@moon-x/core 0.7.0 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -177,8 +177,11 @@ var sendReactNativeReply = (response) => {
177
177
  } catch {
178
178
  }
179
179
  };
180
+ var QUEUE_TTL_MS = 2e4;
181
+ var MAX_PENDING_PER_KEY = 16;
180
182
  var PostMessageServer = class {
181
183
  constructor(originValidator) {
184
+ this.pending = /* @__PURE__ */ new Map();
182
185
  this.trustedSources = /* @__PURE__ */ new Set();
183
186
  this.handlers = /* @__PURE__ */ new Map();
184
187
  this.originValidator = originValidator;
@@ -193,6 +196,20 @@ var PostMessageServer = class {
193
196
  register(type, method, handler) {
194
197
  const key = `${type}:${method}`;
195
198
  this.handlers.set(key, handler);
199
+ const queued = this.pending.get(key);
200
+ if (queued?.length) {
201
+ this.pending.delete(key);
202
+ const now = Date.now();
203
+ for (const { request, reply, at } of queued) {
204
+ if (now - at < QUEUE_TTL_MS) {
205
+ void this.invokeHandler(
206
+ handler,
207
+ request,
208
+ reply
209
+ );
210
+ }
211
+ }
212
+ }
196
213
  }
197
214
  cleanup() {
198
215
  window.removeEventListener("message", this.handleMessage.bind(this));
@@ -257,29 +274,57 @@ var PostMessageServer = class {
257
274
  const key = `${request.type}:${request.method}`;
258
275
  const handler = this.handlers.get(key);
259
276
  if (handler) {
260
- try {
261
- const data = await handler(request.payload);
262
- reply({
263
- id: request.id,
264
- type: request.type,
265
- success: true,
266
- data
267
- });
268
- } catch (error) {
269
- const extras = {};
270
- if (error && typeof error === "object") {
271
- for (const key2 of FORWARDED_ERROR_FIELDS) {
272
- const value = error[key2];
273
- if (value !== void 0) extras[key2] = value;
274
- }
277
+ await this.invokeHandler(handler, request, reply);
278
+ } else {
279
+ this.bufferRequest(key, request, reply);
280
+ }
281
+ }
282
+ async invokeHandler(handler, request, reply) {
283
+ try {
284
+ const data = await handler(request.payload);
285
+ reply({
286
+ id: request.id,
287
+ type: request.type,
288
+ success: true,
289
+ data
290
+ });
291
+ } catch (error) {
292
+ const extras = {};
293
+ if (error && typeof error === "object") {
294
+ for (const key of FORWARDED_ERROR_FIELDS) {
295
+ const value = error[key];
296
+ if (value !== void 0) extras[key] = value;
275
297
  }
276
- reply({
277
- ...extras,
278
- id: request.id,
279
- type: request.type,
280
- success: false,
281
- error: error instanceof Error ? error.message : "Unknown error"
282
- });
298
+ }
299
+ reply({
300
+ ...extras,
301
+ id: request.id,
302
+ type: request.type,
303
+ success: false,
304
+ error: error instanceof Error ? error.message : "Unknown error"
305
+ });
306
+ }
307
+ }
308
+ bufferRequest(key, request, reply) {
309
+ this.evictExpiredPending();
310
+ let queue = this.pending.get(key);
311
+ if (!queue) {
312
+ queue = [];
313
+ this.pending.set(key, queue);
314
+ }
315
+ queue.push({ request, reply, at: Date.now() });
316
+ if (queue.length > MAX_PENDING_PER_KEY) {
317
+ queue.splice(0, queue.length - MAX_PENDING_PER_KEY);
318
+ }
319
+ }
320
+ evictExpiredPending() {
321
+ const now = Date.now();
322
+ for (const [key, queue] of this.pending) {
323
+ const fresh = queue.filter((e) => now - e.at < QUEUE_TTL_MS);
324
+ if (fresh.length) {
325
+ this.pending.set(key, fresh);
326
+ } else {
327
+ this.pending.delete(key);
283
328
  }
284
329
  }
285
330
  }
package/dist/index.d.mts CHANGED
@@ -1,3 +1,3 @@
1
- export { AccessTokenClaims, AppConfigRequest, AppConfigResponse, AttachOAuthTokenRequest, AttachOAuthTokenResponse, AuthAppearance, AuthFlow, AuthFlowComponent, AuthLoginMethod, AuthProviderConfig, BaseGetBalanceParams, BaseGetBalanceResult, BaseGetTokenAccountsParams, BaseSendTransactionParams, BaseSendTransactionResult, BaseSignMessageParams, BaseSignMessageResult, BaseSignTransactionParams, BaseSignTransactionResult, BaseTokenClaims, BaseUIOptions, BaseWalletHooks, BlockExplorer, Chain, ChainLikeWithId, ContractUIOptions, CreateWalletResponse, DefaultFundingMethod, DeleteSessionRequest, DeleteSessionResponse, DetachOAuthTokenRequest, DeviceFingerprint, DisplayMode, EmailOtpConfig, EmailOtpFlowState, EphemeralSigner, EphemeralSignerChain, EphemeralSignerScheme, EphemeralSignerWallet, EthereumChainConfig, EthereumFundingConfig, EthereumGetBalanceParams, EthereumGetBalanceResult, EthereumGetTokenAccountsByOwnerParams, EthereumGetTokenAccountsByOwnerResult, EthereumSendTransactionParams, EthereumSendTransactionRequest, EthereumSendTransactionResult, EthereumSign7702AuthorizationParams, EthereumSign7702AuthorizationResult, EthereumSignHashParams, EthereumSignHashResult, EthereumSignMessageParams, EthereumSignMessageResult, EthereumSignTransactionParams, EthereumSignTransactionResult, EthereumSignTypedDataParams, EthereumSignTypedDataResult, EthereumSwitchChainParams, ExportKeyConfig, Factor, FlexibleTheme, FundWalletConfig, FundingEvents, FundingMethod, FundingUIConfig, GetCurrentSessionRequest, GetCurrentSessionResponse, Hex, IdentityTokenClaims, IdpProvider, IsAuthenticatedRequest, IsAuthenticatedResponse, ListEphemeralSignersResult, LoginTokenBundle, LogoutRequest, LogoutResponse, MessageTypeProperty, MessageTypes, MoonKeyThemeConfig, MoonPaySignRequest, MoonPaySignResponse, MpcKeyShares, NativeCurrency, Network, OAuthRequest, OAuthResponse, OnrampFundingSettings, PasskeyEnrollConfig, PasskeySettings, PreferredCardProvider, PrefillConfig, PresenceTokenClaims, ProvisionEphemeralSignerParams, ProvisionEphemeralSignerResult, PublicEthereumWallet, PublicSessionData, PublicWallet, RefreshSessionRequest, RefreshSessionResponse, RetrieveWalletKeyRequest, RetrieveWalletKeyResponse, RevokeEphemeralSignerParams, RpcConfig, RpcUrls, SdkSettings, SendEmailOtpRequest, SendEmailOtpResponse, SendTransactionConfig, SendTransactionRequest, SessionData, SharesDeviceRequest, SharesDeviceResponse, Sign7702AuthorizationError, Sign7702AuthorizationParams, Sign7702AuthorizationResponse, Sign7702AuthorizationResult, SignMessageConfig, SignTransactionConfig, SignTypedDataError, SignTypedDataParams, SignTypedDataResponse, SignTypedDataResult, SmsSettings, SolanaChain, SolanaFundingConfig, SolanaGetBalanceParams, SolanaGetBalanceResult, SolanaGetTokenAccountsByOwnerParams, SolanaGetTokenAccountsByOwnerResult, SolanaSendTransactionParams, SolanaSendTransactionResult, SolanaSignMessageParams, SolanaSignMessageResult, SolanaSignTransactionParams, SolanaSignTransactionResult, TransactionCommitment, TransactionEncoding, TransactionUIOptions, TypedMessage, UseFundWalletInterface, UsersMePublicResponse, UsersMeRequest, UsersMeResponse, VerifiedSession, VerifyEmailOtpRequest, VerifyEmailOtpResponse, VerifyEmailOtpUser, VerifyOAuthTokenRequest, VerifyOAuthTokenResponse, VerifySiweWalletRegistrationRequest, WALLET_ERROR_CODES, Wallet, WalletChain, WalletChainType, WalletConnectConfig, WalletCreationError, WalletError, WalletErrorCode, WalletKeyRequest, WalletListEntry, WalletRegistrationNonceRequest, WalletRegistrationNonceResponse, WalletType, WalletVerifyRequest } from './types/index.mjs';
1
+ export { AccessTokenClaims, AppConfigRequest, AppConfigResponse, AttachOAuthTokenRequest, AttachOAuthTokenResponse, AuthAppearance, AuthFlow, AuthFlowComponent, AuthLoginMethod, AuthProviderConfig, BaseGetBalanceParams, BaseGetBalanceResult, BaseGetTokenAccountsParams, BaseSendTransactionParams, BaseSendTransactionResult, BaseSignMessageParams, BaseSignMessageResult, BaseSignTransactionParams, BaseSignTransactionResult, BaseTokenClaims, BaseUIOptions, BaseWalletHooks, BlockExplorer, Chain, ChainLikeWithId, ContractUIOptions, CreateWalletResponse, DefaultFundingMethod, DeleteSessionRequest, DeleteSessionResponse, DetachOAuthTokenRequest, DeviceFingerprint, DisplayMode, EmailOtpConfig, EmailOtpFlowState, EphemeralSigner, EphemeralSignerChain, EphemeralSignerScheme, EphemeralSignerWallet, EthereumChainConfig, EthereumFundingConfig, EthereumGetBalanceParams, EthereumGetBalanceResult, EthereumGetTokenAccountsByOwnerParams, EthereumGetTokenAccountsByOwnerResult, EthereumSendTransactionParams, EthereumSendTransactionRequest, EthereumSendTransactionResult, EthereumSign7702AuthorizationParams, EthereumSign7702AuthorizationResult, EthereumSignHashParams, EthereumSignHashResult, EthereumSignMessageParams, EthereumSignMessageResult, EthereumSignTransactionParams, EthereumSignTransactionResult, EthereumSignTypedDataParams, EthereumSignTypedDataResult, EthereumSwitchChainParams, ExportKeyConfig, Factor, FlexibleTheme, FundWalletConfig, FundingEvents, FundingMethod, FundingUIConfig, GetCurrentSessionRequest, GetCurrentSessionResponse, Hex, IdentityTokenClaims, IdpProvider, IsAuthenticatedRequest, IsAuthenticatedResponse, ListEphemeralSignersResult, LoginTokenBundle, LogoutRequest, LogoutResponse, MessageTypeProperty, MessageTypes, MoonKeyThemeConfig, MoonPaySignRequest, MoonPaySignResponse, MpcKeyShares, NativeCurrency, Network, OAuthRequest, OAuthResponse, OnrampFundingSettings, PasskeyEnrollConfig, PasskeySettings, PreferredCardProvider, PrefillConfig, PresenceTokenClaims, ProvisionEphemeralSignerParams, ProvisionEphemeralSignerResult, PublicEthereumWallet, PublicSessionData, PublicWallet, RefreshSessionRequest, RefreshSessionResponse, RetrieveWalletKeyRequest, RetrieveWalletKeyResponse, RevokeEphemeralSignerParams, RpcConfig, RpcUrls, SdkSettings, SendEmailOtpRequest, SendEmailOtpResponse, SendTransactionConfig, SendTransactionRequest, SessionData, SessionWallet, SharesDeviceRequest, SharesDeviceResponse, Sign7702AuthorizationError, Sign7702AuthorizationParams, Sign7702AuthorizationResponse, Sign7702AuthorizationResult, SignMessageConfig, SignTransactionConfig, SignTypedDataError, SignTypedDataParams, SignTypedDataResponse, SignTypedDataResult, SmsSettings, SolanaChain, SolanaFundingConfig, SolanaGetBalanceParams, SolanaGetBalanceResult, SolanaGetTokenAccountsByOwnerParams, SolanaGetTokenAccountsByOwnerResult, SolanaSendTransactionParams, SolanaSendTransactionResult, SolanaSignMessageParams, SolanaSignMessageResult, SolanaSignTransactionParams, SolanaSignTransactionResult, TransactionCommitment, TransactionEncoding, TransactionUIOptions, TypedMessage, UseFundWalletInterface, UsersMePublicResponse, UsersMeRequest, UsersMeResponse, VerifiedSession, VerifyEmailOtpRequest, VerifyEmailOtpResponse, VerifyEmailOtpUser, VerifyOAuthTokenRequest, VerifyOAuthTokenResponse, VerifySiweWalletRegistrationRequest, WALLET_ERROR_CODES, Wallet, WalletChain, WalletChainType, WalletConnectConfig, WalletCreationError, WalletError, WalletErrorCode, WalletKeyRequest, WalletListEntry, WalletRegistrationNonceRequest, WalletRegistrationNonceResponse, WalletType, WalletVerifyRequest } from './types/index.mjs';
2
2
  export { getIframeOrigin, getIframeUrl, getMoonKeyApiUrl } from './utils/index.mjs';
3
- export { F as FORWARDED_ERROR_FIELDS, P as PostMessageClient, a as PostMessageMethod, b as PostMessageServer, c as PostMessageType } from './post-message-Z6cLf0mS.mjs';
3
+ export { F as FORWARDED_ERROR_FIELDS, P as PostMessageClient, a as PostMessageMethod, b as PostMessageServer, c as PostMessageType } from './post-message-2NAnU0Lf.mjs';
package/dist/index.d.ts CHANGED
@@ -1,3 +1,3 @@
1
