@dynamic-labs/aleo 4.80.0 → 4.82.0

package/CHANGELOG.md

@@ -1,4 +1,42 @@
 
+## [4.82.0](https://github.com/dynamic-labs/dynamic-auth/compare/v4.81.0...v4.82.0) (2026-05-11)
+
+
+### Features
+
+* adds react-native embedded webview ([#11168](https://github.com/dynamic-labs/dynamic-auth/issues/11168)) ([31c17e3](https://github.com/dynamic-labs/dynamic-auth/commit/31c17e34e198efc806299011ab286bf48a244908))
+* **aleo:** expose WaaS-specific methods directly on AleoWallet ([#11174](https://github.com/dynamic-labs/dynamic-auth/issues/11174)) ([ccfb8f4](https://github.com/dynamic-labs/dynamic-auth/commit/ccfb8f4de690ee4a30b6c20e037fef51a69df8e1))
+* **aleo:** two-step Exchange Send (unshield → public→public) ([#11172](https://github.com/dynamic-labs/dynamic-auth/issues/11172)) ([02a992c](https://github.com/dynamic-labs/dynamic-auth/commit/02a992c3239519ed283a9804f092bffca9ba4d18))
+* **demo:** registry-driven Aleo transactions form ([#11105](https://github.com/dynamic-labs/dynamic-auth/issues/11105)) ([766949e](https://github.com/dynamic-labs/dynamic-auth/commit/766949e7bb9f613e157418ed4221cac43fbf0394))
+* **sdk-react-core:** add ActiveMidnightWalletAddresses widget ([#11083](https://github.com/dynamic-labs/dynamic-auth/issues/11083)) ([1858292](https://github.com/dynamic-labs/dynamic-auth/commit/18582926348420332f89a3d1b2c2ca2cd453f69e))
+* **widget:** auto-merge + auto-shield sponsored Aleo tokens on wallet load ([#11157](https://github.com/dynamic-labs/dynamic-auth/issues/11157)) ([cda1de1](https://github.com/dynamic-labs/dynamic-auth/commit/cda1de1f04789eb24bba2fbe0a49b5f42f6a609d))
+* **widget:** auto-shield indicator + post-shield balance refresh polling ([#11173](https://github.com/dynamic-labs/dynamic-auth/issues/11173)) ([f49d480](https://github.com/dynamic-labs/dynamic-auth/commit/f49d480dc5ef85efd7d201687d9b0309090a69c8))
+* **widget:** wire Aleo curated prices into the Shielded balance tab ([#11178](https://github.com/dynamic-labs/dynamic-auth/issues/11178)) ([eab1606](https://github.com/dynamic-labs/dynamic-auth/commit/eab16062140a0474d14a2cc43fd0a1624e4da92e))
+
+
+### Bug Fixes
+
+* **ci:** wire dd-trace ci visibility env vars for [@demov1](https://github.com/demov1) playwright task ([#11199](https://github.com/dynamic-labs/dynamic-auth/issues/11199)) ([9af4827](https://github.com/dynamic-labs/dynamic-auth/commit/9af48271e4721dac54d495097d43522f76ec724d))
+* **playwright:** expose raw auth token for stable JWT reads ([#11204](https://github.com/dynamic-labs/dynamic-auth/issues/11204)) ([b002dfb](https://github.com/dynamic-labs/dynamic-auth/commit/b002dfb642755830c6c9c813ebb4d749882518d6))
+* **playwright:** replace waitForTimeout in networkControl + reinitialize spec ([#11161](https://github.com/dynamic-labs/dynamic-auth/issues/11161)) ([5e72371](https://github.com/dynamic-labs/dynamic-auth/commit/5e723713ceb8c804d253c261be86abb997daeabd))
+* remediate high-severity dependency vulnerabilities ([#11171](https://github.com/dynamic-labs/dynamic-auth/issues/11171)) ([285e7cb](https://github.com/dynamic-labs/dynamic-auth/commit/285e7cb0d07f957a97e8d9ef4fab0b8d2d24e031))
+
+## [4.81.0](https://github.com/dynamic-labs/dynamic-auth/compare/v4.80.0...v4.81.0) (2026-05-07)
+
+
+### Features
+
+* **react-native:** add waitForAuthSuccess() to auth module ([#11137](https://github.com/dynamic-labs/dynamic-auth/issues/11137)) ([089a566](https://github.com/dynamic-labs/dynamic-auth/commit/089a5663283639e7e425eead291b135010c8b398))
+* **waas:** hook Aleo into DynamicWaasMixin ([#11102](https://github.com/dynamic-labs/dynamic-auth/issues/11102)) ([ff42df9](https://github.com/dynamic-labs/dynamic-auth/commit/ff42df99d8993e22894caee3c0570cd9c332a3d1))
+* **widget:** shielded/unshielded tabs + Shield Manually CTA on ActiveWalletBalance for Aleo ([#11103](https://github.com/dynamic-labs/dynamic-auth/issues/11103)) ([e278836](https://github.com/dynamic-labs/dynamic-auth/commit/e278836bfcb19c13828c10483ebb87d165f5d00d))
+
+
+### Bug Fixes
+
+* **ethereum-aa:** return hex chain ids from EIP-5792 getCapabilities ([#11146](https://github.com/dynamic-labs/dynamic-auth/issues/11146)) ([b32dc8f](https://github.com/dynamic-labs/dynamic-auth/commit/b32dc8f6fdee3722073921787c4f77908ab4f740))
+* remediate high-severity dependency vulnerabilities ([#11151](https://github.com/dynamic-labs/dynamic-auth/issues/11151)) ([1d84ef1](https://github.com/dynamic-labs/dynamic-auth/commit/1d84ef12e10544be0b2a80dbbbd63f615b03adc3))
+* **wagmi-connector:** emit change unconditionally on MM accountsChanged DYNT-549 ([#11131](https://github.com/dynamic-labs/dynamic-auth/issues/11131)) ([348ee6f](https://github.com/dynamic-labs/dynamic-auth/commit/348ee6ff9a22cb55ef0cb84c4b8f8d2e843bd10e)), closes [#11043](https://github.com/dynamic-labs/dynamic-auth/issues/11043)
+
 ## [4.80.0](https://github.com/dynamic-labs/dynamic-auth/compare/v4.79.2...v4.80.0) (2026-05-05)
 
 

package/package.cjs

@@ -3,6 +3,6 @@
 
 Object.defineProperty(exports, '__esModule', { value: true });
 
-var version = "4.80.0";
+var version = "4.82.0";
 
 exports.version = version;

package/package.js

@@ -1,4 +1,4 @@
 'use client'
-var version = "4.80.0";
+var version = "4.82.0";
 
 export { version };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dynamic-labs/aleo",
-  "version": "4.80.0",
+  "version": "4.82.0",
   "description": "A React SDK for implementing wallet web3 authentication and authorization to your website.",
   "author": "Dynamic Labs, Inc.",
   "license": "MIT",
@@ -19,18 +19,18 @@
   "homepage": "https://www.dynamic.xyz/",
   "dependencies": {
     "@dynamic-labs-sdk/client": "0.26.9",
-    "@dynamic-labs/assert-package-version": "4.80.0",
+    "@dynamic-labs/assert-package-version": "4.82.0",
     "@dynamic-labs/sdk-api-core": "0.0.964",
     "@provablehq/aleo-wallet-adaptor-core": "0.3.0-alpha.3",
     "@provablehq/aleo-wallet-adaptor-shield": "0.3.0-alpha.3",
     "@provablehq/aleo-wallet-standard": "0.3.0-alpha.3",
     "@provablehq/aleo-types": "0.3.0-alpha.3",
-    "@dynamic-labs/logger": "4.80.0",
-    "@dynamic-labs/types": "4.80.0",
-    "@dynamic-labs/utils": "4.80.0",
-    "@dynamic-labs/waas": "4.80.0",
-    "@dynamic-labs/wallet-book": "4.80.0",
-    "@dynamic-labs/wallet-connector-core": "4.80.0"
+    "@dynamic-labs/logger": "4.82.0",
+    "@dynamic-labs/types": "4.82.0",
+    "@dynamic-labs/utils": "4.82.0",
+    "@dynamic-labs/waas": "4.82.0",
+    "@dynamic-labs/wallet-book": "4.82.0",
+    "@dynamic-labs/wallet-connector-core": "4.82.0"
   },
   "peerDependencies": {}
 }

