@getpara/core-sdk 2.8.0 → 2.10.0

package/dist/cjs/ParaCore.js

@@ -206,7 +206,7 @@ const _ParaCore = class _ParaCore {
           }
         });
       } catch (e) {
-        console.error("error tracking error:", e);
+        this.devLog("error tracking error:", e);
       }
       throw err;
     });
@@ -234,6 +234,7 @@ const _ParaCore = class _ParaCore {
       this.updateSessionCookieFromStorage();
       this.updateLoginEncryptionKeyPairFromStorage();
       this.updateEnclaveJwtFromStorage();
+      this.updateIsEnclaveUserFromStorage();
     };
     this.updateAuthInfoFromStorage = () => {
       var _a;
@@ -257,6 +258,12 @@ const _ParaCore = class _ParaCore {
       this.enclaveJwt = this.localStorageGetItem(constants.LOCAL_STORAGE_ENCLAVE_JWT) || this.sessionStorageGetItem(constants.LOCAL_STORAGE_ENCLAVE_JWT) || void 0;
       this.enclaveRefreshJwt = this.localStorageGetItem(constants.LOCAL_STORAGE_ENCLAVE_REFRESH_JWT) || this.sessionStorageGetItem(constants.LOCAL_STORAGE_ENCLAVE_REFRESH_JWT) || void 0;
     };
+    this.updateIsEnclaveUserFromStorage = () => {
+      const stored = this.localStorageGetItem(constants.LOCAL_STORAGE_IS_ENCLAVE_USER);
+      if (stored != null) {
+        this.isEnclaveUser = JSON.parse(stored);
+      }
+    };
     this.updateUserIdFromStorage = () => {
       this.userId = this.localStorageGetItem(constants.LOCAL_STORAGE_USER_ID) || void 0;
     };
@@ -784,7 +791,8 @@ const _ParaCore = class _ParaCore {
         isFarcasterLogin,
         isAddNewCredential,
         isSwitchWallets,
-        isExportPrivateKey
+        isExportPrivateKey,
+        isTxReview
       ] = [
         ["createAuth", "createPassword", "createPIN"].includes(type),
         ["loginAuth", "loginPassword", "loginPIN", "loginOTP", "switchWallets", "loginExternalWallet"].includes(type),
@@ -795,7 +803,8 @@ const _ParaCore = class _ParaCore {
         type === "loginFarcaster",
         type === "addNewCredential",
         type === "switchWallets",
-        type === "exportPrivateKey"
+        type === "exportPrivateKey",
+        type === "txReview"
       ];
       if (isOAuth && !opts.oAuthMethod) {
         throw new Error("oAuthMethod is required for oAuth portal URLs");
@@ -804,7 +813,7 @@ const _ParaCore = class _ParaCore {
         this.assertIsAuthSet();
       }
       let sessionId = opts.sessionId;
-      if ((isLogin || isOnRamp || isTelegramLogin || isFarcasterLogin || isExportPrivateKey) && !sessionId) {
+      if ((isLogin || isOnRamp || isTelegramLogin || isFarcasterLogin || isExportPrivateKey || isTxReview) && !sessionId) {
         const session = yield this.touchSession(true);
         sessionId = session.sessionId;
       }
@@ -812,7 +821,7 @@ const _ParaCore = class _ParaCore {
         yield this.setLoginEncryptionKeyPair();
       }
       const shouldUseLegacyPortalUrl = opts.useLegacyUrl || !!opts.addNewCredentialPasskeyId || type === "loginAuth";
-      const base = type === "onRamp" || isTelegramLogin ? (0, import_utils2.getPortalBaseURL)(this.ctx, isTelegramLogin, false, shouldUseLegacyPortalUrl) : yield this.getPortalURL(shouldUseLegacyPortalUrl);
+      const base = type === "onRamp" || isTelegramLogin ? this.ctx.portalUrlOverride || (0, import_utils2.getPortalBaseURL)(this.ctx, isTelegramLogin, false, shouldUseLegacyPortalUrl) : yield this.getPortalURL(shouldUseLegacyPortalUrl);
       let path;
       switch (type) {
         case "createPassword": {
@@ -946,7 +955,7 @@ const _ParaCore = class _ParaCore {
       }) : {}), isLogin && {
         // Prior versions won't have this param which will skip the upgrade prompt
         isBasicLoginUpgradeVersion: "true"
-      }), isExportPrivateKey ? {
+      }), isExportPrivateKey || isTxReview ? {
         sessionId: thisDevice.sessionId
       } : {});
       const url = (0, import_utils2.constructUrl)({ base, path, params });
@@ -1109,6 +1118,10 @@ Need help? Visit: https://docs.getpara.com or contact support
       if (loginEncryptionKey && loginEncryptionKey !== "undefined") {
         this.loginEncryptionKeyPair = this.convertEncryptionKeyPair(JSON.parse(loginEncryptionKey));
       }
+      const storedIsEnclaveUser = yield this.localStorageGetItem(constants.LOCAL_STORAGE_IS_ENCLAVE_USER);
+      if (storedIsEnclaveUser != null) {
+        this.isEnclaveUser = JSON.parse(storedIsEnclaveUser);
+      }
       import_utils2.setupListeners.bind(this)();
       yield this.touchSession();
     });
@@ -1140,7 +1153,9 @@ Need help? Visit: https://docs.getpara.com or contact support
     const errorStr = String(error);
     const errorMessage = error instanceof Error ? error.message : "";
     if (errorStr.includes("blocked by CORS policy") && errorStr.includes("Access-Control-Allow-Origin")) {
-      this.displayModalError("Request rate limit reached. Please wait a couple of minutes and try again.");
+      const message = "Request rate limit reached. Please wait a couple of minutes and try again.";
+      console.error(`[Para] ${message}`);
+      this.displayModalError(message);
       return;
     }
     if (error.status === 403 && errorMessage.includes("origin not authorized")) {
@@ -1568,7 +1583,7 @@ Need help? Visit: https://docs.getpara.com or contact support
    */
   getPortalURL(isLegacy) {
     return __async(this, null, function* () {
-      return (yield this.getPartnerURL()) || (0, import_utils2.getPortalBaseURL)(this.ctx, false, false, isLegacy);
+      return this.ctx.portalUrlOverride || (yield this.getPartnerURL()) || (0, import_utils2.getPortalBaseURL)(this.ctx, false, false, isLegacy);
     });
   }
   /**
@@ -2048,13 +2063,42 @@ Need help? Visit: https://docs.getpara.com or contact support
       const pregenWallets = yield this.getPregenWallets();
       let recoverySecret, walletIds = {};
