@pooflabs/web 0.0.85-rc3 → 0.0.87

package/dist/{index-bEXLwE7_.js → index-Dj1tZr6X.js}

@@ -22,6 +22,21 @@ function _interopNamespaceDefault(e) {
 	return Object.freeze(n);
 }
 
+function _mergeNamespaces(n, m) {
+	m.forEach(function (e) {
+		e && typeof e !== 'string' && !Array.isArray(e) && Object.keys(e).forEach(function (k) {
+			if (k !== 'default' && !(k in n)) {
+				var d = Object.getOwnPropertyDescriptor(e, k);
+				Object.defineProperty(n, k, d.get ? d : {
+					enumerable: true,
+					get: function () { return e[k]; }
+				});
+			}
+		});
+	});
+	return Object.freeze(n);
+}
+
 var anchor__namespace = /*#__PURE__*/_interopNamespaceDefault(anchor);
 var React__namespace = /*#__PURE__*/_interopNamespaceDefault(React$2);
 
@@ -6770,28 +6785,6 @@ class WebSessionManager {
     static async storeSession(address, accessToken, idToken, refreshToken) {
         if (typeof window === "undefined")
             return;
-        // JWT-wallet binding: refuse to store a session whose idToken is bound
-        // to a different wallet than `address`. Prevents races that would otherwise
-        // leave localStorage with mismatched address/token state.
-        try {
-            const payloadB64 = idToken.split(".")[1];
-            if (payloadB64) {
-                const payload = JSON.parse(this.decodeBase64Url(payloadB64));
-                const tokenWallet = payload["custom:walletAddress"];
-                if (tokenWallet && tokenWallet !== address) {
-                    throw new Error(`[WebSessionManager] Refusing to store session: address (${address}) does not match idToken custom:walletAddress (${tokenWallet})`);
-                }
-                if (!tokenWallet) {
-                    console.warn("[WebSessionManager] storeSession: idToken has no custom:walletAddress claim — writing without validation");
-                }
-            }
-        }
-        catch (err) {
-            if (typeof (err === null || err === void 0 ? void 0 : err.message) === "string" && err.message.includes("Refusing to store session")) {
-                throw err;
-            }
-            console.warn("[WebSessionManager] storeSession: failed to decode idToken for validation:", err);
-        }
         const config = await getConfig();
         const currentAppId = config.appId;
         localStorage.setItem(this.TAROBASE_SESSION_STORAGE_KEY, JSON.stringify({
@@ -9490,11 +9483,11 @@ function requireSrc$1 () {
 }
 
 var bs58$1;
-var hasRequiredBs58;
+var hasRequiredBs58$1;
 
-function requireBs58 () {
-	if (hasRequiredBs58) return bs58$1;
-	hasRequiredBs58 = 1;
+function requireBs58$1 () {
+	if (hasRequiredBs58$1) return bs58$1;
+	hasRequiredBs58$1 = 1;
 	var basex = requireSrc$1();
 	var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
 
@@ -9502,8 +9495,8 @@ function requireBs58 () {
 	return bs58$1;
 }
 
-var bs58Exports = requireBs58();
-var bs58 = /*@__PURE__*/getDefaultExportFromCjs(bs58Exports);
+var bs58Exports$1 = requireBs58$1();
+var bs58$2 = /*@__PURE__*/getDefaultExportFromCjs(bs58Exports$1);
 
 // ─────────────────────────────────────────────────────────────
 // Local implementation of getSimulationComputeUnits
@@ -9765,7 +9758,7 @@ function loadKeypairFromEnv() {
     try {
         const secretKey = secret.trim().startsWith("[")
             ? Uint8Array.from(JSON.parse(secret))
-            : bs58.decode(secret.trim());
+            : bs58$2.decode(secret.trim());
         return web3_js.Keypair.fromSecretKey(secretKey);
     }
     catch (err) {
@@ -11710,28 +11703,6 @@ class ReactNativeSessionManager {
     /* STORE                                                              */
     /* ------------------------------------------------------------------ */
     static async storeSession(address, accessToken, idToken, refreshToken) {
-        // JWT-wallet binding: refuse to store a session whose idToken is bound
-        // to a different wallet than `address`. Prevents races that would otherwise
-        // leave storage with mismatched address/token state.
