@pooflabs/web 0.0.93 → 0.0.94

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (56) hide show
  1. package/dist/{index-beZzBYpc.esm.js → index-Blxu9ZBh.esm.js} +2407 -3
  2. package/dist/index-Blxu9ZBh.esm.js.map +1 -0
  3. package/dist/index-C2VF8Cds.esm.js +6 -0
  4. package/dist/index-C2VF8Cds.esm.js.map +1 -0
  5. package/dist/{index-Baq-MUI8.js → index-CGei1juZ.js} +2407 -3
  6. package/dist/index-CGei1juZ.js.map +1 -0
  7. package/dist/{index-CDoDnDyA.js → index-CdKrnAsF.js} +2406 -2
  8. package/dist/index-CdKrnAsF.js.map +1 -0
  9. package/dist/{index-DbX66ch3.esm.js → index-Cnx5UBPU.esm.js} +152 -30
  10. package/dist/index-Cnx5UBPU.esm.js.map +1 -0
  11. package/dist/{index-BRKarMUo.js → index-DOz63COz.js} +152 -28
  12. package/dist/index-DOz63COz.js.map +1 -0
  13. package/dist/{index-BJhw8pOb.esm.js → index-DSSkK8ZR.esm.js} +2406 -2
  14. package/dist/index-DSSkK8ZR.esm.js.map +1 -0
  15. package/dist/{index-Dw03bD6R.js → index-DzZ1tiet.js} +2 -2
  16. package/dist/index-DzZ1tiet.js.map +1 -0
  17. package/dist/{index.browser-D15wyxan.esm.js → index.browser-AkckBwjb.esm.js} +2 -2
  18. package/dist/{index.browser-D15wyxan.esm.js.map → index.browser-AkckBwjb.esm.js.map} +1 -1
  19. package/dist/{index.browser-CI4TkG8U.js → index.browser-By5vlelY.js} +2 -2
  20. package/dist/{index.browser-CI4TkG8U.js.map → index.browser-By5vlelY.js.map} +1 -1
  21. package/dist/{index.browser-BSQvgdMT.esm.js → index.browser-ClqAxUrJ.esm.js} +2 -2
  22. package/dist/{index.browser-BSQvgdMT.esm.js.map → index.browser-ClqAxUrJ.esm.js.map} +1 -1
  23. package/dist/{index.browser-Bmi3o9v0.js → index.browser-Um9-5Cbs.js} +2 -2
  24. package/dist/{index.browser-Bmi3o9v0.js.map → index.browser-Um9-5Cbs.js.map} +1 -1
  25. package/dist/index.esm.js +1 -1
  26. package/dist/index.js +1 -1
  27. package/dist/{index.native-0P9dPMFG.esm.js → index.native-9ugIwvrJ.esm.js} +152 -30
  28. package/dist/index.native-9ugIwvrJ.esm.js.map +1 -0
  29. package/dist/{index.native-DIXtlrL_.js → index.native-CpA5KDvL.js} +152 -28
  30. package/dist/index.native-CpA5KDvL.js.map +1 -0
  31. package/dist/index.native.esm.js +1 -1
  32. package/dist/index.native.js +1 -1
  33. package/dist/{phantom-wallet-provider-DV12qfW6.js → phantom-wallet-provider-LGxBWZXy.js} +4 -4
  34. package/dist/{phantom-wallet-provider-DV12qfW6.js.map → phantom-wallet-provider-LGxBWZXy.js.map} +1 -1
  35. package/dist/{phantom-wallet-provider-44BDf-tk.esm.js → phantom-wallet-provider-wskKKVNr.esm.js} +4 -4
  36. package/dist/{phantom-wallet-provider-44BDf-tk.esm.js.map → phantom-wallet-provider-wskKKVNr.esm.js.map} +1 -1
  37. package/dist/{privy-wallet-provider-CzoLQPiq.esm.js → privy-wallet-provider-B3bghDWY.esm.js} +3 -3
  38. package/dist/{privy-wallet-provider-CzoLQPiq.esm.js.map → privy-wallet-provider-B3bghDWY.esm.js.map} +1 -1
  39. package/dist/{privy-wallet-provider-CQnyjLEI.js → privy-wallet-provider-DsHSkIJJ.js} +3 -3
