@getpara/core-sdk 3.0.0-alpha.0 → 3.0.0

package/dist/types/state/machines/coreStateMachine.d.ts

@@ -842,7 +842,7 @@ export declare function createCoreStateMachine(paraCoreInterface: StateMachineIn
                             data: {
                                 authState: import("@getpara/shared").ServerAuthState;
                                 sessionLookupId: string;
-                                portalTheme: import("../../types/util.js").PortalTheme;
+                                portalTheme: import("@getpara/shared/dist/types/types/partnerAppConfig.js").PartnerThemeConfig;
                                 useShortUrls: boolean;
                             };
                             finished: boolean;
@@ -2889,6 +2889,10 @@ export declare function createCoreStateMachine(paraCoreInterface: StateMachineIn
                 }];
             };
             readonly needs_wallets: {
+                readonly always: readonly [{
+                    readonly target: "creating_wallets";
+                    readonly guard: "shouldAutoCreate";
+                }];
                 readonly on: {
                     readonly WAIT_FOR_WALLET_CREATION: {
                         readonly target: "claiming_wallets";
@@ -4584,7 +4588,7 @@ export declare function createCoreStateMachine(paraCoreInterface: StateMachineIn
                                 data: {
                                     authState: import("@getpara/shared").ServerAuthState;
                                     sessionLookupId: string;
-                                    portalTheme: import("../../types/util.js").PortalTheme;
+                                    portalTheme: import("@getpara/shared/dist/types/types/partnerAppConfig.js").PartnerThemeConfig;
                                     useShortUrls: boolean;
                                 };
                                 finished: boolean;
@@ -6636,6 +6640,10 @@ export declare function createCoreStateMachine(paraCoreInterface: StateMachineIn
                     }];
                 };
                 readonly needs_wallets: {
+                    readonly always: readonly [{
+                        readonly target: "creating_wallets";
+                        readonly guard: "shouldAutoCreate";
+                    }];
                     readonly on: {
                         readonly WAIT_FOR_WALLET_CREATION: {
                             readonly target: "claiming_wallets";
@@ -8404,7 +8412,7 @@ export declare function createCoreStateMachine(paraCoreInterface: StateMachineIn
                                                     data: {
                                                         authState: import("@getpara/shared").ServerAuthState;
                                                         sessionLookupId: string;
-                                                        portalTheme: import("../../types/util.js").PortalTheme;
+                                                        portalTheme: import("@getpara/shared/dist/types/types/partnerAppConfig.js").PartnerThemeConfig;
                                                         useShortUrls: boolean;
                                                     };
                                                     finished: boolean;
@@ -10456,6 +10464,10 @@ export declare function createCoreStateMachine(paraCoreInterface: StateMachineIn
                                         }];
                                     };
                                     readonly needs_wallets: {
+                                        readonly always: readonly [{
+                                            readonly target: "creating_wallets";
+                                            readonly guard: "shouldAutoCreate";
+                                        }];
                                         readonly on: {
                                             readonly WAIT_FOR_WALLET_CREATION: {
                                                 readonly target: "claiming_wallets";
@@ -12162,7 +12174,7 @@ export declare function createCoreStateMachine(paraCoreInterface: StateMachineIn
                                                     data: {
                                                         authState: import("@getpara/shared").ServerAuthState;
                                                         sessionLookupId: string;
-                                                        portalTheme: import("../../types/util.js").PortalTheme;
+                                                        portalTheme: import("@getpara/shared/dist/types/types/partnerAppConfig.js").PartnerThemeConfig;
                                                         useShortUrls: boolean;
                                                     };
                                                     finished: boolean;
@@ -14214,6 +14226,10 @@ export declare function createCoreStateMachine(paraCoreInterface: StateMachineIn
                                         }];
                                     };
                                     readonly needs_wallets: {
+                                        readonly always: readonly [{
+                                            readonly target: "creating_wallets";
+                                            readonly guard: "shouldAutoCreate";
+                                        }];
                                         readonly on: {
                                             readonly WAIT_FOR_WALLET_CREATION: {
                                                 readonly target: "claiming_wallets";
@@ -16014,7 +16030,7 @@ export declare function createCoreStateMachine(paraCoreInterface: StateMachineIn
                                                     data: {
                                                         authState: import("@getpara/shared").ServerAuthState;
                                                         sessionLookupId: string;
-                                                        portalTheme: import("../../types/util.js").PortalTheme;
+                                                        portalTheme: import("@getpara/shared/dist/types/types/partnerAppConfig.js").PartnerThemeConfig;
                                                         useShortUrls: boolean;
                                                     };
                                                     finished: boolean;
@@ -18066,6 +18082,10 @@ export declare function createCoreStateMachine(paraCoreInterface: StateMachineIn
                                         }];
                                     };
                                     readonly needs_wallets: {
+                                        readonly always: readonly [{
+                                            readonly target: "creating_wallets";
+                                            readonly guard: "shouldAutoCreate";
+                                        }];
                                         readonly on: {
                                             readonly WAIT_FOR_WALLET_CREATION: {
                                                 readonly target: "claiming_wallets";
@@ -19773,7 +19793,7 @@ export declare function createCoreStateMachine(paraCoreInterface: StateMachineIn
                                                     data: {
                                                         authState: import("@getpara/shared").ServerAuthState;
                                                         sessionLookupId: string;
-                                                        portalTheme: import("../../types/util.js").PortalTheme;
+                                                        portalTheme: import("@getpara/shared/dist/types/types/partnerAppConfig.js").PartnerThemeConfig;
                                                         useShortUrls: boolean;
                                                     };
                                                     finished: boolean;
@@ -21825,6 +21845,10 @@ export declare function createCoreStateMachine(paraCoreInterface: StateMachineIn
                                         }];
                                     };
                                     readonly needs_wallets: {
+                                        readonly always: readonly [{
+                                            readonly target: "creating_wallets";
+                                            readonly guard: "shouldAutoCreate";
+                                        }];
                                         readonly on: {
                                             readonly WAIT_FOR_WALLET_CREATION: {
                                                 readonly target: "claiming_wallets";

