@pooflabs/web 0.0.84 → 0.0.85-rc1

package/dist/{index-XHbmzFFO.esm.js → index-ZKzq5QT_.esm.js}

@@ -1,5 +1,5 @@
 import globalAxios from 'axios';
-import { PublicKey, SystemProgram, TransactionInstruction, ComputeBudgetProgram, Keypair, VersionedTransaction, TransactionMessage, Transaction, Connection } from '@solana/web3.js';
+import { PublicKey, SystemProgram, TransactionInstruction, ComputeBudgetProgram, Keypair, VersionedTransaction, TransactionMessage, Transaction, Connection, VersionedMessage } from '@solana/web3.js';
 import * as anchor from '@coral-xyz/anchor';
 import { Program } from '@coral-xyz/anchor';
 import * as React$2 from 'react';
@@ -12817,10 +12817,10 @@ let currentAuthProvider = null;
 let currentAuthMethod = null;
 let initConfig = null;
 // --- localStorage helpers: track which auth method the user last logged in with ---
-const STORED_AUTH_METHOD_KEY = 'tarobase_last_auth_method';
+const STORED_AUTH_METHOD_KEY$1 = 'tarobase_last_auth_method';
 function getStoredAuthMethod() {
     try {
-        return getPlatform().storage.getItem(STORED_AUTH_METHOD_KEY);
+        return getPlatform().storage.getItem(STORED_AUTH_METHOD_KEY$1);
     }
     catch (_a) {
         return null;
@@ -12829,10 +12829,10 @@ function getStoredAuthMethod() {
 function setStoredAuthMethod(method) {
     try {
         if (method) {
-            getPlatform().storage.setItem(STORED_AUTH_METHOD_KEY, method);
+            getPlatform().storage.setItem(STORED_AUTH_METHOD_KEY$1, method);
         }
         else {
-            getPlatform().storage.removeItem(STORED_AUTH_METHOD_KEY);
+            getPlatform().storage.removeItem(STORED_AUTH_METHOD_KEY$1);
         }
     }
     catch (_a) {
@@ -15709,7 +15709,7 @@ async function loadDependencies() {
         const [reactModule, reactDomModule, phantomModule] = await Promise.all([
             import('react'),
             import('react-dom/client'),
-            import('./index-CH2G5Y9i.esm.js')
+            import('./index-Buu8v-Oe.esm.js')
         ]);
         // Extract default export from ESM module namespace
         // Dynamic import() returns { default: Module, ...exports }, not the module directly
@@ -21278,26 +21278,135 @@ function isMobileWalletAvailable() {
     return detectAndroid();
 }
 const ED25519_SIGNATURE_LENGTH = 64;
-// Dynamically imported MWA protocol module
-let mwaProtocolModule = null;
-let mwaProtocolLoadPromise = null;
-async function loadMwaProtocol() {
-    if (mwaProtocolModule)
-        return;
-    if (typeof window === 'undefined')
-        return;
-    if (mwaProtocolLoadPromise)
-        return mwaProtocolLoadPromise;
-    mwaProtocolLoadPromise = (async () => {
-        try {
-            mwaProtocolModule = await import('./index.browser-D8VWPXTZ.esm.js');
+const STORED_AUTH_METHOD_KEY = 'tarobase_last_auth_method';
+const MWA_AUTH_METHOD = 'mobile-wallet-adapter';
+/**
+ * Normalize a chain string to a wallet-standard Solana chain identifier.
+ *
+ * Handles three input shapes that all show up in practice:
+ *  - Bare cluster name from `SolanaMobileWalletConfig.cluster` (e.g. 'devnet').
+ *  - Prefixed `solana:cluster` (e.g. 'solana:devnet').
+ *  - Double-prefixed `solana:solana:cluster` (constructor used to wrap cluster
+ *    with `solana:` blindly; if a caller already passed a prefixed string the
+ *    result was `solana:solana:devnet`).
+ *
+ * Wallet-standard Solana chains are exactly:
+ *   'solana:mainnet' | 'solana:devnet' | 'solana:testnet' | 'solana:localnet'
+ * — `mainnet-beta` is NOT a valid wallet-standard identifier and must be
+ * normalized to `solana:mainnet`.
+ */
+function mapChainToWalletStandard(input) {
+    if (!input)
+        return 'solana:mainnet';
+    let s = String(input).toLowerCase();
+    while (s.startsWith('solana:'))
+        s = s.slice('solana:'.length);
+    if (s === 'mainnet-beta' || s === 'mainnet')
+        return 'solana:mainnet';
+    if (s === 'devnet')
+        return 'solana:devnet';
+    if (s === 'testnet')
+        return 'solana:testnet';
+    if (s === 'localnet')
+        return 'solana:localnet';
+    return 'solana:mainnet';
+}
+/**
+ * Serialize a Transaction/VersionedTransaction to a Uint8Array wire payload
+ * that the wallet-standard `solana:signTransaction` /
+ * `solana:signAndSendTransaction` features expect.
+ *
+ * Legacy transactions must serialize with `requireAllSignatures: false` and
+ * `verifySignatures: false` — the wallet hasn't signed yet, and the default
+ * `serialize()` would throw "Signature verification failed". Versioned
+ * transactions use the default `serialize()` which already permits unsigned
+ * payloads. Mirrors the helper at
+ * `@solana-mobile/mobile-wallet-adapter-protocol-web3js/lib/esm/index.browser.js:13-18`.
+ */
+function txToWireBytes(tx) {
+    if ('version' in tx)
+        return tx.serialize();
+    return tx.serialize({ requireAllSignatures: false, verifySignatures: false });
+}
+/**
+ * Deserialize a wire-format transaction returned by the wallet
+ * `solana:signTransaction` feature. Mirrors the helper at
+ * `@solana-mobile/mobile-wallet-adapter-protocol-web3js/lib/esm/index.browser.js:19-23`
+ * so legacy and versioned bytes both round-trip correctly.
