@tatchi-xyz/sdk 0.21.0 → 0.31.0

package/dist/esm/server/sdk/src/core/NearClient.js.map

@@ -1 +1 @@
-{"version":3,"file":"NearClient.js","names":["txPayload: EncodableSignedTx","lastError: unknown","err: unknown","params: Record<string, unknown>","fullAccessKeys: FullAccessKey[]","functionCallAccessKeys: FunctionCallAccessKey[]"],"sources":["../../../../../../src/core/NearClient.ts"],"sourcesContent":["/**\n * Minimal NEAR RPC client that replaces @near-js/providers\n * Only includes the methods actually used by TatchiPasskey\n *\n * If needed, we can just wrap @near-js if we require more complex\n * functionality and type definitions\n */\n\nimport type {\n  FinalExecutionOutcome,\n  QueryResponseKind,\n  TxExecutionStatus,\n  AccessKeyView,\n  AccessKeyInfoView,\n  AccessKeyList,\n  FunctionCallPermissionView,\n  AccountView,\n  BlockResult,\n  BlockReference,\n  RpcQueryRequest,\n  FinalityReference,\n} from \"@near-js/types\";\nimport { base64Encode, base64Decode } from \"../utils\";\nimport { errorMessage } from \"../utils/errors\";\nimport { NearRpcError } from \"./NearRpcError\";\nimport { DEFAULT_WAIT_STATUS, RpcResponse } from \"./types/rpc\";\nimport { isFunction } from './WalletIframe/validation';\nimport {\n  WasmTransaction,\n  WasmSignature,\n} from \"../wasm_signer_worker/pkg/wasm_signer_worker.js\";\n\n// re-export near-js types\nexport type { AccessKeyList } from \"@near-js/types\";\n\nexport interface ViewAccountParams {\n  account: string;\n  block_id?: string;\n}\n\nexport type FullAccessKey = Omit<AccessKeyInfoView, 'access_key'>\n  & { access_key: Omit<AccessKeyView, 'permission'> & { permission: 'FullAccess' } }\n\nexport type FunctionCallAccessKey = Omit<AccessKeyInfoView, 'access_key'>\n  & { access_key: Omit<AccessKeyView, 'permission'> & { permission: FunctionCallPermissionView } }\n\nexport interface ContractResult<T> extends QueryResponseKind {\n  result?: T | string | number;\n  logs: string[];\n}\n\nexport enum RpcCallType {\n  Query = \"query\",\n  View = \"view\",\n  Send = \"send_tx\",\n  Block = \"block\",\n  Call = \"call_function\",\n}\n\nexport class SignedTransaction {\n  transaction: WasmTransaction;\n  signature: WasmSignature;\n  borsh_bytes: number[];\n\n  constructor(data: {\n    transaction: WasmTransaction;\n    signature: WasmSignature;\n    borsh_bytes: number[]\n  }) {\n    this.transaction = data.transaction;\n    this.signature = data.signature;\n    this.borsh_bytes = data.borsh_bytes;\n  }\n\n  static fromPlain(input: { transaction: unknown; signature: unknown; borsh_bytes: number[] }): SignedTransaction {\n    return new SignedTransaction({\n      transaction: input.transaction as WasmTransaction,\n      signature: input.signature as WasmSignature,\n      borsh_bytes: input.borsh_bytes,\n    });\n  }\n\n  encode(): ArrayBuffer {\n    // If borsh_bytes are already available, use them\n    return (new Uint8Array(this.borsh_bytes)).buffer;\n  }\n\n  base64Encode(): string {\n    return base64Encode(this.encode());\n  }\n\n  static decode(bytes: Uint8Array): SignedTransaction {\n    // This would need borsh deserialization\n    throw new Error('SignedTransaction.decode(): borsh deserialization not implemented');\n  }\n}\n\n/**\n * Serialize a signed transaction-like object to base64.\n * Accepts either our SignedTransaction instance or a plain object\n * with borsh bytes (borsh_bytes | borshBytes) from cross-origin RPC.\n *\n * Implementation notes / pitfalls:\n * - We always bind `this` correctly when calling .base64Encode() / .encode()\n *   so methods defined on SignedTransaction can safely call this.encode().\n * - The underlying base64Encode() helper is implemented to avoid spreading large\n *   Uint8Arrays into String.fromCharCode(...), which can overflow the JS call\n *   stack for big WASM binaries or large transactions.\n * - As a fallback, we accept raw borsh bytes in multiple shapes to keep the\n *   serializer resilient to different runtimes (plain objects, typed arrays, etc.).\n */\nexport type EncodableSignedTx =\n  | SignedTransaction\n  | {\n      // Borsh bytes in various shapes from different runtimes\n      borsh_bytes?: unknown;\n      borshBytes?: unknown;\n      // Optional helper methods from some callers\n      encode?: () => ArrayBuffer;\n      base64Encode?: () => string;\n    };\n\nexport function toArrayBufferFromUnknownBytes(\n  bytes: unknown\n): ArrayBuffer | SharedArrayBuffer | null {\n  if (!bytes) return null;\n\n  // Plain number[]\n  if (Array.isArray(bytes)) {\n    return new Uint8Array(bytes as number[]).buffer;\n  }\n\n  // Typed arrays / DataView\n  if (ArrayBuffer.isView(bytes)) {\n    const view = bytes as ArrayBufferView;\n    return view.buffer.slice(view.byteOffset, view.byteOffset + view.byteLength);\n  }\n\n  // Raw ArrayBuffer\n  if (bytes instanceof ArrayBuffer) {\n    return bytes;\n  }\n\n  return null;\n}\n\nexport function encodeSignedTransactionBase64(signed: EncodableSignedTx): string {\n  // Some call sites wrap the actual SignedTransaction in a { signedTransaction } envelope.\n  // Normalize that here so the rest of the function always works with a concrete tx-like object.\n  const maybeSigned = (signed as any)?.signedTransaction;\n  const txPayload: EncodableSignedTx =\n    maybeSigned && typeof maybeSigned === 'object'\n      ? (maybeSigned as EncodableSignedTx)\n      : signed;\n\n  // 1) If the payload exposes a .base64Encode() helper (our SignedTransaction class),\n  //    use it directly. Bind `this` so the method can safely call this.encode().\n  const maybeBase64 = (txPayload as { base64Encode?: unknown }).base64Encode;\n  if (isFunction(maybeBase64)) {\n    return (maybeBase64 as () => string).call(txPayload);\n  }\n\n  // 2) Otherwise, fall back to a generic encode() → ArrayBuffer method if present.\n  const maybeEncode = (txPayload as { encode?: unknown }).encode;\n  if (isFunction(maybeEncode)) {\n    const buf = (maybeEncode as () => ArrayBuffer).call(txPayload);\n    return base64Encode(buf);\n  }\n\n  // 3) Finally, accept raw borsh bytes in multiple shapes / field names.\n  //    This keeps the serializer resilient across runtimes that may not\n  //    hydrate SignedTransaction instances but still provide borsh_bytes/Bytes.\n  const snakeBuf = toArrayBufferFromUnknownBytes(\n    (txPayload as { borsh_bytes?: unknown }).borsh_bytes\n  );\n  if (snakeBuf) {\n    return base64Encode(snakeBuf);\n  }\n\n  const camelBuf = toArrayBufferFromUnknownBytes(\n    (txPayload as { borshBytes?: unknown }).borshBytes\n  );\n  if (camelBuf) {\n    return base64Encode(camelBuf);\n  }\n\n  throw new Error('Invalid signed transaction payload: cannot serialize to base64');\n}\n\n/**\n * MinimalNearClient provides a simplified interface for NEAR protocol interactions\n */\nexport interface NearClient {\n  viewAccessKey(accountId: string, publicKey: string, finalityQuery?: FinalityReference): Promise<AccessKeyView>;\n  viewAccessKeyList(accountId: string, finalityQuery?: FinalityReference): Promise<AccessKeyList>;\n  viewAccount(accountId: string): Promise<AccountView>;\n  viewCode(accountId: string, finalityQuery?: FinalityReference): Promise<Uint8Array>;\n  viewBlock(params: BlockReference): Promise<BlockResult>;\n  sendTransaction(\n    signedTransaction: SignedTransaction,\n    waitUntil?: TxExecutionStatus\n  ): Promise<FinalExecutionOutcome>;\n  query<T extends QueryResponseKind>(params: RpcQueryRequest): Promise<T>;\n  callFunction<A, T>(\n    contractId: string,\n    method: string,\n    args: A,\n    blockQuery?: BlockReference\n  ): Promise<T>;\n  view<A, T>(params: { account: string; method: string; args: A }): Promise<T>;\n  getAccessKeys(params: ViewAccountParams): Promise<{\n    fullAccessKeys: FullAccessKey[];\n    functionCallAccessKeys: FunctionCallAccessKey[];\n  }>;\n}\n\nexport class MinimalNearClient implements NearClient {\n  private readonly rpcUrls: string[];\n\n  constructor(rpcUrl: string | string[]) {\n    this.rpcUrls = MinimalNearClient.normalizeRpcUrls(rpcUrl);\n  }\n\n  private static normalizeRpcUrls(input: string | string[]): string[] {\n    const urls = Array.isArray(input)\n      ? input\n      : input\n          .split(/[\\s,]+/)\n          .map(url => url.trim())\n          .filter(Boolean);\n\n    const normalized = urls.map(url => {\n      try {\n        return new URL(url).toString();\n      } catch (err) {\n        const message = errorMessage(err) || `Invalid NEAR RPC URL: ${url}`;\n        throw new Error(message);\n      }\n    });\n\n    if (!normalized.length) {\n      throw new Error('NEAR RPC URL cannot be empty');\n    }\n\n    return Array.from(new Set(normalized));\n  }\n\n  // ===========================\n  // PRIVATE HELPER FUNCTIONS\n  // ===========================\n\n  /** Build a JSON-RPC 2.0 POST body (stringified). */\n  private buildRequestBody<P>(method: string, params: P): string {\n    return JSON.stringify({\n      jsonrpc: '2.0',\n      id: crypto.randomUUID(),\n      method,\n      params\n    });\n  }\n\n  /** Perform a single POST to one endpoint and return parsed RpcResponse. */\n  private async postOnce(url: string, requestBody: string): Promise<RpcResponse> {\n    const response = await fetch(url, {\n      method: 'POST',\n      headers: { 'Content-Type': 'application/json' },\n      body: requestBody\n    });\n\n    if (!response.ok) {\n      throw new Error(`RPC request failed: ${response.status} ${response.statusText}`);\n    }\n\n    const text = await response.text();\n    if (!text?.trim()) {\n      throw new Error('Empty response from RPC server');\n    }\n\n    return JSON.parse(text) as RpcResponse;\n  }\n\n  /** Try each configured RPC endpoint in order and return the first successful RpcResponse. */\n  private async requestWithFallback(requestBody: string): Promise<RpcResponse> {\n    let lastError: unknown;\n    for (const [index, url] of this.rpcUrls.entries()) {\n      try {\n        const result = await this.postOnce(url, requestBody);\n        if (index > 0) console.warn(`[NearClient] RPC succeeded via fallback: ${url}`);\n        return result;\n      } catch (err) {\n        lastError = err;\n        const remaining = index < this.rpcUrls.length - 1;\n        console.warn(`[NearClient] RPC call to ${url} failed${remaining ? ', trying next' : ''}: ${errorMessage(err) || 'RPC request failed'}`);\n        if (!remaining) throw err instanceof Error ? err : new Error(String(err));\n      }\n    }\n    throw new Error(errorMessage(lastError) || 'RPC request failed');\n  }\n\n  /** Validate and unwrap RpcResponse into the typed result with rich error forwarding. */\n  private unwrapRpcResult<T>(rpc: RpcResponse, operationName: string): T {\n    if (rpc.error) {\n      throw NearRpcError.fromRpcResponse(operationName, rpc);\n    }\n    const result = rpc.result as any;\n    // Some providers return a wrapped error in `result.error`\n    if (result?.error) {\n      const msg = typeof result.error === 'string' ? result.error : JSON.stringify(result.error);\n      throw new NearRpcError({ message: `${operationName} Error: ${msg}`, short: 'RpcError', type: 'RpcError' });\n    }\n    return rpc.result as T;\n  }\n\n  /**\n   * Execute RPC call with proper error handling and result extraction\n   */\n  private async makeRpcCall<P, T>(\n    method: string,\n    params: P,\n    operationName: string\n  ): Promise<T> {\n    const requestBody = this.buildRequestBody(method, params);\n    const rpc = await this.requestWithFallback(requestBody);\n    return this.unwrapRpcResult<T>(rpc, operationName);\n  }\n\n  // ===========================\n  // PUBLIC API METHODS\n  // ===========================\n\n  async query<T extends QueryResponseKind>(params: RpcQueryRequest): Promise<T> {\n    return this.makeRpcCall<RpcQueryRequest, T>(RpcCallType.Query, params, 'Query');\n  }\n\n  async viewAccessKey(accountId: string, publicKey: string, finalityQuery?: FinalityReference): Promise<AccessKeyView> {\n    const publicKeyStr = publicKey;\n    const finality = finalityQuery?.finality || 'final';\n    const params = {\n      request_type: 'view_access_key',\n      finality: finality,\n      account_id: accountId,\n      public_key: publicKeyStr\n    };\n    return this.makeRpcCall<typeof params, AccessKeyView>(\n      RpcCallType.Query,\n      params,\n      'View Access Key'\n    );\n  }\n\n  async viewAccessKeyList(accountId: string, finalityQuery?: FinalityReference): Promise<AccessKeyList> {\n    const finality = finalityQuery?.finality || 'final';\n    const params = {\n      request_type: 'view_access_key_list',\n      finality: finality,\n      account_id: accountId\n    };\n    return this.makeRpcCall<typeof params, AccessKeyList>(RpcCallType.Query, params, 'View Access Key List');\n  }\n\n  async viewAccount(accountId: string): Promise<AccountView> {\n    const params = {\n      request_type: 'view_account',\n      finality: 'final',\n      account_id: accountId\n    };\n    return this.makeRpcCall<typeof params, AccountView>(RpcCallType.Query, params, 'View Account');\n  }\n\n  async viewCode(accountId: string, finalityQuery?: FinalityReference): Promise<Uint8Array> {\n    const finality = finalityQuery?.finality || 'final';\n    const params = {\n      request_type: 'view_code',\n      finality,\n      account_id: accountId\n    };\n    const result = await this.makeRpcCall<typeof params, any>(\n      RpcCallType.Query,\n      params,\n      'View Code'\n    );\n    const codeBase64 = result?.code_base64;\n    if (typeof codeBase64 !== 'string' || !codeBase64.length) {\n      throw new Error('Invalid View Code response: missing code_base64');\n    }\n    return base64Decode(codeBase64);\n  }\n\n  async viewBlock(params: BlockReference): Promise<BlockResult> {\n    return this.makeRpcCall<BlockReference, BlockResult>(RpcCallType.Block, params, 'View Block');\n  }\n\n  async sendTransaction(\n    signedTransaction: SignedTransaction,\n    waitUntil: TxExecutionStatus = DEFAULT_WAIT_STATUS.executeAction\n  ): Promise<FinalExecutionOutcome> {\n    const params = {\n      signed_tx_base64: encodeSignedTransactionBase64(signedTransaction),\n      wait_until: waitUntil\n    };\n\n    // Retry on transient RPC errors commonly seen with shared/public nodes\n    const maxAttempts = 5;\n    let lastError: unknown = null;\n    for (let attempt = 1; attempt <= maxAttempts; attempt++) {\n      try {\n        const outcome = await this.makeRpcCall<typeof params, FinalExecutionOutcome>(RpcCallType.Send, params, 'Send Transaction');\n        // near-api-js throws on Failure; replicate that for clearer UX\n        const status = (outcome as any)?.status;\n        if (status && typeof status === 'object' && 'Failure' in status) {\n          const failure = (status as any).Failure;\n          throw NearRpcError.fromOutcome('Send Transaction', outcome, failure);\n        }\n        return outcome;\n      } catch (err: unknown) {\n        lastError = err;\n        const msg = errorMessage(err);\n        const retryable = /server error|internal|temporar|timeout|too many requests|429|unavailable|bad gateway|gateway timeout/i.test(msg || '');\n        if (!retryable || attempt === maxAttempts) {\n          throw err;\n        }\n        // Exponential backoff with jitter (200–1200ms approx across attempts)\n        const base = 200 * Math.pow(2, attempt - 1);\n        const jitter = Math.floor(Math.random() * 150);\n        await new Promise(r => setTimeout(r, base + jitter));\n      }\n    }\n    // Should be unreachable\n    throw lastError instanceof Error ? lastError : new Error(String(lastError));\n  }\n\n  // legacy helpers removed in favor of NearRpcError\n\n  async callFunction<A, T>(\n    contractId: string,\n    method: string,\n    args: A,\n    blockQuery?: BlockReference\n  ): Promise<T> {\n    const rpcParams = {\n      request_type: 'call_function',\n      finality: 'final',\n      account_id: contractId,\n      method_name: method,\n      args_base64: base64Encode(new TextEncoder().encode(JSON.stringify(args)).buffer)\n    };\n    const result = await this.makeRpcCall<typeof rpcParams, ContractResult<T>>(\n      RpcCallType.Query,\n      rpcParams,\n      'View Function'\n    );\n\n    // Parse result bytes to string/JSON\n    const resultBytes = result.result;\n\n    if (!Array.isArray(resultBytes)) {\n      // If result is not bytes array, it might already be parsed\n      return result as unknown as T;\n    }\n\n    const resultString = String.fromCharCode(...resultBytes);\n\n    if (!resultString.trim()) {\n      return null as T;\n    }\n\n    try {\n      const parsed = JSON.parse(resultString);\n      return parsed as T;\n    } catch (parseError) {\n      console.warn('Failed to parse result as JSON, returning as string:', parseError);\n      console.warn('Raw result string:', resultString);\n      // Return the string value if it's not valid JSON\n      const cleanString = resultString.replace(/^\"|\"$/g, ''); // Remove quotes\n      return cleanString as T;\n    }\n  }\n\n  async view<A, T>(params: { account: string; method: string; args: A }): Promise<T> {\n    return this.callFunction<A, T>(params.account, params.method, params.args);\n  }\n\n  async getAccessKeys({ account, block_id }: ViewAccountParams): Promise<{\n    fullAccessKeys: FullAccessKey[];\n    functionCallAccessKeys: FunctionCallAccessKey[];\n  }> {\n    // Build RPC parameters similar to the official implementation\n    const params: Record<string, unknown> = {\n      request_type: 'view_access_key_list',\n      account_id: account,\n      finality: 'final'\n    };\n\n    // Add block_id if provided (for specific block queries)\n    if (block_id) {\n      params.block_id = block_id;\n      delete params.finality; // block_id takes precedence over finality\n    }\n\n    // Make the RPC call directly to match the official implementation\n    const accessKeyList = await this.makeRpcCall<typeof params, AccessKeyList>(\n      RpcCallType.Query,\n      params,\n      'View Access Key List'\n    );\n\n    // Separate full access keys and function call access keys\n    const fullAccessKeys: FullAccessKey[] = [];\n    const functionCallAccessKeys: FunctionCallAccessKey[] = [];\n\n    // Process each access key (matching the official categorization logic)\n    for (const key of accessKeyList.keys) {\n      if (key.access_key.permission === 'FullAccess') {\n        // Full Access Keys: Keys with FullAccess permission\n        fullAccessKeys.push(key as FullAccessKey);\n      } else if (key.access_key.permission && typeof key.access_key.permission === 'object' && 'FunctionCall' in key.access_key.permission) {\n        // Function Call Keys: Keys with limited permissions for specific contract calls\n        functionCallAccessKeys.push(key as FunctionCallAccessKey);\n      }\n    }\n\n    return {\n      fullAccessKeys,\n      functionCallAccessKeys\n    };\n  }\n}\n"],"mappings":";;;;;;;AAmDA,IAAY,sDAAL;AACL;AACA;AACA;AACA;AACA;;;AAGF,IAAa,oBAAb,MAAa,kBAAkB;CAC7B;CACA;CACA;CAEA,YAAY,MAIT;AACD,OAAK,cAAc,KAAK;AACxB,OAAK,YAAY,KAAK;AACtB,OAAK,cAAc,KAAK;;CAG1B,OAAO,UAAU,OAA+F;AAC9G,SAAO,IAAI,kBAAkB;GAC3B,aAAa,MAAM;GACnB,WAAW,MAAM;GACjB,aAAa,MAAM;;;CAIvB,SAAsB;AAEpB,SAAQ,IAAI,WAAW,KAAK,aAAc;;CAG5C,eAAuB;AACrB,SAAO,aAAa,KAAK;;CAG3B,OAAO,OAAO,OAAsC;AAElD,QAAM,IAAI,MAAM;;;AA6BpB,SAAgB,8BACd,OACwC;AACxC,KAAI,CAAC,MAAO,QAAO;AAGnB,KAAI,MAAM,QAAQ,OAChB,QAAO,IAAI,WAAW,OAAmB;AAI3C,KAAI,YAAY,OAAO,QAAQ;EAC7B,MAAM,OAAO;AACb,SAAO,KAAK,OAAO,MAAM,KAAK,YAAY,KAAK,aAAa,KAAK;;AAInE,KAAI,iBAAiB,YACnB,QAAO;AAGT,QAAO;;AAGT,SAAgB,8BAA8B,QAAmC;CAG/E,MAAM,cAAe,QAAgB;CACrC,MAAMA,YACJ,eAAe,OAAO,gBAAgB,WACjC,cACD;CAIN,MAAM,cAAe,UAAyC;AAC9D,KAAI,WAAW,aACb,QAAQ,YAA6B,KAAK;CAI5C,MAAM,cAAe,UAAmC;AACxD,KAAI,WAAW,cAAc;EAC3B,MAAM,MAAO,YAAkC,KAAK;AACpD,SAAO,aAAa;;CAMtB,MAAM,WAAW,8BACd,UAAwC;AAE3C,KAAI,SACF,QAAO,aAAa;CAGtB,MAAM,WAAW,8BACd,UAAuC;AAE1C,KAAI,SACF,QAAO,aAAa;AAGtB,OAAM,IAAI,MAAM;;AA8BlB,IAAa,oBAAb,MAAa,kBAAwC;CACnD,AAAiB;CAEjB,YAAY,QAA2B;AACrC,OAAK,UAAU,kBAAkB,iBAAiB;;CAGpD,OAAe,iBAAiB,OAAoC;EAClE,MAAM,OAAO,MAAM,QAAQ,SACvB,QACA,MACG,MAAM,UACN,KAAI,QAAO,IAAI,QACf,OAAO;EAEd,MAAM,aAAa,KAAK,KAAI,QAAO;AACjC,OAAI;AACF,WAAO,IAAI,IAAI,KAAK;YACb,KAAK;IACZ,MAAM,UAAU,aAAa,QAAQ,yBAAyB;AAC9D,UAAM,IAAI,MAAM;;;AAIpB,MAAI,CAAC,WAAW,OACd,OAAM,IAAI,MAAM;AAGlB,SAAO,MAAM,KAAK,IAAI,IAAI;;;CAQ5B,AAAQ,iBAAoB,QAAgB,QAAmB;AAC7D,SAAO,KAAK,UAAU;GACpB,SAAS;GACT,IAAI,OAAO;GACX;GACA;;;;CAKJ,MAAc,SAAS,KAAa,aAA2C;EAC7E,MAAM,WAAW,MAAM,MAAM,KAAK;GAChC,QAAQ;GACR,SAAS,EAAE,gBAAgB;GAC3B,MAAM;;AAGR,MAAI,CAAC,SAAS,GACZ,OAAM,IAAI,MAAM,uBAAuB,SAAS,OAAO,GAAG,SAAS;EAGrE,MAAM,OAAO,MAAM,SAAS;AAC5B,MAAI,CAAC,MAAM,OACT,OAAM,IAAI,MAAM;AAGlB,SAAO,KAAK,MAAM;;;CAIpB,MAAc,oBAAoB,aAA2C;EAC3E,IAAIC;AACJ,OAAK,MAAM,CAAC,OAAO,QAAQ,KAAK,QAAQ,UACtC,KAAI;GACF,MAAM,SAAS,MAAM,KAAK,SAAS,KAAK;AACxC,OAAI,QAAQ,EAAG,SAAQ,KAAK,4CAA4C;AACxE,UAAO;WACA,KAAK;AACZ,eAAY;GACZ,MAAM,YAAY,QAAQ,KAAK,QAAQ,SAAS;AAChD,WAAQ,KAAK,4BAA4B,IAAI,SAAS,YAAY,kBAAkB,GAAG,IAAI,aAAa,QAAQ;AAChH,OAAI,CAAC,UAAW,OAAM,eAAe,QAAQ,MAAM,IAAI,MAAM,OAAO;;AAGxE,QAAM,IAAI,MAAM,aAAa,cAAc;;;CAI7C,AAAQ,gBAAmB,KAAkB,eAA0B;AACrE,MAAI,IAAI,MACN,OAAM,aAAa,gBAAgB,eAAe;EAEpD,MAAM,SAAS,IAAI;AAEnB,MAAI,QAAQ,OAAO;GACjB,MAAM,MAAM,OAAO,OAAO,UAAU,WAAW,OAAO,QAAQ,KAAK,UAAU,OAAO;AACpF,SAAM,IAAI,aAAa;IAAE,SAAS,GAAG,cAAc,UAAU;IAAO,OAAO;IAAY,MAAM;;;AAE/F,SAAO,IAAI;;;;;CAMb,MAAc,YACZ,QACA,QACA,eACY;EACZ,MAAM,cAAc,KAAK,iBAAiB,QAAQ;EAClD,MAAM,MAAM,MAAM,KAAK,oBAAoB;AAC3C,SAAO,KAAK,gBAAmB,KAAK;;CAOtC,MAAM,MAAmC,QAAqC;AAC5E,SAAO,KAAK,YAAgC,YAAY,OAAO,QAAQ;;CAGzE,MAAM,cAAc,WAAmB,WAAmB,eAA2D;EACnH,MAAM,eAAe;EACrB,MAAM,WAAW,eAAe,YAAY;EAC5C,MAAM,SAAS;GACb,cAAc;GACJ;GACV,YAAY;GACZ,YAAY;;AAEd,SAAO,KAAK,YACV,YAAY,OACZ,QACA;;CAIJ,MAAM,kBAAkB,WAAmB,eAA2D;EACpG,MAAM,WAAW,eAAe,YAAY;EAC5C,MAAM,SAAS;GACb,cAAc;GACJ;GACV,YAAY;;AAEd,SAAO,KAAK,YAA0C,YAAY,OAAO,QAAQ;;CAGnF,MAAM,YAAY,WAAyC;EACzD,MAAM,SAAS;GACb,cAAc;GACd,UAAU;GACV,YAAY;;AAEd,SAAO,KAAK,YAAwC,YAAY,OAAO,QAAQ;;CAGjF,MAAM,SAAS,WAAmB,eAAwD;EACxF,MAAM,WAAW,eAAe,YAAY;EAC5C,MAAM,SAAS;GACb,cAAc;GACd;GACA,YAAY;;EAEd,MAAM,SAAS,MAAM,KAAK,YACxB,YAAY,OACZ,QACA;EAEF,MAAM,aAAa,QAAQ;AAC3B,MAAI,OAAO,eAAe,YAAY,CAAC,WAAW,OAChD,OAAM,IAAI,MAAM;AAElB,SAAO,aAAa;;CAGtB,MAAM,UAAU,QAA8C;AAC5D,SAAO,KAAK,YAAyC,YAAY,OAAO,QAAQ;;CAGlF,MAAM,gBACJ,mBACA,YAA+B,oBAAoB,eACnB;EAChC,MAAM,SAAS;GACb,kBAAkB,8BAA8B;GAChD,YAAY;;EAId,MAAM,cAAc;EACpB,IAAIA,YAAqB;AACzB,OAAK,IAAI,UAAU,GAAG,WAAW,aAAa,UAC5C,KAAI;GACF,MAAM,UAAU,MAAM,KAAK,YAAkD,YAAY,MAAM,QAAQ;GAEvG,MAAM,SAAU,SAAiB;AACjC,OAAI,UAAU,OAAO,WAAW,YAAY,aAAa,QAAQ;IAC/D,MAAM,UAAW,OAAe;AAChC,UAAM,aAAa,YAAY,oBAAoB,SAAS;;AAE9D,UAAO;WACAC,KAAc;AACrB,eAAY;GACZ,MAAM,MAAM,aAAa;GACzB,MAAM,YAAY,wGAAwG,KAAK,OAAO;AACtI,OAAI,CAAC,aAAa,YAAY,YAC5B,OAAM;GAGR,MAAM,OAAO,MAAM,KAAK,IAAI,GAAG,UAAU;GACzC,MAAM,SAAS,KAAK,MAAM,KAAK,WAAW;AAC1C,SAAM,IAAI,SAAQ,MAAK,WAAW,GAAG,OAAO;;AAIhD,QAAM,qBAAqB,QAAQ,YAAY,IAAI,MAAM,OAAO;;CAKlE,MAAM,aACJ,YACA,QACA,MACA,YACY;EACZ,MAAM,YAAY;GAChB,cAAc;GACd,UAAU;GACV,YAAY;GACZ,aAAa;GACb,aAAa,aAAa,IAAI,cAAc,OAAO,KAAK,UAAU,OAAO;;EAE3E,MAAM,SAAS,MAAM,KAAK,YACxB,YAAY,OACZ,WACA;EAIF,MAAM,cAAc,OAAO;AAE3B,MAAI,CAAC,MAAM,QAAQ,aAEjB,QAAO;EAGT,MAAM,eAAe,OAAO,aAAa,GAAG;AAE5C,MAAI,CAAC,aAAa,OAChB,QAAO;AAGT,MAAI;GACF,MAAM,SAAS,KAAK,MAAM;AAC1B,UAAO;WACA,YAAY;AACnB,WAAQ,KAAK,wDAAwD;AACrE,WAAQ,KAAK,sBAAsB;GAEnC,MAAM,cAAc,aAAa,QAAQ,UAAU;AACnD,UAAO;;;CAIX,MAAM,KAAW,QAAkE;AACjF,SAAO,KAAK,aAAmB,OAAO,SAAS,OAAO,QAAQ,OAAO;;CAGvE,MAAM,cAAc,EAAE,SAAS,YAG5B;EAED,MAAMC,SAAkC;GACtC,cAAc;GACd,YAAY;GACZ,UAAU;;AAIZ,MAAI,UAAU;AACZ,UAAO,WAAW;AAClB,UAAO,OAAO;;EAIhB,MAAM,gBAAgB,MAAM,KAAK,YAC/B,YAAY,OACZ,QACA;EAIF,MAAMC,iBAAkC;EACxC,MAAMC,yBAAkD;AAGxD,OAAK,MAAM,OAAO,cAAc,KAC9B,KAAI,IAAI,WAAW,eAAe,aAEhC,gBAAe,KAAK;WACX,IAAI,WAAW,cAAc,OAAO,IAAI,WAAW,eAAe,YAAY,kBAAkB,IAAI,WAAW,WAExH,wBAAuB,KAAK;AAIhC,SAAO;GACL;GACA"}
