@pooflabs/web 0.0.78 → 0.0.79

package/dist/{index-Cp727oEW.js → index-DwU9hjtr.js}

@@ -22,6 +22,21 @@ function _interopNamespaceDefault(e) {
 	return Object.freeze(n);
 }
 
+function _mergeNamespaces(n, m) {
+	m.forEach(function (e) {
+		e && typeof e !== 'string' && !Array.isArray(e) && Object.keys(e).forEach(function (k) {
+			if (k !== 'default' && !(k in n)) {
+				var d = Object.getOwnPropertyDescriptor(e, k);
+				Object.defineProperty(n, k, d.get ? d : {
+					enumerable: true,
+					get: function () { return e[k]; }
+				});
+			}
+		});
+	});
+	return Object.freeze(n);
+}
+
 var anchor__namespace = /*#__PURE__*/_interopNamespaceDefault(anchor);
 var React__namespace = /*#__PURE__*/_interopNamespaceDefault(React$2);
 
@@ -6400,261 +6415,6 @@ var ReconnectingWebSocket = /** @class */ (function () {
     return ReconnectingWebSocket;
 }());
 
-function getDefaultExportFromCjs (x) {
-	return x && x.__esModule && Object.prototype.hasOwnProperty.call(x, 'default') ? x['default'] : x;
-}
-
-var isRetryAllowed$1;
-var hasRequiredIsRetryAllowed;
-
-function requireIsRetryAllowed () {
-	if (hasRequiredIsRetryAllowed) return isRetryAllowed$1;
-	hasRequiredIsRetryAllowed = 1;
-
-	const denyList = new Set([
-		'ENOTFOUND',
-		'ENETUNREACH',
-
-		// SSL errors from https://github.com/nodejs/node/blob/fc8e3e2cdc521978351de257030db0076d79e0ab/src/crypto/crypto_common.cc#L301-L328
-		'UNABLE_TO_GET_ISSUER_CERT',
-		'UNABLE_TO_GET_CRL',
-		'UNABLE_TO_DECRYPT_CERT_SIGNATURE',
-		'UNABLE_TO_DECRYPT_CRL_SIGNATURE',
-		'UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY',
-		'CERT_SIGNATURE_FAILURE',
-		'CRL_SIGNATURE_FAILURE',
-		'CERT_NOT_YET_VALID',
-		'CERT_HAS_EXPIRED',
-		'CRL_NOT_YET_VALID',
-		'CRL_HAS_EXPIRED',
-		'ERROR_IN_CERT_NOT_BEFORE_FIELD',
-		'ERROR_IN_CERT_NOT_AFTER_FIELD',
-		'ERROR_IN_CRL_LAST_UPDATE_FIELD',
-		'ERROR_IN_CRL_NEXT_UPDATE_FIELD',
-		'OUT_OF_MEM',
-		'DEPTH_ZERO_SELF_SIGNED_CERT',
-		'SELF_SIGNED_CERT_IN_CHAIN',
-		'UNABLE_TO_GET_ISSUER_CERT_LOCALLY',
-		'UNABLE_TO_VERIFY_LEAF_SIGNATURE',
-		'CERT_CHAIN_TOO_LONG',
-		'CERT_REVOKED',
-		'INVALID_CA',
-		'PATH_LENGTH_EXCEEDED',
-		'INVALID_PURPOSE',
-		'CERT_UNTRUSTED',
-		'CERT_REJECTED',
-		'HOSTNAME_MISMATCH'
-	]);
-
-	// TODO: Use `error?.code` when targeting Node.js 14
-	isRetryAllowed$1 = error => !denyList.has(error && error.code);
-	return isRetryAllowed$1;
-}
-
-var isRetryAllowedExports = requireIsRetryAllowed();
-var isRetryAllowed = /*@__PURE__*/getDefaultExportFromCjs(isRetryAllowedExports);
-
-const namespace = 'axios-retry';
-function isNetworkError(error) {
-    const CODE_EXCLUDE_LIST = ['ERR_CANCELED', 'ECONNABORTED'];
-    if (error.response) {
-        return false;
-    }
-    if (!error.code) {
-        return false;
-    }
-    // Prevents retrying timed out & cancelled requests
-    if (CODE_EXCLUDE_LIST.includes(error.code)) {
-        return false;
-    }
-    // Prevents retrying unsafe errors
-    return isRetryAllowed(error);
-}
-const SAFE_HTTP_METHODS = ['get', 'head', 'options'];
-const IDEMPOTENT_HTTP_METHODS = SAFE_HTTP_METHODS.concat(['put', 'delete']);
-function isRetryableError(error) {
-    return (error.code !== 'ECONNABORTED' &&
-        (!error.response ||
-            error.response.status === 429 ||
-            (error.response.status >= 500 && error.response.status <= 599)));
-}
-function isSafeRequestError(error) {
-    if (!error.config?.method) {
-        // Cannot determine if the request can be retried
-        return false;
-    }
-    return isRetryableError(error) && SAFE_HTTP_METHODS.indexOf(error.config.method) !== -1;
-}
-function isIdempotentRequestError(error) {
-    if (!error.config?.method) {
-        // Cannot determine if the request can be retried
-        return false;
-    }
-    return isRetryableError(error) && IDEMPOTENT_HTTP_METHODS.indexOf(error.config.method) !== -1;
-}
-function isNetworkOrIdempotentRequestError(error) {
-    return isNetworkError(error) || isIdempotentRequestError(error);
-}
-function retryAfter(error = undefined) {
-    const retryAfterHeader = error?.response?.headers['retry-after'];
-    if (!retryAfterHeader) {
-        return 0;
-    }
-    // if the retry after header is a number, convert it to milliseconds
-    let retryAfterMs = (Number(retryAfterHeader) || 0) * 1000;
-    // If the retry after header is a date, get the number of milliseconds until that date
-    if (retryAfterMs === 0) {
-        retryAfterMs = (new Date(retryAfterHeader).valueOf() || 0) - Date.now();
-    }
-    return Math.max(0, retryAfterMs);
-}
-function noDelay(_retryNumber = 0, error = undefined) {
-    return Math.max(0, retryAfter(error));
-}
-function exponentialDelay(retryNumber = 0, error = undefined, delayFactor = 100) {
-    const calculatedDelay = 2 ** retryNumber * delayFactor;
-    const delay = Math.max(calculatedDelay, retryAfter(error));
-    const randomSum = delay * 0.2 * Math.random(); // 0-20% of the delay
-    return delay + randomSum;
-}
-/**
- * Linear delay
- * @param {number | undefined} delayFactor - delay factor in milliseconds (default: 100)
- * @returns {function} (retryNumber: number, error: AxiosError | undefined) => number
- */
-function linearDelay(delayFactor = 100) {
-    return (retryNumber = 0, error = undefined) => {
-        const delay = retryNumber * delayFactor;
-        return Math.max(delay, retryAfter(error));
-    };
-}
-const DEFAULT_OPTIONS = {
-    retries: 3,
-    retryCondition: isNetworkOrIdempotentRequestError,
-    retryDelay: noDelay,
-    shouldResetTimeout: false,
-    onRetry: () => { },
-    onMaxRetryTimesExceeded: () => { },
-    validateResponse: null
-};
-function getRequestOptions(config, defaultOptions) {
-    return { ...DEFAULT_OPTIONS, ...defaultOptions, ...config[namespace] };
-}
-function setCurrentState(config, defaultOptions, resetLastRequestTime = false) {
-    const currentState = getRequestOptions(config, defaultOptions || {});
-    currentState.retryCount = currentState.retryCount || 0;
-    if (!currentState.lastRequestTime || resetLastRequestTime) {
-        currentState.lastRequestTime = Date.now();
-    }
-    config[namespace] = currentState;
-    return currentState;
-}
-function fixConfig(axiosInstance, config) {
-    // @ts-ignore
-    if (axiosInstance.defaults.agent === config.agent) {
-        // @ts-ignore
-        delete config.agent;
-    }
-    if (axiosInstance.defaults.httpAgent === config.httpAgent) {
-        delete config.httpAgent;
-    }
-    if (axiosInstance.defaults.httpsAgent === config.httpsAgent) {
-        delete config.httpsAgent;
