@pooflabs/web 0.0.84 → 0.0.85-rc1

package/dist/{index-BPlF6-PQ.js → index-R7cvXys2.js}

@@ -12838,10 +12838,10 @@ let currentAuthProvider = null;
 let currentAuthMethod = null;
 let initConfig = null;
 // --- localStorage helpers: track which auth method the user last logged in with ---
-const STORED_AUTH_METHOD_KEY = 'tarobase_last_auth_method';
+const STORED_AUTH_METHOD_KEY$1 = 'tarobase_last_auth_method';
 function getStoredAuthMethod() {
     try {
-        return getPlatform().storage.getItem(STORED_AUTH_METHOD_KEY);
+        return getPlatform().storage.getItem(STORED_AUTH_METHOD_KEY$1);
     }
     catch (_a) {
         return null;
@@ -12850,10 +12850,10 @@ function getStoredAuthMethod() {
 function setStoredAuthMethod(method) {
     try {
         if (method) {
-            getPlatform().storage.setItem(STORED_AUTH_METHOD_KEY, method);
+            getPlatform().storage.setItem(STORED_AUTH_METHOD_KEY$1, method);
         }
         else {
-            getPlatform().storage.removeItem(STORED_AUTH_METHOD_KEY);
+            getPlatform().storage.removeItem(STORED_AUTH_METHOD_KEY$1);
         }
     }
     catch (_a) {
@@ -15730,7 +15730,7 @@ async function loadDependencies() {
         const [reactModule, reactDomModule, phantomModule] = await Promise.all([
             import('react'),
             import('react-dom/client'),
-            Promise.resolve().then(function () { return require('./index-BM6hgCdH.js'); })
+            Promise.resolve().then(function () { return require('./index-BoWQVxMI.js'); })
         ]);
         // Extract default export from ESM module namespace
         // Dynamic import() returns { default: Module, ...exports }, not the module directly
@@ -21299,26 +21299,135 @@ function isMobileWalletAvailable() {
     return detectAndroid();
 }
 const ED25519_SIGNATURE_LENGTH = 64;
-// Dynamically imported MWA protocol module
-let mwaProtocolModule = null;
-let mwaProtocolLoadPromise = null;
-async function loadMwaProtocol() {
-    if (mwaProtocolModule)
-        return;
-    if (typeof window === 'undefined')
-        return;
-    if (mwaProtocolLoadPromise)
-        return mwaProtocolLoadPromise;
-    mwaProtocolLoadPromise = (async () => {
-        try {
-            mwaProtocolModule = await Promise.resolve().then(function () { return require('./index.browser-BvNsUWjt.js'); });
+const STORED_AUTH_METHOD_KEY = 'tarobase_last_auth_method';
+const MWA_AUTH_METHOD = 'mobile-wallet-adapter';
+/**
+ * Normalize a chain string to a wallet-standard Solana chain identifier.
+ *
+ * Handles three input shapes that all show up in practice:
+ *  - Bare cluster name from `SolanaMobileWalletConfig.cluster` (e.g. 'devnet').
+ *  - Prefixed `solana:cluster` (e.g. 'solana:devnet').
+ *  - Double-prefixed `solana:solana:cluster` (constructor used to wrap cluster
+ *    with `solana:` blindly; if a caller already passed a prefixed string the
+ *    result was `solana:solana:devnet`).
+ *
+ * Wallet-standard Solana chains are exactly:
+ *   'solana:mainnet' | 'solana:devnet' | 'solana:testnet' | 'solana:localnet'
+ * — `mainnet-beta` is NOT a valid wallet-standard identifier and must be
+ * normalized to `solana:mainnet`.
+ */
+function mapChainToWalletStandard(input) {
+    if (!input)
+        return 'solana:mainnet';
+    let s = String(input).toLowerCase();
+    while (s.startsWith('solana:'))
+        s = s.slice('solana:'.length);
+    if (s === 'mainnet-beta' || s === 'mainnet')
+        return 'solana:mainnet';
+    if (s === 'devnet')
+        return 'solana:devnet';
+    if (s === 'testnet')
+        return 'solana:testnet';
+    if (s === 'localnet')
+        return 'solana:localnet';
+    return 'solana:mainnet';
+}
+/**
+ * Serialize a Transaction/VersionedTransaction to a Uint8Array wire payload
+ * that the wallet-standard `solana:signTransaction` /
+ * `solana:signAndSendTransaction` features expect.
+ *
+ * Legacy transactions must serialize with `requireAllSignatures: false` and
+ * `verifySignatures: false` — the wallet hasn't signed yet, and the default
+ * `serialize()` would throw "Signature verification failed". Versioned
+ * transactions use the default `serialize()` which already permits unsigned
+ * payloads. Mirrors the helper at
+ * `@solana-mobile/mobile-wallet-adapter-protocol-web3js/lib/esm/index.browser.js:13-18`.
+ */
+function txToWireBytes(tx) {
+    if ('version' in tx)
+        return tx.serialize();
+    return tx.serialize({ requireAllSignatures: false, verifySignatures: false });
+}
+/**
+ * Deserialize a wire-format transaction returned by the wallet
+ * `solana:signTransaction` feature. Mirrors the helper at
+ * `@solana-mobile/mobile-wallet-adapter-protocol-web3js/lib/esm/index.browser.js:19-23`
+ * so legacy and versioned bytes both round-trip correctly.
