@getpara/core-sdk 3.1.0 → 3.3.0

package/dist/cjs/ParaCore.js

@@ -265,10 +265,11 @@ const _ParaCore = class _ParaCore {
         if (typeof original === "function") {
           this[methodName] = (...args) => {
             var _a;
-            const attrs = __spreadValues({
-              "para.platform": this.platformUtils.sdkType,
+            const attrs = __spreadValues(__spreadProps(__spreadValues({
+              "para.platform": this.platformUtils.sdkType
+            }, this.clientType ? { "para.client_type": this.clientType } : {}), {
               "para.sdk_version": _ParaCore.version
-            }, ((_a = this.partner) == null ? void 0 : _a.id) ? { "para.partner_id": this.partner.id } : {});
+            }), ((_a = this.partner) == null ? void 0 : _a.id) ? { "para.partner_id": this.partner.id } : {});
             return (0, import_tracer.wrapWithSpan)(
               methodName,
               (span) => __async(this, null, function* () {
@@ -430,6 +431,7 @@ const _ParaCore = class _ParaCore {
     this.addCredential = (params) => __async(this, null, function* () {
       return yield __privateGet(this, _authService).addCredential(params);
     });
+    var _a;
     let env, apiKey;
     const actualArgs = Array.from(arguments).filter((arg) => arg !== void 0);
     const actualArgumentCount = actualArgs.length;
@@ -514,11 +516,16 @@ const _ParaCore = class _ParaCore {
         refreshJwt
       );
     };
+    const rawPlatform = (_a = opts.hostPlatform) != null ? _a : this.platformUtils.sdkType;
+    this.clientType = (0, import_userManagementClient.normalizePlatform)(rawPlatform);
     const client = (0, import_userManagementClient.initClient)({
       env,
       version: _ParaCore.version,
       apiKey,
       partnerId: this.isPortal(env) ? opts.portalPartnerId : void 0,
+      // Native shells (Swift/Flutter) set opts.hostPlatform via bridge-v2; web and
+      // React Native fall back to the in-process sdkType. Normalized in initClient.
+      platform: rawPlatform,
       useFetchAdapter: !!opts.disableWorkers,
       retrieveSessionCookie: this.retrieveSessionCookie,
       persistSessionCookie: this.persistSessionCookie
@@ -1570,6 +1577,7 @@ const _ParaCore = class _ParaCore {
           tunnelUrl: `${(0, import_userManagementClient.getBaseUrl)(this.ctx.env)}telemetry`,
           sampleRate: telemetry.sample_rate,
           sdkType: this.platformUtils.sdkType,
+          clientType: this.clientType,
           sdkVersion: _ParaCore.version,
           partnerId: this.partner.id,
           // Only true in DEV — adds localhost to the trace-propagation allow-list
@@ -3481,6 +3489,7 @@ logout_fn = function() {
     this.accountLinkInProgress = void 0;
     __privateGet(this, _authService).userId = void 0;
     __privateGet(this, _sessionManagementService).sessionCookie = void 0;
+    __privateGet(this, _sessionManagementService).invalidateTouchSessionCache();
     this.isEnclaveUser = false;
     (0, import_uxStateSpanProcessor.setCurrentUserId)(void 0);
     if (isSessionActive) {

package/dist/cjs/constants.js

@@ -46,7 +46,7 @@ __export(constants_exports, {
   TRANSACTION_REVIEW_TIMEOUT_MS: () => TRANSACTION_REVIEW_TIMEOUT_MS
 });
 module.exports = __toCommonJS(constants_exports);
-const PARA_CORE_VERSION = "3.1.0";
+const PARA_CORE_VERSION = "3.3.0";
 const PREFIX = "@CAPSULE/";
 const PARA_PREFIX = "@PARA/";
 const LOCAL_STORAGE_AUTH_INFO = `${PREFIX}authInfo`;

