@lumiapassport/ui-kit 1.0.0

package/dist/iframe/main.js

@@ -0,0 +1,2967 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+
+// ../../node_modules/.pnpm/viem@2.38.0_bufferutil@4.0.9_typescript@5.9.3_utf-8-validate@5.0.10_zod@3.22.4/node_modules/viem/_esm/utils/data/isHex.js
+function isHex(value, { strict = true } = {}) {
+  if (!value)
+    return false;
+  if (typeof value !== "string")
+    return false;
+  return strict ? /^0x[0-9a-fA-F]*$/.test(value) : value.startsWith("0x");
+}
+var init_isHex = __esm({
+  "../../node_modules/.pnpm/viem@2.38.0_bufferutil@4.0.9_typescript@5.9.3_utf-8-validate@5.0.10_zod@3.22.4/node_modules/viem/_esm/utils/data/isHex.js"() {
+  }
+});
+
+// ../../node_modules/.pnpm/viem@2.38.0_bufferutil@4.0.9_typescript@5.9.3_utf-8-validate@5.0.10_zod@3.22.4/node_modules/viem/_esm/utils/data/size.js
+function size(value) {
+  if (isHex(value, { strict: false }))
+    return Math.ceil((value.length - 2) / 2);
+  return value.length;
+}
+var init_size = __esm({
+  "../../node_modules/.pnpm/viem@2.38.0_bufferutil@4.0.9_typescript@5.9.3_utf-8-validate@5.0.10_zod@3.22.4/node_modules/viem/_esm/utils/data/size.js"() {
+    init_isHex();
+  }
+});
+
+// ../../node_modules/.pnpm/viem@2.38.0_bufferutil@4.0.9_typescript@5.9.3_utf-8-validate@5.0.10_zod@3.22.4/node_modules/viem/_esm/errors/version.js
+var version;
+var init_version = __esm({
+  "../../node_modules/.pnpm/viem@2.38.0_bufferutil@4.0.9_typescript@5.9.3_utf-8-validate@5.0.10_zod@3.22.4/node_modules/viem/_esm/errors/version.js"() {
+    version = "2.38.0";
+  }
+});
+
+// ../../node_modules/.pnpm/viem@2.38.0_bufferutil@4.0.9_typescript@5.9.3_utf-8-validate@5.0.10_zod@3.22.4/node_modules/viem/_esm/errors/base.js
+function walk(err, fn) {
+  if (fn?.(err))
+    return err;
+  if (err && typeof err === "object" && "cause" in err && err.cause !== void 0)
+    return walk(err.cause, fn);
+  return fn ? null : err;
+}
+var errorConfig, BaseError;
+var init_base = __esm({
+  "../../node_modules/.pnpm/viem@2.38.0_bufferutil@4.0.9_typescript@5.9.3_utf-8-validate@5.0.10_zod@3.22.4/node_modules/viem/_esm/errors/base.js"() {
+    init_version();
+    errorConfig = {
+      getDocsUrl: ({ docsBaseUrl, docsPath = "", docsSlug }) => docsPath ? `${docsBaseUrl ?? "https://viem.sh"}${docsPath}${docsSlug ? `#${docsSlug}` : ""}` : void 0,
+      version: `viem@${version}`
+    };
+    BaseError = class _BaseError extends Error {
+      constructor(shortMessage, args = {}) {
+        const details = (() => {
+          if (args.cause instanceof _BaseError)
+            return args.cause.details;
+          if (args.cause?.message)
+            return args.cause.message;
+          return args.details;
+        })();
+        const docsPath = (() => {
+          if (args.cause instanceof _BaseError)
+            return args.cause.docsPath || args.docsPath;
+          return args.docsPath;
+        })();
+        const docsUrl = errorConfig.getDocsUrl?.({ ...args, docsPath });
+        const message = [
+          shortMessage || "An error occurred.",
+          "",
+          ...args.metaMessages ? [...args.metaMessages, ""] : [],
+          ...docsUrl ? [`Docs: ${docsUrl}`] : [],
+          ...details ? [`Details: ${details}`] : [],
+          ...errorConfig.version ? [`Version: ${errorConfig.version}`] : []
+        ].join("\n");
+        super(message, args.cause ? { cause: args.cause } : void 0);
+        Object.defineProperty(this, "details", {
+          enumerable: true,
+          configurable: true,
+          writable: true,
+          value: void 0
+        });
+        Object.defineProperty(this, "docsPath", {
+          enumerable: true,
+          configurable: true,
+          writable: true,
+          value: void 0
+        });
+        Object.defineProperty(this, "metaMessages", {
+          enumerable: true,
+          configurable: true,
+          writable: true,
+          value: void 0
+        });
+        Object.defineProperty(this, "shortMessage", {
+          enumerable: true,
+          configurable: true,
+          writable: true,
+          value: void 0
+        });
+        Object.defineProperty(this, "version", {
+          enumerable: true,
+          configurable: true,
+          writable: true,
+          value: void 0
+        });
+        Object.defineProperty(this, "name", {
+          enumerable: true,
+          configurable: true,
+          writable: true,
+          value: "BaseError"
+        });
+        this.details = details;
+        this.docsPath = docsPath;
+        this.metaMessages = args.metaMessages;
+        this.name = args.name ?? this.name;
+        this.shortMessage = shortMessage;
+        this.version = version;
+      }
+      walk(fn) {
+        return walk(this, fn);
+      }
+    };
+  }
+});
+
+// ../../node_modules/.pnpm/viem@2.38.0_bufferutil@4.0.9_typescript@5.9.3_utf-8-validate@5.0.10_zod@3.22.4/node_modules/viem/_esm/errors/data.js
+var SizeExceedsPaddingSizeError;
+var init_data = __esm({
+  "../../node_modules/.pnpm/viem@2.38.0_bufferutil@4.0.9_typescript@5.9.3_utf-8-validate@5.0.10_zod@3.22.4/node_modules/viem/_esm/errors/data.js"() {
+    init_base();
+    SizeExceedsPaddingSizeError = class extends BaseError {
+      constructor({ size: size2, targetSize, type }) {
+        super(`${type.charAt(0).toUpperCase()}${type.slice(1).toLowerCase()} size (${size2}) exceeds padding size (${targetSize}).`, { name: "SizeExceedsPaddingSizeError" });
+      }
+    };
+  }
+});
+
+// ../../node_modules/.pnpm/viem@2.38.0_bufferutil@4.0.9_typescript@5.9.3_utf-8-validate@5.0.10_zod@3.22.4/node_modules/viem/_esm/utils/data/pad.js
+function pad(hexOrBytes, { dir, size: size2 = 32 } = {}) {
+  if (typeof hexOrBytes === "string")
+    return padHex(hexOrBytes, { dir, size: size2 });
+  return padBytes(hexOrBytes, { dir, size: size2 });
+}
+function padHex(hex_, { dir, size: size2 = 32 } = {}) {
+  if (size2 === null)
+    return hex_;
+  const hex = hex_.replace("0x", "");
+  if (hex.length > size2 * 2)
+    throw new SizeExceedsPaddingSizeError({
+      size: Math.ceil(hex.length / 2),
+      targetSize: size2,
+      type: "hex"
+    });
+  return `0x${hex[dir === "right" ? "padEnd" : "padStart"](size2 * 2, "0")}`;
+}
+function padBytes(bytes, { dir, size: size2 = 32 } = {}) {
+  if (size2 === null)
+    return bytes;
+  if (bytes.length > size2)
+    throw new SizeExceedsPaddingSizeError({
+      size: bytes.length,
+      targetSize: size2,
+      type: "bytes"
+    });
+  const paddedBytes = new Uint8Array(size2);
+  for (let i = 0; i < size2; i++) {
+    const padEnd = dir === "right";
+    paddedBytes[padEnd ? i : size2 - i - 1] = bytes[padEnd ? i : bytes.length - i - 1];
+  }
+  return paddedBytes;
+}
+var init_pad = __esm({
+  "../../node_modules/.pnpm/viem@2.38.0_bufferutil@4.0.9_typescript@5.9.3_utf-8-validate@5.0.10_zod@3.22.4/node_modules/viem/_esm/utils/data/pad.js"() {
+    init_data();
+  }
+});
+
+// ../../node_modules/.pnpm/viem@2.38.0_bufferutil@4.0.9_typescript@5.9.3_utf-8-validate@5.0.10_zod@3.22.4/node_modules/viem/_esm/errors/encoding.js
+var IntegerOutOfRangeError, SizeOverflowError;
+var init_encoding = __esm({
+  "../../node_modules/.pnpm/viem@2.38.0_bufferutil@4.0.9_typescript@5.9.3_utf-8-validate@5.0.10_zod@3.22.4/node_modules/viem/_esm/errors/encoding.js"() {
+    init_base();
+    IntegerOutOfRangeError = class extends BaseError {
+      constructor({ max, min, signed, size: size2, value }) {
+        super(`Number "${value}" is not in safe ${size2 ? `${size2 * 8}-bit ${signed ? "signed" : "unsigned"} ` : ""}integer range ${max ? `(${min} to ${max})` : `(above ${min})`}`, { name: "IntegerOutOfRangeError" });
+      }
+    };
+    SizeOverflowError = class extends BaseError {
+      constructor({ givenSize, maxSize }) {
+        super(`Size cannot exceed ${maxSize} bytes. Given size: ${givenSize} bytes.`, { name: "SizeOverflowError" });
+      }
+    };
+  }
+});
+
+// ../../node_modules/.pnpm/viem@2.38.0_bufferutil@4.0.9_typescript@5.9.3_utf-8-validate@5.0.10_zod@3.22.4/node_modules/viem/_esm/utils/encoding/fromHex.js
+function assertSize(hexOrBytes, { size: size2 }) {
+  if (size(hexOrBytes) > size2)
+    throw new SizeOverflowError({
+      givenSize: size(hexOrBytes),
+      maxSize: size2
+    });
+}
+var init_fromHex = __esm({
+  "../../node_modules/.pnpm/viem@2.38.0_bufferutil@4.0.9_typescript@5.9.3_utf-8-validate@5.0.10_zod@3.22.4/node_modules/viem/_esm/utils/encoding/fromHex.js"() {
+    init_encoding();
+    init_size();
+  }
+});
+
+// ../../node_modules/.pnpm/viem@2.38.0_bufferutil@4.0.9_typescript@5.9.3_utf-8-validate@5.0.10_zod@3.22.4/node_modules/viem/_esm/utils/encoding/toHex.js
+function toHex(value, opts = {}) {
+  if (typeof value === "number" || typeof value === "bigint")
+    return numberToHex(value, opts);
+  if (typeof value === "string") {
+    return stringToHex(value, opts);
+  }
+  if (typeof value === "boolean")
+    return boolToHex(value, opts);
+  return bytesToHex(value, opts);
+}
+function boolToHex(value, opts = {}) {
+  const hex = `0x${Number(value)}`;
+  if (typeof opts.size === "number") {
+    assertSize(hex, { size: opts.size });
+    return pad(hex, { size: opts.size });
+  }
+  return hex;
+}
+function bytesToHex(value, opts = {}) {
+  let string = "";
+  for (let i = 0; i < value.length; i++) {
+    string += hexes[value[i]];
+  }
+  const hex = `0x${string}`;
+  if (typeof opts.size === "number") {
+    assertSize(hex, { size: opts.size });
+    return pad(hex, { dir: "right", size: opts.size });
+  }
+  return hex;
+}
+function numberToHex(value_, opts = {}) {
+  const { signed, size: size2 } = opts;
+  const value = BigInt(value_);
+  let maxValue;
+  if (size2) {
+    if (signed)
+      maxValue = (1n << BigInt(size2) * 8n - 1n) - 1n;
+    else
+      maxValue = 2n ** (BigInt(size2) * 8n) - 1n;
+  } else if (typeof value_ === "number") {
+    maxValue = BigInt(Number.MAX_SAFE_INTEGER);
