@meshconnect/uwc-core 1.0.1-snapshot.c7e65ce → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (76) hide show
  1. package/README.md +66 -211
  2. package/dist/events.d.ts +2 -69
  3. package/dist/events.d.ts.map +1 -1
  4. package/dist/events.js +1 -40
  5. package/dist/events.js.map +1 -1
  6. package/dist/index.d.ts +0 -2
  7. package/dist/index.d.ts.map +1 -1
  8. package/dist/index.js +0 -1
  9. package/dist/index.js.map +1 -1
  10. package/dist/managers/event-manager.d.ts.map +1 -1
  11. package/dist/managers/event-manager.js +1 -5
  12. package/dist/managers/event-manager.js.map +1 -1
  13. package/dist/services/connection-service.d.ts +1 -2
  14. package/dist/services/connection-service.d.ts.map +1 -1
  15. package/dist/services/connection-service.js +15 -35
  16. package/dist/services/connection-service.js.map +1 -1
  17. package/dist/services/network-switch-service.d.ts +1 -2
  18. package/dist/services/network-switch-service.d.ts.map +1 -1
  19. package/dist/services/network-switch-service.js +15 -33
  20. package/dist/services/network-switch-service.js.map +1 -1
  21. package/dist/universal-wallet-connector.d.ts +2 -51
  22. package/dist/universal-wallet-connector.d.ts.map +1 -1
  23. package/dist/universal-wallet-connector.js +61 -163
  24. package/dist/universal-wallet-connector.js.map +1 -1
  25. package/package.json +5 -5
  26. package/src/events.ts +1 -114
  27. package/src/index.ts +0 -6
  28. package/src/managers/event-manager.test.ts +0 -25
  29. package/src/managers/event-manager.ts +1 -5
  30. package/src/services/connection-service.test.ts +1 -66
  31. package/src/services/connection-service.ts +32 -54
  32. package/src/services/network-switch-service.test.ts +1 -51
  33. package/src/services/network-switch-service.ts +23 -43
  34. package/src/universal-wallet-connector.ts +71 -244
  35. package/dist/logger/create-logger.d.ts +0 -32
  36. package/dist/logger/create-logger.d.ts.map +0 -1
  37. package/dist/logger/create-logger.js +0 -69
  38. package/dist/logger/create-logger.js.map +0 -1
  39. package/dist/observability/connect-observer.d.ts +0 -22
  40. package/dist/observability/connect-observer.d.ts.map +0 -1
  41. package/dist/observability/connect-observer.js +0 -60
  42. package/dist/observability/connect-observer.js.map +0 -1
  43. package/dist/observability/instrument-handoff.d.ts +0 -39
  44. package/dist/observability/instrument-handoff.d.ts.map +0 -1
  45. package/dist/observability/instrument-handoff.js +0 -86
  46. package/dist/observability/instrument-handoff.js.map +0 -1
  47. package/dist/observability/scrub.d.ts +0 -30
  48. package/dist/observability/scrub.d.ts.map +0 -1
  49. package/dist/observability/scrub.js +0 -135
  50. package/dist/observability/scrub.js.map +0 -1
  51. package/dist/observability/telemetry.d.ts +0 -77
  52. package/dist/observability/telemetry.d.ts.map +0 -1
  53. package/dist/observability/telemetry.js +0 -138
  54. package/dist/observability/telemetry.js.map +0 -1
  55. package/dist/utils/id.d.ts +0 -2
  56. package/dist/utils/id.d.ts.map +0 -1
  57. package/dist/utils/id.js +0 -41
  58. package/dist/utils/id.js.map +0 -1
  59. package/dist/utils/to-wallet-error.d.ts +0 -16
  60. package/dist/utils/to-wallet-error.d.ts.map +0 -1
  61. package/dist/utils/to-wallet-error.js +0 -33
  62. package/dist/utils/to-wallet-error.js.map +0 -1
  63. package/src/logger/create-logger.test.ts +0 -111
  64. package/src/logger/create-logger.ts +0 -101
  65. package/src/observability/connect-observer.test.ts +0 -100
  66. package/src/observability/connect-observer.ts +0 -71
  67. package/src/observability/instrument-handoff.test.ts +0 -150
  68. package/src/observability/instrument-handoff.ts +0 -122
  69. package/src/observability/scrub.test.ts +0 -109
  70. package/src/observability/scrub.ts +0 -142
  71. package/src/observability/telemetry.test.ts +0 -134
  72. package/src/observability/telemetry.ts +0 -211
  73. package/src/universal-wallet-connector.observability.test.ts +0 -265
  74. package/src/utils/id.test.ts +0 -15
  75. package/src/utils/id.ts +0 -48
  76. package/src/utils/to-wallet-error.ts +0 -36
@@ -1,39 +0,0 @@
1
- import type { ConnectionMode, Namespace, NetworkId } from '@meshconnect/uwc-types';
2
- import type { EventManager } from '../managers/event-manager';
3
- import type { UWCOperation } from '../events';
4
- /** Routing facets known at the moment of a wallet handoff. No address, no payload. */
5
- export interface HandoffContext {
6
- operation: UWCOperation;
7
- connectionMode: ConnectionMode;
8
- walletId?: string | undefined;
9
- namespace?: Namespace | undefined;
10
- chainId?: NetworkId | undefined;
11
- }
12
- export interface InstrumentHandoffOptions {
13
- eventManager: EventManager;
14
- /**
15
- * Deadline after which `walletTimedOut` fires as a SIDE marker (never rejects).
16
- * `0` disables the marker. `tonConnect` is always skipped — TON bounds its own
17
- * wallet response internally, so a second observational timer would be noise.
18
- */
19
- timeoutMs: number;
20
- /** Clock injectable for deterministic tests. */
21
- now?: () => number;
22
- }
23
- /**
24
- * Instrument one wallet-boundary op so the blind window is measured.
25
- *
26
- * Emits `awaitingWallet` immediately (before the await that hands control to the
27
- * wallet), then exactly one terminal — `walletSucceeded` (success),
28
- * `walletRejected` (explicit user no), or `walletFailed` (any other error) — all
29
- * carrying the same `handoffId` and a `durationMs`. An intentional abort emits no
30
- * terminal (the caller cancelled; it isn't a wallet outcome).
31
- *
32
- * A non-cancelling `walletTimedOut` marker fires if the deadline passes while the
33
- * op is still pending; it is cleared the instant the op settles, so a fast op
34
- * never false-fires it, and it NEVER rejects/aborts/mutates state — the wrapped
35
- * promise stays the single terminal source of truth. This is a deliberate
36
- * deviation from TON's cancelling `withWalletResponseTimeout`.
