@getpara/core-sdk 2.12.0 → 2.13.0

package/dist/esm/state/machines/authStateMachine.js

@@ -0,0 +1,1039 @@
+import {
+  __async,
+  __spreadProps,
+  __spreadValues
+} from "../../chunk-7B52C2XE.js";
+import { assign, setup, and, or, sendTo, fromPromise } from "xstate";
+import { createAuthenticateWithEmailOrPhoneActor } from "../actors/authenticateWithEmailOrPhone.js";
+import { createAuthenticateWithExternalWalletActor } from "../actors/authenticateWithExternalWallet.js";
+import { createCheckUserStateActor } from "../actors/checkUserState.js";
+import { createProcessAuthenticationActor } from "../actors/processAuthentication.js";
+import { createVerifyNewAccountActor } from "../actors/verifyNewAccount.js";
+import { createPollingActor } from "../actors/polling.js";
+import { ParaEvent } from "../../types/index.js";
+import { createVerifyExternalWalletActor } from "../actors/verifyExternalWallet.js";
+import { createAuthenticateWithTelegramActor } from "../actors/authenticateWithTelegram.js";
+import { createAuthenticateWithFarcasterActor } from "../actors/authenticateWithFarcaster.js";
+import { extractErrorMessage, formatStateError } from "../../utils/stateErrorHelpers.js";
+import { createConnectExternalWalletActor } from "../actors/connectExternalWallet.js";
+import { createSignExternalWalletVerificationActor } from "../actors/signExternalWalletVerification.js";
+import { createSwitchExternalWalletActor } from "../actors/switchExternalWallet.js";
+import { createAuthenticateWithTelegramLegacyActor } from "../actors/authenticateWithTelegramLegacy.js";
+import { createAuthenticateWithFarcasterLegacyActor } from "../actors/authenticateWithFarcasterLegacy.js";
+import { dispatchEvent } from "../../utils/events.js";
+import {
+  AUTH_RESTART_TRANSITIONS,
+  computeIsNewUser,
+  DEFAULT_AUTH_OPTS,
+  isCancelError,
+  makeErrorTransitions,
+  makePollingOnHandlers,
+  setAuthErrorAssign,
+  setAuthResultAssign,
+  setServerAuthStateAssign
+} from "./authStateMachine.helpers.js";
+function createAuthStateMachine(paraCoreInterface) {
+  return setup({
+    types: {
+      context: {},
+      events: {},
+      input: {}
+    },
+    actors: {
+      checkUserState: createCheckUserStateActor(paraCoreInterface),
+      authenticateWithEmailOrPhone: createAuthenticateWithEmailOrPhoneActor(paraCoreInterface.authService),
+      authenticateWithExternalWallet: createAuthenticateWithExternalWalletActor(paraCoreInterface.authService),
+      authenticateWithTelegram: createAuthenticateWithTelegramActor(paraCoreInterface.pollingService),
+      authenticateWithTelegramLegacy: createAuthenticateWithTelegramLegacyActor(paraCoreInterface.authService),
+      authenticateWithFarcaster: createAuthenticateWithFarcasterActor(paraCoreInterface.pollingService),
+      authenticateWithFarcasterLegacy: createAuthenticateWithFarcasterLegacyActor(paraCoreInterface.authService),
+      processAuthentication: createProcessAuthenticationActor(paraCoreInterface.authService),
+      verifyNewAccount: createVerifyNewAccountActor(paraCoreInterface.authService),
+      verifyExternalWallet: createVerifyExternalWalletActor(paraCoreInterface.authService),
+      polling: createPollingActor(paraCoreInterface.pollingService),
+      connectExternalWallet: createConnectExternalWalletActor(paraCoreInterface.externalWalletService),
+      signExternalWalletVerification: createSignExternalWalletVerificationActor(paraCoreInterface.externalWalletService),
+      switchExternalWallet: createSwitchExternalWalletActor(paraCoreInterface.externalWalletService),
+      logoutActor: fromPromise(() => __async(this, null, function* () {
+        yield paraCoreInterface.logout({ skipStateReset: true });
+      }))
+    },
+    actions: {
+      logTransition: (_, params) => {
+        paraCoreInterface.devLog(`[auth] \u2192 ${params.to}${params.detail ? ` (${params.detail})` : ""}`);
+      },
+      fetchPregenWalletsFromOverride: (_, params) => {
+        void paraCoreInterface.pregenWalletService.fetchPregenWalletsFromOverride(params).catch((error) => console.error("Failed to fetch pregen wallets:", error));
+      },
+      storeAuthStateResult: assign({
+        authStateResult: ({ event }) => {
+          if ("output" in event) {
+            return event.output;
+          }
+          return null;
+        }
+      }),
+      setPollingCallbacks: assign({
+        pollingCallbacks: ({ event, context }) => {
+          if ("data" in event && event.data) {
+            return {
+              onCancel: "onCancel" in event.data ? event.data.onCancel : void 0,
+              onPoll: "onPoll" in event.data ? event.data.onPoll : void 0,
+              isCanceled: "isCanceled" in event.data ? event.data.isCanceled : void 0
+            };
+          }
+          return context.pollingCallbacks || null;
+        }
+      }),
+      setAutoCreate: assign({
+        shouldAutoCreateWallets: true
+      }),
+      setSessionOptions: assign({
+        shouldAutoCreateWallets: ({ event }) => {