+  }
+  const minValue = typeof maxValue === "bigint" && signed ? -maxValue - 1n : 0;
+  if (maxValue && value > maxValue || value < minValue) {
+    const suffix = typeof value_ === "bigint" ? "n" : "";
+    throw new IntegerOutOfRangeError({
+      max: maxValue ? `${maxValue}${suffix}` : void 0,
+      min: `${minValue}${suffix}`,
+      signed,
+      size: size2,
+      value: `${value_}${suffix}`
+    });
+  }
+  const hex = `0x${(signed && value < 0 ? (1n << BigInt(size2 * 8)) + BigInt(value) : value).toString(16)}`;
+  if (size2)
+    return pad(hex, { size: size2 });
+  return hex;
+}
+function stringToHex(value_, opts = {}) {
+  const value = encoder.encode(value_);
+  return bytesToHex(value, opts);
+}
+var hexes, encoder;
+var init_toHex = __esm({
+  "../../node_modules/.pnpm/viem@2.38.0_bufferutil@4.0.9_typescript@5.9.3_utf-8-validate@5.0.10_zod@3.22.4/node_modules/viem/_esm/utils/encoding/toHex.js"() {
+    init_encoding();
+    init_pad();
+    init_fromHex();
+    hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_v, i) => i.toString(16).padStart(2, "0"));
+    encoder = /* @__PURE__ */ new TextEncoder();
+  }
+});
+
+// ../../node_modules/.pnpm/viem@2.38.0_bufferutil@4.0.9_typescript@5.9.3_utf-8-validate@5.0.10_zod@3.22.4/node_modules/viem/_esm/utils/encoding/toBytes.js
+function toBytes(value, opts = {}) {
+  if (typeof value === "number" || typeof value === "bigint")
+    return numberToBytes(value, opts);
+  if (typeof value === "boolean")
+    return boolToBytes(value, opts);
+  if (isHex(value))
+    return hexToBytes(value, opts);
+  return stringToBytes(value, opts);
+}
+function boolToBytes(value, opts = {}) {
+  const bytes = new Uint8Array(1);
+  bytes[0] = Number(value);
+  if (typeof opts.size === "number") {
+    assertSize(bytes, { size: opts.size });
+    return pad(bytes, { size: opts.size });
+  }
+  return bytes;
+}
+function charCodeToBase16(char) {
+  if (char >= charCodeMap.zero && char <= charCodeMap.nine)
+    return char - charCodeMap.zero;
+  if (char >= charCodeMap.A && char <= charCodeMap.F)
+    return char - (charCodeMap.A - 10);
+  if (char >= charCodeMap.a && char <= charCodeMap.f)
+    return char - (charCodeMap.a - 10);
+  return void 0;
+}
+function hexToBytes(hex_, opts = {}) {
+  let hex = hex_;
+  if (opts.size) {
+    assertSize(hex, { size: opts.size });
+    hex = pad(hex, { dir: "right", size: opts.size });
+  }
+  let hexString = hex.slice(2);
+  if (hexString.length % 2)
+    hexString = `0${hexString}`;
+  const length = hexString.length / 2;
+  const bytes = new Uint8Array(length);
+  for (let index = 0, j = 0; index < length; index++) {
+    const nibbleLeft = charCodeToBase16(hexString.charCodeAt(j++));
+    const nibbleRight = charCodeToBase16(hexString.charCodeAt(j++));
+    if (nibbleLeft === void 0 || nibbleRight === void 0) {
+      throw new BaseError(`Invalid byte sequence ("${hexString[j - 2]}${hexString[j - 1]}" in "${hexString}").`);
+    }
+    bytes[index] = nibbleLeft * 16 + nibbleRight;
+  }
+  return bytes;
+}
+function numberToBytes(value, opts) {
+  const hex = numberToHex(value, opts);
+  return hexToBytes(hex);
+}
+function stringToBytes(value, opts = {}) {
+  const bytes = encoder2.encode(value);
+  if (typeof opts.size === "number") {
+    assertSize(bytes, { size: opts.size });
+    return pad(bytes, { dir: "right", size: opts.size });
+  }
+  return bytes;
+}
+var encoder2, charCodeMap;
+var init_toBytes = __esm({
+  "../../node_modules/.pnpm/viem@2.38.0_bufferutil@4.0.9_typescript@5.9.3_utf-8-validate@5.0.10_zod@3.22.4/node_modules/viem/_esm/utils/encoding/toBytes.js"() {
+    init_base();
+    init_isHex();
+    init_pad();
+    init_fromHex();
+    init_toHex();
+    encoder2 = /* @__PURE__ */ new TextEncoder();
+    charCodeMap = {
+      zero: 48,
+      nine: 57,
+      A: 65,
+      F: 70,
+      a: 97,
+      f: 102
+    };
+  }
+});
+
+// ../../node_modules/.pnpm/@noble+hashes@1.8.0/node_modules/@noble/hashes/esm/_u64.js
+function fromBig(n, le = false) {
+  if (le)
+    return { h: Number(n & U32_MASK64), l: Number(n >> _32n & U32_MASK64) };
+  return { h: Number(n >> _32n & U32_MASK64) | 0, l: Number(n & U32_MASK64) | 0 };
+}
+function split(lst, le = false) {
+  const len = lst.length;
+  let Ah = new Uint32Array(len);
+  let Al = new Uint32Array(len);
+  for (let i = 0; i < len; i++) {
+    const { h, l } = fromBig(lst[i], le);
+    [Ah[i], Al[i]] = [h, l];
+  }
+  return [Ah, Al];
+}
+var U32_MASK64, _32n, rotlSH, rotlSL, rotlBH, rotlBL;
+var init_u64 = __esm({
+  "../../node_modules/.pnpm/@noble+hashes@1.8.0/node_modules/@noble/hashes/esm/_u64.js"() {
+    U32_MASK64 = /* @__PURE__ */ BigInt(2 ** 32 - 1);
+    _32n = /* @__PURE__ */ BigInt(32);
+    rotlSH = (h, l, s) => h << s | l >>> 32 - s;
+    rotlSL = (h, l, s) => l << s | h >>> 32 - s;
+    rotlBH = (h, l, s) => l << s - 32 | h >>> 64 - s;
+    rotlBL = (h, l, s) => h << s - 32 | l >>> 64 - s;
+  }
+});
+
+// ../../node_modules/.pnpm/@noble+hashes@1.8.0/node_modules/@noble/hashes/esm/utils.js
+function isBytes(a) {
+  return a instanceof Uint8Array || ArrayBuffer.isView(a) && a.constructor.name === "Uint8Array";
+}
+function anumber(n) {
+  if (!Number.isSafeInteger(n) || n < 0)
+    throw new Error("positive integer expected, got " + n);
+}
+function abytes(b, ...lengths) {
+  if (!isBytes(b))
+    throw new Error("Uint8Array expected");
+  if (lengths.length > 0 && !lengths.includes(b.length))
+    throw new Error("Uint8Array expected of length " + lengths + ", got length=" + b.length);
+}
+function aexists(instance, checkFinished = true) {
+  if (instance.destroyed)
+    throw new Error("Hash instance has been destroyed");
+  if (checkFinished && instance.finished)
+    throw new Error("Hash#digest() has already been called");
+}
+function aoutput(out, instance) {
+  abytes(out);
+  const min = instance.outputLen;
+  if (out.length < min) {
+    throw new Error("digestInto() expects output buffer of length at least " + min);
+  }
+}
+function u32(arr) {
+  return new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));
+}
+function clean(...arrays) {
+  for (let i = 0; i < arrays.length; i++) {
+    arrays[i].fill(0);
+  }
+}
+function byteSwap(word) {
+  return word << 24 & 4278190080 | word << 8 & 16711680 | word >>> 8 & 65280 | word >>> 24 & 255;
+}
+function byteSwap32(arr) {
+  for (let i = 0; i < arr.length; i++) {
+    arr[i] = byteSwap(arr[i]);
+  }
+  return arr;
+}
+function utf8ToBytes(str) {
+  if (typeof str !== "string")
+    throw new Error("string expected");
+  return new Uint8Array(new TextEncoder().encode(str));
+}
+function toBytes2(data) {
+  if (typeof data === "string")
+    data = utf8ToBytes(data);
+  abytes(data);
+  return data;
+}
+function createHasher(hashCons) {
+  const hashC = (msg) => hashCons().update(toBytes2(msg)).digest();
+  const tmp = hashCons();
+  hashC.outputLen = tmp.outputLen;
+  hashC.blockLen = tmp.blockLen;
+  hashC.create = () => hashCons();
+  return hashC;
+}
+var isLE, swap32IfBE, Hash;
+var init_utils = __esm({
+  "../../node_modules/.pnpm/@noble+hashes@1.8.0/node_modules/@noble/hashes/esm/utils.js"() {
+    isLE = /* @__PURE__ */ (() => new Uint8Array(new Uint32Array([287454020]).buffer)[0] === 68)();
+    swap32IfBE = isLE ? (u) => u : byteSwap32;
+    Hash = class {
+    };
+  }
+});
+
+// ../../node_modules/.pnpm/@noble+hashes@1.8.0/node_modules/@noble/hashes/esm/sha3.js
+function keccakP(s, rounds = 24) {
+  const B = new Uint32Array(5 * 2);
+  for (let round = 24 - rounds; round < 24; round++) {
+    for (let x = 0; x < 10; x++)
+      B[x] = s[x] ^ s[x + 10] ^ s[x + 20] ^ s[x + 30] ^ s[x + 40];
+    for (let x = 0; x < 10; x += 2) {
+      const idx1 = (x + 8) % 10;
+      const idx0 = (x + 2) % 10;
+      const B0 = B[idx0];
+      const B1 = B[idx0 + 1];
+      const Th = rotlH(B0, B1, 1) ^ B[idx1];
+      const Tl = rotlL(B0, B1, 1) ^ B[idx1 + 1];
+      for (let y = 0; y < 50; y += 10) {
+        s[x + y] ^= Th;
+        s[x + y + 1] ^= Tl;
+      }
+    }
+    let curH = s[2];
+    let curL = s[3];
+    for (let t = 0; t < 24; t++) {
+      const shift = SHA3_ROTL[t];
+      const Th = rotlH(curH, curL, shift);
+      const Tl = rotlL(curH, curL, shift);
+      const PI = SHA3_PI[t];
+      curH = s[PI];
+      curL = s[PI + 1];
+      s[PI] = Th;
+      s[PI + 1] = Tl;
+    }
+    for (let y = 0; y < 50; y += 10) {
+      for (let x = 0; x < 10; x++)
+        B[x] = s[y + x];
+      for (let x = 0; x < 10; x++)
+        s[y + x] ^= ~B[(x + 2) % 10] & B[(x + 4) % 10];
+    }
+    s[0] ^= SHA3_IOTA_H[round];
+    s[1] ^= SHA3_IOTA_L[round];
+  }
+  clean(B);
+}
+var _0n, _1n, _2n, _7n, _256n, _0x71n, SHA3_PI, SHA3_ROTL, _SHA3_IOTA, IOTAS, SHA3_IOTA_H, SHA3_IOTA_L, rotlH, rotlL, Keccak, gen, keccak_256;
+var init_sha3 = __esm({
+  "../../node_modules/.pnpm/@noble+hashes@1.8.0/node_modules/@noble/hashes/esm/sha3.js"() {
+    init_u64();
+    init_utils();
+    _0n = BigInt(0);
+    _1n = BigInt(1);
+    _2n = BigInt(2);
+    _7n = BigInt(7);
+    _256n = BigInt(256);
+    _0x71n = BigInt(113);
+    SHA3_PI = [];
+    SHA3_ROTL = [];
+    _SHA3_IOTA = [];
+    for (let round = 0, R = _1n, x = 1, y = 0; round < 24; round++) {
+      [x, y] = [y, (2 * x + 3 * y) % 5];
+      SHA3_PI.push(2 * (5 * y + x));
+      SHA3_ROTL.push((round + 1) * (round + 2) / 2 % 64);
+      let t = _0n;
+      for (let j = 0; j < 7; j++) {
+        R = (R << _1n ^ (R >> _7n) * _0x71n) % _256n;
+        if (R & _2n)
+          t ^= _1n << (_1n << /* @__PURE__ */ BigInt(j)) - _1n;
+      }
+      _SHA3_IOTA.push(t);
+    }
+    IOTAS = split(_SHA3_IOTA, true);
+    SHA3_IOTA_H = IOTAS[0];
+    SHA3_IOTA_L = IOTAS[1];
+    rotlH = (h, l, s) => s > 32 ? rotlBH(h, l, s) : rotlSH(h, l, s);
+    rotlL = (h, l, s) => s > 32 ? rotlBL(h, l, s) : rotlSL(h, l, s);
+    Keccak = class _Keccak extends Hash {
+      // NOTE: we accept arguments in bytes instead of bits here.
