@getpara/core-sdk 3.0.0-alpha.1 → 3.1.0

package/dist/esm/telemetry/uxAction.js

@@ -0,0 +1,8 @@
+import "../chunk-7B52C2XE.js";
+function recordActionOnSpan(span, targetId, outcome) {
+  span.setAttribute("ui.target_id", targetId);
+  span.setAttribute("ui.outcome", outcome);
+}
+export {
+  recordActionOnSpan
+};

package/dist/esm/telemetry/uxBaggagePropagator.js

@@ -0,0 +1,35 @@
+import {
+  __privateAdd,
+  __privateGet
+} from "../chunk-7B52C2XE.js";
+var _inner;
+import {
+  propagation
+} from "@opentelemetry/api";
+import { W3CBaggagePropagator } from "@opentelemetry/core";
+import { getUxState } from "./uxState.js";
+import { getOrCreateSessionId } from "./session.js";
+class UxBaggagePropagator {
+  constructor() {
+    __privateAdd(this, _inner, new W3CBaggagePropagator());
+  }
+  inject(ctx, carrier, setter) {
+    var _a;
+    const state = getUxState();
+    let bag = (_a = propagation.getBaggage(ctx)) != null ? _a : propagation.createBaggage();
+    bag = bag.setEntry("ui.session_id", { value: getOrCreateSessionId() });
+    if (state.view) bag = bag.setEntry("ui.view", { value: state.view });
+    if (state.lastInteraction) bag = bag.setEntry("ui.last_interaction", { value: state.lastInteraction });
+    __privateGet(this, _inner).inject(propagation.setBaggage(ctx, bag), carrier, setter);
+  }
+  extract(ctx, carrier, getter) {
+    return __privateGet(this, _inner).extract(ctx, carrier, getter);
+  }
+  fields() {
+    return __privateGet(this, _inner).fields();
+  }
+}
+_inner = new WeakMap();
+export {
+  UxBaggagePropagator
+};

package/dist/esm/telemetry/uxState.js

@@ -0,0 +1,21 @@
+import "../chunk-7B52C2XE.js";
+const state = {};
+function getUxState() {
+  return state;
+}
+function setCurrentView(view) {
+  state.view = view;
+}
+function setLastInteraction(targetId) {
+  state.lastInteraction = targetId;
+}
+function __resetUxStateForTests() {
+  state.view = void 0;
+  state.lastInteraction = void 0;
+}
+export {
+  __resetUxStateForTests,
+  getUxState,
+  setCurrentView,
+  setLastInteraction
+};

package/dist/esm/telemetry/uxStateSpanProcessor.js

@@ -0,0 +1,28 @@
+import "../chunk-7B52C2XE.js";
+import { getUxState } from "./uxState.js";
+import { getOrCreateSessionId } from "./session.js";
+let currentUserId;
+function setCurrentUserId(userId) {
+  currentUserId = userId;
+}
+class UxStateSpanProcessor {
+  onStart(span, _parentContext) {
+    const state = getUxState();
+    span.setAttribute("ui.session_id", getOrCreateSessionId());
+    if (currentUserId) span.setAttribute("user.id", currentUserId);
+    if (state.view) span.setAttribute("ui.view", state.view);
+    if (state.lastInteraction) span.setAttribute("ui.last_interaction", state.lastInteraction);
+  }
+  onEnd() {
+  }
+  forceFlush() {
+    return Promise.resolve();
+  }
+  shutdown() {
+    return Promise.resolve();
+  }
+}
+export {
+  UxStateSpanProcessor,
+  setCurrentUserId
+};

package/dist/esm/utils/configEncoding.js

@@ -0,0 +1,45 @@
+import {
+  __async
+} from "../chunk-7B52C2XE.js";
+import { Buffer } from "buffer";
+import base64url from "base64url";
+const ENCODED_CONFIG_VERSION = 1;
+function isCompressionStreamSupported() {
+  return typeof CompressionStream !== "undefined" && typeof DecompressionStream !== "undefined";
+}
+function encodeConfigParams(config) {
+  return __async(this, null, function* () {
+    if (!isCompressionStreamSupported()) return null;
+    try {
+      const json = JSON.stringify(config);
+      const stream = new Blob([json]).stream().pipeThrough(new CompressionStream("gzip"));
+      const compressed = new Uint8Array(yield new Response(stream).arrayBuffer());
+      return base64url.encode(Buffer.from(compressed));
+    } catch (e) {
+      return null;
+    }
+  });
+}
+function tryDecodeConfig(s) {
+  return __async(this, null, function* () {
+    if (!isCompressionStreamSupported()) return null;
+    if (!/^[A-Za-z0-9_-]+$/.test(s)) return null;
+    try {
+      const compressed = base64url.toBuffer(s);
+      const stream = new Blob([compressed]).stream().pipeThrough(new DecompressionStream("gzip"));
+      const json = yield new Response(stream).text();
+      const parsed = JSON.parse(json);
+      if (!parsed || typeof parsed !== "object") return null;
+      if (parsed.v !== ENCODED_CONFIG_VERSION) return null;
+      return parsed;
+    } catch (e) {
+      return null;
+    }
+  });
+}
+export {
+  ENCODED_CONFIG_VERSION,
+  encodeConfigParams,
+  isCompressionStreamSupported,
+  tryDecodeConfig
+};