       if (pregenWallets.length > 0) {
-        recoverySecret = yield this.claimPregenWallets();
-        walletIds = supportedWalletTypes.reduce((acc, { type }) => {
-          var _a;
-          return __spreadProps(__spreadValues({}, acc), {
-            [type]: [(_a = pregenWallets.find((w) => !!import_utils2.WalletSchemeTypeMap[w.scheme][type])) == null ? void 0 : _a.id]
+        let shares = [];
+        try {
+          shares = yield this.ctx.enclaveClient.getPregenShares({
+            userId: this.userId,
+            walletIds: pregenWallets.map((w) => w.id),
+            partnerId: pregenWallets[0].partnerId
           });
-        }, {});
+          for (const share of shares) {
+            const wallet = pregenWallets.find((w) => w.id === share.walletId);
+            if (wallet) {
+              this.wallets[wallet.id] = {
+                id: wallet.id,
+                address: wallet.address,
+                scheme: wallet.scheme,
+                type: wallet.type,
+                partnerId: wallet.partnerId,
+                isPregen: wallet.isPregen,
+                pregenIdentifier: wallet.pregenIdentifier,
+                pregenIdentifierType: wallet.pregenIdentifierType,
+                signer: share.signer,
+                createdAt: String(wallet.createdAt)
+              };
+            }
+          }
+        } catch (err) {
+          console.warn("[waitForWalletCreation] Failed to fetch pregen shares:", err);
+        }
+        if (shares.length > 0) {
+          recoverySecret = yield this.claimPregenWallets();
+          walletIds = supportedWalletTypes.reduce((acc, { type }) => {
+            var _a;
+            return __spreadProps(__spreadValues({}, acc), {
+              [type]: [(_a = pregenWallets.find((w) => !!import_utils2.WalletSchemeTypeMap[w.scheme][type])) == null ? void 0 : _a.id]
+            });
+          }, {});
+        }
       }
       const created = yield this.createWalletPerType();
       recoverySecret = recoverySecret != null ? recoverySecret : created.recoverySecret;
@@ -3233,6 +3277,7 @@ Need help? Visit: https://docs.getpara.com or contact support
       this.accountLinkInProgress = void 0;
       this.userId = void 0;
       this.sessionCookie = void 0;
+      this.isEnclaveUser = false;
       if (shouldDispatchLogoutEvent) {
         (0, import_utils2.dispatchEvent)(import_types.ParaEvent.LOGOUT_EVENT, null);
       }
@@ -3759,14 +3804,26 @@ getOAuthUrl_fn = function(_0) {
     if (!accountLinkInProgress && !this.isPortal()) {
       return yield this.constructPortalUrl("oAuth", { sessionId: sessionLookupId, oAuthMethod: method, appScheme });
     }
-    let portalSessionLookupId;
-    if (this.isPortal()) {
-      portalSessionLookupId = (yield this.touchSession(true)).sessionLookupId;
-    }
+    const [portalSessionLookupId, callback] = yield Promise.all([
+      this.isPortal() ? this.touchSession(true).then((s) => s.sessionLookupId) : Promise.resolve(void 0),
+      !accountLinkInProgress ? this.constructPortalUrl("oAuthCallback", __spreadValues({
+        sessionId: sessionLookupId,
+        oAuthMethod: method,
+        appScheme,
+        thisDevice: {
+          sessionId: sessionLookupId,
+          encryptionKey
+        }
+      }, this.isPortal() && {
+        params: portalCallbackParams,
+        // Build callback for legacy portal if needed
+        useLegacyUrl: typeof window !== "undefined" ? window.location.host.includes("usecapsule") : false
+      })) : Promise.resolve(false)
+    ]);
     return (0, import_utils2.constructUrl)({
       base: (0, import_userManagementClient.getBaseOAuthUrl)(this.ctx.env),
       path: `/auth/${method.toLowerCase()}`,
-      params: __spreadProps(__spreadValues({
+      params: __spreadValues(__spreadValues({
         apiKey: this.ctx.apiKey,
         origin: typeof window !== "undefined" ? window.location.origin : void 0,
         sessionLookupId,
@@ -3774,21 +3831,7 @@ getOAuthUrl_fn = function(_0) {
         appScheme
       }, accountLinkInProgress ? {
         linkedAccountId: this.accountLinkInProgress.id
-      } : {}), {
-        callback: !accountLinkInProgress && (yield this.constructPortalUrl("oAuthCallback", __spreadValues({
-          sessionId: sessionLookupId,
-          oAuthMethod: method,
-          appScheme,
-          thisDevice: {
-            sessionId: sessionLookupId,
-            encryptionKey
-          }
-        }, this.isPortal() && {
-          params: portalCallbackParams,
-          // Build callback for legacy portal if needed
-          useLegacyUrl: typeof window !== "undefined" ? window.location.host.includes("usecapsule") : false
-        })))
-      })
+      } : {}), callback && { callback })
     });
   });
 };
@@ -4060,6 +4103,7 @@ prepareDoneState_fn = function(doneState) {
   return __async(this, null, function* () {
     let isSLOPossible = doneState.authMethods.includes(import_user_management_client.AuthMethod.BASIC_LOGIN);
     this.isEnclaveUser = isSLOPossible;
+    yield this.localStorageSetItem(constants.LOCAL_STORAGE_IS_ENCLAVE_USER, JSON.stringify(isSLOPossible));
     return doneState;
   });
 };
@@ -4077,6 +4121,7 @@ prepareVerificationState_fn = function(_0, _1) {
       isSLOPossible = verifyState.signupAuthMethods.includes(import_user_management_client.AuthMethod.BASIC_LOGIN);
     }
     this.isEnclaveUser = isSLOPossible;
+    yield this.localStorageSetItem(constants.LOCAL_STORAGE_IS_ENCLAVE_USER, JSON.stringify(isSLOPossible));
     const isExternalWalletFullAuth = (_a = verifyState.externalWallet) == null ? void 0 : _a.withFullParaAuth;
     return __spreadValues(__spreadValues({}, verifyState), isSLOPossible || isExternalWalletFullAuth ? {
       loginUrl: yield this.getLoginUrl({