  40. package/dist/{privy-wallet-provider-CQnyjLEI.js.map → privy-wallet-provider-DsHSkIJJ.js.map} +1 -1
  41. package/dist/{solana-mobile-wallet-provider-BbvaCCuE.esm.js → solana-mobile-wallet-provider-CFYL4aOO.esm.js} +4 -4
  42. package/dist/{solana-mobile-wallet-provider-BbvaCCuE.esm.js.map → solana-mobile-wallet-provider-CFYL4aOO.esm.js.map} +1 -1
  43. package/dist/{solana-mobile-wallet-provider-BmXTQow5.js → solana-mobile-wallet-provider-EkUSbs-q.js} +4 -4
  44. package/dist/{solana-mobile-wallet-provider-BmXTQow5.js.map → solana-mobile-wallet-provider-EkUSbs-q.js.map} +1 -1
  45. package/package.json +2 -2
  46. package/dist/index-BJhw8pOb.esm.js.map +0 -1
  47. package/dist/index-BQN3A4SI.esm.js +0 -6
  48. package/dist/index-BQN3A4SI.esm.js.map +0 -1
  49. package/dist/index-BRKarMUo.js.map +0 -1
  50. package/dist/index-Baq-MUI8.js.map +0 -1
  51. package/dist/index-CDoDnDyA.js.map +0 -1
  52. package/dist/index-DbX66ch3.esm.js.map +0 -1
  53. package/dist/index-Dw03bD6R.js.map +0 -1
  54. package/dist/index-beZzBYpc.esm.js.map +0 -1
  55. package/dist/index.native-0P9dPMFG.esm.js.map +0 -1
  56. package/dist/index.native-DIXtlrL_.js.map +0 -1
package/dist/index.esm.js CHANGED
@@ -1,4 +1,4 @@
1
- export { J as DEFAULT_TEST_ADDRESS, Q as InsufficientBalanceError, M as MockAuthProvider, O as OffchainAuthProvider, P as PhantomWalletProvider, N as PrivyExpoProvider, I as PrivyWalletProvider, R as ReactNativeSessionManager, T as RealtimeStore, U as ServerSessionManager, S as SolanaMobileWalletProvider, W as WebSessionManager, B as aggregate, V as buildSetDocumentsTransaction, X as clearCache, Y as closeAllSubscriptions, Z as convertRemainingAccounts, A as count, _ as createSessionWithPrivy, $ as createSessionWithSignature, E as deserializeTransaction, m as exportWallet, a0 as genAuthNonce, a1 as genSolanaMessage, n as get, e as getAuthLoading, j as getAuthProvider, a2 as getCachedData, h as getConfig, k as getCurrentAuthMethod, c as getCurrentUser, r as getFiles, F as getIdToken, a3 as getMany, H as getPlatform, a4 as getRealtimeStore, a5 as hasActiveConnection, i as init, K as isMobileWalletAvailable, l as login, f as logout, d as onAuthLoadingChanged, o as onAuthStateChanged, a6 as reconnectWithNewAuth, a7 as refreshSession, L as registerMobileWalletAdapter, a8 as resetRealtimeStore, v as runExpression, w as runExpressionMany, t as runQuery, u as runQueryMany, s as set, q as setFile, p as setMany, G as setPlatform, z as signAndSubmitTransaction, x as signMessage, a9 as signSessionCreateMessage, y as signTransaction, C as subscribe, D as useAuth, aa as wsDelete, ab as wsGet, ac as wsGetMany, ad as wsQuery, ae as wsSet } from './index-DbX66ch3.esm.js';
1