+{"version":3,"file":"NearClient.js","names":["txPayload: EncodableSignedTx","lastError: unknown","err: unknown","params: Record<string, unknown>","fullAccessKeys: FullAccessKey[]","functionCallAccessKeys: FunctionCallAccessKey[]"],"sources":["../../../../../../src/core/NearClient.ts"],"sourcesContent":["/**\n * Minimal NEAR RPC client that replaces @near-js/providers\n * Only includes the methods actually used by TatchiPasskey\n *\n * If needed, we can just wrap @near-js if we require more complex\n * functionality and type definitions\n */\n\nimport type {\n  FinalExecutionOutcome,\n  QueryResponseKind,\n  TxExecutionStatus,\n  AccessKeyView,\n  AccessKeyInfoView,\n  AccessKeyList,\n  FunctionCallPermissionView,\n  AccountView,\n  BlockResult,\n  BlockReference,\n  RpcQueryRequest,\n  FinalityReference,\n} from \"@near-js/types\";\nimport { base64Encode, base64Decode } from \"../utils\";\nimport { errorMessage } from \"../utils/errors\";\nimport { NearRpcError } from \"./NearRpcError\";\nimport { DEFAULT_WAIT_STATUS, RpcResponse } from \"./types/rpc\";\nimport { isFunction } from '@/utils/validation';\nimport {\n  WasmTransaction,\n  WasmSignature,\n} from \"../wasm_signer_worker/pkg/wasm_signer_worker.js\";\n\n// re-export near-js types\nexport type { AccessKeyList } from \"@near-js/types\";\n\nexport interface ViewAccountParams {\n  account: string;\n  block_id?: string;\n}\n\nexport type FullAccessKey = Omit<AccessKeyInfoView, 'access_key'>\n  & { access_key: Omit<AccessKeyView, 'permission'> & { permission: 'FullAccess' } }\n\nexport type FunctionCallAccessKey = Omit<AccessKeyInfoView, 'access_key'>\n  & { access_key: Omit<AccessKeyView, 'permission'> & { permission: FunctionCallPermissionView } }\n\nexport interface ContractResult<T> extends QueryResponseKind {\n  result?: T | string | number;\n  logs: string[];\n}\n\nexport enum RpcCallType {\n  Query = \"query\",\n  View = \"view\",\n  Send = \"send_tx\",\n  Block = \"block\",\n  Call = \"call_function\",\n}\n\nexport class SignedTransaction {\n  transaction: WasmTransaction;\n  signature: WasmSignature;\n  borsh_bytes: number[];\n\n  constructor(data: {\n    transaction: WasmTransaction;\n    signature: WasmSignature;\n    borsh_bytes: number[]\n  }) {\n    this.transaction = data.transaction;\n    this.signature = data.signature;\n    this.borsh_bytes = data.borsh_bytes;\n  }\n\n  static fromPlain(input: { transaction: unknown; signature: unknown; borsh_bytes: number[] }): SignedTransaction {\n    return new SignedTransaction({\n      transaction: input.transaction as WasmTransaction,\n      signature: input.signature as WasmSignature,\n      borsh_bytes: input.borsh_bytes,\n    });\n  }\n\n  encode(): ArrayBuffer {\n    // If borsh_bytes are already available, use them\n    return (new Uint8Array(this.borsh_bytes)).buffer;\n  }\n\n  base64Encode(): string {\n    return base64Encode(this.encode());\n  }\n\n  static decode(bytes: Uint8Array): SignedTransaction {\n    // This would need borsh deserialization\n    throw new Error('SignedTransaction.decode(): borsh deserialization not implemented');\n  }\n}\n\n/**\n * Serialize a signed transaction-like object to base64.\n * Accepts either our SignedTransaction instance or a plain object\n * with borsh bytes (borsh_bytes | borshBytes) from cross-origin RPC.\n *\n * Implementation notes / pitfalls:\n * - We always bind `this` correctly when calling .base64Encode() / .encode()\n *   so methods defined on SignedTransaction can safely call this.encode().\n * - The underlying base64Encode() helper is implemented to avoid spreading large\n *   Uint8Arrays into String.fromCharCode(...), which can overflow the JS call\n *   stack for big WASM binaries or large transactions.\n * - As a fallback, we accept raw borsh bytes in multiple shapes to keep the\n *   serializer resilient to different runtimes (plain objects, typed arrays, etc.).\n */\nexport type EncodableSignedTx =\n  | SignedTransaction\n  | {\n      // Borsh bytes in various shapes from different runtimes\n      borsh_bytes?: unknown;\n      borshBytes?: unknown;\n      // Optional helper methods from some callers\n      encode?: () => ArrayBuffer;\n      base64Encode?: () => string;\n    };\n\nexport function toArrayBufferFromUnknownBytes(\n  bytes: unknown\n): ArrayBuffer | SharedArrayBuffer | null {\n  if (!bytes) return null;\n\n  // Plain number[]\n  if (Array.isArray(bytes)) {\n    return new Uint8Array(bytes as number[]).buffer;\n  }\n\n  // Typed arrays / DataView\n  if (ArrayBuffer.isView(bytes)) {\n    const view = bytes as ArrayBufferView;\n    return view.buffer.slice(view.byteOffset, view.byteOffset + view.byteLength);\n  }\n\n  // Raw ArrayBuffer\n  if (bytes instanceof ArrayBuffer) {\n    return bytes;\n  }\n\n  return null;\n}\n\nexport function encodeSignedTransactionBase64(signed: EncodableSignedTx): string {\n  // Some call sites wrap the actual SignedTransaction in a { signedTransaction } envelope.\n  // Normalize that here so the rest of the function always works with a concrete tx-like object.\n  const maybeSigned = (signed as any)?.signedTransaction;\n  const txPayload: EncodableSignedTx =\n    maybeSigned && typeof maybeSigned === 'object'\n      ? (maybeSigned as EncodableSignedTx)\n      : signed;\n\n  // 1) If the payload exposes a .base64Encode() helper (our SignedTransaction class),\n  //    use it directly. Bind `this` so the method can safely call this.encode().\n  const maybeBase64 = (txPayload as { base64Encode?: unknown }).base64Encode;\n  if (isFunction(maybeBase64)) {\n    return (maybeBase64 as () => string).call(txPayload);\n  }\n\n  // 2) Otherwise, fall back to a generic encode() → ArrayBuffer method if present.\n  const maybeEncode = (txPayload as { encode?: unknown }).encode;\n  if (isFunction(maybeEncode)) {\n    const buf = (maybeEncode as () => ArrayBuffer).call(txPayload);\n    return base64Encode(buf);\n  }\n\n  // 3) Finally, accept raw borsh bytes in multiple shapes / field names.\n  //    This keeps the serializer resilient across runtimes that may not\n  //    hydrate SignedTransaction instances but still provide borsh_bytes/Bytes.\n  const snakeBuf = toArrayBufferFromUnknownBytes(\n    (txPayload as { borsh_bytes?: unknown }).borsh_bytes\n  );\n  if (snakeBuf) {\n    return base64Encode(snakeBuf);\n  }\n\n  const camelBuf = toArrayBufferFromUnknownBytes(\n    (txPayload as { borshBytes?: unknown }).borshBytes\n  );\n  if (camelBuf) {\n    return base64Encode(camelBuf);\n  }\n\n  throw new Error('Invalid signed transaction payload: cannot serialize to base64');\n}\n\n/**\n * MinimalNearClient provides a simplified interface for NEAR protocol interactions\n */\nexport interface NearClient {\n  viewAccessKey(accountId: string, publicKey: string, finalityQuery?: FinalityReference): Promise<AccessKeyView>;\n  viewAccessKeyList(accountId: string, finalityQuery?: FinalityReference): Promise<AccessKeyList>;\n  viewAccount(accountId: string): Promise<AccountView>;\n  viewCode(accountId: string, finalityQuery?: FinalityReference): Promise<Uint8Array>;\n  viewBlock(params: BlockReference): Promise<BlockResult>;\n  sendTransaction(\n    signedTransaction: SignedTransaction,\n    waitUntil?: TxExecutionStatus\n  ): Promise<FinalExecutionOutcome>;\n  txStatus(txHash: string, senderAccountId: string): Promise<FinalExecutionOutcome>;\n  query<T extends QueryResponseKind>(params: RpcQueryRequest): Promise<T>;\n  callFunction<A, T>(\n    contractId: string,\n    method: string,\n    args: A,\n    blockQuery?: BlockReference\n  ): Promise<T>;\n  view<A, T>(params: { account: string; method: string; args: A }): Promise<T>;\n  getAccessKeys(params: ViewAccountParams): Promise<{\n    fullAccessKeys: FullAccessKey[];\n    functionCallAccessKeys: FunctionCallAccessKey[];\n  }>;\n}\n\nexport class MinimalNearClient implements NearClient {\n  private readonly rpcUrls: string[];\n\n  constructor(rpcUrl: string | string[]) {\n    this.rpcUrls = MinimalNearClient.normalizeRpcUrls(rpcUrl);\n  }\n\n  private static normalizeRpcUrls(input: string | string[]): string[] {\n    const urls = Array.isArray(input)\n      ? input\n      : input\n          .split(/[\\s,]+/)\n          .map(url => url.trim())\n          .filter(Boolean);\n\n    const normalized = urls.map(url => {\n      try {\n        return new URL(url).toString();\n      } catch (err) {\n        const message = errorMessage(err) || `Invalid NEAR RPC URL: ${url}`;\n        throw new Error(message);\n      }\n    });\n\n    if (!normalized.length) {\n      throw new Error('NEAR RPC URL cannot be empty');\n    }\n\n    return Array.from(new Set(normalized));\n  }\n\n  // ===========================\n  // PRIVATE HELPER FUNCTIONS\n  // ===========================\n\n  /** Build a JSON-RPC 2.0 POST body (stringified). */\n  private buildRequestBody<P>(method: string, params: P): string {\n    return JSON.stringify({\n      jsonrpc: '2.0',\n      id: crypto.randomUUID(),\n      method,\n      params\n    });\n  }\n\n  /** Perform a single POST to one endpoint and return parsed RpcResponse. */\n  private async postOnce(url: string, requestBody: string): Promise<RpcResponse> {\n    const response = await fetch(url, {\n      method: 'POST',\n      headers: { 'Content-Type': 'application/json' },\n      body: requestBody\n    });\n\n    if (!response.ok) {\n      throw new Error(`RPC request failed: ${response.status} ${response.statusText}`);\n    }\n\n    const text = await response.text();\n    if (!text?.trim()) {\n      throw new Error('Empty response from RPC server');\n    }\n\n    return JSON.parse(text) as RpcResponse;\n  }\n\n  /** Try each configured RPC endpoint in order and return the first successful RpcResponse. */\n  private async requestWithFallback(requestBody: string): Promise<RpcResponse> {\n    let lastError: unknown;\n    for (const [index, url] of this.rpcUrls.entries()) {\n      try {\n        const result = await this.postOnce(url, requestBody);\n        if (index > 0) console.warn(`[NearClient] RPC succeeded via fallback: ${url}`);\n        return result;\n      } catch (err) {\n        lastError = err;\n        const remaining = index < this.rpcUrls.length - 1;\n        console.warn(`[NearClient] RPC call to ${url} failed${remaining ? ', trying next' : ''}: ${errorMessage(err) || 'RPC request failed'}`);\n        if (!remaining) throw err instanceof Error ? err : new Error(String(err));\n      }\n    }\n    throw new Error(errorMessage(lastError) || 'RPC request failed');\n  }\n\n  /** Validate and unwrap RpcResponse into the typed result with rich error forwarding. */\n  private unwrapRpcResult<T>(rpc: RpcResponse, operationName: string): T {\n    if (rpc.error) {\n      throw NearRpcError.fromRpcResponse(operationName, rpc);\n    }\n    const result = rpc.result as any;\n    // Some providers return a wrapped error in `result.error`\n    if (result?.error) {\n      const msg = typeof result.error === 'string' ? result.error : JSON.stringify(result.error);\n      throw new NearRpcError({ message: `${operationName} Error: ${msg}`, short: 'RpcError', type: 'RpcError' });\n    }\n    return rpc.result as T;\n  }\n\n  /**\n   * Execute RPC call with proper error handling and result extraction\n   */\n  private async makeRpcCall<P, T>(\n    method: string,\n    params: P,\n    operationName: string\n  ): Promise<T> {\n    const requestBody = this.buildRequestBody(method, params);\n    const rpc = await this.requestWithFallback(requestBody);\n    return this.unwrapRpcResult<T>(rpc, operationName);\n  }\n\n  // ===========================\n  // PUBLIC API METHODS\n  // ===========================\n\n  async query<T extends QueryResponseKind>(params: RpcQueryRequest): Promise<T> {\n    return this.makeRpcCall<RpcQueryRequest, T>(RpcCallType.Query, params, 'Query');\n  }\n\n  async viewAccessKey(accountId: string, publicKey: string, finalityQuery?: FinalityReference): Promise<AccessKeyView> {\n    const publicKeyStr = publicKey;\n    const finality = finalityQuery?.finality || 'final';\n    const params = {\n      request_type: 'view_access_key',\n      finality: finality,\n      account_id: accountId,\n      public_key: publicKeyStr\n    };\n    return this.makeRpcCall<typeof params, AccessKeyView>(\n      RpcCallType.Query,\n      params,\n      'View Access Key'\n    );\n  }\n\n  async viewAccessKeyList(accountId: string, finalityQuery?: FinalityReference): Promise<AccessKeyList> {\n    const finality = finalityQuery?.finality || 'final';\n    const params = {\n      request_type: 'view_access_key_list',\n      finality: finality,\n      account_id: accountId\n    };\n    return this.makeRpcCall<typeof params, AccessKeyList>(RpcCallType.Query, params, 'View Access Key List');\n  }\n\n  async viewAccount(accountId: string): Promise<AccountView> {\n    const params = {\n      request_type: 'view_account',\n      finality: 'final',\n      account_id: accountId\n    };\n    return this.makeRpcCall<typeof params, AccountView>(RpcCallType.Query, params, 'View Account');\n  }\n\n  async viewCode(accountId: string, finalityQuery?: FinalityReference): Promise<Uint8Array> {\n    const finality = finalityQuery?.finality || 'final';\n    const params = {\n      request_type: 'view_code',\n      finality,\n      account_id: accountId\n    };\n    const result = await this.makeRpcCall<typeof params, any>(\n      RpcCallType.Query,\n      params,\n      'View Code'\n    );\n    const codeBase64 = result?.code_base64;\n    if (typeof codeBase64 !== 'string' || !codeBase64.length) {\n      throw new Error('Invalid View Code response: missing code_base64');\n    }\n    return base64Decode(codeBase64);\n  }\n\n  async viewBlock(params: BlockReference): Promise<BlockResult> {\n    return this.makeRpcCall<BlockReference, BlockResult>(RpcCallType.Block, params, 'View Block');\n  }\n\n  async sendTransaction(\n    signedTransaction: SignedTransaction,\n    waitUntil: TxExecutionStatus = DEFAULT_WAIT_STATUS.executeAction\n  ): Promise<FinalExecutionOutcome> {\n    const params = {\n      signed_tx_base64: encodeSignedTransactionBase64(signedTransaction),\n      wait_until: waitUntil\n    };\n\n    // Retry on transient RPC errors commonly seen with shared/public nodes\n    const maxAttempts = 5;\n    let lastError: unknown = null;\n    for (let attempt = 1; attempt <= maxAttempts; attempt++) {\n      try {\n        const outcome = await this.makeRpcCall<typeof params, FinalExecutionOutcome>(RpcCallType.Send, params, 'Send Transaction');\n        // near-api-js throws on Failure; replicate that for clearer UX\n        const status = (outcome as any)?.status;\n        if (status && typeof status === 'object' && 'Failure' in status) {\n          const failure = (status as any).Failure;\n          throw NearRpcError.fromOutcome('Send Transaction', outcome, failure);\n        }\n        return outcome;\n      } catch (err: unknown) {\n        lastError = err;\n        const msg = errorMessage(err);\n        const retryable = /server error|internal|temporar|timeout|too many requests|429|unavailable|bad gateway|gateway timeout/i.test(msg || '');\n        if (!retryable || attempt === maxAttempts) {\n          throw err;\n        }\n        // Exponential backoff with jitter (200–1200ms approx across attempts)\n        const base = 200 * Math.pow(2, attempt - 1);\n        const jitter = Math.floor(Math.random() * 150);\n        await new Promise(r => setTimeout(r, base + jitter));\n      }\n    }\n    // Should be unreachable\n    throw lastError instanceof Error ? lastError : new Error(String(lastError));\n  }\n\n  async txStatus(txHash: string, senderAccountId: string): Promise<FinalExecutionOutcome> {\n    const params = {\n      tx_hash: txHash,\n      sender_account_id: senderAccountId,\n    };\n    return this.makeRpcCall<typeof params, FinalExecutionOutcome>(\n      'EXPERIMENTAL_tx_status',\n      params,\n      'Tx Status'\n    );\n  }\n\n  // legacy helpers removed in favor of NearRpcError\n\n  async callFunction<A, T>(\n    contractId: string,\n    method: string,\n    args: A,\n    blockQuery?: BlockReference\n  ): Promise<T> {\n    const rpcParams = {\n      request_type: 'call_function',\n      finality: 'final',\n      account_id: contractId,\n      method_name: method,\n      args_base64: base64Encode(new TextEncoder().encode(JSON.stringify(args)).buffer)\n    };\n    const result = await this.makeRpcCall<typeof rpcParams, ContractResult<T>>(\n      RpcCallType.Query,\n      rpcParams,\n      'View Function'\n    );\n\n    // Parse result bytes to string/JSON\n    const resultBytes = result.result;\n\n    if (!Array.isArray(resultBytes)) {\n      // If result is not bytes array, it might already be parsed\n      return result as unknown as T;\n    }\n\n    const resultString = String.fromCharCode(...resultBytes);\n\n    if (!resultString.trim()) {\n      return null as T;\n    }\n\n    try {\n      const parsed = JSON.parse(resultString);\n      return parsed as T;\n    } catch (parseError) {\n      console.warn('Failed to parse result as JSON, returning as string:', parseError);\n      console.warn('Raw result string:', resultString);\n      // Return the string value if it's not valid JSON\n      const cleanString = resultString.replace(/^\"|\"$/g, ''); // Remove quotes\n      return cleanString as T;\n    }\n  }\n\n  async view<A, T>(params: { account: string; method: string; args: A }): Promise<T> {\n    return this.callFunction<A, T>(params.account, params.method, params.args);\n  }\n\n  async getAccessKeys({ account, block_id }: ViewAccountParams): Promise<{\n    fullAccessKeys: FullAccessKey[];\n    functionCallAccessKeys: FunctionCallAccessKey[];\n  }> {\n    // Build RPC parameters similar to the official implementation\n    const params: Record<string, unknown> = {\n      request_type: 'view_access_key_list',\n      account_id: account,\n      finality: 'final'\n    };\n\n    // Add block_id if provided (for specific block queries)\n    if (block_id) {\n      params.block_id = block_id;\n      delete params.finality; // block_id takes precedence over finality\n    }\n\n    // Make the RPC call directly to match the official implementation\n    const accessKeyList = await this.makeRpcCall<typeof params, AccessKeyList>(\n      RpcCallType.Query,\n      params,\n      'View Access Key List'\n    );\n\n    // Separate full access keys and function call access keys\n    const fullAccessKeys: FullAccessKey[] = [];\n    const functionCallAccessKeys: FunctionCallAccessKey[] = [];\n\n    // Process each access key (matching the official categorization logic)\n    for (const key of accessKeyList.keys) {\n      if (key.access_key.permission === 'FullAccess') {\n        // Full Access Keys: Keys with FullAccess permission\n        fullAccessKeys.push(key as FullAccessKey);\n      } else if (key.access_key.permission && typeof key.access_key.permission === 'object' && 'FunctionCall' in key.access_key.permission) {\n        // Function Call Keys: Keys with limited permissions for specific contract calls\n        functionCallAccessKeys.push(key as FunctionCallAccessKey);\n      }\n    }\n\n    return {\n      fullAccessKeys,\n      functionCallAccessKeys\n    };\n  }\n}\n"],"mappings":";;;;;;;AAmDA,IAAY,sDAAL;AACL;AACA;AACA;AACA;AACA;;;AAGF,IAAa,oBAAb,MAAa,kBAAkB;CAC7B;CACA;CACA;CAEA,YAAY,MAIT;AACD,OAAK,cAAc,KAAK;AACxB,OAAK,YAAY,KAAK;AACtB,OAAK,cAAc,KAAK;;CAG1B,OAAO,UAAU,OAA+F;AAC9G,SAAO,IAAI,kBAAkB;GAC3B,aAAa,MAAM;GACnB,WAAW,MAAM;GACjB,aAAa,MAAM;;;CAIvB,SAAsB;AAEpB,SAAQ,IAAI,WAAW,KAAK,aAAc;;CAG5C,eAAuB;AACrB,SAAO,aAAa,KAAK;;CAG3B,OAAO,OAAO,OAAsC;AAElD,QAAM,IAAI,MAAM;;;AA6BpB,SAAgB,8BACd,OACwC;AACxC,KAAI,CAAC,MAAO,QAAO;AAGnB,KAAI,MAAM,QAAQ,OAChB,QAAO,IAAI,WAAW,OAAmB;AAI3C,KAAI,YAAY,OAAO,QAAQ;EAC7B,MAAM,OAAO;AACb,SAAO,KAAK,OAAO,MAAM,KAAK,YAAY,KAAK,aAAa,KAAK;;AAInE,KAAI,iBAAiB,YACnB,QAAO;AAGT,QAAO;;AAGT,SAAgB,8BAA8B,QAAmC;CAG/E,MAAM,cAAe,QAAgB;CACrC,MAAMA,YACJ,eAAe,OAAO,gBAAgB,WACjC,cACD;CAIN,MAAM,cAAe,UAAyC;AAC9D,KAAI,WAAW,aACb,QAAQ,YAA6B,KAAK;CAI5C,MAAM,cAAe,UAAmC;AACxD,KAAI,WAAW,cAAc;EAC3B,MAAM,MAAO,YAAkC,KAAK;AACpD,SAAO,aAAa;;CAMtB,MAAM,WAAW,8BACd,UAAwC;AAE3C,KAAI,SACF,QAAO,aAAa;CAGtB,MAAM,WAAW,8BACd,UAAuC;AAE1C,KAAI,SACF,QAAO,aAAa;AAGtB,OAAM,IAAI,MAAM;;AA+BlB,IAAa,oBAAb,MAAa,kBAAwC;CACnD,AAAiB;CAEjB,YAAY,QAA2B;AACrC,OAAK,UAAU,kBAAkB,iBAAiB;;CAGpD,OAAe,iBAAiB,OAAoC;EAClE,MAAM,OAAO,MAAM,QAAQ,SACvB,QACA,MACG,MAAM,UACN,KAAI,QAAO,IAAI,QACf,OAAO;EAEd,MAAM,aAAa,KAAK,KAAI,QAAO;AACjC,OAAI;AACF,WAAO,IAAI,IAAI,KAAK;YACb,KAAK;IACZ,MAAM,UAAU,aAAa,QAAQ,yBAAyB;AAC9D,UAAM,IAAI,MAAM;;;AAIpB,MAAI,CAAC,WAAW,OACd,OAAM,IAAI,MAAM;AAGlB,SAAO,MAAM,KAAK,IAAI,IAAI;;;CAQ5B,AAAQ,iBAAoB,QAAgB,QAAmB;AAC7D,SAAO,KAAK,UAAU;GACpB,SAAS;GACT,IAAI,OAAO;GACX;GACA;;;;CAKJ,MAAc,SAAS,KAAa,aAA2C;EAC7E,MAAM,WAAW,MAAM,MAAM,KAAK;GAChC,QAAQ;GACR,SAAS,EAAE,gBAAgB;GAC3B,MAAM;;AAGR,MAAI,CAAC,SAAS,GACZ,OAAM,IAAI,MAAM,uBAAuB,SAAS,OAAO,GAAG,SAAS;EAGrE,MAAM,OAAO,MAAM,SAAS;AAC5B,MAAI,CAAC,MAAM,OACT,OAAM,IAAI,MAAM;AAGlB,SAAO,KAAK,MAAM;;;CAIpB,MAAc,oBAAoB,aAA2C;EAC3E,IAAIC;AACJ,OAAK,MAAM,CAAC,OAAO,QAAQ,KAAK,QAAQ,UACtC,KAAI;GACF,MAAM,SAAS,MAAM,KAAK,SAAS,KAAK;AACxC,OAAI,QAAQ,EAAG,SAAQ,KAAK,4CAA4C;AACxE,UAAO;WACA,KAAK;AACZ,eAAY;GACZ,MAAM,YAAY,QAAQ,KAAK,QAAQ,SAAS;AAChD,WAAQ,KAAK,4BAA4B,IAAI,SAAS,YAAY,kBAAkB,GAAG,IAAI,aAAa,QAAQ;AAChH,OAAI,CAAC,UAAW,OAAM,eAAe,QAAQ,MAAM,IAAI,MAAM,OAAO;;AAGxE,QAAM,IAAI,MAAM,aAAa,cAAc;;;CAI7C,AAAQ,gBAAmB,KAAkB,eAA0B;AACrE,MAAI,IAAI,MACN,OAAM,aAAa,gBAAgB,eAAe;EAEpD,MAAM,SAAS,IAAI;AAEnB,MAAI,QAAQ,OAAO;GACjB,MAAM,MAAM,OAAO,OAAO,UAAU,WAAW,OAAO,QAAQ,KAAK,UAAU,OAAO;AACpF,SAAM,IAAI,aAAa;IAAE,SAAS,GAAG,cAAc,UAAU;IAAO,OAAO;IAAY,MAAM;;;AAE/F,SAAO,IAAI;;;;;CAMb,MAAc,YACZ,QACA,QACA,eACY;EACZ,MAAM,cAAc,KAAK,iBAAiB,QAAQ;EAClD,MAAM,MAAM,MAAM,KAAK,oBAAoB;AAC3C,SAAO,KAAK,gBAAmB,KAAK;;CAOtC,MAAM,MAAmC,QAAqC;AAC5E,SAAO,KAAK,YAAgC,YAAY,OAAO,QAAQ;;CAGzE,MAAM,cAAc,WAAmB,WAAmB,eAA2D;EACnH,MAAM,eAAe;EACrB,MAAM,WAAW,eAAe,YAAY;EAC5C,MAAM,SAAS;GACb,cAAc;GACJ;GACV,YAAY;GACZ,YAAY;;AAEd,SAAO,KAAK,YACV,YAAY,OACZ,QACA;;CAIJ,MAAM,kBAAkB,WAAmB,eAA2D;EACpG,MAAM,WAAW,eAAe,YAAY;EAC5C,MAAM,SAAS;GACb,cAAc;GACJ;GACV,YAAY;;AAEd,SAAO,KAAK,YAA0C,YAAY,OAAO,QAAQ;;CAGnF,MAAM,YAAY,WAAyC;EACzD,MAAM,SAAS;GACb,cAAc;GACd,UAAU;GACV,YAAY;;AAEd,SAAO,KAAK,YAAwC,YAAY,OAAO,QAAQ;;CAGjF,MAAM,SAAS,WAAmB,eAAwD;EACxF,MAAM,WAAW,eAAe,YAAY;EAC5C,MAAM,SAAS;GACb,cAAc;GACd;GACA,YAAY;;EAEd,MAAM,SAAS,MAAM,KAAK,YACxB,YAAY,OACZ,QACA;EAEF,MAAM,aAAa,QAAQ;AAC3B,MAAI,OAAO,eAAe,YAAY,CAAC,WAAW,OAChD,OAAM,IAAI,MAAM;AAElB,SAAO,aAAa;;CAGtB,MAAM,UAAU,QAA8C;AAC5D,SAAO,KAAK,YAAyC,YAAY,OAAO,QAAQ;;CAGlF,MAAM,gBACJ,mBACA,YAA+B,oBAAoB,eACnB;EAChC,MAAM,SAAS;GACb,kBAAkB,8BAA8B;GAChD,YAAY;;EAId,MAAM,cAAc;EACpB,IAAIA,YAAqB;AACzB,OAAK,IAAI,UAAU,GAAG,WAAW,aAAa,UAC5C,KAAI;GACF,MAAM,UAAU,MAAM,KAAK,YAAkD,YAAY,MAAM,QAAQ;GAEvG,MAAM,SAAU,SAAiB;AACjC,OAAI,UAAU,OAAO,WAAW,YAAY,aAAa,QAAQ;IAC/D,MAAM,UAAW,OAAe;AAChC,UAAM,aAAa,YAAY,oBAAoB,SAAS;;AAE9D,UAAO;WACAC,KAAc;AACrB,eAAY;GACZ,MAAM,MAAM,aAAa;GACzB,MAAM,YAAY,wGAAwG,KAAK,OAAO;AACtI,OAAI,CAAC,aAAa,YAAY,YAC5B,OAAM;GAGR,MAAM,OAAO,MAAM,KAAK,IAAI,GAAG,UAAU;GACzC,MAAM,SAAS,KAAK,MAAM,KAAK,WAAW;AAC1C,SAAM,IAAI,SAAQ,MAAK,WAAW,GAAG,OAAO;;AAIhD,QAAM,qBAAqB,QAAQ,YAAY,IAAI,MAAM,OAAO;;CAGlE,MAAM,SAAS,QAAgB,iBAAyD;EACtF,MAAM,SAAS;GACb,SAAS;GACT,mBAAmB;;AAErB,SAAO,KAAK,YACV,0BACA,QACA;;CAMJ,MAAM,aACJ,YACA,QACA,MACA,YACY;EACZ,MAAM,YAAY;GAChB,cAAc;GACd,UAAU;GACV,YAAY;GACZ,aAAa;GACb,aAAa,aAAa,IAAI,cAAc,OAAO,KAAK,UAAU,OAAO;;EAE3E,MAAM,SAAS,MAAM,KAAK,YACxB,YAAY,OACZ,WACA;EAIF,MAAM,cAAc,OAAO;AAE3B,MAAI,CAAC,MAAM,QAAQ,aAEjB,QAAO;EAGT,MAAM,eAAe,OAAO,aAAa,GAAG;AAE5C,MAAI,CAAC,aAAa,OAChB,QAAO;AAGT,MAAI;GACF,MAAM,SAAS,KAAK,MAAM;AAC1B,UAAO;WACA,YAAY;AACnB,WAAQ,KAAK,wDAAwD;AACrE,WAAQ,KAAK,sBAAsB;GAEnC,MAAM,cAAc,aAAa,QAAQ,UAAU;AACnD,UAAO;;;CAIX,MAAM,KAAW,QAAkE;AACjF,SAAO,KAAK,aAAmB,OAAO,SAAS,OAAO,QAAQ,OAAO;;CAGvE,MAAM,cAAc,EAAE,SAAS,YAG5B;EAED,MAAMC,SAAkC;GACtC,cAAc;GACd,YAAY;GACZ,UAAU;;AAIZ,MAAI,UAAU;AACZ,UAAO,WAAW;AAClB,UAAO,OAAO;;EAIhB,MAAM,gBAAgB,MAAM,KAAK,YAC/B,YAAY,OACZ,QACA;EAIF,MAAMC,iBAAkC;EACxC,MAAMC,yBAAkD;AAGxD,OAAK,MAAM,OAAO,cAAc,KAC9B,KAAI,IAAI,WAAW,eAAe,aAEhC,gBAAe,KAAK;WACX,IAAI,WAAW,cAAc,OAAO,IAAI,WAAW,eAAe,YAAY,kBAAkB,IAAI,WAAW,WAExH,wBAAuB,KAAK;AAIhC,SAAO;GACL;GACA"}

