@swype-org/react-sdk 0.1.230 → 0.1.237

package/dist/index.js

@@ -155,6 +155,322 @@ function useBlinkDepositAmount() {
   };
 }
 
+// src/passkey-delegation.ts
+var PasskeyIframeBlockedError = class extends Error {
+  constructor(message = "Passkey creation is not supported in this browser context.") {
+    super(message);
+    this.name = "PasskeyIframeBlockedError";
+  }
+};
+function isInCrossOriginIframe() {
+  if (typeof window === "undefined") return false;
+  if (window.parent === window) return false;
+  try {
+    void window.parent.location.origin;
+    return false;
+  } catch {
+    return true;
+  }
+}
+function isSafari() {
+  if (typeof navigator === "undefined") return false;
+  const ua = navigator.userAgent;
+  return /Safari/i.test(ua) && !/Chrome|CriOS|Chromium|Edg|OPR|Firefox/i.test(ua);
+}
+var POPUP_RESULT_TIMEOUT_MS = 12e4;
+var POPUP_CLOSED_POLL_MS = 500;
+var POPUP_CLOSED_GRACE_MS = 1e3;
+function createPasskeyViaPopup(options) {
+  return new Promise((resolve, reject) => {
+    const verificationToken = crypto.randomUUID();
+    const payload = { ...options, verificationToken };
+    const encoded = btoa(JSON.stringify(payload));
+    const popupUrl = `${window.location.origin}/passkey-register#${encoded}`;
+    const popup = window.open(popupUrl, "blink-passkey");
+    if (!popup) {
+      reject(new Error("Pop-up blocked. Please allow pop-ups for this site and try again."));
+      return;
+    }
+    let settled = false;
+    const timer = setTimeout(() => {
+      cleanup();
+      reject(new Error("Passkey creation timed out. Please try again."));
+    }, POPUP_RESULT_TIMEOUT_MS);
+    const closedPoll = setInterval(() => {
+      if (popup.closed) {
+        clearInterval(closedPoll);
+        setTimeout(() => {
+          if (!settled) {
+            settled = true;
+            cleanup();
+            checkServerForPasskeyByToken(
+              options.authToken,
+              options.apiBaseUrl,
+              verificationToken
+            ).then((result) => {
+              if (result) {
+                resolve(result);
+              } else {
+                reject(new Error("Passkey window was closed before completing."));
+              }
+            }).catch(() => {
+              reject(new Error("Passkey window was closed before completing."));
+            });
+          }
+        }, POPUP_CLOSED_GRACE_MS);
+      }
+    }, POPUP_CLOSED_POLL_MS);
+    function cleanup() {
+      clearTimeout(timer);
+      clearInterval(closedPoll);
+    }
+  });
+}
+var VERIFY_POPUP_TIMEOUT_MS = 6e4;
+function findDevicePasskeyViaPopup(options) {
+  return new Promise((resolve, reject) => {
+    const verificationToken = crypto.randomUUID();
+    const payload = {
+      ...options,
+      verificationToken
+    };
+    const encoded = btoa(JSON.stringify(payload));
+    const popupUrl = `${window.location.origin}/passkey-verify#${encoded}`;
+    const popup = window.open(popupUrl, "blink-passkey-verify");
+    if (!popup) {
+      reject(new Error("Pop-up blocked. Please allow pop-ups for this site and try again."));
+      return;
+    }
+    let settled = false;
+    const timer = setTimeout(() => {
+      cleanup();
+      resolve(null);
+    }, VERIFY_POPUP_TIMEOUT_MS);
+    const closedPoll = setInterval(() => {
+      if (popup.closed && !settled) {
+        clearInterval(closedPoll);
+        setTimeout(() => {
+          if (!settled) {
+            settled = true;
+            cleanup();
+            checkServerForPasskeyByToken(
+              options.authToken,
+              options.apiBaseUrl,
+              verificationToken
+            ).then((result) => {
+              resolve(result?.credentialId ?? null);
+            }).catch(() => {
+              resolve(null);
+            });
+          }
+        }, POPUP_CLOSED_GRACE_MS);
+      }
+    }, POPUP_CLOSED_POLL_MS);
+    function cleanup() {
+      clearTimeout(timer);
+      clearInterval(closedPoll);
+    }
+  });
+}
+async function checkServerForPasskeyByToken(authToken, apiBaseUrl, verificationToken) {
+  if (!authToken || !apiBaseUrl) return null;
+  const res = await fetch(`${apiBaseUrl}/v1/users/config`, {
+    headers: { Authorization: `Bearer ${authToken}` }
+  });
+  if (!res.ok) return null;
+  const body = await res.json();
+  const passkeys = body.config.passkeys ?? [];
+  const matched = passkeys.find((p) => p.lastVerificationToken === verificationToken);
+  return matched ? { credentialId: matched.credentialId, publicKey: matched.publicKey } : null;
+}
+
+// src/passkeyRpId.ts
+function normalizeConfiguredDomain(value) {
+  return value.replace(/^https?:\/\//, "").replace(/\/.*$/, "").replace(/^\./, "").trim();
+}
+function resolveRootDomainFromHostname(hostname) {
+  const trimmedHostname = hostname.trim().toLowerCase();
+  if (!trimmedHostname) {
+    return "localhost";
+  }
+  if (trimmedHostname === "localhost" || /^\d{1,3}(?:\.\d{1,3}){3}$/.test(trimmedHostname)) {
+    return trimmedHostname;
+  }
+  const parts = trimmedHostname.split(".").filter(Boolean);
+  if (parts.length < 2) {
+    return trimmedHostname;
+  }
+  return parts.slice(-2).join(".");
+}
+
+// src/hooks/passkeyPublic.ts
+function waitForDocumentFocus(timeoutMs = 5e3, intervalMs = 100) {
+  return new Promise((resolve, reject) => {
+    if (typeof document === "undefined") {
+      resolve();
+      return;
+    }
+    if (document.hasFocus()) {
+      resolve();
+      return;
+    }
+    const deadline = Date.now() + timeoutMs;
+    const timer = setInterval(() => {
+      if (document.hasFocus()) {
+        clearInterval(timer);
+        resolve();
+      } else if (Date.now() >= deadline) {
+        clearInterval(timer);
+        resolve();
+      }
+    }, intervalMs);
+  });
+}
+function toBase64(buffer) {
+  return btoa(String.fromCharCode(...new Uint8Array(buffer)));
+}
+function base64ToBytes(value) {
+  const normalized = value.replace(/-/g, "+").replace(/_/g, "/");
+  const padded = normalized + "=".repeat((4 - normalized.length % 4) % 4);
+  const raw = atob(padded);
+  const bytes = new Uint8Array(raw.length);
+  for (let i = 0; i < raw.length; i++) {
+    bytes[i] = raw.charCodeAt(i);
+  }
+  return bytes;
+}
+function readEnvValue(name) {
+  const meta = import.meta;
+  const metaValue = meta.env?.[name];
+  if (typeof metaValue === "string" && metaValue.trim().length > 0) {
+    return metaValue.trim();
+  }
+  const processValue = globalThis.process?.env?.[name];
+  if (typeof processValue === "string" && processValue.trim().length > 0) {
+    return processValue.trim();
+  }
+  return void 0;
+}
+function resolvePasskeyRpId() {
+  const configuredDomain = readEnvValue("VITE_DOMAIN") ?? readEnvValue("BLINK_DOMAIN");
+  if (configuredDomain) {
+    return normalizeConfiguredDomain(configuredDomain);
+  }
+  if (typeof window !== "undefined") {
+    return resolveRootDomainFromHostname(window.location.hostname);
+  }
+  return "localhost";
+}
+async function createPasskeyCredential(params) {
+  const challenge = new Uint8Array(32);
+  crypto.getRandomValues(challenge);
+  const rpId = resolvePasskeyRpId();
+  const publicKeyOptions = {
+    challenge,
+    rp: { name: "Blink", id: rpId },
+    user: {
+      id: new TextEncoder().encode(params.userId),
+      name: params.displayName,
+      displayName: params.displayName
+    },
+    pubKeyCredParams: [
+      { alg: -7, type: "public-key" },
+      { alg: -257, type: "public-key" }
+    ],
+    authenticatorSelection: {
+      authenticatorAttachment: "platform",
+      residentKey: "preferred",
+      userVerification: "required"
+    },
+    timeout: 6e4
+  };
+  if (isInCrossOriginIframe()) {
+    try {
+      await waitForDocumentFocus();
+      const credential2 = await navigator.credentials.create({
+        publicKey: publicKeyOptions
+      });
+      if (!credential2) {
+        throw new Error("Passkey creation was cancelled.");
+      }
+      return extractPasskeyResult(credential2);
+    } catch (err) {
+      if (err instanceof PasskeyIframeBlockedError) throw err;
+      if (err instanceof Error && err.message === "Passkey creation was cancelled.") throw err;
+      throw new PasskeyIframeBlockedError();
+    }
+  }
+  await waitForDocumentFocus();
+  const credential = await navigator.credentials.create({
+    publicKey: publicKeyOptions
+  });
+  if (!credential) {
+    throw new Error("Passkey creation was cancelled.");
+  }
+  return extractPasskeyResult(credential);
+}
+function extractPasskeyResult(credential) {
+  const response = credential.response;
+  const publicKeyBytes = response.getPublicKey?.();
+  return {
+    credentialId: toBase64(credential.rawId),
+    publicKey: publicKeyBytes ? toBase64(publicKeyBytes) : ""
+  };
+}
+function buildPasskeyPopupOptions(params) {
+  const challenge = new Uint8Array(32);
+  crypto.getRandomValues(challenge);
+  const rpId = resolvePasskeyRpId();
+  return {
+    challenge: toBase64(challenge),
+    rpId,
+    rpName: "Blink",
+    userId: toBase64(new TextEncoder().encode(params.userId)),
+    userName: params.displayName,
+    userDisplayName: params.displayName,
+    pubKeyCredParams: [
+      { alg: -7, type: "public-key" },
+      { alg: -257, type: "public-key" }
+    ],
+    authenticatorSelection: {
+      authenticatorAttachment: "platform",
+      residentKey: "preferred",
+      userVerification: "required"
+    },
+    timeout: 6e4,
+    authToken: params.authToken,
+    apiBaseUrl: params.apiBaseUrl
+  };
+}
+async function deviceHasPasskey(credentialId) {
+  const found = await findDevicePasskey([credentialId]);
+  return found != null;
+}
+async function findDevicePasskey(credentialIds) {
+  if (credentialIds.length === 0) return null;
+  try {
+    const challenge = new Uint8Array(32);
+    crypto.getRandomValues(challenge);
+    await waitForDocumentFocus();
+    const assertion = await navigator.credentials.get({
+      publicKey: {
+        challenge,
+        rpId: resolvePasskeyRpId(),
+        allowCredentials: credentialIds.map((id) => ({
+          type: "public-key",
+          id: base64ToBytes(id)
+        })),
+        userVerification: "discouraged",
+        timeout: 3e4
+      }
+    });
+    if (!assertion) return null;
+    return toBase64(assertion.rawId);
+  } catch {
+    return null;
+  }
+}
+
 // src/api.ts
 var api_exports = {};
 __export(api_exports, {
@@ -166,6 +482,7 @@ __export(api_exports, {
   fetchAccount: () => fetchAccount,
   fetchAccounts: () => fetchAccounts,
   fetchAuthorizationSession: () => fetchAuthorizationSession,
+  fetchAuthorizationSessionByToken: () => fetchAuthorizationSessionByToken,
   fetchChains: () => fetchChains,
   fetchGuestAccount: () => fetchGuestAccount,
   fetchGuestTransferBalances: () => fetchGuestTransferBalances,
@@ -345,6 +662,13 @@ async function fetchAuthorizationSession(apiBaseUrl, sessionId) {
   if (!res.ok) await throwApiError(res);
   return await res.json();
 }
+async function fetchAuthorizationSessionByToken(apiBaseUrl, token) {
+  const res = await fetch(
+    `${apiBaseUrl}/v1/authorization-sessions?token=${encodeURIComponent(token)}`
+  );
+  if (!res.ok) await throwApiError(res);
+  return await res.json();
+}
 async function registerPasskey(apiBaseUrl, token, credentialId, publicKey) {
   const res = await fetch(`${apiBaseUrl}/v1/users/config/passkey`, {
     method: "POST",
@@ -501,17 +825,87 @@ async function setAccountOwner(apiBaseUrl, accessToken, accountId, guestSessionT
   if (!res.ok) await throwApiError(res);
   return await res.json();
 }
-async function reportActionCompletion(apiBaseUrl, actionId, result) {
-  const res = await fetch(
-    `${apiBaseUrl}/v1/authorization-actions/${actionId}`,
-    {
-      method: "PATCH",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({ status: "COMPLETED", result })
+async function reportActionCompletion(apiBaseUrl, actionId, result) {
+  const res = await fetch(
+    `${apiBaseUrl}/v1/authorization-actions/${actionId}`,
+    {
+      method: "PATCH",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ status: "COMPLETED", result })
+    }
+  );
+  if (!res.ok) await throwApiError(res);
+  return await res.json();
+}
+
+// src/transferPolling.ts
+async function pollTransferTick(params) {
+  const fetchTransfer2 = params.fetchTransfer ?? fetchTransfer;
+  const token = await params.getAccessToken();
+  if (!token) {
+    return { kind: "retry" };
+  }
+  try {
+    const transfer = await fetchTransfer2(params.apiBaseUrl, token, params.transferId);
+    return { kind: "success", transfer };
+  } catch (err) {
+    return {
+      kind: "error",
+      message: err instanceof Error ? err.message : "Polling error"
+    };
+  }
+}
+
+// src/hooks/useTransferPolling.ts
+function useTransferPolling(intervalMs = 3e3) {
+  const { apiBaseUrl } = useBlinkConfig();
+  const { getAccessToken } = usePrivy();
+  const [transfer, setTransfer] = useState(null);
+  const [error, setError] = useState(null);
+  const [isPolling, setIsPolling] = useState(false);
+  const intervalRef = useRef(null);
+  const transferIdRef = useRef(null);
+  const stopPolling = useCallback(() => {
+    if (intervalRef.current) {
+      clearInterval(intervalRef.current);
