@mocanetwork/airkit-connector 1.9.0-beta.3 → 1.10.0

package/dist/airkitConnector.cjs.js

@@ -94,7 +94,7 @@ typeof SuppressedError === "function" ? SuppressedError : function (error, suppr
   var e = new Error(message);
   return e.name = "SuppressedError", e.error = error, e.suppressed = suppressed, e;
 };
-var version$2 = "1.9.0-beta.3";
+var version$2 = "1.10.0";
 var airkitPackage = {
   version: version$2
 };
@@ -134,10 +134,23 @@ const AirAuthMessageTypes = {
   LOGOUT_RESPONSE: "air_auth_logout_response",
   START_RECOVERY_REQUEST: "air_start_recovery_request",
   START_RECOVERY_RESPONSE: "air_start_recovery_response",
+  // Dashboard intent posted by recovery-frontend's RecoveryEntryView when
+  // the user picks an action. Distinct from START_RECOVERY_REQUEST so that
+  // when auth-frontend forwards the actual START_RECOVERY_REQUEST onto the
+  // shared recovery channel, the local echo doesn't loop back into
+  // auth-frontend's own recovery-channel subscription.
+  START_RECOVERY_DASHBOARD_REQUEST: "air_start_recovery_dashboard_request",
   RECOVERY_REQUEST: "air_auth_recovery_request",
   RECOVERY_RESPONSE: "air_auth_recovery_response",
-  ISSUE_ON_BEHALF_NEW_USER_CONFIRMATION_REQUEST: "air_auth_issue_on_behalf_new_user_confirmation_request",
-  ISSUE_ON_BEHALF_NEW_USER_CONFIRMATION_RESPONSE: "air_auth_issue_on_behalf_new_user_confirmation_response",
+  // Mid-flow signing RPCs for the RECOVER_ACCOUNT flow. The recovery
+  // private key never leaves recovery-frontend; auth-frontend asks for
+  // a signature each time it needs one (after collecting the new email
+  // for the canonical reset payload, and after the backend returns the
+  // Privy authorization payload to wallet-PATCH).
+  RECOVER_ACCOUNT_RESET_SIGNATURE_REQUEST: "air_auth_recover_account_reset_signature_request",
+  RECOVER_ACCOUNT_RESET_SIGNATURE_RESPONSE: "air_auth_recover_account_reset_signature_response",
+  RECOVER_ACCOUNT_AUTHORIZATION_SIGNATURE_REQUEST: "air_auth_recover_account_authorization_signature_request",
+  RECOVER_ACCOUNT_AUTHORIZATION_SIGNATURE_RESPONSE: "air_auth_recover_account_authorization_signature_response",
   REMOVE_SIGNER_SIGNATURE_REQUEST: "air_auth_remove_signer_signature_request",
   REMOVE_SIGNER_SIGNATURE_RESPONSE: "air_auth_remove_signer_signature_response",
   RESET_WALLET_REQUEST: "air_auth_reset_wallet_request",
@@ -616,11 +629,11 @@ const BUILD_ENV = {
 const IFRAME_NAME_PREFIX_SET = ["air-wallet", "air-credential", "air-auth", "air-recovery"]; // order defines the z-index from highest to lowest
 
 const FONT_CDNS = ["https://fonts.googleapis.com", "https://fonts.gstatic.com"];
-const SANDBOX_TESTNET_URLS = {
-  authUrl: "https://account.sandbox-testnet.air3.com/auth/",
-  walletUrl: "https://account.sandbox-testnet.air3.com/wallet/",
-  recoveryUrl: "https://account.sandbox-testnet.air3.com/recovery/",
-  credentialUrl: "https://account.sandbox-testnet.air3.com/credential/"
+const PRODUCTION_MAINNET_URLS = {
+  authUrl: "https://account-mainnet.air3.com/auth/",
+  walletUrl: "https://account-mainnet.air3.com/wallet/",
+  recoveryUrl: "https://account-mainnet.air3.com/recovery/",
+  credentialUrl: "https://account-mainnet.air3.com/credential/"
 };
 const AIR_URLS = {
   [BUILD_ENV.DEVELOPMENT]: {
@@ -642,10 +655,10 @@ const AIR_URLS = {
     credentialUrl: "https://account.uat.air3.com/credential/"
   },
   [BUILD_ENV.SANDBOX]: {
-    authUrl: "https://account.sandbox.air3.com/auth/",
-    walletUrl: "https://account.sandbox.air3.com/wallet/",
-    recoveryUrl: "https://account.sandbox.air3.com/recovery/",
-    credentialUrl: "https://account.sandbox.air3.com/credential/"
+    authUrl: "https://account.sandbox-testnet.air3.com/auth/",
+    walletUrl: "https://account.sandbox-testnet.air3.com/wallet/",
+    recoveryUrl: "https://account.sandbox-testnet.air3.com/recovery/",
+    credentialUrl: "https://account.sandbox-testnet.air3.com/credential/"
   },
   [BUILD_ENV.PRODUCTION]: {
     authUrl: "https://account.air3.com/auth/",
@@ -655,8 +668,8 @@ const AIR_URLS = {
   }
 };
 const getAirUrls = (buildEnv, credentialNetwork) => {
-  if (buildEnv === BUILD_ENV.SANDBOX && credentialNetwork === "testnet") {
-    return SANDBOX_TESTNET_URLS;
+  if (buildEnv === BUILD_ENV.PRODUCTION && credentialNetwork === "mainnet") {
+    return PRODUCTION_MAINNET_URLS;
   }
   return AIR_URLS[buildEnv];
 };
@@ -1535,6 +1548,41 @@ var AnonymousSubject = function (_super) {
   };
   return AnonymousSubject;
 }(Subject);
+var BehaviorSubject = function (_super) {
+  __extends(BehaviorSubject, _super);
+  function BehaviorSubject(_value) {
+    var _this = _super.call(this) || this;
+    _this._value = _value;
+    return _this;
+  }
+  Object.defineProperty(BehaviorSubject.prototype, "value", {
+    get: function () {
+      return this.getValue();
+    },
+    enumerable: false,
+    configurable: true
+  });
+  BehaviorSubject.prototype._subscribe = function (subscriber) {
+    var subscription = _super.prototype._subscribe.call(this, subscriber);
+    !subscription.closed && subscriber.next(this._value);
+    return subscription;
+  };
+  BehaviorSubject.prototype.getValue = function () {
+    var _a = this,
+      hasError = _a.hasError,
+      thrownError = _a.thrownError,
+      _value = _a._value;
+    if (hasError) {
+      throw thrownError;
+    }
+    this._throwIfClosed();
+    return _value;
+  };
+  BehaviorSubject.prototype.next = function (value) {
+    _super.prototype.next.call(this, this._value = value);
+  };
+  return BehaviorSubject;
+}(Subject);
 var EmptyError = createErrorClass(function (_super) {
   return function EmptyErrorImpl() {
     _super(this);
@@ -1611,6 +1659,8 @@ var PartnerAccessTokenErrorName;
 (function (PartnerAccessTokenErrorName) {
   PartnerAccessTokenErrorName["PARTNER_ACCESS_TOKEN_INVALID"] = "PARTNER_ACCESS_TOKEN_INVALID";
   PartnerAccessTokenErrorName["USER_MISMATCH"] = "USER_MISMATCH";
+  /** dApp-supplied partner JWT is past its `exp` — SDK consumers should mint a fresh one. */
+  PartnerAccessTokenErrorName["PARTNER_TOKEN_EXPIRED"] = "PARTNER_TOKEN_EXPIRED";
 })(PartnerAccessTokenErrorName || (PartnerAccessTokenErrorName = {}));
 /*** Realm ID Errors ***/
 var RealmIDErrorName;
@@ -1681,6 +1731,12 @@ var PrivyErrorName;
 (function (PrivyErrorName) {
   PrivyErrorName["WALLET_PROVIDER_ERROR"] = "WALLET_PROVIDER_ERROR";
 })(PrivyErrorName || (PrivyErrorName = {}));
+/*** Recovery Errors ***/
+var RecoveryErrorName;
+(function (RecoveryErrorName) {
+  RecoveryErrorName["RECOVERY_NOT_CONFIGURED"] = "RECOVERY_NOT_CONFIGURED";
+  RecoveryErrorName["RECOVERY_LOCK_EXCEEDED"] = "RECOVERY_LOCK_EXCEEDED";
+})(RecoveryErrorName || (RecoveryErrorName = {}));
 /*** Air ID Errors ***/
 var AirIDErrorName;
 (function (AirIDErrorName) {
@@ -1700,6 +1756,13 @@ var AirIDErrorName;
   AirIDErrorName["AIR_ID_INVALID_MINT_NAME"] = "AIR_ID_INVALID_MINT_NAME";
   AirIDErrorName["AIR_ID_MINT_TRANSACTION_HASH_MISMATCH"] = "AIR_ID_MINT_TRANSACTION_HASH_MISMATCH";
 })(AirIDErrorName || (AirIDErrorName = {}));
+/*** Agent Errors ***/
+var AgentErrorName;
+(function (AgentErrorName) {
+  AgentErrorName["CONFLICT_REQUEST"] = "CONFLICT_REQUEST";
+  AgentErrorName["INVALID_PARAMETER"] = "INVALID_PARAMETER";
+  AgentErrorName["WALLET_PROVIDER_ERROR"] = "WALLET_PROVIDER_ERROR";
+})(AgentErrorName || (AgentErrorName = {}));
 /*** Window Errors ***/
 var WindowErrorName;
 (function (WindowErrorName) {
@@ -1718,10 +1781,12 @@ const Codes = {
   ...WalletLinkErrorName,
   ...IntentErrorName,
   ...PrivyErrorName,
+  ...RecoveryErrorName,
   ...AirIDErrorName,
-  ...WindowErrorName
+  ...WindowErrorName,
+  ...AgentErrorName
 };
-const AirClientUserErrors = ["USER_CANCELLED", "CONFIG_ERROR", "CLIENT_ERROR", "UNKNOWN_ERROR", "PERMISSION_NOT_ENABLED", "SMART_ACCOUNT_NOT_DEPLOYED", "ACCOUNT_DELETION_PENDING", "SWAP_TO_ONRAMP", "USER_REJECTED"];
+const AirClientUserErrors = ["USER_CANCELLED", "CONFIG_ERROR", "CLIENT_ERROR", "UNKNOWN_ERROR", "PERMISSION_NOT_ENABLED", "SMART_ACCOUNT_NOT_DEPLOYED", "ACCOUNT_DELETION_PENDING", "SWAP_TO_ONRAMP", "USER_REJECTED", "START_PIN_RECOVERY"];
 class AirError extends BaseError$2 {}
 new Set(AirClientUserErrors);
 new Set(Object.values(Codes));
@@ -1734,12 +1799,18 @@ class MessageServiceBase {
     return this._messages$;
   }
   get isOpen() {
-    return !!this.closeListener;
+    return this._isOpen$.value;
+  }
+  async waitUntilOpen() {
+    if (this.isOpen) return;
+    await firstValueFrom(this._isOpen$.pipe(filter(Boolean)));
   }