-    }
-}
-async function shouldRetry(currentState, error) {
-    const { retries, retryCondition } = currentState;
-    const shouldRetryOrPromise = (currentState.retryCount || 0) < retries && retryCondition(error);
-    // This could be a promise
-    if (typeof shouldRetryOrPromise === 'object') {
-        try {
-            const shouldRetryPromiseResult = await shouldRetryOrPromise;
-            // keep return true unless shouldRetryPromiseResult return false for compatibility
-            return shouldRetryPromiseResult !== false;
-        }
-        catch (_err) {
-            return false;
-        }
-    }
-    return shouldRetryOrPromise;
-}
-async function handleRetry(axiosInstance, currentState, error, config) {
-    currentState.retryCount += 1;
-    const { retryDelay, shouldResetTimeout, onRetry } = currentState;
-    const delay = retryDelay(currentState.retryCount, error);
-    // Axios fails merging this configuration to the default configuration because it has an issue
-    // with circular structures: https://github.com/mzabriskie/axios/issues/370
-    fixConfig(axiosInstance, config);
-    if (!shouldResetTimeout && config.timeout && currentState.lastRequestTime) {
-        const lastRequestDuration = Date.now() - currentState.lastRequestTime;
-        const timeout = config.timeout - lastRequestDuration - delay;
-        if (timeout <= 0) {
-            return Promise.reject(error);
-        }
-        config.timeout = timeout;
-    }
-    config.transformRequest = [(data) => data];
-    await onRetry(currentState.retryCount, error, config);
-    if (config.signal?.aborted) {
-        return Promise.resolve(axiosInstance(config));
-    }
-    return new Promise((resolve) => {
-        const abortListener = () => {
-            clearTimeout(timeout);
-            resolve(axiosInstance(config));
-        };
-        const timeout = setTimeout(() => {
-            resolve(axiosInstance(config));
-            if (config.signal?.removeEventListener) {
-                config.signal.removeEventListener('abort', abortListener);
-            }
-        }, delay);
-        if (config.signal?.addEventListener) {
-            config.signal.addEventListener('abort', abortListener, { once: true });
-        }
-    });
-}
-async function handleMaxRetryTimesExceeded(currentState, error) {
-    if (currentState.retryCount >= currentState.retries)
-        await currentState.onMaxRetryTimesExceeded(error, currentState.retryCount);
-}
-const axiosRetry = (axiosInstance, defaultOptions) => {
-    const requestInterceptorId = axiosInstance.interceptors.request.use((config) => {
-        setCurrentState(config, defaultOptions, true);
-        if (config[namespace]?.validateResponse) {
-            // by setting this, all HTTP responses will be go through the error interceptor first
-            config.validateStatus = () => false;
-        }
-        return config;
-    });
-    const responseInterceptorId = axiosInstance.interceptors.response.use(null, async (error) => {
-        const { config } = error;
-        // If we have no information to retry the request
-        if (!config) {
-            return Promise.reject(error);
-        }
-        const currentState = setCurrentState(config, defaultOptions);
-        if (error.response && currentState.validateResponse?.(error.response)) {
-            // no issue with response
-            return error.response;
-        }
-        if (await shouldRetry(currentState, error)) {
-            return handleRetry(axiosInstance, currentState, error, config);
-        }
-        await handleMaxRetryTimesExceeded(currentState, error);
-        return Promise.reject(error);
-    });
-    return { requestInterceptorId, responseInterceptorId };
-};
-// Compatibility with CommonJS
-axiosRetry.isNetworkError = isNetworkError;
-axiosRetry.isSafeRequestError = isSafeRequestError;
-axiosRetry.isIdempotentRequestError = isIdempotentRequestError;
-axiosRetry.isNetworkOrIdempotentRequestError = isNetworkOrIdempotentRequestError;
-axiosRetry.exponentialDelay = exponentialDelay;
-axiosRetry.linearDelay = linearDelay;
-axiosRetry.isRetryableError = isRetryableError;
-
 let axiosClient;
 async function getAxiosAuthClient() {
     if (!axiosClient) {
@@ -6664,7 +6424,6 @@ async function getAxiosAuthClient() {
             headers: {
                 'Content-Type': 'application/json',
             },
-            timeout: 30000, // 30s timeout, matching makeApiRequest
         });
     }
     return axiosClient;
@@ -6711,41 +6470,15 @@ async function createSessionWithPrivy(authToken, address, privyIdToken) {
     });
     return response.data;
 }
-// Deduplicate concurrent refreshSession calls to prevent multiple code paths
-// (WebSocket reconnection, periodic refresh, API 401 retry) from all hitting
-// /session/refresh simultaneously.
-// Note: module-level state is shared across requests in SSR/Node — acceptable
-// since there is only one active session per server instance (same pattern as
-// refreshInFlight in api.ts).
-let refreshInFlight$1 = null;
-let refreshInFlightToken = null;
 async function refreshSession(refreshToken) {
-    if (refreshInFlight$1 && refreshInFlightToken === refreshToken) {
-        return refreshInFlight$1;
-    }
-    refreshInFlightToken = refreshToken;
-    let currentFlight;
-    currentFlight = refreshInFlight$1 = (async () => {
-        try {
-            const client = await getAxiosAuthClient();
-            const config = await getConfig();
-            const appId = config.appId;
-            const response = await client.post('/session/refresh', {
-                refreshToken,
-                appId
-            });
-            return response.data;
-        }
-        finally {
-            // Only clear if we're still the active in-flight request.
-            // A second call with a different token may have replaced us.
-            if (refreshInFlight$1 === currentFlight) {
-                refreshInFlight$1 = null;
-                refreshInFlightToken = null;
-            }
-        }
-    })();
-    return refreshInFlight$1;
+    const client = await getAxiosAuthClient();
+    const config = await getConfig();
+    const appId = config.appId;
+    const response = await client.post('/session/refresh', {
+        refreshToken,
+        appId
+    });
+    return response.data;
 }
 async function signSessionCreateMessage(_signMessageFunction) {
 }
@@ -6883,10 +6616,14 @@ class WebSessionManager {
 WebSessionManager.TAROBASE_SESSION_STORAGE_KEY = "tarobase_session_storage";
 
