npm - @dynamic-labs-wallet/browser-wallet-client - Versions diffs - 0.0.350 → 0.0.352 - Mend

@dynamic-labs-wallet/browser-wallet-client 0.0.350 → 0.0.352

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/index.cjs +342 -222
package/index.esm.js +342 -223
package/package.json +2 -2
package/src/client/client.d.ts +2 -1
package/src/client/client.d.ts.map +1 -1
package/src/client/iframeManager/IframeManager.d.ts +24 -12
package/src/client/iframeManager/IframeManager.d.ts.map +1 -1
package/src/index.d.ts +2 -1
package/src/index.d.ts.map +1 -1
package/src/services/createIframeWaasSDKContainer.d.ts +3 -0
package/src/services/createIframeWaasSDKContainer.d.ts.map +1 -0

package/index.esm.js CHANGED Viewed

@@ -236,19 +236,136 @@ const setupMessageTransportBridge = (messageTransport, iframe, iframeOrigin)=>{
     };
 };
-const FRAME_ANCESTORS_QUERY_PARAM = 'frameAncestors';
-/**
- * Whether the given iframe element is mounted and accessible.
- *
- * - contentWindow becomes null once the iframe is removed from the DOM.
- * - isConnected returns false when the element has been detached. Some test
- *   environments leave it undefined, which we treat as alive — falling back
- *   to "absence === alive" matches the production behavior on real
- *   HTMLIFrameElement.
- */ const isIframeAlive = (iframe)=>{
-    var _iframe_isConnected;
-    return !!(iframe == null ? void 0 : iframe.contentWindow) && ((_iframe_isConnected = iframe.isConnected) != null ? _iframe_isConnected : true);
+const createIframeWaasSDKContainer = ()=>{
+    let iframe = null;
+    const messageHandlers = new Set();
+    const errorHandlers = new Set();
+    let windowListenerAttached = false;
+    let cspListenerAttached = false;
+    const windowMessageListener = (event)=>{
+        if (event.source !== (iframe == null ? void 0 : iframe.contentWindow)) return;
+        // Defense in depth: verify event.origin matches the iframe's URL origin.
+        // The source check alone is insufficient — a cross-origin navigation can
+        // keep contentWindow stable while changing event.origin to an attacker.
+        let expectedOrigin;
+        try {
+            expectedOrigin = new URL(iframe.src).origin;
+        } catch (e) {
+            return;
+        }
+        if (event.origin !== expectedOrigin) return;
+        // Only forward payloads that match a known shape so a compromised iframe
+        // cannot inject arbitrary data into subscribers. Two shapes are accepted:
+        //   1. Handshake: a non-empty string (e.g. `iframe-ready-${instanceId}`).
+        //   2. Transport message: a plain object explicitly tagged `origin: 'webview'`.
+        const { data } = event;
+        const isHandshake = typeof data === 'string' && data.length > 0;
+        const isTransportMessage = typeof data === 'object' && data !== null && !Array.isArray(data) && 'origin' in data && data.origin === 'webview';
+        if (!isHandshake && !isTransportMessage) return;
+        for (const handler of messageHandlers){
+            handler(data);
+        }
+    };
+    const fireError = (error)=>{
+        for (const handler of errorHandlers){
+            handler(error);
+        }
+    };
+    const cspViolationListener = (event)=>{
+        var _event_blockedURI, _event_violatedDirective, _event_violatedDirective1;
+        const iframeOrigin = (iframe == null ? void 0 : iframe.src) ? new URL(iframe.src).origin : undefined;
+        const affectsIframe = iframeOrigin && ((_event_blockedURI = event.blockedURI) == null ? void 0 : _event_blockedURI.includes(iframeOrigin)) || ((_event_violatedDirective = event.violatedDirective) == null ? void 0 : _event_violatedDirective.includes('frame-src')) || ((_event_violatedDirective1 = event.violatedDirective) == null ? void 0 : _event_violatedDirective1.includes('child-src'));
+        if (!affectsIframe) return;
+        logger.error('CSP violation detected that may affect iframe loading:', {
+            blockedURI: event.blockedURI,
+            violatedDirective: event.violatedDirective,
+            originalPolicy: event.originalPolicy,
+            sourceFile: event.sourceFile,
+            lineNumber: event.lineNumber,
+            columnNumber: event.columnNumber,
+            iframeOrigin
+        });
+    };
+    return {
+        async setUrl (url) {
+            iframe = document.createElement('iframe');
+            iframe.style.display = 'none';
+            iframe.style.position = 'fixed';
+            iframe.style.top = '0';
+            iframe.style.left = '0';
+            iframe.style.width = '0';
+            iframe.style.height = '0';
+            iframe.style.border = 'none';
+            iframe.style.pointerEvents = 'none';
+            iframe.setAttribute('title', 'Dynamic Wallet Iframe');
+            iframe.setAttribute('sandbox', 'allow-scripts allow-same-origin allow-downloads');
+            iframe.setAttribute('referrerpolicy', 'origin');
+            iframe.onerror = (error)=>{
+                fireError(error);
+            };
+            if (!cspListenerAttached) {
+                document.addEventListener('securitypolicyviolation', cspViolationListener);
+                cspListenerAttached = true;
+            }
+            iframe.src = url;
+            document.body.appendChild(iframe);
+        },
+        sendMessage (data) {
+            if (!(iframe == null ? void 0 : iframe.contentWindow)) {
+                throw new Error('Cannot send message: iframe not loaded');
+            }
+            const origin = new URL(iframe.src).origin;
+            try {
+                iframe.contentWindow.postMessage(data, origin);
+            } catch (error) {
+                // This catches "Attempt to postMessage on disconnected port" errors
+                // which occur when the iframe has been navigated away or destroyed.
