@pollar/core 0.9.0-rc.4 → 0.9.1-rc.0

package/dist/index.mjs

@@ -1083,6 +1083,17 @@ function createLogger(level = "info", sink = console) {
   return { error: gate("error"), warn: gate("warn"), info: gate("info"), debug: gate("debug") };
 }
 
+// src/lib/logging.ts
+var SENSITIVE_BODY_KEYS = /* @__PURE__ */ new Set(["email", "code", "walletAddress", "dpopJwk", "response", "refreshToken"]);
+function redactBody(body) {
+  if (!body || typeof body !== "object") return body;
+  const out = {};
+  for (const [key, value] of Object.entries(body)) {
+    out[key] = SENSITIVE_BODY_KEYS.has(key) ? "[redacted]" : value;
+  }
+  return out;
+}
+
 // src/storage/web.ts
 var LOG_PREFIX = "[PollarClient:storage]";
 function createMemoryAdapter() {
@@ -1171,7 +1182,7 @@ function defaultStorage(options = {}) {
 }
 
 // src/version.ts
-var POLLAR_CORE_VERSION = "0.9.0-rc.4" ;
+var POLLAR_CORE_VERSION = "0.9.1-rc.0" ;
 
 // src/visibility/noop.ts
 function createNoopVisibilityProvider() {
@@ -1343,10 +1354,13 @@ function openAlbedoPopup(url) {
 }
 function waitForAlbedoPopup() {
   return new Promise((resolve, reject) => {
-    const timeout = setTimeout(() => {
-      window.removeEventListener("message", handler);
-      reject(new Error("Albedo response timeout"));
-    }, 2 * 60 * 1e3);
+    const timeout = setTimeout(
+      () => {
+        window.removeEventListener("message", handler);
+        reject(new Error("Albedo response timeout"));
+      },
+      2 * 60 * 1e3
+    );
     function handler(event) {
       if (event.origin !== window.location.origin || event.data?.type !== "ALBEDO_RESULT") return;
       clearTimeout(timeout);
@@ -1706,6 +1720,16 @@ function waitForSessionReady(args) {
   return useStreaming ? streamUntilFound(api, clientSessionId, check, retryDelayMs ?? 200, signal, logger) : pollUntilFound(baseUrl, clientSessionId, check, retryDelayMs ?? 500, signal, logger);
 }
 
+// src/client/auth/logging.ts
+function logApiError(logger, route, detail = {}, level = "error") {
+  const { body, error, data } = detail;
+  logger[level](`[PollarClient:auth] ${route} failed`, {
+    route,
+    ...body !== void 0 ? { body: redactBody(body) } : {},
+    cause: error ?? data
+  });
+}
+
 // src/client/auth/authenticate.ts
 async function authenticate(clientSessionId, deps, expectedWallet) {
   const { api, logger, basePath, useStreaming, signal, setAuthState, storeSession, clearSession } = deps;
@@ -1723,6 +1747,7 @@ async function authenticate(clientSessionId, deps, expectedWallet) {
   } catch (err) {
     if (err instanceof SessionStatusError) {
       const expired = err.code === "EXPIRED_CLIENT_ID";
+      logApiError(logger, "session status", { data: err });
       setAuthState({
         step: "error",
         previousStep: "authenticating",
@@ -1735,14 +1760,12 @@ async function authenticate(clientSessionId, deps, expectedWallet) {
     throw err;
   }
   const dpopJwk = await deps.getPublicJwk();
-  const { data } = await api.POST("/auth/login", {
-    body: {
-      clientSessionId,
-      dpopJwk,
-      ...deps.deviceLabel ? { deviceLabel: deps.deviceLabel } : {}
-    },
-    signal
-  });
+  const body = {
+    clientSessionId,
+    dpopJwk,
+    ...deps.deviceLabel ? { deviceLabel: deps.deviceLabel } : {}
+  };
+  const { data, error } = await api.POST("/auth/login", { body, signal });
   if (data?.code === "SDK_LOGIN_SUCCESS" && isValidSession(data?.content, logger)) {
     const sessionWallet = data.content.data?.providers?.wallet?.address;
     if (expectedWallet && sessionWallet !== expectedWallet) {
@@ -1757,6 +1780,7 @@ async function authenticate(clientSessionId, deps, expectedWallet) {
     }
     await storeSession(data.content);
   } else {
+    if (!error) logApiError(logger, "POST /auth/login", { body, data });
     setAuthState({
       step: "error",
       previousStep: "authenticating",
@@ -1769,10 +1793,11 @@ async function authenticate(clientSessionId, deps, expectedWallet) {
 
