@getpara/core-sdk 3.0.0-alpha.1 → 3.1.0

package/dist/cjs/services/WalletService.js

@@ -83,6 +83,7 @@ var import_events = require("../types/events.js");
 var import_constants = require("../constants.js");
 var import_shareDistribution = require("../shares/shareDistribution.js");
 var import_recovery = require("../shares/recovery.js");
+var import_tracer = require("../telemetry/tracer.js");
 var _authService, _pollingService, _pregenWalletService, _externalWalletService, _paraCoreInterface, _wallets, _currentWalletIds, _isWalletOwned, _getMissingTypes, _encodeWalletBase64;
 class WalletService {
   constructor(paraCore) {
@@ -164,15 +165,20 @@ class WalletService {
         }
       });
     });
+    // wallets.populate names the GET /users/:userId/wallets call that runs to
+    // refresh address state after creation/refresh; without it the GET shows up
+    // as a bare span at the trace top level.
     this.populateWalletAddresses = () => __async(this, null, function* () {
-      const res = yield (__privateGet(this, _paraCoreInterface).isPortal() ? __privateGet(this, _paraCoreInterface).ctx.client.getAllWallets : __privateGet(this, _paraCoreInterface).ctx.client.getWallets)(__privateGet(this, _authService).userId, true);
-      const wallets = res.data.wallets;
-      wallets.forEach((entity) => {
-        if (this.wallets[entity.id]) {
-          this.wallets[entity.id] = __spreadValues(__spreadValues({}, (0, import_wallet2.entityToWallet)(entity)), this.wallets[entity.id]);
-        }
-      });
-      yield this.setWallets(this.wallets);
+      return (0, import_tracer.wrapWithSpan)("wallets.populate", () => __async(this, null, function* () {
+        const res = yield (__privateGet(this, _paraCoreInterface).isPortal() ? __privateGet(this, _paraCoreInterface).ctx.client.getAllWallets : __privateGet(this, _paraCoreInterface).ctx.client.getWallets)(__privateGet(this, _authService).userId, true);
+        const wallets = res.data.wallets;
+        wallets.forEach((entity) => {
+          if (this.wallets[entity.id]) {
+            this.wallets[entity.id] = __spreadValues(__spreadValues({}, (0, import_wallet2.entityToWallet)(entity)), this.wallets[entity.id]);
+          }
+        });
+        yield this.setWallets(this.wallets);
+      }));
     });
     this.addToCurrentWalletIds = (walletIds, options) => __async(this, null, function* () {
       const updatedWalletIds = __spreadValues({}, this.currentWalletIds);
@@ -212,31 +218,35 @@ class WalletService {
       );
       let signer;
       let wallet;
-      let keygenRes;
-      switch (walletType) {
-        case "STELLAR":
-        case "SOLANA": {
-          keygenRes = yield __privateGet(this, _paraCoreInterface).platformUtils.ed25519Keygen(
-            __privateGet(this, _paraCoreInterface).ctx,
-            __privateGet(this, _authService).userId,
-            __privateGet(this, _paraCoreInterface).retrieveSessionCookie(),
-            __privateGet(this, _paraCoreInterface).getBackupKitEmailProps(),
-            walletType
-          );
-          break;
-        }
-        default: {
-          keygenRes = yield __privateGet(this, _paraCoreInterface).platformUtils.keygen(
-            __privateGet(this, _paraCoreInterface).ctx,
-            __privateGet(this, _authService).userId,
-            walletType,
-            null,
-            __privateGet(this, _paraCoreInterface).retrieveSessionCookie(),
-            __privateGet(this, _paraCoreInterface).getBackupKitEmailProps()
-          );
