWaasWalletAccountPassword: WaasProvider['setWaasWalletAccountPassword']","signRawMessage: WaasProvider['signRawMessage']","InvalidParamError","destroy: WaasProvider['destroy']","updatePassword: WaasProvider['updatePassword']","signMessage: WaasProvider['signMessage']","signSerializedTransaction: WaasProvider['signSerializedTransaction']","getWalletRecoveryState: WaasProvider['getWalletRecoveryState']","unlockWallet: WaasProvider['unlockWallet']","WalletProviderEnum","DYNAMIC_WAAS_METADATA","getChainFromVerifiedCredentialChain","packageName","packageVersion"],"sources":["../src/modules/waas/createWaasClient/createWaasClient.ts","../src/modules/waas/getWaasChainNameFromChain/getWaasChainNameFromChain.ts","../src/modules/waas/createWaasProvider/createWaasProvider.ts","../src/modules/waas/getAllUserWaasAddressesForChain/getAllUserWaasAddressesForChain.ts","../src/exports/waasCore.ts"],"sourcesContent":["import type { AuthMode } from '@dynamic-labs-wallet/browser-wallet-client';\nimport { DynamicWalletClient } from '@dynamic-labs-wallet/browser-wallet-client';\n\nimport { getCore } from '../../../client/core/getCore';\nimport { CLIENT_SDK_NAME } from '../../apiClient/constants';\nimport { logoutWithReason } from '../../auth/logoutWithReason';\nimport { isCookieEnabled } from '../../projectSettings/isCookieEnabled';\nimport type { CreateWaasClient } from './createWaasClient.types';\nimport {\n DEFAULT_WAAS_BASE_API_URL,\n DEFAULT_WAAS_BASE_MPC_RELAY_API_URL,\n} from '../constants';\n\n/** @not-instrumented */\nexport const createWaasClient: CreateWaasClient = ({ chainName }, client) => {\n const core = getCore(client);\n\n const additionalTrustedOrigins = core.waas?.additionalTrustedOrigins;\n\n const baseClientKeysharesRelayApiUrl =\n client.projectSettings?.sdk.waas?.customKeyshareRelayBaseUrl;\n\n return new DynamicWalletClient(\n {\n authMode: (isCookieEnabled(client) ? 'cookie' : 'header') as AuthMode,\n authToken: client.token || '',\n baseApiUrl: (core.apiBaseUrl || DEFAULT_WAAS_BASE_API_URL).replace(\n '/api/v0',\n ''\n ),\n baseMPCRelayApiUrl:\n client.projectSettings?.sdk.waas?.relayUrl ||\n DEFAULT_WAAS_BASE_MPC_RELAY_API_URL,\n chainName,\n environmentId: core.environmentId,\n sdkVersion: `${CLIENT_SDK_NAME}/${core.version}`,\n ...(additionalTrustedOrigins == undefined\n ? {}\n : { additionalTrustedOrigins }),\n ...(baseClientKeysharesRelayApiUrl == undefined\n ? {}\n : { baseClientKeysharesRelayApiUrl }),\n },\n {\n // When the WaaS iframe's own backend call returns 401 (e.g. a forcibly\n // revoked token), the iframe notifies the host via the reverse channel\n // and this fires — log the user out. Mirrors the session-expiry\n // middleware that covers the SDK's own direct API 401s.\n onUnauthorized: () => {\n void logoutWithReason(\n { reason: 'session-refresh-unauthorized' },\n client\n ).catch((error) => {\n core.logger.error(\n 'Failed to log out after WaaS unauthorized response',\n error\n );\n });\n },\n }\n );\n};\n","import type { Chain } from '../../chain';\nimport { CHAINS_INFO_MAP } from '../../wallets/constants';\n\n/** @not-instrumented */\n// eslint-disable-next-line custom-rules/require-single-object-param\nexport const getWaasChainNameFromChain = (chain: Chain): string => {\n return CHAINS_INFO_MAP[chain].waasChainNameOverride || chain;\n};\n","import {\n type BitcoinConfig,\n type DynamicWalletClient,\n ThresholdSignatureScheme,\n WalletOperation,\n} from '@dynamic-labs-wallet/browser-wallet-client';\nimport { MFAAction, TokenScope } from '@dynamic-labs/sdk-api-core';\n\nimport { getCore } from '../../../client/core/getCore';\nimport type { DynamicClient } from '../../../client/types/DynamicClient';\nimport { InvalidParamError } from '../../../errors/InvalidParamError';\nimport { getElevatedAccessToken } from '../../auth/getElevatedAccessToken';\nimport type { Chain } from '../../chain';\nimport { consumeMfaTokenIfRequiredForAction } from '../../mfa/consumeMfaTokenIfRequiredForAction';\nimport { getSignedSessionId } from '../../sessionKeys/getSignedSessionId';\nimport { createWaasClient } from '../createWaasClient';\nimport { getWaasChainNameFromChain } from '../getWaasChainNameFromChain';\nimport type { WaasProvider } from '../waas.types';\n\nconst RAW_MESSAGE_MESSAGE_REQUIRED_LENGTH = 64;\n\ntype CreateWaasProviderParams = {\n chain: Chain;\n sdkClient: DynamicClient;\n};\n\n/** @not-instrumented */\nexport const createWaasProvider = ({\n sdkClient,\n chain,\n}: CreateWaasProviderParams): WaasProvider => {\n const logger = getCore(sdkClient).logger;\n\n let _waasClient: DynamicWalletClient | undefined;\n\n // because the waas client needs the authToken to be set, we can only create it\n // the first time it's needed, which is after the user has logged in\n const getWaasClient: WaasProvider['getWaasClient'] = async () => {\n if (!_waasClient) {\n _waasClient = createWaasClient(\n { chainName: getWaasChainNameFromChain(chain) },\n sdkClient\n );\n await _waasClient.initialize();\n }\n return _waasClient;\n };\n\n const backupKeySharesToGoogleDrive: WaasProvider['backupKeySharesToGoogleDrive'] =\n async ({ googleDriveAccessToken, password, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n return waasClient.backupKeySharesToGoogleDrive({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n googleDriveAccessToken,\n password,\n signedSessionId,\n });\n };\n\n const createWalletAccount: WaasProvider['createWalletAccount'] = async (\n args = {}\n ) => {\n logger.debug('[createWaasProvider] createWalletAccount', {\n bitcoinConfig: args.bitcoinConfig,\n thresholdSignatureScheme: args.thresholdSignatureScheme,\n });\n\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n const waasWallet = await waasClient.createWalletAccount({\n authToken: sdkClient.token ?? undefined,\n bitcoinConfig: args.bitcoinConfig as BitcoinConfig | undefined,\n password: args.password,\n signedSessionId,\n thresholdSignatureScheme:\n args.thresholdSignatureScheme ?? ThresholdSignatureScheme.TWO_OF_TWO,\n });\n\n return waasWallet;\n };\n\n const delegateKeyShares: WaasProvider['delegateKeyShares'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.delegateKeyShares({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n const exportClientKeyshares: WaasProvider['exportClientKeyshares'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n await waasClient.exportClientKeyshares({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n const exportPrivateKey: WaasProvider['exportPrivateKey'] = async ({\n displayContainer,\n walletAccount,\n password,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasExport },\n sdkClient\n );\n\n // Forward any elevated access token previously obtained via step-up\n // (e.g. requestExternalAuthElevatedToken) so the backend authorizes\n // the export under the wallet:export scope.\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletexport },\n sdkClient\n );\n\n await waasClient.exportPrivateKey({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n displayContainer,\n elevatedAccessToken,\n mfaToken,\n password,\n signedSessionId,\n });\n };\n\n const restoreUserShareForWalletAccount: WaasProvider['restoreUserShareForWalletAccount'] =\n async ({ walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n await waasClient.getWallet({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n signedSessionId,\n walletOperation: WalletOperation.SIGN_MESSAGE,\n });\n };\n\n const importPrivateKey: WaasProvider['importPrivateKey'] = async ({\n privateKey,\n thresholdSignatureScheme = ThresholdSignatureScheme.TWO_OF_TWO,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const walletClient = await getWaasClient();\n\n await walletClient.importPrivateKey({\n authToken: sdkClient.token ?? undefined,\n privateKey,\n signedSessionId,\n thresholdSignatureScheme,\n });\n };\n\n const refreshWalletAccountShares: WaasProvider['refreshWalletAccountShares'] =\n async ({ password, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const walletClient = await getWaasClient();\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasRefresh },\n sdkClient\n );\n\n return walletClient.refreshWalletAccountShares({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n mfaToken,\n password,\n signedSessionId,\n });\n };\n\n const revokeDelegation: WaasProvider['revokeDelegation'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.revokeDelegation({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n const setWaasWalletAccountPassword: WaasProvider['setWaasWalletAccountPassword'] =\n async ({ password, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n return waasClient.setPassword({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n newPassword: password,\n signedSessionId,\n });\n };\n\n const signRawMessage: WaasProvider['signRawMessage'] = async ({\n message,\n password,\n walletAccount,\n }) => {\n if (message.length !== RAW_MESSAGE_MESSAGE_REQUIRED_LENGTH) {\n throw new InvalidParamError(\n `Message must be ${RAW_MESSAGE_MESSAGE_REQUIRED_LENGTH} characters long`\n );\n }\n\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasSign },\n sdkClient\n );\n\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletsign },\n sdkClient\n );\n\n const walletClient = await getWaasClient();\n\n const signature = await walletClient.signRawMessage({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n elevatedAccessToken,\n message,\n mfaToken,\n password,\n signedSessionId,\n });\n\n return { signature };\n };\n\n const destroy: WaasProvider['destroy'] = async (args) => {\n if (!_waasClient) {\n return;\n }\n\n const waasClient = await getWaasClient();\n // When a session token expires, we preserve key shares in storage instead\n // of clearing them. Customers with short-lived sessions (minutes) were\n // hitting excessive server-side share recovery on every re-login, which\n // also forced users to re-enter their wallet password since the unlocked\n // share only lives for the duration of the session.\n //\n // This is safe because the waas-sdk separately fingerprints the user\n // (sub + environment_id) and clears all storage if a different user logs\n // in. On explicit user-initiated logout, shares are always cleared for\n // security.\n if (args?.reason !== 'token-expired') {\n await waasClient.cleanup();\n }\n _waasClient = undefined;\n };\n\n const updatePassword: WaasProvider['updatePassword'] = async ({\n walletAccount,\n currentPassword,\n newPassword,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.updatePassword({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n existingPassword: currentPassword,\n newPassword,\n signedSessionId,\n });\n };\n\n const signMessage: WaasProvider['signMessage'] = async ({\n message,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasSign },\n sdkClient\n );\n\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletsign },\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n const signature = await waasClient.signMessage({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n elevatedAccessToken,\n message,\n mfaToken,\n signedSessionId,\n });\n\n return { signature };\n };\n\n const signSerializedTransaction: WaasProvider['signSerializedTransaction'] =\n async ({ chainId, serializedTransaction, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasSign },\n sdkClient\n );\n\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletsign },\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n const signature = await waasClient.signTransaction({\n authToken: sdkClient.token ?? undefined,\n chainId,\n elevatedAccessToken,\n mfaToken,\n senderAddress: walletAccount.address,\n signedSessionId,\n transaction: serializedTransaction,\n });\n\n return { signature };\n };\n\n const getWalletRecoveryState: WaasProvider['getWalletRecoveryState'] =\n async ({ walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n return waasClient.getWalletRecoveryState({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n signedSessionId,\n });\n };\n\n const unlockWallet: WaasProvider['unlockWallet'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.unlockWallet({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n return {\n backupKeySharesToGoogleDrive,\n createWalletAccount,\n delegateKeyShares,\n destroy,\n exportClientKeyshares,\n exportPrivateKey,\n getWaasClient,\n getWalletRecoveryState,\n importPrivateKey,\n refreshWalletAccountShares,\n restoreUserShareForWalletAccount,\n revokeDelegation,\n setWaasWalletAccountPassword,\n signMessage,\n signRawMessage,\n signSerializedTransaction,\n unlockWallet,\n updatePassword,\n };\n};\n","import { WalletProviderEnum } from '@dynamic-labs/sdk-api-core';\n\nimport type { DynamicClient } from '../../../client/types';\nimport { getChainFromVerifiedCredentialChain } from '../../../utils/getChainFromVerifiedCredentialChain';\nimport type { Chain } from '../../chain';\nimport { DYNAMIC_WAAS_METADATA } from '../constants';\n\ntype GetAllUserWaasAddressesForChainParams = {\n chain: Chain;\n};\n\n/** @not-instrumented */\nexport const getAllUserWaasAddressesForChain = (\n { chain }: GetAllUserWaasAddressesForChainParams,\n client: DynamicClient\n): string[] => {\n if (!client.user) {\n return [];\n }\n\n const waasWalletCredentials =\n client.user.verifiedCredentials.filter(\n (credential) =>\n credential.walletProvider === WalletProviderEnum.EmbeddedWallet &&\n credential.walletName\n ?.toLowerCase()\n .startsWith(DYNAMIC_WAAS_METADATA.normalizedWalletName) &&\n credential.address &&\n credential.chain &&\n getChainFromVerifiedCredentialChain(credential.chain) === chain\n ) ?? [];\n\n const waasAddresses: string[] = waasWalletCredentials.map(\n // casting because we're already filtering out credentials without an address\n (credential) => credential.address as string\n );\n\n return waasAddresses;\n};\n","import { assertPackageVersion } from '@dynamic-labs-sdk/assert-package-version';\n\nimport {\n name as packageName,\n version as packageVersion,\n} from '../../package.json';\nassertPackageVersion(packageName, packageVersion);\n\nexport type {\n BitcoinNetwork,\n DynamicWalletClient,\n ThresholdSignatureScheme\n} from '@dynamic-labs-wallet/browser-wallet-client';\nexport { DYNAMIC_WAAS_METADATA } from '../modules/waas/constants';\nexport { createWaasClient } from '../modules/waas/createWaasClient';\nexport { createWaasProvider } from '../modules/waas/createWaasProvider';\nexport { getAllUserWaasAddressesForChain } from '../modules/waas/getAllUserWaasAddressesForChain';\nexport { getWaasChainNameFromChain } from '../modules/waas/getWaasChainNameFromChain';\nexport type {\n WaasProvider,\n WaasWalletProvider\n} from '../modules/waas/waas.types';\n\n"],"mappings":";;;;;;;;;AAcA,MAAaA,oBAAsC,EAAE,aAAa,WAAW;CAC3E,MAAM,OAAOC,kCAAQ,OAAO;CAE5B,MAAM,2BAA2B,KAAK,MAAM;CAE5C,MAAM,iCACJ,OAAO,iBAAiB,IAAI,MAAM;AAEpC,QAAO,IAAIC,+DACT;EACE,UAAWC,0CAAgB,OAAO,GAAG,WAAW;EAChD,WAAW,OAAO,SAAS;EAC3B,aAAa,KAAK,cAAcC,qDAA2B,QACzD,WACA,GACD;EACD,oBACE,OAAO,iBAAiB,IAAI,MAAM,YAClCC;EACF;EACA,eAAe,KAAK;EACpB,YAAY,GAAGC,0CAAgB,GAAG,KAAK;EACvC,GAAI,4BAA4B,SAC5B,EAAE,GACF,EAAE,0BAA0B;EAChC,GAAI,kCAAkC,SAClC,EAAE,GACF,EAAE,gCAAgC;EACvC,EACD,EAKE,sBAAsB;AACpB,EAAKC,0DACH,EAAE,QAAQ,gCAAgC,EAC1C,OACD,CAAC,OAAO,UAAU;AACjB,QAAK,OAAO,MACV,sDACA,MACD;IACD;IAEL,CACF;;;;;;ACvDH,MAAa,6BAA6B,UAAyB;AACjE,QAAOC,0CAAgB,OAAO,yBAAyB;;;;;ACazD,MAAM,sCAAsC;;AAQ5C,MAAa,sBAAsB,EACjC,WACA,YAC4C;CAC5C,MAAM,SAASC,kCAAQ,UAAU,CAAC;CAElC,IAAIC;CAIJ,MAAMC,gBAA+C,YAAY;AAC/D,MAAI,CAAC,aAAa;AAChB,iBAAc,iBACZ,EAAE,WAAW,0BAA0B,MAAM,EAAE,EAC/C,UACD;AACD,SAAM,YAAY,YAAY;;AAEhC,SAAO;;CAGT,MAAMC,+BACJ,OAAO,EAAE,wBAAwB,UAAU,oBAAoB;EAC7D,MAAM,EAAE,WAAW,oBAAoB,MAAMC,8CAC3C,UACD;AAID,UAFmB,MAAM,eAAe,EAEtB,6BAA6B;GAC7C,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACD,CAAC;;CAGN,MAAMC,sBAA2D,OAC/D,OAAO,EAAE,KACN;AACH,SAAO,MAAM,4CAA4C;GACvD,eAAe,KAAK;GACpB,0BAA0B,KAAK;GAChC,CAAC;EAEF,MAAM,EAAE,WAAW,oBAAoB,MAAMD,8CAAmB,UAAU;AAa1E,SATmB,OAFA,MAAM,eAAe,EAEJ,oBAAoB;GACtD,WAAW,UAAU,SAAS;GAC9B,eAAe,KAAK;GACpB,UAAU,KAAK;GACf;GACA,0BACE,KAAK,4BAA4BE,oEAAyB;GAC7D,CAAC;;CAKJ,MAAMC,oBAAuD,OAAO,EAClE,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAMH,8CAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,kBAAkB;GAClC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;CAGJ,MAAMI,wBAA+D,OAAO,EAC1E,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAMJ,8CAAmB,UAAU;AAI1E,SAFmB,MAAM,eAAe,EAEvB,sBAAsB;GACrC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;CAGJ,MAAMK,mBAAqD,OAAO,EAChE,kBACA,eACA,eACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAML,8CAAmB,UAAU;EAE1E,MAAM,aAAa,MAAM,eAAe;EAExC,MAAM,WAAW,MAAMM,8DACrB,EAAE,WAAWC,qCAAU,kBAAkB,EACzC,UACD;EAKD,MAAM,sBAAsBC,2DAC1B,EAAE,OAAOC,sCAAW,cAAc,EAClC,UACD;AAED,QAAM,WAAW,iBAAiB;GAChC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACA;GACA;GACD,CAAC;;CAGJ,MAAMC,mCACJ,OAAO,EAAE,oBAAoB;EAC3B,MAAM,EAAE,WAAW,oBAAoB,MAAMV,8CAC3C,UACD;AAID,SAFmB,MAAM,eAAe,EAEvB,UAAU;GACzB,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA,iBAAiBW,2DAAgB;GAClC,CAAC;;CAGN,MAAMC,mBAAqD,OAAO,EAChE,YACA,2BAA2BV,oEAAyB,iBAChD;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAMF,8CAAmB,UAAU;AAI1E,SAFqB,MAAM,eAAe,EAEvB,iBAAiB;GAClC,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACD,CAAC;;CAGJ,MAAMa,6BACJ,OAAO,EAAE,UAAU,oBAAoB;EACrC,MAAM,EAAE,WAAW,oBAAoB,MAAMb,8CAC3C,UACD;EAED,MAAM,eAAe,MAAM,eAAe;EAE1C,MAAM,WAAW,MAAMM,8DACrB,EAAE,WAAWC,qCAAU,mBAAmB,EAC1C,UACD;AAED,SAAO,aAAa,2BAA2B;GAC7C,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACD,CAAC;;CAGN,MAAMO,mBAAqD,OAAO,EAChE,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAMd,8CAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,iBAAiB;GACjC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;CAGJ,MAAMe,+BACJ,OAAO,EAAE,UAAU,oBAAoB;EACrC,MAAM,EAAE,WAAW,oBAAoB,MAAMf,8CAC3C,UACD;AAID,UAFmB,MAAM,eAAe,EAEtB,YAAY;GAC5B,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B,aAAa;GACb;GACD,CAAC;;CAGN,MAAMgB,iBAAiD,OAAO,EAC5D,SACA,UACA,oBACI;AACJ,MAAI,QAAQ,WAAW,oCACrB,OAAM,IAAIC,4CACR,mBAAmB,oCAAoC,kBACxD;EAGH,MAAM,EAAE,WAAW,oBAAoB,MAAMjB,8CAAmB,UAAU;EAE1E,MAAM,WAAW,MAAMM,8DACrB,EAAE,WAAWC,qCAAU,gBAAgB,EACvC,UACD;EAED,MAAM,sBAAsBC,2DAC1B,EAAE,OAAOC,sCAAW,YAAY,EAChC,UACD;AAcD,SAAO,EAAE,WAVS,OAFG,MAAM,eAAe,EAEL,eAAe;GAClD,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACA;GACA;GACD,CAAC,EAEkB;;CAGtB,MAAMS,UAAmC,OAAO,SAAS;AACvD,MAAI,CAAC,YACH;EAGF,MAAM,aAAa,MAAM,eAAe;AAWxC,MAAI,MAAM,WAAW,gBACnB,OAAM,WAAW,SAAS;AAE5B,gBAAc;;CAGhB,MAAMC,iBAAiD,OAAO,EAC5D,eACA,iBACA,kBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAMnB,8CAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,eAAe;GAC/B,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B,kBAAkB;GAClB;GACA;GACD,CAAC;;CAGJ,MAAMoB,cAA2C,OAAO,EACtD,SACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAMpB,8CAAmB,UAAU;EAE1E,MAAM,WAAW,MAAMM,8DACrB,EAAE,WAAWC,qCAAU,gBAAgB,EACvC,UACD;EAED,MAAM,sBAAsBC,2DAC1B,EAAE,OAAOC,sCAAW,YAAY,EAChC,UACD;AAaD,SAAO,EAAE,WATS,OAFC,MAAM,eAAe,EAEL,YAAY;GAC7C,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACA;GACD,CAAC,EAEkB;;CAGtB,MAAMY,4BACJ,OAAO,EAAE,SAAS,uBAAuB,oBAAoB;EAC3D,MAAM,EAAE,WAAW,oBAAoB,MAAMrB,8CAC3C,UACD;EAED,MAAM,WAAW,MAAMM,8DACrB,EAAE,WAAWC,qCAAU,gBAAgB,EACvC,UACD;EAED,MAAM,sBAAsBC,2DAC1B,EAAE,OAAOC,sCAAW,YAAY,EAChC,UACD;AAcD,SAAO,EAAE,WAVS,OAFC,MAAM,eAAe,EAEL,gBAAgB;GACjD,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACA,eAAe,cAAc;GAC7B;GACA,aAAa;GACd,CAAC,EAEkB;;CAGxB,MAAMa,yBACJ,OAAO,EAAE,oBAAoB;EAC3B,MAAM,EAAE,WAAW,oBAAoB,MAAMtB,8CAC3C,UACD;AAID,UAFmB,MAAM,eAAe,EAEtB,uBAAuB;GACvC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACD,CAAC;;CAGN,MAAMuB,eAA6C,OAAO,EACxD,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAMvB,8CAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,aAAa;GAC7B,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;AAGJ,QAAO;EACL;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACD;;;;;;ACjaH,MAAa,mCACX,EAAE,SACF,WACa;AACb,KAAI,CAAC,OAAO,KACV,QAAO,EAAE;AAoBX,SAhBE,OAAO,KAAK,oBAAoB,QAC7B,eACC,WAAW,mBAAmBwB,8CAAmB,kBACjD,WAAW,YACP,aAAa,CACd,WAAWC,gDAAsB,qBAAqB,IACzD,WAAW,WACX,WAAW,SACXC,8DAAoC,WAAW,MAAM,KAAK,MAC7D,IAAI,EAAE,EAE6C,KAEnD,eAAe,WAAW,QAC5B;;;;;mEC7BkBC,gCAAaC,kCAAe"}
1
+ {"version":3,"file":"waasCore.cjs","names":["createWaasClient: CreateWaasClient","getCore","DynamicWalletClient","isCookieEnabled","DEFAULT_WAAS_BASE_API_URL","DEFAULT_WAAS_BASE_MPC_RELAY_API_URL","CLIENT_SDK_NAME","logoutWithReason","CHAINS_INFO_MAP","getCore","_waasClient: DynamicWalletClient | undefined","getWaasClient: WaasProvider['getWaasClient']","backupKeySharesToGoogleDrive: WaasProvider['backupKeySharesToGoogleDrive']","getSignedSessionId","createWalletAccount: WaasProvider['createWalletAccount']","ThresholdSignatureScheme","delegateKeyShares: WaasProvider['delegateKeyShares']","exportClientKeyshares: WaasProvider['exportClientKeyshares']","exportPrivateKey: WaasProvider['exportPrivateKey']","consumeMfaTokenIfRequiredForAction","MFAAction","getElevatedAccessToken","TokenScope","restoreUserShareForWalletAccount: WaasProvider['restoreUserShareForWalletAccount']","WalletOperation","importPrivateKey: WaasProvider['importPrivateKey']","refreshWalletAccountShares: WaasProvider['refreshWalletAccountShares']","revokeDelegation: WaasProvider['revokeDelegation']","setWaasWalletAccountPassword: WaasProvider['setWaasWalletAccountPassword']","signRawMessage: WaasProvider['signRawMessage']","InvalidParamError","destroy: WaasProvider['destroy']","updatePassword: WaasProvider['updatePassword']","signMessage: WaasProvider['signMessage']","signSerializedTransaction: WaasProvider['signSerializedTransaction']","getWalletRecoveryState: WaasProvider['getWalletRecoveryState']","unlockWallet: WaasProvider['unlockWallet']","getWaasWalletProviderFromWalletAccount","WalletProviderEnum","DYNAMIC_WAAS_METADATA","getChainFromVerifiedCredentialChain","packageName","packageVersion"],"sources":["../src/modules/waas/createWaasClient/createWaasClient.ts","../src/modules/waas/getWaasChainNameFromChain/getWaasChainNameFromChain.ts","../src/modules/waas/createWaasProvider/createWaasProvider.ts","../src/modules/waas/exportWaasPrivateKeyToContainer/exportWaasPrivateKeyToContainer.ts","../src/modules/waas/getAllUserWaasAddressesForChain/getAllUserWaasAddressesForChain.ts","../src/exports/waasCore.ts"],"sourcesContent":["import type { AuthMode } from '@dynamic-labs-wallet/browser-wallet-client';\nimport { DynamicWalletClient } from '@dynamic-labs-wallet/browser-wallet-client';\n\nimport { getCore } from '../../../client/core/getCore';\nimport { CLIENT_SDK_NAME } from '../../apiClient/constants';\nimport { logoutWithReason } from '../../auth/logoutWithReason';\nimport { isCookieEnabled } from '../../projectSettings/isCookieEnabled';\nimport type { CreateWaasClient } from './createWaasClient.types';\nimport {\n DEFAULT_WAAS_BASE_API_URL,\n DEFAULT_WAAS_BASE_MPC_RELAY_API_URL,\n} from '../constants';\n\n/** @not-instrumented */\nexport const createWaasClient: CreateWaasClient = ({ chainName }, client) => {\n const core = getCore(client);\n\n const additionalTrustedOrigins = core.waas?.additionalTrustedOrigins;\n\n const baseClientKeysharesRelayApiUrl =\n client.projectSettings?.sdk.waas?.customKeyshareRelayBaseUrl;\n\n return new DynamicWalletClient(\n {\n authMode: (isCookieEnabled(client) ? 'cookie' : 'header') as AuthMode,\n authToken: client.token || '',\n baseApiUrl: (core.apiBaseUrl || DEFAULT_WAAS_BASE_API_URL).replace(\n '/api/v0',\n ''\n ),\n baseMPCRelayApiUrl:\n client.projectSettings?.sdk.waas?.relayUrl ||\n DEFAULT_WAAS_BASE_MPC_RELAY_API_URL,\n chainName,\n environmentId: core.environmentId,\n sdkVersion: `${CLIENT_SDK_NAME}/${core.version}`,\n ...(additionalTrustedOrigins == undefined\n ? {}\n : { additionalTrustedOrigins }),\n ...(baseClientKeysharesRelayApiUrl == undefined\n ? {}\n : { baseClientKeysharesRelayApiUrl }),\n },\n {\n // When the WaaS iframe's own backend call returns 401 (e.g. a forcibly\n // revoked token), the iframe notifies the host via the reverse channel\n // and this fires — log the user out. Mirrors the session-expiry\n // middleware that covers the SDK's own direct API 401s.