@pooflabs/web 0.0.77 → 0.0.78

package/dist/{index-CFh1x-M0.esm.js → index-CwGoYY0Y.esm.js}

@@ -4,21 +4,6 @@ import * as anchor from '@coral-xyz/anchor';
 import { Program } from '@coral-xyz/anchor';
 import * as React$2 from 'react';
 
-function _mergeNamespaces(n, m) {
-	m.forEach(function (e) {
-		e && typeof e !== 'string' && !Array.isArray(e) && Object.keys(e).forEach(function (k) {
-			if (k !== 'default' && !(k in n)) {
-				var d = Object.getOwnPropertyDescriptor(e, k);
-				Object.defineProperty(n, k, d.get ? d : {
-					enumerable: true,
-					get: function () { return e[k]; }
-				});
-			}
-		});
-	});
-	return Object.freeze(n);
-}
-
 function getDefaultExportFromCjs$1 (x) {
 	return x && x.__esModule && Object.prototype.hasOwnProperty.call(x, 'default') ? x['default'] : x;
 }
@@ -6394,6 +6379,261 @@ var ReconnectingWebSocket = /** @class */ (function () {
     return ReconnectingWebSocket;
 }());
 
+function getDefaultExportFromCjs (x) {
+	return x && x.__esModule && Object.prototype.hasOwnProperty.call(x, 'default') ? x['default'] : x;
+}
+
+var isRetryAllowed$1;
+var hasRequiredIsRetryAllowed;
+
+function requireIsRetryAllowed () {
+	if (hasRequiredIsRetryAllowed) return isRetryAllowed$1;
+	hasRequiredIsRetryAllowed = 1;
+
+	const denyList = new Set([
+		'ENOTFOUND',
+		'ENETUNREACH',
+
+		// SSL errors from https://github.com/nodejs/node/blob/fc8e3e2cdc521978351de257030db0076d79e0ab/src/crypto/crypto_common.cc#L301-L328
+		'UNABLE_TO_GET_ISSUER_CERT',
+		'UNABLE_TO_GET_CRL',
+		'UNABLE_TO_DECRYPT_CERT_SIGNATURE',
+		'UNABLE_TO_DECRYPT_CRL_SIGNATURE',
+		'UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY',
+		'CERT_SIGNATURE_FAILURE',
+		'CRL_SIGNATURE_FAILURE',
+		'CERT_NOT_YET_VALID',
+		'CERT_HAS_EXPIRED',
+		'CRL_NOT_YET_VALID',
+		'CRL_HAS_EXPIRED',
+		'ERROR_IN_CERT_NOT_BEFORE_FIELD',
+		'ERROR_IN_CERT_NOT_AFTER_FIELD',
+		'ERROR_IN_CRL_LAST_UPDATE_FIELD',
+		'ERROR_IN_CRL_NEXT_UPDATE_FIELD',
+		'OUT_OF_MEM',
+		'DEPTH_ZERO_SELF_SIGNED_CERT',
+		'SELF_SIGNED_CERT_IN_CHAIN',
+		'UNABLE_TO_GET_ISSUER_CERT_LOCALLY',
+		'UNABLE_TO_VERIFY_LEAF_SIGNATURE',
+		'CERT_CHAIN_TOO_LONG',
+		'CERT_REVOKED',
+		'INVALID_CA',
+		'PATH_LENGTH_EXCEEDED',
+		'INVALID_PURPOSE',
+		'CERT_UNTRUSTED',
+		'CERT_REJECTED',
+		'HOSTNAME_MISMATCH'
+	]);
+
+	// TODO: Use `error?.code` when targeting Node.js 14
+	isRetryAllowed$1 = error => !denyList.has(error && error.code);
+	return isRetryAllowed$1;
+}
+
+var isRetryAllowedExports = requireIsRetryAllowed();
+var isRetryAllowed = /*@__PURE__*/getDefaultExportFromCjs(isRetryAllowedExports);
+
+const namespace = 'axios-retry';
+function isNetworkError(error) {
+    const CODE_EXCLUDE_LIST = ['ERR_CANCELED', 'ECONNABORTED'];
+    if (error.response) {
+        return false;
+    }
+    if (!error.code) {
+        return false;
+    }
+    // Prevents retrying timed out & cancelled requests
+    if (CODE_EXCLUDE_LIST.includes(error.code)) {
+        return false;
+    }
+    // Prevents retrying unsafe errors
+    return isRetryAllowed(error);
+}
+const SAFE_HTTP_METHODS = ['get', 'head', 'options'];
+const IDEMPOTENT_HTTP_METHODS = SAFE_HTTP_METHODS.concat(['put', 'delete']);
+function isRetryableError(error) {
+    return (error.code !== 'ECONNABORTED' &&
+        (!error.response ||
+            error.response.status === 429 ||
+            (error.response.status >= 500 && error.response.status <= 599)));
+}
+function isSafeRequestError(error) {
+    if (!error.config?.method) {
+        // Cannot determine if the request can be retried
+        return false;
+    }
+    return isRetryableError(error) && SAFE_HTTP_METHODS.indexOf(error.config.method) !== -1;
+}
+function isIdempotentRequestError(error) {
+    if (!error.config?.method) {
+        // Cannot determine if the request can be retried
+        return false;
+    }
+    return isRetryableError(error) && IDEMPOTENT_HTTP_METHODS.indexOf(error.config.method) !== -1;
+}
+function isNetworkOrIdempotentRequestError(error) {
+    return isNetworkError(error) || isIdempotentRequestError(error);
+}
+function retryAfter(error = undefined) {
+    const retryAfterHeader = error?.response?.headers['retry-after'];
+    if (!retryAfterHeader) {
+        return 0;
+    }
+    // if the retry after header is a number, convert it to milliseconds
+    let retryAfterMs = (Number(retryAfterHeader) || 0) * 1000;
+    // If the retry after header is a date, get the number of milliseconds until that date
+    if (retryAfterMs === 0) {
+        retryAfterMs = (new Date(retryAfterHeader).valueOf() || 0) - Date.now();
+    }
+    return Math.max(0, retryAfterMs);
+}
+function noDelay(_retryNumber = 0, error = undefined) {
+    return Math.max(0, retryAfter(error));
+}
+function exponentialDelay(retryNumber = 0, error = undefined, delayFactor = 100) {
+    const calculatedDelay = 2 ** retryNumber * delayFactor;
+    const delay = Math.max(calculatedDelay, retryAfter(error));
+    const randomSum = delay * 0.2 * Math.random(); // 0-20% of the delay
+    return delay + randomSum;
+}
+/**
+ * Linear delay
+ * @param {number | undefined} delayFactor - delay factor in milliseconds (default: 100)
+ * @returns {function} (retryNumber: number, error: AxiosError | undefined) => number
+ */
+function linearDelay(delayFactor = 100) {
+    return (retryNumber = 0, error = undefined) => {
+        const delay = retryNumber * delayFactor;
+        return Math.max(delay, retryAfter(error));
+    };
+}
+const DEFAULT_OPTIONS = {
+    retries: 3,
+    retryCondition: isNetworkOrIdempotentRequestError,
+    retryDelay: noDelay,
+    shouldResetTimeout: false,
+    onRetry: () => { },
+    onMaxRetryTimesExceeded: () => { },
+    validateResponse: null
+};
+function getRequestOptions(config, defaultOptions) {
+    return { ...DEFAULT_OPTIONS, ...defaultOptions, ...config[namespace] };
+}
+function setCurrentState(config, defaultOptions, resetLastRequestTime = false) {
+    const currentState = getRequestOptions(config, defaultOptions || {});
+    currentState.retryCount = currentState.retryCount || 0;
+    if (!currentState.lastRequestTime || resetLastRequestTime) {
+        currentState.lastRequestTime = Date.now();
+    }
+    config[namespace] = currentState;
+    return currentState;
+}
+function fixConfig(axiosInstance, config) {
+    // @ts-ignore
+    if (axiosInstance.defaults.agent === config.agent) {
+        // @ts-ignore
+        delete config.agent;
+    }
+    if (axiosInstance.defaults.httpAgent === config.httpAgent) {
+        delete config.httpAgent;
+    }
+    if (axiosInstance.defaults.httpsAgent === config.httpsAgent) {
