npm - @swype-org/react-sdk - Versions diffs - 0.1.230 → 0.1.237 - Mend

@swype-org/react-sdk 0.1.230 → 0.1.237

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.cjs CHANGED Viewed

@@ -158,6 +158,322 @@ function useBlinkDepositAmount() {
   };
 }
+// src/passkey-delegation.ts
+var PasskeyIframeBlockedError = class extends Error {
+  constructor(message = "Passkey creation is not supported in this browser context.") {
+    super(message);
+    this.name = "PasskeyIframeBlockedError";
+  }
+};
+function isInCrossOriginIframe() {
+  if (typeof window === "undefined") return false;
+  if (window.parent === window) return false;
+  try {
+    void window.parent.location.origin;
+    return false;
+  } catch {
+    return true;
+  }
+}
+function isSafari() {
+  if (typeof navigator === "undefined") return false;
+  const ua = navigator.userAgent;
+  return /Safari/i.test(ua) && !/Chrome|CriOS|Chromium|Edg|OPR|Firefox/i.test(ua);
+}
+var POPUP_RESULT_TIMEOUT_MS = 12e4;
+var POPUP_CLOSED_POLL_MS = 500;
+var POPUP_CLOSED_GRACE_MS = 1e3;
+function createPasskeyViaPopup(options) {
+  return new Promise((resolve, reject) => {
+    const verificationToken = crypto.randomUUID();
+    const payload = { ...options, verificationToken };
+    const encoded = btoa(JSON.stringify(payload));
+    const popupUrl = `${window.location.origin}/passkey-register#${encoded}`;
+    const popup = window.open(popupUrl, "blink-passkey");
+    if (!popup) {
+      reject(new Error("Pop-up blocked. Please allow pop-ups for this site and try again."));
+      return;
+    }
+    let settled = false;
+    const timer = setTimeout(() => {
+      cleanup();
+      reject(new Error("Passkey creation timed out. Please try again."));
+    }, POPUP_RESULT_TIMEOUT_MS);
+    const closedPoll = setInterval(() => {
+      if (popup.closed) {
+        clearInterval(closedPoll);
+        setTimeout(() => {
+          if (!settled) {
+            settled = true;
+            cleanup();
+            checkServerForPasskeyByToken(
+              options.authToken,
+              options.apiBaseUrl,
+              verificationToken
+            ).then((result) => {
+              if (result) {
+                resolve(result);
+              } else {
+                reject(new Error("Passkey window was closed before completing."));
+              }
+            }).catch(() => {
+              reject(new Error("Passkey window was closed before completing."));
+            });
+          }
+        }, POPUP_CLOSED_GRACE_MS);
+      }
+    }, POPUP_CLOSED_POLL_MS);
+    function cleanup() {
+      clearTimeout(timer);
+      clearInterval(closedPoll);
+    }
+  });
+}
+var VERIFY_POPUP_TIMEOUT_MS = 6e4;
+function findDevicePasskeyViaPopup(options) {
+  return new Promise((resolve, reject) => {
+    const verificationToken = crypto.randomUUID();
+    const payload = {
+      ...options,
+      verificationToken
+    };
+    const encoded = btoa(JSON.stringify(payload));
+    const popupUrl = `${window.location.origin}/passkey-verify#${encoded}`;
+    const popup = window.open(popupUrl, "blink-passkey-verify");
+    if (!popup) {
+      reject(new Error("Pop-up blocked. Please allow pop-ups for this site and try again."));
+      return;
+    }
+    let settled = false;
+    const timer = setTimeout(() => {
+      cleanup();
+      resolve(null);
+    }, VERIFY_POPUP_TIMEOUT_MS);
+    const closedPoll = setInterval(() => {
+      if (popup.closed && !settled) {
+        clearInterval(closedPoll);
+        setTimeout(() => {
+          if (!settled) {
+            settled = true;
+            cleanup();
+            checkServerForPasskeyByToken(
+              options.authToken,
+              options.apiBaseUrl,
+              verificationToken
+            ).then((result) => {
+              resolve(result?.credentialId ?? null);
+            }).catch(() => {
+              resolve(null);
+            });
+          }
+        }, POPUP_CLOSED_GRACE_MS);
+      }
+    }, POPUP_CLOSED_POLL_MS);
+    function cleanup() {
+      clearTimeout(timer);
+      clearInterval(closedPoll);
+    }
+  });
+}
+async function checkServerForPasskeyByToken(authToken, apiBaseUrl, verificationToken) {
+  if (!authToken || !apiBaseUrl) return null;
+  const res = await fetch(`${apiBaseUrl}/v1/users/config`, {
+    headers: { Authorization: `Bearer ${authToken}` }
+  });
+  if (!res.ok) return null;
+  const body = await res.json();
+  const passkeys = body.config.passkeys ?? [];
+  const matched = passkeys.find((p) => p.lastVerificationToken === verificationToken);
+  return matched ? { credentialId: matched.credentialId, publicKey: matched.publicKey } : null;
+}
+// src/passkeyRpId.ts
+function normalizeConfiguredDomain(value) {
+  return value.replace(/^https?:\/\//, "").replace(/\/.*$/, "").replace(/^\./, "").trim();
+}
+function resolveRootDomainFromHostname(hostname) {
+  const trimmedHostname = hostname.trim().toLowerCase();
+  if (!trimmedHostname) {
+    return "localhost";
+  }
+  if (trimmedHostname === "localhost" || /^\d{1,3}(?:\.\d{1,3}){3}$/.test(trimmedHostname)) {
+    return trimmedHostname;
+  }
+  const parts = trimmedHostname.split(".").filter(Boolean);
+  if (parts.length < 2) {
+    return trimmedHostname;
+  }
+  return parts.slice(-2).join(".");
+}
+// src/hooks/passkeyPublic.ts
+function waitForDocumentFocus(timeoutMs = 5e3, intervalMs = 100) {
+  return new Promise((resolve, reject) => {
+    if (typeof document === "undefined") {
+      resolve();
+      return;
+    }
+    if (document.hasFocus()) {
+      resolve();
+      return;
+    }
+    const deadline = Date.now() + timeoutMs;
+    const timer = setInterval(() => {
+      if (document.hasFocus()) {
+        clearInterval(timer);
+        resolve();
+      } else if (Date.now() >= deadline) {
+        clearInterval(timer);
+        resolve();
+      }
+    }, intervalMs);
+  });
+}
+function toBase64(buffer) {
+  return btoa(String.fromCharCode(...new Uint8Array(buffer)));
+}
+function base64ToBytes(value) {
+  const normalized = value.replace(/-/g, "+").replace(/_/g, "/");
+  const padded = normalized + "=".repeat((4 - normalized.length % 4) % 4);
+  const raw = atob(padded);
+  const bytes = new Uint8Array(raw.length);
+  for (let i = 0; i < raw.length; i++) {
+    bytes[i] = raw.charCodeAt(i);
+  }
+  return bytes;
+}
+function readEnvValue(name) {
+  const meta = ({ url: (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('index.cjs', document.baseURI).href)) });
+  const metaValue = meta.env?.[name];
+  if (typeof metaValue === "string" && metaValue.trim().length > 0) {
+    return metaValue.trim();
+  }
+  const processValue = globalThis.process?.env?.[name];
+  if (typeof processValue === "string" && processValue.trim().length > 0) {
+    return processValue.trim();
+  }
+  return void 0;
+}
+function resolvePasskeyRpId() {
+  const configuredDomain = readEnvValue("VITE_DOMAIN") ?? readEnvValue("BLINK_DOMAIN");
+  if (configuredDomain) {
+    return normalizeConfiguredDomain(configuredDomain);
+  }
+  if (typeof window !== "undefined") {
+    return resolveRootDomainFromHostname(window.location.hostname);
+  }
+  return "localhost";
+}
+async function createPasskeyCredential(params) {
+  const challenge = new Uint8Array(32);
+  crypto.getRandomValues(challenge);
+  const rpId = resolvePasskeyRpId();
+  const publicKeyOptions = {
+    challenge,
+    rp: { name: "Blink", id: rpId },
+    user: {
+      id: new TextEncoder().encode(params.userId),
+      name: params.displayName,
+      displayName: params.displayName
+    },
+    pubKeyCredParams: [
+      { alg: -7, type: "public-key" },
+      { alg: -257, type: "public-key" }
+    ],
+    authenticatorSelection: {
+      authenticatorAttachment: "platform",
+      residentKey: "preferred",
+      userVerification: "required"
+    },
+    timeout: 6e4
+  };
+  if (isInCrossOriginIframe()) {
+    try {
+      await waitForDocumentFocus();
+      const credential2 = await navigator.credentials.create({
+        publicKey: publicKeyOptions
+      });
+      if (!credential2) {
+        throw new Error("Passkey creation was cancelled.");
+      }
+      return extractPasskeyResult(credential2);
+    } catch (err) {
+      if (err instanceof PasskeyIframeBlockedError) throw err;
+      if (err instanceof Error && err.message === "Passkey creation was cancelled.") throw err;
+      throw new PasskeyIframeBlockedError();
+    }
+  }
+  await waitForDocumentFocus();
+  const credential = await navigator.credentials.create({
+    publicKey: publicKeyOptions
+  });
+  if (!credential) {
+    throw new Error("Passkey creation was cancelled.");
+  }
+  return extractPasskeyResult(credential);
+}
+function extractPasskeyResult(credential) {
+  const response = credential.response;
+  const publicKeyBytes = response.getPublicKey?.();
+  return {
+    credentialId: toBase64(credential.rawId),
+    publicKey: publicKeyBytes ? toBase64(publicKeyBytes) : ""
+  };
+}
+function buildPasskeyPopupOptions(params) {
+  const challenge = new Uint8Array(32);
+  crypto.getRandomValues(challenge);
+  const rpId = resolvePasskeyRpId();
+  return {
+    challenge: toBase64(challenge),
+    rpId,
+    rpName: "Blink",
+    userId: toBase64(new TextEncoder().encode(params.userId)),
+    userName: params.displayName,
+    userDisplayName: params.displayName,
+    pubKeyCredParams: [
+      { alg: -7, type: "public-key" },
+      { alg: -257, type: "public-key" }
+    ],
+    authenticatorSelection: {
+      authenticatorAttachment: "platform",
+      residentKey: "preferred",
+      userVerification: "required"
+    },
+    timeout: 6e4,
+    authToken: params.authToken,
+    apiBaseUrl: params.apiBaseUrl
+  };
+}
+async function deviceHasPasskey(credentialId) {
+  const found = await findDevicePasskey([credentialId]);
+  return found != null;
+}
+async function findDevicePasskey(credentialIds) {
+  if (credentialIds.length === 0) return null;
+  try {
+    const challenge = new Uint8Array(32);
+    crypto.getRandomValues(challenge);
+    await waitForDocumentFocus();
+    const assertion = await navigator.credentials.get({
+      publicKey: {
+        challenge,
+        rpId: resolvePasskeyRpId(),
+        allowCredentials: credentialIds.map((id) => ({
+          type: "public-key",
+          id: base64ToBytes(id)
+        })),
+        userVerification: "discouraged",
+        timeout: 3e4
+      }
+    });
+    if (!assertion) return null;
+    return toBase64(assertion.rawId);
+  } catch {
+    return null;
+  }
+}
 // src/api.ts
 var api_exports = {};
 __export(api_exports, {
@@ -169,6 +485,7 @@ __export(api_exports, {
   fetchAccount: () => fetchAccount,
   fetchAccounts: () => fetchAccounts,
   fetchAuthorizationSession: () => fetchAuthorizationSession,
+  fetchAuthorizationSessionByToken: () => fetchAuthorizationSessionByToken,
   fetchChains: () => fetchChains,
   fetchGuestAccount: () => fetchGuestAccount,
   fetchGuestTransferBalances: () => fetchGuestTransferBalances,
@@ -348,6 +665,13 @@ async function fetchAuthorizationSession(apiBaseUrl, sessionId) {
   if (!res.ok) await throwApiError(res);
   return await res.json();
 }
+async function fetchAuthorizationSessionByToken(apiBaseUrl, token) {
+  const res = await fetch(
+    `${apiBaseUrl}/v1/authorization-sessions?token=${encodeURIComponent(token)}`
+  );
+  if (!res.ok) await throwApiError(res);
+  return await res.json();
+}
 async function registerPasskey(apiBaseUrl, token, credentialId, publicKey) {
   const res = await fetch(`${apiBaseUrl}/v1/users/config/passkey`, {
     method: "POST",
@@ -504,17 +828,87 @@ async function setAccountOwner(apiBaseUrl, accessToken, accountId, guestSessionT
   if (!res.ok) await throwApiError(res);
   return await res.json();
 }
-async function reportActionCompletion(apiBaseUrl, actionId, result) {
-  const res = await fetch(
-    `${apiBaseUrl}/v1/authorization-actions/${actionId}`,
-    {
-      method: "PATCH",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({ status: "COMPLETED", result })
+async function reportActionCompletion(apiBaseUrl, actionId, result) {
+  const res = await fetch(
+    `${apiBaseUrl}/v1/authorization-actions/${actionId}`,
+    {
+      method: "PATCH",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ status: "COMPLETED", result })
+    }
+  );
+  if (!res.ok) await throwApiError(res);
+  return await res.json();
+}
+// src/transferPolling.ts
+async function pollTransferTick(params) {
+  const fetchTransfer2 = params.fetchTransfer ?? fetchTransfer;
+  const token = await params.getAccessToken();
+  if (!token) {
+    return { kind: "retry" };
+  }
+  try {
+    const transfer = await fetchTransfer2(params.apiBaseUrl, token, params.transferId);
+    return { kind: "success", transfer };
+  } catch (err) {
+    return {
+      kind: "error",
+      message: err instanceof Error ? err.message : "Polling error"
+    };
+  }
+}
+// src/hooks/useTransferPolling.ts
+function useTransferPolling(intervalMs = 3e3) {
+  const { apiBaseUrl } = useBlinkConfig();
+  const { getAccessToken } = reactAuth.usePrivy();
+  const [transfer, setTransfer] = react.useState(null);
+  const [error, setError] = react.useState(null);
+  const [isPolling, setIsPolling] = react.useState(false);
+  const intervalRef = react.useRef(null);
+  const transferIdRef = react.useRef(null);
