@pooflabs/web 0.0.85-rc1 → 0.0.85-rc3

package/dist/{index-ZKzq5QT_.esm.js → index-C4AnWFs_.esm.js}

@@ -15709,7 +15709,7 @@ async function loadDependencies() {
         const [reactModule, reactDomModule, phantomModule] = await Promise.all([
             import('react'),
             import('react-dom/client'),
-            import('./index-Buu8v-Oe.esm.js')
+            import('./index-BE-VWSJT.esm.js')
         ]);
         // Extract default export from ESM module namespace
         // Dynamic import() returns { default: Module, ...exports }, not the module directly
@@ -21280,6 +21280,381 @@ function isMobileWalletAvailable() {
 const ED25519_SIGNATURE_LENGTH = 64;
 const STORED_AUTH_METHOD_KEY = 'tarobase_last_auth_method';
 const MWA_AUTH_METHOD = 'mobile-wallet-adapter';
+function findMwaError(e, maxDepth = 5) {
+    var _a;
+    let cur = e;
+    let depth = 0;
+    while (cur && depth < maxDepth) {
+        if ((cur === null || cur === void 0 ? void 0 : cur.name) === 'SolanaMobileWalletAdapterError' && typeof (cur === null || cur === void 0 ? void 0 : cur.code) === 'string') {
+            return { code: cur.code, message: String((_a = cur.message) !== null && _a !== void 0 ? _a : '') };
+        }
+        cur = cur === null || cur === void 0 ? void 0 : cur.cause;
+        depth++;
+    }
+    return null;
+}
+/**
+ * Returns the matched MwaErrorInfo when the error is from an association
+ * failure that an automatic retry can recover from (i.e. the wallet exists
+ * on-device but the dApp's protocol session didn't complete in time). Returns
+ * null for non-retryable errors (user cancel, unknown wallet errors, etc.).
+ *
+ * Specifically:
+ *   - ERROR_WALLET_NOT_FOUND: thrown from the protocol's startScenario when
+ *     it gave up waiting for a wallet to respond. On Seeker this races the
+ *     first-time-consent UI on the very first authorize.
+ *   - ERROR_SESSION_TIMEOUT: similar — the protocol's session-establishment
+ *     timer expired.
+ *   - ERROR_ASSOCIATION_CANCELLED: shared by user-cancel ("Wallet connection
+ *     cancelled by user") AND the 30s wallet-standard WALLET_ASSOCIATION_TIMEOUT
+ *     ("Wallet connection timed out"). Discriminate by message — never retry
+ *     a user cancel.
+ */
+function isMwaAssociationRetryable(e) {
+    const info = findMwaError(e);
+    if (!info)
+        return null;
+    if (info.code === 'ERROR_WALLET_NOT_FOUND')
+        return info;
+    if (info.code === 'ERROR_SESSION_TIMEOUT')
+        return info;
+    if (info.code === 'ERROR_ASSOCIATION_CANCELLED' && /timed out/i.test(info.message))
+        return info;
+    return null;
+}
+/**
+ * Single-retry wrapper for MWA association failures. Used ONLY for login's
+ * `standard:connect` and `solana:signMessage` calls — never for
+ * `signAndSendTransaction`/`runTransaction` because retry on a path that
+ * may have already submitted a tx can double-send.
+ *
+ * The retry exists for one specific scenario: on first-time MWA usage from a
+ * given origin on Seeker, the protocol's session-establishment timer races
+ * Seeker's first-time consent UI. The user reads the consent sheet, taps
+ * Connect — but by then the protocol has given up and thrown
+ * ERROR_WALLET_NOT_FOUND. The consent itself IS persisted on Seeker though,
+ * so a second attempt skips the consent sheet, jumps straight to
+ * Verify/Approve, and completes inside the timeout.
