npm - @tatchi-xyz/sdk - Versions diffs - 0.20.0 → 0.31.0 - Mend

@tatchi-xyz/sdk 0.20.0 → 0.31.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2491) hide show

package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/session.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"session.js","names":["reservedNonces: string[] \| undefined","confirmHandle: ConfirmUIHandle \| undefined"],"sources":["../../../../../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/session.ts"],"sourcesContent":["import type { ConfirmationConfig } from '../../../../types/signer-worker';\nimport type { ConfirmUIHandle, ConfirmUIUpdate } from '../../../LitComponents/confirm-ui';\nimport type { ~~SecureConfirmDecision~~, ~~SecureConfirmRequest~~, TransactionSummary } from '../types';\nimport type { VRFChallenge } from '../../../../types';\nimport { sendConfirmResponse } from './common';\nimport type { ConfirmTxFlowAdapters } from './interfaces';\n\nexport function createConfirmSession({\n adapters,\n worker,\n request,\n confirmationConfig,\n transactionSummary,\n}: {\n adapters: ConfirmTxFlowAdapters;\n worker: Worker;\n request: ~~SecureConfirmRequest~~;\n confirmationConfig: ConfirmationConfig;\n transactionSummary: TransactionSummary;\n}): {\n setReservedNonces: (nonces?: string[]) => void;\n updateUI: (props: ConfirmUIUpdate) => void;\n promptUser: (args: { vrfChallenge?: Partial<VRFChallenge> }) => Promise<{ confirmed: boolean; error?: string }>;\n /*\n Send decision back to worker and perform standard cleanup.\n * - On `confirmed: false`, releases any reserved nonces.\n * - Always closes the confirm UI handle when present.\n /\n confirmAndCloseModal: (decision: SecureConfirmDecision) => void;\n /\n Cleanup + rethrow helper for invariant failures (e.g. missing PRF outputs),\n * where tests/logic expect no worker response envelope.\n */\n cleanupAndRethrow: (err: unknown) => never;\n} {\n let reservedNonces: string[] \| undefined;\n let confirmHandle: ConfirmUIHandle \| undefined;\n\n const setReservedNonces = (nonces?: string[]) => {\n reservedNonces = nonces;\n };\n\n const updateUI = (props: ConfirmUIUpdate) => {\n confirmHandle?.update?.(props);\n };\n\n const promptUser = async ({ vrfChallenge }: { vrfChallenge?: Partial<VRFChallenge> }) => {\n const { confirmed, confirmHandle: handle, error } = await adapters.ui.renderConfirmUI({\n request,\n confirmationConfig,\n transactionSummary,\n vrfChallenge,\n });\n confirmHandle = handle;\n return { confirmed, error };\n };\n\n const confirmAndCloseModal = (decision: SecureConfirmDecision) => {\n try {\n sendConfirmResponse(worker, decision);\n } finally {\n if (!decision.confirmed) {\n adapters.near.releaseReservedNonces(reservedNonces);\n }\n adapters.ui.closeModalSafely(!!decision.confirmed, confirmHandle);\n }\n };\n\n const cleanupAndRethrow = (err: unknown): never => {\n try {\n adapters.near.releaseReservedNonces(reservedNonces);\n adapters.ui.closeModalSafely(false, confirmHandle);\n } finally {\n throw err;\n }\n };\n\n return {\n setReservedNonces,\n updateUI,\n promptUser,\n confirmAndCloseModal,\n cleanupAndRethrow,\n };\n}\n"],"mappings":"~~;;;;~~AAOA,SAAgB,qBAAqB,EACnC,UACA,QACA,SACA,oBACA,sBAsBA;CACA,IAAIA;CACJ,IAAIC;CAEJ,MAAM,qBAAqB,WAAsB;AAC/C,mBAAiB;;CAGnB,MAAM,YAAY,UAA2B;AAC3C,iBAAe,SAAS;;CAG1B,MAAM,aAAa,OAAO,EAAE,mBAA6D;EACvF,MAAM,EAAE,WAAW,eAAe,QAAQ,UAAU,MAAM,SAAS,GAAG,gBAAgB;GACpF;GACA;GACA;GACA;;AAEF,kBAAgB;AAChB,SAAO;GAAE;GAAW;;;CAGtB,MAAM,wBAAwB,aAAoC;AAChE,MAAI;AACF,sCAAoB,QAAQ;YACpB;AACR,OAAI,CAAC,SAAS,UACZ,UAAS,KAAK,sBAAsB;AAEtC,YAAS,GAAG,iBAAiB,CAAC,CAAC,SAAS,WAAW;;;CAIvD,MAAM,qBAAqB,QAAwB;AACjD,MAAI;AACF,YAAS,KAAK,sBAAsB;AACpC,YAAS,GAAG,iBAAiB,OAAO;YAC5B;AACR,SAAM;;;AAIV,QAAO;EACL;EACA;EACA;EACA;EACA"}
1	+ {"version":3,"file":"session.js","names":["reservedNonces: string[] \| undefined","confirmHandle: ConfirmUIHandle \| undefined"],"sources":["../../../../../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/session.ts"],"sourcesContent":["import type { ConfirmationConfig } from '../../../../types/signer-worker';\nimport type { ConfirmUIHandle, ConfirmUIUpdate } from '../../../LitComponents/confirm-ui';\nimport type { KnownSecureConfirmRequest, SecureConfirmDecision, TransactionSummary } from '../types';\nimport type { VRFChallenge } from '../../../../types';\nimport { sendConfirmResponse } from './common';\nimport type { ConfirmTxFlowAdapters } from './interfaces';\n\nexport function createConfirmSession({\n adapters,\n worker,\n request,\n confirmationConfig,\n transactionSummary,\n}: {\n adapters: ConfirmTxFlowAdapters;\n worker: Worker;\n request: KnownSecureConfirmRequest;\n confirmationConfig: ConfirmationConfig;\n transactionSummary: TransactionSummary;\n}): {\n setReservedNonces: (nonces?: string[]) => void;\n updateUI: (props: ConfirmUIUpdate) => void;\n promptUser: (args: { vrfChallenge?: Partial<VRFChallenge> }) => Promise<{ confirmed: boolean; error?: string }>;\n /*\n Send decision back to worker and perform standard cleanup.\n * - On `confirmed: false`, releases any reserved nonces.\n * - Always closes the confirm UI handle when present.\n /\n confirmAndCloseModal: (decision: SecureConfirmDecision) => void;\n /\n Cleanup + rethrow helper for invariant failures (e.g. missing PRF outputs),\n * where tests/logic expect no worker response envelope.\n */\n cleanupAndRethrow: (err: unknown) => never;\n} {\n let reservedNonces: string[] \| undefined;\n let confirmHandle: ConfirmUIHandle \| undefined;\n\n const setReservedNonces = (nonces?: string[]) => {\n reservedNonces = nonces;\n };\n\n const updateUI = (props: ConfirmUIUpdate) => {\n confirmHandle?.update?.(props);\n };\n\n const promptUser = async ({ vrfChallenge }: { vrfChallenge?: Partial<VRFChallenge> }) => {\n const { confirmed, confirmHandle: handle, error } = await adapters.ui.renderConfirmUI({\n request,\n confirmationConfig,\n transactionSummary,\n vrfChallenge,\n });\n confirmHandle = handle;\n return { confirmed, error };\n };\n\n const confirmAndCloseModal = (decision: SecureConfirmDecision) => {\n try {\n sendConfirmResponse(worker, decision);\n } finally {\n if (!decision.confirmed) {\n adapters.near.releaseReservedNonces(reservedNonces);\n }\n adapters.ui.closeModalSafely(!!decision.confirmed, confirmHandle);\n }\n };\n\n const cleanupAndRethrow = (err: unknown): never => {\n try {\n adapters.near.releaseReservedNonces(reservedNonces);\n adapters.ui.closeModalSafely(false, confirmHandle);\n } finally {\n throw err;\n }\n };\n\n return {\n setReservedNonces,\n updateUI,\n promptUser,\n confirmAndCloseModal,\n cleanupAndRethrow,\n };\n}\n"],"mappings":";;;AAOA,SAAgB,qBAAqB,EACnC,UACA,QACA,SACA,oBACA,sBAsBA;CACA,IAAIA;CACJ,IAAIC;CAEJ,MAAM,qBAAqB,WAAsB;AAC/C,mBAAiB;;CAGnB,MAAM,YAAY,UAA2B;AAC3C,iBAAe,SAAS;;CAG1B,MAAM,aAAa,OAAO,EAAE,mBAA6D;EACvF,MAAM,EAAE,WAAW,eAAe,QAAQ,UAAU,MAAM,SAAS,GAAG,gBAAgB;GACpF;GACA;GACA;GACA;;AAEF,kBAAgB;AAChB,SAAO;GAAE;GAAW;;;CAGtB,MAAM,wBAAwB,aAAoC;AAChE,MAAI;AACF,sCAAoB,QAAQ;YACpB;AACR,OAAI,CAAC,SAAS,UACZ,UAAS,KAAK,sBAAsB;AAEtC,YAAS,GAAG,iBAAiB,CAAC,CAAC,SAAS,WAAW;;;CAIvD,MAAM,qBAAqB,QAAwB;AACjD,MAAI;AACF,YAAS,KAAK,sBAAsB;AACpC,YAAS,GAAG,iBAAiB,OAAO;YAC5B;AACR,SAAM;;;AAIV,QAAO;EACL;EACA;EACA;EACA;EACA"}

package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/ui.js CHANGED Viewed

@@ -1,4 +1,3 @@
-const require_rolldown_runtime = require('../../../../../_virtual/rolldown_runtime.js');
 const require_types = require('../types.js');
 const require_requestHelpers = require('./requestHelpers.js');
 const require_confirm_ui = require('../../../LitComponents/confirm-ui.js');

package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/ui.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"ui.js","names":["getNearAccountId","SecureConfirmationType","getSignTransactionPayload","handle","mountConfirmUI","awaitConfirmUIDecision"],"sources":["../../../../../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/ui.ts"],"sourcesContent":["import type { VrfWorkerManagerContext } from '../../';\nimport type { ConfirmationConfig, ConfirmationUIMode } from '../../../../types/signer-worker';\nimport type { SecureConfirmRequest, TransactionSummary } from '../types';\nimport { SecureConfirmationType } from '../types';\nimport type { VRFChallenge } from '../../../../types';\nimport { awaitConfirmUIDecision, mountConfirmUI, type ConfirmUIHandle } from '../../../LitComponents/confirm-ui';\nimport { getNearAccountId, getSignTransactionPayload } from './requestHelpers';\n\nexport function closeModalSafely(confirmed: boolean, handle?: ConfirmUIHandle) {\n handle?.close?.(confirmed);\n}\n\nexport async function renderConfirmUI({\n ctx,\n request,\n confirmationConfig,\n transactionSummary,\n vrfChallenge,\n}: {\n ctx: VrfWorkerManagerContext,\n request: SecureConfirmRequest,\n confirmationConfig: ConfirmationConfig,\n transactionSummary: TransactionSummary,\n vrfChallenge?: Partial<VRFChallenge>;\n}): Promise<{ confirmed: boolean; confirmHandle?: ConfirmUIHandle; error?: string }> {\n const nearAccountIdForUi = getNearAccountId(request);\n\n const uiMode = confirmationConfig.uiMode as ConfirmationUIMode;\n const txSigningRequests = request.type === SecureConfirmationType.SIGN_TRANSACTION\n ? getSignTransactionPayload(request).txSigningRequests\n : [];\n\n const renderDrawerOrModal = async (mode: 'drawer' \| 'modal') => {\n if (confirmationConfig.behavior === 'autoProceed') {\n const handle = await mountConfirmUI({\n ctx,\n summary: transactionSummary,\n txSigningRequests,\n vrfChallenge,\n loading: true,\n theme: confirmationConfig.theme,\n uiMode: mode,\n nearAccountIdOverride: nearAccountIdForUi,\n });\n const delay = confirmationConfig.autoProceedDelay ?? 0;\n await new Promise((r) => setTimeout(r, delay));\n return { confirmed: true, confirmHandle: handle } as const;\n }\n\n const { confirmed, handle, error } = await awaitConfirmUIDecision({\n ctx,\n summary: transactionSummary,\n txSigningRequests,\n vrfChallenge,\n theme: confirmationConfig.theme,\n uiMode: mode,\n nearAccountIdOverride: nearAccountIdForUi,\n });\n return { confirmed, confirmHandle: handle, error } as const;\n };\n\n switch (uiMode) {\n case 'skip': {\n return { confirmed: true, confirmHandle: undefined };\n }\n case 'drawer': {\n return await renderDrawerOrModal('drawer');\n }\n case 'modal': {\n return await renderDrawerOrModal('modal');\n }\n default: {\n const handle = await mountConfirmUI({\n ctx,\n summary: transactionSummary,\n txSigningRequests,\n vrfChallenge,\n loading: true,\n theme: confirmationConfig.theme,\n uiMode: 'modal',\n nearAccountIdOverride: nearAccountIdForUi,\n });\n return { confirmed: true, confirmHandle: handle };\n }\n }\n}\n\n"],"mappings":"~~;;;;;;~~AAQA,SAAgB,iBAAiB,WAAoB,QAA0B;AAC7E,SAAQ,QAAQ;;AAGlB,eAAsB,gBAAgB,EACpC,KACA,SACA,oBACA,oBACA,gBAOmF;CACnF,MAAM,qBAAqBA,wCAAiB;CAE5C,MAAM,SAAS,mBAAmB;CAClC,MAAM,oBAAoB,QAAQ,SAASC,qCAAuB,mBAC9DC,iDAA0B,SAAS,oBACnC;CAEJ,MAAM,sBAAsB,OAAO,SAA6B;AAC9D,MAAI,mBAAmB,aAAa,eAAe;GACjD,MAAMC,WAAS,MAAMC,kCAAe;IAClC;IACA,SAAS;IACT;IACA;IACA,SAAS;IACT,OAAO,mBAAmB;IAC1B,QAAQ;IACR,uBAAuB;;GAEzB,MAAM,QAAQ,mBAAmB,oBAAoB;AACrD,SAAM,IAAI,SAAS,MAAM,WAAW,GAAG;AACvC,UAAO;IAAE,WAAW;IAAM,eAAeD;;;EAG3C,MAAM,EAAE,WAAW,QAAQ,UAAU,MAAME,0CAAuB;GAChE;GACA,SAAS;GACT;GACA;GACA,OAAO,mBAAmB;GAC1B,QAAQ;GACR,uBAAuB;;AAEzB,SAAO;GAAE;GAAW,eAAe;GAAQ;;;AAG7C,SAAQ,QAAR;EACE,KAAK,OACH,QAAO;GAAE,WAAW;GAAM,eAAe;;EAE3C,KAAK,SACH,QAAO,MAAM,oBAAoB;EAEnC,KAAK,QACH,QAAO,MAAM,oBAAoB;EAEnC,SAAS;GACP,MAAM,SAAS,MAAMD,kCAAe;IAClC;IACA,SAAS;IACT;IACA;IACA,SAAS;IACT,OAAO,mBAAmB;IAC1B,QAAQ;IACR,uBAAuB;;AAEzB,UAAO;IAAE,WAAW;IAAM,eAAe"}
1	+ {"version":3,"file":"ui.js","names":["getNearAccountId","SecureConfirmationType","getSignTransactionPayload","handle","mountConfirmUI","awaitConfirmUIDecision"],"sources":["../../../../../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/ui.ts"],"sourcesContent":["import type { VrfWorkerManagerContext } from '../../';\nimport type { ConfirmationConfig, ConfirmationUIMode } from '../../../../types/signer-worker';\nimport type { SecureConfirmRequest, TransactionSummary } from '../types';\nimport { SecureConfirmationType } from '../types';\nimport type { VRFChallenge } from '../../../../types';\nimport { awaitConfirmUIDecision, mountConfirmUI, type ConfirmUIHandle } from '../../../LitComponents/confirm-ui';\nimport { getNearAccountId, getSignTransactionPayload } from './requestHelpers';\n\nexport function closeModalSafely(confirmed: boolean, handle?: ConfirmUIHandle) {\n handle?.close?.(confirmed);\n}\n\nexport async function renderConfirmUI({\n ctx,\n request,\n confirmationConfig,\n transactionSummary,\n vrfChallenge,\n}: {\n ctx: VrfWorkerManagerContext,\n request: SecureConfirmRequest,\n confirmationConfig: ConfirmationConfig,\n transactionSummary: TransactionSummary,\n vrfChallenge?: Partial<VRFChallenge>;\n}): Promise<{ confirmed: boolean; confirmHandle?: ConfirmUIHandle; error?: string }> {\n const nearAccountIdForUi = getNearAccountId(request);\n\n const uiMode = confirmationConfig.uiMode as ConfirmationUIMode;\n const txSigningRequests = request.type === SecureConfirmationType.SIGN_TRANSACTION\n ? getSignTransactionPayload(request).txSigningRequests\n : [];\n\n const renderDrawerOrModal = async (mode: 'drawer' \| 'modal') => {\n if (confirmationConfig.behavior === 'autoProceed') {\n const handle = await mountConfirmUI({\n ctx,\n summary: transactionSummary,\n txSigningRequests,\n vrfChallenge,\n loading: true,\n theme: confirmationConfig.theme,\n uiMode: mode,\n nearAccountIdOverride: nearAccountIdForUi,\n });\n const delay = confirmationConfig.autoProceedDelay ?? 0;\n await new Promise((r) => setTimeout(r, delay));\n return { confirmed: true, confirmHandle: handle } as const;\n }\n\n const { confirmed, handle, error } = await awaitConfirmUIDecision({\n ctx,\n summary: transactionSummary,\n txSigningRequests,\n vrfChallenge,\n theme: confirmationConfig.theme,\n uiMode: mode,\n nearAccountIdOverride: nearAccountIdForUi,\n });\n return { confirmed, confirmHandle: handle, error } as const;\n };\n\n switch (uiMode) {\n case 'skip': {\n return { confirmed: true, confirmHandle: undefined };\n }\n case 'drawer': {\n return await renderDrawerOrModal('drawer');\n }\n case 'modal': {\n return await renderDrawerOrModal('modal');\n }\n default: {\n const handle = await mountConfirmUI({\n ctx,\n summary: transactionSummary,\n txSigningRequests,\n vrfChallenge,\n loading: true,\n theme: confirmationConfig.theme,\n uiMode: 'modal',\n nearAccountIdOverride: nearAccountIdForUi,\n });\n return { confirmed: true, confirmHandle: handle };\n }\n }\n}\n\n"],"mappings":";;;;;AAQA,SAAgB,iBAAiB,WAAoB,QAA0B;AAC7E,SAAQ,QAAQ;;AAGlB,eAAsB,gBAAgB,EACpC,KACA,SACA,oBACA,oBACA,gBAOmF;CACnF,MAAM,qBAAqBA,wCAAiB;CAE5C,MAAM,SAAS,mBAAmB;CAClC,MAAM,oBAAoB,QAAQ,SAASC,qCAAuB,mBAC9DC,iDAA0B,SAAS,oBACnC;CAEJ,MAAM,sBAAsB,OAAO,SAA6B;AAC9D,MAAI,mBAAmB,aAAa,eAAe;GACjD,MAAMC,WAAS,MAAMC,kCAAe;IAClC;IACA,SAAS;IACT;IACA;IACA,SAAS;IACT,OAAO,mBAAmB;IAC1B,QAAQ;IACR,uBAAuB;;GAEzB,MAAM,QAAQ,mBAAmB,oBAAoB;AACrD,SAAM,IAAI,SAAS,MAAM,WAAW,GAAG;AACvC,UAAO;IAAE,WAAW;IAAM,eAAeD;;;EAG3C,MAAM,EAAE,WAAW,QAAQ,UAAU,MAAME,0CAAuB;GAChE;GACA,SAAS;GACT;GACA;GACA,OAAO,mBAAmB;GAC1B,QAAQ;GACR,uBAAuB;;AAEzB,SAAO;GAAE;GAAW,eAAe;GAAQ;;;AAG7C,SAAQ,QAAR;EACE,KAAK,OACH,QAAO;GAAE,WAAW;GAAM,eAAe;;EAE3C,KAAK,SACH,QAAO,MAAM,oBAAoB;EAEnC,KAAK,QACH,QAAO,MAAM,oBAAoB;EAEnC,SAAS;GACP,MAAM,SAAS,MAAMD,kCAAe;IAClC;IACA,SAAS;IACT;IACA;IACA,SAAS;IACT,OAAO,mBAAmB;IAC1B,QAAQ;IACR,uBAAuB;;AAEzB,UAAO;IAAE,WAAW;IAAM,eAAe"}

