@pooflabs/web 0.0.86 → 0.0.88

package/dist/{index-BQUfNEiY.esm.js → index-CJRFnq6O.esm.js}

@@ -4,6 +4,21 @@ import * as anchor from '@coral-xyz/anchor';
 import { Program } from '@coral-xyz/anchor';
 import * as React$2 from 'react';
 
+function _mergeNamespaces(n, m) {
+	m.forEach(function (e) {
+		e && typeof e !== 'string' && !Array.isArray(e) && Object.keys(e).forEach(function (k) {
+			if (k !== 'default' && !(k in n)) {
+				var d = Object.getOwnPropertyDescriptor(e, k);
+				Object.defineProperty(n, k, d.get ? d : {
+					enumerable: true,
+					get: function () { return e[k]; }
+				});
+			}
+		});
+	});
+	return Object.freeze(n);
+}
+
 function getDefaultExportFromCjs$1 (x) {
 	return x && x.__esModule && Object.prototype.hasOwnProperty.call(x, 'default') ? x['default'] : x;
 }
@@ -6749,28 +6764,6 @@ class WebSessionManager {
     static async storeSession(address, accessToken, idToken, refreshToken) {
         if (typeof window === "undefined")
             return;
-        // JWT-wallet binding: refuse to store a session whose idToken is bound
-        // to a different wallet than `address`. Prevents races that would otherwise
-        // leave localStorage with mismatched address/token state.
-        try {
-            const payloadB64 = idToken.split(".")[1];
-            if (payloadB64) {
-                const payload = JSON.parse(this.decodeBase64Url(payloadB64));
-                const tokenWallet = payload["custom:walletAddress"];
-                if (tokenWallet && tokenWallet !== address) {
-                    throw new Error(`[WebSessionManager] Refusing to store session: address (${address}) does not match idToken custom:walletAddress (${tokenWallet})`);
-                }
-                if (!tokenWallet) {
-                    console.warn("[WebSessionManager] storeSession: idToken has no custom:walletAddress claim — writing without validation");
-                }
-            }
-        }
-        catch (err) {
-            if (typeof (err === null || err === void 0 ? void 0 : err.message) === "string" && err.message.includes("Refusing to store session")) {
-                throw err;
-            }
-            console.warn("[WebSessionManager] storeSession: failed to decode idToken for validation:", err);
-        }
         const config = await getConfig();
         const currentAppId = config.appId;
         localStorage.setItem(this.TAROBASE_SESSION_STORAGE_KEY, JSON.stringify({
@@ -9469,11 +9462,11 @@ function requireSrc$1 () {
 }
 
 var bs58$1;
-var hasRequiredBs58;
+var hasRequiredBs58$1;
 
-function requireBs58 () {
-	if (hasRequiredBs58) return bs58$1;
-	hasRequiredBs58 = 1;
+function requireBs58$1 () {
+	if (hasRequiredBs58$1) return bs58$1;
+	hasRequiredBs58$1 = 1;
 	var basex = requireSrc$1();
 	var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
 
@@ -9481,8 +9474,8 @@ function requireBs58 () {
 	return bs58$1;
 }
 
-var bs58Exports = requireBs58();
-var bs58 = /*@__PURE__*/getDefaultExportFromCjs(bs58Exports);
+var bs58Exports$1 = requireBs58$1();
+var bs58$2 = /*@__PURE__*/getDefaultExportFromCjs(bs58Exports$1);
 
 // ─────────────────────────────────────────────────────────────
 // Local implementation of getSimulationComputeUnits
@@ -9744,7 +9737,7 @@ function loadKeypairFromEnv() {
     try {
         const secretKey = secret.trim().startsWith("[")
             ? Uint8Array.from(JSON.parse(secret))
-            : bs58.decode(secret.trim());
+            : bs58$2.decode(secret.trim());
         return Keypair.fromSecretKey(secretKey);
     }
     catch (err) {
@@ -11689,28 +11682,6 @@ class ReactNativeSessionManager {
     /* STORE                                                              */
     /* ------------------------------------------------------------------ */
     static async storeSession(address, accessToken, idToken, refreshToken) {
-        // JWT-wallet binding: refuse to store a session whose idToken is bound
-        // to a different wallet than `address`. Prevents races that would otherwise
-        // leave storage with mismatched address/token state.