+          if ("data" in event && event.data && typeof event.data === "object" && "autoCreateWallets" in event.data) {
+            return !!event.data.autoCreateWallets;
+          }
+          return false;
+        },
+        skipSessionRefreshOnSetup: ({ event }) => {
+          if ("data" in event && event.data && typeof event.data === "object" && "skipSessionRefresh" in event.data) {
+            return event.data.skipSessionRefresh || false;
+          }
+          return false;
+        }
+      }),
+      setIsLegacy: assign({
+        isLegacy: ({ event }) => "data" in event && "isLegacy" in event.data && event.data.isLegacy
+      }),
+      resetState: assign({
+        authStateResult: null,
+        serverAuthStateResult: null,
+        isNewUser: false,
+        error: null,
+        pollingCallbacks: null,
+        shouldAutoCreateWallets: false,
+        skipSessionRefreshOnSetup: false,
+        isLegacy: false,
+        retryAttempts: {},
+        externalWalletInfo: void 0,
+        externalWalletSignVerification: void 0
+      }),
+      resetError: assign({
+        error: null
+      }),
+      incrementRetryAttempt: assign({
+        retryAttempts: ({ context }, params) => {
+          var _a;
+          const newCount = (((_a = context.retryAttempts) == null ? void 0 : _a[params.type]) || 0) + 1;
+          paraCoreInterface.devLog(`[auth] Retry ${params.type}: attempt ${newCount}/3`);
+          return __spreadProps(__spreadValues({}, context.retryAttempts), {
+            [params.type]: newCount
+          });
+        }
+      }),
+      resetRetryAttempts: assign({
+        retryAttempts: {}
+      })
+    },
+    guards: {
+      isNewUser: ({ context }) => context.isNewUser,
+      authStageIsVerify: ({ context }) => {
+        var _a;
+        return ((_a = context.authStateResult) == null ? void 0 : _a.stage) === "verify";
+      },
+      authStageIsLogin: ({ context }) => {
+        var _a;
+        return ((_a = context.authStateResult) == null ? void 0 : _a.stage) === "login";
+      },
+      authStageIsSignup: ({ context }) => {
+        var _a;
+        return ((_a = context.authStateResult) == null ? void 0 : _a.stage) === "signup";
+      },
+      authStageIsDone: ({ context }) => {
+        var _a;
+        return ((_a = context.authStateResult) == null ? void 0 : _a.stage) === "done";
+      },
+      canRetryExternalWallet: ({ context }) => {
+        var _a;
+        return (((_a = context.retryAttempts) == null ? void 0 : _a.externalWalletVerification) || 0) < 3;
+      },
+      canRetryNewAccount: ({ context }) => {
+        var _a;
+        return (((_a = context.retryAttempts) == null ? void 0 : _a.newAccountVerification) || 0) < 3;
+      }
+    }
+  }).createMachine({
+    id: "auth",
+    initial: "checking_state",
+    context: ({ input: { coreRef } }) => ({
+      coreRef,
+      authStateResult: null,
+      serverAuthStateResult: null,
+      isNewUser: false,
+      error: null,
+      pollingCallbacks: null,
+      shouldAutoCreateWallets: false,
+      skipSessionRefreshOnSetup: false,
+      isLegacy: false,
+      retryAttempts: {}
+    }),
+    states: {
+      checking_state: {
+        invoke: {
+          src: "checkUserState",
+          onDone: [
+            {
+              guard: ({ event }) => {
+                const output = event.output;
+                return output.isGuestMode;
+              },
+              target: "guest_mode"
+            },
+            {
+              guard: ({ event }) => {
+                const output = event.output;
+                return paraCoreInterface.isPortal() && output.isAuthenticated || output.isFullyLoggedIn;
+              },
+              target: "authenticated"
+            },
+            { target: "clearing_state" }
+          ],
+          onError: {
+            target: "error",
+            actions: setAuthErrorAssign("Failed to check authentication state")
+          }
+        }
+      },
+      clearing_state: {
+        invoke: {
+          src: "logoutActor",
+          onDone: "unauthenticated",
+          onError: "unauthenticated"
+        }
+      },
+      unauthenticated: {
+        on: __spreadProps(__spreadValues({}, AUTH_RESTART_TRANSITIONS), {
+          INITIALIZE_GUEST_MODE: "guest_mode",
+          SESSION_IMPORTED: "authenticated"
+        })
+      },
+      guest_mode: {
+        entry: [
+          sendTo(({ context }) => context.coreRef, {
+            type: "GUEST_MODE"
+          })
+        ],
+        on: {
+          AUTHENTICATE_EMAIL_PHONE: "authenticating_email_phone",
+          AUTHENTICATE_OAUTH: "authenticating_oauth"
+        }
+      },
+      authenticating_email_phone: {
+        entry: ["setIsLegacy"],
+        invoke: {
+          src: "authenticateWithEmailOrPhone",
+          input: ({ event }) => {
+            if (event.type === "AUTHENTICATE_EMAIL_PHONE") {
+              return event.data;
+            }
+            throw new Error("Invalid event type for email/phone authentication");
