npm - @tatchi-xyz/sdk - Versions diffs - 0.16.0 → 0.18.0 - Mend

@tatchi-xyz/sdk 0.16.0 → 0.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (501) hide show

package/dist/cjs/core/WebAuthnManager/LitComponents/IframeTxConfirmer/viewer-modal.js CHANGED Viewed

@@ -154,68 +154,68 @@ var ModalTxConfirmElement = class extends require_LitElementWithProps.LitElement
         <div class="modal-container-root">
           <div class="responsive-card">
-              <div class="hero">
-                <w3a-passkey-halo-loading
-                  .theme=${this.theme}
-                  .animated=${!this.errorMessage ? true : false}
-                  .ringGap=${4}
-                  .ringWidth=${4}
-                  .ringBorderRadius=${"1.125rem"}
-                  .ringBackground=${"var(--w3a-modal__passkey-halo-loading__ring-background)"}
-                  .innerPadding=${"0px"}
-                  .innerBackground=${"var(--w3a-modal__passkey-halo-loading__inner-background)"}
-                  .height=${36}
-                  .width=${36}
-                ></w3a-passkey-halo-loading>
-                <div class="hero-container">
-                  <!-- Hero heading -->
-                  ${(() => {
+            <div class="hero">
+              <w3a-passkey-halo-loading
+                .theme=${this.theme}
+                .animated=${!this.errorMessage ? true : false}
+                .ringGap=${4}
+                .ringWidth=${4}
+                .ringBorderRadius=${"1.125rem"}
+                .ringBackground=${"var(--w3a-modal__passkey-halo-loading__ring-background)"}
+                .innerPadding=${"0px"}
+                .innerBackground=${"var(--w3a-modal__passkey-halo-loading__inner-background)"}
+                .height=${36}
+                .width=${36}
+              ></w3a-passkey-halo-loading>
+              <div class="hero-container">
+                <!-- Hero heading -->
+                ${(() => {
 			const isRegistration = (this.txSigningRequests?.length || 0) === 0;
 			const fallback = isRegistration ? "Register with Passkey" : "Confirm with Passkey";
 			const titleText = (this.title || "").trim();
 			const heading = titleText || fallback;
 			return lit.html`<h2 class="hero-heading">${heading}</h2>`;
 		})()}
-                  ${this.errorMessage ? lit.html`<div class="error-banner">${this.errorMessage}</div>` : ""}
-                  <!-- RpID Section -->
-                  <div class="rpid-wrapper">
-                    <div class="rpid">
-                      <div class="secure-indicator">
-                        <svg xmlns="http://www.w3.org/2000/svg"
-                          class="padlock-icon"
-                          viewBox="0 0 24 24"
-                          fill="none"
-                          stroke="currentColor"
-                          stroke-width="2"
-                          stroke-linecap="round"
-                          stroke-linejoin="round"
-                        >
-                          <rect width="18" height="11" x="3" y="11" rx="2" ry="2"/>
-                          <path d="M7 11V7a5 5 0 0 1 10 0v4"/>
-                        </svg>
-                        ${this.vrfChallenge?.rpId ? lit.html`<span class="domain-text">${this.vrfChallenge.rpId}</span>` : ""}
-                      </div>
-                      <span class="security-details">
-                        <svg xmlns="http://www.w3.org/2000/svg"
-                          class="block-height-icon"
-                          viewBox="0 0 24 24"
-                          fill="none"
-                          stroke="currentColor"
-                          stroke-width="2"
-                          stroke-linecap="round"
-                          stroke-linejoin="round"
-                        >
-                          <path d="M21 8a2 2 0 0 0-1-1.73l-7-4a2 2 0 0 0-2 0l-7 4A 2 2 0 0 0 3 8v8a2 2 0 0 0 1 1.73l7 4a2 2 0 0 0 2 0l7-4A2 2 0 0 0 21 16Z"/>
-                          <path d="m3.3 7 8.7 5 8.7-5"/>
-                          <path d="M12 22V12"/>
-                        </svg>
-                        ${this.vrfChallenge?.blockHeight ? lit.html`block ${this.vrfChallenge.blockHeight}` : ""}
-                      </span>
+                ${this.errorMessage ? lit.html`<div class="error-banner">${this.errorMessage}</div>` : ""}
+                <!-- RpID Section -->
+                <div class="rpid-wrapper">
+                  <div class="rpid">
+                    <div class="secure-indicator">
+                      <svg xmlns="http://www.w3.org/2000/svg"
+                        class="padlock-icon"
+                        viewBox="0 0 24 24"
+                        fill="none"
+                        stroke="currentColor"
+                        stroke-width="2"
+                        stroke-linecap="round"
+                        stroke-linejoin="round"
+                      >
+                        <rect width="18" height="11" x="3" y="11" rx="2" ry="2"/>
+                        <path d="M7 11V7a5 5 0 0 1 10 0v4"/>
+                      </svg>
+                      ${this.vrfChallenge?.rpId ? lit.html`<span class="domain-text">${this.vrfChallenge.rpId}</span>` : ""}
                     </div>
-                    ${this.body && this.body.trim() ? lit.html`<div class="rpid-body">${this.body}</div>` : ""}
+                    <span class="security-details">
+                      <svg xmlns="http://www.w3.org/2000/svg"
+                        class="block-height-icon"
+                        viewBox="0 0 24 24"
+                        fill="none"
+                        stroke="currentColor"
+                        stroke-width="2"
+                        stroke-linecap="round"
+                        stroke-linejoin="round"
+                      >
+                        <path d="M21 8a2 2 0 0 0-1-1.73l-7-4a2 2 0 0 0-2 0l-7 4A 2 2 0 0 0 3 8v8a2 2 0 0 0 1 1.73l7 4a2 2 0 0 0 2 0l7-4A2 2 0 0 0 21 16Z"/>
+                        <path d="m3.3 7 8.7 5 8.7-5"/>
+                        <path d="M12 22V12"/>
+                      </svg>
+                      ${this.vrfChallenge?.blockHeight ? lit.html`block ${this.vrfChallenge.blockHeight}` : ""}
+                    </span>
                   </div>
                 </div>
               </div>
+            </div>
+            ${this.body && this.body.trim() ? lit.html`<div class="confirmation-body">${this.body}</div>` : ""}
           </div>
           <div class="responsive-card">

