@pooflabs/web 0.0.86 → 0.0.88

package/dist/{index-hEc5_KoM.js → index-Lm0k5Hwv.js}

@@ -22,6 +22,21 @@ function _interopNamespaceDefault(e) {
 	return Object.freeze(n);
 }
 
+function _mergeNamespaces(n, m) {
+	m.forEach(function (e) {
+		e && typeof e !== 'string' && !Array.isArray(e) && Object.keys(e).forEach(function (k) {
+			if (k !== 'default' && !(k in n)) {
+				var d = Object.getOwnPropertyDescriptor(e, k);
+				Object.defineProperty(n, k, d.get ? d : {
+					enumerable: true,
+					get: function () { return e[k]; }
+				});
+			}
+		});
+	});
+	return Object.freeze(n);
+}
+
 var anchor__namespace = /*#__PURE__*/_interopNamespaceDefault(anchor);
 var React__namespace = /*#__PURE__*/_interopNamespaceDefault(React$2);
 
@@ -6770,28 +6785,6 @@ class WebSessionManager {
     static async storeSession(address, accessToken, idToken, refreshToken) {
         if (typeof window === "undefined")
             return;
-        // JWT-wallet binding: refuse to store a session whose idToken is bound
-        // to a different wallet than `address`. Prevents races that would otherwise
-        // leave localStorage with mismatched address/token state.
-        try {
-            const payloadB64 = idToken.split(".")[1];
-            if (payloadB64) {
-                const payload = JSON.parse(this.decodeBase64Url(payloadB64));
-                const tokenWallet = payload["custom:walletAddress"];
-                if (tokenWallet && tokenWallet !== address) {
-                    throw new Error(`[WebSessionManager] Refusing to store session: address (${address}) does not match idToken custom:walletAddress (${tokenWallet})`);
-                }
-                if (!tokenWallet) {
-                    console.warn("[WebSessionManager] storeSession: idToken has no custom:walletAddress claim — writing without validation");
-                }
-            }
-        }
-        catch (err) {
-            if (typeof (err === null || err === void 0 ? void 0 : err.message) === "string" && err.message.includes("Refusing to store session")) {
-                throw err;
-            }
-            console.warn("[WebSessionManager] storeSession: failed to decode idToken for validation:", err);
-        }
         const config = await getConfig();
         const currentAppId = config.appId;
         localStorage.setItem(this.TAROBASE_SESSION_STORAGE_KEY, JSON.stringify({
@@ -9490,11 +9483,11 @@ function requireSrc$1 () {
 }
 
 var bs58$1;
-var hasRequiredBs58;
+var hasRequiredBs58$1;
 
-function requireBs58 () {
-	if (hasRequiredBs58) return bs58$1;
-	hasRequiredBs58 = 1;
+function requireBs58$1 () {
+	if (hasRequiredBs58$1) return bs58$1;
+	hasRequiredBs58$1 = 1;
 	var basex = requireSrc$1();
 	var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
 
@@ -9502,8 +9495,8 @@ function requireBs58 () {
 	return bs58$1;
 }
 
-var bs58Exports = requireBs58();
-var bs58 = /*@__PURE__*/getDefaultExportFromCjs(bs58Exports);
+var bs58Exports$1 = requireBs58$1();
+var bs58$2 = /*@__PURE__*/getDefaultExportFromCjs(bs58Exports$1);
 
 // ─────────────────────────────────────────────────────────────
 // Local implementation of getSimulationComputeUnits
@@ -9765,7 +9758,7 @@ function loadKeypairFromEnv() {
     try {
         const secretKey = secret.trim().startsWith("[")
             ? Uint8Array.from(JSON.parse(secret))
-            : bs58.decode(secret.trim());
+            : bs58$2.decode(secret.trim());
         return web3_js.Keypair.fromSecretKey(secretKey);
     }
     catch (err) {
@@ -11710,28 +11703,6 @@ class ReactNativeSessionManager {
     /* STORE                                                              */
     /* ------------------------------------------------------------------ */
     static async storeSession(address, accessToken, idToken, refreshToken) {
-        // JWT-wallet binding: refuse to store a session whose idToken is bound
-        // to a different wallet than `address`. Prevents races that would otherwise
-        // leave storage with mismatched address/token state.