package/src/connectors/DynamicWaasAleoConnector/DynamicWaasAleoConnector.cjs

@@ -99,6 +99,46 @@ const buildTransferInputs = (args) => {
         inputs: [to, `${value.toString()}u128`, recordPlaintext],
     };
 };
+/**
+ * Builds the `(functionName, inputs, inputTypes)` triple for a
+ * `<program>/transfer_public` public-to-public transfer. Used as step 2
+ * of the Exchange flow (after step 1 unshield-to-self). `transfer_public`
+ * is NOT in the iframe's `SEALANCE_FUNCTIONS_REQUIRING_PROOF` set, so the
+ * caller controls inputs end-to-end (no Sealance proof injection).
+ *
+ *  - `credits`     u64. inputs `[recipient, amount]`.
+ *  - `stablecoin`  u128. inputs `[recipient, amount]`.
+ *  - `arc21`       u128. inputs `[token_id, recipient, amount]`. The
+ *                  `token_registry.aleo/transfer_public` transition keys
+ *                  off `token_id` since there's no record to encode it in.
+ */
+const buildPublicTransferInputs = (args) => {
+    const { to, value, token } = args;
+    const functionName = 'transfer_public';
+    if (token.programKind === 'credits') {
+        return {
+            functionName,
+            inputTypes: ['address.public', 'u64.public'],
+            inputs: [to, `${value.toString()}u64`],
+        };
+    }
+    if (token.programKind === 'stablecoin') {
+        return {
+            functionName,
+            inputTypes: ['address.public', 'u128.public'],
+            inputs: [to, `${value.toString()}u128`],
+        };
+    }
+    // arc21 — token_registry.aleo/transfer_public(token_id, recipient, amount).
+    if (!token.tokenId) {
+        throw new utils.DynamicError(`transfer_public: ARC-21 token ${token.contractAddress} is missing tokenId in registry.`);
+    }
+    return {
+        functionName,
+        inputTypes: ['field.public', 'address.public', 'u128.public'],
+        inputs: [token.tokenId, to, `${value.toString()}u128`],
+    };
+};
 /**
  * Builds the `(functionName, inputs, inputTypes)` triple for a
  * `<program>/transfer_public_to_private` shield call to self. Mirrors
@@ -156,6 +196,16 @@ const joinShapeForProgram = (programId) => {
     }
     return shape;
 };
+// Two-step Exchange flow timing. Step 1 (`transfer_private_to_public` to
+//  self) needs to surface in the user's public balance before step 2
+//  (`transfer_public` to the exchange) can spend it. Aleo block time is
+//  ~10s plus a finalize phase; we wait `STEP1_INITIAL_DELAY_MS` and then
+//  retry step 2 up to `STEP2_MAX_RETRIES` times with a fixed backoff.
+//  The most likely retryable failure is "insufficient public balance"
+//  if step 1 hasn't finalized yet.
+const EXCHANGE_STEP1_INITIAL_DELAY_MS = 15000;
+const EXCHANGE_STEP2_MAX_RETRIES = 3;
+const EXCHANGE_STEP2_RETRY_DELAY_MS = 10000;
 const hasUsableRecordShape = (r) => {
     const rec = r;
     return (typeof (rec === null || rec === void 0 ? void 0 : rec.record_plaintext) === 'string' &&
@@ -177,6 +227,12 @@ class DynamicWaasAleoConnector extends waas.withDynamicWaas(WaasAleoWalletConnec
         this.overrideKey = 'dynamicwaas';
         this.isEmbeddedWallet = true;
         this.logger = new logger.Logger('DynamicWaasAleoConnector');
+        // Programs whose Exchange flow is mid-orchestration (between step 1
+        //  unshield-to-self and step 2 public-to-public). The auto-shield hook
+        //  consults `canShieldToken` per balance refresh — gating shield here
+        //  prevents the hook from re-shielding the just-unshielded amount before
+        //  step 2 spends it. Add on Exchange entry, remove in `finally`.
+        this.tokensPendingExchange = new Set();
         this.walletUiUtils = props.walletUiUtils;
     }
     setVerifiedCredentials(verifiedCredentials) {
@@ -633,6 +689,15 @@ class DynamicWaasAleoConnector extends waas.withDynamicWaas(WaasAleoWalletConnec
                     // which validateActiveWallet has already aligned with `from`.
                     // Setting it explicitly keeps the contract obvious to readers.
                     this.activeAccountAddress = from;
+                    if (mode === 'exchange') {
+                        return this.submitExchangeTransfer({
+                            from,
+                            recordPlaintext,
+                            to,
+                            token,
+                            value,
+                        });
+                    }
                     const { functionName, inputs, inputTypes } = buildTransferInputs({
                         mode,
                         recordPlaintext,
@@ -668,7 +733,15 @@ class DynamicWaasAleoConnector extends waas.withDynamicWaas(WaasAleoWalletConnec
      * `credits.aleo` entry when the literal address misses.
      */
     canShieldToken(token) {
-        return Boolean(this.resolveShieldableToken(token));
+        const resolved = this.resolveShieldableToken(token);
+        if (!resolved)
+            return false;
+        // While an Exchange flow for this program is mid-orchestration the
+        //  user's public balance is transient — auto-shield must not consume
+        //  it before step 2's public→public transfer.
+        if (this.tokensPendingExchange.has(resolved.programId))
+            return false;
+        return true;
     }
     /**
      * True when the Feemaster currently sponsors a shield (
@@ -781,6 +854,91 @@ class DynamicWaasAleoConnector extends waas.withDynamicWaas(WaasAleoWalletConnec
             return result.txId;
         });
     }
+    /**
+     * Two-step Exchange transfer.
+     *
+     *  Step 1: `<program>/transfer_private_to_public(record, SELF, amount)`
+     *          — unshield the record into the user's *own* public balance.
+     *  Step 2: `<program>/transfer_public(EXCHANGE, amount)`
+     *          — public→public from the user to the exchange recipient.
+     *
+     * `tokensPendingExchange` gates `canShieldToken` for the duration of
+     * the orchestration so the auto-shield hook does not consume the
+     * just-unshielded amount before step 2 spends it. The set is cleared
+     * in `finally` regardless of outcome.
+     *
+     * Step 2 is retried on failure because Aleo's finalize phase can lag
+     * the broadcast — until step 1 has finalized, step 2 reads stale public
+     * balance and the validator rejects it. We wait
+     * `EXCHANGE_STEP1_INITIAL_DELAY_MS` first and then retry up to
+     * `EXCHANGE_STEP2_MAX_RETRIES` times. If all retries exhaust, we throw a
+     * `DynamicError` that explicitly tells the user step 1 succeeded so they
+     * can recover the funds via a manual public→public transfer.
+     *
+     * Step 2's txId is returned as the user-facing transaction id (it's the
+     * one that lands the funds at the exchange).
+     */
+    submitExchangeTransfer(args) {
+        return _tslib.__awaiter(this, void 0, void 0, function* () {
+            var _a, _b, _c, _d, _e, _f;
+            const { from, to, value, recordPlaintext, token } = args;
+            this.tokensPendingExchange.add(token.programId);
+            try {
+                // --- Step 1: unshield record → self's public balance ---
+                const step1Build = buildTransferInputs({
+                    mode: 'exchange',
+                    recordPlaintext,
+                    to: from,
+                    token,
+                    value,
+                });
+                const step1Result = yield this.proveTransaction({
+                    broadcast: true,
+                    functionName: step1Build.functionName,
+                    inputTypes: step1Build.inputTypes,
+                    inputs: step1Build.inputs,
+                    programId: token.programId,
+                });
+                if (!step1Result.txId) {
+                    throw new utils.DynamicError('Aleo Exchange step 1 (unshield) did not return a transaction id.');
+                }
+                (_b = (_a = this.logger).debug) === null || _b === void 0 ? void 0 : _b.call(_a, `[exchangeTransfer:${token.programId}] step 1 (unshield) tx: ${step1Result.txId}`);
+                // Wait for step 1 to finalize and surface in public balance before
+                //  attempting step 2. See `EXCHANGE_STEP1_INITIAL_DELAY_MS` notes.
+                yield new Promise((resolve) => setTimeout(resolve, EXCHANGE_STEP1_INITIAL_DELAY_MS));
+                // --- Step 2: public→public self → exchange ---
+                const step2Build = buildPublicTransferInputs({ to, token, value });
+                let lastErr;
+                for (let attempt = 0; attempt <= EXCHANGE_STEP2_MAX_RETRIES; attempt += 1) {
+                    try {
+                        const step2Result = yield this.proveTransaction({
+                            broadcast: true,
+                            functionName: step2Build.functionName,
+                            inputTypes: step2Build.inputTypes,
+                            inputs: step2Build.inputs,
+                            programId: token.programId,
+                        });
+                        if (!step2Result.txId) {
+                            throw new utils.DynamicError('Aleo Exchange step 2 (public transfer) did not return a transaction id.');
+                        }
+                        (_d = (_c = this.logger).debug) === null || _d === void 0 ? void 0 : _d.call(_c, `[exchangeTransfer:${token.programId}] step 2 (public transfer) tx: ${step2Result.txId}`);
+                        return step2Result.txId;
+                    }
+                    catch (err) {
+                        lastErr = err;
+                        (_f = (_e = this.logger).debug) === null || _f === void 0 ? void 0 : _f.call(_e, `[exchangeTransfer:${token.programId}] step 2 attempt ${attempt + 1} failed: ${err instanceof Error ? err.message : String(err)}`);
+                        if (attempt < EXCHANGE_STEP2_MAX_RETRIES) {
+                            yield new Promise((resolve) => setTimeout(resolve, EXCHANGE_STEP2_RETRY_DELAY_MS));
+                        }
+                    }
+                }
+                throw new utils.DynamicError(`Aleo Exchange step 2 (public transfer) failed after ${EXCHANGE_STEP2_MAX_RETRIES + 1} attempts. Step 1 unshield (tx ${step1Result.txId}) succeeded — your funds are now in your public balance and can be sent to the exchange via a manual public transfer. Last error: ${lastErr instanceof Error ? lastErr.message : String(lastErr)}`);
+            }
+            finally {
+                this.tokensPendingExchange.delete(token.programId);
+            }
+        });
+    }
     endSession(reason) {
         const _super = Object.create(null, {
             endSession: { get: () => super.endSession }

