@explorins/pers-sdk-react-native 1.5.26 → 1.5.27

package/dist/index.js

@@ -8,10 +8,31 @@ var reactNative = require('react-native');
 require('@ethereumjs/tx');
 require('@ethereumjs/util');
 require('@ethereumjs/common');
+var Keychain = require('react-native-keychain');
 var AsyncStorage = require('@react-native-async-storage/async-storage');
+var crypto$1 = require('react-native-quick-crypto');
 var jsxRuntime = require('react/jsx-runtime');
 var react = require('react');
 
+function _interopNamespaceDefault(e) {
+  var n = Object.create(null);
+  if (e) {
+    Object.keys(e).forEach(function (k) {
+      if (k !== 'default') {
+        var d = Object.getOwnPropertyDescriptor(e, k);
+        Object.defineProperty(n, k, d.get ? d : {
+          enumerable: true,
+          get: function () { return e[k]; }
+        });
+      }
+    });
+  }
+  n.default = e;
+  return Object.freeze(n);
+}
+
+var Keychain__namespace = /*#__PURE__*/_interopNamespaceDefault(Keychain);
+
 var buffer = {};
 
 var base64Js = {};
@@ -2631,6 +2652,7 @@ exports.ApiKeyType = void 0;
     ApiKeyType["USER_JWT_REFRESH_TOKEN"] = "USER_JWT_REFRESH_TOKEN";
     ApiKeyType["BLOCKCHAIN_WRITER_JWT"] = "BLOCKCHAIN_WRITER_JWT";
     ApiKeyType["BLOCKCHAIN_READER_JWT"] = "BLOCKCHAIN_READER_JWT";
+    ApiKeyType["TRANSACTION_JWT_ACCESS_TOKEN"] = "TRANSACTION_JWT_ACCESS_TOKEN";
     // TODO: this needs to be removed. However, there is still dependency
     ApiKeyType["TENANT_LEGACY_ADMIN"] = "TENANT_ADMIN_JWT";
     // TENANT_SYSTEM_API_SECRET    = 'TENANT_SYSTEM_API_SECRET',
@@ -2656,23 +2678,6 @@ exports.Web3ContractTypes = void 0;
     Web3ContractTypes["TOKEN_CONTRACT"] = "TOKEN_CONTRACT";
 })(exports.Web3ContractTypes || (exports.Web3ContractTypes = {}));
 
-exports.CampaignConditionType = void 0;
-(function (CampaignConditionType) {
-    CampaignConditionType["EQUALS"] = "EQUALS";
-    CampaignConditionType["NOT_EQUALS"] = "NOT_EQUALS";
-    CampaignConditionType["GREATER_THAN"] = "GREATER_THAN";
-    CampaignConditionType["LESS_THAN"] = "LESS_THAN";
-    CampaignConditionType["CONTAINS"] = "CONTAINS";
-    CampaignConditionType["IS_PART_OF"] = "IS_PART_OF";
-})(exports.CampaignConditionType || (exports.CampaignConditionType = {}));
-
-exports.CampaignTriggerType = void 0;
-(function (CampaignTriggerType) {
-    CampaignTriggerType["CLAIM_BY_USER"] = "CLAIM_BY_USER";
-    CampaignTriggerType["CLAIM_BY_SYSTEM"] = "CLAIM_BY_SYSTEM";
-    CampaignTriggerType["CLAIM_BY_BUSINESS"] = "CLAIM_BY_BUSINESS";
-})(exports.CampaignTriggerType || (exports.CampaignTriggerType = {}));
-
 /**
  * Entity ownership types - defines what types of entities can own resources
  *
@@ -2817,6 +2822,45 @@ exports.RedemptionRedeemStatus = void 0;
     RedemptionRedeemStatus["FAILED"] = "FAILED"; // Processing failed
 })(exports.RedemptionRedeemStatus || (exports.RedemptionRedeemStatus = {}));
 
+/**
+ * Trigger Source Types
+ * Defines the different types of triggers that can activate a campaign flow
+ */
+exports.TriggerSourceType = void 0;
+(function (TriggerSourceType) {
+    TriggerSourceType["QR_CODE"] = "QR_CODE";
+    // NFC_TAG = 'NFC_TAG', 
+    TriggerSourceType["API_WEBHOOK"] = "API_WEBHOOK";
+    // TRANSACTION = 'TRANSACTION',
+})(exports.TriggerSourceType || (exports.TriggerSourceType = {}));
+/**
+ * Source Logic Types
+ * Defines how multiple trigger sources combine to activate a flow
+ * Currently only ANY (OR logic) is implemented
+ */
+exports.SourceLogicType = void 0;
+(function (SourceLogicType) {
+    SourceLogicType["ANY"] = "any";
+    // Future: ALL = 'all', SEQUENCE = 'sequence', WEIGHTED = 'weighted'
+})(exports.SourceLogicType || (exports.SourceLogicType = {}));
+
+exports.CampaignConditionType = void 0;
+(function (CampaignConditionType) {
+    CampaignConditionType["EQUALS"] = "EQUALS";
+    CampaignConditionType["NOT_EQUALS"] = "NOT_EQUALS";
+    CampaignConditionType["GREATER_THAN"] = "GREATER_THAN";
+    CampaignConditionType["LESS_THAN"] = "LESS_THAN";
+    CampaignConditionType["CONTAINS"] = "CONTAINS";
+    CampaignConditionType["IS_PART_OF"] = "IS_PART_OF";
+})(exports.CampaignConditionType || (exports.CampaignConditionType = {}));
+
+exports.CampaignTriggerType = void 0;
+(function (CampaignTriggerType) {
+    CampaignTriggerType["CLAIM_BY_USER"] = "CLAIM_BY_USER";
+    CampaignTriggerType["CLAIM_BY_SYSTEM"] = "CLAIM_BY_SYSTEM";
+    CampaignTriggerType["CLAIM_BY_BUSINESS"] = "CLAIM_BY_BUSINESS";
+})(exports.CampaignTriggerType || (exports.CampaignTriggerType = {}));
+
 const apiPublicKeyTestPrefix = 'pk_test_';
 const testnetPrefix = 'testnet-';
 const testnetShortPrefix = 'tn-';
@@ -2937,8 +2981,6 @@ const NativeTokenTypes = {
     ERC721: 'ERC721'
 };
 
-/* // ✅ EXPRESSION ALIASES: Results from CASE WHEN expressions and other computed fields
-& { [key: string]: string | number | Date | undefined }; */
 const ANALYTICS_METRIC_TYPES = ['count', 'sum', 'avg', 'min', 'max'];
 const ANALYTICS_GROUP_BY_TYPES = ['month', 'week', 'day', 'year', 'quarter'];
 
@@ -23836,12 +23878,12 @@ class CampaignApi {
                 params.push(`tag=${encodeURIComponent(options.tag)}`);
             if (options.limit)
                 params.push(`limit=${options.limit}`);
-            if (options.offset)
-                params.push(`offset=${options.offset}`);
-            if (options.sort)
-                params.push(`sort=${options.sort}`);
-            if (options.order)
-                params.push(`order=${options.order}`);
+            if (options.page)
+                params.push(`page=${options.page}`);
+            if (options.sortBy)
+                params.push(`sortBy=${options.sortBy}`);
+            if (options.sortOrder)
+                params.push(`sortOrder=${options.sortOrder}`);
         }
         if (params.length > 0) {
             url += `?${params.join('&')}`;
@@ -23950,10 +23992,25 @@ class CampaignApi {
     // ==========================================
     /**
      * PUBLIC: Get campaign triggers catalog
-     * NEW: GET /campaign-triggers
+     * NEW: GET /trigger-sources