package/dist/types/state/machines/walletStateMachine.d.ts

@@ -211,6 +211,10 @@ export declare function createWalletStateMachine(paraCoreInterface: StateMachine
             }];
         };
         readonly needs_wallets: {
+            readonly always: readonly [{
+                readonly target: "creating_wallets";
+                readonly guard: "shouldAutoCreate";
+            }];
             readonly on: {
                 readonly WAIT_FOR_WALLET_CREATION: {
                     readonly target: "claiming_wallets";

package/dist/types/state/types/core.d.ts

@@ -1,4 +1,4 @@
-import type { BiometricLocationHint, CurrentWalletIds, ServerAuthState, TOAuthMethod } from '@getpara/user-management-client';
+import type { BiometricLocationHint, CurrentWalletIds, DeliveryChannel, ServerAuthState, TOAuthMethod } from '@getpara/user-management-client';
 import type { AuthState, Wallet, WithCustomTheme, WithUseShortUrls } from '../../types/index.js';
 import { AuthMachine, AuthPhase } from './auth.js';
 import { WalletMachine, WalletPhase } from './wallet.js';
@@ -96,6 +96,12 @@ export type AuthStateInfo = {
     verificationUrl: string | null;
     /** Full (unshortened) verification URL. Used by preloaded iframe. */
     verificationFullUrl: string | null;
+    /** Channel the OTP was sent over — set on phone verifications so the UI can render channel-specific copy */
+    deliveryChannel: DeliveryChannel | null;
+    /** True when the server had to fall back from the primary channel (WhatsApp → SMS typically) */
+    fallbackUsed: boolean;
+    /** The channel actually used when fallbackUsed is true */
+    fallbackChannel: DeliveryChannel | null;
     /** External wallet verification data when signature is needed */
     externalWalletVerification: {
         signatureVerificationMessage: string;

package/dist/types/telemetry/config.d.ts

@@ -0,0 +1,4 @@
+export type PartnerTelemetryConfig = {
+    enabled: boolean;
+    sample_rate: number;
+};

package/dist/types/telemetry/init.d.ts

@@ -0,0 +1,17 @@
+import { type Attributes } from '@opentelemetry/api';
+import type { SDKType } from '@getpara/user-management-client';
+export type InitTelemetryOpts = {
+    tunnelUrl: string;
+    sampleRate: number;
+    sdkType: SDKType;
+    sdkVersion: string;
+    partnerId?: string;
+    resourceAttributes?: Attributes;
+    isDev?: boolean;
+    isPortal?: boolean;
+};
+export declare function onTelemetryReady(cb: () => void): void;
+export declare function initTelemetry(opts: InitTelemetryOpts): Promise<void>;
+export declare function isTelemetryInitialized(): boolean;
+export declare function flushTelemetry(): Promise<void>;
+export declare function __resetTelemetryForTests(): void;

package/dist/types/telemetry/modalSession.d.ts

@@ -0,0 +1,5 @@
+import { type Context } from '@opentelemetry/api';
+export declare function startModalSession(): void;
+export declare function endModalSession(): void;
+export declare function getModalSessionContext(): Context | undefined;
+export declare function __resetModalSessionForTests(): void;