-          break;
+      const keygenRes = yield (0, import_tracer.wrapWithSpan)(
+        "mpc.keygen",
+        () => __async(this, null, function* () {
+          switch (walletType) {
+            case "STELLAR":
+            case "SOLANA":
+              return __privateGet(this, _paraCoreInterface).platformUtils.ed25519Keygen(
+                __privateGet(this, _paraCoreInterface).ctx,
+                __privateGet(this, _authService).userId,
+                __privateGet(this, _paraCoreInterface).retrieveSessionCookie(),
+                __privateGet(this, _paraCoreInterface).getBackupKitEmailProps(),
+                walletType
+              );
+            default:
+              return __privateGet(this, _paraCoreInterface).platformUtils.keygen(
+                __privateGet(this, _paraCoreInterface).ctx,
+                __privateGet(this, _authService).userId,
+                walletType,
+                null,
+                __privateGet(this, _paraCoreInterface).retrieveSessionCookie(),
+                __privateGet(this, _paraCoreInterface).getBackupKitEmailProps()
+              );
+          }
+        }),
+        {
+          "wallet.type": walletType,
+          "wallet.scheme": walletType === "SOLANA" || walletType === "STELLAR" ? "ED25519" : "DKLS"
         }
-      }
+      );
       const walletId = keygenRes.walletId;
       const walletScheme = walletType === "SOLANA" || walletType === "STELLAR" ? "ED25519" : "DKLS";
       signer = keygenRes.signer;
@@ -444,11 +454,16 @@ class WalletService {
       }
       return type;
     });
+    // wallets.fetch names the post-keygen wallet list reads (the polling-style
+    // GETs that follow each MPC keygen). The auto-instrumented HTTP child carries
+    // the URL and status so this stays cheap.
     this.fetchWallets = () => __async(this, null, function* () {
-      const res = yield __privateGet(this, _paraCoreInterface).isPortal() || __privateGet(this, _paraCoreInterface).isParaConnect() ? __privateGet(this, _paraCoreInterface).ctx.client.getAllWallets(__privateGet(this, _authService).userId) : __privateGet(this, _paraCoreInterface).ctx.client.getWallets(__privateGet(this, _authService).userId, true);
-      return res.data.wallets.filter(
-        (wallet) => !!wallet.address && wallet.sharesPersisted && (__privateGet(this, _paraCoreInterface).isParaConnect() || !__privateGet(this, _paraCoreInterface).isParaConnect() && this.isWalletSupported((0, import_wallet2.entityToWallet)(wallet)))
-      );
+      return (0, import_tracer.wrapWithSpan)("wallets.fetch", () => __async(this, null, function* () {
+        const res = yield __privateGet(this, _paraCoreInterface).isPortal() || __privateGet(this, _paraCoreInterface).isParaConnect() ? __privateGet(this, _paraCoreInterface).ctx.client.getAllWallets(__privateGet(this, _authService).userId) : __privateGet(this, _paraCoreInterface).ctx.client.getWallets(__privateGet(this, _authService).userId, true);
+        return res.data.wallets.filter(
+          (wallet) => !!wallet.address && wallet.sharesPersisted && (__privateGet(this, _paraCoreInterface).isParaConnect() || !__privateGet(this, _paraCoreInterface).isParaConnect() && this.isWalletSupported((0, import_wallet2.entityToWallet)(wallet)))
+        );
+      }));
     });
     this.getWalletBalance = (_0) => __async(this, [_0], function* ({ walletId, rpcUrl }) {
       return (yield __privateGet(this, _paraCoreInterface).ctx.client.getWalletBalance({ walletId, rpcUrl })).balance;