package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/vrf.js CHANGED Viewed

@@ -1,23 +1,44 @@
-const require_rolldown_runtime = require('../../../../../_virtual/rolldown_runtime.js');
 const require_errors = require('../../../../../utils/errors.js');
+const require_intentDigest = require('../../../../digests/intentDigest.js');
 const require_types = require('../types.js');
 //#region src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/vrf.ts
-require_errors.init_errors();
 async function maybeRefreshVrfChallenge(ctx, request, nearAccountId) {
-	const rpId = ctx.touchIdPrompt.getRpId();
 	const vrfWorkerManager = ctx.vrfWorkerManager;
 	if (!vrfWorkerManager) throw new Error("VrfWorkerManager not available");
-	if (!ctx.nonceManager.nearAccountId || !ctx.nonceManager.nearPublicKeyStr || String(ctx.nonceManager.nearAccountId) !== String(nearAccountId)) throw new Error("NonceManager not initialized with user data");
+	if (!ctx.nonceManager.nearAccountId || !ctx.nonceManager.nearPublicKeyStr || ctx.nonceManager.nearAccountId !== nearAccountId) throw new Error("NonceManager not initialized with user data");
+	const rpId = ctx.touchIdPrompt.getRpId();
+	let sessionPolicyDigest32;
+	let intentDigestB64u;
+	switch (request.type) {
+		case require_types.SecureConfirmationType.SIGN_TRANSACTION:
+			sessionPolicyDigest32 = request.payload.sessionPolicyDigest32;
+			intentDigestB64u = request.payload.intentDigest;
+			break;
+		case require_types.SecureConfirmationType.SIGN_NEP413_MESSAGE:
+			sessionPolicyDigest32 = request.payload.sessionPolicyDigest32;
+			intentDigestB64u = await require_intentDigest.computeUiIntentDigestFromNep413({
+				nearAccountId,
+				recipient: request.payload.recipient,
+				message: request.payload.message
+			});
+			break;
+		case require_types.SecureConfirmationType.REGISTER_ACCOUNT:
+		case require_types.SecureConfirmationType.LINK_DEVICE:
+			intentDigestB64u = request.intentDigest ? await require_intentDigest.sha256Base64UrlUtf8(request.intentDigest) : void 0;
+			break;
+		default: break;
+	}
 	const attempts = 3;
-	return await retryWithBackoff(async (attempt) => {
+	return await retryWithBackoff(async () => {
 		const latestCtx = await ctx.nonceManager.getNonceBlockHashAndHeight(ctx.nearClient, { force: true });
 		const vrfChallenge = request.type === require_types.SecureConfirmationType.REGISTER_ACCOUNT || request.type === require_types.SecureConfirmationType.LINK_DEVICE ? (await vrfWorkerManager.generateVrfKeypairBootstrap({
 			vrfInputData: {
 				userId: nearAccountId,
 				rpId,
 				blockHeight: latestCtx.txBlockHeight,
-				blockHash: latestCtx.txBlockHash
+				blockHash: latestCtx.txBlockHash,
+				...intentDigestB64u ? { intentDigest: intentDigestB64u } : {}
 			},
 			saveInMemory: true,
 			sessionId: request.requestId
@@ -25,7 +46,9 @@ async function maybeRefreshVrfChallenge(ctx, request, nearAccountId) {
 			userId: nearAccountId,
 			rpId,
 			blockHeight: latestCtx.txBlockHeight,
-			blockHash: latestCtx.txBlockHash
+			blockHash: latestCtx.txBlockHash,
+			...intentDigestB64u ? { intentDigest: intentDigestB64u } : {},
+			...sessionPolicyDigest32 ? { sessionPolicyDigest32 } : {}
 		}, request.requestId);
 		return {
 			vrfChallenge,

package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/vrf.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"vrf.js","names":["SecureConfirmationType","errorMessage","lastError: unknown","toError"],"sources":["../../../../../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/vrf.ts"],"sourcesContent":["import type { VrfWorkerManagerContext } from '../../';\nimport { TransactionContext, VRFChallenge } from '../../../../types';\nimport type { ~~SecureConfirmRequest~~ } from '../types';\nimport { SecureConfirmationType } from '../types';\nimport { errorMessage, toError } from '../../../../../utils/errors';\n\nexport async function maybeRefreshVrfChallenge(\n ctx: VrfWorkerManagerContext,\n request: ~~SecureConfirmRequest~~,\n nearAccountId: string,\n): Promise<{ vrfChallenge: VRFChallenge; transactionContext: TransactionContext }> {\n\n const ~~rpId = ctx.touchIdPrompt.getRpId();\n const~~ vrfWorkerManager = ctx.vrfWorkerManager;\n if (!vrfWorkerManager) {\n throw new Error('VrfWorkerManager not available');\n }\n // Only attempt a JIT refresh when NonceManager is initialized for this account.\n // Pre-login/registration flows should just skip (callers already treat this as best-effort).\n if (\n !ctx.nonceManager.nearAccountId \|\|\n !ctx.nonceManager.nearPublicKeyStr \|\|\n ~~String(~~ctx.nonceManager.nearAccountId) !== ~~String(~~nearAccountId)\n ) {\n throw new Error('NonceManager not initialized with user data');\n }\n\n const attempts = 3;\n return await retryWithBackoff(async (~~attempt~~) => {\n const latestCtx = await ctx.nonceManager.getNonceBlockHashAndHeight(ctx.nearClient, { force: true });\n\n const vrfChallenge = (request.type === SecureConfirmationType.REGISTER_ACCOUNT \|\| request.type === SecureConfirmationType.LINK_DEVICE)\n ? (await vrfWorkerManager.generateVrfKeypairBootstrap({\n vrfInputData: {\n userId: nearAccountId,\n rpId,\n blockHeight: latestCtx.txBlockHeight,\n blockHash: latestCtx.txBlockHash,\n },\n saveInMemory: true,\n sessionId: request.requestId,\n })).vrfChallenge\n : await vrfWorkerManager.generateVrfChallengeForSession(\n {\n userId: nearAccountId,\n rpId,\n blockHeight: latestCtx.txBlockHeight,\n blockHash: latestCtx.txBlockHash,\n },\n request.requestId,\n );\n\n return {\n vrfChallenge,\n transactionContext: latestCtx\n };\n\n }, {\n attempts,\n baseDelayMs: 150,\n onError: (err, attempt) => {\n const msg = errorMessage(err);\n const isFinal = attempt >= attempts;\n if (isFinal) {\n console.warn(`[SecureConfirm] VRF refresh failed: ${msg}`);\n } else {\n console.debug(`[SecureConfirm] VRF refresh attempt ${attempt} failed: ${msg}`);\n }\n },\n errorFactory: () => new Error('VRF refresh failed'),\n });\n}\n\ninterface RetryOptions {\n attempts: number;\n baseDelayMs: number;\n onError?: (error: unknown, attempt: number) => void;\n errorFactory?: () => Error;\n}\n\nasync function retryWithBackoff<T>(fn: (attempt: number) => Promise<T>, options: RetryOptions): Promise<T> {\n const { attempts, baseDelayMs, onError, errorFactory } = options;\n let lastError: unknown;\n\n for (let attempt = 1; attempt <= Math.max(1, attempts); attempt++) {\n try {\n return await fn(attempt);\n } catch (err) {\n lastError = err;\n onError?.(err, attempt);\n if (attempt < attempts) {\n const delay = baseDelayMs * attempt;\n await new Promise((resolve) => setTimeout(resolve, delay));\n }\n }\n }\n\n throw errorFactory ? errorFactory() : toError(lastError ?? new Error('Retry exhausted'));\n}\n"],"mappings":"~~;;;;;;AAMA~~,eAAsB,yBACpB,KACA,SACA,eACiF;CAEjF,MAAM,~~OAAO,IAAI,cAAc;CAC/B,MAAM,~~mBAAmB,IAAI;AAC7B,KAAI,CAAC,iBACH,OAAM,IAAI,MAAM;AAIlB,KACE,CAAC,IAAI,aAAa,iBAClB,CAAC,IAAI,aAAa,oBAClB,~~OAAO,~~IAAI,aAAa,~~mBAAmB~~,~~OAAO~~,~~eAElD,~~OAAM,IAAI,MAAM;CAGlB,MAAM,WAAW;AACjB,QAAO,MAAM,iBAAiB,~~OAAO,~~YAAY;~~EAC/C~~,MAAM,YAAY,MAAM,IAAI,aAAa,2BAA2B,IAAI,YAAY,EAAE,OAAO;~~EAE7F~~,MAAM,eAAgB,QAAQ,~~SAASA~~,qCAAuB,oBAAoB,QAAQ,SAASA,qCAAuB,eACrH,MAAM,iBAAiB,4BAA4B;GAClD,cAAc;IACZ,QAAQ;IACR;IACA,aAAa,UAAU;IACvB,WAAW,UAAU;;~~GAEvB~~,cAAc;GACd,WAAW,QAAQ;MACjB,eACJ,MAAM,iBAAiB,+BACrB;GACE,QAAQ;GACR;GACA,aAAa,UAAU;GACvB,WAAW,UAAU;~~KAEvB~~,QAAQ;AAGd,SAAO;GACL;GACA,oBAAoB;;~~IAGrB~~;EACD;EACA,aAAa;EACb,UAAU,KAAK,YAAY;GACzB,MAAM,~~MAAMC~~,4BAAa;GACzB,MAAM,UAAU,WAAW;AAC3B,OAAI,QACF,SAAQ,KAAK,uCAAuC;OAEpD,SAAQ,MAAM,uCAAuC,QAAQ,WAAW;;EAG5E,oCAAoB,IAAI,MAAM;;;AAWlC,eAAe,iBAAoB,IAAqC,SAAmC;CACzG,MAAM,EAAE,UAAU,aAAa,SAAS,iBAAiB;CACzD,IAAIC;AAEJ,MAAK,IAAI,UAAU,GAAG,WAAW,KAAK,IAAI,GAAG,WAAW,UACtD,KAAI;AACF,SAAO,MAAM,GAAG;UACT,KAAK;AACZ,cAAY;AACZ,YAAU,KAAK;AACf,MAAI,UAAU,UAAU;GACtB,MAAM,QAAQ,cAAc;AAC5B,SAAM,IAAI,SAAS,YAAY,WAAW,SAAS;;;AAKzD,OAAM,eAAe,iBAAiBC,uBAAQ,6BAAa,IAAI,MAAM"}
1	+ {"version":3,"file":"vrf.js","names":["sessionPolicyDigest32: string \| undefined","intentDigestB64u: string \| undefined","SecureConfirmationType","computeUiIntentDigestFromNep413","sha256Base64UrlUtf8","errorMessage","lastError: unknown","toError"],"sources":["../../../../../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/vrf.ts"],"sourcesContent":["import type { VrfWorkerManagerContext } from '../../';\nimport { TransactionContext, VRFChallenge } from '../../../../types';\nimport type { KnownSecureConfirmRequest } from '../types';\nimport { SecureConfirmationType } from '../types';\nimport { errorMessage, toError } from '../../../../../utils/errors';\nimport { computeUiIntentDigestFromNep413, sha256Base64UrlUtf8 } from '../../../../digests/intentDigest';\n\nexport async function maybeRefreshVrfChallenge(\n ctx: VrfWorkerManagerContext,\n request: KnownSecureConfirmRequest,\n nearAccountId: string,\n): Promise<{ vrfChallenge: VRFChallenge; transactionContext: TransactionContext }> {\n\n const vrfWorkerManager = ctx.vrfWorkerManager;\n if (!vrfWorkerManager) {\n throw new Error('VrfWorkerManager not available');\n }\n // Only attempt a JIT refresh when NonceManager is initialized for this account.\n // Pre-login/registration flows should just skip (callers already treat this as best-effort).\n if (\n !ctx.nonceManager.nearAccountId \|\|\n !ctx.nonceManager.nearPublicKeyStr \|\|\n ctx.nonceManager.nearAccountId !== nearAccountId\n ) {\n throw new Error('NonceManager not initialized with user data');\n }\n\n const rpId = ctx.touchIdPrompt.getRpId();\n let sessionPolicyDigest32: string \| undefined;\n let intentDigestB64u: string \| undefined;\n\n switch (request.type) {\n case SecureConfirmationType.SIGN_TRANSACTION: {\n sessionPolicyDigest32 = request.payload.sessionPolicyDigest32;\n intentDigestB64u = request.payload.intentDigest;\n break;\n }\n case SecureConfirmationType.SIGN_NEP413_MESSAGE: {\n sessionPolicyDigest32 = request.payload.sessionPolicyDigest32;\n intentDigestB64u = await computeUiIntentDigestFromNep413({\n nearAccountId,\n recipient: request.payload.recipient,\n message: request.payload.message,\n });\n break;\n }\n case SecureConfirmationType.REGISTER_ACCOUNT:\n case SecureConfirmationType.LINK_DEVICE: {\n intentDigestB64u = request.intentDigest ? await sha256Base64UrlUtf8(request.intentDigest) : undefined;\n break;\n }\n default:\n break;\n }\n\n const attempts = 3;\n return await retryWithBackoff(async () => {\n const latestCtx = await ctx.nonceManager.getNonceBlockHashAndHeight(ctx.nearClient, { force: true });\n const vrfChallenge = (request.type === SecureConfirmationType.REGISTER_ACCOUNT \|\| request.type === SecureConfirmationType.LINK_DEVICE)\n ? (await vrfWorkerManager.generateVrfKeypairBootstrap({\n vrfInputData: {\n userId: nearAccountId,\n rpId,\n blockHeight: latestCtx.txBlockHeight,\n blockHash: latestCtx.txBlockHash,\n ...(intentDigestB64u ? { intentDigest: intentDigestB64u } : {}),\n },\n saveInMemory: true,\n sessionId: request.requestId,\n })).vrfChallenge\n : await vrfWorkerManager.generateVrfChallengeForSession(\n {\n userId: nearAccountId,\n rpId,\n blockHeight: latestCtx.txBlockHeight,\n blockHash: latestCtx.txBlockHash,\n ...(intentDigestB64u ? { intentDigest: intentDigestB64u } : {}),\n ...(sessionPolicyDigest32 ? { sessionPolicyDigest32 } : {}),\n },\n request.requestId,\n );\n\n return {\n vrfChallenge,\n transactionContext: latestCtx\n };\n }, {\n attempts,\n baseDelayMs: 150,\n onError: (err, attempt) => {\n const msg = errorMessage(err);\n const isFinal = attempt >= attempts;\n if (isFinal) {\n console.warn(`[SecureConfirm] VRF refresh failed: ${msg}`);\n } else {\n console.debug(`[SecureConfirm] VRF refresh attempt ${attempt} failed: ${msg}`);\n }\n },\n errorFactory: () => new Error('VRF refresh failed'),\n });\n}\n\ninterface RetryOptions {\n attempts: number;\n baseDelayMs: number;\n onError?: (error: unknown, attempt: number) => void;\n errorFactory?: () => Error;\n}\n\nasync function retryWithBackoff<T>(fn: (attempt: number) => Promise<T>, options: RetryOptions): Promise<T> {\n const { attempts, baseDelayMs, onError, errorFactory } = options;\n let lastError: unknown;\n\n for (let attempt = 1; attempt <= Math.max(1, attempts); attempt++) {\n try {\n return await fn(attempt);\n } catch (err) {\n lastError = err;\n onError?.(err, attempt);\n if (attempt < attempts) {\n const delay = baseDelayMs * attempt;\n await new Promise((resolve) => setTimeout(resolve, delay));\n }\n }\n }\n\n throw errorFactory ? errorFactory() : toError(lastError ?? new Error('Retry exhausted'));\n}\n"],"mappings":";;;;;AAOA,eAAsB,yBACpB,KACA,SACA,eACiF;CAEjF,MAAM,mBAAmB,IAAI;AAC7B,KAAI,CAAC,iBACH,OAAM,IAAI,MAAM;AAIlB,KACE,CAAC,IAAI,aAAa,iBAClB,CAAC,IAAI,aAAa,oBAClB,IAAI,aAAa,kBAAkB,cAEnC,OAAM,IAAI,MAAM;CAGlB,MAAM,OAAO,IAAI,cAAc;CAC/B,IAAIA;CACJ,IAAIC;AAEJ,SAAQ,QAAQ,MAAhB;EACE,KAAKC,qCAAuB;AAC1B,2BAAwB,QAAQ,QAAQ;AACxC,sBAAmB,QAAQ,QAAQ;AACnC;EAEF,KAAKA,qCAAuB;AAC1B,2BAAwB,QAAQ,QAAQ;AACxC,sBAAmB,MAAMC,qDAAgC;IACvD;IACA,WAAW,QAAQ,QAAQ;IAC3B,SAAS,QAAQ,QAAQ;;AAE3B;EAEF,KAAKD,qCAAuB;EAC5B,KAAKA,qCAAuB;AAC1B,sBAAmB,QAAQ,eAAe,MAAME,yCAAoB,QAAQ,gBAAgB;AAC5F;EAEF,QACE;;CAGJ,MAAM,WAAW;AACjB,QAAO,MAAM,iBAAiB,YAAY;EACxC,MAAM,YAAY,MAAM,IAAI,aAAa,2BAA2B,IAAI,YAAY,EAAE,OAAO;EAC7F,MAAM,eAAgB,QAAQ,SAASF,qCAAuB,oBAAoB,QAAQ,SAASA,qCAAuB,eACrH,MAAM,iBAAiB,4BAA4B;GAClD,cAAc;IACZ,QAAQ;IACR;IACA,aAAa,UAAU;IACvB,WAAW,UAAU;IACrB,GAAI,mBAAmB,EAAE,cAAc,qBAAqB;;GAE9D,cAAc;GACd,WAAW,QAAQ;MACjB,eACJ,MAAM,iBAAiB,+BACrB;GACE,QAAQ;GACR;GACA,aAAa,UAAU;GACvB,WAAW,UAAU;GACrB,GAAI,mBAAmB,EAAE,cAAc,qBAAqB;GAC5D,GAAI,wBAAwB,EAAE,0BAA0B;KAE1D,QAAQ;AAGd,SAAO;GACL;GACA,oBAAoB;;IAErB;EACD;EACA,aAAa;EACb,UAAU,KAAK,YAAY;GACzB,MAAM,MAAMG,4BAAa;GACzB,MAAM,UAAU,WAAW;AAC3B,OAAI,QACF,SAAQ,KAAK,uCAAuC;OAEpD,SAAQ,MAAM,uCAAuC,QAAQ,WAAW;;EAG5E,oCAAoB,IAAI,MAAM;;;AAWlC,eAAe,iBAAoB,IAAqC,SAAmC;CACzG,MAAM,EAAE,UAAU,aAAa,SAAS,iBAAiB;CACzD,IAAIC;AAEJ,MAAK,IAAI,UAAU,GAAG,WAAW,KAAK,IAAI,GAAG,WAAW,UACtD,KAAI;AACF,SAAO,MAAM,GAAG;UACT,KAAK;AACZ,cAAY;AACZ,YAAU,KAAK;AACf,MAAI,UAAU,UAAU;GACtB,MAAM,QAAQ,cAAc;AAC5B,SAAM,IAAI,SAAS,YAAY,WAAW,SAAS;;;AAKzD,OAAM,eAAe,iBAAiBC,uBAAQ,6BAAa,IAAI,MAAM"}