   constructor(name, allowedMessageTypes) {
     this.name = name;
     this.allowedMessageTypes = allowedMessageTypes;
     this.closeListener = null;
+    this._isOpen$ = new BehaviorSubject(false);
+    this.isOpen$ = this._isOpen$.asObservable();
   }
   static _getName(name, targetName) {
     return `${name} Service: ${targetName} Channel`;
@@ -1782,6 +1853,7 @@ class MessageServiceBase {
         window.removeEventListener("message", handleMessage);
       };
     }
+    this._isOpen$.next(true);
   }
   isMessageAllowed(message) {
     return this.allowedMessageTypes.includes(message.type);
@@ -1798,6 +1870,7 @@ class MessageServiceBase {
     if (this.eventSubject && !this.eventSubject.closed) {
       this.eventSubject.complete();
     }
+    if (this._isOpen$.value) this._isOpen$.next(false);
   }
   createErrorResponseMessage(type, error) {
     return {
@@ -2142,7 +2215,7 @@ class AuthMessageService extends MessageServiceBase {
     const response = firstValueFrom(this.messages$.pipe(filter(msg => msg.type === AirAuthMessageTypes.START_RECOVERY_RESPONSE)));
     await this.sendMessage({
       type: AirAuthMessageTypes.START_RECOVERY_REQUEST,
-      payload
+      payload: payload ?? {}
     });
     return response;
   }
@@ -2234,11 +2307,14 @@ class IframeController {
   get iframeElement() {
     return this._iframeElement;
   }
+  get isVisible() {
+    return this.state.isVisible;
+  }
   createIframe() {
     if (this._iframeElement) return this._iframeElement;
     const iframe = document.createElement("iframe");
     iframe.id = this.iframeId;
-    iframe.allow = ["publickey-credentials-get *", "publickey-credentials-create *", "ch-ua-model", "ch-ua-platform-version", "clipboard-write", "web-share"].join("; ");
+    iframe.allow = ["publickey-credentials-get *", "publickey-credentials-create *", "ch-ua-model", "ch-ua-platform-version", "clipboard-read", "clipboard-write", "web-share"].join("; ");
     iframe.src = this.iframeUrl;
     iframe.style.position = "fixed";
     iframe.style.zIndex = `${this.getZIndex()}`;
@@ -2273,6 +2349,15 @@ class IframeController {
     style.bottom = "0px";
     Object.assign(this.iframeElement.style, style);
   }
+  focus() {
+    try {
+      this.iframeElement?.contentWindow?.focus();
+    } catch {
+      // Some browsers reject cross-origin focus() outside a user gesture.
+      // The first interaction inside the iframe will restore the correct
+      // keyboard routing, so swallowing this is safe.
+    }
+  }
   destroy() {
     if (this.iframeElement) {
       this.iframeElement.remove();
@@ -2731,7 +2816,7 @@ class WindowService {
   }
 }
 var WindowService$1 = WindowService.instance;
-var _AirService_instances, _AirService_loginResult, _AirService_buildEnv, _AirService_enableLogging, _AirService_partnerId, _AirService_sessionId, _AirService_sessionConfig, _AirService_authMessagingService, _AirService_authIframeController, _AirService_isAuthInitialized, _AirService_airEventListener, _AirService_walletMessagingService, _AirService_walletIframeController, _AirService_walletInitialization, _AirService_walletLoggedInResult, _AirService_airWalletProvider, _AirService_recoveryInitialization, _AirService_recoveryMessagingService, _AirService_recoveryIframeController, _AirService_credentialsInitialization, _AirService_credentialMessagingService, _AirService_credentialIframeController, _AirService_credentialNetwork, _AirService_assertInitialized, _AirService_assertLoggedIn, _AirService_ensureCredential, _AirService_initializeCredentials, _AirService_subscribeToCredentialEvents, _AirService_cleanUpCredential, _AirService_ensureWallet, _AirService_initializeWallet, _AirService_subscribeToWalletEvents, _AirService_triggerEventListeners, _AirService_triggerAirAuthInitialized, _AirService_triggerAirAuthLoggedIn, _AirService_triggerAirAuthLoggedOut, _AirService_triggerWalletInitialized, _AirService_createLoginResult, _AirService_createWalletInitializedResult, _AirService_cleanUpAuth, _AirService_cleanUpWallet, _AirService_ensureRecovery, _AirService_initializeRecovery, _AirService_subscribeToRecoveryEvents, _AirService_cleanUpRecovery;
+var _AirService_instances, _AirService_loginResult, _AirService_buildEnv, _AirService_enableLogging, _AirService_partnerId, _AirService_sessionId, _AirService_sessionConfig, _AirService_authMessagingService, _AirService_authIframeController, _AirService_isAuthInitialized, _AirService_airEventListener, _AirService_walletMessagingService, _AirService_walletIframeController, _AirService_walletInitialization, _AirService_walletLoggedInResult, _AirService_airWalletProvider, _AirService_recoveryInitialization, _AirService_recoveryMessagingService, _AirService_recoveryIframeController, _AirService_credentialsInitialization, _AirService_credentialMessagingService, _AirService_credentialIframeController, _AirService_credentialNetwork, _AirService_assertInitialized, _AirService_assertLoggedIn, _AirService_ensureCredential, _AirService_initializeCredentials, _AirService_subscribeToCredentialEvents, _AirService_cleanUpCredential, _AirService_ensureWallet, _AirService_initializeWallet, _AirService_subscribeToWalletEvents, _AirService_triggerEventListeners, _AirService_triggerAirAuthInitialized, _AirService_triggerAirAuthLoggedIn, _AirService_triggerAirAuthLoggedOut, _AirService_triggerWalletInitialized, _AirService_assignAndTriggerLoginResult, _AirService_createWalletInitializedResult, _AirService_cleanUpAuth, _AirService_cleanUpWallet, _AirService_ensureRecovery, _AirService_initializeRecovery, _AirService_subscribeToRecoveryEvents, _AirService_cleanUpRecovery, _AirService_refocusTopmostVisibleIframe;
 const airKitVersion = airkitPackage.version;
 class AirService {
   constructor({
@@ -2809,11 +2894,11 @@ class AirService {
       sessionConfig = undefined,
       preloadWallet = false,
       preloadCredential = false,
-      credentialNetwork = "devnet"
+      credentialNetwork
     } = config;
     if (!__classPrivateFieldGet$1(this, _AirService_partnerId, "f")) throw new AirServiceError("CLIENT_ERROR", "Partner ID is required to initialize the service");
     if (__classPrivateFieldGet$1(this, _AirService_isAuthInitialized, "f")) return __classPrivateFieldGet$1(this, _AirService_loginResult, "f") ?? null;
-    __classPrivateFieldSet(this, _AirService_credentialNetwork, buildEnv === BUILD_ENV.SANDBOX ? credentialNetwork : undefined);
+    __classPrivateFieldSet(this, _AirService_credentialNetwork, buildEnv === BUILD_ENV.PRODUCTION ? credentialNetwork : undefined);
     configureLogLevel(buildEnv, enableLogging);
     const {
       authUrl,
@@ -2844,6 +2929,7 @@ class AirService {
               const authIframeController = __classPrivateFieldGet$1(this, _AirService_authIframeController, "f");
               authIframeController.setIframeVisibility(msg.payload.visible);
               authIframeController.updateIframeState();
+              __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_refocusTopmostVisibleIframe).call(this);
               break;
             }
           case AirAuthMessageTypes.SETUP_WALLET_REQUEST:
@@ -2886,6 +2972,20 @@ class AirService {
               await this.logout();
               break;
             }
+          case AirAuthMessageTypes.LOGIN_RESPONSE:
+            {
+              if (msg.payload.success === true) {
+                __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_assignAndTriggerLoginResult).call(this, msg.payload);
+              }
+              break;
+            }
+          case AirAuthMessageTypes.LOGOUT_RESPONSE:
+            {
+              const wasLoggedIn = !!__classPrivateFieldGet$1(this, _AirService_loginResult, "f");
+              __classPrivateFieldSet(this, _AirService_loginResult, undefined, "f");
+              if (wasLoggedIn) __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_triggerAirAuthLoggedOut).call(this);
+              break;
+            }
         }
       });
       const result = await new Promise((resolve, reject) => {
@@ -2922,9 +3022,7 @@ class AirService {
       if (preloadCredential) void this.preloadCredential();
       // rehydrated auth session
       if (result.rehydrated) {
-        __classPrivateFieldSet(this, _AirService_loginResult, __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_createLoginResult).call(this, result), "f");
-        __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_triggerAirAuthLoggedIn).call(this);
-        return __classPrivateFieldGet$1(this, _AirService_loginResult, "f");
