@pooflabs/web 0.0.89-rc2 → 0.0.89-rc3

package/dist/auth/hooks/usePoofnetWallet.d.ts

@@ -0,0 +1,28 @@
+export interface PoofnetWallet {
+    index: number;
+    label: string;
+    address: string;
+}
+export interface UsePoofnetWalletResult {
+    /** True when the active session is a simulated Poofnet (mock) wallet. */
+    isMock: boolean;
+    /** All mock wallets for this app/device (derived, no secrets stored). */
+    wallets: PoofnetWallet[];
+    /** Index of the currently-connected mock wallet. */
+    activeIndex: number;
+    /** Connect as an existing mock wallet by index (re-logins as it). */
+    switchWallet: (index: number) => Promise<void>;
+    /** Generate a brand-new mock wallet and connect as it. */
+    generateWallet: () => Promise<void>;
+    /** Re-read the wallet list (rarely needed — auth changes refresh automatically). */
+    refresh: () => Promise<void>;
+}
+/**
+ * Exposes the simulated Poofnet wallet to the app's own wallet UI (e.g. the
+ * template WalletButton). `isMock` is false on mainnet / real-wallet sessions,
+ * so callers can conditionally render the switch/generate controls.
+ *
+ * Reactive: re-reads whenever auth state changes (login / logout / wallet
+ * switch all flow through setCurrentUser → onAuthStateChanged).
+ */
+export declare function usePoofnetWallet(): UsePoofnetWalletResult;

package/dist/auth/providers/mock-poofnet-provider.d.ts

@@ -1,31 +1,9 @@
 import { Transaction, VersionedTransaction } from '@solana/web3.js';
 import type { AuthProvider, User, TransactionResult, SolTransaction, EVMTransaction, SetOptions } from '@pooflabs/core';
-/**
- * MockPoofnetProvider — a *simulated* wallet for the Poofnet (offchain) preview
- * environment. Lets a draft app be used without a real wallet round-trip: it
- * derives a keypair locally and signs the canonical auth-nonce message itself,
- * minting a genuine session through the normal /session flow (the backend
- * verifier only checks signature + canonical message + nonce — never keypair
- * provenance — so a derived key is accepted exactly like a real wallet).
- *
- * Identity model (no per-wallet secret is ever stored):
- *   - A random per-device id (`poofnet:deviceId`, generated once) is the entropy
- *     root, so two different users on a *direct* draft URL never collide.
- *   - Wallet #N = Keypair.fromSeed( sha256("poofnet-mock:" + deviceId + ":" + appId + ":" + N) )
- *     — deterministic, so wallets survive reloads and are re-derived on demand.
- *   - Per-app (appId in the seed) and per-device. Cross-device-same-user is a
- *     later layer (would mix in the poof platform address when available).
- *
- * Only ever constructed when chain === "offchain" (see auth/index.ts), and it is
- * wrapped by OffchainAuthProvider so transaction mocking is unchanged. Mainnet
- * never touches this class.
- */
+export declare function getActiveMockPoofnetProvider(): MockPoofnetProvider | null;
 export declare class MockPoofnetProvider implements AuthProvider {
     /** The keypair for the currently-connected mock wallet (re-derived on login/switch/restore). */
     private activeKeypair;
-    /** Floating wallet widget root (web only). */
-    private widgetEl;
-    private widgetExpanded;
     private getDeviceId;
     private getAppId;
     private getWalletMeta;
@@ -47,12 +25,19 @@ export declare class MockPoofnetProvider implements AuthProvider {
     switchWallet(index: number): Promise<User | null>;
     /** Generate a brand-new mock wallet (next index) and connect as it. */
     generateWallet(): Promise<User | null>;
+    /** Wallet list + active index for the wallet UI (usePoofnetWallet hook). */
+    getWalletState(): Promise<{
+        wallets: {
+            index: number;
+            label: string;
+            address: string;
+        }[];
+        activeIndex: number;
+    }>;
     signMessage(message: string): Promise<string>;
     signMessageMock(message: string): Promise<string>;
     runTransaction(_evmTransactionData?: EVMTransaction, _solTransactionData?: SolTransaction, _options?: SetOptions): Promise<TransactionResult>;
     signTransaction(transaction: Transaction | VersionedTransaction): Promise<Transaction | VersionedTransaction>;
     signAndSubmitTransaction(_transaction: Transaction | VersionedTransaction, _feePayer?: any): Promise<string>;
     getNativeMethods(): Promise<any>;
-    private showWalletWidget;
-    private removeWalletWidget;
 }

package/dist/{index-Cgaz8U9W.esm.js → index-2wcE74zV.esm.js}

@@ -16874,13 +16874,19 @@ const AUTH_METHOD = 'poofnet-mock';
  * wrapped by OffchainAuthProvider so transaction mocking is unchanged. Mainnet
  * never touches this class.
