npm - @tatchi-xyz/sdk - Versions diffs - 0.16.0 → 0.17.0 - Mend

@tatchi-xyz/sdk 0.16.0 → 0.17.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (470) hide show

package/dist/esm/sdk/{createAdapters-BWLe9Ddo.js → createAdapters-qVGD6i0g.js} RENAMED Viewed

@@ -1,10 +1,10 @@
 import { CONFIRM_UI_ELEMENT_SELECTORS, W3A_CONFIRM_PORTAL_ID, W3A_TX_CONFIRMER_ID } from "./tags-C2Wlhqjd.js";
 import { WalletIframeDomEvents, computeUiIntentDigestFromTxs, orderActionForDigest } from "./txDigest-CxjhSCgm.js";
 import { init_actions, isActionArgsWasm, toActionArgsWasm } from "./actions-O1FD5Bq8.js";
-import { TxConfirmerWrapperElement } from "./tx-confirmer-wrapper-CqfVBUaA.js";
+import { TxConfirmerWrapperElement } from "./tx-confirmer-wrapper-lHNgz9i4.js";
 import { errorMessage, init_errors, toError } from "./errors-D9ar28Dr.js";
-import { serializeAuthenticationCredentialWithPRF } from "./safari-fallbacks-oQKu9xUs.js";
-import { SecureConfirmationType, authenticatorsToAllowCredentials, getNearAccountId, getSignTransactionPayload, init_accountIds, sendConfirmResponse, toAccountId } from "./requestHelpers-DLBGBHMw.js";
+import { init_credentialsHelpers, serializeAuthenticationCredentialWithPRF } from "./WebAuthnFallbacks-Bl4BTsNt.js";
+import { SecureConfirmationType, authenticatorsToAllowCredentials, getNearAccountId, getSignTransactionPayload, init_accountIds, init_touchIdPrompt, sendConfirmResponse, toAccountId } from "./requestHelpers-Dh1hEYL9.js";
 //#region src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/near.ts
 init_errors();
@@ -62,6 +62,7 @@ async function maybeRefreshVrfChallenge(ctx, request, nearAccountId) {
 	const rpId = ctx.touchIdPrompt.getRpId();
 	const vrfWorkerManager = ctx.vrfWorkerManager;
 	if (!vrfWorkerManager) throw new Error("VrfWorkerManager not available");
+	if (!ctx.nonceManager.nearAccountId || !ctx.nonceManager.nearPublicKeyStr || String(ctx.nonceManager.nearAccountId) !== String(nearAccountId)) throw new Error("NonceManager not initialized with user data");
 	const attempts = 3;
 	return await retryWithBackoff(async (attempt) => {
 		const latestCtx = await ctx.nonceManager.getNonceBlockHashAndHeight(ctx.nearClient, { force: true });
@@ -399,11 +400,17 @@ async function renderConfirmUI({ ctx, request, confirmationConfig, transactionSu
 //#endregion
 //#region src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/webauthn.ts
+init_credentialsHelpers();
 init_accountIds();
+init_touchIdPrompt();
 async function collectAuthenticationCredentialWithPRF({ ctx, nearAccountId, vrfChallenge, onBeforePrompt, includeSecondPrfOutput = false }) {
 	const authenticators = await ctx.indexedDB.clientDB.getAuthenticatorsByUser(toAccountId(nearAccountId));
 	const { authenticatorsForPrompt, wrongPasskeyError } = await ctx.indexedDB.clientDB.ensureCurrentPasskey(toAccountId(nearAccountId), authenticators);
 	if (wrongPasskeyError) throw new Error(wrongPasskeyError);
+	if (authenticatorsForPrompt.length === 1) {
+		const expectedVrfPublicKey = authenticatorsForPrompt[0]?.vrfPublicKey;
+		if (expectedVrfPublicKey && expectedVrfPublicKey !== vrfChallenge.vrfPublicKey) throw new Error("Signing session is using a different passkey/VRF session than the current device. Please log in again and retry.");
+	}
 	onBeforePrompt?.({
 		authenticators,
 		authenticatorsForPrompt,

package/dist/esm/sdk/{defaultConfigs-VzvDejmy.js → defaultConfigs-DpslkAQd.js} RENAMED Viewed

@@ -54,7 +54,7 @@ function buildConfigsFromEnv(overrides = {}) {
 var PASSKEY_MANAGER_DEFAULT_CONFIGS, DEFAULT_EMAIL_RECOVERY_CONTRACTS;
 var init_defaultConfigs = __esm({ "src/core/defaultConfigs.ts": (() => {
 	PASSKEY_MANAGER_DEFAULT_CONFIGS = {
-		nearRpcUrl: "https://test.rpc.fastnear.com",
+		nearRpcUrl: "https://test.rpc.fastnear.com, https://rpc.testnet.near.org",
 		nearNetwork: "testnet",
 		contractId: "w3a-v1.testnet",
 		nearExplorerUrl: "https://testnet.nearblocks.io",

package/dist/esm/sdk/{getDeviceNumber-CkWRT17I.js → getDeviceNumber-fXizNGQl.js} RENAMED Viewed

@@ -2,7 +2,7 @@ import { toAccountId } from "./requestHelpers-aUKhXiEl.js";
 //#region src/core/defaultConfigs.ts
 const PASSKEY_MANAGER_DEFAULT_CONFIGS = {
-	nearRpcUrl: "https://test.rpc.fastnear.com",
+	nearRpcUrl: "https://test.rpc.fastnear.com, https://rpc.testnet.near.org",
 	nearNetwork: "testnet",
 	contractId: "w3a-v1.testnet",
 	nearExplorerUrl: "https://testnet.nearblocks.io",
@@ -122,4 +122,4 @@ async function getLastLoggedInDeviceNumber(nearAccountId, clientDB) {
 //#endregion
 export { PASSKEY_MANAGER_DEFAULT_CONFIGS, buildConfigsFromEnv, getLastLoggedInDeviceNumber };
-//# sourceMappingURL=getDeviceNumber-CkWRT17I.js.map
+//# sourceMappingURL=getDeviceNumber-fXizNGQl.js.map