package/dist/types/telemetry/session.d.ts

@@ -0,0 +1,2 @@
+export declare function getOrCreateSessionId(): string;
+export declare function __resetSessionForTests(): void;

package/dist/types/telemetry/tracer.d.ts

@@ -0,0 +1,10 @@
+import { type Attributes, type Context, type Span } from '@opentelemetry/api';
+export declare function getTracer(): import("@opentelemetry/api").Tracer;
+export declare function setDefaultParentContext(ctx: Context): void;
+export declare function getDefaultParentContext(): Context | undefined;
+export declare function wrapWithSpan<T>(name: string, fn: (span: Span) => Promise<T> | T, attributes?: Attributes): Promise<T>;
+export declare function extractTraceContextFromUrl(search?: string): Context;
+export declare function getUrlTraceCarrier(search?: string): Record<string, string>;
+export declare function wrapWithSpanInContext<T>(parentContext: Context, name: string, fn: (span: Span, traceHeaders: Record<string, string>) => Promise<T> | T): Promise<T>;
+export { SpanStatusCode } from '@opentelemetry/api';
+export type { Span, Attributes, Context } from '@opentelemetry/api';

package/dist/types/telemetry/uxAction.d.ts

@@ -0,0 +1,3 @@
+import type { Span } from '@opentelemetry/api';
+export type UxActionOutcome = 'success' | 'error';
+export declare function recordActionOnSpan(span: Span, targetId: string, outcome: UxActionOutcome): void;

package/dist/types/telemetry/uxBaggagePropagator.d.ts

@@ -0,0 +1,7 @@
+import { type Context, type TextMapGetter, type TextMapPropagator, type TextMapSetter } from '@opentelemetry/api';
+export declare class UxBaggagePropagator implements TextMapPropagator {
+    #private;
+    inject(ctx: Context, carrier: unknown, setter: TextMapSetter): void;
+    extract(ctx: Context, carrier: unknown, getter: TextMapGetter): Context;
+    fields(): string[];
+}

package/dist/types/telemetry/uxState.d.ts

@@ -0,0 +1,8 @@
+export type UxState = {
+    view?: string;
+    lastInteraction?: string;
+};
+export declare function getUxState(): Readonly<UxState>;
+export declare function setCurrentView(view: string | undefined): void;
+export declare function setLastInteraction(targetId: string | undefined): void;
+export declare function __resetUxStateForTests(): void;

package/dist/types/telemetry/uxStateSpanProcessor.d.ts

@@ -0,0 +1,9 @@
+import type { Context } from '@opentelemetry/api';
+import type { Span, SpanProcessor } from '@opentelemetry/sdk-trace-base';
+export declare function setCurrentUserId(userId: string | undefined): void;
+export declare class UxStateSpanProcessor implements SpanProcessor {
+    onStart(span: Span, _parentContext: Context): void;
+    onEnd(): void;
+    forceFlush(): Promise<void>;
+    shutdown(): Promise<void>;
+}

package/dist/types/types/config.d.ts

@@ -1,7 +1,6 @@
 import { AxiosInstance } from 'axios';
-import Client, { EmailTheme, Network, OnRampAsset, OnRampProvider, PregenAuth, TWalletScheme, TWalletType } from '@getpara/user-management-client';
+import Client, { EmailTheme, Network, OnRampAsset, OnRampProvider, PregenAuth, SdkOverridableAppConfig, TWalletScheme, TWalletType, PartnerThemeConfig } from '@getpara/user-management-client';
 import { EnclaveClient } from '../shares/enclave.js';
-import type { PortalTheme } from './util.js';
 export declare enum Environment {
     DEV = "DEV",
     SANDBOX = "SANDBOX",
@@ -95,7 +94,7 @@ export interface ConstructorOpts {
      * Theme to use for the portal
      * @deprecated configure theming through the developer portal
      */
-    portalTheme?: PortalTheme;
+    portalTheme?: PartnerThemeConfig;
     useDKLSForCreation?: boolean;
     disableWebSockets?: boolean;
     wasmOverride?: ArrayBuffer;
@@ -157,4 +156,17 @@ export interface ConstructorOpts {
      * @default false
      */
     enableDebugLogs?: boolean;
+    /**
+     * SDK-side overrides for partner-driven app config. Applied as the
+     * `#constructorOverrides` layer in `paraCore.config`'s merge chain. The React
+     * provider's `configOverrides` prop sits on top via a separate layer; React
+     * always wins when both surfaces touch the same key.
+     *
+     * Most partners should configure these in the developer portal — the constructor
+     * surface exists primarily for non-React contexts (`@getpara/server-sdk`,
+     * custom integrations) and dev-time iteration.
+     *
+     * The overridable subset is `SdkOverridableAppConfig`, enforced at compile time.
+     */
+    configOverrides?: Partial<SdkOverridableAppConfig>;
 }