+ */
+function txFromWireBytes(byteArray) {
+    const messageOffset = byteArray[0] * ED25519_SIGNATURE_LENGTH + 1;
+    const messageVersion = web3_js.VersionedMessage.deserializeMessageVersion(byteArray.slice(messageOffset, byteArray.length));
+    if (messageVersion === 'legacy') {
+        return web3_js.Transaction.from(byteArray);
+    }
+    return web3_js.VersionedTransaction.deserialize(byteArray);
+}
+/**
+ * Per-method runtime narrowing of wallet-standard features. The wallet's
+ * `.features` type is a union (`signAndSendTransaction` | `signTransaction`),
+ * and after authorization the wallet may also narrow `#optionalFeatures`
+ * based on actual wallet capabilities. Narrow at the call site so a method
+ * that needs only `signMessage` doesn't fail when a wallet lacks
+ * `signTransaction`.
+ */
+function getSignMessageFeature(wallet) {
+    const f = wallet.features;
+    const feat = f['solana:signMessage'];
+    if (!feat || typeof feat.signMessage !== 'function') {
+        throw new Error('Wallet does not support solana:signMessage');
+    }
+    return feat;
+}
+function getSignTransactionFeature(wallet) {
+    const f = wallet.features;
+    const feat = f['solana:signTransaction'];
+    if (!feat || typeof feat.signTransaction !== 'function') {
+        throw new Error('Wallet does not support solana:signTransaction');
+    }
+    return feat;
+}
+function getSignAndSendTransactionFeature(wallet) {
+    const f = wallet.features;
+    const feat = f['solana:signAndSendTransaction'];
+    if (!feat || typeof feat.signAndSendTransaction !== 'function') {
+        throw new Error('Wallet does not support solana:signAndSendTransaction');
+    }
+    return feat;
+}
+function getConnectFeature(wallet) {
+    const f = wallet.features;
+    const feat = f['standard:connect'];
+    if (!feat || typeof feat.connect !== 'function') {
+        throw new Error('Wallet does not support standard:connect');
+    }
+    return feat;
+}
+function getDisconnectFeature(wallet) {
+    const f = wallet.features;
+    const feat = f['standard:disconnect'];
+    return feat && typeof feat.disconnect === 'function' ? feat : null;
+}
+function writeAuthMethod(method) {
+    try {
+        if (method === null) {
+            getPlatform().storage.removeItem(STORED_AUTH_METHOD_KEY);
         }
-        catch (e) {
-            console.warn('[SolanaMobileWallet] @solana-mobile/mobile-wallet-adapter-protocol-web3js not installed. Install it to enable Seeker wallet support.');
-            throw new Error('Missing @solana-mobile/mobile-wallet-adapter-protocol-web3js dependency');
+        else {
+            getPlatform().storage.setItem(STORED_AUTH_METHOD_KEY, method);
         }
-    })();
-    return mwaProtocolLoadPromise;
+    }
+    catch (_a) {
+        // storage may be unavailable
+    }
+}
+function readAuthMethod() {
+    try {
+        return getPlatform().storage.getItem(STORED_AUTH_METHOD_KEY);
+    }
+    catch (_a) {
+        return null;
+    }
 }
 /**
  * Registers Mobile Wallet Adapter as a wallet-standard wallet so it appears
@@ -21333,7 +21442,7 @@ async function registerMobileWalletAdapter(config) {
     if (typeof window === 'undefined')
         return;
     try {
-        const walletStandardMobile = await Promise.resolve().then(function () { return require('./index.browser-C1QL04xM.js'); });
+        const walletStandardMobile = await Promise.resolve().then(function () { return require('./index.browser-DZCNegue.js'); });
         const registerMwa = walletStandardMobile.registerMwa || ((_a = walletStandardMobile.default) === null || _a === void 0 ? void 0 : _a.registerMwa);
         if (!registerMwa) {
             console.warn('[SolanaMobileWallet] registerMwa not found in @solana-mobile/wallet-standard-mobile');
@@ -21362,32 +21471,41 @@ async function registerMobileWalletAdapter(config) {
         registerMwa(options);
     }
     catch (e) {
-        // @solana-mobile/wallet-standard-mobile is an optional dependency
-        // Silently skip if not installed — the provider still works via
-        // @solana-mobile/mobile-wallet-adapter-protocol-web3js directly
         console.debug('[SolanaMobileWallet] @solana-mobile/wallet-standard-mobile not available, skipping wallet-standard registration');
     }
 }
 /**
- * SolanaMobileWalletProvider implements the AuthProvider interface using the
- * Solana Mobile Wallet Adapter (MWA) protocol's low-level `transact` API.
+ * SolanaMobileWalletProvider implements the AuthProvider interface using
+ * Solana Mobile's wallet-standard wrapper (`LocalSolanaMobileWalletAdapterWallet`).
  *
- * This enables TaroBase dApps to work with any MWA-compliant wallet on Solana
- * mobile devices (Seeker, Saga) — including the native Seed Vault Wallet,
- * Phantom, Solflare, and any other wallet that implements the MWA protocol.
+ * Why wallet-standard and not the raw MWA protocol: as of
+ * `@solana-mobile/wallet-standard-mobile@0.5.0+`, the wallet's internal
+ * `#transact` calls `checkLocalNetworkAccessPermission()` before opening the
+ * localhost WebSocket. That helper renders a three-stage UX flow Solana
+ * Mobile designed specifically to defuse Chrome's Local Network Access
+ * permission dialog (which renders with disabled buttons on Android Chrome,
+ * the source of the long-running Seeker MWA bug):
  *
- * By using `transact()` directly (instead of the wallet-adapter wrapper),
- * login combines authorize + signMessage into a single wallet session —
- * meaning one popup/approval instead of two.