      */
-    async getCampaignTriggers() {
-        return this.apiClient.get(`/campaign-triggers`);
+    async getCampaignTriggers(options) {
+        let url = '/trigger-sources';
+        const params = [];
+        if (options) {
+            if (options.limit)
+                params.push(`limit=${options.limit}`);
+            if (options.page)
+                params.push(`page=${options.page}`);
+            if (options.sortBy)
+                params.push(`sortBy=${options.sortBy}`);
+            if (options.sortOrder)
+                params.push(`sortOrder=${options.sortOrder}`);
+        }
+        if (params.length > 0) {
+            url += `?${params.join('&')}`;
+        }
+        return this.apiClient.get(url);
     }
     /**
      * ADMIN: Create campaign trigger
@@ -23983,26 +24040,12 @@ class CampaignApi {
     async setCampaignTrigger(campaignId, triggerId) {
         return this.apiClient.put(`/campaign-triggers/${triggerId}/assign/${campaignId}`, {});
     }
-    /**
-     * ADMIN: Create trigger condition
-     * NEW: POST /campaign-triggers/conditions
-     */
-    async createTriggerCondition(condition) {
-        return this.apiClient.post('/campaign-triggers/conditions', condition);
-    }
-    /**
-     * ADMIN: Update trigger condition
-     * NEW: PUT /campaign-triggers/conditions/{id}
-     */
-    async updateTriggerCondition(conditionId, condition) {
-        return this.apiClient.put(`/campaign-triggers/conditions/${conditionId}`, condition);
-    }
     /**
      * ADMIN: Add/Remove condition to trigger
      * NEW: PUT /campaign-triggers/{triggerId}/conditions/{conditionId}
      */
-    async addOrRemoveConditionToTrigger(triggerId, conditionId) {
-        return this.apiClient.put(`/campaign-triggers/${triggerId}/conditions/${conditionId}`, {});
+    async addOrRemoveConditionToTrigger(triggerId, condition) {
+        return this.apiClient.put(`/campaign-triggers/${triggerId}/conditions`, condition);
     }
     // ==========================================
     // BUSINESS ENGAGEMENTS (/campaign-engagements)
@@ -24589,26 +24632,11 @@ class TransactionApi {
     /**
      * AUTH: Submit client-side signed transaction
      *
-     * NEW ENDPOINT: POST /transactions/{id}/submit
+     * NEW ENDPOINT: POST /transactions/submit
      */
     async submitSignedTransaction(signedTxData) {
         return this.apiClient.post(`${this.basePath}/submit`, signedTxData);
     }
-    /**
-     * AUTH: Burn user tokens
-     *
-     * UPDATED: Uses new user transaction endpoint with burn-specific parameters
-     * Note: This might need backend confirmation on burn functionality implementation
-     */
-    /* async burnUserTokens(request: UserBurnTokenRequestDTO): Promise<TransactionRequestResponseDTO> {
-      // Map burn request to TransactionRequestDTO format for new endpoint
-      const transactionRequest: TransactionRequestDTO = {
-        ...request,
-        // Add any specific burn transaction parameters here
-      } as any;
-  
-      return this.apiClient.post<TransactionRequestResponseDTO>(`${this.basePath}`, transactionRequest);
-    } */
     // ==========================================
     // BUSINESS OPERATIONS
     // ==========================================
@@ -24633,9 +24661,9 @@ class TransactionApi {
       return this.apiClient.post<TransactionDTO>(`${this.basePath}/system`, request);
     } */
     /**
-     * AUTH: Prepare client signed transaction
+     * AUTH: Prepare client signed transaction (Create new transaction for signing)
      *
-     * UPDATED: /transaction/auth/prepare-signing → /transactions/prepare
+     * UPDATED: /transaction/auth/prepare-signing → /transactions (POST)
      */
     async prepareClientSignedTransaction(request) {
         return this.apiClient.post(`${this.basePath}`, request);
@@ -24659,45 +24687,7 @@ class TransactionApi {
      * UPDATED: /transaction/admin → /transactions (same endpoint, better structure)
      */
     async getPaginatedTransactions(params) {
-        // Build query parameters
-        const queryParams = {
-            page: params.page.toString(),
-            limit: params.limit.toString()
-        };
-        // Add sorting parameters if provided
-        if (params.sortBy) {
-            queryParams['sortBy'] = params.sortBy;
-        }
-        if (params.sortOrder) {
-            queryParams['sortOrder'] = params.sortOrder;
-        }
-        // Add user-specific filtering if provided
-        if (params.participantId) {
-            queryParams['participantId'] = params.participantId;
-        }
-        // Add status filtering if provided
-        if (params.status) {
-            queryParams['status'] = params.status;
-        }
-        // Add additional filters if provided
-        if (params.filters) {
-            if (params.filters.startDate) {
-                queryParams['startDate'] = params.filters.startDate;
-            }
-            if (params.filters.endDate) {
-                queryParams['endDate'] = params.filters.endDate;
-            }
-            if (params.filters.type && params.filters.type.length > 0) {
-                queryParams['type'] = params.filters.type.join(',');
-            }
-            if (params.filters.tokenType && params.filters.tokenType.length > 0) {
-                queryParams['tokenType'] = params.filters.tokenType.join(',');
-            }
-        }
-        // Build query string
-        const queryString = Object.entries(queryParams)
-            .map(([key, value]) => `${key}=${encodeURIComponent(value)}`)
-            .join('&');
+        const queryString = this.buildQueryParams(params).toString();
         return this.apiClient.get(`${this.basePath}?${queryString}`);
     }
     /**
@@ -24750,6 +24740,43 @@ class TransactionApi {
     async getTransactionAnalytics(analyticsRequest) {
         return this.apiClient.post(`${this.basePath}/analytics`, analyticsRequest);
     }
+    /**
+     * Helper to convert DTO object to URLSearchParams
+     * Handles nested 'filters' object and arrays correctly.
