npm - @tatchi-xyz/sdk - Versions diffs - 0.20.0 → 0.31.0 - Mend

@tatchi-xyz/sdk 0.20.0 → 0.31.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2491) hide show

package/dist/esm/core/WebAuthnManager/touchIdPrompt.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"touchIdPrompt.js","names":["publicKey: PublicKeyCredentialCreationOptions","publicKey: PublicKeyCredentialRequestOptions"],"sources":["../../../../src/core/WebAuthnManager/touchIdPrompt.ts"],"sourcesContent":["import { ClientAuthenticatorData } from '../IndexedDBManager';\nimport { base64UrlDecode } from '../../utils/encoders';\nimport { outputAs32Bytes, VRFChallenge } from '../types/vrf-worker';\nimport { serializeAuthenticationCredentialWithPRF, generateChaCha20Salt, generateEd25519Salt } from './credentialsHelpers';\nimport type {\n WebAuthnAuthenticationCredential,\n WebAuthnRegistrationCredential\n} from '../types/webauthn';\nimport { executeWebAuthnWithParentFallbacksSafari } from './WebAuthnFallbacks';\n// Local rpId policy helpers (moved back from WebAuthnFallbacks)\nfunction isRegistrableSuffix(host: string, cand: string): boolean {\n if (!host \|\| !cand) return false;\n if (host === cand) return true;\n return host.endsWith('.' + cand);\n}\n\nfunction resolveRpId(override: string \| undefined, host: string \| undefined): string {\n const h = (host \|\| '').toLowerCase();\n const ov = (override \|\| '').toLowerCase();\n if (ov && h && isRegistrableSuffix(h, ov)) return ov;\n return h \|\| ov \|\| '';\n}\n\nexport interface RegisterCredentialsArgs {\n nearAccountId: string, // NEAR account ID for PRF salts and keypair derivation (always base account)\n challenge: VRFChallenge,\n deviceNumber?: number, // Optional device number for device-specific user ID (0, 1, 2, etc.)\n}\n\nexport interface AuthenticateCredentialsArgs {\n nearAccountId: string,\n challenge: VRFChallenge,\n allowCredentials: AllowCredential[],\n}\n\nexport interface AllowCredential {\n id: string,\n type: string,\n transports: AuthenticatorTransport[]\n}\n\nexport function authenticatorsToAllowCredentials(\n authenticators: ClientAuthenticatorData[]\n): AllowCredential[] {\n return authenticators.map(auth => ({\n id: auth.credentialId,\n type: 'public-key',\n transports: auth.transports as AuthenticatorTransport[]\n }));\n}\n\n/*\n TouchIdPrompt prompts for touchID,\n * creates credentials,\n * manages WebAuthn touchID prompts,\n * and generates credentials, and PRF Outputs\n /\nexport class TouchIdPrompt {\n private rpIdOverride?: string;\n private safariGetWebauthnRegistrationFallback: boolean;\n // create() only: internal abort controller + cleanup hooks\n private abortController?: AbortController;\n private removePageAbortHandlers?: () => void;\n private removeExternalAbortListener?: () => void;\n\n constructor(rpIdOverride?: string, safariGetWebauthnRegistrationFallback = false) {\n this.rpIdOverride = rpIdOverride;\n this.safariGetWebauthnRegistrationFallback = safariGetWebauthnRegistrationFallback === true;\n }\n\n getRpId(): string {\n try {\n return resolveRpId(this.rpIdOverride, window?.location?.hostname);\n } catch {\n return this.rpIdOverride \|\| '';\n }\n }\n\n // Utility helpers for cross‑origin fallback\n private static _inIframe(): boolean {\n try { return window.self !== window.top; } catch { return true; }\n }\n\n /\n Get authentication credentials\n * @param nearAccountId - NEAR account ID to authenticate\n * @param challenge - VRF challenge bytes\n * @param allowCredentials - Array of allowed credentials for authentication\n * @returns WebAuthn credential with only the first PRF output\n /\n async getAuthenticationCredentialsSerialized({\n nearAccountId,\n challenge,\n allowCredentials,\n }: {\n nearAccountId: string\n challenge: VRFChallenge\n allowCredentials: AllowCredential[]\n }): Promise<WebAuthnAuthenticationCredential> {\n const credentialMaybe = (await this.getAuthenticationCredentialsInternal({\n nearAccountId,\n challenge,\n allowCredentials,\n })) as unknown;\n // Support parent-bridge fallback returning an already-serialized credential\n if (isSerializedAuthenticationCredential(credentialMaybe)) {\n return credentialMaybe;\n }\n return serializeAuthenticationCredentialWithPRF({\n credential: credentialMaybe as PublicKeyCredential,\n firstPrfOutput: true,\n secondPrfOutput: false,\n })\n }\n\n /\n Same as getAuthenticationCredentialsSerialized but returns both PRF outputs\n * (PRF.first + PRF.second).\n * @param nearAccountId - NEAR account ID to authenticate\n * @param challenge - VRF challenge bytes\n * @param allowCredentials - Array of allowed credentials for authentication\n * @returns\n /\n async getAuthenticationCredentialsSerializedDualPrf({\n nearAccountId,\n challenge,\n allowCredentials,\n }: {\n nearAccountId: string,\n challenge: VRFChallenge,\n allowCredentials: AllowCredential[],\n }): Promise<WebAuthnAuthenticationCredential> {\n const credentialMaybe = (await this.getAuthenticationCredentialsInternal({\n nearAccountId,\n challenge,\n allowCredentials,\n })) as unknown;\n // Support parent-bridge fallback returning an already-serialized credential\n if (isSerializedAuthenticationCredential(credentialMaybe)) {\n return credentialMaybe;\n }\n return serializeAuthenticationCredentialWithPRF({\n credential: credentialMaybe as PublicKeyCredential,\n firstPrfOutput: true,\n secondPrfOutput: true,\n });\n }\n\n /\n Internal method for generating WebAuthn registration credentials with PRF output\n * @param nearAccountId - NEAR account ID for PRF salts and keypair derivation (always base account)\n * @param challenge - Random challenge bytes for the registration ceremony\n * @param deviceNumber - Device number for device-specific user ID.\n * @returns Credential with PRF output\n /\n async generateRegistrationCredentialsInternal({\n nearAccountId,\n challenge,\n deviceNumber,\n }: RegisterCredentialsArgs): Promise<PublicKeyCredential> {\n // New controller per create() call\n this.abortController = new AbortController();\n this.removePageAbortHandlers = TouchIdPrompt.attachPageAbortHandlers(this.abortController);\n // Single source of truth for rpId: use getRpId().\n const rpId = this.getRpId();\n const publicKey: PublicKeyCredentialCreationOptions = {\n challenge: outputAs32Bytes(challenge) as BufferSource,\n rp: {\n name: 'WebAuthn VRF Passkey',\n id: rpId\n },\n user: {\n id: new TextEncoder().encode(generateDeviceSpecificUserId(nearAccountId, deviceNumber)),\n name: generateDeviceSpecificUserId(nearAccountId, deviceNumber),\n displayName: generateUserFriendlyDisplayName(nearAccountId, deviceNumber)\n },\n pubKeyCredParams: [\n { alg: -7, type: 'public-key' },\n { alg: -257, type: 'public-key' }\n ],\n authenticatorSelection: {\n residentKey: 'required',\n userVerification: 'preferred'\n },\n timeout: 60000,\n attestation: 'none',\n extensions: {\n prf: {\n eval: {\n // Always use NEAR account ID for PRF salts to ensure consistent keypair derivation across devices\n first: generateChaCha20Salt(nearAccountId) as BufferSource, // ChaCha20Poly1305 encryption keys\n second: generateEd25519Salt(nearAccountId) as BufferSource // Ed25519 signing keys\n }\n }\n },\n };\n try {\n const result = await executeWebAuthnWithParentFallbacksSafari('create', publicKey, {\n rpId,\n inIframe: TouchIdPrompt._inIframe(),\n timeoutMs: publicKey.timeout as number \| undefined,\n // Pass AbortSignal through when supported; Safari bridge path may ignore it.\n abortSignal: this.abortController.signal,\n });\n return result as PublicKeyCredential;\n } finally {\n this.removePageAbortHandlers?.();\n this.removePageAbortHandlers = undefined;\n this.removeExternalAbortListener?.();\n this.removeExternalAbortListener = undefined;\n this.abortController = undefined;\n }\n }\n\n /\n Internal method for getting WebAuthn authentication credentials with PRF output\n * @param nearAccountId - NEAR account ID to authenticate\n * @param challenge - VRF challenge bytes to use for WebAuthn authentication\n * @param authenticators - List of stored authenticator data for the user\n * @returns WebAuthn credential with PRF output (HKDF derivation done in WASM worker)\n * ```ts\n * const credential = await touchIdPrompt.getCredentials({\n * nearAccountId,\n * challenge,\n * authenticators,\n * });\n * ```\n /\n async getAuthenticationCredentialsInternal({\n nearAccountId,\n challenge,\n allowCredentials,\n }: AuthenticateCredentialsArgs): Promise<PublicKeyCredential> {\n // New controller per get() call\n this.abortController = new AbortController();\n this.removePageAbortHandlers = TouchIdPrompt.attachPageAbortHandlers(this.abortController);\n // Single source of truth for rpId: use getRpId().\n const rpId = this.getRpId();\n const publicKey: PublicKeyCredentialRequestOptions = {\n challenge: outputAs32Bytes(challenge) as BufferSource,\n rpId,\n allowCredentials: allowCredentials.map((credential) => ({\n id: base64UrlDecode(credential.id) as BufferSource,\n type: 'public-key' as PublicKeyCredentialType,\n transports: credential.transports,\n })),\n userVerification: 'preferred' as UserVerificationRequirement,\n timeout: 60000,\n extensions: {\n prf: {\n eval: {\n // Always use NEAR account ID for PRF salts to ensure consistent keypair derivation across devices\n first: generateChaCha20Salt(nearAccountId) as BufferSource, // ChaCha20Poly1305 encryption keys\n second: generateEd25519Salt(nearAccountId) as BufferSource // Ed25519 signing keys\n }\n }\n }\n };\n try {\n const result = await executeWebAuthnWithParentFallbacksSafari('get', publicKey, {\n rpId,\n inIframe: TouchIdPrompt._inIframe(),\n timeoutMs: publicKey.timeout as number \| undefined,\n permitGetBridgeOnAncestorError: this.safariGetWebauthnRegistrationFallback,\n abortSignal: this.abortController.signal,\n });\n return result as PublicKeyCredential;\n } finally {\n this.removePageAbortHandlers?.();\n this.removePageAbortHandlers = undefined;\n this.removeExternalAbortListener?.();\n this.removeExternalAbortListener = undefined;\n this.abortController = undefined;\n }\n }\n}\n\n// Type guard for already-serialized authentication credential\nfunction isSerializedAuthenticationCredential(x: unknown): x is WebAuthnAuthenticationCredential {\n if (!x \|\| typeof x !== 'object') return false;\n const obj = x as { response?: unknown };\n const resp = obj.response as { authenticatorData?: unknown } \| undefined;\n return typeof resp?.authenticatorData === 'string';\n}\n\n/\n Generate device-specific user ID to prevent Chrome sync conflicts\n * Creates technical identifiers with full account context\n \n @param nearAccountId - The NEAR account ID (e.g., \"serp120.w3a-v1.testnet\")\n * @param deviceNumber - The device number (optional, undefined for device 1, 2 for device 2, etc.)\n * @returns Technical identifier:\n * - Device 1: \"serp120.web3-authn.testnet\"\n * - Device 2: \"serp120.web3-authn.testnet (2)\"\n * - Device 3: \"serp120.web3-authn.testnet (3)\"\n /\nexport function generateDeviceSpecificUserId(nearAccountId: string, deviceNumber?: number): string {\n // If no device number provided or device number is 1, this is the first device\n if (deviceNumber === undefined \|\| deviceNumber === 1) {\n return nearAccountId;\n }\n // For additional devices, add device number in parentheses\n return `${nearAccountId} (${deviceNumber})`;\n}\n\n/\n Generate user-friendly display name for passkey manager UI\n * Creates clean, intuitive names that users will see\n \n @param nearAccountId - The NEAR account ID (e.g., \"serp120.w3a-v1.testnet\")\n * @param deviceNumber - The device number (optional, undefined for device 1, 2 for device 2, etc.)\n * @returns User-friendly display name:\n * - Device 1: \"serp120\"\n * - Device 2: \"serp120 (device 2)\"\n * - Device 3: \"serp120 (device 3)\"\n */\nfunction generateUserFriendlyDisplayName(nearAccountId: string, deviceNumber?: number): string {\n // Extract the base username (everything before the first dot)\n const baseUsername = nearAccountId.split('.')[0];\n // If no device number provided or device number is 1, this is the first device\n if (deviceNumber === undefined \|\| deviceNumber === 1) {\n return baseUsername;\n }\n // For additional devices, add device number with friendly label\n return `${baseUsername} (device ${deviceNumber})`;\n}\n\n// Abort native WebAuthn when page is being hidden or unloaded\n// Centralized here to keep WebAuthn lifecycle concerns alongside native calls.