package/dist/esm/server/sdk/src/core/defaultConfigs.js

@@ -4,6 +4,7 @@ const PASSKEY_MANAGER_DEFAULT_CONFIGS = {
 	nearNetwork: "testnet",
 	contractId: "w3a-v1.testnet",
 	nearExplorerUrl: "https://testnet.nearblocks.io",
+	signerMode: { mode: "local-signer" },
 	signingSessionDefaults: {
 		ttlMs: 0,
 		remainingUses: 0
@@ -37,6 +38,9 @@ const PASSKEY_MANAGER_DEFAULT_CONFIGS = {
 		rpIdOverride: "example.localhost"
 	}
 };
+const THRESHOLD_ED25519_CLIENT_PARTICIPANT_ID = 1;
+const THRESHOLD_ED25519_RELAYER_PARTICIPANT_ID = 2;
+const THRESHOLD_ED25519_2P_PARTICIPANT_IDS = [THRESHOLD_ED25519_CLIENT_PARTICIPANT_ID, THRESHOLD_ED25519_RELAYER_PARTICIPANT_ID];
 const DEFAULT_EMAIL_RECOVERY_CONTRACTS = {
 	emailRecovererGlobalContract: PASSKEY_MANAGER_DEFAULT_CONFIGS.emailRecoveryContracts.emailRecovererGlobalContract,
 	zkEmailVerifierContract: PASSKEY_MANAGER_DEFAULT_CONFIGS.emailRecoveryContracts.zkEmailVerifierContract,
@@ -44,5 +48,5 @@ const DEFAULT_EMAIL_RECOVERY_CONTRACTS = {
 };
 