 var webSessionManager = /*#__PURE__*/Object.freeze({
-	__proto__: null,
-	WebSessionManager: WebSessionManager
+    __proto__: null,
+    WebSessionManager: WebSessionManager
 });
 
+function getDefaultExportFromCjs (x) {
+	return x && x.__esModule && Object.prototype.hasOwnProperty.call(x, 'default') ? x['default'] : x;
+}
+
 var buffer$1 = {};
 
 var base64Js$1 = {};
@@ -9258,15 +8995,15 @@ function requireBuffer$1 () {
 
 var bufferExports$1 = requireBuffer$1();
 
-var safeBuffer = {exports: {}};
+var safeBuffer$1 = {exports: {}};
 
 /*! safe-buffer. MIT License. Feross Aboukhadijeh <https://feross.org/opensource> */
 
-var hasRequiredSafeBuffer;
+var hasRequiredSafeBuffer$1;
 
-function requireSafeBuffer () {
-	if (hasRequiredSafeBuffer) return safeBuffer.exports;
-	hasRequiredSafeBuffer = 1;
+function requireSafeBuffer$1 () {
+	if (hasRequiredSafeBuffer$1) return safeBuffer$1.exports;
+	hasRequiredSafeBuffer$1 = 1;
 	(function (module, exports$1) {
 		/* eslint-disable node/no-deprecated-api */
 		var buffer = requireBuffer$1();
@@ -9332,23 +9069,23 @@ function requireSafeBuffer () {
 		  }
 		  return buffer.SlowBuffer(size)
 		}; 
-	} (safeBuffer, safeBuffer.exports));
-	return safeBuffer.exports;
+	} (safeBuffer$1, safeBuffer$1.exports));
+	return safeBuffer$1.exports;
 }
 
-var src;
-var hasRequiredSrc;
+var src$1;
+var hasRequiredSrc$1;
 
-function requireSrc () {
-	if (hasRequiredSrc) return src;
-	hasRequiredSrc = 1;
+function requireSrc$1 () {
+	if (hasRequiredSrc$1) return src$1;
+	hasRequiredSrc$1 = 1;
 	// base-x encoding / decoding
 	// Copyright (c) 2018 base-x contributors
 	// Copyright (c) 2014-2018 The Bitcoin Core developers (base58.cpp)
 	// Distributed under the MIT software license, see the accompanying
 	// file LICENSE or http://www.opensource.org/licenses/mit-license.php.
 	// @ts-ignore
-	var _Buffer = requireSafeBuffer().Buffer;
+	var _Buffer = requireSafeBuffer$1().Buffer;
 	function base (ALPHABET) {
 	  if (ALPHABET.length >= 255) { throw new TypeError('Alphabet too long') }
 	  var BASE_MAP = new Uint8Array(256);
@@ -9463,25 +9200,25 @@ function requireSrc () {
 	    decode: decode
 	  }
 	}
-	src = base;
-	return src;
+	src$1 = base;
+	return src$1;
 }
 
