@novasamatech/host-papp 0.8.0-1 → 0.8.1

package/dist/debug-public.d.ts

@@ -1,8 +1,7 @@
 /**
  * Lightweight public entry for the debug bus. Lives outside the main
  * `index.ts` so consumers can import the debug surface without
- * loading the attestation / session-manager modules, which pull in
- * verifiablejs WASM that can't initialise in all environments.
+ * loading the session-manager module.
  */
 export { emitHostPappDebugMessage, hasHostPappDebugListeners, onHostPappDebugMessage } from './debugBus.js';
 export type { AttestationDebugEvent, HostPappDebugEvent, SessionDebugEvent, SsoDebugEvent } from './debugTypes.js';

package/dist/debug-public.js

@@ -1,7 +1,6 @@
 /**
  * Lightweight public entry for the debug bus. Lives outside the main
  * `index.ts` so consumers can import the debug surface without
- * loading the attestation / session-manager modules, which pull in
- * verifiablejs WASM that can't initialise in all environments.
+ * loading the session-manager module.
  */
 export { emitHostPappDebugMessage, hasHostPappDebugListeners, onHostPappDebugMessage } from './debugBus.js';

package/dist/helpers/createAsyncTaskPool.d.ts

@@ -20,6 +20,7 @@ declare class AsyncTaskPool {
     constructor(config: Params);
     call<T>(fn: () => ResultAsync<T, Error>, params?: TaskParams): ResultAsync<T, Error>;
     settle(pool: string): Promise<void>;
+    private abortTask;
     private processPool;
     private tryToSettlePool;
     private retryDelay;

package/dist/helpers/createAsyncTaskPool.js

@@ -3,6 +3,9 @@ import { fromPromise } from 'neverthrow';
 import { promiseWithResolvers } from './promiseWithResolvers.js';
 import { nullable, toError } from './utils.js';
 export const DEFAULT_POOL = 'default';
+function abortReason(signal) {
+    return signal.reason instanceof Error ? signal.reason : new Error('Task aborted');
+}
 /**
  * Task manager with queues, retries and named pools.
  */
@@ -16,14 +19,21 @@ class AsyncTaskPool {
     }
     call(fn, params) {
         const { resolve, reject, promise } = promiseWithResolvers();
+        const signal = params?.signal;
+        // An already-aborted signal never enqueues the task — reject up-front.
+        if (signal?.aborted) {
+            reject(abortReason(signal));
+            return fromPromise(promise, toError);
+        }
         const task = {
             fn,
             pool: params?.pool ?? DEFAULT_POOL,
             retry: 0,
             resolve,
             reject,
-            signal: params?.signal,
+            signal,
         };
+        signal?.addEventListener('abort', () => this.abortTask(task), { once: true });
         this.queue.push(task);
         this.processPool(task.pool);
         return fromPromise(promise, toError);
@@ -42,6 +52,23 @@ class AsyncTaskPool {
             const unsubscribe = this.events.on('settled', handler);
         });
     }
+    // Drop a task because its signal aborted, whether it is still queued, waiting on a
+    // retry timer, or already running. Rejecting a promise that later settles on its own
+    // is a no-op, so the in-flight fn finishing afterwards can't override this rejection.
+    abortTask(task) {
+        if (task.retryTimeout !== undefined) {
+            clearTimeout(task.retryTimeout);
+        }
+        const queueIndex = this.queue.indexOf(task);
+        if (queueIndex >= 0) {
+            this.queue.splice(queueIndex, 1);
+        }
+        this.activeTasks = this.activeTasks.filter(x => x !== task);
+        task.reject(task.signal ? abortReason(task.signal) : new Error('Task aborted'));
+        // Free the slot the task held (or would have held) so the pool keeps draining.
+        this.processPool(task.pool);
+        this.tryToSettlePool(task.pool);
+    }
     processPool(pool) {
         let task = null;
         const activeTasks = this.activeTasks.filter(x => x.pool === pool);
@@ -63,17 +90,17 @@ class AsyncTaskPool {
         }
         this.activeTasks.push(task);
         const handleError = (task, error) => {
+            // The task was already rejected by abortTask; don't reject again or schedule a retry.
+            if (task.signal?.aborted) {
+                return;
+            }
             if (task.retry >= this.config.retryCount) {
                 task.reject(error);
             }
             else {
-                if (task.signal?.aborted) {
-                    task.reject(error);
-                    return;
-                }
                 const retryDelay = this.retryDelay(task);
                 task.retry++;
-                setTimeout(() => {
+                task.retryTimeout = setTimeout(() => {
                     this.queue.push(task);
                     this.processPool(pool);
                 }, retryDelay);