package/dist/cjs/core/WebAuthnManager/LitComponents/IframeTxConfirmer/viewer-modal.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"viewer-modal.js","names":["LitElementWithProps","TxConfirmContentElement","TxTree","HaloBorderElement","PasskeyHaloLoadingElement","ensureExternalStyles","WalletIframeDomEvents","W3A_MODAL_TX_CONFIRMER_ID"],"sources":["../../../../../../src/core/WebAuthnManager/LitComponents/IframeTxConfirmer/viewer-modal.ts"],"sourcesContent":["import { html, type PropertyValues } from 'lit';\nimport { LitElementWithProps } from '../LitElementWithProps';\n\nimport { TransactionInputWasm } from '../../../types';\nimport type { VRFChallenge } from '../../../types/vrf-worker';\n\nimport TxTree from '../TxTree';\nimport { ensureExternalStyles } from '../css/css-loader';\nimport TxConfirmContentElement from './tx-confirm-content';\nimport type { ThemeName } from '../confirm-ui-types';\n// Ensure required custom elements are defined in this bundle (avoid tree-shake drops)\nimport HaloBorderElement from '../HaloBorder';\nimport PasskeyHaloLoadingElement from '../PasskeyHaloLoading';\nimport type { ConfirmUIElement } from '../confirm-ui-types';\nimport { WalletIframeDomEvents } from '../../../WalletIframe/events';\n\nexport interface SecureTxSummary {\n to?: string;\n totalAmount?: string;\n method?: string;\n fingerprint?: string; // short digest for display\n}\n\n// TxAction from wasm-worker\nexport interface TxAction {\n action_type: string;\n method_name?: string;\n args?: string;\n gas?: string;\n deposit?: string;\n [key: string]: string \| number \| boolean \| null \| undefined \| object;\n}\n\n/*\n Modal transaction confirmation component with multiple display variants.\n * Built with Lit with strict CSP for XSS protection and reactive updates.\n */\nexport class ModalTxConfirmElement extends LitElementWithProps implements ConfirmUIElement {\n static requiredChildTags = ['w3a-tx-confirm-content'];\n static strictChildDefinitions = true;\n // Prevent bundlers from dropping nested custom element definitions used via templates\n static keepDefinitions = [TxConfirmContentElement];\n // Component properties (automatically reactive)\n static properties = {\n nearAccountId: { type: String, attribute: 'near-account-id' },\n to: { type: String },\n totalAmount: { type: String },\n method: { type: String },\n fingerprint: { type: String },\n body: { type: String },\n title: { type: String },\n cancelText: { type: String },\n confirmText: { type: String },\n txSigningRequests: { type: Array },\n vrfChallenge: { type: Object },\n loading: { type: Boolean },\n errorMessage: { type: String },\n theme: { type: String, attribute: 'theme', reflect: true },\n nearExplorerUrl: { type: String, attribute: 'near-explorer-url' },\n };\n\n totalAmount = '';\n method = '';\n fingerprint = '';\n body = '';\n title = '';\n cancelText = 'Cancel';\n confirmText = 'Next';\n txSigningRequests: TransactionInputWasm[] = [];\n vrfChallenge?: Partial<VRFChallenge>;\n loading = false;\n errorMessage: string \| undefined = undefined;\n // Theme tokens now come from external CSS (tx-confirmer.css)\n // style injection has been removed to satisfy strict CSP.\n theme: ThemeName = 'dark';\n nearExplorerUrl?: string;\n intentDigest?: string;\n declare nearAccountId: string;\n // When true, this element will NOT remove itself on confirm/cancel.\n // The host is responsible for sending a CLOSE_MODAL instruction.\n deferClose = false;\n // Styles gating to avoid first-paint FOUC\n private _stylesReady = false;\n private _stylePromises: Promise<void>[] = [];\n private _stylesAwaiting: Promise<void> \| null = null;\n\n // Keep essential custom elements from being tree-shaken\n private _ensureTreeDefinition = TxTree;\n private _ensureHaloElements = [HaloBorderElement, PasskeyHaloLoadingElement];\n\n // Removed fixed JS breakpoints; rely on CSS/container sizing for zoom resilience\n private _onKeyDown = (e: KeyboardEvent) => {\n if (e.key === 'Escape' \|\| e.key === 'Esc') {\n // Only close for modal-style render modes\n e.preventDefault();\n this._handleCancel();\n }\n };\n private _onWindowMessage = (ev: MessageEvent) => {\n const data = (ev && ev.data) \|\| {};\n if (!data \|\| typeof (data as any).type !== 'string') return;\n if ((data as any).type === 'MODAL_TIMEOUT') {\n const msg = typeof (data as any).payload === 'string' && (data as any).payload\n ? (data as any).payload\n : 'Operation timed out';\n this.loading = false;\n this.errorMessage = msg;\n // Emit cancel so the host resolves and removes this element via two‑phase close\n this._handleCancel();\n }\n };\n // Guard to prevent immediate backdrop-cancel due to the click that mounted the modal\n private _backdropArmed = false;\n\n // Render in light DOM to simplify CSS variable flow across nested components\n // (Shadow DOM disabled by returning the host element as the render root)\n\n // No inline static styles; see tx-confirmer.css\n constructor() {\n super();\n // Pre-ensure document-level styles so link loads can complete before first render\n const root = (document?.documentElement \|\| null) as unknown as HTMLElement \| null;\n if (root) {\n this._stylePromises.push(\n ensureExternalStyles(root, 'w3a-components.css', 'data-w3a-components-css'),\n ensureExternalStyles(root, 'tx-tree.css', 'data-w3a-tx-tree-css'),\n ensureExternalStyles(root, 'tx-confirmer.css', 'data-w3a-tx-confirmer-css'),\n // Preload nested visuals to avoid first-paint jank when halo/loader mount\n ensureExternalStyles(root, 'halo-border.css', 'data-w3a-halo-border-css'),\n ensureExternalStyles(root, 'passkey-halo-loading.css', 'data-w3a-passkey-halo-loading-css'),\n );\n }\n }\n\n private _ownsThemeAttr = false;\n\n updated(changedProperties: PropertyValues) {\n super.updated(changedProperties);\n // Keep the iframe/root document's theme in sync so :root[data-w3a-theme] tokens apply\n if (changedProperties.has('theme')) {\n try {\n const docEl = this.ownerDocument?.documentElement as HTMLElement \| undefined;\n if (docEl && this.theme && this._ownsThemeAttr) {\n docEl.setAttribute('data-w3a-theme', this.theme);\n }\n } catch {}\n }\n }\n\n protected getComponentPrefix(): string {\n return 'modal';\n }\n\n protected createRenderRoot(): HTMLElement \| DocumentFragment {\n const root = (this as unknown) as HTMLElement;\n // tx-tree.css for nested TxTree visuals inside the modal\n this._stylePromises.push(ensureExternalStyles(root, 'tx-tree.css', 'data-w3a-tx-tree-css'));\n // tx-confirmer.css for modal layout + tokens\n this._stylePromises.push(ensureExternalStyles(root, 'tx-confirmer.css', 'data-w3a-tx-confirmer-css'));\n // Ensure nested loader/halo styles are present before first paint to avoid FOUC\n this._stylePromises.push(ensureExternalStyles(root, 'halo-border.css', 'data-w3a-halo-border-css'));\n this._stylePromises.push(ensureExternalStyles(root, 'passkey-halo-loading.css', 'data-w3a-passkey-halo-loading-css'));\n return root;\n }\n\n // Dynamic style application removed; CSS variables come from tx-confirmer.css\n\n disconnectedCallback() {\n window.removeEventListener('keydown', this._onKeyDown);\n window.removeEventListener('message', this._onWindowMessage as EventListener);\n super.disconnectedCallback();\n }\n\n connectedCallback(): void {\n super.connectedCallback();\n // Ensure root token theme is applied immediately on mount\n try {\n const docEl = this.ownerDocument?.documentElement as HTMLElement \| undefined;\n if (docEl && this.theme) {\n const current = docEl.getAttribute('data-w3a-theme');\n // If missing or already using built-in values, take ownership and set\n if (!current \|\| current === 'dark' \|\| current === 'light') {\n docEl.setAttribute('data-w3a-theme', this.theme);\n this._ownsThemeAttr = true;\n }\n }\n } catch {}\n // Arm backdrop after the current event loop to avoid capturing the mounting click\n setTimeout(() => { this._backdropArmed = true; }, 0);\n // Listen globally so Escape works regardless of focus target\n window.addEventListener('keydown', this._onKeyDown);\n // Listen for global timeout notification (posted by SignerWorkerManager on operation timeout)\n window.addEventListener('message', this._onWindowMessage as EventListener);\n // Ensure this iframe/host receives keyboard focus so ESC works immediately\n // Make host focusable and focus it without scrolling\n const hostEl = this as unknown as HTMLElement;\n hostEl.tabIndex = hostEl.tabIndex ?? -1;\n hostEl.focus({ preventScroll: true } as FocusOptions);\n // Also attempt to focus the frame window in case we're inside an iframe\n if (typeof window.focus === 'function') {\n window.focus();\n }\n }\n\n protected shouldUpdate(_changed: PropertyValues): boolean {\n if (this._stylesReady) return true;\n if (!this._stylesAwaiting) {\n const p = Promise.all(this._stylePromises).then(\n () => new Promise<void>((r) => requestAnimationFrame(() => requestAnimationFrame(() => r())))\n );\n this._stylesAwaiting = p.then(() => { this._stylesReady = true; this.requestUpdate(); });\n }\n return false;\n }\n\n render() {\n return html`\n <!-- Separate backdrop layer for independent animation -->\n <div class=\"modal-backdrop-blur\" @click=${this._handleBackdropClick}></div>\n <!-- Modal content layer -->\n <div class=\"modal-backdrop\" @click=${this._handleContentClick}>\n <div class=\"modal-container-root\">\n\n <div class=\"responsive-card\">\n <div class=\"hero\">\n <w3a-passkey-halo-loading\n .theme=${this.theme}\n .animated=${!this.errorMessage ? true : false}\n .ringGap=${4}\n .ringWidth=${4}\n .ringBorderRadius=${'1.125rem'}\n .ringBackground=${'var(--w3a-modal__passkey-halo-loading__ring-background)'}\n .innerPadding=${'0px'}\n .innerBackground=${'var(--w3a-modal__passkey-halo-loading__inner-background)'}\n .height=${36}\n .width=${36}\n ></w3a-passkey-halo-loading>\n <div class=\"hero-container\">\n <!-- Hero heading -->\n ${(() => {\n const isRegistration = (this.txSigningRequests?.length \|\| 0) === 0;\n const fallback = isRegistration ? 'Register with Passkey' : 'Confirm with Passkey';\n const titleText = (this.title \|\| '').trim();\n const heading = titleText \|\| fallback;\n return html`<h2 class=\"hero-heading\">${heading}</h2>`;\n })()}\n ${this.errorMessage\n ? html`<div class=\"error-banner\">${this.errorMessage}</div>`\n : ''}\n <!-- RpID Section -->\n <div class=\"rpid-wrapper\">\n <div class=\"rpid\">\n <div class=\"secure-indicator\">\n <svg xmlns=\"http://www.w3.org/2000/svg\"\n class=\"padlock-icon\"\n viewBox=\"0 0 24 24\"\n fill=\"none\"\n stroke=\"currentColor\"\n stroke-width=\"2\"\n stroke-linecap=\"round\"\n stroke-linejoin=\"round\"\n >\n <rect width=\"18\" height=\"11\" x=\"3\" y=\"11\" rx=\"2\" ry=\"2\"/>\n <path d=\"M7 11V7a5 5 0 0 1 10 0v4\"/>\n </svg>\n ${this.vrfChallenge?.rpId\n ? html`<span class=\"domain-text\">${this.vrfChallenge.rpId}</span>`\n : ''}\n </div>\n <span class=\"security-details\">\n <svg xmlns=\"http://www.w3.org/2000/svg\"\n class=\"block-height-icon\"\n viewBox=\"0 0 24 24\"\n fill=\"none\"\n stroke=\"currentColor\"\n stroke-width=\"2\"\n stroke-linecap=\"round\"\n stroke-linejoin=\"round\"\n >\n <path d=\"M21 8a2 2 0 0 0-1-1.73l-7-4a2 2 0 0 0-2 0l-7 4A 2 2 0 0 0 3 8v8a2 2 0 0 0 1 1.73l7 4a2 2 0 0 0 2 0l7-4A2 2 0 0 0 21 16Z\"/>\n <path d=\"m3.3 7 8.7 5 8.7-5\"/>\n <path d=\"M12 22V12\"/>\n </svg>\n ${this.vrfChallenge?.blockHeight\n ? html`block ${this.vrfChallenge.blockHeight}`\n : ''}\n </span>\n </div>\n ${this.body && this.body.trim()\n ? html`<div class=\"rpid-body\">${this.body}</div>`\n : ''}\n </div>\n </div>\n </div>\n </div>\n\n <div class=\"responsive-card\">\n <w3a-tx-confirm-content\n .nearAccountId=${this['nearAccountId'] \|\| ''}\n .txSigningRequests=${this.txSigningRequests \|\| []}\n .intentDigest=${this.intentDigest}\n .vrfChallenge=${this.vrfChallenge}\n .theme=${this.theme}\n .nearExplorerUrl=${this.nearExplorerUrl}\n .showShadow=${false}\n .loading=${this.loading}\n .errorMessage=${this.errorMessage \|\| ''}\n .title=${this.title}\n .confirmText=${this.confirmText}\n .cancelText=${this.cancelText}\n @lit-confirm=${this._handleConfirm}\n @lit-cancel=${this._handleCancel}\n ></w3a-tx-confirm-content>\n </div>\n </div>\n </div>\n `;\n }\n\n private _handleCancel() {\n if (this.loading) return;\n // Canonical event (include a consistent detail payload)\n this.dispatchEvent(new CustomEvent(WalletIframeDomEvents.TX_CONFIRMER_CANCEL, {\n bubbles: true,\n composed: true,\n detail: { confirmed: false }\n }));\n if (!this.deferClose) {\n this._resolveAndCleanup(false);\n }\n }\n\n private _handleConfirm() {\n if (this.loading) return;\n this.loading = true;\n this.requestUpdate();\n // Canonical event (include a consistent detail payload)\n this.dispatchEvent(new CustomEvent(WalletIframeDomEvents.TX_CONFIRMER_CONFIRM, {\n bubbles: true,\n composed: true,\n detail: { confirmed: true }\n }));\n if (!this.deferClose) {\n this._resolveAndCleanup(true);\n }\n }\n\n private _handleBackdropClick() {\n // Ignore the first click that may have triggered mounting the modal\n if (!this._backdropArmed) return;\n this._handleCancel();\n }\n\n private _handleContentClick(e: Event) {\n e.stopPropagation();\n }\n\n private _resolveAndCleanup(confirmed: boolean) {\n this.remove();\n }\n\n // Public method for two-phase close from host/bootstrap\n close(confirmed: boolean) {\n this._resolveAndCleanup(confirmed);\n }\n\n}\n\n// Register the custom element\nimport { W3A_MODAL_TX_CONFIRMER_ID } from '../tags';\n\n// Define canonical tag\nif (!customElements.get(W3A_MODAL_TX_CONFIRMER_ID)) {\n customElements.define(W3A_MODAL_TX_CONFIRMER_ID, ModalTxConfirmElement);\n}\n"],"mappings":";;;;;;;;;;;;;;;;;AAqCA,IAAa,wBAAb,cAA2CA,gDAAgD;CACzF,OAAO,oBAAoB,CAAC;CAC5B,OAAO,yBAAyB;CAEhC,OAAO,kBAAkB,CAACC;CAE1B,OAAO,aAAa;EAClB,eAAe;GAAE,MAAM;GAAQ,WAAW;;EAC1C,IAAI,EAAE,MAAM;EACZ,aAAa,EAAE,MAAM;EACrB,QAAQ,EAAE,MAAM;EAChB,aAAa,EAAE,MAAM;EACrB,MAAM,EAAE,MAAM;EACd,OAAO,EAAE,MAAM;EACf,YAAY,EAAE,MAAM;EACpB,aAAa,EAAE,MAAM;EACrB,mBAAmB,EAAE,MAAM;EAC3B,cAAc,EAAE,MAAM;EACtB,SAAS,EAAE,MAAM;EACjB,cAAc,EAAE,MAAM;EACtB,OAAO;GAAE,MAAM;GAAQ,WAAW;GAAS,SAAS;;EACpD,iBAAiB;GAAE,MAAM;GAAQ,WAAW;;;CAG9C,cAAc;CACd,SAAS;CACT,cAAc;CACd,OAAO;CACP,QAAQ;CACR,aAAa;CACb,cAAc;CACd,oBAA4C;CAC5C;CACA,UAAU;CACV,eAAmC;CAGnC,QAAmB;CACnB;CACA;CAIA,aAAa;CAEb,AAAQ,eAAe;CACvB,AAAQ,iBAAkC;CAC1C,AAAQ,kBAAwC;CAGhD,AAAQ,wBAAwBC;CAChC,AAAQ,sBAAsB,CAACC,yBAAmBC;CAGlD,AAAQ,cAAc,MAAqB;AACzC,MAAI,EAAE,QAAQ,YAAY,EAAE,QAAQ,OAAO;AAEzC,KAAE;AACF,QAAK;;;CAGT,AAAQ,oBAAoB,OAAqB;EAC/C,MAAM,OAAQ,MAAM,GAAG,QAAS;AAChC,MAAI,CAAC,QAAQ,OAAQ,KAAa,SAAS,SAAU;AACrD,MAAK,KAAa,SAAS,iBAAiB;GAC1C,MAAM,MAAM,OAAQ,KAAa,YAAY,YAAa,KAAa,UAClE,KAAa,UACd;AACJ,QAAK,UAAU;AACf,QAAK,eAAe;AAEpB,QAAK;;;CAIT,AAAQ,iBAAiB;CAMzB,cAAc;AACZ;EAEA,MAAM,OAAQ,UAAU,mBAAmB;AAC3C,MAAI,KACF,MAAK,eAAe,KAClBC,wCAAqB,MAAM,sBAAsB,4BACjDA,wCAAqB,MAAM,eAAe,yBAC1CA,wCAAqB,MAAM,oBAAoB,8BAE/CA,wCAAqB,MAAM,mBAAmB,6BAC9CA,wCAAqB,MAAM,4BAA4B;;CAK7D,AAAQ,iBAAiB;CAEzB,QAAQ,mBAAmC;AACzC,QAAM,QAAQ;AAEd,MAAI,kBAAkB,IAAI,SACxB,KAAI;GACF,MAAM,QAAQ,KAAK,eAAe;AAClC,OAAI,SAAS,KAAK,SAAS,KAAK,eAC9B,OAAM,aAAa,kBAAkB,KAAK;UAEtC;;CAIZ,AAAU,qBAA6B;AACrC,SAAO;;CAGT,AAAU,mBAAmD;EAC3D,MAAM,OAAQ;AAEd,OAAK,eAAe,KAAKA,wCAAqB,MAAM,eAAe;AAEnE,OAAK,eAAe,KAAKA,wCAAqB,MAAM,oBAAoB;AAExE,OAAK,eAAe,KAAKA,wCAAqB,MAAM,mBAAmB;AACvE,OAAK,eAAe,KAAKA,wCAAqB,MAAM,4BAA4B;AAChF,SAAO;;CAKT,uBAAuB;AACrB,SAAO,oBAAoB,WAAW,KAAK;AAC3C,SAAO,oBAAoB,WAAW,KAAK;AAC3C,QAAM;;CAGR,oBAA0B;AACxB,QAAM;AAEN,MAAI;GACF,MAAM,QAAQ,KAAK,eAAe;AAClC,OAAI,SAAS,KAAK,OAAO;IACvB,MAAM,UAAU,MAAM,aAAa;AAEnC,QAAI,CAAC,WAAW,YAAY,UAAU,YAAY,SAAS;AACzD,WAAM,aAAa,kBAAkB,KAAK;AAC1C,UAAK,iBAAiB;;;UAGpB;AAER,mBAAiB;AAAE,QAAK,iBAAiB;KAAS;AAElD,SAAO,iBAAiB,WAAW,KAAK;AAExC,SAAO,iBAAiB,WAAW,KAAK;EAGxC,MAAM,SAAS;AACf,SAAO,WAAW,OAAO,YAAY;AACrC,SAAO,MAAM,EAAE,eAAe;AAE9B,MAAI,OAAO,OAAO,UAAU,WAC1B,QAAO;;CAIX,AAAU,aAAa,UAAmC;AACxD,MAAI,KAAK,aAAc,QAAO;AAC9B,MAAI,CAAC,KAAK,iBAAiB;GACzB,MAAM,IAAI,QAAQ,IAAI,KAAK,gBAAgB,WACnC,IAAI,SAAe,MAAM,4BAA4B,4BAA4B;AAEzF,QAAK,kBAAkB,EAAE,WAAW;AAAE,SAAK,eAAe;AAAM,SAAK;;;AAEvE,SAAO;;CAGT,SAAS;AACP,SAAO,QAAI;;gDAEiC,KAAK,qBAAqB;;2CAE/B,KAAK,oBAAoB;;;;;;2BAMzC,KAAK,MAAM;8BACR,CAAC,KAAK,eAAe,OAAO,MAAM;6BACnC,EAAE;+BACA,EAAE;sCACK,WAAW;oCACb,0DAA0D;kCAC5D,MAAM;qCACH,2DAA2D;4BACpE,GAAG;2BACJ,GAAG;;;;2BAIH;GACP,MAAM,kBAAkB,KAAK,mBAAmB,UAAU,OAAO;GACjE,MAAM,WAAW,iBAAiB,0BAA0B;GAC5D,MAAM,aAAa,KAAK,SAAS,IAAI;GACrC,MAAM,UAAU,aAAa;AAC7B,UAAO,QAAI,4BAA4B,QAAQ;OAC5C;oBACH,KAAK,eACH,QAAI,6BAA6B,KAAK,aAAa,UACnD,GAAG;;;;;;;;;;;;;;;;;0BAiBC,KAAK,cAAc,OACjB,QAAI,6BAA6B,KAAK,aAAa,KAAK,WACxD,GAAG;;;;;;;;;;;;;;;;0BAgBL,KAAK,cAAc,cACjB,QAAI,SAAS,KAAK,aAAa,gBAC/B,GAAG;;;sBAGT,KAAK,QAAQ,KAAK,KAAK,SACrB,QAAI,0BAA0B,KAAK,KAAK,UACxC,GAAG;;;;;;;;+BAQI,KAAK,oBAAoB,GAAG;mCACxB,KAAK,qBAAqB,GAAG;8BAClC,KAAK,aAAa;8BAClB,KAAK,aAAa;uBACzB,KAAK,MAAM;iCACD,KAAK,gBAAgB;4BAC1B,MAAM;yBACT,KAAK,QAAQ;8BACR,KAAK,gBAAgB,GAAG;uBAC/B,KAAK,MAAM;6BACL,KAAK,YAAY;4BAClB,KAAK,WAAW;6BACf,KAAK,eAAe;4BACrB,KAAK,cAAc;;;;;;;CAQ7C,AAAQ,gBAAgB;AACtB,MAAI,KAAK,QAAS;AAElB,OAAK,cAAc,IAAI,YAAYC,qCAAsB,qBAAqB;GAC5E,SAAS;GACT,UAAU;GACV,QAAQ,EAAE,WAAW;;AAEvB,MAAI,CAAC,KAAK,WACR,MAAK,mBAAmB;;CAI5B,AAAQ,iBAAiB;AACvB,MAAI,KAAK,QAAS;AAClB,OAAK,UAAU;AACf,OAAK;AAEL,OAAK,cAAc,IAAI,YAAYA,qCAAsB,sBAAsB;GAC7E,SAAS;GACT,UAAU;GACV,QAAQ,EAAE,WAAW;;AAEvB,MAAI,CAAC,KAAK,WACR,MAAK,mBAAmB;;CAI5B,AAAQ,uBAAuB;AAE7B,MAAI,CAAC,KAAK,eAAgB;AAC1B,OAAK;;CAGP,AAAQ,oBAAoB,GAAU;AACpC,IAAE;;CAGJ,AAAQ,mBAAmB,WAAoB;AAC7C,OAAK;;CAIP,MAAM,WAAoB;AACxB,OAAK,mBAAmB;;;AAS5B,IAAI,CAAC,eAAe,IAAIC,wCACtB,gBAAe,OAAOA,wCAA2B"}
1	+ {"version":3,"file":"viewer-modal.js","names":["LitElementWithProps","TxConfirmContentElement","TxTree","HaloBorderElement","PasskeyHaloLoadingElement","ensureExternalStyles","WalletIframeDomEvents","W3A_MODAL_TX_CONFIRMER_ID"],"sources":["../../../../../../src/core/WebAuthnManager/LitComponents/IframeTxConfirmer/viewer-modal.ts"],"sourcesContent":["import { html, type PropertyValues } from 'lit';\nimport { LitElementWithProps } from '../LitElementWithProps';\n\nimport { TransactionInputWasm } from '../../../types';\nimport type { VRFChallenge } from '../../../types/vrf-worker';\n\nimport TxTree from '../TxTree';\nimport { ensureExternalStyles } from '../css/css-loader';\nimport TxConfirmContentElement from './tx-confirm-content';\nimport type { ThemeName } from '../confirm-ui-types';\n// Ensure required custom elements are defined in this bundle (avoid tree-shake drops)\nimport HaloBorderElement from '../HaloBorder';\nimport PasskeyHaloLoadingElement from '../PasskeyHaloLoading';\nimport type { ConfirmUIElement } from '../confirm-ui-types';\nimport { WalletIframeDomEvents } from '../../../WalletIframe/events';\n\nexport interface SecureTxSummary {\n to?: string;\n totalAmount?: string;\n method?: string;\n fingerprint?: string; // short digest for display\n}\n\n// TxAction from wasm-worker\nexport interface TxAction {\n action_type: string;\n method_name?: string;\n args?: string;\n gas?: string;\n deposit?: string;\n [key: string]: string \| number \| boolean \| null \| undefined \| object;\n}\n\n/*\n Modal transaction confirmation component with multiple display variants.\n * Built with Lit with strict CSP for XSS protection and reactive updates.\n */\nexport class ModalTxConfirmElement extends LitElementWithProps implements ConfirmUIElement {\n static requiredChildTags = ['w3a-tx-confirm-content'];\n static strictChildDefinitions = true;\n // Prevent bundlers from dropping nested custom element definitions used via templates\n static keepDefinitions = [TxConfirmContentElement];\n // Component properties (automatically reactive)\n static properties = {\n nearAccountId: { type: String, attribute: 'near-account-id' },\n to: { type: String },\n totalAmount: { type: String },\n method: { type: String },\n fingerprint: { type: String },\n body: { type: String },\n title: { type: String },\n cancelText: { type: String },\n confirmText: { type: String },\n txSigningRequests: { type: Array },\n vrfChallenge: { type: Object },\n loading: { type: Boolean },\n errorMessage: { type: String },\n theme: { type: String, attribute: 'theme', reflect: true },\n nearExplorerUrl: { type: String, attribute: 'near-explorer-url' },\n };\n\n totalAmount = '';\n method = '';\n fingerprint = '';\n body = '';\n title = '';\n cancelText = 'Cancel';\n confirmText = 'Next';\n txSigningRequests: TransactionInputWasm[] = [];\n vrfChallenge?: Partial<VRFChallenge>;\n loading = false;\n errorMessage: string \| undefined = undefined;\n // Theme tokens now come from external CSS (tx-confirmer.css)\n // style injection has been removed to satisfy strict CSP.\n theme: ThemeName = 'dark';\n nearExplorerUrl?: string;\n intentDigest?: string;\n declare nearAccountId: string;\n // When true, this element will NOT remove itself on confirm/cancel.\n // The host is responsible for sending a CLOSE_MODAL instruction.\n deferClose = false;\n // Styles gating to avoid first-paint FOUC\n private _stylesReady = false;\n private _stylePromises: Promise<void>[] = [];\n private _stylesAwaiting: Promise<void> \| null = null;\n\n // Keep essential custom elements from being tree-shaken\n private _ensureTreeDefinition = TxTree;\n private _ensureHaloElements = [HaloBorderElement, PasskeyHaloLoadingElement];\n\n // Removed fixed JS breakpoints; rely on CSS/container sizing for zoom resilience\n private _onKeyDown = (e: KeyboardEvent) => {\n if (e.key === 'Escape' \|\| e.key === 'Esc') {\n // Only close for modal-style render modes\n e.preventDefault();\n this._handleCancel();\n }\n };\n private _onWindowMessage = (ev: MessageEvent) => {\n const data = (ev && ev.data) \|\| {};\n if (!data \|\| typeof (data as any).type !== 'string') return;\n if ((data as any).type === 'MODAL_TIMEOUT') {\n const msg = typeof (data as any).payload === 'string' && (data as any).payload\n ? (data as any).payload\n : 'Operation timed out';\n this.loading = false;\n this.errorMessage = msg;\n // Emit cancel so the host resolves and removes this element via two‑phase close\n this._handleCancel();\n }\n };\n // Guard to prevent immediate backdrop-cancel due to the click that mounted the modal\n private _backdropArmed = false;\n\n // Render in light DOM to simplify CSS variable flow across nested components\n // (Shadow DOM disabled by returning the host element as the render root)\n\n // No inline static styles; see tx-confirmer.css\n constructor() {\n super();\n // Pre-ensure document-level styles so link loads can complete before first render\n const root = (document?.documentElement \|\| null) as unknown as HTMLElement \| null;\n if (root) {\n this._stylePromises.push(\n ensureExternalStyles(root, 'w3a-components.css', 'data-w3a-components-css'),\n ensureExternalStyles(root, 'tx-tree.css', 'data-w3a-tx-tree-css'),\n ensureExternalStyles(root, 'tx-confirmer.css', 'data-w3a-tx-confirmer-css'),\n // Preload nested visuals to avoid first-paint jank when halo/loader mount\n ensureExternalStyles(root, 'halo-border.css', 'data-w3a-halo-border-css'),\n ensureExternalStyles(root, 'passkey-halo-loading.css', 'data-w3a-passkey-halo-loading-css'),\n );\n }\n }\n\n private _ownsThemeAttr = false;\n\n updated(changedProperties: PropertyValues) {\n super.updated(changedProperties);\n // Keep the iframe/root document's theme in sync so :root[data-w3a-theme] tokens apply\n if (changedProperties.has('theme')) {\n try {\n const docEl = this.ownerDocument?.documentElement as HTMLElement \| undefined;\n if (docEl && this.theme && this._ownsThemeAttr) {\n docEl.setAttribute('data-w3a-theme', this.theme);\n }\n } catch {}\n }\n }\n\n protected getComponentPrefix(): string {\n return 'modal';\n }\n\n protected createRenderRoot(): HTMLElement \| DocumentFragment {\n const root = (this as unknown) as HTMLElement;\n // tx-tree.css for nested TxTree visuals inside the modal\n this._stylePromises.push(ensureExternalStyles(root, 'tx-tree.css', 'data-w3a-tx-tree-css'));\n // tx-confirmer.css for modal layout + tokens\n this._stylePromises.push(ensureExternalStyles(root, 'tx-confirmer.css', 'data-w3a-tx-confirmer-css'));\n // Ensure nested loader/halo styles are present before first paint to avoid FOUC\n this._stylePromises.push(ensureExternalStyles(root, 'halo-border.css', 'data-w3a-halo-border-css'));\n this._stylePromises.push(ensureExternalStyles(root, 'passkey-halo-loading.css', 'data-w3a-passkey-halo-loading-css'));\n return root;\n }\n\n // Dynamic style application removed; CSS variables come from tx-confirmer.css\n\n disconnectedCallback() {\n window.removeEventListener('keydown', this._onKeyDown);\n window.removeEventListener('message', this._onWindowMessage as EventListener);\n super.disconnectedCallback();\n }\n\n connectedCallback(): void {\n super.connectedCallback();\n // Ensure root token theme is applied immediately on mount\n try {\n const docEl = this.ownerDocument?.documentElement as HTMLElement \| undefined;\n if (docEl && this.theme) {\n const current = docEl.getAttribute('data-w3a-theme');\n // If missing or already using built-in values, take ownership and set\n if (!current \|\| current === 'dark' \|\| current === 'light') {\n docEl.setAttribute('data-w3a-theme', this.theme);\n this._ownsThemeAttr = true;\n }\n }\n } catch {}\n // Arm backdrop after the current event loop to avoid capturing the mounting click\n setTimeout(() => { this._backdropArmed = true; }, 0);\n // Listen globally so Escape works regardless of focus target\n window.addEventListener('keydown', this._onKeyDown);\n // Listen for global timeout notification (posted by SignerWorkerManager on operation timeout)\n window.addEventListener('message', this._onWindowMessage as EventListener);\n // Ensure this iframe/host receives keyboard focus so ESC works immediately\n // Make host focusable and focus it without scrolling\n const hostEl = this as unknown as HTMLElement;\n hostEl.tabIndex = hostEl.tabIndex ?? -1;\n hostEl.focus({ preventScroll: true } as FocusOptions);\n // Also attempt to focus the frame window in case we're inside an iframe\n if (typeof window.focus === 'function') {\n window.focus();\n }\n }\n\n protected shouldUpdate(_changed: PropertyValues): boolean {\n if (this._stylesReady) return true;\n if (!this._stylesAwaiting) {\n const p = Promise.all(this._stylePromises).then(\n () => new Promise<void>((r) => requestAnimationFrame(() => requestAnimationFrame(() => r())))\n );\n this._stylesAwaiting = p.then(() => { this._stylesReady = true; this.requestUpdate(); });\n }\n return false;\n }\n\n render() {\n return html`\n <!-- Separate backdrop layer for independent animation -->\n <div class=\"modal-backdrop-blur\" @click=${this._handleBackdropClick}></div>\n <!-- Modal content layer -->\n <div class=\"modal-backdrop\" @click=${this._handleContentClick}>\n <div class=\"modal-container-root\">\n\n <div class=\"responsive-card\">\n <div class=\"hero\">\n <w3a-passkey-halo-loading\n .theme=${this.theme}\n .animated=${!this.errorMessage ? true : false}\n .ringGap=${4}\n .ringWidth=${4}\n .ringBorderRadius=${'1.125rem'}\n .ringBackground=${'var(--w3a-modal__passkey-halo-loading__ring-background)'}\n .innerPadding=${'0px'}\n .innerBackground=${'var(--w3a-modal__passkey-halo-loading__inner-background)'}\n .height=${36}\n .width=${36}\n ></w3a-passkey-halo-loading>\n <div class=\"hero-container\">\n <!-- Hero heading -->\n ${(() => {\n const isRegistration = (this.txSigningRequests?.length \|\| 0) === 0;\n const fallback = isRegistration ? 'Register with Passkey' : 'Confirm with Passkey';\n const titleText = (this.title \|\| '').trim();\n const heading = titleText \|\| fallback;\n return html`<h2 class=\"hero-heading\">${heading}</h2>`;\n })()}\n ${this.errorMessage\n ? html`<div class=\"error-banner\">${this.errorMessage}</div>`\n : ''}\n <!-- RpID Section -->\n <div class=\"rpid-wrapper\">\n <div class=\"rpid\">\n <div class=\"secure-indicator\">\n <svg xmlns=\"http://www.w3.org/2000/svg\"\n class=\"padlock-icon\"\n viewBox=\"0 0 24 24\"\n fill=\"none\"\n stroke=\"currentColor\"\n stroke-width=\"2\"\n stroke-linecap=\"round\"\n stroke-linejoin=\"round\"\n >\n <rect width=\"18\" height=\"11\" x=\"3\" y=\"11\" rx=\"2\" ry=\"2\"/>\n <path d=\"M7 11V7a5 5 0 0 1 10 0v4\"/>\n </svg>\n ${this.vrfChallenge?.rpId\n ? html`<span class=\"domain-text\">${this.vrfChallenge.rpId}</span>`\n : ''}\n </div>\n <span class=\"security-details\">\n <svg xmlns=\"http://www.w3.org/2000/svg\"\n class=\"block-height-icon\"\n viewBox=\"0 0 24 24\"\n fill=\"none\"\n stroke=\"currentColor\"\n stroke-width=\"2\"\n stroke-linecap=\"round\"\n stroke-linejoin=\"round\"\n >\n <path d=\"M21 8a2 2 0 0 0-1-1.73l-7-4a2 2 0 0 0-2 0l-7 4A 2 2 0 0 0 3 8v8a2 2 0 0 0 1 1.73l7 4a2 2 0 0 0 2 0l7-4A2 2 0 0 0 21 16Z\"/>\n <path d=\"m3.3 7 8.7 5 8.7-5\"/>\n <path d=\"M12 22V12\"/>\n </svg>\n ${this.vrfChallenge?.blockHeight\n ? html`block ${this.vrfChallenge.blockHeight}`\n : ''}\n </span>\n </div>\n </div>\n </div>\n </div>\n ${\n this.body && this.body.trim()\n ? html`<div class=\"confirmation-body\">${this.body}</div>`\n : ''\n }\n </div>\n\n <div class=\"responsive-card\">\n <w3a-tx-confirm-content\n .nearAccountId=${this['nearAccountId'] \|\| ''}\n .txSigningRequests=${this.txSigningRequests \|\| []}\n .intentDigest=${this.intentDigest}\n .vrfChallenge=${this.vrfChallenge}\n .theme=${this.theme}\n .nearExplorerUrl=${this.nearExplorerUrl}\n .showShadow=${false}\n .loading=${this.loading}\n .errorMessage=${this.errorMessage \|\| ''}\n .title=${this.title}\n .confirmText=${this.confirmText}\n .cancelText=${this.cancelText}\n @lit-confirm=${this._handleConfirm}\n @lit-cancel=${this._handleCancel}\n ></w3a-tx-confirm-content>\n </div>\n </div>\n </div>\n `;\n }\n\n private _handleCancel() {\n if (this.loading) return;\n // Canonical event (include a consistent detail payload)\n this.dispatchEvent(new CustomEvent(WalletIframeDomEvents.TX_CONFIRMER_CANCEL, {\n bubbles: true,\n composed: true,\n detail: { confirmed: false }\n }));\n if (!this.deferClose) {\n this._resolveAndCleanup(false);\n }\n }\n\n private _handleConfirm() {\n if (this.loading) return;\n this.loading = true;\n this.requestUpdate();\n // Canonical event (include a consistent detail payload)\n this.dispatchEvent(new CustomEvent(WalletIframeDomEvents.TX_CONFIRMER_CONFIRM, {\n bubbles: true,\n composed: true,\n detail: { confirmed: true }\n }));\n if (!this.deferClose) {\n this._resolveAndCleanup(true);\n }\n }\n\n private _handleBackdropClick() {\n // Ignore the first click that may have triggered mounting the modal\n if (!this._backdropArmed) return;\n this._handleCancel();\n }\n\n private _handleContentClick(e: Event) {\n e.stopPropagation();\n }\n\n private _resolveAndCleanup(confirmed: boolean) {\n this.remove();\n }\n\n // Public method for two-phase close from host/bootstrap\n close(confirmed: boolean) {\n this._resolveAndCleanup(confirmed);\n }\n\n}\n\n// Register the custom element\nimport { W3A_MODAL_TX_CONFIRMER_ID } from '../tags';\n\n// Define canonical tag\nif (!customElements.get(W3A_MODAL_TX_CONFIRMER_ID)) {\n customElements.define(W3A_MODAL_TX_CONFIRMER_ID, ModalTxConfirmElement);\n}\n"],"mappings":";;;;;;;;;;;;;;;;;AAqCA,IAAa,wBAAb,cAA2CA,gDAAgD;CACzF,OAAO,oBAAoB,CAAC;CAC5B,OAAO,yBAAyB;CAEhC,OAAO,kBAAkB,CAACC;CAE1B,OAAO,aAAa;EAClB,eAAe;GAAE,MAAM;GAAQ,WAAW;;EAC1C,IAAI,EAAE,MAAM;EACZ,aAAa,EAAE,MAAM;EACrB,QAAQ,EAAE,MAAM;EAChB,aAAa,EAAE,MAAM;EACrB,MAAM,EAAE,MAAM;EACd,OAAO,EAAE,MAAM;EACf,YAAY,EAAE,MAAM;EACpB,aAAa,EAAE,MAAM;EACrB,mBAAmB,EAAE,MAAM;EAC3B,cAAc,EAAE,MAAM;EACtB,SAAS,EAAE,MAAM;EACjB,cAAc,EAAE,MAAM;EACtB,OAAO;GAAE,MAAM;GAAQ,WAAW;GAAS,SAAS;;EACpD,iBAAiB;GAAE,MAAM;GAAQ,WAAW;;;CAG9C,cAAc;CACd,SAAS;CACT,cAAc;CACd,OAAO;CACP,QAAQ;CACR,aAAa;CACb,cAAc;CACd,oBAA4C;CAC5C;CACA,UAAU;CACV,eAAmC;CAGnC,QAAmB;CACnB;CACA;CAIA,aAAa;CAEb,AAAQ,eAAe;CACvB,AAAQ,iBAAkC;CAC1C,AAAQ,kBAAwC;CAGhD,AAAQ,wBAAwBC;CAChC,AAAQ,sBAAsB,CAACC,yBAAmBC;CAGlD,AAAQ,cAAc,MAAqB;AACzC,MAAI,EAAE,QAAQ,YAAY,EAAE,QAAQ,OAAO;AAEzC,KAAE;AACF,QAAK;;;CAGT,AAAQ,oBAAoB,OAAqB;EAC/C,MAAM,OAAQ,MAAM,GAAG,QAAS;AAChC,MAAI,CAAC,QAAQ,OAAQ,KAAa,SAAS,SAAU;AACrD,MAAK,KAAa,SAAS,iBAAiB;GAC1C,MAAM,MAAM,OAAQ,KAAa,YAAY,YAAa,KAAa,UAClE,KAAa,UACd;AACJ,QAAK,UAAU;AACf,QAAK,eAAe;AAEpB,QAAK;;;CAIT,AAAQ,iBAAiB;CAMzB,cAAc;AACZ;EAEA,MAAM,OAAQ,UAAU,mBAAmB;AAC3C,MAAI,KACF,MAAK,eAAe,KAClBC,wCAAqB,MAAM,sBAAsB,4BACjDA,wCAAqB,MAAM,eAAe,yBAC1CA,wCAAqB,MAAM,oBAAoB,8BAE/CA,wCAAqB,MAAM,mBAAmB,6BAC9CA,wCAAqB,MAAM,4BAA4B;;CAK7D,AAAQ,iBAAiB;CAEzB,QAAQ,mBAAmC;AACzC,QAAM,QAAQ;AAEd,MAAI,kBAAkB,IAAI,SACxB,KAAI;GACF,MAAM,QAAQ,KAAK,eAAe;AAClC,OAAI,SAAS,KAAK,SAAS,KAAK,eAC9B,OAAM,aAAa,kBAAkB,KAAK;UAEtC;;CAIZ,AAAU,qBAA6B;AACrC,SAAO;;CAGT,AAAU,mBAAmD;EAC3D,MAAM,OAAQ;AAEd,OAAK,eAAe,KAAKA,wCAAqB,MAAM,eAAe;AAEnE,OAAK,eAAe,KAAKA,wCAAqB,MAAM,oBAAoB;AAExE,OAAK,eAAe,KAAKA,wCAAqB,MAAM,mBAAmB;AACvE,OAAK,eAAe,KAAKA,wCAAqB,MAAM,4BAA4B;AAChF,SAAO;;CAKT,uBAAuB;AACrB,SAAO,oBAAoB,WAAW,KAAK;AAC3C,SAAO,oBAAoB,WAAW,KAAK;AAC3C,QAAM;;CAGR,oBAA0B;AACxB,QAAM;AAEN,MAAI;GACF,MAAM,QAAQ,KAAK,eAAe;AAClC,OAAI,SAAS,KAAK,OAAO;IACvB,MAAM,UAAU,MAAM,aAAa;AAEnC,QAAI,CAAC,WAAW,YAAY,UAAU,YAAY,SAAS;AACzD,WAAM,aAAa,kBAAkB,KAAK;AAC1C,UAAK,iBAAiB;;;UAGpB;AAER,mBAAiB;AAAE,QAAK,iBAAiB;KAAS;AAElD,SAAO,iBAAiB,WAAW,KAAK;AAExC,SAAO,iBAAiB,WAAW,KAAK;EAGxC,MAAM,SAAS;AACf,SAAO,WAAW,OAAO,YAAY;AACrC,SAAO,MAAM,EAAE,eAAe;AAE9B,MAAI,OAAO,OAAO,UAAU,WAC1B,QAAO;;CAIX,AAAU,aAAa,UAAmC;AACxD,MAAI,KAAK,aAAc,QAAO;AAC9B,MAAI,CAAC,KAAK,iBAAiB;GACzB,MAAM,IAAI,QAAQ,IAAI,KAAK,gBAAgB,WACnC,IAAI,SAAe,MAAM,4BAA4B,4BAA4B;AAEzF,QAAK,kBAAkB,EAAE,WAAW;AAAE,SAAK,eAAe;AAAM,SAAK;;;AAEvE,SAAO;;CAGT,SAAS;AACP,SAAO,QAAI;;gDAEiC,KAAK,qBAAqB;;2CAE/B,KAAK,oBAAoB;;;;;;yBAM3C,KAAK,MAAM;4BACR,CAAC,KAAK,eAAe,OAAO,MAAM;2BACnC,EAAE;6BACA,EAAE;oCACK,WAAW;kCACb,0DAA0D;gCAC5D,MAAM;mCACH,2DAA2D;0BACpE,GAAG;yBACJ,GAAG;;;;yBAIH;GACP,MAAM,kBAAkB,KAAK,mBAAmB,UAAU,OAAO;GACjE,MAAM,WAAW,iBAAiB,0BAA0B;GAC5D,MAAM,aAAa,KAAK,SAAS,IAAI;GACrC,MAAM,UAAU,aAAa;AAC7B,UAAO,QAAI,4BAA4B,QAAQ;OAC5C;kBACH,KAAK,eACH,QAAI,6BAA6B,KAAK,aAAa,UACnD,GAAG;;;;;;;;;;;;;;;;;wBAiBC,KAAK,cAAc,OACjB,QAAI,6BAA6B,KAAK,aAAa,KAAK,WACxD,GAAG;;;;;;;;;;;;;;;;wBAgBL,KAAK,cAAc,cACjB,QAAI,SAAS,KAAK,aAAa,gBAC/B,GAAG;;;;;;cAOf,KAAK,QAAQ,KAAK,KAAK,SACrB,QAAI,kCAAkC,KAAK,KAAK,UAChD,GACH;;;;;+BAKkB,KAAK,oBAAoB,GAAG;mCACxB,KAAK,qBAAqB,GAAG;8BAClC,KAAK,aAAa;8BAClB,KAAK,aAAa;uBACzB,KAAK,MAAM;iCACD,KAAK,gBAAgB;4BAC1B,MAAM;yBACT,KAAK,QAAQ;8BACR,KAAK,gBAAgB,GAAG;uBAC/B,KAAK,MAAM;6BACL,KAAK,YAAY;4BAClB,KAAK,WAAW;6BACf,KAAK,eAAe;4BACrB,KAAK,cAAc;;;;;;;CAQ7C,AAAQ,gBAAgB;AACtB,MAAI,KAAK,QAAS;AAElB,OAAK,cAAc,IAAI,YAAYC,qCAAsB,qBAAqB;GAC5E,SAAS;GACT,UAAU;GACV,QAAQ,EAAE,WAAW;;AAEvB,MAAI,CAAC,KAAK,WACR,MAAK,mBAAmB;;CAI5B,AAAQ,iBAAiB;AACvB,MAAI,KAAK,QAAS;AAClB,OAAK,UAAU;AACf,OAAK;AAEL,OAAK,cAAc,IAAI,YAAYA,qCAAsB,sBAAsB;GAC7E,SAAS;GACT,UAAU;GACV,QAAQ,EAAE,WAAW;;AAEvB,MAAI,CAAC,KAAK,WACR,MAAK,mBAAmB;;CAI5B,AAAQ,uBAAuB;AAE7B,MAAI,CAAC,KAAK,eAAgB;AAC1B,OAAK;;CAGP,AAAQ,oBAAoB,GAAU;AACpC,IAAE;;CAGJ,AAAQ,mBAAmB,WAAoB;AAC7C,OAAK;;CAIP,MAAM,WAAoB;AACxB,OAAK,mBAAmB;;;AAS5B,IAAI,CAAC,eAAe,IAAIC,wCACtB,gBAAe,OAAOA,wCAA2B"}