\nexport namespace TouchIdPrompt {\n export function attachPageAbortHandlers(controller: AbortController): () => void {\n const onVisibility = () => { if (document.hidden) controller.abort(); };\n const onPageHide = () => { controller.abort(); };\n const onBeforeUnload = () => { controller.abort(); };\n document.addEventListener('visibilitychange', onVisibility, { passive: true });\n window.addEventListener('pagehide', onPageHide, { passive: true });\n window.addEventListener('beforeunload', onBeforeUnload, { passive: true });\n return () => {\n document.removeEventListener('visibilitychange', onVisibility);\n window.removeEventListener('pagehide', onPageHide);\n window.removeEventListener('beforeunload', onBeforeUnload);\n };\n }\n}\n"],"mappings":";;;;;;;;;AAUA,SAAS,oBAAoB,MAAc,MAAuB;AAChE,KAAI,CAAC,QAAQ,CAAC,KAAM,QAAO;AAC3B,KAAI,SAAS,KAAM,QAAO;AAC1B,QAAO,KAAK,SAAS,MAAM;;AAG7B,SAAS,YAAY,UAA8B,MAAkC;CACnF,MAAM,KAAK,QAAQ,IAAI;CACvB,MAAM,MAAM,YAAY,IAAI;AAC5B,KAAI,MAAM,KAAK,oBAAoB,GAAG,IAAK,QAAO;AAClD,QAAO,KAAK,MAAM;;AAqBpB,SAAgB,iCACd,gBACmB;AACnB,QAAO,eAAe,KAAI,UAAS;EACjC,IAAI,KAAK;EACT,MAAM;EACN,YAAY,KAAK;;;AAuOrB,SAAS,qCAAqC,GAAmD;AAC/F,KAAI,CAAC,KAAK,OAAO,MAAM,SAAU,QAAO;CACxC,MAAM,MAAM;CACZ,MAAM,OAAO,IAAI;AACjB,QAAO,OAAO,MAAM,sBAAsB;;;;;;;;;;;;;AAc5C,SAAgB,6BAA6B,eAAuB,cAA+B;AAEjG,KAAI,iBAAiB,UAAa,iBAAiB,EACjD,QAAO;AAGT,QAAO,GAAG,cAAc,IAAI,aAAa;;;;;;;;;;;;;AAc3C,SAAS,gCAAgC,eAAuB,cAA+B;CAE7F,MAAM,eAAe,cAAc,MAAM,KAAK;AAE9C,KAAI,iBAAiB,UAAa,iBAAiB,EACjD,QAAO;AAGT,QAAO,GAAG,aAAa,WAAW,aAAa;;;;;;;;CA3QpC,gBAAb,MAAa,cAAc;EACzB,AAAQ;EACR,AAAQ;EAER,AAAQ;EACR,AAAQ;EACR,AAAQ;EAER,YAAY,cAAuB,wCAAwC,OAAO;AAChF,QAAK,eAAe;AACpB,QAAK,wCAAwC,0CAA0C;;EAGzF,UAAkB;AAChB,OAAI;AACF,WAAO,YAAY,KAAK,cAAc,QAAQ,UAAU;WAClD;AACN,WAAO,KAAK,gBAAgB;;;EAKhC,OAAe,YAAqB;AAClC,OAAI;AAAE,WAAO,OAAO,SAAS,OAAO;WAAa;AAAE,WAAO;;;;;;;;;;EAU5D,MAAM,uCAAuC,EAC3C,eACA,WACA,oBAK4C;GAC5C,MAAM,kBAAmB,MAAM,KAAK,qCAAqC;IACvE;IACA;IACA;;AAGF,OAAI,qCAAqC,iBACvC,QAAO;AAET,UAAO,yCAAyC;IAC9C,YAAY;IACZ,gBAAgB;IAChB,iBAAiB;;;;;;;;;;;EAYrB,MAAM,8CAA8C,EAClD,eACA,WACA,oBAK4C;GAC5C,MAAM,kBAAmB,MAAM,KAAK,qCAAqC;IACvE;IACA;IACA;;AAGF,OAAI,qCAAqC,iBACvC,QAAO;AAET,UAAO,yCAAyC;IAC9C,YAAY;IACZ,gBAAgB;IAChB,iBAAiB;;;;;;;;;;EAWrB,MAAM,wCAAwC,EAC5C,eACA,WACA,gBACwD;AAExD,QAAK,kBAAkB,IAAI;AAC3B,QAAK,0BAA0B,cAAc,wBAAwB,KAAK;GAE1E,MAAM,OAAO,KAAK;GAClB,MAAMA,YAAgD;IACpD,WAAW,gBAAgB;IAC3B,IAAI;KACF,MAAM;KACN,IAAI;;IAEN,MAAM;KACJ,IAAI,IAAI,cAAc,OAAO,6BAA6B,eAAe;KACzE,MAAM,6BAA6B,eAAe;KAClD,aAAa,gCAAgC,eAAe;;IAE9D,kBAAkB,CAChB;KAAE,KAAK;KAAI,MAAM;OACjB;KAAE,KAAK;KAAM,MAAM;;IAErB,wBAAwB;KACtB,aAAa;KACb,kBAAkB;;IAEpB,SAAS;IACT,aAAa;IACb,YAAY,EACV,KAAK,EACH,MAAM;KAEJ,OAAO,qBAAqB;KAC5B,QAAQ,oBAAoB;;;AAKpC,OAAI;IACF,MAAM,SAAS,MAAM,yCAAyC,UAAU,WAAW;KACjF;KACA,UAAU,cAAc;KACxB,WAAW,UAAU;KAErB,aAAa,KAAK,gBAAgB;;AAEpC,WAAO;aACC;AACR,SAAK;AACL,SAAK,0BAA0B;AAC/B,SAAK;AACL,SAAK,8BAA8B;AACnC,SAAK,kBAAkB;;;;;;;;;;;;;;;;;EAkB3B,MAAM,qCAAqC,EACzC,eACA,WACA,oBAC4D;AAE5D,QAAK,kBAAkB,IAAI;AAC3B,QAAK,0BAA0B,cAAc,wBAAwB,KAAK;GAE1E,MAAM,OAAO,KAAK;GAClB,MAAMC,YAA+C;IACnD,WAAW,gBAAgB;IAC3B;IACA,kBAAkB,iBAAiB,KAAK,gBAAgB;KACtD,IAAI,gBAAgB,WAAW;KAC/B,MAAM;KACN,YAAY,WAAW;;IAEzB,kBAAkB;IAClB,SAAS;IACT,YAAY,EACV,KAAK,EACH,MAAM;KAEJ,OAAO,qBAAqB;KAC5B,QAAQ,oBAAoB;;;AAKpC,OAAI;IACF,MAAM,SAAS,MAAM,yCAAyC,OAAO,WAAW;KAC9E;KACA,UAAU,cAAc;KACxB,WAAW,UAAU;KACrB,gCAAgC,KAAK;KACrC,aAAa,KAAK,gBAAgB;;AAEpC,WAAO;aACC;AACR,SAAK;AACL,SAAK,0BAA0B;AAC/B,SAAK;AACL,SAAK,8BAA8B;AACnC,SAAK,kBAAkB;;;;AAyDtB;EACE,SAAS,wBAAwB,YAAyC;GAC/E,MAAM,qBAAqB;AAAE,QAAI,SAAS,OAAQ,YAAW;;GAC7D,MAAM,mBAAmB;AAAE,eAAW;;GACtC,MAAM,uBAAuB;AAAE,eAAW;;AAC1C,YAAS,iBAAiB,oBAAoB,cAAc,EAAE,SAAS;AACvE,UAAO,iBAAiB,YAAY,YAAY,EAAE,SAAS;AAC3D,UAAO,iBAAiB,gBAAgB,gBAAgB,EAAE,SAAS;AACnE,gBAAa;AACX,aAAS,oBAAoB,oBAAoB;AACjD,WAAO,oBAAoB,YAAY;AACvC,WAAO,oBAAoB,gBAAgB"}
1	+ {"version":3,"file":"touchIdPrompt.js","names":["publicKey: PublicKeyCredentialCreationOptions","publicKey: PublicKeyCredentialRequestOptions"],"sources":["../../../../src/core/WebAuthnManager/touchIdPrompt.ts"],"sourcesContent":["import { ClientAuthenticatorData } from '../IndexedDBManager';\nimport { base64UrlDecode } from '../../utils/encoders';\nimport { outputAs32Bytes, VRFChallenge } from '../types/vrf-worker';\nimport { serializeAuthenticationCredentialWithPRF, generateChaCha20Salt, generateEd25519Salt } from './credentialsHelpers';\nimport type {\n WebAuthnAuthenticationCredential,\n WebAuthnRegistrationCredential\n} from '../types/webauthn';\nimport { executeWebAuthnWithParentFallbacksSafari } from './WebAuthnFallbacks';\n// Local rpId policy helpers (moved back from WebAuthnFallbacks)\nfunction isRegistrableSuffix(host: string, cand: string): boolean {\n if (!host \|\| !cand) return false;\n if (host === cand) return true;\n return host.endsWith('.' + cand);\n}\n\nfunction resolveRpId(override: string \| undefined, host: string \| undefined): string {\n const h = (host \|\| '').toLowerCase();\n const ov = (override \|\| '').toLowerCase();\n if (ov && h && isRegistrableSuffix(h, ov)) return ov;\n return h \|\| ov \|\| '';\n}\n\nexport interface RegisterCredentialsArgs {\n nearAccountId: string, // NEAR account ID for PRF salts and keypair derivation (always base account)\n challenge: VRFChallenge,\n deviceNumber?: number, // Optional device number for device-specific user ID (0, 1, 2, etc.)\n}\n\nexport interface AuthenticateCredentialsArgs {\n nearAccountId: string,\n challenge: VRFChallenge,\n allowCredentials: AllowCredential[],\n}\n\nexport interface AllowCredential {\n id: string,\n type: string,\n transports: AuthenticatorTransport[]\n}\n\nexport function authenticatorsToAllowCredentials(\n authenticators: ClientAuthenticatorData[]\n): AllowCredential[] {\n return authenticators.map(auth => ({\n id: auth.credentialId,\n type: 'public-key',\n transports: auth.transports as AuthenticatorTransport[]\n }));\n}\n\n/*\n TouchIdPrompt prompts for touchID,\n * creates credentials,\n * manages WebAuthn touchID prompts,\n * and generates credentials, and PRF Outputs\n /\nexport class TouchIdPrompt {\n private rpIdOverride?: string;\n private safariGetWebauthnRegistrationFallback: boolean;\n // create() only: internal abort controller + cleanup hooks\n private abortController?: AbortController;\n private removePageAbortHandlers?: () => void;\n private removeExternalAbortListener?: () => void;\n\n constructor(rpIdOverride?: string, safariGetWebauthnRegistrationFallback = false) {\n this.rpIdOverride = rpIdOverride;\n this.safariGetWebauthnRegistrationFallback = safariGetWebauthnRegistrationFallback === true;\n }\n\n getRpId(): string {\n try {\n return resolveRpId(this.rpIdOverride, window?.location?.hostname);\n } catch {\n return this.rpIdOverride \|\| '';\n }\n }\n\n // Utility helpers for cross‑origin fallback\n private static _inIframe(): boolean {\n try { return window.self !== window.top; } catch { return true; }\n }\n\n /\n Get authentication credentials\n * @param nearAccountId - NEAR account ID to authenticate\n * @param challenge - VRF challenge bytes\n * @param allowCredentials - Array of allowed credentials for authentication\n * @returns WebAuthn credential with only the first PRF output\n /\n async getAuthenticationCredentialsSerialized({\n nearAccountId,\n challenge,\n allowCredentials,\n }: {\n nearAccountId: string\n challenge: VRFChallenge\n allowCredentials: AllowCredential[]\n }): Promise<WebAuthnAuthenticationCredential> {\n const credentialMaybe = (await this.getAuthenticationCredentialsInternal({\n nearAccountId,\n challenge,\n allowCredentials,\n })) as unknown;\n // Support parent-bridge fallback returning an already-serialized credential\n if (isSerializedAuthenticationCredential(credentialMaybe)) {\n return credentialMaybe;\n }\n return serializeAuthenticationCredentialWithPRF({\n credential: credentialMaybe as PublicKeyCredential,\n firstPrfOutput: true,\n secondPrfOutput: false,\n })\n }\n\n /\n Same as getAuthenticationCredentialsSerialized but returns both PRF outputs\n * (PRF.first + PRF.second).\n * @param nearAccountId - NEAR account ID to authenticate\n * @param challenge - VRF challenge bytes\n * @param allowCredentials - Array of allowed credentials for authentication\n * @returns\n /\n async getAuthenticationCredentialsSerializedDualPrf({\n nearAccountId,\n challenge,\n allowCredentials,\n }: {\n nearAccountId: string,\n challenge: VRFChallenge,\n allowCredentials: AllowCredential[],\n }): Promise<WebAuthnAuthenticationCredential> {\n const credentialMaybe = (await this.getAuthenticationCredentialsInternal({\n nearAccountId,\n challenge,\n allowCredentials,\n })) as unknown;\n // Support parent-bridge fallback returning an already-serialized credential\n if (isSerializedAuthenticationCredential(credentialMaybe)) {\n return credentialMaybe;\n }\n return serializeAuthenticationCredentialWithPRF({\n credential: credentialMaybe as PublicKeyCredential,\n firstPrfOutput: true,\n secondPrfOutput: true,\n });\n }\n\n /\n Internal method for generating WebAuthn registration credentials with PRF output\n * @param nearAccountId - NEAR account ID for PRF salts and keypair derivation (always base account)\n * @param challenge - Random challenge bytes for the registration ceremony\n * @param deviceNumber - Device number for device-specific user ID.\n * @returns Credential with PRF output\n /\n async generateRegistrationCredentialsInternal({\n nearAccountId,\n challenge,\n deviceNumber,\n }: RegisterCredentialsArgs): Promise<PublicKeyCredential> {\n // New controller per create() call\n this.abortController = new AbortController();\n this.removePageAbortHandlers = TouchIdPrompt.attachPageAbortHandlers(this.abortController);\n // Single source of truth for rpId: use getRpId().\n const rpId = this.getRpId();\n const publicKey: PublicKeyCredentialCreationOptions = {\n challenge: outputAs32Bytes(challenge) as BufferSource,\n rp: {\n name: 'WebAuthn VRF Passkey',\n id: rpId\n },\n user: {\n id: new TextEncoder().encode(generateDeviceSpecificUserId(nearAccountId, deviceNumber)),\n name: generateDeviceSpecificUserId(nearAccountId, deviceNumber),\n displayName: generateUserFriendlyDisplayName(nearAccountId, deviceNumber)\n },\n pubKeyCredParams: [\n { alg: -7, type: 'public-key' },\n { alg: -257, type: 'public-key' }\n ],\n authenticatorSelection: {\n residentKey: 'required',\n userVerification: 'preferred'\n },\n timeout: 60000,\n attestation: 'none',\n extensions: {\n prf: {\n eval: {\n // Always use NEAR account ID for PRF salts to ensure consistent keypair derivation across devices\n first: generateChaCha20Salt(nearAccountId) as BufferSource, // ChaCha20Poly1305 encryption keys\n second: generateEd25519Salt(nearAccountId) as BufferSource // Ed25519 signing keys\n }\n }\n },\n };\n try {\n const result = await executeWebAuthnWithParentFallbacksSafari('create', publicKey, {\n rpId,\n inIframe: TouchIdPrompt._inIframe(),\n timeoutMs: publicKey.timeout as number \| undefined,\n // Pass AbortSignal through when supported; Safari bridge path may ignore it.\n abortSignal: this.abortController.signal,\n });\n return result as PublicKeyCredential;\n } finally {\n this.removePageAbortHandlers?.();\n this.removePageAbortHandlers = undefined;\n this.removeExternalAbortListener?.();\n this.removeExternalAbortListener = undefined;\n this.abortController = undefined;\n }\n }\n\n /\n Internal method for getting WebAuthn authentication credentials with PRF output\n * @param nearAccountId - NEAR account ID to authenticate\n * @param challenge - VRF challenge bytes to use for WebAuthn authentication\n * @param authenticators - List of stored authenticator data for the user\n * @returns WebAuthn credential with PRF output (HKDF derivation done in WASM worker)\n * ```ts\n * const credential = await touchIdPrompt.getCredentials({\n * nearAccountId,\n * challenge,\n * authenticators,\n * });\n * ```\n /\n async getAuthenticationCredentialsInternal({\n nearAccountId,\n challenge,\n allowCredentials,\n }: AuthenticateCredentialsArgs): Promise<PublicKeyCredential> {\n // New controller per get() call\n this.abortController = new AbortController();\n this.removePageAbortHandlers = TouchIdPrompt.attachPageAbortHandlers(this.abortController);\n // Single source of truth for rpId: use getRpId().