@rhinestone/1auth 0.1.2 → 0.5.0

package/dist/index.js

@@ -34,11 +34,8 @@ __export(index_exports, {
   BatchQueueWidget: () => BatchQueueWidget,
   ETHEREUM_MESSAGE_PREFIX: () => ETHEREUM_MESSAGE_PREFIX,
   OneAuthClient: () => OneAuthClient,
-  PASSKEY_MESSAGE_PREFIX: () => PASSKEY_MESSAGE_PREFIX,
-  PasskeyProviderClient: () => OneAuthClient,
   createOneAuthProvider: () => createOneAuthProvider,
   createPasskeyAccount: () => createPasskeyAccount,
-  createPasskeyProvider: () => createPasskeyProvider,
   createPasskeyWalletClient: () => createPasskeyWalletClient,
   encodeWebAuthnSignature: () => encodeWebAuthnSignature,
   getAllSupportedChainsAndTokens: () => getAllSupportedChainsAndTokens,
@@ -71,12 +68,15 @@ var import_viem = require("viem");
 var viemChains = __toESM(require("viem/chains"));
 var import_sdk = require("@rhinestone/sdk");
 var env = typeof process !== "undefined" ? process.env : {};
-var ALL_VIEM_CHAINS = Object.values(viemChains).filter(
-  (value) => typeof value === "object" && value !== null && "id" in value && "name" in value
-);
-var VIEM_CHAIN_BY_ID = new Map(
-  ALL_VIEM_CHAINS.map((chain) => [chain.id, chain])
-);
+var VIEM_CHAIN_BY_ID = /* @__PURE__ */ new Map();
+for (const value of Object.values(viemChains)) {
+  if (typeof value !== "object" || value === null || !("id" in value) || !("name" in value)) continue;
+  const chain = value;
+  const existing = VIEM_CHAIN_BY_ID.get(chain.id);
+  if (!existing || existing.testnet && !chain.testnet) {
+    VIEM_CHAIN_BY_ID.set(chain.id, chain);
+  }
+}
 var SUPPORTED_CHAIN_IDS = new Set(
   (0, import_sdk.getAllSupportedChainsAndTokens)().map((entry) => entry.chainId)
 );
@@ -197,7 +197,7 @@ var POPUP_WIDTH = 450;
 var POPUP_HEIGHT = 600;
 var DEFAULT_EMBED_WIDTH = "400px";
 var DEFAULT_EMBED_HEIGHT = "500px";
-var MODAL_WIDTH = 360;
+var MODAL_WIDTH = 340;
 var DEFAULT_PROVIDER_URL = "https://passkey.1auth.box";
 var OneAuthClient = class {
   constructor(config) {
@@ -205,6 +205,12 @@ var OneAuthClient = class {
     const dialogUrl = config.dialogUrl || providerUrl;
     this.config = { ...config, providerUrl, dialogUrl };
     this.theme = this.config.theme || {};
+    if (typeof document !== "undefined") {
+      this.injectPreconnect(providerUrl);
+      if (dialogUrl !== providerUrl) {
+        this.injectPreconnect(dialogUrl);
+      }
+    }
   }
   /**
    * Update the theme configuration at runtime
@@ -285,7 +291,28 @@ var OneAuthClient = class {
     return void 0;
   }
   /**
-   * Open the auth dialog (sign in + sign up).
+   * Open the authentication modal (sign in + sign up).
+   *
+   * Handles both new user registration and returning user login in a single
+   * call — the modal shows the appropriate flow based on whether the user
+   * has a passkey registered.
+   *
+   * @param options.username - Pre-fill the username field
+   * @param options.theme - Override the theme for this modal invocation
+   * @param options.oauthEnabled - Set to false to hide OAuth sign-in buttons
+   * @returns {@link AuthResult} with user details and typed address
+   *
+   * @example
+   * ```typescript
+   * const result = await client.authWithModal();
+   *
+   * if (result.success) {
+   *   console.log('Signed in as:', result.user?.username);
+   *   console.log('Address:', result.user?.address); // typed `0x${string}`
+   * } else if (result.error?.code === 'USER_CANCELLED') {
+   *   // User closed the modal
+   * }
+   * ```
    */
   async authWithModal(options) {
     const dialogUrl = this.getDialogUrl();
@@ -325,7 +352,7 @@ var OneAuthClient = class {
    * const result = await client.connectWithModal();
    *
    * if (result.success) {
-   *   console.log('Connected as:', result.username);
+   *   console.log('Connected as:', result.user?.username);
    * } else if (result.action === 'switch') {
    *   // User needs to sign in first
    *   const authResult = await client.authWithModal();
@@ -359,6 +386,133 @@ var OneAuthClient = class {
     }
     return this.waitForConnectResponse(dialog, iframe, cleanup);
   }
+  /**
+   * Check if a user has already granted consent for the requested fields.
+   * This is a read-only check — no dialog is shown.