- export { AccessTokenClaims, AppConfigRequest, AppConfigResponse, AttachOAuthTokenRequest, AttachOAuthTokenResponse, AuthAppearance, AuthFlow, AuthFlowComponent, AuthLoginMethod, AuthProviderConfig, BaseGetBalanceParams, BaseGetBalanceResult, BaseGetTokenAccountsParams, BaseSendTransactionParams, BaseSendTransactionResult, BaseSignMessageParams, BaseSignMessageResult, BaseSignTransactionParams, BaseSignTransactionResult, BaseTokenClaims, BaseUIOptions, BaseWalletHooks, BlockExplorer, Chain, ChainLikeWithId, ContractUIOptions, CreateWalletResponse, DefaultFundingMethod, DeleteSessionRequest, DeleteSessionResponse, DetachOAuthTokenRequest, DeviceFingerprint, DisplayMode, EmailOtpConfig, EmailOtpFlowState, EphemeralSigner, EphemeralSignerChain, EphemeralSignerScheme, EphemeralSignerWallet, EthereumChainConfig, EthereumFundingConfig, EthereumGetBalanceParams, EthereumGetBalanceResult, EthereumGetTokenAccountsByOwnerParams, EthereumGetTokenAccountsByOwnerResult, EthereumSendTransactionParams, EthereumSendTransactionRequest, EthereumSendTransactionResult, EthereumSign7702AuthorizationParams, EthereumSign7702AuthorizationResult, EthereumSignHashParams, EthereumSignHashResult, EthereumSignMessageParams, EthereumSignMessageResult, EthereumSignTransactionParams, EthereumSignTransactionResult, EthereumSignTypedDataParams, EthereumSignTypedDataResult, EthereumSwitchChainParams, ExportKeyConfig, Factor, FlexibleTheme, FundWalletConfig, FundingEvents, FundingMethod, FundingUIConfig, GetCurrentSessionRequest, GetCurrentSessionResponse, Hex, IdentityTokenClaims, IdpProvider, IsAuthenticatedRequest, IsAuthenticatedResponse, ListEphemeralSignersResult, LoginTokenBundle, LogoutRequest, LogoutResponse, MessageTypeProperty, MessageTypes, MoonKeyThemeConfig, MoonPaySignRequest, MoonPaySignResponse, MpcKeyShares, NativeCurrency, Network, OAuthRequest, OAuthResponse, OnrampFundingSettings, PasskeyEnrollConfig, PasskeySettings, PreferredCardProvider, PrefillConfig, PresenceTokenClaims, ProvisionEphemeralSignerParams, ProvisionEphemeralSignerResult, PublicEthereumWallet, PublicSessionData, PublicWallet, RefreshSessionRequest, RefreshSessionResponse, RetrieveWalletKeyRequest, RetrieveWalletKeyResponse, RevokeEphemeralSignerParams, RpcConfig, RpcUrls, SdkSettings, SendEmailOtpRequest, SendEmailOtpResponse, SendTransactionConfig, SendTransactionRequest, SessionData, SharesDeviceRequest, SharesDeviceResponse, Sign7702AuthorizationError, Sign7702AuthorizationParams, Sign7702AuthorizationResponse, Sign7702AuthorizationResult, SignMessageConfig, SignTransactionConfig, SignTypedDataError, SignTypedDataParams, SignTypedDataResponse, SignTypedDataResult, SmsSettings, SolanaChain, SolanaFundingConfig, SolanaGetBalanceParams, SolanaGetBalanceResult, SolanaGetTokenAccountsByOwnerParams, SolanaGetTokenAccountsByOwnerResult, SolanaSendTransactionParams, SolanaSendTransactionResult, SolanaSignMessageParams, SolanaSignMessageResult, SolanaSignTransactionParams, SolanaSignTransactionResult, TransactionCommitment, TransactionEncoding, TransactionUIOptions, TypedMessage, UseFundWalletInterface, UsersMePublicResponse, UsersMeRequest, UsersMeResponse, VerifiedSession, VerifyEmailOtpRequest, VerifyEmailOtpResponse, VerifyEmailOtpUser, VerifyOAuthTokenRequest, VerifyOAuthTokenResponse, VerifySiweWalletRegistrationRequest, WALLET_ERROR_CODES, Wallet, WalletChain, WalletChainType, WalletConnectConfig, WalletCreationError, WalletError, WalletErrorCode, WalletKeyRequest, WalletListEntry, WalletRegistrationNonceRequest, WalletRegistrationNonceResponse, WalletType, WalletVerifyRequest } from './types/index.js';
1
+ export { AccessTokenClaims, AppConfigRequest, AppConfigResponse, AttachOAuthTokenRequest, AttachOAuthTokenResponse, AuthAppearance, AuthFlow, AuthFlowComponent, AuthLoginMethod, AuthProviderConfig, BaseGetBalanceParams, BaseGetBalanceResult, BaseGetTokenAccountsParams, BaseSendTransactionParams, BaseSendTransactionResult, BaseSignMessageParams, BaseSignMessageResult, BaseSignTransactionParams, BaseSignTransactionResult, BaseTokenClaims, BaseUIOptions, BaseWalletHooks, BlockExplorer, Chain, ChainLikeWithId, ContractUIOptions, CreateWalletResponse, DefaultFundingMethod, DeleteSessionRequest, DeleteSessionResponse, DetachOAuthTokenRequest, DeviceFingerprint, DisplayMode, EmailOtpConfig, EmailOtpFlowState, EphemeralSigner, EphemeralSignerChain, EphemeralSignerScheme, EphemeralSignerWallet, EthereumChainConfig, EthereumFundingConfig, EthereumGetBalanceParams, EthereumGetBalanceResult, EthereumGetTokenAccountsByOwnerParams, EthereumGetTokenAccountsByOwnerResult, EthereumSendTransactionParams, EthereumSendTransactionRequest, EthereumSendTransactionResult, EthereumSign7702AuthorizationParams, EthereumSign7702AuthorizationResult, EthereumSignHashParams, EthereumSignHashResult, EthereumSignMessageParams, EthereumSignMessageResult, EthereumSignTransactionParams, EthereumSignTransactionResult, EthereumSignTypedDataParams, EthereumSignTypedDataResult, EthereumSwitchChainParams, ExportKeyConfig, Factor, FlexibleTheme, FundWalletConfig, FundingEvents, FundingMethod, FundingUIConfig, GetCurrentSessionRequest, GetCurrentSessionResponse, Hex, IdentityTokenClaims, IdpProvider, IsAuthenticatedRequest, IsAuthenticatedResponse, ListEphemeralSignersResult, LoginTokenBundle, LogoutRequest, LogoutResponse, MessageTypeProperty, MessageTypes, MoonKeyThemeConfig, MoonPaySignRequest, MoonPaySignResponse, MpcKeyShares, NativeCurrency, Network, OAuthRequest, OAuthResponse, OnrampFundingSettings, PasskeyEnrollConfig, PasskeySettings, PreferredCardProvider, PrefillConfig, PresenceTokenClaims, ProvisionEphemeralSignerParams, ProvisionEphemeralSignerResult, PublicEthereumWallet, PublicSessionData, PublicWallet, RefreshSessionRequest, RefreshSessionResponse, RetrieveWalletKeyRequest, RetrieveWalletKeyResponse, RevokeEphemeralSignerParams, RpcConfig, RpcUrls, SdkSettings, SendEmailOtpRequest, SendEmailOtpResponse, SendTransactionConfig, SendTransactionRequest, SessionData, SessionWallet, SharesDeviceRequest, SharesDeviceResponse, Sign7702AuthorizationError, Sign7702AuthorizationParams, Sign7702AuthorizationResponse, Sign7702AuthorizationResult, SignMessageConfig, SignTransactionConfig, SignTypedDataError, SignTypedDataParams, SignTypedDataResponse, SignTypedDataResult, SmsSettings, SolanaChain, SolanaFundingConfig, SolanaGetBalanceParams, SolanaGetBalanceResult, SolanaGetTokenAccountsByOwnerParams, SolanaGetTokenAccountsByOwnerResult, SolanaSendTransactionParams, SolanaSendTransactionResult, SolanaSignMessageParams, SolanaSignMessageResult, SolanaSignTransactionParams, SolanaSignTransactionResult, TransactionCommitment, TransactionEncoding, TransactionUIOptions, TypedMessage, UseFundWalletInterface, UsersMePublicResponse, UsersMeRequest, UsersMeResponse, VerifiedSession, VerifyEmailOtpRequest, VerifyEmailOtpResponse, VerifyEmailOtpUser, VerifyOAuthTokenRequest, VerifyOAuthTokenResponse, VerifySiweWalletRegistrationRequest, WALLET_ERROR_CODES, Wallet, WalletChain, WalletChainType, WalletConnectConfig, WalletCreationError, WalletError, WalletErrorCode, WalletKeyRequest, WalletListEntry, WalletRegistrationNonceRequest, WalletRegistrationNonceResponse, WalletType, WalletVerifyRequest } from './types/index.js';
2
2
  export { getIframeOrigin, getIframeUrl, getMoonKeyApiUrl } from './utils/index.js';
3
- export { F as FORWARDED_ERROR_FIELDS, P as PostMessageClient, a as PostMessageMethod, b as PostMessageServer, c as PostMessageType } from './post-message-Z6cLf0mS.js';
3
+ export { F as FORWARDED_ERROR_FIELDS, P as PostMessageClient, a as PostMessageMethod, b as PostMessageServer, c as PostMessageType } from './post-message-2NAnU0Lf.js';
package/dist/index.js CHANGED
@@ -303,8 +303,11 @@ var sendReactNativeReply = (response) => {
303
303
  } catch {
304
304
  }
305
305
  };
306
+ var QUEUE_TTL_MS = 2e4;
307
+ var MAX_PENDING_PER_KEY = 16;
306
308
  var PostMessageServer = class {
307
309
  constructor(originValidator) {
310
+ this.pending = /* @__PURE__ */ new Map();
308
311
  this.trustedSources = /* @__PURE__ */ new Set();
309
312
  this.handlers = /* @__PURE__ */ new Map();
310
313
  this.originValidator = originValidator;
@@ -319,6 +322,20 @@ var PostMessageServer = class {
319
322
  register(type, method, handler) {
320
323
  const key = `${type}:${method}`;
321
324
  this.handlers.set(key, handler);
325
+ const queued = this.pending.get(key);
326
+ if (queued?.length) {
327
+ this.pending.delete(key);
328
+ const now = Date.now();
329
+ for (const { request, reply, at } of queued) {
330
+ if (now - at < QUEUE_TTL_MS) {
331
+ void this.invokeHandler(
332
+ handler,
333
+ request,
334
+ reply
335
+ );
336
+ }
337
+ }
338
+ }
322
339
  }
323
340
  cleanup() {
324
341
  window.removeEventListener("message", this.handleMessage.bind(this));
@@ -383,29 +400,57 @@ var PostMessageServer = class {
383
400
  const key = `${request.type}:${request.method}`;
384
401
  const handler = this.handlers.get(key);
385
402
  if (handler) {
386
- try {
387
- const data = await handler(request.payload);
388
- reply({
389
- id: request.id,
390
- type: request.type,
391
- success: true,
392
- data
393
- });
394
- } catch (error) {
395
- const extras = {};
396
- if (error && typeof error === "object") {
397
- for (const key2 of FORWARDED_ERROR_FIELDS) {
398
- const value = error[key2];
399
- if (value !== void 0) extras[key2] = value;
400
- }
403
+ await this.invokeHandler(handler, request, reply);
404
+ } else {
405
+ this.bufferRequest(key, request, reply);
406
+ }
407
+ }
408
+ async invokeHandler(handler, request, reply) {
409
+ try {
410
+ const data = await handler(request.payload);
411
+ reply({
412
+ id: request.id,
413
+ type: request.type,
414
+ success: true,
415
+ data
416
+ });
417
+ } catch (error) {
418
+ const extras = {};
419
+ if (error && typeof error === "object") {
420
+ for (const key of FORWARDED_ERROR_FIELDS) {
421
+ const value = error[key];
422
+ if (value !== void 0) extras[key] = value;
401
423
  }
402
- reply({
403
- ...extras,
404
- id: request.id,
405
- type: request.type,
406
- success: false,
407
- error: error instanceof Error ? error.message : "Unknown error"
408
- });
424
+ }
425
+ reply({
426
+ ...extras,
427
+ id: request.id,
428
+ type: request.type,
429
+ success: false,
430
+ error: error instanceof Error ? error.message : "Unknown error"
431
+ });
432
+ }
433
+ }
434
+ bufferRequest(key, request, reply) {
435
+ this.evictExpiredPending();
436
+ let queue = this.pending.get(key);
437
+ if (!queue) {
438
+ queue = [];
439
+ this.pending.set(key, queue);
440
+ }
441
+ queue.push({ request, reply, at: Date.now() });
442
+ if (queue.length > MAX_PENDING_PER_KEY) {
443
+ queue.splice(0, queue.length - MAX_PENDING_PER_KEY);
444
+ }
445
+ }
446
+ evictExpiredPending() {
447
+ const now = Date.now();
448
+ for (const [key, queue] of this.pending) {
449
+ const fresh = queue.filter((e) => now - e.at < QUEUE_TTL_MS);
450
+ if (fresh.length) {
451
+ this.pending.set(key, fresh);
452
+ } else {
453
+ this.pending.delete(key);
409
454
  }
410
455
  }
411
456
  }
package/dist/index.mjs CHANGED
@@ -14,7 +14,7 @@ import {
14
14
  PostMessageMethod,
15
15
  PostMessageServer,
16
16
  PostMessageType
17
- } from "./chunk-JU5MWLXH.mjs";
17
+ } from "./chunk-KRZVIDBQ.mjs";
18
18
  import {
19
19
  getMoonKeyApiUrl
20
20
  } from "./chunk-GQKIA37O.mjs";
@@ -1,4 +1,4 @@
1
- import { c as PostMessageType, a as PostMessageMethod } from './post-message-Z6cLf0mS.js';
1
+ import { c as PostMessageType, a as PostMessageMethod } from './post-message-2NAnU0Lf.js';
2
2
 