\n const rpId = this.getRpId();\n const publicKey: PublicKeyCredentialRequestOptions = {\n challenge: outputAs32Bytes(challenge) as BufferSource,\n rpId,\n allowCredentials: allowCredentials.map((credential) => ({\n id: base64UrlDecode(credential.id) as BufferSource,\n type: 'public-key' as PublicKeyCredentialType,\n transports: credential.transports,\n })),\n userVerification: 'preferred' as UserVerificationRequirement,\n timeout: 60000,\n extensions: {\n prf: {\n eval: {\n // Always use NEAR account ID for PRF salts to ensure consistent keypair derivation across devices\n first: generateChaCha20Salt(nearAccountId) as BufferSource, // ChaCha20Poly1305 encryption keys\n second: generateEd25519Salt(nearAccountId) as BufferSource // Ed25519 signing keys\n }\n }\n }\n };\n try {\n const result = await executeWebAuthnWithParentFallbacksSafari('get', publicKey, {\n rpId,\n inIframe: TouchIdPrompt._inIframe(),\n timeoutMs: publicKey.timeout as number \| undefined,\n permitGetBridgeOnAncestorError: this.safariGetWebauthnRegistrationFallback,\n abortSignal: this.abortController.signal,\n });\n return result as PublicKeyCredential;\n } finally {\n this.removePageAbortHandlers?.();\n this.removePageAbortHandlers = undefined;\n this.removeExternalAbortListener?.();\n this.removeExternalAbortListener = undefined;\n this.abortController = undefined;\n }\n }\n}\n\n// Type guard for already-serialized authentication credential\nfunction isSerializedAuthenticationCredential(x: unknown): x is WebAuthnAuthenticationCredential {\n if (!x \|\| typeof x !== 'object') return false;\n const obj = x as { response?: unknown };\n const resp = obj.response as { authenticatorData?: unknown } \| undefined;\n return typeof resp?.authenticatorData === 'string';\n}\n\n/\n Generate device-specific user ID to prevent Chrome sync conflicts\n * Creates technical identifiers with full account context\n \n @param nearAccountId - The NEAR account ID (e.g., \"serp120.w3a-v1.testnet\")\n * @param deviceNumber - The device number (optional, undefined for device 1, 2 for device 2, etc.)\n * @returns Technical identifier:\n * - Device 1: \"serp120.web3-authn.testnet\"\n * - Device 2: \"serp120.web3-authn.testnet (2)\"\n * - Device 3: \"serp120.web3-authn.testnet (3)\"\n /\nexport function generateDeviceSpecificUserId(nearAccountId: string, deviceNumber?: number): string {\n // If no device number provided or device number is 1, this is the first device\n if (deviceNumber === undefined \|\| deviceNumber === 1) {\n return nearAccountId;\n }\n // For additional devices, add device number in parentheses\n return `${nearAccountId} (${deviceNumber})`;\n}\n\n/\n Generate user-friendly display name for passkey manager UI\n * Creates clean, intuitive names that users will see\n \n @param nearAccountId - The NEAR account ID (e.g., \"serp120.w3a-v1.testnet\")\n * @param deviceNumber - The device number (optional, undefined for device 1, 2 for device 2, etc.)\n * @returns User-friendly display name:\n * - Device 1: \"serp120\"\n * - Device 2: \"serp120 (device 2)\"\n * - Device 3: \"serp120 (device 3)\"\n */\nfunction generateUserFriendlyDisplayName(nearAccountId: string, deviceNumber?: number): string {\n // Extract the base username (everything before the first dot)\n const baseUsername = nearAccountId.split('.')[0];\n // If no device number provided or device number is 1, this is the first device\n if (deviceNumber === undefined \|\| deviceNumber === 1) {\n return baseUsername;\n }\n // For additional devices, add device number with friendly label\n return `${baseUsername} (device ${deviceNumber})`;\n}\n\n// Abort native WebAuthn when page is being hidden or unloaded\n// Centralized here to keep WebAuthn lifecycle concerns alongside native calls.\nexport namespace TouchIdPrompt {\n export function attachPageAbortHandlers(controller: AbortController): () => void {\n const onVisibility = () => { if (document.hidden) controller.abort(); };\n const onPageHide = () => { controller.abort(); };\n const onBeforeUnload = () => { controller.abort(); };\n document.addEventListener('visibilitychange', onVisibility, { passive: true });\n window.addEventListener('pagehide', onPageHide, { passive: true });\n window.addEventListener('beforeunload', onBeforeUnload, { passive: true });\n return () => {\n document.removeEventListener('visibilitychange', onVisibility);\n window.removeEventListener('pagehide', onPageHide);\n window.removeEventListener('beforeunload', onBeforeUnload);\n };\n }\n}\n"],"mappings":";;;;;;AAUA,SAAS,oBAAoB,MAAc,MAAuB;AAChE,KAAI,CAAC,QAAQ,CAAC,KAAM,QAAO;AAC3B,KAAI,SAAS,KAAM,QAAO;AAC1B,QAAO,KAAK,SAAS,MAAM;;AAG7B,SAAS,YAAY,UAA8B,MAAkC;CACnF,MAAM,KAAK,QAAQ,IAAI;CACvB,MAAM,MAAM,YAAY,IAAI;AAC5B,KAAI,MAAM,KAAK,oBAAoB,GAAG,IAAK,QAAO;AAClD,QAAO,KAAK,MAAM;;AAqBpB,SAAgB,iCACd,gBACmB;AACnB,QAAO,eAAe,KAAI,UAAS;EACjC,IAAI,KAAK;EACT,MAAM;EACN,YAAY,KAAK;;;;;;;;;AAUrB,IAAa,gBAAb,MAAa,cAAc;CACzB,AAAQ;CACR,AAAQ;CAER,AAAQ;CACR,AAAQ;CACR,AAAQ;CAER,YAAY,cAAuB,wCAAwC,OAAO;AAChF,OAAK,eAAe;AACpB,OAAK,wCAAwC,0CAA0C;;CAGzF,UAAkB;AAChB,MAAI;AACF,UAAO,YAAY,KAAK,cAAc,QAAQ,UAAU;UAClD;AACN,UAAO,KAAK,gBAAgB;;;CAKhC,OAAe,YAAqB;AAClC,MAAI;AAAE,UAAO,OAAO,SAAS,OAAO;UAAa;AAAE,UAAO;;;;;;;;;;CAU5D,MAAM,uCAAuC,EAC3C,eACA,WACA,oBAK4C;EAC5C,MAAM,kBAAmB,MAAM,KAAK,qCAAqC;GACvE;GACA;GACA;;AAGF,MAAI,qCAAqC,iBACvC,QAAO;AAET,SAAO,yCAAyC;GAC9C,YAAY;GACZ,gBAAgB;GAChB,iBAAiB;;;;;;;;;;;CAYrB,MAAM,8CAA8C,EAClD,eACA,WACA,oBAK4C;EAC5C,MAAM,kBAAmB,MAAM,KAAK,qCAAqC;GACvE;GACA;GACA;;AAGF,MAAI,qCAAqC,iBACvC,QAAO;AAET,SAAO,yCAAyC;GAC9C,YAAY;GACZ,gBAAgB;GAChB,iBAAiB;;;;;;;;;;CAWrB,MAAM,wCAAwC,EAC5C,eACA,WACA,gBACwD;AAExD,OAAK,kBAAkB,IAAI;AAC3B,OAAK,0BAA0B,cAAc,wBAAwB,KAAK;EAE1E,MAAM,OAAO,KAAK;EAClB,MAAMA,YAAgD;GACpD,WAAW,gBAAgB;GAC3B,IAAI;IACF,MAAM;IACN,IAAI;;GAEN,MAAM;IACJ,IAAI,IAAI,cAAc,OAAO,6BAA6B,eAAe;IACzE,MAAM,6BAA6B,eAAe;IAClD,aAAa,gCAAgC,eAAe;;GAE9D,kBAAkB,CAChB;IAAE,KAAK;IAAI,MAAM;MACjB;IAAE,KAAK;IAAM,MAAM;;GAErB,wBAAwB;IACtB,aAAa;IACb,kBAAkB;;GAEpB,SAAS;GACT,aAAa;GACb,YAAY,EACV,KAAK,EACH,MAAM;IAEJ,OAAO,qBAAqB;IAC5B,QAAQ,oBAAoB;;;AAKpC,MAAI;GACF,MAAM,SAAS,MAAM,yCAAyC,UAAU,WAAW;IACjF;IACA,UAAU,cAAc;IACxB,WAAW,UAAU;IAErB,aAAa,KAAK,gBAAgB;;AAEpC,UAAO;YACC;AACR,QAAK;AACL,QAAK,0BAA0B;AAC/B,QAAK;AACL,QAAK,8BAA8B;AACnC,QAAK,kBAAkB;;;;;;;;;;;;;;;;;CAkB3B,MAAM,qCAAqC,EACzC,eACA,WACA,oBAC4D;AAE5D,OAAK,kBAAkB,IAAI;AAC3B,OAAK,0BAA0B,cAAc,wBAAwB,KAAK;EAE1E,MAAM,OAAO,KAAK;EAClB,MAAMC,YAA+C;GACnD,WAAW,gBAAgB;GAC3B;GACA,kBAAkB,iBAAiB,KAAK,gBAAgB;IACtD,IAAI,gBAAgB,WAAW;IAC/B,MAAM;IACN,YAAY,WAAW;;GAEzB,kBAAkB;GAClB,SAAS;GACT,YAAY,EACV,KAAK,EACH,MAAM;IAEJ,OAAO,qBAAqB;IAC5B,QAAQ,oBAAoB;;;AAKpC,MAAI;GACF,MAAM,SAAS,MAAM,yCAAyC,OAAO,WAAW;IAC9E;IACA,UAAU,cAAc;IACxB,WAAW,UAAU;IACrB,gCAAgC,KAAK;IACrC,aAAa,KAAK,gBAAgB;;AAEpC,UAAO;YACC;AACR,QAAK;AACL,QAAK,0BAA0B;AAC/B,QAAK;AACL,QAAK,8BAA8B;AACnC,QAAK,kBAAkB;;;;AAM7B,SAAS,qCAAqC,GAAmD;AAC/F,KAAI,CAAC,KAAK,OAAO,MAAM,SAAU,QAAO;CACxC,MAAM,MAAM;CACZ,MAAM,OAAO,IAAI;AACjB,QAAO,OAAO,MAAM,sBAAsB;;;;;;;;;;;;;AAc5C,SAAgB,6BAA6B,eAAuB,cAA+B;AAEjG,KAAI,iBAAiB,UAAa,iBAAiB,EACjD,QAAO;AAGT,QAAO,GAAG,cAAc,IAAI,aAAa;;;;;;;;;;;;;AAc3C,SAAS,gCAAgC,eAAuB,cAA+B;CAE7F,MAAM,eAAe,cAAc,MAAM,KAAK;AAE9C,KAAI,iBAAiB,UAAa,iBAAiB,EACjD,QAAO;AAGT,QAAO,GAAG,aAAa,WAAW,aAAa;;;CAMxC,SAAS,wBAAwB,YAAyC;EAC/E,MAAM,qBAAqB;AAAE,OAAI,SAAS,OAAQ,YAAW;;EAC7D,MAAM,mBAAmB;AAAE,cAAW;;EACtC,MAAM,uBAAuB;AAAE,cAAW;;AAC1C,WAAS,iBAAiB,oBAAoB,cAAc,EAAE,SAAS;AACvE,SAAO,iBAAiB,YAAY,YAAY,EAAE,SAAS;AAC3D,SAAO,iBAAiB,gBAAgB,gBAAgB,EAAE,SAAS;AACnE,eAAa;AACX,YAAS,oBAAoB,oBAAoB;AACjD,UAAO,oBAAoB,YAAY;AACvC,UAAO,oBAAoB,gBAAgB"}

package/dist/esm/core/WebAuthnManager/userHandle.js CHANGED Viewed

@@ -1,10 +1,7 @@
-import { init_validation, validateNearAccountId } from "../../utils/validation.js";
+import { validateNearAccountId } from "../../utils/validation.js";
 import { base64UrlDecode } from "../../utils/base64.js";
-import { init_utils } from "../../utils/index.js";
 //#region src/core/WebAuthnManager/userHandle.ts
-init_utils();
-init_validation();
 /**
 * Parse a WebAuthn userHandle into a NEAR account ID.
 * Accepts either a base64url string (serialized) or an ArrayBuffer-like value.

package/dist/esm/core/WebAuthnManager/userHandle.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"userHandle.js","names":["bytes: Uint8Array \| null"],"sources":["../../../../src/core/WebAuthnManager/userHandle.ts"],"sourcesContent":["import { base64UrlDecode } from '../../utils';\nimport { validateNearAccountId } from '../../utils/validation';\n\n/*\n Parse a WebAuthn userHandle into a NEAR account ID.\n * Accepts either a base64url string (serialized) or an ArrayBuffer-like value.\n * Strips optional device suffixes like \" (2)\" appended during registration.\n * Returns a validated account ID string or null if invalid/unavailable.\n */\nexport function parseAccountIdFromUserHandle(userHandle: unknown): string \| null {\n try {\n let bytes: Uint8Array \| null = null;\n if (typeof userHandle === 'string' && userHandle.length > 0) {\n try { bytes = base64UrlDecode(userHandle); } catch { bytes = null; }\n } else if (userHandle && typeof (userHandle as any).byteLength === 'number') {\n try { bytes = new Uint8Array(userHandle as ArrayBuffer); } catch { bytes = null; }\n }\n if (!bytes \|\| bytes.byteLength === 0) return null;\n\n const decoded = new TextDecoder().decode(bytes);\n const base = decoded.replace(/ \$\\d+\$$/g, '');\n return validateNearAccountId(base).valid ? base : null;\n } catch {\n return null;\n }\n}\n\n"],"mappings":"~~;;;;;;;;;;;;;~~AASA,SAAgB,6BAA6B,YAAoC;AAC/E,KAAI;EACF,IAAIA,QAA2B;AAC/B,MAAI,OAAO,eAAe,YAAY,WAAW,SAAS,EACxD,KAAI;AAAE,WAAQ,gBAAgB;UAAqB;AAAE,WAAQ;;WACpD,cAAc,OAAQ,WAAmB,eAAe,SACjE,KAAI;AAAE,WAAQ,IAAI,WAAW;UAAoC;AAAE,WAAQ;;AAE7E,MAAI,CAAC,SAAS,MAAM,eAAe,EAAG,QAAO;EAE7C,MAAM,UAAU,IAAI,cAAc,OAAO;EACzC,MAAM,OAAO,QAAQ,QAAQ,cAAc;AAC3C,SAAO,sBAAsB,MAAM,QAAQ,OAAO;SAC5C;AACN,SAAO"}
1	+ {"version":3,"file":"userHandle.js","names":["bytes: Uint8Array \| null"],"sources":["../../../../src/core/WebAuthnManager/userHandle.ts"],"sourcesContent":["import { base64UrlDecode } from '../../utils';\nimport { validateNearAccountId } from '../../utils/validation';\n\n/*\n Parse a WebAuthn userHandle into a NEAR account ID.\n * Accepts either a base64url string (serialized) or an ArrayBuffer-like value.\n * Strips optional device suffixes like \" (2)\" appended during registration.\n * Returns a validated account ID string or null if invalid/unavailable.\n */\nexport function parseAccountIdFromUserHandle(userHandle: unknown): string \| null {\n try {\n let bytes: Uint8Array \| null = null;\n if (typeof userHandle === 'string' && userHandle.length > 0) {\n try { bytes = base64UrlDecode(userHandle); } catch { bytes = null; }\n } else if (userHandle && typeof (userHandle as any).byteLength === 'number') {\n try { bytes = new Uint8Array(userHandle as ArrayBuffer); } catch { bytes = null; }\n }\n if (!bytes \|\| bytes.byteLength === 0) return null;\n\n const decoded = new TextDecoder().decode(bytes);\n const base = decoded.replace(/ \$\\d+\$$/g, '');\n return validateNearAccountId(base).valid ? base : null;\n } catch {\n return null;\n }\n}\n\n"],"mappings":";;;;;;;;;;AASA,SAAgB,6BAA6B,YAAoC;AAC/E,KAAI;EACF,IAAIA,QAA2B;AAC/B,MAAI,OAAO,eAAe,YAAY,WAAW,SAAS,EACxD,KAAI;AAAE,WAAQ,gBAAgB;UAAqB;AAAE,WAAQ;;WACpD,cAAc,OAAQ,WAAmB,eAAe,SACjE,KAAI;AAAE,WAAQ,IAAI,WAAW;UAAoC;AAAE,WAAQ;;AAE7E,MAAI,CAAC,SAAS,MAAM,eAAe,EAAG,QAAO;EAE7C,MAAM,UAAU,IAAI,cAAc,OAAO;EACzC,MAAM,OAAO,QAAQ,QAAQ,cAAc;AAC3C,SAAO,sBAAsB,MAAM,QAAQ,OAAO;SAC5C;AACN,SAAO"}

package/dist/esm/core/WebAuthnManager/userPreferences.js CHANGED Viewed

@@ -1,15 +1,17 @@
-import { DEFAULT_CONFIRMATION_CONFIG, init_signer_worker } from "../types/signer-worker.js";
-import { IndexedDBManager, init_IndexedDBManager } from "../IndexedDBManager/index.js";
+import { DEFAULT_CONFIRMATION_CONFIG, DEFAULT_SIGNING_MODE, coerceSignerMode, mergeSignerMode } from "../types/signer-worker.js";
+import { IndexedDBManager } from "../IndexedDBManager/index.js";
 //#region src/core/WebAuthnManager/userPreferences.ts
-init_signer_worker();
-init_IndexedDBManager();
 var UserPreferencesManager = class {
 	themeChangeListeners = /* @__PURE__ */ new Set();
 	confirmationConfigChangeListeners = /* @__PURE__ */ new Set();
+	signerModeChangeListeners = /* @__PURE__ */ new Set();
 	currentUserAccountId;
 	confirmationConfig = DEFAULT_CONFIRMATION_CONFIG;
+	signerMode = DEFAULT_SIGNING_MODE;
 	walletThemeOverride = null;
+	signerModeOverride = null;
+	walletIframeSignerModeWriter = null;
 	envThemeSyncedForSession = false;
 	constructor() {
 		this.subscribeToIndexedDBChanges();
@@ -35,6 +37,26 @@ var UserPreferencesManager = class {
 		}
 	}
 	/**
+	* Apply an app-provided default signer mode (e.g., `configs.signerMode`) without
+	* persisting it as a per-user preference in IndexedDB.
