@pooflabs/web 0.0.87 → 0.0.89-rc1

package/dist/{index-B-x9RTF7.js → index-DIO6OzTK.js}

@@ -1,8 +1,8 @@
 'use strict';
 
-var index_native = require('./index.native-D8vj3Lbr.js');
+var index_native = require('./index.native-DGACm1O5.js');
 
 var bufferExports = index_native.requireBuffer();
 
 exports.bufferExports = bufferExports;
-//# sourceMappingURL=index-B-x9RTF7.js.map
+//# sourceMappingURL=index-DIO6OzTK.js.map

package/dist/index-DIO6OzTK.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index-DIO6OzTK.js","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;;;"}

package/dist/{index-BTwX7FYW.esm.js → index-DqaHVIzZ.esm.js}

@@ -13009,6 +13009,21 @@ async function login$1(options) {
     if (loginResult) {
         // Store which auth method was used so we restore the right provider on reload
         setStoredAuthMethod(currentAuthMethod);
+        // If this top-level tab was opened solely to perform the wallet connect for
+        // an embedded preview (?poofConnect — see openTopLevelForConnect in the
+        // phantom provider), close it now that the session is established. The
+        // session reflects back into the preview's iframe via same-origin storage.
+        try {
+            if (typeof window !== 'undefined'
+                && window.top === window.self
+                && new URLSearchParams(window.location.search).get('poofConnect') === '1') {
+                setTimeout(() => { try {
+                    window.close();
+                }
+                catch ( /* noop */_a) { /* noop */ } }, 400);
+            }
+        }
+        catch ( /* noop */_a) { /* noop */ }
         return Object.assign(Object.assign({}, loginResult), { provider: currentAuthProvider });
     }
     return null;
@@ -15660,6 +15675,27 @@ function shouldBreakOutOfIframe(provider) {
     // exactly the iframe-without-provider case we need to escape.
     return provider === 'deeplink' && isInIframe();
 }
+// In a cross-origin iframe (e.g. the poof.new build-page preview) on mobile,
+// Mobile Wallet Adapter can't run: its localhost association handshake needs
+// Chrome's Local Network Access, which is denied to cross-origin sub-frames.
+// So open the app's own URL TOP-LEVEL (a new tab / Custom Tab), where MWA works
+// natively; the connect happens there and the session — written to same-origin
+// storage — reflects back into this iframe (awaitTopLevelConnect picks it up).
+// Must be called synchronously inside a user-gesture handler so window.open
+// isn't popup-blocked. Returns true if the tab was opened.
+function openTopLevelForConnect() {
+    if (typeof window === 'undefined' || !isInIframe())
+        return false;
+    try {
+        const url = new URL(window.location.href);
+        url.searchParams.set('poofConnect', '1');
+        const w = window.open(url.toString(), '_blank');
+        return !!w;
+    }
+    catch (_a) {
+        return false;
+    }
+}
 // Dynamically import React and Phantom SDK - only when needed
 let React$1;
 let ReactDOM$1;
@@ -15680,7 +15716,7 @@ async function loadDependencies() {
         const [reactModule, reactDomModule, phantomModule] = await Promise.all([
             import('react'),
             import('react-dom/client'),
-            import('./index-DofM-ue2.esm.js')
+            import('./index-C_t7524U.esm.js')
         ]);
         // Extract default export from ESM module namespace
         // Dynamic import() returns { default: Module, ...exports }, not the module directly
@@ -16063,26 +16099,19 @@ class PhantomWalletProvider {
             const handleWalletClick = async (options) => {
                 walletClickedRef.current = true;
                 setShowWalletModal(false);
-                // If we're in an iframe and the user chose deeplink, Phantom's SDK
-                // will navigate *this* iframe to phantom.app/ul/browse/..., which
-                // Android App Links won't intercept and phantom.app won't let be
-                // framed. Escape to top-level first so the wallet browser can
-                // inject its provider and the normal injected flow takes over
-                // on the user's next connect tap.
+                // Cross-origin preview iframe + deeplink: the old approach navigated
+                // the top frame to this URL, but in a TWA that lands out-of-scope and
+                // shows a chrome-error ("bad page"). Instead, open the app TOP-LEVEL
+                // in a new tab where the wallet connect works natively; the session
+                // reflects back into this iframe (see openTopLevelForConnect /
+                // awaitTopLevelConnect).
                 if (shouldBreakOutOfIframe(options === null || options === void 0 ? void 0 : options.provider)) {
-                    try {
-                        // Same-site navigation (*.poof.new → *.poof.new) plus the
-                        // iframe's allow-top-navigation-by-user-activation sandbox
-                        // token make this go through.
-                        window.top.location.href = window.location.href;
+                    if (openTopLevelForConnect()) {
+                        that.awaitTopLevelConnect();
