@dynamic-labs-wallet/browser 0.0.323 → 0.0.324

package/index.cjs.js

@@ -372,6 +372,22 @@ const uploadFileToGoogleDrivePersonal = async ({ accessToken, fileName, jsonData
         ]
     });
 };
+/**
+ * Verifies that a file exists on Google Drive by fetching its metadata
+ */ const verifyUpload = async ({ accessToken, fileId })=>{
+    const verifyResponse = await fetch(`${GOOGLE_DRIVE_UPLOAD_API}/drive/v3/files/${fileId}?fields=id,name`, {
+        headers: {
+            Authorization: `Bearer ${accessToken}`
+        }
+    });
+    if (!verifyResponse.ok) {
+        throw new Error(`Upload verification failed: file ${fileId} not accessible after upload`);
+    }
+    const verifyResult = await verifyResponse.json();
+    if (verifyResult.id !== fileId) {
+        throw new Error(`Upload verification failed: expected file ID ${fileId}, got ${verifyResult.id}`);
+    }
+};
 const uploadFileToGoogleDrive = async ({ accessToken, fileName, jsonData, parents })=>{
     const metadata = {
         name: fileName,
@@ -400,6 +416,14 @@ const uploadFileToGoogleDrive = async ({ accessToken, fileName, jsonData, parent
         throw new Error('Error uploading file');
     }
     const result = await response.json();
+    const fileId = result.id;
+    if (!fileId) {
+        throw new Error('Upload response missing file ID');
+    }
+    await verifyUpload({
+        accessToken,
+        fileId
+    });
     return result; // Return file metadata, including file ID
 };
 const listFilesFromGoogleDrive = async ({ accessToken, fileName })=>{
@@ -554,6 +578,32 @@ const getClientKeyShareBackupInfo = (params)=>{
 const timeoutPromise = ({ timeInMs, activity = 'Ceremony' })=>{
     return new Promise((_, reject)=>setTimeout(()=>reject(new Error(`${activity} did not complete in ${timeInMs}ms`)), timeInMs));
 };
+const buildErrorContext = (error)=>{
+    var _error_response, _error_response1;
+    return {
+        error: error instanceof Error ? error.message : 'Unknown error',
+        errorStack: error instanceof Error ? error.stack : undefined,
+        axiosError: error instanceof axios.AxiosError ? (_error_response = error.response) == null ? void 0 : _error_response.data : undefined,
+        axiosStatus: error instanceof axios.AxiosError ? (_error_response1 = error.response) == null ? void 0 : _error_response1.status : undefined
+    };
+};
+const logRetrySuccess = (operationName, attempts, logContext)=>{
+    core.Logger.info(`Successfully executed ${operationName} after ${attempts + 1} attempts`, _extends({}, logContext, {
+        attemptsTaken: attempts + 1
+    }));
+};
+const logRetryFailure = (operationName, attempts, maxAttempts, errorContext, logContext)=>{
+    core.Logger.warn(`Failed to execute ${operationName} on attempt ${attempts}/${maxAttempts}`, _extends({}, logContext, errorContext, {
+        attempt: attempts,
+        maxAttempts,
+        willRetry: attempts < maxAttempts
+    }));
+};
+const logRetryExhausted = (operationName, maxAttempts, errorContext, logContext)=>{
+    core.Logger.error(`Failed to execute ${operationName} after ${maxAttempts} attempts - stopping retry`, _extends({}, logContext, errorContext, {
+        totalAttempts: maxAttempts
+    }));
+};
 /**
  * Generic helper function to retry a promise-based operations
  *
@@ -565,24 +615,24 @@ const timeoutPromise = ({ timeInMs, activity = 'Ceremony' })=>{
     let attempts = 0;
     while(attempts < maxAttempts){
         try {
-            return await operation();
+            const result = await operation();
+            if (attempts > 0) {
+                logRetrySuccess(operationName, attempts, logContext);
+            }
+            return result;
         } catch (error) {
-            var _error_response;
             attempts++;
-            core.Logger.warn(`Failed to execute ${operationName} on attempt ${attempts}`, _extends({}, logContext, {
-                error: error instanceof Error ? error.message : 'Unknown error',
-                axiosError: error instanceof axios.AxiosError ? (_error_response = error.response) == null ? void 0 : _error_response.data : undefined
-            }));