+        delete config.httpsAgent;
+    }
+}
+async function shouldRetry(currentState, error) {
+    const { retries, retryCondition } = currentState;
+    const shouldRetryOrPromise = (currentState.retryCount || 0) < retries && retryCondition(error);
+    // This could be a promise
+    if (typeof shouldRetryOrPromise === 'object') {
+        try {
+            const shouldRetryPromiseResult = await shouldRetryOrPromise;
+            // keep return true unless shouldRetryPromiseResult return false for compatibility
+            return shouldRetryPromiseResult !== false;
+        }
+        catch (_err) {
+            return false;
+        }
+    }
+    return shouldRetryOrPromise;
+}
+async function handleRetry(axiosInstance, currentState, error, config) {
+    currentState.retryCount += 1;
+    const { retryDelay, shouldResetTimeout, onRetry } = currentState;
+    const delay = retryDelay(currentState.retryCount, error);
+    // Axios fails merging this configuration to the default configuration because it has an issue
+    // with circular structures: https://github.com/mzabriskie/axios/issues/370
+    fixConfig(axiosInstance, config);
+    if (!shouldResetTimeout && config.timeout && currentState.lastRequestTime) {
+        const lastRequestDuration = Date.now() - currentState.lastRequestTime;
+        const timeout = config.timeout - lastRequestDuration - delay;
+        if (timeout <= 0) {
+            return Promise.reject(error);
+        }
+        config.timeout = timeout;
+    }
+    config.transformRequest = [(data) => data];
+    await onRetry(currentState.retryCount, error, config);
+    if (config.signal?.aborted) {
+        return Promise.resolve(axiosInstance(config));
+    }
+    return new Promise((resolve) => {
+        const abortListener = () => {
+            clearTimeout(timeout);
+            resolve(axiosInstance(config));
+        };
+        const timeout = setTimeout(() => {
+            resolve(axiosInstance(config));
+            if (config.signal?.removeEventListener) {
+                config.signal.removeEventListener('abort', abortListener);
+            }
+        }, delay);
+        if (config.signal?.addEventListener) {
+            config.signal.addEventListener('abort', abortListener, { once: true });
+        }
+    });
+}
+async function handleMaxRetryTimesExceeded(currentState, error) {
+    if (currentState.retryCount >= currentState.retries)
+        await currentState.onMaxRetryTimesExceeded(error, currentState.retryCount);
+}
+const axiosRetry = (axiosInstance, defaultOptions) => {
+    const requestInterceptorId = axiosInstance.interceptors.request.use((config) => {
+        setCurrentState(config, defaultOptions, true);
+        if (config[namespace]?.validateResponse) {
+            // by setting this, all HTTP responses will be go through the error interceptor first
+            config.validateStatus = () => false;
+        }
+        return config;
+    });
+    const responseInterceptorId = axiosInstance.interceptors.response.use(null, async (error) => {
+        const { config } = error;
+        // If we have no information to retry the request
+        if (!config) {
+            return Promise.reject(error);
+        }
+        const currentState = setCurrentState(config, defaultOptions);
+        if (error.response && currentState.validateResponse?.(error.response)) {
+            // no issue with response
+            return error.response;
+        }
+        if (await shouldRetry(currentState, error)) {
+            return handleRetry(axiosInstance, currentState, error, config);
+        }
+        await handleMaxRetryTimesExceeded(currentState, error);
+        return Promise.reject(error);
+    });
+    return { requestInterceptorId, responseInterceptorId };
+};
+// Compatibility with CommonJS
+axiosRetry.isNetworkError = isNetworkError;
+axiosRetry.isSafeRequestError = isSafeRequestError;
+axiosRetry.isIdempotentRequestError = isIdempotentRequestError;
+axiosRetry.isNetworkOrIdempotentRequestError = isNetworkOrIdempotentRequestError;
+axiosRetry.exponentialDelay = exponentialDelay;
+axiosRetry.linearDelay = linearDelay;
+axiosRetry.isRetryableError = isRetryableError;
+
 let axiosClient;
 async function getAxiosAuthClient() {
     if (!axiosClient) {
@@ -6403,6 +6643,7 @@ async function getAxiosAuthClient() {
             headers: {
                 'Content-Type': 'application/json',
             },
+            timeout: 30000, // 30s timeout, matching makeApiRequest
         });
     }
     return axiosClient;
@@ -6449,15 +6690,41 @@ async function createSessionWithPrivy(authToken, address, privyIdToken) {
     });
     return response.data;
 }
+// Deduplicate concurrent refreshSession calls to prevent multiple code paths
+// (WebSocket reconnection, periodic refresh, API 401 retry) from all hitting
+// /session/refresh simultaneously.
+// Note: module-level state is shared across requests in SSR/Node — acceptable
+// since there is only one active session per server instance (same pattern as
+// refreshInFlight in api.ts).
+let refreshInFlight$1 = null;
+let refreshInFlightToken = null;
 async function refreshSession(refreshToken) {
-    const client = await getAxiosAuthClient();
-    const config = await getConfig();
-    const appId = config.appId;
-    const response = await client.post('/session/refresh', {
-        refreshToken,
-        appId
-    });
-    return response.data;
+    if (refreshInFlight$1 && refreshInFlightToken === refreshToken) {
+        return refreshInFlight$1;
+    }
+    refreshInFlightToken = refreshToken;
+    let currentFlight;
+    currentFlight = refreshInFlight$1 = (async () => {
+        try {
+            const client = await getAxiosAuthClient();
+            const config = await getConfig();
+            const appId = config.appId;
+            const response = await client.post('/session/refresh', {
+                refreshToken,
+                appId
+            });
+            return response.data;
+        }
+        finally {
+            // Only clear if we're still the active in-flight request.
+            // A second call with a different token may have replaced us.
+            if (refreshInFlight$1 === currentFlight) {
+                refreshInFlight$1 = null;
+                refreshInFlightToken = null;
+            }
+        }
+    })();
+    return refreshInFlight$1;
 }
 async function signSessionCreateMessage(_signMessageFunction) {
 }
@@ -6595,14 +6862,10 @@ class WebSessionManager {
 WebSessionManager.TAROBASE_SESSION_STORAGE_KEY = "tarobase_session_storage";
 