+      constructor(blockLen, suffix, outputLen, enableXOF = false, rounds = 24) {
+        super();
+        this.pos = 0;
+        this.posOut = 0;
+        this.finished = false;
+        this.destroyed = false;
+        this.enableXOF = false;
+        this.blockLen = blockLen;
+        this.suffix = suffix;
+        this.outputLen = outputLen;
+        this.enableXOF = enableXOF;
+        this.rounds = rounds;
+        anumber(outputLen);
+        if (!(0 < blockLen && blockLen < 200))
+          throw new Error("only keccak-f1600 function is supported");
+        this.state = new Uint8Array(200);
+        this.state32 = u32(this.state);
+      }
+      clone() {
+        return this._cloneInto();
+      }
+      keccak() {
+        swap32IfBE(this.state32);
+        keccakP(this.state32, this.rounds);
+        swap32IfBE(this.state32);
+        this.posOut = 0;
+        this.pos = 0;
+      }
+      update(data) {
+        aexists(this);
+        data = toBytes2(data);
+        abytes(data);
+        const { blockLen, state } = this;
+        const len = data.length;
+        for (let pos = 0; pos < len; ) {
+          const take = Math.min(blockLen - this.pos, len - pos);
+          for (let i = 0; i < take; i++)
+            state[this.pos++] ^= data[pos++];
+          if (this.pos === blockLen)
+            this.keccak();
+        }
+        return this;
+      }
+      finish() {
+        if (this.finished)
+          return;
+        this.finished = true;
+        const { state, suffix, pos, blockLen } = this;
+        state[pos] ^= suffix;
+        if ((suffix & 128) !== 0 && pos === blockLen - 1)
+          this.keccak();
+        state[blockLen - 1] ^= 128;
+        this.keccak();
+      }
+      writeInto(out) {
+        aexists(this, false);
+        abytes(out);
+        this.finish();
+        const bufferOut = this.state;
+        const { blockLen } = this;
+        for (let pos = 0, len = out.length; pos < len; ) {
+          if (this.posOut >= blockLen)
+            this.keccak();
+          const take = Math.min(blockLen - this.posOut, len - pos);
+          out.set(bufferOut.subarray(this.posOut, this.posOut + take), pos);
+          this.posOut += take;
+          pos += take;
+        }
+        return out;
+      }
+      xofInto(out) {
+        if (!this.enableXOF)
+          throw new Error("XOF is not possible for this instance");
+        return this.writeInto(out);
+      }
+      xof(bytes) {
+        anumber(bytes);
+        return this.xofInto(new Uint8Array(bytes));
+      }
+      digestInto(out) {
+        aoutput(out, this);
+        if (this.finished)
+          throw new Error("digest() was already called");
+        this.writeInto(out);
+        this.destroy();
+        return out;
+      }
+      digest() {
+        return this.digestInto(new Uint8Array(this.outputLen));
+      }
+      destroy() {
+        this.destroyed = true;
+        clean(this.state);
+      }
+      _cloneInto(to) {
+        const { blockLen, suffix, outputLen, rounds, enableXOF } = this;
+        to || (to = new _Keccak(blockLen, suffix, outputLen, enableXOF, rounds));
+        to.state32.set(this.state32);
+        to.pos = this.pos;
+        to.posOut = this.posOut;
+        to.finished = this.finished;
+        to.rounds = rounds;
+        to.suffix = suffix;
+        to.outputLen = outputLen;
+        to.enableXOF = enableXOF;
+        to.destroyed = this.destroyed;
+        return to;
+      }
+    };
+    gen = (suffix, blockLen, outputLen) => createHasher(() => new Keccak(blockLen, suffix, outputLen));
+    keccak_256 = /* @__PURE__ */ (() => gen(1, 136, 256 / 8))();
+  }
+});
+
+// ../../node_modules/.pnpm/viem@2.38.0_bufferutil@4.0.9_typescript@5.9.3_utf-8-validate@5.0.10_zod@3.22.4/node_modules/viem/_esm/utils/hash/keccak256.js
+function keccak256(value, to_) {
+  const to = to_ || "hex";
+  const bytes = keccak_256(isHex(value, { strict: false }) ? toBytes(value) : value);
+  if (to === "bytes")
+    return bytes;
+  return toHex(bytes);
+}
+var init_keccak256 = __esm({
+  "../../node_modules/.pnpm/viem@2.38.0_bufferutil@4.0.9_typescript@5.9.3_utf-8-validate@5.0.10_zod@3.22.4/node_modules/viem/_esm/utils/hash/keccak256.js"() {
+    init_sha3();
+    init_isHex();
+    init_toBytes();
+    init_toHex();
+  }
+});
+
+// src/iframe/lib/secure-messenger.ts
+var SecureMessenger = class {
+  constructor() {
+    this.allowedOrigins = /* @__PURE__ */ new Set();
+    this.usedNonces = /* @__PURE__ */ new Set();
+    this.pendingMessages = /* @__PURE__ */ new Map();
+    this.sessionToken = null;
+    this.messageHandlers = [];
+    this.MESSAGE_TIMEOUT = 6e4;
+    // 60 seconds
+    this.NONCE_CLEANUP_INTERVAL = 5 * 60 * 1e3;
+    // 5 minutes
+    // Debug flag: set to true to log all filtered messages (for debugging only)
+    this.DEBUG_FILTERED_MESSAGES = false;
+    setInterval(() => this.cleanupOldNonces(), this.NONCE_CLEANUP_INTERVAL);
+  }
+  /**
+   * Setup message listener with security validation
+   */
+  setupListener(handler) {
+    this.messageHandlers.push(handler);
+    window.addEventListener("message", async (event) => {
+      try {
+        await this.handleIncomingMessage(event);
+      } catch (error) {
+        console.error("[iframe][Messenger] Error handling message:", error);
+      }
+    });
+    console.log("[iframe][Messenger] Message listener setup");
+  }
+  /**
+   * Handle incoming postMessage
+   */
+  async handleIncomingMessage(event) {
+    const message = event.data;
+    const { origin } = event;
+    if (!message || typeof message !== "object" || !message.type) {
+      if (this.DEBUG_FILTERED_MESSAGES && message) {
+        console.debug("[iframe][Messenger] Filtered: no type field", message);
+      }
+      return;
+    }
+    if (!this.isLumiaMessage(message)) {
+      if (this.DEBUG_FILTERED_MESSAGES) {
+        console.debug("[iframe][Messenger] Filtered: not Lumia message", {
+          type: message.type,
+          origin
+        });
+      }
+      return;
+    }
+    if (!this.validateMessageStructure(message)) {
+      console.error("[iframe][Messenger] Invalid Lumia Passport message structure:", {
+        type: message.type,
+        hasMessageId: !!message.messageId,
+        hasTimestamp: !!message.timestamp,
+        hasNonce: !!message.nonce,
+        hasProjectId: !!message.projectId,
+        hasData: "data" in message
+      });
+      return;
+    }
+    if (message.type === "SDK_AUTH") {
+      const isLocalhost = origin.startsWith("http://localhost:") || origin.startsWith("http://127.0.0.1:");
+      const isHttps = origin.startsWith("https://");
+      if (!isHttps && !isLocalhost) {
+        console.error("[iframe][Messenger] Only HTTPS origins allowed (or localhost in dev)");
+        return;
+      }
+    } else {
+      if (!this.isAllowedOrigin(origin)) {
+        console.error(`[iframe][Messenger] Rejected message from unauthorized origin: ${origin}`);
+        return;
+      }
+    }
+    const messageAge = Date.now() - message.timestamp;
+    if (messageAge < 0 || messageAge > this.MESSAGE_TIMEOUT) {
+      console.error(`[iframe][Messenger] Message timestamp invalid (age: ${messageAge}ms)`);
+      return;
+    }
+    if (this.usedNonces.has(message.nonce)) {
+      console.error("[iframe][Messenger] Nonce already used (replay attack?)");
+      return;
+    }
+    if (this.sessionToken && message.hmac) {
+      const expectedHmac = await this.computeHMAC(message);
+      if (!this.constantTimeCompare(expectedHmac, message.hmac)) {
+        console.error("[iframe][Messenger] HMAC validation failed");
+        return;
+      }
+    }
+    this.usedNonces.add(message.nonce);
+    for (const handler of this.messageHandlers) {
+      await handler(message, origin);
+    }
+  }
+  /**
+   * Send response to parent
+   */
+  sendResponse(messageId, data, targetOrigin) {
+    if (!window.parent) {
+      console.error("[iframe][Messenger] No parent window");
+      return;
+    }
+    const response = {
+      type: "RESPONSE",
+      messageId,
+      timestamp: Date.now(),
+      data
+    };
+    window.parent.postMessage(response, targetOrigin);
+    console.log(`[iframe][Messenger] Sent response to ${targetOrigin}`);
+  }
+  /**
+   * Send error to parent
+   */
+  sendError(messageId, error, targetOrigin) {
+    if (!window.parent) {
+      console.error("[iframe][Messenger] No parent window");
+      return;
+    }
+    const response = {
+      type: "ERROR",
+      messageId,
+      timestamp: Date.now(),
+      error
+    };
+    window.parent.postMessage(response, targetOrigin);
+    console.log(`[iframe][Messenger] Sent error to ${targetOrigin}: ${error}`);
+  }
+  /**
+   * Add allowed origin
+   */
+  addAllowedOrigin(origin) {
+    this.allowedOrigins.add(origin);
+    console.log(`[iframe][Messenger] Added allowed origin: ${origin}`);
+  }
+  /**
+   * Remove allowed origin
+   */
+  removeAllowedOrigin(origin) {
+    this.allowedOrigins.delete(origin);
+    console.log(`[iframe][Messenger] Removed allowed origin: ${origin}`);
+  }
+  /**
+   * Set session token for HMAC
+   */
+  setSessionToken(token) {
+    this.sessionToken = token;
+    console.log("[iframe][Messenger] Session token set");
+  }
+  /**
+   * Quick check if message looks like Lumia Passport protocol
+   * This filters out browser extension messages, dev tools, etc.
+   */
+  isLumiaMessage(message) {
+    const validTypes = [
+      "SDK_AUTH",
+      "AUTHENTICATE",
+      "START_DKG",
+      "SIGN_TRANSACTION",
+      "GET_ADDRESS",
+      "CHECK_KEYSHARE",
+      "GET_TRUSTED_APPS",
+      "REMOVE_TRUSTED_APP",
+      "REQUEST_NEW_TOKEN",
+      "RESPONSE",
+      "ERROR",
+      "TRUSTED_APP_REMOVED",
+      "TOKEN_REFRESHED"
+    ];
+    if (!message.type || !validTypes.includes(message.type)) {
+      return false;
+    }
+    return !!(message.messageId && message.timestamp);
+  }
+  /**
+   * Validate message structure
+   */
+  validateMessageStructure(message) {
+    return message && typeof message === "object" && typeof message.type === "string" && typeof message.messageId === "string" && typeof message.timestamp === "number" && typeof message.nonce === "string" && typeof message.projectId === "string" && "data" in message;
+  }
+  /**
+   * Check if origin is allowed
+   */
+  isAllowedOrigin(origin) {
+    if (this.allowedOrigins.has(origin)) {
+      return true;
+    }
+    if (this.allowedOrigins.size === 0) {
+      const isLocalhost = origin.startsWith("http://localhost:") || origin.startsWith("http://127.0.0.1:");
+      const isHttps = origin.startsWith("https://");
+      return isHttps || isLocalhost;
+    }
+    return false;
+  }
+  /**
+   * Compute HMAC-SHA256 for message authentication
+   */
+  async computeHMAC(message) {
+    if (!this.sessionToken) {
+      throw new Error("No session token for HMAC");
+    }
+    const encoder3 = new TextEncoder();
+    const payload = JSON.stringify({
+      type: message.type,
+      messageId: message.messageId,
+      timestamp: message.timestamp,
+      nonce: message.nonce,
+      data: JSON.stringify(message.data)
+    });
+    const data = encoder3.encode(payload);
+    const key = encoder3.encode(this.sessionToken);
+    const cryptoKey = await crypto.subtle.importKey(
+      "raw",
+      key,
+      { name: "HMAC", hash: "SHA-256" },
+      false,
+      ["sign"]
+    );
+    const signature = await crypto.subtle.sign("HMAC", cryptoKey, data);
+    return Array.from(new Uint8Array(signature)).map((b) => b.toString(16).padStart(2, "0")).join("");
+  }
+  /**
+   * Constant-time string comparison (prevent timing attacks)
+   */
+  constantTimeCompare(a, b) {
+    if (a.length !== b.length) return false;
+    let result = 0;
+    for (let i = 0; i < a.length; i++) {
+      result |= a.charCodeAt(i) ^ b.charCodeAt(i);
+    }
+    return result === 0;
+  }
+  /**
+   * Cleanup old nonces to prevent memory growth
+   */
+  cleanupOldNonces() {
+    if (this.usedNonces.size > 1e3) {
+      const noncesArray = Array.from(this.usedNonces);
+      this.usedNonces = new Set(noncesArray.slice(-500));
+      console.log("[iframe][Messenger] Cleaned up old nonces");
+    }
+  }
+  /**
+   * Get messenger statistics
+   */
+  getStats() {
+    return {
+      allowedOrigins: this.allowedOrigins.size,
+      usedNonces: this.usedNonces.size,
+      pendingMessages: this.pendingMessages.size
+    };
+  }
+};
+
+// src/iframe/lib/session-manager.ts
+var SessionManager = class {
+  // 30 minutes
+  constructor() {
+    this.sessions = /* @__PURE__ */ new Map();
+    this.SESSION_TIMEOUT = 30 * 60 * 1e3;
+    setInterval(() => this.cleanupExpiredSessions(), 5 * 60 * 1e3);
+  }
+  /**
+   * Create a new session
+   */
+  createSession(projectId, origin) {
+    const sessionToken = this.generateSecureToken();
+    const session = {
+      token: sessionToken,
+      projectId,
+      origin,
+      createdAt: Date.now(),
+      lastActivity: Date.now()
+    };
+    this.sessions.set(sessionToken, session);
+    console.log(`[iframe][Session] Created session for origin: ${origin}`);
+    console.log(`[iframe][Session] Project ID: ${projectId}`);
+    return sessionToken;
+  }
+  /**
+   * Validate session token and origin
+   */
+  validateSession(sessionToken, origin) {
+    const session = this.sessions.get(sessionToken);
+    if (!session) {
+      console.warn(`[iframe][Session] Session not found: ${sessionToken}`);
+      return false;
+    }
+    if (session.origin !== origin) {
+      console.error(`[iframe][Session] Origin mismatch: expected ${session.origin}, got ${origin}`);
+      return false;
+    }
+    const age = Date.now() - session.lastActivity;
+    if (age > this.SESSION_TIMEOUT) {
+      console.warn(`[iframe][Session] Session expired (age: ${age}ms)`);
+      this.sessions.delete(sessionToken);
+      return false;
+    }
+    session.lastActivity = Date.now();
+    return true;
+  }
+  /**
+   * Get session by token
+   */
+  getSession(sessionToken) {
+    return this.sessions.get(sessionToken) || null;
+  }
+  /**
+   * Invalidate session
+   */