+            const errorContext = buildErrorContext(error);
+            logRetryFailure(operationName, attempts, maxAttempts, errorContext, logContext);
             if (attempts === maxAttempts) {
-                var _error_response1;
-                core.Logger.error(`Failed to execute ${operationName} after ${maxAttempts} attempts`, _extends({}, logContext, {
-                    error: error instanceof Error ? error.message : 'Unknown error',
-                    axiosError: error instanceof axios.AxiosError ? (_error_response1 = error.response) == null ? void 0 : _error_response1.data : undefined
-                }));
+                logRetryExhausted(operationName, maxAttempts, errorContext, logContext);
                 throw error;
             }
-            // Calculate exponential backoff delay
             const exponentialDelay = retryInterval * 2 ** (attempts - 1);
+            core.Logger.debug(`Retrying ${operationName} in ${exponentialDelay}ms`, _extends({}, logContext, {
+                nextAttempt: attempts + 1,
+                delayMs: exponentialDelay
+            }));
             await new Promise((resolve)=>setTimeout(resolve, exponentialDelay));
         }
     }
@@ -1062,49 +1112,81 @@ const initializeCloudKit = async (config, signInButtonId, onSignInRequired, onSi
     await ensureICloudAuth(onSignInRequired, onSignInComplete, onAuthStatusUpdate, authOptions);
 };
 
+/**
+ * Extracts error message and stack from an unknown error value
+ */ const getErrorDetails = (error)=>{
+    const message = error instanceof Error ? error.message : String(error);
+    const stack = error instanceof Error ? error.stack : undefined;
+    return {
+        message,
+        stack
+    };
+};
+/**
+ * Processes a single upload result and logs appropriately
+ * @returns Error message if failed, undefined if successful
+ */ const processUploadResult = (result, locationName, logContext, logger)=>{
+    if (result.status === 'fulfilled') {
+        logger.info(`[DynamicWaasWalletClient] Successfully uploaded keyshares to ${locationName}`, logContext);
+        return undefined;
+    }
+    const { message, stack } = getErrorDetails(result.reason);
+    logger.error(`[DynamicWaasWalletClient] Failed to upload keyshares to ${locationName}`, _extends({}, logContext, {
+        error: message,
+        errorStack: stack
+    }));
+    return `Failed to backup keyshares to ${locationName}: ${message}`;
+};
 /**
  * Uploads a backup to Google Drive App
  * @param accessToken - The access token for the Google Drive API
  * @param fileName - The name of the file to upload
  * @param backupData - The data to upload
  * @param accountAddress - The account address associated with the backup
- */ const uploadBackupToGoogleDrive = async ({ accessToken, fileName, backupData, accountAddress })=>{
+ * @param walletId - The wallet ID for logging context
+ * @param environmentId - The environment ID for logging context
+ * @param chainName - The chain name for logging context
+ * @param logger - The logger instance to use for logging
+ */ const uploadBackupToGoogleDrive = async ({ accessToken, fileName, backupData, accountAddress, walletId, environmentId, chainName, logger })=>{
+    const logContext = {
+        accountAddress,
+        walletId,
+        environmentId,
+        chainName,
+        fileName
+    };
+    logger.info('[DynamicWaasWalletClient] Starting Google Drive backup upload', logContext);
     const uploadPromises = [
         retryPromise(()=>uploadFileToGoogleDriveAppStorage({
                 accessToken,
                 fileName,
                 jsonData: backupData
-            })),
+            }), {
+            operationName: 'Google Drive App Storage upload',
+            logContext
+        }),
         retryPromise(()=>uploadFileToGoogleDrivePersonal({
                 accessToken,
                 fileName,
                 jsonData: backupData
-            }))
+            }), {
+            operationName: 'Google Drive Personal upload',
+            logContext
+        })
     ];
     const results = await Promise.allSettled(uploadPromises);
