@pooflabs/web 0.0.87 → 0.0.89-rc1

package/dist/{index-Dj1tZr6X.js → index-Bu0P9-rk.js}

@@ -13030,6 +13030,21 @@ async function login$1(options) {
     if (loginResult) {
         // Store which auth method was used so we restore the right provider on reload
         setStoredAuthMethod(currentAuthMethod);
+        // If this top-level tab was opened solely to perform the wallet connect for
+        // an embedded preview (?poofConnect — see openTopLevelForConnect in the
+        // phantom provider), close it now that the session is established. The
+        // session reflects back into the preview's iframe via same-origin storage.
+        try {
+            if (typeof window !== 'undefined'
+                && window.top === window.self
+                && new URLSearchParams(window.location.search).get('poofConnect') === '1') {
+                setTimeout(() => { try {
+                    window.close();
+                }
+                catch ( /* noop */_a) { /* noop */ } }, 400);
+            }
+        }
+        catch ( /* noop */_a) { /* noop */ }
         return Object.assign(Object.assign({}, loginResult), { provider: currentAuthProvider });
     }
     return null;
@@ -15681,6 +15696,27 @@ function shouldBreakOutOfIframe(provider) {
     // exactly the iframe-without-provider case we need to escape.
     return provider === 'deeplink' && isInIframe();
 }
+// In a cross-origin iframe (e.g. the poof.new build-page preview) on mobile,
+// Mobile Wallet Adapter can't run: its localhost association handshake needs
+// Chrome's Local Network Access, which is denied to cross-origin sub-frames.
+// So open the app's own URL TOP-LEVEL (a new tab / Custom Tab), where MWA works
+// natively; the connect happens there and the session — written to same-origin
+// storage — reflects back into this iframe (awaitTopLevelConnect picks it up).
+// Must be called synchronously inside a user-gesture handler so window.open
+// isn't popup-blocked. Returns true if the tab was opened.
+function openTopLevelForConnect() {
+    if (typeof window === 'undefined' || !isInIframe())
+        return false;
+    try {
+        const url = new URL(window.location.href);
+        url.searchParams.set('poofConnect', '1');
+        const w = window.open(url.toString(), '_blank');
+        return !!w;
+    }
+    catch (_a) {
+        return false;
+    }
+}
 // Dynamically import React and Phantom SDK - only when needed
 let React$1;
 let ReactDOM$1;
@@ -15701,7 +15737,7 @@ async function loadDependencies() {
         const [reactModule, reactDomModule, phantomModule] = await Promise.all([
             import('react'),
             import('react-dom/client'),
-            Promise.resolve().then(function () { return require('./index-BKN0IwAx.js'); })
+            Promise.resolve().then(function () { return require('./index-CaP3L422.js'); })
         ]);
         // Extract default export from ESM module namespace
         // Dynamic import() returns { default: Module, ...exports }, not the module directly
@@ -16084,26 +16120,19 @@ class PhantomWalletProvider {
             const handleWalletClick = async (options) => {
                 walletClickedRef.current = true;
                 setShowWalletModal(false);
-                // If we're in an iframe and the user chose deeplink, Phantom's SDK
-                // will navigate *this* iframe to phantom.app/ul/browse/..., which
-                // Android App Links won't intercept and phantom.app won't let be
-                // framed. Escape to top-level first so the wallet browser can
-                // inject its provider and the normal injected flow takes over
-                // on the user's next connect tap.
+                // Cross-origin preview iframe + deeplink: the old approach navigated
+                // the top frame to this URL, but in a TWA that lands out-of-scope and
+                // shows a chrome-error ("bad page"). Instead, open the app TOP-LEVEL
+                // in a new tab where the wallet connect works natively; the session
+                // reflects back into this iframe (see openTopLevelForConnect /
+                // awaitTopLevelConnect).
                 if (shouldBreakOutOfIframe(options === null || options === void 0 ? void 0 : options.provider)) {
-                    try {
-                        // Same-site navigation (*.poof.new → *.poof.new) plus the
-                        // iframe's allow-top-navigation-by-user-activation sandbox
-                        // token make this go through.
-                        window.top.location.href = window.location.href;
+                    if (openTopLevelForConnect()) {
+                        that.awaitTopLevelConnect();
                         return;
                     }
-                    catch (_a) {
-                        // Top-nav blocked (no sandbox grant, cross-origin top, etc.).
-                        // Fall through to the normal deeplink path — at least the
-                        // user gets the original broken-ish behavior instead of a
-                        // silently-dead button.
-                    }
+                    // Popup blocked — fall through to the original deeplink path
+                    // (better a broken-ish button than a silently-dead one).