+     */
+    buildQueryParams(params) {
+        const query = new URLSearchParams();
+        // 1. Handle Root Pagination Fields
+        if (params.page !== undefined)
+            query.append('page', params.page.toString());
+        if (params.limit !== undefined)
+            query.append('limit', params.limit.toString());
+        if (params.sortBy)
+            query.append('sortBy', params.sortBy);
+        if (params.sortOrder)
+            query.append('sortOrder', params.sortOrder);
+        // 2. Handle Nested Filters
+        if (params.filters) {
+            Object.entries(params.filters).forEach(([key, value]) => {
+                // Skip undefined/null values
+                if (value === undefined || value === null || value === '')
+                    return;
+                if (Array.isArray(value)) {
+                    // Handle Arrays: NestJS expects 'status=A&status=B'
+                    value.forEach((item) => query.append(key, String(item)));
+                }
+                else {
+                    // Handle Single Values: 'search=0x123'
+                    // NOTE: Backend Controller expects flat query params for filters
+                    // e.g. ?search=...&status=... NOT ?filters[search]=...
+                    // This mapping flattens 'filters.search' -> 'search' to match @Query('search') in Controller
+                    const stringValue = (value instanceof Date) ? value.toISOString() : String(value);
+                    query.append(key, stringValue);
+                }
+            });
+        }
+        return query;
+    }
 }
 
 /**
@@ -24792,17 +24819,17 @@ class TransactionService {
         return this.transactionApi.getUserTransactionHistory(role, limit);
     }
     /**
-     * AUTH: Prepare client signed transaction
+     * AUTH: Prepare existing transaction for client-side signing
      */
-    /* async prepareClientSignedTransaction(request: TransactionRequestDTO): Promise<TransactionRequestResponseDTO> {
-      return this.transactionApi.prepareClientSignedTransaction(request);
-    } */
+    async prepareExistingTransaction(transactionId) {
+        return this.transactionApi.prepareExistingTransaction(transactionId);
+    }
     /**
-     * AUTH: Burn user tokens
+     * AUTH: Prepare client signed transaction
      */
-    /* async burnUserTokens(request: UserBurnTokenRequestDTO): Promise<TransactionRequestResponseDTO> {
-      return this.transactionApi.burnUserTokens(request);
-    } */
+    async prepareClientSignedTransaction(request) {
+        return this.transactionApi.prepareClientSignedTransaction(request);
+    }
     // ==========================================
     // BUSINESS OPERATIONS
     // ==========================================
@@ -24839,6 +24866,27 @@ class TransactionService {
     async exportTransactionsCSV() {
         return this.transactionApi.exportTransactionsCSV();
     }
+    // ==========================================
+    // QUERY & ANALYTICS OPERATIONS
+    // ==========================================
+    /**
+     * Query transactions by sender
+     */
+    async queryTransactionsBySender(accountSelector) {
+        return this.transactionApi.queryTransactionsBySender(accountSelector);
+    }
+    /**
+     * Query transactions by recipient
+     */
+    async queryTransactionsByRecipient(accountSelector) {
+        return this.transactionApi.queryTransactionsByRecipient(accountSelector);
+    }
+    /**
+     * ADMIN: Get transaction analytics
+     */
+    async getTransactionAnalytics(analyticsRequest) {
+        return this.transactionApi.getTransactionAnalytics(analyticsRequest);
+    }
 }
 
 /**
@@ -26172,14 +26220,19 @@ const AUTH_STORAGE_KEYS = {
 };
 /**
  * LocalStorage implementation
+ * Note: Forces string conversion for compatibility
  */
 class LocalStorageTokenStorage {
+    constructor() {
+        this.supportsObjects = false;
+    }
     async get(key) {
         return typeof localStorage !== 'undefined' ? localStorage.getItem(key) : null;
     }
     async set(key, value) {
         if (typeof localStorage !== 'undefined') {
-            localStorage.setItem(key, value);
+            const stringValue = typeof value === 'string' ? value : JSON.stringify(value);
+            localStorage.setItem(key, stringValue);
         }
     }
     async remove(key) {
@@ -26200,6 +26253,7 @@ class LocalStorageTokenStorage {
  */
 class MemoryTokenStorage {
     constructor() {
+        this.supportsObjects = true;
         this.store = new Map();
     }
     async get(key) {
@@ -26223,26 +26277,30 @@ class AuthTokenManager {
         this.storage = storage;
     }
     async getAccessToken() {
-        return this.storage.get(AUTH_STORAGE_KEYS.ACCESS_TOKEN);
+        const val = await this.storage.get(AUTH_STORAGE_KEYS.ACCESS_TOKEN);
+        // Ensure we return string for tokens
+        return typeof val === 'string' ? val : null;
     }
     async setAccessToken(token) {
         await this.storage.set(AUTH_STORAGE_KEYS.ACCESS_TOKEN, token);
     }
     async getRefreshToken() {
-        return this.storage.get(AUTH_STORAGE_KEYS.REFRESH_TOKEN);
+        const val = await this.storage.get(AUTH_STORAGE_KEYS.REFRESH_TOKEN);
+        return typeof val === 'string' ? val : null;
     }
     async setRefreshToken(token) {
         await this.storage.set(AUTH_STORAGE_KEYS.REFRESH_TOKEN, token);
     }
     async getProviderToken() {
-        return this.storage.get(AUTH_STORAGE_KEYS.PROVIDER_TOKEN);