 //#endregion
-export { DEFAULT_EMAIL_RECOVERY_CONTRACTS };
+export { DEFAULT_EMAIL_RECOVERY_CONTRACTS, THRESHOLD_ED25519_2P_PARTICIPANT_IDS, THRESHOLD_ED25519_CLIENT_PARTICIPANT_ID, THRESHOLD_ED25519_RELAYER_PARTICIPANT_ID };
 //# sourceMappingURL=defaultConfigs.js.map

package/dist/esm/server/sdk/src/core/defaultConfigs.js.map

@@ -1 +1 @@
-{"version":3,"file":"defaultConfigs.js","names":["PASSKEY_MANAGER_DEFAULT_CONFIGS: TatchiConfigs","DEFAULT_EMAIL_RECOVERY_CONTRACTS: EmailRecoveryContracts"],"sources":["../../../../../../src/core/defaultConfigs.ts"],"sourcesContent":["import type { EmailRecoveryContracts, TatchiConfigs, TatchiConfigsInput } from './types/tatchi';\n\n// Default SDK configs suitable for local dev.\n// Cross-origin wallet isolation is recommended; set iframeWallet in your app config when you have a dedicated origin.\n// Consumers can shallow-merge overrides by field.\n\nexport const PASSKEY_MANAGER_DEFAULT_CONFIGS: TatchiConfigs = {\n  // You can provide a single URL or a comma-separated list for failover.\n  // First URL is treated as primary, subsequent URLs are fallbacks.\n  nearRpcUrl: 'https://test.rpc.fastnear.com, https://rpc.testnet.near.org',\n  nearNetwork: 'testnet',\n  contractId: 'w3a-v1.testnet',\n  nearExplorerUrl: 'https://testnet.nearblocks.io',\n  // Warm signing session defaults used by login/unlock flows.\n  // Enforcement (TTL/uses) is owned by the VRF worker; signer workers remain one-shot.\n  signingSessionDefaults: {\n    ttlMs: 0, // 0 minutes\n    remainingUses: 0, // default to requiring a touchID prompt for each transaction\n  },\n  relayer: {\n    // accountId: 'w3a-v1.testnet',\n    // No default relayer URL. Force apps to configure via env/overrides.\n    // Using an empty string triggers early validation errors in code paths that require it.\n    url: '',\n    delegateActionRoute: '/signed-delegate',\n    emailRecovery: {\n      // Require at least 0.01 NEAR available to start email recovery.\n      minBalanceYocto: '10000000000000000000000', // 0.01 NEAR\n      // Poll every 4 seconds for verification status / access key.\n      pollingIntervalMs: 4000,\n      // Stop polling after 30 minutes.\n      maxPollingDurationMs: 30 * 60 * 1000,\n      // Expire pending recovery records after 30 minutes.\n      pendingTtlMs: 30 * 60 * 1000,\n      // Default recovery mailbox for examples / docs.\n      mailtoAddress: 'recover@web3authn.org',\n    },\n  },\n  vrfWorkerConfigs: {\n    shamir3pass: {\n      // default Shamir's P in vrf-wasm-worker, needs to match relay server's Shamir P\n      p: '3N5w46AIGjGT2v5Vua_TMD5Ywfa9U2F7-WzW8SNDsIM',\n      // No default relay server URL to avoid accidental localhost usage in non-dev envs\n      // Defaults to relayer.url when undefined\n      relayServerUrl: '',\n      applyServerLockRoute: '/vrf/apply-server-lock',\n      removeServerLockRoute: '/vrf/remove-server-lock',\n    }\n  },\n  emailRecoveryContracts: {\n    emailRecovererGlobalContract: 'w3a-email-recoverer-v1.testnet',\n    zkEmailVerifierContract: 'zk-email-verifier-v1.testnet',\n    emailDkimVerifierContract: 'email-dkim-verifier-v1.testnet',\n  },\n  // Configure iframeWallet in application code to point at your dedicated wallet origin when available.\n  iframeWallet: {\n    walletOrigin: 'https://wallet.example.localhost',\n    walletServicePath: '/wallet-service',\n    sdkBasePath: '/sdk',\n    rpIdOverride: 'example.localhost',\n  }\n};\n\nexport const DEFAULT_EMAIL_RECOVERY_CONTRACTS: EmailRecoveryContracts = {\n  emailRecovererGlobalContract: PASSKEY_MANAGER_DEFAULT_CONFIGS.emailRecoveryContracts.emailRecovererGlobalContract,\n  zkEmailVerifierContract: PASSKEY_MANAGER_DEFAULT_CONFIGS.emailRecoveryContracts.zkEmailVerifierContract,\n  emailDkimVerifierContract: PASSKEY_MANAGER_DEFAULT_CONFIGS.emailRecoveryContracts.emailDkimVerifierContract,\n};\n\n// Merge defaults with overrides\nexport function buildConfigsFromEnv(overrides: TatchiConfigsInput = {}): TatchiConfigs {\n\n  const defaults = PASSKEY_MANAGER_DEFAULT_CONFIGS;\n  const relayerUrl = overrides.relayer?.url ?? defaults.relayer?.url ?? '';\n  // Prefer explicit override for relayer URL; fall back to default preset.\n  // Used below to default VRF relayServerUrl when it is undefined.\n  const relayServerUrlDefault = relayerUrl;\n\n  const merged: TatchiConfigs = {\n    nearRpcUrl: overrides.nearRpcUrl ?? defaults.nearRpcUrl,\n    nearNetwork: overrides.nearNetwork ?? defaults.nearNetwork,\n    contractId: overrides.contractId ?? defaults.contractId,\n    nearExplorerUrl: overrides.nearExplorerUrl ?? defaults.nearExplorerUrl,\n    walletTheme: overrides.walletTheme ?? defaults.walletTheme,\n    signingSessionDefaults: {\n      ttlMs: overrides.signingSessionDefaults?.ttlMs\n        ?? defaults.signingSessionDefaults?.ttlMs,\n      remainingUses: overrides.signingSessionDefaults?.remainingUses\n        ?? defaults.signingSessionDefaults?.remainingUses,\n    },\n    relayer: {\n      url: relayerUrl,\n      delegateActionRoute: overrides.relayer?.delegateActionRoute\n        ?? defaults.relayer?.delegateActionRoute,\n      emailRecovery: {\n        minBalanceYocto: overrides.relayer?.emailRecovery?.minBalanceYocto\n          ?? defaults.relayer?.emailRecovery?.minBalanceYocto,\n        pollingIntervalMs: overrides.relayer?.emailRecovery?.pollingIntervalMs\n          ?? defaults.relayer?.emailRecovery?.pollingIntervalMs,\n        maxPollingDurationMs: overrides.relayer?.emailRecovery?.maxPollingDurationMs\n          ?? defaults.relayer?.emailRecovery?.maxPollingDurationMs,\n        pendingTtlMs: overrides.relayer?.emailRecovery?.pendingTtlMs\n          ?? defaults.relayer?.emailRecovery?.pendingTtlMs,\n        mailtoAddress: overrides.relayer?.emailRecovery?.mailtoAddress\n          ?? defaults.relayer?.emailRecovery?.mailtoAddress,\n      },\n    },\n    authenticatorOptions: overrides.authenticatorOptions ?? defaults.authenticatorOptions,\n    vrfWorkerConfigs: {\n      shamir3pass: {\n        p: overrides.vrfWorkerConfigs?.shamir3pass?.p\n          ?? defaults.vrfWorkerConfigs?.shamir3pass?.p,\n        relayServerUrl: overrides.vrfWorkerConfigs?.shamir3pass?.relayServerUrl\n          ?? defaults.vrfWorkerConfigs?.shamir3pass?.relayServerUrl\n          ?? relayServerUrlDefault,\n        applyServerLockRoute: overrides.vrfWorkerConfigs?.shamir3pass?.applyServerLockRoute\n          ?? defaults.vrfWorkerConfigs?.shamir3pass?.applyServerLockRoute,\n        removeServerLockRoute: overrides.vrfWorkerConfigs?.shamir3pass?.removeServerLockRoute\n          ?? defaults.vrfWorkerConfigs?.shamir3pass?.removeServerLockRoute,\n      },\n    },\n    emailRecoveryContracts: {\n      emailRecovererGlobalContract: overrides.emailRecoveryContracts?.emailRecovererGlobalContract\n        ?? defaults.emailRecoveryContracts?.emailRecovererGlobalContract,\n      zkEmailVerifierContract: overrides.emailRecoveryContracts?.zkEmailVerifierContract\n        ?? defaults.emailRecoveryContracts?.zkEmailVerifierContract,\n      emailDkimVerifierContract: overrides.emailRecoveryContracts?.emailDkimVerifierContract\n        ?? defaults.emailRecoveryContracts?.emailDkimVerifierContract,\n    },\n    iframeWallet: {\n      walletOrigin: overrides.iframeWallet?.walletOrigin\n        ?? defaults.iframeWallet?.walletOrigin,\n      walletServicePath: overrides.iframeWallet?.walletServicePath\n        ?? defaults.iframeWallet?.walletServicePath\n        ?? '/wallet-service',\n      sdkBasePath: overrides.iframeWallet?.sdkBasePath\n        ?? defaults.iframeWallet?.sdkBasePath\n        ?? '/sdk',\n      rpIdOverride: overrides.iframeWallet?.rpIdOverride\n        ?? defaults.iframeWallet?.rpIdOverride,\n    }\n  };\n  if (!merged.contractId) {\n    throw new Error('[configPresets] Missing required config: contractId');\n  }\n  if (!merged.relayer.url) {\n    throw new Error('[configPresets] Missing required config: relayer.url');\n  }\n  return merged;\n}\n"],"mappings":";AAMA,MAAaA,kCAAiD;CAG5D,YAAY;CACZ,aAAa;CACb,YAAY;CACZ,iBAAiB;CAGjB,wBAAwB;EACtB,OAAO;EACP,eAAe;;CAEjB,SAAS;EAIP,KAAK;EACL,qBAAqB;EACrB,eAAe;GAEb,iBAAiB;GAEjB,mBAAmB;GAEnB,sBAAsB,OAAU;GAEhC,cAAc,OAAU;GAExB,eAAe;;;CAGnB,kBAAkB,EAChB,aAAa;EAEX,GAAG;EAGH,gBAAgB;EAChB,sBAAsB;EACtB,uBAAuB;;CAG3B,wBAAwB;EACtB,8BAA8B;EAC9B,yBAAyB;EACzB,2BAA2B;;CAG7B,cAAc;EACZ,cAAc;EACd,mBAAmB;EACnB,aAAa;EACb,cAAc;;;AAIlB,MAAaC,mCAA2D;CACtE,8BAA8B,gCAAgC,uBAAuB;CACrF,yBAAyB,gCAAgC,uBAAuB;CAChF,2BAA2B,gCAAgC,uBAAuB"}
+{"version":3,"file":"defaultConfigs.js","names":["PASSKEY_MANAGER_DEFAULT_CONFIGS: TatchiConfigs","DEFAULT_EMAIL_RECOVERY_CONTRACTS: EmailRecoveryContracts"],"sources":["../../../../../../src/core/defaultConfigs.ts"],"sourcesContent":["import type { EmailRecoveryContracts, TatchiConfigs, TatchiConfigsInput } from './types/tatchi';\nimport { coerceSignerMode } from './types/signer-worker';\nimport { toTrimmedString } from '@/utils';\n\n// Default SDK configs suitable for local dev.\n// Cross-origin wallet isolation is recommended; set iframeWallet in your app config when you have a dedicated origin.\n// Consumers can shallow-merge overrides by field.\n\nexport const PASSKEY_MANAGER_DEFAULT_CONFIGS: TatchiConfigs = {\n  // You can provide a single URL or a comma-separated list for failover.\n  // First URL is treated as primary, subsequent URLs are fallbacks.\n  nearRpcUrl: 'https://test.rpc.fastnear.com, https://rpc.testnet.near.org',\n  nearNetwork: 'testnet',\n  contractId: 'w3a-v1.testnet',\n  nearExplorerUrl: 'https://testnet.nearblocks.io',\n  signerMode: { mode: 'local-signer' },\n  // Warm signing session defaults used by login/unlock flows.\n  // Enforcement (TTL/uses) is owned by the VRF worker; signer workers remain one-shot.\n  signingSessionDefaults: {\n    ttlMs: 0, // 0 minutes\n    remainingUses: 0, // default to requiring a touchID prompt for each transaction\n  },\n  relayer: {\n    // accountId: 'w3a-v1.testnet',\n    // No default relayer URL. Force apps to configure via env/overrides.\n    // Using an empty string triggers early validation errors in code paths that require it.\n    url: '',\n    delegateActionRoute: '/signed-delegate',\n    emailRecovery: {\n      // Require at least 0.01 NEAR available to start email recovery.\n      minBalanceYocto: '10000000000000000000000', // 0.01 NEAR\n      // Poll every 4 seconds for verification status / access key.\n      pollingIntervalMs: 4000,\n      // Stop polling after 30 minutes.\n      maxPollingDurationMs: 30 * 60 * 1000,\n      // Expire pending recovery records after 30 minutes.\n      pendingTtlMs: 30 * 60 * 1000,\n      // Default recovery mailbox for examples / docs.\n      mailtoAddress: 'recover@web3authn.org',\n    },\n  },\n  vrfWorkerConfigs: {\n    shamir3pass: {\n      // default Shamir's P in vrf-wasm-worker, needs to match relay server's Shamir P\n      p: '3N5w46AIGjGT2v5Vua_TMD5Ywfa9U2F7-WzW8SNDsIM',\n      // No default relay server URL to avoid accidental localhost usage in non-dev envs\n      // Defaults to relayer.url when undefined\n      relayServerUrl: '',\n      applyServerLockRoute: '/vrf/apply-server-lock',\n      removeServerLockRoute: '/vrf/remove-server-lock',\n    }\n  },\n  emailRecoveryContracts: {\n    emailRecovererGlobalContract: 'w3a-email-recoverer-v1.testnet',\n    zkEmailVerifierContract: 'zk-email-verifier-v1.testnet',\n    emailDkimVerifierContract: 'email-dkim-verifier-v1.testnet',\n  },\n  // Configure iframeWallet in application code to point at your dedicated wallet origin when available.\n  iframeWallet: {\n    walletOrigin: 'https://wallet.example.localhost',\n    walletServicePath: '/wallet-service',\n    sdkBasePath: '/sdk',\n    rpIdOverride: 'example.localhost',\n  }\n};\n\n// Default threshold participant identifiers (2P FROST).\n// These are intentionally exported as standalone constants so apps can reuse them when wiring\n// threshold signing across client + server environments.\nexport const THRESHOLD_ED25519_CLIENT_PARTICIPANT_ID = 1 as const;\nexport const THRESHOLD_ED25519_RELAYER_PARTICIPANT_ID = 2 as const;\nexport const THRESHOLD_ED25519_2P_PARTICIPANT_IDS = [\n  THRESHOLD_ED25519_CLIENT_PARTICIPANT_ID,\n  THRESHOLD_ED25519_RELAYER_PARTICIPANT_ID,\n] as const;\n\n// Threshold node roles.\n// Coordinator is the default because it exposes the public `/threshold-ed25519/sign/*` endpoints.\nexport const THRESHOLD_NODE_ROLE_COORDINATOR = 'coordinator' as const;\nexport const THRESHOLD_NODE_ROLE_DEFAULT = THRESHOLD_NODE_ROLE_COORDINATOR;\n\nexport const DEFAULT_EMAIL_RECOVERY_CONTRACTS: EmailRecoveryContracts = {\n  emailRecovererGlobalContract: PASSKEY_MANAGER_DEFAULT_CONFIGS.emailRecoveryContracts.emailRecovererGlobalContract,\n  zkEmailVerifierContract: PASSKEY_MANAGER_DEFAULT_CONFIGS.emailRecoveryContracts.zkEmailVerifierContract,\n  emailDkimVerifierContract: PASSKEY_MANAGER_DEFAULT_CONFIGS.emailRecoveryContracts.emailDkimVerifierContract,\n};\n\n// Merge defaults with overrides\nexport function buildConfigsFromEnv(overrides: TatchiConfigsInput = {}): TatchiConfigs {\n\n  const defaults = PASSKEY_MANAGER_DEFAULT_CONFIGS;\n  const relayerUrl = overrides.relayer?.url ?? defaults.relayer?.url ?? '';\n  // Prefer explicit override for relayer URL; fall back to default preset.\n  // Used below to default VRF relayServerUrl when it is undefined.\n  const relayServerUrlDefault = relayerUrl;\n  const signerMode = coerceSignerMode(overrides.signerMode, defaults.signerMode);\n\n  const merged: TatchiConfigs = {\n    nearRpcUrl: overrides.nearRpcUrl ?? defaults.nearRpcUrl,\n    nearNetwork: overrides.nearNetwork ?? defaults.nearNetwork,\n    contractId: overrides.contractId ?? defaults.contractId,\n    nearExplorerUrl: overrides.nearExplorerUrl ?? defaults.nearExplorerUrl,\n    walletTheme: overrides.walletTheme ?? defaults.walletTheme,\n    signerMode,\n    signingSessionDefaults: {\n      ttlMs: overrides.signingSessionDefaults?.ttlMs\n        ?? defaults.signingSessionDefaults?.ttlMs,\n      remainingUses: overrides.signingSessionDefaults?.remainingUses\n        ?? defaults.signingSessionDefaults?.remainingUses,\n    },\n    relayer: {\n      url: relayerUrl,\n      delegateActionRoute: overrides.relayer?.delegateActionRoute\n        ?? defaults.relayer?.delegateActionRoute,\n      emailRecovery: {\n        minBalanceYocto: overrides.relayer?.emailRecovery?.minBalanceYocto\n          ?? defaults.relayer?.emailRecovery?.minBalanceYocto,\n        pollingIntervalMs: overrides.relayer?.emailRecovery?.pollingIntervalMs\n          ?? defaults.relayer?.emailRecovery?.pollingIntervalMs,\n        maxPollingDurationMs: overrides.relayer?.emailRecovery?.maxPollingDurationMs\n          ?? defaults.relayer?.emailRecovery?.maxPollingDurationMs,\n        pendingTtlMs: overrides.relayer?.emailRecovery?.pendingTtlMs\n          ?? defaults.relayer?.emailRecovery?.pendingTtlMs,\n        mailtoAddress: overrides.relayer?.emailRecovery?.mailtoAddress\n          ?? defaults.relayer?.emailRecovery?.mailtoAddress,\n      },\n    },\n    authenticatorOptions: overrides.authenticatorOptions ?? defaults.authenticatorOptions,\n    vrfWorkerConfigs: {\n      shamir3pass: {\n        p: overrides.vrfWorkerConfigs?.shamir3pass?.p\n          ?? defaults.vrfWorkerConfigs?.shamir3pass?.p,\n        relayServerUrl: overrides.vrfWorkerConfigs?.shamir3pass?.relayServerUrl\n          ?? defaults.vrfWorkerConfigs?.shamir3pass?.relayServerUrl\n          ?? relayServerUrlDefault,\n        applyServerLockRoute: overrides.vrfWorkerConfigs?.shamir3pass?.applyServerLockRoute\n          ?? defaults.vrfWorkerConfigs?.shamir3pass?.applyServerLockRoute,\n        removeServerLockRoute: overrides.vrfWorkerConfigs?.shamir3pass?.removeServerLockRoute\n          ?? defaults.vrfWorkerConfigs?.shamir3pass?.removeServerLockRoute,\n      },\n    },\n    emailRecoveryContracts: {\n      emailRecovererGlobalContract: overrides.emailRecoveryContracts?.emailRecovererGlobalContract\n        ?? defaults.emailRecoveryContracts?.emailRecovererGlobalContract,\n      zkEmailVerifierContract: overrides.emailRecoveryContracts?.zkEmailVerifierContract\n        ?? defaults.emailRecoveryContracts?.zkEmailVerifierContract,\n      emailDkimVerifierContract: overrides.emailRecoveryContracts?.emailDkimVerifierContract\n        ?? defaults.emailRecoveryContracts?.emailDkimVerifierContract,\n    },\n    iframeWallet: {\n      // Preserve explicit empty-string walletOrigin (\"\") because it is used as a sentinel\n      // to disable iframe-wallet mode in tests and some apps.\n      walletOrigin: overrides.iframeWallet?.walletOrigin\n        ?? defaults.iframeWallet?.walletOrigin,\n      rpIdOverride: overrides.iframeWallet?.rpIdOverride\n        ?? defaults.iframeWallet?.rpIdOverride,\n      // IMPORTANT: the following fields are often wired from CI env vars like `VITE_SDK_BASE_PATH`.\n      // When a GitHub Actions env var is missing, expressions like `${{ vars.VITE_SDK_BASE_PATH }}`\n      // frequently become the empty string at build-time. Treat empty strings as \"unset\" so we\n      // fall back to SDK defaults instead of accidentally generating root-relative URLs like:\n      //   https://wallet.example.com/w3a-components.css  (wrong; should be /sdk/w3a-components.css)\n      walletServicePath: toTrimmedString(overrides.iframeWallet?.walletServicePath)\n        || toTrimmedString(defaults.iframeWallet?.walletServicePath)\n        || '/wallet-service',\n      sdkBasePath: toTrimmedString(overrides.iframeWallet?.sdkBasePath)\n        || toTrimmedString(defaults.iframeWallet?.sdkBasePath)\n        || '/sdk',\n    }\n  };\n  if (!merged.contractId) {\n    throw new Error('[configPresets] Missing required config: contractId');\n  }\n  if (!merged.relayer.url) {\n    throw new Error('[configPresets] Missing required config: relayer.url');\n  }\n  return merged;\n}\n"],"mappings":";AAQA,MAAaA,kCAAiD;CAG5D,YAAY;CACZ,aAAa;CACb,YAAY;CACZ,iBAAiB;CACjB,YAAY,EAAE,MAAM;CAGpB,wBAAwB;EACtB,OAAO;EACP,eAAe;;CAEjB,SAAS;EAIP,KAAK;EACL,qBAAqB;EACrB,eAAe;GAEb,iBAAiB;GAEjB,mBAAmB;GAEnB,sBAAsB,OAAU;GAEhC,cAAc,OAAU;GAExB,eAAe;;;CAGnB,kBAAkB,EAChB,aAAa;EAEX,GAAG;EAGH,gBAAgB;EAChB,sBAAsB;EACtB,uBAAuB;;CAG3B,wBAAwB;EACtB,8BAA8B;EAC9B,yBAAyB;EACzB,2BAA2B;;CAG7B,cAAc;EACZ,cAAc;EACd,mBAAmB;EACnB,aAAa;EACb,cAAc;;;AAOlB,MAAa,0CAA0C;AACvD,MAAa,2CAA2C;AACxD,MAAa,uCAAuC,CAClD,yCACA;AAQF,MAAaC,mCAA2D;CACtE,8BAA8B,gCAAgC,uBAAuB;CACrF,yBAAyB,gCAAgC,uBAAuB;CAChF,2BAA2B,gCAAgC,uBAAuB"}