+  const stopPolling = react.useCallback(() => {
+    if (intervalRef.current) {
+      clearInterval(intervalRef.current);
+      intervalRef.current = null;
+    }
+    setIsPolling(false);
+  }, []);
+  const poll = react.useCallback(async () => {
+    if (!transferIdRef.current) return;
+    const result = await pollTransferTick({
+      apiBaseUrl,
+      transferId: transferIdRef.current,
+      getAccessToken
+    });
+    if (result.kind === "retry") {
+      return;
+    }
+    if (result.kind === "error") {
+      setError(result.message);
+      stopPolling();
+      return;
+    }
+    setError(null);
+    setTransfer(result.transfer);
+    if (result.transfer.status === "COMPLETED" || result.transfer.status === "FAILED") {
+      stopPolling();
     }
+  }, [apiBaseUrl, getAccessToken, stopPolling]);
+  const startPolling = react.useCallback(
+    (transferId) => {
+      stopPolling();
+      transferIdRef.current = transferId;
+      setIsPolling(true);
+      setError(null);
+      poll();
+      intervalRef.current = setInterval(poll, intervalMs);
+    },
+    [poll, intervalMs, stopPolling]
   );
-  if (!res.ok) await throwApiError(res);
-  return await res.json();
+  react.useEffect(() => () => stopPolling(), [stopPolling]);
+  return { transfer, error, isPolling, startPolling, stopPolling };
 }
 // node_modules/@wagmi/core/dist/esm/utils/getAction.js
@@ -814,250 +1208,61 @@ async function waitForTransactionReceipt(config, parameters) {
     chainId: client.chain.id
   };
 }
-// src/passkeyRpId.ts
-function normalizeConfiguredDomain(value) {
-  return value.replace(/^https?:\/\//, "").replace(/\/.*$/, "").replace(/^\./, "").trim();
-}
-function resolveRootDomainFromHostname(hostname) {
-  const trimmedHostname = hostname.trim().toLowerCase();
-  if (!trimmedHostname) {
-    return "localhost";
-  }
-  if (trimmedHostname === "localhost" || /^\d{1,3}(?:\.\d{1,3}){3}$/.test(trimmedHostname)) {
-    return trimmedHostname;
-  }
-  const parts = trimmedHostname.split(".").filter(Boolean);
-  if (parts.length < 2) {
-    return trimmedHostname;
-  }
-  return parts.slice(-2).join(".");
-}
 var ERC_6492_MAGIC_SUFFIX = "6492649264926492649264926492649264926492649264926492649264926492";
 function normalizeSignature(sig) {
   const hex = sig.startsWith("0x") ? sig.slice(2) : sig;
-  if (hex.length === 130) {
-    return `0x${hex}`;
-  }
-  if (hex.length === 128) {
-    const r = hex.slice(0, 64);
-    const yParityAndS = hex.slice(64, 128);
-    const highByte = parseInt(yParityAndS.slice(0, 2), 16);
-    const v = (highByte & 128) !== 0 ? 28 : 27;
-    const sFirstByte = (highByte & 127).toString(16).padStart(2, "0");
-    const s = sFirstByte + yParityAndS.slice(2);
-    return `0x${r}${s}${v.toString(16)}`;
-  }
-  if (hex.length > 64 && hex.endsWith(ERC_6492_MAGIC_SUFFIX)) {
-    const { signature: inner } = utils.parseErc6492Signature(
-      `0x${hex}`
-    );
-    return normalizeSignature(inner);
-  }
-  if (hex.length > 130) {
-    try {
-      const [, innerBytes] = viem.decodeAbiParameters(
-        [{ type: "uint256" }, { type: "bytes" }],
-        `0x${hex}`
-      );
-      return normalizeSignature(innerBytes);
-    } catch {
-      try {
-        const [wrapper] = viem.decodeAbiParameters(
-          [{
-            type: "tuple",
-            components: [{ type: "uint8" }, { type: "bytes" }]
-          }],
-          `0x${hex}`
-        );
-        return normalizeSignature(wrapper[1]);
-      } catch {
-        return `0x${hex}`;
-      }
-    }
-  }
-  throw new Error(
-    `Invalid signature: unable to normalize. Length=${hex.length / 2} bytes. Expected 65, 64, ERC-6492 wrapped, or ABI-encoded SignatureWrapper.`
-  );
-}
-// src/transferPolling.ts
-async function pollTransferTick(params) {
-  const fetchTransfer2 = params.fetchTransfer ?? fetchTransfer;
-  const token = await params.getAccessToken();
-  if (!token) {
-    return { kind: "retry" };
-  }
-  try {
-    const transfer = await fetchTransfer2(params.apiBaseUrl, token, params.transferId);
-    return { kind: "success", transfer };
-  } catch (err) {
-    return {
-      kind: "error",
-      message: err instanceof Error ? err.message : "Polling error"
-    };
-  }
-}
-// src/passkey-delegation.ts
-var PasskeyIframeBlockedError = class extends Error {
-  constructor(message = "Passkey creation is not supported in this browser context.") {
-    super(message);
-    this.name = "PasskeyIframeBlockedError";
-  }
-};
-function isInCrossOriginIframe() {
-  if (typeof window === "undefined") return false;
-  if (window.parent === window) return false;
-  try {
-    void window.parent.location.origin;
-    return false;
-  } catch {
-    return true;
-  }
-}
-function isSafari() {
-  if (typeof navigator === "undefined") return false;
-  const ua = navigator.userAgent;
-  return /Safari/i.test(ua) && !/Chrome|CriOS|Chromium|Edg|OPR|Firefox/i.test(ua);
-}
-var POPUP_RESULT_TIMEOUT_MS = 12e4;
-var POPUP_CLOSED_POLL_MS = 500;
-var POPUP_CLOSED_GRACE_MS = 1e3;
-function createPasskeyViaPopup(options) {
-  return new Promise((resolve, reject) => {
-    const verificationToken = crypto.randomUUID();
-    const payload = { ...options, verificationToken };
-    const encoded = btoa(JSON.stringify(payload));
-    const popupUrl = `${window.location.origin}/passkey-register#${encoded}`;
-    const popup = window.open(popupUrl, "blink-passkey");
-    if (!popup) {
-      reject(new Error("Pop-up blocked. Please allow pop-ups for this site and try again."));
-      return;
-    }
-    let settled = false;
-    const timer = setTimeout(() => {
-      cleanup();
-      reject(new Error("Passkey creation timed out. Please try again."));
-    }, POPUP_RESULT_TIMEOUT_MS);
-    const closedPoll = setInterval(() => {
-      if (popup.closed) {
-        clearInterval(closedPoll);
-        setTimeout(() => {
-          if (!settled) {
-            settled = true;
-            cleanup();
-            checkServerForPasskeyByToken(
-              options.authToken,
-              options.apiBaseUrl,
-              verificationToken
-            ).then((result) => {
-              if (result) {
-                resolve(result);
-              } else {
-                reject(new Error("Passkey window was closed before completing."));
-              }
-            }).catch(() => {
-              reject(new Error("Passkey window was closed before completing."));
-            });
-          }
-        }, POPUP_CLOSED_GRACE_MS);
-      }
-    }, POPUP_CLOSED_POLL_MS);
-    function cleanup() {
-      clearTimeout(timer);
-      clearInterval(closedPoll);
-    }
-  });
-}
-var VERIFY_POPUP_TIMEOUT_MS = 6e4;
-function findDevicePasskeyViaPopup(options) {
-  return new Promise((resolve, reject) => {
-    const verificationToken = crypto.randomUUID();
-    const payload = {
-      ...options,
-      verificationToken
-    };
-    const encoded = btoa(JSON.stringify(payload));
-    const popupUrl = `${window.location.origin}/passkey-verify#${encoded}`;
-    const popup = window.open(popupUrl, "blink-passkey-verify");
-    if (!popup) {
-      reject(new Error("Pop-up blocked. Please allow pop-ups for this site and try again."));
-      return;
-    }
-    let settled = false;
-    const timer = setTimeout(() => {
-      cleanup();
-      resolve(null);
-    }, VERIFY_POPUP_TIMEOUT_MS);
-    const closedPoll = setInterval(() => {
-      if (popup.closed && !settled) {
-        clearInterval(closedPoll);
-        setTimeout(() => {
-          if (!settled) {
-            settled = true;
-            cleanup();
-            checkServerForPasskeyByToken(
-              options.authToken,
-              options.apiBaseUrl,
-              verificationToken
-            ).then((result) => {
-              resolve(result?.credentialId ?? null);
-            }).catch(() => {
-              resolve(null);
-            });
-          }
-        }, POPUP_CLOSED_GRACE_MS);
+  if (hex.length === 130) {
+    return `0x${hex}`;
+  }
+  if (hex.length === 128) {
+    const r = hex.slice(0, 64);
+    const yParityAndS = hex.slice(64, 128);
+    const highByte = parseInt(yParityAndS.slice(0, 2), 16);
+    const v = (highByte & 128) !== 0 ? 28 : 27;
+    const sFirstByte = (highByte & 127).toString(16).padStart(2, "0");
+    const s = sFirstByte + yParityAndS.slice(2);
+    return `0x${r}${s}${v.toString(16)}`;
+  }
+  if (hex.length > 64 && hex.endsWith(ERC_6492_MAGIC_SUFFIX)) {
+    const { signature: inner } = utils.parseErc6492Signature(
+      `0x${hex}`
+    );
+    return normalizeSignature(inner);
+  }
+  if (hex.length > 130) {
+    try {
+      const [, innerBytes] = viem.decodeAbiParameters(
+        [{ type: "uint256" }, { type: "bytes" }],
+        `0x${hex}`
+      );
+      return normalizeSignature(innerBytes);
+    } catch {
+      try {
+        const [wrapper] = viem.decodeAbiParameters(
+          [{
+            type: "tuple",
+            components: [{ type: "uint8" }, { type: "bytes" }]
+          }],
+          `0x${hex}`
+        );
+        return normalizeSignature(wrapper[1]);
+      } catch {
+        return `0x${hex}`;
       }
-    }, POPUP_CLOSED_POLL_MS);
-    function cleanup() {
-      clearTimeout(timer);
-      clearInterval(closedPoll);
     }
-  });
-}
-async function checkServerForPasskeyByToken(authToken, apiBaseUrl, verificationToken) {
-  if (!authToken || !apiBaseUrl) return null;
-  const res = await fetch(`${apiBaseUrl}/v1/users/config`, {
-    headers: { Authorization: `Bearer ${authToken}` }
-  });
-  if (!res.ok) return null;
-  const body = await res.json();
-  const passkeys = body.config.passkeys ?? [];
-  const matched = passkeys.find((p) => p.lastVerificationToken === verificationToken);
-  return matched ? { credentialId: matched.credentialId, publicKey: matched.publicKey } : null;
+  }
+  throw new Error(
+    `Invalid signature: unable to normalize. Length=${hex.length / 2} bytes. Expected 65, 64, ERC-6492 wrapped, or ABI-encoded SignatureWrapper.`
+  );
 }
-// src/hooks.ts
+// src/hooks/authorizationExecutor.ts
 var WALLET_CLIENT_MAX_ATTEMPTS = 25;
 var WALLET_CLIENT_POLL_MS = 400;
 var ACTION_POLL_INTERVAL_MS = 500;
 var ACTION_POLL_MAX_RETRIES = 20;
 var SIGN_PERMIT2_POLL_MS = 1e3;
 var SIGN_PERMIT2_MAX_POLLS = 15;
-var TRANSFER_SIGN_MAX_POLLS = 60;
-function waitForDocumentFocus(timeoutMs = 5e3, intervalMs = 100) {
-  return new Promise((resolve, reject) => {
-    if (typeof document === "undefined") {
-      resolve();
-      return;
-    }
-    if (document.hasFocus()) {
-      resolve();
-      return;
-    }
-    const deadline = Date.now() + timeoutMs;
-    const timer = setInterval(() => {
-      if (document.hasFocus()) {
-        clearInterval(timer);
-        resolve();
-      } else if (Date.now() >= deadline) {
-        clearInterval(timer);
-        resolve();
-      }
-    }, intervalMs);
-  });
-}
 function actionSuccess(action, message, data) {
   return { actionId: action.id, type: action.type, status: "success", message, data };
 }
@@ -1068,243 +1273,44 @@ function isUserRejection(msg) {
   const lower = msg.toLowerCase();
   return lower.includes("rejected") || lower.includes("denied");
 }
-function hexToBytes(hex) {
-  const clean = hex.startsWith("0x") ? hex.slice(2) : hex;
-  const bytes = clean.match(/.{1,2}/g).map((b) => parseInt(b, 16));
-  return new Uint8Array(bytes);
-}
-function toBase64(buffer) {
-  return btoa(String.fromCharCode(...new Uint8Array(buffer)));
-}
-function base64ToBytes(value) {
-  const normalized = value.replace(/-/g, "+").replace(/_/g, "/");
-  const padded = normalized + "=".repeat((4 - normalized.length % 4) % 4);
-  const raw = atob(padded);
-  const bytes = new Uint8Array(raw.length);
-  for (let i = 0; i < raw.length; i++) {
-    bytes[i] = raw.charCodeAt(i);
-  }
-  return bytes;
-}
-function readEnvValue(name) {
-  const meta = ({ url: (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('index.cjs', document.baseURI).href)) });
-  const metaValue = meta.env?.[name];
-  if (typeof metaValue === "string" && metaValue.trim().length > 0) {
-    return metaValue.trim();
-  }
-  const processValue = globalThis.process?.env?.[name];
-  if (typeof processValue === "string" && processValue.trim().length > 0) {
-    return processValue.trim();
-  }
-  return void 0;
-}
-function resolvePasskeyRpId() {
-  const configuredDomain = readEnvValue("VITE_DOMAIN") ?? readEnvValue("BLINK_DOMAIN");
-  if (configuredDomain) {
-    return normalizeConfiguredDomain(configuredDomain);
-  }
-  if (typeof window !== "undefined") {
-    return resolveRootDomainFromHostname(window.location.hostname);
-  }
-  return "localhost";
-}
 async function waitForWalletClient(wagmiConfig2, params = {}) {
   for (let i = 0; i < WALLET_CLIENT_MAX_ATTEMPTS; i++) {
     try {
       const account = getAccount(wagmiConfig2);
-      const enrichedParams = account.connector ? { ...params, connector: account.connector } : params;
-      return await getWalletClient(wagmiConfig2, enrichedParams);
-    } catch {
-      if (i === WALLET_CLIENT_MAX_ATTEMPTS - 1) {
-        throw new Error("Wallet not ready. Please try again.");
-      }
-      await new Promise((r) => setTimeout(r, WALLET_CLIENT_POLL_MS));
-    }
-  }
-  throw new Error("Wallet not ready. Please try again.");
-}
