@dynamic-labs-wallet/browser 0.0.325 → 0.0.327

package/{index.cjs.js → index.cjs}

@@ -352,6 +352,75 @@ class InvalidPasswordError extends Error {
 };
 
 const GOOGLE_DRIVE_UPLOAD_API = 'https://www.googleapis.com';
+const NON_RETRYABLE_AUTH_REASONS = new Set([
+    'insufficientPermissions',
+    'unauthorized',
+    'authError'
+]);
+const NON_RETRYABLE_AUTH_DETAIL_REASONS = new Set([
+    'ACCESS_TOKEN_SCOPE_INSUFFICIENT',
+    'ACCESS_TOKEN_EXPIRED',
+    'CREDENTIALS_MISSING'
+]);
+const RATE_LIMIT_REASONS = new Set([
+    'rateLimitExceeded',
+    'userRateLimitExceeded',
+    'dailyLimitExceeded'
+]);
+const NETWORK_ERROR = {
+    message: 'Could not reach Google Drive. Please check your internet connection and try again.',
+    isRetryable: true
+};
+/**
+ * Maps a Google Drive API error to an actionable user-facing message and a retry hint.
+ * The retry hint is consumed by retryPromise to short-circuit on non-transient failures.
+ */ const mapGoogleDriveUploadError = (httpStatus, body)=>{
+    var _error_errors_, _error_errors, _error_details_, _error_details;
+    const error = body == null ? void 0 : body.error;
+    const reason = error == null ? void 0 : (_error_errors = error.errors) == null ? void 0 : (_error_errors_ = _error_errors[0]) == null ? void 0 : _error_errors_.reason;
+    const detailReason = error == null ? void 0 : (_error_details = error.details) == null ? void 0 : (_error_details_ = _error_details[0]) == null ? void 0 : _error_details_.reason;
+    if (httpStatus === 401 || reason && NON_RETRYABLE_AUTH_REASONS.has(reason) || detailReason && NON_RETRYABLE_AUTH_DETAIL_REASONS.has(detailReason)) {
+        return {
+            message: 'Google Drive access denied: missing or insufficient permissions. Make sure the app is requesting Drive permission and that you allowed it during sign-in, then try again.',
+            isRetryable: false
+        };
+    }
+    if (reason === 'storageQuotaExceeded') {
+        return {
+            message: 'Google Drive storage is full. Free up space in your Google Drive and try again.',
+            isRetryable: false
+        };
+    }
+    if (httpStatus === 429 || reason && RATE_LIMIT_REASONS.has(reason)) {
+        return {
+            message: 'Google Drive is temporarily rate-limited. Please try again in a few moments.',
+            isRetryable: true
+        };
+    }
+    if (httpStatus >= 500 && httpStatus < 600) {
+        return {
+            message: 'Google Drive is temporarily unavailable. Please try again shortly.',
+            isRetryable: true
+        };
+    }
+    const detail = reason != null ? reason : error == null ? void 0 : error.status;
+    return {
+        message: detail ? `Google Drive upload failed (HTTP ${httpStatus}: ${detail}).` : `Google Drive upload failed (HTTP ${httpStatus}).`,
+        isRetryable: false
+    };
+};
+const parseGoogleDriveErrorBody = async (response)=>{
+    try {
+        return await response.json();
+    } catch (e) {
+        return null;
+    }
+};
+const createGoogleDriveError = (mapped)=>{
+    const error = new Error(mapped.message);
+    error.isRetryable = mapped.isRetryable;
+    return error;
+};
 const uploadFileToGoogleDriveAppStorage = async ({ accessToken, fileName, jsonData })=>{
     return uploadFileToGoogleDrive({
         accessToken,
@@ -373,19 +442,24 @@ const uploadFileToGoogleDrivePersonal = async ({ accessToken, fileName, jsonData
     });
 };
 /**
- * Verifies that a file exists on Google Drive by fetching its metadata
- */ const verifyUpload = async ({ accessToken, fileId })=>{
-    const verifyResponse = await fetch(`${GOOGLE_DRIVE_UPLOAD_API}/drive/v3/files/${fileId}?fields=id,name`, {
+ * Verifies that a file exists on Google Drive by listing files
+ * Uses appropriate space parameter based on upload location
+ */ const verifyUpload = async ({ accessToken, fileId, fileName, isAppDataFolder })=>{
+    var _verifyResult_files;
+    const spacesParam = isAppDataFolder ? "appDataFolder" : "drive";
+    const nameQuery = `name='${fileName}'`;
+    const verifyResponse = await fetch(`${GOOGLE_DRIVE_UPLOAD_API}/drive/v3/files?q=${encodeURIComponent(nameQuery)}&spaces=${spacesParam}&fields=files(id,name)`, {
         headers: {
             Authorization: `Bearer ${accessToken}`