  */
+/**
+ * The active MockPoofnetProvider instance while mock-connected. Exposed so the
+ * usePoofnetWallet() hook (and thus the app's own wallet UI, e.g. WalletButton)
+ * can list/switch/generate mock wallets. Null when not mock-connected.
+ */
+let activeMockPoofnetInstance = null;
+function getActiveMockPoofnetProvider() {
+    return activeMockPoofnetInstance;
+}
 class MockPoofnetProvider {
     constructor() {
         /** The keypair for the currently-connected mock wallet (re-derived on login/switch/restore). */
         this.activeKeypair = null;
-        /** Floating wallet widget root (web only). */
-        this.widgetEl = null;
-        this.widgetExpanded = false;
     }
     // ============ Identity / derivation ============
     getDeviceId() {
@@ -16980,20 +16986,20 @@ class MockPoofnetProvider {
         const index = Math.min(meta.activeIndex, meta.count - 1);
         this.activeKeypair = await this.deriveKeypair(appId, index);
         const user = await this.mintSession(this.activeKeypair);
-        this.showWalletWidget(appId).catch(() => { });
+        activeMockPoofnetInstance = this;
         return user;
     }
     async restoreSession() {
         const session = await WebSessionManager.getSession();
         if (!session)
             return null;
-        // Re-derive the active keypair so signMessage works after a reload, and
-        // re-show the widget. Best-effort — the session itself is authoritative.
+        // Re-derive the active keypair so signMessage works after a reload.
+        // Best-effort — the session itself is authoritative.
         try {
             const appId = await this.getAppId();
             const meta = this.getWalletMeta(appId);
             this.activeKeypair = await this.deriveKeypair(appId, Math.min(meta.activeIndex, Math.max(0, meta.count - 1)));
-            this.showWalletWidget(appId).catch(() => { });
+            activeMockPoofnetInstance = this;
         }
         catch ( /* noop */_a) { /* noop */ }
         return { provider: this, address: session.address };
@@ -17002,7 +17008,7 @@ class MockPoofnetProvider {
         WebSessionManager.clearSession();
         setCurrentUser(null);
         this.activeKeypair = null;
-        this.removeWalletWidget();
+        activeMockPoofnetInstance = null;
     }
     // ============ Multi-wallet management ============
     /** Switch to (and connect as) an existing mock wallet by index. */
@@ -17017,7 +17023,7 @@ class MockPoofnetProvider {
         WebSessionManager.clearSession();
         this.activeKeypair = await this.deriveKeypair(appId, index);
         const user = await this.mintSession(this.activeKeypair);
-        this.showWalletWidget(appId).catch(() => { });
+        activeMockPoofnetInstance = this;
         return user;
     }
     /** Generate a brand-new mock wallet (next index) and connect as it. */
@@ -17026,6 +17032,18 @@ class MockPoofnetProvider {
         const meta = this.getWalletMeta(appId);
         return this.switchWallet(meta.count);
     }
+    /** Wallet list + active index for the wallet UI (usePoofnetWallet hook). */
+    async getWalletState() {
+        const appId = await this.getAppId();
+        const meta = this.getWalletMeta(appId);
+        const count = Math.max(1, meta.count);
+        const wallets = [];
+        for (let i = 0; i < count; i++) {
+            const kp = await this.deriveKeypair(appId, i);
+            wallets.push({ index: i, label: this.labelFor(meta, i), address: kp.publicKey.toBase58() });
+        }
+        return { wallets, activeIndex: Math.min(meta.activeIndex, count - 1) };
+    }
     // ============ AuthProvider interface (offchain-wrapped, mostly inert) ============
     async signMessage(message) {
         if (!this.activeKeypair)
@@ -17058,73 +17076,6 @@ class MockPoofnetProvider {
     async getNativeMethods() {
         return {};
     }
-    // ============ Floating wallet widget (web only) ============
-    async showWalletWidget(appId) {
-        if (!getPlatform().hasDOM || typeof document === 'undefined')
-            return;
-        const meta = this.getWalletMeta(appId);
-        // Derive addresses for every wallet so the dropdown can show them.