package/src/connectors/DynamicWaasAleoConnector/DynamicWaasAleoConnector.d.ts

@@ -175,6 +175,7 @@ export declare class DynamicWaasAleoConnector extends DynamicWaasAleoConnector_b
     activeAccountAddress: string | undefined;
     verifiedCredentials: JwtVerifiedCredential[] | undefined;
     protected walletUiUtils: WalletUiUtils<InternalWalletConnector>;
+    private readonly tokensPendingExchange;
     constructor(props: DynamicWaasAleoConnectorProps);
     setVerifiedCredentials(verifiedCredentials: JwtVerifiedCredential[]): void;
     getWalletClientByAddress({ accountAddress, }: {
@@ -403,6 +404,31 @@ export declare class DynamicWaasAleoConnector extends DynamicWaasAleoConnector_b
         isNative?: boolean;
         amount: bigint;
     }): Promise<string>;
+    /**
+     * Two-step Exchange transfer.
+     *
+     *  Step 1: `<program>/transfer_private_to_public(record, SELF, amount)`
+     *          — unshield the record into the user's *own* public balance.
+     *  Step 2: `<program>/transfer_public(EXCHANGE, amount)`
+     *          — public→public from the user to the exchange recipient.
+     *
+     * `tokensPendingExchange` gates `canShieldToken` for the duration of
+     * the orchestration so the auto-shield hook does not consume the
+     * just-unshielded amount before step 2 spends it. The set is cleared
+     * in `finally` regardless of outcome.
+     *
+     * Step 2 is retried on failure because Aleo's finalize phase can lag
+     * the broadcast — until step 1 has finalized, step 2 reads stale public
+     * balance and the validator rejects it. We wait
+     * `EXCHANGE_STEP1_INITIAL_DELAY_MS` first and then retry up to
+     * `EXCHANGE_STEP2_MAX_RETRIES` times. If all retries exhaust, we throw a
+     * `DynamicError` that explicitly tells the user step 1 succeeded so they
+     * can recover the funds via a manual public→public transfer.
+     *
+     * Step 2's txId is returned as the user-facing transaction id (it's the
+     * one that lands the funds at the exchange).
+     */
+    private submitExchangeTransfer;
     endSession(reason?: LogoutReason): Promise<void>;
     getProvider(): undefined;
 }