package/dist/cjs/constants.js

@@ -29,6 +29,7 @@ __export(constants_exports, {
   LOCAL_STORAGE_EXTERNAL_WALLETS: () => LOCAL_STORAGE_EXTERNAL_WALLETS,
   LOCAL_STORAGE_EXTERNAL_WALLET_USER_ID: () => LOCAL_STORAGE_EXTERNAL_WALLET_USER_ID,
   LOCAL_STORAGE_FARCASTER_USERNAME: () => LOCAL_STORAGE_FARCASTER_USERNAME,
+  LOCAL_STORAGE_IS_ENCLAVE_USER: () => LOCAL_STORAGE_IS_ENCLAVE_USER,
   LOCAL_STORAGE_PHONE: () => LOCAL_STORAGE_PHONE,
   LOCAL_STORAGE_SESSION_COOKIE: () => LOCAL_STORAGE_SESSION_COOKIE,
   LOCAL_STORAGE_TELEGRAM_USER_ID: () => LOCAL_STORAGE_TELEGRAM_USER_ID,
@@ -43,7 +44,7 @@ __export(constants_exports, {
   SHORT_POLLING_INTERVAL_MS: () => SHORT_POLLING_INTERVAL_MS
 });
 module.exports = __toCommonJS(constants_exports);
-const PARA_CORE_VERSION = "2.8.0";
+const PARA_CORE_VERSION = "2.10.0";
 const PREFIX = "@CAPSULE/";
 const PARA_PREFIX = "@PARA/";
 const LOCAL_STORAGE_AUTH_INFO = `${PREFIX}authInfo`;
@@ -61,6 +62,7 @@ const LOCAL_STORAGE_CURRENT_WALLET_IDS = `${PREFIX}currentWalletIds`;
 const LOCAL_STORAGE_SESSION_COOKIE = `${PREFIX}sessionCookie`;
 const LOCAL_STORAGE_ENCLAVE_JWT = `${PREFIX}enclaveJwt`;
 const LOCAL_STORAGE_ENCLAVE_REFRESH_JWT = `${PREFIX}enclaveRefreshJwt`;
+const LOCAL_STORAGE_IS_ENCLAVE_USER = `${PREFIX}isEnclaveUser`;
 const SESSION_STORAGE_LOGIN_ENCRYPTION_KEY_PAIR = `${PREFIX}loginEncryptionKeyPair`;
 const POLLING_INTERVAL_MS = 1e3;
 const SHORT_POLLING_INTERVAL_MS = 750;
@@ -81,6 +83,7 @@ const ACCOUNT_LINK_CONFLICT = "Account already linked";
   LOCAL_STORAGE_EXTERNAL_WALLETS,
   LOCAL_STORAGE_EXTERNAL_WALLET_USER_ID,
   LOCAL_STORAGE_FARCASTER_USERNAME,
+  LOCAL_STORAGE_IS_ENCLAVE_USER,
   LOCAL_STORAGE_PHONE,
   LOCAL_STORAGE_SESSION_COOKIE,
   LOCAL_STORAGE_TELEGRAM_USER_ID,