+  invalidateSession(sessionToken) {
+    const session = this.sessions.get(sessionToken);
+    if (session) {
+      console.log(`[iframe][Session] Invalidated session for origin: ${session.origin}`);
+      this.sessions.delete(sessionToken);
+    }
+  }
+  /**
+   * Get all sessions for a project
+   */
+  getProjectSessions(projectId) {
+    return Array.from(this.sessions.values()).filter(
+      (session) => session.projectId === projectId
+    );
+  }
+  /**
+   * Generate cryptographically secure session token
+   */
+  generateSecureToken() {
+    const buffer = new Uint8Array(32);
+    crypto.getRandomValues(buffer);
+    return Array.from(buffer, (byte) => byte.toString(16).padStart(2, "0")).join("");
+  }
+  /**
+   * Cleanup expired sessions
+   */
+  cleanupExpiredSessions() {
+    const now = Date.now();
+    let cleanedCount = 0;
+    for (const [token, session] of this.sessions.entries()) {
+      const age = now - session.lastActivity;
+      if (age > this.SESSION_TIMEOUT) {
+        this.sessions.delete(token);
+        cleanedCount++;
+      }
+    }
+    if (cleanedCount > 0) {
+      console.log(`[iframe][Session] Cleaned up ${cleanedCount} expired sessions`);
+    }
+  }
+  /**
+   * Get session statistics
+   */
+  getStats() {
+    const stats = {
+      total: this.sessions.size,
+      byProject: {}
+    };
+    for (const session of this.sessions.values()) {
+      stats.byProject[session.projectId] = (stats.byProject[session.projectId] || 0) + 1;
+    }
+    return stats;
+  }
+};
+
+// ../../node_modules/.pnpm/dkls23-wasm@0.1.1/node_modules/dkls23-wasm/pkg-web/dkls23_wasm.js
+var dkls23_wasm_exports = {};
+__export(dkls23_wasm_exports, {
+  default: () => dkls23_wasm_default,
+  dkg_handle: () => dkg_handle,
+  dkg_start: () => dkg_start,
+  evm_address_from_sec1_pubkey_uncompressed: () => evm_address_from_sec1_pubkey_uncompressed,
+  initSync: () => initSync,
+  init_panic_hook: () => init_panic_hook,
+  sign_handle: () => sign_handle,
+  sign_start: () => sign_start,
+  test_large_data_limits: () => test_large_data_limits,
+  wasm_memory_info: () => wasm_memory_info
+});
+var wasm;
+function addToExternrefTable0(obj) {
+  const idx = wasm.__externref_table_alloc();
+  wasm.__wbindgen_export_2.set(idx, obj);
+  return idx;
+}
+function handleError(f, args) {
+  try {
+    return f.apply(this, args);
+  } catch (e) {
+    const idx = addToExternrefTable0(e);
+    wasm.__wbindgen_exn_store(idx);
+  }
+}
+var cachedTextDecoder = typeof TextDecoder !== "undefined" ? new TextDecoder("utf-8", { ignoreBOM: true, fatal: true }) : { decode: () => {
+  throw Error("TextDecoder not available");
+} };
+if (typeof TextDecoder !== "undefined") {
+  cachedTextDecoder.decode();
+}
+var cachedUint8ArrayMemory0 = null;
+function getUint8ArrayMemory0() {
+  if (cachedUint8ArrayMemory0 === null || cachedUint8ArrayMemory0.byteLength === 0) {
+    cachedUint8ArrayMemory0 = new Uint8Array(wasm.memory.buffer);
+  }
+  return cachedUint8ArrayMemory0;
+}
+function getStringFromWasm0(ptr, len) {
+  ptr = ptr >>> 0;
+  return cachedTextDecoder.decode(getUint8ArrayMemory0().subarray(ptr, ptr + len));
+}
+function isLikeNone(x) {
+  return x === void 0 || x === null;
+}
+function debugString(val) {
+  const type = typeof val;
+  if (type == "number" || type == "boolean" || val == null) {
+    return `${val}`;
+  }
+  if (type == "string") {
+    return `"${val}"`;
+  }
+  if (type == "symbol") {
+    const description = val.description;
+    if (description == null) {
+      return "Symbol";
+    } else {
+      return `Symbol(${description})`;
+    }
+  }
+  if (type == "function") {
+    const name = val.name;
+    if (typeof name == "string" && name.length > 0) {
+      return `Function(${name})`;
+    } else {
+      return "Function";
+    }
+  }
+  if (Array.isArray(val)) {
+    const length = val.length;
+    let debug = "[";
+    if (length > 0) {
+      debug += debugString(val[0]);
+    }
+    for (let i = 1; i < length; i++) {
+      debug += ", " + debugString(val[i]);
+    }
+    debug += "]";
+    return debug;
+  }
+  const builtInMatches = /\[object ([^\]]+)\]/.exec(toString.call(val));
+  let className;
+  if (builtInMatches && builtInMatches.length > 1) {
+    className = builtInMatches[1];
+  } else {
+    return toString.call(val);
+  }
+  if (className == "Object") {
+    try {
+      return "Object(" + JSON.stringify(val) + ")";
+    } catch (_) {
+      return "Object";
+    }
+  }
+  if (val instanceof Error) {
+    return `${val.name}: ${val.message}
+${val.stack}`;
+  }
+  return className;
+}
+var WASM_VECTOR_LEN = 0;
+var cachedTextEncoder = typeof TextEncoder !== "undefined" ? new TextEncoder("utf-8") : { encode: () => {
+  throw Error("TextEncoder not available");
+} };
+var encodeString = typeof cachedTextEncoder.encodeInto === "function" ? function(arg, view) {
+  return cachedTextEncoder.encodeInto(arg, view);
+} : function(arg, view) {
+  const buf = cachedTextEncoder.encode(arg);
+  view.set(buf);
+  return {
+    read: arg.length,
+    written: buf.length
+  };
+};
+function passStringToWasm0(arg, malloc, realloc) {
+  if (realloc === void 0) {
+    const buf = cachedTextEncoder.encode(arg);
+    const ptr2 = malloc(buf.length, 1) >>> 0;
+    getUint8ArrayMemory0().subarray(ptr2, ptr2 + buf.length).set(buf);
+    WASM_VECTOR_LEN = buf.length;
+    return ptr2;
+  }
+  let len = arg.length;
+  let ptr = malloc(len, 1) >>> 0;
+  const mem = getUint8ArrayMemory0();
+  let offset = 0;
+  for (; offset < len; offset++) {
+    const code = arg.charCodeAt(offset);
+    if (code > 127) break;
+    mem[ptr + offset] = code;
+  }
+  if (offset !== len) {
+    if (offset !== 0) {
+      arg = arg.slice(offset);
+    }
+    ptr = realloc(ptr, len, len = offset + arg.length * 3, 1) >>> 0;
+    const view = getUint8ArrayMemory0().subarray(ptr + offset, ptr + len);
+    const ret = encodeString(arg, view);
+    offset += ret.written;
+    ptr = realloc(ptr, len, offset, 1) >>> 0;
+  }
+  WASM_VECTOR_LEN = offset;
+  return ptr;
+}
+var cachedDataViewMemory0 = null;
+function getDataViewMemory0() {
+  if (cachedDataViewMemory0 === null || cachedDataViewMemory0.buffer.detached === true || cachedDataViewMemory0.buffer.detached === void 0 && cachedDataViewMemory0.buffer !== wasm.memory.buffer) {
+    cachedDataViewMemory0 = new DataView(wasm.memory.buffer);
+  }
+  return cachedDataViewMemory0;
+}
+function init_panic_hook() {
+  wasm.init_panic_hook();
+}
+function wasm_memory_info() {
+  const ret = wasm.wasm_memory_info();
+  return ret;
+}
+function test_large_data_limits(size_kb) {
+  const ret = wasm.test_large_data_limits(size_kb);
+  return ret;
+}
+function dkg_start(party_id, t, n, domain_label) {
+  const ptr0 = passStringToWasm0(domain_label, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+  const len0 = WASM_VECTOR_LEN;
+  const ret = wasm.dkg_start(party_id, t, n, ptr0, len0);
+  return ret;
+}
+function dkg_handle(state_blob_json, peer_msg_json) {
+  const ptr0 = passStringToWasm0(state_blob_json, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+  const len0 = WASM_VECTOR_LEN;
+  const ptr1 = passStringToWasm0(peer_msg_json, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+  const len1 = WASM_VECTOR_LEN;
+  const ret = wasm.dkg_handle(ptr0, len0, ptr1, len1);
+  return ret;
+}
+function sign_start(keyshare_b64, digest32_b64, _chain_path) {
+  const ptr0 = passStringToWasm0(keyshare_b64, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+  const len0 = WASM_VECTOR_LEN;
+  const ptr1 = passStringToWasm0(digest32_b64, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+  const len1 = WASM_VECTOR_LEN;
+  const ptr2 = passStringToWasm0(_chain_path, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+  const len2 = WASM_VECTOR_LEN;
+  const ret = wasm.sign_start(ptr0, len0, ptr1, len1, ptr2, len2);
+  return ret;
+}
+function sign_handle(state_blob_json, peer_msg_json) {
+  const ptr0 = passStringToWasm0(state_blob_json, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+  const len0 = WASM_VECTOR_LEN;
+  const ptr1 = passStringToWasm0(peer_msg_json, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+  const len1 = WASM_VECTOR_LEN;
+  const ret = wasm.sign_handle(ptr0, len0, ptr1, len1);
+  return ret;
+}
+function evm_address_from_sec1_pubkey_uncompressed(pk_b64) {
+  let deferred2_0;
+  let deferred2_1;
+  try {
+    const ptr0 = passStringToWasm0(pk_b64, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+    const len0 = WASM_VECTOR_LEN;
+    const ret = wasm.evm_address_from_sec1_pubkey_uncompressed(ptr0, len0);
+    deferred2_0 = ret[0];
+    deferred2_1 = ret[1];
+    return getStringFromWasm0(ret[0], ret[1]);
+  } finally {
+    wasm.__wbindgen_free(deferred2_0, deferred2_1, 1);
+  }
+}
+async function __wbg_load(module2, imports) {
+  if (typeof Response === "function" && module2 instanceof Response) {
+    if (typeof WebAssembly.instantiateStreaming === "function") {
+      try {
+        return await WebAssembly.instantiateStreaming(module2, imports);
+      } catch (e) {
+        if (module2.headers.get("Content-Type") != "application/wasm") {
+          console.warn("`WebAssembly.instantiateStreaming` failed because your server does not serve Wasm with `application/wasm` MIME type. Falling back to `WebAssembly.instantiate` which is slower. Original error:\n", e);
+        } else {
+          throw e;
+        }
+      }
+    }
+    const bytes = await module2.arrayBuffer();
+    return await WebAssembly.instantiate(bytes, imports);
+  } else {
+    const instance = await WebAssembly.instantiate(module2, imports);
+    if (instance instanceof WebAssembly.Instance) {
+      return { instance, module: module2 };
+    } else {
+      return instance;
+    }
+  }
+}
+function __wbg_get_imports() {
+  const imports = {};
+  imports.wbg = {};
+  imports.wbg.__wbg_buffer_609cc3eee51ed158 = function(arg0) {
+    const ret = arg0.buffer;
+    return ret;
+  };
+  imports.wbg.__wbg_call_672a4d21634d4a24 = function() {
+    return handleError(function(arg0, arg1) {
+      const ret = arg0.call(arg1);
+      return ret;
+    }, arguments);
+  };
+  imports.wbg.__wbg_call_7cccdd69e0791ae2 = function() {
+    return handleError(function(arg0, arg1, arg2) {
+      const ret = arg0.call(arg1, arg2);
+      return ret;
+    }, arguments);
+  };
+  imports.wbg.__wbg_crypto_574e78ad8b13b65f = function(arg0) {
+    const ret = arg0.crypto;
+    return ret;
+  };
+  imports.wbg.__wbg_getRandomValues_b8f5dbd5f3995a9e = function() {
+    return handleError(function(arg0, arg1) {
+      arg0.getRandomValues(arg1);
+    }, arguments);
+  };
+  imports.wbg.__wbg_msCrypto_a61aeb35a24c1329 = function(arg0) {
+    const ret = arg0.msCrypto;
+    return ret;
+  };
+  imports.wbg.__wbg_new_405e22f390576ce2 = function() {
+    const ret = new Object();
+    return ret;
+  };
+  imports.wbg.__wbg_new_5e0be73521bc8c17 = function() {
+    const ret = /* @__PURE__ */ new Map();
+    return ret;
+  };
+  imports.wbg.__wbg_new_78feb108b6472713 = function() {
+    const ret = new Array();
+    return ret;
+  };
+  imports.wbg.__wbg_new_a12002a7f91c75be = function(arg0) {
+    const ret = new Uint8Array(arg0);
+    return ret;
+  };
+  imports.wbg.__wbg_newnoargs_105ed471475aaf50 = function(arg0, arg1) {
+    const ret = new Function(getStringFromWasm0(arg0, arg1));
+    return ret;
+  };
+  imports.wbg.__wbg_newwithbyteoffsetandlength_d97e637ebe145a9a = function(arg0, arg1, arg2) {
+    const ret = new Uint8Array(arg0, arg1 >>> 0, arg2 >>> 0);
+    return ret;
+  };
+  imports.wbg.__wbg_newwithlength_a381634e90c276d4 = function(arg0) {
+    const ret = new Uint8Array(arg0 >>> 0);
+    return ret;
+  };
+  imports.wbg.__wbg_node_905d3e251edff8a2 = function(arg0) {
+    const ret = arg0.node;
+    return ret;
+  };
+  imports.wbg.__wbg_process_dc0fbacc7c1c06f7 = function(arg0) {
+    const ret = arg0.process;
+    return ret;
+  };
+  imports.wbg.__wbg_randomFillSync_ac0988aba3254290 = function() {
+    return handleError(function(arg0, arg1) {
+      arg0.randomFillSync(arg1);
+    }, arguments);
+  };
+  imports.wbg.__wbg_require_60cc747a6bc5215a = function() {
+    return handleError(function() {
+      const ret = module.require;
+      return ret;
+    }, arguments);
+  };
+  imports.wbg.__wbg_set_37837023f3d740e8 = function(arg0, arg1, arg2) {
+    arg0[arg1 >>> 0] = arg2;
+  };
+  imports.wbg.__wbg_set_3fda3bac07393de4 = function(arg0, arg1, arg2) {
+    arg0[arg1] = arg2;
+  };
+  imports.wbg.__wbg_set_65595bdd868b3009 = function(arg0, arg1, arg2) {
+    arg0.set(arg1, arg2 >>> 0);
+  };
+  imports.wbg.__wbg_set_8fc6bf8a5b1071d1 = function(arg0, arg1, arg2) {
+    const ret = arg0.set(arg1, arg2);
+    return ret;
+  };
+  imports.wbg.__wbg_static_accessor_GLOBAL_88a902d13a557d07 = function() {
+    const ret = typeof global === "undefined" ? null : global;
+    return isLikeNone(ret) ? 0 : addToExternrefTable0(ret);
+  };
+  imports.wbg.__wbg_static_accessor_GLOBAL_THIS_56578be7e9f832b0 = function() {
+    const ret = typeof globalThis === "undefined" ? null : globalThis;
+    return isLikeNone(ret) ? 0 : addToExternrefTable0(ret);
+  };
+  imports.wbg.__wbg_static_accessor_SELF_37c5d418e4bf5819 = function() {
+    const ret = typeof self === "undefined" ? null : self;
+    return isLikeNone(ret) ? 0 : addToExternrefTable0(ret);
+  };
+  imports.wbg.__wbg_static_accessor_WINDOW_5de37043a91a9c40 = function() {
+    const ret = typeof window === "undefined" ? null : window;
+    return isLikeNone(ret) ? 0 : addToExternrefTable0(ret);
+  };
+  imports.wbg.__wbg_subarray_aa9065fa9dc5df96 = function(arg0, arg1, arg2) {
+    const ret = arg0.subarray(arg1 >>> 0, arg2 >>> 0);
+    return ret;
+  };
+  imports.wbg.__wbg_versions_c01dfd4722a88165 = function(arg0) {
+    const ret = arg0.versions;
+    return ret;
+  };
+  imports.wbg.__wbindgen_bigint_from_i64 = function(arg0) {
+    const ret = arg0;
+    return ret;
+  };
+  imports.wbg.__wbindgen_bigint_from_u64 = function(arg0) {
+    const ret = BigInt.asUintN(64, arg0);
+    return ret;
+  };
+  imports.wbg.__wbindgen_debug_string = function(arg0, arg1) {
