@pooflabs/web 0.0.83 → 0.0.85-rc1

package/dist/{index-DP0xF34Z.js → index-R7cvXys2.js}

@@ -22,21 +22,6 @@ function _interopNamespaceDefault(e) {
 	return Object.freeze(n);
 }
 
-function _mergeNamespaces(n, m) {
-	m.forEach(function (e) {
-		e && typeof e !== 'string' && !Array.isArray(e) && Object.keys(e).forEach(function (k) {
-			if (k !== 'default' && !(k in n)) {
-				var d = Object.getOwnPropertyDescriptor(e, k);
-				Object.defineProperty(n, k, d.get ? d : {
-					enumerable: true,
-					get: function () { return e[k]; }
-				});
-			}
-		});
-	});
-	return Object.freeze(n);
-}
-
 var anchor__namespace = /*#__PURE__*/_interopNamespaceDefault(anchor);
 var React__namespace = /*#__PURE__*/_interopNamespaceDefault(React$2);
 
@@ -6785,6 +6770,28 @@ class WebSessionManager {
     static async storeSession(address, accessToken, idToken, refreshToken) {
         if (typeof window === "undefined")
             return;
+        // JWT-wallet binding: refuse to store a session whose idToken is bound
+        // to a different wallet than `address`. Prevents races that would otherwise
+        // leave localStorage with mismatched address/token state.
+        try {
+            const payloadB64 = idToken.split(".")[1];
+            if (payloadB64) {
+                const payload = JSON.parse(this.decodeBase64Url(payloadB64));
+                const tokenWallet = payload["custom:walletAddress"];
+                if (tokenWallet && tokenWallet !== address) {
+                    throw new Error(`[WebSessionManager] Refusing to store session: address (${address}) does not match idToken custom:walletAddress (${tokenWallet})`);
+                }
+                if (!tokenWallet) {
+                    console.warn("[WebSessionManager] storeSession: idToken has no custom:walletAddress claim — writing without validation");
+                }
+            }
+        }
+        catch (err) {
+            if (typeof (err === null || err === void 0 ? void 0 : err.message) === "string" && err.message.includes("Refusing to store session")) {
+                throw err;
+            }
+            console.warn("[WebSessionManager] storeSession: failed to decode idToken for validation:", err);
+        }
         const config = await getConfig();
         const currentAppId = config.appId;
         localStorage.setItem(this.TAROBASE_SESSION_STORAGE_KEY, JSON.stringify({
@@ -9483,11 +9490,11 @@ function requireSrc$1 () {
 }
 
 var bs58$1;
-var hasRequiredBs58$1;
+var hasRequiredBs58;
 
-function requireBs58$1 () {
-	if (hasRequiredBs58$1) return bs58$1;
-	hasRequiredBs58$1 = 1;
+function requireBs58 () {
+	if (hasRequiredBs58) return bs58$1;
+	hasRequiredBs58 = 1;
 	var basex = requireSrc$1();
 	var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
 
@@ -9495,8 +9502,8 @@ function requireBs58$1 () {
 	return bs58$1;
 }
 
-var bs58Exports$1 = requireBs58$1();
-var bs58$2 = /*@__PURE__*/getDefaultExportFromCjs(bs58Exports$1);
+var bs58Exports = requireBs58();
+var bs58 = /*@__PURE__*/getDefaultExportFromCjs(bs58Exports);
 
 // ─────────────────────────────────────────────────────────────
 // Local implementation of getSimulationComputeUnits
@@ -9758,7 +9765,7 @@ function loadKeypairFromEnv() {
     try {
         const secretKey = secret.trim().startsWith("[")
             ? Uint8Array.from(JSON.parse(secret))
-            : bs58$2.decode(secret.trim());
+            : bs58.decode(secret.trim());
         return web3_js.Keypair.fromSecretKey(secretKey);
     }
     catch (err) {
@@ -11703,6 +11710,28 @@ class ReactNativeSessionManager {
     /* STORE                                                              */
     /* ------------------------------------------------------------------ */
     static async storeSession(address, accessToken, idToken, refreshToken) {
+        // JWT-wallet binding: refuse to store a session whose idToken is bound
+        // to a different wallet than `address`. Prevents races that would otherwise
+        // leave storage with mismatched address/token state.
+        try {
+            const payloadB64 = idToken.split(".")[1];
+            if (payloadB64) {
+                const payload = JSON.parse(this.decodeBase64Url(payloadB64));
+                const tokenWallet = payload["custom:walletAddress"];
+                if (tokenWallet && tokenWallet !== address) {
+                    throw new Error(`[ReactNativeSessionManager] Refusing to store session: address (${address}) does not match idToken custom:walletAddress (${tokenWallet})`);
+                }
+                if (!tokenWallet) {
+                    console.warn("[ReactNativeSessionManager] storeSession: idToken has no custom:walletAddress claim — writing without validation");
+                }
+            }
+        }
+        catch (err) {
+            if (typeof (err === null || err === void 0 ? void 0 : err.message) === "string" && err.message.includes("Refusing to store session")) {
+                throw err;
+            }
+            console.warn("[ReactNativeSessionManager] storeSession: failed to decode idToken for validation:", err);
+        }
         const config = await getConfig();
         const currentAppId = config.appId;
         this.getStorage().setItem(this.TAROBASE_SESSION_STORAGE_KEY, JSON.stringify({
@@ -12809,10 +12838,10 @@ let currentAuthProvider = null;
 let currentAuthMethod = null;
 let initConfig = null;
 // --- localStorage helpers: track which auth method the user last logged in with ---
-const STORED_AUTH_METHOD_KEY = 'tarobase_last_auth_method';
+const STORED_AUTH_METHOD_KEY$1 = 'tarobase_last_auth_method';
 function getStoredAuthMethod() {
     try {
-        return getPlatform().storage.getItem(STORED_AUTH_METHOD_KEY);
+        return getPlatform().storage.getItem(STORED_AUTH_METHOD_KEY$1);
     }
     catch (_a) {
         return null;
@@ -12821,10 +12850,10 @@ function getStoredAuthMethod() {
 function setStoredAuthMethod(method) {
     try {
         if (method) {
-            getPlatform().storage.setItem(STORED_AUTH_METHOD_KEY, method);
+            getPlatform().storage.setItem(STORED_AUTH_METHOD_KEY$1, method);
         }
         else {
-            getPlatform().storage.removeItem(STORED_AUTH_METHOD_KEY);
+            getPlatform().storage.removeItem(STORED_AUTH_METHOD_KEY$1);
         }
     }
     catch (_a) {
@@ -15701,7 +15730,7 @@ async function loadDependencies() {
         const [reactModule, reactDomModule, phantomModule] = await Promise.all([
             import('react'),
             import('react-dom/client'),
-            Promise.resolve().then(function () { return require('./index-FviRSm3S.js'); })
+            Promise.resolve().then(function () { return require('./index-BoWQVxMI.js'); })
         ]);
         // Extract default export from ESM module namespace
         // Dynamic import() returns { default: Module, ...exports }, not the module directly
@@ -15847,6 +15876,17 @@ class PhantomWalletProvider {
             const isMobile = detectMobile();
             const hasPhantomInjected = discoveredWallets.some((w) => w.id === 'phantom');
             const showDeeplink = isMobile && sdkProviders.includes('deeplink') && !hasPhantomInjected;
+            // Treat MWA's own wallet-standard registrations as not-injected, so the MWA
+            // button still appears when only MWA is present (e.g. Android Chrome on Seeker).