3
3
  /**
4
4
  * Transport — the bidirectional postMessage channel between the parent
@@ -1,4 +1,4 @@
1
- import { c as PostMessageType, a as PostMessageMethod } from './post-message-Z6cLf0mS.mjs';
1
+ import { c as PostMessageType, a as PostMessageMethod } from './post-message-2NAnU0Lf.mjs';
2
2
 
3
3
  /**
4
4
  * Transport — the bidirectional postMessage channel between the parent
@@ -60,6 +60,7 @@ declare class PostMessageClient {
60
60
  }
61
61
  declare class PostMessageServer {
62
62
  private handlers;
63
+ private pending;
63
64
  private originValidator?;
64
65
  private trustedSources;
65
66
  constructor(originValidator?: (origin: string, publishableKey?: string) => Promise<boolean>);
@@ -70,6 +71,9 @@ declare class PostMessageServer {
70
71
  private static isLocalhostOrigin;
71
72
  private isValidPostMessageRequest;
72
73
  private handleMessage;
74
+ private invokeHandler;
75
+ private bufferRequest;
76
+ private evictExpiredPending;
73
77
  }
74
78
 
75
79
  export { FORWARDED_ERROR_FIELDS as F, PostMessageClient as P, PostMessageMethod as a, PostMessageServer as b, PostMessageType as c };
@@ -60,6 +60,7 @@ declare class PostMessageClient {
60
60
  }
61
61
  declare class PostMessageServer {
62
62
  private handlers;
63
+ private pending;
63
64
  private originValidator?;
64
65
  private trustedSources;
65
66
  constructor(originValidator?: (origin: string, publishableKey?: string) => Promise<boolean>);
@@ -70,6 +71,9 @@ declare class PostMessageServer {
70
71
  private static isLocalhostOrigin;
71
72
  private isValidPostMessageRequest;
72
73
  private handleMessage;
74
+ private invokeHandler;
75
+ private bufferRequest;
76
+ private evictExpiredPending;
73
77
  }
74
78
 
75
79
  export { FORWARDED_ERROR_FIELDS as F, PostMessageClient as P, PostMessageMethod as a, PostMessageServer as b, PostMessageType as c };
@@ -1,8 +1,8 @@
1
- import { T as Transport, P as PasskeyAssertor, R as RelyingPartyOriginInput, K as KvStorage } from '../interfaces-BWxOajnD.mjs';
2
- export { O as OAuthOpener, a as PlatformImpls, W as WebAuthnAssertionResponse, b as WebAuthnRequestOptions, r as resolveRelyingPartyOrigin } from '../interfaces-BWxOajnD.mjs';
1
+ import { T as Transport, P as PasskeyAssertor, R as RelyingPartyOriginInput, K as KvStorage } from '../interfaces-CF5UrEBb.mjs';
2
+ export { O as OAuthOpener, a as PlatformImpls, W as WebAuthnAssertionResponse, b as WebAuthnRequestOptions, r as resolveRelyingPartyOrigin } from '../interfaces-CF5UrEBb.mjs';
3
3
  import { C as CachedAssertion } from '../passkey-cache-WnDFQ-v4.mjs';
4
4
  import { EthereumSignMessageParams, EthereumSignMessageResult, EthereumSignTransactionParams, EthereumSignTransactionResult, EthereumSignTypedDataParams, EthereumSignTypedDataResult, EthereumSignHashParams, EthereumSignHashResult, EthereumSign7702AuthorizationParams, EthereumSign7702AuthorizationResult, EthereumSendTransactionParams, EthereumSendTransactionResult, EthereumGetBalanceParams, EthereumGetBalanceResult, EthereumGetTokenAccountsByOwnerParams, EthereumGetTokenAccountsByOwnerResult, SolanaSignMessageParams, SolanaSignMessageResult, SolanaSignTransactionParams, SolanaSignTransactionResult, SolanaSendTransactionParams, SolanaSendTransactionResult, SolanaGetBalanceParams, SolanaGetBalanceResult, SolanaGetTokenAccountsByOwnerParams, SolanaGetTokenAccountsByOwnerResult, SendEmailOtpResponse, PublicWallet, ProvisionEphemeralSignerParams, ProvisionEphemeralSignerResult, ListEphemeralSignersResult, RevokeEphemeralSignerParams } from '../types/index.mjs';
5
- import '../post-message-Z6cLf0mS.mjs';
5
+ import '../post-message-2NAnU0Lf.mjs';
6
6
 