-        try {
-            const payloadB64 = idToken.split(".")[1];
-            if (payloadB64) {
-                const payload = JSON.parse(this.decodeBase64Url(payloadB64));
-                const tokenWallet = payload["custom:walletAddress"];
-                if (tokenWallet && tokenWallet !== address) {
-                    throw new Error(`[ReactNativeSessionManager] Refusing to store session: address (${address}) does not match idToken custom:walletAddress (${tokenWallet})`);
-                }
-                if (!tokenWallet) {
-                    console.warn("[ReactNativeSessionManager] storeSession: idToken has no custom:walletAddress claim — writing without validation");
-                }
-            }
-        }
-        catch (err) {
-            if (typeof (err === null || err === void 0 ? void 0 : err.message) === "string" && err.message.includes("Refusing to store session")) {
-                throw err;
-            }
-            console.warn("[ReactNativeSessionManager] storeSession: failed to decode idToken for validation:", err);
-        }
         const config = await getConfig();
         const currentAppId = config.appId;
         this.getStorage().setItem(this.TAROBASE_SESSION_STORAGE_KEY, JSON.stringify({
@@ -15730,7 +15701,7 @@ async function loadDependencies() {
         const [reactModule, reactDomModule, phantomModule] = await Promise.all([
             import('react'),
             import('react-dom/client'),
-            Promise.resolve().then(function () { return require('./index-BaKs3A8s.js'); })
+            Promise.resolve().then(function () { return require('./index-BKN0IwAx.js'); })
         ]);
         // Extract default export from ESM module namespace
         // Dynamic import() returns { default: Module, ...exports }, not the module directly
@@ -20388,16 +20359,26 @@ function requireSrc () {
 	return src;
 }
 
-var srcExports = requireSrc();
-var basex = /*@__PURE__*/getDefaultExportFromCjs$1(srcExports);
+var bs58;
+var hasRequiredBs58;
 
-var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
-var base58 = basex(ALPHABET);
+function requireBs58 () {
+	if (hasRequiredBs58) return bs58;
+	hasRequiredBs58 = 1;
+	var basex = requireSrc();
+	var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
+
+	bs58 = basex(ALPHABET);
+	return bs58;
+}
+
+var bs58Exports = requireBs58();
+var base58 = /*@__PURE__*/getDefaultExportFromCjs$1(bs58Exports);
 
-var index = /*#__PURE__*/Object.freeze({
+var index = /*#__PURE__*/_mergeNamespaces({
 	__proto__: null,
 	default: base58
-});
+}, [bs58Exports]);
 
 const SURFNET_RPC_URL$1 = "https://surfpool.fly.dev";
 let React;
@@ -21286,6 +21267,14 @@ var privyWalletProvider = /*#__PURE__*/Object.freeze({
 	PrivyWalletProvider: PrivyWalletProvider
 });
 
+/**
+ * Storage key for persisting the MWA auth_token across cold starts.
+ * Holds JSON `{ token: string, address: string }`. Cleared by
+ * `logout()`. Hydrated by the constructor on native so cold-start
+ * doesn't force the user back into Phantom's approval flow when the
+ * underlying wallet authorization is still valid.
+ */
+const MWA_AUTH_TOKEN_STORAGE_KEY = 'tarobase_mwa_auth_token';
 /**
  * Detects whether the current environment is a mobile browser capable of
  * Mobile Wallet Adapter (MWA) communication.
@@ -21357,20 +21346,11 @@ function isMwaAssociationRetryable(e) {
  * so a second attempt skips the consent sheet, jumps straight to
  * Verify/Approve, and completes inside the timeout.
  */
-async function withMwaAssociationRetry(label, fn) {
-    const t0 = Date.now();
-    console.log(`[MWA-DEBUG] ${label} attempt=1 start`);
+async function withMwaAssociationRetry(fn) {
     try {
-        const result = await fn();
-        console.log(`[MWA-DEBUG] ${label} attempt=1 ok (${Date.now() - t0}ms)`);
-        return result;
+        return await fn();
     }
     catch (e) {
-        const info = findMwaError(e);
-        console.log(`[MWA-DEBUG] ${label} attempt=1 err (${Date.now() - t0}ms)`, {
-            outer: { name: e === null || e === void 0 ? void 0 : e.name, message: e === null || e === void 0 ? void 0 : e.message },
-            mwa: info,
-        });
         const retryable = isMwaAssociationRetryable(e);
         if (!retryable)
             throw e;
@@ -21379,21 +21359,11 @@ async function withMwaAssociationRetry(label, fn) {
         // so visibility-based waits fire too early. Use a fixed delay long
         // enough for Seeker to dismiss its sheet and the OS to release intent
         // state. 2.5s is empirically safe; tune from device traces if needed.
-        console.log(`[MWA-DEBUG] ${label} retryable (${retryable.code}); waiting 2500ms before retry`);
         await new Promise(r => setTimeout(r, 2500));
-        const t1 = Date.now();
-        console.log(`[MWA-DEBUG] ${label} attempt=2 start`);
         try {
-            const result = await fn();
-            console.log(`[MWA-DEBUG] ${label} attempt=2 ok (${Date.now() - t1}ms)`);
-            return result;
+            return await fn();
         }
         catch (e2) {
-            const info2 = findMwaError(e2);
-            console.log(`[MWA-DEBUG] ${label} attempt=2 err (${Date.now() - t1}ms)`, {
-                outer: { name: e2 === null || e2 === void 0 ? void 0 : e2.name, message: e2 === null || e2 === void 0 ? void 0 : e2.message },
-                mwa: info2,
-            });
             // Only mask the error with the clean Seeker message when the
             // second failure is also an association-flavored error. If it's
             // a user cancel, wallet rejection, or unknown error, rethrow
@@ -21432,7 +21402,7 @@ async function withMwaAssociationRetry(label, fn) {
  * next tap is a new activation (a real retry). A timer-based retry would
  * just hit the same Chrome block. Cap at 3 attempts before giving up.
  */
-async function awaitSignInGestureAndSign(label, theme, signFn) {
+async function awaitSignInGestureAndSign(theme, signFn) {
     if (typeof document === 'undefined' || typeof window === 'undefined') {
         // SSR / non-browser: skip the gesture, just call (the activation
         // model doesn't apply outside the browser).