+	*/
+	configureDefaultSignerMode(signerMode) {
+		const next = coerceSignerMode(signerMode, DEFAULT_SIGNING_MODE);
+		this.signerModeOverride = next;
+		if (!this.currentUserAccountId) this.setSignerModeInternal(next, {
+			persist: false,
+			notify: true
+		});
+	}
+	/**
+	* In wallet-iframe mode on the app origin, user preferences must be persisted by the wallet host
+	* (not the app origin). This configures a best-effort writer used by `setSignerMode(...)` when
+	* IndexedDB is disabled.
+	*/
+	configureWalletIframeSignerModeWriter(writer) {
+		this.walletIframeSignerModeWriter = writer;
+	}
+	/**
 	* Register a callback for theme change events
 	*/
 	onThemeChange(callback) {
@@ -54,6 +76,15 @@ var UserPreferencesManager = class {
 		};
 	}
 	/**
+	* Register a callback for signer mode changes.
+	*/
+	onSignerModeChange(callback) {
+		this.signerModeChangeListeners.add(callback);
+		return () => {
+			this.signerModeChangeListeners.delete(callback);
+		};
+	}
+	/**
 	* Notify all registered listeners of theme changes
 	*/
 	notifyThemeChange(theme) {
@@ -61,21 +92,15 @@ var UserPreferencesManager = class {
 			console.debug(`[UserPreferencesManager]: No listeners registered, theme change will not propagate.`);
 			return;
 		}
-		let index = 0;
-		this.themeChangeListeners.forEach((listener) => {
-			index++;
-			try {
-				listener(theme);
-			} catch (error) {}
-		});
+		for (const listener of this.themeChangeListeners) listener(theme);
 	}
 	notifyConfirmationConfigChange(config) {
 		if (this.confirmationConfigChangeListeners.size === 0) return;
-		this.confirmationConfigChangeListeners.forEach((listener) => {
-			try {
-				listener(config);
-			} catch {}
-		});
+		for (const listener of this.confirmationConfigChangeListeners) listener(config);
+	}
+	notifySignerModeChange(mode) {
+		if (this.signerModeChangeListeners.size === 0) return;
+		for (const listener of this.signerModeChangeListeners) listener(mode);
 	}
 	/**
 	* Best-effort async initialization from IndexedDB.
@@ -84,18 +109,18 @@ var UserPreferencesManager = class {
 	* app-origin IndexedDB (wallet-iframe mode) can skip it entirely.
 	*/
 	async initFromIndexedDB() {
-		try {
-			await this.loadUserSettings();
-		} catch (error) {
+		await this.loadUserSettings().catch((error) => {
 			console.warn("[WebAuthnManager]: Failed to initialize user settings:", error);
-		}
+		});
 	}
 	/**
 	* Subscribe to IndexedDB change events for automatic synchronization
 	*/
 	subscribeToIndexedDBChanges() {
 		this.unsubscribeFromIndexedDB = IndexedDBManager.clientDB.onChange((event) => {
-			this.handleIndexedDBEvent(event);
+			this.handleIndexedDBEvent(event).catch((error) => {
+				console.warn("[WebAuthnManager]: Error handling IndexedDB event:", error);
+			});
 		});
 	}
 	/**
@@ -103,23 +128,19 @@ var UserPreferencesManager = class {
 	* @param event - The IndexedDBEvent: `user-updated`, `preferences-updated`, `user-deleted` to handle.
 	*/
 	async handleIndexedDBEvent(event) {
-		try {
-			switch (event.type) {
-				case "preferences-updated":
-					if (event.accountId === this.currentUserAccountId) await this.reloadUserSettings();
-					break;
-				case "user-updated":
-					if (event.accountId === this.currentUserAccountId) await this.reloadUserSettings();
-					break;
-				case "user-deleted":
-					if (event.accountId === this.currentUserAccountId) {
-						this.currentUserAccountId = void 0;
-						this.confirmationConfig = DEFAULT_CONFIRMATION_CONFIG;
-					}
-					break;
-			}
-		} catch (error) {
-			console.warn("[WebAuthnManager]: Error handling IndexedDB event:", error);
+		switch (event.type) {
+			case "preferences-updated":
+				if (event.accountId === this.currentUserAccountId) await this.reloadUserSettings();
+				break;
+			case "user-updated":
+				if (event.accountId === this.currentUserAccountId) await this.reloadUserSettings();
+				break;
+			case "user-deleted":
+				if (event.accountId === this.currentUserAccountId) {
+					this.currentUserAccountId = void 0;
+					this.confirmationConfig = DEFAULT_CONFIRMATION_CONFIG;
+				}
+				break;
 		}
 	}
 	/**
@@ -134,8 +155,10 @@ var UserPreferencesManager = class {
 			this.unsubscribeFromIndexedDB();
 			this.unsubscribeFromIndexedDB = void 0;
 		}
+		this.walletIframeSignerModeWriter = null;
 		this.themeChangeListeners.clear();
 		this.confirmationConfigChangeListeners.clear();
+		this.signerModeChangeListeners.clear();
 	}
 	getCurrentUserAccountId() {
 		if (!this.currentUserAccountId) {
@@ -147,6 +170,9 @@ var UserPreferencesManager = class {
 	getConfirmationConfig() {
 		return this.confirmationConfig;
 	}
+	getSignerMode() {
+		return this.signerMode;
+	}
 	/**
 	* Apply an authoritative confirmation config snapshot from the wallet-iframe host.
 	* This updates in-memory state only; persistence remains owned by the wallet origin.
@@ -164,6 +190,20 @@ var UserPreferencesManager = class {
 		this.notifyConfirmationConfigChange(this.confirmationConfig);
 		if (this.confirmationConfig.theme !== prevTheme) this.notifyThemeChange(this.confirmationConfig.theme);
 	}
+	/**
+	* Apply an authoritative signer mode snapshot from the wallet-iframe host.
+	* This updates in-memory state only; persistence remains owned by the wallet origin.
+	*/
+	applyWalletHostSignerMode(args) {
+		const { nearAccountId, signerMode } = args || {};
+		if (nearAccountId) this.currentUserAccountId = nearAccountId;
+		const base = this.signerModeOverride ?? DEFAULT_SIGNING_MODE;
+		const next = coerceSignerMode(signerMode, base);
+		this.setSignerModeInternal(next, {
+			persist: false,
+			notify: true
+		});
+	}
 	setCurrentUser(nearAccountId) {
 		this.currentUserAccountId = nearAccountId;
 		if (!IndexedDBManager.clientDB.isDisabled()) this.loadSettingsForUser(nearAccountId).catch(() => void 0);
@@ -195,6 +235,13 @@ var UserPreferencesManager = class {
 			this.notifyConfirmationConfigChange(this.confirmationConfig);
 			if (this.confirmationConfig.theme !== prevTheme) this.notifyThemeChange(this.confirmationConfig.theme);
 		}
+		const base = this.signerModeOverride ?? DEFAULT_SIGNING_MODE;
+		const stored = user?.preferences?.signerMode;
+		const nextSignerMode = stored != null ? coerceSignerMode(stored, base) : base;
+		this.setSignerModeInternal(nextSignerMode, {
+			persist: false,
+			notify: true
+		});
 	}
 	/**
 	* Reload current user settings from IndexedDB
@@ -243,6 +290,13 @@ var UserPreferencesManager = class {
 				this.notifyConfirmationConfigChange(this.confirmationConfig);
 				if (this.confirmationConfig.theme !== prevTheme) this.notifyThemeChange(this.confirmationConfig.theme);
 			} else console.debug("[WebAuthnManager]: No user preferences found, using defaults");
+			const base = this.signerModeOverride ?? DEFAULT_SIGNING_MODE;
+			const stored = user?.preferences?.signerMode;
+			const nextSignerMode = stored != null ? coerceSignerMode(stored, base) : base;
+			this.setSignerModeInternal(nextSignerMode, {
+				persist: false,
+				notify: true
+			});
 		} else console.debug("[WebAuthnManager]: No last user found, using default settings");
 	}
 	/**
@@ -298,6 +352,35 @@ var UserPreferencesManager = class {
 			console.warn("[UserPreferencesManager]: Failed to save user theme:", error);
 		}
 	}
+	/**
+	* Set signer mode preference (in-memory immediately; IndexedDB persistence is best-effort).
+	*/
+	setSignerMode(signerMode) {
+		const next = mergeSignerMode(this.signerMode, signerMode);
+		if (this.walletIframeSignerModeWriter && IndexedDBManager.clientDB.isDisabled()) {
+			this.walletIframeSignerModeWriter(next).catch(() => void 0);
+			return;
+		}
+		this.setSignerModeInternal(next, {
+			persist: true,
+			notify: true
+		});
+	}
+	isSignerModeEqual(a, b) {
+		if (a.mode !== b.mode) return false;
+		if (a.mode !== "threshold-signer" || b.mode !== "threshold-signer") return true;
+		return (a.behavior ?? null) === (b.behavior ?? null);
+	}
+	setSignerModeInternal(next, opts) {
+		const prev = this.signerMode;
+		this.signerMode = next;
+		if (opts.notify && !this.isSignerModeEqual(prev, next)) this.notifySignerModeChange(next);
+		if (opts.persist) {
+			const id = this.currentUserAccountId;
+			if (!id || IndexedDBManager.clientDB.isDisabled()) return;
+			IndexedDBManager.clientDB.setSignerMode(id, next).catch(() => void 0);
+		}
+	}
 };
 const UserPreferencesInstance = new UserPreferencesManager();
 var userPreferences_default = UserPreferencesInstance;

package/dist/esm/core/WebAuthnManager/userPreferences.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"userPreferences.js","names":["error: any","next: ConfirmationConfig","envTheme: 'dark' \| 'light' \| null","accountId: AccountId \| undefined"],"sources":["../../../../src/core/WebAuthnManager/userPreferences.ts"],"sourcesContent":["import { ConfirmationConfig, DEFAULT_CONFIRMATION_CONFIG } from '../types/signer-worker';\nimport type { AccountId } from '../types/accountIds';\nimport { IndexedDBManager, type IndexedDBEvent } from '../IndexedDBManager';\n\n\nexport class UserPreferencesManager {\n private themeChangeListeners: Set<(theme: 'dark' \| 'light') => void> = new Set();\n private confirmationConfigChangeListeners: Set<(config: ConfirmationConfig) => void> = new Set();\n private currentUserAccountId: AccountId \| undefined;\n private confirmationConfig: ConfirmationConfig = DEFAULT_CONFIRMATION_CONFIG;\n // Optional app-provided default theme (e.g., configs.walletTheme). This is NOT a per-user preference.\n private walletThemeOverride: 'dark' \| 'light' \| null = null;\n // Prevent multiple one-time environment syncs per session\n private envThemeSyncedForSession = false;\n\n constructor() {\n // Subscribe to IndexedDB change events for automatic sync\n this.subscribeToIndexedDBChanges();\n }\n\n /*\n Apply an app-provided default theme (e.g., `configs.walletTheme`) without\n * persisting it as a per-user preference in IndexedDB.\n \n This also disables the one-time environment theme sync so host appearance\n * (e.g., VitePress `html.dark`) cannot override an explicit config.\n /\n configureWalletTheme(theme?: 'dark' \| 'light'): void {\n if (theme !== 'dark' && theme !== 'light') return;\n this.walletThemeOverride = theme;\n // If integrator explicitly configured a theme, do not auto-sync from environment.\n this.envThemeSyncedForSession = true;\n if (this.confirmationConfig.theme !== theme) {\n this.confirmationConfig = {\n ...this.confirmationConfig,\n theme,\n };\n this.notifyConfirmationConfigChange(this.confirmationConfig);\n this.notifyThemeChange(theme);\n }\n }\n\n /\n Register a callback for theme change events\n /\n onThemeChange(callback: (theme: 'dark' \| 'light') => void): () => void {\n this.themeChangeListeners.add(callback);\n return () => {\n this.themeChangeListeners.delete(callback);\n };\n }\n\n /\n Register a callback for confirmation config changes.\n * Used to keep app UI in sync with the wallet host in wallet-iframe mode.\n /\n onConfirmationConfigChange(callback: (config: ConfirmationConfig) => void): () => void {\n this.confirmationConfigChangeListeners.add(callback);\n return () => {\n this.confirmationConfigChangeListeners.delete(callback);\n };\n }\n\n /\n Notify all registered listeners of theme changes\n /\n private notifyThemeChange(theme: 'dark' \| 'light'): void {\n if (this.themeChangeListeners.size === 0) {\n // In many environments (e.g., wallet iframe host), there may be no UI subscribers.