npm - @tatchi-xyz/sdk - Versions diffs - 0.21.0 → 0.31.0 - Mend

@tatchi-xyz/sdk 0.21.0 → 0.31.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2488) hide show

package/dist/esm/sdk/IndexedDBManager-B1cUvdyY.js ADDED Viewed

@@ -0,0 +1,1351 @@
+import { toOptionalTrimmedString, validateNearAccountId } from "./validation-BTq6LGPp.js";
+import { DEFAULT_CONFIRMATION_CONFIG, DEFAULT_SIGNING_MODE, coerceSignerMode } from "./signer-worker-DK847sXj.js";
+import { toAccountId } from "./accountIds-DVDhXwVA.js";
+import { THRESHOLD_ED25519_CLIENT_PARTICIPANT_ID, THRESHOLD_ED25519_RELAYER_PARTICIPANT_ID } from "./defaultConfigs-BmCU1_qI.js";
+//#region ../node_modules/.pnpm/idb@8.0.3/node_modules/idb/build/index.js
+const instanceOfAny = (object, constructors) => constructors.some((c) => object instanceof c);
+let idbProxyableTypes;
+let cursorAdvanceMethods;
+function getIdbProxyableTypes() {
+	return idbProxyableTypes || (idbProxyableTypes = [
+		IDBDatabase,
+		IDBObjectStore,
+		IDBIndex,
+		IDBCursor,
+		IDBTransaction
+	]);
+}
+function getCursorAdvanceMethods() {
+	return cursorAdvanceMethods || (cursorAdvanceMethods = [
+		IDBCursor.prototype.advance,
+		IDBCursor.prototype.continue,
+		IDBCursor.prototype.continuePrimaryKey
+	]);
+}
+const transactionDoneMap = /* @__PURE__ */ new WeakMap();
+const transformCache = /* @__PURE__ */ new WeakMap();
+const reverseTransformCache = /* @__PURE__ */ new WeakMap();
+function promisifyRequest(request) {
+	const promise = new Promise((resolve, reject) => {
+		const unlisten = () => {
+			request.removeEventListener("success", success);
+			request.removeEventListener("error", error);
+		};
+		const success = () => {
+			resolve(wrap(request.result));
+			unlisten();
+		};
+		const error = () => {
+			reject(request.error);
+			unlisten();
+		};
+		request.addEventListener("success", success);
+		request.addEventListener("error", error);
+	});
+	reverseTransformCache.set(promise, request);
+	return promise;
+}
+function cacheDonePromiseForTransaction(tx) {
+	if (transactionDoneMap.has(tx)) return;
+	const done = new Promise((resolve, reject) => {
+		const unlisten = () => {
+			tx.removeEventListener("complete", complete);
+			tx.removeEventListener("error", error);
+			tx.removeEventListener("abort", error);
+		};
+		const complete = () => {
+			resolve();
+			unlisten();
+		};
+		const error = () => {
+			reject(tx.error || new DOMException("AbortError", "AbortError"));
+			unlisten();
+		};
+		tx.addEventListener("complete", complete);
+		tx.addEventListener("error", error);
+		tx.addEventListener("abort", error);
+	});
+	transactionDoneMap.set(tx, done);
+}
+let idbProxyTraps = {
+	get(target, prop, receiver) {
+		if (target instanceof IDBTransaction) {
+			if (prop === "done") return transactionDoneMap.get(target);
+			if (prop === "store") return receiver.objectStoreNames[1] ? void 0 : receiver.objectStore(receiver.objectStoreNames[0]);
+		}
+		return wrap(target[prop]);
+	},
+	set(target, prop, value) {
+		target[prop] = value;
+		return true;
+	},
+	has(target, prop) {
+		if (target instanceof IDBTransaction && (prop === "done" || prop === "store")) return true;
+		return prop in target;
+	}
+};
+function replaceTraps(callback) {
+	idbProxyTraps = callback(idbProxyTraps);
+}
+function wrapFunction(func) {
+	if (getCursorAdvanceMethods().includes(func)) return function(...args) {
+		func.apply(unwrap(this), args);
+		return wrap(this.request);
+	};
+	return function(...args) {
+		return wrap(func.apply(unwrap(this), args));
+	};
+}
+function transformCachableValue(value) {
+	if (typeof value === "function") return wrapFunction(value);
+	if (value instanceof IDBTransaction) cacheDonePromiseForTransaction(value);
+	if (instanceOfAny(value, getIdbProxyableTypes())) return new Proxy(value, idbProxyTraps);
+	return value;
+}
+function wrap(value) {
+	if (value instanceof IDBRequest) return promisifyRequest(value);
+	if (transformCache.has(value)) return transformCache.get(value);
+	const newValue = transformCachableValue(value);
+	if (newValue !== value) {
+		transformCache.set(value, newValue);
+		reverseTransformCache.set(newValue, value);
+	}
+	return newValue;
+}
+const unwrap = (value) => reverseTransformCache.get(value);
+/**
+* Open a database.
+*
+* @param name Name of the database.
+* @param version Schema version.
+* @param callbacks Additional callbacks.