+ */
+function txFromWireBytes(byteArray) {
+    const messageOffset = byteArray[0] * ED25519_SIGNATURE_LENGTH + 1;
+    const messageVersion = VersionedMessage.deserializeMessageVersion(byteArray.slice(messageOffset, byteArray.length));
+    if (messageVersion === 'legacy') {
+        return Transaction.from(byteArray);
+    }
+    return VersionedTransaction.deserialize(byteArray);
+}
+/**
+ * Per-method runtime narrowing of wallet-standard features. The wallet's
+ * `.features` type is a union (`signAndSendTransaction` | `signTransaction`),
+ * and after authorization the wallet may also narrow `#optionalFeatures`
+ * based on actual wallet capabilities. Narrow at the call site so a method
+ * that needs only `signMessage` doesn't fail when a wallet lacks
+ * `signTransaction`.
+ */
+function getSignMessageFeature(wallet) {
+    const f = wallet.features;
+    const feat = f['solana:signMessage'];
+    if (!feat || typeof feat.signMessage !== 'function') {
+        throw new Error('Wallet does not support solana:signMessage');
+    }
+    return feat;
+}
+function getSignTransactionFeature(wallet) {
+    const f = wallet.features;
+    const feat = f['solana:signTransaction'];
+    if (!feat || typeof feat.signTransaction !== 'function') {
+        throw new Error('Wallet does not support solana:signTransaction');
+    }
+    return feat;
+}
+function getSignAndSendTransactionFeature(wallet) {
+    const f = wallet.features;
+    const feat = f['solana:signAndSendTransaction'];
+    if (!feat || typeof feat.signAndSendTransaction !== 'function') {
+        throw new Error('Wallet does not support solana:signAndSendTransaction');
+    }
+    return feat;
+}
+function getConnectFeature(wallet) {
+    const f = wallet.features;
+    const feat = f['standard:connect'];
+    if (!feat || typeof feat.connect !== 'function') {
+        throw new Error('Wallet does not support standard:connect');
+    }
+    return feat;
+}
+function getDisconnectFeature(wallet) {
+    const f = wallet.features;
+    const feat = f['standard:disconnect'];
+    return feat && typeof feat.disconnect === 'function' ? feat : null;
+}
+function writeAuthMethod(method) {
+    try {
+        if (method === null) {
+            getPlatform().storage.removeItem(STORED_AUTH_METHOD_KEY);
         }
-        catch (e) {
-            console.warn('[SolanaMobileWallet] @solana-mobile/mobile-wallet-adapter-protocol-web3js not installed. Install it to enable Seeker wallet support.');
-            throw new Error('Missing @solana-mobile/mobile-wallet-adapter-protocol-web3js dependency');
+        else {
+            getPlatform().storage.setItem(STORED_AUTH_METHOD_KEY, method);
         }
-    })();
-    return mwaProtocolLoadPromise;
+    }
+    catch (_a) {
+        // storage may be unavailable
+    }
+}
+function readAuthMethod() {
+    try {
+        return getPlatform().storage.getItem(STORED_AUTH_METHOD_KEY);
+    }
+    catch (_a) {
+        return null;
+    }
 }
 /**
  * Registers Mobile Wallet Adapter as a wallet-standard wallet so it appears
@@ -21312,7 +21421,7 @@ async function registerMobileWalletAdapter(config) {
     if (typeof window === 'undefined')
         return;
     try {
-        const walletStandardMobile = await import('./index.browser-Cgj7Hs6n.esm.js');
+        const walletStandardMobile = await import('./index.browser-zfGYm0ST.esm.js');
         const registerMwa = walletStandardMobile.registerMwa || ((_a = walletStandardMobile.default) === null || _a === void 0 ? void 0 : _a.registerMwa);
         if (!registerMwa) {
             console.warn('[SolanaMobileWallet] registerMwa not found in @solana-mobile/wallet-standard-mobile');
@@ -21341,32 +21450,41 @@ async function registerMobileWalletAdapter(config) {
         registerMwa(options);
     }
     catch (e) {
-        // @solana-mobile/wallet-standard-mobile is an optional dependency
-        // Silently skip if not installed — the provider still works via
-        // @solana-mobile/mobile-wallet-adapter-protocol-web3js directly
         console.debug('[SolanaMobileWallet] @solana-mobile/wallet-standard-mobile not available, skipping wallet-standard registration');
     }
 }
 /**
- * SolanaMobileWalletProvider implements the AuthProvider interface using the
- * Solana Mobile Wallet Adapter (MWA) protocol's low-level `transact` API.
+ * SolanaMobileWalletProvider implements the AuthProvider interface using
+ * Solana Mobile's wallet-standard wrapper (`LocalSolanaMobileWalletAdapterWallet`).
  *
- * This enables TaroBase dApps to work with any MWA-compliant wallet on Solana
- * mobile devices (Seeker, Saga) — including the native Seed Vault Wallet,
- * Phantom, Solflare, and any other wallet that implements the MWA protocol.
+ * Why wallet-standard and not the raw MWA protocol: as of
+ * `@solana-mobile/wallet-standard-mobile@0.5.0+`, the wallet's internal
+ * `#transact` calls `checkLocalNetworkAccessPermission()` before opening the
+ * localhost WebSocket. That helper renders a three-stage UX flow Solana
+ * Mobile designed specifically to defuse Chrome's Local Network Access
+ * permission dialog (which renders with disabled buttons on Android Chrome,
+ * the source of the long-running Seeker MWA bug):
  *
- * By using `transact()` directly (instead of the wallet-adapter wrapper),
- * login combines authorize + signMessage into a single wallet session —
- * meaning one popup/approval instead of two.