 var webSessionManager = /*#__PURE__*/Object.freeze({
-    __proto__: null,
-    WebSessionManager: WebSessionManager
+	__proto__: null,
+	WebSessionManager: WebSessionManager
 });
 
-function getDefaultExportFromCjs (x) {
-	return x && x.__esModule && Object.prototype.hasOwnProperty.call(x, 'default') ? x['default'] : x;
-}
-
 var buffer$1 = {};
 
 var base64Js$1 = {};
@@ -8974,15 +9237,15 @@ function requireBuffer$1 () {
 
 var bufferExports$1 = requireBuffer$1();
 
-var safeBuffer$1 = {exports: {}};
+var safeBuffer = {exports: {}};
 
 /*! safe-buffer. MIT License. Feross Aboukhadijeh <https://feross.org/opensource> */
 
-var hasRequiredSafeBuffer$1;
+var hasRequiredSafeBuffer;
 
-function requireSafeBuffer$1 () {
-	if (hasRequiredSafeBuffer$1) return safeBuffer$1.exports;
-	hasRequiredSafeBuffer$1 = 1;
+function requireSafeBuffer () {
+	if (hasRequiredSafeBuffer) return safeBuffer.exports;
+	hasRequiredSafeBuffer = 1;
 	(function (module, exports$1) {
 		/* eslint-disable node/no-deprecated-api */
 		var buffer = requireBuffer$1();
@@ -9048,23 +9311,23 @@ function requireSafeBuffer$1 () {
 		  }
 		  return buffer.SlowBuffer(size)
 		}; 
-	} (safeBuffer$1, safeBuffer$1.exports));
-	return safeBuffer$1.exports;
+	} (safeBuffer, safeBuffer.exports));
+	return safeBuffer.exports;
 }
 
-var src$1;
-var hasRequiredSrc$1;
+var src;
+var hasRequiredSrc;
 
-function requireSrc$1 () {
-	if (hasRequiredSrc$1) return src$1;
-	hasRequiredSrc$1 = 1;
+function requireSrc () {
+	if (hasRequiredSrc) return src;
+	hasRequiredSrc = 1;
 	// base-x encoding / decoding
 	// Copyright (c) 2018 base-x contributors
 	// Copyright (c) 2014-2018 The Bitcoin Core developers (base58.cpp)
 	// Distributed under the MIT software license, see the accompanying
 	// file LICENSE or http://www.opensource.org/licenses/mit-license.php.
 	// @ts-ignore
-	var _Buffer = requireSafeBuffer$1().Buffer;
+	var _Buffer = requireSafeBuffer().Buffer;
 	function base (ALPHABET) {
 	  if (ALPHABET.length >= 255) { throw new TypeError('Alphabet too long') }
 	  var BASE_MAP = new Uint8Array(256);
@@ -9179,25 +9442,25 @@ function requireSrc$1 () {
 	    decode: decode
 	  }
 	}
-	src$1 = base;
-	return src$1;
+	src = base;
+	return src;
 }
 