+   *
+   * @example
+   * ```typescript
+   * const result = await client.checkConsent({
+   *   username: "alice",
+   *   fields: ["email"],
+   * });
+   * if (result.hasConsent) {
+   *   console.log(result.data?.email);
+   * }
+   * ```
+   */
+  async checkConsent(options) {
+    const clientId = options.clientId ?? this.config.clientId;
+    if (!clientId) {
+      return {
+        hasConsent: false
+      };
+    }
+    const username = options.username ?? options.accountAddress;
+    if (!username) {
+      return {
+        hasConsent: false
+      };
+    }
+    try {
+      const res = await fetch(`${this.config.providerUrl || "https://passkey.1auth.box"}/api/consent`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          ...clientId ? { "x-client-id": clientId } : {}
+        },
+        body: JSON.stringify({
+          username,
+          requestedFields: options.fields,
+          clientId
+        })
+      });
+      if (!res.ok) {
+        return { hasConsent: false };
+      }
+      const data = await res.json();
+      return {
+        hasConsent: data.hasConsent ?? false,
+        data: data.data,
+        grantedAt: data.grantedAt
+      };
+    } catch {
+      return { hasConsent: false };
+    }
+  }
+  /**
+   * Request consent from the user to share their data.
+   *
+   * First checks if consent was already granted (returns cached data immediately).
+   * If not, opens the consent dialog where the user can review and approve sharing.
+   *
+   * @example
+   * ```typescript
+   * const result = await client.requestConsent({
+   *   username: "alice",
+   *   fields: ["email", "deviceNames"],
+   * });
+   * if (result.success) {
+   *   console.log(result.data?.email);
+   *   console.log(result.cached); // true if no dialog was shown
+   * }
+   * ```
+   */
+  async requestConsent(options) {
+    const clientId = options.clientId ?? this.config.clientId;
+    if (!clientId) {
+      return {
+        success: false,
+        error: { code: "INVALID_REQUEST", message: "clientId is required (set in config or options)" }
+      };
+    }
+    const username = options.username ?? options.accountAddress;
+    if (!username) {
+      return {
+        success: false,
+        error: { code: "INVALID_REQUEST", message: "username or accountAddress is required" }
+      };
+    }
+    if (!options.fields || options.fields.length === 0) {
+      return {
+        success: false,
+        error: { code: "INVALID_REQUEST", message: "At least one field is required" }
+      };
+    }
+    const existing = await this.checkConsent({ ...options, clientId });
+    if (existing.hasConsent && existing.data) {
+      return {
+        success: true,
+        data: existing.data,
+        grantedAt: existing.grantedAt,
+        cached: true
+      };
+    }
+    const dialogUrl = this.getDialogUrl();
+    const params = new URLSearchParams({
+      mode: "iframe",
+      username,
+      clientId,
+      fields: options.fields.join(",")
+    });
+    const themeParams = this.getThemeParams(options.theme);
+    if (themeParams) {
+      const themeParsed = new URLSearchParams(themeParams);
+      themeParsed.forEach((value, key) => params.set(key, value));
+    }
+    const url = `${dialogUrl}/dialog/consent?${params.toString()}`;
+    const { dialog, iframe, cleanup } = this.createModalDialog(url);
+    const ready = await this.waitForDialogReady(dialog, iframe, cleanup, {
+      mode: "iframe"
+    });
+    if (!ready) {
+      return {
+        success: false,
+        error: { code: "USER_CANCELLED", message: "User closed the dialog" }
+      };
+    }
+    return this.waitForConsentResponse(dialog, iframe, cleanup);
+  }
   /**
    * Authenticate a user with an optional challenge to sign.
    *
@@ -376,17 +530,16 @@ var OneAuthClient = class {
    *
    * @example
    * ```typescript
-   * // Authenticate with a login challenge
    * const result = await client.authenticate({
    *   challenge: `Login to MyApp\nTimestamp: ${Date.now()}\nNonce: ${crypto.randomUUID()}`
    * });
    *
-   * if (result.success && result.signature) {
+   * if (result.success && result.challenge) {
    *   // Verify signature server-side
    *   const isValid = await verifyOnServer(
-   *     result.username,
-   *     result.signature,
-   *     result.signedHash
+   *     result.user?.username,
+   *     result.challenge.signature,
+   *     result.challenge.signedHash
    *   );
    * }
    * ```
@@ -486,7 +639,8 @@ var OneAuthClient = class {
         }
       };
     }
-    if (!username && !signedIntent?.accountAddress) {
+    const accountAddress = signedIntent?.accountAddress || options.accountAddress;
+    if (!username && !accountAddress) {
       return {
         success: false,
         intentId: "",
@@ -515,6 +669,7 @@ var OneAuthClient = class {
     let prepareResponse;
     const requestBody = signedIntent || {
       username: options.username,
+      accountAddress: options.accountAddress,
       targetChain: options.targetChain,
       calls: options.calls,
       tokenRequests: serializedTokenRequests,
@@ -522,48 +677,35 @@ var OneAuthClient = class {
       sourceChainId: options.sourceChainId,
       ...this.config.clientId && { clientId: this.config.clientId }
     };
-    try {
-      const response = await fetch(`${this.config.providerUrl}/api/intent/prepare`, {
-        method: "POST",
-        headers: {
-          "Content-Type": "application/json"
-        },
-        body: JSON.stringify(requestBody)
-      });
-      if (!response.ok) {
-        const errorData = await response.json().catch(() => ({}));