package/dist/esm/server/sdk/src/core/nearCrypto.js

@@ -1,24 +1,8 @@
+import { ensureEd25519Prefix } from "../utils/validation.js";
 import bs58 from "bs58";
 import "@noble/ed25519";
 
 //#region src/core/nearCrypto.ts
-const NEAR_ED25519_KEY_PREFIX = "ed25519:";
-/**
-* Ensure a key string has the NEAR Ed25519 prefix (`ed25519:`).
-*
-* - Accepts either `ed25519:<base58>` or a bare `<base58>` string.
-* - Canonicalizes `ED25519:` → `ed25519:`.
-* - If a different prefix is present (e.g. `secp256k1:`), returns the input unchanged.
-*/
-function ensureEd25519Prefix(value) {
-	const raw = String(value || "").trim();
-	if (!raw) return "";
-	if (/^[a-z0-9_]+:/i.test(raw)) {
-		if (/^ed25519:/i.test(raw)) return `${NEAR_ED25519_KEY_PREFIX}${raw.replace(/^ed25519:/i, "")}`;
-		return raw;
-	}
-	return `${NEAR_ED25519_KEY_PREFIX}${raw}`;
-}
 /**
 * Remove the NEAR Ed25519 prefix (`ed25519:`) if present.
 * Useful for comparing keys where one side may omit the prefix.
@@ -27,22 +11,6 @@ function stripEd25519Prefix(value) {
 	const raw = String(value || "").trim();
 	return raw.replace(/^ed25519:/i, "");
 }
-/**
-* Parse NEAR secret key string ('ed25519:...') into its components.
-* NEAR secrets are 64 bytes: seed(32) | pub(32)
-*/
-function parseNearSecretKey(str) {
-	const b58 = stripEd25519Prefix(str);
-	const bytes = bs58.decode(b58);
-	if (bytes.length !== 64) throw new Error(`Invalid NEAR secret key length: ${bytes.length}`);
-	const all = new Uint8Array(bytes);
-	const seed = all.slice(0, 32);
-	const pub = all.slice(32, 64);
-	return {
-		seed,
-		pub
-	};
-}
 /** Convert raw 32-byte public key to NEAR string ('ed25519:...') */
 function toPublicKeyString(pub) {
 	if (!(pub?.length === 32)) throw new Error("Public key must be 32 bytes");
@@ -50,5 +18,5 @@ function toPublicKeyString(pub) {
 }
 
 //#endregion
-export { ensureEd25519Prefix, parseNearSecretKey, toPublicKeyString };
+export { stripEd25519Prefix, toPublicKeyString };
 //# sourceMappingURL=nearCrypto.js.map

package/dist/esm/server/sdk/src/core/nearCrypto.js.map

@@ -1 +1 @@
-{"version":3,"file":"nearCrypto.js","names":[],"sources":["../../../../../../src/core/nearCrypto.ts"],"sourcesContent":["import * as ed25519 from '@noble/ed25519';\nimport bs58 from 'bs58';\n\nexport const NEAR_ED25519_KEY_PREFIX = 'ed25519:' as const;\n\n/**\n * Ensure a key string has the NEAR Ed25519 prefix (`ed25519:`).\n *\n * - Accepts either `ed25519:<base58>` or a bare `<base58>` string.\n * - Canonicalizes `ED25519:` → `ed25519:`.\n * - If a different prefix is present (e.g. `secp256k1:`), returns the input unchanged.\n */\nexport function ensureEd25519Prefix(value: string): string {\n  const raw = String(value || '').trim();\n  if (!raw) return '';\n\n  // If it already looks like \"<prefix>:...\", only normalize when the prefix is ed25519.\n  if (/^[a-z0-9_]+:/i.test(raw)) {\n    if (/^ed25519:/i.test(raw)) {\n      return `${NEAR_ED25519_KEY_PREFIX}${raw.replace(/^ed25519:/i, '')}`;\n    }\n    return raw;\n  }\n\n  return `${NEAR_ED25519_KEY_PREFIX}${raw}`;\n}\n\n/**\n * Remove the NEAR Ed25519 prefix (`ed25519:`) if present.\n * Useful for comparing keys where one side may omit the prefix.\n */\nexport function stripEd25519Prefix(value: string): string {\n  const raw = String(value || '').trim();\n  return raw.replace(/^ed25519:/i, '');\n}\n\n/**\n * Creates a NEAR-compatible Ed25519 keypair formatted as strings:\n * - publicKey:  'ed25519:' + base58(pub)\n * - privateKey: 'ed25519:' + base58(seed(32) | pub(32))\n */\nexport async function createNearKeypair(): Promise<{ publicKey: string; privateKey: string }> {\n  const seed = ed25519.utils.randomPrivateKey(); // 32 bytes\n  const pub = await ed25519.getPublicKeyAsync(seed); // 32 bytes\n\n  const secret = new Uint8Array(64);\n  secret.set(seed, 0);\n  secret.set(pub, 32);\n\n  const publicKey = ensureEd25519Prefix(bs58.encode(pub));\n  const privateKey = ensureEd25519Prefix(bs58.encode(secret));\n  return { publicKey, privateKey };\n}\n\n/** Parse NEAR public key string ('ed25519:...') into 32-byte Uint8Array */\nexport function parseNearPublicKey(str: string): Uint8Array {\n  const b58 = stripEd25519Prefix(str);\n  const bytes = bs58.decode(b58);\n  if (bytes.length !== 32) {\n    throw new Error(`Invalid NEAR public key length: ${bytes.length}`);\n  }\n  return new Uint8Array(bytes);\n}\n\n/**\n * Parse NEAR secret key string ('ed25519:...') into its components.\n * NEAR secrets are 64 bytes: seed(32) | pub(32)\n */\nexport function parseNearSecretKey(str: string): { seed: Uint8Array; pub: Uint8Array } {\n  const b58 = stripEd25519Prefix(str);\n  const bytes = bs58.decode(b58);\n  if (bytes.length !== 64) {\n    throw new Error(`Invalid NEAR secret key length: ${bytes.length}`);\n  }\n  const all = new Uint8Array(bytes);\n  const seed = all.slice(0, 32);\n  const pub = all.slice(32, 64);\n  return { seed, pub };\n}\n\n/** Convert raw 32-byte public key to NEAR string ('ed25519:...') */\nexport function toPublicKeyString(pub: Uint8Array): string {\n  if (!(pub?.length === 32)) {\n    throw new Error('Public key must be 32 bytes');\n  }\n  return ensureEd25519Prefix(bs58.encode(pub));\n}\n\n/** Convert raw seed(32) + pub(32) to NEAR secret string ('ed25519:...') */\nexport function toSecretKeyString(seed: Uint8Array, pub: Uint8Array): string {\n  if (!(seed?.length === 32)) {\n    throw new Error('Seed must be 32 bytes');\n  }\n  if (!(pub?.length === 32)) {\n    throw new Error('Public key must be 32 bytes');\n  }\n  const secret = new Uint8Array(64);\n  secret.set(seed, 0);\n  secret.set(pub, 32);\n  return ensureEd25519Prefix(bs58.encode(secret));\n}\n"],"mappings":";;;;AAGA,MAAa,0BAA0B;;;;;;;;AASvC,SAAgB,oBAAoB,OAAuB;CACzD,MAAM,MAAM,OAAO,SAAS,IAAI;AAChC,KAAI,CAAC,IAAK,QAAO;AAGjB,KAAI,gBAAgB,KAAK,MAAM;AAC7B,MAAI,aAAa,KAAK,KACpB,QAAO,GAAG,0BAA0B,IAAI,QAAQ,cAAc;AAEhE,SAAO;;AAGT,QAAO,GAAG,0BAA0B;;;;;;AAOtC,SAAgB,mBAAmB,OAAuB;CACxD,MAAM,MAAM,OAAO,SAAS,IAAI;AAChC,QAAO,IAAI,QAAQ,cAAc;;;;;;AAmCnC,SAAgB,mBAAmB,KAAoD;CACrF,MAAM,MAAM,mBAAmB;CAC/B,MAAM,QAAQ,KAAK,OAAO;AAC1B,KAAI,MAAM,WAAW,GACnB,OAAM,IAAI,MAAM,mCAAmC,MAAM;CAE3D,MAAM,MAAM,IAAI,WAAW;CAC3B,MAAM,OAAO,IAAI,MAAM,GAAG;CAC1B,MAAM,MAAM,IAAI,MAAM,IAAI;AAC1B,QAAO;EAAE;EAAM;;;;AAIjB,SAAgB,kBAAkB,KAAyB;AACzD,KAAI,EAAE,KAAK,WAAW,IACpB,OAAM,IAAI,MAAM;AAElB,QAAO,oBAAoB,KAAK,OAAO"}
+{"version":3,"file":"nearCrypto.js","names":[],"sources":["../../../../../../src/core/nearCrypto.ts"],"sourcesContent":["import * as ed25519 from '@noble/ed25519';\nimport bs58 from 'bs58';\n\nimport { ensureEd25519Prefix } from '../utils/validation';\nexport { ensureEd25519Prefix };\n\nexport const NEAR_ED25519_KEY_PREFIX = 'ed25519:' as const;\n\n/**\n * Remove the NEAR Ed25519 prefix (`ed25519:`) if present.\n * Useful for comparing keys where one side may omit the prefix.\n */\nexport function stripEd25519Prefix(value: string): string {\n  const raw = String(value || '').trim();\n  return raw.replace(/^ed25519:/i, '');\n}\n\n/**\n * Creates a NEAR-compatible Ed25519 keypair formatted as strings:\n * - publicKey:  'ed25519:' + base58(pub)\n * - privateKey: 'ed25519:' + base58(seed(32) | pub(32))\n */\nexport async function createNearKeypair(): Promise<{ publicKey: string; privateKey: string }> {\n  const seed = ed25519.utils.randomPrivateKey(); // 32 bytes\n  const pub = await ed25519.getPublicKeyAsync(seed); // 32 bytes\n\n  const secret = new Uint8Array(64);\n  secret.set(seed, 0);\n  secret.set(pub, 32);\n\n  const publicKey = ensureEd25519Prefix(bs58.encode(pub));\n  const privateKey = ensureEd25519Prefix(bs58.encode(secret));\n  return { publicKey, privateKey };\n}\n\n/** Parse NEAR public key string ('ed25519:...') into 32-byte Uint8Array */\nexport function parseNearPublicKey(str: string): Uint8Array {\n  const b58 = stripEd25519Prefix(str);\n  const bytes = bs58.decode(b58);\n  if (bytes.length !== 32) {\n    throw new Error(`Invalid NEAR public key length: ${bytes.length}`);\n  }\n  return new Uint8Array(bytes);\n}\n\n/** Convert raw 32-byte public key to NEAR string ('ed25519:...') */\nexport function toPublicKeyString(pub: Uint8Array): string {\n  if (!(pub?.length === 32)) {\n    throw new Error('Public key must be 32 bytes');\n  }\n  return ensureEd25519Prefix(bs58.encode(pub));\n}\n\n/** Convert raw seed(32) + pub(32) to NEAR secret string ('ed25519:...') */\nexport function toSecretKeyString(seed: Uint8Array, pub: Uint8Array): string {\n  if (!(seed?.length === 32)) {\n    throw new Error('Seed must be 32 bytes');\n  }\n  if (!(pub?.length === 32)) {\n    throw new Error('Public key must be 32 bytes');\n  }\n  const secret = new Uint8Array(64);\n  secret.set(seed, 0);\n  secret.set(pub, 32);\n  return ensureEd25519Prefix(bs58.encode(secret));\n}\n"],"mappings":";;;;;;;;;AAYA,SAAgB,mBAAmB,OAAuB;CACxD,MAAM,MAAM,OAAO,SAAS,IAAI;AAChC,QAAO,IAAI,QAAQ,cAAc;;;AAgCnC,SAAgB,kBAAkB,KAAyB;AACzD,KAAI,EAAE,KAAK,WAAW,IACpB,OAAM,IAAI,MAAM;AAElB,QAAO,oBAAoB,KAAK,OAAO"}