                 }
                 try {
                     if (options === null || options === void 0 ? void 0 : options.walletId) {
@@ -16149,6 +16178,14 @@ class PhantomWalletProvider {
                 that.loginInProgress = false;
                 walletClickedRef.current = true;
                 setShowWalletModal(false);
+                // Cross-origin preview iframe (e.g. poof.new build page) on mobile:
+                // MWA can't run here (Chrome denies Local Network Access to sub-frames,
+                // and its localhost handshake fails). Open the app top-level for the
+                // connect; the session reflects back into this iframe.
+                if (isInIframe() && openTopLevelForConnect()) {
+                    that.awaitTopLevelConnect();
+                    return;
+                }
                 if (that.onSwitchToMWA) {
                     try {
                         const mwaProvider = await that.onSwitchToMWA();
@@ -16661,6 +16698,54 @@ class PhantomWalletProvider {
         }
         return null;
     }
+    // When connect is delegated to a top-level tab (openTopLevelForConnect — used
+    // for the cross-origin preview iframe on mobile, where MWA can't run), the
+    // actual connect happens in that tab and writes the session to same-origin
+    // storage. This watches for that session to appear and resolves the in-flight
+    // login() with it. It listens for `storage` events and visibility regain (the
+    // user returning from the tab), with a polling fallback and a hard timeout.
+    awaitTopLevelConnect() {
+        if (typeof window === 'undefined')
+            return;
+        let done = false;
+        const cleanup = () => {
+            clearInterval(poll);
+            clearTimeout(timeout);
+            window.removeEventListener('storage', onChange);
+            document.removeEventListener('visibilitychange', onVisible);
+        };
+        const tryResolve = async () => {
+            if (done)
+                return;
+            try {
+                const user = await this.restoreSession();
+                if (user && this.pendingLogin) {
+                    done = true;
+                    cleanup();
+                    this.pendingLogin.resolve(user);
+                    this.pendingLogin = null;
+                    this.loginInProgress = false;
+                }
+            }
+            catch (_a) {
+                // not ready yet — keep waiting
+            }
+        };
+        const onChange = () => { void tryResolve(); };
+        const onVisible = () => { if (document.visibilityState === 'visible')
+            void tryResolve(); };
+        const poll = setInterval(() => { void tryResolve(); }, 1500);
+        const timeout = setTimeout(() => {
+            cleanup();
+            if (!done && this.pendingLogin) {
+                this.pendingLogin.reject(new Error('Wallet connection timed out'));
+                this.pendingLogin = null;
+                this.loginInProgress = false;
+            }
+        }, 180000);
+        window.addEventListener('storage', onChange);
+        document.addEventListener('visibilitychange', onVisible);
+    }
     async address() {
         var _a, _b, _c, _d;
         await this.ensureReady();
@@ -21402,13 +21487,13 @@ async function withMwaAssociationRetry(fn) {
  * next tap is a new activation (a real retry). A timer-based retry would
  * just hit the same Chrome block. Cap at 3 attempts before giving up.
  */
-async function awaitSignInGestureAndSign(theme, signFn) {
+async function awaitSignInGestureAndSign(theme, signFn, noResultError = 'MWA returned no signature') {
     if (typeof document === 'undefined' || typeof window === 'undefined') {
         // SSR / non-browser: skip the gesture, just call (the activation
         // model doesn't apply outside the browser).
         const results = await signFn();
         if (!results || results.length === 0)
-            throw new Error('MWA returned no signature');
+            throw new Error(noResultError);
         return results[0];
     }
     return new Promise((resolve, reject) => {
@@ -21600,7 +21685,7 @@ async function awaitSignInGestureAndSign(theme, signFn) {
             // launchAssociation(). Do not `await` before calling.
             signFn().then((results) => {
                 if (!results || results.length === 0) {
-                    finishReject(new Error('MWA returned no signature'));
+                    finishReject(new Error(noResultError));
                     return;
                 }
                 finishResolve(results[0]);
@@ -21628,6 +21713,31 @@ async function awaitSignInGestureAndSign(theme, signFn) {
         });
     });
 }
+/**
+ * Sign through the gesture modal ONLY when transient user activation has
+ * already decayed. Fast transactions still hold the activation from the
+ * user's tap, so the `solana-wallet:` navigation succeeds directly with no
+ * modal (preserves prior UX — no extra tap). Slow transactions — e.g. a swap
+ * whose server-side build exceeds Chrome's ~5s activation window — have lost
+ * it, so we fall back to awaitSignInGestureAndSign to mint a fresh activation
+ * via a "Sign in" tap. Returns the first result (same shape as the bare
+ * wallet-standard feature call and as awaitSignInGestureAndSign).