-var bs58$1$1;
-var hasRequiredBs58$1;
+var bs58$1;
+var hasRequiredBs58;
 
-function requireBs58$1 () {
-	if (hasRequiredBs58$1) return bs58$1$1;
-	hasRequiredBs58$1 = 1;
-	var basex = requireSrc$1();
+function requireBs58 () {
+	if (hasRequiredBs58) return bs58$1;
+	hasRequiredBs58 = 1;
+	var basex = requireSrc();
 	var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
 
-	bs58$1$1 = basex(ALPHABET);
-	return bs58$1$1;
+	bs58$1 = basex(ALPHABET);
+	return bs58$1;
 }
 
-var bs58Exports$1 = requireBs58$1();
-var bs58$2 = /*@__PURE__*/getDefaultExportFromCjs(bs58Exports$1);
+var bs58Exports = requireBs58();
+var bs58$2 = /*@__PURE__*/getDefaultExportFromCjs(bs58Exports);
 
 // ─────────────────────────────────────────────────────────────
 // Local implementation of getSimulationComputeUnits
@@ -9399,7 +9662,19 @@ async function buildSetDocumentsTransaction(connection, idl, anchorProvider, pay
         }
     }
     else if (lutKey != null) {
-        const { value: table } = await connection.getAddressLookupTable(new PublicKey(lutKey));
+        // The LUT may have just been created server-side and the client's RPC node
+        // may not have indexed it yet (load-balancer split). Retry with exponential
+        // back-off; first retry at 100 ms almost always resolves it.
+        let table = null;
+        for (let attempt = 0; attempt < 5; attempt++) {
+            const { value } = await connection.getAddressLookupTable(new PublicKey(lutKey));
+            if (value) {
+                table = value;
+                break;
+            }
+            if (attempt < 4)
+                await new Promise(r => setTimeout(r, 100 * Math.pow(2, attempt)));
+        }
         if (!table)
             throw new Error('LUT not found after creation/extend');
         lookupTables.push(table);
@@ -9534,8 +9809,8 @@ class ServerSessionManager {
 ServerSessionManager.instance = new ServerSessionManager();
 
 var serverSessionManager = /*#__PURE__*/Object.freeze({
-    __proto__: null,
-    ServerSessionManager: ServerSessionManager
+	__proto__: null,
+	ServerSessionManager: ServerSessionManager
 });
 
 /**
@@ -9634,6 +9909,23 @@ async function updateIdTokenAndAccessToken(idToken, accessToken, isServer = fals
     await WebSessionManager.updateIdTokenAndAccessToken(idToken, accessToken);
 }
 
