@pooflabs/web 0.0.85-rc2 → 0.0.85-rc3

package/dist/{index-QukWgaIi.esm.js → index-C4AnWFs_.esm.js}

@@ -15709,7 +15709,7 @@ async function loadDependencies() {
         const [reactModule, reactDomModule, phantomModule] = await Promise.all([
             import('react'),
             import('react-dom/client'),
-            import('./index-B7tJ8TAn.esm.js')
+            import('./index-BE-VWSJT.esm.js')
         ]);
         // Extract default export from ESM module namespace
         // Dynamic import() returns { default: Module, ...exports }, not the module directly
@@ -21384,6 +21384,277 @@ async function withMwaAssociationRetry(label, fn) {
         }
     }
 }
+/**
+ * User-gesture-mediated wallet-standard sign helper.
+ *
+ * Why this exists: login flows that go through wallet-standard call two
+ * separate transacts (standard:connect, then solana:signMessage). Each
+ * transact dispatches its own `solana-wallet:` Android intent navigation
+ * via `window.location.assign(associationUrl)` (see
+ * @solana-mobile/mobile-wallet-adapter-protocol/lib/cjs/index.browser.js
+ * `launchAssociation()` at line 459). Chrome requires **transient user
+ * activation** for each custom-scheme navigation. The first transact
+ * consumes the activation from the user's "Continue to Allow" tap on the
+ * LNA modal; by the time the second transact (signMessage) runs as a JS
+ * continuation, the activation has decayed, Chrome blocks the navigation,
+ * no `blur` event fires, the protocol's `getDetectionPromise` (3000ms
+ * timeout, line 433) rejects, and we get `ERROR_WALLET_NOT_FOUND`.
+ *
+ * Fix: show a Tarobase-controlled modal between the two transacts. When the
+ * user taps the modal's "Sign in" button, that tap IS a fresh user
+ * activation. We invoke the sign function directly inside the click handler
+ * — no `await` between the tap and the call — so the activation propagates
+ * to the protocol's `location.assign`.
+ *
+ * Failure recovery is also user-gesture driven: if the sign function fails
+ * with a retryable association error, we re-enable the button so the user's
+ * next tap is a new activation (a real retry). A timer-based retry would
+ * just hit the same Chrome block. Cap at 3 attempts before giving up.
+ */
+async function awaitSignInGestureAndSign(label, theme, signFn) {
+    if (typeof document === 'undefined' || typeof window === 'undefined') {
+        // SSR / non-browser: skip the gesture, just call (the activation
+        // model doesn't apply outside the browser).
+        const results = await signFn();
+        if (!results || results.length === 0)
+            throw new Error('MWA returned no signature');
+        return results[0];
+    }
+    return new Promise((resolve, reject) => {
+        const isDark = theme === 'dark'
+            || (theme == null
+                && typeof window.matchMedia === 'function'
+                && window.matchMedia('(prefers-color-scheme: dark)').matches);
+        // Palette
+        const overlayBg = 'rgba(0, 0, 0, 0.62)';
+        const cardBg = isDark ? '#1a1a1f' : '#ffffff';
+        const titleColor = isDark ? '#ffffff' : '#0a0a0a';
+        const subtitleColor = isDark ? '#a1a1aa' : '#52525b';
+        const btnBg = isDark ? '#ffffff' : '#0a0a0a';
+        const btnText = isDark ? '#0a0a0a' : '#ffffff';
+        const btnDisabledBg = isDark ? '#3f3f46' : '#d4d4d8';
+        const btnDisabledText = isDark ? '#71717a' : '#71717a';
+        const errorColor = isDark ? '#fca5a5' : '#dc2626';
+        const closeColor = isDark ? '#71717a' : '#a1a1aa';
+        const fontStack = '-apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif';
+        const overlay = document.createElement('div');
+        overlay.setAttribute('data-tarobase-mwa-gesture', 'true');
+        overlay.style.cssText = [
+            'position: fixed',
+            'inset: 0',
+            'z-index: 2147483646',
+            `background: ${overlayBg}`,
+            'display: flex',
+            'align-items: center',
+            'justify-content: center',
+            'padding: 20px',
+            'box-sizing: border-box',
+            `font-family: ${fontStack}`,
+        ].join('; ');
+        const card = document.createElement('div');
+        card.style.cssText = [
+            `background: ${cardBg}`,
+            'border-radius: 20px',