+                logger.error('Failed to post message to iframe:', error);
+                throw error;
+            }
+        },
+        onMessage (handler) {
+            messageHandlers.add(handler);
+            if (!windowListenerAttached) {
+                window.addEventListener('message', windowMessageListener);
+                windowListenerAttached = true;
+            }
+            return ()=>{
+                messageHandlers.delete(handler);
+            };
+        },
+        onError (handler) {
+            errorHandlers.add(handler);
+            return ()=>{
+                errorHandlers.delete(handler);
+            };
+        },
+        isAlive () {
+            var _iframe_isConnected;
+            // contentWindow goes null when the iframe is removed from the DOM or its
+            // page is torn down (relogin, RN modal unmount, etc.). isConnected falls
+            // back to true on jsdom where the property is absent so the production
+            // contract still holds.
+            return !!(iframe == null ? void 0 : iframe.contentWindow) && ((_iframe_isConnected = iframe.isConnected) != null ? _iframe_isConnected : true);
+        },
+        destroy () {
+            if (windowListenerAttached) {
+                window.removeEventListener('message', windowMessageListener);
+                windowListenerAttached = false;
+            }
+            if (cspListenerAttached) {
+                document.removeEventListener('securitypolicyviolation', cspViolationListener);
+                cspListenerAttached = false;
+            }
+            messageHandlers.clear();
+            errorHandlers.clear();
+            iframe == null ? void 0 : iframe.remove();
+            iframe = null;
+        }
+    };
 };
+const FRAME_ANCESTORS_QUERY_PARAM = 'frameAncestors';
 /**
  * Builds the iframe message transport with the recovery + block decorators.
  *
@@ -299,6 +416,96 @@ class IframeManager {
             throw error;
         }
     }
+    buildIframeUrlSearchParams() {
+        var _this_instanceId, _this_sdkVersion, _this_baseClientKeysharesRelayApiUrl;
+        const params = new URLSearchParams({
+            instanceId: (_this_instanceId = this.instanceId) != null ? _this_instanceId : '',
+            hostOrigin: window.location.origin,
+            environmentId: this.environmentId,
+            baseApiUrl: this.baseApiUrl,
+            baseMPCRelayApiUrl: this.baseMPCRelayApiUrl,
+            sdkVersion: (_this_sdkVersion = this.sdkVersion) != null ? _this_sdkVersion : '',
+            debug: String(this.debug),
+            baseClientKeysharesRelayApiUrl: (_this_baseClientKeysharesRelayApiUrl = this.baseClientKeysharesRelayApiUrl) != null ? _this_baseClientKeysharesRelayApiUrl : '',
+            secureStorage: this.secureStorage ? 'true' : ''
+        });
+        const seenAdditional = new Set();
+        for (const raw of this.additionalTrustedOrigins){
+            const trimmed = raw.trim();
+            if (!trimmed) {
+                continue;
+            }
+            if (trimmed.length > IframeManager.maxTrustedOriginStringLength) {
+                this.logger.warn('Skipping additionalTrustedOrigin (exceeds max length)');
+                continue;
+            }
+            try {
+                const u = new URL(trimmed);
+                if (u.protocol !== 'http:' && u.protocol !== 'https:') {
+                    this.logger.warn('Skipping additionalTrustedOrigin (unsupported scheme)', {
+                        trimmed
+                    });
+                    continue;
+                }
+                const origin = u.origin;
+                if (seenAdditional.has(origin)) {
+                    continue;
+                }
+                if (seenAdditional.size >= IframeManager.maxAdditionalTrustedOrigins) {
+                    this.logger.warn('additionalTrustedOrigin limit reached, extra entries ignored');
+                    break;
+                }
+                seenAdditional.add(origin);
+                params.append(FRAME_ANCESTORS_QUERY_PARAM, origin);
+            } catch (e) {
+                this.logger.warn('Skipping invalid additionalTrustedOrigin', {
+                    trimmed
+                });
+            }
+        }
+        return params;
+    }
+    /**
+   * Build the URL that the transport provider should load.