         }
     });
     if (!verifyResponse.ok) {
-        throw new Error(`Upload verification failed: file ${fileId} not accessible after upload`);
+        throw new Error(`Upload verification failed: could not list files in ${spacesParam}`);
     }
     const verifyResult = await verifyResponse.json();
-    if (verifyResult.id !== fileId) {
-        throw new Error(`Upload verification failed: expected file ID ${fileId}, got ${verifyResult.id}`);
+    const uploadedFile = (_verifyResult_files = verifyResult.files) == null ? void 0 : _verifyResult_files.find((f)=>f.id === fileId);
+    if (!uploadedFile) {
+        throw new Error(`Upload verification failed: file ${fileId} not found in ${spacesParam}`);
     }
 };
 const uploadFileToGoogleDrive = async ({ accessToken, fileName, jsonData, parents })=>{
@@ -411,9 +485,12 @@ const uploadFileToGoogleDrive = async ({ accessToken, fileName, jsonData, parent
             Authorization: `Bearer ${accessToken}`
         },
         body: form
+    }).catch(()=>{
+        throw createGoogleDriveError(NETWORK_ERROR);
     });
     if (!response.ok) {
-        throw new Error('Error uploading file');
+        const body = await parseGoogleDriveErrorBody(response);
+        throw createGoogleDriveError(mapGoogleDriveUploadError(response.status, body));
     }
     const result = await response.json();
     const fileId = result.id;
@@ -422,13 +499,16 @@ const uploadFileToGoogleDrive = async ({ accessToken, fileName, jsonData, parent
     }
     await verifyUpload({
         accessToken,
-        fileId
+        fileId,
+        fileName,
+        isAppDataFolder: parents.includes('appDataFolder')
     });
     return result; // Return file metadata, including file ID
 };
 const listFilesFromGoogleDrive = async ({ accessToken, fileName })=>{
-    // Step 1: List all files inside `appDataFolder` with the specified backup filename
-    const resp = await fetch(`${GOOGLE_DRIVE_UPLOAD_API}/drive/v3/files?q=${encodeURIComponent(`name='${fileName}'`)}&spaces=appDataFolder&orderBy=createdTime desc`, {
+    // List all files inside appDataFolder with the specified backup filename
+    const nameQuery = `name='${fileName}'`;
+    const resp = await fetch(`${GOOGLE_DRIVE_UPLOAD_API}/drive/v3/files?q=${encodeURIComponent(nameQuery)}&spaces=${"appDataFolder"}&orderBy=createdTime desc`, {
         headers: {
             Authorization: `Bearer ${accessToken}`
         }
@@ -592,11 +672,11 @@ const logRetrySuccess = (operationName, attempts, logContext)=>{
         attemptsTaken: attempts + 1
     }));
 };
-const logRetryFailure = (operationName, attempts, maxAttempts, errorContext, logContext)=>{
+const logRetryFailure = (operationName, attempts, maxAttempts, errorContext, logContext, isNonRetryable = false)=>{
     core.Logger.warn(`Failed to execute ${operationName} on attempt ${attempts}/${maxAttempts}`, _extends({}, logContext, errorContext, {
         attempt: attempts,
         maxAttempts,
-        willRetry: attempts < maxAttempts
+        willRetry: !isNonRetryable && attempts < maxAttempts
     }));
 };
 const logRetryExhausted = (operationName, maxAttempts, errorContext, logContext)=>{
@@ -623,7 +703,12 @@ const logRetryExhausted = (operationName, maxAttempts, errorContext, logContext)
         } catch (error) {
             attempts++;
             const errorContext = buildErrorContext(error);
-            logRetryFailure(operationName, attempts, maxAttempts, errorContext, logContext);
+            const isNonRetryable = (error == null ? void 0 : error.isRetryable) === false;
+            logRetryFailure(operationName, attempts, maxAttempts, errorContext, logContext, isNonRetryable);
+            if (isNonRetryable) {
+                core.Logger.debug(`Skipping retry for ${operationName}: error marked non-retryable`, _extends({}, logContext, errorContext));
+                throw error;
+            }
             if (attempts === maxAttempts) {
                 logRetryExhausted(operationName, maxAttempts, errorContext, logContext);
                 throw error;
@@ -739,6 +824,27 @@ const downloadStringAsFile = ({ filename, content, mimeType = 'application/json'
     }
     return false;
 };
+/**
+ * Determines whether a reshare operation should reuse the wallet's existing backup locations.