package/dist/cjs/external/userManagementClient.js

@@ -30,7 +30,8 @@ __export(userManagementClient_exports, {
   getBaseMPCNetworkUrl: () => getBaseMPCNetworkUrl,
   getBaseOAuthUrl: () => getBaseOAuthUrl,
   getBaseUrl: () => getBaseUrl,
-  initClient: () => initClient
+  initClient: () => initClient,
+  normalizePlatform: () => normalizePlatform
 });
 module.exports = __toCommonJS(userManagementClient_exports);
 var import_user_management_client = __toESM(require("@getpara/user-management-client"));
@@ -93,11 +94,33 @@ function getBaseMPCNetworkUrl(env, useWebsocket) {
       throw new Error(`unsupported env: ${env}`);
   }
 }
+function normalizePlatform(platform) {
+  switch (platform) {
+    case "iOS":
+    case "ios":
+    case "swift":
+      return "swift";
+    case "flutter":
+      return "flutter";
+    case "REACT_NATIVE":
+    case "react-native":
+      return "react-native";
+    case "WEB":
+    case "web":
+      return "web";
+    case "SERVER":
+    case "server":
+      return "server";
+    default:
+      return void 0;
+  }
+}
 function initClient({
   env,
   version,
   apiKey,
   partnerId,
+  platform,
   useFetchAdapter = false,
   retrieveSessionCookie,
   persistSessionCookie,
@@ -108,6 +131,7 @@ function initClient({
     version: [import_types.Environment.DEV, import_types.Environment.SANDBOX].includes(env) ? "dev" : version,
     apiKey,
     partnerId,
+    clientType: normalizePlatform(platform),
     opts: { useFetchAdapter },
     retrieveSessionCookie,
     persistSessionCookie,
@@ -119,5 +143,6 @@ function initClient({
   getBaseMPCNetworkUrl,
   getBaseOAuthUrl,
   getBaseUrl,
-  initClient
+  initClient,
+  normalizePlatform
 });

package/dist/cjs/services/AuthService.js

@@ -686,6 +686,7 @@ class AuthService {
         }
       }
       const { sessionId } = yield __privateGet(this, _sessionManagementService).touchSession();
+      const hasExistingPasskey = userAuthMethods.has(import_user_management_client.AuthMethod.PASSKEY);
       const result = (isForNewDevice || urlType) && (yield __privateGet(this, _portalUrlService).constructPortalUrl(isForNewDevice ? "addNewCredential" : urlType, {
         isForNewDevice,
         pathId: credentialId,
@@ -694,7 +695,8 @@ class AuthService {
         sessionId: isForNewDevice ? sessionId : void 0,
         addNewCredentialType: optsAuthMethod,
         addNewCredentialPasskeyId: passkeyId,
-        addNewCredentialPasswordId: passwordId
+        addNewCredentialPasswordId: passwordId,
+        useLegacyUrl: hasExistingPasskey
       }));
       return __spreadValues({ credentialId }, result ? { url: result.url, fullUrl: result.fullUrl } : {});
     });

package/dist/cjs/services/PollingService.js

@@ -412,6 +412,8 @@ class PollingService {
         if (__privateGet(this, _walletService).currentWalletIdsArray.length === 0) {
           return { finished: false };
         }
+      } else if (__privateGet(this, _walletService).currentWalletIdsArray.length === 0) {
+        return { finished: true };
       }
       const sessionLookupId = session.sessionLookupId;
       const temporaryShares = (yield __privateGet(this, _paraCoreInterface).ctx.client.getTransmissionKeyshares(__privateGet(this, _authService).userId, sessionLookupId)).data.temporaryShares;