package/dist/esm/server/sdk/src/core/types/actions.js.map

@@ -1 +1 @@
-{"version":3,"file":"actions.js","names":[],"sources":["../../../../../../../src/core/types/actions.ts"],"sourcesContent":["import { DelegateAction, Signature } from './delegate';\n\n// === TRANSACTION INPUT INTERFACES ===\n\nexport interface TransactionInput {\n  receiverId: string;\n  actions: ActionArgs[],\n}\n\nexport interface TransactionInputWasm {\n  receiverId: string;\n  actions: ActionArgsWasm[],\n  nonce?: string; // Optional - computed in confirmation flow if not provided\n}\n\n/**\n * Enum for all supported NEAR action types\n */\nexport enum ActionType {\n  CreateAccount = \"CreateAccount\",\n  DeployContract = \"DeployContract\",\n  FunctionCall = \"FunctionCall\",\n  Transfer = \"Transfer\",\n  Stake = \"Stake\",\n  AddKey = \"AddKey\",\n  DeleteKey = \"DeleteKey\",\n  DeleteAccount = \"DeleteAccount\",\n  SignedDelegate = \"SignedDelegate\",\n  DeployGlobalContract = \"DeployGlobalContract\",\n  UseGlobalContract = \"UseGlobalContract\",\n}\n\nexport enum TxExecutionStatus {\n  NONE = 'NONE',\n  INCLUDED = 'INCLUDED',\n  INCLUDED_FINAL = 'INCLUDED_FINAL',\n  EXECUTED = 'EXECUTED',\n  FINAL = 'FINAL',\n  EXECUTED_OPTIMISTIC = 'EXECUTED_OPTIMISTIC'\n}\n\n// === ACTION INTERFACES (camelCase for JS) ===\n\nexport interface FunctionCallAction {\n  type: ActionType.FunctionCall;\n  /** Name of the contract method to call */\n  methodName: string;\n  /** Arguments to pass to the method (will be JSON.stringify'd automatically) */\n  args: Record<string, any>;\n  /** Maximum gas to use for this call (default: '30000000000000' 30 TGas) */\n  gas?: string;\n  /** Amount of NEAR tokens to attach in yoctoNEAR (default: '0') */\n  deposit?: string;\n}\n\nexport interface TransferAction {\n  type: ActionType.Transfer;\n  /** Amount of NEAR tokens to transfer in yoctoNEAR */\n  amount: string;\n}\n\nexport interface CreateAccountAction {\n  type: ActionType.CreateAccount;\n}\n\nexport interface DeployContractAction {\n  type: ActionType.DeployContract;\n  /** Contract code as Uint8Array or base64 string */\n  code: Uint8Array | string;\n}\n\nexport interface DeployGlobalContractAction {\n  type: ActionType.DeployGlobalContract;\n  /** Global contract code as Uint8Array or base64 string */\n  code: Uint8Array | string;\n  /** Deployment mode: CodeHash | AccountId */\n  deployMode: 'CodeHash' | 'AccountId';\n}\n\nexport interface UseGlobalContractAction {\n  type: ActionType.UseGlobalContract;\n  /** Exactly one of these should be set */\n  accountId?: string;\n  /** bs58-encoded 32-byte code hash */\n  codeHash?: string;\n}\n\nexport interface StakeAction {\n  type: ActionType.Stake;\n  /** Amount to stake in yoctoNEAR */\n  stake: string;\n  /** Public key of the validator */\n  publicKey: string;\n}\n\nexport interface AddKeyAction {\n  type: ActionType.AddKey;\n  /** Public key to add */\n  publicKey: string;\n  /** Access key configuration */\n  accessKey: {\n    /** Starting nonce for the key */\n    nonce?: number;\n    /** Permission level for the key */\n    permission: 'FullAccess' | {\n      /** Function call permissions */\n      FunctionCall: {\n        /** Maximum allowance in yoctoNEAR (optional for unlimited) */\n        allowance?: string;\n        /** Contract that can be called (default: same as receiverId) */\n        receiverId?: string;\n        /** Method names that can be called (empty array = all methods) */\n        methodNames?: string[];\n      };\n    };\n  };\n}\n\nexport interface DeleteKeyAction {\n  type: ActionType.DeleteKey;\n  /** Public key to remove */\n  publicKey: string;\n}\n\nexport interface DeleteAccountAction {\n  type: ActionType.DeleteAccount;\n  /** Account that will receive the remaining balance */\n  beneficiaryId: string;\n}\n\n/**\n * Action types for all NEAR actions\n * camelCase for JS\n */\nexport type ActionArgs =\n  | FunctionCallAction\n  | TransferAction\n  | CreateAccountAction\n  | DeployContractAction\n  | StakeAction\n  | AddKeyAction\n  | DeleteKeyAction\n  | DeleteAccountAction\n  | DeployGlobalContractAction\n  | UseGlobalContractAction;\n\n// === ACTION TYPES ===\n\n// ActionArgsWasm matches the Rust enum structure exactly\n// snake_case for wasm\nexport type ActionArgsWasm =\n  | { action_type: ActionType.CreateAccount }\n  | { action_type: ActionType.DeployContract; code: number[] }\n  | {\n    action_type: ActionType.FunctionCall;\n    method_name: string;\n    args: string; // JSON string\n    gas: string;\n    deposit: string;\n  }\n  | { action_type: ActionType.Transfer; deposit: string }\n  | { action_type: ActionType.Stake; stake: string; public_key: string }\n  | { action_type: ActionType.AddKey; public_key: string; access_key: string }\n  | { action_type: ActionType.DeleteKey; public_key: string }\n  | { action_type: ActionType.DeleteAccount; beneficiary_id: string }\n  | {\n    action_type: ActionType.SignedDelegate;\n    delegate_action: DelegateAction;\n    signature: Signature;\n  }\n  | { action_type: ActionType.DeployGlobalContract; code: number[]; deploy_mode: 'CodeHash' | 'AccountId' }\n  | { action_type: ActionType.UseGlobalContract; account_id?: string; code_hash?: string }\n\nexport function isActionArgsWasm(a?: any): a is ActionArgsWasm {\n  return isObject(a) && 'action_type' in a;\n}\n\nexport function toActionArgsWasm(action: ActionArgs): ActionArgsWasm {\n  switch (action.type) {\n    case ActionType.Transfer:\n      return {\n        action_type: ActionType.Transfer,\n        deposit: action.amount\n      };\n\n    case ActionType.FunctionCall:\n      return {\n        action_type: ActionType.FunctionCall,\n        method_name: action.methodName,\n        args: JSON.stringify(action.args),\n        gas: action.gas || \"30000000000000\",\n        deposit: action.deposit || \"0\"\n      };\n\n    case ActionType.AddKey:\n      // Ensure access key has proper format with nonce and permission object.\n      // For FullAccess we emit the NEAR-style `{ FullAccess: {} }` shape to\n      // match near-api-js and RPC JSON; FunctionCall permissions are passed\n      // through as-is.\n      const rawPermission = action.accessKey.permission;\n      const permission = rawPermission === 'FullAccess'\n          ? { FullAccess: {} }\n          : rawPermission;\n      const accessKey = {\n        nonce: action.accessKey.nonce || 0,\n        permission,\n      };\n      return {\n        action_type: ActionType.AddKey,\n        public_key: action.publicKey,\n        access_key: JSON.stringify(accessKey)\n      };\n\n    case ActionType.DeleteKey:\n      return {\n        action_type: ActionType.DeleteKey,\n        public_key: action.publicKey\n      };\n\n    case ActionType.CreateAccount:\n      return {\n        action_type: ActionType.CreateAccount\n      };\n\n    case ActionType.DeleteAccount:\n      return {\n        action_type: ActionType.DeleteAccount,\n        beneficiary_id: action.beneficiaryId\n      };\n\n    case ActionType.DeployContract:\n      return {\n        action_type: ActionType.DeployContract,\n        code: typeof action.code === 'string'\n          ? Array.from(new TextEncoder().encode(action.code))\n          : Array.from(action.code)\n      };\n\n    case ActionType.DeployGlobalContract:\n      return {\n        action_type: ActionType.DeployGlobalContract,\n        code: typeof action.code === 'string'\n          ? Array.from(new TextEncoder().encode(action.code))\n          : Array.from(action.code),\n        deploy_mode: action.deployMode,\n      };\n\n    case ActionType.UseGlobalContract:\n      return {\n        action_type: ActionType.UseGlobalContract,\n        account_id: action.accountId,\n        code_hash: action.codeHash,\n      };\n\n    case ActionType.Stake:\n      return {\n        action_type: ActionType.Stake,\n        stake: action.stake,\n        public_key: action.publicKey\n      };\n\n    default:\n      throw new Error(`Action type ${(action as any).type} is not supported`);\n  }\n}\n\n// === ACTION TYPE VALIDATION ===\n\n/**\n * Validate action parameters before sending to worker\n */\nexport function validateActionArgsWasm(actionArgsWasm: ActionArgsWasm): void {\n  switch (actionArgsWasm.action_type) {\n    case ActionType.FunctionCall:\n      if (!actionArgsWasm.method_name) {\n        throw new Error('method_name required for FunctionCall');\n      }\n      if (!actionArgsWasm.args) {\n        throw new Error('args required for FunctionCall');\n      }\n      if (!actionArgsWasm.gas) {\n        throw new Error('gas required for FunctionCall');\n      }\n      if (!actionArgsWasm.deposit) {\n        throw new Error('deposit required for FunctionCall');\n      }\n      // Validate args is valid JSON string\n      if (typeof actionArgsWasm.args !== 'string') {\n        throw new Error('FunctionCall action args must be a valid JSON string');\n      }\n      try {\n        JSON.parse(actionArgsWasm.args);\n      } catch {\n        throw new Error('FunctionCall action args must be valid JSON string');\n      }\n      break;\n    case ActionType.Transfer:\n      if (!actionArgsWasm.deposit) {\n        throw new Error('deposit required for Transfer');\n      }\n      break;\n    case ActionType.CreateAccount:\n      // No additional validation needed\n      break;\n    case ActionType.DeployContract:\n      if (!actionArgsWasm.code || actionArgsWasm.code.length === 0) {\n        throw new Error('code required for DeployContract');\n      }\n      break;\n    case ActionType.Stake:\n      if (!actionArgsWasm.stake) {\n        throw new Error('stake amount required for Stake');\n      }\n      if (!actionArgsWasm.public_key) {\n        throw new Error('public_key required for Stake');\n      }\n      break;\n    case ActionType.AddKey:\n      if (!actionArgsWasm.public_key) {\n        throw new Error('public_key required for AddKey');\n      }\n      if (!actionArgsWasm.access_key) {\n        throw new Error('access_key required for AddKey');\n      }\n      // Validate access_key is valid JSON string\n      if (typeof actionArgsWasm.access_key !== 'string') {\n        throw new Error('AddKey action access_key must be a valid JSON string');\n      }\n      try {\n        JSON.parse(actionArgsWasm.access_key);\n      } catch {\n        throw new Error('AddKey action access_key must be valid JSON string');\n      }\n      break;\n    case ActionType.DeleteKey:\n      if (!actionArgsWasm.public_key) {\n        throw new Error('public_key required for DeleteKey');\n      }\n      break;\n    case ActionType.DeleteAccount:\n      if (!actionArgsWasm.beneficiary_id) {\n        throw new Error('beneficiary_id required for DeleteAccount');\n      }\n      break;\n    case ActionType.SignedDelegate: {\n      const payload = actionArgsWasm as {\n        delegate_action?: unknown;\n        signature?: unknown;\n      };\n      if (!payload.delegate_action || typeof payload.delegate_action !== 'object') {\n        throw new Error('delegate_action required for SignedDelegate');\n      }\n      if (!payload.signature || typeof payload.signature !== 'object') {\n        throw new Error('signature required for SignedDelegate');\n      }\n      break;\n    }\n    case ActionType.DeployGlobalContract:\n      if (!actionArgsWasm.code || actionArgsWasm.code.length === 0) {\n        throw new Error('code required for DeployGlobalContract');\n      }\n      if (!actionArgsWasm.deploy_mode || (actionArgsWasm.deploy_mode !== 'CodeHash' && actionArgsWasm.deploy_mode !== 'AccountId')) {\n        throw new Error('deploy_mode must be CodeHash or AccountId for DeployGlobalContract');\n      }\n      break;\n    case ActionType.UseGlobalContract: {\n      const hasAccountId = !!actionArgsWasm.account_id;\n      const hasCodeHash = !!actionArgsWasm.code_hash;\n      if (hasAccountId === hasCodeHash) {\n        throw new Error('UseGlobalContract requires exactly one of account_id or code_hash');\n      }\n      break;\n    }\n    default:\n      throw new Error(`Unsupported action type: ${(actionArgsWasm as any).action_type}`);\n  }\n}\n\n// === CONVERSIONS: WASM -> JS ACTIONS ===\n\ninterface FunctionCallPermissionView {\n  FunctionCall: {\n    allowance: string;\n    receiver_id: string;\n    method_names: string[];\n  };\n}\n\n/**\n * Convert a single ActionArgsWasm (snake_case, stringified fields) to ActionArgs (camelCase, typed fields)\n */\nexport function fromActionArgsWasm(a: ActionArgsWasm): ActionArgs {\n  switch (a.action_type) {\n    case ActionType.FunctionCall: {\n      let parsedArgs: Record<string, any> = {};\n      try {\n        if (typeof a.args === 'string') {\n          parsedArgs = a.args ? JSON.parse(a.args) : {};\n        } else {\n          parsedArgs = a.args || {};\n        }\n      } catch {\n        // leave as empty object if parsing fails\n        parsedArgs = {};\n      }\n      return {\n        type: ActionType.FunctionCall,\n        methodName: a.method_name,\n        args: parsedArgs,\n        gas: a.gas,\n        deposit: a.deposit\n      };\n    }\n    case ActionType.Transfer:\n      return {\n        type: ActionType.Transfer,\n        amount: a.deposit\n      };\n    case ActionType.CreateAccount:\n      return {\n        type: ActionType.CreateAccount\n      };\n    case ActionType.DeployContract: {\n      // Represent code as Uint8Array for consistency\n      const codeBytes = Array.isArray(a.code) ? new Uint8Array(a.code) : new Uint8Array();\n      return {\n        type: ActionType.DeployContract,\n        code: codeBytes\n      };\n    }\n    case ActionType.DeployGlobalContract: {\n      const codeBytes = Array.isArray(a.code) ? new Uint8Array(a.code) : new Uint8Array();\n      return {\n        type: ActionType.DeployGlobalContract,\n        code: codeBytes,\n        deployMode: a.deploy_mode,\n      };\n    }\n    case ActionType.Stake:\n      return {\n        type: ActionType.Stake,\n        stake: a.stake,\n        publicKey: a.public_key\n      };\n    case ActionType.AddKey: {\n      // access_key is a JSON string of { nonce, permission: ... }\n      let accessKey: { nonce: bigint; permission: 'FullAccess' | FunctionCallPermissionView; }\n      try {\n        accessKey = JSON.parse(a.access_key);\n      } catch {\n        accessKey = { nonce: BigInt(0), permission: 'FullAccess' };\n      }\n      // Normalize permission back to SDK shape\n      const permission = accessKey?.permission;\n      let normalizedPermission: 'FullAccess' | FunctionCallPermissionView = 'FullAccess';\n\n      if (isObject(permission)) {\n        if ('FullAccess' in permission) {\n          normalizedPermission = 'FullAccess';\n        } else if ('FunctionCall' in permission) {\n          const fc = (permission as FunctionCallPermissionView).FunctionCall;\n          normalizedPermission = {\n            FunctionCall: {\n              allowance: fc.allowance,\n              receiver_id: fc.receiver_id,\n              method_names: fc.method_names\n            }\n          };\n        }\n      }\n      return {\n        type: ActionType.AddKey,\n        publicKey: a.public_key,\n        accessKey: {\n          nonce: typeof accessKey?.nonce === 'number' ? accessKey.nonce : 0,\n          permission: normalizedPermission\n        }\n      };\n    }\n    case ActionType.DeleteKey:\n      return {\n        type: ActionType.DeleteKey,\n        publicKey: a.public_key\n      };\n    case ActionType.DeleteAccount:\n      return {\n        type: ActionType.DeleteAccount,\n        beneficiaryId: a.beneficiary_id\n      };\n    case ActionType.UseGlobalContract:\n      return {\n        type: ActionType.UseGlobalContract,\n        accountId: a.account_id,\n        codeHash: a.code_hash,\n      };\n    default:\n      // Exhaustive guard\n      throw new Error(`Unsupported wasm action_type: ${(a as any)?.action_type}`);\n  }\n}\n\n/** Convert a TransactionInputWasm structure to TransactionInput */\nexport function fromTransactionInputWasm(tx: TransactionInputWasm): TransactionInput {\n  return {\n    receiverId: tx.receiverId,\n    actions: tx.actions.map(fromActionArgsWasm)\n  };\n}\n\n/** Convert an array of TransactionInputWasm to TransactionInput[] */\nexport function fromTransactionInputsWasm(txs: TransactionInputWasm[]): TransactionInput[] {\n  return (txs || []).map(fromTransactionInputWasm);\n}\nimport { isObject } from '../WalletIframe/validation';\n"],"mappings":";;;;AAkBA,IAAY,oDAAL;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;AAkPF,SAAgB,uBAAuB,gBAAsC;AAC3E,SAAQ,eAAe,aAAvB;EACE,KAAK,WAAW;AACd,OAAI,CAAC,eAAe,YAClB,OAAM,IAAI,MAAM;AAElB,OAAI,CAAC,eAAe,KAClB,OAAM,IAAI,MAAM;AAElB,OAAI,CAAC,eAAe,IAClB,OAAM,IAAI,MAAM;AAElB,OAAI,CAAC,eAAe,QAClB,OAAM,IAAI,MAAM;AAGlB,OAAI,OAAO,eAAe,SAAS,SACjC,OAAM,IAAI,MAAM;AAElB,OAAI;AACF,SAAK,MAAM,eAAe;WACpB;AACN,UAAM,IAAI,MAAM;;AAElB;EACF,KAAK,WAAW;AACd,OAAI,CAAC,eAAe,QAClB,OAAM,IAAI,MAAM;AAElB;EACF,KAAK,WAAW,cAEd;EACF,KAAK,WAAW;AACd,OAAI,CAAC,eAAe,QAAQ,eAAe,KAAK,WAAW,EACzD,OAAM,IAAI,MAAM;AAElB;EACF,KAAK,WAAW;AACd,OAAI,CAAC,eAAe,MAClB,OAAM,IAAI,MAAM;AAElB,OAAI,CAAC,eAAe,WAClB,OAAM,IAAI,MAAM;AAElB;EACF,KAAK,WAAW;AACd,OAAI,CAAC,eAAe,WAClB,OAAM,IAAI,MAAM;AAElB,OAAI,CAAC,eAAe,WAClB,OAAM,IAAI,MAAM;AAGlB,OAAI,OAAO,eAAe,eAAe,SACvC,OAAM,IAAI,MAAM;AAElB,OAAI;AACF,SAAK,MAAM,eAAe;WACpB;AACN,UAAM,IAAI,MAAM;;AAElB;EACF,KAAK,WAAW;AACd,OAAI,CAAC,eAAe,WAClB,OAAM,IAAI,MAAM;AAElB;EACF,KAAK,WAAW;AACd,OAAI,CAAC,eAAe,eAClB,OAAM,IAAI,MAAM;AAElB;EACF,KAAK,WAAW,gBAAgB;GAC9B,MAAM,UAAU;AAIhB,OAAI,CAAC,QAAQ,mBAAmB,OAAO,QAAQ,oBAAoB,SACjE,OAAM,IAAI,MAAM;AAElB,OAAI,CAAC,QAAQ,aAAa,OAAO,QAAQ,cAAc,SACrD,OAAM,IAAI,MAAM;AAElB;;EAEF,KAAK,WAAW;AACd,OAAI,CAAC,eAAe,QAAQ,eAAe,KAAK,WAAW,EACzD,OAAM,IAAI,MAAM;AAElB,OAAI,CAAC,eAAe,eAAgB,eAAe,gBAAgB,cAAc,eAAe,gBAAgB,YAC9G,OAAM,IAAI,MAAM;AAElB;EACF,KAAK,WAAW,mBAAmB;GACjC,MAAM,eAAe,CAAC,CAAC,eAAe;GACtC,MAAM,cAAc,CAAC,CAAC,eAAe;AACrC,OAAI,iBAAiB,YACnB,OAAM,IAAI,MAAM;AAElB;;EAEF,QACE,OAAM,IAAI,MAAM,4BAA6B,eAAuB"}
+{"version":3,"file":"actions.js","names":[],"sources":["../../../../../../../src/core/types/actions.ts"],"sourcesContent":["import { DelegateAction, Signature } from './delegate';\n\n// === TRANSACTION INPUT INTERFACES ===\n\nexport interface TransactionInput {\n  receiverId: string;\n  actions: ActionArgs[],\n}\n\nexport interface TransactionInputWasm {\n  receiverId: string;\n  actions: ActionArgsWasm[],\n  nonce?: string; // Optional - computed in confirmation flow if not provided\n}\n\n/**\n * Enum for all supported NEAR action types\n */\nexport enum ActionType {\n  CreateAccount = \"CreateAccount\",\n  DeployContract = \"DeployContract\",\n  FunctionCall = \"FunctionCall\",\n  Transfer = \"Transfer\",\n  Stake = \"Stake\",\n  AddKey = \"AddKey\",\n  DeleteKey = \"DeleteKey\",\n  DeleteAccount = \"DeleteAccount\",\n  SignedDelegate = \"SignedDelegate\",\n  DeployGlobalContract = \"DeployGlobalContract\",\n  UseGlobalContract = \"UseGlobalContract\",\n}\n\nexport enum TxExecutionStatus {\n  NONE = 'NONE',\n  INCLUDED = 'INCLUDED',\n  INCLUDED_FINAL = 'INCLUDED_FINAL',\n  EXECUTED = 'EXECUTED',\n  FINAL = 'FINAL',\n  EXECUTED_OPTIMISTIC = 'EXECUTED_OPTIMISTIC'\n}\n\n// === ACTION INTERFACES (camelCase for JS) ===\n\nexport interface FunctionCallAction {\n  type: ActionType.FunctionCall;\n  /** Name of the contract method to call */\n  methodName: string;\n  /** Arguments to pass to the method (will be JSON.stringify'd automatically) */\n  args: Record<string, any>;\n  /** Maximum gas to use for this call (default: '30000000000000' 30 TGas) */\n  gas?: string;\n  /** Amount of NEAR tokens to attach in yoctoNEAR (default: '0') */\n  deposit?: string;\n}\n\nexport interface TransferAction {\n  type: ActionType.Transfer;\n  /** Amount of NEAR tokens to transfer in yoctoNEAR */\n  amount: string;\n}\n\nexport interface CreateAccountAction {\n  type: ActionType.CreateAccount;\n}\n\nexport interface DeployContractAction {\n  type: ActionType.DeployContract;\n  /** Contract code as Uint8Array or base64 string */\n  code: Uint8Array | string;\n}\n\nexport interface DeployGlobalContractAction {\n  type: ActionType.DeployGlobalContract;\n  /** Global contract code as Uint8Array or base64 string */\n  code: Uint8Array | string;\n  /** Deployment mode: CodeHash | AccountId */\n  deployMode: 'CodeHash' | 'AccountId';\n}\n\nexport interface UseGlobalContractAction {\n  type: ActionType.UseGlobalContract;\n  /** Exactly one of these should be set */\n  accountId?: string;\n  /** bs58-encoded 32-byte code hash */\n  codeHash?: string;\n}\n\nexport interface StakeAction {\n  type: ActionType.Stake;\n  /** Amount to stake in yoctoNEAR */\n  stake: string;\n  /** Public key of the validator */\n  publicKey: string;\n}\n\nexport interface AddKeyAction {\n  type: ActionType.AddKey;\n  /** Public key to add */\n  publicKey: string;\n  /** Access key configuration */\n  accessKey: {\n    /** Starting nonce for the key */\n    nonce?: number;\n    /** Permission level for the key */\n    permission: 'FullAccess' | {\n      /** Function call permissions */\n      FunctionCall: {\n        /** Maximum allowance in yoctoNEAR (optional for unlimited) */\n        allowance?: string;\n        /** Contract that can be called (default: same as receiverId) */\n        receiverId?: string;\n        /** Method names that can be called (empty array = all methods) */\n        methodNames?: string[];\n      };\n    };\n  };\n}\n\nexport interface DeleteKeyAction {\n  type: ActionType.DeleteKey;\n  /** Public key to remove */\n  publicKey: string;\n}\n\nexport interface DeleteAccountAction {\n  type: ActionType.DeleteAccount;\n  /** Account that will receive the remaining balance */\n  beneficiaryId: string;\n}\n\n/**\n * Action types for all NEAR actions\n * camelCase for JS\n */\nexport type ActionArgs =\n  | FunctionCallAction\n  | TransferAction\n  | CreateAccountAction\n  | DeployContractAction\n  | StakeAction\n  | AddKeyAction\n  | DeleteKeyAction\n  | DeleteAccountAction\n  | DeployGlobalContractAction\n  | UseGlobalContractAction;\n\n// === ACTION TYPES ===\n\n// ActionArgsWasm matches the Rust enum structure exactly\n// snake_case for wasm\nexport type ActionArgsWasm =\n  | { action_type: ActionType.CreateAccount }\n  | { action_type: ActionType.DeployContract; code: number[] }\n  | {\n    action_type: ActionType.FunctionCall;\n    method_name: string;\n    args: string; // JSON string\n    gas: string;\n    deposit: string;\n  }\n  | { action_type: ActionType.Transfer; deposit: string }\n  | { action_type: ActionType.Stake; stake: string; public_key: string }\n  | { action_type: ActionType.AddKey; public_key: string; access_key: string }\n  | { action_type: ActionType.DeleteKey; public_key: string }\n  | { action_type: ActionType.DeleteAccount; beneficiary_id: string }\n  | {\n    action_type: ActionType.SignedDelegate;\n    delegate_action: DelegateAction;\n    signature: Signature;\n  }\n  | { action_type: ActionType.DeployGlobalContract; code: number[]; deploy_mode: 'CodeHash' | 'AccountId' }\n  | { action_type: ActionType.UseGlobalContract; account_id?: string; code_hash?: string }\n\nexport function isActionArgsWasm(a?: any): a is ActionArgsWasm {\n  return isObject(a) && 'action_type' in a;\n}\n\nexport function toActionArgsWasm(action: ActionArgs): ActionArgsWasm {\n  switch (action.type) {\n    case ActionType.Transfer:\n      return {\n        action_type: ActionType.Transfer,\n        deposit: action.amount\n      };\n\n    case ActionType.FunctionCall:\n      return {\n        action_type: ActionType.FunctionCall,\n        method_name: action.methodName,\n        args: JSON.stringify(action.args),\n        gas: action.gas || \"30000000000000\",\n        deposit: action.deposit || \"0\"\n      };\n\n    case ActionType.AddKey:\n      // Ensure access key has proper format with nonce and permission object.\n      // For FullAccess we emit the NEAR-style `{ FullAccess: {} }` shape to\n      // match near-api-js and RPC JSON; FunctionCall permissions are passed\n      // through as-is.\n      const rawPermission = action.accessKey.permission;\n      const permission = rawPermission === 'FullAccess'\n          ? { FullAccess: {} }\n          : rawPermission;\n      const accessKey = {\n        nonce: action.accessKey.nonce || 0,\n        permission,\n      };\n      return {\n        action_type: ActionType.AddKey,\n        public_key: action.publicKey,\n        access_key: JSON.stringify(accessKey)\n      };\n\n    case ActionType.DeleteKey:\n      return {\n        action_type: ActionType.DeleteKey,\n        public_key: action.publicKey\n      };\n\n    case ActionType.CreateAccount:\n      return {\n        action_type: ActionType.CreateAccount\n      };\n\n    case ActionType.DeleteAccount:\n      return {\n        action_type: ActionType.DeleteAccount,\n        beneficiary_id: action.beneficiaryId\n      };\n\n    case ActionType.DeployContract:\n      return {\n        action_type: ActionType.DeployContract,\n        code: typeof action.code === 'string'\n          ? Array.from(new TextEncoder().encode(action.code))\n          : Array.from(action.code)\n      };\n\n    case ActionType.DeployGlobalContract:\n      return {\n        action_type: ActionType.DeployGlobalContract,\n        code: typeof action.code === 'string'\n          ? Array.from(new TextEncoder().encode(action.code))\n          : Array.from(action.code),\n        deploy_mode: action.deployMode,\n      };\n\n    case ActionType.UseGlobalContract:\n      return {\n        action_type: ActionType.UseGlobalContract,\n        account_id: action.accountId,\n        code_hash: action.codeHash,\n      };\n\n    case ActionType.Stake:\n      return {\n        action_type: ActionType.Stake,\n        stake: action.stake,\n        public_key: action.publicKey\n      };\n\n    default:\n      throw new Error(`Action type ${(action as any).type} is not supported`);\n  }\n}\n\n// === ACTION TYPE VALIDATION ===\n\n/**\n * Validate action parameters before sending to worker\n */\nexport function validateActionArgsWasm(actionArgsWasm: ActionArgsWasm): void {\n  switch (actionArgsWasm.action_type) {\n    case ActionType.FunctionCall:\n      if (!actionArgsWasm.method_name) {\n        throw new Error('method_name required for FunctionCall');\n      }\n      if (!actionArgsWasm.args) {\n        throw new Error('args required for FunctionCall');\n      }\n      if (!actionArgsWasm.gas) {\n        throw new Error('gas required for FunctionCall');\n      }\n      if (!actionArgsWasm.deposit) {\n        throw new Error('deposit required for FunctionCall');\n      }\n      // Validate args is valid JSON string\n      if (typeof actionArgsWasm.args !== 'string') {\n        throw new Error('FunctionCall action args must be a valid JSON string');\n      }\n      try {\n        JSON.parse(actionArgsWasm.args);\n      } catch {\n        throw new Error('FunctionCall action args must be valid JSON string');\n      }\n      break;\n    case ActionType.Transfer:\n      if (!actionArgsWasm.deposit) {\n        throw new Error('deposit required for Transfer');\n      }\n      break;\n    case ActionType.CreateAccount:\n      // No additional validation needed\n      break;\n    case ActionType.DeployContract:\n      if (!actionArgsWasm.code || actionArgsWasm.code.length === 0) {\n        throw new Error('code required for DeployContract');\n      }\n      break;\n    case ActionType.Stake:\n      if (!actionArgsWasm.stake) {\n        throw new Error('stake amount required for Stake');\n      }\n      if (!actionArgsWasm.public_key) {\n        throw new Error('public_key required for Stake');\n      }\n      break;\n    case ActionType.AddKey:\n      if (!actionArgsWasm.public_key) {\n        throw new Error('public_key required for AddKey');\n      }\n      if (!actionArgsWasm.access_key) {\n        throw new Error('access_key required for AddKey');\n      }\n      // Validate access_key is valid JSON string\n      if (typeof actionArgsWasm.access_key !== 'string') {\n        throw new Error('AddKey action access_key must be a valid JSON string');\n      }\n      try {\n        JSON.parse(actionArgsWasm.access_key);\n      } catch {\n        throw new Error('AddKey action access_key must be valid JSON string');\n      }\n      break;\n    case ActionType.DeleteKey:\n      if (!actionArgsWasm.public_key) {\n        throw new Error('public_key required for DeleteKey');\n      }\n      break;\n    case ActionType.DeleteAccount:\n      if (!actionArgsWasm.beneficiary_id) {\n        throw new Error('beneficiary_id required for DeleteAccount');\n      }\n      break;\n    case ActionType.SignedDelegate: {\n      const payload = actionArgsWasm as {\n        delegate_action?: unknown;\n        signature?: unknown;\n      };\n      if (!payload.delegate_action || typeof payload.delegate_action !== 'object') {\n        throw new Error('delegate_action required for SignedDelegate');\n      }\n      if (!payload.signature || typeof payload.signature !== 'object') {\n        throw new Error('signature required for SignedDelegate');\n      }\n      break;\n    }\n    case ActionType.DeployGlobalContract:\n      if (!actionArgsWasm.code || actionArgsWasm.code.length === 0) {\n        throw new Error('code required for DeployGlobalContract');\n      }\n      if (!actionArgsWasm.deploy_mode || (actionArgsWasm.deploy_mode !== 'CodeHash' && actionArgsWasm.deploy_mode !== 'AccountId')) {\n        throw new Error('deploy_mode must be CodeHash or AccountId for DeployGlobalContract');\n      }\n      break;\n    case ActionType.UseGlobalContract: {\n      const hasAccountId = !!actionArgsWasm.account_id;\n      const hasCodeHash = !!actionArgsWasm.code_hash;\n      if (hasAccountId === hasCodeHash) {\n        throw new Error('UseGlobalContract requires exactly one of account_id or code_hash');\n      }\n      break;\n    }\n    default:\n      throw new Error(`Unsupported action type: ${(actionArgsWasm as any).action_type}`);\n  }\n}\n\n// === CONVERSIONS: WASM -> JS ACTIONS ===\n\ninterface FunctionCallPermissionView {\n  FunctionCall: {\n    allowance: string;\n    receiver_id: string;\n    method_names: string[];\n  };\n}\n\n/**\n * Convert a single ActionArgsWasm (snake_case, stringified fields) to ActionArgs (camelCase, typed fields)\n */\nexport function fromActionArgsWasm(a: ActionArgsWasm): ActionArgs {\n  switch (a.action_type) {\n    case ActionType.FunctionCall: {\n      let parsedArgs: Record<string, any> = {};\n      try {\n        if (typeof a.args === 'string') {\n          parsedArgs = a.args ? JSON.parse(a.args) : {};\n        } else {\n          parsedArgs = a.args || {};\n        }\n      } catch {\n        // leave as empty object if parsing fails\n        parsedArgs = {};\n      }\n      return {\n        type: ActionType.FunctionCall,\n        methodName: a.method_name,\n        args: parsedArgs,\n        gas: a.gas,\n        deposit: a.deposit\n      };\n    }\n    case ActionType.Transfer:\n      return {\n        type: ActionType.Transfer,\n        amount: a.deposit\n      };\n    case ActionType.CreateAccount:\n      return {\n        type: ActionType.CreateAccount\n      };\n    case ActionType.DeployContract: {\n      // Represent code as Uint8Array for consistency\n      const codeBytes = Array.isArray(a.code) ? new Uint8Array(a.code) : new Uint8Array();\n      return {\n        type: ActionType.DeployContract,\n        code: codeBytes\n      };\n    }\n    case ActionType.DeployGlobalContract: {\n      const codeBytes = Array.isArray(a.code) ? new Uint8Array(a.code) : new Uint8Array();\n      return {\n        type: ActionType.DeployGlobalContract,\n        code: codeBytes,\n        deployMode: a.deploy_mode,\n      };\n    }\n    case ActionType.Stake:\n      return {\n        type: ActionType.Stake,\n        stake: a.stake,\n        publicKey: a.public_key\n      };\n    case ActionType.AddKey: {\n      // access_key is a JSON string of { nonce, permission: ... }\n      let accessKey: { nonce: bigint; permission: 'FullAccess' | FunctionCallPermissionView; }\n      try {\n        accessKey = JSON.parse(a.access_key);\n      } catch {\n        accessKey = { nonce: BigInt(0), permission: 'FullAccess' };\n      }\n      // Normalize permission back to SDK shape\n      const permission = accessKey?.permission;\n      let normalizedPermission: 'FullAccess' | FunctionCallPermissionView = 'FullAccess';\n\n      if (isObject(permission)) {\n        if ('FullAccess' in permission) {\n          normalizedPermission = 'FullAccess';\n        } else if ('FunctionCall' in permission) {\n          const fc = (permission as FunctionCallPermissionView).FunctionCall;\n          normalizedPermission = {\n            FunctionCall: {\n              allowance: fc.allowance,\n              receiver_id: fc.receiver_id,\n              method_names: fc.method_names\n            }\n          };\n        }\n      }\n      return {\n        type: ActionType.AddKey,\n        publicKey: a.public_key,\n        accessKey: {\n          nonce: typeof accessKey?.nonce === 'number' ? accessKey.nonce : 0,\n          permission: normalizedPermission\n        }\n      };\n    }\n    case ActionType.DeleteKey:\n      return {\n        type: ActionType.DeleteKey,\n        publicKey: a.public_key\n      };\n    case ActionType.DeleteAccount:\n      return {\n        type: ActionType.DeleteAccount,\n        beneficiaryId: a.beneficiary_id\n      };\n    case ActionType.UseGlobalContract:\n      return {\n        type: ActionType.UseGlobalContract,\n        accountId: a.account_id,\n        codeHash: a.code_hash,\n      };\n    default:\n      // Exhaustive guard\n      throw new Error(`Unsupported wasm action_type: ${(a as any)?.action_type}`);\n  }\n}\n\n/** Convert a TransactionInputWasm structure to TransactionInput */\nexport function fromTransactionInputWasm(tx: TransactionInputWasm): TransactionInput {\n  return {\n    receiverId: tx.receiverId,\n    actions: tx.actions.map(fromActionArgsWasm)\n  };\n}\n\n/** Convert an array of TransactionInputWasm to TransactionInput[] */\nexport function fromTransactionInputsWasm(txs: TransactionInputWasm[]): TransactionInput[] {\n  return (txs || []).map(fromTransactionInputWasm);\n}\nimport { isObject } from '@/utils/validation';\n"],"mappings":";;;;AAkBA,IAAY,oDAAL;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;AAkPF,SAAgB,uBAAuB,gBAAsC;AAC3E,SAAQ,eAAe,aAAvB;EACE,KAAK,WAAW;AACd,OAAI,CAAC,eAAe,YAClB,OAAM,IAAI,MAAM;AAElB,OAAI,CAAC,eAAe,KAClB,OAAM,IAAI,MAAM;AAElB,OAAI,CAAC,eAAe,IAClB,OAAM,IAAI,MAAM;AAElB,OAAI,CAAC,eAAe,QAClB,OAAM,IAAI,MAAM;AAGlB,OAAI,OAAO,eAAe,SAAS,SACjC,OAAM,IAAI,MAAM;AAElB,OAAI;AACF,SAAK,MAAM,eAAe;WACpB;AACN,UAAM,IAAI,MAAM;;AAElB;EACF,KAAK,WAAW;AACd,OAAI,CAAC,eAAe,QAClB,OAAM,IAAI,MAAM;AAElB;EACF,KAAK,WAAW,cAEd;EACF,KAAK,WAAW;AACd,OAAI,CAAC,eAAe,QAAQ,eAAe,KAAK,WAAW,EACzD,OAAM,IAAI,MAAM;AAElB;EACF,KAAK,WAAW;AACd,OAAI,CAAC,eAAe,MAClB,OAAM,IAAI,MAAM;AAElB,OAAI,CAAC,eAAe,WAClB,OAAM,IAAI,MAAM;AAElB;EACF,KAAK,WAAW;AACd,OAAI,CAAC,eAAe,WAClB,OAAM,IAAI,MAAM;AAElB,OAAI,CAAC,eAAe,WAClB,OAAM,IAAI,MAAM;AAGlB,OAAI,OAAO,eAAe,eAAe,SACvC,OAAM,IAAI,MAAM;AAElB,OAAI;AACF,SAAK,MAAM,eAAe;WACpB;AACN,UAAM,IAAI,MAAM;;AAElB;EACF,KAAK,WAAW;AACd,OAAI,CAAC,eAAe,WAClB,OAAM,IAAI,MAAM;AAElB;EACF,KAAK,WAAW;AACd,OAAI,CAAC,eAAe,eAClB,OAAM,IAAI,MAAM;AAElB;EACF,KAAK,WAAW,gBAAgB;GAC9B,MAAM,UAAU;AAIhB,OAAI,CAAC,QAAQ,mBAAmB,OAAO,QAAQ,oBAAoB,SACjE,OAAM,IAAI,MAAM;AAElB,OAAI,CAAC,QAAQ,aAAa,OAAO,QAAQ,cAAc,SACrD,OAAM,IAAI,MAAM;AAElB;;EAEF,KAAK,WAAW;AACd,OAAI,CAAC,eAAe,QAAQ,eAAe,KAAK,WAAW,EACzD,OAAM,IAAI,MAAM;AAElB,OAAI,CAAC,eAAe,eAAgB,eAAe,gBAAgB,cAAc,eAAe,gBAAgB,YAC9G,OAAM,IAAI,MAAM;AAElB;EACF,KAAK,WAAW,mBAAmB;GACjC,MAAM,eAAe,CAAC,CAAC,eAAe;GACtC,MAAM,cAAc,CAAC,CAAC,eAAe;AACrC,OAAI,iBAAiB,YACnB,OAAM,IAAI,MAAM;AAElB;;EAEF,QACE,OAAM,IAAI,MAAM,4BAA6B,eAAuB"}