package/dist/helpers/createAsyncTaskPool.spec.js

@@ -115,6 +115,50 @@ describe('asyncTaskPool', () => {
         await pool.settle('test');
         expect(result).toEqual([1, 2, 3, 4]);
     });
+    describe('abort signal', () => {
+        it('rejects a queued task when the signal aborts, without ever running it', async () => {
+            const pool = createAsyncTaskPool({ poolSize: 1, retryCount: 0, retryDelay: 0 });
+            const controller = new AbortController();
+            const queuedSpy = vi.fn(() => okAsync('queued'));
+            // Occupy the single slot with a slow task so the next call has to queue.
+            const active = pool.call(() => fromPromise(delay(50).then(() => 'active'), toError));
+            const queued = pool.call(queuedSpy, { signal: controller.signal });
+            controller.abort();
+            const queuedResult = await queued;
+            expect(queuedResult.isErr()).toBe(true);
+            expect(queuedSpy).not.toHaveBeenCalled();
+            expect((await active).isOk()).toBe(true);
+        });
+        it('rejects the in-flight active task when the signal aborts', async () => {
+            const pool = createAsyncTaskPool({ poolSize: 1, retryCount: 0, retryDelay: 0 });
+            const controller = new AbortController();
+            const active = pool.call(() => fromPromise(delay(10_000).then(() => 'done'), toError), {
+                signal: controller.signal,
+            });
+            controller.abort();
+            expect((await active).isErr()).toBe(true);
+        });
+        it('frees the slot for later tasks after an abort', async () => {
+            const pool = createAsyncTaskPool({ poolSize: 1, retryCount: 0, retryDelay: 0 });
+            const controller = new AbortController();
+            const aborted = pool.call(() => fromPromise(delay(10_000).then(() => 'never'), toError), {
+                signal: controller.signal,
+            });
+            controller.abort();
+            await aborted;
+            const next = await pool.call(() => okAsync('next'));
+            expect(next).toEqual(ok('next'));
+        });
+        it('rejects immediately when called with an already-aborted signal', async () => {
+            const pool = createAsyncTaskPool({ poolSize: 1, retryCount: 0, retryDelay: 0 });
+            const controller = new AbortController();
+            controller.abort();
+            const spy = vi.fn(() => okAsync('x'));
+            const result = await pool.call(spy, { signal: controller.signal });
+            expect(result.isErr()).toBe(true);
+            expect(spy).not.toHaveBeenCalled();
+        });
+    });
     it('should settle tasks that was created by chain reaction', async () => {
         const pool = createAsyncTaskPool({ poolSize: 1, retryCount: 0, retryDelay: 0 });
         const tasks = [

package/dist/identity/impl.d.ts

@@ -1,6 +1,7 @@
 import type { StorageAdapter } from '@novasamatech/storage-adapter';
 import type { IdentityAdapter, IdentityRepository } from './types.js';
-export declare function createIdentityRepository({ adapter, storage, }: {
+export declare function createIdentityRepository({ adapter, storage, initialEmissionTimeoutMs, }: {
     adapter: IdentityAdapter;
     storage: StorageAdapter;
+    initialEmissionTimeoutMs?: number;
 }): IdentityRepository;

package/dist/identity/impl.js

@@ -1,7 +1,67 @@
 import { Result, ResultAsync, err, ok, okAsync } from 'neverthrow';
+import { defer, distinctUntilChanged, filter, finalize, map, merge, shareReplay, takeUntil, tap, timer } from 'rxjs';
 import { toError } from '../helpers/utils.js';
-export function createIdentityRepository({ adapter, storage, }) {
-    const cachedRequester = createCachedIdentityRequester(storage, accountId => `identity_${accountId}`);
+const WATCH_IDENTITY_INITIAL_TIMEOUT_MS = 15_000;
+function getCacheKey(accountId) {
+    return `identity_${accountId}`;
+}
+function parseIdentity(raw) {
+    if (!raw)
+        return null;
+    try {
+        return JSON.parse(raw);
+    }
+    catch {
+        return null;
+    }
+}
+// Identity values are produced by `decodeRawIdentity` only, so key order is
+// deterministic and JSON.stringify is a safe structural equality probe.
+function identitiesEqual(a, b) {
+    if (a === b)
+        return true;
+    if (a === null || b === null)
+        return false;
+    return JSON.stringify(a) === JSON.stringify(b);
+}
+function readCachedIdentity(storage, accountId) {
+    return defer(() => storage.read(getCacheKey(accountId)).match(parseIdentity, () => null));
+}
+export function createIdentityRepository({ adapter, storage, initialEmissionTimeoutMs = WATCH_IDENTITY_INITIAL_TIMEOUT_MS, }) {
+    const cachedRequester = createCachedIdentityRequester(storage, getCacheKey);
+    // Per-account de-dup: concurrent watchIdentity(acc) calls share one chain
+    // subscription via the shared stream built below. The entry clears itself —
+    // see the `finalize` in `buildWatch` — so the map can't accumulate dead
+    // streams across distinct accounts.
+    const watchCache = new Map();
+    function buildWatch(accountId) {
+        const live$ = adapter.watchIdentity(accountId).pipe(distinctUntilChanged(identitiesEqual), tap(identity => {
+            if (identity === null)
+                return;
+            // Best-effort write-through; failures must not surface on the read.
+            void storage.write(getCacheKey(accountId), JSON.stringify(identity));
+        }), shareReplay({ bufferSize: 1, refCount: true }));
+        // Seed from cache so warm consumers paint a value before the first chain
+        // block. Only a non-null seed is emitted: a cold cache must fall through to
+        // the live read / fallback rather than surface a premature `null` (that
+        // also keeps the fallback timer below reachable). `shareReplay` keeps the
+        // single storage read from being duplicated by the fallback's `takeUntil`.
+        const seed$ = readCachedIdentity(storage, accountId).pipe(filter((identity) => identity !== null), takeUntil(live$), shareReplay({ bufferSize: 1, refCount: true }));
+        // Cold-cache + silent-chain safety net: emit `null` so the UI doesn't hang.
+        const fallback$ = timer(initialEmissionTimeoutMs).pipe(takeUntil(merge(seed$, live$)), map(() => null));
+        const stream = merge(seed$, live$, fallback$).pipe(distinctUntilChanged(identitiesEqual), 
+        // refCount tears down the chain subscription when the last subscriber
+        // leaves; `finalize` then drops the map entry so a later watch rebuilds
+        // a fresh stream instead of reusing a dead one. The shared `shareReplay`
+        // guarantees this fires once, on the final unsubscribe — not per caller.
+        // Guard on identity: a late re-subscribe to an already torn-down stream
+        // must not evict a newer entry that another caller built for this account.
+        finalize(() => {
+            if (watchCache.get(accountId) === stream)
+                watchCache.delete(accountId);
+        }), shareReplay({ bufferSize: 1, refCount: true }));
+        return stream;
+    }
     return {
         getIdentity(accountId) {
             return cachedRequester([accountId], adapter.readIdentities).map(map => map[accountId] ?? null);
@@ -9,6 +69,16 @@ export function createIdentityRepository({ adapter, storage, }) {
         getIdentities(accounts) {
             return cachedRequester(accounts, adapter.readIdentities);
         },
+        // Adapter errors propagate as-is; callers must attach an error handler
+        // and re-subscribe to recover (no automatic retry).
+        watchIdentity(accountId) {
+            const existing = watchCache.get(accountId);
+            if (existing)
+                return existing;
+            const stream = buildWatch(accountId);
+            watchCache.set(accountId, stream);
+            return stream;
+        },
     };
 }
 function createCachedIdentityRequester(storage, getKey) {