+        return __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_assignAndTriggerLoginResult).call(this, result);
       }
     } catch (error) {
       log$1.debug("Error initializing auth service", error);
@@ -2942,9 +3040,7 @@ class AirService {
       partnerLoginToken: options?.authToken
     });
     if (payload.success === true) {
-      __classPrivateFieldSet(this, _AirService_loginResult, __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_createLoginResult).call(this, payload));
-      __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_triggerAirAuthLoggedIn).call(this);
-      return __classPrivateFieldGet$1(this, _AirService_loginResult, "f");
+      return __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_assignAndTriggerLoginResult).call(this, payload);
     }
     throw new AirServiceError(payload.errorName, payload.errorMessage);
   }
@@ -3113,7 +3209,8 @@ class AirService {
         id: info.payload.user.id,
         abstractAccountAddress: info.payload.user.abstractAccountAddress,
         email: info.payload.user.email,
-        isMFASetup: info.payload.user.activeMfaMethods.length > 0
+        wallet: info.payload.user.wallet,
+        isMFASetup: (info.payload.user.activeMfaMethods?.length ?? 0) > 0
       }
     };
   }
@@ -3177,8 +3274,6 @@ class AirService {
     // Clear up credentials first to avoid issues with wallet and auth messaging services
     await __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_cleanUpCredential).call(this);
     await Promise.all([__classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_cleanUpWallet).call(this), __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_cleanUpRecovery).call(this), __classPrivateFieldGet$1(this, _AirService_authMessagingService, "f").logout()]);
-    __classPrivateFieldSet(this, _AirService_loginResult, undefined);
-    __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_triggerAirAuthLoggedOut).call(this);
   }
   async cleanUp() {
     await __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_cleanUpCredential).call(this);
@@ -3204,7 +3299,7 @@ class AirService {
     credentialId,
     credentialSubject,
     curve,
-    offchain
+    waitForOnchainCompletion
   }) {
     await __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_ensureCredential).call(this);
     const response = await __classPrivateFieldGet$1(this, _AirService_credentialMessagingService, "f").sendIssueCredentialRequest({
@@ -3213,7 +3308,7 @@ class AirService {
       credentialId,
       credentialSubject,
       curve,
-      offchain
+      waitForOnchainCompletion
     });
     const {
       payload
@@ -3337,6 +3432,7 @@ _AirService_loginResult = new WeakMap(), _AirService_buildEnv = new WeakMap(), _
         {
           __classPrivateFieldGet$1(this, _AirService_credentialIframeController, "f").setIframeVisibility(message.payload.visible);
           __classPrivateFieldGet$1(this, _AirService_credentialIframeController, "f").updateIframeState();
+          __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_refocusTopmostVisibleIframe).call(this);
           break;
         }
     }
@@ -3436,6 +3532,7 @@ _AirService_loginResult = new WeakMap(), _AirService_buildEnv = new WeakMap(), _
           const walletIframeController = __classPrivateFieldGet$1(this, _AirService_walletIframeController, "f");
           walletIframeController.setIframeVisibility(msg.payload.visible);
           walletIframeController.updateIframeState();
+          __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_refocusTopmostVisibleIframe).call(this);
           break;
         }
       case AirWalletMessageTypes.WALLET_LOGIN_RESPONSE:
@@ -3503,15 +3600,19 @@ _AirService_loginResult = new WeakMap(), _AirService_buildEnv = new WeakMap(), _
     event: "wallet_initialized",
     result
   });
-}, _AirService_createLoginResult = function _AirService_createLoginResult(payload) {
-  return {
-    isLoggedIn: true,
-    id: payload.id,
-    abstractAccountAddress: payload.abstractAccountAddress,
-    abstractAccountAddresses: payload.abstractAccountAddresses,
-    token: payload.partnerAccessToken,
-    isMFASetup: payload.activeMfaMethods.length > 0
-  };
+}, _AirService_assignAndTriggerLoginResult = function _AirService_assignAndTriggerLoginResult(payload) {
+  if (!__classPrivateFieldGet$1(this, _AirService_loginResult, "f")) {
+    __classPrivateFieldSet(this, _AirService_loginResult, {
+      isLoggedIn: true,
+      id: payload.id,
+      abstractAccountAddress: payload.abstractAccountAddress,
+      abstractAccountAddresses: payload.abstractAccountAddresses,
+      token: payload.partnerAccessToken,
+      isMFASetup: (payload.activeMfaMethods?.length ?? 0) > 0
+    });
+    __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_triggerAirAuthLoggedIn).call(this);
+  }
+  return __classPrivateFieldGet$1(this, _AirService_loginResult, "f");
 }, _AirService_createWalletInitializedResult = function _AirService_createWalletInitializedResult(payload) {
   if ("isWalletLoggedIn" in payload && !payload.isWalletLoggedIn) {
     return {
@@ -3521,7 +3622,7 @@ _AirService_loginResult = new WeakMap(), _AirService_buildEnv = new WeakMap(), _
   }
   return {
     abstractAccountAddress: payload.addresses.aa,
-    isMFASetup: payload.activeMfaMethods.length > 0
+    isMFASetup: (payload.activeMfaMethods?.length ?? 0) > 0
   };
 }, _AirService_cleanUpAuth = async function _AirService_cleanUpAuth() {
   // Logout auth session
@@ -3613,6 +3714,7 @@ _AirService_loginResult = new WeakMap(), _AirService_buildEnv = new WeakMap(), _
           const recoveryIframeController = __classPrivateFieldGet$1(this, _AirService_recoveryIframeController, "f");
           recoveryIframeController.setIframeVisibility(message.payload.visible);
           recoveryIframeController.updateIframeState();
+          __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_refocusTopmostVisibleIframe).call(this);
           break;
         }
     }
@@ -3629,6 +3731,14 @@ _AirService_loginResult = new WeakMap(), _AirService_buildEnv = new WeakMap(), _
   // Close the message service
   await __classPrivateFieldGet$1(this, _AirService_recoveryMessagingService, "f").close();
   __classPrivateFieldSet(this, _AirService_recoveryInitialization, undefined);
+}, _AirService_refocusTopmostVisibleIframe = function _AirService_refocusTopmostVisibleIframe() {
+  const candidates = [__classPrivateFieldGet$1(this, _AirService_walletIframeController, "f"), __classPrivateFieldGet$1(this, _AirService_credentialIframeController, "f"), __classPrivateFieldGet$1(this, _AirService_authIframeController, "f"), __classPrivateFieldGet$1(this, _AirService_recoveryIframeController, "f")];
+  for (const controller of candidates) {
+    if (controller?.isVisible) {
+      controller.focus();
+      return;
+    }
+  }
 };
 
 function isHex(value, {

package/dist/airkitConnector.esm.js

@@ -92,7 +92,7 @@ typeof SuppressedError === "function" ? SuppressedError : function (error, suppr
   var e = new Error(message);
   return e.name = "SuppressedError", e.error = error, e.suppressed = suppressed, e;
 };
-var version$2 = "1.9.0-beta.3";
+var version$2 = "1.10.0";
 var airkitPackage = {
   version: version$2
 };
@@ -132,10 +132,23 @@ const AirAuthMessageTypes = {
   LOGOUT_RESPONSE: "air_auth_logout_response",
   START_RECOVERY_REQUEST: "air_start_recovery_request",
   START_RECOVERY_RESPONSE: "air_start_recovery_response",
+  // Dashboard intent posted by recovery-frontend's RecoveryEntryView when
+  // the user picks an action. Distinct from START_RECOVERY_REQUEST so that
+  // when auth-frontend forwards the actual START_RECOVERY_REQUEST onto the
+  // shared recovery channel, the local echo doesn't loop back into
+  // auth-frontend's own recovery-channel subscription.
+  START_RECOVERY_DASHBOARD_REQUEST: "air_start_recovery_dashboard_request",
   RECOVERY_REQUEST: "air_auth_recovery_request",
   RECOVERY_RESPONSE: "air_auth_recovery_response",
-  ISSUE_ON_BEHALF_NEW_USER_CONFIRMATION_REQUEST: "air_auth_issue_on_behalf_new_user_confirmation_request",
-  ISSUE_ON_BEHALF_NEW_USER_CONFIRMATION_RESPONSE: "air_auth_issue_on_behalf_new_user_confirmation_response",
+  // Mid-flow signing RPCs for the RECOVER_ACCOUNT flow. The recovery
+  // private key never leaves recovery-frontend; auth-frontend asks for
+  // a signature each time it needs one (after collecting the new email
+  // for the canonical reset payload, and after the backend returns the
+  // Privy authorization payload to wallet-PATCH).
