@pooflabs/web 0.0.85-rc1 → 0.0.85-rc3

package/dist/index-TzHXEf3-.esm.js

@@ -0,0 +1,6 @@
+import { r as requireBuffer } from './index.native-DLziTime.esm.js';
+
+var bufferExports = requireBuffer();
+
+export { bufferExports as b };
+//# sourceMappingURL=index-TzHXEf3-.esm.js.map

package/dist/index-TzHXEf3-.esm.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index-TzHXEf3-.esm.js","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;"}

package/dist/{index-R7cvXys2.js → index-bEXLwE7_.js}

@@ -15730,7 +15730,7 @@ async function loadDependencies() {
         const [reactModule, reactDomModule, phantomModule] = await Promise.all([
             import('react'),
             import('react-dom/client'),
-            Promise.resolve().then(function () { return require('./index-BoWQVxMI.js'); })
+            Promise.resolve().then(function () { return require('./index-BaKs3A8s.js'); })
         ]);
         // Extract default export from ESM module namespace
         // Dynamic import() returns { default: Module, ...exports }, not the module directly
@@ -21301,6 +21301,381 @@ function isMobileWalletAvailable() {
 const ED25519_SIGNATURE_LENGTH = 64;
 const STORED_AUTH_METHOD_KEY = 'tarobase_last_auth_method';
 const MWA_AUTH_METHOD = 'mobile-wallet-adapter';
+function findMwaError(e, maxDepth = 5) {
+    var _a;
+    let cur = e;
+    let depth = 0;
+    while (cur && depth < maxDepth) {
+        if ((cur === null || cur === void 0 ? void 0 : cur.name) === 'SolanaMobileWalletAdapterError' && typeof (cur === null || cur === void 0 ? void 0 : cur.code) === 'string') {
+            return { code: cur.code, message: String((_a = cur.message) !== null && _a !== void 0 ? _a : '') };
+        }
+        cur = cur === null || cur === void 0 ? void 0 : cur.cause;
+        depth++;
+    }
+    return null;
+}
+/**
+ * Returns the matched MwaErrorInfo when the error is from an association
+ * failure that an automatic retry can recover from (i.e. the wallet exists
+ * on-device but the dApp's protocol session didn't complete in time). Returns
+ * null for non-retryable errors (user cancel, unknown wallet errors, etc.).
+ *
+ * Specifically:
+ *   - ERROR_WALLET_NOT_FOUND: thrown from the protocol's startScenario when
+ *     it gave up waiting for a wallet to respond. On Seeker this races the
+ *     first-time-consent UI on the very first authorize.
+ *   - ERROR_SESSION_TIMEOUT: similar — the protocol's session-establishment
+ *     timer expired.
+ *   - ERROR_ASSOCIATION_CANCELLED: shared by user-cancel ("Wallet connection
+ *     cancelled by user") AND the 30s wallet-standard WALLET_ASSOCIATION_TIMEOUT
+ *     ("Wallet connection timed out"). Discriminate by message — never retry
+ *     a user cancel.
+ */
+function isMwaAssociationRetryable(e) {
+    const info = findMwaError(e);
+    if (!info)
+        return null;
+    if (info.code === 'ERROR_WALLET_NOT_FOUND')
+        return info;
+    if (info.code === 'ERROR_SESSION_TIMEOUT')
+        return info;
+    if (info.code === 'ERROR_ASSOCIATION_CANCELLED' && /timed out/i.test(info.message))
+        return info;
+    return null;
+}
+/**
+ * Single-retry wrapper for MWA association failures. Used ONLY for login's
+ * `standard:connect` and `solana:signMessage` calls — never for
+ * `signAndSendTransaction`/`runTransaction` because retry on a path that
+ * may have already submitted a tx can double-send.
+ *
+ * The retry exists for one specific scenario: on first-time MWA usage from a
+ * given origin on Seeker, the protocol's session-establishment timer races
+ * Seeker's first-time consent UI. The user reads the consent sheet, taps
+ * Connect — but by then the protocol has given up and thrown
+ * ERROR_WALLET_NOT_FOUND. The consent itself IS persisted on Seeker though,
+ * so a second attempt skips the consent sheet, jumps straight to
+ * Verify/Approve, and completes inside the timeout.