37
- */
38
- export declare function instrumentHandoff<T>(options: InstrumentHandoffOptions, context: HandoffContext, fn: () => Promise<T>): Promise<T>;
39
- //# sourceMappingURL=instrument-handoff.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"instrument-handoff.d.ts","sourceRoot":"","sources":["../../src/observability/instrument-handoff.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,cAAc,EACd,SAAS,EACT,SAAS,EACV,MAAM,wBAAwB,CAAA;AAC/B,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAA;AAC7D,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,WAAW,CAAA;AAS7C,sFAAsF;AACtF,MAAM,WAAW,cAAc;IAC7B,SAAS,EAAE,YAAY,CAAA;IACvB,cAAc,EAAE,cAAc,CAAA;IAC9B,QAAQ,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IAC7B,SAAS,CAAC,EAAE,SAAS,GAAG,SAAS,CAAA;IACjC,OAAO,CAAC,EAAE,SAAS,GAAG,SAAS,CAAA;CAChC;AAED,MAAM,WAAW,wBAAwB;IACvC,YAAY,EAAE,YAAY,CAAA;IAC1B;;;;OAIG;IACH,SAAS,EAAE,MAAM,CAAA;IACjB,gDAAgD;IAChD,GAAG,CAAC,EAAE,MAAM,MAAM,CAAA;CACnB;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,iBAAiB,CAAC,CAAC,EACvC,OAAO,EAAE,wBAAwB,EACjC,OAAO,EAAE,cAAc,EACvB,EAAE,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,GACnB,OAAO,CAAC,CAAC,CAAC,CAkEZ"}
@@ -1,86 +0,0 @@
1
- import { generateId } from '../utils/id';
2
- import { isAbortError, isUserRejection, toWalletError } from '../utils/to-wallet-error';
3
- import { derivePlatform, deriveWalletFlowType } from './telemetry';
4
- /**
5
- * Instrument one wallet-boundary op so the blind window is measured.
6
- *
7
- * Emits `awaitingWallet` immediately (before the await that hands control to the
8
- * wallet), then exactly one terminal — `walletSucceeded` (success),
9
- * `walletRejected` (explicit user no), or `walletFailed` (any other error) — all
10
- * carrying the same `handoffId` and a `durationMs`. An intentional abort emits no
11
- * terminal (the caller cancelled; it isn't a wallet outcome).
12
- *
13
- * A non-cancelling `walletTimedOut` marker fires if the deadline passes while the
14
- * op is still pending; it is cleared the instant the op settles, so a fast op
15
- * never false-fires it, and it NEVER rejects/aborts/mutates state — the wrapped
16
- * promise stays the single terminal source of truth. This is a deliberate
17
- * deviation from TON's cancelling `withWalletResponseTimeout`.
18
- */
19
- export async function instrumentHandoff(options, context, fn) {
20
- const { eventManager, timeoutMs } = options;
21
- const now = options.now ?? Date.now;
22
- const handoffId = generateId();
23
- const platform = derivePlatform();
24
- const start = now();
25
- eventManager.emit('awaitingWallet', {
26
- operation: context.operation,
27
- connectionMode: context.connectionMode,
28
- walletId: context.walletId,
29
- namespace: context.namespace,
30
- chainId: context.chainId,
31
- handoffId,
32
- walletFlowType: deriveWalletFlowType(context.connectionMode, platform),
33
- platform,
34
- timestamp: start
35
- });
36
- const shouldTime = timeoutMs > 0 && context.connectionMode !== 'tonConnect';
37
- const timer = shouldTime
38
- ? setTimeout(() => {
39
- eventManager.emit('walletTimedOut', {
40
- handoffId,
41
- operation: context.operation,
42
- durationMs: now() - start
43
- });
44
- }, timeoutMs)
45
- : undefined;
46
- try {
47
- const result = await fn();
48
- eventManager.emit('walletSucceeded', {
49
- handoffId,
50
- operation: context.operation,
51
- durationMs: now() - start
52
- });
53
- return result;
54
- }
55
- catch (error) {
56
- // Caller-driven cancellation isn't a wallet outcome — leave it unterminated,
57
- // mirroring the façade's `emitError` AbortError skip. Checked BEFORE rejection
58
- // is safe: real user rejections surface as WalletConnectorError{rejected} or
59
- // EIP-1193 4001 (see isUserRejection), never as an AbortError — within UWC's
60
- // dependency surface AbortError is produced only by the caller's AbortSignal.
61
- if (isAbortError(error))
62
- throw error;
63
- const durationMs = now() - start;
64
- if (isUserRejection(error)) {
65
- eventManager.emit('walletRejected', {
66
- handoffId,
67
- operation: context.operation,
68
- durationMs
69
- });
70
- }
71
- else {
72
- eventManager.emit('walletFailed', {
73
- handoffId,
74
- operation: context.operation,
75
- durationMs,
76
- error: toWalletError(error)
77
- });
78
- }
79
- throw error;
80
- }
81
- finally {
82
- if (timer)
83
- clearTimeout(timer);
84
- }
85
- }
86
- //# sourceMappingURL=instrument-handoff.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"instrument-handoff.js","sourceRoot":"","sources":["../../src/observability/instrument-handoff.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AACxC,OAAO,EACL,YAAY,EACZ,eAAe,EACf,aAAa,EACd,MAAM,0BAA0B,CAAA;AACjC,OAAO,EAAE,cAAc,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAA;AAuBlE;;;;;;;;;;;;;;GAcG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,OAAiC,EACjC,OAAuB,EACvB,EAAoB;IAEpB,MAAM,EAAE,YAAY,EAAE,SAAS,EAAE,GAAG,OAAO,CAAA;IAC3C,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,CAAA;IAEnC,MAAM,SAAS,GAAG,UAAU,EAAE,CAAA;IAC9B,MAAM,QAAQ,GAAG,cAAc,EAAE,CAAA;IACjC,MAAM,KAAK,GAAG,GAAG,EAAE,CAAA;IAEnB,YAAY,CAAC,IAAI,CAAC,gBAAgB,EAAE;QAClC,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,cAAc,EAAE,OAAO,CAAC,cAAc;QACtC,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,SAAS;QACT,cAAc,EAAE,oBAAoB,CAAC,OAAO,CAAC,cAAc,EAAE,QAAQ,CAAC;QACtE,QAAQ;QACR,SAAS,EAAE,KAAK;KACjB,CAAC,CAAA;IAEF,MAAM,UAAU,GAAG,SAAS,GAAG,CAAC,IAAI,OAAO,CAAC,cAAc,KAAK,YAAY,CAAA;IAC3E,MAAM,KAAK,GAA8C,UAAU;QACjE,CAAC,CAAC,UAAU,CAAC,GAAG,EAAE;YACd,YAAY,CAAC,IAAI,CAAC,gBAAgB,EAAE;gBAClC,SAAS;gBACT,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,UAAU,EAAE,GAAG,EAAE,GAAG,KAAK;aAC1B,CAAC,CAAA;QACJ,CAAC,EAAE,SAAS,CAAC;QACf,CAAC,CAAC,SAAS,CAAA;IAEb,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,EAAE,EAAE,CAAA;QACzB,YAAY,CAAC,IAAI,CAAC,iBAAiB,EAAE;YACnC,SAAS;YACT,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,UAAU,EAAE,GAAG,EAAE,GAAG,KAAK;SAC1B,CAAC,CAAA;QACF,OAAO,MAAM,CAAA;IACf,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,6EAA6E;QAC7E,+EAA+E;QAC/E,6EAA6E;QAC7E,6EAA6E;QAC7E,8EAA8E;QAC9E,IAAI,YAAY,CAAC,KAAK,CAAC;YAAE,MAAM,KAAK,CAAA;QAEpC,MAAM,UAAU,GAAG,GAAG,EAAE,GAAG,KAAK,CAAA;QAChC,IAAI,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC;YAC3B,YAAY,CAAC,IAAI,CAAC,gBAAgB,EAAE;gBAClC,SAAS;gBACT,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,UAAU;aACX,CAAC,CAAA;QACJ,CAAC;aAAM,CAAC;YACN,YAAY,CAAC,IAAI,CAAC,cAAc,EAAE;gBAChC,SAAS;gBACT,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,UAAU;gBACV,KAAK,EAAE,aAAa,CAAC,KAAK,CAAC;aAC5B,CAAC,CAAA;QACJ,CAAC;QACD,MAAM,KAAK,CAAA;IACb,CAAC;YAAS,CAAC;QACT,IAAI,KAAK;YAAE,YAAY,CAAC,KAAK,CAAC,CAAA;IAChC,CAAC;AACH,CAAC"}
@@ -1,30 +0,0 @@
1
- /**
2
- * PII / secret scrubber for data leaving UWC through the observer seam.
3
- *
4
- * Security-first: the normalized `UWCTelemetryEvent` excludes signing payloads
5
- * and addresses by construction — its STRUCTURED fields have no slot for them
6
- * (§ telemetry.ts). This scrubber is the second line of defence for the two
7
- * surfaces that CAN still carry free-form data on the observer path: the
8
- * `WalletError.message` forwarded to `observer.onEvent`, and the `args` forwarded
9
- * to `observer.onLog`. (The console / custom-logger sink receives raw data — it's
10
- * local, not egress.)
11
- *
12
- * Two detection layers:
13
- * - KEY-based redaction of sensitive object keys — substring match (not regex),
14
- * avoiding the ReDoS class that Wiz flags on user-input regexes.
15
- * - CONTENT-based redaction of secrets embedded in free-form strings (hex blobs,
16
- * secret k/v params, bearer tokens) — via linear, single-quantifier regexes
17
- * (see SECRET_CONTENT_PATTERNS) that carry no catastrophic-backtracking risk.
18
- */
19
- /**
20
- * Recursively copy `value`, redacting sensitive object-keys, capping long
21
- * strings, and rendering non-serializable values inert. The returned objects use
22
- * a null prototype so a malicious `__proto__`/`constructor` key in attacker-shaped
23
- * input can't pollute `Object.prototype` downstream.
24
- */
25
- export declare function scrubValue(value: unknown, depth?: number): unknown;
26
- /** Scrub a free-form error message (string in → capped string out). */
27
- export declare function scrubMessage(message: string): string;
28
- /** Scrub a variadic `args` array before it reaches `observer.onLog`. */
29
- export declare function scrubArgs(args: unknown[]): unknown[];
30
- //# sourceMappingURL=scrub.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"scrub.d.ts","sourceRoot":"","sources":["../../src/observability/scrub.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAyEH;;;;;GAKG;AACH,wBAAgB,UAAU,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,SAAI,GAAG,OAAO,CAmC7D;AAED,uEAAuE;AACvE,wBAAgB,YAAY,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAEpD;AAED,wEAAwE;AACxE,wBAAgB,SAAS,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,OAAO,EAAE,CAEpD"}
@@ -1,135 +0,0 @@
1
- /**
2
- * PII / secret scrubber for data leaving UWC through the observer seam.
3
- *
4
- * Security-first: the normalized `UWCTelemetryEvent` excludes signing payloads
5
- * and addresses by construction — its STRUCTURED fields have no slot for them
6
- * (§ telemetry.ts). This scrubber is the second line of defence for the two
7
- * surfaces that CAN still carry free-form data on the observer path: the
8
- * `WalletError.message` forwarded to `observer.onEvent`, and the `args` forwarded
9
- * to `observer.onLog`. (The console / custom-logger sink receives raw data — it's
10
- * local, not egress.)
11
- *
12
- * Two detection layers:
13
- * - KEY-based redaction of sensitive object keys — substring match (not regex),
14
- * avoiding the ReDoS class that Wiz flags on user-input regexes.
15
- * - CONTENT-based redaction of secrets embedded in free-form strings (hex blobs,
16
- * secret k/v params, bearer tokens) — via linear, single-quantifier regexes
17
- * (see SECRET_CONTENT_PATTERNS) that carry no catastrophic-backtracking risk.
18
- */
19
- /**
20
- * Separator-free, lower-cased fragments that mark a value as sensitive. Keys are
21
- * normalized (separators stripped) before matching, so `walletPrivateKey`,
22
- * `private_key`, `x-api-key`, and `authToken` all hit the same short list. This
23
- * over-redacts by design (a `security`-first scrubber prefers a false redaction
24
- * to a leak).
25
- */
26
- const SENSITIVE_KEY_FRAGMENTS = [
27
- 'seed',
28
- 'mnemonic',
29
- 'privatekey',
30
- 'secret',
31
- 'password',
32
- 'passphrase',
33
- 'signature',
34
- 'message',
35
- 'payload',
36
- 'token',
37
- 'apikey',
38
- 'authorization',
39
- 'auth'
40
- ];
41
- const MAX_STRING_LENGTH = 500;
42
- const MAX_DEPTH = 4;
43
- const REDACTED = '[Redacted]';
44
- function isSensitiveKey(key) {
45
- // Strip separators so `private_key` / `x-api-key` normalize to the bare form.
46
- const normalized = key.toLowerCase().split('-').join('').split('_').join('');
47
- return SENSITIVE_KEY_FRAGMENTS.some(fragment => normalized.includes(fragment));
48
- }
49
- // Content patterns for secrets embedded in FREE-FORM strings (error messages,
50
- // log args) where key-based redaction can't reach. All are linear, anchored,
51
- // single-quantifier expressions — no nested/overlapping quantifiers — so they
52
- // carry no catastrophic-backtracking (ReDoS) risk on attacker-controlled input.