+      intervalRef.current = null;
+    }
+    setIsPolling(false);
+  }, []);
+  const poll = useCallback(async () => {
+    if (!transferIdRef.current) return;
+    const result = await pollTransferTick({
+      apiBaseUrl,
+      transferId: transferIdRef.current,
+      getAccessToken
+    });
+    if (result.kind === "retry") {
+      return;
+    }
+    if (result.kind === "error") {
+      setError(result.message);
+      stopPolling();
+      return;
+    }
+    setError(null);
+    setTransfer(result.transfer);
+    if (result.transfer.status === "COMPLETED" || result.transfer.status === "FAILED") {
+      stopPolling();
     }
+  }, [apiBaseUrl, getAccessToken, stopPolling]);
+  const startPolling = useCallback(
+    (transferId) => {
+      stopPolling();
+      transferIdRef.current = transferId;
+      setIsPolling(true);
+      setError(null);
+      poll();
+      intervalRef.current = setInterval(poll, intervalMs);
+    },
+    [poll, intervalMs, stopPolling]
   );
-  if (!res.ok) await throwApiError(res);
-  return await res.json();
+  useEffect(() => () => stopPolling(), [stopPolling]);
+  return { transfer, error, isPolling, startPolling, stopPolling };
 }
 
 // node_modules/@wagmi/core/dist/esm/utils/getAction.js
@@ -811,250 +1205,61 @@ async function waitForTransactionReceipt(config, parameters) {
     chainId: client.chain.id
   };
 }
-
-// src/passkeyRpId.ts
-function normalizeConfiguredDomain(value) {
-  return value.replace(/^https?:\/\//, "").replace(/\/.*$/, "").replace(/^\./, "").trim();
-}
-function resolveRootDomainFromHostname(hostname) {
-  const trimmedHostname = hostname.trim().toLowerCase();
-  if (!trimmedHostname) {
-    return "localhost";
-  }
-  if (trimmedHostname === "localhost" || /^\d{1,3}(?:\.\d{1,3}){3}$/.test(trimmedHostname)) {
-    return trimmedHostname;
-  }
-  const parts = trimmedHostname.split(".").filter(Boolean);
-  if (parts.length < 2) {
-    return trimmedHostname;
-  }
-  return parts.slice(-2).join(".");
-}
 var ERC_6492_MAGIC_SUFFIX = "6492649264926492649264926492649264926492649264926492649264926492";
 function normalizeSignature(sig) {
   const hex = sig.startsWith("0x") ? sig.slice(2) : sig;
-  if (hex.length === 130) {
-    return `0x${hex}`;
-  }
-  if (hex.length === 128) {
-    const r = hex.slice(0, 64);
-    const yParityAndS = hex.slice(64, 128);
-    const highByte = parseInt(yParityAndS.slice(0, 2), 16);
-    const v = (highByte & 128) !== 0 ? 28 : 27;
-    const sFirstByte = (highByte & 127).toString(16).padStart(2, "0");
-    const s = sFirstByte + yParityAndS.slice(2);
-    return `0x${r}${s}${v.toString(16)}`;
-  }
-  if (hex.length > 64 && hex.endsWith(ERC_6492_MAGIC_SUFFIX)) {
-    const { signature: inner } = parseErc6492Signature(
-      `0x${hex}`
-    );
-    return normalizeSignature(inner);
-  }
-  if (hex.length > 130) {
-    try {
-      const [, innerBytes] = decodeAbiParameters(
-        [{ type: "uint256" }, { type: "bytes" }],
-        `0x${hex}`
-      );
-      return normalizeSignature(innerBytes);
-    } catch {
-      try {
-        const [wrapper] = decodeAbiParameters(
-          [{
-            type: "tuple",
-            components: [{ type: "uint8" }, { type: "bytes" }]
-          }],
-          `0x${hex}`
-        );
-        return normalizeSignature(wrapper[1]);
-      } catch {
-        return `0x${hex}`;
-      }
-    }
-  }
-  throw new Error(
-    `Invalid signature: unable to normalize. Length=${hex.length / 2} bytes. Expected 65, 64, ERC-6492 wrapped, or ABI-encoded SignatureWrapper.`
-  );
-}
-
-// src/transferPolling.ts
-async function pollTransferTick(params) {
-  const fetchTransfer2 = params.fetchTransfer ?? fetchTransfer;
-  const token = await params.getAccessToken();
-  if (!token) {
-    return { kind: "retry" };
-  }
-  try {
-    const transfer = await fetchTransfer2(params.apiBaseUrl, token, params.transferId);
-    return { kind: "success", transfer };
-  } catch (err) {
-    return {
-      kind: "error",
-      message: err instanceof Error ? err.message : "Polling error"
-    };
-  }
-}
-
-// src/passkey-delegation.ts
-var PasskeyIframeBlockedError = class extends Error {
-  constructor(message = "Passkey creation is not supported in this browser context.") {
-    super(message);
-    this.name = "PasskeyIframeBlockedError";
-  }
-};
-function isInCrossOriginIframe() {
-  if (typeof window === "undefined") return false;
-  if (window.parent === window) return false;
-  try {
-    void window.parent.location.origin;
-    return false;
-  } catch {
-    return true;
-  }
-}
-function isSafari() {
-  if (typeof navigator === "undefined") return false;
-  const ua = navigator.userAgent;
-  return /Safari/i.test(ua) && !/Chrome|CriOS|Chromium|Edg|OPR|Firefox/i.test(ua);
-}
-var POPUP_RESULT_TIMEOUT_MS = 12e4;
-var POPUP_CLOSED_POLL_MS = 500;
-var POPUP_CLOSED_GRACE_MS = 1e3;
-function createPasskeyViaPopup(options) {
-  return new Promise((resolve, reject) => {
-    const verificationToken = crypto.randomUUID();
-    const payload = { ...options, verificationToken };
-    const encoded = btoa(JSON.stringify(payload));
-    const popupUrl = `${window.location.origin}/passkey-register#${encoded}`;
-    const popup = window.open(popupUrl, "blink-passkey");
-    if (!popup) {
-      reject(new Error("Pop-up blocked. Please allow pop-ups for this site and try again."));
-      return;
-    }
-    let settled = false;
-    const timer = setTimeout(() => {
-      cleanup();
-      reject(new Error("Passkey creation timed out. Please try again."));
-    }, POPUP_RESULT_TIMEOUT_MS);
-    const closedPoll = setInterval(() => {
-      if (popup.closed) {
-        clearInterval(closedPoll);
-        setTimeout(() => {
-          if (!settled) {
-            settled = true;
-            cleanup();
-            checkServerForPasskeyByToken(
-              options.authToken,
-              options.apiBaseUrl,
-              verificationToken
-            ).then((result) => {
-              if (result) {
-                resolve(result);
-              } else {
-                reject(new Error("Passkey window was closed before completing."));
-              }
-            }).catch(() => {
-              reject(new Error("Passkey window was closed before completing."));
-            });
-          }
-        }, POPUP_CLOSED_GRACE_MS);
-      }
-    }, POPUP_CLOSED_POLL_MS);
-    function cleanup() {
-      clearTimeout(timer);
-      clearInterval(closedPoll);
-    }
-  });
-}
-var VERIFY_POPUP_TIMEOUT_MS = 6e4;
-function findDevicePasskeyViaPopup(options) {
-  return new Promise((resolve, reject) => {
-    const verificationToken = crypto.randomUUID();
-    const payload = {
-      ...options,
-      verificationToken
-    };
-    const encoded = btoa(JSON.stringify(payload));
-    const popupUrl = `${window.location.origin}/passkey-verify#${encoded}`;
-    const popup = window.open(popupUrl, "blink-passkey-verify");
-    if (!popup) {
-      reject(new Error("Pop-up blocked. Please allow pop-ups for this site and try again."));
-      return;
-    }
-    let settled = false;
-    const timer = setTimeout(() => {
-      cleanup();
-      resolve(null);
-    }, VERIFY_POPUP_TIMEOUT_MS);
-    const closedPoll = setInterval(() => {
-      if (popup.closed && !settled) {
-        clearInterval(closedPoll);
-        setTimeout(() => {
-          if (!settled) {
-            settled = true;
-            cleanup();
-            checkServerForPasskeyByToken(
-              options.authToken,
-              options.apiBaseUrl,
-              verificationToken
-            ).then((result) => {
-              resolve(result?.credentialId ?? null);
-            }).catch(() => {
-              resolve(null);
-            });
-          }
-        }, POPUP_CLOSED_GRACE_MS);
+  if (hex.length === 130) {
+    return `0x${hex}`;
+  }
+  if (hex.length === 128) {
+    const r = hex.slice(0, 64);
+    const yParityAndS = hex.slice(64, 128);
+    const highByte = parseInt(yParityAndS.slice(0, 2), 16);
+    const v = (highByte & 128) !== 0 ? 28 : 27;
+    const sFirstByte = (highByte & 127).toString(16).padStart(2, "0");
+    const s = sFirstByte + yParityAndS.slice(2);
+    return `0x${r}${s}${v.toString(16)}`;
+  }
+  if (hex.length > 64 && hex.endsWith(ERC_6492_MAGIC_SUFFIX)) {
+    const { signature: inner } = parseErc6492Signature(
+      `0x${hex}`
+    );
+    return normalizeSignature(inner);
+  }
+  if (hex.length > 130) {
+    try {
+      const [, innerBytes] = decodeAbiParameters(
+        [{ type: "uint256" }, { type: "bytes" }],
+        `0x${hex}`
+      );
+      return normalizeSignature(innerBytes);
+    } catch {
+      try {
+        const [wrapper] = decodeAbiParameters(
+          [{
+            type: "tuple",
+            components: [{ type: "uint8" }, { type: "bytes" }]
+          }],
+          `0x${hex}`
+        );
+        return normalizeSignature(wrapper[1]);
+      } catch {
+        return `0x${hex}`;
       }
-    }, POPUP_CLOSED_POLL_MS);
-    function cleanup() {
-      clearTimeout(timer);
-      clearInterval(closedPoll);
     }
-  });
-}
-async function checkServerForPasskeyByToken(authToken, apiBaseUrl, verificationToken) {
-  if (!authToken || !apiBaseUrl) return null;
-  const res = await fetch(`${apiBaseUrl}/v1/users/config`, {
-    headers: { Authorization: `Bearer ${authToken}` }
-  });
-  if (!res.ok) return null;
-  const body = await res.json();
-  const passkeys = body.config.passkeys ?? [];
-  const matched = passkeys.find((p) => p.lastVerificationToken === verificationToken);
-  return matched ? { credentialId: matched.credentialId, publicKey: matched.publicKey } : null;
+  }
+  throw new Error(
+    `Invalid signature: unable to normalize. Length=${hex.length / 2} bytes. Expected 65, 64, ERC-6492 wrapped, or ABI-encoded SignatureWrapper.`
+  );
 }
 
-// src/hooks.ts
+// src/hooks/authorizationExecutor.ts
 var WALLET_CLIENT_MAX_ATTEMPTS = 25;
 var WALLET_CLIENT_POLL_MS = 400;
 var ACTION_POLL_INTERVAL_MS = 500;
 var ACTION_POLL_MAX_RETRIES = 20;
 var SIGN_PERMIT2_POLL_MS = 1e3;
 var SIGN_PERMIT2_MAX_POLLS = 15;
-var TRANSFER_SIGN_MAX_POLLS = 60;
-function waitForDocumentFocus(timeoutMs = 5e3, intervalMs = 100) {
-  return new Promise((resolve, reject) => {
-    if (typeof document === "undefined") {
-      resolve();
-      return;
-    }
-    if (document.hasFocus()) {
-      resolve();
-      return;
-    }
-    const deadline = Date.now() + timeoutMs;
-    const timer = setInterval(() => {
-      if (document.hasFocus()) {
-        clearInterval(timer);
-        resolve();
-      } else if (Date.now() >= deadline) {
-        clearInterval(timer);
-        resolve();
-      }
-    }, intervalMs);
-  });
-}
 function actionSuccess(action, message, data) {
   return { actionId: action.id, type: action.type, status: "success", message, data };
 }
@@ -1065,243 +1270,44 @@ function isUserRejection(msg) {
   const lower = msg.toLowerCase();
   return lower.includes("rejected") || lower.includes("denied");
 }
-function hexToBytes(hex) {
-  const clean = hex.startsWith("0x") ? hex.slice(2) : hex;
-  const bytes = clean.match(/.{1,2}/g).map((b) => parseInt(b, 16));
-  return new Uint8Array(bytes);
-}
-function toBase64(buffer) {
-  return btoa(String.fromCharCode(...new Uint8Array(buffer)));
-}
-function base64ToBytes(value) {
-  const normalized = value.replace(/-/g, "+").replace(/_/g, "/");
-  const padded = normalized + "=".repeat((4 - normalized.length % 4) % 4);
-  const raw = atob(padded);
-  const bytes = new Uint8Array(raw.length);
-  for (let i = 0; i < raw.length; i++) {
-    bytes[i] = raw.charCodeAt(i);
-  }
-  return bytes;
-}
-function readEnvValue(name) {
-  const meta = import.meta;
-  const metaValue = meta.env?.[name];
-  if (typeof metaValue === "string" && metaValue.trim().length > 0) {
-    return metaValue.trim();
-  }
-  const processValue = globalThis.process?.env?.[name];
-  if (typeof processValue === "string" && processValue.trim().length > 0) {
-    return processValue.trim();
-  }
-  return void 0;
-}
-function resolvePasskeyRpId() {
-  const configuredDomain = readEnvValue("VITE_DOMAIN") ?? readEnvValue("BLINK_DOMAIN");
-  if (configuredDomain) {
-    return normalizeConfiguredDomain(configuredDomain);
-  }
-  if (typeof window !== "undefined") {
-    return resolveRootDomainFromHostname(window.location.hostname);
-  }
-  return "localhost";
-}
 async function waitForWalletClient(wagmiConfig2, params = {}) {
   for (let i = 0; i < WALLET_CLIENT_MAX_ATTEMPTS; i++) {
     try {
       const account = getAccount(wagmiConfig2);
-      const enrichedParams = account.connector ? { ...params, connector: account.connector } : params;
-      return await getWalletClient(wagmiConfig2, enrichedParams);
-    } catch {
-      if (i === WALLET_CLIENT_MAX_ATTEMPTS - 1) {
-        throw new Error("Wallet not ready. Please try again.");
-      }
-      await new Promise((r) => setTimeout(r, WALLET_CLIENT_POLL_MS));
-    }
-  }
-  throw new Error("Wallet not ready. Please try again.");
-}
-function parseSignTypedDataPayload(typedData) {
-  const { domain, types, primaryType, message } = typedData;
-  if (!domain || typeof domain !== "object" || Array.isArray(domain)) {
