@pooflabs/web 0.0.85-rc2 → 0.0.86

package/dist/{index-BeFR3-cf.js → index-hEc5_KoM.js}

@@ -15730,7 +15730,7 @@ async function loadDependencies() {
         const [reactModule, reactDomModule, phantomModule] = await Promise.all([
             import('react'),
             import('react-dom/client'),
-            Promise.resolve().then(function () { return require('./index-B1_Q49qQ.js'); })
+            Promise.resolve().then(function () { return require('./index-BHkED2YI.js'); })
         ]);
         // Extract default export from ESM module namespace
         // Dynamic import() returns { default: Module, ...exports }, not the module directly
@@ -21357,20 +21357,11 @@ function isMwaAssociationRetryable(e) {
  * so a second attempt skips the consent sheet, jumps straight to
  * Verify/Approve, and completes inside the timeout.
  */
-async function withMwaAssociationRetry(label, fn) {
-    const t0 = Date.now();
-    console.log(`[MWA-DEBUG] ${label} attempt=1 start`);
+async function withMwaAssociationRetry(fn) {
     try {
-        const result = await fn();
-        console.log(`[MWA-DEBUG] ${label} attempt=1 ok (${Date.now() - t0}ms)`);
-        return result;
+        return await fn();
     }
     catch (e) {
-        const info = findMwaError(e);
-        console.log(`[MWA-DEBUG] ${label} attempt=1 err (${Date.now() - t0}ms)`, {
-            outer: { name: e === null || e === void 0 ? void 0 : e.name, message: e === null || e === void 0 ? void 0 : e.message },
-            mwa: info,
-        });
         const retryable = isMwaAssociationRetryable(e);
         if (!retryable)
             throw e;
@@ -21379,21 +21370,11 @@ async function withMwaAssociationRetry(label, fn) {
         // so visibility-based waits fire too early. Use a fixed delay long
         // enough for Seeker to dismiss its sheet and the OS to release intent
         // state. 2.5s is empirically safe; tune from device traces if needed.
-        console.log(`[MWA-DEBUG] ${label} retryable (${retryable.code}); waiting 2500ms before retry`);
         await new Promise(r => setTimeout(r, 2500));
-        const t1 = Date.now();
-        console.log(`[MWA-DEBUG] ${label} attempt=2 start`);
         try {
-            const result = await fn();
-            console.log(`[MWA-DEBUG] ${label} attempt=2 ok (${Date.now() - t1}ms)`);
-            return result;
+            return await fn();
         }
         catch (e2) {
-            const info2 = findMwaError(e2);
-            console.log(`[MWA-DEBUG] ${label} attempt=2 err (${Date.now() - t1}ms)`, {
-                outer: { name: e2 === null || e2 === void 0 ? void 0 : e2.name, message: e2 === null || e2 === void 0 ? void 0 : e2.message },
-                mwa: info2,
-            });
             // Only mask the error with the clean Seeker message when the
             // second failure is also an association-flavored error. If it's
             // a user cancel, wallet rejection, or unknown error, rethrow
@@ -21405,6 +21386,259 @@ async function withMwaAssociationRetry(label, fn) {
         }
     }
 }
+/**
+ * User-gesture-mediated wallet-standard sign helper.
+ *
+ * Why this exists: login flows that go through wallet-standard call two
+ * separate transacts (standard:connect, then solana:signMessage). Each
+ * transact dispatches its own `solana-wallet:` Android intent navigation
+ * via `window.location.assign(associationUrl)` (see
+ * @solana-mobile/mobile-wallet-adapter-protocol/lib/cjs/index.browser.js
+ * `launchAssociation()` at line 459). Chrome requires **transient user
+ * activation** for each custom-scheme navigation. The first transact
+ * consumes the activation from the user's "Continue to Allow" tap on the
+ * LNA modal; by the time the second transact (signMessage) runs as a JS
+ * continuation, the activation has decayed, Chrome blocks the navigation,
+ * no `blur` event fires, the protocol's `getDetectionPromise` (3000ms
+ * timeout, line 433) rejects, and we get `ERROR_WALLET_NOT_FOUND`.
+ *
+ * Fix: show a Tarobase-controlled modal between the two transacts. When the
+ * user taps the modal's "Sign in" button, that tap IS a fresh user
+ * activation. We invoke the sign function directly inside the click handler
+ * — no `await` between the tap and the call — so the activation propagates
+ * to the protocol's `location.assign`.
+ *
+ * Failure recovery is also user-gesture driven: if the sign function fails
+ * with a retryable association error, we re-enable the button so the user's
+ * next tap is a new activation (a real retry). A timer-based retry would
+ * just hit the same Chrome block. Cap at 3 attempts before giving up.