+        const val = await this.storage.get(AUTH_STORAGE_KEYS.PROVIDER_TOKEN);
+        return typeof val === 'string' ? val : null;
     }
     async setProviderToken(token) {
         await this.storage.set(AUTH_STORAGE_KEYS.PROVIDER_TOKEN, token);
     }
     async getAuthType() {
         const authType = await this.storage.get(AUTH_STORAGE_KEYS.AUTH_TYPE);
-        return authType;
+        return typeof authType === 'string' ? authType : null;
     }
     async setAuthType(authType) {
         await this.storage.set(AUTH_STORAGE_KEYS.AUTH_TYPE, authType);
@@ -26267,6 +26325,218 @@ class AuthTokenManager {
     }
 }
 
+class WebDPoPCryptoProvider {
+    get crypto() {
+        // Basic environment check
+        if (typeof crypto !== 'undefined')
+            return crypto;
+        if (typeof window !== 'undefined' && window.crypto)
+            return window.crypto;
+        if (typeof globalThis !== 'undefined' && globalThis.crypto)
+            return globalThis.crypto;
+        throw new Error('WebCrypto API not found. Please polyfill crypto.subtle or use a different DPoPCryptoProvider.');
+    }
+    async generateKeyPair(options) {
+        const extractable = options?.extractable ?? true;
+        const keyPair = await this.crypto.subtle.generateKey({
+            name: 'ECDSA',
+            namedCurve: 'P-256',
+        }, extractable, // Configurable extractability
+        ['sign', 'verify']);
+        const publicKey = await this.crypto.subtle.exportKey('jwk', keyPair.publicKey);
+        // If extractable, export private key as JWK (plain object)
+        // If NOT extractable, keep it as CryptoKey (native handle)
+        // However, DPoPKeyPair interface currently expects JsonWebKey | CryptoKey
+        // We need to check DPoPKeyPair type definition. 
+        // Wait, DPoPKeyPair definition in dpop.types.ts says: 
+        // publicKey: JsonWebKey; privateKey: JsonWebKey;
+        // I need to change that to support CryptoKey.
+        // Let's re-read dpop.types.ts
+        // I assumed it might be compatible but let's verify.
+        // If I change privateKey to unknown or JsonWebKey | CryptoKey, it will be safer.
+        let privateKey;
+        if (extractable) {
+            privateKey = await this.crypto.subtle.exportKey('jwk', keyPair.privateKey);
+        }
+        else {
+            privateKey = keyPair.privateKey;
+        }
+        return { publicKey, privateKey };
+    }
+    async signProof(payload, keyPair) {
+        // 1. Prepare Header
+        const header = {
+            typ: 'dpop+jwt',
+            alg: 'ES256',
+            jwk: keyPair.publicKey
+        };
+        // 2. Prepare Payload
+        // Ensure jti and iat if not present (though Manager usually provides them)
+        const finalPayload = {
+            ...payload,
+            iat: payload.iat || Math.floor(Date.now() / 1000),
+            jti: payload.jti || this.generateUUID()
+        };
+        // 3. Encode segments
+        const encodedHeader = this.base64UrlEncode(JSON.stringify(header));
+        const encodedPayload = this.base64UrlEncode(JSON.stringify(finalPayload));
+        const signingInput = `${encodedHeader}.${encodedPayload}`;
+        // 4. Import private key for signing
+        let privateKey;
+        // Check if it's already a CryptoKey (non-extractable handle)
+        // We check for 'algorithm' property which signals a CryptoKey object
+        if (keyPair.privateKey.algorithm) {
+            privateKey = keyPair.privateKey;
+        }
+        else {
+            // Otherwise import from JWK
+            privateKey = await this.crypto.subtle.importKey('jwk', keyPair.privateKey, {
+                name: 'ECDSA',
+                namedCurve: 'P-256',
+            }, false, ['sign']);
+        }
+        // 5. Sign
+        const signatureBuffer = await this.crypto.subtle.sign({
+            name: 'ECDSA',
+            hash: { name: 'SHA-256' },
+        }, privateKey, new TextEncoder().encode(signingInput));
+        const encodedSignature = this.base64UrlEncodeBuffer(signatureBuffer);
+        return `${signingInput}.${encodedSignature}`;
+    }
+    async hashAccessToken(accessToken) {
+        const encoder = new TextEncoder();
+        const data = encoder.encode(accessToken);
+        const hashBuffer = await this.crypto.subtle.digest('SHA-256', data);
+        return this.base64UrlEncodeBuffer(hashBuffer);
+    }
+    // --- Helpers ---
+    generateUUID() {
+        if (typeof crypto !== 'undefined' && crypto.randomUUID) {
+            return crypto.randomUUID();
+        }
+        // Fallback for older envs
+        return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, (c) => {
+            const r = (Math.random() * 16) | 0;
+            const v = c === 'x' ? r : (r & 0x3) | 0x8;
+            return v.toString(16);
+        });
+    }
+    base64UrlEncode(str) {
+        // Use TextEncoder to handle UTF-8 properly
+        const encoder = new TextEncoder();
+        return this.base64UrlEncodeBuffer(encoder.encode(str));
+    }
+    base64UrlEncodeBuffer(buffer) {
+        const bytes = new Uint8Array(buffer);
+        let binary = '';
+        const len = bytes.byteLength;
+        // Chunk processing for large buffers if needed, but proofs are small
+        for (let i = 0; i < len; i++) {
+            binary += String.fromCharCode(bytes[i]);
+        }
+        // btoa is widely available in browsers.