+          },
+          onDone: [
+            {
+              target: "processing_authentication",
+              actions: [
+                setAuthResultAssign(),
+                {
+                  type: "fetchPregenWalletsFromOverride",
+                  params: ({ event }) => {
+                    const output = event.output;
+                    return { authInfo: output.authState.auth };
+                  }
+                }
+              ]
+            }
+          ],
+          onError: {
+            target: "error",
+            actions: setAuthErrorAssign("Email/phone authentication failed")
+          }
+        },
+        on: {
+          CANCEL: { target: "unauthenticated", actions: ["resetState"] }
+        }
+      },
+      authenticating_oauth: {
+        invoke: {
+          src: "polling",
+          input: ({ event }) => {
+            if (event.type === "AUTHENTICATE_OAUTH") {
+              const { onOAuthUrl, onOAuthPopup, method, appScheme, portalTheme, useShortUrls } = event.data;
+              let oauthSessionLookupId;
+              let oauthAuthState = null;
+              return {
+                init: () => __async(this, null, function* () {
+                  try {
+                    const { sessionLookupId } = yield paraCoreInterface.pollingService.initOAuthPolling({
+                      onOAuthPopup,
+                      onOAuthUrl,
+                      method,
+                      appScheme,
+                      portalTheme,
+                      useShortUrls
+                    });
+                    oauthSessionLookupId = sessionLookupId;
+                  } catch (error) {
+                    throw new Error(`OAuth initialization failed: ${extractErrorMessage(error, "Unknown error")}`);
+                  }
+                }),
+                checkCondition: () => __async(this, null, function* () {
+                  try {
+                    const result = yield paraCoreInterface.pollingService.waitForOAuth({
+                      onSuccess: (serverAuthState) => {
+                        oauthAuthState = serverAuthState;
+                      }
+                    })();
+                    return __spreadProps(__spreadValues({}, result), {
+                      data: {
+                        authState: oauthAuthState,
+                        sessionLookupId: oauthSessionLookupId,
+                        portalTheme: portalTheme || {},
+                        useShortUrls: useShortUrls || false
+                      }
+                    });
+                  } catch (error) {
+                    throw new Error(`OAuth polling failed: ${extractErrorMessage(error, "Unknown error")}`);
+                  }
+                }),
+                onPoll: () => {
+                  var _a, _b;
+                  return (_b = (_a = event.data).onPoll) == null ? void 0 : _b.call(_a);
+                },
+                onCancel: () => {
+                  var _a, _b;
+                  return (_b = (_a = event.data).onCancel) == null ? void 0 : _b.call(_a);
+                },
+                isCanceled: event.data.isCanceled || (() => false),
+                id: "authenticatingOauth"
+              };
+            }
+            throw new Error("Invalid event type for OAuth authentication");
+          },
+          onError: {
+            target: "error",
+            actions: setAuthErrorAssign("OAuth authentication failed")
+          }
+        },
+        entry: [
+          assign({
+            pollingCallbacks: ({ event }) => {
+              if (event.type === "AUTHENTICATE_OAUTH") {
+                return {
+                  onPoll: event.data.onPoll,
+                  onCancel: event.data.onCancel,
+                  isCanceled: event.data.isCanceled
+                };
+              }
+              return null;
+            }
+          }),
+          "setIsLegacy"
+        ],
+        on: makePollingOnHandlers("processing_authentication", "OAuth authentication failed", [
+          assign({
+            serverAuthStateResult: ({ event }) => {
+              var _a, _b, _c, _d;
+              const authState = ((_a = event.data) == null ? void 0 : _a.authState) || null;
+              return {
+                authState,
+                opts: {
+                  sessionLookupId: (_b = event.data) == null ? void 0 : _b.sessionLookupId,
+                  portalTheme: ((_c = event.data) == null ? void 0 : _c.portalTheme) || {},
+                  useShortUrls: ((_d = event.data) == null ? void 0 : _d.useShortUrls) || false,
+                  isFromExternalWallet: false
+                }
+              };
+            },
+            isNewUser: ({ event }) => {
+              var _a;
+              const authState = (_a = event.data) == null ? void 0 : _a.authState;
+              return authState ? computeIsNewUser(authState) : false;
+            }
+          })
+        ])
+      },
+      switching_external_wallet: {
