@pooflabs/web 0.0.82 → 0.0.83-rc2

package/dist/{index-BsY_Lgiu.esm.js → index-p1LvAs78.esm.js}

@@ -4,21 +4,6 @@ import * as anchor from '@coral-xyz/anchor';
 import { Program } from '@coral-xyz/anchor';
 import * as React$2 from 'react';
 
-function _mergeNamespaces(n, m) {
-	m.forEach(function (e) {
-		e && typeof e !== 'string' && !Array.isArray(e) && Object.keys(e).forEach(function (k) {
-			if (k !== 'default' && !(k in n)) {
-				var d = Object.getOwnPropertyDescriptor(e, k);
-				Object.defineProperty(n, k, d.get ? d : {
-					enumerable: true,
-					get: function () { return e[k]; }
-				});
-			}
-		});
-	});
-	return Object.freeze(n);
-}
-
 function getDefaultExportFromCjs$1 (x) {
 	return x && x.__esModule && Object.prototype.hasOwnProperty.call(x, 'default') ? x['default'] : x;
 }
@@ -6764,6 +6749,28 @@ class WebSessionManager {
     static async storeSession(address, accessToken, idToken, refreshToken) {
         if (typeof window === "undefined")
             return;
+        // JWT-wallet binding: refuse to store a session whose idToken is bound
+        // to a different wallet than `address`. Prevents races that would otherwise
+        // leave localStorage with mismatched address/token state.
+        try {
+            const payloadB64 = idToken.split(".")[1];
+            if (payloadB64) {
+                const payload = JSON.parse(this.decodeBase64Url(payloadB64));
+                const tokenWallet = payload["custom:walletAddress"];
+                if (tokenWallet && tokenWallet !== address) {
+                    throw new Error(`[WebSessionManager] Refusing to store session: address (${address}) does not match idToken custom:walletAddress (${tokenWallet})`);
+                }
+                if (!tokenWallet) {
+                    console.warn("[WebSessionManager] storeSession: idToken has no custom:walletAddress claim — writing without validation");
+                }
+            }
+        }
+        catch (err) {
+            if (typeof (err === null || err === void 0 ? void 0 : err.message) === "string" && err.message.includes("Refusing to store session")) {
+                throw err;
+            }
+            console.warn("[WebSessionManager] storeSession: failed to decode idToken for validation:", err);
+        }
         const config = await getConfig();
         const currentAppId = config.appId;
         localStorage.setItem(this.TAROBASE_SESSION_STORAGE_KEY, JSON.stringify({
@@ -9252,15 +9259,15 @@ function requireBuffer$1 () {
 
 var bufferExports$1 = requireBuffer$1();
 
-var safeBuffer$1 = {exports: {}};
+var safeBuffer = {exports: {}};
 
 /*! safe-buffer. MIT License. Feross Aboukhadijeh <https://feross.org/opensource> */
 
-var hasRequiredSafeBuffer$1;
+var hasRequiredSafeBuffer;
 
-function requireSafeBuffer$1 () {
-	if (hasRequiredSafeBuffer$1) return safeBuffer$1.exports;
-	hasRequiredSafeBuffer$1 = 1;
+function requireSafeBuffer () {
+	if (hasRequiredSafeBuffer) return safeBuffer.exports;
+	hasRequiredSafeBuffer = 1;
 	(function (module, exports$1) {
 		/* eslint-disable node/no-deprecated-api */
 		var buffer = requireBuffer$1();
@@ -9326,23 +9333,23 @@ function requireSafeBuffer$1 () {
 		  }
 		  return buffer.SlowBuffer(size)
 		}; 
-	} (safeBuffer$1, safeBuffer$1.exports));
-	return safeBuffer$1.exports;
+	} (safeBuffer, safeBuffer.exports));
+	return safeBuffer.exports;
 }
 
-var src$1;
-var hasRequiredSrc$1;
+var src;
+var hasRequiredSrc;
 
-function requireSrc$1 () {
-	if (hasRequiredSrc$1) return src$1;
-	hasRequiredSrc$1 = 1;
+function requireSrc () {
+	if (hasRequiredSrc) return src;
+	hasRequiredSrc = 1;
 	// base-x encoding / decoding
 	// Copyright (c) 2018 base-x contributors
 	// Copyright (c) 2014-2018 The Bitcoin Core developers (base58.cpp)
 	// Distributed under the MIT software license, see the accompanying
 	// file LICENSE or http://www.opensource.org/licenses/mit-license.php.
 	// @ts-ignore
-	var _Buffer = requireSafeBuffer$1().Buffer;
+	var _Buffer = requireSafeBuffer().Buffer;
 	function base (ALPHABET) {
 	  if (ALPHABET.length >= 255) { throw new TypeError('Alphabet too long') }
 	  var BASE_MAP = new Uint8Array(256);
@@ -9457,25 +9464,25 @@ function requireSrc$1 () {
 	    decode: decode
 	  }
 	}
-	src$1 = base;
-	return src$1;
+	src = base;
+	return src;
 }
 