-        try {
-            const payloadB64 = idToken.split(".")[1];
-            if (payloadB64) {
-                const payload = JSON.parse(this.decodeBase64Url(payloadB64));
-                const tokenWallet = payload["custom:walletAddress"];
-                if (tokenWallet && tokenWallet !== address) {
-                    throw new Error(`[ReactNativeSessionManager] Refusing to store session: address (${address}) does not match idToken custom:walletAddress (${tokenWallet})`);
-                }
-                if (!tokenWallet) {
-                    console.warn("[ReactNativeSessionManager] storeSession: idToken has no custom:walletAddress claim — writing without validation");
-                }
-            }
-        }
-        catch (err) {
-            if (typeof (err === null || err === void 0 ? void 0 : err.message) === "string" && err.message.includes("Refusing to store session")) {
-                throw err;
-            }
-            console.warn("[ReactNativeSessionManager] storeSession: failed to decode idToken for validation:", err);
-        }
         const config = await getConfig();
         const currentAppId = config.appId;
         this.getStorage().setItem(this.TAROBASE_SESSION_STORAGE_KEY, JSON.stringify({
@@ -15730,7 +15701,7 @@ async function loadDependencies() {
         const [reactModule, reactDomModule, phantomModule] = await Promise.all([
             import('react'),
             import('react-dom/client'),
-            Promise.resolve().then(function () { return require('./index-BHkED2YI.js'); })
+            Promise.resolve().then(function () { return require('./index-CTtGbOzo.js'); })
         ]);
         // Extract default export from ESM module namespace
         // Dynamic import() returns { default: Module, ...exports }, not the module directly
@@ -20388,16 +20359,26 @@ function requireSrc () {
 	return src;
 }
 
-var srcExports = requireSrc();
-var basex = /*@__PURE__*/getDefaultExportFromCjs$1(srcExports);
+var bs58;
+var hasRequiredBs58;
+
+function requireBs58 () {
+	if (hasRequiredBs58) return bs58;
+	hasRequiredBs58 = 1;
+	var basex = requireSrc();
+	var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
+
+	bs58 = basex(ALPHABET);
+	return bs58;
+}
 
-var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
-var base58 = basex(ALPHABET);
+var bs58Exports = requireBs58();
+var base58 = /*@__PURE__*/getDefaultExportFromCjs$1(bs58Exports);
 
-var index = /*#__PURE__*/Object.freeze({
+var index = /*#__PURE__*/_mergeNamespaces({
 	__proto__: null,
 	default: base58
-});
+}, [bs58Exports]);
 
 const SURFNET_RPC_URL$1 = "https://surfpool.fly.dev";
 let React;
@@ -21286,6 +21267,14 @@ var privyWalletProvider = /*#__PURE__*/Object.freeze({
 	PrivyWalletProvider: PrivyWalletProvider
 });
 
+/**
+ * Storage key for persisting the MWA auth_token across cold starts.
+ * Holds JSON `{ token: string, address: string }`. Cleared by
+ * `logout()`. Hydrated by the constructor on native so cold-start
+ * doesn't force the user back into Phantom's approval flow when the
+ * underlying wallet authorization is still valid.
+ */
+const MWA_AUTH_TOKEN_STORAGE_KEY = 'tarobase_mwa_auth_token';
 /**
  * Detects whether the current environment is a mobile browser capable of
  * Mobile Wallet Adapter (MWA) communication.
@@ -21413,13 +21402,13 @@ async function withMwaAssociationRetry(fn) {
  * next tap is a new activation (a real retry). A timer-based retry would
  * just hit the same Chrome block. Cap at 3 attempts before giving up.
  */
-async function awaitSignInGestureAndSign(theme, signFn) {
+async function awaitSignInGestureAndSign(theme, signFn, noResultError = 'MWA returned no signature') {
     if (typeof document === 'undefined' || typeof window === 'undefined') {
         // SSR / non-browser: skip the gesture, just call (the activation
         // model doesn't apply outside the browser).
         const results = await signFn();
         if (!results || results.length === 0)
-            throw new Error('MWA returned no signature');
+            throw new Error(noResultError);
         return results[0];
     }
     return new Promise((resolve, reject) => {
@@ -21611,7 +21600,7 @@ async function awaitSignInGestureAndSign(theme, signFn) {
             // launchAssociation(). Do not `await` before calling.
             signFn().then((results) => {
                 if (!results || results.length === 0) {
-                    finishReject(new Error('MWA returned no signature'));
+                    finishReject(new Error(noResultError));
                     return;
                 }
                 finishResolve(results[0]);
@@ -21639,6 +21628,31 @@ async function awaitSignInGestureAndSign(theme, signFn) {
         });
     });
 }
+/**
+ * Sign through the gesture modal ONLY when transient user activation has
+ * already decayed. Fast transactions still hold the activation from the
+ * user's tap, so the `solana-wallet:` navigation succeeds directly with no
+ * modal (preserves prior UX — no extra tap). Slow transactions — e.g. a swap
+ * whose server-side build exceeds Chrome's ~5s activation window — have lost
+ * it, so we fall back to awaitSignInGestureAndSign to mint a fresh activation
+ * via a "Sign in" tap. Returns the first result (same shape as the bare
+ * wallet-standard feature call and as awaitSignInGestureAndSign).
+ */
+async function signWithFreshActivation(theme, signFn, noResultError = 'MWA returned no signature') {
+    var _a;
+    const activationLive = typeof navigator !== 'undefined' &&
+        ((_a = navigator.userActivation) === null || _a === void 0 ? void 0 : _a.isActive) === true;
+    if (activationLive) {
+        // Live gesture: invoke synchronously (no await before signFn) so the
+        // activation propagates to the protocol's location.assign navigation.
+        const results = await signFn();
+        if (!results || results.length === 0)
+            throw new Error(noResultError);
+        return results[0];
+    }
+    // Activation gone: surface the modal so the user's tap mints a fresh one.
+    return awaitSignInGestureAndSign(theme, signFn, noResultError);
+}
 /**
  * Normalize a chain string to a wallet-standard Solana chain identifier.