package/dist/cjs/services/SessionManagementService.js

@@ -218,6 +218,20 @@ const _SessionManagementService = class _SessionManagementService {
       }
       return session;
     }));
+    // Drop the dedupe cache so the next touchSession() round-trips to the server
+    // instead of replaying the pre-logout snapshot. Without this, the core state
+    // machine's post-logout `checkUserState` (auth machine) hits the cache within
+    // the 1s TTL, sees `isAuthenticated: true` and `currentWalletIds` from before
+    // logout, re-applies the wallet IDs via #doTouchSession line 235-237, and
+    // reports `isFullyLoggedIn=true` — sending the state machine back to
+    // `authenticated` instead of `unauthenticated`. Called from ParaCore.#logout
+    // after the session cookie + in-memory auth state are cleared, so the next
+    // touchSession sees a fresh "no session" response.
+    this.invalidateTouchSessionCache = () => {
+      __privateSet(this, _touchCached, void 0);
+      __privateSet(this, _touchCachedAt, void 0);
+      __privateSet(this, _touchPromise, void 0);
+    };
     this.isSessionActive = () => __async(this, null, function* () {
       if (__privateGet(this, _externalWalletService).externalWalletConnectionType === "CONNECTION_ONLY") {
         return true;

package/dist/cjs/telemetry/init.js

@@ -99,11 +99,11 @@ function initTelemetry(opts) {
       } catch (e) {
       }
     }
-    const resource = (0, import_resources.resourceFromAttributes)(__spreadValues(__spreadValues({
+    const resource = (0, import_resources.resourceFromAttributes)(__spreadValues(__spreadValues(__spreadValues({
       [import_semantic_conventions.ATTR_SERVICE_NAME]: opts.isPortal ? "para-portal" : "para-sdk",
       [import_semantic_conventions.ATTR_SERVICE_VERSION]: opts.sdkVersion,
       "para.platform": opts.sdkType
-    }, opts.partnerId ? { "para.partner_id": opts.partnerId } : {}), opts.resourceAttributes));
+    }, opts.clientType ? { "para.client_type": opts.clientType } : {}), opts.partnerId ? { "para.partner_id": opts.partnerId } : {}), opts.resourceAttributes));
     const exporter = new import_exporter_trace_otlp_http.OTLPTraceExporter({
       url: opts.tunnelUrl
       // No auth header — the tunnel is a dumb proxy. Per-IP rate limit + body cap on the

package/dist/esm/ParaCore.js

@@ -29,7 +29,7 @@ import {
 import forge from "node-forge";
 const { pki, jsbn } = forge;
 import { decryptWithPrivateKey, getAsymmetricKeyPair } from "./cryptography/utils.js";
-import { getBaseUrl, initClient } from "./external/userManagementClient.js";
+import { getBaseUrl, initClient, normalizePlatform } from "./external/userManagementClient.js";
 import * as mpcComputationClient from "./external/mpcComputationClient.js";
 import {
   Environment,
@@ -210,10 +210,11 @@ const _ParaCore = class _ParaCore {
         if (typeof original === "function") {
           this[methodName] = (...args) => {
             var _a;
-            const attrs = __spreadValues({
-              "para.platform": this.platformUtils.sdkType,
+            const attrs = __spreadValues(__spreadProps(__spreadValues({
+              "para.platform": this.platformUtils.sdkType
+            }, this.clientType ? { "para.client_type": this.clientType } : {}), {
               "para.sdk_version": _ParaCore.version
-            }, ((_a = this.partner) == null ? void 0 : _a.id) ? { "para.partner_id": this.partner.id } : {});
+            }), ((_a = this.partner) == null ? void 0 : _a.id) ? { "para.partner_id": this.partner.id } : {});
             return wrapWithSpan(
               methodName,
               (span) => __async(this, null, function* () {
@@ -375,6 +376,7 @@ const _ParaCore = class _ParaCore {
     this.addCredential = (params) => __async(this, null, function* () {
       return yield __privateGet(this, _authService).addCredential(params);
     });
+    var _a;
     let env, apiKey;
     const actualArgs = Array.from(arguments).filter((arg) => arg !== void 0);
     const actualArgumentCount = actualArgs.length;
@@ -459,11 +461,16 @@ const _ParaCore = class _ParaCore {
         refreshJwt
       );
     };
+    const rawPlatform = (_a = opts.hostPlatform) != null ? _a : this.platformUtils.sdkType;
+    this.clientType = normalizePlatform(rawPlatform);
     const client = initClient({
       env,
       version: _ParaCore.version,
       apiKey,
       partnerId: this.isPortal(env) ? opts.portalPartnerId : void 0,
+      // Native shells (Swift/Flutter) set opts.hostPlatform via bridge-v2; web and
+      // React Native fall back to the in-process sdkType. Normalized in initClient.
+      platform: rawPlatform,
       useFetchAdapter: !!opts.disableWorkers,
       retrieveSessionCookie: this.retrieveSessionCookie,
       persistSessionCookie: this.persistSessionCookie
@@ -1515,6 +1522,7 @@ const _ParaCore = class _ParaCore {
           tunnelUrl: `${getBaseUrl(this.ctx.env)}telemetry`,
           sampleRate: telemetry.sample_rate,
           sdkType: this.platformUtils.sdkType,
+          clientType: this.clientType,
           sdkVersion: _ParaCore.version,
           partnerId: this.partner.id,
           // Only true in DEV — adds localhost to the trace-propagation allow-list
@@ -3426,6 +3434,7 @@ logout_fn = function() {
     this.accountLinkInProgress = void 0;
     __privateGet(this, _authService).userId = void 0;
     __privateGet(this, _sessionManagementService).sessionCookie = void 0;
+    __privateGet(this, _sessionManagementService).invalidateTouchSessionCache();
     this.isEnclaveUser = false;
     setCurrentUserId(void 0);
     if (isSessionActive) {