+            const hasInjectedWallet = discoveredWallets.some((w) => {
+                var _a, _b;
+                const id = String((_a = w.id) !== null && _a !== void 0 ? _a : '').toLowerCase();
+                const name = String((_b = w.name) !== null && _b !== void 0 ? _b : '').toLowerCase();
+                return (id !== 'mobile-wallet-adapter' &&
+                    id !== 'remote-mobile-wallet-adapter' &&
+                    name !== 'mobile wallet adapter' &&
+                    name !== 'remote mobile wallet adapter');
+            });
             // Track previous modal state to detect closes
             const prevModalOpen = React$1.useRef(false);
             // Track when modal was closed because user selected a wallet (not dismissed)
@@ -15895,6 +15935,16 @@ class PhantomWalletProvider {
                     if (!(phantom === null || phantom === void 0 ? void 0 : phantom.isConnected) || (phantom === null || phantom === void 0 ? void 0 : phantom.isLoading) || that.loginInProgress || that.autoLoginInProgress || that.pendingLogin) {
                         return;
                     }
+                    // Don't clobber a session owned by MWA on Seeker. MWA marks the
+                    // auth method as soon as login starts (see solana-mobile-wallet-provider),
+                    // and clears it on logout, so this guard is correct in both
+                    // steady-state and post-logout cases.
+                    try {
+                        if (getPlatform().storage.getItem('tarobase_last_auth_method') === 'mobile-wallet-adapter') {
+                            return;
+                        }
+                    }
+                    catch (_b) { }
                     // Need solana to be available AND connected for signing
                     if (!solana || !solanaHook.isAvailable || !solana.connected) {
                         return;
@@ -15924,12 +15974,21 @@ class PhantomWalletProvider {
                         const signatureBytes = signResult.signature;
                         const signature = bufferExports.Buffer.from(signatureBytes).toString('base64');
                         const createSessionResult = await createSessionWithSignature(publicKey, messageText, signature);
+                        // Pre-write guard: MWA may have started a login while we were
+                        // in flight. If MWA owns the auth method now, abort before we
+                        // overwrite its session (or its in-flight session).
+                        try {
+                            if (getPlatform().storage.getItem('tarobase_last_auth_method') === 'mobile-wallet-adapter') {
+                                return;
+                            }
+                        }
+                        catch (_c) { }
                         await WebSessionManager.storeSession(publicKey, createSessionResult.accessToken, createSessionResult.idToken, createSessionResult.refreshToken);
                         // Mark auth method so clearIncompatibleSession() doesn't wipe this session
                         try {
                             getPlatform().storage.setItem('tarobase_last_auth_method', 'phantom');
                         }
-                        catch (_b) { }
+                        catch (_d) { }
                         setCurrentUser({ provider: that, address: publicKey });
                     }
                     catch (error) {
@@ -16285,8 +16344,9 @@ class PhantomWalletProvider {
                 }), 'Open Phantom app'));
             }
             // Mobile Wallet Adapter button — shown on Android when MWA callback is available
+            // and no injected wallet is present (hides button inside Phantom/Solflare/etc. in-app browsers).
             const isAndroid = detectAndroid();
-            if (isAndroid && that.onSwitchToMWA) {
+            if (isAndroid && that.onSwitchToMWA && !hasInjectedWallet) {
                 walletButtons.push(React$1.createElement('button', {
                     key: 'mobile-wallet',
                     style: buttonStyle('mobile-wallet'),
@@ -20328,26 +20388,16 @@ function requireSrc () {
 	return src;
 }
 
-var bs58;
-var hasRequiredBs58;
+var srcExports = requireSrc();
+var basex = /*@__PURE__*/getDefaultExportFromCjs$1(srcExports);
 
-function requireBs58 () {
-	if (hasRequiredBs58) return bs58;
-	hasRequiredBs58 = 1;
-	var basex = requireSrc();
-	var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
+var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
+var base58 = basex(ALPHABET);
 
-	bs58 = basex(ALPHABET);
-	return bs58;
-}
-
-var bs58Exports = requireBs58();
-var base58 = /*@__PURE__*/getDefaultExportFromCjs$1(bs58Exports);
-
-var index = /*#__PURE__*/_mergeNamespaces({
+var index = /*#__PURE__*/Object.freeze({
 	__proto__: null,
 	default: base58
-}, [bs58Exports]);
+});
 
 const SURFNET_RPC_URL$1 = "https://surfpool.fly.dev";
 let React;
@@ -21249,26 +21299,135 @@ function isMobileWalletAvailable() {
     return detectAndroid();
 }
 const ED25519_SIGNATURE_LENGTH = 64;
-// Dynamically imported MWA protocol module
-let mwaProtocolModule = null;
-let mwaProtocolLoadPromise = null;
-async function loadMwaProtocol() {
-    if (mwaProtocolModule)
-        return;
-    if (typeof window === 'undefined')
-        return;
-    if (mwaProtocolLoadPromise)
-        return mwaProtocolLoadPromise;
-    mwaProtocolLoadPromise = (async () => {
-        try {
-            mwaProtocolModule = await Promise.resolve().then(function () { return require('./index.browser-BhppfDyf.js'); });
+const STORED_AUTH_METHOD_KEY = 'tarobase_last_auth_method';
+const MWA_AUTH_METHOD = 'mobile-wallet-adapter';
+/**
+ * Normalize a chain string to a wallet-standard Solana chain identifier.
+ *
+ * Handles three input shapes that all show up in practice:
+ *  - Bare cluster name from `SolanaMobileWalletConfig.cluster` (e.g. 'devnet').
+ *  - Prefixed `solana:cluster` (e.g. 'solana:devnet').