package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/webauthn.js CHANGED Viewed

@@ -1,38 +1,15 @@
-const require_rolldown_runtime = require('../../../../../_virtual/rolldown_runtime.js');
-const require_accountIds = require('../../../../types/accountIds.js');
-const require_credentialsHelpers = require('../../../credentialsHelpers.js');
-const require_touchIdPrompt = require('../../../touchIdPrompt.js');
+const require_collectAuthenticationCredentialForVrfChallenge = require('../../../collectAuthenticationCredentialForVrfChallenge.js');
 //#region src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/webauthn.ts
-require_credentialsHelpers.init_credentialsHelpers();
-require_accountIds.init_accountIds();
-require_touchIdPrompt.init_touchIdPrompt();
 async function collectAuthenticationCredentialWithPRF({ ctx, nearAccountId, vrfChallenge, onBeforePrompt, includeSecondPrfOutput = false }) {
-	const authenticators = await ctx.indexedDB.clientDB.getAuthenticatorsByUser(require_accountIds.toAccountId(nearAccountId));
-	const { authenticatorsForPrompt, wrongPasskeyError } = await ctx.indexedDB.clientDB.ensureCurrentPasskey(require_accountIds.toAccountId(nearAccountId), authenticators);
-	if (wrongPasskeyError) throw new Error(wrongPasskeyError);
-	if (authenticatorsForPrompt.length === 1) {
-		const expectedVrfPublicKey = authenticatorsForPrompt[0]?.vrfPublicKey;
-		if (expectedVrfPublicKey && vrfChallenge.vrfPublicKey && expectedVrfPublicKey !== vrfChallenge.vrfPublicKey) throw new Error("Signing session is using a different passkey/VRF session than the current device. Please log in again and retry.");
-	}
-	onBeforePrompt?.({
-		authenticators,
-		authenticatorsForPrompt,
-		vrfChallenge
-	});
-	const credential = await ctx.touchIdPrompt.getAuthenticationCredentialsInternal({
+	return require_collectAuthenticationCredentialForVrfChallenge.collectAuthenticationCredentialForVrfChallenge({
+		indexedDB: ctx.indexedDB,
+		touchIdPrompt: ctx.touchIdPrompt,
 		nearAccountId,
-		challenge: vrfChallenge,
-		allowCredentials: require_touchIdPrompt.authenticatorsToAllowCredentials(authenticatorsForPrompt)
-	});
-	const serialized = require_credentialsHelpers.serializeAuthenticationCredentialWithPRF({
-		credential,
-		firstPrfOutput: true,
-		secondPrfOutput: includeSecondPrfOutput
+		vrfChallenge,
+		includeSecondPrfOutput,
+		onBeforePrompt
 	});
-	const { wrongPasskeyError: wrongSelectedCredentialError } = await ctx.indexedDB.clientDB.ensureCurrentPasskey(require_accountIds.toAccountId(nearAccountId), authenticators, serialized.rawId);
-	if (wrongSelectedCredentialError) throw new Error(wrongSelectedCredentialError);
-	return serialized;
 }
 //#endregion

package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/webauthn.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"webauthn.js","names":["~~toAccountId~~"~~,"authenticatorsToAllowCredentials","serializeAuthenticationCredentialWithPRF"~~],"sources":["../../../../../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/webauthn.ts"],"sourcesContent":["import type { VrfWorkerManagerContext } from '../../';\nimport type { VRFChallenge } from '../../../../types';\nimport type { SerializableCredential } from '../types';\nimport { ~~serializeAuthenticationCredentialWithPRF } from '../../../credentialsHelpers';\nimport~~ { ~~toAccountId~~ } from '../../../../~~types/accountIds~~';\nimport { ~~authenticatorsToAllowCredentials~~ } from '../../../~~touchIdPrompt~~';\~~nimport type { ClientAuthenticatorData } from '../../../../IndexedDBManager';\~~n\nexport async function collectAuthenticationCredentialWithPRF({\n ctx,\n nearAccountId,\n vrfChallenge,\n onBeforePrompt,\n includeSecondPrfOutput = false,\n}: {\n ctx: VrfWorkerManagerContext;\n nearAccountId: string;\n vrfChallenge: VRFChallenge;\n onBeforePrompt?: (info: {\n authenticators: ClientAuthenticatorData[];\n authenticatorsForPrompt: ClientAuthenticatorData[];\n vrfChallenge: VRFChallenge;\n }) => void;\n /*\n When true, include PRF.second in the serialized credential.\n * Use only for explicit recovery/export flows (higher-friction paths).\n */\n includeSecondPrfOutput?: boolean;\n}): Promise<SerializableCredential> {\n\n ~~const~~ ~~authenticators = await ctx.indexedDB.clientDB.getAuthenticatorsByUser~~(~~toAccountId(nearAccountId));\~~n ~~const~~ ~~{ authenticatorsForPrompt, wrongPasskeyError } = await~~ ctx.indexedDB~~.clientDB.ensureCurrentPasskey(\n toAccountId(nearAccountId)~~,\n ~~authenticators,\n );\n if~~ (wrongPasskeyError) {\n throw new Error(wrongPasskeyError);\n }\n\n // If we know which device we're targeting (single authenticator), ensure the VRF worker\n // challenge was generated with the same device's VRF keypair. Otherwise contract verification\n // will deterministically fail later with \"Contract verification failed\".\n if (authenticatorsForPrompt.length === 1) {\n const expectedVrfPublicKey = authenticatorsForPrompt[0]?.vrfPublicKey;\n // Only enforce mismatch if the challenge strictly requires a specific VRF key.\n if (expectedVrfPublicKey && vrfChallenge.vrfPublicKey && expectedVrfPublicKey !== vrfChallenge.vrfPublicKey) {\n throw new Error('Signing session is using a different passkey/VRF session than the current device. Please log in again and retry.');\n }\n }\n\n onBeforePrompt?.({ authenticators, authenticatorsForPrompt, vrfChallenge });\n\n const credential = await ctx.touchIdPrompt~~.getAuthenticationCredentialsInternal({\~~n nearAccountId,\n ~~challenge:~~ vrfChallenge,\n ~~allowCredentials: authenticatorsToAllowCredentials(authenticatorsForPrompt)~~,\n ~~});\n\n const serialized = serializeAuthenticationCredentialWithPRF({\n~~ ~~credential~~,\n ~~firstPrfOutput: true,\n secondPrfOutput: includeSecondPrfOutput,\n~~ });\n~~\n // Verify that the chosen credential matches the \"current\" passkey device, when applicable.\n const { wrongPasskeyError: wrongSelectedCredentialError~~ } ~~= await ctx.indexedDB.clientDB.ensureCurrentPasskey(~~\n toAccountId(nearAccountId),\n authenticators,\n serialized.rawId,\n );\n if (wrongSelectedCredentialError) {\n throw new Error(wrongSelectedCredentialError);\n }\n\n return serialized;\n}\n"],"mappings":"~~;;;;;;;;;AAQA~~,eAAsB,uCAAuC,EAC3D,KACA,eACA,cACA,gBACA,yBAAyB,SAeS;~~CAElC~~,~~MAAM~~,~~iBAAiB,MAAM,IAAI,UAAU,SAAS,wBAAwBA,+BAAY~~;~~CACxF~~,~~MAAM,EAAE,yBAAyB,sBAAsB,MAAM,IAAI,UAAU,SAAS,qBAClFA,+BAAY,gBACZ;AAEF,KAAI,kBACF,OAAM,IAAI,MAAM;AAMlB,KAAI,wBAAwB,~~WAAW,~~GAAG;EACxC,MAAM,uBAAuB,wBAAwB,~~IAAI;~~AAEzD~~,~~MAAI~~,~~wBAAwB,aAAa,gBAAgB,yBAAyB,aAAa,aAC7F,OAAM,~~IAAI~~,MAAM;;AAIpB,kBAAiB~~;~~EAAE~~;~~EAAgB~~;~~EAAyB;;CAE5D,MAAM,aAAa,MAAM,IAAI,cAAc,qCAAqC;EAC9E;~~EACA~~,WAAW~~;~~EACX,kBAAkBC,uDAAiC;;CAGrD,MAAM,aAAaC,oEAAyC;EAC1D;~~EACA~~,gBAAgB;EAChB,iBAAiB;;CAInB,MAAM,EAAE,mBAAmB,iCAAiC,MAAM,IAAI,UAAU,SAAS,qBACvFF,+BAAY,gBACZ,gBACA,WAAW;AAEb,KAAI,6BACF,OAAM,IAAI,MAAM;AAGlB,QAAO~~"}
1	+ {"version":3,"file":"webauthn.js","names":["collectAuthenticationCredentialForVrfChallenge"],"sources":["../../../../../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/webauthn.ts"],"sourcesContent":["import type { VrfWorkerManagerContext } from '../../';\nimport type { VRFChallenge } from '../../../../types';\nimport type { SerializableCredential } from '../types';\nimport type { ClientAuthenticatorData } from '../../../../IndexedDBManager';\nimport { collectAuthenticationCredentialForVrfChallenge } from '../../../collectAuthenticationCredentialForVrfChallenge';\n\nexport async function collectAuthenticationCredentialWithPRF({\n ctx,\n nearAccountId,\n vrfChallenge,\n onBeforePrompt,\n includeSecondPrfOutput = false,\n}: {\n ctx: VrfWorkerManagerContext;\n nearAccountId: string;\n vrfChallenge: VRFChallenge;\n onBeforePrompt?: (info: {\n authenticators: ClientAuthenticatorData[];\n authenticatorsForPrompt: ClientAuthenticatorData[];\n vrfChallenge: VRFChallenge;\n }) => void;\n /*\n When true, include PRF.second in the serialized credential.\n * Use only for explicit recovery/export flows (higher-friction paths).\n */\n includeSecondPrfOutput?: boolean;\n}): Promise<SerializableCredential> {\n return collectAuthenticationCredentialForVrfChallenge({\n indexedDB: ctx.indexedDB,\n touchIdPrompt: ctx.touchIdPrompt,\n nearAccountId,\n vrfChallenge,\n includeSecondPrfOutput,\n onBeforePrompt,\n });\n}\n"],"mappings":";;;AAMA,eAAsB,uCAAuC,EAC3D,KACA,eACA,cACA,gBACA,yBAAyB,SAeS;AAClC,QAAOA,sGAA+C;EACpD,WAAW,IAAI;EACf,eAAe,IAAI;EACnB;EACA;EACA;EACA"}

package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/determineConfirmationConfig.js CHANGED Viewed

