@pollar/core 0.5.3 → 0.7.0

package/dist/index.rn.mjs

@@ -0,0 +1,2599 @@
+import { p256 } from '@noble/curves/p256';
+
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __commonJS = (cb, mod) => function __require() {
+  return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+
+// ../../node_modules/@stellar/freighter-api/build/index.min.js
+var require_index_min = __commonJS({
+  "../../node_modules/@stellar/freighter-api/build/index.min.js"(exports$1, module) {
+    !(function(e, r) {
+      "object" == typeof exports$1 && "object" == typeof module ? module.exports = r() : "function" == typeof define && define.amd ? define([], r) : "object" == typeof exports$1 ? exports$1.freighterApi = r() : e.freighterApi = r();
+    })(exports$1, (() => (() => {
+      var e, r, E = { d: (e2, r2) => {
+        for (var o2 in r2) E.o(r2, o2) && !E.o(e2, o2) && Object.defineProperty(e2, o2, { enumerable: true, get: r2[o2] });
+      }, o: (e2, r2) => Object.prototype.hasOwnProperty.call(e2, r2), r: (e2) => {
+        "undefined" != typeof Symbol && Symbol.toStringTag && Object.defineProperty(e2, Symbol.toStringTag, { value: "Module" }), Object.defineProperty(e2, "__esModule", { value: true });
+      } }, o = {};
+      E.r(o), E.d(o, { default: () => I, getNetwork: () => N, getNetworkDetails: () => s, getPublicKey: () => _, getUserInfo: () => R, isAllowed: () => C, isBrowser: () => c, isConnected: () => n, requestAccess: () => i, setAllowed: () => O, signAuthEntry: () => S, signBlob: () => A, signTransaction: () => t }), (function(e2) {
+        e2.CREATE_ACCOUNT = "CREATE_ACCOUNT", e2.FUND_ACCOUNT = "FUND_ACCOUNT", e2.ADD_ACCOUNT = "ADD_ACCOUNT", e2.IMPORT_ACCOUNT = "IMPORT_ACCOUNT", e2.IMPORT_HARDWARE_WALLET = "IMPORT_HARDWARE_WALLET", e2.LOAD_ACCOUNT = "LOAD_ACCOUNT", e2.MAKE_ACCOUNT_ACTIVE = "MAKE_ACCOUNT_ACTIVE", e2.UPDATE_ACCOUNT_NAME = "UPDATE_ACCOUNT_NAME", e2.GET_MNEMONIC_PHRASE = "GET_MNEMONIC_PHRASE", e2.CONFIRM_MNEMONIC_PHRASE = "CONFIRM_MNEMONIC_PHRASE", e2.CONFIRM_MIGRATED_MNEMONIC_PHRASE = "CONFIRM_MIGRATED_MNEMONIC_PHRASE", e2.RECOVER_ACCOUNT = "RECOVER_ACCOUNT", e2.CONFIRM_PASSWORD = "CONFIRM_PASSWORD", e2.REJECT_ACCESS = "REJECT_ACCESS", e2.GRANT_ACCESS = "GRANT_ACCESS", e2.SIGN_TRANSACTION = "SIGN_TRANSACTION", e2.SIGN_BLOB = "SIGN_BLOB", e2.SIGN_AUTH_ENTRY = "SIGN_AUTH_ENTRY", e2.HANDLE_SIGNED_HW_TRANSACTION = "HANDLE_SIGNED_HW_TRANSACTION", e2.REJECT_TRANSACTION = "REJECT_TRANSACTION", e2.SIGN_FREIGHTER_TRANSACTION = "SIGN_FREIGHTER_TRANSACTION", e2.SIGN_FREIGHTER_SOROBAN_TRANSACTION = "SIGN_FREIGHTER_SOROBAN_TRANSACTION", e2.ADD_RECENT_ADDRESS = "ADD_RECENT_ADDRESS", e2.LOAD_RECENT_ADDRESSES = "LOAD_RECENT_ADDRESSES", e2.SIGN_OUT = "SIGN_OUT", e2.SHOW_BACKUP_PHRASE = "SHOW_BACKUP_PHRASE", e2.SAVE_ALLOWLIST = "SAVE_ALLOWLIST", e2.SAVE_SETTINGS = "SAVE_SETTINGS", e2.LOAD_SETTINGS = "LOAD_SETTINGS", e2.GET_CACHED_ASSET_ICON = "GET_CACHED_ASSET_ICON", e2.CACHE_ASSET_ICON = "CACHE_ASSET_ICON", e2.GET_CACHED_ASSET_DOMAIN = "GET_CACHED_ASSET_DOMAIN", e2.CACHE_ASSET_DOMAIN = "CACHE_ASSET_DOMAIN", e2.GET_BLOCKED_ACCOUNTS = "GET_BLOCKED_ACCOUNTS", e2.GET_BLOCKED_DOMAINS = "GET_BLOCKED_DOMAINS", e2.ADD_CUSTOM_NETWORK = "ADD_CUSTOM_NETWORK", e2.CHANGE_NETWORK = "CHANGE_NETWORK", e2.REMOVE_CUSTOM_NETWORK = "REMOVE_CUSTOM_NETWORK", e2.EDIT_CUSTOM_NETWORK = "EDIT_CUSTOM_NETWORK", e2.RESET_EXP_DATA = "RESET_EXP_DATA", e2.ADD_TOKEN_ID = "ADD_TOKEN_ID", e2.GET_TOKEN_IDS = "GET_TOKEN_IDS", e2.REMOVE_TOKEN_ID = "REMOVE_TOKEN_ID", e2.GET_MIGRATABLE_ACCOUNTS = "GET_MIGRATABLE_ACCOUNTS", e2.GET_MIGRATED_MNEMONIC_PHRASE = "GET_MIGRATED_MNEMONIC_PHRASE", e2.MIGRATE_ACCOUNTS = "MIGRATE_ACCOUNTS";
+      })(e || (e = {})), (function(e2) {
+        e2.REQUEST_ACCESS = "REQUEST_ACCESS", e2.REQUEST_PUBLIC_KEY = "REQUEST_PUBLIC_KEY", e2.SUBMIT_TRANSACTION = "SUBMIT_TRANSACTION", e2.SUBMIT_BLOB = "SUBMIT_BLOB", e2.SUBMIT_AUTH_ENTRY = "SUBMIT_AUTH_ENTRY", e2.REQUEST_NETWORK = "REQUEST_NETWORK", e2.REQUEST_NETWORK_DETAILS = "REQUEST_NETWORK_DETAILS", e2.REQUEST_CONNECTION_STATUS = "REQUEST_CONNECTION_STATUS", e2.REQUEST_ALLOWED_STATUS = "REQUEST_ALLOWED_STATUS", e2.SET_ALLOWED_STATUS = "SET_ALLOWED_STATUS", e2.REQUEST_USER_INFO = "REQUEST_USER_INFO";
+      })(r || (r = {}));
+      const T = (e2) => {
+        const E2 = Date.now() + Math.random();
+        return window.postMessage({ source: "FREIGHTER_EXTERNAL_MSG_REQUEST", messageId: E2, ...e2 }, window.location.origin), new Promise(((o2) => {
+          let T2 = 0;
+          e2.type !== r.REQUEST_CONNECTION_STATUS && e2.type !== r.REQUEST_PUBLIC_KEY || (T2 = setTimeout((() => {
+            o2({ isConnected: false, publicKey: "" }), window.removeEventListener("message", _2);
+          }), 2e3));
+          const _2 = (e3) => {
+            var r2, t2;
+            e3.source === window && "FREIGHTER_EXTERNAL_MSG_RESPONSE" === (null === (r2 = null == e3 ? void 0 : e3.data) || void 0 === r2 ? void 0 : r2.source) && (null === (t2 = null == e3 ? void 0 : e3.data) || void 0 === t2 ? void 0 : t2.messagedId) === E2 && (o2(e3.data), window.removeEventListener("message", _2), clearTimeout(T2));
+          };
+          window.addEventListener("message", _2, false);
+        }));
+      }, _ = () => c ? (async () => {
+        let e2 = { publicKey: "", error: "" };
+        try {
+          e2 = await T({ type: r.REQUEST_PUBLIC_KEY });
+        } catch (e3) {
+          console.error(e3);
+        }
+        const { publicKey: E2, error: o2 } = e2;
+        if (o2) throw o2;
+        return E2;
+      })() : Promise.resolve(""), t = (e2, E2) => c ? (async (e3, E3, o2) => {
+        let _2 = "", t2 = "", A2 = "";
+        "object" == typeof E3 ? (_2 = E3.network || "", t2 = E3.accountToSign || "", A2 = E3.networkPassphrase || "") : (_2 = E3 || "", t2 = "");
+        let S2 = { signedTransaction: "", error: "" };
+        try {
+          S2 = await T({ transactionXdr: e3, network: _2, networkPassphrase: A2, accountToSign: t2, type: r.SUBMIT_TRANSACTION });
+        } catch (e4) {
+          throw console.error(e4), e4;
+        }
+        const { signedTransaction: n2, error: N2 } = S2;
+        if (N2) throw N2;
+        return n2;
+      })(e2, E2) : Promise.resolve(""), A = (e2, E2) => c ? (async (e3, E3) => {
+        let o2 = { signedBlob: "", error: "" };
+        const _2 = (E3 || {}).accountToSign || "";
+        try {
+          o2 = await T({ blob: e3, accountToSign: _2, type: r.SUBMIT_BLOB });
+        } catch (e4) {
+          throw console.error(e4), e4;
+        }
+        const { signedBlob: t2, error: A2 } = o2;
+        if (A2) throw A2;
+        return t2;
+      })(e2, E2) : Promise.resolve(""), S = (e2, E2) => c ? (async (e3, E3) => {
+        let o2 = { signedAuthEntry: "", error: "" };
+        const _2 = (E3 || {}).accountToSign || "";
+        try {
+          o2 = await T({ entryXdr: e3, accountToSign: _2, type: r.SUBMIT_AUTH_ENTRY });
+        } catch (e4) {
+          console.error(e4);
+        }
+        const { signedAuthEntry: t2, error: A2 } = o2;
+        if (A2) throw A2;
+        return t2;
+      })(e2, E2) : Promise.resolve(""), n = () => c ? window.freighter ? Promise.resolve(window.freighter) : (async () => {
+        let e2 = { isConnected: false };
+        try {
+          e2 = await T({ type: r.REQUEST_CONNECTION_STATUS });
+        } catch (e3) {
+          console.error(e3);
+        }
+        return e2.isConnected;
+      })() : Promise.resolve(false), N = () => c ? (async () => {
+        let e2 = { network: "", error: "" };
+        try {
+          e2 = await T({ type: r.REQUEST_NETWORK });
+        } catch (e3) {
+          console.error(e3);
+        }
+        const { network: E2, error: o2 } = e2;
+        if (o2) throw o2;
+        return E2;
+      })() : Promise.resolve(""), s = () => c ? (async () => {
+        let e2 = { networkDetails: { network: "", networkName: "", networkUrl: "", networkPassphrase: "", sorobanRpcUrl: void 0 }, error: "" };
+        try {
+          e2 = await T({ type: r.REQUEST_NETWORK_DETAILS });
+        } catch (e3) {
+          console.error(e3);
+        }
+        const { networkDetails: E2, error: o2 } = e2, { network: _2, networkUrl: t2, networkPassphrase: A2, sorobanRpcUrl: S2 } = E2;
+        if (o2) throw o2;
+        return { network: _2, networkUrl: t2, networkPassphrase: A2, sorobanRpcUrl: S2 };
+      })() : Promise.resolve({ network: "", networkUrl: "", networkPassphrase: "", sorobanRpcUrl: "" }), C = () => c ? (async () => {
+        let e2 = { isAllowed: false };
+        try {
+          e2 = await T({ type: r.REQUEST_ALLOWED_STATUS });
+        } catch (e3) {
+          console.error(e3);
+        }
+        return e2.isAllowed;
+      })() : Promise.resolve(false), O = () => c ? (async () => {
+        let e2 = { isAllowed: false, error: "" };
+        try {
+          e2 = await T({ type: r.SET_ALLOWED_STATUS });
+        } catch (e3) {
+          console.error(e3);
+        }
+        const { isAllowed: E2, error: o2 } = e2;
+        if (o2) throw o2;
+        return E2;
+      })() : Promise.resolve(false), R = () => c ? (async () => {
+        let e2 = { userInfo: { publicKey: "" }, error: "" };
+        try {
+          e2 = await T({ type: r.REQUEST_USER_INFO });
+        } catch (e3) {
+          console.error(e3);
+        }
+        const { userInfo: E2, error: o2 } = e2;
+        if (o2) throw o2;
+        return E2;
+      })() : Promise.resolve({ publicKey: "" }), i = () => c ? (async () => {
+        let e2 = { publicKey: "", error: "" };
+        try {
+          e2 = await T({ type: r.REQUEST_ACCESS });
+        } catch (e3) {
+          console.error(e3);
+        }
+        const { publicKey: E2, error: o2 } = e2;
+        if (o2) throw o2;
+        return E2;
+      })() : Promise.resolve(""), c = "undefined" != typeof window, I = { getPublicKey: _, signTransaction: t, signBlob: A, signAuthEntry: S, isConnected: n, getNetwork: N, getNetworkDetails: s, isAllowed: C, setAllowed: O, getUserInfo: R, requestAccess: i };
+      return o;
+    })()));
+  }
+});
+
+// src/keys/factory.ts
+var _factory = null;
+function _setDefaultKeyManagerFactory(factory) {
+  _factory = factory;
+}
+function defaultKeyManager(storage, apiKey) {
+  if (!_factory) {
+    throw new Error(
+      '[PollarClient] No default KeyManager factory registered. Did you import from "@pollar/core" via a non-standard path?'