+ *   1. "Allow connections to your wallet" informational modal.
+ *   2. Chrome's permission prompt (interactive because it's spawned as a
+ *      fresh user gesture from step 1).
+ *   3. "Ready to connect!" success modal.
+ *
+ * `checkLocalNetworkAccessPermission` is internal to the library — it's not
+ * exported. The only way to invoke it is to go through the wallet's
+ * `standard:connect` / `solana:sign*` features, which is what this provider
+ * does.
+ *
+ * Notes on UX: login uses two wallet popups in succession — `standard:connect`
+ * (authorize) and `solana:signMessage` (sign the Tarobase nonce). The
+ * previous implementation combined both inside a single `transact` callback;
+ * splitting them is the cost of going through wallet-standard, and is
+ * acceptable given the alternative was broken on Seeker.
  */
 class SolanaMobileWalletProvider {
     constructor(networkUrl = null, config = {}) {
-        // MWA authorization state
-        this.authToken = null;
-        this.walletUriBase = null;
-        this.base64Address = null;
-        this.authorizedPublicKey = null;
-        this.publicKeyObj = null;
+        /** LocalSolanaMobileWalletAdapterWallet, lazy-constructed in ensureWallet(). */
+        this.wallet = null;
         this.networkUrl = networkUrl;
         this.config = config;
         if (typeof window === 'undefined') {
@@ -21379,7 +21497,7 @@ class SolanaMobileWalletProvider {
             name: 'TaroBase App',
             uri: getPlatform().getLocationOrigin(),
         };
-        this.chain = `solana:${config.cluster || 'mainnet-beta'}`;
+        this.cluster = config.cluster || 'mainnet-beta';
         SolanaMobileWalletProvider.instance = this;
     }
     static getInstance(networkUrl, config) {
@@ -21388,154 +21506,118 @@ class SolanaMobileWalletProvider {
         }
         return SolanaMobileWalletProvider.instance;
     }
-    /** Config for transact() — routes to the same wallet if we've already authorized */
-    getAssociationConfig() {
-        if (this.walletUriBase) {
-            return { baseUri: this.walletUriBase };
-        }
-        return undefined;
+    /** Lazy-construct LocalSolanaMobileWalletAdapterWallet on first need. */
+    async ensureWallet() {
+        if (this.wallet)
+            return this.wallet;
+        const mod = await import('./index.browser-zfGYm0ST.esm.js');
+        const chain = mapChainToWalletStandard(this.cluster);
+        this.wallet = new mod.LocalSolanaMobileWalletAdapterWallet({
+            appIdentity: this.appIdentity,
+            authorizationCache: mod.createDefaultAuthorizationCache(),
+            chains: [chain],
+            chainSelector: mod.createDefaultChainSelector(),
+            onWalletNotFound: mod.createDefaultWalletNotFoundHandler(),
+        });
+        return this.wallet;
     }
-    /** Reauthorize within a transact callback using a stored auth_token */
-    async reauthorizeWallet(wallet) {
-        if (!this.authToken) {
-            // No existing auth — do a fresh authorize
-            const authResult = await wallet.authorize({
-                identity: this.appIdentity,
-                chain: this.chain,
-            });
-            this.storeAuthResult(authResult);
-            return authResult;
+    /**
+     * Ensure the wallet has an active authorization. After a Tarobase session
+     * is restored from storage on cold-start, `wallet.accounts` is empty until
+     * we silently reconnect from the AuthorizationCache. If the cache is also
+     * empty, fall back to interactive `login()` (which surfaces the three-stage
+     * Solana Mobile LNA flow + wallet popups).
+     *
+     * Returns the wallet-standard `WalletAccount` to use for sign operations.
+     */
+    async ensureAuthorized() {
+        const wallet = await this.ensureWallet();
+        if (wallet.accounts.length === 0) {
+            try {
+                const connectFeat = getConnectFeature(wallet);
+                await connectFeat.connect({ silent: true });
+            }
+            catch (e) {
+                console.warn('[SolanaMobileWallet] silent connect failed:', e === null || e === void 0 ? void 0 : e.message);
+            }
         }
-        try {
-            const authResult = await wallet.reauthorize({
-                auth_token: this.authToken,
-                identity: this.appIdentity,
-            });
-            this.storeAuthResult(authResult);
-            return authResult;
-        }
-        catch (e) {
-            // Reauth failed (token expired, wallet reset, etc.) — try fresh authorize
-            console.warn('[SolanaMobileWallet] Reauthorization failed, attempting fresh authorize:', e === null || e === void 0 ? void 0 : e.message);
-            const authResult = await wallet.authorize({
-                identity: this.appIdentity,
-                chain: this.chain,
-            });
-            this.storeAuthResult(authResult);
-            return authResult;
+        if (wallet.accounts.length === 0) {
+            const user = await this.login();
+            if (!user)
+                throw new Error('MWA not connected');
         }
+        return wallet.accounts[0];
     }
-    /** Persist auth result from an authorize/reauthorize call */
-    storeAuthResult(authResult) {
-        var _a;
-        this.authToken = authResult.auth_token;
-        this.walletUriBase = authResult.wallet_uri_base;
-        if (((_a = authResult.accounts) === null || _a === void 0 ? void 0 : _a.length) > 0) {
-            const account = authResult.accounts[0];
-            this.base64Address = account.address;
-            // Decode base64 address → PublicKey → base58
-            const addressBytes = Uint8Array.from(getPlatform().atob(account.address), c => c.charCodeAt(0));
-            this.publicKeyObj = new PublicKey(addressBytes);
-            this.authorizedPublicKey = this.publicKeyObj.toBase58();
-        }
+    /** Returns the active wallet-standard chain identifier (e.g. 'solana:mainnet'). */
+    getChain() {
+        return mapChainToWalletStandard(this.cluster);
     }
     async login() {
         var _a, _b, _c, _d, _e;
         setAuthLoading(true);
-        // Mark the auth method early so a concurrent Phantom auto-create can see
-        // 'mobile-wallet-adapter' during our slow transact() / session-creation
-        // roundtrip and back off (see phantom-wallet-provider autoCreateSession).