53
- const SECRET_CONTENT_PATTERNS = [
54
- // 0x-prefixed hex blobs: EVM addresses (40 nibbles) and longer
55
- // signatures/keys/hashes/calldata (64+). Over-redacts public hashes by design.
56
- [/0x[a-fA-F0-9]{40,}/g, '0x[redacted-hex]'],
57
- // `secret=…` / `token=…` / `key=…` query-string or k/v fragments.
58
- [
59
- /\b(token|key|secret|auth|sig|signature|password|passphrase|mnemonic|seed|apikey)=[^\s&"']+/gi,
60
- '$1=[redacted]'
61
- ],
62
- // `Bearer <opaque>` / `Basic <opaque>` authorization values.
63
- [/\b(bearer|basic)\s+[A-Za-z0-9._~+/-]+=*/gi, '$1 [redacted]']
64
- ];
65
- /**
66
- * Redact secrets that live INSIDE a free-form string. Best-effort and
67
- * deliberately conservative toward over-redaction: a wallet error string can
68
- * embed an address, a reverted-tx calldata blob, or a URL with a token, none of
69
- * which key-based redaction sees. Two documented best-effort gaps, both left
70
- * unmatched to avoid destroying legitimate data:
71
- * - Base58 (Solana) / TON `EQ…` addresses — indistinguishable from ordinary
72
- * words without false positives.
73
- * - BARE (non-`0x`) hex blobs — a raw 64-char hex string is far more often a
74
- * legitimate id/hash than a secret, so only `0x`-prefixed hex is redacted.
75
- * Structured telemetry fields never carry addresses regardless (see telemetry.ts);
76
- * this pass only hardens the free-form `error.message` / log-arg surface.
77
- */
78
- function redactSecretsInString(input) {
79
- let out = input;
80
- for (const [pattern, replacement] of SECRET_CONTENT_PATTERNS) {
81
- out = out.replace(pattern, replacement);
82
- }
83
- return out;
84
- }
85
- /**
86
- * Recursively copy `value`, redacting sensitive object-keys, capping long
87
- * strings, and rendering non-serializable values inert. The returned objects use
88
- * a null prototype so a malicious `__proto__`/`constructor` key in attacker-shaped
89
- * input can't pollute `Object.prototype` downstream.
90
- */
91
- export function scrubValue(value, depth = 0) {
92
- if (depth > MAX_DEPTH)
93
- return '[Truncated: max depth]';
94
- if (value === null || value === undefined)
95
- return value;
96
- const type = typeof value;
97
- if (type === 'string') {
98
- // Redact embedded secrets BEFORE capping, so the cap can't slice a pattern
99
- // in half and leak its tail.
100
- const str = redactSecretsInString(value);
101
- return str.length > MAX_STRING_LENGTH
102
- ? str.slice(0, MAX_STRING_LENGTH) + '…[truncated]'
103
- : str;
104
- }
105
- if (type === 'number' || type === 'boolean')
106
- return value;
107
- if (type === 'bigint')
108
- return value.toString();
109
- if (type === 'function' || type === 'symbol')
110
- return `[${type}]`;
111
- if (Array.isArray(value)) {
112
- return value.map(item => scrubValue(item, depth + 1));
113
- }
114
- if (type === 'object') {
115
- // Error instances carry a useful message but also a stack we don't want.
116
- if (value instanceof Error) {
117
- return { name: value.name, message: scrubValue(value.message, depth + 1) };
118
- }
119
- const out = Object.create(null);
120
- for (const [key, val] of Object.entries(value)) {
121
- out[key] = isSensitiveKey(key) ? REDACTED : scrubValue(val, depth + 1);
122
- }
123
- return out;
124
- }
125
- return '[Unserializable]';
126
- }
127
- /** Scrub a free-form error message (string in → capped string out). */
128
- export function scrubMessage(message) {
129
- return scrubValue(message);
130
- }
131
- /** Scrub a variadic `args` array before it reaches `observer.onLog`. */
132
- export function scrubArgs(args) {
133
- return args.map(arg => scrubValue(arg));
134
- }
135
- //# sourceMappingURL=scrub.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"scrub.js","sourceRoot":"","sources":["../../src/observability/scrub.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH;;;;;;GAMG;AACH,MAAM,uBAAuB,GAAG;IAC9B,MAAM;IACN,UAAU;IACV,YAAY;IACZ,QAAQ;IACR,UAAU;IACV,YAAY;IACZ,WAAW;IACX,SAAS;IACT,SAAS;IACT,OAAO;IACP,QAAQ;IACR,eAAe;IACf,MAAM;CACP,CAAA;AAED,MAAM,iBAAiB,GAAG,GAAG,CAAA;AAC7B,MAAM,SAAS,GAAG,CAAC,CAAA;AACnB,MAAM,QAAQ,GAAG,YAAY,CAAA;AAE7B,SAAS,cAAc,CAAC,GAAW;IACjC,8EAA8E;IAC9E,MAAM,UAAU,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IAC5E,OAAO,uBAAuB,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAA;AAChF,CAAC;AAED,8EAA8E;AAC9E,6EAA6E;AAC7E,8EAA8E;AAC9E,gFAAgF;AAChF,MAAM,uBAAuB,GAA6C;IACxE,+DAA+D;IAC/D,+EAA+E;IAC/E,CAAC,qBAAqB,EAAE,kBAAkB,CAAC;IAC3C,kEAAkE;IAClE;QACE,8FAA8F;QAC9F,eAAe;KAChB;IACD,6DAA6D;IAC7D,CAAC,2CAA2C,EAAE,eAAe,CAAC;CAC/D,CAAA;AAED;;;;;;;;;;;;GAYG;AACH,SAAS,qBAAqB,CAAC,KAAa;IAC1C,IAAI,GAAG,GAAG,KAAK,CAAA;IACf,KAAK,MAAM,CAAC,OAAO,EAAE,WAAW,CAAC,IAAI,uBAAuB,EAAE,CAAC;QAC7D,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,WAAW,CAAC,CAAA;IACzC,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,UAAU,CAAC,KAAc,EAAE,KAAK,GAAG,CAAC;IAClD,IAAI,KAAK,GAAG,SAAS;QAAE,OAAO,wBAAwB,CAAA;IAEtD,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,KAAK,CAAA;IAEvD,MAAM,IAAI,GAAG,OAAO,KAAK,CAAA;IACzB,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtB,2EAA2E;QAC3E,6BAA6B;QAC7B,MAAM,GAAG,GAAG,qBAAqB,CAAC,KAAe,CAAC,CAAA;QAClD,OAAO,GAAG,CAAC,MAAM,GAAG,iBAAiB;YACnC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,iBAAiB,CAAC,GAAG,cAAc;YAClD,CAAC,CAAC,GAAG,CAAA;IACT,CAAC;IACD,IAAI,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,SAAS;QAAE,OAAO,KAAK,CAAA;IACzD,IAAI,IAAI,KAAK,QAAQ;QAAE,OAAQ,KAAgB,CAAC,QAAQ,EAAE,CAAA;IAC1D,IAAI,IAAI,KAAK,UAAU,IAAI,IAAI,KAAK,QAAQ;QAAE,OAAO,IAAI,IAAI,GAAG,CAAA;IAEhE,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC,CAAA;IACvD,CAAC;IAED,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtB,yEAAyE;QACzE,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;YAC3B,OAAO,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,OAAO,EAAE,UAAU,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,GAAG,CAAC,CAAC,EAAE,CAAA;QAC5E,CAAC;QACD,MAAM,GAAG,GAA4B,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;QACxD,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAgC,CAAC,EAAE,CAAC;YAC1E,GAAG,CAAC,GAAG,CAAC,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,EAAE,KAAK,GAAG,CAAC,CAAC,CAAA;QACxE,CAAC;QACD,OAAO,GAAG,CAAA;IACZ,CAAC;IAED,OAAO,kBAAkB,CAAA;AAC3B,CAAC;AAED,uEAAuE;AACvE,MAAM,UAAU,YAAY,CAAC,OAAe;IAC1C,OAAO,UAAU,CAAC,OAAO,CAAW,CAAA;AACtC,CAAC;AAED,wEAAwE;AACxE,MAAM,UAAU,SAAS,CAAC,IAAe;IACvC,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAA;AACzC,CAAC"}
@@ -1,77 +0,0 @@
1
- import type { ConnectionMode, WalletError, WalletFlowType, Platform, LogLevel, Namespace, NetworkId } from '@meshconnect/uwc-types';
2
- import type { UWCEventName, UWCEventMap, UWCOperation } from '../events';
3
- /**
4
- * A normalized, PII-safe telemetry record derived from a `UWCEventMap` event.
5
- *
6
- * This is the ONLY shape that reaches `observer.onEvent`. It is the PII boundary:
7
- * it has no field for a signing payload, signature, raw transaction, or wallet
8
- * address — leaking those is structurally impossible, not merely discouraged.
9
- */
10
- export interface UWCTelemetryEvent {
11
- /** The originating event name. */
12
- name: UWCEventName;
13
- /** Per-connector-instance correlation id (stamped on every event). */
14
- sdkSessionId: string;
15
- /** ms since epoch when the record was produced. */
16
- timestamp: number;
17
- /** Wallet-boundary op, when the event relates to one. */
18
- operation?: UWCOperation | undefined;
19
- connectionMode?: ConnectionMode | undefined;
20
- /** CAIP namespace (eip155 | solana | tron | tvm …) — never an address. */
21
- namespace?: Namespace | undefined;
22
- /** CAIP chain id (e.g. `eip155:1`) — never an address. */
23
- chainId?: NetworkId | undefined;
24
- /** Catalog wallet id — never an address. */
25
- walletId?: string | undefined;
26
- /** Correlates a handoff start with its terminal. */
27
- handoffId?: string | undefined;
28
- durationMs?: number | undefined;
29
- walletFlowType?: WalletFlowType | undefined;
30
- platform?: Platform | undefined;
31
- /** Present on failure events. `message` is scrubbed before egress. */
32
- error?: WalletError | undefined;
33
- /** Log level, present only for `name === 'log'`. */
34
- level?: LogLevel | undefined;
35
- }
36
- /**
37
- * Vendor-agnostic telemetry sink. Consumers implement; UWC ships no vendor SDK.
38
- * Both methods are optional and called best-effort (throws are swallowed upstream).
39
- *
40
- * CONTRACT — both methods are invoked **synchronously on the wallet-operation
41
- * path**. A terminal event (e.g. `walletSucceeded`) fires between the wallet
42
- * returning a result and that result reaching the caller, so a slow handler adds
43
- * latency to connect / sign / sendTransaction. Keep handlers **non-blocking**:
44
- * hand off to a queue-backed sink (Datadog `addAction`, Segment `track`, etc. are
45
- * already non-blocking) or defer heavy work yourself — e.g.
46
- * `onEvent: e => queueMicrotask(() => doHeavyWork(e))`. Do not perform synchronous
47
- * network/IO or expensive serialization inline.
48
- */
49
- export interface UWCObserver {
50
- /** A normalized, PII-safe event. Forward to Datadog / Amplitude / Segment / … (non-blocking). */
51
- onEvent?(event: UWCTelemetryEvent): void;
52
- /** A log line (all levels). `args` is already scrubbed. Keep non-blocking. */
53
- onLog?(level: LogLevel, message: string, args: unknown[]): void;
54
- }
55
- /**
56
- * Best-effort coarse runtime surface. HEURISTIC — user agents lie and in-app
57
- * browsers are hard to detect; treat `webview` as a hint, not a guarantee.
58
- * Never returns the raw UA (PII / high-cardinality).
59
- */
60
- export declare function derivePlatform(): Platform;
61
- /**
62
- * Derive the flow taxonomy from connection mode + surface. HEURISTIC — UWC does
63
- * not always know whether a WalletConnect handoff used a deeplink vs a QR scan;
64
- * we infer from the platform (mobile ⇒ deeplink, desktop ⇒ QR), matching link-v2's
65
- * historical intent. Consumers with better context may override downstream.
66
- */
67
- export declare function deriveWalletFlowType(connectionMode: ConnectionMode, platform: Platform): WalletFlowType;
68
- /**
69
- * Map a raw `UWCEventMap` event to its PII-safe `UWCTelemetryEvent`.
70
- *
71
- * Per-event allow-listing: only known-safe fields are copied. Payloads carrying a
72
- * `Session`/`Network` (which include the wallet address) are reduced to
73
- * `namespace` + `chainId` + `walletId`. Unknown/noisy payloads collapse to just
74
- * the name. `error.message` is scrubbed.