@@ -21599,18 +21569,15 @@ async function awaitSignInGestureAndSign(label, theme, signFn) {
             finishReject(new Error('User cancelled wallet sign in'));
         };
         closeBtn.addEventListener('click', () => {
-            console.log(`[MWA-DEBUG] ${label} gesture: close clicked`);
             handleCancel();
         });
         overlay.addEventListener('click', (e) => {
             if (e.target === overlay) {
-                console.log(`[MWA-DEBUG] ${label} gesture: overlay clicked (cancel)`);
                 handleCancel();
             }
         });
         const onKeydown = (e) => {
             if (e.key === 'Escape') {
-                console.log(`[MWA-DEBUG] ${label} gesture: Escape pressed (cancel)`);
                 handleCancel();
             }
         };
@@ -21620,7 +21587,6 @@ async function awaitSignInGestureAndSign(label, theme, signFn) {
                 return;
             attemptCount++;
             const attempt = attemptCount;
-            console.log(`[MWA-DEBUG] ${label} gesture: button click attempt=${attempt}`);
             // Disable to prevent double-clicks while the wallet popup is up.
             button.disabled = true;
             setButtonDisabledStyle();
@@ -21632,29 +21598,17 @@ async function awaitSignInGestureAndSign(label, theme, signFn) {
             // so Chrome's transient user activation propagates to the
             // protocol's window.location.assign(associationUrl) inside
             // launchAssociation(). Do not `await` before calling.
-            const t0 = Date.now();
-            console.log(`[MWA-DEBUG] ${label} gesture: signMessage start (attempt=${attempt})`);
             signFn().then((results) => {
-                const elapsed = Date.now() - t0;
                 if (!results || results.length === 0) {
-                    console.log(`[MWA-DEBUG] ${label} gesture: signMessage returned empty (attempt=${attempt}, ${elapsed}ms)`);
                     finishReject(new Error('MWA returned no signature'));
                     return;
                 }
-                console.log(`[MWA-DEBUG] ${label} gesture: signMessage ok (attempt=${attempt}, ${elapsed}ms)`);
                 finishResolve(results[0]);
             }).catch((err) => {
-                const elapsed = Date.now() - t0;
-                const info = findMwaError(err);
-                console.log(`[MWA-DEBUG] ${label} gesture: signMessage err (attempt=${attempt}, ${elapsed}ms)`, {
-                    outer: { name: err === null || err === void 0 ? void 0 : err.name, message: err === null || err === void 0 ? void 0 : err.message },
-                    mwa: info,
-                });
                 const retryable = isMwaAssociationRetryable(err);
                 if (retryable && attempt < MAX_ATTEMPTS) {
                     // Re-enable the button so the user's next tap provides a
                     // fresh user activation. Show inline error text.
-                    console.log(`[MWA-DEBUG] ${label} gesture: retryable (${retryable.code}); awaiting user tap to retry (attempt ${attempt}/${MAX_ATTEMPTS})`);
                     button.disabled = false;
                     setButtonEnabledStyle();
                     button.textContent = originalText;
@@ -21664,7 +21618,6 @@ async function awaitSignInGestureAndSign(label, theme, signFn) {
                 }
                 if (retryable) {
                     // Hit the attempt cap with a still-retryable failure.
-                    console.log(`[MWA-DEBUG] ${label} gesture: retryable but attempt cap reached (${attempt})`);
                     finishReject(new Error("Couldn't connect to your Seeker wallet. Please try again."));
                     return;
                 }
@@ -21673,7 +21626,6 @@ async function awaitSignInGestureAndSign(label, theme, signFn) {
                 finishReject(err);
             });
         });
-        console.log(`[MWA-DEBUG] ${label} gesture: modal shown`);
     });
 }
 /**
@@ -21817,7 +21769,7 @@ async function registerMobileWalletAdapter(config) {
     if (typeof window === 'undefined')
         return;
     try {
-        const walletStandardMobile = await Promise.resolve().then(function () { return require('./index.browser-CZIJCtms.js'); });
+        const walletStandardMobile = await Promise.resolve().then(function () { return require('./index.browser-DlA-NKvf.js'); });
         const registerMwa = walletStandardMobile.registerMwa || ((_a = walletStandardMobile.default) === null || _a === void 0 ? void 0 : _a.registerMwa);
         if (!registerMwa) {
             console.warn('[SolanaMobileWallet] registerMwa not found in @solana-mobile/wallet-standard-mobile');
@@ -21844,7 +21796,7 @@ async function registerMobileWalletAdapter(config) {
         // SolanaMobileWalletProvider.ensureWallet() for why. Consumers that
         // want their own UX can pass config.onWalletNotFound.
         options.onWalletNotFound = (_b = config === null || config === void 0 ? void 0 : config.onWalletNotFound) !== null && _b !== void 0 ? _b : (async () => {
-            console.warn('[MWA-DEBUG] registerMobileWalletAdapter onWalletNotFound (suppressed)');
+            // intentional no-op
         });
         registerMwa(options);
     }
@@ -21884,19 +21836,66 @@ class SolanaMobileWalletProvider {
     constructor(networkUrl = null, config = {}) {
         /** LocalSolanaMobileWalletAdapterWallet, lazy-constructed in ensureWallet(). */
         this.wallet = null;
+        /**
+         * Cached MWA auth_token returned by `wallet.authorize()`. Reused by
+         * subsequent native transact() calls (signMessage / signTransaction)
+         * so the user doesn't get the wallet-pick popup on every operation.
+         * Persisted to platform storage and hydrated by the constructor on
+         * native; cleared by logout() and on `ERROR_REAUTHORIZE`.