+  RECOVER_ACCOUNT_RESET_SIGNATURE_REQUEST: "air_auth_recover_account_reset_signature_request",
+  RECOVER_ACCOUNT_RESET_SIGNATURE_RESPONSE: "air_auth_recover_account_reset_signature_response",
+  RECOVER_ACCOUNT_AUTHORIZATION_SIGNATURE_REQUEST: "air_auth_recover_account_authorization_signature_request",
+  RECOVER_ACCOUNT_AUTHORIZATION_SIGNATURE_RESPONSE: "air_auth_recover_account_authorization_signature_response",
   REMOVE_SIGNER_SIGNATURE_REQUEST: "air_auth_remove_signer_signature_request",
   REMOVE_SIGNER_SIGNATURE_RESPONSE: "air_auth_remove_signer_signature_response",
   RESET_WALLET_REQUEST: "air_auth_reset_wallet_request",
@@ -614,11 +627,11 @@ const BUILD_ENV = {
 const IFRAME_NAME_PREFIX_SET = ["air-wallet", "air-credential", "air-auth", "air-recovery"]; // order defines the z-index from highest to lowest
 
 const FONT_CDNS = ["https://fonts.googleapis.com", "https://fonts.gstatic.com"];
-const SANDBOX_TESTNET_URLS = {
-  authUrl: "https://account.sandbox-testnet.air3.com/auth/",
-  walletUrl: "https://account.sandbox-testnet.air3.com/wallet/",
-  recoveryUrl: "https://account.sandbox-testnet.air3.com/recovery/",
-  credentialUrl: "https://account.sandbox-testnet.air3.com/credential/"
+const PRODUCTION_MAINNET_URLS = {
+  authUrl: "https://account-mainnet.air3.com/auth/",
+  walletUrl: "https://account-mainnet.air3.com/wallet/",
+  recoveryUrl: "https://account-mainnet.air3.com/recovery/",
+  credentialUrl: "https://account-mainnet.air3.com/credential/"
 };
 const AIR_URLS = {
   [BUILD_ENV.DEVELOPMENT]: {
@@ -640,10 +653,10 @@ const AIR_URLS = {
     credentialUrl: "https://account.uat.air3.com/credential/"
   },
   [BUILD_ENV.SANDBOX]: {
-    authUrl: "https://account.sandbox.air3.com/auth/",
-    walletUrl: "https://account.sandbox.air3.com/wallet/",
-    recoveryUrl: "https://account.sandbox.air3.com/recovery/",
-    credentialUrl: "https://account.sandbox.air3.com/credential/"
+    authUrl: "https://account.sandbox-testnet.air3.com/auth/",
+    walletUrl: "https://account.sandbox-testnet.air3.com/wallet/",
+    recoveryUrl: "https://account.sandbox-testnet.air3.com/recovery/",
+    credentialUrl: "https://account.sandbox-testnet.air3.com/credential/"
   },
   [BUILD_ENV.PRODUCTION]: {
     authUrl: "https://account.air3.com/auth/",
@@ -653,8 +666,8 @@ const AIR_URLS = {
   }
 };
 const getAirUrls = (buildEnv, credentialNetwork) => {
-  if (buildEnv === BUILD_ENV.SANDBOX && credentialNetwork === "testnet") {
-    return SANDBOX_TESTNET_URLS;
+  if (buildEnv === BUILD_ENV.PRODUCTION && credentialNetwork === "mainnet") {
+    return PRODUCTION_MAINNET_URLS;
   }
   return AIR_URLS[buildEnv];
 };
@@ -1533,6 +1546,41 @@ var AnonymousSubject = function (_super) {
   };
   return AnonymousSubject;
 }(Subject);
+var BehaviorSubject = function (_super) {
+  __extends(BehaviorSubject, _super);
+  function BehaviorSubject(_value) {
+    var _this = _super.call(this) || this;
+    _this._value = _value;
+    return _this;
+  }
+  Object.defineProperty(BehaviorSubject.prototype, "value", {
+    get: function () {
+      return this.getValue();
+    },
+    enumerable: false,
+    configurable: true
+  });
+  BehaviorSubject.prototype._subscribe = function (subscriber) {
+    var subscription = _super.prototype._subscribe.call(this, subscriber);
+    !subscription.closed && subscriber.next(this._value);
+    return subscription;
+  };
+  BehaviorSubject.prototype.getValue = function () {
+    var _a = this,
+      hasError = _a.hasError,
+      thrownError = _a.thrownError,
+      _value = _a._value;
+    if (hasError) {
+      throw thrownError;
+    }
+    this._throwIfClosed();
+    return _value;
+  };
+  BehaviorSubject.prototype.next = function (value) {
+    _super.prototype.next.call(this, this._value = value);
+  };
+  return BehaviorSubject;
+}(Subject);
 var EmptyError = createErrorClass(function (_super) {
   return function EmptyErrorImpl() {
     _super(this);
@@ -1609,6 +1657,8 @@ var PartnerAccessTokenErrorName;
 (function (PartnerAccessTokenErrorName) {
   PartnerAccessTokenErrorName["PARTNER_ACCESS_TOKEN_INVALID"] = "PARTNER_ACCESS_TOKEN_INVALID";
   PartnerAccessTokenErrorName["USER_MISMATCH"] = "USER_MISMATCH";
+  /** dApp-supplied partner JWT is past its `exp` — SDK consumers should mint a fresh one. */
+  PartnerAccessTokenErrorName["PARTNER_TOKEN_EXPIRED"] = "PARTNER_TOKEN_EXPIRED";
 })(PartnerAccessTokenErrorName || (PartnerAccessTokenErrorName = {}));
 /*** Realm ID Errors ***/
 var RealmIDErrorName;
@@ -1679,6 +1729,12 @@ var PrivyErrorName;
 (function (PrivyErrorName) {
   PrivyErrorName["WALLET_PROVIDER_ERROR"] = "WALLET_PROVIDER_ERROR";
 })(PrivyErrorName || (PrivyErrorName = {}));
+/*** Recovery Errors ***/
+var RecoveryErrorName;
+(function (RecoveryErrorName) {
+  RecoveryErrorName["RECOVERY_NOT_CONFIGURED"] = "RECOVERY_NOT_CONFIGURED";
+  RecoveryErrorName["RECOVERY_LOCK_EXCEEDED"] = "RECOVERY_LOCK_EXCEEDED";
+})(RecoveryErrorName || (RecoveryErrorName = {}));
 /*** Air ID Errors ***/
 var AirIDErrorName;
 (function (AirIDErrorName) {
@@ -1698,6 +1754,13 @@ var AirIDErrorName;
   AirIDErrorName["AIR_ID_INVALID_MINT_NAME"] = "AIR_ID_INVALID_MINT_NAME";
   AirIDErrorName["AIR_ID_MINT_TRANSACTION_HASH_MISMATCH"] = "AIR_ID_MINT_TRANSACTION_HASH_MISMATCH";
 })(AirIDErrorName || (AirIDErrorName = {}));
+/*** Agent Errors ***/
+var AgentErrorName;
+(function (AgentErrorName) {
+  AgentErrorName["CONFLICT_REQUEST"] = "CONFLICT_REQUEST";
+  AgentErrorName["INVALID_PARAMETER"] = "INVALID_PARAMETER";
+  AgentErrorName["WALLET_PROVIDER_ERROR"] = "WALLET_PROVIDER_ERROR";
+})(AgentErrorName || (AgentErrorName = {}));
 /*** Window Errors ***/
 var WindowErrorName;
 (function (WindowErrorName) {
@@ -1716,10 +1779,12 @@ const Codes = {
   ...WalletLinkErrorName,
   ...IntentErrorName,
   ...PrivyErrorName,
+  ...RecoveryErrorName,
   ...AirIDErrorName,
-  ...WindowErrorName
+  ...WindowErrorName,
+  ...AgentErrorName
 };
-const AirClientUserErrors = ["USER_CANCELLED", "CONFIG_ERROR", "CLIENT_ERROR", "UNKNOWN_ERROR", "PERMISSION_NOT_ENABLED", "SMART_ACCOUNT_NOT_DEPLOYED", "ACCOUNT_DELETION_PENDING", "SWAP_TO_ONRAMP", "USER_REJECTED"];
+const AirClientUserErrors = ["USER_CANCELLED", "CONFIG_ERROR", "CLIENT_ERROR", "UNKNOWN_ERROR", "PERMISSION_NOT_ENABLED", "SMART_ACCOUNT_NOT_DEPLOYED", "ACCOUNT_DELETION_PENDING", "SWAP_TO_ONRAMP", "USER_REJECTED", "START_PIN_RECOVERY"];
 class AirError extends BaseError$2 {}
 new Set(AirClientUserErrors);
 new Set(Object.values(Codes));
@@ -1732,12 +1797,18 @@ class MessageServiceBase {
     return this._messages$;
   }
   get isOpen() {
-    return !!this.closeListener;
+    return this._isOpen$.value;
+  }
+  async waitUntilOpen() {
+    if (this.isOpen) return;
+    await firstValueFrom(this._isOpen$.pipe(filter(Boolean)));
   }
   constructor(name, allowedMessageTypes) {
     this.name = name;
     this.allowedMessageTypes = allowedMessageTypes;
     this.closeListener = null;
+    this._isOpen$ = new BehaviorSubject(false);
+    this.isOpen$ = this._isOpen$.asObservable();
   }
   static _getName(name, targetName) {
     return `${name} Service: ${targetName} Channel`;
@@ -1780,6 +1851,7 @@ class MessageServiceBase {
         window.removeEventListener("message", handleMessage);
       };
     }
+    this._isOpen$.next(true);
   }
   isMessageAllowed(message) {
     return this.allowedMessageTypes.includes(message.type);
@@ -1796,6 +1868,7 @@ class MessageServiceBase {
     if (this.eventSubject && !this.eventSubject.closed) {
       this.eventSubject.complete();
     }
+    if (this._isOpen$.value) this._isOpen$.next(false);
   }
   createErrorResponseMessage(type, error) {
     return {
@@ -2140,7 +2213,7 @@ class AuthMessageService extends MessageServiceBase {
     const response = firstValueFrom(this.messages$.pipe(filter(msg => msg.type === AirAuthMessageTypes.START_RECOVERY_RESPONSE)));
     await this.sendMessage({
       type: AirAuthMessageTypes.START_RECOVERY_REQUEST,
-      payload
+      payload: payload ?? {}
     });
     return response;
   }
@@ -2232,11 +2305,14 @@ class IframeController {
   get iframeElement() {
     return this._iframeElement;
   }
+  get isVisible() {
+    return this.state.isVisible;
+  }
   createIframe() {
     if (this._iframeElement) return this._iframeElement;
     const iframe = document.createElement("iframe");
     iframe.id = this.iframeId;
-    iframe.allow = ["publickey-credentials-get *", "publickey-credentials-create *", "ch-ua-model", "ch-ua-platform-version", "clipboard-write", "web-share"].join("; ");
+    iframe.allow = ["publickey-credentials-get *", "publickey-credentials-create *", "ch-ua-model", "ch-ua-platform-version", "clipboard-read", "clipboard-write", "web-share"].join("; ");
     iframe.src = this.iframeUrl;
     iframe.style.position = "fixed";
     iframe.style.zIndex = `${this.getZIndex()}`;
@@ -2271,6 +2347,15 @@ class IframeController {
     style.bottom = "0px";
     Object.assign(this.iframeElement.style, style);
   }
+  focus() {
+    try {
+      this.iframeElement?.contentWindow?.focus();
+    } catch {
+      // Some browsers reject cross-origin focus() outside a user gesture.