-    const errors = [];
-    // Check App Storage result
-    if (results[0].status === 'rejected') {
-        const error = results[0].reason;
-        core.Logger.error('[DynamicWaasWalletClient] Failed to upload keyshares to Google Drive App Storage', {
-            accountAddress,
-            error
-        });
-        errors.push(`Failed to backup keyshares to Google Drive App Storage: ${error instanceof Error ? error.message : String(error)}`);
-    }
-    // Check Personal Drive result
-    if (results[1].status === 'rejected') {
-        const error = results[1].reason;
-        core.Logger.error('[DynamicWaasWalletClient] Failed to upload keyshares to Google Drive Personal', {
-            accountAddress,
-            error
-        });
-        errors.push(`Failed to backup keyshares to Google Drive Personal: ${error instanceof Error ? error.message : String(error)}`);
-    }
-    // Throw if any uploads failed
+    const errors = [
+        processUploadResult(results[0], 'Google Drive App Storage', logContext, logger),
+        processUploadResult(results[1], 'Google Drive Personal', logContext, logger)
+    ].filter((error)=>error !== undefined);
     if (errors.length > 0) {
+        logger.error('[DynamicWaasWalletClient] Google Drive backup failed', _extends({}, logContext, {
+            errorCount: errors.length,
+            errors
+        }));
         throw new Error(`[DynamicWaasWalletClient] ${errors.join('; ')}`);
     }
+    logger.info('[DynamicWaasWalletClient] Google Drive backup completed successfully', logContext);
 };
 
 const ERROR_PASSWORD_MISMATCH = '[DynamicWaasWalletClient]: Password does not match the password used for existing wallets. All wallets must use the same password for encrypted backups.';
@@ -2476,6 +2558,17 @@ class DynamicWalletClient {
                     }, this.getTraceContext(traceContext)));
                 }
             }
+            // Create a rejection handler that will be wired up synchronously below.
+            // Promise executors run synchronously, so rejectOnSSEError is guaranteed
+            // to be assigned before serverSign is called.
+            let rejectOnSSEError;
+            const sseErrorPromise = new Promise((_, reject)=>{
+                rejectOnSSEError = reject;
+            });
+            // Prevent unhandled rejection if SSE errors before serverSignPromise resolves
+            // (sseErrorPromise would never reach Promise.race in that path)
+            // eslint-disable-next-line @typescript-eslint/no-empty-function
+            sseErrorPromise.catch(()=>{});
             // Perform the server sign
             const serverSignPromise = this.serverSign({
                 walletId: wallet.walletId,
@@ -2485,7 +2578,10 @@ class DynamicWalletClient {
                 elevatedAccessToken,
                 roomId,
                 context,
-                onError,
+                onError: (error)=>{
+                    onError == null ? void 0 : onError(error);
+                    rejectOnSSEError(error);
+                },
                 dynamicRequestId,
                 traceContext,
                 bitcoinConfig
@@ -2503,7 +2599,10 @@ class DynamicWalletClient {
             }, this.getTraceContext(traceContext)));
             let signature;
             try {
-                signature = await this.clientSign({
+                // Race clientSign against SSE errors so that server-side failures
+                // (e.g. policy violations) immediately reject instead of hanging
+                // until viem's task queue timeout.
+                const clientSignPromise = this.clientSign({
                     chainName,
                     message,
                     roomId,
@@ -2514,6 +2613,15 @@ class DynamicWalletClient {
                     traceContext,
                     bitcoinConfig
                 });
+                // Prevent unhandled rejection from the losing promise in the race:
+                // if sseErrorPromise wins, clientSign keeps running and will eventually
+                // reject (MPC timeout); if clientSign wins, sseErrorPromise may never settle.