package/src/connectors/DynamicWaasAleoConnector/DynamicWaasAleoConnector.js

@@ -95,6 +95,46 @@ const buildTransferInputs = (args) => {
         inputs: [to, `${value.toString()}u128`, recordPlaintext],
     };
 };
+/**
+ * Builds the `(functionName, inputs, inputTypes)` triple for a
+ * `<program>/transfer_public` public-to-public transfer. Used as step 2
+ * of the Exchange flow (after step 1 unshield-to-self). `transfer_public`
+ * is NOT in the iframe's `SEALANCE_FUNCTIONS_REQUIRING_PROOF` set, so the
+ * caller controls inputs end-to-end (no Sealance proof injection).
+ *
+ *  - `credits`     u64. inputs `[recipient, amount]`.
+ *  - `stablecoin`  u128. inputs `[recipient, amount]`.
+ *  - `arc21`       u128. inputs `[token_id, recipient, amount]`. The
+ *                  `token_registry.aleo/transfer_public` transition keys
+ *                  off `token_id` since there's no record to encode it in.
+ */
+const buildPublicTransferInputs = (args) => {
+    const { to, value, token } = args;
+    const functionName = 'transfer_public';
+    if (token.programKind === 'credits') {
+        return {
+            functionName,
+            inputTypes: ['address.public', 'u64.public'],
+            inputs: [to, `${value.toString()}u64`],
+        };
+    }
+    if (token.programKind === 'stablecoin') {
+        return {
+            functionName,
+            inputTypes: ['address.public', 'u128.public'],
+            inputs: [to, `${value.toString()}u128`],
+        };
+    }
+    // arc21 — token_registry.aleo/transfer_public(token_id, recipient, amount).
+    if (!token.tokenId) {
+        throw new DynamicError(`transfer_public: ARC-21 token ${token.contractAddress} is missing tokenId in registry.`);
+    }
+    return {
+        functionName,
+        inputTypes: ['field.public', 'address.public', 'u128.public'],
+        inputs: [token.tokenId, to, `${value.toString()}u128`],
+    };
+};
 /**
  * Builds the `(functionName, inputs, inputTypes)` triple for a
  * `<program>/transfer_public_to_private` shield call to self. Mirrors
@@ -152,6 +192,16 @@ const joinShapeForProgram = (programId) => {
     }
     return shape;
 };
+// Two-step Exchange flow timing. Step 1 (`transfer_private_to_public` to
+//  self) needs to surface in the user's public balance before step 2
+//  (`transfer_public` to the exchange) can spend it. Aleo block time is
+//  ~10s plus a finalize phase; we wait `STEP1_INITIAL_DELAY_MS` and then
+//  retry step 2 up to `STEP2_MAX_RETRIES` times with a fixed backoff.
+//  The most likely retryable failure is "insufficient public balance"
+//  if step 1 hasn't finalized yet.
+const EXCHANGE_STEP1_INITIAL_DELAY_MS = 15000;
+const EXCHANGE_STEP2_MAX_RETRIES = 3;
+const EXCHANGE_STEP2_RETRY_DELAY_MS = 10000;
 const hasUsableRecordShape = (r) => {
     const rec = r;
     return (typeof (rec === null || rec === void 0 ? void 0 : rec.record_plaintext) === 'string' &&
@@ -173,6 +223,12 @@ class DynamicWaasAleoConnector extends withDynamicWaas(WaasAleoWalletConnector)
         this.overrideKey = 'dynamicwaas';
         this.isEmbeddedWallet = true;
         this.logger = new Logger('DynamicWaasAleoConnector');
+        // Programs whose Exchange flow is mid-orchestration (between step 1
+        //  unshield-to-self and step 2 public-to-public). The auto-shield hook
+        //  consults `canShieldToken` per balance refresh — gating shield here
+        //  prevents the hook from re-shielding the just-unshielded amount before
+        //  step 2 spends it. Add on Exchange entry, remove in `finally`.
+        this.tokensPendingExchange = new Set();
         this.walletUiUtils = props.walletUiUtils;
     }
     setVerifiedCredentials(verifiedCredentials) {
@@ -629,6 +685,15 @@ class DynamicWaasAleoConnector extends withDynamicWaas(WaasAleoWalletConnector)
                     // which validateActiveWallet has already aligned with `from`.
                     // Setting it explicitly keeps the contract obvious to readers.
                     this.activeAccountAddress = from;
+                    if (mode === 'exchange') {
+                        return this.submitExchangeTransfer({
+                            from,
+                            recordPlaintext,
+                            to,
+                            token,
+                            value,
+                        });
+                    }
                     const { functionName, inputs, inputTypes } = buildTransferInputs({
                         mode,
                         recordPlaintext,
@@ -664,7 +729,15 @@ class DynamicWaasAleoConnector extends withDynamicWaas(WaasAleoWalletConnector)
      * `credits.aleo` entry when the literal address misses.
      */
     canShieldToken(token) {
-        return Boolean(this.resolveShieldableToken(token));
+        const resolved = this.resolveShieldableToken(token);
+        if (!resolved)
+            return false;
+        // While an Exchange flow for this program is mid-orchestration the
+        //  user's public balance is transient — auto-shield must not consume
+        //  it before step 2's public→public transfer.
+        if (this.tokensPendingExchange.has(resolved.programId))
+            return false;
+        return true;
     }
     /**
      * True when the Feemaster currently sponsors a shield (
@@ -777,6 +850,91 @@ class DynamicWaasAleoConnector extends withDynamicWaas(WaasAleoWalletConnector)
             return result.txId;
         });
     }
+    /**
+     * Two-step Exchange transfer.
+     *
+     *  Step 1: `<program>/transfer_private_to_public(record, SELF, amount)`
+     *          — unshield the record into the user's *own* public balance.
+     *  Step 2: `<program>/transfer_public(EXCHANGE, amount)`
+     *          — public→public from the user to the exchange recipient.
+     *
+     * `tokensPendingExchange` gates `canShieldToken` for the duration of
+     * the orchestration so the auto-shield hook does not consume the
+     * just-unshielded amount before step 2 spends it. The set is cleared
+     * in `finally` regardless of outcome.
+     *
+     * Step 2 is retried on failure because Aleo's finalize phase can lag
+     * the broadcast — until step 1 has finalized, step 2 reads stale public
+     * balance and the validator rejects it. We wait
+     * `EXCHANGE_STEP1_INITIAL_DELAY_MS` first and then retry up to
+     * `EXCHANGE_STEP2_MAX_RETRIES` times. If all retries exhaust, we throw a
+     * `DynamicError` that explicitly tells the user step 1 succeeded so they
+     * can recover the funds via a manual public→public transfer.
+     *
+     * Step 2's txId is returned as the user-facing transaction id (it's the
+     * one that lands the funds at the exchange).
+     */
+    submitExchangeTransfer(args) {
+        return __awaiter(this, void 0, void 0, function* () {
+            var _a, _b, _c, _d, _e, _f;
+            const { from, to, value, recordPlaintext, token } = args;
+            this.tokensPendingExchange.add(token.programId);
+            try {
+                // --- Step 1: unshield record → self's public balance ---
+                const step1Build = buildTransferInputs({
+                    mode: 'exchange',
+                    recordPlaintext,
+                    to: from,
+                    token,
+                    value,
+                });
+                const step1Result = yield this.proveTransaction({
+                    broadcast: true,
+                    functionName: step1Build.functionName,
+                    inputTypes: step1Build.inputTypes,
+                    inputs: step1Build.inputs,
+                    programId: token.programId,
+                });
+                if (!step1Result.txId) {
+                    throw new DynamicError('Aleo Exchange step 1 (unshield) did not return a transaction id.');
+                }
+                (_b = (_a = this.logger).debug) === null || _b === void 0 ? void 0 : _b.call(_a, `[exchangeTransfer:${token.programId}] step 1 (unshield) tx: ${step1Result.txId}`);
+                // Wait for step 1 to finalize and surface in public balance before
+                //  attempting step 2. See `EXCHANGE_STEP1_INITIAL_DELAY_MS` notes.
+                yield new Promise((resolve) => setTimeout(resolve, EXCHANGE_STEP1_INITIAL_DELAY_MS));
+                // --- Step 2: public→public self → exchange ---
+                const step2Build = buildPublicTransferInputs({ to, token, value });
+                let lastErr;
+                for (let attempt = 0; attempt <= EXCHANGE_STEP2_MAX_RETRIES; attempt += 1) {
+                    try {
+                        const step2Result = yield this.proveTransaction({
+                            broadcast: true,
+                            functionName: step2Build.functionName,
+                            inputTypes: step2Build.inputTypes,
+                            inputs: step2Build.inputs,
+                            programId: token.programId,
+                        });
+                        if (!step2Result.txId) {
+                            throw new DynamicError('Aleo Exchange step 2 (public transfer) did not return a transaction id.');
+                        }
+                        (_d = (_c = this.logger).debug) === null || _d === void 0 ? void 0 : _d.call(_c, `[exchangeTransfer:${token.programId}] step 2 (public transfer) tx: ${step2Result.txId}`);
+                        return step2Result.txId;
+                    }
+                    catch (err) {
+                        lastErr = err;
+                        (_f = (_e = this.logger).debug) === null || _f === void 0 ? void 0 : _f.call(_e, `[exchangeTransfer:${token.programId}] step 2 attempt ${attempt + 1} failed: ${err instanceof Error ? err.message : String(err)}`);
+                        if (attempt < EXCHANGE_STEP2_MAX_RETRIES) {
+                            yield new Promise((resolve) => setTimeout(resolve, EXCHANGE_STEP2_RETRY_DELAY_MS));
+                        }
+                    }
+                }
+                throw new DynamicError(`Aleo Exchange step 2 (public transfer) failed after ${EXCHANGE_STEP2_MAX_RETRIES + 1} attempts. Step 1 unshield (tx ${step1Result.txId}) succeeded — your funds are now in your public balance and can be sent to the exchange via a manual public transfer. Last error: ${lastErr instanceof Error ? lastErr.message : String(lastErr)}`);
+            }
+            finally {
+                this.tokensPendingExchange.delete(token.programId);
+            }
+        });
+    }
     endSession(reason) {
         const _super = Object.create(null, {
             endSession: { get: () => super.endSession }

package/src/connectors/WaasAleoWalletConnector/WaasAleoWalletConnector.cjs

@@ -151,6 +151,22 @@ class WaasAleoWalletConnector extends walletConnectorCore.WalletConnectorBase {
     supportsNetworkSwitching() {
         return true;
     }
+    /**
+     * Provable's hosted Aleo block explorer for the currently-selected
+     * network. Mainnet (chainId `0`) → `explorer.provable.com`, testnet
+     * (chainId `1`) → `testnet.explorer.provable.com`. The Send-flow's
+     * `TransactionStatusLayout` calls this through `getTransactionLink`
+     * to render a "View on explorer" link next to the broadcast txId.
+     */
+    getBlockExplorerUrlsForCurrentNetwork() {
+        return _tslib.__awaiter(this, void 0, void 0, function* () {
+            var _a;
+            const chainId = (_a = this.getSelectedNetwork()) === null || _a === void 0 ? void 0 : _a.chainId;
+            const isMainnet = String(chainId !== null && chainId !== void 0 ? chainId : '') === '0';
+            const subdomain = isMainnet ? '' : 'testnet.';
+            return [`https://${subdomain}explorer.provable.com/`];
+        });
+    }
     /**
      * Returns the env-configured Aleo networks. The widget's NetworkPicker
      * uses this to render the chain-switcher dropdown and to decide whether

package/src/connectors/WaasAleoWalletConnector/WaasAleoWalletConnector.d.ts

@@ -86,6 +86,14 @@ export declare abstract class WaasAleoWalletConnector extends WalletConnectorBas
      * widget UI exposes the chain-switcher dropdown for Aleo wallets.
      */
     supportsNetworkSwitching(): boolean;
+    /**
+     * Provable's hosted Aleo block explorer for the currently-selected
+     * network. Mainnet (chainId `0`) → `explorer.provable.com`, testnet
+     * (chainId `1`) → `testnet.explorer.provable.com`. The Send-flow's
+     * `TransactionStatusLayout` calls this through `getTransactionLink`
+     * to render a "View on explorer" link next to the broadcast txId.
+     */
+    getBlockExplorerUrlsForCurrentNetwork(): Promise<string[]>;
     /**
      * Returns the env-configured Aleo networks. The widget's NetworkPicker
      * uses this to render the chain-switcher dropdown and to decide whether

