@pollar/core 0.6.0 → 0.7.0

package/dist/index.js

@@ -171,6 +171,250 @@ var require_index_min = __commonJS({
   }
 });
 
+// src/keys/factory.ts
+var _factory = null;
+function _setDefaultKeyManagerFactory(factory) {
+  _factory = factory;
+}
+function defaultKeyManager(storage, apiKey) {
+  if (!_factory) {
+    throw new Error(
+      '[PollarClient] No default KeyManager factory registered. Did you import from "@pollar/core" via a non-standard path?'
+    );
+  }
+  return _factory(storage, apiKey);
+}
+
+// src/lib/sha256.ts
+async function sha256(data) {
+  const buf = await crypto.subtle.digest("SHA-256", data);
+  return new Uint8Array(buf);
+}
+
+// src/lib/api-key-hash.ts
+async function hashApiKey(apiKey) {
+  const digest = await sha256(new TextEncoder().encode(apiKey));
+  let hex = "";
+  for (let i = 0; i < 4; i++) hex += digest[i].toString(16).padStart(2, "0");
+  return hex;
+}
+
+// src/lib/base64url.ts
+var ALPHABET = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";
+(() => {
+  const m = /* @__PURE__ */ new Map();
+  for (let i = 0; i < ALPHABET.length; i++) m.set(ALPHABET[i], i);
+  return m;
+})();
+function base64urlEncode(bytes) {
+  let result = "";
+  let i = 0;
+  for (; i + 2 < bytes.length; i += 3) {
+    const b1 = bytes[i];
+    const b2 = bytes[i + 1];
+    const b3 = bytes[i + 2];
+    result += ALPHABET[b1 >> 2];
+    result += ALPHABET[(b1 & 3) << 4 | b2 >> 4];
+    result += ALPHABET[(b2 & 15) << 2 | b3 >> 6];
+    result += ALPHABET[b3 & 63];
+  }
+  if (i < bytes.length) {
+    const b1 = bytes[i];
+    if (i + 1 === bytes.length) {
+      result += ALPHABET[b1 >> 2];
+      result += ALPHABET[(b1 & 3) << 4];
+    } else {
+      const b2 = bytes[i + 1];
+      result += ALPHABET[b1 >> 2];
+      result += ALPHABET[(b1 & 3) << 4 | b2 >> 4];
+      result += ALPHABET[(b2 & 15) << 2];
+    }
+  }
+  return result;
+}
+function base64urlEncodeString(s) {
+  return base64urlEncode(new TextEncoder().encode(s));
+}
+
+// src/keys/thumbprint.ts
+async function computeJwkThumbprint(jwk) {
+  if (jwk.kty !== "EC" || jwk.crv !== "P-256" || !jwk.x || !jwk.y) {
+    throw new Error("[PollarClient:thumbprint] Expected EC P-256 JWK with x and y");
+  }
+  const canonical = `{"crv":"${jwk.crv}","kty":"${jwk.kty}","x":"${jwk.x}","y":"${jwk.y}"}`;
+  const digest = await sha256(new TextEncoder().encode(canonical));
+  return base64urlEncode(digest);
+}
+function canonicalEcJwk(jwk) {
+  if (jwk.kty !== "EC" || jwk.crv !== "P-256" || typeof jwk.x !== "string" || typeof jwk.y !== "string") {
+    throw new Error("[PollarClient:thumbprint] Source JWK is not an EC P-256 public key");
+  }
+  return { kty: "EC", crv: "P-256", x: jwk.x, y: jwk.y };
+}
+
+// src/keys/web-crypto.ts
+var DB_NAME = "pollar-keys";
+var DB_VERSION = 1;
+var STORE_NAME = "keys";
+function openDb() {
+  return new Promise((resolve, reject) => {
+    if (typeof indexedDB === "undefined") {
+      reject(new Error("[PollarClient:keys] IndexedDB not available"));
+      return;
+    }
+    const req = indexedDB.open(DB_NAME, DB_VERSION);
+    req.onerror = () => reject(req.error ?? new Error("IDB open failed"));
+    req.onsuccess = () => resolve(req.result);
+    req.onupgradeneeded = () => {
+      const db = req.result;
+      if (!db.objectStoreNames.contains(STORE_NAME)) {
+        db.createObjectStore(STORE_NAME);
+      }
+    };
+  });
+}
+function awaitTx(req) {
+  return new Promise((resolve, reject) => {
+    req.onsuccess = () => resolve(req.result);
+    req.onerror = () => reject(req.error ?? new Error("IDB request failed"));
+  });
+}
+async function dbGet(key) {
+  const db = await openDb();
+  try {
+    const tx = db.transaction(STORE_NAME, "readonly");
+    const result = await awaitTx(tx.objectStore(STORE_NAME).get(key));
+    return result;
+  } finally {
+    db.close();
+  }
+}
+async function dbPut(key, value) {
+  const db = await openDb();
+  try {
+    const tx = db.transaction(STORE_NAME, "readwrite");
+    await awaitTx(tx.objectStore(STORE_NAME).put(value, key));
+  } finally {
+    db.close();
+  }
+}
+async function dbDelete(key) {
+  const db = await openDb();
+  try {
+    const tx = db.transaction(STORE_NAME, "readwrite");
+    await awaitTx(tx.objectStore(STORE_NAME).delete(key));
+  } finally {
+    db.close();
+  }
+}
+function isCryptoKeyPair(v) {
+  if (typeof v !== "object" || v === null) return false;
+  const obj = v;
+  return obj.privateKey !== void 0 && obj.publicKey !== void 0;
+}
+var WebCryptoKeyManager = class {
+  constructor(apiKey) {
+    this.apiKeyHash = null;
+    this.keyPair = null;
+    this.publicJwk = null;
+    this.thumbprint = null;
+    /**
+     * Cached in-flight init. Lets `init()` be called concurrently (or implicitly
+     * from `getPublicJwk` / `sign`) without doing the work twice. Cleared on
+     * failure so callers can retry, and cleared on `reset()`.
+     */
+    this._initPromise = null;
+    if (typeof globalThis.crypto === "undefined" || !globalThis.crypto.subtle) {
+      throw new Error(
+        "[PollarClient:keys] SubtleCrypto is unavailable. DPoP requires a secure context (HTTPS or localhost)."