-function parseSignTypedDataPayload(typedData) {
-  const { domain, types, primaryType, message } = typedData;
-  if (!domain || typeof domain !== "object" || Array.isArray(domain)) {
-    throw new Error("SIGN_PERMIT2 typedData is missing a valid domain object.");
-  }
-  if (!types || typeof types !== "object" || Array.isArray(types)) {
-    throw new Error("SIGN_PERMIT2 typedData is missing a valid types object.");
-  }
-  if (typeof primaryType !== "string") {
-    throw new Error("SIGN_PERMIT2 typedData is missing primaryType.");
-  }
-  if (!message || typeof message !== "object" || Array.isArray(message)) {
-    throw new Error("SIGN_PERMIT2 typedData is missing a valid message object.");
-  }
-  return {
-    domain,
-    types,
-    primaryType,
-    message
-  };
-}
-function getPendingActions(session, completedIds) {
-  return session.actions.filter((a) => a.status === "PENDING" && !completedIds.has(a.id)).sort((a, b) => a.orderIndex - b.orderIndex);
-}
-async function createPasskeyCredential(params) {
-  const challenge = new Uint8Array(32);
-  crypto.getRandomValues(challenge);
-  const rpId = resolvePasskeyRpId();
-  const publicKeyOptions = {
-    challenge,
-    rp: { name: "Blink", id: rpId },
-    user: {
-      id: new TextEncoder().encode(params.userId),
-      name: params.displayName,
-      displayName: params.displayName
-    },
-    pubKeyCredParams: [
-      { alg: -7, type: "public-key" },
-      { alg: -257, type: "public-key" }
-    ],
-    authenticatorSelection: {
-      authenticatorAttachment: "platform",
-      residentKey: "preferred",
-      userVerification: "required"
-    },
-    timeout: 6e4
-  };
-  if (isInCrossOriginIframe()) {
-    try {
-      await waitForDocumentFocus();
-      const credential2 = await navigator.credentials.create({
-        publicKey: publicKeyOptions
-      });
-      if (!credential2) {
-        throw new Error("Passkey creation was cancelled.");
-      }
-      return extractPasskeyResult(credential2);
-    } catch (err) {
-      if (err instanceof PasskeyIframeBlockedError) throw err;
-      if (err instanceof Error && err.message === "Passkey creation was cancelled.") throw err;
-      throw new PasskeyIframeBlockedError();
-    }
-  }
-  await waitForDocumentFocus();
-  const credential = await navigator.credentials.create({
-    publicKey: publicKeyOptions
-  });
-  if (!credential) {
-    throw new Error("Passkey creation was cancelled.");
-  }
-  return extractPasskeyResult(credential);
-}
-function extractPasskeyResult(credential) {
-  const response = credential.response;
-  const publicKeyBytes = response.getPublicKey?.();
-  return {
-    credentialId: toBase64(credential.rawId),
-    publicKey: publicKeyBytes ? toBase64(publicKeyBytes) : ""
-  };
-}
-function buildPasskeyPopupOptions(params) {
-  const challenge = new Uint8Array(32);
-  crypto.getRandomValues(challenge);
-  const rpId = resolvePasskeyRpId();
-  return {
-    challenge: toBase64(challenge),
-    rpId,
-    rpName: "Blink",
-    userId: toBase64(new TextEncoder().encode(params.userId)),
-    userName: params.displayName,
-    userDisplayName: params.displayName,
-    pubKeyCredParams: [
-      { alg: -7, type: "public-key" },
-      { alg: -257, type: "public-key" }
-    ],
-    authenticatorSelection: {
-      authenticatorAttachment: "platform",
-      residentKey: "preferred",
-      userVerification: "required"
-    },
-    timeout: 6e4,
-    authToken: params.authToken,
-    apiBaseUrl: params.apiBaseUrl
-  };
-}
-async function deviceHasPasskey(credentialId) {
-  const found = await findDevicePasskey([credentialId]);
-  return found != null;
-}
-async function findDevicePasskey(credentialIds) {
-  if (credentialIds.length === 0) return null;
-  try {
-    const challenge = new Uint8Array(32);
-    crypto.getRandomValues(challenge);
-    await waitForDocumentFocus();
-    const assertion = await navigator.credentials.get({
-      publicKey: {
-        challenge,
-        rpId: resolvePasskeyRpId(),
-        allowCredentials: credentialIds.map((id) => ({
-          type: "public-key",
-          id: base64ToBytes(id)
-        })),
-        userVerification: "discouraged",
-        timeout: 3e4
+      const enrichedParams = account.connector ? { ...params, connector: account.connector } : params;
+      return await getWalletClient(wagmiConfig2, enrichedParams);
+    } catch {
+      if (i === WALLET_CLIENT_MAX_ATTEMPTS - 1) {
+        throw new Error("Wallet not ready. Please try again.");
       }
-    });
-    if (!assertion) return null;
-    return toBase64(assertion.rawId);
-  } catch {
-    return null;
+      await new Promise((r) => setTimeout(r, WALLET_CLIENT_POLL_MS));
+    }
   }
+  throw new Error("Wallet not ready. Please try again.");
 }
-function useTransferPolling(intervalMs = 3e3) {
-  const { apiBaseUrl } = useBlinkConfig();
-  const { getAccessToken } = reactAuth.usePrivy();
-  const [transfer, setTransfer] = react.useState(null);
-  const [error, setError] = react.useState(null);
-  const [isPolling, setIsPolling] = react.useState(false);
-  const intervalRef = react.useRef(null);
-  const transferIdRef = react.useRef(null);
-  const stopPolling = react.useCallback(() => {
-    if (intervalRef.current) {
-      clearInterval(intervalRef.current);
-      intervalRef.current = null;
-    }
-    setIsPolling(false);
-  }, []);
-  const poll = react.useCallback(async () => {
-    if (!transferIdRef.current) return;
-    const result = await pollTransferTick({
-      apiBaseUrl,
-      transferId: transferIdRef.current,
-      getAccessToken
-    });
-    if (result.kind === "retry") {
-      return;
-    }
-    if (result.kind === "error") {
-      setError(result.message);
-      stopPolling();
-      return;
-    }
-    setError(null);
-    setTransfer(result.transfer);
-    if (result.transfer.status === "COMPLETED" || result.transfer.status === "FAILED") {
-      stopPolling();
-    }
-  }, [apiBaseUrl, getAccessToken, stopPolling]);
-  const startPolling = react.useCallback(
-    (transferId) => {
-      stopPolling();
-      transferIdRef.current = transferId;
-      setIsPolling(true);
-      setError(null);
-      poll();
-      intervalRef.current = setInterval(poll, intervalMs);
-    },
-    [poll, intervalMs, stopPolling]
-  );
-  react.useEffect(() => () => stopPolling(), [stopPolling]);
-  return { transfer, error, isPolling, startPolling, stopPolling };
+function parseSignTypedDataPayload(typedData) {
+  const { domain, types, primaryType, message } = typedData;
+  if (!domain || typeof domain !== "object" || Array.isArray(domain)) {
+    throw new Error("SIGN_PERMIT2 typedData is missing a valid domain object.");
+  }
+  if (!types || typeof types !== "object" || Array.isArray(types)) {
+    throw new Error("SIGN_PERMIT2 typedData is missing a valid types object.");
+  }
+  if (typeof primaryType !== "string") {
+    throw new Error("SIGN_PERMIT2 typedData is missing primaryType.");
+  }
+  if (!message || typeof message !== "object" || Array.isArray(message)) {
+    throw new Error("SIGN_PERMIT2 typedData is missing a valid message object.");
+  }
+  return {
+    domain,
+    types,
+    primaryType,
+    message
+  };
+}
+function getPendingActions(session, completedIds) {
+  return session.actions.filter((a) => a.status === "PENDING" && !completedIds.has(a.id)).sort((a, b) => a.orderIndex - b.orderIndex);
 }
 async function executeOpenProvider(action, wagmiConfig2, connectors, connectAsync) {
   try {
@@ -1702,6 +1708,47 @@ function useAuthorizationExecutor(options) {
     executeSessionById
   };
 }
+var TRANSFER_SIGN_MAX_POLLS = 60;
+function waitForDocumentFocus2(timeoutMs = 5e3, intervalMs = 100) {
+  return new Promise((resolve, reject) => {
+    if (typeof document === "undefined") {
+      resolve();
+      return;
+    }
+    if (document.hasFocus()) {
+      resolve();
+      return;
+    }
+    const deadline = Date.now() + timeoutMs;
+    const timer = setInterval(() => {
+      if (document.hasFocus()) {
+        clearInterval(timer);
+        resolve();
+      } else if (Date.now() >= deadline) {
+        clearInterval(timer);
+        resolve();
+      }
+    }, intervalMs);
+  });
+}
+function hexToBytes(hex) {
+  const clean = hex.startsWith("0x") ? hex.slice(2) : hex;
+  const bytes = clean.match(/.{1,2}/g).map((b) => parseInt(b, 16));
+  return new Uint8Array(bytes);
+}
+function toBase642(buffer) {
+  return btoa(String.fromCharCode(...new Uint8Array(buffer)));
+}
+function base64ToBytes2(value) {
+  const normalized = value.replace(/-/g, "+").replace(/_/g, "/");
+  const padded = normalized + "=".repeat((4 - normalized.length % 4) % 4);
+  const raw = atob(padded);
+  const bytes = new Uint8Array(raw.length);
+  for (let i = 0; i < raw.length; i++) {
+    bytes[i] = raw.charCodeAt(i);
+  }
+  return bytes;
+}
 function useTransferSigning(pollIntervalMs = 2e3, options) {
   const blinkConfig = useOptionalBlinkConfig();
   const apiBaseUrl = options?.apiBaseUrl ?? blinkConfig?.apiBaseUrl;
@@ -1757,9 +1804,9 @@ function useTransferSigning(pollIntervalMs = 2e3, options) {
         let signedUserOp;
         const allowCredentials = payload.passkeyCredentialId ? [{
           type: "public-key",
-          id: base64ToBytes(payload.passkeyCredentialId)
+          id: base64ToBytes2(payload.passkeyCredentialId)
         }] : void 0;
-        await waitForDocumentFocus();
+        await waitForDocumentFocus2();
         const assertion = await navigator.credentials.get({
           publicKey: {
             challenge: hashBytes,
@@ -1775,10 +1822,10 @@ function useTransferSigning(pollIntervalMs = 2e3, options) {
         const response = assertion.response;
         signedUserOp = {
           ...payload.userOp,
-          credentialId: toBase64(assertion.rawId),
-          signature: toBase64(response.signature),
-          authenticatorData: toBase64(response.authenticatorData),
-          clientDataJSON: toBase64(response.clientDataJSON)
+          credentialId: toBase642(assertion.rawId),
+          signature: toBase642(response.signature),
+          authenticatorData: toBase642(response.authenticatorData),
+          clientDataJSON: toBase642(response.clientDataJSON)
         };
         return await signTransfer(
           apiBaseUrl,
@@ -1937,6 +1984,95 @@ function buildSelectSourceChoices(options) {
   })).filter((chain) => chain.tokens.length > 0).sort((a, b) => b.balance - a.balance);
 }
+// src/walletFlow.ts
+var MOBILE_USER_AGENT_PATTERN = /Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini/i;
+function isMobileUserAgent(userAgent) {
+  if (!userAgent) {
+    return false;
+  }
+  return MOBILE_USER_AGENT_PATTERN.test(userAgent);
+}
+function shouldUseWalletConnector(options) {
+  return options.useWalletConnector ?? !isMobileUserAgent(options.userAgent);
+}
+// src/paymentResolvePhase.ts
+function hasActiveWallet(accounts) {
+  return accounts.some((a) => a.wallets.some((w) => w.status === "ACTIVE"));
+}
+function isTransferInFlight(transfer) {
+  if (!transfer) return false;
+  return ["CREATED", "SENDING", "SENT"].includes(transfer.status);
+}
+function resolvePhase(state) {
+  const p = state.phase;
+  if (p.step === "select-source" && state.transfer?.status === "COMPLETED" && state.guestPreauthorizing) {
+    return p;
+  }
+  if (state.transfer?.status === "COMPLETED" && state.guestPreauthorizing) {
+    return { step: "processing", transfer: state.transfer };
+  }
+  if (state.transfer?.status === "COMPLETED") {
+    return { step: "completed", transfer: state.transfer };
+  }
+  if (state.transfer?.status === "FAILED") {
+    return { step: "failed", transfer: state.transfer, error: state.error ?? "Transfer failed." };
+  }
+  if (state.creatingTransfer || isTransferInFlight(state.transfer)) {
+    return { step: "processing", transfer: state.transfer };
+  }
+  if (p.step === "token-picker" || p.step === "one-tap-setup" || p.step === "select-source" || p.step === "confirm-sign" || p.step === "guest-token-picker") {
+    return p;
+  }
+  if (state.mobileFlow && state.deeplinkUri) {
+    return {
+      step: "wallet-setup",
+      mobile: { deeplinkUri: state.deeplinkUri, providerId: state.selectedProviderId },
+      accountId: null
+    };
+  }
+  if (p.step === "wallet-setup" && p.mobile == null) {
+    return p;
+  }
+  if (state.isGuestFlow && state.selectedProviderId != null && !state.transfer) {
+    return { step: "guest-token-picker" };
+  }
+  if (p.step === "wallet-picker" && !state.creatingTransfer && !(state.mobileFlow && state.deeplinkUri)) {
+    return p;
+  }
+  if (!state.privyReady) {
+    return { step: "initializing" };
+  }
+  if (state.privyAuthenticated && !state.activeCredentialId && !state.passkeyConfigLoaded) {
+    return { step: "initializing" };
+  }
+  if (state.verificationTarget) {
+    return { step: "otp-verify", target: state.verificationTarget };
+  }
+  if (state.loginRequested) {
+    return { step: "login" };
+  }
+  if (state.passkeyConfigLoaded && !state.activeCredentialId) {
+    if (state.knownCredentialIds.length > 0 && state.passkeyPopupNeeded) {
+      return { step: "passkey-verify" };
+    }
+    return { step: "passkey-create", popupFallback: state.passkeyPopupNeeded };
+  }
+  if (state.loadingData && state.activeCredentialId && hasActiveWallet(state.accounts)) {