-        // Capture the previous value so we can restore it if login fails.
-        let prevAuthMethod = null;
-        try {
-            prevAuthMethod = getPlatform().storage.getItem('tarobase_last_auth_method');
-        }
-        catch (_f) { }
+        // Mark the auth method early so a concurrent Phantom auto-create-session
+        // effect (see phantom-wallet-provider) sees 'mobile-wallet-adapter'
+        // during our slow connect/sign roundtrip and backs off. Capture the
+        // previous value so we can restore it if login fails.
+        const prevAuthMethod = readAuthMethod();
+        writeAuthMethod(MWA_AUTH_METHOD);
         try {
-            getPlatform().storage.setItem('tarobase_last_auth_method', 'mobile-wallet-adapter');
-        }
-        catch (_g) { }
-        try {
-            await loadMwaProtocol();
-            const { transact } = mwaProtocolModule;
-            // Quick check: if we already have auth state and a valid session, skip
-            if (this.authorizedPublicKey) {
+            const wallet = await this.ensureWallet();
+            // Quick-check: wallet may already have authorization (e.g. from a
+            // previous in-page login) and a matching Tarobase session — skip
+            // popups in that case.
+            if (wallet.accounts.length > 0) {
+                const accountPubkey = new PublicKey(wallet.accounts[0].publicKey);
+                const base58Addr = accountPubkey.toBase58();
                 const existingSession = await WebSessionManager.getSession();
-                if (existingSession && existingSession.address === this.authorizedPublicKey) {
-                    const user = { provider: this, address: this.authorizedPublicKey };
+                if (existingSession && existingSession.address === base58Addr) {
+                    const user = { provider: this, address: base58Addr };
                     setCurrentUser(user);
                     return user;
                 }
             }
-            // Pre-fetch nonce from server while wallet is not yet connected
+            // Pre-fetch nonce while the wallet popup is not yet open.
             const nonce = await genAuthNonce();
-            // Single transact() call: authorize + signMessages — one wallet popup
-            const result = await transact(async (wallet) => {
-                // Step 1: Authorize — user approves the dApp
-                const authResult = await wallet.authorize({
-                    identity: this.appIdentity,
-                    chain: this.chain,
-                });
-                const base64Addr = authResult.accounts[0].address;
-                const addressBytes = Uint8Array.from(getPlatform().atob(base64Addr), c => c.charCodeAt(0));
-                const pubkey = new PublicKey(addressBytes);
-                const base58Addr = pubkey.toBase58();
-                // Step 2: Sign the auth message — still in the same wallet session
-                const messageText = await genSolanaMessage(base58Addr, nonce);
-                const messageBytes = getPlatform().textEncode(messageText);
-                const signedMessages = await wallet.signMessages({
-                    addresses: [base64Addr],
-                    payloads: [messageBytes],
-                });
-                // The signed payload is [original message bytes][64-byte ed25519 signature]
-                const signedPayload = signedMessages[0];
-                const signatureBytes = signedPayload.slice(-ED25519_SIGNATURE_LENGTH);
-                return {
-                    base58Address: base58Addr,
-                    base64Address: base64Addr,
-                    publicKey: pubkey,
-                    signature: bufferExports.Buffer.from(signatureBytes).toString('base64'),
-                    messageText,
-                    authToken: authResult.auth_token,
-                    walletUriBase: authResult.wallet_uri_base,
-                };
-            }, this.getAssociationConfig());
-            // Store MWA auth state for reauthorization in subsequent transact() calls
-            this.authToken = result.authToken;
-            this.walletUriBase = result.walletUriBase;
-            this.base64Address = result.base64Address;
-            this.authorizedPublicKey = result.base58Address;
-            this.publicKeyObj = result.publicKey;
-            // Check if we already have a valid session for this address
+            // Wallet popup #1: standard:connect performs MWA authorize. This
+            // is where wallet-standard's checkLocalNetworkAccessPermission()
+            // fires the three-stage LNA UX (info modal → permission prompt →
+            // success modal) before opening the localhost WebSocket.
+            const connectFeat = getConnectFeature(wallet);
+            const { accounts } = await connectFeat.connect();
+            if (!accounts || accounts.length === 0) {
+                throw new Error('MWA returned no accounts');
+            }
+            const account = accounts[0];
+            const accountPubkey = new PublicKey(account.publicKey);
+            const base58Addr = accountPubkey.toBase58();
+            // If we happen to already have a matching Tarobase session, reuse it.
             const existingSession = await WebSessionManager.getSession();
-            if (existingSession && existingSession.address === result.base58Address) {
-                const user = { provider: this, address: result.base58Address };
+            if (existingSession && existingSession.address === base58Addr) {
+                const user = { provider: this, address: base58Addr };
                 setCurrentUser(user);
                 return user;
             }
-            // Create new session on the server
-            const createSessionResult = await createSessionWithSignature(result.base58Address, result.messageText, result.signature);
-            await WebSessionManager.storeSession(result.base58Address, createSessionResult.accessToken, createSessionResult.idToken, createSessionResult.refreshToken);
-            // Mark auth method
-            try {
-                getPlatform().storage.setItem('tarobase_last_auth_method', 'mobile-wallet-adapter');
+            // Wallet popup #2: sign the Tarobase nonce message.