package/dist/esm/utils/deprecation.js

@@ -1,16 +1,15 @@
 import "../chunk-7B52C2XE.js";
-const MIGRATION_GUIDE_URL = "https://docs.getpara.com/v2/rest/migrate-from-sdk-pregen";
-const warned = /* @__PURE__ */ new Set();
-function warnPregenDeprecation(methodName) {
-  if (warned.has(methodName)) return;
-  warned.add(methodName);
-  console.warn(
-    `[Para] ${methodName}() is deprecated and will be removed in a future release.
-  \u2192 New integrations: use the REST API instead
-  \u2192 Existing wallets: use para.migrateWalletShare() to migrate
-  \u2192 Guide: ${MIGRATION_GUIDE_URL}`
-  );
+const warnedScopedKeys = /* @__PURE__ */ new Set();
+function warnOnce(scope, key, message) {
+  const fullKey = `${scope}::${key}`;
+  if (warnedScopedKeys.has(fullKey)) return;
+  warnedScopedKeys.add(fullKey);
+  console.warn(`[Para] ${message}`);
+}
+function _resetWarnOnceForTests() {
+  warnedScopedKeys.clear();
 }
 export {
-  warnPregenDeprecation
+  _resetWarnOnceForTests,
+  warnOnce
 };

package/dist/esm/utils/index.js

@@ -1,13 +1,19 @@
+import "../chunk-7B52C2XE.js";
 export * from "./autobind.js";
 export * from "./config.js";
+import { warnOnce } from "./deprecation.js";
 export * from "./events.js";
 export * from "./formatting.js";
 export * from "./json.js";
 export * from "./listeners.js";
 export * from "./onRamps.js";
+export * from "./partnerConfig.js";
 export * from "./phone.js";
 export * from "./polling.js";
 export * from "./types.js";
 export * from "./url.js";
 export * from "./wallet.js";
 export * from "./window.js";
+export {
+  warnOnce
+};