-        try {
-            const payloadB64 = idToken.split(".")[1];
-            if (payloadB64) {
-                const payload = JSON.parse(this.decodeBase64Url(payloadB64));
-                const tokenWallet = payload["custom:walletAddress"];
-                if (tokenWallet && tokenWallet !== address) {
-                    throw new Error(`[ReactNativeSessionManager] Refusing to store session: address (${address}) does not match idToken custom:walletAddress (${tokenWallet})`);
-                }
-                if (!tokenWallet) {
-                    console.warn("[ReactNativeSessionManager] storeSession: idToken has no custom:walletAddress claim — writing without validation");
-                }
-            }
-        }
-        catch (err) {
-            if (typeof (err === null || err === void 0 ? void 0 : err.message) === "string" && err.message.includes("Refusing to store session")) {
-                throw err;
-            }
-            console.warn("[ReactNativeSessionManager] storeSession: failed to decode idToken for validation:", err);
-        }
         const config = await getConfig();
         const currentAppId = config.appId;
         this.getStorage().setItem(this.TAROBASE_SESSION_STORAGE_KEY, JSON.stringify({
@@ -15709,7 +15680,7 @@ async function loadDependencies() {
         const [reactModule, reactDomModule, phantomModule] = await Promise.all([
             import('react'),
             import('react-dom/client'),
-            import('./index-Cfp30Jm_.esm.js')
+            import('./index-BfsQaxom.esm.js')
         ]);
         // Extract default export from ESM module namespace
         // Dynamic import() returns { default: Module, ...exports }, not the module directly
@@ -20367,16 +20338,26 @@ function requireSrc () {
 	return src;
 }
 
-var srcExports = requireSrc();
-var basex = /*@__PURE__*/getDefaultExportFromCjs$1(srcExports);
+var bs58;
+var hasRequiredBs58;
 
-var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
-var base58 = basex(ALPHABET);
+function requireBs58 () {
+	if (hasRequiredBs58) return bs58;
+	hasRequiredBs58 = 1;
+	var basex = requireSrc();
+	var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
+
+	bs58 = basex(ALPHABET);
+	return bs58;
+}
+
+var bs58Exports = requireBs58();
+var base58 = /*@__PURE__*/getDefaultExportFromCjs$1(bs58Exports);
 
-var index = /*#__PURE__*/Object.freeze({
+var index = /*#__PURE__*/_mergeNamespaces({
 	__proto__: null,
 	default: base58
-});
+}, [bs58Exports]);
 
 const SURFNET_RPC_URL$1 = "https://surfpool.fly.dev";
 let React;
@@ -21265,6 +21246,14 @@ var privyWalletProvider = /*#__PURE__*/Object.freeze({
 	PrivyWalletProvider: PrivyWalletProvider
 });
 
+/**
+ * Storage key for persisting the MWA auth_token across cold starts.
+ * Holds JSON `{ token: string, address: string }`. Cleared by
+ * `logout()`. Hydrated by the constructor on native so cold-start
+ * doesn't force the user back into Phantom's approval flow when the
+ * underlying wallet authorization is still valid.
+ */
+const MWA_AUTH_TOKEN_STORAGE_KEY = 'tarobase_mwa_auth_token';
 /**
  * Detects whether the current environment is a mobile browser capable of
  * Mobile Wallet Adapter (MWA) communication.
@@ -21392,13 +21381,13 @@ async function withMwaAssociationRetry(fn) {
  * next tap is a new activation (a real retry). A timer-based retry would
  * just hit the same Chrome block. Cap at 3 attempts before giving up.
  */
-async function awaitSignInGestureAndSign(theme, signFn) {
+async function awaitSignInGestureAndSign(theme, signFn, noResultError = 'MWA returned no signature') {
     if (typeof document === 'undefined' || typeof window === 'undefined') {
         // SSR / non-browser: skip the gesture, just call (the activation
         // model doesn't apply outside the browser).
         const results = await signFn();
         if (!results || results.length === 0)
-            throw new Error('MWA returned no signature');
+            throw new Error(noResultError);
         return results[0];
     }
     return new Promise((resolve, reject) => {
@@ -21590,7 +21579,7 @@ async function awaitSignInGestureAndSign(theme, signFn) {
             // launchAssociation(). Do not `await` before calling.
             signFn().then((results) => {
                 if (!results || results.length === 0) {
-                    finishReject(new Error('MWA returned no signature'));
+                    finishReject(new Error(noResultError));
                     return;
                 }
                 finishResolve(results[0]);
@@ -21618,6 +21607,31 @@ async function awaitSignInGestureAndSign(theme, signFn) {
         });
     });
 }
+/**
+ * Sign through the gesture modal ONLY when transient user activation has
+ * already decayed. Fast transactions still hold the activation from the
+ * user's tap, so the `solana-wallet:` navigation succeeds directly with no
+ * modal (preserves prior UX — no extra tap). Slow transactions — e.g. a swap
+ * whose server-side build exceeds Chrome's ~5s activation window — have lost
+ * it, so we fall back to awaitSignInGestureAndSign to mint a fresh activation
+ * via a "Sign in" tap. Returns the first result (same shape as the bare
+ * wallet-standard feature call and as awaitSignInGestureAndSign).
+ */
+async function signWithFreshActivation(theme, signFn, noResultError = 'MWA returned no signature') {
+    var _a;
+    const activationLive = typeof navigator !== 'undefined' &&
+        ((_a = navigator.userActivation) === null || _a === void 0 ? void 0 : _a.isActive) === true;
+    if (activationLive) {
+        // Live gesture: invoke synchronously (no await before signFn) so the
+        // activation propagates to the protocol's location.assign navigation.
+        const results = await signFn();
+        if (!results || results.length === 0)
+            throw new Error(noResultError);
+        return results[0];
+    }
+    // Activation gone: surface the modal so the user's tap mints a fresh one.
+    return awaitSignInGestureAndSign(theme, signFn, noResultError);
+}
 /**
  * Normalize a chain string to a wallet-standard Solana chain identifier.
  *
@@ -21759,7 +21773,7 @@ async function registerMobileWalletAdapter(config) {
     if (typeof window === 'undefined')
         return;
     try {
-        const walletStandardMobile = await import('./index.browser-C9gHoUen.esm.js');
+        const walletStandardMobile = await import('./index.browser-CMijwVwX.esm.js');
         const registerMwa = walletStandardMobile.registerMwa || ((_a = walletStandardMobile.default) === null || _a === void 0 ? void 0 : _a.registerMwa);
         if (!registerMwa) {
             console.warn('[SolanaMobileWallet] registerMwa not found in @solana-mobile/wallet-standard-mobile');
@@ -21826,19 +21840,66 @@ class SolanaMobileWalletProvider {
     constructor(networkUrl = null, config = {}) {
         /** LocalSolanaMobileWalletAdapterWallet, lazy-constructed in ensureWallet(). */
         this.wallet = null;
+        /**
+         * Cached MWA auth_token returned by `wallet.authorize()`. Reused by
+         * subsequent native transact() calls (signMessage / signTransaction)
+         * so the user doesn't get the wallet-pick popup on every operation.