+*/
+function openDB(name, version, { blocked, upgrade, blocking, terminated } = {}) {
+	const request = indexedDB.open(name, version);
+	const openPromise = wrap(request);
+	if (upgrade) request.addEventListener("upgradeneeded", (event) => {
+		upgrade(wrap(request.result), event.oldVersion, event.newVersion, wrap(request.transaction), event);
+	});
+	if (blocked) request.addEventListener("blocked", (event) => blocked(event.oldVersion, event.newVersion, event));
+	openPromise.then((db) => {
+		if (terminated) db.addEventListener("close", () => terminated());
+		if (blocking) db.addEventListener("versionchange", (event) => blocking(event.oldVersion, event.newVersion, event));
+	}).catch(() => {});
+	return openPromise;
+}
+const readMethods = [
+	"get",
+	"getKey",
+	"getAll",
+	"getAllKeys",
+	"count"
+];
+const writeMethods = [
+	"put",
+	"add",
+	"delete",
+	"clear"
+];
+const cachedMethods = /* @__PURE__ */ new Map();
+function getMethod(target, prop) {
+	if (!(target instanceof IDBDatabase && !(prop in target) && typeof prop === "string")) return;
+	if (cachedMethods.get(prop)) return cachedMethods.get(prop);
+	const targetFuncName = prop.replace(/FromIndex$/, "");
+	const useIndex = prop !== targetFuncName;
+	const isWrite = writeMethods.includes(targetFuncName);
+	if (!(targetFuncName in (useIndex ? IDBIndex : IDBObjectStore).prototype) || !(isWrite || readMethods.includes(targetFuncName))) return;
+	const method = async function(storeName, ...args) {
+		const tx = this.transaction(storeName, isWrite ? "readwrite" : "readonly");
+		let target$1 = tx.store;
+		if (useIndex) target$1 = target$1.index(args.shift());
+		return (await Promise.all([target$1[targetFuncName](...args), isWrite && tx.done]))[0];
+	};
+	cachedMethods.set(prop, method);
+	return method;
+}
+replaceTraps((oldTraps) => ({
+	...oldTraps,
+	get: (target, prop, receiver) => getMethod(target, prop) || oldTraps.get(target, prop, receiver),
+	has: (target, prop) => !!getMethod(target, prop) || oldTraps.has(target, prop)
+}));
+const advanceMethodProps = [
+	"continue",
+	"continuePrimaryKey",
+	"advance"
+];
+const methodMap = {};
+const advanceResults = /* @__PURE__ */ new WeakMap();
+const ittrProxiedCursorToOriginalProxy = /* @__PURE__ */ new WeakMap();
+const cursorIteratorTraps = { get(target, prop) {
+	if (!advanceMethodProps.includes(prop)) return target[prop];
+	let cachedFunc = methodMap[prop];
+	if (!cachedFunc) cachedFunc = methodMap[prop] = function(...args) {
+		advanceResults.set(this, ittrProxiedCursorToOriginalProxy.get(this)[prop](...args));
+	};
+	return cachedFunc;
+} };
+async function* iterate(...args) {
+	let cursor = this;
+	if (!(cursor instanceof IDBCursor)) cursor = await cursor.openCursor(...args);
+	if (!cursor) return;
+	cursor = cursor;
+	const proxiedCursor = new Proxy(cursor, cursorIteratorTraps);
+	ittrProxiedCursorToOriginalProxy.set(proxiedCursor, cursor);
+	reverseTransformCache.set(proxiedCursor, unwrap(cursor));
+	while (cursor) {
+		yield proxiedCursor;
+		cursor = await (advanceResults.get(proxiedCursor) || cursor.continue());
+		advanceResults.delete(proxiedCursor);
+	}
+}
+function isIteratorProp(target, prop) {
+	return prop === Symbol.asyncIterator && instanceOfAny(target, [
+		IDBIndex,
+		IDBObjectStore,
+		IDBCursor
+	]) || prop === "iterate" && instanceOfAny(target, [IDBIndex, IDBObjectStore]);
+}
+replaceTraps((oldTraps) => ({
+	...oldTraps,
+	get(target, prop, receiver) {
+		if (isIteratorProp(target, prop)) return iterate;
+		return oldTraps.get(target, prop, receiver);
+	},
+	has(target, prop) {
+		return isIteratorProp(target, prop) || oldTraps.has(target, prop);
+	}
+}));
+//#endregion
+//#region src/core/IndexedDBManager/passkeyClientDB.ts
+const DB_CONFIG$1 = {
+	dbName: "PasskeyClientDB",
+	dbVersion: 15,
+	userStore: "users",
+	appStateStore: "appState",
+	authenticatorStore: "authenticators",
+	derivedAddressStore: "derivedAddresses",
+	recoveryEmailStore: "recoveryEmails"
+};
+var PasskeyClientDBManager = class {
+	config;
+	db = null;
+	disabled = false;
+	eventListeners = /* @__PURE__ */ new Set();
+	constructor(config = DB_CONFIG$1) {
+		this.config = config;
+	}
+	getDbName() {
+		return this.config.dbName;
+	}
+	setDbName(dbName) {
+		const next = String(dbName || "").trim();
+		if (!next || next === this.config.dbName) return;
+		try {
+			this.db?.close?.();
+		} catch {}
+		this.db = null;
+		this.config = {
+			...this.config,
+			dbName: next
+		};
+	}
+	isDisabled() {
+		return this.disabled;
+	}
+	setDisabled(disabled) {
+		const next = !!disabled;
+		if (next === this.disabled) return;
+		this.disabled = next;
+		if (next) {
+			try {
+				this.db?.close?.();
+			} catch {}
+			this.db = null;
+		}
+	}
+	onChange(listener) {
+		this.eventListeners.add(listener);
+		return () => {
+			this.eventListeners.delete(listener);
+		};
+	}
+	emitEvent(event) {
+		this.eventListeners.forEach((listener) => {
+			try {
+				listener(event);
+			} catch (error) {
+				console.warn("[IndexedDBManager]: Error in event listener:", error);
+			}
+		});
+	}
+	async getDB() {
+		if (this.disabled) throw new Error("[PasskeyClientDBManager] IndexedDB is disabled in this environment.");
+		if (this.db) return this.db;
+		try {
+			this.db = await openDB(this.config.dbName, this.config.dbVersion, {
+				upgrade: (db, oldVersion, _newVersion, _transaction) => {
+					if (!db.objectStoreNames.contains(DB_CONFIG$1.userStore)) {
+						const userStore = db.createObjectStore(DB_CONFIG$1.userStore, { keyPath: ["nearAccountId", "deviceNumber"] });
+						userStore.createIndex("nearAccountId", "nearAccountId", { unique: false });
+					}
+					if (!db.objectStoreNames.contains(DB_CONFIG$1.appStateStore)) db.createObjectStore(DB_CONFIG$1.appStateStore, { keyPath: "key" });
+					if (!db.objectStoreNames.contains(DB_CONFIG$1.authenticatorStore)) {
+						const authStore = db.createObjectStore(DB_CONFIG$1.authenticatorStore, { keyPath: [
+							"nearAccountId",
+							"deviceNumber",
+							"credentialId"
+						] });
+						authStore.createIndex("nearAccountId", "nearAccountId", { unique: false });
+					}
+					if (!db.objectStoreNames.contains(DB_CONFIG$1.derivedAddressStore)) {
+						const dStore = db.createObjectStore(DB_CONFIG$1.derivedAddressStore, { keyPath: [