+            'padding: 28px 24px 24px',
+            'max-width: 340px',
+            'width: 100%',
+            'box-shadow: 0 20px 50px rgba(0, 0, 0, 0.28)',
+            'position: relative',
+            'box-sizing: border-box',
+        ].join('; ');
+        const closeBtn = document.createElement('button');
+        closeBtn.setAttribute('aria-label', 'Close');
+        closeBtn.innerHTML = '×';
+        closeBtn.style.cssText = [
+            'position: absolute',
+            'top: 12px',
+            'right: 12px',
+            'background: transparent',
+            'border: none',
+            `color: ${closeColor}`,
+            'font-size: 24px',
+            'line-height: 1',
+            'cursor: pointer',
+            'padding: 6px 10px',
+            'border-radius: 8px',
+        ].join('; ');
+        const title = document.createElement('div');
+        title.textContent = 'Almost there';
+        title.style.cssText = [
+            `color: ${titleColor}`,
+            'font-size: 20px',
+            'font-weight: 600',
+            'margin-bottom: 6px',
+            'text-align: center',
+        ].join('; ');
+        const subtitle = document.createElement('div');
+        subtitle.textContent = 'Tap to sign in with your wallet';
+        subtitle.style.cssText = [
+            `color: ${subtitleColor}`,
+            'font-size: 14px',
+            'line-height: 1.4',
+            'margin-bottom: 22px',
+            'text-align: center',
+        ].join('; ');
+        const errorRow = document.createElement('div');
+        errorRow.style.cssText = [
+            `color: ${errorColor}`,
+            'font-size: 13px',
+            'line-height: 1.4',
+            'margin-bottom: 14px',
+            'text-align: center',
+            'min-height: 0',
+            'transition: min-height 100ms ease',
+        ].join('; ');
+        const button = document.createElement('button');
+        button.textContent = 'Sign in';
+        const setButtonEnabledStyle = () => {
+            button.style.cssText = [
+                `background: ${btnBg}`,
+                `color: ${btnText}`,
+                'border: none',
+                'border-radius: 14px',
+                'padding: 14px 20px',
+                'font-size: 16px',
+                'font-weight: 600',
+                'width: 100%',
+                'cursor: pointer',
+                '-webkit-tap-highlight-color: transparent',
+                'box-sizing: border-box',
+                `font-family: ${fontStack}`,
+            ].join('; ');
+        };
+        const setButtonDisabledStyle = () => {
+            button.style.cssText = [
+                `background: ${btnDisabledBg}`,
+                `color: ${btnDisabledText}`,
+                'border: none',
+                'border-radius: 14px',
+                'padding: 14px 20px',
+                'font-size: 16px',
+                'font-weight: 600',
+                'width: 100%',
+                'cursor: default',
+                '-webkit-tap-highlight-color: transparent',
+                'box-sizing: border-box',
+                `font-family: ${fontStack}`,
+            ].join('; ');
+        };
+        setButtonEnabledStyle();
+        card.appendChild(closeBtn);
+        card.appendChild(title);
+        card.appendChild(subtitle);
+        card.appendChild(errorRow);
+        card.appendChild(button);
+        overlay.appendChild(card);
+        document.body.appendChild(overlay);
+        let settled = false;
+        let attemptCount = 0;
+        const MAX_ATTEMPTS = 3;
+        const cleanup = () => {
+            try {
+                overlay.remove();
+            }
+            catch ( /* ignore */_a) { /* ignore */ }
+            document.removeEventListener('keydown', onKeydown);
+        };
+        const finishResolve = (value) => {
+            if (settled)
+                return;
+            settled = true;
+            cleanup();
+            resolve(value);
+        };
+        const finishReject = (err) => {
+            if (settled)
+                return;
+            settled = true;
+            cleanup();
+            reject(err);
+        };
+        const handleCancel = () => {
+            // Phrasing matches login()'s isUserRejection substring check so
+            // the existing catch suppresses error-log noise.