+        invoke: {
+          src: "switchExternalWallet",
+          input: ({ event }) => {
+            if (event.type === "SWITCH_EXTERNAL_WALLET") {
+              return event.data;
+            }
+            throw new Error("Invalid event type for external wallet authentication");
+          },
+          onDone: [
+            {
+              target: "authenticated",
+              actions: [
+                assign({
+                  externalWalletInfo: ({ event, context }) => {
+                    var _a;
+                    const output = event.output;
+                    return __spreadValues({
+                      externalWallet: __spreadValues(__spreadValues({}, output.externalWallet), (_a = context.externalWalletInfo) == null ? void 0 : _a.externalWallet)
+                    }, context.externalWalletInfo);
+                  }
+                })
+              ]
+            }
+          ],
+          onError: {
+            target: "error",
+            actions: setAuthErrorAssign("External wallet authentication failed")
+          }
+        },
+        on: {
+          CANCEL: { target: "unauthenticated", actions: ["resetState"] }
+        }
+      },
+      connecting_external_wallet: {
+        invoke: {
+          src: "connectExternalWallet",
+          input: ({ event }) => {
+            if (event.type === "CONNECT_EXTERNAL_WALLET") {
+              return event.data;
+            }
+            throw new Error("Invalid event type for external wallet authentication");
+          },
+          onDone: [
+            {
+              target: "authenticating_external_wallet",
+              actions: [
+                assign({
+                  externalWalletInfo: ({ event }) => {
+                    const output = event.output;
+                    return output;
+                  }
+                })
+              ]
+            }
+          ],
+          onError: {
+            target: "error",
+            actions: setAuthErrorAssign("External wallet authentication failed")
+          }
+        },
+        on: {
+          CANCEL: { target: "unauthenticated", actions: ["resetState"] }
+        }
+      },
+      authenticating_external_wallet: {
+        entry: [
+          assign({
+            externalWalletInfo: ({ event, context }) => {
+              var _a;
+              if (event.type === "AUTHENTICATE_EXTERNAL_WALLET" && ((_a = event.data) == null ? void 0 : _a.externalWallet)) {
+                const wallet = Array.isArray(event.data.externalWallet) ? event.data.externalWallet[0] : event.data.externalWallet;
+                return { externalWallet: wallet, chainId: event.data.chainId || "" };
+              }
+              return context.externalWalletInfo;
+            }
+          })
+        ],
+        invoke: {
+          src: "authenticateWithExternalWallet",
+          input: ({ event, context }) => {
+            if (event.type === "AUTHENTICATE_EXTERNAL_WALLET") {
+              return event.data;
+            }
+            if (context.externalWalletInfo) {
+              return context.externalWalletInfo;
+            }
+            throw new Error("No external wallet info available for authentication");
+          },
+          onDone: [
+            {
+              target: "processing_authentication",
+              actions: [setAuthResultAssign(true)]
+            }
+          ],
+          onError: {
+            target: "error",
+            actions: setAuthErrorAssign("External wallet authentication failed")
+          }
+        },
+        on: {
+          CANCEL: { target: "unauthenticated", actions: ["resetState"] }
+        }
+      },
+      authenticating_telegram_legacy: {
+        entry: [assign({ isLegacy: true })],
+        invoke: {
+          src: "authenticateWithTelegramLegacy",
+          input: ({ event }) => {
+            if (event.type === "AUTHENTICATE_TELEGRAM_LEGACY") {
+              return event.data;
+            }
+            throw new Error("Invalid event type for Telegram authentication");
+          },
+          onDone: [
+            {
+              target: "processing_authentication",
+              actions: [setAuthResultAssign()]
+            }
+          ],
+          onError: [
+            {
+              target: "unauthenticated",
+              guard: ({ event }) => isCancelError(event.error),
+              actions: ["resetState"]
+            },
+            {
+              target: "error",
+              actions: setAuthErrorAssign("Telegram authentication failed")
+            }
+          ]
+        }
+      },
+      authenticating_telegram: {
+        entry: [
+          assign({
+            pollingCallbacks: ({ event }) => {
+              if (event.type === "AUTHENTICATE_TELEGRAM") {
+                return {
+                  isCanceled: event.data.isCanceled
+                };
+              }
+              return null;
+            },
+            isLegacy: false
+          })
+        ],