  *
@@ -21780,7 +21794,7 @@ async function registerMobileWalletAdapter(config) {
     if (typeof window === 'undefined')
         return;
     try {
-        const walletStandardMobile = await Promise.resolve().then(function () { return require('./index.browser-DD8pg_L2.js'); });
+        const walletStandardMobile = await Promise.resolve().then(function () { return require('./index.browser-BxKN5pIs.js'); });
         const registerMwa = walletStandardMobile.registerMwa || ((_a = walletStandardMobile.default) === null || _a === void 0 ? void 0 : _a.registerMwa);
         if (!registerMwa) {
             console.warn('[SolanaMobileWallet] registerMwa not found in @solana-mobile/wallet-standard-mobile');
@@ -21847,19 +21861,66 @@ class SolanaMobileWalletProvider {
     constructor(networkUrl = null, config = {}) {
         /** LocalSolanaMobileWalletAdapterWallet, lazy-constructed in ensureWallet(). */
         this.wallet = null;
+        /**
+         * Cached MWA auth_token returned by `wallet.authorize()`. Reused by
+         * subsequent native transact() calls (signMessage / signTransaction)
+         * so the user doesn't get the wallet-pick popup on every operation.
+         * Persisted to platform storage and hydrated by the constructor on
+         * native; cleared by logout() and on `ERROR_REAUTHORIZE`.
+         */
+        this.nativeAuthToken = null;
+        /** Cached public key string for the connected MWA wallet (native). */
+        this.nativeAddress = null;
         this.networkUrl = networkUrl;
         this.config = config;
-        if (typeof window === 'undefined') {
+        // Allow construction in true React Native environments: getPlatform().hasDOM
+        // is false there even though `typeof window === 'object'` (RN exposes a
+        // partial window global). Web/PWA paths still keep their original guard:
+        // they need real window+document for wallet-standard-mobile's deep-link
+        // mechanism, so missing-window in those builds remains a fail-fast.
+        const hasDOM = getPlatform().hasDOM;
+        if (!hasDOM && typeof window === 'undefined') {
+            throw new Error('SolanaMobileWalletProvider can only be instantiated in a browser or React Native environment');
+        }
+        if (hasDOM && typeof window === 'undefined') {
             throw new Error('SolanaMobileWalletProvider can only be instantiated in a browser environment');
         }
         if (SolanaMobileWalletProvider.instance) {
             return SolanaMobileWalletProvider.instance;
         }
+        // `appIdentity.uri` is what Phantom Android (and other MWA wallets)
+        // display in their approval modal. On web/PWA this is the page
+        // origin; on native there's no `window.location`, so fall back to
+        // a stable identifier the user can recognize. Apps can override
+        // entirely via `config.appIdentity.uri`.
+        const fallbackUri = hasDOM
+            ? getPlatform().getLocationOrigin()
+            : 'tarobase://app';
         this.appIdentity = config.appIdentity || {
             name: 'TaroBase App',
-            uri: getPlatform().getLocationOrigin(),
+            uri: fallbackUri,
         };
         this.cluster = config.cluster || 'mainnet-beta';
+        // Hydrate cached MWA auth_token from storage on native so we can
+        // skip the wallet-pick popup after a cold-start when the underlying
+        // wallet authorization is still valid. Sync storage call per the
+        // PlatformAdapter contract; safe to swallow read errors (a fresh
+        // login() just re-authorizes).
+        if (!hasDOM) {
+            try {
+                const raw = getPlatform().storage.getItem(MWA_AUTH_TOKEN_STORAGE_KEY);
+                if (raw) {
+                    const parsed = JSON.parse(raw);
+                    if (typeof parsed.token === 'string' && typeof parsed.address === 'string') {
+                        this.nativeAuthToken = parsed.token;
+                        this.nativeAddress = parsed.address;
+                    }
+                }
+            }
+            catch (_a) {
+                // Corrupt or unreadable cache — ignore. login() will re-auth.
+            }
+        }
         SolanaMobileWalletProvider.instance = this;
     }
     static getInstance(networkUrl, config) {
@@ -21872,7 +21933,7 @@ class SolanaMobileWalletProvider {
     async ensureWallet() {
         if (this.wallet)
             return this.wallet;
-        const mod = await Promise.resolve().then(function () { return require('./index.browser-DD8pg_L2.js'); });
+        const mod = await Promise.resolve().then(function () { return require('./index.browser-BxKN5pIs.js'); });
         const chain = mapChainToWalletStandard(this.cluster);
         this.wallet = new mod.LocalSolanaMobileWalletAdapterWallet({
             appIdentity: this.appIdentity,
@@ -21922,6 +21983,134 @@ class SolanaMobileWalletProvider {
     getChain() {
         return mapChainToWalletStandard(this.cluster);
     }
+    /**
+     * Dynamically import and unwrap `transact` from the MWA web3js
+     * package. The package is externalized in rollup.config.js so this
+     * resolves to `lib/cjs/index.native.js` (TurboModule-backed) on
+     * Metro and `lib/esm/index.browser.js` (WebSocket) on webpack/vite
+     * per their respective platform conditions. Handles Metro's CJS-to-
+     * ESM interop variance (`mod.transact` vs `mod.default?.transact`).
+     */
+    async loadTransact() {
+        var _a;
+        const mod = await import('@solana-mobile/mobile-wallet-adapter-protocol-web3js');
+        const t = mod.transact || ((_a = mod.default) === null || _a === void 0 ? void 0 : _a.transact);
+        if (typeof t !== 'function') {
+            throw new Error('MWA transact API not available on this platform');
+        }
+        return t;
+    }
+    /**
+     * Cache and persist a fresh MWA auth_token + address. Called from
+     * `_loginNative` after a successful authorize. Storage failures are
+     * non-fatal (next cold-start re-auths).