+ */
+async function withMwaAssociationRetry(label, fn) {
+    const t0 = Date.now();
+    console.log(`[MWA-DEBUG] ${label} attempt=1 start`);
+    try {
+        const result = await fn();
+        console.log(`[MWA-DEBUG] ${label} attempt=1 ok (${Date.now() - t0}ms)`);
+        return result;
+    }
+    catch (e) {
+        const info = findMwaError(e);
+        console.log(`[MWA-DEBUG] ${label} attempt=1 err (${Date.now() - t0}ms)`, {
+            outer: { name: e === null || e === void 0 ? void 0 : e.name, message: e === null || e === void 0 ? void 0 : e.message },
+            mwa: info,
+        });
+        const retryable = isMwaAssociationRetryable(e);
+        if (!retryable)
+            throw e;
+        // Seeker's consent sheet is a bottom-sheet overlay — Chrome doesn't
+        // reliably flip document.visibilityState to 'hidden' while it's open,
+        // so visibility-based waits fire too early. Use a fixed delay long
+        // enough for Seeker to dismiss its sheet and the OS to release intent
+        // state. 2.5s is empirically safe; tune from device traces if needed.
+        console.log(`[MWA-DEBUG] ${label} retryable (${retryable.code}); waiting 2500ms before retry`);
+        await new Promise(r => setTimeout(r, 2500));
+        const t1 = Date.now();
+        console.log(`[MWA-DEBUG] ${label} attempt=2 start`);
+        try {
+            const result = await fn();
+            console.log(`[MWA-DEBUG] ${label} attempt=2 ok (${Date.now() - t1}ms)`);
+            return result;
+        }
+        catch (e2) {
+            const info2 = findMwaError(e2);
+            console.log(`[MWA-DEBUG] ${label} attempt=2 err (${Date.now() - t1}ms)`, {
+                outer: { name: e2 === null || e2 === void 0 ? void 0 : e2.name, message: e2 === null || e2 === void 0 ? void 0 : e2.message },
+                mwa: info2,
+            });
+            // Only mask the error with the clean Seeker message when the
+            // second failure is also an association-flavored error. If it's
+            // a user cancel, wallet rejection, or unknown error, rethrow
+            // the original so the host app surfaces the real cause.
+            if (isMwaAssociationRetryable(e2)) {
+                throw new Error("Couldn't connect to your Seeker wallet. Please try again.");
+            }
+            throw e2;
+        }
+    }
+}
+/**
+ * User-gesture-mediated wallet-standard sign helper.
+ *
+ * Why this exists: login flows that go through wallet-standard call two
+ * separate transacts (standard:connect, then solana:signMessage). Each
+ * transact dispatches its own `solana-wallet:` Android intent navigation
+ * via `window.location.assign(associationUrl)` (see
+ * @solana-mobile/mobile-wallet-adapter-protocol/lib/cjs/index.browser.js
+ * `launchAssociation()` at line 459). Chrome requires **transient user
+ * activation** for each custom-scheme navigation. The first transact
+ * consumes the activation from the user's "Continue to Allow" tap on the
+ * LNA modal; by the time the second transact (signMessage) runs as a JS
+ * continuation, the activation has decayed, Chrome blocks the navigation,
+ * no `blur` event fires, the protocol's `getDetectionPromise` (3000ms
+ * timeout, line 433) rejects, and we get `ERROR_WALLET_NOT_FOUND`.
+ *
+ * Fix: show a Tarobase-controlled modal between the two transacts. When the
+ * user taps the modal's "Sign in" button, that tap IS a fresh user
+ * activation. We invoke the sign function directly inside the click handler
+ * — no `await` between the tap and the call — so the activation propagates
+ * to the protocol's `location.assign`.
+ *
+ * Failure recovery is also user-gesture driven: if the sign function fails
+ * with a retryable association error, we re-enable the button so the user's
+ * next tap is a new activation (a real retry). A timer-based retry would
+ * just hit the same Chrome block. Cap at 3 attempts before giving up.