package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/getDeviceNumber.js CHANGED Viewed

@@ -2,7 +2,6 @@ const require_rolldown_runtime = require('../../../_virtual/rolldown_runtime.js'
 const require_accountIds = require('../../types/accountIds.js');
 //#region src/core/WebAuthnManager/SignerWorkerManager/getDeviceNumber.ts
-require_accountIds.init_accountIds();
 function parseDeviceNumber(value, options = {}) {
 	const deviceNumber = Number(value);
 	const min = options.min ?? 1;
@@ -23,8 +22,18 @@ async function getLastLoggedInDeviceNumber(nearAccountId, clientDB) {
 	}
 	throw new Error(`No last user session for account ${accountId}`);
 }
+var init_getDeviceNumber = require_rolldown_runtime.__esm({ "src/core/WebAuthnManager/SignerWorkerManager/getDeviceNumber.ts": (() => {
+	require_accountIds.init_accountIds();
+}) });
 //#endregion
+init_getDeviceNumber();
 exports.getLastLoggedInDeviceNumber = getLastLoggedInDeviceNumber;
+Object.defineProperty(exports, 'init_getDeviceNumber', {
+  enumerable: true,
+  get: function () {
+    return init_getDeviceNumber;
+  }
+});
 exports.parseDeviceNumber = parseDeviceNumber;
 //# sourceMappingURL=getDeviceNumber.js.map

package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/getDeviceNumber.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"getDeviceNumber.js","names":["toAccountId"],"sources":["../../../../../src/core/WebAuthnManager/SignerWorkerManager/getDeviceNumber.ts"],"sourcesContent":["import type { PasskeyClientDBManager } from '@/core/IndexedDBManager';\nimport { toAccountId, type AccountId } from '../../types/accountIds';\n\nexport function parseDeviceNumber(\n value: unknown,\n options: { min?: number } = {}\n): number \| null {\n const deviceNumber = Number(value);\n const min = options.min ?? 1;\n if (!Number.isSafeInteger(deviceNumber) \|\| deviceNumber < min) {\n return null;\n }\n return deviceNumber;\n}\n\n/*\n Return the deviceNumber for the last logged-in user for the given account.\n * This uses the app-state \"last user\" pointer only; if it does not match the\n * requested account, an error is thrown instead of silently falling back.\n */\nexport async function getLastLoggedInDeviceNumber(\n nearAccountId: AccountId \| string,\n clientDB: PasskeyClientDBManager\n): Promise<number> {\n const accountId = toAccountId(nearAccountId);\n const last = await clientDB.getLastUser();\n if (last && last.nearAccountId === accountId) {\n const deviceNumber = parseDeviceNumber((last as any).deviceNumber, { min: 1 });\n if (deviceNumber !== null) {\n return deviceNumber;\n }\n }\n throw new Error(`No last user session for account ${accountId}`);\n}\n"],"mappings":"~~;;;;;~~AAGA,SAAgB,kBACd,OACA,UAA4B,IACb;CACf,MAAM,eAAe,OAAO;CAC5B,MAAM,MAAM,QAAQ,OAAO;AAC3B,KAAI,CAAC,OAAO,cAAc,iBAAiB,eAAe,IACxD,QAAO;AAET,QAAO;;;;;;;AAQT,eAAsB,4BACpB,eACA,UACiB;CACjB,MAAM,YAAYA,+BAAY;CAC9B,MAAM,OAAO,MAAM,SAAS;AAC5B,KAAI,QAAQ,KAAK,kBAAkB,WAAW;EAC5C,MAAM,eAAe,kBAAmB,KAAa,cAAc,EAAE,KAAK;AAC1E,MAAI,iBAAiB,KACnB,QAAO;;AAGX,OAAM,IAAI,MAAM,oCAAoC"}
1	+ {"version":3,"file":"getDeviceNumber.js","names":["toAccountId"],"sources":["../../../../../src/core/WebAuthnManager/SignerWorkerManager/getDeviceNumber.ts"],"sourcesContent":["import type { PasskeyClientDBManager } from '@/core/IndexedDBManager';\nimport { toAccountId, type AccountId } from '../../types/accountIds';\n\nexport function parseDeviceNumber(\n value: unknown,\n options: { min?: number } = {}\n): number \| null {\n const deviceNumber = Number(value);\n const min = options.min ?? 1;\n if (!Number.isSafeInteger(deviceNumber) \|\| deviceNumber < min) {\n return null;\n }\n return deviceNumber;\n}\n\n/*\n Return the deviceNumber for the last logged-in user for the given account.\n * This uses the app-state \"last user\" pointer only; if it does not match the\n * requested account, an error is thrown instead of silently falling back.\n */\nexport async function getLastLoggedInDeviceNumber(\n nearAccountId: AccountId \| string,\n clientDB: PasskeyClientDBManager\n): Promise<number> {\n const accountId = toAccountId(nearAccountId);\n const last = await clientDB.getLastUser();\n if (last && last.nearAccountId === accountId) {\n const deviceNumber = parseDeviceNumber((last as any).deviceNumber, { min: 1 });\n if (deviceNumber !== null) {\n return deviceNumber;\n }\n }\n throw new Error(`No last user session for account ${accountId}`);\n}\n"],"mappings":";;;;AAGA,SAAgB,kBACd,OACA,UAA4B,IACb;CACf,MAAM,eAAe,OAAO;CAC5B,MAAM,MAAM,QAAQ,OAAO;AAC3B,KAAI,CAAC,OAAO,cAAc,iBAAiB,eAAe,IACxD,QAAO;AAET,QAAO;;;;;;;AAQT,eAAsB,4BACpB,eACA,UACiB;CACjB,MAAM,YAAYA,+BAAY;CAC9B,MAAM,OAAO,MAAM,SAAS;AAC5B,KAAI,QAAQ,KAAK,kBAAkB,WAAW;EAC5C,MAAM,eAAe,kBAAmB,KAAa,cAAc,EAAE,KAAK;AAC1E,MAAI,iBAAiB,KACnB,QAAO;;AAGX,OAAM,IAAI,MAAM,oCAAoC"}

package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/checkCanRegisterUser.js CHANGED Viewed