 // src/client/auth/deps.ts
 async function createAuthSession(deps) {
-  const { api, signal, setAuthState } = deps;
+  const { api, logger, signal, setAuthState } = deps;
   setAuthState({ step: "creating_session" });
   const { data, error } = await api.POST("/auth/session", { signal });
   if (error || !data?.success) {
+    if (!error) logApiError(logger, "POST /auth/session", { data });
     setAuthState({
       step: "error",
       previousStep: "creating_session",
@@ -1791,13 +1816,12 @@ async function initEmailSession(deps) {
   deps.setAuthState({ step: "entering_email", clientSessionId });
 }
 async function sendEmailCode(email, clientSessionId, deps) {
-  const { api, signal, setAuthState } = deps;
+  const { api, logger, signal, setAuthState } = deps;
   setAuthState({ step: "sending_email", email });
-  const { data, error } = await api.POST("/auth/email", {
-    body: { clientSessionId, email },
-    signal
-  });
+  const body = { clientSessionId, email };
+  const { data, error } = await api.POST("/auth/email", { body, signal });
   if (error || !data?.success) {
+    if (!error) logApiError(logger, "POST /auth/email", { body, data });
     setAuthState({
       step: "error",
       previousStep: "sending_email",
@@ -1809,18 +1833,17 @@ async function sendEmailCode(email, clientSessionId, deps) {
   setAuthState({ step: "entering_code", clientSessionId, email });
 }
 async function verifyAndAuthenticate(code, clientSessionId, email, deps) {
-  const { api, signal, setAuthState } = deps;
+  const { api, logger, signal, setAuthState } = deps;
   setAuthState({ step: "verifying_email_code", clientSessionId, email });
-  const { data, error } = await api.POST("/auth/email/verify-code", {
-    body: { clientSessionId, code },
-    signal
-  });
+  const body = { clientSessionId, code };
+  const { data, error } = await api.POST("/auth/email/verify-code", { body, signal });
   if (data?.code === "SDK_EMAIL_CODE_VERIFIED") {
     await authenticate(clientSessionId, deps);
     return;
   }
   const errCode = error?.error ?? data?.code;
   if (errCode === "SDK_EMAIL_CODE_EXPIRED") {
+    if (!error) logApiError(logger, "POST /auth/email/verify-code", { body, data });
     setAuthState({
       step: "error",
       previousStep: "verifying_email_code",
@@ -1832,6 +1855,7 @@ async function verifyAndAuthenticate(code, clientSessionId, email, deps) {
     return;
   }
   if (errCode === "INVALID_EMAIL_CODE" || errCode === "SDK_EMAIL_CODE_INVALID") {
+    if (!error) logApiError(logger, "POST /auth/email/verify-code", { body, data });
     setAuthState({
       step: "error",
       previousStep: "verifying_email_code",
@@ -1842,6 +1866,7 @@ async function verifyAndAuthenticate(code, clientSessionId, email, deps) {
     });
     return;
   }
+  if (!error) logApiError(logger, "POST /auth/email/verify-code", { body, data });
   setAuthState({
     step: "error",
     previousStep: "verifying_email_code",
@@ -1891,10 +1916,73 @@ async function loginOAuth(provider, deps) {
   await authenticate(clientSessionId, deps);
 }
 