+         */
+        this.nativeAuthToken = null;
+        /** Cached public key string for the connected MWA wallet (native). */
+        this.nativeAddress = null;
         this.networkUrl = networkUrl;
         this.config = config;
-        if (typeof window === 'undefined') {
+        // Allow construction in true React Native environments: getPlatform().hasDOM
+        // is false there even though `typeof window === 'object'` (RN exposes a
+        // partial window global). Web/PWA paths still keep their original guard:
+        // they need real window+document for wallet-standard-mobile's deep-link
+        // mechanism, so missing-window in those builds remains a fail-fast.
+        const hasDOM = getPlatform().hasDOM;
+        if (!hasDOM && typeof window === 'undefined') {
+            throw new Error('SolanaMobileWalletProvider can only be instantiated in a browser or React Native environment');
+        }
+        if (hasDOM && typeof window === 'undefined') {
             throw new Error('SolanaMobileWalletProvider can only be instantiated in a browser environment');
         }
         if (SolanaMobileWalletProvider.instance) {
             return SolanaMobileWalletProvider.instance;
         }
+        // `appIdentity.uri` is what Phantom Android (and other MWA wallets)
+        // display in their approval modal. On web/PWA this is the page
+        // origin; on native there's no `window.location`, so fall back to
+        // a stable identifier the user can recognize. Apps can override
+        // entirely via `config.appIdentity.uri`.
+        const fallbackUri = hasDOM
+            ? getPlatform().getLocationOrigin()
+            : 'tarobase://app';
         this.appIdentity = config.appIdentity || {
             name: 'TaroBase App',
-            uri: getPlatform().getLocationOrigin(),
+            uri: fallbackUri,
         };
         this.cluster = config.cluster || 'mainnet-beta';
+        // Hydrate cached MWA auth_token from storage on native so we can
+        // skip the wallet-pick popup after a cold-start when the underlying
+        // wallet authorization is still valid. Sync storage call per the
+        // PlatformAdapter contract; safe to swallow read errors (a fresh
+        // login() just re-authorizes).
+        if (!hasDOM) {
+            try {
+                const raw = getPlatform().storage.getItem(MWA_AUTH_TOKEN_STORAGE_KEY);
+                if (raw) {
+                    const parsed = JSON.parse(raw);
+                    if (typeof parsed.token === 'string' && typeof parsed.address === 'string') {
+                        this.nativeAuthToken = parsed.token;
+                        this.nativeAddress = parsed.address;
+                    }
+                }
+            }
+            catch (_a) {
+                // Corrupt or unreadable cache — ignore. login() will re-auth.
+            }
+        }
         SolanaMobileWalletProvider.instance = this;
     }
     static getInstance(networkUrl, config) {
@@ -21909,7 +21908,7 @@ class SolanaMobileWalletProvider {
     async ensureWallet() {
         if (this.wallet)
             return this.wallet;
-        const mod = await Promise.resolve().then(function () { return require('./index.browser-CZIJCtms.js'); });
+        const mod = await Promise.resolve().then(function () { return require('./index.browser-DlA-NKvf.js'); });
         const chain = mapChainToWalletStandard(this.cluster);
         this.wallet = new mod.LocalSolanaMobileWalletAdapterWallet({
             appIdentity: this.appIdentity,
@@ -21923,7 +21922,7 @@ class SolanaMobileWalletProvider {
             // login()'s withMwaAssociationRetry handles this case; on second
             // failure it surfaces a clean error message to the host app.
             onWalletNotFound: async () => {
-                console.warn('[MWA-DEBUG] ensureWallet onWalletNotFound (suppressed)');
+                // intentional no-op
             },
         });
         return this.wallet;
@@ -21959,6 +21958,134 @@ class SolanaMobileWalletProvider {
     getChain() {
         return mapChainToWalletStandard(this.cluster);
     }
+    /**
+     * Dynamically import and unwrap `transact` from the MWA web3js
+     * package. The package is externalized in rollup.config.js so this
+     * resolves to `lib/cjs/index.native.js` (TurboModule-backed) on
+     * Metro and `lib/esm/index.browser.js` (WebSocket) on webpack/vite
+     * per their respective platform conditions. Handles Metro's CJS-to-
+     * ESM interop variance (`mod.transact` vs `mod.default?.transact`).
+     */
+    async loadTransact() {
+        var _a;
+        const mod = await import('@solana-mobile/mobile-wallet-adapter-protocol-web3js');
+        const t = mod.transact || ((_a = mod.default) === null || _a === void 0 ? void 0 : _a.transact);
+        if (typeof t !== 'function') {
+            throw new Error('MWA transact API not available on this platform');
+        }
+        return t;
+    }
+    /**
+     * Cache and persist a fresh MWA auth_token + address. Called from
+     * `_loginNative` after a successful authorize. Storage failures are
+     * non-fatal (next cold-start re-auths).