+        invoke: {
+          src: "authenticateWithTelegram",
+          input: ({ event }) => {
+            if (event.type === "AUTHENTICATE_TELEGRAM") {
+              return event.data;
+            }
+            throw new Error("Invalid event type for Telegram authentication");
+          },
+          onDone: [
+            {
+              target: "processing_authentication",
+              actions: [setAuthResultAssign()]
+            }
+          ],
+          onError: [
+            {
+              target: "unauthenticated",
+              guard: ({ event }) => isCancelError(event.error),
+              actions: ["resetState"]
+            },
+            {
+              target: "error",
+              actions: setAuthErrorAssign("Telegram authentication failed")
+            }
+          ]
+        }
+      },
+      authenticating_farcaster_legacy: {
+        entry: [
+          assign({
+            pollingCallbacks: ({ event }) => {
+              if (event.type === "AUTHENTICATE_FARCASTER_LEGACY") {
+                return {
+                  onPoll: event.data.onPoll,
+                  onCancel: event.data.onCancel,
+                  isCanceled: event.data.isCanceled
+                };
+              }
+              return null;
+            }
+          }),
+          assign({ isLegacy: true })
+        ],
+        invoke: {
+          src: "authenticateWithFarcasterLegacy",
+          input: ({ event }) => {
+            if (event.type === "AUTHENTICATE_FARCASTER_LEGACY") {
+              return event.data;
+            }
+            throw new Error("Invalid event type for Farcaster authentication");
+          },
+          onDone: [
+            {
+              target: "waiting_for_farcaster",
+              guard: ({ event }) => {
+                const output = event.output;
+                return !output.authState;
+              }
+            },
+            {
+              target: "processing_authentication",
+              actions: [setAuthResultAssign()]
+            }
+          ],
+          onError: [
+            {
+              target: "unauthenticated",
+              guard: ({ event }) => isCancelError(event.error),
+              actions: ["resetState"]
+            },
+            {
+              target: "error",
+              actions: setAuthErrorAssign("Farcaster authentication failed")
+            }
+          ]
+        }
+      },
+      waiting_for_farcaster: {
+        invoke: {
+          src: "polling",
+          input: ({ context }) => {
+            var _a;
+            let farcasterAuthState = null;
+            return {
+              checkCondition: () => __async(this, null, function* () {
+                try {
+                  const result = yield paraCoreInterface.pollingService.waitForFarcasterAuth({
+                    onSuccess: (serverAuthState) => {
+                      farcasterAuthState = serverAuthState;
+                    }
+                  })();
+                  return __spreadProps(__spreadValues({}, result), {
+                    data: {
+                      authState: farcasterAuthState
+                    }
+                  });
+                } catch (error) {
+                  throw new Error(`Farcaster polling failed: ${extractErrorMessage(error, "Unknown error")}`);
+                }
+              }),
+              onPoll: () => {
+                var _a2, _b;
+                return (_b = (_a2 = context.pollingCallbacks) == null ? void 0 : _a2.onPoll) == null ? void 0 : _b.call(_a2);
+              },
+              onCancel: () => {
+                var _a2, _b;
+                return (_b = (_a2 = context.pollingCallbacks) == null ? void 0 : _a2.onCancel) == null ? void 0 : _b.call(_a2);
+              },
+              isCanceled: ((_a = context.pollingCallbacks) == null ? void 0 : _a.isCanceled) || (() => false),
+              id: "waitingForFarcasterAuth"
+            };
+          },
+          onError: {
+            target: "error",
+            actions: setAuthErrorAssign("Session waiting failed")
+          }
+        },
+        on: makePollingOnHandlers("processing_authentication", "Session polling failed", [
+          assign({
+            serverAuthStateResult: ({ event, context }) => {
+              var _a, _b;
+              const authState = ((_a = event.data) == null ? void 0 : _a.authState) || null;
+              return {
+                authState,
+                opts: ((_b = context.serverAuthStateResult) == null ? void 0 : _b.opts) || DEFAULT_AUTH_OPTS
+              };
+            },
+            isNewUser: ({ event }) => {
+              var _a;
+              const authState = (_a = event.data) == null ? void 0 : _a.authState;
+              return authState ? computeIsNewUser(authState) : false;
+            }
+          })
+        ])
+      },
+      authenticating_farcaster: {
+        entry: [
+          assign({
+            pollingCallbacks: ({ event }) => {
+              if (event.type === "AUTHENTICATE_FARCASTER") {