+ */
+async function withMwaAssociationRetry(label, fn) {
+    const t0 = Date.now();
+    console.log(`[MWA-DEBUG] ${label} attempt=1 start`);
+    try {
+        const result = await fn();
+        console.log(`[MWA-DEBUG] ${label} attempt=1 ok (${Date.now() - t0}ms)`);
+        return result;
+    }
+    catch (e) {
+        const info = findMwaError(e);
+        console.log(`[MWA-DEBUG] ${label} attempt=1 err (${Date.now() - t0}ms)`, {
+            outer: { name: e === null || e === void 0 ? void 0 : e.name, message: e === null || e === void 0 ? void 0 : e.message },
+            mwa: info,
+        });
+        const retryable = isMwaAssociationRetryable(e);
+        if (!retryable)
+            throw e;
+        // Seeker's consent sheet is a bottom-sheet overlay — Chrome doesn't
+        // reliably flip document.visibilityState to 'hidden' while it's open,
+        // so visibility-based waits fire too early. Use a fixed delay long
+        // enough for Seeker to dismiss its sheet and the OS to release intent
+        // state. 2.5s is empirically safe; tune from device traces if needed.
+        console.log(`[MWA-DEBUG] ${label} retryable (${retryable.code}); waiting 2500ms before retry`);
+        await new Promise(r => setTimeout(r, 2500));
+        const t1 = Date.now();
+        console.log(`[MWA-DEBUG] ${label} attempt=2 start`);
+        try {
+            const result = await fn();
+            console.log(`[MWA-DEBUG] ${label} attempt=2 ok (${Date.now() - t1}ms)`);
+            return result;
+        }
+        catch (e2) {
+            const info2 = findMwaError(e2);
+            console.log(`[MWA-DEBUG] ${label} attempt=2 err (${Date.now() - t1}ms)`, {
+                outer: { name: e2 === null || e2 === void 0 ? void 0 : e2.name, message: e2 === null || e2 === void 0 ? void 0 : e2.message },
+                mwa: info2,
+            });
+            // Only mask the error with the clean Seeker message when the
+            // second failure is also an association-flavored error. If it's
+            // a user cancel, wallet rejection, or unknown error, rethrow
+            // the original so the host app surfaces the real cause.
+            if (isMwaAssociationRetryable(e2)) {
+                throw new Error("Couldn't connect to your Seeker wallet. Please try again.");
+            }
+            throw e2;
+        }
+    }
+}
+/**
+ * User-gesture-mediated wallet-standard sign helper.
+ *
+ * Why this exists: login flows that go through wallet-standard call two
+ * separate transacts (standard:connect, then solana:signMessage). Each
+ * transact dispatches its own `solana-wallet:` Android intent navigation
+ * via `window.location.assign(associationUrl)` (see
+ * @solana-mobile/mobile-wallet-adapter-protocol/lib/cjs/index.browser.js
+ * `launchAssociation()` at line 459). Chrome requires **transient user
+ * activation** for each custom-scheme navigation. The first transact
+ * consumes the activation from the user's "Continue to Allow" tap on the
+ * LNA modal; by the time the second transact (signMessage) runs as a JS
+ * continuation, the activation has decayed, Chrome blocks the navigation,
+ * no `blur` event fires, the protocol's `getDetectionPromise` (3000ms
+ * timeout, line 433) rejects, and we get `ERROR_WALLET_NOT_FOUND`.
+ *
+ * Fix: show a Tarobase-controlled modal between the two transacts. When the
+ * user taps the modal's "Sign in" button, that tap IS a fresh user
+ * activation. We invoke the sign function directly inside the click handler
+ * — no `await` between the tap and the call — so the activation propagates
+ * to the protocol's `location.assign`.
+ *
+ * Failure recovery is also user-gesture driven: if the sign function fails
+ * with a retryable association error, we re-enable the button so the user's
+ * next tap is a new activation (a real retry). A timer-based retry would
+ * just hit the same Chrome block. Cap at 3 attempts before giving up.
+ */
+async function awaitSignInGestureAndSign(label, theme, signFn) {
+    if (typeof document === 'undefined' || typeof window === 'undefined') {
+        // SSR / non-browser: skip the gesture, just call (the activation
+        // model doesn't apply outside the browser).