-        const errorMessage = errorData.error || "Failed to prepare intent";
-        if (errorMessage.includes("User not found")) {
-          localStorage.removeItem("1auth-user");
-        }
-        return {
-          success: false,
-          intentId: "",
-          status: "failed",
-          error: {
-            code: errorMessage.includes("User not found") ? "USER_NOT_FOUND" : "PREPARE_FAILED",
-            message: errorMessage
-          }
-        };
-      }
-      prepareResponse = await response.json();
-    } catch (error) {
+    const dialogUrl = this.getDialogUrl();
+    const themeParams = this.getThemeParams();
+    const signingUrl = `${dialogUrl}/dialog/sign?mode=iframe${themeParams ? `&${themeParams}` : ""}`;
+    const { dialog, iframe, cleanup } = this.createModalDialog(signingUrl);
+    const [prepareResult, dialogResult] = await Promise.all([
+      this.prepareIntent(requestBody),
+      this.waitForDialogReadyDeferred(dialog, iframe, cleanup)
+    ]);
+    if (!dialogResult.ready) {
       return {
         success: false,
         intentId: "",
         status: "failed",
-        error: {
-          code: "NETWORK_ERROR",
-          message: error instanceof Error ? error.message : "Network error"
-        }
+        error: { code: "USER_CANCELLED", message: "User closed the dialog" }
       };
     }
-    const dialogUrl = this.getDialogUrl();
-    const themeParams = this.getThemeParams();
-    const signingUrl = `${dialogUrl}/dialog/sign?mode=iframe${themeParams ? `&${themeParams}` : ""}`;
-    const { dialog, iframe, cleanup } = this.createModalDialog(signingUrl);
+    if (!prepareResult.success) {
+      this.sendPrepareError(iframe, prepareResult.error.message);
+      await this.waitForDialogClose(dialog, cleanup);
+      return {
+        success: false,
+        intentId: "",
+        status: "failed",
+        error: prepareResult.error
+      };
+    }
+    prepareResponse = prepareResult.data;
     const dialogOrigin = this.getDialogOrigin();
-    const ready = await this.waitForDialogReady(dialog, iframe, cleanup, {
+    const initPayload = {
       mode: "iframe",
       calls,
       chainId: targetChain,
@@ -575,16 +717,21 @@ var OneAuthClient = class {
       tokenRequests: serializedTokenRequests,
       expiresAt: prepareResponse.expiresAt,
       userId: prepareResponse.userId,
-      intentOp: prepareResponse.intentOp
-    });
-    if (!ready) {
-      return {
-        success: false,
-        intentId: "",
-        status: "failed",
-        error: { code: "USER_CANCELLED", message: "User closed the dialog" }
-      };
-    }
+      intentOp: prepareResponse.intentOp,
+      digestResult: prepareResponse.digestResult,
+      tier: prepareResult.tier
+    };
+    dialogResult.sendInit(initPayload);
+    const handleReReady = (event) => {
+      if (event.origin !== dialogOrigin) return;
+      if (event.data?.type === "PASSKEY_READY") {
+        iframe.contentWindow?.postMessage(
+          { type: "PASSKEY_INIT", ...initPayload },
+          dialogOrigin
+        );
+      }
+    };
+    window.addEventListener("message", handleReReady);
     const signingResult = await this.waitForSigningWithRefresh(
       dialog,
       iframe,
@@ -611,7 +758,8 @@ var OneAuthClient = class {
             expiresAt: refreshedData.expiresAt,
             challenge: refreshedData.challenge,
             originMessages: refreshedData.originMessages,
-            transaction: refreshedData.transaction
+            transaction: refreshedData.transaction,
+            digestResult: refreshedData.digestResult
           };
         } catch (error) {
           console.error("[SDK] Quote refresh error:", error);
@@ -619,6 +767,7 @@ var OneAuthClient = class {
         }
       }
     );
+    window.removeEventListener("message", handleReReady);
     if (!signingResult.success) {
       return {
         success: false,
@@ -650,6 +799,7 @@ var OneAuthClient = class {
             targetChain: prepareResponse.targetChain,
             calls: prepareResponse.calls,
             expiresAt: prepareResponse.expiresAt,
+            digestResult: prepareResponse.digestResult,
             // Signature from dialog
             signature: signingResult.signature,
             passkey: signingResult.passkey
@@ -691,10 +841,21 @@ var OneAuthClient = class {
     let finalTxHash = executeResponse.transactionHash;
     if (finalStatus === "pending") {
       this.sendTransactionStatus(iframe, "pending");
+      let userClosedEarly = false;
+      const dialogOrigin2 = this.getDialogOrigin();
+      const earlyCloseHandler = (event) => {
+        if (event.origin !== dialogOrigin2) return;
+        if (event.data?.type === "PASSKEY_CLOSE") {
+          userClosedEarly = true;
+          cleanup();
+        }
+      };
+      window.addEventListener("message", earlyCloseHandler);
       const maxAttempts = 120;
       const pollIntervalMs = 1500;
       let lastStatus = "pending";
       for (let attempt = 0; attempt < maxAttempts; attempt++) {
+        if (userClosedEarly) break;
         try {
           const statusResponse = await fetch(
             `${this.config.providerUrl}/api/intent/status/${executeResponse.intentId}`,
@@ -729,6 +890,21 @@ var OneAuthClient = class {
         }
         await new Promise((resolve) => setTimeout(resolve, pollIntervalMs));
       }
+      window.removeEventListener("message", earlyCloseHandler);
+      if (userClosedEarly) {
+        cleanup();
+        return {
+          success: false,
+          intentId: executeResponse.intentId,
+          status: finalStatus,
+          transactionHash: finalTxHash,