@@ -8,6 +8,7 @@ const require_rpcCalls = require('../../../rpcCalls.js');
 //#region src/core/WebAuthnManager/SignerWorkerManager/handlers/checkCanRegisterUser.ts
 require_defaultConfigs.init_defaultConfigs();
 require_rpcCalls.init_rpcCalls();
+require_credentialsHelpers.init_credentialsHelpers();
 require_errors.init_errors();
 require_validation.init_validation();
 async function checkCanRegisterUser({ ctx, vrfChallenge, credential, contractId, nearRpcUrl, authenticatorOptions, onEvent }) {

package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/checkCanRegisterUser.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"checkCanRegisterUser.js","names":["isObject","isString","serializedCredential: WebAuthnRegistrationCredential","serializeRegistrationCredentialWithPRF","PASSKEY_MANAGER_DEFAULT_CONFIGS","removePrfOutputGuard","result: CheckCanRegisterUserResult","checkCanRegisterUserContractCall","error: unknown","errorMessage"],"sources":["../../../../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/checkCanRegisterUser.ts"],"sourcesContent":["\nimport { PASSKEY_MANAGER_DEFAULT_CONFIGS } from \"../../../defaultConfigs\";\nimport type { CheckCanRegisterUserResult } from '../../../rpcCalls';\nimport { checkCanRegisterUserContractCall } from '../../../rpcCalls';\nimport { serializeRegistrationCredentialWithPRF, removePrfOutputGuard } from '../../credentialsHelpers';\nimport { VRFChallenge } from '../../../types/vrf-worker';\nimport type { onProgressEvents } from '../../../types/sdkSentEvents';\nimport type { AuthenticatorOptions } from '../../../types/authenticatorOptions';\nimport { SignerWorkerManagerContext } from '..';\nimport type { WebAuthnRegistrationCredential } from '../../../types/webauthn';\nimport { errorMessage } from '@/utils/errors';\nimport { isObject, isString } from '../../../WalletIframe/validation';\n\n\nexport async function checkCanRegisterUser({\n ctx,\n vrfChallenge,\n credential,\n contractId,\n nearRpcUrl,\n authenticatorOptions,\n onEvent,\n}: {\n ctx: SignerWorkerManagerContext,\n vrfChallenge: VRFChallenge,\n credential: WebAuthnRegistrationCredential,\n contractId: string;\n nearRpcUrl: string;\n authenticatorOptions?: AuthenticatorOptions; // Authenticator options for registration check\n onEvent?: (update: onProgressEvents) => void;\n}): Promise<{\n success: boolean;\n verified?: boolean;\n registrationInfo?: {\n credentialId: Uint8Array;\n credentialPublicKey: Uint8Array;\n userId: string;\n vrfPublicKey: Uint8Array \| undefined;\n };\n logs?: string[];\n signedTransactionBorsh?: number[];\n error?: string;\n}> {\n try {\n // Accept either a real PublicKeyCredential or an already-serialized credential\n const isSerialized = (cred: unknown): cred is WebAuthnRegistrationCredential => {\n if (!isObject(cred)) return false;\n const resp = (cred as { response?: unknown }).response;\n if (!isObject(resp)) return false;\n return isString((resp as { clientDataJSON?: unknown }).clientDataJSON)\n && isString((resp as { attestationObject?: unknown }).attestationObject);\n };\n\n const serializedCredential: WebAuthnRegistrationCredential = isSerialized(credential)\n ? credential\n : serializeRegistrationCredentialWithPRF({ credential: credential });\n\n // Ensure required fields are present; avoid undefined which gets dropped by JSON.stringify in the worker\n const resolvedContractId = contractId \|\| PASSKEY_MANAGER_DEFAULT_CONFIGS.contractId;\n\n onEvent?.({\n step: 3,\n phase: 'REGISTRATION_CONTRACT_PRE_CHECK' as any,\n status: 'PROGRESS' as any,\n message: 'Calling check_can_register_user on contract...',\n });\n\n // PRF outputs must never be sent over the network. Strip them before\n // calling the contract while preserving the rest of the credential shape.\n const strippedCredential = removePrfOutputGuard<WebAuthnRegistrationCredential>(serializedCredential);\n\n const result: CheckCanRegisterUserResult = await checkCanRegisterUserContractCall({\n nearClient: ctx.nearClient,\n contractId: resolvedContractId,\n vrfChallenge,\n credential: strippedCredential,\n authenticatorOptions,\n });\n\n if (!result.success) {\n throw new Error(result.error \|\| 'Registration pre-check RPC failed');\n }\n\n const wasmResult = {\n verified: result.verified,\n registrationInfo: undefined,\n logs: result.logs,\n error: result.error,\n };\n\n onEvent?.({\n step: 3,\n phase: 'REGISTRATION_CONTRACT_PRE_CHECK' as any,\n status: result.verified ? 'SUCCESS' as any : 'ERROR' as any,\n message: result.verified ? 'Registration pre-check succeeded' : (result.error \|\| 'Registration pre-check failed'),\n });\n\n return {\n success: true,\n verified: wasmResult.verified,\n registrationInfo: wasmResult.registrationInfo,\n logs: wasmResult.logs,\n error: wasmResult.error,\n };\n\n } catch (error: unknown) {\n // Preserve the detailed error message instead of converting to generic error\n console.error('checkCanRegisterUser failed:', error);\n return {\n success: false,\n verified: false,\n error: errorMessage(error) \|\| 'Unknown error occurred',\n logs: [],\n };\n }\n}\n"],"mappings":"~~;;;;;;;;;;;;~~AAcA,eAAsB,qBAAqB,EACzC,KACA,cACA,YACA,YACA,YACA,sBACA,WAqBC;AACD,KAAI;EAEF,MAAM,gBAAgB,SAA0D;AAC9E,OAAI,CAACA,4BAAS,MAAO,QAAO;GAC5B,MAAM,OAAQ,KAAgC;AAC9C,OAAI,CAACA,4BAAS,MAAO,QAAO;AAC5B,UAAOC,4BAAU,KAAsC,mBAClDA,4BAAU,KAAyC;;EAG1D,MAAMC,uBAAuD,aAAa,cACtE,aACAC,kEAAuC,EAAc;EAGzD,MAAM,qBAAqB,cAAcC,uDAAgC;AAEzE,YAAU;GACR,MAAM;GACN,OAAO;GACP,QAAQ;GACR,SAAS;;EAKX,MAAM,qBAAqBC,gDAAqD;EAEhF,MAAMC,SAAqC,MAAMC,kDAAiC;GAChF,YAAY,IAAI;GAChB,YAAY;GACZ;GACA,YAAY;GACZ;;AAGF,MAAI,CAAC,OAAO,QACV,OAAM,IAAI,MAAM,OAAO,SAAS;EAGlC,MAAM,aAAa;GACjB,UAAU,OAAO;GACjB,kBAAkB;GAClB,MAAM,OAAO;GACb,OAAO,OAAO;;AAGhB,YAAU;GACR,MAAM;GACN,OAAO;GACP,QAAQ,OAAO,WAAW,YAAmB;GAC7C,SAAS,OAAO,WAAW,qCAAsC,OAAO,SAAS;;AAGnF,SAAO;GACL,SAAS;GACT,UAAU,WAAW;GACrB,kBAAkB,WAAW;GAC7B,MAAM,WAAW;GACjB,OAAO,WAAW;;UAGbC,OAAgB;AAEvB,UAAQ,MAAM,gCAAgC;AAC9C,SAAO;GACL,SAAS;GACT,UAAU;GACV,OAAOC,4BAAa,UAAU;GAC9B,MAAM"}
1	+ {"version":3,"file":"checkCanRegisterUser.js","names":["isObject","isString","serializedCredential: WebAuthnRegistrationCredential","serializeRegistrationCredentialWithPRF","PASSKEY_MANAGER_DEFAULT_CONFIGS","removePrfOutputGuard","result: CheckCanRegisterUserResult","checkCanRegisterUserContractCall","error: unknown","errorMessage"],"sources":["../../../../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/checkCanRegisterUser.ts"],"sourcesContent":["\nimport { PASSKEY_MANAGER_DEFAULT_CONFIGS } from \"../../../defaultConfigs\";\nimport type { CheckCanRegisterUserResult } from '../../../rpcCalls';\nimport { checkCanRegisterUserContractCall } from '../../../rpcCalls';\nimport { serializeRegistrationCredentialWithPRF, removePrfOutputGuard } from '../../credentialsHelpers';\nimport { VRFChallenge } from '../../../types/vrf-worker';\nimport type { onProgressEvents } from '../../../types/sdkSentEvents';\nimport type { AuthenticatorOptions } from '../../../types/authenticatorOptions';\nimport { SignerWorkerManagerContext } from '..';\nimport type { WebAuthnRegistrationCredential } from '../../../types/webauthn';\nimport { errorMessage } from '@/utils/errors';\nimport { isObject, isString } from '../../../WalletIframe/validation';\n\n\nexport async function checkCanRegisterUser({\n ctx,\n vrfChallenge,\n credential,\n contractId,\n nearRpcUrl,\n authenticatorOptions,\n onEvent,\n}: {\n ctx: SignerWorkerManagerContext,\n vrfChallenge: VRFChallenge,\n credential: WebAuthnRegistrationCredential,\n contractId: string;\n nearRpcUrl: string;\n authenticatorOptions?: AuthenticatorOptions; // Authenticator options for registration check\n onEvent?: (update: onProgressEvents) => void;\n}): Promise<{\n success: boolean;\n verified?: boolean;\n registrationInfo?: {\n credentialId: Uint8Array;\n credentialPublicKey: Uint8Array;\n userId: string;\n vrfPublicKey: Uint8Array \| undefined;\n };\n logs?: string[];\n signedTransactionBorsh?: number[];\n error?: string;\n}> {\n try {\n // Accept either a real PublicKeyCredential or an already-serialized credential\n const isSerialized = (cred: unknown): cred is WebAuthnRegistrationCredential => {\n if (!isObject(cred)) return false;\n const resp = (cred as { response?: unknown }).response;\n if (!isObject(resp)) return false;\n return isString((resp as { clientDataJSON?: unknown }).clientDataJSON)\n && isString((resp as { attestationObject?: unknown }).attestationObject);\n };\n\n const serializedCredential: WebAuthnRegistrationCredential = isSerialized(credential)\n ? credential\n : serializeRegistrationCredentialWithPRF({ credential: credential });\n\n // Ensure required fields are present; avoid undefined which gets dropped by JSON.stringify in the worker\n const resolvedContractId = contractId \|\| PASSKEY_MANAGER_DEFAULT_CONFIGS.contractId;\n\n onEvent?.({\n step: 3,\n phase: 'REGISTRATION_CONTRACT_PRE_CHECK' as any,\n status: 'PROGRESS' as any,\n message: 'Calling check_can_register_user on contract...',\n });\n\n // PRF outputs must never be sent over the network. Strip them before\n // calling the contract while preserving the rest of the credential shape.\n const strippedCredential = removePrfOutputGuard<WebAuthnRegistrationCredential>(serializedCredential);\n\n const result: CheckCanRegisterUserResult = await checkCanRegisterUserContractCall({\n nearClient: ctx.nearClient,\n contractId: resolvedContractId,\n vrfChallenge,\n credential: strippedCredential,\n authenticatorOptions,\n });\n\n if (!result.success) {\n throw new Error(result.error \|\| 'Registration pre-check RPC failed');\n }\n\n const wasmResult = {\n verified: result.verified,\n registrationInfo: undefined,\n logs: result.logs,\n error: result.error,\n };\n\n onEvent?.({\n step: 3,\n phase: 'REGISTRATION_CONTRACT_PRE_CHECK' as any,\n status: result.verified ? 'SUCCESS' as any : 'ERROR' as any,\n message: result.verified ? 'Registration pre-check succeeded' : (result.error \|\| 'Registration pre-check failed'),\n });\n\n return {\n success: true,\n verified: wasmResult.verified,\n registrationInfo: wasmResult.registrationInfo,\n logs: wasmResult.logs,\n error: wasmResult.error,\n };\n\n } catch (error: unknown) {\n // Preserve the detailed error message instead of converting to generic error\n console.error('checkCanRegisterUser failed:', error);\n return {\n success: false,\n verified: false,\n error: errorMessage(error) \|\| 'Unknown error occurred',\n logs: [],\n };\n }\n}\n"],"mappings":";;;;;;;;;;;;;AAcA,eAAsB,qBAAqB,EACzC,KACA,cACA,YACA,YACA,YACA,sBACA,WAqBC;AACD,KAAI;EAEF,MAAM,gBAAgB,SAA0D;AAC9E,OAAI,CAACA,4BAAS,MAAO,QAAO;GAC5B,MAAM,OAAQ,KAAgC;AAC9C,OAAI,CAACA,4BAAS,MAAO,QAAO;AAC5B,UAAOC,4BAAU,KAAsC,mBAClDA,4BAAU,KAAyC;;EAG1D,MAAMC,uBAAuD,aAAa,cACtE,aACAC,kEAAuC,EAAc;EAGzD,MAAM,qBAAqB,cAAcC,uDAAgC;AAEzE,YAAU;GACR,MAAM;GACN,OAAO;GACP,QAAQ;GACR,SAAS;;EAKX,MAAM,qBAAqBC,gDAAqD;EAEhF,MAAMC,SAAqC,MAAMC,kDAAiC;GAChF,YAAY,IAAI;GAChB,YAAY;GACZ;GACA,YAAY;GACZ;;AAGF,MAAI,CAAC,OAAO,QACV,OAAM,IAAI,MAAM,OAAO,SAAS;EAGlC,MAAM,aAAa;GACjB,UAAU,OAAO;GACjB,kBAAkB;GAClB,MAAM,OAAO;GACb,OAAO,OAAO;;AAGhB,YAAU;GACR,MAAM;GACN,OAAO;GACP,QAAQ,OAAO,WAAW,YAAmB;GAC7C,SAAS,OAAO,WAAW,qCAAsC,OAAO,SAAS;;AAGnF,SAAO;GACL,SAAS;GACT,UAAU,WAAW;GACrB,kBAAkB,WAAW;GAC7B,MAAM,WAAW;GACjB,OAAO,WAAW;;UAGbC,OAAgB;AAEvB,UAAQ,MAAM,gCAAgC;AAC9C,SAAO;GACL,SAAS;GACT,UAAU;GACV,OAAOC,4BAAa,UAAU;GAC9B,MAAM"}

package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/decryptPrivateKeyWithPrf.js CHANGED Viewed

@@ -10,6 +10,7 @@ src_wasm_signer_worker_pkg_wasm_signer_worker_js = require_rolldown_runtime.__to
 //#region src/core/WebAuthnManager/SignerWorkerManager/handlers/decryptPrivateKeyWithPrf.ts
 require_signer_worker.init_signer_worker();
 require_accountIds.init_accountIds();
+require_getDeviceNumber.init_getDeviceNumber();
 require_validation.init_validation();
 async function decryptPrivateKeyWithPrf({ ctx, nearAccountId, authenticators, sessionId }) {
 	try {

package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/decryptPrivateKeyWithPrf.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"decryptPrivateKeyWithPrf.js","names":["getLastLoggedInDeviceNumber","WorkerRequestType","withSessionId","isDecryptPrivateKeyWithPrfSuccess","isObject","toAccountId","error: unknown"],"sources":["../../../../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/decryptPrivateKeyWithPrf.ts"],"sourcesContent":["\nimport { ClientAuthenticatorData } from '../../../IndexedDBManager';\nimport {\n WorkerRequestType,\n isDecryptPrivateKeyWithPrfSuccess,\n} from '../../../types/signer-worker';\nimport { AccountId, toAccountId } from \"../../../types/accountIds\";\n\nimport { SignerWorkerManagerContext } from '..';\nimport { getLastLoggedInDeviceNumber } from '../getDeviceNumber';\nimport { isObject } from '../../../WalletIframe/validation';\nimport { withSessionId } from './session';\n\nexport async function decryptPrivateKeyWithPrf({\n ctx,\n nearAccountId,\n authenticators,\n sessionId,\n}: {\n ctx: SignerWorkerManagerContext,\n nearAccountId: AccountId,\n authenticators: ClientAuthenticatorData[],\n sessionId: string,\n}): Promise<{ decryptedPrivateKey: string; nearAccountId: AccountId }> {\n try {\n console.info('WebAuthnManager: Starting private key decryption with dual PRF (local operation)');\n // Retrieve encrypted key data from IndexedDB in main thread\n const deviceNumber = await getLastLoggedInDeviceNumber(nearAccountId, ctx.indexedDB.clientDB);\n const encryptedKeyData = await ctx.indexedDB.nearKeysDB.getEncryptedKey(nearAccountId, deviceNumber);\n if (!encryptedKeyData) {\n throw new Error(`No encrypted key found for account: ${nearAccountId}`);\n }\n\n const response = await ctx.sendMessage({\n sessionId,\n message: {\n type: WorkerRequestType.DecryptPrivateKeyWithPrf,\n payload: withSessionId(sessionId, {\n nearAccountId: nearAccountId,\n encryptedPrivateKeyData: encryptedKeyData.encryptedData,\n encryptedPrivateKeyChacha20NonceB64u: encryptedKeyData.chacha20NonceB64u,\n })\n },\n });\n\n if (!isDecryptPrivateKeyWithPrfSuccess(response)) {\n console.error('WebAuthnManager: Dual PRF private key decryption failed:', response);\n const payloadError = isObject(response?.payload) && (response as any)?.payload?.error;\n throw new Error(payloadError \|\| 'Private key decryption failed');\n }\n return {\n decryptedPrivateKey: response.payload.privateKey,\n nearAccountId: toAccountId(response.payload.nearAccountId)\n };\n } catch (error: unknown) {\n console.error('WebAuthnManager: Dual PRF private key decryption error:', error);\n throw error;\n }\n}\n"],"mappings":"~~;;;;;;;;;;;;;~~AAaA,eAAsB,yBAAyB,EAC7C,KACA,eACA,gBACA,aAMqE;AACrE,KAAI;AACF,UAAQ,KAAK;EAEb,MAAM,eAAe,MAAMA,oDAA4B,eAAe,IAAI,UAAU;EACpF,MAAM,mBAAmB,MAAM,IAAI,UAAU,WAAW,gBAAgB,eAAe;AACvF,MAAI,CAAC,iBACH,OAAM,IAAI,MAAM,uCAAuC;EAGzD,MAAM,WAAW,MAAM,IAAI,YAAY;GACrC;GACA,SAAS;IACP,MAAMC,mEAAkB;IACxB,SAASC,8BAAc,WAAW;KACjB;KACf,yBAAyB,iBAAiB;KAC1C,sCAAsC,iBAAiB;;;;AAK7D,MAAI,CAACC,wDAAkC,WAAW;AAChD,WAAQ,MAAM,4DAA4D;GAC1E,MAAM,eAAeC,4BAAS,UAAU,YAAa,UAAkB,SAAS;AAChF,SAAM,IAAI,MAAM,gBAAgB;;AAElC,SAAO;GACL,qBAAqB,SAAS,QAAQ;GACtC,eAAeC,+BAAY,SAAS,QAAQ;;UAEvCC,OAAgB;AACvB,UAAQ,MAAM,2DAA2D;AACzE,QAAM"}
1	+ {"version":3,"file":"decryptPrivateKeyWithPrf.js","names":["getLastLoggedInDeviceNumber","WorkerRequestType","withSessionId","isDecryptPrivateKeyWithPrfSuccess","isObject","toAccountId","error: unknown"],"sources":["../../../../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/decryptPrivateKeyWithPrf.ts"],"sourcesContent":["\nimport { ClientAuthenticatorData } from '../../../IndexedDBManager';\nimport {\n WorkerRequestType,\n isDecryptPrivateKeyWithPrfSuccess,\n} from '../../../types/signer-worker';\nimport { AccountId, toAccountId } from \"../../../types/accountIds\";\n\nimport { SignerWorkerManagerContext } from '..';\nimport { getLastLoggedInDeviceNumber } from '../getDeviceNumber';\nimport { isObject } from '../../../WalletIframe/validation';\nimport { withSessionId } from './session';\n\nexport async function decryptPrivateKeyWithPrf({\n ctx,\n nearAccountId,\n authenticators,\n sessionId,\n}: {\n ctx: SignerWorkerManagerContext,\n nearAccountId: AccountId,\n authenticators: ClientAuthenticatorData[],\n sessionId: string,\n}): Promise<{ decryptedPrivateKey: string; nearAccountId: AccountId }> {\n try {\n console.info('WebAuthnManager: Starting private key decryption with dual PRF (local operation)');\n // Retrieve encrypted key data from IndexedDB in main thread\n const deviceNumber = await getLastLoggedInDeviceNumber(nearAccountId, ctx.indexedDB.clientDB);\n const encryptedKeyData = await ctx.indexedDB.nearKeysDB.getEncryptedKey(nearAccountId, deviceNumber);\n if (!encryptedKeyData) {\n throw new Error(`No encrypted key found for account: ${nearAccountId}`);\n }\n\n const response = await ctx.sendMessage({\n sessionId,\n message: {\n type: WorkerRequestType.DecryptPrivateKeyWithPrf,\n payload: withSessionId(sessionId, {\n nearAccountId: nearAccountId,\n encryptedPrivateKeyData: encryptedKeyData.encryptedData,\n encryptedPrivateKeyChacha20NonceB64u: encryptedKeyData.chacha20NonceB64u,\n })\n },\n });\n\n if (!isDecryptPrivateKeyWithPrfSuccess(response)) {\n console.error('WebAuthnManager: Dual PRF private key decryption failed:', response);\n const payloadError = isObject(response?.payload) && (response as any)?.payload?.error;\n throw new Error(payloadError \|\| 'Private key decryption failed');\n }\n return {\n decryptedPrivateKey: response.payload.privateKey,\n nearAccountId: toAccountId(response.payload.nearAccountId)\n };\n } catch (error: unknown) {\n console.error('WebAuthnManager: Dual PRF private key decryption error:', error);\n throw error;\n }\n}\n"],"mappings":";;;;;;;;;;;;;;AAaA,eAAsB,yBAAyB,EAC7C,KACA,eACA,gBACA,aAMqE;AACrE,KAAI;AACF,UAAQ,KAAK;EAEb,MAAM,eAAe,MAAMA,oDAA4B,eAAe,IAAI,UAAU;EACpF,MAAM,mBAAmB,MAAM,IAAI,UAAU,WAAW,gBAAgB,eAAe;AACvF,MAAI,CAAC,iBACH,OAAM,IAAI,MAAM,uCAAuC;EAGzD,MAAM,WAAW,MAAM,IAAI,YAAY;GACrC;GACA,SAAS;IACP,MAAMC,mEAAkB;IACxB,SAASC,8BAAc,WAAW;KACjB;KACf,yBAAyB,iBAAiB;KAC1C,sCAAsC,iBAAiB;;;;AAK7D,MAAI,CAACC,wDAAkC,WAAW;AAChD,WAAQ,MAAM,4DAA4D;GAC1E,MAAM,eAAeC,4BAAS,UAAU,YAAa,UAAkB,SAAS;AAChF,SAAM,IAAI,MAAM,gBAAgB;;AAElC,SAAO;GACL,qBAAqB,SAAS,QAAQ;GACtC,eAAeC,+BAAY,SAAS,QAAQ;;UAEvCC,OAAgB;AACvB,UAAQ,MAAM,2DAA2D;AACzE,QAAM"}

package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/deriveNearKeypairAndEncryptFromSerialized.js CHANGED Viewed

