@dynamic-labs/aleo 4.83.1 → 4.84.0

package/CHANGELOG.md

@@ -1,4 +1,40 @@
 
+## [4.84.0](https://github.com/dynamic-labs/dynamic-auth/compare/v4.83.2-alpha.0...v4.84.0) (2026-05-22)
+
+
+### Features
+
+* **ethereum-gasless:** add @dynamic-labs/ethereum-gasless-{core,extension} and webview controller ([#11267](https://github.com/dynamic-labs/dynamic-auth/issues/11267)) ([edac5df](https://github.com/dynamic-labs/dynamic-auth/commit/edac5df8180483093f69caee508cbdebf2e4e663)), closes [#11274](https://github.com/dynamic-labs/dynamic-auth/issues/11274) [#11274](https://github.com/dynamic-labs/dynamic-auth/issues/11274) [#11274](https://github.com/dynamic-labs/dynamic-auth/issues/11274)
+* **mobile-demo:** add EVM gasless screens for 7702 delegation and sponsored transactions ([#11274](https://github.com/dynamic-labs/dynamic-auth/issues/11274)) ([2961b8f](https://github.com/dynamic-labs/dynamic-auth/commit/2961b8f732ef3a172fcf0e814db3b74961015edf)), closes [#11267](https://github.com/dynamic-labs/dynamic-auth/issues/11267) [#11267](https://github.com/dynamic-labs/dynamic-auth/issues/11267) [#11267](https://github.com/dynamic-labs/dynamic-auth/issues/11267)
+* **mobile-demo:** wire Maestro Cloud E2E for iOS smoke flow ([#11144](https://github.com/dynamic-labs/dynamic-auth/issues/11144)) ([d25b694](https://github.com/dynamic-labs/dynamic-auth/commit/d25b694017277fbe97fc13e21f82201350551862))
+* **starknet:** rename Argent X to Ready X, remove Ready Mobile ([#11299](https://github.com/dynamic-labs/dynamic-auth/issues/11299)) ([addc5dd](https://github.com/dynamic-labs/dynamic-auth/commit/addc5dd9f18310c474dd7ad3ff15c9ab1b652136))
+
+
+### Bug Fixes
+
+* **playwright:** unflake allow/block on 4201/4202 (domain-access-control) DYNT-777 ([#11118](https://github.com/dynamic-labs/dynamic-auth/issues/11118)) ([86e0d72](https://github.com/dynamic-labs/dynamic-auth/commit/86e0d72b7d094f25ce9efd2173cd478b93eb8393)), closes [#11119](https://github.com/dynamic-labs/dynamic-auth/issues/11119)
+* **playwright:** unflake demo-v2 phantom flows (tolerate get-started splash skip) ([#11185](https://github.com/dynamic-labs/dynamic-auth/issues/11185)) ([b648d39](https://github.com/dynamic-labs/dynamic-auth/commit/b648d39c11580b5fbedb5a6972c174a42aa13326))
+* **sdk-react-core:** prevent duplicate deviceRegistration calls and stale list refetch after self-revoke ([#11298](https://github.com/dynamic-labs/dynamic-auth/issues/11298)) ([8ae5180](https://github.com/dynamic-labs/dynamic-auth/commit/8ae51803517bcde9503a20c290e82f3068dfda66))
+* **wallet-book:** correct sprite IDs for bitgetwallet and coin98 wallet groups ([#11291](https://github.com/dynamic-labs/dynamic-auth/issues/11291)) ([d56763c](https://github.com/dynamic-labs/dynamic-auth/commit/d56763c741a93c279c8dd9e548ab7d5ab14cd30d))
+
+### [4.83.2-alpha.0](https://github.com/dynamic-labs/dynamic-auth/compare/v4.83.1...v4.83.2-alpha.0) (2026-05-18)
+
+
+### Features
+
+* **ci:** add structured DD event reporting on RWX CI failure ([#11231](https://github.com/dynamic-labs/dynamic-auth/issues/11231)) ([2a6e19f](https://github.com/dynamic-labs/dynamic-auth/commit/2a6e19f5746bed28993b73c9dc43656ef9c8b75e)), closes [dynamic-labs/pw-configs#30](https://github.com/dynamic-labs/pw-configs/issues/30) [pw-configs#30](https://github.com/dynamic-labs/pw-configs/issues/30) [pw-configs#30](https://github.com/dynamic-labs/pw-configs/issues/30)