package/dist/esm/sdk/getDeviceNumber-fXizNGQl.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"getDeviceNumber-fXizNGQl.js","names":["PASSKEY_MANAGER_DEFAULT_CONFIGS: TatchiConfigs","DEFAULT_EMAIL_RECOVERY_CONTRACTS: EmailRecoveryContracts","merged: TatchiConfigs"],"sources":["../../../src/core/defaultConfigs.ts","../../../src/core/WebAuthnManager/SignerWorkerManager/getDeviceNumber.ts"],"sourcesContent":["import type { EmailRecoveryContracts, TatchiConfigs, TatchiConfigsInput } from './types/tatchi';\n\n// Default SDK configs suitable for local dev.\n// Cross-origin wallet isolation is recommended; set iframeWallet in your app config when you have a dedicated origin.\n// Consumers can shallow-merge overrides by field.\n\nexport const PASSKEY_MANAGER_DEFAULT_CONFIGS: TatchiConfigs = {\n // You can provide a single URL or a comma-separated list for failover.\n // First URL is treated as primary, subsequent URLs are fallbacks.\n nearRpcUrl: 'https://test.rpc.fastnear.com, https://rpc.testnet.near.org',\n nearNetwork: 'testnet',\n contractId: 'w3a-v1.testnet',\n nearExplorerUrl: 'https://testnet.nearblocks.io',\n // Warm signing session defaults used by login/unlock flows.\n // Enforcement (TTL/uses) is owned by the VRF worker; signer workers remain one-shot.\n signingSessionDefaults: {\n ttlMs: 0, // 0 minutes\n remainingUses: 0, // default to requiring a touchID prompt for each transaction\n },\n relayer: {\n // accountId: 'w3a-v1.testnet',\n // No default relayer URL. Force apps to configure via env/overrides.\n // Using an empty string triggers early validation errors in code paths that require it.\n url: '',\n delegateActionRoute: '/signed-delegate',\n emailRecovery: {\n // Require at least 0.01 NEAR available to start email recovery.\n minBalanceYocto: '10000000000000000000000', // 0.01 NEAR\n // Poll every 4 seconds for verification status / access key.\n pollingIntervalMs: 4000,\n // Stop polling after 30 minutes.\n maxPollingDurationMs: 30 * 60 * 1000,\n // Expire pending recovery records after 30 minutes.\n pendingTtlMs: 30 * 60 * 1000,\n // Default recovery mailbox for examples / docs.\n mailtoAddress: 'recover@web3authn.org',\n // EmailDKIMVerifier contract that stores verification results.\n dkimVerifierAccountId: 'email-dkim-verifier-v1.testnet',\n // View method used to fetch VerificationResult by request_id.\n verificationViewMethod: 'get_verification_result',\n },\n },\n vrfWorkerConfigs: {\n shamir3pass: {\n // default Shamir's P in vrf-wasm-worker, needs to match relay server's Shamir P\n p: '3N5w46AIGjGT2v5Vua_TMD5Ywfa9U2F7-WzW8SNDsIM',\n // No default relay server URL to avoid accidental localhost usage in non-dev envs\n // Defaults to relayer.url when undefined\n relayServerUrl: '',\n applyServerLockRoute: '/vrf/apply-server-lock',\n removeServerLockRoute: '/vrf/remove-server-lock',\n }\n },\n emailRecoveryContracts: {\n emailRecovererGlobalContract: 'w3a-email-recoverer-v1.testnet',\n zkEmailVerifierContract: 'zk-email-verifier-v1.testnet',\n emailDkimVerifierContract: 'email-dkim-verifier-v1.testnet',\n },\n // Configure iframeWallet in application code to point at your dedicated wallet origin when available.\n iframeWallet: {\n walletOrigin: 'https://wallet.example.localhost',\n walletServicePath: '/wallet-service',\n sdkBasePath: '/sdk',\n rpIdOverride: 'example.localhost',\n }\n};\n\nexport const DEFAULT_EMAIL_RECOVERY_CONTRACTS: EmailRecoveryContracts = {\n emailRecovererGlobalContract: PASSKEY_MANAGER_DEFAULT_CONFIGS.emailRecoveryContracts.emailDkimVerifierContract,\n zkEmailVerifierContract: PASSKEY_MANAGER_DEFAULT_CONFIGS.emailRecoveryContracts.zkEmailVerifierContract,\n emailDkimVerifierContract: PASSKEY_MANAGER_DEFAULT_CONFIGS.emailRecoveryContracts.emailDkimVerifierContract,\n};\n\n// Merge defaults with overrides\nexport function buildConfigsFromEnv(overrides: TatchiConfigsInput = {}): TatchiConfigs {\n\n const defaults = PASSKEY_MANAGER_DEFAULT_CONFIGS;\n const relayerUrl = overrides.relayer?.url ?? defaults.relayer?.url ?? '';\n // Prefer explicit override for relayer URL; fall back to default preset.\n // Used below to default VRF relayServerUrl when it is undefined.\n const relayServerUrlDefault = relayerUrl;\n\n const merged: TatchiConfigs = {\n nearRpcUrl: overrides.nearRpcUrl ?? defaults.nearRpcUrl,\n nearNetwork: overrides.nearNetwork ?? defaults.nearNetwork,\n contractId: overrides.contractId ?? defaults.contractId,\n nearExplorerUrl: overrides.nearExplorerUrl ?? defaults.nearExplorerUrl,\n walletTheme: overrides.walletTheme ?? defaults.walletTheme,\n signingSessionDefaults: {\n ttlMs: overrides.signingSessionDefaults?.ttlMs\n ?? defaults.signingSessionDefaults?.ttlMs,\n remainingUses: overrides.signingSessionDefaults?.remainingUses\n ?? defaults.signingSessionDefaults?.remainingUses,\n },\n relayer: {\n url: relayerUrl,\n delegateActionRoute: overrides.relayer?.delegateActionRoute\n ?? defaults.relayer?.delegateActionRoute,\n emailRecovery: {\n minBalanceYocto: overrides.relayer?.emailRecovery?.minBalanceYocto\n ?? defaults.relayer?.emailRecovery?.minBalanceYocto,\n pollingIntervalMs: overrides.relayer?.emailRecovery?.pollingIntervalMs\n ?? defaults.relayer?.emailRecovery?.pollingIntervalMs,\n maxPollingDurationMs: overrides.relayer?.emailRecovery?.maxPollingDurationMs\n ?? defaults.relayer?.emailRecovery?.maxPollingDurationMs,\n pendingTtlMs: overrides.relayer?.emailRecovery?.pendingTtlMs\n ?? defaults.relayer?.emailRecovery?.pendingTtlMs,\n mailtoAddress: overrides.relayer?.emailRecovery?.mailtoAddress\n ?? defaults.relayer?.emailRecovery?.mailtoAddress,\n dkimVerifierAccountId: overrides.relayer?.emailRecovery?.dkimVerifierAccountId\n ?? defaults.relayer?.emailRecovery?.dkimVerifierAccountId,\n verificationViewMethod: overrides.relayer?.emailRecovery?.verificationViewMethod\n ?? defaults.relayer?.emailRecovery?.verificationViewMethod,\n },\n },\n authenticatorOptions: overrides.authenticatorOptions ?? defaults.authenticatorOptions,\n vrfWorkerConfigs: {\n shamir3pass: {\n p: overrides.vrfWorkerConfigs?.shamir3pass?.p\n ?? defaults.vrfWorkerConfigs?.shamir3pass?.p,\n relayServerUrl: overrides.vrfWorkerConfigs?.shamir3pass?.relayServerUrl\n ?? defaults.vrfWorkerConfigs?.shamir3pass?.relayServerUrl\n ?? relayServerUrlDefault,\n applyServerLockRoute: overrides.vrfWorkerConfigs?.shamir3pass?.applyServerLockRoute\n ?? defaults.vrfWorkerConfigs?.shamir3pass?.applyServerLockRoute,\n removeServerLockRoute: overrides.vrfWorkerConfigs?.shamir3pass?.removeServerLockRoute\n ?? defaults.vrfWorkerConfigs?.shamir3pass?.removeServerLockRoute,\n },\n },\n emailRecoveryContracts: {\n emailRecovererGlobalContract: overrides.emailRecoveryContracts?.emailRecovererGlobalContract\n ?? defaults.emailRecoveryContracts?.emailRecovererGlobalContract,\n zkEmailVerifierContract: overrides.emailRecoveryContracts?.zkEmailVerifierContract\n ?? defaults.emailRecoveryContracts?.zkEmailVerifierContract,\n emailDkimVerifierContract: overrides.emailRecoveryContracts?.emailDkimVerifierContract\n ?? defaults.emailRecoveryContracts?.emailDkimVerifierContract,\n },\n iframeWallet: {\n walletOrigin: overrides.iframeWallet?.walletOrigin\n ?? defaults.iframeWallet?.walletOrigin,\n walletServicePath: overrides.iframeWallet?.walletServicePath\n ?? defaults.iframeWallet?.walletServicePath\n ?? '/wallet-service',\n sdkBasePath: overrides.iframeWallet?.sdkBasePath\n ?? defaults.iframeWallet?.sdkBasePath\n ?? '/sdk',\n rpIdOverride: overrides.iframeWallet?.rpIdOverride\n ?? defaults.iframeWallet?.rpIdOverride,\n }\n };\n if (!merged.contractId) {\n throw new Error('[configPresets] Missing required config: contractId');\n }\n if (!merged.relayer.url) {\n throw new Error('[configPresets] Missing required config: relayer.url');\n }\n return merged;\n}\n","import type { PasskeyClientDBManager } from '@/core/IndexedDBManager';\nimport { toAccountId, type AccountId } from '../../types/accountIds';\n\nexport function parseDeviceNumber(\n value: unknown,\n options: { min?: number } = {}\n): number | null {\n const deviceNumber = Number(value);\n const min = options.min ?? 1;\n if (!Number.isSafeInteger(deviceNumber) || deviceNumber < min) {\n return null;\n }\n return deviceNumber;\n}\n\n/**\n * Return the deviceNumber for the last logged-in user for the given account.\n * This uses the app-state \"last user\" pointer only; if it does not match the\n * requested account, an error is thrown instead of silently falling back.\n */\nexport async function getLastLoggedInDeviceNumber(\n nearAccountId: AccountId | string,\n clientDB: PasskeyClientDBManager\n): Promise<number> {\n const accountId = toAccountId(nearAccountId);\n const last = await clientDB.getLastUser();\n if (last && last.nearAccountId === accountId) {\n const deviceNumber = parseDeviceNumber((last as any).deviceNumber, { min: 1 });\n if (deviceNumber !== null) {\n return deviceNumber;\n }\n }\n throw new Error(`No last user session for account ${accountId}`);\n}\n"],"mappings":";;;AAMA,MAAaA,kCAAiD;CAG5D,YAAY;CACZ,aAAa;CACb,YAAY;CACZ,iBAAiB;CAGjB,wBAAwB;EACtB,OAAO;EACP,eAAe;;CAEjB,SAAS;EAIP,KAAK;EACL,qBAAqB;EACrB,eAAe;GAEb,iBAAiB;GAEjB,mBAAmB;GAEnB,sBAAsB,OAAU;GAEhC,cAAc,OAAU;GAExB,eAAe;GAEf,uBAAuB;GAEvB,wBAAwB;;;CAG5B,kBAAkB,EAChB,aAAa;EAEX,GAAG;EAGH,gBAAgB;EAChB,sBAAsB;EACtB,uBAAuB;;CAG3B,wBAAwB;EACtB,8BAA8B;EAC9B,yBAAyB;EACzB,2BAA2B;;CAG7B,cAAc;EACZ,cAAc;EACd,mBAAmB;EACnB,aAAa;EACb,cAAc;;;AAIlB,MAAaC,mCAA2D;CACtE,8BAA8B,gCAAgC,uBAAuB;CACrF,yBAAyB,gCAAgC,uBAAuB;CAChF,2BAA2B,gCAAgC,uBAAuB;;AAIpF,SAAgB,oBAAoB,YAAgC,IAAmB;CAErF,MAAM,WAAW;CACjB,MAAM,aAAa,UAAU,SAAS,OAAO,SAAS,SAAS,OAAO;CAGtE,MAAM,wBAAwB;CAE9B,MAAMC,SAAwB;EAC5B,YAAY,UAAU,cAAc,SAAS;EAC7C,aAAa,UAAU,eAAe,SAAS;EAC/C,YAAY,UAAU,cAAc,SAAS;EAC7C,iBAAiB,UAAU,mBAAmB,SAAS;EACvD,aAAa,UAAU,eAAe,SAAS;EAC/C,wBAAwB;GACtB,OAAO,UAAU,wBAAwB,SACpC,SAAS,wBAAwB;GACtC,eAAe,UAAU,wBAAwB,iBAC5C,SAAS,wBAAwB;;EAExC,SAAS;GACP,KAAK;GACL,qBAAqB,UAAU,SAAS,uBACnC,SAAS,SAAS;GACvB,eAAe;IACb,iBAAiB,UAAU,SAAS,eAAe,mBAC9C,SAAS,SAAS,eAAe;IACtC,mBAAmB,UAAU,SAAS,eAAe,qBAChD,SAAS,SAAS,eAAe;IACtC,sBAAsB,UAAU,SAAS,eAAe,wBACnD,SAAS,SAAS,eAAe;IACtC,cAAc,UAAU,SAAS,eAAe,gBAC3C,SAAS,SAAS,eAAe;IACtC,eAAe,UAAU,SAAS,eAAe,iBAC5C,SAAS,SAAS,eAAe;IACtC,uBAAuB,UAAU,SAAS,eAAe,yBACpD,SAAS,SAAS,eAAe;IACtC,wBAAwB,UAAU,SAAS,eAAe,0BACrD,SAAS,SAAS,eAAe;;;EAG1C,sBAAsB,UAAU,wBAAwB,SAAS;EACjE,kBAAkB,EAChB,aAAa;GACX,GAAG,UAAU,kBAAkB,aAAa,KACvC,SAAS,kBAAkB,aAAa;GAC7C,gBAAgB,UAAU,kBAAkB,aAAa,kBACpD,SAAS,kBAAkB,aAAa,kBACxC;GACL,sBAAsB,UAAU,kBAAkB,aAAa,wBAC1D,SAAS,kBAAkB,aAAa;GAC7C,uBAAuB,UAAU,kBAAkB,aAAa,yBAC3D,SAAS,kBAAkB,aAAa;;EAGjD,wBAAwB;GACtB,8BAA8B,UAAU,wBAAwB,gCAC3D,SAAS,wBAAwB;GACtC,yBAAyB,UAAU,wBAAwB,2BACtD,SAAS,wBAAwB;GACtC,2BAA2B,UAAU,wBAAwB,6BACxD,SAAS,wBAAwB;;EAExC,cAAc;GACZ,cAAc,UAAU,cAAc,gBACjC,SAAS,cAAc;GAC5B,mBAAmB,UAAU,cAAc,qBACtC,SAAS,cAAc,qBACvB;GACL,aAAa,UAAU,cAAc,eAChC,SAAS,cAAc,eACvB;GACL,cAAc,UAAU,cAAc,gBACjC,SAAS,cAAc;;;AAGhC,KAAI,CAAC,OAAO,WACV,OAAM,IAAI,MAAM;AAElB,KAAI,CAAC,OAAO,QAAQ,IAClB,OAAM,IAAI,MAAM;AAElB,QAAO;;;;;ACzJT,SAAgB,kBACd,OACA,UAA4B,IACb;CACf,MAAM,eAAe,OAAO;CAC5B,MAAM,MAAM,QAAQ,OAAO;AAC3B,KAAI,CAAC,OAAO,cAAc,iBAAiB,eAAe,IACxD,QAAO;AAET,QAAO;;;;;;;AAQT,eAAsB,4BACpB,eACA,UACiB;CACjB,MAAM,YAAY,YAAY;CAC9B,MAAM,OAAO,MAAM,SAAS;AAC5B,KAAI,QAAQ,KAAK,kBAAkB,WAAW;EAC5C,MAAM,eAAe,kBAAmB,KAAa,cAAc,EAAE,KAAK;AAC1E,MAAI,iBAAiB,KACnB,QAAO;;AAGX,OAAM,IAAI,MAAM,oCAAoC"}

