npm - @explorins/pers-sdk-react-native - Versions diffs - 1.5.26 → 1.5.28 - Mend

@explorins/pers-sdk-react-native 1.5.26 → 1.5.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (27) hide show

package/README.md +84 -73
package/dist/hooks/useAnalytics.d.ts +1 -65
package/dist/hooks/useAnalytics.d.ts.map +1 -1
package/dist/hooks/useTransactions.d.ts +2 -3
package/dist/hooks/useTransactions.d.ts.map +1 -1
package/dist/index.d.ts +18 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +741 -161
package/dist/index.js.map +1 -1
package/dist/providers/PersSDKProvider.d.ts.map +1 -1
package/dist/providers/PersSDKProvider.js +11 -0
package/dist/providers/react-native-auth-provider.d.ts.map +1 -1
package/dist/providers/react-native-auth-provider.js +2 -2
package/dist/providers/rn-dpop-provider.d.ts +19 -0
package/dist/providers/rn-dpop-provider.d.ts.map +1 -0
package/dist/providers/rn-dpop-provider.js +93 -0
package/dist/storage/rn-secure-storage.d.ts +18 -0
package/dist/storage/rn-secure-storage.d.ts.map +1 -0
package/dist/storage/rn-secure-storage.js +112 -0
package/package.json +6 -5
package/src/hooks/useAnalytics.ts +4 -76
package/src/hooks/useTransactions.ts +3 -3
package/src/index.ts +24 -0
package/src/providers/PersSDKProvider.tsx +13 -1
package/src/providers/react-native-auth-provider.ts +2 -1
package/src/providers/rn-dpop-provider.ts +104 -0
package/src/storage/rn-secure-storage.ts +120 -0

package/dist/index.js CHANGED Viewed

@@ -2631,6 +2631,7 @@ exports.ApiKeyType = void 0;
     ApiKeyType["USER_JWT_REFRESH_TOKEN"] = "USER_JWT_REFRESH_TOKEN";
     ApiKeyType["BLOCKCHAIN_WRITER_JWT"] = "BLOCKCHAIN_WRITER_JWT";
     ApiKeyType["BLOCKCHAIN_READER_JWT"] = "BLOCKCHAIN_READER_JWT";
+    ApiKeyType["TRANSACTION_JWT_ACCESS_TOKEN"] = "TRANSACTION_JWT_ACCESS_TOKEN";
     // TODO: this needs to be removed. However, there is still dependency
     ApiKeyType["TENANT_LEGACY_ADMIN"] = "TENANT_ADMIN_JWT";
     // TENANT_SYSTEM_API_SECRET    = 'TENANT_SYSTEM_API_SECRET',
@@ -2656,23 +2657,6 @@ exports.Web3ContractTypes = void 0;
     Web3ContractTypes["TOKEN_CONTRACT"] = "TOKEN_CONTRACT";
 })(exports.Web3ContractTypes || (exports.Web3ContractTypes = {}));
-exports.CampaignConditionType = void 0;
-(function (CampaignConditionType) {
-    CampaignConditionType["EQUALS"] = "EQUALS";
-    CampaignConditionType["NOT_EQUALS"] = "NOT_EQUALS";
-    CampaignConditionType["GREATER_THAN"] = "GREATER_THAN";
-    CampaignConditionType["LESS_THAN"] = "LESS_THAN";
-    CampaignConditionType["CONTAINS"] = "CONTAINS";
-    CampaignConditionType["IS_PART_OF"] = "IS_PART_OF";
-})(exports.CampaignConditionType || (exports.CampaignConditionType = {}));
-exports.CampaignTriggerType = void 0;
-(function (CampaignTriggerType) {
-    CampaignTriggerType["CLAIM_BY_USER"] = "CLAIM_BY_USER";
-    CampaignTriggerType["CLAIM_BY_SYSTEM"] = "CLAIM_BY_SYSTEM";
-    CampaignTriggerType["CLAIM_BY_BUSINESS"] = "CLAIM_BY_BUSINESS";
-})(exports.CampaignTriggerType || (exports.CampaignTriggerType = {}));
 /**
  * Entity ownership types - defines what types of entities can own resources
  *
@@ -2817,6 +2801,45 @@ exports.RedemptionRedeemStatus = void 0;
     RedemptionRedeemStatus["FAILED"] = "FAILED"; // Processing failed
 })(exports.RedemptionRedeemStatus || (exports.RedemptionRedeemStatus = {}));
+/**
+ * Trigger Source Types
+ * Defines the different types of triggers that can activate a campaign flow
+ */
+exports.TriggerSourceType = void 0;
+(function (TriggerSourceType) {
+    TriggerSourceType["QR_CODE"] = "QR_CODE";
+    // NFC_TAG = 'NFC_TAG',
+    TriggerSourceType["API_WEBHOOK"] = "API_WEBHOOK";
+    // TRANSACTION = 'TRANSACTION',
+})(exports.TriggerSourceType || (exports.TriggerSourceType = {}));
+/**
+ * Source Logic Types
+ * Defines how multiple trigger sources combine to activate a flow
+ * Currently only ANY (OR logic) is implemented
+ */
+exports.SourceLogicType = void 0;
+(function (SourceLogicType) {
+    SourceLogicType["ANY"] = "any";
+    // Future: ALL = 'all', SEQUENCE = 'sequence', WEIGHTED = 'weighted'
+})(exports.SourceLogicType || (exports.SourceLogicType = {}));
+exports.CampaignConditionType = void 0;
+(function (CampaignConditionType) {
+    CampaignConditionType["EQUALS"] = "EQUALS";
+    CampaignConditionType["NOT_EQUALS"] = "NOT_EQUALS";
+    CampaignConditionType["GREATER_THAN"] = "GREATER_THAN";
+    CampaignConditionType["LESS_THAN"] = "LESS_THAN";
+    CampaignConditionType["CONTAINS"] = "CONTAINS";
+    CampaignConditionType["IS_PART_OF"] = "IS_PART_OF";
+})(exports.CampaignConditionType || (exports.CampaignConditionType = {}));
+exports.CampaignTriggerType = void 0;
+(function (CampaignTriggerType) {
+    CampaignTriggerType["CLAIM_BY_USER"] = "CLAIM_BY_USER";
+    CampaignTriggerType["CLAIM_BY_SYSTEM"] = "CLAIM_BY_SYSTEM";
+    CampaignTriggerType["CLAIM_BY_BUSINESS"] = "CLAIM_BY_BUSINESS";
+})(exports.CampaignTriggerType || (exports.CampaignTriggerType = {}));
 const apiPublicKeyTestPrefix = 'pk_test_';
 const testnetPrefix = 'testnet-';
 const testnetShortPrefix = 'tn-';
@@ -2937,8 +2960,6 @@ const NativeTokenTypes = {
     ERC721: 'ERC721'
 };
-/* // ✅ EXPRESSION ALIASES: Results from CASE WHEN expressions and other computed fields
-& { [key: string]: string | number | Date | undefined }; */
 const ANALYTICS_METRIC_TYPES = ['count', 'sum', 'avg', 'min', 'max'];
 const ANALYTICS_GROUP_BY_TYPES = ['month', 'week', 'day', 'year', 'quarter'];
@@ -23836,12 +23857,12 @@ class CampaignApi {
                 params.push(`tag=${encodeURIComponent(options.tag)}`);
             if (options.limit)
                 params.push(`limit=${options.limit}`);
-            if (options.offset)
-                params.push(`offset=${options.offset}`);
-            if (options.sort)
-                params.push(`sort=${options.sort}`);
-            if (options.order)
-                params.push(`order=${options.order}`);
+            if (options.page)
+                params.push(`page=${options.page}`);
+            if (options.sortBy)
+                params.push(`sortBy=${options.sortBy}`);
+            if (options.sortOrder)
+                params.push(`sortOrder=${options.sortOrder}`);
         }
         if (params.length > 0) {
             url += `?${params.join('&')}`;