+        const results = await signFn();
+        if (!results || results.length === 0)
+            throw new Error('MWA returned no signature');
+        return results[0];
+    }
+    return new Promise((resolve, reject) => {
+        const isDark = theme === 'dark'
+            || (theme == null
+                && typeof window.matchMedia === 'function'
+                && window.matchMedia('(prefers-color-scheme: dark)').matches);
+        // Palette
+        const overlayBg = 'rgba(0, 0, 0, 0.62)';
+        const cardBg = isDark ? '#1a1a1f' : '#ffffff';
+        const titleColor = isDark ? '#ffffff' : '#0a0a0a';
+        const subtitleColor = isDark ? '#a1a1aa' : '#52525b';
+        const btnBg = isDark ? '#ffffff' : '#0a0a0a';
+        const btnText = isDark ? '#0a0a0a' : '#ffffff';
+        const btnDisabledBg = isDark ? '#3f3f46' : '#d4d4d8';
+        const btnDisabledText = isDark ? '#71717a' : '#71717a';
+        const errorColor = isDark ? '#fca5a5' : '#dc2626';
+        const closeColor = isDark ? '#71717a' : '#a1a1aa';
+        const fontStack = '-apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif';
+        const overlay = document.createElement('div');
+        overlay.setAttribute('data-tarobase-mwa-gesture', 'true');
+        overlay.style.cssText = [
+            'position: fixed',
+            'inset: 0',
+            'z-index: 2147483646',
+            `background: ${overlayBg}`,
+            'display: flex',
+            'align-items: center',
+            'justify-content: center',
+            'padding: 20px',
+            'box-sizing: border-box',
+            `font-family: ${fontStack}`,
+        ].join('; ');
+        const card = document.createElement('div');
+        card.style.cssText = [
+            `background: ${cardBg}`,
+            'border-radius: 20px',
+            'padding: 28px 24px 24px',
+            'max-width: 340px',
+            'width: 100%',
+            'box-shadow: 0 20px 50px rgba(0, 0, 0, 0.28)',
+            'position: relative',
+            'box-sizing: border-box',
+        ].join('; ');
+        const closeBtn = document.createElement('button');
+        closeBtn.setAttribute('aria-label', 'Close');
+        closeBtn.innerHTML = '&times;';
+        closeBtn.style.cssText = [
+            'position: absolute',
+            'top: 12px',
+            'right: 12px',
+            'background: transparent',
+            'border: none',
+            `color: ${closeColor}`,
+            'font-size: 24px',
+            'line-height: 1',
+            'cursor: pointer',
+            'padding: 6px 10px',
+            'border-radius: 8px',
+        ].join('; ');
+        const title = document.createElement('div');
+        title.textContent = 'Almost there';
+        title.style.cssText = [
+            `color: ${titleColor}`,
+            'font-size: 20px',
+            'font-weight: 600',
+            'margin-bottom: 6px',
+            'text-align: center',
+        ].join('; ');
+        const subtitle = document.createElement('div');
+        subtitle.textContent = 'Tap to sign in with your wallet';
+        subtitle.style.cssText = [
+            `color: ${subtitleColor}`,
+            'font-size: 14px',
+            'line-height: 1.4',
+            'margin-bottom: 22px',
+            'text-align: center',
+        ].join('; ');
+        const errorRow = document.createElement('div');
+        errorRow.style.cssText = [
+            `color: ${errorColor}`,
+            'font-size: 13px',
+            'line-height: 1.4',
+            'margin-bottom: 14px',
+            'text-align: center',
+            'min-height: 0',
+            'transition: min-height 100ms ease',
+        ].join('; ');
+        const button = document.createElement('button');
+        button.textContent = 'Sign in';
+        const setButtonEnabledStyle = () => {
+            button.style.cssText = [
+                `background: ${btnBg}`,
+                `color: ${btnText}`,
+                'border: none',
+                'border-radius: 14px',
+                'padding: 14px 20px',
+                'font-size: 16px',
+                'font-weight: 600',
+                'width: 100%',
+                'cursor: pointer',
+                '-webkit-tap-highlight-color: transparent',
+                'box-sizing: border-box',
+                `font-family: ${fontStack}`,
+            ].join('; ');
+        };
+        const setButtonDisabledStyle = () => {
+            button.style.cssText = [
+                `background: ${btnDisabledBg}`,
+                `color: ${btnDisabledText}`,
+                'border: none',
+                'border-radius: 14px',
+                'padding: 14px 20px',
+                'font-size: 16px',
+                'font-weight: 600',
+                'width: 100%',
+                'cursor: default',
+                '-webkit-tap-highlight-color: transparent',
+                'box-sizing: border-box',
+                `font-family: ${fontStack}`,
+            ].join('; ');
+        };
+        setButtonEnabledStyle();
+        card.appendChild(closeBtn);
+        card.appendChild(title);
+        card.appendChild(subtitle);
+        card.appendChild(errorRow);
+        card.appendChild(button);
+        overlay.appendChild(card);
+        document.body.appendChild(overlay);
+        let settled = false;
+        let attemptCount = 0;
+        const MAX_ATTEMPTS = 3;
+        const cleanup = () => {
+            try {
+                overlay.remove();
+            }
+            catch ( /* ignore */_a) { /* ignore */ }
+            document.removeEventListener('keydown', onKeydown);
+        };
+        const finishResolve = (value) => {
+            if (settled)
+                return;
+            settled = true;
+            cleanup();
+            resolve(value);
+        };
+        const finishReject = (err) => {
+            if (settled)
+                return;
+            settled = true;
+            cleanup();
+            reject(err);
+        };
+        const handleCancel = () => {
+            // Phrasing matches login()'s isUserRejection substring check so
+            // the existing catch suppresses error-log noise.