package/dist/esm/constants.js

@@ -1,5 +1,5 @@
 import "./chunk-7B52C2XE.js";
-const PARA_CORE_VERSION = "3.1.0";
+const PARA_CORE_VERSION = "3.3.0";
 const PREFIX = "@CAPSULE/";
 const PARA_PREFIX = "@PARA/";
 const LOCAL_STORAGE_AUTH_INFO = `${PREFIX}authInfo`;

package/dist/esm/external/userManagementClient.js

@@ -59,11 +59,33 @@ function getBaseMPCNetworkUrl(env, useWebsocket) {
       throw new Error(`unsupported env: ${env}`);
   }
 }
+function normalizePlatform(platform) {
+  switch (platform) {
+    case "iOS":
+    case "ios":
+    case "swift":
+      return "swift";
+    case "flutter":
+      return "flutter";
+    case "REACT_NATIVE":
+    case "react-native":
+      return "react-native";
+    case "WEB":
+    case "web":
+      return "web";
+    case "SERVER":
+    case "server":
+      return "server";
+    default:
+      return void 0;
+  }
+}
 function initClient({
   env,
   version,
   apiKey,
   partnerId,
+  platform,
   useFetchAdapter = false,
   retrieveSessionCookie,
   persistSessionCookie,
@@ -74,6 +96,7 @@ function initClient({
     version: [Environment.DEV, Environment.SANDBOX].includes(env) ? "dev" : version,
     apiKey,
     partnerId,
+    clientType: normalizePlatform(platform),
     opts: { useFetchAdapter },
     retrieveSessionCookie,
     persistSessionCookie,
@@ -84,5 +107,6 @@ export {
   getBaseMPCNetworkUrl,
   getBaseOAuthUrl,
   getBaseUrl,
-  initClient
+  initClient,
+  normalizePlatform
 };