@@ -23950,10 +23971,25 @@ class CampaignApi {
     // ==========================================
     /**
      * PUBLIC: Get campaign triggers catalog
-     * NEW: GET /campaign-triggers
+     * NEW: GET /trigger-sources
      */
-    async getCampaignTriggers() {
-        return this.apiClient.get(`/campaign-triggers`);
+    async getCampaignTriggers(options) {
+        let url = '/trigger-sources';
+        const params = [];
+        if (options) {
+            if (options.limit)
+                params.push(`limit=${options.limit}`);
+            if (options.page)
+                params.push(`page=${options.page}`);
+            if (options.sortBy)
+                params.push(`sortBy=${options.sortBy}`);
+            if (options.sortOrder)
+                params.push(`sortOrder=${options.sortOrder}`);
+        }
+        if (params.length > 0) {
+            url += `?${params.join('&')}`;
+        }
+        return this.apiClient.get(url);
     }
     /**
      * ADMIN: Create campaign trigger
@@ -23983,26 +24019,12 @@ class CampaignApi {
     async setCampaignTrigger(campaignId, triggerId) {
         return this.apiClient.put(`/campaign-triggers/${triggerId}/assign/${campaignId}`, {});
     }
-    /**
-     * ADMIN: Create trigger condition
-     * NEW: POST /campaign-triggers/conditions
-     */
-    async createTriggerCondition(condition) {
-        return this.apiClient.post('/campaign-triggers/conditions', condition);
-    }
-    /**
-     * ADMIN: Update trigger condition
-     * NEW: PUT /campaign-triggers/conditions/{id}
-     */
-    async updateTriggerCondition(conditionId, condition) {
-        return this.apiClient.put(`/campaign-triggers/conditions/${conditionId}`, condition);
-    }
     /**
      * ADMIN: Add/Remove condition to trigger
      * NEW: PUT /campaign-triggers/{triggerId}/conditions/{conditionId}
      */
-    async addOrRemoveConditionToTrigger(triggerId, conditionId) {
-        return this.apiClient.put(`/campaign-triggers/${triggerId}/conditions/${conditionId}`, {});
+    async addOrRemoveConditionToTrigger(triggerId, condition) {
+        return this.apiClient.put(`/campaign-triggers/${triggerId}/conditions`, condition);
     }
     // ==========================================
     // BUSINESS ENGAGEMENTS (/campaign-engagements)
@@ -24589,26 +24611,11 @@ class TransactionApi {
     /**
      * AUTH: Submit client-side signed transaction
      *
-     * NEW ENDPOINT: POST /transactions/{id}/submit
+     * NEW ENDPOINT: POST /transactions/submit
      */
     async submitSignedTransaction(signedTxData) {
         return this.apiClient.post(`${this.basePath}/submit`, signedTxData);
     }
-    /**
-     * AUTH: Burn user tokens
-     *
-     * UPDATED: Uses new user transaction endpoint with burn-specific parameters
-     * Note: This might need backend confirmation on burn functionality implementation
-     */
-    /* async burnUserTokens(request: UserBurnTokenRequestDTO): Promise<TransactionRequestResponseDTO> {
-      // Map burn request to TransactionRequestDTO format for new endpoint
-      const transactionRequest: TransactionRequestDTO = {
-        ...request,
-        // Add any specific burn transaction parameters here
-      } as any;
-      return this.apiClient.post<TransactionRequestResponseDTO>(`${this.basePath}`, transactionRequest);
-    } */
     // ==========================================
     // BUSINESS OPERATIONS
     // ==========================================
@@ -24633,9 +24640,9 @@ class TransactionApi {
       return this.apiClient.post<TransactionDTO>(`${this.basePath}/system`, request);
     } */
     /**
-     * AUTH: Prepare client signed transaction
+     * AUTH: Prepare client signed transaction (Create new transaction for signing)
      *
-     * UPDATED: /transaction/auth/prepare-signing → /transactions/prepare
+     * UPDATED: /transaction/auth/prepare-signing → /transactions (POST)
      */
     async prepareClientSignedTransaction(request) {
         return this.apiClient.post(`${this.basePath}`, request);
@@ -24659,45 +24666,7 @@ class TransactionApi {
      * UPDATED: /transaction/admin → /transactions (same endpoint, better structure)
      */
     async getPaginatedTransactions(params) {
-        // Build query parameters
-        const queryParams = {
-            page: params.page.toString(),
-            limit: params.limit.toString()
-        };
-        // Add sorting parameters if provided
-        if (params.sortBy) {
-            queryParams['sortBy'] = params.sortBy;
-        }
-        if (params.sortOrder) {
-            queryParams['sortOrder'] = params.sortOrder;
-        }
-        // Add user-specific filtering if provided
-        if (params.participantId) {
-            queryParams['participantId'] = params.participantId;
-        }
-        // Add status filtering if provided
-        if (params.status) {
-            queryParams['status'] = params.status;
-        }
-        // Add additional filters if provided
-        if (params.filters) {
-            if (params.filters.startDate) {
-                queryParams['startDate'] = params.filters.startDate;
-            }
-            if (params.filters.endDate) {
-                queryParams['endDate'] = params.filters.endDate;
-            }
-            if (params.filters.type && params.filters.type.length > 0) {
-                queryParams['type'] = params.filters.type.join(',');
-            }
-            if (params.filters.tokenType && params.filters.tokenType.length > 0) {
-                queryParams['tokenType'] = params.filters.tokenType.join(',');
-            }
-        }
-        // Build query string
-        const queryString = Object.entries(queryParams)
-            .map(([key, value]) => `${key}=${encodeURIComponent(value)}`)
-            .join('&');
+        const queryString = this.buildQueryParams(params).toString();
         return this.apiClient.get(`${this.basePath}?${queryString}`);
     }
     /**
@@ -24750,6 +24719,43 @@ class TransactionApi {
     async getTransactionAnalytics(analyticsRequest) {
         return this.apiClient.post(`${this.basePath}/analytics`, analyticsRequest);
     }
+    /**
+     * Helper to convert DTO object to URLSearchParams
+     * Handles nested 'filters' object and arrays correctly.