+ *  - Double-prefixed `solana:solana:cluster` (constructor used to wrap cluster
+ *    with `solana:` blindly; if a caller already passed a prefixed string the
+ *    result was `solana:solana:devnet`).
+ *
+ * Wallet-standard Solana chains are exactly:
+ *   'solana:mainnet' | 'solana:devnet' | 'solana:testnet' | 'solana:localnet'
+ * — `mainnet-beta` is NOT a valid wallet-standard identifier and must be
+ * normalized to `solana:mainnet`.
+ */
+function mapChainToWalletStandard(input) {
+    if (!input)
+        return 'solana:mainnet';
+    let s = String(input).toLowerCase();
+    while (s.startsWith('solana:'))
+        s = s.slice('solana:'.length);
+    if (s === 'mainnet-beta' || s === 'mainnet')
+        return 'solana:mainnet';
+    if (s === 'devnet')
+        return 'solana:devnet';
+    if (s === 'testnet')
+        return 'solana:testnet';
+    if (s === 'localnet')
+        return 'solana:localnet';
+    return 'solana:mainnet';
+}
+/**
+ * Serialize a Transaction/VersionedTransaction to a Uint8Array wire payload
+ * that the wallet-standard `solana:signTransaction` /
+ * `solana:signAndSendTransaction` features expect.
+ *
+ * Legacy transactions must serialize with `requireAllSignatures: false` and
+ * `verifySignatures: false` — the wallet hasn't signed yet, and the default
+ * `serialize()` would throw "Signature verification failed". Versioned
+ * transactions use the default `serialize()` which already permits unsigned
+ * payloads. Mirrors the helper at
+ * `@solana-mobile/mobile-wallet-adapter-protocol-web3js/lib/esm/index.browser.js:13-18`.
+ */
+function txToWireBytes(tx) {
+    if ('version' in tx)
+        return tx.serialize();
+    return tx.serialize({ requireAllSignatures: false, verifySignatures: false });
+}
+/**
+ * Deserialize a wire-format transaction returned by the wallet
+ * `solana:signTransaction` feature. Mirrors the helper at
+ * `@solana-mobile/mobile-wallet-adapter-protocol-web3js/lib/esm/index.browser.js:19-23`
+ * so legacy and versioned bytes both round-trip correctly.
+ */
+function txFromWireBytes(byteArray) {
+    const messageOffset = byteArray[0] * ED25519_SIGNATURE_LENGTH + 1;
+    const messageVersion = web3_js.VersionedMessage.deserializeMessageVersion(byteArray.slice(messageOffset, byteArray.length));
+    if (messageVersion === 'legacy') {
+        return web3_js.Transaction.from(byteArray);
+    }
+    return web3_js.VersionedTransaction.deserialize(byteArray);
+}
+/**
+ * Per-method runtime narrowing of wallet-standard features. The wallet's
+ * `.features` type is a union (`signAndSendTransaction` | `signTransaction`),
+ * and after authorization the wallet may also narrow `#optionalFeatures`
+ * based on actual wallet capabilities. Narrow at the call site so a method
+ * that needs only `signMessage` doesn't fail when a wallet lacks
+ * `signTransaction`.
+ */
+function getSignMessageFeature(wallet) {
+    const f = wallet.features;
+    const feat = f['solana:signMessage'];
+    if (!feat || typeof feat.signMessage !== 'function') {
+        throw new Error('Wallet does not support solana:signMessage');
+    }
+    return feat;
+}
+function getSignTransactionFeature(wallet) {
+    const f = wallet.features;
+    const feat = f['solana:signTransaction'];
+    if (!feat || typeof feat.signTransaction !== 'function') {
+        throw new Error('Wallet does not support solana:signTransaction');
+    }
+    return feat;
+}
+function getSignAndSendTransactionFeature(wallet) {
+    const f = wallet.features;
+    const feat = f['solana:signAndSendTransaction'];
+    if (!feat || typeof feat.signAndSendTransaction !== 'function') {
+        throw new Error('Wallet does not support solana:signAndSendTransaction');
+    }
+    return feat;
+}
+function getConnectFeature(wallet) {
+    const f = wallet.features;
+    const feat = f['standard:connect'];
+    if (!feat || typeof feat.connect !== 'function') {
+        throw new Error('Wallet does not support standard:connect');
+    }
+    return feat;
+}
+function getDisconnectFeature(wallet) {
+    const f = wallet.features;
+    const feat = f['standard:disconnect'];
+    return feat && typeof feat.disconnect === 'function' ? feat : null;
+}
+function writeAuthMethod(method) {
+    try {
+        if (method === null) {
+            getPlatform().storage.removeItem(STORED_AUTH_METHOD_KEY);
         }
-        catch (e) {
-            console.warn('[SolanaMobileWallet] @solana-mobile/mobile-wallet-adapter-protocol-web3js not installed. Install it to enable Seeker wallet support.');
-            throw new Error('Missing @solana-mobile/mobile-wallet-adapter-protocol-web3js dependency');
+        else {
+            getPlatform().storage.setItem(STORED_AUTH_METHOD_KEY, method);
         }
-    })();
-    return mwaProtocolLoadPromise;
+    }
+    catch (_a) {
+        // storage may be unavailable
+    }
+}
+function readAuthMethod() {
+    try {
+        return getPlatform().storage.getItem(STORED_AUTH_METHOD_KEY);
+    }
+    catch (_a) {
+        return null;
+    }
 }
 /**
  * Registers Mobile Wallet Adapter as a wallet-standard wallet so it appears
@@ -21283,7 +21442,7 @@ async function registerMobileWalletAdapter(config) {
     if (typeof window === 'undefined')
         return;
     try {
-        const walletStandardMobile = await Promise.resolve().then(function () { return require('./index.browser-_zN3Uapq.js'); });
+        const walletStandardMobile = await Promise.resolve().then(function () { return require('./index.browser-DZCNegue.js'); });
         const registerMwa = walletStandardMobile.registerMwa || ((_a = walletStandardMobile.default) === null || _a === void 0 ? void 0 : _a.registerMwa);
         if (!registerMwa) {
             console.warn('[SolanaMobileWallet] registerMwa not found in @solana-mobile/wallet-standard-mobile');
@@ -21312,32 +21471,41 @@ async function registerMobileWalletAdapter(config) {
         registerMwa(options);
     }
     catch (e) {
-        // @solana-mobile/wallet-standard-mobile is an optional dependency
-        // Silently skip if not installed — the provider still works via
-        // @solana-mobile/mobile-wallet-adapter-protocol-web3js directly
         console.debug('[SolanaMobileWallet] @solana-mobile/wallet-standard-mobile not available, skipping wallet-standard registration');
     }
 }
 /**
- * SolanaMobileWalletProvider implements the AuthProvider interface using the
- * Solana Mobile Wallet Adapter (MWA) protocol's low-level `transact` API.
