@oxyhq/core 1.11.11 → 1.11.13

package/dist/cjs/utils/accountUtils.js

@@ -4,7 +4,76 @@
  * Used by both @oxyhq/services (React Native) and @oxyhq/auth (Web) account stores.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.createQuickAccount = exports.buildAccountsArray = void 0;
+exports.createQuickAccount = exports.buildAccountsArray = exports.getAccountFallbackHandle = exports.getAccountDisplayName = exports.formatPublicKeyHandle = void 0;
+const i18n_1 = require("../i18n");
+/**
+ * Truncate a long public key for display, e.g. `0x12345678…`.
+ * Falls back to the raw key if it's too short to truncate.
+ */
+const formatPublicKeyHandle = (publicKey) => {
+    const cleaned = publicKey.startsWith('0x') ? publicKey.slice(2) : publicKey;
+    if (cleaned.length <= 8)
+        return `0x${cleaned}`;
+    return `0x${cleaned.slice(0, 8)}…`;
+};
+exports.formatPublicKeyHandle = formatPublicKeyHandle;
+/**
+ * Resolve a friendly display name for a user.
+ *
+ * Order of preference:
+ *  1. `name.full`, or composed `name.first name.last`
+ *  2. `name` (when stored as a plain string)
+ *  3. `username`
+ *  4. `Account 0x12345678…` (derived from publicKey, when present)
+ *  5. Translated fallback (e.g. "Unnamed")
+ *
+ * The translation key `common.unnamed` is used for the final fallback. If the
+ * caller does not pass a locale, the default English translation is used.
+ */
+const getAccountDisplayName = (user, locale) => {
+    if (!user)
+        return (0, i18n_1.translate)(locale, 'common.unnamed');
+    const { name, username, publicKey } = user;
+    if (name && typeof name === 'object') {
+        if (typeof name.full === 'string' && name.full.trim())
+            return name.full.trim();
+        const first = typeof name.first === 'string' ? name.first.trim() : '';
+        const last = typeof name.last === 'string' ? name.last.trim() : '';
+        const composed = [first, last].filter(Boolean).join(' ').trim();
+        if (composed)
+            return composed;
+    }
+    else if (typeof name === 'string' && name.trim()) {
+        return name.trim();
+    }
+    if (typeof username === 'string' && username.trim())
+        return username.trim();
+    if (typeof publicKey === 'string' && publicKey.length > 0) {
+        return (0, i18n_1.translate)(locale, 'common.accountFallback', {
+            handle: (0, exports.formatPublicKeyHandle)(publicKey),
+        });
+    }
+    return (0, i18n_1.translate)(locale, 'common.unnamed');
+};
+exports.getAccountDisplayName = getAccountDisplayName;
+/**
+ * Resolve a `@handle` style identifier for a user.
+ *
+ * Returns the bare username when present (without the `@`), otherwise a
+ * truncated public-key handle (`0x12345678…`), or `undefined` when neither is
+ * available — callers can decide whether to hide the line entirely.
+ */
+const getAccountFallbackHandle = (user) => {
+    if (!user)
+        return undefined;
+    if (typeof user.username === 'string' && user.username.trim())
+        return user.username.trim();
+    if (typeof user.publicKey === 'string' && user.publicKey.length > 0) {
+        return (0, exports.formatPublicKeyHandle)(user.publicKey);
+    }
+    return undefined;
+};
+exports.getAccountFallbackHandle = getAccountFallbackHandle;
 /**
  * Build an ordered array of QuickAccounts from a map and order list.
  */
@@ -27,7 +96,7 @@ exports.buildAccountsArray = buildAccountsArray;
  * @param getFileDownloadUrl - Function to generate avatar download URL from file ID
  */
 const createQuickAccount = (sessionId, userData, existingAccount, getFileDownloadUrl) => {
-    const displayName = userData.name?.full || userData.name?.first || userData.username || 'Account';
+    const displayName = (0, exports.getAccountDisplayName)(userData);
     const userId = userData.id || (typeof userData._id === 'string' ? userData._id : userData._id?.toString());
     // Preserve existing avatarUrl if avatar hasn't changed (prevents image reload)
     let avatarUrl;