package/dist/cjs/shares/enclave.js

@@ -268,6 +268,38 @@ ${exportedAsBase64}
       }));
     });
   }
+  /**
+   * Retrieve pregen wallet shares from the enclave
+   * Used during login to claim REST API pregen wallets
+   * Client sends walletIds in encrypted payload; backend independently queries matching wallets for cross-validation
+   */
+  getPregenShares(query) {
+    return __async(this, null, function* () {
+      try {
+        const frontendKeyPair = yield this.generateFrontendKeyPair();
+        const responsePublicKeyPEM = yield this.exportPublicKeyToPEM(frontendKeyPair.publicKey);
+        const payload = {
+          userId: query.userId,
+          walletIds: query.walletIds,
+          partnerId: query.partnerId,
+          responsePublicKey: responsePublicKeyPEM
+        };
+        const encryptedPayload = yield this.encryptForEnclave(JSON.stringify(payload));
+        const encryptedPayloadStr = JSON.stringify(encryptedPayload);
+        const response = yield this.userManagementClient.getPregenShares(encryptedPayloadStr);
+        if (!response.payload) {
+          return [];
+        }
+        const encryptedResponse = JSON.parse(response.payload);
+        const decryptedData = yield this.decryptForFrontend(encryptedResponse);
+        return decryptedData.shares;
+      } catch (error) {
+        throw new Error(
+          `Failed to retrieve pregen shares for user ${query.userId}: ${error instanceof Error ? error.message : "Unknown error"}`
+        );
+      }
+    });
+  }
   persistSharesWithRetry(shares) {
     return __async(this, null, function* () {
       return yield this.persistShares(shares);

package/dist/cjs/utils/config.js

@@ -82,7 +82,10 @@ function validateCustomAsset(obj) {
         return false;
       }
     } else if (typeof network.network === "object") {
-      if (typeof network.network.name !== "string" || !network.network.name.trim() || typeof network.network.rpcUrl !== "string" || !network.network.rpcUrl.trim() || typeof network.network.evmChainId !== "string" || !network.network.evmChainId.trim()) {
+      const hasLegacyRpcUrl = typeof network.network.rpcUrl === "string" && network.network.rpcUrl.trim().length > 0;
+      const hasNewRpcFormat = network.network.rpc && typeof network.network.rpc === "object" && Array.isArray(network.network.rpc.httpUrls) && network.network.rpc.httpUrls.length > 0 && typeof network.network.rpc.httpUrls[0] === "string" && network.network.rpc.httpUrls[0].trim().length > 0;
+      if (typeof network.network.name !== "string" || !network.network.name.trim() || !hasLegacyRpcUrl && !hasNewRpcFormat || // Must have either rpcUrl or rpc.httpUrls
+      typeof network.network.evmChainId !== "string" || !network.network.evmChainId.trim()) {
         return false;
       }
       if (network.contractAddress !== void 0 && (typeof network.contractAddress !== "string" || !network.contractAddress.trim())) {

package/dist/cjs/utils/url.js

@@ -120,7 +120,7 @@ function shortenUrl(ctx, url, isLegacy) {
   return __async(this, null, function* () {
     const compressedUrl = yield (0, import_transmissionUtils.upload)(url, ctx.client);
     return constructUrl({
-      base: getPortalBaseURL(ctx, false, false, isLegacy),
+      base: ctx.portalUrlOverride || getPortalBaseURL(ctx, false, false, isLegacy),
       path: `/short/${compressedUrl}`
     });
   });

package/dist/cjs/utils/window.js

@@ -25,7 +25,7 @@ function isPortal(ctx, env) {
   var _a, _b;
   if (typeof window === "undefined") return false;
   const normalizedUrl = (_b = (_a = window.location) == null ? void 0 : _a.host) == null ? void 0 : _b.replace("usecapsule", "getpara");
-  const isOnPortalDomain = (0, import_url.getPortalBaseURL)(env ? { env } : ctx).includes(normalizedUrl);
+  const isOnPortalDomain = (0, import_url.getPortalBaseURL)(env ? { env } : ctx).includes(normalizedUrl) || ((ctx == null ? void 0 : ctx.portalUrlOverride) ? ctx.portalUrlOverride.includes(normalizedUrl) : false);
   if (!isOnPortalDomain) return false;
   const isInIframe = window.parent !== window && !window.opener;
   const isInPopup = window.opener && window.parent === window;