package/dist/cjs/shares/enclave.js

@@ -40,6 +40,7 @@ __export(enclave_exports, {
   EnclaveClient: () => EnclaveClient
 });
 module.exports = __toCommonJS(enclave_exports);
+var import_tracer = require("../telemetry/tracer.js");
 class EnclaveClient {
   constructor({
     userManagementClient,
@@ -211,40 +212,59 @@ ${exportedAsBase64}
    * Persist key shares to the enclave
    * @param shares Array of share data to persist
    */
+  // enclave.persist_shares wraps the encrypt + POST /enclave/key-shares pair so
+  // both the (CPU-bound) ECIES encryption and the network call show up under a
+  // named parent in the trace. Encryption can dominate the wall time so it's
+  // worth spelling out separately from the POST itself.
   persistShares(shares) {
     return __async(this, null, function* () {
-      const payload = {
-        shares,
-        jwt: this.retrieveJwt()
-      };
-      const encryptedPayload = yield this.encryptForEnclave(JSON.stringify(payload));
-      const encryptedPayloadStr = JSON.stringify(encryptedPayload);
-      return yield this.userManagementClient.persistEnclaveShares({ encryptedPayload: encryptedPayloadStr });
+      return (0, import_tracer.wrapWithSpan)(
+        "enclave.persist_shares",
+        () => __async(this, null, function* () {
+          const payload = {
+            shares,
+            jwt: this.retrieveJwt()
+          };
+          const encryptedPayload = yield this.encryptForEnclave(JSON.stringify(payload));
+          const encryptedPayloadStr = JSON.stringify(encryptedPayload);
+          return yield this.userManagementClient.persistEnclaveShares({ encryptedPayload: encryptedPayloadStr });
+        }),
+        { "enclave.share_count": shares.length }
+      );
     });
   }
   /**
    * Retrieve key shares from the enclave
    * @param query Query parameters for finding shares (single query or array of queries)
    */
+  // enclave.retrieve_shares wraps the JWT issue + ECDH keypair gen + GET
+  // /enclave/key-shares + decrypt pipeline. The decrypt step can be slow on
+  // many-share accounts so a named span makes that latency easy to spot.
   retrieveShares(query) {
     return __async(this, null, function* () {
-      yield this.issueEnclaveJwt();
-      const frontendKeyPair = yield this.generateFrontendKeyPair();
-      const responsePublicKeyPEM = yield this.exportPublicKeyToPEM(frontendKeyPair.publicKey);
-      const fullQuery = query.map((q) => ({
-        userId: q.userId
-      }));
-      const payload = {
-        query: fullQuery,
-        responsePublicKey: responsePublicKeyPEM,
-        jwt: this.retrieveJwt()
-      };
-      const encryptedPayload = yield this.encryptForEnclave(JSON.stringify(payload));
-      const encryptedPayloadStr = JSON.stringify(encryptedPayload);
-      const response = yield this.userManagementClient.retrieveEnclaveShares(encryptedPayloadStr);
-      const encryptedResponse = JSON.parse(response.payload);
-      const decryptedData = yield this.decryptForFrontend(encryptedResponse);
-      return Array.isArray(decryptedData == null ? void 0 : decryptedData.shares) ? decryptedData.shares : [];
+      return (0, import_tracer.wrapWithSpan)(
+        "enclave.retrieve_shares",
+        () => __async(this, null, function* () {
+          yield this.issueEnclaveJwt();
+          const frontendKeyPair = yield this.generateFrontendKeyPair();
+          const responsePublicKeyPEM = yield this.exportPublicKeyToPEM(frontendKeyPair.publicKey);
+          const fullQuery = query.map((q) => ({
+            userId: q.userId
+          }));
+          const payload = {
+            query: fullQuery,
+            responsePublicKey: responsePublicKeyPEM,
+            jwt: this.retrieveJwt()
+          };
+          const encryptedPayload = yield this.encryptForEnclave(JSON.stringify(payload));
+          const encryptedPayloadStr = JSON.stringify(encryptedPayload);
+          const response = yield this.userManagementClient.retrieveEnclaveShares(encryptedPayloadStr);
+          const encryptedResponse = JSON.parse(response.payload);
+          const decryptedData = yield this.decryptForFrontend(encryptedResponse);
+          return Array.isArray(decryptedData == null ? void 0 : decryptedData.shares) ? decryptedData.shares : [];
+        }),
+        { "enclave.query_count": query.length }
+      );
     });
   }
   deleteShares() {