+        // In Node (non-globals), we might need Buffer.
+        // For universal 'platform agnostic' aiming at standard web-like envs:
+        let base64 = '';
+        if (typeof btoa === 'function') {
+            base64 = btoa(binary);
+        }
+        else if (typeof Buffer !== 'undefined') {
+            base64 = Buffer.from(binary, 'binary').toString('base64');
+        }
+        else {
+            throw new Error('Base64 encoding not supported in this environment');
+        }
+        return base64
+            .replace(/\+/g, '-')
+            .replace(/\//g, '_')
+            .replace(/=+$/, '');
+    }
+}
+
+const DPOP_STORAGE_KEYS = {
+    PUBLIC: 'pers_dpop_public_key',
+    PRIVATE: 'pers_dpop_private_key'
+};
+class DPoPManager {
+    constructor(storage, cryptoProvider) {
+        this.storage = storage;
+        this.memoryKeyPair = null;
+        this.cryptoProvider = cryptoProvider || new WebDPoPCryptoProvider();
+    }
+    /**
+     * Ensures a DPoP key pair exists, loading from storage or generating new one.
+     */
+    async ensureKeyPair() {
+        if (this.memoryKeyPair)
+            return this.memoryKeyPair;
+        const storedPublic = await this.storage.get(DPOP_STORAGE_KEYS.PUBLIC);
+        const storedPrivate = await this.storage.get(DPOP_STORAGE_KEYS.PRIVATE);
+        if (storedPublic && storedPrivate) {
+            try {
+                // Handle polymorphic storage: String (JSON) or Object (CryptoKey)
+                const publicKey = typeof storedPublic === 'string' ? JSON.parse(storedPublic) : storedPublic;
+                const privateKey = typeof storedPrivate === 'string' ? JSON.parse(storedPrivate) : storedPrivate;
+                this.memoryKeyPair = { publicKey, privateKey };
+                return this.memoryKeyPair;
+            }
+            catch (e) {
+                console.warn('Corrupted DPoP keys in storage, regenerating.');
+            }
+        }
+        // Generate new key pair
+        // Adaptation: If storage supports raw objects (like IndexedDB or Native Keychain),
+        // we can generate Non-Extractable keys for maximum security.
+        // If storage is text-only (LocalStorage), we must use Extractable keys to serialize them.
+        const useHighSecurity = !!this.storage.supportsObjects;
+        const keyPair = await this.cryptoProvider.generateKeyPair({
+            extractable: !useHighSecurity
+        });
+        // Save to storage
+        await this.storage.set(DPOP_STORAGE_KEYS.PUBLIC, keyPair.publicKey);
+        await this.storage.set(DPOP_STORAGE_KEYS.PRIVATE, keyPair.privateKey);
+        this.memoryKeyPair = keyPair;
+        return keyPair;
+    }
+    /**
+     * Generates the DPoP proof header value.
+     * @param method HTTP method
+     * @param url Request URL
+     * @param accessToken Optional access token to bind the proof to (ath claim)
+     */
+    async generateProofHeader(method, url, accessToken) {
+        const keyPair = await this.ensureKeyPair();
+        const payload = {
+            htm: method,
+            htu: url,
+        };
+        if (accessToken) {
+            payload.ath = await this.cryptoProvider.hashAccessToken(accessToken);
+        }
+        return this.cryptoProvider.signProof(payload, keyPair);
+    }
+    /**
+     * Clears DPoP keys (e.g. on logout)
+     */
+    async clearKeys() {
+        this.memoryKeyPair = null;
+        await this.storage.remove(DPOP_STORAGE_KEYS.PUBLIC);
+        await this.storage.remove(DPOP_STORAGE_KEYS.PRIVATE);
+    }
+    /**
+     * Gets the public key (for debugging/inspection)
+     */
+    async getPublicKey() {
+        try {
+            const kp = await this.ensureKeyPair();
+            return kp.publicKey;
+        }
+        catch {
+            return null;
+        }
+    }
+}
+
 /**
  * Default Authentication Provider
  * Simple implementation of PERS authentication with token lifecycle management
@@ -26280,6 +26550,9 @@ class DefaultAuthProvider {
         this.authType = config.authType || 'user';
         const storage = config.storage || this.createStorage();
         this.tokenManager = new AuthTokenManager(storage);
+        if (config.dpop?.enabled) {
+            this.dpopManager = new DPoPManager(storage, config.dpop.cryptoProvider);
+        }
     }
     createStorage() {
         return typeof window === 'undefined' || typeof localStorage === 'undefined'
@@ -26289,6 +26562,26 @@ class DefaultAuthProvider {
     getToken() {
         return this.tokenManager.getAccessToken();
     }
+    async getAuthHeaders(token, method, url) {
+        const headers = {};
+        if (this.dpopManager && method && url) {
+            // Generate DPoP Proof
+            // Note: For 'bypassAuth' requests (token is null), we still generate proof (bound to public key, no ath)
+            // This covers Token Requests (Login) which need DPoP header to bind the issued token.