+							"nearAccountId",
+							"contractId",
+							"path"
+						] });
+						try {
+							dStore.createIndex("nearAccountId", "nearAccountId", { unique: false });
+						} catch {}
+					}
+					if (!db.objectStoreNames.contains(DB_CONFIG$1.recoveryEmailStore)) {
+						const rStore = db.createObjectStore(DB_CONFIG$1.recoveryEmailStore, { keyPath: ["nearAccountId", "hashHex"] });
+						try {
+							rStore.createIndex("nearAccountId", "nearAccountId", { unique: false });
+						} catch {}
+					}
+				},
+				blocked() {
+					console.warn("PasskeyClientDB connection is blocked.");
+				},
+				blocking() {
+					console.warn("PasskeyClientDB connection is blocking another connection.");
+				},
+				terminated: () => {
+					console.warn("PasskeyClientDB connection has been terminated.");
+					this.db = null;
+				}
+			});
+			try {
+				await this.runMigrationsIfNeeded(this.db);
+			} catch {}
+		} catch (err) {
+			const msg = String(err?.message || "");
+			if (err?.name === "VersionError" || /less than the existing version/i.test(msg)) try {
+				console.warn("PasskeyClientDB: opening existing DB without version due to VersionError");
+				this.db = await openDB(this.config.dbName);
+			} catch (e) {
+				throw err;
+			}
+			else throw err;
+		}
+		return this.db;
+	}
+	async runMigrationsIfNeeded(_db) {}
+	async getAppState(key) {
+		const db = await this.getDB();
+		const result = await db.get(DB_CONFIG$1.appStateStore, key);
+		return result?.value;
+	}
+	async setAppState(key, value) {
+		const db = await this.getDB();
+		const entry = {
+			key,
+			value
+		};
+		await db.put(DB_CONFIG$1.appStateStore, entry);
+	}
+	/**
+	* Validate that a NEAR account ID is in the expected format
+	* Supports both <username>.<relayerAccountId> and <username>.testnet formats
+	*/
+	validateNearAccountId(nearAccountId) {
+		return validateNearAccountId(nearAccountId);
+	}
+	/**
+	* Extract username from NEAR account ID
+	*/
+	extractUsername(nearAccountId) {
+		const validation = validateNearAccountId(nearAccountId);
+		if (!validation.valid) throw new Error(`Invalid NEAR account ID: ${validation.error}`);
+		return nearAccountId.split(".")[0];
+	}
+	/**
+	* Generate a NEAR account ID from a username and domain
+	* @param username - The username to use for the account ID
+	* @param domain - The domain to use for the account ID
+	* @returns The generated NEAR account ID
+	*/
+	generateNearAccountId(username, domain) {
+		const sanitizedName = username.toLowerCase().replace(/[^a-z0-9_\\-]/g, "").substring(0, 32);
+		return `${sanitizedName}.${domain}`;
+	}
+	async getUser(nearAccountId, deviceNumber) {
+		if (!nearAccountId) return null;
+		const validation = this.validateNearAccountId(nearAccountId);
+		if (!validation.valid) {
+			console.warn(`Invalid account ID format: ${nearAccountId}`);
+			return null;
+		}
+		const db = await this.getDB();
+		const accountId = toAccountId(nearAccountId);
+		if (typeof deviceNumber === "number") {
+			const rec = await db.get(DB_CONFIG$1.userStore, [accountId, deviceNumber]);
+			if (!rec) return null;
+			return await this.normalizeUserDeviceNumber(rec, deviceNumber);
+		}
+		const index = db.transaction(DB_CONFIG$1.userStore).store.index("nearAccountId");
+		const results = await index.getAll(accountId);
+		if (results.length === 0) return null;
+		if (results.length > 1) {
+			console.warn(`Multiple passkeys found for account ${accountId}, deviceNumber not provided; defaulting to last logged-in user.`);
+			console.log("defaulting to last used user deviceNumber");
+			const lastUserState = await this.getAppState("lastUserAccountId").catch(() => null);
+			if (lastUserState && toAccountId(lastUserState.accountId) === accountId) {
+				const keyed = await db.get(DB_CONFIG$1.userStore, [accountId, lastUserState.deviceNumber]);
+				if (keyed) return await this.normalizeUserDeviceNumber(keyed, lastUserState.deviceNumber);
+			}
+		}
+		const first = results[0];
+		if (!first) return null;
+		return await this.normalizeUserDeviceNumber(first, 1);
+	}
+	/**
+	* Get the current/last user
+	* This is maintained via app state and updated whenever a user is stored or updated
+	*/
+	async getLastUser() {
+		const lastUserState = await this.getAppState("lastUserAccountId");
+		if (!lastUserState) return null;
+		const db = await this.getDB();
+		const accountId = toAccountId(lastUserState.accountId);
+		const record = await db.get(DB_CONFIG$1.userStore, [accountId, lastUserState.deviceNumber]);
+		if (record) return record;
+		return this.getUser(accountId);
+	}
+	/** Get user record by composite key (nearAccountId, deviceNumber) */
+	async getUserByDevice(nearAccountId, deviceNumber) {
+		const db = await this.getDB();
+		const accountId = toAccountId(nearAccountId);
+		const rec = await db.get(DB_CONFIG$1.userStore, [accountId, deviceNumber]);
+		return rec || null;
+	}
+	/**
+	* Get the most recently updated user record for a given account.
+	* Useful when deviceNumber is unknown but we need the freshest key for the account.
+	*/
+	/**
+	* Get the most recently updated user record for a given account.
+	* Useful when deviceNumber is unknown but we need the freshest key for the account.
+	*/
+	async getLastDBUpdatedUser(nearAccountId) {
+		const db = await this.getDB();
+		try {
+			const idx = db.transaction(DB_CONFIG$1.userStore).store.index("nearAccountId");
+			const all = await idx.getAll(toAccountId(nearAccountId));
+			if (Array.isArray(all) && all.length > 0) {
+				const latest = all.reduce((a, b) => (a.lastUpdated ?? 0) >= (b.lastUpdated ?? 0) ? a : b);
+				return latest;
+			}
+		} catch {}
+		return null;
+	}
+	async hasPasskeyCredential(nearAccountId) {
+		const authenticators = await this.getAuthenticatorsByUser(nearAccountId);
+		return !!authenticators[0]?.credentialId;
+	}
+	/**
+	* Ensure the current passkey selection is aligned with the last logged-in device.
+	*
+	* - When multiple authenticators exist for an account and no deviceNumber is specified,
+	*   this helper prefers authenticators whose deviceNumber matches the last logged-in user.
+	* - Optionally validates that a selected credential (by rawId) also matches the last-user device.