package/dist/cjs/state/CoreStateManager.js

@@ -115,7 +115,7 @@ const _CoreStateManager = class _CoreStateManager {
    * Extracts all data needed by UI consumers from authStateResult.
    */
   computeAuthStateInfo(authContext, walletContext) {
-    var _a, _b, _c, _d, _e, _f, _g, _h, _i, _j, _k, _l, _m, _n, _o, _p, _q, _r, _s, _t, _u, _v, _w, _x, _y, _z, _A, _B, _C, _D, _E, _F, _G, _H, _I;
+    var _a, _b, _c, _d, _e, _f, _g, _h, _i, _j, _k, _l, _m, _n, _o, _p, _q, _r, _s, _t, _u, _v, _w, _x, _y, _z, _A, _B, _C, _D, _E, _F, _G, _H, _I, _J, _K, _L;
     const defaultAuthStateInfo = {
       userId: null,
       isPasskeySupported: false,
@@ -133,6 +133,9 @@ const _CoreStateManager = class _CoreStateManager {
       passkeyId: null,
       verificationUrl: null,
       verificationFullUrl: null,
+      deliveryChannel: null,
+      fallbackUsed: false,
+      fallbackChannel: null,
       externalWalletVerification: null,
       recoverySecret: null,
       isNewUser: false
@@ -172,6 +175,9 @@ const _CoreStateManager = class _CoreStateManager {
     let verificationFullUrl = null;
     let passkeyHints = null;
     let passkeyId = null;
+    let deliveryChannel = null;
+    let fallbackUsed = false;
+    let fallbackChannel = null;
     if (stage === "login") {
       const loginState = authStateResult;
       const authMethods = (_j = loginState.loginAuthMethods) != null ? _j : [];
@@ -205,6 +211,9 @@ const _CoreStateManager = class _CoreStateManager {
       const verifyState = authStateResult;
       verificationUrl = (_C = verifyState.loginUrl) != null ? _C : null;
       verificationFullUrl = (_D = verifyState.loginFullUrl) != null ? _D : null;
+      deliveryChannel = (_E = verifyState.deliveryChannel) != null ? _E : null;
+      fallbackUsed = (_F = verifyState.fallbackUsed) != null ? _F : false;
+      fallbackChannel = (_G = verifyState.fallbackChannel) != null ? _G : null;
     }
     return {
       userId,
@@ -223,10 +232,13 @@ const _CoreStateManager = class _CoreStateManager {
       passkeyId,
       verificationUrl,
       verificationFullUrl,
+      deliveryChannel,
+      fallbackUsed,
+      fallbackChannel,
       externalWalletVerification: externalWalletVerification ? {
-        signatureVerificationMessage: (_E = externalWalletVerification.signatureVerificationMessage) != null ? _E : "",
-        walletAddress: (_G = (_F = externalWalletVerification.externalWallet) == null ? void 0 : _F.address) != null ? _G : "",
-        walletType: (_I = (_H = externalWalletVerification.externalWallet) == null ? void 0 : _H.type) != null ? _I : ""
+        signatureVerificationMessage: (_H = externalWalletVerification.signatureVerificationMessage) != null ? _H : "",
+        walletAddress: (_J = (_I = externalWalletVerification.externalWallet) == null ? void 0 : _I.address) != null ? _J : "",
+        walletType: (_L = (_K = externalWalletVerification.externalWallet) == null ? void 0 : _K.type) != null ? _L : ""
       } : null,
       recoverySecret,
