@getpara/core-sdk 3.0.0-alpha.1 → 3.0.0

package/dist/esm/utils/partnerConfig.js

@@ -0,0 +1,67 @@
+import {
+  __spreadValues
+} from "../chunk-7B52C2XE.js";
+import { AuthMethod, mergePartnerAppConfig } from "@getpara/user-management-client";
+const DEFAULT_PARTNER_APP_CONFIG = {};
+function partnerToAppConfigLayer(partner) {
+  var _a;
+  const layer = {};
+  const themeConfig = (_a = partner.themeConfig) != null ? _a : synthesizeLegacyTheme(partner);
+  if (themeConfig) layer.themeConfig = themeConfig;
+  const authConfig = synthesizeAuthConfig(partner);
+  if (authConfig) layer.authConfig = authConfig;
+  const modalConfig = synthesizeModalConfig(partner);
+  if (modalConfig) layer.modalConfig = modalConfig;
+  if (partner.partnerLinks) layer.partnerLinks = partner.partnerLinks;
+  if (partner.externalWalletConfig) layer.externalWalletConfig = partner.externalWalletConfig;
+  if (partner.farcasterConfig) layer.farcasterConfig = partner.farcasterConfig;
+  if (partner.rpcUrl) layer.rpcUrl = partner.rpcUrl;
+  if (partner.displayName) layer.appName = partner.displayName;
+  if (partner.supportedWalletTypes) layer.supportedWalletTypes = partner.supportedWalletTypes;
+  if (partner.supportedAccountLinks) layer.supportedAccountLinks = partner.supportedAccountLinks;
+  if (partner.balancesConfig) layer.balancesConfig = partner.balancesConfig;
+  return layer;
+}
+function synthesizeAuthConfig(partner) {
+  const result = {};
+  const stored = partner.authConfig;
+  if (stored) {
+    if (stored.oAuthMethods != null) result.oAuthMethods = stored.oAuthMethods;
+    if (stored.disableEmailLogin != null) result.disableEmailLogin = stored.disableEmailLogin;
+    if (stored.disablePhoneLogin != null) result.disablePhoneLogin = stored.disablePhoneLogin;
+    if (stored.twoFactorAuthEnabled != null) result.twoFactorAuthEnabled = stored.twoFactorAuthEnabled;
+    if (stored.isGuestModeEnabled != null) result.isGuestModeEnabled = stored.isGuestModeEnabled;
+    if (stored.supportedAuthMethods != null) result.supportedAuthMethods = stored.supportedAuthMethods;
+  }
+  if (result.supportedAuthMethods === void 0) {
+    const legacy = partner.supportedAuthMethods;
+    const isMeaningful = legacy && !(legacy.length === 1 && legacy[0] === AuthMethod.PASSKEY);
+    if (isMeaningful) {
+      result.supportedAuthMethods = legacy;
+    }
+  }
+  return Object.keys(result).length > 0 ? result : void 0;
+}
+function synthesizeModalConfig(partner) {
+  var _a, _b;
+  const stored = (_a = partner.modalConfig) != null ? _a : void 0;
+  const logo = (_b = partner.logoUrl) != null ? _b : void 0;
+  if (!stored && logo === void 0) return void 0;
+  return __spreadValues(__spreadValues({}, stored != null ? stored : {}), logo !== void 0 && { logo });
+}
+function synthesizeLegacyTheme(partner) {
+  const hasActiveThemeData = partner.backgroundColor || partner.foregroundColor || partner.accentColor || partner.font || partner.themeMode === "DARK";
+  if (!hasActiveThemeData) return void 0;
+  const theme = {};
+  if (partner.backgroundColor) theme.backgroundColor = partner.backgroundColor;
+  if (partner.foregroundColor) theme.foregroundColor = partner.foregroundColor;
+  if (partner.accentColor) theme.accentColor = partner.accentColor;
+  if (partner.font) theme.font = partner.font;
+  if (partner.themeMode === "DARK") theme.mode = "dark";
+  return theme;
+}
+export {
+  DEFAULT_PARTNER_APP_CONFIG,
+  mergePartnerAppConfig,
+  partnerToAppConfigLayer
+};