+ */
+async function awaitSignInGestureAndSign(theme, signFn) {
+    if (typeof document === 'undefined' || typeof window === 'undefined') {
+        // SSR / non-browser: skip the gesture, just call (the activation
+        // model doesn't apply outside the browser).
+        const results = await signFn();
+        if (!results || results.length === 0)
+            throw new Error('MWA returned no signature');
+        return results[0];
+    }
+    return new Promise((resolve, reject) => {
+        const isDark = theme === 'dark'
+            || (theme == null
+                && typeof window.matchMedia === 'function'
+                && window.matchMedia('(prefers-color-scheme: dark)').matches);
+        // Palette
+        const overlayBg = 'rgba(0, 0, 0, 0.62)';
+        const cardBg = isDark ? '#1a1a1f' : '#ffffff';
+        const titleColor = isDark ? '#ffffff' : '#0a0a0a';
+        const subtitleColor = isDark ? '#a1a1aa' : '#52525b';
+        const btnBg = isDark ? '#ffffff' : '#0a0a0a';
+        const btnText = isDark ? '#0a0a0a' : '#ffffff';
+        const btnDisabledBg = isDark ? '#3f3f46' : '#d4d4d8';
+        const btnDisabledText = isDark ? '#71717a' : '#71717a';
+        const errorColor = isDark ? '#fca5a5' : '#dc2626';
+        const closeColor = isDark ? '#71717a' : '#a1a1aa';
+        const fontStack = '-apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif';
+        const overlay = document.createElement('div');
+        overlay.setAttribute('data-tarobase-mwa-gesture', 'true');
+        overlay.style.cssText = [
+            'position: fixed',
+            'inset: 0',
+            'z-index: 2147483646',
+            `background: ${overlayBg}`,
+            'display: flex',
+            'align-items: center',
+            'justify-content: center',
+            'padding: 20px',
+            'box-sizing: border-box',
+            `font-family: ${fontStack}`,
+        ].join('; ');
+        const card = document.createElement('div');
+        card.style.cssText = [
+            `background: ${cardBg}`,
+            'border-radius: 20px',
+            'padding: 28px 24px 24px',
+            'max-width: 340px',
+            'width: 100%',
+            'box-shadow: 0 20px 50px rgba(0, 0, 0, 0.28)',
+            'position: relative',
+            'box-sizing: border-box',
+        ].join('; ');
+        const closeBtn = document.createElement('button');
+        closeBtn.setAttribute('aria-label', 'Close');
+        closeBtn.innerHTML = '×';
+        closeBtn.style.cssText = [
+            'position: absolute',
+            'top: 12px',
+            'right: 12px',
+            'background: transparent',
+            'border: none',
+            `color: ${closeColor}`,
+            'font-size: 24px',
+            'line-height: 1',
+            'cursor: pointer',
+            'padding: 6px 10px',
+            'border-radius: 8px',
+        ].join('; ');
+        const title = document.createElement('div');
+        title.textContent = 'Almost there';
+        title.style.cssText = [
+            `color: ${titleColor}`,
+            'font-size: 20px',
+            'font-weight: 600',
+            'margin-bottom: 6px',
+            'text-align: center',
+        ].join('; ');
+        const subtitle = document.createElement('div');
+        subtitle.textContent = 'Tap to sign in with your wallet';
+        subtitle.style.cssText = [
+            `color: ${subtitleColor}`,
+            'font-size: 14px',
+            'line-height: 1.4',
+            'margin-bottom: 22px',
+            'text-align: center',
+        ].join('; ');
+        const errorRow = document.createElement('div');
+        errorRow.style.cssText = [
+            `color: ${errorColor}`,
+            'font-size: 13px',
+            'line-height: 1.4',
+            'margin-bottom: 14px',
+            'text-align: center',
+            'min-height: 0',
+            'transition: min-height 100ms ease',
+        ].join('; ');
+        const button = document.createElement('button');
+        button.textContent = 'Sign in';
+        const setButtonEnabledStyle = () => {
+            button.style.cssText = [
+                `background: ${btnBg}`,
+                `color: ${btnText}`,
+                'border: none',
+                'border-radius: 14px',
+                'padding: 14px 20px',
+                'font-size: 16px',
+                'font-weight: 600',
+                'width: 100%',
+                'cursor: pointer',
+                '-webkit-tap-highlight-color: transparent',
+                'box-sizing: border-box',
+                `font-family: ${fontStack}`,
+            ].join('; ');
+        };
+        const setButtonDisabledStyle = () => {
+            button.style.cssText = [
+                `background: ${btnDisabledBg}`,
+                `color: ${btnDisabledText}`,
+                'border: none',
+                'border-radius: 14px',
+                'padding: 14px 20px',
+                'font-size: 16px',
+                'font-weight: 600',
+                'width: 100%',
+                'cursor: default',