+            finishReject(new Error('User cancelled wallet sign in'));
+        };
+        closeBtn.addEventListener('click', () => {
+            console.log(`[MWA-DEBUG] ${label} gesture: close clicked`);
+            handleCancel();
+        });
+        overlay.addEventListener('click', (e) => {
+            if (e.target === overlay) {
+                console.log(`[MWA-DEBUG] ${label} gesture: overlay clicked (cancel)`);
+                handleCancel();
+            }
+        });
+        const onKeydown = (e) => {
+            if (e.key === 'Escape') {
+                console.log(`[MWA-DEBUG] ${label} gesture: Escape pressed (cancel)`);
+                handleCancel();
+            }
+        };
+        document.addEventListener('keydown', onKeydown);
+        button.addEventListener('click', () => {
+            if (settled)
+                return;
+            attemptCount++;
+            const attempt = attemptCount;
+            console.log(`[MWA-DEBUG] ${label} gesture: button click attempt=${attempt}`);
+            // Disable to prevent double-clicks while the wallet popup is up.
+            button.disabled = true;
+            setButtonDisabledStyle();
+            const originalText = 'Sign in';
+            button.textContent = 'Signing in…';
+            errorRow.textContent = '';
+            errorRow.style.minHeight = '0';
+            // CRITICAL: invoke signFn() synchronously inside the click handler
+            // so Chrome's transient user activation propagates to the
+            // protocol's window.location.assign(associationUrl) inside
+            // launchAssociation(). Do not `await` before calling.
+            const t0 = Date.now();
+            console.log(`[MWA-DEBUG] ${label} gesture: signMessage start (attempt=${attempt})`);
+            signFn().then((results) => {
+                const elapsed = Date.now() - t0;
+                if (!results || results.length === 0) {
+                    console.log(`[MWA-DEBUG] ${label} gesture: signMessage returned empty (attempt=${attempt}, ${elapsed}ms)`);
+                    finishReject(new Error('MWA returned no signature'));
+                    return;
+                }
+                console.log(`[MWA-DEBUG] ${label} gesture: signMessage ok (attempt=${attempt}, ${elapsed}ms)`);
+                finishResolve(results[0]);
+            }).catch((err) => {
+                const elapsed = Date.now() - t0;
+                const info = findMwaError(err);
+                console.log(`[MWA-DEBUG] ${label} gesture: signMessage err (attempt=${attempt}, ${elapsed}ms)`, {
+                    outer: { name: err === null || err === void 0 ? void 0 : err.name, message: err === null || err === void 0 ? void 0 : err.message },
+                    mwa: info,
+                });
+                const retryable = isMwaAssociationRetryable(err);
+                if (retryable && attempt < MAX_ATTEMPTS) {
+                    // Re-enable the button so the user's next tap provides a
+                    // fresh user activation. Show inline error text.
+                    console.log(`[MWA-DEBUG] ${label} gesture: retryable (${retryable.code}); awaiting user tap to retry (attempt ${attempt}/${MAX_ATTEMPTS})`);
+                    button.disabled = false;
+                    setButtonEnabledStyle();
+                    button.textContent = originalText;
+                    errorRow.textContent = "Couldn't connect — tap to try again";
+                    errorRow.style.minHeight = '20px';
+                    return;
+                }
+                if (retryable) {
+                    // Hit the attempt cap with a still-retryable failure.