+      );
+    }
+    this.apiKey = apiKey;
+  }
+  /**
+   * Idempotent and safe under concurrency. The first call kicks off the real
+   * init; subsequent (and concurrent) calls return the same in-flight promise.
+   * Other methods (`getPublicJwk`, `getThumbprint`, `sign`) auto-await this so
+   * the manager is self-healing if `init()` was never explicitly invoked.
+   */
+  async init() {
+    if (this.keyPair) return;
+    if (!this._initPromise) {
+      this._initPromise = this._doInit().catch((err) => {
+        console.error("[PollarClient:keys] WebCryptoKeyManager init failed", err);
+        this._initPromise = null;
+        throw err;
+      });
+    }
+    return this._initPromise;
+  }
+  async _doInit() {
+    if (!this.apiKeyHash) {
+      this.apiKeyHash = await hashApiKey(this.apiKey);
+    }
+    let pair;
+    try {
+      pair = await dbGet(this.apiKeyHash);
+      if (pair && !isCryptoKeyPair(pair)) pair = void 0;
+    } catch {
+      pair = void 0;
+    }
+    if (!pair) {
+      pair = await globalThis.crypto.subtle.generateKey(
+        { name: "ECDSA", namedCurve: "P-256" },
+        // false → private key non-extractable; per W3C ECDSA spec the public
+        // key is always extractable regardless of this flag.
+        false,
+        ["sign", "verify"]
+      );
+      try {
+        await dbPut(this.apiKeyHash, pair);
+      } catch {
+      }
+    }
+    this.keyPair = pair;
+    const exported = await globalThis.crypto.subtle.exportKey("jwk", pair.publicKey);
+    this.publicJwk = canonicalEcJwk(exported);
+    this.thumbprint = await computeJwkThumbprint(this.publicJwk);
+  }
+  async reset() {
+    try {
+      if (this.apiKeyHash) await dbDelete(this.apiKeyHash);
+    } catch {
+    }
+    this.keyPair = null;
+    this.publicJwk = null;
+    this.thumbprint = null;
+    this._initPromise = null;
+  }
+  async getPublicJwk() {
+    if (!this.publicJwk) await this.init();
+    if (!this.publicJwk) {
+      throw new Error("[PollarClient:keys] Keypair initialization failed; getPublicJwk unavailable");
+    }
+    return { kty: this.publicJwk.kty, crv: this.publicJwk.crv, x: this.publicJwk.x, y: this.publicJwk.y };
+  }
+  async getThumbprint() {
+    if (!this.thumbprint) await this.init();
+    if (!this.thumbprint) {
+      throw new Error("[PollarClient:keys] Keypair initialization failed; getThumbprint unavailable");
+    }
+    return this.thumbprint;
+  }
+  async sign(payload) {
+    if (!this.keyPair) await this.init();
+    if (!this.keyPair) {
+      throw new Error("[PollarClient:keys] Keypair initialization failed; sign unavailable");
+    }
+    const sig = await globalThis.crypto.subtle.sign(
+      { name: "ECDSA", hash: "SHA-256" },
+      this.keyPair.privateKey,
+      payload
+    );
+    return new Uint8Array(sig);
+  }
+};
+
 // ../../node_modules/openapi-fetch/dist/index.mjs
 var PATH_PARAM_RE = /\{[^{}]+\}/g;
 var supportsRequestInitExt = () => {
@@ -719,6 +963,68 @@ async function pollRampTransaction(api, txId, { intervalMs = 5e3, timeoutMs = 6e
   throw new Error("Ramp transaction polling timed out");
 }
 
+// src/dpop.ts
+async function buildProof(args, keyManager) {
+  const jwk = await keyManager.getPublicJwk();
+  const header = {
+    typ: "dpop+jwt",
+    alg: "ES256",
+    jwk
+  };
+  const payload = {
+    jti: generateJti(),
+    htm: args.htm.toUpperCase(),
+    htu: normalizeHtu(args.htu),
+    iat: Math.floor(Date.now() / 1e3)
+  };
+  if (args.accessToken !== void 0 && args.accessToken !== "") {
+    payload.ath = base64urlEncode(await sha256(new TextEncoder().encode(args.accessToken)));
+  }
+  if (args.nonce !== void 0 && args.nonce !== "") {
+    payload.nonce = args.nonce;
+  }
+  const encodedHeader = base64urlEncodeString(JSON.stringify(header));
+  const encodedPayload = base64urlEncodeString(JSON.stringify(payload));
+  const signingInput = `${encodedHeader}.${encodedPayload}`;
+  const signature = await keyManager.sign(new TextEncoder().encode(signingInput));
+  const encodedSignature = base64urlEncode(signature);
+  return `${signingInput}.${encodedSignature}`;
+}
+function normalizeHtu(rawUrl) {
+  let url;
+  try {
+    url = new URL(rawUrl);
+  } catch {
+    return rawUrl.split("#")[0].split("?")[0];
+  }
+  const scheme = url.protocol.toLowerCase();
+  const host = url.hostname.toLowerCase();
+  let port = url.port;
+  if (scheme === "https:" && port === "443" || scheme === "http:" && port === "80") {
+    port = "";
+  }
+  const portPart = port ? `:${port}` : "";
+  return `${scheme}//${host}${portPart}${url.pathname}`;
+}
+function generateJti() {
+  const c = globalThis.crypto;
+  if (c && typeof c.randomUUID === "function") {
+    return c.randomUUID();
+  }
+  if (c && typeof c.getRandomValues === "function") {
+    const bytes = new Uint8Array(16);
+    c.getRandomValues(bytes);
+    bytes[6] = bytes[6] & 15 | 64;
+    bytes[8] = bytes[8] & 63 | 128;
+    const hex = [];
+    for (let i = 0; i < 16; i++) hex.push(bytes[i].toString(16).padStart(2, "0"));
+    return `${hex.slice(0, 4).join("")}-${hex.slice(4, 6).join("")}-${hex.slice(6, 8).join("")}-${hex.slice(8, 10).join("")}-${hex.slice(10, 16).join("")}`;
+  }
+  throw new Error(
+    "[PollarClient:dpop] No secure random source available (crypto.randomUUID / crypto.getRandomValues). DPoP requires a secure context (HTTPS) or, in React Native, the `react-native-get-random-values` polyfill."