package/dist/esm/ParaCore.js

@@ -172,7 +172,7 @@ const _ParaCore = class _ParaCore {
           }
         });
       } catch (e) {
-        console.error("error tracking error:", e);
+        this.devLog("error tracking error:", e);
       }
       throw err;
     });
@@ -200,6 +200,7 @@ const _ParaCore = class _ParaCore {
       this.updateSessionCookieFromStorage();
       this.updateLoginEncryptionKeyPairFromStorage();
       this.updateEnclaveJwtFromStorage();
+      this.updateIsEnclaveUserFromStorage();
     };
     this.updateAuthInfoFromStorage = () => {
       var _a;
@@ -223,6 +224,12 @@ const _ParaCore = class _ParaCore {
       this.enclaveJwt = this.localStorageGetItem(constants.LOCAL_STORAGE_ENCLAVE_JWT) || this.sessionStorageGetItem(constants.LOCAL_STORAGE_ENCLAVE_JWT) || void 0;
       this.enclaveRefreshJwt = this.localStorageGetItem(constants.LOCAL_STORAGE_ENCLAVE_REFRESH_JWT) || this.sessionStorageGetItem(constants.LOCAL_STORAGE_ENCLAVE_REFRESH_JWT) || void 0;
     };
+    this.updateIsEnclaveUserFromStorage = () => {
+      const stored = this.localStorageGetItem(constants.LOCAL_STORAGE_IS_ENCLAVE_USER);
+      if (stored != null) {
+        this.isEnclaveUser = JSON.parse(stored);
+      }
+    };
     this.updateUserIdFromStorage = () => {
       this.userId = this.localStorageGetItem(constants.LOCAL_STORAGE_USER_ID) || void 0;
     };
@@ -750,7 +757,8 @@ const _ParaCore = class _ParaCore {
         isFarcasterLogin,
         isAddNewCredential,
         isSwitchWallets,
-        isExportPrivateKey
+        isExportPrivateKey,
+        isTxReview
       ] = [
         ["createAuth", "createPassword", "createPIN"].includes(type),
         ["loginAuth", "loginPassword", "loginPIN", "loginOTP", "switchWallets", "loginExternalWallet"].includes(type),
@@ -761,7 +769,8 @@ const _ParaCore = class _ParaCore {
         type === "loginFarcaster",
         type === "addNewCredential",
         type === "switchWallets",
-        type === "exportPrivateKey"
+        type === "exportPrivateKey",
+        type === "txReview"
       ];
       if (isOAuth && !opts.oAuthMethod) {
         throw new Error("oAuthMethod is required for oAuth portal URLs");
@@ -770,7 +779,7 @@ const _ParaCore = class _ParaCore {
         this.assertIsAuthSet();
       }
       let sessionId = opts.sessionId;
-      if ((isLogin || isOnRamp || isTelegramLogin || isFarcasterLogin || isExportPrivateKey) && !sessionId) {
+      if ((isLogin || isOnRamp || isTelegramLogin || isFarcasterLogin || isExportPrivateKey || isTxReview) && !sessionId) {
         const session = yield this.touchSession(true);
         sessionId = session.sessionId;
       }
@@ -778,7 +787,7 @@ const _ParaCore = class _ParaCore {
         yield this.setLoginEncryptionKeyPair();
       }
       const shouldUseLegacyPortalUrl = opts.useLegacyUrl || !!opts.addNewCredentialPasskeyId || type === "loginAuth";
-      const base = type === "onRamp" || isTelegramLogin ? getPortalBaseURL(this.ctx, isTelegramLogin, false, shouldUseLegacyPortalUrl) : yield this.getPortalURL(shouldUseLegacyPortalUrl);
+      const base = type === "onRamp" || isTelegramLogin ? this.ctx.portalUrlOverride || getPortalBaseURL(this.ctx, isTelegramLogin, false, shouldUseLegacyPortalUrl) : yield this.getPortalURL(shouldUseLegacyPortalUrl);
       let path;
       switch (type) {
         case "createPassword": {
@@ -912,7 +921,7 @@ const _ParaCore = class _ParaCore {
       }) : {}), isLogin && {
         // Prior versions won't have this param which will skip the upgrade prompt
         isBasicLoginUpgradeVersion: "true"
-      }), isExportPrivateKey ? {
+      }), isExportPrivateKey || isTxReview ? {
         sessionId: thisDevice.sessionId
       } : {});
       const url = constructUrl({ base, path, params });
@@ -1075,6 +1084,10 @@ Need help? Visit: https://docs.getpara.com or contact support
       if (loginEncryptionKey && loginEncryptionKey !== "undefined") {
         this.loginEncryptionKeyPair = this.convertEncryptionKeyPair(JSON.parse(loginEncryptionKey));
       }
+      const storedIsEnclaveUser = yield this.localStorageGetItem(constants.LOCAL_STORAGE_IS_ENCLAVE_USER);
+      if (storedIsEnclaveUser != null) {
+        this.isEnclaveUser = JSON.parse(storedIsEnclaveUser);
+      }
       setupListeners.bind(this)();
       yield this.touchSession();
     });
@@ -1106,7 +1119,9 @@ Need help? Visit: https://docs.getpara.com or contact support
     const errorStr = String(error);
     const errorMessage = error instanceof Error ? error.message : "";
     if (errorStr.includes("blocked by CORS policy") && errorStr.includes("Access-Control-Allow-Origin")) {
-      this.displayModalError("Request rate limit reached. Please wait a couple of minutes and try again.");
+      const message = "Request rate limit reached. Please wait a couple of minutes and try again.";
+      console.error(`[Para] ${message}`);
+      this.displayModalError(message);
       return;
     }
     if (error.status === 403 && errorMessage.includes("origin not authorized")) {
@@ -1534,7 +1549,7 @@ Need help? Visit: https://docs.getpara.com or contact support
    */
   getPortalURL(isLegacy) {
     return __async(this, null, function* () {
-      return (yield this.getPartnerURL()) || getPortalBaseURL(this.ctx, false, false, isLegacy);
+      return this.ctx.portalUrlOverride || (yield this.getPartnerURL()) || getPortalBaseURL(this.ctx, false, false, isLegacy);
     });
   }
   /**
@@ -2014,13 +2029,42 @@ Need help? Visit: https://docs.getpara.com or contact support
       const pregenWallets = yield this.getPregenWallets();