+    return { step: "data-loading" };
+  }
+  if (state.activeCredentialId && !hasActiveWallet(state.accounts) && !state.mobileFlow) {
+    return { step: "wallet-picker", reason: "link" };
+  }
+  if (state.activeCredentialId && hasActiveWallet(state.accounts) && !state.loadingData) {
+    return { step: "deposit" };
+  }
+  if (state.isGuestFlow) {
+    return { step: "wallet-picker", reason: "guest-entry" };
+  }
+  return { step: "wallet-picker", reason: "entry" };
+}
 // src/paymentReducer.ts
 function deriveSourceTypeAndId(state) {
   if (state.selectedWalletId) {
@@ -1949,6 +2085,7 @@ function deriveSourceTypeAndId(state) {
 }
 function createInitialState(config) {
   return {
+    phase: { step: "initializing" },
     error: null,
     providers: [],
     accounts: [],
@@ -1969,6 +2106,7 @@ function createInitialState(config) {
     knownCredentialIds: [],
     verificationTarget: null,
     oneTapLimit: 100,
+    oneTapLimitSavedDuringSetup: false,
     mobileFlow: false,
     deeplinkUri: null,
     increasingLimit: false,
@@ -1976,12 +2114,19 @@ function createInitialState(config) {
     guestTransferId: null,
     guestSessionToken: null,
     guestPreauthAccountId: null,
+    guestPreauthSessionId: null,
     activePublicKey: null,
-    userIntent: null,
-    loginRequested: false
+    loginRequested: false,
+    guestPreauthorizing: false,
+    privyReady: false,
+    privyAuthenticated: false
   };
 }
 function paymentReducer(state, action) {
+  const next = applyAction(state, action);
+  return { ...next, phase: resolvePhase(next) };
+}
+function applyAction(state, action) {
   switch (action.type) {
     // ── Auth ──────────────────────────────────────────────────────
     case "CODE_SENT":
@@ -2059,23 +2204,20 @@ function paymentReducer(state, action) {
         selectedProviderId: action.providerId,
         selectedAccountId: null,
         selectedWalletId: null,
-        selectedTokenSymbol: null,
-        userIntent: null
+        selectedTokenSymbol: null
       };
     case "SELECT_ACCOUNT":
       return {
         ...state,
         selectedAccountId: action.accountId,
         selectedWalletId: action.walletId,
-        selectedTokenSymbol: null,
-        userIntent: null
+        selectedTokenSymbol: null
       };
     case "SELECT_TOKEN":
       return {
         ...state,
         selectedWalletId: action.walletId,
-        selectedTokenSymbol: action.tokenSymbol,
-        userIntent: null
+        selectedTokenSymbol: action.tokenSymbol
       };
     // ── Transfer lifecycle ───────────────────────────────────────
     case "PAY_STARTED":
@@ -2084,8 +2226,7 @@ function paymentReducer(state, action) {
         error: null,
         creatingTransfer: true,
         deeplinkUri: null,
-        mobileFlow: false,
-        userIntent: null
+        mobileFlow: false
       };
     case "PAY_ENDED":
       return { ...state, creatingTransfer: false };
@@ -2149,7 +2290,8 @@ function paymentReducer(state, action) {
         transfer: action.transfer,
         error: null,
         mobileFlow: false,
-        deeplinkUri: null
+        deeplinkUri: null,
+        phase: { step: "confirm-sign", transfer: action.transfer }
       };
     case "CLEAR_MOBILE_STATE":
       return { ...state, mobileFlow: false, deeplinkUri: null };
@@ -2207,6 +2349,17 @@ function paymentReducer(state, action) {
         selectedWalletId: null,
         selectedTokenSymbol: null
       };
+    case "GUEST_BACK_FROM_TOKEN_PICKER":
+      return {
+        ...state,
+        selectedProviderId: null,
+        guestTransferId: null,
+        guestSessionToken: null,
+        selectedAccountId: null,
+        selectedWalletId: null,
+        selectedTokenSymbol: null,
+        error: null
+      };
     case "GUEST_TRANSFER_COMPLETED":
       return {
         ...state,
@@ -2219,29 +2372,40 @@ function paymentReducer(state, action) {
     case "GUEST_PREAUTH_DETECTED":
       return {
         ...state,
-        guestPreauthAccountId: action.accountId
+        guestPreauthAccountId: action.accountId,
+        guestPreauthSessionId: action.sessionId ?? state.guestPreauthSessionId,
+        selectedAccountId: action.accountId,
+        selectedWalletId: null,
+        selectedTokenSymbol: null
       };
+    case "GUEST_PREAUTH_BEGIN":
+      return { ...state, guestPreauthorizing: true, error: null };
+    case "GUEST_PREAUTH_END":
+      return { ...state, guestPreauthorizing: false };
     case "ACCOUNT_OWNER_SET":
       return {
         ...state,
         guestPreauthAccountId: null,
+        guestPreauthSessionId: null,
         activePublicKey: null,
         error: null,
-        userIntent: "configure-one-tap"
+        guestPreauthorizing: false,
+        phase: { step: "one-tap-setup", action: null }
       };
     // ── User intent & error ──────────────────────────────────────
     case "SET_USER_INTENT":
-      return { ...state, userIntent: action.intent };
+      return { ...state, phase: action.intent };
     case "REQUEST_LOGIN":
       return {
         ...state,
         loginRequested: true,
         transfer: null,
-        isGuestFlow: false,
         creatingTransfer: false
       };
     case "SET_ERROR":
       return { ...state, error: action.error };
+    case "SET_ONE_TAP_LIMIT_SAVED_DURING_SETUP":
+      return { ...state, oneTapLimitSavedDuringSetup: action.saved };
     // ── Lifecycle ────────────────────────────────────────────────
     case "NEW_PAYMENT":
       return {
@@ -2258,9 +2422,11 @@ function paymentReducer(state, action) {
         guestTransferId: null,
         guestSessionToken: null,
         guestPreauthAccountId: null,
+        guestPreauthSessionId: null,
         activePublicKey: null,
-        userIntent: null,
-        loginRequested: false
+        loginRequested: false,
+        oneTapLimitSavedDuringSetup: false,
+        guestPreauthorizing: false
       };
     case "LOGOUT":
       return {
@@ -2268,7 +2434,15 @@ function paymentReducer(state, action) {
           depositAmount: action.depositAmount,
           passkeyPopupNeeded: state.passkeyPopupNeeded,
           activeCredentialId: null
-        })
+        }),
+        privyReady: action.privyReady,
+        privyAuthenticated: false
+      };
+    case "SYNC_PRIVY_SESSION":
+      return {
+        ...state,
+        privyReady: action.ready,
+        privyAuthenticated: action.authenticated
       };
     case "SYNC_AMOUNT":
       return { ...state, amount: action.amount };
@@ -2317,97 +2491,42 @@ function maskAuthIdentifier(identifier) {
   return `***-***-${visibleSuffix}`;
 }
-// src/walletFlow.ts
-var MOBILE_USER_AGENT_PATTERN = /Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini/i;
-function isMobileUserAgent(userAgent) {
-  if (!userAgent) {
-    return false;
-  }
-  return MOBILE_USER_AGENT_PATTERN.test(userAgent);
-}
-function shouldUseWalletConnector(options) {
-  return options.useWalletConnector ?? !isMobileUserAgent(options.userAgent);
-}
 // src/resolveScreen.ts
-function hasActiveWallet(accounts) {
-  return accounts.some((a) => a.wallets.some((w) => w.status === "ACTIVE"));
-}
-function isTransferTerminal(transfer) {
-  return transfer?.status === "COMPLETED" || transfer?.status === "FAILED";
-}
-function isTransferInFlight(transfer) {
-  if (!transfer) return false;
-  return ["CREATED", "SENDING", "SENT"].includes(transfer.status);
-}
-function isSetupTransfer(transfer) {
-  if (!transfer) return false;
-  return transfer.sources?.some(
-    (s) => s.wallets && Array.isArray(s.wallets) && s.wallets.length === 0
-  ) ?? false;
-}
-function resolveScreen(state) {
-  if (!state.privyReady) {
-    return "loading";
-  }
-  if (state.authenticated && !state.activeCredentialId && !state.passkeyConfigLoaded) {
-    return "loading";
-  }
-  if (!state.authenticated && !state.verificationTarget && !state.isGuestFlow && (state.isReturningUser || state.guestPreauthRedirect || state.loginRequested)) {
-    return "login";
-  }
-  if (!state.authenticated && state.verificationTarget != null) {
-    return "otp-verify";
-  }
-  if (state.authenticated && !state.activeCredentialId && state.passkeyConfigLoaded && (state.knownCredentialIds.length === 0 || !state.passkeyPopupNeeded)) {
-    return "create-passkey";
-  }
-  if (state.authenticated && !state.activeCredentialId && state.passkeyConfigLoaded && state.knownCredentialIds.length > 0 && state.passkeyPopupNeeded) {
-    return "verify-passkey";
-  }
-  if (isTransferTerminal(state.transfer)) {
-    return "success";
-  }
-  if (state.creatingTransfer || state.transfer != null && isTransferInFlight(state.transfer)) {
-    return "processing";
-  }
-  if (state.transfer?.status === "AUTHORIZED" && !state.isDesktop && !isSetupTransfer(state.transfer)) {
-    return "confirm-sign";
-  }
-  if (state.pendingSelectSource != null) {
-    return state.isDesktop ? "setup" : "select-source";
-  }
-  if (state.pendingOneTapSetup != null && !state.oneTapLimitAlreadySaved) {
-    return "setup";
-  }
-  if (state.mobileFlow || state.inlineAuthorizationExecuting) {
-    return state.isDesktop ? "setup-status" : "open-wallet";
-  }
-  if (state.isGuestFlow && state.selectedProviderId != null && !state.transfer && !state.guestSettingSender) {
-    return "guest-token-picker";
-  }
-  if (state.activeCredentialId && !hasActiveWallet(state.accounts) && !state.mobileFlow || !state.authenticated && !state.isReturningUser && !state.isGuestFlow) {
-    return "wallet-picker";
-  }
-  if (state.loadingData && state.activeCredentialId != null && hasActiveWallet(state.accounts)) {
-    return "loading";
-  }
-  if (state.userIntent === "pick-token" && state.selectedAccount != null) {
-    return "token-picker";
-  }
-  if (state.userIntent === "configure-one-tap") {
-    return "setup";
-  }
-  if (state.userIntent === "switch-wallet") {
-    return "wallet-picker";
-  }
-  if (state.activeCredentialId != null && hasActiveWallet(state.accounts) && !state.loadingData) {
-    return "deposit";
-  }
-  if (state.isGuestFlow) {
-    return "wallet-picker";
+function screenForPhase(phase) {
+  switch (phase.step) {
+    case "initializing":
+    case "data-loading":
+      return "loading";
+    case "login":
+      return "login";
+    case "otp-verify":
+      return "otp-verify";
+    case "passkey-create":
+      return "create-passkey";
+    case "passkey-verify":
+      return "verify-passkey";
+    case "wallet-picker":
+      return "wallet-picker";
+    case "wallet-setup":
+      return phase.mobile ? "open-wallet" : "setup-status";
+    case "select-source":
+      return phase.isDesktop ? "setup" : "select-source";
+    case "one-tap-setup":
+      return "setup";
+    case "guest-token-picker":
+      return "guest-token-picker";
+    case "token-picker":
+      return "token-picker";
+    case "deposit":
+      return "deposit";
+    case "processing":
+      return "processing";
+    case "confirm-sign":
+      return "confirm-sign";
+    case "completed":
+    case "failed":
+      return "success";
   }
-  return "wallet-picker";
 }
 var MUTED = "#7fa4b0";
 var LOGO_SIZE = 48;
@@ -5890,85 +6009,66 @@ var DEPOSIT_SCREENS = /* @__PURE__ */ new Set([
   "processing",
   "success"
 ]);
-function getFlowPhase(screen, userIntent) {
+function getFlowPhase(screen, phase) {
   if (LINK_SCREENS.has(screen)) return "link";
   if (DEPOSIT_SCREENS.has(screen)) return "deposit";
   if (screen === "token-picker" || screen === "select-source" || screen === "guest-token-picker") {
-    return userIntent === "configure-one-tap" ? "link" : "deposit";
+    return phase.step === "one-tap-setup" ? "link" : "deposit";
   }
   return null;
 }
 function StepRenderer(props) {
-  const isDesktop = shouldUseWalletConnector({
-    userAgent: typeof navigator === "undefined" ? void 0 : navigator.userAgent
-  });
-  const isReturningUser = props.state.activeCredentialId != null || typeof window !== "undefined" && window.localStorage.getItem("blink_active_credential") != null;
-  const screenState = {
-    privyReady: props.ready,
-    authenticated: props.authenticated,
-    verificationTarget: props.state.verificationTarget,
-    activeCredentialId: props.state.activeCredentialId,
-    knownCredentialIds: props.state.knownCredentialIds,
-    passkeyConfigLoaded: props.state.passkeyConfigLoaded,
-    passkeyPopupNeeded: props.state.passkeyPopupNeeded,
-    accounts: props.state.accounts,
-    isGuestFlow: props.state.isGuestFlow,
-    selectedProviderId: props.state.selectedProviderId,
-    mobileFlow: props.state.mobileFlow,
-    inlineAuthorizationExecuting: props.inlineAuthorizationExecuting,
-    creatingTransfer: props.state.creatingTransfer,
-    transfer: props.state.transfer,
-    pendingSelectSource: props.pendingSelectSource,
-    pendingOneTapSetup: props.pendingOneTapSetup,
-    oneTapLimitAlreadySaved: props.oneTapLimitAlreadySaved,
-    loadingData: props.state.loadingData,
-    isDesktop,
-    isReturningUser,
-    guestPreauthRedirect: props.state.guestPreauthAccountId != null,
-    loginRequested: props.state.loginRequested,
-    userIntent: props.state.userIntent,
-    selectedAccount: props.selectedAccount,
-    guestSettingSender: props.guestSettingSender
-  };
-  const screen = resolveScreen(screenState);
-  const phase = getFlowPhase(screen, props.state.userIntent);