package/dist/identity/rpcAdapter.js

@@ -1,15 +1,36 @@
 import { errAsync, fromPromise, ok } from 'neverthrow';
 import { AccountId } from 'polkadot-api';
+import { defer, map, throwError } from 'rxjs';
 import { toError } from '../helpers/utils.js';
 import { zipWith } from '../helpers/zipWith.js';
+function decodeRawIdentity(accountId, raw, textDecoder) {
+    if (!raw)
+        return null;
+    const credibility = raw.credibility.type === 'Lite'
+        ? { type: 'Lite' }
+        : {
+            type: 'Person',
+            alias: raw.credibility.value.alias,
+            lastUpdate: raw.credibility.value.last_update.toString(),
+        };
+    return {
+        accountId,
+        fullUsername: raw.full_username ? textDecoder.decode(raw.full_username) : null,
+        liteUsername: textDecoder.decode(raw.lite_username),
+        credibility,
+    };
+}
 export function createIdentityRpcAdapter(lazyClient) {
     const accCodec = AccountId();
+    const textDecoder = new TextDecoder();
+    function getConsumersStorage() {
+        const client = lazyClient.getClient();
+        const unsafeApi = client.getUnsafeApi();
+        return unsafeApi.query.Resources.Consumers;
+    }
     return {
         readIdentities(accounts) {
-            const textDecoder = new TextDecoder();
-            const client = lazyClient.getClient();
-            const unsafeApi = client.getUnsafeApi();
-            const method = unsafeApi.query.Resources.Consumers;
+            const method = getConsumersStorage();
             if (!method) {
                 return errAsync(new Error('Method Resources.Consumers not found'));
             }
@@ -18,36 +39,24 @@ export function createIdentityRpcAdapter(lazyClient) {
                 if (!results) {
                     return ok({});
                 }
-                return ok(Object.fromEntries(zipWith([accounts, results], x => x).map(([accountId, typedRaw]) => {
-                    if (!typedRaw) {
-                        return [accountId, null];
-                    }
-                    // Runtime metadata may expose fields in snake_case (V1) or
-                    // camelCase (V2 multi-device). Read defensively. The .papi
-                    // descriptor only types snake_case, so widen here.
-                    const raw = typedRaw;
-                    const fullUsername = raw.full_username ?? raw.fullUsername;
-                    const liteUsername = raw.lite_username ?? raw.liteUsername;
-                    const credibility = raw.credibility.type == 'Lite'
-                        ? {
-                            type: 'Lite',
-                        }
-                        : {
-                            type: 'Person',
-                            alias: raw.credibility.value.alias,
-                            lastUpdate: (raw.credibility.value.last_update ??
-                                raw.credibility.value.lastUpdate).toString(),
-                        };
-                    return [
-                        accountId,
-                        {
-                            accountId: accountId,
-                            fullUsername: fullUsername ? textDecoder.decode(fullUsername) : null,
-                            liteUsername: liteUsername ? textDecoder.decode(liteUsername) : '',
-                            credibility,
-                        },
-                    ];
-                })));
+                return ok(Object.fromEntries(zipWith([accounts, results], x => x).map(([accountId, typedRaw]) => [
+                    accountId,
+                    decodeRawIdentity(accountId, typedRaw, textDecoder),
+                ])));
+            });
+        },
+        watchIdentity(accountId) {
+            // `defer` so client resolution and key decoding run on subscribe and any
+            // failure surfaces as a stream error, not a synchronous throw at the call
+            // site (the consumer only attaches its error handler via `.subscribe`).
+            return defer(() => {
+                const method = getConsumersStorage();
+                if (!method) {
+                    return throwError(() => new Error('Method Resources.Consumers not found'));
+                }
+                return method
+                    .watchValue(accCodec.dec(accountId))
+                    .pipe(map(emission => decodeRawIdentity(accountId, emission.value, textDecoder)));
             });
         },
     };

package/dist/identity/types.d.ts

@@ -1,4 +1,5 @@
 import type { ResultAsync } from 'neverthrow';
+import type { Observable } from 'rxjs';
 export type Credibility = {
     type: 'Lite';
 } | {
@@ -14,8 +15,10 @@ export type Identity = {
 };
 export type IdentityAdapter = {
     readIdentities(accounts: string[]): ResultAsync<Record<string, Identity | null>, Error>;
+    watchIdentity(accountId: string): Observable<Identity | null>;
 };
 export type IdentityRepository = {
     getIdentity(accountId: string): ResultAsync<Identity | null, Error>;
     getIdentities(accounts: string[]): ResultAsync<Record<string, Identity | null>, Error>;
+    watchIdentity(accountId: string): Observable<Identity | null>;
 };