                         return;
                     }
-                    catch (_a) {
-                        // Top-nav blocked (no sandbox grant, cross-origin top, etc.).
-                        // Fall through to the normal deeplink path — at least the
-                        // user gets the original broken-ish behavior instead of a
-                        // silently-dead button.
-                    }
+                    // Popup blocked — fall through to the original deeplink path
+                    // (better a broken-ish button than a silently-dead one).
                 }
                 try {
                     if (options === null || options === void 0 ? void 0 : options.walletId) {
@@ -16128,6 +16157,14 @@ class PhantomWalletProvider {
                 that.loginInProgress = false;
                 walletClickedRef.current = true;
                 setShowWalletModal(false);
+                // Cross-origin preview iframe (e.g. poof.new build page) on mobile:
+                // MWA can't run here (Chrome denies Local Network Access to sub-frames,
+                // and its localhost handshake fails). Open the app top-level for the
+                // connect; the session reflects back into this iframe.
+                if (isInIframe() && openTopLevelForConnect()) {
+                    that.awaitTopLevelConnect();
+                    return;
+                }
                 if (that.onSwitchToMWA) {
                     try {
                         const mwaProvider = await that.onSwitchToMWA();
@@ -16640,6 +16677,54 @@ class PhantomWalletProvider {
         }
         return null;
     }
+    // When connect is delegated to a top-level tab (openTopLevelForConnect — used
+    // for the cross-origin preview iframe on mobile, where MWA can't run), the
+    // actual connect happens in that tab and writes the session to same-origin
+    // storage. This watches for that session to appear and resolves the in-flight
+    // login() with it. It listens for `storage` events and visibility regain (the
+    // user returning from the tab), with a polling fallback and a hard timeout.
+    awaitTopLevelConnect() {
+        if (typeof window === 'undefined')
+            return;
+        let done = false;
+        const cleanup = () => {
+            clearInterval(poll);
+            clearTimeout(timeout);
+            window.removeEventListener('storage', onChange);
+            document.removeEventListener('visibilitychange', onVisible);
+        };
+        const tryResolve = async () => {
+            if (done)
+                return;
+            try {
+                const user = await this.restoreSession();
+                if (user && this.pendingLogin) {
+                    done = true;
+                    cleanup();
+                    this.pendingLogin.resolve(user);
+                    this.pendingLogin = null;
+                    this.loginInProgress = false;
+                }
+            }
+            catch (_a) {
+                // not ready yet — keep waiting
+            }
+        };
+        const onChange = () => { void tryResolve(); };
+        const onVisible = () => { if (document.visibilityState === 'visible')
+            void tryResolve(); };
+        const poll = setInterval(() => { void tryResolve(); }, 1500);
+        const timeout = setTimeout(() => {
+            cleanup();
+            if (!done && this.pendingLogin) {
+                this.pendingLogin.reject(new Error('Wallet connection timed out'));
+                this.pendingLogin = null;
+                this.loginInProgress = false;
+            }
+        }, 180000);
+        window.addEventListener('storage', onChange);
+        document.addEventListener('visibilitychange', onVisible);
+    }
     async address() {
         var _a, _b, _c, _d;
         await this.ensureReady();
@@ -21381,13 +21466,13 @@ async function withMwaAssociationRetry(fn) {
  * next tap is a new activation (a real retry). A timer-based retry would
  * just hit the same Chrome block. Cap at 3 attempts before giving up.
  */
-async function awaitSignInGestureAndSign(theme, signFn) {
+async function awaitSignInGestureAndSign(theme, signFn, noResultError = 'MWA returned no signature') {
     if (typeof document === 'undefined' || typeof window === 'undefined') {
         // SSR / non-browser: skip the gesture, just call (the activation
         // model doesn't apply outside the browser).
         const results = await signFn();
         if (!results || results.length === 0)
-            throw new Error('MWA returned no signature');
+            throw new Error(noResultError);
         return results[0];
     }
     return new Promise((resolve, reject) => {
@@ -21579,7 +21664,7 @@ async function awaitSignInGestureAndSign(theme, signFn) {
             // launchAssociation(). Do not `await` before calling.
             signFn().then((results) => {
                 if (!results || results.length === 0) {
-                    finishReject(new Error('MWA returned no signature'));
+                    finishReject(new Error(noResultError));
                     return;
                 }