+     */
+    persistNativeAuth(token, address) {
+        this.nativeAuthToken = token;
+        this.nativeAddress = address;
+        try {
+            getPlatform().storage.setItem(MWA_AUTH_TOKEN_STORAGE_KEY, JSON.stringify({ token, address }));
+        }
+        catch (_a) {
+            // non-fatal — token still in-memory for this process
+        }
+    }
+    /** Clear cached + persisted native auth state. */
+    clearNativeAuth() {
+        this.nativeAuthToken = null;
+        this.nativeAddress = null;
+        try {
+            getPlatform().storage.removeItem(MWA_AUTH_TOKEN_STORAGE_KEY);
+        }
+        catch (_a) {
+            // ignore
+        }
+    }
+    /**
+     * Classify an MWA-native error as a user cancellation. User-cancel
+     * shouldn't surface as a red console.error; callers can swallow or
+     * show a softer message. MWA spec codes plus the same substring
+     * checks the web path uses to catch wallet-specific phrasing.
+     */
+    isNativeUserCancel(err) {
+        var _a;
+        if (!err)
+            return false;
+        const code = err.code;
+        if (code === 'ERROR_NOT_SIGNED')
+            return true;
+        const msg = String((_a = err.message) !== null && _a !== void 0 ? _a : '').toLowerCase();
+        return /user (rejected|denied|cancelled|canceled|declined)/.test(msg);
+    }
+    /**
+     * Native MWA login via @solana-mobile/mobile-wallet-adapter-protocol-web3js.
+     * Used in true React Native (Expo) environments where wallet-standard-mobile's
+     * web universal-link path doesn't apply. Does authorize + signMessage in a
+     * single transact() roundtrip — intent-based MWA doesn't need the two-popup
+     * dance the web path uses (no Chrome activation-loss concern). Persists the
+     * resulting auth_token so cold-start can reauthorize without a fresh popup.
+     */
+    async _loginNative() {
+        const transact = await this.loadTransact();
+        const existingSession = await WebSessionManager.getSession();
+        const nonce = await genAuthNonce();
+        const result = await transact(async (wallet) => {
+            const auth = await wallet.authorize({
+                chain: this.getChain(),
+                identity: this.appIdentity,
+            });
+            if (!auth.accounts || auth.accounts.length === 0) {
+                throw new Error('MWA returned no accounts');
+            }
+            const account = auth.accounts[0];
+            // account.address is base64-encoded per MWA spec; convert to
+            // the base58 form Tarobase + the rest of the SDK use.
+            const base58Addr = new web3_js.PublicKey(bufferExports.Buffer.from(account.address, 'base64')).toBase58();
+            // Reuse session if already valid for this address — skip the
+            // signMessages roundtrip entirely.
+            if (existingSession && existingSession.address === base58Addr) {
+                return {
+                    base58Addr,
+                    authToken: auth.auth_token,
+                    signatureBase64: null,
+                };
+            }
+            const messageText = await genSolanaMessage(base58Addr, nonce);
+            const messageBytes = getPlatform().textEncode(messageText);
+            const signatures = await wallet.signMessages({
+                addresses: [account.address],
+                payloads: [messageBytes],
+            });
+            if (!signatures || signatures.length === 0) {
+                throw new Error('MWA returned no signature');
+            }
+            // Per spec, signMessages returns Uint8Array[] of signatures
+            // (one per payload), not message+signature concatenations.
+            const signatureBase64 = bufferExports.Buffer.from(signatures[0]).toString('base64');
+            return {
+                base58Addr,
+                authToken: auth.auth_token,
+                signatureBase64,
+                messageText,
+            };
+        });
+        this.persistNativeAuth(result.authToken, result.base58Addr);
+        // Existing valid session — short-circuit before re-creating server-side.
+        if (existingSession && existingSession.address === result.base58Addr) {
+            const user = { provider: this, address: result.base58Addr };
+            setCurrentUser(user);
+            return user;
+        }
+        // Create Tarobase session on the server.
+        if (!result.signatureBase64 || !result.messageText) {
+            throw new Error('MWA login completed without signature');
+        }
+        const createSessionResult = await createSessionWithSignature(result.base58Addr, result.messageText, result.signatureBase64);
+        await WebSessionManager.storeSession(result.base58Addr, createSessionResult.accessToken, createSessionResult.idToken, createSessionResult.refreshToken);
+        const user = { provider: this, address: result.base58Addr };
+        setCurrentUser(user);
+        return user;
+    }
     async login() {
         var _a, _b, _c, _d, _e;
         setAuthLoading(true);
@@ -21969,6 +22096,13 @@ class SolanaMobileWalletProvider {
         const prevAuthMethod = readAuthMethod();
         writeAuthMethod(MWA_AUTH_METHOD);
         try {
+            // True React Native: skip the wallet-standard-mobile path (which
+            // requires window.isSecureContext and a real DOM) and use the raw
+            // MWA protocol via Android intents.
+            if (!getPlatform().hasDOM) {
+                const user = await this._loginNative();
+                return user;
+            }
             const wallet = await this.ensureWallet();
             // Quick-check: wallet may already have authorization (e.g. from a
             // previous in-page login) and a matching Tarobase session — skip
@@ -21997,7 +22131,7 @@ class SolanaMobileWalletProvider {
             // consent on the second pass and completes quickly. See
             // withMwaAssociationRetry for details.