+    );
+  }
+  return _factory(storage, apiKey);
+}
+
+// src/lib/sha256.ts
+async function sha256(data) {
+  const buf = await crypto.subtle.digest("SHA-256", data);
+  return new Uint8Array(buf);
+}
+
+// src/lib/api-key-hash.ts
+async function hashApiKey(apiKey) {
+  const digest = await sha256(new TextEncoder().encode(apiKey));
+  let hex = "";
+  for (let i = 0; i < 4; i++) hex += digest[i].toString(16).padStart(2, "0");
+  return hex;
+}
+
+// src/lib/base64url.ts
+var ALPHABET = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";
+var REVERSE = (() => {
+  const m = /* @__PURE__ */ new Map();
+  for (let i = 0; i < ALPHABET.length; i++) m.set(ALPHABET[i], i);
+  return m;
+})();
+function base64urlEncode(bytes) {
+  let result = "";
+  let i = 0;
+  for (; i + 2 < bytes.length; i += 3) {
+    const b1 = bytes[i];
+    const b2 = bytes[i + 1];
+    const b3 = bytes[i + 2];
+    result += ALPHABET[b1 >> 2];
+    result += ALPHABET[(b1 & 3) << 4 | b2 >> 4];
+    result += ALPHABET[(b2 & 15) << 2 | b3 >> 6];
+    result += ALPHABET[b3 & 63];
+  }
+  if (i < bytes.length) {
+    const b1 = bytes[i];
+    if (i + 1 === bytes.length) {
+      result += ALPHABET[b1 >> 2];
+      result += ALPHABET[(b1 & 3) << 4];
+    } else {
+      const b2 = bytes[i + 1];
+      result += ALPHABET[b1 >> 2];
+      result += ALPHABET[(b1 & 3) << 4 | b2 >> 4];
+      result += ALPHABET[(b2 & 15) << 2];
+    }
+  }
+  return result;
+}
+function base64urlDecode(input) {
+  const clean = input.replace(/=+$/, "");
+  const out = new Uint8Array(Math.floor(clean.length * 3 / 4));
+  let byteIdx = 0;
+  for (let i = 0; i < clean.length; i += 4) {
+    const c1 = REVERSE.get(clean[i]);
+    const c2 = REVERSE.get(clean[i + 1]);
+    const c3 = i + 2 < clean.length ? REVERSE.get(clean[i + 2]) : void 0;
+    const c4 = i + 3 < clean.length ? REVERSE.get(clean[i + 3]) : void 0;
+    if (c1 === void 0 || c2 === void 0) {
+      throw new Error("[PollarClient] Invalid base64url input");
+    }
+    out[byteIdx++] = c1 << 2 | c2 >> 4;
+    if (c3 !== void 0) {
+      out[byteIdx++] = (c2 & 15) << 4 | c3 >> 2;
+      if (c4 !== void 0) {
+        out[byteIdx++] = (c3 & 3) << 6 | c4;
+      }
+    }
+  }
+  return out.slice(0, byteIdx);
+}
+function base64urlEncodeString(s) {
+  return base64urlEncode(new TextEncoder().encode(s));
+}
+
+// src/keys/thumbprint.ts
+async function computeJwkThumbprint(jwk) {
+  if (jwk.kty !== "EC" || jwk.crv !== "P-256" || !jwk.x || !jwk.y) {
+    throw new Error("[PollarClient:thumbprint] Expected EC P-256 JWK with x and y");
+  }
+  const canonical = `{"crv":"${jwk.crv}","kty":"${jwk.kty}","x":"${jwk.x}","y":"${jwk.y}"}`;
+  const digest = await sha256(new TextEncoder().encode(canonical));
+  return base64urlEncode(digest);
+}
+function canonicalEcJwk(jwk) {
+  if (jwk.kty !== "EC" || jwk.crv !== "P-256" || typeof jwk.x !== "string" || typeof jwk.y !== "string") {
+    throw new Error("[PollarClient:thumbprint] Source JWK is not an EC P-256 public key");
+  }
+  return { kty: "EC", crv: "P-256", x: jwk.x, y: jwk.y };
+}
+
+// src/keys/noble.ts
+var STORAGE_KEY_PREFIX = "pollar:dpop-key:";
+var NobleKeyManager = class {
+  constructor(storage, apiKey) {
+    this.apiKeyHash = null;
+    this.privateKey = null;
+    this.publicJwk = null;
+    this.thumbprint = null;
+    /** Cached in-flight init — see `WebCryptoKeyManager` for the rationale. */
+    this._initPromise = null;
+    this.storage = storage;
+    this.apiKey = apiKey;
+  }
+  get storageKey() {
+    if (!this.apiKeyHash) {
+      throw new Error("[PollarClient:keys] init() must be called before storage access");
+    }
+    return `${STORAGE_KEY_PREFIX}${this.apiKeyHash}`;
+  }
+  /**
+   * Idempotent and safe under concurrency. Other methods auto-await this so
+   * the manager is self-healing if `init()` was never explicitly invoked.
+   */
+  async init() {
+    if (this.privateKey) return;
+    if (!this._initPromise) {
+      this._initPromise = this._doInit().catch((err) => {
+        console.error("[PollarClient:keys] NobleKeyManager init failed", err);
+        this._initPromise = null;
+        throw err;
+      });
+    }
+    return this._initPromise;
+  }
+  async _doInit() {
+    if (!this.apiKeyHash) {
+      this.apiKeyHash = await hashApiKey(this.apiKey);
+    }
+    let priv = null;
+    try {
+      const stored = await this.storage.get(this.storageKey);
+      if (stored) {
+        const decoded = base64urlDecode(stored);
+        if (decoded.length === 32) priv = decoded;
+      }
+    } catch {
+      priv = null;
+    }
+    if (!priv) {
+      priv = p256.utils.randomPrivateKey();
+      try {
+        await this.storage.set(this.storageKey, base64urlEncode(priv));
+      } catch {
+      }
+    }
+    this.privateKey = priv;
+    const pub = p256.getPublicKey(priv, false);
+    if (pub.length !== 65 || pub[0] !== 4) {
+      throw new Error("[PollarClient:keys] Unexpected public key format from @noble/curves");
+    }
+    this.publicJwk = {
+      kty: "EC",
+      crv: "P-256",
+      x: base64urlEncode(pub.slice(1, 33)),
+      y: base64urlEncode(pub.slice(33, 65))
+    };
+    this.thumbprint = await computeJwkThumbprint(this.publicJwk);
+  }
+  async reset() {
+    try {
+      if (this.apiKeyHash) await this.storage.remove(this.storageKey);
+    } catch {
+    }
+    this.privateKey = null;
+    this.publicJwk = null;
+    this.thumbprint = null;
+    this._initPromise = null;
+  }
+  async getPublicJwk() {
+    if (!this.publicJwk) await this.init();
+    if (!this.publicJwk) {
+      throw new Error("[PollarClient:keys] Keypair initialization failed; getPublicJwk unavailable");
+    }
+    return { kty: this.publicJwk.kty, crv: this.publicJwk.crv, x: this.publicJwk.x, y: this.publicJwk.y };
+  }
+  async getThumbprint() {
+    if (!this.thumbprint) await this.init();
+    if (!this.thumbprint) {
+      throw new Error("[PollarClient:keys] Keypair initialization failed; getThumbprint unavailable");
+    }
+    return this.thumbprint;
+  }
+  async sign(payload) {
+    if (!this.privateKey) await this.init();
+    if (!this.privateKey) {
+      throw new Error("[PollarClient:keys] Keypair initialization failed; sign unavailable");
+    }
+    const digest = await sha256(payload);
+    const signature = p256.sign(digest, this.privateKey, { prehash: false });
+    return signature.toCompactRawBytes();
+  }
+};
+
+// src/keys/web-crypto.ts
+var DB_NAME = "pollar-keys";
+var DB_VERSION = 1;
+var STORE_NAME = "keys";
+function openDb() {
+  return new Promise((resolve, reject) => {
+    if (typeof indexedDB === "undefined") {
+      reject(new Error("[PollarClient:keys] IndexedDB not available"));
+      return;
+    }
+    const req = indexedDB.open(DB_NAME, DB_VERSION);
+    req.onerror = () => reject(req.error ?? new Error("IDB open failed"));
+    req.onsuccess = () => resolve(req.result);
+    req.onupgradeneeded = () => {
+      const db = req.result;
+      if (!db.objectStoreNames.contains(STORE_NAME)) {
+        db.createObjectStore(STORE_NAME);
+      }
+    };
+  });
+}
+function awaitTx(req) {
+  return new Promise((resolve, reject) => {
+    req.onsuccess = () => resolve(req.result);
+    req.onerror = () => reject(req.error ?? new Error("IDB request failed"));
+  });
+}
+async function dbGet(key) {
+  const db = await openDb();
+  try {
+    const tx = db.transaction(STORE_NAME, "readonly");
+    const result = await awaitTx(tx.objectStore(STORE_NAME).get(key));
+    return result;
+  } finally {
+    db.close();
+  }
+}
+async function dbPut(key, value) {
+  const db = await openDb();
+  try {
+    const tx = db.transaction(STORE_NAME, "readwrite");
+    await awaitTx(tx.objectStore(STORE_NAME).put(value, key));
+  } finally {
+    db.close();
+  }
+}
+async function dbDelete(key) {
+  const db = await openDb();
+  try {
+    const tx = db.transaction(STORE_NAME, "readwrite");
+    await awaitTx(tx.objectStore(STORE_NAME).delete(key));
+  } finally {
+    db.close();
+  }
+}
+function isCryptoKeyPair(v) {
+  if (typeof v !== "object" || v === null) return false;
+  const obj = v;
+  return obj.privateKey !== void 0 && obj.publicKey !== void 0;
+}
+var WebCryptoKeyManager = class {
+  constructor(apiKey) {
+    this.apiKeyHash = null;
+    this.keyPair = null;
+    this.publicJwk = null;
+    this.thumbprint = null;
+    /**
+     * Cached in-flight init. Lets `init()` be called concurrently (or implicitly
+     * from `getPublicJwk` / `sign`) without doing the work twice. Cleared on
+     * failure so callers can retry, and cleared on `reset()`.
+     */
+    this._initPromise = null;
+    if (typeof globalThis.crypto === "undefined" || !globalThis.crypto.subtle) {
+      throw new Error(
+        "[PollarClient:keys] SubtleCrypto is unavailable. DPoP requires a secure context (HTTPS or localhost)."
+      );
+    }
+    this.apiKey = apiKey;
+  }
+  /**
+   * Idempotent and safe under concurrency. The first call kicks off the real
+   * init; subsequent (and concurrent) calls return the same in-flight promise.
+   * Other methods (`getPublicJwk`, `getThumbprint`, `sign`) auto-await this so
+   * the manager is self-healing if `init()` was never explicitly invoked.
+   */
+  async init() {
+    if (this.keyPair) return;
+    if (!this._initPromise) {
+      this._initPromise = this._doInit().catch((err) => {
+        console.error("[PollarClient:keys] WebCryptoKeyManager init failed", err);
+        this._initPromise = null;
+        throw err;
+      });
+    }
+    return this._initPromise;
+  }
+  async _doInit() {
+    if (!this.apiKeyHash) {
+      this.apiKeyHash = await hashApiKey(this.apiKey);
+    }
+    let pair;
+    try {
+      pair = await dbGet(this.apiKeyHash);
+      if (pair && !isCryptoKeyPair(pair)) pair = void 0;
+    } catch {
+      pair = void 0;
+    }
+    if (!pair) {
+      pair = await globalThis.crypto.subtle.generateKey(
+        { name: "ECDSA", namedCurve: "P-256" },
+        // false → private key non-extractable; per W3C ECDSA spec the public
+        // key is always extractable regardless of this flag.