+     */
+    persistNativeAuth(token, address) {
+        this.nativeAuthToken = token;
+        this.nativeAddress = address;
+        try {
+            getPlatform().storage.setItem(MWA_AUTH_TOKEN_STORAGE_KEY, JSON.stringify({ token, address }));
+        }
+        catch (_a) {
+            // non-fatal — token still in-memory for this process
+        }
+    }
+    /** Clear cached + persisted native auth state. */
+    clearNativeAuth() {
+        this.nativeAuthToken = null;
+        this.nativeAddress = null;
+        try {
+            getPlatform().storage.removeItem(MWA_AUTH_TOKEN_STORAGE_KEY);
+        }
+        catch (_a) {
+            // ignore
+        }
+    }
+    /**
+     * Classify an MWA-native error as a user cancellation. User-cancel
+     * shouldn't surface as a red console.error; callers can swallow or
+     * show a softer message. MWA spec codes plus the same substring
+     * checks the web path uses to catch wallet-specific phrasing.
+     */
+    isNativeUserCancel(err) {
+        var _a;
+        if (!err)
+            return false;
+        const code = err.code;
+        if (code === 'ERROR_NOT_SIGNED')
+            return true;
+        const msg = String((_a = err.message) !== null && _a !== void 0 ? _a : '').toLowerCase();
+        return /user (rejected|denied|cancelled|canceled|declined)/.test(msg);
+    }
+    /**
+     * Native MWA login via @solana-mobile/mobile-wallet-adapter-protocol-web3js.
+     * Used in true React Native (Expo) environments where wallet-standard-mobile's
+     * web universal-link path doesn't apply. Does authorize + signMessage in a
+     * single transact() roundtrip — intent-based MWA doesn't need the two-popup
+     * dance the web path uses (no Chrome activation-loss concern). Persists the
+     * resulting auth_token so cold-start can reauthorize without a fresh popup.
+     */
+    async _loginNative() {
+        const transact = await this.loadTransact();
+        const existingSession = await WebSessionManager.getSession();
+        const nonce = await genAuthNonce();
+        const result = await transact(async (wallet) => {
+            const auth = await wallet.authorize({
+                chain: this.getChain(),
+                identity: this.appIdentity,
+            });
+            if (!auth.accounts || auth.accounts.length === 0) {
+                throw new Error('MWA returned no accounts');
+            }
+            const account = auth.accounts[0];
+            // account.address is base64-encoded per MWA spec; convert to
+            // the base58 form Tarobase + the rest of the SDK use.
+            const base58Addr = new web3_js.PublicKey(bufferExports.Buffer.from(account.address, 'base64')).toBase58();
+            // Reuse session if already valid for this address — skip the
+            // signMessages roundtrip entirely.
+            if (existingSession && existingSession.address === base58Addr) {
+                return {
+                    base58Addr,
+                    authToken: auth.auth_token,
+                    signatureBase64: null,
+                };
+            }
+            const messageText = await genSolanaMessage(base58Addr, nonce);
+            const messageBytes = getPlatform().textEncode(messageText);
+            const signatures = await wallet.signMessages({
+                addresses: [account.address],
+                payloads: [messageBytes],
+            });
+            if (!signatures || signatures.length === 0) {
+                throw new Error('MWA returned no signature');
+            }
+            // Per spec, signMessages returns Uint8Array[] of signatures
+            // (one per payload), not message+signature concatenations.
+            const signatureBase64 = bufferExports.Buffer.from(signatures[0]).toString('base64');
+            return {
+                base58Addr,
+                authToken: auth.auth_token,
+                signatureBase64,
+                messageText,
+            };
+        });
+        this.persistNativeAuth(result.authToken, result.base58Addr);
+        // Existing valid session — short-circuit before re-creating server-side.
+        if (existingSession && existingSession.address === result.base58Addr) {
+            const user = { provider: this, address: result.base58Addr };
+            setCurrentUser(user);
+            return user;
+        }
+        // Create Tarobase session on the server.
+        if (!result.signatureBase64 || !result.messageText) {
+            throw new Error('MWA login completed without signature');
+        }
+        const createSessionResult = await createSessionWithSignature(result.base58Addr, result.messageText, result.signatureBase64);
+        await WebSessionManager.storeSession(result.base58Addr, createSessionResult.accessToken, createSessionResult.idToken, createSessionResult.refreshToken);
+        const user = { provider: this, address: result.base58Addr };
+        setCurrentUser(user);
+        return user;
+    }
     async login() {
         var _a, _b, _c, _d, _e;
         setAuthLoading(true);
@@ -21932,6 +22121,13 @@ class SolanaMobileWalletProvider {
         const prevAuthMethod = readAuthMethod();
         writeAuthMethod(MWA_AUTH_METHOD);
         try {
+            // True React Native: skip the wallet-standard-mobile path (which
+            // requires window.isSecureContext and a real DOM) and use the raw
+            // MWA protocol via Android intents.
+            if (!getPlatform().hasDOM) {
+                const user = await this._loginNative();
+                return user;
+            }
             const wallet = await this.ensureWallet();
             // Quick-check: wallet may already have authorization (e.g. from a
             // previous in-page login) and a matching Tarobase session — skip
@@ -22033,6 +22229,29 @@ class SolanaMobileWalletProvider {
         return null;
     }
     async logout() {
+        if (!getPlatform().hasDOM) {
+            // Native path: deauthorize the cached MWA auth_token if we have
+            // one (failures non-fatal — the wallet app may have been
+            // uninstalled or the token already revoked), then clear local
+            // and persisted state.