-    throw new Error("SIGN_PERMIT2 typedData is missing a valid domain object.");
-  }
-  if (!types || typeof types !== "object" || Array.isArray(types)) {
-    throw new Error("SIGN_PERMIT2 typedData is missing a valid types object.");
-  }
-  if (typeof primaryType !== "string") {
-    throw new Error("SIGN_PERMIT2 typedData is missing primaryType.");
-  }
-  if (!message || typeof message !== "object" || Array.isArray(message)) {
-    throw new Error("SIGN_PERMIT2 typedData is missing a valid message object.");
-  }
-  return {
-    domain,
-    types,
-    primaryType,
-    message
-  };
-}
-function getPendingActions(session, completedIds) {
-  return session.actions.filter((a) => a.status === "PENDING" && !completedIds.has(a.id)).sort((a, b) => a.orderIndex - b.orderIndex);
-}
-async function createPasskeyCredential(params) {
-  const challenge = new Uint8Array(32);
-  crypto.getRandomValues(challenge);
-  const rpId = resolvePasskeyRpId();
-  const publicKeyOptions = {
-    challenge,
-    rp: { name: "Blink", id: rpId },
-    user: {
-      id: new TextEncoder().encode(params.userId),
-      name: params.displayName,
-      displayName: params.displayName
-    },
-    pubKeyCredParams: [
-      { alg: -7, type: "public-key" },
-      { alg: -257, type: "public-key" }
-    ],
-    authenticatorSelection: {
-      authenticatorAttachment: "platform",
-      residentKey: "preferred",
-      userVerification: "required"
-    },
-    timeout: 6e4
-  };
-  if (isInCrossOriginIframe()) {
-    try {
-      await waitForDocumentFocus();
-      const credential2 = await navigator.credentials.create({
-        publicKey: publicKeyOptions
-      });
-      if (!credential2) {
-        throw new Error("Passkey creation was cancelled.");
-      }
-      return extractPasskeyResult(credential2);
-    } catch (err) {
-      if (err instanceof PasskeyIframeBlockedError) throw err;
-      if (err instanceof Error && err.message === "Passkey creation was cancelled.") throw err;
-      throw new PasskeyIframeBlockedError();
-    }
-  }
-  await waitForDocumentFocus();
-  const credential = await navigator.credentials.create({
-    publicKey: publicKeyOptions
-  });
-  if (!credential) {
-    throw new Error("Passkey creation was cancelled.");
-  }
-  return extractPasskeyResult(credential);
-}
-function extractPasskeyResult(credential) {
-  const response = credential.response;
-  const publicKeyBytes = response.getPublicKey?.();
-  return {
-    credentialId: toBase64(credential.rawId),
-    publicKey: publicKeyBytes ? toBase64(publicKeyBytes) : ""
-  };
-}
-function buildPasskeyPopupOptions(params) {
-  const challenge = new Uint8Array(32);
-  crypto.getRandomValues(challenge);
-  const rpId = resolvePasskeyRpId();
-  return {
-    challenge: toBase64(challenge),
-    rpId,
-    rpName: "Blink",
-    userId: toBase64(new TextEncoder().encode(params.userId)),
-    userName: params.displayName,
-    userDisplayName: params.displayName,
-    pubKeyCredParams: [
-      { alg: -7, type: "public-key" },
-      { alg: -257, type: "public-key" }
-    ],
-    authenticatorSelection: {
-      authenticatorAttachment: "platform",
-      residentKey: "preferred",
-      userVerification: "required"
-    },
-    timeout: 6e4,
-    authToken: params.authToken,
-    apiBaseUrl: params.apiBaseUrl
-  };
-}
-async function deviceHasPasskey(credentialId) {
-  const found = await findDevicePasskey([credentialId]);
-  return found != null;
-}
-async function findDevicePasskey(credentialIds) {
-  if (credentialIds.length === 0) return null;
-  try {
-    const challenge = new Uint8Array(32);
-    crypto.getRandomValues(challenge);
-    await waitForDocumentFocus();
-    const assertion = await navigator.credentials.get({
-      publicKey: {
-        challenge,
-        rpId: resolvePasskeyRpId(),
-        allowCredentials: credentialIds.map((id) => ({
-          type: "public-key",
-          id: base64ToBytes(id)
-        })),
-        userVerification: "discouraged",
-        timeout: 3e4
+      const enrichedParams = account.connector ? { ...params, connector: account.connector } : params;
+      return await getWalletClient(wagmiConfig2, enrichedParams);
+    } catch {
+      if (i === WALLET_CLIENT_MAX_ATTEMPTS - 1) {
+        throw new Error("Wallet not ready. Please try again.");
       }
-    });
-    if (!assertion) return null;
-    return toBase64(assertion.rawId);
-  } catch {
-    return null;
+      await new Promise((r) => setTimeout(r, WALLET_CLIENT_POLL_MS));
+    }
   }
+  throw new Error("Wallet not ready. Please try again.");
 }
-function useTransferPolling(intervalMs = 3e3) {
-  const { apiBaseUrl } = useBlinkConfig();
-  const { getAccessToken } = usePrivy();
-  const [transfer, setTransfer] = useState(null);
-  const [error, setError] = useState(null);
-  const [isPolling, setIsPolling] = useState(false);
-  const intervalRef = useRef(null);
-  const transferIdRef = useRef(null);
-  const stopPolling = useCallback(() => {
-    if (intervalRef.current) {
-      clearInterval(intervalRef.current);
-      intervalRef.current = null;
-    }
-    setIsPolling(false);
-  }, []);
-  const poll = useCallback(async () => {
-    if (!transferIdRef.current) return;
-    const result = await pollTransferTick({
-      apiBaseUrl,
-      transferId: transferIdRef.current,
-      getAccessToken
-    });
-    if (result.kind === "retry") {
-      return;
-    }
-    if (result.kind === "error") {
-      setError(result.message);
-      stopPolling();
-      return;
-    }
-    setError(null);
-    setTransfer(result.transfer);
-    if (result.transfer.status === "COMPLETED" || result.transfer.status === "FAILED") {
-      stopPolling();
-    }
-  }, [apiBaseUrl, getAccessToken, stopPolling]);
-  const startPolling = useCallback(
-    (transferId) => {
-      stopPolling();
-      transferIdRef.current = transferId;
-      setIsPolling(true);
-      setError(null);
-      poll();
-      intervalRef.current = setInterval(poll, intervalMs);
-    },
-    [poll, intervalMs, stopPolling]
-  );
-  useEffect(() => () => stopPolling(), [stopPolling]);
-  return { transfer, error, isPolling, startPolling, stopPolling };
+function parseSignTypedDataPayload(typedData) {
+  const { domain, types, primaryType, message } = typedData;
+  if (!domain || typeof domain !== "object" || Array.isArray(domain)) {
+    throw new Error("SIGN_PERMIT2 typedData is missing a valid domain object.");
+  }
+  if (!types || typeof types !== "object" || Array.isArray(types)) {
+    throw new Error("SIGN_PERMIT2 typedData is missing a valid types object.");
+  }
+  if (typeof primaryType !== "string") {
+    throw new Error("SIGN_PERMIT2 typedData is missing primaryType.");
+  }
+  if (!message || typeof message !== "object" || Array.isArray(message)) {
+    throw new Error("SIGN_PERMIT2 typedData is missing a valid message object.");
+  }
+  return {
+    domain,
+    types,
+    primaryType,
+    message
+  };
+}
+function getPendingActions(session, completedIds) {
+  return session.actions.filter((a) => a.status === "PENDING" && !completedIds.has(a.id)).sort((a, b) => a.orderIndex - b.orderIndex);
 }
 async function executeOpenProvider(action, wagmiConfig2, connectors, connectAsync) {
   try {
@@ -1699,6 +1705,47 @@ function useAuthorizationExecutor(options) {
     executeSessionById
   };
 }
+var TRANSFER_SIGN_MAX_POLLS = 60;
+function waitForDocumentFocus2(timeoutMs = 5e3, intervalMs = 100) {
+  return new Promise((resolve, reject) => {
+    if (typeof document === "undefined") {
+      resolve();
+      return;
+    }
+    if (document.hasFocus()) {
+      resolve();
+      return;
+    }
+    const deadline = Date.now() + timeoutMs;
+    const timer = setInterval(() => {
+      if (document.hasFocus()) {
+        clearInterval(timer);
+        resolve();
+      } else if (Date.now() >= deadline) {
+        clearInterval(timer);
+        resolve();
+      }
+    }, intervalMs);
+  });
+}
+function hexToBytes(hex) {
+  const clean = hex.startsWith("0x") ? hex.slice(2) : hex;
+  const bytes = clean.match(/.{1,2}/g).map((b) => parseInt(b, 16));
+  return new Uint8Array(bytes);
+}
+function toBase642(buffer) {
+  return btoa(String.fromCharCode(...new Uint8Array(buffer)));
+}
+function base64ToBytes2(value) {
+  const normalized = value.replace(/-/g, "+").replace(/_/g, "/");
+  const padded = normalized + "=".repeat((4 - normalized.length % 4) % 4);
+  const raw = atob(padded);
+  const bytes = new Uint8Array(raw.length);
+  for (let i = 0; i < raw.length; i++) {
+    bytes[i] = raw.charCodeAt(i);
+  }
+  return bytes;
+}
 function useTransferSigning(pollIntervalMs = 2e3, options) {
   const blinkConfig = useOptionalBlinkConfig();
   const apiBaseUrl = options?.apiBaseUrl ?? blinkConfig?.apiBaseUrl;
@@ -1754,9 +1801,9 @@ function useTransferSigning(pollIntervalMs = 2e3, options) {
         let signedUserOp;
         const allowCredentials = payload.passkeyCredentialId ? [{
           type: "public-key",
-          id: base64ToBytes(payload.passkeyCredentialId)
+          id: base64ToBytes2(payload.passkeyCredentialId)
         }] : void 0;
-        await waitForDocumentFocus();
+        await waitForDocumentFocus2();
         const assertion = await navigator.credentials.get({
           publicKey: {
             challenge: hashBytes,
@@ -1772,10 +1819,10 @@ function useTransferSigning(pollIntervalMs = 2e3, options) {
         const response = assertion.response;
         signedUserOp = {
           ...payload.userOp,
-          credentialId: toBase64(assertion.rawId),
-          signature: toBase64(response.signature),
-          authenticatorData: toBase64(response.authenticatorData),
-          clientDataJSON: toBase64(response.clientDataJSON)
+          credentialId: toBase642(assertion.rawId),
+          signature: toBase642(response.signature),
+          authenticatorData: toBase642(response.authenticatorData),
+          clientDataJSON: toBase642(response.clientDataJSON)
         };
         return await signTransfer(
           apiBaseUrl,
@@ -1934,6 +1981,95 @@ function buildSelectSourceChoices(options) {
   })).filter((chain) => chain.tokens.length > 0).sort((a, b) => b.balance - a.balance);
 }
 
+// src/walletFlow.ts
+var MOBILE_USER_AGENT_PATTERN = /Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini/i;
+function isMobileUserAgent(userAgent) {
+  if (!userAgent) {
+    return false;
+  }
+  return MOBILE_USER_AGENT_PATTERN.test(userAgent);
+}
+function shouldUseWalletConnector(options) {
+  return options.useWalletConnector ?? !isMobileUserAgent(options.userAgent);
+}
+
+// src/paymentResolvePhase.ts
+function hasActiveWallet(accounts) {
+  return accounts.some((a) => a.wallets.some((w) => w.status === "ACTIVE"));
+}
+function isTransferInFlight(transfer) {
+  if (!transfer) return false;
+  return ["CREATED", "SENDING", "SENT"].includes(transfer.status);
+}
+function resolvePhase(state) {
+  const p = state.phase;
+  if (p.step === "select-source" && state.transfer?.status === "COMPLETED" && state.guestPreauthorizing) {
+    return p;
+  }
+  if (state.transfer?.status === "COMPLETED" && state.guestPreauthorizing) {
+    return { step: "processing", transfer: state.transfer };
+  }
+  if (state.transfer?.status === "COMPLETED") {
+    return { step: "completed", transfer: state.transfer };
+  }
+  if (state.transfer?.status === "FAILED") {
+    return { step: "failed", transfer: state.transfer, error: state.error ?? "Transfer failed." };
+  }
+  if (state.creatingTransfer || isTransferInFlight(state.transfer)) {
+    return { step: "processing", transfer: state.transfer };
+  }
+  if (p.step === "token-picker" || p.step === "one-tap-setup" || p.step === "select-source" || p.step === "confirm-sign" || p.step === "guest-token-picker") {
+    return p;
+  }
+  if (state.mobileFlow && state.deeplinkUri) {
+    return {
+      step: "wallet-setup",
+      mobile: { deeplinkUri: state.deeplinkUri, providerId: state.selectedProviderId },
+      accountId: null
+    };
+  }
+  if (p.step === "wallet-setup" && p.mobile == null) {
+    return p;
+  }
+  if (state.isGuestFlow && state.selectedProviderId != null && !state.transfer) {
+    return { step: "guest-token-picker" };
+  }
+  if (p.step === "wallet-picker" && !state.creatingTransfer && !(state.mobileFlow && state.deeplinkUri)) {
+    return p;
+  }
+  if (!state.privyReady) {
+    return { step: "initializing" };
+  }
+  if (state.privyAuthenticated && !state.activeCredentialId && !state.passkeyConfigLoaded) {
+    return { step: "initializing" };
+  }
+  if (state.verificationTarget) {
+    return { step: "otp-verify", target: state.verificationTarget };
+  }
+  if (state.loginRequested) {
+    return { step: "login" };
+  }
+  if (state.passkeyConfigLoaded && !state.activeCredentialId) {
+    if (state.knownCredentialIds.length > 0 && state.passkeyPopupNeeded) {
+      return { step: "passkey-verify" };
+    }
+    return { step: "passkey-create", popupFallback: state.passkeyPopupNeeded };
+  }
+  if (state.loadingData && state.activeCredentialId && hasActiveWallet(state.accounts)) {
+    return { step: "data-loading" };
+  }
+  if (state.activeCredentialId && !hasActiveWallet(state.accounts) && !state.mobileFlow) {