package/dist/index.d.ts

@@ -4,6 +4,8 @@ export { createPappAdapter } from './papp.js';
 export type { AuthComponent, HostMetadata, OnAuthSuccess } from './sso/auth/impl.js';
 export type { PairingStatus } from './sso/auth/types.js';
 export type { DeviceIdentityForPairing } from './sso/auth/v2/service.js';
+export type { AllowanceErrorReason, AllowanceService } from './sso/allowance/index.js';
+export { AllowanceError } from './sso/allowance/index.js';
 export type { UserSession } from './sso/sessionManager/userSession.js';
 export type { StoredUserSession } from './sso/userSessionRepository.js';
 export type { Identity } from './identity/types.js';

package/dist/index.js

@@ -1,2 +1,3 @@
 export { SS_PASEO_STABLE_STAGE_ENDPOINTS, SS_PREVIEW_STAGE_ENDPOINTS, SS_STABLE_STAGE_ENDPOINTS } from './constants.js';
 export { createPappAdapter } from './papp.js';
+export { AllowanceError } from './sso/allowance/index.js';

package/dist/papp.d.ts

@@ -1,6 +1,7 @@
 import type { LazyClient, StatementStoreAdapter } from '@novasamatech/statement-store';
 import type { StorageAdapter } from '@novasamatech/storage-adapter';
 import type { IdentityAdapter, IdentityRepository } from './identity/types.js';
+import type { AllowanceService } from './sso/allowance/index.js';
 import type { AuthComponent, HostMetadata, OnAuthSuccess } from './sso/auth/impl.js';
 import type { DeviceIdentityForPairing } from './sso/auth/v2/service.js';
 import type { SsoSessionManager } from './sso/sessionManager/impl.js';
@@ -10,6 +11,7 @@ export type PappAdapter = {
     sessions: SsoSessionManager;
     secrets: UserSecretRepository;
     identity: IdentityRepository;
+    allowance: AllowanceService;
 };
 type Adapters = {
     statementStore: StatementStoreAdapter;

package/dist/papp.js

@@ -4,6 +4,7 @@ import { getWsProvider } from 'polkadot-api/ws';
 import { SS_STABLE_STAGE_ENDPOINTS } from './constants.js';
 import { createIdentityRepository } from './identity/impl.js';
 import { createIdentityRpcAdapter } from './identity/rpcAdapter.js';
+import { createAllowanceRepository, createAllowanceService } from './sso/allowance/index.js';
 import { createAuth } from './sso/auth/impl.js';
 import { createDeviceIdentityStore } from './sso/deviceIdentityStore.js';
 import { createSsoSessionManager } from './sso/sessionManager/impl.js';
@@ -17,7 +18,15 @@ export function createPappAdapter({ appId, hostMetadata, deviceIdentity, onAuthS
     const storage = adapters?.storage ?? createLocalStorageAdapter(appId);
     const ssoSessionRepository = createUserSessionRepository(storage);
     const userSecretRepository = createUserSecretRepository(appId, storage);
+    const allowanceRepository = createAllowanceRepository(appId, storage);
     const deviceIdentityStore = createDeviceIdentityStore(appId, storage);
+    const sessions = createSsoSessionManager({
+        storage,
+        statementStore,
+        ssoSessionRepository,
+        userSecretRepository,
+        allowanceRepository,
+    });
     return {
         sso: createAuth({
             hostMetadata,
@@ -28,8 +37,9 @@ export function createPappAdapter({ appId, hostMetadata, deviceIdentity, onAuthS
             userSecretRepository,
             onAuthSuccess,
         }),
-        sessions: createSsoSessionManager({ storage, statementStore, ssoSessionRepository, userSecretRepository }),
+        sessions,
         secrets: userSecretRepository,
         identity: createIdentityRepository({ adapter: identities, storage }),
+        allowance: createAllowanceService({ sessions: sessions.sessions, repository: allowanceRepository }),
     };
 }

package/dist/sso/allowance/impl.d.ts

@@ -0,0 +1,24 @@
+import type { StatementProver } from '@novasamatech/statement-store';
+import { ResultAsync } from 'neverthrow';
+import type { PolkadotSigner } from 'polkadot-api/signer';
+import type { Callback } from '../../types.js';
+import type { UserSession } from '../sessionManager/userSession.js';
+import type { AllowanceRepository } from './repository.js';
+export type AllowanceErrorReason = 'NoSession' | 'Rejected' | 'NotAvailable' | 'UnexpectedResponse';
+export declare class AllowanceError extends Error {
+    readonly reason: AllowanceErrorReason;
+    constructor(reason: AllowanceErrorReason, message?: string);
+}
+type SessionsView = {
+    read(): UserSession[];
+    subscribe(callback: Callback<UserSession[]>): VoidFunction;
+};
+export type AllowanceService = {
+    getBulletinSigner(sessionId: string, productId: string): ResultAsync<PolkadotSigner, AllowanceError>;
+    getStatementStoreProver(sessionId: string, productId: string): ResultAsync<StatementProver, AllowanceError>;
+};
+export declare function createAllowanceService({ sessions, repository, }: {
+    sessions: SessionsView;
+    repository: AllowanceRepository;
+}): AllowanceService;
+export {};