+  );
+}
+
 // src/stellar/StellarClient.ts
 var HORIZON_URLS = {
   mainnet: "https://horizon.stellar.org",
@@ -747,6 +1053,93 @@ var StellarClient = class {
   }
 };
 
+// src/storage/web.ts
+var LOG_PREFIX = "[PollarClient:storage]";
+function createMemoryAdapter() {
+  const store = /* @__PURE__ */ new Map();
+  return {
+    async get(key) {
+      const value = store.get(key);
+      return value === void 0 ? null : value;
+    },
+    async set(key, value) {
+      store.set(key, value);
+    },
+    async remove(key) {
+      store.delete(key);
+    }
+  };
+}
+function createLocalStorageAdapter(options = {}) {
+  const fallback = createMemoryAdapter();
+  let degraded = false;
+  function degrade(reason, error) {
+    if (degraded) return;
+    degraded = true;
+    console.warn(`${LOG_PREFIX} localStorage unavailable (${reason}); degrading to in-memory storage`);
+    options.onDegrade?.(reason, error);
+  }
+  return {
+    async get(key) {
+      if (degraded) return fallback.get(key);
+      try {
+        return globalThis.localStorage.getItem(key);
+      } catch (error) {
+        degrade("read-failed", error);
+        return fallback.get(key);
+      }
+    },
+    async set(key, value) {
+      if (degraded) return fallback.set(key, value);
+      try {
+        globalThis.localStorage.setItem(key, value);
+      } catch (error) {
+        const reason = isQuotaError(error) ? "quota-exceeded" : "write-failed";
+        degrade(reason, error);
+        await fallback.set(key, value);
+      }
+    },
+    async remove(key) {
+      if (degraded) return fallback.remove(key);
+      try {
+        globalThis.localStorage.removeItem(key);
+      } catch (error) {
+        degrade("remove-failed", error);
+        await fallback.remove(key);
+      }
+    }
+  };
+}
+function isQuotaError(error) {
+  if (typeof error !== "object" || error === null) return false;
+  const name = error.name;
+  const code = error.code;
+  return name === "QuotaExceededError" || name === "NS_ERROR_DOM_QUOTA_REACHED" || code === 22 || code === 1014;
+}
+
+// src/storage/autodetect.ts
+var PROBE_KEY = "__pollar_storage_probe__";
+function defaultStorage(options = {}) {
+  if (typeof globalThis === "undefined" || typeof globalThis.localStorage === "undefined") {
+    options.onDegrade?.("unavailable");
+    return createMemoryAdapter();
+  }
+  try {
+    const probeValue = String(Date.now());
+    globalThis.localStorage.setItem(PROBE_KEY, probeValue);
+    const read = globalThis.localStorage.getItem(PROBE_KEY);
+    globalThis.localStorage.removeItem(PROBE_KEY);
+    if (read !== probeValue) {
+      options.onDegrade?.("probe-failed");
+      return createMemoryAdapter();
+    }
+  } catch (error) {
+    options.onDegrade?.("probe-failed", error);
+    return createMemoryAdapter();
+  }
+  return createLocalStorageAdapter(options);
+}
+
 // src/types.ts
 var AUTH_ERROR_CODES = {
   SESSION_CREATE_FAILED: "SESSION_CREATE_FAILED",
@@ -935,24 +1328,42 @@ var AlbedoAdapter = class {
 };
 
 // src/client/session.ts
-var STORAGE_KEY = "pollar:session";
-var WALLET_TYPE_KEY = "pollar:walletType";
+var SESSION_SUFFIX = ":session";
+var WALLET_TYPE_SUFFIX = ":walletType";
+function sessionStorageKey(apiKeyHash) {
+  return `pollar:${apiKeyHash}${SESSION_SUFFIX}`;
+}
+function walletTypeStorageKey(apiKeyHash) {
+  return `pollar:${apiKeyHash}${WALLET_TYPE_SUFFIX}`;
+}
+var MAX_ACCESS_TOKEN = 4096;
+var MAX_REFRESH_TOKEN = 4096;
+var MAX_USER_ID = 64;
+var MAX_CLIENT_SESSION_ID = 64;
+var MAX_STATUS = 64;
+var MAX_WALLET_PUBLIC_KEY = 128;
+var MAX_WALLET_TYPE = 32;
+function isBoundedString(v, max, allowEmpty = false) {
+  if (typeof v !== "string") return false;
+  if (!allowEmpty && v.length === 0) return false;
+  return v.length <= max;
+}
 function isValidSession(value) {
   if (typeof value !== "object" || value === null) {
     console.warn("[PollarClient:session] Invalid session \u2014 value is not an object");
     return false;
   }
   const s = value;
-  if (typeof s["clientSessionId"] !== "string" || s["clientSessionId"] === "") {
-    console.warn("[PollarClient:session] Invalid session \u2014 clientSessionId missing or empty");
+  if (!isBoundedString(s["clientSessionId"], MAX_CLIENT_SESSION_ID)) {
+    console.warn("[PollarClient:session] Invalid session \u2014 clientSessionId missing/empty/too long");
     return false;
   }
-  if (s["userId"] !== null && typeof s["userId"] !== "string") {
-    console.warn("[PollarClient:session] Invalid session \u2014 userId must be string or null, got:", typeof s["userId"]);
+  if (s["userId"] !== null && !isBoundedString(s["userId"], MAX_USER_ID)) {
+    console.warn("[PollarClient:session] Invalid session \u2014 userId must be string|null");
     return false;
   }
-  if (typeof s["status"] !== "string") {
-    console.warn("[PollarClient:session] Invalid session \u2014 status must be string, got:", typeof s["status"]);
+  if (!isBoundedString(s["status"], MAX_STATUS)) {
+    console.warn("[PollarClient:session] Invalid session \u2014 status must be string");
     return false;
   }
   const token = s["token"];
@@ -961,12 +1372,12 @@ function isValidSession(value) {
     return false;
   }
   const t = token;
-  if (typeof t["accessToken"] !== "string" || t["accessToken"] === "") {
-    console.warn("[PollarClient:session] Invalid session \u2014 token.accessToken missing or empty");
+  if (!isBoundedString(t["accessToken"], MAX_ACCESS_TOKEN)) {
+    console.warn("[PollarClient:session] Invalid session \u2014 token.accessToken missing/empty/too long");
     return false;
   }
-  if (typeof t["refreshToken"] !== "string" || t["refreshToken"] === "") {
-    console.warn("[PollarClient:session] Invalid session \u2014 token.refreshToken missing or empty");
+  if (!isBoundedString(t["refreshToken"], MAX_REFRESH_TOKEN)) {
+    console.warn("[PollarClient:session] Invalid session \u2014 token.refreshToken missing/empty/too long");