-var bs58$1;
-var hasRequiredBs58;
+var bs58$1$1;
+var hasRequiredBs58$1;
 
-function requireBs58 () {
-	if (hasRequiredBs58) return bs58$1;
-	hasRequiredBs58 = 1;
-	var basex = requireSrc();
+function requireBs58$1 () {
+	if (hasRequiredBs58$1) return bs58$1$1;
+	hasRequiredBs58$1 = 1;
+	var basex = requireSrc$1();
 	var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
 
-	bs58$1 = basex(ALPHABET);
-	return bs58$1;
+	bs58$1$1 = basex(ALPHABET);
+	return bs58$1$1;
 }
 
-var bs58Exports = requireBs58();
-var bs58$2 = /*@__PURE__*/getDefaultExportFromCjs(bs58Exports);
+var bs58Exports$1 = requireBs58$1();
+var bs58$2 = /*@__PURE__*/getDefaultExportFromCjs(bs58Exports$1);
 
 // ─────────────────────────────────────────────────────────────
 // Local implementation of getSimulationComputeUnits
@@ -9683,19 +9420,7 @@ async function buildSetDocumentsTransaction(connection, idl, anchorProvider, pay
         }
     }
     else if (lutKey != null) {
-        // The LUT may have just been created server-side and the client's RPC node
-        // may not have indexed it yet (load-balancer split). Retry with exponential
-        // back-off; first retry at 100 ms almost always resolves it.
-        let table = null;
-        for (let attempt = 0; attempt < 5; attempt++) {
-            const { value } = await connection.getAddressLookupTable(new web3_js.PublicKey(lutKey));
-            if (value) {
-                table = value;
-                break;
-            }
-            if (attempt < 4)
-                await new Promise(r => setTimeout(r, 100 * Math.pow(2, attempt)));
-        }
+        const { value: table } = await connection.getAddressLookupTable(new web3_js.PublicKey(lutKey));
         if (!table)
             throw new Error('LUT not found after creation/extend');
         lookupTables.push(table);
@@ -9830,8 +9555,8 @@ class ServerSessionManager {
 ServerSessionManager.instance = new ServerSessionManager();
 
 var serverSessionManager = /*#__PURE__*/Object.freeze({
-	__proto__: null,
-	ServerSessionManager: ServerSessionManager
+    __proto__: null,
+    ServerSessionManager: ServerSessionManager
 });
 
 /**
@@ -9930,23 +9655,6 @@ async function updateIdTokenAndAccessToken(idToken, accessToken, isServer = fals
     await WebSessionManager.updateIdTokenAndAccessToken(idToken, accessToken);
 }
 