\n // Use debug to avoid noisy warnings while still being helpful during development.\n console.debug(`[UserPreferencesManager]: No listeners registered, theme change will not propagate.`);\n return;\n }\n\n let index = 0;\n this.themeChangeListeners.forEach((listener) => {\n index++;\n try {\n listener(theme);\n } catch (error: any) {\n }\n });\n }\n\n private notifyConfirmationConfigChange(config: ConfirmationConfig): void {\n if (this.confirmationConfigChangeListeners.size === 0) return;\n this.confirmationConfigChangeListeners.forEach((listener) => {\n try {\n listener(config);\n } catch {}\n });\n }\n\n /\n Best-effort async initialization from IndexedDB.\n \n Callers decide when to invoke this so environments that must avoid\n * app-origin IndexedDB (wallet-iframe mode) can skip it entirely.\n /\n async initFromIndexedDB(): Promise<void> {\n try {\n await this.loadUserSettings();\n } catch (error) {\n console.warn('[WebAuthnManager]: Failed to initialize user settings:', error);\n // Keep default settings if loading fails\n }\n }\n\n /\n Subscribe to IndexedDB change events for automatic synchronization\n /\n private subscribeToIndexedDBChanges(): void {\n // Subscribe to IndexedDB change events\n this.unsubscribeFromIndexedDB = IndexedDBManager.clientDB.onChange((event) => {\n this.handleIndexedDBEvent(event);\n });\n }\n\n /\n Handle IndexedDB change events.\n * @param event - The IndexedDBEvent: `user-updated`, `preferences-updated`, `user-deleted` to handle.\n /\n private async handleIndexedDBEvent(event: IndexedDBEvent): Promise<void> {\n try {\n switch (event.type) {\n case 'preferences-updated':\n // Check if this affects the current user\n if (event.accountId === this.currentUserAccountId) {\n await this.reloadUserSettings();\n }\n break;\n\n case 'user-updated':\n // Check if this affects the current user\n if (event.accountId === this.currentUserAccountId) {\n await this.reloadUserSettings();\n }\n break;\n\n case 'user-deleted':\n // Check if the deleted user was the current user\n if (event.accountId === this.currentUserAccountId) {\n this.currentUserAccountId = undefined;\n this.confirmationConfig = DEFAULT_CONFIRMATION_CONFIG;\n }\n break;\n }\n } catch (error) {\n console.warn('[WebAuthnManager]: Error handling IndexedDB event:', error);\n }\n }\n\n /\n Unsubscribe function for IndexedDB events\n /\n private unsubscribeFromIndexedDB?: () => void;\n\n /\n Clean up resources and unsubscribe from events\n /\n destroy(): void {\n if (this.unsubscribeFromIndexedDB) {\n this.unsubscribeFromIndexedDB();\n this.unsubscribeFromIndexedDB = undefined;\n }\n // Clear all theme change listeners\n this.themeChangeListeners.clear();\n this.confirmationConfigChangeListeners.clear();\n }\n\n getCurrentUserAccountId(): AccountId {\n if (!this.currentUserAccountId) {\n console.debug('[UserPreferencesManager]: getCurrentUserAccountId called with no current user; returning empty id');\n // Return an empty string to keep callers defensive; most consumers\n // already treat falsy accountIds as \"no-op\"/logged‑out.\n return '' as AccountId;\n }\n return this.currentUserAccountId;\n }\n\n getConfirmationConfig(): ConfirmationConfig {\n return this.confirmationConfig;\n }\n\n /\n Apply an authoritative confirmation config snapshot from the wallet-iframe host.\n * This updates in-memory state only; persistence remains owned by the wallet origin.\n /\n applyWalletHostConfirmationConfig(args: {\n nearAccountId?: AccountId \| null;\n confirmationConfig: ConfirmationConfig;\n }): void {\n const { nearAccountId, confirmationConfig } = args \|\| ({} as any);\n const prevTheme = this.confirmationConfig.theme;\n const next: ConfirmationConfig = {\n ...DEFAULT_CONFIRMATION_CONFIG,\n ...(confirmationConfig \|\| {}),\n } as ConfirmationConfig;\n\n if (nearAccountId) {\n this.currentUserAccountId = nearAccountId;\n }\n\n // Prevent environment heuristics on the app origin from overriding wallet-host state.\n this.envThemeSyncedForSession = true;\n\n this.confirmationConfig = next;\n this.notifyConfirmationConfigChange(this.confirmationConfig);\n if (this.confirmationConfig.theme !== prevTheme) {\n this.notifyThemeChange(this.confirmationConfig.theme);\n }\n }\n\n setCurrentUser(nearAccountId: AccountId): void {\n this.currentUserAccountId = nearAccountId;\n // Load settings for the new user (best-effort). In wallet-iframe mode on the app origin,\n // IndexedDB is intentionally disabled to avoid creating any tables.\n if (!IndexedDBManager.clientDB.isDisabled()) {\n void this.loadSettingsForUser(nearAccountId).catch(() => undefined);\n }\n\n // One-time: align user theme to current host appearance (e.g., VitePress html.dark)\n // In wallet-iframe mode (app origin), the wallet host owns preferences; do not override.\n if (!IndexedDBManager.clientDB.isDisabled() && !this.envThemeSyncedForSession && !this.walletThemeOverride) {\n let envTheme: 'dark' \| 'light' \| null = null;\n const isDark = (globalThis as any)?.document?.documentElement?.classList?.contains?.('dark');\n if (typeof isDark === 'boolean') envTheme = isDark ? 'dark' : 'light';\n if (!envTheme) {\n try {\n const stored = (globalThis as any)?.localStorage?.getItem?.('vitepress-theme-appearance');\n if (stored === 'dark' \|\| stored === 'light') envTheme = stored;\n } catch {\n // Storage may be blocked by the environment (e.g., third-party iframes)\n }\n }\n if (envTheme && envTheme !== this.confirmationConfig.theme) {\n // Fire-and-forget; listeners will propagate the change\n void this.setUserTheme(envTheme);\n }\n this.envThemeSyncedForSession = true;\n }\n }\n\n /\n Load settings for a specific user\n /\n private async loadSettingsForUser(nearAccountId: AccountId): Promise<void> {\n if (IndexedDBManager.clientDB.isDisabled()) return;\n const user = await IndexedDBManager.clientDB.getLastUser().catch(() => null);\n if (!user \|\| user.nearAccountId !== nearAccountId) return;\n if (user?.preferences?.confirmationConfig) {\n const prevTheme = this.confirmationConfig.theme;\n this.confirmationConfig = {\n ...this.confirmationConfig,\n ...user.preferences.confirmationConfig\n };\n this.notifyConfirmationConfigChange(this.confirmationConfig);\n if (this.confirmationConfig.theme !== prevTheme) {\n this.notifyThemeChange(this.confirmationConfig.theme);\n }\n }\n }\n\n /\n Reload current user settings from IndexedDB\n /\n async reloadUserSettings(): Promise<void> {\n await this.loadSettingsForUser(this.getCurrentUserAccountId());\n }\n\n /\n Set confirmation behavior\n /\n setConfirmBehavior(behavior: 'requireClick' \| 'autoProceed'): void {\n this.confirmationConfig = {\n ...this.confirmationConfig,\n behavior\n };\n this.notifyConfirmationConfigChange(this.confirmationConfig);\n this.saveUserSettings();\n }\n\n /\n Set confirmation configuration\n /\n setConfirmationConfig(config: ConfirmationConfig): void {\n const prevTheme = this.confirmationConfig.theme;\n this.confirmationConfig = {\n ...this.confirmationConfig,\n ...config\n };\n this.notifyConfirmationConfigChange(this.confirmationConfig);\n if (this.confirmationConfig.theme !== prevTheme) {\n this.notifyThemeChange(this.confirmationConfig.theme);\n }\n this.saveUserSettings();\n }\n\n /\n Load user confirmation settings from IndexedDB\n /\n async loadUserSettings(): Promise<void> {\n if (IndexedDBManager.clientDB.isDisabled()) return;\n const user = await IndexedDBManager.clientDB.getLastUser().catch(() => null);\n if (user) {\n const prevTheme = this.confirmationConfig.theme;\n this.currentUserAccountId = user.nearAccountId;\n // Load user's confirmation config if it exists, otherwise keep existing settings/defaults\n if (user.preferences?.confirmationConfig) {\n this.confirmationConfig = {\n ...this.confirmationConfig,\n ...user.preferences.confirmationConfig\n };\n this.notifyConfirmationConfigChange(this.confirmationConfig);\n if (this.confirmationConfig.theme !== prevTheme) {\n this.notifyThemeChange(this.confirmationConfig.theme);\n }\n } else {\n console.debug('[WebAuthnManager]: No user preferences found, using defaults');\n }\n } else {\n console.debug('[WebAuthnManager]: No last user found, using default settings');\n }\n }\n\n /\n Save current confirmation settings to IndexedDB\n /\n async saveUserSettings(): Promise<void> {\n try {\n let accountId: AccountId \| undefined = this.currentUserAccountId ?? undefined;\n if (!accountId) {\n const last = await IndexedDBManager.clientDB.getLastUser().catch(() => undefined as any);\n accountId = (last as any)?.nearAccountId;\n }\n\n if (!accountId) {\n console.warn('[UserPreferences]: No current user set; keeping confirmation config in memory only');\n return;\n }\n\n // Save confirmation config (which includes theme)\n await IndexedDBManager.clientDB.updatePreferences(accountId, {\n confirmationConfig: this.confirmationConfig,\n });\n } catch (error) {\n console.warn('[WebAuthnManager]: Failed to save user settings:', error);\n }\n }\n\n /\n Get user theme preference from IndexedDB\n /\n async getCurrentUserAccountIdTheme(): Promise<'dark' \| 'light' \| null> {\n const id = this.currentUserAccountId;\n if (!id) return null;\n try {\n return await IndexedDBManager.clientDB.getTheme(id);\n } catch (error) {\n console.debug('[WebAuthnManager]: getCurrentUserAccountIdTheme:', error);\n return null;\n }\n }\n\n getUserTheme(): 'dark' \| 'light' {\n return this.confirmationConfig.theme;\n }\n\n /\n Set user theme preference in IndexedDB\n */\n async setUserTheme(theme: 'dark' \| 'light'): Promise<void> {\n const id = this.currentUserAccountId;\n if (!id) return; // No-op when no user is set (logged-out state)\n // Always update local UI state immediately; persistence is best-effort.