@@ -1,10 +1,7 @@
-const require_rolldown_runtime = require('../../../../_virtual/rolldown_runtime.js');
 const require_deviceDetection = require('../../../../react/deviceDetection.js');
-const require_index = require('../../../../utils/index.js');
 const require_types = require('./types.js');
 //#region src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/determineConfirmationConfig.ts
-require_index.init_utils();
 /**
 * determineConfirmationConfig
 *

package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/determineConfirmationConfig.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"determineConfirmationConfig.js","names":["cfg: ConfirmationConfig","SecureConfirmationType","needsExplicitActivation","newUiMode: ConfirmationConfig['uiMode']"],"sources":["../../../../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/determineConfirmationConfig.ts"],"sourcesContent":["import type { ConfirmationConfig } from '../../../types/signer-worker';\nimport type { VrfWorkerManagerContext } from '../';\nimport type { SecureConfirmRequest } from './types';\nimport { SecureConfirmationType } from './types';\nimport { needsExplicitActivation } from '@/utils';\n\n/*\n determineConfirmationConfig\n \n Computes the effective confirmation UI behavior used by the secure‑confirmation\n * flow by merging inputs and applying safe runtime rules.\n \n Order of precedence (highest → lowest):\n * 1) Request‑level override (request.confirmationConfig), when explicitly set.\n * 2) User preferences stored in the wallet host (from IndexedDB via ctx.userPreferencesManager).\n * 3) Runtime safety rules (wallet‑iframe registration/link flows) that may clamp behavior.\n \n Wallet‑iframe registration/link safety rule:\n * - When running inside the wallet-iframe host context, always clamp registration/link flows to\n * `{ uiMode: 'modal', behavior: 'requireClick' }` so the user activation happens inside the iframe.\n * This intentionally overrides both user preferences and request-level overrides.\n \n Notes\n * - The function is pure (does not mutate the input object) and safe to call multiple times.\n * - Theme and unrelated visual options are preserved in all cases.\n */\nexport function determineConfirmationConfig(\n ctx: VrfWorkerManagerContext,\n request: SecureConfirmRequest \| undefined,\n): ConfirmationConfig {\n\n // Merge request‑level override over user preferences\n // Important: drop undefined/null fields from the override so they don't clobber\n // persisted preferences (e.g., behavior) with an undefined value.\n const configBase = ctx.userPreferencesManager.getConfirmationConfig();\n const rawOverride = (request?.confirmationConfig \|\| {}) as Partial<ConfirmationConfig>;\n const cleanedOverride = Object.fromEntries(\n Object.entries(rawOverride).filter(([, v]) => v !== undefined && v !== null)\n ) as Partial<ConfirmationConfig>;\n let cfg: ConfirmationConfig = { ...configBase, ...cleanedOverride } as ConfirmationConfig;\n\n // Normalize theme default\n cfg = { ...cfg, theme: cfg.theme \|\| 'dark' } as ConfirmationConfig;\n // Default decrypt-private-key confirmations to 'skip' UI. The flow collects\n // WebAuthn credentials silently and the worker may follow up with a\n // SHOW_SECURE_PRIVATE_KEY_UI request to display the key.\n if (request?.type === SecureConfirmationType.DECRYPT_PRIVATE_KEY_WITH_PRF) {\n return {\n uiMode: 'skip',\n behavior: cfg.behavior,\n autoProceedDelay: cfg.autoProceedDelay,\n theme: cfg.theme \|\| 'dark',\n // container selection handled by uiMode only\n } as ConfirmationConfig;\n }\n // Detect if running inside an iframe (wallet host context)\n const inIframe = (() => window.self !== window.top)();\n\n // On Safari/iOS or mobile devices without a fresh user activation,\n // clamp to a clickable UI to reliably satisfy WebAuthn requirements.\n // - If caller/user set uiMode: 'skip', promote to 'modal' + requireClick\n // - If behavior is 'autoProceed', upgrade to 'requireClick'\n // Use shared heuristic to decide if explicit activation is necessary\n if (needsExplicitActivation()) {\n const newUiMode: ConfirmationConfig['uiMode'] = (cfg.uiMode === 'skip') ? 'drawer' : cfg.uiMode;\n cfg = {\n ...cfg,\n uiMode: newUiMode,\n behavior: 'requireClick',\n } as ConfirmationConfig;\n }\n\n // In wallet‑iframe host context: registration/link flows default to an explicit click.\n // However, if the effective config explicitly opts into auto‑proceed (or skip), honor it.\n if (\n inIframe &&\n request?.type &&\n (request.type === SecureConfirmationType.REGISTER_ACCOUNT \|\| request.type === SecureConfirmationType.LINK_DEVICE)\n ) {\n // Cross‑origin registration/link flows: always require a visible, clickable confirmation\n // so the click lands inside the wallet iframe and satisfies WebAuthn activation.\n return {\n uiMode: 'modal',\n behavior: 'requireClick',\n autoProceedDelay: cfg.autoProceedDelay,\n theme: cfg.theme \|\| 'dark',\n } as ConfirmationConfig;\n }\n\n // Otherwise honor caller/user configuration\n return cfg;\n}\n"],"mappings":"~~;;;;;;;;;;;;;;;;;;;;;;;;;;;~~AA0BA,SAAgB,4BACd,KACA,SACoB;CAKpB,MAAM,aAAa,IAAI,uBAAuB;CAC9C,MAAM,cAAe,SAAS,sBAAsB;CACpD,MAAM,kBAAkB,OAAO,YAC7B,OAAO,QAAQ,aAAa,QAAQ,GAAG,OAAO,MAAM,UAAa,MAAM;CAEzE,IAAIA,MAA0B;EAAE,GAAG;EAAY,GAAG;;AAGlD,OAAM;EAAE,GAAG;EAAK,OAAO,IAAI,SAAS;;AAIpC,KAAI,SAAS,SAASC,qCAAuB,6BAC3C,QAAO;EACL,QAAQ;EACR,UAAU,IAAI;EACd,kBAAkB,IAAI;EACtB,OAAO,IAAI,SAAS;;CAKxB,MAAM,kBAAkB,OAAO,SAAS,OAAO;AAO/C,KAAIC,mDAA2B;EAC7B,MAAMC,YAA2C,IAAI,WAAW,SAAU,WAAW,IAAI;AACzF,QAAM;GACJ,GAAG;GACH,QAAQ;GACR,UAAU;;;AAMd,KACE,YACA,SAAS,SACR,QAAQ,SAASF,qCAAuB,oBAAoB,QAAQ,SAASA,qCAAuB,aAIrG,QAAO;EACL,QAAQ;EACR,UAAU;EACV,kBAAkB,IAAI;EACtB,OAAO,IAAI,SAAS;;AAKxB,QAAO"}
1	+ {"version":3,"file":"determineConfirmationConfig.js","names":["cfg: ConfirmationConfig","SecureConfirmationType","needsExplicitActivation","newUiMode: ConfirmationConfig['uiMode']"],"sources":["../../../../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/determineConfirmationConfig.ts"],"sourcesContent":["import type { ConfirmationConfig } from '../../../types/signer-worker';\nimport type { VrfWorkerManagerContext } from '../';\nimport type { SecureConfirmRequest } from './types';\nimport { SecureConfirmationType } from './types';\nimport { needsExplicitActivation } from '@/utils';\n\n/*\n determineConfirmationConfig\n \n Computes the effective confirmation UI behavior used by the secure‑confirmation\n * flow by merging inputs and applying safe runtime rules.\n \n Order of precedence (highest → lowest):\n * 1) Request‑level override (request.confirmationConfig), when explicitly set.\n * 2) User preferences stored in the wallet host (from IndexedDB via ctx.userPreferencesManager).\n * 3) Runtime safety rules (wallet‑iframe registration/link flows) that may clamp behavior.\n \n Wallet‑iframe registration/link safety rule:\n * - When running inside the wallet-iframe host context, always clamp registration/link flows to\n * `{ uiMode: 'modal', behavior: 'requireClick' }` so the user activation happens inside the iframe.\n * This intentionally overrides both user preferences and request-level overrides.\n \n Notes\n * - The function is pure (does not mutate the input object) and safe to call multiple times.\n * - Theme and unrelated visual options are preserved in all cases.\n */\nexport function determineConfirmationConfig(\n ctx: VrfWorkerManagerContext,\n request: SecureConfirmRequest \| undefined,\n): ConfirmationConfig {\n\n // Merge request‑level override over user preferences\n // Important: drop undefined/null fields from the override so they don't clobber\n // persisted preferences (e.g., behavior) with an undefined value.\n const configBase = ctx.userPreferencesManager.getConfirmationConfig();\n const rawOverride = (request?.confirmationConfig \|\| {}) as Partial<ConfirmationConfig>;\n const cleanedOverride = Object.fromEntries(\n Object.entries(rawOverride).filter(([, v]) => v !== undefined && v !== null)\n ) as Partial<ConfirmationConfig>;\n let cfg: ConfirmationConfig = { ...configBase, ...cleanedOverride } as ConfirmationConfig;\n\n // Normalize theme default\n cfg = { ...cfg, theme: cfg.theme \|\| 'dark' } as ConfirmationConfig;\n // Default decrypt-private-key confirmations to 'skip' UI. The flow collects\n // WebAuthn credentials silently and the worker may follow up with a\n // SHOW_SECURE_PRIVATE_KEY_UI request to display the key.\n if (request?.type === SecureConfirmationType.DECRYPT_PRIVATE_KEY_WITH_PRF) {\n return {\n uiMode: 'skip',\n behavior: cfg.behavior,\n autoProceedDelay: cfg.autoProceedDelay,\n theme: cfg.theme \|\| 'dark',\n // container selection handled by uiMode only\n } as ConfirmationConfig;\n }\n // Detect if running inside an iframe (wallet host context)\n const inIframe = (() => window.self !== window.top)();\n\n // On Safari/iOS or mobile devices without a fresh user activation,\n // clamp to a clickable UI to reliably satisfy WebAuthn requirements.\n // - If caller/user set uiMode: 'skip', promote to 'modal' + requireClick\n // - If behavior is 'autoProceed', upgrade to 'requireClick'\n // Use shared heuristic to decide if explicit activation is necessary\n if (needsExplicitActivation()) {\n const newUiMode: ConfirmationConfig['uiMode'] = (cfg.uiMode === 'skip') ? 'drawer' : cfg.uiMode;\n cfg = {\n ...cfg,\n uiMode: newUiMode,\n behavior: 'requireClick',\n } as ConfirmationConfig;\n }\n\n // In wallet‑iframe host context: registration/link flows default to an explicit click.\n // However, if the effective config explicitly opts into auto‑proceed (or skip), honor it.\n if (\n inIframe &&\n request?.type &&\n (request.type === SecureConfirmationType.REGISTER_ACCOUNT \|\| request.type === SecureConfirmationType.LINK_DEVICE)\n ) {\n // Cross‑origin registration/link flows: always require a visible, clickable confirmation\n // so the click lands inside the wallet iframe and satisfies WebAuthn activation.\n return {\n uiMode: 'modal',\n behavior: 'requireClick',\n autoProceedDelay: cfg.autoProceedDelay,\n theme: cfg.theme \|\| 'dark',\n } as ConfirmationConfig;\n }\n\n // Otherwise honor caller/user configuration\n return cfg;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AA0BA,SAAgB,4BACd,KACA,SACoB;CAKpB,MAAM,aAAa,IAAI,uBAAuB;CAC9C,MAAM,cAAe,SAAS,sBAAsB;CACpD,MAAM,kBAAkB,OAAO,YAC7B,OAAO,QAAQ,aAAa,QAAQ,GAAG,OAAO,MAAM,UAAa,MAAM;CAEzE,IAAIA,MAA0B;EAAE,GAAG;EAAY,GAAG;;AAGlD,OAAM;EAAE,GAAG;EAAK,OAAO,IAAI,SAAS;;AAIpC,KAAI,SAAS,SAASC,qCAAuB,6BAC3C,QAAO;EACL,QAAQ;EACR,UAAU,IAAI;EACd,kBAAkB,IAAI;EACtB,OAAO,IAAI,SAAS;;CAKxB,MAAM,kBAAkB,OAAO,SAAS,OAAO;AAO/C,KAAIC,mDAA2B;EAC7B,MAAMC,YAA2C,IAAI,WAAW,SAAU,WAAW,IAAI;AACzF,QAAM;GACJ,GAAG;GACH,QAAQ;GACR,UAAU;;;AAMd,KACE,YACA,SAAS,SACR,QAAQ,SAASF,qCAAuB,oBAAoB,QAAQ,SAASA,qCAAuB,aAIrG,QAAO;EACL,QAAQ;EACR,UAAU;EACV,kBAAkB,IAAI;EACtB,OAAO,IAAI,SAAS;;AAKxB,QAAO"}

package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/localOnly.js CHANGED Viewed