+ * SolanaMobileWalletProvider implements the AuthProvider interface using
+ * Solana Mobile's wallet-standard wrapper (`LocalSolanaMobileWalletAdapterWallet`).
+ *
+ * Why wallet-standard and not the raw MWA protocol: as of
+ * `@solana-mobile/wallet-standard-mobile@0.5.0+`, the wallet's internal
+ * `#transact` calls `checkLocalNetworkAccessPermission()` before opening the
+ * localhost WebSocket. That helper renders a three-stage UX flow Solana
+ * Mobile designed specifically to defuse Chrome's Local Network Access
+ * permission dialog (which renders with disabled buttons on Android Chrome,
+ * the source of the long-running Seeker MWA bug):
+ *
+ *   1. "Allow connections to your wallet" informational modal.
+ *   2. Chrome's permission prompt (interactive because it's spawned as a
+ *      fresh user gesture from step 1).
+ *   3. "Ready to connect!" success modal.
  *
- * This enables TaroBase dApps to work with any MWA-compliant wallet on Solana
- * mobile devices (Seeker, Saga) — including the native Seed Vault Wallet,
- * Phantom, Solflare, and any other wallet that implements the MWA protocol.
+ * `checkLocalNetworkAccessPermission` is internal to the library — it's not
+ * exported. The only way to invoke it is to go through the wallet's
+ * `standard:connect` / `solana:sign*` features, which is what this provider
+ * does.
  *
- * By using `transact()` directly (instead of the wallet-adapter wrapper),
- * login combines authorize + signMessage into a single wallet session —
- * meaning one popup/approval instead of two.
+ * Notes on UX: login uses two wallet popups in succession — `standard:connect`
+ * (authorize) and `solana:signMessage` (sign the Tarobase nonce). The
+ * previous implementation combined both inside a single `transact` callback;
+ * splitting them is the cost of going through wallet-standard, and is
+ * acceptable given the alternative was broken on Seeker.
  */
 class SolanaMobileWalletProvider {
     constructor(networkUrl = null, config = {}) {
-        // MWA authorization state
-        this.authToken = null;
-        this.walletUriBase = null;
-        this.base64Address = null;
-        this.authorizedPublicKey = null;
-        this.publicKeyObj = null;
+        /** LocalSolanaMobileWalletAdapterWallet, lazy-constructed in ensureWallet(). */
+        this.wallet = null;
         this.networkUrl = networkUrl;
         this.config = config;
         if (typeof window === 'undefined') {
@@ -21350,7 +21518,7 @@ class SolanaMobileWalletProvider {
             name: 'TaroBase App',
             uri: getPlatform().getLocationOrigin(),
         };
-        this.chain = `solana:${config.cluster || 'mainnet-beta'}`;
+        this.cluster = config.cluster || 'mainnet-beta';
         SolanaMobileWalletProvider.instance = this;
     }
     static getInstance(networkUrl, config) {
@@ -21359,131 +21527,118 @@ class SolanaMobileWalletProvider {
         }
         return SolanaMobileWalletProvider.instance;
     }
-    /** Config for transact() — routes to the same wallet if we've already authorized */
-    getAssociationConfig() {
-        if (this.walletUriBase) {
-            return { baseUri: this.walletUriBase };
-        }
-        return undefined;
+    /** Lazy-construct LocalSolanaMobileWalletAdapterWallet on first need. */
+    async ensureWallet() {
+        if (this.wallet)
+            return this.wallet;
+        const mod = await Promise.resolve().then(function () { return require('./index.browser-DZCNegue.js'); });
+        const chain = mapChainToWalletStandard(this.cluster);
+        this.wallet = new mod.LocalSolanaMobileWalletAdapterWallet({
+            appIdentity: this.appIdentity,
+            authorizationCache: mod.createDefaultAuthorizationCache(),
+            chains: [chain],
+            chainSelector: mod.createDefaultChainSelector(),
+            onWalletNotFound: mod.createDefaultWalletNotFoundHandler(),
+        });
+        return this.wallet;
     }
-    /** Reauthorize within a transact callback using a stored auth_token */
-    async reauthorizeWallet(wallet) {
-        if (!this.authToken) {
-            // No existing auth — do a fresh authorize
-            const authResult = await wallet.authorize({
-                identity: this.appIdentity,
-                chain: this.chain,
-            });
-            this.storeAuthResult(authResult);
-            return authResult;
+    /**
+     * Ensure the wallet has an active authorization. After a Tarobase session
+     * is restored from storage on cold-start, `wallet.accounts` is empty until
+     * we silently reconnect from the AuthorizationCache. If the cache is also
+     * empty, fall back to interactive `login()` (which surfaces the three-stage
+     * Solana Mobile LNA flow + wallet popups).
+     *
+     * Returns the wallet-standard `WalletAccount` to use for sign operations.
+     */
+    async ensureAuthorized() {
+        const wallet = await this.ensureWallet();
+        if (wallet.accounts.length === 0) {
+            try {
+                const connectFeat = getConnectFeature(wallet);
+                await connectFeat.connect({ silent: true });
+            }
+            catch (e) {
+                console.warn('[SolanaMobileWallet] silent connect failed:', e === null || e === void 0 ? void 0 : e.message);
+            }
         }
-        try {
-            const authResult = await wallet.reauthorize({
-                auth_token: this.authToken,
-                identity: this.appIdentity,
-            });
-            this.storeAuthResult(authResult);
-            return authResult;
-        }
-        catch (e) {
-            // Reauth failed (token expired, wallet reset, etc.) — try fresh authorize
-            console.warn('[SolanaMobileWallet] Reauthorization failed, attempting fresh authorize:', e === null || e === void 0 ? void 0 : e.message);
-            const authResult = await wallet.authorize({
-                identity: this.appIdentity,
-                chain: this.chain,
-            });
-            this.storeAuthResult(authResult);
-            return authResult;
+        if (wallet.accounts.length === 0) {
+            const user = await this.login();
+            if (!user)
+                throw new Error('MWA not connected');
         }
+        return wallet.accounts[0];
     }
-    /** Persist auth result from an authorize/reauthorize call */
-    storeAuthResult(authResult) {
-        var _a;
-        this.authToken = authResult.auth_token;
-        this.walletUriBase = authResult.wallet_uri_base;
-        if (((_a = authResult.accounts) === null || _a === void 0 ? void 0 : _a.length) > 0) {
-            const account = authResult.accounts[0];
-            this.base64Address = account.address;
-            // Decode base64 address → PublicKey → base58
-            const addressBytes = Uint8Array.from(getPlatform().atob(account.address), c => c.charCodeAt(0));
-            this.publicKeyObj = new web3_js.PublicKey(addressBytes);
-            this.authorizedPublicKey = this.publicKeyObj.toBase58();
-        }
+    /** Returns the active wallet-standard chain identifier (e.g. 'solana:mainnet'). */
+    getChain() {
+        return mapChainToWalletStandard(this.cluster);
     }
     async login() {
         var _a, _b, _c, _d, _e;
         setAuthLoading(true);
+        // Mark the auth method early so a concurrent Phantom auto-create-session
+        // effect (see phantom-wallet-provider) sees 'mobile-wallet-adapter'
+        // during our slow connect/sign roundtrip and backs off. Capture the
+        // previous value so we can restore it if login fails.