-const apiClient = globalAxios.create();
-axiosRetry(apiClient, {
-    retries: 2,
-    retryCondition: (error) => {
-        var _a, _b;
-        // Only retry GET requests on network errors (ECONNRESET, ETIMEDOUT, etc.)
-        // Writes (POST/PUT) are not retried — the server may have processed
-        // the request before the connection was reset.
-        return axiosRetry.isNetworkError(error) && ((_b = (_a = error.config) === null || _a === void 0 ? void 0 : _a.method) === null || _b === void 0 ? void 0 : _b.toLowerCase()) === 'get';
-    },
-    retryDelay: axiosRetry.exponentialDelay,
-    shouldResetTimeout: true,
-    onRetry: (retryCount, error, requestConfig) => {
-        var _a;
-        console.warn(`[tarobase-sdk] retry ${retryCount} for ${(_a = requestConfig.method) === null || _a === void 0 ? void 0 : _a.toUpperCase()} ${requestConfig.url} — ${error.code || error.message}`);
-    },
-});
 const refreshInFlight = new Map();
 async function refreshAuthSessionOnce(appId, isServer) {
     const key = `${isServer ? "server" : "web"}:${appId}`;
@@ -9993,7 +9701,6 @@ async function makeApiRequest(method, urlPath, data, _overrides) {
         ServerSessionManager.instance.clearSession();
     };
     async function executeRequest() {
-        var _a;
         // When _getAuthHeaders is provided (wallet client), use it as the sole auth source.
         // Otherwise use the global createAuthHeader (default path).
         const authHeader = (_overrides === null || _overrides === void 0 ? void 0 : _overrides._getAuthHeaders)
@@ -10015,12 +9722,11 @@ async function makeApiRequest(method, urlPath, data, _overrides) {
             method,
             url: `${config.apiUrl}${urlPath.startsWith("/") ? urlPath : `/${urlPath}`}`,
             headers,
-            timeout: (_a = _overrides === null || _overrides === void 0 ? void 0 : _overrides.timeout) !== null && _a !== void 0 ? _a : 30000,
         };
         if (method !== "GET" && method !== "get") {
             requestConfig.data = data ? JSON.stringify(data) : {};
         }
-        const response = await apiClient(requestConfig);
+        const response = await globalAxios(requestConfig);
         return { data: response.data, status: response.status, headers: response.headers };
     }
     try {
@@ -10956,7 +10662,6 @@ function scheduleTokenRefresh(connection, isServer) {
     // This replaces the old single setTimeout approach which was unreliable for long
     // delays (browsers throttle/suspend timers in background tabs).
     connection.tokenRefreshTimer = setInterval(async () => {
-        var _a, _b;
         try {
             const currentToken = await getIdToken$1(isServer);
             if (!currentToken)
@@ -10987,17 +10692,6 @@ function scheduleTokenRefresh(connection, isServer) {
                     }
                 }
                 catch (refreshError) {
-                    // If the refresh token itself is invalid (401/403), stop retrying —
-                    // the token won't magically become valid next interval, and continuing
-                    // to hammer /session/refresh causes 429 rate-limit storms.
-                    if (((_a = refreshError === null || refreshError === void 0 ? void 0 : refreshError.response) === null || _a === void 0 ? void 0 : _a.status) === 401 || ((_b = refreshError === null || refreshError === void 0 ? void 0 : refreshError.response) === null || _b === void 0 ? void 0 : _b.status) === 403) {
-                        console.warn('[WS v2] Refresh token rejected (401/403), stopping periodic refresh');
-                        if (connection.tokenRefreshTimer) {
-                            clearInterval(connection.tokenRefreshTimer);
-                            connection.tokenRefreshTimer = null;
-                        }
-                        return;
-                    }
                     console.warn('[WS v2] Proactive token refresh failed, will retry next interval:', refreshError);
                 }
             }
@@ -11008,7 +10702,6 @@ function scheduleTokenRefresh(connection, isServer) {
     }, TOKEN_CHECK_INTERVAL);
 }
 async function getFreshAuthToken(isServer) {
-    var _a, _b;
     const currentToken = await getIdToken$1(isServer);
     if (!currentToken) {
         return null;
@@ -11031,17 +10724,6 @@ async function getFreshAuthToken(isServer) {
     }
     catch (error) {
         console.error('[WS v2] Error refreshing token:', error);
-        // If the refresh token is permanently invalid (401/403), clear the stale
-        // session from storage so future attempts don't keep retrying with it.
-        if (!isServer && (((_a = error === null || error === void 0 ? void 0 : error.response) === null || _a === void 0 ? void 0 : _a.status) === 401 || ((_b = error === null || error === void 0 ? void 0 : error.response) === null || _b === void 0 ? void 0 : _b.status) === 403)) {
-            try {
-                const { WebSessionManager } = await Promise.resolve().then(function () { return webSessionManager; });
-                WebSessionManager.clearSession();
-            }
-            catch (clearError) {
-                console.warn('[WS v2] Failed to clear stale session:', clearError);
-            }
-        }
     }
     // Return null instead of the expired token to prevent infinite 401 reconnect storms.