+   */ buildIframeUrl() {
+        const params = this.buildIframeUrlSearchParams();
+        return `${this.iframeDomain}/waas-v1/${this.environmentId}?${params.toString()}`;
+    }
+    /**
+   * Set up the bridge between the MessageTransport and the WaasSDKContainer.
+   * - Host-origin messages from the transport are forwarded to the sandbox host via sendMessage.
+   * - Messages received from the sandbox host are parsed and emitted into the transport.
+   *
+   * Returns a teardown function so callers can detach listeners when the
+   * sandbox host is rebuilt (needed by the recovery flow — the transport
+   * survives the rebuild and would otherwise accumulate stale listeners).
+   */ setupWaasSDKContainerBridge(transport, waasSDKContainer) {
+        // Forward outgoing host messages to the sandbox host
+        const transportListener = (message)=>{
+            if (message.origin === 'host') {
+                waasSDKContainer.sendMessage(message);
+            }
+        };
+        transport.on(transportListener);
+        // Forward incoming messages from the sandbox host to the transport
+        const unsubscribeFromWaasSDKContainer = waasSDKContainer.onMessage((data)=>{
+            if (typeof data !== 'object' || data === null) return;
+            if (!('origin' in data) || data.origin !== 'webview') return;
+            try {
+                const parsed = parseMessageTransportData(data);
+                if (!parsed) return;
+                transport.emit(parsed);
+            } catch (error) {
+                if (!(error instanceof SyntaxError)) {
+                    this.logger.error('Error handling incoming message:', error);
+                }
+            }
+        });
+        return ()=>{
+            transport.off(transportListener);
+            unsubscribeFromWaasSDKContainer();
+        };
+    }
     /**
    * initialize the message transport after iframe is successfully loaded
    */ async initializeMessageTransport() {
@@ -309,10 +516,16 @@ class IframeManager {
         await this.initializeIframeCommunication();
         const transport = createIframeMessageTransport();
         this.messageTransport = transport;
-        if (!this.iframe) {
-            throw new Error('Iframe not available');
+        var _this_waasSDKContainer;
+        const waasSDKContainer = (_this_waasSDKContainer = this.waasSDKContainer) != null ? _this_waasSDKContainer : IframeManager.sharedWaasSDKContainer;
+        if (waasSDKContainer) {
+            this.cleanupBridge = this.setupWaasSDKContainerBridge(transport, waasSDKContainer);
+        } else if (this.iframe) {
+            // Fallback for the display container flow which still uses raw iframes
+            this.cleanupBridge = setupMessageTransportBridge(this.messageTransport, this.iframe, this.iframeDomain);
+        } else {
+            throw new Error('No sandbox host or iframe available');
         }
-        this.cleanupBridge = setupMessageTransportBridge(this.messageTransport, this.iframe, this.iframeDomain);
         this.iframeMessageHandler = new iframeMessageHandler(this.messageTransport);
         // Set up request channel to handle messages from iframe (for secureStorage and getSignedSessionId)
         if (this.secureStorage || this.getSignedSessionIdCallback) {
@@ -338,51 +551,60 @@ class IframeManager {
         await this.initAuthToken();
     }
     /**
-   * Rebuild the iframe and its bridge while preserving the message transport
+   * Rebuild the sandbox host and its bridge while preserving the message transport
    * (which owns the request channel's retry timer and recovery manager).
    *
    * Triggered by the request channel's recovery flow when an outgoing message
    * goes 5s without an ack — typically because the iframe was torn down by a
    * relogin or RN modal unmount and the host still holds a stale reference.
    */ async recoverIframe(transport) {
-        // If sharedIframe is still alive (contentWindow + connected), the request
-        // channel's 5s timeout fired for a *non-iframe-death* reason — slow
-        // server, overloaded MPC ceremony, etc. Rebuilding the iframe in that
-        // case actively breaks things: it removes a healthy iframe out from
-        // under in-flight operations and amplifies retries when the next
-        // message also times out → endless cascade.