+ */
+async function awaitSignInGestureAndSign(label, theme, signFn) {
+    if (typeof document === 'undefined' || typeof window === 'undefined') {
+        // SSR / non-browser: skip the gesture, just call (the activation
+        // model doesn't apply outside the browser).
+        const results = await signFn();
+        if (!results || results.length === 0)
+            throw new Error('MWA returned no signature');
+        return results[0];
+    }
+    return new Promise((resolve, reject) => {
+        const isDark = theme === 'dark'
+            || (theme == null
+                && typeof window.matchMedia === 'function'
+                && window.matchMedia('(prefers-color-scheme: dark)').matches);
+        // Palette
+        const overlayBg = 'rgba(0, 0, 0, 0.62)';
+        const cardBg = isDark ? '#1a1a1f' : '#ffffff';
+        const titleColor = isDark ? '#ffffff' : '#0a0a0a';
+        const subtitleColor = isDark ? '#a1a1aa' : '#52525b';
+        const btnBg = isDark ? '#ffffff' : '#0a0a0a';
+        const btnText = isDark ? '#0a0a0a' : '#ffffff';
+        const btnDisabledBg = isDark ? '#3f3f46' : '#d4d4d8';
+        const btnDisabledText = isDark ? '#71717a' : '#71717a';
+        const errorColor = isDark ? '#fca5a5' : '#dc2626';
+        const closeColor = isDark ? '#71717a' : '#a1a1aa';
+        const fontStack = '-apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif';
+        const overlay = document.createElement('div');
+        overlay.setAttribute('data-tarobase-mwa-gesture', 'true');
+        overlay.style.cssText = [
+            'position: fixed',
+            'inset: 0',
+            'z-index: 2147483646',
+            `background: ${overlayBg}`,
+            'display: flex',
+            'align-items: center',
+            'justify-content: center',
+            'padding: 20px',
+            'box-sizing: border-box',
+            `font-family: ${fontStack}`,
+        ].join('; ');
+        const card = document.createElement('div');
+        card.style.cssText = [
+            `background: ${cardBg}`,
+            'border-radius: 20px',
+            'padding: 28px 24px 24px',
+            'max-width: 340px',
+            'width: 100%',
+            'box-shadow: 0 20px 50px rgba(0, 0, 0, 0.28)',
+            'position: relative',
+            'box-sizing: border-box',
+        ].join('; ');
+        const closeBtn = document.createElement('button');
+        closeBtn.setAttribute('aria-label', 'Close');
+        closeBtn.innerHTML = '&times;';
+        closeBtn.style.cssText = [
+            'position: absolute',
+            'top: 12px',
+            'right: 12px',
+            'background: transparent',
+            'border: none',
+            `color: ${closeColor}`,
+            'font-size: 24px',
+            'line-height: 1',
+            'cursor: pointer',
+            'padding: 6px 10px',
+            'border-radius: 8px',
+        ].join('; ');
+        const title = document.createElement('div');
+        title.textContent = 'Almost there';
+        title.style.cssText = [
+            `color: ${titleColor}`,
+            'font-size: 20px',
+            'font-weight: 600',
+            'margin-bottom: 6px',
+            'text-align: center',
+        ].join('; ');
+        const subtitle = document.createElement('div');
+        subtitle.textContent = 'Tap to sign in with your wallet';
+        subtitle.style.cssText = [
+            `color: ${subtitleColor}`,
+            'font-size: 14px',
+            'line-height: 1.4',
+            'margin-bottom: 22px',
+            'text-align: center',
+        ].join('; ');
+        const errorRow = document.createElement('div');
+        errorRow.style.cssText = [
+            `color: ${errorColor}`,
+            'font-size: 13px',
+            'line-height: 1.4',
+            'margin-bottom: 14px',
+            'text-align: center',
+            'min-height: 0',
+            'transition: min-height 100ms ease',
+        ].join('; ');
+        const button = document.createElement('button');
+        button.textContent = 'Sign in';