+          operationId: executeResponse.operationId,
+          error: {
+            code: "USER_CANCELLED",
+            message: "User closed the dialog"
+          }
+        };
+      }
     }
     const closeOn = options.closeOn || "preconfirmed";
     const successStatuses = {
@@ -739,8 +915,9 @@ var OneAuthClient = class {
     };
     const isSuccessStatus = successStatuses[closeOn]?.includes(finalStatus) ?? false;
     const displayStatus = isSuccessStatus ? "confirmed" : finalStatus;
+    const closePromise = this.waitForDialogClose(dialog, cleanup);
     this.sendTransactionStatus(iframe, displayStatus, finalTxHash);
-    await this.waitForDialogClose(dialog, cleanup);
+    await closePromise;
     if (options.waitForHash && !finalTxHash) {
       const hash = await this.waitForTransactionHash(executeResponse.intentId, {
         timeoutMs: options.hashTimeoutMs,
@@ -801,7 +978,7 @@ var OneAuthClient = class {
    * ```
    */
   async sendBatchIntent(options) {
-    if (!options.username) {
+    if (!options.username && !options.accountAddress) {
       return {
         success: false,
         results: [],
@@ -825,35 +1002,24 @@ var OneAuthClient = class {
         amount: r.amount.toString()
       })),
       sourceAssets: intent.sourceAssets,
-      sourceChainId: intent.sourceChainId
+      sourceChainId: intent.sourceChainId,
+      moduleInstall: intent.moduleInstall
     }));
     const requestBody = {
-      username: options.username,
+      ...options.username && { username: options.username },
+      ...options.accountAddress && { accountAddress: options.accountAddress },
       intents: serializedIntents,
       ...this.config.clientId && { clientId: this.config.clientId }
     };
-    let prepareResponse;
-    try {
-      const response = await fetch(`${this.config.providerUrl}/api/intent/batch-prepare`, {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify(requestBody)
-      });
-      if (!response.ok) {
-        const errorData = await response.json().catch(() => ({}));
-        const errorMessage = errorData.error || "Failed to prepare batch intent";
-        if (errorMessage.includes("User not found")) {
-          localStorage.removeItem("1auth-user");
-        }
-        return {
-          success: false,
-          results: [],
-          successCount: 0,
-          failureCount: 0
-        };
-      }
-      prepareResponse = await response.json();
-    } catch {
+    const dialogUrl = this.getDialogUrl();
+    const themeParams = this.getThemeParams();
+    const signingUrl = `${dialogUrl}/dialog/sign?mode=iframe${themeParams ? `&${themeParams}` : ""}`;
+    const { dialog, iframe, cleanup } = this.createModalDialog(signingUrl);
+    const [prepareResult, dialogResult] = await Promise.all([
+      this.prepareBatchIntent(requestBody),
+      this.waitForDialogReadyDeferred(dialog, iframe, cleanup)
+    ]);
+    if (!dialogResult.ready) {
       return {
         success: false,
         results: [],
@@ -861,29 +1027,50 @@ var OneAuthClient = class {
         failureCount: 0
       };
     }
-    const dialogUrl = this.getDialogUrl();
-    const themeParams = this.getThemeParams();
-    const signingUrl = `${dialogUrl}/dialog/sign?mode=iframe${themeParams ? `&${themeParams}` : ""}`;
-    const { dialog, iframe, cleanup } = this.createModalDialog(signingUrl);
+    if (!prepareResult.success) {
+      const failedIntents = prepareResult.failedIntents;
+      const failureResults = failedIntents?.map((f) => ({
+        index: f.index,
+        success: false,
+        intentId: "",
+        status: "failed",
+        error: { message: f.error, code: "PREPARE_FAILED" }
+      })) ?? [];
+      this.sendPrepareError(iframe, prepareResult.error);
+      await this.waitForDialogClose(dialog, cleanup);
+      return {
+        success: false,
+        results: failureResults,
+        successCount: 0,
+        failureCount: failureResults.length,
+        error: prepareResult.error
+      };
+    }
+    let prepareResponse = prepareResult.data;
     const dialogOrigin = this.getDialogOrigin();
-    const ready = await this.waitForDialogReady(dialog, iframe, cleanup, {
+    const batchInitPayload = {
       mode: "iframe",
       batchMode: true,
       batchIntents: prepareResponse.intents,
+      batchFailedIntents: prepareResponse.failedIntents,
       challenge: prepareResponse.challenge,
       username: options.username,
       accountAddress: prepareResponse.accountAddress,
       userId: prepareResponse.userId,
-      expiresAt: prepareResponse.expiresAt
-    });
-    if (!ready) {
-      return {
-        success: false,
-        results: [],
-        successCount: 0,
-        failureCount: 0
-      };
-    }
+      expiresAt: prepareResponse.expiresAt,
+      tier: prepareResult.tier
+    };
+    dialogResult.sendInit(batchInitPayload);
+    const handleBatchReReady = (event) => {
+      if (event.origin !== dialogOrigin) return;
+      if (event.data?.type === "PASSKEY_READY") {
+        iframe.contentWindow?.postMessage(
+          { type: "PASSKEY_INIT", ...batchInitPayload },
+          dialogOrigin
+        );
+      }
+    };
+    window.addEventListener("message", handleBatchReReady);
     const batchResult = await new Promise((resolve) => {
       const handleMessage = async (event) => {
         if (event.origin !== dialogOrigin) return;
@@ -930,13 +1117,21 @@ var OneAuthClient = class {
               status: r.status === "FAILED" ? "failed" : "pending",
               error: r.error ? { code: "EXECUTE_FAILED", message: r.error } : void 0
             }));
-            const successCount = results.filter((r) => r.success).length;