       isNewUser
@@ -288,7 +300,7 @@ const _CoreStateManager = class _CoreStateManager {
   }
   authStateInfoEqual(a, b) {
     var _a, _b, _c, _d, _e, _f, _g, _h, _i;
-    return a.userId === b.userId && a.isPasskeySupported === b.isPasskeySupported && a.hasPasskey === b.hasPasskey && a.hasPassword === b.hasPassword && a.hasPin === b.hasPin && a.passkeyUrl === b.passkeyUrl && a.passkeyFullUrl === b.passkeyFullUrl && a.passkeyKnownDeviceUrl === b.passkeyKnownDeviceUrl && a.passwordUrl === b.passwordUrl && a.passwordFullUrl === b.passwordFullUrl && a.pinUrl === b.pinUrl && a.pinFullUrl === b.pinFullUrl && a.passkeyId === b.passkeyId && a.verificationUrl === b.verificationUrl && a.verificationFullUrl === b.verificationFullUrl && a.recoverySecret === b.recoverySecret && a.isNewUser === b.isNewUser && ((_a = a.externalWalletVerification) == null ? void 0 : _a.signatureVerificationMessage) === ((_b = b.externalWalletVerification) == null ? void 0 : _b.signatureVerificationMessage) && ((_c = a.externalWalletVerification) == null ? void 0 : _c.walletAddress) === ((_d = b.externalWalletVerification) == null ? void 0 : _d.walletAddress) && ((_e = a.externalWalletVerification) == null ? void 0 : _e.walletType) === ((_f = b.externalWalletVerification) == null ? void 0 : _f.walletType) && ((_g = a.passkeyHints) == null ? void 0 : _g.length) === ((_h = b.passkeyHints) == null ? void 0 : _h.length) && ((_i = a.passkeyHints) != null ? _i : []).every(
+    return a.userId === b.userId && a.isPasskeySupported === b.isPasskeySupported && a.hasPasskey === b.hasPasskey && a.hasPassword === b.hasPassword && a.hasPin === b.hasPin && a.passkeyUrl === b.passkeyUrl && a.passkeyFullUrl === b.passkeyFullUrl && a.passkeyKnownDeviceUrl === b.passkeyKnownDeviceUrl && a.passwordUrl === b.passwordUrl && a.passwordFullUrl === b.passwordFullUrl && a.pinUrl === b.pinUrl && a.pinFullUrl === b.pinFullUrl && a.passkeyId === b.passkeyId && a.verificationUrl === b.verificationUrl && a.verificationFullUrl === b.verificationFullUrl && a.deliveryChannel === b.deliveryChannel && a.fallbackUsed === b.fallbackUsed && a.fallbackChannel === b.fallbackChannel && a.recoverySecret === b.recoverySecret && a.isNewUser === b.isNewUser && ((_a = a.externalWalletVerification) == null ? void 0 : _a.signatureVerificationMessage) === ((_b = b.externalWalletVerification) == null ? void 0 : _b.signatureVerificationMessage) && ((_c = a.externalWalletVerification) == null ? void 0 : _c.walletAddress) === ((_d = b.externalWalletVerification) == null ? void 0 : _d.walletAddress) && ((_e = a.externalWalletVerification) == null ? void 0 : _e.walletType) === ((_f = b.externalWalletVerification) == null ? void 0 : _f.walletType) && ((_g = a.passkeyHints) == null ? void 0 : _g.length) === ((_h = b.passkeyHints) == null ? void 0 : _h.length) && ((_i = a.passkeyHints) != null ? _i : []).every(
       (hint, i) => hint.useragent === b.passkeyHints[i].useragent && hint.aaguid === b.passkeyHints[i].aaguid
     );
   }