+    return { step: "wallet-picker", reason: "link" };
+  }
+  if (state.activeCredentialId && hasActiveWallet(state.accounts) && !state.loadingData) {
+    return { step: "deposit" };
+  }
+  if (state.isGuestFlow) {
+    return { step: "wallet-picker", reason: "guest-entry" };
+  }
+  return { step: "wallet-picker", reason: "entry" };
+}
+
 // src/paymentReducer.ts
 function deriveSourceTypeAndId(state) {
   if (state.selectedWalletId) {
@@ -1946,6 +2082,7 @@ function deriveSourceTypeAndId(state) {
 }
 function createInitialState(config) {
   return {
+    phase: { step: "initializing" },
     error: null,
     providers: [],
     accounts: [],
@@ -1966,6 +2103,7 @@ function createInitialState(config) {
     knownCredentialIds: [],
     verificationTarget: null,
     oneTapLimit: 100,
+    oneTapLimitSavedDuringSetup: false,
     mobileFlow: false,
     deeplinkUri: null,
     increasingLimit: false,
@@ -1973,12 +2111,19 @@ function createInitialState(config) {
     guestTransferId: null,
     guestSessionToken: null,
     guestPreauthAccountId: null,
+    guestPreauthSessionId: null,
     activePublicKey: null,
-    userIntent: null,
-    loginRequested: false
+    loginRequested: false,
+    guestPreauthorizing: false,
+    privyReady: false,
+    privyAuthenticated: false
   };
 }
 function paymentReducer(state, action) {
+  const next = applyAction(state, action);
+  return { ...next, phase: resolvePhase(next) };
+}
+function applyAction(state, action) {
   switch (action.type) {
     // ── Auth ──────────────────────────────────────────────────────
     case "CODE_SENT":
@@ -2056,23 +2201,20 @@ function paymentReducer(state, action) {
         selectedProviderId: action.providerId,
         selectedAccountId: null,
         selectedWalletId: null,
-        selectedTokenSymbol: null,
-        userIntent: null
+        selectedTokenSymbol: null
       };
     case "SELECT_ACCOUNT":
       return {
         ...state,
         selectedAccountId: action.accountId,
         selectedWalletId: action.walletId,
-        selectedTokenSymbol: null,
-        userIntent: null
+        selectedTokenSymbol: null
       };
     case "SELECT_TOKEN":
       return {
         ...state,
         selectedWalletId: action.walletId,
-        selectedTokenSymbol: action.tokenSymbol,
-        userIntent: null
+        selectedTokenSymbol: action.tokenSymbol
       };
     // ── Transfer lifecycle ───────────────────────────────────────
     case "PAY_STARTED":
@@ -2081,8 +2223,7 @@ function paymentReducer(state, action) {
         error: null,
         creatingTransfer: true,
         deeplinkUri: null,
-        mobileFlow: false,
-        userIntent: null
+        mobileFlow: false
       };
     case "PAY_ENDED":
       return { ...state, creatingTransfer: false };
@@ -2146,7 +2287,8 @@ function paymentReducer(state, action) {
         transfer: action.transfer,
         error: null,
         mobileFlow: false,
-        deeplinkUri: null
+        deeplinkUri: null,
+        phase: { step: "confirm-sign", transfer: action.transfer }
       };
     case "CLEAR_MOBILE_STATE":
       return { ...state, mobileFlow: false, deeplinkUri: null };
@@ -2204,6 +2346,17 @@ function paymentReducer(state, action) {
         selectedWalletId: null,
         selectedTokenSymbol: null
       };
+    case "GUEST_BACK_FROM_TOKEN_PICKER":
+      return {
+        ...state,
+        selectedProviderId: null,
+        guestTransferId: null,
+        guestSessionToken: null,
+        selectedAccountId: null,
+        selectedWalletId: null,
+        selectedTokenSymbol: null,
+        error: null
+      };
     case "GUEST_TRANSFER_COMPLETED":
       return {
         ...state,
@@ -2216,29 +2369,40 @@ function paymentReducer(state, action) {
     case "GUEST_PREAUTH_DETECTED":
       return {
         ...state,
-        guestPreauthAccountId: action.accountId
+        guestPreauthAccountId: action.accountId,
+        guestPreauthSessionId: action.sessionId ?? state.guestPreauthSessionId,
+        selectedAccountId: action.accountId,
+        selectedWalletId: null,
+        selectedTokenSymbol: null
       };
+    case "GUEST_PREAUTH_BEGIN":
+      return { ...state, guestPreauthorizing: true, error: null };
+    case "GUEST_PREAUTH_END":
+      return { ...state, guestPreauthorizing: false };
     case "ACCOUNT_OWNER_SET":
       return {
         ...state,
         guestPreauthAccountId: null,
+        guestPreauthSessionId: null,
         activePublicKey: null,
         error: null,
-        userIntent: "configure-one-tap"
+        guestPreauthorizing: false,
+        phase: { step: "one-tap-setup", action: null }
       };
     // ── User intent & error ──────────────────────────────────────
     case "SET_USER_INTENT":
-      return { ...state, userIntent: action.intent };
+      return { ...state, phase: action.intent };
     case "REQUEST_LOGIN":
       return {
         ...state,
         loginRequested: true,
         transfer: null,
-        isGuestFlow: false,
         creatingTransfer: false
       };
     case "SET_ERROR":
       return { ...state, error: action.error };
+    case "SET_ONE_TAP_LIMIT_SAVED_DURING_SETUP":
+      return { ...state, oneTapLimitSavedDuringSetup: action.saved };
     // ── Lifecycle ────────────────────────────────────────────────
     case "NEW_PAYMENT":
       return {
@@ -2255,9 +2419,11 @@ function paymentReducer(state, action) {
         guestTransferId: null,
         guestSessionToken: null,
         guestPreauthAccountId: null,
+        guestPreauthSessionId: null,
         activePublicKey: null,
-        userIntent: null,
-        loginRequested: false
+        loginRequested: false,
+        oneTapLimitSavedDuringSetup: false,
+        guestPreauthorizing: false
       };
     case "LOGOUT":
       return {
@@ -2265,7 +2431,15 @@ function paymentReducer(state, action) {
           depositAmount: action.depositAmount,
           passkeyPopupNeeded: state.passkeyPopupNeeded,
           activeCredentialId: null
-        })
+        }),
+        privyReady: action.privyReady,
+        privyAuthenticated: false
+      };
+    case "SYNC_PRIVY_SESSION":
+      return {
+        ...state,
+        privyReady: action.ready,
+        privyAuthenticated: action.authenticated
       };
     case "SYNC_AMOUNT":
       return { ...state, amount: action.amount };
@@ -2314,97 +2488,42 @@ function maskAuthIdentifier(identifier) {
   return `***-***-${visibleSuffix}`;
 }
 
-// src/walletFlow.ts
-var MOBILE_USER_AGENT_PATTERN = /Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini/i;
-function isMobileUserAgent(userAgent) {
-  if (!userAgent) {
-    return false;
-  }
-  return MOBILE_USER_AGENT_PATTERN.test(userAgent);
-}
-function shouldUseWalletConnector(options) {
-  return options.useWalletConnector ?? !isMobileUserAgent(options.userAgent);
-}
-
 // src/resolveScreen.ts
-function hasActiveWallet(accounts) {
-  return accounts.some((a) => a.wallets.some((w) => w.status === "ACTIVE"));
-}
-function isTransferTerminal(transfer) {
-  return transfer?.status === "COMPLETED" || transfer?.status === "FAILED";
-}
-function isTransferInFlight(transfer) {
-  if (!transfer) return false;
-  return ["CREATED", "SENDING", "SENT"].includes(transfer.status);
-}
-function isSetupTransfer(transfer) {
-  if (!transfer) return false;
-  return transfer.sources?.some(
-    (s) => s.wallets && Array.isArray(s.wallets) && s.wallets.length === 0
-  ) ?? false;
-}
-function resolveScreen(state) {
-  if (!state.privyReady) {
-    return "loading";
-  }
-  if (state.authenticated && !state.activeCredentialId && !state.passkeyConfigLoaded) {
-    return "loading";
-  }
-  if (!state.authenticated && !state.verificationTarget && !state.isGuestFlow && (state.isReturningUser || state.guestPreauthRedirect || state.loginRequested)) {
-    return "login";
-  }
-  if (!state.authenticated && state.verificationTarget != null) {
-    return "otp-verify";
-  }
-  if (state.authenticated && !state.activeCredentialId && state.passkeyConfigLoaded && (state.knownCredentialIds.length === 0 || !state.passkeyPopupNeeded)) {
-    return "create-passkey";
-  }
-  if (state.authenticated && !state.activeCredentialId && state.passkeyConfigLoaded && state.knownCredentialIds.length > 0 && state.passkeyPopupNeeded) {
-    return "verify-passkey";
-  }
-  if (isTransferTerminal(state.transfer)) {
-    return "success";
-  }
-  if (state.creatingTransfer || state.transfer != null && isTransferInFlight(state.transfer)) {
-    return "processing";
-  }
-  if (state.transfer?.status === "AUTHORIZED" && !state.isDesktop && !isSetupTransfer(state.transfer)) {
-    return "confirm-sign";
-  }
-  if (state.pendingSelectSource != null) {
-    return state.isDesktop ? "setup" : "select-source";
-  }
-  if (state.pendingOneTapSetup != null && !state.oneTapLimitAlreadySaved) {
-    return "setup";
-  }
-  if (state.mobileFlow || state.inlineAuthorizationExecuting) {
-    return state.isDesktop ? "setup-status" : "open-wallet";
-  }
-  if (state.isGuestFlow && state.selectedProviderId != null && !state.transfer && !state.guestSettingSender) {
-    return "guest-token-picker";
-  }
-  if (state.activeCredentialId && !hasActiveWallet(state.accounts) && !state.mobileFlow || !state.authenticated && !state.isReturningUser && !state.isGuestFlow) {
-    return "wallet-picker";
-  }
-  if (state.loadingData && state.activeCredentialId != null && hasActiveWallet(state.accounts)) {
-    return "loading";
-  }
-  if (state.userIntent === "pick-token" && state.selectedAccount != null) {
-    return "token-picker";
-  }
-  if (state.userIntent === "configure-one-tap") {
-    return "setup";
-  }
-  if (state.userIntent === "switch-wallet") {
-    return "wallet-picker";
-  }
-  if (state.activeCredentialId != null && hasActiveWallet(state.accounts) && !state.loadingData) {
-    return "deposit";
-  }
-  if (state.isGuestFlow) {
-    return "wallet-picker";
+function screenForPhase(phase) {
+  switch (phase.step) {
+    case "initializing":
+    case "data-loading":
+      return "loading";
+    case "login":
+      return "login";
+    case "otp-verify":
+      return "otp-verify";
+    case "passkey-create":
+      return "create-passkey";
+    case "passkey-verify":
+      return "verify-passkey";
+    case "wallet-picker":
+      return "wallet-picker";
+    case "wallet-setup":
+      return phase.mobile ? "open-wallet" : "setup-status";
+    case "select-source":
+      return phase.isDesktop ? "setup" : "select-source";
+    case "one-tap-setup":
+      return "setup";
+    case "guest-token-picker":
+      return "guest-token-picker";
+    case "token-picker":
+      return "token-picker";
+    case "deposit":
+      return "deposit";
+    case "processing":
+      return "processing";
+    case "confirm-sign":
+      return "confirm-sign";
+    case "completed":
+    case "failed":
+      return "success";
   }
-  return "wallet-picker";
 }
 var MUTED = "#7fa4b0";
 var LOGO_SIZE = 48;
@@ -5887,85 +6006,66 @@ var DEPOSIT_SCREENS = /* @__PURE__ */ new Set([
   "processing",
   "success"
 ]);
-function getFlowPhase(screen, userIntent) {
+function getFlowPhase(screen, phase) {
   if (LINK_SCREENS.has(screen)) return "link";
   if (DEPOSIT_SCREENS.has(screen)) return "deposit";
   if (screen === "token-picker" || screen === "select-source" || screen === "guest-token-picker") {
-    return userIntent === "configure-one-tap" ? "link" : "deposit";
+    return phase.step === "one-tap-setup" ? "link" : "deposit";
   }
   return null;
 }
 function StepRenderer(props) {
-  const isDesktop = shouldUseWalletConnector({
-    userAgent: typeof navigator === "undefined" ? void 0 : navigator.userAgent
-  });
-  const isReturningUser = props.state.activeCredentialId != null || typeof window !== "undefined" && window.localStorage.getItem("blink_active_credential") != null;
-  const screenState = {
-    privyReady: props.ready,
-    authenticated: props.authenticated,
-    verificationTarget: props.state.verificationTarget,
-    activeCredentialId: props.state.activeCredentialId,
-    knownCredentialIds: props.state.knownCredentialIds,
-    passkeyConfigLoaded: props.state.passkeyConfigLoaded,
-    passkeyPopupNeeded: props.state.passkeyPopupNeeded,
-    accounts: props.state.accounts,
-    isGuestFlow: props.state.isGuestFlow,
-    selectedProviderId: props.state.selectedProviderId,
-    mobileFlow: props.state.mobileFlow,
-    inlineAuthorizationExecuting: props.inlineAuthorizationExecuting,
-    creatingTransfer: props.state.creatingTransfer,
-    transfer: props.state.transfer,
-    pendingSelectSource: props.pendingSelectSource,
-    pendingOneTapSetup: props.pendingOneTapSetup,
-    oneTapLimitAlreadySaved: props.oneTapLimitAlreadySaved,
-    loadingData: props.state.loadingData,
-    isDesktop,
-    isReturningUser,
-    guestPreauthRedirect: props.state.guestPreauthAccountId != null,
-    loginRequested: props.state.loginRequested,
-    userIntent: props.state.userIntent,
-    selectedAccount: props.selectedAccount,
-    guestSettingSender: props.guestSettingSender
-  };
-  const screen = resolveScreen(screenState);
-  const phase = getFlowPhase(screen, props.state.userIntent);