+      // The first interaction inside the iframe will restore the correct
+      // keyboard routing, so swallowing this is safe.
+    }
+  }
   destroy() {
     if (this.iframeElement) {
       this.iframeElement.remove();
@@ -2729,7 +2814,7 @@ class WindowService {
   }
 }
 var WindowService$1 = WindowService.instance;
-var _AirService_instances, _AirService_loginResult, _AirService_buildEnv, _AirService_enableLogging, _AirService_partnerId, _AirService_sessionId, _AirService_sessionConfig, _AirService_authMessagingService, _AirService_authIframeController, _AirService_isAuthInitialized, _AirService_airEventListener, _AirService_walletMessagingService, _AirService_walletIframeController, _AirService_walletInitialization, _AirService_walletLoggedInResult, _AirService_airWalletProvider, _AirService_recoveryInitialization, _AirService_recoveryMessagingService, _AirService_recoveryIframeController, _AirService_credentialsInitialization, _AirService_credentialMessagingService, _AirService_credentialIframeController, _AirService_credentialNetwork, _AirService_assertInitialized, _AirService_assertLoggedIn, _AirService_ensureCredential, _AirService_initializeCredentials, _AirService_subscribeToCredentialEvents, _AirService_cleanUpCredential, _AirService_ensureWallet, _AirService_initializeWallet, _AirService_subscribeToWalletEvents, _AirService_triggerEventListeners, _AirService_triggerAirAuthInitialized, _AirService_triggerAirAuthLoggedIn, _AirService_triggerAirAuthLoggedOut, _AirService_triggerWalletInitialized, _AirService_createLoginResult, _AirService_createWalletInitializedResult, _AirService_cleanUpAuth, _AirService_cleanUpWallet, _AirService_ensureRecovery, _AirService_initializeRecovery, _AirService_subscribeToRecoveryEvents, _AirService_cleanUpRecovery;
+var _AirService_instances, _AirService_loginResult, _AirService_buildEnv, _AirService_enableLogging, _AirService_partnerId, _AirService_sessionId, _AirService_sessionConfig, _AirService_authMessagingService, _AirService_authIframeController, _AirService_isAuthInitialized, _AirService_airEventListener, _AirService_walletMessagingService, _AirService_walletIframeController, _AirService_walletInitialization, _AirService_walletLoggedInResult, _AirService_airWalletProvider, _AirService_recoveryInitialization, _AirService_recoveryMessagingService, _AirService_recoveryIframeController, _AirService_credentialsInitialization, _AirService_credentialMessagingService, _AirService_credentialIframeController, _AirService_credentialNetwork, _AirService_assertInitialized, _AirService_assertLoggedIn, _AirService_ensureCredential, _AirService_initializeCredentials, _AirService_subscribeToCredentialEvents, _AirService_cleanUpCredential, _AirService_ensureWallet, _AirService_initializeWallet, _AirService_subscribeToWalletEvents, _AirService_triggerEventListeners, _AirService_triggerAirAuthInitialized, _AirService_triggerAirAuthLoggedIn, _AirService_triggerAirAuthLoggedOut, _AirService_triggerWalletInitialized, _AirService_assignAndTriggerLoginResult, _AirService_createWalletInitializedResult, _AirService_cleanUpAuth, _AirService_cleanUpWallet, _AirService_ensureRecovery, _AirService_initializeRecovery, _AirService_subscribeToRecoveryEvents, _AirService_cleanUpRecovery, _AirService_refocusTopmostVisibleIframe;
 const airKitVersion = airkitPackage.version;
 class AirService {
   constructor({
@@ -2807,11 +2892,11 @@ class AirService {
       sessionConfig = undefined,
       preloadWallet = false,
       preloadCredential = false,
-      credentialNetwork = "devnet"
+      credentialNetwork
     } = config;
     if (!__classPrivateFieldGet$1(this, _AirService_partnerId, "f")) throw new AirServiceError("CLIENT_ERROR", "Partner ID is required to initialize the service");
     if (__classPrivateFieldGet$1(this, _AirService_isAuthInitialized, "f")) return __classPrivateFieldGet$1(this, _AirService_loginResult, "f") ?? null;
-    __classPrivateFieldSet(this, _AirService_credentialNetwork, buildEnv === BUILD_ENV.SANDBOX ? credentialNetwork : undefined);
+    __classPrivateFieldSet(this, _AirService_credentialNetwork, buildEnv === BUILD_ENV.PRODUCTION ? credentialNetwork : undefined);
     configureLogLevel(buildEnv, enableLogging);
     const {
       authUrl,
@@ -2842,6 +2927,7 @@ class AirService {
               const authIframeController = __classPrivateFieldGet$1(this, _AirService_authIframeController, "f");
               authIframeController.setIframeVisibility(msg.payload.visible);
               authIframeController.updateIframeState();
+              __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_refocusTopmostVisibleIframe).call(this);
               break;
             }
           case AirAuthMessageTypes.SETUP_WALLET_REQUEST:
@@ -2884,6 +2970,20 @@ class AirService {
               await this.logout();
               break;
             }
+          case AirAuthMessageTypes.LOGIN_RESPONSE:
+            {
+              if (msg.payload.success === true) {
+                __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_assignAndTriggerLoginResult).call(this, msg.payload);
+              }
+              break;
+            }
+          case AirAuthMessageTypes.LOGOUT_RESPONSE:
+            {
+              const wasLoggedIn = !!__classPrivateFieldGet$1(this, _AirService_loginResult, "f");
+              __classPrivateFieldSet(this, _AirService_loginResult, undefined, "f");
+              if (wasLoggedIn) __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_triggerAirAuthLoggedOut).call(this);
+              break;
+            }
         }
       });
       const result = await new Promise((resolve, reject) => {
@@ -2920,9 +3020,7 @@ class AirService {
       if (preloadCredential) void this.preloadCredential();
       // rehydrated auth session
       if (result.rehydrated) {
-        __classPrivateFieldSet(this, _AirService_loginResult, __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_createLoginResult).call(this, result), "f");
-        __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_triggerAirAuthLoggedIn).call(this);
-        return __classPrivateFieldGet$1(this, _AirService_loginResult, "f");
+        return __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_assignAndTriggerLoginResult).call(this, result);
       }
     } catch (error) {
       log$1.debug("Error initializing auth service", error);
@@ -2940,9 +3038,7 @@ class AirService {
       partnerLoginToken: options?.authToken
     });
     if (payload.success === true) {
-      __classPrivateFieldSet(this, _AirService_loginResult, __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_createLoginResult).call(this, payload));
-      __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_triggerAirAuthLoggedIn).call(this);
-      return __classPrivateFieldGet$1(this, _AirService_loginResult, "f");
+      return __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_assignAndTriggerLoginResult).call(this, payload);
     }
     throw new AirServiceError(payload.errorName, payload.errorMessage);
   }
@@ -3111,7 +3207,8 @@ class AirService {
         id: info.payload.user.id,
         abstractAccountAddress: info.payload.user.abstractAccountAddress,
         email: info.payload.user.email,
-        isMFASetup: info.payload.user.activeMfaMethods.length > 0
+        wallet: info.payload.user.wallet,
+        isMFASetup: (info.payload.user.activeMfaMethods?.length ?? 0) > 0
       }
     };
   }
@@ -3175,8 +3272,6 @@ class AirService {
     // Clear up credentials first to avoid issues with wallet and auth messaging services
     await __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_cleanUpCredential).call(this);
     await Promise.all([__classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_cleanUpWallet).call(this), __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_cleanUpRecovery).call(this), __classPrivateFieldGet$1(this, _AirService_authMessagingService, "f").logout()]);