+ *   1. "Allow connections to your wallet" informational modal.
+ *   2. Chrome's permission prompt (interactive because it's spawned as a
+ *      fresh user gesture from step 1).
+ *   3. "Ready to connect!" success modal.
+ *
+ * `checkLocalNetworkAccessPermission` is internal to the library — it's not
+ * exported. The only way to invoke it is to go through the wallet's
+ * `standard:connect` / `solana:sign*` features, which is what this provider
+ * does.
+ *
+ * Notes on UX: login uses two wallet popups in succession — `standard:connect`
+ * (authorize) and `solana:signMessage` (sign the Tarobase nonce). The
+ * previous implementation combined both inside a single `transact` callback;
+ * splitting them is the cost of going through wallet-standard, and is
+ * acceptable given the alternative was broken on Seeker.
  */
 class SolanaMobileWalletProvider {
     constructor(networkUrl = null, config = {}) {
-        // MWA authorization state
-        this.authToken = null;
-        this.walletUriBase = null;
-        this.base64Address = null;
-        this.authorizedPublicKey = null;
-        this.publicKeyObj = null;
+        /** LocalSolanaMobileWalletAdapterWallet, lazy-constructed in ensureWallet(). */
+        this.wallet = null;
         this.networkUrl = networkUrl;
         this.config = config;
         if (typeof window === 'undefined') {
@@ -21400,7 +21518,7 @@ class SolanaMobileWalletProvider {
             name: 'TaroBase App',
             uri: getPlatform().getLocationOrigin(),
         };
-        this.chain = `solana:${config.cluster || 'mainnet-beta'}`;
+        this.cluster = config.cluster || 'mainnet-beta';
         SolanaMobileWalletProvider.instance = this;
     }
     static getInstance(networkUrl, config) {
@@ -21409,154 +21527,118 @@ class SolanaMobileWalletProvider {
         }
         return SolanaMobileWalletProvider.instance;
     }
-    /** Config for transact() — routes to the same wallet if we've already authorized */
-    getAssociationConfig() {
-        if (this.walletUriBase) {
-            return { baseUri: this.walletUriBase };
-        }
-        return undefined;
+    /** Lazy-construct LocalSolanaMobileWalletAdapterWallet on first need. */
+    async ensureWallet() {
+        if (this.wallet)
+            return this.wallet;
+        const mod = await Promise.resolve().then(function () { return require('./index.browser-DZCNegue.js'); });
+        const chain = mapChainToWalletStandard(this.cluster);
+        this.wallet = new mod.LocalSolanaMobileWalletAdapterWallet({
+            appIdentity: this.appIdentity,
+            authorizationCache: mod.createDefaultAuthorizationCache(),
+            chains: [chain],
+            chainSelector: mod.createDefaultChainSelector(),
+            onWalletNotFound: mod.createDefaultWalletNotFoundHandler(),
+        });
+        return this.wallet;
     }
-    /** Reauthorize within a transact callback using a stored auth_token */
-    async reauthorizeWallet(wallet) {
-        if (!this.authToken) {
-            // No existing auth — do a fresh authorize
-            const authResult = await wallet.authorize({
-                identity: this.appIdentity,
-                chain: this.chain,
-            });
-            this.storeAuthResult(authResult);
-            return authResult;
+    /**
+     * Ensure the wallet has an active authorization. After a Tarobase session
+     * is restored from storage on cold-start, `wallet.accounts` is empty until
+     * we silently reconnect from the AuthorizationCache. If the cache is also
+     * empty, fall back to interactive `login()` (which surfaces the three-stage
+     * Solana Mobile LNA flow + wallet popups).
+     *
+     * Returns the wallet-standard `WalletAccount` to use for sign operations.
+     */
+    async ensureAuthorized() {
+        const wallet = await this.ensureWallet();
+        if (wallet.accounts.length === 0) {
+            try {
+                const connectFeat = getConnectFeature(wallet);
+                await connectFeat.connect({ silent: true });
+            }
+            catch (e) {
+                console.warn('[SolanaMobileWallet] silent connect failed:', e === null || e === void 0 ? void 0 : e.message);
+            }
         }
-        try {
-            const authResult = await wallet.reauthorize({
-                auth_token: this.authToken,
-                identity: this.appIdentity,
-            });
-            this.storeAuthResult(authResult);
-            return authResult;
-        }
-        catch (e) {
-            // Reauth failed (token expired, wallet reset, etc.) — try fresh authorize
-            console.warn('[SolanaMobileWallet] Reauthorization failed, attempting fresh authorize:', e === null || e === void 0 ? void 0 : e.message);
-            const authResult = await wallet.authorize({
-                identity: this.appIdentity,
-                chain: this.chain,
-            });
-            this.storeAuthResult(authResult);
-            return authResult;
+        if (wallet.accounts.length === 0) {
+            const user = await this.login();
+            if (!user)
+                throw new Error('MWA not connected');
         }
+        return wallet.accounts[0];
     }
-    /** Persist auth result from an authorize/reauthorize call */
-    storeAuthResult(authResult) {
-        var _a;
-        this.authToken = authResult.auth_token;
-        this.walletUriBase = authResult.wallet_uri_base;
-        if (((_a = authResult.accounts) === null || _a === void 0 ? void 0 : _a.length) > 0) {
-            const account = authResult.accounts[0];
-            this.base64Address = account.address;
-            // Decode base64 address → PublicKey → base58
-            const addressBytes = Uint8Array.from(getPlatform().atob(account.address), c => c.charCodeAt(0));
-            this.publicKeyObj = new web3_js.PublicKey(addressBytes);
-            this.authorizedPublicKey = this.publicKeyObj.toBase58();
-        }
+    /** Returns the active wallet-standard chain identifier (e.g. 'solana:mainnet'). */
+    getChain() {
+        return mapChainToWalletStandard(this.cluster);
     }
     async login() {
         var _a, _b, _c, _d, _e;
         setAuthLoading(true);
-        // Mark the auth method early so a concurrent Phantom auto-create can see
-        // 'mobile-wallet-adapter' during our slow transact() / session-creation
-        // roundtrip and back off (see phantom-wallet-provider autoCreateSession).