-var bs58$1$1;
-var hasRequiredBs58$1;
+var bs58$1;
+var hasRequiredBs58;
 
-function requireBs58$1 () {
-	if (hasRequiredBs58$1) return bs58$1$1;
-	hasRequiredBs58$1 = 1;
-	var basex = requireSrc$1();
+function requireBs58 () {
+	if (hasRequiredBs58) return bs58$1;
+	hasRequiredBs58 = 1;
+	var basex = requireSrc();
 	var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
 
-	bs58$1$1 = basex(ALPHABET);
-	return bs58$1$1;
+	bs58$1 = basex(ALPHABET);
+	return bs58$1;
 }
 
-var bs58Exports$1 = requireBs58$1();
-var bs58$2 = /*@__PURE__*/getDefaultExportFromCjs(bs58Exports$1);
+var bs58Exports = requireBs58();
+var bs58 = /*@__PURE__*/getDefaultExportFromCjs(bs58Exports);
 
 // ─────────────────────────────────────────────────────────────
 // Local implementation of getSimulationComputeUnits
@@ -9554,12 +9561,6 @@ async function genSolanaMessage(address, nonce) {
 // Serialization Helpers
 // ─────────────────────────────────────────────────────────────
 function isHexString(value) {
-    // Only strings can be hex-encoded. Numbers, BNs, and other shapes coming back
-    // from the API for u64Val/i64Val should fall through to `new BN(value)` which
-    // accepts those shapes natively. Without this guard, calling .startsWith on a
-    // non-string blows up with TypeError.
-    if (typeof value !== "string")
-        return false;
     // Matches strings containing only 0-9, a-f, or A-F (optionally prefixed with 0x)
     let testValue = value;
     // Handle negative values
@@ -9655,11 +9656,8 @@ async function buildSetDocumentsTransaction(connection, idl, anchorProvider, pay
     }
     else if (idl.address === "poof4b5pk1L9tmThvBmaABjcyjfhFGbMbQP5BXk2QZp") {
         const program = new Program(idl, anchorProvider);
-        // Targets `set_documents_v2` (Vec<u8> ra_indices). The on-chain program
-        // also exposes the legacy `set_documents` (Vec<u64>) so SDKs already on npm
-        // continue to work — but new releases of this SDK speak v2 only.
         tx = await program.methods
-            .setDocumentsV2(args.app_id, prepareAnchorArgs(args.documents), args.delete_paths, args.txData, simulate)
+            .setDocuments(args.app_id, prepareAnchorArgs(args.documents), args.delete_paths, args.txData, simulate)
             .preInstructions(instructions)
             .accounts({
             payer: payerPublicKey
@@ -9737,7 +9735,7 @@ function loadKeypairFromEnv() {
     try {
         const secretKey = secret.trim().startsWith("[")
             ? Uint8Array.from(JSON.parse(secret))
-            : bs58$2.decode(secret.trim());
+            : bs58.decode(secret.trim());
         return Keypair.fromSecretKey(secretKey);
     }
     catch (err) {
@@ -10014,17 +10012,11 @@ async function makeApiRequest(method, urlPath, data, _overrides) {
         if (_overrides === null || _overrides === void 0 ? void 0 : _overrides.headers) {
             Object.assign(headers, _overrides.headers);
         }
-        // Writes (PUT/POST/DELETE) can take significantly longer than reads —
-        // server-side they may trigger ad-hoc LUT creation (create + extend +
-        // wait-for-finalization, ~15-30s on mainnet). Use a larger default for
-        // non-GET so the SDK doesn't time out before client-api responds.
-        const isRead = method.toUpperCase() === "GET";
-        const defaultTimeout = isRead ? 30000 : 90000;
         const requestConfig = {
             method,
             url: `${config.apiUrl}${urlPath.startsWith("/") ? urlPath : `/${urlPath}`}`,
             headers,
-            timeout: (_a = _overrides === null || _overrides === void 0 ? void 0 : _overrides.timeout) !== null && _a !== void 0 ? _a : defaultTimeout,
+            timeout: (_a = _overrides === null || _overrides === void 0 ? void 0 : _overrides.timeout) !== null && _a !== void 0 ? _a : 30000,
         };
         if (method !== "GET" && method !== "get") {
             requestConfig.data = data ? JSON.stringify(data) : {};
@@ -10669,38 +10661,21 @@ async function setMany(many, options) {
             setDocumentData: tx.transactionArgs.setDocumentData,
             deletePaths: tx.transactionArgs.deletePaths,
             idl: tx.idl,
-            txData: (_b = (_a = tx.txData) === null || _a === void 0 ? void 0 : _a.map((txData) => ({
-                pluginFunctionKey: txData.pluginFunctionKey,
-                txData: bufferExports$1.Buffer.from(txData.txData),
-                // raIndices is Vec<u8> on-chain (serialized as Buffer/bytes). The server may send
-                // it as a Buffer, a number[], a Uint8Array, or — over JSON — as Node's serialized
-                // Buffer shape {type: "Buffer", data: number[]} (the default `JSON.stringify(buf)`
-                // output). Normalise all of those to Buffer here. Each value must fit in u8 (matches
-                // Solana's instruction-level account indexing); throw clearly if anything is out of range.
-                raIndices: (() => {
-                    const raw = txData.raIndices;
-                    if (raw == null)
-                        return bufferExports$1.Buffer.alloc(0);
-                    if (bufferExports$1.Buffer.isBuffer(raw))
-                        return raw;
-                    if (raw instanceof Uint8Array)
-                        return bufferExports$1.Buffer.from(raw);
-                    // Node's JSON-serialised Buffer: {type: "Buffer", data: number[]}
-                    const arrayLike = Array.isArray(raw)
-                        ? raw
-                        : (raw && typeof raw === 'object' && Array.isArray(raw.data))
-                            ? raw.data
-                            : (() => { throw new Error(`raIndices has unexpected shape: ${typeof raw}`); })();
-                    const bytes = arrayLike.map((raIndex) => {
-                        const n = isHexString(raIndex) ? parseInt(raIndex, 16) : Number(raIndex);
-                        if (!Number.isInteger(n) || n < 0 || n > 255) {
-                            throw new Error(`raIndex ${raIndex} is not a valid u8 (must be integer in 0..255)`);
+            txData: (_b = (_a = tx.txData) === null || _a === void 0 ? void 0 : _a.map((txData) => {
+                var _a;
+                return ({
+                    pluginFunctionKey: txData.pluginFunctionKey,
+                    txData: bufferExports$1.Buffer.from(txData.txData),
+                    raIndices: (_a = txData.raIndices) === null || _a === void 0 ? void 0 : _a.map((raIndex) => {
+                        if (isHexString(raIndex)) {
+                            return new BN(raIndex, "hex");
                         }
-                        return n;
-                    });
-                    return bufferExports$1.Buffer.from(bytes);
-                })(),
-            }))) !== null && _b !== void 0 ? _b : [],
+                        else {
+                            return new BN(raIndex);
+                        }
+                    }),
+                });
+            })) !== null && _b !== void 0 ? _b : [],