package/dist/types/types/coreApi.d.ts

@@ -1,9 +1,9 @@
-import { ExternalWalletInfo, OnRampPurchase, OnRampPurchaseCreateParams, Setup2faResponse, VerifiedAuth, WalletEntity, WalletParams, TWalletType, IssueJwtParams, IssueJwtResponse, TLinkedAccountType, LinkedAccounts, AuthMethod } from '@getpara/user-management-client';
+import { ExternalWalletInfo, OnRampPurchase, OnRampPurchaseCreateParams, Setup2faResponse, VerifiedAuth, WalletEntity, WalletParams, TWalletType, IssueJwtParams, IssueJwtResponse, TLinkedAccountType, LinkedAccounts, AuthMethod, DeliveryChannel } from '@getpara/user-management-client';
 import type { OAuthResponse, WithCustomTheme, WithUseShortUrls, Verify2faParams, Verify2faResponse, AuthStateSignup, StorageType, CoreAuthInfo, TelegramParams } from './';
 import { ParaCore } from '../ParaCore.js';
 import { FullSignatureRes, Wallet } from './wallet.js';
 import { AccountLinkInProgress } from './accountLinking.js';
-import type { WaitForLoginParams, WaitForLoginResponse, WaitForSignupParams, WaitForWalletCreationParams, WaitForWalletCreationResponse, GetOAuthUrlParams, AddCredentialParams, LoginExternalWalletParams, LoginExternalWalletResponse, ResendVerificationCodeParams, SignUpOrLogInParams, SignUpOrLogInResponse, VerifyOAuthProcessParams, VerifyExternalWalletParams, VerifyExternalWalletResponse, VerifyFarcasterParams, VerifyTelegramParams, ClaimPregenWalletsParams, ClaimPregenWalletsResponse, CreateGuestWalletsResponse, CreatePregenWalletParams, CreatePregenWalletPerTypeParams, CreatePregenWalletPerTypeResponse, CreatePregenWalletResponse, CreateWalletParams, CreateWalletPerTypeParams, CreateWalletPerTypeResponse, CreateWalletResponse, DistributeNewWalletShareParams, GetPregenWalletsParams, GetPregenWalletsResponse, GetWalletBalanceParams, HasPregenWalletParams, PollingCallbacks, RefreshShareParams, RefreshShareResponse, RequestFaucetParams, RequestFaucetResponse, UpdatePregenWalletIdentifierParams, BaseVerifyExternalWalletParams, AuthenticateWithEmailOrPhoneParams, AuthenticateWithEmailOrPhoneResponse, AuthenticateWithOAuthParams, AuthenticateWithOAuthResponse } from '../services/types';
+import type { WaitForLoginParams, WaitForLoginResponse, WaitForSignupParams, WaitForWalletCreationParams, WaitForWalletCreationResponse, GetOAuthUrlParams, AddCredentialParams, LoginExternalWalletParams, LoginExternalWalletResponse, ResendVerificationCodeParams, ResendVerificationCodeResponse, SignUpOrLogInParams, SignUpOrLogInResponse, VerifyOAuthProcessParams, VerifyExternalWalletParams, VerifyExternalWalletResponse, VerifyFarcasterParams, VerifyTelegramParams, ClaimPregenWalletsParams, ClaimPregenWalletsResponse, CreateGuestWalletsResponse, CreatePregenWalletParams, CreatePregenWalletPerTypeParams, CreatePregenWalletPerTypeResponse, CreatePregenWalletResponse, CreateWalletParams, CreateWalletPerTypeParams, CreateWalletPerTypeResponse, CreateWalletResponse, DistributeNewWalletShareParams, GetPregenWalletsParams, GetPregenWalletsResponse, GetWalletBalanceParams, HasPregenWalletParams, PollingCallbacks, RefreshShareParams, RefreshShareResponse, RequestFaucetParams, RequestFaucetResponse, UpdatePregenWalletIdentifierParams, BaseVerifyExternalWalletParams, AuthenticateWithEmailOrPhoneParams, AuthenticateWithEmailOrPhoneResponse, AuthenticateWithOAuthParams, AuthenticateWithOAuthResponse } from '../services/types';
