@dynamic-labs/sdk-react-core 4.83.1 → 4.83.2-alpha.0

package/src/lib/utils/hooks/useAleoAutoShieldSponsoredTokens/buildTokenKey.cjs

@@ -0,0 +1,18 @@
+'use client'
+'use strict';
+
+Object.defineProperty(exports, '__esModule', { value: true });
+
+var nativeTokenKey = require('./nativeTokenKey.cjs');
+
+/**
+ * Per-token idempotency key used by `useAleoAutoShieldSponsoredTokens`
+ * to dedup auto-shield candidates and by consumers (e.g.
+ * `ActiveWalletBalance`) to read back which tokens are currently
+ * mid-broadcast via `currentlyShieldingTokenKeys`. Returns an empty
+ * string when neither an address nor the native flag is set so callers
+ * can treat the token as "no usable key" and skip it.
+ */
+const buildTokenKey = (token) => { var _a; return (_a = token.address) !== null && _a !== void 0 ? _a : (token.isNative ? nativeTokenKey.nativeTokenKey : ''); };
+
+exports.buildTokenKey = buildTokenKey;

package/src/lib/utils/hooks/useAleoAutoShieldSponsoredTokens/buildTokenKey.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Argument shape — narrowed to just what the key derivation needs so the
+ * helper can be called with a partial `TokenBalance` or with a raw
+ * `{ address, isNative }` pair from any consumer.
+ */
+export type BuildTokenKeyArgs = {
+    address?: string;
+    isNative?: boolean;
+};
+/**
+ * Per-token idempotency key used by `useAleoAutoShieldSponsoredTokens`
+ * to dedup auto-shield candidates and by consumers (e.g.
+ * `ActiveWalletBalance`) to read back which tokens are currently
+ * mid-broadcast via `currentlyShieldingTokenKeys`. Returns an empty
+ * string when neither an address nor the native flag is set so callers
+ * can treat the token as "no usable key" and skip it.
+ */
+export declare const buildTokenKey: (token: BuildTokenKeyArgs) => string;

package/src/lib/utils/hooks/useAleoAutoShieldSponsoredTokens/buildTokenKey.js

@@ -0,0 +1,14 @@
+'use client'
+import { nativeTokenKey } from './nativeTokenKey.js';
+
+/**
+ * Per-token idempotency key used by `useAleoAutoShieldSponsoredTokens`
+ * to dedup auto-shield candidates and by consumers (e.g.
+ * `ActiveWalletBalance`) to read back which tokens are currently
+ * mid-broadcast via `currentlyShieldingTokenKeys`. Returns an empty
+ * string when neither an address nor the native flag is set so callers
+ * can treat the token as "no usable key" and skip it.
+ */
+const buildTokenKey = (token) => { var _a; return (_a = token.address) !== null && _a !== void 0 ? _a : (token.isNative ? nativeTokenKey : ''); };
+
+export { buildTokenKey };

package/src/lib/utils/hooks/useAleoAutoShieldSponsoredTokens/index.d.ts

@@ -1 +1,3 @@
 export { useAleoAutoShieldSponsoredTokens } from './useAleoAutoShieldSponsoredTokens';
+export type { UseAleoAutoShieldSponsoredTokensResult } from './useAleoAutoShieldSponsoredTokens';
+export { pollOnShielded, REFRESH_DELAYS_MS } from './pollOnShielded';

package/src/lib/utils/hooks/useAleoAutoShieldSponsoredTokens/nativeTokenKey.cjs

@@ -0,0 +1,15 @@
+'use client'
+'use strict';
+
+Object.defineProperty(exports, '__esModule', { value: true });
+
+/**
+ * Stand-in key for `credits.aleo` — the Aleo native asset has no contract
+ * address from redcoast's perspective, so anywhere we'd otherwise reach
+ * for `token.address` as the idempotency / dedup key we use this
+ * sentinel instead. Centralised so the hook and any consumer (e.g. the
+ * `Shield Manually` CTA in `ActiveWalletBalance`) read the same value.
+ */
+const nativeTokenKey = '__native__';
+
+exports.nativeTokenKey = nativeTokenKey;

package/src/lib/utils/hooks/useAleoAutoShieldSponsoredTokens/nativeTokenKey.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Stand-in key for `credits.aleo` — the Aleo native asset has no contract
+ * address from redcoast's perspective, so anywhere we'd otherwise reach
+ * for `token.address` as the idempotency / dedup key we use this
+ * sentinel instead. Centralised so the hook and any consumer (e.g. the
+ * `Shield Manually` CTA in `ActiveWalletBalance`) read the same value.
+ */
+export declare const nativeTokenKey = "__native__";