+        const setButtonEnabledStyle = () => {
+            button.style.cssText = [
+                `background: ${btnBg}`,
+                `color: ${btnText}`,
+                'border: none',
+                'border-radius: 14px',
+                'padding: 14px 20px',
+                'font-size: 16px',
+                'font-weight: 600',
+                'width: 100%',
+                'cursor: pointer',
+                '-webkit-tap-highlight-color: transparent',
+                'box-sizing: border-box',
+                `font-family: ${fontStack}`,
+            ].join('; ');
+        };
+        const setButtonDisabledStyle = () => {
+            button.style.cssText = [
+                `background: ${btnDisabledBg}`,
+                `color: ${btnDisabledText}`,
+                'border: none',
+                'border-radius: 14px',
+                'padding: 14px 20px',
+                'font-size: 16px',
+                'font-weight: 600',
+                'width: 100%',
+                'cursor: default',
+                '-webkit-tap-highlight-color: transparent',
+                'box-sizing: border-box',
+                `font-family: ${fontStack}`,
+            ].join('; ');
+        };
+        setButtonEnabledStyle();
+        card.appendChild(closeBtn);
+        card.appendChild(title);
+        card.appendChild(subtitle);
+        card.appendChild(errorRow);
+        card.appendChild(button);
+        overlay.appendChild(card);
+        document.body.appendChild(overlay);
+        let settled = false;
+        let attemptCount = 0;
+        const MAX_ATTEMPTS = 3;
+        const cleanup = () => {
+            try {
+                overlay.remove();
+            }
+            catch ( /* ignore */_a) { /* ignore */ }
+            document.removeEventListener('keydown', onKeydown);
+        };
+        const finishResolve = (value) => {
+            if (settled)
+                return;
+            settled = true;
+            cleanup();
+            resolve(value);
+        };
+        const finishReject = (err) => {
+            if (settled)
+                return;
+            settled = true;
+            cleanup();
+            reject(err);
+        };
+        const handleCancel = () => {
+            // Phrasing matches login()'s isUserRejection substring check so
+            // the existing catch suppresses error-log noise.
+            finishReject(new Error('User cancelled wallet sign in'));
+        };
+        closeBtn.addEventListener('click', () => {
+            console.log(`[MWA-DEBUG] ${label} gesture: close clicked`);
+            handleCancel();
+        });
+        overlay.addEventListener('click', (e) => {
+            if (e.target === overlay) {
+                console.log(`[MWA-DEBUG] ${label} gesture: overlay clicked (cancel)`);
+                handleCancel();
+            }
+        });
+        const onKeydown = (e) => {
+            if (e.key === 'Escape') {
+                console.log(`[MWA-DEBUG] ${label} gesture: Escape pressed (cancel)`);
+                handleCancel();
+            }
+        };
+        document.addEventListener('keydown', onKeydown);
+        button.addEventListener('click', () => {
+            if (settled)
+                return;
+            attemptCount++;
+            const attempt = attemptCount;
+            console.log(`[MWA-DEBUG] ${label} gesture: button click attempt=${attempt}`);
+            // Disable to prevent double-clicks while the wallet popup is up.
+            button.disabled = true;
+            setButtonDisabledStyle();
+            const originalText = 'Sign in';
+            button.textContent = 'Signing in…';
+            errorRow.textContent = '';
+            errorRow.style.minHeight = '0';
+            // CRITICAL: invoke signFn() synchronously inside the click handler
+            // so Chrome's transient user activation propagates to the
+            // protocol's window.location.assign(associationUrl) inside
+            // launchAssociation(). Do not `await` before calling.