+            const token = this.nativeAuthToken;
+            if (token) {
+                try {
+                    const transact = await this.loadTransact();
+                    await transact(async (wallet) => {
+                        await wallet.deauthorize({ auth_token: token });
+                    });
+                }
+                catch (error) {
+                    console.warn('[SolanaMobileWallet] Native deauthorize error:', error);
+                }
+            }
+            this.clearNativeAuth();
+            WebSessionManager.clearSession();
+            writeAuthMethod(null);
+            setCurrentUser(null);
+            return;
+        }
         try {
             const wallet = await this.ensureWallet();
             const disconnectFeat = getDisconnectFeature(wallet);
@@ -22052,7 +22271,42 @@ class SolanaMobileWalletProvider {
         setCurrentUser(null);
     }
     async signMessage(message) {
-        var _a, _b;
+        var _a, _b, _c;
+        // Native: reauthorize with cached auth_token, then signMessages inside
+        // the same transact() session. No wallet-pick popup if the auth_token
+        // is still valid for the user's wallet.
+        if (!getPlatform().hasDOM) {
+            if (!this.nativeAuthToken || !this.nativeAddress) {
+                throw new Error('Wallet not connected. Call login() first.');
+            }
+            const transact = await this.loadTransact();
+            const messageBytes = getPlatform().textEncode(message);
+            const addressBase64 = new web3_js.PublicKey(this.nativeAddress).toBuffer().toString('base64');
+            const authToken = this.nativeAuthToken;
+            try {
+                const signature = await transact(async (wallet) => {
+                    await wallet.reauthorize({ auth_token: authToken, identity: this.appIdentity });
+                    const sigs = await wallet.signMessages({
+                        addresses: [addressBase64],
+                        payloads: [messageBytes],
+                    });
+                    if (!sigs || sigs.length === 0)
+                        throw new Error('MWA returned no signature');
+                    return sigs[0];
+                });
+                return bufferExports.Buffer.from(signature).toString('base64');
+            }
+            catch (error) {
+                if (this.isNativeUserCancel(error)) {
+                    throw new Error('User declined to sign');
+                }
+                if ((error === null || error === void 0 ? void 0 : error.code) === 'ERROR_AUTHORIZATION_FAILED' || (error === null || error === void 0 ? void 0 : error.code) === 'ERROR_REAUTHORIZE') {
+                    await this.logout();
+                    throw new Error('Wallet connection lost. Please reconnect.');
+                }
+                throw new Error(`Failed to sign message: ${(_a = error === null || error === void 0 ? void 0 : error.message) !== null && _a !== void 0 ? _a : error}`);
+            }
+        }
         const account = await this.ensureAuthorized();
         const wallet = await this.ensureWallet();
         try {
@@ -22066,7 +22320,7 @@ class SolanaMobileWalletProvider {
             return bufferExports.Buffer.from(sigBytes).toString('base64');
         }
         catch (error) {
-            if (((_a = error === null || error === void 0 ? void 0 : error.message) === null || _a === void 0 ? void 0 : _a.includes('not connected')) || ((_b = error === null || error === void 0 ? void 0 : error.message) === null || _b === void 0 ? void 0 : _b.includes('not authorized')) ||
+            if (((_b = error === null || error === void 0 ? void 0 : error.message) === null || _b === void 0 ? void 0 : _b.includes('not connected')) || ((_c = error === null || error === void 0 ? void 0 : error.message) === null || _c === void 0 ? void 0 : _c.includes('not authorized')) ||
                 (error === null || error === void 0 ? void 0 : error.code) === 'ERROR_AUTHORIZATION_FAILED') {
                 await this.logout();
                 throw new Error('Wallet connection lost. Please reconnect.');
@@ -22075,7 +22329,58 @@ class SolanaMobileWalletProvider {
         }
     }
     async signTransaction(transaction) {
-        var _a, _b;
+        var _a, _b, _c;
+        // Native: fill blockhash/feePayer if missing, then signTransactions
+        // inside a transact() session keyed by the cached auth_token.