package/dist/esm/utils/partnerConfig.js

@@ -0,0 +1,67 @@
+import {
+  __spreadValues
+} from "../chunk-7B52C2XE.js";
+import { AuthMethod, mergePartnerAppConfig } from "@getpara/user-management-client";
+const DEFAULT_PARTNER_APP_CONFIG = {};
+function partnerToAppConfigLayer(partner) {
+  var _a;
+  const layer = {};
+  const themeConfig = (_a = partner.themeConfig) != null ? _a : synthesizeLegacyTheme(partner);
+  if (themeConfig) layer.themeConfig = themeConfig;
+  const authConfig = synthesizeAuthConfig(partner);
+  if (authConfig) layer.authConfig = authConfig;
+  const modalConfig = synthesizeModalConfig(partner);
+  if (modalConfig) layer.modalConfig = modalConfig;
+  if (partner.partnerLinks) layer.partnerLinks = partner.partnerLinks;
+  if (partner.externalWalletConfig) layer.externalWalletConfig = partner.externalWalletConfig;
+  if (partner.farcasterConfig) layer.farcasterConfig = partner.farcasterConfig;
+  if (partner.rpcUrl) layer.rpcUrl = partner.rpcUrl;
+  if (partner.displayName) layer.appName = partner.displayName;
+  if (partner.supportedWalletTypes) layer.supportedWalletTypes = partner.supportedWalletTypes;
+  if (partner.supportedAccountLinks) layer.supportedAccountLinks = partner.supportedAccountLinks;
+  if (partner.balancesConfig) layer.balancesConfig = partner.balancesConfig;
+  return layer;
+}
+function synthesizeAuthConfig(partner) {
+  const result = {};
+  const stored = partner.authConfig;
+  if (stored) {
+    if (stored.oAuthMethods != null) result.oAuthMethods = stored.oAuthMethods;
+    if (stored.disableEmailLogin != null) result.disableEmailLogin = stored.disableEmailLogin;
+    if (stored.disablePhoneLogin != null) result.disablePhoneLogin = stored.disablePhoneLogin;
+    if (stored.twoFactorAuthEnabled != null) result.twoFactorAuthEnabled = stored.twoFactorAuthEnabled;
+    if (stored.isGuestModeEnabled != null) result.isGuestModeEnabled = stored.isGuestModeEnabled;
+    if (stored.supportedAuthMethods != null) result.supportedAuthMethods = stored.supportedAuthMethods;
+  }
+  if (result.supportedAuthMethods === void 0) {
+    const legacy = partner.supportedAuthMethods;
+    const isMeaningful = legacy && !(legacy.length === 1 && legacy[0] === AuthMethod.PASSKEY);
+    if (isMeaningful) {
+      result.supportedAuthMethods = legacy;
+    }
+  }
+  return Object.keys(result).length > 0 ? result : void 0;
+}
+function synthesizeModalConfig(partner) {
+  var _a, _b;
+  const stored = (_a = partner.modalConfig) != null ? _a : void 0;
+  const logo = (_b = partner.logoUrl) != null ? _b : void 0;
+  if (!stored && logo === void 0) return void 0;
+  return __spreadValues(__spreadValues({}, stored != null ? stored : {}), logo !== void 0 && { logo });
+}
+function synthesizeLegacyTheme(partner) {
+  const hasActiveThemeData = partner.backgroundColor || partner.foregroundColor || partner.accentColor || partner.font || partner.themeMode === "DARK";
+  if (!hasActiveThemeData) return void 0;
+  const theme = {};
+  if (partner.backgroundColor) theme.backgroundColor = partner.backgroundColor;
+  if (partner.foregroundColor) theme.foregroundColor = partner.foregroundColor;
+  if (partner.accentColor) theme.accentColor = partner.accentColor;
+  if (partner.font) theme.font = partner.font;
+  if (partner.themeMode === "DARK") theme.mode = "dark";
+  return theme;
+}
+export {
+  DEFAULT_PARTNER_APP_CONFIG,
+  mergePartnerAppConfig,
+  partnerToAppConfigLayer
+};

package/dist/esm/utils/partnerConfigGating.js

@@ -0,0 +1,61 @@
+import "../chunk-7B52C2XE.js";
+import { PartnerConfigError } from "../errors.js";
+function assertConfigAllowed(config, check) {
+  var _a, _b, _c, _d, _e;
+  switch (check.kind) {
+    case "email": {
+      if ((_a = config.authConfig) == null ? void 0 : _a.disableEmailLogin) {
+        throw new PartnerConfigError(
+          "EMAIL_LOGIN_DISABLED",
+          "Email login is disabled for this partner. Update partner.authConfig.disableEmailLogin in the developer portal to enable it."
+        );
+      }
+      return;
+    }
+    case "phone": {
+      if ((_b = config.authConfig) == null ? void 0 : _b.disablePhoneLogin) {
+        throw new PartnerConfigError(
+          "PHONE_LOGIN_DISABLED",
+          "Phone login is disabled for this partner. Update partner.authConfig.disablePhoneLogin in the developer portal to enable it."
+        );
+      }
+      return;
+    }
+    case "oauth": {
+      const allowed = (_c = config.authConfig) == null ? void 0 : _c.oAuthMethods;
+      if (allowed !== void 0 && !allowed.includes(check.method)) {
+        throw new PartnerConfigError(
+          "OAUTH_METHOD_NOT_ALLOWED",
+          `OAuth method "${check.method}" is not in the partner's allowlist. Allowed: ${allowed.length === 0 ? "(none)" : allowed.join(", ")}.`,
+          check.method
+        );
+      }
+      return;
+    }
+    case "2fa": {
+      if (((_d = config.authConfig) == null ? void 0 : _d.twoFactorAuthEnabled) === false) {
+        throw new PartnerConfigError(
+          "TWO_FACTOR_DISABLED",
+          "2FA is disabled for this partner. Update partner.authConfig.twoFactorAuthEnabled in the developer portal to enable it."
+        );
+      }
+      return;
+    }
+    case "guest": {
+      if (((_e = config.authConfig) == null ? void 0 : _e.isGuestModeEnabled) === false) {
+        throw new PartnerConfigError(
+          "GUEST_MODE_DISABLED",
+          "Guest mode is disabled for this partner. Update partner.authConfig.isGuestModeEnabled in the developer portal to enable it."
+        );
+      }
+      return;
+    }
+    default: {
+      const _exhaustive = check;
+      throw new Error(`assertConfigAllowed: unhandled ConfigCheck kind ${JSON.stringify(_exhaustive)}`);
+    }
+  }
+}
+export {
+  assertConfigAllowed
+};