+        false,
+        ["sign", "verify"]
+      );
+      try {
+        await dbPut(this.apiKeyHash, pair);
+      } catch {
+      }
+    }
+    this.keyPair = pair;
+    const exported = await globalThis.crypto.subtle.exportKey("jwk", pair.publicKey);
+    this.publicJwk = canonicalEcJwk(exported);
+    this.thumbprint = await computeJwkThumbprint(this.publicJwk);
+  }
+  async reset() {
+    try {
+      if (this.apiKeyHash) await dbDelete(this.apiKeyHash);
+    } catch {
+    }
+    this.keyPair = null;
+    this.publicJwk = null;
+    this.thumbprint = null;
+    this._initPromise = null;
+  }
+  async getPublicJwk() {
+    if (!this.publicJwk) await this.init();
+    if (!this.publicJwk) {
+      throw new Error("[PollarClient:keys] Keypair initialization failed; getPublicJwk unavailable");
+    }
+    return { kty: this.publicJwk.kty, crv: this.publicJwk.crv, x: this.publicJwk.x, y: this.publicJwk.y };
+  }
+  async getThumbprint() {
+    if (!this.thumbprint) await this.init();
+    if (!this.thumbprint) {
+      throw new Error("[PollarClient:keys] Keypair initialization failed; getThumbprint unavailable");
+    }
+    return this.thumbprint;
+  }
+  async sign(payload) {
+    if (!this.keyPair) await this.init();
+    if (!this.keyPair) {
+      throw new Error("[PollarClient:keys] Keypair initialization failed; sign unavailable");
+    }
+    const sig = await globalThis.crypto.subtle.sign(
+      { name: "ECDSA", hash: "SHA-256" },
+      this.keyPair.privateKey,
+      payload
+    );
+    return new Uint8Array(sig);
+  }
+};
+
+// ../../node_modules/openapi-fetch/dist/index.mjs
+var PATH_PARAM_RE = /\{[^{}]+\}/g;
+var supportsRequestInitExt = () => {
+  return typeof process === "object" && Number.parseInt(process?.versions?.node?.substring(0, 2)) >= 18 && process.versions.undici;
+};
+function randomID() {
+  return Math.random().toString(36).slice(2, 11);
+}
+function createClient(clientOptions) {
+  let {
+    baseUrl = "",
+    Request: CustomRequest = globalThis.Request,
+    fetch: baseFetch = globalThis.fetch,
+    querySerializer: globalQuerySerializer,
+    bodySerializer: globalBodySerializer,
+    pathSerializer: globalPathSerializer,
+    headers: baseHeaders,
+    requestInitExt = void 0,
+    ...baseOptions
+  } = { ...clientOptions };
+  requestInitExt = supportsRequestInitExt() ? requestInitExt : void 0;
+  baseUrl = removeTrailingSlash(baseUrl);
+  const globalMiddlewares = [];
+  async function coreFetch(schemaPath, fetchOptions) {
+    const {
+      baseUrl: localBaseUrl,
+      fetch: fetch2 = baseFetch,
+      Request = CustomRequest,
+      headers,
+      params = {},
+      parseAs = "json",
+      querySerializer: requestQuerySerializer,
+      bodySerializer = globalBodySerializer ?? defaultBodySerializer,
+      pathSerializer: requestPathSerializer,
+      body,
+      middleware: requestMiddlewares = [],
+      ...init
+    } = fetchOptions || {};
+    let finalBaseUrl = baseUrl;
+    if (localBaseUrl) {
+      finalBaseUrl = removeTrailingSlash(localBaseUrl) ?? baseUrl;
+    }
+    let querySerializer = typeof globalQuerySerializer === "function" ? globalQuerySerializer : createQuerySerializer(globalQuerySerializer);
+    if (requestQuerySerializer) {
+      querySerializer = typeof requestQuerySerializer === "function" ? requestQuerySerializer : createQuerySerializer({
+        ...typeof globalQuerySerializer === "object" ? globalQuerySerializer : {},
+        ...requestQuerySerializer
+      });
+    }
+    const pathSerializer = requestPathSerializer || globalPathSerializer || defaultPathSerializer;
+    const serializedBody = body === void 0 ? void 0 : bodySerializer(
+      body,
+      // Note: we declare mergeHeaders() both here and below because it’s a bit of a chicken-or-egg situation:
+      // bodySerializer() needs all headers so we aren’t dropping ones set by the user, however,
+      // the result of this ALSO sets the lowest-priority content-type header. So we re-merge below,
+      // setting the content-type at the very beginning to be overwritten.
+      // Lastly, based on the way headers work, it’s not a simple “present-or-not” check becauase null intentionally un-sets headers.
+      mergeHeaders(baseHeaders, headers, params.header)
+    );
+    const finalHeaders = mergeHeaders(
+      // with no body, we should not to set Content-Type
+      serializedBody === void 0 || // if serialized body is FormData; browser will correctly set Content-Type & boundary expression
+      serializedBody instanceof FormData ? {} : {
+        "Content-Type": "application/json"
+      },
+      baseHeaders,
+      headers,
+      params.header
+    );
+    const finalMiddlewares = [...globalMiddlewares, ...requestMiddlewares];
+    const requestInit = {
+      redirect: "follow",
+      ...baseOptions,
+      ...init,
+      body: serializedBody,
+      headers: finalHeaders
+    };
+    let id;
+    let options;
+    let request = new Request(
+      createFinalURL(schemaPath, { baseUrl: finalBaseUrl, params, querySerializer, pathSerializer }),
+      requestInit
+    );
+    let response;
+    for (const key in init) {
+      if (!(key in request)) {
+        request[key] = init[key];
+      }
+    }
+    if (finalMiddlewares.length) {
+      id = randomID();
+      options = Object.freeze({
+        baseUrl: finalBaseUrl,
+        fetch: fetch2,
+        parseAs,
+        querySerializer,
+        bodySerializer,
+        pathSerializer
+      });
+      for (const m of finalMiddlewares) {
+        if (m && typeof m === "object" && typeof m.onRequest === "function") {
+          const result = await m.onRequest({
+            request,
+            schemaPath,
+            params,
+            options,
+            id
+          });
+          if (result) {
+            if (result instanceof Request) {
+              request = result;
+            } else if (result instanceof Response) {
+              response = result;
+              break;
+            } else {
+              throw new Error("onRequest: must return new Request() or Response() when modifying the request");
+            }
+          }
+        }
+      }
+    }
+    if (!response) {
+      try {
+        response = await fetch2(request, requestInitExt);
+      } catch (error2) {
+        let errorAfterMiddleware = error2;
+        if (finalMiddlewares.length) {
+          for (let i = finalMiddlewares.length - 1; i >= 0; i--) {
+            const m = finalMiddlewares[i];
+            if (m && typeof m === "object" && typeof m.onError === "function") {
+              const result = await m.onError({
+                request,
+                error: errorAfterMiddleware,
+                schemaPath,
+                params,
+                options,
+                id
+              });
+              if (result) {
+                if (result instanceof Response) {
+                  errorAfterMiddleware = void 0;
+                  response = result;
+                  break;
+                }
+                if (result instanceof Error) {
+                  errorAfterMiddleware = result;
+                  continue;
+                }
+                throw new Error("onError: must return new Response() or instance of Error");
+              }
+            }
+          }
+        }
+        if (errorAfterMiddleware) {
+          throw errorAfterMiddleware;
+        }
+      }
+      if (finalMiddlewares.length) {
+        for (let i = finalMiddlewares.length - 1; i >= 0; i--) {
+          const m = finalMiddlewares[i];
+          if (m && typeof m === "object" && typeof m.onResponse === "function") {
+            const result = await m.onResponse({
+              request,
+              response,
+              schemaPath,
+              params,
+              options,
+              id
+            });
+            if (result) {
+              if (!(result instanceof Response)) {
+                throw new Error("onResponse: must return new Response() when modifying the response");
+              }
+              response = result;
+            }
+          }
+        }
+      }
+    }
+    const contentLength = response.headers.get("Content-Length");
+    if (response.status === 204 || request.method === "HEAD" || contentLength === "0" && !response.headers.get("Transfer-Encoding")?.includes("chunked")) {
+      return response.ok ? { data: void 0, response } : { error: void 0, response };
+    }
+    if (response.ok) {
+      const getResponseData = async () => {
+        if (parseAs === "stream") {
+          return response.body;
+        }
+        if (parseAs === "json" && !contentLength) {
+          const raw = await response.text();
+          return raw ? JSON.parse(raw) : void 0;
+        }
+        return await response[parseAs]();
+      };
+      return { data: await getResponseData(), response };
+    }
+    let error = await response.text();
+    try {
+      error = JSON.parse(error);
+    } catch {
+    }
+    return { error, response };
+  }
+  return {
+    request(method, url, init) {
+      return coreFetch(url, { ...init, method: method.toUpperCase() });
+    },
+    /** Call a GET endpoint */
+    GET(url, init) {
+      return coreFetch(url, { ...init, method: "GET" });
+    },
+    /** Call a PUT endpoint */
+    PUT(url, init) {
+      return coreFetch(url, { ...init, method: "PUT" });
+    },
+    /** Call a POST endpoint */
+    POST(url, init) {
+      return coreFetch(url, { ...init, method: "POST" });
+    },
+    /** Call a DELETE endpoint */
+    DELETE(url, init) {
+      return coreFetch(url, { ...init, method: "DELETE" });
+    },
+    /** Call a OPTIONS endpoint */
+    OPTIONS(url, init) {
+      return coreFetch(url, { ...init, method: "OPTIONS" });
+    },
+    /** Call a HEAD endpoint */
+    HEAD(url, init) {
+      return coreFetch(url, { ...init, method: "HEAD" });
+    },
+    /** Call a PATCH endpoint */
+    PATCH(url, init) {
+      return coreFetch(url, { ...init, method: "PATCH" });
+    },
+    /** Call a TRACE endpoint */
+    TRACE(url, init) {
+      return coreFetch(url, { ...init, method: "TRACE" });
+    },
+    /** Register middleware */
+    use(...middleware) {
+      for (const m of middleware) {
+        if (!m) {
+          continue;
+        }
+        if (typeof m !== "object" || !("onRequest" in m || "onResponse" in m || "onError" in m)) {
+          throw new Error("Middleware must be an object with one of `onRequest()`, `onResponse() or `onError()`");
+        }
+        globalMiddlewares.push(m);
+      }
+    },
+    /** Unregister middleware */
+    eject(...middleware) {
+      for (const m of middleware) {
+        const i = globalMiddlewares.indexOf(m);
+        if (i !== -1) {
+          globalMiddlewares.splice(i, 1);
+        }
+      }
+    }
+  };
+}
+function serializePrimitiveParam(name, value, options) {
+  if (value === void 0 || value === null) {
+    return "";
+  }
+  if (typeof value === "object") {
+    throw new Error(
+      "Deeply-nested arrays/objects aren\u2019t supported. Provide your own `querySerializer()` to handle these."