+* **playwright:** support local e2e + document workflow + .env.example ([#11230](https://github.com/dynamic-labs/dynamic-auth/issues/11230)) ([492cc5c](https://github.com/dynamic-labs/dynamic-auth/commit/492cc5ce6b5f9241ac670ebf140d1c2dce66dd58))
+
+
+### Bug Fixes
+
+* **aleo:** dedup concurrent shieldToken calls + hide manual CTA during auto-shield ([#11264](https://github.com/dynamic-labs/dynamic-auth/issues/11264)) ([f466373](https://github.com/dynamic-labs/dynamic-auth/commit/f4663732d50cc3e617c15d41c5131a6f84ee44d5)), closes [#3](https://github.com/dynamic-labs/dynamic-auth/issues/3) [#11263](https://github.com/dynamic-labs/dynamic-auth/issues/11263)
+* **aleo:** render real brand logos on the shielded balance tab ([#11270](https://github.com/dynamic-labs/dynamic-auth/issues/11270)) ([0482fb7](https://github.com/dynamic-labs/dynamic-auth/commit/0482fb7134ee85677e4e48d1cb1e323073703f92))
+* **aleo:** reuse pollOnShielded backoff for the manual shield refresh ([#11265](https://github.com/dynamic-labs/dynamic-auth/issues/11265)) ([4956798](https://github.com/dynamic-labs/dynamic-auth/commit/4956798bfd455caef2844dd1a1db1af3bb6d7daf)), closes [#11264](https://github.com/dynamic-labs/dynamic-auth/issues/11264) [#11263](https://github.com/dynamic-labs/dynamic-auth/issues/11263)
+* **ci:** drop doubled-playwright prefix from in-task dd reporter paths ([#11261](https://github.com/dynamic-labs/dynamic-auth/issues/11261)) ([459693d](https://github.com/dynamic-labs/dynamic-auth/commit/459693d74b73d534ed96ef6afdc5de930e2da9de)), closes [#11255](https://github.com/dynamic-labs/dynamic-auth/issues/11255) [#11255](https://github.com/dynamic-labs/dynamic-auth/issues/11255) [post-#11255](https://github.com/dynamic-labs/post-/issues/11255) [#11251](https://github.com/dynamic-labs/dynamic-auth/issues/11251) [#11231](https://github.com/dynamic-labs/dynamic-auth/issues/11231) [#11251](https://github.com/dynamic-labs/dynamic-auth/issues/11251) [#11231](https://github.com/dynamic-labs/dynamic-auth/issues/11231) [#11255](https://github.com/dynamic-labs/dynamic-auth/issues/11255) [#11251](https://github.com/dynamic-labs/dynamic-auth/issues/11251)
+* **ci:** pass captain log by path so dd reporter dodges ARG_MAX ([#11255](https://github.com/dynamic-labs/dynamic-auth/issues/11255)) ([43dfad0](https://github.com/dynamic-labs/dynamic-auth/commit/43dfad0fda0fdd487a246315d9c6e2be6d61edb1)), closes [#11251](https://github.com/dynamic-labs/dynamic-auth/issues/11251)
+* **widget:** theme TransactionMode segmented control for dark mode ([#11269](https://github.com/dynamic-labs/dynamic-auth/issues/11269)) ([21d6da2](https://github.com/dynamic-labs/dynamic-auth/commit/21d6da2b3edc8b3107c396ac7631b1dcb477533f)), closes [#e5e7](https://github.com/dynamic-labs/dynamic-auth/issues/e5e7) [#cbd5e1](https://github.com/dynamic-labs/dynamic-auth/issues/cbd5e1) [#f9](https://github.com/dynamic-labs/dynamic-auth/issues/f9)
+
 ### [4.83.1](https://github.com/dynamic-labs/dynamic-auth/compare/v4.83.0...v4.83.1) (2026-05-14)
 