+        if (!getPlatform().hasDOM) {
+            if (!this.nativeAuthToken || !this.nativeAddress) {
+                throw new Error('Wallet not connected. Call login() first.');
+            }
+            const connectedPubkey = new web3_js.PublicKey(this.nativeAddress);
+            const isLegacyTransaction = 'recentBlockhash' in transaction && !('message' in transaction && 'staticAccountKeys' in transaction.message);
+            if (isLegacyTransaction) {
+                const legacyTx = transaction;
+                if (!legacyTx.recentBlockhash) {
+                    const conn = new web3_js.Connection(this.getRpcUrl(), 'confirmed');
+                    const { blockhash, lastValidBlockHeight } = await conn.getLatestBlockhash('confirmed');
+                    legacyTx.recentBlockhash = blockhash;
+                    legacyTx.lastValidBlockHeight = lastValidBlockHeight;
+                }
+                if (!legacyTx.feePayer) {
+                    legacyTx.feePayer = connectedPubkey;
+                }
+            }
+            else {
+                const versionedTx = transaction;
+                if (!versionedTx.message.recentBlockhash) {
+                    const conn = new web3_js.Connection(this.getRpcUrl(), 'confirmed');
+                    const { blockhash } = await conn.getLatestBlockhash('confirmed');
+                    versionedTx.message.recentBlockhash = blockhash;
+                }
+            }
+            const transact = await this.loadTransact();
+            const authToken = this.nativeAuthToken;
+            try {
+                const signed = await transact(async (wallet) => {
+                    await wallet.reauthorize({ auth_token: authToken, identity: this.appIdentity });
+                    const results = await wallet.signTransactions({ transactions: [transaction] });
+                    if (!results || results.length === 0)
+                        throw new Error('MWA returned no signed transaction');
+                    return results[0];
+                });
+                return signed;
+            }
+            catch (error) {
+                if (this.isNativeUserCancel(error)) {
+                    throw new Error('User declined to sign');
+                }
+                if ((error === null || error === void 0 ? void 0 : error.code) === 'ERROR_AUTHORIZATION_FAILED' || (error === null || error === void 0 ? void 0 : error.code) === 'ERROR_REAUTHORIZE') {
+                    await this.logout();
+                    throw new Error('Wallet connection lost. Please reconnect.');
+                }
+                throw new Error(`Failed to sign transaction: ${(_a = error === null || error === void 0 ? void 0 : error.message) !== null && _a !== void 0 ? _a : error}`);
+            }
+        }
         const account = await this.ensureAuthorized();
         const connectedPubkey = new web3_js.PublicKey(account.publicKey);
         const wallet = await this.ensureWallet();
@@ -22106,15 +22411,14 @@ class SolanaMobileWalletProvider {
         try {
             const signTxFeat = getSignTransactionFeature(wallet);
             const wireBytes = txToWireBytes(transaction);
-            const results = await signTxFeat.signTransaction({ account, transaction: wireBytes, chain });
-            if (!results || results.length === 0) {
-                throw new Error('MWA returned no signed transaction');
-            }
-            const { signedTransaction: signedBytes } = results[0];
+            // signTransaction navigates to `solana-wallet:`; only show the
+            // gesture modal if the tap activation has decayed (see runTransaction).
+            const signResult = await signWithFreshActivation(this.config.theme, () => signTxFeat.signTransaction({ account, transaction: wireBytes, chain }), 'MWA returned no signed transaction');
+            const { signedTransaction: signedBytes } = signResult;
             return txFromWireBytes(new Uint8Array(signedBytes));
         }
         catch (error) {
-            if (((_a = error === null || error === void 0 ? void 0 : error.message) === null || _a === void 0 ? void 0 : _a.includes('not connected')) || ((_b = error === null || error === void 0 ? void 0 : error.message) === null || _b === void 0 ? void 0 : _b.includes('not authorized')) ||
+            if (((_b = error === null || error === void 0 ? void 0 : error.message) === null || _b === void 0 ? void 0 : _b.includes('not connected')) || ((_c = error === null || error === void 0 ? void 0 : error.message) === null || _c === void 0 ? void 0 : _c.includes('not authorized')) ||
                 (error === null || error === void 0 ? void 0 : error.code) === 'ERROR_AUTHORIZATION_FAILED') {
                 await this.logout();
                 throw new Error('Wallet connection lost. Please reconnect.');
@@ -22123,7 +22427,70 @@ class SolanaMobileWalletProvider {
         }
     }
     async signAndSubmitTransaction(transaction, feePayer) {
-        var _a, _b, _c, _d, _e, _f;
+        var _a, _b, _c, _d, _e, _f, _g;
+        // Native: signAndSendTransactions inside a transact() session.
+        // The wallet submits to its own RPC; we then await confirmation on
+        // ours. Surfnet (custom RPC) needs manual submission because the
+        // wallet won't route there — we fall back to sign-only + manual send.
+        if (!getPlatform().hasDOM) {
+            if (!this.nativeAuthToken || !this.nativeAddress) {
+                throw new Error('Wallet not connected. Call login() first.');
+            }
+            const connectedPubkey = new web3_js.PublicKey(this.nativeAddress);
+            const rpcUrl = this.getRpcUrl();
+            const connection = new web3_js.Connection(rpcUrl, 'confirmed');
+            const isSurfnet = rpcUrl === SURFNET_RPC_URL$2;
+            const { blockhash, lastValidBlockHeight } = await connection.getLatestBlockhash('confirmed');
+            const isLegacyTransaction = 'recentBlockhash' in transaction && !('message' in transaction && 'staticAccountKeys' in transaction.message);
+            if (isLegacyTransaction) {
+                const legacyTx = transaction;
+                legacyTx.recentBlockhash = blockhash;
+                legacyTx.lastValidBlockHeight = lastValidBlockHeight;
+                if (!legacyTx.feePayer)
+                    legacyTx.feePayer = feePayer !== null && feePayer !== void 0 ? feePayer : connectedPubkey;
+            }
+            else {
+                const versionedTx = transaction;
+                versionedTx.message.recentBlockhash = blockhash;
+            }
+            const transact = await this.loadTransact();
+            const authToken = this.nativeAuthToken;
+            try {
+                if (isSurfnet) {
+                    // Surfnet: sign only, submit manually to Surfnet RPC
+                    // (the wallet would route signAndSend to its own RPC).