7
7
  type AssertPasskeyInParentResult = CachedAssertion;
8
8
  declare const assertPasskeyInParent: ({ transport, passkey, publishableKey, validateCredentialInAllowList, }: {
@@ -178,14 +178,19 @@ interface EphemeralSignerSignInput {
178
178
  rawSigningPayloadHex: string;
179
179
  /** Defaults to now. SES rejects timestamps further than ±5 min from its clock. */
180
180
  issuedAt?: Date;
181
- /** Wallets backend base URL (no trailing slash). */
182
- baseUrl: string;
183
181
  /**
184
- * MoonX publishable key (`moon_pk_…`). The wallets backend's
185
- * /ephemeral-signers/* router group is gated by RequirePublicToken — every
186
- * call needs an `Authorization: PublicToken <publishableKey>` header.
182
+ * Wallets backend base URL (no trailing slash). Optional defaults to
183
+ * {@link DEFAULT_API_BASE_URL}, the standard MoonX deployment. Override
184
+ * only for local/dev or a non-default environment.
187
185
  */
188
- publishableKey: string;
186
+ baseUrl?: string;
187
+ /**
188
+ * MoonX secret key (`moon_sk_*`). The wallets backend's server-side
189
+ * ephemeral-signer routes (/me/wallets, /sign) are secret-key-only
190
+ * (RequireSecretKey), so every call needs an `Authorization: Bearer
191
+ * <secretKey>` header. Server-only; never expose to the browser.
192
+ */
193
+ secretKey: string;
189
194
  /** Optional fetch override — e.g. for Next.js route handlers or test stubs. */
190
195
  fetchImpl?: typeof fetch;
191
196
  }
@@ -202,6 +207,12 @@ interface EphemeralSignerSignResult {
202
207
  signature?: string;
203
208
  };
204
209
  }
210
+ /**
211
+ * Default MoonX API base URL for the ephemeral-signer routes. Matches the
212
+ * node-sdk's default deployment. Callers override `baseUrl` only for local
213
+ * development or a non-standard environment.
214
+ */
215
+ declare const DEFAULT_API_BASE_URL = "https://api.moonx-dev.com";
205
216
  declare class EphemeralSignerSignError extends Error {
206
217
  readonly status?: number | undefined;
207
218
  readonly body?: string | undefined;
@@ -209,4 +220,4 @@ declare class EphemeralSignerSignError extends Error {
209
220
  }
210
221
  declare function signWithEphemeralSigner(input: EphemeralSignerSignInput): Promise<EphemeralSignerSignResult>;
211
222
 
212
- export { type AssertPasskeyInParentResult, EphemeralSignerSignError, type EphemeralSignerSignInput, type EphemeralSignerSignResult, type GetInternalPresenceTokensResult, type GetPresenceTokenResult, KvStorage, type LoginWithCodeParams, PasskeyAssertor, RelyingPartyOriginInput, type ScopedPresenceToken, type SendCodeParams, Transport, type VerifyOAuthParams, assertPasskeyInParent, flattenPresenceTokens, getHeadlessAuthenticationMethods, getHeadlessEthereumMethods, getHeadlessGeneralMethods, getHeadlessSolanaMethods, getInternalPresenceTokens, getPresenceToken, signWithEphemeralSigner };
223
+ export { type AssertPasskeyInParentResult, DEFAULT_API_BASE_URL, EphemeralSignerSignError, type EphemeralSignerSignInput, type EphemeralSignerSignResult, type GetInternalPresenceTokensResult, type GetPresenceTokenResult, KvStorage, type LoginWithCodeParams, PasskeyAssertor, RelyingPartyOriginInput, type ScopedPresenceToken, type SendCodeParams, Transport, type VerifyOAuthParams, assertPasskeyInParent, flattenPresenceTokens, getHeadlessAuthenticationMethods, getHeadlessEthereumMethods, getHeadlessGeneralMethods, getHeadlessSolanaMethods, getInternalPresenceTokens, getPresenceToken, signWithEphemeralSigner };
@@ -1,8 +1,8 @@
1
- import { T as Transport, P as PasskeyAssertor, R as RelyingPartyOriginInput, K as KvStorage } from '../interfaces-BZ5GMWS9.js';
2
- export { O as OAuthOpener, a as PlatformImpls, W as WebAuthnAssertionResponse, b as WebAuthnRequestOptions, r as resolveRelyingPartyOrigin } from '../interfaces-BZ5GMWS9.js';
1
+ import { T as Transport, P as PasskeyAssertor, R as RelyingPartyOriginInput, K as KvStorage } from '../interfaces-B5zxo2Jx.js';
2
+ export { O as OAuthOpener, a as PlatformImpls, W as WebAuthnAssertionResponse, b as WebAuthnRequestOptions, r as resolveRelyingPartyOrigin } from '../interfaces-B5zxo2Jx.js';
3
3
  import { C as CachedAssertion } from '../passkey-cache-WnDFQ-v4.js';
4
4
  import { EthereumSignMessageParams, EthereumSignMessageResult, EthereumSignTransactionParams, EthereumSignTransactionResult, EthereumSignTypedDataParams, EthereumSignTypedDataResult, EthereumSignHashParams, EthereumSignHashResult, EthereumSign7702AuthorizationParams, EthereumSign7702AuthorizationResult, EthereumSendTransactionParams, EthereumSendTransactionResult, EthereumGetBalanceParams, EthereumGetBalanceResult, EthereumGetTokenAccountsByOwnerParams, EthereumGetTokenAccountsByOwnerResult, SolanaSignMessageParams, SolanaSignMessageResult, SolanaSignTransactionParams, SolanaSignTransactionResult, SolanaSendTransactionParams, SolanaSendTransactionResult, SolanaGetBalanceParams, SolanaGetBalanceResult, SolanaGetTokenAccountsByOwnerParams, SolanaGetTokenAccountsByOwnerResult, SendEmailOtpResponse, PublicWallet, ProvisionEphemeralSignerParams, ProvisionEphemeralSignerResult, ListEphemeralSignersResult, RevokeEphemeralSignerParams } from '../types/index.js';
5
- import '../post-message-Z6cLf0mS.js';
5
+ import '../post-message-2NAnU0Lf.js';
6
6
 
7
7
  type AssertPasskeyInParentResult = CachedAssertion;
8
8
  declare const assertPasskeyInParent: ({ transport, passkey, publishableKey, validateCredentialInAllowList, }: {
@@ -178,14 +178,19 @@ interface EphemeralSignerSignInput {
178
178
  rawSigningPayloadHex: string;
179
179
  /** Defaults to now. SES rejects timestamps further than ±5 min from its clock. */
180
180
  issuedAt?: Date;
181
- /** Wallets backend base URL (no trailing slash). */
182
- baseUrl: string;
183
181
  /**
184
- * MoonX publishable key (`moon_pk_…`). The wallets backend's
185
- * /ephemeral-signers/* router group is gated by RequirePublicToken — every
186
- * call needs an `Authorization: PublicToken <publishableKey>` header.
182
+ * Wallets backend base URL (no trailing slash). Optional defaults to
183
+ * {@link DEFAULT_API_BASE_URL}, the standard MoonX deployment. Override
184
+ * only for local/dev or a non-default environment.
187
185
  */
188
- publishableKey: string;
186
+ baseUrl?: string;
187
+ /**
188
+ * MoonX secret key (`moon_sk_*`). The wallets backend's server-side
189
+ * ephemeral-signer routes (/me/wallets, /sign) are secret-key-only
190
+ * (RequireSecretKey), so every call needs an `Authorization: Bearer
191
+ * <secretKey>` header. Server-only; never expose to the browser.
192
+ */
193
+ secretKey: string;
189
194
  /** Optional fetch override — e.g. for Next.js route handlers or test stubs. */
190
195
  fetchImpl?: typeof fetch;
191
196
  }
@@ -202,6 +207,12 @@ interface EphemeralSignerSignResult {
202
207
  signature?: string;
203
208
  };
204
209
  }
210
+ /**
211
+ * Default MoonX API base URL for the ephemeral-signer routes. Matches the
212
+ * node-sdk's default deployment. Callers override `baseUrl` only for local
213
+ * development or a non-standard environment.
214
+ */
215
+ declare const DEFAULT_API_BASE_URL = "https://api.moonx-dev.com";
205
216
  declare class EphemeralSignerSignError extends Error {
206
217
  readonly status?: number | undefined;
207
218
  readonly body?: string | undefined;
@@ -209,4 +220,4 @@ declare class EphemeralSignerSignError extends Error {
209
220
  }
210
221
  declare function signWithEphemeralSigner(input: EphemeralSignerSignInput): Promise<EphemeralSignerSignResult>;
211
222
 