+const apiClient = globalAxios.create();
+axiosRetry(apiClient, {
+    retries: 2,
+    retryCondition: (error) => {
+        var _a, _b;
+        // Only retry GET requests on network errors (ECONNRESET, ETIMEDOUT, etc.)
+        // Writes (POST/PUT) are not retried — the server may have processed
+        // the request before the connection was reset.
+        return axiosRetry.isNetworkError(error) && ((_b = (_a = error.config) === null || _a === void 0 ? void 0 : _a.method) === null || _b === void 0 ? void 0 : _b.toLowerCase()) === 'get';
+    },
+    retryDelay: axiosRetry.exponentialDelay,
+    shouldResetTimeout: true,
+    onRetry: (retryCount, error, requestConfig) => {
+        var _a;
+        console.warn(`[tarobase-sdk] retry ${retryCount} for ${(_a = requestConfig.method) === null || _a === void 0 ? void 0 : _a.toUpperCase()} ${requestConfig.url} — ${error.code || error.message}`);
+    },
+});
 const refreshInFlight = new Map();
 async function refreshAuthSessionOnce(appId, isServer) {
     const key = `${isServer ? "server" : "web"}:${appId}`;
@@ -9680,6 +9972,7 @@ async function makeApiRequest(method, urlPath, data, _overrides) {
         ServerSessionManager.instance.clearSession();
     };
     async function executeRequest() {
+        var _a;
         // When _getAuthHeaders is provided (wallet client), use it as the sole auth source.
         // Otherwise use the global createAuthHeader (default path).
         const authHeader = (_overrides === null || _overrides === void 0 ? void 0 : _overrides._getAuthHeaders)
@@ -9701,11 +9994,12 @@ async function makeApiRequest(method, urlPath, data, _overrides) {
             method,
             url: `${config.apiUrl}${urlPath.startsWith("/") ? urlPath : `/${urlPath}`}`,
             headers,
+            timeout: (_a = _overrides === null || _overrides === void 0 ? void 0 : _overrides.timeout) !== null && _a !== void 0 ? _a : 30000,
         };
         if (method !== "GET" && method !== "get") {
             requestConfig.data = data ? JSON.stringify(data) : {};
         }
-        const response = await globalAxios(requestConfig);
+        const response = await apiClient(requestConfig);
         return { data: response.data, status: response.status, headers: response.headers };
     }
     try {
@@ -10641,6 +10935,7 @@ function scheduleTokenRefresh(connection, isServer) {
     // This replaces the old single setTimeout approach which was unreliable for long
     // delays (browsers throttle/suspend timers in background tabs).
     connection.tokenRefreshTimer = setInterval(async () => {
+        var _a, _b;
         try {
             const currentToken = await getIdToken$1(isServer);
             if (!currentToken)
@@ -10671,6 +10966,17 @@ function scheduleTokenRefresh(connection, isServer) {
                     }
                 }
                 catch (refreshError) {
+                    // If the refresh token itself is invalid (401/403), stop retrying —
+                    // the token won't magically become valid next interval, and continuing
+                    // to hammer /session/refresh causes 429 rate-limit storms.
+                    if (((_a = refreshError === null || refreshError === void 0 ? void 0 : refreshError.response) === null || _a === void 0 ? void 0 : _a.status) === 401 || ((_b = refreshError === null || refreshError === void 0 ? void 0 : refreshError.response) === null || _b === void 0 ? void 0 : _b.status) === 403) {
+                        console.warn('[WS v2] Refresh token rejected (401/403), stopping periodic refresh');
+                        if (connection.tokenRefreshTimer) {
+                            clearInterval(connection.tokenRefreshTimer);
+                            connection.tokenRefreshTimer = null;
+                        }
+                        return;
+                    }
                     console.warn('[WS v2] Proactive token refresh failed, will retry next interval:', refreshError);
                 }
             }
@@ -10681,6 +10987,7 @@ function scheduleTokenRefresh(connection, isServer) {
     }, TOKEN_CHECK_INTERVAL);
 }
 async function getFreshAuthToken(isServer) {
+    var _a, _b;
     const currentToken = await getIdToken$1(isServer);
     if (!currentToken) {
         return null;
@@ -10703,6 +11010,17 @@ async function getFreshAuthToken(isServer) {
     }
     catch (error) {
         console.error('[WS v2] Error refreshing token:', error);
+        // If the refresh token is permanently invalid (401/403), clear the stale
+        // session from storage so future attempts don't keep retrying with it.
+        if (!isServer && (((_a = error === null || error === void 0 ? void 0 : error.response) === null || _a === void 0 ? void 0 : _a.status) === 401 || ((_b = error === null || error === void 0 ? void 0 : error.response) === null || _b === void 0 ? void 0 : _b.status) === 403)) {
+            try {
+                const { WebSessionManager } = await Promise.resolve().then(function () { return webSessionManager; });
+                WebSessionManager.clearSession();
+            }
+            catch (clearError) {
+                console.warn('[WS v2] Failed to clear stale session:', clearError);
+            }
+        }
     }
     // Return null instead of the expired token to prevent infinite 401 reconnect storms.
     // The server accepts unauthenticated connections; auth-required subscriptions will
@@ -10823,7 +11141,16 @@ async function getOrCreateConnection(appId, isServer) {
     ws.addEventListener('open', () => {
         connection.isConnecting = false;
         connection.isConnected = true;
-        connection.consecutiveAuthFailures = 0;
+        // NOTE: Do NOT reset consecutiveAuthFailures here. It is reset when a
+        // fresh auth token is actually obtained (in urlProvider, line ~389) or on
+        // an explicit auth change (reconnectWithNewAuthV2, line ~854). Resetting
+        // on every 'open' event created an infinite loop: auth fails 5x → connect
+        // without auth → open resets counter → disconnect → auth fails 5x again →
+        // repeat forever, hammering /session/refresh and causing 429s.
+        //
+        // An elevated counter is safe for anonymous/guest sessions: when there's no
+        // token at all (getIdToken returns null), the counter is never checked —
+        // urlProvider skips straight to unauthenticated connection.
         // Schedule periodic token freshness checks
         scheduleTokenRefresh(connection, isServer);
         // Re-subscribe to all existing subscriptions after reconnect
@@ -15295,7 +15622,7 @@ async function loadDependencies() {
         const [reactModule, reactDomModule, phantomModule] = await Promise.all([
             import('react'),
             import('react-dom/client'),
-            import('./index-CeQ8hE3s.esm.js')
+            import('./index-Cmu0PVJD.esm.js')
         ]);
         // Extract default export from ESM module namespace
         // Dynamic import() returns { default: Module, ...exports }, not the module directly
@@ -19607,235 +19934,137 @@ function createSolanaRpcSubscriptionsFromTransport(transport) {
   });
 }
 