 

package/package.cjs

@@ -3,6 +3,6 @@
 
 Object.defineProperty(exports, '__esModule', { value: true });
 
-var version = "4.83.1";
+var version = "4.84.0";
 
 exports.version = version;

package/package.js

@@ -1,4 +1,4 @@
 'use client'
-var version = "4.83.1";
+var version = "4.84.0";
 
 export { version };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dynamic-labs/aleo",
-  "version": "4.83.1",
+  "version": "4.84.0",
   "description": "A React SDK for implementing wallet web3 authentication and authorization to your website.",
   "author": "Dynamic Labs, Inc.",
   "license": "MIT",
@@ -18,19 +18,19 @@
   },
   "homepage": "https://www.dynamic.xyz/",
   "dependencies": {
-    "@dynamic-labs-sdk/client": "0.26.9",
-    "@dynamic-labs/assert-package-version": "4.83.1",
-    "@dynamic-labs/sdk-api-core": "0.0.964",
+    "@dynamic-labs-sdk/client": "1.1.0",
+    "@dynamic-labs/assert-package-version": "4.84.0",
+    "@dynamic-labs/sdk-api-core": "0.0.985",
     "@provablehq/aleo-wallet-adaptor-core": "0.3.0-alpha.3",
     "@provablehq/aleo-wallet-adaptor-shield": "0.3.0-alpha.3",
     "@provablehq/aleo-wallet-standard": "0.3.0-alpha.3",
     "@provablehq/aleo-types": "0.3.0-alpha.3",
-    "@dynamic-labs/logger": "4.83.1",
-    "@dynamic-labs/types": "4.83.1",
-    "@dynamic-labs/utils": "4.83.1",
-    "@dynamic-labs/waas": "4.83.1",
-    "@dynamic-labs/wallet-book": "4.83.1",
-    "@dynamic-labs/wallet-connector-core": "4.83.1"
+    "@dynamic-labs/logger": "4.84.0",
+    "@dynamic-labs/types": "4.84.0",
+    "@dynamic-labs/utils": "4.84.0",
+    "@dynamic-labs/waas": "4.84.0",
+    "@dynamic-labs/wallet-book": "4.84.0",
+    "@dynamic-labs/wallet-connector-core": "4.84.0"
   },
   "peerDependencies": {}
 }

package/src/connectors/DynamicWaasAleoConnector/DynamicWaasAleoConnector.cjs

@@ -233,6 +233,18 @@ class DynamicWaasAleoConnector extends waas.withDynamicWaas(WaasAleoWalletConnec
         //  prevents the hook from re-shielding the just-unshielded amount before
         //  step 2 spends it. Add on Exchange entry, remove in `finally`.
         this.tokensPendingExchange = new Set();
+        // In-flight shield broadcasts keyed by `${activeAccountAddress}:${programId}`.
+        //  Multiple call sites (the widget's manual CTA, the auto-shield hook,
+        //  external SDK consumers) can race for the same shield op — clicking
+        //  Shield Manually while the auto-shield hook is mid-broadcast for the
+        //  same token used to fire two `transfer_public_to_private` ceremonies,
+        //  resulting in one successful and one rejected transaction on-chain.
+        //  We dedupe at the connector layer so every caller (manual, auto, third
+        //  party) shares the same promise and emits the same `txId` for a single
+        //  underlying broadcast. The entry is cleared in `finally`, so a
+        //  *subsequent* shield of the same token (e.g. a new unshielded balance
+        //  arriving after the first broadcast finalizes) is allowed.
+        this.inFlightShieldByKey = new Map();
         this.walletUiUtils = props.walletUiUtils;
     }
     setVerifiedCredentials(verifiedCredentials) {
@@ -836,10 +848,39 @@ class DynamicWaasAleoConnector extends waas.withDynamicWaas(WaasAleoWalletConnec
             if (!token) {
                 throw new utils.DynamicError(`shieldToken: ${args.tokenAddress} is not a registered shieldable Aleo token on the current network.`);
             }
+            // Dedup by `(activeAccountAddress, programId)`. We deliberately ignore
+            //  `args.amount` in the key — if two call sites race, they're reading
+            //  the same unshielded balance and both want the same outcome; sharing
+            //  the in-flight promise prevents one successful + one rejected
+            //  broadcast (the rejected one would fail in the validator anyway once
+            //  the first consumed the public balance, but it still wastes a
+            //  Provable prove and a network round-trip).
+            const fromAddress = this.activeAccountAddress;
+            const dedupKey = `${fromAddress}:${token.programId}`;
+            const inFlight = this.inFlightShieldByKey.get(dedupKey);
+            if (inFlight)
+                return inFlight;
+            const dispatch = this.dispatchShieldBroadcast(token, args.amount, fromAddress).finally(() => {
+                this.inFlightShieldByKey.delete(dedupKey);
+            });
+            this.inFlightShieldByKey.set(dedupKey, dispatch);
+            return dispatch;
+        });
+    }
+    /**
+     * Builds the shield inputs, proves + broadcasts, and unwraps the txId.
+     * Pulled out of `shieldToken` so the dedup wrapper around it stays small.
+     * Throws via `DynamicError` if the relay accepts the broadcast but does
+     * not return a txId — `shieldToken`'s dedup map cleanup handles the
+     * rejection via `.finally()` (the failed entry is evicted so retries are
+     * allowed).
+     */
+    dispatchShieldBroadcast(token, amount, fromAddress) {
+        return _tslib.__awaiter(this, void 0, void 0, function* () {
             const { functionName, inputs, inputTypes } = buildShieldInputs({
-                to: this.activeAccountAddress,
+                to: fromAddress,
                 token,
-                value: args.amount,
+                value: amount,
             });
             const result = yield this.proveTransaction({
                 broadcast: true,