+ */
+async function signWithFreshActivation(theme, signFn, noResultError = 'MWA returned no signature') {
+    var _a;
+    const activationLive = typeof navigator !== 'undefined' &&
+        ((_a = navigator.userActivation) === null || _a === void 0 ? void 0 : _a.isActive) === true;
+    if (activationLive) {
+        // Live gesture: invoke synchronously (no await before signFn) so the
+        // activation propagates to the protocol's location.assign navigation.
+        const results = await signFn();
+        if (!results || results.length === 0)
+            throw new Error(noResultError);
+        return results[0];
+    }
+    // Activation gone: surface the modal so the user's tap mints a fresh one.
+    return awaitSignInGestureAndSign(theme, signFn, noResultError);
+}
 /**
  * Normalize a chain string to a wallet-standard Solana chain identifier.
  *
@@ -21769,7 +21879,7 @@ async function registerMobileWalletAdapter(config) {
     if (typeof window === 'undefined')
         return;
     try {
-        const walletStandardMobile = await Promise.resolve().then(function () { return require('./index.browser-DlA-NKvf.js'); });
+        const walletStandardMobile = await Promise.resolve().then(function () { return require('./index.browser-D2cnbAmp.js'); });
         const registerMwa = walletStandardMobile.registerMwa || ((_a = walletStandardMobile.default) === null || _a === void 0 ? void 0 : _a.registerMwa);
         if (!registerMwa) {
             console.warn('[SolanaMobileWallet] registerMwa not found in @solana-mobile/wallet-standard-mobile');
@@ -21908,7 +22018,7 @@ class SolanaMobileWalletProvider {
     async ensureWallet() {
         if (this.wallet)
             return this.wallet;
-        const mod = await Promise.resolve().then(function () { return require('./index.browser-DlA-NKvf.js'); });
+        const mod = await Promise.resolve().then(function () { return require('./index.browser-D2cnbAmp.js'); });
         const chain = mapChainToWalletStandard(this.cluster);
         this.wallet = new mod.LocalSolanaMobileWalletAdapterWallet({
             appIdentity: this.appIdentity,
@@ -22386,11 +22496,10 @@ class SolanaMobileWalletProvider {
         try {
             const signTxFeat = getSignTransactionFeature(wallet);
             const wireBytes = txToWireBytes(transaction);
-            const results = await signTxFeat.signTransaction({ account, transaction: wireBytes, chain });
-            if (!results || results.length === 0) {
-                throw new Error('MWA returned no signed transaction');
-            }
-            const { signedTransaction: signedBytes } = results[0];
+            // signTransaction navigates to `solana-wallet:`; only show the
+            // gesture modal if the tap activation has decayed (see runTransaction).
+            const signResult = await signWithFreshActivation(this.config.theme, () => signTxFeat.signTransaction({ account, transaction: wireBytes, chain }), 'MWA returned no signed transaction');
+            const { signedTransaction: signedBytes } = signResult;
             return txFromWireBytes(new Uint8Array(signedBytes));
         }
         catch (error) {
@@ -22496,11 +22605,9 @@ class SolanaMobileWalletProvider {
                 // because the wallet would submit to its own RPC.
                 const signTxFeat = getSignTransactionFeature(wallet);
                 const wireBytes = txToWireBytes(transaction);
-                const results = await signTxFeat.signTransaction({ account, transaction: wireBytes, chain });
-                if (!results || results.length === 0) {
-                    throw new Error('MWA returned no signed transaction');
-                }
-                const { signedTransaction: signedBytes } = results[0];
+                // Gesture modal only if activation decayed (see runTransaction).
+                const signResult = await signWithFreshActivation(this.config.theme, () => signTxFeat.signTransaction({ account, transaction: wireBytes, chain }), 'MWA returned no signed transaction');
+                const { signedTransaction: signedBytes } = signResult;
                 const signedTx = txFromWireBytes(new Uint8Array(signedBytes));
                 const signature = await connection.sendRawTransaction(signedTx.serialize(), {
                     preflightCommitment: 'confirmed',
@@ -22516,18 +22623,16 @@ class SolanaMobileWalletProvider {
                 return signature;
             }
             // Non-Surfnet: wallet signs and submits to its own RPC.