package/dist/esm/sdk/{getDeviceNumber-CfmlgfMX.js → getDeviceNumber-zsOHT_Um.js} RENAMED Viewed

@@ -1,7 +1,7 @@
-import { init_accountIds, toAccountId } from "./requestHelpers-DLBGBHMw.js";
+import { __esm } from "./chunk-DIQ1yeMN.js";
+import { init_accountIds, toAccountId } from "./requestHelpers-Dh1hEYL9.js";
 //#region src/core/WebAuthnManager/SignerWorkerManager/getDeviceNumber.ts
-init_accountIds();
 function parseDeviceNumber(value, options = {}) {
 	const deviceNumber = Number(value);
 	const min = options.min ?? 1;
@@ -22,6 +22,9 @@ async function getLastLoggedInDeviceNumber(nearAccountId, clientDB) {
 	}
 	throw new Error(`No last user session for account ${accountId}`);
 }
+var init_getDeviceNumber = __esm({ "src/core/WebAuthnManager/SignerWorkerManager/getDeviceNumber.ts": (() => {
+	init_accountIds();
+}) });
 //#endregion
-export { getLastLoggedInDeviceNumber, parseDeviceNumber };
+export { getLastLoggedInDeviceNumber, init_getDeviceNumber, parseDeviceNumber };

package/dist/esm/sdk/{localOnly-DnpSyDaF.js → localOnly-Byi3AK7A.js} RENAMED Viewed

@@ -1,6 +1,6 @@
 import { ERROR_MESSAGES, SecureConfirmationType, createRandomVRFChallenge, errorMessage, getIntentDigest, getNearAccountId, isUserCancelledSecureConfirm } from "./requestHelpers-aUKhXiEl.js";
 import "./validation-DhPPUba7.js";
-import { createConfirmSession, createConfirmTxFlowAdapters } from "./createAdapters-pNiL2KNq.js";
+import { createConfirmSession, createConfirmTxFlowAdapters } from "./createAdapters-BumKM2ft.js";
 import { W3A_EXPORT_VIEWER_IFRAME_ID, W3A_TX_BUTTON_HOST_ID, W3A_TX_BUTTON_ID } from "./css-loader-BrMMlG4X.js";
 import { addLitCancelListener } from "./lit-events-BKobq01K.js";
 import "./tx-tree-themes-i3It4IYY.js";
@@ -99,4 +99,4 @@ async function handleLocalOnlyFlow(ctx, request, worker, opts) {
 //#endregion
 export { handleLocalOnlyFlow };
-//# sourceMappingURL=localOnly-DnpSyDaF.js.map
+//# sourceMappingURL=localOnly-Byi3AK7A.js.map