package/dist/esm/utils/partnerConfigGating.js

@@ -0,0 +1,61 @@
+import "../chunk-7B52C2XE.js";
+import { PartnerConfigError } from "../errors.js";
+function assertConfigAllowed(config, check) {
+  var _a, _b, _c, _d, _e;
+  switch (check.kind) {
+    case "email": {
+      if ((_a = config.authConfig) == null ? void 0 : _a.disableEmailLogin) {
+        throw new PartnerConfigError(
+          "EMAIL_LOGIN_DISABLED",
+          "Email login is disabled for this partner. Update partner.authConfig.disableEmailLogin in the developer portal to enable it."
+        );
+      }
+      return;
+    }
+    case "phone": {
+      if ((_b = config.authConfig) == null ? void 0 : _b.disablePhoneLogin) {
+        throw new PartnerConfigError(
+          "PHONE_LOGIN_DISABLED",
+          "Phone login is disabled for this partner. Update partner.authConfig.disablePhoneLogin in the developer portal to enable it."
+        );
+      }
+      return;
+    }
+    case "oauth": {
+      const allowed = (_c = config.authConfig) == null ? void 0 : _c.oAuthMethods;
+      if (allowed !== void 0 && !allowed.includes(check.method)) {
+        throw new PartnerConfigError(
+          "OAUTH_METHOD_NOT_ALLOWED",
+          `OAuth method "${check.method}" is not in the partner's allowlist. Allowed: ${allowed.length === 0 ? "(none)" : allowed.join(", ")}.`,
+          check.method
+        );
+      }
+      return;
+    }
+    case "2fa": {
+      if (((_d = config.authConfig) == null ? void 0 : _d.twoFactorAuthEnabled) === false) {
+        throw new PartnerConfigError(
+          "TWO_FACTOR_DISABLED",
+          "2FA is disabled for this partner. Update partner.authConfig.twoFactorAuthEnabled in the developer portal to enable it."
+        );
+      }
+      return;
+    }
+    case "guest": {
+      if (((_e = config.authConfig) == null ? void 0 : _e.isGuestModeEnabled) === false) {
+        throw new PartnerConfigError(
+          "GUEST_MODE_DISABLED",
+          "Guest mode is disabled for this partner. Update partner.authConfig.isGuestModeEnabled in the developer portal to enable it."
+        );
+      }
+      return;
+    }
+    default: {
+      const _exhaustive = check;
+      throw new Error(`assertConfigAllowed: unhandled ConfigCheck kind ${JSON.stringify(_exhaustive)}`);
+    }
+  }
+}
+export {
+  assertConfigAllowed
+};

package/dist/esm/utils/stateErrorHelpers.js

@@ -23,7 +23,12 @@ function formatStateError(error, defaultMessage) {
     return new Error(error);
   }
   if (error && typeof error === "object" && "message" in error) {
-    return new Error(String(error.message));
+    const src = error;
+    const normalized = Object.assign(new Error(String(src.message)), {});
+    if ("code" in src) normalized.code = src.code;
+    if ("status" in src) normalized.status = src.status;
+    if ("data" in src) normalized.data = src.data;
+    return normalized;
   }
   if (error && typeof error === "object" && "error" in error) {
     return formatStateError(error.error, defaultMessage);

package/dist/esm/utils/url.js

@@ -3,6 +3,10 @@ import {
 } from "../chunk-7B52C2XE.js";
 import { upload } from "../transmission/transmissionUtils.js";
 import { Environment } from "../types/index.js";
+function getGlobalPortalUrlOverride() {
+  const override = typeof globalThis !== "undefined" ? globalThis.__PARA_PORTAL_URL_OVERRIDE__ : void 0;
+  return typeof override === "string" && override ? override : void 0;
+}
 function getPortalDomain(env, isE2E, isLegacy) {
   if (isE2E) {
     return `localhost`;
@@ -21,7 +25,11 @@ function getPortalDomain(env, isE2E, isLegacy) {
       throw new Error(`env: ${env} not supported`);
   }
 }
-function getPortalBaseURL({ env, isE2E }, useLocalIp, isForWasm, isLegacy) {
+function getPortalBaseURL({ env, isE2E, portalUrlOverride }, useLocalIp, isForWasm, isLegacy) {
+  const resolvedPortalUrlOverride = portalUrlOverride != null ? portalUrlOverride : getGlobalPortalUrlOverride();
+  if (resolvedPortalUrlOverride && !isForWasm) {
+    return new URL(resolvedPortalUrlOverride).origin;
+  }
   if (isE2E) {
     if (isForWasm) {
       return `https://app.sandbox.getpara.com`;
@@ -44,7 +52,7 @@ function getParaConnectDomain(env) {
     case Environment.SANDBOX:
       return "connect.sandbox.getpara.com";
     case Environment.BETA:
-      return "connect.beta.getpara.com";
+      return "connect.getpara.com";
     case Environment.PROD:
       return "connect.getpara.com";
     default:

package/dist/types/ParaCore.d.ts

@@ -1,6 +1,6 @@
-import { AuthMethod, AuthExtras, CurrentWalletIds, EmailTheme, PartnerEntity, TWalletType, PregenIds, BiometricLocationHint, Auth, SupportedWalletTypes, AuthIdentifier, AuthType, ExternalWalletInfo, PrimaryAuthInfo, SessionInfo, PrimaryAuth, PrimaryAuthType, AccountMetadata, LinkedAccounts, VerifyLinkParams, VerifyExternalWalletParams as VerifyExternalWalletParamsServer, SupportedAccountLinks, OnRampPurchase, BalancesConfig, IssueJwtParams, TWalletScheme } from '@getpara/user-management-client';
+import { AuthMethod, AuthExtras, CurrentWalletIds, EmailTheme, PartnerAppConfig, PartnerEntity, SdkOverridableAppConfig, TWalletType, PregenIds, BiometricLocationHint, Auth, SupportedWalletTypes, AuthIdentifier, AuthType, ExternalWalletInfo, PrimaryAuthInfo, SessionInfo, PrimaryAuth, PrimaryAuthType, AccountMetadata, LinkedAccounts, VerifyLinkParams, VerifyExternalWalletParams as VerifyExternalWalletParamsServer, SupportedAccountLinks, OnRampPurchase, BalancesConfig, IssueJwtParams, TWalletScheme, PartnerThemeConfig } from '@getpara/user-management-client';
 import type { pki as pkiType } from 'node-forge';
-import { Ctx, Environment, Wallet, ConstructorOpts, CoreAuthInfo, CoreMethodParams, CoreMethodResponse, CoreInterface, AccountLinkInProgress, InternalMethodParams, InternalMethodResponse, OAuthResponse, AvailableWallet, PortalTheme } from './types/index.js';
+import { Ctx, Environment, Wallet, ConstructorOpts, CoreAuthInfo, CoreMethodParams, CoreMethodResponse, CoreInterface, AccountLinkInProgress, InternalMethodParams, InternalMethodResponse, OAuthResponse, AvailableWallet } from './types/index.js';
 import { PlatformUtils } from './PlatformUtils.js';
 import { AuthServiceInterface, ExternalWalletServiceInterface, PollingServiceInterface, PortalUrlServiceInterface, PregenWalletServiceInterface, SessionManagementServiceInterface, StateMachineInterface, WalletServiceInterface } from './types/serviceInterfaces.js';
 import type { WaitForLoginParams, WaitForLoginResponse, WaitForSignupParams, WaitForWalletCreationParams, VerifyFarcasterParams, VerifyFarcasterResponse, VerifyNewAccountParams, VerifyTelegramParams, AddCredentialParams, GetNewCredentialAndUrlParams, GetNewCredentialAndUrlResponse, LoginExternalWalletParams, ResendVerificationCodeParams, SignUpOrLogInParams, VerifyOAuthProcessParams, VerifyOAuthProcessResponse, GetLoginUrlParams, GetOAuthUrlParams, PortalUrlOptions, PortalUrlType, ClaimPregenWalletsParams, CreatePregenWalletParams, CreatePregenWalletPerTypeParams, GetPregenWalletsParams, HasPregenWalletParams, UpdatePregenWalletIdentifierParams, CreateWalletParams, CreateWalletPerTypeParams, DistributeNewWalletShareParams, FindWalletByAddressParams, FindWalletIdParams, FindWalletParams, GetDisplayAddressParams, GetIdenticonHashParams, GetWalletBalanceParams, GetWalletsByTypeParams, RequestFaucetParams, RequestFaucetResponse, RefreshShareParams, SetCurrentWalletIdsParams, SetWalletsParams, RefreshSessionParams, VerifyExternalWalletParams, InitExternalWalletProviderParams, ConnectExternalWalletParams, ExternalSignMessageParams, AuthenticateWithEmailOrPhoneParams, AuthenticateWithOAuthParams } from './services/types';
@@ -90,6 +90,20 @@ export declare abstract class ParaCore implements CoreInterface {
      * @returns A function that can be called to unsubscribe from the readiness state changes.
      */
     onReadyStateChange(callback: (isReady: boolean) => void): () => void;
+    /**
+     * Subscribe to changes in any input to `paraCore.config`:
+     *   - partner record updates (lazy load after a failed eager fetch, etc.)
+     *   - SDK override layer replacement (`setSdkConfigOverrides`)
+     *
+     * The callback fires after the relevant state has settled; subscribers
+     * should re-read `paraCore.config` to get the new merged value. Returns
+     * an unsubscribe function.
+     *
+     * Used by the React layer to bump its reactive `paraConfigVersion`
+     * counter; non-React consumers (server SDK, telemetry, etc.) can wire
+     * the same signal to invalidate their caches.
+     */
+    onConfigChange(callback: () => void): () => void;
     get authInfo(): CoreAuthInfo | undefined;
     get email(): AuthIdentifier<'email'> | undefined;
     get phone(): AuthIdentifier<'phone'> | undefined;
@@ -98,6 +112,57 @@ export declare abstract class ParaCore implements CoreInterface {
     get externalWalletWithParaAuth(): Wallet | undefined;
     get externalWalletConnectionType(): import("./services/types").ExternalWalletConnectionType;
     protected partner?: PartnerEntity;
+    /**
+     * Resolved partner app config: partner ⊕ SDK overrides.
+     * Read-only view; safe to call before `getPartner` returns (yields `{}` via
+     * the merge of no layers).
+     *
+     * Memoized on `(this.partner, this.#sdkConfigOverrides)` identity. Multiple
+     * consumers read this (assertConfigAllowed at 9 sites, PortalUrlService,
+     * ExternalWalletWrapper); without memoization each access re-allocates a
+     * fresh merged object graph. Cache invalidates whenever `this.partner` is
+     * replaced (via getPartner) or `setSdkConfigOverrides` is called.
+     */
+    get config(): PartnerAppConfig;
+    /**
+     * Read-only accessor for the raw partner record. Returns `undefined` until