+// src/client/auth/errorMessages.ts
+var CATALOG = {
+  // ── Smart-account deploy / sponsor wallet ──────────────────────────────────
+  SPONSOR_NOT_FUNDED: {
+    message: "This app can't create your wallet yet \u2014 its sponsor account isn't funded. Please contact the app's developer.",
+    errorCode: AUTH_ERROR_CODES.PASSKEY_FAILED
+  },
+  APP_WALLET_NOT_FOUND: {
+    message: "This app isn't fully set up to create wallets yet. Please contact the app's developer.",
+    errorCode: AUTH_ERROR_CODES.PASSKEY_FAILED
+  },
+  WALLET_NOT_FOUND: {
+    message: "This app isn't fully set up to create wallets yet. Please contact the app's developer.",
+    errorCode: AUTH_ERROR_CODES.PASSKEY_FAILED
+  },
+  PASSKEY_DEPLOY_FAILED: {
+    message: "We couldn't finish creating your wallet. Please try again in a moment.",
+    errorCode: AUTH_ERROR_CODES.PASSKEY_FAILED
+  },
+  // ── Passkey ceremony ────────────────────────────────────────────────────────
+  PASSKEY_ALREADY_REGISTERED: {
+    message: "A passkey is already registered for this account. Try signing in instead.",
+    errorCode: AUTH_ERROR_CODES.PASSKEY_FAILED
+  },
+  PASSKEY_UNKNOWN_CREDENTIAL: {
+    message: "We don't recognize this passkey. Try creating a new one.",
+    errorCode: AUTH_ERROR_CODES.PASSKEY_FAILED
+  },
+  PASSKEY_VERIFICATION_FAILED: {
+    message: "We couldn't verify your passkey. Please try again.",
+    errorCode: AUTH_ERROR_CODES.PASSKEY_FAILED
+  },
+  PASSKEY_CHALLENGE_MISSING: {
+    message: "Your passkey session expired. Please start again.",
+    errorCode: AUTH_ERROR_CODES.PASSKEY_FAILED
+  },
+  // ── On-chain transaction failures (surfaced during deploy/transfer) ─────────
+  TX_INSUFFICIENT_BALANCE: {
+    message: "Insufficient balance to complete this transaction.",
+    errorCode: AUTH_ERROR_CODES.PASSKEY_FAILED
+  },
+  TX_DESTINATION_NOT_FOUND: {
+    message: "The destination account doesn't exist on the network yet.",
+    errorCode: AUTH_ERROR_CODES.PASSKEY_FAILED
+  },
+  TX_NO_TRUSTLINE: {
+    message: "The destination can't receive this asset yet (no trustline).",
+    errorCode: AUTH_ERROR_CODES.PASSKEY_FAILED
+  },
+  TX_BAD_SEQUENCE: {
+    message: "Something went out of sync. Please try again.",
+    errorCode: AUTH_ERROR_CODES.PASSKEY_FAILED
+  }
+};
+function resolveAuthError(code, fallbackMessage) {
+  if (code && CATALOG[code]) return CATALOG[code];
+  return { message: fallbackMessage, errorCode: AUTH_ERROR_CODES.PASSKEY_FAILED };
+}
+function extractErrorCode(error, data) {
+  return error?.code ?? data?.code ?? void 0;
+}
+
 // src/client/auth/passkeyFlow.ts
 async function smartWalletFlow(deps, mode) {
-  const { api, signal, setAuthState, passkey } = deps;
+  const { api, logger, signal, setAuthState, passkey } = deps;
   if (!passkey) {
+    logger.error("[PollarClient:auth] passkey ceremony not configured");
     setAuthState({
       step: "error",
       previousStep: "creating_session",
@@ -1906,38 +1994,44 @@ async function smartWalletFlow(deps, mode) {
   const clientSessionId = await createAuthSession(deps);
   if (!clientSessionId) return;
   try {
-    const { data: challengeData } = await api.POST("/auth/passkey/challenge", {
-      body: { clientSessionId },
+    const challengeBody = { clientSessionId };
+    const { data: challengeData, error: challengeError } = await api.POST("/auth/passkey/challenge", {
+      body: challengeBody,
       signal
     });
     const challenge = challengeData?.content?.challenge;
     if (!challengeData?.success || !challenge) {
-      return failPasskey(setAuthState, "Failed to start passkey");
+      if (!challengeError) logApiError(logger, "POST /auth/passkey/challenge", { body: challengeBody, data: challengeData });
+      return failPasskey(setAuthState, extractErrorCode(challengeError, challengeData), "Failed to start passkey");
     }
     setAuthState({ step: "creating_passkey" });
     const ceremony = await passkey({ challenge, mode });
     const response = ceremony.response;
     if (ceremony.kind === "register") {
       setAuthState({ step: "deploying_smart_account" });
-      const { data } = await api.POST("/auth/passkey/register", {
-        body: { clientSessionId, response },
-        signal
-      });
-      if (!data?.success) return failPasskey(setAuthState, "Passkey registration failed");
+      const body = { clientSessionId, response };
+      const { data, error } = await api.POST("/auth/passkey/register", { body, signal });
+      if (!data?.success) {
+        if (!error) logApiError(logger, "POST /auth/passkey/register", { body, data });
+        return failPasskey(setAuthState, extractErrorCode(error, data), "Passkey registration failed");
+      }
     } else {
-      const { data } = await api.POST("/auth/passkey/login", {
-        body: { clientSessionId, response },
-        signal
-      });
-      if (!data?.success) return failPasskey(setAuthState, "Passkey authentication failed");
+      const body = { clientSessionId, response };
+      const { data, error } = await api.POST("/auth/passkey/login", { body, signal });
+      if (!data?.success) {
+        if (!error) logApiError(logger, "POST /auth/passkey/login", { body, data });
+        return failPasskey(setAuthState, extractErrorCode(error, data), "Passkey authentication failed");
+      }
     }
-  } catch {
-    return failPasskey(setAuthState, "Passkey login failed");
+  } catch (err) {
+    logApiError(logger, "passkey ceremony", { error: err });
+    return failPasskey(setAuthState, void 0, "Passkey login failed");
   }
   await authenticate(clientSessionId, deps);
 }
-function failPasskey(setAuthState, message) {
-  setAuthState({ step: "error", previousStep: "creating_passkey", message, errorCode: AUTH_ERROR_CODES.PASSKEY_FAILED });
+function failPasskey(setAuthState, code, fallbackMessage) {
+  const { message, errorCode } = resolveAuthError(code, fallbackMessage);
+  setAuthState({ step: "error", previousStep: "creating_passkey", message, errorCode });
 }
 