-  return /* @__PURE__ */ jsxRuntime.jsx(FlowPhaseProvider, { phase, children: /* @__PURE__ */ jsxRuntime.jsx(StepRendererContent, { ...props, screen, isDesktop }) });
+  const screen = screenForPhase(props.flow.state.phase);
+  const flowPhase = getFlowPhase(screen, props.flow.state.phase);
+  return /* @__PURE__ */ jsxRuntime.jsx(FlowPhaseProvider, { phase: flowPhase, children: /* @__PURE__ */ jsxRuntime.jsx(StepRendererContent, { ...props, screen }) });
 }
 function StepRendererContent({
-  state,
-  authenticated,
-  activeOtpStatus,
-  pollingTransfer,
-  pollingError,
-  authExecutorError,
-  transferSigningSigning,
-  transferSigningError,
-  pendingConnections,
-  depositEligibleAccounts,
-  sourceName,
-  maxSourceBalance,
-  tokenCount,
-  selectedAccount,
-  selectedSource,
-  selectSourceChoices,
-  selectSourceRecommended,
-  selectSourceAvailableBalance,
-  guestTokenEntries,
-  guestLoadingBalances,
-  guestSettingSender,
-  authInput,
-  otpCode,
-  selectSourceChainName,
-  selectSourceTokenSymbol,
-  savingOneTapLimit,
-  merchantName,
-  onBack,
-  onDismiss,
-  depositAmount,
+  flow,
+  remote,
+  derived,
+  forms,
   handlers,
-  screen,
-  isDesktop
+  screen
 }) {
+  const {
+    state,
+    authenticated,
+    activeOtpStatus,
+    isDesktop,
+    merchantName,
+    onBack,
+    onDismiss,
+    depositAmount
+  } = flow;
+  const {
+    pollingTransfer,
+    pollingError,
+    authExecutorError,
+    transferSigningSigning,
+    transferSigningError
+  } = remote;
+  const {
+    pendingConnections,
+    depositEligibleAccounts,
+    sourceName,
+    maxSourceBalance,
+    tokenCount,
+    selectedAccount,
+    selectedSource,
+    selectSourceChoices,
+    selectSourceRecommended,
+    selectSourceAvailableBalance
+  } = derived;
+  const {
+    guestTokenEntries,
+    guestLoadingBalances,
+    guestSettingSender,
+    authInput,
+    otpCode,
+    selectSourceChainName,
+    selectSourceTokenSymbol,
+    savingOneTapLimit
+  } = forms;
   const selectedWallet = selectedAccount?.wallets.find((w) => w.id === state.selectedWalletId);
   const selectedSourceLabel = selectedSource && selectedWallet ? `${selectedSource.token.symbol} on ${selectedWallet.chain.name}` : void 0;
   switch (screen) {
@@ -6041,7 +6141,7 @@ function StepRendererContent({
           onPrepareProvider: handlers.onPrepareProvider,
           onSelectProvider: handlers.onSelectProvider,
           onContinueConnection: handlers.onContinueConnection,
-          onBack: isEntryPoint ? onBack : () => handlers.onSetUserIntent(null),
+          onBack: isEntryPoint ? onBack : () => handlers.onSetPhase({ step: "deposit" }),
           onLogout: authenticated ? handlers.onLogout : void 0,
           onLogin: handlers.onLogin,
           showLoginOption: isEntryPoint
@@ -6072,7 +6172,7 @@ function StepRendererContent({
           limit: state.oneTapLimit,
           tokensApproved: 0,
           merchantName,
-          onContinue: () => handlers.onSetUserIntent("configure-one-tap"),
+          onContinue: () => handlers.onSetPhase({ step: "one-tap-setup", action: null }),
           onLogout: handlers.onLogout,
           error: state.error || authExecutorError
         }
@@ -6091,7 +6191,7 @@ function StepRendererContent({
           tokenCount: effectiveTokenCount,
           sourceName,
           onSetupOneTap: handlers.onSetupOneTap,
-          onBack: () => handlers.onSetUserIntent(null),
+          onBack: () => handlers.onSetPhase({ step: "deposit" }),
           onLogout: handlers.onLogout,
           onAdvanced: handlers.onSelectToken,
           selectedSourceLabel: effectiveSourceLabel,
@@ -6127,7 +6227,7 @@ function StepRendererContent({
           processing: state.creatingTransfer,
           error: state.error,
           onDeposit: handlers.onPay,
-          onSwitchWallet: () => handlers.onSetUserIntent("switch-wallet"),
+          onSwitchWallet: () => handlers.onSetPhase({ step: "wallet-picker", reason: "switch" }),
           onBack: onBack ?? (() => handlers.onLogout()),
           onLogout: handlers.onLogout,
           onIncreaseLimit: handlers.onIncreaseLimit,
@@ -6136,7 +6236,7 @@ function StepRendererContent({
           selectedAccountId: state.selectedAccountId,
           onSelectAccount: handlers.onSelectAccount,
           onAuthorizeAccount: handlers.onContinueConnection,
-          onAddProvider: () => handlers.onSetUserIntent("switch-wallet"),
+          onAddProvider: () => handlers.onSetPhase({ step: "wallet-picker", reason: "switch" }),
           onSelectToken: handlers.onSelectToken,
           selectedSourceLabel,
           selectedTokenSymbol: selectedSource?.token.symbol
@@ -6154,7 +6254,7 @@ function StepRendererContent({
           chains: state.chains,
           onSelectAuthorized: handlers.onSelectAuthorizedToken,
           onAuthorizeToken: handlers.onAuthorizeToken,
-          onBack: () => handlers.onSetUserIntent(null),
+          onBack: () => handlers.onSetPhase({ step: "deposit" }),
           onLogout: handlers.onLogout,
           depositAmount: depositAmount ?? void 0,
           selectedTokenSymbol: selectedSource?.token.symbol,
@@ -6172,7 +6272,7 @@ function StepRendererContent({
           depositAmount: depositAmount ?? void 0,
           error: state.error,
           onSelect: handlers.onSelectGuestToken,
-          onBack: () => handlers.onSetUserIntent(null)
+          onBack: handlers.onGuestBackFromTokenPicker
         }
       );
     case "processing": {
@@ -6311,56 +6411,41 @@ var buttonStyle3 = {
   fontFamily: "inherit",
   cursor: "pointer"
 };
-function useDerivedState(state) {
+function selectedSourceForWallet(selectedWallet, selectedTokenSymbol) {
+  if (!selectedWallet) return null;
+  if (selectedTokenSymbol) {
+    return selectedWallet.sources.find((s) => s.token.symbol === selectedTokenSymbol) ?? null;
+  }
+  return selectedWallet.sources.find((s) => s.token.status === "AUTHORIZED") ?? selectedWallet.sources[0] ?? null;
+}
+function computeDerivedState(state) {
   const { sourceType, sourceId } = deriveSourceTypeAndId(state);
   const selectedAccount = state.accounts.find((a) => a.id === state.selectedAccountId);
   const selectedWallet = selectedAccount?.wallets.find(
     (w) => w.id === state.selectedWalletId
   );
-  const selectedSource = react.useMemo(() => {
-    if (!selectedWallet) return null;
-    if (state.selectedTokenSymbol) {
-      return selectedWallet.sources.find(
-        (s) => s.token.symbol === state.selectedTokenSymbol
-      ) ?? null;
-    }
-    return selectedWallet.sources.find((s) => s.token.status === "AUTHORIZED") ?? selectedWallet.sources[0] ?? null;
-  }, [selectedWallet, state.selectedTokenSymbol]);
+  const selectedSource = selectedSourceForWallet(selectedWallet, state.selectedTokenSymbol);
   const sourceName = selectedAccount?.name ?? selectedWallet?.chain.name ?? "Wallet";
-  const pendingConnections = react.useMemo(
-    () => state.accounts.filter(
-      (a) => a.wallets.length > 0 && !a.wallets.some((w) => w.status === "ACTIVE")
-    ),
-    [state.accounts]
-  );
-  const depositEligibleAccounts = react.useMemo(
-    () => getDepositEligibleAccounts(state.accounts),
-    [state.accounts]
+  const pendingConnections = state.accounts.filter(
+    (a) => a.wallets.length > 0 && !a.wallets.some((w) => w.status === "ACTIVE")
   );
-  const maxSourceBalance = react.useMemo(() => {
-    let max = 0;
-    for (const acct of state.accounts) {
-      for (const wallet of acct.wallets) {
-        for (const source of wallet.sources) {
-          if (source.balance.available.amount > max) {
-            max = source.balance.available.amount;
-          }
+  const depositEligibleAccounts = getDepositEligibleAccounts(state.accounts);
+  let maxSourceBalance = 0;
+  for (const acct of state.accounts) {
+    for (const wallet of acct.wallets) {
+      for (const source of wallet.sources) {
+        if (source.balance.available.amount > maxSourceBalance) {
+          maxSourceBalance = source.balance.available.amount;
         }
       }
     }
-    return max;
-  }, [state.accounts]);
-  const tokenCount = react.useMemo(() => {
-    let count = 0;
-    for (const acct of state.accounts) {
-      for (const wallet of acct.wallets) {
-        count += wallet.sources.filter(
-          (s) => s.balance.available.amount > 0
-        ).length;
-      }
+  }
+  let tokenCount = 0;
+  for (const acct of state.accounts) {
+    for (const wallet of acct.wallets) {
+      tokenCount += wallet.sources.filter((s) => s.balance.available.amount > 0).length;
     }
-    return count;
-  }, [state.accounts]);
+  }
   return {
     sourceType,
     sourceId,
@@ -6374,6 +6459,9 @@ function useDerivedState(state) {
     tokenCount
   };
 }
+function useDerivedState(state) {
+  return react.useMemo(() => computeDerivedState(state), [state]);
+}
 function useAuthHandlers(dispatch, verificationTarget) {
   const {
     sendCode: sendEmailCode,
@@ -6466,9 +6554,18 @@ function usePasskeyHandlers(dispatch, apiBaseUrl, accounts, knownCredentialIds,
   const { user, getAccessToken } = reactAuth.usePrivy();
   const checkingPasskeyRef = react.useRef(false);
   const activateExistingCredential = react.useCallback(async (credentialId) => {
-    dispatch({ type: "PASSKEY_ACTIVATED", credentialId });
-    window.localStorage.setItem(ACTIVE_CREDENTIAL_STORAGE_KEY, credentialId);
     const token = await getAccessToken();
+    let publicKey;
+    if (token) {
+      try {
+        const { config } = await fetchUserConfig(apiBaseUrl, token);
+        const allPasskeys = config.passkeys ?? (config.passkey ? [config.passkey] : []);
+        publicKey = allPasskeys.find((p) => p.credentialId === credentialId)?.publicKey;
+      } catch {
+      }
+    }
+    dispatch({ type: "PASSKEY_ACTIVATED", credentialId, publicKey });
+    window.localStorage.setItem(ACTIVE_CREDENTIAL_STORAGE_KEY, credentialId);
     if (token) {
       reportPasskeyActivity(apiBaseUrl, token, credentialId).catch(() => {
       });
@@ -6541,9 +6638,13 @@ function usePasskeyHandlers(dispatch, apiBaseUrl, accounts, knownCredentialIds,
         authToken: token ?? void 0,
         apiBaseUrl
       });
-      const { credentialId } = await createPasskeyViaPopup(popupOptions);
-      dispatch({ type: "PASSKEY_ACTIVATED", credentialId });
+      const { credentialId, publicKey } = await createPasskeyViaPopup(popupOptions);
+      dispatch({ type: "PASSKEY_ACTIVATED", credentialId, publicKey });
       localStorage.setItem(ACTIVE_CREDENTIAL_STORAGE_KEY, credentialId);
+      if (token) {
+        reportPasskeyActivity(apiBaseUrl, token, credentialId).catch(() => {
+        });
+      }
     } catch (err) {
       captureException(err);
       dispatch({
@@ -6559,19 +6660,25 @@ function usePasskeyHandlers(dispatch, apiBaseUrl, accounts, knownCredentialIds,
     dispatch({ type: "SET_ERROR", error: null });
     try {
       const token = await getAccessToken();
+      if (!token) throw new Error("Not authenticated");
       const matched = await findDevicePasskeyViaPopup({
         credentialIds: knownCredentialIds,
         rpId: resolvePasskeyRpId(),
-        authToken: token ?? void 0,
+        authToken: token,
         apiBaseUrl
       });
       if (matched) {
-        dispatch({ type: "PASSKEY_ACTIVATED", credentialId: matched });
-        window.localStorage.setItem(ACTIVE_CREDENTIAL_STORAGE_KEY, matched);
-        if (token) {
-          reportPasskeyActivity(apiBaseUrl, token, matched).catch(() => {
-          });
+        let publicKey;
+        try {
+          const { config } = await fetchUserConfig(apiBaseUrl, token);
+          const allPasskeys = config.passkeys ?? (config.passkey ? [config.passkey] : []);
+          publicKey = allPasskeys.find((p) => p.credentialId === matched)?.publicKey;
+        } catch {
         }
+        dispatch({ type: "PASSKEY_ACTIVATED", credentialId: matched, publicKey });
+        window.localStorage.setItem(ACTIVE_CREDENTIAL_STORAGE_KEY, matched);
+        reportPasskeyActivity(apiBaseUrl, token, matched).catch(() => {
+        });
       } else {
         dispatch({
           type: "SET_ERROR",
@@ -6939,7 +7046,9 @@ function useProviderHandlers(deps) {
     reauthTokenRef,
     authenticated,
     merchantAuthorization,
-    destination
+    destination,
+    guestSessionToken,
+    selectedProviderId
   } = deps;
   const wagmiConfig2 = wagmi.useConfig();
   const { connectAsync, connectors } = wagmi.useConnect();
@@ -7252,7 +7361,7 @@ function useProviderHandlers(deps) {
     reauthTokenRef
   ]);
   const handleNavigateToTokenPicker = react.useCallback(() => {
-    dispatch({ type: "SET_USER_INTENT", intent: "pick-token" });
+    dispatch({ type: "SET_USER_INTENT", intent: { step: "token-picker" } });
   }, [dispatch]);
   const handleSelectAuthorizedToken = react.useCallback((walletId, tokenSymbol) => {
     dispatch({ type: "SELECT_TOKEN", walletId, tokenSymbol });
@@ -7335,6 +7444,76 @@ function useProviderHandlers(deps) {
     reauthSessionIdRef,
     reauthTokenRef
   ]);
+  const handlePreauthorize = react.useCallback(async () => {
+    if (!guestSessionToken || !selectedProviderId) {
+      dispatch({
+        type: "SET_ERROR",
+        error: "Missing guest session or wallet provider. Try again from the payment screen."