+            const t0 = Date.now();
+            console.log(`[MWA-DEBUG] ${label} gesture: signMessage start (attempt=${attempt})`);
+            signFn().then((results) => {
+                const elapsed = Date.now() - t0;
+                if (!results || results.length === 0) {
+                    console.log(`[MWA-DEBUG] ${label} gesture: signMessage returned empty (attempt=${attempt}, ${elapsed}ms)`);
+                    finishReject(new Error('MWA returned no signature'));
+                    return;
+                }
+                console.log(`[MWA-DEBUG] ${label} gesture: signMessage ok (attempt=${attempt}, ${elapsed}ms)`);
+                finishResolve(results[0]);
+            }).catch((err) => {
+                const elapsed = Date.now() - t0;
+                const info = findMwaError(err);
+                console.log(`[MWA-DEBUG] ${label} gesture: signMessage err (attempt=${attempt}, ${elapsed}ms)`, {
+                    outer: { name: err === null || err === void 0 ? void 0 : err.name, message: err === null || err === void 0 ? void 0 : err.message },
+                    mwa: info,
+                });
+                const retryable = isMwaAssociationRetryable(err);
+                if (retryable && attempt < MAX_ATTEMPTS) {
+                    // Re-enable the button so the user's next tap provides a
+                    // fresh user activation. Show inline error text.
+                    console.log(`[MWA-DEBUG] ${label} gesture: retryable (${retryable.code}); awaiting user tap to retry (attempt ${attempt}/${MAX_ATTEMPTS})`);
+                    button.disabled = false;
+                    setButtonEnabledStyle();
+                    button.textContent = originalText;
+                    errorRow.textContent = "Couldn't connect — tap to try again";
+                    errorRow.style.minHeight = '20px';
+                    return;
+                }
+                if (retryable) {
+                    // Hit the attempt cap with a still-retryable failure.
+                    console.log(`[MWA-DEBUG] ${label} gesture: retryable but attempt cap reached (${attempt})`);
+                    finishReject(new Error("Couldn't connect to your Seeker wallet. Please try again."));
+                    return;
+                }
+                // Non-retryable error (user cancel inside Seeker, wallet
+                // rejected sign, unknown error, etc.) — surface as-is.
+                finishReject(err);
+            });
+        });
+        console.log(`[MWA-DEBUG] ${label} gesture: modal shown`);
+    });
+}
 /**
  * Normalize a chain string to a wallet-standard Solana chain identifier.
  *
@@ -21438,11 +21813,11 @@ function readAuthMethod() {
  * @param config - App identity and optional remote host authority for desktop QR code support
  */
 async function registerMobileWalletAdapter(config) {
-    var _a;
+    var _a, _b;
     if (typeof window === 'undefined')
         return;
     try {
-        const walletStandardMobile = await Promise.resolve().then(function () { return require('./index.browser-DZCNegue.js'); });
+        const walletStandardMobile = await Promise.resolve().then(function () { return require('./index.browser-CZIJCtms.js'); });
         const registerMwa = walletStandardMobile.registerMwa || ((_a = walletStandardMobile.default) === null || _a === void 0 ? void 0 : _a.registerMwa);
         if (!registerMwa) {
             console.warn('[SolanaMobileWallet] registerMwa not found in @solana-mobile/wallet-standard-mobile');
@@ -21465,9 +21840,12 @@ async function registerMobileWalletAdapter(config) {
         if (walletStandardMobile.createDefaultChainSelector) {
             options.chainSelector = walletStandardMobile.createDefaultChainSelector();
         }
-        if (walletStandardMobile.createDefaultWalletNotFoundHandler) {
-            options.onWalletNotFound = walletStandardMobile.createDefaultWalletNotFoundHandler();
-        }
+        // Default: suppress the "We can't find a wallet" modal — see
+        // SolanaMobileWalletProvider.ensureWallet() for why. Consumers that
+        // want their own UX can pass config.onWalletNotFound.
+        options.onWalletNotFound = (_b = config === null || config === void 0 ? void 0 : config.onWalletNotFound) !== null && _b !== void 0 ? _b : (async () => {
+            console.warn('[MWA-DEBUG] registerMobileWalletAdapter onWalletNotFound (suppressed)');
+        });
         registerMwa(options);
     }
     catch (e) {
@@ -21531,14 +21909,22 @@ class SolanaMobileWalletProvider {
     async ensureWallet() {
         if (this.wallet)
             return this.wallet;
-        const mod = await Promise.resolve().then(function () { return require('./index.browser-DZCNegue.js'); });
+        const mod = await Promise.resolve().then(function () { return require('./index.browser-CZIJCtms.js'); });
         const chain = mapChainToWalletStandard(this.cluster);
         this.wallet = new mod.LocalSolanaMobileWalletAdapterWallet({
             appIdentity: this.appIdentity,
             authorizationCache: mod.createDefaultAuthorizationCache(),
             chains: [chain],
             chainSelector: mod.createDefaultChainSelector(),
-            onWalletNotFound: mod.createDefaultWalletNotFoundHandler(),
+            // Suppress the default "We can't find a wallet" modal — that
+            // modal is misleading when ERROR_WALLET_NOT_FOUND fires during
+            // a first-time-consent race on Seeker (the wallet IS installed,
+            // the protocol just gave up before the user finished consenting).