212
- export { type AssertPasskeyInParentResult, EphemeralSignerSignError, type EphemeralSignerSignInput, type EphemeralSignerSignResult, type GetInternalPresenceTokensResult, type GetPresenceTokenResult, KvStorage, type LoginWithCodeParams, PasskeyAssertor, RelyingPartyOriginInput, type ScopedPresenceToken, type SendCodeParams, Transport, type VerifyOAuthParams, assertPasskeyInParent, flattenPresenceTokens, getHeadlessAuthenticationMethods, getHeadlessEthereumMethods, getHeadlessGeneralMethods, getHeadlessSolanaMethods, getInternalPresenceTokens, getPresenceToken, signWithEphemeralSigner };
223
+ export { type AssertPasskeyInParentResult, DEFAULT_API_BASE_URL, EphemeralSignerSignError, type EphemeralSignerSignInput, type EphemeralSignerSignResult, type GetInternalPresenceTokensResult, type GetPresenceTokenResult, KvStorage, type LoginWithCodeParams, PasskeyAssertor, RelyingPartyOriginInput, type ScopedPresenceToken, type SendCodeParams, Transport, type VerifyOAuthParams, assertPasskeyInParent, flattenPresenceTokens, getHeadlessAuthenticationMethods, getHeadlessEthereumMethods, getHeadlessGeneralMethods, getHeadlessSolanaMethods, getInternalPresenceTokens, getPresenceToken, signWithEphemeralSigner };
package/dist/sdk/index.js CHANGED
@@ -30,6 +30,7 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
30
30
  // src/sdk/index.ts
31
31
  var sdk_exports = {};
32
32
  __export(sdk_exports, {
33
+ DEFAULT_API_BASE_URL: () => DEFAULT_API_BASE_URL,
33
34
  EphemeralSignerSignError: () => EphemeralSignerSignError,
34
35
  assertPasskeyInParent: () => assertPasskeyInParent,
35
36
  flattenPresenceTokens: () => flattenPresenceTokens,
@@ -1123,6 +1124,7 @@ var getHeadlessGeneralMethods = ({
1123
1124
  // src/sdk/ephemeral-signer-sign.ts
1124
1125
  var import_ed25519 = require("@noble/curves/ed25519");
1125
1126
  var import_utils = require("@noble/hashes/utils");
1127
+ var DEFAULT_API_BASE_URL = "https://api.moonx-dev.com";
1126
1128
  function normalizeBase(url) {
1127
1129
  return url.replace(/\/+$/, "");
1128
1130
  }
@@ -1147,7 +1149,7 @@ async function resolveBinding(input) {
1147
1149
  );
1148
1150
  const apiPrivBytes = (0, import_utils.hexToBytes)(input.apiPrivHex);
1149
1151
  const agentSig = import_ed25519.ed25519.sign(signedBodyBytes, apiPrivBytes);
1150
- const url = `${normalizeBase(input.baseUrl)}/v0/wallets/ephemeral-signers/me/wallets`;
1152
+ const url = `${normalizeBase(input.baseUrl || DEFAULT_API_BASE_URL)}/v0/wallets/ephemeral-signers/me/wallets`;
1151
1153
  const fetchFn = input.fetchImpl ?? fetch;
1152
1154
  let response;
1153
1155
  try {
@@ -1155,7 +1157,7 @@ async function resolveBinding(input) {
1155
1157
  method: "POST",
1156
1158
  headers: {
1157
1159
  "Content-Type": "application/json",
1158
- Authorization: `PublicToken ${input.publishableKey}`
1160
+ Authorization: `Bearer ${input.secretKey}`
1159
1161
  },
1160
1162
  body: JSON.stringify({
1161
1163
  api_pub: input.apiPubHex,
@@ -1210,9 +1212,14 @@ async function signWithEphemeralSigner(input) {
1210
1212
  "rawSigningPayloadHex must be a non-empty lowercase hex string"
1211
1213
  );
1212
1214
  }
1213
- if (!input.publishableKey) {
1215
+ if (!input.secretKey) {
1214
1216
  throw new EphemeralSignerSignError(
1215
- "publishableKey is required \u2014 wallets backend gates /ephemeral-signers/* with RequirePublicToken"
1217
+ "secretKey is required: the wallets server-side ephemeral-signer routes (/me/wallets, /sign) are secret-key-only"
1218
+ );
1219
+ }
1220
+ if (!input.secretKey.startsWith("moon_sk_")) {
1221
+ throw new EphemeralSignerSignError(
1222
+ "secretKey must start with 'moon_sk_' (did you pass a publishable key?)"
1216
1223
  );
1217
1224
  }
1218
1225
  const binding = await resolveBinding(input);
@@ -1233,7 +1240,7 @@ async function signWithEphemeralSigner(input) {
1233
1240
  signed_body: (0, import_utils.bytesToHex)(signedBodyBytes),
1234
1241
  agent_signature: (0, import_utils.bytesToHex)(agentSig)
1235
1242
  };
1236
- const url = `${normalizeBase(input.baseUrl)}/v0/wallets/ephemeral-signers/sign`;
1243
+ const url = `${normalizeBase(input.baseUrl || DEFAULT_API_BASE_URL)}/v0/wallets/ephemeral-signers/sign`;
1237
1244
  const fetchFn = input.fetchImpl ?? fetch;
1238
1245
  let response;
1239
1246
  try {
@@ -1241,7 +1248,7 @@ async function signWithEphemeralSigner(input) {
1241
1248
  method: "POST",
1242
1249
  headers: {
1243
1250
  "Content-Type": "application/json",
1244
- Authorization: `PublicToken ${input.publishableKey}`
1251
+ Authorization: `Bearer ${input.secretKey}`
1245
1252
  },
1246
1253
  body: JSON.stringify(requestBody)
1247
1254
  });
@@ -1262,6 +1269,7 @@ async function signWithEphemeralSigner(input) {
1262
1269
  }
1263
1270
  // Annotate the CommonJS export names for ESM import in node:
1264
1271
  0 && (module.exports = {
1272
+ DEFAULT_API_BASE_URL,
1265
1273
  EphemeralSignerSignError,
1266
1274
  assertPasskeyInParent,
1267
1275
  flattenPresenceTokens,
@@ -1,7 +1,7 @@
1
1
  import {
2
2
  PostMessageMethod,
3
3
  PostMessageType
4
- } from "../chunk-JU5MWLXH.mjs";
4
+ } from "../chunk-KRZVIDBQ.mjs";
5
5
  import {
6
6
  arrayLikeToBytes,
7
7
  authState,
@@ -833,6 +833,7 @@ var getHeadlessGeneralMethods = ({
833
833
  // src/sdk/ephemeral-signer-sign.ts
834
834
  import { ed25519 } from "@noble/curves/ed25519";
835
835
  import { bytesToHex, hexToBytes } from "@noble/hashes/utils";
836
+ var DEFAULT_API_BASE_URL = "https://api.moonx-dev.com";
836
837
  function normalizeBase(url) {
837
838
  return url.replace(/\/+$/, "");
838
839
  }
@@ -857,7 +858,7 @@ async function resolveBinding(input) {
857
858
  );
858
859
  const apiPrivBytes = hexToBytes(input.apiPrivHex);
859
860
  const agentSig = ed25519.sign(signedBodyBytes, apiPrivBytes);
860
- const url = `${normalizeBase(input.baseUrl)}/v0/wallets/ephemeral-signers/me/wallets`;
861
+ const url = `${normalizeBase(input.baseUrl || DEFAULT_API_BASE_URL)}/v0/wallets/ephemeral-signers/me/wallets`;
861
862
  const fetchFn = input.fetchImpl ?? fetch;
862
863
  let response;
863
864
  try {
@@ -865,7 +866,7 @@ async function resolveBinding(input) {
865
866
  method: "POST",
866
867
  headers: {
867
868
  "Content-Type": "application/json",
868
- Authorization: `PublicToken ${input.publishableKey}`
869
+ Authorization: `Bearer ${input.secretKey}`
869
870
  },
870
871
  body: JSON.stringify({
871
872
  api_pub: input.apiPubHex,
@@ -920,9 +921,14 @@ async function signWithEphemeralSigner(input) {
920
921
  "rawSigningPayloadHex must be a non-empty lowercase hex string"
921
922
  );
922
923
  }
923
- if (!input.publishableKey) {
924
+ if (!input.secretKey) {
924
925
  throw new EphemeralSignerSignError(
925
- "publishableKey is required \u2014 wallets backend gates /ephemeral-signers/* with RequirePublicToken"
926
+ "secretKey is required: the wallets server-side ephemeral-signer routes (/me/wallets, /sign) are secret-key-only"
927
+ );
928
+ }
929
+ if (!input.secretKey.startsWith("moon_sk_")) {
930
+ throw new EphemeralSignerSignError(
931
+ "secretKey must start with 'moon_sk_' (did you pass a publishable key?)"
926
932
  );
927
933
  }
928
934
  const binding = await resolveBinding(input);
@@ -943,7 +949,7 @@ async function signWithEphemeralSigner(input) {
943
949
  signed_body: bytesToHex(signedBodyBytes),
944
950
  agent_signature: bytesToHex(agentSig)
945
951
  };
946
- const url = `${normalizeBase(input.baseUrl)}/v0/wallets/ephemeral-signers/sign`;
952
+ const url = `${normalizeBase(input.baseUrl || DEFAULT_API_BASE_URL)}/v0/wallets/ephemeral-signers/sign`;
947
953
  const fetchFn = input.fetchImpl ?? fetch;
948
954
  let response;
949
955
  try {
@@ -951,7 +957,7 @@ async function signWithEphemeralSigner(input) {
951
957
  method: "POST",
952
958
  headers: {
953
959
  "Content-Type": "application/json",
954
- Authorization: `PublicToken ${input.publishableKey}`
960
+ Authorization: `Bearer ${input.secretKey}`
955
961
  },
956
962
  body: JSON.stringify(requestBody)
957
963
  });
@@ -971,6 +977,7 @@ async function signWithEphemeralSigner(input) {
971
977
  return await response.json();
972
978
  }
973
979
  export {
980
+ DEFAULT_API_BASE_URL,
974
981
  EphemeralSignerSignError,
975
982
  assertPasskeyInParent,
976
983
  flattenPresenceTokens,
@@ -49,7 +49,6 @@ interface PublicWallet {
49
49
  id: string;
50
50
  app_id: string;
51
51
  user_id: string;
52
- key_id: string;
53
52
  key_share: string;
54
53
  public_address: string;
55
54
  wallet_type: WalletChain;
@@ -57,6 +56,9 @@ interface PublicWallet {
57
56
  derivation_path?: string;
58
57
  created_at: string;
59
58
  }
59
+ interface SessionWallet extends PublicWallet {
60
+ key_id: string;
61
+ }
60
62
  interface PublicEthereumWallet extends PublicWallet {
61
63
  chainId?: number;
62
64
  switchChain?: (targetChainId: number) => Promise<void>;
@@ -1148,7 +1150,7 @@ interface UsersMeResponse {
1148
1150
  status?: string;
1149
1151
  created_at?: string;
1150
1152
  emails: Email[];
1151
- wallets: PublicWallet[];
1153
+ wallets: SessionWallet[];
1152
1154
  }
1153
1155
  interface UsersMePublicResponse {
1154
1156
  user_id: string;
@@ -1326,4 +1328,4 @@ interface WalletVerifyRequest {
1326
1328
  sessionExpiresIn: number;
1327
1329
  }
1328
1330
 