package/src/connectors/WaasAleoWalletConnector/WaasAleoWalletConnector.js

@@ -147,6 +147,22 @@ class WaasAleoWalletConnector extends WalletConnectorBase {
     supportsNetworkSwitching() {
         return true;
     }
+    /**
+     * Provable's hosted Aleo block explorer for the currently-selected
+     * network. Mainnet (chainId `0`) → `explorer.provable.com`, testnet
+     * (chainId `1`) → `testnet.explorer.provable.com`. The Send-flow's
+     * `TransactionStatusLayout` calls this through `getTransactionLink`
+     * to render a "View on explorer" link next to the broadcast txId.
+     */
+    getBlockExplorerUrlsForCurrentNetwork() {
+        return __awaiter(this, void 0, void 0, function* () {
+            var _a;
+            const chainId = (_a = this.getSelectedNetwork()) === null || _a === void 0 ? void 0 : _a.chainId;
+            const isMainnet = String(chainId !== null && chainId !== void 0 ? chainId : '') === '0';
+            const subdomain = isMainnet ? '' : 'testnet.';
+            return [`https://${subdomain}explorer.provable.com/`];
+        });
+    }
     /**
      * Returns the env-configured Aleo networks. The widget's NetworkPicker
      * uses this to render the chain-switcher dropdown and to decide whether

package/src/index.cjs

@@ -14,6 +14,7 @@ var isAleoWallet = require('./wallet/isAleoWallet/isAleoWallet.cjs');
 var AleoUiTransaction = require('./utils/AleoUiTransaction/AleoUiTransaction.cjs');
 var aleoWalletStandard = require('@provablehq/aleo-wallet-standard');
 var aleoSendableTokens = require('./utils/aleoSendableTokens/aleoSendableTokens.cjs');
+var getAleoExplorerTxUrl = require('./utils/getAleoExplorerTxUrl/getAleoExplorerTxUrl.cjs');
 var DynamicWaasAleoConnector = require('./connectors/DynamicWaasAleoConnector/DynamicWaasAleoConnector.cjs');
 
 assertPackageVersion.assertPackageVersion('@dynamic-labs/aleo', _package.version);
@@ -50,5 +51,6 @@ exports.ALEO_TOKEN_REGISTRY_PROGRAM = aleoSendableTokens.ALEO_TOKEN_REGISTRY_PRO
 exports.extractRecordAtomicAmount = aleoSendableTokens.extractRecordAtomicAmount;
 exports.getAleoSendableTokensForNetwork = aleoSendableTokens.getAleoSendableTokensForNetwork;
 exports.recordMatchesSendableToken = aleoSendableTokens.recordMatchesSendableToken;
+exports.getAleoExplorerTxUrl = getAleoExplorerTxUrl.getAleoExplorerTxUrl;
 exports.DynamicWaasAleoConnector = DynamicWaasAleoConnector.DynamicWaasAleoConnector;
 exports.AleoWalletConnectors = AleoWalletConnectors;

package/src/index.d.ts

@@ -13,6 +13,7 @@ export { ALEO_CHAINS, WalletDecryptPermission, WalletFeatureName, WalletReadySta
 export type { AleoChain, StandardWallet } from './types';
 export { ALEO_CREDITS_PROGRAM, ALEO_TOKEN_REGISTRY_PROGRAM, extractRecordAtomicAmount, getAleoSendableTokensForNetwork, recordMatchesSendableToken, } from './utils/aleoSendableTokens/aleoSendableTokens';
 export type { AleoOwnedRecord, AleoProgramKind, AleoSendableToken, } from './utils/aleoSendableTokens/aleoSendableTokens';
+export { getAleoExplorerTxUrl } from './utils/getAleoExplorerTxUrl';
 export declare const AleoWalletConnectors: (props: {
     walletBook: WalletBookSchema;
     aleoNetworks: GenericNetwork[];

package/src/index.js

@@ -11,6 +11,7 @@ export { isAleoWallet } from './wallet/isAleoWallet/isAleoWallet.js';
 export { AleoUiTransaction } from './utils/AleoUiTransaction/AleoUiTransaction.js';
 export { ALEO_CHAINS, WalletDecryptPermission, WalletFeatureName, WalletReadyState } from '@provablehq/aleo-wallet-standard';
 export { ALEO_CREDITS_PROGRAM, ALEO_TOKEN_REGISTRY_PROGRAM, extractRecordAtomicAmount, getAleoSendableTokensForNetwork, recordMatchesSendableToken } from './utils/aleoSendableTokens/aleoSendableTokens.js';
+export { getAleoExplorerTxUrl } from './utils/getAleoExplorerTxUrl/getAleoExplorerTxUrl.js';
 export { DynamicWaasAleoConnector } from './connectors/DynamicWaasAleoConnector/DynamicWaasAleoConnector.js';
 
 assertPackageVersion('@dynamic-labs/aleo', version);

package/src/utils/AleoUiTransaction/AleoUiTransaction.cjs

@@ -24,13 +24,19 @@ const ALEO_ADDRESS_REGEX = /^aleo1[a-z0-9]{58}$/;
  *
  * Both supported modes spend FROM a private record (so the wallet's
  * available balance is always the shielded record sum); they differ
- * only in what the recipient receives:
+ * in the on-chain orchestration they trigger inside the connector:
  *
- *  - **Individual** = `<program>/transfer_private` — recipient also gets
- *    a private record. The most common Aleo flow.
- *  - **Exchange**   = `<program>/transfer_private_to_public` —
- *    recipient's *public* balance is incremented. Useful for off-ramps,
- *    exchange deposits, etc.
+ *  - **Individual** = single `<program>/transfer_private` — recipient
+ *    also gets a private record. The most common Aleo flow.
+ *  - **Exchange**   = two-step (driven by the connector's
+ *    `submitExchangeTransfer`):
+ *      1. `<program>/transfer_private_to_public(record, SELF, amount)`
+ *         — unshield to the sender's own public balance.
+ *      2. `<program>/transfer_public(EXCHANGE, amount)` — public→public
+ *         from sender to the exchange recipient.
+ *    Useful for off-ramps and exchange deposits. Splitting the unshield
+ *    from the public transfer lets the connector pause auto-shield mid-
+ *    flow and retry step 2 independently if Aleo's finalize phase lags.
  *
  * The submit path branches on the **selected token's program kind**:
  *

package/src/utils/AleoUiTransaction/AleoUiTransaction.d.ts

@@ -22,13 +22,19 @@ type AleoUiTransactionProps = {
  *
  * Both supported modes spend FROM a private record (so the wallet's
  * available balance is always the shielded record sum); they differ
- * only in what the recipient receives:
+ * in the on-chain orchestration they trigger inside the connector:
  *
- *  - **Individual** = `<program>/transfer_private` — recipient also gets
- *    a private record. The most common Aleo flow.
- *  - **Exchange**   = `<program>/transfer_private_to_public` —
- *    recipient's *public* balance is incremented. Useful for off-ramps,
- *    exchange deposits, etc.
+ *  - **Individual** = single `<program>/transfer_private` — recipient
+ *    also gets a private record. The most common Aleo flow.
+ *  - **Exchange**   = two-step (driven by the connector's
+ *    `submitExchangeTransfer`):
+ *      1. `<program>/transfer_private_to_public(record, SELF, amount)`
+ *         — unshield to the sender's own public balance.
+ *      2. `<program>/transfer_public(EXCHANGE, amount)` — public→public
+ *         from sender to the exchange recipient.
+ *    Useful for off-ramps and exchange deposits. Splitting the unshield
+ *    from the public transfer lets the connector pause auto-shield mid-
+ *    flow and retry step 2 independently if Aleo's finalize phase lags.
  *
  * The submit path branches on the **selected token's program kind**:
  *