+ export { L as DEFAULT_TEST_ADDRESS, T as InsufficientBalanceError, M as MockAuthProvider, O as OffchainAuthProvider, P as PhantomWalletProvider, R as PrivyExpoProvider, K as PrivyWalletProvider, U as ReactNativeSessionManager, V as RealtimeStore, W as ServerSessionManager, S as SolanaMobileWalletProvider, X as WebSessionManager, D as aggregate, Y as buildSetDocumentsTransaction, Z as clearCache, _ as closeAllSubscriptions, $ as convertRemainingAccounts, C as count, a0 as createSessionWithPrivy, a1 as createSessionWithSignature, G as deserializeTransaction, n as exportWallet, a2 as genAuthNonce, a3 as genSolanaMessage, p as get, f as getAuthLoading, k as getAuthProvider, a4 as getCachedData, j as getConfig, m as getCurrentAuthMethod, d as getCurrentUser, u as getFiles, H as getIdToken, a5 as getMany, J as getPlatform, a6 as getRealtimeStore, a7 as hasActiveConnection, i as init, N as isMobileWalletAvailable, l as login, h as logout, e as onAuthLoadingChanged, o as onAuthStateChanged, a8 as reconnectWithNewAuth, a9 as refreshSession, Q as registerMobileWalletAdapter, aa as resetRealtimeStore, x as runExpression, y as runExpressionMany, v as runQuery, w as runQueryMany, s as set, t as setFile, q as setMany, I as setPlatform, B as signAndSubmitTransaction, z as signMessage, ab as signSessionCreateMessage, A as signTransaction, E as subscribe, F as useAuth, ac as wsDelete, ad as wsGet, ae as wsGetMany, af as wsQuery, ag as wsSet } from './index-Cnx5UBPU.esm.js';
2
2
  import 'axios';
3
3
  import '@solana/web3.js';
4
4
  import '@coral-xyz/anchor';
package/dist/index.js CHANGED
@@ -1,6 +1,6 @@
1
1
  'use strict';
2
2
 
3
- var index = require('./index-BRKarMUo.js');
3
+ var index = require('./index-DOz63COz.js');
4
4
  require('axios');
5
5
  require('@solana/web3.js');
6
6
  require('@coral-xyz/anchor');
@@ -1,5 +1,5 @@
1
1
  import globalAxios from 'axios';
2
- import { PublicKey, SystemProgram, TransactionInstruction, ComputeBudgetProgram, Keypair, VersionedTransaction, TransactionMessage, Transaction, Connection } from '@solana/web3.js';
2
+ import { PublicKey, SystemProgram, TransactionInstruction, Connection, VersionedTransaction, ComputeBudgetProgram, Keypair, TransactionMessage, Transaction } from '@solana/web3.js';
3
3
  import * as anchor from '@coral-xyz/anchor';
4
4
  import { Program } from '@coral-xyz/anchor';
5
5
  import * as React from 'react';
@@ -6683,7 +6683,14 @@ async function createSessionWithPrivy(authToken, address, privyIdToken) {
6683
6683
  const appId = config.appId;
6684
6684
  const response = await client.post('/session', {
6685
6685
  appId,
6686
- authMethod: config.authMethod,
6686
+ // createSessionWithPrivy is, by definition, the Privy session path, so the
6687
+ // server must receive authMethod:'privy' (its branch validates authToken+
6688
+ // idToken+appId). Do NOT read config.authMethod here: on a Phantom-primary app
6689
+ // with the staged Privy email swap, config.authMethod is still 'phantom' at this
6690
+ // point (commitPrivy runs after login() resolves), which routes the request to
6691
+ // the signature/message branch and fails. Hardcoding 'privy' also correctly
6692
+ // covers 'privy-expo', which the backend expects mapped to 'privy'.