+                return {
+                  isCanceled: event.data.isCanceled
+                };
+              }
+              return null;
+            },
+            isLegacy: false
+          })
+        ],
+        invoke: {
+          src: "authenticateWithFarcaster",
+          input: ({ event }) => {
+            if (event.type === "AUTHENTICATE_FARCASTER") {
+              return event.data;
+            }
+            throw new Error("Invalid event type for Farcaster authentication");
+          },
+          onDone: [
+            {
+              target: "processing_authentication",
+              actions: [setAuthResultAssign()]
+            }
+          ],
+          onError: [
+            {
+              target: "unauthenticated",
+              guard: ({ event }) => isCancelError(event.error),
+              actions: ["resetState"]
+            },
+            {
+              target: "error",
+              actions: setAuthErrorAssign("Farcaster authentication failed")
+            }
+          ]
+        }
+      },
+      processing_authentication: {
+        entry: [{ type: "logTransition", params: { to: "processing_authentication" } }],
+        invoke: {
+          src: "processAuthentication",
+          input: ({ context }) => context.serverAuthStateResult,
+          onDone: [
+            {
+              target: "authenticated",
+              actions: [
+                "storeAuthStateResult",
+                { type: "logTransition", params: { to: "authenticated", detail: "external wallet, no full auth" } }
+              ],
+              guard: and([
+                ({ event }) => {
+                  const output = event.output;
+                  return !!output.externalWallet;
+                },
+                or([
+                  ({ event }) => {
+                    var _a;
+                    const output = event.output;
+                    return output.stage === "done" && !((_a = output.externalWallet) == null ? void 0 : _a.withFullParaAuth);
+                  },
+                  ({ event }) => {
+                    var _a, _b;
+                    const output = event.output;
+                    return output.stage === "verify" && !((_a = output.externalWallet) == null ? void 0 : _a.withFullParaAuth) && !((_b = output.externalWallet) == null ? void 0 : _b.withVerification);
+                  }
+                ])
+              ])
+            },
+            {
+              target: "verifying_external_wallet",
+              actions: [
+                "storeAuthStateResult",
+                {
+                  type: "logTransition",
+                  params: { to: "verifying_external_wallet", detail: "external wallet with verification" }
+                }
+              ],
+              guard: and([
+                ({ event }) => {
+                  const output = event.output;
+                  return !!output.externalWallet;
+                },
+                ({ event }) => {
+                  var _a, _b;
+                  const output = event.output;
+                  return output.stage === "verify" && !((_a = output.externalWallet) == null ? void 0 : _a.withFullParaAuth) && ((_b = output.externalWallet) == null ? void 0 : _b.withVerification);
+                }
+              ])
+            },
+            {
+              target: "awaiting_wallet_signature",
+              actions: [
+                "storeAuthStateResult",
+                {
+                  type: "logTransition",
+                  params: { to: "awaiting_wallet_signature", detail: "external wallet with full auth" }
+                }
+              ],
+              guard: and([
+                ({ event }) => {
+                  const output = event.output;
+                  return !!output.externalWallet;
+                },
+                ({ event }) => {
+                  var _a;
+                  const output = event.output;
+                  return output.stage === "verify" && !!((_a = output.externalWallet) == null ? void 0 : _a.withFullParaAuth);
+                }
+              ])
+            },
+            {
+              target: "awaiting_account_verification",
+              actions: [
+                "storeAuthStateResult",
+                { type: "logTransition", params: { to: "awaiting_account_verification", detail: "non-enclave verify" } }
+              ],
+              guard: and([
+                ({ event }) => {
+                  var _a;
+                  const output = event.output;
+                  return output.stage === "verify" && !((_a = output.externalWallet) == null ? void 0 : _a.withFullParaAuth);
+                },
+                () => !paraCoreInterface.authService.isEnclaveUser
+              ])
+            },
+            {
+              target: "awaiting_session_start",
+              actions: [
+                "storeAuthStateResult",
+                { type: "logTransition", params: { to: "awaiting_session_start", detail: "default route" } }