+                // eslint-disable-next-line @typescript-eslint/no-empty-function
+                clientSignPromise.catch(()=>{});
+                signature = await Promise.race([
+                    clientSignPromise,
+                    sseErrorPromise
+                ]);
             } catch (signError) {
                 // If public key mismatch and haven't tried recovery yet, recover and retry entire operation
                 if (!hasAttemptedKeyShareRecovery) {
@@ -3569,11 +3677,28 @@ class DynamicWalletClient {
     }
     async backupSharesWithDistribution({ accountAddress, password, signedSessionId, distribution, preserveDelegatedLocation = false, passwordUpdateBatchId }) {
         const dynamicRequestId = uuid.v4();
+        // Get wallet data early for logging context (also used in catch block)
+        const walletData = this.getWalletFromMap(accountAddress);
+        // Common context for all logs in this method
+        const logContext = {
+            accountAddress,
+            dynamicRequestId,
+            walletId: walletData == null ? void 0 : walletData.walletId,
+            userId: this.userId,
+            environmentId: this.environmentId
+        };
+        this.logger.info('[backupSharesWithDistribution] Starting backup', _extends({}, logContext, {
+            hasPassword: !!password,
+            preserveDelegatedLocation,
+            passwordUpdateBatchId,
+            dynamicShareCount: distribution.clientShares.length,
+            cloudProviders: Object.keys(distribution.cloudProviderShares),
+            hasDelegatedShare: !!distribution.delegatedShare
+        }));
         try {
-            var _backupData_locationsWithKeyShares;
+            var _backupData_locationsWithKeyShares, _backupData_locationsWithKeyShares1;
             // Resolve signed session ID lazily once, so all downstream calls receive a string.
             const resolvedSignedSessionId = await this.resolveSignedSessionId(signedSessionId);
-            const walletData = this.getWalletFromMap(accountAddress);
             if (!(walletData == null ? void 0 : walletData.walletId)) {
                 const error = new Error(`WalletId not found for accountAddress ${accountAddress}`);
                 logError({
@@ -3597,13 +3722,11 @@ class DynamicWalletClient {
                     maxAttempts: 3,
                     operationName: 'encrypt key share'
                 });
-            this.logger.debug('[backupSharesWithDistribution] Pre-encrypting shares', {
+            this.logger.debug('[backupSharesWithDistribution] Pre-encrypting shares', _extends({}, logContext, {
                 dynamicShareCount: distribution.clientShares.length,
                 cloudProviders: Object.keys(distribution.cloudProviderShares),
-                hasDelegatedShare: !!distribution.delegatedShare,
-                accountAddress,
-                dynamicRequestId
-            });
+                hasDelegatedShare: !!distribution.delegatedShare
+            }));
             const preEncryptedDynamicShares = distribution.clientShares.length > 0 ? await Promise.all(distribution.clientShares.map(encryptWithRetry)) : [];
             const cloudEntries = Object.entries(distribution.cloudProviderShares).filter(([, shares])=>shares && shares.length > 0);
             const preEncryptedCloudShares = await Promise.all(cloudEntries.map(async ([provider, shares])=>({
@@ -3611,12 +3734,10 @@ class DynamicWalletClient {
                     shares: shares,
                     encrypted: await Promise.all(shares.map(encryptWithRetry))
                 })));
-            this.logger.debug('[backupSharesWithDistribution] Encryption complete, starting uploads', {
+            this.logger.debug('[backupSharesWithDistribution] Encryption complete, starting uploads', _extends({}, logContext, {
                 dynamicShareCount: preEncryptedDynamicShares.length,
-                cloudProviderCount: preEncryptedCloudShares.length,
-                accountAddress,
-                dynamicRequestId
-            });
+                cloudProviderCount: preEncryptedCloudShares.length
+            }));
             // Step 1: Upload shares in parallel, each with its own retry
             const uploadPromises = [];
             if (distribution.clientShares.length > 0) {
@@ -3665,12 +3786,10 @@ class DynamicWalletClient {
             }
             const uploadResults = await Promise.all(uploadPromises);
             const locations = uploadResults.filter((loc)=>loc !== undefined);
-            this.logger.debug('[backupSharesWithDistribution] Uploads complete, activating shares', {
+            this.logger.info('[backupSharesWithDistribution] Uploads complete, activating shares on server', _extends({}, logContext, {
                 locationCount: locations.length,
-                locations: locations.map((l)=>l.location),
-                accountAddress,
-                dynamicRequestId
-            });
+                locations: locations.map((l)=>l.location)