+     * `getPartner` resolves (typically during `setup()`).
+     *
+     * The vast majority of partner-driven UX should consume `this.config`
+     * instead — that layer applies SDK overrides, exposes a stable shape, and
+     * is memoized. Use this getter only for fields that live on `PartnerEntity`
+     * but aren't promoted onto `PartnerAppConfig` (e.g. `logoUrl`, internal
+     * policy state). Whatever this returns is exactly what the public
+     * `getPartner(id)` API resolved on the last fetch — no additional
+     * processing.
+     */
+    get partnerRecord(): PartnerEntity | undefined;
+    /**
+     * Replace the SDK-side override layer. Generic surface — any post-construction
+     * caller (React provider, server-sdk, custom integration) can update overrides
+     * without rebuilding the ParaCore instance.
+     *
+     * Replaces wholesale (last writer wins). Pass undefined to clear.
+     */
+    setSdkConfigOverrides(overrides: Partial<SdkOverridableAppConfig> | undefined): void;
+    /**
+     * Read the raw SDK override layer (NOT the merged config). Used by analytics
+     * to distinguish "what the consumer passed" from "what the resolver
+     * produced." For the resolved view, use `paraCore.config`.
+     *
+     * @internal — analytics-only. App code should read `paraCore.config` instead;
+     *   this getter exposes pre-merge values that can change shape across
+     *   versions without notice.
+     *
+     * @remarks Redaction contract — any analytics consumer dispatching this
+     *   value to an external sink MUST sanitize first. Specifically `rpcUrl`
+     *   commonly embeds API keys (Alchemy `/v2/<key>`, Infura `/v3/<key>`).
+     *   Today the React modal owns redaction in
+     *   `react-sdk-lite/src/modal/ParaModal.tsx` (`sanitizeSdkConfigOverridesForAnalytics`).
+     *   When Phase 7's non-React analytics lands here, lift that helper next
+     *   to this getter so all consumers share one sanitizer.
+     */
+    get sdkConfigOverrides(): Partial<SdkOverridableAppConfig> | undefined;
     get userId(): string | undefined;
     accountLinkInProgress: AccountLinkInProgress | undefined;
     get isEnclaveUser(): boolean;
@@ -198,7 +263,7 @@ export declare abstract class ParaCore implements CoreInterface {
      * Theme to use for the portal
      * WARNING: This theme will override portal options set within the developer portal.
      */
-    portalTheme?: PortalTheme;
+    portalTheme?: PartnerThemeConfig;
     /**
      * Whether or not to treat external wallets as connections only, skipping all Para functionality.
      */
@@ -208,6 +273,21 @@ export declare abstract class ParaCore implements CoreInterface {
     get isNoWalletConfig(): boolean;
     get supportedWalletTypes(): SupportedWalletTypes;
     get cosmosPrefix(): string | undefined;
+    /**
+     * Auth methods the partner has enabled. Read off the raw partner record —
+     * partner-authoritative and excluded from `SdkOverridableAppConfig`, so it
+     * does NOT participate in the override merge chain.
+     *
+     * Named `supportedAuthMethodsList` (not `supportedAuthMethods`) to avoid
+     * colliding with the existing protected async `supportedAuthMethods(auth)`
+     * method that performs a backend lookup. Different concept, different shape.
+     */
+    get supportedAuthMethodsList(): AuthMethod[];
+    /**
+     * Balance display config from the partner record. Partner-authoritative;
+     * excluded from `SdkOverridableAppConfig`.
+     */
+    get balancesConfig(): BalancesConfig | undefined;
     get supportedAccountLinks(): SupportedAccountLinks;
     get isWalletTypeEnabled(): Partial<Record<TWalletType, boolean>>;
     protected onRampPopup: {
@@ -280,7 +360,7 @@ export declare abstract class ParaCore implements CoreInterface {
     getExternalWalletServiceInterface(): ExternalWalletServiceInterface;
     getPollingServiceInterface(): PollingServiceInterface;
     private trackError;
-    private wrapMethodsWithErrorTracking;
+    private wrapMethodsWithTracing;
     private initializeFromStorage;
     private updateAuthInfoFromStorage;
     private updateEnclaveJwtFromStorage;
@@ -458,6 +538,16 @@ export declare abstract class ParaCore implements CoreInterface {
     verifyExternalWallet(params: VerifyExternalWalletParams): Promise<import("./services/types").VerifyExternalWalletResponse>;
     retryVerifyExternalWallet(): Promise<import("./services/types").VerifyExternalWalletResponse>;
     signExternalWalletVerification(params: ExternalSignMessageParams): Promise<import("./services/types").BaseVerifyExternalWalletParams>;
+    signExternalWalletMessageForReauth(params: ExternalSignMessageParams & {
+        externalWallet: ExternalWalletInfo;
+    }): Promise<{
+        address: string;
+        cosmosPublicKeyHex?: string;
+        cosmosSigner?: string;
+        addressBech32?: string;
+        externalWallet: ExternalWalletInfo;
+        signedMessage: string;
+    }>;
     protected verifyExternalWalletLink(opts: InternalMethodParams<'verifyExternalWalletLink'>): InternalMethodResponse<'verifyExternalWalletLink'>;
     protected verifyTelegramProcess(opts: VerifyTelegramParams & {
         isLinkAccount: false;