         };
         const config = await getConfig();
         const solTransaction = {
@@ -11682,6 +11657,28 @@ class ReactNativeSessionManager {
     /* STORE                                                              */
     /* ------------------------------------------------------------------ */
     static async storeSession(address, accessToken, idToken, refreshToken) {
+        // JWT-wallet binding: refuse to store a session whose idToken is bound
+        // to a different wallet than `address`. Prevents races that would otherwise
+        // leave storage with mismatched address/token state.
+        try {
+            const payloadB64 = idToken.split(".")[1];
+            if (payloadB64) {
+                const payload = JSON.parse(this.decodeBase64Url(payloadB64));
+                const tokenWallet = payload["custom:walletAddress"];
+                if (tokenWallet && tokenWallet !== address) {
+                    throw new Error(`[ReactNativeSessionManager] Refusing to store session: address (${address}) does not match idToken custom:walletAddress (${tokenWallet})`);
+                }
+                if (!tokenWallet) {
+                    console.warn("[ReactNativeSessionManager] storeSession: idToken has no custom:walletAddress claim — writing without validation");
+                }
+            }
+        }
+        catch (err) {
+            if (typeof (err === null || err === void 0 ? void 0 : err.message) === "string" && err.message.includes("Refusing to store session")) {
+                throw err;
+            }
+            console.warn("[ReactNativeSessionManager] storeSession: failed to decode idToken for validation:", err);
+        }
         const config = await getConfig();
         const currentAppId = config.appId;
         this.getStorage().setItem(this.TAROBASE_SESSION_STORAGE_KEY, JSON.stringify({
@@ -15680,7 +15677,7 @@ async function loadDependencies() {
         const [reactModule, reactDomModule, phantomModule] = await Promise.all([
             import('react'),
             import('react-dom/client'),
-            import('./index-DWf2AOhe.esm.js')
+            import('./index-dyXVIGCy.esm.js')
         ]);
         // Extract default export from ESM module namespace
         // Dynamic import() returns { default: Module, ...exports }, not the module directly
@@ -15826,6 +15823,17 @@ class PhantomWalletProvider {
             const isMobile = detectMobile();
             const hasPhantomInjected = discoveredWallets.some((w) => w.id === 'phantom');
             const showDeeplink = isMobile && sdkProviders.includes('deeplink') && !hasPhantomInjected;
+            // Treat MWA's own wallet-standard registrations as not-injected, so the MWA
+            // button still appears when only MWA is present (e.g. Android Chrome on Seeker).
+            const hasInjectedWallet = discoveredWallets.some((w) => {
+                var _a, _b;
+                const id = String((_a = w.id) !== null && _a !== void 0 ? _a : '').toLowerCase();
+                const name = String((_b = w.name) !== null && _b !== void 0 ? _b : '').toLowerCase();
+                return (id !== 'mobile-wallet-adapter' &&
+                    id !== 'remote-mobile-wallet-adapter' &&
+                    name !== 'mobile wallet adapter' &&
+                    name !== 'remote mobile wallet adapter');
+            });
             // Track previous modal state to detect closes
             const prevModalOpen = React$1.useRef(false);
             // Track when modal was closed because user selected a wallet (not dismissed)
@@ -15874,6 +15882,16 @@ class PhantomWalletProvider {
                     if (!(phantom === null || phantom === void 0 ? void 0 : phantom.isConnected) || (phantom === null || phantom === void 0 ? void 0 : phantom.isLoading) || that.loginInProgress || that.autoLoginInProgress || that.pendingLogin) {
                         return;
                     }
+                    // Don't clobber a session owned by MWA on Seeker. MWA marks the
+                    // auth method as soon as login starts (see solana-mobile-wallet-provider),
+                    // and clears it on logout, so this guard is correct in both
+                    // steady-state and post-logout cases.
+                    try {
+                        if (getPlatform().storage.getItem('tarobase_last_auth_method') === 'mobile-wallet-adapter') {
+                            return;
+                        }
+                    }
+                    catch (_b) { }
                     // Need solana to be available AND connected for signing
                     if (!solana || !solanaHook.isAvailable || !solana.connected) {
                         return;
@@ -15903,12 +15921,21 @@ class PhantomWalletProvider {
                         const signatureBytes = signResult.signature;
                         const signature = bufferExports.Buffer.from(signatureBytes).toString('base64');
                         const createSessionResult = await createSessionWithSignature(publicKey, messageText, signature);
+                        // Pre-write guard: MWA may have started a login while we were
+                        // in flight. If MWA owns the auth method now, abort before we
+                        // overwrite its session (or its in-flight session).
+                        try {
+                            if (getPlatform().storage.getItem('tarobase_last_auth_method') === 'mobile-wallet-adapter') {
+                                return;
+                            }
+                        }
+                        catch (_c) { }
                         await WebSessionManager.storeSession(publicKey, createSessionResult.accessToken, createSessionResult.idToken, createSessionResult.refreshToken);
                         // Mark auth method so clearIncompatibleSession() doesn't wipe this session
                         try {
                             getPlatform().storage.setItem('tarobase_last_auth_method', 'phantom');
                         }
-                        catch (_b) { }
+                        catch (_d) { }
                         setCurrentUser({ provider: that, address: publicKey });
                     }
                     catch (error) {
@@ -16264,8 +16291,9 @@ class PhantomWalletProvider {
                 }), 'Open Phantom app'));
             }
             // Mobile Wallet Adapter button — shown on Android when MWA callback is available
+            // and no injected wallet is present (hides button inside Phantom/Solflare/etc. in-app browsers).
             const isAndroid = detectAndroid();
-            if (isAndroid && that.onSwitchToMWA) {
+            if (isAndroid && that.onSwitchToMWA && !hasInjectedWallet) {
                 walletButtons.push(React$1.createElement('button', {
                     key: 'mobile-wallet',
                     style: buttonStyle('mobile-wallet'),
@@ -20098,235 +20126,137 @@ function createSolanaRpcSubscriptionsFromTransport(transport) {
   });
 }
 