package/dist/cjs/utils/asyncUtils.js

@@ -44,18 +44,47 @@ async function parallelWithErrorHandling(operations, errorHandler) {
     const results = await Promise.allSettled(operations.map((op, index) => withErrorHandling(op, error => errorHandler?.(error, index))));
     return results.map(result => result.status === 'fulfilled' ? result.value : null);
 }
+/**
+ * Extract an HTTP status code from an error value, tolerating both the
+ * axios-style nested shape (`error.response.status`) and the flat shape
+ * produced by {@link handleHttpError} / fetch-based clients (`error.status`).
+ *
+ * Centralising this lookup prevents retry predicates from silently falling
+ * through when one of the two shapes is missing, which previously caused
+ * @oxyhq/core to retry 4xx responses and turn sub-10ms failures into
+ * multi-second stalls for every missing-resource lookup.
+ */
+function extractHttpStatus(error) {
+    if (!error || typeof error !== 'object')
+        return undefined;
+    const candidate = error;
+    const flat = candidate.status;
+    if (typeof flat === 'number' && Number.isFinite(flat))
+        return flat;
+    const nested = candidate.response?.status;
+    if (typeof nested === 'number' && Number.isFinite(nested))
+        return nested;
+    return undefined;
+}
 /**
  * Retry an async operation with exponential backoff
  *
- * By default, does not retry on 4xx errors (client errors).
- * Use shouldRetry callback to customize retry behavior.
+ * By default, does not retry on 4xx errors (client errors). The default
+ * predicate accepts both the axios-style `error.response.status` and the
+ * flat `error.status` shape produced by {@link handleHttpError}, so callers
+ * never accidentally retry a deterministic client failure.
+ *
+ * Use the `shouldRetry` callback to customize retry behavior.
  */
 async function retryAsync(operation, maxRetries = 3, baseDelay = 1000, shouldRetry) {
     let lastError;
-    // Default shouldRetry: don't retry on 4xx errors
+    // Default shouldRetry: don't retry on 4xx errors (client errors).
+    // Checks BOTH `error.status` (flat shape from handleHttpError / fetch
+    // clients) AND `error.response.status` (axios-style shape) so neither
+    // representation can leak a client error into the retry loop.
     const defaultShouldRetry = (error) => {
-        // Don't retry on 4xx errors (client errors)
-        if (error?.response?.status >= 400 && error?.response?.status < 500) {
+        const status = extractHttpStatus(error);
+        if (status !== undefined && status >= 400 && status < 500) {
             return false;
         }
         return true;

package/dist/cjs/utils/deviceManager.js

@@ -1,39 +1,7 @@
 "use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || (function () {
-    var ownKeys = function(o) {
-        ownKeys = Object.getOwnPropertyNames || function (o) {
-            var ar = [];
-            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
-            return ar;
-        };
-        return ownKeys(o);
-    };
-    return function (mod) {
-        if (mod && mod.__esModule) return mod;
-        var result = {};
-        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
-        __setModuleDefault(result, mod);
-        return result;
-    };
-})();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.DeviceManager = void 0;
+const platformCrypto_1 = require("./platformCrypto");
 /**
  * Client-side device management utility
  * Handles persistent device identification across app sessions
@@ -51,9 +19,10 @@ class DeviceManager {
     static async getStorage() {
         if (this.isReactNative()) {
             try {
-                // Variable indirection prevents bundlers (Vite, webpack) from statically resolving this
-                const moduleName = '@react-native-async-storage/async-storage';
-                const asyncStorageModule = await Promise.resolve(`${moduleName}`).then(s => __importStar(require(s)));
+                // `loadAsyncStorage` is per-platform: the RN variant statically imports
+                // @react-native-async-storage/async-storage, the default variant throws
+                // (never called outside RN because of the `isReactNative()` gate above).
+                const asyncStorageModule = await (0, platformCrypto_1.loadAsyncStorage)();
                 const storage = asyncStorageModule.default;
                 return {
                     getItem: storage.getItem.bind(storage),