package/src/utils/AleoUiTransaction/AleoUiTransaction.js

@@ -20,13 +20,19 @@ const ALEO_ADDRESS_REGEX = /^aleo1[a-z0-9]{58}$/;
  *
  * Both supported modes spend FROM a private record (so the wallet's
  * available balance is always the shielded record sum); they differ
- * only in what the recipient receives:
+ * in the on-chain orchestration they trigger inside the connector:
  *
- *  - **Individual** = `<program>/transfer_private` — recipient also gets
- *    a private record. The most common Aleo flow.
- *  - **Exchange**   = `<program>/transfer_private_to_public` —
- *    recipient's *public* balance is incremented. Useful for off-ramps,
- *    exchange deposits, etc.
+ *  - **Individual** = single `<program>/transfer_private` — recipient
+ *    also gets a private record. The most common Aleo flow.
+ *  - **Exchange**   = two-step (driven by the connector's
+ *    `submitExchangeTransfer`):
+ *      1. `<program>/transfer_private_to_public(record, SELF, amount)`
+ *         — unshield to the sender's own public balance.
+ *      2. `<program>/transfer_public(EXCHANGE, amount)` — public→public
+ *         from sender to the exchange recipient.
+ *    Useful for off-ramps and exchange deposits. Splitting the unshield
+ *    from the public transfer lets the connector pause auto-shield mid-
+ *    flow and retry step 2 independently if Aleo's finalize phase lags.
  *
  * The submit path branches on the **selected token's program kind**:
  *

package/src/utils/getAleoExplorerTxUrl/getAleoExplorerTxUrl.cjs

@@ -0,0 +1,41 @@
+'use client'
+'use strict';
+
+Object.defineProperty(exports, '__esModule', { value: true });
+
+/**
+ * Provable's hosted Aleo block explorer hosts mainnet and testnet on
+ * different subdomains. We pick by Aleo network id (`0` = mainnet,
+ * `1` = testnet — matching the registries in `aleoSendableTokens` /
+ * `aleoShieldableTokens`). Numeric and string ids are both accepted so
+ * callers can pass `connector.getSelectedNetwork()?.chainId` directly
+ * (which is typed `string | number` depending on env config). When
+ * `networkId` is missing we default to testnet — mainnet should always
+ * resolve a concrete id at runtime, but defaulting to testnet here
+ * means a stale UI never accidentally surfaces a mainnet explorer link
+ * for a testnet transaction.
+ */
+const ALEO_MAINNET_NETWORK_ID = 0;
+const isMainnet = (networkId) => {
+    if (networkId === undefined || networkId === null)
+        return false;
+    if (typeof networkId === 'number')
+        return networkId === ALEO_MAINNET_NETWORK_ID;
+    return Number(networkId) === ALEO_MAINNET_NETWORK_ID;
+};
+/**
+ * Build the Provable explorer URL for an Aleo transaction id.
+ *
+ * Examples:
+ *   getAleoExplorerTxUrl('at1abc...', 0) → 'https://explorer.provable.com/transaction/at1abc...'
+ *   getAleoExplorerTxUrl('at1abc...', 1) → 'https://testnet.explorer.provable.com/transaction/at1abc...'
+ *
+ * @param txId       Aleo transaction id (`at1...`).
+ * @param networkId  `0` = mainnet, `1` = testnet. Defaults to testnet.
+ */
+const getAleoExplorerTxUrl = (txId, networkId) => {
+    const subdomain = isMainnet(networkId) ? '' : 'testnet.';
+    return `https://${subdomain}explorer.provable.com/transaction/${txId}`;
+};
+
+exports.getAleoExplorerTxUrl = getAleoExplorerTxUrl;

package/src/utils/getAleoExplorerTxUrl/getAleoExplorerTxUrl.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Build the Provable explorer URL for an Aleo transaction id.
+ *
+ * Examples:
+ *   getAleoExplorerTxUrl('at1abc...', 0) → 'https://explorer.provable.com/transaction/at1abc...'
+ *   getAleoExplorerTxUrl('at1abc...', 1) → 'https://testnet.explorer.provable.com/transaction/at1abc...'
+ *
+ * @param txId       Aleo transaction id (`at1...`).
+ * @param networkId  `0` = mainnet, `1` = testnet. Defaults to testnet.
+ */
+export declare const getAleoExplorerTxUrl: (txId: string, networkId?: number | string) => string;

package/src/utils/getAleoExplorerTxUrl/getAleoExplorerTxUrl.js

@@ -0,0 +1,37 @@
+'use client'
+/**
+ * Provable's hosted Aleo block explorer hosts mainnet and testnet on
+ * different subdomains. We pick by Aleo network id (`0` = mainnet,
+ * `1` = testnet — matching the registries in `aleoSendableTokens` /
+ * `aleoShieldableTokens`). Numeric and string ids are both accepted so
+ * callers can pass `connector.getSelectedNetwork()?.chainId` directly
+ * (which is typed `string | number` depending on env config). When
+ * `networkId` is missing we default to testnet — mainnet should always
+ * resolve a concrete id at runtime, but defaulting to testnet here
+ * means a stale UI never accidentally surfaces a mainnet explorer link
+ * for a testnet transaction.
+ */
+const ALEO_MAINNET_NETWORK_ID = 0;
+const isMainnet = (networkId) => {
+    if (networkId === undefined || networkId === null)
+        return false;
+    if (typeof networkId === 'number')
+        return networkId === ALEO_MAINNET_NETWORK_ID;
+    return Number(networkId) === ALEO_MAINNET_NETWORK_ID;
+};
+/**
+ * Build the Provable explorer URL for an Aleo transaction id.
+ *
+ * Examples:
+ *   getAleoExplorerTxUrl('at1abc...', 0) → 'https://explorer.provable.com/transaction/at1abc...'
+ *   getAleoExplorerTxUrl('at1abc...', 1) → 'https://testnet.explorer.provable.com/transaction/at1abc...'
+ *
+ * @param txId       Aleo transaction id (`at1...`).
+ * @param networkId  `0` = mainnet, `1` = testnet. Defaults to testnet.
+ */
+const getAleoExplorerTxUrl = (txId, networkId) => {
+    const subdomain = isMainnet(networkId) ? '' : 'testnet.';
+    return `https://${subdomain}explorer.provable.com/transaction/${txId}`;
+};
+
+export { getAleoExplorerTxUrl };

package/src/utils/getAleoExplorerTxUrl/index.d.ts

@@ -0,0 +1 @@
+export * from './getAleoExplorerTxUrl';

package/src/wallet/AleoWallet/AleoWallet.cjs

@@ -6,6 +6,7 @@ Object.defineProperty(exports, '__esModule', { value: true });
 var _tslib = require('../../../_virtual/_tslib.cjs');
 var utils = require('@dynamic-labs/utils');
 var walletConnectorCore = require('@dynamic-labs/wallet-connector-core');
+var getAleoExplorerTxUrl = require('../../utils/getAleoExplorerTxUrl/getAleoExplorerTxUrl.cjs');
 