@@ -10,6 +10,7 @@ src_wasm_signer_worker_pkg_wasm_signer_worker_js = require_rolldown_runtime.__to
 //#region src/core/WebAuthnManager/SignerWorkerManager/handlers/deriveNearKeypairAndEncryptFromSerialized.ts
 require_signer_worker.init_signer_worker();
 require_accountIds.init_accountIds();
+require_getDeviceNumber.init_getDeviceNumber();
 /**
 * Derive NEAR keypair and encrypt it from a serialized WebAuthn registration credential
 * (shape compatible with SerializedRegistrationCredential from WASM) by extracting PRF outputs from it.

package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/deriveNearKeypairAndEncryptFromSerialized.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"deriveNearKeypairAndEncryptFromSerialized.js","names":["WorkerRequestType","withSessionId","toEnumUserVerificationPolicy","isDeriveNearKeypairAndEncryptSuccess","getLastLoggedInDeviceNumber","keyData: EncryptedKeyData","toAccountId","error: unknown"],"sources":["../../../../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/deriveNearKeypairAndEncryptFromSerialized.ts"],"sourcesContent":["\nimport type { EncryptedKeyData } from '../../../IndexedDBManager/passkeyNearKeysDB';\nimport type { AuthenticatorOptions } from '../../../types/authenticatorOptions';\nimport {\n WorkerRequestType,\n isDeriveNearKeypairAndEncryptSuccess,\n} from '../../../types/signer-worker';\nimport { AccountId, toAccountId } from \"../../../types/accountIds\";\nimport { getLastLoggedInDeviceNumber } from '../getDeviceNumber';\nimport { SignerWorkerManagerContext } from '..';\nimport type { WebAuthnRegistrationCredential } from '@/core/types/webauthn';\nimport { toEnumUserVerificationPolicy } from '../../../types/authenticatorOptions';\nimport { withSessionId } from './session';\n\n/*\n Derive NEAR keypair and encrypt it from a serialized WebAuthn registration credential\n * (shape compatible with SerializedRegistrationCredential from WASM) by extracting PRF outputs from it.\n /\nexport async function deriveNearKeypairAndEncryptFromSerialized({\n ctx,\n credential,\n nearAccountId,\n options,\n sessionId,\n}: {\n ctx: SignerWorkerManagerContext,\n credential: WebAuthnRegistrationCredential;\n nearAccountId: AccountId,\n options?: {\n authenticatorOptions?: AuthenticatorOptions;\n deviceNumber?: number;\n };\n sessionId: string;\n}): Promise<{\n success: boolean;\n nearAccountId: AccountId;\n publicKey: string;\n /\n Base64url-encoded AEAD nonce (ChaCha20-Poly1305) for the encrypted private key.\n */\n chacha20NonceB64u?: string;\n wrapKeySalt?: string;\n error?: string;\n}> {\n try {\n // PRF outputs are now extracted by VRF worker and delivered to signer worker via MessagePort\n // No need to extract or send them through main thread\n if (!sessionId) throw new Error('Missing sessionId for registration WrapKeySeed delivery');\n\n const response = await ctx.sendMessage<WorkerRequestType.DeriveNearKeypairAndEncrypt>({\n sessionId,\n message: {\n type: WorkerRequestType.DeriveNearKeypairAndEncrypt,\n payload: withSessionId(sessionId, {\n nearAccountId: nearAccountId,\n credential,\n authenticatorOptions: options?.authenticatorOptions ? {\n userVerification: toEnumUserVerificationPolicy(options.authenticatorOptions.userVerification),\n originPolicy: options.authenticatorOptions.originPolicy,\n } : undefined,\n })\n },\n });\n\n if (!isDeriveNearKeypairAndEncryptSuccess(response)) {\n throw new Error('Dual PRF registration (from serialized) failed');\n }\n\n const wasmResult = response.payload;\n const version = (wasmResult as any).version ?? 2;\n const wrapKeySaltPersisted = wasmResult.wrapKeySalt;\n // Prefer explicitly provided deviceNumber, else derive from IndexedDB state\n const deviceNumber = (typeof options?.deviceNumber === 'number')\n ? options!.deviceNumber!\n : await getLastLoggedInDeviceNumber(nearAccountId, ctx.indexedDB.clientDB);\n const chacha20NonceB64u = wasmResult.chacha20NonceB64u;\n if (!chacha20NonceB64u) {\n throw new Error('Missing chacha20NonceB64u in deriveNearKeypairAndEncrypt result');\n }\n const keyData: EncryptedKeyData = {\n nearAccountId: nearAccountId,\n deviceNumber,\n encryptedData: wasmResult.encryptedData,\n chacha20NonceB64u,\n wrapKeySalt: wrapKeySaltPersisted,\n version,\n timestamp: Date.now()\n };\n await ctx.indexedDB.nearKeysDB.storeEncryptedKey(keyData);\n\n return {\n success: true,\n nearAccountId: toAccountId(wasmResult.nearAccountId),\n publicKey: wasmResult.publicKey,\n chacha20NonceB64u,\n wrapKeySalt: wrapKeySaltPersisted,\n };\n } catch (error: unknown) {\n console.error('WebAuthnManager: deriveNearKeypairAndEncryptFromSerialized error:', error);\n const message = String((error as { message?: unknown })?.message \|\| error \|\| '');\n return {\n success: false,\n nearAccountId,\n publicKey: '',\n error: message\n };\n }\n}\n"],"mappings":"~~;;;;;;;;;;;;;;;;~~AAkBA,eAAsB,0CAA0C,EAC9D,KACA,YACA,eACA,SACA,aAoBC;AACD,KAAI;AAGF,MAAI,CAAC,UAAW,OAAM,IAAI,MAAM;EAEhC,MAAM,WAAW,MAAM,IAAI,YAA2D;GACpF;GACA,SAAS;IACP,MAAMA,mEAAkB;IACxB,SAASC,8BAAc,WAAW;KACjB;KACf;KACA,sBAAsB,SAAS,uBAAuB;MACpD,kBAAkBC,0DAA6B,QAAQ,qBAAqB;MAC5E,cAAc,QAAQ,qBAAqB;SACzC;;;;AAKV,MAAI,CAACC,2DAAqC,UACxC,OAAM,IAAI,MAAM;EAGlB,MAAM,aAAa,SAAS;EAC5B,MAAM,UAAW,WAAmB,WAAW;EAC/C,MAAM,uBAAuB,WAAW;EAExC,MAAM,eAAgB,OAAO,SAAS,iBAAiB,WACnD,QAAS,eACT,MAAMC,oDAA4B,eAAe,IAAI,UAAU;EACnE,MAAM,oBAAoB,WAAW;AACrC,MAAI,CAAC,kBACH,OAAM,IAAI,MAAM;EAElB,MAAMC,UAA4B;GACjB;GACf;GACA,eAAe,WAAW;GAC1B;GACA,aAAa;GACb;GACA,WAAW,KAAK;;AAElB,QAAM,IAAI,UAAU,WAAW,kBAAkB;AAEjD,SAAO;GACL,SAAS;GACT,eAAeC,+BAAY,WAAW;GACtC,WAAW,WAAW;GACtB;GACA,aAAa;;UAERC,OAAgB;AACvB,UAAQ,MAAM,qEAAqE;EACnF,MAAM,UAAU,OAAQ,OAAiC,WAAW,SAAS;AAC7E,SAAO;GACL,SAAS;GACT;GACA,WAAW;GACX,OAAO"}
1	+ {"version":3,"file":"deriveNearKeypairAndEncryptFromSerialized.js","names":["WorkerRequestType","withSessionId","toEnumUserVerificationPolicy","isDeriveNearKeypairAndEncryptSuccess","getLastLoggedInDeviceNumber","keyData: EncryptedKeyData","toAccountId","error: unknown"],"sources":["../../../../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/deriveNearKeypairAndEncryptFromSerialized.ts"],"sourcesContent":["\nimport type { EncryptedKeyData } from '../../../IndexedDBManager/passkeyNearKeysDB';\nimport type { AuthenticatorOptions } from '../../../types/authenticatorOptions';\nimport {\n WorkerRequestType,\n isDeriveNearKeypairAndEncryptSuccess,\n} from '../../../types/signer-worker';\nimport { AccountId, toAccountId } from \"../../../types/accountIds\";\nimport { getLastLoggedInDeviceNumber } from '../getDeviceNumber';\nimport { SignerWorkerManagerContext } from '..';\nimport type { WebAuthnRegistrationCredential } from '@/core/types/webauthn';\nimport { toEnumUserVerificationPolicy } from '../../../types/authenticatorOptions';\nimport { withSessionId } from './session';\n\n/*\n Derive NEAR keypair and encrypt it from a serialized WebAuthn registration credential\n * (shape compatible with SerializedRegistrationCredential from WASM) by extracting PRF outputs from it.\n /\nexport async function deriveNearKeypairAndEncryptFromSerialized({\n ctx,\n credential,\n nearAccountId,\n options,\n sessionId,\n}: {\n ctx: SignerWorkerManagerContext,\n credential: WebAuthnRegistrationCredential;\n nearAccountId: AccountId,\n options?: {\n authenticatorOptions?: AuthenticatorOptions;\n deviceNumber?: number;\n };\n sessionId: string;\n}): Promise<{\n success: boolean;\n nearAccountId: AccountId;\n publicKey: string;\n /\n Base64url-encoded AEAD nonce (ChaCha20-Poly1305) for the encrypted private key.\n */\n chacha20NonceB64u?: string;\n wrapKeySalt?: string;\n error?: string;\n}> {\n try {\n // PRF outputs are now extracted by VRF worker and delivered to signer worker via MessagePort\n // No need to extract or send them through main thread\n if (!sessionId) throw new Error('Missing sessionId for registration WrapKeySeed delivery');\n\n const response = await ctx.sendMessage<WorkerRequestType.DeriveNearKeypairAndEncrypt>({\n sessionId,\n message: {\n type: WorkerRequestType.DeriveNearKeypairAndEncrypt,\n payload: withSessionId(sessionId, {\n nearAccountId: nearAccountId,\n credential,\n authenticatorOptions: options?.authenticatorOptions ? {\n userVerification: toEnumUserVerificationPolicy(options.authenticatorOptions.userVerification),\n originPolicy: options.authenticatorOptions.originPolicy,\n } : undefined,\n })\n },\n });\n\n if (!isDeriveNearKeypairAndEncryptSuccess(response)) {\n throw new Error('Dual PRF registration (from serialized) failed');\n }\n\n const wasmResult = response.payload;\n const version = (wasmResult as any).version ?? 2;\n const wrapKeySaltPersisted = wasmResult.wrapKeySalt;\n // Prefer explicitly provided deviceNumber, else derive from IndexedDB state\n const deviceNumber = (typeof options?.deviceNumber === 'number')\n ? options!.deviceNumber!\n : await getLastLoggedInDeviceNumber(nearAccountId, ctx.indexedDB.clientDB);\n const chacha20NonceB64u = wasmResult.chacha20NonceB64u;\n if (!chacha20NonceB64u) {\n throw new Error('Missing chacha20NonceB64u in deriveNearKeypairAndEncrypt result');\n }\n const keyData: EncryptedKeyData = {\n nearAccountId: nearAccountId,\n deviceNumber,\n encryptedData: wasmResult.encryptedData,\n chacha20NonceB64u,\n wrapKeySalt: wrapKeySaltPersisted,\n version,\n timestamp: Date.now()\n };\n await ctx.indexedDB.nearKeysDB.storeEncryptedKey(keyData);\n\n return {\n success: true,\n nearAccountId: toAccountId(wasmResult.nearAccountId),\n publicKey: wasmResult.publicKey,\n chacha20NonceB64u,\n wrapKeySalt: wrapKeySaltPersisted,\n };\n } catch (error: unknown) {\n console.error('WebAuthnManager: deriveNearKeypairAndEncryptFromSerialized error:', error);\n const message = String((error as { message?: unknown })?.message \|\| error \|\| '');\n return {\n success: false,\n nearAccountId,\n publicKey: '',\n error: message\n };\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;AAkBA,eAAsB,0CAA0C,EAC9D,KACA,YACA,eACA,SACA,aAoBC;AACD,KAAI;AAGF,MAAI,CAAC,UAAW,OAAM,IAAI,MAAM;EAEhC,MAAM,WAAW,MAAM,IAAI,YAA2D;GACpF;GACA,SAAS;IACP,MAAMA,mEAAkB;IACxB,SAASC,8BAAc,WAAW;KACjB;KACf;KACA,sBAAsB,SAAS,uBAAuB;MACpD,kBAAkBC,0DAA6B,QAAQ,qBAAqB;MAC5E,cAAc,QAAQ,qBAAqB;SACzC;;;;AAKV,MAAI,CAACC,2DAAqC,UACxC,OAAM,IAAI,MAAM;EAGlB,MAAM,aAAa,SAAS;EAC5B,MAAM,UAAW,WAAmB,WAAW;EAC/C,MAAM,uBAAuB,WAAW;EAExC,MAAM,eAAgB,OAAO,SAAS,iBAAiB,WACnD,QAAS,eACT,MAAMC,oDAA4B,eAAe,IAAI,UAAU;EACnE,MAAM,oBAAoB,WAAW;AACrC,MAAI,CAAC,kBACH,OAAM,IAAI,MAAM;EAElB,MAAMC,UAA4B;GACjB;GACf;GACA,eAAe,WAAW;GAC1B;GACA,aAAa;GACb;GACA,WAAW,KAAK;;AAElB,QAAM,IAAI,UAAU,WAAW,kBAAkB;AAEjD,SAAO;GACL,SAAS;GACT,eAAeC,+BAAY,WAAW;GACtC,WAAW,WAAW;GACtB;GACA,aAAa;;UAERC,OAAgB;AACvB,UAAQ,MAAM,qEAAqE;EACnF,MAAM,UAAU,OAAQ,OAAiC,WAAW,SAAS;AAC7E,SAAO;GACL,SAAS;GACT;GACA,WAAW;GACX,OAAO"}

package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/exportNearKeypairUi.js CHANGED Viewed

@@ -12,6 +12,7 @@ src_wasm_signer_worker_pkg_wasm_signer_worker_js = require_rolldown_runtime.__to
 require_validation.init_validation();
 require_accountIds.init_accountIds();
 require_signer_worker.init_signer_worker();
+require_getDeviceNumber.init_getDeviceNumber();
 /**
 * Two-phase export (worker-driven):
 *  - Phase 1: collect PRF (uiMode: 'skip') and derive WrapKeySeed in VRF worker