+                    console.log(`[MWA-DEBUG] ${label} gesture: retryable but attempt cap reached (${attempt})`);
+                    finishReject(new Error("Couldn't connect to your Seeker wallet. Please try again."));
+                    return;
+                }
+                // Non-retryable error (user cancel inside Seeker, wallet
+                // rejected sign, unknown error, etc.) — surface as-is.
+                finishReject(err);
+            });
+        });
+        console.log(`[MWA-DEBUG] ${label} gesture: modal shown`);
+    });
+}
 /**
  * Normalize a chain string to a wallet-standard Solana chain identifier.
  *
@@ -21417,11 +21792,11 @@ function readAuthMethod() {
  * @param config - App identity and optional remote host authority for desktop QR code support
  */
 async function registerMobileWalletAdapter(config) {
-    var _a;
+    var _a, _b;
     if (typeof window === 'undefined')
         return;
     try {
-        const walletStandardMobile = await import('./index.browser-zfGYm0ST.esm.js');
+        const walletStandardMobile = await import('./index.browser-DQIwLToJ.esm.js');
         const registerMwa = walletStandardMobile.registerMwa || ((_a = walletStandardMobile.default) === null || _a === void 0 ? void 0 : _a.registerMwa);
         if (!registerMwa) {
             console.warn('[SolanaMobileWallet] registerMwa not found in @solana-mobile/wallet-standard-mobile');
@@ -21444,9 +21819,12 @@ async function registerMobileWalletAdapter(config) {
         if (walletStandardMobile.createDefaultChainSelector) {
             options.chainSelector = walletStandardMobile.createDefaultChainSelector();
         }
-        if (walletStandardMobile.createDefaultWalletNotFoundHandler) {
-            options.onWalletNotFound = walletStandardMobile.createDefaultWalletNotFoundHandler();
-        }
+        // Default: suppress the "We can't find a wallet" modal — see
+        // SolanaMobileWalletProvider.ensureWallet() for why. Consumers that
+        // want their own UX can pass config.onWalletNotFound.
+        options.onWalletNotFound = (_b = config === null || config === void 0 ? void 0 : config.onWalletNotFound) !== null && _b !== void 0 ? _b : (async () => {
+            console.warn('[MWA-DEBUG] registerMobileWalletAdapter onWalletNotFound (suppressed)');
+        });
         registerMwa(options);
     }
     catch (e) {
@@ -21510,14 +21888,22 @@ class SolanaMobileWalletProvider {
     async ensureWallet() {
         if (this.wallet)
             return this.wallet;
-        const mod = await import('./index.browser-zfGYm0ST.esm.js');
+        const mod = await import('./index.browser-DQIwLToJ.esm.js');
         const chain = mapChainToWalletStandard(this.cluster);
         this.wallet = new mod.LocalSolanaMobileWalletAdapterWallet({
             appIdentity: this.appIdentity,
             authorizationCache: mod.createDefaultAuthorizationCache(),
             chains: [chain],
             chainSelector: mod.createDefaultChainSelector(),
-            onWalletNotFound: mod.createDefaultWalletNotFoundHandler(),
+            // Suppress the default "We can't find a wallet" modal — that
+            // modal is misleading when ERROR_WALLET_NOT_FOUND fires during
+            // a first-time-consent race on Seeker (the wallet IS installed,
+            // the protocol just gave up before the user finished consenting).
+            // login()'s withMwaAssociationRetry handles this case; on second
+            // failure it surfaces a clean error message to the host app.
+            onWalletNotFound: async () => {
+                console.warn('[MWA-DEBUG] ensureWallet onWalletNotFound (suppressed)');
+            },
         });
         return this.wallet;
     }
@@ -21582,8 +21968,15 @@ class SolanaMobileWalletProvider {
             // is where wallet-standard's checkLocalNetworkAccessPermission()
             // fires the three-stage LNA UX (info modal → permission prompt →
             // success modal) before opening the localhost WebSocket.