+     */
+    buildQueryParams(params) {
+        const query = new URLSearchParams();
+        // 1. Handle Root Pagination Fields
+        if (params.page !== undefined)
+            query.append('page', params.page.toString());
+        if (params.limit !== undefined)
+            query.append('limit', params.limit.toString());
+        if (params.sortBy)
+            query.append('sortBy', params.sortBy);
+        if (params.sortOrder)
+            query.append('sortOrder', params.sortOrder);
+        // 2. Handle Nested Filters
+        if (params.filters) {
+            Object.entries(params.filters).forEach(([key, value]) => {
+                // Skip undefined/null values
+                if (value === undefined || value === null || value === '')
+                    return;
+                if (Array.isArray(value)) {
+                    // Handle Arrays: NestJS expects 'status=A&status=B'
+                    value.forEach((item) => query.append(key, String(item)));
+                }
+                else {
+                    // Handle Single Values: 'search=0x123'
+                    // NOTE: Backend Controller expects flat query params for filters
+                    // e.g. ?search=...&status=... NOT ?filters[search]=...
+                    // This mapping flattens 'filters.search' -> 'search' to match @Query('search') in Controller
+                    const stringValue = (value instanceof Date) ? value.toISOString() : String(value);
+                    query.append(key, stringValue);
+                }
+            });
+        }
+        return query;
+    }
 }
 /**
@@ -24792,17 +24798,17 @@ class TransactionService {
         return this.transactionApi.getUserTransactionHistory(role, limit);
     }
     /**
-     * AUTH: Prepare client signed transaction
+     * AUTH: Prepare existing transaction for client-side signing
      */
-    /* async prepareClientSignedTransaction(request: TransactionRequestDTO): Promise<TransactionRequestResponseDTO> {
-      return this.transactionApi.prepareClientSignedTransaction(request);
-    } */
+    async prepareExistingTransaction(transactionId) {
+        return this.transactionApi.prepareExistingTransaction(transactionId);
+    }
     /**
-     * AUTH: Burn user tokens
+     * AUTH: Prepare client signed transaction
      */
-    /* async burnUserTokens(request: UserBurnTokenRequestDTO): Promise<TransactionRequestResponseDTO> {
-      return this.transactionApi.burnUserTokens(request);
-    } */
+    async prepareClientSignedTransaction(request) {
+        return this.transactionApi.prepareClientSignedTransaction(request);
+    }
     // ==========================================
     // BUSINESS OPERATIONS
     // ==========================================
@@ -24839,6 +24845,27 @@ class TransactionService {
     async exportTransactionsCSV() {
         return this.transactionApi.exportTransactionsCSV();
     }
+    // ==========================================
+    // QUERY & ANALYTICS OPERATIONS
+    // ==========================================
+    /**
+     * Query transactions by sender
+     */
+    async queryTransactionsBySender(accountSelector) {
+        return this.transactionApi.queryTransactionsBySender(accountSelector);
+    }
+    /**
+     * Query transactions by recipient
+     */
+    async queryTransactionsByRecipient(accountSelector) {
+        return this.transactionApi.queryTransactionsByRecipient(accountSelector);
+    }
+    /**
+     * ADMIN: Get transaction analytics
+     */
+    async getTransactionAnalytics(analyticsRequest) {
+        return this.transactionApi.getTransactionAnalytics(analyticsRequest);
+    }
 }
 /**
@@ -26172,14 +26199,19 @@ const AUTH_STORAGE_KEYS = {
 };
 /**
  * LocalStorage implementation
+ * Note: Forces string conversion for compatibility
  */
 class LocalStorageTokenStorage {
+    constructor() {
+        this.supportsObjects = false;
+    }
     async get(key) {
         return typeof localStorage !== 'undefined' ? localStorage.getItem(key) : null;
     }
     async set(key, value) {
         if (typeof localStorage !== 'undefined') {
-            localStorage.setItem(key, value);
+            const stringValue = typeof value === 'string' ? value : JSON.stringify(value);
+            localStorage.setItem(key, stringValue);
         }
     }
     async remove(key) {
@@ -26200,6 +26232,7 @@ class LocalStorageTokenStorage {
  */
 class MemoryTokenStorage {
     constructor() {
+        this.supportsObjects = true;
         this.store = new Map();
     }
     async get(key) {
@@ -26223,26 +26256,30 @@ class AuthTokenManager {
         this.storage = storage;
     }
     async getAccessToken() {
-        return this.storage.get(AUTH_STORAGE_KEYS.ACCESS_TOKEN);
+        const val = await this.storage.get(AUTH_STORAGE_KEYS.ACCESS_TOKEN);
+        // Ensure we return string for tokens
+        return typeof val === 'string' ? val : null;
     }
     async setAccessToken(token) {
         await this.storage.set(AUTH_STORAGE_KEYS.ACCESS_TOKEN, token);
     }
     async getRefreshToken() {
-        return this.storage.get(AUTH_STORAGE_KEYS.REFRESH_TOKEN);
+        const val = await this.storage.get(AUTH_STORAGE_KEYS.REFRESH_TOKEN);
+        return typeof val === 'string' ? val : null;
     }
     async setRefreshToken(token) {
         await this.storage.set(AUTH_STORAGE_KEYS.REFRESH_TOKEN, token);
     }
     async getProviderToken() {
-        return this.storage.get(AUTH_STORAGE_KEYS.PROVIDER_TOKEN);