package/dist/esm/sdk/{localOnly-DnpSyDaF.js.map → localOnly-Byi3AK7A.js.map} RENAMED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"localOnly-~~DnpSyDaF~~.js","names":["TAG_LOADERS: Record<string, () => Promise<unknown>>","removeCancelListener: (() => void) \| undefined","err: unknown"],"sources":["../../../src/core/WebAuthnManager/LitComponents/ensure-defined.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/localOnly.ts"],"sourcesContent":["/*\n Small utility that guarantees a custom element definition exists in the\n * current runtime before creating/using it. If the tag is not yet defined,\n * it runs the provided dynamic import loader to execute the module that calls\n * customElements.define().\n /\nexport async function ensureDefined(tag: string, loader: () => Promise<unknown>): Promise<void> {\n try {\n if (!customElements.get(tag)) {\n await loader();\n }\n } catch {\n // Best-effort; downstream calls will still throw useful errors if missing\n }\n}\n\n// Consolidated loaders for known W3A custom elements that may be used across runtimes.\n// This allows dev tooling to auto-ensure definitions for common elements when possible.\nimport { W3A_EXPORT_VIEWER_IFRAME_ID, W3A_TX_BUTTON_ID, W3A_TX_BUTTON_HOST_ID } from './tags';\n\nexport const TAG_LOADERS: Record<string, () => Promise<unknown>> = {\n [W3A_EXPORT_VIEWER_IFRAME_ID]: () => import('./ExportPrivateKey/iframe-host'),\n [W3A_TX_BUTTON_ID]: () => import('./IframeButtonWithTooltipConfirmer/iframe-host'),\n [W3A_TX_BUTTON_HOST_ID]: () => import('./IframeButtonWithTooltipConfirmer/iframe-host'),\n};\n\n/* Attempt to ensure a known W3A element by tag; returns true if a loader ran. /\nexport async function ensureKnownW3aElement(tag: string): Promise<boolean> {\n try {\n const t = (tag \|\| '').toLowerCase();\n const loader = TAG_LOADERS[t];\n if (!loader) return false;\n await ensureDefined(t, loader);\n return true;\n } catch {\n return false;\n }\n}\n\n","import type { VrfWorkerManagerContext } from '../../';\nimport type { ConfirmationConfig } from '../../../../types/signer-worker';\nimport {\n SecureConfirmationType,\n TransactionSummary,\n LocalOnlySecureConfirmRequest,\n type ShowSecurePrivateKeyUiPayload,\n} from '../types';\nimport { VRFChallenge } from '../../../../types';\nimport { createRandomVRFChallenge } from '../../../../types/vrf-worker';\nimport { addLitCancelListener } from '../../../LitComponents/lit-events';\nimport { ensureDefined } from '../../../LitComponents/ensure-defined';\nimport { W3A_EXPORT_VIEWER_IFRAME_ID } from '../../../LitComponents/tags';\nimport type { ExportViewerIframeElement } from '../../../LitComponents/ExportPrivateKey/iframe-host';\nimport {\n getNearAccountId,\n getIntentDigest,\n isUserCancelledSecureConfirm,\n ERROR_MESSAGES,\n} from './index';\nimport { errorMessage } from '../../../../../utils/errors';\nimport { createConfirmSession } from '../adapters/session';\nimport { createConfirmTxFlowAdapters } from '../adapters/createAdapters';\n\nasync function mountExportViewer(\n payload: ShowSecurePrivateKeyUiPayload,\n confirmationConfig: ConfirmationConfig,\n): Promise<void> {\n await ensureDefined(W3A_EXPORT_VIEWER_IFRAME_ID, () => import('../../../LitComponents/ExportPrivateKey/iframe-host'));\n const host = document.createElement(W3A_EXPORT_VIEWER_IFRAME_ID) as ExportViewerIframeElement;\n host.theme = payload.theme \|\| confirmationConfig.theme \|\| 'dark';\n host.variant = payload.variant \|\| ((confirmationConfig.uiMode === 'drawer') ? 'drawer' : 'modal');\n host.accountId = payload.nearAccountId;\n host.publicKey = payload.publicKey;\n host.privateKey = payload.privateKey;\n host.loading = false;\n\n window.parent?.postMessage({ type: 'WALLET_UI_OPENED' }, '');\n document.body.appendChild(host);\n\n let removeCancelListener: (() => void) \| undefined;\n removeCancelListener = addLitCancelListener(host, () => {\n window.parent?.postMessage({ type: 'WALLET_UI_CLOSED' }, '');\n removeCancelListener?.();\n host.remove();\n }, { once: true });\n}\n\nexport async function handleLocalOnlyFlow(\n ctx: VrfWorkerManagerContext,\n request: LocalOnlySecureConfirmRequest,\n worker: Worker,\n opts: { confirmationConfig: ConfirmationConfig; transactionSummary: TransactionSummary },\n): Promise<void> {\n\n const { confirmationConfig, transactionSummary } = opts;\n const adapters = createConfirmTxFlowAdapters(ctx);\n const session = createConfirmSession({\n adapters,\n worker,\n request,\n confirmationConfig,\n transactionSummary,\n });\n const nearAccountId = getNearAccountId(request);\n\n // SHOW_SECURE_PRIVATE_KEY_UI: purely visual; keep UI open and return confirmed immediately\n if (request.type === SecureConfirmationType.SHOW_SECURE_PRIVATE_KEY_UI) {\n try {\n await mountExportViewer(request.payload as ShowSecurePrivateKeyUiPayload, confirmationConfig);\n // Keep viewer open; do not close here.\n session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: true,\n });\n return;\n } catch (err: unknown) {\n return session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: false,\n error: errorMessage(err) \|\| 'Failed to render export UI',\n });\n }\n }\n\n // DECRYPT_PRIVATE_KEY_WITH_PRF: collect an authentication credential (with PRF extension results)\n // and return it to the VRF worker; VRF worker extracts PRF outputs internally.\n if (request.type === SecureConfirmationType.DECRYPT_PRIVATE_KEY_WITH_PRF) {\n const vrfChallenge = createRandomVRFChallenge() as VRFChallenge;\n try {\n const credential = await adapters.webauthn.collectAuthenticationCredentialWithPRF({\n nearAccountId,\n vrfChallenge,\n // Offline export / local decrypt needs both PRF outputs so the VRF worker can\n // recover/derive key material without requiring a pre-existing VRF session.\n includeSecondPrfOutput: true,\n });\n // No modal to keep open; export viewer will be shown by a subsequent request.\n return session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: true,\n credential,\n });\n\n } catch (err: unknown) {\n const cancelled = isUserCancelledSecureConfirm(err);\n if (cancelled) {\n window.parent?.postMessage({ type: 'WALLET_UI_CLOSED' }, '');\n }\n return session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: false,\n error: cancelled ? ERROR_MESSAGES.cancelled : ERROR_MESSAGES.collectCredentialsFailed,\n });\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;AAMA,eAAsB,cAAc,KAAa,QAA+C;AAC9F,KAAI;AACF,MAAI,CAAC,eAAe,IAAI,KACtB,OAAM;SAEF;;AASV,MAAaA,cAAsD;EAChE,oCAAoC,OAAO;EAC3C,yBAAyB,OAAO;EAChC,8BAA8B,OAAO;;;;;ACCxC,eAAe,kBACb,SACA,oBACe;AACf,OAAM,cAAc,mCAAmC,OAAO;CAC9D,MAAM,OAAO,SAAS,cAAc;AACpC,MAAK,QAAQ,QAAQ,SAAS,mBAAmB,SAAS;AAC1D,MAAK,UAAU,QAAQ,YAAa,mBAAmB,WAAW,WAAY,WAAW;AACzF,MAAK,YAAY,QAAQ;AACzB,MAAK,YAAY,QAAQ;AACzB,MAAK,aAAa,QAAQ;AAC1B,MAAK,UAAU;AAEf,QAAO,QAAQ,YAAY,EAAE,MAAM,sBAAsB;AACzD,UAAS,KAAK,YAAY;CAE1B,IAAIC;AACJ,wBAAuB,qBAAqB,YAAY;AACtD,SAAO,QAAQ,YAAY,EAAE,MAAM,sBAAsB;AACzD;AACA,OAAK;IACJ,EAAE,MAAM;;AAGb,eAAsB,oBACpB,KACA,SACA,QACA,MACe;CAEf,MAAM,EAAE,oBAAoB,uBAAuB;CACnD,MAAM,WAAW,4BAA4B;CAC7C,MAAM,UAAU,qBAAqB;EACnC;EACA;EACA;EACA;EACA;;CAEF,MAAM,gBAAgB,iBAAiB;AAGvC,KAAI,QAAQ,SAAS,uBAAuB,2BAC1C,KAAI;AACF,QAAM,kBAAkB,QAAQ,SAA0C;AAE1E,UAAQ,qBAAqB;GAC3B,WAAW,QAAQ;GACnB,cAAc,gBAAgB;GAC9B,WAAW;;AAEb;UACOC,KAAc;AACrB,SAAO,QAAQ,qBAAqB;GAClC,WAAW,QAAQ;GACnB,cAAc,gBAAgB;GAC9B,WAAW;GACX,OAAO,aAAa,QAAQ;;;AAOlC,KAAI,QAAQ,SAAS,uBAAuB,8BAA8B;EACxE,MAAM,eAAe;AACrB,MAAI;GACF,MAAM,aAAa,MAAM,SAAS,SAAS,uCAAuC;IAChF;IACA;IAGA,wBAAwB;;AAG1B,UAAO,QAAQ,qBAAqB;IAClC,WAAW,QAAQ;IACnB,cAAc,gBAAgB;IAC9B,WAAW;IACX;;WAGKA,KAAc;GACrB,MAAM,YAAY,6BAA6B;AAC/C,OAAI,UACF,QAAO,QAAQ,YAAY,EAAE,MAAM,sBAAsB;AAE3D,UAAO,QAAQ,qBAAqB;IAClC,WAAW,QAAQ;IACnB,cAAc,gBAAgB;IAC9B,WAAW;IACX,OAAO,YAAY,eAAe,YAAY,eAAe"}