+        var _IframeManager_sharedWaasSDKContainer;
+        // If the shared container is still alive, the request channel's 5s timeout
+        // fired for a *non-death* reason — slow server, overloaded MPC ceremony,
+        // etc. Rebuilding in that case actively breaks things: it tears a healthy
+        // container out from under in-flight operations and amplifies retries when
+        // the next message also times out → endless cascade.
         //
         // Just unblock the transport (the request channel's own retry will
-        // re-send the message on the same live iframe) and bail out. Only the
-        // real dead-iframe case below falls through to the rebuild.
-        if (isIframeAlive(IframeManager.sharedIframe)) {
-            this.logger.info('(recoverIframe) Iframe still alive — request-channel timeout, skipping rebuild');
-            this.iframe = IframeManager.sharedIframe;
+        // re-send the message on the same live container) and bail out. Only the
+        // real dead-container case below falls through to the rebuild.
+        if ((_IframeManager_sharedWaasSDKContainer = IframeManager.sharedWaasSDKContainer) == null ? void 0 : _IframeManager_sharedWaasSDKContainer.isAlive()) {
+            this.logger.info('(recoverIframe) Container still alive — request-channel timeout, skipping rebuild');
+            this.waasSDKContainer = IframeManager.sharedWaasSDKContainer;
             transport.unblock();
             return;
         }
-        // Detach listeners attached to the dead iframe.
+        // Detach listeners attached to the dead container, then destroy it.
+        // The transport, iframeMessageHandler, and iframeRequestChannel are
+        // intentionally kept — they're tied to the request channel's in-flight
+        // retry that we want to flush after rebuild.
         this.cleanupBridge == null ? void 0 : this.cleanupBridge.call(this);
         this.cleanupBridge = null;
-        this.iframe = null;
-        // Defer the DOM rebuild + concurrency control to loadIframe(): the first
-        // chain to land here will fall through to the remount branch (sharedIframe
-        // is dead, iframeLoadPromise is null), set iframeLoadPromise, and start
-        // the mount. Subsequent chains' loadIframe() calls during this window see
-        // iframeLoadPromise set and await the same load — concurrent rebuilds
-        // collapse for free, no extra static needed.
+        if (IframeManager.sharedWaasSDKContainer) {
+            IframeManager.sharedWaasSDKContainer.destroy();
+            IframeManager.sharedWaasSDKContainer = null;
+        }
+        IframeManager.iframeLoadPromise = null;
+        this.waasSDKContainer = null;
+        // Defer the rebuild + concurrency control to loadIframe(): the first
+        // chain to land here will fall through to the remount branch (shared
+        // container is dead, iframeLoadPromise is null), set iframeLoadPromise,
+        // and start the mount. Subsequent chains' loadIframe() calls during this
+        // window see iframeLoadPromise set and await the same load — concurrent
+        // rebuilds collapse for free, no extra static needed.
         //
         // The transport, iframeMessageHandler, and iframeRequestChannel are
         // intentionally kept — they're tied to the request channel's in-flight
         // retry that we want to flush after rebuild.
-        this.logger.info('(recoverIframe) Rebuilding shared iframe');
+        this.logger.info('(recoverIframe) Rebuilding shared container');
         await this.loadIframe();
-        this.iframe = IframeManager.sharedIframe;
-        if (!this.iframe) {
-            throw new Error('Failed to mount fresh iframe during recovery');
+        var _this_waasSDKContainer;
+        const waasSDKContainer = (_this_waasSDKContainer = this.waasSDKContainer) != null ? _this_waasSDKContainer : IframeManager.sharedWaasSDKContainer;
+        if (!waasSDKContainer) {
+            throw new Error('Failed to mount fresh container during recovery');
         }
-        this.cleanupBridge = setupMessageTransportBridge(transport, this.iframe, this.iframeDomain);
-        // Re-send auth token to the new iframe before the queued retry flushes.
+        this.cleanupBridge = this.setupWaasSDKContainerBridge(transport, waasSDKContainer);
+        // Re-send auth token to the new sandbox host before the queued retry flushes.
         // sendAuthToken bypasses the block (see bypassBlockIf in
         // createIframeMessageTransport), so this resolves before unblock() runs
         // and the queued operation hits an authenticated iframe.