+	*
+	* @param nearAccountId - Account ID for which the operation is being performed
+	* @param authenticators - All authenticators stored for the account
+	* @param selectedCredentialRawId - Optional rawId of the credential chosen by WebAuthn
+	* @returns filtered authenticators for allowCredentials, plus optional wrongPasskeyError
+	*/
+	async ensureCurrentPasskey(nearAccountId, authenticators, selectedCredentialRawId) {
+		if (authenticators.length <= 1) return { authenticatorsForPrompt: authenticators };
+		const accountIdNormalized = toAccountId(nearAccountId);
+		const lastUser = await this.getLastUser().catch(() => null);
+		if (!lastUser || lastUser.nearAccountId !== accountIdNormalized) return { authenticatorsForPrompt: authenticators };
+		const expectedDeviceNumber = lastUser.deviceNumber;
+		const byDeviceNumber = authenticators.filter((a) => a.deviceNumber === expectedDeviceNumber);
+		let expectedCredentialId = lastUser.passkeyCredential.rawId;
+		if (byDeviceNumber.length > 0 && !byDeviceNumber.some((a) => a.credentialId === expectedCredentialId)) expectedCredentialId = byDeviceNumber[0].credentialId;
+		const byCredentialId = authenticators.filter((a) => a.credentialId === expectedCredentialId);
+		const authenticatorsForPrompt = byCredentialId.length > 0 ? byCredentialId : byDeviceNumber.length > 0 ? byDeviceNumber : authenticators;
+		const wrongPasskeyError = selectedCredentialRawId && selectedCredentialRawId !== expectedCredentialId ? `You have multiple passkeys (deviceNumbers) for account ${accountIdNormalized}, but used a different passkey than the most recently logged-in one. Please use the passkey for the most recently logged-in device.` : void 0;
+		return {
+			authenticatorsForPrompt,
+			wrongPasskeyError
+		};
+	}
+	/**
+	* Register a new user with the given NEAR account ID
+	* @param nearAccountId - Full NEAR account ID (e.g., "username.testnet" or "username.relayer.testnet")
+	* @param additionalData - Additional user data to store
+	*/
+	async registerUser(storeUserData) {
+		const validation = this.validateNearAccountId(storeUserData.nearAccountId);
+		if (!validation.valid) throw new Error(`Cannot register user with invalid account ID: ${validation.error}`);
+		const now = Date.now();
+		const userData = {
+			nearAccountId: toAccountId(storeUserData.nearAccountId),
+			deviceNumber: storeUserData.deviceNumber || 1,
+			version: storeUserData.version || 2,
+			registeredAt: now,
+			lastLogin: now,
+			lastUpdated: now,
+			clientNearPublicKey: storeUserData.clientNearPublicKey,
+			passkeyCredential: storeUserData.passkeyCredential,
+			preferences: {
+				useRelayer: false,
+				useNetwork: "testnet",
+				confirmationConfig: DEFAULT_CONFIRMATION_CONFIG
+			},
+			encryptedVrfKeypair: storeUserData.encryptedVrfKeypair,
+			serverEncryptedVrfKeypair: storeUserData.serverEncryptedVrfKeypair
+		};
+		await this.storeUser(userData);
+		return userData;
+	}
+	async updateUser(nearAccountId, updates) {
+		const user = await this.getUser(nearAccountId);
+		if (user) {
+			const updatedUser = {
+				...user,
+				...updates,
+				lastUpdated: Date.now()
+			};
+			await this.storeUser(updatedUser);
+			this.emitEvent({
+				type: "user-updated",
+				accountId: nearAccountId,
+				data: {
+					updates,
+					updatedUser
+				}
+			});
+		}
+	}
+	async updateLastLogin(nearAccountId) {
+		await this.updateUser(nearAccountId, { lastLogin: Date.now() });
+	}
+	/**
+	* Set the last logged-in user
+	* @param nearAccountId - The account ID of the user
+	* @param deviceNumber - The device number (defaults to 1)
+	*/
+	async setLastUser(nearAccountId, deviceNumber = 1) {
+		const lastUserState = {
+			accountId: nearAccountId,
+			deviceNumber
+		};
+		await this.setAppState("lastUserAccountId", lastUserState);
+	}
+	async updatePreferences(nearAccountId, preferences) {
+		const user = await this.getUser(nearAccountId);
+		if (user) {
+			const updatedPreferences = {
+				...user.preferences,
+				...preferences
+			};
+			await this.updateUser(nearAccountId, { preferences: updatedPreferences });
+			this.emitEvent({
+				type: "preferences-updated",
+				accountId: nearAccountId,
+				data: { preferences: updatedPreferences }
+			});
+		}
+	}
+	async normalizeUserDeviceNumber(user, defaultDeviceNumber) {
+		const hasValidDevice = typeof user.deviceNumber === "number" && Number.isFinite(user.deviceNumber);
+		if (hasValidDevice) return user;
+		const deviceNumber = defaultDeviceNumber;
+		const fixed = {
+			...user,
+			deviceNumber
+		};
+		await this.storeUser(fixed);
+		return fixed;
+	}
+	async storeUser(userData) {
+		const validation = this.validateNearAccountId(userData.nearAccountId);
+		if (!validation.valid) throw new Error(`Cannot store user with invalid account ID: ${validation.error}`);
+		const db = await this.getDB();
+		await db.put(DB_CONFIG$1.userStore, userData);
+		const lastUserState = {
+			accountId: userData.nearAccountId,
+			deviceNumber: userData.deviceNumber
+		};
+		await this.setAppState("lastUserAccountId", lastUserState);
+	}
+	/**
+	* Store WebAuthn user data (compatibility with WebAuthnManager)
+	* @param userData - User data with nearAccountId as primary identifier
+	*/
+	async storeWebAuthnUserData(userData) {
+		const validation = this.validateNearAccountId(userData.nearAccountId);
+		if (!validation.valid) throw new Error(`Cannot store WebAuthn data for invalid account ID: ${validation.error}`);
+		const accountId = toAccountId(userData.nearAccountId);
+		const deviceNumber = userData.deviceNumber;
+		let user = await this.getUser(accountId, deviceNumber);
+		if (!user) user = await this.registerUser({
+			nearAccountId: accountId,
+			deviceNumber,
+			clientNearPublicKey: userData.clientNearPublicKey,
+			passkeyCredential: userData.passkeyCredential,
+			encryptedVrfKeypair: userData.encryptedVrfKeypair,
+			version: userData.version || 2,
+			serverEncryptedVrfKeypair: userData.serverEncryptedVrfKeypair
+		});
+		const updatedUser = {
+			...user,
+			clientNearPublicKey: userData.clientNearPublicKey,
+			passkeyCredential: userData.passkeyCredential,
+			encryptedVrfKeypair: userData.encryptedVrfKeypair,
+			serverEncryptedVrfKeypair: userData.serverEncryptedVrfKeypair ?? user.serverEncryptedVrfKeypair,
+			version: userData.version ?? user.version,
+			lastUpdated: userData.lastUpdated ?? Date.now()
+		};
+		await this.storeUser(updatedUser);
+		this.emitEvent({
+			type: "user-updated",
+			accountId,
+			data: { updatedUser }
+		});
+	}
+	async getAllUsers() {
+		const db = await this.getDB();
+		return db.getAll(DB_CONFIG$1.userStore);
+	}
+	async deleteUser(nearAccountId) {
+		const db = await this.getDB();
+		await db.delete(DB_CONFIG$1.userStore, nearAccountId);
+		await this.clearAuthenticatorsForUser(nearAccountId);
+	}
+	async clearAllUsers() {
+		const db = await this.getDB();
+		await db.clear(DB_CONFIG$1.userStore);
+	}
+	async clearAllAppState() {
+		const db = await this.getDB();
+		await db.clear(DB_CONFIG$1.appStateStore);
+	}
+	/**
+	* Store authenticator data for a user
+	*/
+	async storeAuthenticator(authenticatorData) {
+		const db = await this.getDB();
+		await db.put(DB_CONFIG$1.authenticatorStore, authenticatorData);
+	}
+	/**
+	* Get all authenticators for a user (optionally for a specific device)
+	*/
+	async getAuthenticatorsByUser(nearAccountId) {