@@ -489,7 +579,7 @@ export declare abstract class ParaCore implements CoreInterface {
     /**
      * Resend a verification email for the current user.
      */
-    resendVerificationCode({ type: reason }: ResendVerificationCodeParams): Promise<void>;
+    resendVerificationCode({ type: reason, deliveryChannel }: ResendVerificationCodeParams): Promise<import("./services/types").ResendVerificationCodeResponse>;
     /**
      * Checks if the current session is active.
      * @returns `true` if active, `false` otherwise
@@ -658,8 +748,6 @@ export declare abstract class ParaCore implements CoreInterface {
      **/
     createWallet(params?: CreateWalletParams): Promise<import("./services/types").CreateWalletResponse>;
     /**
-     * @deprecated Use the REST API (`POST /v1/wallets`) instead. See {@link https://docs.getpara.com/v2/rest/migrate-from-sdk-pregen | migration guide}.
-     *
      * Creates a new pregenerated wallet.
      *
      * @param {Object} opts the options object.
@@ -670,8 +758,6 @@ export declare abstract class ParaCore implements CoreInterface {
      **/
     createPregenWallet(params: CreatePregenWalletParams): Promise<Wallet>;
     /**
-     * @deprecated Use the REST API (`POST /v1/wallets`) instead. See {@link https://docs.getpara.com/v2/rest/migrate-from-sdk-pregen | migration guide}.
-     *
      * Creates new pregenerated wallets for each desired type.
      * If no types are provided, this method will create one for each of the non-optional types
      * specified in the instance's `supportedWalletTypes` array that are not already present.
@@ -683,8 +769,6 @@ export declare abstract class ParaCore implements CoreInterface {
      **/
     createPregenWalletPerType(params: CreatePregenWalletPerTypeParams): Promise<import("./services/types").CreatePregenWalletPerTypeResponse>;
     /**
-     * @deprecated Use the REST API (`POST /v1/wallets`) instead. See {@link https://docs.getpara.com/v2/rest/migrate-from-sdk-pregen | migration guide}.
-     *
      * Claims a pregenerated wallet.
      * @param {Object} opts the options object.
      * @param {string} opts.pregenIdentifier string the identifier of the user claiming the wallet
@@ -693,8 +777,6 @@ export declare abstract class ParaCore implements CoreInterface {
      **/
     claimPregenWallets(params?: ClaimPregenWalletsParams): Promise<string>;
     /**
-     * @deprecated Use the REST API (`PATCH /v1/wallets/:id`) instead. See {@link https://docs.getpara.com/v2/rest/migrate-from-sdk-pregen | migration guide}.
-     *
      * Updates the identifier for a pregen wallet.
      * @param {Object} opts the options object.
      * @param {string} opts.walletId the pregen wallet ID
@@ -703,8 +785,6 @@ export declare abstract class ParaCore implements CoreInterface {
      **/
     updatePregenWalletIdentifier(params: UpdatePregenWalletIdentifierParams): Promise<void>;
     /**
-     * @deprecated Use the REST API (`GET /v1/wallets`) instead. See {@link https://docs.getpara.com/v2/rest/migrate-from-sdk-pregen | migration guide}.
-     *
      * Checks if a pregen Wallet exists for the given identifier with the current partner.
      * @param {Object} opts the options object.
      * @param {string} opts.pregenIdentifier string the identifier of the user claiming the wallet
@@ -713,8 +793,6 @@ export declare abstract class ParaCore implements CoreInterface {
      **/
     hasPregenWallet(params: HasPregenWalletParams): Promise<boolean>;
     /**
-     * @deprecated Use the REST API (`GET /v1/wallets`) instead. See {@link https://docs.getpara.com/v2/rest/migrate-from-sdk-pregen | migration guide}.
-     *
      * Get pregen wallets for the given identifier.
      * @param {Object} opts the options object.
      * @param {string} opts.pregenIdentifier - the identifier of the user claiming the wallet
@@ -747,11 +825,11 @@ export declare abstract class ParaCore implements CoreInterface {
     private getOnRampTransactionUrl;
     getWalletBalance(params: GetWalletBalanceParams): Promise<string>;
     /**
-     * Requests testnet funds from the faucet for the specified wallet.
+     * Submits a testnet faucet funding transaction for the specified wallet.
      * @param {RequestFaucetParams} params the options object.
      * @param {string} params.walletId the id of the wallet to fund.
      * @param {string} [params.chain] optional chain identifier to target a specific testnet.
-     * @returns the faucet transaction details, including the transaction hash and amount sent.
+     * @returns the submitted faucet transaction details. Wait for the returned transaction hash to confirm before spending.
      */
     requestFaucet(params: RequestFaucetParams): Promise<RequestFaucetResponse>;
     /**
@@ -868,6 +946,10 @@ export declare abstract class ParaCore implements CoreInterface {
     }): Promise<import("@getpara/user-management-client").ProfileBalance>;
     protected sendLoginCode(): Promise<{
         userId: string;
+        deliveryChannel: import("@getpara/user-management-client").DeliveryChannel;
+        fallbackUsed: boolean;
+        fallbackChannel: import("@getpara/user-management-client").DeliveryChannel;
+        isSmsAllowed: boolean;
     }>;
     exportPrivateKey(args?: CoreMethodParams<'exportPrivateKey'>): CoreMethodResponse<'exportPrivateKey'>;
 }