+    );
+  }
+  return `${name}=${options?.allowReserved === true ? value : encodeURIComponent(value)}`;
+}
+function serializeObjectParam(name, value, options) {
+  if (!value || typeof value !== "object") {
+    return "";
+  }
+  const values = [];
+  const joiner = {
+    simple: ",",
+    label: ".",
+    matrix: ";"
+  }[options.style] || "&";
+  if (options.style !== "deepObject" && options.explode === false) {
+    for (const k in value) {
+      values.push(k, options.allowReserved === true ? value[k] : encodeURIComponent(value[k]));
+    }
+    const final2 = values.join(",");
+    switch (options.style) {
+      case "form": {
+        return `${name}=${final2}`;
+      }
+      case "label": {
+        return `.${final2}`;
+      }
+      case "matrix": {
+        return `;${name}=${final2}`;
+      }
+      default: {
+        return final2;
+      }
+    }
+  }
+  for (const k in value) {
+    const finalName = options.style === "deepObject" ? `${name}[${k}]` : k;
+    values.push(serializePrimitiveParam(finalName, value[k], options));
+  }
+  const final = values.join(joiner);
+  return options.style === "label" || options.style === "matrix" ? `${joiner}${final}` : final;
+}
+function serializeArrayParam(name, value, options) {
+  if (!Array.isArray(value)) {
+    return "";
+  }
+  if (options.explode === false) {
+    const joiner2 = { form: ",", spaceDelimited: "%20", pipeDelimited: "|" }[options.style] || ",";
+    const final = (options.allowReserved === true ? value : value.map((v) => encodeURIComponent(v))).join(joiner2);
+    switch (options.style) {
+      case "simple": {
+        return final;
+      }
+      case "label": {
+        return `.${final}`;
+      }
+      case "matrix": {
+        return `;${name}=${final}`;
+      }
+      // case "spaceDelimited":
+      // case "pipeDelimited":
+      default: {
+        return `${name}=${final}`;
+      }
+    }
+  }
+  const joiner = { simple: ",", label: ".", matrix: ";" }[options.style] || "&";
+  const values = [];
+  for (const v of value) {
+    if (options.style === "simple" || options.style === "label") {
+      values.push(options.allowReserved === true ? v : encodeURIComponent(v));
+    } else {
+      values.push(serializePrimitiveParam(name, v, options));
+    }
+  }
+  return options.style === "label" || options.style === "matrix" ? `${joiner}${values.join(joiner)}` : values.join(joiner);
+}
+function createQuerySerializer(options) {
+  return function querySerializer(queryParams) {
+    const search = [];
+    if (queryParams && typeof queryParams === "object") {
+      for (const name in queryParams) {
+        const value = queryParams[name];
+        if (value === void 0 || value === null) {
+          continue;
+        }
+        if (Array.isArray(value)) {
+          if (value.length === 0) {
+            continue;
+          }
+          search.push(
+            serializeArrayParam(name, value, {
+              style: "form",
+              explode: true,
+              ...options?.array,
+              allowReserved: options?.allowReserved || false
+            })
+          );
+          continue;
+        }
+        if (typeof value === "object") {
+          search.push(
+            serializeObjectParam(name, value, {
+              style: "deepObject",
+              explode: true,
+              ...options?.object,
+              allowReserved: options?.allowReserved || false
+            })
+          );
+          continue;
+        }
+        search.push(serializePrimitiveParam(name, value, options));
+      }
+    }
+    return search.join("&");
+  };
+}
+function defaultPathSerializer(pathname, pathParams) {
+  let nextURL = pathname;
+  for (const match of pathname.match(PATH_PARAM_RE) ?? []) {
+    let name = match.substring(1, match.length - 1);
+    let explode = false;
+    let style = "simple";
+    if (name.endsWith("*")) {
+      explode = true;
+      name = name.substring(0, name.length - 1);
+    }
+    if (name.startsWith(".")) {
+      style = "label";
+      name = name.substring(1);
+    } else if (name.startsWith(";")) {
+      style = "matrix";
+      name = name.substring(1);
+    }
+    if (!pathParams || pathParams[name] === void 0 || pathParams[name] === null) {
+      continue;
+    }
+    const value = pathParams[name];
+    if (Array.isArray(value)) {
+      nextURL = nextURL.replace(match, serializeArrayParam(name, value, { style, explode }));
+      continue;
+    }
+    if (typeof value === "object") {
+      nextURL = nextURL.replace(match, serializeObjectParam(name, value, { style, explode }));
+      continue;
+    }
+    if (style === "matrix") {
+      nextURL = nextURL.replace(match, `;${serializePrimitiveParam(name, value)}`);
+      continue;
+    }
+    nextURL = nextURL.replace(match, style === "label" ? `.${encodeURIComponent(value)}` : encodeURIComponent(value));
+  }
+  return nextURL;
+}
+function defaultBodySerializer(body, headers) {
+  if (body instanceof FormData) {
+    return body;
+  }
+  if (headers) {
+    const contentType = headers.get instanceof Function ? headers.get("Content-Type") ?? headers.get("content-type") : headers["Content-Type"] ?? headers["content-type"];
+    if (contentType === "application/x-www-form-urlencoded") {
+      return new URLSearchParams(body).toString();
+    }
+  }
+  return JSON.stringify(body);
+}
+function createFinalURL(pathname, options) {
+  let finalURL = `${options.baseUrl}${pathname}`;
+  if (options.params?.path) {
+    finalURL = options.pathSerializer(finalURL, options.params.path);
+  }
+  let search = options.querySerializer(options.params.query ?? {});
+  if (search.startsWith("?")) {
+    search = search.substring(1);
+  }
+  if (search) {
+    finalURL += `?${search}`;
+  }
+  return finalURL;
+}
+function mergeHeaders(...allHeaders) {
+  const finalHeaders = new Headers();
+  for (const h of allHeaders) {
+    if (!h || typeof h !== "object") {
+      continue;
+    }
+    const iterator = h instanceof Headers ? h.entries() : Object.entries(h);
+    for (const [k, v] of iterator) {
+      if (v === null) {
+        finalHeaders.delete(k);
+      } else if (Array.isArray(v)) {
+        for (const v2 of v) {
+          finalHeaders.append(k, v2);
+        }
+      } else if (v !== void 0) {
+        finalHeaders.set(k, v);
+      }
+    }
+  }
+  return finalHeaders;
+}
+function removeTrailingSlash(url) {
+  if (url.endsWith("/")) {
+    return url.substring(0, url.length - 1);
+  }
+  return url;
+}
+
+// src/api/client.ts
+function createApiClient(baseUrl) {
+  return createClient({ baseUrl });
+}
+
+// src/api/endpoints/kyc.ts
+async function getKycStatus(api, providerId) {
+  const { data, error } = await api.GET("/kyc/status", {
+    params: { query: providerId ? { providerId } : {} }
+  });
+  if (!data?.content || error) {
+    throw new Error(error?.error ?? "Failed to get KYC status");
+  }
+  return data.content;
+}
+async function getKycProviders(api, country) {
+  const { data, error } = await api.GET("/kyc/providers", { params: { query: { country } } });
+  if (!data?.content || error) throw new Error(error?.error ?? "Failed to get KYC providers");
+  return data.content;
+}
+async function startKyc(api, body) {
+  const { data, error } = await api.POST("/kyc/start", { body });
+  if (!data?.content || error) throw new Error(error?.error ?? "Failed to start KYC");
+  return data.content;
+}
+async function resolveKyc(api, providerId, level = "basic") {
+  const { status } = await getKycStatus(api, providerId);
+  if (status === "approved") return { alreadyApproved: true };
+  const started = await startKyc(api, { providerId, level });
+  return { alreadyApproved: false, ...started };
+}
+async function pollKycStatus(api, providerId, { intervalMs = 3e3, timeoutMs = 3e5 } = {}) {
+  const deadline = Date.now() + timeoutMs;
+  while (Date.now() < deadline) {
+    const { status } = await getKycStatus(api, providerId);
+    if (status === "approved" || status === "rejected") return status;
+    await new Promise((r) => setTimeout(r, intervalMs));
+  }
+  throw new Error("KYC polling timed out");
+}
+
+// src/api/endpoints/ramps.ts
+async function getRampsQuote(api, query) {
+  const { data, error } = await api.GET("/ramps/quote", { params: { query } });
+  if (!data?.content || error) throw new Error(error?.error ?? "Failed to get ramp quotes");
+  return data.content;
+}
+async function createOnRamp(api, body) {
+  const { data, error } = await api.POST("/ramps/onramp", { body });
+  if (!data?.content || error) throw new Error(error?.error ?? "Failed to create onramp");
+  return data.content;
+}
+async function createOffRamp(api, body) {
+  const { data, error } = await api.POST("/ramps/offramp", { body });
+  if (!data?.content || error) throw new Error(error?.error ?? "Failed to create offramp");
+  return data.content;
+}
+async function getRampTransaction(api, txId) {
+  const { data, error } = await api.GET("/ramps/transaction/{txId}", { params: { path: { txId } } });
+  if (!data?.content || error) throw new Error(error?.error ?? "Failed to get transaction");
+  return data.content;
+}
+async function pollRampTransaction(api, txId, { intervalMs = 5e3, timeoutMs = 6e5 } = {}) {
+  const deadline = Date.now() + timeoutMs;
+  while (Date.now() < deadline) {
+    const { status } = await getRampTransaction(api, txId);
+    if (status === "completed" || status === "failed") return status;
+    await new Promise((r) => setTimeout(r, intervalMs));
+  }
+  throw new Error("Ramp transaction polling timed out");
+}
+
+// src/dpop.ts
+async function buildProof(args, keyManager) {
+  const jwk = await keyManager.getPublicJwk();
+  const header = {
+    typ: "dpop+jwt",
+    alg: "ES256",
+    jwk
+  };
+  const payload = {
+    jti: generateJti(),
+    htm: args.htm.toUpperCase(),
+    htu: normalizeHtu(args.htu),
+    iat: Math.floor(Date.now() / 1e3)
+  };
+  if (args.accessToken !== void 0 && args.accessToken !== "") {
+    payload.ath = base64urlEncode(await sha256(new TextEncoder().encode(args.accessToken)));
+  }
+  if (args.nonce !== void 0 && args.nonce !== "") {
+    payload.nonce = args.nonce;
+  }
+  const encodedHeader = base64urlEncodeString(JSON.stringify(header));
+  const encodedPayload = base64urlEncodeString(JSON.stringify(payload));
+  const signingInput = `${encodedHeader}.${encodedPayload}`;
+  const signature = await keyManager.sign(new TextEncoder().encode(signingInput));
+  const encodedSignature = base64urlEncode(signature);
+  return `${signingInput}.${encodedSignature}`;
+}
+function normalizeHtu(rawUrl) {
+  let url;
+  try {
+    url = new URL(rawUrl);
+  } catch {
+    return rawUrl.split("#")[0].split("?")[0];
+  }
+  const scheme = url.protocol.toLowerCase();
+  const host = url.hostname.toLowerCase();
+  let port = url.port;
+  if (scheme === "https:" && port === "443" || scheme === "http:" && port === "80") {
+    port = "";
+  }
+  const portPart = port ? `:${port}` : "";
+  return `${scheme}//${host}${portPart}${url.pathname}`;
+}
+function generateJti() {
+  const c = globalThis.crypto;
+  if (c && typeof c.randomUUID === "function") {
+    return c.randomUUID();
+  }
+  if (c && typeof c.getRandomValues === "function") {
+    const bytes = new Uint8Array(16);
+    c.getRandomValues(bytes);
+    bytes[6] = bytes[6] & 15 | 64;
+    bytes[8] = bytes[8] & 63 | 128;
+    const hex = [];
+    for (let i = 0; i < 16; i++) hex.push(bytes[i].toString(16).padStart(2, "0"));
+    return `${hex.slice(0, 4).join("")}-${hex.slice(4, 6).join("")}-${hex.slice(6, 8).join("")}-${hex.slice(8, 10).join("")}-${hex.slice(10, 16).join("")}`;
+  }
+  throw new Error(
+    "[PollarClient:dpop] No secure random source available (crypto.randomUUID / crypto.getRandomValues). DPoP requires a secure context (HTTPS) or, in React Native, the `react-native-get-random-values` polyfill."