     return false;
   }
   if (typeof t["expiresAt"] !== "number" || !Number.isFinite(t["expiresAt"])) {
@@ -979,12 +1390,12 @@ function isValidSession(value) {
     return false;
   }
   const u = user;
-  if (u["id"] !== void 0 && typeof u["id"] !== "string") {
-    console.warn("[PollarClient:session] Invalid session \u2014 user.id must be string if present, got:", typeof u["id"]);
+  if (u["id"] !== void 0 && !isBoundedString(u["id"], MAX_USER_ID)) {
+    console.warn("[PollarClient:session] Invalid session \u2014 user.id must be string if present");
     return false;
   }
   if (typeof u["ready"] !== "boolean") {
-    console.warn("[PollarClient:session] Invalid session \u2014 user.ready must be boolean, got:", typeof u["ready"]);
+    console.warn("[PollarClient:session] Invalid session \u2014 user.ready must be boolean");
     return false;
   }
   const wallet = s["wallet"];
@@ -993,11 +1404,8 @@ function isValidSession(value) {
     return false;
   }
   const w = wallet;
-  if (w["publicKey"] !== null && typeof w["publicKey"] !== "string") {
-    console.warn(
-      "[PollarClient:session] Invalid session \u2014 wallet.publicKey must be string or null, got:",
-      typeof w["publicKey"]
-    );
+  if (w["publicKey"] !== null && !isBoundedString(w["publicKey"], MAX_WALLET_PUBLIC_KEY)) {
+    console.warn("[PollarClient:session] Invalid session \u2014 wallet.publicKey must be string|null");
     return false;
   }
   if (w["existsOnStellar"] !== void 0 && typeof w["existsOnStellar"] !== "boolean") {
@@ -1008,78 +1416,43 @@ function isValidSession(value) {
     console.warn("[PollarClient:session] Invalid session \u2014 wallet.createdAt must be a finite number if present");
     return false;
   }
-  const data = s["data"];
-  if (typeof data !== "object" || data === null) {
-    console.warn("[PollarClient:session] Invalid session \u2014 data missing or not an object");
-    return false;
-  }
-  const d = data;
-  for (const field of ["mail", "first_name", "last_name", "avatar"]) {
-    if (typeof d[field] !== "string") {
-      console.warn(`[PollarClient:session] Invalid session \u2014 data.${field} must be string, got:`, typeof d[field]);
-      return false;
-    }
-  }
-  const providers = d["providers"];
-  if (typeof providers !== "object" || providers === null) {
-    console.warn("[PollarClient:session] Invalid session \u2014 data.providers missing or not an object");
-    return false;
-  }
-  const p = providers;
-  const providerInnerField = { email: "address", google: "id", github: "id", wallet: "address" };
-  for (const [field, innerField] of Object.entries(providerInnerField)) {
-    const v = p[field];
-    if (v === null) continue;
-    if (typeof v !== "object") {
-      console.warn(`[PollarClient:session] Invalid session \u2014 data.providers.${field} must be object or null, got:`, typeof v);
-      return false;
-    }
-    const vObj = v;
-    if (typeof vObj[innerField] !== "string" || vObj[innerField] === "") {
-      console.warn(`[PollarClient:session] Invalid session \u2014 data.providers.${field}.${innerField} must be a non-empty string`);
-      return false;
-    }
-  }
   return true;
 }
-function readStorage() {
-  const raw = localStorage.getItem(STORAGE_KEY);
-  if (!raw) {
-    return null;
-  }
+async function readStorage(storage, apiKeyHash) {
+  const raw = await storage.get(sessionStorageKey(apiKeyHash));
+  if (!raw) return null;
   try {
     const session = JSON.parse(raw);
     if (!isValidSession(session)) {
-      localStorage.removeItem(STORAGE_KEY);
+      await storage.remove(sessionStorageKey(apiKeyHash));
       console.warn("[PollarClient:session] Stored session is invalid \u2014 clearing storage");
       return null;
     }
     if (session.token.expiresAt * 1e3 < Date.now()) {
-      localStorage.removeItem(STORAGE_KEY);
-      console.warn("[PollarClient:session] Session token has expired \u2014 clearing storage");
-      return null;
+      return session;
     }
     return session;
   } catch (error) {
     console.error("[PollarClient:session] Failed to parse session from storage", error);
-    localStorage.removeItem(STORAGE_KEY);
+    await storage.remove(sessionStorageKey(apiKeyHash));
     return null;
   }
 }
-function writeStorage(session) {
-  localStorage.setItem(STORAGE_KEY, JSON.stringify(session));
-  console.info("[PollarClient:session] Session written to storage");
+async function writeStorage(storage, apiKeyHash, session) {
+  await storage.set(sessionStorageKey(apiKeyHash), JSON.stringify(session));
 }
-function removeStorage() {
-  localStorage.removeItem(STORAGE_KEY);
-  localStorage.removeItem(WALLET_TYPE_KEY);
-  console.info("[PollarClient:session] Session removed from storage");
+async function removeStorage(storage, apiKeyHash) {
+  await storage.remove(sessionStorageKey(apiKeyHash));
+  await storage.remove(walletTypeStorageKey(apiKeyHash));
 }
-function writeWalletType(type) {
-  localStorage.setItem(WALLET_TYPE_KEY, type);
+async function writeWalletType(storage, apiKeyHash, type) {
+  if (type.length > MAX_WALLET_TYPE) {
+    throw new Error(`[PollarClient:session] walletType too long: ${type.length} > ${MAX_WALLET_TYPE}`);
+  }
+  await storage.set(walletTypeStorageKey(apiKeyHash), type);
 }
-function readWalletType() {
-  return localStorage.getItem(WALLET_TYPE_KEY);
+async function readWalletType(storage, apiKeyHash) {
+  return storage.get(walletTypeStorageKey(apiKeyHash));
 }
 
 // src/client/stream.ts
@@ -1096,7 +1469,14 @@ function abortableDelay(ms, signal) {
     );
   });
 }
+var MAX_BACKOFF_MS = 5e3;
 async function streamUntilFound(api, clientSessionId, check, retryDelayMs = 200, signal) {
+  let backoff = retryDelayMs;
+  const sleep = async (ms) => {
+    if (ms <= 0) return;
+    if (signal) await abortableDelay(ms, signal);
+    else await new Promise((r) => setTimeout(r, ms));
+  };
   while (true) {
     signal?.throwIfAborted();
     let data, error;