                 finishResolve(results[0]);
@@ -21607,6 +21692,31 @@ async function awaitSignInGestureAndSign(theme, signFn) {
         });
     });
 }
+/**
+ * Sign through the gesture modal ONLY when transient user activation has
+ * already decayed. Fast transactions still hold the activation from the
+ * user's tap, so the `solana-wallet:` navigation succeeds directly with no
+ * modal (preserves prior UX — no extra tap). Slow transactions — e.g. a swap
+ * whose server-side build exceeds Chrome's ~5s activation window — have lost
+ * it, so we fall back to awaitSignInGestureAndSign to mint a fresh activation
+ * via a "Sign in" tap. Returns the first result (same shape as the bare
+ * wallet-standard feature call and as awaitSignInGestureAndSign).
+ */
+async function signWithFreshActivation(theme, signFn, noResultError = 'MWA returned no signature') {
+    var _a;
+    const activationLive = typeof navigator !== 'undefined' &&
+        ((_a = navigator.userActivation) === null || _a === void 0 ? void 0 : _a.isActive) === true;
+    if (activationLive) {
+        // Live gesture: invoke synchronously (no await before signFn) so the
+        // activation propagates to the protocol's location.assign navigation.
+        const results = await signFn();
+        if (!results || results.length === 0)
+            throw new Error(noResultError);
+        return results[0];
+    }
+    // Activation gone: surface the modal so the user's tap mints a fresh one.
+    return awaitSignInGestureAndSign(theme, signFn, noResultError);
+}
 /**
  * Normalize a chain string to a wallet-standard Solana chain identifier.
  *
@@ -21748,7 +21858,7 @@ async function registerMobileWalletAdapter(config) {
     if (typeof window === 'undefined')
         return;
     try {
-        const walletStandardMobile = await import('./index.browser-nVGFrIHK.esm.js');
+        const walletStandardMobile = await import('./index.browser-K7sgUCDX.esm.js');
         const registerMwa = walletStandardMobile.registerMwa || ((_a = walletStandardMobile.default) === null || _a === void 0 ? void 0 : _a.registerMwa);
         if (!registerMwa) {
             console.warn('[SolanaMobileWallet] registerMwa not found in @solana-mobile/wallet-standard-mobile');
@@ -21887,7 +21997,7 @@ class SolanaMobileWalletProvider {
     async ensureWallet() {
         if (this.wallet)
             return this.wallet;
-        const mod = await import('./index.browser-nVGFrIHK.esm.js');
+        const mod = await import('./index.browser-K7sgUCDX.esm.js');
         const chain = mapChainToWalletStandard(this.cluster);
         this.wallet = new mod.LocalSolanaMobileWalletAdapterWallet({
             appIdentity: this.appIdentity,
@@ -22365,11 +22475,10 @@ class SolanaMobileWalletProvider {
         try {
             const signTxFeat = getSignTransactionFeature(wallet);
             const wireBytes = txToWireBytes(transaction);
-            const results = await signTxFeat.signTransaction({ account, transaction: wireBytes, chain });
-            if (!results || results.length === 0) {
-                throw new Error('MWA returned no signed transaction');
-            }
-            const { signedTransaction: signedBytes } = results[0];
+            // signTransaction navigates to `solana-wallet:`; only show the
+            // gesture modal if the tap activation has decayed (see runTransaction).
+            const signResult = await signWithFreshActivation(this.config.theme, () => signTxFeat.signTransaction({ account, transaction: wireBytes, chain }), 'MWA returned no signed transaction');
+            const { signedTransaction: signedBytes } = signResult;
             return txFromWireBytes(new Uint8Array(signedBytes));
         }
         catch (error) {
@@ -22475,11 +22584,9 @@ class SolanaMobileWalletProvider {
                 // because the wallet would submit to its own RPC.
                 const signTxFeat = getSignTransactionFeature(wallet);
                 const wireBytes = txToWireBytes(transaction);
-                const results = await signTxFeat.signTransaction({ account, transaction: wireBytes, chain });
-                if (!results || results.length === 0) {
-                    throw new Error('MWA returned no signed transaction');
-                }
-                const { signedTransaction: signedBytes } = results[0];
+                // Gesture modal only if activation decayed (see runTransaction).
+                const signResult = await signWithFreshActivation(this.config.theme, () => signTxFeat.signTransaction({ account, transaction: wireBytes, chain }), 'MWA returned no signed transaction');
+                const { signedTransaction: signedBytes } = signResult;
                 const signedTx = txFromWireBytes(new Uint8Array(signedBytes));
                 const signature = await connection.sendRawTransaction(signedTx.serialize(), {
                     preflightCommitment: 'confirmed',
@@ -22495,18 +22602,16 @@ class SolanaMobileWalletProvider {
                 return signature;
             }
             // Non-Surfnet: wallet signs and submits to its own RPC.
+            // Gesture modal only if activation decayed (see runTransaction).