@@ -460,44 +682,52 @@ class IframeManager {
         }
     }
     /**
-   * Reset the shared iframe and iframe load promise, and iframe instance count
-   */ async resetSharedIframe() {
+   * Reset the shared provider and iframe load promise, and iframe instance count
+   */ resetSharedWaasSDKContainer() {
         this.cleanupBridge == null ? void 0 : this.cleanupBridge.call(this);
         this.cleanupBridge = null;
-        IframeManager.sharedIframe = null;
+        if (IframeManager.sharedWaasSDKContainer) {
+            IframeManager.sharedWaasSDKContainer.destroy();
+            IframeManager.sharedWaasSDKContainer = null;
+        }
         IframeManager.iframeInstanceCount = 0;
         IframeManager.iframeLoadPromise = null;
-        this.iframe = null;
+        this.waasSDKContainer = null;
         this.iframeMessageHandler = null;
         this.messageTransport = null;
         // Double the timeout and cap at 60 seconds to give more time for slow networks
         IframeManager.iframeLoadTimeout = Math.min(IframeManager.iframeLoadTimeout * 2, 60000);
     }
     async loadIframe() {
-        var // sharedIframe is dead (or never existed) and no load is in flight.
-        // Clear the stale corpse so createIframeLoadPromise mounts a fresh one.
-        _IframeManager_sharedIframe;
-        // If sharedIframe is still alive (contentWindow + connected), reuse it.
-        // The alive check (not just `if sharedIframe`) is what lets recoverIframe
-        // simply call loadIframe again on a dead iframe: we fall through to the
-        // remount branch below instead of adopting the corpse.
-        if (isIframeAlive(IframeManager.sharedIframe)) {
-            this.assignExistingIframe();
+        var _IframeManager_sharedWaasSDKContainer;
+        // If the shared container is still alive, reuse it. The alive check (not
+        // just `if sharedWaasSDKContainer`) is what lets recoverIframe simply call
+        // loadIframe again on a dead container: we fall through to the remount
+        // branch below instead of adopting the corpse.
+        if ((_IframeManager_sharedWaasSDKContainer = IframeManager.sharedWaasSDKContainer) == null ? void 0 : _IframeManager_sharedWaasSDKContainer.isAlive()) {
+            this.waasSDKContainer = IframeManager.sharedWaasSDKContainer;
+            IframeManager.iframeInstanceCount++;
             return Promise.resolve();
         }
         // If a load is in progress, wait for it, then assign
         if (IframeManager.iframeLoadPromise) {
             return IframeManager.iframeLoadPromise.then(()=>{
-                this.assignExistingIframe();
+                this.waasSDKContainer = IframeManager.sharedWaasSDKContainer;
+                IframeManager.iframeInstanceCount++;
             });
         }
-        (_IframeManager_sharedIframe = IframeManager.sharedIframe) == null ? void 0 : _IframeManager_sharedIframe.remove();
-        IframeManager.sharedIframe = null;
-        const loadPromise = IframeManager.iframeLoadPromise = this.createIframeLoadPromise();
+        // sharedWaasSDKContainer is dead (or never existed) and no load is in
+        // flight. Destroy the stale corpse so createWaasSDKContainerLoadPromise
+        // mounts a fresh one.
+        if (IframeManager.sharedWaasSDKContainer) {
+            IframeManager.sharedWaasSDKContainer.destroy();
+            IframeManager.sharedWaasSDKContainer = null;
+        }
+        const loadPromise = IframeManager.iframeLoadPromise = this.createWaasSDKContainerLoadPromise();
         // Clear iframeLoadPromise once the load settles so the "in flight" branch
         // above only fires while a load is actually pending. Otherwise it would
         // keep returning a resolved promise pointing at the (potentially later
-        // dead) iframe, and the next caller would adopt a corpse without ever
+        // dead) container, and the next caller would adopt a corpse without ever
         // taking the remount branch.