+		const db = await this.getDB();
+		const tx = db.transaction(DB_CONFIG$1.authenticatorStore, "readonly");
+		const store = tx.objectStore(DB_CONFIG$1.authenticatorStore);
+		const accountId = toAccountId(nearAccountId);
+		const index = store.index("nearAccountId");
+		return await index.getAll(accountId);
+	}
+	/**
+	* Get a specific authenticator by credential ID
+	*/
+	async getAuthenticatorByCredentialId(nearAccountId, credentialId) {
+		const db = await this.getDB();
+		const tx = db.transaction(DB_CONFIG$1.authenticatorStore, "readonly");
+		const store = tx.objectStore(DB_CONFIG$1.authenticatorStore);
+		const accountId = toAccountId(nearAccountId);
+		const index = store.index("nearAccountId");
+		const all = await index.getAll(accountId);
+		const match = all.find((auth) => auth.credentialId === credentialId) || null;
+		return match;
+	}
+	/**
+	* Clear all authenticators for a user
+	*/
+	async clearAuthenticatorsForUser(nearAccountId) {
+		const authenticators = await this.getAuthenticatorsByUser(nearAccountId);
+		const db = await this.getDB();
+		const tx = db.transaction(DB_CONFIG$1.authenticatorStore, "readwrite");
+		const store = tx.objectStore(DB_CONFIG$1.authenticatorStore);
+		for (const auth of authenticators) await store.delete([
+			nearAccountId,
+			auth.deviceNumber,
+			auth.credentialId
+		]);
+	}
+	/**
+	* Sync authenticators from contract data
+	*/
+	async syncAuthenticatorsFromContract(nearAccountId, contractAuthenticators) {
+		await this.clearAuthenticatorsForUser(nearAccountId);
+		const syncedAt = (/* @__PURE__ */ new Date()).toISOString();
+		for (const auth of contractAuthenticators) {
+			const rawTransports = auth.transports || [];
+			const validTransports = rawTransports.filter((transport) => transport !== void 0 && transport !== null && typeof transport === "string");
+			const transports = validTransports.length > 0 ? validTransports : ["internal"];
+			const clientAuth = {
+				credentialId: auth.credentialId,
+				credentialPublicKey: auth.credentialPublicKey,
+				transports,
+				name: auth.name,
+				nearAccountId: toAccountId(nearAccountId),
+				deviceNumber: auth.deviceNumber || 1,
+				registered: auth.registered,
+				syncedAt,
+				vrfPublicKey: auth.vrfPublicKey
+			};
+			await this.storeAuthenticator(clientAuth);
+		}
+	}
+	/**
+	* Delete all authenticators for a user
+	*/
+	async deleteAllAuthenticatorsForUser(nearAccountId) {
+		const authenticators = await this.getAuthenticatorsByUser(nearAccountId);
+		if (authenticators.length === 0) {
+			console.warn(`No authenticators found for user ${nearAccountId}`);
+			return;
+		}
+		const db = await this.getDB();
+		const tx = db.transaction(DB_CONFIG$1.authenticatorStore, "readwrite");
+		const store = tx.objectStore(DB_CONFIG$1.authenticatorStore);
+		for (const auth of authenticators) await store.delete([
+			nearAccountId,
+			auth.deviceNumber,
+			auth.credentialId
+		]);
+		console.debug(`Deleted ${authenticators.length} authenticators for user ${nearAccountId}`);
+	}
+	/**
+	* Get user's confirmation config from IndexedDB
+	* @param nearAccountId - The user's account ID
+	* @returns ConfirmationConfig or undefined
+	*/
+	async getConfirmationConfig(nearAccountId) {
+		const user = await this.getUser(nearAccountId);
+		return user?.preferences?.confirmationConfig || DEFAULT_CONFIRMATION_CONFIG;
+	}
+	/**
+	* Get user's theme preference from IndexedDB
+	* @param nearAccountId - The user's account ID
+	* @returns 'dark' | 'light' | null
+	*/
+	async getTheme(nearAccountId) {
+		const user = await this.getUser(nearAccountId);
+		return user?.preferences?.confirmationConfig.theme || null;
+	}
+	/**
+	* Set user's theme preference in IndexedDB
+	* @param nearAccountId - The user's account ID
+	* @param theme - The theme to set ('dark' | 'light')
+	*/
+	async setTheme(nearAccountId, theme) {
+		const existingConfig = await this.getConfirmationConfig(nearAccountId);
+		const confirmationConfig = {
+			...existingConfig,
+			theme
+		};
+		await this.updatePreferences(nearAccountId, { confirmationConfig });
+	}
+	/**
+	* Get user's theme with fallback to 'dark'
+	* @param nearAccountId - The user's account ID
+	* @returns 'dark' | 'light'
+	*/
+	async getThemeOrDefault(nearAccountId) {
+		const theme = await this.getTheme(nearAccountId);
+		return theme || "dark";
+	}
+	/**
+	* Get user's signer mode preference from IndexedDB
+	*/
+	async getSignerMode(nearAccountId) {
+		const user = await this.getUser(nearAccountId);
+		const raw = user?.preferences?.signerMode;
+		return coerceSignerMode(raw, DEFAULT_SIGNING_MODE);
+	}
+	/**
+	* Set user's signer mode preference in IndexedDB
+	*/
+	async setSignerMode(nearAccountId, signerMode) {
+		const next = coerceSignerMode(signerMode, DEFAULT_SIGNING_MODE);
+		await this.updatePreferences(nearAccountId, { signerMode: next });
+	}
+	/**
+	* Toggle between dark and light theme for a user
+	* @param nearAccountId - The user's account ID
+	* @returns The new theme that was set
+	*/
+	async toggleTheme(nearAccountId) {
+		const currentTheme = await this.getThemeOrDefault(nearAccountId);
+		const newTheme = currentTheme === "dark" ? "light" : "dark";
+		await this.setTheme(nearAccountId, newTheme);
+		return newTheme;
+	}
+	/**
+	* Store a derived address for a given NEAR account + contract + path
+	*/
+	async setDerivedAddress(nearAccountId, args) {
+		if (!nearAccountId || !args?.contractId || !args?.path || !args?.address) return;
+		const validation = this.validateNearAccountId(nearAccountId);
+		if (!validation.valid) return;
+		const rec = {
+			nearAccountId: toAccountId(nearAccountId),
+			contractId: String(args.contractId),
+			path: String(args.path),
+			address: String(args.address),
+			updatedAt: Date.now()
+		};
+		const db = await this.getDB();
+		await db.put(DB_CONFIG$1.derivedAddressStore, rec);
+	}
+	/**
+	* Fetch a derived address record; returns null if not found
+	*/
+	async getDerivedAddressRecord(nearAccountId, args) {
+		if (!nearAccountId || !args?.contractId || !args?.path) return null;
+		const db = await this.getDB();
+		const rec = await db.get(DB_CONFIG$1.derivedAddressStore, [
+			toAccountId(nearAccountId),
+			String(args.contractId),
+			String(args.path)
+		]);
+		return rec || null;
+	}
+	/**
+	* Get only the derived address string; returns null if not set
+	*/
+	async getDerivedAddress(nearAccountId, args) {
+		const rec = await this.getDerivedAddressRecord(nearAccountId, args);
+		return rec?.address || null;
+	}
+	/**
+	* Upsert recovery email records for an account.
+	* Merges by hashHex, preferring the most recent email.
+	*/
+	async upsertRecoveryEmails(nearAccountId, entries) {
+		if (!nearAccountId || !entries?.length) return;
+		const validation = this.validateNearAccountId(nearAccountId);
+		if (!validation.valid) return;
+		const db = await this.getDB();
+		const accountId = toAccountId(nearAccountId);
+		const now = Date.now();
+		for (const entry of entries) {
+			const hashHex = String(entry?.hashHex || "").trim();
+			const email = String(entry?.email || "").trim();
+			if (!hashHex || !email) continue;
+			const rec = {
+				nearAccountId: accountId,
+				hashHex,
+				email,
+				addedAt: now
+			};
+			await db.put(DB_CONFIG$1.recoveryEmailStore, rec);
+		}
+	}
+	/**
+	* Fetch all recovery email records for an account.