+         * Persisted to platform storage and hydrated by the constructor on
+         * native; cleared by logout() and on `ERROR_REAUTHORIZE`.
+         */
+        this.nativeAuthToken = null;
+        /** Cached public key string for the connected MWA wallet (native). */
+        this.nativeAddress = null;
         this.networkUrl = networkUrl;
         this.config = config;
-        if (typeof window === 'undefined') {
+        // Allow construction in true React Native environments: getPlatform().hasDOM
+        // is false there even though `typeof window === 'object'` (RN exposes a
+        // partial window global). Web/PWA paths still keep their original guard:
+        // they need real window+document for wallet-standard-mobile's deep-link
+        // mechanism, so missing-window in those builds remains a fail-fast.
+        const hasDOM = getPlatform().hasDOM;
+        if (!hasDOM && typeof window === 'undefined') {
+            throw new Error('SolanaMobileWalletProvider can only be instantiated in a browser or React Native environment');
+        }
+        if (hasDOM && typeof window === 'undefined') {
             throw new Error('SolanaMobileWalletProvider can only be instantiated in a browser environment');
         }
         if (SolanaMobileWalletProvider.instance) {
             return SolanaMobileWalletProvider.instance;
         }
+        // `appIdentity.uri` is what Phantom Android (and other MWA wallets)
+        // display in their approval modal. On web/PWA this is the page
+        // origin; on native there's no `window.location`, so fall back to
+        // a stable identifier the user can recognize. Apps can override
+        // entirely via `config.appIdentity.uri`.
+        const fallbackUri = hasDOM
+            ? getPlatform().getLocationOrigin()
+            : 'tarobase://app';
         this.appIdentity = config.appIdentity || {
             name: 'TaroBase App',
-            uri: getPlatform().getLocationOrigin(),
+            uri: fallbackUri,
         };
         this.cluster = config.cluster || 'mainnet-beta';
+        // Hydrate cached MWA auth_token from storage on native so we can
+        // skip the wallet-pick popup after a cold-start when the underlying
+        // wallet authorization is still valid. Sync storage call per the
+        // PlatformAdapter contract; safe to swallow read errors (a fresh
+        // login() just re-authorizes).
+        if (!hasDOM) {
+            try {
+                const raw = getPlatform().storage.getItem(MWA_AUTH_TOKEN_STORAGE_KEY);
+                if (raw) {
+                    const parsed = JSON.parse(raw);
+                    if (typeof parsed.token === 'string' && typeof parsed.address === 'string') {
+                        this.nativeAuthToken = parsed.token;
+                        this.nativeAddress = parsed.address;
+                    }
+                }
+            }
+            catch (_a) {
+                // Corrupt or unreadable cache — ignore. login() will re-auth.
+            }
+        }
         SolanaMobileWalletProvider.instance = this;
     }
     static getInstance(networkUrl, config) {
@@ -21851,7 +21912,7 @@ class SolanaMobileWalletProvider {
     async ensureWallet() {
         if (this.wallet)
             return this.wallet;
-        const mod = await import('./index.browser-C9gHoUen.esm.js');
+        const mod = await import('./index.browser-CMijwVwX.esm.js');
         const chain = mapChainToWalletStandard(this.cluster);
         this.wallet = new mod.LocalSolanaMobileWalletAdapterWallet({
             appIdentity: this.appIdentity,
@@ -21901,6 +21962,134 @@ class SolanaMobileWalletProvider {
     getChain() {
         return mapChainToWalletStandard(this.cluster);
     }
+    /**
+     * Dynamically import and unwrap `transact` from the MWA web3js
+     * package. The package is externalized in rollup.config.js so this
+     * resolves to `lib/cjs/index.native.js` (TurboModule-backed) on
+     * Metro and `lib/esm/index.browser.js` (WebSocket) on webpack/vite
+     * per their respective platform conditions. Handles Metro's CJS-to-
+     * ESM interop variance (`mod.transact` vs `mod.default?.transact`).
+     */
+    async loadTransact() {
+        var _a;
+        const mod = await import('@solana-mobile/mobile-wallet-adapter-protocol-web3js');
+        const t = mod.transact || ((_a = mod.default) === null || _a === void 0 ? void 0 : _a.transact);
+        if (typeof t !== 'function') {
+            throw new Error('MWA transact API not available on this platform');
+        }
+        return t;
+    }
+    /**
+     * Cache and persist a fresh MWA auth_token + address. Called from
+     * `_loginNative` after a successful authorize. Storage failures are
+     * non-fatal (next cold-start re-auths).
+     */
+    persistNativeAuth(token, address) {
+        this.nativeAuthToken = token;
+        this.nativeAddress = address;
+        try {
+            getPlatform().storage.setItem(MWA_AUTH_TOKEN_STORAGE_KEY, JSON.stringify({ token, address }));
+        }
+        catch (_a) {
+            // non-fatal — token still in-memory for this process
+        }
+    }
+    /** Clear cached + persisted native auth state. */
+    clearNativeAuth() {
+        this.nativeAuthToken = null;
+        this.nativeAddress = null;
+        try {
+            getPlatform().storage.removeItem(MWA_AUTH_TOKEN_STORAGE_KEY);
+        }
+        catch (_a) {
+            // ignore
+        }
+    }
+    /**
+     * Classify an MWA-native error as a user cancellation. User-cancel
+     * shouldn't surface as a red console.error; callers can swallow or
+     * show a softer message. MWA spec codes plus the same substring
+     * checks the web path uses to catch wallet-specific phrasing.