       let recoverySecret, walletIds = {};
       if (pregenWallets.length > 0) {
-        recoverySecret = yield this.claimPregenWallets();
-        walletIds = supportedWalletTypes.reduce((acc, { type }) => {
-          var _a;
-          return __spreadProps(__spreadValues({}, acc), {
-            [type]: [(_a = pregenWallets.find((w) => !!WalletSchemeTypeMap[w.scheme][type])) == null ? void 0 : _a.id]
+        let shares = [];
+        try {
+          shares = yield this.ctx.enclaveClient.getPregenShares({
+            userId: this.userId,
+            walletIds: pregenWallets.map((w) => w.id),
+            partnerId: pregenWallets[0].partnerId
           });
-        }, {});
+          for (const share of shares) {
+            const wallet = pregenWallets.find((w) => w.id === share.walletId);
+            if (wallet) {
+              this.wallets[wallet.id] = {
+                id: wallet.id,
+                address: wallet.address,
+                scheme: wallet.scheme,
+                type: wallet.type,
+                partnerId: wallet.partnerId,
+                isPregen: wallet.isPregen,
+                pregenIdentifier: wallet.pregenIdentifier,
+                pregenIdentifierType: wallet.pregenIdentifierType,
+                signer: share.signer,
+                createdAt: String(wallet.createdAt)
+              };
+            }
+          }
+        } catch (err) {
+          console.warn("[waitForWalletCreation] Failed to fetch pregen shares:", err);
+        }
+        if (shares.length > 0) {
+          recoverySecret = yield this.claimPregenWallets();
+          walletIds = supportedWalletTypes.reduce((acc, { type }) => {
+            var _a;
+            return __spreadProps(__spreadValues({}, acc), {
+              [type]: [(_a = pregenWallets.find((w) => !!WalletSchemeTypeMap[w.scheme][type])) == null ? void 0 : _a.id]
+            });
+          }, {});
+        }
       }
       const created = yield this.createWalletPerType();
       recoverySecret = recoverySecret != null ? recoverySecret : created.recoverySecret;
@@ -3199,6 +3243,7 @@ Need help? Visit: https://docs.getpara.com or contact support
       this.accountLinkInProgress = void 0;
       this.userId = void 0;
       this.sessionCookie = void 0;
+      this.isEnclaveUser = false;
       if (shouldDispatchLogoutEvent) {
         dispatchEvent(ParaEvent.LOGOUT_EVENT, null);
       }
@@ -3725,14 +3770,26 @@ getOAuthUrl_fn = function(_0) {
     if (!accountLinkInProgress && !this.isPortal()) {
       return yield this.constructPortalUrl("oAuth", { sessionId: sessionLookupId, oAuthMethod: method, appScheme });
     }
-    let portalSessionLookupId;
-    if (this.isPortal()) {
-      portalSessionLookupId = (yield this.touchSession(true)).sessionLookupId;
-    }
+    const [portalSessionLookupId, callback] = yield Promise.all([
+      this.isPortal() ? this.touchSession(true).then((s) => s.sessionLookupId) : Promise.resolve(void 0),
+      !accountLinkInProgress ? this.constructPortalUrl("oAuthCallback", __spreadValues({
+        sessionId: sessionLookupId,
+        oAuthMethod: method,
+        appScheme,
+        thisDevice: {
+          sessionId: sessionLookupId,
+          encryptionKey
+        }
+      }, this.isPortal() && {
+        params: portalCallbackParams,
+        // Build callback for legacy portal if needed
+        useLegacyUrl: typeof window !== "undefined" ? window.location.host.includes("usecapsule") : false
+      })) : Promise.resolve(false)
+    ]);
     return constructUrl({
       base: getBaseOAuthUrl(this.ctx.env),
       path: `/auth/${method.toLowerCase()}`,
-      params: __spreadProps(__spreadValues({
+      params: __spreadValues(__spreadValues({
         apiKey: this.ctx.apiKey,
         origin: typeof window !== "undefined" ? window.location.origin : void 0,
         sessionLookupId,
@@ -3740,21 +3797,7 @@ getOAuthUrl_fn = function(_0) {
         appScheme
       }, accountLinkInProgress ? {
         linkedAccountId: this.accountLinkInProgress.id
-      } : {}), {
-        callback: !accountLinkInProgress && (yield this.constructPortalUrl("oAuthCallback", __spreadValues({
-          sessionId: sessionLookupId,
-          oAuthMethod: method,
-          appScheme,
-          thisDevice: {
-            sessionId: sessionLookupId,
-            encryptionKey
-          }
-        }, this.isPortal() && {
-          params: portalCallbackParams,
-          // Build callback for legacy portal if needed
-          useLegacyUrl: typeof window !== "undefined" ? window.location.host.includes("usecapsule") : false
-        })))
-      })
+      } : {}), callback && { callback })
     });
   });
 };
@@ -4026,6 +4069,7 @@ prepareDoneState_fn = function(doneState) {
   return __async(this, null, function* () {
     let isSLOPossible = doneState.authMethods.includes(AuthMethod.BASIC_LOGIN);
     this.isEnclaveUser = isSLOPossible;
+    yield this.localStorageSetItem(constants.LOCAL_STORAGE_IS_ENCLAVE_USER, JSON.stringify(isSLOPossible));
     return doneState;
   });
 };
@@ -4043,6 +4087,7 @@ prepareVerificationState_fn = function(_0, _1) {
       isSLOPossible = verifyState.signupAuthMethods.includes(AuthMethod.BASIC_LOGIN);
     }
     this.isEnclaveUser = isSLOPossible;
+    yield this.localStorageSetItem(constants.LOCAL_STORAGE_IS_ENCLAVE_USER, JSON.stringify(isSLOPossible));
     const isExternalWalletFullAuth = (_a = verifyState.externalWallet) == null ? void 0 : _a.withFullParaAuth;
     return __spreadValues(__spreadValues({}, verifyState), isSLOPossible || isExternalWalletFullAuth ? {
       loginUrl: yield this.getLoginUrl({

