npm - @lumiapassport/ui-kit - Versions diffs - 1.8.0 → 1.9.0 - Mend

@lumiapassport/ui-kit 1.8.0 → 1.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/README.md CHANGED Viewed

@@ -340,6 +340,62 @@ function DirectTransactionExample() {
 - ✅ Use `useSendTransaction()` hook for React components (automatic session management)
 - ✅ Use `sendUserOperation()` function for custom logic, utility functions, or non-React code
+### deployAccount - Deploy Smart Account (Optional)
+Deploy the smart account contract immediately after registration. This is **optional** - accounts are automatically deployed on first transaction.
+**Smart behavior:** Automatically checks if account is already deployed and skips transaction to save gas.
+```tsx
+import { deployAccount, useLumiaPassportSession } from '@lumiapassport/ui-kit';
+function DeployAccountExample() {
+  const { session } = useLumiaPassportSession();
+  const handleDeploy = async () => {
+    if (!session) return;
+    try {
+      // Deploy account with minimal gas cost (skips if already deployed)
+      const userOpHash = await deployAccount(session, 'economy');
+      if (userOpHash) {
+        console.log('Account deployed:', userOpHash);
+      } else {
+        console.log('Account already deployed, skipped');
+      }
+    } catch (error) {
+      console.error('Deployment failed:', error);
+    }
+  };
+  return <button onClick={handleDeploy}>Deploy Account</button>;
+}
+```
+**Return values:**
+- Returns `userOpHash` (string) - if deployment was needed and executed
+- Returns `null` - if account already deployed (saves gas)
+**Advanced usage:**
+```tsx
+// Force deployment even if already deployed (not recommended)
+const hash = await deployAccount(session, 'economy', { force: true });
+```
+**Why use this?**
+- ✅ **Pre-deploy** account before first real transaction
+- ✅ **No user consent** required (safe minimal operation)
+- ✅ **Cleaner UX** - separate deployment from first payment
+- ✅ **Smart gas savings** - auto-skips if already deployed
+- ⚠️ **Optional** - accounts auto-deploy on first transaction anyway
+**How it works:**
+1. Checks if smart account contract exists on-chain
+2. If exists: returns `null` immediately (no gas cost)
+3. If not exists: sends minimal UserOperation (`to=0x0, value=0, data=0x`)
+4. Factory deploys contract without user confirmation
 ### signTypedData - Sign EIP712 Structured Messages
 Sign structured data according to [EIP-712](https://eips.ethereum.org/EIPS/eip-712) standard. This is commonly used for off-chain signatures in dApps (e.g., NFT marketplace orders, gasless transactions, permit signatures).

package/dist/iframe/index.html CHANGED Viewed

@@ -15,7 +15,7 @@
     <meta http-equiv="X-Content-Type-Options" content="nosniff" />
     <meta http-equiv="Referrer-Policy" content="strict-origin-when-cross-origin" />
-    <title>Lumia Passport Secure Wallet - iframe version 1.8.0</title>
+    <title>Lumia Passport Secure Wallet - iframe version 1.9.0</title>
     <!-- Styles will be injected by build process -->
     <style>

package/dist/iframe/main.js CHANGED Viewed

@@ -1085,7 +1085,6 @@ async function uploadShareToVault(encryptedShare, accessToken) {
       "Authorization": `Bearer ${token}`,
       "Idempotency-Key": idempotencyKey
     },
-    credentials: "include",
     body: JSON.stringify(encryptedShare)
   });
   if (!response.ok) {
@@ -1110,8 +1109,7 @@ async function downloadShareFromVault(accessToken) {
       "Authorization": `Bearer ${token}`,
       "X-Client-Device-Id": "lumia-ui-kit",
       "X-Client-Device-Name": "Lumia UI Kit"
-    },
-    credentials: "include"
+    }
   });
   if (!response.ok) {
     if (response.status === 404) {
@@ -2620,6 +2618,34 @@ var SigningManager = class extends TokenRefreshApiClient {
       throw new Error("Failed to initialize signing WASM module");
     }
   }
+  /**
+   * Check if transaction is a minimal safe operation (account deployment)
+   *
+   * Minimal operations are safe to auto-approve without user consent:
+   * - to: 0x0000000000000000000000000000000000000000 (burn address)
+   * - value: 0 (no funds transfer)
+   * - data: 0x (no contract call)
+   *
+   * This is used for smart account deployment without spending any funds.
+   */
+  isMinimalSafeOperation(transaction) {
+    const ZERO_ADDRESS = "0x0000000000000000000000000000000000000000";
+    const ZERO_VALUE = "0";
+    const EMPTY_DATA = "0x";
+    const to = transaction.to?.toLowerCase();
+    const value = transaction.value?.toString() || "0";
+    const data = transaction.data?.toLowerCase() || "0x";
+    const isMinimal = to === ZERO_ADDRESS.toLowerCase() && (value === ZERO_VALUE || value === "0x0") && (data === EMPTY_DATA || data === "0x0");
+    if (isMinimal) {
+      console.log("[iframe][Sign] Detected minimal safe operation:", {
+        to,
+        value,
+        data,
+        reason: "Account deployment - no funds at risk"
+      });
+    }
+    return isMinimal;
+  }
   /**
    * Fetch project metadata from public API (with caching)
    */
@@ -2631,9 +2657,7 @@ var SigningManager = class extends TokenRefreshApiClient {
       return cached.data;
     }
     try {
-      const response = await fetch(`${this.METADATA_API_URL}/${projectId}/metadata`, {
-        credentials: "include"
-      });
+      const response = await fetch(`${this.METADATA_API_URL}/${projectId}/metadata`);
       if (!response.ok) {
         console.warn(`[iframe][Sign] Failed to fetch project metadata: ${response.status}`);
         return null;
@@ -2668,8 +2692,9 @@ var SigningManager = class extends TokenRefreshApiClient {
       website: origin,
       domains: [origin]
     };
+    const isMinimalOperation = this.isMinimalSafeOperation(transaction);
     const isTrusted = this.trustedApps.isTrusted(userId, projectId, origin);
-    if (!isTrusted) {
+    if (!isTrusted && !isMinimalOperation) {
       const risk = await this.assessRisk(transaction);
       const confirmResult = await this.showConfirmationDialog(
         userId,
@@ -2685,6 +2710,8 @@ var SigningManager = class extends TokenRefreshApiClient {
       if (confirmResult.trustApp) {
         this.trustedApps.addTrustedApp(userId, projectId, origin);
       }
+    } else if (isMinimalOperation) {
+      console.log("[iframe][Sign] Auto-approving minimal safe operation (account deployment)");
     }
     const digest32 = transaction.digest32 || this.computeTransactionHash(transaction);
     const signature = await this.performMPCSigning(userId, keyshareData, digest32, projectId, accessToken);
@@ -3191,9 +3218,7 @@ var AuthorizationManager = class {
       return cached.data;
     }
     try {
-      const response = await fetch(`${this.METADATA_API_URL}/${projectId}/metadata`, {
-        credentials: "include"
-      });
+      const response = await fetch(`${this.METADATA_API_URL}/${projectId}/metadata`);
       if (!response.ok) {
         console.warn(`[iframe][Auth] Failed to fetch project metadata: ${response.status}`);
         return null;
@@ -3930,7 +3955,7 @@ var BackupManager = class {
 };
 // src/iframe/main.ts
-var IFRAME_VERSION = "1.8.0";
+var IFRAME_VERSION = "1.9.0";
 var IframeWallet = class {
   constructor() {
     console.log("=".repeat(60));