+            const messageText = await genSolanaMessage(base58Addr, nonce);
+            const messageBytes = getPlatform().textEncode(messageText);
+            const signMessageFeat = getSignMessageFeature(wallet);
+            const signResults = await signMessageFeat.signMessage({ account, message: messageBytes });
+            if (!signResults || signResults.length === 0) {
+                throw new Error('MWA returned no signature');
             }
-            catch (_h) { }
-            const user = { provider: this, address: result.base58Address };
+            const { signature: sigBytes } = signResults[0];
+            const signatureBase64 = bufferExports.Buffer.from(sigBytes).toString('base64');
+            // Create Tarobase session on the server.
+            const createSessionResult = await createSessionWithSignature(base58Addr, messageText, signatureBase64);
+            await WebSessionManager.storeSession(base58Addr, createSessionResult.accessToken, createSessionResult.idToken, createSessionResult.refreshToken);
+            // Auth-method marker is already 'mobile-wallet-adapter' from above.
+            const user = { provider: this, address: base58Addr };
             setCurrentUser(user);
             return user;
         }
         catch (error) {
-            // Restore the previous auth method since this login attempt failed.
-            try {
-                if (prevAuthMethod === null) {
-                    getPlatform().storage.removeItem('tarobase_last_auth_method');
-                }
-                else {
-                    getPlatform().storage.setItem('tarobase_last_auth_method', prevAuthMethod);
-                }
-            }
-            catch (_j) { }
+            // Restore the previous auth-method marker since this login attempt failed.
+            writeAuthMethod(prevAuthMethod);
             const isUserRejection = (error === null || error === void 0 ? void 0 : error.code) === 4001 ||
                 ((_a = error === null || error === void 0 ? void 0 : error.message) === null || _a === void 0 ? void 0 : _a.toLowerCase().includes('user rejected')) ||
                 ((_b = error === null || error === void 0 ? void 0 : error.message) === null || _b === void 0 ? void 0 : _b.toLowerCase().includes('user denied')) ||
@@ -21554,61 +21636,42 @@ class SolanaMobileWalletProvider {
     async restoreSession() {
         const session = await WebSessionManager.getSession();
         if (session) {
-            this.authorizedPublicKey = session.address;
-            this.publicKeyObj = new PublicKey(session.address);
             return { provider: this, address: session.address };
         }
         return null;
     }
     async logout() {
-        // Deauthorize with the wallet if we have an auth_token
-        if (this.authToken) {
-            try {
-                await loadMwaProtocol();
-                const { transact } = mwaProtocolModule;
-                const authToken = this.authToken;
-                await transact(async (wallet) => {
-                    await wallet.deauthorize({ auth_token: authToken });
-                }, this.getAssociationConfig());
-            }
-            catch (error) {
-                console.error('[SolanaMobileWallet] Deauthorize error:', error);
+        try {
+            const wallet = await this.ensureWallet();
+            const disconnectFeat = getDisconnectFeature(wallet);
+            if (disconnectFeat) {
+                // Disconnect clears the AuthorizationCache and resets
+                // wallet.#authorization internally (no LNA dialog).
+                await disconnectFeat.disconnect();
             }
         }
-        this.authToken = null;
-        this.walletUriBase = null;
-        this.base64Address = null;
-        this.authorizedPublicKey = null;
-        this.publicKeyObj = null;
+        catch (error) {
+            console.error('[SolanaMobileWallet] Disconnect error:', error);
+        }
         WebSessionManager.clearSession();
         // Clear the auth-method marker so Phantom auto-create is unblocked
         // for any subsequent fresh login on this device.
-        try {
-            getPlatform().storage.removeItem('tarobase_last_auth_method');
-        }
-        catch (_a) { }
+        writeAuthMethod(null);
         setCurrentUser(null);
     }
     async signMessage(message) {
         var _a, _b;
-        if (!this.authorizedPublicKey || !this.base64Address) {
-            throw new Error('Not connected. Call login() first.');
-        }
-        await loadMwaProtocol();
-        const { transact } = mwaProtocolModule;
-        const base64Addr = this.base64Address;
+        const account = await this.ensureAuthorized();
+        const wallet = await this.ensureWallet();
         try {
-            const signedMessages = await transact(async (wallet) => {
-                await this.reauthorizeWallet(wallet);
-                const messageBytes = getPlatform().textEncode(message);
-                return wallet.signMessages({
-                    addresses: [base64Addr],
-                    payloads: [messageBytes],
-                });
-            }, this.getAssociationConfig());
-            const signedPayload = signedMessages[0];
-            const signatureBytes = signedPayload.slice(-ED25519_SIGNATURE_LENGTH);
-            return bufferExports.Buffer.from(signatureBytes).toString('base64');
+            const signMessageFeat = getSignMessageFeature(wallet);
+            const messageBytes = getPlatform().textEncode(message);
+            const results = await signMessageFeat.signMessage({ account, message: messageBytes });
+            if (!results || results.length === 0) {
+                throw new Error('MWA returned no signature');
+            }
+            const { signature: sigBytes } = results[0];
+            return bufferExports.Buffer.from(sigBytes).toString('base64');
         }
         catch (error) {
             if (((_a = error === null || error === void 0 ? void 0 : error.message) === null || _a === void 0 ? void 0 : _a.includes('not connected')) || ((_b = error === null || error === void 0 ? void 0 : error.message) === null || _b === void 0 ? void 0 : _b.includes('not authorized')) ||
@@ -21621,41 +21684,42 @@ class SolanaMobileWalletProvider {
     }
     async signTransaction(transaction) {
         var _a, _b;
-        if (!this.publicKeyObj) {
-            throw new Error('Not connected. Call login() first.');
-        }
-        await loadMwaProtocol();
-        const { transact } = mwaProtocolModule;
-        // Ensure blockhash and fee payer are set before signing
+        const account = await this.ensureAuthorized();
+        const connectedPubkey = new PublicKey(account.publicKey);
+        const wallet = await this.ensureWallet();
+        const chain = this.getChain();
+        // Preserve existing prep: fill missing blockhash / fee payer so call
+        // sites that build a tx without these fields don't regress.