\n onUnauthorized: () => {\n void logoutWithReason(\n { reason: 'session-refresh-unauthorized' },\n client\n ).catch((error) => {\n core.logger.error(\n 'Failed to log out after WaaS unauthorized response',\n error\n );\n });\n },\n }\n );\n};\n","import type { Chain } from '../../chain';\nimport { CHAINS_INFO_MAP } from '../../wallets/constants';\n\n/** @not-instrumented */\n// eslint-disable-next-line custom-rules/require-single-object-param\nexport const getWaasChainNameFromChain = (chain: Chain): string => {\n return CHAINS_INFO_MAP[chain].waasChainNameOverride || chain;\n};\n","import {\n type BitcoinConfig,\n type DynamicWalletClient,\n ThresholdSignatureScheme,\n WalletOperation,\n} from '@dynamic-labs-wallet/browser-wallet-client';\nimport { MFAAction, TokenScope } from '@dynamic-labs/sdk-api-core';\n\nimport { getCore } from '../../../client/core/getCore';\nimport type { DynamicClient } from '../../../client/types/DynamicClient';\nimport { InvalidParamError } from '../../../errors/InvalidParamError';\nimport { getElevatedAccessToken } from '../../auth/getElevatedAccessToken';\nimport type { Chain } from '../../chain';\nimport { consumeMfaTokenIfRequiredForAction } from '../../mfa/consumeMfaTokenIfRequiredForAction';\nimport { getSignedSessionId } from '../../sessionKeys/getSignedSessionId';\nimport { createWaasClient } from '../createWaasClient';\nimport { getWaasChainNameFromChain } from '../getWaasChainNameFromChain';\nimport type { WaasProvider } from '../waas.types';\n\nconst RAW_MESSAGE_MESSAGE_REQUIRED_LENGTH = 64;\n\ntype CreateWaasProviderParams = {\n chain: Chain;\n sdkClient: DynamicClient;\n};\n\n/** @not-instrumented */\nexport const createWaasProvider = ({\n sdkClient,\n chain,\n}: CreateWaasProviderParams): WaasProvider => {\n const logger = getCore(sdkClient).logger;\n\n let _waasClient: DynamicWalletClient | undefined;\n\n // because the waas client needs the authToken to be set, we can only create it\n // the first time it's needed, which is after the user has logged in\n const getWaasClient: WaasProvider['getWaasClient'] = async () => {\n if (!_waasClient) {\n _waasClient = createWaasClient(\n { chainName: getWaasChainNameFromChain(chain) },\n sdkClient\n );\n await _waasClient.initialize();\n }\n return _waasClient;\n };\n\n const backupKeySharesToGoogleDrive: WaasProvider['backupKeySharesToGoogleDrive'] =\n async ({ googleDriveAccessToken, password, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n return waasClient.backupKeySharesToGoogleDrive({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n googleDriveAccessToken,\n password,\n signedSessionId,\n });\n };\n\n const createWalletAccount: WaasProvider['createWalletAccount'] = async (\n args = {}\n ) => {\n logger.debug('[createWaasProvider] createWalletAccount', {\n bitcoinConfig: args.bitcoinConfig,\n thresholdSignatureScheme: args.thresholdSignatureScheme,\n });\n\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n const waasWallet = await waasClient.createWalletAccount({\n authToken: sdkClient.token ?? undefined,\n bitcoinConfig: args.bitcoinConfig as BitcoinConfig | undefined,\n password: args.password,\n signedSessionId,\n thresholdSignatureScheme:\n args.thresholdSignatureScheme ?? ThresholdSignatureScheme.TWO_OF_TWO,\n });\n\n return waasWallet;\n };\n\n const delegateKeyShares: WaasProvider['delegateKeyShares'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.delegateKeyShares({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n const exportClientKeyshares: WaasProvider['exportClientKeyshares'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n await waasClient.exportClientKeyshares({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n const exportPrivateKey: WaasProvider['exportPrivateKey'] = async ({\n container,\n displayContainer,\n walletAccount,\n password,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasExport },\n sdkClient\n );\n\n // Forward any elevated access token previously obtained via step-up\n // (e.g. requestExternalAuthElevatedToken) so the backend authorizes\n // the export under the wallet:export scope.\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletexport },\n sdkClient\n );\n\n await waasClient.exportPrivateKey({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n // Exactly one display surface is forwarded: `container` (a\n // WaasSDKContainer, e.g. a React Native visible WebView) or\n // `displayContainer` (a DOM element, web). The upstream client enforces\n // the \"exactly one\" invariant and renders the key inside the surface's\n // own sandboxed document — it never crosses back to the host.\n container,\n displayContainer,\n elevatedAccessToken,\n mfaToken,\n password,\n signedSessionId,\n });\n };\n\n const restoreUserShareForWalletAccount: WaasProvider['restoreUserShareForWalletAccount'] =\n async ({ walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n await waasClient.getWallet({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n signedSessionId,\n walletOperation: WalletOperation.SIGN_MESSAGE,\n });\n };\n\n const importPrivateKey: WaasProvider['importPrivateKey'] = async ({\n privateKey,\n thresholdSignatureScheme = ThresholdSignatureScheme.TWO_OF_TWO,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const walletClient = await getWaasClient();\n\n await walletClient.importPrivateKey({\n authToken: sdkClient.token ?? undefined,\n privateKey,\n signedSessionId,\n thresholdSignatureScheme,\n });\n };\n\n const refreshWalletAccountShares: WaasProvider['refreshWalletAccountShares'] =\n async ({ password, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const walletClient = await getWaasClient();\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasRefresh },\n sdkClient\n );\n\n return walletClient.refreshWalletAccountShares({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n mfaToken,\n password,\n signedSessionId,\n });\n };\n\n const revokeDelegation: WaasProvider['revokeDelegation'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.revokeDelegation({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n const setWaasWalletAccountPassword: WaasProvider['setWaasWalletAccountPassword'] =\n async ({ password, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n return waasClient.setPassword({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n newPassword: password,\n signedSessionId,\n });\n };\n\n const signRawMessage: WaasProvider['signRawMessage'] = async ({\n message,\n password,\n walletAccount,\n }) => {\n if (message.length !== RAW_MESSAGE_MESSAGE_REQUIRED_LENGTH) {\n throw new InvalidParamError(\n `Message must be ${RAW_MESSAGE_MESSAGE_REQUIRED_LENGTH} characters long`\n );\n }\n\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasSign },\n sdkClient\n );\n\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletsign },\n sdkClient\n );\n\n const walletClient = await getWaasClient();\n\n const signature = await walletClient.signRawMessage({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n elevatedAccessToken,\n message,\n mfaToken,\n password,\n signedSessionId,\n });\n\n return { signature };\n };\n\n const destroy: WaasProvider['destroy'] = async (args) => {\n if (!_waasClient) {\n return;\n }\n\n const waasClient = await getWaasClient();\n // When a session token expires, we preserve key shares in storage instead\n // of clearing them. Customers with short-lived sessions (minutes) were\n // hitting excessive server-side share recovery on every re-login, which\n // also forced users to re-enter their wallet password since the unlocked\n // share only lives for the duration of the session.\n //\n // This is safe because the waas-sdk separately fingerprints the user\n // (sub + environment_id) and clears all storage if a different user logs\n // in. On explicit user-initiated logout, shares are always cleared for\n // security.\n if (args?.reason !== 'token-expired') {\n await waasClient.cleanup();\n }\n _waasClient = undefined;\n };\n\n const updatePassword: WaasProvider['updatePassword'] = async ({\n walletAccount,\n currentPassword,\n newPassword,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.updatePassword({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n existingPassword: currentPassword,\n newPassword,\n signedSessionId,\n });\n };\n\n const signMessage: WaasProvider['signMessage'] = async ({\n message,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasSign },\n sdkClient\n );\n\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletsign },\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n const signature = await waasClient.signMessage({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n elevatedAccessToken,\n message,\n mfaToken,\n signedSessionId,\n });\n\n return { signature };\n };\n\n const signSerializedTransaction: WaasProvider['signSerializedTransaction'] =\n async ({ chainId, serializedTransaction, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasSign },\n sdkClient\n );\n\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletsign },\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n const signature = await waasClient.signTransaction({\n authToken: sdkClient.token ?? undefined,\n chainId,\n elevatedAccessToken,\n mfaToken,\n senderAddress: walletAccount.address,\n signedSessionId,\n transaction: serializedTransaction,\n });\n\n return { signature };\n };\n\n const getWalletRecoveryState: WaasProvider['getWalletRecoveryState'] =\n async ({ walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n return waasClient.getWalletRecoveryState({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n signedSessionId,\n });\n };\n\n const unlockWallet: WaasProvider['unlockWallet'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.unlockWallet({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n return {\n backupKeySharesToGoogleDrive,\n createWalletAccount,\n delegateKeyShares,\n destroy,\n exportClientKeyshares,\n exportPrivateKey,\n getWaasClient,\n getWalletRecoveryState,\n importPrivateKey,\n refreshWalletAccountShares,\n restoreUserShareForWalletAccount,\n revokeDelegation,\n setWaasWalletAccountPassword,\n signMessage,\n signRawMessage,\n signSerializedTransaction,\n unlockWallet,\n updatePassword,\n };\n};\n","import type { WaasSDKContainer } from '@dynamic-labs-wallet/core';\n\nimport type { DynamicClient } from '../../../client/types/DynamicClient';\nimport type { WalletAccount } from '../../wallets/walletAccount';\nimport { getWaasWalletProviderFromWalletAccount } from '../getWaasWalletProviderFromWalletAccount';\n\ntype ExportWaasPrivateKeyToContainerParams = {\n container: WaasSDKContainer;\n password?: string;\n walletAccount: WalletAccount;\n};\n\n/**\n * Exports the private key for a WaaS wallet account into a caller-provided\n * {@link WaasSDKContainer} (e.g. a visible React Native WebView) instead of a\n * DOM element.\n *\n * This is the container-based counterpart to `exportWaasPrivateKey` (which\n * injects an iframe into a DOM `displayContainer` on web). The export ceremony\n * runs — and the private key is rendered — entirely inside the container's own\n * sandboxed document; the key is never exposed to the host JS layer. The caller\n * owns the container's lifecycle and must call `container.destroy()` when the\n * display is dismissed.\n *\n * @param params.walletAccount - The WaaS wallet account to export the private key from.\n * @param params.container - The container that hosts the secure key display.\n * @param [params.password] - Optional password to decrypt the private key.\n * @param client - The Dynamic client instance. This is an internal API (exposed\n * only via `@dynamic-labs-sdk/client/waas/core`), so the client is passed\n * explicitly rather than defaulted — callers resolve it (e.g. via\n * `getDefaultClient()`) and thread it in.\n * @returns A promise that resolves when the private key export is complete.