package/dist/cjs/utils/platformCrypto.js

@@ -0,0 +1,165 @@
+"use strict";
+/**
+ * Platform Crypto / Storage — Default Variant (Node.js, Browser, generic bundlers)
+ *
+ * Provides lazy access to platform-specific crypto and storage modules.
+ *
+ * # Variants
+ *
+ * This module ships in two physical variants on disk, selected per consumer
+ * by the bundler / runtime:
+ *
+ * - `platformCrypto.js`           — this file. Used by Node.js, Vite, webpack,
+ *                                   Rollup, esbuild, and anything that does
+ *                                   not match Metro's `*.native.js`
+ *                                   source-extension preference.
+ * - `platformCrypto.native.js`    — sibling file. Picked up automatically by
+ *                                   Metro's resolver (which prefers
+ *                                   `*.<platform>.js` and `*.native.js` over
+ *                                   plain `*.js` when `preferNativePlatform`
+ *                                   is true — Expo sets this for all non-web
+ *                                   builds).
+ *
+ * The `package.json#exports` map also declares a `"react-native"` condition
+ * pointing at the same `dist/esm/index.js` entry — that entry transitively
+ * imports `./platformCrypto`, and Metro's per-file source-extension lookup
+ * substitutes the `.native.js` sibling automatically inside `dist/`. This
+ * means consumers never have to add resolver shims; Metro Just Works.
+ *
+ * Both variants expose the EXACT same public API; importers don't need to know
+ * which one they got. The variant difference is purely about which underlying
+ * native modules each one references:
+ *
+ *   ┌──────────────────┬───────────────────────┬───────────────────────────────┐
+ *   │ Function         │ Default variant       │ React Native variant          │
+ *   ├──────────────────┼───────────────────────┼───────────────────────────────┤
+ *   │ loadNodeCrypto   │ `await import('crypto')` (Node built-in)              │
+ *   │                  │                       │ throws — Node crypto is not   │
+ *   │                  │                       │ available on Hermes/RN        │
+ *   ├──────────────────┼───────────────────────┼───────────────────────────────┤
+ *   │ loadExpoCrypto   │ throws — expo-crypto  │ static `import 'expo-crypto'` │
+ *   │                  │ is not part of a      │                               │
+ *   │                  │ Node/Vite bundle      │                               │
+ *   ├──────────────────┼───────────────────────┼───────────────────────────────┤
+ *   │ loadSecureStore  │ throws (web/Node have │ static `import 'expo-secure-` │
+ *   │                  │ their own storage)    │ store'                        │
+ *   ├──────────────────┼───────────────────────┼───────────────────────────────┤
+ *   │ loadAsyncStorage │ throws (web/Node have │ static `import '@react-       │
+ *   │                  │ their own storage)    │ native-async-storage/...'     │
+ *   ├──────────────────┼───────────────────────┼───────────────────────────────┤
+ *   │ getRandomBytesRN │ throws (RN-only)      │ direct call into expo-crypto  │
+ *   └──────────────────┴───────────────────────┴───────────────────────────────┘
+ *
+ * Crucially, the default variant references ONLY Node's `'crypto'`. It never
+ * mentions `expo-*` or `@react-native-async-storage/*` — so Vite, webpack,
+ * esbuild, Rollup, and Node itself can bundle / require it without ever
+ * attempting to resolve those RN-only packages.
+ *
+ * The React Native variant references ONLY the RN packages. It never
+ * mentions `'crypto'` — so Metro and Hermes have nothing to choke on.
+ *
+ * # Why not a single file with dynamic import?