package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/exportNearKeypairUi.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"exportNearKeypairUi.js","names":["toAccountId","getLastLoggedInDeviceNumber","WorkerRequestType","isDecryptPrivateKeyWithPrfSuccess","isObject","SecureConfirmationType","runSecureConfirm"],"sources":["../../../../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/exportNearKeypairUi.ts"],"sourcesContent":["import { isObject } from '../../../WalletIframe/validation';\nimport { AccountId, toAccountId } from '../../../types/accountIds';\nimport {\n WorkerRequestType,\n isDecryptPrivateKeyWithPrfSuccess,\n} from '../../../types/signer-worker';\nimport { runSecureConfirm } from '../../VrfWorkerManager/secureConfirmBridge';\nimport { SecureConfirmationType } from '../../VrfWorkerManager/confirmTxFlow/types';\nimport { SignerWorkerManagerContext } from '..';\nimport { getLastLoggedInDeviceNumber } from '../getDeviceNumber';\n\n/*\n Two-phase export (worker-driven):\n * - Phase 1: collect PRF (uiMode: 'skip') and derive WrapKeySeed in VRF worker\n * - Decrypt inside signer worker (session-bound)\n * - Phase 2: show export UI with decrypted key (kept open until user closes)\n */\nexport async function exportNearKeypairUi({\n ctx,\n nearAccountId,\n variant,\n theme,\n sessionId,\n}: {\n ctx: SignerWorkerManagerContext;\n nearAccountId: AccountId;\n variant?: 'drawer' \| 'modal';\n theme?: 'dark' \| 'light';\n sessionId: string;\n}): Promise<void> {\n const accountId = toAccountId(nearAccountId);\n\n // Gather encrypted key + ChaCha20 nonce and public key from IndexedDB\n const deviceNumber = await getLastLoggedInDeviceNumber(accountId, ctx.indexedDB.clientDB);\n const [keyData, user] = await Promise.all([\n ctx.indexedDB.nearKeysDB.getEncryptedKey(accountId, deviceNumber),\n ctx.indexedDB.clientDB.getUserByDevice(accountId, deviceNumber),\n ]);\n const publicKey = user?.clientNearPublicKey \|\| '';\n if (!keyData \|\| !publicKey) {\n throw new Error('Missing local key material for export. Re-register to upgrade vault.');\n }\n\n // Decrypt inside signer worker using the reserved session\n const response = await ctx.sendMessage<WorkerRequestType.DecryptPrivateKeyWithPrf>({\n sessionId,\n message: {\n type: WorkerRequestType.DecryptPrivateKeyWithPrf,\n payload: {\n nearAccountId: accountId,\n encryptedPrivateKeyData: keyData.encryptedData,\n encryptedPrivateKeyChacha20NonceB64u: keyData.chacha20NonceB64u,\n },\n },\n });\n\n if (!isDecryptPrivateKeyWithPrfSuccess(response)) {\n console.error('WebAuthnManager: Export decrypt failed:', response);\n const payloadError = isObject(response?.payload) && response?.payload?.error;\n const msg = String(payloadError \|\| 'Export decrypt failed');\n throw new Error(msg);\n }\n\n const privateKey = response.payload.privateKey;\n\n // Phase 2: show secure UI (VRF-driven viewer)\n const showReq = {\n schemaVersion: 2 as const,\n requestId: sessionId,\n type: SecureConfirmationType.SHOW_SECURE_PRIVATE_KEY_UI,\n summary: {\n operation: 'Export Private Key' as const,\n accountId,\n publicKey,\n warning: 'Anyone with your private key can fully control your account. Never share it.',\n },\n payload: {\n nearAccountId: accountId,\n publicKey,\n privateKey,\n variant,\n theme,\n },\n };\n await runSecureConfirm(ctx, showReq);\n}\n"],"mappings":"~~;;;;;;;;;;;;;;;;;;;;~~AAiBA,eAAsB,oBAAoB,EACxC,KACA,eACA,SACA,OACA,aAOgB;CAChB,MAAM,YAAYA,+BAAY;CAG9B,MAAM,eAAe,MAAMC,oDAA4B,WAAW,IAAI,UAAU;CAChF,MAAM,CAAC,SAAS,QAAQ,MAAM,QAAQ,IAAI,CACxC,IAAI,UAAU,WAAW,gBAAgB,WAAW,eACpD,IAAI,UAAU,SAAS,gBAAgB,WAAW;CAEpD,MAAM,YAAY,MAAM,uBAAuB;AAC/C,KAAI,CAAC,WAAW,CAAC,UACf,OAAM,IAAI,MAAM;CAIlB,MAAM,WAAW,MAAM,IAAI,YAAwD;EACjF;EACA,SAAS;GACP,MAAMC,mEAAkB;GACxB,SAAS;IACP,eAAe;IACf,yBAAyB,QAAQ;IACjC,sCAAsC,QAAQ;;;;AAKpD,KAAI,CAACC,wDAAkC,WAAW;AAChD,UAAQ,MAAM,2CAA2C;EACzD,MAAM,eAAeC,4BAAS,UAAU,YAAY,UAAU,SAAS;EACvE,MAAM,MAAM,OAAO,gBAAgB;AACnC,QAAM,IAAI,MAAM;;CAGlB,MAAM,aAAa,SAAS,QAAQ;CAGpC,MAAM,UAAU;EACd,eAAe;EACf,WAAW;EACX,MAAMC,qCAAuB;EAC7B,SAAS;GACP,WAAW;GACX;GACA;GACA,SAAS;;EAEX,SAAS;GACP,eAAe;GACf;GACA;GACA;GACA;;;AAGJ,OAAMC,6CAAiB,KAAK"}
1	+ {"version":3,"file":"exportNearKeypairUi.js","names":["toAccountId","getLastLoggedInDeviceNumber","WorkerRequestType","isDecryptPrivateKeyWithPrfSuccess","isObject","SecureConfirmationType","runSecureConfirm"],"sources":["../../../../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/exportNearKeypairUi.ts"],"sourcesContent":["import { isObject } from '../../../WalletIframe/validation';\nimport { AccountId, toAccountId } from '../../../types/accountIds';\nimport {\n WorkerRequestType,\n isDecryptPrivateKeyWithPrfSuccess,\n} from '../../../types/signer-worker';\nimport { runSecureConfirm } from '../../VrfWorkerManager/secureConfirmBridge';\nimport { SecureConfirmationType } from '../../VrfWorkerManager/confirmTxFlow/types';\nimport { SignerWorkerManagerContext } from '..';\nimport { getLastLoggedInDeviceNumber } from '../getDeviceNumber';\n\n/*\n Two-phase export (worker-driven):\n * - Phase 1: collect PRF (uiMode: 'skip') and derive WrapKeySeed in VRF worker\n * - Decrypt inside signer worker (session-bound)\n * - Phase 2: show export UI with decrypted key (kept open until user closes)\n */\nexport async function exportNearKeypairUi({\n ctx,\n nearAccountId,\n variant,\n theme,\n sessionId,\n}: {\n ctx: SignerWorkerManagerContext;\n nearAccountId: AccountId;\n variant?: 'drawer' \| 'modal';\n theme?: 'dark' \| 'light';\n sessionId: string;\n}): Promise<void> {\n const accountId = toAccountId(nearAccountId);\n\n // Gather encrypted key + ChaCha20 nonce and public key from IndexedDB\n const deviceNumber = await getLastLoggedInDeviceNumber(accountId, ctx.indexedDB.clientDB);\n const [keyData, user] = await Promise.all([\n ctx.indexedDB.nearKeysDB.getEncryptedKey(accountId, deviceNumber),\n ctx.indexedDB.clientDB.getUserByDevice(accountId, deviceNumber),\n ]);\n const publicKey = user?.clientNearPublicKey \|\| '';\n if (!keyData \|\| !publicKey) {\n throw new Error('Missing local key material for export. Re-register to upgrade vault.');\n }\n\n // Decrypt inside signer worker using the reserved session\n const response = await ctx.sendMessage<WorkerRequestType.DecryptPrivateKeyWithPrf>({\n sessionId,\n message: {\n type: WorkerRequestType.DecryptPrivateKeyWithPrf,\n payload: {\n nearAccountId: accountId,\n encryptedPrivateKeyData: keyData.encryptedData,\n encryptedPrivateKeyChacha20NonceB64u: keyData.chacha20NonceB64u,\n },\n },\n });\n\n if (!isDecryptPrivateKeyWithPrfSuccess(response)) {\n console.error('WebAuthnManager: Export decrypt failed:', response);\n const payloadError = isObject(response?.payload) && response?.payload?.error;\n const msg = String(payloadError \|\| 'Export decrypt failed');\n throw new Error(msg);\n }\n\n const privateKey = response.payload.privateKey;\n\n // Phase 2: show secure UI (VRF-driven viewer)\n const showReq = {\n schemaVersion: 2 as const,\n requestId: sessionId,\n type: SecureConfirmationType.SHOW_SECURE_PRIVATE_KEY_UI,\n summary: {\n operation: 'Export Private Key' as const,\n accountId,\n publicKey,\n warning: 'Anyone with your private key can fully control your account. Never share it.',\n },\n payload: {\n nearAccountId: accountId,\n publicKey,\n privateKey,\n variant,\n theme,\n },\n };\n await runSecureConfirm(ctx, showReq);\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;AAiBA,eAAsB,oBAAoB,EACxC,KACA,eACA,SACA,OACA,aAOgB;CAChB,MAAM,YAAYA,+BAAY;CAG9B,MAAM,eAAe,MAAMC,oDAA4B,WAAW,IAAI,UAAU;CAChF,MAAM,CAAC,SAAS,QAAQ,MAAM,QAAQ,IAAI,CACxC,IAAI,UAAU,WAAW,gBAAgB,WAAW,eACpD,IAAI,UAAU,SAAS,gBAAgB,WAAW;CAEpD,MAAM,YAAY,MAAM,uBAAuB;AAC/C,KAAI,CAAC,WAAW,CAAC,UACf,OAAM,IAAI,MAAM;CAIlB,MAAM,WAAW,MAAM,IAAI,YAAwD;EACjF;EACA,SAAS;GACP,MAAMC,mEAAkB;GACxB,SAAS;IACP,eAAe;IACf,yBAAyB,QAAQ;IACjC,sCAAsC,QAAQ;;;;AAKpD,KAAI,CAACC,wDAAkC,WAAW;AAChD,UAAQ,MAAM,2CAA2C;EACzD,MAAM,eAAeC,4BAAS,UAAU,YAAY,UAAU,SAAS;EACvE,MAAM,MAAM,OAAO,gBAAgB;AACnC,QAAM,IAAI,MAAM;;CAGlB,MAAM,aAAa,SAAS,QAAQ;CAGpC,MAAM,UAAU;EACd,eAAe;EACf,WAAW;EACX,MAAMC,qCAAuB;EAC7B,SAAS;GACP,WAAW;GACX;GACA;GACA,SAAS;;EAEX,SAAS;GACP,eAAe;GACf;GACA;GACA;GACA;;;AAGJ,OAAMC,6CAAiB,KAAK"}

package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/registerDevice2WithDerivedKey.js CHANGED Viewed

@@ -1,13 +1,14 @@
 const require_rolldown_runtime = require('../../../../_virtual/rolldown_runtime.js');
 const require_signer_worker = require('../../../types/signer-worker.js');
 const require_base64 = require('../../../../utils/base64.js');
-require('../../../../utils/index.js');
+const require_index = require('../../../../utils/index.js');
 const require_authenticatorOptions = require('../../../types/authenticatorOptions.js');
 const require_session = require('./session.js');
 let src_wasm_signer_worker_pkg_wasm_signer_worker_js = require("../../../../wasm_signer_worker/pkg/wasm_signer_worker.js");
 src_wasm_signer_worker_pkg_wasm_signer_worker_js = require_rolldown_runtime.__toESM(src_wasm_signer_worker_pkg_wasm_signer_worker_js);
 //#region src/core/WebAuthnManager/SignerWorkerManager/handlers/registerDevice2WithDerivedKey.ts
+require_index.init_utils();
 require_signer_worker.init_signer_worker();
 /**
 * Combined Device2 registration flow: derive NEAR keypair + sign registration transaction

package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/registerDevice2WithDerivedKey.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"registerDevice2WithDerivedKey.js","names":["base64UrlDecode","toEnumUserVerificationPolicy","UserVerificationPolicy","WorkerRequestType","withSessionId","isRegisterDevice2WithDerivedKeySuccess","keyData: EncryptedKeyData","error: unknown"],"sources":["../../../../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/registerDevice2WithDerivedKey.ts"],"sourcesContent":["import { base64UrlDecode } from '../../../../utils';\nimport type { EncryptedKeyData } from '../../../IndexedDBManager/passkeyNearKeysDB';\nimport {\n WorkerRequestType,\n isRegisterDevice2WithDerivedKeySuccess,\n} from '../../../types/signer-worker';\nimport { AccountId, toAccountId } from \"../../../types/accountIds\";\nimport { SignerWorkerManagerContext } from '..';\nimport type { WebAuthnRegistrationCredential } from '@/core/types/webauthn';\nimport type { VRFChallenge } from '../../../types/vrf-worker';\nimport type { TransactionContext } from '../../../types/rpc';\nimport { withSessionId } from './session';\nimport { UserVerificationPolicy, toEnumUserVerificationPolicy } from '../../../types/authenticatorOptions';\n\n/*\n Combined Device2 registration flow: derive NEAR keypair + sign registration transaction\n * in a single operation without requiring a separate authentication prompt.\n \n This handler orchestrates:\n * 1. Retrieving PRF.second and WrapKeySeed from session storage (delivered via MessagePort)\n * 2. Deriving NEAR ed25519 keypair from PRF.second\n * 3. Encrypting the NEAR private key with KEK (derived from WrapKeySeed + wrapKeySalt)\n * 4. Building the Device2 registration transaction (`link_device_register_user`)\n * 5. Signing the transaction with the derived NEAR keypair\n * 6. Storing encrypted key data in IndexedDB\n \n Security: PRF.second and WrapKeySeed never traverse the main thread - they're delivered\n * directly from VRF worker to Signer worker via MessagePort.\n /\nexport async function registerDevice2WithDerivedKey({\n ctx,\n sessionId,\n nearAccountId,\n credential,\n vrfChallenge,\n transactionContext,\n contractId,\n wrapKeySalt,\n deviceNumber,\n deterministicVrfPublicKey,\n}: {\n ctx: SignerWorkerManagerContext;\n sessionId: string;\n nearAccountId: AccountId;\n credential: WebAuthnRegistrationCredential;\n vrfChallenge: VRFChallenge;\n transactionContext: TransactionContext;\n contractId: string;\n wrapKeySalt: string;\n deviceNumber?: number;\n deterministicVrfPublicKey?: string;\n}): Promise<{\n success: boolean;\n publicKey: string;\n signedTransaction: any;\n wrapKeySalt: string;\n encryptedData?: string;\n /\n Base64url-encoded AEAD nonce (ChaCha20-Poly1305) for the encrypted private key.\n */\n chacha20NonceB64u?: string;\n error?: string;\n}> {\n try {\n if (!sessionId) {\n throw new Error('Missing sessionId for Device2 registration');\n }\n\n console.debug('[SignerWorkerManager] Starting Device2 combined registration', {\n nearAccountId,\n sessionId,\n deviceNumber,\n });\n\n // Helper to convert base64url string to byte array (number[])\n const b64ToBytes = (s: string \| undefined): number[] => {\n if (!s) return [];\n return Array.from(base64UrlDecode(s));\n };\n // Construct contractArgs in TypeScript and use JSON.stringify() here.\n // This is native to JS, extremely fast, and means the Rust worker just receives a \"dumb\" string that it can blindly convert to bytes\n const finalContractArgs = {\n vrf_data: {\n vrf_input_data: b64ToBytes(vrfChallenge.vrfInput),\n vrf_output: b64ToBytes(vrfChallenge.vrfOutput),\n vrf_proof: b64ToBytes(vrfChallenge.vrfProof),\n public_key: b64ToBytes(vrfChallenge.vrfPublicKey),\n user_id: vrfChallenge.userId,\n rp_id: vrfChallenge.rpId,\n block_height: Number(vrfChallenge.blockHeight),\n block_hash: b64ToBytes(vrfChallenge.blockHash),\n },\n webauthn_registration: credential,\n deterministic_vrf_public_key: b64ToBytes(deterministicVrfPublicKey),\n authenticator_options: {\n userVerification: toEnumUserVerificationPolicy(UserVerificationPolicy.Preferred),\n originPolicy: {\n single: undefined,\n all_subdomains: true,\n multiple: undefined,\n },\n },\n };\n\n // Build request payload for combined Device2 registration\n const response = await ctx.sendMessage<WorkerRequestType.RegisterDevice2WithDerivedKey>({\n sessionId,\n message: {\n type: WorkerRequestType.RegisterDevice2WithDerivedKey,\n payload: withSessionId(sessionId, {\n credential,\n nearAccountId,\n transactionContext: {\n txBlockHash: transactionContext.txBlockHash,\n txBlockHeight: transactionContext.txBlockHeight,\n baseNonce: transactionContext.nextNonce,\n },\n contractId,\n contractArgsJson: JSON.stringify(finalContractArgs),\n }),\n },\n });\n\n if (!isRegisterDevice2WithDerivedKeySuccess(response)) {\n throw new Error('Device2 combined registration failed');\n }\n\n const wasmResult = response.payload;\n\n console.debug('[SignerWorkerManager] Device2 registration complete, storing encrypted key');\n\n // Store encrypted NEAR key in IndexedDB\n const chacha20NonceB64u = wasmResult.chacha20NonceB64u;\n if (!chacha20NonceB64u) {\n throw new Error('Missing chacha20NonceB64u in Device2 registration result');\n }\n const keyData: EncryptedKeyData = {\n nearAccountId,\n deviceNumber: deviceNumber ?? 2, // Default to device 2\n encryptedData: wasmResult.encryptedData,\n chacha20NonceB64u,\n wrapKeySalt: wasmResult.wrapKeySalt,\n version: 2,\n timestamp: Date.now(),\n };\n await ctx.indexedDB.nearKeysDB.storeEncryptedKey(keyData);\n\n console.debug('[SignerWorkerManager] Device2 encrypted key stored successfully');\n\n return {\n success: true,\n publicKey: wasmResult.publicKey,\n signedTransaction: wasmResult.signedTransaction,\n wrapKeySalt: wasmResult.wrapKeySalt,\n encryptedData: wasmResult.encryptedData,\n chacha20NonceB64u,\n };\n } catch (error: unknown) {\n console.error('[SignerWorkerManager] registerDevice2WithDerivedKey error:', error);\n const message = String((error as { message?: unknown })?.message \|\| error \|\| '');\n return {\n success: false,\n publicKey: '',\n signedTransaction: null,\n wrapKeySalt: '',\n error: message,\n };\n }\n}\n"],"mappings":"~~;;;;;;;;;;;;;;;;;;;;;;;;;;~~AA6BA,eAAsB,8BAA8B,EAClD,KACA,WACA,eACA,YACA,cACA,oBACA,YACA,aACA,cACA,6BAuBC;AACD,KAAI;AACF,MAAI,CAAC,UACH,OAAM,IAAI,MAAM;AAGlB,UAAQ,MAAM,gEAAgE;GAC5E;GACA;GACA;;EAIF,MAAM,cAAc,MAAoC;AACtD,OAAI,CAAC,EAAG,QAAO;AACf,UAAO,MAAM,KAAKA,+BAAgB;;EAIpC,MAAM,oBAAoB;GACxB,UAAU;IACR,gBAAgB,WAAW,aAAa;IACxC,YAAY,WAAW,aAAa;IACpC,WAAW,WAAW,aAAa;IACnC,YAAY,WAAW,aAAa;IACpC,SAAS,aAAa;IACtB,OAAO,aAAa;IACpB,cAAc,OAAO,aAAa;IAClC,YAAY,WAAW,aAAa;;GAEtC,uBAAuB;GACvB,8BAA8B,WAAW;GACzC,uBAAuB;IACrB,kBAAkBC,0DAA6BC,oDAAuB;IACtE,cAAc;KACZ,QAAQ;KACR,gBAAgB;KAChB,UAAU;;;;EAMhB,MAAM,WAAW,MAAM,IAAI,YAA6D;GACtF;GACA,SAAS;IACP,MAAMC,mEAAkB;IACxB,SAASC,8BAAc,WAAW;KAChC;KACA;KACA,oBAAoB;MAClB,aAAa,mBAAmB;MAChC,eAAe,mBAAmB;MAClC,WAAW,mBAAmB;;KAEhC;KACA,kBAAkB,KAAK,UAAU;;;;AAKvC,MAAI,CAACC,6DAAuC,UAC1C,OAAM,IAAI,MAAM;EAGlB,MAAM,aAAa,SAAS;AAE5B,UAAQ,MAAM;EAGd,MAAM,oBAAoB,WAAW;AACrC,MAAI,CAAC,kBACH,OAAM,IAAI,MAAM;EAElB,MAAMC,UAA4B;GAChC;GACA,cAAc,gBAAgB;GAC9B,eAAe,WAAW;GAC1B;GACA,aAAa,WAAW;GACxB,SAAS;GACT,WAAW,KAAK;;AAElB,QAAM,IAAI,UAAU,WAAW,kBAAkB;AAEjD,UAAQ,MAAM;AAEd,SAAO;GACL,SAAS;GACT,WAAW,WAAW;GACtB,mBAAmB,WAAW;GAC9B,aAAa,WAAW;GACxB,eAAe,WAAW;GAC1B;;UAEKC,OAAgB;AACvB,UAAQ,MAAM,8DAA8D;EAC5E,MAAM,UAAU,OAAQ,OAAiC,WAAW,SAAS;AAC7E,SAAO;GACL,SAAS;GACT,WAAW;GACX,mBAAmB;GACnB,aAAa;GACb,OAAO"}
1	+ {"version":3,"file":"registerDevice2WithDerivedKey.js","names":["base64UrlDecode","toEnumUserVerificationPolicy","UserVerificationPolicy","WorkerRequestType","withSessionId","isRegisterDevice2WithDerivedKeySuccess","keyData: EncryptedKeyData","error: unknown"],"sources":["../../../../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/registerDevice2WithDerivedKey.ts"],"sourcesContent":["import { base64UrlDecode } from '../../../../utils';\nimport type { EncryptedKeyData } from '../../../IndexedDBManager/passkeyNearKeysDB';\nimport {\n WorkerRequestType,\n isRegisterDevice2WithDerivedKeySuccess,\n} from '../../../types/signer-worker';\nimport { AccountId, toAccountId } from \"../../../types/accountIds\";\nimport { SignerWorkerManagerContext } from '..';\nimport type { WebAuthnRegistrationCredential } from '@/core/types/webauthn';\nimport type { VRFChallenge } from '../../../types/vrf-worker';\nimport type { TransactionContext } from '../../../types/rpc';\nimport { withSessionId } from './session';\nimport { UserVerificationPolicy, toEnumUserVerificationPolicy } from '../../../types/authenticatorOptions';\n\n/*\n Combined Device2 registration flow: derive NEAR keypair + sign registration transaction\n * in a single operation without requiring a separate authentication prompt.\n \n This handler orchestrates:\n * 1. Retrieving PRF.second and WrapKeySeed from session storage (delivered via MessagePort)\n * 2. Deriving NEAR ed25519 keypair from PRF.second\n * 3. Encrypting the NEAR private key with KEK (derived from WrapKeySeed + wrapKeySalt)\n * 4. Building the Device2 registration transaction (`link_device_register_user`)\n * 5. Signing the transaction with the derived NEAR keypair\n * 6. Storing encrypted key data in IndexedDB\n \n Security: PRF.second and WrapKeySeed never traverse the main thread - they're delivered\n * directly from VRF worker to Signer worker via MessagePort.\n /\nexport async function registerDevice2WithDerivedKey({\n ctx,\n sessionId,\n nearAccountId,\n credential,\n vrfChallenge,\n transactionContext,\n contractId,\n wrapKeySalt,\n deviceNumber,\n deterministicVrfPublicKey,\n}: {\n ctx: SignerWorkerManagerContext;\n sessionId: string;\n nearAccountId: AccountId;\n credential: WebAuthnRegistrationCredential;\n vrfChallenge: VRFChallenge;\n transactionContext: TransactionContext;\n contractId: string;\n wrapKeySalt: string;\n deviceNumber?: number;\n deterministicVrfPublicKey?: string;\n}): Promise<{\n success: boolean;\n publicKey: string;\n signedTransaction: any;\n wrapKeySalt: string;\n encryptedData?: string;\n /\n Base64url-encoded AEAD nonce (ChaCha20-Poly1305) for the encrypted private key.\n */\n chacha20NonceB64u?: string;\n error?: string;\n}> {\n try {\n if (!sessionId) {\n throw new Error('Missing sessionId for Device2 registration');\n }\n\n console.debug('[SignerWorkerManager] Starting Device2 combined registration', {\n nearAccountId,\n sessionId,\n deviceNumber,\n });\n\n // Helper to convert base64url string to byte array (number[])\n const b64ToBytes = (s: string \| undefined): number[] => {\n if (!s) return [];\n return Array.from(base64UrlDecode(s));\n };\n // Construct contractArgs in TypeScript and use JSON.stringify() here.\n // This is native to JS, extremely fast, and means the Rust worker just receives a \"dumb\" string that it can blindly convert to bytes\n const finalContractArgs = {\n vrf_data: {\n vrf_input_data: b64ToBytes(vrfChallenge.vrfInput),\n vrf_output: b64ToBytes(vrfChallenge.vrfOutput),\n vrf_proof: b64ToBytes(vrfChallenge.vrfProof),\n public_key: b64ToBytes(vrfChallenge.vrfPublicKey),\n user_id: vrfChallenge.userId,\n rp_id: vrfChallenge.rpId,\n block_height: Number(vrfChallenge.blockHeight),\n block_hash: b64ToBytes(vrfChallenge.blockHash),\n },\n webauthn_registration: credential,\n deterministic_vrf_public_key: b64ToBytes(deterministicVrfPublicKey),\n authenticator_options: {\n userVerification: toEnumUserVerificationPolicy(UserVerificationPolicy.Preferred),\n originPolicy: {\n single: undefined,\n all_subdomains: true,\n multiple: undefined,\n },\n },\n };\n\n // Build request payload for combined Device2 registration\n const response = await ctx.sendMessage<WorkerRequestType.RegisterDevice2WithDerivedKey>({\n sessionId,\n message: {\n type: WorkerRequestType.RegisterDevice2WithDerivedKey,\n payload: withSessionId(sessionId, {\n credential,\n nearAccountId,\n transactionContext: {\n txBlockHash: transactionContext.txBlockHash,\n txBlockHeight: transactionContext.txBlockHeight,\n baseNonce: transactionContext.nextNonce,\n },\n contractId,\n contractArgsJson: JSON.stringify(finalContractArgs),\n }),\n },\n });\n\n if (!isRegisterDevice2WithDerivedKeySuccess(response)) {\n throw new Error('Device2 combined registration failed');\n }\n\n const wasmResult = response.payload;\n\n console.debug('[SignerWorkerManager] Device2 registration complete, storing encrypted key');\n\n // Store encrypted NEAR key in IndexedDB\n const chacha20NonceB64u = wasmResult.chacha20NonceB64u;\n if (!chacha20NonceB64u) {\n throw new Error('Missing chacha20NonceB64u in Device2 registration result');\n }\n const keyData: EncryptedKeyData = {\n nearAccountId,\n deviceNumber: deviceNumber ?? 2, // Default to device 2\n encryptedData: wasmResult.encryptedData,\n chacha20NonceB64u,\n wrapKeySalt: wasmResult.wrapKeySalt,\n version: 2,\n timestamp: Date.now(),\n };\n await ctx.indexedDB.nearKeysDB.storeEncryptedKey(keyData);\n\n console.debug('[SignerWorkerManager] Device2 encrypted key stored successfully');\n\n return {\n success: true,\n publicKey: wasmResult.publicKey,\n signedTransaction: wasmResult.signedTransaction,\n wrapKeySalt: wasmResult.wrapKeySalt,\n encryptedData: wasmResult.encryptedData,\n chacha20NonceB64u,\n };\n } catch (error: unknown) {\n console.error('[SignerWorkerManager] registerDevice2WithDerivedKey error:', error);\n const message = String((error as { message?: unknown })?.message \|\| error \|\| '');\n return {\n success: false,\n publicKey: '',\n signedTransaction: null,\n wrapKeySalt: '',\n error: message,\n };\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;AA6BA,eAAsB,8BAA8B,EAClD,KACA,WACA,eACA,YACA,cACA,oBACA,YACA,aACA,cACA,6BAuBC;AACD,KAAI;AACF,MAAI,CAAC,UACH,OAAM,IAAI,MAAM;AAGlB,UAAQ,MAAM,gEAAgE;GAC5E;GACA;GACA;;EAIF,MAAM,cAAc,MAAoC;AACtD,OAAI,CAAC,EAAG,QAAO;AACf,UAAO,MAAM,KAAKA,+BAAgB;;EAIpC,MAAM,oBAAoB;GACxB,UAAU;IACR,gBAAgB,WAAW,aAAa;IACxC,YAAY,WAAW,aAAa;IACpC,WAAW,WAAW,aAAa;IACnC,YAAY,WAAW,aAAa;IACpC,SAAS,aAAa;IACtB,OAAO,aAAa;IACpB,cAAc,OAAO,aAAa;IAClC,YAAY,WAAW,aAAa;;GAEtC,uBAAuB;GACvB,8BAA8B,WAAW;GACzC,uBAAuB;IACrB,kBAAkBC,0DAA6BC,oDAAuB;IACtE,cAAc;KACZ,QAAQ;KACR,gBAAgB;KAChB,UAAU;;;;EAMhB,MAAM,WAAW,MAAM,IAAI,YAA6D;GACtF;GACA,SAAS;IACP,MAAMC,mEAAkB;IACxB,SAASC,8BAAc,WAAW;KAChC;KACA;KACA,oBAAoB;MAClB,aAAa,mBAAmB;MAChC,eAAe,mBAAmB;MAClC,WAAW,mBAAmB;;KAEhC;KACA,kBAAkB,KAAK,UAAU;;;;AAKvC,MAAI,CAACC,6DAAuC,UAC1C,OAAM,IAAI,MAAM;EAGlB,MAAM,aAAa,SAAS;AAE5B,UAAQ,MAAM;EAGd,MAAM,oBAAoB,WAAW;AACrC,MAAI,CAAC,kBACH,OAAM,IAAI,MAAM;EAElB,MAAMC,UAA4B;GAChC;GACA,cAAc,gBAAgB;GAC9B,eAAe,WAAW;GAC1B;GACA,aAAa,WAAW;GACxB,SAAS;GACT,WAAW,KAAK;;AAElB,QAAM,IAAI,UAAU,WAAW,kBAAkB;AAEjD,UAAQ,MAAM;AAEd,SAAO;GACL,SAAS;GACT,WAAW,WAAW;GACtB,mBAAmB,WAAW;GAC9B,aAAa,WAAW;GACxB,eAAe,WAAW;GAC1B;;UAEKC,OAAgB;AACvB,UAAQ,MAAM,8DAA8D;EAC5E,MAAM,UAAU,OAAQ,OAAiC,WAAW,SAAS;AAC7E,SAAO;GACL,SAAS;GACT,WAAW;GACX,mBAAmB;GACnB,aAAa;GACb,OAAO"}