1329
- export { type AccessTokenClaims, type AppConfigRequest, type AppConfigResponse, type AttachOAuthTokenRequest, type AttachOAuthTokenResponse, type AuthAppearance, type AuthFlow, type AuthFlowComponent, type AuthLoginMethod, type AuthProviderConfig, type BaseGetBalanceParams, type BaseGetBalanceResult, type BaseGetTokenAccountsParams, type BaseSendTransactionParams, type BaseSendTransactionResult, type BaseSignMessageParams, type BaseSignMessageResult, type BaseSignTransactionParams, type BaseSignTransactionResult, type BaseTokenClaims, type BaseUIOptions, type BaseWalletHooks, type BlockExplorer, type Chain, type ChainLikeWithId, type ContractUIOptions, type CreateWalletResponse, type DefaultFundingMethod, type DeleteSessionRequest, type DeleteSessionResponse, type DetachOAuthTokenRequest, type DeviceFingerprint, type DisplayMode, type EmailOtpConfig, type EmailOtpFlowState, type EphemeralSigner, type EphemeralSignerChain, type EphemeralSignerScheme, type EphemeralSignerWallet, type EthereumChainConfig, type EthereumFundingConfig, type EthereumGetBalanceParams, type EthereumGetBalanceResult, type EthereumGetTokenAccountsByOwnerParams, type EthereumGetTokenAccountsByOwnerResult, type EthereumSendTransactionParams, type EthereumSendTransactionRequest, type EthereumSendTransactionResult, type EthereumSign7702AuthorizationParams, type EthereumSign7702AuthorizationResult, type EthereumSignHashParams, type EthereumSignHashResult, type EthereumSignMessageParams, type EthereumSignMessageResult, type EthereumSignTransactionParams, type EthereumSignTransactionResult, type EthereumSignTypedDataParams, type EthereumSignTypedDataResult, type EthereumSwitchChainParams, type ExportKeyConfig, type Factor, type FlexibleTheme, type FundWalletConfig, type FundingEvents, type FundingMethod, type FundingUIConfig, type GetCurrentSessionRequest, type GetCurrentSessionResponse, type Hex, type IdentityTokenClaims, type IdpProvider, type IsAuthenticatedRequest, type IsAuthenticatedResponse, type ListEphemeralSignersResult, type LoginTokenBundle, type LogoutRequest, type LogoutResponse, type MessageTypeProperty, type MessageTypes, type MoonKeyThemeConfig, type MoonPaySignRequest, type MoonPaySignResponse, type MpcKeyShares, type NativeCurrency, Network, type OAuthRequest, type OAuthResponse, type OnrampFundingSettings, type PasskeyEnrollConfig, type PasskeySettings, type PreferredCardProvider, type PrefillConfig, type PresenceTokenClaims, type ProvisionEphemeralSignerParams, type ProvisionEphemeralSignerResult, type PublicEthereumWallet, type PublicSessionData, type PublicWallet, type RefreshSessionRequest, type RefreshSessionResponse, type RetrieveWalletKeyRequest, type RetrieveWalletKeyResponse, type RevokeEphemeralSignerParams, type RpcConfig, type RpcUrls, type SdkSettings, type SendEmailOtpRequest, type SendEmailOtpResponse, type SendTransactionConfig, type SendTransactionRequest, type SessionData, type SharesDeviceRequest, type SharesDeviceResponse, type Sign7702AuthorizationError, type Sign7702AuthorizationParams, type Sign7702AuthorizationResponse, type Sign7702AuthorizationResult, type SignMessageConfig, type SignTransactionConfig, type SignTypedDataError, type SignTypedDataParams, type SignTypedDataResponse, type SignTypedDataResult, type SmsSettings, type SolanaChain, type SolanaFundingConfig, type SolanaGetBalanceParams, type SolanaGetBalanceResult, type SolanaGetTokenAccountsByOwnerParams, type SolanaGetTokenAccountsByOwnerResult, type SolanaSendTransactionParams, type SolanaSendTransactionResult, type SolanaSignMessageParams, type SolanaSignMessageResult, type SolanaSignTransactionParams, type SolanaSignTransactionResult, type TransactionCommitment, type TransactionEncoding, type TransactionUIOptions, type TypedMessage, type UseFundWalletInterface, type UsersMePublicResponse, type UsersMeRequest, type UsersMeResponse, type VerifiedSession, type VerifyEmailOtpRequest, type VerifyEmailOtpResponse, type VerifyEmailOtpUser, type VerifyOAuthTokenRequest, type VerifyOAuthTokenResponse, type VerifySiweWalletRegistrationRequest, WALLET_ERROR_CODES, type Wallet, type WalletChain, type WalletChainType, type WalletConnectConfig, WalletCreationError, type WalletError, type WalletErrorCode, type WalletKeyRequest, type WalletListEntry, type WalletRegistrationNonceRequest, type WalletRegistrationNonceResponse, type WalletType, type WalletVerifyRequest };
1331
+ export { type AccessTokenClaims, type AppConfigRequest, type AppConfigResponse, type AttachOAuthTokenRequest, type AttachOAuthTokenResponse, type AuthAppearance, type AuthFlow, type AuthFlowComponent, type AuthLoginMethod, type AuthProviderConfig, type BaseGetBalanceParams, type BaseGetBalanceResult, type BaseGetTokenAccountsParams, type BaseSendTransactionParams, type BaseSendTransactionResult, type BaseSignMessageParams, type BaseSignMessageResult, type BaseSignTransactionParams, type BaseSignTransactionResult, type BaseTokenClaims, type BaseUIOptions, type BaseWalletHooks, type BlockExplorer, type Chain, type ChainLikeWithId, type ContractUIOptions, type CreateWalletResponse, type DefaultFundingMethod, type DeleteSessionRequest, type DeleteSessionResponse, type DetachOAuthTokenRequest, type DeviceFingerprint, type DisplayMode, type EmailOtpConfig, type EmailOtpFlowState, type EphemeralSigner, type EphemeralSignerChain, type EphemeralSignerScheme, type EphemeralSignerWallet, type EthereumChainConfig, type EthereumFundingConfig, type EthereumGetBalanceParams, type EthereumGetBalanceResult, type EthereumGetTokenAccountsByOwnerParams, type EthereumGetTokenAccountsByOwnerResult, type EthereumSendTransactionParams, type EthereumSendTransactionRequest, type EthereumSendTransactionResult, type EthereumSign7702AuthorizationParams, type EthereumSign7702AuthorizationResult, type EthereumSignHashParams, type EthereumSignHashResult, type EthereumSignMessageParams, type EthereumSignMessageResult, type EthereumSignTransactionParams, type EthereumSignTransactionResult, type EthereumSignTypedDataParams, type EthereumSignTypedDataResult, type EthereumSwitchChainParams, type ExportKeyConfig, type Factor, type FlexibleTheme, type FundWalletConfig, type FundingEvents, type FundingMethod, type FundingUIConfig, type GetCurrentSessionRequest, type GetCurrentSessionResponse, type Hex, type IdentityTokenClaims, type IdpProvider, type IsAuthenticatedRequest, type IsAuthenticatedResponse, type ListEphemeralSignersResult, type LoginTokenBundle, type LogoutRequest, type LogoutResponse, type MessageTypeProperty, type MessageTypes, type MoonKeyThemeConfig, type MoonPaySignRequest, type MoonPaySignResponse, type MpcKeyShares, type NativeCurrency, Network, type OAuthRequest, type OAuthResponse, type OnrampFundingSettings, type PasskeyEnrollConfig, type PasskeySettings, type PreferredCardProvider, type PrefillConfig, type PresenceTokenClaims, type ProvisionEphemeralSignerParams, type ProvisionEphemeralSignerResult, type PublicEthereumWallet, type PublicSessionData, type PublicWallet, type RefreshSessionRequest, type RefreshSessionResponse, type RetrieveWalletKeyRequest, type RetrieveWalletKeyResponse, type RevokeEphemeralSignerParams, type RpcConfig, type RpcUrls, type SdkSettings, type SendEmailOtpRequest, type SendEmailOtpResponse, type SendTransactionConfig, type SendTransactionRequest, type SessionData, type SessionWallet, type SharesDeviceRequest, type SharesDeviceResponse, type Sign7702AuthorizationError, type Sign7702AuthorizationParams, type Sign7702AuthorizationResponse, type Sign7702AuthorizationResult, type SignMessageConfig, type SignTransactionConfig, type SignTypedDataError, type SignTypedDataParams, type SignTypedDataResponse, type SignTypedDataResult, type SmsSettings, type SolanaChain, type SolanaFundingConfig, type SolanaGetBalanceParams, type SolanaGetBalanceResult, type SolanaGetTokenAccountsByOwnerParams, type SolanaGetTokenAccountsByOwnerResult, type SolanaSendTransactionParams, type SolanaSendTransactionResult, type SolanaSignMessageParams, type SolanaSignMessageResult, type SolanaSignTransactionParams, type SolanaSignTransactionResult, type TransactionCommitment, type TransactionEncoding, type TransactionUIOptions, type TypedMessage, type UseFundWalletInterface, type UsersMePublicResponse, type UsersMeRequest, type UsersMeResponse, type VerifiedSession, type VerifyEmailOtpRequest, type VerifyEmailOtpResponse, type VerifyEmailOtpUser, type VerifyOAuthTokenRequest, type VerifyOAuthTokenResponse, type VerifySiweWalletRegistrationRequest, WALLET_ERROR_CODES, type Wallet, type WalletChain, type WalletChainType, type WalletConnectConfig, WalletCreationError, type WalletError, type WalletErrorCode, type WalletKeyRequest, type WalletListEntry, type WalletRegistrationNonceRequest, type WalletRegistrationNonceResponse, type WalletType, type WalletVerifyRequest };
@@ -49,7 +49,6 @@ interface PublicWallet {
49
49
  id: string;
50
50
  app_id: string;
51
51
  user_id: string;
52
- key_id: string;
53
52
  key_share: string;
54
53
  public_address: string;
55
54
  wallet_type: WalletChain;
@@ -57,6 +56,9 @@ interface PublicWallet {
57
56
  derivation_path?: string;
58
57
  created_at: string;
59
58
  }
59
+ interface SessionWallet extends PublicWallet {
60
+ key_id: string;
61
+ }
60
62
  interface PublicEthereumWallet extends PublicWallet {
61
63
  chainId?: number;
62
64
  switchChain?: (targetChainId: number) => Promise<void>;
@@ -1148,7 +1150,7 @@ interface UsersMeResponse {
1148
1150
  status?: string;
1149
1151
  created_at?: string;
1150
1152
  emails: Email[];
1151
- wallets: PublicWallet[];
1153
+ wallets: SessionWallet[];
1152
1154
  }
1153
1155
  interface UsersMePublicResponse {
1154
1156
  user_id: string;
@@ -1326,4 +1328,4 @@ interface WalletVerifyRequest {
1326
1328
  sessionExpiresIn: number;
1327
1329
  }
1328
1330
 