+        const val = await this.storage.get(AUTH_STORAGE_KEYS.PROVIDER_TOKEN);
+        return typeof val === 'string' ? val : null;
     }
     async setProviderToken(token) {
         await this.storage.set(AUTH_STORAGE_KEYS.PROVIDER_TOKEN, token);
     }
     async getAuthType() {
         const authType = await this.storage.get(AUTH_STORAGE_KEYS.AUTH_TYPE);
-        return authType;
+        return typeof authType === 'string' ? authType : null;
     }
     async setAuthType(authType) {
         await this.storage.set(AUTH_STORAGE_KEYS.AUTH_TYPE, authType);
@@ -26267,6 +26304,218 @@ class AuthTokenManager {
     }
 }
+class WebDPoPCryptoProvider {
+    get crypto() {
+        // Basic environment check
+        if (typeof crypto !== 'undefined')
+            return crypto;
+        if (typeof window !== 'undefined' && window.crypto)
+            return window.crypto;
+        if (typeof globalThis !== 'undefined' && globalThis.crypto)
+            return globalThis.crypto;
+        throw new Error('WebCrypto API not found. Please polyfill crypto.subtle or use a different DPoPCryptoProvider.');
+    }
+    async generateKeyPair(options) {
+        const extractable = options?.extractable ?? true;
+        const keyPair = await this.crypto.subtle.generateKey({
+            name: 'ECDSA',
+            namedCurve: 'P-256',
+        }, extractable, // Configurable extractability
+        ['sign', 'verify']);
+        const publicKey = await this.crypto.subtle.exportKey('jwk', keyPair.publicKey);
+        // If extractable, export private key as JWK (plain object)
+        // If NOT extractable, keep it as CryptoKey (native handle)
+        // However, DPoPKeyPair interface currently expects JsonWebKey | CryptoKey
+        // We need to check DPoPKeyPair type definition.
+        // Wait, DPoPKeyPair definition in dpop.types.ts says:
+        // publicKey: JsonWebKey; privateKey: JsonWebKey;
+        // I need to change that to support CryptoKey.
+        // Let's re-read dpop.types.ts
+        // I assumed it might be compatible but let's verify.
+        // If I change privateKey to unknown or JsonWebKey | CryptoKey, it will be safer.
+        let privateKey;
+        if (extractable) {
+            privateKey = await this.crypto.subtle.exportKey('jwk', keyPair.privateKey);
+        }
+        else {
+            privateKey = keyPair.privateKey;
+        }
+        return { publicKey, privateKey };
+    }
+    async signProof(payload, keyPair) {
+        // 1. Prepare Header
+        const header = {
+            typ: 'dpop+jwt',
+            alg: 'ES256',
+            jwk: keyPair.publicKey
+        };
+        // 2. Prepare Payload
+        // Ensure jti and iat if not present (though Manager usually provides them)
+        const finalPayload = {
+            ...payload,
+            iat: payload.iat || Math.floor(Date.now() / 1000),
+            jti: payload.jti || this.generateUUID()
+        };
+        // 3. Encode segments
+        const encodedHeader = this.base64UrlEncode(JSON.stringify(header));
+        const encodedPayload = this.base64UrlEncode(JSON.stringify(finalPayload));
+        const signingInput = `${encodedHeader}.${encodedPayload}`;
+        // 4. Import private key for signing
+        let privateKey;
+        // Check if it's already a CryptoKey (non-extractable handle)
+        // We check for 'algorithm' property which signals a CryptoKey object
+        if (keyPair.privateKey.algorithm) {
+            privateKey = keyPair.privateKey;
+        }
+        else {
+            // Otherwise import from JWK
+            privateKey = await this.crypto.subtle.importKey('jwk', keyPair.privateKey, {
+                name: 'ECDSA',
+                namedCurve: 'P-256',
+            }, false, ['sign']);
+        }
+        // 5. Sign
+        const signatureBuffer = await this.crypto.subtle.sign({
+            name: 'ECDSA',
+            hash: { name: 'SHA-256' },
+        }, privateKey, new TextEncoder().encode(signingInput));
+        const encodedSignature = this.base64UrlEncodeBuffer(signatureBuffer);
+        return `${signingInput}.${encodedSignature}`;
+    }
+    async hashAccessToken(accessToken) {
+        const encoder = new TextEncoder();
+        const data = encoder.encode(accessToken);
+        const hashBuffer = await this.crypto.subtle.digest('SHA-256', data);
+        return this.base64UrlEncodeBuffer(hashBuffer);
+    }
+    // --- Helpers ---
+    generateUUID() {
+        if (typeof crypto !== 'undefined' && crypto.randomUUID) {
+            return crypto.randomUUID();
+        }
+        // Fallback for older envs
+        return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, (c) => {
+            const r = (Math.random() * 16) | 0;
+            const v = c === 'x' ? r : (r & 0x3) | 0x8;
+            return v.toString(16);
+        });
+    }
+    base64UrlEncode(str) {
+        // Use TextEncoder to handle UTF-8 properly
+        const encoder = new TextEncoder();
+        return this.base64UrlEncodeBuffer(encoder.encode(str));
+    }
+    base64UrlEncodeBuffer(buffer) {
+        const bytes = new Uint8Array(buffer);
+        let binary = '';
+        const len = bytes.byteLength;
+        // Chunk processing for large buffers if needed, but proofs are small
+        for (let i = 0; i < len; i++) {
+            binary += String.fromCharCode(bytes[i]);
+        }
+        // btoa is widely available in browsers.