package/src/lib/utils/hooks/useAleoAutoShieldSponsoredTokens/nativeTokenKey.js

@@ -0,0 +1,11 @@
+'use client'
+/**
+ * Stand-in key for `credits.aleo` — the Aleo native asset has no contract
+ * address from redcoast's perspective, so anywhere we'd otherwise reach
+ * for `token.address` as the idempotency / dedup key we use this
+ * sentinel instead. Centralised so the hook and any consumer (e.g. the
+ * `Shield Manually` CTA in `ActiveWalletBalance`) read the same value.
+ */
+const nativeTokenKey = '__native__';
+
+export { nativeTokenKey };

package/src/lib/utils/hooks/useAleoAutoShieldSponsoredTokens/pollOnShielded.cjs

@@ -0,0 +1,50 @@
+'use client'
+'use strict';
+
+Object.defineProperty(exports, '__esModule', { value: true });
+
+var _tslib = require('../../../../../_virtual/_tslib.cjs');
+
+// Backoff schedule for the post-shield refresh. `shieldToken` resolves
+//  when the relay accepts the broadcast, not when the public→private
+//  transition confirms on-chain. Aleo block time + RecordScanner indexer
+//  lag means the immediate post-broadcast fetch usually returns the
+//  pre-confirmation balance, so we re-poll for ~45s before giving up.
+//
+//  Shared between the auto-shield hook (background) and the widget's
+//  manual Shield Manually CTA (foreground), so both flows update the
+//  unshielded and shielded balances on the same cadence — previously
+//  the manual flow refreshed exactly once and the unshielded row
+//  stayed at its pre-broadcast value for the full RecordScanner lag,
+//  making a successful shield look like a no-op.
+const REFRESH_DELAYS_MS = [
+    3000, 5000, 8000, 12000, 18000,
+];
+/**
+ * After a successful shield broadcast, poll `onShielded` on a backoff
+ * schedule so the consumer sees both the shielded and unshielded balances
+ * update without a manual refresh click. Stops early on cancel; swallows
+ * per-iteration errors (refresh is best-effort).
+ *
+ * `isCancelled` is a thunk so callers can hook it up to whatever liveness
+ * signal they have (effect cleanup `cancelled` flag, abort signal, mount
+ * ref, etc.) without this module having to know about React lifecycle.
+ */
+const pollOnShielded = (onShielded, isCancelled) => _tslib.__awaiter(void 0, void 0, void 0, function* () {
+    for (const delay of REFRESH_DELAYS_MS) {
+        if (isCancelled())
+            return;
+        yield new Promise((resolve) => setTimeout(resolve, delay));
+        if (isCancelled())
+            return;
+        try {
+            yield onShielded();
+        }
+        catch (_a) {
+            /* swallow — refresh is best-effort */
+        }
+    }
+});
+
+exports.REFRESH_DELAYS_MS = REFRESH_DELAYS_MS;
+exports.pollOnShielded = pollOnShielded;

package/src/lib/utils/hooks/useAleoAutoShieldSponsoredTokens/pollOnShielded.d.ts

@@ -0,0 +1,12 @@
+export declare const REFRESH_DELAYS_MS: ReadonlyArray<number>;
+/**
+ * After a successful shield broadcast, poll `onShielded` on a backoff
+ * schedule so the consumer sees both the shielded and unshielded balances
+ * update without a manual refresh click. Stops early on cancel; swallows
+ * per-iteration errors (refresh is best-effort).
+ *
+ * `isCancelled` is a thunk so callers can hook it up to whatever liveness
+ * signal they have (effect cleanup `cancelled` flag, abort signal, mount
+ * ref, etc.) without this module having to know about React lifecycle.
+ */
+export declare const pollOnShielded: (onShielded: () => Promise<void> | void, isCancelled: () => boolean) => Promise<void>;