         //
         // The trailing .catch swallows the rejection that finally re-throws —
@@ -513,95 +743,63 @@ class IframeManager {
         });
         return loadPromise;
     }
-    assignExistingIframe() {
-        this.iframe = IframeManager.sharedIframe;
-        IframeManager.iframeInstanceCount++;
-    }
-    createIframeLoadPromise() {
+    createWaasSDKContainerLoadPromise() {
         return new Promise((resolve, reject)=>{
-            // Listen for CSP violations that might block the iframe
-            const cspViolationListener = (event)=>{
-                var _event_blockedURI, _event_violatedDirective, _event_violatedDirective1;
-                if (this.iframeDomain && ((_event_blockedURI = event.blockedURI) == null ? void 0 : _event_blockedURI.includes(this.iframeDomain)) || ((_event_violatedDirective = event.violatedDirective) == null ? void 0 : _event_violatedDirective.includes('frame-src')) || ((_event_violatedDirective1 = event.violatedDirective) == null ? void 0 : _event_violatedDirective1.includes('child-src'))) {
-                    this.logger.error('CSP violation detected that may affect iframe loading:', {
-                        blockedURI: event.blockedURI,
-                        violatedDirective: event.violatedDirective,
-                        originalPolicy: event.originalPolicy,
-                        sourceFile: event.sourceFile,
-                        lineNumber: event.lineNumber,
-                        columnNumber: event.columnNumber,
-                        iframeDomain: this.iframeDomain
-                    });
-                }
-            };
-            document.addEventListener('securitypolicyviolation', cspViolationListener);
-            const cleanupCspListener = ()=>{
-                document.removeEventListener('securitypolicyviolation', cspViolationListener);
-            };
             const attemptLoad = ()=>{
                 IframeManager.iframeLoadAttempts++;
                 this.logger.debug(`Loading iframe for waas wallet client... (attempt ${IframeManager.iframeLoadAttempts}/${IframeManager.maxRetryAttempts + 1})`, this.getIframeContext());
-                const iframe = document.createElement('iframe');
-                let messageListener = null;
+                const waasSDKContainer = this.createWaasSDKContainer();
                 const context = _extends({}, this.getIframeContext(), {
                     attempt: IframeManager.iframeLoadAttempts
                 });
-                // Set up timeout that will trigger iframe error, a retry will be triggered on this iframe error
-                const iframeTimeoutId = setTimeout(()=>{
-                    if (iframe.onerror) {
-                        iframe.onerror('Iframe load timeout');
+                const handleError = (error)=>{
+                    clearTimeout(timeoutId);
+                    unsubscribeHandshake();
+                    unsubscribeError();
+                    waasSDKContainer.destroy();
+                    // Check if we should retry
+                    if (IframeManager.iframeLoadAttempts <= IframeManager.maxRetryAttempts) {
+                        const errorMsg = error instanceof Error ? error.message : String(error);
+                        this.logger.warn(`(loadIframe) Iframe failed to load on attempt ${IframeManager.iframeLoadAttempts}, retrying... context: ${JSON.stringify(context)}, error: ${errorMsg}`);
+                        // Retry after a short delay
+                        setTimeout(attemptLoad, 1000);
+                    } else {
+                        // Max retries reached, give up
+                        this.logger.error('Iframe failed to load after all retry attempts: ', error);
+                        this.resetSharedWaasSDKContainer();
+                        IframeManager.iframeLoadAttempts = 0;
+                        reject(new Error(`Failed to load iframe after all retry attempts... context: ${JSON.stringify(context)}`));
                     }
-                }, IframeManager.iframeLoadTimeout);
-                const resolveWithCleanup = ()=>{
-                    cleanupCspListener();
-                    resolve();
-                };
-                const rejectWithCleanup = (reason)=>{
-                    cleanupCspListener();
-                    reject(reason);
                 };
-                messageListener = this.createMessageListener(iframe, iframeTimeoutId, resolveWithCleanup);
-                window.addEventListener('message', messageListener);
-                this.configureIframe(iframe);
-                this.setIframeSource(iframe);
-                this.logger.debug('Creating iframe with src:', iframe.src);
-                document.body.appendChild(iframe);
-                this.setupIframeEventHandlersWithRetry(iframe, messageListener, iframeTimeoutId, rejectWithCleanup, attemptLoad, context);
+                // Set up timeout (handleError closure captures timeoutId/unsubscribe* declared below;
+                // they are assigned synchronously before any async callback can fire).
+                const timeoutId = setTimeout(()=>{
+                    handleError('Iframe load timeout');
+                }, IframeManager.iframeLoadTimeout);
+                // Surface container-level errors (e.g. iframe.onerror) so we don't wait for the full timeout.