package/src/connectors/DynamicWaasAleoConnector/DynamicWaasAleoConnector.d.ts

@@ -23,12 +23,12 @@ declare const DynamicWaasAleoConnector_base: (abstract new (...args: any[]) => {
     isEmbeddedWallet: boolean;
     getSignedSessionId?: (() => Promise<string>) | undefined;
     getMfaToken?: ((props?: {
-        mfaAction?: import("@dynamic-labs/sdk-api-core").MFAAction | undefined;
+        mfaAction?: import("@dynamic-labs-sdk/client").MFAAction | undefined;
     } | undefined) => Promise<string | undefined>) | undefined;
     getWalletPassword?: import("@dynamic-labs/wallet-connector-core").GetWalletPasswordFn | undefined;
     getAuthToken?: (() => string) | undefined;
     getElevatedAccessToken?: ((props: {
-        scope: import("@dynamic-labs/sdk-api-core").TokenScope;
+        scope: import("@dynamic-labs-sdk/client").TokenScope;
     }) => Promise<string | undefined>) | undefined;
     environmentId?: string | undefined;
     baseApiUrl?: string | undefined;
@@ -43,10 +43,10 @@ declare const DynamicWaasAleoConnector_base: (abstract new (...args: any[]) => {
     setGetAuthTokenFunction(getAuthToken: () => string): void;
     setWaasAuthMode(authMode: "cookie" | "header"): void;
     setGetMfaTokenFunction(getMfaToken: (props?: {
-        mfaAction?: import("@dynamic-labs/sdk-api-core").MFAAction | undefined;
+        mfaAction?: import("@dynamic-labs-sdk/client").MFAAction | undefined;
     } | undefined) => Promise<string | undefined>): void;
     setGetElevatedAccessTokenFunction(getElevatedAccessToken: (params: {
-        scope: import("@dynamic-labs/sdk-api-core").TokenScope;
+        scope: import("@dynamic-labs-sdk/client").TokenScope;
     }) => Promise<string | undefined>): void;
     setGetWalletPasswordFunction(getWalletPassword: import("@dynamic-labs/wallet-connector-core").GetWalletPasswordFn): void;
     getPasswordIfNeeded({ accountAddress, }: {
@@ -176,6 +176,7 @@ export declare class DynamicWaasAleoConnector extends DynamicWaasAleoConnector_b
     verifiedCredentials: JwtVerifiedCredential[] | undefined;
     protected walletUiUtils: WalletUiUtils<InternalWalletConnector>;
     private readonly tokensPendingExchange;
+    private readonly inFlightShieldByKey;
     constructor(props: DynamicWaasAleoConnectorProps);
     setVerifiedCredentials(verifiedCredentials: JwtVerifiedCredential[]): void;
     getWalletClientByAddress({ accountAddress, }: {
@@ -404,6 +405,15 @@ export declare class DynamicWaasAleoConnector extends DynamicWaasAleoConnector_b
         isNative?: boolean;
         amount: bigint;
     }): Promise<string>;
+    /**
+     * Builds the shield inputs, proves + broadcasts, and unwraps the txId.
+     * Pulled out of `shieldToken` so the dedup wrapper around it stays small.
+     * Throws via `DynamicError` if the relay accepts the broadcast but does
+     * not return a txId — `shieldToken`'s dedup map cleanup handles the
+     * rejection via `.finally()` (the failed entry is evicted so retries are
+     * allowed).
+     */
+    private dispatchShieldBroadcast;
     /**
      * Two-step Exchange transfer.
      *