6693
+ authMethod: 'privy',
6687
6694
  authToken,
6688
6695
  idToken: privyIdToken,
6689
6696
  address
@@ -9940,6 +9947,14 @@ async function updateIdTokenAndAccessToken(idToken, accessToken, isServer = fals
9940
9947
  await WebSessionManager.updateIdTokenAndAccessToken(idToken, accessToken);
9941
9948
  }
9942
9949
 
9950
+ var utils = /*#__PURE__*/Object.freeze({
9951
+ __proto__: null,
9952
+ createAuthHeader: createAuthHeader,
9953
+ getIdToken: getIdToken$1,
9954
+ getRefreshToken: getRefreshToken,
9955
+ updateIdTokenAndAccessToken: updateIdTokenAndAccessToken
9956
+ });
9957
+
9943
9958
  const apiClient = globalAxios.create();
9944
9959
  axiosRetry(apiClient, {
9945
9960
  retries: 2,
@@ -10367,7 +10382,7 @@ async function get(path, opts = {}) {
10367
10382
  // For realtime chains, prefer WebSocket reads (lower latency, already connected)
10368
10383
  const config = await getConfig();
10369
10384
  const pathIsDocument = normalizedPath.split("/").length % 2 === 0;
10370
- if (((_a = config.chain) === null || _a === void 0 ? void 0 : _a.startsWith('realtime_')) && !config.isServer && !opts.prompt && !opts.shape && !opts.cursor) {
10385
+ if (((_a = config.chain) === null || _a === void 0 ? void 0 : _a.startsWith('realtime_')) && !config.isServer && !opts.prompt && !opts.shape && !opts.cursor && !opts.includeSubPaths) {
10371
10386
  try {
10372
10387
  const { wsGet, wsQuery, hasActiveConnection } = await Promise.resolve().then(function () { return subscriptionV2; });
10373
10388
  if (hasActiveConnection()) {
@@ -10598,7 +10613,7 @@ async function set(path, document, options) {
10598
10613
  return result;
10599
10614
  }
10600
10615
  async function setMany(many, options) {
10601
- var _a, _b, _c, _d, _e, _f, _g, _h;
10616
+ var _a, _b, _c, _d, _e, _f, _g, _h, _j;
10602
10617
  // Returns the data that was set, or undefined if the document was already set.
10603
10618
  try {
10604
10619
  const config = await getConfig();
@@ -10641,12 +10656,24 @@ async function setMany(many, options) {
10641
10656
  try {
10642
10657
  const { wsSet, hasActiveConnection } = await Promise.resolve().then(function () { return subscriptionV2; });
10643
10658
  if (hasActiveConnection()) {
10659
+ // Connection is active — send via WS. If this throws, the write
10660
+ // may have been applied server-side (ack lost). Do NOT fall through
10661
+ // to HTTP, as that would double-apply non-idempotent ops (Increment).
10644
10662
  const wsResult = await wsSet(documents);
10645
- // Normalize to same shape as HTTP 200 response so downstream handling is identical
10646
10663
  setResponse = { data: wsResult, status: 200 };
10647
10664
  }
10648
10665
  }
10649
- catch ( /* fall through to HTTP */_j) { /* fall through to HTTP */ }
10666
+ catch (wsError) {
10667
+ // Only fall through to HTTP if the request was never sent (connection not available).
10668
+ // If the request was sent and ack was lost (timeout), the server may have
10669
+ // applied it — re-sending via HTTP risks double-write for non-idempotent ops.
10670
+ const msg = (_d = wsError === null || wsError === void 0 ? void 0 : wsError.message) !== null && _d !== void 0 ? _d : '';
10671
+ const neverSent = msg.includes('not available') || msg.includes('connection timeout');
10672
+ if (!neverSent) {
10673
+ throw wsError;
10674
+ }
10675
+ // Safe to retry via HTTP — request was never sent
10676
+ }
10650
10677
  }
10651
10678
  if (!setResponse) {
10652
10679
  setResponse = await makeApiRequest('PUT', `items`, { documents }, options === null || options === void 0 ? void 0 : options._overrides);
@@ -10654,9 +10681,9 @@ async function setMany(many, options) {
10654
10681
  }
10655
10682
  catch (error) {
10656
10683
  if ((error === null || error === void 0 ? void 0 : error.statusCode) === 402 && (error === null || error === void 0 ? void 0 : error.error) === 'INSUFFICIENT_BALANCE') {
10657