+ *
+ * **Why this exists:**
+ * When `reshareOnNextSignOn` is triggered (e.g., after Google OAuth refresh), the reshare happens
+ * automatically without the caller specifying backup parameters. Without this detection, the reshare
+ * would proceed with empty backup locations, potentially losing the user's Google Drive or
+ * delegation backup configuration.
+ *
+ * **When it returns true:**
+ * - Same threshold (not upgrading/downgrading the signature scheme)
+ * - No cloud providers explicitly passed (caller didn't request backup changes)
+ * - No delegation explicitly passed (caller didn't request delegation changes)
+ *
+ * When true, the reshare will auto-populate backup locations from the wallet's existing
+ * `clientKeySharesBackupInfo` state, ensuring backups are preserved.
+ */ const shouldReshareToSameBackups = ({ oldThresholdSignatureScheme, newThresholdSignatureScheme, cloudProviders = [], delegateToProjectEnvironment = false })=>{
+    const isSameThreshold = oldThresholdSignatureScheme === newThresholdSignatureScheme;
+    const noBackupChangesRequested = cloudProviders.length === 0 && !delegateToProjectEnvironment;
+    return isSameThreshold && noBackupChangesRequested;
+};
 
 const CLOUDKIT_CDN_URL = 'https://cdn.apple-cloudkit.com/ck/2/cloudkit.js';
 const BACKUP_RECORD_TYPE = 'Backup';
@@ -1124,18 +1230,24 @@ const initializeCloudKit = async (config, signInButtonId, onSignInRequired, onSi
 };
 /**
  * Processes a single upload result and logs appropriately
- * @returns Error message if failed, undefined if successful
+ * @returns Failure details if rejected, undefined if successful
  */ const processUploadResult = (result, locationName, logContext, logger)=>{
+    var _result_reason;
     if (result.status === 'fulfilled') {
         logger.info(`[DynamicWaasWalletClient] Successfully uploaded keyshares to ${locationName}`, logContext);
         return undefined;
     }
     const { message, stack } = getErrorDetails(result.reason);
+    const isRetryable = ((_result_reason = result.reason) == null ? void 0 : _result_reason.isRetryable) !== false;
     logger.error(`[DynamicWaasWalletClient] Failed to upload keyshares to ${locationName}`, _extends({}, logContext, {
         error: message,
         errorStack: stack
     }));
-    return `Failed to backup keyshares to ${locationName}: ${message}`;
+    return {
+        locationName,
+        message,
+        isRetryable
+    };
 };
 /**
  * Uploads a backup to Google Drive App
@@ -1175,16 +1287,27 @@ const initializeCloudKit = async (config, signInButtonId, onSignInRequired, onSi
         })
     ];
     const results = await Promise.allSettled(uploadPromises);
-    const errors = [
+    const failures = [
         processUploadResult(results[0], 'Google Drive App Storage', logContext, logger),
         processUploadResult(results[1], 'Google Drive Personal', logContext, logger)
-    ].filter((error)=>error !== undefined);
-    if (errors.length > 0) {
+    ].filter((failure)=>failure !== undefined);
+    if (failures.length > 0) {
         logger.error('[DynamicWaasWalletClient] Google Drive backup failed', _extends({}, logContext, {
-            errorCount: errors.length,
-            errors
+            errorCount: failures.length,
+            errors: failures.map((f)=>`Failed to backup keyshares to ${f.locationName}: ${f.message}`)
         }));
-        throw new Error(`[DynamicWaasWalletClient] ${errors.join('; ')}`);
+        // Both upload destinations (appDataFolder + personal) commonly fail with
+        // the same underlying error (e.g., missing OAuth scope). When all failures
+        // share one message, surface it once without per-location wrapping;
+        // otherwise keep a short "Location: message" prefix per failure so the
+        // user can see what differed.