-var safeBuffer = {exports: {}};
-
-/*! safe-buffer. MIT License. Feross Aboukhadijeh <https://feross.org/opensource> */
-
-var hasRequiredSafeBuffer;
-
-function requireSafeBuffer () {
-	if (hasRequiredSafeBuffer) return safeBuffer.exports;
-	hasRequiredSafeBuffer = 1;
-	(function (module, exports$1) {
-		/* eslint-disable node/no-deprecated-api */
-		var buffer = requireBuffer();
-		var Buffer = buffer.Buffer;
-
-		// alternative to using Object.keys for old browsers
-		function copyProps (src, dst) {
-		  for (var key in src) {
-		    dst[key] = src[key];
-		  }
-		}
-		if (Buffer.from && Buffer.alloc && Buffer.allocUnsafe && Buffer.allocUnsafeSlow) {
-		  module.exports = buffer;
-		} else {
-		  // Copy properties from require('buffer')
-		  copyProps(buffer, exports$1);
-		  exports$1.Buffer = SafeBuffer;
-		}
-
-		function SafeBuffer (arg, encodingOrOffset, length) {
-		  return Buffer(arg, encodingOrOffset, length)
-		}
-
-		SafeBuffer.prototype = Object.create(Buffer.prototype);
-
-		// Copy static methods from Buffer
-		copyProps(Buffer, SafeBuffer);
-
-		SafeBuffer.from = function (arg, encodingOrOffset, length) {
-		  if (typeof arg === 'number') {
-		    throw new TypeError('Argument must not be a number')
-		  }
-		  return Buffer(arg, encodingOrOffset, length)
-		};
-
-		SafeBuffer.alloc = function (size, fill, encoding) {
-		  if (typeof size !== 'number') {
-		    throw new TypeError('Argument must be a number')
-		  }
-		  var buf = Buffer(size);
-		  if (fill !== undefined) {
-		    if (typeof encoding === 'string') {
-		      buf.fill(fill, encoding);
-		    } else {
-		      buf.fill(fill);
-		    }
-		  } else {
-		    buf.fill(0);
-		  }
-		  return buf
-		};
-
-		SafeBuffer.allocUnsafe = function (size) {
-		  if (typeof size !== 'number') {
-		    throw new TypeError('Argument must be a number')
-		  }
-		  return Buffer(size)
-		};
-
-		SafeBuffer.allocUnsafeSlow = function (size) {
-		  if (typeof size !== 'number') {
-		    throw new TypeError('Argument must be a number')
-		  }
-		  return buffer.SlowBuffer(size)
-		}; 
-	} (safeBuffer, safeBuffer.exports));
-	return safeBuffer.exports;
-}
-
-var src;
-var hasRequiredSrc;
-
-function requireSrc () {
-	if (hasRequiredSrc) return src;
-	hasRequiredSrc = 1;
-	// base-x encoding / decoding
-	// Copyright (c) 2018 base-x contributors
-	// Copyright (c) 2014-2018 The Bitcoin Core developers (base58.cpp)
-	// Distributed under the MIT software license, see the accompanying
-	// file LICENSE or http://www.opensource.org/licenses/mit-license.php.
-	// @ts-ignore
-	var _Buffer = requireSafeBuffer().Buffer;
-	function base (ALPHABET) {
-	  if (ALPHABET.length >= 255) { throw new TypeError('Alphabet too long') }
-	  var BASE_MAP = new Uint8Array(256);
-	  for (var j = 0; j < BASE_MAP.length; j++) {
-	    BASE_MAP[j] = 255;
-	  }
-	  for (var i = 0; i < ALPHABET.length; i++) {
-	    var x = ALPHABET.charAt(i);
-	    var xc = x.charCodeAt(0);
-	    if (BASE_MAP[xc] !== 255) { throw new TypeError(x + ' is ambiguous') }
-	    BASE_MAP[xc] = i;
-	  }
-	  var BASE = ALPHABET.length;
-	  var LEADER = ALPHABET.charAt(0);
-	  var FACTOR = Math.log(BASE) / Math.log(256); // log(BASE) / log(256), rounded up
-	  var iFACTOR = Math.log(256) / Math.log(BASE); // log(256) / log(BASE), rounded up
-	  function encode (source) {
-	    if (Array.isArray(source) || source instanceof Uint8Array) { source = _Buffer.from(source); }
-	    if (!_Buffer.isBuffer(source)) { throw new TypeError('Expected Buffer') }
-	    if (source.length === 0) { return '' }
-	        // Skip & count leading zeroes.
-	    var zeroes = 0;
-	    var length = 0;
-	    var pbegin = 0;
-	    var pend = source.length;
-	    while (pbegin !== pend && source[pbegin] === 0) {
-	      pbegin++;
-	      zeroes++;
-	    }
-	        // Allocate enough space in big-endian base58 representation.
-	    var size = ((pend - pbegin) * iFACTOR + 1) >>> 0;
-	    var b58 = new Uint8Array(size);
-	        // Process the bytes.
-	    while (pbegin !== pend) {
-	      var carry = source[pbegin];
-	            // Apply "b58 = b58 * 256 + ch".
-	      var i = 0;
-	      for (var it1 = size - 1; (carry !== 0 || i < length) && (it1 !== -1); it1--, i++) {
-	        carry += (256 * b58[it1]) >>> 0;
-	        b58[it1] = (carry % BASE) >>> 0;
-	        carry = (carry / BASE) >>> 0;
-	      }
-	      if (carry !== 0) { throw new Error('Non-zero carry') }
-	      length = i;
-	      pbegin++;
-	    }
-	        // Skip leading zeroes in base58 result.
-	    var it2 = size - length;
-	    while (it2 !== size && b58[it2] === 0) {
-	      it2++;
-	    }
-	        // Translate the result into a string.
-	    var str = LEADER.repeat(zeroes);
-	    for (; it2 < size; ++it2) { str += ALPHABET.charAt(b58[it2]); }
-	    return str
-	  }
-	  function decodeUnsafe (source) {
-	    if (typeof source !== 'string') { throw new TypeError('Expected String') }
-	    if (source.length === 0) { return _Buffer.alloc(0) }
-	    var psz = 0;
-	        // Skip and count leading '1's.
-	    var zeroes = 0;
-	    var length = 0;
-	    while (source[psz] === LEADER) {
-	      zeroes++;
-	      psz++;
-	    }
-	        // Allocate enough space in big-endian base256 representation.
-	    var size = (((source.length - psz) * FACTOR) + 1) >>> 0; // log(58) / log(256), rounded up.
-	    var b256 = new Uint8Array(size);
-	        // Process the characters.
-	    while (psz < source.length) {
-	            // Find code of next character
-	      var charCode = source.charCodeAt(psz);
-	            // Base map can not be indexed using char code
-	      if (charCode > 255) { return }
-	            // Decode character
-	      var carry = BASE_MAP[charCode];
-	            // Invalid character