package/dist/sso/allowance/impl.js

@@ -0,0 +1,70 @@
+import { createSr25519Prover, deriveSlotAccountPublicKey, ensureSubstrateSlotSr25519Ready, signSlotAccountSecret, } from '@novasamatech/statement-store';
+import { ResultAsync, errAsync, okAsync } from 'neverthrow';
+import { getPolkadotSigner } from 'polkadot-api/signer';
+export class AllowanceError extends Error {
+    reason;
+    constructor(reason, message) {
+        super(message ?? reason);
+        this.reason = reason;
+        this.name = 'AllowanceError';
+    }
+}
+export function createAllowanceService({ sessions, repository, }) {
+    const fetchKey = (sessionId, productId, resource) => {
+        return repository
+            .read(sessionId, productId, resource)
+            .mapErr(e => new AllowanceError('UnexpectedResponse', e.message))
+            .andThen(cached => (cached ? okAsync(cached) : requestFromMobile(sessionId, productId, resource)));
+    };
+    const requestFromMobile = (sessionId, productId, resource) => {
+        const session = sessions.read().find(s => s.id === sessionId);
+        if (!session) {
+            return errAsync(new AllowanceError('NoSession', `No active session ${sessionId}`));
+        }
+        return session
+            .requestResourceAllocation({
+            callingProductId: productId,
+            resources: [toApResource(resource)],
+            onExisting: 'Ignore',
+        })
+            .mapErr(e => new AllowanceError('UnexpectedResponse', e.message))
+            .andThen(outcomes => {
+            const outcome = outcomes[0];
+            if (!outcome) {
+                return errAsync(new AllowanceError('UnexpectedResponse', 'Empty allocation response'));
+            }
+            if (outcome.tag === 'Rejected') {
+                return errAsync(new AllowanceError('Rejected', `Allowance request rejected for ${resource}`));
+            }
+            if (outcome.tag === 'NotAvailable') {
+                return errAsync(new AllowanceError('NotAvailable', `Allowance not available for ${resource}`));
+            }
+            const allocated = outcome.value;
+            const expectedTag = resource === 'bulletin' ? 'BulletInAllowance' : 'StatementStoreAllowance';
+            if (allocated.tag !== expectedTag) {
+                return errAsync(new AllowanceError('UnexpectedResponse', `Expected ${expectedTag}, got ${allocated.tag}`));
+            }
+            const slotAccountKey = allocated.value.slotAccountKey;
+            return repository
+                .write(sessionId, productId, resource, slotAccountKey)
+                .mapErr(e => new AllowanceError('UnexpectedResponse', e.message))
+                .map(() => slotAccountKey);
+        });
+    };
+    return {
+        getBulletinSigner(sessionId, productId) {
+            return fetchKey(sessionId, productId, 'bulletin').andThen(secret => ResultAsync.fromPromise(ensureSubstrateSlotSr25519Ready().then(() => getPolkadotSigner(deriveSlotAccountPublicKey(secret), 'Sr25519', input => signSlotAccountSecret(secret, input))), e => new AllowanceError('UnexpectedResponse', e instanceof Error ? e.message : String(e))));
+        },
+        getStatementStoreProver(sessionId, productId) {
+            return fetchKey(sessionId, productId, 'statementStore').map(secret => createSr25519Prover(secret));
+        },
+    };
+}
+function toApResource(resource) {
+    switch (resource) {
+        case 'bulletin':
+            return { tag: 'BulletInAllowance', value: undefined };
+        case 'statementStore':
+            return { tag: 'StatementStoreAllowance', value: undefined };
+    }
+}

package/dist/sso/allowance/index.d.ts

@@ -0,0 +1,4 @@
+export type { AllowanceRepository, AllowanceResourceKind } from './repository.js';
+export { createAllowanceRepository } from './repository.js';
+export type { AllowanceErrorReason, AllowanceService } from './impl.js';
+export { AllowanceError, createAllowanceService } from './impl.js';

package/dist/sso/allowance/index.js

@@ -0,0 +1,2 @@
+export { createAllowanceRepository } from './repository.js';
+export { AllowanceError, createAllowanceService } from './impl.js';

package/dist/sso/allowance/repository.d.ts

@@ -0,0 +1,9 @@
+import type { StorageAdapter } from '@novasamatech/storage-adapter';
+import type { ResultAsync } from 'neverthrow';
+export type AllowanceResourceKind = 'bulletin' | 'statementStore';
+export type AllowanceRepository = ReturnType<typeof createAllowanceRepository>;
+export declare function createAllowanceRepository(salt: string, storage: StorageAdapter): {
+    read(sessionId: string, productId: string, resource: AllowanceResourceKind): ResultAsync<Uint8Array | null, Error>;
+    write(sessionId: string, productId: string, resource: AllowanceResourceKind, slotAccountKey: Uint8Array): ResultAsync<void, Error>;
+    clearSession(sessionId: string): ResultAsync<void, Error>;
+};

package/dist/sso/allowance/repository.js

@@ -0,0 +1,60 @@
+import { gcm } from '@noble/ciphers/aes.js';
+import { blake2b } from '@noble/hashes/blake2.js';
+import { fromThrowable } from 'neverthrow';
+import { fromHex, toHex } from 'polkadot-api/utils';
+import { Bytes, Enum, Struct, Vector, _void, str } from 'scale-ts';
+import { stringToBytes } from '../../crypto.js';
+import { toError } from '../../helpers/utils.js';
+const AllowanceResourceKindCodec = Enum({
+    bulletin: _void,
+    statementStore: _void,
+});
+const StoredAllowanceEntryCodec = Struct({
+    productId: str,
+    resource: AllowanceResourceKindCodec,
+    slotAccountKey: Bytes(),
+});
+const StoredAllowancesCodec = Vector(StoredAllowanceEntryCodec);
+export function createAllowanceRepository(salt, storage) {
+    const baseKey = 'AllowanceKeys';
+    const encode = fromThrowable(StoredAllowancesCodec.enc, toError);
+    const decode = fromThrowable((value) => (value ? StoredAllowancesCodec.dec(value) : []), toError);
+    const encrypt = fromThrowable((value) => {
+        const aes = getAes(salt);
+        return toHex(aes.encrypt(value));
+    }, toError);
+    const decrypt = fromThrowable((value) => {
+        if (value === null)
+            return null;
+        const aes = getAes(salt);
+        return aes.decrypt(fromHex(value));
+    }, toError);
+    const readAll = (sessionId) => storage.read(createKey(baseKey, sessionId)).andThen(decrypt).andThen(decode);
+    const writeAll = (sessionId, entries) => encode(entries)
+        .andThen(encrypt)
+        .asyncAndThen(value => storage.write(createKey(baseKey, sessionId), value));
+    return {
+        read(sessionId, productId, resource) {
+            return readAll(sessionId).map(entries => {
+                const entry = entries.find(e => e.productId === productId && e.resource.tag === resource);
+                return entry ? entry.slotAccountKey : null;
+            });
+        },
+        write(sessionId, productId, resource, slotAccountKey) {
+            return readAll(sessionId).andThen(entries => {
+                const next = [
+                    ...entries.filter(e => !(e.productId === productId && e.resource.tag === resource)),
+                    { productId, resource: { tag: resource, value: undefined }, slotAccountKey },
+                ];
+                return writeAll(sessionId, next);
+            });
+        },
+        clearSession(sessionId) {
+            return storage.clear(createKey(baseKey, sessionId));
+        },
+    };
+}
+const createKey = (key, context) => `${key}_${context}`;
+function getAes(salt) {
+    return gcm(blake2b(stringToBytes(salt), { dkLen: 16 }), blake2b(stringToBytes('nonce'), { dkLen: 32 }));
+}