+        const uniqueMessages = [
+            ...new Set(failures.map((f)=>f.message))
+        ];
+        const finalMessage = uniqueMessages.length === 1 ? uniqueMessages[0] : failures.map((f)=>`${f.locationName}: ${f.message}`).join(' | ');
+        const aggregatedError = new Error(finalMessage);
+        aggregatedError.isRetryable = failures.every((f)=>f.isRetryable);
+        throw aggregatedError;
     }
     logger.info('[DynamicWaasWalletClient] Google Drive backup completed successfully', logContext);
 };
@@ -2102,18 +2225,33 @@ class DynamicWalletClient {
         }
     }
     async clientKeyGen({ chainName, roomId, serverKeygenIds, clientKeygenInitResults, thresholdSignatureScheme, bitcoinConfig, dynamicRequestId, traceContext }) {
+        // Try forward MPC first if enabled
         if (this.forwardMPCEnabled) {
-            return this.forwardMPCClientKeygen({
-                chainName,
-                roomId,
-                serverKeygenIds,
-                clientKeygenInitResults,
-                thresholdSignatureScheme,
-                bitcoinConfig,
-                dynamicRequestId,
-                traceContext
-            });
+            try {
+                return await this.forwardMPCClientKeygen({
+                    chainName,
+                    roomId,
+                    serverKeygenIds,
+                    clientKeygenInitResults,
+                    thresholdSignatureScheme,
+                    bitcoinConfig,
+                    dynamicRequestId,
+                    traceContext
+                });
+            } catch (error) {
+                const errorInfo = core.classifyForwardMpcError(error);
+                this.logger.warn('Forward MPC keygen failed', _extends({}, errorInfo, {
+                    chainName,
+                    environmentId: this.environmentId,
+                    dynamicRequestId
+                }));
+                if (!errorInfo.shouldFallback) {
+                    throw error;
+                }
+            // Fall through to relay-based keygen below
+            }
         }
+        // Relay-based keygen (fallback or when forward MPC is disabled)
         // Get the chain config and the mpc signer
         const mpcSigner = getMPCSigner({
             chainName,
@@ -2431,20 +2569,35 @@ class DynamicWalletClient {
                 derivationPath,
                 isFormatted
             }, this.getTraceContext(traceContext)));
+            // Try forward MPC first if enabled, with fallback to relay-based signing on attestation failure
             if (this.forwardMPCEnabled) {
-                return this.forwardMPCClientSign({
-                    chainName,
-                    message,
-                    roomId,
-                    keyShare,
-                    derivationPath,
-                    formattedMessage,
-                    dynamicRequestId,
-                    isFormatted,
-                    traceContext,
-                    bitcoinConfig
-                });
+                try {
+                    return await this.forwardMPCClientSign({
+                        chainName,
+                        message,
+                        roomId,
+                        keyShare,
+                        derivationPath,
+                        formattedMessage,
+                        dynamicRequestId,
+                        isFormatted,
+                        traceContext,
+                        bitcoinConfig
+                    });
+                } catch (error) {
+                    const errorInfo = core.classifyForwardMpcError(error);
+                    this.logger.warn('Forward MPC signing failed', _extends({}, errorInfo, {
+                        chainName,
+                        environmentId: this.environmentId,
+                        dynamicRequestId
+                    }));
+                    if (!errorInfo.shouldFallback) {
+                        throw error;
+                    }
+                // Fall through to relay-based signing below
+                }
             }
+            // Relay-based signing (fallback or when forward MPC is disabled)
             // Unwrap MessageHash for BIP340 as it expects Uint8Array or hex string
             let messageToSign = formattedMessage;
             if (mpcSigner instanceof web.BIP340 && formattedMessage instanceof web.MessageHash) {
@@ -2691,6 +2844,52 @@ class DynamicWalletClient {
             }));
     }
     /**
+   * Resolves backup locations for a reshare operation.