 class AleoWallet extends walletConnectorCore.Wallet {
     sendBalance(_a) {
@@ -47,6 +48,23 @@ class AleoWallet extends walletConnectorCore.Wallet {
     getPublicKey() {
         return this.address;
     }
+    /**
+     * Build the Provable explorer URL for an Aleo transaction id, scoped to
+     * this wallet's currently-selected network. `0` = mainnet, `1` = testnet.
+     * Available on every Aleo wallet flavour (embedded + Wallet Adapter).
+     *
+     * Use this to link freshly-broadcast txIds back to the explorer in your
+     * UI — e.g. after `wallet.proveTransaction()`, `wallet.shieldToken()`, or
+     * the Send flow returns. For Exchange-mode Send the returned txId is the
+     * second (`transfer_public`) transaction, which is the one the user
+     * cares about.
+     */
+    getExplorerTransactionUrl(txId) {
+        return _tslib.__awaiter(this, void 0, void 0, function* () {
+            const networkId = yield this._connector.getNetwork();
+            return getAleoExplorerTxUrl.getAleoExplorerTxUrl(txId, networkId);
+        });
+    }
     /**
      * Returns the current network this wallet is connected to (e.g. 'aleo:mainnet').
      */
@@ -103,6 +121,119 @@ class AleoWallet extends walletConnectorCore.Wallet {
             return this._connector.requestRecords(program, options);
         });
     }
+    // -------------------------------------------------------------------------
+    // Embedded-WaaS proxy methods.
+    //
+    // The methods below delegate to `DynamicWaasAleoConnector` and only work
+    //  when the wallet is an embedded Dynamic WaaS Aleo wallet. They throw on
+    //  Wallet Adapter wallets (which expose `requestTransaction` /
+    //  `requestRecords` for the same flows but route through the adapter app
+    //  rather than Sodot MPC + Feemaster + DPS).
+    //
+    // Convenience over `(wallet.connector as DynamicWaasAleoConnector).foo`:
+    //   - typed entry point on `wallet.*` matching the docs convention used
+    //     for Stellar (`wallet.signTransaction`), EVM (`wallet.getPublicClient`),
+    //     etc.
+    //   - auto-sets `connector.activeAccountAddress` from `this.address` so
+    //     callers don't have to mutate connector internals before each call.
+    // -------------------------------------------------------------------------
+    /**
+     * Resolves `this._connector` to a `DynamicWaasAleoConnector` and aligns
+     * its `activeAccountAddress` with this wallet's address. Duck-types on
+     * `proveTransaction` (the WaaS-specific entry point) so we don't need a
+     * runtime import of the WaaS connector. Throws a clear `DynamicError`
+     * if the underlying connector is the Wallet Adapter one.
+     */
+    getWaasConnectorOrThrow(methodName) {
+        const c = this._connector;
+        if (typeof c.proveTransaction !== 'function') {
+            throw new utils.DynamicError(`AleoWallet.${methodName}() is only available on embedded Aleo wallets (Dynamic WaaS). For Wallet Adapter Aleo wallets use \`requestTransaction\` / \`requestRecords\` instead.`);
+        }
+        c.activeAccountAddress = this.address;
+        return c;
+    }
+    /**
+     * Sign + prove + broadcast an arbitrary Aleo program transition through
+     * the Dynamic WaaS pipeline (Sodot MPC → optional Sealance proof
+     * injection → Feemaster sponsorship when covered → Provable DPS).
+     *
+     * Use this for the generic "execute any transition" path. The Send flow
+     * driven by the widget builds on top of this via `createUiTransaction`.
+     */
+    proveTransaction(args) {
+        return _tslib.__awaiter(this, void 0, void 0, function* () {
+            return this.getWaasConnectorOrThrow('proveTransaction').proveTransaction(args);
+        });
+    }
+    /**
+     * List this wallet's owned Aleo records across every program (credits +
+     * stablecoins + ARC-21). Backed by Provable's RecordScanner via the
+     * iframe — view key never leaves the iframe.
+     *
+     * Each entry carries `program_name` + `record_name` so callers can
+     * group/display by token.
+     */
+    listOwnedRecords() {
+        return _tslib.__awaiter(this, void 0, void 0, function* () {
+            return this.getWaasConnectorOrThrow('listOwnedRecords').listOwnedRecords();
+        });
+    }
+    /**
+     * Pairwise-merge owned records down to one per program by running
+     * `<program>/join` until a single record remains. Sponsored by Feemaster
+     * for `credits.aleo` today; stablecoin / ARC-21 fall through to user-paid
+     * if Feemaster doesn't yet cover the pair.
+     *
+     * Programs the connector doesn't recognise (no registered join shape)
+     * are reported as `skipped: 'unsupported'` rather than thrown — iterate
+     * `results` to surface what merged vs. what didn't.
+     */
+    joinRecords(opts) {
+        return _tslib.__awaiter(this, void 0, void 0, function* () {
+            return this.getWaasConnectorOrThrow('joinRecords').joinRecords(opts);
+        });
+    }
+    /**
+     * Shield (`<program>/transfer_public_to_private`) `amount` of a token
+     * from this wallet's *public* balance into a fresh private record owned
+     * by self. `tokenAddress` matches `TokenBalance.address` from the
+     * unshielded-balance feed; pass `isNative: true` for native ALEO.
+     */
+    shieldToken(args) {
+        return _tslib.__awaiter(this, void 0, void 0, function* () {
+            return this.getWaasConnectorOrThrow('shieldToken').shieldToken(args);
+        });
+    }
+    /**
+     * Returns `true` when the given token is registered as shieldable on the
+     * currently-selected Aleo network. Used to gate "Shield Manually" UI on
+     * unshielded balances surfaced by the public-balance feed (which can
+     * include third-party Aleo programs we don't know how to shield).
+     */
+    canShieldToken(token) {
+        return this.getWaasConnectorOrThrow('canShieldToken').canShieldToken(token);
+    }
+    /**
+     * Returns `true` when the Feemaster currently sponsors a shield
+     * (`transfer_public_to_private`) of the given token. Used to decide
+     * whether the shield CTA can dispatch silently or needs a user-paid fee
+     * confirmation modal.
+     */
+    isShieldSponsored(token) {
+        return _tslib.__awaiter(this, void 0, void 0, function* () {
+            return this.getWaasConnectorOrThrow('isShieldSponsored').isShieldSponsored(token);
+        });
+    }
+    /**
+     * Generic Feemaster sponsorship check for any `(programId, functionName)`
+     * pair on the currently-selected network. Never throws — returns `false`
+     * on any failure so callers default to "show modal".
+     */
+    isFeemasterSponsored(args) {
+        return _tslib.__awaiter(this, void 0, void 0, function* () {
+            return this.getWaasConnectorOrThrow('isFeemasterSponsored').isFeemasterSponsored(args);
+        });
+    }
 }
 
 exports.AleoWallet = AleoWallet;

package/src/wallet/AleoWallet/AleoWallet.d.ts

@@ -1,5 +1,6 @@
 import { Wallet } from '@dynamic-labs/wallet-connector-core';
 import type { AleoWalletConnector } from '../../connectors/AleoWalletConnector';
+import type { DynamicWaasAleoConnector } from '../../connectors/DynamicWaasAleoConnector';
 import type { AleoTransaction } from '../../types';
 export declare class AleoWallet extends Wallet<AleoWalletConnector> {
     sendBalance({ amount, toAddress, token, }: {
@@ -16,6 +17,18 @@ export declare class AleoWallet extends Wallet<AleoWalletConnector> {
      * In Aleo, the public key and address are the same value.
      */
     getPublicKey(): string;
+    /**
+     * Build the Provable explorer URL for an Aleo transaction id, scoped to
+     * this wallet's currently-selected network. `0` = mainnet, `1` = testnet.
+     * Available on every Aleo wallet flavour (embedded + Wallet Adapter).
+     *
+     * Use this to link freshly-broadcast txIds back to the explorer in your
+     * UI — e.g. after `wallet.proveTransaction()`, `wallet.shieldToken()`, or
+     * the Send flow returns. For Exchange-mode Send the returned txId is the
+     * second (`transfer_public`) transaction, which is the one the user
+     * cares about.
+     */
+    getExplorerTransactionUrl(txId: string): Promise<string>;
     /**
      * Returns the current network this wallet is connected to (e.g. 'aleo:mainnet').
      */
@@ -54,4 +67,92 @@ export declare class AleoWallet extends Wallet<AleoWalletConnector> {
     requestRecords(program: string, options?: {
         plaintext?: boolean;
     }): Promise<unknown[]>;
+    /**
+     * Resolves `this._connector` to a `DynamicWaasAleoConnector` and aligns
+     * its `activeAccountAddress` with this wallet's address. Duck-types on
+     * `proveTransaction` (the WaaS-specific entry point) so we don't need a
+     * runtime import of the WaaS connector. Throws a clear `DynamicError`
+     * if the underlying connector is the Wallet Adapter one.
+     */
+    private getWaasConnectorOrThrow;
+    /**
+     * Sign + prove + broadcast an arbitrary Aleo program transition through
+     * the Dynamic WaaS pipeline (Sodot MPC → optional Sealance proof
+     * injection → Feemaster sponsorship when covered → Provable DPS).
+     *
+     * Use this for the generic "execute any transition" path. The Send flow
+     * driven by the widget builds on top of this via `createUiTransaction`.
+     */
+    proveTransaction(args: {
+        programId: string;
+        functionName: string;
+        inputs: string[];
+        inputTypes: string[];
+        broadcast?: boolean;
+    }): Promise<{
+        txId?: string;
+        provingResponse?: unknown;
+    }>;
+    /**
+     * List this wallet's owned Aleo records across every program (credits +
+     * stablecoins + ARC-21). Backed by Provable's RecordScanner via the
+     * iframe — view key never leaves the iframe.
+     *
+     * Each entry carries `program_name` + `record_name` so callers can
+     * group/display by token.
+     */
+    listOwnedRecords(): Promise<{
+        records: unknown[];
+    }>;
+    /**
+     * Pairwise-merge owned records down to one per program by running
+     * `<program>/join` until a single record remains. Sponsored by Feemaster
+     * for `credits.aleo` today; stablecoin / ARC-21 fall through to user-paid
+     * if Feemaster doesn't yet cover the pair.
+     *
+     * Programs the connector doesn't recognise (no registered join shape)
+     * are reported as `skipped: 'unsupported'` rather than thrown — iterate
+     * `results` to surface what merged vs. what didn't.
+     */
+    joinRecords(opts?: Parameters<DynamicWaasAleoConnector['joinRecords']>[0]): Promise<Awaited<ReturnType<DynamicWaasAleoConnector['joinRecords']>>>;
+    /**
+     * Shield (`<program>/transfer_public_to_private`) `amount` of a token
+     * from this wallet's *public* balance into a fresh private record owned
+     * by self. `tokenAddress` matches `TokenBalance.address` from the
+     * unshielded-balance feed; pass `isNative: true` for native ALEO.
+     */
+    shieldToken(args: {
+        tokenAddress: string;
+        isNative?: boolean;
+        amount: bigint;
+    }): Promise<string>;
+    /**
+     * Returns `true` when the given token is registered as shieldable on the
+     * currently-selected Aleo network. Used to gate "Shield Manually" UI on
+     * unshielded balances surfaced by the public-balance feed (which can
+     * include third-party Aleo programs we don't know how to shield).
+     */
+    canShieldToken(token: {
+        address?: string;
+        isNative?: boolean;
+    }): boolean;
+    /**
+     * Returns `true` when the Feemaster currently sponsors a shield
+     * (`transfer_public_to_private`) of the given token. Used to decide
+     * whether the shield CTA can dispatch silently or needs a user-paid fee
+     * confirmation modal.
+     */
+    isShieldSponsored(token: {
+        address?: string;
+        isNative?: boolean;
+    }): Promise<boolean>;
+    /**
+     * Generic Feemaster sponsorship check for any `(programId, functionName)`
+     * pair on the currently-selected network. Never throws — returns `false`
+     * on any failure so callers default to "show modal".
+     */
+    isFeemasterSponsored(args: {
+        programId: string;
+        functionName: string;
+    }): Promise<boolean>;
 }