@@ -1111,13 +1491,14 @@ async function streamUntilFound(api, clientSessionId, check, retryDelayMs = 200,
       console.warn(e);
     }
     if (error || !data) {
-      if (signal) await abortableDelay(retryDelayMs, signal);
-      else await new Promise((r) => setTimeout(r, retryDelayMs));
+      await sleep(backoff);
+      backoff = Math.min(backoff * 2, MAX_BACKOFF_MS);
       continue;
     }
     const reader = data.getReader();
     const decoder = new TextDecoder();
     let streamDone = false;
+    let sawAnyChunk = false;
     try {
       while (true) {
         signal?.throwIfAborted();
@@ -1126,6 +1507,7 @@ async function streamUntilFound(api, clientSessionId, check, retryDelayMs = 200,
           streamDone = true;
           break;
         }
+        sawAnyChunk = true;
         const chunk = decoder.decode(value);
         for (const message of chunk.split("\n\n").filter(Boolean)) {
           const dataLine = message.split("\n").find((l) => l.startsWith("data:"));
@@ -1145,11 +1527,10 @@ async function streamUntilFound(api, clientSessionId, check, retryDelayMs = 200,
     } finally {
       reader.releaseLock();
     }
-    const delay = streamDone ? retryDelayMs : 0;
-    if (delay) {
-      if (signal) await abortableDelay(delay, signal);
-      else await new Promise((r) => setTimeout(r, delay));
-    }
+    if (sawAnyChunk) backoff = retryDelayMs;
+    else backoff = Math.min(backoff * 2, MAX_BACKOFF_MS);
+    const delay = streamDone ? backoff : 0;
+    if (delay) await sleep(delay);
   }
 }
 
@@ -1158,8 +1539,13 @@ async function authenticate(clientSessionId, deps, expectedWallet) {
   const { api, signal, setAuthState, storeSession, clearSession } = deps;
   setAuthState({ step: "authenticating" });
   await streamUntilFound(api, clientSessionId, (data2) => data2?.status === "READY", 200, signal);
+  const dpopJwk = await deps.getPublicJwk();
   const { data, error } = await api.POST("/auth/login", {
-    body: { clientSessionId },
+    body: {
+      clientSessionId,
+      dpopJwk,
+      ...deps.deviceLabel ? { deviceLabel: deps.deviceLabel } : {}
+    },
     signal
   });
   if (data?.code === "SDK_LOGIN_SUCCESS" && isValidSession(data?.content)) {
@@ -1269,9 +1655,17 @@ async function verifyAndAuthenticate(code, clientSessionId, email, deps) {
 }
 
 // src/client/auth/oauthFlow.ts
+function severOpener(popup) {
+  if (!popup) return;
+  try {
+    popup.opener = null;
+  } catch {
+  }
+}
 async function loginOAuth(provider, deps) {
   const { setAuthState, basePath, apiKey } = deps;
   const popup = window.open("about:blank", "_blank");
+  severOpener(popup);
   const clientSessionId = await createAuthSession(deps);
   if (!clientSessionId) {
     popup?.close();
@@ -1284,8 +1678,9 @@ async function loginOAuth(provider, deps) {
   url.searchParams.set("redirect_uri", window.location.origin);
   if (popup) {
     popup.location.href = url.toString();
+    severOpener(popup);
   } else {
-    window.open(url.toString(), "_blank");
+    window.open(url.toString(), "_blank", "noopener,noreferrer");
   }
   await authenticate(clientSessionId, deps);
 }
@@ -1310,7 +1705,7 @@ async function loginWallet(type, deps) {
   let connectedWallet;
   try {
     setAuthState({ step: "connecting_wallet", walletType: type });
-    const adapter = type === "freighter" /* FREIGHTER */ ? new FreighterAdapter() : new AlbedoAdapter();
+    const adapter = await deps.resolveWalletAdapter(type);
     const available = await withSignal(adapter.isAvailable(), signal);
     if (!available) {
       setAuthState({ step: "wallet_not_installed", walletType: type });
@@ -1347,6 +1742,7 @@ async function loginWallet(type, deps) {
 
 // src/client/client.ts
 var isBrowser = typeof window !== "undefined" && typeof localStorage !== "undefined";
+var RETRIED_HEADER = "X-Pollar-Retried";
 function warnServerSide(method) {
   console.warn(
     `[PollarClient] ${method}() called server-side \u2014 browser APIs unavailable. Use PollarClient only in Client Components.`
@@ -1354,7 +1750,19 @@ function warnServerSide(method) {
 }
 var PollarClient = class {
   constructor(config) {
+    /**
+     * Per-API-key storage namespace. Computed asynchronously inside
+     * `_initialize()` because SHA-256 lives behind `crypto.subtle.digest`.
+     * Accessing `apiKeyHash` before `await client.ready()` throws.
+     */
+    this._apiKeyHash = null;
     this._session = null;
+    this._profile = null;
+    /** Last `DPoP-Nonce` we saw from a server response. Carried into the next proof. */
+    this._dpopNonce = null;
+    /** Singleton in-flight refresh — concurrent 401s coalesce into one /auth/refresh call. */
+    this._refreshPromise = null;
+    this._storageEventHandler = null;
     this._transactionState = null;
     this._transactionStateListeners = /* @__PURE__ */ new Set();
     this._txHistoryState = { step: "idle" };
@@ -1370,33 +1778,197 @@ var PollarClient = class {
     this.apiKey = config.apiKey;
     this.id = crypto.randomUUID();
     this.basePath = `${config.baseUrl || "https://sdk.api.pollar.xyz"}/v1`;
+    this._storage = config.storage ?? defaultStorage(config.onStorageDegrade ? { onDegrade: config.onStorageDegrade } : void 0);
+    this._keyManager = config.keyManager ?? defaultKeyManager(this._storage, config.apiKey);
+    this._walletAdapterResolver = config.walletAdapter ?? null;
+    this._deviceLabel = config.deviceLabel;
     this._api = createApiClient(this.basePath);
+    this._wireMiddlewares();
+    this._networkState = { step: "connected", network: config.stellarNetwork ?? "testnet" };
+    if (!isBrowser) {
+      warnServerSide("constructor");
+      this._initialized = Promise.resolve();
+      return;
+    }
+    console.info(`[PollarClient] Initialized \u2014 endpoint: ${this.basePath}, network: ${this._networkState.network}`);
+    this._initialized = this._initialize();
+  }
+  /**
+   * Short SHA-256-derived namespace for this client's persisted state.