75
- */
76
- export declare function normalizeEvent<K extends UWCEventName>(name: K, data: UWCEventMap[K], sdkSessionId: string, now: number): UWCTelemetryEvent;
77
- //# sourceMappingURL=telemetry.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"telemetry.d.ts","sourceRoot":"","sources":["../../src/observability/telemetry.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,cAAc,EACd,WAAW,EACX,cAAc,EACd,QAAQ,EACR,QAAQ,EACR,SAAS,EACT,SAAS,EACV,MAAM,wBAAwB,CAAA;AAC/B,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,WAAW,CAAA;AAGxE;;;;;;GAMG;AACH,MAAM,WAAW,iBAAiB;IAChC,kCAAkC;IAClC,IAAI,EAAE,YAAY,CAAA;IAClB,sEAAsE;IACtE,YAAY,EAAE,MAAM,CAAA;IACpB,mDAAmD;IACnD,SAAS,EAAE,MAAM,CAAA;IACjB,yDAAyD;IACzD,SAAS,CAAC,EAAE,YAAY,GAAG,SAAS,CAAA;IACpC,cAAc,CAAC,EAAE,cAAc,GAAG,SAAS,CAAA;IAC3C,0EAA0E;IAC1E,SAAS,CAAC,EAAE,SAAS,GAAG,SAAS,CAAA;IACjC,0DAA0D;IAC1D,OAAO,CAAC,EAAE,SAAS,GAAG,SAAS,CAAA;IAC/B,4CAA4C;IAC5C,QAAQ,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IAC7B,oDAAoD;IACpD,SAAS,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IAC9B,UAAU,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IAC/B,cAAc,CAAC,EAAE,cAAc,GAAG,SAAS,CAAA;IAC3C,QAAQ,CAAC,EAAE,QAAQ,GAAG,SAAS,CAAA;IAC/B,sEAAsE;IACtE,KAAK,CAAC,EAAE,WAAW,GAAG,SAAS,CAAA;IAC/B,oDAAoD;IACpD,KAAK,CAAC,EAAE,QAAQ,GAAG,SAAS,CAAA;CAC7B;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,WAAW,WAAW;IAC1B,iGAAiG;IACjG,OAAO,CAAC,CAAC,KAAK,EAAE,iBAAiB,GAAG,IAAI,CAAA;IACxC,8EAA8E;IAC9E,KAAK,CAAC,CAAC,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAA;CAChE;AAED;;;;GAIG;AACH,wBAAgB,cAAc,IAAI,QAAQ,CAWzC;AAED;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAClC,cAAc,EAAE,cAAc,EAC9B,QAAQ,EAAE,QAAQ,GACjB,cAAc,CAehB;AAED;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAAC,CAAC,SAAS,YAAY,EACnD,IAAI,EAAE,CAAC,EACP,IAAI,EAAE,WAAW,CAAC,CAAC,CAAC,EACpB,YAAY,EAAE,MAAM,EACpB,GAAG,EAAE,MAAM,GACV,iBAAiB,CAuFnB"}
@@ -1,138 +0,0 @@
1
- import { scrubMessage } from './scrub';
2
- /**
3
- * Best-effort coarse runtime surface. HEURISTIC — user agents lie and in-app
4
- * browsers are hard to detect; treat `webview` as a hint, not a guarantee.
5
- * Never returns the raw UA (PII / high-cardinality).
6
- */
7
- export function derivePlatform() {
8
- if (typeof navigator === 'undefined' || !navigator.userAgent)
9
- return 'unknown';
10
- const ua = navigator.userAgent;
11
- const isIOS = /iPhone|iPad|iPod/i.test(ua);
12
- const isAndroid = /Android/i.test(ua);
13
- // Android in-app browsers tag the UA with `; wv`; iOS WKWebViews lack `Safari`.
14
- const isWebview = (isAndroid && /; wv\)/i.test(ua)) || (isIOS && !/Safari/i.test(ua));
15
- if (isWebview)
16
- return 'webview';
17
- if (isIOS || isAndroid)
18
- return 'mobile';
19
- return 'desktop';
20
- }
21
- /**
22
- * Derive the flow taxonomy from connection mode + surface. HEURISTIC — UWC does
23
- * not always know whether a WalletConnect handoff used a deeplink vs a QR scan;
24
- * we infer from the platform (mobile ⇒ deeplink, desktop ⇒ QR), matching link-v2's
25
- * historical intent. Consumers with better context may override downstream.
26
- */
27
- export function deriveWalletFlowType(connectionMode, platform) {
28
- const isDesktop = platform === 'desktop';
29
- switch (connectionMode) {
30
- case 'injected':
31
- // Injected on a phone almost always means we're inside a wallet's browser.
32
- return isDesktop ? 'browser_extension_flow' : 'in_wallet_browser_flow';
33
- case 'walletConnect':
34
- return isDesktop
35
- ? 'wallet_connect_qr_flow'
36
- : 'wallet_connect_deep_link_flow';
37
- case 'tonConnect':
38
- return isDesktop ? 'ton_connect_qr_flow' : 'ton_connect_deep_link_flow';
39
- default:
40
- return 'unknown';
41
- }
42
- }
43
- /**
44
- * Map a raw `UWCEventMap` event to its PII-safe `UWCTelemetryEvent`.
45
- *
46
- * Per-event allow-listing: only known-safe fields are copied. Payloads carrying a
47
- * `Session`/`Network` (which include the wallet address) are reduced to
48
- * `namespace` + `chainId` + `walletId`. Unknown/noisy payloads collapse to just
49
- * the name. `error.message` is scrubbed.
50
- */
51
- export function normalizeEvent(name, data, sdkSessionId, now) {
52
- const base = { name, sdkSessionId, timestamp: now };
53
- switch (name) {
54
- case 'connecting': {
55
- const d = data;
56
- return {
57
- ...base,
58
- operation: 'connect',
59
- connectionMode: d.connectionMode,
60
- walletId: d.walletId
61
- };
62
- }
63
- case 'connected':
64
- case 'sessionChanged': {
65
- const d = data;
66
- const session = d.session;
67
- return {
68
- ...base,
69
- connectionMode: session.connectionMode ?? undefined,
70
- namespace: session.activeNetwork?.namespace,
71
- chainId: session.activeNetwork?.id,
72
- walletId: session.activeWallet?.id
73
- };
74
- }
75
- case 'networkSwitched': {
76
- const d = data;
77
- return {
78
- ...base,
79
- operation: 'switchNetwork',
80
- namespace: d.network.namespace,
81
- chainId: d.network.id
82
- };
83
- }
84
- case 'connectionUri': {
85
- // Carry the mode but NEVER the URI itself (a relay/pairing string).