 export declare const PARA_CORE_METHODS: readonly ["getAuthInfo", "signUpOrLogIn", "verifyNewAccount", "waitForLogin", "waitForSignup", "waitForWalletCreation", "getOAuthUrl", "verifyOAuth", "getFarcasterConnectUri", "verifyFarcaster", "verifyTelegram", "resendVerificationCode", "loginExternalWallet", "verifyExternalWallet", "setup2fa", "enable2fa", "verify2fa", "logout", "clearStorage", "isSessionActive", "isFullyLoggedIn", "refreshSession", "keepSessionAlive", "exportSession", "waitAndExportSession", "importSession", "getVerificationToken", "getWallets", "getWalletsByType", "fetchWallets", "createWallet", "createWalletPerType", "getPregenWallets", "hasPregenWallet", "updatePregenWalletIdentifier", "createPregenWallet", "createPregenWalletPerType", "claimPregenWallets", "createGuestWallets", "distributeNewWalletShare", "getUserShare", "setUserShare", "refreshShare", "signMessage", "signTransaction", "initiateOnRampTransaction", "getWalletBalance", "requestFaucet", "issueJwt", "getLinkedAccounts", "accountLinkInProgress", "addCredential", "exportPrivateKey", "authenticateWithEmailOrPhone", "authenticateWithOAuth"];
 export declare const PARA_INTERNAL_METHODS: readonly ["linkAccount", "unlinkAccount", "verifyEmailOrPhoneLink", "verifyOAuthLink", "verifyFarcasterLink", "verifyTelegramLink", "verifyExternalWalletLink", "accountLinkInProgress", "prepareLogin", "sendLoginCode", "supportedUserAuthMethods"];
 export type CoreMethodName = (typeof PARA_CORE_METHODS)[number];
@@ -189,7 +189,7 @@ export type CoreMethods = Record<CoreMethodName, {
     };
     resendVerificationCode: {
         params: ResendVerificationCodeParams;
-        response: void;
+        response: ResendVerificationCodeResponse;
     };
     logout: {
         params: LogoutParams;
@@ -278,32 +278,26 @@ export type CoreMethods = Record<CoreMethodName, {
         params: CreateWalletPerTypeParams;
         response: CreateWalletPerTypeResponse;
     };
-    /** @deprecated Use the REST API instead. See https://docs.getpara.com/v2/rest/migrate-from-sdk-pregen */
     getPregenWallets: {
         params: GetPregenWalletsParams;
         response: GetPregenWalletsResponse;
     };
-    /** @deprecated Use the REST API instead. See https://docs.getpara.com/v2/rest/migrate-from-sdk-pregen */
     updatePregenWalletIdentifier: {
         params: UpdatePregenWalletIdentifierParams;
         response: void;
     };
-    /** @deprecated Use the REST API instead. See https://docs.getpara.com/v2/rest/migrate-from-sdk-pregen */
     hasPregenWallet: {
         params: HasPregenWalletParams;
         response: boolean;
     };
-    /** @deprecated Use the REST API instead. See https://docs.getpara.com/v2/rest/migrate-from-sdk-pregen */
     createPregenWallet: {
         params: CreatePregenWalletParams;
         response: CreatePregenWalletResponse;
     };
-    /** @deprecated Use the REST API instead. See https://docs.getpara.com/v2/rest/migrate-from-sdk-pregen */
     createPregenWalletPerType: {
         params: CreatePregenWalletPerTypeParams;
         response: CreatePregenWalletPerTypeResponse;
     };
-    /** @deprecated Use the REST API instead. See https://docs.getpara.com/v2/rest/migrate-from-sdk-pregen */
     claimPregenWallets: {
         params: ClaimPregenWalletsParams;
         response: ClaimPregenWalletsResponse;
@@ -429,6 +423,10 @@ export type InternalMethods = {
         params: void;
         response: {
             userId: string;
+            deliveryChannel?: DeliveryChannel;
+            fallbackUsed?: boolean;
+            fallbackChannel?: DeliveryChannel;
+            isSmsAllowed?: boolean;
         };
     };
     supportedUserAuthMethods: {