+   * Available after `await client.ready()` (or any awaited method); throws
+   * if read before initialization completes.
+   */
+  get apiKeyHash() {
+    if (this._apiKeyHash === null) {
+      throw new Error("[PollarClient] apiKeyHash is not available until client.ready() resolves");
+    }
+    return this._apiKeyHash;
+  }
+  /** Awaitable handle for the initial keypair + session restore. */
+  ready() {
+    return this._initialized;
+  }
+  // ─── Lifecycle ────────────────────────────────────────────────────────────
+  async _initialize() {
+    this._apiKeyHash = await hashApiKey(this.apiKey);
+    if (typeof window !== "undefined") {
+      const sessionKey = sessionStorageKey(this._apiKeyHash);
+      const handler = (e) => {
+        if (e.key === sessionKey) {
+          this._restoreSession().catch((err) => console.error("[PollarClient] Cross-tab restore failed", err));
+        }
+      };
+      window.addEventListener("storage", handler);
+      this._storageEventHandler = handler;
+    }
+    try {
+      await this._keyManager.init();
+    } catch (err) {
+      console.warn("[PollarClient] KeyManager init failed; DPoP unavailable for this session", err);
+    }
+    await this._restoreSession();
+  }
+  /** Detach the cross-tab storage listener and abort any in-flight login. */
+  destroy() {
+    if (this._storageEventHandler && typeof window !== "undefined") {
+      window.removeEventListener("storage", this._storageEventHandler);
+      this._storageEventHandler = null;
+    }
+    this._loginController?.abort();
+    this._loginController = null;
+  }
+  // ─── Middlewares (DPoP + auto-refresh) ────────────────────────────────────
+  _wireMiddlewares() {
     const self = this;
     this._api.use({
-      onRequest({ request }) {
-        request.headers.set("x-pollar-api-key", config.apiKey);
+      onRequest: async ({ request }) => {
+        request.headers.set("x-pollar-api-key", self.apiKey);
+        await self._initialized;
+        const isRefresh = request.url.includes("/auth/refresh");
+        if (!isRefresh && self._refreshPromise) await self._refreshPromise;
+        if (isRefresh) {
+          const refreshProof = await self._buildProofForRequest(request, void 0);
+          if (refreshProof) request.headers.set("DPoP", refreshProof);
+          return request;
+        }
         const accessToken = self._session?.token?.accessToken;
-        if (accessToken) {
+        if (!accessToken) return request;
+        const proof = await self._buildProofForRequest(request, accessToken);
+        if (proof) {
+          request.headers.set("Authorization", `DPoP ${accessToken}`);
+          request.headers.set("DPoP", proof);
+        } else {
           request.headers.set("Authorization", `Bearer ${accessToken}`);
         }
         return request;
+      },
+      onResponse: async ({ request, response }) => {
+        const newNonce = response.headers.get("DPoP-Nonce");
+        if (newNonce) self._dpopNonce = newNonce;
+        if (response.status !== 401) return response;
+        if (request.headers.get(RETRIED_HEADER)) return response;
+        if (request.url.includes("/auth/refresh")) return response;
+        const wwwAuth = response.headers.get("WWW-Authenticate") ?? "";
+        const isNonceChallenge = wwwAuth.includes("use_dpop_nonce");
+        if (!isNonceChallenge) {
+          try {
+            await self.refresh();
+          } catch {
+            return response;
+          }
+        }
+        return self._retryRequest(request);
       }
     });
-    this._networkState = { step: "connected", network: config.stellarNetwork ?? "testnet" };
-    if (!isBrowser) {
-      warnServerSide("constructor");
-      this._session = null;
-      return;
+  }
+  async _buildProofForRequest(request, accessToken) {
+    try {
+      const htu = request.url.split("?")[0].split("#")[0];
+      return await buildProof(
+        {
+          htm: request.method,
+          htu,
+          ...accessToken ? { accessToken } : {},
+          ...this._dpopNonce !== null ? { nonce: this._dpopNonce } : {}
+        },
+        this._keyManager
+      );
+    } catch (err) {
+      console.warn("[PollarClient] DPoP proof build failed", err);
+      return null;
     }
-    console.info(`[PollarClient] Initialized \u2014 endpoint: ${this.basePath}, network: ${this._networkState.network}`);
-    this._restoreSession();
-    window.addEventListener("storage", (e) => {
-      if (e.key === STORAGE_KEY) {
-        const prev = this._session;
-        console.info(`[PollarClient] Storage event \u2014 session ${this._session ? "updated" : prev ? "cleared" : "unchanged"}`);
-        this._restoreSession();
+  }
+  async _retryRequest(originalRequest) {
+    const clone = originalRequest.clone();
+    clone.headers.set(RETRIED_HEADER, "1");
+    const accessToken = this._session?.token?.accessToken;
+    if (accessToken) {
+      const proof = await this._buildProofForRequest(clone, accessToken);
+      if (proof) {
+        clone.headers.set("Authorization", `DPoP ${accessToken}`);
+        clone.headers.set("DPoP", proof);
+      } else {
+        clone.headers.set("Authorization", `Bearer ${accessToken}`);
       }
+    }
+    return fetch(clone);
+  }
+  // ─── Refresh (race-safe singleton) ───────────────────────────────────────
+  /**
+   * Coalesce concurrent refresh attempts. The first caller does the work;
+   * everyone else awaits the same promise and sees the new tokens.