+        const prevAuthMethod = readAuthMethod();
+        writeAuthMethod(MWA_AUTH_METHOD);
         try {
-            await loadMwaProtocol();
-            const { transact } = mwaProtocolModule;
-            // Quick check: if we already have auth state and a valid session, skip
-            if (this.authorizedPublicKey) {
+            const wallet = await this.ensureWallet();
+            // Quick-check: wallet may already have authorization (e.g. from a
+            // previous in-page login) and a matching Tarobase session — skip
+            // popups in that case.
+            if (wallet.accounts.length > 0) {
+                const accountPubkey = new web3_js.PublicKey(wallet.accounts[0].publicKey);
+                const base58Addr = accountPubkey.toBase58();
                 const existingSession = await WebSessionManager.getSession();
-                if (existingSession && existingSession.address === this.authorizedPublicKey) {
-                    const user = { provider: this, address: this.authorizedPublicKey };
+                if (existingSession && existingSession.address === base58Addr) {
+                    const user = { provider: this, address: base58Addr };
                     setCurrentUser(user);
                     return user;
                 }
             }
-            // Pre-fetch nonce from server while wallet is not yet connected
+            // Pre-fetch nonce while the wallet popup is not yet open.
             const nonce = await genAuthNonce();
-            // Single transact() call: authorize + signMessages — one wallet popup
-            const result = await transact(async (wallet) => {
-                // Step 1: Authorize — user approves the dApp
-                const authResult = await wallet.authorize({
-                    identity: this.appIdentity,
-                    chain: this.chain,
-                });
-                const base64Addr = authResult.accounts[0].address;
-                const addressBytes = Uint8Array.from(getPlatform().atob(base64Addr), c => c.charCodeAt(0));
-                const pubkey = new web3_js.PublicKey(addressBytes);
-                const base58Addr = pubkey.toBase58();
-                // Step 2: Sign the auth message — still in the same wallet session
-                const messageText = await genSolanaMessage(base58Addr, nonce);
-                const messageBytes = getPlatform().textEncode(messageText);
-                const signedMessages = await wallet.signMessages({
-                    addresses: [base64Addr],
-                    payloads: [messageBytes],
-                });
-                // The signed payload is [original message bytes][64-byte ed25519 signature]
-                const signedPayload = signedMessages[0];
-                const signatureBytes = signedPayload.slice(-ED25519_SIGNATURE_LENGTH);
-                return {
-                    base58Address: base58Addr,
-                    base64Address: base64Addr,
-                    publicKey: pubkey,
-                    signature: bufferExports.Buffer.from(signatureBytes).toString('base64'),
-                    messageText,
-                    authToken: authResult.auth_token,
-                    walletUriBase: authResult.wallet_uri_base,
-                };
-            }, this.getAssociationConfig());
-            // Store MWA auth state for reauthorization in subsequent transact() calls
-            this.authToken = result.authToken;
-            this.walletUriBase = result.walletUriBase;
-            this.base64Address = result.base64Address;
-            this.authorizedPublicKey = result.base58Address;
-            this.publicKeyObj = result.publicKey;
-            // Check if we already have a valid session for this address
+            // Wallet popup #1: standard:connect performs MWA authorize. This
+            // is where wallet-standard's checkLocalNetworkAccessPermission()
+            // fires the three-stage LNA UX (info modal → permission prompt →
+            // success modal) before opening the localhost WebSocket.
+            const connectFeat = getConnectFeature(wallet);
+            const { accounts } = await connectFeat.connect();
+            if (!accounts || accounts.length === 0) {
+                throw new Error('MWA returned no accounts');
+            }
+            const account = accounts[0];
+            const accountPubkey = new web3_js.PublicKey(account.publicKey);
+            const base58Addr = accountPubkey.toBase58();
+            // If we happen to already have a matching Tarobase session, reuse it.
             const existingSession = await WebSessionManager.getSession();
-            if (existingSession && existingSession.address === result.base58Address) {
-                const user = { provider: this, address: result.base58Address };
+            if (existingSession && existingSession.address === base58Addr) {
+                const user = { provider: this, address: base58Addr };
                 setCurrentUser(user);
                 return user;
             }
-            // Create new session on the server
-            const createSessionResult = await createSessionWithSignature(result.base58Address, result.messageText, result.signature);
-            await WebSessionManager.storeSession(result.base58Address, createSessionResult.accessToken, createSessionResult.idToken, createSessionResult.refreshToken);
-            // Mark auth method
-            try {
-                getPlatform().storage.setItem('tarobase_last_auth_method', 'mobile-wallet-adapter');
+            // Wallet popup #2: sign the Tarobase nonce message.
+            const messageText = await genSolanaMessage(base58Addr, nonce);
+            const messageBytes = getPlatform().textEncode(messageText);
+            const signMessageFeat = getSignMessageFeature(wallet);
+            const signResults = await signMessageFeat.signMessage({ account, message: messageBytes });
+            if (!signResults || signResults.length === 0) {
+                throw new Error('MWA returned no signature');
             }
-            catch (_f) { }
-            const user = { provider: this, address: result.base58Address };
+            const { signature: sigBytes } = signResults[0];
+            const signatureBase64 = bufferExports.Buffer.from(sigBytes).toString('base64');
+            // Create Tarobase session on the server.
+            const createSessionResult = await createSessionWithSignature(base58Addr, messageText, signatureBase64);
+            await WebSessionManager.storeSession(base58Addr, createSessionResult.accessToken, createSessionResult.idToken, createSessionResult.refreshToken);
+            // Auth-method marker is already 'mobile-wallet-adapter' from above.
+            const user = { provider: this, address: base58Addr };
             setCurrentUser(user);
             return user;
         }
         catch (error) {
+            // Restore the previous auth-method marker since this login attempt failed.