+              ]
+            }
+          ],
+          onError: {
+            target: "error",
+            actions: setAuthErrorAssign("Authentication processing failed")
+          }
+        }
+      },
+      awaiting_wallet_signature: {
+        on: {
+          SIGN_EXTERNAL_WALLET_VERIFICATION: {
+            target: "signing_external_wallet_verification",
+            actions: ["resetError"]
+          },
+          CANCEL: { target: "unauthenticated", actions: ["resetState"] }
+        }
+      },
+      awaiting_wallet_verification: {
+        on: {
+          VERIFY_EXTERNAL_WALLET: {
+            target: "verifying_external_wallet",
+            actions: ["resetError"]
+          },
+          CANCEL: { target: "unauthenticated", actions: ["resetState"] }
+        }
+      },
+      awaiting_account_verification: {
+        on: {
+          VERIFY_NEW_ACCOUNT: {
+            target: "verifying_new_account",
+            guard: and(["authStageIsVerify", () => !paraCoreInterface.authService.isEnclaveUser]),
+            actions: ["resetError"]
+          },
+          CANCEL: { target: "unauthenticated", actions: ["resetState"] }
+        }
+      },
+      awaiting_session_start: {
+        on: {
+          WAIT_FOR_SESSION: {
+            target: "waiting_for_session",
+            actions: ["setPollingCallbacks", "setSessionOptions", "resetError"]
+          },
+          WAIT_FOR_WALLET_CREATION: {
+            target: "waiting_for_session",
+            actions: ["setPollingCallbacks", "setAutoCreate", "resetError"]
+          },
+          CANCEL: { target: "unauthenticated", actions: ["resetState"] }
+        }
+      },
+      verifying_new_account: {
+        invoke: {
+          src: "verifyNewAccount",
+          input: ({ event }) => {
+            if (event.type === "VERIFY_NEW_ACCOUNT") {
+              return event.data;
+            }
+            throw new Error("Invalid event type for new account verification");
+          },
+          onDone: {
+            target: "processing_authentication",
+            actions: ["resetRetryAttempts", setServerAuthStateAssign()]
+          },
+          onError: [
+            {
+              target: "awaiting_account_verification",
+              guard: "canRetryNewAccount",
+              actions: [
+                {
+                  type: "incrementRetryAttempt",
+                  params: { type: "newAccountVerification" }
+                },
+                setAuthErrorAssign("Account verification failed")
+              ]
+            },
+            {
+              target: "error",
+              actions: assign({
+                error: ({ event, context }) => {
+                  var _a;
+                  return (((_a = context.retryAttempts) == null ? void 0 : _a.newAccountVerification) || 0) >= 3 ? new Error("Account verification failed after max retries") : formatStateError(event.error, "Account verification failed");
+                }
+              })
+            }
+          ]
+        }
+      },
+      verifying_external_wallet: {
+        invoke: {
+          src: "verifyExternalWallet",
+          input: ({ event, context }) => {
+            var _a, _b;
+            if (event.type === "VERIFY_EXTERNAL_WALLET" && event.data) {
+              return event.data;
+            }
+            if (context.externalWalletInfo) {
+              const signatureVerificationMessage = (_b = (_a = context.authStateResult) == null ? void 0 : _a.signatureVerificationMessage) != null ? _b : "";
+              if (!signatureVerificationMessage) {
+                throw new Error("No signature verification message provided by server for external wallet verification");
+              }
+              return __spreadProps(__spreadValues({}, context.externalWalletInfo), {
+                signatureVerificationMessage
+              });
+            }
+            throw new Error("No external wallet info available for verification. Logout and try again.");
+          },
+          onDone: {
+            target: "processing_authentication",
+            actions: ["resetRetryAttempts", setServerAuthStateAssign(true)]
+          },
+          onError: [
+            {
+              target: "awaiting_wallet_verification",
+              guard: "canRetryExternalWallet",
+              actions: [
+                {
+                  type: "incrementRetryAttempt",
+                  params: { type: "externalWalletVerification" }
+                },
+                setAuthErrorAssign("External wallet verification failed")
+              ]
+            },
+            {
+              target: "error",
+              actions: assign({
+                error: ({ event, context }) => context.retryAttempts.externalWalletVerification >= 3 ? new Error("External wallet verification failed after max retries") : formatStateError(event.error, "External wallet verification failed")
+              })
+            }
+          ]
+        }