86
- const d = data;
87
- return { ...base, connectionMode: d.connectionMode };
88
- }
89
- case 'error': {
90
- const d = data;
91
- return {
92
- ...base,
93
- operation: d.operation,
94
- error: { type: d.error.type, message: scrubMessage(d.error.message) }
95
- };
96
- }
97
- case 'awaitingWallet': {
98
- const d = data;
99
- return {
100
- ...base,
101
- operation: d.operation,
102
- connectionMode: d.connectionMode,
103
- walletId: d.walletId,
104
- namespace: d.namespace,
105
- chainId: d.chainId,
106
- handoffId: d.handoffId,
107
- walletFlowType: d.walletFlowType,
108
- platform: d.platform
109
- };
110
- }
111
- case 'walletSucceeded':
112
- case 'walletRejected':
113
- case 'walletTimedOut': {
114
- const d = data;
115
- return {
116
- ...base,
117
- operation: d.operation,
118
- handoffId: d.handoffId,
119
- durationMs: d.durationMs
120
- };
121
- }
122
- case 'walletFailed': {
123
- const d = data;
124
- return {
125
- ...base,
126
- operation: d.operation,
127
- handoffId: d.handoffId,
128
- durationMs: d.durationMs,
129
- error: { type: d.error.type, message: scrubMessage(d.error.message) }
130
- };
131
- }
132
- default:
133
- // ready / walletsDetected / disconnected / networkSwitching /
134
- // capabilitiesUpdated / change / log — name only (log goes via onLog).
135
- return base;
136
- }
137
- }
138
- //# sourceMappingURL=telemetry.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"telemetry.js","sourceRoot":"","sources":["../../src/observability/telemetry.ts"],"names":[],"mappings":"AAUA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAA;AAwDtC;;;;GAIG;AACH,MAAM,UAAU,cAAc;IAC5B,IAAI,OAAO,SAAS,KAAK,WAAW,IAAI,CAAC,SAAS,CAAC,SAAS;QAAE,OAAO,SAAS,CAAA;IAC9E,MAAM,EAAE,GAAG,SAAS,CAAC,SAAS,CAAA;IAC9B,MAAM,KAAK,GAAG,mBAAmB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IAC1C,MAAM,SAAS,GAAG,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IACrC,gFAAgF;IAChF,MAAM,SAAS,GACb,CAAC,SAAS,IAAI,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAA;IACrE,IAAI,SAAS;QAAE,OAAO,SAAS,CAAA;IAC/B,IAAI,KAAK,IAAI,SAAS;QAAE,OAAO,QAAQ,CAAA;IACvC,OAAO,SAAS,CAAA;AAClB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,oBAAoB,CAClC,cAA8B,EAC9B,QAAkB;IAElB,MAAM,SAAS,GAAG,QAAQ,KAAK,SAAS,CAAA;IACxC,QAAQ,cAAc,EAAE,CAAC;QACvB,KAAK,UAAU;YACb,2EAA2E;YAC3E,OAAO,SAAS,CAAC,CAAC,CAAC,wBAAwB,CAAC,CAAC,CAAC,wBAAwB,CAAA;QACxE,KAAK,eAAe;YAClB,OAAO,SAAS;gBACd,CAAC,CAAC,wBAAwB;gBAC1B,CAAC,CAAC,+BAA+B,CAAA;QACrC,KAAK,YAAY;YACf,OAAO,SAAS,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,4BAA4B,CAAA;QACzE;YACE,OAAO,SAAS,CAAA;IACpB,CAAC;AACH,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,cAAc,CAC5B,IAAO,EACP,IAAoB,EACpB,YAAoB,EACpB,GAAW;IAEX,MAAM,IAAI,GAAsB,EAAE,IAAI,EAAE,YAAY,EAAE,SAAS,EAAE,GAAG,EAAE,CAAA;IAEtE,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,YAAY,CAAC,CAAC,CAAC;YAClB,MAAM,CAAC,GAAG,IAAiC,CAAA;YAC3C,OAAO;gBACL,GAAG,IAAI;gBACP,SAAS,EAAE,SAAS;gBACpB,cAAc,EAAE,CAAC,CAAC,cAAc;gBAChC,QAAQ,EAAE,CAAC,CAAC,QAAQ;aACrB,CAAA;QACH,CAAC;QACD,KAAK,WAAW,CAAC;QACjB,KAAK,gBAAgB,CAAC,CAAC,CAAC;YACtB,MAAM,CAAC,GAAG,IAAgC,CAAA;YAC1C,MAAM,OAAO,GAAG,CAAC,CAAC,OAAO,CAAA;YACzB,OAAO;gBACL,GAAG,IAAI;gBACP,cAAc,EAAE,OAAO,CAAC,cAAc,IAAI,SAAS;gBACnD,SAAS,EAAE,OAAO,CAAC,aAAa,EAAE,SAAS;gBAC3C,OAAO,EAAE,OAAO,CAAC,aAAa,EAAE,EAAE;gBAClC,QAAQ,EAAE,OAAO,CAAC,YAAY,EAAE,EAAE;aACnC,CAAA;QACH,CAAC;QACD,KAAK,iBAAiB,CAAC,CAAC,CAAC;YACvB,MAAM,CAAC,GAAG,IAAsC,CAAA;YAChD,OAAO;gBACL,GAAG,IAAI;gBACP,SAAS,EAAE,eAAe;gBAC1B,SAAS,EAAE,CAAC,CAAC,OAAO,CAAC,SAAS;gBAC9B,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE;aACtB,CAAA;QACH,CAAC;QACD,KAAK,eAAe,CAAC,CAAC,CAAC;YACrB,oEAAoE;YACpE,MAAM,CAAC,GAAG,IAAoC,CAAA;YAC9C,OAAO,EAAE,GAAG,IAAI,EAAE,cAAc,EAAE,CAAC,CAAC,cAAc,EAAE,CAAA;QACtD,CAAC;QACD,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,MAAM,CAAC,GAAG,IAA4B,CAAA;YACtC,OAAO;gBACL,GAAG,IAAI;gBACP,SAAS,EAAE,CAAC,CAAC,SAAS;gBACtB,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,OAAO,EAAE,YAAY,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE;aACtE,CAAA;QACH,CAAC;QACD,KAAK,gBAAgB,CAAC,CAAC,CAAC;YACtB,MAAM,CAAC,GAAG,IAAqC,CAAA;YAC/C,OAAO;gBACL,GAAG,IAAI;gBACP,SAAS,EAAE,CAAC,CAAC,SAAS;gBACtB,cAAc,EAAE,CAAC,CAAC,cAAc;gBAChC,QAAQ,EAAE,CAAC,CAAC,QAAQ;gBACpB,SAAS,EAAE,CAAC,CAAC,SAAS;gBACtB,OAAO,EAAE,CAAC,CAAC,OAAO;gBAClB,SAAS,EAAE,CAAC,CAAC,SAAS;gBACtB,cAAc,EAAE,CAAC,CAAC,cAAc;gBAChC,QAAQ,EAAE,CAAC,CAAC,QAAQ;aACrB,CAAA;QACH,CAAC;QACD,KAAK,iBAAiB,CAAC;QACvB,KAAK,gBAAgB,CAAC;QACtB,KAAK,gBAAgB,CAAC,CAAC,CAAC;YACtB,MAAM,CAAC,GAAG,IAAsC,CAAA;YAChD,OAAO;gBACL,GAAG,IAAI;gBACP,SAAS,EAAE,CAAC,CAAC,SAAS;gBACtB,SAAS,EAAE,CAAC,CAAC,SAAS;gBACtB,UAAU,EAAE,CAAC,CAAC,UAAU;aACzB,CAAA;QACH,CAAC;QACD,KAAK,cAAc,CAAC,CAAC,CAAC;YACpB,MAAM,CAAC,GAAG,IAAmC,CAAA;YAC7C,OAAO;gBACL,GAAG,IAAI;gBACP,SAAS,EAAE,CAAC,CAAC,SAAS;gBACtB,SAAS,EAAE,CAAC,CAAC,SAAS;gBACtB,UAAU,EAAE,CAAC,CAAC,UAAU;gBACxB,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,OAAO,EAAE,YAAY,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE;aACtE,CAAA;QACH,CAAC;QACD;YACE,8DAA8D;YAC9D,uEAAuE;YACvE,OAAO,IAAI,CAAA;IACf,CAAC;AACH,CAAC"}
@@ -1,2 +0,0 @@
1
- export declare function generateId(): string;
2
- //# sourceMappingURL=id.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"id.d.ts","sourceRoot":"","sources":["../../src/utils/id.ts"],"names":[],"mappings":"AAgBA,wBAAgB,UAAU,IAAI,MAAM,CA+BnC"}
package/dist/utils/id.js DELETED
@@ -1,41 +0,0 @@
1
- /**
2
- * Generate a correlation id (RFC-4122 v4 when available).