-  return /* @__PURE__ */ jsx(FlowPhaseProvider, { phase, children: /* @__PURE__ */ jsx(StepRendererContent, { ...props, screen, isDesktop }) });
+  const screen = screenForPhase(props.flow.state.phase);
+  const flowPhase = getFlowPhase(screen, props.flow.state.phase);
+  return /* @__PURE__ */ jsx(FlowPhaseProvider, { phase: flowPhase, children: /* @__PURE__ */ jsx(StepRendererContent, { ...props, screen }) });
 }
 function StepRendererContent({
-  state,
-  authenticated,
-  activeOtpStatus,
-  pollingTransfer,
-  pollingError,
-  authExecutorError,
-  transferSigningSigning,
-  transferSigningError,
-  pendingConnections,
-  depositEligibleAccounts,
-  sourceName,
-  maxSourceBalance,
-  tokenCount,
-  selectedAccount,
-  selectedSource,
-  selectSourceChoices,
-  selectSourceRecommended,
-  selectSourceAvailableBalance,
-  guestTokenEntries,
-  guestLoadingBalances,
-  guestSettingSender,
-  authInput,
-  otpCode,
-  selectSourceChainName,
-  selectSourceTokenSymbol,
-  savingOneTapLimit,
-  merchantName,
-  onBack,
-  onDismiss,
-  depositAmount,
+  flow,
+  remote,
+  derived,
+  forms,
   handlers,
-  screen,
-  isDesktop
+  screen
 }) {
+  const {
+    state,
+    authenticated,
+    activeOtpStatus,
+    isDesktop,
+    merchantName,
+    onBack,
+    onDismiss,
+    depositAmount
+  } = flow;
+  const {
+    pollingTransfer,
+    pollingError,
+    authExecutorError,
+    transferSigningSigning,
+    transferSigningError
+  } = remote;
+  const {
+    pendingConnections,
+    depositEligibleAccounts,
+    sourceName,
+    maxSourceBalance,
+    tokenCount,
+    selectedAccount,
+    selectedSource,
+    selectSourceChoices,
+    selectSourceRecommended,
+    selectSourceAvailableBalance
+  } = derived;
+  const {
+    guestTokenEntries,
+    guestLoadingBalances,
+    guestSettingSender,
+    authInput,
+    otpCode,
+    selectSourceChainName,
+    selectSourceTokenSymbol,
+    savingOneTapLimit
+  } = forms;
   const selectedWallet = selectedAccount?.wallets.find((w) => w.id === state.selectedWalletId);
   const selectedSourceLabel = selectedSource && selectedWallet ? `${selectedSource.token.symbol} on ${selectedWallet.chain.name}` : void 0;
   switch (screen) {
@@ -6038,7 +6138,7 @@ function StepRendererContent({
           onPrepareProvider: handlers.onPrepareProvider,
           onSelectProvider: handlers.onSelectProvider,
           onContinueConnection: handlers.onContinueConnection,
-          onBack: isEntryPoint ? onBack : () => handlers.onSetUserIntent(null),
+          onBack: isEntryPoint ? onBack : () => handlers.onSetPhase({ step: "deposit" }),
           onLogout: authenticated ? handlers.onLogout : void 0,
           onLogin: handlers.onLogin,
           showLoginOption: isEntryPoint
@@ -6069,7 +6169,7 @@ function StepRendererContent({
           limit: state.oneTapLimit,
           tokensApproved: 0,
           merchantName,
-          onContinue: () => handlers.onSetUserIntent("configure-one-tap"),
+          onContinue: () => handlers.onSetPhase({ step: "one-tap-setup", action: null }),
           onLogout: handlers.onLogout,
           error: state.error || authExecutorError
         }
@@ -6088,7 +6188,7 @@ function StepRendererContent({
           tokenCount: effectiveTokenCount,
           sourceName,
           onSetupOneTap: handlers.onSetupOneTap,
-          onBack: () => handlers.onSetUserIntent(null),
+          onBack: () => handlers.onSetPhase({ step: "deposit" }),
           onLogout: handlers.onLogout,
           onAdvanced: handlers.onSelectToken,
           selectedSourceLabel: effectiveSourceLabel,
@@ -6124,7 +6224,7 @@ function StepRendererContent({
           processing: state.creatingTransfer,
           error: state.error,
           onDeposit: handlers.onPay,
-          onSwitchWallet: () => handlers.onSetUserIntent("switch-wallet"),
+          onSwitchWallet: () => handlers.onSetPhase({ step: "wallet-picker", reason: "switch" }),
           onBack: onBack ?? (() => handlers.onLogout()),
           onLogout: handlers.onLogout,
           onIncreaseLimit: handlers.onIncreaseLimit,
@@ -6133,7 +6233,7 @@ function StepRendererContent({
           selectedAccountId: state.selectedAccountId,
           onSelectAccount: handlers.onSelectAccount,
           onAuthorizeAccount: handlers.onContinueConnection,
-          onAddProvider: () => handlers.onSetUserIntent("switch-wallet"),
+          onAddProvider: () => handlers.onSetPhase({ step: "wallet-picker", reason: "switch" }),
           onSelectToken: handlers.onSelectToken,
           selectedSourceLabel,
           selectedTokenSymbol: selectedSource?.token.symbol
@@ -6151,7 +6251,7 @@ function StepRendererContent({
           chains: state.chains,
           onSelectAuthorized: handlers.onSelectAuthorizedToken,
           onAuthorizeToken: handlers.onAuthorizeToken,
-          onBack: () => handlers.onSetUserIntent(null),
+          onBack: () => handlers.onSetPhase({ step: "deposit" }),
           onLogout: handlers.onLogout,
           depositAmount: depositAmount ?? void 0,
           selectedTokenSymbol: selectedSource?.token.symbol,
@@ -6169,7 +6269,7 @@ function StepRendererContent({
           depositAmount: depositAmount ?? void 0,
           error: state.error,
           onSelect: handlers.onSelectGuestToken,
-          onBack: () => handlers.onSetUserIntent(null)
+          onBack: handlers.onGuestBackFromTokenPicker
         }
       );
     case "processing": {
@@ -6308,56 +6408,41 @@ var buttonStyle3 = {
   fontFamily: "inherit",
   cursor: "pointer"
 };
-function useDerivedState(state) {
+function selectedSourceForWallet(selectedWallet, selectedTokenSymbol) {
+  if (!selectedWallet) return null;
+  if (selectedTokenSymbol) {
+    return selectedWallet.sources.find((s) => s.token.symbol === selectedTokenSymbol) ?? null;
+  }
+  return selectedWallet.sources.find((s) => s.token.status === "AUTHORIZED") ?? selectedWallet.sources[0] ?? null;
+}
+function computeDerivedState(state) {
   const { sourceType, sourceId } = deriveSourceTypeAndId(state);
   const selectedAccount = state.accounts.find((a) => a.id === state.selectedAccountId);
   const selectedWallet = selectedAccount?.wallets.find(
     (w) => w.id === state.selectedWalletId
   );
-  const selectedSource = useMemo(() => {
-    if (!selectedWallet) return null;
-    if (state.selectedTokenSymbol) {
-      return selectedWallet.sources.find(
-        (s) => s.token.symbol === state.selectedTokenSymbol
-      ) ?? null;
-    }
-    return selectedWallet.sources.find((s) => s.token.status === "AUTHORIZED") ?? selectedWallet.sources[0] ?? null;
-  }, [selectedWallet, state.selectedTokenSymbol]);
+  const selectedSource = selectedSourceForWallet(selectedWallet, state.selectedTokenSymbol);
   const sourceName = selectedAccount?.name ?? selectedWallet?.chain.name ?? "Wallet";
-  const pendingConnections = useMemo(
-    () => state.accounts.filter(
-      (a) => a.wallets.length > 0 && !a.wallets.some((w) => w.status === "ACTIVE")
-    ),
-    [state.accounts]
-  );
-  const depositEligibleAccounts = useMemo(
-    () => getDepositEligibleAccounts(state.accounts),
-    [state.accounts]
+  const pendingConnections = state.accounts.filter(
+    (a) => a.wallets.length > 0 && !a.wallets.some((w) => w.status === "ACTIVE")
   );
-  const maxSourceBalance = useMemo(() => {
-    let max = 0;
-    for (const acct of state.accounts) {
-      for (const wallet of acct.wallets) {
-        for (const source of wallet.sources) {
-          if (source.balance.available.amount > max) {
-            max = source.balance.available.amount;
-          }
+  const depositEligibleAccounts = getDepositEligibleAccounts(state.accounts);
+  let maxSourceBalance = 0;
+  for (const acct of state.accounts) {
+    for (const wallet of acct.wallets) {
+      for (const source of wallet.sources) {
+        if (source.balance.available.amount > maxSourceBalance) {
+          maxSourceBalance = source.balance.available.amount;
         }
       }
     }
-    return max;
-  }, [state.accounts]);
-  const tokenCount = useMemo(() => {
-    let count = 0;
-    for (const acct of state.accounts) {
-      for (const wallet of acct.wallets) {
-        count += wallet.sources.filter(
-          (s) => s.balance.available.amount > 0
-        ).length;
-      }
+  }
+  let tokenCount = 0;
+  for (const acct of state.accounts) {
+    for (const wallet of acct.wallets) {
+      tokenCount += wallet.sources.filter((s) => s.balance.available.amount > 0).length;
     }
-    return count;
-  }, [state.accounts]);
+  }
   return {
     sourceType,
     sourceId,
@@ -6371,6 +6456,9 @@ function useDerivedState(state) {
     tokenCount
   };
 }
+function useDerivedState(state) {
+  return useMemo(() => computeDerivedState(state), [state]);
+}
 function useAuthHandlers(dispatch, verificationTarget) {
   const {
     sendCode: sendEmailCode,
@@ -6463,9 +6551,18 @@ function usePasskeyHandlers(dispatch, apiBaseUrl, accounts, knownCredentialIds,
   const { user, getAccessToken } = usePrivy();
   const checkingPasskeyRef = useRef(false);
   const activateExistingCredential = useCallback(async (credentialId) => {
-    dispatch({ type: "PASSKEY_ACTIVATED", credentialId });
-    window.localStorage.setItem(ACTIVE_CREDENTIAL_STORAGE_KEY, credentialId);
     const token = await getAccessToken();
+    let publicKey;
+    if (token) {
+      try {
+        const { config } = await fetchUserConfig(apiBaseUrl, token);
+        const allPasskeys = config.passkeys ?? (config.passkey ? [config.passkey] : []);
+        publicKey = allPasskeys.find((p) => p.credentialId === credentialId)?.publicKey;
+      } catch {
+      }
+    }
+    dispatch({ type: "PASSKEY_ACTIVATED", credentialId, publicKey });
+    window.localStorage.setItem(ACTIVE_CREDENTIAL_STORAGE_KEY, credentialId);
     if (token) {
       reportPasskeyActivity(apiBaseUrl, token, credentialId).catch(() => {
       });
@@ -6538,9 +6635,13 @@ function usePasskeyHandlers(dispatch, apiBaseUrl, accounts, knownCredentialIds,
         authToken: token ?? void 0,
         apiBaseUrl
       });
-      const { credentialId } = await createPasskeyViaPopup(popupOptions);
-      dispatch({ type: "PASSKEY_ACTIVATED", credentialId });
+      const { credentialId, publicKey } = await createPasskeyViaPopup(popupOptions);
+      dispatch({ type: "PASSKEY_ACTIVATED", credentialId, publicKey });
       localStorage.setItem(ACTIVE_CREDENTIAL_STORAGE_KEY, credentialId);
+      if (token) {
+        reportPasskeyActivity(apiBaseUrl, token, credentialId).catch(() => {
+        });
+      }
     } catch (err) {
       captureException(err);
       dispatch({
@@ -6556,19 +6657,25 @@ function usePasskeyHandlers(dispatch, apiBaseUrl, accounts, knownCredentialIds,
     dispatch({ type: "SET_ERROR", error: null });
     try {
       const token = await getAccessToken();
+      if (!token) throw new Error("Not authenticated");
       const matched = await findDevicePasskeyViaPopup({
         credentialIds: knownCredentialIds,
         rpId: resolvePasskeyRpId(),
-        authToken: token ?? void 0,
+        authToken: token,
         apiBaseUrl
       });
       if (matched) {
-        dispatch({ type: "PASSKEY_ACTIVATED", credentialId: matched });
-        window.localStorage.setItem(ACTIVE_CREDENTIAL_STORAGE_KEY, matched);
-        if (token) {
-          reportPasskeyActivity(apiBaseUrl, token, matched).catch(() => {
-          });
+        let publicKey;
+        try {
+          const { config } = await fetchUserConfig(apiBaseUrl, token);
+          const allPasskeys = config.passkeys ?? (config.passkey ? [config.passkey] : []);
+          publicKey = allPasskeys.find((p) => p.credentialId === matched)?.publicKey;
+        } catch {
         }
+        dispatch({ type: "PASSKEY_ACTIVATED", credentialId: matched, publicKey });
+        window.localStorage.setItem(ACTIVE_CREDENTIAL_STORAGE_KEY, matched);
+        reportPasskeyActivity(apiBaseUrl, token, matched).catch(() => {
+        });
       } else {
         dispatch({
           type: "SET_ERROR",
@@ -6936,7 +7043,9 @@ function useProviderHandlers(deps) {
     reauthTokenRef,
     authenticated,
     merchantAuthorization,
-    destination
+    destination,
+    guestSessionToken,
+    selectedProviderId
   } = deps;
   const wagmiConfig2 = useConfig();
   const { connectAsync, connectors } = useConnect();
@@ -7249,7 +7358,7 @@ function useProviderHandlers(deps) {
     reauthTokenRef
   ]);
   const handleNavigateToTokenPicker = useCallback(() => {
-    dispatch({ type: "SET_USER_INTENT", intent: "pick-token" });
+    dispatch({ type: "SET_USER_INTENT", intent: { step: "token-picker" } });
   }, [dispatch]);
   const handleSelectAuthorizedToken = useCallback((walletId, tokenSymbol) => {
     dispatch({ type: "SELECT_TOKEN", walletId, tokenSymbol });
@@ -7332,6 +7441,76 @@ function useProviderHandlers(deps) {
     reauthSessionIdRef,
     reauthTokenRef
   ]);
+  const handlePreauthorize = useCallback(async () => {
+    if (!guestSessionToken || !selectedProviderId) {
+      dispatch({
+        type: "SET_ERROR",
+        error: "Missing guest session or wallet provider. Try again from the payment screen."