     // The server accepts unauthenticated connections; auth-required subscriptions will
@@ -11162,16 +10844,7 @@ async function getOrCreateConnection(appId, isServer) {
     ws.addEventListener('open', () => {
         connection.isConnecting = false;
         connection.isConnected = true;
-        // NOTE: Do NOT reset consecutiveAuthFailures here. It is reset when a
-        // fresh auth token is actually obtained (in urlProvider, line ~389) or on
-        // an explicit auth change (reconnectWithNewAuthV2, line ~854). Resetting
-        // on every 'open' event created an infinite loop: auth fails 5x → connect
-        // without auth → open resets counter → disconnect → auth fails 5x again →
-        // repeat forever, hammering /session/refresh and causing 429s.
-        //
-        // An elevated counter is safe for anonymous/guest sessions: when there's no
-        // token at all (getIdToken returns null), the counter is never checked —
-        // urlProvider skips straight to unauthenticated connection.
+        connection.consecutiveAuthFailures = 0;
         // Schedule periodic token freshness checks
         scheduleTokenRefresh(connection, isServer);
         // Re-subscribe to all existing subscriptions after reconnect
@@ -15623,6 +15296,32 @@ async function confirmAndCheckTransaction(connection, signature) {
 }
 
 const VALID_PROVIDERS = ['injected', 'google', 'apple', 'deeplink', 'phantom'];
+// When the dApp runs inside an iframe whose parent origin is different from
+// (or can't inject into) the child frame — notably Phantom's Android in-app
+// browser, which injects window.phantom.solana only into the top frame —
+// the Phantom deeplink path tries to navigate phantom.app/ul/browse/... from
+// inside the iframe. Android App Links only hand off on top-level navigations,
+// and phantom.app refuses to be framed (X-Frame-Options: DENY), so the connect
+// fails. To get back to a working context we navigate the top window to the
+// dApp's own URL, dropping the iframe shell. Once top-level, the wallet
+// browser injects its provider and the normal injected flow succeeds.
+function isInIframe() {
+    if (typeof window === 'undefined')
+        return false;
+    try {
+        return window.top !== window.self;
+    }
+    catch (_a) {
+        // Cross-origin access to window.top throws — if we can't read it, we're iframed.
+        return true;
+    }
+}
+function shouldBreakOutOfIframe(provider) {
+    // Only break out when the user chose the deeplink provider. The modal only
+    // offers deeplink on mobile when no injected Phantom is present, so this is
+    // exactly the iframe-without-provider case we need to escape.
+    return provider === 'deeplink' && isInIframe();
+}
 // Dynamically import React and Phantom SDK - only when needed
 let React$1;
 let ReactDOM$1;
@@ -15643,7 +15342,7 @@ async function loadDependencies() {
         const [reactModule, reactDomModule, phantomModule] = await Promise.all([
             import('react'),
             import('react-dom/client'),
-            Promise.resolve().then(function () { return require('./index-CKaaE12K.js'); })
+            Promise.resolve().then(function () { return require('./index-zS_Y-wbi.js'); })
         ]);
         // Extract default export from ESM module namespace
         // Dynamic import() returns { default: Module, ...exports }, not the module directly
@@ -15991,6 +15690,27 @@ class PhantomWalletProvider {
             const handleWalletClick = async (options) => {
                 walletClickedRef.current = true;
                 setShowWalletModal(false);
+                // If we're in an iframe and the user chose deeplink, Phantom's SDK
+                // will navigate *this* iframe to phantom.app/ul/browse/..., which
+                // Android App Links won't intercept and phantom.app won't let be
+                // framed. Escape to top-level first so the wallet browser can
+                // inject its provider and the normal injected flow takes over
+                // on the user's next connect tap.
+                if (shouldBreakOutOfIframe(options === null || options === void 0 ? void 0 : options.provider)) {
+                    try {
+                        // Same-site navigation (*.poof.new → *.poof.new) plus the
+                        // iframe's allow-top-navigation-by-user-activation sandbox
+                        // token make this go through.
+                        window.top.location.href = window.location.href;
+                        return;
+                    }
+                    catch (_a) {
+                        // Top-nav blocked (no sandbox grant, cross-origin top, etc.).
+                        // Fall through to the normal deeplink path — at least the
+                        // user gets the original broken-ish behavior instead of a
+                        // silently-dead button.
+                    }
+                }
                 try {
                     if (options === null || options === void 0 ? void 0 : options.walletId) {
                         await connect({ provider: 'injected', walletId: options.walletId });
@@ -19955,137 +19675,235 @@ function createSolanaRpcSubscriptionsFromTransport(transport) {
   });
 }
 