package/dist/cjs/state/actors/setupPara.js

@@ -42,7 +42,10 @@ __export(setupPara_exports, {
 module.exports = __toCommonJS(setupPara_exports);
 var import_xstate = require("xstate");
 const createSetupParaActor = (paraCoreInterface) => (0, import_xstate.fromPromise)(() => __async(void 0, null, function* () {
-  yield paraCoreInterface.setup();
+  const eagerPartnerLoad = paraCoreInterface.isPortal() ? Promise.resolve() : paraCoreInterface.sessionManagementService.touchSession().catch((e) => {
+    paraCoreInterface.devLog("setupPara: eager partner load via touchSession failed; will retry lazily", e);
+  });
+  yield Promise.all([paraCoreInterface.setup(), eagerPartnerLoad]);
 }));
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {

package/dist/cjs/state/machines/walletStateMachine.js

@@ -215,6 +215,28 @@ function createWalletStateMachine(paraCoreInterface) {
         ]
       },
       needs_wallets: {
+        // `needs_wallets` is otherwise a passive state that waits for the consumer
+        // to dispatch `WAIT_FOR_WALLET_CREATION`. That contract is fine for
+        // `isNewUser` reaching this state without auto-create (`checking_wallet_state`
+        // guard at line ~127), but it traps existing users who landed here via
+        // `waiting_for_wallets` COMPLETE with `needsWallet=true` — i.e., an
+        // authenticated user whose wallets don't satisfy the partner's
+        // `supportedWalletTypes` (e.g. EVM-only user logging into a Solana-only
+        // partner). Their auth flow set `shouldAutoCreateWallets: true` via
+        // `authenticateWithOAuth` / `authenticateWithEmailOrPhone`, but the
+        // existing `claiming_wallets` guard requires `isNewUser ||
+        // shouldClaimGuestWallets`, neither of which is true for them, so
+        // auto-create silently never happens.
+        //
+        // When `shouldAutoCreate` is true, route directly to `creating_wallets`.
+        // `createWalletPerType` is partner-aware via `#getMissingTypes`, so it
+        // provisions exactly the missing required types (no duplicates).
+        always: [
+          {
+            target: "creating_wallets",
+            guard: "shouldAutoCreate"
+          }
+        ],
         on: {
           WAIT_FOR_WALLET_CREATION: {
             target: "claiming_wallets",

package/dist/cjs/telemetry/BeaconSpanProcessor.js

@@ -0,0 +1,99 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __typeError = (msg) => {
+  throw TypeError(msg);
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var __accessCheck = (obj, member, msg) => member.has(obj) || __typeError("Cannot " + msg);
+var __privateGet = (obj, member, getter) => (__accessCheck(obj, member, "read from private field"), getter ? getter.call(obj) : member.get(obj));
+var __privateAdd = (obj, member, value) => member.has(obj) ? __typeError("Cannot add the same private member more than once") : member instanceof WeakSet ? member.add(obj) : member.set(obj, value);
+var __privateSet = (obj, member, value, setter) => (__accessCheck(obj, member, "write to private field"), setter ? setter.call(obj, value) : member.set(obj, value), value);
+var __privateMethod = (obj, member, method) => (__accessCheck(obj, member, "access private method"), method);
+var BeaconSpanProcessor_exports = {};
+__export(BeaconSpanProcessor_exports, {
+  BeaconSpanProcessor: () => BeaconSpanProcessor
+});
+module.exports = __toCommonJS(BeaconSpanProcessor_exports);
+var import_otlp_transformer = require("@opentelemetry/otlp-transformer");
+var _spans, _pagehideListener, _visibilityListener, _url, _BeaconSpanProcessor_instances, flushViaBeacon_fn;
+const MAX_BUFFER_SIZE = 200;
+class BeaconSpanProcessor {
+  constructor(url) {
+    __privateAdd(this, _BeaconSpanProcessor_instances);
+    __privateAdd(this, _spans, []);
+    __privateAdd(this, _pagehideListener);
+    __privateAdd(this, _visibilityListener);
+    __privateAdd(this, _url);
+    __privateSet(this, _url, url);
+    if (typeof window !== "undefined") {
+      __privateSet(this, _pagehideListener, () => __privateMethod(this, _BeaconSpanProcessor_instances, flushViaBeacon_fn).call(this));
+      __privateSet(this, _visibilityListener, () => {
+        if (typeof document !== "undefined" && document.visibilityState === "hidden") {
+          __privateMethod(this, _BeaconSpanProcessor_instances, flushViaBeacon_fn).call(this);
+        }
+      });
+      window.addEventListener("pagehide", __privateGet(this, _pagehideListener));
+      if (typeof document !== "undefined") {
+        document.addEventListener("visibilitychange", __privateGet(this, _visibilityListener));
+      }
+    }
+  }
+  onStart(_span, _parentContext) {
+  }
+  onEnd(span) {
+    __privateGet(this, _spans).push(span);
+    if (__privateGet(this, _spans).length > MAX_BUFFER_SIZE) {
+      __privateGet(this, _spans).shift();
+    }
+  }
+  forceFlush() {
+    return Promise.resolve();
+  }
+  shutdown() {
+    __privateMethod(this, _BeaconSpanProcessor_instances, flushViaBeacon_fn).call(this);
+    if (__privateGet(this, _pagehideListener) && typeof window !== "undefined") {
+      window.removeEventListener("pagehide", __privateGet(this, _pagehideListener));
+      __privateSet(this, _pagehideListener, void 0);
+    }
+    if (__privateGet(this, _visibilityListener) && typeof document !== "undefined") {
+      document.removeEventListener("visibilitychange", __privateGet(this, _visibilityListener));
+      __privateSet(this, _visibilityListener, void 0);
+    }
+    __privateSet(this, _spans, []);
+    return Promise.resolve();
+  }
+}
+_spans = new WeakMap();
+_pagehideListener = new WeakMap();
+_visibilityListener = new WeakMap();
+_url = new WeakMap();
+_BeaconSpanProcessor_instances = new WeakSet();
+flushViaBeacon_fn = function() {
+  if (__privateGet(this, _spans).length === 0) return;
+  if (typeof navigator === "undefined" || typeof navigator.sendBeacon !== "function") return;
+  try {
+    const body = import_otlp_transformer.JsonTraceSerializer.serializeRequest(__privateGet(this, _spans));
+    const blob = new Blob([body], { type: "application/json" });
+    navigator.sendBeacon(__privateGet(this, _url), blob);
+    __privateSet(this, _spans, []);
+  } catch (e) {
+  }
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  BeaconSpanProcessor
+});