\n this.confirmationConfig = {\n ...this.confirmationConfig,\n theme\n };\n // Notify all listeners of theme change\n this.notifyConfirmationConfigChange(this.confirmationConfig);\n this.notifyThemeChange(theme);\n try {\n await IndexedDBManager.clientDB.setTheme(id, theme);\n } catch (error) {\n console.warn('[UserPreferencesManager]: Failed to save user theme:', error);\n }\n }\n}\n\n// Create and export singleton instance\nconst UserPreferencesInstance = new UserPreferencesManager();\nexport default UserPreferencesInstance;\n"],"mappings":";;;;;;AAKA,IAAa,yBAAb,MAAoC;CAClC,AAAQ,uCAA+D,IAAI;CAC3E,AAAQ,oDAA+E,IAAI;CAC3F,AAAQ;CACR,AAAQ,qBAAyC;CAEjD,AAAQ,sBAA+C;CAEvD,AAAQ,2BAA2B;CAEnC,cAAc;AAEZ,OAAK;;;;;;;;;CAUP,qBAAqB,OAAgC;AACnD,MAAI,UAAU,UAAU,UAAU,QAAS;AAC3C,OAAK,sBAAsB;AAE3B,OAAK,2BAA2B;AAChC,MAAI,KAAK,mBAAmB,UAAU,OAAO;AAC3C,QAAK,qBAAqB;IACxB,GAAG,KAAK;IACR;;AAEF,QAAK,+BAA+B,KAAK;AACzC,QAAK,kBAAkB;;;;;;CAO3B,cAAc,UAAyD;AACrE,OAAK,qBAAqB,IAAI;AAC9B,eAAa;AACX,QAAK,qBAAqB,OAAO;;;;;;;CAQrC,2BAA2B,UAA4D;AACrF,OAAK,kCAAkC,IAAI;AAC3C,eAAa;AACX,QAAK,kCAAkC,OAAO;;;;;;CAOlD,AAAQ,kBAAkB,OAA+B;AACvD,MAAI,KAAK,qBAAqB,SAAS,GAAG;AAGxC,WAAQ,MAAM;AACd;;EAGF,IAAI,QAAQ;AACZ,OAAK,qBAAqB,SAAS,aAAa;AAC9C;AACA,OAAI;AACF,aAAS;YACFA,OAAY;;;CAKzB,AAAQ,+BAA+B,QAAkC;AACvE,MAAI,KAAK,kCAAkC,SAAS,EAAG;AACvD,OAAK,kCAAkC,SAAS,aAAa;AAC3D,OAAI;AACF,aAAS;WACH;;;;;;;;;CAUZ,MAAM,oBAAmC;AACvC,MAAI;AACF,SAAM,KAAK;WACJ,OAAO;AACd,WAAQ,KAAK,0DAA0D;;;;;;CAQ3E,AAAQ,8BAAoC;AAE1C,OAAK,2BAA2B,iBAAiB,SAAS,UAAU,UAAU;AAC5E,QAAK,qBAAqB;;;;;;;CAQ9B,MAAc,qBAAqB,OAAsC;AACvE,MAAI;AACF,WAAQ,MAAM,MAAd;IACE,KAAK;AAEH,SAAI,MAAM,cAAc,KAAK,qBAC3B,OAAM,KAAK;AAEb;IAEF,KAAK;AAEH,SAAI,MAAM,cAAc,KAAK,qBAC3B,OAAM,KAAK;AAEb;IAEF,KAAK;AAEH,SAAI,MAAM,cAAc,KAAK,sBAAsB;AACjD,WAAK,uBAAuB;AAC5B,WAAK,qBAAqB;;AAE5B;;WAEG,OAAO;AACd,WAAQ,KAAK,sDAAsD;;;;;;CAOvE,AAAQ;;;;CAKR,UAAgB;AACd,MAAI,KAAK,0BAA0B;AACjC,QAAK;AACL,QAAK,2BAA2B;;AAGlC,OAAK,qBAAqB;AAC1B,OAAK,kCAAkC;;CAGzC,0BAAqC;AACnC,MAAI,CAAC,KAAK,sBAAsB;AAC9B,WAAQ,MAAM;AAGd,UAAO;;AAET,SAAO,KAAK;;CAGd,wBAA4C;AAC1C,SAAO,KAAK;;;;;;CAOd,kCAAkC,MAGzB;EACP,MAAM,EAAE,eAAe,uBAAuB,QAAS;EACvD,MAAM,YAAY,KAAK,mBAAmB;EAC1C,MAAMC,OAA2B;GAC/B,GAAG;GACH,GAAI,sBAAsB;;AAG5B,MAAI,cACF,MAAK,uBAAuB;AAI9B,OAAK,2BAA2B;AAEhC,OAAK,qBAAqB;AAC1B,OAAK,+BAA+B,KAAK;AACzC,MAAI,KAAK,mBAAmB,UAAU,UACpC,MAAK,kBAAkB,KAAK,mBAAmB;;CAInD,eAAe,eAAgC;AAC7C,OAAK,uBAAuB;AAG5B,MAAI,CAAC,iBAAiB,SAAS,aAC7B,CAAK,KAAK,oBAAoB,eAAe,YAAY;AAK3D,MAAI,CAAC,iBAAiB,SAAS,gBAAgB,CAAC,KAAK,4BAA4B,CAAC,KAAK,qBAAqB;GAC1G,IAAIC,WAAoC;GACxC,MAAM,SAAU,YAAoB,UAAU,iBAAiB,WAAW,WAAW;AACrF,OAAI,OAAO,WAAW,UAAW,YAAW,SAAS,SAAS;AAC9D,OAAI,CAAC,SACH,KAAI;IACF,MAAM,SAAU,YAAoB,cAAc,UAAU;AAC5D,QAAI,WAAW,UAAU,WAAW,QAAS,YAAW;WAClD;AAIV,OAAI,YAAY,aAAa,KAAK,mBAAmB,MAEnD,CAAK,KAAK,aAAa;AAEzB,QAAK,2BAA2B;;;;;;CAOpC,MAAc,oBAAoB,eAAyC;AACzE,MAAI,iBAAiB,SAAS,aAAc;EAC5C,MAAM,OAAO,MAAM,iBAAiB,SAAS,cAAc,YAAY;AACvE,MAAI,CAAC,QAAQ,KAAK,kBAAkB,cAAe;AACnD,MAAI,MAAM,aAAa,oBAAoB;GACzC,MAAM,YAAY,KAAK,mBAAmB;AAC1C,QAAK,qBAAqB;IACxB,GAAG,KAAK;IACR,GAAG,KAAK,YAAY;;AAEtB,QAAK,+BAA+B,KAAK;AACzC,OAAI,KAAK,mBAAmB,UAAU,UACpC,MAAK,kBAAkB,KAAK,mBAAmB;;;;;;CAQrD,MAAM,qBAAoC;AACxC,QAAM,KAAK,oBAAoB,KAAK;;;;;CAMtC,mBAAmB,UAAgD;AACjE,OAAK,qBAAqB;GACxB,GAAG,KAAK;GACR;;AAEF,OAAK,+BAA+B,KAAK;AACzC,OAAK;;;;;CAMP,sBAAsB,QAAkC;EACtD,MAAM,YAAY,KAAK,mBAAmB;AAC1C,OAAK,qBAAqB;GACxB,GAAG,KAAK;GACR,GAAG;;AAEL,OAAK,+BAA+B,KAAK;AACzC,MAAI,KAAK,mBAAmB,UAAU,UACpC,MAAK,kBAAkB,KAAK,mBAAmB;AAEjD,OAAK;;;;;CAMP,MAAM,mBAAkC;AACtC,MAAI,iBAAiB,SAAS,aAAc;EAC5C,MAAM,OAAO,MAAM,iBAAiB,SAAS,cAAc,YAAY;AACvE,MAAI,MAAM;GACR,MAAM,YAAY,KAAK,mBAAmB;AAC1C,QAAK,uBAAuB,KAAK;AAEjC,OAAI,KAAK,aAAa,oBAAoB;AACxC,SAAK,qBAAqB;KACxB,GAAG,KAAK;KACR,GAAG,KAAK,YAAY;;AAEtB,SAAK,+BAA+B,KAAK;AACzC,QAAI,KAAK,mBAAmB,UAAU,UACpC,MAAK,kBAAkB,KAAK,mBAAmB;SAGjD,SAAQ,MAAM;QAGhB,SAAQ,MAAM;;;;;CAOlB,MAAM,mBAAkC;AACtC,MAAI;GACF,IAAIC,YAAmC,KAAK,wBAAwB;AACpE,OAAI,CAAC,WAAW;IACd,MAAM,OAAO,MAAM,iBAAiB,SAAS,cAAc,YAAY;AACvE,gBAAa,MAAc;;AAG7B,OAAI,CAAC,WAAW;AACd,YAAQ,KAAK;AACb;;AAIF,SAAM,iBAAiB,SAAS,kBAAkB,WAAW,EAC3D,oBAAoB,KAAK;WAEpB,OAAO;AACd,WAAQ,KAAK,oDAAoD;;;;;;CAOrE,MAAM,+BAAiE;EACrE,MAAM,KAAK,KAAK;AAChB,MAAI,CAAC,GAAI,QAAO;AAChB,MAAI;AACF,UAAO,MAAM,iBAAiB,SAAS,SAAS;WACzC,OAAO;AACd,WAAQ,MAAM,oDAAoD;AAClE,UAAO;;;CAIX,eAAiC;AAC/B,SAAO,KAAK,mBAAmB;;;;;CAMjC,MAAM,aAAa,OAAwC;EACzD,MAAM,KAAK,KAAK;AAChB,MAAI,CAAC,GAAI;AAET,OAAK,qBAAqB;GACxB,GAAG,KAAK;GACR;;AAGF,OAAK,+BAA+B,KAAK;AACzC,OAAK,kBAAkB;AACvB,MAAI;AACF,SAAM,iBAAiB,SAAS,SAAS,IAAI;WACtC,OAAO;AACd,WAAQ,KAAK,wDAAwD;;;;AAM3E,MAAM,0BAA0B,IAAI;AACpC,8BAAe"}
1	+ {"version":3,"file":"userPreferences.js","names":["next: ConfirmationConfig","envTheme: 'dark' \| 'light' \| null","accountId: AccountId \| undefined"],"sources":["../../../../src/core/WebAuthnManager/userPreferences.ts"],"sourcesContent":["import {\n ConfirmationConfig,\n DEFAULT_CONFIRMATION_CONFIG,\n type SignerMode,\n DEFAULT_SIGNING_MODE,\n coerceSignerMode,\n mergeSignerMode,\n} from '../types/signer-worker';\nimport type { AccountId } from '../types/accountIds';\nimport { IndexedDBManager, type IndexedDBEvent } from '../IndexedDBManager';\n\n\nexport class UserPreferencesManager {\n\n private themeChangeListeners: Set<(theme: 'dark' \| 'light') => void> = new Set();\n private confirmationConfigChangeListeners: Set<(config: ConfirmationConfig) => void> = new Set();\n private signerModeChangeListeners: Set<(mode: SignerMode) => void> = new Set();\n\n private currentUserAccountId: AccountId \| undefined;\n private confirmationConfig: ConfirmationConfig = DEFAULT_CONFIRMATION_CONFIG;\n private signerMode: SignerMode = DEFAULT_SIGNING_MODE;\n\n // Optional app-provided default theme (e.g., configs.walletTheme). This is NOT a per-user preference.\n private walletThemeOverride: 'dark' \| 'light' \| null = null;\n // Optional app-provided default signer mode (e.g., configs.signerMode). This is NOT a per-user preference.\n private signerModeOverride: SignerMode \| null = null;\n // Wallet-iframe app-origin: delegate signerMode persistence to the wallet host.\n private walletIframeSignerModeWriter: ((signerMode: SignerMode) => Promise<void>) \| null = null;\n // Prevent multiple one-time environment syncs per session\n private envThemeSyncedForSession = false;\n\n constructor() {\n // Subscribe to IndexedDB change events for automatic sync\n this.subscribeToIndexedDBChanges();\n }\n\n /*\n Apply an app-provided default theme (e.g., `configs.walletTheme`) without\n * persisting it as a per-user preference in IndexedDB.\n \n This also disables the one-time environment theme sync so host appearance\n * (e.g., VitePress `html.dark`) cannot override an explicit config.\n /\n configureWalletTheme(theme?: 'dark' \| 'light'): void {\n if (theme !== 'dark' && theme !== 'light') return;\n this.walletThemeOverride = theme;\n // If integrator explicitly configured a theme, do not auto-sync from environment.\n this.envThemeSyncedForSession = true;\n if (this.confirmationConfig.theme !== theme) {\n this.confirmationConfig = {\n ...this.confirmationConfig,\n theme,\n };\n this.notifyConfirmationConfigChange(this.confirmationConfig);\n this.notifyThemeChange(theme);\n }\n }\n\n /\n Apply an app-provided default signer mode (e.g., `configs.signerMode`) without\n * persisting it as a per-user preference in IndexedDB.\n /\n configureDefaultSignerMode(signerMode?: SignerMode \| SignerMode['mode'] \| null): void {\n const next = coerceSignerMode(signerMode, DEFAULT_SIGNING_MODE);\n this.signerModeOverride = next;\n // When no user is active, keep in-memory default aligned to config.\n if (!this.currentUserAccountId) {\n this.setSignerModeInternal(next, { persist: false, notify: true });\n }\n }\n\n /\n In wallet-iframe mode on the app origin, user preferences must be persisted by the wallet host\n * (not the app origin). This configures a best-effort writer used by `setSignerMode(...)` when\n * IndexedDB is disabled.\n /\n configureWalletIframeSignerModeWriter(writer: ((signerMode: SignerMode) => Promise<void>) \| null): void {\n this.walletIframeSignerModeWriter = writer;\n }\n\n /\n Register a callback for theme change events\n /\n onThemeChange(callback: (theme: 'dark' \| 'light') => void): () => void {\n this.themeChangeListeners.add(callback);\n return () => {\n this.themeChangeListeners.delete(callback);\n };\n }\n\n /\n Register a callback for confirmation config changes.\n * Used to keep app UI in sync with the wallet host in wallet-iframe mode.\n /\n onConfirmationConfigChange(callback: (config: ConfirmationConfig) => void): () => void {\n this.confirmationConfigChangeListeners.add(callback);\n return () => {\n this.confirmationConfigChangeListeners.delete(callback);\n };\n }\n\n /\n Register a callback for signer mode changes.\n /\n onSignerModeChange(callback: (mode: SignerMode) => void): () => void {\n this.signerModeChangeListeners.add(callback);\n return () => {\n this.signerModeChangeListeners.delete(callback);\n };\n }\n\n /\n Notify all registered listeners of theme changes\n /\n private notifyThemeChange(theme: 'dark' \| 'light'): void {\n if (this.themeChangeListeners.size === 0) {\n // In many environments (e.g., wallet iframe host), there may be no UI subscribers.\n // Use debug to avoid noisy warnings while still being helpful during development.\n console.debug(`[UserPreferencesManager]: No listeners registered, theme change will not propagate.`);\n return;\n }\n\n for (const listener of this.themeChangeListeners) {\n listener(theme);\n }\n }\n\n private notifyConfirmationConfigChange(config: ConfirmationConfig): void {\n if (this.confirmationConfigChangeListeners.size === 0) return;\n for (const listener of this.confirmationConfigChangeListeners) {\n listener(config);\n }\n }\n\n private notifySignerModeChange(mode: SignerMode): void {\n if (this.signerModeChangeListeners.size === 0) return;\n for (const listener of this.signerModeChangeListeners) {\n listener(mode);\n }\n }\n\n /\n Best-effort async initialization from IndexedDB.\n \n Callers decide when to invoke this so environments that must avoid\n * app-origin IndexedDB (wallet-iframe mode) can skip it entirely.\n /\n async initFromIndexedDB(): Promise<void> {\n await this.loadUserSettings().catch((error) => {\n console.warn('[WebAuthnManager]: Failed to initialize user settings:', error);\n });\n }\n\n /\n Subscribe to IndexedDB change events for automatic synchronization\n /\n private subscribeToIndexedDBChanges(): void {\n // Subscribe to IndexedDB change events\n this.unsubscribeFromIndexedDB = IndexedDBManager.clientDB.onChange((event) => {\n void this.handleIndexedDBEvent(event).catch((error) => {\n console.warn('[WebAuthnManager]: Error handling IndexedDB event:', error);\n });\n });\n }\n\n /\n Handle IndexedDB change events.\n * @param event - The IndexedDBEvent: `user-updated`, `preferences-updated`, `user-deleted` to handle.\n /\n private async handleIndexedDBEvent(event: IndexedDBEvent): Promise<void> {\n switch (event.type) {\n case 'preferences-updated':\n // Check if this affects the current user\n if (event.accountId === this.currentUserAccountId) {\n await this.reloadUserSettings();\n }\n break;\n\n case 'user-updated':\n // Check if this affects the current user\n if (event.accountId === this.currentUserAccountId) {\n await this.reloadUserSettings();\n }\n break;\n\n case 'user-deleted':\n // Check if the deleted user was the current user\n if (event.accountId === this.currentUserAccountId) {\n this.currentUserAccountId = undefined;\n this.confirmationConfig = DEFAULT_CONFIRMATION_CONFIG;\n }\n break;\n }\n }\n\n /\n Unsubscribe function for IndexedDB events\n /\n private unsubscribeFromIndexedDB?: () => void;\n\n /\n Clean up resources and unsubscribe from events\n /\n destroy(): void {\n if (this.unsubscribeFromIndexedDB) {\n this.unsubscribeFromIndexedDB();\n this.unsubscribeFromIndexedDB = undefined;\n }\n this.walletIframeSignerModeWriter = null;\n // Clear all theme change listeners\n this.themeChangeListeners.clear();\n this.confirmationConfigChangeListeners.clear();\n this.signerModeChangeListeners.clear();\n }\n\n getCurrentUserAccountId(): AccountId {\n if (!this.currentUserAccountId) {\n console.debug('[UserPreferencesManager]: getCurrentUserAccountId called with no current user; returning empty id');\n // Return an empty string to keep callers defensive; most consumers\n // already treat falsy accountIds as \"no-op\"/logged‑out.\n return '' as AccountId;\n }\n return this.currentUserAccountId;\n }\n\n getConfirmationConfig(): ConfirmationConfig {\n return this.confirmationConfig;\n }\n\n getSignerMode(): SignerMode {\n return this.signerMode;\n }\n\n /\n Apply an authoritative confirmation config snapshot from the wallet-iframe host.\n * This updates in-memory state only; persistence remains owned by the wallet origin.