package/src/wallet/AleoWallet/AleoWallet.js

@@ -2,6 +2,7 @@
 import { __awaiter } from '../../../_virtual/_tslib.js';
 import { DynamicError } from '@dynamic-labs/utils';
 import { Wallet } from '@dynamic-labs/wallet-connector-core';
+import { getAleoExplorerTxUrl } from '../../utils/getAleoExplorerTxUrl/getAleoExplorerTxUrl.js';
 
 class AleoWallet extends Wallet {
     sendBalance(_a) {
@@ -43,6 +44,23 @@ class AleoWallet extends Wallet {
     getPublicKey() {
         return this.address;
     }
+    /**
+     * Build the Provable explorer URL for an Aleo transaction id, scoped to
+     * this wallet's currently-selected network. `0` = mainnet, `1` = testnet.
+     * Available on every Aleo wallet flavour (embedded + Wallet Adapter).
+     *
+     * Use this to link freshly-broadcast txIds back to the explorer in your
+     * UI — e.g. after `wallet.proveTransaction()`, `wallet.shieldToken()`, or
+     * the Send flow returns. For Exchange-mode Send the returned txId is the
+     * second (`transfer_public`) transaction, which is the one the user
+     * cares about.
+     */
+    getExplorerTransactionUrl(txId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const networkId = yield this._connector.getNetwork();
+            return getAleoExplorerTxUrl(txId, networkId);
+        });
+    }
     /**
      * Returns the current network this wallet is connected to (e.g. 'aleo:mainnet').
      */
@@ -99,6 +117,119 @@ class AleoWallet extends Wallet {
             return this._connector.requestRecords(program, options);
         });
     }
+    // -------------------------------------------------------------------------
+    // Embedded-WaaS proxy methods.
+    //
+    // The methods below delegate to `DynamicWaasAleoConnector` and only work
+    //  when the wallet is an embedded Dynamic WaaS Aleo wallet. They throw on
+    //  Wallet Adapter wallets (which expose `requestTransaction` /
+    //  `requestRecords` for the same flows but route through the adapter app
+    //  rather than Sodot MPC + Feemaster + DPS).
+    //
+    // Convenience over `(wallet.connector as DynamicWaasAleoConnector).foo`:
+    //   - typed entry point on `wallet.*` matching the docs convention used
+    //     for Stellar (`wallet.signTransaction`), EVM (`wallet.getPublicClient`),
+    //     etc.
+    //   - auto-sets `connector.activeAccountAddress` from `this.address` so
+    //     callers don't have to mutate connector internals before each call.
+    // -------------------------------------------------------------------------
+    /**
+     * Resolves `this._connector` to a `DynamicWaasAleoConnector` and aligns
+     * its `activeAccountAddress` with this wallet's address. Duck-types on
+     * `proveTransaction` (the WaaS-specific entry point) so we don't need a
+     * runtime import of the WaaS connector. Throws a clear `DynamicError`
+     * if the underlying connector is the Wallet Adapter one.
+     */
+    getWaasConnectorOrThrow(methodName) {
+        const c = this._connector;
+        if (typeof c.proveTransaction !== 'function') {
+            throw new DynamicError(`AleoWallet.${methodName}() is only available on embedded Aleo wallets (Dynamic WaaS). For Wallet Adapter Aleo wallets use \`requestTransaction\` / \`requestRecords\` instead.`);
+        }
+        c.activeAccountAddress = this.address;
+        return c;
+    }
+    /**
+     * Sign + prove + broadcast an arbitrary Aleo program transition through
+     * the Dynamic WaaS pipeline (Sodot MPC → optional Sealance proof
+     * injection → Feemaster sponsorship when covered → Provable DPS).
+     *
+     * Use this for the generic "execute any transition" path. The Send flow
+     * driven by the widget builds on top of this via `createUiTransaction`.
+     */
+    proveTransaction(args) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return this.getWaasConnectorOrThrow('proveTransaction').proveTransaction(args);
+        });
+    }
+    /**
+     * List this wallet's owned Aleo records across every program (credits +
+     * stablecoins + ARC-21). Backed by Provable's RecordScanner via the
+     * iframe — view key never leaves the iframe.
+     *
+     * Each entry carries `program_name` + `record_name` so callers can
+     * group/display by token.
+     */
+    listOwnedRecords() {
+        return __awaiter(this, void 0, void 0, function* () {
+            return this.getWaasConnectorOrThrow('listOwnedRecords').listOwnedRecords();
+        });
+    }
+    /**
+     * Pairwise-merge owned records down to one per program by running
+     * `<program>/join` until a single record remains. Sponsored by Feemaster
+     * for `credits.aleo` today; stablecoin / ARC-21 fall through to user-paid
+     * if Feemaster doesn't yet cover the pair.
+     *
+     * Programs the connector doesn't recognise (no registered join shape)
+     * are reported as `skipped: 'unsupported'` rather than thrown — iterate
+     * `results` to surface what merged vs. what didn't.
+     */
+    joinRecords(opts) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return this.getWaasConnectorOrThrow('joinRecords').joinRecords(opts);
+        });
+    }
+    /**
+     * Shield (`<program>/transfer_public_to_private`) `amount` of a token
+     * from this wallet's *public* balance into a fresh private record owned
+     * by self. `tokenAddress` matches `TokenBalance.address` from the
+     * unshielded-balance feed; pass `isNative: true` for native ALEO.
+     */
+    shieldToken(args) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return this.getWaasConnectorOrThrow('shieldToken').shieldToken(args);
+        });
+    }
+    /**
+     * Returns `true` when the given token is registered as shieldable on the
+     * currently-selected Aleo network. Used to gate "Shield Manually" UI on
+     * unshielded balances surfaced by the public-balance feed (which can
+     * include third-party Aleo programs we don't know how to shield).
+     */
+    canShieldToken(token) {
+        return this.getWaasConnectorOrThrow('canShieldToken').canShieldToken(token);
+    }
+    /**
+     * Returns `true` when the Feemaster currently sponsors a shield
+     * (`transfer_public_to_private`) of the given token. Used to decide
+     * whether the shield CTA can dispatch silently or needs a user-paid fee
+     * confirmation modal.
+     */
+    isShieldSponsored(token) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return this.getWaasConnectorOrThrow('isShieldSponsored').isShieldSponsored(token);
+        });
+    }
+    /**
+     * Generic Feemaster sponsorship check for any `(programId, functionName)`
+     * pair on the currently-selected network. Never throws — returns `false`
+     * on any failure so callers default to "show modal".
+     */
+    isFeemasterSponsored(args) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return this.getWaasConnectorOrThrow('isFeemasterSponsored').isFeemasterSponsored(args);
+        });
+    }
 }
 
 export { AleoWallet };