- const deficitLamports = Number((_d = error.deficitLamports) !== null && _d !== void 0 ? _d : 0);
10658
- const deficitSol = Number((_e = error.deficitSol) !== null && _e !== void 0 ? _e : deficitLamports / 1000000000);
10659
- throw new InsufficientBalanceError(String((_f = error.address) !== null && _f !== void 0 ? _f : ''), Number((_g = error.balanceLamports) !== null && _g !== void 0 ? _g : 0), Number((_h = error.estimatedCostLamports) !== null && _h !== void 0 ? _h : 0), deficitLamports, deficitSol);
10684
+ const deficitLamports = Number((_e = error.deficitLamports) !== null && _e !== void 0 ? _e : 0);
10685
+ const deficitSol = Number((_f = error.deficitSol) !== null && _f !== void 0 ? _f : deficitLamports / 1000000000);
10686
+ throw new InsufficientBalanceError(String((_g = error.address) !== null && _g !== void 0 ? _g : ''), Number((_h = error.balanceLamports) !== null && _h !== void 0 ? _h : 0), Number((_j = error.estimatedCostLamports) !== null && _j !== void 0 ? _j : 0), deficitLamports, deficitSol);
10660
10687
  }
10661
10688
  throw error;
10662
10689
  }
@@ -10678,7 +10705,13 @@ async function setMany(many, options) {
10678
10705
  let signedTransaction = undefined;
10679
10706
  for (let i = 0; i < transactions.length; i++) {
10680
10707
  const curTx = transactions[i];
10681
- const transactionResult = await handleSolanaTransaction(curTx, authProvider, options);
10708
+ let transactionResult;
10709
+ if (curTx.serializedTransaction) {
10710
+ transactionResult = await handlePreBuiltTransaction(curTx, authProvider, options);
10711
+ }
10712
+ else {
10713
+ transactionResult = await handleSolanaTransaction(curTx, authProvider, options);
10714
+ }
10682
10715
  lastTxSignature = transactionResult.transactionSignature;
10683
10716
  signedTransaction = transactionResult.signedTransaction;
10684
10717
  }
@@ -10784,6 +10817,68 @@ async function setMany(many, options) {
10784
10817
  const transactionResult = await authProvider.runTransaction(undefined, solTransaction, options);
10785
10818
  return transactionResult;
10786
10819
  }
10820
+ async function handlePreBuiltTransaction(tx, authProvider, options) {
10821
+ var _a, _b;
10822
+ const config = await getConfig();
10823
+ const rpcUrl = config.rpcUrl || (tx.network === 'solana_devnet'
10824
+ ? 'https://api.devnet.solana.com'
10825
+ : 'https://api.mainnet-beta.solana.com');
10826
+ const connection = new Connection(rpcUrl, 'confirmed');
10827
+ const txBytes = bufferExports.Buffer.from(tx.serializedTransaction, 'base64');
10828
+ const transaction = VersionedTransaction.deserialize(txBytes);
10829
+ // Validate the transaction before signing: ensure only allowed programs
10830
+ // and no unauthorized System program instructions (e.g., SOL transfers)
10831
+ const TAROBASE_PROGRAM = 'poof4b5pk1L9tmThvBmaABjcyjfhFGbMbQP5BXk2QZp';
10832
+ const COMPUTE_BUDGET = 'ComputeBudget111111111111111111111111111111';
10833
+ const SYSTEM_PROGRAM = '11111111111111111111111111111111';
10834
+ const ALLOWED_PROGRAMS = new Set([TAROBASE_PROGRAM, COMPUTE_BUDGET, SYSTEM_PROGRAM]);
10835
+ // System program instruction discriminators (first 4 bytes, little-endian u32)
10836
+ const SYSTEM_TRANSFER = 2; // Transfer instruction index
10837
+ const SYSTEM_TRANSFER_WITH_SEED = 11;
10838
+ const accountKeys = transaction.message.staticAccountKeys;
10839
+ for (const ix of transaction.message.compiledInstructions) {
10840
+ if (ix.programIdIndex >= accountKeys.length) {
10841
+ throw new Error('Pre-built transaction has program ID in lookup table (not allowed)');
10842
+ }
10843
+ const programId = accountKeys[ix.programIdIndex].toBase58();
10844
+ if (!ALLOWED_PROGRAMS.has(programId)) {
10845
+ throw new Error(`Pre-built transaction contains unauthorized program: ${programId}`);
10846
+ }
10847
+ // Block System program transfer instructions — a compromised DO could
10848
+ // embed a SOL drain. Only allow createAccount/allocate (needed for PDA init).