package/dist/esm/server/sdk/src/core/types/rpc.js

@@ -2,6 +2,7 @@
 const DEFAULT_WAIT_STATUS = {
 	executeAction: "EXECUTED_OPTIMISTIC",
 	linkDeviceAddKey: "INCLUDED_FINAL",
+	thresholdAddKey: "EXECUTED_OPTIMISTIC",
 	linkDeviceSwapKey: "FINAL",
 	linkDeviceAccountMapping: "INCLUDED_FINAL",
 	linkDeviceDeleteKey: "INCLUDED_FINAL",

package/dist/esm/server/sdk/src/core/types/rpc.js.map

@@ -1 +1 @@
-{"version":3,"file":"rpc.js","names":[],"sources":["../../../../../../../src/core/types/rpc.ts"],"sourcesContent":["import type { AccessKeyView, TxExecutionStatus } from \"@near-js/types\";\n\nexport const DEFAULT_WAIT_STATUS = {\n  executeAction: \"EXECUTED_OPTIMISTIC\" as TxExecutionStatus,\n  linkDeviceAddKey: \"INCLUDED_FINAL\" as TxExecutionStatus,\n  linkDeviceSwapKey: \"FINAL\" as TxExecutionStatus,\n  linkDeviceAccountMapping: \"INCLUDED_FINAL\" as TxExecutionStatus,\n  linkDeviceDeleteKey: \"INCLUDED_FINAL\" as TxExecutionStatus,\n   linkDeviceRegistration: \"FINAL\" as TxExecutionStatus,\n  // See default finality settings:\n  // https://github.com/near/near-api-js/blob/99f34864317725467a097dc3c7a3cc5f7a5b43d4/packages/accounts/src/account.ts#L68\n}\n\n// Transaction and Signature types - defined as TypeScript interfaces since they're handled as JSON\nexport interface TransactionStruct {\n  signerAccount: string;\n  publicKey: {\n    keyType: number;\n    keyData: number[];\n  };\n  nonce: number;\n  receiverAccount: string;\n  blockHash: number[];\n  actions: any[]; // Actions are complex, handled as JSON\n}\n\nexport interface SignatureStruct {\n  keyType: number;\n  signatureData: number[];\n}\n\nexport interface NearRpcCallParams {\n  jsonrpc: string;\n  id: string;\n  method: string;\n  params: {\n    signed_tx_base64: string;\n    wait_until: TxExecutionStatus;\n  }\n}\n\nexport interface TransactionContext {\n  nearPublicKeyStr: string;\n  accessKeyInfo: AccessKeyView;\n  nextNonce: string;\n  txBlockHeight: string;\n  txBlockHash: string;\n}\n\nexport interface BlockInfo {\n  header: {\n    hash: string;\n    height: number;\n  };\n}\nexport interface RpcErrorData {\n  // NEAR error payloads vary; keep flexible but preserve common fields\n  // Top-level helper message if present\n  message?: string;\n  // Anything else from the node (TxExecutionError, ActionError, etc.)\n  [key: string]: any;\n}\n\nexport interface RpcError {\n  code?: number;\n  name?: string;\n  data?: RpcErrorData;\n  message?: string;\n}\n\nexport interface RpcResponse {\n  error?: RpcError;\n  result?: any;\n}\n"],"mappings":";AAEA,MAAa,sBAAsB;CACjC,eAAe;CACf,kBAAkB;CAClB,mBAAmB;CACnB,0BAA0B;CAC1B,qBAAqB;CACpB,wBAAwB"}
+{"version":3,"file":"rpc.js","names":[],"sources":["../../../../../../../src/core/types/rpc.ts"],"sourcesContent":["import type { AccessKeyView, TxExecutionStatus } from \"@near-js/types\";\n\nexport const DEFAULT_WAIT_STATUS = {\n  executeAction: \"EXECUTED_OPTIMISTIC\" as TxExecutionStatus,\n  linkDeviceAddKey: \"INCLUDED_FINAL\" as TxExecutionStatus,\n  // Threshold AddKey is safe to treat optimistically; finality will converge shortly after.\n  thresholdAddKey: \"EXECUTED_OPTIMISTIC\" as TxExecutionStatus,\n  linkDeviceSwapKey: \"FINAL\" as TxExecutionStatus,\n  linkDeviceAccountMapping: \"INCLUDED_FINAL\" as TxExecutionStatus,\n  linkDeviceDeleteKey: \"INCLUDED_FINAL\" as TxExecutionStatus,\n   linkDeviceRegistration: \"FINAL\" as TxExecutionStatus,\n  // See default finality settings:\n  // https://github.com/near/near-api-js/blob/99f34864317725467a097dc3c7a3cc5f7a5b43d4/packages/accounts/src/account.ts#L68\n}\n\n// Transaction and Signature types - defined as TypeScript interfaces since they're handled as JSON\nexport interface TransactionStruct {\n  signerAccount: string;\n  publicKey: {\n    keyType: number;\n    keyData: number[];\n  };\n  nonce: number;\n  receiverAccount: string;\n  blockHash: number[];\n  actions: any[]; // Actions are complex, handled as JSON\n}\n\nexport interface SignatureStruct {\n  keyType: number;\n  signatureData: number[];\n}\n\nexport interface NearRpcCallParams {\n  jsonrpc: string;\n  id: string;\n  method: string;\n  params: {\n    signed_tx_base64: string;\n    wait_until: TxExecutionStatus;\n  }\n}\n\nexport interface TransactionContext {\n  nearPublicKeyStr: string;\n  accessKeyInfo: AccessKeyView;\n  nextNonce: string;\n  txBlockHeight: string;\n  txBlockHash: string;\n}\n\nexport interface BlockInfo {\n  header: {\n    hash: string;\n    height: number;\n  };\n}\nexport interface RpcErrorData {\n  // NEAR error payloads vary; keep flexible but preserve common fields\n  // Top-level helper message if present\n  message?: string;\n  // Anything else from the node (TxExecutionError, ActionError, etc.)\n  [key: string]: any;\n}\n\nexport interface RpcError {\n  code?: number;\n  name?: string;\n  data?: RpcErrorData;\n  message?: string;\n}\n\nexport interface RpcResponse {\n  error?: RpcError;\n  result?: any;\n}\n"],"mappings":";AAEA,MAAa,sBAAsB;CACjC,eAAe;CACf,kBAAkB;CAElB,iBAAiB;CACjB,mBAAmB;CACnB,0BAA0B;CAC1B,qBAAqB;CACpB,wBAAwB"}