1329
- export { type AccessTokenClaims, type AppConfigRequest, type AppConfigResponse, type AttachOAuthTokenRequest, type AttachOAuthTokenResponse, type AuthAppearance, type AuthFlow, type AuthFlowComponent, type AuthLoginMethod, type AuthProviderConfig, type BaseGetBalanceParams, type BaseGetBalanceResult, type BaseGetTokenAccountsParams, type BaseSendTransactionParams, type BaseSendTransactionResult, type BaseSignMessageParams, type BaseSignMessageResult, type BaseSignTransactionParams, type BaseSignTransactionResult, type BaseTokenClaims, type BaseUIOptions, type BaseWalletHooks, type BlockExplorer, type Chain, type ChainLikeWithId, type ContractUIOptions, type CreateWalletResponse, type DefaultFundingMethod, type DeleteSessionRequest, type DeleteSessionResponse, type DetachOAuthTokenRequest, type DeviceFingerprint, type DisplayMode, type EmailOtpConfig, type EmailOtpFlowState, type EphemeralSigner, type EphemeralSignerChain, type EphemeralSignerScheme, type EphemeralSignerWallet, type EthereumChainConfig, type EthereumFundingConfig, type EthereumGetBalanceParams, type EthereumGetBalanceResult, type EthereumGetTokenAccountsByOwnerParams, type EthereumGetTokenAccountsByOwnerResult, type EthereumSendTransactionParams, type EthereumSendTransactionRequest, type EthereumSendTransactionResult, type EthereumSign7702AuthorizationParams, type EthereumSign7702AuthorizationResult, type EthereumSignHashParams, type EthereumSignHashResult, type EthereumSignMessageParams, type EthereumSignMessageResult, type EthereumSignTransactionParams, type EthereumSignTransactionResult, type EthereumSignTypedDataParams, type EthereumSignTypedDataResult, type EthereumSwitchChainParams, type ExportKeyConfig, type Factor, type FlexibleTheme, type FundWalletConfig, type FundingEvents, type FundingMethod, type FundingUIConfig, type GetCurrentSessionRequest, type GetCurrentSessionResponse, type Hex, type IdentityTokenClaims, type IdpProvider, type IsAuthenticatedRequest, type IsAuthenticatedResponse, type ListEphemeralSignersResult, type LoginTokenBundle, type LogoutRequest, type LogoutResponse, type MessageTypeProperty, type MessageTypes, type MoonKeyThemeConfig, type MoonPaySignRequest, type MoonPaySignResponse, type MpcKeyShares, type NativeCurrency, Network, type OAuthRequest, type OAuthResponse, type OnrampFundingSettings, type PasskeyEnrollConfig, type PasskeySettings, type PreferredCardProvider, type PrefillConfig, type PresenceTokenClaims, type ProvisionEphemeralSignerParams, type ProvisionEphemeralSignerResult, type PublicEthereumWallet, type PublicSessionData, type PublicWallet, type RefreshSessionRequest, type RefreshSessionResponse, type RetrieveWalletKeyRequest, type RetrieveWalletKeyResponse, type RevokeEphemeralSignerParams, type RpcConfig, type RpcUrls, type SdkSettings, type SendEmailOtpRequest, type SendEmailOtpResponse, type SendTransactionConfig, type SendTransactionRequest, type SessionData, type SharesDeviceRequest, type SharesDeviceResponse, type Sign7702AuthorizationError, type Sign7702AuthorizationParams, type Sign7702AuthorizationResponse, type Sign7702AuthorizationResult, type SignMessageConfig, type SignTransactionConfig, type SignTypedDataError, type SignTypedDataParams, type SignTypedDataResponse, type SignTypedDataResult, type SmsSettings, type SolanaChain, type SolanaFundingConfig, type SolanaGetBalanceParams, type SolanaGetBalanceResult, type SolanaGetTokenAccountsByOwnerParams, type SolanaGetTokenAccountsByOwnerResult, type SolanaSendTransactionParams, type SolanaSendTransactionResult, type SolanaSignMessageParams, type SolanaSignMessageResult, type SolanaSignTransactionParams, type SolanaSignTransactionResult, type TransactionCommitment, type TransactionEncoding, type TransactionUIOptions, type TypedMessage, type UseFundWalletInterface, type UsersMePublicResponse, type UsersMeRequest, type UsersMeResponse, type VerifiedSession, type VerifyEmailOtpRequest, type VerifyEmailOtpResponse, type VerifyEmailOtpUser, type VerifyOAuthTokenRequest, type VerifyOAuthTokenResponse, type VerifySiweWalletRegistrationRequest, WALLET_ERROR_CODES, type Wallet, type WalletChain, type WalletChainType, type WalletConnectConfig, WalletCreationError, type WalletError, type WalletErrorCode, type WalletKeyRequest, type WalletListEntry, type WalletRegistrationNonceRequest, type WalletRegistrationNonceResponse, type WalletType, type WalletVerifyRequest };
1331
+ export { type AccessTokenClaims, type AppConfigRequest, type AppConfigResponse, type AttachOAuthTokenRequest, type AttachOAuthTokenResponse, type AuthAppearance, type AuthFlow, type AuthFlowComponent, type AuthLoginMethod, type AuthProviderConfig, type BaseGetBalanceParams, type BaseGetBalanceResult, type BaseGetTokenAccountsParams, type BaseSendTransactionParams, type BaseSendTransactionResult, type BaseSignMessageParams, type BaseSignMessageResult, type BaseSignTransactionParams, type BaseSignTransactionResult, type BaseTokenClaims, type BaseUIOptions, type BaseWalletHooks, type BlockExplorer, type Chain, type ChainLikeWithId, type ContractUIOptions, type CreateWalletResponse, type DefaultFundingMethod, type DeleteSessionRequest, type DeleteSessionResponse, type DetachOAuthTokenRequest, type DeviceFingerprint, type DisplayMode, type EmailOtpConfig, type EmailOtpFlowState, type EphemeralSigner, type EphemeralSignerChain, type EphemeralSignerScheme, type EphemeralSignerWallet, type EthereumChainConfig, type EthereumFundingConfig, type EthereumGetBalanceParams, type EthereumGetBalanceResult, type EthereumGetTokenAccountsByOwnerParams, type EthereumGetTokenAccountsByOwnerResult, type EthereumSendTransactionParams, type EthereumSendTransactionRequest, type EthereumSendTransactionResult, type EthereumSign7702AuthorizationParams, type EthereumSign7702AuthorizationResult, type EthereumSignHashParams, type EthereumSignHashResult, type EthereumSignMessageParams, type EthereumSignMessageResult, type EthereumSignTransactionParams, type EthereumSignTransactionResult, type EthereumSignTypedDataParams, type EthereumSignTypedDataResult, type EthereumSwitchChainParams, type ExportKeyConfig, type Factor, type FlexibleTheme, type FundWalletConfig, type FundingEvents, type FundingMethod, type FundingUIConfig, type GetCurrentSessionRequest, type GetCurrentSessionResponse, type Hex, type IdentityTokenClaims, type IdpProvider, type IsAuthenticatedRequest, type IsAuthenticatedResponse, type ListEphemeralSignersResult, type LoginTokenBundle, type LogoutRequest, type LogoutResponse, type MessageTypeProperty, type MessageTypes, type MoonKeyThemeConfig, type MoonPaySignRequest, type MoonPaySignResponse, type MpcKeyShares, type NativeCurrency, Network, type OAuthRequest, type OAuthResponse, type OnrampFundingSettings, type PasskeyEnrollConfig, type PasskeySettings, type PreferredCardProvider, type PrefillConfig, type PresenceTokenClaims, type ProvisionEphemeralSignerParams, type ProvisionEphemeralSignerResult, type PublicEthereumWallet, type PublicSessionData, type PublicWallet, type RefreshSessionRequest, type RefreshSessionResponse, type RetrieveWalletKeyRequest, type RetrieveWalletKeyResponse, type RevokeEphemeralSignerParams, type RpcConfig, type RpcUrls, type SdkSettings, type SendEmailOtpRequest, type SendEmailOtpResponse, type SendTransactionConfig, type SendTransactionRequest, type SessionData, type SessionWallet, type SharesDeviceRequest, type SharesDeviceResponse, type Sign7702AuthorizationError, type Sign7702AuthorizationParams, type Sign7702AuthorizationResponse, type Sign7702AuthorizationResult, type SignMessageConfig, type SignTransactionConfig, type SignTypedDataError, type SignTypedDataParams, type SignTypedDataResponse, type SignTypedDataResult, type SmsSettings, type SolanaChain, type SolanaFundingConfig, type SolanaGetBalanceParams, type SolanaGetBalanceResult, type SolanaGetTokenAccountsByOwnerParams, type SolanaGetTokenAccountsByOwnerResult, type SolanaSendTransactionParams, type SolanaSendTransactionResult, type SolanaSignMessageParams, type SolanaSignMessageResult, type SolanaSignTransactionParams, type SolanaSignTransactionResult, type TransactionCommitment, type TransactionEncoding, type TransactionUIOptions, type TypedMessage, type UseFundWalletInterface, type UsersMePublicResponse, type UsersMeRequest, type UsersMeResponse, type VerifiedSession, type VerifyEmailOtpRequest, type VerifyEmailOtpResponse, type VerifyEmailOtpUser, type VerifyOAuthTokenRequest, type VerifyOAuthTokenResponse, type VerifySiweWalletRegistrationRequest, WALLET_ERROR_CODES, type Wallet, type WalletChain, type WalletChainType, type WalletConnectConfig, WalletCreationError, type WalletError, type WalletErrorCode, type WalletKeyRequest, type WalletListEntry, type WalletRegistrationNonceRequest, type WalletRegistrationNonceResponse, type WalletType, type WalletVerifyRequest };
@@ -1,4 +1,4 @@
1
- export { F as FORWARDED_ERROR_FIELDS, P as PostMessageClient, a as PostMessageMethod, b as PostMessageServer, c as PostMessageType } from '../post-message-Z6cLf0mS.mjs';
1
+ export { F as FORWARDED_ERROR_FIELDS, P as PostMessageClient, a as PostMessageMethod, b as PostMessageServer, c as PostMessageType } from '../post-message-2NAnU0Lf.mjs';
2
2
 