\n /\n applyWalletHostConfirmationConfig(args: {\n nearAccountId?: AccountId \| null;\n confirmationConfig: ConfirmationConfig;\n }): void {\n const { nearAccountId, confirmationConfig } = args \|\| ({} as any);\n const prevTheme = this.confirmationConfig.theme;\n const next: ConfirmationConfig = {\n ...DEFAULT_CONFIRMATION_CONFIG,\n ...(confirmationConfig \|\| {}),\n } as ConfirmationConfig;\n\n if (nearAccountId) {\n this.currentUserAccountId = nearAccountId;\n }\n\n // Prevent environment heuristics on the app origin from overriding wallet-host state.\n this.envThemeSyncedForSession = true;\n\n this.confirmationConfig = next;\n this.notifyConfirmationConfigChange(this.confirmationConfig);\n if (this.confirmationConfig.theme !== prevTheme) {\n this.notifyThemeChange(this.confirmationConfig.theme);\n }\n }\n\n /\n Apply an authoritative signer mode snapshot from the wallet-iframe host.\n * This updates in-memory state only; persistence remains owned by the wallet origin.\n /\n applyWalletHostSignerMode(args: {\n nearAccountId?: AccountId \| null;\n signerMode: SignerMode;\n }): void {\n const { nearAccountId, signerMode } = args \|\| ({} as any);\n if (nearAccountId) {\n this.currentUserAccountId = nearAccountId;\n }\n const base = this.signerModeOverride ?? DEFAULT_SIGNING_MODE;\n const next = coerceSignerMode(signerMode, base);\n this.setSignerModeInternal(next, { persist: false, notify: true });\n }\n\n setCurrentUser(nearAccountId: AccountId): void {\n this.currentUserAccountId = nearAccountId;\n // Load settings for the new user (best-effort). In wallet-iframe mode on the app origin,\n // IndexedDB is intentionally disabled to avoid creating any tables.\n if (!IndexedDBManager.clientDB.isDisabled()) {\n void this.loadSettingsForUser(nearAccountId).catch(() => undefined);\n }\n\n // One-time: align user theme to current host appearance (e.g., VitePress html.dark)\n // In wallet-iframe mode (app origin), the wallet host owns preferences; do not override.\n if (!IndexedDBManager.clientDB.isDisabled() && !this.envThemeSyncedForSession && !this.walletThemeOverride) {\n let envTheme: 'dark' \| 'light' \| null = null;\n const isDark = (globalThis as any)?.document?.documentElement?.classList?.contains?.('dark');\n if (typeof isDark === 'boolean') envTheme = isDark ? 'dark' : 'light';\n if (!envTheme) {\n try {\n const stored = (globalThis as any)?.localStorage?.getItem?.('vitepress-theme-appearance');\n if (stored === 'dark' \|\| stored === 'light') envTheme = stored;\n } catch {\n // Storage may be blocked by the environment (e.g., third-party iframes)\n }\n }\n if (envTheme && envTheme !== this.confirmationConfig.theme) {\n // Fire-and-forget; listeners will propagate the change\n void this.setUserTheme(envTheme);\n }\n this.envThemeSyncedForSession = true;\n }\n }\n\n /\n Load settings for a specific user\n /\n private async loadSettingsForUser(nearAccountId: AccountId): Promise<void> {\n if (IndexedDBManager.clientDB.isDisabled()) return;\n const user = await IndexedDBManager.clientDB.getLastUser().catch(() => null);\n if (!user \|\| user.nearAccountId !== nearAccountId) return;\n if (user?.preferences?.confirmationConfig) {\n const prevTheme = this.confirmationConfig.theme;\n this.confirmationConfig = {\n ...this.confirmationConfig,\n ...user.preferences.confirmationConfig\n };\n this.notifyConfirmationConfigChange(this.confirmationConfig);\n if (this.confirmationConfig.theme !== prevTheme) {\n this.notifyThemeChange(this.confirmationConfig.theme);\n }\n }\n\n // Signer mode: stored per-user preference (optional).\n const base = this.signerModeOverride ?? DEFAULT_SIGNING_MODE;\n const stored = user?.preferences?.signerMode as SignerMode \| SignerMode['mode'] \| null \| undefined;\n const nextSignerMode = stored != null ? coerceSignerMode(stored, base) : base;\n this.setSignerModeInternal(nextSignerMode, { persist: false, notify: true });\n }\n\n /\n Reload current user settings from IndexedDB\n /\n async reloadUserSettings(): Promise<void> {\n await this.loadSettingsForUser(this.getCurrentUserAccountId());\n }\n\n /\n Set confirmation behavior\n /\n setConfirmBehavior(behavior: 'requireClick' \| 'autoProceed'): void {\n this.confirmationConfig = {\n ...this.confirmationConfig,\n behavior\n };\n this.notifyConfirmationConfigChange(this.confirmationConfig);\n this.saveUserSettings();\n }\n\n /\n Set confirmation configuration\n /\n setConfirmationConfig(config: ConfirmationConfig): void {\n const prevTheme = this.confirmationConfig.theme;\n this.confirmationConfig = {\n ...this.confirmationConfig,\n ...config\n };\n this.notifyConfirmationConfigChange(this.confirmationConfig);\n if (this.confirmationConfig.theme !== prevTheme) {\n this.notifyThemeChange(this.confirmationConfig.theme);\n }\n this.saveUserSettings();\n }\n\n /\n Load user confirmation settings from IndexedDB\n /\n async loadUserSettings(): Promise<void> {\n if (IndexedDBManager.clientDB.isDisabled()) return;\n const user = await IndexedDBManager.clientDB.getLastUser().catch(() => null);\n if (user) {\n const prevTheme = this.confirmationConfig.theme;\n this.currentUserAccountId = user.nearAccountId;\n // Load user's confirmation config if it exists, otherwise keep existing settings/defaults\n if (user.preferences?.confirmationConfig) {\n this.confirmationConfig = {\n ...this.confirmationConfig,\n ...user.preferences.confirmationConfig\n };\n this.notifyConfirmationConfigChange(this.confirmationConfig);\n if (this.confirmationConfig.theme !== prevTheme) {\n this.notifyThemeChange(this.confirmationConfig.theme);\n }\n } else {\n console.debug('[WebAuthnManager]: No user preferences found, using defaults');\n }\n\n // Load signer mode preference if available; otherwise use app default (configs.signerMode).\n const base = this.signerModeOverride ?? DEFAULT_SIGNING_MODE;\n const stored = user?.preferences?.signerMode as SignerMode \| SignerMode['mode'] \| null \| undefined;\n const nextSignerMode = stored != null ? coerceSignerMode(stored, base) : base;\n this.setSignerModeInternal(nextSignerMode, { persist: false, notify: true });\n } else {\n console.debug('[WebAuthnManager]: No last user found, using default settings');\n }\n }\n\n /\n Save current confirmation settings to IndexedDB\n /\n async saveUserSettings(): Promise<void> {\n try {\n let accountId: AccountId \| undefined = this.currentUserAccountId ?? undefined;\n if (!accountId) {\n const last = await IndexedDBManager.clientDB.getLastUser().catch(() => undefined as any);\n accountId = (last as any)?.nearAccountId;\n }\n\n if (!accountId) {\n console.warn('[UserPreferences]: No current user set; keeping confirmation config in memory only');\n return;\n }\n\n // Save confirmation config (which includes theme)\n await IndexedDBManager.clientDB.updatePreferences(accountId, {\n confirmationConfig: this.confirmationConfig,\n });\n } catch (error) {\n console.warn('[WebAuthnManager]: Failed to save user settings:', error);\n }\n }\n\n /\n Get user theme preference from IndexedDB\n /\n async getCurrentUserAccountIdTheme(): Promise<'dark' \| 'light' \| null> {\n const id = this.currentUserAccountId;\n if (!id) return null;\n try {\n return await IndexedDBManager.clientDB.getTheme(id);\n } catch (error) {\n console.debug('[WebAuthnManager]: getCurrentUserAccountIdTheme:', error);\n return null;\n }\n }\n\n getUserTheme(): 'dark' \| 'light' {\n return this.confirmationConfig.theme;\n }\n\n /\n Set user theme preference in IndexedDB\n /\n async setUserTheme(theme: 'dark' \| 'light'): Promise<void> {\n const id = this.currentUserAccountId;\n if (!id) return; // No-op when no user is set (logged-out state)\n // Always update local UI state immediately; persistence is best-effort.\n this.confirmationConfig = {\n ...this.confirmationConfig,\n theme\n };\n // Notify all listeners of theme change\n this.notifyConfirmationConfigChange(this.confirmationConfig);\n this.notifyThemeChange(theme);\n try {\n await IndexedDBManager.clientDB.setTheme(id, theme);\n } catch (error) {\n console.warn('[UserPreferencesManager]: Failed to save user theme:', error);\n }\n }\n\n /\n Set signer mode preference (in-memory immediately; IndexedDB persistence is best-effort).\n */\n setSignerMode(signerMode: SignerMode \| SignerMode['mode']): void {\n const next = mergeSignerMode(this.signerMode, signerMode);\n // In wallet-iframe mode on the app origin, persistence is owned by the wallet host.\n // Forward to the host and rely on PREFERENCES_CHANGED mirroring for local state updates.\n if (this.walletIframeSignerModeWriter && IndexedDBManager.clientDB.isDisabled()) {\n void this.walletIframeSignerModeWriter(next).catch(() => undefined);\n return;\n }\n this.setSignerModeInternal(next, { persist: true, notify: true });\n }\n\n private isSignerModeEqual(a: SignerMode, b: SignerMode): boolean {\n if (a.mode !== b.mode) return false;\n if (a.mode !== 'threshold-signer' \|\| b.mode !== 'threshold-signer') return true;\n return (a.behavior ?? null) === (b.behavior ?? null);\n }\n\n private setSignerModeInternal(next: SignerMode, opts: { persist: boolean; notify: boolean }): void {\n const prev = this.signerMode;\n this.signerMode = next;\n if (opts.notify && !this.isSignerModeEqual(prev, next)) {\n this.notifySignerModeChange(next);\n }\n if (opts.persist) {\n // Best-effort persistence: only write when we have a current user context.\n const id = this.currentUserAccountId;\n if (!id \|\| IndexedDBManager.clientDB.isDisabled()) return;\n void IndexedDBManager.clientDB.setSignerMode(id, next).catch(() => undefined);\n }\n }\n}\n\n// Create and export singleton instance\nconst UserPreferencesInstance = new UserPreferencesManager();\nexport default