+   *
+   * When reshareOnNextSignOn triggers (e.g., after Google OAuth refresh), the caller
+   * doesn't pass backup parameters. This method detects that case and preserves the
+   * wallet's existing backup locations (Google Drive, iCloud, delegation) instead of
+   * proceeding with empty backup locations.
+   *
+   * @returns The backup locations to use for the reshare operation
+   */ resolveBackupLocationsForReshare({ oldThresholdSignatureScheme, newThresholdSignatureScheme, cloudProviders = [], delegateToProjectEnvironment = false, accountAddress, dynamicRequestId }) {
+        const shouldPreserveExisting = shouldReshareToSameBackups({
+            oldThresholdSignatureScheme,
+            newThresholdSignatureScheme,
+            cloudProviders,
+            delegateToProjectEnvironment
+        });
+        if (!shouldPreserveExisting) {
+            return {
+                cloudProviders,
+                delegateToProjectEnvironment
+            };
+        }
+        // Wallet is guaranteed to be in map - verifyPassword calls requireWalletFromMap upstream
+        const walletProperties = this.getWalletFromMap(accountAddress);
+        if (!walletProperties) {
+            this.logger.warn('[resolveBackupLocationsForReshare] Wallet not in map, using passed params', {
+                dynamicRequestId,
+                accountAddress
+            });
+            return {
+                cloudProviders,
+                delegateToProjectEnvironment
+            };
+        }
+        const preservedCloudProviders = getActiveCloudProviders(walletProperties.clientKeySharesBackupInfo);
+        const preservedDelegation = hasDelegatedBackup(walletProperties.clientKeySharesBackupInfo);
+        this.logger.info('[resolveBackupLocationsForReshare] Preserving existing backup locations', {
+            dynamicRequestId,
+            cloudProviders: preservedCloudProviders,
+            delegateToProjectEnvironment: preservedDelegation
+        });
+        return {
+            cloudProviders: preservedCloudProviders,
+            delegateToProjectEnvironment: preservedDelegation
+        };
+    }
+    /**
    * Gets the Bitcoin config for MPC operations by looking up addressType
    * from walletMap, with fallback to deriving it from derivationPath.
    */ getBitcoinConfigForChain(chainName, accountAddress) {
@@ -2907,6 +3106,8 @@ class DynamicWalletClient {
     }
     async internalReshare({ chainName, accountAddress, oldThresholdSignatureScheme, newThresholdSignatureScheme, password = undefined, signedSessionId, cloudProviders = [], delegateToProjectEnvironment = false, mfaToken, elevatedAccessToken, revokeDelegation = false, hasAttemptedKeyShareRecovery = false }) {
         const dynamicRequestId = uuid.v4();
+        // Password validation - wrapped in try-catch for consistent error handling
+        // This path should NOT wipe key shares on failure (shares remain valid)
         try {
             this.assertPasswordRequired(password);
             await this.verifyPassword({
@@ -2919,6 +3120,30 @@ class DynamicWalletClient {
                 password,
                 signedSessionId
             });
+        } catch (error) {
+            // Log password validation error but do NOT wipe key shares
+            logError({
+                message: '[DynamicWaasWalletClient]: Password validation failed during reshare',
+                error: error,
+                context: {
+                    accountAddress,
+                    dynamicRequestId
+                }
+            });
+            throw error;
+        }
+        // Resolve backup locations for this reshare - may preserve existing locations
+        // when reshareOnNextSignOn triggers without explicit backup parameters
+        const { cloudProviders: resolvedCloudProviders, delegateToProjectEnvironment: resolvedDelegation } = this.resolveBackupLocationsForReshare({
+            oldThresholdSignatureScheme,
+            newThresholdSignatureScheme,
+            cloudProviders,
+            delegateToProjectEnvironment,
+            accountAddress,
+            dynamicRequestId
+        });
+        // MPC ceremony path - errors here SHOULD wipe shares as they may be inconsistent
+        try {
             const { existingClientShareCount } = core.getReshareConfig({
                 oldThresholdSignatureScheme,
                 newThresholdSignatureScheme
@@ -2953,7 +3178,7 @@ class DynamicWalletClient {
                 oldThresholdSignatureScheme,
                 newThresholdSignatureScheme,
                 dynamicRequestId,
-                delegateToProjectEnvironment,
+                delegateToProjectEnvironment: resolvedDelegation,