package/dist/esm/constants.js

@@ -1,5 +1,5 @@
 import "./chunk-7B52C2XE.js";
-const PARA_CORE_VERSION = "2.8.0";
+const PARA_CORE_VERSION = "2.10.0";
 const PREFIX = "@CAPSULE/";
 const PARA_PREFIX = "@PARA/";
 const LOCAL_STORAGE_AUTH_INFO = `${PREFIX}authInfo`;
@@ -17,6 +17,7 @@ const LOCAL_STORAGE_CURRENT_WALLET_IDS = `${PREFIX}currentWalletIds`;
 const LOCAL_STORAGE_SESSION_COOKIE = `${PREFIX}sessionCookie`;
 const LOCAL_STORAGE_ENCLAVE_JWT = `${PREFIX}enclaveJwt`;
 const LOCAL_STORAGE_ENCLAVE_REFRESH_JWT = `${PREFIX}enclaveRefreshJwt`;
+const LOCAL_STORAGE_IS_ENCLAVE_USER = `${PREFIX}isEnclaveUser`;
 const SESSION_STORAGE_LOGIN_ENCRYPTION_KEY_PAIR = `${PREFIX}loginEncryptionKeyPair`;
 const POLLING_INTERVAL_MS = 1e3;
 const SHORT_POLLING_INTERVAL_MS = 750;
@@ -36,6 +37,7 @@ export {
   LOCAL_STORAGE_EXTERNAL_WALLETS,
   LOCAL_STORAGE_EXTERNAL_WALLET_USER_ID,
   LOCAL_STORAGE_FARCASTER_USERNAME,
+  LOCAL_STORAGE_IS_ENCLAVE_USER,
   LOCAL_STORAGE_PHONE,
   LOCAL_STORAGE_SESSION_COOKIE,
   LOCAL_STORAGE_TELEGRAM_USER_ID,

package/dist/esm/shares/enclave.js

@@ -229,6 +229,38 @@ ${exportedAsBase64}
       }));
     });
   }
+  /**
+   * Retrieve pregen wallet shares from the enclave
+   * Used during login to claim REST API pregen wallets
+   * Client sends walletIds in encrypted payload; backend independently queries matching wallets for cross-validation
+   */
+  getPregenShares(query) {
+    return __async(this, null, function* () {
+      try {
+        const frontendKeyPair = yield this.generateFrontendKeyPair();
+        const responsePublicKeyPEM = yield this.exportPublicKeyToPEM(frontendKeyPair.publicKey);
+        const payload = {
+          userId: query.userId,
+          walletIds: query.walletIds,
+          partnerId: query.partnerId,
+          responsePublicKey: responsePublicKeyPEM
+        };
+        const encryptedPayload = yield this.encryptForEnclave(JSON.stringify(payload));
+        const encryptedPayloadStr = JSON.stringify(encryptedPayload);
+        const response = yield this.userManagementClient.getPregenShares(encryptedPayloadStr);
+        if (!response.payload) {
+          return [];
+        }
+        const encryptedResponse = JSON.parse(response.payload);
+        const decryptedData = yield this.decryptForFrontend(encryptedResponse);
+        return decryptedData.shares;
+      } catch (error) {
+        throw new Error(
+          `Failed to retrieve pregen shares for user ${query.userId}: ${error instanceof Error ? error.message : "Unknown error"}`
+        );
+      }
+    });
+  }
   persistSharesWithRetry(shares) {
     return __async(this, null, function* () {
       return yield this.persistShares(shares);

package/dist/esm/utils/config.js

@@ -61,7 +61,10 @@ function validateCustomAsset(obj) {
         return false;
       }
     } else if (typeof network.network === "object") {
-      if (typeof network.network.name !== "string" || !network.network.name.trim() || typeof network.network.rpcUrl !== "string" || !network.network.rpcUrl.trim() || typeof network.network.evmChainId !== "string" || !network.network.evmChainId.trim()) {
+      const hasLegacyRpcUrl = typeof network.network.rpcUrl === "string" && network.network.rpcUrl.trim().length > 0;
+      const hasNewRpcFormat = network.network.rpc && typeof network.network.rpc === "object" && Array.isArray(network.network.rpc.httpUrls) && network.network.rpc.httpUrls.length > 0 && typeof network.network.rpc.httpUrls[0] === "string" && network.network.rpc.httpUrls[0].trim().length > 0;
+      if (typeof network.network.name !== "string" || !network.network.name.trim() || !hasLegacyRpcUrl && !hasNewRpcFormat || // Must have either rpcUrl or rpc.httpUrls
+      typeof network.network.evmChainId !== "string" || !network.network.evmChainId.trim()) {
         return false;
       }
       if (network.contractAddress !== void 0 && (typeof network.contractAddress !== "string" || !network.contractAddress.trim())) {