+   */
+  refresh() {
+    if (this._refreshPromise) return this._refreshPromise;
+    this._refreshPromise = this._doRefresh().finally(() => {
+      this._refreshPromise = null;
     });
+    return this._refreshPromise;
+  }
+  async _doRefresh() {
+    const refreshToken = this._session?.token?.refreshToken;
+    if (!refreshToken) {
+      console.warn("[PollarClient] Refresh skipped: no refresh token in session");
+      await this._clearSession();
+      throw new Error("No refresh token available");
+    }
+    let data;
+    let error;
+    try {
+      const response = await this._api.POST("/auth/refresh", { body: { refreshToken } });
+      data = response.data;
+      error = response.error;
+    } catch (err) {
+      console.error("[PollarClient] /auth/refresh request threw", err);
+      await this._clearSession();
+      throw err;
+    }
+    if (error || !data) {
+      console.warn("[PollarClient] /auth/refresh returned error", { error });
+      await this._clearSession();
+      throw new Error("Refresh failed");
+    }
+    const successData = data;
+    if (!successData.success || !successData.content?.token) {
+      console.warn("[PollarClient] /auth/refresh response malformed", successData);
+      await this._clearSession();
+      throw new Error("Refresh response malformed");
+    }
+    const newToken = successData.content.token;
+    if (typeof newToken.accessToken !== "string" || typeof newToken.refreshToken !== "string" || typeof newToken.expiresAt !== "number") {
+      console.warn("[PollarClient] /auth/refresh token shape invalid", newToken);
+      await this._clearSession();
+      throw new Error("Refresh response token shape invalid");
+    }
+    if (this._session) {
+      try {
+        this._session = { ...this._session, token: newToken };
+        await writeStorage(this._storage, this.apiKeyHash, this._session);
+        console.info("[PollarClient] Tokens refreshed");
+      } catch (err) {
+        console.error("[PollarClient] Failed to persist refreshed session", err);
+      }
+    }
   }
   // ─── Auth state ──────────────────────────────────────────────────────────────
   getAuthState() {
@@ -1407,6 +1979,10 @@ var PollarClient = class {
     cb(this._authState);
     return () => this._authStateListeners.delete(cb);
   }
+  /** PII (email, names, avatar, providers). Held in memory only — never persisted. */
+  getUserProfile() {
+    return this._profile;
+  }
   // ─── Login (unified entry point) ─────────────────────────────────────────
   login(options) {
     if (!isBrowser) {
@@ -1488,13 +2064,80 @@ var PollarClient = class {
     this._setAuthState({ step: "idle" });
   }
   // ─── Logout ───────────────────────────────────────────────────────────────
-  logout() {
+  /**
+   * Revoke the current session server-side, then clear local storage.
+   *
+   * Server revocation is best-effort: if the POST fails (offline, server
+   * down), local state is wiped regardless. The orphan refresh token then
+   * remains unused until its natural expiry. The in-flight access token
+   * stays valid until its own TTL elapses (≤10 min for DPoP-bound tokens).
+   *
+   * Pass `everywhere: true` to revoke every active session for this user
+   * across all devices.
+   */
+  async logout(options = {}) {
     if (!isBrowser) {
       warnServerSide("logout");
       return;
     }
-    console.info("[PollarClient] Logout requested");
-    this._clearSession();
+    console.info("[PollarClient] Logout requested", { everywhere: !!options.everywhere });
+    if (this._session?.token?.accessToken) {
+      try {
+        await this._api.POST("/auth/logout", {
+          body: options.everywhere ? { everywhere: true } : {}
+        });
+      } catch (err) {
+        console.warn("[PollarClient] Server logout failed (continuing with local clear)", err);
+      }
+    }
+    try {
+      await this._clearSession();
+    } catch (err) {
+      console.warn("[PollarClient] Local logout cleanup failed", err);
+    }
+  }
+  /** Convenience: revoke every active session for this user (all devices). */
+  logoutEverywhere() {
+    return this.logout({ everywhere: true });
+  }
+  /**
+   * List active sessions for the authenticated user. Returns one entry per
+   * refresh-token family with the metadata captured at issuance time. The
+   * `current` flag identifies which entry corresponds to this client.
+   */
+  async listSessions() {
+    if (!isBrowser) {
+      warnServerSide("listSessions");
+      return [];
+    }
+    if (!this._session?.token?.accessToken) {
+      throw new Error("[PollarClient] listSessions requires an authenticated session");
+    }
+    const { data, error } = await this._api.GET("/auth/sessions");
+    if (error || !data?.success) {
+      throw new Error("[PollarClient] Failed to list sessions");
+    }
+    return data.content.sessions;
+  }
+  /**
+   * Revoke a specific refresh-token family (a single device session). Use
+   * `listSessions` to enumerate the familyIds. Revoking the current session
+   * does NOT clear local state — call `logout()` for that case.
+   */
+  async revokeSession(familyId) {
+    if (!isBrowser) {
+      warnServerSide("revokeSession");
+      return;
+    }
+    if (!this._session?.token?.accessToken) {
+      throw new Error("[PollarClient] revokeSession requires an authenticated session");
+    }
+    const { error } = await this._api.DELETE("/auth/sessions/{familyId}", {
+      params: { path: { familyId } }
+    });
+    if (error) {
+      throw new Error("[PollarClient] Failed to revoke session");
+    }
   }
   // ─── Network ──────────────────────────────────────────────────────────────
   getNetwork() {
@@ -1603,10 +2246,9 @@ var PollarClient = class {
   async signAndSubmitTx(unsignedXdr) {
     const state = this._transactionState;
     const buildData = state?.step === "built" ? state.buildData : state?.step === "error" ? state.buildData : void 0;
-    const isBuiltFlow = !!buildData;
     const stateExtra = buildData ? { buildData } : { external: true };
     this._setTransactionState({ step: "signing", ...stateExtra });
-    const accountToSign = isBuiltFlow ? this._session?.wallet?.publicKey : this._session?.data?.providers?.wallet?.address ?? this._session?.wallet?.publicKey;
+    const accountToSign = this._session?.wallet?.publicKey;
     if (this._walletAdapter) {
       try {
         const signOpts = accountToSign ? { networkPassphrase: this._networkPassphrase(), accountToSign } : { networkPassphrase: this._networkPassphrase() };
@@ -1691,13 +2333,11 @@ var PollarClient = class {
     for (const cb of this._walletBalanceStateListeners) cb(next);
   }
   // ─── Private ──────────────────────────────────────────────────────────────
-  /** Creates a new AbortController, cancelling any existing flow first. */
   _newController() {
     this._loginController?.abort();
     this._loginController = new AbortController();
     return this._loginController;
   }
-  /** Builds the deps object passed to flow functions via bind pattern. */
   _flowDeps(signal) {
     return {
       api: this._api,
@@ -1705,12 +2345,31 @@ var PollarClient = class {
       setAuthState: this._setAuthState.bind(this),
       storeSession: this._storeSession.bind(this),
       clearSession: this._clearSession.bind(this),
-      storeWalletAdapter: (adapter, type) => {
+      getPublicJwk: () => this._keyManager.getPublicJwk(),
+      resolveWalletAdapter: (id) => this._resolveWalletAdapter(id),
+      storeWalletAdapter: async (adapter, id) => {
         this._walletAdapter = adapter;
-        writeWalletType(type);
-      }
+        await writeWalletType(this._storage, this.apiKeyHash, id);
+      },
+      ...this._deviceLabel ? { deviceLabel: this._deviceLabel } : {}
     };
   }
+  /**
+   * Resolves a wallet adapter for the requested id. Uses the consumer's
+   * injected `walletAdapter` resolver when present; otherwise falls back to
+   * the built-in `FreighterAdapter` / `AlbedoAdapter`. Throws if the id is
+   * unknown and no resolver is configured.