+      });
+      return;
+    }
+    const isMobile = !shouldUseWalletConnector({
+      useWalletConnector: useWalletConnectorProp,
+      userAgent: typeof navigator === "undefined" ? void 0 : navigator.userAgent
+    });
+    const providerName = providers.find((p) => p.id === selectedProviderId)?.name ?? "Wallet";
+    if (!isMobile) {
+      dispatch({ type: "GUEST_PREAUTH_BEGIN" });
+    }
+    try {
+      const created = await createGuestAccount(
+        apiBaseUrl,
+        guestSessionToken,
+        selectedProviderId,
+        providerName
+      );
+      const session = await fetchAuthorizationSessionByToken(
+        apiBaseUrl,
+        created.sessionToken
+      );
+      if (isMobile) {
+        handlingMobileReturnRef.current = false;
+        mobileSetupFlowRef.current = true;
+        setupAccountIdRef.current = created.accountId;
+        persistMobileFlowState({
+          accountId: created.accountId,
+          sessionId: session.id,
+          deeplinkUri: created.sessionUri,
+          providerId: selectedProviderId,
+          isSetup: true,
+          guestSessionToken
+        });
+        triggerDeeplink(created.sessionUri);
+        dispatch({ type: "MOBILE_DEEPLINK_READY", deeplinkUri: created.sessionUri });
+      }
+      dispatch({
+        type: "GUEST_PREAUTH_DETECTED",
+        accountId: created.accountId,
+        sessionId: session.id
+      });
+    } catch (err) {
+      captureException(err);
+      if (!isMobile) {
+        dispatch({ type: "GUEST_PREAUTH_END" });
+      }
+      dispatch({
+        type: "SET_ERROR",
+        error: err instanceof Error ? err.message : "Failed to start preauthorization"
+      });
+      onError?.(err instanceof Error ? err.message : "Failed to start preauthorization");
+    }
+  }, [
+    guestSessionToken,
+    selectedProviderId,
+    providers,
+    apiBaseUrl,
+    dispatch,
+    onError,
+    useWalletConnectorProp,
+    mobileSetupFlowRef,
+    handlingMobileReturnRef,
+    setupAccountIdRef
+  ]);
   return {
     handlePrepareProvider,
     handleSelectProvider,
@@ -7343,7 +7522,8 @@ function useProviderHandlers(deps) {
     handleIncreaseLimit,
     handleNavigateToTokenPicker,
     handleSelectAuthorizedToken,
-    handleAuthorizeToken
+    handleAuthorizeToken,
+    handlePreauthorize
   };
 }
@@ -7547,11 +7727,15 @@ function useGuestTransferHandlers(deps) {
     };
     execute();
   }, [isGuestFlow, guestTransferId, guestSessionToken, settingSender, apiBaseUrl, wagmiConfig2, switchChainAsync, dispatch, onComplete, onError]);
+  const handleGuestBackFromTokenPicker = react.useCallback(() => {
+    dispatch({ type: "GUEST_BACK_FROM_TOKEN_PICKER" });
+  }, [dispatch]);
   return {
     guestTokenEntries,
     loadingBalances,
     settingSender,
-    handleSelectGuestToken
+    handleSelectGuestToken,
+    handleGuestBackFromTokenPicker
   };
 }
 function useOneTapSetupHandlers(deps) {
@@ -7561,16 +7745,24 @@ function useOneTapSetupHandlers(deps) {
     apiBaseUrl,
     authExecutor,
     selectSourceChainName,
-    selectSourceTokenSymbol
+    selectSourceTokenSymbol,
+    authorizationSessionIdForGuest
   } = deps;
   const [savingOneTapLimit, setSavingOneTapLimit] = react.useState(false);
-  const oneTapLimitSavedDuringSetupRef = react.useRef(false);
   const handleSetupOneTap = react.useCallback(async (limit) => {
     setSavingOneTapLimit(true);
     try {
-      const token = await getAccessToken();
-      if (!token) throw new Error("Not authenticated");
-      await updateUserConfig(apiBaseUrl, token, { defaultAllowance: limit });
+      if (authorizationSessionIdForGuest) {
+        await updateUserConfigBySession(
+          apiBaseUrl,
+          authorizationSessionIdForGuest,
+          { defaultAllowance: limit }
+        );
+      } else {
+        const token = await getAccessToken();
+        if (!token) throw new Error("Not authenticated");
+        await updateUserConfig(apiBaseUrl, token, { defaultAllowance: limit });
+      }
       if (authExecutor.pendingSelectSource) {
         const action = authExecutor.pendingSelectSource;
         const recommended = action.metadata?.recommended;
@@ -7585,12 +7777,12 @@ function useOneTapSetupHandlers(deps) {
           chainName = recommended?.chainName ?? choices[0]?.chainName ?? "Base";
           tokenSymbol = recommended?.tokenSymbol ?? choices[0]?.tokens[0]?.tokenSymbol ?? "USDC";
         }
-        oneTapLimitSavedDuringSetupRef.current = true;
+        dispatch({ type: "SET_ONE_TAP_LIMIT_SAVED_DURING_SETUP", saved: true });
         authExecutor.resolveSelectSource({ chainName, tokenSymbol });
       } else if (authExecutor.pendingOneTapSetup) {
         authExecutor.resolveOneTapSetup();
       }
-      dispatch({ type: "SET_USER_INTENT", intent: null });
+      dispatch({ type: "SET_USER_INTENT", intent: { step: "deposit" } });
     } catch (err) {
       captureException(err);
       dispatch({
@@ -7600,127 +7792,84 @@ function useOneTapSetupHandlers(deps) {
     } finally {
       setSavingOneTapLimit(false);
     }
-  }, [getAccessToken, apiBaseUrl, authExecutor, dispatch, selectSourceChainName, selectSourceTokenSymbol]);
+  }, [
+    getAccessToken,
+    apiBaseUrl,
+    authExecutor,
+    dispatch,
+    selectSourceChainName,
+    selectSourceTokenSymbol,
+    authorizationSessionIdForGuest
+  ]);
   return {
     handleSetupOneTap,
-    savingOneTapLimit,
-    oneTapLimitSavedDuringSetupRef
+    savingOneTapLimit
   };
 }
-// src/dataLoading.ts
-function resolveDataLoadAction({
-  authenticated,
-  accountsCount,
-  hasActiveCredential,
-  loading
-}) {
-  if (!authenticated || accountsCount > 0 || !hasActiveCredential) {
-    return "reset";
-  }
-  if (loading) {
-    return "wait";
-  }
-  return "load";
-}
-// src/processingStatus.ts
-var PROCESSING_TIMEOUT_MS = 18e4;
-function resolvePreferredTransfer(polledTransfer, localTransfer) {
-  return polledTransfer ?? localTransfer;
-}
-function getTransferStatus(polledTransfer, localTransfer) {
-  const transfer = resolvePreferredTransfer(polledTransfer, localTransfer);
-  return transfer?.status ?? "UNKNOWN";
-}
-function hasProcessingTimedOut(processingStartedAtMs, nowMs) {
-  if (!processingStartedAtMs) return false;
-  return nowMs - processingStartedAtMs >= PROCESSING_TIMEOUT_MS;
-}
-var STATUS_DISPLAY_LABELS = {
-  CREATED: "created",
-  AUTHORIZED: "authorized",
-  SENDING: "sending",
-  SENT: "confirming delivery",
-  COMPLETED: "completed",
-  FAILED: "failed"
-};
-function getStatusDisplayLabel(status) {
-  return STATUS_DISPLAY_LABELS[status] ?? status;
-}
-function buildProcessingTimeoutMessage(status) {
-  const label = getStatusDisplayLabel(status);
-  return `Payment is taking longer than expected (status: ${label}). Please try again.`;
+function usePrivySessionSyncEffect(deps) {
+  const { dispatch, ready, authenticated } = deps;
+  react.useEffect(() => {
+    dispatch({
+      type: "SYNC_PRIVY_SESSION",
+      ready,
+      authenticated
+    });
+  }, [dispatch, ready, authenticated]);
 }
-// src/hooks/usePaymentEffects.ts
-function usePaymentEffects(deps) {
+function useOtpEffects(deps) {
   const {
     state,
     dispatch,
-    ready,
     authenticated,
-    apiBaseUrl,
-    depositAmount,
-    onComplete,
-    onError,
-    polling,
-    authExecutor,
-    reloadAccounts,
     activeOtpStatus,
     activeOtpErrorMessage,
     otpCode,
-    handleVerifyLoginCode,
+    handleVerifyLoginCode
+  } = deps;
+  react.useEffect(() => {
+    if (authenticated || !state.verificationTarget) return;
+    if (activeOtpErrorMessage) dispatch({ type: "SET_ERROR", error: activeOtpErrorMessage });
+  }, [activeOtpErrorMessage, authenticated, state.verificationTarget, dispatch]);
+  react.useEffect(() => {
+    if (state.verificationTarget && !authenticated && /^\d{6}$/.test(otpCode.trim()) && activeOtpStatus === "awaiting-code-input") {
+      handleVerifyLoginCode();
+    }
+  }, [otpCode, state.verificationTarget, authenticated, activeOtpStatus, handleVerifyLoginCode]);
+}
+function usePasskeyCheckEffect(deps) {
+  const {
+    dispatch,
+    ready,
+    authenticated,
+    apiBaseUrl,
+    activeCredentialId,
+    passkeyConfigLoaded,
+    checkingPasskeyRef,
     setAuthInput,
     setOtpCode,
+    polling,
     mobileSetupFlowRef,
     handlingMobileReturnRef,
     setupAccountIdRef,
     reauthSessionIdRef,
     reauthTokenRef,
-    loadingDataRef,
-    pollingTransferIdRef,
-    processingStartedAtRef,
-    checkingPasskeyRef,
-    pendingSelectSourceAction,
-    selectSourceChoices,
-    selectSourceRecommended,
-    setSelectSourceChainName,
-    setSelectSourceTokenSymbol,
-    initializedSelectSourceActionRef,
-    oneTapLimitSavedDuringSetupRef,
-    handleAuthorizedMobileReturn
+    pollingTransferIdRef
   } = deps;
   const { getAccessToken } = reactAuth.usePrivy();
-  const onCompleteRef = react.useRef(onComplete);
-  onCompleteRef.current = onComplete;
+  const onCompleteRef = react.useRef(deps.onComplete);
+  onCompleteRef.current = deps.onComplete;
   const getAccessTokenRef = react.useRef(getAccessToken);
   getAccessTokenRef.current = getAccessToken;
   const pollingRef = react.useRef(polling);
   pollingRef.current = polling;
-  const handleAuthorizedMobileReturnRef = react.useRef(handleAuthorizedMobileReturn);
-  handleAuthorizedMobileReturnRef.current = handleAuthorizedMobileReturn;
-  const lastAccountFetchRef = react.useRef(0);
-  react.useEffect(() => {
-    if (depositAmount != null) {
-      dispatch({ type: "SYNC_AMOUNT", amount: depositAmount.toString() });
-    }
-  }, [depositAmount, dispatch]);
-  react.useEffect(() => {
-    if (authenticated || !state.verificationTarget) return;
-    if (activeOtpErrorMessage) dispatch({ type: "SET_ERROR", error: activeOtpErrorMessage });
-  }, [activeOtpErrorMessage, authenticated, state.verificationTarget, dispatch]);
-  react.useEffect(() => {
-    if (state.verificationTarget && !authenticated && /^\d{6}$/.test(otpCode.trim()) && activeOtpStatus === "awaiting-code-input") {
-      handleVerifyLoginCode();
-    }
-  }, [otpCode, state.verificationTarget, authenticated, activeOtpStatus, handleVerifyLoginCode]);
+  const handleAuthorizedMobileReturnRef = react.useRef(deps.handleAuthorizedMobileReturn);
+  handleAuthorizedMobileReturnRef.current = deps.handleAuthorizedMobileReturn;
   react.useEffect(() => {
     if (!ready || !authenticated) {
       checkingPasskeyRef.current = false;
       return;
     }
-    if (state.passkeyConfigLoaded || state.activeCredentialId) return;
+    if (passkeyConfigLoaded || activeCredentialId) return;
     if (checkingPasskeyRef.current) return;
     checkingPasskeyRef.current = true;
     let cancelled = false;
@@ -7818,11 +7967,7 @@ function usePaymentEffects(deps) {
               return;
             }
             if (existingTransfer.status === "AUTHORIZED") {
-              if (persisted.isSetup) {
-                await handleAuthorizedMobileReturnRef.current(existingTransfer, true);
-              } else {
-                await handleAuthorizedMobileReturnRef.current(existingTransfer, false);
-              }
+              await handleAuthorizedMobileReturnRef.current(existingTransfer, !!persisted.isSetup);
               return;
             }
             if (persisted.isSetup) {
@@ -7864,7 +8009,18 @@ function usePaymentEffects(deps) {
           if (token || cancelled) break;
           await new Promise((r) => setTimeout(r, 1e3));
         }
-        if (!token || cancelled) return;
+        if (cancelled) return;
+        if (!token) {
+          dispatch({
+            type: "PASSKEY_CONFIG_LOADED",
+            knownIds: []
+          });
+          dispatch({
+            type: "SET_ERROR",
+            error: "Could not refresh your session. Try signing in again."
+          });
+          return;
+        }
         const { config } = await fetchUserConfig(apiBaseUrl, token);
         if (cancelled) return;
         const allPasskeys = config.passkeys ?? (config.passkey ? [config.passkey] : []);
@@ -7873,11 +8029,13 @@ function usePaymentEffects(deps) {
           knownIds: allPasskeys.map((p) => p.credentialId),
           oneTapLimit: config.defaultAllowance ?? void 0
         });
-        if (allPasskeys.length === 0) {
-          return;
-        }
-        if (state.activeCredentialId && allPasskeys.some((p) => p.credentialId === state.activeCredentialId)) {
-          await restoreState(state.activeCredentialId, token);
+        if (allPasskeys.length === 0) return;
+        if (activeCredentialId && allPasskeys.some((p) => p.credentialId === activeCredentialId)) {
+          const pk = allPasskeys.find((p) => p.credentialId === activeCredentialId)?.publicKey;
+          if (pk) {
+            dispatch({ type: "PASSKEY_ACTIVATED", credentialId: activeCredentialId, publicKey: pk });
+          }
+          await restoreState(activeCredentialId, token);
           return;
         }
         if (cancelled) return;
@@ -7895,13 +8053,22 @@ function usePaymentEffects(deps) {
         }
         if (cancelled) return;
         if (matched) {
-          dispatch({ type: "PASSKEY_ACTIVATED", credentialId: matched });
+          const publicKey = allPasskeys.find((p) => p.credentialId === matched)?.publicKey;
+          dispatch({ type: "PASSKEY_ACTIVATED", credentialId: matched, publicKey });
           window.localStorage.setItem(ACTIVE_CREDENTIAL_STORAGE_KEY, matched);
           reportPasskeyActivity(apiBaseUrl, token, matched).catch(() => {
           });
           await restoreState(matched, token);
         }
-      } catch {
+      } catch (err) {
+        dispatch({
+          type: "PASSKEY_CONFIG_LOADED",
+          knownIds: []
+        });
+        dispatch({
+          type: "SET_ERROR",
+          error: err instanceof Error ? err.message : "Unable to load passkey settings."