+     */
+    isNativeUserCancel(err) {
+        var _a;
+        if (!err)
+            return false;
+        const code = err.code;
+        if (code === 'ERROR_NOT_SIGNED')
+            return true;
+        const msg = String((_a = err.message) !== null && _a !== void 0 ? _a : '').toLowerCase();
+        return /user (rejected|denied|cancelled|canceled|declined)/.test(msg);
+    }
+    /**
+     * Native MWA login via @solana-mobile/mobile-wallet-adapter-protocol-web3js.
+     * Used in true React Native (Expo) environments where wallet-standard-mobile's
+     * web universal-link path doesn't apply. Does authorize + signMessage in a
+     * single transact() roundtrip — intent-based MWA doesn't need the two-popup
+     * dance the web path uses (no Chrome activation-loss concern). Persists the
+     * resulting auth_token so cold-start can reauthorize without a fresh popup.
+     */
+    async _loginNative() {
+        const transact = await this.loadTransact();
+        const existingSession = await WebSessionManager.getSession();
+        const nonce = await genAuthNonce();
+        const result = await transact(async (wallet) => {
+            const auth = await wallet.authorize({
+                chain: this.getChain(),
+                identity: this.appIdentity,
+            });
+            if (!auth.accounts || auth.accounts.length === 0) {
+                throw new Error('MWA returned no accounts');
+            }
+            const account = auth.accounts[0];
+            // account.address is base64-encoded per MWA spec; convert to
+            // the base58 form Tarobase + the rest of the SDK use.
+            const base58Addr = new PublicKey(bufferExports.Buffer.from(account.address, 'base64')).toBase58();
+            // Reuse session if already valid for this address — skip the
+            // signMessages roundtrip entirely.
+            if (existingSession && existingSession.address === base58Addr) {
+                return {
+                    base58Addr,
+                    authToken: auth.auth_token,
+                    signatureBase64: null,
+                };
+            }
+            const messageText = await genSolanaMessage(base58Addr, nonce);
+            const messageBytes = getPlatform().textEncode(messageText);
+            const signatures = await wallet.signMessages({
+                addresses: [account.address],
+                payloads: [messageBytes],
+            });
+            if (!signatures || signatures.length === 0) {
+                throw new Error('MWA returned no signature');
+            }
+            // Per spec, signMessages returns Uint8Array[] of signatures
+            // (one per payload), not message+signature concatenations.
+            const signatureBase64 = bufferExports.Buffer.from(signatures[0]).toString('base64');
+            return {
+                base58Addr,
+                authToken: auth.auth_token,
+                signatureBase64,
+                messageText,
+            };
+        });
+        this.persistNativeAuth(result.authToken, result.base58Addr);
+        // Existing valid session — short-circuit before re-creating server-side.
+        if (existingSession && existingSession.address === result.base58Addr) {
+            const user = { provider: this, address: result.base58Addr };
+            setCurrentUser(user);
+            return user;
+        }
+        // Create Tarobase session on the server.
+        if (!result.signatureBase64 || !result.messageText) {
+            throw new Error('MWA login completed without signature');
+        }
+        const createSessionResult = await createSessionWithSignature(result.base58Addr, result.messageText, result.signatureBase64);
+        await WebSessionManager.storeSession(result.base58Addr, createSessionResult.accessToken, createSessionResult.idToken, createSessionResult.refreshToken);
+        const user = { provider: this, address: result.base58Addr };
+        setCurrentUser(user);
+        return user;
+    }
     async login() {
         var _a, _b, _c, _d, _e;
         setAuthLoading(true);
@@ -21911,6 +22100,13 @@ class SolanaMobileWalletProvider {
         const prevAuthMethod = readAuthMethod();
         writeAuthMethod(MWA_AUTH_METHOD);
         try {
+            // True React Native: skip the wallet-standard-mobile path (which
+            // requires window.isSecureContext and a real DOM) and use the raw
+            // MWA protocol via Android intents.
+            if (!getPlatform().hasDOM) {
+                const user = await this._loginNative();
+                return user;
+            }
             const wallet = await this.ensureWallet();
             // Quick-check: wallet may already have authorization (e.g. from a
             // previous in-page login) and a matching Tarobase session — skip
@@ -22012,6 +22208,29 @@ class SolanaMobileWalletProvider {
         return null;
     }
     async logout() {
+        if (!getPlatform().hasDOM) {
+            // Native path: deauthorize the cached MWA auth_token if we have
+            // one (failures non-fatal — the wallet app may have been
+            // uninstalled or the token already revoked), then clear local
+            // and persisted state.
+            const token = this.nativeAuthToken;
+            if (token) {
+                try {
+                    const transact = await this.loadTransact();
+                    await transact(async (wallet) => {
+                        await wallet.deauthorize({ auth_token: token });
+                    });
+                }
+                catch (error) {
+                    console.warn('[SolanaMobileWallet] Native deauthorize error:', error);
+                }
+            }
+            this.clearNativeAuth();
+            WebSessionManager.clearSession();
+            writeAuthMethod(null);
+            setCurrentUser(null);
+            return;
+        }
         try {
             const wallet = await this.ensureWallet();
             const disconnectFeat = getDisconnectFeature(wallet);
@@ -22031,7 +22250,42 @@ class SolanaMobileWalletProvider {
         setCurrentUser(null);
     }
     async signMessage(message) {
-        var _a, _b;
+        var _a, _b, _c;
+        // Native: reauthorize with cached auth_token, then signMessages inside
+        // the same transact() session. No wallet-pick popup if the auth_token
+        // is still valid for the user's wallet.