3
- *
4
- * Used for the per-instance `sdkSessionId` and per-handoff `handoffId` — both are
5
- * opaque correlation tokens, never derived from wallet data (no address, no key).
6
- * Prefers the native `crypto.randomUUID()` (browsers + Node ≥ 16); falls back to a
7
- * `crypto.getRandomValues`-backed v4, and finally to a timestamp + monotonic
8
- * counter only in environments that expose neither. Correlation ids need to be
9
- * collision-resistant enough to pair a start event with its terminal — NOT
10
- * cryptographically unpredictable — so the last-resort branch uses no PRNG.
11
- */
12
- // Monotonic counter for the no-crypto fallback: guarantees per-process uniqueness
13
- // without any pseudo-random generator (correlation ids need uniqueness, not
14
- // unpredictability — and a counter is strictly more collision-resistant here).
15
- let fallbackCounter = 0;
16
- export function generateId() {
17
- const c = typeof globalThis !== 'undefined' ? globalThis.crypto : undefined;
18
- if (c?.randomUUID) {
19
- return c.randomUUID();
20
- }
21
- if (c?.getRandomValues) {
22
- const bytes = c.getRandomValues(new Uint8Array(16));
23
- // Set the version (4) and variant (10xx) bits per RFC 4122 §4.4.
24
- bytes[6] = (bytes[6] & 0x0f) | 0x40;
25
- bytes[8] = (bytes[8] & 0x3f) | 0x80;
26
- const hex = Array.from(bytes, b => b.toString(16).padStart(2, '0'));
27
- return (hex.slice(0, 4).join('') +
28
- '-' +
29
- hex.slice(4, 6).join('') +
30
- '-' +
31
- hex.slice(6, 8).join('') +
32
- '-' +
33
- hex.slice(8, 10).join('') +
34
- '-' +
35
- hex.slice(10, 16).join(''));
36
- }
37
- // Last-resort fallback (no Web Crypto). Timestamp + monotonic counter keeps
38
- // ids unique within the process without a PRNG. Sufficient for correlation.
39
- return ('uwc-' + Date.now().toString(36) + '-' + (fallbackCounter++).toString(36));
40
- }
41
- //# sourceMappingURL=id.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"id.js","sourceRoot":"","sources":["../../src/utils/id.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AACH,kFAAkF;AAClF,4EAA4E;AAC5E,+EAA+E;AAC/E,IAAI,eAAe,GAAG,CAAC,CAAA;AAEvB,MAAM,UAAU,UAAU;IACxB,MAAM,CAAC,GAAG,OAAO,UAAU,KAAK,WAAW,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAA;IAE3E,IAAI,CAAC,EAAE,UAAU,EAAE,CAAC;QAClB,OAAO,CAAC,CAAC,UAAU,EAAE,CAAA;IACvB,CAAC;IAED,IAAI,CAAC,EAAE,eAAe,EAAE,CAAC;QACvB,MAAM,KAAK,GAAG,CAAC,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAA;QACnD,iEAAiE;QACjE,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAA;QACpC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAA;QACpC,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAA;QACnE,OAAO,CACL,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;YACxB,GAAG;YACH,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;YACxB,GAAG;YACH,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;YACxB,GAAG;YACH,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;YACzB,GAAG;YACH,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAC3B,CAAA;IACH,CAAC;IAED,4EAA4E;IAC5E,4EAA4E;IAC5E,OAAO,CACL,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,GAAG,GAAG,GAAG,CAAC,eAAe,EAAE,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAC1E,CAAA;AACH,CAAC"}
@@ -1,16 +0,0 @@
1
- import { type WalletError } from '@meshconnect/uwc-types';
2
- /** Normalize any thrown value into the PII-light `WalletError` shape. */
3
- export declare function toWalletError(error: unknown): WalletError;
4
- /**
5
- * Whether a thrown value is an explicit user rejection. Connectors usually wrap
6
- * these as `WalletConnectorError{type:'rejected'}`, but a raw EIP-1193 reject
7
- * (code `4001`) or ethers' `ACTION_REJECTED` can also reach the façade.
8
- */
9
- export declare function isUserRejection(error: unknown): boolean;
10
- /**
11
- * Whether a thrown value is an intentional cancellation (AbortSignal / fetch
12
- * abort). Matched by `name` rather than `instanceof Error` because a real abort is
13
- * a `DOMException`, which is not an `Error` subclass in every runtime.
14
- */
15
- export declare function isAbortError(error: unknown): boolean;
16
- //# sourceMappingURL=to-wallet-error.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"to-wallet-error.d.ts","sourceRoot":"","sources":["../../src/utils/to-wallet-error.ts"],"names":[],"mappings":"AAAA,OAAO,EAAwB,KAAK,WAAW,EAAE,MAAM,wBAAwB,CAAA;AAE/E,yEAAyE;AACzE,wBAAgB,aAAa,CAAC,KAAK,EAAE,OAAO,GAAG,WAAW,CAQzD;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAIvD;AAED;;;;GAIG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAMpD"}