+        });
       }
     };
     checkPasskey();
@@ -7909,7 +8076,39 @@ function usePaymentEffects(deps) {
       cancelled = true;
       checkingPasskeyRef.current = false;
     };
-  }, [ready, authenticated, apiBaseUrl, state.activeCredentialId, state.passkeyConfigLoaded]);
+  }, [ready, authenticated, apiBaseUrl, activeCredentialId, passkeyConfigLoaded]);
+}
+// src/dataLoading.ts
+function resolveDataLoadAction({
+  authenticated,
+  accountsCount,
+  hasActiveCredential,
+  loading
+}) {
+  if (!authenticated || accountsCount > 0 || !hasActiveCredential) {
+    return "reset";
+  }
+  if (loading) {
+    return "wait";
+  }
+  return "load";
+}
+// src/hooks/useDataLoadEffect.ts
+function useDataLoadEffect(deps) {
+  const {
+    state,
+    dispatch,
+    authenticated,
+    apiBaseUrl,
+    depositAmount,
+    loadingDataRef
+  } = deps;
+  const { getAccessToken } = reactAuth.usePrivy();
+  const getAccessTokenRef = react.useRef(getAccessToken);
+  getAccessTokenRef.current = getAccessToken;
+  const lastAccountFetchRef = react.useRef(0);
   react.useEffect(() => {
     const loadAction = resolveDataLoadAction({
       authenticated,
@@ -8009,6 +8208,61 @@ function usePaymentEffects(deps) {
       cancelled = true;
     };
   }, [authenticated, state.providers.length, state.activeCredentialId, apiBaseUrl]);
+  react.useEffect(() => {
+    if (state.accounts.length > 0 && state.activeCredentialId && !state.loadingData && !state.transfer && authenticated && Date.now() - lastAccountFetchRef.current > 15e3) {
+      lastAccountFetchRef.current = Date.now();
+      deps.reloadAccounts();
+    }
+  }, [
+    state.accounts.length,
+    state.activeCredentialId,
+    state.loadingData,
+    state.transfer,
+    authenticated,
+    deps
+  ]);
+}
+// src/processingStatus.ts
+var PROCESSING_TIMEOUT_MS = 18e4;
+function resolvePreferredTransfer(polledTransfer, localTransfer) {
+  return polledTransfer ?? localTransfer;
+}
+function getTransferStatus(polledTransfer, localTransfer) {
+  const transfer = resolvePreferredTransfer(polledTransfer, localTransfer);
+  return transfer?.status ?? "UNKNOWN";
+}
+function hasProcessingTimedOut(processingStartedAtMs, nowMs) {
+  if (!processingStartedAtMs) return false;
+  return nowMs - processingStartedAtMs >= PROCESSING_TIMEOUT_MS;
+}
+var STATUS_DISPLAY_LABELS = {
+  CREATED: "created",
+  AUTHORIZED: "authorized",
+  SENDING: "sending",
+  SENT: "confirming delivery",
+  COMPLETED: "completed",
+  FAILED: "failed"
+};
+function getStatusDisplayLabel(status) {
+  return STATUS_DISPLAY_LABELS[status] ?? status;
+}
+function buildProcessingTimeoutMessage(status) {
+  const label = getStatusDisplayLabel(status);
+  return `Payment is taking longer than expected (status: ${label}). Please try again.`;
+}
+// src/hooks/useProcessingEffect.ts
+function useProcessingEffect(deps) {
+  const {
+    state,
+    dispatch,
+    polling,
+    processingStartedAtRef,
+    onComplete,
+    onError,
+    reloadAccounts
+  } = deps;
   react.useEffect(() => {
     if (!polling.transfer) return;
     if (polling.transfer.status === "COMPLETED") {
@@ -8021,19 +8275,6 @@ function usePaymentEffects(deps) {
       dispatch({ type: "TRANSFER_FAILED", transfer: polling.transfer, error: "Transfer failed." });
     }
   }, [polling.transfer, onComplete, dispatch, reloadAccounts]);
-  react.useEffect(() => {
-    if (state.accounts.length > 0 && state.activeCredentialId && !state.loadingData && !state.transfer && authenticated && Date.now() - lastAccountFetchRef.current > 15e3) {
-      lastAccountFetchRef.current = Date.now();
-      reloadAccounts();
-    }
-  }, [
-    state.accounts.length,
-    state.activeCredentialId,
-    state.loadingData,
-    state.transfer,
-    authenticated,
-    reloadAccounts
-  ]);
   react.useEffect(() => {
     const isProcessing = state.creatingTransfer || state.transfer != null && ["CREATED", "SENDING", "SENT"].includes(state.transfer.status);
     if (!isProcessing) {
@@ -8069,6 +8310,26 @@ function usePaymentEffects(deps) {
     dispatch,
     processingStartedAtRef
   ]);
+}
+function useMobilePollingEffect(deps) {
+  const {
+    state,
+    dispatch,
+    polling,
+    mobileSetupFlowRef,
+    handlingMobileReturnRef,
+    setupAccountIdRef,
+    reauthSessionIdRef,
+    reauthTokenRef,
+    pollingTransferIdRef,
+    reloadAccounts,
+    apiBaseUrl
+  } = deps;
+  const { getAccessToken } = reactAuth.usePrivy();
+  const getAccessTokenRef = react.useRef(getAccessToken);
+  getAccessTokenRef.current = getAccessToken;
+  const handleAuthorizedMobileReturnRef = react.useRef(deps.handleAuthorizedMobileReturn);
+  handleAuthorizedMobileReturnRef.current = deps.handleAuthorizedMobileReturn;
   react.useEffect(() => {
     if (!state.mobileFlow) {
       handlingMobileReturnRef.current = false;
@@ -8077,8 +8338,8 @@ function usePaymentEffects(deps) {
     if (handlingMobileReturnRef.current) return;
     const polledTransfer = polling.transfer;
     if (!polledTransfer || polledTransfer.status !== "AUTHORIZED") return;
-    void handleAuthorizedMobileReturn(polledTransfer, mobileSetupFlowRef.current);
-  }, [state.mobileFlow, polling.transfer, handleAuthorizedMobileReturn, handlingMobileReturnRef, mobileSetupFlowRef]);
+    void handleAuthorizedMobileReturnRef.current(polledTransfer, mobileSetupFlowRef.current);
+  }, [state.mobileFlow, polling.transfer, handlingMobileReturnRef, mobileSetupFlowRef]);
   react.useEffect(() => {
     if (!state.mobileFlow || !mobileSetupFlowRef.current) return;
     if (!state.activeCredentialId || !setupAccountIdRef.current) return;
@@ -8154,14 +8415,10 @@ function usePaymentEffects(deps) {
     poll();
     const intervalId = window.setInterval(poll, POLL_INTERVAL_MS);
     const handleVisibility = () => {
-      if (document.visibilityState === "visible" && !cancelled) {
-        poll();
-      }
+      if (document.visibilityState === "visible" && !cancelled) poll();
     };
     const handlePageShow = (e) => {
-      if (e.persisted && !cancelled) {
-        poll();
-      }
+      if (e.persisted && !cancelled) poll();
     };
     document.addEventListener("visibilitychange", handleVisibility);
     window.addEventListener("pageshow", handlePageShow);
@@ -8212,6 +8469,16 @@ function usePaymentEffects(deps) {
     handlingMobileReturnRef,
     pollingTransferIdRef
   ]);
+}
+function useSelectSourceEffect(deps) {
+  const {
+    pendingSelectSourceAction,
+    selectSourceChoices,
+    selectSourceRecommended,
+    setSelectSourceChainName,
+    setSelectSourceTokenSymbol,
+    initializedSelectSourceActionRef
+  } = deps;
   react.useEffect(() => {
     if (!pendingSelectSourceAction) {
       initializedSelectSourceActionRef.current = null;
@@ -8242,38 +8509,27 @@ function usePaymentEffects(deps) {
     setSelectSourceTokenSymbol,
     initializedSelectSourceActionRef
   ]);
+}
+function useOneTapAutoResolveEffect(deps) {
+  const { authExecutor, dispatch, oneTapLimitSavedDuringSetup, reloadAccounts } = deps;
   const pendingOneTapSetupAction = authExecutor.pendingOneTapSetup;
   react.useEffect(() => {
-    if (pendingOneTapSetupAction && oneTapLimitSavedDuringSetupRef.current) {
-      oneTapLimitSavedDuringSetupRef.current = false;
+    if (pendingOneTapSetupAction && oneTapLimitSavedDuringSetup) {
+      dispatch({ type: "SET_ONE_TAP_LIMIT_SAVED_DURING_SETUP", saved: false });
       authExecutor.resolveOneTapSetup();
     }
-  }, [pendingOneTapSetupAction, authExecutor, oneTapLimitSavedDuringSetupRef]);
+  }, [pendingOneTapSetupAction, authExecutor, dispatch, oneTapLimitSavedDuringSetup]);
   react.useEffect(() => {
-    if (pendingOneTapSetupAction && !oneTapLimitSavedDuringSetupRef.current) {
+    if (pendingOneTapSetupAction && !oneTapLimitSavedDuringSetup) {
       reloadAccounts();
     }
-  }, [pendingOneTapSetupAction, reloadAccounts, oneTapLimitSavedDuringSetupRef]);
-  react.useEffect(() => {
-    if (!state.guestSessionToken) return;
-    if (state.guestPreauthAccountId) return;
-    if (!state.transfer || state.transfer.status !== "COMPLETED") return;
-    let cancelled = false;
-    const checkGuestAccount = async () => {
-      try {
-        const result = await fetchGuestAccount(apiBaseUrl, state.guestSessionToken);
-        if (cancelled) return;
-        if (result && !result.hasPasskey) {
-          dispatch({ type: "GUEST_PREAUTH_DETECTED", accountId: result.accountId });
-        }
-      } catch {
-      }
-    };
-    checkGuestAccount();
-    return () => {
-      cancelled = true;
-    };
-  }, [state.transfer, state.guestSessionToken, state.guestPreauthAccountId, apiBaseUrl, dispatch]);
+  }, [pendingOneTapSetupAction, reloadAccounts, oneTapLimitSavedDuringSetup]);
+}
+function useGuestPreauthEffect(deps) {
+  const { state, dispatch, authenticated, apiBaseUrl, reloadAccounts } = deps;
+  const { getAccessToken } = reactAuth.usePrivy();
+  const getAccessTokenRef = react.useRef(getAccessToken);
+  getAccessTokenRef.current = getAccessToken;
   const settingOwnerRef = react.useRef(false);
   react.useEffect(() => {
     if (!state.guestPreauthAccountId) return;
@@ -8282,6 +8538,8 @@ function usePaymentEffects(deps) {
     if (!authenticated) return;
     if (!state.guestSessionToken) return;
     if (settingOwnerRef.current) return;
+    const hasActive = state.accounts.some((a) => a.wallets.some((w) => w.status === "ACTIVE"));
+    if (!hasActive) return;
     settingOwnerRef.current = true;
     let cancelled = false;
     const setOwner = async () => {
@@ -8319,12 +8577,69 @@ function usePaymentEffects(deps) {
     state.activeCredentialId,
     state.activePublicKey,
     state.guestSessionToken,
+    state.accounts,
     authenticated,
     apiBaseUrl,
     dispatch,
     reloadAccounts
   ]);
 }
+function useGuestDesktopPreauthSessionEffect(deps) {
+  const { state, authExecutor, reloadAccounts, dispatch, desktopGuestPreauth } = deps;
+  const preauthExecutingRef = react.useRef(false);
+  react.useEffect(() => {
+    if (!desktopGuestPreauth) return;
+    if (!state.guestPreauthorizing) return;
+    if (!state.guestPreauthSessionId || preauthExecutingRef.current) return;
+    preauthExecutingRef.current = true;
+    const runPreauthSession = async () => {
+      try {
+        await authExecutor.executeSessionById(state.guestPreauthSessionId);
+        await reloadAccounts();
+      } catch {
+      } finally {
+        preauthExecutingRef.current = false;
+        dispatch({ type: "GUEST_PREAUTH_END" });
+      }
+    };
+    void runPreauthSession();
+  }, [
+    desktopGuestPreauth,
+    state.guestPreauthorizing,
+    state.guestPreauthSessionId,
+    authExecutor,
+    reloadAccounts,
+    dispatch
+  ]);
+}
+function useGuestPreauthPhaseSyncEffect(deps) {
+  const { state, dispatch, authExecutor, isDesktop } = deps;
+  react.useEffect(() => {
+    if (!state.guestPreauthorizing || !isDesktop) return;
+    const pending = authExecutor.pendingSelectSource;
+    if (pending) {
+      const intent = {
+        step: "select-source",
+        action: pending,
+        isDesktop
+      };
+      if (state.phase.step === "select-source" && state.phase.action.id === pending.id) {
+        return;
+      }
+      dispatch({ type: "SET_USER_INTENT", intent });
+      return;
+    }
+    if (state.phase.step === "select-source") {
+      dispatch({ type: "SET_USER_INTENT", intent: { step: "one-tap-setup", action: null } });
+    }
+  }, [
+    state.guestPreauthorizing,
+    state.phase,
+    isDesktop,
+    authExecutor.pendingSelectSource,
+    dispatch
+  ]);
+}
 function BlinkPayment(props) {
   const resetKey = react.useRef(0);
   const handleBoundaryReset = react.useCallback(() => {
@@ -8346,6 +8661,10 @@ function BlinkPaymentInner({
   const { apiBaseUrl, depositAmount } = useBlinkConfig();
   const { ready, authenticated, logout, getAccessToken } = reactAuth.usePrivy();
   reactAuth.useLoginWithOAuth();
+  const isDesktop = shouldUseWalletConnector({
+    useWalletConnector: useWalletConnectorProp,
+    userAgent: typeof navigator === "undefined" ? void 0 : navigator.userAgent
+  });
   const [state, dispatch] = react.useReducer(
     paymentReducer,
     {
@@ -8429,7 +8748,9 @@ function BlinkPaymentInner({
     reauthTokenRef: mobileFlowRefs.reauthTokenRef,
     authenticated,
     merchantAuthorization,
-    destination
+    destination,
+    guestSessionToken: state.guestSessionToken,