         const isLegacyTransaction = 'recentBlockhash' in transaction && !('message' in transaction && 'staticAccountKeys' in transaction.message);
         if (isLegacyTransaction) {
             const legacyTx = transaction;
             if (!legacyTx.recentBlockhash) {
-                const rpcUrl = this.getRpcUrl();
-                const connection = new Connection(rpcUrl, 'confirmed');
-                const { blockhash, lastValidBlockHeight } = await connection.getLatestBlockhash('confirmed');
+                const conn = new Connection(this.getRpcUrl(), 'confirmed');
+                const { blockhash, lastValidBlockHeight } = await conn.getLatestBlockhash('confirmed');
                 legacyTx.recentBlockhash = blockhash;
                 legacyTx.lastValidBlockHeight = lastValidBlockHeight;
             }
-            if (!legacyTx.feePayer && this.publicKeyObj) {
-                legacyTx.feePayer = this.publicKeyObj;
+            if (!legacyTx.feePayer) {
+                legacyTx.feePayer = connectedPubkey;
             }
         }
         else {
             const versionedTx = transaction;
             if (!versionedTx.message.recentBlockhash) {
-                const rpcUrl = this.getRpcUrl();
-                const connection = new Connection(rpcUrl, 'confirmed');
-                const { blockhash } = await connection.getLatestBlockhash('confirmed');
+                const conn = new Connection(this.getRpcUrl(), 'confirmed');
+                const { blockhash } = await conn.getLatestBlockhash('confirmed');
                 versionedTx.message.recentBlockhash = blockhash;
             }
         }
         try {
-            const signedTransactions = await transact(async (wallet) => {
-                await this.reauthorizeWallet(wallet);
-                return wallet.signTransactions({ transactions: [transaction] });
-            }, this.getAssociationConfig());
-            return signedTransactions[0];
+            const signTxFeat = getSignTransactionFeature(wallet);
+            const wireBytes = txToWireBytes(transaction);
+            const results = await signTxFeat.signTransaction({ account, transaction: wireBytes, chain });
+            if (!results || results.length === 0) {
+                throw new Error('MWA returned no signed transaction');
+            }
+            const { signedTransaction: signedBytes } = results[0];
+            return txFromWireBytes(new Uint8Array(signedBytes));
         }
         catch (error) {
             if (((_a = error === null || error === void 0 ? void 0 : error.message) === null || _a === void 0 ? void 0 : _a.includes('not connected')) || ((_b = error === null || error === void 0 ? void 0 : error.message) === null || _b === void 0 ? void 0 : _b.includes('not authorized')) ||
@@ -21668,15 +21732,15 @@ class SolanaMobileWalletProvider {
     }
     async signAndSubmitTransaction(transaction, feePayer) {
         var _a, _b, _c, _d, _e, _f;
-        if (!this.publicKeyObj) {
-            throw new Error('Not connected. Call login() first.');
-        }
-        await loadMwaProtocol();
-        const { transact } = mwaProtocolModule;
+        const account = await this.ensureAuthorized();
+        const connectedPubkey = new PublicKey(account.publicKey);
+        const wallet = await this.ensureWallet();
+        const chain = this.getChain();
         const rpcUrl = this.getRpcUrl();
         const connection = new Connection(rpcUrl, 'confirmed');
         const isSurfnet = rpcUrl === SURFNET_RPC_URL$2;
         try {
+            // Preserve existing prep: refresh blockhash and set fee payer.
             const { blockhash, lastValidBlockHeight } = await connection.getLatestBlockhash('confirmed');
             const isLegacyTransaction = 'recentBlockhash' in transaction && !('message' in transaction && 'staticAccountKeys' in transaction.message);
             if (isLegacyTransaction) {
@@ -21684,12 +21748,7 @@ class SolanaMobileWalletProvider {
                 legacyTx.recentBlockhash = blockhash;
                 legacyTx.lastValidBlockHeight = lastValidBlockHeight;
                 if (!legacyTx.feePayer) {
-                    if (feePayer) {
-                        legacyTx.feePayer = feePayer;
-                    }
-                    else if (this.publicKeyObj) {
-                        legacyTx.feePayer = this.publicKeyObj;
-                    }
+                    legacyTx.feePayer = feePayer !== null && feePayer !== void 0 ? feePayer : connectedPubkey;
                 }
             }
             else {
@@ -21697,14 +21756,19 @@ class SolanaMobileWalletProvider {
                 versionedTx.message.recentBlockhash = blockhash;
             }
             if (isSurfnet) {
-                // Surfnet: sign-only, then submit to our specific RPC
-                const signedTransactions = await transact(async (wallet) => {
-                    await this.reauthorizeWallet(wallet);
-                    return wallet.signTransactions({ transactions: [transaction] });
-                }, this.getAssociationConfig());
-                const signedTx = signedTransactions[0];
+                // Surfnet: sign locally via wallet-standard, submit manually
+                // to the Surfnet RPC. Don't route through signAndSendTransaction
+                // because the wallet would submit to its own RPC.