@@ -1,18 +1,16 @@
-const require_rolldown_runtime = require('../../../../../_virtual/rolldown_runtime.js');
-const require_vrf_worker = require('../../../../types/vrf-worker.js');
 const require_errors = require('../../../../../utils/errors.js');
+const require_vrf_worker = require('../../../../types/vrf-worker.js');
 const require_types = require('../types.js');
 const require_common = require('../adapters/common.js');
 const require_requestHelpers = require('../adapters/requestHelpers.js');
 const require_tags = require('../../../LitComponents/tags.js');
 const require_lit_events = require('../../../LitComponents/lit-events.js');
+const require_host_mode = require('../../../../WalletIframe/host-mode.js');
 const require_ensure_defined = require('../../../LitComponents/ensure-defined.js');
 const require_session = require('../adapters/session.js');
 const require_createAdapters = require('../adapters/createAdapters.js');
 //#region src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/localOnly.ts
-require_vrf_worker.init_vrf_worker();
-require_errors.init_errors();
 async function mountExportViewer(payload, confirmationConfig) {
 	await require_ensure_defined.ensureDefined(require_tags.W3A_EXPORT_VIEWER_IFRAME_ID, () => Promise.resolve().then(() => require("../../../LitComponents/ExportPrivateKey/iframe-host.js")));
 	const host = document.createElement(require_tags.W3A_EXPORT_VIEWER_IFRAME_ID);
@@ -59,7 +57,43 @@ async function handleLocalOnlyFlow(ctx, request, worker, opts) {
 		});
 	}
 	if (request.type === require_types.SecureConfirmationType.DECRYPT_PRIVATE_KEY_WITH_PRF) {
+		if (require_host_mode.__isWalletIframeHostMode()) {
+			confirmationConfig.uiMode = "skip";
+			confirmationConfig.behavior = "autoProceed";
+		}
 		const vrfChallenge = require_vrf_worker.createRandomVRFChallenge();
+		if (confirmationConfig.uiMode !== "skip") {
+			try {
+				const op = transactionSummary?.operation;
+				const warning = transactionSummary?.warning;
+				if (!transactionSummary.title) transactionSummary.title = op || "Decrypt Private Key";
+				if (!transactionSummary.body) transactionSummary.body = warning || "Confirm to authenticate with your passkey.";
+			} catch {}
+			const uiVrfChallenge = (() => {
+				try {
+					return {
+						...vrfChallenge,
+						userId: nearAccountId,
+						rpId: adapters.vrf.getRpId()
+					};
+				} catch {
+					return {
+						...vrfChallenge,
+						userId: nearAccountId
+					};
+				}
+			})();
+			const { confirmed, error: uiError } = await session.promptUser({ vrfChallenge: uiVrfChallenge });
+			if (!confirmed) {
+				window.parent?.postMessage({ type: "WALLET_UI_CLOSED" }, "*");
+				return session.confirmAndCloseModal({
+					requestId: request.requestId,
+					intentDigest: require_requestHelpers.getIntentDigest(request),
+					confirmed: false,
+					error: uiError
+				});
+			}
+		}
 		try {
 			const credential = await adapters.webauthn.collectAuthenticationCredentialWithPRF({
 				nearAccountId,

package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/localOnly.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"localOnly.js","names":["ensureDefined","W3A_EXPORT_VIEWER_IFRAME_ID","removeCancelListener: (() => void) \| undefined","addLitCancelListener","createConfirmTxFlowAdapters","createConfirmSession","getNearAccountId","SecureConfirmationType","getIntentDigest","err: unknown","errorMessage","createRandomVRFChallenge","isUserCancelledSecureConfirm","ERROR_MESSAGES"],"sources":["../../../../../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/localOnly.ts"],"sourcesContent":["import type { VrfWorkerManagerContext } from '../../';\nimport type { ConfirmationConfig } from '../../../../types/signer-worker';\nimport {\n SecureConfirmationType,\n TransactionSummary,\n LocalOnlySecureConfirmRequest,\n type ShowSecurePrivateKeyUiPayload,\n} from '../types';\nimport { VRFChallenge } from '../../../../types';\nimport { createRandomVRFChallenge } from '../../../../types/vrf-worker';\nimport { addLitCancelListener } from '../../../LitComponents/lit-events';\nimport { ensureDefined } from '../../../LitComponents/ensure-defined';\nimport { W3A_EXPORT_VIEWER_IFRAME_ID } from '../../../LitComponents/tags';\nimport type { ExportViewerIframeElement } from '../../../LitComponents/ExportPrivateKey/iframe-host';\nimport {\n getNearAccountId,\n getIntentDigest,\n isUserCancelledSecureConfirm,\n ERROR_MESSAGES,\n} from './index';\nimport { errorMessage } from '../../../../../utils/errors';\nimport { createConfirmSession } from '../adapters/session';\nimport { createConfirmTxFlowAdapters } from '../adapters/createAdapters';\n\nasync function mountExportViewer(\n payload: ShowSecurePrivateKeyUiPayload,\n confirmationConfig: ConfirmationConfig,\n): Promise<void> {\n await ensureDefined(W3A_EXPORT_VIEWER_IFRAME_ID, () => import('../../../LitComponents/ExportPrivateKey/iframe-host'));\n const host = document.createElement(W3A_EXPORT_VIEWER_IFRAME_ID) as ExportViewerIframeElement;\n host.theme = payload.theme \|\| confirmationConfig.theme \|\| 'dark';\n host.variant = payload.variant \|\| ((confirmationConfig.uiMode === 'drawer') ? 'drawer' : 'modal');\n host.accountId = payload.nearAccountId;\n host.publicKey = payload.publicKey;\n host.privateKey = payload.privateKey;\n host.loading = false;\n\n window.parent?.postMessage({ type: 'WALLET_UI_OPENED' }, '');\n document.body.appendChild(host);\n\n let removeCancelListener: (() => void) \| undefined;\n removeCancelListener = addLitCancelListener(host, () => {\n window.parent?.postMessage({ type: 'WALLET_UI_CLOSED' }, '');\n removeCancelListener?.();\n host.remove();\n }, { once: true });\n}\n\nexport async function handleLocalOnlyFlow(\n ctx: VrfWorkerManagerContext,\n request: LocalOnlySecureConfirmRequest,\n worker: Worker,\n opts: { confirmationConfig: ConfirmationConfig; transactionSummary: TransactionSummary },\n): Promise<void> {\n\n const { confirmationConfig, transactionSummary } = opts;\n const adapters = createConfirmTxFlowAdapters(ctx);\n const session = createConfirmSession({\n adapters,\n worker,\n request,\n confirmationConfig,\n transactionSummary,\n });\n const nearAccountId = getNearAccountId(request);\n\n // SHOW_SECURE_PRIVATE_KEY_UI: purely visual; keep UI open and return confirmed immediately\n if (request.type === SecureConfirmationType.SHOW_SECURE_PRIVATE_KEY_UI) {\n try {\n await mountExportViewer(request.payload as ShowSecurePrivateKeyUiPayload, confirmationConfig);\n // Keep viewer open; do not close here.\n session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: true,\n });\n return;\n } catch (err: unknown) {\n return session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: false,\n error: errorMessage(err) \|\| 'Failed to render export UI',\n });\n }\n }\n\n // DECRYPT_PRIVATE_KEY_WITH_PRF: collect an authentication credential (with PRF extension results)\n // and return it to the VRF worker; VRF worker extracts PRF outputs internally.\n if (request.type === SecureConfirmationType.DECRYPT_PRIVATE_KEY_WITH_PRF) {\n const vrfChallenge = createRandomVRFChallenge() as VRFChallenge;\n try {\n const credential = await adapters.webauthn.collectAuthenticationCredentialWithPRF({\n nearAccountId,\n vrfChallenge,\n // Offline export / local decrypt needs both PRF outputs so the VRF worker can\n // recover/derive key material without requiring a pre-existing VRF session.\n includeSecondPrfOutput: true,\n });\n // No modal to keep open; export viewer will be shown by a subsequent request.\n return session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: true,\n credential,\n });\n\n } catch (err: unknown) {\n const cancelled = isUserCancelledSecureConfirm(err);\n if (cancelled) {\n window.parent?.postMessage({ type: 'WALLET_UI_CLOSED' }, '*');\n }\n return session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: false,\n error: cancelled ? ERROR_MESSAGES.cancelled : (errorMessage(err) \|\| ERROR_MESSAGES.collectCredentialsFailed),\n });\n }\n }\n}\n"],"mappings":"~~;;;;;;;;;;;;;;;AAwBA~~,eAAe,kBACb,SACA,oBACe;AACf,OAAMA,qCAAcC,qFAAmC;CACvD,MAAM,OAAO,SAAS,cAAcA;AACpC,MAAK,QAAQ,QAAQ,SAAS,mBAAmB,SAAS;AAC1D,MAAK,UAAU,QAAQ,YAAa,mBAAmB,WAAW,WAAY,WAAW;AACzF,MAAK,YAAY,QAAQ;AACzB,MAAK,YAAY,QAAQ;AACzB,MAAK,aAAa,QAAQ;AAC1B,MAAK,UAAU;AAEf,QAAO,QAAQ,YAAY,EAAE,MAAM,sBAAsB;AACzD,UAAS,KAAK,YAAY;CAE1B,IAAIC;AACJ,wBAAuBC,wCAAqB,YAAY;AACtD,SAAO,QAAQ,YAAY,EAAE,MAAM,sBAAsB;AACzD;AACA,OAAK;IACJ,EAAE,MAAM;;AAGb,eAAsB,oBACpB,KACA,SACA,QACA,MACe;CAEf,MAAM,EAAE,oBAAoB,uBAAuB;CACnD,MAAM,WAAWC,mDAA4B;CAC7C,MAAM,UAAUC,qCAAqB;EACnC;EACA;EACA;EACA;EACA;;CAEF,MAAM,gBAAgBC,wCAAiB;AAGvC,KAAI,QAAQ,SAASC,qCAAuB,2BAC1C,KAAI;AACF,QAAM,kBAAkB,QAAQ,SAA0C;AAE1E,UAAQ,qBAAqB;GAC3B,WAAW,QAAQ;GACnB,cAAcC,uCAAgB;GAC9B,WAAW;;AAEb;UACOC,KAAc;AACrB,SAAO,QAAQ,qBAAqB;GAClC,WAAW,QAAQ;GACnB,cAAcD,uCAAgB;GAC9B,WAAW;GACX,OAAOE,4BAAa,QAAQ;;;AAOlC,KAAI,QAAQ,SAASH,qCAAuB,8BAA8B;~~EACxE~~,MAAM,~~eAAeI~~;~~AACrB~~,MAAI;GACF,MAAM,aAAa,MAAM,SAAS,SAAS,uCAAuC;IAChF;IACA;IAGA,wBAAwB;;AAG1B,UAAO,QAAQ,qBAAqB;IAClC,WAAW,QAAQ;IACnB,~~cAAcH~~,uCAAgB;IAC9B,WAAW;IACX;;WAGKC,KAAc;GACrB,MAAM,~~YAAYG~~,4CAA6B;AAC/C,OAAI,UACF,QAAO,QAAQ,YAAY,EAAE,MAAM,sBAAsB;AAE3D,UAAO,QAAQ,qBAAqB;IAClC,WAAW,QAAQ;IACnB,~~cAAcJ~~,uCAAgB;IAC9B,WAAW;IACX,OAAO,~~YAAYK~~,8BAAe,~~YAAaH~~,4BAAa,~~QAAQG~~,8BAAe"}
1	+ {"version":3,"file":"localOnly.js","names":["ensureDefined","W3A_EXPORT_VIEWER_IFRAME_ID","removeCancelListener: (() => void) \| undefined","addLitCancelListener","createConfirmTxFlowAdapters","createConfirmSession","getNearAccountId","SecureConfirmationType","getIntentDigest","err: unknown","errorMessage","__isWalletIframeHostMode","createRandomVRFChallenge","uiVrfChallenge: Partial<VRFChallenge>","isUserCancelledSecureConfirm","ERROR_MESSAGES"],"sources":["../../../../../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/localOnly.ts"],"sourcesContent":["import type { VrfWorkerManagerContext } from '../../';\nimport type { ConfirmationConfig } from '../../../../types/signer-worker';\nimport {\n SecureConfirmationType,\n TransactionSummary,\n LocalOnlySecureConfirmRequest,\n type ShowSecurePrivateKeyUiPayload,\n} from '../types';\nimport { VRFChallenge } from '../../../../types';\nimport { createRandomVRFChallenge } from '../../../../types/vrf-worker';\nimport { addLitCancelListener } from '../../../LitComponents/lit-events';\nimport { ensureDefined } from '../../../LitComponents/ensure-defined';\nimport { W3A_EXPORT_VIEWER_IFRAME_ID } from '../../../LitComponents/tags';\nimport { __isWalletIframeHostMode } from '../../../../WalletIframe/host-mode';\nimport type { ExportViewerIframeElement } from '../../../LitComponents/ExportPrivateKey/iframe-host';\nimport {\n getNearAccountId,\n getIntentDigest,\n isUserCancelledSecureConfirm,\n ERROR_MESSAGES,\n} from './index';\nimport { errorMessage } from '../../../../../utils/errors';\nimport { createConfirmSession } from '../adapters/session';\nimport { createConfirmTxFlowAdapters } from '../adapters/createAdapters';\n\nasync function mountExportViewer(\n payload: ShowSecurePrivateKeyUiPayload,\n confirmationConfig: ConfirmationConfig,\n): Promise<void> {\n await ensureDefined(W3A_EXPORT_VIEWER_IFRAME_ID, () => import('../../../LitComponents/ExportPrivateKey/iframe-host'));\n const host = document.createElement(W3A_EXPORT_VIEWER_IFRAME_ID) as ExportViewerIframeElement;\n host.theme = payload.theme \|\| confirmationConfig.theme \|\| 'dark';\n host.variant = payload.variant \|\| ((confirmationConfig.uiMode === 'drawer') ? 'drawer' : 'modal');\n host.accountId = payload.nearAccountId;\n host.publicKey = payload.publicKey;\n host.privateKey = payload.privateKey;\n host.loading = false;\n\n window.parent?.postMessage({ type: 'WALLET_UI_OPENED' }, '');\n document.body.appendChild(host);\n\n let removeCancelListener: (() => void) \| undefined;\n removeCancelListener = addLitCancelListener(host, () => {\n window.parent?.postMessage({ type: 'WALLET_UI_CLOSED' }, '');\n removeCancelListener?.();\n host.remove();\n }, { once: true });\n}\n\nexport async function handleLocalOnlyFlow(\n ctx: VrfWorkerManagerContext,\n request: LocalOnlySecureConfirmRequest,\n worker: Worker,\n opts: { confirmationConfig: ConfirmationConfig; transactionSummary: TransactionSummary },\n): Promise<void> {\n\n const { confirmationConfig, transactionSummary } = opts;\n const adapters = createConfirmTxFlowAdapters(ctx);\n const session = createConfirmSession({\n adapters,\n worker,\n request,\n confirmationConfig,\n transactionSummary,\n });\n const nearAccountId = getNearAccountId(request);\n\n // SHOW_SECURE_PRIVATE_KEY_UI: purely visual; keep UI open and return confirmed immediately\n if (request.type === SecureConfirmationType.SHOW_SECURE_PRIVATE_KEY_UI) {\n try {\n await mountExportViewer(request.payload as ShowSecurePrivateKeyUiPayload, confirmationConfig);\n // Keep viewer open; do not close here.\n session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: true,\n });\n return;\n } catch (err: unknown) {\n return session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: false,\n error: errorMessage(err) \|\| 'Failed to render export UI',\n });\n }\n }\n\n // DECRYPT_PRIVATE_KEY_WITH_PRF: collect an authentication credential (with PRF extension results)\n // and return it to the VRF worker; VRF worker extracts PRF outputs internally.\n if (request.type === SecureConfirmationType.DECRYPT_PRIVATE_KEY_WITH_PRF) {\n if (__isWalletIframeHostMode()) {\n confirmationConfig.uiMode = 'skip';\n confirmationConfig.behavior = 'autoProceed';\n }\n\n const vrfChallenge = createRandomVRFChallenge() as VRFChallenge;\n // When this flow is initiated via worker→host messaging (wallet-iframe mode),\n // there is typically no transient user activation. If confirmationConfig chooses\n // a visible UI mode (modal/drawer), prompt first so the click lands inside the\n // wallet iframe and grants activation for the subsequent WebAuthn call.\n if (confirmationConfig.uiMode !== 'skip') {\n // Provide a sensible title/body for non-transaction flows so the confirmer\n // doesn't fall back to \"Register with Passkey\" (txSigningRequests is empty).\n try {\n const op = (transactionSummary as any)?.operation as string \| undefined;\n const warning = (transactionSummary as any)?.warning as string \| undefined;\n if (!transactionSummary.title) transactionSummary.title = op \|\| 'Decrypt Private Key';\n if (!transactionSummary.body) {\n transactionSummary.body = warning \|\| 'Confirm to authenticate with your passkey.';\n }\n } catch { }\n\n const uiVrfChallenge: Partial<VRFChallenge> = (() => {\n try {\n return {\n ...vrfChallenge,\n userId: nearAccountId,\n rpId: adapters.vrf.getRpId(),\n } as Partial<VRFChallenge>;\n } catch {\n return { ...vrfChallenge, userId: nearAccountId } as Partial<VRFChallenge>;\n }\n })();\n\n const { confirmed, error: uiError } = await session.promptUser({ vrfChallenge: uiVrfChallenge });\n if (!confirmed) {\n window.parent?.postMessage({ type: 'WALLET_UI_CLOSED' }, '');\n return session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: false,\n error: uiError,\n });\n }\n }\n try {\n const credential = await adapters.webauthn.collectAuthenticationCredentialWithPRF({\n nearAccountId,\n vrfChallenge,\n // Offline export / local decrypt needs both PRF outputs so the VRF worker can\n // recover/derive key material without requiring a pre-existing VRF session.\n includeSecondPrfOutput: true,\n });\n // No modal to keep open; export viewer will be shown by a subsequent request.\n return session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: true,\n credential,\n });\n\n } catch (err: unknown) {\n const cancelled = isUserCancelledSecureConfirm(err);\n if (cancelled) {\n window.parent?.postMessage({ type: 'WALLET_UI_CLOSED' }, '');\n }\n return session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: false,\n error: cancelled ? ERROR_MESSAGES.cancelled : (errorMessage(err) \|\| ERROR_MESSAGES.collectCredentialsFailed),\n });\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;AAyBA,eAAe,kBACb,SACA,oBACe;AACf,OAAMA,qCAAcC,qFAAmC;CACvD,MAAM,OAAO,SAAS,cAAcA;AACpC,MAAK,QAAQ,QAAQ,SAAS,mBAAmB,SAAS;AAC1D,MAAK,UAAU,QAAQ,YAAa,mBAAmB,WAAW,WAAY,WAAW;AACzF,MAAK,YAAY,QAAQ;AACzB,MAAK,YAAY,QAAQ;AACzB,MAAK,aAAa,QAAQ;AAC1B,MAAK,UAAU;AAEf,QAAO,QAAQ,YAAY,EAAE,MAAM,sBAAsB;AACzD,UAAS,KAAK,YAAY;CAE1B,IAAIC;AACJ,wBAAuBC,wCAAqB,YAAY;AACtD,SAAO,QAAQ,YAAY,EAAE,MAAM,sBAAsB;AACzD;AACA,OAAK;IACJ,EAAE,MAAM;;AAGb,eAAsB,oBACpB,KACA,SACA,QACA,MACe;CAEf,MAAM,EAAE,oBAAoB,uBAAuB;CACnD,MAAM,WAAWC,mDAA4B;CAC7C,MAAM,UAAUC,qCAAqB;EACnC;EACA;EACA;EACA;EACA;;CAEF,MAAM,gBAAgBC,wCAAiB;AAGvC,KAAI,QAAQ,SAASC,qCAAuB,2BAC1C,KAAI;AACF,QAAM,kBAAkB,QAAQ,SAA0C;AAE1E,UAAQ,qBAAqB;GAC3B,WAAW,QAAQ;GACnB,cAAcC,uCAAgB;GAC9B,WAAW;;AAEb;UACOC,KAAc;AACrB,SAAO,QAAQ,qBAAqB;GAClC,WAAW,QAAQ;GACnB,cAAcD,uCAAgB;GAC9B,WAAW;GACX,OAAOE,4BAAa,QAAQ;;;AAOlC,KAAI,QAAQ,SAASH,qCAAuB,8BAA8B;AACxE,MAAII,8CAA4B;AAC9B,sBAAmB,SAAS;AAC5B,sBAAmB,WAAW;;EAGhC,MAAM,eAAeC;AAKrB,MAAI,mBAAmB,WAAW,QAAQ;AAGxC,OAAI;IACF,MAAM,KAAM,oBAA4B;IACxC,MAAM,UAAW,oBAA4B;AAC7C,QAAI,CAAC,mBAAmB,MAAO,oBAAmB,QAAQ,MAAM;AAChE,QAAI,CAAC,mBAAmB,KACtB,oBAAmB,OAAO,WAAW;WAEjC;GAER,MAAMC,wBAA+C;AACnD,QAAI;AACF,YAAO;MACL,GAAG;MACH,QAAQ;MACR,MAAM,SAAS,IAAI;;YAEf;AACN,YAAO;MAAE,GAAG;MAAc,QAAQ;;;;GAItC,MAAM,EAAE,WAAW,OAAO,YAAY,MAAM,QAAQ,WAAW,EAAE,cAAc;AAC/E,OAAI,CAAC,WAAW;AACd,WAAO,QAAQ,YAAY,EAAE,MAAM,sBAAsB;AACzD,WAAO,QAAQ,qBAAqB;KAClC,WAAW,QAAQ;KACnB,cAAcL,uCAAgB;KAC9B,WAAW;KACX,OAAO;;;;AAIb,MAAI;GACF,MAAM,aAAa,MAAM,SAAS,SAAS,uCAAuC;IAChF;IACA;IAGA,wBAAwB;;AAG1B,UAAO,QAAQ,qBAAqB;IAClC,WAAW,QAAQ;IACnB,cAAcA,uCAAgB;IAC9B,WAAW;IACX;;WAGKC,KAAc;GACrB,MAAM,YAAYK,4CAA6B;AAC/C,OAAI,UACF,QAAO,QAAQ,YAAY,EAAE,MAAM,sBAAsB;AAE3D,UAAO,QAAQ,qBAAqB;IAClC,WAAW,QAAQ;IACnB,cAAcN,uCAAgB;IAC9B,WAAW;IACX,OAAO,YAAYO,8BAAe,YAAaL,4BAAa,QAAQK,8BAAe"}