package/src/lib/utils/hooks/useAleoAutoShieldSponsoredTokens/pollOnShielded.js

@@ -0,0 +1,45 @@
+'use client'
+import { __awaiter } from '../../../../../_virtual/_tslib.js';
+
+// Backoff schedule for the post-shield refresh. `shieldToken` resolves
+//  when the relay accepts the broadcast, not when the public→private
+//  transition confirms on-chain. Aleo block time + RecordScanner indexer
+//  lag means the immediate post-broadcast fetch usually returns the
+//  pre-confirmation balance, so we re-poll for ~45s before giving up.
+//
+//  Shared between the auto-shield hook (background) and the widget's
+//  manual Shield Manually CTA (foreground), so both flows update the
+//  unshielded and shielded balances on the same cadence — previously
+//  the manual flow refreshed exactly once and the unshielded row
+//  stayed at its pre-broadcast value for the full RecordScanner lag,
+//  making a successful shield look like a no-op.
+const REFRESH_DELAYS_MS = [
+    3000, 5000, 8000, 12000, 18000,
+];
+/**
+ * After a successful shield broadcast, poll `onShielded` on a backoff
+ * schedule so the consumer sees both the shielded and unshielded balances
+ * update without a manual refresh click. Stops early on cancel; swallows
+ * per-iteration errors (refresh is best-effort).
+ *
+ * `isCancelled` is a thunk so callers can hook it up to whatever liveness
+ * signal they have (effect cleanup `cancelled` flag, abort signal, mount
+ * ref, etc.) without this module having to know about React lifecycle.
+ */
+const pollOnShielded = (onShielded, isCancelled) => __awaiter(void 0, void 0, void 0, function* () {
+    for (const delay of REFRESH_DELAYS_MS) {
+        if (isCancelled())
+            return;
+        yield new Promise((resolve) => setTimeout(resolve, delay));
+        if (isCancelled())
+            return;
+        try {
+            yield onShielded();
+        }
+        catch (_a) {
+            /* swallow — refresh is best-effort */
+        }
+    }
+});
+
+export { REFRESH_DELAYS_MS, pollOnShielded };

package/src/lib/utils/hooks/useAleoAutoShieldSponsoredTokens/useAleoAutoShieldSponsoredTokens.cjs

@@ -5,15 +5,10 @@ Object.defineProperty(exports, '__esModule', { value: true });
 
 var _tslib = require('../../../../../_virtual/_tslib.cjs');
 var React = require('react');
+var buildTokenKey = require('./buildTokenKey.cjs');
+var nativeTokenKey = require('./nativeTokenKey.cjs');
+var pollOnShielded = require('./pollOnShielded.cjs');
 