-	      if (carry === 255) { return }
-	      var i = 0;
-	      for (var it3 = size - 1; (carry !== 0 || i < length) && (it3 !== -1); it3--, i++) {
-	        carry += (BASE * b256[it3]) >>> 0;
-	        b256[it3] = (carry % 256) >>> 0;
-	        carry = (carry / 256) >>> 0;
-	      }
-	      if (carry !== 0) { throw new Error('Non-zero carry') }
-	      length = i;
-	      psz++;
-	    }
-	        // Skip leading zeroes in b256.
-	    var it4 = size - length;
-	    while (it4 !== size && b256[it4] === 0) {
-	      it4++;
-	    }
-	    var vch = _Buffer.allocUnsafe(zeroes + (size - it4));
-	    vch.fill(0x00, 0, zeroes);
-	    var j = zeroes;
-	    while (it4 !== size) {
-	      vch[j++] = b256[it4++];
-	    }
-	    return vch
-	  }
-	  function decode (string) {
-	    var buffer = decodeUnsafe(string);
-	    if (buffer) { return buffer }
-	    throw new Error('Non-base' + BASE + ' character')
-	  }
-	  return {
-	    encode: encode,
-	    decodeUnsafe: decodeUnsafe,
-	    decode: decode
-	  }
-	}
-	src = base;
-	return src;
-}
-
-var bs58$1;
-var hasRequiredBs58;
-
-function requireBs58 () {
-	if (hasRequiredBs58) return bs58$1;
-	hasRequiredBs58 = 1;
-	var basex = requireSrc();
-	var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
-
-	bs58$1 = basex(ALPHABET);
-	return bs58$1;
+// base-x encoding / decoding
+// Copyright (c) 2018 base-x contributors
+// Copyright (c) 2014-2018 The Bitcoin Core developers (base58.cpp)
+// Distributed under the MIT software license, see the accompanying
+// file LICENSE or http://www.opensource.org/licenses/mit-license.php.
+function base (ALPHABET) {
+  if (ALPHABET.length >= 255) { throw new TypeError('Alphabet too long') }
+  const BASE_MAP = new Uint8Array(256);
+  for (let j = 0; j < BASE_MAP.length; j++) {
+    BASE_MAP[j] = 255;
+  }
+  for (let i = 0; i < ALPHABET.length; i++) {
+    const x = ALPHABET.charAt(i);
+    const xc = x.charCodeAt(0);
+    if (BASE_MAP[xc] !== 255) { throw new TypeError(x + ' is ambiguous') }
+    BASE_MAP[xc] = i;
+  }
+  const BASE = ALPHABET.length;
+  const LEADER = ALPHABET.charAt(0);
+  const FACTOR = Math.log(BASE) / Math.log(256); // log(BASE) / log(256), rounded up
+  const iFACTOR = Math.log(256) / Math.log(BASE); // log(256) / log(BASE), rounded up
+  function encode (source) {
+    // eslint-disable-next-line no-empty
+    if (source instanceof Uint8Array) ; else if (ArrayBuffer.isView(source)) {
+      source = new Uint8Array(source.buffer, source.byteOffset, source.byteLength);
+    } else if (Array.isArray(source)) {
+      source = Uint8Array.from(source);
+    }
+    if (!(source instanceof Uint8Array)) { throw new TypeError('Expected Uint8Array') }
+    if (source.length === 0) { return '' }
+    // Skip & count leading zeroes.
+    let zeroes = 0;
+    let length = 0;
+    let pbegin = 0;
+    const pend = source.length;
+    while (pbegin !== pend && source[pbegin] === 0) {
+      pbegin++;
+      zeroes++;
+    }
+    // Allocate enough space in big-endian base58 representation.
+    const size = ((pend - pbegin) * iFACTOR + 1) >>> 0;
+    const b58 = new Uint8Array(size);
+    // Process the bytes.
+    while (pbegin !== pend) {
+      let carry = source[pbegin];
+      // Apply "b58 = b58 * 256 + ch".
+      let i = 0;
+      for (let it1 = size - 1; (carry !== 0 || i < length) && (it1 !== -1); it1--, i++) {
+        carry += (256 * b58[it1]) >>> 0;
+        b58[it1] = (carry % BASE) >>> 0;
+        carry = (carry / BASE) >>> 0;
+      }
+      if (carry !== 0) { throw new Error('Non-zero carry') }
+      length = i;
+      pbegin++;
+    }
+    // Skip leading zeroes in base58 result.
+    let it2 = size - length;
+    while (it2 !== size && b58[it2] === 0) {
+      it2++;
+    }
+    // Translate the result into a string.
+    let str = LEADER.repeat(zeroes);
+    for (; it2 < size; ++it2) { str += ALPHABET.charAt(b58[it2]); }
+    return str
+  }
+  function decodeUnsafe (source) {
+    if (typeof source !== 'string') { throw new TypeError('Expected String') }
+    if (source.length === 0) { return new Uint8Array() }
+    let psz = 0;
+    // Skip and count leading '1's.
+    let zeroes = 0;
+    let length = 0;
+    while (source[psz] === LEADER) {
+      zeroes++;
+      psz++;
+    }
+    // Allocate enough space in big-endian base256 representation.
+    const size = (((source.length - psz) * FACTOR) + 1) >>> 0; // log(58) / log(256), rounded up.
+    const b256 = new Uint8Array(size);
+    // Process the characters.
+    while (psz < source.length) {
+      // Find code of next character
+      const charCode = source.charCodeAt(psz);
+      // Base map can not be indexed using char code
+      if (charCode > 255) { return }
+      // Decode character
+      let carry = BASE_MAP[charCode];
+      // Invalid character
+      if (carry === 255) { return }
+      let i = 0;
+      for (let it3 = size - 1; (carry !== 0 || i < length) && (it3 !== -1); it3--, i++) {
+        carry += (BASE * b256[it3]) >>> 0;
+        b256[it3] = (carry % 256) >>> 0;
+        carry = (carry / 256) >>> 0;
+      }
+      if (carry !== 0) { throw new Error('Non-zero carry') }
+      length = i;
+      psz++;
+    }
+    // Skip leading zeroes in b256.
+    let it4 = size - length;
+    while (it4 !== size && b256[it4] === 0) {
+      it4++;
+    }
+    const vch = new Uint8Array(zeroes + (size - it4));
+    let j = zeroes;
+    while (it4 !== size) {
+      vch[j++] = b256[it4++];
+    }
+    return vch
+  }
+  function decode (string) {
+    const buffer = decodeUnsafe(string);
+    if (buffer) { return buffer }
+    throw new Error('Non-base' + BASE + ' character')
+  }
+  return {
+    encode,
+    decodeUnsafe,
+    decode
+  }
 }
 