package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/registration.js CHANGED Viewed

@@ -1,14 +1,12 @@
-const require_rolldown_runtime = require('../../../../../_virtual/rolldown_runtime.js');
 const require_errors = require('../../../../../utils/errors.js');
 const require_credentialsHelpers = require('../../../credentialsHelpers.js');
+const require_intentDigest = require('../../../../digests/intentDigest.js');
 const require_common = require('../adapters/common.js');
 const require_requestHelpers = require('../adapters/requestHelpers.js');
 const require_session = require('../adapters/session.js');
 const require_createAdapters = require('../adapters/createAdapters.js');
 //#region src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/registration.ts
-require_credentialsHelpers.init_credentialsHelpers();
-require_errors.init_errors();
 async function handleRegistrationFlow(ctx, request, worker, opts) {
 	const { confirmationConfig, transactionSummary } = opts;
 	const adapters = require_createAdapters.createConfirmTxFlowAdapters(ctx);
@@ -40,13 +38,20 @@ async function handleRegistrationFlow(ctx, request, worker, opts) {
 	});
 	const transactionContext = nearRpc.transactionContext;
 	session.setReservedNonces(nearRpc.reservedNonces);
+	const computeBoundIntentDigestB64u = async () => {
+		const uiIntentDigest = require_requestHelpers.getIntentDigest(request);
+		if (!uiIntentDigest) throw new Error("Missing intentDigest for registration flow");
+		return require_intentDigest.sha256Base64UrlUtf8(uiIntentDigest);
+	};
 	const rpId = adapters.vrf.getRpId();
+	const boundIntentDigestB64u = await computeBoundIntentDigestB64u();
 	const bootstrap = await adapters.vrf.generateVrfKeypairBootstrap({
 		vrfInputData: {
 			userId: nearAccountId,
 			rpId,
 			blockHeight: transactionContext.txBlockHeight,
-			blockHash: transactionContext.txBlockHash
+			blockHash: transactionContext.txBlockHash,
+			intentDigest: boundIntentDigestB64u
 		},
 		saveInMemory: true,
 		sessionId: request.requestId
@@ -72,7 +77,7 @@ async function handleRegistrationFlow(ctx, request, worker, opts) {
 		console.debug("[RegistrationFlow] VRF JIT refresh skipped", e);
 	}
 	let credential;
-	let deviceNumber = request.payload?.deviceNumber;
+	let deviceNumber = request.payload?.deviceNumber ?? 1;
 	const tryCreate = async (dn) => {
 		console.debug("[RegistrationFlow] navigator.credentials.create start", { deviceNumber: dn });
 		return await adapters.webauthn.createRegistrationCredential({
@@ -93,8 +98,24 @@ async function handleRegistrationFlow(ctx, request, worker, opts) {
 			if (isDuplicate) {
 				const nextDeviceNumber = deviceNumber !== void 0 && Number.isFinite(deviceNumber) ? deviceNumber + 1 : 2;
 				console.debug("[RegistrationFlow] duplicate credential, retry with next deviceNumber", { nextDeviceNumber });
-				credential = await tryCreate(nextDeviceNumber);
+				deviceNumber = nextDeviceNumber;
 				require_requestHelpers.getRegisterAccountPayload(request).deviceNumber = nextDeviceNumber;
+				request.intentDigest = request.type === "registerAccount" ? `register:${nearAccountId}:${nextDeviceNumber}` : `device2-register:${nearAccountId}:${nextDeviceNumber}`;
+				const retryBoundIntentDigestB64u = await computeBoundIntentDigestB64u();
+				const retryBootstrap = await adapters.vrf.generateVrfKeypairBootstrap({
+					vrfInputData: {
+						userId: nearAccountId,
+						rpId,
+						blockHeight: transactionContext.txBlockHeight,
+						blockHash: transactionContext.txBlockHash,
+						intentDigest: retryBoundIntentDigestB64u
+					},
+					saveInMemory: true,
+					sessionId: request.requestId
+				});
+				uiVrfChallenge = retryBootstrap.vrfChallenge;
+				session.updateUI({ vrfChallenge: uiVrfChallenge });
+				credential = await tryCreate(nextDeviceNumber);
 			} else {
 				console.error("[RegistrationFlow] credentials.create failed (non-duplicate)", {
 					name,