package/dist/esm/utils/stateErrorHelpers.js

@@ -23,7 +23,12 @@ function formatStateError(error, defaultMessage) {
     return new Error(error);
   }
   if (error && typeof error === "object" && "message" in error) {
-    return new Error(String(error.message));
+    const src = error;
+    const normalized = Object.assign(new Error(String(src.message)), {});
+    if ("code" in src) normalized.code = src.code;
+    if ("status" in src) normalized.status = src.status;
+    if ("data" in src) normalized.data = src.data;
+    return normalized;
   }
   if (error && typeof error === "object" && "error" in error) {
     return formatStateError(error.error, defaultMessage);

package/dist/esm/utils/url.js

@@ -3,6 +3,10 @@ import {
 } from "../chunk-7B52C2XE.js";
 import { upload } from "../transmission/transmissionUtils.js";
 import { Environment } from "../types/index.js";
+function getGlobalPortalUrlOverride() {
+  const override = typeof globalThis !== "undefined" ? globalThis.__PARA_PORTAL_URL_OVERRIDE__ : void 0;
+  return typeof override === "string" && override ? override : void 0;
+}
 function getPortalDomain(env, isE2E, isLegacy) {
   if (isE2E) {
     return `localhost`;
@@ -21,7 +25,11 @@ function getPortalDomain(env, isE2E, isLegacy) {
       throw new Error(`env: ${env} not supported`);
   }
 }
-function getPortalBaseURL({ env, isE2E }, useLocalIp, isForWasm, isLegacy) {
+function getPortalBaseURL({ env, isE2E, portalUrlOverride }, useLocalIp, isForWasm, isLegacy) {
+  const resolvedPortalUrlOverride = portalUrlOverride != null ? portalUrlOverride : getGlobalPortalUrlOverride();
+  if (resolvedPortalUrlOverride && !isForWasm) {
+    return new URL(resolvedPortalUrlOverride).origin;
+  }
   if (isE2E) {
     if (isForWasm) {
       return `https://app.sandbox.getpara.com`;
@@ -44,7 +52,7 @@ function getParaConnectDomain(env) {
     case Environment.SANDBOX:
       return "connect.sandbox.getpara.com";
     case Environment.BETA:
-      return "connect.beta.getpara.com";
+      return "connect.getpara.com";
     case Environment.PROD:
       return "connect.getpara.com";
     default:

package/dist/types/ParaCore.d.ts

@@ -1,6 +1,6 @@
-import { AuthMethod, AuthExtras, CurrentWalletIds, EmailTheme, PartnerEntity, TWalletType, PregenIds, BiometricLocationHint, Auth, SupportedWalletTypes, AuthIdentifier, AuthType, ExternalWalletInfo, PrimaryAuthInfo, SessionInfo, PrimaryAuth, PrimaryAuthType, AccountMetadata, LinkedAccounts, VerifyLinkParams, VerifyExternalWalletParams as VerifyExternalWalletParamsServer, SupportedAccountLinks, OnRampPurchase, BalancesConfig, IssueJwtParams, TWalletScheme } from '@getpara/user-management-client';
+import { AuthMethod, AuthExtras, CurrentWalletIds, EmailTheme, PartnerAppConfig, PartnerEntity, SdkOverridableAppConfig, TWalletType, PregenIds, BiometricLocationHint, Auth, SupportedWalletTypes, AuthIdentifier, AuthType, ExternalWalletInfo, PrimaryAuthInfo, SessionInfo, PrimaryAuth, PrimaryAuthType, AccountMetadata, LinkedAccounts, VerifyLinkParams, VerifyExternalWalletParams as VerifyExternalWalletParamsServer, SupportedAccountLinks, OnRampPurchase, BalancesConfig, IssueJwtParams, TWalletScheme, PartnerThemeConfig } from '@getpara/user-management-client';
 import type { pki as pkiType } from 'node-forge';
-import { Ctx, Environment, Wallet, ConstructorOpts, CoreAuthInfo, CoreMethodParams, CoreMethodResponse, CoreInterface, AccountLinkInProgress, InternalMethodParams, InternalMethodResponse, OAuthResponse, AvailableWallet, PortalTheme } from './types/index.js';
+import { Ctx, Environment, Wallet, ConstructorOpts, CoreAuthInfo, CoreMethodParams, CoreMethodResponse, CoreInterface, AccountLinkInProgress, InternalMethodParams, InternalMethodResponse, OAuthResponse, AvailableWallet } from './types/index.js';
 import { PlatformUtils } from './PlatformUtils.js';
 import { AuthServiceInterface, ExternalWalletServiceInterface, PollingServiceInterface, PortalUrlServiceInterface, PregenWalletServiceInterface, SessionManagementServiceInterface, StateMachineInterface, WalletServiceInterface } from './types/serviceInterfaces.js';
 import type { WaitForLoginParams, WaitForLoginResponse, WaitForSignupParams, WaitForWalletCreationParams, VerifyFarcasterParams, VerifyFarcasterResponse, VerifyNewAccountParams, VerifyTelegramParams, AddCredentialParams, GetNewCredentialAndUrlParams, GetNewCredentialAndUrlResponse, LoginExternalWalletParams, ResendVerificationCodeParams, SignUpOrLogInParams, VerifyOAuthProcessParams, VerifyOAuthProcessResponse, GetLoginUrlParams, GetOAuthUrlParams, PortalUrlOptions, PortalUrlType, ClaimPregenWalletsParams, CreatePregenWalletParams, CreatePregenWalletPerTypeParams, GetPregenWalletsParams, HasPregenWalletParams, UpdatePregenWalletIdentifierParams, CreateWalletParams, CreateWalletPerTypeParams, DistributeNewWalletShareParams, FindWalletByAddressParams, FindWalletIdParams, FindWalletParams, GetDisplayAddressParams, GetIdenticonHashParams, GetWalletBalanceParams, GetWalletsByTypeParams, RequestFaucetParams, RequestFaucetResponse, RefreshShareParams, SetCurrentWalletIdsParams, SetWalletsParams, RefreshSessionParams, VerifyExternalWalletParams, InitExternalWalletProviderParams, ConnectExternalWalletParams, ExternalSignMessageParams, AuthenticateWithEmailOrPhoneParams, AuthenticateWithOAuthParams } from './services/types';
@@ -90,6 +90,20 @@ export declare abstract class ParaCore implements CoreInterface {
      * @returns A function that can be called to unsubscribe from the readiness state changes.
      */
     onReadyStateChange(callback: (isReady: boolean) => void): () => void;
+    /**
+     * Subscribe to changes in any input to `paraCore.config`:
+     *   - partner record updates (lazy load after a failed eager fetch, etc.)
+     *   - SDK override layer replacement (`setSdkConfigOverrides`)
+     *
+     * The callback fires after the relevant state has settled; subscribers
+     * should re-read `paraCore.config` to get the new merged value. Returns
+     * an unsubscribe function.
+     *
+     * Used by the React layer to bump its reactive `paraConfigVersion`
+     * counter; non-React consumers (server SDK, telemetry, etc.) can wire
+     * the same signal to invalidate their caches.
+     */
+    onConfigChange(callback: () => void): () => void;
     get authInfo(): CoreAuthInfo | undefined;
     get email(): AuthIdentifier<'email'> | undefined;
     get phone(): AuthIdentifier<'phone'> | undefined;
@@ -98,6 +112,57 @@ export declare abstract class ParaCore implements CoreInterface {
     get externalWalletWithParaAuth(): Wallet | undefined;
     get externalWalletConnectionType(): import("./services/types").ExternalWalletConnectionType;
     protected partner?: PartnerEntity;
+    /**
+     * Resolved partner app config: partner ⊕ SDK overrides.
+     * Read-only view; safe to call before `getPartner` returns (yields `{}` via
+     * the merge of no layers).
+     *
+     * Memoized on `(this.partner, this.#sdkConfigOverrides)` identity. Multiple
+     * consumers read this (assertConfigAllowed at 9 sites, PortalUrlService,
+     * ExternalWalletWrapper); without memoization each access re-allocates a
+     * fresh merged object graph. Cache invalidates whenever `this.partner` is
+     * replaced (via getPartner) or `setSdkConfigOverrides` is called.
+     */
+    get config(): PartnerAppConfig;
+    /**
+     * Read-only accessor for the raw partner record. Returns `undefined` until