+    const ret = debugString(arg1);
+    const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+    const len1 = WASM_VECTOR_LEN;
+    getDataViewMemory0().setInt32(arg0 + 4 * 1, len1, true);
+    getDataViewMemory0().setInt32(arg0 + 4 * 0, ptr1, true);
+  };
+  imports.wbg.__wbindgen_error_new = function(arg0, arg1) {
+    const ret = new Error(getStringFromWasm0(arg0, arg1));
+    return ret;
+  };
+  imports.wbg.__wbindgen_init_externref_table = function() {
+    const table = wasm.__wbindgen_export_2;
+    const offset = table.grow(4);
+    table.set(0, void 0);
+    table.set(offset + 0, void 0);
+    table.set(offset + 1, null);
+    table.set(offset + 2, true);
+    table.set(offset + 3, false);
+    ;
+  };
+  imports.wbg.__wbindgen_is_function = function(arg0) {
+    const ret = typeof arg0 === "function";
+    return ret;
+  };
+  imports.wbg.__wbindgen_is_object = function(arg0) {
+    const val = arg0;
+    const ret = typeof val === "object" && val !== null;
+    return ret;
+  };
+  imports.wbg.__wbindgen_is_string = function(arg0) {
+    const ret = typeof arg0 === "string";
+    return ret;
+  };
+  imports.wbg.__wbindgen_is_undefined = function(arg0) {
+    const ret = arg0 === void 0;
+    return ret;
+  };
+  imports.wbg.__wbindgen_memory = function() {
+    const ret = wasm.memory;
+    return ret;
+  };
+  imports.wbg.__wbindgen_number_new = function(arg0) {
+    const ret = arg0;
+    return ret;
+  };
+  imports.wbg.__wbindgen_string_new = function(arg0, arg1) {
+    const ret = getStringFromWasm0(arg0, arg1);
+    return ret;
+  };
+  imports.wbg.__wbindgen_throw = function(arg0, arg1) {
+    throw new Error(getStringFromWasm0(arg0, arg1));
+  };
+  return imports;
+}
+function __wbg_init_memory(imports, memory) {
+}
+function __wbg_finalize_init(instance, module2) {
+  wasm = instance.exports;
+  __wbg_init.__wbindgen_wasm_module = module2;
+  cachedDataViewMemory0 = null;
+  cachedUint8ArrayMemory0 = null;
+  wasm.__wbindgen_start();
+  return wasm;
+}
+function initSync(module2) {
+  if (wasm !== void 0) return wasm;
+  if (typeof module2 !== "undefined") {
+    if (Object.getPrototypeOf(module2) === Object.prototype) {
+      ({ module: module2 } = module2);
+    } else {
+      console.warn("using deprecated parameters for `initSync()`; pass a single object instead");
+    }
+  }
+  const imports = __wbg_get_imports();
+  __wbg_init_memory(imports);
+  if (!(module2 instanceof WebAssembly.Module)) {
+    module2 = new WebAssembly.Module(module2);
+  }
+  const instance = new WebAssembly.Instance(module2, imports);
+  return __wbg_finalize_init(instance, module2);
+}
+async function __wbg_init(module_or_path) {
+  if (wasm !== void 0) return wasm;
+  if (typeof module_or_path !== "undefined") {
+    if (Object.getPrototypeOf(module_or_path) === Object.prototype) {
+      ({ module_or_path } = module_or_path);
+    } else {
+      console.warn("using deprecated parameters for the initialization function; pass a single object instead");
+    }
+  }
+  if (typeof module_or_path === "undefined") {
+    module_or_path = new URL("dkls23_wasm_bg.wasm", import.meta.url);
+  }
+  const imports = __wbg_get_imports();
+  if (typeof module_or_path === "string" || typeof Request === "function" && module_or_path instanceof Request || typeof URL === "function" && module_or_path instanceof URL) {
+    module_or_path = fetch(module_or_path);
+  }
+  __wbg_init_memory(imports);
+  const { instance, module: module2 } = await __wbg_load(await module_or_path, imports);
+  return __wbg_finalize_init(instance, module2);
+}
+var dkls23_wasm_default = __wbg_init;
+
+// ../../node_modules/.pnpm/viem@2.38.0_bufferutil@4.0.9_typescript@5.9.3_utf-8-validate@5.0.10_zod@3.22.4/node_modules/viem/_esm/index.js
+init_keccak256();
+
+// src/iframe/lib/token-refresh-client.ts
+var TokenRefreshApiClient = class {
+  constructor() {
+    this.pendingTokenRefresh = null;
+    this.tssUrl = "http://localhost:9256";
+  }
+  /**
+   * Make API call with automatic token refresh on 401
+   */
+  async apiCall(method, path, body, projectId, accessToken) {
+    let url = `${this.tssUrl}${path}`;
+    if (projectId) {
+      const separator = url.includes("?") ? "&" : "?";
+      url = `${url}${separator}projectId=${encodeURIComponent(projectId)}`;
+    }
+    const headers = {
+      "Content-Type": "application/json"
+    };
+    if (accessToken) {
+      headers["Authorization"] = `Bearer ${accessToken}`;
+    }
+    try {
+      const response = await fetch(url, {
+        method,
+        headers,
+        body: body ? JSON.stringify(body) : void 0,
+        credentials: "include"
+        // Send cookies
+      });
+      if (response.status === 401 && accessToken) {
+        console.log("[iframe][TokenRefresh] Got 401, checking if TOKEN_EXPIRED...");
+        try {
+          const errorData = await response.json();
+          if (errorData.error_code === "TOKEN_EXPIRED" || errorData.action === "REFRESH_TOKEN") {
+            console.log("[iframe][TokenRefresh] TOKEN_EXPIRED detected, requesting new token from parent...");
+            const newToken = await this.requestNewTokenFromParent();
+            if (newToken) {
+              console.log("[iframe][TokenRefresh] \u2705 Got new token, retrying request...");
+              headers["Authorization"] = `Bearer ${newToken}`;
+              const retryResponse = await fetch(url, {
+                method,
+                headers,
+                body: body ? JSON.stringify(body) : void 0,
+                credentials: "include"
+              });
+              if (!retryResponse.ok) {
+                const retryErrorText = await retryResponse.text();
+                throw new Error(`API call failed after token refresh (${retryResponse.status}): ${retryErrorText}`);
+              }
+              return await retryResponse.json();
+            } else {
+              throw new Error("Failed to refresh access token");
+            }
+          }
+        } catch (parseError) {
+          console.error("[iframe][TokenRefresh] Failed to parse 401 response:", parseError);
+        }
+        throw new Error(`API call failed (401): Authentication required`);
+      }
+      if (!response.ok) {
+        const errorText = await response.text();
+        throw new Error(`API call failed (${response.status}): ${errorText}`);
+      }
+      return await response.json();
+    } catch (error) {
+      console.error(`[iframe][TokenRefresh] API call failed: ${method} ${path}`, error);
+      throw error instanceof Error ? error : new Error("Unknown API error");
+    }
+  }
+  /**
+   * Request new access token from parent window
+   */
+  async requestNewTokenFromParent() {
+    if (this.pendingTokenRefresh) {
+      console.log("[iframe][TokenRefresh] Token refresh already in progress, waiting...");
+      return this.pendingTokenRefresh;
+    }
+    this.pendingTokenRefresh = new Promise((resolve, reject) => {
+      const messageId = `token_refresh_${Date.now()}_${Math.random().toString(36).substring(2, 15)}`;
+      const timeout = setTimeout(() => {
+        cleanup();
+        reject(new Error("Token refresh timeout"));
+      }, 3e4);
+      const messageHandler = (event) => {
+        const message = event.data;
+        if (message && message.type === "TOKEN_REFRESHED" && message.messageId === messageId) {
+          cleanup();
+          if (message.accessToken) {
+            console.log("[iframe][TokenRefresh] \u2705 Received new token from parent");
+            resolve(message.accessToken);
+          } else if (message.error) {
+            console.error("[iframe][TokenRefresh] \u274C Token refresh failed:", message.error);
+            reject(new Error(message.error));
+          } else {
+            reject(new Error("Invalid token refresh response"));
+          }
+        }
+      };
+      const cleanup = () => {
+        clearTimeout(timeout);
+        window.removeEventListener("message", messageHandler);
+        this.pendingTokenRefresh = null;
+      };
+      window.addEventListener("message", messageHandler);
+      if (window.parent && window.parent !== window) {
+        window.parent.postMessage(
+          {
+            type: "REQUEST_NEW_TOKEN",
+            messageId,
+            timestamp: Date.now()
+          },
+          "*"
+          // Parent will validate origin
+        );
+        console.log("[iframe][TokenRefresh] \u{1F4E4} Sent REQUEST_NEW_TOKEN to parent");
+      } else {
+        cleanup();
+        reject(new Error("No parent window available"));
+      }
+    });
+    try {
+      return await this.pendingTokenRefresh;
+    } catch (error) {
+      this.pendingTokenRefresh = null;
+      console.error("[iframe][TokenRefresh] Token refresh failed:", error);
+      return null;
+    }
+  }
+};
+
+// src/iframe/lib/dkg-manager.ts
+var DKGManager = class extends TokenRefreshApiClient {
+  constructor() {
+    super();
+    this.wasmLoaded = false;
+    console.log("[iframe][DKG] Initialized with TSS URL:", this.tssUrl);
+  }
+  /**
+   * Initialize WASM module
+   */
+  async initialize() {
+    if (this.wasmLoaded) return;
+    try {
+      await dkls23_wasm_default();
+      this.wasmLoaded = true;
+      console.log("[iframe][DKG] \u2705 WASM module loaded");
+      globalThis.__tss_wasm_api__ = dkls23_wasm_exports;
+      globalThis.__tss_wasm_active__ = true;
+      if (typeof wasm_memory_info === "function") {
+        try {
+          const memInfo = wasm_memory_info();
+          console.log("[iframe][DKG] WASM memory:", memInfo);
+        } catch {
+        }
+      }
+    } catch (error) {
+      this.wasmLoaded = true;
+      console.error("[iframe][DKG] Failed to load WASM:", error);
+      throw new Error("Failed to initialize TSS WASM module");
+    }
+  }
+  /**
+   * Perform complete DKG protocol
+   */
+  async performDKG(userId, projectId, accessToken) {
+    if (!this.wasmLoaded) {
+      await this.initialize();
+    }
+    console.log("[iframe][DKG] Starting DKG for user:", userId, "projectId:", projectId, "hasToken:", !!accessToken);
+    const CLIENT_PARTY_ID = 1;
+    const THRESHOLD = 2;
+    const TOTAL_PARTIES = 2;
+    const DOMAIN_LABEL = this.generateDomainLabel(userId);
+    const clientStartResult = dkg_start(
+      CLIENT_PARTY_ID,
+      THRESHOLD,
+      TOTAL_PARTIES,
+      DOMAIN_LABEL
+    );
+    if (!Array.isArray(clientStartResult) || clientStartResult.length < 2) {
+      throw new Error("Invalid dkg_start result format");
+    }
+    let clientState = clientStartResult[0];
+    const clientMsg1 = clientStartResult[1];
+    console.log("[iframe][DKG] Client started, sending to server...");
+    const serverStartResponse = await this.apiCall("POST", `/api/tss/${userId}/dkg/start`, {
+      threshold: THRESHOLD,
+      parties: TOTAL_PARTIES,
+      domainLabel: DOMAIN_LABEL
+    }, projectId, accessToken);
+    const { sessionId, msg1: serverMsg1 } = serverStartResponse;
+    if (!serverMsg1?.kind || !serverMsg1.data_b64) {
+      throw new Error("Invalid server msg1 format");
+    }
+    console.log("[iframe][DKG] Server started, sessionId:", sessionId);
+    console.log("[iframe][DKG] Round 1: Exchanging messages...");
+    const round1Response = await this.apiCall("POST", `/api/tss/${userId}/dkg/round`, {
+      sessionId,
+      clientMsg: clientMsg1
+    }, projectId, accessToken);
+    const serverMsg2 = this.extractServerMessage(round1Response);
+    const clientR2Result = dkg_handle(
+      JSON.stringify({ bytes_b64: clientState.bytes_b64 }),
+      JSON.stringify(serverMsg1)
+    );
+    clientState = clientR2Result[0];
+    const clientMsg2 = clientR2Result[1];
+    console.log("[iframe][DKG] Round 2: Exchanging messages...");
+    const round2Response = await this.apiCall("POST", `/api/tss/${userId}/dkg/round`, {
+      sessionId,
+      clientMsg: clientMsg2
+    }, projectId, accessToken);
+    const serverMsg3 = this.extractServerMessage(round2Response);
+    const clientR3Result = dkg_handle(
+      JSON.stringify({ bytes_b64: clientState.bytes_b64 }),
+      JSON.stringify(serverMsg2)
+    );
+    clientState = clientR3Result[0];
+    const clientMsg3 = clientR3Result[1];
+    console.log("[iframe][DKG] Round 3 (Final): Getting public key...");
+    const finalResponse = await this.apiCall("POST", `/api/tss/${userId}/dkg/round`, {
+      sessionId,
+      clientMsg: clientMsg3
+    }, projectId, accessToken);
+    if (!finalResponse.publicKey && !finalResponse.pubkey) {
+      throw new Error("No public key in final response");
+    }
+    const publicKey = finalResponse.publicKey || finalResponse.pubkey;
+    console.log("[iframe][DKG] Processing final client keyshare...");
+    const clientFinalResult = dkg_handle(
+      JSON.stringify({ bytes_b64: clientState.bytes_b64 }),
+      JSON.stringify(serverMsg3)
+    );
+    if (!Array.isArray(clientFinalResult) || clientFinalResult.length < 3) {
+      throw new Error("Invalid final dkg_handle result format");
+    }
+    const clientFinish = clientFinalResult[2];
+    if (!clientFinish?.keyshare_b64) {
+      throw new Error("No keyshare_b64 in final result");
+    }
+    const ownerAddress = this.deriveAddress(publicKey);
+    console.log("[iframe][DKG] \u2705 DKG completed successfully");
+    console.log("[iframe][DKG] Owner address:", ownerAddress);
+    return {
+      keyshare: clientFinish,
+      ownerAddress,
+      sessionId
+    };
+  }
+  /**
+   * Derive Ethereum address from uncompressed public key
+   */
+  deriveAddress(publicKeyBase64) {
+    const b64decoded = atob(publicKeyBase64);
+    const bytes = new Uint8Array(b64decoded.length);
+    for (let i = 0; i < b64decoded.length; i++) {
+      bytes[i] = b64decoded.charCodeAt(i);
+    }
+    const pubkeyBytes = bytes.slice(1);
+    const pubkeyHex = Array.from(pubkeyBytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+    const hash = keccak256(`0x${pubkeyHex}`);
+    const addr = hash.slice(-40);
+    return this.toChecksumAddress(`0x${addr}`);
+  }
+  /**
+   * Apply EIP-55 checksum to address
+   */
+  toChecksumAddress(address) {