package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/registration.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"registration.js","names":["createConfirmTxFlowAdapters","createConfirmSession","getNearAccountId","getIntentDigest","ERROR_MESSAGES","uiVrfChallenge: VRFChallenge","credential: PublicKeyCredential \| undefined","e: unknown","toError","serialized: WebAuthnRegistrationCredential","isSerializedRegistrationCredential","serializeRegistrationCredentialWithPRF","err: unknown","isUserCancelledSecureConfirm"],"sources":["../../../../../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/registration.ts"],"sourcesContent":["import type { VrfWorkerManagerContext } from '../../';\nimport type { ConfirmationConfig } from '../../../../types/signer-worker';\nimport {\n TransactionSummary,\n RegistrationSecureConfirmRequest,\n} from '../types';\nimport { VRFChallenge, TransactionContext } from '../../../../types';\nimport type { WebAuthnRegistrationCredential } from '../../../../types/webauthn';\nimport {\n getNearAccountId,\n getIntentDigest,\n isUserCancelledSecureConfirm,\n ERROR_MESSAGES,\n getRegisterAccountPayload,\n} from './index';\nimport { isSerializedRegistrationCredential, serializeRegistrationCredentialWithPRF } from '../../../credentialsHelpers';\nimport { toError } from '../../../../../utils/errors';\nimport { createConfirmSession } from '../adapters/session';\nimport { createConfirmTxFlowAdapters } from '../adapters/createAdapters';\n\nexport async function handleRegistrationFlow(\n ctx: VrfWorkerManagerContext,\n request: RegistrationSecureConfirmRequest,\n worker: Worker,\n opts: { confirmationConfig: ConfirmationConfig; transactionSummary: TransactionSummary },\n): Promise<void> {\n\n const { confirmationConfig, transactionSummary } = opts;\n const adapters = createConfirmTxFlowAdapters(ctx);\n const session = createConfirmSession({\n adapters,\n worker,\n request,\n confirmationConfig,\n transactionSummary,\n });\n const nearAccountId = getNearAccountId(request);\n\n console.debug('[RegistrationFlow] start', {\n nearAccountId,\n uiMode: confirmationConfig?.uiMode,\n behavior: confirmationConfig?.behavior,\n theme: confirmationConfig?.theme,\n intentDigest: transactionSummary?.intentDigest,\n });\n\n // 1) NEAR context\n const nearRpc = await adapters.near.fetchNearContext({ nearAccountId, txCount: 1, reserveNonces: true });\n if (nearRpc.error && !nearRpc.transactionContext) {\n return session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: false,\n error: `${ERROR_MESSAGES.nearRpcFailed}: ${nearRpc.details}`,\n });\n }\n const transactionContext = nearRpc.transactionContext as TransactionContext;\n session.setReservedNonces(nearRpc.reservedNonces);\n\n // 2) Initial VRF challenge via bootstrap\n const rpId = adapters.vrf.getRpId();\n const bootstrap = await adapters.vrf.generateVrfKeypairBootstrap({\n vrfInputData: {\n userId: nearAccountId,\n rpId,\n blockHeight: transactionContext.txBlockHeight,\n blockHash: transactionContext.txBlockHash,\n },\n saveInMemory: true,\n sessionId: request.requestId,\n });\n let uiVrfChallenge: VRFChallenge = bootstrap.vrfChallenge;\n console.debug('[RegistrationFlow] VRF bootstrap ok', { blockHeight: uiVrfChallenge.blockHeight });\n\n // 3) UI confirm\n const { confirmed, error: uiError } = await session.promptUser({ vrfChallenge: uiVrfChallenge });\n if (!confirmed) {\n console.debug('[RegistrationFlow] user cancelled');\n return session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: false,\n error: uiError,\n });\n }\n\n // 4) JIT refresh VRF (best-effort)\n try {\n const refreshed = await adapters.vrf.maybeRefreshVrfChallenge(request, nearAccountId);\n uiVrfChallenge = refreshed.vrfChallenge;\n session.updateUI({ vrfChallenge: uiVrfChallenge });\n console.debug('[RegistrationFlow] VRF JIT refresh ok', { blockHeight: uiVrfChallenge.blockHeight });\n } catch (e) {\n console.debug('[RegistrationFlow] VRF JIT refresh skipped', e);\n }\n\n // 5) Collect registration credentials (with duplicate retry)\n let credential: PublicKeyCredential \| undefined;\n let deviceNumber = request.payload?.deviceNumber;\n\n const tryCreate = async (dn?: number): Promise<PublicKeyCredential> => {\n console.debug('[RegistrationFlow] navigator.credentials.create start', { deviceNumber: dn });\n return await adapters.webauthn.createRegistrationCredential({\n nearAccountId,\n challenge: uiVrfChallenge,\n deviceNumber: dn,\n });\n };\n\n try {\n try {\n credential = await tryCreate(deviceNumber);\n console.debug('[RegistrationFlow] credentials.create ok');\n } catch (e: unknown) {\n const err = toError(e);\n const name = String(err?.name \|\| '');\n const msg = String(err?.message \|\| '');\n const isDuplicate = name === 'InvalidStateError' \|\| /excluded\|already\\sregistered/i.test(msg);\n if (isDuplicate) {\n const nextDeviceNumber = (deviceNumber !== undefined && Number.isFinite(deviceNumber)) ? (deviceNumber + 1) : 2;\n console.debug('[RegistrationFlow] duplicate credential, retry with next deviceNumber', { nextDeviceNumber });\n credential = await tryCreate(nextDeviceNumber);\n getRegisterAccountPayload(request).deviceNumber = nextDeviceNumber;\n } else {\n console.error('[RegistrationFlow] credentials.create failed (non-duplicate)', { name, msg });\n throw err;\n }\n }\n\n // We require registration credentials to include dual PRF outputs (first + second)\n // so VRF/NEAR key derivation can happen inside the workers without passing PRF outputs\n // as separate main-thread values.\n const serialized: WebAuthnRegistrationCredential = isSerializedRegistrationCredential(credential as unknown)\n ? (credential as unknown as WebAuthnRegistrationCredential)\n : serializeRegistrationCredentialWithPRF({\n credential: credential! as PublicKeyCredential,\n firstPrfOutput: true,\n secondPrfOutput: true,\n });\n\n // 6) Respond + close\n session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: true,\n credential: serialized,\n // PRF outputs are embedded in serialized credential; VRF worker extracts and sends via MessagePort\n vrfChallenge: uiVrfChallenge,\n transactionContext,\n });\n\n } catch (err: unknown) {\n const cancelled = isUserCancelledSecureConfirm(err);\n const msg = String((toError(err))?.message \|\| err \|\| '');\n // For missing PRF outputs, surface the error to caller (defensive path tests expect a throw)\n if (/Missing PRF result/i.test(msg) \|\| /Missing PRF results/i.test(msg)) {\n return session.cleanupAndRethrow(err);\n }\n if (cancelled) {\n window.parent?.postMessage({ type: 'WALLET_UI_CLOSED' }, '');\n }\n\n const isPrfBrowserUnsupported =\n /WebAuthn PRF output is missing from navigator\\.credentials\\.create\$\$/i.test(msg)\n \|\| /does not fully support the WebAuthn PRF extension during registration/i.test(msg)\n \|\| /roaming hardware authenticators .* not supported in this flow/i.test(msg);\n\n return session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: false,\n error: cancelled\n ? ERROR_MESSAGES.cancelled\n : (isPrfBrowserUnsupported ? msg : ERROR_MESSAGES.collectCredentialsFailed),\n });\n }\n}\n"],"mappings":";;;;;;;;;;;AAoBA,eAAsB,uBACpB,KACA,SACA,QACA,MACe;CAEf,MAAM,EAAE,oBAAoB,uBAAuB;CACnD,MAAM,WAAWA,mDAA4B;CAC7C,MAAM,UAAUC,qCAAqB;EACnC;EACA;EACA;EACA;EACA;;CAEF,MAAM,gBAAgBC,wCAAiB;AAEvC,SAAQ,MAAM,4BAA4B;EACxC;EACA,QAAQ,oBAAoB;EAC5B,UAAU,oBAAoB;EAC9B,OAAO,oBAAoB;EAC3B,cAAc,oBAAoB;;CAIpC,MAAM,UAAU,MAAM,SAAS,KAAK,iBAAiB;EAAE;EAAe,SAAS;EAAG,eAAe;;AACjG,KAAI,QAAQ,SAAS,CAAC,QAAQ,mBAC5B,QAAO,QAAQ,qBAAqB;EAClC,WAAW,QAAQ;EACnB,cAAcC,uCAAgB;EAC9B,WAAW;EACX,OAAO,GAAGC,8BAAe,cAAc,IAAI,QAAQ;;CAGvD,MAAM,qBAAqB,QAAQ;AACnC,SAAQ,kBAAkB,QAAQ;CAGlC,MAAM,OAAO,SAAS,IAAI;CAC1B,MAAM,YAAY,MAAM,SAAS,IAAI,4BAA4B;EAC/D,cAAc;GACZ,QAAQ;GACR;GACA,aAAa,mBAAmB;GAChC,WAAW,mBAAmB;;EAEhC,cAAc;EACd,WAAW,QAAQ;;CAErB,IAAIC,iBAA+B,UAAU;AAC7C,SAAQ,MAAM,uCAAuC,EAAE,aAAa,eAAe;CAGnF,MAAM,EAAE,WAAW,OAAO,YAAY,MAAM,QAAQ,WAAW,EAAE,cAAc;AAC/E,KAAI,CAAC,WAAW;AACd,UAAQ,MAAM;AACd,SAAO,QAAQ,qBAAqB;GAClC,WAAW,QAAQ;GACnB,cAAcF,uCAAgB;GAC9B,WAAW;GACX,OAAO;;;AAKX,KAAI;EACF,MAAM,YAAY,MAAM,SAAS,IAAI,yBAAyB,SAAS;AACvE,mBAAiB,UAAU;AAC3B,UAAQ,SAAS,EAAE,cAAc;AACjC,UAAQ,MAAM,yCAAyC,EAAE,aAAa,eAAe;UAC9E,GAAG;AACV,UAAQ,MAAM,8CAA8C;;CAI9D,IAAIG;CACJ,IAAI,eAAe,QAAQ,SAAS;CAEpC,MAAM,YAAY,OAAO,OAA8C;AACrE,UAAQ,MAAM,yDAAyD,EAAE,cAAc;AACvF,SAAO,MAAM,SAAS,SAAS,6BAA6B;GAC1D;GACA,WAAW;GACX,cAAc;;;AAIlB,KAAI;AACF,MAAI;AACF,gBAAa,MAAM,UAAU;AAC7B,WAAQ,MAAM;WACPC,GAAY;GACnB,MAAM,MAAMC,uBAAQ;GACpB,MAAM,OAAO,OAAO,KAAK,QAAQ;GACjC,MAAM,MAAM,OAAO,KAAK,WAAW;GACnC,MAAM,cAAc,SAAS,uBAAuB,iCAAiC,KAAK;AAC1F,OAAI,aAAa;IACf,MAAM,mBAAoB,iBAAiB,UAAa,OAAO,SAAS,gBAAkB,eAAe,IAAK;AAC9G,YAAQ,MAAM,yEAAyE,EAAE;AACzF,iBAAa,MAAM,UAAU;AAC7B,qDAA0B,SAAS,eAAe;UAC7C;AACL,YAAQ,MAAM,gEAAgE;KAAE;KAAM;;AACtF,UAAM;;;EAOV,MAAMC,aAA6CC,8DAAmC,cACjF,aACDC,kEAAuC;GACzB;GACZ,gBAAgB;GAChB,iBAAiB;;AAIvB,UAAQ,qBAAqB;GAC3B,WAAW,QAAQ;GACnB,cAAcR,uCAAgB;GAC9B,WAAW;GACX,YAAY;GAEZ,cAAc;GACd;;UAGKS,KAAc;EACrB,MAAM,YAAYC,4CAA6B;EAC/C,MAAM,MAAM,OAAQL,uBAAQ,MAAO,WAAW,OAAO;AAErD,MAAI,sBAAsB,KAAK,QAAQ,uBAAuB,KAAK,KACjE,QAAO,QAAQ,kBAAkB;AAEnC,MAAI,UACF,QAAO,QAAQ,YAAY,EAAE,MAAM,sBAAsB;EAG3D,MAAM,0BACJ,0EAA0E,KAAK,QAC5E,yEAAyE,KAAK,QAC9E,iEAAiE,KAAK;AAE3E,SAAO,QAAQ,qBAAqB;GAClC,WAAW,QAAQ;GACnB,cAAcL,uCAAgB;GAC9B,WAAW;GACX,OAAO,YACHC,8BAAe,YACd,0BAA0B,MAAMA,8BAAe"}
1	+ {"version":3,"file":"registration.js","names":["createConfirmTxFlowAdapters","createConfirmSession","getNearAccountId","getIntentDigest","ERROR_MESSAGES","sha256Base64UrlUtf8","uiVrfChallenge: VRFChallenge","credential: PublicKeyCredential \| undefined","e: unknown","toError","serialized: WebAuthnRegistrationCredential","isSerializedRegistrationCredential","serializeRegistrationCredentialWithPRF","err: unknown","isUserCancelledSecureConfirm"],"sources":["../../../../../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/registration.ts"],"sourcesContent":["import type { VrfWorkerManagerContext } from '../../';\nimport type { ConfirmationConfig } from '../../../../types/signer-worker';\nimport {\n TransactionSummary,\n RegistrationSecureConfirmRequest,\n} from '../types';\nimport { VRFChallenge, TransactionContext } from '../../../../types';\nimport type { WebAuthnRegistrationCredential } from '../../../../types/webauthn';\nimport { sha256Base64UrlUtf8 } from '../../../../digests/intentDigest';\nimport {\n getNearAccountId,\n getIntentDigest,\n isUserCancelledSecureConfirm,\n ERROR_MESSAGES,\n getRegisterAccountPayload,\n} from './index';\nimport { isSerializedRegistrationCredential, serializeRegistrationCredentialWithPRF } from '../../../credentialsHelpers';\nimport { toError } from '../../../../../utils/errors';\nimport { createConfirmSession } from '../adapters/session';\nimport { createConfirmTxFlowAdapters } from '../adapters/createAdapters';\n\nexport async function handleRegistrationFlow(\n ctx: VrfWorkerManagerContext,\n request: RegistrationSecureConfirmRequest,\n worker: Worker,\n opts: { confirmationConfig: ConfirmationConfig; transactionSummary: TransactionSummary },\n): Promise<void> {\n\n const { confirmationConfig, transactionSummary } = opts;\n const adapters = createConfirmTxFlowAdapters(ctx);\n const session = createConfirmSession({\n adapters,\n worker,\n request,\n confirmationConfig,\n transactionSummary,\n });\n const nearAccountId = getNearAccountId(request);\n\n console.debug('[RegistrationFlow] start', {\n nearAccountId,\n uiMode: confirmationConfig?.uiMode,\n behavior: confirmationConfig?.behavior,\n theme: confirmationConfig?.theme,\n intentDigest: transactionSummary?.intentDigest,\n });\n\n // 1) NEAR context\n const nearRpc = await adapters.near.fetchNearContext({ nearAccountId, txCount: 1, reserveNonces: true });\n if (nearRpc.error && !nearRpc.transactionContext) {\n return session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: false,\n error: `${ERROR_MESSAGES.nearRpcFailed}: ${nearRpc.details}`,\n });\n }\n const transactionContext = nearRpc.transactionContext as TransactionContext;\n session.setReservedNonces(nearRpc.reservedNonces);\n\n const computeBoundIntentDigestB64u = async (): Promise<string> => {\n const uiIntentDigest = getIntentDigest(request);\n if (!uiIntentDigest) {\n throw new Error('Missing intentDigest for registration flow');\n }\n return sha256Base64UrlUtf8(uiIntentDigest);\n };\n\n // 2) Initial VRF challenge via bootstrap\n const rpId = adapters.vrf.getRpId();\n const boundIntentDigestB64u = await computeBoundIntentDigestB64u();\n const bootstrap = await adapters.vrf.generateVrfKeypairBootstrap({\n vrfInputData: {\n userId: nearAccountId,\n rpId,\n blockHeight: transactionContext.txBlockHeight,\n blockHash: transactionContext.txBlockHash,\n intentDigest: boundIntentDigestB64u,\n },\n saveInMemory: true,\n sessionId: request.requestId,\n });\n let uiVrfChallenge: VRFChallenge = bootstrap.vrfChallenge;\n console.debug('[RegistrationFlow] VRF bootstrap ok', { blockHeight: uiVrfChallenge.blockHeight });\n\n // 3) UI confirm\n const { confirmed, error: uiError } = await session.promptUser({ vrfChallenge: uiVrfChallenge });\n if (!confirmed) {\n console.debug('[RegistrationFlow] user cancelled');\n return session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: false,\n error: uiError,\n });\n }\n\n // 4) JIT refresh VRF (best-effort)\n try {\n const refreshed = await adapters.vrf.maybeRefreshVrfChallenge(request, nearAccountId);\n uiVrfChallenge = refreshed.vrfChallenge;\n session.updateUI({ vrfChallenge: uiVrfChallenge });\n console.debug('[RegistrationFlow] VRF JIT refresh ok', { blockHeight: uiVrfChallenge.blockHeight });\n } catch (e) {\n console.debug('[RegistrationFlow] VRF JIT refresh skipped', e);\n }\n\n // 5) Collect registration credentials (with duplicate retry)\n let credential: PublicKeyCredential \| undefined;\n let deviceNumber = request.payload?.deviceNumber ?? 1;\n\n const tryCreate = async (dn?: number): Promise<PublicKeyCredential> => {\n console.debug('[RegistrationFlow] navigator.credentials.create start', { deviceNumber: dn });\n return await adapters.webauthn.createRegistrationCredential({\n nearAccountId,\n challenge: uiVrfChallenge,\n deviceNumber: dn,\n });\n };\n\n try {\n try {\n credential = await tryCreate(deviceNumber);\n console.debug('[RegistrationFlow] credentials.create ok');\n } catch (e: unknown) {\n const err = toError(e);\n const name = String(err?.name \|\| '');\n const msg = String(err?.message \|\| '');\n const isDuplicate = name === 'InvalidStateError' \|\| /excluded\|already\\sregistered/i.test(msg);\n if (isDuplicate) {\n const nextDeviceNumber = (deviceNumber !== undefined && Number.isFinite(deviceNumber)) ? (deviceNumber + 1) : 2;\n console.debug('[RegistrationFlow] duplicate credential, retry with next deviceNumber', { nextDeviceNumber });\n // Keep request payload and intentDigest in sync with the deviceNumber retry.\n deviceNumber = nextDeviceNumber;\n getRegisterAccountPayload(request).deviceNumber = nextDeviceNumber;\n request.intentDigest = request.type === 'registerAccount'\n ? `register:${nearAccountId}:${nextDeviceNumber}`\n : `device2-register:${nearAccountId}:${nextDeviceNumber}`;\n\n // Regenerate a VRF challenge bound to the updated intentDigest so the contract-side\n // VRF input derivation remains consistent end-to-end.\n const retryBoundIntentDigestB64u = await computeBoundIntentDigestB64u();\n const retryBootstrap = await adapters.vrf.generateVrfKeypairBootstrap({\n vrfInputData: {\n userId: nearAccountId,\n rpId,\n blockHeight: transactionContext.txBlockHeight,\n blockHash: transactionContext.txBlockHash,\n intentDigest: retryBoundIntentDigestB64u,\n },\n saveInMemory: true,\n sessionId: request.requestId,\n });\n uiVrfChallenge = retryBootstrap.vrfChallenge;\n session.updateUI({ vrfChallenge: uiVrfChallenge });\n\n credential = await tryCreate(nextDeviceNumber);\n } else {\n console.error('[RegistrationFlow] credentials.create failed (non-duplicate)', { name, msg });\n throw err;\n }\n }\n\n // We require registration credentials to include dual PRF outputs (first + second)\n // so VRF/NEAR key derivation can happen inside the workers without passing PRF outputs\n // as separate main-thread values.\n const serialized: WebAuthnRegistrationCredential = isSerializedRegistrationCredential(credential as unknown)\n ? (credential as unknown as WebAuthnRegistrationCredential)\n : serializeRegistrationCredentialWithPRF({\n credential: credential! as PublicKeyCredential,\n firstPrfOutput: true,\n secondPrfOutput: true,\n });\n\n // 6) Respond + close\n session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: true,\n credential: serialized,\n // PRF outputs are embedded in serialized credential; VRF worker extracts and sends via MessagePort\n vrfChallenge: uiVrfChallenge,\n transactionContext,\n });\n\n } catch (err: unknown) {\n const cancelled = isUserCancelledSecureConfirm(err);\n const msg = String((toError(err))?.message \|\| err \|\| '');\n // For missing PRF outputs, surface the error to caller (defensive path tests expect a throw)\n if (/Missing PRF result/i.test(msg) \|\| /Missing PRF results/i.test(msg)) {\n return session.cleanupAndRethrow(err);\n }\n if (cancelled) {\n window.parent?.postMessage({ type: 'WALLET_UI_CLOSED' }, '');\n }\n\n const isPrfBrowserUnsupported =\n /WebAuthn PRF output is missing from navigator\\.credentials\\.create\$\$/i.test(msg)\n \|\| /does not fully support the WebAuthn PRF extension during registration/i.test(msg)\n \|\| /roaming hardware authenticators .* not supported in this flow/i.test(msg);\n\n return session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: false,\n error: cancelled\n ? ERROR_MESSAGES.cancelled\n : (isPrfBrowserUnsupported ? msg : ERROR_MESSAGES.collectCredentialsFailed),\n });\n }\n}\n"],"mappings":";;;;;;;;;AAqBA,eAAsB,uBACpB,KACA,SACA,QACA,MACe;CAEf,MAAM,EAAE,oBAAoB,uBAAuB;CACnD,MAAM,WAAWA,mDAA4B;CAC7C,MAAM,UAAUC,qCAAqB;EACnC;EACA;EACA;EACA;EACA;;CAEF,MAAM,gBAAgBC,wCAAiB;AAEvC,SAAQ,MAAM,4BAA4B;EACxC;EACA,QAAQ,oBAAoB;EAC5B,UAAU,oBAAoB;EAC9B,OAAO,oBAAoB;EAC3B,cAAc,oBAAoB;;CAIpC,MAAM,UAAU,MAAM,SAAS,KAAK,iBAAiB;EAAE;EAAe,SAAS;EAAG,eAAe;;AACjG,KAAI,QAAQ,SAAS,CAAC,QAAQ,mBAC5B,QAAO,QAAQ,qBAAqB;EAClC,WAAW,QAAQ;EACnB,cAAcC,uCAAgB;EAC9B,WAAW;EACX,OAAO,GAAGC,8BAAe,cAAc,IAAI,QAAQ;;CAGvD,MAAM,qBAAqB,QAAQ;AACnC,SAAQ,kBAAkB,QAAQ;CAElC,MAAM,+BAA+B,YAA6B;EAChE,MAAM,iBAAiBD,uCAAgB;AACvC,MAAI,CAAC,eACH,OAAM,IAAI,MAAM;AAElB,SAAOE,yCAAoB;;CAI7B,MAAM,OAAO,SAAS,IAAI;CAC1B,MAAM,wBAAwB,MAAM;CACpC,MAAM,YAAY,MAAM,SAAS,IAAI,4BAA4B;EAC/D,cAAc;GACZ,QAAQ;GACR;GACA,aAAa,mBAAmB;GAChC,WAAW,mBAAmB;GAC9B,cAAc;;EAEhB,cAAc;EACd,WAAW,QAAQ;;CAErB,IAAIC,iBAA+B,UAAU;AAC7C,SAAQ,MAAM,uCAAuC,EAAE,aAAa,eAAe;CAGnF,MAAM,EAAE,WAAW,OAAO,YAAY,MAAM,QAAQ,WAAW,EAAE,cAAc;AAC/E,KAAI,CAAC,WAAW;AACd,UAAQ,MAAM;AACd,SAAO,QAAQ,qBAAqB;GAClC,WAAW,QAAQ;GACnB,cAAcH,uCAAgB;GAC9B,WAAW;GACX,OAAO;;;AAKX,KAAI;EACF,MAAM,YAAY,MAAM,SAAS,IAAI,yBAAyB,SAAS;AACvE,mBAAiB,UAAU;AAC3B,UAAQ,SAAS,EAAE,cAAc;AACjC,UAAQ,MAAM,yCAAyC,EAAE,aAAa,eAAe;UAC9E,GAAG;AACV,UAAQ,MAAM,8CAA8C;;CAI9D,IAAII;CACJ,IAAI,eAAe,QAAQ,SAAS,gBAAgB;CAEpD,MAAM,YAAY,OAAO,OAA8C;AACrE,UAAQ,MAAM,yDAAyD,EAAE,cAAc;AACvF,SAAO,MAAM,SAAS,SAAS,6BAA6B;GAC1D;GACA,WAAW;GACX,cAAc;;;AAIlB,KAAI;AACF,MAAI;AACF,gBAAa,MAAM,UAAU;AAC7B,WAAQ,MAAM;WACPC,GAAY;GACnB,MAAM,MAAMC,uBAAQ;GACpB,MAAM,OAAO,OAAO,KAAK,QAAQ;GACjC,MAAM,MAAM,OAAO,KAAK,WAAW;GACnC,MAAM,cAAc,SAAS,uBAAuB,iCAAiC,KAAK;AAC1F,OAAI,aAAa;IACf,MAAM,mBAAoB,iBAAiB,UAAa,OAAO,SAAS,gBAAkB,eAAe,IAAK;AAC9G,YAAQ,MAAM,yEAAyE,EAAE;AAEzF,mBAAe;AACf,qDAA0B,SAAS,eAAe;AAClD,YAAQ,eAAe,QAAQ,SAAS,oBACpC,YAAY,cAAc,GAAG,qBAC7B,oBAAoB,cAAc,GAAG;IAIzC,MAAM,6BAA6B,MAAM;IACzC,MAAM,iBAAiB,MAAM,SAAS,IAAI,4BAA4B;KACpE,cAAc;MACZ,QAAQ;MACR;MACA,aAAa,mBAAmB;MAChC,WAAW,mBAAmB;MAC9B,cAAc;;KAEhB,cAAc;KACd,WAAW,QAAQ;;AAErB,qBAAiB,eAAe;AAChC,YAAQ,SAAS,EAAE,cAAc;AAEjC,iBAAa,MAAM,UAAU;UACxB;AACL,YAAQ,MAAM,gEAAgE;KAAE;KAAM;;AACtF,UAAM;;;EAOV,MAAMC,aAA6CC,8DAAmC,cACjF,aACDC,kEAAuC;GACzB;GACZ,gBAAgB;GAChB,iBAAiB;;AAIvB,UAAQ,qBAAqB;GAC3B,WAAW,QAAQ;GACnB,cAAcT,uCAAgB;GAC9B,WAAW;GACX,YAAY;GAEZ,cAAc;GACd;;UAGKU,KAAc;EACrB,MAAM,YAAYC,4CAA6B;EAC/C,MAAM,MAAM,OAAQL,uBAAQ,MAAO,WAAW,OAAO;AAErD,MAAI,sBAAsB,KAAK,QAAQ,uBAAuB,KAAK,KACjE,QAAO,QAAQ,kBAAkB;AAEnC,MAAI,UACF,QAAO,QAAQ,YAAY,EAAE,MAAM,sBAAsB;EAG3D,MAAM,0BACJ,0EAA0E,KAAK,QAC5E,yEAAyE,KAAK,QAC9E,iEAAiE,KAAK;AAE3E,SAAO,QAAQ,qBAAqB;GAClC,WAAW,QAAQ;GACnB,cAAcN,uCAAgB;GAC9B,WAAW;GACX,OAAO,YACHC,8BAAe,YACd,0BAA0B,MAAMA,8BAAe"}