-        // Capture the previous value so we can restore it if login fails.
-        let prevAuthMethod = null;
-        try {
-            prevAuthMethod = getPlatform().storage.getItem('tarobase_last_auth_method');
-        }
-        catch (_f) { }
+        // Mark the auth method early so a concurrent Phantom auto-create-session
+        // effect (see phantom-wallet-provider) sees 'mobile-wallet-adapter'
+        // during our slow connect/sign roundtrip and backs off. Capture the
+        // previous value so we can restore it if login fails.
+        const prevAuthMethod = readAuthMethod();
+        writeAuthMethod(MWA_AUTH_METHOD);
         try {
-            getPlatform().storage.setItem('tarobase_last_auth_method', 'mobile-wallet-adapter');
-        }
-        catch (_g) { }
-        try {
-            await loadMwaProtocol();
-            const { transact } = mwaProtocolModule;
-            // Quick check: if we already have auth state and a valid session, skip
-            if (this.authorizedPublicKey) {
+            const wallet = await this.ensureWallet();
+            // Quick-check: wallet may already have authorization (e.g. from a
+            // previous in-page login) and a matching Tarobase session — skip
+            // popups in that case.
+            if (wallet.accounts.length > 0) {
+                const accountPubkey = new web3_js.PublicKey(wallet.accounts[0].publicKey);
+                const base58Addr = accountPubkey.toBase58();
                 const existingSession = await WebSessionManager.getSession();
-                if (existingSession && existingSession.address === this.authorizedPublicKey) {
-                    const user = { provider: this, address: this.authorizedPublicKey };
+                if (existingSession && existingSession.address === base58Addr) {
+                    const user = { provider: this, address: base58Addr };
                     setCurrentUser(user);
                     return user;
                 }
             }
-            // Pre-fetch nonce from server while wallet is not yet connected
+            // Pre-fetch nonce while the wallet popup is not yet open.
             const nonce = await genAuthNonce();
-            // Single transact() call: authorize + signMessages — one wallet popup
-            const result = await transact(async (wallet) => {
-                // Step 1: Authorize — user approves the dApp
-                const authResult = await wallet.authorize({
-                    identity: this.appIdentity,
-                    chain: this.chain,
-                });
-                const base64Addr = authResult.accounts[0].address;
-                const addressBytes = Uint8Array.from(getPlatform().atob(base64Addr), c => c.charCodeAt(0));
-                const pubkey = new web3_js.PublicKey(addressBytes);
-                const base58Addr = pubkey.toBase58();
-                // Step 2: Sign the auth message — still in the same wallet session
-                const messageText = await genSolanaMessage(base58Addr, nonce);
-                const messageBytes = getPlatform().textEncode(messageText);
-                const signedMessages = await wallet.signMessages({
-                    addresses: [base64Addr],
-                    payloads: [messageBytes],
-                });
-                // The signed payload is [original message bytes][64-byte ed25519 signature]
-                const signedPayload = signedMessages[0];
-                const signatureBytes = signedPayload.slice(-ED25519_SIGNATURE_LENGTH);
-                return {
-                    base58Address: base58Addr,
-                    base64Address: base64Addr,
-                    publicKey: pubkey,
-                    signature: bufferExports.Buffer.from(signatureBytes).toString('base64'),
-                    messageText,
-                    authToken: authResult.auth_token,
-                    walletUriBase: authResult.wallet_uri_base,
-                };
-            }, this.getAssociationConfig());
-            // Store MWA auth state for reauthorization in subsequent transact() calls
-            this.authToken = result.authToken;
-            this.walletUriBase = result.walletUriBase;
-            this.base64Address = result.base64Address;
-            this.authorizedPublicKey = result.base58Address;
-            this.publicKeyObj = result.publicKey;
-            // Check if we already have a valid session for this address
+            // Wallet popup #1: standard:connect performs MWA authorize. This
+            // is where wallet-standard's checkLocalNetworkAccessPermission()
+            // fires the three-stage LNA UX (info modal → permission prompt →
+            // success modal) before opening the localhost WebSocket.
+            const connectFeat = getConnectFeature(wallet);
+            const { accounts } = await connectFeat.connect();
+            if (!accounts || accounts.length === 0) {
+                throw new Error('MWA returned no accounts');
+            }
+            const account = accounts[0];
+            const accountPubkey = new web3_js.PublicKey(account.publicKey);
+            const base58Addr = accountPubkey.toBase58();
+            // If we happen to already have a matching Tarobase session, reuse it.
             const existingSession = await WebSessionManager.getSession();
-            if (existingSession && existingSession.address === result.base58Address) {
-                const user = { provider: this, address: result.base58Address };
+            if (existingSession && existingSession.address === base58Addr) {
+                const user = { provider: this, address: base58Addr };
                 setCurrentUser(user);
                 return user;
             }
-            // Create new session on the server
-            const createSessionResult = await createSessionWithSignature(result.base58Address, result.messageText, result.signature);
-            await WebSessionManager.storeSession(result.base58Address, createSessionResult.accessToken, createSessionResult.idToken, createSessionResult.refreshToken);
-            // Mark auth method
-            try {
-                getPlatform().storage.setItem('tarobase_last_auth_method', 'mobile-wallet-adapter');
+            // Wallet popup #2: sign the Tarobase nonce message.