-var safeBuffer = {exports: {}};
-
-/*! safe-buffer. MIT License. Feross Aboukhadijeh <https://feross.org/opensource> */
-
-var hasRequiredSafeBuffer;
-
-function requireSafeBuffer () {
-	if (hasRequiredSafeBuffer) return safeBuffer.exports;
-	hasRequiredSafeBuffer = 1;
-	(function (module, exports$1) {
-		/* eslint-disable node/no-deprecated-api */
-		var buffer = requireBuffer();
-		var Buffer = buffer.Buffer;
-
-		// alternative to using Object.keys for old browsers
-		function copyProps (src, dst) {
-		  for (var key in src) {
-		    dst[key] = src[key];
-		  }
-		}
-		if (Buffer.from && Buffer.alloc && Buffer.allocUnsafe && Buffer.allocUnsafeSlow) {
-		  module.exports = buffer;
-		} else {
-		  // Copy properties from require('buffer')
-		  copyProps(buffer, exports$1);
-		  exports$1.Buffer = SafeBuffer;
-		}
-
-		function SafeBuffer (arg, encodingOrOffset, length) {
-		  return Buffer(arg, encodingOrOffset, length)
-		}
-
-		SafeBuffer.prototype = Object.create(Buffer.prototype);
-
-		// Copy static methods from Buffer
-		copyProps(Buffer, SafeBuffer);
-
-		SafeBuffer.from = function (arg, encodingOrOffset, length) {
-		  if (typeof arg === 'number') {
-		    throw new TypeError('Argument must not be a number')
-		  }
-		  return Buffer(arg, encodingOrOffset, length)
-		};
-
-		SafeBuffer.alloc = function (size, fill, encoding) {
-		  if (typeof size !== 'number') {
-		    throw new TypeError('Argument must be a number')
-		  }
-		  var buf = Buffer(size);
-		  if (fill !== undefined) {
-		    if (typeof encoding === 'string') {
-		      buf.fill(fill, encoding);
-		    } else {
-		      buf.fill(fill);
-		    }
-		  } else {
-		    buf.fill(0);
-		  }
-		  return buf
-		};
-
-		SafeBuffer.allocUnsafe = function (size) {
-		  if (typeof size !== 'number') {
-		    throw new TypeError('Argument must be a number')
-		  }
-		  return Buffer(size)
-		};
-
-		SafeBuffer.allocUnsafeSlow = function (size) {
-		  if (typeof size !== 'number') {
-		    throw new TypeError('Argument must be a number')
-		  }
-		  return buffer.SlowBuffer(size)
-		}; 
-	} (safeBuffer, safeBuffer.exports));
-	return safeBuffer.exports;
-}
-
-var src;
-var hasRequiredSrc;
-
-function requireSrc () {
-	if (hasRequiredSrc) return src;
-	hasRequiredSrc = 1;
-	// base-x encoding / decoding
-	// Copyright (c) 2018 base-x contributors
-	// Copyright (c) 2014-2018 The Bitcoin Core developers (base58.cpp)
-	// Distributed under the MIT software license, see the accompanying
-	// file LICENSE or http://www.opensource.org/licenses/mit-license.php.
-	// @ts-ignore
-	var _Buffer = requireSafeBuffer().Buffer;
-	function base (ALPHABET) {
-	  if (ALPHABET.length >= 255) { throw new TypeError('Alphabet too long') }
-	  var BASE_MAP = new Uint8Array(256);
-	  for (var j = 0; j < BASE_MAP.length; j++) {
-	    BASE_MAP[j] = 255;
-	  }
-	  for (var i = 0; i < ALPHABET.length; i++) {
-	    var x = ALPHABET.charAt(i);
-	    var xc = x.charCodeAt(0);
-	    if (BASE_MAP[xc] !== 255) { throw new TypeError(x + ' is ambiguous') }
-	    BASE_MAP[xc] = i;
-	  }
-	  var BASE = ALPHABET.length;
-	  var LEADER = ALPHABET.charAt(0);
-	  var FACTOR = Math.log(BASE) / Math.log(256); // log(BASE) / log(256), rounded up
-	  var iFACTOR = Math.log(256) / Math.log(BASE); // log(256) / log(BASE), rounded up
-	  function encode (source) {
-	    if (Array.isArray(source) || source instanceof Uint8Array) { source = _Buffer.from(source); }
-	    if (!_Buffer.isBuffer(source)) { throw new TypeError('Expected Buffer') }
-	    if (source.length === 0) { return '' }
-	        // Skip & count leading zeroes.
-	    var zeroes = 0;
-	    var length = 0;
-	    var pbegin = 0;
-	    var pend = source.length;
-	    while (pbegin !== pend && source[pbegin] === 0) {
-	      pbegin++;
-	      zeroes++;
-	    }