+        // In Node (non-globals), we might need Buffer.
+        // For universal 'platform agnostic' aiming at standard web-like envs:
+        let base64 = '';
+        if (typeof btoa === 'function') {
+            base64 = btoa(binary);
+        }
+        else if (typeof Buffer !== 'undefined') {
+            base64 = Buffer.from(binary, 'binary').toString('base64');
+        }
+        else {
+            throw new Error('Base64 encoding not supported in this environment');
+        }
+        return base64
+            .replace(/\+/g, '-')
+            .replace(/\//g, '_')
+            .replace(/=+$/, '');
+    }
+}
+const DPOP_STORAGE_KEYS = {
+    PUBLIC: 'pers_dpop_public_key',
+    PRIVATE: 'pers_dpop_private_key'
+};
+class DPoPManager {
+    constructor(storage, cryptoProvider) {
+        this.storage = storage;
+        this.memoryKeyPair = null;
+        this.cryptoProvider = cryptoProvider || new WebDPoPCryptoProvider();
+    }
+    /**
+     * Ensures a DPoP key pair exists, loading from storage or generating new one.
+     */
+    async ensureKeyPair() {
+        if (this.memoryKeyPair)
+            return this.memoryKeyPair;
+        const storedPublic = await this.storage.get(DPOP_STORAGE_KEYS.PUBLIC);
+        const storedPrivate = await this.storage.get(DPOP_STORAGE_KEYS.PRIVATE);
+        if (storedPublic && storedPrivate) {
+            try {
+                // Handle polymorphic storage: String (JSON) or Object (CryptoKey)
+                const publicKey = typeof storedPublic === 'string' ? JSON.parse(storedPublic) : storedPublic;
+                const privateKey = typeof storedPrivate === 'string' ? JSON.parse(storedPrivate) : storedPrivate;
+                this.memoryKeyPair = { publicKey, privateKey };
+                return this.memoryKeyPair;
+            }
+            catch (e) {
+                console.warn('Corrupted DPoP keys in storage, regenerating.');
+            }
+        }
+        // Generate new key pair
+        // Adaptation: If storage supports raw objects (like IndexedDB or Native Keychain),
+        // we can generate Non-Extractable keys for maximum security.
+        // If storage is text-only (LocalStorage), we must use Extractable keys to serialize them.
+        const useHighSecurity = !!this.storage.supportsObjects;
+        const keyPair = await this.cryptoProvider.generateKeyPair({
+            extractable: !useHighSecurity
+        });
+        // Save to storage
+        await this.storage.set(DPOP_STORAGE_KEYS.PUBLIC, keyPair.publicKey);
+        await this.storage.set(DPOP_STORAGE_KEYS.PRIVATE, keyPair.privateKey);
+        this.memoryKeyPair = keyPair;
+        return keyPair;
+    }
+    /**
+     * Generates the DPoP proof header value.
+     * @param method HTTP method
+     * @param url Request URL
+     * @param accessToken Optional access token to bind the proof to (ath claim)
+     */
+    async generateProofHeader(method, url, accessToken) {
+        const keyPair = await this.ensureKeyPair();
+        const payload = {
+            htm: method,
+            htu: url,
+        };
+        if (accessToken) {
+            payload.ath = await this.cryptoProvider.hashAccessToken(accessToken);
+        }
+        return this.cryptoProvider.signProof(payload, keyPair);
+    }
+    /**
+     * Clears DPoP keys (e.g. on logout)
+     */
+    async clearKeys() {
+        this.memoryKeyPair = null;
+        await this.storage.remove(DPOP_STORAGE_KEYS.PUBLIC);
+        await this.storage.remove(DPOP_STORAGE_KEYS.PRIVATE);
+    }
+    /**
+     * Gets the public key (for debugging/inspection)
+     */
+    async getPublicKey() {
+        try {
+            const kp = await this.ensureKeyPair();
+            return kp.publicKey;
+        }
+        catch {
+            return null;
+        }
+    }
+}
 /**
  * Default Authentication Provider
  * Simple implementation of PERS authentication with token lifecycle management
@@ -26280,6 +26529,9 @@ class DefaultAuthProvider {
         this.authType = config.authType || 'user';
         const storage = config.storage || this.createStorage();
         this.tokenManager = new AuthTokenManager(storage);
+        if (config.dpop?.enabled) {
+            this.dpopManager = new DPoPManager(storage, config.dpop.cryptoProvider);
+        }
     }
     createStorage() {
         return typeof window === 'undefined' || typeof localStorage === 'undefined'
@@ -26289,6 +26541,26 @@ class DefaultAuthProvider {
     getToken() {
         return this.tokenManager.getAccessToken();
     }
+    async getAuthHeaders(token, method, url) {
+        const headers = {};
+        if (this.dpopManager && method && url) {
+            // Generate DPoP Proof
+            // Note: For 'bypassAuth' requests (token is null), we still generate proof (bound to public key, no ath)
+            // This covers Token Requests (Login) which need DPoP header to bind the issued token.