+  );
+}
+
+// src/stellar/StellarClient.ts
+var HORIZON_URLS = {
+  mainnet: "https://horizon.stellar.org",
+  testnet: "https://horizon-testnet.stellar.org"
+};
+var StellarClient = class {
+  constructor(config) {
+    this.horizonUrl = typeof config === "string" ? HORIZON_URLS[config] : config.horizonUrl;
+  }
+  async submitTransaction(signedXdr) {
+    try {
+      const response = await fetch(`${this.horizonUrl}/transactions`, {
+        method: "POST",
+        headers: { "Content-Type": "application/x-www-form-urlencoded" },
+        body: new URLSearchParams({ tx: signedXdr })
+      });
+      if (!response.ok) {
+        const body = await response.json().catch(() => ({}));
+        return { success: false, errorCode: body.extras?.result_codes?.transaction ?? "HORIZON_ERROR" };
+      }
+      const data = await response.json();
+      return { success: true, hash: data.hash };
+    } catch {
+      return { success: false, errorCode: "NETWORK_ERROR" };
+    }
+  }
+};
+
+// src/storage/web.ts
+var LOG_PREFIX = "[PollarClient:storage]";
+function createMemoryAdapter() {
+  const store = /* @__PURE__ */ new Map();
+  return {
+    async get(key) {
+      const value = store.get(key);
+      return value === void 0 ? null : value;
+    },
+    async set(key, value) {
+      store.set(key, value);
+    },
+    async remove(key) {
+      store.delete(key);
+    }
+  };
+}
+function createLocalStorageAdapter(options = {}) {
+  const fallback = createMemoryAdapter();
+  let degraded = false;
+  function degrade(reason, error) {
+    if (degraded) return;
+    degraded = true;
+    console.warn(`${LOG_PREFIX} localStorage unavailable (${reason}); degrading to in-memory storage`);
+    options.onDegrade?.(reason, error);
+  }
+  return {
+    async get(key) {
+      if (degraded) return fallback.get(key);
+      try {
+        return globalThis.localStorage.getItem(key);
+      } catch (error) {
+        degrade("read-failed", error);
+        return fallback.get(key);
+      }
+    },
+    async set(key, value) {
+      if (degraded) return fallback.set(key, value);
+      try {
+        globalThis.localStorage.setItem(key, value);
+      } catch (error) {
+        const reason = isQuotaError(error) ? "quota-exceeded" : "write-failed";
+        degrade(reason, error);
+        await fallback.set(key, value);
+      }
+    },
+    async remove(key) {
+      if (degraded) return fallback.remove(key);
+      try {
+        globalThis.localStorage.removeItem(key);
+      } catch (error) {
+        degrade("remove-failed", error);
+        await fallback.remove(key);
+      }
+    }
+  };
+}
+function isQuotaError(error) {
+  if (typeof error !== "object" || error === null) return false;
+  const name = error.name;
+  const code = error.code;
+  return name === "QuotaExceededError" || name === "NS_ERROR_DOM_QUOTA_REACHED" || code === 22 || code === 1014;
+}
+
+// src/storage/autodetect.ts
+var PROBE_KEY = "__pollar_storage_probe__";
+function defaultStorage(options = {}) {
+  if (typeof globalThis === "undefined" || typeof globalThis.localStorage === "undefined") {
+    options.onDegrade?.("unavailable");
+    return createMemoryAdapter();
+  }
+  try {
+    const probeValue = String(Date.now());
+    globalThis.localStorage.setItem(PROBE_KEY, probeValue);
+    const read = globalThis.localStorage.getItem(PROBE_KEY);
+    globalThis.localStorage.removeItem(PROBE_KEY);
+    if (read !== probeValue) {
+      options.onDegrade?.("probe-failed");
+      return createMemoryAdapter();
+    }
+  } catch (error) {
+    options.onDegrade?.("probe-failed", error);
+    return createMemoryAdapter();
+  }
+  return createLocalStorageAdapter(options);
+}
+
+// src/types.ts
+var AUTH_ERROR_CODES = {
+  SESSION_CREATE_FAILED: "SESSION_CREATE_FAILED",
+  EMAIL_SEND_FAILED: "EMAIL_SEND_FAILED",
+  EMAIL_VERIFY_FAILED: "EMAIL_VERIFY_FAILED",
+  EMAIL_CODE_EXPIRED: "EMAIL_CODE_EXPIRED",
+  EMAIL_CODE_INVALID: "EMAIL_CODE_INVALID",
+  AUTH_FAILED: "AUTH_FAILED",
+  WALLET_CONNECT_FAILED: "WALLET_CONNECT_FAILED",
+  WALLET_AUTH_FAILED: "WALLET_AUTH_FAILED",
+  UNEXPECTED_ERROR: "UNEXPECTED_ERROR"
+};
+var PollarFlowError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.code = "INVALID_FLOW";
+    this.name = "PollarFlowError";
+  }
+};
+
+// src/wallets/FreighterAdapter.ts
+var import_freighter_api = __toESM(require_index_min());
+
+// src/wallets/types.ts
+var WalletType = /* @__PURE__ */ ((WalletType2) => {
+  WalletType2["FREIGHTER"] = "freighter";
+  WalletType2["ALBEDO"] = "albedo";
+  return WalletType2;
+})(WalletType || {});
+
+// src/wallets/FreighterAdapter.ts
+var FreighterAdapter = class {
+  constructor() {
+    this.type = "freighter" /* FREIGHTER */;
+  }
+  async isAvailable() {
+    try {
+      return await (0, import_freighter_api.isConnected)();
+    } catch {
+      return false;
+    }
+  }
+  async connect() {
+    const connected = await (0, import_freighter_api.isConnected)();
+    if (!connected) {
+      throw new Error("Freighter wallet is not installed");
+    }
+    const allowed = await (0, import_freighter_api.isAllowed)();
+    if (!allowed) {
+      await (0, import_freighter_api.setAllowed)();
+    }
+    const userInfo = await (0, import_freighter_api.getUserInfo)();
+    if (!userInfo?.publicKey) {
+      throw new Error("Failed to get user information from Freighter");
+    }
+    return { address: userInfo.publicKey, publicKey: userInfo.publicKey };
+  }
+  async disconnect() {
+  }
+  async getPublicKey() {
+    try {
+      const allowed = await (0, import_freighter_api.isAllowed)();
+      if (!allowed) return null;
+      const userInfo = await (0, import_freighter_api.getUserInfo)();
+      return userInfo?.publicKey ?? null;
+    } catch {
+      return null;
+    }
+  }
+  async getNetwork() {
+    return (0, import_freighter_api.getNetwork)();
+  }
+  async signTransaction(xdr, options) {
+    const result = await (0, import_freighter_api.signTransaction)(xdr, {
+      network: options?.network,
+      networkPassphrase: options?.networkPassphrase,
+      accountToSign: options?.accountToSign
+    });
+    if (!result || typeof result !== "string") {
+      throw new Error("Invalid response from Freighter");
+    }
+    return { signedTxXdr: result };
+  }
+  async signAuthEntry(entryXdr, options) {
+    const result = await (0, import_freighter_api.signAuthEntry)(entryXdr, { accountToSign: options?.accountToSign });
+    if (!result || typeof result !== "string") {
+      throw new Error("Invalid response from Freighter");
+    }
+    return { signedAuthEntry: result };
+  }
+};
+
+// src/wallets/AlbedoAdapter.ts
+function openAlbedoPopup(url) {
+  const popup = window.open(url, "albedo", "width=420,height=720,resizable=yes,scrollbars=yes");
+  if (!popup) {
+    throw new Error("Failed to open Albedo popup (blocked by browser)");
+  }
+  return popup;
+}
+function waitForAlbedoPopup() {
+  return new Promise((resolve, reject) => {
+    const timeout = setTimeout(() => reject(new Error("Albedo response timeout")), 2 * 60 * 1e3);
+    function handler(event) {
+      if (event.origin !== window.location.origin || event.data?.type !== "ALBEDO_RESULT") return;
+      clearTimeout(timeout);
+      window.removeEventListener("message", handler);
+      resolve(event.data.payload);
+    }
+    window.addEventListener("message", handler);
+  });
+}
+function waitForAlbedoResult() {
+  return new Promise((resolve, reject) => {
+    const timeout = setTimeout(() => reject(new Error("Albedo response timeout")), 2 * 60 * 1e3);
+    const parseResult = () => {
+      const params = new URLSearchParams(window.location.search);
+      if (!params.has("pubkey") && !params.has("signed_envelope_xdr") && !params.has("signed_xdr")) return;
+      clearTimeout(timeout);
+      const result = {};
+      params.forEach((value, key) => {
+        result[key] = value;
+      });
+      window.history.replaceState({}, document.title, window.location.pathname);
+      resolve(result);
+    };
+    parseResult();
+    window.addEventListener("popstate", parseResult);
+  });
+}
+var AlbedoAdapter = class {
+  constructor() {
+    this.type = "albedo" /* ALBEDO */;
+  }
+  async isAvailable() {
+    return typeof window !== "undefined";
+  }
+  async connect() {
+    const url = new URL("https://albedo.link");
+    url.searchParams.set("intent", "public-key");
+    url.searchParams.set("app_name", "Pollar");
+    url.searchParams.set("network", "testnet");
+    url.searchParams.set("callback", `${window.location.origin}/albedo-callback`);
+    url.searchParams.set("origin", window.location.origin);
+    openAlbedoPopup(url.toString());
+    const result = await waitForAlbedoPopup();
+    if (!result.pubkey) {
+      throw new Error("Albedo connection rejected");
+    }
+    return { address: result.pubkey, publicKey: result.pubkey };
+  }
+  async disconnect() {
+  }
+  async getPublicKey() {
+    return null;
+  }
+  async getNetwork() {
+    throw new Error("Albedo does not expose network");
+  }
+  async signTransaction(xdr, _options) {
+    const url = new URL("https://albedo.link");
+    url.searchParams.set("intent", "tx");
+    url.searchParams.set("xdr", xdr);
+    url.searchParams.set("app_name", "Pollar");
+    url.searchParams.set("network", "testnet");
+    url.searchParams.set("callback", window.location.href);
+    url.searchParams.set("origin", window.location.origin);
+    window.location.href = url.toString();
+    const result = await waitForAlbedoResult();
+    if (!result.signed_envelope_xdr) throw new Error("Albedo signing rejected");
+    return { signedTxXdr: result.signed_envelope_xdr };
+  }
+  async signAuthEntry(entryXdr, _options) {
+    const url = new URL("https://albedo.link");
+    url.searchParams.set("intent", "sign-auth-entry");
+    url.searchParams.set("xdr", entryXdr);
+    url.searchParams.set("app_name", "Pollar");
+    url.searchParams.set("network", "testnet");
+    url.searchParams.set("callback", window.location.href);
+    url.searchParams.set("origin", window.location.origin);
+    window.location.href = url.toString();
+    const result = await waitForAlbedoResult();
+    if (!result.signed_xdr) throw new Error("Albedo auth entry signing rejected");
+    return { signedAuthEntry: result.signed_xdr };
+  }
+};
+
+// src/client/session.ts
+var SESSION_SUFFIX = ":session";
+var WALLET_TYPE_SUFFIX = ":walletType";
+function sessionStorageKey(apiKeyHash) {
+  return `pollar:${apiKeyHash}${SESSION_SUFFIX}`;
+}
+function walletTypeStorageKey(apiKeyHash) {
+  return `pollar:${apiKeyHash}${WALLET_TYPE_SUFFIX}`;
+}
+var MAX_ACCESS_TOKEN = 4096;
+var MAX_REFRESH_TOKEN = 4096;
+var MAX_USER_ID = 64;
+var MAX_CLIENT_SESSION_ID = 64;
+var MAX_STATUS = 64;
+var MAX_WALLET_PUBLIC_KEY = 128;
+var MAX_WALLET_TYPE = 32;
+function isBoundedString(v, max, allowEmpty = false) {
+  if (typeof v !== "string") return false;
+  if (!allowEmpty && v.length === 0) return false;
+  return v.length <= max;
+}
+function isValidSession(value) {
+  if (typeof value !== "object" || value === null) {
+    console.warn("[PollarClient:session] Invalid session \u2014 value is not an object");
+    return false;
+  }
+  const s = value;
+  if (!isBoundedString(s["clientSessionId"], MAX_CLIENT_SESSION_ID)) {
+    console.warn("[PollarClient:session] Invalid session \u2014 clientSessionId missing/empty/too long");
+    return false;
+  }
+  if (s["userId"] !== null && !isBoundedString(s["userId"], MAX_USER_ID)) {
+    console.warn("[PollarClient:session] Invalid session \u2014 userId must be string|null");
+    return false;
+  }
+  if (!isBoundedString(s["status"], MAX_STATUS)) {
+    console.warn("[PollarClient:session] Invalid session \u2014 status must be string");
+    return false;
+  }
+  const token = s["token"];
+  if (typeof token !== "object" || token === null) {
+    console.warn("[PollarClient:session] Invalid session \u2014 token missing or not an object");
+    return false;
+  }
+  const t = token;
+  if (!isBoundedString(t["accessToken"], MAX_ACCESS_TOKEN)) {
+    console.warn("[PollarClient:session] Invalid session \u2014 token.accessToken missing/empty/too long");
+    return false;
+  }
+  if (!isBoundedString(t["refreshToken"], MAX_REFRESH_TOKEN)) {
+    console.warn("[PollarClient:session] Invalid session \u2014 token.refreshToken missing/empty/too long");
+    return false;
+  }
+  if (typeof t["expiresAt"] !== "number" || !Number.isFinite(t["expiresAt"])) {
+    console.warn("[PollarClient:session] Invalid session \u2014 token.expiresAt must be a finite number");
+    return false;
+  }
+  const user = s["user"];
+  if (typeof user !== "object" || user === null) {
+    console.warn("[PollarClient:session] Invalid session \u2014 user missing or not an object");
+    return false;
+  }
+  const u = user;
+  if (u["id"] !== void 0 && !isBoundedString(u["id"], MAX_USER_ID)) {
+    console.warn("[PollarClient:session] Invalid session \u2014 user.id must be string if present");
+    return false;
+  }
+  if (typeof u["ready"] !== "boolean") {
+    console.warn("[PollarClient:session] Invalid session \u2014 user.ready must be boolean");
+    return false;
+  }
+  const wallet = s["wallet"];
+  if (typeof wallet !== "object" || wallet === null) {
+    console.warn("[PollarClient:session] Invalid session \u2014 wallet missing or not an object");
+    return false;
+  }
+  const w = wallet;
+  if (w["publicKey"] !== null && !isBoundedString(w["publicKey"], MAX_WALLET_PUBLIC_KEY)) {
+    console.warn("[PollarClient:session] Invalid session \u2014 wallet.publicKey must be string|null");
+    return false;
+  }