+                    const signed = await transact(async (wallet) => {
+                        await wallet.reauthorize({ auth_token: authToken, identity: this.appIdentity });
+                        const results = await wallet.signTransactions({ transactions: [transaction] });
+                        if (!results || results.length === 0)
+                            throw new Error('MWA returned no signed transaction');
+                        return results[0];
+                    });
+                    const sig = await connection.sendRawTransaction(signed.serialize(), { preflightCommitment: 'confirmed' });
+                    await confirmAndCheckTransaction(connection, sig);
+                    return sig;
+                }
+                const sig = await transact(async (wallet) => {
+                    await wallet.reauthorize({ auth_token: authToken, identity: this.appIdentity });
+                    const results = await wallet.signAndSendTransactions({ transactions: [transaction] });
+                    if (!results || results.length === 0)
+                        throw new Error('MWA returned no signature');
+                    return results[0];
+                });
+                await confirmAndCheckTransaction(connection, sig);
+                return sig;
+            }
+            catch (error) {
+                if (this.isNativeUserCancel(error)) {
+                    throw new Error('User declined to sign');
+                }
+                if ((error === null || error === void 0 ? void 0 : error.code) === 'ERROR_AUTHORIZATION_FAILED' || (error === null || error === void 0 ? void 0 : error.code) === 'ERROR_REAUTHORIZE') {
+                    await this.logout();
+                    throw new Error('Wallet connection lost. Please reconnect.');
+                }
+                throw new Error(`Failed to sign+submit transaction: ${(_a = error === null || error === void 0 ? void 0 : error.message) !== null && _a !== void 0 ? _a : error}`);
+            }
+        }
         const account = await this.ensureAuthorized();
         const connectedPubkey = new web3_js.PublicKey(account.publicKey);
         const wallet = await this.ensureWallet();
@@ -22153,11 +22520,9 @@ class SolanaMobileWalletProvider {
                 // because the wallet would submit to its own RPC.
                 const signTxFeat = getSignTransactionFeature(wallet);
                 const wireBytes = txToWireBytes(transaction);
-                const results = await signTxFeat.signTransaction({ account, transaction: wireBytes, chain });
-                if (!results || results.length === 0) {
-                    throw new Error('MWA returned no signed transaction');
-                }
-                const { signedTransaction: signedBytes } = results[0];
+                // Gesture modal only if activation decayed (see runTransaction).
+                const signResult = await signWithFreshActivation(this.config.theme, () => signTxFeat.signTransaction({ account, transaction: wireBytes, chain }), 'MWA returned no signed transaction');
+                const { signedTransaction: signedBytes } = signResult;
                 const signedTx = txFromWireBytes(new Uint8Array(signedBytes));
                 const signature = await connection.sendRawTransaction(signedTx.serialize(), {
                     preflightCommitment: 'confirmed',
@@ -22173,33 +22538,31 @@ class SolanaMobileWalletProvider {
                 return signature;
             }
             // Non-Surfnet: wallet signs and submits to its own RPC.
+            // Gesture modal only if activation decayed (see runTransaction).
             const signSendFeat = getSignAndSendTransactionFeature(wallet);
             const wireBytes = txToWireBytes(transaction);
-            const results = await signSendFeat.signAndSendTransaction({
+            const sendResult = await signWithFreshActivation(this.config.theme, () => signSendFeat.signAndSendTransaction({
                 account,
                 transaction: wireBytes,
                 chain,
                 options: { commitment: 'confirmed' },
-            });
-            if (!results || results.length === 0) {
-                throw new Error('MWA returned no signature');
-            }
-            const { signature: sigBytes } = results[0];
+            }));
+            const { signature: sigBytes } = sendResult;
             const signature = base58.encode(sigBytes);
             await confirmAndCheckTransaction(connection, signature);
             return signature;
         }
         catch (error) {
-            if (((_a = error === null || error === void 0 ? void 0 : error.message) === null || _a === void 0 ? void 0 : _a.includes('not connected')) || ((_b = error === null || error === void 0 ? void 0 : error.message) === null || _b === void 0 ? void 0 : _b.includes('not authorized')) ||
+            if (((_b = error === null || error === void 0 ? void 0 : error.message) === null || _b === void 0 ? void 0 : _b.includes('not connected')) || ((_c = error === null || error === void 0 ? void 0 : error.message) === null || _c === void 0 ? void 0 : _c.includes('not authorized')) ||
                 (error === null || error === void 0 ? void 0 : error.code) === 'ERROR_AUTHORIZATION_FAILED') {
                 await this.logout();
                 throw new Error('Wallet connection lost. Please reconnect.');
             }
             const isUserRejection = (error === null || error === void 0 ? void 0 : error.code) === 4001 ||
-                ((_c = error === null || error === void 0 ? void 0 : error.message) === null || _c === void 0 ? void 0 : _c.toLowerCase().includes('user rejected')) ||
-                ((_d = error === null || error === void 0 ? void 0 : error.message) === null || _d === void 0 ? void 0 : _d.toLowerCase().includes('user denied')) ||
-                ((_e = error === null || error === void 0 ? void 0 : error.message) === null || _e === void 0 ? void 0 : _e.toLowerCase().includes('user cancelled')) ||
-                ((_f = error === null || error === void 0 ? void 0 : error.message) === null || _f === void 0 ? void 0 : _f.toLowerCase().includes('user canceled'));
+                ((_d = error === null || error === void 0 ? void 0 : error.message) === null || _d === void 0 ? void 0 : _d.toLowerCase().includes('user rejected')) ||
+                ((_e = error === null || error === void 0 ? void 0 : error.message) === null || _e === void 0 ? void 0 : _e.toLowerCase().includes('user denied')) ||
+                ((_f = error === null || error === void 0 ? void 0 : error.message) === null || _f === void 0 ? void 0 : _f.toLowerCase().includes('user cancelled')) ||
+                ((_g = error === null || error === void 0 ? void 0 : error.message) === null || _g === void 0 ? void 0 : _g.toLowerCase().includes('user canceled'));
             if (!isUserRejection) {
                 console.error('[SolanaMobileWallet] Transaction failed:', error);
             }
@@ -22264,11 +22627,13 @@ class SolanaMobileWalletProvider {
             if ((options === null || options === void 0 ? void 0 : options.shouldSubmitTx) === false) {
                 const signTxFeat = getSignTransactionFeature(wallet);
                 const wireBytes = txToWireBytes(tx);
-                const results = await signTxFeat.signTransaction({ account, transaction: wireBytes, chain });
-                if (!results || results.length === 0) {
+                // signTransaction also navigates to `solana-wallet:`; only
+                // surface the gesture modal if the tap activation has decayed.