-        const wallets = [];
-        for (let i = 0; i < meta.count; i++) {
-            const kp = await this.deriveKeypair(appId, i);
-            wallets.push({ index: i, label: this.labelFor(meta, i), address: kp.publicKey.toBase58() });
-        }
-        const active = wallets[Math.min(meta.activeIndex, wallets.length - 1)] || wallets[0];
-        if (!active)
-            return;
-        if (!this.widgetEl) {
-            this.widgetEl = document.createElement('div');
-            this.widgetEl.id = 'poofnet-wallet-widget';
-            document.body.appendChild(this.widgetEl);
-        }
-        const short = (a) => `${a.slice(0, 4)}…${a.slice(-4)}`;
-        const rows = wallets.map((w) => `
-            <button data-poofnet-switch="${w.index}" style="display:flex;align-items:center;justify-content:space-between;gap:8px;width:100%;padding:8px 10px;background:${w.index === active.index ? 'rgba(153,69,255,0.18)' : 'transparent'};border:none;border-radius:8px;color:#fff;font-size:13px;cursor:pointer;text-align:left;">
-                <span style="display:flex;flex-direction:column;"><span style="font-weight:600;">${w.label}</span><span style="opacity:0.55;font-size:11px;font-family:monospace;">${short(w.address)}</span></span>
-                ${w.index === active.index ? '<span style="color:#9945FF;">●</span>' : ''}
-            </button>`).join('');
-        this.widgetEl.innerHTML = `
-            <div style="position:fixed;bottom:16px;right:16px;z-index:2147483600;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',sans-serif;">
-              ${this.widgetExpanded ? `
-              <div style="margin-bottom:8px;width:240px;background:#161618;border:1px solid #2a2a2e;border-radius:12px;padding:8px;box-shadow:0 8px 32px rgba(0,0,0,0.5);">
-                <div style="padding:6px 10px 8px;font-size:11px;letter-spacing:0.04em;text-transform:uppercase;color:#9945FF;font-weight:700;">Poofnet · Simulated</div>
-                <div style="max-height:220px;overflow:auto;display:flex;flex-direction:column;gap:2px;">${rows}</div>
-                <button data-poofnet-generate="1" style="margin-top:6px;width:100%;padding:8px 10px;background:rgba(153,69,255,0.12);border:1px dashed #9945FF;border-radius:8px;color:#c8a4ff;font-size:13px;font-weight:600;cursor:pointer;">+ Generate new wallet</button>
-              </div>` : ''}
-              <button data-poofnet-toggle="1" style="display:flex;align-items:center;gap:8px;padding:8px 12px;background:#161618;border:1px solid #2a2a2e;border-radius:999px;color:#fff;font-size:13px;cursor:pointer;box-shadow:0 4px 16px rgba(0,0,0,0.4);">
-                <span style="width:8px;height:8px;border-radius:50%;background:#9945FF;box-shadow:0 0 8px #9945FF;"></span>
-                <span style="font-weight:600;">${active.label}</span>
-                <span style="opacity:0.55;font-family:monospace;font-size:12px;">${short(active.address)}</span>
-                <span style="opacity:0.5;transform:rotate(${this.widgetExpanded ? '180deg' : '0deg'});">▾</span>
-              </button>
-            </div>`;
-        // Wire handlers (re-bound each render).