+            const proof = await this.dpopManager.generateProofHeader(method, url, token || undefined);
+            headers['DPoP'] = proof;
+            if (token) {
+                headers['Authorization'] = `DPoP ${token}`;
+            }
+        }
+        else {
+            // Standard Bearer
+            if (token) {
+                headers['Authorization'] = `Bearer ${token}`;
+            }
+        }
+        return headers;
+    }
     async getProjectKey() {
         return this.config.projectKey || null;
     }
@@ -26323,6 +26595,9 @@ class DefaultAuthProvider {
     }
     async clearTokens() {
         await this.tokenManager.clearAllTokens();
+        if (this.dpopManager) {
+            await this.dpopManager.clearKeys();
+        }
     }
     async setTokens(accessToken, refreshToken, providerToken) {
         await this.tokenManager.setTokens(accessToken, refreshToken, providerToken);
@@ -26371,7 +26646,11 @@ class PersApiClient {
             this.mergedConfig.authProvider = new DefaultAuthProvider({
                 authType: this.mergedConfig.authType || 'user',
                 projectKey: this.mergedConfig.apiProjectKey,
-                storage: this.mergedConfig.authStorage // Support custom storage
+                storage: this.mergedConfig.authStorage, // Support custom storage
+                dpop: {
+                    enabled: this.mergedConfig.dpop?.enabled ?? true, // Enable DPoP by default
+                    cryptoProvider: this.mergedConfig.dpop?.cryptoProvider
+                }
             });
         }
         this.authService = new AuthService(this.authApi, this.mergedConfig.authProvider);
@@ -26434,7 +26713,7 @@ class PersApiClient {
             });
         }
         const requestOptions = {
-            headers: await this.getHeaders(!bypassAuth),
+            headers: await this.getHeaders(!bypassAuth, method, url),
             timeout: this.mergedConfig.timeout,
             responseType
         };
@@ -26529,26 +26808,45 @@ class PersApiClient {
      * Get request headers with optional auth token and project key
      *
      * @param includeAuth - Whether to include the Authorization header (default: true)
+     * @param method - HTTP Method (required for DPoP)
+     * @param url - Full Request URL (required for DPoP)
      */
-    async getHeaders(includeAuth = true) {
+    async getHeaders(includeAuth = true, method, url) {
         const headers = {
             'Content-Type': 'application/json',
         };
-        if (includeAuth) {
-            // Add authentication token
-            if (this.mergedConfig.authProvider) {
-                const token = await this.mergedConfig.authProvider.getToken();
-                if (token) {
-                    headers['Authorization'] = `Bearer ${token}`;
+        if (this.mergedConfig.authProvider) {
+            let token = null;
+            if (includeAuth) {
+                token = await this.mergedConfig.authProvider.getToken();
+            }
+            // Handle Authentication Headers (Bearer or DPoP)
+            if (this.mergedConfig.authProvider.getAuthHeaders) {
+                // Provider supports advanced headers (DPoP)
+                // We pass token (null if includeAuth=false) so it can generate DPoP proofs for login requests too
+                try {
+                    const authHeaders = await this.mergedConfig.authProvider.getAuthHeaders(token, method, url);
+                    Object.assign(headers, authHeaders);
                 }
-                else {
-                    console.warn('[PersApiClient] No token available from auth provider');
+                catch (e) {
+                    console.warn('[PersApiClient] Failed to generate auth headers:', e);
+                    // Fallback if token exists but DPoP generation failed?
+                    // Better to fail or let standardized fallback below handle it?
+                    // If DPoP fails, falling back to Bearer might be insecure if server enforces DPoP.
+                    // For now, valid token -> Bearer fallback logic mostly for non-DPoP legacy providers.
                 }
             }
-            else {
-                console.warn('[PersApiClient] No auth provider configured');
+            // Fallback: If provider didn't give headers but we have token and NO Authorization header yet
+            if (includeAuth && token && !headers['Authorization']) {
+                headers['Authorization'] = `Bearer ${token}`;
+            }
+            else if (includeAuth && !token) {
+                console.warn('[PersApiClient] No token available from auth provider');
             }
         }
+        else if (includeAuth) {
+            console.warn('[PersApiClient] No auth provider configured');
+        }
         // Add project key
         if (this.mergedConfig.authProvider) {
             const projectKey = await this.mergedConfig.authProvider.getProjectKey();
@@ -29567,6 +29865,75 @@ class TransactionManager {
     async exportTransactionsCSV() {
         return this.transactionService.exportTransactionsCSV();
     }
+    /**
+     * Prepare existing transaction for client-side signing
+     *
+     * Retrieves the necessary data to sign an existing transaction on the client side.
+     * This is typically used when a transaction has been created but requires user signature.
+     *
+     * @param transactionId - The ID of the transaction to prepare
+     * @returns Promise resolving to the transaction preparation data
+     */
+    async prepareExistingTransaction(transactionId) {
+        return this.transactionService.prepareExistingTransaction(transactionId);
+    }
+    /**
+     * Prepare a new transaction for client-side signing
+     *
+     * Creates a new transaction and immediately returns the data needed for client-side signing.
+     * This combines creation and preparation into a single flow for client-signed operations.
+     *
+     * @param request - The transaction request details
+     * @returns Promise resolving to the transaction preparation data
+     */
+    async prepareClientSignedTransaction(request) {
+        return this.transactionService.prepareClientSignedTransaction(request);
+    }
+    /**
+     * Submit a signed transaction
+     *
+     * Submits a transaction that has been signed on the client side to the backend for processing.
+     *
+     * @param signedTxData - The signed transaction data
+     * @returns Promise resolving to the submission result
+     */
+    async submitSignedTransaction(signedTxData) {
+        return this.transactionService.submitSignedTransaction(signedTxData);
+    }
+    /**
+     * Query transactions by sender
+     *
+     * Retrieves transactions where the specified account is the sender.
+     *
+     * @param accountSelector - Selector for the sender account
+     * @returns Promise resolving to paginated transactions
+     */
+    async queryTransactionsBySender(accountSelector) {
+        return this.transactionService.queryTransactionsBySender(accountSelector);
+    }
+    /**
+     * Query transactions by recipient
+     *
+     * Retrieves transactions where the specified account is the recipient.
+     *
+     * @param accountSelector - Selector for the recipient account
+     * @returns Promise resolving to paginated transactions
+     */
+    async queryTransactionsByRecipient(accountSelector) {
+        return this.transactionService.queryTransactionsByRecipient(accountSelector);
+    }
+    /**
+     * Get transaction analytics
+     *
+     * Retrieves analytics data for transactions based on the provided request criteria.
+     * Useful for generating reports and dashboards.
+     *
+     * @param analyticsRequest - The analytics query parameters
+     * @returns Promise resolving to the analytics data
+     */
+    async getTransactionAnalytics(analyticsRequest) {
+        return this.transactionService.getTransactionAnalytics(analyticsRequest);
+    }
     /**
      * Get the full transaction service for advanced operations
      *
@@ -31677,6 +32044,153 @@ class PersSDK {
     }
 }
+// Conditionally require Keychain to avoid Web bundler errors
+let Keychain;
+if (reactNative.Platform.OS !== 'web') {
+    try {
+        Keychain = require('react-native-keychain');
+    }
+    catch (e) {
+        console.warn('ReactNativeSecureStorage: Failed to load react-native-keychain', e);
+    }
+}
+/**
+ * Secure Storage implementation for React Native
+ * Uses Keychain/Keystore for sensitive data and AsyncStorage for non-sensitive data.