package/dist/cjs/telemetry/config.js

@@ -0,0 +1,15 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var config_exports = {};
+module.exports = __toCommonJS(config_exports);

package/dist/cjs/telemetry/init.js

@@ -0,0 +1,193 @@
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getOwnPropSymbols = Object.getOwnPropertySymbols;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __propIsEnum = Object.prototype.propertyIsEnumerable;
+var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
+var __spreadValues = (a, b) => {
+  for (var prop in b || (b = {}))
+    if (__hasOwnProp.call(b, prop))
+      __defNormalProp(a, prop, b[prop]);
+  if (__getOwnPropSymbols)
+    for (var prop of __getOwnPropSymbols(b)) {
+      if (__propIsEnum.call(b, prop))
+        __defNormalProp(a, prop, b[prop]);
+    }
+  return a;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var __async = (__this, __arguments, generator) => {
+  return new Promise((resolve, reject) => {
+    var fulfilled = (value) => {
+      try {
+        step(generator.next(value));
+      } catch (e) {
+        reject(e);
+      }
+    };
+    var rejected = (value) => {
+      try {
+        step(generator.throw(value));
+      } catch (e) {
+        reject(e);
+      }
+    };
+    var step = (x) => x.done ? resolve(x.value) : Promise.resolve(x.value).then(fulfilled, rejected);
+    step((generator = generator.apply(__this, __arguments)).next());
+  });
+};
+var init_exports = {};
+__export(init_exports, {
+  __resetTelemetryForTests: () => __resetTelemetryForTests,
+  flushTelemetry: () => flushTelemetry,
+  initTelemetry: () => initTelemetry,
+  isTelemetryInitialized: () => isTelemetryInitialized,
+  onTelemetryReady: () => onTelemetryReady
+});
+module.exports = __toCommonJS(init_exports);
+var import_sdk_trace_base = require("@opentelemetry/sdk-trace-base");
+var import_exporter_trace_otlp_http = require("@opentelemetry/exporter-trace-otlp-http");
+var import_resources = require("@opentelemetry/resources");
+var import_semantic_conventions = require("@opentelemetry/semantic-conventions");
+var import_api = require("@opentelemetry/api");
+var import_core = require("@opentelemetry/core");
+var import_uxStateSpanProcessor = require("./uxStateSpanProcessor.js");
+var import_uxBaggagePropagator = require("./uxBaggagePropagator.js");
+let initialized = false;
+let tracerProvider;
+const readyCallbacks = [];
+function onTelemetryReady(cb) {
+  if (initialized) {
+    cb();
+    return;
+  }
+  readyCallbacks.push(cb);
+}
+function initTelemetry(opts) {
+  return __async(this, null, function* () {
+    if (initialized) return;
+    initialized = true;
+    const isWeb = opts.sdkType === "WEB" && typeof window !== "undefined";
+    if (isWeb && !opts.isPortal) {
+      try {
+        const { ZoneContextManager } = yield import("@opentelemetry/context-zone");
+        const zoneManager = new ZoneContextManager().enable();
+        import_api.context.setGlobalContextManager(zoneManager);
+      } catch (e) {
+      }
+    }
+    const resource = (0, import_resources.resourceFromAttributes)(__spreadValues(__spreadValues({
+      [import_semantic_conventions.ATTR_SERVICE_NAME]: opts.isPortal ? "para-portal" : "para-sdk",
+      [import_semantic_conventions.ATTR_SERVICE_VERSION]: opts.sdkVersion,
+      "para.platform": opts.sdkType