+  if (w["existsOnStellar"] !== void 0 && typeof w["existsOnStellar"] !== "boolean") {
+    console.warn("[PollarClient:session] Invalid session \u2014 wallet.existsOnStellar must be boolean if present");
+    return false;
+  }
+  if (w["createdAt"] !== void 0 && (typeof w["createdAt"] !== "number" || !Number.isFinite(w["createdAt"]))) {
+    console.warn("[PollarClient:session] Invalid session \u2014 wallet.createdAt must be a finite number if present");
+    return false;
+  }
+  return true;
+}
+async function readStorage(storage, apiKeyHash) {
+  const raw = await storage.get(sessionStorageKey(apiKeyHash));
+  if (!raw) return null;
+  try {
+    const session = JSON.parse(raw);
+    if (!isValidSession(session)) {
+      await storage.remove(sessionStorageKey(apiKeyHash));
+      console.warn("[PollarClient:session] Stored session is invalid \u2014 clearing storage");
+      return null;
+    }
+    if (session.token.expiresAt * 1e3 < Date.now()) {
+      return session;
+    }
+    return session;
+  } catch (error) {
+    console.error("[PollarClient:session] Failed to parse session from storage", error);
+    await storage.remove(sessionStorageKey(apiKeyHash));
+    return null;
+  }
+}
+async function writeStorage(storage, apiKeyHash, session) {
+  await storage.set(sessionStorageKey(apiKeyHash), JSON.stringify(session));
+}
+async function removeStorage(storage, apiKeyHash) {
+  await storage.remove(sessionStorageKey(apiKeyHash));
+  await storage.remove(walletTypeStorageKey(apiKeyHash));
+}
+async function writeWalletType(storage, apiKeyHash, type) {
+  if (type.length > MAX_WALLET_TYPE) {
+    throw new Error(`[PollarClient:session] walletType too long: ${type.length} > ${MAX_WALLET_TYPE}`);
+  }
+  await storage.set(walletTypeStorageKey(apiKeyHash), type);
+}
+async function readWalletType(storage, apiKeyHash) {
+  return storage.get(walletTypeStorageKey(apiKeyHash));
+}
+
+// src/client/stream.ts
+function abortableDelay(ms, signal) {
+  return new Promise((resolve, reject) => {
+    const t = setTimeout(resolve, ms);
+    signal.addEventListener(
+      "abort",
+      () => {
+        clearTimeout(t);
+        reject(new DOMException("Aborted", "AbortError"));
+      },
+      { once: true }
+    );
+  });
+}
+var MAX_BACKOFF_MS = 5e3;
+async function streamUntilFound(api, clientSessionId, check, retryDelayMs = 200, signal) {
+  let backoff = retryDelayMs;
+  const sleep = async (ms) => {
+    if (ms <= 0) return;
+    if (signal) await abortableDelay(ms, signal);
+    else await new Promise((r) => setTimeout(r, ms));
+  };
+  while (true) {
+    signal?.throwIfAborted();
+    let data, error;
+    try {
+      ({ data, error } = await api.GET("/auth/session/status/{clientSessionId}", {
+        params: { path: { clientSessionId } },
+        parseAs: "stream",
+        signal: signal ?? null
+      }));
+    } catch (e) {
+      if (e instanceof Error && e.name === "AbortError") throw e;
+      console.warn(e);
+    }
+    if (error || !data) {
+      await sleep(backoff);
+      backoff = Math.min(backoff * 2, MAX_BACKOFF_MS);
+      continue;
+    }
+    const reader = data.getReader();
+    const decoder = new TextDecoder();
+    let streamDone = false;
+    let sawAnyChunk = false;
+    try {
+      while (true) {
+        signal?.throwIfAborted();
+        const { done, value } = await reader.read();
+        if (done) {
+          streamDone = true;
+          break;
+        }
+        sawAnyChunk = true;
+        const chunk = decoder.decode(value);
+        for (const message of chunk.split("\n\n").filter(Boolean)) {
+          const dataLine = message.split("\n").find((l) => l.startsWith("data:"));
+          if (!dataLine) continue;
+          try {
+            const parsed = JSON.parse(dataLine.slice("data:".length).trim());
+            if (check(parsed)) {
+              return parsed;
+            }
+          } catch {
+          }
+        }
+      }
+    } catch (e) {
+      if (e instanceof Error && e.name === "AbortError") throw e;
+      console.warn(e);
+    } finally {
+      reader.releaseLock();
+    }
+    if (sawAnyChunk) backoff = retryDelayMs;
+    else backoff = Math.min(backoff * 2, MAX_BACKOFF_MS);
+    const delay = streamDone ? backoff : 0;
+    if (delay) await sleep(delay);
+  }
+}
+
+// src/client/auth/authenticate.ts
+async function authenticate(clientSessionId, deps, expectedWallet) {
+  const { api, signal, setAuthState, storeSession, clearSession } = deps;
+  setAuthState({ step: "authenticating" });
+  await streamUntilFound(api, clientSessionId, (data2) => data2?.status === "READY", 200, signal);
+  const dpopJwk = await deps.getPublicJwk();
+  const { data, error } = await api.POST("/auth/login", {
+    body: {
+      clientSessionId,
+      dpopJwk,
+      ...deps.deviceLabel ? { deviceLabel: deps.deviceLabel } : {}
+    },
+    signal
+  });
+  if (data?.code === "SDK_LOGIN_SUCCESS" && isValidSession(data?.content)) {
+    if (expectedWallet && data.content.data.providers.wallet?.address !== expectedWallet) {
+      setAuthState({
+        step: "error",
+        previousStep: "authenticating",
+        message: "Wallet mismatch: session wallet does not match connected wallet",
+        errorCode: AUTH_ERROR_CODES.WALLET_AUTH_FAILED
+      });
+      clearSession();
+      return;
+    }
+    storeSession(data.content);
+  } else {
+    setAuthState({
+      step: "error",
+      previousStep: "authenticating",
+      message: "Failed to load session",
+      errorCode: AUTH_ERROR_CODES.AUTH_FAILED
+    });
+    clearSession();
+  }
+}
+
+// src/client/auth/deps.ts
+async function createAuthSession(deps) {
+  const { api, signal, setAuthState } = deps;
+  setAuthState({ step: "creating_session" });
+  const { data, error } = await api.POST("/auth/session", { signal });
+  if (error || !data?.success) {
+    setAuthState({
+      step: "error",
+      previousStep: "creating_session",
+      message: "Failed to create session",
+      errorCode: AUTH_ERROR_CODES.SESSION_CREATE_FAILED
+    });
+    return null;
+  }
+  return data.content.clientSessionId;
+}
+
+// src/client/auth/emailFlow.ts
+async function initEmailSession(deps) {
+  const clientSessionId = await createAuthSession(deps);
+  if (!clientSessionId) return;
+  deps.setAuthState({ step: "entering_email", clientSessionId });
+}
+async function sendEmailCode(email, clientSessionId, deps) {
+  const { api, signal, setAuthState } = deps;
+  setAuthState({ step: "sending_email", email });
+  const { data, error } = await api.POST("/auth/email", {
+    body: { clientSessionId, email },
+    signal
+  });
+  if (error || !data?.success) {
+    setAuthState({
+      step: "error",
+      previousStep: "sending_email",
+      message: "Failed to send code",
+      errorCode: AUTH_ERROR_CODES.EMAIL_SEND_FAILED
+    });
+    return;
+  }
+  setAuthState({ step: "entering_code", clientSessionId, email });
+}
+async function verifyAndAuthenticate(code, clientSessionId, email, deps) {
+  const { api, signal, setAuthState } = deps;
+  setAuthState({ step: "verifying_email_code", clientSessionId, email });
+  const { data, error } = await api.POST("/auth/email/verify-code", {
+    body: { clientSessionId, code },
+    signal
+  });
+  if (data?.code === "SDK_EMAIL_CODE_VERIFIED") {
+    await authenticate(clientSessionId, deps);
+    return;
+  }
+  const errCode = error?.error ?? data?.code;
+  if (errCode === "SDK_EMAIL_CODE_EXPIRED") {
+    setAuthState({
+      step: "error",
+      previousStep: "verifying_email_code",
+      message: "Code expired \u2014 request a new one",
+      errorCode: AUTH_ERROR_CODES.EMAIL_CODE_EXPIRED,
+      clientSessionId,
+      email
+    });
+    return;
+  }
+  if (errCode === "INVALID_EMAIL_CODE" || errCode === "SDK_EMAIL_CODE_INVALID") {
+    setAuthState({
+      step: "error",
+      previousStep: "verifying_email_code",
+      message: "Invalid code \u2014 try again",
+      errorCode: AUTH_ERROR_CODES.EMAIL_CODE_INVALID,
+      clientSessionId,
+      email
+    });
+    return;
+  }
+  setAuthState({
+    step: "error",
+    previousStep: "verifying_email_code",
+    message: "Failed to verify code \u2014 try again",
+    errorCode: AUTH_ERROR_CODES.EMAIL_VERIFY_FAILED
+  });
+}
+
+// src/client/auth/oauthFlow.ts
+function severOpener(popup) {
+  if (!popup) return;
+  try {
+    popup.opener = null;
+  } catch {
+  }
+}
+async function loginOAuth(provider, deps) {
+  const { setAuthState, basePath, apiKey } = deps;
+  const popup = window.open("about:blank", "_blank");
+  severOpener(popup);
+  const clientSessionId = await createAuthSession(deps);
+  if (!clientSessionId) {
+    popup?.close();
+    return;
+  }
+  setAuthState({ step: "opening_oauth", provider });
+  const url = new URL(`${basePath}/auth/${provider}`);
+  url.searchParams.set("api_key", apiKey);
+  url.searchParams.set("client_session_id", clientSessionId);
+  url.searchParams.set("redirect_uri", window.location.origin);
+  if (popup) {
+    popup.location.href = url.toString();
+    severOpener(popup);
+  } else {
+    window.open(url.toString(), "_blank", "noopener,noreferrer");
+  }
+  await authenticate(clientSessionId, deps);
+}
+
+// src/client/auth/walletFlow.ts
+function withSignal(promise, signal) {
+  return Promise.race([
+    promise,
+    new Promise((_, reject) => {
+      if (signal.aborted) {
+        reject(new DOMException("Aborted", "AbortError"));
+        return;
+      }
+      signal.addEventListener("abort", () => reject(new DOMException("Aborted", "AbortError")), { once: true });
+    })
+  ]);
+}
+async function loginWallet(type, deps) {
+  const { api, signal, setAuthState } = deps;
+  const clientSessionId = await createAuthSession(deps);
+  if (!clientSessionId) return;
+  let connectedWallet;
+  try {
+    setAuthState({ step: "connecting_wallet", walletType: type });
+    const adapter = await deps.resolveWalletAdapter(type);
+    const available = await withSignal(adapter.isAvailable(), signal);
+    if (!available) {
+      setAuthState({ step: "wallet_not_installed", walletType: type });
+      return;
+    }
+    const { publicKey } = await withSignal(adapter.connect(), signal);
+    connectedWallet = publicKey;
+    deps.storeWalletAdapter(adapter, type);
+    setAuthState({ step: "authenticating_wallet" });
+    const { data: walletData, error: walletError } = await api.POST("/auth/wallet", {
+      body: { clientSessionId, walletAddress: publicKey },
+      signal
+    });
+    if (walletError || !walletData?.success) {
+      setAuthState({
+        step: "error",
+        previousStep: "authenticating_wallet",
+        message: "Wallet authentication failed",
+        errorCode: AUTH_ERROR_CODES.WALLET_AUTH_FAILED
+      });
+      return;
+    }
+  } catch {
+    setAuthState({
+      step: "error",
+      previousStep: "connecting_wallet",
+      message: "Wallet connection failed",
+      errorCode: AUTH_ERROR_CODES.WALLET_CONNECT_FAILED
+    });
+    return;
+  }
+  await authenticate(clientSessionId, deps, connectedWallet);
+}
+
+// src/client/client.ts
+var isBrowser = typeof window !== "undefined" && typeof localStorage !== "undefined";
+var RETRIED_HEADER = "X-Pollar-Retried";
+function warnServerSide(method) {
+  console.warn(
+    `[PollarClient] ${method}() called server-side \u2014 browser APIs unavailable. Use PollarClient only in Client Components.`
+  );
+}
+var PollarClient = class {
+  constructor(config) {
+    /**
+     * Per-API-key storage namespace. Computed asynchronously inside
+     * `_initialize()` because SHA-256 lives behind `crypto.subtle.digest`.
+     * Accessing `apiKeyHash` before `await client.ready()` throws.
+     */
+    this._apiKeyHash = null;
+    this._session = null;
+    this._profile = null;
+    /** Last `DPoP-Nonce` we saw from a server response. Carried into the next proof. */
+    this._dpopNonce = null;
+    /** Singleton in-flight refresh — concurrent 401s coalesce into one /auth/refresh call. */
+    this._refreshPromise = null;
+    this._storageEventHandler = null;
+    this._transactionState = null;
+    this._transactionStateListeners = /* @__PURE__ */ new Set();
+    this._txHistoryState = { step: "idle" };
+    this._txHistoryStateListeners = /* @__PURE__ */ new Set();
+    this._walletBalanceState = { step: "idle" };
+    this._walletBalanceStateListeners = /* @__PURE__ */ new Set();
+    this._authState = { step: "idle" };
+    this._authStateListeners = /* @__PURE__ */ new Set();
+    this._networkState = { step: "idle" };
+    this._networkStateListeners = /* @__PURE__ */ new Set();
+    this._walletAdapter = null;
+    this._loginController = null;
+    this.apiKey = config.apiKey;
+    this.id = crypto.randomUUID();
+    this.basePath = `${config.baseUrl || "https://sdk.api.pollar.xyz"}/v1`;
+    this._storage = config.storage ?? defaultStorage(config.onStorageDegrade ? { onDegrade: config.onStorageDegrade } : void 0);
+    this._keyManager = config.keyManager ?? defaultKeyManager(this._storage, config.apiKey);
+    this._walletAdapterResolver = config.walletAdapter ?? null;
+    this._deviceLabel = config.deviceLabel;
+    this._api = createApiClient(this.basePath);
+    this._wireMiddlewares();
+    this._networkState = { step: "connected", network: config.stellarNetwork ?? "testnet" };
+    if (!isBrowser) {
+      warnServerSide("constructor");
+      this._initialized = Promise.resolve();
+      return;
+    }
+    console.info(`[PollarClient] Initialized \u2014 endpoint: ${this.basePath}, network: ${this._networkState.network}`);
+    this._initialized = this._initialize();
+  }
+  /**
+   * Short SHA-256-derived namespace for this client's persisted state.