+        if (!getPlatform().hasDOM) {
+            if (!this.nativeAuthToken || !this.nativeAddress) {
+                throw new Error('Wallet not connected. Call login() first.');
+            }
+            const transact = await this.loadTransact();
+            const messageBytes = getPlatform().textEncode(message);
+            const addressBase64 = new PublicKey(this.nativeAddress).toBuffer().toString('base64');
+            const authToken = this.nativeAuthToken;
+            try {
+                const signature = await transact(async (wallet) => {
+                    await wallet.reauthorize({ auth_token: authToken, identity: this.appIdentity });
+                    const sigs = await wallet.signMessages({
+                        addresses: [addressBase64],
+                        payloads: [messageBytes],
+                    });
+                    if (!sigs || sigs.length === 0)
+                        throw new Error('MWA returned no signature');
+                    return sigs[0];
+                });
+                return bufferExports.Buffer.from(signature).toString('base64');
+            }
+            catch (error) {
+                if (this.isNativeUserCancel(error)) {
+                    throw new Error('User declined to sign');
+                }
+                if ((error === null || error === void 0 ? void 0 : error.code) === 'ERROR_AUTHORIZATION_FAILED' || (error === null || error === void 0 ? void 0 : error.code) === 'ERROR_REAUTHORIZE') {
+                    await this.logout();
+                    throw new Error('Wallet connection lost. Please reconnect.');
+                }
+                throw new Error(`Failed to sign message: ${(_a = error === null || error === void 0 ? void 0 : error.message) !== null && _a !== void 0 ? _a : error}`);
+            }
+        }
         const account = await this.ensureAuthorized();
         const wallet = await this.ensureWallet();
         try {
@@ -22045,7 +22299,7 @@ class SolanaMobileWalletProvider {
             return bufferExports.Buffer.from(sigBytes).toString('base64');
         }
         catch (error) {
-            if (((_a = error === null || error === void 0 ? void 0 : error.message) === null || _a === void 0 ? void 0 : _a.includes('not connected')) || ((_b = error === null || error === void 0 ? void 0 : error.message) === null || _b === void 0 ? void 0 : _b.includes('not authorized')) ||
+            if (((_b = error === null || error === void 0 ? void 0 : error.message) === null || _b === void 0 ? void 0 : _b.includes('not connected')) || ((_c = error === null || error === void 0 ? void 0 : error.message) === null || _c === void 0 ? void 0 : _c.includes('not authorized')) ||
                 (error === null || error === void 0 ? void 0 : error.code) === 'ERROR_AUTHORIZATION_FAILED') {
                 await this.logout();
                 throw new Error('Wallet connection lost. Please reconnect.');
@@ -22054,7 +22308,58 @@ class SolanaMobileWalletProvider {
         }
     }
     async signTransaction(transaction) {
-        var _a, _b;
+        var _a, _b, _c;
+        // Native: fill blockhash/feePayer if missing, then signTransactions
+        // inside a transact() session keyed by the cached auth_token.
+        if (!getPlatform().hasDOM) {
+            if (!this.nativeAuthToken || !this.nativeAddress) {
+                throw new Error('Wallet not connected. Call login() first.');
+            }
+            const connectedPubkey = new PublicKey(this.nativeAddress);
+            const isLegacyTransaction = 'recentBlockhash' in transaction && !('message' in transaction && 'staticAccountKeys' in transaction.message);
+            if (isLegacyTransaction) {
+                const legacyTx = transaction;
+                if (!legacyTx.recentBlockhash) {
+                    const conn = new Connection(this.getRpcUrl(), 'confirmed');
+                    const { blockhash, lastValidBlockHeight } = await conn.getLatestBlockhash('confirmed');
+                    legacyTx.recentBlockhash = blockhash;
+                    legacyTx.lastValidBlockHeight = lastValidBlockHeight;
+                }
+                if (!legacyTx.feePayer) {
+                    legacyTx.feePayer = connectedPubkey;
+                }
+            }
+            else {
+                const versionedTx = transaction;
+                if (!versionedTx.message.recentBlockhash) {
+                    const conn = new Connection(this.getRpcUrl(), 'confirmed');
+                    const { blockhash } = await conn.getLatestBlockhash('confirmed');
+                    versionedTx.message.recentBlockhash = blockhash;
+                }
+            }
+            const transact = await this.loadTransact();
+            const authToken = this.nativeAuthToken;
+            try {
+                const signed = await transact(async (wallet) => {
+                    await wallet.reauthorize({ auth_token: authToken, identity: this.appIdentity });
+                    const results = await wallet.signTransactions({ transactions: [transaction] });
+                    if (!results || results.length === 0)
+                        throw new Error('MWA returned no signed transaction');
+                    return results[0];
+                });
+                return signed;
+            }
+            catch (error) {
+                if (this.isNativeUserCancel(error)) {
+                    throw new Error('User declined to sign');
+                }
+                if ((error === null || error === void 0 ? void 0 : error.code) === 'ERROR_AUTHORIZATION_FAILED' || (error === null || error === void 0 ? void 0 : error.code) === 'ERROR_REAUTHORIZE') {
+                    await this.logout();
+                    throw new Error('Wallet connection lost. Please reconnect.');
+                }
+                throw new Error(`Failed to sign transaction: ${(_a = error === null || error === void 0 ? void 0 : error.message) !== null && _a !== void 0 ? _a : error}`);
+            }
+        }
         const account = await this.ensureAuthorized();
         const connectedPubkey = new PublicKey(account.publicKey);
         const wallet = await this.ensureWallet();
@@ -22085,15 +22390,14 @@ class SolanaMobileWalletProvider {
         try {
             const signTxFeat = getSignTransactionFeature(wallet);
             const wireBytes = txToWireBytes(transaction);
-            const results = await signTxFeat.signTransaction({ account, transaction: wireBytes, chain });
-            if (!results || results.length === 0) {
-                throw new Error('MWA returned no signed transaction');
-            }
-            const { signedTransaction: signedBytes } = results[0];
+            // signTransaction navigates to `solana-wallet:`; only show the
+            // gesture modal if the tap activation has decayed (see runTransaction).