10849
+ if (programId === SYSTEM_PROGRAM && ix.data.length >= 4) {
10850
+ const ixIndex = ix.data[0] | (ix.data[1] << 8) | (ix.data[2] << 16) | (ix.data[3] << 24);
10851
+ if (ixIndex === SYSTEM_TRANSFER || ixIndex === SYSTEM_TRANSFER_WITH_SEED) {
10852
+ throw new Error('Pre-built transaction contains unauthorized System transfer instruction');
10853
+ }
10854
+ }
10855
+ }
10856
+ const signedTx = await authProvider.signTransaction(transaction);
10857
+ const rawTx = signedTx.serialize();
10858
+ if ((options === null || options === void 0 ? void 0 : options.shouldSubmitTx) === false) {
10859
+ return {
10860
+ transactionSignature: '',
10861
+ signedTransaction: bufferExports.Buffer.from(rawTx).toString('base64'),
10862
+ blockNumber: 0,
10863
+ gasUsed: '0',
10864
+ };
10865
+ }
10866
+ const signature = await connection.sendRawTransaction(rawTx, {
10867
+ skipPreflight: false,
10868
+ maxRetries: 3,
10869
+ });
10870
+ const confirmation = await connection.confirmTransaction({
10871
+ signature,
10872
+ blockhash: tx.blockhash,
10873
+ lastValidBlockHeight: tx.lastValidBlockHeight,
10874
+ }, 'confirmed');
10875
+ return {
10876
+ transactionSignature: signature,
10877
+ signedTransaction: bufferExports.Buffer.from(rawTx).toString('base64'),
10878
+ blockNumber: (_b = (_a = confirmation.context) === null || _a === void 0 ? void 0 : _a.slot) !== null && _b !== void 0 ? _b : 0,
10879
+ gasUsed: '0',
10880
+ };
10881
+ }
10787
10882
  async function handleOffchainTransaction(tx, authProvider, options) {
10788
10883
  var _a, _b, _c, _d, _e, _f;
10789
10884
  const config = await getConfig();
@@ -12096,30 +12191,53 @@ class RealtimeStore {
12096
12191
  this.idbDirtyKeys = new Set();
12097
12192
  this.closed = false;
12098
12193
  this.authToken = null;
12194
+ this.isServer = false;
12195
+ this.tokenRefreshTimer = null;
12196
+ // -----------------------------------------------------------------------
12197
+ // WebSocket connection
12198
+ // -----------------------------------------------------------------------
12199
+ this.initPromise = null;
12099
12200
  }
12100
12201
  // -----------------------------------------------------------------------
12101
12202
  // Initialization
12102
12203
  // -----------------------------------------------------------------------
12103
12204
  async init() {
12104
- var _a, _b;
12105
12205
  const config = await getConfig();
12106
12206
  this.appId = config.appId;
12107
12207
  this.wsUrl = config.wsApiUrl;
12108
- if (config.authProvider) {
12109
- try {
12110
- const headers = await ((_b = (_a = config.authProvider).getAuthHeaders) === null || _b === void 0 ? void 0 : _b.call(_a));
12111
- if (headers === null || headers === void 0 ? void 0 : headers.Authorization) {
12112
- this.authToken = headers.Authorization.replace('Bearer ', '');
12113
- }
12114
- }
12115
- catch ( /* no auth */_c) { /* no auth */ }
12208
+ this.isServer = config.isServer;
12209
+ await this.refreshToken();