+            const proof = await this.dpopManager.generateProofHeader(method, url, token || undefined);
+            headers['DPoP'] = proof;
+            if (token) {
+                headers['Authorization'] = `DPoP ${token}`;
+            }
+        }
+        else {
+            // Standard Bearer
+            if (token) {
+                headers['Authorization'] = `Bearer ${token}`;
+            }
+        }
+        return headers;
+    }
     async getProjectKey() {
         return this.config.projectKey || null;
     }
@@ -26323,6 +26616,9 @@ class DefaultAuthProvider {
     }
     async clearTokens() {
         await this.tokenManager.clearAllTokens();
+        if (this.dpopManager) {
+            await this.dpopManager.clearKeys();
+        }
     }
     async setTokens(accessToken, refreshToken, providerToken) {
         await this.tokenManager.setTokens(accessToken, refreshToken, providerToken);
@@ -26371,7 +26667,11 @@ class PersApiClient {
             this.mergedConfig.authProvider = new DefaultAuthProvider({
                 authType: this.mergedConfig.authType || 'user',
                 projectKey: this.mergedConfig.apiProjectKey,
-                storage: this.mergedConfig.authStorage // Support custom storage
+                storage: this.mergedConfig.authStorage, // Support custom storage
+                dpop: {
+                    enabled: this.mergedConfig.dpop?.enabled ?? true, // Enable DPoP by default
+                    cryptoProvider: this.mergedConfig.dpop?.cryptoProvider
+                }
             });
         }
         this.authService = new AuthService(this.authApi, this.mergedConfig.authProvider);
@@ -26434,7 +26734,7 @@ class PersApiClient {
             });
         }
         const requestOptions = {
-            headers: await this.getHeaders(!bypassAuth),
+            headers: await this.getHeaders(!bypassAuth, method, url),
             timeout: this.mergedConfig.timeout,
             responseType
         };
@@ -26529,26 +26829,45 @@ class PersApiClient {
      * Get request headers with optional auth token and project key
      *
      * @param includeAuth - Whether to include the Authorization header (default: true)
+     * @param method - HTTP Method (required for DPoP)
+     * @param url - Full Request URL (required for DPoP)
      */
-    async getHeaders(includeAuth = true) {
+    async getHeaders(includeAuth = true, method, url) {
         const headers = {
             'Content-Type': 'application/json',
         };
-        if (includeAuth) {
-            // Add authentication token
-            if (this.mergedConfig.authProvider) {
-                const token = await this.mergedConfig.authProvider.getToken();
-                if (token) {
-                    headers['Authorization'] = `Bearer ${token}`;
+        if (this.mergedConfig.authProvider) {
+            let token = null;
+            if (includeAuth) {
+                token = await this.mergedConfig.authProvider.getToken();
+            }
+            // Handle Authentication Headers (Bearer or DPoP)
+            if (this.mergedConfig.authProvider.getAuthHeaders) {
+                // Provider supports advanced headers (DPoP)
+                // We pass token (null if includeAuth=false) so it can generate DPoP proofs for login requests too
+                try {
+                    const authHeaders = await this.mergedConfig.authProvider.getAuthHeaders(token, method, url);
+                    Object.assign(headers, authHeaders);
                 }
-                else {
-                    console.warn('[PersApiClient] No token available from auth provider');
+                catch (e) {
+                    console.warn('[PersApiClient] Failed to generate auth headers:', e);
+                    // Fallback if token exists but DPoP generation failed? 
+                    // Better to fail or let standardized fallback below handle it?
+                    // If DPoP fails, falling back to Bearer might be insecure if server enforces DPoP. 
+                    // For now, valid token -> Bearer fallback logic mostly for non-DPoP legacy providers.
                 }
             }
-            else {
-                console.warn('[PersApiClient] No auth provider configured');
+            // Fallback: If provider didn't give headers but we have token and NO Authorization header yet
+            if (includeAuth && token && !headers['Authorization']) {
+                headers['Authorization'] = `Bearer ${token}`;
+            }
+            else if (includeAuth && !token) {
+                console.warn('[PersApiClient] No token available from auth provider');
             }
         }
+        else if (includeAuth) {
+            console.warn('[PersApiClient] No auth provider configured');
+        }
         // Add project key
         if (this.mergedConfig.authProvider) {
             const projectKey = await this.mergedConfig.authProvider.getProjectKey();
@@ -29567,6 +29886,75 @@ class TransactionManager {
     async exportTransactionsCSV() {
         return this.transactionService.exportTransactionsCSV();
     }
+    /**
+     * Prepare existing transaction for client-side signing
+     *
+     * Retrieves the necessary data to sign an existing transaction on the client side.
+     * This is typically used when a transaction has been created but requires user signature.
+     *
+     * @param transactionId - The ID of the transaction to prepare
+     * @returns Promise resolving to the transaction preparation data
+     */
+    async prepareExistingTransaction(transactionId) {
+        return this.transactionService.prepareExistingTransaction(transactionId);
+    }
+    /**
+     * Prepare a new transaction for client-side signing
+     *
+     * Creates a new transaction and immediately returns the data needed for client-side signing.
+     * This combines creation and preparation into a single flow for client-signed operations.
+     *
+     * @param request - The transaction request details
+     * @returns Promise resolving to the transaction preparation data
+     */
+    async prepareClientSignedTransaction(request) {
+        return this.transactionService.prepareClientSignedTransaction(request);
+    }
+    /**
+     * Submit a signed transaction
+     *
+     * Submits a transaction that has been signed on the client side to the backend for processing.
+     *
+     * @param signedTxData - The signed transaction data
+     * @returns Promise resolving to the submission result
+     */
+    async submitSignedTransaction(signedTxData) {
+        return this.transactionService.submitSignedTransaction(signedTxData);
+    }
+    /**
+     * Query transactions by sender
+     *
+     * Retrieves transactions where the specified account is the sender.
+     *
+     * @param accountSelector - Selector for the sender account
+     * @returns Promise resolving to paginated transactions
+     */
+    async queryTransactionsBySender(accountSelector) {
+        return this.transactionService.queryTransactionsBySender(accountSelector);
+    }
+    /**
+     * Query transactions by recipient
+     *
+     * Retrieves transactions where the specified account is the recipient.
+     *
+     * @param accountSelector - Selector for the recipient account
+     * @returns Promise resolving to paginated transactions
+     */
+    async queryTransactionsByRecipient(accountSelector) {
+        return this.transactionService.queryTransactionsByRecipient(accountSelector);
+    }
+    /**
+     * Get transaction analytics
+     *
+     * Retrieves analytics data for transactions based on the provided request criteria.
+     * Useful for generating reports and dashboards.