+            const signResult = await signWithFreshActivation(this.config.theme, () => signTxFeat.signTransaction({ account, transaction: wireBytes, chain }), 'MWA returned no signed transaction');
+            const { signedTransaction: signedBytes } = signResult;
             return txFromWireBytes(new Uint8Array(signedBytes));
         }
         catch (error) {
-            if (((_a = error === null || error === void 0 ? void 0 : error.message) === null || _a === void 0 ? void 0 : _a.includes('not connected')) || ((_b = error === null || error === void 0 ? void 0 : error.message) === null || _b === void 0 ? void 0 : _b.includes('not authorized')) ||
+            if (((_b = error === null || error === void 0 ? void 0 : error.message) === null || _b === void 0 ? void 0 : _b.includes('not connected')) || ((_c = error === null || error === void 0 ? void 0 : error.message) === null || _c === void 0 ? void 0 : _c.includes('not authorized')) ||
                 (error === null || error === void 0 ? void 0 : error.code) === 'ERROR_AUTHORIZATION_FAILED') {
                 await this.logout();
                 throw new Error('Wallet connection lost. Please reconnect.');
@@ -22102,7 +22406,70 @@ class SolanaMobileWalletProvider {
         }
     }
     async signAndSubmitTransaction(transaction, feePayer) {
-        var _a, _b, _c, _d, _e, _f;
+        var _a, _b, _c, _d, _e, _f, _g;
+        // Native: signAndSendTransactions inside a transact() session.
+        // The wallet submits to its own RPC; we then await confirmation on
+        // ours. Surfnet (custom RPC) needs manual submission because the
+        // wallet won't route there — we fall back to sign-only + manual send.
+        if (!getPlatform().hasDOM) {
+            if (!this.nativeAuthToken || !this.nativeAddress) {
+                throw new Error('Wallet not connected. Call login() first.');
+            }
+            const connectedPubkey = new PublicKey(this.nativeAddress);
+            const rpcUrl = this.getRpcUrl();
+            const connection = new Connection(rpcUrl, 'confirmed');
+            const isSurfnet = rpcUrl === SURFNET_RPC_URL$2;
+            const { blockhash, lastValidBlockHeight } = await connection.getLatestBlockhash('confirmed');
+            const isLegacyTransaction = 'recentBlockhash' in transaction && !('message' in transaction && 'staticAccountKeys' in transaction.message);
+            if (isLegacyTransaction) {
+                const legacyTx = transaction;
+                legacyTx.recentBlockhash = blockhash;
+                legacyTx.lastValidBlockHeight = lastValidBlockHeight;
+                if (!legacyTx.feePayer)
+                    legacyTx.feePayer = feePayer !== null && feePayer !== void 0 ? feePayer : connectedPubkey;
+            }
+            else {
+                const versionedTx = transaction;
+                versionedTx.message.recentBlockhash = blockhash;
+            }
+            const transact = await this.loadTransact();
+            const authToken = this.nativeAuthToken;
+            try {
+                if (isSurfnet) {
+                    // Surfnet: sign only, submit manually to Surfnet RPC
+                    // (the wallet would route signAndSend to its own RPC).
+                    const signed = await transact(async (wallet) => {
+                        await wallet.reauthorize({ auth_token: authToken, identity: this.appIdentity });
+                        const results = await wallet.signTransactions({ transactions: [transaction] });
+                        if (!results || results.length === 0)
+                            throw new Error('MWA returned no signed transaction');
+                        return results[0];
+                    });
+                    const sig = await connection.sendRawTransaction(signed.serialize(), { preflightCommitment: 'confirmed' });
+                    await confirmAndCheckTransaction(connection, sig);
+                    return sig;
+                }
+                const sig = await transact(async (wallet) => {
+                    await wallet.reauthorize({ auth_token: authToken, identity: this.appIdentity });
+                    const results = await wallet.signAndSendTransactions({ transactions: [transaction] });
+                    if (!results || results.length === 0)
+                        throw new Error('MWA returned no signature');
+                    return results[0];
+                });
+                await confirmAndCheckTransaction(connection, sig);
+                return sig;
+            }
+            catch (error) {
+                if (this.isNativeUserCancel(error)) {
+                    throw new Error('User declined to sign');
+                }
+                if ((error === null || error === void 0 ? void 0 : error.code) === 'ERROR_AUTHORIZATION_FAILED' || (error === null || error === void 0 ? void 0 : error.code) === 'ERROR_REAUTHORIZE') {
+                    await this.logout();
+                    throw new Error('Wallet connection lost. Please reconnect.');
+                }
+                throw new Error(`Failed to sign+submit transaction: ${(_a = error === null || error === void 0 ? void 0 : error.message) !== null && _a !== void 0 ? _a : error}`);
+            }
+        }
         const account = await this.ensureAuthorized();
         const connectedPubkey = new PublicKey(account.publicKey);
         const wallet = await this.ensureWallet();
@@ -22132,11 +22499,9 @@ class SolanaMobileWalletProvider {
                 // because the wallet would submit to its own RPC.
                 const signTxFeat = getSignTransactionFeature(wallet);
                 const wireBytes = txToWireBytes(transaction);
-                const results = await signTxFeat.signTransaction({ account, transaction: wireBytes, chain });
-                if (!results || results.length === 0) {
-                    throw new Error('MWA returned no signed transaction');
-                }
-                const { signedTransaction: signedBytes } = results[0];
+                // Gesture modal only if activation decayed (see runTransaction).