12210
+ this.startTokenRefresh();
12211
+ }
12212
+ async refreshToken() {
12213
+ try {
12214
+ const { getIdToken } = await Promise.resolve().then(function () { return utils; });
12215
+ const token = await getIdToken(this.isServer);
12216
+ if (token)
12217
+ this.authToken = token;
12116
12218
  }
12219
+ catch ( /* no auth available */_a) { /* no auth available */ }
12220
+ }
12221
+ startTokenRefresh() {
12222
+ if (this.tokenRefreshTimer)
12223
+ return;
12224
+ this.tokenRefreshTimer = setInterval(async () => {
12225
+ var _a;
12226
+ const prevToken = this.authToken;
12227
+ await this.refreshToken();
12228
+ if (this.authToken && this.authToken !== prevToken && ((_a = this.ws) === null || _a === void 0 ? void 0 : _a.readyState) === WebSocket.OPEN) {
12229
+ // Token changed — reconnect with fresh token
12230
+ this.ws.close(1000, 'Token refreshed');
12231
+ }
12232
+ }, 5 * 60 * 1000); // Check every 5 minutes
12117
12233
  }
12118
- // -----------------------------------------------------------------------
12119
- // WebSocket connection
12120
- // -----------------------------------------------------------------------
12121
12234
  async ensureConnected() {
12122
12235
  var _a;
12236
+ if (!this.appId) {
12237
+ if (!this.initPromise)
12238
+ this.initPromise = this.init();
12239
+ await this.initPromise;
12240
+ }
12123
12241
  if (((_a = this.ws) === null || _a === void 0 ? void 0 : _a.readyState) === WebSocket.OPEN)
12124
12242
  return;
12125
12243
  if (this.connectPromise)
@@ -12135,10 +12253,12 @@ class RealtimeStore {
12135
12253
  }
12136
12254
  const params = new URLSearchParams();
12137
12255
  params.set('apiKey', this.appId);
12138
- // Auth token sent via subprotocol to avoid leaking in URL/logs
12256
+ if (this.authToken)
12257
+ params.set('authorization', this.authToken);
12258
+ // Note: token in URL is required until DO server supports subprotocol auth.
12259
+ // WSS encrypts the full URL including query params on the wire.
12139
12260
  const url = `${this.wsUrl}?${params.toString()}`;
12140
- const protocols = this.authToken ? [`bearer-${this.authToken}`] : undefined;
12141
- const ws = protocols ? new WebSocket(url, protocols) : new WebSocket(url);
12261
+ const ws = new WebSocket(url);
12142
12262
  this.ws = ws;
12143
12263
  const onOpen = () => {
12144
12264
  ws.removeEventListener('error', onError);
@@ -12769,6 +12889,8 @@ class RealtimeStore {
12769
12889
  clearTimeout(this.reconnectTimer);
12770
12890
  if (this.idbFlushTimer)
12771
12891
  clearTimeout(this.idbFlushTimer);
12892
+ if (this.tokenRefreshTimer)
12893
+ clearInterval(this.tokenRefreshTimer);
12772
12894
  this.flushIdb();
12773
12895
  if (this.ws) {
12774
12896
  this.ws.close(1000, 'Store closed');
@@ -13878,15 +14000,15 @@ function clearIncompatibleSession() {
13878
14000
  // Lazy loaders for web-only providers.
13879
14001
  // Using dynamic import() ensures Metro (RN) never resolves these modules.