+            const prepareFailures = (prepareResponse.failedIntents ?? []).map((f) => ({
+              index: f.index,
+              success: false,
+              intentId: "",
+              status: "failed",
+              error: { code: "PREPARE_FAILED", message: f.error }
+            }));
+            const allResults = [...results, ...prepareFailures].sort((a, b) => a.index - b.index);
+            const successCount = allResults.filter((r) => r.success).length;
             await this.waitForDialogClose(dialog, cleanup);
             resolve({
-              success: successCount === results.length,
-              results,
+              success: successCount === allResults.length,
+              results: allResults,
               successCount,
-              failureCount: results.length - successCount
+              failureCount: allResults.length - successCount
             });
           } else {
             cleanup();
@@ -961,6 +1156,7 @@ var OneAuthClient = class {
       };
       window.addEventListener("message", handleMessage);
     });
+    window.removeEventListener("message", handleBatchReReady);
     return batchResult;
   }
   /**
@@ -1164,6 +1360,143 @@ var OneAuthClient = class {
       dialog.addEventListener("close", handleClose);
     });
   }
+  /**
+   * Inject a preconnect link tag to pre-warm DNS + TLS for a given URL.
+   */
+  injectPreconnect(url) {
+    try {
+      const origin = new URL(url).origin;
+      if (document.querySelector(`link[rel="preconnect"][href="${origin}"]`)) return;
+      const link = document.createElement("link");
+      link.rel = "preconnect";
+      link.href = origin;
+      link.crossOrigin = "anonymous";
+      document.head.appendChild(link);
+    } catch {
+    }
+  }
+  /**
+   * Wait for the dialog iframe to signal ready without sending init data.
+   * Returns a sendInit function the caller uses once prepare data is available.
+   */
+  waitForDialogReadyDeferred(dialog, iframe, cleanup) {
+    const dialogOrigin = this.getDialogOrigin();
+    return new Promise((resolve) => {
+      let settled = false;
+      const teardown = () => {
+        if (settled) return;
+        settled = true;
+        clearTimeout(readyTimeout);
+        window.removeEventListener("message", handleMessage);
+        dialog.removeEventListener("close", handleClose);
+      };
+      const handleMessage = (event) => {
+        if (event.origin !== dialogOrigin) return;
+        if (event.data?.type === "PASSKEY_READY") {
+          teardown();
+          resolve({
+            ready: true,
+            sendInit: (initMessage) => {
+              iframe.contentWindow?.postMessage(
+                { type: "PASSKEY_INIT", ...initMessage },
+                dialogOrigin
+              );
+            }
+          });
+        } else if (event.data?.type === "PASSKEY_CLOSE") {
+          teardown();
+          cleanup();
+          resolve({ ready: false });
+        }
+      };
+      const handleClose = () => {
+        teardown();
+        resolve({ ready: false });
+      };
+      const readyTimeout = setTimeout(() => {
+        teardown();
+        cleanup();
+        resolve({ ready: false });
+      }, 1e4);
+      window.addEventListener("message", handleMessage);
+      dialog.addEventListener("close", handleClose);
+    });
+  }
+  /**
+   * Prepare an intent by calling the orchestrator for a quote.
+   * Returns the prepare response and the origin tier from the response header.
+   */
+  async prepareIntent(requestBody) {
+    try {
+      const response = await fetch(`${this.config.providerUrl}/api/intent/prepare`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify(requestBody)
+      });
+      if (!response.ok) {
+        const errorData = await response.json().catch(() => ({}));
+        const errorMessage = errorData.error || "Failed to prepare intent";
+        if (errorMessage.includes("User not found")) {
+          localStorage.removeItem("1auth-user");
+        }
+        return {
+          success: false,
+          error: {
+            code: errorMessage.includes("User not found") ? "USER_NOT_FOUND" : "PREPARE_FAILED",
+            message: errorMessage
+          }
+        };
+      }
+      const tier = response.headers.get("X-Origin-Tier");
+      return { success: true, data: await response.json(), tier };
+    } catch (error) {
+      return {
+        success: false,
+        error: {
+          code: "NETWORK_ERROR",
+          message: error instanceof Error ? error.message : "Network error"
+        }
+      };
+    }
+  }
+  /**
+   * Prepare a batch intent by calling the orchestrator for quotes on all intents.
+   */
+  async prepareBatchIntent(requestBody) {
+    try {
+      const response = await fetch(`${this.config.providerUrl}/api/intent/batch-prepare`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify(requestBody)
+      });
+      if (!response.ok) {
+        const errorData = await response.json().catch(() => ({}));
+        const errorMessage = errorData.error || "Failed to prepare batch intent";
+        if (errorMessage.includes("User not found")) {
+          localStorage.removeItem("1auth-user");
+        }
+        return {
+          success: false,
+          error: errorMessage,
+          failedIntents: errorData.failedIntents
+        };
+      }
+      const tier = response.headers.get("X-Origin-Tier");
+      return { success: true, data: await response.json(), tier };
+    } catch {
+      return { success: false, error: "Network error" };
+    }
+  }
+  /**
+   * Send a prepare error message to the dialog iframe.