+                const unsubscribeError = waasSDKContainer.onError(handleError);
+                // Listen for the handshake message through the sandbox host's onMessage
+                const unsubscribeHandshake = waasSDKContainer.onMessage((data)=>{
+                    if (data === `iframe-ready-${this.instanceId}`) {
+                        clearTimeout(timeoutId);
+                        unsubscribeHandshake();
+                        unsubscribeError();
+                        IframeManager.sharedWaasSDKContainer = waasSDKContainer;
+                        this.waasSDKContainer = waasSDKContainer;
+                        IframeManager.iframeInstanceCount++;
+                        IframeManager.iframeLoadAttempts = 0; // Reset retry counter on success
+                        resolve();
+                        this.logger.debug('Iframe loaded successfully...', this.getIframeContext());
+                    }
+                });
+                const url = this.buildIframeUrl();
+                this.logger.debug('Creating iframe with src:', url);
+                waasSDKContainer.setUrl(url).catch(handleError);
             };
             // Start the first attempt
             attemptLoad();
         });
     }
-    setupIframeEventHandlersWithRetry(iframe, messageListener, iframeTimeoutId, reject, attemptLoad, context) {
-        iframe.onload = ()=>{
-            this.logger.debug('Iframe onload fired, waiting for ready message...');
-        };
-        iframe.onerror = (error)=>{
-            if (messageListener) {
-                window.removeEventListener('message', messageListener);
-            }
-            clearTimeout(iframeTimeoutId);
-            // Check if we should retry
-            if (IframeManager.iframeLoadAttempts <= IframeManager.maxRetryAttempts) {
-                const errorMsg = error instanceof Error ? error.message : 'Unknown error occurred.';
-                this.logger.warn(`(loadIframe) Iframe failed to load on attempt ${IframeManager.iframeLoadAttempts}, retrying... context: ${JSON.stringify(context)}, error: ${errorMsg}`);
-                // Clean up current attempt
-                if (iframe.parentNode) {
-                    iframe.parentNode.removeChild(iframe);
-                }
-                // Retry after a short delay
-                setTimeout(()=>{
-                    attemptLoad();
-                }, 1000); // 1 second delay between retries
-            } else {
-                // Max retries reached, give up
-                this.logger.error('Iframe failed to load after all retry attempts: ', error);
-                this.resetSharedIframe();
-                IframeManager.iframeLoadAttempts = 0;
-                reject(new Error(`Failed to load iframe after all retry attempts... context: ${JSON.stringify(context)}`));
-            }
-        };
-    }
     getIframeContext() {
         var _this_sdkVersion;
         return {
@@ -613,87 +811,6 @@ class IframeManager {
             iframeLoadTimeout: IframeManager.iframeLoadTimeout
         };
     }
-    createMessageListener(iframe, iframeTimeoutId, resolve) {
-        const messageListener = (event)=>{
-            if (event.source === iframe.contentWindow && event.data === `iframe-ready-${this.instanceId}`) {
-                window.removeEventListener('message', messageListener);
-                clearTimeout(iframeTimeoutId);
-                IframeManager.sharedIframe = iframe;
-                this.iframe = iframe;
-                IframeManager.iframeInstanceCount++;
-                IframeManager.iframeLoadAttempts = 0; // Reset retry counter on success
-                resolve();
-                this.logger.debug('Iframe loaded successfully...', this.getIframeContext());
-            }
-        };
-        return messageListener;
-    }
-    configureIframe(iframe) {
-        iframe.style.display = 'none';
-        iframe.setAttribute('title', 'Dynamic Wallet Iframe');
-        iframe.setAttribute('sandbox', 'allow-scripts allow-same-origin allow-downloads');
-        iframe.setAttribute('referrerpolicy', 'origin');
-        iframe.style.position = 'fixed';
-        iframe.style.top = '0';
-        iframe.style.left = '0';
-        iframe.style.width = '0';
-        iframe.style.height = '0';
-        iframe.style.border = 'none';
-        iframe.style.pointerEvents = 'none';
-    }
-    buildIframeUrlSearchParams() {
-        var _this_instanceId, _this_sdkVersion, _this_baseClientKeysharesRelayApiUrl;
-        const params = new URLSearchParams({
-            instanceId: (_this_instanceId = this.instanceId) != null ? _this_instanceId : '',
-            hostOrigin: window.location.origin,
-            environmentId: this.environmentId,
-            baseApiUrl: this.baseApiUrl,
-            baseMPCRelayApiUrl: this.baseMPCRelayApiUrl,
-            sdkVersion: (_this_sdkVersion = this.sdkVersion) != null ? _this_sdkVersion : '',
-            debug: String(this.debug),
-            baseClientKeysharesRelayApiUrl: (_this_baseClientKeysharesRelayApiUrl = this.baseClientKeysharesRelayApiUrl) != null ? _this_baseClientKeysharesRelayApiUrl : '',