             const connectFeat = getConnectFeature(wallet);
-            const { accounts } = await withMwaAssociationRetry('login:connect', () => connectFeat.connect());
+            const { accounts } = await withMwaAssociationRetry(() => connectFeat.connect());
             if (!accounts || accounts.length === 0) {
                 throw new Error('MWA returned no accounts');
             }
@@ -22030,7 +22164,7 @@ class SolanaMobileWalletProvider {
             const messageText = await genSolanaMessage(base58Addr, nonce);
             const messageBytes = getPlatform().textEncode(messageText);
             const signMessageFeat = getSignMessageFeature(wallet);
-            const signResult = await awaitSignInGestureAndSign('login:signMessage', this.config.theme, () => signMessageFeat.signMessage({ account, message: messageBytes }));
+            const signResult = await awaitSignInGestureAndSign(this.config.theme, () => signMessageFeat.signMessage({ account, message: messageBytes }));
             if (!signResult) {
                 throw new Error('MWA returned no signature');
             }
@@ -22070,6 +22204,29 @@ class SolanaMobileWalletProvider {
         return null;
     }
     async logout() {
+        if (!getPlatform().hasDOM) {
+            // Native path: deauthorize the cached MWA auth_token if we have
+            // one (failures non-fatal — the wallet app may have been
+            // uninstalled or the token already revoked), then clear local
+            // and persisted state.
+            const token = this.nativeAuthToken;
+            if (token) {
+                try {
+                    const transact = await this.loadTransact();
+                    await transact(async (wallet) => {
+                        await wallet.deauthorize({ auth_token: token });
+                    });
+                }
+                catch (error) {
+                    console.warn('[SolanaMobileWallet] Native deauthorize error:', error);
+                }
+            }
+            this.clearNativeAuth();
+            WebSessionManager.clearSession();
+            writeAuthMethod(null);
+            setCurrentUser(null);
+            return;
+        }
         try {
             const wallet = await this.ensureWallet();
             const disconnectFeat = getDisconnectFeature(wallet);
@@ -22089,7 +22246,42 @@ class SolanaMobileWalletProvider {
         setCurrentUser(null);
     }
     async signMessage(message) {
-        var _a, _b;
+        var _a, _b, _c;
+        // Native: reauthorize with cached auth_token, then signMessages inside
+        // the same transact() session. No wallet-pick popup if the auth_token
+        // is still valid for the user's wallet.
+        if (!getPlatform().hasDOM) {
+            if (!this.nativeAuthToken || !this.nativeAddress) {
+                throw new Error('Wallet not connected. Call login() first.');
+            }
+            const transact = await this.loadTransact();
+            const messageBytes = getPlatform().textEncode(message);
+            const addressBase64 = new web3_js.PublicKey(this.nativeAddress).toBuffer().toString('base64');
+            const authToken = this.nativeAuthToken;
+            try {
+                const signature = await transact(async (wallet) => {
+                    await wallet.reauthorize({ auth_token: authToken, identity: this.appIdentity });
+                    const sigs = await wallet.signMessages({
+                        addresses: [addressBase64],
+                        payloads: [messageBytes],
+                    });
+                    if (!sigs || sigs.length === 0)
+                        throw new Error('MWA returned no signature');
+                    return sigs[0];
+                });
+                return bufferExports.Buffer.from(signature).toString('base64');
+            }
+            catch (error) {
+                if (this.isNativeUserCancel(error)) {
+                    throw new Error('User declined to sign');
+                }
+                if ((error === null || error === void 0 ? void 0 : error.code) === 'ERROR_AUTHORIZATION_FAILED' || (error === null || error === void 0 ? void 0 : error.code) === 'ERROR_REAUTHORIZE') {
+                    await this.logout();
+                    throw new Error('Wallet connection lost. Please reconnect.');
+                }
+                throw new Error(`Failed to sign message: ${(_a = error === null || error === void 0 ? void 0 : error.message) !== null && _a !== void 0 ? _a : error}`);
+            }
+        }
         const account = await this.ensureAuthorized();
         const wallet = await this.ensureWallet();
         try {
@@ -22103,7 +22295,7 @@ class SolanaMobileWalletProvider {
             return bufferExports.Buffer.from(sigBytes).toString('base64');
         }
         catch (error) {
-            if (((_a = error === null || error === void 0 ? void 0 : error.message) === null || _a === void 0 ? void 0 : _a.includes('not connected')) || ((_b = error === null || error === void 0 ? void 0 : error.message) === null || _b === void 0 ? void 0 : _b.includes('not authorized')) ||
+            if (((_b = error === null || error === void 0 ? void 0 : error.message) === null || _b === void 0 ? void 0 : _b.includes('not connected')) || ((_c = error === null || error === void 0 ? void 0 : error.message) === null || _c === void 0 ? void 0 : _c.includes('not authorized')) ||
                 (error === null || error === void 0 ? void 0 : error.code) === 'ERROR_AUTHORIZATION_FAILED') {
                 await this.logout();
                 throw new Error('Wallet connection lost. Please reconnect.');
@@ -22112,7 +22304,58 @@ class SolanaMobileWalletProvider {
         }
     }
     async signTransaction(transaction) {
-        var _a, _b;
+        var _a, _b, _c;
+        // Native: fill blockhash/feePayer if missing, then signTransactions
+        // inside a transact() session keyed by the cached auth_token.