+   */
+  sendPrepareError(iframe, error) {
+    const dialogOrigin = this.getDialogOrigin();
+    iframe.contentWindow?.postMessage(
+      { type: "PASSKEY_PREPARE_ERROR", error },
+      dialogOrigin
+    );
+  }
   /**
    * Poll for intent status
    *
@@ -1475,6 +1808,7 @@ var OneAuthClient = class {
       message: options.message,
       challenge: options.challenge || options.message,
       username: options.username,
+      accountAddress: options.accountAddress,
       description: options.description,
       metadata: options.metadata
     });
@@ -1566,6 +1900,7 @@ var OneAuthClient = class {
       },
       challenge: signedHash,
       username: options.username,
+      accountAddress: options.accountAddress,
       description: options.description
     });
     if (!ready) {
@@ -1639,7 +1974,7 @@ var OneAuthClient = class {
     iframe.style.borderRadius = "12px";
     iframe.style.boxShadow = "0 4px 6px -1px rgb(0 0 0 / 0.1), 0 2px 4px -2px rgb(0 0 0 / 0.1)";
     iframe.id = `passkey-embed-${requestId}`;
-    iframe.allow = "publickey-credentials-get *; publickey-credentials-create *";
+    iframe.allow = "publickey-credentials-get *; publickey-credentials-create *; identity-credentials-get";
     iframe.onload = () => {
       options.onReady?.();
     };
@@ -1787,6 +2122,7 @@ var OneAuthClient = class {
       const teardown = () => {
         if (settled) return;
         settled = true;
+        clearTimeout(readyTimeout);
         window.removeEventListener("message", handleMessage);
         dialog.removeEventListener("close", handleClose);
       };
@@ -1809,6 +2145,11 @@ var OneAuthClient = class {
         teardown();
         resolve(false);
       };
+      const readyTimeout = setTimeout(() => {
+        teardown();
+        cleanup();
+        resolve(false);
+      }, 1e4);
       window.addEventListener("message", handleMessage);
       dialog.addEventListener("close", handleClose);
     });
@@ -1849,7 +2190,9 @@ var OneAuthClient = class {
         border-radius: 14px;
         border: none;
         box-shadow: 0 8px 32px rgba(0, 0, 0, 0.12), 0 2px 8px rgba(0, 0, 0, 0.08);
-        transition: width 0.2s ease-out, height 0.15s ease-out;
+        transition: height 0.15s ease-out;
+        max-height: calc(100vh - 100px);
+        max-height: calc(100dvh - 100px);
       }
 
       @media (min-width: 769px) {
@@ -1911,14 +2254,10 @@ var OneAuthClient = class {
     const iframe = document.createElement("iframe");
     iframe.setAttribute(
       "allow",
-      "publickey-credentials-get *; publickey-credentials-create *; clipboard-write"
+      "publickey-credentials-get *; publickey-credentials-create *; clipboard-write; identity-credentials-get"
     );
     iframe.setAttribute("aria-label", "Passkey Authentication");
     iframe.setAttribute("tabindex", "0");
-    iframe.setAttribute(
-      "sandbox",
-      "allow-forms allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox"
-    );
     iframe.setAttribute("src", url);
     iframe.setAttribute("title", "Passkey");
     iframe.style.border = "none";
@@ -1928,10 +2267,8 @@ var OneAuthClient = class {
     const handleMessage = (event) => {
       if (event.origin !== hostUrl.origin) return;
       if (event.data?.type === "PASSKEY_RESIZE") {
-        iframe.style.height = `${event.data.height}px`;
-        if (event.data.width) {
-          iframe.style.width = `${event.data.width}px`;
-        }
+        const maxHeight = window.innerHeight - 100;
+        iframe.style.height = `${Math.min(event.data.height, maxHeight)}px`;
       } else if (event.data?.type === "PASSKEY_DISCONNECT") {
         localStorage.removeItem("1auth-user");
       }
@@ -1949,7 +2286,10 @@ var OneAuthClient = class {
       }
     });
     dialog.showModal();
+    let cleanedUp = false;
     const cleanup = () => {
+      if (cleanedUp) return;
+      cleanedUp = true;
       window.removeEventListener("message", handleMessage);
       document.removeEventListener("keydown", handleEscape);
       dialog.close();
@@ -1981,22 +2321,11 @@ var OneAuthClient = class {
           if (data.success) {
             resolve({
               success: true,
-              username: data.data?.username,
-              user: data.data?.user
-            });
-          } else {
-            resolve({
-              success: false,
-              error: data.error
-            });
-          }
-        } else if (data?.type === "PASSKEY_REGISTER_RESULT") {
-          window.removeEventListener("message", handleMessage);
-          cleanup();
-          if (data.success) {
-            resolve({
-              success: true,
-              username: data.data?.username
+              user: {
+                id: data.data?.user?.id,
+                username: data.data?.username,
+                address: data.data?.address
+              }
             });
           } else {
             resolve({
@@ -2055,8 +2384,11 @@ var OneAuthClient = class {
           if (data.success) {
             resolve({
               success: true,
-              username: data.data?.username,
-              user: data.data?.user
+              user: {
+                id: data.data?.user?.id,
+                username: data.data?.username,
+                address: data.data?.address
+              }
             });
           } else {
             resolve({
@@ -2064,14 +2396,43 @@ var OneAuthClient = class {
               error: data.error
             });
           }