+ *
+ * A previous iteration used a "bundler-opaque" `new Function('s', 'return
+ * import(s)')` trick so a single file could service every platform. It
+ * bundled cleanly on Metro but Hermes refused to PARSE the resulting
+ * `import()` expression inside a Function-constructor body
+ * (`SyntaxError: Invalid expression encountered` at the `(` of `import(`).
+ * The platform-extension split is the only approach that lets each runtime
+ * see a file containing only specifiers it can understand — no tricks, no
+ * runtime parsing risks.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.loadNodeCrypto = loadNodeCrypto;
+exports.loadExpoCrypto = loadExpoCrypto;
+exports.loadSecureStore = loadSecureStore;
+exports.loadAsyncStorage = loadAsyncStorage;
+exports.getRandomBytesRN = getRandomBytesRN;
+const platform_1 = require("./platform");
+// ---------------------------------------------------------------------------
+// Node `crypto` — Node built-in
+//
+// `await import('crypto')` here is a real, static-from-tsc's-perspective
+// dynamic import. Node ESM, Vite, webpack, and esbuild all resolve it fine.
+// Metro never sees this file because the `.react-native.js` sibling shadows
+// it, so Metro never tries to resolve `'crypto'`.
+// ---------------------------------------------------------------------------
+let cachedNodeCrypto = null;
+async function loadNodeCrypto() {
+    if (cachedNodeCrypto) {
+        return cachedNodeCrypto;
+    }
+    cachedNodeCrypto = await Promise.resolve().then(() => __importStar(require('node:crypto')));
+    return cachedNodeCrypto;
+}
+// ---------------------------------------------------------------------------
+// RN-only modules — never called from this variant.
+//
+// These throw a clear error if anything ever reaches them outside RN. In
+// practice every caller gates with `isReactNative()` before calling, so
+// these are belt-and-braces.
+// ---------------------------------------------------------------------------
+function notReactNativeError(module) {
+    return new Error(`[oxy.platformCrypto] Tried to load '${module}' outside React Native. This module is only available in a React Native runtime; bundling routed this consumer to the default (Node/web) variant. This indicates a missing platform gate (\`isReactNative()\`) in the calling code.`);
+}
+async function loadExpoCrypto() {
+    if ((0, platform_1.isReactNative)()) {
+        // Should be unreachable: when running on RN, Metro / the `react-native`
+        // exports condition serves the sibling variant. If we got here, the
+        // package-exports map is misconfigured for this host. Throw with a
+        // helpful diagnostic rather than fall back to a broken dynamic import.
+        throw new Error('[oxy.platformCrypto] React Native runtime resolved the default ' +
+            '(non-RN) variant of @oxyhq/core/utils/platformCrypto. Check the ' +
+            "consumer's bundler resolution — Metro should pick the sibling " +
+            '.react-native.js file via package exports.');
+    }
+    throw notReactNativeError('expo-crypto');
+}
+async function loadSecureStore() {
+    throw notReactNativeError('expo-secure-store');
+}
+async function loadAsyncStorage() {
+    throw notReactNativeError('@react-native-async-storage/async-storage');
+}
+/**
+ * Synchronous random-bytes via `expo-crypto.getRandomBytes`. Only available
+ * in the React Native variant. The default variant throws because Node and
+ * browsers have their own native CSPRNGs (`crypto.randomBytes` and
+ * `crypto.getRandomValues` respectively) — callers should use those.
+ */
+function getRandomBytesRN(_byteCount) {
+    throw notReactNativeError('expo-crypto.getRandomBytes (sync)');
+}