+   * Available after `await client.ready()` (or any awaited method); throws
+   * if read before initialization completes.
+   */
+  get apiKeyHash() {
+    if (this._apiKeyHash === null) {
+      throw new Error("[PollarClient] apiKeyHash is not available until client.ready() resolves");
+    }
+    return this._apiKeyHash;
+  }
+  /** Awaitable handle for the initial keypair + session restore. */
+  ready() {
+    return this._initialized;
+  }
+  // ─── Lifecycle ────────────────────────────────────────────────────────────
+  async _initialize() {
+    this._apiKeyHash = await hashApiKey(this.apiKey);
+    if (typeof window !== "undefined") {
+      const sessionKey = sessionStorageKey(this._apiKeyHash);
+      const handler = (e) => {
+        if (e.key === sessionKey) {
+          this._restoreSession().catch((err) => console.error("[PollarClient] Cross-tab restore failed", err));
+        }
+      };
+      window.addEventListener("storage", handler);
+      this._storageEventHandler = handler;
+    }
+    try {
+      await this._keyManager.init();
+    } catch (err) {
+      console.warn("[PollarClient] KeyManager init failed; DPoP unavailable for this session", err);
+    }
+    await this._restoreSession();
+  }
+  /** Detach the cross-tab storage listener and abort any in-flight login. */
+  destroy() {
+    if (this._storageEventHandler && typeof window !== "undefined") {
+      window.removeEventListener("storage", this._storageEventHandler);
+      this._storageEventHandler = null;
+    }
+    this._loginController?.abort();
+    this._loginController = null;
+  }
+  // ─── Middlewares (DPoP + auto-refresh) ────────────────────────────────────
+  _wireMiddlewares() {
+    const self = this;
+    this._api.use({
+      onRequest: async ({ request }) => {
+        request.headers.set("x-pollar-api-key", self.apiKey);
+        await self._initialized;
+        const isRefresh = request.url.includes("/auth/refresh");
+        if (!isRefresh && self._refreshPromise) await self._refreshPromise;
+        if (isRefresh) {
+          const refreshProof = await self._buildProofForRequest(request, void 0);
+          if (refreshProof) request.headers.set("DPoP", refreshProof);
+          return request;
+        }
+        const accessToken = self._session?.token?.accessToken;
+        if (!accessToken) return request;
+        const proof = await self._buildProofForRequest(request, accessToken);
+        if (proof) {
+          request.headers.set("Authorization", `DPoP ${accessToken}`);
+          request.headers.set("DPoP", proof);
+        } else {
+          request.headers.set("Authorization", `Bearer ${accessToken}`);
+        }
+        return request;
+      },
+      onResponse: async ({ request, response }) => {
+        const newNonce = response.headers.get("DPoP-Nonce");
+        if (newNonce) self._dpopNonce = newNonce;
+        if (response.status !== 401) return response;
+        if (request.headers.get(RETRIED_HEADER)) return response;
+        if (request.url.includes("/auth/refresh")) return response;
+        const wwwAuth = response.headers.get("WWW-Authenticate") ?? "";
+        const isNonceChallenge = wwwAuth.includes("use_dpop_nonce");
+        if (!isNonceChallenge) {
+          try {
+            await self.refresh();
+          } catch {
+            return response;
+          }
+        }
+        return self._retryRequest(request);
+      }
+    });
+  }
+  async _buildProofForRequest(request, accessToken) {
+    try {
+      const htu = request.url.split("?")[0].split("#")[0];
+      return await buildProof(
+        {
+          htm: request.method,
+          htu,
+          ...accessToken ? { accessToken } : {},
+          ...this._dpopNonce !== null ? { nonce: this._dpopNonce } : {}
+        },
+        this._keyManager
+      );
+    } catch (err) {
+      console.warn("[PollarClient] DPoP proof build failed", err);
+      return null;
+    }
+  }
+  async _retryRequest(originalRequest) {
+    const clone = originalRequest.clone();
+    clone.headers.set(RETRIED_HEADER, "1");
+    const accessToken = this._session?.token?.accessToken;
+    if (accessToken) {
+      const proof = await this._buildProofForRequest(clone, accessToken);
+      if (proof) {
+        clone.headers.set("Authorization", `DPoP ${accessToken}`);
+        clone.headers.set("DPoP", proof);
+      } else {
+        clone.headers.set("Authorization", `Bearer ${accessToken}`);
+      }
+    }
+    return fetch(clone);
+  }
+  // ─── Refresh (race-safe singleton) ───────────────────────────────────────
+  /**
+   * Coalesce concurrent refresh attempts. The first caller does the work;
+   * everyone else awaits the same promise and sees the new tokens.
+   */
+  refresh() {
+    if (this._refreshPromise) return this._refreshPromise;
+    this._refreshPromise = this._doRefresh().finally(() => {
+      this._refreshPromise = null;
+    });
+    return this._refreshPromise;
+  }
+  async _doRefresh() {
+    const refreshToken = this._session?.token?.refreshToken;
+    if (!refreshToken) {
+      console.warn("[PollarClient] Refresh skipped: no refresh token in session");
+      await this._clearSession();
+      throw new Error("No refresh token available");
+    }
+    let data;
+    let error;
+    try {
+      const response = await this._api.POST("/auth/refresh", { body: { refreshToken } });
+      data = response.data;
+      error = response.error;
+    } catch (err) {
+      console.error("[PollarClient] /auth/refresh request threw", err);
+      await this._clearSession();
+      throw err;
+    }
+    if (error || !data) {
+      console.warn("[PollarClient] /auth/refresh returned error", { error });
+      await this._clearSession();
+      throw new Error("Refresh failed");
+    }
+    const successData = data;
+    if (!successData.success || !successData.content?.token) {
+      console.warn("[PollarClient] /auth/refresh response malformed", successData);
+      await this._clearSession();
+      throw new Error("Refresh response malformed");
+    }
+    const newToken = successData.content.token;
+    if (typeof newToken.accessToken !== "string" || typeof newToken.refreshToken !== "string" || typeof newToken.expiresAt !== "number") {
+      console.warn("[PollarClient] /auth/refresh token shape invalid", newToken);
+      await this._clearSession();
+      throw new Error("Refresh response token shape invalid");
+    }
+    if (this._session) {
+      try {
+        this._session = { ...this._session, token: newToken };
+        await writeStorage(this._storage, this.apiKeyHash, this._session);
+        console.info("[PollarClient] Tokens refreshed");
+      } catch (err) {
+        console.error("[PollarClient] Failed to persist refreshed session", err);
+      }
+    }
+  }
+  // ─── Auth state ──────────────────────────────────────────────────────────────
+  getAuthState() {
+    return this._authState;
+  }
+  onAuthStateChange(cb) {
+    this._authStateListeners.add(cb);
+    cb(this._authState);
+    return () => this._authStateListeners.delete(cb);
+  }
+  /** PII (email, names, avatar, providers). Held in memory only — never persisted. */
+  getUserProfile() {
+    return this._profile;
+  }
+  // ─── Login (unified entry point) ─────────────────────────────────────────
+  login(options) {
+    if (!isBrowser) {
+      warnServerSide("login");
+      return;
+    }
+    if (options.provider === "google" || options.provider === "github" || options.provider === "email") {
+      const controller = this._newController();
+      const deps = this._flowDeps(controller.signal);
+      if (options.provider === "google" || options.provider === "github") {
+        loginOAuth(options.provider, {
+          ...deps,
+          basePath: this.basePath,
+          apiKey: this.apiKey
+        }).catch((err) => this._handleFlowError(err));
+      } else if (options.provider === "email") {
+        const { email } = options;
+        initEmailSession(deps).then(() => {
+          if (this._authState.step === "entering_email") {
+            return sendEmailCode(email, this._authState.clientSessionId, deps);
+          }
+        }).catch((err) => this._handleFlowError(err));
+      }
+    } else if (options.provider === "wallet") {
+      this.loginWallet(options.type);
+    }
+  }
+  // ─── Email OTP flow (3 steps) ─────────────────────────────────────────────
+  beginEmailLogin() {
+    if (!isBrowser) {
+      warnServerSide("beginEmailLogin");
+      return;
+    }
+    const controller = this._newController();
+    initEmailSession(this._flowDeps(controller.signal)).catch((err) => this._handleFlowError(err));
+  }
+  sendEmailCode(email) {
+    if (!isBrowser) {
+      warnServerSide("sendEmailCode");
+      return;
+    }
+    if (this._authState.step !== "entering_email") {
+      throw new PollarFlowError(`sendEmailCode() requires step 'entering_email', current step is '${this._authState.step}'`);
+    }
+    const { clientSessionId } = this._authState;
+    const signal = this._loginController.signal;
+    sendEmailCode(email, clientSessionId, this._flowDeps(signal)).catch((err) => this._handleFlowError(err));
+  }
+  verifyEmailCode(code) {
+    if (!isBrowser) {
+      warnServerSide("verifyEmailCode");
+      return;
+    }
+    const isRetryableError = this._authState.step === "error" && this._authState.clientSessionId != null && (this._authState.errorCode === AUTH_ERROR_CODES.EMAIL_CODE_INVALID || this._authState.errorCode === AUTH_ERROR_CODES.EMAIL_CODE_EXPIRED);
+    if (this._authState.step !== "entering_code" && !isRetryableError) {
+      throw new PollarFlowError(`verifyEmailCode() requires step 'entering_code', current step is '${this._authState.step}'`);
+    }
+    const state = this._authState;
+    const clientSessionId = state.step === "entering_code" ? state.clientSessionId : state.clientSessionId;
+    const email = state.step === "entering_code" ? state.email : state.email ?? "";
+    const controller = this._newController();
+    verifyAndAuthenticate(code, clientSessionId, email, this._flowDeps(controller.signal)).catch(
+      (err) => this._handleFlowError(err)
+    );
+  }
+  // ─── Wallet flow (single call) ────────────────────────────────────────────
+  loginWallet(type) {
+    if (!isBrowser) {
+      warnServerSide("loginWallet");
+      return;
+    }
+    const controller = this._newController();
+    loginWallet(type, this._flowDeps(controller.signal)).catch((err) => this._handleFlowError(err));
+  }
+  // ─── Cancel ───────────────────────────────────────────────────────────────
+  cancelLogin() {
+    this._loginController?.abort();
+    this._loginController = null;
+    this._setAuthState({ step: "idle" });
+  }
+  // ─── Logout ───────────────────────────────────────────────────────────────
+  /**
+   * Revoke the current session server-side, then clear local storage.
+   *
+   * Server revocation is best-effort: if the POST fails (offline, server
+   * down), local state is wiped regardless. The orphan refresh token then
+   * remains unused until its natural expiry. The in-flight access token
+   * stays valid until its own TTL elapses (≤10 min for DPoP-bound tokens).
+   *
+   * Pass `everywhere: true` to revoke every active session for this user
+   * across all devices.
+   */
+  async logout(options = {}) {
+    if (!isBrowser) {
+      warnServerSide("logout");
+      return;
+    }
+    console.info("[PollarClient] Logout requested", { everywhere: !!options.everywhere });
+    if (this._session?.token?.accessToken) {
+      try {
+        await this._api.POST("/auth/logout", {
+          body: options.everywhere ? { everywhere: true } : {}
+        });
+      } catch (err) {
+        console.warn("[PollarClient] Server logout failed (continuing with local clear)", err);
+      }
+    }
+    try {
+      await this._clearSession();
+    } catch (err) {
+      console.warn("[PollarClient] Local logout cleanup failed", err);
+    }
+  }
+  /** Convenience: revoke every active session for this user (all devices). */
+  logoutEverywhere() {
+    return this.logout({ everywhere: true });
+  }
+  /**
+   * List active sessions for the authenticated user. Returns one entry per
+   * refresh-token family with the metadata captured at issuance time. The
+   * `current` flag identifies which entry corresponds to this client.
+   */
+  async listSessions() {
+    if (!isBrowser) {
+      warnServerSide("listSessions");
+      return [];
+    }
+    if (!this._session?.token?.accessToken) {
+      throw new Error("[PollarClient] listSessions requires an authenticated session");
+    }
+    const { data, error } = await this._api.GET("/auth/sessions");
+    if (error || !data?.success) {
+      throw new Error("[PollarClient] Failed to list sessions");
+    }
+    return data.content.sessions;
+  }
+  /**
+   * Revoke a specific refresh-token family (a single device session). Use
+   * `listSessions` to enumerate the familyIds. Revoking the current session
+   * does NOT clear local state — call `logout()` for that case.