package/dist/types/types/serviceInterfaces.d.ts

@@ -1,6 +1,6 @@
 import type { pki as pkiType } from 'node-forge';
-import type { PartnerEntity, BackupKitEmailProps, VerificationEmailProps, TLinkedAccountType } from '@getpara/user-management-client';
-import type { Ctx, Environment, AccountLinkInProgress, ConstructorOpts, PortalTheme } from './index.js';
+import type { PartnerAppConfig, PartnerEntity, BackupKitEmailProps, VerificationEmailProps, TLinkedAccountType, PartnerThemeConfig } from '@getpara/user-management-client';
+import type { Ctx, Environment, AccountLinkInProgress, ConstructorOpts } from './index.js';
 import type { PlatformUtils } from '../PlatformUtils.js';
 import type { AuthService } from '../services/AuthService.js';
 import type { WalletService } from '../services/WalletService.js';
@@ -71,13 +71,15 @@ export interface PortalUrlServiceInterface {
     isPartnerOptional: boolean | undefined;
     ctx: Ctx;
     get loginEncryptionKeyPair(): pkiType.rsa.KeyPair | undefined;
-    portalTheme?: PortalTheme;
+    portalTheme?: PartnerThemeConfig;
     portalPrimaryButtonColor?: string;
     portalTextColor?: string;
     portalPrimaryButtonTextColor?: string;
     portalBackgroundColor?: string;
     borderRadius?: string;
     get accountLinkInProgress(): AccountLinkInProgress | undefined;
+    /** Merged partner-config surface (partner ⊕ SDK overrides); `{}` before the partner record loads. */
+    get config(): PartnerAppConfig;
 }
 export interface SessionManagementServiceInterface {
     displayModalError: (error?: string) => void;

package/dist/types/types/util.d.ts

@@ -1,17 +1,4 @@
-import { TAuthMethod, Theme } from '@getpara/user-management-client';
-/**
- * Extended portal theme type that adds new theming fields not yet in the
- * backend `Theme` type from `@getpara/user-management-client`.
- *
- * TODO: Remove this extension once the UMC `Theme` type includes
- * `foregroundMixRatio` and `cssOverrides`.
- */
-export type PortalTheme = Theme & {
-    /** Controls how much the foreground/accent color is mixed into generated UI palette steps. */
-    foregroundMixRatio?: number;
-    /** Raw CSS variable overrides applied after theme generation. Advanced use. */
-    cssOverrides?: Record<string, string>;
-};
+import { TAuthMethod, PartnerThemeConfig } from '@getpara/user-management-client';
 export type WithAuthMethod = {
     /**
      * Which authorization method to use for the URL, either `'PASSKEY'`, `'PASSWORD'` or `'PIN'`.
@@ -22,7 +9,7 @@ export type WithCustomTheme = {
     /**
      * The theme to apply to generated URLs, if different from your configured theme.
      */
-    portalTheme?: PortalTheme;
+    portalTheme?: PartnerThemeConfig;
 };
 export type WithUseShortUrls = {
     /**

package/dist/types/utils/configEncoding.d.ts

@@ -0,0 +1,51 @@
+import type { PartnerThemeConfig } from '@getpara/user-management-client';
+/**
+ * Versioned envelope carried by the optional `c` URL search param when the
+ * plain-form portal URL would exceed the tier-1 length threshold. Mirrors the
+ * top-level shape of the partner config blob (theme + app slices); the auth
+ * slice was intentionally omitted since the portal renders no
+ * auth-method-selection UI and the params had no consumer.
+ *
+ * `v` is required and acts as the compat key. The portal validates it on
+ * decode and silently falls back to individual URL params on unknown versions
+ * — so future schema evolution (e.g. adding an auth slice if portal-side
+ * gating ever ships) is BW-compat: older portals just ignore the blob.
+ */
+export declare const ENCODED_CONFIG_VERSION: 1;
+export type EncodedAppConfig = {
+    appName?: string;
+    homepageUrl?: string;
+};
+export type EncodedConfig = {
+    v: typeof ENCODED_CONFIG_VERSION;
+    theme?: PartnerThemeConfig;
+    app?: EncodedAppConfig;
+};
+/**
+ * Feature detection — `CompressionStream` lands in Chrome 80 (2020), Firefox 113
+ * (May 2023), and Safari 16.4 (March 2023). The current portal browserslist
+ * resolves a minimum of iOS Safari 15.6 + Safari 15.6, which DON'T have it.
+ *
+ * On unsupported browsers, the SDK skips tier 2 emission and lets the portal
+ * URL fall through to tier 3 (`shortenUrl`) at the cost of ~150ms RTT. Adding
+ * a sync pako fallback (~45 KB on the cold path) is an option if iOS 15.x
+ * latency on long-URL flows becomes a real complaint — the seam lives here.
+ */
+export declare function isCompressionStreamSupported(): boolean;
+/**
+ * Encode the config blob as `base64url(gzip(JSON))`. Async because both
+ * `CompressionStream` (encode side) and `DecompressionStream` (decode side)
+ * are Streams API and produce async output.
+ *
+ * Returns `null` when `CompressionStream` is unavailable so callers can
+ * gracefully degrade to tier 3 instead of throwing.
+ */
+export declare function encodeConfigParams(config: EncodedConfig): Promise<string | null>;
+/**
+ * Inverse of `encodeConfigParams`. Never throws — returns `null` on any
+ * failure (corrupt base64, invalid gzip, invalid JSON, unknown `v`, etc.)
+ * so the portal can silently fall back to individual URL params.
+ *
+ * Async because `DecompressionStream` is part of the Streams API.
+ */
+export declare function tryDecodeConfig(s: string): Promise<EncodedConfig | null>;