1	+ {"version":3,"file":"localOnly-Byi3AK7A.js","names":["TAG_LOADERS: Record<string, () => Promise<unknown>>","removeCancelListener: (() => void) \| undefined","err: unknown"],"sources":["../../../src/core/WebAuthnManager/LitComponents/ensure-defined.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/localOnly.ts"],"sourcesContent":["/*\n Small utility that guarantees a custom element definition exists in the\n * current runtime before creating/using it. If the tag is not yet defined,\n * it runs the provided dynamic import loader to execute the module that calls\n * customElements.define().\n /\nexport async function ensureDefined(tag: string, loader: () => Promise<unknown>): Promise<void> {\n try {\n if (!customElements.get(tag)) {\n await loader();\n }\n } catch {\n // Best-effort; downstream calls will still throw useful errors if missing\n }\n}\n\n// Consolidated loaders for known W3A custom elements that may be used across runtimes.\n// This allows dev tooling to auto-ensure definitions for common elements when possible.\nimport { W3A_EXPORT_VIEWER_IFRAME_ID, W3A_TX_BUTTON_ID, W3A_TX_BUTTON_HOST_ID } from './tags';\n\nexport const TAG_LOADERS: Record<string, () => Promise<unknown>> = {\n [W3A_EXPORT_VIEWER_IFRAME_ID]: () => import('./ExportPrivateKey/iframe-host'),\n [W3A_TX_BUTTON_ID]: () => import('./IframeButtonWithTooltipConfirmer/iframe-host'),\n [W3A_TX_BUTTON_HOST_ID]: () => import('./IframeButtonWithTooltipConfirmer/iframe-host'),\n};\n\n/* Attempt to ensure a known W3A element by tag; returns true if a loader ran. /\nexport async function ensureKnownW3aElement(tag: string): Promise<boolean> {\n try {\n const t = (tag \|\| '').toLowerCase();\n const loader = TAG_LOADERS[t];\n if (!loader) return false;\n await ensureDefined(t, loader);\n return true;\n } catch {\n return false;\n }\n}\n\n","import type { VrfWorkerManagerContext } from '../../';\nimport type { ConfirmationConfig } from '../../../../types/signer-worker';\nimport {\n SecureConfirmationType,\n TransactionSummary,\n LocalOnlySecureConfirmRequest,\n type ShowSecurePrivateKeyUiPayload,\n} from '../types';\nimport { VRFChallenge } from '../../../../types';\nimport { createRandomVRFChallenge } from '../../../../types/vrf-worker';\nimport { addLitCancelListener } from '../../../LitComponents/lit-events';\nimport { ensureDefined } from '../../../LitComponents/ensure-defined';\nimport { W3A_EXPORT_VIEWER_IFRAME_ID } from '../../../LitComponents/tags';\nimport type { ExportViewerIframeElement } from '../../../LitComponents/ExportPrivateKey/iframe-host';\nimport {\n getNearAccountId,\n getIntentDigest,\n isUserCancelledSecureConfirm,\n ERROR_MESSAGES,\n} from './index';\nimport { errorMessage } from '../../../../../utils/errors';\nimport { createConfirmSession } from '../adapters/session';\nimport { createConfirmTxFlowAdapters } from '../adapters/createAdapters';\n\nasync function mountExportViewer(\n payload: ShowSecurePrivateKeyUiPayload,\n confirmationConfig: ConfirmationConfig,\n): Promise<void> {\n await ensureDefined(W3A_EXPORT_VIEWER_IFRAME_ID, () => import('../../../LitComponents/ExportPrivateKey/iframe-host'));\n const host = document.createElement(W3A_EXPORT_VIEWER_IFRAME_ID) as ExportViewerIframeElement;\n host.theme = payload.theme \|\| confirmationConfig.theme \|\| 'dark';\n host.variant = payload.variant \|\| ((confirmationConfig.uiMode === 'drawer') ? 'drawer' : 'modal');\n host.accountId = payload.nearAccountId;\n host.publicKey = payload.publicKey;\n host.privateKey = payload.privateKey;\n host.loading = false;\n\n window.parent?.postMessage({ type: 'WALLET_UI_OPENED' }, '');\n document.body.appendChild(host);\n\n let removeCancelListener: (() => void) \| undefined;\n removeCancelListener = addLitCancelListener(host, () => {\n window.parent?.postMessage({ type: 'WALLET_UI_CLOSED' }, '');\n removeCancelListener?.();\n host.remove();\n }, { once: true });\n}\n\nexport async function handleLocalOnlyFlow(\n ctx: VrfWorkerManagerContext,\n request: LocalOnlySecureConfirmRequest,\n worker: Worker,\n opts: { confirmationConfig: ConfirmationConfig; transactionSummary: TransactionSummary },\n): Promise<void> {\n\n const { confirmationConfig, transactionSummary } = opts;\n const adapters = createConfirmTxFlowAdapters(ctx);\n const session = createConfirmSession({\n adapters,\n worker,\n request,\n confirmationConfig,\n transactionSummary,\n });\n const nearAccountId = getNearAccountId(request);\n\n // SHOW_SECURE_PRIVATE_KEY_UI: purely visual; keep UI open and return confirmed immediately\n if (request.type === SecureConfirmationType.SHOW_SECURE_PRIVATE_KEY_UI) {\n try {\n await mountExportViewer(request.payload as ShowSecurePrivateKeyUiPayload, confirmationConfig);\n // Keep viewer open; do not close here.\n session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: true,\n });\n return;\n } catch (err: unknown) {\n return session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: false,\n error: errorMessage(err) \|\| 'Failed to render export UI',\n });\n }\n }\n\n // DECRYPT_PRIVATE_KEY_WITH_PRF: collect an authentication credential (with PRF extension results)\n // and return it to the VRF worker; VRF worker extracts PRF outputs internally.\n if (request.type === SecureConfirmationType.DECRYPT_PRIVATE_KEY_WITH_PRF) {\n const vrfChallenge = createRandomVRFChallenge() as VRFChallenge;\n try {\n const credential = await adapters.webauthn.collectAuthenticationCredentialWithPRF({\n nearAccountId,\n vrfChallenge,\n // Offline export / local decrypt needs both PRF outputs so the VRF worker can\n // recover/derive key material without requiring a pre-existing VRF session.\n includeSecondPrfOutput: true,\n });\n // No modal to keep open; export viewer will be shown by a subsequent request.\n return session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: true,\n credential,\n });\n\n } catch (err: unknown) {\n const cancelled = isUserCancelledSecureConfirm(err);\n if (cancelled) {\n window.parent?.postMessage({ type: 'WALLET_UI_CLOSED' }, '');\n }\n return session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: false,\n error: cancelled ? ERROR_MESSAGES.cancelled : ERROR_MESSAGES.collectCredentialsFailed,\n });\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;AAMA,eAAsB,cAAc,KAAa,QAA+C;AAC9F,KAAI;AACF,MAAI,CAAC,eAAe,IAAI,KACtB,OAAM;SAEF;;AASV,MAAaA,cAAsD;EAChE,oCAAoC,OAAO;EAC3C,yBAAyB,OAAO;EAChC,8BAA8B,OAAO;;;;;ACCxC,eAAe,kBACb,SACA,oBACe;AACf,OAAM,cAAc,mCAAmC,OAAO;CAC9D,MAAM,OAAO,SAAS,cAAc;AACpC,MAAK,QAAQ,QAAQ,SAAS,mBAAmB,SAAS;AAC1D,MAAK,UAAU,QAAQ,YAAa,mBAAmB,WAAW,WAAY,WAAW;AACzF,MAAK,YAAY,QAAQ;AACzB,MAAK,YAAY,QAAQ;AACzB,MAAK,aAAa,QAAQ;AAC1B,MAAK,UAAU;AAEf,QAAO,QAAQ,YAAY,EAAE,MAAM,sBAAsB;AACzD,UAAS,KAAK,YAAY;CAE1B,IAAIC;AACJ,wBAAuB,qBAAqB,YAAY;AACtD,SAAO,QAAQ,YAAY,EAAE,MAAM,sBAAsB;AACzD;AACA,OAAK;IACJ,EAAE,MAAM;;AAGb,eAAsB,oBACpB,KACA,SACA,QACA,MACe;CAEf,MAAM,EAAE,oBAAoB,uBAAuB;CACnD,MAAM,WAAW,4BAA4B;CAC7C,MAAM,UAAU,qBAAqB;EACnC;EACA;EACA;EACA;EACA;;CAEF,MAAM,gBAAgB,iBAAiB;AAGvC,KAAI,QAAQ,SAAS,uBAAuB,2BAC1C,KAAI;AACF,QAAM,kBAAkB,QAAQ,SAA0C;AAE1E,UAAQ,qBAAqB;GAC3B,WAAW,QAAQ;GACnB,cAAc,gBAAgB;GAC9B,WAAW;;AAEb;UACOC,KAAc;AACrB,SAAO,QAAQ,qBAAqB;GAClC,WAAW,QAAQ;GACnB,cAAc,gBAAgB;GAC9B,WAAW;GACX,OAAO,aAAa,QAAQ;;;AAOlC,KAAI,QAAQ,SAAS,uBAAuB,8BAA8B;EACxE,MAAM,eAAe;AACrB,MAAI;GACF,MAAM,aAAa,MAAM,SAAS,SAAS,uCAAuC;IAChF;IACA;IAGA,wBAAwB;;AAG1B,UAAO,QAAQ,qBAAqB;IAClC,WAAW,QAAQ;IACnB,cAAc,gBAAgB;IAC9B,WAAW;IACX;;WAGKA,KAAc;GACrB,MAAM,YAAY,6BAA6B;AAC/C,OAAI,UACF,QAAO,QAAQ,YAAY,EAAE,MAAM,sBAAsB;AAE3D,UAAO,QAAQ,qBAAqB;IAClC,WAAW,QAAQ;IACnB,cAAc,gBAAgB;IAC9B,WAAW;IACX,OAAO,YAAY,eAAe,YAAY,eAAe"}