-	        // Allocate enough space in big-endian base58 representation.
-	    var size = ((pend - pbegin) * iFACTOR + 1) >>> 0;
-	    var b58 = new Uint8Array(size);
-	        // Process the bytes.
-	    while (pbegin !== pend) {
-	      var carry = source[pbegin];
-	            // Apply "b58 = b58 * 256 + ch".
-	      var i = 0;
-	      for (var it1 = size - 1; (carry !== 0 || i < length) && (it1 !== -1); it1--, i++) {
-	        carry += (256 * b58[it1]) >>> 0;
-	        b58[it1] = (carry % BASE) >>> 0;
-	        carry = (carry / BASE) >>> 0;
-	      }
-	      if (carry !== 0) { throw new Error('Non-zero carry') }
-	      length = i;
-	      pbegin++;
-	    }
-	        // Skip leading zeroes in base58 result.
-	    var it2 = size - length;
-	    while (it2 !== size && b58[it2] === 0) {
-	      it2++;
-	    }
-	        // Translate the result into a string.
-	    var str = LEADER.repeat(zeroes);
-	    for (; it2 < size; ++it2) { str += ALPHABET.charAt(b58[it2]); }
-	    return str
-	  }
-	  function decodeUnsafe (source) {
-	    if (typeof source !== 'string') { throw new TypeError('Expected String') }
-	    if (source.length === 0) { return _Buffer.alloc(0) }
-	    var psz = 0;
-	        // Skip and count leading '1's.
-	    var zeroes = 0;
-	    var length = 0;
-	    while (source[psz] === LEADER) {
-	      zeroes++;
-	      psz++;
-	    }
-	        // Allocate enough space in big-endian base256 representation.
-	    var size = (((source.length - psz) * FACTOR) + 1) >>> 0; // log(58) / log(256), rounded up.
-	    var b256 = new Uint8Array(size);
-	        // Process the characters.
-	    while (psz < source.length) {
-	            // Find code of next character
-	      var charCode = source.charCodeAt(psz);
-	            // Base map can not be indexed using char code
-	      if (charCode > 255) { return }
-	            // Decode character
-	      var carry = BASE_MAP[charCode];
-	            // Invalid character
-	      if (carry === 255) { return }
-	      var i = 0;
-	      for (var it3 = size - 1; (carry !== 0 || i < length) && (it3 !== -1); it3--, i++) {
-	        carry += (BASE * b256[it3]) >>> 0;
-	        b256[it3] = (carry % 256) >>> 0;
-	        carry = (carry / 256) >>> 0;
-	      }
-	      if (carry !== 0) { throw new Error('Non-zero carry') }
-	      length = i;
-	      psz++;
-	    }
-	        // Skip leading zeroes in b256.
-	    var it4 = size - length;
-	    while (it4 !== size && b256[it4] === 0) {
-	      it4++;
-	    }
-	    var vch = _Buffer.allocUnsafe(zeroes + (size - it4));
-	    vch.fill(0x00, 0, zeroes);
-	    var j = zeroes;
-	    while (it4 !== size) {
-	      vch[j++] = b256[it4++];
-	    }
-	    return vch
-	  }
-	  function decode (string) {
-	    var buffer = decodeUnsafe(string);
-	    if (buffer) { return buffer }
-	    throw new Error('Non-base' + BASE + ' character')
-	  }
-	  return {
-	    encode: encode,
-	    decodeUnsafe: decodeUnsafe,
-	    decode: decode
-	  }
-	}
-	src = base;
-	return src;
-}
-
-var bs58$1;
-var hasRequiredBs58;
-
-function requireBs58 () {
-	if (hasRequiredBs58) return bs58$1;
-	hasRequiredBs58 = 1;
-	var basex = requireSrc();
-	var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
-
-	bs58$1 = basex(ALPHABET);
-	return bs58$1;
+// base-x encoding / decoding
+// Copyright (c) 2018 base-x contributors
+// Copyright (c) 2014-2018 The Bitcoin Core developers (base58.cpp)
+// Distributed under the MIT software license, see the accompanying
+// file LICENSE or http://www.opensource.org/licenses/mit-license.php.
+function base (ALPHABET) {
+  if (ALPHABET.length >= 255) { throw new TypeError('Alphabet too long') }
+  const BASE_MAP = new Uint8Array(256);
+  for (let j = 0; j < BASE_MAP.length; j++) {
+    BASE_MAP[j] = 255;
+  }
+  for (let i = 0; i < ALPHABET.length; i++) {
+    const x = ALPHABET.charAt(i);