+            //
+            // Wrap with single-retry: on a Seeker origin's first MWA usage,
+            // the protocol's session-establishment timer often races Seeker's
+            // first-time consent UI and throws ERROR_WALLET_NOT_FOUND before
+            // the user finishes tapping. The retry hits Seeker's cached
+            // consent on the second pass and completes quickly. See
+            // withMwaAssociationRetry for details.
             const connectFeat = getConnectFeature(wallet);
-            const { accounts } = await connectFeat.connect();
+            const { accounts } = await withMwaAssociationRetry('login:connect', () => connectFeat.connect());
             if (!accounts || accounts.length === 0) {
                 throw new Error('MWA returned no accounts');
             }
@@ -21598,14 +21991,29 @@ class SolanaMobileWalletProvider {
                 return user;
             }
             // Wallet popup #2: sign the Tarobase nonce message.
+            //
+            // We cannot call signMessageFeat.signMessage() directly here:
+            // it would run as a JS continuation from the connect() resolve,
+            // with no fresh Chrome transient user activation. The wallet-
+            // standard sign path internally dispatches a new solana-wallet:
+            // Android intent via window.location.assign() (see
+            // @solana-mobile/mobile-wallet-adapter-protocol launchAssociation
+            // at lib/cjs/index.browser.js:459). Chrome blocks the assign
+            // without activation, the blur event never fires, and the
+            // protocol's 3-second getDetectionPromise rejects with
+            // ERROR_WALLET_NOT_FOUND.
+            //
+            // Insert a Tarobase modal: the user's tap on "Sign in" provides a
+            // fresh activation, and signMessage is invoked synchronously
+            // inside the click handler so the activation propagates.
             const messageText = await genSolanaMessage(base58Addr, nonce);
             const messageBytes = getPlatform().textEncode(messageText);
             const signMessageFeat = getSignMessageFeature(wallet);
-            const signResults = await signMessageFeat.signMessage({ account, message: messageBytes });
-            if (!signResults || signResults.length === 0) {
+            const signResult = await awaitSignInGestureAndSign('login:signMessage', this.config.theme, () => signMessageFeat.signMessage({ account, message: messageBytes }));
+            if (!signResult) {
                 throw new Error('MWA returned no signature');
             }
-            const { signature: sigBytes } = signResults[0];
+            const { signature: sigBytes } = signResult;
             const signatureBase64 = bufferExports.Buffer.from(sigBytes).toString('base64');
             // Create Tarobase session on the server.
             const createSessionResult = await createSessionWithSignature(base58Addr, messageText, signatureBase64);
@@ -22358,4 +22766,4 @@ class PrivyExpoProvider {
 }
 
 export { getCachedData as $, subscribe as A, useAuth as B, deserializeTransaction as C, getIdToken as D, setPlatform as E, getPlatform as F, PrivyWalletProvider as G, DEFAULT_TEST_ADDRESS as H, isMobileWalletAvailable as I, registerMobileWalletAdapter as J, PrivyExpoProvider as K, InsufficientBalanceError as L, MockAuthProvider as M, ServerSessionManager as N, OffchainAuthProvider as O, PhantomWalletProvider as P, buildSetDocumentsTransaction as Q, ReactNativeSessionManager as R, SolanaMobileWalletProvider as S, clearCache as T, closeAllSubscriptions as U, convertRemainingAccounts as V, WebSessionManager as W, createSessionWithPrivy as X, createSessionWithSignature as Y, genAuthNonce as Z, genSolanaMessage as _, base58 as a, getMany as a0, reconnectWithNewAuth as a1, refreshSession as a2, signSessionCreateMessage as a3, bufferExports as b, getCurrentUser as c, onAuthLoadingChanged as d, getAuthLoading as e, logout as f, getDefaultExportFromCjs$1 as g, getConfig as h, init as i, getAuthProvider as j, get as k, login as l, setMany as m, setFile as n, onAuthStateChanged as o, getFiles as p, runQueryMany as q, runQuery as r, set as s, runExpression as t, runExpressionMany as u, signMessage as v, signTransaction as w, signAndSubmitTransaction as x, count as y, aggregate as z };
-//# sourceMappingURL=index-ZKzq5QT_.esm.js.map
+//# sourceMappingURL=index-C4AnWFs_.esm.js.map