+            const messageText = await genSolanaMessage(base58Addr, nonce);
+            const messageBytes = getPlatform().textEncode(messageText);
+            const signMessageFeat = getSignMessageFeature(wallet);
+            const signResults = await signMessageFeat.signMessage({ account, message: messageBytes });
+            if (!signResults || signResults.length === 0) {
+                throw new Error('MWA returned no signature');
             }
-            catch (_h) { }
-            const user = { provider: this, address: result.base58Address };
+            const { signature: sigBytes } = signResults[0];
+            const signatureBase64 = bufferExports.Buffer.from(sigBytes).toString('base64');
+            // Create Tarobase session on the server.
+            const createSessionResult = await createSessionWithSignature(base58Addr, messageText, signatureBase64);
+            await WebSessionManager.storeSession(base58Addr, createSessionResult.accessToken, createSessionResult.idToken, createSessionResult.refreshToken);
+            // Auth-method marker is already 'mobile-wallet-adapter' from above.
+            const user = { provider: this, address: base58Addr };
             setCurrentUser(user);
             return user;
         }
         catch (error) {
-            // Restore the previous auth method since this login attempt failed.
-            try {
-                if (prevAuthMethod === null) {
-                    getPlatform().storage.removeItem('tarobase_last_auth_method');
-                }
-                else {
-                    getPlatform().storage.setItem('tarobase_last_auth_method', prevAuthMethod);
-                }
-            }
-            catch (_j) { }
+            // Restore the previous auth-method marker since this login attempt failed.
+            writeAuthMethod(prevAuthMethod);
             const isUserRejection = (error === null || error === void 0 ? void 0 : error.code) === 4001 ||
                 ((_a = error === null || error === void 0 ? void 0 : error.message) === null || _a === void 0 ? void 0 : _a.toLowerCase().includes('user rejected')) ||
                 ((_b = error === null || error === void 0 ? void 0 : error.message) === null || _b === void 0 ? void 0 : _b.toLowerCase().includes('user denied')) ||
@@ -21575,61 +21657,42 @@ class SolanaMobileWalletProvider {
     async restoreSession() {
         const session = await WebSessionManager.getSession();
         if (session) {
-            this.authorizedPublicKey = session.address;
-            this.publicKeyObj = new web3_js.PublicKey(session.address);
             return { provider: this, address: session.address };
         }
         return null;
     }
     async logout() {
-        // Deauthorize with the wallet if we have an auth_token
-        if (this.authToken) {
-            try {
-                await loadMwaProtocol();
-                const { transact } = mwaProtocolModule;
-                const authToken = this.authToken;
-                await transact(async (wallet) => {
-                    await wallet.deauthorize({ auth_token: authToken });
-                }, this.getAssociationConfig());
-            }
-            catch (error) {
-                console.error('[SolanaMobileWallet] Deauthorize error:', error);
+        try {
+            const wallet = await this.ensureWallet();
+            const disconnectFeat = getDisconnectFeature(wallet);
+            if (disconnectFeat) {
+                // Disconnect clears the AuthorizationCache and resets
+                // wallet.#authorization internally (no LNA dialog).
+                await disconnectFeat.disconnect();
             }
         }
-        this.authToken = null;
-        this.walletUriBase = null;
-        this.base64Address = null;
-        this.authorizedPublicKey = null;
-        this.publicKeyObj = null;
+        catch (error) {
+            console.error('[SolanaMobileWallet] Disconnect error:', error);
+        }
         WebSessionManager.clearSession();
         // Clear the auth-method marker so Phantom auto-create is unblocked
         // for any subsequent fresh login on this device.
-        try {
-            getPlatform().storage.removeItem('tarobase_last_auth_method');
-        }
-        catch (_a) { }
+        writeAuthMethod(null);
         setCurrentUser(null);
     }
     async signMessage(message) {
         var _a, _b;
-        if (!this.authorizedPublicKey || !this.base64Address) {
-            throw new Error('Not connected. Call login() first.');
-        }
-        await loadMwaProtocol();
-        const { transact } = mwaProtocolModule;
-        const base64Addr = this.base64Address;
+        const account = await this.ensureAuthorized();
+        const wallet = await this.ensureWallet();
         try {
-            const signedMessages = await transact(async (wallet) => {
-                await this.reauthorizeWallet(wallet);
-                const messageBytes = getPlatform().textEncode(message);
-                return wallet.signMessages({
-                    addresses: [base64Addr],
-                    payloads: [messageBytes],
-                });
-            }, this.getAssociationConfig());
-            const signedPayload = signedMessages[0];
-            const signatureBytes = signedPayload.slice(-ED25519_SIGNATURE_LENGTH);
-            return bufferExports.Buffer.from(signatureBytes).toString('base64');
+            const signMessageFeat = getSignMessageFeature(wallet);
+            const messageBytes = getPlatform().textEncode(message);
+            const results = await signMessageFeat.signMessage({ account, message: messageBytes });
+            if (!results || results.length === 0) {
+                throw new Error('MWA returned no signature');
+            }
+            const { signature: sigBytes } = results[0];
+            return bufferExports.Buffer.from(sigBytes).toString('base64');
         }
         catch (error) {
             if (((_a = error === null || error === void 0 ? void 0 : error.message) === null || _a === void 0 ? void 0 : _a.includes('not connected')) || ((_b = error === null || error === void 0 ? void 0 : error.message) === null || _b === void 0 ? void 0 : _b.includes('not authorized')) ||
@@ -21642,41 +21705,42 @@ class SolanaMobileWalletProvider {
     }
     async signTransaction(transaction) {
         var _a, _b;
-        if (!this.publicKeyObj) {
-            throw new Error('Not connected. Call login() first.');
-        }
-        await loadMwaProtocol();
-        const { transact } = mwaProtocolModule;
-        // Ensure blockhash and fee payer are set before signing
+        const account = await this.ensureAuthorized();
+        const connectedPubkey = new web3_js.PublicKey(account.publicKey);
+        const wallet = await this.ensureWallet();
+        const chain = this.getChain();
+        // Preserve existing prep: fill missing blockhash / fee payer so call
+        // sites that build a tx without these fields don't regress.