\n * @not-instrumented\n */\nexport const exportWaasPrivateKeyToContainer = async (\n { container, password, walletAccount }: ExportWaasPrivateKeyToContainerParams,\n client: DynamicClient\n) => {\n const provider = getWaasWalletProviderFromWalletAccount(\n { walletAccount },\n client\n );\n\n return provider.exportPrivateKey({\n container,\n password,\n walletAccount,\n });\n};\n","import { WalletProviderEnum } from '@dynamic-labs/sdk-api-core';\n\nimport type { DynamicClient } from '../../../client/types';\nimport { getChainFromVerifiedCredentialChain } from '../../../utils/getChainFromVerifiedCredentialChain';\nimport type { Chain } from '../../chain';\nimport { DYNAMIC_WAAS_METADATA } from '../constants';\n\ntype GetAllUserWaasAddressesForChainParams = {\n chain: Chain;\n};\n\n/** @not-instrumented */\nexport const getAllUserWaasAddressesForChain = (\n { chain }: GetAllUserWaasAddressesForChainParams,\n client: DynamicClient\n): string[] => {\n if (!client.user) {\n return [];\n }\n\n const waasWalletCredentials =\n client.user.verifiedCredentials.filter(\n (credential) =>\n credential.walletProvider === WalletProviderEnum.EmbeddedWallet &&\n credential.walletName\n ?.toLowerCase()\n .startsWith(DYNAMIC_WAAS_METADATA.normalizedWalletName) &&\n credential.address &&\n credential.chain &&\n getChainFromVerifiedCredentialChain(credential.chain) === chain\n ) ?? [];\n\n const waasAddresses: string[] = waasWalletCredentials.map(\n // casting because we're already filtering out credentials without an address\n (credential) => credential.address as string\n );\n\n return waasAddresses;\n};\n","import { assertPackageVersion } from '@dynamic-labs-sdk/assert-package-version';\n\nimport {\n name as packageName,\n version as packageVersion,\n} from '../../package.json';\nassertPackageVersion(packageName, packageVersion);\n\nexport type {\n BitcoinNetwork,\n DynamicWalletClient,\n ThresholdSignatureScheme\n} from '@dynamic-labs-wallet/browser-wallet-client';\nexport type { WaasSDKContainer } from '@dynamic-labs-wallet/core';\nexport { DYNAMIC_WAAS_METADATA } from '../modules/waas/constants';\nexport { createWaasClient } from '../modules/waas/createWaasClient';\nexport { createWaasProvider } from '../modules/waas/createWaasProvider';\nexport { exportWaasPrivateKeyToContainer } from '../modules/waas/exportWaasPrivateKeyToContainer';\nexport { getAllUserWaasAddressesForChain } from '../modules/waas/getAllUserWaasAddressesForChain';\nexport { getWaasChainNameFromChain } from '../modules/waas/getWaasChainNameFromChain';\nexport type {\n WaasProvider,\n WaasWalletProvider\n} from '../modules/waas/waas.types';\n\n"],"mappings":";;;;;;;;;;AAcA,MAAaA,oBAAsC,EAAE,aAAa,WAAW;CAC3E,MAAM,OAAOC,kCAAQ,OAAO;CAE5B,MAAM,2BAA2B,KAAK,MAAM;CAE5C,MAAM,iCACJ,OAAO,iBAAiB,IAAI,MAAM;AAEpC,QAAO,IAAIC,+DACT;EACE,UAAWC,0CAAgB,OAAO,GAAG,WAAW;EAChD,WAAW,OAAO,SAAS;EAC3B,aAAa,KAAK,cAAcC,qDAA2B,QACzD,WACA,GACD;EACD,oBACE,OAAO,iBAAiB,IAAI,MAAM,YAClCC;EACF;EACA,eAAe,KAAK;EACpB,YAAY,GAAGC,0CAAgB,GAAG,KAAK;EACvC,GAAI,4BAA4B,SAC5B,EAAE,GACF,EAAE,0BAA0B;EAChC,GAAI,kCAAkC,SAClC,EAAE,GACF,EAAE,gCAAgC;EACvC,EACD,EAKE,sBAAsB;AACpB,EAAKC,0DACH,EAAE,QAAQ,gCAAgC,EAC1C,OACD,CAAC,OAAO,UAAU;AACjB,QAAK,OAAO,MACV,sDACA,MACD;IACD;IAEL,CACF;;;;;;ACvDH,MAAa,6BAA6B,UAAyB;AACjE,QAAOC,0CAAgB,OAAO,yBAAyB;;;;;ACazD,MAAM,sCAAsC;;AAQ5C,MAAa,sBAAsB,EACjC,WACA,YAC4C;CAC5C,MAAM,SAASC,kCAAQ,UAAU,CAAC;CAElC,IAAIC;CAIJ,MAAMC,gBAA+C,YAAY;AAC/D,MAAI,CAAC,aAAa;AAChB,iBAAc,iBACZ,EAAE,WAAW,0BAA0B,MAAM,EAAE,EAC/C,UACD;AACD,SAAM,YAAY,YAAY;;AAEhC,SAAO;;CAGT,MAAMC,+BACJ,OAAO,EAAE,wBAAwB,UAAU,oBAAoB;EAC7D,MAAM,EAAE,WAAW,oBAAoB,MAAMC,8CAC3C,UACD;AAID,UAFmB,MAAM,eAAe,EAEtB,6BAA6B;GAC7C,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACD,CAAC;;CAGN,MAAMC,sBAA2D,OAC/D,OAAO,EAAE,KACN;AACH,SAAO,MAAM,4CAA4C;GACvD,eAAe,KAAK;GACpB,0BAA0B,KAAK;GAChC,CAAC;EAEF,MAAM,EAAE,WAAW,oBAAoB,MAAMD,8CAAmB,UAAU;AAa1E,SATmB,OAFA,MAAM,eAAe,EAEJ,oBAAoB;GACtD,WAAW,UAAU,SAAS;GAC9B,eAAe,KAAK;GACpB,UAAU,KAAK;GACf;GACA,0BACE,KAAK,4BAA4BE,oEAAyB;GAC7D,CAAC;;CAKJ,MAAMC,oBAAuD,OAAO,EAClE,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAMH,8CAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,kBAAkB;GAClC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;CAGJ,MAAMI,wBAA+D,OAAO,EAC1E,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAMJ,8CAAmB,UAAU;AAI1E,SAFmB,MAAM,eAAe,EAEvB,sBAAsB;GACrC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;CAGJ,MAAMK,mBAAqD,OAAO,EAChE,WACA,kBACA,eACA,eACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAML,8CAAmB,UAAU;EAE1E,MAAM,aAAa,MAAM,eAAe;EAExC,MAAM,WAAW,MAAMM,8DACrB,EAAE,WAAWC,qCAAU,kBAAkB,EACzC,UACD;EAKD,MAAM,sBAAsBC,2DAC1B,EAAE,OAAOC,sCAAW,cAAc,EAClC,UACD;AAED,QAAM,WAAW,iBAAiB;GAChC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAM9B;GACA;GACA;GACA;GACA;GACA;GACD,CAAC;;CAGJ,MAAMC,mCACJ,OAAO,EAAE,oBAAoB;EAC3B,MAAM,EAAE,WAAW,oBAAoB,MAAMV,8CAC3C,UACD;AAID,SAFmB,MAAM,eAAe,EAEvB,UAAU;GACzB,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA,iBAAiBW,2DAAgB;GAClC,CAAC;;CAGN,MAAMC,mBAAqD,OAAO,EAChE,YACA,2BAA2BV,oEAAyB,iBAChD;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAMF,8CAAmB,UAAU;AAI1E,SAFqB,MAAM,eAAe,EAEvB,iBAAiB;GAClC,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACD,CAAC;;CAGJ,MAAMa,6BACJ,OAAO,EAAE,UAAU,oBAAoB;EACrC,MAAM,EAAE,WAAW,oBAAoB,MAAMb,8CAC3C,UACD;EAED,MAAM,eAAe,MAAM,eAAe;EAE1C,MAAM,WAAW,MAAMM,8DACrB,EAAE,WAAWC,qCAAU,mBAAmB,EAC1C,UACD;AAED,SAAO,aAAa,2BAA2B;GAC7C,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACD,CAAC;;CAGN,MAAMO,mBAAqD,OAAO,EAChE,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAMd,8CAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,iBAAiB;GACjC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;CAGJ,MAAMe,+BACJ,OAAO,EAAE,UAAU,oBAAoB;EACrC,MAAM,EAAE,WAAW,oBAAoB,MAAMf,8CAC3C,UACD;AAID,UAFmB,MAAM,eAAe,EAEtB,YAAY;GAC5B,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B,aAAa;GACb;GACD,CAAC;;CAGN,MAAMgB,iBAAiD,OAAO,EAC5D,SACA,UACA,oBACI;AACJ,MAAI,QAAQ,WAAW,oCACrB,OAAM,IAAIC,4CACR,mBAAmB,oCAAoC,kBACxD;EAGH,MAAM,EAAE,WAAW,oBAAoB,MAAMjB,8CAAmB,UAAU;EAE1E,MAAM,WAAW,MAAMM,8DACrB,EAAE,WAAWC,qCAAU,gBAAgB,EACvC,UACD;EAED,MAAM,sBAAsBC,2DAC1B,EAAE,OAAOC,sCAAW,YAAY,EAChC,UACD;AAcD,SAAO,EAAE,WAVS,OAFG,MAAM,eAAe,EAEL,eAAe;GAClD,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACA;GACA;GACD,CAAC,EAEkB;;CAGtB,MAAMS,UAAmC,OAAO,SAAS;AACvD,MAAI,CAAC,YACH;EAGF,MAAM,aAAa,MAAM,eAAe;AAWxC,MAAI,MAAM,WAAW,gBACnB,OAAM,WAAW,SAAS;AAE5B,gBAAc;;CAGhB,MAAMC,iBAAiD,OAAO,EAC5D,eACA,iBACA,kBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAMnB,8CAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,eAAe;GAC/B,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B,kBAAkB;GAClB;GACA;GACD,CAAC;;CAGJ,MAAMoB,cAA2C,OAAO,EACtD,SACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAMpB,8CAAmB,UAAU;EAE1E,MAAM,WAAW,MAAMM,8DACrB,EAAE,WAAWC,qCAAU,gBAAgB,EACvC,UACD;EAED,MAAM,sBAAsBC,2DAC1B,EAAE,OAAOC,sCAAW,YAAY,EAChC,UACD;AAaD,SAAO,EAAE,WATS,OAFC,MAAM,eAAe,EAEL,YAAY;GAC7C,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACA;GACD,CAAC,EAEkB;;CAGtB,MAAMY,4BACJ,OAAO,EAAE,SAAS,uBAAuB,oBAAoB;EAC3D,MAAM,EAAE,WAAW,oBAAoB,MAAMrB,8CAC3C,UACD;EAED,MAAM,WAAW,MAAMM,8DACrB,EAAE,WAAWC,qCAAU,gBAAgB,EACvC,UACD;EAED,MAAM,sBAAsBC,2DAC1B,EAAE,OAAOC,sCAAW,YAAY,EAChC,UACD;AAcD,SAAO,EAAE,WAVS,OAFC,MAAM,eAAe,EAEL,gBAAgB;GACjD,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACA,eAAe,cAAc;GAC7B;GACA,aAAa;GACd,CAAC,EAEkB;;CAGxB,MAAMa,yBACJ,OAAO,EAAE,oBAAoB;EAC3B,MAAM,EAAE,WAAW,oBAAoB,MAAMtB,8CAC3C,UACD;AAID,UAFmB,MAAM,eAAe,EAEtB,uBAAuB;GACvC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACD,CAAC;;CAGN,MAAMuB,eAA6C,OAAO,EACxD,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAMvB,8CAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,aAAa;GAC7B,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;AAGJ,QAAO;EACL;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACD;;;;;;;;;;;;;;;;;;;;;;;;;;;AClZH,MAAa,kCAAkC,OAC7C,EAAE,WAAW,UAAU,iBACvB,WACG;AAMH,QALiBwB,sFACf,EAAE,eAAe,EACjB,OACD,CAEe,iBAAiB;EAC/B;EACA;EACA;EACD,CAAC;;;;;;ACnCJ,MAAa,mCACX,EAAE,SACF,WACa;AACb,KAAI,CAAC,OAAO,KACV,QAAO,EAAE;AAoBX,SAhBE,OAAO,KAAK,oBAAoB,QAC7B,eACC,WAAW,mBAAmBC,8CAAmB,kBACjD,WAAW,YACP,aAAa,CACd,WAAWC,gDAAsB,qBAAqB,IACzD,WAAW,WACX,WAAW,SACXC,8DAAoC,WAAW,MAAM,KAAK,MAC7D,IAAI,EAAE,EAE6C,KAEnD,eAAe,WAAW,QAC5B;;;;;mEC7BkBC,gCAAaC,kCAAe"}
@@ -1,6 +1,7 @@
1
- import { G as __getElevatedAccessToken_wrapped, H as isCookieEnabled, Q as CLIENT_SDK_NAME, _ as getChainFromVerifiedCredentialChain, at as getCore, i as DYNAMIC_WAAS_METADATA, n as DEFAULT_WAAS_BASE_API_URL, ot as name, r as DEFAULT_WAAS_BASE_MPC_RELAY_API_URL, st as version, t as InvalidParamError, v as CHAINS_INFO_MAP } from "./InvalidParamError-c1J0Vmze.esm.js";
2
- import { i as __logoutWithReason_wrapped } from "./isMfaRequiredForAction-DCwLx4Ik.esm.js";
3
- import { n as consumeMfaTokenIfRequiredForAction, t as getSignedSessionId } from "./getSignedSessionId-C1uLkDjy.esm.js";
1
+ import { K as __getElevatedAccessToken_wrapped, U as isCookieEnabled, a as DYNAMIC_WAAS_METADATA, ct as getCore, i as DEFAULT_WAAS_BASE_MPC_RELAY_API_URL, lt as name, r as DEFAULT_WAAS_BASE_API_URL, t as InvalidParamError, tt as CLIENT_SDK_NAME, ut as version, v as getChainFromVerifiedCredentialChain, y as CHAINS_INFO_MAP } from "./InvalidParamError-DIPFT3sS.esm.js";
2
+ import { i as __logoutWithReason_wrapped } from "./isMfaRequiredForAction-BrmFODJQ.esm.js";
3
+ import { n as consumeMfaTokenIfRequiredForAction, t as getSignedSessionId } from "./getSignedSessionId-Dy04984p.esm.js";
4
+ import { t as getWaasWalletProviderFromWalletAccount } from "./getWaasWalletProviderFromWalletAccount-AhhyxkKQ.esm.js";
4
5
  import { assertPackageVersion } from "@dynamic-labs-sdk/assert-package-version";
5
6
  import { MFAAction, TokenScope, WalletProviderEnum } from "@dynamic-labs/sdk-api-core";
6
7
  import { DynamicWalletClient, ThresholdSignatureScheme, WalletOperation } from "@dynamic-labs-wallet/browser-wallet-client";
@@ -91,7 +92,7 @@ const createWaasProvider = ({ sdkClient, chain }) => {
91
92
  signedSessionId
92
93
  });
93
94
  };
94
- const exportPrivateKey = async ({ displayContainer, walletAccount, password }) => {
95
+ const exportPrivateKey = async ({ container, displayContainer, walletAccount, password }) => {
95
96
  const { signature: signedSessionId } = await getSignedSessionId(sdkClient);
96
97
  const waasClient = await getWaasClient();
97
98
  const mfaToken = await consumeMfaTokenIfRequiredForAction({ mfaAction: MFAAction.WalletWaasExport }, sdkClient);
@@ -99,6 +100,7 @@ const createWaasProvider = ({ sdkClient, chain }) => {
99
100
  await waasClient.exportPrivateKey({
100
101
  accountAddress: walletAccount.address,
101
102
  authToken: sdkClient.token ?? void 0,
103
+ container,
102
104
  displayContainer,
103
105
  elevatedAccessToken,
104
106
  mfaToken,
@@ -251,6 +253,38 @@ const createWaasProvider = ({ sdkClient, chain }) => {
251
253
  };
252
254
  };
253
255
 
256
+ //#endregion
257
+ //#region src/modules/waas/exportWaasPrivateKeyToContainer/exportWaasPrivateKeyToContainer.ts
258
+ /**
259
+ * Exports the private key for a WaaS wallet account into a caller-provided
260
+ * {@link WaasSDKContainer} (e.g. a visible React Native WebView) instead of a
261
+ * DOM element.
262
+ *
263
+ * This is the container-based counterpart to `exportWaasPrivateKey` (which
264
+ * injects an iframe into a DOM `displayContainer` on web). The export ceremony
265
+ * runs — and the private key is rendered — entirely inside the container's own
266
+ * sandboxed document; the key is never exposed to the host JS layer. The caller
267
+ * owns the container's lifecycle and must call `container.destroy()` when the
268
+ * display is dismissed.
269
+ *
270
+ * @param params.walletAccount - The WaaS wallet account to export the private key from.
271
+ * @param params.container - The container that hosts the secure key display.
272
+ * @param [params.password] - Optional password to decrypt the private key.
273
+ * @param client - The Dynamic client instance. This is an internal API (exposed
274
+ * only via `@dynamic-labs-sdk/client/waas/core`), so the client is passed
275
+ * explicitly rather than defaulted — callers resolve it (e.g. via
276
+ * `getDefaultClient()`) and thread it in.
277
+ * @returns A promise that resolves when the private key export is complete.