                 mfaToken,
                 elevatedAccessToken,
                 revokeDelegation
@@ -3046,6 +3271,7 @@ class DynamicWalletClient {
                         dynamicRequestId
                     });
                     // Retry the entire reshare operation (need new room and keygen IDs from server)
+                    // Pass effective* values so retry uses same backup locations
                     return this.internalReshare({
                         chainName,
                         accountAddress,
@@ -3053,8 +3279,8 @@ class DynamicWalletClient {
                         newThresholdSignatureScheme,
                         password,
                         signedSessionId,
-                        cloudProviders,
-                        delegateToProjectEnvironment,
+                        cloudProviders: resolvedCloudProviders,
+                        delegateToProjectEnvironment: resolvedDelegation,
                         mfaToken,
                         elevatedAccessToken,
                         revokeDelegation,
@@ -3069,26 +3295,27 @@ class DynamicWalletClient {
             ];
             let distribution;
             // Generic distribution logic - works with any cloud providers
-            if (delegateToProjectEnvironment && cloudProviders.length > 0) {
+            // Use effective* variables which may have been populated from existing wallet state
+            if (resolvedDelegation && resolvedCloudProviders.length > 0) {
                 // Delegation + Cloud Providers: Client's existing share backs up to both Dynamic and cloud providers.
                 // The new share goes to the webhook for delegation.
                 distribution = createDelegationWithCloudProviderDistribution({
-                    providers: cloudProviders,
+                    providers: resolvedCloudProviders,
                     existingShares: existingReshareResults,
                     delegatedShare: newReshareResults[0]
                 });
-            } else if (delegateToProjectEnvironment) {
+            } else if (resolvedDelegation) {
                 // Delegation only: Client's existing share backs up to Dynamic.
                 // The new share goes to the webhook for delegation. No cloud provider backup.
                 distribution = createDelegationOnlyDistribution({
                     existingShares: existingReshareResults,
                     delegatedShare: newReshareResults[0]
                 });
-            } else if (cloudProviders.length > 0) {
+            } else if (resolvedCloudProviders.length > 0) {
                 // Cloud Providers only: Split shares between Dynamic (N-1) and cloud providers (1).
                 // The last share (new share) goes to cloud providers.
                 distribution = createCloudProviderDistribution({
-                    providers: cloudProviders,
+                    providers: resolvedCloudProviders,
                     allShares: allClientShares
                 });
             } else {
@@ -3126,6 +3353,8 @@ class DynamicWalletClient {
                     oldThresholdSignatureScheme,
                     newThresholdSignatureScheme,
                     cloudProviders,
+                    resolvedCloudProviders,
+                    resolvedDelegation,
                     dynamicRequestId
                 }
             });
@@ -4169,12 +4398,14 @@ class DynamicWalletClient {
             const oauthAccountId = getGoogleOAuthAccountId(user == null ? void 0 : user.verifiedCredentials);
             if (!oauthAccountId) {
                 const error = new Error('No Google OAuth account ID found');
+                // PII: intentionally omitting full user object
                 logError({
                     message: 'No Google OAuth account ID found',
                     error,
                     context: {
-                        user,
-                        accountAddress
+                        accountAddress,
+                        userId: user == null ? void 0 : user.id,
+                        projectEnvironmentId: user == null ? void 0 : user.projectEnvironmentId
                     }
                 });
                 throw error;
@@ -5553,6 +5784,7 @@ exports.listICloudBackups = listICloudBackups;
 exports.mergeUniqueKeyShares = mergeUniqueKeyShares;
 exports.readEnvironmentSettings = readEnvironmentSettings;
 exports.retryPromise = retryPromise;
+exports.shouldReshareToSameBackups = shouldReshareToSameBackups;
 exports.timeoutPromise = timeoutPromise;
 Object.keys(core).forEach(function (k) {
     if (k !== 'default' && !Object.prototype.hasOwnProperty.call(exports, k)) Object.defineProperty(exports, k, {