+    const addr = address.toLowerCase().replace("0x", "");
+    const encoder3 = new TextEncoder();
+    const addrBytes = encoder3.encode(addr);
+    const hash = keccak256(addrBytes).replace("0x", "");
+    let checksumAddress = "0x";
+    for (let i = 0; i < addr.length; i++) {
+      checksumAddress += parseInt(hash[i], 16) >= 8 ? addr[i].toUpperCase() : addr[i];
+    }
+    return checksumAddress;
+  }
+  /**
+   * Generate secure domain label for DKG
+   */
+  generateDomainLabel(userId) {
+    const timestamp = Date.now();
+    const randomBytes = new Uint8Array(16);
+    crypto.getRandomValues(randomBytes);
+    const randomHex = Array.from(randomBytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+    return `dkls23:2of2:aa:${userId}:${timestamp}:${randomHex}`;
+  }
+  /**
+   * Extract server message from response
+   */
+  extractServerMessage(response) {
+    return response?.msgNext || response?.msg_next || response?.msg || null;
+  }
+};
+
+// src/iframe/lib/storage-manager.ts
+var StorageManager = class {
+  constructor() {
+    if (typeof window === "undefined" || !window.localStorage) {
+      throw new Error("localStorage not available in iframe");
+    }
+    this.storage = window.localStorage;
+    console.log("[iframe][Storage] Initialized");
+    console.log("[iframe][Storage] Origin:", window.location.origin);
+  }
+  /**
+   * Save keyshare to IFRAME localStorage
+   * CRITICAL: This is the secure isolated storage
+   */
+  saveKeyshare(userId, data) {
+    try {
+      const keyshareKey = `tss.${userId}.keyshare`;
+      this.storage.setItem(keyshareKey, JSON.stringify({
+        keyshare_b64: data.keyshare_b64
+      }));
+      this.storage.setItem(`tss.${userId}.ownerAddress`, data.ownerAddress);
+      this.storage.setItem(`tss.${userId}.sessionId`, data.sessionId);
+      console.log(`[iframe][Storage] \u2705 Saved keyshare for user: ${userId}`);
+      console.log(`[iframe][Storage] Storage origin: ${window.location.origin}`);
+    } catch (error) {
+      console.error("[iframe][Storage] Failed to save keyshare:", error);
+      throw new Error(`Failed to save keyshare: ${error instanceof Error ? error.message : "Unknown error"}`);
+    }
+  }
+  /**
+   * Load keyshare from IFRAME localStorage
+   */
+  loadKeyshare(userId) {
+    try {
+      const keyshareKey = `tss.${userId}.keyshare`;
+      const keyshareData = this.storage.getItem(keyshareKey);
+      if (!keyshareData) {
+        console.log(`[iframe][Storage] No keyshare found for user: ${userId}`);
+        return null;
+      }
+      const parsed = JSON.parse(keyshareData);
+      const ownerAddress = this.storage.getItem(`tss.${userId}.ownerAddress`);
+      const sessionId = this.storage.getItem(`tss.${userId}.sessionId`);
+      if (!ownerAddress || !sessionId) {
+        console.error("[iframe][Storage] Missing owner address or session ID");
+        return null;
+      }
+      return {
+        keyshare_b64: parsed.keyshare_b64,
+        ownerAddress,
+        sessionId
+      };
+    } catch (error) {
+      console.error("[iframe][Storage] Failed to load keyshare:", error);
+      return null;
+    }
+  }
+  /**
+   * Check if keyshare exists for user
+   */
+  hasKeyshare(userId) {
+    const keyshareKey = `tss.${userId}.keyshare`;
+    const ownerAddressKey = `tss.${userId}.ownerAddress`;
+    const hasKeyshare = this.storage.getItem(keyshareKey) !== null;
+    const hasAddress = this.storage.getItem(ownerAddressKey) !== null;
+    return hasKeyshare && hasAddress;
+  }
+  /**
+   * Get owner address for user
+   */
+  getOwnerAddress(userId) {
+    const address = this.storage.getItem(`tss.${userId}.ownerAddress`);
+    return address ? address : null;
+  }
+  /**
+   * Get session ID for user
+   */
+  getSessionId(userId) {
+    return this.storage.getItem(`tss.${userId}.sessionId`);
+  }
+  /**
+   * Remove keyshare for user
+   */
+  removeKeyshare(userId) {
+    try {
+      this.storage.removeItem(`tss.${userId}.keyshare`);
+      this.storage.removeItem(`tss.${userId}.ownerAddress`);
+      this.storage.removeItem(`tss.${userId}.sessionId`);
+      const allKeys = Object.keys(this.storage);
+      const userKeys = allKeys.filter((key) => key.startsWith(`tss.${userId}.`));
+      userKeys.forEach((key) => this.storage.removeItem(key));
+      console.log(`[iframe][Storage] \u2705 Removed keyshare for user: ${userId}`);
+    } catch (error) {
+      console.error("[iframe][Storage] Failed to remove keyshare:", error);
+      throw new Error(`Failed to remove keyshare: ${error instanceof Error ? error.message : "Unknown error"}`);
+    }
+  }
+  /**
+   * List all users with keyshares (for debugging)
+   */
+  listUsers() {
+    const allKeys = Object.keys(this.storage);
+    const keyshareKeys = allKeys.filter((key) => key.endsWith(".keyshare"));
+    return keyshareKeys.map((key) => {
+      const match = key.match(/^tss\.(.+)\.keyshare$/);
+      return match ? match[1] : null;
+    }).filter(Boolean);
+  }
+  /**
+   * Get storage statistics (for debugging)
+   */
+  getStats() {
+    const allKeys = Object.keys(this.storage);
+    const users = this.listUsers();
+    let storageSize = 0;
+    allKeys.forEach((key) => {
+      const value = this.storage.getItem(key);
+      if (value) {
+        storageSize += key.length + value.length;
+      }
+    });
+    return {
+      totalKeys: allKeys.length,
+      users: users.length,
+      storageSize
+    };
+  }
+};
+
+// src/iframe/lib/trusted-apps-manager.ts
+var STORAGE_KEY = "lumia_passport_trusted_apps";
+var TrustedAppsManager = class {
+  /**
+   * Check if app is trusted by user
+   */
+  isTrusted(userId, projectId, origin) {
+    const trustedApps = this.getTrustedApps();
+    return trustedApps.some(
+      (app) => app.userId === userId && app.projectId === projectId && app.origin === origin
+    );
+  }
+  /**
+   * Add app to trusted list
+   */
+  addTrustedApp(userId, projectId, origin) {
+    console.log("[TrustedApps] Adding trusted app:", { userId, projectId, origin });
+    const trustedApps = this.getTrustedApps();
+    const exists = trustedApps.some(
+      (app) => app.userId === userId && app.projectId === projectId && app.origin === origin
+    );
+    if (exists) {
+      console.log("[TrustedApps] App already trusted");
+      return;
+    }
+    trustedApps.push({
+      userId,
+      projectId,
+      origin,
+      trustedAt: Date.now()
+    });
+    this.saveTrustedApps(trustedApps);
+    console.log("[TrustedApps] \u2705 App added to trusted list");
+  }
+  /**
+   * Remove app from trusted list
+   */
+  removeTrustedApp(userId, projectId, origin) {
+    console.log("[TrustedApps] Removing trusted app:", { userId, projectId, origin });
+    const trustedApps = this.getTrustedApps();
+    const filtered = trustedApps.filter(
+      (app) => !(app.userId === userId && app.projectId === projectId && app.origin === origin)
+    );
+    this.saveTrustedApps(filtered);
+    console.log("[TrustedApps] \u2705 App removed from trusted list");
+  }
+  /**
+   * Get all trusted apps for a user
+   */
+  getTrustedAppsForUser(userId) {
+    const trustedApps = this.getTrustedApps();
+    return trustedApps.filter((app) => app.userId === userId);
+  }
+  /**
+   * Clear all trusted apps for a user
+   */
+  clearTrustedAppsForUser(userId) {
+    console.log("[TrustedApps] Clearing all trusted apps for user:", userId);
+    const trustedApps = this.getTrustedApps();
+    const filtered = trustedApps.filter((app) => app.userId !== userId);
+    this.saveTrustedApps(filtered);
+    console.log("[TrustedApps] \u2705 Trusted apps cleared for user");
+  }
+  /**
+   * Get all trusted apps from storage
+   */
+  getTrustedApps() {
+    try {
+      const data = localStorage.getItem(STORAGE_KEY);
+      if (!data) {
+        return [];
+      }
+      const apps = JSON.parse(data);
+      return Array.isArray(apps) ? apps : [];
+    } catch (error) {
+      console.error("[TrustedApps] Error reading trusted apps:", error);
+      return [];
+    }
+  }
+  /**
+   * Save trusted apps to storage
+   */
+  saveTrustedApps(apps) {
+    try {
+      localStorage.setItem(STORAGE_KEY, JSON.stringify(apps));
+    } catch (error) {
+      console.error("[TrustedApps] Error saving trusted apps:", error);
+      throw new Error("Failed to save trusted apps");
+    }
+  }
+};
+
+// src/iframe/lib/signing-manager.ts
+var SigningManager = class extends TokenRefreshApiClient {
+  constructor() {
+    super();
+    this.wasmLoaded = false;
+    this.storage = new StorageManager();
+    this.trustedApps = new TrustedAppsManager();
+    console.log("[iframe][Sign] Initialized with TSS URL:", this.tssUrl);
+  }
+  /**
+   * Initialize WASM module
+   */
+  async initialize() {
+    if (this.wasmLoaded) return;
+    try {
+      await dkls23_wasm_default();
+      this.wasmLoaded = true;
+      console.log("[iframe][Sign] \u2705 WASM module loaded");
+      globalThis.__tss_wasm_api__ = dkls23_wasm_exports;
+    } catch (error) {
+      console.error("[iframe][Sign] Failed to load WASM:", error);
+      throw new Error("Failed to initialize signing WASM module");
+    }
+  }
+  /**
+   * Sign transaction with user confirmation
+   */
+  async signTransaction(userId, projectId, origin, transaction, accessToken) {
+    if (!this.wasmLoaded) {
+      await this.initialize();
+    }
+    console.log("[iframe][Sign] Signing transaction for user:", userId);
+    console.log("[iframe][Sign] Transaction details:", transaction);
+    console.log("[iframe][Sign] Loading keyshare...");
+    const keyshareData = this.storage.loadKeyshare(userId);
+    if (!keyshareData) {
+      throw new Error("No keyshare found. Please complete DKG first.");
+    }
+    console.log("[iframe][Sign] \u2713 Keyshare loaded");
+    const projectInfo = {
+      id: projectId,
+      name: "Application",
+      logoUrl: "",
+      website: origin,
+      domains: [origin]
+    };
+    const isTrusted = this.trustedApps.isTrusted(userId, projectId, origin);
+    console.log("[iframe][Sign] App trusted status:", isTrusted);
+    if (!isTrusted) {
+      console.log("[iframe][Sign] Assessing risk...");
+      const risk = await this.assessRisk(transaction);
+      console.log("[iframe][Sign] \u2713 Risk assessment:", risk);
+      console.log("[iframe][Sign] Showing confirmation dialog...");
+      const confirmResult = await this.showConfirmationDialog(
+        userId,
+        projectId,
+        projectInfo,
+        origin,
+        transaction,
+        risk
+      );
+      console.log("[iframe][Sign] Confirmation result:", confirmResult);
+      if (!confirmResult.confirmed) {
+        throw new Error("User rejected transaction");
+      }
+      if (confirmResult.trustApp) {
+        this.trustedApps.addTrustedApp(userId, projectId, origin);
+      }
+    } else {
+      console.log("[iframe][Sign] \u2705 App is trusted, skipping confirmation");
+    }
+    const digest32 = transaction.digest32 || this.computeTransactionHash(transaction);
+    console.log("[iframe][Sign] Using digest for signing:", digest32);
+    console.log("[iframe][Sign] Digest was pre-computed:", !!transaction.digest32);
+    const signature = await this.performMPCSigning(userId, keyshareData, digest32, projectId, accessToken);
+    console.log("[iframe][Sign] \u2705 Transaction signed");
+    return signature;
+  }
+  /**
+   * Perform MPC signing protocol
+   */
+  async performMPCSigning(userId, keyshareData, digest32, projectId, accessToken) {
+    const keyshare = keyshareData.keyshare_b64;
+    const sessionId = keyshareData.sessionId;
+    const digestHex = digest32.startsWith("0x") ? digest32.slice(2) : digest32;
+    const digestBytes = this.hexToBytes(digestHex);
+    const digestB64 = btoa(String.fromCharCode(...digestBytes));
+    const CHAIN_PATH = "m";
+    console.log("[iframe][Sign] Starting MPC signing protocol...");
+    const clientSignStartResult = sign_start(keyshare, digestB64, CHAIN_PATH);
+    if (!Array.isArray(clientSignStartResult) || clientSignStartResult.length < 2) {
+      throw new Error("Invalid sign_start result format");
+    }
+    let clientState = clientSignStartResult[0];
+    const clientMsg1 = clientSignStartResult[1];
+    const serverStartResponse = await this.apiCall("POST", `/api/tss/${userId}/sign/start`, {
+      sessionId,
+      digest32,
+      chainPath: CHAIN_PATH
+    }, projectId, accessToken);
+    const serverMsg1 = serverStartResponse.msg1;
+    if (!serverMsg1?.kind || !serverMsg1.data_b64) {
+      throw new Error("Invalid server msg1 format");
+    }
+    const clientR2Result = sign_handle(
+      JSON.stringify({ bytes_b64: clientState.bytes_b64 }),
+      JSON.stringify(serverMsg1)
+    );
+    clientState = clientR2Result[0];
+    const clientMsg2 = clientR2Result[1];
+    const serverR2Response = await this.apiCall("POST", `/api/tss/${userId}/sign/round`, {
+      sessionId,
+      clientMsg: clientMsg1
+    }, projectId, accessToken);
+    const serverMsg2 = this.extractServerMessage(serverR2Response);
+    const clientR3Result = sign_handle(
+      JSON.stringify({ bytes_b64: clientState.bytes_b64 }),
+      JSON.stringify(serverMsg2)
+    );
+    clientState = clientR3Result[0];
+    const clientMsg3 = clientR3Result[1];
+    const serverR3Response = await this.apiCall("POST", `/api/tss/${userId}/sign/round`, {
+      sessionId,
+      clientMsg: clientMsg2
+    }, projectId, accessToken);
+    const serverMsg3 = this.extractServerMessage(serverR3Response);
+    const clientFinalResult = sign_handle(
+      JSON.stringify({ bytes_b64: clientState.bytes_b64 }),
+      JSON.stringify(serverMsg3)
+    );
+    if (!Array.isArray(clientFinalResult) || clientFinalResult.length < 3) {
+      throw new Error("Invalid final sign_handle result");
+    }
+    const clientSignature = clientFinalResult[2];
+    await this.apiCall("POST", `/api/tss/${userId}/sign/round`, {
+      sessionId,
+      clientMsg: clientMsg3
+    }, projectId, accessToken);
+    const signature = this.formatSignature(clientSignature);
+    return signature;
+  }
+  /**
+   * Show transaction confirmation dialog