package/dist/esm/sdk/{localOnly-BdumO2st.js → localOnly-pXMTqh1m.js} RENAMED Viewed

@@ -7,14 +7,15 @@ import "./txDigest-CxjhSCgm.js";
 import "./base64-DBPGuXh4.js";
 import "./actions-O1FD5Bq8.js";
 import { addLitCancelListener } from "./lit-events-C-jpeT5r.js";
-import "./tx-confirmer-wrapper-CqfVBUaA.js";
+import "./tx-confirmer-wrapper-lHNgz9i4.js";
 import { ensureDefined } from "./ensure-defined-CHInSx7l.js";
 import { errorMessage, init_errors } from "./errors-D9ar28Dr.js";
-import "./safari-fallbacks-oQKu9xUs.js";
-import { ERROR_MESSAGES, SecureConfirmationType, createRandomVRFChallenge, getIntentDigest, getNearAccountId, isUserCancelledSecureConfirm } from "./requestHelpers-DLBGBHMw.js";
-import { createConfirmSession, createConfirmTxFlowAdapters } from "./createAdapters-BWLe9Ddo.js";
+import "./WebAuthnFallbacks-Bl4BTsNt.js";
+import { ERROR_MESSAGES, SecureConfirmationType, createRandomVRFChallenge, getIntentDigest, getNearAccountId, init_vrf_worker, isUserCancelledSecureConfirm } from "./requestHelpers-Dh1hEYL9.js";
+import { createConfirmSession, createConfirmTxFlowAdapters } from "./createAdapters-qVGD6i0g.js";
 //#region src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/localOnly.ts
+init_vrf_worker();
 init_errors();
 async function mountExportViewer(payload, confirmationConfig) {
 	await ensureDefined(W3A_EXPORT_VIEWER_IFRAME_ID, () => import("./iframe-host-DQCSzj7r.js"));