+    const xc = x.charCodeAt(0);
+    if (BASE_MAP[xc] !== 255) { throw new TypeError(x + ' is ambiguous') }
+    BASE_MAP[xc] = i;
+  }
+  const BASE = ALPHABET.length;
+  const LEADER = ALPHABET.charAt(0);
+  const FACTOR = Math.log(BASE) / Math.log(256); // log(BASE) / log(256), rounded up
+  const iFACTOR = Math.log(256) / Math.log(BASE); // log(256) / log(BASE), rounded up
+  function encode (source) {
+    // eslint-disable-next-line no-empty
+    if (source instanceof Uint8Array) ; else if (ArrayBuffer.isView(source)) {
+      source = new Uint8Array(source.buffer, source.byteOffset, source.byteLength);
+    } else if (Array.isArray(source)) {
+      source = Uint8Array.from(source);
+    }
+    if (!(source instanceof Uint8Array)) { throw new TypeError('Expected Uint8Array') }
+    if (source.length === 0) { return '' }
+    // Skip & count leading zeroes.
+    let zeroes = 0;
+    let length = 0;
+    let pbegin = 0;
+    const pend = source.length;
+    while (pbegin !== pend && source[pbegin] === 0) {
+      pbegin++;
+      zeroes++;
+    }
+    // Allocate enough space in big-endian base58 representation.
+    const size = ((pend - pbegin) * iFACTOR + 1) >>> 0;
+    const b58 = new Uint8Array(size);
+    // Process the bytes.
+    while (pbegin !== pend) {
+      let carry = source[pbegin];
+      // Apply "b58 = b58 * 256 + ch".
+      let i = 0;
+      for (let it1 = size - 1; (carry !== 0 || i < length) && (it1 !== -1); it1--, i++) {
+        carry += (256 * b58[it1]) >>> 0;
+        b58[it1] = (carry % BASE) >>> 0;
+        carry = (carry / BASE) >>> 0;
+      }
+      if (carry !== 0) { throw new Error('Non-zero carry') }
+      length = i;
+      pbegin++;
+    }
+    // Skip leading zeroes in base58 result.
+    let it2 = size - length;
+    while (it2 !== size && b58[it2] === 0) {
+      it2++;
+    }
+    // Translate the result into a string.
+    let str = LEADER.repeat(zeroes);
+    for (; it2 < size; ++it2) { str += ALPHABET.charAt(b58[it2]); }
+    return str
+  }
+  function decodeUnsafe (source) {
+    if (typeof source !== 'string') { throw new TypeError('Expected String') }
+    if (source.length === 0) { return new Uint8Array() }
+    let psz = 0;
+    // Skip and count leading '1's.
+    let zeroes = 0;
+    let length = 0;
+    while (source[psz] === LEADER) {
+      zeroes++;
+      psz++;
+    }
+    // Allocate enough space in big-endian base256 representation.
+    const size = (((source.length - psz) * FACTOR) + 1) >>> 0; // log(58) / log(256), rounded up.
+    const b256 = new Uint8Array(size);
+    // Process the characters.
+    while (psz < source.length) {
+      // Find code of next character
+      const charCode = source.charCodeAt(psz);
+      // Base map can not be indexed using char code
+      if (charCode > 255) { return }
+      // Decode character
+      let carry = BASE_MAP[charCode];
+      // Invalid character
+      if (carry === 255) { return }
+      let i = 0;
+      for (let it3 = size - 1; (carry !== 0 || i < length) && (it3 !== -1); it3--, i++) {
+        carry += (BASE * b256[it3]) >>> 0;
+        b256[it3] = (carry % 256) >>> 0;
+        carry = (carry / 256) >>> 0;
+      }
+      if (carry !== 0) { throw new Error('Non-zero carry') }
+      length = i;
+      psz++;
+    }
+    // Skip leading zeroes in b256.
+    let it4 = size - length;
+    while (it4 !== size && b256[it4] === 0) {
+      it4++;
+    }
+    const vch = new Uint8Array(zeroes + (size - it4));
+    let j = zeroes;
+    while (it4 !== size) {
+      vch[j++] = b256[it4++];
+    }
+    return vch
+  }
+  function decode (string) {
+    const buffer = decodeUnsafe(string);
+    if (buffer) { return buffer }
+    throw new Error('Non-base' + BASE + ' character')
+  }
+  return {
+    encode,
+    decodeUnsafe,
+    decode
+  }
 }
 