+     *
+     * @param analyticsRequest - The analytics query parameters
+     * @returns Promise resolving to the analytics data
+     */
+    async getTransactionAnalytics(analyticsRequest) {
+        return this.transactionService.getTransactionAnalytics(analyticsRequest);
+    }
     /**
      * Get the full transaction service for advanced operations
      *
@@ -31677,6 +32065,143 @@ class PersSDK {
     }
 }
 
+/**
+ * Secure Storage implementation for React Native
+ * Uses Keychain/Keystore for sensitive data and AsyncStorage for non-sensitive data.
+ */
+class ReactNativeSecureStorage {
+    constructor(keyPrefix = 'pers_tokens_') {
+        this.keyPrefix = keyPrefix;
+        // Set to false because Keychain stores strings, so we need extractable (serializable) keys
+        this.supportsObjects = false;
+        // Define which keys MUST go to secure hardware storage
+        this.SECURE_KEYS = new Set([
+            DPOP_STORAGE_KEYS.PRIVATE,
+            AUTH_STORAGE_KEYS.ACCESS_TOKEN,
+            AUTH_STORAGE_KEYS.REFRESH_TOKEN,
+            AUTH_STORAGE_KEYS.PROVIDER_TOKEN
+        ]);
+    }
+    async set(key, value) {
+        const prefixedKey = this.getKeyName(key);
+        const stringValue = typeof value === 'string' ? value : JSON.stringify(value);
+        // Cast key to any to bypass strict literal type checking of the Set.has method
+        // In runtime, 'key' is just a string, so this is safe.
+        if (this.SECURE_KEYS.has(key)) {
+            // Store in Keychain/Keystore
+            // Service name acts as the key identifier in simple usage
+            await Keychain__namespace.setGenericPassword(prefixedKey, stringValue, { service: prefixedKey });
+        }
+        else {
+            // Store standard config/metadata in AsyncStorage
+            await AsyncStorage.setItem(prefixedKey, stringValue);
+        }
+    }
+    async get(key) {
+        const prefixedKey = this.getKeyName(key);
+        if (this.SECURE_KEYS.has(key)) {
+            try {
+                const credentials = await Keychain__namespace.getGenericPassword({ service: prefixedKey });
+                if (credentials) {
+                    return this.tryParse(credentials.password);
+                }
+                return null;
+            }
+            catch (e) {
+                console.warn(`[ReactNativeSecureStorage] Failed to access keychain for ${key}`, e);
+                return null; // Key not found or access denied
+            }
+        }
+        else {
+            try {
+                const val = await AsyncStorage.getItem(prefixedKey);
+                return val ? this.tryParse(val) : null;
+            }
+            catch (e) {
+                console.warn(`[ReactNativeSecureStorage] Failed to access AsyncStorage for ${key}`, e);
+                return null;
+            }
+        }
+    }
+    async remove(key) {
+        const prefixedKey = this.getKeyName(key);
+        if (this.SECURE_KEYS.has(key)) {
+            await Keychain__namespace.resetGenericPassword({ service: prefixedKey });
+        }
+        else {
+            await AsyncStorage.removeItem(prefixedKey);
+        }
+    }
+    async clear() {
+        // Clear all known secure keys
+        for (const key of this.SECURE_KEYS) {
+            await Keychain__namespace.resetGenericPassword({ service: this.getKeyName(key) });
+        }
+        // Clear AsyncStorage keys related to PERS
+        try {
+            const allKeys = await AsyncStorage.getAllKeys();
+            const ourKeys = allKeys.filter(k => k.startsWith(this.keyPrefix));
+            if (ourKeys.length > 0) {
+                await AsyncStorage.multiRemove(ourKeys);
+            }
+        }
+        catch (e) {
+            console.warn('[ReactNativeSecureStorage] Failed to clear AsyncStorage', e);
+        }
+    }
+    getKeyName(key) {
+        // For Keychain, we might want to avoid prefixes if we want to share across apps, 
+        // but for simple isolation, prefix is fine to avoid collisions if multiple instances exist.
+        // However, Keychain services are global to the app bundle ID usually.
+        return `${this.keyPrefix}${key}`;
+    }
+    tryParse(val) {
+        try {
+            return JSON.parse(val);
+        }
+        catch {
+            return val;
+        }
+    }
+}
+
+/**
+ * React Native Unified Auth Provider
+ *
+ * Creates a platform-specific auth provider that automatically selects the appropriate storage:
+ * - Web: Uses LocalStorageTokenStorage from core SDK
+ * - Mobile: Uses AsyncStorage-based storage
+ */
+// Use React Native's built-in platform detection
+const isWebPlatform = reactNative.Platform.OS === 'web';
+/**
+ * Create a React Native auth provider with platform-appropriate storage
+ *
+ * Automatically selects storage implementation:
+ * - Web: Uses LocalStorageTokenStorage (from core SDK)
+ * - Mobile: Uses AsyncStorageTokenStorage (React Native specific)
+ *
+ * @param projectKey - PERS project key
+ * @param config - Configuration options
+ * @returns DefaultAuthProvider configured for the current platform
+ */
+function createReactNativeAuthProvider(projectKey, config = {}) {
+    if (!projectKey || typeof projectKey !== 'string') {
+        throw new Error('createReactNativeAuthProvider: projectKey is required and must be a string');
+    }
+    const { keyPrefix = `pers_${projectKey.slice(0, 8)}_`, debug = false, customStorage, authType = 'user' } = config;
+    // Platform-specific storage selection
+    const tokenStorage = customStorage || (isWebPlatform
+        ? new LocalStorageTokenStorage()
+        : new ReactNativeSecureStorage(keyPrefix));
+    // Return DefaultAuthProvider configured with platform-appropriate storage
+    return new DefaultAuthProvider({
+        authType,
+        projectKey,
+        storage: tokenStorage
+    });
+}
+
 /**
  * AsyncStorage Token Storage for React Native Mobile Platforms
  *
@@ -31790,41 +32315,79 @@ class AsyncStorageTokenStorage {
     }
 }
 
-/**
- * React Native Unified Auth Provider
- *
- * Creates a platform-specific auth provider that automatically selects the appropriate storage:
- * - Web: Uses LocalStorageTokenStorage from core SDK
- * - Mobile: Uses AsyncStorage-based storage
- */
-// Use React Native's built-in platform detection
-const isWebPlatform = reactNative.Platform.OS === 'web';
-/**
- * Create a React Native auth provider with platform-appropriate storage
- *
- * Automatically selects storage implementation:
- * - Web: Uses LocalStorageTokenStorage (from core SDK)
- * - Mobile: Uses AsyncStorageTokenStorage (React Native specific)
- *
- * @param projectKey - PERS project key
- * @param config - Configuration options
- * @returns DefaultAuthProvider configured for the current platform
- */
-function createReactNativeAuthProvider(projectKey, config = {}) {
-    if (!projectKey || typeof projectKey !== 'string') {
-        throw new Error('createReactNativeAuthProvider: projectKey is required and must be a string');
+class ReactNativeDPoPProvider {
+    /**
+     * Generates a new key pair (ES256 recommended)
+     *
+     * Note: options.extractable is ignored because for React Native Keychain storage,
+     * we MUST export the keys as JWK/strings. We rely on the Keychain encryption
+     * for security at rest (High Security), making the key "Extractable" in memory
+     * but protected by hardware encryption when stored.