+    }, opts.partnerId ? { "para.partner_id": opts.partnerId } : {}), opts.resourceAttributes));
+    const exporter = new import_exporter_trace_otlp_http.OTLPTraceExporter({
+      url: opts.tunnelUrl
+      // No auth header — the tunnel is a dumb proxy. Per-IP rate limit + body cap on the
+      // BE side keep abuse contained.
+    });
+    const sampler = new import_sdk_trace_base.TraceIdRatioBasedSampler(Math.max(0, Math.min(1, opts.sampleRate)));
+    const spanProcessors = [new import_uxStateSpanProcessor.UxStateSpanProcessor(), new import_sdk_trace_base.BatchSpanProcessor(exporter)];
+    if (isWeb && opts.isPortal) {
+      try {
+        const { BeaconSpanProcessor } = yield import("./BeaconSpanProcessor.js");
+        spanProcessors.push(new BeaconSpanProcessor(opts.tunnelUrl));
+      } catch (e) {
+      }
+    }
+    tracerProvider = new import_sdk_trace_base.BasicTracerProvider({
+      resource,
+      sampler,
+      spanProcessors
+    });
+    import_api.trace.setGlobalTracerProvider(tracerProvider);
+    import_api.propagation.setGlobalPropagator(
+      new import_core.CompositePropagator({
+        propagators: [new import_core.W3CTraceContextPropagator(), new import_uxBaggagePropagator.UxBaggagePropagator()]
+      })
+    );
+    if (isWeb) {
+      try {
+        const [{ registerInstrumentations }, { FetchInstrumentation }, { XMLHttpRequestInstrumentation }] = yield Promise.all([
+          import("@opentelemetry/instrumentation"),
+          import("@opentelemetry/instrumentation-fetch"),
+          import("@opentelemetry/instrumentation-xml-http-request")
+        ]);
+        const propagateTraceHeaderCorsUrls = [
+          /^https?:\/\/api\.[^/]*getpara\.com/,
+          /^https?:\/\/api\.[^/]*usecapsule\.com/
+        ];
+        if (opts.isDev) {
+          propagateTraceHeaderCorsUrls.push(/^https?:\/\/localhost/);
+        }
+        registerInstrumentations({
+          // Both fetch and XHR are instrumented because axios uses XHR by default in
+          // the browser and `window.fetch` for first-party SDK code paths that opt in.
+          // Without XHR instrumentation, axios calls don't produce client spans AND
+          // Zone-tracked traceparent injection through our manual interceptor isn't
+          // always reliable on native async/await — the auto-instrumentation handles
+          // both span creation and W3C propagation in one pass.
+          instrumentations: [
+            new FetchInstrumentation({ propagateTraceHeaderCorsUrls }),
+            new XMLHttpRequestInstrumentation({ propagateTraceHeaderCorsUrls })
+          ]
+        });
+      } catch (e) {
+      }
+    }
+    while (readyCallbacks.length) {
+      const cb = readyCallbacks.shift();
+      try {
+        cb();
+      } catch (e) {
+      }
+    }
+  });
+}
+function isTelemetryInitialized() {
+  return initialized;
+}
+function flushTelemetry() {
+  return __async(this, null, function* () {
+    if (!tracerProvider) return;
+    try {
+      yield tracerProvider.forceFlush();
+    } catch (e) {
+    }
+  });
+}
+function __resetTelemetryForTests() {
+  initialized = false;
+  tracerProvider = void 0;
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  __resetTelemetryForTests,
+  flushTelemetry,
+  initTelemetry,
+  isTelemetryInitialized,
+  onTelemetryReady
+});