package/dist/types/utils/deprecation.d.ts

@@ -1 +1,3 @@
-export declare function warnPregenDeprecation(methodName: string): void;
+export declare function warnOnce(scope: string, key: string, message: string): void;
+/** Test-only: clear the warned set so tests can assert "warns once" across cases. */
+export declare function _resetWarnOnceForTests(): void;

package/dist/types/utils/formatting.d.ts

@@ -6,6 +6,7 @@ export interface Signature {
     v: bigint;
 }
 export declare function hexStringToBase64(hexString: string): string;
+export declare function base58ToBase64(base58Str: string): string;
 export declare function hexToSignature(hexSig: string): Signature;
 export declare function hexToUint8Array(hex: string): Uint8Array;
 export declare function hexToDecimal(hex: string): string;

package/dist/types/utils/index.d.ts

@@ -1,10 +1,12 @@
 export * from './autobind.js';
 export * from './config.js';
+export { warnOnce } from './deprecation.js';
 export * from './events.js';
 export * from './formatting.js';
 export * from './json.js';
 export * from './listeners.js';
 export * from './onRamps.js';
+export * from './partnerConfig.js';
 export * from './phone.js';
 export * from './polling.js';
 export * from './types.js';

package/dist/types/utils/partnerConfig.d.ts

@@ -0,0 +1,28 @@
+import { mergePartnerAppConfig } from '@getpara/user-management-client';
+import type { PartnerAppConfig, PartnerEntity } from '@getpara/user-management-client';
+export { mergePartnerAppConfig };
+/**
+ * Base defaults layer for `paraCore.config`. First argument to
+ * `mergePartnerAppConfig(defaults, partner, sdkOverrides)`.
+ *
+ * Empty today: there are no SDK-side config defaults. OAuth has no default
+ * allowlist — an unset `oAuthMethods` means "not configured", which the
+ * `assertConfigAllowed` gate treats as "allow any" (so the deprecated
+ * `oAuthMethods` prop keeps working) and the modal renders from the resolved
+ * config or the prop. Partners opt into an allowlist via the developer portal.
+ * Kept as a named const so the merge contract and any future defaults have a
+ * single home.
+ */
+export declare const DEFAULT_PARTNER_APP_CONFIG: Partial<PartnerAppConfig>;
+/**
+ * Extract the app-config layer from a partner entity returned by GET /:partnerId.
+ *
+ * The server already merges defaults ⊕ organization ⊕ partner before returning,
+ * so the entity's JSONB fields are the canonical resolved values. This function
+ * shapes them into a `PartnerAppConfig` for downstream merging with SDK overrides.
+ *
+ * If the JSONB columns are absent but legacy color/social columns are populated,
+ * synthesize equivalents so callers see a consistent shape during the transition.
+ * Compatibility shim drops at the major release (Phase 7).
+ */
+export declare function partnerToAppConfigLayer(partner: PartnerEntity): Partial<PartnerAppConfig>;

package/dist/types/utils/partnerConfigGating.d.ts

@@ -0,0 +1,48 @@
+import type { PartnerAppConfig } from '@getpara/user-management-client';
+/**
+ * Discriminated union describing a partner-config check the SDK wants to run
+ * before initiating an auth/wallet flow. `assertConfigAllowed` dispatches on
+ * `kind` and reads the relevant fields off the merged `PartnerAppConfig`.
+ */
+export type ConfigCheck = {
+    kind: 'email';
+} | {
+    kind: 'phone';
+} | {
+    kind: 'oauth';
+    method: string;
+} | {
+    kind: '2fa';
+} | {
+    kind: 'guest';
+};
+/**
+ * Throws a `PartnerConfigError` if `check` is disallowed by the resolved
+ * partner config.
+ *
+ * Wired in at the 9 SDK auth entry points (signUpOrLogIn,
+ * authenticateWithEmailOrPhone, authenticateWithOAuth, getOAuthUrl,
+ * verifyOAuth, setup2fa, verify2fa, enable2fa, createGuestWallets) so
+ * partner posture is enforced for direct SDK calls, not just the modal.
+ * resendVerificationCode is intentionally not gated — callers can only
+ * reach it after the initial auth gate has already fired.
+ *
+ * Pure helper: takes the merged config + check. No `ParaCore` reference,
+ * no I/O. Easy to unit-test.
+ *
+ * Unset means "not configured" — the gate stays permissive (legacy behavior,
+ * also what the deprecated `ParaModalProps` rely on, since those never reach
+ * the merged config). Enforcement only fires on an *explicit* partner choice:
+ * a `false` opt-in flag, a `true` disable flag, or a non-undefined OAuth
+ * allowlist. This keeps the migration non-breaking — restrictions take effect
+ * once a partner configures them in the developer portal, not before.
+ *
+ * Note: the merge is symmetric — SDK overrides can widen or narrow every
+ * auth-posture flag (`twoFactorAuthEnabled`, `isGuestModeEnabled`,
+ * `disableEmailLogin`, `disablePhoneLogin`), so an override may re-enable
+ * something the partner disabled. This gate runs on the post-merge config, so
+ * it reflects the override, not the raw partner record. A future partner-level
+ * "locked" flag (ecosystem lock primitive) would let a partner pin a value so
+ * the override is ignored; until then, overrides always win.
+ */
+export declare function assertConfigAllowed(config: PartnerAppConfig, check: ConfigCheck): void;