 // src/client/auth/walletFlow.ts
@@ -1954,7 +2048,7 @@ function withSignal(promise, signal) {
   ]);
 }
 async function loginWallet(type, deps) {
-  const { api, signal, setAuthState } = deps;
+  const { api, logger, signal, setAuthState } = deps;
   const clientSessionId = await createAuthSession(deps);
   if (!clientSessionId) return;
   let connectedWallet;
@@ -1970,11 +2064,10 @@ async function loginWallet(type, deps) {
     connectedWallet = address;
     deps.storeWalletAdapter(adapter, type);
     setAuthState({ step: "authenticating_wallet" });
-    const { data: walletData, error: walletError } = await api.POST("/auth/wallet", {
-      body: { clientSessionId, walletAddress: address },
-      signal
-    });
+    const body = { clientSessionId, walletAddress: address };
+    const { data: walletData, error: walletError } = await api.POST("/auth/wallet", { body, signal });
     if (walletError || !walletData?.success) {
+      if (!walletError) logApiError(logger, "POST /auth/wallet", { body, data: walletData });
       setAuthState({
         step: "error",
         previousStep: "authenticating_wallet",
@@ -1983,7 +2076,8 @@ async function loginWallet(type, deps) {
       });
       return;
     }
-  } catch {
+  } catch (err) {
+    logApiError(logger, "wallet connect", { error: err });
     setAuthState({
       step: "error",
       previousStep: "connecting_wallet",
@@ -2189,28 +2283,77 @@ var PollarClient = class {
       onResponse: async ({ request, response }) => {
         const newNonce = response.headers.get("DPoP-Nonce");
         if (newNonce) self._dpopNonce = newNonce;
-        if (response.status !== 401) return response;
+        if (response.status !== 401) return self._logHttp(request, response);
         const wwwAuth = response.headers.get("WWW-Authenticate") ?? "";
         const isNonceChallenge = wwwAuth.includes("use_dpop_nonce");
         if (request.url.includes("/auth/refresh")) {
-          if (isNonceChallenge) return self._retryRequest(request);
-          return response;
+          if (isNonceChallenge) return self._logHttp(request, await self._retryRequest(request));
+          return self._logHttp(request, response);
         }
         if (!isNonceChallenge) {
           try {
             await self.refresh();
           } catch {
-            return response;
+            return self._logHttp(request, response);
           }
           const method = request.method.toUpperCase();
           if (method !== "GET" && method !== "HEAD") {
-            return response;
+            return self._logHttp(request, response);
           }
         }
-        return self._retryRequest(request);
+        return self._logHttp(request, await self._retryRequest(request));
       }
     });
   }
+  /**
+   * Logs the final outcome of an SDK API call exactly once: successes (`2xx`) at
+   * `debug` (method + path + status, no body), failures (`4xx`/`5xx`) at `error`
+   * with the redacted request body and the response error body. Returns the
+   * response so it can be chained at the middleware's return points. The error
+   * body is read off a synchronous `clone()` so it never disturbs the body the
+   * caller consumes.
+   */
+  _logHttp(request, response) {
+    const path = this._httpPath(request.url);
+    const label = `[PollarClient:http] ${request.method.toUpperCase()} ${path} ${response.status}`;
+    if (response.ok) {
+      this._log.debug(label);
+    } else {
+      void this._logHttpError(label, request, response.clone());
+    }
+    return response;
+  }
+  /** Reads the redacted request body + JSON response body and logs at `error`. */
+  async _logHttpError(label, request, response) {
+    let requestBody;
+    const cached = this._requestBodyCache.get(request);
+    if (cached) {
+      try {
+        requestBody = redactBody(JSON.parse(new TextDecoder().decode(cached)));
+      } catch {
+      }
+    }
+    let responseBody;
+    if ((response.headers.get("content-type") ?? "").includes("application/json")) {
+      try {
+        responseBody = await response.json();
+      } catch {
+      }
+    }
+    this._log.error(label, {
+      ...requestBody !== void 0 ? { requestBody } : {},
+      ...responseBody !== void 0 ? { responseBody } : {}
+    });
+  }
+  /** Strips origin + `/v1` version prefix from a request URL for compact logs. */
+  _httpPath(url) {
+    try {
+      const { pathname } = new URL(url);
+      return pathname.startsWith("/v1/") ? pathname.slice(3) : pathname;
+    } catch {
+      return url;
+    }
+  }
   async _buildProofForRequest(request, accessToken) {
     try {
       const htu = request.url.split("?")[0].split("#")[0];