+   */
+  async _resolveWalletAdapter(id) {
+    if (this._walletAdapterResolver) {
+      return Promise.resolve(this._walletAdapterResolver(id));
+    }
+    if (id === "freighter" /* FREIGHTER */) return new FreighterAdapter();
+    if (id === "albedo" /* ALBEDO */) return new AlbedoAdapter();
+    throw new Error(
+      `[PollarClient] No wallet adapter configured for "${id}". Pass a walletAdapter resolver in PollarClientConfig.`
+    );
+  }
   _handleFlowError(error) {
     if (error instanceof Error && error.name === "AbortError") {
       console.info("[PollarClient] Login cancelled");
@@ -1725,34 +2384,58 @@ var PollarClient = class {
       errorCode: AUTH_ERROR_CODES.UNEXPECTED_ERROR
     });
   }
-  _restoreSession() {
-    this._session = readStorage();
+  async _restoreSession() {
+    this._session = await readStorage(this._storage, this.apiKeyHash);
     if (this._session) {
-      this._authState = { step: "authenticated", session: this._session };
-      if (this._session.data?.providers?.wallet?.address) {
-        const storedType = readWalletType();
-        if (storedType === "freighter" /* FREIGHTER */) {
-          this._walletAdapter = new FreighterAdapter();
-        } else if (storedType === "albedo" /* ALBEDO */) {
-          this._walletAdapter = new AlbedoAdapter();
+      const storedType = await readWalletType(this._storage, this.apiKeyHash);
+      if (storedType) {
+        try {
+          this._walletAdapter = await this._resolveWalletAdapter(storedType);
+        } catch (err) {
+          console.warn("[PollarClient] Could not restore wallet adapter for stored id", { id: storedType, err });
         }
       }
       console.info("[PollarClient] Session restored from storage");
+      this._setAuthState({ step: "authenticated", session: this._session });
     } else {
       console.info("[PollarClient] No session in storage");
     }
   }
-  _storeSession(session) {
-    console.info(`[PollarClient] Session stored \u2014 user: ${session.userId ?? "anonymous"}`);
-    this._session = session;
-    writeStorage(session);
-    this._setAuthState({ step: "authenticated", session });
+  async _storeSession(session) {
+    console.info("[PollarClient] Session stored");
+    const persisted = {
+      clientSessionId: session.clientSessionId,
+      userId: session.userId ?? null,
+      status: session.status,
+      token: session.token,
+      user: session.user,
+      wallet: session.wallet
+    };
+    this._session = persisted;
+    if (session.data) {
+      this._profile = {
+        mail: session.data.mail,
+        first_name: session.data.first_name,
+        last_name: session.data.last_name,
+        avatar: session.data.avatar,
+        providers: session.data.providers
+      };
+    }
+    await writeStorage(this._storage, this.apiKeyHash, persisted);
+    this._setAuthState({ step: "authenticated", session: persisted });
   }
-  _clearSession() {
+  async _clearSession() {
     console.info("[PollarClient] Session cleared");
     this._session = null;
+    this._profile = null;
     this._walletAdapter = null;
-    removeStorage();
+    this._dpopNonce = null;
+    try {
+      await this._keyManager.reset();
+    } catch (err) {
+      console.warn("[PollarClient] KeyManager reset failed during clearSession", err);
+    }
+    await removeStorage(this._storage, this.apiKeyHash);
     this._transactionState = null;
     this._setAuthState({ step: "idle" });
   }
@@ -1777,19 +2460,31 @@ var PollarClient = class {
   }
 };
 
+// src/index.ts
+_setDefaultKeyManagerFactory((_storage, apiKey) => new WebCryptoKeyManager(apiKey));
+
 exports.AUTH_ERROR_CODES = AUTH_ERROR_CODES;
 exports.AlbedoAdapter = AlbedoAdapter;
 exports.FreighterAdapter = FreighterAdapter;
 exports.PollarClient = PollarClient;
 exports.StellarClient = StellarClient;
 exports.WalletType = WalletType;
+exports.WebCryptoKeyManager = WebCryptoKeyManager;
+exports.buildProof = buildProof;
+exports.canonicalEcJwk = canonicalEcJwk;
+exports.computeJwkThumbprint = computeJwkThumbprint;
+exports.createLocalStorageAdapter = createLocalStorageAdapter;
+exports.createMemoryAdapter = createMemoryAdapter;
 exports.createOffRamp = createOffRamp;
 exports.createOnRamp = createOnRamp;
+exports.defaultKeyManager = defaultKeyManager;
+exports.defaultStorage = defaultStorage;
 exports.getKycProviders = getKycProviders;
 exports.getKycStatus = getKycStatus;
 exports.getRampTransaction = getRampTransaction;
 exports.getRampsQuote = getRampsQuote;
 exports.isValidSession = isValidSession;
+exports.normalizeHtu = normalizeHtu;
 exports.pollKycStatus = pollKycStatus;
 exports.pollRampTransaction = pollRampTransaction;
 exports.resolveKyc = resolveKyc;