+                const signTxFeat = getSignTransactionFeature(wallet);
+                const wireBytes = txToWireBytes(transaction);
+                const results = await signTxFeat.signTransaction({ account, transaction: wireBytes, chain });
+                if (!results || results.length === 0) {
+                    throw new Error('MWA returned no signed transaction');
+                }
+                const { signedTransaction: signedBytes } = results[0];
+                const signedTx = txFromWireBytes(new Uint8Array(signedBytes));
                 const signature = await connection.sendRawTransaction(signedTx.serialize(), {
-                    preflightCommitment: 'confirmed'
+                    preflightCommitment: 'confirmed',
                 });
                 const confirmation = await connection.confirmTransaction({
                     signature,
@@ -21716,15 +21780,20 @@ class SolanaMobileWalletProvider {
                 }
                 return signature;
             }
-            // Non-surfnet: use signAndSendTransactions for wallet-optimized submission
-            const signatures = await transact(async (wallet) => {
-                await this.reauthorizeWallet(wallet);
-                return wallet.signAndSendTransactions({
-                    transactions: [transaction],
-                    commitment: 'confirmed',
-                });
-            }, this.getAssociationConfig());
-            const signature = signatures[0];
+            // Non-Surfnet: wallet signs and submits to its own RPC.
+            const signSendFeat = getSignAndSendTransactionFeature(wallet);
+            const wireBytes = txToWireBytes(transaction);
+            const results = await signSendFeat.signAndSendTransaction({
+                account,
+                transaction: wireBytes,
+                chain,
+                options: { commitment: 'confirmed' },
+            });
+            if (!results || results.length === 0) {
+                throw new Error('MWA returned no signature');
+            }
+            const { signature: sigBytes } = results[0];
+            const signature = base58.encode(sigBytes);
             await confirmAndCheckTransaction(connection, signature);
             return signature;
         }
@@ -21750,16 +21819,14 @@ class SolanaMobileWalletProvider {
         if (!solTransactionData) {
             throw new Error('Solana transaction data is required for mobile wallet');
         }
-        if (!this.publicKeyObj || !this.authorizedPublicKey) {
-            await this.login();
-        }
-        await loadMwaProtocol();
-        const { transact } = mwaProtocolModule;
+        const account = await this.ensureAuthorized();
+        const connectedPubkey = new PublicKey(account.publicKey);
+        const wallet = await this.ensureWallet();
+        const chain = this.getChain();
         const rpcUrl = this.getRpcUrl(solTransactionData.network);
         const connection = new Connection(rpcUrl, 'confirmed');
         const isSurfnet = rpcUrl === SURFNET_RPC_URL$2;
         try {
-            const publicKey = this.publicKeyObj;
             const remainingAccounts = convertRemainingAccounts(solTransactionData.txArgs[0].remainingAccounts);
             let app_id = solTransactionData.appId;
             if (typeof window !== 'undefined' && window.CUSTOM_TAROBASE_APP_ID_HEADER) {
@@ -21768,9 +21835,9 @@ class SolanaMobileWalletProvider {
             if (!app_id) {
                 throw new Error('App ID is required');
             }
-            // Create a mock wallet adapter for Anchor (only publicKey is needed for building TX)
+            // Mock wallet adapter for Anchor — only publicKey is read during build.
             const mockWalletAdapter = {
-                publicKey,
+                publicKey: connectedPubkey,
                 signTransaction: async (tx) => tx,
                 signAllTransactions: async (txs) => txs,
             };
@@ -21788,10 +21855,12 @@ class SolanaMobileWalletProvider {
             }
             let tx;
             if (solTransactionData.signedTransaction) {
+                // Server has co-signed a CPI attestation. Do NOT mutate its
+                // blockhash — that would invalidate the server's signature.
                 tx = VersionedTransaction.deserialize(bufferExports.Buffer.from(solTransactionData.signedTransaction, 'base64'));
             }
             else {
-                const result = await buildSetDocumentsTransaction(connection, solTransactionData.txArgs[0].idl, anchorProvider, publicKey, {
+                const result = await buildSetDocumentsTransaction(connection, solTransactionData.txArgs[0].idl, anchorProvider, connectedPubkey, {
                     app_id,
                     documents: solTransactionData.txArgs[0].setDocumentData,
                     delete_paths: solTransactionData.txArgs[0].deletePaths,
@@ -21799,11 +21868,16 @@ class SolanaMobileWalletProvider {
                 }, finalDeduped, solTransactionData.lutKey, solTransactionData.preInstructions, false, solTransactionData.additionalLutAddresses);
                 tx = result.tx;
             }
+            // Sign-only branch — sign the tx but don't submit.
             if ((options === null || options === void 0 ? void 0 : options.shouldSubmitTx) === false) {
-                const [signedTx] = await transact(async (wallet) => {
-                    await this.reauthorizeWallet(wallet);
-                    return wallet.signTransactions({ transactions: [tx] });
-                }, this.getAssociationConfig());
+                const signTxFeat = getSignTransactionFeature(wallet);
+                const wireBytes = txToWireBytes(tx);
+                const results = await signTxFeat.signTransaction({ account, transaction: wireBytes, chain });
+                if (!results || results.length === 0) {
+                    throw new Error('MWA returned no signed transaction');
+                }
+                const { signedTransaction: signedBytes } = results[0];
+                const signedTx = txFromWireBytes(new Uint8Array(signedBytes));
                 return {
                     signedTransaction: signedTx,
                     blockNumber: 0,
@@ -21812,14 +21886,18 @@ class SolanaMobileWalletProvider {
                 };
             }
             if (isSurfnet) {
-                // Surfnet: sign then submit manually to our RPC
-                const [signedTx] = await transact(async (wallet) => {
-                    await this.reauthorizeWallet(wallet);
-                    return wallet.signTransactions({ transactions: [tx] });
-                }, this.getAssociationConfig());
+                // Surfnet: sign locally via wallet-standard, submit manually.