-// Backoff schedule for the post-shield refresh. `shieldToken` resolves
-//  when the relay accepts the broadcast, not when the public→private
-//  transition confirms on-chain. Aleo block time + RecordScanner indexer
-//  lag means the immediate post-broadcast fetch usually returns the
-//  pre-confirmation balance, so we re-poll for ~45s before giving up.
-const REFRESH_DELAYS_MS = [
-    3000, 5000, 8000, 12000, 18000,
-];
 /**
  * Selects which of `tokens` should attempt an auto-shield on this cycle.
  * A token is a candidate when:
@@ -29,7 +24,6 @@ const REFRESH_DELAYS_MS = [
 const buildShieldCandidates = (args) => {
     const { tokens, accountAddress, shieldHandle, seenKeys } = args;
     return tokens.filter((token) => {
-        var _a;
         if (!token.rawBalance || token.rawBalance <= 0)
             return false;
         if (!shieldHandle.canShieldToken({
@@ -38,7 +32,7 @@ const buildShieldCandidates = (args) => {
         })) {
             return false;
         }
-        const tokenKey = (_a = token.address) !== null && _a !== void 0 ? _a : (token.isNative ? '__native__' : '');
+        const tokenKey = buildTokenKey.buildTokenKey(token);
         if (!tokenKey)
             return false;
         return !seenKeys.has(`${accountAddress}:${tokenKey}`);
@@ -52,20 +46,20 @@ const buildShieldCandidates = (args) => {
  * so the effect-cleanup `cancelled` flag stays in scope.
  */
 const tryShieldOneToken = (token, deps) => _tslib.__awaiter(void 0, void 0, void 0, function* () {
-    var _a, _b, _c, _d;
-    const { accountAddress, shieldHandle, seenKeys, isCancelled } = deps;
-    const tokenKey = (_a = token.address) !== null && _a !== void 0 ? _a : '__native__';
+    var _a, _b, _c;
+    const { accountAddress, shieldHandle, seenKeys, isCancelled, inFlightTokenKeys, } = deps;
+    const tokenKey = buildTokenKey.buildTokenKey(token) || nativeTokenKey.nativeTokenKey;
     const key = `${accountAddress}:${tokenKey}`;
     seenKeys.add(key);
     let sponsored = false;
     try {
         sponsored =
-            (_c = (yield ((_b = shieldHandle.isShieldSponsored) === null || _b === void 0 ? void 0 : _b.call(shieldHandle, {
+            (_b = (yield ((_a = shieldHandle.isShieldSponsored) === null || _a === void 0 ? void 0 : _a.call(shieldHandle, {
                 address: token.address,
                 isNative: token.isNative,
-            })))) !== null && _c !== void 0 ? _c : false;
+            })))) !== null && _b !== void 0 ? _b : false;
     }
-    catch (_e) {
+    catch (_d) {
         sponsored = false;
     }
     if (isCancelled())
@@ -74,11 +68,12 @@ const tryShieldOneToken = (token, deps) => _tslib.__awaiter(void 0, void 0, void
         seenKeys.delete(key);
         return false;
     }
-    const atomic = BigInt(Math.round((_d = token.rawBalance) !== null && _d !== void 0 ? _d : 0));
+    const atomic = BigInt(Math.round((_c = token.rawBalance) !== null && _c !== void 0 ? _c : 0));
     if (atomic <= BigInt(0)) {
         seenKeys.delete(key);
         return false;
     }
+    inFlightTokenKeys === null || inFlightTokenKeys === void 0 ? void 0 : inFlightTokenKeys.add(tokenKey);
     try {
         yield shieldHandle.shieldToken({
             amount: atomic,
@@ -87,30 +82,12 @@ const tryShieldOneToken = (token, deps) => _tslib.__awaiter(void 0, void 0, void
         });
         return true;
     }
-    catch (_f) {
+    catch (_e) {
         seenKeys.delete(key);
         return false;
     }
-});
-/**
- * After a successful shield broadcast, poll `onShielded` on a backoff
- * schedule so the consumer sees both the shielded and unshielded balances
- * update without a manual refresh click. Stops early on cancel; swallows
- * per-iteration errors (refresh is best-effort).
- */
-const pollOnShielded = (onShielded, isCancelled) => _tslib.__awaiter(void 0, void 0, void 0, function* () {
-    for (const delay of REFRESH_DELAYS_MS) {
-        if (isCancelled())
-            return;
-        yield new Promise((resolve) => setTimeout(resolve, delay));
-        if (isCancelled())
-            return;
-        try {
-            yield onShielded();
-        }
-        catch (_g) {
-            /* swallow — refresh is best-effort */