278
+ * @not-instrumented
279
+ */
280
+ const exportWaasPrivateKeyToContainer = async ({ container, password, walletAccount }, client) => {
281
+ return getWaasWalletProviderFromWalletAccount({ walletAccount }, client).exportPrivateKey({
282
+ container,
283
+ password,
284
+ walletAccount
285
+ });
286
+ };
287
+
254
288
  //#endregion
255
289
  //#region src/modules/waas/getAllUserWaasAddressesForChain/getAllUserWaasAddressesForChain.ts
256
290
  /** @not-instrumented */
@@ -264,5 +298,5 @@ const getAllUserWaasAddressesForChain = ({ chain }, client) => {
264
298
  assertPackageVersion(name, version);
265
299
 
266
300
  //#endregion
267
- export { DYNAMIC_WAAS_METADATA, createWaasClient, createWaasProvider, getAllUserWaasAddressesForChain, getWaasChainNameFromChain };
301
+ export { DYNAMIC_WAAS_METADATA, createWaasClient, createWaasProvider, exportWaasPrivateKeyToContainer, getAllUserWaasAddressesForChain, getWaasChainNameFromChain };
268
302
  //# sourceMappingURL=waasCore.esm.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"waasCore.esm.js","names":["createWaasClient: CreateWaasClient","logoutWithReason","_waasClient: DynamicWalletClient | undefined","getWaasClient: WaasProvider['getWaasClient']","backupKeySharesToGoogleDrive: WaasProvider['backupKeySharesToGoogleDrive']","createWalletAccount: WaasProvider['createWalletAccount']","delegateKeyShares: WaasProvider['delegateKeyShares']","exportClientKeyshares: WaasProvider['exportClientKeyshares']","exportPrivateKey: WaasProvider['exportPrivateKey']","getElevatedAccessToken","restoreUserShareForWalletAccount: WaasProvider['restoreUserShareForWalletAccount']","importPrivateKey: WaasProvider['importPrivateKey']","refreshWalletAccountShares: WaasProvider['refreshWalletAccountShares']","revokeDelegation: WaasProvider['revokeDelegation']","setWaasWalletAccountPassword: WaasProvider['setWaasWalletAccountPassword']","signRawMessage: WaasProvider['signRawMessage']","destroy: WaasProvider['destroy']","updatePassword: WaasProvider['updatePassword']","signMessage: WaasProvider['signMessage']","signSerializedTransaction: WaasProvider['signSerializedTransaction']","getWalletRecoveryState: WaasProvider['getWalletRecoveryState']","unlockWallet: WaasProvider['unlockWallet']","packageName","packageVersion"],"sources":["../src/modules/waas/createWaasClient/createWaasClient.ts","../src/modules/waas/getWaasChainNameFromChain/getWaasChainNameFromChain.ts","../src/modules/waas/createWaasProvider/createWaasProvider.ts","../src/modules/waas/getAllUserWaasAddressesForChain/getAllUserWaasAddressesForChain.ts","../src/exports/waasCore.ts"],"sourcesContent":["import type { AuthMode } from '@dynamic-labs-wallet/browser-wallet-client';\nimport { DynamicWalletClient } from '@dynamic-labs-wallet/browser-wallet-client';\n\nimport { getCore } from '../../../client/core/getCore';\nimport { CLIENT_SDK_NAME } from '../../apiClient/constants';\nimport { logoutWithReason } from '../../auth/logoutWithReason';\nimport { isCookieEnabled } from '../../projectSettings/isCookieEnabled';\nimport type { CreateWaasClient } from './createWaasClient.types';\nimport {\n DEFAULT_WAAS_BASE_API_URL,\n DEFAULT_WAAS_BASE_MPC_RELAY_API_URL,\n} from '../constants';\n\n/** @not-instrumented */\nexport const createWaasClient: CreateWaasClient = ({ chainName }, client) => {\n const core = getCore(client);\n\n const additionalTrustedOrigins = core.waas?.additionalTrustedOrigins;\n\n const baseClientKeysharesRelayApiUrl =\n client.projectSettings?.sdk.waas?.customKeyshareRelayBaseUrl;\n\n return new DynamicWalletClient(\n {\n authMode: (isCookieEnabled(client) ? 'cookie' : 'header') as AuthMode,\n authToken: client.token || '',\n baseApiUrl: (core.apiBaseUrl || DEFAULT_WAAS_BASE_API_URL).replace(\n '/api/v0',\n ''\n ),\n baseMPCRelayApiUrl:\n client.projectSettings?.sdk.waas?.relayUrl ||\n DEFAULT_WAAS_BASE_MPC_RELAY_API_URL,\n chainName,\n environmentId: core.environmentId,\n sdkVersion: `${CLIENT_SDK_NAME}/${core.version}`,\n ...(additionalTrustedOrigins == undefined\n ? {}\n : { additionalTrustedOrigins }),\n ...(baseClientKeysharesRelayApiUrl == undefined\n ? {}\n : { baseClientKeysharesRelayApiUrl }),\n },\n {\n // When the WaaS iframe's own backend call returns 401 (e.g. a forcibly\n // revoked token), the iframe notifies the host via the reverse channel\n // and this fires — log the user out. Mirrors the session-expiry\n // middleware that covers the SDK's own direct API 401s.\n onUnauthorized: () => {\n void logoutWithReason(\n { reason: 'session-refresh-unauthorized' },\n client\n ).catch((error) => {\n core.logger.error(\n 'Failed to log out after WaaS unauthorized response',\n error\n );\n });\n },\n }\n );\n};\n","import type { Chain } from '../../chain';\nimport { CHAINS_INFO_MAP } from '../../wallets/constants';\n\n/** @not-instrumented */\n// eslint-disable-next-line custom-rules/require-single-object-param\nexport const getWaasChainNameFromChain = (chain: Chain): string => {\n return CHAINS_INFO_MAP[chain].waasChainNameOverride || chain;\n};\n","import {\n type BitcoinConfig,\n type DynamicWalletClient,\n ThresholdSignatureScheme,\n WalletOperation,\n} from '@dynamic-labs-wallet/browser-wallet-client';\nimport { MFAAction, TokenScope } from '@dynamic-labs/sdk-api-core';\n\nimport { getCore } from '../../../client/core/getCore';\nimport type { DynamicClient } from '../../../client/types/DynamicClient';\nimport { InvalidParamError } from '../../../errors/InvalidParamError';\nimport { getElevatedAccessToken } from '../../auth/getElevatedAccessToken';\nimport type { Chain } from '../../chain';\nimport { consumeMfaTokenIfRequiredForAction } from '../../mfa/consumeMfaTokenIfRequiredForAction';\nimport { getSignedSessionId } from '../../sessionKeys/getSignedSessionId';\nimport { createWaasClient } from '../createWaasClient';\nimport { getWaasChainNameFromChain } from '../getWaasChainNameFromChain';\nimport type { WaasProvider } from '../waas.types';\n\nconst RAW_MESSAGE_MESSAGE_REQUIRED_LENGTH = 64;\n\ntype CreateWaasProviderParams = {\n chain: Chain;\n sdkClient: DynamicClient;\n};\n\n/** @not-instrumented */\nexport const createWaasProvider = ({\n sdkClient,\n chain,\n}: CreateWaasProviderParams): WaasProvider => {\n const logger = getCore(sdkClient).logger;\n\n let _waasClient: DynamicWalletClient | undefined;\n\n // because the waas client needs the authToken to be set, we can only create it\n // the first time it's needed, which is after the user has logged in\n const getWaasClient: WaasProvider['getWaasClient'] = async () => {\n if (!_waasClient) {\n _waasClient = createWaasClient(\n { chainName: getWaasChainNameFromChain(chain) },\n sdkClient\n );\n await _waasClient.initialize();\n }\n return _waasClient;\n };\n\n const backupKeySharesToGoogleDrive: WaasProvider['backupKeySharesToGoogleDrive'] =\n async ({ googleDriveAccessToken, password, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n return waasClient.backupKeySharesToGoogleDrive({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n googleDriveAccessToken,\n password,\n signedSessionId,\n });\n };\n\n const createWalletAccount: WaasProvider['createWalletAccount'] = async (\n args = {}\n ) => {\n logger.debug('[createWaasProvider] createWalletAccount', {\n bitcoinConfig: args.bitcoinConfig,\n thresholdSignatureScheme: args.thresholdSignatureScheme,\n });\n\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n const waasWallet = await waasClient.createWalletAccount({\n authToken: sdkClient.token ?? undefined,\n bitcoinConfig: args.bitcoinConfig as BitcoinConfig | undefined,\n password: args.password,\n signedSessionId,\n thresholdSignatureScheme:\n args.thresholdSignatureScheme ?? ThresholdSignatureScheme.TWO_OF_TWO,\n });\n\n return waasWallet;\n };\n\n const delegateKeyShares: WaasProvider['delegateKeyShares'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.delegateKeyShares({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n const exportClientKeyshares: WaasProvider['exportClientKeyshares'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n await waasClient.exportClientKeyshares({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n const exportPrivateKey: WaasProvider['exportPrivateKey'] = async ({\n displayContainer,\n walletAccount,\n password,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasExport },\n sdkClient\n );\n\n // Forward any elevated access token previously obtained via step-up\n // (e.g. requestExternalAuthElevatedToken) so the backend authorizes\n // the export under the wallet:export scope.\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletexport },\n sdkClient\n );\n\n await waasClient.exportPrivateKey({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n displayContainer,\n elevatedAccessToken,\n mfaToken,\n password,\n signedSessionId,\n });\n };\n\n const restoreUserShareForWalletAccount: WaasProvider['restoreUserShareForWalletAccount'] =\n async ({ walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n await waasClient.getWallet({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n signedSessionId,\n walletOperation: WalletOperation.SIGN_MESSAGE,\n });\n };\n\n const importPrivateKey: WaasProvider['importPrivateKey'] = async ({\n privateKey,\n thresholdSignatureScheme = ThresholdSignatureScheme.TWO_OF_TWO,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const walletClient = await getWaasClient();\n\n await walletClient.importPrivateKey({\n authToken: sdkClient.token ?? undefined,\n privateKey,\n signedSessionId,\n thresholdSignatureScheme,\n });\n };\n\n const refreshWalletAccountShares: WaasProvider['refreshWalletAccountShares'] =\n async ({ password, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const walletClient = await getWaasClient();\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasRefresh },\n sdkClient\n );\n\n return walletClient.refreshWalletAccountShares({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n mfaToken,\n password,\n signedSessionId,\n });\n };\n\n const revokeDelegation: WaasProvider['revokeDelegation'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.revokeDelegation({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n const setWaasWalletAccountPassword: WaasProvider['setWaasWalletAccountPassword'] =\n async ({ password, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n return waasClient.setPassword({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n newPassword: password,\n signedSessionId,\n });\n };\n\n const signRawMessage: WaasProvider['signRawMessage'] = async ({\n message,\n password,\n walletAccount,\n }) => {\n if (message.length !== RAW_MESSAGE_MESSAGE_REQUIRED_LENGTH) {\n throw new InvalidParamError(\n `Message must be ${RAW_MESSAGE_MESSAGE_REQUIRED_LENGTH} characters long`\n );\n }\n\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasSign },\n sdkClient\n );\n\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletsign },\n sdkClient\n );\n\n const walletClient = await getWaasClient();\n\n const signature = await walletClient.signRawMessage({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n elevatedAccessToken,\n message,\n mfaToken,\n password,\n signedSessionId,\n });\n\n return { signature };\n };\n\n const destroy: WaasProvider['destroy'] = async (args) => {\n if (!_waasClient) {\n return;\n }\n\n const waasClient = await getWaasClient();\n // When a session token expires, we preserve key shares in storage instead\n // of clearing them. Customers with short-lived sessions (minutes) were\n // hitting excessive server-side share recovery on every re-login, which\n // also forced users to re-enter their wallet password since the unlocked\n // share only lives for the duration of the session.\n //\n // This is safe because the waas-sdk separately fingerprints the user\n // (sub + environment_id) and clears all storage if a different user logs\n // in. On explicit user-initiated logout, shares are always cleared for\n // security.\n if (args?.reason !