+ */
+class ReactNativeSecureStorage {
+    constructor(keyPrefix = 'pers_tokens_') {
+        this.keyPrefix = keyPrefix;
+        // Set to false because Keychain stores strings, so we need extractable (serializable) keys
+        this.supportsObjects = false;
+        // Define which keys MUST go to secure hardware storage
+        this.SECURE_KEYS = new Set([
+            DPOP_STORAGE_KEYS.PRIVATE,
+            AUTH_STORAGE_KEYS.ACCESS_TOKEN,
+            AUTH_STORAGE_KEYS.REFRESH_TOKEN,
+            AUTH_STORAGE_KEYS.PROVIDER_TOKEN
+        ]);
+    }
+    async set(key, value) {
+        const prefixedKey = this.getKeyName(key);
+        const stringValue = typeof value === 'string' ? value : JSON.stringify(value);
+        // Cast key to any to bypass strict literal type checking of the Set.has method
+        // In runtime, 'key' is just a string, so this is safe.
+        if (this.SECURE_KEYS.has(key)) {
+            // Store in Keychain/Keystore
+            // Service name acts as the key identifier in simple usage
+            await Keychain.setGenericPassword(prefixedKey, stringValue, { service: prefixedKey });
+        }
+        else {
+            // Store standard config/metadata in AsyncStorage
+            await AsyncStorage.setItem(prefixedKey, stringValue);
+        }
+    }
+    async get(key) {
+        const prefixedKey = this.getKeyName(key);
+        if (this.SECURE_KEYS.has(key)) {
+            try {
+                const credentials = await Keychain.getGenericPassword({ service: prefixedKey });
+                if (credentials) {
+                    return this.tryParse(credentials.password);
+                }
+                return null;
+            }
+            catch (e) {
+                console.warn(`[ReactNativeSecureStorage] Failed to access keychain for ${key}`, e);
+                return null; // Key not found or access denied
+            }
+        }
+        else {
+            try {
+                const val = await AsyncStorage.getItem(prefixedKey);
+                return val ? this.tryParse(val) : null;
+            }
+            catch (e) {
+                console.warn(`[ReactNativeSecureStorage] Failed to access AsyncStorage for ${key}`, e);
+                return null;
+            }
+        }
+    }
+    async remove(key) {
+        const prefixedKey = this.getKeyName(key);
+        if (this.SECURE_KEYS.has(key)) {
+            await Keychain.resetGenericPassword({ service: prefixedKey });
+        }
+        else {
+            await AsyncStorage.removeItem(prefixedKey);
+        }
+    }
+    async clear() {
+        // Clear all known secure keys
+        for (const key of this.SECURE_KEYS) {
+            await Keychain.resetGenericPassword({ service: this.getKeyName(key) });
+        }
+        // Clear AsyncStorage keys related to PERS
+        try {
+            const allKeys = await AsyncStorage.getAllKeys();
+            const ourKeys = allKeys.filter(k => k.startsWith(this.keyPrefix));
+            if (ourKeys.length > 0) {
+                await AsyncStorage.multiRemove(ourKeys);
+            }
+        }
+        catch (e) {
+            console.warn('[ReactNativeSecureStorage] Failed to clear AsyncStorage', e);
+        }
+    }
+    getKeyName(key) {
+        // For Keychain, we might want to avoid prefixes if we want to share across apps,
+        // but for simple isolation, prefix is fine to avoid collisions if multiple instances exist.
+        // However, Keychain services are global to the app bundle ID usually.
+        return `${this.keyPrefix}${key}`;
+    }
+    tryParse(val) {
+        try {
+            return JSON.parse(val);
+        }
+        catch {
+            return val;
+        }
+    }
+}
+/**
+ * React Native Unified Auth Provider
+ *
+ * Creates a platform-specific auth provider that automatically selects the appropriate storage:
+ * - Web: Uses LocalStorageTokenStorage from core SDK
+ * - Mobile: Uses AsyncStorage-based storage
+ */
+// Use React Native's built-in platform detection
+const isWebPlatform = reactNative.Platform.OS === 'web';
+/**
+ * Create a React Native auth provider with platform-appropriate storage
+ *
+ * Automatically selects storage implementation:
+ * - Web: Uses LocalStorageTokenStorage (from core SDK)
+ * - Mobile: Uses AsyncStorageTokenStorage (React Native specific)
+ *
+ * @param projectKey - PERS project key
+ * @param config - Configuration options
+ * @returns DefaultAuthProvider configured for the current platform
+ */
+function createReactNativeAuthProvider(projectKey, config = {}) {
+    if (!projectKey || typeof projectKey !== 'string') {
+        throw new Error('createReactNativeAuthProvider: projectKey is required and must be a string');
+    }
+    const { keyPrefix = `pers_${projectKey.slice(0, 8)}_`, debug = false, customStorage, authType = 'user' } = config;
+    // Platform-specific storage selection
+    const tokenStorage = customStorage || (isWebPlatform
+        ? new LocalStorageTokenStorage()
+        : new ReactNativeSecureStorage(keyPrefix));
+    // Return DefaultAuthProvider configured with platform-appropriate storage
+    return new DefaultAuthProvider({
+        authType,
+        projectKey,
+        storage: tokenStorage
+    });
+}
 /**
  * AsyncStorage Token Storage for React Native Mobile Platforms
  *
@@ -31790,41 +32304,96 @@ class AsyncStorageTokenStorage {
     }
 }
-/**
- * React Native Unified Auth Provider
- *
- * Creates a platform-specific auth provider that automatically selects the appropriate storage:
- * - Web: Uses LocalStorageTokenStorage from core SDK
- * - Mobile: Uses AsyncStorage-based storage
- */
-// Use React Native's built-in platform detection
-const isWebPlatform = reactNative.Platform.OS === 'web';
-/**
- * Create a React Native auth provider with platform-appropriate storage
- *
- * Automatically selects storage implementation:
- * - Web: Uses LocalStorageTokenStorage (from core SDK)
- * - Mobile: Uses AsyncStorageTokenStorage (React Native specific)
- *
- * @param projectKey - PERS project key
- * @param config - Configuration options
- * @returns DefaultAuthProvider configured for the current platform
- */
-function createReactNativeAuthProvider(projectKey, config = {}) {
-    if (!projectKey || typeof projectKey !== 'string') {
-        throw new Error('createReactNativeAuthProvider: projectKey is required and must be a string');
+// Conditionally require quick-crypto for Native platforms only
+let crypto$1;
+if (reactNative.Platform.OS !== 'web') {
+    try {
+        crypto$1 = require('react-native-quick-crypto').default || require('react-native-quick-crypto');
+    }
+    catch (e) {
+        console.warn('ReactNativeDPoPProvider: Failed to load react-native-quick-crypto', e);
+    }
+}
+else {
+    // on Web, we shouldn't be using this provider anyway (Core SDK has WebDPoPProvider)
+    // But to be safe, we can mock or throw
+    crypto$1 = {
+        generateKeyPair: () => { throw new Error('ReactNativeDPoPProvider not supported on Web'); }
+    };
+}
+class ReactNativeDPoPProvider {
+    /**
+     * Generates a new key pair (ES256 recommended)
+     *
+     * Note: options.extractable is ignored because for React Native Keychain storage,
+     * we MUST export the keys as JWK/strings. We rely on the Keychain encryption
+     * for security at rest (High Security), making the key "Extractable" in memory
+     * but protected by hardware encryption when stored.