package/dist/types/PlatformUtils.d.ts

@@ -10,6 +10,7 @@ export type EventHandler<T = any> = (data: T) => void;
 export interface PlatformUtils {
     sdkType: SDKType;
     getPrivateKey(ctx: Ctx, userId: string, walletId: string, share: string, sessionCookie: string): Promise<string>;
+    getED25519PrivateKey(ctx: Ctx, userId: string, walletId: string, share: string, sessionCookie: string): Promise<string>;
     keygen(ctx: Ctx, userId: string, type: Exclude<TWalletType, 'SOLANA'>, secretKey: string | null, // should be acceptable as null in RN as we don't pre-gen them
     sessionCookie: string, emailProps?: BackupKitEmailProps): Promise<{
         signer: string;

package/dist/types/errors.d.ts

@@ -10,3 +10,29 @@ export declare class TransactionReviewTimeout extends Error {
     transactionReviewUrl: string;
     constructor(transactionReviewUrl: string, pendingTransactionId: string);
 }
+/**
+ * Discriminant for a `PartnerConfigError`. Each code corresponds to a specific
+ * partner-config check that rejected an SDK call. Stable string values are
+ * part of the public surface — consumer code may switch on them to localize
+ * messages or steer recovery flows.
+ *
+ * Keep this union honest: only codes that `assertConfigAllowed` (or another
+ * runtime check) actually throws today. When Phase 7 adds wallet-type /
+ * account-link / auth-method enforcement, add `WALLET_TYPE_NOT_ALLOWED`,
+ * `ACCOUNT_LINK_NOT_ALLOWED`, `AUTH_METHOD_DISABLED` here in the same patch
+ * that introduces the matching `ConfigCheck` kinds. Pre-declaring them here
+ * would create dead `switch` branches in consumer code.
+ */
+export type PartnerConfigErrorCode = 'EMAIL_LOGIN_DISABLED' | 'PHONE_LOGIN_DISABLED' | 'OAUTH_METHOD_NOT_ALLOWED' | 'TWO_FACTOR_DISABLED' | 'GUEST_MODE_DISABLED';
+/**
+ * Thrown when an SDK auth or wallet call violates a partner-config restriction.
+ * `assertConfigAllowed` runs at the affected SDK entry points so partner
+ * posture (e.g. "email login disabled", "OAuth allowlist limited to GOOGLE")
+ * is enforced for direct SDK calls too — not just the modal.
+ */
+export declare class PartnerConfigError extends Error {
+    readonly code: PartnerConfigErrorCode;
+    /** Optional context — e.g. for `OAUTH_METHOD_NOT_ALLOWED`, the method that was rejected. */
+    readonly detail?: string;
+    constructor(code: PartnerConfigErrorCode, message: string, detail?: string);
+}

package/dist/types/external/userManagementClient.d.ts

@@ -3,7 +3,7 @@ import { Environment } from '../types/index.js';
 export declare function getBaseOAuthUrl(env: Environment): string;
 export declare function getBaseUrl(env: Environment, scheme?: 'http' | 'ws'): string;
 export declare function getBaseMPCNetworkUrl(env: Environment, useWebsocket?: boolean): string;
-export declare function initClient({ env, version, apiKey, partnerId, useFetchAdapter, retrieveSessionCookie, persistSessionCookie, }: {
+export declare function initClient({ env, version, apiKey, partnerId, useFetchAdapter, retrieveSessionCookie, persistSessionCookie, staticTraceContext, }: {
     env: Environment;
     version?: string;
     apiKey: string;
@@ -11,4 +11,5 @@ export declare function initClient({ env, version, apiKey, partnerId, useFetchAd
     useFetchAdapter?: boolean;
     retrieveSessionCookie?: () => string;
     persistSessionCookie?: (cookie: string) => void;
+    staticTraceContext?: Record<string, string>;
 }): Client;