+	*/
+	async getRecoveryEmails(nearAccountId) {
+		if (!nearAccountId) return [];
+		const db = await this.getDB();
+		const accountId = toAccountId(nearAccountId);
+		const tx = db.transaction(DB_CONFIG$1.recoveryEmailStore, "readonly");
+		const store = tx.objectStore(DB_CONFIG$1.recoveryEmailStore);
+		const index = store.index("nearAccountId");
+		const result = await index.getAll(accountId);
+		return result || [];
+	}
+	/**
+	* Atomic operation wrapper for multiple IndexedDB operations
+	* Either all operations succeed or all are rolled back
+	*/
+	async atomicOperation(operation) {
+		const db = await this.getDB();
+		try {
+			const result = await operation(db);
+			return result;
+		} catch (error) {
+			console.error("Atomic operation failed:", error);
+			throw error;
+		}
+	}
+	/**
+	* Complete rollback of user registration data
+	* Deletes user, authenticators, and WebAuthn data atomically
+	*/
+	async rollbackUserRegistration(nearAccountId) {
+		console.debug(`Rolling back registration data for ${nearAccountId}`);
+		await this.atomicOperation(async (db) => {
+			await this.deleteAllAuthenticatorsForUser(nearAccountId);
+			await db.delete(DB_CONFIG$1.userStore, nearAccountId);
+			const lastUserAccount = await this.getAppState("lastUserAccountId");
+			if (lastUserAccount === nearAccountId) await this.setAppState("lastUserAccountId", null);
+			console.debug(`Rolled back all registration data for ${nearAccountId}`);
+			return true;
+		});
+	}
+};
+//#endregion
+//#region src/threshold/participants.ts
+function normalizeThresholdEd25519ParticipantId(id) {
+	const n = Number(id);
+	if (!Number.isSafeInteger(n) || n < 1 || n > 65535) return null;
+	return n;
+}
+function normalizeThresholdEd25519ParticipantIds(input) {
+	if (!Array.isArray(input) || input.length === 0) return null;
+	const out = [];
+	const seen = /* @__PURE__ */ new Set();
+	for (const v of input) {
+		const id = normalizeThresholdEd25519ParticipantId(v);
+		if (!id) return null;
+		if (!seen.has(id)) {
+			seen.add(id);
+			out.push(id);
+		}
+	}
+	out.sort((a, b) => a - b);
+	return out.length ? out : null;
+}
+function parseThresholdEd25519ParticipantsV1(input) {
+	if (!Array.isArray(input) || input.length === 0) return null;
+	const out = [];
+	for (const item of input) {
+		if (!item || typeof item !== "object" || Array.isArray(item)) return null;
+		const rec = item;
+		const id = normalizeThresholdEd25519ParticipantId(rec.id);
+		const role = toOptionalTrimmedString(rec.role);
+		if (!id || role !== "client" && role !== "relayer") return null;
+		const participant = {
+			id,
+			role
+		};
+		const relayerUrl = toOptionalTrimmedString(rec.relayerUrl);
+		if (relayerUrl) participant.relayerUrl = relayerUrl;
+		const relayerKeyId = toOptionalTrimmedString(rec.relayerKeyId);
+		if (relayerKeyId) participant.relayerKeyId = relayerKeyId;
+		const verifyingShareB64u = toOptionalTrimmedString(rec.verifyingShareB64u);
+		if (verifyingShareB64u) participant.verifyingShareB64u = verifyingShareB64u;
+		const shareDerivation = toOptionalTrimmedString(rec.shareDerivation);
+		if (shareDerivation === "prf_first_v1" || shareDerivation === "derived_master_secret_v1" || shareDerivation === "kv_random_v1" || shareDerivation === "unknown") participant.shareDerivation = shareDerivation;
+		out.push(participant);
+	}
+	return out.length ? out : null;
+}
+function buildThresholdEd25519Participants2pV1(input) {
+	const relayerKeyId = toOptionalTrimmedString(input.relayerKeyId);
+	const relayerUrl = toOptionalTrimmedString(input.relayerUrl);
+	const clientVerifyingShareB64u = toOptionalTrimmedString(input.clientVerifyingShareB64u);
+	const relayerVerifyingShareB64u = toOptionalTrimmedString(input.relayerVerifyingShareB64u);
+	const clientParticipantId = normalizeThresholdEd25519ParticipantId(input.clientParticipantId) ?? THRESHOLD_ED25519_CLIENT_PARTICIPANT_ID;
+	const relayerParticipantId = normalizeThresholdEd25519ParticipantId(input.relayerParticipantId) ?? THRESHOLD_ED25519_RELAYER_PARTICIPANT_ID;
+	const client = {
+		id: clientParticipantId,
+		role: "client",
+		...clientVerifyingShareB64u ? { verifyingShareB64u: clientVerifyingShareB64u } : {},
+		shareDerivation: input.clientShareDerivation || "prf_first_v1"
+	};
+	const relayer = {
+		id: relayerParticipantId,
+		role: "relayer",
+		...relayerUrl ? { relayerUrl } : {},
+		...relayerKeyId ? { relayerKeyId } : {},
+		...relayerVerifyingShareB64u ? { verifyingShareB64u: relayerVerifyingShareB64u } : {},
+		...input.relayerShareDerivation ? { shareDerivation: input.relayerShareDerivation } : {}
+	};
+	return [client, relayer];
+}
+//#endregion
+//#region src/core/IndexedDBManager/passkeyNearKeysDB.ts
+const DB_CONFIG = {
+	dbName: "PasskeyNearKeys",
+	dbVersion: 4,
+	storeName: "keyMaterial",
+	keyPath: [
+		"nearAccountId",
+		"deviceNumber",
+		"kind"
+	]
+};
+var PasskeyNearKeysDBManager = class {
+	config;
+	db = null;
+	disabled = false;
+	constructor(config = DB_CONFIG) {
+		this.config = config;
+	}
+	getDbName() {
+		return this.config.dbName;
+	}
+	setDbName(dbName) {
+		const next = String(dbName || "").trim();
+		if (!next || next === this.config.dbName) return;
+		try {
+			this.db?.close?.();
+		} catch {}
+		this.db = null;
+		this.config = {
+			...this.config,
+			dbName: next
+		};
+	}
+	isDisabled() {
+		return this.disabled;
+	}
+	setDisabled(disabled) {
+		const next = !!disabled;
+		if (next === this.disabled) return;
+		this.disabled = next;
+		if (next) {
+			try {
+				this.db?.close?.();
+			} catch {}
+			this.db = null;
+		}
+	}
+	/**
+	* Get database connection, initializing if necessary
+	*/
+	async getDB() {
+		if (this.disabled) throw new Error("[PasskeyNearKeysDBManager] IndexedDB is disabled in this environment.");
+		if (this.db) return this.db;
+		this.db = await openDB(this.config.dbName, this.config.dbVersion, {