UserPreferencesInstance;\n"],"mappings":";;;;AAYA,IAAa,yBAAb,MAAoC;CAElC,AAAQ,uCAA+D,IAAI;CAC3E,AAAQ,oDAA+E,IAAI;CAC3F,AAAQ,4CAA6D,IAAI;CAEzE,AAAQ;CACR,AAAQ,qBAAyC;CACjD,AAAQ,aAAyB;CAGjC,AAAQ,sBAA+C;CAEvD,AAAQ,qBAAwC;CAEhD,AAAQ,+BAAmF;CAE3F,AAAQ,2BAA2B;CAEnC,cAAc;AAEZ,OAAK;;;;;;;;;CAUP,qBAAqB,OAAgC;AACnD,MAAI,UAAU,UAAU,UAAU,QAAS;AAC3C,OAAK,sBAAsB;AAE3B,OAAK,2BAA2B;AAChC,MAAI,KAAK,mBAAmB,UAAU,OAAO;AAC3C,QAAK,qBAAqB;IACxB,GAAG,KAAK;IACR;;AAEF,QAAK,+BAA+B,KAAK;AACzC,QAAK,kBAAkB;;;;;;;CAQ3B,2BAA2B,YAA2D;EACpF,MAAM,OAAO,iBAAiB,YAAY;AAC1C,OAAK,qBAAqB;AAE1B,MAAI,CAAC,KAAK,qBACR,MAAK,sBAAsB,MAAM;GAAE,SAAS;GAAO,QAAQ;;;;;;;;CAS/D,sCAAsC,QAAkE;AACtG,OAAK,+BAA+B;;;;;CAMtC,cAAc,UAAyD;AACrE,OAAK,qBAAqB,IAAI;AAC9B,eAAa;AACX,QAAK,qBAAqB,OAAO;;;;;;;CAQrC,2BAA2B,UAA4D;AACrF,OAAK,kCAAkC,IAAI;AAC3C,eAAa;AACX,QAAK,kCAAkC,OAAO;;;;;;CAOlD,mBAAmB,UAAkD;AACnE,OAAK,0BAA0B,IAAI;AACnC,eAAa;AACX,QAAK,0BAA0B,OAAO;;;;;;CAO1C,AAAQ,kBAAkB,OAA+B;AACvD,MAAI,KAAK,qBAAqB,SAAS,GAAG;AAGxC,WAAQ,MAAM;AACd;;AAGF,OAAK,MAAM,YAAY,KAAK,qBAC1B,UAAS;;CAIb,AAAQ,+BAA+B,QAAkC;AACvE,MAAI,KAAK,kCAAkC,SAAS,EAAG;AACvD,OAAK,MAAM,YAAY,KAAK,kCAC1B,UAAS;;CAIb,AAAQ,uBAAuB,MAAwB;AACrD,MAAI,KAAK,0BAA0B,SAAS,EAAG;AAC/C,OAAK,MAAM,YAAY,KAAK,0BAC1B,UAAS;;;;;;;;CAUb,MAAM,oBAAmC;AACvC,QAAM,KAAK,mBAAmB,OAAO,UAAU;AAC7C,WAAQ,KAAK,0DAA0D;;;;;;CAO3E,AAAQ,8BAAoC;AAE1C,OAAK,2BAA2B,iBAAiB,SAAS,UAAU,UAAU;AAC5E,GAAK,KAAK,qBAAqB,OAAO,OAAO,UAAU;AACrD,YAAQ,KAAK,sDAAsD;;;;;;;;CASzE,MAAc,qBAAqB,OAAsC;AACvE,UAAQ,MAAM,MAAd;GACE,KAAK;AAEH,QAAI,MAAM,cAAc,KAAK,qBAC3B,OAAM,KAAK;AAEb;GAEF,KAAK;AAEH,QAAI,MAAM,cAAc,KAAK,qBAC3B,OAAM,KAAK;AAEb;GAEF,KAAK;AAEH,QAAI,MAAM,cAAc,KAAK,sBAAsB;AACjD,UAAK,uBAAuB;AAC5B,UAAK,qBAAqB;;AAE5B;;;;;;CAON,AAAQ;;;;CAKR,UAAgB;AACd,MAAI,KAAK,0BAA0B;AACjC,QAAK;AACL,QAAK,2BAA2B;;AAElC,OAAK,+BAA+B;AAEpC,OAAK,qBAAqB;AAC1B,OAAK,kCAAkC;AACvC,OAAK,0BAA0B;;CAGjC,0BAAqC;AACnC,MAAI,CAAC,KAAK,sBAAsB;AAC9B,WAAQ,MAAM;AAGd,UAAO;;AAET,SAAO,KAAK;;CAGd,wBAA4C;AAC1C,SAAO,KAAK;;CAGd,gBAA4B;AAC1B,SAAO,KAAK;;;;;;CAOd,kCAAkC,MAGzB;EACP,MAAM,EAAE,eAAe,uBAAuB,QAAS;EACvD,MAAM,YAAY,KAAK,mBAAmB;EAC1C,MAAMA,OAA2B;GAC/B,GAAG;GACH,GAAI,sBAAsB;;AAG5B,MAAI,cACF,MAAK,uBAAuB;AAI9B,OAAK,2BAA2B;AAEhC,OAAK,qBAAqB;AAC1B,OAAK,+BAA+B,KAAK;AACzC,MAAI,KAAK,mBAAmB,UAAU,UACpC,MAAK,kBAAkB,KAAK,mBAAmB;;;;;;CAQnD,0BAA0B,MAGjB;EACP,MAAM,EAAE,eAAe,eAAe,QAAS;AAC/C,MAAI,cACF,MAAK,uBAAuB;EAE9B,MAAM,OAAO,KAAK,sBAAsB;EACxC,MAAM,OAAO,iBAAiB,YAAY;AAC1C,OAAK,sBAAsB,MAAM;GAAE,SAAS;GAAO,QAAQ;;;CAG7D,eAAe,eAAgC;AAC7C,OAAK,uBAAuB;AAG5B,MAAI,CAAC,iBAAiB,SAAS,aAC7B,CAAK,KAAK,oBAAoB,eAAe,YAAY;AAK3D,MAAI,CAAC,iBAAiB,SAAS,gBAAgB,CAAC,KAAK,4BAA4B,CAAC,KAAK,qBAAqB;GAC1G,IAAIC,WAAoC;GACxC,MAAM,SAAU,YAAoB,UAAU,iBAAiB,WAAW,WAAW;AACrF,OAAI,OAAO,WAAW,UAAW,YAAW,SAAS,SAAS;AAC9D,OAAI,CAAC,SACH,KAAI;IACF,MAAM,SAAU,YAAoB,cAAc,UAAU;AAC5D,QAAI,WAAW,UAAU,WAAW,QAAS,YAAW;WAClD;AAIV,OAAI,YAAY,aAAa,KAAK,mBAAmB,MAEnD,CAAK,KAAK,aAAa;AAEzB,QAAK,2BAA2B;;;;;;CAOpC,MAAc,oBAAoB,eAAyC;AACzE,MAAI,iBAAiB,SAAS,aAAc;EAC5C,MAAM,OAAO,MAAM,iBAAiB,SAAS,cAAc,YAAY;AACvE,MAAI,CAAC,QAAQ,KAAK,kBAAkB,cAAe;AACnD,MAAI,MAAM,aAAa,oBAAoB;GACzC,MAAM,YAAY,KAAK,mBAAmB;AAC1C,QAAK,qBAAqB;IACxB,GAAG,KAAK;IACR,GAAG,KAAK,YAAY;;AAEtB,QAAK,+BAA+B,KAAK;AACzC,OAAI,KAAK,mBAAmB,UAAU,UACpC,MAAK,kBAAkB,KAAK,mBAAmB;;EAKnD,MAAM,OAAO,KAAK,sBAAsB;EACxC,MAAM,SAAS,MAAM,aAAa;EAClC,MAAM,iBAAiB,UAAU,OAAO,iBAAiB,QAAQ,QAAQ;AACzE,OAAK,sBAAsB,gBAAgB;GAAE,SAAS;GAAO,QAAQ;;;;;;CAMvE,MAAM,qBAAoC;AACxC,QAAM,KAAK,oBAAoB,KAAK;;;;;CAMtC,mBAAmB,UAAgD;AACjE,OAAK,qBAAqB;GACxB,GAAG,KAAK;GACR;;AAEF,OAAK,+BAA+B,KAAK;AACzC,OAAK;;;;;CAMP,sBAAsB,QAAkC;EACtD,MAAM,YAAY,KAAK,mBAAmB;AAC1C,OAAK,qBAAqB;GACxB,GAAG,KAAK;GACR,GAAG;;AAEL,OAAK,+BAA+B,KAAK;AACzC,MAAI,KAAK,mBAAmB,UAAU,UACpC,MAAK,kBAAkB,KAAK,mBAAmB;AAEjD,OAAK;;;;;CAMP,MAAM,mBAAkC;AACtC,MAAI,iBAAiB,SAAS,aAAc;EAC5C,MAAM,OAAO,MAAM,iBAAiB,SAAS,cAAc,YAAY;AACvE,MAAI,MAAM;GACR,MAAM,YAAY,KAAK,mBAAmB;AAC1C,QAAK,uBAAuB,KAAK;AAEjC,OAAI,KAAK,aAAa,oBAAoB;AACxC,SAAK,qBAAqB;KACxB,GAAG,KAAK;KACR,GAAG,KAAK,YAAY;;AAEtB,SAAK,+BAA+B,KAAK;AACzC,QAAI,KAAK,mBAAmB,UAAU,UACpC,MAAK,kBAAkB,KAAK,mBAAmB;SAGjD,SAAQ,MAAM;GAIhB,MAAM,OAAO,KAAK,sBAAsB;GACxC,MAAM,SAAS,MAAM,aAAa;GAClC,MAAM,iBAAiB,UAAU,OAAO,iBAAiB,QAAQ,QAAQ;AACzE,QAAK,sBAAsB,gBAAgB;IAAE,SAAS;IAAO,QAAQ;;QAErE,SAAQ,MAAM;;;;;CAOlB,MAAM,mBAAkC;AACtC,MAAI;GACF,IAAIC,YAAmC,KAAK,wBAAwB;AACpE,OAAI,CAAC,WAAW;IACd,MAAM,OAAO,MAAM,iBAAiB,SAAS,cAAc,YAAY;AACvE,gBAAa,MAAc;;AAG7B,OAAI,CAAC,WAAW;AACd,YAAQ,KAAK;AACb;;AAIF,SAAM,iBAAiB,SAAS,kBAAkB,WAAW,EAC3D,oBAAoB,KAAK;WAEpB,OAAO;AACd,WAAQ,KAAK,oDAAoD;;;;;;CAOrE,MAAM,+BAAiE;EACrE,MAAM,KAAK,KAAK;AAChB,MAAI,CAAC,GAAI,QAAO;AAChB,MAAI;AACF,UAAO,MAAM,iBAAiB,SAAS,SAAS;WACzC,OAAO;AACd,WAAQ,MAAM,oDAAoD;AAClE,UAAO;;;CAIX,eAAiC;AAC/B,SAAO,KAAK,mBAAmB;;;;;CAMjC,MAAM,aAAa,OAAwC;EACzD,MAAM,KAAK,KAAK;AAChB,MAAI,CAAC,GAAI;AAET,OAAK,qBAAqB;GACxB,GAAG,KAAK;GACR;;AAGF,OAAK,+BAA+B,KAAK;AACzC,OAAK,kBAAkB;AACvB,MAAI;AACF,SAAM,iBAAiB,SAAS,SAAS,IAAI;WACtC,OAAO;AACd,WAAQ,KAAK,wDAAwD;;;;;;CAOzE,cAAc,YAAmD;EAC/D,MAAM,OAAO,gBAAgB,KAAK,YAAY;AAG9C,MAAI,KAAK,gCAAgC,iBAAiB,SAAS,cAAc;AAC/E,GAAK,KAAK,6BAA6B,MAAM,YAAY;AACzD;;AAEF,OAAK,sBAAsB,MAAM;GAAE,SAAS;GAAM,QAAQ;;;CAG5D,AAAQ,kBAAkB,GAAe,GAAwB;AAC/D,MAAI,EAAE,SAAS,EAAE,KAAM,QAAO;AAC9B,MAAI,EAAE,SAAS,sBAAsB,EAAE,SAAS,mBAAoB,QAAO;AAC3E,UAAQ,EAAE,YAAY,WAAW,EAAE,YAAY;;CAGjD,AAAQ,sBAAsB,MAAkB,MAAmD;EACjG,MAAM,OAAO,KAAK;AAClB,OAAK,aAAa;AAClB,MAAI,KAAK,UAAU,CAAC,KAAK,kBAAkB,MAAM,MAC/C,MAAK,uBAAuB;AAE9B,MAAI,KAAK,SAAS;GAEhB,MAAM,KAAK,KAAK;AAChB,OAAI,CAAC,MAAM,iBAAiB,SAAS,aAAc;AACnD,GAAK,iBAAiB,SAAS,cAAc,IAAI,MAAM,YAAY;;;;AAMzE,MAAM,0BAA0B,IAAI;AACpC,8BAAe"}

package/dist/esm/core/defaultConfigs.js CHANGED Viewed

@@ -1,16 +1,65 @@
-import { __esm } from "../_virtual/rolldown_runtime.js";
+import { toTrimmedString } from "../utils/validation.js";
+import { coerceSignerMode } from "./types/signer-worker.js";
 //#region src/core/defaultConfigs.ts
+const PASSKEY_MANAGER_DEFAULT_CONFIGS = {
+	nearRpcUrl: "https://test.rpc.fastnear.com, https://rpc.testnet.near.org",
+	nearNetwork: "testnet",
+	contractId: "w3a-v1.testnet",
+	nearExplorerUrl: "https://testnet.nearblocks.io",
+	signerMode: { mode: "local-signer" },
+	signingSessionDefaults: {
+		ttlMs: 0,
+		remainingUses: 0
+	},
+	relayer: {
+		url: "",
+		delegateActionRoute: "/signed-delegate",
+		emailRecovery: {
+			minBalanceYocto: "10000000000000000000000",
+			pollingIntervalMs: 4e3,
+			maxPollingDurationMs: 1800 * 1e3,
+			pendingTtlMs: 1800 * 1e3,
+			mailtoAddress: "recover@web3authn.org"
+		}
+	},
+	vrfWorkerConfigs: { shamir3pass: {
+		p: "3N5w46AIGjGT2v5Vua_TMD5Ywfa9U2F7-WzW8SNDsIM",
+		relayServerUrl: "",
+		applyServerLockRoute: "/vrf/apply-server-lock",
+		removeServerLockRoute: "/vrf/remove-server-lock"
+	} },
+	emailRecoveryContracts: {
+		emailRecovererGlobalContract: "w3a-email-recoverer-v1.testnet",
+		zkEmailVerifierContract: "zk-email-verifier-v1.testnet",
+		emailDkimVerifierContract: "email-dkim-verifier-v1.testnet"
+	},
+	iframeWallet: {
+		walletOrigin: "https://wallet.example.localhost",
+		walletServicePath: "/wallet-service",
+		sdkBasePath: "/sdk",
+		rpIdOverride: "example.localhost"
+	}
+};
+const THRESHOLD_ED25519_CLIENT_PARTICIPANT_ID = 1;
+const THRESHOLD_ED25519_RELAYER_PARTICIPANT_ID = 2;
+const DEFAULT_EMAIL_RECOVERY_CONTRACTS = {
+	emailRecovererGlobalContract: PASSKEY_MANAGER_DEFAULT_CONFIGS.emailRecoveryContracts.emailRecovererGlobalContract,
+	zkEmailVerifierContract: PASSKEY_MANAGER_DEFAULT_CONFIGS.emailRecoveryContracts.zkEmailVerifierContract,
+	emailDkimVerifierContract: PASSKEY_MANAGER_DEFAULT_CONFIGS.emailRecoveryContracts.emailDkimVerifierContract
+};
 function buildConfigsFromEnv(overrides = {}) {
 	const defaults = PASSKEY_MANAGER_DEFAULT_CONFIGS;
 	const relayerUrl = overrides.relayer?.url ?? defaults.relayer?.url ?? "";
 	const relayServerUrlDefault = relayerUrl;
+	const signerMode = coerceSignerMode(overrides.signerMode, defaults.signerMode);
 	const merged = {
 		nearRpcUrl: overrides.nearRpcUrl ?? defaults.nearRpcUrl,
 		nearNetwork: overrides.nearNetwork ?? defaults.nearNetwork,
 		contractId: overrides.contractId ?? defaults.contractId,
 		nearExplorerUrl: overrides.nearExplorerUrl ?? defaults.nearExplorerUrl,
 		walletTheme: overrides.walletTheme ?? defaults.walletTheme,
+		signerMode,
 		signingSessionDefaults: {
 			ttlMs: overrides.signingSessionDefaults?.ttlMs ?? defaults.signingSessionDefaults?.ttlMs,
 			remainingUses: overrides.signingSessionDefaults?.remainingUses ?? defaults.signingSessionDefaults?.remainingUses
@@ -23,9 +72,7 @@ function buildConfigsFromEnv(overrides = {}) {
 				pollingIntervalMs: overrides.relayer?.emailRecovery?.pollingIntervalMs ?? defaults.relayer?.emailRecovery?.pollingIntervalMs,
 				maxPollingDurationMs: overrides.relayer?.emailRecovery?.maxPollingDurationMs ?? defaults.relayer?.emailRecovery?.maxPollingDurationMs,
 				pendingTtlMs: overrides.relayer?.emailRecovery?.pendingTtlMs ?? defaults.relayer?.emailRecovery?.pendingTtlMs,
-				mailtoAddress: overrides.relayer?.emailRecovery?.mailtoAddress ?? defaults.relayer?.emailRecovery?.mailtoAddress,
-				dkimVerifierAccountId: overrides.relayer?.emailRecovery?.dkimVerifierAccountId ?? defaults.relayer?.emailRecovery?.dkimVerifierAccountId,
-				verificationViewMethod: overrides.relayer?.emailRecovery?.verificationViewMethod ?? defaults.relayer?.emailRecovery?.verificationViewMethod
+				mailtoAddress: overrides.relayer?.emailRecovery?.mailtoAddress ?? defaults.relayer?.emailRecovery?.mailtoAddress
 			}
 		},
 		authenticatorOptions: overrides.authenticatorOptions ?? defaults.authenticatorOptions,
@@ -42,65 +89,16 @@ function buildConfigsFromEnv(overrides = {}) {
 		},
 		iframeWallet: {
 			walletOrigin: overrides.iframeWallet?.walletOrigin ?? defaults.iframeWallet?.walletOrigin,
-			walletServicePath: overrides.iframeWallet?.walletServicePath ?? defaults.iframeWallet?.walletServicePath ?? "/wallet-service",
-			sdkBasePath: overrides.iframeWallet?.sdkBasePath ?? defaults.iframeWallet?.sdkBasePath ?? "/sdk",
-			rpIdOverride: overrides.iframeWallet?.rpIdOverride ?? defaults.iframeWallet?.rpIdOverride
+			rpIdOverride: overrides.iframeWallet?.rpIdOverride ?? defaults.iframeWallet?.rpIdOverride,
+			walletServicePath: toTrimmedString(overrides.iframeWallet?.walletServicePath) || toTrimmedString(defaults.iframeWallet?.walletServicePath) || "/wallet-service",
+			sdkBasePath: toTrimmedString(overrides.iframeWallet?.sdkBasePath) || toTrimmedString(defaults.iframeWallet?.sdkBasePath) || "/sdk"
 		}
 	};
 	if (!merged.contractId) throw new Error("[configPresets] Missing required config: contractId");
 	if (!merged.relayer.url) throw new Error("[configPresets] Missing required config: relayer.url");
 	return merged;
 }
-var PASSKEY_MANAGER_DEFAULT_CONFIGS, DEFAULT_EMAIL_RECOVERY_CONTRACTS;
-var init_defaultConfigs = __esm({ "src/core/defaultConfigs.ts": (() => {
-	PASSKEY_MANAGER_DEFAULT_CONFIGS = {
-		nearRpcUrl: "https://test.rpc.fastnear.com, https://rpc.testnet.near.org",
-		nearNetwork: "testnet",
-		contractId: "w3a-v1.testnet",
-		nearExplorerUrl: "https://testnet.nearblocks.io",
-		signingSessionDefaults: {
-			ttlMs: 0,
-			remainingUses: 0
-		},
-		relayer: {
-			url: "",
-			delegateActionRoute: "/signed-delegate",
-			emailRecovery: {
-				minBalanceYocto: "10000000000000000000000",
-				pollingIntervalMs: 4e3,
-				maxPollingDurationMs: 1800 * 1e3,
-				pendingTtlMs: 1800 * 1e3,
-				mailtoAddress: "recover@web3authn.org",
-				dkimVerifierAccountId: "email-dkim-verifier-v1.testnet",
-				verificationViewMethod: "get_verification_result"
-			}
-		},
-		vrfWorkerConfigs: { shamir3pass: {
-			p: "3N5w46AIGjGT2v5Vua_TMD5Ywfa9U2F7-WzW8SNDsIM",
-			relayServerUrl: "",
-			applyServerLockRoute: "/vrf/apply-server-lock",
-			removeServerLockRoute: "/vrf/remove-server-lock"
-		} },
-		emailRecoveryContracts: {
-			emailRecovererGlobalContract: "w3a-email-recoverer-v1.testnet",
-			zkEmailVerifierContract: "zk-email-verifier-v1.testnet",
-			emailDkimVerifierContract: "email-dkim-verifier-v1.testnet"
-		},
-		iframeWallet: {
-			walletOrigin: "https://wallet.example.localhost",
-			walletServicePath: "/wallet-service",
-			sdkBasePath: "/sdk",
-			rpIdOverride: "example.localhost"
-		}
-	};
-	DEFAULT_EMAIL_RECOVERY_CONTRACTS = {
-		emailRecovererGlobalContract: PASSKEY_MANAGER_DEFAULT_CONFIGS.emailRecoveryContracts.emailDkimVerifierContract,
-		zkEmailVerifierContract: PASSKEY_MANAGER_DEFAULT_CONFIGS.emailRecoveryContracts.zkEmailVerifierContract,
-		emailDkimVerifierContract: PASSKEY_MANAGER_DEFAULT_CONFIGS.emailRecoveryContracts.emailDkimVerifierContract
-	};
-}) });
 //#endregion
-init_defaultConfigs();
-export { DEFAULT_EMAIL_RECOVERY_CONTRACTS, PASSKEY_MANAGER_DEFAULT_CONFIGS, buildConfigsFromEnv, init_defaultConfigs };
+export { DEFAULT_EMAIL_RECOVERY_CONTRACTS, PASSKEY_MANAGER_DEFAULT_CONFIGS, THRESHOLD_ED25519_CLIENT_PARTICIPANT_ID, THRESHOLD_ED25519_RELAYER_PARTICIPANT_ID, buildConfigsFromEnv };
 //# sourceMappingURL=defaultConfigs.js.map