+                '-webkit-tap-highlight-color: transparent',
+                'box-sizing: border-box',
+                `font-family: ${fontStack}`,
+            ].join('; ');
+        };
+        setButtonEnabledStyle();
+        card.appendChild(closeBtn);
+        card.appendChild(title);
+        card.appendChild(subtitle);
+        card.appendChild(errorRow);
+        card.appendChild(button);
+        overlay.appendChild(card);
+        document.body.appendChild(overlay);
+        let settled = false;
+        let attemptCount = 0;
+        const MAX_ATTEMPTS = 3;
+        const cleanup = () => {
+            try {
+                overlay.remove();
+            }
+            catch ( /* ignore */_a) { /* ignore */ }
+            document.removeEventListener('keydown', onKeydown);
+        };
+        const finishResolve = (value) => {
+            if (settled)
+                return;
+            settled = true;
+            cleanup();
+            resolve(value);
+        };
+        const finishReject = (err) => {
+            if (settled)
+                return;
+            settled = true;
+            cleanup();
+            reject(err);
+        };
+        const handleCancel = () => {
+            // Phrasing matches login()'s isUserRejection substring check so
+            // the existing catch suppresses error-log noise.
+            finishReject(new Error('User cancelled wallet sign in'));
+        };
+        closeBtn.addEventListener('click', () => {
+            handleCancel();
+        });
+        overlay.addEventListener('click', (e) => {
+            if (e.target === overlay) {
+                handleCancel();
+            }
+        });
+        const onKeydown = (e) => {
+            if (e.key === 'Escape') {
+                handleCancel();
+            }
+        };
+        document.addEventListener('keydown', onKeydown);
+        button.addEventListener('click', () => {
+            if (settled)
+                return;
+            attemptCount++;
+            const attempt = attemptCount;
+            // Disable to prevent double-clicks while the wallet popup is up.
+            button.disabled = true;
+            setButtonDisabledStyle();
+            const originalText = 'Sign in';
+            button.textContent = 'Signing in…';
+            errorRow.textContent = '';
+            errorRow.style.minHeight = '0';
+            // CRITICAL: invoke signFn() synchronously inside the click handler
+            // so Chrome's transient user activation propagates to the
+            // protocol's window.location.assign(associationUrl) inside
+            // launchAssociation(). Do not `await` before calling.
+            signFn().then((results) => {
+                if (!results || results.length === 0) {
+                    finishReject(new Error('MWA returned no signature'));
+                    return;
+                }
+                finishResolve(results[0]);
+            }).catch((err) => {
+                const retryable = isMwaAssociationRetryable(err);
+                if (retryable && attempt < MAX_ATTEMPTS) {
+                    // Re-enable the button so the user's next tap provides a
+                    // fresh user activation. Show inline error text.
+                    button.disabled = false;
+                    setButtonEnabledStyle();
+                    button.textContent = originalText;
+                    errorRow.textContent = "Couldn't connect — tap to try again";
+                    errorRow.style.minHeight = '20px';
+                    return;
+                }
+                if (retryable) {
+                    // Hit the attempt cap with a still-retryable failure.
+                    finishReject(new Error("Couldn't connect to your Seeker wallet. Please try again."));
+                    return;
+                }
+                // Non-retryable error (user cancel inside Seeker, wallet
+                // rejected sign, unknown error, etc.) — surface as-is.
+                finishReject(err);
+            });
+        });
+    });
+}
 /**
  * Normalize a chain string to a wallet-standard Solana chain identifier.
  *
@@ -21546,7 +21780,7 @@ async function registerMobileWalletAdapter(config) {
     if (typeof window === 'undefined')
         return;
     try {
-        const walletStandardMobile = await Promise.resolve().then(function () { return require('./index.browser-BJmFjY2f.js'); });
+        const walletStandardMobile = await Promise.resolve().then(function () { return require('./index.browser-DD8pg_L2.js'); });
         const registerMwa = walletStandardMobile.registerMwa || ((_a = walletStandardMobile.default) === null || _a === void 0 ? void 0 : _a.registerMwa);
         if (!registerMwa) {
             console.warn('[SolanaMobileWallet] registerMwa not found in @solana-mobile/wallet-standard-mobile');
@@ -21573,7 +21807,7 @@ async function registerMobileWalletAdapter(config) {
         // SolanaMobileWalletProvider.ensureWallet() for why. Consumers that
         // want their own UX can pass config.onWalletNotFound.