-        } else if (data?.type === "PASSKEY_REGISTER_RESULT") {
+        } else if (data?.type === "PASSKEY_CLOSE") {
           clearInterval(pollTimer);
           window.removeEventListener("message", handleMessage);
           popup?.close();
+          resolve({
+            success: false,
+            error: {
+              code: "USER_CANCELLED",
+              message: "Authentication was cancelled"
+            }
+          });
+        }
+      };
+      window.addEventListener("message", handleMessage);
+    });
+  }
+  waitForAuthenticateResponse(_dialog, _iframe, cleanup) {
+    const dialogOrigin = this.getDialogOrigin();
+    return new Promise((resolve) => {
+      const handleMessage = (event) => {
+        if (event.origin !== dialogOrigin) return;
+        const data = event.data;
+        if (data?.type === "PASSKEY_AUTHENTICATE_RESULT") {
+          window.removeEventListener("message", handleMessage);
+          cleanup();
           if (data.success) {
             resolve({
               success: true,
-              username: data.data?.username
+              user: {
+                id: data.data?.user?.id,
+                username: data.data?.username,
+                address: data.data?.accountAddress
+              },
+              challenge: data.data?.signature ? {
+                signature: data.data.signature,
+                signedHash: data.data.signedHash
+              } : void 0
             });
           } else {
             resolve({
@@ -2080,9 +2441,8 @@ var OneAuthClient = class {
             });
           }
         } else if (data?.type === "PASSKEY_CLOSE") {
-          clearInterval(pollTimer);
           window.removeEventListener("message", handleMessage);
-          popup?.close();
+          cleanup();
           resolve({
             success: false,
             error: {
@@ -2095,27 +2455,28 @@ var OneAuthClient = class {
       window.addEventListener("message", handleMessage);
     });
   }
-  waitForAuthenticateResponse(_dialog, _iframe, cleanup) {
+  waitForConnectResponse(_dialog, _iframe, cleanup) {
     const dialogOrigin = this.getDialogOrigin();
     return new Promise((resolve) => {
       const handleMessage = (event) => {
         if (event.origin !== dialogOrigin) return;
         const data = event.data;
-        if (data?.type === "PASSKEY_AUTHENTICATE_RESULT") {
+        if (data?.type === "PASSKEY_CONNECT_RESULT") {
           window.removeEventListener("message", handleMessage);
           cleanup();
           if (data.success) {
             resolve({
               success: true,
-              username: data.data?.username,
-              user: data.data?.user,
-              accountAddress: data.data?.accountAddress,
-              signature: data.data?.signature,
-              signedHash: data.data?.signedHash
+              user: {
+                username: data.data?.username,
+                address: data.data?.address
+              },
+              autoConnected: data.data?.autoConnected
             });
           } else {
             resolve({
               success: false,
+              action: data.data?.action,
               error: data.error
             });
           }
@@ -2124,9 +2485,10 @@ var OneAuthClient = class {
           cleanup();
           resolve({
             success: false,
+            action: "cancel",
             error: {
               code: "USER_CANCELLED",
-              message: "Authentication was cancelled"
+              message: "Connection was cancelled"
             }
           });
         }
@@ -2134,26 +2496,28 @@ var OneAuthClient = class {
       window.addEventListener("message", handleMessage);
     });
   }
-  waitForConnectResponse(_dialog, _iframe, cleanup) {
+  waitForConsentResponse(_dialog, _iframe, cleanup) {
     const dialogOrigin = this.getDialogOrigin();
     return new Promise((resolve) => {
       const handleMessage = (event) => {
         if (event.origin !== dialogOrigin) return;
         const data = event.data;
-        if (data?.type === "PASSKEY_CONNECT_RESULT") {
+        if (data?.type === "PASSKEY_CONSENT_RESULT") {
           window.removeEventListener("message", handleMessage);
           cleanup();
           if (data.success) {
             resolve({
               success: true,
-              username: data.data?.username,
-              autoConnected: data.data?.autoConnected
+              data: data.data,
+              grantedAt: data.data?.grantedAt
             });
           } else {
             resolve({
               success: false,
-              action: data.data?.action,
-              error: data.error
+              error: data.error ?? {
+                code: "USER_REJECTED",
+                message: "User denied the consent request"
+              }
             });
           }
         } else if (data?.type === "PASSKEY_CLOSE") {
@@ -2161,10 +2525,9 @@ var OneAuthClient = class {
           cleanup();
           resolve({
             success: false,
-            action: "cancel",
             error: {
               code: "USER_CANCELLED",
-              message: "Connection was cancelled"
+              message: "User closed the dialog"
             }
           });
         }
@@ -2380,7 +2743,7 @@ function createOneAuthProvider(options) {
       const raw = localStorage.getItem(storageKey);
       if (!raw) return null;
       const parsed = JSON.parse(raw);
-      if (!parsed?.username || !parsed?.address) return null;