+      },
+      signing_external_wallet_verification: {
+        invoke: {
+          src: "signExternalWalletVerification",
+          input: ({ event, context }) => {
+            var _a;
+            if (event.type === "SIGN_EXTERNAL_WALLET_VERIFICATION") {
+              return __spreadProps(__spreadValues({}, event.data), { externalWallet: (_a = context.externalWalletInfo) == null ? void 0 : _a.externalWallet });
+            }
+            throw new Error("Invalid event type for external wallet verification");
+          },
+          onDone: {
+            target: "awaiting_wallet_verification",
+            actions: [
+              "resetRetryAttempts",
+              assign({
+                externalWalletSignVerification: ({ event }) => {
+                  return event.output;
+                }
+              })
+            ]
+          },
+          onError: [
+            {
+              target: "awaiting_wallet_signature",
+              guard: "canRetryExternalWallet",
+              actions: [
+                {
+                  type: "incrementRetryAttempt",
+                  params: { type: "externalWalletVerification" }
+                },
+                setAuthErrorAssign("External wallet verification failed")
+              ]
+            },
+            {
+              target: "error",
+              actions: assign({
+                error: ({ event, context }) => context.retryAttempts.externalWalletVerification >= 3 ? new Error("External wallet verification failed after max retries") : formatStateError(event.error, "External wallet verification failed")
+              })
+            }
+          ]
+        },
+        on: {
+          CANCEL: { target: "unauthenticated", actions: ["resetState"] }
+        }
+      },
+      waiting_for_session: {
+        invoke: {
+          src: "polling",
+          input: ({ context }) => {
+            var _a;
+            return {
+              init: () => __async(this, null, function* () {
+                try {
+                  yield paraCoreInterface.sessionManagementService.touchSession();
+                  if (!paraCoreInterface.authService.isExternalWalletAuth) {
+                    paraCoreInterface.devLog("[waitingForSession] Clearing external wallets");
+                    paraCoreInterface.externalWalletService.externalWallets = {};
+                  }
+                } catch (error) {
+                  throw new Error(`Session touch failed: ${extractErrorMessage(error, "Unknown error")}`);
+                }
+              }),
+              checkCondition: () => __async(this, null, function* () {
+                try {
+                  return yield paraCoreInterface.pollingService.waitForSession();
+                } catch (error) {
+                  throw new Error(`Session polling failed: ${extractErrorMessage(error, "Unknown error")}`);
+                }
+              }),
+              onPoll: () => {
+                var _a2, _b;
+                return (_b = (_a2 = context.pollingCallbacks) == null ? void 0 : _a2.onPoll) == null ? void 0 : _b.call(_a2);
+              },
+              onCancel: () => {
+                var _a2, _b;
+                return (_b = (_a2 = context.pollingCallbacks) == null ? void 0 : _a2.onCancel) == null ? void 0 : _b.call(_a2);
+              },
+              isCanceled: ((_a = context.pollingCallbacks) == null ? void 0 : _a.isCanceled) || (() => false),
+              id: "waitingForSession"
+            };
+          },
+          onError: {
+            target: "error",
+            actions: setAuthErrorAssign("Session waiting failed")
+          }
+        },
+        entry: ["setPollingCallbacks", { type: "logTransition", params: { to: "waiting_for_session" } }],
+        on: makePollingOnHandlers("authenticated", "Session polling failed")
+      },
+      authenticated: {
+        entry: [
+          { type: "logTransition", params: { to: "authenticated" } },
+          sendTo(({ context }) => context.coreRef, {
+            type: "AUTHENTICATED"
+          }),
+          ({ context }) => {
+            if (context.isNewUser) {
+              dispatchEvent(ParaEvent.ACCOUNT_CREATION_EVENT, true);
+            }
+          }
+        ],
+        on: {
+          SWITCH_EXTERNAL_WALLET: {
+            target: "switching_external_wallet",
+            guard: and([() => paraCoreInterface.externalWalletService.externalWalletConnectionType !== "NONE"])
+          }
+        }
+      },
+      error: {
+        entry: [
+          ({ context }) => {
+            var _a;
+            paraCoreInterface.devLog(`[auth] \u2192 error: ${((_a = context.error) == null ? void 0 : _a.message) || "unknown"}`);
+          }
+        ],
+        on: __spreadProps(__spreadValues({}, makeErrorTransitions(AUTH_RESTART_TRANSITIONS)), {
+          RESET: {
+            target: "unauthenticated",
+            actions: "resetState"
+          }
+        })
+      }
+    }
+  });
+}
+export {
+  createAuthStateMachine
+};