+            // Gesture modal only if activation decayed (see runTransaction).
             const signSendFeat = getSignAndSendTransactionFeature(wallet);
             const wireBytes = txToWireBytes(transaction);
-            const results = await signSendFeat.signAndSendTransaction({
+            const sendResult = await signWithFreshActivation(this.config.theme, () => signSendFeat.signAndSendTransaction({
                 account,
                 transaction: wireBytes,
                 chain,
                 options: { commitment: 'confirmed' },
-            });
-            if (!results || results.length === 0) {
-                throw new Error('MWA returned no signature');
-            }
-            const { signature: sigBytes } = results[0];
+            }));
+            const { signature: sigBytes } = sendResult;
             const signature = base58.encode(sigBytes);
             await confirmAndCheckTransaction(connection, signature);
             return signature;
@@ -22607,11 +22712,13 @@ class SolanaMobileWalletProvider {
             if ((options === null || options === void 0 ? void 0 : options.shouldSubmitTx) === false) {
                 const signTxFeat = getSignTransactionFeature(wallet);
                 const wireBytes = txToWireBytes(tx);
-                const results = await signTxFeat.signTransaction({ account, transaction: wireBytes, chain });
-                if (!results || results.length === 0) {
+                // signTransaction also navigates to `solana-wallet:`; only
+                // surface the gesture modal if the tap activation has decayed.
+                const signOnlyResult = await signWithFreshActivation(this.config.theme, () => signTxFeat.signTransaction({ account, transaction: wireBytes, chain }), 'MWA returned no signed transaction');
+                if (!signOnlyResult) {
                     throw new Error('MWA returned no signed transaction');
                 }
-                const { signedTransaction: signedBytes } = results[0];
+                const { signedTransaction: signedBytes } = signOnlyResult;
                 const signedTx = txFromWireBytes(new Uint8Array(signedBytes));
                 return {
                     signedTransaction: signedTx,
@@ -22624,11 +22731,13 @@ class SolanaMobileWalletProvider {
                 // Surfnet: sign locally via wallet-standard, submit manually.
                 const signTxFeat = getSignTransactionFeature(wallet);
                 const wireBytes = txToWireBytes(tx);
-                const results = await signTxFeat.signTransaction({ account, transaction: wireBytes, chain });
-                if (!results || results.length === 0) {
+                // signTransaction also navigates to `solana-wallet:`; only
+                // surface the gesture modal if the tap activation has decayed.
+                const surfnetResult = await signWithFreshActivation(this.config.theme, () => signTxFeat.signTransaction({ account, transaction: wireBytes, chain }), 'MWA returned no signed transaction');
+                if (!surfnetResult) {
                     throw new Error('MWA returned no signed transaction');
                 }
-                const { signedTransaction: signedBytes } = results[0];
+                const { signedTransaction: signedBytes } = surfnetResult;
                 const signedTx = txFromWireBytes(new Uint8Array(signedBytes));
                 const { blockhash, lastValidBlockHeight } = await connection.getLatestBlockhash('confirmed');
                 const signature = await connection.sendRawTransaction(signedTx.serialize(), {
@@ -22654,18 +22763,24 @@ class SolanaMobileWalletProvider {
                 };
             }
             // Non-Surfnet: wallet signs and submits to its own RPC.
+            // signAndSendTransaction dispatches a `solana-wallet:` navigation
+            // that Chrome blocks without transient user activation. Fast txs
+            // still hold the tap activation and navigate directly; slow ones
+            // (e.g. a swap whose server build exceeds Chrome's ~5s window)
+            // have lost it, so signWithFreshActivation shows the "Sign in"
+            // modal to mint a fresh activation — no modal when not needed.
             const signSendFeat = getSignAndSendTransactionFeature(wallet);
             const wireBytes = txToWireBytes(tx);
-            const results = await signSendFeat.signAndSendTransaction({
+            const sendResult = await signWithFreshActivation(this.config.theme, () => signSendFeat.signAndSendTransaction({
                 account,
                 transaction: wireBytes,
                 chain,
                 options: { commitment: 'confirmed' },
-            });
-            if (!results || results.length === 0) {
+            }));
+            if (!sendResult) {
                 throw new Error('MWA returned no signature');
             }
-            const { signature: sigBytes } = results[0];
+            const { signature: sigBytes } = sendResult;
             const signature = base58.encode(sigBytes);
             const txInfo = await confirmAndCheckTransaction(connection, signature);
             return {
@@ -23152,4 +23267,4 @@ exports.signSessionCreateMessage = signSessionCreateMessage;
 exports.signTransaction = signTransaction;
 exports.subscribe = subscribe;
 exports.useAuth = useAuth;
-//# sourceMappingURL=index-Dj1tZr6X.js.map
+//# sourceMappingURL=index-Bu0P9-rk.js.map