+    selectedProviderId: state.selectedProviderId
   });
   const oneTapSetup = useOneTapSetupHandlers({
     dispatch,
@@ -8437,7 +8758,8 @@ function BlinkPaymentInner({
     apiBaseUrl,
     authExecutor,
     selectSourceChainName: sourceSelection.selectSourceChainName,
-    selectSourceTokenSymbol: sourceSelection.selectSourceTokenSymbol
+    selectSourceTokenSymbol: sourceSelection.selectSourceTokenSymbol,
+    authorizationSessionIdForGuest: state.guestPreauthSessionId
   });
   const guestTransfer = useGuestTransferHandlers({
     dispatch,
@@ -8451,13 +8773,12 @@ function BlinkPaymentInner({
     clearMobileFlowState();
     transfer.processingStartedAtRef.current = null;
     transfer.pollingTransferIdRef.current = null;
-    oneTapSetup.oneTapLimitSavedDuringSetupRef.current = false;
     dispatch({
       type: "NEW_PAYMENT",
       depositAmount,
       firstAccountId: state.accounts.length > 0 ? state.accounts[0].id : null
     });
-  }, [depositAmount, state.accounts, transfer, oneTapSetup]);
+  }, [depositAmount, state.accounts, transfer]);
   const handleLogout = react.useCallback(async () => {
     try {
       await logout();
@@ -8469,65 +8790,113 @@ function BlinkPaymentInner({
     }
     polling.stopPolling();
     passkey.checkingPasskeyRef.current = false;
-    oneTapSetup.oneTapLimitSavedDuringSetupRef.current = false;
     auth.setAuthInput("");
     auth.setOtpCode("");
-    dispatch({ type: "LOGOUT", depositAmount });
-  }, [logout, polling, depositAmount, auth, passkey, oneTapSetup]);
-  usePaymentEffects({
+    dispatch({ type: "LOGOUT", depositAmount, privyReady: ready });
+  }, [logout, polling, depositAmount, auth, passkey, ready]);
+  react.useEffect(() => {
+    if (depositAmount != null) {
+      dispatch({ type: "SYNC_AMOUNT", amount: depositAmount.toString() });
+    }
+  }, [depositAmount, dispatch]);
+  usePrivySessionSyncEffect({ dispatch, ready, authenticated });
+  useOtpEffects({
     state,
     dispatch,
-    ready,
     authenticated,
-    apiBaseUrl,
-    depositAmount,
-    onComplete,
-    onError,
-    polling,
-    authExecutor,
-    reloadAccounts: transfer.reloadAccounts,
     activeOtpStatus: auth.activeOtpStatus,
     activeOtpErrorMessage: auth.activeOtpErrorMessage,
     otpCode: auth.otpCode,
     handleVerifyLoginCode: auth.handleVerifyLoginCode,
     setAuthInput: auth.setAuthInput,
+    setOtpCode: auth.setOtpCode
+  });
+  usePasskeyCheckEffect({
+    dispatch,
+    ready,
+    authenticated,
+    apiBaseUrl,
+    activeCredentialId: state.activeCredentialId,
+    passkeyConfigLoaded: state.passkeyConfigLoaded,
+    checkingPasskeyRef: passkey.checkingPasskeyRef,
+    setAuthInput: auth.setAuthInput,
     setOtpCode: auth.setOtpCode,
+    polling,
     mobileSetupFlowRef: mobileFlowRefs.mobileSetupFlowRef,
     handlingMobileReturnRef: mobileFlowRefs.handlingMobileReturnRef,
     setupAccountIdRef: mobileFlowRefs.setupAccountIdRef,
     reauthSessionIdRef: mobileFlowRefs.reauthSessionIdRef,
     reauthTokenRef: mobileFlowRefs.reauthTokenRef,
-    loadingDataRef: mobileFlowRefs.loadingDataRef,
     pollingTransferIdRef: transfer.pollingTransferIdRef,
+    handleAuthorizedMobileReturn: mobileFlow.handleAuthorizedMobileReturn,
+    onComplete
+  });
+  useDataLoadEffect({
+    state,
+    dispatch,
+    authenticated,
+    apiBaseUrl,
+    depositAmount,
+    loadingDataRef: mobileFlowRefs.loadingDataRef,
+    reloadAccounts: transfer.reloadAccounts
+  });
+  useProcessingEffect({
+    state,
+    dispatch,
+    polling,
     processingStartedAtRef: transfer.processingStartedAtRef,
-    checkingPasskeyRef: passkey.checkingPasskeyRef,
+    onComplete,
+    onError,
+    reloadAccounts: transfer.reloadAccounts
+  });
+  useMobilePollingEffect({
+    state,
+    dispatch,
+    polling,
+    mobileSetupFlowRef: mobileFlowRefs.mobileSetupFlowRef,
+    handlingMobileReturnRef: mobileFlowRefs.handlingMobileReturnRef,
+    setupAccountIdRef: mobileFlowRefs.setupAccountIdRef,
+    reauthSessionIdRef: mobileFlowRefs.reauthSessionIdRef,
+    reauthTokenRef: mobileFlowRefs.reauthTokenRef,
+    pollingTransferIdRef: transfer.pollingTransferIdRef,
+    reloadAccounts: transfer.reloadAccounts,
+    handleAuthorizedMobileReturn: mobileFlow.handleAuthorizedMobileReturn,
+    apiBaseUrl
+  });
+  useSelectSourceEffect({
     pendingSelectSourceAction: sourceSelection.pendingSelectSourceAction,
     selectSourceChoices: sourceSelection.selectSourceChoices,
     selectSourceRecommended: sourceSelection.selectSourceRecommended,
     setSelectSourceChainName: sourceSelection.setSelectSourceChainName,
     setSelectSourceTokenSymbol: sourceSelection.setSelectSourceTokenSymbol,
-    initializedSelectSourceActionRef: sourceSelection.initializedSelectSourceActionRef,
-    oneTapLimitSavedDuringSetupRef: oneTapSetup.oneTapLimitSavedDuringSetupRef,
-    handleAuthorizedMobileReturn: mobileFlow.handleAuthorizedMobileReturn
+    initializedSelectSourceActionRef: sourceSelection.initializedSelectSourceActionRef
   });
-  const autoSelectingRef = react.useRef(false);
-  react.useEffect(() => {
-    if (!state.isGuestFlow || !state.selectedProviderId || !state.activeCredentialId || !authenticated || autoSelectingRef.current || state.transfer != null) return;
-    const hasActive = state.accounts.some((a) => a.wallets.some((w) => w.status === "ACTIVE"));
-    if (hasActive) return;
-    autoSelectingRef.current = true;
-    provider.handleSelectProvider(state.selectedProviderId).finally(() => {
-      autoSelectingRef.current = false;
-    });
-  }, [
-    state.isGuestFlow,
-    state.selectedProviderId,
-    state.activeCredentialId,
-    state.transfer,
-    state.accounts,
+  useOneTapAutoResolveEffect({
+    authExecutor,
+    dispatch,
+    oneTapLimitSavedDuringSetup: state.oneTapLimitSavedDuringSetup,
+    reloadAccounts: transfer.reloadAccounts
+  });
+  useGuestPreauthEffect({
+    state,
+    dispatch,
     authenticated,
-    provider
-  ]);
+    apiBaseUrl,
+    reloadAccounts: transfer.reloadAccounts
+  });
+  useGuestPreauthPhaseSyncEffect({
+    state,
+    dispatch,
+    authExecutor,
+    isDesktop
+  });
+  useGuestDesktopPreauthSessionEffect({
+    state,
+    authExecutor,
+    reloadAccounts: transfer.reloadAccounts,
+    dispatch,
+    desktopGuestPreauth: isDesktop
+  });
   const handlers = react.useMemo(() => ({
     onSendLoginCode: auth.handleSendLoginCode,
     onVerifyLoginCode: auth.handleVerifyLoginCode,
@@ -8550,7 +8919,7 @@ function BlinkPaymentInner({
     onBackFromOpenWallet: () => dispatch({ type: "CLEAR_MOBILE_STATE" }),
     onLogout: handleLogout,
     onNewPayment: handleNewPayment,
-    onSetUserIntent: (intent) => dispatch({ type: "SET_USER_INTENT", intent }),
+    onSetPhase: (phase) => dispatch({ type: "SET_USER_INTENT", intent: phase }),
     onSetAuthInput: auth.setAuthInput,
     onSetOtpCode: (code) => {
       auth.setOtpCode(code);
@@ -8564,30 +8933,9 @@ function BlinkPaymentInner({
     onSelectAuthorizedToken: provider.handleSelectAuthorizedToken,
     onAuthorizeToken: provider.handleAuthorizeToken,
     onSelectGuestToken: guestTransfer.handleSelectGuestToken,
+    onGuestBackFromTokenPicker: guestTransfer.handleGuestBackFromTokenPicker,
     onLogin: () => dispatch({ type: "REQUEST_LOGIN" }),
-    onPreauthorize: async () => {
-      if (state.guestPreauthAccountId) {
-        dispatch({ type: "REQUEST_LOGIN" });
-        return;
-      }
-      if (!state.guestSessionToken || !state.selectedProviderId) {
-        dispatch({ type: "REQUEST_LOGIN" });
-        return;
-      }
-      try {
-        const providerName = state.providers.find((p) => p.id === state.selectedProviderId)?.name ?? "Wallet";
-        const created = await createGuestAccount(
-          apiBaseUrl,
-          state.guestSessionToken,
-          state.selectedProviderId,
-          providerName
-        );
-        dispatch({ type: "GUEST_PREAUTH_DETECTED", accountId: created.accountId });
-        dispatch({ type: "REQUEST_LOGIN" });
-      } catch {
-        dispatch({ type: "REQUEST_LOGIN" });
-      }
-    }
+    onPreauthorize: provider.handlePreauthorize
   }), [
     auth,
     passkey,
@@ -8598,51 +8946,52 @@ function BlinkPaymentInner({
     oneTapSetup,
     guestTransfer,
     handleLogout,
-    handleNewPayment,
-    state.guestPreauthAccountId,
-    state.guestSessionToken,
-    state.selectedProviderId,
-    state.providers,
-    apiBaseUrl
+    handleNewPayment
   ]);
   return /* @__PURE__ */ jsxRuntime.jsx(
     StepRenderer,
     {
-      state,
-      ready,
-      authenticated,
-      activeOtpStatus: auth.activeOtpStatus,
-      pollingTransfer: polling.transfer,
-      pollingError: polling.error,
-      authExecutorError: authExecutor.error,
-      inlineAuthorizationExecuting: authExecutor.executing,
-      transferSigningSigning: transferSigning.signing,
-      transferSigningError: transferSigning.error,
-      pendingSelectSource: authExecutor.pendingSelectSource,
-      pendingOneTapSetup: authExecutor.pendingOneTapSetup,
-      oneTapLimitAlreadySaved: oneTapSetup.oneTapLimitSavedDuringSetupRef.current,
-      pendingConnections: derived.pendingConnections,
-      depositEligibleAccounts: derived.depositEligibleAccounts,
-      sourceName: derived.sourceName,
-      maxSourceBalance: derived.maxSourceBalance,
-      tokenCount: derived.tokenCount,
-      selectedAccount: derived.selectedAccount,
-      selectedSource: derived.selectedSource,
-      selectSourceChoices: sourceSelection.selectSourceChoices,
-      selectSourceRecommended: sourceSelection.selectSourceRecommended,
-      selectSourceAvailableBalance: sourceSelection.selectSourceAvailableBalance,
-      guestTokenEntries: guestTransfer.guestTokenEntries,
-      guestLoadingBalances: guestTransfer.loadingBalances,
-      guestSettingSender: guestTransfer.settingSender,
-      authInput: auth.authInput,
-      otpCode: auth.otpCode,
-      selectSourceChainName: sourceSelection.selectSourceChainName,
-      selectSourceTokenSymbol: sourceSelection.selectSourceTokenSymbol,
-      savingOneTapLimit: oneTapSetup.savingOneTapLimit,
-      merchantName,
-      onBack,
-      onDismiss,
-      depositAmount,
+      flow: {
+        state,
+        authenticated,
+        activeOtpStatus: auth.activeOtpStatus,
+        isDesktop,
+        merchantName,
+        onBack,
+        onDismiss,
+        depositAmount
+      },
+      remote: {
+        pollingTransfer: polling.transfer,
+        pollingError: polling.error,
+        authExecutorError: authExecutor.error,
+        transferSigningSigning: transferSigning.signing,
+        transferSigningError: transferSigning.error,
+        pendingSelectSource: authExecutor.pendingSelectSource,
+        pendingOneTapSetup: authExecutor.pendingOneTapSetup
+      },
+      derived: {
+        pendingConnections: derived.pendingConnections,
+        depositEligibleAccounts: derived.depositEligibleAccounts,
+        sourceName: derived.sourceName,
+        maxSourceBalance: derived.maxSourceBalance,
+        tokenCount: derived.tokenCount,
+        selectedAccount: derived.selectedAccount,
+        selectedSource: derived.selectedSource,
+        selectSourceChoices: sourceSelection.selectSourceChoices,
+        selectSourceRecommended: sourceSelection.selectSourceRecommended,
+        selectSourceAvailableBalance: sourceSelection.selectSourceAvailableBalance
+      },
+      forms: {
+        authInput: auth.authInput,
+        otpCode: auth.otpCode,
+        selectSourceChainName: sourceSelection.selectSourceChainName,
+        selectSourceTokenSymbol: sourceSelection.selectSourceTokenSymbol,
+        savingOneTapLimit: oneTapSetup.savingOneTapLimit,
+        guestTokenEntries: guestTransfer.guestTokenEntries,
+        guestLoadingBalances: guestTransfer.loadingBalances,
+        guestSettingSender: guestTransfer.settingSender
+      },
       handlers
     }
   );
@@ -8681,7 +9030,7 @@ exports.findDevicePasskeyViaPopup = findDevicePasskeyViaPopup;
 exports.getTheme = getTheme;
 exports.lightTheme = lightTheme;
 exports.resolvePasskeyRpId = resolvePasskeyRpId;
-exports.resolveScreen = resolveScreen;
+exports.screenForPhase = screenForPhase;
 exports.useAuthorizationExecutor = useAuthorizationExecutor;
 exports.useBlinkConfig = useBlinkConfig;
 exports.useBlinkDepositAmount = useBlinkDepositAmount;