3
3
  /**
4
4
  * Get the appropriate MoonKey API URL based on environment configuration
@@ -1,4 +1,4 @@
1
- export { F as FORWARDED_ERROR_FIELDS, P as PostMessageClient, a as PostMessageMethod, b as PostMessageServer, c as PostMessageType } from '../post-message-Z6cLf0mS.js';
1
+ export { F as FORWARDED_ERROR_FIELDS, P as PostMessageClient, a as PostMessageMethod, b as PostMessageServer, c as PostMessageType } from '../post-message-2NAnU0Lf.js';
2
2
 
3
3
  /**
4
4
  * Get the appropriate MoonKey API URL based on environment configuration
@@ -269,8 +269,11 @@ var sendReactNativeReply = (response) => {
269
269
  } catch {
270
270
  }
271
271
  };
272
+ var QUEUE_TTL_MS = 2e4;
273
+ var MAX_PENDING_PER_KEY = 16;
272
274
  var PostMessageServer = class {
273
275
  constructor(originValidator) {
276
+ this.pending = /* @__PURE__ */ new Map();
274
277
  this.trustedSources = /* @__PURE__ */ new Set();
275
278
  this.handlers = /* @__PURE__ */ new Map();
276
279
  this.originValidator = originValidator;
@@ -285,6 +288,20 @@ var PostMessageServer = class {
285
288
  register(type, method, handler) {
286
289
  const key = `${type}:${method}`;
287
290
  this.handlers.set(key, handler);
291
+ const queued = this.pending.get(key);
292
+ if (queued?.length) {
293
+ this.pending.delete(key);
294
+ const now = Date.now();
295
+ for (const { request, reply, at } of queued) {
296
+ if (now - at < QUEUE_TTL_MS) {
297
+ void this.invokeHandler(
298
+ handler,
299
+ request,
300
+ reply
301
+ );
302
+ }
303
+ }
304
+ }
288
305
  }
289
306
  cleanup() {
290
307
  window.removeEventListener("message", this.handleMessage.bind(this));
@@ -349,29 +366,57 @@ var PostMessageServer = class {
349
366
  const key = `${request.type}:${request.method}`;
350
367
  const handler = this.handlers.get(key);
351
368
  if (handler) {
352
- try {
353
- const data = await handler(request.payload);
354
- reply({
355
- id: request.id,
356
- type: request.type,
357
- success: true,
358
- data
359
- });
360
- } catch (error) {
361
- const extras = {};
362
- if (error && typeof error === "object") {
363
- for (const key2 of FORWARDED_ERROR_FIELDS) {
364
- const value = error[key2];
365
- if (value !== void 0) extras[key2] = value;
366
- }
369
+ await this.invokeHandler(handler, request, reply);
370
+ } else {
371
+ this.bufferRequest(key, request, reply);
372
+ }
373
+ }
374
+ async invokeHandler(handler, request, reply) {
375
+ try {
376
+ const data = await handler(request.payload);
377
+ reply({
378
+ id: request.id,
379
+ type: request.type,
380
+ success: true,
381
+ data
382
+ });
383
+ } catch (error) {
384
+ const extras = {};
385
+ if (error && typeof error === "object") {
386
+ for (const key of FORWARDED_ERROR_FIELDS) {
387
+ const value = error[key];
388
+ if (value !== void 0) extras[key] = value;
367
389
  }
368
- reply({
369
- ...extras,
370
- id: request.id,
371
- type: request.type,
372
- success: false,
373
- error: error instanceof Error ? error.message : "Unknown error"
374
- });
390
+ }
391
+ reply({
392
+ ...extras,
393
+ id: request.id,
394
+ type: request.type,
395
+ success: false,
396
+ error: error instanceof Error ? error.message : "Unknown error"
397
+ });
398
+ }
399
+ }
400
+ bufferRequest(key, request, reply) {
401
+ this.evictExpiredPending();
402
+ let queue = this.pending.get(key);
403
+ if (!queue) {
404
+ queue = [];
405
+ this.pending.set(key, queue);
406
+ }
407
+ queue.push({ request, reply, at: Date.now() });
408
+ if (queue.length > MAX_PENDING_PER_KEY) {
409
+ queue.splice(0, queue.length - MAX_PENDING_PER_KEY);
410
+ }
411
+ }
412
+ evictExpiredPending() {
413
+ const now = Date.now();
414
+ for (const [key, queue] of this.pending) {
415
+ const fresh = queue.filter((e) => now - e.at < QUEUE_TTL_MS);
416
+ if (fresh.length) {
417
+ this.pending.set(key, fresh);
418
+ } else {
419
+ this.pending.delete(key);
375
420
  }
376
421
  }
377
422
  }
@@ -9,7 +9,7 @@ import {
9
9
  PostMessageMethod,
10
10
  PostMessageServer,
11
11
  PostMessageType
12
- } from "../chunk-JU5MWLXH.mjs";
12
+ } from "../chunk-KRZVIDBQ.mjs";
13
13
  import {
14
14
  getMoonKeyApiUrl
15
15
  } from "../chunk-GQKIA37O.mjs";
@@ -1,5 +1,5 @@
1
- import { P as PostMessageClient } from '../post-message-Z6cLf0mS.mjs';
2
- import { T as Transport, P as PasskeyAssertor, K as KvStorage } from '../interfaces-BWxOajnD.mjs';
1
+ import { P as PostMessageClient } from '../post-message-2NAnU0Lf.mjs';
2
+ import { T as Transport, P as PasskeyAssertor, K as KvStorage } from '../interfaces-CF5UrEBb.mjs';
3
3
 
4
4
  declare const getCachedPostMessageClient: (contentWindow: Window) => PostMessageClient;
5
5
  /**
@@ -1,5 +1,5 @@
1
- import { P as PostMessageClient } from '../post-message-Z6cLf0mS.js';
2
- import { T as Transport, P as PasskeyAssertor, K as KvStorage } from '../interfaces-BZ5GMWS9.js';
1
+ import { P as PostMessageClient } from '../post-message-2NAnU0Lf.js';
2
+ import { T as Transport, P as PasskeyAssertor, K as KvStorage } from '../interfaces-B5zxo2Jx.js';
3
3
 
4
4
  declare const getCachedPostMessageClient: (contentWindow: Window) => PostMessageClient;
5
5
  /**
package/dist/web/index.js CHANGED
@@ -114,8 +114,11 @@ var sendReactNativeReply = (response) => {
114
114
  } catch {
115
115
  }
116
116
  };
117
+ var QUEUE_TTL_MS = 2e4;
118
+ var MAX_PENDING_PER_KEY = 16;
117
119
  var PostMessageServer = class {
118
120
  constructor(originValidator) {
121
+ this.pending = /* @__PURE__ */ new Map();
119
122
  this.trustedSources = /* @__PURE__ */ new Set();
120
123
  this.handlers = /* @__PURE__ */ new Map();
121
124
  this.originValidator = originValidator;
@@ -130,6 +133,20 @@ var PostMessageServer = class {
130
133
  register(type, method, handler) {
131
134
  const key = `${type}:${method}`;
132
135
  this.handlers.set(key, handler);
136
+ const queued = this.pending.get(key);
137
+ if (queued?.length) {
138
+ this.pending.delete(key);
139
+ const now = Date.now();
140
+ for (const { request, reply, at } of queued) {
141
+ if (now - at < QUEUE_TTL_MS) {
142
+ void this.invokeHandler(
143
+ handler,
144
+ request,
145
+ reply
146
+ );
147
+ }
148
+ }
149
+ }
133
150
  }
134
151
  cleanup() {
135
152
  window.removeEventListener("message", this.handleMessage.bind(this));
@@ -194,29 +211,57 @@ var PostMessageServer = class {
194
211
  const key = `${request.type}:${request.method}`;
195
212
  const handler = this.handlers.get(key);
196
213
  if (handler) {
197
- try {
198
- const data = await handler(request.payload);
199
- reply({
200
- id: request.id,
201
- type: request.type,
202
- success: true,
203
- data
204
- });
205
- } catch (error) {
206
- const extras = {};
207
- if (error && typeof error === "object") {
208
- for (const key2 of FORWARDED_ERROR_FIELDS) {
209
- const value = error[key2];
210
- if (value !== void 0) extras[key2] = value;
211
- }
214
+ await this.invokeHandler(handler, request, reply);
215
+ } else {
216
+ this.bufferRequest(key, request, reply);
217
+ }
218
+ }
219
+ async invokeHandler(handler, request, reply) {
220
+ try {
221
+ const data = await handler(request.payload);
222
+ reply({
223
+ id: request.id,
224
+ type: request.type,
225
+ success: true,
226
+ data
227
+ });
228
+ } catch (error) {
229
+ const extras = {};
230
+ if (error && typeof error === "object") {
231
+ for (const key of FORWARDED_ERROR_FIELDS) {
232
+ const value = error[key];
233
+ if (value !== void 0) extras[key] = value;
212
234
  }
213
- reply({
214
- ...extras,
215
- id: request.id,
216
- type: request.type,
217
- success: false,
218
- error: error instanceof Error ? error.message : "Unknown error"
219
- });
235
+ }
236
+ reply({
237
+ ...extras,
238
+ id: request.id,
239
+ type: request.type,
240
+ success: false,
241
+ error: error instanceof Error ? error.message : "Unknown error"
242
+ });
243
+ }
244
+ }
245
+ bufferRequest(key, request, reply) {
246
+ this.evictExpiredPending();
247
+ let queue = this.pending.get(key);
248
+ if (!queue) {
249
+ queue = [];
250
+ this.pending.set(key, queue);
251
+ }
252
+ queue.push({ request, reply, at: Date.now() });
253
+ if (queue.length > MAX_PENDING_PER_KEY) {
254
+ queue.splice(0, queue.length - MAX_PENDING_PER_KEY);
255
+ }
256
+ }
257
+ evictExpiredPending() {
258
+ const now = Date.now();
259
+ for (const [key, queue] of this.pending) {
260
+ const fresh = queue.filter((e) => now - e.at < QUEUE_TTL_MS);
261
+ if (fresh.length) {
262
+ this.pending.set(key, fresh);
263
+ } else {
264
+ this.pending.delete(key);
220
265
  }
221
266
  }
222
267
  }
@@ -5,7 +5,7 @@ import {
5
5
  import {
6
6
  PostMessageClient,
7
7
  PostMessageServer
8
- } from "../chunk-JU5MWLXH.mjs";
8
+ } from "../chunk-KRZVIDBQ.mjs";
9
9
 
10
10
  // src/web/iframe-transport.ts
11
11
  var clientCache = /* @__PURE__ */ new WeakMap();
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@moon-x/core",
3
- "version": "0.7.0",
3
+ "version": "0.9.0",
4
4
  "license": "UNLICENSED",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",