+     */
+    async generateKeyPair(options) {
+        // Generate P-256 Key Pair
+        return new Promise((resolve, reject) => {
+            crypto$1.generateKeyPair('ec', { namedCurve: 'P-256' }, (err, publicKey, privateKey) => {
+                if (err)
+                    return reject(err);
+                // Export to JWK for SDK Compatibility
+                // We use 'export' because supportsObjects=false in our storage forces the SDK
+                // to expect serializable keys.
+                const pubJwk = publicKey.export({ format: 'jwk' });
+                const privJwk = privateKey.export({ format: 'jwk' });
+                resolve({
+                    publicKey: pubJwk,
+                    privateKey: privJwk
+                });
+            });
+        });
+    }
+    async signProof(payload, keyPair) {
+        // 1. Construct Header
+        const header = {
+            typ: 'dpop+jwt',
+            alg: 'ES256',
+            jwk: keyPair.publicKey
+        };
+        // 2. Add Claims (iat/jti)
+        const finalPayload = {
+            ...payload,
+            iat: payload.iat || Math.floor(Date.now() / 1000),
+            jti: payload.jti || crypto$1.randomUUID()
+        };
+        // 3. Encode
+        const b64Header = this.base64Url(JSON.stringify(header));
+        const b64Payload = this.base64Url(JSON.stringify(finalPayload));
+        const signingInput = `${b64Header}.${b64Payload}`;
+        // 4. Sign
+        const sign = crypto$1.createSign('SHA256');
+        sign.update(signingInput);
+        // sign.end() is not required/available in quick-crypto as it doesn't strictly follow stream interface
+        // Import private key back from JWK to sign
+        // The keyPair.privateKey is a JsonWebKey object because we exported it earlier.
+        // quick-crypto createPrivateKey expects jwk object if format is jwk
+        const privateKeyObj = crypto$1.createPrivateKey({ key: keyPair.privateKey, format: 'jwk' });
+        const signature = sign.sign(privateKeyObj);
+        // signature is a Buffer in quick-crypto
+        return `${signingInput}.${this.base64UrlBuffer(signature)}`;
+    }
+    async hashAccessToken(accessToken) {
+        const hash = crypto$1.createHash('sha256').update(accessToken).digest();
+        // digest returns Buffer in quick-crypto
+        return this.base64UrlBuffer(hash);
+    }
+    // --- Helpers ---
+    base64Url(str) {
+        return this.base64UrlBuffer(buffer.Buffer.from(str));
+    }
+    base64UrlBuffer(buf) {
+        // Ensure we have a Buffer
+        const buffer$1 = buffer.Buffer.isBuffer(buf) ? buf : buffer.Buffer.from(buf);
+        return buffer$1.toString('base64')
+            .replace(/=/g, '')
+            .replace(/\+/g, '-')
+            .replace(/\//g, '_');
     }
-    const { keyPrefix = `pers_${projectKey.slice(0, 8)}_`, debug = false, customStorage, authType = 'user' } = config;
-    // Platform-specific storage selection
-    const tokenStorage = customStorage || (isWebPlatform
-        ? new LocalStorageTokenStorage()
-        : new AsyncStorageTokenStorage(keyPrefix));
-    // Return DefaultAuthProvider configured with platform-appropriate storage
-    return new DefaultAuthProvider({
-        authType,
-        projectKey,
-        storage: tokenStorage
-    });
 }
 
 /**
@@ -31958,6 +32521,15 @@ const PersSDKProvider = ({ children }) => {
                 ...config,
                 authProvider
             };
+            // Inject Native DPoP Provider (crypto-based) for mobile platforms
+            // Web platforms use built-in WebCrypto provider by default
+            if (reactNative.Platform.OS !== 'web' && (!config.dpop?.cryptoProvider)) {
+                sdkConfig.dpop = {
+                    ...(config.dpop || {}),
+                    enabled: config.dpop?.enabled ?? true,
+                    cryptoProvider: new ReactNativeDPoPProvider()
+                };
+            }
             // Initialize PersSDK with platform-aware auth provider
             const sdkInstance = new PersSDK(httpClient, sdkConfig);
             setAuthProvider(authProvider);
@@ -34419,7 +34991,9 @@ exports.ANALYTICS_METRIC_TYPES = ANALYTICS_METRIC_TYPES;
 exports.AsyncStorageTokenStorage = AsyncStorageTokenStorage;
 exports.NativeTokenTypes = NativeTokenTypes;
 exports.PersSDKProvider = PersSDKProvider;
+exports.ReactNativeDPoPProvider = ReactNativeDPoPProvider;
 exports.ReactNativeHttpClient = ReactNativeHttpClient;
+exports.ReactNativeSecureStorage = ReactNativeSecureStorage;
 exports.TRANSACTION_FORMATS = TRANSACTION_FORMATS;
 exports.TRANSACTION_FORMAT_DESCRIPTIONS = TRANSACTION_FORMAT_DESCRIPTIONS;
 exports.apiPublicKeyTestPrefix = apiPublicKeyTestPrefix;