13880
14002
  async function loadPrivyWalletProvider() {
13881
- const mod = await import('./privy-wallet-provider-CzoLQPiq.esm.js');
14003
+ const mod = await import('./privy-wallet-provider-B3bghDWY.esm.js');
13882
14004
  return mod.PrivyWalletProvider;
13883
14005
  }
13884
14006
  async function loadPhantomWalletProvider() {
13885
- const mod = await import('./phantom-wallet-provider-44BDf-tk.esm.js');
14007
+ const mod = await import('./phantom-wallet-provider-wskKKVNr.esm.js');
13886
14008
  return { PhantomWalletProvider: mod.PhantomWalletProvider };
13887
14009
  }
13888
14010
  async function loadSolanaMobileWalletProvider() {
13889
- const mod = await import('./solana-mobile-wallet-provider-BbvaCCuE.esm.js');
14011
+ const mod = await import('./solana-mobile-wallet-provider-CFYL4aOO.esm.js');
13890
14012
  return mod.SolanaMobileWalletProvider;
13891
14013
  }
13892
14014
  async function hotSwapToPrivyProvider(config) {
@@ -17301,5 +17423,5 @@ class PrivyExpoProvider {
17301
17423
  }
17302
17424
  }
17303
17425
 
17304
- export { RealtimeStore as $, get as A, set as B, setMany as C, setFile as D, getFiles as E, runQuery as F, runQueryMany as G, runExpression as H, runExpressionMany as I, signMessage as J, signTransaction as K, signAndSubmitTransaction as L, count as M, aggregate as N, subscribe as O, useAuth as P, deserializeTransaction as Q, getIdToken as R, SOLANA_MAINNET_RPC_URL as S, setPlatform as T, MockAuthProvider as U, DEFAULT_TEST_ADDRESS as V, WebSessionManager as W, OffchainAuthProvider as X, PrivyExpoProvider as Y, InsufficientBalanceError as Z, ReactNativeSessionManager as _, SOLANA_DEVNET_RPC_URL as a, ServerSessionManager as a0, clearCache as a1, closeAllSubscriptions as a2, getCachedData as a3, getMany as a4, getRealtimeStore as a5, hasActiveConnection as a6, reconnectWithNewAuth as a7, refreshSession as a8, resetRealtimeStore as a9, signSessionCreateMessage as aa, wsDelete as ab, wsGet as ac, wsGetMany as ad, wsQuery as ae, wsSet as af, index as ag, buildSetDocumentsTransaction as b, convertRemainingAccounts as c, base58 as d, confirmAndCheckTransaction as e, createSessionWithPrivy as f, getPlatform as g, SURFNET_RPC_URL$1 as h, detectMobile as i, detectAndroid as j, setAuthLoading as k, genAuthNonce as l, genSolanaMessage as m, createSessionWithSignature as n, getDefaultExportFromCjs$1 as o, init as p, getCurrentUser as q, requireBuffer as r, setCurrentUser as s, onAuthStateChanged as t, onAuthLoadingChanged as u, getAuthLoading as v, login as w, logout as x, getConfig as y, getAuthProvider as z };
17305
- //# sourceMappingURL=index.native-0P9dPMFG.esm.js.map
17426
+ export { InsufficientBalanceError as $, getConfig as A, getAuthProvider as B, get as C, set as D, setMany as E, setFile as F, getFiles as G, runQuery as H, runQueryMany as I, runExpression as J, runExpressionMany as K, signMessage as L, signTransaction as M, signAndSubmitTransaction as N, count as O, aggregate as P, subscribe as Q, useAuth as R, SOLANA_MAINNET_RPC_URL as S, deserializeTransaction as T, getIdToken as U, setPlatform as V, WebSessionManager as W, MockAuthProvider as X, DEFAULT_TEST_ADDRESS as Y, OffchainAuthProvider as Z, PrivyExpoProvider as _, SOLANA_DEVNET_RPC_URL as a, ReactNativeSessionManager as a0, RealtimeStore as a1, ServerSessionManager as a2, clearCache as a3, closeAllSubscriptions as a4, getCachedData as a5, getMany as a6, getRealtimeStore as a7, hasActiveConnection as a8, reconnectWithNewAuth as a9, refreshSession as aa, resetRealtimeStore as ab, signSessionCreateMessage as ac, wsDelete as ad, wsGet as ae, wsGetMany as af, wsQuery as ag, wsSet as ah, index as ai, buildSetDocumentsTransaction as b, convertRemainingAccounts as c, base58 as d, confirmAndCheckTransaction as e, createSessionWithPrivy as f, getPlatform as g, SURFNET_RPC_URL$1 as h, detectMobile as i, detectAndroid as j, setAuthLoading as k, genAuthNonce as l, genSolanaMessage as m, createSessionWithSignature as n, commonjsRequire as o, require$$0 as p, getDefaultExportFromCjs$1 as q, requireBuffer as r, setCurrentUser as s, init as t, getCurrentUser as u, onAuthStateChanged as v, onAuthLoadingChanged as w, getAuthLoading as x, login as y, logout as z };
17427
+ //# sourceMappingURL=index.native-9ugIwvrJ.esm.js.map