             const signSendFeat = getSignAndSendTransactionFeature(wallet);
             const wireBytes = txToWireBytes(transaction);
-            const results = await signSendFeat.signAndSendTransaction({
+            const sendResult = await signWithFreshActivation(this.config.theme, () => signSendFeat.signAndSendTransaction({
                 account,
                 transaction: wireBytes,
                 chain,
                 options: { commitment: 'confirmed' },
-            });
-            if (!results || results.length === 0) {
-                throw new Error('MWA returned no signature');
-            }
-            const { signature: sigBytes } = results[0];
+            }));
+            const { signature: sigBytes } = sendResult;
             const signature = base58.encode(sigBytes);
             await confirmAndCheckTransaction(connection, signature);
             return signature;
@@ -22586,11 +22691,13 @@ class SolanaMobileWalletProvider {
             if ((options === null || options === void 0 ? void 0 : options.shouldSubmitTx) === false) {
                 const signTxFeat = getSignTransactionFeature(wallet);
                 const wireBytes = txToWireBytes(tx);
-                const results = await signTxFeat.signTransaction({ account, transaction: wireBytes, chain });
-                if (!results || results.length === 0) {
+                // signTransaction also navigates to `solana-wallet:`; only
+                // surface the gesture modal if the tap activation has decayed.
+                const signOnlyResult = await signWithFreshActivation(this.config.theme, () => signTxFeat.signTransaction({ account, transaction: wireBytes, chain }), 'MWA returned no signed transaction');
+                if (!signOnlyResult) {
                     throw new Error('MWA returned no signed transaction');
                 }
-                const { signedTransaction: signedBytes } = results[0];
+                const { signedTransaction: signedBytes } = signOnlyResult;
                 const signedTx = txFromWireBytes(new Uint8Array(signedBytes));
                 return {
                     signedTransaction: signedTx,
@@ -22603,11 +22710,13 @@ class SolanaMobileWalletProvider {
                 // Surfnet: sign locally via wallet-standard, submit manually.
                 const signTxFeat = getSignTransactionFeature(wallet);
                 const wireBytes = txToWireBytes(tx);
-                const results = await signTxFeat.signTransaction({ account, transaction: wireBytes, chain });
-                if (!results || results.length === 0) {
+                // signTransaction also navigates to `solana-wallet:`; only
+                // surface the gesture modal if the tap activation has decayed.
+                const surfnetResult = await signWithFreshActivation(this.config.theme, () => signTxFeat.signTransaction({ account, transaction: wireBytes, chain }), 'MWA returned no signed transaction');
+                if (!surfnetResult) {
                     throw new Error('MWA returned no signed transaction');
                 }
-                const { signedTransaction: signedBytes } = results[0];
+                const { signedTransaction: signedBytes } = surfnetResult;
                 const signedTx = txFromWireBytes(new Uint8Array(signedBytes));
                 const { blockhash, lastValidBlockHeight } = await connection.getLatestBlockhash('confirmed');
                 const signature = await connection.sendRawTransaction(signedTx.serialize(), {
@@ -22633,18 +22742,24 @@ class SolanaMobileWalletProvider {
                 };
             }
             // Non-Surfnet: wallet signs and submits to its own RPC.
+            // signAndSendTransaction dispatches a `solana-wallet:` navigation
+            // that Chrome blocks without transient user activation. Fast txs
+            // still hold the tap activation and navigate directly; slow ones
+            // (e.g. a swap whose server build exceeds Chrome's ~5s window)
+            // have lost it, so signWithFreshActivation shows the "Sign in"
+            // modal to mint a fresh activation — no modal when not needed.
             const signSendFeat = getSignAndSendTransactionFeature(wallet);
             const wireBytes = txToWireBytes(tx);
-            const results = await signSendFeat.signAndSendTransaction({
+            const sendResult = await signWithFreshActivation(this.config.theme, () => signSendFeat.signAndSendTransaction({
                 account,
                 transaction: wireBytes,
                 chain,
                 options: { commitment: 'confirmed' },
-            });
-            if (!results || results.length === 0) {
+            }));
+            if (!sendResult) {
                 throw new Error('MWA returned no signature');
             }
-            const { signature: sigBytes } = results[0];
+            const { signature: sigBytes } = sendResult;
             const signature = base58.encode(sigBytes);
             const txInfo = await confirmAndCheckTransaction(connection, signature);
             return {
@@ -23072,4 +23187,4 @@ class PrivyExpoProvider {
 }
 