package/dist/types/index.d.ts

@@ -1,11 +1,11 @@
 import { ParaCore } from './ParaCore.js';
-export { type Auth, type AuthInfo, type PrimaryAuthInfo, type VerifiedAuthInfo, type VerifiedAuth, AuthMethod, type TAuthMethod, AuthMethodStatus, type AuthExtras, type CurrentWalletIds, EmailTheme, type PartnerEntity, type WalletEntity, Network, type TNetwork, WalletType, type TWalletType, WalletScheme, type TWalletScheme, OnRampAsset, type TOnRampAsset, OnRampPurchaseType, OnRampProvider, OnRampPurchaseStatus, type OnRampConfig, type OnRampAssets, type OnRampPurchase, type OnRampAssetInfo, type ProviderAssetInfo, OnRampMethod, type Theme, OAuthMethod, type TOAuthMethod, type TLinkedAccountType, type SupportedAccountLinks, type SupportedWalletTypes, type TPregenIdentifierType, type PregenIds, type LinkedAccount, type LinkedAccounts, type TExternalWallet, type ExternalWalletInfo, type PregenAuth, type Setup2faResponse, type TelegramAuthResponse, type VerifyExternalWalletParams, type AssetMetadata, type AssetMetadataIndexed, type AssetValue, type BalancesConfig, type WalletBalance, type ProfileBalance, type OfframpDepositRequest, type WalletWithMetadata, RecoveryStatus, ThemeMode, NON_ED25519, PREGEN_IDENTIFIER_TYPES, WALLET_TYPES, WALLET_SCHEMES, OAUTH_METHODS, LINKED_ACCOUNT_TYPES, EXTERNAL_WALLET_TYPES, EVM_WALLETS, SOLANA_WALLETS, COSMOS_WALLETS, formatAssetQuantity, formatCurrency, type EstimateTransactionOpts, type EstimateTransactionResult, type BroadcastTransactionOpts, type BroadcastTransactionResult, type PendingTransactionEntity, type SerializedDecodedTx, type SerializedTxData, type GetPendingTransactionResponse, } from '@getpara/user-management-client';
+export { type Auth, type AuthInfo, type PrimaryAuthInfo, type VerifiedAuthInfo, type VerifiedAuth, AuthMethod, type TAuthMethod, AuthMethodStatus, AuthLayout, type TAuthLayout, type AuthExtras, type CurrentWalletIds, EmailTheme, type PartnerEntity, type PartnerAppConfig, type WalletEntity, Network, type TNetwork, WalletType, type TWalletType, WalletScheme, type TWalletScheme, OnRampAsset, type TOnRampAsset, OnRampPurchaseType, OnRampProvider, OnRampPurchaseStatus, type OnRampConfig, type OnRampAssets, type OnRampPurchase, type OnRampAssetInfo, type ProviderAssetInfo, OnRampMethod, OAuthMethod, type TOAuthMethod, type TLinkedAccountType, type SupportedAccountLinks, type SupportedWalletTypes, type TPregenIdentifierType, type PregenIds, type LinkedAccount, type LinkedAccounts, type TExternalWallet, type ExternalWalletInfo, type PregenAuth, type Setup2faResponse, type TelegramAuthResponse, type VerifyExternalWalletParams, type AssetMetadata, type AssetMetadataIndexed, type AssetValue, type BalancesConfig, type WalletBalance, type ProfileBalance, type OfframpDepositRequest, type WalletWithMetadata, RecoveryStatus, ThemeMode, NON_ED25519, PREGEN_IDENTIFIER_TYPES, WALLET_TYPES, WALLET_SCHEMES, OAUTH_METHODS, LINKED_ACCOUNT_TYPES, EXTERNAL_WALLET_TYPES, EVM_WALLETS, SOLANA_WALLETS, COSMOS_WALLETS, formatAssetQuantity, formatCurrency, type EstimateTransactionOpts, type EstimateTransactionResult, type BroadcastTransactionOpts, type BroadcastTransactionResult, type PendingTransactionEntity, type SerializedDecodedTx, type SerializedTxData, type GetPendingTransactionResponse, DeliveryChannel, type PartnerThemeConfig as Theme, } from '@getpara/user-management-client';
 export { PopupType, PregenIdentifierType, type AuthStateSignup, type AuthStateVerify, type AuthStateLogin, type AuthState, type OAuthResponse, type CoreAuthInfo, type SignatureRes, type FullSignatureRes, type SuccessfulSignatureRes, type DeniedSignatureRes, type DeniedSignatureResWithUrl, type Wallet, type AvailableWallet, type AccountLinkInProgress, AccountLinkError, type InternalInterface, type Verify2faParams, type Verify2faResponse, type StorageType, type TelegramParams, type CreateParaSignerBaseOptions, } from './types/index.js';
 export * from './types/smartAccounts.js';
 export * from './types/coreApi.js';
 export * from './types/events.js';
 export * from './types/config.js';
-export { getPortalDomain, dispatchEvent, onParaEvent, offParaEvent, entityToWallet, constructUrl, shortenUrl, isPortal, } from './utils/index.js';
+export { getPortalDomain, dispatchEvent, onParaEvent, offParaEvent, entityToWallet, constructUrl, shortenUrl, isPortal, warnOnce, } from './utils/index.js';
 export { PREFIX as STORAGE_PREFIX, PARA_PREFIX as PARA_STORAGE_PREFIX, LOCAL_STORAGE_CURRENT_WALLET_IDS, LOCAL_STORAGE_WALLETS, } from './constants.js';
 export { distributeNewShare } from './shares/shareDistribution.js';
 export { KeyContainer } from './shares/KeyContainer.js';
@@ -22,10 +22,22 @@ export * from './utils/phone.js';
 export * from './utils/config.js';
 export { isWalletSupported } from './utils/wallet.js';
 export { getNetworkPrefix, getOnRampAssets, getOnRampNetworks, toAssetInfoArray } from './utils/onRamps.js';
-export { getPortalBaseURL } from './utils/url.js';
+export { getPortalBaseURL, getParaConnectBaseUrl } from './utils/url.js';
+export { encodeConfigParams, tryDecodeConfig, isCompressionStreamSupported, ENCODED_CONFIG_VERSION, } from './utils/configEncoding.js';
+export type { EncodedConfig, EncodedAppConfig } from './utils/configEncoding.js';
 export { retrieve as transmissionUtilsRetrieve } from './transmission/transmissionUtils.js';
 export type { ShareData } from './shares/enclave.js';
 export type { StateSnapshot, AuthStateInfo } from './state/types/core';
 export type * from './services/types';
+export { getTracer, wrapWithSpan, wrapWithSpanInContext, extractTraceContextFromUrl, getUrlTraceCarrier, setDefaultParentContext, getDefaultParentContext, SpanStatusCode, } from './telemetry/tracer.js';
+export type { Span, Attributes, Context } from './telemetry/tracer.js';
+export { getOrCreateSessionId } from './telemetry/session.js';
+export { initTelemetry, isTelemetryInitialized, onTelemetryReady, flushTelemetry } from './telemetry/init.js';
+export { getUxState, setCurrentView, setLastInteraction } from './telemetry/uxState.js';
+export { setCurrentUserId } from './telemetry/uxStateSpanProcessor.js';
+export { recordActionOnSpan, type UxActionOutcome } from './telemetry/uxAction.js';
+export { startModalSession, endModalSession, getModalSessionContext } from './telemetry/modalSession.js';
+export type { InitTelemetryOpts } from './telemetry/init.js';
+export type { PartnerTelemetryConfig } from './telemetry/config.js';
 export declare const paraVersion: string;
 export default ParaCore;