-    __classPrivateFieldSet(this, _AirService_loginResult, undefined);
-    __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_triggerAirAuthLoggedOut).call(this);
   }
   async cleanUp() {
     await __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_cleanUpCredential).call(this);
@@ -3202,7 +3297,7 @@ class AirService {
     credentialId,
     credentialSubject,
     curve,
-    offchain
+    waitForOnchainCompletion
   }) {
     await __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_ensureCredential).call(this);
     const response = await __classPrivateFieldGet$1(this, _AirService_credentialMessagingService, "f").sendIssueCredentialRequest({
@@ -3211,7 +3306,7 @@ class AirService {
       credentialId,
       credentialSubject,
       curve,
-      offchain
+      waitForOnchainCompletion
     });
     const {
       payload
@@ -3335,6 +3430,7 @@ _AirService_loginResult = new WeakMap(), _AirService_buildEnv = new WeakMap(), _
         {
           __classPrivateFieldGet$1(this, _AirService_credentialIframeController, "f").setIframeVisibility(message.payload.visible);
           __classPrivateFieldGet$1(this, _AirService_credentialIframeController, "f").updateIframeState();
+          __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_refocusTopmostVisibleIframe).call(this);
           break;
         }
     }
@@ -3434,6 +3530,7 @@ _AirService_loginResult = new WeakMap(), _AirService_buildEnv = new WeakMap(), _
           const walletIframeController = __classPrivateFieldGet$1(this, _AirService_walletIframeController, "f");
           walletIframeController.setIframeVisibility(msg.payload.visible);
           walletIframeController.updateIframeState();
+          __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_refocusTopmostVisibleIframe).call(this);
           break;
         }
       case AirWalletMessageTypes.WALLET_LOGIN_RESPONSE:
@@ -3501,15 +3598,19 @@ _AirService_loginResult = new WeakMap(), _AirService_buildEnv = new WeakMap(), _
     event: "wallet_initialized",
     result
   });
-}, _AirService_createLoginResult = function _AirService_createLoginResult(payload) {
-  return {
-    isLoggedIn: true,
-    id: payload.id,
-    abstractAccountAddress: payload.abstractAccountAddress,
-    abstractAccountAddresses: payload.abstractAccountAddresses,
-    token: payload.partnerAccessToken,
-    isMFASetup: payload.activeMfaMethods.length > 0
-  };
+}, _AirService_assignAndTriggerLoginResult = function _AirService_assignAndTriggerLoginResult(payload) {
+  if (!__classPrivateFieldGet$1(this, _AirService_loginResult, "f")) {
+    __classPrivateFieldSet(this, _AirService_loginResult, {
+      isLoggedIn: true,
+      id: payload.id,
+      abstractAccountAddress: payload.abstractAccountAddress,
+      abstractAccountAddresses: payload.abstractAccountAddresses,
+      token: payload.partnerAccessToken,
+      isMFASetup: (payload.activeMfaMethods?.length ?? 0) > 0
+    });
+    __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_triggerAirAuthLoggedIn).call(this);
+  }
+  return __classPrivateFieldGet$1(this, _AirService_loginResult, "f");
 }, _AirService_createWalletInitializedResult = function _AirService_createWalletInitializedResult(payload) {
   if ("isWalletLoggedIn" in payload && !payload.isWalletLoggedIn) {
     return {
@@ -3519,7 +3620,7 @@ _AirService_loginResult = new WeakMap(), _AirService_buildEnv = new WeakMap(), _
   }
   return {
     abstractAccountAddress: payload.addresses.aa,
-    isMFASetup: payload.activeMfaMethods.length > 0
+    isMFASetup: (payload.activeMfaMethods?.length ?? 0) > 0
   };
 }, _AirService_cleanUpAuth = async function _AirService_cleanUpAuth() {
   // Logout auth session
@@ -3611,6 +3712,7 @@ _AirService_loginResult = new WeakMap(), _AirService_buildEnv = new WeakMap(), _
           const recoveryIframeController = __classPrivateFieldGet$1(this, _AirService_recoveryIframeController, "f");
           recoveryIframeController.setIframeVisibility(message.payload.visible);
           recoveryIframeController.updateIframeState();
+          __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_refocusTopmostVisibleIframe).call(this);
           break;
         }
     }
@@ -3627,6 +3729,14 @@ _AirService_loginResult = new WeakMap(), _AirService_buildEnv = new WeakMap(), _
   // Close the message service
   await __classPrivateFieldGet$1(this, _AirService_recoveryMessagingService, "f").close();
   __classPrivateFieldSet(this, _AirService_recoveryInitialization, undefined);
+}, _AirService_refocusTopmostVisibleIframe = function _AirService_refocusTopmostVisibleIframe() {
+  const candidates = [__classPrivateFieldGet$1(this, _AirService_walletIframeController, "f"), __classPrivateFieldGet$1(this, _AirService_credentialIframeController, "f"), __classPrivateFieldGet$1(this, _AirService_authIframeController, "f"), __classPrivateFieldGet$1(this, _AirService_recoveryIframeController, "f")];
+  for (const controller of candidates) {
+    if (controller?.isVisible) {
+      controller.focus();
+      return;
+    }
+  }
 };
 
 function isHex(value, {

package/dist/airkitConnector.umd.js

@@ -98,7 +98,7 @@
     var e = new Error(message);
     return e.name = "SuppressedError", e.error = error, e.suppressed = suppressed, e;
   };
-  var version$2 = "1.9.0-beta.3";
+  var version$2 = "1.10.0";
   var airkitPackage = {
     version: version$2
   };
@@ -138,10 +138,23 @@
     LOGOUT_RESPONSE: "air_auth_logout_response",
     START_RECOVERY_REQUEST: "air_start_recovery_request",
     START_RECOVERY_RESPONSE: "air_start_recovery_response",
+    // Dashboard intent posted by recovery-frontend's RecoveryEntryView when
+    // the user picks an action. Distinct from START_RECOVERY_REQUEST so that
+    // when auth-frontend forwards the actual START_RECOVERY_REQUEST onto the
+    // shared recovery channel, the local echo doesn't loop back into
+    // auth-frontend's own recovery-channel subscription.
+    START_RECOVERY_DASHBOARD_REQUEST: "air_start_recovery_dashboard_request",
     RECOVERY_REQUEST: "air_auth_recovery_request",
     RECOVERY_RESPONSE: "air_auth_recovery_response",
-    ISSUE_ON_BEHALF_NEW_USER_CONFIRMATION_REQUEST: "air_auth_issue_on_behalf_new_user_confirmation_request",
-    ISSUE_ON_BEHALF_NEW_USER_CONFIRMATION_RESPONSE: "air_auth_issue_on_behalf_new_user_confirmation_response",
+    // Mid-flow signing RPCs for the RECOVER_ACCOUNT flow. The recovery
+    // private key never leaves recovery-frontend; auth-frontend asks for
+    // a signature each time it needs one (after collecting the new email
+    // for the canonical reset payload, and after the backend returns the
+    // Privy authorization payload to wallet-PATCH).
+    RECOVER_ACCOUNT_RESET_SIGNATURE_REQUEST: "air_auth_recover_account_reset_signature_request",
+    RECOVER_ACCOUNT_RESET_SIGNATURE_RESPONSE: "air_auth_recover_account_reset_signature_response",
+    RECOVER_ACCOUNT_AUTHORIZATION_SIGNATURE_REQUEST: "air_auth_recover_account_authorization_signature_request",
+    RECOVER_ACCOUNT_AUTHORIZATION_SIGNATURE_RESPONSE: "air_auth_recover_account_authorization_signature_response",
     REMOVE_SIGNER_SIGNATURE_REQUEST: "air_auth_remove_signer_signature_request",
     REMOVE_SIGNER_SIGNATURE_RESPONSE: "air_auth_remove_signer_signature_response",
     RESET_WALLET_REQUEST: "air_auth_reset_wallet_request",
@@ -620,11 +633,11 @@
   const IFRAME_NAME_PREFIX_SET = ["air-wallet", "air-credential", "air-auth", "air-recovery"]; // order defines the z-index from highest to lowest
 
   const FONT_CDNS = ["https://fonts.googleapis.com", "https://fonts.gstatic.com"];
-  const SANDBOX_TESTNET_URLS = {
-    authUrl: "https://account.sandbox-testnet.air3.com/auth/",
-    walletUrl: "https://account.sandbox-testnet.air3.com/wallet/",
-    recoveryUrl: "https://account.sandbox-testnet.air3.com/recovery/",
-    credentialUrl: "https://account.sandbox-testnet.air3.com/credential/"
+  const PRODUCTION_MAINNET_URLS = {
+    authUrl: "https://account-mainnet.air3.com/auth/",