package/dist/esm/services/AuthService.js

@@ -617,6 +617,7 @@ class AuthService {
         }
       }
       const { sessionId } = yield __privateGet(this, _sessionManagementService).touchSession();
+      const hasExistingPasskey = userAuthMethods.has(AuthMethod.PASSKEY);
       const result = (isForNewDevice || urlType) && (yield __privateGet(this, _portalUrlService).constructPortalUrl(isForNewDevice ? "addNewCredential" : urlType, {
         isForNewDevice,
         pathId: credentialId,
@@ -625,7 +626,8 @@ class AuthService {
         sessionId: isForNewDevice ? sessionId : void 0,
         addNewCredentialType: optsAuthMethod,
         addNewCredentialPasskeyId: passkeyId,
-        addNewCredentialPasswordId: passwordId
+        addNewCredentialPasswordId: passwordId,
+        useLegacyUrl: hasExistingPasskey
       }));
       return __spreadValues({ credentialId }, result ? { url: result.url, fullUrl: result.fullUrl } : {});
     });

package/dist/esm/services/PollingService.js

@@ -354,6 +354,8 @@ class PollingService {
         if (__privateGet(this, _walletService).currentWalletIdsArray.length === 0) {
           return { finished: false };
         }
+      } else if (__privateGet(this, _walletService).currentWalletIdsArray.length === 0) {
+        return { finished: true };
       }
       const sessionLookupId = session.sessionLookupId;
       const temporaryShares = (yield __privateGet(this, _paraCoreInterface).ctx.client.getTransmissionKeyshares(__privateGet(this, _authService).userId, sessionLookupId)).data.temporaryShares;

package/dist/esm/services/SessionManagementService.js

@@ -162,6 +162,20 @@ const _SessionManagementService = class _SessionManagementService {
       }
       return session;
     }));
+    // Drop the dedupe cache so the next touchSession() round-trips to the server
+    // instead of replaying the pre-logout snapshot. Without this, the core state
+    // machine's post-logout `checkUserState` (auth machine) hits the cache within
+    // the 1s TTL, sees `isAuthenticated: true` and `currentWalletIds` from before
+    // logout, re-applies the wallet IDs via #doTouchSession line 235-237, and
+    // reports `isFullyLoggedIn=true` — sending the state machine back to
+    // `authenticated` instead of `unauthenticated`. Called from ParaCore.#logout
+    // after the session cookie + in-memory auth state are cleared, so the next
+    // touchSession sees a fresh "no session" response.
+    this.invalidateTouchSessionCache = () => {
+      __privateSet(this, _touchCached, void 0);
+      __privateSet(this, _touchCachedAt, void 0);
+      __privateSet(this, _touchPromise, void 0);
+    };
     this.isSessionActive = () => __async(this, null, function* () {
       if (__privateGet(this, _externalWalletService).externalWalletConnectionType === "CONNECTION_ONLY") {
         return true;

package/dist/esm/telemetry/init.js

@@ -37,11 +37,11 @@ function initTelemetry(opts) {
       } catch (e) {
       }
     }
-    const resource = resourceFromAttributes(__spreadValues(__spreadValues({
+    const resource = resourceFromAttributes(__spreadValues(__spreadValues(__spreadValues({
       [ATTR_SERVICE_NAME]: opts.isPortal ? "para-portal" : "para-sdk",
       [ATTR_SERVICE_VERSION]: opts.sdkVersion,
       "para.platform": opts.sdkType
-    }, opts.partnerId ? { "para.partner_id": opts.partnerId } : {}), opts.resourceAttributes));
+    }, opts.clientType ? { "para.client_type": opts.clientType } : {}), opts.partnerId ? { "para.partner_id": opts.partnerId } : {}), opts.resourceAttributes));
     const exporter = new OTLPTraceExporter({
       url: opts.tunnelUrl
       // No auth header — the tunnel is a dumb proxy. Per-IP rate limit + body cap on the

package/dist/types/ParaCore.d.ts

@@ -295,6 +295,7 @@ export declare abstract class ParaCore implements CoreInterface {
         onRampPurchase: OnRampPurchase;
     } | undefined;
     protected platformUtils: PlatformUtils;
+    private clientType?;
     protected nonPersistedStorageKeys: string[];
     private localStorageGetItem;
     private localStorageSetItem;