package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/signDelegateAction.js CHANGED Viewed

@@ -14,6 +14,7 @@ require_defaultConfigs.init_defaultConfigs();
 require_accountIds.init_accountIds();
 require_actions.init_actions();
 require_signer_worker.init_signer_worker();
+require_getDeviceNumber.init_getDeviceNumber();
 async function signDelegateAction({ ctx, delegate, rpcCall, onEvent, confirmationConfigOverride, title, body, sessionId: providedSessionId }) {
 	const sessionId = providedSessionId ?? require_sessionHandshake.generateSessionId();
 	const nearAccountId = rpcCall.nearAccountId || delegate.senderId;

package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/signDelegateAction.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"signDelegateAction.js","names":["generateSessionId","PASSKEY_MANAGER_DEFAULT_CONFIGS","toActionArgsWasm","getLastLoggedInDeviceNumber","WorkerRequestType","toPublicKeyString","isSignDelegateActionSuccess","toAccountId"],"sources":["../../../../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/signDelegateAction.ts"],"sourcesContent":["import { PASSKEY_MANAGER_DEFAULT_CONFIGS } from '../../../defaultConfigs';\nimport { AccountId, toAccountId } from '../../../types/accountIds';\nimport { toActionArgsWasm, validateActionArgsWasm } from '../../../types/actions';\nimport { DelegateActionInput } from '../../../types/delegate';\nimport { type onProgressEvents } from '../../../types/sdkSentEvents';\nimport {\n ConfirmationConfig,\n RpcCallPayload,\n WorkerRequestType,\n isSignDelegateActionSuccess,\n WasmDelegateSignResult,\n WasmSignedDelegate,\n} from '../../../types/signer-worker';\nimport { SignerWorkerManagerContext } from '..';\nimport { getLastLoggedInDeviceNumber } from '../getDeviceNumber';\nimport { generateSessionId } from '../sessionHandshake.js';\nimport { toPublicKeyString } from './validation';\n\n\nexport async function signDelegateAction({\n ctx,\n delegate,\n rpcCall,\n onEvent,\n confirmationConfigOverride,\n title,\n body,\n sessionId: providedSessionId,\n}: {\n ctx: SignerWorkerManagerContext;\n delegate: DelegateActionInput;\n rpcCall: RpcCallPayload;\n onEvent?: (update: onProgressEvents) => void;\n confirmationConfigOverride?: Partial<ConfirmationConfig>;\n title?: string;\n body?: string;\n sessionId?: string;\n}): Promise<{\n signedDelegate: WasmSignedDelegate;\n hash: string;\n nearAccountId: AccountId;\n logs?: string[];\n}> {\n const sessionId = providedSessionId ?? generateSessionId();\n const nearAccountId = rpcCall.nearAccountId \|\| delegate.senderId;\n\n const resolvedRpcCall = {\n contractId: rpcCall.contractId \|\| PASSKEY_MANAGER_DEFAULT_CONFIGS.contractId,\n nearRpcUrl: rpcCall.nearRpcUrl \|\| (PASSKEY_MANAGER_DEFAULT_CONFIGS.nearRpcUrl.split(',')[0] \|\| PASSKEY_MANAGER_DEFAULT_CONFIGS.nearRpcUrl),\n nearAccountId,\n } as RpcCallPayload;\n\n const actionsWasm = delegate.actions.map(toActionArgsWasm);\n actionsWasm.forEach((action, actionIndex) => {\n try {\n validateActionArgsWasm(action);\n } catch (error) {\n throw new Error(\n `Delegate action ${actionIndex} validation failed: ${error instanceof Error ? error.message : String(error)}`\n );\n }\n });\n\n const deviceNumber = await getLastLoggedInDeviceNumber(nearAccountId, ctx.indexedDB.clientDB);\n const encryptedKeyData = await ctx.indexedDB.nearKeysDB.getEncryptedKey(nearAccountId, deviceNumber);\n if (!encryptedKeyData) {\n throw new Error(`No encrypted key found for account: ${nearAccountId}`);\n }\n if (!ctx.vrfWorkerManager) {\n throw new Error('VrfWorkerManager not available for delegate signing');\n }\n\n const confirmation = await ctx.vrfWorkerManager.confirmAndPrepareSigningSession({\n ctx,\n sessionId,\n kind: 'delegate',\n nearAccountId,\n delegate: {\n senderId: delegate.senderId \|\| nearAccountId,\n receiverId: delegate.receiverId,\n actions: actionsWasm,\n nonce: delegate.nonce,\n maxBlockHeight: delegate.maxBlockHeight,\n },\n rpcCall: resolvedRpcCall,\n confirmationConfigOverride,\n title,\n body,\n });\n\n const intentDigest = confirmation.intentDigest;\n const transactionContext = confirmation.transactionContext;\n const credential = confirmation.credential ? JSON.stringify(confirmation.credential) : undefined;\n\n const response = await ctx.sendMessage({\n sessionId,\n message: {\n type: WorkerRequestType.SignDelegateAction,\n payload: {\n rpcCall: resolvedRpcCall,\n createdAt: Date.now(),\n decryption: {\n encryptedPrivateKeyData: encryptedKeyData.encryptedData,\n encryptedPrivateKeyChacha20NonceB64u: encryptedKeyData.chacha20NonceB64u,\n },\n delegate: {\n senderId: delegate.senderId \|\| nearAccountId,\n receiverId: delegate.receiverId,\n actions: actionsWasm,\n nonce: delegate.nonce.toString(),\n maxBlockHeight: delegate.maxBlockHeight.toString(),\n publicKey: toPublicKeyString(delegate.publicKey),\n },\n intentDigest,\n transactionContext,\n credential,\n },\n },\n onEvent,\n });\n\n // eslint-disable-next-line no-console\n console.debug('[WebAuthnManager][delegate] raw worker response', response);\n\n if (!isSignDelegateActionSuccess(response)) {\n // eslint-disable-next-line no-console\n console.error('[WebAuthnManager][delegate] non-success worker response', response);\n const payloadError = (response as any)?.payload?.error;\n throw new Error(payloadError \|\| 'Delegate action signing failed');\n }\n\n const payload = response.payload as WasmDelegateSignResult;\n if (!payload.success \|\| !payload.signedDelegate \|\| !payload.hash) {\n // eslint-disable-next-line no-console\n console.error('[WebAuthnManager][delegate] invalid delegate payload', payload);\n throw new Error(payload.error \|\| 'Delegate action signing failed');\n }\n\n return {\n signedDelegate: payload.signedDelegate,\n hash: payload.hash,\n nearAccountId: toAccountId(nearAccountId),\n logs: payload.logs,\n };\n}\n"],"mappings":"~~;;;;;;;;;;;;;;;;~~AAmBA,eAAsB,mBAAmB,EACvC,KACA,UACA,SACA,SACA,4BACA,OACA,MACA,WAAW,qBAeV;CACD,MAAM,YAAY,qBAAqBA;CACvC,MAAM,gBAAgB,QAAQ,iBAAiB,SAAS;CAExD,MAAM,kBAAkB;EACtB,YAAY,QAAQ,cAAcC,uDAAgC;EAClE,YAAY,QAAQ,cAAeA,uDAAgC,WAAW,MAAM,KAAK,MAAMA,uDAAgC;EAC/H;;CAGF,MAAM,cAAc,SAAS,QAAQ,IAAIC;AACzC,aAAY,SAAS,QAAQ,gBAAgB;AAC3C,MAAI;AACF,0CAAuB;WAChB,OAAO;AACd,SAAM,IAAI,MACR,mBAAmB,YAAY,sBAAsB,iBAAiB,QAAQ,MAAM,UAAU,OAAO;;;CAK3G,MAAM,eAAe,MAAMC,oDAA4B,eAAe,IAAI,UAAU;CACpF,MAAM,mBAAmB,MAAM,IAAI,UAAU,WAAW,gBAAgB,eAAe;AACvF,KAAI,CAAC,iBACH,OAAM,IAAI,MAAM,uCAAuC;AAEzD,KAAI,CAAC,IAAI,iBACP,OAAM,IAAI,MAAM;CAGlB,MAAM,eAAe,MAAM,IAAI,iBAAiB,gCAAgC;EAC9E;EACA;EACA,MAAM;EACN;EACA,UAAU;GACR,UAAU,SAAS,YAAY;GAC/B,YAAY,SAAS;GACrB,SAAS;GACT,OAAO,SAAS;GAChB,gBAAgB,SAAS;;EAE3B,SAAS;EACT;EACA;EACA;;CAGF,MAAM,eAAe,aAAa;CAClC,MAAM,qBAAqB,aAAa;CACxC,MAAM,aAAa,aAAa,aAAa,KAAK,UAAU,aAAa,cAAc;CAEvF,MAAM,WAAW,MAAM,IAAI,YAAY;EACrC;EACA,SAAS;GACP,MAAMC,mEAAkB;GACxB,SAAS;IACP,SAAS;IACT,WAAW,KAAK;IAChB,YAAY;KACV,yBAAyB,iBAAiB;KAC1C,sCAAsC,iBAAiB;;IAEzD,UAAU;KACR,UAAU,SAAS,YAAY;KAC/B,YAAY,SAAS;KACrB,SAAS;KACT,OAAO,SAAS,MAAM;KACtB,gBAAgB,SAAS,eAAe;KACxC,WAAWC,qCAAkB,SAAS;;IAExC;IACA;IACA;;;EAGJ;;AAIF,SAAQ,MAAM,mDAAmD;AAEjE,KAAI,CAACC,kDAA4B,WAAW;AAE1C,UAAQ,MAAM,2DAA2D;EACzE,MAAM,eAAgB,UAAkB,SAAS;AACjD,QAAM,IAAI,MAAM,gBAAgB;;CAGlC,MAAM,UAAU,SAAS;AACzB,KAAI,CAAC,QAAQ,WAAW,CAAC,QAAQ,kBAAkB,CAAC,QAAQ,MAAM;AAEhE,UAAQ,MAAM,wDAAwD;AACtE,QAAM,IAAI,MAAM,QAAQ,SAAS;;AAGnC,QAAO;EACL,gBAAgB,QAAQ;EACxB,MAAM,QAAQ;EACd,eAAeC,+BAAY;EAC3B,MAAM,QAAQ"}
1	+ {"version":3,"file":"signDelegateAction.js","names":["generateSessionId","PASSKEY_MANAGER_DEFAULT_CONFIGS","toActionArgsWasm","getLastLoggedInDeviceNumber","WorkerRequestType","toPublicKeyString","isSignDelegateActionSuccess","toAccountId"],"sources":["../../../../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/signDelegateAction.ts"],"sourcesContent":["import { PASSKEY_MANAGER_DEFAULT_CONFIGS } from '../../../defaultConfigs';\nimport { AccountId, toAccountId } from '../../../types/accountIds';\nimport { toActionArgsWasm, validateActionArgsWasm } from '../../../types/actions';\nimport { DelegateActionInput } from '../../../types/delegate';\nimport { type onProgressEvents } from '../../../types/sdkSentEvents';\nimport {\n ConfirmationConfig,\n RpcCallPayload,\n WorkerRequestType,\n isSignDelegateActionSuccess,\n WasmDelegateSignResult,\n WasmSignedDelegate,\n} from '../../../types/signer-worker';\nimport { SignerWorkerManagerContext } from '..';\nimport { getLastLoggedInDeviceNumber } from '../getDeviceNumber';\nimport { generateSessionId } from '../sessionHandshake.js';\nimport { toPublicKeyString } from './validation';\n\n\nexport async function signDelegateAction({\n ctx,\n delegate,\n rpcCall,\n onEvent,\n confirmationConfigOverride,\n title,\n body,\n sessionId: providedSessionId,\n}: {\n ctx: SignerWorkerManagerContext;\n delegate: DelegateActionInput;\n rpcCall: RpcCallPayload;\n onEvent?: (update: onProgressEvents) => void;\n confirmationConfigOverride?: Partial<ConfirmationConfig>;\n title?: string;\n body?: string;\n sessionId?: string;\n}): Promise<{\n signedDelegate: WasmSignedDelegate;\n hash: string;\n nearAccountId: AccountId;\n logs?: string[];\n}> {\n const sessionId = providedSessionId ?? generateSessionId();\n const nearAccountId = rpcCall.nearAccountId \|\| delegate.senderId;\n\n const resolvedRpcCall = {\n contractId: rpcCall.contractId \|\| PASSKEY_MANAGER_DEFAULT_CONFIGS.contractId,\n nearRpcUrl: rpcCall.nearRpcUrl \|\| (PASSKEY_MANAGER_DEFAULT_CONFIGS.nearRpcUrl.split(',')[0] \|\| PASSKEY_MANAGER_DEFAULT_CONFIGS.nearRpcUrl),\n nearAccountId,\n } as RpcCallPayload;\n\n const actionsWasm = delegate.actions.map(toActionArgsWasm);\n actionsWasm.forEach((action, actionIndex) => {\n try {\n validateActionArgsWasm(action);\n } catch (error) {\n throw new Error(\n `Delegate action ${actionIndex} validation failed: ${error instanceof Error ? error.message : String(error)}`\n );\n }\n });\n\n const deviceNumber = await getLastLoggedInDeviceNumber(nearAccountId, ctx.indexedDB.clientDB);\n const encryptedKeyData = await ctx.indexedDB.nearKeysDB.getEncryptedKey(nearAccountId, deviceNumber);\n if (!encryptedKeyData) {\n throw new Error(`No encrypted key found for account: ${nearAccountId}`);\n }\n if (!ctx.vrfWorkerManager) {\n throw new Error('VrfWorkerManager not available for delegate signing');\n }\n\n const confirmation = await ctx.vrfWorkerManager.confirmAndPrepareSigningSession({\n ctx,\n sessionId,\n kind: 'delegate',\n nearAccountId,\n delegate: {\n senderId: delegate.senderId \|\| nearAccountId,\n receiverId: delegate.receiverId,\n actions: actionsWasm,\n nonce: delegate.nonce,\n maxBlockHeight: delegate.maxBlockHeight,\n },\n rpcCall: resolvedRpcCall,\n confirmationConfigOverride,\n title,\n body,\n });\n\n const intentDigest = confirmation.intentDigest;\n const transactionContext = confirmation.transactionContext;\n const credential = confirmation.credential ? JSON.stringify(confirmation.credential) : undefined;\n\n const response = await ctx.sendMessage({\n sessionId,\n message: {\n type: WorkerRequestType.SignDelegateAction,\n payload: {\n rpcCall: resolvedRpcCall,\n createdAt: Date.now(),\n decryption: {\n encryptedPrivateKeyData: encryptedKeyData.encryptedData,\n encryptedPrivateKeyChacha20NonceB64u: encryptedKeyData.chacha20NonceB64u,\n },\n delegate: {\n senderId: delegate.senderId \|\| nearAccountId,\n receiverId: delegate.receiverId,\n actions: actionsWasm,\n nonce: delegate.nonce.toString(),\n maxBlockHeight: delegate.maxBlockHeight.toString(),\n publicKey: toPublicKeyString(delegate.publicKey),\n },\n intentDigest,\n transactionContext,\n credential,\n },\n },\n onEvent,\n });\n\n // eslint-disable-next-line no-console\n console.debug('[WebAuthnManager][delegate] raw worker response', response);\n\n if (!isSignDelegateActionSuccess(response)) {\n // eslint-disable-next-line no-console\n console.error('[WebAuthnManager][delegate] non-success worker response', response);\n const payloadError = (response as any)?.payload?.error;\n throw new Error(payloadError \|\| 'Delegate action signing failed');\n }\n\n const payload = response.payload as WasmDelegateSignResult;\n if (!payload.success \|\| !payload.signedDelegate \|\| !payload.hash) {\n // eslint-disable-next-line no-console\n console.error('[WebAuthnManager][delegate] invalid delegate payload', payload);\n throw new Error(payload.error \|\| 'Delegate action signing failed');\n }\n\n return {\n signedDelegate: payload.signedDelegate,\n hash: payload.hash,\n nearAccountId: toAccountId(nearAccountId),\n logs: payload.logs,\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;AAmBA,eAAsB,mBAAmB,EACvC,KACA,UACA,SACA,SACA,4BACA,OACA,MACA,WAAW,qBAeV;CACD,MAAM,YAAY,qBAAqBA;CACvC,MAAM,gBAAgB,QAAQ,iBAAiB,SAAS;CAExD,MAAM,kBAAkB;EACtB,YAAY,QAAQ,cAAcC,uDAAgC;EAClE,YAAY,QAAQ,cAAeA,uDAAgC,WAAW,MAAM,KAAK,MAAMA,uDAAgC;EAC/H;;CAGF,MAAM,cAAc,SAAS,QAAQ,IAAIC;AACzC,aAAY,SAAS,QAAQ,gBAAgB;AAC3C,MAAI;AACF,0CAAuB;WAChB,OAAO;AACd,SAAM,IAAI,MACR,mBAAmB,YAAY,sBAAsB,iBAAiB,QAAQ,MAAM,UAAU,OAAO;;;CAK3G,MAAM,eAAe,MAAMC,oDAA4B,eAAe,IAAI,UAAU;CACpF,MAAM,mBAAmB,MAAM,IAAI,UAAU,WAAW,gBAAgB,eAAe;AACvF,KAAI,CAAC,iBACH,OAAM,IAAI,MAAM,uCAAuC;AAEzD,KAAI,CAAC,IAAI,iBACP,OAAM,IAAI,MAAM;CAGlB,MAAM,eAAe,MAAM,IAAI,iBAAiB,gCAAgC;EAC9E;EACA;EACA,MAAM;EACN;EACA,UAAU;GACR,UAAU,SAAS,YAAY;GAC/B,YAAY,SAAS;GACrB,SAAS;GACT,OAAO,SAAS;GAChB,gBAAgB,SAAS;;EAE3B,SAAS;EACT;EACA;EACA;;CAGF,MAAM,eAAe,aAAa;CAClC,MAAM,qBAAqB,aAAa;CACxC,MAAM,aAAa,aAAa,aAAa,KAAK,UAAU,aAAa,cAAc;CAEvF,MAAM,WAAW,MAAM,IAAI,YAAY;EACrC;EACA,SAAS;GACP,MAAMC,mEAAkB;GACxB,SAAS;IACP,SAAS;IACT,WAAW,KAAK;IAChB,YAAY;KACV,yBAAyB,iBAAiB;KAC1C,sCAAsC,iBAAiB;;IAEzD,UAAU;KACR,UAAU,SAAS,YAAY;KAC/B,YAAY,SAAS;KACrB,SAAS;KACT,OAAO,SAAS,MAAM;KACtB,gBAAgB,SAAS,eAAe;KACxC,WAAWC,qCAAkB,SAAS;;IAExC;IACA;IACA;;;EAGJ;;AAIF,SAAQ,MAAM,mDAAmD;AAEjE,KAAI,CAACC,kDAA4B,WAAW;AAE1C,UAAQ,MAAM,2DAA2D;EACzE,MAAM,eAAgB,UAAkB,SAAS;AACjD,QAAM,IAAI,MAAM,gBAAgB;;CAGlC,MAAM,UAAU,SAAS;AACzB,KAAI,CAAC,QAAQ,WAAW,CAAC,QAAQ,kBAAkB,CAAC,QAAQ,MAAM;AAEhE,UAAQ,MAAM,wDAAwD;AACtE,QAAM,IAAI,MAAM,QAAQ,SAAS;;AAGnC,QAAO;EACL,gBAAgB,QAAQ;EACxB,MAAM,QAAQ;EACd,eAAeC,+BAAY;EAC3B,MAAM,QAAQ"}