-        const toggle = this.widgetEl.querySelector('[data-poofnet-toggle]');
-        if (toggle)
-            toggle.onclick = () => { this.widgetExpanded = !this.widgetExpanded; this.showWalletWidget(appId).catch(() => { }); };
-        this.widgetEl.querySelectorAll('[data-poofnet-switch]').forEach((btn) => {
-            btn.onclick = async () => {
-                const idx = parseInt(btn.getAttribute('data-poofnet-switch'), 10);
-                this.widgetExpanded = false;
-                if (idx !== active.index)
-                    await this.switchWallet(idx);
-                else
-                    this.showWalletWidget(appId).catch(() => { });
-            };
-        });
-        const gen = this.widgetEl.querySelector('[data-poofnet-generate]');
-        if (gen)
-            gen.onclick = async () => { this.widgetExpanded = false; await this.generateWallet(); };
-    }
-    removeWalletWidget() {
-        try {
-            if (this.widgetEl && this.widgetEl.parentNode)
-                this.widgetEl.parentNode.removeChild(this.widgetEl);
-        }
-        catch ( /* noop */_a) { /* noop */ }
-        this.widgetEl = null;
-        this.widgetExpanded = false;
-    }
 }
 
 /**
@@ -18226,17 +18177,17 @@ function setAuthProviderInstance(provider) {
     authProviderInstance = provider;
 }
 
-var _a;
+var _a$1;
 // Whether we're in a server-side rendering context (no hooks allowed).
 // React Native has no `window` but DOES support hooks.
 // We detect Node SSR specifically via process.versions.node to avoid
 // false positives from Node 21+ which defines `navigator` globally.
-const isSSR = typeof window === 'undefined'
+const isSSR$1 = typeof window === 'undefined'
     && typeof process !== 'undefined'
-    && !!((_a = process.versions) === null || _a === void 0 ? void 0 : _a.node);
+    && !!((_a$1 = process.versions) === null || _a$1 === void 0 ? void 0 : _a$1.node);
 function useAuth() {
     // Provide a fallback so server render doesn't break
-    if (isSSR) {
+    if (isSSR$1) {
         return {
             login: async () => undefined,
             logout: async () => undefined,
@@ -18296,6 +18247,79 @@ function useAuth() {
     };
 }
 
+var _a;
+const isSSR = typeof window === 'undefined'
+    && typeof process !== 'undefined'
+    && !!((_a = process.versions) === null || _a === void 0 ? void 0 : _a.node);
+const EMPTY = {
+    isMock: false,
+    wallets: [],
+    activeIndex: 0,
+    switchWallet: async () => undefined,
+    generateWallet: async () => undefined,
+    refresh: async () => undefined,
+};
+/**
+ * Exposes the simulated Poofnet wallet to the app's own wallet UI (e.g. the
+ * template WalletButton). `isMock` is false on mainnet / real-wallet sessions,
+ * so callers can conditionally render the switch/generate controls.
+ *
+ * Reactive: re-reads whenever auth state changes (login / logout / wallet
+ * switch all flow through setCurrentUser → onAuthStateChanged).
+ */
+function usePoofnetWallet() {
+    if (isSSR)
+        return EMPTY;
+    const [state, setState] = React$2.useState({
+        isMock: false,
+        wallets: [],
+        activeIndex: 0,
+    });
+    const refresh = React$2.useCallback(async () => {
+        const provider = getActiveMockPoofnetProvider();
+        if (!provider) {
+            setState({ isMock: false, wallets: [], activeIndex: 0 });
+            return;
+        }
+        try {
+            const { wallets, activeIndex } = await provider.getWalletState();
+            setState({ isMock: true, wallets, activeIndex });
+        }
+        catch (_a) {
+            setState({ isMock: false, wallets: [], activeIndex: 0 });
+        }
+    }, []);
+    React$2.useEffect(() => {
+        refresh();
+        // setCurrentUser (login/logout/switch/generate) notifies these listeners.