         options.onWalletNotFound = (_b = config === null || config === void 0 ? void 0 : config.onWalletNotFound) !== null && _b !== void 0 ? _b : (async () => {
-            console.warn('[MWA-DEBUG] registerMobileWalletAdapter onWalletNotFound (suppressed)');
+            // intentional no-op
         });
         registerMwa(options);
     }
@@ -21638,7 +21872,7 @@ class SolanaMobileWalletProvider {
     async ensureWallet() {
         if (this.wallet)
             return this.wallet;
-        const mod = await Promise.resolve().then(function () { return require('./index.browser-BJmFjY2f.js'); });
+        const mod = await Promise.resolve().then(function () { return require('./index.browser-DD8pg_L2.js'); });
         const chain = mapChainToWalletStandard(this.cluster);
         this.wallet = new mod.LocalSolanaMobileWalletAdapterWallet({
             appIdentity: this.appIdentity,
@@ -21652,7 +21886,7 @@ class SolanaMobileWalletProvider {
             // login()'s withMwaAssociationRetry handles this case; on second
             // failure it surfaces a clean error message to the host app.
             onWalletNotFound: async () => {
-                console.warn('[MWA-DEBUG] ensureWallet onWalletNotFound (suppressed)');
+                // intentional no-op
             },
         });
         return this.wallet;
@@ -21726,7 +21960,7 @@ class SolanaMobileWalletProvider {
             // consent on the second pass and completes quickly. See
             // withMwaAssociationRetry for details.
             const connectFeat = getConnectFeature(wallet);
-            const { accounts } = await withMwaAssociationRetry('login:connect', () => connectFeat.connect());
+            const { accounts } = await withMwaAssociationRetry(() => connectFeat.connect());
             if (!accounts || accounts.length === 0) {
                 throw new Error('MWA returned no accounts');
             }
@@ -21740,18 +21974,30 @@ class SolanaMobileWalletProvider {
                 setCurrentUser(user);
                 return user;
             }
-            // Wallet popup #2: sign the Tarobase nonce message. Wrap with the
-            // same retry for defense in depth — by now Seeker has cached the
-            // consent so this rarely hits the retry path, but if the
-            // protocol's session timer fires here too we recover transparently.
+            // Wallet popup #2: sign the Tarobase nonce message.
+            //
+            // We cannot call signMessageFeat.signMessage() directly here:
+            // it would run as a JS continuation from the connect() resolve,
+            // with no fresh Chrome transient user activation. The wallet-
+            // standard sign path internally dispatches a new solana-wallet:
+            // Android intent via window.location.assign() (see
+            // @solana-mobile/mobile-wallet-adapter-protocol launchAssociation
+            // at lib/cjs/index.browser.js:459). Chrome blocks the assign
+            // without activation, the blur event never fires, and the
+            // protocol's 3-second getDetectionPromise rejects with
+            // ERROR_WALLET_NOT_FOUND.
+            //
+            // Insert a Tarobase modal: the user's tap on "Sign in" provides a
+            // fresh activation, and signMessage is invoked synchronously
+            // inside the click handler so the activation propagates.
             const messageText = await genSolanaMessage(base58Addr, nonce);
             const messageBytes = getPlatform().textEncode(messageText);
             const signMessageFeat = getSignMessageFeature(wallet);
-            const signResults = await withMwaAssociationRetry('login:signMessage', () => signMessageFeat.signMessage({ account, message: messageBytes }));
-            if (!signResults || signResults.length === 0) {
+            const signResult = await awaitSignInGestureAndSign(this.config.theme, () => signMessageFeat.signMessage({ account, message: messageBytes }));
+            if (!signResult) {
                 throw new Error('MWA returned no signature');
             }
-            const { signature: sigBytes } = signResults[0];
+            const { signature: sigBytes } = signResult;
             const signatureBase64 = bufferExports.Buffer.from(sigBytes).toString('base64');
             // Create Tarobase session on the server.
             const createSessionResult = await createSessionWithSignature(base58Addr, messageText, signatureBase64);
@@ -22561,4 +22807,4 @@ exports.signSessionCreateMessage = signSessionCreateMessage;
 exports.signTransaction = signTransaction;
 exports.subscribe = subscribe;
 exports.useAuth = useAuth;
-//# sourceMappingURL=index-BeFR3-cf.js.map
+//# sourceMappingURL=index-hEc5_KoM.js.map