+   */
+  async showConfirmationDialog(userId, projectId, project, origin, transaction, risk) {
+    this.showIframe();
+    return new Promise((resolve) => {
+      console.log("[iframe][Sign] Creating modal element...");
+      const modal = this.createConfirmationModal(userId, projectId, project, origin, transaction, risk);
+      console.log("[iframe][Sign] Modal created:", modal);
+      const confirmBtn = modal.querySelector(".confirm-btn");
+      const cancelBtn = modal.querySelector(".cancel-btn");
+      const trustCheckbox = modal.querySelector(".trust-app-checkbox");
+      console.log("[iframe][Sign] Found elements:", {
+        confirmBtn: !!confirmBtn,
+        cancelBtn: !!cancelBtn,
+        trustCheckbox: !!trustCheckbox
+      });
+      confirmBtn?.addEventListener("click", (e) => {
+        console.log("[iframe][Sign] Confirm button clicked, isTrusted:", e.isTrusted);
+        if (e.isTrusted) {
+          const trustApp = trustCheckbox?.checked || false;
+          console.log("[iframe][Sign] Trust app checkbox:", trustApp);
+          modal.remove();
+          this.hideIframe();
+          resolve({ confirmed: true, trustApp });
+        }
+      });
+      cancelBtn?.addEventListener("click", () => {
+        console.log("[iframe][Sign] Cancel button clicked");
+        modal.remove();
+        this.hideIframe();
+        resolve({ confirmed: false, trustApp: false });
+      });
+      console.log("[iframe][Sign] Appending modal to body...");
+      document.body.appendChild(modal);
+      console.log("[iframe][Sign] Modal appended, children count:", document.body.children.length);
+      const computedStyle = window.getComputedStyle(modal);
+      const rect = modal.getBoundingClientRect();
+      console.log("[iframe][Sign] Modal computed styles:", {
+        display: computedStyle.display,
+        position: computedStyle.position,
+        zIndex: computedStyle.zIndex,
+        visibility: computedStyle.visibility,
+        opacity: computedStyle.opacity,
+        width: computedStyle.width,
+        height: computedStyle.height
+      });
+      console.log("[iframe][Sign] Modal position (rect):", {
+        top: rect.top,
+        left: rect.left,
+        width: rect.width,
+        height: rect.height,
+        inViewport: rect.top >= 0 && rect.left >= 0 && rect.bottom <= window.innerHeight && rect.right <= window.innerWidth
+      });
+    });
+  }
+  /**
+   * Create confirmation modal UI
+   */
+  createConfirmationModal(userId, projectId, project, origin, transaction, risk) {
+    const modal = document.createElement("div");
+    modal.className = "transaction-confirmation-modal";
+    const riskClass = risk.level.toLowerCase();
+    const isUserOp = !!transaction.userOpDetails;
+    const formatHex = (value, maxLength = 20) => {
+      if (!value) return "N/A";
+      if (value.length > maxLength) {
+        return `${value.substring(0, maxLength)}...`;
+      }
+      return value;
+    };
+    const formatGas = (gasLimit, gasPrice) => {
+      if (!gasLimit || !gasPrice) return "N/A";
+      try {
+        const gas = BigInt(gasLimit);
+        const price = BigInt(gasPrice);
+        const totalWei = gas * price;
+        const totalEth = Number(totalWei) / 1e18;
+        return totalEth.toFixed(9) + " ETH";
+      } catch {
+        return "N/A";
+      }
+    };
+    const isSponsored = isUserOp && !!transaction.userOpDetails?.paymaster;
+    const estimatedCost = isSponsored ? "0 (Sponsored)" : "Free (Sponsored Transaction)";
+    modal.innerHTML = `
+      <div class="modal-overlay">
+        <div class="modal-content">
+          <div class="app-identity">
+            <div class="app-info">
+              <h3>${project.name}</h3>
+              <p class="origin">${origin}</p>
+            </div>
+          </div>
+
+          <h2>Confirm Transaction</h2>
+
+          ${risk.level !== "LOW" ? `
+            <div class="risk-warning ${riskClass}">
+              <strong>\u26A0\uFE0F ${risk.level} RISK</strong>
+              ${risk.reasons.map((r) => `<p>\u2022 ${r}</p>`).join("")}
+            </div>
+          ` : ""}
+
+          <div class="tx-details">
+            <div class="detail-row">
+              <span><strong>From:</strong></span>
+              <code>${formatHex(transaction.userOpDetails?.sender || transaction.to, 16)}</code>
+            </div>
+
+            ${isUserOp && transaction.userOpDetails?.callData && transaction.userOpDetails.callData !== "0x" ? `
+              <div class="detail-row">
+                <span><strong>Action:</strong></span>
+                <span>Contract Interaction</span>
+              </div>
+            ` : ""}
+
+            <div class="detail-row">
+              <span><strong>Estimated Cost:</strong></span>
+              <strong style="color: #10b981;">${estimatedCost}</strong>
+            </div>
+
+            ${isSponsored ? `
+              <div class="security-notice" style="background: #d1fae5; border-left-color: #10b981; margin-top: 1rem;">
+                <p>\u2713 Gas fees will be paid by the application (no cost to you)</p>
+              </div>
+            ` : ""}
+          </div>
+
+          <div class="security-notice">
+            <p>\u26A0\uFE0F Please verify this transaction carefully before confirming.</p>
+          </div>
+
+          <div class="trust-app-section">
+            <label class="trust-app-label">
+              <input type="checkbox" class="trust-app-checkbox" />
+              <span>Trust this application and skip confirmation for future transactions</span>
+            </label>
+          </div>
+
+          <div class="actions">
+            <button class="cancel-btn">Reject</button>
+            <button class="confirm-btn">Confirm</button>
+          </div>
+        </div>
+      </div>
+    `;
+    return modal;
+  }
+  /**
+   * Assess transaction risk
+   */
+  async assessRisk(transaction) {
+    const reasons = [];
+    let score = 0;
+    const valueEth = parseFloat(transaction.value);
+    if (valueEth > 1) {
+      score += 20;
+      reasons.push(`High value transaction (${valueEth} ETH)`);
+    }
+    if (transaction.data && transaction.data !== "0x" && transaction.data.length > 2) {
+      score += 10;
+      reasons.push("Contract interaction detected");
+    }
+    let level;
+    if (score >= 50) level = "CRITICAL";
+    else if (score >= 30) level = "HIGH";
+    else if (score >= 15) level = "MEDIUM";
+    else level = "LOW";
+    return { level, score, reasons };
+  }
+  /**
+   * Compute transaction hash (simplified, adjust for your needs)
+   */
+  computeTransactionHash(transaction) {
+    const encoder3 = new TextEncoder();
+    const data = encoder3.encode(JSON.stringify(transaction));
+    let hash = 0;
+    for (let i = 0; i < data.length; i++) {
+      hash = (hash << 5) - hash + data[i];
+      hash = hash & hash;
+    }
+    const hashHex = Math.abs(hash).toString(16).padStart(64, "0");
+    return `0x${hashHex}`;
+  }
+  formatValue(value) {
+    try {
+      const eth = parseFloat(value);
+      return eth.toFixed(6);
+    } catch {
+      return value;
+    }
+  }
+  formatSignature(sig) {
+    if (typeof sig === "string") return sig;
+    if (sig && typeof sig === "object" && sig.r_b64 && sig.s_b64) {
+      const rBytes = Uint8Array.from(atob(sig.r_b64), (c) => c.charCodeAt(0));
+      const sBytes = Uint8Array.from(atob(sig.s_b64), (c) => c.charCodeAt(0));
+      const r = Array.from(rBytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+      const s = Array.from(sBytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+      const v = (Number(sig.recid) + 27).toString(16).padStart(2, "0");
+      return `0x${r}${s}${v}`;
+    }
+    throw new Error("Invalid signature format");
+  }
+  hexToBytes(hex) {
+    const bytes = new Uint8Array(hex.length / 2);
+    for (let i = 0; i < hex.length; i += 2) {
+      bytes[i / 2] = parseInt(hex.substring(i, i + 2), 16);
+    }
+    return bytes;
+  }
+  extractServerMessage(response) {
+    return response?.msgNext || response?.msg_next || response?.msg || null;
+  }
+  /**
+   * Show iframe (notify parent)
+   */
+  showIframe() {
+    if (window.parent !== window) {
+      window.parent.postMessage({ type: "SHOW_IFRAME", timestamp: Date.now() }, "*");
+      console.log("[iframe][Sign] Requested parent to show iframe");
+    }
+  }
+  /**
+   * Hide iframe (notify parent)
+   */
+  hideIframe() {
+    if (window.parent !== window) {
+      window.parent.postMessage({ type: "HIDE_IFRAME", timestamp: Date.now() }, "*");
+      console.log("[iframe][Sign] Requested parent to hide iframe");
+    }
+  }
+};
+
+// src/iframe/lib/authorization-manager.ts
+var AuthorizationManager = class {
+  constructor() {
+    this.STORAGE_KEY_PREFIX = "auth";
+    console.log("[iframe][Auth] Initialized");
+  }
+  /**
+   * Check if user has authorized a project
+   */
+  async checkAuthorization(userId, projectId) {
+    const key = this.getAuthKey(userId, projectId);
+    const authData = localStorage.getItem(key);
+    if (!authData) {
+      return false;
+    }
+    try {
+      const auth = JSON.parse(authData);
+      console.log(`[iframe][Auth] User ${userId} authorized for project ${projectId}`);
+      return true;
+    } catch (error) {
+      console.error("[iframe][Auth] Failed to parse authorization:", error);
+      return false;
+    }
+  }
+  /**
+   * Store user authorization for a project
+   */
+  async storeAuthorization(userId, projectId, origin) {
+    const auth = {
+      userId,
+      projectId,
+      authorizedAt: Date.now(),
+      origin
+    };
+    const key = this.getAuthKey(userId, projectId);
+    localStorage.setItem(key, JSON.stringify(auth));
+    console.log(`[iframe][Auth] \u2705 Stored authorization: ${userId} -> ${projectId}`);
+  }
+  /**
+   * Revoke user authorization for a project
+   */
+  async revokeAuthorization(userId, projectId) {
+    const key = this.getAuthKey(userId, projectId);
+    localStorage.removeItem(key);
+    console.log(`[iframe][Auth] \u2705 Revoked authorization: ${userId} -> ${projectId}`);
+  }
+  /**
+   * Get all authorizations for a user
+   */
+  async getUserAuthorizations(userId) {
+    const authorizations = [];
+    const prefix = `${this.STORAGE_KEY_PREFIX}.${userId}.`;
+    for (let i = 0; i < localStorage.length; i++) {
+      const key = localStorage.key(i);
+      if (key && key.startsWith(prefix)) {
+        try {
+          const authData = localStorage.getItem(key);
+          if (authData) {
+            const auth = JSON.parse(authData);
+            authorizations.push(auth);
+          }
+        } catch (error) {
+          console.error(`[iframe][Auth] Failed to parse auth for key ${key}:`, error);
+        }
+      }
+    }
+    return authorizations;
+  }
+  /**
+   * Request user authorization with consent screen
+   */
+  async requestAuthorization(project, origin) {
+    this.showIframe();
+    return new Promise((resolve) => {
+      const modal = this.createAuthorizationModal(project, origin);
+      const authorizeBtn = modal.querySelector(".authorize-btn");
+      const cancelBtn = modal.querySelector(".cancel-btn");
+      const cleanup = (result) => {
+        console.log(`[iframe][Auth] Cleaning up modal, result: ${result}`);
+        modal.remove();
+        this.hideIframe();
+        console.log(`[iframe][Auth] Resolving with result: ${result}`);
+        resolve(result);
+      };
+      authorizeBtn?.addEventListener("click", (e) => {
+        console.log(`[iframe][Auth] Authorize button clicked, isTrusted: ${e.isTrusted}`);
+        if (e.isTrusted) {
+          console.log(`[iframe][Auth] User authorized project: ${project.id}`);
+          cleanup(true);
+        } else {
+          console.warn(`[iframe][Auth] Untrusted click event ignored`);
+        }
+      });
+      cancelBtn?.addEventListener("click", () => {
+        console.log(`[iframe][Auth] Cancel button clicked`);
+        console.log(`[iframe][Auth] User denied authorization for project: ${project.id}`);
+        cleanup(false);
+      });
+      document.body.appendChild(modal);
+    });
+  }
+  /**
+   * Show iframe (notify parent)
+   */
+  showIframe() {
+    if (window.parent !== window) {
+      window.parent.postMessage({ type: "SHOW_IFRAME", timestamp: Date.now() }, "*");
+      console.log("[iframe][Auth] Requested parent to show iframe");
+    }
+  }
+  /**
+   * Hide iframe (notify parent)
+   */
+  hideIframe() {
+    if (window.parent !== window) {
+      window.parent.postMessage({ type: "HIDE_IFRAME", timestamp: Date.now() }, "*");
+      console.log("[iframe][Auth] Requested parent to hide iframe");
+    }
+  }
+  /**
+   * Create authorization consent modal
+   */
+  createAuthorizationModal(project, origin) {
+    const modal = document.createElement("div");
+    modal.className = "authorization-modal";
+    const isVerifiedOrigin = project.domains.includes(origin);
+    modal.innerHTML = `
+      <div class="modal-overlay">
+        <div class="modal-content">
+          <div class="app-identity">
+            ${project.logoUrl ? `<img src="${project.logoUrl}" alt="${project.name}" class="app-logo" />` : ""}
+            <h2>${project.name}</h2>
+            <div class="app-origin ${isVerifiedOrigin ? "verified" : "unverified"}">
+              ${isVerifiedOrigin ? "\u2713" : "\u26A0\uFE0F"} ${origin}
+            </div>
+          </div>
+
+          <div class="consent-message">
+            <p><strong>${project.name}</strong> wants to use your Lumia wallet.</p>
+          </div>
+
+          <div class="permissions-list">
+            <h3>This application will be able to:</h3>
+            <ul>
+              <li>\u2713 View your wallet address</li>
+              <li>\u2713 Request transaction signatures</li>
+              <li>\u2713 View your public transaction history</li>
+            </ul>
+          </div>
+
+          ${!isVerifiedOrigin ? `
+            <div class="security-warning">
+              <p>\u26A0\uFE0F <strong>Warning:</strong> This domain is not verified for ${project.name}</p>