-// base-x encoding / decoding
-// Copyright (c) 2018 base-x contributors
-// Copyright (c) 2014-2018 The Bitcoin Core developers (base58.cpp)
-// Distributed under the MIT software license, see the accompanying
-// file LICENSE or http://www.opensource.org/licenses/mit-license.php.
-function base (ALPHABET) {
-  if (ALPHABET.length >= 255) { throw new TypeError('Alphabet too long') }
-  const BASE_MAP = new Uint8Array(256);
-  for (let j = 0; j < BASE_MAP.length; j++) {
-    BASE_MAP[j] = 255;
-  }
-  for (let i = 0; i < ALPHABET.length; i++) {
-    const x = ALPHABET.charAt(i);
-    const xc = x.charCodeAt(0);
-    if (BASE_MAP[xc] !== 255) { throw new TypeError(x + ' is ambiguous') }
-    BASE_MAP[xc] = i;
-  }
-  const BASE = ALPHABET.length;
-  const LEADER = ALPHABET.charAt(0);
-  const FACTOR = Math.log(BASE) / Math.log(256); // log(BASE) / log(256), rounded up
-  const iFACTOR = Math.log(256) / Math.log(BASE); // log(256) / log(BASE), rounded up
-  function encode (source) {
-    // eslint-disable-next-line no-empty
-    if (source instanceof Uint8Array) ; else if (ArrayBuffer.isView(source)) {
-      source = new Uint8Array(source.buffer, source.byteOffset, source.byteLength);
-    } else if (Array.isArray(source)) {
-      source = Uint8Array.from(source);
-    }
-    if (!(source instanceof Uint8Array)) { throw new TypeError('Expected Uint8Array') }
-    if (source.length === 0) { return '' }
-    // Skip & count leading zeroes.
-    let zeroes = 0;
-    let length = 0;
-    let pbegin = 0;
-    const pend = source.length;
-    while (pbegin !== pend && source[pbegin] === 0) {
-      pbegin++;
-      zeroes++;
-    }
-    // Allocate enough space in big-endian base58 representation.
-    const size = ((pend - pbegin) * iFACTOR + 1) >>> 0;
-    const b58 = new Uint8Array(size);
-    // Process the bytes.
-    while (pbegin !== pend) {
-      let carry = source[pbegin];
-      // Apply "b58 = b58 * 256 + ch".
-      let i = 0;
-      for (let it1 = size - 1; (carry !== 0 || i < length) && (it1 !== -1); it1--, i++) {
-        carry += (256 * b58[it1]) >>> 0;
-        b58[it1] = (carry % BASE) >>> 0;
-        carry = (carry / BASE) >>> 0;
-      }
-      if (carry !== 0) { throw new Error('Non-zero carry') }
-      length = i;
-      pbegin++;
-    }
-    // Skip leading zeroes in base58 result.
-    let it2 = size - length;
-    while (it2 !== size && b58[it2] === 0) {
-      it2++;
-    }
-    // Translate the result into a string.
-    let str = LEADER.repeat(zeroes);
-    for (; it2 < size; ++it2) { str += ALPHABET.charAt(b58[it2]); }
-    return str
-  }
-  function decodeUnsafe (source) {
-    if (typeof source !== 'string') { throw new TypeError('Expected String') }
-    if (source.length === 0) { return new Uint8Array() }
-    let psz = 0;
-    // Skip and count leading '1's.
-    let zeroes = 0;
-    let length = 0;
-    while (source[psz] === LEADER) {
-      zeroes++;
-      psz++;
-    }
-    // Allocate enough space in big-endian base256 representation.
-    const size = (((source.length - psz) * FACTOR) + 1) >>> 0; // log(58) / log(256), rounded up.
-    const b256 = new Uint8Array(size);
-    // Process the characters.
-    while (psz < source.length) {
-      // Find code of next character
-      const charCode = source.charCodeAt(psz);
-      // Base map can not be indexed using char code
-      if (charCode > 255) { return }
-      // Decode character
-      let carry = BASE_MAP[charCode];
-      // Invalid character
-      if (carry === 255) { return }
-      let i = 0;
-      for (let it3 = size - 1; (carry !== 0 || i < length) && (it3 !== -1); it3--, i++) {
-        carry += (BASE * b256[it3]) >>> 0;
-        b256[it3] = (carry % 256) >>> 0;
-        carry = (carry / 256) >>> 0;
-      }
-      if (carry !== 0) { throw new Error('Non-zero carry') }
-      length = i;
-      psz++;
-    }
-    // Skip leading zeroes in b256.
-    let it4 = size - length;
-    while (it4 !== size && b256[it4] === 0) {
-      it4++;
-    }
-    const vch = new Uint8Array(zeroes + (size - it4));
-    let j = zeroes;
-    while (it4 !== size) {
-      vch[j++] = b256[it4++];
-    }
-    return vch
-  }
-  function decode (string) {
-    const buffer = decodeUnsafe(string);
-    if (buffer) { return buffer }
-    throw new Error('Non-base' + BASE + ' character')
-  }
-  return {
-    encode,
-    decodeUnsafe,
-    decode
-  }
+var safeBuffer = {exports: {}};
+
+/*! safe-buffer. MIT License. Feross Aboukhadijeh <https://feross.org/opensource> */
+
+var hasRequiredSafeBuffer;
+
+function requireSafeBuffer () {
+	if (hasRequiredSafeBuffer) return safeBuffer.exports;
+	hasRequiredSafeBuffer = 1;
+	(function (module, exports$1) {
+		/* eslint-disable node/no-deprecated-api */
+		var buffer = requireBuffer();
+		var Buffer = buffer.Buffer;
+
+		// alternative to using Object.keys for old browsers
+		function copyProps (src, dst) {
+		  for (var key in src) {
+		    dst[key] = src[key];
+		  }
+		}
+		if (Buffer.from && Buffer.alloc && Buffer.allocUnsafe && Buffer.allocUnsafeSlow) {
+		  module.exports = buffer;
+		} else {
+		  // Copy properties from require('buffer')
+		  copyProps(buffer, exports$1);
+		  exports$1.Buffer = SafeBuffer;
+		}
+
+		function SafeBuffer (arg, encodingOrOffset, length) {
+		  return Buffer(arg, encodingOrOffset, length)
+		}
+
+		SafeBuffer.prototype = Object.create(Buffer.prototype);
+
+		// Copy static methods from Buffer
+		copyProps(Buffer, SafeBuffer);
+
+		SafeBuffer.from = function (arg, encodingOrOffset, length) {
+		  if (typeof arg === 'number') {
+		    throw new TypeError('Argument must not be a number')
+		  }
+		  return Buffer(arg, encodingOrOffset, length)
+		};
+
+		SafeBuffer.alloc = function (size, fill, encoding) {
+		  if (typeof size !== 'number') {
+		    throw new TypeError('Argument must be a number')
+		  }
+		  var buf = Buffer(size);
+		  if (fill !== undefined) {
+		    if (typeof encoding === 'string') {
+		      buf.fill(fill, encoding);
+		    } else {
+		      buf.fill(fill);
+		    }
+		  } else {
+		    buf.fill(0);
+		  }
+		  return buf
+		};
+
+		SafeBuffer.allocUnsafe = function (size) {
+		  if (typeof size !== 'number') {
+		    throw new TypeError('Argument must be a number')
+		  }
+		  return Buffer(size)
+		};
+
+		SafeBuffer.allocUnsafeSlow = function (size) {
+		  if (typeof size !== 'number') {
+		    throw new TypeError('Argument must be a number')
+		  }
+		  return buffer.SlowBuffer(size)
+		}; 
+	} (safeBuffer, safeBuffer.exports));
+	return safeBuffer.exports;
 }
 