-        }
+    finally {
+        inFlightTokenKeys === null || inFlightTokenKeys === void 0 ? void 0 : inFlightTokenKeys.delete(tokenKey);
     }
 });
 const useAleoAutoShieldSponsoredTokens = ({ accountAddress, unshieldedTokenBalances, shieldHandle, onShielded, }) => {
@@ -148,6 +125,35 @@ const useAleoAutoShieldSponsoredTokens = ({ accountAddress, unshieldedTokenBalan
             mountedRef.current = false;
         };
     }, []);
+    // Identity-stable set of token keys we're currently broadcasting for.
+    //  Mutated in `tryShieldOneToken` (add on entry, delete in `finally`)
+    //  via the `inFlightKeysAdapter` below. We rebuild the returned `Set`
+    //  as a new instance on every mutation so React consumers re-render;
+    //  the underlying ref-held Set is internal and never exposed.
+    const inFlightKeysRef = React.useRef(new Set());
+    const [currentlyShieldingTokenKeys, setCurrentlyShieldingTokenKeys] = React.useState(() => new Set());
+    // Stable adapter we hand to `tryShieldOneToken`. Each add/delete
+    //  mutates the ref-held set and publishes a fresh ReadonlySet snapshot
+    //  to state so subscribers re-render. We can't pass `inFlightKeysRef.current`
+    //  directly because the consumer can't subscribe to mutation — the
+    //  state copy is what makes this observable from React.
+    const inFlightKeysAdapter = React.useMemo(() => ({
+        add: (key) => {
+            inFlightKeysRef.current.add(key);
+            if (mountedRef.current) {
+                setCurrentlyShieldingTokenKeys(new Set(inFlightKeysRef.current));
+            }
+        },
+        delete: (key) => {
+            inFlightKeysRef.current.delete(key);
+            if (mountedRef.current) {
+                setCurrentlyShieldingTokenKeys(new Set(inFlightKeysRef.current));
+            }
+        },
+    }), 
+    // mountedRef is stable; we read its `.current` inside the closures
+    //  to avoid resubscribing consumers on every mount.
+    []);
     // Content fingerprint for the balance list. We re-run the effect only
     //  when balances *meaningfully* change (token added/removed/balance
     //  shifted), not on every render where the parent passes a new array
@@ -158,7 +164,7 @@ const useAleoAutoShieldSponsoredTokens = ({ accountAddress, unshieldedTokenBalan
     const balanceFingerprint = React.useMemo(() => (unshieldedTokenBalances !== null && unshieldedTokenBalances !== void 0 ? unshieldedTokenBalances : [])
         .map((t) => {
         var _a, _b;
-        return `${(_a = t.address) !== null && _a !== void 0 ? _a : '__native__'}|${t.isNative ? 1 : 0}|${(_b = t.rawBalance) !== null && _b !== void 0 ? _b : 0}`;
+        return `${(_a = t.address) !== null && _a !== void 0 ? _a : nativeTokenKey.nativeTokenKey}|${t.isNative ? 1 : 0}|${(_b = t.rawBalance) !== null && _b !== void 0 ? _b : 0}`;
     })
         // Use `localeCompare` so the sort is locale-aware and stable across
         //  JS engines (default `Array.prototype.sort` on strings is
@@ -210,6 +216,7 @@ const useAleoAutoShieldSponsoredTokens = ({ accountAddress, unshieldedTokenBalan
                     return;
                 const ok = yield tryShieldOneToken(token, {
                     accountAddress,
+                    inFlightTokenKeys: inFlightKeysAdapter,
                     isCancelled,
                     seenKeys: seenKeysRef.current,
                     shieldHandle,
@@ -218,7 +225,7 @@ const useAleoAutoShieldSponsoredTokens = ({ accountAddress, unshieldedTokenBalan
                     didShield = true;
             }
             if (didShield && !cancelled && onShielded) {
-                yield pollOnShielded(onShielded, isCancelled);
+                yield pollOnShielded.pollOnShielded(onShielded, isCancelled);
             }
         });
         run()
@@ -257,7 +264,7 @@ const useAleoAutoShieldSponsoredTokens = ({ accountAddress, unshieldedTokenBalan
         //  cancel an in-flight shield ceremony.
         // eslint-disable-next-line react-hooks/exhaustive-deps
     }, [accountAddress, balanceFingerprint, shieldHandle, onShielded]);
-    return { isShielding };
+    return { currentlyShieldingTokenKeys, isShielding };
 };
 