+              <p>Expected: ${project.domains.join(", ")}</p>
+              <p>Actual: ${origin}</p>
+            </div>
+          ` : ""}
+
+          <div class="security-notice">
+            <p>\u26A0\uFE0F Only authorize applications you trust. You can revoke access at any time in settings.</p>
+          </div>
+
+          <div class="actions">
+            <button class="cancel-btn">Cancel</button>
+            <button class="authorize-btn" ${!isVerifiedOrigin ? "disabled" : ""}>
+              Authorize
+            </button>
+          </div>
+        </div>
+      </div>
+    `;
+    return modal;
+  }
+  /**
+   * Get storage key for authorization
+   */
+  getAuthKey(userId, projectId) {
+    return `${this.STORAGE_KEY_PREFIX}.${userId}.${projectId}`;
+  }
+  /**
+   * Clear all authorizations for a user (for logout/cleanup)
+   */
+  async clearUserAuthorizations(userId) {
+    const prefix = `${this.STORAGE_KEY_PREFIX}.${userId}.`;
+    const keysToRemove = [];
+    for (let i = 0; i < localStorage.length; i++) {
+      const key = localStorage.key(i);
+      if (key && key.startsWith(prefix)) {
+        keysToRemove.push(key);
+      }
+    }
+    keysToRemove.forEach((key) => localStorage.removeItem(key));
+    console.log(`[iframe][Auth] \u2705 Cleared ${keysToRemove.length} authorizations for user ${userId}`);
+  }
+  /**
+   * Get authorization statistics
+   */
+  getStats() {
+    const stats = {
+      total: 0,
+      byUser: {}
+    };
+    for (let i = 0; i < localStorage.length; i++) {
+      const key = localStorage.key(i);
+      if (key && key.startsWith(this.STORAGE_KEY_PREFIX)) {
+        stats.total++;
+        const parts = key.split(".");
+        if (parts.length >= 2) {
+          const userId = parts[1];
+          stats.byUser[userId] = (stats.byUser[userId] || 0) + 1;
+        }
+      }
+    }
+    return stats;
+  }
+};
+
+// src/iframe/main.ts
+var IframeWallet = class {
+  constructor() {
+    console.log("=".repeat(60));
+    console.log("  Lumia Passport Secure Wallet - iframe version 0.1.8");
+    console.log("=".repeat(60));
+    this.messenger = new SecureMessenger();
+    this.sessionManager = new SessionManager();
+    this.dkgManager = new DKGManager();
+    this.signingManager = new SigningManager();
+    this.authManager = new AuthorizationManager();
+    this.storage = new StorageManager();
+    this.trustedApps = new TrustedAppsManager();
+  }
+  async initialize() {
+    console.log("[iframe] Initializing Lumia Passport Secure Wallet...");
+    console.log("[iframe] Origin:", window.location.origin);
+    console.log("[iframe] Expected: auth.lumiapassport.com");
+    if (window.location.hostname !== "localhost" && window.location.hostname !== "127.0.0.1" && !window.location.hostname.includes("lumiapassport.com")) {
+      console.warn("[iframe] \u26A0\uFE0F Running on unexpected origin!");
+    }
+    console.log("[iframe] Loading WASM modules...");
+    await Promise.all([
+      this.dkgManager.initialize(),
+      this.signingManager.initialize()
+    ]);
+    this.messenger.setupListener(async (message, origin) => {
+      await this.handleMessage(message, origin);
+    });
+    this.displayReadyIndicator();
+    if (window.parent !== window) {
+      window.parent.postMessage(
+        {
+          type: "IFRAME_READY",
+          timestamp: Date.now()
+        },
+        "*"
+        // Initial broadcast, will validate origin in subsequent messages
+      );
+    }
+    console.log("[iframe] \u2705 Wallet ready and listening for messages");
+  }
+  async handleMessage(message, origin) {
+    const { type, messageId, projectId } = message;
+    console.log(`[iframe] \u{1F4E8} Message: ${type} from ${origin.substring(0, 30)}...`);
+    try {
+      switch (type) {
+        case "SDK_AUTH":
+          await this.handleSDKAuth(message, origin);
+          break;
+        case "AUTHENTICATE":
+          await this.handleAuthenticate(message, origin);
+          break;
+        case "START_DKG":
+          await this.handleStartDKG(message, origin);
+          break;
+        case "SIGN_TRANSACTION":
+          await this.handleSignTransaction(message, origin);
+          break;
+        case "GET_ADDRESS":
+          await this.handleGetAddress(message, origin);
+          break;
+        case "CHECK_KEYSHARE":
+          await this.handleCheckKeyshare(message, origin);
+          break;
+        case "GET_TRUSTED_APPS":
+          await this.handleGetTrustedApps(message, origin);
+          break;
+        case "REMOVE_TRUSTED_APP":
+          await this.handleRemoveTrustedApp(message, origin);
+          break;
+        default:
+          throw new Error(`Unknown message type: ${type}`);
+      }
+    } catch (error) {
+      console.error(`[iframe] \u274C Error handling ${type}:`, error);
+      this.messenger.sendError(
+        messageId,
+        error instanceof Error ? error.message : "Unknown error",
+        origin
+      );
+    }
+  }
+  async handleSDKAuth(message, origin) {
+    const { projectId } = message.data;
+    const { messageId } = message;
+    console.log(`[iframe] SDK_AUTH: projectId=${projectId}`);
+    if (!origin.startsWith("https://") && !origin.startsWith("http://localhost")) {
+      throw new Error("Only HTTPS origins are allowed (or localhost for dev)");
+    }
+    const sessionToken = this.sessionManager.createSession(projectId, origin);
+    this.messenger.setSessionToken(sessionToken);
+    this.messenger.addAllowedOrigin(origin);
+    this.messenger.sendResponse(
+      messageId,
+      {
+        type: "SDK_AUTH_SUCCESS",
+        sessionToken
+      },
+      origin
+    );
+    console.log(`[iframe] \u2705 SDK authenticated for origin: ${origin.substring(0, 40)}...`);
+  }
+  async handleAuthenticate(message, origin) {
+    const { sessionToken, projectId, userId } = message.data;
+    const { messageId } = message;
+    if (!this.sessionManager.validateSession(sessionToken, origin)) {
+      throw new Error("Invalid session");
+    }
+    console.log(`[iframe] AUTHENTICATE: userId=${userId}, projectId=${projectId}`);
+    const isAuthorized = await this.authManager.checkAuthorization(userId, projectId);
+    if (!isAuthorized) {
+      console.log(`[iframe] Authorization needed for project: ${projectId}`);
+      const projectInfo = {
+        id: projectId,
+        name: "Application",
+        logoUrl: "",
+        website: origin,
+        domains: [origin]
+      };
+      const consent = await this.authManager.requestAuthorization(projectInfo, origin);
+      if (!consent) {
+        throw new Error("User denied authorization");
+      }
+      await this.authManager.storeAuthorization(userId, projectId, origin);
+      console.log(`[iframe] \u2705 Authorization granted: ${userId} -> ${projectId}`);
+    }
+    const address = this.storage.getOwnerAddress(userId);
+    this.messenger.sendResponse(
+      messageId,
+      {
+        type: "AUTH_SUCCESS",
+        userId,
+        address
+      },
+      origin
+    );
+    console.log(`[iframe] \u2705 User authenticated: ${userId}`);
+  }
+  async handleStartDKG(message, origin) {
+    const { sessionToken, userId, projectId, accessToken } = message.data;
+    const { messageId } = message;
+    if (!this.sessionManager.validateSession(sessionToken, origin)) {
+      throw new Error("Invalid session");
+    }
+    const isAuthorized = await this.authManager.checkAuthorization(userId, projectId);
+    if (!isAuthorized) {
+      throw new Error("User has not authorized this application");
+    }
+    console.log(`[iframe] START_DKG: userId=${userId}, projectId=${projectId}, hasToken=${!!accessToken}`);
+    this.displayLoadingIndicator("Generating secure keys...");
+    try {
+      const result = await this.dkgManager.performDKG(userId, projectId, accessToken);
+      this.storage.saveKeyshare(userId, {
+        keyshare_b64: result.keyshare.keyshare_b64,
+        ownerAddress: result.ownerAddress,
+        sessionId: result.sessionId
+      });
+      this.hideLoadingIndicator();
+      this.messenger.sendResponse(
+        messageId,
+        {
+          type: "DKG_SUCCESS",
+          ownerAddress: result.ownerAddress
+        },
+        origin
+      );
+      console.log(`[iframe] \u2705 DKG completed: ${result.ownerAddress}`);
+    } catch (error) {
+      this.hideLoadingIndicator();
+      throw error;
+    }
+  }
+  async handleSignTransaction(message, origin) {
+    const { sessionToken, userId, projectId, transaction, accessToken } = message.data;
+    const { messageId } = message;
+    if (!this.sessionManager.validateSession(sessionToken, origin)) {
+      throw new Error("Invalid session");
+    }
+    const isAuthorized = await this.authManager.checkAuthorization(userId, projectId);
+    if (!isAuthorized) {
+      throw new Error("User has not authorized this application");
+    }
+    console.log(`[iframe] SIGN_TRANSACTION: userId=${userId}, hasAccessToken=${!!accessToken}`);
+    try {
+      const signature = await this.signingManager.signTransaction(
+        userId,
+        projectId,
+        origin,
+        transaction,
+        accessToken
+      );
+      this.messenger.sendResponse(
+        messageId,
+        {
+          type: "SIGNATURE",
+          signature
+        },
+        origin
+      );
+      console.log(`[iframe] \u2705 Transaction signed`);
+    } catch (error) {
+      console.error("[iframe] Signing failed:", error);
+      throw error;
+    }
+  }
+  async handleGetAddress(message, origin) {
+    const { sessionToken, userId } = message.data;
+    const { messageId } = message;
+    if (!this.sessionManager.validateSession(sessionToken, origin)) {
+      throw new Error("Invalid session");
+    }
+    const address = this.storage.getOwnerAddress(userId);
+    this.messenger.sendResponse(
+      messageId,
+      {
+        type: "ADDRESS",
+        address
+      },
+      origin
+    );
+  }
+  async handleCheckKeyshare(message, origin) {
+    const { sessionToken, userId } = message.data;
+    const { messageId } = message;
+    if (!this.sessionManager.validateSession(sessionToken, origin)) {
+      throw new Error("Invalid session");
+    }
+    const hasKeyshare = this.storage.hasKeyshare(userId);
+    const address = hasKeyshare ? this.storage.getOwnerAddress(userId) : void 0;
+    this.messenger.sendResponse(
+      messageId,
+      {
+        type: "KEYSHARE_STATUS",
+        hasKeyshare,
+        address
+      },
+      origin
+    );
+  }
+  async handleGetTrustedApps(message, origin) {
+    const { sessionToken, userId } = message.data;
+    const { messageId } = message;
+    console.log(`[iframe] GET_TRUSTED_APPS: userId=${userId}, sessionToken=${sessionToken ? "present" : "missing"}`);
+    if (!this.sessionManager.validateSession(sessionToken, origin)) {
+      console.error("[iframe] GET_TRUSTED_APPS: Session validation failed");
+      throw new Error("Invalid session");
+    }
+    console.log("[iframe] GET_TRUSTED_APPS: Session validated, fetching apps...");
+    const trustedApps = this.trustedApps.getTrustedAppsForUser(userId);
+    console.log(`[iframe] GET_TRUSTED_APPS: Found ${trustedApps.length} trusted apps`);
+    this.messenger.sendResponse(
+      messageId,
+      {
+        type: "TRUSTED_APPS_LIST",
+        apps: trustedApps
+      },
+      origin
+    );
+    console.log(`[iframe] \u2705 GET_TRUSTED_APPS: Response sent with ${trustedApps.length} apps`);
+  }
+  async handleRemoveTrustedApp(message, origin) {
+    const { sessionToken, userId, projectId, appOrigin } = message.data;
+    const { messageId } = message;
+    console.log(`[iframe] REMOVE_TRUSTED_APP: userId=${userId}, projectId=${projectId}, origin=${appOrigin}`);
+    if (!this.sessionManager.validateSession(sessionToken, origin)) {
+      console.error("[iframe] REMOVE_TRUSTED_APP: Session validation failed");
+      throw new Error("Invalid session");
+    }
+    console.log("[iframe] REMOVE_TRUSTED_APP: Session validated, removing app...");
+    this.trustedApps.removeTrustedApp(userId, projectId, appOrigin);
+    this.messenger.sendResponse(
+      messageId,
+      {
+        type: "TRUSTED_APP_REMOVED",
+        success: true
+      },
+      origin
+    );
+    console.log(`[iframe] \u2705 REMOVE_TRUSTED_APP: App removed`);
+  }
+  displayReadyIndicator() {
+    const app = document.getElementById("app");
+    if (!app) return;
+    app.innerHTML = `
+      <div class="ready-indicator">
+        <div class="status-icon">\u{1F512}</div>
+        <h2>Secure Wallet Ready</h2>
+        <p>Lumia Passport is ready for secure operations</p>
+        <div class="info">
+          <div class="info-row">
+            <strong>Origin:</strong>
+            <span>${window.location.origin}</span>
+          </div>
+          <div class="info-row">
+            <strong>Status:</strong>
+            <span class="status-active">Active</span>
+          </div>
+        </div>
+      </div>
+    `;
+  }
+  displayLoadingIndicator(message) {
+    const app = document.getElementById("app");
+    if (!app) return;
+    app.innerHTML = `
+      <div class="loading-indicator">
+        <div class="spinner"></div>
+        <p>${message}</p>
+      </div>
+    `;
+  }
+  hideLoadingIndicator() {
+    this.displayReadyIndicator();
+  }
+};
+function initWallet() {
+  const wallet = new IframeWallet();
+  wallet.initialize().catch((error) => {
+    console.error("[iframe] \u274C Failed to initialize:", error);
+    const app = document.getElementById("app");
+    if (app) {
+      app.innerHTML = `
+        <div class="error-indicator">
+          <div class="error-icon">\u274C</div>
+          <h2>Initialization Failed</h2>
+          <p>${error instanceof Error ? error.message : "Unknown error"}</p>
+        </div>
+      `;
+    }
+  });
+}
+if (document.readyState === "loading") {
+  document.addEventListener("DOMContentLoaded", initWallet);
+} else {
+  initWallet();
+}
+/*! Bundled license information:
+
+@noble/hashes/esm/utils.js:
+  (*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
+*/
+//# sourceMappingURL=main.js.map