+    walletUrl: "https://account-mainnet.air3.com/wallet/",
+    recoveryUrl: "https://account-mainnet.air3.com/recovery/",
+    credentialUrl: "https://account-mainnet.air3.com/credential/"
   };
   const AIR_URLS = {
     [BUILD_ENV.DEVELOPMENT]: {
@@ -646,10 +659,10 @@
       credentialUrl: "https://account.uat.air3.com/credential/"
     },
     [BUILD_ENV.SANDBOX]: {
-      authUrl: "https://account.sandbox.air3.com/auth/",
-      walletUrl: "https://account.sandbox.air3.com/wallet/",
-      recoveryUrl: "https://account.sandbox.air3.com/recovery/",
-      credentialUrl: "https://account.sandbox.air3.com/credential/"
+      authUrl: "https://account.sandbox-testnet.air3.com/auth/",
+      walletUrl: "https://account.sandbox-testnet.air3.com/wallet/",
+      recoveryUrl: "https://account.sandbox-testnet.air3.com/recovery/",
+      credentialUrl: "https://account.sandbox-testnet.air3.com/credential/"
     },
     [BUILD_ENV.PRODUCTION]: {
       authUrl: "https://account.air3.com/auth/",
@@ -659,8 +672,8 @@
     }
   };
   const getAirUrls = (buildEnv, credentialNetwork) => {
-    if (buildEnv === BUILD_ENV.SANDBOX && credentialNetwork === "testnet") {
-      return SANDBOX_TESTNET_URLS;
+    if (buildEnv === BUILD_ENV.PRODUCTION && credentialNetwork === "mainnet") {
+      return PRODUCTION_MAINNET_URLS;
     }
     return AIR_URLS[buildEnv];
   };
@@ -1539,6 +1552,41 @@
     };
     return AnonymousSubject;
   }(Subject);
+  var BehaviorSubject = function (_super) {
+    __extends(BehaviorSubject, _super);
+    function BehaviorSubject(_value) {
+      var _this = _super.call(this) || this;
+      _this._value = _value;
+      return _this;
+    }
+    Object.defineProperty(BehaviorSubject.prototype, "value", {
+      get: function () {
+        return this.getValue();
+      },
+      enumerable: false,
+      configurable: true
+    });
+    BehaviorSubject.prototype._subscribe = function (subscriber) {
+      var subscription = _super.prototype._subscribe.call(this, subscriber);
+      !subscription.closed && subscriber.next(this._value);
+      return subscription;
+    };
+    BehaviorSubject.prototype.getValue = function () {
+      var _a = this,
+        hasError = _a.hasError,
+        thrownError = _a.thrownError,
+        _value = _a._value;
+      if (hasError) {
+        throw thrownError;
+      }
+      this._throwIfClosed();
+      return _value;
+    };
+    BehaviorSubject.prototype.next = function (value) {
+      _super.prototype.next.call(this, this._value = value);
+    };
+    return BehaviorSubject;
+  }(Subject);
   var EmptyError = createErrorClass(function (_super) {
     return function EmptyErrorImpl() {
       _super(this);
@@ -1615,6 +1663,8 @@
   (function (PartnerAccessTokenErrorName) {
     PartnerAccessTokenErrorName["PARTNER_ACCESS_TOKEN_INVALID"] = "PARTNER_ACCESS_TOKEN_INVALID";
     PartnerAccessTokenErrorName["USER_MISMATCH"] = "USER_MISMATCH";
+    /** dApp-supplied partner JWT is past its `exp` — SDK consumers should mint a fresh one. */
+    PartnerAccessTokenErrorName["PARTNER_TOKEN_EXPIRED"] = "PARTNER_TOKEN_EXPIRED";
   })(PartnerAccessTokenErrorName || (PartnerAccessTokenErrorName = {}));
   /*** Realm ID Errors ***/
   var RealmIDErrorName;
@@ -1685,6 +1735,12 @@
   (function (PrivyErrorName) {
     PrivyErrorName["WALLET_PROVIDER_ERROR"] = "WALLET_PROVIDER_ERROR";
   })(PrivyErrorName || (PrivyErrorName = {}));
+  /*** Recovery Errors ***/
+  var RecoveryErrorName;
+  (function (RecoveryErrorName) {
+    RecoveryErrorName["RECOVERY_NOT_CONFIGURED"] = "RECOVERY_NOT_CONFIGURED";
+    RecoveryErrorName["RECOVERY_LOCK_EXCEEDED"] = "RECOVERY_LOCK_EXCEEDED";
+  })(RecoveryErrorName || (RecoveryErrorName = {}));
   /*** Air ID Errors ***/
   var AirIDErrorName;
   (function (AirIDErrorName) {
@@ -1704,6 +1760,13 @@
     AirIDErrorName["AIR_ID_INVALID_MINT_NAME"] = "AIR_ID_INVALID_MINT_NAME";
     AirIDErrorName["AIR_ID_MINT_TRANSACTION_HASH_MISMATCH"] = "AIR_ID_MINT_TRANSACTION_HASH_MISMATCH";
   })(AirIDErrorName || (AirIDErrorName = {}));
+  /*** Agent Errors ***/
+  var AgentErrorName;
+  (function (AgentErrorName) {
+    AgentErrorName["CONFLICT_REQUEST"] = "CONFLICT_REQUEST";
+    AgentErrorName["INVALID_PARAMETER"] = "INVALID_PARAMETER";
+    AgentErrorName["WALLET_PROVIDER_ERROR"] = "WALLET_PROVIDER_ERROR";
+  })(AgentErrorName || (AgentErrorName = {}));
   /*** Window Errors ***/
   var WindowErrorName;
   (function (WindowErrorName) {
@@ -1722,10 +1785,12 @@
     ...WalletLinkErrorName,
     ...IntentErrorName,
     ...PrivyErrorName,
+    ...RecoveryErrorName,
     ...AirIDErrorName,
-    ...WindowErrorName
+    ...WindowErrorName,
+    ...AgentErrorName
   };
-  const AirClientUserErrors = ["USER_CANCELLED", "CONFIG_ERROR", "CLIENT_ERROR", "UNKNOWN_ERROR", "PERMISSION_NOT_ENABLED", "SMART_ACCOUNT_NOT_DEPLOYED", "ACCOUNT_DELETION_PENDING", "SWAP_TO_ONRAMP", "USER_REJECTED"];
+  const AirClientUserErrors = ["USER_CANCELLED", "CONFIG_ERROR", "CLIENT_ERROR", "UNKNOWN_ERROR", "PERMISSION_NOT_ENABLED", "SMART_ACCOUNT_NOT_DEPLOYED", "ACCOUNT_DELETION_PENDING", "SWAP_TO_ONRAMP", "USER_REJECTED", "START_PIN_RECOVERY"];
   class AirError extends BaseError$2 {}
   new Set(AirClientUserErrors);
   new Set(Object.values(Codes));
@@ -1738,12 +1803,18 @@
       return this._messages$;
     }
     get isOpen() {
-      return !!this.closeListener;
+      return this._isOpen$.value;
+    }
+    async waitUntilOpen() {
+      if (this.isOpen) return;
+      await firstValueFrom(this._isOpen$.pipe(filter(Boolean)));
     }
     constructor(name, allowedMessageTypes) {
       this.name = name;
       this.allowedMessageTypes = allowedMessageTypes;
       this.closeListener = null;
+      this._isOpen$ = new BehaviorSubject(false);
+      this.isOpen$ = this._isOpen$.asObservable();
     }
     static _getName(name, targetName) {
       return `${name} Service: ${targetName} Channel`;
@@ -1786,6 +1857,7 @@
           window.removeEventListener("message", handleMessage);
         };
       }
+      this._isOpen$.next(true);
     }
     isMessageAllowed(message) {
       return this.allowedMessageTypes.includes(message.type);
@@ -1802,6 +1874,7 @@
       if (this.eventSubject && !this.eventSubject.closed) {
         this.eventSubject.complete();
       }
+      if (this._isOpen$.value) this._isOpen$.next(false);
     }
     createErrorResponseMessage(type, error) {
       return {
@@ -2146,7 +2219,7 @@
       const response = firstValueFrom(this.messages$.pipe(filter(msg => msg.type === AirAuthMessageTypes.START_RECOVERY_RESPONSE)));
       await this.sendMessage({
         type: AirAuthMessageTypes.START_RECOVERY_REQUEST,
-        payload
+        payload: payload ?? {}
       });
       return response;
     }
@@ -2238,11 +2311,14 @@
     get iframeElement() {
       return this._iframeElement;
     }
+    get isVisible() {
+      return this.state.isVisible;
+    }
     createIframe() {
       if (this._iframeElement) return this._iframeElement;
       const iframe = document.createElement("iframe");
       iframe.id = this.iframeId;
-      iframe.allow = ["publickey-credentials-get *", "publickey-credentials-create *", "ch-ua-model", "ch-ua-platform-version", "clipboard-write", "web-share"].join("; ");
+      iframe.allow = ["publickey-credentials-get *", "publickey-credentials-create *", "ch-ua-model", "ch-ua-platform-version", "clipboard-read", "clipboard-write", "web-share"].join("; ");
       iframe.src = this.iframeUrl;
       iframe.style.position = "fixed";
       iframe.style.zIndex = `${this.getZIndex()}`;
@@ -2277,6 +2353,15 @@
       style.bottom = "0px";
       Object.assign(this.iframeElement.style, style);
     }
+    focus() {
+      try {
+        this.iframeElement?.contentWindow?.focus();
+      } catch {
+        // Some browsers reject cross-origin focus() outside a user gesture.
+        // The first interaction inside the iframe will restore the correct
+        // keyboard routing, so swallowing this is safe.