 exports.useAleoAutoShieldSponsoredTokens = useAleoAutoShieldSponsoredTokens;

package/src/lib/utils/hooks/useAleoAutoShieldSponsoredTokens/useAleoAutoShieldSponsoredTokens.d.ts

@@ -54,6 +54,17 @@ export type UseAleoAutoShieldSponsoredTokensResult = {
      *  Goes back to `false` on cleanup or once the run resolves.
      */
     isShielding: boolean;
+    /**
+     * Token keys (`token.address` or `nativeTokenKey`) for which a shield
+     *  ceremony is currently in flight from this hook. Stable identity
+     *  across renders — only changes when a ceremony starts or ends, not
+     *  when other parts of the hook state churn. Consumers (e.g. the
+     *  widget's Shield Manually CTA) read this set to suppress duplicate
+     *  CTAs for tokens auto-shield is already broadcasting; the connector
+     *  has its own dedup, but hiding the CTA also prevents the user from
+     *  seeing a stale spinner snap to a second one.
+     */
+    currentlyShieldingTokenKeys: ReadonlySet<string>;
 };
 export declare const useAleoAutoShieldSponsoredTokens: ({ accountAddress, unshieldedTokenBalances, shieldHandle, onShielded, }: UseAleoAutoShieldSponsoredTokensArgs) => UseAleoAutoShieldSponsoredTokensResult;
 export {};

package/src/lib/utils/hooks/useAleoAutoShieldSponsoredTokens/useAleoAutoShieldSponsoredTokens.js

@@ -1,15 +1,10 @@
 'use client'
 import { __awaiter } from '../../../../../_virtual/_tslib.js';
 import { useRef, useState, useEffect, useMemo } from 'react';
+import { buildTokenKey } from './buildTokenKey.js';
+import { nativeTokenKey } from './nativeTokenKey.js';
+import { pollOnShielded } from './pollOnShielded.js';
 