+      });
+      return;
+    }
+    const isMobile = !shouldUseWalletConnector({
+      useWalletConnector: useWalletConnectorProp,
+      userAgent: typeof navigator === "undefined" ? void 0 : navigator.userAgent
+    });
+    const providerName = providers.find((p) => p.id === selectedProviderId)?.name ?? "Wallet";
+    if (!isMobile) {
+      dispatch({ type: "GUEST_PREAUTH_BEGIN" });
+    }
+    try {
+      const created = await createGuestAccount(
+        apiBaseUrl,
+        guestSessionToken,
+        selectedProviderId,
+        providerName
+      );
+      const session = await fetchAuthorizationSessionByToken(
+        apiBaseUrl,
+        created.sessionToken
+      );
+      if (isMobile) {
+        handlingMobileReturnRef.current = false;
+        mobileSetupFlowRef.current = true;
+        setupAccountIdRef.current = created.accountId;
+        persistMobileFlowState({
+          accountId: created.accountId,
+          sessionId: session.id,
+          deeplinkUri: created.sessionUri,
+          providerId: selectedProviderId,
+          isSetup: true,
+          guestSessionToken
+        });
+        triggerDeeplink(created.sessionUri);
+        dispatch({ type: "MOBILE_DEEPLINK_READY", deeplinkUri: created.sessionUri });
+      }
+      dispatch({
+        type: "GUEST_PREAUTH_DETECTED",
+        accountId: created.accountId,
+        sessionId: session.id
+      });
+    } catch (err) {
+      captureException(err);
+      if (!isMobile) {
+        dispatch({ type: "GUEST_PREAUTH_END" });
+      }
+      dispatch({
+        type: "SET_ERROR",
+        error: err instanceof Error ? err.message : "Failed to start preauthorization"
+      });
+      onError?.(err instanceof Error ? err.message : "Failed to start preauthorization");
+    }
+  }, [
+    guestSessionToken,
+    selectedProviderId,
+    providers,
+    apiBaseUrl,
+    dispatch,
+    onError,
+    useWalletConnectorProp,
+    mobileSetupFlowRef,
+    handlingMobileReturnRef,
+    setupAccountIdRef
+  ]);
   return {
     handlePrepareProvider,
     handleSelectProvider,
@@ -7340,7 +7519,8 @@ function useProviderHandlers(deps) {
     handleIncreaseLimit,
     handleNavigateToTokenPicker,
     handleSelectAuthorizedToken,
-    handleAuthorizeToken
+    handleAuthorizeToken,
+    handlePreauthorize
   };
 }
 
@@ -7544,11 +7724,15 @@ function useGuestTransferHandlers(deps) {
     };
     execute();
   }, [isGuestFlow, guestTransferId, guestSessionToken, settingSender, apiBaseUrl, wagmiConfig2, switchChainAsync, dispatch, onComplete, onError]);
+  const handleGuestBackFromTokenPicker = useCallback(() => {
+    dispatch({ type: "GUEST_BACK_FROM_TOKEN_PICKER" });
+  }, [dispatch]);
   return {
     guestTokenEntries,
     loadingBalances,
     settingSender,
-    handleSelectGuestToken
+    handleSelectGuestToken,
+    handleGuestBackFromTokenPicker
   };
 }
 function useOneTapSetupHandlers(deps) {
@@ -7558,16 +7742,24 @@ function useOneTapSetupHandlers(deps) {
     apiBaseUrl,
     authExecutor,
     selectSourceChainName,
-    selectSourceTokenSymbol
+    selectSourceTokenSymbol,
+    authorizationSessionIdForGuest
   } = deps;
   const [savingOneTapLimit, setSavingOneTapLimit] = useState(false);
-  const oneTapLimitSavedDuringSetupRef = useRef(false);
   const handleSetupOneTap = useCallback(async (limit) => {
     setSavingOneTapLimit(true);
     try {
-      const token = await getAccessToken();
-      if (!token) throw new Error("Not authenticated");
-      await updateUserConfig(apiBaseUrl, token, { defaultAllowance: limit });
+      if (authorizationSessionIdForGuest) {
+        await updateUserConfigBySession(
+          apiBaseUrl,
+          authorizationSessionIdForGuest,
+          { defaultAllowance: limit }
+        );
+      } else {
+        const token = await getAccessToken();
+        if (!token) throw new Error("Not authenticated");
+        await updateUserConfig(apiBaseUrl, token, { defaultAllowance: limit });
+      }
       if (authExecutor.pendingSelectSource) {
         const action = authExecutor.pendingSelectSource;
         const recommended = action.metadata?.recommended;
@@ -7582,12 +7774,12 @@ function useOneTapSetupHandlers(deps) {
           chainName = recommended?.chainName ?? choices[0]?.chainName ?? "Base";
           tokenSymbol = recommended?.tokenSymbol ?? choices[0]?.tokens[0]?.tokenSymbol ?? "USDC";
         }
-        oneTapLimitSavedDuringSetupRef.current = true;
+        dispatch({ type: "SET_ONE_TAP_LIMIT_SAVED_DURING_SETUP", saved: true });
         authExecutor.resolveSelectSource({ chainName, tokenSymbol });
       } else if (authExecutor.pendingOneTapSetup) {
         authExecutor.resolveOneTapSetup();
       }
-      dispatch({ type: "SET_USER_INTENT", intent: null });
+      dispatch({ type: "SET_USER_INTENT", intent: { step: "deposit" } });
     } catch (err) {
       captureException(err);
       dispatch({
@@ -7597,127 +7789,84 @@ function useOneTapSetupHandlers(deps) {
     } finally {
       setSavingOneTapLimit(false);
     }
-  }, [getAccessToken, apiBaseUrl, authExecutor, dispatch, selectSourceChainName, selectSourceTokenSymbol]);
+  }, [
+    getAccessToken,
+    apiBaseUrl,
+    authExecutor,
+    dispatch,
+    selectSourceChainName,
+    selectSourceTokenSymbol,
+    authorizationSessionIdForGuest
+  ]);
   return {
     handleSetupOneTap,
-    savingOneTapLimit,
-    oneTapLimitSavedDuringSetupRef
+    savingOneTapLimit
   };
 }
-
-// src/dataLoading.ts
-function resolveDataLoadAction({
-  authenticated,
-  accountsCount,
-  hasActiveCredential,
-  loading
-}) {
-  if (!authenticated || accountsCount > 0 || !hasActiveCredential) {
-    return "reset";
-  }
-  if (loading) {
-    return "wait";
-  }
-  return "load";
-}
-
-// src/processingStatus.ts
-var PROCESSING_TIMEOUT_MS = 18e4;
-function resolvePreferredTransfer(polledTransfer, localTransfer) {
-  return polledTransfer ?? localTransfer;
-}
-function getTransferStatus(polledTransfer, localTransfer) {
-  const transfer = resolvePreferredTransfer(polledTransfer, localTransfer);
-  return transfer?.status ?? "UNKNOWN";
-}
-function hasProcessingTimedOut(processingStartedAtMs, nowMs) {
-  if (!processingStartedAtMs) return false;
-  return nowMs - processingStartedAtMs >= PROCESSING_TIMEOUT_MS;
-}
-var STATUS_DISPLAY_LABELS = {
-  CREATED: "created",
-  AUTHORIZED: "authorized",
-  SENDING: "sending",
-  SENT: "confirming delivery",
-  COMPLETED: "completed",
-  FAILED: "failed"
-};
-function getStatusDisplayLabel(status) {
-  return STATUS_DISPLAY_LABELS[status] ?? status;
-}
-function buildProcessingTimeoutMessage(status) {
-  const label = getStatusDisplayLabel(status);
-  return `Payment is taking longer than expected (status: ${label}). Please try again.`;
+function usePrivySessionSyncEffect(deps) {
+  const { dispatch, ready, authenticated } = deps;
+  useEffect(() => {
+    dispatch({
+      type: "SYNC_PRIVY_SESSION",
+      ready,
+      authenticated
+    });
+  }, [dispatch, ready, authenticated]);
 }
-
-// src/hooks/usePaymentEffects.ts
-function usePaymentEffects(deps) {
+function useOtpEffects(deps) {
   const {
     state,
     dispatch,
-    ready,
     authenticated,
-    apiBaseUrl,
-    depositAmount,
-    onComplete,
-    onError,
-    polling,
-    authExecutor,
-    reloadAccounts,
     activeOtpStatus,
     activeOtpErrorMessage,
     otpCode,
-    handleVerifyLoginCode,
+    handleVerifyLoginCode
+  } = deps;
+  useEffect(() => {
+    if (authenticated || !state.verificationTarget) return;
+    if (activeOtpErrorMessage) dispatch({ type: "SET_ERROR", error: activeOtpErrorMessage });
+  }, [activeOtpErrorMessage, authenticated, state.verificationTarget, dispatch]);
+  useEffect(() => {
+    if (state.verificationTarget && !authenticated && /^\d{6}$/.test(otpCode.trim()) && activeOtpStatus === "awaiting-code-input") {
+      handleVerifyLoginCode();
+    }
+  }, [otpCode, state.verificationTarget, authenticated, activeOtpStatus, handleVerifyLoginCode]);
+}
+function usePasskeyCheckEffect(deps) {
+  const {
+    dispatch,
+    ready,
+    authenticated,
+    apiBaseUrl,
+    activeCredentialId,
+    passkeyConfigLoaded,
+    checkingPasskeyRef,
     setAuthInput,
     setOtpCode,
+    polling,
     mobileSetupFlowRef,
     handlingMobileReturnRef,
     setupAccountIdRef,
     reauthSessionIdRef,
     reauthTokenRef,
-    loadingDataRef,
-    pollingTransferIdRef,
-    processingStartedAtRef,
-    checkingPasskeyRef,
-    pendingSelectSourceAction,
-    selectSourceChoices,
-    selectSourceRecommended,
-    setSelectSourceChainName,
-    setSelectSourceTokenSymbol,
-    initializedSelectSourceActionRef,
-    oneTapLimitSavedDuringSetupRef,
-    handleAuthorizedMobileReturn
+    pollingTransferIdRef
   } = deps;
   const { getAccessToken } = usePrivy();
-  const onCompleteRef = useRef(onComplete);
-  onCompleteRef.current = onComplete;
+  const onCompleteRef = useRef(deps.onComplete);
+  onCompleteRef.current = deps.onComplete;
   const getAccessTokenRef = useRef(getAccessToken);
   getAccessTokenRef.current = getAccessToken;
   const pollingRef = useRef(polling);
   pollingRef.current = polling;
-  const handleAuthorizedMobileReturnRef = useRef(handleAuthorizedMobileReturn);
-  handleAuthorizedMobileReturnRef.current = handleAuthorizedMobileReturn;
-  const lastAccountFetchRef = useRef(0);
-  useEffect(() => {
-    if (depositAmount != null) {
-      dispatch({ type: "SYNC_AMOUNT", amount: depositAmount.toString() });
-    }
-  }, [depositAmount, dispatch]);
-  useEffect(() => {
-    if (authenticated || !state.verificationTarget) return;
-    if (activeOtpErrorMessage) dispatch({ type: "SET_ERROR", error: activeOtpErrorMessage });
-  }, [activeOtpErrorMessage, authenticated, state.verificationTarget, dispatch]);
-  useEffect(() => {
-    if (state.verificationTarget && !authenticated && /^\d{6}$/.test(otpCode.trim()) && activeOtpStatus === "awaiting-code-input") {
-      handleVerifyLoginCode();
-    }
-  }, [otpCode, state.verificationTarget, authenticated, activeOtpStatus, handleVerifyLoginCode]);
+  const handleAuthorizedMobileReturnRef = useRef(deps.handleAuthorizedMobileReturn);
+  handleAuthorizedMobileReturnRef.current = deps.handleAuthorizedMobileReturn;
   useEffect(() => {
     if (!ready || !authenticated) {
       checkingPasskeyRef.current = false;
       return;
     }
-    if (state.passkeyConfigLoaded || state.activeCredentialId) return;
+    if (passkeyConfigLoaded || activeCredentialId) return;
     if (checkingPasskeyRef.current) return;
     checkingPasskeyRef.current = true;
     let cancelled = false;
@@ -7815,11 +7964,7 @@ function usePaymentEffects(deps) {
               return;
             }
             if (existingTransfer.status === "AUTHORIZED") {
-              if (persisted.isSetup) {
-                await handleAuthorizedMobileReturnRef.current(existingTransfer, true);
-              } else {
-                await handleAuthorizedMobileReturnRef.current(existingTransfer, false);
-              }
+              await handleAuthorizedMobileReturnRef.current(existingTransfer, !!persisted.isSetup);
               return;
             }
             if (persisted.isSetup) {
@@ -7861,7 +8006,18 @@ function usePaymentEffects(deps) {
           if (token || cancelled) break;
           await new Promise((r) => setTimeout(r, 1e3));
         }
-        if (!token || cancelled) return;
+        if (cancelled) return;
+        if (!token) {
+          dispatch({
+            type: "PASSKEY_CONFIG_LOADED",
+            knownIds: []
+          });
+          dispatch({
+            type: "SET_ERROR",
+            error: "Could not refresh your session. Try signing in again."
+          });
+          return;
+        }
         const { config } = await fetchUserConfig(apiBaseUrl, token);
         if (cancelled) return;
         const allPasskeys = config.passkeys ?? (config.passkey ? [config.passkey] : []);
@@ -7870,11 +8026,13 @@ function usePaymentEffects(deps) {
           knownIds: allPasskeys.map((p) => p.credentialId),
           oneTapLimit: config.defaultAllowance ?? void 0
         });
-        if (allPasskeys.length === 0) {
-          return;
-        }
-        if (state.activeCredentialId && allPasskeys.some((p) => p.credentialId === state.activeCredentialId)) {
-          await restoreState(state.activeCredentialId, token);
+        if (allPasskeys.length === 0) return;
+        if (activeCredentialId && allPasskeys.some((p) => p.credentialId === activeCredentialId)) {
+          const pk = allPasskeys.find((p) => p.credentialId === activeCredentialId)?.publicKey;
+          if (pk) {
+            dispatch({ type: "PASSKEY_ACTIVATED", credentialId: activeCredentialId, publicKey: pk });
+          }
+          await restoreState(activeCredentialId, token);
           return;
         }
         if (cancelled) return;
@@ -7892,13 +8050,22 @@ function usePaymentEffects(deps) {
         }
         if (cancelled) return;
         if (matched) {
-          dispatch({ type: "PASSKEY_ACTIVATED", credentialId: matched });
+          const publicKey = allPasskeys.find((p) => p.credentialId === matched)?.publicKey;
+          dispatch({ type: "PASSKEY_ACTIVATED", credentialId: matched, publicKey });
           window.localStorage.setItem(ACTIVE_CREDENTIAL_STORAGE_KEY, matched);
           reportPasskeyActivity(apiBaseUrl, token, matched).catch(() => {
           });
           await restoreState(matched, token);
         }
-      } catch {
+      } catch (err) {
+        dispatch({
+          type: "PASSKEY_CONFIG_LOADED",
+          knownIds: []
+        });
+        dispatch({
+          type: "SET_ERROR",
+          error: err instanceof Error ? err.message : "Unable to load passkey settings."