 export { genAuthNonce as $, count as A, aggregate as B, subscribe as C, useAuth as D, deserializeTransaction as E, getIdToken as F, setPlatform as G, getPlatform as H, PrivyWalletProvider as I, DEFAULT_TEST_ADDRESS as J, isMobileWalletAvailable as K, registerMobileWalletAdapter as L, MockAuthProvider as M, PrivyExpoProvider as N, OffchainAuthProvider as O, PhantomWalletProvider as P, InsufficientBalanceError as Q, ReactNativeSessionManager as R, SolanaMobileWalletProvider as S, ServerSessionManager as T, buildSetDocumentsTransaction as U, clearCache as V, WebSessionManager as W, closeAllSubscriptions as X, convertRemainingAccounts as Y, createSessionWithPrivy as Z, createSessionWithSignature as _, base58 as a, genSolanaMessage as a0, getCachedData as a1, getMany as a2, reconnectWithNewAuth as a3, refreshSession as a4, signSessionCreateMessage as a5, bufferExports as b, commonjsRequire as c, getCurrentUser as d, onAuthLoadingChanged as e, getAuthLoading as f, getDefaultExportFromCjs$1 as g, logout as h, init as i, getConfig as j, getAuthProvider as k, login as l, get as m, setMany as n, onAuthStateChanged as o, setFile as p, getFiles as q, require$$0 as r, set as s, runQuery as t, runQueryMany as u, runExpression as v, runExpressionMany as w, signMessage as x, signTransaction as y, signAndSubmitTransaction as z };
-//# sourceMappingURL=index-BTwX7FYW.esm.js.map
+//# sourceMappingURL=index-DqaHVIzZ.esm.js.map