+        if (!getPlatform().hasDOM) {
+            if (!this.nativeAuthToken || !this.nativeAddress) {
+                throw new Error('Wallet not connected. Call login() first.');
+            }
+            const connectedPubkey = new web3_js.PublicKey(this.nativeAddress);
+            const isLegacyTransaction = 'recentBlockhash' in transaction && !('message' in transaction && 'staticAccountKeys' in transaction.message);
+            if (isLegacyTransaction) {
+                const legacyTx = transaction;
+                if (!legacyTx.recentBlockhash) {
+                    const conn = new web3_js.Connection(this.getRpcUrl(), 'confirmed');
+                    const { blockhash, lastValidBlockHeight } = await conn.getLatestBlockhash('confirmed');
+                    legacyTx.recentBlockhash = blockhash;
+                    legacyTx.lastValidBlockHeight = lastValidBlockHeight;
+                }
+                if (!legacyTx.feePayer) {
+                    legacyTx.feePayer = connectedPubkey;
+                }
+            }
+            else {
+                const versionedTx = transaction;
+                if (!versionedTx.message.recentBlockhash) {
+                    const conn = new web3_js.Connection(this.getRpcUrl(), 'confirmed');
+                    const { blockhash } = await conn.getLatestBlockhash('confirmed');
+                    versionedTx.message.recentBlockhash = blockhash;
+                }
+            }
+            const transact = await this.loadTransact();
+            const authToken = this.nativeAuthToken;
+            try {
+                const signed = await transact(async (wallet) => {
+                    await wallet.reauthorize({ auth_token: authToken, identity: this.appIdentity });
+                    const results = await wallet.signTransactions({ transactions: [transaction] });
+                    if (!results || results.length === 0)
+                        throw new Error('MWA returned no signed transaction');
+                    return results[0];
+                });
+                return signed;
+            }
+            catch (error) {
+                if (this.isNativeUserCancel(error)) {
+                    throw new Error('User declined to sign');
+                }
+                if ((error === null || error === void 0 ? void 0 : error.code) === 'ERROR_AUTHORIZATION_FAILED' || (error === null || error === void 0 ? void 0 : error.code) === 'ERROR_REAUTHORIZE') {
+                    await this.logout();
+                    throw new Error('Wallet connection lost. Please reconnect.');
+                }
+                throw new Error(`Failed to sign transaction: ${(_a = error === null || error === void 0 ? void 0 : error.message) !== null && _a !== void 0 ? _a : error}`);
+            }
+        }
         const account = await this.ensureAuthorized();
         const connectedPubkey = new web3_js.PublicKey(account.publicKey);
         const wallet = await this.ensureWallet();
@@ -22151,7 +22394,7 @@ class SolanaMobileWalletProvider {
             return txFromWireBytes(new Uint8Array(signedBytes));
         }
         catch (error) {
-            if (((_a = error === null || error === void 0 ? void 0 : error.message) === null || _a === void 0 ? void 0 : _a.includes('not connected')) || ((_b = error === null || error === void 0 ? void 0 : error.message) === null || _b === void 0 ? void 0 : _b.includes('not authorized')) ||
+            if (((_b = error === null || error === void 0 ? void 0 : error.message) === null || _b === void 0 ? void 0 : _b.includes('not connected')) || ((_c = error === null || error === void 0 ? void 0 : error.message) === null || _c === void 0 ? void 0 : _c.includes('not authorized')) ||
                 (error === null || error === void 0 ? void 0 : error.code) === 'ERROR_AUTHORIZATION_FAILED') {
                 await this.logout();
                 throw new Error('Wallet connection lost. Please reconnect.');
@@ -22160,7 +22403,70 @@ class SolanaMobileWalletProvider {
         }
     }
     async signAndSubmitTransaction(transaction, feePayer) {
-        var _a, _b, _c, _d, _e, _f;
+        var _a, _b, _c, _d, _e, _f, _g;
+        // Native: signAndSendTransactions inside a transact() session.
+        // The wallet submits to its own RPC; we then await confirmation on
+        // ours. Surfnet (custom RPC) needs manual submission because the
+        // wallet won't route there — we fall back to sign-only + manual send.
+        if (!getPlatform().hasDOM) {
+            if (!this.nativeAuthToken || !this.nativeAddress) {
+                throw new Error('Wallet not connected. Call login() first.');
+            }
+            const connectedPubkey = new web3_js.PublicKey(this.nativeAddress);
+            const rpcUrl = this.getRpcUrl();
+            const connection = new web3_js.Connection(rpcUrl, 'confirmed');
+            const isSurfnet = rpcUrl === SURFNET_RPC_URL$2;
+            const { blockhash, lastValidBlockHeight } = await connection.getLatestBlockhash('confirmed');
+            const isLegacyTransaction = 'recentBlockhash' in transaction && !('message' in transaction && 'staticAccountKeys' in transaction.message);
+            if (isLegacyTransaction) {
+                const legacyTx = transaction;
+                legacyTx.recentBlockhash = blockhash;
+                legacyTx.lastValidBlockHeight = lastValidBlockHeight;
+                if (!legacyTx.feePayer)
+                    legacyTx.feePayer = feePayer !== null && feePayer !== void 0 ? feePayer : connectedPubkey;
+            }
+            else {
+                const versionedTx = transaction;
+                versionedTx.message.recentBlockhash = blockhash;
+            }
+            const transact = await this.loadTransact();
+            const authToken = this.nativeAuthToken;
+            try {
+                if (isSurfnet) {
+                    // Surfnet: sign only, submit manually to Surfnet RPC
+                    // (the wallet would route signAndSend to its own RPC).