+        });
       }
     };
     checkPasskey();
@@ -7906,7 +8073,39 @@ function usePaymentEffects(deps) {
       cancelled = true;
       checkingPasskeyRef.current = false;
     };
-  }, [ready, authenticated, apiBaseUrl, state.activeCredentialId, state.passkeyConfigLoaded]);
+  }, [ready, authenticated, apiBaseUrl, activeCredentialId, passkeyConfigLoaded]);
+}
+
+// src/dataLoading.ts
+function resolveDataLoadAction({
+  authenticated,
+  accountsCount,
+  hasActiveCredential,
+  loading
+}) {
+  if (!authenticated || accountsCount > 0 || !hasActiveCredential) {
+    return "reset";
+  }
+  if (loading) {
+    return "wait";
+  }
+  return "load";
+}
+
+// src/hooks/useDataLoadEffect.ts
+function useDataLoadEffect(deps) {
+  const {
+    state,
+    dispatch,
+    authenticated,
+    apiBaseUrl,
+    depositAmount,
+    loadingDataRef
+  } = deps;
+  const { getAccessToken } = usePrivy();
+  const getAccessTokenRef = useRef(getAccessToken);
+  getAccessTokenRef.current = getAccessToken;
+  const lastAccountFetchRef = useRef(0);
   useEffect(() => {
     const loadAction = resolveDataLoadAction({
       authenticated,
@@ -8006,6 +8205,61 @@ function usePaymentEffects(deps) {
       cancelled = true;
     };
   }, [authenticated, state.providers.length, state.activeCredentialId, apiBaseUrl]);
+  useEffect(() => {
+    if (state.accounts.length > 0 && state.activeCredentialId && !state.loadingData && !state.transfer && authenticated && Date.now() - lastAccountFetchRef.current > 15e3) {
+      lastAccountFetchRef.current = Date.now();
+      deps.reloadAccounts();
+    }
+  }, [
+    state.accounts.length,
+    state.activeCredentialId,
+    state.loadingData,
+    state.transfer,
+    authenticated,
+    deps
+  ]);
+}
+
+// src/processingStatus.ts
+var PROCESSING_TIMEOUT_MS = 18e4;
+function resolvePreferredTransfer(polledTransfer, localTransfer) {
+  return polledTransfer ?? localTransfer;
+}
+function getTransferStatus(polledTransfer, localTransfer) {
+  const transfer = resolvePreferredTransfer(polledTransfer, localTransfer);
+  return transfer?.status ?? "UNKNOWN";
+}
+function hasProcessingTimedOut(processingStartedAtMs, nowMs) {
+  if (!processingStartedAtMs) return false;
+  return nowMs - processingStartedAtMs >= PROCESSING_TIMEOUT_MS;
+}
+var STATUS_DISPLAY_LABELS = {
+  CREATED: "created",
+  AUTHORIZED: "authorized",
+  SENDING: "sending",
+  SENT: "confirming delivery",
+  COMPLETED: "completed",
+  FAILED: "failed"
+};
+function getStatusDisplayLabel(status) {
+  return STATUS_DISPLAY_LABELS[status] ?? status;
+}
+function buildProcessingTimeoutMessage(status) {
+  const label = getStatusDisplayLabel(status);
+  return `Payment is taking longer than expected (status: ${label}). Please try again.`;
+}
+
+// src/hooks/useProcessingEffect.ts
+function useProcessingEffect(deps) {
+  const {
+    state,
+    dispatch,
+    polling,
+    processingStartedAtRef,
+    onComplete,
+    onError,
+    reloadAccounts
+  } = deps;
   useEffect(() => {
     if (!polling.transfer) return;
     if (polling.transfer.status === "COMPLETED") {
@@ -8018,19 +8272,6 @@ function usePaymentEffects(deps) {
       dispatch({ type: "TRANSFER_FAILED", transfer: polling.transfer, error: "Transfer failed." });
     }
   }, [polling.transfer, onComplete, dispatch, reloadAccounts]);
-  useEffect(() => {
-    if (state.accounts.length > 0 && state.activeCredentialId && !state.loadingData && !state.transfer && authenticated && Date.now() - lastAccountFetchRef.current > 15e3) {
-      lastAccountFetchRef.current = Date.now();
-      reloadAccounts();
-    }
-  }, [
-    state.accounts.length,
-    state.activeCredentialId,
-    state.loadingData,
-    state.transfer,
-    authenticated,
-    reloadAccounts
-  ]);
   useEffect(() => {
     const isProcessing = state.creatingTransfer || state.transfer != null && ["CREATED", "SENDING", "SENT"].includes(state.transfer.status);
     if (!isProcessing) {
@@ -8066,6 +8307,26 @@ function usePaymentEffects(deps) {
     dispatch,
     processingStartedAtRef
   ]);
+}
+function useMobilePollingEffect(deps) {
+  const {
+    state,
+    dispatch,
+    polling,
+    mobileSetupFlowRef,
+    handlingMobileReturnRef,
+    setupAccountIdRef,
+    reauthSessionIdRef,
+    reauthTokenRef,
+    pollingTransferIdRef,
+    reloadAccounts,
+    apiBaseUrl
+  } = deps;
+  const { getAccessToken } = usePrivy();
+  const getAccessTokenRef = useRef(getAccessToken);
+  getAccessTokenRef.current = getAccessToken;
+  const handleAuthorizedMobileReturnRef = useRef(deps.handleAuthorizedMobileReturn);
+  handleAuthorizedMobileReturnRef.current = deps.handleAuthorizedMobileReturn;
   useEffect(() => {
     if (!state.mobileFlow) {
       handlingMobileReturnRef.current = false;
@@ -8074,8 +8335,8 @@ function usePaymentEffects(deps) {
     if (handlingMobileReturnRef.current) return;
     const polledTransfer = polling.transfer;
     if (!polledTransfer || polledTransfer.status !== "AUTHORIZED") return;
-    void handleAuthorizedMobileReturn(polledTransfer, mobileSetupFlowRef.current);
-  }, [state.mobileFlow, polling.transfer, handleAuthorizedMobileReturn, handlingMobileReturnRef, mobileSetupFlowRef]);
+    void handleAuthorizedMobileReturnRef.current(polledTransfer, mobileSetupFlowRef.current);
+  }, [state.mobileFlow, polling.transfer, handlingMobileReturnRef, mobileSetupFlowRef]);
   useEffect(() => {
     if (!state.mobileFlow || !mobileSetupFlowRef.current) return;
     if (!state.activeCredentialId || !setupAccountIdRef.current) return;
@@ -8151,14 +8412,10 @@ function usePaymentEffects(deps) {
     poll();
     const intervalId = window.setInterval(poll, POLL_INTERVAL_MS);
     const handleVisibility = () => {
-      if (document.visibilityState === "visible" && !cancelled) {
-        poll();
-      }
+      if (document.visibilityState === "visible" && !cancelled) poll();
     };
     const handlePageShow = (e) => {
-      if (e.persisted && !cancelled) {
-        poll();
-      }
+      if (e.persisted && !cancelled) poll();
     };
     document.addEventListener("visibilitychange", handleVisibility);
     window.addEventListener("pageshow", handlePageShow);
@@ -8209,6 +8466,16 @@ function usePaymentEffects(deps) {
     handlingMobileReturnRef,
     pollingTransferIdRef
   ]);
+}
+function useSelectSourceEffect(deps) {
+  const {
+    pendingSelectSourceAction,
+    selectSourceChoices,
+    selectSourceRecommended,
+    setSelectSourceChainName,
+    setSelectSourceTokenSymbol,
+    initializedSelectSourceActionRef
+  } = deps;
   useEffect(() => {
     if (!pendingSelectSourceAction) {
       initializedSelectSourceActionRef.current = null;
@@ -8239,38 +8506,27 @@ function usePaymentEffects(deps) {
     setSelectSourceTokenSymbol,
     initializedSelectSourceActionRef
   ]);
+}
+function useOneTapAutoResolveEffect(deps) {
+  const { authExecutor, dispatch, oneTapLimitSavedDuringSetup, reloadAccounts } = deps;
   const pendingOneTapSetupAction = authExecutor.pendingOneTapSetup;
   useEffect(() => {
-    if (pendingOneTapSetupAction && oneTapLimitSavedDuringSetupRef.current) {
-      oneTapLimitSavedDuringSetupRef.current = false;
+    if (pendingOneTapSetupAction && oneTapLimitSavedDuringSetup) {
+      dispatch({ type: "SET_ONE_TAP_LIMIT_SAVED_DURING_SETUP", saved: false });
       authExecutor.resolveOneTapSetup();
     }
-  }, [pendingOneTapSetupAction, authExecutor, oneTapLimitSavedDuringSetupRef]);
+  }, [pendingOneTapSetupAction, authExecutor, dispatch, oneTapLimitSavedDuringSetup]);
   useEffect(() => {
-    if (pendingOneTapSetupAction && !oneTapLimitSavedDuringSetupRef.current) {
+    if (pendingOneTapSetupAction && !oneTapLimitSavedDuringSetup) {
       reloadAccounts();
     }
-  }, [pendingOneTapSetupAction, reloadAccounts, oneTapLimitSavedDuringSetupRef]);
-  useEffect(() => {
-    if (!state.guestSessionToken) return;
-    if (state.guestPreauthAccountId) return;
-    if (!state.transfer || state.transfer.status !== "COMPLETED") return;
-    let cancelled = false;
-    const checkGuestAccount = async () => {
-      try {
-        const result = await fetchGuestAccount(apiBaseUrl, state.guestSessionToken);
-        if (cancelled) return;
-        if (result && !result.hasPasskey) {
-          dispatch({ type: "GUEST_PREAUTH_DETECTED", accountId: result.accountId });
-        }
-      } catch {
-      }
-    };
-    checkGuestAccount();
-    return () => {
-      cancelled = true;
-    };
-  }, [state.transfer, state.guestSessionToken, state.guestPreauthAccountId, apiBaseUrl, dispatch]);
+  }, [pendingOneTapSetupAction, reloadAccounts, oneTapLimitSavedDuringSetup]);
+}
+function useGuestPreauthEffect(deps) {
+  const { state, dispatch, authenticated, apiBaseUrl, reloadAccounts } = deps;
+  const { getAccessToken } = usePrivy();
+  const getAccessTokenRef = useRef(getAccessToken);
+  getAccessTokenRef.current = getAccessToken;
   const settingOwnerRef = useRef(false);
   useEffect(() => {
     if (!state.guestPreauthAccountId) return;
@@ -8279,6 +8535,8 @@ function usePaymentEffects(deps) {
     if (!authenticated) return;
     if (!state.guestSessionToken) return;
     if (settingOwnerRef.current) return;
+    const hasActive = state.accounts.some((a) => a.wallets.some((w) => w.status === "ACTIVE"));
+    if (!hasActive) return;
     settingOwnerRef.current = true;
     let cancelled = false;
     const setOwner = async () => {
@@ -8316,12 +8574,69 @@ function usePaymentEffects(deps) {
     state.activeCredentialId,
     state.activePublicKey,
     state.guestSessionToken,
+    state.accounts,
     authenticated,
     apiBaseUrl,
     dispatch,
     reloadAccounts
   ]);
 }
+function useGuestDesktopPreauthSessionEffect(deps) {
+  const { state, authExecutor, reloadAccounts, dispatch, desktopGuestPreauth } = deps;
+  const preauthExecutingRef = useRef(false);
+  useEffect(() => {
+    if (!desktopGuestPreauth) return;
+    if (!state.guestPreauthorizing) return;
+    if (!state.guestPreauthSessionId || preauthExecutingRef.current) return;
+    preauthExecutingRef.current = true;
+    const runPreauthSession = async () => {
+      try {
+        await authExecutor.executeSessionById(state.guestPreauthSessionId);
+        await reloadAccounts();
+      } catch {
+      } finally {
+        preauthExecutingRef.current = false;
+        dispatch({ type: "GUEST_PREAUTH_END" });
+      }
+    };
+    void runPreauthSession();
+  }, [
+    desktopGuestPreauth,
+    state.guestPreauthorizing,
+    state.guestPreauthSessionId,
+    authExecutor,
+    reloadAccounts,
+    dispatch
+  ]);
+}
+function useGuestPreauthPhaseSyncEffect(deps) {
+  const { state, dispatch, authExecutor, isDesktop } = deps;
+  useEffect(() => {
+    if (!state.guestPreauthorizing || !isDesktop) return;
+    const pending = authExecutor.pendingSelectSource;
+    if (pending) {
+      const intent = {
+        step: "select-source",
+        action: pending,
+        isDesktop
+      };
+      if (state.phase.step === "select-source" && state.phase.action.id === pending.id) {
+        return;
+      }
+      dispatch({ type: "SET_USER_INTENT", intent });
+      return;
+    }
+    if (state.phase.step === "select-source") {
+      dispatch({ type: "SET_USER_INTENT", intent: { step: "one-tap-setup", action: null } });
+    }
+  }, [
+    state.guestPreauthorizing,
+    state.phase,
+    isDesktop,
+    authExecutor.pendingSelectSource,
+    dispatch
+  ]);
+}
 function BlinkPayment(props) {
   const resetKey = useRef(0);
   const handleBoundaryReset = useCallback(() => {
@@ -8343,6 +8658,10 @@ function BlinkPaymentInner({
   const { apiBaseUrl, depositAmount } = useBlinkConfig();
   const { ready, authenticated, logout, getAccessToken } = usePrivy();
   useLoginWithOAuth();
+  const isDesktop = shouldUseWalletConnector({
+    useWalletConnector: useWalletConnectorProp,
+    userAgent: typeof navigator === "undefined" ? void 0 : navigator.userAgent
+  });
   const [state, dispatch] = useReducer(
     paymentReducer,
     {
@@ -8426,7 +8745,9 @@ function BlinkPaymentInner({
     reauthTokenRef: mobileFlowRefs.reauthTokenRef,
     authenticated,
     merchantAuthorization,
-    destination
+    destination,
+    guestSessionToken: state.guestSessionToken,
+    selectedProviderId: state.selectedProviderId
   });
   const oneTapSetup = useOneTapSetupHandlers({
     dispatch,
@@ -8434,7 +8755,8 @@ function BlinkPaymentInner({
     apiBaseUrl,
     authExecutor,
     selectSourceChainName: sourceSelection.selectSourceChainName,
-    selectSourceTokenSymbol: sourceSelection.selectSourceTokenSymbol
+    selectSourceTokenSymbol: sourceSelection.selectSourceTokenSymbol,
+    authorizationSessionIdForGuest: state.guestPreauthSessionId
   });
   const guestTransfer = useGuestTransferHandlers({
     dispatch,