+            finishReject(new Error('User cancelled wallet sign in'));
+        };
+        closeBtn.addEventListener('click', () => {
+            console.log(`[MWA-DEBUG] ${label} gesture: close clicked`);
+            handleCancel();
+        });
+        overlay.addEventListener('click', (e) => {
+            if (e.target === overlay) {
+                console.log(`[MWA-DEBUG] ${label} gesture: overlay clicked (cancel)`);
+                handleCancel();
+            }
+        });
+        const onKeydown = (e) => {
+            if (e.key === 'Escape') {
+                console.log(`[MWA-DEBUG] ${label} gesture: Escape pressed (cancel)`);
+                handleCancel();
+            }
+        };
+        document.addEventListener('keydown', onKeydown);
+        button.addEventListener('click', () => {
+            if (settled)
+                return;
+            attemptCount++;
+            const attempt = attemptCount;
+            console.log(`[MWA-DEBUG] ${label} gesture: button click attempt=${attempt}`);
+            // Disable to prevent double-clicks while the wallet popup is up.
+            button.disabled = true;
+            setButtonDisabledStyle();
+            const originalText = 'Sign in';
+            button.textContent = 'Signing in…';
+            errorRow.textContent = '';
+            errorRow.style.minHeight = '0';
+            // CRITICAL: invoke signFn() synchronously inside the click handler
+            // so Chrome's transient user activation propagates to the
+            // protocol's window.location.assign(associationUrl) inside
+            // launchAssociation(). Do not `await` before calling.
+            const t0 = Date.now();
+            console.log(`[MWA-DEBUG] ${label} gesture: signMessage start (attempt=${attempt})`);
+            signFn().then((results) => {
+                const elapsed = Date.now() - t0;
+                if (!results || results.length === 0) {
+                    console.log(`[MWA-DEBUG] ${label} gesture: signMessage returned empty (attempt=${attempt}, ${elapsed}ms)`);
+                    finishReject(new Error('MWA returned no signature'));
+                    return;
+                }
+                console.log(`[MWA-DEBUG] ${label} gesture: signMessage ok (attempt=${attempt}, ${elapsed}ms)`);
+                finishResolve(results[0]);
+            }).catch((err) => {
+                const elapsed = Date.now() - t0;
+                const info = findMwaError(err);
+                console.log(`[MWA-DEBUG] ${label} gesture: signMessage err (attempt=${attempt}, ${elapsed}ms)`, {
+                    outer: { name: err === null || err === void 0 ? void 0 : err.name, message: err === null || err === void 0 ? void 0 : err.message },
+                    mwa: info,
+                });
+                const retryable = isMwaAssociationRetryable(err);
+                if (retryable && attempt < MAX_ATTEMPTS) {
+                    // Re-enable the button so the user's next tap provides a
+                    // fresh user activation. Show inline error text.
+                    console.log(`[MWA-DEBUG] ${label} gesture: retryable (${retryable.code}); awaiting user tap to retry (attempt ${attempt}/${MAX_ATTEMPTS})`);
+                    button.disabled = false;
+                    setButtonEnabledStyle();
+                    button.textContent = originalText;
+                    errorRow.textContent = "Couldn't connect — tap to try again";
+                    errorRow.style.minHeight = '20px';
+                    return;
+                }
+                if (retryable) {
+                    // Hit the attempt cap with a still-retryable failure.
+                    console.log(`[MWA-DEBUG] ${label} gesture: retryable but attempt cap reached (${attempt})`);
+                    finishReject(new Error("Couldn't connect to your Seeker wallet. Please try again."));
+                    return;
+                }
+                // Non-retryable error (user cancel inside Seeker, wallet
+                // rejected sign, unknown error, etc.) — surface as-is.
+                finishReject(err);
+            });
+        });
+        console.log(`[MWA-DEBUG] ${label} gesture: modal shown`);
+    });
+}
 /**
  * Normalize a chain string to a wallet-standard Solana chain identifier.