-var bs58Exports = requireBs58();
-var bs58 = /*@__PURE__*/getDefaultExportFromCjs$1(bs58Exports);
+var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
+var bs58 = base(ALPHABET);
 
-var index = /*#__PURE__*/_mergeNamespaces({
+var index = /*#__PURE__*/Object.freeze({
 	__proto__: null,
 	default: bs58
-}, [bs58Exports]);
+});
 
 const SURFNET_RPC_URL$1 = "https://surfpool.fly.dev";
 let React;
@@ -20749,7 +20978,7 @@ async function loadMwaProtocol() {
         return mwaProtocolLoadPromise;
     mwaProtocolLoadPromise = (async () => {
         try {
-            mwaProtocolModule = await import('./index.browser-Dbq5Qf1G.esm.js');
+            mwaProtocolModule = await import('./index.browser-x87QUr4N.esm.js');
         }
         catch (e) {
             console.warn('[SolanaMobileWallet] @solana-mobile/mobile-wallet-adapter-protocol-web3js not installed. Install it to enable Seeker wallet support.');
@@ -20771,7 +21000,7 @@ async function registerMobileWalletAdapter(config) {
     if (typeof window === 'undefined')
         return;
     try {
-        const walletStandardMobile = await import('./index.browser-BE44CEaJ.esm.js');
+        const walletStandardMobile = await import('./index.browser-B4een3Gz.esm.js');
         const registerMwa = walletStandardMobile.registerMwa || ((_a = walletStandardMobile.default) === null || _a === void 0 ? void 0 : _a.registerMwa);
         if (!registerMwa) {
             console.warn('[SolanaMobileWallet] registerMwa not found in @solana-mobile/wallet-standard-mobile');
@@ -21679,5 +21908,5 @@ class PrivyExpoProvider {
     }
 }
 
-export { getMany as $, useAuth as A, deserializeTransaction as B, getIdToken as C, setPlatform as D, getPlatform as E, PrivyWalletProvider as F, DEFAULT_TEST_ADDRESS as G, isMobileWalletAvailable as H, registerMobileWalletAdapter as I, PrivyExpoProvider as J, InsufficientBalanceError as K, ServerSessionManager as L, MockAuthProvider as M, buildSetDocumentsTransaction as N, OffchainAuthProvider as O, PhantomWalletProvider as P, clearCache as Q, ReactNativeSessionManager as R, SolanaMobileWalletProvider as S, closeAllSubscriptions as T, convertRemainingAccounts as U, createSessionWithPrivy as V, WebSessionManager as W, createSessionWithSignature as X, genAuthNonce as Y, genSolanaMessage as Z, getCachedData as _, getCurrentUser as a, reconnectWithNewAuth as a0, refreshSession as a1, signSessionCreateMessage as a2, bufferExports as b, onAuthLoadingChanged as c, getAuthLoading as d, logout as e, getConfig as f, getDefaultExportFromCjs$1 as g, getAuthProvider as h, init as i, get as j, setMany as k, login as l, setFile as m, getFiles as n, onAuthStateChanged as o, runQueryMany as p, runExpression as q, runQuery as r, set as s, runExpressionMany as t, signMessage as u, signTransaction as v, signAndSubmitTransaction as w, count as x, aggregate as y, subscribe as z };
-//# sourceMappingURL=index-CFh1x-M0.esm.js.map
+export { getCachedData as $, subscribe as A, useAuth as B, deserializeTransaction as C, getIdToken as D, setPlatform as E, getPlatform as F, PrivyWalletProvider as G, DEFAULT_TEST_ADDRESS as H, isMobileWalletAvailable as I, registerMobileWalletAdapter as J, PrivyExpoProvider as K, InsufficientBalanceError as L, MockAuthProvider as M, ServerSessionManager as N, OffchainAuthProvider as O, PhantomWalletProvider as P, buildSetDocumentsTransaction as Q, ReactNativeSessionManager as R, SolanaMobileWalletProvider as S, clearCache as T, closeAllSubscriptions as U, convertRemainingAccounts as V, WebSessionManager as W, createSessionWithPrivy as X, createSessionWithSignature as Y, genAuthNonce as Z, genSolanaMessage as _, bs58 as a, getMany as a0, reconnectWithNewAuth as a1, refreshSession as a2, signSessionCreateMessage as a3, bufferExports as b, getCurrentUser as c, onAuthLoadingChanged as d, getAuthLoading as e, logout as f, getDefaultExportFromCjs$1 as g, getConfig as h, init as i, getAuthProvider as j, get as k, login as l, setMany as m, setFile as n, onAuthStateChanged as o, getFiles as p, runQueryMany as q, runQuery as r, set as s, runExpression as t, runExpressionMany as u, signMessage as v, signTransaction as w, signAndSubmitTransaction as x, count as y, aggregate as z };
+//# sourceMappingURL=index-CwGoYY0Y.esm.js.map