+                const signOnlyResult = await signWithFreshActivation(this.config.theme, () => signTxFeat.signTransaction({ account, transaction: wireBytes, chain }), 'MWA returned no signed transaction');
+                if (!signOnlyResult) {
                     throw new Error('MWA returned no signed transaction');
                 }
-                const { signedTransaction: signedBytes } = results[0];
+                const { signedTransaction: signedBytes } = signOnlyResult;
                 const signedTx = txFromWireBytes(new Uint8Array(signedBytes));
                 return {
                     signedTransaction: signedTx,
@@ -22281,11 +22646,13 @@ class SolanaMobileWalletProvider {
                 // Surfnet: sign locally via wallet-standard, submit manually.
                 const signTxFeat = getSignTransactionFeature(wallet);
                 const wireBytes = txToWireBytes(tx);
-                const results = await signTxFeat.signTransaction({ account, transaction: wireBytes, chain });
-                if (!results || results.length === 0) {
+                // signTransaction also navigates to `solana-wallet:`; only
+                // surface the gesture modal if the tap activation has decayed.
+                const surfnetResult = await signWithFreshActivation(this.config.theme, () => signTxFeat.signTransaction({ account, transaction: wireBytes, chain }), 'MWA returned no signed transaction');
+                if (!surfnetResult) {
                     throw new Error('MWA returned no signed transaction');
                 }
-                const { signedTransaction: signedBytes } = results[0];
+                const { signedTransaction: signedBytes } = surfnetResult;
                 const signedTx = txFromWireBytes(new Uint8Array(signedBytes));
                 const { blockhash, lastValidBlockHeight } = await connection.getLatestBlockhash('confirmed');
                 const signature = await connection.sendRawTransaction(signedTx.serialize(), {
@@ -22311,18 +22678,24 @@ class SolanaMobileWalletProvider {
                 };
             }
             // Non-Surfnet: wallet signs and submits to its own RPC.
+            // signAndSendTransaction dispatches a `solana-wallet:` navigation
+            // that Chrome blocks without transient user activation. Fast txs
+            // still hold the tap activation and navigate directly; slow ones
+            // (e.g. a swap whose server build exceeds Chrome's ~5s window)
+            // have lost it, so signWithFreshActivation shows the "Sign in"
+            // modal to mint a fresh activation — no modal when not needed.
             const signSendFeat = getSignAndSendTransactionFeature(wallet);
             const wireBytes = txToWireBytes(tx);
-            const results = await signSendFeat.signAndSendTransaction({
+            const sendResult = await signWithFreshActivation(this.config.theme, () => signSendFeat.signAndSendTransaction({
                 account,
                 transaction: wireBytes,
                 chain,
                 options: { commitment: 'confirmed' },
-            });
-            if (!results || results.length === 0) {
+            }));
+            if (!sendResult) {
                 throw new Error('MWA returned no signature');
             }
-            const { signature: sigBytes } = results[0];
+            const { signature: sigBytes } = sendResult;
             const signature = base58.encode(sigBytes);
             const txInfo = await confirmAndCheckTransaction(connection, signature);
             return {
@@ -22766,6 +23139,7 @@ exports.bufferExports = bufferExports;
 exports.buildSetDocumentsTransaction = buildSetDocumentsTransaction;
 exports.clearCache = clearCache;
 exports.closeAllSubscriptions = closeAllSubscriptions;
+exports.commonjsRequire = commonjsRequire;
 exports.convertRemainingAccounts = convertRemainingAccounts;
 exports.count = count;
 exports.createSessionWithPrivy = createSessionWithPrivy;
@@ -22793,6 +23167,7 @@ exports.onAuthStateChanged = onAuthStateChanged;
 exports.reconnectWithNewAuth = reconnectWithNewAuth;
 exports.refreshSession = refreshSession;
 exports.registerMobileWalletAdapter = registerMobileWalletAdapter;
+exports.require$$0 = require$$0;
 exports.runExpression = runExpression;
 exports.runExpressionMany = runExpressionMany;
 exports.runQuery = runQuery;
@@ -22807,4 +23182,4 @@ exports.signSessionCreateMessage = signSessionCreateMessage;
 exports.signTransaction = signTransaction;
 exports.subscribe = subscribe;
 exports.useAuth = useAuth;
-//# sourceMappingURL=index-hEc5_KoM.js.map
+//# sourceMappingURL=index-Lm0k5Hwv.js.map