+            writeAuthMethod(prevAuthMethod);
             const isUserRejection = (error === null || error === void 0 ? void 0 : error.code) === 4001 ||
                 ((_a = error === null || error === void 0 ? void 0 : error.message) === null || _a === void 0 ? void 0 : _a.toLowerCase().includes('user rejected')) ||
                 ((_b = error === null || error === void 0 ? void 0 : error.message) === null || _b === void 0 ? void 0 : _b.toLowerCase().includes('user denied')) ||
@@ -21502,55 +21657,42 @@ class SolanaMobileWalletProvider {
     async restoreSession() {
         const session = await WebSessionManager.getSession();
         if (session) {
-            this.authorizedPublicKey = session.address;
-            this.publicKeyObj = new web3_js.PublicKey(session.address);
             return { provider: this, address: session.address };
         }
         return null;
     }
     async logout() {
-        // Deauthorize with the wallet if we have an auth_token
-        if (this.authToken) {
-            try {
-                await loadMwaProtocol();
-                const { transact } = mwaProtocolModule;
-                const authToken = this.authToken;
-                await transact(async (wallet) => {
-                    await wallet.deauthorize({ auth_token: authToken });
-                }, this.getAssociationConfig());
-            }
-            catch (error) {
-                console.error('[SolanaMobileWallet] Deauthorize error:', error);
+        try {
+            const wallet = await this.ensureWallet();
+            const disconnectFeat = getDisconnectFeature(wallet);
+            if (disconnectFeat) {
+                // Disconnect clears the AuthorizationCache and resets
+                // wallet.#authorization internally (no LNA dialog).
+                await disconnectFeat.disconnect();
             }
         }
-        this.authToken = null;
-        this.walletUriBase = null;
-        this.base64Address = null;
-        this.authorizedPublicKey = null;
-        this.publicKeyObj = null;
+        catch (error) {
+            console.error('[SolanaMobileWallet] Disconnect error:', error);
+        }
         WebSessionManager.clearSession();
+        // Clear the auth-method marker so Phantom auto-create is unblocked
+        // for any subsequent fresh login on this device.
+        writeAuthMethod(null);
         setCurrentUser(null);
     }
     async signMessage(message) {
         var _a, _b;
-        if (!this.authorizedPublicKey || !this.base64Address) {
-            throw new Error('Not connected. Call login() first.');
-        }
-        await loadMwaProtocol();
-        const { transact } = mwaProtocolModule;
-        const base64Addr = this.base64Address;
+        const account = await this.ensureAuthorized();
+        const wallet = await this.ensureWallet();
         try {
-            const signedMessages = await transact(async (wallet) => {
-                await this.reauthorizeWallet(wallet);
-                const messageBytes = getPlatform().textEncode(message);
-                return wallet.signMessages({
-                    addresses: [base64Addr],
-                    payloads: [messageBytes],
-                });
-            }, this.getAssociationConfig());
-            const signedPayload = signedMessages[0];
-            const signatureBytes = signedPayload.slice(-ED25519_SIGNATURE_LENGTH);
-            return bufferExports.Buffer.from(signatureBytes).toString('base64');
+            const signMessageFeat = getSignMessageFeature(wallet);
+            const messageBytes = getPlatform().textEncode(message);
+            const results = await signMessageFeat.signMessage({ account, message: messageBytes });
+            if (!results || results.length === 0) {
+                throw new Error('MWA returned no signature');
+            }
+            const { signature: sigBytes } = results[0];
+            return bufferExports.Buffer.from(sigBytes).toString('base64');
         }
         catch (error) {
             if (((_a = error === null || error === void 0 ? void 0 : error.message) === null || _a === void 0 ? void 0 : _a.includes('not connected')) || ((_b = error === null || error === void 0 ? void 0 : error.message) === null || _b === void 0 ? void 0 : _b.includes('not authorized')) ||
@@ -21563,41 +21705,42 @@ class SolanaMobileWalletProvider {
     }
     async signTransaction(transaction) {
         var _a, _b;
-        if (!this.publicKeyObj) {
-            throw new Error('Not connected. Call login() first.');
-        }
-        await loadMwaProtocol();
-        const { transact } = mwaProtocolModule;
-        // Ensure blockhash and fee payer are set before signing
+        const account = await this.ensureAuthorized();
+        const connectedPubkey = new web3_js.PublicKey(account.publicKey);
+        const wallet = await this.ensureWallet();
+        const chain = this.getChain();
+        // Preserve existing prep: fill missing blockhash / fee payer so call
+        // sites that build a tx without these fields don't regress.
         const isLegacyTransaction = 'recentBlockhash' in transaction && !('message' in transaction && 'staticAccountKeys' in transaction.message);
         if (isLegacyTransaction) {
             const legacyTx = transaction;
             if (!legacyTx.recentBlockhash) {
-                const rpcUrl = this.getRpcUrl();
-                const connection = new web3_js.Connection(rpcUrl, 'confirmed');
-                const { blockhash, lastValidBlockHeight } = await connection.getLatestBlockhash('confirmed');
+                const conn = new web3_js.Connection(this.getRpcUrl(), 'confirmed');
+                const { blockhash, lastValidBlockHeight } = await conn.getLatestBlockhash('confirmed');
                 legacyTx.recentBlockhash = blockhash;
                 legacyTx.lastValidBlockHeight = lastValidBlockHeight;
             }
-            if (!legacyTx.feePayer && this.publicKeyObj) {
-                legacyTx.feePayer = this.publicKeyObj;
+            if (!legacyTx.feePayer) {
+                legacyTx.feePayer = connectedPubkey;
             }
         }
         else {
             const versionedTx = transaction;
             if (!versionedTx.message.recentBlockhash) {
-                const rpcUrl = this.getRpcUrl();
-                const connection = new web3_js.Connection(rpcUrl, 'confirmed');
-                const { blockhash } = await connection.getLatestBlockhash('confirmed');
+                const conn = new web3_js.Connection(this.getRpcUrl(), 'confirmed');
+                const { blockhash } = await conn.getLatestBlockhash('confirmed');
                 versionedTx.message.recentBlockhash = blockhash;
             }
         }
         try {
-            const signedTransactions = await transact(async (wallet) => {
-                await this.reauthorizeWallet(wallet);
-                return wallet.signTransactions({ transactions: [transaction] });
-            }, this.getAssociationConfig());
-            return signedTransactions[0];
+            const signTxFeat = getSignTransactionFeature(wallet);
+            const wireBytes = txToWireBytes(transaction);
+            const results = await signTxFeat.signTransaction({ account, transaction: wireBytes, chain });
+            if (!results || results.length === 0) {
+                throw new Error('MWA returned no signed transaction');
+            }
+            const { signedTransaction: signedBytes } = results[0];
+            return txFromWireBytes(new Uint8Array(signedBytes));
         }
         catch (error) {
             if (((_a = error === null || error === void 0 ? void 0 : error.message) === null || _a === void 0 ? void 0 : _a.includes('not connected')) || ((_b = error === null || error === void 0 ? void 0 : error.message) === null || _b === void 0 ? void 0 : _b.includes('not authorized')) ||
@@ -21610,15 +21753,15 @@ class SolanaMobileWalletProvider {
     }
     async signAndSubmitTransaction(transaction, feePayer) {
         var _a, _b, _c, _d, _e, _f;
-        if (!this.publicKeyObj) {
-            throw new Error('Not connected. Call login() first.');
-        }
-        await loadMwaProtocol();
-        const { transact } = mwaProtocolModule;
+        const account = await this.ensureAuthorized();
+        const connectedPubkey = new web3_js.PublicKey(account.publicKey);
+        const wallet = await this.ensureWallet();
+        const chain = this.getChain();
         const rpcUrl = this.getRpcUrl();
         const connection = new web3_js.Connection(rpcUrl, 'confirmed');
         const isSurfnet = rpcUrl === SURFNET_RPC_URL$2;
         try {
+            // Preserve existing prep: refresh blockhash and set fee payer.