-// Backoff schedule for the post-shield refresh. `shieldToken` resolves
-//  when the relay accepts the broadcast, not when the public→private
-//  transition confirms on-chain. Aleo block time + RecordScanner indexer
-//  lag means the immediate post-broadcast fetch usually returns the
-//  pre-confirmation balance, so we re-poll for ~45s before giving up.
-const REFRESH_DELAYS_MS = [
-    3000, 5000, 8000, 12000, 18000,
-];
 /**
  * Selects which of `tokens` should attempt an auto-shield on this cycle.
  * A token is a candidate when:
@@ -25,7 +20,6 @@ const REFRESH_DELAYS_MS = [
 const buildShieldCandidates = (args) => {
     const { tokens, accountAddress, shieldHandle, seenKeys } = args;
     return tokens.filter((token) => {
-        var _a;
         if (!token.rawBalance || token.rawBalance <= 0)
             return false;
         if (!shieldHandle.canShieldToken({
@@ -34,7 +28,7 @@ const buildShieldCandidates = (args) => {
         })) {
             return false;
         }
-        const tokenKey = (_a = token.address) !== null && _a !== void 0 ? _a : (token.isNative ? '__native__' : '');
+        const tokenKey = buildTokenKey(token);
         if (!tokenKey)
             return false;
         return !seenKeys.has(`${accountAddress}:${tokenKey}`);
@@ -48,20 +42,20 @@ const buildShieldCandidates = (args) => {
  * so the effect-cleanup `cancelled` flag stays in scope.
  */
 const tryShieldOneToken = (token, deps) => __awaiter(void 0, void 0, void 0, function* () {
-    var _a, _b, _c, _d;
-    const { accountAddress, shieldHandle, seenKeys, isCancelled } = deps;
-    const tokenKey = (_a = token.address) !== null && _a !== void 0 ? _a : '__native__';
+    var _a, _b, _c;
+    const { accountAddress, shieldHandle, seenKeys, isCancelled, inFlightTokenKeys, } = deps;
+    const tokenKey = buildTokenKey(token) || nativeTokenKey;
     const key = `${accountAddress}:${tokenKey}`;
     seenKeys.add(key);
     let sponsored = false;
     try {
         sponsored =
-            (_c = (yield ((_b = shieldHandle.isShieldSponsored) === null || _b === void 0 ? void 0 : _b.call(shieldHandle, {
+            (_b = (yield ((_a = shieldHandle.isShieldSponsored) === null || _a === void 0 ? void 0 : _a.call(shieldHandle, {
                 address: token.address,
                 isNative: token.isNative,
-            })))) !== null && _c !== void 0 ? _c : false;
+            })))) !== null && _b !== void 0 ? _b : false;
     }
-    catch (_e) {
+    catch (_d) {
         sponsored = false;
     }
     if (isCancelled())
@@ -70,11 +64,12 @@ const tryShieldOneToken = (token, deps) => __awaiter(void 0, void 0, void 0, fun
         seenKeys.delete(key);
         return false;
     }
-    const atomic = BigInt(Math.round((_d = token.rawBalance) !== null && _d !== void 0 ? _d : 0));
+    const atomic = BigInt(Math.round((_c = token.rawBalance) !== null && _c !== void 0 ? _c : 0));
     if (atomic <= BigInt(0)) {
         seenKeys.delete(key);
         return false;
     }
+    inFlightTokenKeys === null || inFlightTokenKeys === void 0 ? void 0 : inFlightTokenKeys.add(tokenKey);
     try {
         yield shieldHandle.shieldToken({
             amount: atomic,
@@ -83,30 +78,12 @@ const tryShieldOneToken = (token, deps) => __awaiter(void 0, void 0, void 0, fun
         });
         return true;
     }
-    catch (_f) {
+    catch (_e) {
         seenKeys.delete(key);
         return false;
     }
-});
-/**
- * After a successful shield broadcast, poll `onShielded` on a backoff
- * schedule so the consumer sees both the shielded and unshielded balances
- * update without a manual refresh click. Stops early on cancel; swallows
- * per-iteration errors (refresh is best-effort).
- */
-const pollOnShielded = (onShielded, isCancelled) => __awaiter(void 0, void 0, void 0, function* () {
-    for (const delay of REFRESH_DELAYS_MS) {
-        if (isCancelled())
-            return;
-        yield new Promise((resolve) => setTimeout(resolve, delay));
-        if (isCancelled())
-            return;
-        try {
-            yield onShielded();
-        }
-        catch (_g) {
-            /* swallow — refresh is best-effort */
-        }
+    finally {
+        inFlightTokenKeys === null || inFlightTokenKeys === void 0 ? void 0 : inFlightTokenKeys.delete(tokenKey);
     }
 });
 const useAleoAutoShieldSponsoredTokens = ({ accountAddress, unshieldedTokenBalances, shieldHandle, onShielded, }) => {
@@ -144,6 +121,35 @@ const useAleoAutoShieldSponsoredTokens = ({ accountAddress, unshieldedTokenBalan
             mountedRef.current = false;
         };
     }, []);
+    // Identity-stable set of token keys we're currently broadcasting for.
+    //  Mutated in `tryShieldOneToken` (add on entry, delete in `finally`)
+    //  via the `inFlightKeysAdapter` below. We rebuild the returned `Set`
+    //  as a new instance on every mutation so React consumers re-render;
+    //  the underlying ref-held Set is internal and never exposed.
+    const inFlightKeysRef = useRef(new Set());
+    const [currentlyShieldingTokenKeys, setCurrentlyShieldingTokenKeys] = useState(() => new Set());
+    // Stable adapter we hand to `tryShieldOneToken`. Each add/delete
+    //  mutates the ref-held set and publishes a fresh ReadonlySet snapshot
+    //  to state so subscribers re-render. We can't pass `inFlightKeysRef.current`
+    //  directly because the consumer can't subscribe to mutation — the
+    //  state copy is what makes this observable from React.
+    const inFlightKeysAdapter = useMemo(() => ({
+        add: (key) => {
+            inFlightKeysRef.current.add(key);
+            if (mountedRef.current) {
+                setCurrentlyShieldingTokenKeys(new Set(inFlightKeysRef.current));
+            }
+        },
+        delete: (key) => {
+            inFlightKeysRef.current.delete(key);
+            if (mountedRef.current) {
+                setCurrentlyShieldingTokenKeys(new Set(inFlightKeysRef.current));
+            }
+        },
+    }), 
+    // mountedRef is stable; we read its `.current` inside the closures
+    //  to avoid resubscribing consumers on every mount.
+    []);
     // Content fingerprint for the balance list. We re-run the effect only
     //  when balances *meaningfully* change (token added/removed/balance
     //  shifted), not on every render where the parent passes a new array
@@ -154,7 +160,7 @@ const useAleoAutoShieldSponsoredTokens = ({ accountAddress, unshieldedTokenBalan
     const balanceFingerprint = useMemo(() => (unshieldedTokenBalances !== null && unshieldedTokenBalances !== void 0 ? unshieldedTokenBalances : [])
         .map((t) => {
         var _a, _b;
-        return `${(_a = t.address) !== null && _a !== void 0 ? _a : '__native__'}|${t.isNative ? 1 : 0}|${(_b = t.rawBalance) !== null && _b !== void 0 ? _b : 0}`;
+        return `${(_a = t.address) !== null && _a !== void 0 ? _a : nativeTokenKey}|${t.isNative ? 1 : 0}|${(_b = t.rawBalance) !== null && _b !== void 0 ? _b : 0}`;
     })
         // Use `localeCompare` so the sort is locale-aware and stable across
         //  JS engines (default `Array.prototype.sort` on strings is
@@ -206,6 +212,7 @@ const useAleoAutoShieldSponsoredTokens = ({ accountAddress, unshieldedTokenBalan
                     return;
                 const ok = yield tryShieldOneToken(token, {
                     accountAddress,
+                    inFlightTokenKeys: inFlightKeysAdapter,
                     isCancelled,
                     seenKeys: seenKeysRef.current,
                     shieldHandle,
@@ -253,7 +260,7 @@ const useAleoAutoShieldSponsoredTokens = ({ accountAddress, unshieldedTokenBalan
         //  cancel an in-flight shield ceremony.
         // eslint-disable-next-line react-hooks/exhaustive-deps
     }, [accountAddress, balanceFingerprint, shieldHandle, onShielded]);
-    return { isShielding };
+    return { currentlyShieldingTokenKeys, isShielding };
 };
 
 export { useAleoAutoShieldSponsoredTokens };