+        onAuthStateChanged(() => { refresh(); });
+        // Note: onAuthStateChanged has no unsubscribe yet (same as useAuth) — fine
+        // for a wallet button that mounts once.
+    }, [refresh]);
+    const switchWallet = React$2.useCallback(async (index) => {
+        const provider = getActiveMockPoofnetProvider();
+        if (provider) {
+            await provider.switchWallet(index);
+            await refresh();
+        }
+    }, [refresh]);
+    const generateWallet = React$2.useCallback(async () => {
+        const provider = getActiveMockPoofnetProvider();
+        if (provider) {
+            await provider.generateWallet();
+            await refresh();
+        }
+    }, [refresh]);
+    return {
+        isMock: state.isMock,
+        wallets: state.wallets,
+        activeIndex: state.activeIndex,
+        switchWallet,
+        generateWallet,
+        refresh,
+    };
+}
+
 async function deserializeTransaction(tx) {
     const buf = Buffer.isBuffer(tx) ? tx : Buffer.from(tx, 'base64');
     if ((buf[0] & 0x80) !== 0) {
@@ -18427,7 +18451,7 @@ async function loadDependencies() {
         const [reactModule, reactDomModule, phantomModule] = await Promise.all([
             import('react'),
             import('react-dom/client'),
-            import('./index-DQhWZskl.esm.js')
+            import('./index-TCh-Tz3A.esm.js')
         ]);
         // Extract default export from ESM module namespace
         // Dynamic import() returns { default: Module, ...exports }, not the module directly
@@ -18878,6 +18902,19 @@ class PhantomWalletProvider {
                     that.awaitTopLevelConnect();
                     return;
                 }
+                // C2: pre-warm Chrome's Local Network Access permission inside the
+                // tap gesture, so its prompt appears up-front instead of on return
+                // from the wallet (MWA opens a ws://localhost reflector only after
+                // the app-switch, which is why the prompt currently lands on return).
+                // Best-effort, Android top-level only. DEVICE-TEST: confirm Chrome
+                // grants this per-origin (so MWA's later random-port socket reuses
+                // it). If LNA turns out to be per-port, this won't pre-grant — cut it.
+                if (detectAndroid() && typeof WebSocket !== 'undefined') {
+                    try {
+                        new WebSocket('ws://localhost:1');
+                    }
+                    catch ( /* noop */_a) { /* noop */ }
+                }
                 if (that.onSwitchToMWA) {
                     try {
                         const mwaProvider = await that.onSwitchToMWA();
@@ -24615,7 +24652,7 @@ async function registerMobileWalletAdapter(config) {
     if (typeof window === 'undefined')
         return;
     try {
-        const walletStandardMobile = await import('./index.browser-CG2sQjrd.esm.js');
+        const walletStandardMobile = await import('./index.browser-CQxdFuE2.esm.js');
         const registerMwa = walletStandardMobile.registerMwa || ((_a = walletStandardMobile.default) === null || _a === void 0 ? void 0 : _a.registerMwa);
         if (!registerMwa) {
             console.warn('[SolanaMobileWallet] registerMwa not found in @solana-mobile/wallet-standard-mobile');
@@ -24754,7 +24791,7 @@ class SolanaMobileWalletProvider {
     async ensureWallet() {
         if (this.wallet)
             return this.wallet;
-        const mod = await import('./index.browser-CG2sQjrd.esm.js');
+        const mod = await import('./index.browser-CQxdFuE2.esm.js');
         const chain = mapChainToWalletStandard(this.cluster);
         this.wallet = new mod.LocalSolanaMobileWalletAdapterWallet({
             appIdentity: this.appIdentity,
@@ -24963,8 +25000,6 @@ class SolanaMobileWalletProvider {
                     return user;
                 }
             }
-            // Pre-fetch nonce while the wallet popup is not yet open.