         const isLegacyTransaction = 'recentBlockhash' in transaction && !('message' in transaction && 'staticAccountKeys' in transaction.message);
         if (isLegacyTransaction) {
             const legacyTx = transaction;
             if (!legacyTx.recentBlockhash) {
-                const rpcUrl = this.getRpcUrl();
-                const connection = new web3_js.Connection(rpcUrl, 'confirmed');
-                const { blockhash, lastValidBlockHeight } = await connection.getLatestBlockhash('confirmed');
+                const conn = new web3_js.Connection(this.getRpcUrl(), 'confirmed');
+                const { blockhash, lastValidBlockHeight } = await conn.getLatestBlockhash('confirmed');
                 legacyTx.recentBlockhash = blockhash;
                 legacyTx.lastValidBlockHeight = lastValidBlockHeight;
             }
-            if (!legacyTx.feePayer && this.publicKeyObj) {
-                legacyTx.feePayer = this.publicKeyObj;
+            if (!legacyTx.feePayer) {
+                legacyTx.feePayer = connectedPubkey;
             }
         }
         else {
             const versionedTx = transaction;
             if (!versionedTx.message.recentBlockhash) {
-                const rpcUrl = this.getRpcUrl();
-                const connection = new web3_js.Connection(rpcUrl, 'confirmed');
-                const { blockhash } = await connection.getLatestBlockhash('confirmed');
+                const conn = new web3_js.Connection(this.getRpcUrl(), 'confirmed');
+                const { blockhash } = await conn.getLatestBlockhash('confirmed');
                 versionedTx.message.recentBlockhash = blockhash;
             }
         }
         try {
-            const signedTransactions = await transact(async (wallet) => {
-                await this.reauthorizeWallet(wallet);
-                return wallet.signTransactions({ transactions: [transaction] });
-            }, this.getAssociationConfig());
-            return signedTransactions[0];
+            const signTxFeat = getSignTransactionFeature(wallet);
+            const wireBytes = txToWireBytes(transaction);
+            const results = await signTxFeat.signTransaction({ account, transaction: wireBytes, chain });
+            if (!results || results.length === 0) {
+                throw new Error('MWA returned no signed transaction');
+            }
+            const { signedTransaction: signedBytes } = results[0];
+            return txFromWireBytes(new Uint8Array(signedBytes));
         }
         catch (error) {
             if (((_a = error === null || error === void 0 ? void 0 : error.message) === null || _a === void 0 ? void 0 : _a.includes('not connected')) || ((_b = error === null || error === void 0 ? void 0 : error.message) === null || _b === void 0 ? void 0 : _b.includes('not authorized')) ||
@@ -21689,15 +21753,15 @@ class SolanaMobileWalletProvider {
     }
     async signAndSubmitTransaction(transaction, feePayer) {
         var _a, _b, _c, _d, _e, _f;
-        if (!this.publicKeyObj) {
-            throw new Error('Not connected. Call login() first.');
-        }
-        await loadMwaProtocol();
-        const { transact } = mwaProtocolModule;
+        const account = await this.ensureAuthorized();
+        const connectedPubkey = new web3_js.PublicKey(account.publicKey);
+        const wallet = await this.ensureWallet();
+        const chain = this.getChain();
         const rpcUrl = this.getRpcUrl();
         const connection = new web3_js.Connection(rpcUrl, 'confirmed');
         const isSurfnet = rpcUrl === SURFNET_RPC_URL$2;
         try {
+            // Preserve existing prep: refresh blockhash and set fee payer.
             const { blockhash, lastValidBlockHeight } = await connection.getLatestBlockhash('confirmed');
             const isLegacyTransaction = 'recentBlockhash' in transaction && !('message' in transaction && 'staticAccountKeys' in transaction.message);
             if (isLegacyTransaction) {
@@ -21705,12 +21769,7 @@ class SolanaMobileWalletProvider {
                 legacyTx.recentBlockhash = blockhash;
                 legacyTx.lastValidBlockHeight = lastValidBlockHeight;
                 if (!legacyTx.feePayer) {
-                    if (feePayer) {
-                        legacyTx.feePayer = feePayer;
-                    }
-                    else if (this.publicKeyObj) {
-                        legacyTx.feePayer = this.publicKeyObj;
-                    }
+                    legacyTx.feePayer = feePayer !== null && feePayer !== void 0 ? feePayer : connectedPubkey;
                 }
             }
             else {
@@ -21718,14 +21777,19 @@ class SolanaMobileWalletProvider {
                 versionedTx.message.recentBlockhash = blockhash;
             }
             if (isSurfnet) {
-                // Surfnet: sign-only, then submit to our specific RPC
-                const signedTransactions = await transact(async (wallet) => {
-                    await this.reauthorizeWallet(wallet);
-                    return wallet.signTransactions({ transactions: [transaction] });
-                }, this.getAssociationConfig());
-                const signedTx = signedTransactions[0];
+                // Surfnet: sign locally via wallet-standard, submit manually
+                // to the Surfnet RPC. Don't route through signAndSendTransaction
+                // because the wallet would submit to its own RPC.