package/dist/cjs/utils/platformCrypto.native.js

@@ -0,0 +1,123 @@
+"use strict";
+/**
+ * Platform Crypto / Storage — React Native Variant
+ *
+ * Companion to `./platformCrypto.ts`. See the doc-comment at the top of that
+ * file for the full design.
+ *
+ * Metro auto-selects this file in any non-web build (`preferNativePlatform`
+ * is `true` for iOS / Android, so `*.native.js` shadows `*.js` during
+ * source-extension resolution inside `node_modules/@oxyhq/core/dist/`). On
+ * iOS / Android `<base>.ios.js` / `<base>.android.js` would shadow this file
+ * if they existed, but they don't — `.native.js` is the shared RN variant.
+ *
+ *   - The default variant references Node's `'crypto'` and would crash Metro
+ *     if bundled into an RN app.
+ *   - This variant references the RN-only modules (`expo-crypto`,
+ *     `expo-secure-store`, `@react-native-async-storage/async-storage`)
+ *     as static imports, so Metro and Hermes both resolve and parse them
+ *     cleanly.
+ *
+ * Both variants expose the same surface; importers don't care which one
+ * they got.
+ *
+ * # Why static imports?
+ *
+ * Every RN consumer of `@oxyhq/core` already lists or transitively pulls
+ * in `expo-crypto`, `expo-secure-store`, and
+ * `@react-native-async-storage/async-storage` (they're stable Expo modules
+ * present in `services`, `accounts`, `inbox`, and `test-app`). A static
+ * import is what Metro wants to see anyway, and Hermes parses it like any
+ * other ES module — no `Function`-constructor parser exotic-mode involved.
+ *
+ * This is also clearer to debug: Metro fails up-front with a normal
+ * unresolved-module error if a consumer is missing a peer dep, instead of
+ * a confusing runtime throw the first time a code path that needs the
+ * module is exercised.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.loadNodeCrypto = loadNodeCrypto;
+exports.loadExpoCrypto = loadExpoCrypto;
+exports.loadSecureStore = loadSecureStore;
+exports.loadAsyncStorage = loadAsyncStorage;
+exports.getRandomBytesRN = getRandomBytesRN;
+const ExpoCrypto = __importStar(require("expo-crypto"));
+const SecureStore = __importStar(require("expo-secure-store"));
+const async_storage_1 = __importDefault(require("@react-native-async-storage/async-storage"));
+// ---------------------------------------------------------------------------
+// Node `crypto` — never available in RN.
+// ---------------------------------------------------------------------------
+async function loadNodeCrypto() {
+    // Unreachable in practice: every caller gates with `isNodeJS()` before
+    // invoking this. If it somehow does fire, throw immediately with a clear
+    // diagnostic rather than letting Metro / Hermes attempt to find a
+    // non-existent module at runtime.
+    throw new Error("[oxy.platformCrypto] Node's built-in 'crypto' module is not available " +
+        'in a React Native runtime. Use the RN-specific helpers ' +
+        '(loadExpoCrypto, getRandomBytesRN) or the Web Crypto API (`globalThis.crypto`).');
+}
+// ---------------------------------------------------------------------------
+// expo-crypto — RN cryptographic primitives.
+// ---------------------------------------------------------------------------
+async function loadExpoCrypto() {
+    return ExpoCrypto;
+}
+// ---------------------------------------------------------------------------
+// expo-secure-store — RN keychain / keystore.
+// ---------------------------------------------------------------------------
+async function loadSecureStore() {
+    return SecureStore;
+}
+async function loadAsyncStorage() {
+    // Mirror the shape callers historically used (`module.default.<method>`)
+    // so the call sites don't have to know whether the underlying module
+    // ships ESM or CJS-with-default.
+    const storage = async_storage_1.default;
+    return {
+        default: storage,
+    };
+}
+/**
+ * Synchronous random-bytes via `expo-crypto.getRandomBytes`. Available
+ * synchronously because `expo-crypto` is statically imported by this file
+ * — no async initialization race.
+ */
+function getRandomBytesRN(byteCount) {
+    return ExpoCrypto.getRandomBytes(byteCount);
+}