package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/requestRegistrationCredentialConfirmation.js CHANGED Viewed

@@ -1,11 +1,9 @@
-const require_rolldown_runtime = require('../../../../../_virtual/rolldown_runtime.js');
 const require_defaultConfigs = require('../../../../defaultConfigs.js');
 const require_validation = require('../../../SignerWorkerManager/handlers/validation.js');
 const require_types = require('../types.js');
 const require_secureConfirmBridge = require('../../secureConfirmBridge.js');
 //#region src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/requestRegistrationCredentialConfirmation.ts
-require_defaultConfigs.init_defaultConfigs();
 async function requestRegistrationCredentialConfirmation({ ctx, nearAccountId, deviceNumber, confirmerText, contractId, nearRpcUrl, confirmationConfig }) {
 	const resolvedContractId = contractId || require_defaultConfigs.PASSKEY_MANAGER_DEFAULT_CONFIGS.contractId;
 	const resolvedNearRpcUrl = nearRpcUrl || require_defaultConfigs.PASSKEY_MANAGER_DEFAULT_CONFIGS.nearRpcUrl.split(",")[0] || require_defaultConfigs.PASSKEY_MANAGER_DEFAULT_CONFIGS.nearRpcUrl;
@@ -13,7 +11,6 @@ async function requestRegistrationCredentialConfirmation({ ctx, nearAccountId, d
 	const title = confirmerText?.title;
 	const body = confirmerText?.body;
 	const request = {
-		schemaVersion: 2,
 		requestId,
 		type: require_types.SecureConfirmationType.REGISTER_ACCOUNT,
 		summary: {

package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/requestRegistrationCredentialConfirmation.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"requestRegistrationCredentialConfirmation.js","names":["PASSKEY_MANAGER_DEFAULT_CONFIGS","request: SecureConfirmRequest<{\n nearAccountId: string;\n deviceNumber: number;\n rpcCall: { contractId: string; nearRpcUrl: string; nearAccountId: string };\n }, RegistrationSummary>","SecureConfirmationType","runSecureConfirm","parseAndValidateRegistrationCredentialConfirmationPayload"],"sources":["../../../../../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/requestRegistrationCredentialConfirmation.ts"],"sourcesContent":["import type { ConfirmationConfig } from '../../../../types/signer-worker';\nimport { PASSKEY_MANAGER_DEFAULT_CONFIGS } from '../../../../defaultConfigs';\nimport type { VrfWorkerManagerContext } from '../../';\nimport { runSecureConfirm } from '../../secureConfirmBridge';\nimport {\n SecureConfirmationType,\n type RegistrationSummary,\n type SecureConfirmRequest,\n} from '../types';\nimport {\n parseAndValidateRegistrationCredentialConfirmationPayload,\n type RegistrationCredentialConfirmationPayload,\n} from '../../../SignerWorkerManager/handlers/validation';\n\nexport async function requestRegistrationCredentialConfirmation({\n ctx,\n nearAccountId,\n deviceNumber,\n confirmerText,\n contractId,\n nearRpcUrl,\n confirmationConfig,\n}: {\n ctx: VrfWorkerManagerContext,\n nearAccountId: string,\n deviceNumber: number,\n confirmerText?: { title?: string; body?: string };\n contractId: string,\n nearRpcUrl: string,\n confirmationConfig?: Partial<ConfirmationConfig>,\n}): Promise<RegistrationCredentialConfirmationPayload> {\n\n // Ensure required fields are present; JSON.stringify drops undefined causing Rust parse failure\n const resolvedContractId = contractId \|\| PASSKEY_MANAGER_DEFAULT_CONFIGS.contractId;\n // Use the first URL if defaults include a failover list\n const resolvedNearRpcUrl = nearRpcUrl\n \|\| (PASSKEY_MANAGER_DEFAULT_CONFIGS.nearRpcUrl.split(',')[0] \|\| PASSKEY_MANAGER_DEFAULT_CONFIGS.nearRpcUrl);\n\n const requestId = (typeof crypto !== 'undefined' && typeof crypto.randomUUID === 'function')\n ? crypto.randomUUID()\n : `register-${Date.now()}-${Math.random().toString(16).slice(2)}`;\n\n const title = confirmerText?.title;\n const body = confirmerText?.body;\n const request: SecureConfirmRequest<{\n nearAccountId: string;\n deviceNumber: number;\n rpcCall: { contractId: string; nearRpcUrl: string; nearAccountId: string };\n }, RegistrationSummary> = {\n ~~schemaVersion: 2,\n~~ requestId,\n type: SecureConfirmationType.REGISTER_ACCOUNT,\n summary: {\n nearAccountId,\n deviceNumber,\n contractId: resolvedContractId,\n ...(title != null ? { title } : {}),\n ...(body != null ? { body } : {}),\n },\n payload: {\n nearAccountId,\n deviceNumber,\n rpcCall: {\n contractId: resolvedContractId,\n nearRpcUrl: resolvedNearRpcUrl,\n nearAccountId,\n },\n },\n confirmationConfig,\n intentDigest: `register:${nearAccountId}:${deviceNumber}`,\n };\n\n const decision = await runSecureConfirm(ctx, request);\n\n return parseAndValidateRegistrationCredentialConfirmationPayload({\n confirmed: decision.confirmed,\n requestId,\n intentDigest: decision.intentDigest \|\| '',\n credential: decision.credential,\n vrfChallenge: decision.vrfChallenge,\n transactionContext: decision.transactionContext,\n error: decision.error,\n });\n}\n"],"mappings":"~~;;;;;;;;~~AAcA,eAAsB,0CAA0C,EAC9D,KACA,eACA,cACA,eACA,YACA,YACA,sBASqD;CAGrD,MAAM,qBAAqB,cAAcA,uDAAgC;CAEzE,MAAM,qBAAqB,cACrBA,uDAAgC,WAAW,MAAM,KAAK,MAAMA,uDAAgC;CAElG,MAAM,YAAa,OAAO,WAAW,eAAe,OAAO,OAAO,eAAe,aAC7E,OAAO,eACP,YAAY,KAAK,MAAM,GAAG,KAAK,SAAS,SAAS,IAAI,MAAM;CAE/D,MAAM,QAAQ,eAAe;CAC7B,MAAM,OAAO,eAAe;CAC5B,MAAMC,UAIoB;EACxB~~,eAAe~~;~~EACf;~~EACA,MAAMC,qCAAuB;EAC7B,SAAS;GACP;GACA;GACA,YAAY;GACZ,GAAI,SAAS,OAAO,EAAE,UAAU;GAChC,GAAI,QAAQ,OAAO,EAAE,SAAS;;EAEhC,SAAS;GACP;GACA;GACA,SAAS;IACP,YAAY;IACZ,YAAY;IACZ;;;EAGJ;EACA,cAAc,YAAY,cAAc,GAAG;;CAG7C,MAAM,WAAW,MAAMC,6CAAiB,KAAK;AAE7C,QAAOC,6EAA0D;EAC/D,WAAW,SAAS;EACpB;EACA,cAAc,SAAS,gBAAgB;EACvC,YAAY,SAAS;EACrB,cAAc,SAAS;EACvB,oBAAoB,SAAS;EAC7B,OAAO,SAAS"}
1	+ {"version":3,"file":"requestRegistrationCredentialConfirmation.js","names":["PASSKEY_MANAGER_DEFAULT_CONFIGS","request: SecureConfirmRequest<{\n nearAccountId: string;\n deviceNumber: number;\n rpcCall: { contractId: string; nearRpcUrl: string; nearAccountId: string };\n }, RegistrationSummary>","SecureConfirmationType","runSecureConfirm","parseAndValidateRegistrationCredentialConfirmationPayload"],"sources":["../../../../../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/requestRegistrationCredentialConfirmation.ts"],"sourcesContent":["import type { ConfirmationConfig } from '../../../../types/signer-worker';\nimport { PASSKEY_MANAGER_DEFAULT_CONFIGS } from '../../../../defaultConfigs';\nimport type { VrfWorkerManagerContext } from '../../';\nimport { runSecureConfirm } from '../../secureConfirmBridge';\nimport {\n SecureConfirmationType,\n type RegistrationSummary,\n type SecureConfirmRequest,\n} from '../types';\nimport {\n parseAndValidateRegistrationCredentialConfirmationPayload,\n type RegistrationCredentialConfirmationPayload,\n} from '../../../SignerWorkerManager/handlers/validation';\n\nexport async function requestRegistrationCredentialConfirmation({\n ctx,\n nearAccountId,\n deviceNumber,\n confirmerText,\n contractId,\n nearRpcUrl,\n confirmationConfig,\n}: {\n ctx: VrfWorkerManagerContext,\n nearAccountId: string,\n deviceNumber: number,\n confirmerText?: { title?: string; body?: string };\n contractId: string,\n nearRpcUrl: string,\n confirmationConfig?: Partial<ConfirmationConfig>,\n}): Promise<RegistrationCredentialConfirmationPayload> {\n\n // Ensure required fields are present; JSON.stringify drops undefined causing Rust parse failure\n const resolvedContractId = contractId \|\| PASSKEY_MANAGER_DEFAULT_CONFIGS.contractId;\n // Use the first URL if defaults include a failover list\n const resolvedNearRpcUrl = nearRpcUrl\n \|\| (PASSKEY_MANAGER_DEFAULT_CONFIGS.nearRpcUrl.split(',')[0] \|\| PASSKEY_MANAGER_DEFAULT_CONFIGS.nearRpcUrl);\n\n const requestId = (typeof crypto !== 'undefined' && typeof crypto.randomUUID === 'function')\n ? crypto.randomUUID()\n : `register-${Date.now()}-${Math.random().toString(16).slice(2)}`;\n\n const title = confirmerText?.title;\n const body = confirmerText?.body;\n const request: SecureConfirmRequest<{\n nearAccountId: string;\n deviceNumber: number;\n rpcCall: { contractId: string; nearRpcUrl: string; nearAccountId: string };\n }, RegistrationSummary> = {\n requestId,\n type: SecureConfirmationType.REGISTER_ACCOUNT,\n summary: {\n nearAccountId,\n deviceNumber,\n contractId: resolvedContractId,\n ...(title != null ? { title } : {}),\n ...(body != null ? { body } : {}),\n },\n payload: {\n nearAccountId,\n deviceNumber,\n rpcCall: {\n contractId: resolvedContractId,\n nearRpcUrl: resolvedNearRpcUrl,\n nearAccountId,\n },\n },\n confirmationConfig,\n intentDigest: `register:${nearAccountId}:${deviceNumber}`,\n };\n\n const decision = await runSecureConfirm(ctx, request);\n\n return parseAndValidateRegistrationCredentialConfirmationPayload({\n confirmed: decision.confirmed,\n requestId,\n intentDigest: decision.intentDigest \|\| '',\n credential: decision.credential,\n vrfChallenge: decision.vrfChallenge,\n transactionContext: decision.transactionContext,\n error: decision.error,\n });\n}\n"],"mappings":";;;;;;AAcA,eAAsB,0CAA0C,EAC9D,KACA,eACA,cACA,eACA,YACA,YACA,sBASqD;CAGrD,MAAM,qBAAqB,cAAcA,uDAAgC;CAEzE,MAAM,qBAAqB,cACrBA,uDAAgC,WAAW,MAAM,KAAK,MAAMA,uDAAgC;CAElG,MAAM,YAAa,OAAO,WAAW,eAAe,OAAO,OAAO,eAAe,aAC7E,OAAO,eACP,YAAY,KAAK,MAAM,GAAG,KAAK,SAAS,SAAS,IAAI,MAAM;CAE/D,MAAM,QAAQ,eAAe;CAC7B,MAAM,OAAO,eAAe;CAC5B,MAAMC,UAIoB;EACxB;EACA,MAAMC,qCAAuB;EAC7B,SAAS;GACP;GACA;GACA,YAAY;GACZ,GAAI,SAAS,OAAO,EAAE,UAAU;GAChC,GAAI,QAAQ,OAAO,EAAE,SAAS;;EAEhC,SAAS;GACP;GACA;GACA,SAAS;IACP,YAAY;IACZ,YAAY;IACZ;;;EAGJ;EACA,cAAc,YAAY,cAAc,GAAG;;CAG7C,MAAM,WAAW,MAAMC,6CAAiB,KAAK;AAE7C,QAAOC,6EAA0D;EAC/D,WAAW,SAAS;EACpB;EACA,cAAc,SAAS,gBAAgB;EACvC,YAAY,SAAS;EACrB,cAAc,SAAS;EACvB,oBAAoB,SAAS;EAC7B,OAAO,SAAS"}