+   */
+  async revokeSession(familyId) {
+    if (!isBrowser) {
+      warnServerSide("revokeSession");
+      return;
+    }
+    if (!this._session?.token?.accessToken) {
+      throw new Error("[PollarClient] revokeSession requires an authenticated session");
+    }
+    const { error } = await this._api.DELETE("/auth/sessions/{familyId}", {
+      params: { path: { familyId } }
+    });
+    if (error) {
+      throw new Error("[PollarClient] Failed to revoke session");
+    }
+  }
+  // ─── Network ──────────────────────────────────────────────────────────────
+  getNetwork() {
+    return this._networkState.step === "connected" ? this._networkState.network : "testnet";
+  }
+  getNetworkState() {
+    return this._networkState;
+  }
+  setNetwork(network) {
+    this._setNetworkState({ step: "connected", network });
+  }
+  onNetworkStateChange(cb) {
+    this._networkStateListeners.add(cb);
+    cb(this._networkState);
+    return () => this._networkStateListeners.delete(cb);
+  }
+  // ─── Transaction state ────────────────────────────────────────────────────
+  getTransactionState() {
+    return this._transactionState;
+  }
+  onTransactionStateChange(cb) {
+    this._transactionStateListeners.add(cb);
+    if (this._transactionState) cb(this._transactionState);
+    return () => this._transactionStateListeners.delete(cb);
+  }
+  // ─── Tx history ──────────────────────────────────────────────────────────
+  getTxHistoryState() {
+    return this._txHistoryState;
+  }
+  onTxHistoryStateChange(cb) {
+    this._txHistoryStateListeners.add(cb);
+    cb(this._txHistoryState);
+    return () => this._txHistoryStateListeners.delete(cb);
+  }
+  async fetchTxHistory(params = {}) {
+    this._setTxHistoryState({ step: "loading", params });
+    try {
+      const { data, error } = await this._api.GET("/tx/history", { params: { query: params } });
+      if (!error && data?.success && data.content) {
+        this._setTxHistoryState({ step: "loaded", params, data: data.content });
+      } else {
+        const message = error?.message ?? "Failed to load history";
+        this._setTxHistoryState({ step: "error", params, message });
+      }
+    } catch {
+      this._setTxHistoryState({ step: "error", params, message: "Failed to load history" });
+    }
+  }
+  // ─── Wallet balance ───────────────────────────────────────────────────────
+  getWalletBalanceState() {
+    return this._walletBalanceState;
+  }
+  onWalletBalanceStateChange(cb) {
+    this._walletBalanceStateListeners.add(cb);
+    cb(this._walletBalanceState);
+    return () => this._walletBalanceStateListeners.delete(cb);
+  }
+  async refreshBalance(publicKey) {
+    const pk = publicKey ?? this._session?.wallet?.publicKey;
+    if (!pk) {
+      this._setWalletBalanceState({ step: "error", message: "No wallet connected" });
+      return;
+    }
+    this._setWalletBalanceState({ step: "loading" });
+    try {
+      const network = this.getNetwork();
+      const { data, error } = await this._api.GET("/wallet/balance", { params: { query: { publicKey: pk, network } } });
+      if (!error && data?.success && data.content) {
+        this._setWalletBalanceState({ step: "loaded", data: data.content });
+      } else {
+        this._setWalletBalanceState({ step: "error", message: "Failed to load balance" });
+      }
+    } catch {
+      this._setWalletBalanceState({ step: "error", message: "Failed to load balance" });
+    }
+  }
+  // ─── Transactions ─────────────────────────────────────────────────────────
+  async buildTx(operation, params, options) {
+    if (!this._session?.wallet?.publicKey) {
+      this._setTransactionState({ step: "error", details: "No wallet connected" });
+      return;
+    }
+    const body = {
+      network: this.getNetwork(),
+      publicKey: this._session.wallet.publicKey,
+      operation,
+      params,
+      options: options ?? {}
+    };
+    try {
+      this._setTransactionState({ step: "building" });
+      const { data, error } = await this._api.POST("/tx/build", { body });
+      if (!error && data?.success && data.content) {
+        this._setTransactionState({ step: "built", buildData: data.content });
+      } else {
+        const details = error?.details;
+        this._setTransactionState({ step: "error", ...details && { details } });
+      }
+    } catch {
+      this._setTransactionState({ step: "error" });
+    }
+  }
+  getWalletType() {
+    return this._walletAdapter?.type ?? null;
+  }
+  async signAndSubmitTx(unsignedXdr) {
+    const state = this._transactionState;
+    const buildData = state?.step === "built" ? state.buildData : state?.step === "error" ? state.buildData : void 0;
+    const stateExtra = buildData ? { buildData } : { external: true };
+    this._setTransactionState({ step: "signing", ...stateExtra });
+    const accountToSign = this._session?.wallet?.publicKey;
+    if (this._walletAdapter) {
+      try {
+        const signOpts = accountToSign ? { networkPassphrase: this._networkPassphrase(), accountToSign } : { networkPassphrase: this._networkPassphrase() };
+        const { signedTxXdr } = await this._walletAdapter.signTransaction(unsignedXdr, signOpts);
+        const stellarClient = new StellarClient(this.getNetwork());
+        const result = await stellarClient.submitTransaction(signedTxXdr);
+        if (result.success) {
+          this._setTransactionState({ step: "success", ...stateExtra, hash: result.hash });
+        } else {
+          this._setTransactionState({ step: "error", ...stateExtra, details: result.errorCode });
+        }
+      } catch {
+        this._setTransactionState({ step: "error", ...stateExtra });
+      }
+      return;
+    }
+    const body = {
+      network: this.getNetwork(),
+      publicKey: this._session?.wallet?.publicKey ?? "",
+      unsignedXdr
+    };
+    try {
+      const { data, error } = await this._api.POST("/tx/sign-and-send", { body });
+      if (!error && data?.success && data.content?.hash) {
+        this._setTransactionState({ step: "success", ...stateExtra, hash: data.content.hash });
+      } else {
+        const details = error?.details;
+        this._setTransactionState({ step: "error", ...stateExtra, ...details && { details } });
+      }
+    } catch {
+      this._setTransactionState({ step: "error", ...stateExtra });
+    }
+  }
+  // ─── App config ───────────────────────────────────────────────────────────
+  async getAppConfig() {
+    try {
+      const { data, error } = await this._api.GET("/applications/config");
+      if (!data || error) return null;
+      return data.content;
+    } catch {
+      return null;
+    }
+  }
+  // ─── KYC ──────────────────────────────────────────────────────────────────
+  getKycStatus(providerId) {
+    return getKycStatus(this._api, providerId);
+  }
+  getKycProviders(country) {
+    return getKycProviders(this._api, country);
+  }
+  startKyc(body) {
+    return startKyc(this._api, body);
+  }
+  resolveKyc(providerId, level) {
+    return resolveKyc(this._api, providerId, level);
+  }
+  pollKycStatus(providerId, opts) {
+    return pollKycStatus(this._api, providerId, opts);
+  }
+  // ─── Ramps ────────────────────────────────────────────────────────────────
+  getRampsQuote(query) {
+    return getRampsQuote(this._api, query);
+  }
+  createOnRamp(body) {
+    return createOnRamp(this._api, body);
+  }
+  createOffRamp(body) {
+    return createOffRamp(this._api, body);
+  }
+  getRampTransaction(txId) {
+    return getRampTransaction(this._api, txId);
+  }
+  pollRampTransaction(txId, opts) {
+    return pollRampTransaction(this._api, txId, opts);
+  }
+  _setTxHistoryState(next) {
+    this._txHistoryState = next;
+    for (const cb of this._txHistoryStateListeners) cb(next);
+  }
+  _setWalletBalanceState(next) {
+    this._walletBalanceState = next;
+    for (const cb of this._walletBalanceStateListeners) cb(next);
+  }
+  // ─── Private ──────────────────────────────────────────────────────────────
+  _newController() {
+    this._loginController?.abort();
+    this._loginController = new AbortController();
+    return this._loginController;
+  }
+  _flowDeps(signal) {
+    return {
+      api: this._api,
+      signal,
+      setAuthState: this._setAuthState.bind(this),
+      storeSession: this._storeSession.bind(this),
+      clearSession: this._clearSession.bind(this),
+      getPublicJwk: () => this._keyManager.getPublicJwk(),
+      resolveWalletAdapter: (id) => this._resolveWalletAdapter(id),
+      storeWalletAdapter: async (adapter, id) => {
+        this._walletAdapter = adapter;
+        await writeWalletType(this._storage, this.apiKeyHash, id);
+      },
+      ...this._deviceLabel ? { deviceLabel: this._deviceLabel } : {}
+    };
+  }
+  /**
+   * Resolves a wallet adapter for the requested id. Uses the consumer's
+   * injected `walletAdapter` resolver when present; otherwise falls back to
+   * the built-in `FreighterAdapter` / `AlbedoAdapter`. Throws if the id is
+   * unknown and no resolver is configured.
+   */
+  async _resolveWalletAdapter(id) {
+    if (this._walletAdapterResolver) {
+      return Promise.resolve(this._walletAdapterResolver(id));
+    }
+    if (id === "freighter" /* FREIGHTER */) return new FreighterAdapter();
+    if (id === "albedo" /* ALBEDO */) return new AlbedoAdapter();
+    throw new Error(
+      `[PollarClient] No wallet adapter configured for "${id}". Pass a walletAdapter resolver in PollarClientConfig.`
+    );
+  }
+  _handleFlowError(error) {
+    if (error instanceof Error && error.name === "AbortError") {
+      console.info("[PollarClient] Login cancelled");
+      this._setAuthState({ step: "idle" });
+      return;
+    }
+    console.error("[PollarClient] Unexpected error in auth flow", error);
+    this._setAuthState({
+      step: "error",
+      previousStep: this._authState.step,
+      message: "An unexpected error occurred",
+      errorCode: AUTH_ERROR_CODES.UNEXPECTED_ERROR
+    });
+  }
+  async _restoreSession() {
+    this._session = await readStorage(this._storage, this.apiKeyHash);
+    if (this._session) {
+      const storedType = await readWalletType(this._storage, this.apiKeyHash);
+      if (storedType) {
+        try {
+          this._walletAdapter = await this._resolveWalletAdapter(storedType);
+        } catch (err) {
+          console.warn("[PollarClient] Could not restore wallet adapter for stored id", { id: storedType, err });
+        }
+      }
+      console.info("[PollarClient] Session restored from storage");
+      this._setAuthState({ step: "authenticated", session: this._session });
+    } else {
+      console.info("[PollarClient] No session in storage");
+    }
+  }
+  async _storeSession(session) {
+    console.info("[PollarClient] Session stored");
+    const persisted = {
+      clientSessionId: session.clientSessionId,
+      userId: session.userId ?? null,
+      status: session.status,
+      token: session.token,
+      user: session.user,
+      wallet: session.wallet
+    };
+    this._session = persisted;
+    if (session.data) {
+      this._profile = {
+        mail: session.data.mail,
+        first_name: session.data.first_name,
+        last_name: session.data.last_name,
+        avatar: session.data.avatar,
+        providers: session.data.providers
+      };
+    }
+    await writeStorage(this._storage, this.apiKeyHash, persisted);
+    this._setAuthState({ step: "authenticated", session: persisted });
+  }
+  async _clearSession() {
+    console.info("[PollarClient] Session cleared");
+    this._session = null;
+    this._profile = null;
+    this._walletAdapter = null;
+    this._dpopNonce = null;
+    try {
+      await this._keyManager.reset();
+    } catch (err) {
+      console.warn("[PollarClient] KeyManager reset failed during clearSession", err);
+    }
+    await removeStorage(this._storage, this.apiKeyHash);
+    this._transactionState = null;
+    this._setAuthState({ step: "idle" });
+  }
+  _networkPassphrase() {
+    return this.getNetwork() === "mainnet" ? "Public Global Stellar Network ; September 2015" : "Test SDF Network ; September 2015";
+  }
+  _setNetworkState(next) {
+    this._networkState = next;
+    const label = next.step === "connected" ? next.network : next.step;
+    console.info(`[PollarClient] network:${label}`);
+    for (const cb of this._networkStateListeners) cb(next);
+  }
+  _setAuthState(next) {
+    this._authState = next;
+    console.info(`[PollarClient] auth:${next.step}`);
+    for (const cb of this._authStateListeners) cb(next);
+  }
+  _setTransactionState(next) {
+    this._transactionState = next;
+    console.info(`[PollarClient] transaction:${next.step}`);
+    for (const cb of this._transactionStateListeners) cb(next);
+  }
+};
+
+// src/index.rn.ts
+_setDefaultKeyManagerFactory((storage, apiKey) => {
+  const subtle = globalThis.crypto?.subtle;
+  if (subtle && typeof subtle.generateKey === "function" && typeof subtle.sign === "function") {
+    return new WebCryptoKeyManager(apiKey);
+  }
+  return new NobleKeyManager(storage, apiKey);
+});
+
+export { AUTH_ERROR_CODES, AlbedoAdapter, FreighterAdapter, NobleKeyManager, PollarClient, StellarClient, WalletType, WebCryptoKeyManager, buildProof, canonicalEcJwk, computeJwkThumbprint, createLocalStorageAdapter, createMemoryAdapter, createOffRamp, createOnRamp, defaultKeyManager, defaultStorage, getKycProviders, getKycStatus, getRampTransaction, getRampsQuote, isValidSession, normalizeHtu, pollKycStatus, pollRampTransaction, resolveKyc, startKyc };
+//# sourceMappingURL=index.rn.mjs.map
+//# sourceMappingURL=index.rn.mjs.map