package/dist/types/utils/url.d.ts

@@ -1,10 +1,11 @@
 import { Ctx, Environment } from '../types/index.js';
 export declare function getPortalDomain(env: Environment, isE2E?: boolean, isLegacy?: boolean): string;
-export declare function getPortalBaseURL({ env, isE2E }: {
+export declare function getPortalBaseURL({ env, isE2E, portalUrlOverride }: {
     env: Environment;
     isE2E?: boolean;
+    portalUrlOverride?: string;
 }, useLocalIp?: boolean, isForWasm?: boolean, isLegacy?: boolean): string;
-export declare function getParaConnectDomain(env: Environment): "localhost" | "connect.sandbox.getpara.com" | "connect.beta.getpara.com" | "connect.getpara.com";
+export declare function getParaConnectDomain(env: Environment): "localhost" | "connect.sandbox.getpara.com" | "connect.getpara.com";
 export declare function getParaConnectBaseUrl({ env }: {
     env: Environment;
 }, useLocalIp?: boolean): string;

package/package.json

@@ -1,12 +1,22 @@
 {
   "name": "@getpara/core-sdk",
-  "version": "3.0.0-alpha.0",
+  "version": "3.0.0",
   "dependencies": {
     "@celo/utils": "^8.0.2",
     "@cosmjs/encoding": "^0.32.4",
     "@ethereumjs/util": "^9.1.0",
-    "@getpara/user-management-client": "3.0.0-alpha.0",
+    "@getpara/user-management-client": "3.0.0",
     "@noble/hashes": "^1.5.0",
+    "@opentelemetry/api": "^1.9.1",
+    "@opentelemetry/context-zone": "^2.7.1",
+    "@opentelemetry/core": "^2.7.0",
+    "@opentelemetry/exporter-trace-otlp-http": "^0.215.0",
+    "@opentelemetry/instrumentation": "^0.215.0",
+    "@opentelemetry/instrumentation-fetch": "^0.215.0",
+    "@opentelemetry/instrumentation-xml-http-request": "^0.216.0",
+    "@opentelemetry/resources": "^2.7.0",
+    "@opentelemetry/sdk-trace-base": "^2.7.0",
+    "@opentelemetry/semantic-conventions": "^1.40.0",
     "axios": "^1.8.4",
     "base64url": "^3.0.1",
     "elliptic": "^6.6.1",
@@ -30,14 +40,14 @@
     "dist",
     "package.json"
   ],
-  "gitHead": "f58e6e365ca63a447edaa44fba3b157e5ca7a368",
+  "gitHead": "e6c42e42adfcfadb0114b1ac65ba5203e6274712",
   "main": "dist/cjs/index.js",
   "module": "dist/esm/index.js",
   "scripts": {
     "build": "rm -rf dist && node ./scripts/build.mjs && yarn build:types",
     "build:cjs": "rm -rf dist/cjs && tsc --module commonjs --outDir dist/cjs && printf '{\"type\":\"commonjs\"}' > dist/cjs/package.json",
     "build:esm": "rm -rf dist/esm && tsc --module es6 --outDir dist/esm && printf '{\"type\":\"module\",\"sideEffects\":false}' > dist/esm/package.json",
-    "build:types": "rm -rf dist/types && tsc --module es6 --declarationDir dist/types --emitDeclarationOnly --declaration",
+    "build:types": "rm -rf dist/types && tsc --module es2020 --declarationDir dist/types --emitDeclarationOnly --declaration",
     "old-build": "yarn build:cjs && yarn build:esm && yarn build:types; yarn post-build",
     "post-build": "./scripts/set-version.sh",
     "test": "vitest run --coverage"