package/src/connectors/DynamicWaasAleoConnector/DynamicWaasAleoConnector.js

@@ -229,6 +229,18 @@ class DynamicWaasAleoConnector extends withDynamicWaas(WaasAleoWalletConnector)
         //  prevents the hook from re-shielding the just-unshielded amount before
         //  step 2 spends it. Add on Exchange entry, remove in `finally`.
         this.tokensPendingExchange = new Set();
+        // In-flight shield broadcasts keyed by `${activeAccountAddress}:${programId}`.
+        //  Multiple call sites (the widget's manual CTA, the auto-shield hook,
+        //  external SDK consumers) can race for the same shield op — clicking
+        //  Shield Manually while the auto-shield hook is mid-broadcast for the
+        //  same token used to fire two `transfer_public_to_private` ceremonies,
+        //  resulting in one successful and one rejected transaction on-chain.
+        //  We dedupe at the connector layer so every caller (manual, auto, third
+        //  party) shares the same promise and emits the same `txId` for a single
+        //  underlying broadcast. The entry is cleared in `finally`, so a
+        //  *subsequent* shield of the same token (e.g. a new unshielded balance
+        //  arriving after the first broadcast finalizes) is allowed.
+        this.inFlightShieldByKey = new Map();
         this.walletUiUtils = props.walletUiUtils;
     }
     setVerifiedCredentials(verifiedCredentials) {
@@ -832,10 +844,39 @@ class DynamicWaasAleoConnector extends withDynamicWaas(WaasAleoWalletConnector)
             if (!token) {
                 throw new DynamicError(`shieldToken: ${args.tokenAddress} is not a registered shieldable Aleo token on the current network.`);
             }
+            // Dedup by `(activeAccountAddress, programId)`. We deliberately ignore
+            //  `args.amount` in the key — if two call sites race, they're reading
+            //  the same unshielded balance and both want the same outcome; sharing
+            //  the in-flight promise prevents one successful + one rejected
+            //  broadcast (the rejected one would fail in the validator anyway once
+            //  the first consumed the public balance, but it still wastes a
+            //  Provable prove and a network round-trip).
+            const fromAddress = this.activeAccountAddress;
+            const dedupKey = `${fromAddress}:${token.programId}`;
+            const inFlight = this.inFlightShieldByKey.get(dedupKey);
+            if (inFlight)
+                return inFlight;
+            const dispatch = this.dispatchShieldBroadcast(token, args.amount, fromAddress).finally(() => {
+                this.inFlightShieldByKey.delete(dedupKey);
+            });
+            this.inFlightShieldByKey.set(dedupKey, dispatch);
+            return dispatch;
+        });
+    }
+    /**
+     * Builds the shield inputs, proves + broadcasts, and unwraps the txId.
+     * Pulled out of `shieldToken` so the dedup wrapper around it stays small.
+     * Throws via `DynamicError` if the relay accepts the broadcast but does
+     * not return a txId — `shieldToken`'s dedup map cleanup handles the
+     * rejection via `.finally()` (the failed entry is evicted so retries are
+     * allowed).
+     */
+    dispatchShieldBroadcast(token, amount, fromAddress) {
+        return __awaiter(this, void 0, void 0, function* () {
             const { functionName, inputs, inputTypes } = buildShieldInputs({
-                to: this.activeAccountAddress,
+                to: fromAddress,
                 token,
-                value: args.amount,
+                value: amount,
             });
             const result = yield this.proveTransaction({
                 broadcast: true,

package/src/utils/AleoUiTransaction/AleoUiTransaction.cjs

@@ -262,6 +262,7 @@ class AleoUiTransaction {
                     .reduce((acc, r) => acc + aleoSendableTokens.extractRecordAtomicAmount(r, token), BigInt(0));
                 const divisor = Number(pow10(token.decimals));
                 const rawBalance = Number(sumAtomic);
+                const rawBalanceString = sumAtomic.toString();
                 return {
                     address: token.contractAddress,
                     balance: rawBalance / divisor,
@@ -280,6 +281,7 @@ class AleoUiTransaction {
                     logoURI: (_a = token.logoURI) !== null && _a !== void 0 ? _a : '',
                     name: token.name,
                     rawBalance,
+                    rawBalanceString,
                     symbol: token.symbol,
                 };
             });

package/src/utils/AleoUiTransaction/AleoUiTransaction.js

@@ -258,6 +258,7 @@ class AleoUiTransaction {
                     .reduce((acc, r) => acc + extractRecordAtomicAmount(r, token), BigInt(0));
                 const divisor = Number(pow10(token.decimals));
                 const rawBalance = Number(sumAtomic);
+                const rawBalanceString = sumAtomic.toString();
                 return {
                     address: token.contractAddress,
                     balance: rawBalance / divisor,
@@ -276,6 +277,7 @@ class AleoUiTransaction {
                     logoURI: (_a = token.logoURI) !== null && _a !== void 0 ? _a : '',
                     name: token.name,
                     rawBalance,
+                    rawBalanceString,
                     symbol: token.symbol,
                 };
             });