package/dist/sso/auth/scale/handshakeV2.d.ts

@@ -215,6 +215,9 @@ export type EncryptedHandshakeResponseV2Value = {
  * matches the peer's wire format directly.
  */
 export declare const EncryptedHandshakeResponseV2: import("scale-ts").Codec<{
+    tag: "Failed";
+    value: string;
+} | {
     tag: "Pending";
     value: {
         tag: "AllowanceAllocation";
@@ -228,9 +231,6 @@ export declare const EncryptedHandshakeResponseV2: import("scale-ts").Codec<{
         identityChatPrivateKey: Uint8Array<ArrayBufferLike>;
         deviceEncPubKey: Uint8Array<ArrayBufferLike>;
     };
-} | {
-    tag: "Failed";
-    value: string;
 }>;
 export declare const HandshakeResponseV2: import("scale-ts").Codec<{
     encrypted: Uint8Array<ArrayBufferLike>;

package/dist/sso/sessionManager/impl.d.ts

@@ -1,6 +1,7 @@
 import type { StatementStoreAdapter } from '@novasamatech/statement-store';
 import type { StorageAdapter } from '@novasamatech/storage-adapter';
 import type { Callback } from '../../types.js';
+import type { AllowanceRepository } from '../allowance/index.js';
 import type { UserSecretRepository } from '../userSecretRepository.js';
 import type { StoredUserSession, UserSessionRepository } from '../userSessionRepository.js';
 import type { UserSession } from './userSession.js';
@@ -10,8 +11,9 @@ type Params = {
     statementStore: StatementStoreAdapter;
     ssoSessionRepository: UserSessionRepository;
     userSecretRepository: UserSecretRepository;
+    allowanceRepository: AllowanceRepository;
 };
-export declare function createSsoSessionManager({ ssoSessionRepository, userSecretRepository, statementStore, storage, }: Params): {
+export declare function createSsoSessionManager({ ssoSessionRepository, userSecretRepository, allowanceRepository, statementStore, storage, }: Params): {
     sessions: {
         read: () => UserSession[];
         subscribe: (callback: Callback<UserSession[]>) => () => void;

package/dist/sso/sessionManager/impl.js

@@ -4,7 +4,7 @@ import { emitHostPappDebugMessage } from '../../debugBus.js';
 import { createState } from '../../helpers/state.js';
 import { createSsoStatementProver } from '../ssoSessionProver.js';
 import { createUserSession } from './userSession.js';
-export function createSsoSessionManager({ ssoSessionRepository, userSecretRepository, statementStore, storage, }) {
+export function createSsoSessionManager({ ssoSessionRepository, userSecretRepository, allowanceRepository, statementStore, storage, }) {
     const localSessions = createState({});
     const sessionUnsubscribes = new Map();
     const releaseSession = (id) => {
@@ -77,7 +77,8 @@ export function createSsoSessionManager({ ssoSessionRepository, userSecretReposi
             return session
                 .sendDisconnectMessage()
                 .andThen(() => disconnect(userSession))
-                .andThen(() => userSecretRepository.clear(userSession.id));
+                .andThen(() => userSecretRepository.clear(userSession.id))
+                .andThen(() => allowanceRepository.clearSession(userSession.id));
         },
         dispose() {
             for (const session of Object.values(localSessions.read())) {

package/dist/sso/sessionManager/scale/remoteMessage.d.ts

@@ -73,15 +73,15 @@ export declare const RemoteMessageCodec: import("scale-ts").Codec<{
                 resources: ({
                     tag: "StatementStoreAllowance";
                     value: undefined;
-                } | {
-                    tag: "BulletInAllowance";
-                    value: undefined;
                 } | {
                     tag: "SmartContractAllowance";
                     value: number;
                 } | {
                     tag: "AutoSigning";
                     value: undefined;
+                } | {
+                    tag: "BulletInAllowance";
+                    value: undefined;
                 })[];
                 onExisting: "Ignore" | "Increase";
             };
@@ -99,11 +99,6 @@ export declare const RemoteMessageCodec: import("scale-ts").Codec<{
                         value: {
                             slotAccountKey: Uint8Array<ArrayBufferLike>;
                         };
-                    } | {
-                        tag: "BulletInAllowance";
-                        value: {
-                            slotAccountKey: Uint8Array<ArrayBufferLike>;
-                        };
                     } | {
                         tag: "SmartContractAllowance";
                         value: undefined;
@@ -113,6 +108,11 @@ export declare const RemoteMessageCodec: import("scale-ts").Codec<{
                             productDerivationSecret: string;
                             productRootPrivateKey: Uint8Array<ArrayBufferLike>;
                         };
+                    } | {
+                        tag: "BulletInAllowance";
+                        value: {
+                            slotAccountKey: Uint8Array<ArrayBufferLike>;
+                        };
                     };
                 } | {
                     tag: "NotAvailable";