package/dist/esm/utils/url.js

@@ -76,7 +76,7 @@ function shortenUrl(ctx, url, isLegacy) {
   return __async(this, null, function* () {
     const compressedUrl = yield upload(url, ctx.client);
     return constructUrl({
-      base: getPortalBaseURL(ctx, false, false, isLegacy),
+      base: ctx.portalUrlOverride || getPortalBaseURL(ctx, false, false, isLegacy),
       path: `/short/${compressedUrl}`
     });
   });

package/dist/esm/utils/window.js

@@ -4,7 +4,7 @@ function isPortal(ctx, env) {
   var _a, _b;
   if (typeof window === "undefined") return false;
   const normalizedUrl = (_b = (_a = window.location) == null ? void 0 : _a.host) == null ? void 0 : _b.replace("usecapsule", "getpara");
-  const isOnPortalDomain = getPortalBaseURL(env ? { env } : ctx).includes(normalizedUrl);
+  const isOnPortalDomain = getPortalBaseURL(env ? { env } : ctx).includes(normalizedUrl) || ((ctx == null ? void 0 : ctx.portalUrlOverride) ? ctx.portalUrlOverride.includes(normalizedUrl) : false);
   if (!isOnPortalDomain) return false;
   const isInIframe = window.parent !== window && !window.opener;
   const isInPopup = window.opener && window.parent === window;

package/dist/types/ParaCore.d.ts

@@ -214,6 +214,7 @@ export declare abstract class ParaCore implements CoreInterface {
     private initializeFromStorage;
     private updateAuthInfoFromStorage;
     private updateEnclaveJwtFromStorage;
+    private updateIsEnclaveUserFromStorage;
     private updateUserIdFromStorage;
     private updateWalletsFromStorage;
     private updateWalletIdsFromStorage;

package/dist/types/constants.d.ts

@@ -16,6 +16,7 @@ export declare const LOCAL_STORAGE_CURRENT_WALLET_IDS = "@CAPSULE/currentWalletI
 export declare const LOCAL_STORAGE_SESSION_COOKIE = "@CAPSULE/sessionCookie";
 export declare const LOCAL_STORAGE_ENCLAVE_JWT = "@CAPSULE/enclaveJwt";
 export declare const LOCAL_STORAGE_ENCLAVE_REFRESH_JWT = "@CAPSULE/enclaveRefreshJwt";
+export declare const LOCAL_STORAGE_IS_ENCLAVE_USER = "@CAPSULE/isEnclaveUser";
 export declare const SESSION_STORAGE_LOGIN_ENCRYPTION_KEY_PAIR = "@CAPSULE/loginEncryptionKeyPair";
 export declare const POLLING_INTERVAL_MS = 1000;
 export declare const SHORT_POLLING_INTERVAL_MS = 750;

package/dist/types/shares/enclave.d.ts

@@ -78,6 +78,16 @@ export declare class EnclaveClient {
     private retrieveShares;
     deleteShares(): Promise<void>;
     retrieveSharesWithRetry(query: ShareQuery[]): Promise<ShareData[]>;
+    /**
+     * Retrieve pregen wallet shares from the enclave
+     * Used during login to claim REST API pregen wallets
+     * Client sends walletIds in encrypted payload; backend independently queries matching wallets for cross-validation
+     */
+    getPregenShares(query: {
+        userId: string;
+        walletIds: string[];
+        partnerId: string;
+    }): Promise<ShareData[]>;
     persistSharesWithRetry(shares: ShareData[]): Promise<any>;
     deleteSharesWithRetry(): Promise<void>;
 }

package/dist/types/types/config.d.ts

@@ -23,6 +23,8 @@ export interface Ctx {
     wasmOverride?: ArrayBuffer;
     cosmosPrefix?: string;
     isE2E?: boolean;
+    portalUrlOverride?: string;
+    passkeyRpIdOverride?: string;
 }
 export type deprecated__NetworkProp = keyof typeof Network | Network;
 export type deprecated__OnRampProviderProp = keyof typeof OnRampProvider | OnRampProvider;

package/package.json

@@ -1,11 +1,11 @@
 {
   "name": "@getpara/core-sdk",
-  "version": "2.8.0",
+  "version": "2.10.0",
   "dependencies": {
     "@celo/utils": "^8.0.2",
     "@cosmjs/encoding": "^0.32.4",
     "@ethereumjs/util": "^9.1.0",
-    "@getpara/user-management-client": "2.8.0",
+    "@getpara/user-management-client": "2.10.0",
     "@noble/hashes": "^1.5.0",
     "base64url": "^3.0.1",
     "libphonenumber-js": "^1.11.7",
@@ -27,7 +27,7 @@
     "dist",
     "package.json"
   ],
-  "gitHead": "44d3bdc9a075861613210bd0817a03ab67deed4e",
+  "gitHead": "8da2c51cc91f021acbc2ec7373b9ca0638fc840a",
   "main": "dist/cjs/index.js",
   "module": "dist/esm/index.js",
   "scripts": {