+                    const signed = await transact(async (wallet) => {
+                        await wallet.reauthorize({ auth_token: authToken, identity: this.appIdentity });
+                        const results = await wallet.signTransactions({ transactions: [transaction] });
+                        if (!results || results.length === 0)
+                            throw new Error('MWA returned no signed transaction');
+                        return results[0];
+                    });
+                    const sig = await connection.sendRawTransaction(signed.serialize(), { preflightCommitment: 'confirmed' });
+                    await confirmAndCheckTransaction(connection, sig);
+                    return sig;
+                }
+                const sig = await transact(async (wallet) => {
+                    await wallet.reauthorize({ auth_token: authToken, identity: this.appIdentity });
+                    const results = await wallet.signAndSendTransactions({ transactions: [transaction] });
+                    if (!results || results.length === 0)
+                        throw new Error('MWA returned no signature');
+                    return results[0];
+                });
+                await confirmAndCheckTransaction(connection, sig);
+                return sig;
+            }
+            catch (error) {
+                if (this.isNativeUserCancel(error)) {
+                    throw new Error('User declined to sign');
+                }
+                if ((error === null || error === void 0 ? void 0 : error.code) === 'ERROR_AUTHORIZATION_FAILED' || (error === null || error === void 0 ? void 0 : error.code) === 'ERROR_REAUTHORIZE') {
+                    await this.logout();
+                    throw new Error('Wallet connection lost. Please reconnect.');
+                }
+                throw new Error(`Failed to sign+submit transaction: ${(_a = error === null || error === void 0 ? void 0 : error.message) !== null && _a !== void 0 ? _a : error}`);
+            }
+        }
         const account = await this.ensureAuthorized();
         const connectedPubkey = new web3_js.PublicKey(account.publicKey);
         const wallet = await this.ensureWallet();
@@ -22227,16 +22533,16 @@ class SolanaMobileWalletProvider {
             return signature;
         }
         catch (error) {
-            if (((_a = error === null || error === void 0 ? void 0 : error.message) === null || _a === void 0 ? void 0 : _a.includes('not connected')) || ((_b = error === null || error === void 0 ? void 0 : error.message) === null || _b === void 0 ? void 0 : _b.includes('not authorized')) ||
+            if (((_b = error === null || error === void 0 ? void 0 : error.message) === null || _b === void 0 ? void 0 : _b.includes('not connected')) || ((_c = error === null || error === void 0 ? void 0 : error.message) === null || _c === void 0 ? void 0 : _c.includes('not authorized')) ||
                 (error === null || error === void 0 ? void 0 : error.code) === 'ERROR_AUTHORIZATION_FAILED') {
                 await this.logout();
                 throw new Error('Wallet connection lost. Please reconnect.');
             }
             const isUserRejection = (error === null || error === void 0 ? void 0 : error.code) === 4001 ||
-                ((_c = error === null || error === void 0 ? void 0 : error.message) === null || _c === void 0 ? void 0 : _c.toLowerCase().includes('user rejected')) ||
-                ((_d = error === null || error === void 0 ? void 0 : error.message) === null || _d === void 0 ? void 0 : _d.toLowerCase().includes('user denied')) ||
-                ((_e = error === null || error === void 0 ? void 0 : error.message) === null || _e === void 0 ? void 0 : _e.toLowerCase().includes('user cancelled')) ||
-                ((_f = error === null || error === void 0 ? void 0 : error.message) === null || _f === void 0 ? void 0 : _f.toLowerCase().includes('user canceled'));
+                ((_d = error === null || error === void 0 ? void 0 : error.message) === null || _d === void 0 ? void 0 : _d.toLowerCase().includes('user rejected')) ||
+                ((_e = error === null || error === void 0 ? void 0 : error.message) === null || _e === void 0 ? void 0 : _e.toLowerCase().includes('user denied')) ||
+                ((_f = error === null || error === void 0 ? void 0 : error.message) === null || _f === void 0 ? void 0 : _f.toLowerCase().includes('user cancelled')) ||
+                ((_g = error === null || error === void 0 ? void 0 : error.message) === null || _g === void 0 ? void 0 : _g.toLowerCase().includes('user canceled'));
             if (!isUserRejection) {
                 console.error('[SolanaMobileWallet] Transaction failed:', error);
             }
@@ -22803,6 +23109,7 @@ exports.bufferExports = bufferExports;
 exports.buildSetDocumentsTransaction = buildSetDocumentsTransaction;
 exports.clearCache = clearCache;
 exports.closeAllSubscriptions = closeAllSubscriptions;
+exports.commonjsRequire = commonjsRequire;
 exports.convertRemainingAccounts = convertRemainingAccounts;
 exports.count = count;
 exports.createSessionWithPrivy = createSessionWithPrivy;
@@ -22830,6 +23137,7 @@ exports.onAuthStateChanged = onAuthStateChanged;
 exports.reconnectWithNewAuth = reconnectWithNewAuth;
 exports.refreshSession = refreshSession;
 exports.registerMobileWalletAdapter = registerMobileWalletAdapter;
+exports.require$$0 = require$$0;
 exports.runExpression = runExpression;
 exports.runExpressionMany = runExpressionMany;
 exports.runQuery = runQuery;
@@ -22844,4 +23152,4 @@ exports.signSessionCreateMessage = signSessionCreateMessage;
 exports.signTransaction = signTransaction;
 exports.subscribe = subscribe;
 exports.useAuth = useAuth;
-//# sourceMappingURL=index-bEXLwE7_.js.map
+//# sourceMappingURL=index-Dj1tZr6X.js.map