  *
@@ -21525,7 +21796,7 @@ async function registerMobileWalletAdapter(config) {
     if (typeof window === 'undefined')
         return;
     try {
-        const walletStandardMobile = await import('./index.browser-lHP9glAW.esm.js');
+        const walletStandardMobile = await import('./index.browser-DQIwLToJ.esm.js');
         const registerMwa = walletStandardMobile.registerMwa || ((_a = walletStandardMobile.default) === null || _a === void 0 ? void 0 : _a.registerMwa);
         if (!registerMwa) {
             console.warn('[SolanaMobileWallet] registerMwa not found in @solana-mobile/wallet-standard-mobile');
@@ -21617,7 +21888,7 @@ class SolanaMobileWalletProvider {
     async ensureWallet() {
         if (this.wallet)
             return this.wallet;
-        const mod = await import('./index.browser-lHP9glAW.esm.js');
+        const mod = await import('./index.browser-DQIwLToJ.esm.js');
         const chain = mapChainToWalletStandard(this.cluster);
         this.wallet = new mod.LocalSolanaMobileWalletAdapterWallet({
             appIdentity: this.appIdentity,
@@ -21719,18 +21990,30 @@ class SolanaMobileWalletProvider {
                 setCurrentUser(user);
                 return user;
             }
-            // Wallet popup #2: sign the Tarobase nonce message. Wrap with the
-            // same retry for defense in depth — by now Seeker has cached the
-            // consent so this rarely hits the retry path, but if the
-            // protocol's session timer fires here too we recover transparently.
+            // Wallet popup #2: sign the Tarobase nonce message.
+            //
+            // We cannot call signMessageFeat.signMessage() directly here:
+            // it would run as a JS continuation from the connect() resolve,
+            // with no fresh Chrome transient user activation. The wallet-
+            // standard sign path internally dispatches a new solana-wallet:
+            // Android intent via window.location.assign() (see
+            // @solana-mobile/mobile-wallet-adapter-protocol launchAssociation
+            // at lib/cjs/index.browser.js:459). Chrome blocks the assign
+            // without activation, the blur event never fires, and the
+            // protocol's 3-second getDetectionPromise rejects with
+            // ERROR_WALLET_NOT_FOUND.
+            //
+            // Insert a Tarobase modal: the user's tap on "Sign in" provides a
+            // fresh activation, and signMessage is invoked synchronously
+            // inside the click handler so the activation propagates.
             const messageText = await genSolanaMessage(base58Addr, nonce);
             const messageBytes = getPlatform().textEncode(messageText);
             const signMessageFeat = getSignMessageFeature(wallet);
-            const signResults = await withMwaAssociationRetry('login:signMessage', () => signMessageFeat.signMessage({ account, message: messageBytes }));
-            if (!signResults || signResults.length === 0) {
+            const signResult = await awaitSignInGestureAndSign('login:signMessage', this.config.theme, () => signMessageFeat.signMessage({ account, message: messageBytes }));
+            if (!signResult) {
                 throw new Error('MWA returned no signature');
             }
-            const { signature: sigBytes } = signResults[0];
+            const { signature: sigBytes } = signResult;
             const signatureBase64 = bufferExports.Buffer.from(sigBytes).toString('base64');
             // Create Tarobase session on the server.
             const createSessionResult = await createSessionWithSignature(base58Addr, messageText, signatureBase64);
@@ -22483,4 +22766,4 @@ class PrivyExpoProvider {
 }
 
 export { getCachedData as $, subscribe as A, useAuth as B, deserializeTransaction as C, getIdToken as D, setPlatform as E, getPlatform as F, PrivyWalletProvider as G, DEFAULT_TEST_ADDRESS as H, isMobileWalletAvailable as I, registerMobileWalletAdapter as J, PrivyExpoProvider as K, InsufficientBalanceError as L, MockAuthProvider as M, ServerSessionManager as N, OffchainAuthProvider as O, PhantomWalletProvider as P, buildSetDocumentsTransaction as Q, ReactNativeSessionManager as R, SolanaMobileWalletProvider as S, clearCache as T, closeAllSubscriptions as U, convertRemainingAccounts as V, WebSessionManager as W, createSessionWithPrivy as X, createSessionWithSignature as Y, genAuthNonce as Z, genSolanaMessage as _, base58 as a, getMany as a0, reconnectWithNewAuth as a1, refreshSession as a2, signSessionCreateMessage as a3, bufferExports as b, getCurrentUser as c, onAuthLoadingChanged as d, getAuthLoading as e, logout as f, getDefaultExportFromCjs$1 as g, getConfig as h, init as i, getAuthProvider as j, get as k, login as l, setMany as m, setFile as n, onAuthStateChanged as o, getFiles as p, runQueryMany as q, runQuery as r, set as s, runExpression as t, runExpressionMany as u, signMessage as v, signTransaction as w, signAndSubmitTransaction as x, count as y, aggregate as z };
-//# sourceMappingURL=index-QukWgaIi.esm.js.map
+//# sourceMappingURL=index-C4AnWFs_.esm.js.map