             const { blockhash, lastValidBlockHeight } = await connection.getLatestBlockhash('confirmed');
             const isLegacyTransaction = 'recentBlockhash' in transaction && !('message' in transaction && 'staticAccountKeys' in transaction.message);
             if (isLegacyTransaction) {
@@ -21626,12 +21769,7 @@ class SolanaMobileWalletProvider {
                 legacyTx.recentBlockhash = blockhash;
                 legacyTx.lastValidBlockHeight = lastValidBlockHeight;
                 if (!legacyTx.feePayer) {
-                    if (feePayer) {
-                        legacyTx.feePayer = feePayer;
-                    }
-                    else if (this.publicKeyObj) {
-                        legacyTx.feePayer = this.publicKeyObj;
-                    }
+                    legacyTx.feePayer = feePayer !== null && feePayer !== void 0 ? feePayer : connectedPubkey;
                 }
             }
             else {
@@ -21639,14 +21777,19 @@ class SolanaMobileWalletProvider {
                 versionedTx.message.recentBlockhash = blockhash;
             }
             if (isSurfnet) {
-                // Surfnet: sign-only, then submit to our specific RPC
-                const signedTransactions = await transact(async (wallet) => {
-                    await this.reauthorizeWallet(wallet);
-                    return wallet.signTransactions({ transactions: [transaction] });
-                }, this.getAssociationConfig());
-                const signedTx = signedTransactions[0];
+                // Surfnet: sign locally via wallet-standard, submit manually
+                // to the Surfnet RPC. Don't route through signAndSendTransaction
+                // because the wallet would submit to its own RPC.
+                const signTxFeat = getSignTransactionFeature(wallet);
+                const wireBytes = txToWireBytes(transaction);
+                const results = await signTxFeat.signTransaction({ account, transaction: wireBytes, chain });
+                if (!results || results.length === 0) {
+                    throw new Error('MWA returned no signed transaction');
+                }
+                const { signedTransaction: signedBytes } = results[0];
+                const signedTx = txFromWireBytes(new Uint8Array(signedBytes));
                 const signature = await connection.sendRawTransaction(signedTx.serialize(), {
-                    preflightCommitment: 'confirmed'
+                    preflightCommitment: 'confirmed',
                 });
                 const confirmation = await connection.confirmTransaction({
                     signature,
@@ -21658,15 +21801,20 @@ class SolanaMobileWalletProvider {
                 }
                 return signature;
             }
-            // Non-surfnet: use signAndSendTransactions for wallet-optimized submission
-            const signatures = await transact(async (wallet) => {
-                await this.reauthorizeWallet(wallet);
-                return wallet.signAndSendTransactions({
-                    transactions: [transaction],
-                    commitment: 'confirmed',
-                });
-            }, this.getAssociationConfig());
-            const signature = signatures[0];
+            // Non-Surfnet: wallet signs and submits to its own RPC.
+            const signSendFeat = getSignAndSendTransactionFeature(wallet);
+            const wireBytes = txToWireBytes(transaction);
+            const results = await signSendFeat.signAndSendTransaction({
+                account,
+                transaction: wireBytes,
+                chain,
+                options: { commitment: 'confirmed' },
+            });
+            if (!results || results.length === 0) {
+                throw new Error('MWA returned no signature');
+            }
+            const { signature: sigBytes } = results[0];
+            const signature = base58.encode(sigBytes);
             await confirmAndCheckTransaction(connection, signature);
             return signature;
         }
@@ -21692,16 +21840,14 @@ class SolanaMobileWalletProvider {
         if (!solTransactionData) {
             throw new Error('Solana transaction data is required for mobile wallet');
         }
-        if (!this.publicKeyObj || !this.authorizedPublicKey) {
-            await this.login();
-        }
-        await loadMwaProtocol();
-        const { transact } = mwaProtocolModule;
+        const account = await this.ensureAuthorized();
+        const connectedPubkey = new web3_js.PublicKey(account.publicKey);
+        const wallet = await this.ensureWallet();
+        const chain = this.getChain();
         const rpcUrl = this.getRpcUrl(solTransactionData.network);
         const connection = new web3_js.Connection(rpcUrl, 'confirmed');
         const isSurfnet = rpcUrl === SURFNET_RPC_URL$2;
         try {
-            const publicKey = this.publicKeyObj;
             const remainingAccounts = convertRemainingAccounts(solTransactionData.txArgs[0].remainingAccounts);
             let app_id = solTransactionData.appId;
             if (typeof window !== 'undefined' && window.CUSTOM_TAROBASE_APP_ID_HEADER) {
@@ -21710,9 +21856,9 @@ class SolanaMobileWalletProvider {
             if (!app_id) {
                 throw new Error('App ID is required');
             }
-            // Create a mock wallet adapter for Anchor (only publicKey is needed for building TX)
+            // Mock wallet adapter for Anchor — only publicKey is read during build.
             const mockWalletAdapter = {
-                publicKey,
+                publicKey: connectedPubkey,
                 signTransaction: async (tx) => tx,
                 signAllTransactions: async (txs) => txs,
             };
@@ -21730,10 +21876,12 @@ class SolanaMobileWalletProvider {
             }
             let tx;
             if (solTransactionData.signedTransaction) {
+                // Server has co-signed a CPI attestation. Do NOT mutate its
+                // blockhash — that would invalidate the server's signature.