-var bs58Exports = requireBs58();
-var bs58 = /*@__PURE__*/getDefaultExportFromCjs$1(bs58Exports);
+var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
+var base58 = base(ALPHABET);
 
-var index = /*#__PURE__*/_mergeNamespaces({
+var index = /*#__PURE__*/Object.freeze({
 	__proto__: null,
-	default: bs58
-}, [bs58Exports]);
+	default: base58
+});
 
 const SURFNET_RPC_URL$1 = "https://surfpool.fly.dev";
 let React;
@@ -21060,7 +20990,7 @@ class PrivyWalletProvider {
             // Handle case where signature might be bytes instead of string
             const rawSig = result.signature;
             if (rawSig instanceof Uint8Array || Array.isArray(rawSig)) {
-                signature = bs58.encode(rawSig instanceof Uint8Array ? rawSig : new Uint8Array(rawSig));
+                signature = base58.encode(rawSig instanceof Uint8Array ? rawSig : new Uint8Array(rawSig));
             }
             else {
                 signature = rawSig;
@@ -21240,7 +21170,7 @@ async function loadMwaProtocol() {
         return mwaProtocolLoadPromise;
     mwaProtocolLoadPromise = (async () => {
         try {
-            mwaProtocolModule = await import('./index.browser-Dbq5Qf1G.esm.js');
+            mwaProtocolModule = await import('./index.browser-CbVXUCv0.esm.js');
         }
         catch (e) {
             console.warn('[SolanaMobileWallet] @solana-mobile/mobile-wallet-adapter-protocol-web3js not installed. Install it to enable Seeker wallet support.');
@@ -21262,7 +21192,7 @@ async function registerMobileWalletAdapter(config) {
     if (typeof window === 'undefined')
         return;
     try {
-        const walletStandardMobile = await import('./index.browser-DCOvqSUT.esm.js');
+        const walletStandardMobile = await import('./index.browser-Dekybe_E.esm.js');
         const registerMwa = walletStandardMobile.registerMwa || ((_a = walletStandardMobile.default) === null || _a === void 0 ? void 0 : _a.registerMwa);
         if (!registerMwa) {
             console.warn('[SolanaMobileWallet] registerMwa not found in @solana-mobile/wallet-standard-mobile');
@@ -21392,6 +21322,19 @@ class SolanaMobileWalletProvider {
     async login() {
         var _a, _b, _c, _d, _e;
         setAuthLoading(true);
+        // Mark the auth method early so a concurrent Phantom auto-create can see
+        // 'mobile-wallet-adapter' during our slow transact() / session-creation
+        // roundtrip and back off (see phantom-wallet-provider autoCreateSession).
+        // Capture the previous value so we can restore it if login fails.
+        let prevAuthMethod = null;
+        try {
+            prevAuthMethod = getPlatform().storage.getItem('tarobase_last_auth_method');
+        }
+        catch (_f) { }
+        try {
+            getPlatform().storage.setItem('tarobase_last_auth_method', 'mobile-wallet-adapter');
+        }
+        catch (_g) { }
         try {
             await loadMwaProtocol();
             const { transact } = mwaProtocolModule;
@@ -21457,12 +21400,22 @@ class SolanaMobileWalletProvider {
             try {
                 getPlatform().storage.setItem('tarobase_last_auth_method', 'mobile-wallet-adapter');
             }
-            catch (_f) { }
+            catch (_h) { }
             const user = { provider: this, address: result.base58Address };
             setCurrentUser(user);
             return user;
         }
         catch (error) {
+            // Restore the previous auth method since this login attempt failed.
+            try {
+                if (prevAuthMethod === null) {
+                    getPlatform().storage.removeItem('tarobase_last_auth_method');
+                }
+                else {
+                    getPlatform().storage.setItem('tarobase_last_auth_method', prevAuthMethod);
+                }
+            }
+            catch (_j) { }
             const isUserRejection = (error === null || error === void 0 ? void 0 : error.code) === 4001 ||
                 ((_a = error === null || error === void 0 ? void 0 : error.message) === null || _a === void 0 ? void 0 : _a.toLowerCase().includes('user rejected')) ||
                 ((_b = error === null || error === void 0 ? void 0 : error.message) === null || _b === void 0 ? void 0 : _b.toLowerCase().includes('user denied')) ||
@@ -21508,6 +21461,12 @@ class SolanaMobileWalletProvider {
         this.authorizedPublicKey = null;
         this.publicKeyObj = null;
         WebSessionManager.clearSession();
+        // Clear the auth-method marker so Phantom auto-create is unblocked
+        // for any subsequent fresh login on this device.
+        try {
+            getPlatform().storage.removeItem('tarobase_last_auth_method');
+        }
+        catch (_a) { }
         setCurrentUser(null);
     }
     async signMessage(message) {
@@ -22015,7 +21974,7 @@ class PrivyExpoProvider {
         const wallet = await this.getWalletOrThrow();
         const messageBytes = getPlatform().textEncode(message);
         const result = await wallet.signMessage(messageBytes);
-        return bs58.encode(result.signature);
+        return base58.encode(result.signature);
     }
     async signTransaction(transaction) {
         await this.ensureReady();
@@ -22170,5 +22129,5 @@ class PrivyExpoProvider {
     }
 }
 