-            secureStorage: this.secureStorage ? 'true' : ''
-        });
-        const seenAdditional = new Set();
-        for (const raw of this.additionalTrustedOrigins){
-            const trimmed = raw.trim();
-            if (!trimmed) {
-                continue;
-            }
-            if (trimmed.length > IframeManager.maxTrustedOriginStringLength) {
-                this.logger.warn('Skipping additionalTrustedOrigin (exceeds max length)');
-                continue;
-            }
-            try {
-                const u = new URL(trimmed);
-                if (u.protocol !== 'http:' && u.protocol !== 'https:') {
-                    this.logger.warn('Skipping additionalTrustedOrigin (unsupported scheme)', {
-                        trimmed
-                    });
-                    continue;
-                }
-                const origin = u.origin;
-                if (seenAdditional.has(origin)) {
-                    continue;
-                }
-                if (seenAdditional.size >= IframeManager.maxAdditionalTrustedOrigins) {
-                    this.logger.warn('additionalTrustedOrigin limit reached, extra entries ignored');
-                    break;
-                }
-                seenAdditional.add(origin);
-                params.append(FRAME_ANCESTORS_QUERY_PARAM, origin);
-            } catch (e) {
-                this.logger.warn('Skipping invalid additionalTrustedOrigin', {
-                    trimmed
-                });
-            }
-        }
-        return params;
-    }
-    setIframeSource(iframe) {
-        const params = this.buildIframeUrlSearchParams();
-        iframe.src = `${this.iframeDomain}/waas-v1/${this.environmentId}?${params.toString()}`;
-    }
     /**
    * Load an iframe for a specific container
    * @param {HTMLElement} container - The container to which the iframe will be attached
@@ -749,7 +866,6 @@ class IframeManager {
                         window.removeEventListener('message', messageListener);
                     }
                     clearTimeout(iframeTimeoutId);
-                    IframeManager.sharedIframe = iframe;
                     this.iframe = iframe;
                     IframeManager.iframeInstanceCount++;
                     resolve(iframe);
@@ -833,16 +949,16 @@ class IframeManager {
                 error: error instanceof Error ? error.message : error
             });
         }
-        if (this.iframe) {
+        if (this.waasSDKContainer) {
             IframeManager.iframeInstanceCount--;
-            if (IframeManager.sharedIframe && IframeManager.iframeInstanceCount === 0) {
+            if (IframeManager.sharedWaasSDKContainer && IframeManager.iframeInstanceCount === 0) {
                 this.cleanupBridge == null ? void 0 : this.cleanupBridge.call(this);
                 this.cleanupBridge = null;
-                document.body.removeChild(IframeManager.sharedIframe);
-                IframeManager.sharedIframe = null;
+                IframeManager.sharedWaasSDKContainer.destroy();
+                IframeManager.sharedWaasSDKContainer = null;
                 IframeManager.iframeLoadPromise = null;
             }
-            this.iframe = null;
+            this.waasSDKContainer = null;
         }
     }
     constructor({ environmentId, baseApiUrl, baseMPCRelayApiUrl, chainName, sdkVersion, authMode = AuthMode.HEADER, authToken, debug, baseClientKeysharesRelayApiUrl, additionalTrustedOrigins }, internalOptions){
@@ -855,6 +971,7 @@ class IframeManager {
    * listeners. Tracked so we can rebuild the bridge on iframe recovery without
    * leaking listeners against the dead iframe. */ this.cleanupBridge = null;
         this.iframe = null;
+        this.waasSDKContainer = null;
         this.environmentId = environmentId;
         this.authToken = authToken;
         this.authMode = authMode;
@@ -874,6 +991,8 @@ class IframeManager {
         if (internalOptions == null ? void 0 : internalOptions.getSignedSessionId) {
             this.getSignedSessionIdCallback = internalOptions.getSignedSessionId;
         }
+        var _internalOptions_createWaasSDKContainer;
+        this.createWaasSDKContainer = (_internalOptions_createWaasSDKContainer = internalOptions == null ? void 0 : internalOptions.createWaasSDKContainer) != null ? _internalOptions_createWaasSDKContainer : createIframeWaasSDKContainer;
         const environment = getEnvironmentFromUrl(baseApiUrl);
         this.iframeDomain = IFRAME_DOMAIN_MAP[environment];
         if (this.authMode === AuthMode.COOKIE) {
@@ -889,7 +1008,7 @@ IframeManager.iframeLoadPromise = null;
 IframeManager.iframeLoadTimeout = 10000;
 IframeManager.iframeLoadAttempts = 0;
 IframeManager.maxRetryAttempts = 1;
-IframeManager.sharedIframe = null;
+IframeManager.sharedWaasSDKContainer = null;
 IframeManager.iframeInstanceCount = 0;
 IframeManager.maxAdditionalTrustedOrigins = 32;
 IframeManager.maxTrustedOriginStringLength = 200;
@@ -1299,4 +1418,4 @@ class DynamicWalletClient extends IframeManager {
     }
 }
-export { DynamicWalletClient };
+export { DynamicWalletClient, createIframeWaasSDKContainer };