+     * `getPartner` resolves (typically during `setup()`).
+     *
+     * The vast majority of partner-driven UX should consume `this.config`
+     * instead — that layer applies SDK overrides, exposes a stable shape, and
+     * is memoized. Use this getter only for fields that live on `PartnerEntity`
+     * but aren't promoted onto `PartnerAppConfig` (e.g. `logoUrl`, internal
+     * policy state). Whatever this returns is exactly what the public
+     * `getPartner(id)` API resolved on the last fetch — no additional
+     * processing.
+     */
+    get partnerRecord(): PartnerEntity | undefined;
+    /**
+     * Replace the SDK-side override layer. Generic surface — any post-construction
+     * caller (React provider, server-sdk, custom integration) can update overrides
+     * without rebuilding the ParaCore instance.
+     *
+     * Replaces wholesale (last writer wins). Pass undefined to clear.
+     */
+    setSdkConfigOverrides(overrides: Partial<SdkOverridableAppConfig> | undefined): void;
+    /**
+     * Read the raw SDK override layer (NOT the merged config). Used by analytics
+     * to distinguish "what the consumer passed" from "what the resolver
+     * produced." For the resolved view, use `paraCore.config`.
+     *
+     * @internal — analytics-only. App code should read `paraCore.config` instead;
+     *   this getter exposes pre-merge values that can change shape across
+     *   versions without notice.
+     *
+     * @remarks Redaction contract — any analytics consumer dispatching this
+     *   value to an external sink MUST sanitize first. Specifically `rpcUrl`
+     *   commonly embeds API keys (Alchemy `/v2/<key>`, Infura `/v3/<key>`).
+     *   Today the React modal owns redaction in
+     *   `react-sdk-lite/src/modal/ParaModal.tsx` (`sanitizeSdkConfigOverridesForAnalytics`).
+     *   When Phase 7's non-React analytics lands here, lift that helper next
+     *   to this getter so all consumers share one sanitizer.
+     */
+    get sdkConfigOverrides(): Partial<SdkOverridableAppConfig> | undefined;
     get userId(): string | undefined;
     accountLinkInProgress: AccountLinkInProgress | undefined;
     get isEnclaveUser(): boolean;
@@ -198,7 +263,7 @@ export declare abstract class ParaCore implements CoreInterface {
      * Theme to use for the portal
      * WARNING: This theme will override portal options set within the developer portal.
      */
-    portalTheme?: PortalTheme;
+    portalTheme?: PartnerThemeConfig;
     /**
      * Whether or not to treat external wallets as connections only, skipping all Para functionality.
      */
@@ -208,6 +273,21 @@ export declare abstract class ParaCore implements CoreInterface {
     get isNoWalletConfig(): boolean;
     get supportedWalletTypes(): SupportedWalletTypes;
     get cosmosPrefix(): string | undefined;
+    /**
+     * Auth methods the partner has enabled. Read off the raw partner record —
+     * partner-authoritative and excluded from `SdkOverridableAppConfig`, so it
+     * does NOT participate in the override merge chain.
+     *
+     * Named `supportedAuthMethodsList` (not `supportedAuthMethods`) to avoid
+     * colliding with the existing protected async `supportedAuthMethods(auth)`
+     * method that performs a backend lookup. Different concept, different shape.
+     */
+    get supportedAuthMethodsList(): AuthMethod[];
+    /**
+     * Balance display config from the partner record. Partner-authoritative;
+     * excluded from `SdkOverridableAppConfig`.
+     */
+    get balancesConfig(): BalancesConfig | undefined;
     get supportedAccountLinks(): SupportedAccountLinks;
     get isWalletTypeEnabled(): Partial<Record<TWalletType, boolean>>;
     protected onRampPopup: {
@@ -280,7 +360,7 @@ export declare abstract class ParaCore implements CoreInterface {
     getExternalWalletServiceInterface(): ExternalWalletServiceInterface;
     getPollingServiceInterface(): PollingServiceInterface;
     private trackError;
-    private wrapMethodsWithErrorTracking;
+    private wrapMethodsWithTracing;
     private initializeFromStorage;
     private updateAuthInfoFromStorage;
     private updateEnclaveJwtFromStorage;
@@ -458,6 +538,16 @@ export declare abstract class ParaCore implements CoreInterface {
     verifyExternalWallet(params: VerifyExternalWalletParams): Promise<import("./services/types").VerifyExternalWalletResponse>;
     retryVerifyExternalWallet(): Promise<import("./services/types").VerifyExternalWalletResponse>;
     signExternalWalletVerification(params: ExternalSignMessageParams): Promise<import("./services/types").BaseVerifyExternalWalletParams>;
+    signExternalWalletMessageForReauth(params: ExternalSignMessageParams & {
+        externalWallet: ExternalWalletInfo;
+    }): Promise<{
+        address: string;
+        cosmosPublicKeyHex?: string;
+        cosmosSigner?: string;
+        addressBech32?: string;
+        externalWallet: ExternalWalletInfo;
+        signedMessage: string;
+    }>;
     protected verifyExternalWalletLink(opts: InternalMethodParams<'verifyExternalWalletLink'>): InternalMethodResponse<'verifyExternalWalletLink'>;
     protected verifyTelegramProcess(opts: VerifyTelegramParams & {
         isLinkAccount: false;