== 'token-expired') {\n await waasClient.cleanup();\n }\n _waasClient = undefined;\n };\n\n const updatePassword: WaasProvider['updatePassword'] = async ({\n walletAccount,\n currentPassword,\n newPassword,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.updatePassword({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n existingPassword: currentPassword,\n newPassword,\n signedSessionId,\n });\n };\n\n const signMessage: WaasProvider['signMessage'] = async ({\n message,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasSign },\n sdkClient\n );\n\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletsign },\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n const signature = await waasClient.signMessage({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n elevatedAccessToken,\n message,\n mfaToken,\n signedSessionId,\n });\n\n return { signature };\n };\n\n const signSerializedTransaction: WaasProvider['signSerializedTransaction'] =\n async ({ chainId, serializedTransaction, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasSign },\n sdkClient\n );\n\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletsign },\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n const signature = await waasClient.signTransaction({\n authToken: sdkClient.token ?? undefined,\n chainId,\n elevatedAccessToken,\n mfaToken,\n senderAddress: walletAccount.address,\n signedSessionId,\n transaction: serializedTransaction,\n });\n\n return { signature };\n };\n\n const getWalletRecoveryState: WaasProvider['getWalletRecoveryState'] =\n async ({ walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n return waasClient.getWalletRecoveryState({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n signedSessionId,\n });\n };\n\n const unlockWallet: WaasProvider['unlockWallet'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.unlockWallet({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n return {\n backupKeySharesToGoogleDrive,\n createWalletAccount,\n delegateKeyShares,\n destroy,\n exportClientKeyshares,\n exportPrivateKey,\n getWaasClient,\n getWalletRecoveryState,\n importPrivateKey,\n refreshWalletAccountShares,\n restoreUserShareForWalletAccount,\n revokeDelegation,\n setWaasWalletAccountPassword,\n signMessage,\n signRawMessage,\n signSerializedTransaction,\n unlockWallet,\n updatePassword,\n };\n};\n","import { WalletProviderEnum } from '@dynamic-labs/sdk-api-core';\n\nimport type { DynamicClient } from '../../../client/types';\nimport { getChainFromVerifiedCredentialChain } from '../../../utils/getChainFromVerifiedCredentialChain';\nimport type { Chain } from '../../chain';\nimport { DYNAMIC_WAAS_METADATA } from '../constants';\n\ntype GetAllUserWaasAddressesForChainParams = {\n chain: Chain;\n};\n\n/** @not-instrumented */\nexport const getAllUserWaasAddressesForChain = (\n { chain }: GetAllUserWaasAddressesForChainParams,\n client: DynamicClient\n): string[] => {\n if (!client.user) {\n return [];\n }\n\n const waasWalletCredentials =\n client.user.verifiedCredentials.filter(\n (credential) =>\n credential.walletProvider === WalletProviderEnum.EmbeddedWallet &&\n credential.walletName\n ?.toLowerCase()\n .startsWith(DYNAMIC_WAAS_METADATA.normalizedWalletName) &&\n credential.address &&\n credential.chain &&\n getChainFromVerifiedCredentialChain(credential.chain) === chain\n ) ?? [];\n\n const waasAddresses: string[] = waasWalletCredentials.map(\n // casting because we're already filtering out credentials without an address\n (credential) => credential.address as string\n );\n\n return waasAddresses;\n};\n","import { assertPackageVersion } from '@dynamic-labs-sdk/assert-package-version';\n\nimport {\n name as packageName,\n version as packageVersion,\n} from '../../package.json';\nassertPackageVersion(packageName, packageVersion);\n\nexport type {\n BitcoinNetwork,\n DynamicWalletClient,\n ThresholdSignatureScheme\n} from '@dynamic-labs-wallet/browser-wallet-client';\nexport { DYNAMIC_WAAS_METADATA } from '../modules/waas/constants';\nexport { createWaasClient } from '../modules/waas/createWaasClient';\nexport { createWaasProvider } from '../modules/waas/createWaasProvider';\nexport { getAllUserWaasAddressesForChain } from '../modules/waas/getAllUserWaasAddressesForChain';\nexport { getWaasChainNameFromChain } from '../modules/waas/getWaasChainNameFromChain';\nexport type {\n WaasProvider,\n WaasWalletProvider\n} from '../modules/waas/waas.types';\n\n"],"mappings":";;;;;;;;;AAcA,MAAaA,oBAAsC,EAAE,aAAa,WAAW;CAC3E,MAAM,OAAO,QAAQ,OAAO;CAE5B,MAAM,2BAA2B,KAAK,MAAM;CAE5C,MAAM,iCACJ,OAAO,iBAAiB,IAAI,MAAM;AAEpC,QAAO,IAAI,oBACT;EACE,UAAW,gBAAgB,OAAO,GAAG,WAAW;EAChD,WAAW,OAAO,SAAS;EAC3B,aAAa,KAAK,cAAc,2BAA2B,QACzD,WACA,GACD;EACD,oBACE,OAAO,iBAAiB,IAAI,MAAM,YAClC;EACF;EACA,eAAe,KAAK;EACpB,YAAY,GAAG,gBAAgB,GAAG,KAAK;EACvC,GAAI,4BAA4B,SAC5B,EAAE,GACF,EAAE,0BAA0B;EAChC,GAAI,kCAAkC,SAClC,EAAE,GACF,EAAE,gCAAgC;EACvC,EACD,EAKE,sBAAsB;AACpB,EAAKC,2BACH,EAAE,QAAQ,gCAAgC,EAC1C,OACD,CAAC,OAAO,UAAU;AACjB,QAAK,OAAO,MACV,sDACA,MACD;IACD;IAEL,CACF;;;;;;ACvDH,MAAa,6BAA6B,UAAyB;AACjE,QAAO,gBAAgB,OAAO,yBAAyB;;;;;ACazD,MAAM,sCAAsC;;AAQ5C,MAAa,sBAAsB,EACjC,WACA,YAC4C;CAC5C,MAAM,SAAS,QAAQ,UAAU,CAAC;CAElC,IAAIC;CAIJ,MAAMC,gBAA+C,YAAY;AAC/D,MAAI,CAAC,aAAa;AAChB,iBAAc,iBACZ,EAAE,WAAW,0BAA0B,MAAM,EAAE,EAC/C,UACD;AACD,SAAM,YAAY,YAAY;;AAEhC,SAAO;;CAGT,MAAMC,+BACJ,OAAO,EAAE,wBAAwB,UAAU,oBAAoB;EAC7D,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;AAID,UAFmB,MAAM,eAAe,EAEtB,6BAA6B;GAC7C,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACD,CAAC;;CAGN,MAAMC,sBAA2D,OAC/D,OAAO,EAAE,KACN;AACH,SAAO,MAAM,4CAA4C;GACvD,eAAe,KAAK;GACpB,0BAA0B,KAAK;GAChC,CAAC;EAEF,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAa1E,SATmB,OAFA,MAAM,eAAe,EAEJ,oBAAoB;GACtD,WAAW,UAAU,SAAS;GAC9B,eAAe,KAAK;GACpB,UAAU,KAAK;GACf;GACA,0BACE,KAAK,4BAA4B,yBAAyB;GAC7D,CAAC;;CAKJ,MAAMC,oBAAuD,OAAO,EAClE,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,kBAAkB;GAClC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;CAGJ,MAAMC,wBAA+D,OAAO,EAC1E,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,SAFmB,MAAM,eAAe,EAEvB,sBAAsB;GACrC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;CAGJ,MAAMC,mBAAqD,OAAO,EAChE,kBACA,eACA,eACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;EAE1E,MAAM,aAAa,MAAM,eAAe;EAExC,MAAM,WAAW,MAAM,mCACrB,EAAE,WAAW,UAAU,kBAAkB,EACzC,UACD;EAKD,MAAM,sBAAsBC,iCAC1B,EAAE,OAAO,WAAW,cAAc,EAClC,UACD;AAED,QAAM,WAAW,iBAAiB;GAChC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACA;GACA;GACD,CAAC;;CAGJ,MAAMC,mCACJ,OAAO,EAAE,oBAAoB;EAC3B,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;AAID,SAFmB,MAAM,eAAe,EAEvB,UAAU;GACzB,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA,iBAAiB,gBAAgB;GAClC,CAAC;;CAGN,MAAMC,mBAAqD,OAAO,EAChE,YACA,2BAA2B,yBAAyB,iBAChD;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,SAFqB,MAAM,eAAe,EAEvB,iBAAiB;GAClC,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACD,CAAC;;CAGJ,MAAMC,6BACJ,OAAO,EAAE,UAAU,oBAAoB;EACrC,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;EAED,MAAM,eAAe,MAAM,eAAe;EAE1C,MAAM,WAAW,MAAM,mCACrB,EAAE,WAAW,UAAU,mBAAmB,EAC1C,UACD;AAED,SAAO,aAAa,2BAA2B;GAC7C,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACD,CAAC;;CAGN,MAAMC,mBAAqD,OAAO,EAChE,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,iBAAiB;GACjC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;CAGJ,MAAMC,+BACJ,OAAO,EAAE,UAAU,oBAAoB;EACrC,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;AAID,UAFmB,MAAM,eAAe,EAEtB,YAAY;GAC5B,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B,aAAa;GACb;GACD,CAAC;;CAGN,MAAMC,iBAAiD,OAAO,EAC5D,SACA,UACA,oBACI;AACJ,MAAI,QAAQ,WAAW,oCACrB,OAAM,IAAI,kBACR,mBAAmB,oCAAoC,kBACxD;EAGH,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;EAE1E,MAAM,WAAW,MAAM,mCACrB,EAAE,WAAW,UAAU,gBAAgB,EACvC,UACD;EAED,MAAM,sBAAsBN,iCAC1B,EAAE,OAAO,WAAW,YAAY,EAChC,UACD;AAcD,SAAO,EAAE,WAVS,OAFG,MAAM,eAAe,EAEL,eAAe;GAClD,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACA;GACA;GACD,CAAC,EAEkB;;CAGtB,MAAMO,UAAmC,OAAO,SAAS;AACvD,MAAI,CAAC,YACH;EAGF,MAAM,aAAa,MAAM,eAAe;AAWxC,MAAI,MAAM,WAAW,gBACnB,OAAM,WAAW,SAAS;AAE5B,gBAAc;;CAGhB,MAAMC,iBAAiD,OAAO,EAC5D,eACA,iBACA,kBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,eAAe;GAC/B,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B,kBAAkB;GAClB;GACA;GACD,CAAC;;CAGJ,MAAMC,cAA2C,OAAO,EACtD,SACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;EAE1E,MAAM,WAAW,MAAM,mCACrB,EAAE,WAAW,UAAU,gBAAgB,EACvC,UACD;EAED,MAAM,sBAAsBT,iCAC1B,EAAE,OAAO,WAAW,YAAY,EAChC,UACD;AAaD,SAAO,EAAE,WATS,OAFC,MAAM,eAAe,EAEL,YAAY;GAC7C,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACA;GACD,CAAC,EAEkB;;CAGtB,MAAMU,4BACJ,OAAO,EAAE,SAAS,uBAAuB,oBAAoB;EAC3D,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;EAED,MAAM,WAAW,MAAM,mCACrB,EAAE,WAAW,UAAU,gBAAgB,EACvC,UACD;EAED,MAAM,sBAAsBV,iCAC1B,EAAE,OAAO,WAAW,YAAY,EAChC,UACD;AAcD,SAAO,EAAE,WAVS,OAFC,MAAM,eAAe,EAEL,gBAAgB;GACjD,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACA,eAAe,cAAc;GAC7B;GACA,aAAa;GACd,CAAC,EAEkB;;CAGxB,MAAMW,yBACJ,OAAO,EAAE,oBAAoB;EAC3B,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;AAID,UAFmB,MAAM,eAAe,EAEtB,uBAAuB;GACvC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACD,CAAC;;CAGN,MAAMC,eAA6C,OAAO,EACxD,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,aAAa;GAC7B,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;AAGJ,QAAO;EACL;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACD;;;;;;ACjaH,MAAa,mCACX,EAAE,SACF,WACa;AACb,KAAI,CAAC,OAAO,KACV,QAAO,EAAE;AAoBX,SAhBE,OAAO,KAAK,oBAAoB,QAC7B,eACC,WAAW,mBAAmB,mBAAmB,kBACjD,WAAW,YACP,aAAa,CACd,WAAW,sBAAsB,qBAAqB,IACzD,WAAW,WACX,WAAW,SACX,oCAAoC,WAAW,MAAM,KAAK,MAC7D,IAAI,EAAE,EAE6C,KAEnD,eAAe,WAAW,QAC5B;;;;;AC7BH,qBAAqBC,MAAaC,QAAe"}
1
+ {"version":3,"file":"waasCore.esm.js","names":["createWaasClient: CreateWaasClient","logoutWithReason","_waasClient: DynamicWalletClient | undefined","getWaasClient: WaasProvider['getWaasClient']","backupKeySharesToGoogleDrive: WaasProvider['backupKeySharesToGoogleDrive']","createWalletAccount: WaasProvider['createWalletAccount']","delegateKeyShares: WaasProvider['delegateKeyShares']","exportClientKeyshares: WaasProvider['exportClientKeyshares']","exportPrivateKey: WaasProvider['exportPrivateKey']","getElevatedAccessToken","restoreUserShareForWalletAccount: WaasProvider['restoreUserShareForWalletAccount']","importPrivateKey: WaasProvider['importPrivateKey']","refreshWalletAccountShares: WaasProvider['refreshWalletAccountShares']","revokeDelegation: WaasProvider['revokeDelegation']","setWaasWalletAccountPassword: WaasProvider['setWaasWalletAccountPassword']","signRawMessage: WaasProvider['signRawMessage']","destroy: WaasProvider['destroy']","updatePassword: WaasProvider['updatePassword']","signMessage: WaasProvider['signMessage']","signSerializedTransaction: WaasProvider['signSerializedTransaction']","getWalletRecoveryState: WaasProvider['getWalletRecoveryState']","unlockWallet: WaasProvider['unlockWallet']","packageName","packageVersion"],"sources":["../src/modules/waas/createWaasClient/createWaasClient.ts","../src/modules/waas/getWaasChainNameFromChain/getWaasChainNameFromChain.ts","../src/modules/waas/createWaasProvider/createWaasProvider.ts","../src/modules/waas/exportWaasPrivateKeyToContainer/exportWaasPrivateKeyToContainer.ts","../src/modules/waas/getAllUserWaasAddressesForChain/getAllUserWaasAddressesForChain.ts","../src/exports/waasCore.ts"],"sourcesContent":["import type { AuthMode } from '@dynamic-labs-wallet/browser-wallet-client';\nimport { DynamicWalletClient } from '@dynamic-labs-wallet/browser-wallet-client';\n\nimport { getCore } from '../../../client/core/getCore';\nimport { CLIENT_SDK_NAME } from '../../apiClient/constants';\nimport { logoutWithReason } from '../../auth/logoutWithReason';\nimport { isCookieEnabled } from '../../projectSettings/isCookieEnabled';\nimport type { CreateWaasClient } from './createWaasClient.types';\nimport {\n DEFAULT_WAAS_BASE_API_URL,\n DEFAULT_WAAS_BASE_MPC_RELAY_API_URL,\n} from '../constants';\n\n/** @not-instrumented */\nexport const createWaasClient: CreateWaasClient = ({ chainName }, client) => {\n const core = getCore(client);\n\n const additionalTrustedOrigins = core.waas?.additionalTrustedOrigins;\n\n const baseClientKeysharesRelayApiUrl =\n client.projectSettings?.sdk.waas?.customKeyshareRelayBaseUrl;\n\n return new DynamicWalletClient(\n {\n authMode: (isCookieEnabled(client) ? 'cookie' : 'header') as AuthMode,\n authToken: client.token || '',\n baseApiUrl: (core.apiBaseUrl || DEFAULT_WAAS_BASE_API_URL).replace(\n '/api/v0',\n ''\n ),\n baseMPCRelayApiUrl:\n client.projectSettings?.sdk.waas?.relayUrl ||\n DEFAULT_WAAS_BASE_MPC_RELAY_API_URL,\n chainName,\n environmentId: core.environmentId,\n sdkVersion: `${CLIENT_SDK_NAME}/${core.version}`,\n ...(additionalTrustedOrigins == undefined\n ? {}\n : { additionalTrustedOrigins }),\n ...(baseClientKeysharesRelayApiUrl == undefined\n ? {}\n : { baseClientKeysharesRelayApiUrl }),\n },\n {\n // When the WaaS iframe's own backend call returns 401 (e.g. a forcibly\n // revoked token), the iframe notifies the host via the reverse channel\n // and this fires — log the user out. Mirrors the session-expiry\n // middleware that covers the SDK's own direct API 401s.\n onUnauthorized: () => {\n void logoutWithReason(\n { reason: 'session-refresh-unauthorized' },\n client\n ).catch((error) => {\n core.logger.error(\n 'Failed to log out after WaaS unauthorized response',\n error\n );\n });\n },\n }\n );\n};\n","import type { Chain } from '../../chain';\nimport { CHAINS_INFO_MAP } from '../../wallets/constants';\n\n/** @not-instrumented */\n// eslint-disable-next-line custom-rules/require-single-object-param\nexport const getWaasChainNameFromChain = (chain: Chain): string => {\n return CHAINS_INFO_MAP[chain].waasChainNameOverride || chain;\n};\n","import {\n type BitcoinConfig,\n type DynamicWalletClient,\n ThresholdSignatureScheme,\n WalletOperation,\n} from '@dynamic-labs-wallet/browser-wallet-client';\nimport { MFAAction, TokenScope } from '@dynamic-labs/sdk-api-core';\n\nimport { getCore } from '../../../client/core/getCore';\nimport type { DynamicClient } from '../../../client/types/DynamicClient';\nimport { InvalidParamError } from '../../../errors/InvalidParamError';\nimport { getElevatedAccessToken } from '../../auth/getElevatedAccessToken';\nimport type { Chain } from '../../chain';\nimport { consumeMfaTokenIfRequiredForAction } from '../../mfa/consumeMfaTokenIfRequiredForAction';\nimport { getSignedSessionId } from '../../sessionKeys/getSignedSessionId';\nimport { createWaasClient } from '../createWaasClient';\nimport { getWaasChainNameFromChain } from '../getWaasChainNameFromChain';\nimport type { WaasProvider } from '../waas.types';\n\nconst RAW_MESSAGE_MESSAGE_REQUIRED_LENGTH = 64;\n\ntype CreateWaasProviderParams = {\n chain: Chain;\n sdkClient: DynamicClient;\n};\n\n/** @not-instrumented */\nexport const createWaasProvider = ({\n sdkClient,\n chain,\n}: CreateWaasProviderParams): WaasProvider => {\n const logger = getCore(sdkClient).logger;\n\n let _waasClient: DynamicWalletClient | undefined;\n\n // because the waas client needs the authToken to be set, we can only create it\n // the first time it's needed, which is after the user has logged in\n const getWaasClient: WaasProvider['getWaasClient'] = async () => {\n if (!