                 tx = web3_js.VersionedTransaction.deserialize(bufferExports.Buffer.from(solTransactionData.signedTransaction, 'base64'));
             }
             else {
-                const result = await buildSetDocumentsTransaction(connection, solTransactionData.txArgs[0].idl, anchorProvider, publicKey, {
+                const result = await buildSetDocumentsTransaction(connection, solTransactionData.txArgs[0].idl, anchorProvider, connectedPubkey, {
                     app_id,
                     documents: solTransactionData.txArgs[0].setDocumentData,
                     delete_paths: solTransactionData.txArgs[0].deletePaths,
@@ -21741,11 +21889,16 @@ class SolanaMobileWalletProvider {
                 }, finalDeduped, solTransactionData.lutKey, solTransactionData.preInstructions, false, solTransactionData.additionalLutAddresses);
                 tx = result.tx;
             }
+            // Sign-only branch — sign the tx but don't submit.
             if ((options === null || options === void 0 ? void 0 : options.shouldSubmitTx) === false) {
-                const [signedTx] = await transact(async (wallet) => {
-                    await this.reauthorizeWallet(wallet);
-                    return wallet.signTransactions({ transactions: [tx] });
-                }, this.getAssociationConfig());
+                const signTxFeat = getSignTransactionFeature(wallet);
+                const wireBytes = txToWireBytes(tx);
+                const results = await signTxFeat.signTransaction({ account, transaction: wireBytes, chain });
+                if (!results || results.length === 0) {
+                    throw new Error('MWA returned no signed transaction');
+                }
+                const { signedTransaction: signedBytes } = results[0];
+                const signedTx = txFromWireBytes(new Uint8Array(signedBytes));
                 return {
                     signedTransaction: signedTx,
                     blockNumber: 0,
@@ -21754,14 +21907,18 @@ class SolanaMobileWalletProvider {
                 };
             }
             if (isSurfnet) {
-                // Surfnet: sign then submit manually to our RPC
-                const [signedTx] = await transact(async (wallet) => {
-                    await this.reauthorizeWallet(wallet);
-                    return wallet.signTransactions({ transactions: [tx] });
-                }, this.getAssociationConfig());
+                // Surfnet: sign locally via wallet-standard, submit manually.
+                const signTxFeat = getSignTransactionFeature(wallet);
+                const wireBytes = txToWireBytes(tx);
+                const results = await signTxFeat.signTransaction({ account, transaction: wireBytes, chain });
+                if (!results || results.length === 0) {
+                    throw new Error('MWA returned no signed transaction');
+                }
+                const { signedTransaction: signedBytes } = results[0];
+                const signedTx = txFromWireBytes(new Uint8Array(signedBytes));
                 const { blockhash, lastValidBlockHeight } = await connection.getLatestBlockhash('confirmed');
                 const signature = await connection.sendRawTransaction(signedTx.serialize(), {
-                    preflightCommitment: 'confirmed'
+                    preflightCommitment: 'confirmed',
                 });
                 const confirmation = await connection.confirmTransaction({
                     signature,
@@ -21773,7 +21930,7 @@ class SolanaMobileWalletProvider {
                 }
                 const txInfo = await connection.getParsedTransaction(signature, {
                     maxSupportedTransactionVersion: 0,
-                    commitment: 'confirmed'
+                    commitment: 'confirmed',
                 });
                 return {
                     transactionSignature: signature,
@@ -21782,15 +21939,20 @@ class SolanaMobileWalletProvider {
                     data: txInfo === null || txInfo === void 0 ? void 0 : txInfo.meta,
                 };
             }
-            // Non-surfnet: use signAndSendTransactions
-            const signatures = await transact(async (wallet) => {
-                await this.reauthorizeWallet(wallet);
-                return wallet.signAndSendTransactions({
-                    transactions: [tx],
-                    commitment: 'confirmed',
-                });
-            }, this.getAssociationConfig());
-            const signature = signatures[0];
+            // Non-Surfnet: wallet signs and submits to its own RPC.
+            const signSendFeat = getSignAndSendTransactionFeature(wallet);
+            const wireBytes = txToWireBytes(tx);
+            const results = await signSendFeat.signAndSendTransaction({
+                account,
+                transaction: wireBytes,
+                chain,
+                options: { commitment: 'confirmed' },
+            });
+            if (!results || results.length === 0) {
+                throw new Error('MWA returned no signature');
+            }
+            const { signature: sigBytes } = results[0];
+            const signature = base58.encode(sigBytes);
             const txInfo = await confirmAndCheckTransaction(connection, signature);
             return {
                 transactionSignature: signature,
@@ -21817,11 +21979,36 @@ class SolanaMobileWalletProvider {
         }
     }
     async getNativeMethods() {
+        var _a, _b, _c;
+        // Synchronous-ish state read; tolerate the wallet being unauthorized
+        // (return nulls). Don't trigger ensureAuthorized() here — callers that
+        // need the wallet active should sign through one of the sign methods.
+        const wallet = this.wallet;
+        if (!wallet) {
+            return {
+                authToken: null,
+                walletUriBase: null,
+                publicKey: null,
+                base64Address: null,
+                wallet: null,
+                currentAuthorization: null,
+            };
+        }
+        const acct = (_a = wallet.accounts) === null || _a === void 0 ? void 0 : _a[0];
+        const auth = wallet.currentAuthorization;
+        let publicKey = null;
+        let base64Address = null;
+        if (acct) {
+            publicKey = new web3_js.PublicKey(acct.publicKey);
+            base64Address = btoa(String.fromCharCode(...acct.publicKey));
+        }
         return {
-            authToken: this.authToken,
-            walletUriBase: this.walletUriBase,
-            publicKey: this.publicKeyObj,
-            base64Address: this.base64Address,
+            authToken: (_b = auth === null || auth === void 0 ? void 0 : auth.auth_token) !== null && _b !== void 0 ? _b : null,
+            walletUriBase: (_c = auth === null || auth === void 0 ? void 0 : auth.wallet_uri_base) !== null && _c !== void 0 ? _c : null,
+            publicKey,
+            base64Address,
+            wallet,
+            currentAuthorization: auth !== null && auth !== void 0 ? auth : null,
         };
     }
     /* ----------------------------------------------------------- *
@@ -22249,4 +22436,4 @@ exports.signSessionCreateMessage = signSessionCreateMessage;
 exports.signTransaction = signTransaction;
 exports.subscribe = subscribe;
 exports.useAuth = useAuth;
-//# sourceMappingURL=index-DP0xF34Z.js.map
+//# sourceMappingURL=index-R7cvXys2.js.map