+                const signTxFeat = getSignTransactionFeature(wallet);
+                const wireBytes = txToWireBytes(transaction);
+                const results = await signTxFeat.signTransaction({ account, transaction: wireBytes, chain });
+                if (!results || results.length === 0) {
+                    throw new Error('MWA returned no signed transaction');
+                }
+                const { signedTransaction: signedBytes } = results[0];
+                const signedTx = txFromWireBytes(new Uint8Array(signedBytes));
                 const signature = await connection.sendRawTransaction(signedTx.serialize(), {
-                    preflightCommitment: 'confirmed'
+                    preflightCommitment: 'confirmed',
                 });
                 const confirmation = await connection.confirmTransaction({
                     signature,
@@ -21737,15 +21801,20 @@ class SolanaMobileWalletProvider {
                 }
                 return signature;
             }
-            // Non-surfnet: use signAndSendTransactions for wallet-optimized submission
-            const signatures = await transact(async (wallet) => {
-                await this.reauthorizeWallet(wallet);
-                return wallet.signAndSendTransactions({
-                    transactions: [transaction],
-                    commitment: 'confirmed',
-                });
-            }, this.getAssociationConfig());
-            const signature = signatures[0];
+            // Non-Surfnet: wallet signs and submits to its own RPC.
+            const signSendFeat = getSignAndSendTransactionFeature(wallet);
+            const wireBytes = txToWireBytes(transaction);
+            const results = await signSendFeat.signAndSendTransaction({
+                account,
+                transaction: wireBytes,
+                chain,
+                options: { commitment: 'confirmed' },
+            });
+            if (!results || results.length === 0) {
+                throw new Error('MWA returned no signature');
+            }
+            const { signature: sigBytes } = results[0];
+            const signature = base58.encode(sigBytes);
             await confirmAndCheckTransaction(connection, signature);
             return signature;
         }
@@ -21771,16 +21840,14 @@ class SolanaMobileWalletProvider {
         if (!solTransactionData) {
             throw new Error('Solana transaction data is required for mobile wallet');
         }
-        if (!this.publicKeyObj || !this.authorizedPublicKey) {
-            await this.login();
-        }
-        await loadMwaProtocol();
-        const { transact } = mwaProtocolModule;
+        const account = await this.ensureAuthorized();
+        const connectedPubkey = new web3_js.PublicKey(account.publicKey);
+        const wallet = await this.ensureWallet();
+        const chain = this.getChain();
         const rpcUrl = this.getRpcUrl(solTransactionData.network);
         const connection = new web3_js.Connection(rpcUrl, 'confirmed');
         const isSurfnet = rpcUrl === SURFNET_RPC_URL$2;
         try {
-            const publicKey = this.publicKeyObj;
             const remainingAccounts = convertRemainingAccounts(solTransactionData.txArgs[0].remainingAccounts);
             let app_id = solTransactionData.appId;
             if (typeof window !== 'undefined' && window.CUSTOM_TAROBASE_APP_ID_HEADER) {
@@ -21789,9 +21856,9 @@ class SolanaMobileWalletProvider {
             if (!app_id) {
                 throw new Error('App ID is required');
             }
-            // Create a mock wallet adapter for Anchor (only publicKey is needed for building TX)
+            // Mock wallet adapter for Anchor — only publicKey is read during build.
             const mockWalletAdapter = {
-                publicKey,
+                publicKey: connectedPubkey,
                 signTransaction: async (tx) => tx,
                 signAllTransactions: async (txs) => txs,
             };
@@ -21809,10 +21876,12 @@ class SolanaMobileWalletProvider {
             }
             let tx;
             if (solTransactionData.signedTransaction) {
+                // Server has co-signed a CPI attestation. Do NOT mutate its
+                // blockhash — that would invalidate the server's signature.
                 tx = web3_js.VersionedTransaction.deserialize(bufferExports.Buffer.from(solTransactionData.signedTransaction, 'base64'));
             }
             else {
-                const result = await buildSetDocumentsTransaction(connection, solTransactionData.txArgs[0].idl, anchorProvider, publicKey, {
+                const result = await buildSetDocumentsTransaction(connection, solTransactionData.txArgs[0].idl, anchorProvider, connectedPubkey, {
                     app_id,
                     documents: solTransactionData.txArgs[0].setDocumentData,
                     delete_paths: solTransactionData.txArgs[0].deletePaths,
@@ -21820,11 +21889,16 @@ class SolanaMobileWalletProvider {
                 }, finalDeduped, solTransactionData.lutKey, solTransactionData.preInstructions, false, solTransactionData.additionalLutAddresses);
                 tx = result.tx;
             }
+            // Sign-only branch — sign the tx but don't submit.