-            const nonce = await genAuthNonce();
             // Wallet popup #1: standard:connect performs MWA authorize. This
             // is where wallet-standard's checkLocalNetworkAccessPermission()
             // fires the three-stage LNA UX (info modal → permission prompt →
@@ -25007,6 +25042,11 @@ class SolanaMobileWalletProvider {
             // Insert a Tarobase modal: the user's tap on "Sign in" provides a
             // fresh activation, and signMessage is invoked synchronously
             // inside the click handler so the activation propagates.
+            // C1: fetch the nonce HERE (after connect), not before — a pre-connect
+            // network round-trip was decaying the Chrome user activation needed for
+            // the connect's solana-wallet: navigation, intermittently causing
+            // ERROR_WALLET_NOT_FOUND. The nonce is only needed for the message below.
+            const nonce = await genAuthNonce();
             const messageText = await genSolanaMessage(base58Addr, nonce);
             const messageBytes = getPlatform().textEncode(messageText);
             const signMessageFeat = getSignMessageFeature(wallet);
@@ -25943,5 +25983,5 @@ class PrivyExpoProvider {
     }
 }
 
-export { getCachedData as $, subscribe as A, useAuth as B, deserializeTransaction as C, getIdToken as D, setPlatform as E, getPlatform as F, PrivyWalletProvider as G, DEFAULT_TEST_ADDRESS as H, isMobileWalletAvailable as I, registerMobileWalletAdapter as J, PrivyExpoProvider as K, InsufficientBalanceError as L, MockAuthProvider as M, ServerSessionManager as N, OffchainAuthProvider as O, PhantomWalletProvider as P, buildSetDocumentsTransaction as Q, ReactNativeSessionManager as R, SolanaMobileWalletProvider as S, clearCache as T, closeAllSubscriptions as U, convertRemainingAccounts as V, WebSessionManager as W, createSessionWithPrivy as X, createSessionWithSignature as Y, genAuthNonce as Z, genSolanaMessage as _, base58 as a, getMany as a0, reconnectWithNewAuth as a1, refreshSession as a2, signSessionCreateMessage as a3, bufferExports as b, getCurrentUser as c, onAuthLoadingChanged as d, getAuthLoading as e, logout as f, getDefaultExportFromCjs$1 as g, getConfig as h, init as i, getAuthProvider as j, get as k, login as l, setMany as m, setFile as n, onAuthStateChanged as o, getFiles as p, runQueryMany as q, runQuery as r, set as s, runExpression as t, runExpressionMany as u, signMessage as v, signTransaction as w, signAndSubmitTransaction as x, count as y, aggregate as z };
-//# sourceMappingURL=index-Cgaz8U9W.esm.js.map
+export { genSolanaMessage as $, subscribe as A, useAuth as B, usePoofnetWallet as C, deserializeTransaction as D, getIdToken as E, setPlatform as F, getPlatform as G, PrivyWalletProvider as H, DEFAULT_TEST_ADDRESS as I, isMobileWalletAvailable as J, registerMobileWalletAdapter as K, PrivyExpoProvider as L, MockAuthProvider as M, InsufficientBalanceError as N, OffchainAuthProvider as O, PhantomWalletProvider as P, ServerSessionManager as Q, ReactNativeSessionManager as R, SolanaMobileWalletProvider as S, buildSetDocumentsTransaction as T, clearCache as U, closeAllSubscriptions as V, WebSessionManager as W, convertRemainingAccounts as X, createSessionWithPrivy as Y, createSessionWithSignature as Z, genAuthNonce as _, base58 as a, getCachedData as a0, getMany as a1, reconnectWithNewAuth as a2, refreshSession as a3, signSessionCreateMessage as a4, bufferExports as b, getCurrentUser as c, onAuthLoadingChanged as d, getAuthLoading as e, logout as f, getDefaultExportFromCjs$1 as g, getConfig as h, init as i, getAuthProvider as j, get as k, login as l, setMany as m, setFile as n, onAuthStateChanged as o, getFiles as p, runQueryMany as q, runQuery as r, set as s, runExpression as t, runExpressionMany as u, signMessage as v, signTransaction as w, signAndSubmitTransaction as x, count as y, aggregate as z };
+//# sourceMappingURL=index-2wcE74zV.esm.js.map