package/dist/sso/sessionManager/scale/resourceAllocation.d.ts

@@ -3,15 +3,15 @@ export type ApAllocatableResource = CodecType<typeof ApAllocatableResourceCodec>
 export declare const ApAllocatableResourceCodec: import("scale-ts").Codec<{
     tag: "StatementStoreAllowance";
     value: undefined;
-} | {
-    tag: "BulletInAllowance";
-    value: undefined;
 } | {
     tag: "SmartContractAllowance";
     value: number;
 } | {
     tag: "AutoSigning";
     value: undefined;
+} | {
+    tag: "BulletInAllowance";
+    value: undefined;
 }>;
 export type ApAllocatedResource = CodecType<typeof ApAllocatedResourceCodec>;
 export declare const ApAllocatedResourceCodec: import("scale-ts").Codec<{
@@ -19,11 +19,6 @@ export declare const ApAllocatedResourceCodec: import("scale-ts").Codec<{
     value: {
         slotAccountKey: Uint8Array<ArrayBufferLike>;
     };
-} | {
-    tag: "BulletInAllowance";
-    value: {
-        slotAccountKey: Uint8Array<ArrayBufferLike>;
-    };
 } | {
     tag: "SmartContractAllowance";
     value: undefined;
@@ -33,6 +28,11 @@ export declare const ApAllocatedResourceCodec: import("scale-ts").Codec<{
         productDerivationSecret: string;
         productRootPrivateKey: Uint8Array<ArrayBufferLike>;
     };
+} | {
+    tag: "BulletInAllowance";
+    value: {
+        slotAccountKey: Uint8Array<ArrayBufferLike>;
+    };
 }>;
 export type ApAllocationOutcome = CodecType<typeof ApAllocationOutcomeCodec>;
 export declare const ApAllocationOutcomeCodec: import("scale-ts").Codec<{
@@ -45,11 +45,6 @@ export declare const ApAllocationOutcomeCodec: import("scale-ts").Codec<{
         value: {
             slotAccountKey: Uint8Array<ArrayBufferLike>;
         };
-    } | {
-        tag: "BulletInAllowance";
-        value: {
-            slotAccountKey: Uint8Array<ArrayBufferLike>;
-        };
     } | {
         tag: "SmartContractAllowance";
         value: undefined;
@@ -59,6 +54,11 @@ export declare const ApAllocationOutcomeCodec: import("scale-ts").Codec<{
             productDerivationSecret: string;
             productRootPrivateKey: Uint8Array<ArrayBufferLike>;
         };
+    } | {
+        tag: "BulletInAllowance";
+        value: {
+            slotAccountKey: Uint8Array<ArrayBufferLike>;
+        };
     };
 } | {
     tag: "NotAvailable";
@@ -71,15 +71,15 @@ export declare const ResourceAllocationRequestCodec: import("scale-ts").Codec<{
     resources: ({
         tag: "StatementStoreAllowance";
         value: undefined;
-    } | {
-        tag: "BulletInAllowance";
-        value: undefined;
     } | {
         tag: "SmartContractAllowance";
         value: number;
     } | {
         tag: "AutoSigning";
         value: undefined;
+    } | {
+        tag: "BulletInAllowance";
+        value: undefined;
     })[];
     onExisting: "Ignore" | "Increase";
 }>;
@@ -96,11 +96,6 @@ export declare const ResourceAllocationResponseCodec: import("scale-ts").Codec<{
             value: {
                 slotAccountKey: Uint8Array<ArrayBufferLike>;
             };
-        } | {
-            tag: "BulletInAllowance";
-            value: {
-                slotAccountKey: Uint8Array<ArrayBufferLike>;
-            };
         } | {
             tag: "SmartContractAllowance";
             value: undefined;
@@ -110,6 +105,11 @@ export declare const ResourceAllocationResponseCodec: import("scale-ts").Codec<{
                 productDerivationSecret: string;
                 productRootPrivateKey: Uint8Array<ArrayBufferLike>;
             };
+        } | {
+            tag: "BulletInAllowance";
+            value: {
+                slotAccountKey: Uint8Array<ArrayBufferLike>;
+            };
         };
     } | {
         tag: "NotAvailable";

package/dist/sso/sessionManager/userSession.d.ts

@@ -11,6 +11,7 @@ import type { ApAllocationOutcome, ResourceAllocationRequest } from './scale/res
 import type { SigningPayloadRequest, SigningPayloadResponseData, SigningRawRequest } from './scale/signing.js';
 export type UserSession = StoredUserSession & {
     sendDisconnectMessage(): ResultAsync<void, Error>;
+    abortPendingRequests(): ResultAsync<void, Error>;
     signPayload(payload: SigningPayloadRequest): ResultAsync<SigningPayloadResponseData, Error>;
     signRaw(payload: SigningRawRequest): ResultAsync<SigningPayloadResponseData, Error>;
     createTransaction(payload: CreateTransactionRequest): ResultAsync<Uint8Array, Error>;