             if ((options === null || options === void 0 ? void 0 : options.shouldSubmitTx) === false) {
-                const [signedTx] = await transact(async (wallet) => {
-                    await this.reauthorizeWallet(wallet);
-                    return wallet.signTransactions({ transactions: [tx] });
-                }, this.getAssociationConfig());
+                const signTxFeat = getSignTransactionFeature(wallet);
+                const wireBytes = txToWireBytes(tx);
+                const results = await signTxFeat.signTransaction({ account, transaction: wireBytes, chain });
+                if (!results || results.length === 0) {
+                    throw new Error('MWA returned no signed transaction');
+                }
+                const { signedTransaction: signedBytes } = results[0];
+                const signedTx = txFromWireBytes(new Uint8Array(signedBytes));
                 return {
                     signedTransaction: signedTx,
                     blockNumber: 0,
@@ -21833,14 +21907,18 @@ class SolanaMobileWalletProvider {
                 };
             }
             if (isSurfnet) {
-                // Surfnet: sign then submit manually to our RPC
-                const [signedTx] = await transact(async (wallet) => {
-                    await this.reauthorizeWallet(wallet);
-                    return wallet.signTransactions({ transactions: [tx] });
-                }, this.getAssociationConfig());
+                // Surfnet: sign locally via wallet-standard, submit manually.
+                const signTxFeat = getSignTransactionFeature(wallet);
+                const wireBytes = txToWireBytes(tx);
+                const results = await signTxFeat.signTransaction({ account, transaction: wireBytes, chain });
+                if (!results || results.length === 0) {
+                    throw new Error('MWA returned no signed transaction');
+                }
+                const { signedTransaction: signedBytes } = results[0];
+                const signedTx = txFromWireBytes(new Uint8Array(signedBytes));
                 const { blockhash, lastValidBlockHeight } = await connection.getLatestBlockhash('confirmed');
                 const signature = await connection.sendRawTransaction(signedTx.serialize(), {
-                    preflightCommitment: 'confirmed'
+                    preflightCommitment: 'confirmed',
                 });
                 const confirmation = await connection.confirmTransaction({
                     signature,
@@ -21852,7 +21930,7 @@ class SolanaMobileWalletProvider {
                 }
                 const txInfo = await connection.getParsedTransaction(signature, {
                     maxSupportedTransactionVersion: 0,
-                    commitment: 'confirmed'
+                    commitment: 'confirmed',
                 });
                 return {
                     transactionSignature: signature,
@@ -21861,15 +21939,20 @@ class SolanaMobileWalletProvider {
                     data: txInfo === null || txInfo === void 0 ? void 0 : txInfo.meta,
                 };
             }
-            // Non-surfnet: use signAndSendTransactions
-            const signatures = await transact(async (wallet) => {
-                await this.reauthorizeWallet(wallet);
-                return wallet.signAndSendTransactions({
-                    transactions: [tx],
-                    commitment: 'confirmed',
-                });
-            }, this.getAssociationConfig());
-            const signature = signatures[0];
+            // Non-Surfnet: wallet signs and submits to its own RPC.
+            const signSendFeat = getSignAndSendTransactionFeature(wallet);
+            const wireBytes = txToWireBytes(tx);
+            const results = await signSendFeat.signAndSendTransaction({
+                account,
+                transaction: wireBytes,
+                chain,
+                options: { commitment: 'confirmed' },
+            });
+            if (!results || results.length === 0) {
+                throw new Error('MWA returned no signature');
+            }
+            const { signature: sigBytes } = results[0];
+            const signature = base58.encode(sigBytes);
             const txInfo = await confirmAndCheckTransaction(connection, signature);
             return {
                 transactionSignature: signature,
@@ -21896,11 +21979,36 @@ class SolanaMobileWalletProvider {
         }
     }
     async getNativeMethods() {
+        var _a, _b, _c;
+        // Synchronous-ish state read; tolerate the wallet being unauthorized
+        // (return nulls). Don't trigger ensureAuthorized() here — callers that
+        // need the wallet active should sign through one of the sign methods.
+        const wallet = this.wallet;
+        if (!wallet) {
+            return {
+                authToken: null,
+                walletUriBase: null,
+                publicKey: null,
+                base64Address: null,
+                wallet: null,
+                currentAuthorization: null,
+            };
+        }
+        const acct = (_a = wallet.accounts) === null || _a === void 0 ? void 0 : _a[0];
+        const auth = wallet.currentAuthorization;
+        let publicKey = null;
+        let base64Address = null;
+        if (acct) {
+            publicKey = new web3_js.PublicKey(acct.publicKey);
+            base64Address = btoa(String.fromCharCode(...acct.publicKey));
+        }
         return {
-            authToken: this.authToken,
-            walletUriBase: this.walletUriBase,
-            publicKey: this.publicKeyObj,
-            base64Address: this.base64Address,
+            authToken: (_b = auth === null || auth === void 0 ? void 0 : auth.auth_token) !== null && _b !== void 0 ? _b : null,
+            walletUriBase: (_c = auth === null || auth === void 0 ? void 0 : auth.wallet_uri_base) !== null && _c !== void 0 ? _c : null,
+            publicKey,
+            base64Address,
+            wallet,
+            currentAuthorization: auth !== null && auth !== void 0 ? auth : null,
         };
     }
     /* ----------------------------------------------------------- *
@@ -22328,4 +22436,4 @@ exports.signSessionCreateMessage = signSessionCreateMessage;
 exports.signTransaction = signTransaction;
 exports.subscribe = subscribe;
 exports.useAuth = useAuth;
-//# sourceMappingURL=index-BPlF6-PQ.js.map
+//# sourceMappingURL=index-R7cvXys2.js.map