+      if (!parsed?.address) return null;
       return parsed;
     } catch {
       return null;
@@ -2416,18 +2779,26 @@ function createOneAuthProvider(options) {
     }
     const connectResult = await client.connectWithModal();
     let username;
-    if (connectResult.success && connectResult.username) {
-      username = connectResult.username;
+    let address;
+    if (connectResult.success) {
+      username = connectResult.user?.username;
+      address = connectResult.user?.address;
     } else if (connectResult.action === "switch") {
       const authResult = await client.authWithModal();
-      if (!authResult.success || !authResult.username) {
+      if (!authResult.success) {
         throw new Error(authResult.error?.message || "Authentication failed");
       }
-      username = authResult.username;
+      username = authResult.user?.username;
+      address = authResult.user?.address;
     } else {
       throw new Error(connectResult.error?.message || "Connection cancelled");
     }
-    const address = await resolveAccountAddress(username);
+    if (!address && username) {
+      address = await resolveAccountAddress(username);
+    }
+    if (!address) {
+      throw new Error("No account address available");
+    }
     setStoredUser({ username, address });
     emit("accountsChanged", [address]);
     emit("connect", { chainId: (0, import_viem4.numberToHex)(chainId) });
@@ -2442,11 +2813,11 @@ function createOneAuthProvider(options) {
     const stored = getStoredUser();
     if (stored) return stored;
     const [address] = await connect();
-    const username = getStoredUser()?.username;
-    if (!username || !address) {
+    if (!address) {
       throw new Error("Failed to resolve user session");
     }
-    return { username, address };
+    const user = getStoredUser();
+    return user || { address };
   };
   const parseChainId = (value) => {
     if (typeof value === "number") return value;
@@ -2504,9 +2875,13 @@ function createOneAuthProvider(options) {
     }
   };
   const signMessage = async (message) => {
-    const { username } = await ensureUser();
+    const user = await ensureUser();
+    if (!user.username && !user.address) {
+      throw new Error("Username or address required for signing.");
+    }
     const result = await client.signMessage({
-      username,
+      username: user.username,
+      accountAddress: user.address,
       message
     });
     if (!result.success || !result.signature) {
@@ -2515,10 +2890,14 @@ function createOneAuthProvider(options) {
     return encodeWebAuthnSignature(result.signature);
   };
   const signTypedData = async (typedData) => {
-    const { username } = await ensureUser();
+    const user = await ensureUser();
+    if (!user.username && !user.address) {
+      throw new Error("Username or address required for signing.");
+    }
     const data = typeof typedData === "string" ? JSON.parse(typedData) : typedData;
     const result = await client.signTypedData({
-      username,
+      username: user.username,
+      accountAddress: user.address,
       domain: data.domain,
       types: data.types,
       primaryType: data.primaryType,
@@ -2533,11 +2912,15 @@ function createOneAuthProvider(options) {
     if (!options.signIntent) {
       return {
         username: payload.username,
+        accountAddress: payload.accountAddress,
         targetChain: payload.targetChain,
         calls: payload.calls,
         tokenRequests: payload.tokenRequests
       };
     }
+    if (!payload.username) {
+      throw new Error("Username required for signed intents. Set a username first.");
+    }
     const signedIntent = await options.signIntent({
       username: payload.username,
       accountAddress: payload.accountAddress,
@@ -2663,10 +3046,13 @@ function createOneAuthProvider(options) {
         return capabilities;
       }
       case "wallet_getAssets": {
-        const { username } = await ensureUser();
+        const user = await ensureUser();
+        if (!user.username) {
+          throw new Error("Username required to fetch assets. Set a username first.");
+        }
         const clientId = client.getClientId();
         const response = await fetch(
-          `${client.getProviderUrl()}/api/users/${encodeURIComponent(username)}/portfolio`,
+          `${client.getProviderUrl()}/api/users/${encodeURIComponent(user.username)}/portfolio`,
           {
             headers: clientId ? { "x-client-id": clientId } : {}
           }
@@ -2776,7 +3162,6 @@ function createOneAuthProvider(options) {
     disconnect
   };
 }
-var createPasskeyProvider = createOneAuthProvider;
 
 // src/account.ts
 var import_viem5 = require("viem");
@@ -3447,7 +3832,6 @@ function BatchQueueWidget({ onSignAll }) {
 // src/verify.ts
 var import_viem7 = require("viem");
 var ETHEREUM_MESSAGE_PREFIX = "Ethereum Signed Message:\n";
-var PASSKEY_MESSAGE_PREFIX = ETHEREUM_MESSAGE_PREFIX;
 function hashMessage2(message) {
   const prefixed = ETHEREUM_MESSAGE_PREFIX + message.length.toString() + message;
   return (0, import_viem7.keccak256)((0, import_viem7.toBytes)(prefixed));
@@ -3463,11 +3847,8 @@ function verifyMessageHash(message, signedHash) {
   BatchQueueWidget,
   ETHEREUM_MESSAGE_PREFIX,
   OneAuthClient,
-  PASSKEY_MESSAGE_PREFIX,
-  PasskeyProviderClient,
   createOneAuthProvider,
   createPasskeyAccount,
-  createPasskeyProvider,
   createPasskeyWalletClient,
   encodeWebAuthnSignature,
   getAllSupportedChainsAndTokens,