+      }
+    }
     destroy() {
       if (this.iframeElement) {
         this.iframeElement.remove();
@@ -2735,7 +2820,7 @@
     }
   }
   var WindowService$1 = WindowService.instance;
-  var _AirService_instances, _AirService_loginResult, _AirService_buildEnv, _AirService_enableLogging, _AirService_partnerId, _AirService_sessionId, _AirService_sessionConfig, _AirService_authMessagingService, _AirService_authIframeController, _AirService_isAuthInitialized, _AirService_airEventListener, _AirService_walletMessagingService, _AirService_walletIframeController, _AirService_walletInitialization, _AirService_walletLoggedInResult, _AirService_airWalletProvider, _AirService_recoveryInitialization, _AirService_recoveryMessagingService, _AirService_recoveryIframeController, _AirService_credentialsInitialization, _AirService_credentialMessagingService, _AirService_credentialIframeController, _AirService_credentialNetwork, _AirService_assertInitialized, _AirService_assertLoggedIn, _AirService_ensureCredential, _AirService_initializeCredentials, _AirService_subscribeToCredentialEvents, _AirService_cleanUpCredential, _AirService_ensureWallet, _AirService_initializeWallet, _AirService_subscribeToWalletEvents, _AirService_triggerEventListeners, _AirService_triggerAirAuthInitialized, _AirService_triggerAirAuthLoggedIn, _AirService_triggerAirAuthLoggedOut, _AirService_triggerWalletInitialized, _AirService_createLoginResult, _AirService_createWalletInitializedResult, _AirService_cleanUpAuth, _AirService_cleanUpWallet, _AirService_ensureRecovery, _AirService_initializeRecovery, _AirService_subscribeToRecoveryEvents, _AirService_cleanUpRecovery;
+  var _AirService_instances, _AirService_loginResult, _AirService_buildEnv, _AirService_enableLogging, _AirService_partnerId, _AirService_sessionId, _AirService_sessionConfig, _AirService_authMessagingService, _AirService_authIframeController, _AirService_isAuthInitialized, _AirService_airEventListener, _AirService_walletMessagingService, _AirService_walletIframeController, _AirService_walletInitialization, _AirService_walletLoggedInResult, _AirService_airWalletProvider, _AirService_recoveryInitialization, _AirService_recoveryMessagingService, _AirService_recoveryIframeController, _AirService_credentialsInitialization, _AirService_credentialMessagingService, _AirService_credentialIframeController, _AirService_credentialNetwork, _AirService_assertInitialized, _AirService_assertLoggedIn, _AirService_ensureCredential, _AirService_initializeCredentials, _AirService_subscribeToCredentialEvents, _AirService_cleanUpCredential, _AirService_ensureWallet, _AirService_initializeWallet, _AirService_subscribeToWalletEvents, _AirService_triggerEventListeners, _AirService_triggerAirAuthInitialized, _AirService_triggerAirAuthLoggedIn, _AirService_triggerAirAuthLoggedOut, _AirService_triggerWalletInitialized, _AirService_assignAndTriggerLoginResult, _AirService_createWalletInitializedResult, _AirService_cleanUpAuth, _AirService_cleanUpWallet, _AirService_ensureRecovery, _AirService_initializeRecovery, _AirService_subscribeToRecoveryEvents, _AirService_cleanUpRecovery, _AirService_refocusTopmostVisibleIframe;
   const airKitVersion = airkitPackage.version;
   class AirService {
     constructor({
@@ -2813,11 +2898,11 @@
         sessionConfig = undefined,
         preloadWallet = false,
         preloadCredential = false,
-        credentialNetwork = "devnet"
+        credentialNetwork
       } = config;
       if (!__classPrivateFieldGet$1(this, _AirService_partnerId, "f")) throw new AirServiceError("CLIENT_ERROR", "Partner ID is required to initialize the service");
       if (__classPrivateFieldGet$1(this, _AirService_isAuthInitialized, "f")) return __classPrivateFieldGet$1(this, _AirService_loginResult, "f") ?? null;
-      __classPrivateFieldSet(this, _AirService_credentialNetwork, buildEnv === BUILD_ENV.SANDBOX ? credentialNetwork : undefined);
+      __classPrivateFieldSet(this, _AirService_credentialNetwork, buildEnv === BUILD_ENV.PRODUCTION ? credentialNetwork : undefined);
       configureLogLevel(buildEnv, enableLogging);
       const {
         authUrl,
@@ -2848,6 +2933,7 @@
                 const authIframeController = __classPrivateFieldGet$1(this, _AirService_authIframeController, "f");
                 authIframeController.setIframeVisibility(msg.payload.visible);
                 authIframeController.updateIframeState();
+                __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_refocusTopmostVisibleIframe).call(this);
                 break;
               }
             case AirAuthMessageTypes.SETUP_WALLET_REQUEST:
@@ -2890,6 +2976,20 @@
                 await this.logout();
                 break;
               }
+            case AirAuthMessageTypes.LOGIN_RESPONSE:
+              {
+                if (msg.payload.success === true) {
+                  __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_assignAndTriggerLoginResult).call(this, msg.payload);
+                }
+                break;
+              }
+            case AirAuthMessageTypes.LOGOUT_RESPONSE:
+              {
+                const wasLoggedIn = !!__classPrivateFieldGet$1(this, _AirService_loginResult, "f");
+                __classPrivateFieldSet(this, _AirService_loginResult, undefined, "f");
+                if (wasLoggedIn) __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_triggerAirAuthLoggedOut).call(this);
+                break;
+              }
           }
         });
         const result = await new Promise((resolve, reject) => {
@@ -2926,9 +3026,7 @@
         if (preloadCredential) void this.preloadCredential();
         // rehydrated auth session
         if (result.rehydrated) {
-          __classPrivateFieldSet(this, _AirService_loginResult, __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_createLoginResult).call(this, result), "f");
-          __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_triggerAirAuthLoggedIn).call(this);
-          return __classPrivateFieldGet$1(this, _AirService_loginResult, "f");
+          return __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_assignAndTriggerLoginResult).call(this, result);
         }
       } catch (error) {
         log$1.debug("Error initializing auth service", error);
@@ -2946,9 +3044,7 @@
         partnerLoginToken: options?.authToken
       });
       if (payload.success === true) {
-        __classPrivateFieldSet(this, _AirService_loginResult, __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_createLoginResult).call(this, payload));
-        __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_triggerAirAuthLoggedIn).call(this);
-        return __classPrivateFieldGet$1(this, _AirService_loginResult, "f");
+        return __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_assignAndTriggerLoginResult).call(this, payload);
       }
       throw new AirServiceError(payload.errorName, payload.errorMessage);
     }
@@ -3117,7 +3213,8 @@
           id: info.payload.user.id,
           abstractAccountAddress: info.payload.user.abstractAccountAddress,
           email: info.payload.user.email,
-          isMFASetup: info.payload.user.activeMfaMethods.length > 0
+          wallet: info.payload.user.wallet,
+          isMFASetup: (info.payload.user.activeMfaMethods?.length ?? 0) > 0
         }
       };
     }
@@ -3181,8 +3278,6 @@
       // Clear up credentials first to avoid issues with wallet and auth messaging services
       await __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_cleanUpCredential).call(this);
       await Promise.all([__classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_cleanUpWallet).call(this), __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_cleanUpRecovery).call(this), __classPrivateFieldGet$1(this, _AirService_authMessagingService, "f").logout()]);
-      __classPrivateFieldSet(this, _AirService_loginResult, undefined);
-      __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_triggerAirAuthLoggedOut).call(this);
     }
     async cleanUp() {
       await __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_cleanUpCredential).call(this);
@@ -3208,7 +3303,7 @@
       credentialId,
       credentialSubject,
       curve,
-      offchain
+      waitForOnchainCompletion
     }) {
       await __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_ensureCredential).call(this);
       const response = await __classPrivateFieldGet$1(this, _AirService_credentialMessagingService, "f").sendIssueCredentialRequest({
@@ -3217,7 +3312,7 @@
         credentialId,
         credentialSubject,
         curve,
-        offchain
+        waitForOnchainCompletion
       });
       const {
         payload
@@ -3341,6 +3436,7 @@
           {
             __classPrivateFieldGet$1(this, _AirService_credentialIframeController, "f").setIframeVisibility(message.payload.visible);
             __classPrivateFieldGet$1(this, _AirService_credentialIframeController, "f").updateIframeState();
+            __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_refocusTopmostVisibleIframe).call(this);
             break;
           }
       }
@@ -3440,6 +3536,7 @@
             const walletIframeController = __classPrivateFieldGet$1(this, _AirService_walletIframeController, "f");
             walletIframeController.setIframeVisibility(msg.payload.visible);
             walletIframeController.updateIframeState();
+            __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_refocusTopmostVisibleIframe).call(this);
             break;
           }
         case AirWalletMessageTypes.WALLET_LOGIN_RESPONSE:
@@ -3507,15 +3604,19 @@
       event: "wallet_initialized",
       result
     });
-  }, _AirService_createLoginResult = function _AirService_createLoginResult(payload) {
-    return {
-      isLoggedIn: true,
-      id: payload.id,
-      abstractAccountAddress: payload.abstractAccountAddress,
-      abstractAccountAddresses: payload.abstractAccountAddresses,
-      token: payload.partnerAccessToken,
-      isMFASetup: payload.activeMfaMethods.length > 0
-    };
+  }, _AirService_assignAndTriggerLoginResult = function _AirService_assignAndTriggerLoginResult(payload) {
+    if (!__classPrivateFieldGet$1(this, _AirService_loginResult, "f")) {
+      __classPrivateFieldSet(this, _AirService_loginResult, {
+        isLoggedIn: true,
+        id: payload.id,
+        abstractAccountAddress: payload.abstractAccountAddress,
+        abstractAccountAddresses: payload.abstractAccountAddresses,
+        token: payload.partnerAccessToken,
+        isMFASetup: (payload.activeMfaMethods?.length ?? 0) > 0
+      });
+      __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_triggerAirAuthLoggedIn).call(this);
+    }
+    return __classPrivateFieldGet$1(this, _AirService_loginResult, "f");
   }, _AirService_createWalletInitializedResult = function _AirService_createWalletInitializedResult(payload) {
     if ("isWalletLoggedIn" in payload && !payload.isWalletLoggedIn) {
       return {
@@ -3525,7 +3626,7 @@
     }
     return {
       abstractAccountAddress: payload.addresses.aa,
-      isMFASetup: payload.activeMfaMethods.length > 0
+      isMFASetup: (payload.activeMfaMethods?.length ?? 0) > 0
     };
   }, _AirService_cleanUpAuth = async function _AirService_cleanUpAuth() {
     // Logout auth session
@@ -3617,6 +3718,7 @@
             const recoveryIframeController = __classPrivateFieldGet$1(this, _AirService_recoveryIframeController, "f");
             recoveryIframeController.setIframeVisibility(message.payload.visible);
             recoveryIframeController.updateIframeState();
+            __classPrivateFieldGet$1(this, _AirService_instances, "m", _AirService_refocusTopmostVisibleIframe).call(this);
             break;
           }
       }
@@ -3633,6 +3735,14 @@
     // Close the message service
     await __classPrivateFieldGet$1(this, _AirService_recoveryMessagingService, "f").close();
     __classPrivateFieldSet(this, _AirService_recoveryInitialization, undefined);
+  }, _AirService_refocusTopmostVisibleIframe = function _AirService_refocusTopmostVisibleIframe() {
+    const candidates = [__classPrivateFieldGet$1(this, _AirService_walletIframeController, "f"), __classPrivateFieldGet$1(this, _AirService_credentialIframeController, "f"), __classPrivateFieldGet$1(this, _AirService_authIframeController, "f"), __classPrivateFieldGet$1(this, _AirService_recoveryIframeController, "f")];
+    for (const controller of candidates) {
+      if (controller?.isVisible) {
+        controller.focus();
+        return;
+      }
+    }
   };
 
   function isHex(value, {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mocanetwork/airkit-connector",
-  "version": "1.9.0-beta.3",
+  "version": "1.10.0",
   "description": "AirKit wagmi connector to connect with the AirService",
   "main": "dist/airkitConnector.cjs.js",
   "unpkg": "dist/airkitConnector.umd.min.js",
@@ -24,7 +24,7 @@
     "check-circular": "madge -c --ts-config=tsconfig.json --extensions ts ./src"
   },
   "dependencies": {
-    "@mocanetwork/airkit": "^1.9.0-beta.3",
+    "@mocanetwork/airkit": "^1.10.0",
     "@wagmi/core": "^2.x",
     "loglevel": "^1.8.1",
     "viem": "^2.x"