-var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
-var bs58 = base(ALPHABET);
+var src;
+var hasRequiredSrc;
 
-var index = /*#__PURE__*/Object.freeze({
+function requireSrc () {
+	if (hasRequiredSrc) return src;
+	hasRequiredSrc = 1;
+	// base-x encoding / decoding
+	// Copyright (c) 2018 base-x contributors
+	// Copyright (c) 2014-2018 The Bitcoin Core developers (base58.cpp)
+	// Distributed under the MIT software license, see the accompanying
+	// file LICENSE or http://www.opensource.org/licenses/mit-license.php.
+	// @ts-ignore
+	var _Buffer = requireSafeBuffer().Buffer;
+	function base (ALPHABET) {
+	  if (ALPHABET.length >= 255) { throw new TypeError('Alphabet too long') }
+	  var BASE_MAP = new Uint8Array(256);
+	  for (var j = 0; j < BASE_MAP.length; j++) {
+	    BASE_MAP[j] = 255;
+	  }
+	  for (var i = 0; i < ALPHABET.length; i++) {
+	    var x = ALPHABET.charAt(i);
+	    var xc = x.charCodeAt(0);
+	    if (BASE_MAP[xc] !== 255) { throw new TypeError(x + ' is ambiguous') }
+	    BASE_MAP[xc] = i;
+	  }
+	  var BASE = ALPHABET.length;
+	  var LEADER = ALPHABET.charAt(0);
+	  var FACTOR = Math.log(BASE) / Math.log(256); // log(BASE) / log(256), rounded up
+	  var iFACTOR = Math.log(256) / Math.log(BASE); // log(256) / log(BASE), rounded up
+	  function encode (source) {
+	    if (Array.isArray(source) || source instanceof Uint8Array) { source = _Buffer.from(source); }
+	    if (!_Buffer.isBuffer(source)) { throw new TypeError('Expected Buffer') }
+	    if (source.length === 0) { return '' }
+	        // Skip & count leading zeroes.
+	    var zeroes = 0;
+	    var length = 0;
+	    var pbegin = 0;
+	    var pend = source.length;
+	    while (pbegin !== pend && source[pbegin] === 0) {
+	      pbegin++;
+	      zeroes++;
+	    }
+	        // Allocate enough space in big-endian base58 representation.
+	    var size = ((pend - pbegin) * iFACTOR + 1) >>> 0;
+	    var b58 = new Uint8Array(size);
+	        // Process the bytes.
+	    while (pbegin !== pend) {
+	      var carry = source[pbegin];
+	            // Apply "b58 = b58 * 256 + ch".
+	      var i = 0;
+	      for (var it1 = size - 1; (carry !== 0 || i < length) && (it1 !== -1); it1--, i++) {
+	        carry += (256 * b58[it1]) >>> 0;
+	        b58[it1] = (carry % BASE) >>> 0;
+	        carry = (carry / BASE) >>> 0;
+	      }
+	      if (carry !== 0) { throw new Error('Non-zero carry') }
+	      length = i;
+	      pbegin++;
+	    }
+	        // Skip leading zeroes in base58 result.
+	    var it2 = size - length;
+	    while (it2 !== size && b58[it2] === 0) {
+	      it2++;
+	    }
+	        // Translate the result into a string.
+	    var str = LEADER.repeat(zeroes);
+	    for (; it2 < size; ++it2) { str += ALPHABET.charAt(b58[it2]); }
+	    return str
+	  }
+	  function decodeUnsafe (source) {
+	    if (typeof source !== 'string') { throw new TypeError('Expected String') }
+	    if (source.length === 0) { return _Buffer.alloc(0) }
+	    var psz = 0;
+	        // Skip and count leading '1's.
+	    var zeroes = 0;
+	    var length = 0;
+	    while (source[psz] === LEADER) {
+	      zeroes++;
+	      psz++;
+	    }
+	        // Allocate enough space in big-endian base256 representation.
+	    var size = (((source.length - psz) * FACTOR) + 1) >>> 0; // log(58) / log(256), rounded up.
+	    var b256 = new Uint8Array(size);
+	        // Process the characters.
+	    while (psz < source.length) {
+	            // Find code of next character
+	      var charCode = source.charCodeAt(psz);
+	            // Base map can not be indexed using char code
+	      if (charCode > 255) { return }
+	            // Decode character
+	      var carry = BASE_MAP[charCode];
+	            // Invalid character
+	      if (carry === 255) { return }
+	      var i = 0;
+	      for (var it3 = size - 1; (carry !== 0 || i < length) && (it3 !== -1); it3--, i++) {
+	        carry += (BASE * b256[it3]) >>> 0;
+	        b256[it3] = (carry % 256) >>> 0;
+	        carry = (carry / 256) >>> 0;
+	      }
+	      if (carry !== 0) { throw new Error('Non-zero carry') }
+	      length = i;
+	      psz++;
+	    }
+	        // Skip leading zeroes in b256.
+	    var it4 = size - length;
+	    while (it4 !== size && b256[it4] === 0) {
+	      it4++;
+	    }
+	    var vch = _Buffer.allocUnsafe(zeroes + (size - it4));
+	    vch.fill(0x00, 0, zeroes);
+	    var j = zeroes;
+	    while (it4 !== size) {
+	      vch[j++] = b256[it4++];
+	    }
+	    return vch
+	  }
+	  function decode (string) {
+	    var buffer = decodeUnsafe(string);
+	    if (buffer) { return buffer }
+	    throw new Error('Non-base' + BASE + ' character')
+	  }
+	  return {
+	    encode: encode,
+	    decodeUnsafe: decodeUnsafe,
+	    decode: decode
+	  }
+	}
+	src = base;
+	return src;
+}
+
+var bs58$1;
+var hasRequiredBs58;
+
+function requireBs58 () {
+	if (hasRequiredBs58) return bs58$1;
+	hasRequiredBs58 = 1;
+	var basex = requireSrc();
+	var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
+
+	bs58$1 = basex(ALPHABET);
+	return bs58$1;
+}
+
+var bs58Exports = requireBs58();
+var bs58 = /*@__PURE__*/getDefaultExportFromCjs$1(bs58Exports);
+
+var index = /*#__PURE__*/_mergeNamespaces({
 	__proto__: null,
 	default: bs58
-});
+}, [bs58Exports]);
 
 const SURFNET_RPC_URL$1 = "https://surfpool.fly.dev";
 let React;
@@ -20999,7 +20817,7 @@ async function loadMwaProtocol() {
         return mwaProtocolLoadPromise;
     mwaProtocolLoadPromise = (async () => {
         try {
-            mwaProtocolModule = await Promise.resolve().then(function () { return require('./index.browser-BMtEulGJ.js'); });
+            mwaProtocolModule = await Promise.resolve().then(function () { return require('./index.browser-Df7yN8D5.js'); });
         }
         catch (e) {
             console.warn('[SolanaMobileWallet] @solana-mobile/mobile-wallet-adapter-protocol-web3js not installed. Install it to enable Seeker wallet support.');
@@ -21021,7 +20839,7 @@ async function registerMobileWalletAdapter(config) {
     if (typeof window === 'undefined')
         return;
     try {
-        const walletStandardMobile = await Promise.resolve().then(function () { return require('./index.browser-AZQ5TnZ4.js'); });
+        const walletStandardMobile = await Promise.resolve().then(function () { return require('./index.browser-Cpi4W_1r.js'); });
         const registerMwa = walletStandardMobile.registerMwa || ((_a = walletStandardMobile.default) === null || _a === void 0 ? void 0 : _a.registerMwa);
         if (!registerMwa) {
             console.warn('[SolanaMobileWallet] registerMwa not found in @solana-mobile/wallet-standard-mobile');
@@ -21941,7 +21759,6 @@ exports.ServerSessionManager = ServerSessionManager;
 exports.SolanaMobileWalletProvider = SolanaMobileWalletProvider;
 exports.WebSessionManager = WebSessionManager;
 exports.aggregate = aggregate;
-exports.bs58 = bs58;
 exports.bufferExports = bufferExports;
 exports.buildSetDocumentsTransaction = buildSetDocumentsTransaction;
 exports.clearCache = clearCache;
@@ -21987,4 +21804,4 @@ exports.signSessionCreateMessage = signSessionCreateMessage;
 exports.signTransaction = signTransaction;
 exports.subscribe = subscribe;
 exports.useAuth = useAuth;
-//# sourceMappingURL=index-Cp727oEW.js.map
+//# sourceMappingURL=index-DwU9hjtr.js.map