+                const signResult = await signWithFreshActivation(this.config.theme, () => signTxFeat.signTransaction({ account, transaction: wireBytes, chain }), 'MWA returned no signed transaction');
+                const { signedTransaction: signedBytes } = signResult;
                 const signedTx = txFromWireBytes(new Uint8Array(signedBytes));
                 const signature = await connection.sendRawTransaction(signedTx.serialize(), {
                     preflightCommitment: 'confirmed',
@@ -22152,33 +22517,31 @@ class SolanaMobileWalletProvider {
                 return signature;
             }
             // Non-Surfnet: wallet signs and submits to its own RPC.
+            // Gesture modal only if activation decayed (see runTransaction).
             const signSendFeat = getSignAndSendTransactionFeature(wallet);
             const wireBytes = txToWireBytes(transaction);
-            const results = await signSendFeat.signAndSendTransaction({
+            const sendResult = await signWithFreshActivation(this.config.theme, () => signSendFeat.signAndSendTransaction({
                 account,
                 transaction: wireBytes,
                 chain,
                 options: { commitment: 'confirmed' },
-            });
-            if (!results || results.length === 0) {
-                throw new Error('MWA returned no signature');
-            }
-            const { signature: sigBytes } = results[0];
+            }));
+            const { signature: sigBytes } = sendResult;
             const signature = base58.encode(sigBytes);
             await confirmAndCheckTransaction(connection, signature);
             return signature;
         }
         catch (error) {
-            if (((_a = error === null || error === void 0 ? void 0 : error.message) === null || _a === void 0 ? void 0 : _a.includes('not connected')) || ((_b = error === null || error === void 0 ? void 0 : error.message) === null || _b === void 0 ? void 0 : _b.includes('not authorized')) ||
+            if (((_b = error === null || error === void 0 ? void 0 : error.message) === null || _b === void 0 ? void 0 : _b.includes('not connected')) || ((_c = error === null || error === void 0 ? void 0 : error.message) === null || _c === void 0 ? void 0 : _c.includes('not authorized')) ||
                 (error === null || error === void 0 ? void 0 : error.code) === 'ERROR_AUTHORIZATION_FAILED') {
                 await this.logout();
                 throw new Error('Wallet connection lost. Please reconnect.');
             }
             const isUserRejection = (error === null || error === void 0 ? void 0 : error.code) === 4001 ||
-                ((_c = error === null || error === void 0 ? void 0 : error.message) === null || _c === void 0 ? void 0 : _c.toLowerCase().includes('user rejected')) ||
-                ((_d = error === null || error === void 0 ? void 0 : error.message) === null || _d === void 0 ? void 0 : _d.toLowerCase().includes('user denied')) ||
-                ((_e = error === null || error === void 0 ? void 0 : error.message) === null || _e === void 0 ? void 0 : _e.toLowerCase().includes('user cancelled')) ||
-                ((_f = error === null || error === void 0 ? void 0 : error.message) === null || _f === void 0 ? void 0 : _f.toLowerCase().includes('user canceled'));
+                ((_d = error === null || error === void 0 ? void 0 : error.message) === null || _d === void 0 ? void 0 : _d.toLowerCase().includes('user rejected')) ||
+                ((_e = error === null || error === void 0 ? void 0 : error.message) === null || _e === void 0 ? void 0 : _e.toLowerCase().includes('user denied')) ||
+                ((_f = error === null || error === void 0 ? void 0 : error.message) === null || _f === void 0 ? void 0 : _f.toLowerCase().includes('user cancelled')) ||
+                ((_g = error === null || error === void 0 ? void 0 : error.message) === null || _g === void 0 ? void 0 : _g.toLowerCase().includes('user canceled'));
             if (!isUserRejection) {
                 console.error('[SolanaMobileWallet] Transaction failed:', error);
             }
@@ -22243,11 +22606,13 @@ class SolanaMobileWalletProvider {
             if ((options === null || options === void 0 ? void 0 : options.shouldSubmitTx) === false) {
                 const signTxFeat = getSignTransactionFeature(wallet);
                 const wireBytes = txToWireBytes(tx);
-                const results = await signTxFeat.signTransaction({ account, transaction: wireBytes, chain });
-                if (!results || results.length === 0) {
+                // signTransaction also navigates to `solana-wallet:`; only
+                // surface the gesture modal if the tap activation has decayed.
+                const signOnlyResult = await signWithFreshActivation(this.config.theme, () => signTxFeat.signTransaction({ account, transaction: wireBytes, chain }), 'MWA returned no signed transaction');
+                if (!signOnlyResult) {
                     throw new Error('MWA returned no signed transaction');
                 }
-                const { signedTransaction: signedBytes } = results[0];
+                const { signedTransaction: signedBytes } = signOnlyResult;
                 const signedTx = txFromWireBytes(new Uint8Array(signedBytes));
                 return {
                     signedTransaction: signedTx,
@@ -22260,11 +22625,13 @@ class SolanaMobileWalletProvider {
                 // Surfnet: sign locally via wallet-standard, submit manually.
                 const signTxFeat = getSignTransactionFeature(wallet);
                 const wireBytes = txToWireBytes(tx);
-                const results = await signTxFeat.signTransaction({ account, transaction: wireBytes, chain });
-                if (!results || results.length === 0) {
+                // signTransaction also navigates to `solana-wallet:`; only
+                // surface the gesture modal if the tap activation has decayed.