+            }));
             // Preserve existing delegated location
             if (preserveDelegatedLocation && !distribution.delegatedShare) {
                 const location = this.createPreservedDelegatedLocation({
@@ -3690,10 +3809,7 @@ class DynamicWalletClient {
             });
             // For password update pending responses, skip walletMap update — shares aren't active yet
             if (backupData.passwordUpdateStatus === 'pending') {
-                this.logger.debug('[backupSharesWithDistribution] Password update pending, skipping walletMap update', {
-                    accountAddress,
-                    dynamicRequestId
-                });
+                this.logger.debug('[backupSharesWithDistribution] Password update pending, skipping walletMap update', logContext);
                 return backupData;
             }
             if (passwordUpdateBatchId) {
@@ -3707,11 +3823,11 @@ class DynamicWalletClient {
                     preEncryptedDynamicShares
                 });
             }
-            var _backupData_locationsWithKeyShares1;
+            var _backupData_locationsWithKeyShares2;
             const updatedBackupInfo = getClientKeyShareBackupInfo({
                 walletProperties: {
                     derivationPath: walletData.derivationPath,
-                    keyShares: ((_backupData_locationsWithKeyShares1 = backupData.locationsWithKeyShares) != null ? _backupData_locationsWithKeyShares1 : []).map((ks)=>({
+                    keyShares: ((_backupData_locationsWithKeyShares2 = backupData.locationsWithKeyShares) != null ? _backupData_locationsWithKeyShares2 : []).map((ks)=>({
                             id: ks.id,
                             keygenId: ks.keygenId,
                             backupLocation: ks.location,
@@ -3725,21 +3841,20 @@ class DynamicWalletClient {
                 clientKeySharesBackupInfo: updatedBackupInfo
             });
             await this.storage.setItem(this.storageKey, JSON.stringify(this.walletMap));
-            var _backupData_locationsWithKeyShares_length;
-            this.logger.debug('[backupSharesWithDistribution] Backup complete', {
-                accountAddress,
-                dynamicRequestId,
-                locationCount: (_backupData_locationsWithKeyShares_length = (_backupData_locationsWithKeyShares = backupData.locationsWithKeyShares) == null ? void 0 : _backupData_locationsWithKeyShares.length) != null ? _backupData_locationsWithKeyShares_length : 0
-            });
+            var _backupData_locationsWithKeyShares_length, _backupData_locationsWithKeyShares_map;
+            this.logger.info('[backupSharesWithDistribution] Backup complete', _extends({}, logContext, {
+                locationCount: (_backupData_locationsWithKeyShares_length = (_backupData_locationsWithKeyShares = backupData.locationsWithKeyShares) == null ? void 0 : _backupData_locationsWithKeyShares.length) != null ? _backupData_locationsWithKeyShares_length : 0,
+                locations: (_backupData_locationsWithKeyShares_map = (_backupData_locationsWithKeyShares1 = backupData.locationsWithKeyShares) == null ? void 0 : _backupData_locationsWithKeyShares1.map((ks)=>ks.location)) != null ? _backupData_locationsWithKeyShares_map : []
+            }));
             return backupData;
         } catch (error) {
             logError({
                 message: 'Error in backupSharesWithDistribution',
                 error: error,
-                context: {
-                    accountAddress,
-                    dynamicRequestId
-                }
+                context: _extends({}, logContext, {
+                    chainName: walletData == null ? void 0 : walletData.chainName,
+                    errorStack: error instanceof Error ? error.stack : undefined
+                })
             });
             throw error;
         }
@@ -4350,7 +4465,8 @@ class DynamicWalletClient {
             const accessToken = await this.apiClient.getAccessToken({
                 oauthAccountId
             });
-            const thresholdSignatureScheme = this.getWalletFromMap(accountAddress).thresholdSignatureScheme;
+            const walletData = this.getWalletFromMap(accountAddress);
+            const thresholdSignatureScheme = walletData.thresholdSignatureScheme;
             const fileName = getClientKeyShareExportFileName({
                 thresholdSignatureScheme,
                 accountAddress,
@@ -4365,7 +4481,11 @@ class DynamicWalletClient {
                 accessToken,
                 fileName,
                 backupData,
-                accountAddress
+                accountAddress,
+                walletId: walletData == null ? void 0 : walletData.walletId,
+                environmentId: this.environmentId,
+                chainName: walletData == null ? void 0 : walletData.chainName,
+                logger: this.logger
             });
             return;
         } catch (error) {