package/dist/esm/sdk/offline-export-app.js CHANGED Viewed

@@ -1,7 +1,7 @@
 import { ActionType, SecureConfirmMessageType, SecureConfirmationType, TouchIdPrompt, base64Decode, base64Encode, base64UrlDecode, computeUiIntentDigestFromTxs, createRandomVRFChallenge, errorMessage, getIntentDigest, normalizeRegistrationCredential, orderActionForDigest, parseTransactionSummary, removePrfOutputGuard, sanitizeForPostMessage, sendConfirmResponse, serializeRegistrationCredentialWithPRF, toAccountId, toActionArgsWasm, toError, validateActionArgsWasm, validateNearAccountId, validateVRFChallenge } from "./requestHelpers-aUKhXiEl.js";
 import { assertString, isFunction, isNumber, isObject, isString } from "./validation-DhPPUba7.js";
 import { onEmbeddedBaseChange } from "./base-Qt2P7SNn.js";
-import { PASSKEY_MANAGER_DEFAULT_CONFIGS, buildConfigsFromEnv, getLastLoggedInDeviceNumber } from "./getDeviceNumber-CkWRT17I.js";
+import { PASSKEY_MANAGER_DEFAULT_CONFIGS, buildConfigsFromEnv, getLastLoggedInDeviceNumber } from "./getDeviceNumber-fXizNGQl.js";
 //#region ../node_modules/.pnpm/idb@8.0.3/node_modules/idb/build/index.js
 const instanceOfAny = (object, constructors) => constructors.some((c) => object instanceof c);
@@ -845,22 +845,17 @@ var PasskeyClientDBManager = class {
 	* @returns filtered authenticators for allowCredentials, plus optional wrongPasskeyError
 	*/
 	async ensureCurrentPasskey(nearAccountId, authenticators, selectedCredentialRawId) {
-		let authenticatorsForPrompt = authenticators;
-		let wrongPasskeyError;
-		if (authenticators.length > 1) {
-			const accountIdNormalized = toAccountId(nearAccountId);
-			const lastUser = await this.getLastUser().catch(() => null);
-			const expectedAccountId = lastUser?.nearAccountId;
-			const expectedDeviceNumber = lastUser?.deviceNumber;
-			if (expectedAccountId && expectedDeviceNumber && expectedAccountId === accountIdNormalized) {
-				const filtered = authenticators.filter((a) => a.deviceNumber === expectedDeviceNumber);
-				if (filtered.length > 0) authenticatorsForPrompt = filtered;
-				if (selectedCredentialRawId) {
-					const matched = authenticators.find((a) => a.credentialId === selectedCredentialRawId);
-					if (matched && matched.deviceNumber !== expectedDeviceNumber) wrongPasskeyError = `You have multiple passkeys (deviceNumbers) for account ${accountIdNormalized}, but used a passkey from a different device. Please use the passkey for the most recently logged-in device.`;
-				}
-			}
-		}
+		if (authenticators.length <= 1) return { authenticatorsForPrompt: authenticators };
+		const accountIdNormalized = toAccountId(nearAccountId);
+		const lastUser = await this.getLastUser().catch(() => null);
+		if (!lastUser || lastUser.nearAccountId !== accountIdNormalized) return { authenticatorsForPrompt: authenticators };
+		const expectedDeviceNumber = lastUser.deviceNumber;
+		const byDeviceNumber = authenticators.filter((a) => a.deviceNumber === expectedDeviceNumber);
+		let expectedCredentialId = lastUser.passkeyCredential.rawId;
+		if (byDeviceNumber.length > 0 && !byDeviceNumber.some((a) => a.credentialId === expectedCredentialId)) expectedCredentialId = byDeviceNumber[0].credentialId;
+		const byCredentialId = authenticators.filter((a) => a.credentialId === expectedCredentialId);
+		const authenticatorsForPrompt = byCredentialId.length > 0 ? byCredentialId : byDeviceNumber.length > 0 ? byDeviceNumber : authenticators;
+		const wrongPasskeyError = selectedCredentialRawId && selectedCredentialRawId !== expectedCredentialId ? `You have multiple passkeys (deviceNumbers) for account ${accountIdNormalized}, but used a different passkey than the most recently logged-in one. Please use the passkey for the most recently logged-in device.` : void 0;
 		return {
 			authenticatorsForPrompt,
 			wrongPasskeyError
@@ -971,30 +966,34 @@ var PasskeyClientDBManager = class {
 	* @param userData - User data with nearAccountId as primary identifier
 	*/
 	async storeWebAuthnUserData(userData) {
-		if (userData.deviceNumber === void 0) console.warn("WARNING: deviceNumber is undefined in storeWebAuthnUserData, will default to 1");
 		const validation = this.validateNearAccountId(userData.nearAccountId);
 		if (!validation.valid) throw new Error(`Cannot store WebAuthn data for invalid account ID: ${validation.error}`);
-		let existingUser = await this.getUser(userData.nearAccountId);
-		if (!existingUser) {
-			const deviceNumberToUse = userData.deviceNumber || 1;
-			existingUser = await this.registerUser({
-				nearAccountId: userData.nearAccountId,
-				deviceNumber: deviceNumberToUse,
-				clientNearPublicKey: userData.clientNearPublicKey,
-				passkeyCredential: userData.passkeyCredential,
-				encryptedVrfKeypair: userData.encryptedVrfKeypair,
-				version: userData.version || 2,
-				serverEncryptedVrfKeypair: userData.serverEncryptedVrfKeypair
-			});
-		}
-		const finalDeviceNumber = userData.deviceNumber || existingUser.deviceNumber;
-		await this.updateUser(userData.nearAccountId, {
+		const accountId = toAccountId(userData.nearAccountId);
+		const deviceNumber = userData.deviceNumber;
+		let user = await this.getUser(accountId, deviceNumber);
+		if (!user) user = await this.registerUser({
+			nearAccountId: accountId,
+			deviceNumber,
 			clientNearPublicKey: userData.clientNearPublicKey,
+			passkeyCredential: userData.passkeyCredential,
 			encryptedVrfKeypair: userData.encryptedVrfKeypair,
-			serverEncryptedVrfKeypair: userData.serverEncryptedVrfKeypair,
-			version: userData.version || existingUser.version,
-			deviceNumber: finalDeviceNumber,
-			lastUpdated: userData.lastUpdated || Date.now()
+			version: userData.version || 2,
+			serverEncryptedVrfKeypair: userData.serverEncryptedVrfKeypair
+		});
+		const updatedUser = {
+			...user,
+			clientNearPublicKey: userData.clientNearPublicKey,
+			passkeyCredential: userData.passkeyCredential,
+			encryptedVrfKeypair: userData.encryptedVrfKeypair,
+			serverEncryptedVrfKeypair: userData.serverEncryptedVrfKeypair ?? user.serverEncryptedVrfKeypair,
+			version: userData.version ?? user.version,
+			lastUpdated: userData.lastUpdated ?? Date.now()
+		};
+		await this.storeUser(updatedUser);
+		this.emitEvent({
+			type: "user-updated",
+			accountId,
+			data: { updatedUser }
 		});
 	}
 	async getAllUsers() {
@@ -3259,42 +3258,42 @@ async function importFlow(label, loader) {
 }
 const HANDLERS = {
 	[SecureConfirmationType.DECRYPT_PRIVATE_KEY_WITH_PRF]: async ({ ctx, request, worker, confirmationConfig, transactionSummary }) => {
-		const { handleLocalOnlyFlow } = await importFlow("localOnly", () => import("./localOnly-DnpSyDaF.js"));
+		const { handleLocalOnlyFlow } = await importFlow("localOnly", () => import("./localOnly-Byi3AK7A.js"));
 		await handleLocalOnlyFlow(ctx, request, worker, {
 			confirmationConfig,
 			transactionSummary
 		});
 	},
 	[SecureConfirmationType.SHOW_SECURE_PRIVATE_KEY_UI]: async ({ ctx, request, worker, confirmationConfig, transactionSummary }) => {
-		const { handleLocalOnlyFlow } = await importFlow("localOnly", () => import("./localOnly-DnpSyDaF.js"));
+		const { handleLocalOnlyFlow } = await importFlow("localOnly", () => import("./localOnly-Byi3AK7A.js"));
 		await handleLocalOnlyFlow(ctx, request, worker, {
 			confirmationConfig,
 			transactionSummary
 		});
 	},
 	[SecureConfirmationType.REGISTER_ACCOUNT]: async ({ ctx, request, worker, confirmationConfig, transactionSummary }) => {
-		const { handleRegistrationFlow } = await importFlow("registration", () => import("./registration-C633u6x8.js"));
+		const { handleRegistrationFlow } = await importFlow("registration", () => import("./registration-CBiS4Ua_.js"));
 		await handleRegistrationFlow(ctx, request, worker, {
 			confirmationConfig,
 			transactionSummary
 		});
 	},
 	[SecureConfirmationType.LINK_DEVICE]: async ({ ctx, request, worker, confirmationConfig, transactionSummary }) => {
-		const { handleRegistrationFlow } = await importFlow("registration", () => import("./registration-C633u6x8.js"));
+		const { handleRegistrationFlow } = await importFlow("registration", () => import("./registration-CBiS4Ua_.js"));
 		await handleRegistrationFlow(ctx, request, worker, {
 			confirmationConfig,
 			transactionSummary
 		});
 	},
 	[SecureConfirmationType.SIGN_TRANSACTION]: async ({ ctx, request, worker, confirmationConfig, transactionSummary }) => {
-		const { handleTransactionSigningFlow } = await importFlow("transactions", () => import("./transactions-jH38BZ-Q.js"));
+		const { handleTransactionSigningFlow } = await importFlow("transactions", () => import("./transactions-BIqKZeR0.js"));
 		await handleTransactionSigningFlow(ctx, request, worker, {
 			confirmationConfig,
 			transactionSummary
 		});
 	},
 	[SecureConfirmationType.SIGN_NEP413_MESSAGE]: async ({ ctx, request, worker, confirmationConfig, transactionSummary }) => {
-		const { handleTransactionSigningFlow } = await importFlow("transactions", () => import("./transactions-jH38BZ-Q.js"));
+		const { handleTransactionSigningFlow } = await importFlow("transactions", () => import("./transactions-BIqKZeR0.js"));
 		await handleTransactionSigningFlow(ctx, request, worker, {
 			confirmationConfig,
 			transactionSummary
@@ -6134,6 +6133,7 @@ var WebAuthnManager = class {
 	async storeUserData(userData) {
 		await IndexedDBManager.clientDB.storeWebAuthnUserData({
 			...userData,
+			deviceNumber: userData.deviceNumber ?? 1,
 			version: userData.version || 2
 		});
 	}
@@ -6189,10 +6189,12 @@ var WebAuthnManager = class {
 		return await IndexedDBManager.clientDB.registerUser(storeUserData);
 	}
 	async storeAuthenticator(authenticatorData) {
+		const deviceNumber = Number(authenticatorData.deviceNumber);
+		const normalizedDeviceNumber = Number.isSafeInteger(deviceNumber) && deviceNumber >= 1 ? deviceNumber : 1;
 		const authData = {
 			...authenticatorData,
 			nearAccountId: toAccountId(authenticatorData.nearAccountId),
-			deviceNumber: authenticatorData.deviceNumber || 1
+			deviceNumber: normalizedDeviceNumber
 		};
 		return await IndexedDBManager.clientDB.storeAuthenticator(authData);
 	}