+                const signTxFeat = getSignTransactionFeature(wallet);
+                const wireBytes = txToWireBytes(tx);
+                const results = await signTxFeat.signTransaction({ account, transaction: wireBytes, chain });
+                if (!results || results.length === 0) {
+                    throw new Error('MWA returned no signed transaction');
+                }
+                const { signedTransaction: signedBytes } = results[0];
+                const signedTx = txFromWireBytes(new Uint8Array(signedBytes));
                 const { blockhash, lastValidBlockHeight } = await connection.getLatestBlockhash('confirmed');
                 const signature = await connection.sendRawTransaction(signedTx.serialize(), {
-                    preflightCommitment: 'confirmed'
+                    preflightCommitment: 'confirmed',
                 });
                 const confirmation = await connection.confirmTransaction({
                     signature,
@@ -21831,7 +21909,7 @@ class SolanaMobileWalletProvider {
                 }
                 const txInfo = await connection.getParsedTransaction(signature, {
                     maxSupportedTransactionVersion: 0,
-                    commitment: 'confirmed'
+                    commitment: 'confirmed',
                 });
                 return {
                     transactionSignature: signature,
@@ -21840,15 +21918,20 @@ class SolanaMobileWalletProvider {
                     data: txInfo === null || txInfo === void 0 ? void 0 : txInfo.meta,
                 };
             }
-            // Non-surfnet: use signAndSendTransactions
-            const signatures = await transact(async (wallet) => {
-                await this.reauthorizeWallet(wallet);
-                return wallet.signAndSendTransactions({
-                    transactions: [tx],
-                    commitment: 'confirmed',
-                });
-            }, this.getAssociationConfig());
-            const signature = signatures[0];
+            // Non-Surfnet: wallet signs and submits to its own RPC.
+            const signSendFeat = getSignAndSendTransactionFeature(wallet);
+            const wireBytes = txToWireBytes(tx);
+            const results = await signSendFeat.signAndSendTransaction({
+                account,
+                transaction: wireBytes,
+                chain,
+                options: { commitment: 'confirmed' },
+            });
+            if (!results || results.length === 0) {
+                throw new Error('MWA returned no signature');
+            }
+            const { signature: sigBytes } = results[0];
+            const signature = base58.encode(sigBytes);
             const txInfo = await confirmAndCheckTransaction(connection, signature);
             return {
                 transactionSignature: signature,
@@ -21875,11 +21958,36 @@ class SolanaMobileWalletProvider {
         }
     }
     async getNativeMethods() {
+        var _a, _b, _c;
+        // Synchronous-ish state read; tolerate the wallet being unauthorized
+        // (return nulls). Don't trigger ensureAuthorized() here — callers that
+        // need the wallet active should sign through one of the sign methods.
+        const wallet = this.wallet;
+        if (!wallet) {
+            return {
+                authToken: null,
+                walletUriBase: null,
+                publicKey: null,
+                base64Address: null,
+                wallet: null,
+                currentAuthorization: null,
+            };
+        }
+        const acct = (_a = wallet.accounts) === null || _a === void 0 ? void 0 : _a[0];
+        const auth = wallet.currentAuthorization;
+        let publicKey = null;
+        let base64Address = null;
+        if (acct) {
+            publicKey = new PublicKey(acct.publicKey);
+            base64Address = btoa(String.fromCharCode(...acct.publicKey));
+        }
         return {
-            authToken: this.authToken,
-            walletUriBase: this.walletUriBase,
-            publicKey: this.publicKeyObj,
-            base64Address: this.base64Address,
+            authToken: (_b = auth === null || auth === void 0 ? void 0 : auth.auth_token) !== null && _b !== void 0 ? _b : null,
+            walletUriBase: (_c = auth === null || auth === void 0 ? void 0 : auth.wallet_uri_base) !== null && _c !== void 0 ? _c : null,
+            publicKey,
+            base64Address,
+            wallet,
+            currentAuthorization: auth !== null && auth !== void 0 ? auth : null,
         };
     }
     /* ----------------------------------------------------------- *
@@ -22250,4 +22358,4 @@ class PrivyExpoProvider {
 }
 
 export { getCachedData as $, subscribe as A, useAuth as B, deserializeTransaction as C, getIdToken as D, setPlatform as E, getPlatform as F, PrivyWalletProvider as G, DEFAULT_TEST_ADDRESS as H, isMobileWalletAvailable as I, registerMobileWalletAdapter as J, PrivyExpoProvider as K, InsufficientBalanceError as L, MockAuthProvider as M, ServerSessionManager as N, OffchainAuthProvider as O, PhantomWalletProvider as P, buildSetDocumentsTransaction as Q, ReactNativeSessionManager as R, SolanaMobileWalletProvider as S, clearCache as T, closeAllSubscriptions as U, convertRemainingAccounts as V, WebSessionManager as W, createSessionWithPrivy as X, createSessionWithSignature as Y, genAuthNonce as Z, genSolanaMessage as _, base58 as a, getMany as a0, reconnectWithNewAuth as a1, refreshSession as a2, signSessionCreateMessage as a3, bufferExports as b, getCurrentUser as c, onAuthLoadingChanged as d, getAuthLoading as e, logout as f, getDefaultExportFromCjs$1 as g, getConfig as h, init as i, getAuthProvider as j, get as k, login as l, setMany as m, setFile as n, onAuthStateChanged as o, getFiles as p, runQueryMany as q, runQuery as r, set as s, runExpression as t, runExpressionMany as u, signMessage as v, signTransaction as w, signAndSubmitTransaction as x, count as y, aggregate as z };
-//# sourceMappingURL=index-XHbmzFFO.esm.js.map
+//# sourceMappingURL=index-ZKzq5QT_.esm.js.map