-export { genSolanaMessage as $, aggregate as A, subscribe as B, useAuth as C, deserializeTransaction as D, getIdToken as E, setPlatform as F, getPlatform as G, PrivyWalletProvider as H, DEFAULT_TEST_ADDRESS as I, isMobileWalletAvailable as J, registerMobileWalletAdapter as K, PrivyExpoProvider as L, MockAuthProvider as M, InsufficientBalanceError as N, OffchainAuthProvider as O, PhantomWalletProvider as P, ServerSessionManager as Q, ReactNativeSessionManager as R, SolanaMobileWalletProvider as S, buildSetDocumentsTransaction as T, clearCache as U, closeAllSubscriptions as V, WebSessionManager as W, convertRemainingAccounts as X, createSessionWithPrivy as Y, createSessionWithSignature as Z, genAuthNonce as _, getCurrentUser as a, getCachedData as a0, getMany as a1, reconnectWithNewAuth as a2, refreshSession as a3, signSessionCreateMessage as a4, bufferExports as b, commonjsRequire as c, onAuthLoadingChanged as d, getAuthLoading as e, logout as f, getDefaultExportFromCjs$1 as g, getConfig as h, init as i, getAuthProvider as j, get as k, login as l, setMany as m, setFile as n, onAuthStateChanged as o, getFiles as p, runQuery as q, require$$0 as r, set as s, runQueryMany as t, runExpression as u, runExpressionMany as v, signMessage as w, signTransaction as x, signAndSubmitTransaction as y, count as z };
-//# sourceMappingURL=index-BsY_Lgiu.esm.js.map
+export { getCachedData as $, subscribe as A, useAuth as B, deserializeTransaction as C, getIdToken as D, setPlatform as E, getPlatform as F, PrivyWalletProvider as G, DEFAULT_TEST_ADDRESS as H, isMobileWalletAvailable as I, registerMobileWalletAdapter as J, PrivyExpoProvider as K, InsufficientBalanceError as L, MockAuthProvider as M, ServerSessionManager as N, OffchainAuthProvider as O, PhantomWalletProvider as P, buildSetDocumentsTransaction as Q, ReactNativeSessionManager as R, SolanaMobileWalletProvider as S, clearCache as T, closeAllSubscriptions as U, convertRemainingAccounts as V, WebSessionManager as W, createSessionWithPrivy as X, createSessionWithSignature as Y, genAuthNonce as Z, genSolanaMessage as _, base58 as a, getMany as a0, reconnectWithNewAuth as a1, refreshSession as a2, signSessionCreateMessage as a3, bufferExports as b, getCurrentUser as c, onAuthLoadingChanged as d, getAuthLoading as e, logout as f, getDefaultExportFromCjs$1 as g, getConfig as h, init as i, getAuthProvider as j, get as k, login as l, setMany as m, setFile as n, onAuthStateChanged as o, getFiles as p, runQueryMany as q, runQuery as r, set as s, runExpression as t, runExpressionMany as u, signMessage as v, signTransaction as w, signAndSubmitTransaction as x, count as y, aggregate as z };
+//# sourceMappingURL=index-p1LvAs78.esm.js.map