package/dist/sso/sessionManager/userSession.js

@@ -13,6 +13,8 @@ import { RemoteMessageCodec } from './scale/remoteMessage.js';
 // payload is for an SDK version the mobile app doesn't support yet. After
 // this timeout the queue task fails, freeing the pool for the next request.
 const QUEUE_TASK_TIMEOUT_MS = 180_000;
+// Mobile SSO statements allow 256 KiB total; keep headroom for statement/session overhead.
+const MAX_SSO_REQUEST_SIZE = 254 * 1024;
 function withQueueTimeout(resultAsync, label) {
     const timeoutPromise = new Promise(resolve => setTimeout(() => resolve(err(new Error(`${label} timed out — queue freed`))), QUEUE_TASK_TIMEOUT_MS));
     return ResultAsync.fromPromise(Promise.race([resultAsync, timeoutPromise]), toError).andThen(r => r);
@@ -64,12 +66,20 @@ function withHostActionTrace(result, messageId, sessionId) {
 }
 export function createUserSession({ userSession, statementStore, encryption, storage, prover, }) {
     const requestQueue = createAsyncTaskPool({ poolSize: 1, retryCount: 0, retryDelay: 0 });
+    // Shared abort handle for everything currently on the request queue.
+    // abortPendingRequests() fires it to drop the in-flight task plus anything
+    // queued behind it, then swaps in a fresh controller so later requests aren't
+    // pre-aborted.
+    let requestAbort = new AbortController();
+    // Enqueue against the live abort signal so abortPendingRequests() can drop every pending task.
+    const enqueue = (fn) => requestQueue.call(fn, { signal: requestAbort.signal });
     const session = createSession({
         localAccount: userSession.localAccount,
         remoteAccount: userSession.remoteAccount,
         statementStore,
         encryption,
         prover,
+        maxRequestSize: MAX_SSO_REQUEST_SIZE,
     });
     const processedMessages = fieldListView({
         storage,
@@ -80,7 +90,7 @@ export function createUserSession({ userSession, statementStore, encryption, sto
     return {
         ...userSession,
         signPayload(payload) {
-            return requestQueue.call(() => {
+            return enqueue(() => {
                 const messageId = nanoid();
                 const data = enumValue('v1', enumValue('SignRequest', enumValue('Payload', payload)));
                 emitHostAction(messageId, actionKindFromMessageData(data), userSession.id);
@@ -106,7 +116,7 @@ export function createUserSession({ userSession, statementStore, encryption, sto
             });
         },
         signRaw(payload) {
-            return requestQueue.call(() => {
+            return enqueue(() => {
                 const messageId = nanoid();
                 const data = enumValue('v1', enumValue('SignRequest', enumValue('Raw', payload)));
                 emitHostAction(messageId, actionKindFromMessageData(data), userSession.id);
@@ -132,7 +142,7 @@ export function createUserSession({ userSession, statementStore, encryption, sto
             });
         },
         createTransaction(payload) {
-            return requestQueue.call(() => {
+            return enqueue(() => {
                 const messageId = nanoid();
                 const request = session.request(RemoteMessageCodec, {
                     messageId,
@@ -159,7 +169,7 @@ export function createUserSession({ userSession, statementStore, encryption, sto
             });
         },
         sendDisconnectMessage() {
-            return requestQueue.call(() => session
+            return enqueue(() => session
                 .submitRequestMessage(RemoteMessageCodec, {
                 messageId: nanoid(),
                 data: enumValue('v1', enumValue('Disconnected', undefined)),
@@ -167,7 +177,7 @@ export function createUserSession({ userSession, statementStore, encryption, sto
                 .map(() => undefined));
         },
         getRingVrfAlias(productAccountId, productId) {
-            return requestQueue.call(() => {
+            return enqueue(() => {
                 const messageId = nanoid();
                 const data = enumValue('v1', enumValue('RingVrfAliasRequest', {
                     productAccountId,
@@ -188,7 +198,7 @@ export function createUserSession({ userSession, statementStore, encryption, sto
             });
         },
         requestResourceAllocation(request) {
-            return requestQueue.call(() => {
+            return enqueue(() => {
                 const messageId = nanoid();
                 const sendRequest = session.request(RemoteMessageCodec, {
                     messageId,
@@ -268,6 +278,17 @@ export function createUserSession({ userSession, statementStore, encryption, sto
                 });
             });
         },
+        abortPendingRequests() {
+            // Drop the whole request queue: aborting the shared signal rejects the
+            // in-flight task and every request queued behind it, freeing the single
+            // slot immediately instead of waiting out the per-task 180s timeout. Swap
+            // in a fresh controller so subsequent requests aren't pre-aborted.
+            requestAbort.abort(new Error('Session request aborted'));
+            requestAbort = new AbortController();
+            // Then supersede the in-flight on-chain batch with an empty one and reject
+            // any session-level response waiters left orphaned by the dropped tasks.
+            return session.clearOutgoingStatement();
+        },
         dispose() {
             return session.dispose();
         },

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@novasamatech/host-papp",
   "type": "module",
-  "version": "0.8.0-1",
+  "version": "0.8.1",
   "description": "Polkadot app integration",
   "license": "Apache-2.0",
   "repository": {
@@ -34,19 +34,18 @@
     "@noble/ciphers": "2.2.0",
     "@noble/curves": "2.2.0",
     "@noble/hashes": "2.2.0",
-    "@novasamatech/host-api": "0.8.0-1",
-    "@novasamatech/scale": "0.8.0-1",
-    "@novasamatech/statement-store": "0.8.0-1",
-    "@novasamatech/storage-adapter": "0.8.0-1",
+    "@novasamatech/host-api": "0.8.1",
+    "@novasamatech/scale": "0.8.1",
+    "@novasamatech/statement-store": "0.8.1",
+    "@novasamatech/storage-adapter": "0.8.1",
     "@polkadot-api/utils": "^0.4.0",
     "@polkadot-labs/hdkd-helpers": "^0.0.30",
     "nanoevents": "9.1.0",
-    "nanoid": "5.1.9",
+    "nanoid": "5.1.11",
     "neverthrow": "^8.2.0",
     "polkadot-api": ">=2",
     "rxjs": "^7.8.2",
-    "scale-ts": "1.6.1",
-    "verifiablejs": "1.2.0"
+    "scale-ts": "1.6.1"
   },
   "publishConfig": {
     "access": "public"