package/dist/types/external/userManagementClient.d.ts

@@ -3,11 +3,21 @@ import { Environment } from '../types/index.js';
 export declare function getBaseOAuthUrl(env: Environment): string;
 export declare function getBaseUrl(env: Environment, scheme?: 'http' | 'ws'): string;
 export declare function getBaseMPCNetworkUrl(env: Environment, useWebsocket?: boolean): string;
-export declare function initClient({ env, version, apiKey, partnerId, useFetchAdapter, retrieveSessionCookie, persistSessionCookie, staticTraceContext, }: {
+/**
+ * Maps a raw host-platform / sdkType value onto the normalized `client_type`
+ * dimension used by backend analytics + Sentry. Unknown values (e.g. BRIDGE
+ * without a resolved host) return undefined so the backend omits the property
+ * rather than emitting a meaningless bucket. CLI sets `client_type` directly
+ * outside this core SDK path.
+ */
+export declare function normalizePlatform(platform?: string): string | undefined;
+export declare function initClient({ env, version, apiKey, partnerId, platform, useFetchAdapter, retrieveSessionCookie, persistSessionCookie, staticTraceContext, }: {
     env: Environment;
     version?: string;
     apiKey: string;
     partnerId?: string;
+    /** Raw host platform (e.g. 'iOS', 'flutter') or sdkType; normalized to client_type. */
+    platform?: string;
     useFetchAdapter?: boolean;
     retrieveSessionCookie?: () => string;
     persistSessionCookie?: (cookie: string) => void;

package/dist/types/services/SessionManagementService.d.ts

@@ -19,6 +19,7 @@ export declare class SessionManagementService {
         pregenWalletService: PregenWalletService;
     }) => void;
     touchSession: TouchSessionMethod;
+    invalidateTouchSessionCache: () => void;
     isSessionActive: IsSessionActiveMethod;
     isFullyLoggedIn: IsFullyLoggedInMethod;
     refreshSession: RefreshSessionMethod;

package/dist/types/telemetry/init.d.ts

@@ -4,6 +4,7 @@ export type InitTelemetryOpts = {
     tunnelUrl: string;
     sampleRate: number;
     sdkType: SDKType;
+    clientType?: string;
     sdkVersion: string;
     partnerId?: string;
     resourceAttributes?: Attributes;

package/dist/types/types/config.d.ts

@@ -59,6 +59,14 @@ export type SupportedWalletTypeConfig = {
     optional?: boolean;
 };
 export interface ConstructorOpts {
+    /**
+     * Host platform of the native shell hosting this SDK instance (e.g. 'iOS',
+     * 'flutter'). Set by bridge-v2 from the native Para#init metadata so the
+     * backend can attribute analytics/errors to the originating SDK. Normalized
+     * to client_type (swift | flutter | react-native | web). React Native and
+     * web derive their platform from platformUtils.sdkType and leave this unset.
+     */
+    hostPlatform?: string;
     externalWalletConnectionOnly?: boolean;
     useStorageOverrides?: boolean;
     disableWorkers?: boolean;

package/package.json

@@ -1,11 +1,11 @@
 {
   "name": "@getpara/core-sdk",
-  "version": "3.1.0",
+  "version": "3.3.0",
   "dependencies": {
     "@celo/utils": "^8.0.2",
     "@cosmjs/encoding": "^0.32.4",
     "@ethereumjs/util": "^9.1.0",
-    "@getpara/user-management-client": "3.1.0",
+    "@getpara/user-management-client": "3.3.0",
     "@noble/hashes": "^1.5.0",
     "@opentelemetry/api": "^1.9.1",
     "@opentelemetry/context-zone": "^2.7.1",
@@ -41,7 +41,7 @@
     "dist",
     "package.json"
   ],
-  "gitHead": "e73f17cd7960fdfe62ff68a972b3461e47b21eb0",
+  "gitHead": "d9b54921d4187e2dd25f314b62ed99988e9b5b1c",
   "main": "dist/cjs/index.js",
   "module": "dist/esm/index.js",
   "scripts": {