+			upgrade(db) {
+				for (const name of ["encryptedKeys", DB_CONFIG.storeName]) try {
+					if (db.objectStoreNames.contains(name)) db.deleteObjectStore(name);
+				} catch {}
+				const store = db.createObjectStore(DB_CONFIG.storeName, { keyPath: DB_CONFIG.keyPath });
+				try {
+					store.createIndex("nearAccountId", "nearAccountId", { unique: false });
+				} catch {}
+				try {
+					store.createIndex("publicKey", "publicKey", { unique: false });
+				} catch {}
+				try {
+					store.createIndex("kind", "kind", { unique: false });
+				} catch {}
+			},
+			blocked() {
+				console.warn("PasskeyNearKeysDB connection is blocked.");
+			},
+			blocking() {
+				console.warn("PasskeyNearKeysDB connection is blocking another connection.");
+			},
+			terminated: () => {
+				console.warn("PasskeyNearKeysDB connection has been terminated.");
+				this.db = null;
+			}
+		});
+		return this.db;
+	}
+	/**
+	* Store encrypted key data
+	*/
+	async storeKeyMaterial(data) {
+		const db = await this.getDB();
+		if (!data.wrapKeySalt) throw new Error("PasskeyNearKeysDB: Missing wrapKeySalt");
+		if (!data.publicKey) throw new Error("PasskeyNearKeysDB: Missing publicKey");
+		if (data.kind === "local_near_sk_v3") {
+			if (!data.encryptedSk) throw new Error("PasskeyNearKeysDB: Missing encryptedSk for local_near_sk_v3");
+			if (!data.chacha20NonceB64u) throw new Error("PasskeyNearKeysDB: Missing chacha20NonceB64u for local_near_sk_v3");
+		} else if (data.kind === "threshold_ed25519_2p_v1") {
+			if (!data.relayerKeyId) throw new Error("PasskeyNearKeysDB: Missing relayerKeyId for threshold_ed25519_2p_v1");
+			if (!data.clientShareDerivation) throw new Error("PasskeyNearKeysDB: Missing clientShareDerivation for threshold_ed25519_2p_v1");
+			const parsed = parseThresholdEd25519ParticipantsV1(data.participants);
+			data.participants = parsed || buildThresholdEd25519Participants2pV1({
+				relayerKeyId: data.relayerKeyId,
+				clientShareDerivation: data.clientShareDerivation
+			});
+		}
+		await db.put(this.config.storeName, data);
+	}
+	/**
+	* Retrieve encrypted key data
+	*/
+	async getKeyMaterial(nearAccountId, deviceNumber, kind) {
+		const db = await this.getDB();
+		if (!kind) throw new Error("PasskeyNearKeysDB: kind is required (no fallback lookup is allowed)");
+		const sanitize = (rec) => {
+			const kind$1 = rec?.kind;
+			if (!rec?.nearAccountId || typeof rec?.deviceNumber !== "number") return null;
+			if (!kind$1) return null;
+			if (!rec?.publicKey || !rec?.wrapKeySalt || typeof rec?.timestamp !== "number") return null;
+			if (kind$1 === "local_near_sk_v3") {
+				if (!rec?.encryptedSk || !rec?.chacha20NonceB64u) return null;
+				return {
+					nearAccountId: rec.nearAccountId,
+					deviceNumber: rec.deviceNumber,
+					kind: kind$1,
+					publicKey: rec.publicKey,
+					wrapKeySalt: rec.wrapKeySalt,
+					encryptedSk: rec.encryptedSk,
+					chacha20NonceB64u: rec.chacha20NonceB64u,
+					timestamp: rec.timestamp
+				};
+			}
+			if (kind$1 === "threshold_ed25519_2p_v1") {
+				if (!rec?.relayerKeyId || !rec?.clientShareDerivation) return null;
+				const participants = parseThresholdEd25519ParticipantsV1(rec.participants) || buildThresholdEd25519Participants2pV1({
+					relayerKeyId: rec.relayerKeyId,
+					clientShareDerivation: rec.clientShareDerivation
+				});
+				return {
+					nearAccountId: rec.nearAccountId,
+					deviceNumber: rec.deviceNumber,
+					kind: kind$1,
+					publicKey: rec.publicKey,
+					wrapKeySalt: rec.wrapKeySalt,
+					relayerKeyId: rec.relayerKeyId,
+					clientShareDerivation: rec.clientShareDerivation,
+					participants,
+					timestamp: rec.timestamp
+				};
+			}
+			return null;
+		};
+		const res = await db.get(this.config.storeName, [
+			nearAccountId,
+			deviceNumber,
+			kind
+		]);
+		return sanitize(res);
+	}
+	async getLocalKeyMaterial(nearAccountId, deviceNumber) {
+		const rec = await this.getKeyMaterial(nearAccountId, deviceNumber, "local_near_sk_v3");
+		return rec?.kind === "local_near_sk_v3" ? rec : null;
+	}
+	async getThresholdKeyMaterial(nearAccountId, deviceNumber) {
+		const rec = await this.getKeyMaterial(nearAccountId, deviceNumber, "threshold_ed25519_2p_v1");
+		return rec?.kind === "threshold_ed25519_2p_v1" ? rec : null;
+	}
+	/**
+	* Verify key storage by attempting retrieval
+	*/
+	async verifyKeyStorage(nearAccountId, deviceNumber, kind) {
+		const retrievedKey = await this.getKeyMaterial(nearAccountId, deviceNumber, kind);
+		return !!retrievedKey;
+	}
+	/**
+	* Delete encrypted key data for a specific account
+	*/
+	async deleteKeyMaterial(nearAccountId, deviceNumber, kind) {
+		const db = await this.getDB();
+		if (typeof deviceNumber === "number" && kind) await db.delete(this.config.storeName, [
+			nearAccountId,
+			deviceNumber,
+			kind
+		]);
+		else if (typeof deviceNumber === "number") {
+			const tx = db.transaction(this.config.storeName, "readwrite");
+			const idx = tx.store.index("nearAccountId");
+			let cursor = await idx.openCursor(IDBKeyRange.only(nearAccountId));
+			while (cursor) {
+				const value = cursor.value;
+				if (value?.deviceNumber === deviceNumber) await tx.store.delete(cursor.primaryKey);
+				cursor = await cursor.continue();
+			}
+			await tx.done;
+		} else {
+			const tx = db.transaction(this.config.storeName, "readwrite");
+			const idx = tx.store.index("nearAccountId");
+			let cursor = await idx.openCursor(IDBKeyRange.only(nearAccountId));
+			while (cursor) {
+				await tx.store.delete(cursor.primaryKey);
+				cursor = await cursor.continue();
+			}
+			await tx.done;
+		}
+		console.debug("PasskeyNearKeysDB: deleteKeyMaterial - Successfully deleted");
+	}
+	/**
+	* Get all encrypted keys (for migration or debugging purposes)
+	*/
+	async getAllKeyMaterial() {
+		const db = await this.getDB();
+		const all = await db.getAll(this.config.storeName);
+		return all.map((rec) => {