package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/signNep413Message.js CHANGED Viewed

@@ -8,6 +8,7 @@ src_wasm_signer_worker_pkg_wasm_signer_worker_js = require_rolldown_runtime.__to
 //#region src/core/WebAuthnManager/SignerWorkerManager/handlers/signNep413Message.ts
 require_signer_worker.init_signer_worker();
+require_getDeviceNumber.init_getDeviceNumber();
 require_validation.init_validation();
 /**
 * Sign a NEP-413 message using the user's passkey-derived private key

package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/signNep413Message.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"signNep413Message.js","names":["getLastLoggedInDeviceNumber","generateSessionId","WorkerRequestType","isSignNep413MessageSuccess","isObject","error: unknown"],"sources":["../../../../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/signNep413Message.ts"],"sourcesContent":["\nimport { WorkerRequestType, isSignNep413MessageSuccess } from '../../../types/signer-worker';\nimport type { ConfirmationConfig } from '../../../types/signer-worker';\nimport { getLastLoggedInDeviceNumber } from '../getDeviceNumber';\nimport { SignerWorkerManagerContext } from '..';\nimport { isObject } from '../../../WalletIframe/validation';\nimport { generateSessionId } from '../sessionHandshake.js';\n\n/*\n Sign a NEP-413 message using the user's passkey-derived private key\n \n @param payload - NEP-413 signing parameters including message, recipient, nonce, and state\n * @returns Promise resolving to signing result with account ID, public key, and signature\n */\nexport async function signNep413Message({ ctx, payload }: {\n ctx: SignerWorkerManagerContext;\n payload: {\n message: string;\n recipient: string;\n nonce: string;\n state: string \| null;\n accountId: string;\n title?: string;\n body?: string;\n confirmationConfigOverride?: Partial<ConfirmationConfig>;\n sessionId?: string;\n contractId?: string;\n nearRpcUrl?: string;\n };\n}): Promise<{\n success: boolean;\n accountId: string;\n publicKey: string;\n signature: string;\n state?: string;\n error?: string;\n}> {\n try {\n const deviceNumber = await getLastLoggedInDeviceNumber(payload.accountId, ctx.indexedDB.clientDB);\n const encryptedKeyData = await ctx.indexedDB.nearKeysDB.getEncryptedKey(payload.accountId, deviceNumber);\n if (!encryptedKeyData) {\n throw new Error(`No encrypted key found for account: ${payload.accountId}`);\n }\n\n // Expect caller (SignerWorkerManager) to reserve a session and wire ports; just use provided sessionId\n const sessionId = payload.sessionId ?? generateSessionId();\n\n if (!ctx.vrfWorkerManager) {\n throw new Error('VrfWorkerManager not available for NEP-413 signing');\n }\n\n await ctx.vrfWorkerManager.confirmAndPrepareSigningSession({\n ctx,\n sessionId,\n kind: 'nep413',\n nearAccountId: payload.accountId,\n message: payload.message,\n recipient: payload.recipient,\n title: payload.title,\n body: payload.body,\n confirmationConfigOverride: payload.confirmationConfigOverride,\n contractId: payload.contractId,\n nearRpcUrl: payload.nearRpcUrl,\n });\n\n const response = await ctx.sendMessage<WorkerRequestType.SignNep413Message>({\n sessionId,\n message: {\n type: WorkerRequestType.SignNep413Message,\n payload: {\n message: payload.message,\n recipient: payload.recipient,\n nonce: payload.nonce,\n state: payload.state \|\| undefined,\n accountId: payload.accountId,\n encryptedPrivateKeyData: encryptedKeyData.encryptedData,\n encryptedPrivateKeyChacha20NonceB64u: encryptedKeyData.chacha20NonceB64u,\n }\n },\n });\n\n if (!isSignNep413MessageSuccess(response)) {\n console.error('SignerWorkerManager: NEP-413 signing failed:', response);\n const payloadError = isObject(response?.payload) && (response as any)?.payload?.error;\n throw new Error(payloadError \|\| 'NEP-413 signing failed');\n }\n\n return {\n success: true,\n accountId: response.payload.accountId,\n publicKey: response.payload.publicKey,\n signature: response.payload.signature,\n state: response.payload.state \|\| undefined\n };\n\n } catch (error: unknown) {\n console.error('SignerWorkerManager: NEP-413 signing error:', error);\n return {\n success: false,\n accountId: '',\n publicKey: '',\n signature: '',\n error: (error && typeof (error as { message?: unknown }).message === 'string')\n ? (error as { message: string }).message\n : 'Unknown error'\n };\n }\n}\n"],"mappings":"~~;;;;;;;;;;;;;;;;;~~AAcA,eAAsB,kBAAkB,EAAE,KAAK,WAsB5C;AACD,KAAI;EACF,MAAM,eAAe,MAAMA,oDAA4B,QAAQ,WAAW,IAAI,UAAU;EACxF,MAAM,mBAAmB,MAAM,IAAI,UAAU,WAAW,gBAAgB,QAAQ,WAAW;AAC3F,MAAI,CAAC,iBACH,OAAM,IAAI,MAAM,uCAAuC,QAAQ;EAIjE,MAAM,YAAY,QAAQ,aAAaC;AAEvC,MAAI,CAAC,IAAI,iBACP,OAAM,IAAI,MAAM;AAGlB,QAAM,IAAI,iBAAiB,gCAAgC;GACzD;GACA;GACA,MAAM;GACN,eAAe,QAAQ;GACvB,SAAS,QAAQ;GACjB,WAAW,QAAQ;GACnB,OAAO,QAAQ;GACf,MAAM,QAAQ;GACd,4BAA4B,QAAQ;GACpC,YAAY,QAAQ;GACpB,YAAY,QAAQ;;EAGtB,MAAM,WAAW,MAAM,IAAI,YAAiD;GAC1E;GACA,SAAS;IACP,MAAMC,mEAAkB;IACxB,SAAS;KACP,SAAS,QAAQ;KACjB,WAAW,QAAQ;KACnB,OAAO,QAAQ;KACf,OAAO,QAAQ,SAAS;KACxB,WAAW,QAAQ;KACnB,yBAAyB,iBAAiB;KAC1C,sCAAsC,iBAAiB;;;;AAK7D,MAAI,CAACC,iDAA2B,WAAW;AACzC,WAAQ,MAAM,gDAAgD;GAC9D,MAAM,eAAeC,4BAAS,UAAU,YAAa,UAAkB,SAAS;AAChF,SAAM,IAAI,MAAM,gBAAgB;;AAGlC,SAAO;GACL,SAAS;GACT,WAAW,SAAS,QAAQ;GAC5B,WAAW,SAAS,QAAQ;GAC5B,WAAW,SAAS,QAAQ;GAC5B,OAAO,SAAS,QAAQ,SAAS;;UAG5BC,OAAgB;AACvB,UAAQ,MAAM,+CAA+C;AAC7D,SAAO;GACL,SAAS;GACT,WAAW;GACX,WAAW;GACX,WAAW;GACX,OAAQ,SAAS,OAAQ,MAAgC,YAAY,WAChE,MAA8B,UAC/B"}
1	+ {"version":3,"file":"signNep413Message.js","names":["getLastLoggedInDeviceNumber","generateSessionId","WorkerRequestType","isSignNep413MessageSuccess","isObject","error: unknown"],"sources":["../../../../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/signNep413Message.ts"],"sourcesContent":["\nimport { WorkerRequestType, isSignNep413MessageSuccess } from '../../../types/signer-worker';\nimport type { ConfirmationConfig } from '../../../types/signer-worker';\nimport { getLastLoggedInDeviceNumber } from '../getDeviceNumber';\nimport { SignerWorkerManagerContext } from '..';\nimport { isObject } from '../../../WalletIframe/validation';\nimport { generateSessionId } from '../sessionHandshake.js';\n\n/*\n Sign a NEP-413 message using the user's passkey-derived private key\n \n @param payload - NEP-413 signing parameters including message, recipient, nonce, and state\n * @returns Promise resolving to signing result with account ID, public key, and signature\n */\nexport async function signNep413Message({ ctx, payload }: {\n ctx: SignerWorkerManagerContext;\n payload: {\n message: string;\n recipient: string;\n nonce: string;\n state: string \| null;\n accountId: string;\n title?: string;\n body?: string;\n confirmationConfigOverride?: Partial<ConfirmationConfig>;\n sessionId?: string;\n contractId?: string;\n nearRpcUrl?: string;\n };\n}): Promise<{\n success: boolean;\n accountId: string;\n publicKey: string;\n signature: string;\n state?: string;\n error?: string;\n}> {\n try {\n const deviceNumber = await getLastLoggedInDeviceNumber(payload.accountId, ctx.indexedDB.clientDB);\n const encryptedKeyData = await ctx.indexedDB.nearKeysDB.getEncryptedKey(payload.accountId, deviceNumber);\n if (!encryptedKeyData) {\n throw new Error(`No encrypted key found for account: ${payload.accountId}`);\n }\n\n // Expect caller (SignerWorkerManager) to reserve a session and wire ports; just use provided sessionId\n const sessionId = payload.sessionId ?? generateSessionId();\n\n if (!ctx.vrfWorkerManager) {\n throw new Error('VrfWorkerManager not available for NEP-413 signing');\n }\n\n await ctx.vrfWorkerManager.confirmAndPrepareSigningSession({\n ctx,\n sessionId,\n kind: 'nep413',\n nearAccountId: payload.accountId,\n message: payload.message,\n recipient: payload.recipient,\n title: payload.title,\n body: payload.body,\n confirmationConfigOverride: payload.confirmationConfigOverride,\n contractId: payload.contractId,\n nearRpcUrl: payload.nearRpcUrl,\n });\n\n const response = await ctx.sendMessage<WorkerRequestType.SignNep413Message>({\n sessionId,\n message: {\n type: WorkerRequestType.SignNep413Message,\n payload: {\n message: payload.message,\n recipient: payload.recipient,\n nonce: payload.nonce,\n state: payload.state \|\| undefined,\n accountId: payload.accountId,\n encryptedPrivateKeyData: encryptedKeyData.encryptedData,\n encryptedPrivateKeyChacha20NonceB64u: encryptedKeyData.chacha20NonceB64u,\n }\n },\n });\n\n if (!isSignNep413MessageSuccess(response)) {\n console.error('SignerWorkerManager: NEP-413 signing failed:', response);\n const payloadError = isObject(response?.payload) && (response as any)?.payload?.error;\n throw new Error(payloadError \|\| 'NEP-413 signing failed');\n }\n\n return {\n success: true,\n accountId: response.payload.accountId,\n publicKey: response.payload.publicKey,\n signature: response.payload.signature,\n state: response.payload.state \|\| undefined\n };\n\n } catch (error: unknown) {\n console.error('SignerWorkerManager: NEP-413 signing error:', error);\n return {\n success: false,\n accountId: '',\n publicKey: '',\n signature: '',\n error: (error && typeof (error as { message?: unknown }).message === 'string')\n ? (error as { message: string }).message\n : 'Unknown error'\n };\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAcA,eAAsB,kBAAkB,EAAE,KAAK,WAsB5C;AACD,KAAI;EACF,MAAM,eAAe,MAAMA,oDAA4B,QAAQ,WAAW,IAAI,UAAU;EACxF,MAAM,mBAAmB,MAAM,IAAI,UAAU,WAAW,gBAAgB,QAAQ,WAAW;AAC3F,MAAI,CAAC,iBACH,OAAM,IAAI,MAAM,uCAAuC,QAAQ;EAIjE,MAAM,YAAY,QAAQ,aAAaC;AAEvC,MAAI,CAAC,IAAI,iBACP,OAAM,IAAI,MAAM;AAGlB,QAAM,IAAI,iBAAiB,gCAAgC;GACzD;GACA;GACA,MAAM;GACN,eAAe,QAAQ;GACvB,SAAS,QAAQ;GACjB,WAAW,QAAQ;GACnB,OAAO,QAAQ;GACf,MAAM,QAAQ;GACd,4BAA4B,QAAQ;GACpC,YAAY,QAAQ;GACpB,YAAY,QAAQ;;EAGtB,MAAM,WAAW,MAAM,IAAI,YAAiD;GAC1E;GACA,SAAS;IACP,MAAMC,mEAAkB;IACxB,SAAS;KACP,SAAS,QAAQ;KACjB,WAAW,QAAQ;KACnB,OAAO,QAAQ;KACf,OAAO,QAAQ,SAAS;KACxB,WAAW,QAAQ;KACnB,yBAAyB,iBAAiB;KAC1C,sCAAsC,iBAAiB;;;;AAK7D,MAAI,CAACC,iDAA2B,WAAW;AACzC,WAAQ,MAAM,gDAAgD;GAC9D,MAAM,eAAeC,4BAAS,UAAU,YAAa,UAAkB,SAAS;AAChF,SAAM,IAAI,MAAM,gBAAgB;;AAGlC,SAAO;GACL,SAAS;GACT,WAAW,SAAS,QAAQ;GAC5B,WAAW,SAAS,QAAQ;GAC5B,WAAW,SAAS,QAAQ;GAC5B,OAAO,SAAS,QAAQ,SAAS;;UAG5BC,OAAgB;AACvB,UAAQ,MAAM,+CAA+C;AAC7D,SAAO;GACL,SAAS;GACT,WAAW;GACX,WAAW;GACX,WAAW;GACX,OAAQ,SAAS,OAAQ,MAAgC,YAAY,WAChE,MAA8B,UAC/B"}

package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/signTransactionsWithActions.js CHANGED Viewed

@@ -15,6 +15,7 @@ require_actions.init_actions();
 require_signer_worker.init_signer_worker();
 require_defaultConfigs.init_defaultConfigs();
 require_accountIds.init_accountIds();
+require_getDeviceNumber.init_getDeviceNumber();
 require_validation.init_validation();
 /**
 * Sign multiple transactions with shared VRF challenge and credential