+            // login()'s withMwaAssociationRetry handles this case; on second
+            // failure it surfaces a clean error message to the host app.
+            onWalletNotFound: async () => {
+                console.warn('[MWA-DEBUG] ensureWallet onWalletNotFound (suppressed)');
+            },
         });
         return this.wallet;
     }
@@ -21603,8 +21989,15 @@ class SolanaMobileWalletProvider {
             // is where wallet-standard's checkLocalNetworkAccessPermission()
             // fires the three-stage LNA UX (info modal → permission prompt →
             // success modal) before opening the localhost WebSocket.
+            //
+            // Wrap with single-retry: on a Seeker origin's first MWA usage,
+            // the protocol's session-establishment timer often races Seeker's
+            // first-time consent UI and throws ERROR_WALLET_NOT_FOUND before
+            // the user finishes tapping. The retry hits Seeker's cached
+            // consent on the second pass and completes quickly. See
+            // withMwaAssociationRetry for details.
             const connectFeat = getConnectFeature(wallet);
-            const { accounts } = await connectFeat.connect();
+            const { accounts } = await withMwaAssociationRetry('login:connect', () => connectFeat.connect());
             if (!accounts || accounts.length === 0) {
                 throw new Error('MWA returned no accounts');
             }
@@ -21619,14 +22012,29 @@ class SolanaMobileWalletProvider {
                 return user;
             }
             // Wallet popup #2: sign the Tarobase nonce message.
+            //
+            // We cannot call signMessageFeat.signMessage() directly here:
+            // it would run as a JS continuation from the connect() resolve,
+            // with no fresh Chrome transient user activation. The wallet-
+            // standard sign path internally dispatches a new solana-wallet:
+            // Android intent via window.location.assign() (see
+            // @solana-mobile/mobile-wallet-adapter-protocol launchAssociation
+            // at lib/cjs/index.browser.js:459). Chrome blocks the assign
+            // without activation, the blur event never fires, and the
+            // protocol's 3-second getDetectionPromise rejects with
+            // ERROR_WALLET_NOT_FOUND.
+            //
+            // Insert a Tarobase modal: the user's tap on "Sign in" provides a
+            // fresh activation, and signMessage is invoked synchronously
+            // inside the click handler so the activation propagates.
             const messageText = await genSolanaMessage(base58Addr, nonce);
             const messageBytes = getPlatform().textEncode(messageText);
             const signMessageFeat = getSignMessageFeature(wallet);
-            const signResults = await signMessageFeat.signMessage({ account, message: messageBytes });
-            if (!signResults || signResults.length === 0) {
+            const signResult = await awaitSignInGestureAndSign('login:signMessage', this.config.theme, () => signMessageFeat.signMessage({ account, message: messageBytes }));
+            if (!signResult) {
                 throw new Error('MWA returned no signature');
             }
-            const { signature: sigBytes } = signResults[0];
+            const { signature: sigBytes } = signResult;
             const signatureBase64 = bufferExports.Buffer.from(sigBytes).toString('base64');
             // Create Tarobase session on the server.
             const createSessionResult = await createSessionWithSignature(base58Addr, messageText, signatureBase64);
@@ -22436,4 +22844,4 @@ exports.signSessionCreateMessage = signSessionCreateMessage;
 exports.signTransaction = signTransaction;
 exports.subscribe = subscribe;
 exports.useAuth = useAuth;
-//# sourceMappingURL=index-R7cvXys2.js.map
+//# sourceMappingURL=index-bEXLwE7_.js.map