@@ -489,7 +579,7 @@ export declare abstract class ParaCore implements CoreInterface {
     /**
      * Resend a verification email for the current user.
      */
-    resendVerificationCode({ type: reason }: ResendVerificationCodeParams): Promise<void>;
+    resendVerificationCode({ type: reason, deliveryChannel }: ResendVerificationCodeParams): Promise<import("./services/types").ResendVerificationCodeResponse>;
     /**
      * Checks if the current session is active.
      * @returns `true` if active, `false` otherwise
@@ -658,8 +748,6 @@ export declare abstract class ParaCore implements CoreInterface {
      **/
     createWallet(params?: CreateWalletParams): Promise<import("./services/types").CreateWalletResponse>;
     /**
-     * @deprecated Use the REST API (`POST /v1/wallets`) instead. See {@link https://docs.getpara.com/v2/rest/migrate-from-sdk-pregen | migration guide}.
-     *
      * Creates a new pregenerated wallet.
      *
      * @param {Object} opts the options object.
@@ -670,8 +758,6 @@ export declare abstract class ParaCore implements CoreInterface {
      **/
     createPregenWallet(params: CreatePregenWalletParams): Promise<Wallet>;
     /**
-     * @deprecated Use the REST API (`POST /v1/wallets`) instead. See {@link https://docs.getpara.com/v2/rest/migrate-from-sdk-pregen | migration guide}.
-     *
      * Creates new pregenerated wallets for each desired type.
      * If no types are provided, this method will create one for each of the non-optional types
      * specified in the instance's `supportedWalletTypes` array that are not already present.
@@ -683,8 +769,6 @@ export declare abstract class ParaCore implements CoreInterface {
      **/
     createPregenWalletPerType(params: CreatePregenWalletPerTypeParams): Promise<import("./services/types").CreatePregenWalletPerTypeResponse>;
     /**
-     * @deprecated Use the REST API (`POST /v1/wallets`) instead. See {@link https://docs.getpara.com/v2/rest/migrate-from-sdk-pregen | migration guide}.
-     *
      * Claims a pregenerated wallet.
      * @param {Object} opts the options object.
      * @param {string} opts.pregenIdentifier string the identifier of the user claiming the wallet
@@ -693,8 +777,6 @@ export declare abstract class ParaCore implements CoreInterface {
      **/
     claimPregenWallets(params?: ClaimPregenWalletsParams): Promise<string>;
     /**
-     * @deprecated Use the REST API (`PATCH /v1/wallets/:id`) instead. See {@link https://docs.getpara.com/v2/rest/migrate-from-sdk-pregen | migration guide}.
-     *
      * Updates the identifier for a pregen wallet.
      * @param {Object} opts the options object.
      * @param {string} opts.walletId the pregen wallet ID
@@ -703,8 +785,6 @@ export declare abstract class ParaCore implements CoreInterface {
      **/
     updatePregenWalletIdentifier(params: UpdatePregenWalletIdentifierParams): Promise<void>;
     /**
-     * @deprecated Use the REST API (`GET /v1/wallets`) instead. See {@link https://docs.getpara.com/v2/rest/migrate-from-sdk-pregen | migration guide}.
-     *
      * Checks if a pregen Wallet exists for the given identifier with the current partner.
      * @param {Object} opts the options object.
      * @param {string} opts.pregenIdentifier string the identifier of the user claiming the wallet
@@ -713,8 +793,6 @@ export declare abstract class ParaCore implements CoreInterface {
      **/
     hasPregenWallet(params: HasPregenWalletParams): Promise<boolean>;
     /**
-     * @deprecated Use the REST API (`GET /v1/wallets`) instead. See {@link https://docs.getpara.com/v2/rest/migrate-from-sdk-pregen | migration guide}.
-     *
      * Get pregen wallets for the given identifier.
      * @param {Object} opts the options object.
      * @param {string} opts.pregenIdentifier - the identifier of the user claiming the wallet
@@ -747,11 +825,11 @@ export declare abstract class ParaCore implements CoreInterface {
     private getOnRampTransactionUrl;
     getWalletBalance(params: GetWalletBalanceParams): Promise<string>;
     /**
-     * Requests testnet funds from the faucet for the specified wallet.
+     * Submits a testnet faucet funding transaction for the specified wallet.
      * @param {RequestFaucetParams} params the options object.
      * @param {string} params.walletId the id of the wallet to fund.
      * @param {string} [params.chain] optional chain identifier to target a specific testnet.
-     * @returns the faucet transaction details, including the transaction hash and amount sent.
+     * @returns the submitted faucet transaction details. Wait for the returned transaction hash to confirm before spending.
      */
     requestFaucet(params: RequestFaucetParams): Promise<RequestFaucetResponse>;
     /**
@@ -868,6 +946,10 @@ export declare abstract class ParaCore implements CoreInterface {
     }): Promise<import("@getpara/user-management-client").ProfileBalance>;
     protected sendLoginCode(): Promise<{
         userId: string;
+        deliveryChannel: import("@getpara/user-management-client").DeliveryChannel;
+        fallbackUsed: boolean;
+        fallbackChannel: import("@getpara/user-management-client").DeliveryChannel;
+        isSmsAllowed: boolean;
     }>;
     exportPrivateKey(args?: CoreMethodParams<'exportPrivateKey'>): CoreMethodResponse<'exportPrivateKey'>;
 }