@@ -8448,13 +8770,12 @@ function BlinkPaymentInner({
     clearMobileFlowState();
     transfer.processingStartedAtRef.current = null;
     transfer.pollingTransferIdRef.current = null;
-    oneTapSetup.oneTapLimitSavedDuringSetupRef.current = false;
     dispatch({
       type: "NEW_PAYMENT",
       depositAmount,
       firstAccountId: state.accounts.length > 0 ? state.accounts[0].id : null
     });
-  }, [depositAmount, state.accounts, transfer, oneTapSetup]);
+  }, [depositAmount, state.accounts, transfer]);
   const handleLogout = useCallback(async () => {
     try {
       await logout();
@@ -8466,65 +8787,113 @@ function BlinkPaymentInner({
     }
     polling.stopPolling();
     passkey.checkingPasskeyRef.current = false;
-    oneTapSetup.oneTapLimitSavedDuringSetupRef.current = false;
     auth.setAuthInput("");
     auth.setOtpCode("");
-    dispatch({ type: "LOGOUT", depositAmount });
-  }, [logout, polling, depositAmount, auth, passkey, oneTapSetup]);
-  usePaymentEffects({
+    dispatch({ type: "LOGOUT", depositAmount, privyReady: ready });
+  }, [logout, polling, depositAmount, auth, passkey, ready]);
+  useEffect(() => {
+    if (depositAmount != null) {
+      dispatch({ type: "SYNC_AMOUNT", amount: depositAmount.toString() });
+    }
+  }, [depositAmount, dispatch]);
+  usePrivySessionSyncEffect({ dispatch, ready, authenticated });
+  useOtpEffects({
     state,
     dispatch,
-    ready,
     authenticated,
-    apiBaseUrl,
-    depositAmount,
-    onComplete,
-    onError,
-    polling,
-    authExecutor,
-    reloadAccounts: transfer.reloadAccounts,
     activeOtpStatus: auth.activeOtpStatus,
     activeOtpErrorMessage: auth.activeOtpErrorMessage,
     otpCode: auth.otpCode,
     handleVerifyLoginCode: auth.handleVerifyLoginCode,
     setAuthInput: auth.setAuthInput,
+    setOtpCode: auth.setOtpCode
+  });
+  usePasskeyCheckEffect({
+    dispatch,
+    ready,
+    authenticated,
+    apiBaseUrl,
+    activeCredentialId: state.activeCredentialId,
+    passkeyConfigLoaded: state.passkeyConfigLoaded,
+    checkingPasskeyRef: passkey.checkingPasskeyRef,
+    setAuthInput: auth.setAuthInput,
     setOtpCode: auth.setOtpCode,
+    polling,
     mobileSetupFlowRef: mobileFlowRefs.mobileSetupFlowRef,
     handlingMobileReturnRef: mobileFlowRefs.handlingMobileReturnRef,
     setupAccountIdRef: mobileFlowRefs.setupAccountIdRef,
     reauthSessionIdRef: mobileFlowRefs.reauthSessionIdRef,
     reauthTokenRef: mobileFlowRefs.reauthTokenRef,
-    loadingDataRef: mobileFlowRefs.loadingDataRef,
     pollingTransferIdRef: transfer.pollingTransferIdRef,
+    handleAuthorizedMobileReturn: mobileFlow.handleAuthorizedMobileReturn,
+    onComplete
+  });
+  useDataLoadEffect({
+    state,
+    dispatch,
+    authenticated,
+    apiBaseUrl,
+    depositAmount,
+    loadingDataRef: mobileFlowRefs.loadingDataRef,
+    reloadAccounts: transfer.reloadAccounts
+  });
+  useProcessingEffect({
+    state,
+    dispatch,
+    polling,
     processingStartedAtRef: transfer.processingStartedAtRef,
-    checkingPasskeyRef: passkey.checkingPasskeyRef,
+    onComplete,
+    onError,
+    reloadAccounts: transfer.reloadAccounts
+  });
+  useMobilePollingEffect({
+    state,
+    dispatch,
+    polling,
+    mobileSetupFlowRef: mobileFlowRefs.mobileSetupFlowRef,
+    handlingMobileReturnRef: mobileFlowRefs.handlingMobileReturnRef,
+    setupAccountIdRef: mobileFlowRefs.setupAccountIdRef,
+    reauthSessionIdRef: mobileFlowRefs.reauthSessionIdRef,
+    reauthTokenRef: mobileFlowRefs.reauthTokenRef,
+    pollingTransferIdRef: transfer.pollingTransferIdRef,
+    reloadAccounts: transfer.reloadAccounts,
+    handleAuthorizedMobileReturn: mobileFlow.handleAuthorizedMobileReturn,
+    apiBaseUrl
+  });
+  useSelectSourceEffect({
     pendingSelectSourceAction: sourceSelection.pendingSelectSourceAction,
     selectSourceChoices: sourceSelection.selectSourceChoices,
     selectSourceRecommended: sourceSelection.selectSourceRecommended,
     setSelectSourceChainName: sourceSelection.setSelectSourceChainName,
     setSelectSourceTokenSymbol: sourceSelection.setSelectSourceTokenSymbol,
-    initializedSelectSourceActionRef: sourceSelection.initializedSelectSourceActionRef,
-    oneTapLimitSavedDuringSetupRef: oneTapSetup.oneTapLimitSavedDuringSetupRef,
-    handleAuthorizedMobileReturn: mobileFlow.handleAuthorizedMobileReturn
+    initializedSelectSourceActionRef: sourceSelection.initializedSelectSourceActionRef
   });
-  const autoSelectingRef = useRef(false);
-  useEffect(() => {
-    if (!state.isGuestFlow || !state.selectedProviderId || !state.activeCredentialId || !authenticated || autoSelectingRef.current || state.transfer != null) return;
-    const hasActive = state.accounts.some((a) => a.wallets.some((w) => w.status === "ACTIVE"));
-    if (hasActive) return;
-    autoSelectingRef.current = true;
-    provider.handleSelectProvider(state.selectedProviderId).finally(() => {
-      autoSelectingRef.current = false;
-    });
-  }, [
-    state.isGuestFlow,
-    state.selectedProviderId,
-    state.activeCredentialId,
-    state.transfer,
-    state.accounts,
+  useOneTapAutoResolveEffect({
+    authExecutor,
+    dispatch,
+    oneTapLimitSavedDuringSetup: state.oneTapLimitSavedDuringSetup,
+    reloadAccounts: transfer.reloadAccounts
+  });
+  useGuestPreauthEffect({
+    state,
+    dispatch,
     authenticated,
-    provider
-  ]);
+    apiBaseUrl,
+    reloadAccounts: transfer.reloadAccounts
+  });
+  useGuestPreauthPhaseSyncEffect({
+    state,
+    dispatch,
+    authExecutor,
+    isDesktop
+  });
+  useGuestDesktopPreauthSessionEffect({
+    state,
+    authExecutor,
+    reloadAccounts: transfer.reloadAccounts,
+    dispatch,
+    desktopGuestPreauth: isDesktop
+  });
   const handlers = useMemo(() => ({
     onSendLoginCode: auth.handleSendLoginCode,
     onVerifyLoginCode: auth.handleVerifyLoginCode,
@@ -8547,7 +8916,7 @@ function BlinkPaymentInner({
     onBackFromOpenWallet: () => dispatch({ type: "CLEAR_MOBILE_STATE" }),
     onLogout: handleLogout,
     onNewPayment: handleNewPayment,
-    onSetUserIntent: (intent) => dispatch({ type: "SET_USER_INTENT", intent }),
+    onSetPhase: (phase) => dispatch({ type: "SET_USER_INTENT", intent: phase }),
     onSetAuthInput: auth.setAuthInput,
     onSetOtpCode: (code) => {
       auth.setOtpCode(code);
@@ -8561,30 +8930,9 @@ function BlinkPaymentInner({
     onSelectAuthorizedToken: provider.handleSelectAuthorizedToken,
     onAuthorizeToken: provider.handleAuthorizeToken,
     onSelectGuestToken: guestTransfer.handleSelectGuestToken,
+    onGuestBackFromTokenPicker: guestTransfer.handleGuestBackFromTokenPicker,
     onLogin: () => dispatch({ type: "REQUEST_LOGIN" }),
-    onPreauthorize: async () => {
-      if (state.guestPreauthAccountId) {
-        dispatch({ type: "REQUEST_LOGIN" });
-        return;
-      }
-      if (!state.guestSessionToken || !state.selectedProviderId) {
-        dispatch({ type: "REQUEST_LOGIN" });
-        return;
-      }
-      try {
-        const providerName = state.providers.find((p) => p.id === state.selectedProviderId)?.name ?? "Wallet";
-        const created = await createGuestAccount(
-          apiBaseUrl,
-          state.guestSessionToken,
-          state.selectedProviderId,
-          providerName
-        );
-        dispatch({ type: "GUEST_PREAUTH_DETECTED", accountId: created.accountId });
-        dispatch({ type: "REQUEST_LOGIN" });
-      } catch {
-        dispatch({ type: "REQUEST_LOGIN" });
-      }
-    }
+    onPreauthorize: provider.handlePreauthorize
   }), [
     auth,
     passkey,
@@ -8595,56 +8943,57 @@ function BlinkPaymentInner({
     oneTapSetup,
     guestTransfer,
     handleLogout,
-    handleNewPayment,
-    state.guestPreauthAccountId,
-    state.guestSessionToken,
-    state.selectedProviderId,
-    state.providers,
-    apiBaseUrl
+    handleNewPayment
   ]);
   return /* @__PURE__ */ jsx(
     StepRenderer,
     {
-      state,
-      ready,
-      authenticated,
-      activeOtpStatus: auth.activeOtpStatus,
-      pollingTransfer: polling.transfer,
-      pollingError: polling.error,
-      authExecutorError: authExecutor.error,
-      inlineAuthorizationExecuting: authExecutor.executing,
-      transferSigningSigning: transferSigning.signing,
-      transferSigningError: transferSigning.error,
-      pendingSelectSource: authExecutor.pendingSelectSource,
-      pendingOneTapSetup: authExecutor.pendingOneTapSetup,
-      oneTapLimitAlreadySaved: oneTapSetup.oneTapLimitSavedDuringSetupRef.current,
-      pendingConnections: derived.pendingConnections,
-      depositEligibleAccounts: derived.depositEligibleAccounts,
-      sourceName: derived.sourceName,
-      maxSourceBalance: derived.maxSourceBalance,
-      tokenCount: derived.tokenCount,
-      selectedAccount: derived.selectedAccount,
-      selectedSource: derived.selectedSource,
-      selectSourceChoices: sourceSelection.selectSourceChoices,
-      selectSourceRecommended: sourceSelection.selectSourceRecommended,
-      selectSourceAvailableBalance: sourceSelection.selectSourceAvailableBalance,
-      guestTokenEntries: guestTransfer.guestTokenEntries,
-      guestLoadingBalances: guestTransfer.loadingBalances,
-      guestSettingSender: guestTransfer.settingSender,
-      authInput: auth.authInput,
-      otpCode: auth.otpCode,
-      selectSourceChainName: sourceSelection.selectSourceChainName,
-      selectSourceTokenSymbol: sourceSelection.selectSourceTokenSymbol,
-      savingOneTapLimit: oneTapSetup.savingOneTapLimit,
-      merchantName,
-      onBack,
-      onDismiss,
-      depositAmount,
+      flow: {
+        state,
+        authenticated,
+        activeOtpStatus: auth.activeOtpStatus,
+        isDesktop,
+        merchantName,
+        onBack,
+        onDismiss,
+        depositAmount
+      },
+      remote: {
+        pollingTransfer: polling.transfer,
+        pollingError: polling.error,
+        authExecutorError: authExecutor.error,
+        transferSigningSigning: transferSigning.signing,
+        transferSigningError: transferSigning.error,
+        pendingSelectSource: authExecutor.pendingSelectSource,
+        pendingOneTapSetup: authExecutor.pendingOneTapSetup
+      },
+      derived: {
+        pendingConnections: derived.pendingConnections,
+        depositEligibleAccounts: derived.depositEligibleAccounts,
+        sourceName: derived.sourceName,
+        maxSourceBalance: derived.maxSourceBalance,
+        tokenCount: derived.tokenCount,
+        selectedAccount: derived.selectedAccount,
+        selectedSource: derived.selectedSource,
+        selectSourceChoices: sourceSelection.selectSourceChoices,
+        selectSourceRecommended: sourceSelection.selectSourceRecommended,
+        selectSourceAvailableBalance: sourceSelection.selectSourceAvailableBalance
+      },
+      forms: {
+        authInput: auth.authInput,
+        otpCode: auth.otpCode,
+        selectSourceChainName: sourceSelection.selectSourceChainName,
+        selectSourceTokenSymbol: sourceSelection.selectSourceTokenSymbol,
+        savingOneTapLimit: oneTapSetup.savingOneTapLimit,
+        guestTokenEntries: guestTransfer.guestTokenEntries,
+        guestLoadingBalances: guestTransfer.loadingBalances,
+        guestSettingSender: guestTransfer.settingSender
+      },
       handlers
     }
   );
 }
 
-export { AdvancedSourceScreen, BLINK_LOGO, BLINK_MASCOT, BlinkLoadingScreen, BlinkPayment, BlinkProvider, FlowPhaseProvider, IconCircle, InfoBanner, OutlineButton, PasskeyIframeBlockedError, PasskeyScreen, PoweredByFooter, PrimaryButton, ScreenHeader, ScreenLayout, SelectSourceScreen, SettingsMenu, SetupScreen, Spinner, StepList, TokenPickerScreen, api_exports as blinkApi, buildPasskeyPopupOptions, createPasskeyCredential, createPasskeyViaPopup, darkTheme, deviceHasPasskey, findDevicePasskey, findDevicePasskeyViaPopup, getTheme, lightTheme, resolvePasskeyRpId, resolveScreen, useAuthorizationExecutor, useBlinkConfig, useBlinkDepositAmount, useTransferPolling, useTransferSigning };
+export { AdvancedSourceScreen, BLINK_LOGO, BLINK_MASCOT, BlinkLoadingScreen, BlinkPayment, BlinkProvider, FlowPhaseProvider, IconCircle, InfoBanner, OutlineButton, PasskeyIframeBlockedError, PasskeyScreen, PoweredByFooter, PrimaryButton, ScreenHeader, ScreenLayout, SelectSourceScreen, SettingsMenu, SetupScreen, Spinner, StepList, TokenPickerScreen, api_exports as blinkApi, buildPasskeyPopupOptions, createPasskeyCredential, createPasskeyViaPopup, darkTheme, deviceHasPasskey, findDevicePasskey, findDevicePasskeyViaPopup, getTheme, lightTheme, resolvePasskeyRpId, screenForPhase, useAuthorizationExecutor, useBlinkConfig, useBlinkDepositAmount, useTransferPolling, useTransferSigning };
 //# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map