package/dist/types/services/types/AuthServiceTypes.d.ts

@@ -1,4 +1,4 @@
-import type { Auth, AuthExtras, AuthMethod, AuthType, ExternalWalletInfo, PrimaryAuth, PrimaryAuthInfo, ServerAuthState, ServerAuthStateLogin, TAuthMethod, Theme, TOAuthMethod } from '@getpara/user-management-client';
+import type { Auth, AuthExtras, AuthMethod, AuthType, DeliveryChannel, ExternalWalletInfo, PrimaryAuth, PrimaryAuthInfo, ServerAuthState, ServerAuthStateLogin, TAuthMethod, PartnerThemeConfig, TOAuthMethod } from '@getpara/user-management-client';
 import type { AuthState, AuthStateDone, AuthStateLogin, AuthStateSignup, AuthStateVerify, CoreAuthInfo, WithCustomTheme, WithSessionLookupId, WithShorten, WithUseShortUrls } from '../../types/index.js';
 import type { InitOAuthPollingParams, PollingCallbacks } from './PollingServiceTypes.js';
 import { PerformConnectExternalWalletResponse, ExternalSignMessageParams } from './ExternalWalletServiceTypes.js';
@@ -36,7 +36,7 @@ export type PrepareAuthStateMethod = <T extends ServerAuthState>(serverAuthState
 }) => Promise<AuthState>;
 export type PrepareLoginStateMethod = (loginState: ServerAuthStateLogin, options: {
     useShortUrls?: boolean;
-    portalTheme?: Theme;
+    portalTheme?: PartnerThemeConfig;
     sessionLookupId: string;
 }) => Promise<AuthStateLogin>;
 export interface AuthenticateWithEmailOrPhoneParams extends SignUpOrLogInParams {
@@ -145,6 +145,13 @@ export type AddCredentialMethod = (_: AddCredentialParams) => Promise<string | u
 export type SupportedUserAuthMethodsMethod = () => Promise<Set<AuthMethod>>;
 export interface ResendVerificationCodeParams {
     type?: 'SIGNUP' | 'LINK_ACCOUNT' | 'LOGIN';
+    deliveryChannel?: DeliveryChannel;
 }
-export type ResendVerificationCodeMethod = (_: ResendVerificationCodeParams) => Promise<void>;
+export interface ResendVerificationCodeResponse {
+    deliveryChannel?: DeliveryChannel;
+    fallbackUsed?: boolean;
+    fallbackChannel?: DeliveryChannel;
+    isSmsAllowed?: boolean;
+}
+export type ResendVerificationCodeMethod = (_: ResendVerificationCodeParams) => Promise<ResendVerificationCodeResponse>;
 export {};

package/dist/types/services/types/PortalUrlServiceTypes.d.ts

@@ -1,5 +1,5 @@
-import type { TAuthMethod, TOAuthMethod } from '@getpara/user-management-client';
-import type { AccountLinkInProgress, PortalTheme, WithAuthMethod, WithCustomTheme, WithSessionId, WithShorten } from '../../types/index.js';
+import type { TAuthMethod, TOAuthMethod, PartnerThemeConfig } from '@getpara/user-management-client';
+import type { AccountLinkInProgress, WithAuthMethod, WithCustomTheme, WithSessionId, WithShorten } from '../../types/index.js';
 type Device = {
     sessionId: string;
     encryptionKey: string;
@@ -11,7 +11,7 @@ export type PortalUrlOptions = {
     thisDevice?: Device;
     newDevice?: Device;
     sessionId?: string;
-    portalTheme?: PortalTheme;
+    portalTheme?: PartnerThemeConfig;
     pathId?: string;
     shorten?: boolean;
     isEmbedded?: boolean;

package/dist/types/services/types/WalletServiceTypes.d.ts

@@ -111,6 +111,10 @@ export interface RequestFaucetParams {
     chain?: string;
 }
 export interface RequestFaucetResponse {
+    /**
+     * Hash for the submitted faucet funding transaction. Wait for confirmation
+     * before assuming funds are spendable.
+     */
     transactionHash: string;
     amount: string;
     chain: string;

package/dist/types/state/actors/setupPara.d.ts

@@ -1,2 +1,20 @@
 import { StateMachineInterface } from '../../types/serviceInterfaces.js';
+/**
+ * Bootstraps the SDK. Runs the platform-specific `setup()` (Farcaster init,
+ * wallet-record backfill, etc.) AND an eager partner-record load via
+ * `touchSession` in parallel — both are independent network/IO tasks and
+ * the state machine only flips `isReady=true` once this actor resolves.
+ *
+ * Eager partner load lives here rather than inside each subclass's setup()
+ * so every consumer of core-sdk (ParaWeb, ParaServer, future subclasses)
+ * gets it for free — the state machine is the canonical SDK lifecycle,
+ * and "partner is loaded" is part of being ready.
+ *
+ * Skipped in the portal context where `ModalLayoutV2` runs its own
+ * getPartner fetch with separate telemetry plumbing — calling touchSession
+ * there would duplicate the call. Best-effort otherwise: a network failure
+ * keeps partner unloaded for now, partner-dependent code paths fall back
+ * to legacy props / lazy-load via `#assertPartner` at gated method
+ * call-sites, and the SDK still becomes ready.
+ */
 export declare const createSetupParaActor: (paraCoreInterface: StateMachineInterface) => import("xstate").PromiseActorLogic<void, {}, import("xstate").EventObject>;

package/dist/types/state/machines/authStateMachine.d.ts

@@ -842,7 +842,7 @@ export declare function createAuthStateMachine(paraCoreInterface: StateMachineIn
                         data: {
                             authState: ServerAuthState;
                             sessionLookupId: string;
-                            portalTheme: import("../../types/util.js").PortalTheme;
+                            portalTheme: import("@getpara/user-management-client").PartnerThemeConfig;
                             useShortUrls: boolean;
                         };
                         finished: boolean;