+     */
+    async generateKeyPair(options) {
+        // Generate P-256 Key Pair
+        return new Promise((resolve, reject) => {
+            crypto$1.generateKeyPair('ec', { namedCurve: 'P-256' }, (err, publicKey, privateKey) => {
+                if (err)
+                    return reject(err);
+                // Export to JWK for SDK Compatibility
+                // We use 'export' because supportsObjects=false in our storage forces the SDK
+                // to expect serializable keys.
+                const pubJwk = publicKey.export({ format: 'jwk' });
+                const privJwk = privateKey.export({ format: 'jwk' });
+                resolve({
+                    publicKey: pubJwk,
+                    privateKey: privJwk
+                });
+            });
+        });
+    }
+    async signProof(payload, keyPair) {
+        // 1. Construct Header
+        const header = {
+            typ: 'dpop+jwt',
+            alg: 'ES256',
+            jwk: keyPair.publicKey
+        };
+        // 2. Add Claims (iat/jti)
+        const finalPayload = {
+            ...payload,
+            iat: payload.iat || Math.floor(Date.now() / 1000),
+            jti: payload.jti || crypto$1.randomUUID()
+        };
+        // 3. Encode
+        const b64Header = this.base64Url(JSON.stringify(header));
+        const b64Payload = this.base64Url(JSON.stringify(finalPayload));
+        const signingInput = `${b64Header}.${b64Payload}`;
+        // 4. Sign
+        const sign = crypto$1.createSign('SHA256');
+        sign.update(signingInput);
+        // sign.end() is not required/available in quick-crypto as it doesn't strictly follow stream interface
+        // Import private key back from JWK to sign
+        // The keyPair.privateKey is a JsonWebKey object because we exported it earlier.
+        // quick-crypto createPrivateKey expects jwk object if format is jwk
+        const privateKeyObj = crypto$1.createPrivateKey({ key: keyPair.privateKey, format: 'jwk' });
+        const signature = sign.sign(privateKeyObj);
+        // signature is a Buffer in quick-crypto
+        return `${signingInput}.${this.base64UrlBuffer(signature)}`;
+    }
+    async hashAccessToken(accessToken) {
+        const hash = crypto$1.createHash('sha256').update(accessToken).digest();
+        // digest returns Buffer in quick-crypto
+        return this.base64UrlBuffer(hash);
+    }
+    // --- Helpers ---
+    base64Url(str) {
+        return this.base64UrlBuffer(buffer.Buffer.from(str));
+    }
+    base64UrlBuffer(buf) {
+        // Ensure we have a Buffer
+        const buffer$1 = buffer.Buffer.isBuffer(buf) ? buf : buffer.Buffer.from(buf);
+        return buffer$1.toString('base64')
+            .replace(/=/g, '')
+            .replace(/\+/g, '-')
+            .replace(/\//g, '_');
     }
-    const { keyPrefix = `pers_${projectKey.slice(0, 8)}_`, debug = false, customStorage, authType = 'user' } = config;
-    // Platform-specific storage selection
-    const tokenStorage = customStorage || (isWebPlatform
-        ? new LocalStorageTokenStorage()
-        : new AsyncStorageTokenStorage(keyPrefix));
-    // Return DefaultAuthProvider configured with platform-appropriate storage
-    return new DefaultAuthProvider({
-        authType,
-        projectKey,
-        storage: tokenStorage
-    });
 }
 /**
@@ -31958,6 +32527,15 @@ const PersSDKProvider = ({ children }) => {
                 ...config,
                 authProvider
             };
+            // Inject Native DPoP Provider (crypto-based) for mobile platforms
+            // Web platforms use built-in WebCrypto provider by default
+            if (reactNative.Platform.OS !== 'web' && (!config.dpop?.cryptoProvider)) {
+                sdkConfig.dpop = {
+                    ...(config.dpop || {}),
+                    enabled: config.dpop?.enabled ?? true,
+                    cryptoProvider: new ReactNativeDPoPProvider()
+                };
+            }
             // Initialize PersSDK with platform-aware auth provider
             const sdkInstance = new PersSDK(httpClient, sdkConfig);
             setAuthProvider(authProvider);
@@ -34419,7 +34997,9 @@ exports.ANALYTICS_METRIC_TYPES = ANALYTICS_METRIC_TYPES;
 exports.AsyncStorageTokenStorage = AsyncStorageTokenStorage;
 exports.NativeTokenTypes = NativeTokenTypes;
 exports.PersSDKProvider = PersSDKProvider;
+exports.ReactNativeDPoPProvider = ReactNativeDPoPProvider;
 exports.ReactNativeHttpClient = ReactNativeHttpClient;
+exports.ReactNativeSecureStorage = ReactNativeSecureStorage;
 exports.TRANSACTION_FORMATS = TRANSACTION_FORMATS;
 exports.TRANSACTION_FORMAT_DESCRIPTIONS = TRANSACTION_FORMAT_DESCRIPTIONS;
 exports.apiPublicKeyTestPrefix = apiPublicKeyTestPrefix;