_waasClient) {\n _waasClient = createWaasClient(\n { chainName: getWaasChainNameFromChain(chain) },\n sdkClient\n );\n await _waasClient.initialize();\n }\n return _waasClient;\n };\n\n const backupKeySharesToGoogleDrive: WaasProvider['backupKeySharesToGoogleDrive'] =\n async ({ googleDriveAccessToken, password, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n return waasClient.backupKeySharesToGoogleDrive({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n googleDriveAccessToken,\n password,\n signedSessionId,\n });\n };\n\n const createWalletAccount: WaasProvider['createWalletAccount'] = async (\n args = {}\n ) => {\n logger.debug('[createWaasProvider] createWalletAccount', {\n bitcoinConfig: args.bitcoinConfig,\n thresholdSignatureScheme: args.thresholdSignatureScheme,\n });\n\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n const waasWallet = await waasClient.createWalletAccount({\n authToken: sdkClient.token ?? undefined,\n bitcoinConfig: args.bitcoinConfig as BitcoinConfig | undefined,\n password: args.password,\n signedSessionId,\n thresholdSignatureScheme:\n args.thresholdSignatureScheme ?? ThresholdSignatureScheme.TWO_OF_TWO,\n });\n\n return waasWallet;\n };\n\n const delegateKeyShares: WaasProvider['delegateKeyShares'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.delegateKeyShares({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n const exportClientKeyshares: WaasProvider['exportClientKeyshares'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n await waasClient.exportClientKeyshares({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n const exportPrivateKey: WaasProvider['exportPrivateKey'] = async ({\n container,\n displayContainer,\n walletAccount,\n password,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasExport },\n sdkClient\n );\n\n // Forward any elevated access token previously obtained via step-up\n // (e.g. requestExternalAuthElevatedToken) so the backend authorizes\n // the export under the wallet:export scope.\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletexport },\n sdkClient\n );\n\n await waasClient.exportPrivateKey({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n // Exactly one display surface is forwarded: `container` (a\n // WaasSDKContainer, e.g. a React Native visible WebView) or\n // `displayContainer` (a DOM element, web). The upstream client enforces\n // the \"exactly one\" invariant and renders the key inside the surface's\n // own sandboxed document — it never crosses back to the host.\n container,\n displayContainer,\n elevatedAccessToken,\n mfaToken,\n password,\n signedSessionId,\n });\n };\n\n const restoreUserShareForWalletAccount: WaasProvider['restoreUserShareForWalletAccount'] =\n async ({ walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n await waasClient.getWallet({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n signedSessionId,\n walletOperation: WalletOperation.SIGN_MESSAGE,\n });\n };\n\n const importPrivateKey: WaasProvider['importPrivateKey'] = async ({\n privateKey,\n thresholdSignatureScheme = ThresholdSignatureScheme.TWO_OF_TWO,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const walletClient = await getWaasClient();\n\n await walletClient.importPrivateKey({\n authToken: sdkClient.token ?? undefined,\n privateKey,\n signedSessionId,\n thresholdSignatureScheme,\n });\n };\n\n const refreshWalletAccountShares: WaasProvider['refreshWalletAccountShares'] =\n async ({ password, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const walletClient = await getWaasClient();\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasRefresh },\n sdkClient\n );\n\n return walletClient.refreshWalletAccountShares({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n mfaToken,\n password,\n signedSessionId,\n });\n };\n\n const revokeDelegation: WaasProvider['revokeDelegation'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.revokeDelegation({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n const setWaasWalletAccountPassword: WaasProvider['setWaasWalletAccountPassword'] =\n async ({ password, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n return waasClient.setPassword({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n newPassword: password,\n signedSessionId,\n });\n };\n\n const signRawMessage: WaasProvider['signRawMessage'] = async ({\n message,\n password,\n walletAccount,\n }) => {\n if (message.length !== RAW_MESSAGE_MESSAGE_REQUIRED_LENGTH) {\n throw new InvalidParamError(\n `Message must be ${RAW_MESSAGE_MESSAGE_REQUIRED_LENGTH} characters long`\n );\n }\n\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasSign },\n sdkClient\n );\n\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletsign },\n sdkClient\n );\n\n const walletClient = await getWaasClient();\n\n const signature = await walletClient.signRawMessage({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n elevatedAccessToken,\n message,\n mfaToken,\n password,\n signedSessionId,\n });\n\n return { signature };\n };\n\n const destroy: WaasProvider['destroy'] = async (args) => {\n if (!_waasClient) {\n return;\n }\n\n const waasClient = await getWaasClient();\n // When a session token expires, we preserve key shares in storage instead\n // of clearing them. Customers with short-lived sessions (minutes) were\n // hitting excessive server-side share recovery on every re-login, which\n // also forced users to re-enter their wallet password since the unlocked\n // share only lives for the duration of the session.\n //\n // This is safe because the waas-sdk separately fingerprints the user\n // (sub + environment_id) and clears all storage if a different user logs\n // in. On explicit user-initiated logout, shares are always cleared for\n // security.\n if (args?.reason !== 'token-expired') {\n await waasClient.cleanup();\n }\n _waasClient = undefined;\n };\n\n const updatePassword: WaasProvider['updatePassword'] = async ({\n walletAccount,\n currentPassword,\n newPassword,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.updatePassword({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n existingPassword: currentPassword,\n newPassword,\n signedSessionId,\n });\n };\n\n const signMessage: WaasProvider['signMessage'] = async ({\n message,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasSign },\n sdkClient\n );\n\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletsign },\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n const signature = await waasClient.signMessage({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n elevatedAccessToken,\n message,\n mfaToken,\n signedSessionId,\n });\n\n return { signature };\n };\n\n const signSerializedTransaction: WaasProvider['signSerializedTransaction'] =\n async ({ chainId, serializedTransaction, walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const mfaToken = await consumeMfaTokenIfRequiredForAction(\n { mfaAction: MFAAction.WalletWaasSign },\n sdkClient\n );\n\n const elevatedAccessToken = getElevatedAccessToken(\n { scope: TokenScope.Walletsign },\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n const signature = await waasClient.signTransaction({\n authToken: sdkClient.token ?? undefined,\n chainId,\n elevatedAccessToken,\n mfaToken,\n senderAddress: walletAccount.address,\n signedSessionId,\n transaction: serializedTransaction,\n });\n\n return { signature };\n };\n\n const getWalletRecoveryState: WaasProvider['getWalletRecoveryState'] =\n async ({ walletAccount }) => {\n const { signature: signedSessionId } = await getSignedSessionId(\n sdkClient\n );\n\n const waasClient = await getWaasClient();\n\n return waasClient.getWalletRecoveryState({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n signedSessionId,\n });\n };\n\n const unlockWallet: WaasProvider['unlockWallet'] = async ({\n password,\n walletAccount,\n }) => {\n const { signature: signedSessionId } = await getSignedSessionId(sdkClient);\n\n const waasClient = await getWaasClient();\n\n return waasClient.unlockWallet({\n accountAddress: walletAccount.address,\n authToken: sdkClient.token ?? undefined,\n password,\n signedSessionId,\n });\n };\n\n return {\n backupKeySharesToGoogleDrive,\n createWalletAccount,\n delegateKeyShares,\n destroy,\n exportClientKeyshares,\n exportPrivateKey,\n getWaasClient,\n getWalletRecoveryState,\n importPrivateKey,\n refreshWalletAccountShares,\n restoreUserShareForWalletAccount,\n revokeDelegation,\n setWaasWalletAccountPassword,\n signMessage,\n signRawMessage,\n signSerializedTransaction,\n unlockWallet,\n updatePassword,\n };\n};\n","import type { WaasSDKContainer } from '@dynamic-labs-wallet/core';\n\nimport type { DynamicClient } from '../../../client/types/DynamicClient';\nimport type { WalletAccount } from '../../wallets/walletAccount';\nimport { getWaasWalletProviderFromWalletAccount } from '../getWaasWalletProviderFromWalletAccount';\n\ntype ExportWaasPrivateKeyToContainerParams = {\n container: WaasSDKContainer;\n password?: string;\n walletAccount: WalletAccount;\n};\n\n/**\n * Exports the private key for a WaaS wallet account into a caller-provided\n * {@link WaasSDKContainer} (e.g. a visible React Native WebView) instead of a\n * DOM element.\n *\n * This is the container-based counterpart to `exportWaasPrivateKey` (which\n * injects an iframe into a DOM `displayContainer` on web). The export ceremony\n * runs — and the private key is rendered — entirely inside the container's own\n * sandboxed document; the key is never exposed to the host JS layer. The caller\n * owns the container's lifecycle and must call `container.destroy()` when the\n * display is dismissed.\n *\n * @param params.walletAccount - The WaaS wallet account to export the private key from.\n * @param params.container - The container that hosts the secure key display.\n * @param [params.password] - Optional password to decrypt the private key.\n * @param client - The Dynamic client instance. This is an internal API (exposed\n * only via `@dynamic-labs-sdk/client/waas/core`), so the client is passed\n * explicitly rather than defaulted — callers resolve it (e.g. via\n * `getDefaultClient()`) and thread it in.\n * @returns A promise that resolves when the private key export is complete.\n * @not-instrumented\n */\nexport const exportWaasPrivateKeyToContainer = async (\n { container, password, walletAccount }: ExportWaasPrivateKeyToContainerParams,\n client: DynamicClient\n) => {\n const provider = getWaasWalletProviderFromWalletAccount(\n { walletAccount },\n client\n );\n\n return provider.exportPrivateKey({\n container,\n password,\n walletAccount,\n });\n};\n","import { WalletProviderEnum } from '@dynamic-labs/sdk-api-core';\n\nimport type { DynamicClient } from '../../../client/types';\nimport { getChainFromVerifiedCredentialChain } from '../../../utils/getChainFromVerifiedCredentialChain';\nimport type { Chain } from '../../chain';\nimport { DYNAMIC_WAAS_METADATA } from '../constants';\n\ntype GetAllUserWaasAddressesForChainParams = {\n chain: Chain;\n};\n\n/** @not-instrumented */\nexport const getAllUserWaasAddressesForChain = (\n { chain }: GetAllUserWaasAddressesForChainParams,\n client: DynamicClient\n): string[] => {\n if (!client.user) {\n return [];\n }\n\n const waasWalletCredentials =\n client.user.verifiedCredentials.filter(\n (credential) =>\n credential.walletProvider === WalletProviderEnum.EmbeddedWallet &&\n credential.walletName\n ?.toLowerCase()\n .startsWith(DYNAMIC_WAAS_METADATA.normalizedWalletName) &&\n credential.address &&\n credential.chain &&\n getChainFromVerifiedCredentialChain(credential.chain) === chain\n ) ?? [];\n\n const waasAddresses: string[] = waasWalletCredentials.map(\n // casting because we're already filtering out credentials without an address\n (credential) => credential.address as string\n );\n\n return waasAddresses;\n};\n","import { assertPackageVersion } from '@dynamic-labs-sdk/assert-package-version';\n\nimport {\n name as packageName,\n version as packageVersion,\n} from '../../package.json';\nassertPackageVersion(packageName, packageVersion);\n\nexport type {\n BitcoinNetwork,\n DynamicWalletClient,\n ThresholdSignatureScheme\n} from '@dynamic-labs-wallet/browser-wallet-client';\nexport type { WaasSDKContainer } from '@dynamic-labs-wallet/core';\nexport { DYNAMIC_WAAS_METADATA } from '../modules/waas/constants';\nexport { createWaasClient } from '../modules/waas/createWaasClient';\nexport { createWaasProvider } from '../modules/waas/createWaasProvider';\nexport { exportWaasPrivateKeyToContainer } from '../modules/waas/exportWaasPrivateKeyToContainer';\nexport { getAllUserWaasAddressesForChain } from '../modules/waas/getAllUserWaasAddressesForChain';\nexport { getWaasChainNameFromChain } from '../modules/waas/getWaasChainNameFromChain';\nexport type {\n WaasProvider,\n WaasWalletProvider\n} from '../modules/waas/waas.types';\n\n"],"mappings":";;;;;;;;;;AAcA,MAAaA,oBAAsC,EAAE,aAAa,WAAW;CAC3E,MAAM,OAAO,QAAQ,OAAO;CAE5B,MAAM,2BAA2B,KAAK,MAAM;CAE5C,MAAM,iCACJ,OAAO,iBAAiB,IAAI,MAAM;AAEpC,QAAO,IAAI,oBACT;EACE,UAAW,gBAAgB,OAAO,GAAG,WAAW;EAChD,WAAW,OAAO,SAAS;EAC3B,aAAa,KAAK,cAAc,2BAA2B,QACzD,WACA,GACD;EACD,oBACE,OAAO,iBAAiB,IAAI,MAAM,YAClC;EACF;EACA,eAAe,KAAK;EACpB,YAAY,GAAG,gBAAgB,GAAG,KAAK;EACvC,GAAI,4BAA4B,SAC5B,EAAE,GACF,EAAE,0BAA0B;EAChC,GAAI,kCAAkC,SAClC,EAAE,GACF,EAAE,gCAAgC;EACvC,EACD,EAKE,sBAAsB;AACpB,EAAKC,2BACH,EAAE,QAAQ,gCAAgC,EAC1C,OACD,CAAC,OAAO,UAAU;AACjB,QAAK,OAAO,MACV,sDACA,MACD;IACD;IAEL,CACF;;;;;;ACvDH,MAAa,6BAA6B,UAAyB;AACjE,QAAO,gBAAgB,OAAO,yBAAyB;;;;;ACazD,MAAM,sCAAsC;;AAQ5C,MAAa,sBAAsB,EACjC,WACA,YAC4C;CAC5C,MAAM,SAAS,QAAQ,UAAU,CAAC;CAElC,IAAIC;CAIJ,MAAMC,gBAA+C,YAAY;AAC/D,MAAI,CAAC,aAAa;AAChB,iBAAc,iBACZ,EAAE,WAAW,0BAA0B,MAAM,EAAE,EAC/C,UACD;AACD,SAAM,YAAY,YAAY;;AAEhC,SAAO;;CAGT,MAAMC,+BACJ,OAAO,EAAE,wBAAwB,UAAU,oBAAoB;EAC7D,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;AAID,UAFmB,MAAM,eAAe,EAEtB,6BAA6B;GAC7C,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACD,CAAC;;CAGN,MAAMC,sBAA2D,OAC/D,OAAO,EAAE,KACN;AACH,SAAO,MAAM,4CAA4C;GACvD,eAAe,KAAK;GACpB,0BAA0B,KAAK;GAChC,CAAC;EAEF,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAa1E,SATmB,OAFA,MAAM,eAAe,EAEJ,oBAAoB;GACtD,WAAW,UAAU,SAAS;GAC9B,eAAe,KAAK;GACpB,UAAU,KAAK;GACf;GACA,0BACE,KAAK,4BAA4B,yBAAyB;GAC7D,CAAC;;CAKJ,MAAMC,oBAAuD,OAAO,EAClE,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,kBAAkB;GAClC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;CAGJ,MAAMC,wBAA+D,OAAO,EAC1E,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,SAFmB,MAAM,eAAe,EAEvB,sBAAsB;GACrC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;CAGJ,MAAMC,mBAAqD,OAAO,EAChE,WACA,kBACA,eACA,eACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;EAE1E,MAAM,aAAa,MAAM,eAAe;EAExC,MAAM,WAAW,MAAM,mCACrB,EAAE,WAAW,UAAU,kBAAkB,EACzC,UACD;EAKD,MAAM,sBAAsBC,iCAC1B,EAAE,OAAO,WAAW,cAAc,EAClC,UACD;AAED,QAAM,WAAW,iBAAiB;GAChC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAM9B;GACA;GACA;GACA;GACA;GACA;GACD,CAAC;;CAGJ,MAAMC,mCACJ,OAAO,EAAE,oBAAoB;EAC3B,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;AAID,SAFmB,MAAM,eAAe,EAEvB,UAAU;GACzB,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA,iBAAiB,gBAAgB;GAClC,CAAC;;CAGN,MAAMC,mBAAqD,OAAO,EAChE,YACA,2BAA2B,yBAAyB,iBAChD;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,SAFqB,MAAM,eAAe,EAEvB,iBAAiB;GAClC,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACD,CAAC;;CAGJ,MAAMC,6BACJ,OAAO,EAAE,UAAU,oBAAoB;EACrC,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;EAED,MAAM,eAAe,MAAM,eAAe;EAE1C,MAAM,WAAW,MAAM,mCACrB,EAAE,WAAW,UAAU,mBAAmB,EAC1C,UACD;AAED,SAAO,aAAa,2BAA2B;GAC7C,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACD,CAAC;;CAGN,MAAMC,mBAAqD,OAAO,EAChE,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,iBAAiB;GACjC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;CAGJ,MAAMC,+BACJ,OAAO,EAAE,UAAU,oBAAoB;EACrC,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;AAID,UAFmB,MAAM,eAAe,EAEtB,YAAY;GAC5B,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B,aAAa;GACb;GACD,CAAC;;CAGN,MAAMC,iBAAiD,OAAO,EAC5D,SACA,UACA,oBACI;AACJ,MAAI,QAAQ,WAAW,oCACrB,OAAM,IAAI,kBACR,mBAAmB,oCAAoC,kBACxD;EAGH,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;EAE1E,MAAM,WAAW,MAAM,mCACrB,EAAE,WAAW,UAAU,gBAAgB,EACvC,UACD;EAED,MAAM,sBAAsBN,iCAC1B,EAAE,OAAO,WAAW,YAAY,EAChC,UACD;AAcD,SAAO,EAAE,WAVS,OAFG,MAAM,eAAe,EAEL,eAAe;GAClD,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACA;GACA;GACD,CAAC,EAEkB;;CAGtB,MAAMO,UAAmC,OAAO,SAAS;AACvD,MAAI,CAAC,YACH;EAGF,MAAM,aAAa,MAAM,eAAe;AAWxC,MAAI,MAAM,WAAW,gBACnB,OAAM,WAAW,SAAS;AAE5B,gBAAc;;CAGhB,MAAMC,iBAAiD,OAAO,EAC5D,eACA,iBACA,kBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,eAAe;GAC/B,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B,kBAAkB;GAClB;GACA;GACD,CAAC;;CAGJ,MAAMC,cAA2C,OAAO,EACtD,SACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;EAE1E,MAAM,WAAW,MAAM,mCACrB,EAAE,WAAW,UAAU,gBAAgB,EACvC,UACD;EAED,MAAM,sBAAsBT,iCAC1B,EAAE,OAAO,WAAW,YAAY,EAChC,UACD;AAaD,SAAO,EAAE,WATS,OAFC,MAAM,eAAe,EAEL,YAAY;GAC7C,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACA;GACD,CAAC,EAEkB;;CAGtB,MAAMU,4BACJ,OAAO,EAAE,SAAS,uBAAuB,oBAAoB;EAC3D,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;EAED,MAAM,WAAW,MAAM,mCACrB,EAAE,WAAW,UAAU,gBAAgB,EACvC,UACD;EAED,MAAM,sBAAsBV,iCAC1B,EAAE,OAAO,WAAW,YAAY,EAChC,UACD;AAcD,SAAO,EAAE,WAVS,OAFC,MAAM,eAAe,EAEL,gBAAgB;GACjD,WAAW,UAAU,SAAS;GAC9B;GACA;GACA;GACA,eAAe,cAAc;GAC7B;GACA,aAAa;GACd,CAAC,EAEkB;;CAGxB,MAAMW,yBACJ,OAAO,EAAE,oBAAoB;EAC3B,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAC3C,UACD;AAID,UAFmB,MAAM,eAAe,EAEtB,uBAAuB;GACvC,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACD,CAAC;;CAGN,MAAMC,eAA6C,OAAO,EACxD,UACA,oBACI;EACJ,MAAM,EAAE,WAAW,oBAAoB,MAAM,mBAAmB,UAAU;AAI1E,UAFmB,MAAM,eAAe,EAEtB,aAAa;GAC7B,gBAAgB,cAAc;GAC9B,WAAW,UAAU,SAAS;GAC9B;GACA;GACD,CAAC;;AAGJ,QAAO;EACL;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACD;;;;;;;;;;;;;;;;;;;;;;;;;;;AClZH,MAAa,kCAAkC,OAC7C,EAAE,WAAW,UAAU,iBACvB,WACG;AAMH,QALiB,uCACf,EAAE,eAAe,EACjB,OACD,CAEe,iBAAiB;EAC/B;EACA;EACA;EACD,CAAC;;;;;;ACnCJ,MAAa,mCACX,EAAE,SACF,WACa;AACb,KAAI,CAAC,OAAO,KACV,QAAO,EAAE;AAoBX,SAhBE,OAAO,KAAK,oBAAoB,QAC7B,eACC,WAAW,mBAAmB,mBAAmB,kBACjD,WAAW,YACP,aAAa,CACd,WAAW,sBAAsB,qBAAqB,IACzD,WAAW,WACX,WAAW,SACX,oCAAoC,WAAW,MAAM,KAAK,MAC7D,IAAI,EAAE,EAE6C,KAEnD,eAAe,WAAW,QAC5B;;;;;AC7BH,qBAAqBC,MAAaC,QAAe"}
@@ -1,10 +1,11 @@
1
- import { B as getCore, C as isCookieEnabled, E as __getElevatedAccessToken_wrapped, H as version, N as CLIENT_SDK_NAME, V as name, c as CHAINS_INFO_MAP, i as DYNAMIC_WAAS_METADATA, n as DEFAULT_WAAS_BASE_API_URL, r as DEFAULT_WAAS_BASE_MPC_RELAY_API_URL, s as getChainFromVerifiedCredentialChain, t as InvalidParamError, z as BaseError } from "./InvalidParamError-BqFQnYCi.native.esm.js";
2
- import { i as NativeModuleNotLinkedError } from "./isMfaRequiredForAction-Dx4BPJVg.native.esm.js";
3
- import { n as consumeMfaTokenIfRequiredForAction, t as getSignedSessionId } from "./getSignedSessionId-C7YR-jNH.native.esm.js";
1
+ import { $ as name, G as CLIENT_SDK_NAME, I as __getElevatedAccessToken_wrapped, N as isCookieEnabled, Q as getCore, Z as BaseError, a as DYNAMIC_WAAS_METADATA, et as version, i as DEFAULT_WAAS_BASE_MPC_RELAY_API_URL, m as CHAINS_INFO_MAP, p as getChainFromVerifiedCredentialChain, r as DEFAULT_WAAS_BASE_API_URL, t as InvalidParamError } from "./InvalidParamError-YG7yXCq5.native.esm.js";
2
+ import { i as NativeModuleNotLinkedError } from "./isMfaRequiredForAction-DAfjBLvz.native.esm.js";
3
+ import { n as consumeMfaTokenIfRequiredForAction, t as getSignedSessionId } from "./getSignedSessionId-DdKTM3Rh.native.esm.js";
4
+ import { t as getWaasWalletProviderFromWalletAccount } from "./getWaasWalletProviderFromWalletAccount-EnCRdI3w.native.esm.js";
4
5
  import { assertPackageVersion } from "@dynamic-labs-sdk/assert-package-version";
5
6
  import { MFAAction, TokenScope, WalletProviderEnum } from "@dynamic-labs/sdk-api-core";
6
- import { ACCESSIBLE, getGenericPassword, resetGenericPassword, setGenericPassword } from "react-native-keychain";
7
7
  import { NativeEventEmitter, TurboModuleRegistry } from "react-native";
8
+ import { ACCESSIBLE, getGenericPassword, resetGenericPassword, setGenericPassword } from "react-native-keychain";
8
9
  import { DynamicWalletClient, ThresholdSignatureScheme, WalletOperation } from "@dynamic-labs-wallet/browser-wallet-client";
9
10
 
10
11
  //#region src/errors/CorruptedKeyShareError.ts
@@ -103,19 +104,25 @@ const translateNativeOpenError = (err) => {
103
104
  };
104
105
 
105
106
  //#endregion
106
- //#region src/modules/waas/createWaasClient/createWaasSDKContainer.native.ts
107
+ //#region src/modules/waas/createWaasClient/createNativeWaasSDKContainer.native.ts
107
108
  const NATIVE_MODULE_NAME = "DynamicClientWebView";
108
109
  const MESSAGE_EVENT_NAME = "dynamicBridgeMessage";
109
110
  const generateInstanceId = () => `${Date.now().toString(36)}-${crypto.randomUUID()}`;
110
111
  /**
111
- * Creates a React Native `WaasSDKContainer` backed by a native WebView
112
- * (WKWebView on iOS, `android.webkit.WebView` on Android) hosted by the
112
+ * Creates a React Native `WaasSDKContainer` backed by a hidden, headless native
113
+ * WebView (WKWebView on iOS, `android.webkit.WebView` on Android) hosted by the
113
114
  * `DynamicClientWebView` TurboModule. Each invocation returns an isolated
114
115
  * container with its own instance ID, native WebView, and message routing.
115
116
  *
117
+ * Used for MPC operations (signing, key-share management) where there is
118
+ * nothing for the user to see. The VISIBLE private-key export display is no
119
+ * longer a native overlay — it is rendered by the `ExportPrivateKey` component
120
+ * (`@dynamic-labs-sdk/react-native-embedded-wallet-export`) on top of
121
+ * `react-native-webview`, so it scrolls and positions like any RN view.
122
+ *
116
123
  * @not-instrumented
117
124
  */
118
- const createWaasSDKContainer = () => {
125
+ const createNativeWaasSDKContainer = () => {
119
126
  if (!NativeDynamicWebView_default) throw new NativeModuleNotLinkedError({ moduleName: NATIVE_MODULE_NAME });
120
127
  const nativeModule = NativeDynamicWebView_default;
121
128
  const instanceId = generateInstanceId();
@@ -172,6 +179,23 @@ const createWaasSDKContainer = () => {
172
179
  };
173
180
  };
174
181
 
182
+ //#endregion
183
+ //#region src/modules/waas/createWaasClient/createWaasSDKContainer.native.ts
184
+ /**
185
+ * Creates a React Native `WaasSDKContainer` backed by a hidden, headless native
186
+ * WebView (WKWebView on iOS, `android.webkit.WebView` on Android) hosted by the
187
+ * `DynamicClientWebView` TurboModule. Used for MPC operations (signing, key-share
188
+ * management) where there is nothing for the user to see.
189
+ *
190
+ * For the private-key export display — where the hosted page must render the
191
+ * key for the user — use the `ExportPrivateKey` component from
192
+ * `@dynamic-labs-sdk/react-native-embedded-wallet-export`, which renders the
193
+ * key inside a `react-native-webview` instead of a native overlay.
194
+ *
195
+ * @not-instrumented
196
+ */
197
+ const createWaasSDKContainer = () => createNativeWaasSDKContainer();
198
+
175
199
  //#endregion
176
200
  //#region src/modules/waas/createWaasClient/createWaasClient.native.ts
177
201
  /**
@@ -199,6 +223,7 @@ const createWaasClient = ({ chainName }, client) => {
199
223
  baseMPCRelayApiUrl: client.projectSettings?.sdk.waas?.relayUrl || DEFAULT_WAAS_BASE_MPC_RELAY_API_URL,
200
224
  chainName,
201
225
  environmentId: core.environmentId,
226
+ hostOrigin: core.metadata?.universalLink,
202
227
  sdkVersion: `${CLIENT_SDK_NAME}/${core.version}`,
203
228
  ...additionalTrustedOrigins == void 0 ? {} : { additionalTrustedOrigins }
204
229
  }, {
@@ -289,7 +314,7 @@ const createWaasProvider = ({ sdkClient, chain }) => {
289
314
  signedSessionId
290
315
  });
291
316
  };
292
- const exportPrivateKey = async ({ displayContainer, walletAccount, password }) => {
317
+ const exportPrivateKey = async ({ container, displayContainer, walletAccount, password }) => {
293
318
  const { signature: signedSessionId } = await getSignedSessionId(sdkClient);
294
319
  const waasClient = await getWaasClient();
295
320
  const mfaToken = await consumeMfaTokenIfRequiredForAction({ mfaAction: MFAAction.WalletWaasExport }, sdkClient);
@@ -297,6 +322,7 @@ const createWaasProvider = ({ sdkClient, chain }) => {
297
322
  await waasClient.exportPrivateKey({
298
323
  accountAddress: walletAccount.address,
299
324
  authToken: sdkClient.token ?? void 0,
325
+ container,
300
326
  displayContainer,
301
327
  elevatedAccessToken,
302
328
  mfaToken,
@@ -449,6 +475,38 @@ const createWaasProvider = ({ sdkClient, chain }) => {
449
475
  };
450
476
  };
451
477
 
478
+ //#endregion
479
+ //#region src/modules/waas/exportWaasPrivateKeyToContainer/exportWaasPrivateKeyToContainer.ts
480
+ /**
481
+ * Exports the private key for a WaaS wallet account into a caller-provided
482
+ * {@link WaasSDKContainer} (e.g. a visible React Native WebView) instead of a
483
+ * DOM element.
484
+ *
485
+ * This is the container-based counterpart to `exportWaasPrivateKey` (which
486
+ * injects an iframe into a DOM `displayContainer` on web). The export ceremony
487
+ * runs — and the private key is rendered — entirely inside the container's own
488
+ * sandboxed document; the key is never exposed to the host JS layer. The caller
489
+ * owns the container's lifecycle and must call `container.destroy()` when the
490
+ * display is dismissed.
491
+ *
492
+ * @param params.walletAccount - The WaaS wallet account to export the private key from.
493
+ * @param params.container - The container that hosts the secure key display.
494
+ * @param [params.password] - Optional password to decrypt the private key.
495
+ * @param client - The Dynamic client instance. This is an internal API (exposed
496
+ * only via `@dynamic-labs-sdk/client/waas/core`), so the client is passed
497
+ * explicitly rather than defaulted — callers resolve it (e.g. via
498
+ * `getDefaultClient()`) and thread it in.
499
+ * @returns A promise that resolves when the private key export is complete.
500
+ * @not-instrumented
501
+ */
502
+ const exportWaasPrivateKeyToContainer = async ({ container, password, walletAccount }, client) => {
503
+ return getWaasWalletProviderFromWalletAccount({ walletAccount }, client).exportPrivateKey({
504
+ container,
505
+ password,
506
+ walletAccount
507
+ });
508
+ };
509
+
452
510
  //#endregion
453
511
  //#region src/modules/waas/getAllUserWaasAddressesForChain/getAllUserWaasAddressesForChain.ts
454
512
  /** @not-instrumented */
@@ -462,5 +520,5 @@ const getAllUserWaasAddressesForChain = ({ chain }, client) => {
462
520
  assertPackageVersion(name, version);
463
521
 
464
522
  //#endregion
465
- export { DYNAMIC_WAAS_METADATA, createWaasClient, createWaasProvider, getAllUserWaasAddressesForChain, getWaasChainNameFromChain };
523
+ export { DYNAMIC_WAAS_METADATA, createWaasClient, createWaasProvider, exportWaasPrivateKeyToContainer, getAllUserWaasAddressesForChain, getWaasChainNameFromChain };
466
524
  //# sourceMappingURL=waasCore.native.esm.js.map