+			const kind = rec?.kind;
+			if (!kind) return null;
+			if (kind === "local_near_sk_v3") {
+				if (!rec?.encryptedSk || !rec?.chacha20NonceB64u) return null;
+				return {
+					nearAccountId: rec.nearAccountId,
+					deviceNumber: rec.deviceNumber,
+					kind,
+					publicKey: rec.publicKey,
+					wrapKeySalt: rec.wrapKeySalt,
+					encryptedSk: rec.encryptedSk,
+					chacha20NonceB64u: rec.chacha20NonceB64u,
+					timestamp: rec.timestamp
+				};
+			}
+			if (kind === "threshold_ed25519_2p_v1") {
+				if (!rec?.relayerKeyId || !rec?.clientShareDerivation) return null;
+				const participants = parseThresholdEd25519ParticipantsV1(rec.participants) || buildThresholdEd25519Participants2pV1({
+					relayerKeyId: rec.relayerKeyId,
+					clientShareDerivation: rec.clientShareDerivation
+				});
+				return {
+					nearAccountId: rec.nearAccountId,
+					deviceNumber: rec.deviceNumber,
+					kind,
+					publicKey: rec.publicKey,
+					wrapKeySalt: rec.wrapKeySalt,
+					relayerKeyId: rec.relayerKeyId,
+					clientShareDerivation: rec.clientShareDerivation,
+					participants,
+					timestamp: rec.timestamp
+				};
+			}
+			return null;
+		}).filter((rec) => rec !== null);
+	}
+	/**
+	* Check if a key exists for the given account
+	*/
+	async hasKeyMaterial(nearAccountId, deviceNumber, kind) {
+		const keyData = await this.getKeyMaterial(nearAccountId, deviceNumber, kind);
+		return !!keyData;
+	}
+};
+//#endregion
+//#region src/core/IndexedDBManager/index.ts
+const passkeyClientDB = new PasskeyClientDBManager();
+const passkeyNearKeysDB = new PasskeyNearKeysDBManager();
+const DB_CONFIG_BY_MODE = {
+	legacy: {
+		clientDbName: "PasskeyClientDB",
+		nearKeysDbName: "PasskeyNearKeys",
+		disabled: false
+	},
+	wallet: {
+		clientDbName: "PasskeyClientDB",
+		nearKeysDbName: "PasskeyNearKeys",
+		disabled: false
+	},
+	disabled: {
+		clientDbName: "PasskeyClientDB",
+		nearKeysDbName: "PasskeyNearKeys",
+		disabled: true
+	}
+};
+let configured = null;
+/**
+* Configure IndexedDB database names for the current runtime.
+*
+* Call this once, early (before any IndexedDB access).
+* - Wallet iframe host should use `mode: 'wallet'`.
+* - App origin should use `mode: 'disabled'` when wallet-iframe mode is enabled.
+* - Non-iframe apps should use `mode: 'legacy'`.
+*/
+function configureIndexedDB(args) {
+	const mode = args?.mode;
+	const next = DB_CONFIG_BY_MODE[mode];
+	if (!next) throw new Error(`[IndexedDBManager] Unknown IndexedDBMode: ${String(mode)}`);
+	if (configured) {
+		const isSame = configured.clientDbName === next.clientDbName && configured.nearKeysDbName === next.nearKeysDbName && configured.disabled === next.disabled;
+		if (!isSame) console.warn("[IndexedDBManager] configureIndexedDB called multiple times; ignoring subsequent configuration", {
+			configured,
+			requested: next
+		});
+		return {
+			clientDbName: configured.clientDbName,
+			nearKeysDbName: configured.nearKeysDbName
+		};
+	}
+	configured = {
+		mode,
+		...next
+	};
+	passkeyClientDB.setDbName(next.clientDbName);
+	passkeyNearKeysDB.setDbName(next.nearKeysDbName);
+	passkeyClientDB.setDisabled(next.disabled);
+	passkeyNearKeysDB.setDisabled(next.disabled);
+	return {
+		clientDbName: configured.clientDbName,
+		nearKeysDbName: configured.nearKeysDbName
+	};
+}
+/**
+* Unified IndexedDB interface providing access to both databases
+* This allows centralized access while maintaining separation of concerns
+*/
+var UnifiedIndexedDBManager = class {
+	clientDB;
+	nearKeysDB;
+	_initialized = false;
+	constructor() {
+		this.clientDB = passkeyClientDB;
+		this.nearKeysDB = passkeyNearKeysDB;
+	}
+	/**
+	* Initialize both databases proactively
+	* This ensures both databases are created and ready for use
+	*/
+	async initialize() {
+		if (this._initialized) return;
+		try {
+			if (this.clientDB.isDisabled() || this.nearKeysDB.isDisabled()) {
+				this._initialized = true;
+				return;
+			}
+			await Promise.all([this.clientDB.getAppState("_init_check"), this.nearKeysDB.hasKeyMaterial("_init_check", 1, "local_near_sk_v3")]);
+			this._initialized = true;
+		} catch (error) {
+			console.warn("Failed to initialize IndexedDB databases:", error);
+		}
+	}
+	/**
+	* Check if databases have been initialized
+	*/
+	get isInitialized() {
+		return this._initialized;
+	}
+	/**
+	* Get user data and check if they have encrypted NEAR keys
+	*/
+	async getUserWithKeys(nearAccountId) {
+		const last = await this.clientDB.getLastUser();
+		const userData = last && last.nearAccountId === nearAccountId ? last : await this.clientDB.getUserByDevice(nearAccountId, 1);
+		const deviceNumber = last && last.nearAccountId === nearAccountId ? last.deviceNumber : userData?.deviceNumber;
+		const [local, threshold] = await Promise.all([this.nearKeysDB.getLocalKeyMaterial(nearAccountId, deviceNumber), this.nearKeysDB.getThresholdKeyMaterial(nearAccountId, deviceNumber)]);
+		const keyData = local ?? threshold;
+		const hasKeys = !!keyData;
+		return {
+			userData,
+			hasKeys,
+			keyMaterial: hasKeys ? keyData : void 0
+		};
+	}
+	async setDerivedAddress(nearAccountId, args) {
+		return this.clientDB.setDerivedAddress(nearAccountId, args);
+	}
+	async getDerivedAddressRecord(nearAccountId, args) {
+		return this.clientDB.getDerivedAddressRecord(nearAccountId, args);
+	}
+	async getDerivedAddress(nearAccountId, args) {
+		return this.clientDB.getDerivedAddress(nearAccountId, args);
+	}
+	async upsertRecoveryEmails(nearAccountId, entries) {
+		return this.clientDB.upsertRecoveryEmails(nearAccountId, entries);
+	}
+	async getRecoveryEmails(nearAccountId) {
+		return this.clientDB.getRecoveryEmails(nearAccountId);
+	}
+};
+const IndexedDBManager = new UnifiedIndexedDBManager();
+//#endregion
+export { IndexedDBManager, buildThresholdEd25519Participants2pV1, configureIndexedDB, normalizeThresholdEd25519ParticipantIds };