+                const surfnetResult = await signWithFreshActivation(this.config.theme, () => signTxFeat.signTransaction({ account, transaction: wireBytes, chain }), 'MWA returned no signed transaction');
+                if (!surfnetResult) {
                     throw new Error('MWA returned no signed transaction');
                 }
-                const { signedTransaction: signedBytes } = results[0];
+                const { signedTransaction: signedBytes } = surfnetResult;
                 const signedTx = txFromWireBytes(new Uint8Array(signedBytes));
                 const { blockhash, lastValidBlockHeight } = await connection.getLatestBlockhash('confirmed');
                 const signature = await connection.sendRawTransaction(signedTx.serialize(), {
@@ -22290,18 +22657,24 @@ class SolanaMobileWalletProvider {
                 };
             }
             // Non-Surfnet: wallet signs and submits to its own RPC.
+            // signAndSendTransaction dispatches a `solana-wallet:` navigation
+            // that Chrome blocks without transient user activation. Fast txs
+            // still hold the tap activation and navigate directly; slow ones
+            // (e.g. a swap whose server build exceeds Chrome's ~5s window)
+            // have lost it, so signWithFreshActivation shows the "Sign in"
+            // modal to mint a fresh activation — no modal when not needed.
             const signSendFeat = getSignAndSendTransactionFeature(wallet);
             const wireBytes = txToWireBytes(tx);
-            const results = await signSendFeat.signAndSendTransaction({
+            const sendResult = await signWithFreshActivation(this.config.theme, () => signSendFeat.signAndSendTransaction({
                 account,
                 transaction: wireBytes,
                 chain,
                 options: { commitment: 'confirmed' },
-            });
-            if (!results || results.length === 0) {
+            }));
+            if (!sendResult) {
                 throw new Error('MWA returned no signature');
             }
-            const { signature: sigBytes } = results[0];
+            const { signature: sigBytes } = sendResult;
             const signature = base58.encode(sigBytes);
             const txInfo = await confirmAndCheckTransaction(connection, signature);
             return {
@@ -22728,5 +23101,5 @@ class PrivyExpoProvider {
     }
 }
 
-export { getCachedData as $, subscribe as A, useAuth as B, deserializeTransaction as C, getIdToken as D, setPlatform as E, getPlatform as F, PrivyWalletProvider as G, DEFAULT_TEST_ADDRESS as H, isMobileWalletAvailable as I, registerMobileWalletAdapter as J, PrivyExpoProvider as K, InsufficientBalanceError as L, MockAuthProvider as M, ServerSessionManager as N, OffchainAuthProvider as O, PhantomWalletProvider as P, buildSetDocumentsTransaction as Q, ReactNativeSessionManager as R, SolanaMobileWalletProvider as S, clearCache as T, closeAllSubscriptions as U, convertRemainingAccounts as V, WebSessionManager as W, createSessionWithPrivy as X, createSessionWithSignature as Y, genAuthNonce as Z, genSolanaMessage as _, base58 as a, getMany as a0, reconnectWithNewAuth as a1, refreshSession as a2, signSessionCreateMessage as a3, bufferExports as b, getCurrentUser as c, onAuthLoadingChanged as d, getAuthLoading as e, logout as f, getDefaultExportFromCjs$1 as g, getConfig as h, init as i, getAuthProvider as j, get as k, login as l, setMany as m, setFile as n, onAuthStateChanged as o, getFiles as p, runQueryMany as q, runQuery as r, set as s, runExpression as t, runExpressionMany as u, signMessage as v, signTransaction as w, signAndSubmitTransaction as x, count as y, aggregate as z };
-//# sourceMappingURL=index-BQUfNEiY.esm.js.map
+export { genAuthNonce as $, count as A, aggregate as B, subscribe as C, useAuth as D, deserializeTransaction as E, getIdToken as F, setPlatform as G, getPlatform as H, PrivyWalletProvider as I, DEFAULT_TEST_ADDRESS as J, isMobileWalletAvailable as K, registerMobileWalletAdapter as L, MockAuthProvider as M, PrivyExpoProvider as N, OffchainAuthProvider as O, PhantomWalletProvider as P, InsufficientBalanceError as Q, ReactNativeSessionManager as R, SolanaMobileWalletProvider as S, ServerSessionManager as T, buildSetDocumentsTransaction as U, clearCache as V, WebSessionManager as W, closeAllSubscriptions as X, convertRemainingAccounts as Y, createSessionWithPrivy as Z, createSessionWithSignature as _, base58 as a, genSolanaMessage as a0, getCachedData as a1, getMany as a2, reconnectWithNewAuth as a3, refreshSession as a4, signSessionCreateMessage as a5, bufferExports as b, commonjsRequire as c, getCurrentUser as d, onAuthLoadingChanged as e, getAuthLoading as f, getDefaultExportFromCjs$1 as g, logout as h, init as i, getConfig as j, getAuthProvider as k, login as l, get as m, setMany as n, onAuthStateChanged as o, setFile as p, getFiles as q, require$$0 as r, set as s, runQuery as t, runQueryMany as u, runExpression as v, runExpressionMany as w, signMessage as x, signTransaction as y, signAndSubmitTransaction as z };
+//# sourceMappingURL=index-CJRFnq6O.esm.js.map