package/dist/types/PlatformUtils.d.ts

@@ -10,6 +10,7 @@ export type EventHandler<T = any> = (data: T) => void;
 export interface PlatformUtils {
     sdkType: SDKType;
     getPrivateKey(ctx: Ctx, userId: string, walletId: string, share: string, sessionCookie: string): Promise<string>;
+    getED25519PrivateKey(ctx: Ctx, userId: string, walletId: string, share: string, sessionCookie: string): Promise<string>;
     keygen(ctx: Ctx, userId: string, type: Exclude<TWalletType, 'SOLANA'>, secretKey: string | null, // should be acceptable as null in RN as we don't pre-gen them
     sessionCookie: string, emailProps?: BackupKitEmailProps): Promise<{
         signer: string;

package/dist/types/errors.d.ts

@@ -10,3 +10,29 @@ export declare class TransactionReviewTimeout extends Error {
     transactionReviewUrl: string;
     constructor(transactionReviewUrl: string, pendingTransactionId: string);
 }
+/**
+ * Discriminant for a `PartnerConfigError`. Each code corresponds to a specific
+ * partner-config check that rejected an SDK call. Stable string values are
+ * part of the public surface — consumer code may switch on them to localize
+ * messages or steer recovery flows.
+ *
+ * Keep this union honest: only codes that `assertConfigAllowed` (or another
+ * runtime check) actually throws today. When Phase 7 adds wallet-type /
+ * account-link / auth-method enforcement, add `WALLET_TYPE_NOT_ALLOWED`,
+ * `ACCOUNT_LINK_NOT_ALLOWED`, `AUTH_METHOD_DISABLED` here in the same patch
+ * that introduces the matching `ConfigCheck` kinds. Pre-declaring them here
+ * would create dead `switch` branches in consumer code.
+ */
+export type PartnerConfigErrorCode = 'EMAIL_LOGIN_DISABLED' | 'PHONE_LOGIN_DISABLED' | 'OAUTH_METHOD_NOT_ALLOWED' | 'TWO_FACTOR_DISABLED' | 'GUEST_MODE_DISABLED';
+/**
+ * Thrown when an SDK auth or wallet call violates a partner-config restriction.
+ * `assertConfigAllowed` runs at the affected SDK entry points so partner
+ * posture (e.g. "email login disabled", "OAuth allowlist limited to GOOGLE")
+ * is enforced for direct SDK calls too — not just the modal.
+ */
+export declare class PartnerConfigError extends Error {
+    readonly code: PartnerConfigErrorCode;
+    /** Optional context — e.g. for `OAUTH_METHOD_NOT_ALLOWED`, the method that was rejected. */
+    readonly detail?: string;
+    constructor(code: PartnerConfigErrorCode, message: string, detail?: string);
+}

package/dist/types/external/userManagementClient.d.ts

@@ -3,7 +3,7 @@ import { Environment } from '../types/index.js';
 export declare function getBaseOAuthUrl(env: Environment): string;
 export declare function getBaseUrl(env: Environment, scheme?: 'http' | 'ws'): string;
 export declare function getBaseMPCNetworkUrl(env: Environment, useWebsocket?: boolean): string;
-export declare function initClient({ env, version, apiKey, partnerId, useFetchAdapter, retrieveSessionCookie, persistSessionCookie, }: {
+export declare function initClient({ env, version, apiKey, partnerId, useFetchAdapter, retrieveSessionCookie, persistSessionCookie, staticTraceContext, }: {
     env: Environment;
     version?: string;
     apiKey: string;
@@ -11,4 +11,5 @@ export declare function initClient({ env, version, apiKey, partnerId, useFetchAd
     useFetchAdapter?: boolean;
     retrieveSessionCookie?: () => string;
     persistSessionCookie?: (cookie: string) => void;
+    staticTraceContext?: Record<string, string>;
 }): Client;