package/dist/esm/server/sdk/src/threshold/participants.js

@@ -0,0 +1,27 @@
+import { THRESHOLD_ED25519_2P_PARTICIPANT_IDS, THRESHOLD_ED25519_CLIENT_PARTICIPANT_ID, THRESHOLD_ED25519_RELAYER_PARTICIPANT_ID } from "../core/defaultConfigs.js";
+
+//#region src/threshold/participants.ts
+function normalizeThresholdEd25519ParticipantId(id) {
+	const n = Number(id);
+	if (!Number.isSafeInteger(n) || n < 1 || n > 65535) return null;
+	return n;
+}
+function normalizeThresholdEd25519ParticipantIds(input) {
+	if (!Array.isArray(input) || input.length === 0) return null;
+	const out = [];
+	const seen = /* @__PURE__ */ new Set();
+	for (const v of input) {
+		const id = normalizeThresholdEd25519ParticipantId(v);
+		if (!id) return null;
+		if (!seen.has(id)) {
+			seen.add(id);
+			out.push(id);
+		}
+	}
+	out.sort((a, b) => a - b);
+	return out.length ? out : null;
+}
+
+//#endregion
+export { normalizeThresholdEd25519ParticipantId, normalizeThresholdEd25519ParticipantIds };
+//# sourceMappingURL=participants.js.map

package/dist/esm/server/sdk/src/threshold/participants.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"participants.js","names":["out: number[]"],"sources":["../../../../../../src/threshold/participants.ts"],"sourcesContent":["export type ThresholdParticipantRole = 'client' | 'relayer';\n\nimport { toOptionalTrimmedString } from '../utils/validation';\nimport {\n  THRESHOLD_ED25519_CLIENT_PARTICIPANT_ID,\n  THRESHOLD_ED25519_RELAYER_PARTICIPANT_ID,\n  THRESHOLD_ED25519_2P_PARTICIPANT_IDS,\n} from '../core/defaultConfigs';\n\nexport {\n  THRESHOLD_ED25519_CLIENT_PARTICIPANT_ID,\n  THRESHOLD_ED25519_RELAYER_PARTICIPANT_ID,\n  THRESHOLD_ED25519_2P_PARTICIPANT_IDS,\n};\n\n/**\n * Metadata describing how a participant share is derived/stored.\n * This is informational in v1 and may be used for validation/policy later.\n */\nexport type ThresholdEd25519ShareDerivation =\n  | 'prf_first_v1'\n  | 'derived_master_secret_v1'\n  | 'kv_random_v1'\n  | 'unknown';\n\nexport interface ThresholdEd25519ParticipantV1 {\n  /** FROST identifier (1-indexed). */\n  id: number;\n  role: ThresholdParticipantRole;\n  /** Optional relayer endpoint for this participant (future multi-relayer support). */\n  relayerUrl?: string;\n  /** Key/share identifier understood by this participant (e.g. relayerKeyId). */\n  relayerKeyId?: string;\n  /** Base64url-encoded 32-byte verifying share (compressed EdwardsY). */\n  verifyingShareB64u?: string;\n  shareDerivation?: ThresholdEd25519ShareDerivation;\n}\n\nexport const THRESHOLD_ED25519_PARTICIPANT_SET_V1 = 'threshold_ed25519_participants_v1' as const;\n\nexport interface ThresholdEd25519ParticipantSetV1 {\n  version: typeof THRESHOLD_ED25519_PARTICIPANT_SET_V1;\n  groupPublicKey: string;\n  participants: ThresholdEd25519ParticipantV1[];\n}\n\nexport function normalizeThresholdEd25519ParticipantId(id: unknown): number | null {\n  const n = Number(id);\n  if (!Number.isSafeInteger(n) || n < 1 || n > 65_535) return null;\n  return n;\n}\n\nexport function normalizeThresholdEd25519ParticipantIds(input: unknown): number[] | null {\n  if (!Array.isArray(input) || input.length === 0) return null;\n  const out: number[] = [];\n  const seen = new Set<number>();\n  for (const v of input) {\n    const id = normalizeThresholdEd25519ParticipantId(v);\n    if (!id) return null;\n    if (!seen.has(id)) {\n      seen.add(id);\n      out.push(id);\n    }\n  }\n  out.sort((a, b) => a - b);\n  return out.length ? out : null;\n}\n\nexport function areThresholdEd25519ParticipantIds2p(\n  participantIds: number[] | null | undefined,\n  expected: readonly number[] = THRESHOLD_ED25519_2P_PARTICIPANT_IDS,\n): boolean {\n  const ids = normalizeThresholdEd25519ParticipantIds(participantIds);\n  const expectedIds = normalizeThresholdEd25519ParticipantIds([...expected]);\n  if (!ids || !expectedIds) return false;\n  if (ids.length !== expectedIds.length) return false;\n  return ids.every((id, i) => id === expectedIds[i]);\n}\n\nexport function parseThresholdEd25519ParticipantsV1(input: unknown): ThresholdEd25519ParticipantV1[] | null {\n  if (!Array.isArray(input) || input.length === 0) return null;\n\n  const out: ThresholdEd25519ParticipantV1[] = [];\n  for (const item of input) {\n    if (!item || typeof item !== 'object' || Array.isArray(item)) return null;\n    const rec = item as Record<string, unknown>;\n\n    const id = normalizeThresholdEd25519ParticipantId(rec.id);\n    const role = toOptionalTrimmedString(rec.role);\n    if (!id || (role !== 'client' && role !== 'relayer')) return null;\n\n    const participant: ThresholdEd25519ParticipantV1 = {\n      id,\n      role: role as ThresholdParticipantRole,\n    };\n\n    const relayerUrl = toOptionalTrimmedString(rec.relayerUrl);\n    if (relayerUrl) participant.relayerUrl = relayerUrl;\n\n    const relayerKeyId = toOptionalTrimmedString(rec.relayerKeyId);\n    if (relayerKeyId) participant.relayerKeyId = relayerKeyId;\n\n    const verifyingShareB64u = toOptionalTrimmedString(rec.verifyingShareB64u);\n    if (verifyingShareB64u) participant.verifyingShareB64u = verifyingShareB64u;\n\n    const shareDerivation = toOptionalTrimmedString(rec.shareDerivation);\n    if (\n      shareDerivation === 'prf_first_v1'\n      || shareDerivation === 'derived_master_secret_v1'\n      || shareDerivation === 'kv_random_v1'\n      || shareDerivation === 'unknown'\n    ) {\n      participant.shareDerivation = shareDerivation;\n    }\n\n    out.push(participant);\n  }\n\n  return out.length ? out : null;\n}\n\nexport function buildThresholdEd25519Participants2pV1(input: {\n  clientParticipantId?: number | null;\n  relayerParticipantId?: number | null;\n  relayerKeyId: string;\n  relayerUrl?: string | null;\n  clientVerifyingShareB64u?: string | null;\n  relayerVerifyingShareB64u?: string | null;\n  clientShareDerivation?: ThresholdEd25519ShareDerivation | null;\n  relayerShareDerivation?: ThresholdEd25519ShareDerivation | null;\n}): ThresholdEd25519ParticipantV1[] {\n  const relayerKeyId = toOptionalTrimmedString(input.relayerKeyId);\n  const relayerUrl = toOptionalTrimmedString(input.relayerUrl);\n  const clientVerifyingShareB64u = toOptionalTrimmedString(input.clientVerifyingShareB64u);\n  const relayerVerifyingShareB64u = toOptionalTrimmedString(input.relayerVerifyingShareB64u);\n  const clientParticipantId =\n    normalizeThresholdEd25519ParticipantId(input.clientParticipantId) ?? THRESHOLD_ED25519_CLIENT_PARTICIPANT_ID;\n  const relayerParticipantId =\n    normalizeThresholdEd25519ParticipantId(input.relayerParticipantId) ?? THRESHOLD_ED25519_RELAYER_PARTICIPANT_ID;\n\n  const client: ThresholdEd25519ParticipantV1 = {\n    id: clientParticipantId,\n    role: 'client',\n    ...(clientVerifyingShareB64u ? { verifyingShareB64u: clientVerifyingShareB64u } : {}),\n    shareDerivation: input.clientShareDerivation || 'prf_first_v1',\n  };\n\n  const relayer: ThresholdEd25519ParticipantV1 = {\n    id: relayerParticipantId,\n    role: 'relayer',\n    ...(relayerUrl ? { relayerUrl } : {}),\n    ...(relayerKeyId ? { relayerKeyId } : {}),\n    ...(relayerVerifyingShareB64u ? { verifyingShareB64u: relayerVerifyingShareB64u } : {}),\n    ...(input.relayerShareDerivation ? { shareDerivation: input.relayerShareDerivation } : {}),\n  };\n\n  return [client, relayer];\n}\n"],"mappings":";;;AA8CA,SAAgB,uCAAuC,IAA4B;CACjF,MAAM,IAAI,OAAO;AACjB,KAAI,CAAC,OAAO,cAAc,MAAM,IAAI,KAAK,IAAI,MAAQ,QAAO;AAC5D,QAAO;;AAGT,SAAgB,wCAAwC,OAAiC;AACvF,KAAI,CAAC,MAAM,QAAQ,UAAU,MAAM,WAAW,EAAG,QAAO;CACxD,MAAMA,MAAgB;CACtB,MAAM,uBAAO,IAAI;AACjB,MAAK,MAAM,KAAK,OAAO;EACrB,MAAM,KAAK,uCAAuC;AAClD,MAAI,CAAC,GAAI,QAAO;AAChB,MAAI,CAAC,KAAK,IAAI,KAAK;AACjB,QAAK,IAAI;AACT,OAAI,KAAK;;;AAGb,KAAI,MAAM,GAAG,MAAM,IAAI;AACvB,QAAO,IAAI,SAAS,MAAM"}

package/dist/esm/server/sdk/src/utils/base64.js

@@ -29,7 +29,39 @@ function base64Decode(base64) {
 	for (let i = 0; i < binaryString.length; i++) bytes[i] = binaryString.charCodeAt(i);
 	return bytes;
 }
+/**
+* Encodes an ArrayBuffer into a base64url string.
+* Converts binary data to base64 then replaces standard base64 characters with URL-safe ones:
+* + -> -
+* / -> _
+* Removes padding = characters
+*
+* Used for WebAuthn API compatibility in browser environments.
+* Equivalent to Buffer.from(value).toString('base64url') in Node.js.
+*
+* @param value - The ArrayBufferLike or ArrayBufferView to encode
+* @returns A base64url-encoded string without padding
+*/
+const base64UrlEncode = (value) => {
+	return base64Encode(value).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+};
+/**
+* Decodes a base64url-encoded string into a Uint8Array.
+* Handles base64url format by replacing URL-safe characters and adding padding.
+*
+* @param base64Url - The base64url-encoded string to decode
+* @returns Uint8Array containing the decoded bytes
+* @throws Error if decoding fails due to invalid base64url input
+*/
+function base64UrlDecode(base64Url) {
+	const padding = "=".repeat((4 - base64Url.length % 4) % 4);
+	const base64 = base64Url.replace(/-/g, "+").replace(/_/g, "/") + padding;
+	const binaryString = atob(base64);
+	const bytes = new Uint8Array(binaryString.length);
+	for (let i = 0; i < binaryString.length; i++) bytes[i] = binaryString.charCodeAt(i);
+	return bytes;
+}
 
 //#endregion
-export { base64Decode, base64Encode };
+export { base64Decode, base64Encode, base64UrlDecode, base64UrlEncode };
 //# sourceMappingURL=base64.js.map

package/dist/esm/server/sdk/src/utils/base64.js.map

@@ -1 +1 @@
-{"version":3,"file":"base64.js","names":[],"sources":["../../../../../../src/utils/base64.ts"],"sourcesContent":["/**\n * Encodes binary data to standard base64 format for NEAR RPC compatibility.\n * Uses standard base64 characters (+, /, =) rather than base64url encoding.\n *\n * Important: Avoids spreading large arrays into String.fromCharCode(...) which\n * can overflow the JS call stack when encoding big WASM binaries.\n *\n * @param value - ArrayBufferLike or ArrayBufferView containing the binary data to encode\n * @returns Standard base64-encoded string with padding\n */\nexport const base64Encode = (value: ArrayBufferLike | ArrayBufferView): string => {\n  const bytes = ArrayBuffer.isView(value)\n    ? new Uint8Array(value.buffer, value.byteOffset, value.byteLength)\n    : new Uint8Array(value);\n  let binary = '';\n  // Build the string incrementally to avoid exceeding the argument limit.\n  for (let i = 0; i < bytes.length; i++) {\n    binary += String.fromCharCode(bytes[i]);\n  }\n  return btoa(binary);\n}\n\n/**\n * Decodes a standard base64-encoded string into a Uint8Array.\n * Handles standard base64 format with +, /, and = characters.\n *\n * @param base64 - The base64-encoded string to decode\n * @returns Uint8Array containing the decoded bytes\n * @throws Error if decoding fails due to invalid base64 input\n */\nexport function base64Decode(base64: string): Uint8Array {\n  const binaryString = atob(base64);\n  const bytes = new Uint8Array(binaryString.length);\n  for (let i = 0; i < binaryString.length; i++) {\n    bytes[i] = binaryString.charCodeAt(i);\n  }\n  return bytes;\n}\n\n/**\n * Encodes an ArrayBuffer into a base64url string.\n * Converts binary data to base64 then replaces standard base64 characters with URL-safe ones:\n * + -> -\n * / -> _\n * Removes padding = characters\n *\n * Used for WebAuthn API compatibility in browser environments.\n * Equivalent to Buffer.from(value).toString('base64url') in Node.js.\n *\n * @param value - The ArrayBufferLike or ArrayBufferView to encode\n * @returns A base64url-encoded string without padding\n */\nexport const base64UrlEncode = (value: ArrayBufferLike | ArrayBufferView): string => {\n  return base64Encode(value)\n    .replace(/\\+/g, \"-\")\n    .replace(/\\//g, \"_\")\n    .replace(/=/g, \"\");\n}\n\n/**\n * Decodes a base64url-encoded string into a Uint8Array.\n * Handles base64url format by replacing URL-safe characters and adding padding.\n *\n * @param base64Url - The base64url-encoded string to decode\n * @returns Uint8Array containing the decoded bytes\n * @throws Error if decoding fails due to invalid base64url input\n */\nexport function base64UrlDecode(base64Url: string): Uint8Array {\n  const padding = '='.repeat((4 - (base64Url.length % 4)) % 4);\n  const base64 = base64Url.replace(/-/g, '+').replace(/_/g, '/') + padding;\n  const binaryString = atob(base64);\n  const bytes = new Uint8Array(binaryString.length);\n  for (let i = 0; i < binaryString.length; i++) {\n    bytes[i] = binaryString.charCodeAt(i);\n  }\n  return bytes;\n}\n\n/**\n * Converts an ArrayBuffer or ArrayBufferLike object to a plain number array for WASM compatibility.\n * WASM bindings require plain number arrays rather than TypedArrays for memory safety and direct access.\n * The resulting array contains values from 0-255 representing raw bytes.\n *\n * @param buffer - The source buffer to convert, either ArrayBuffer or ArrayBufferLike\n * @returns A plain number[] array containing the buffer's bytes\n */\nexport const toWasmByteArray = (buffer: ArrayBuffer | ArrayBufferLike): number[] => {\n  return Array.from(new Uint8Array(buffer));\n}\n"],"mappings":";;;;;;;;;;;AAUA,MAAa,gBAAgB,UAAqD;CAChF,MAAM,QAAQ,YAAY,OAAO,SAC7B,IAAI,WAAW,MAAM,QAAQ,MAAM,YAAY,MAAM,cACrD,IAAI,WAAW;CACnB,IAAI,SAAS;AAEb,MAAK,IAAI,IAAI,GAAG,IAAI,MAAM,QAAQ,IAChC,WAAU,OAAO,aAAa,MAAM;AAEtC,QAAO,KAAK;;;;;;;;;;AAWd,SAAgB,aAAa,QAA4B;CACvD,MAAM,eAAe,KAAK;CAC1B,MAAM,QAAQ,IAAI,WAAW,aAAa;AAC1C,MAAK,IAAI,IAAI,GAAG,IAAI,aAAa,QAAQ,IACvC,OAAM,KAAK,aAAa,WAAW;AAErC,QAAO"}
+{"version":3,"file":"base64.js","names":[],"sources":["../../../../../../src/utils/base64.ts"],"sourcesContent":["/**\n * Encodes binary data to standard base64 format for NEAR RPC compatibility.\n * Uses standard base64 characters (+, /, =) rather than base64url encoding.\n *\n * Important: Avoids spreading large arrays into String.fromCharCode(...) which\n * can overflow the JS call stack when encoding big WASM binaries.\n *\n * @param value - ArrayBufferLike or ArrayBufferView containing the binary data to encode\n * @returns Standard base64-encoded string with padding\n */\nexport const base64Encode = (value: ArrayBufferLike | ArrayBufferView): string => {\n  const bytes = ArrayBuffer.isView(value)\n    ? new Uint8Array(value.buffer, value.byteOffset, value.byteLength)\n    : new Uint8Array(value);\n  let binary = '';\n  // Build the string incrementally to avoid exceeding the argument limit.\n  for (let i = 0; i < bytes.length; i++) {\n    binary += String.fromCharCode(bytes[i]);\n  }\n  return btoa(binary);\n}\n\n/**\n * Decodes a standard base64-encoded string into a Uint8Array.\n * Handles standard base64 format with +, /, and = characters.\n *\n * @param base64 - The base64-encoded string to decode\n * @returns Uint8Array containing the decoded bytes\n * @throws Error if decoding fails due to invalid base64 input\n */\nexport function base64Decode(base64: string): Uint8Array {\n  const binaryString = atob(base64);\n  const bytes = new Uint8Array(binaryString.length);\n  for (let i = 0; i < binaryString.length; i++) {\n    bytes[i] = binaryString.charCodeAt(i);\n  }\n  return bytes;\n}\n\n/**\n * Encodes an ArrayBuffer into a base64url string.\n * Converts binary data to base64 then replaces standard base64 characters with URL-safe ones:\n * + -> -\n * / -> _\n * Removes padding = characters\n *\n * Used for WebAuthn API compatibility in browser environments.\n * Equivalent to Buffer.from(value).toString('base64url') in Node.js.\n *\n * @param value - The ArrayBufferLike or ArrayBufferView to encode\n * @returns A base64url-encoded string without padding\n */\nexport const base64UrlEncode = (value: ArrayBufferLike | ArrayBufferView): string => {\n  return base64Encode(value)\n    .replace(/\\+/g, \"-\")\n    .replace(/\\//g, \"_\")\n    .replace(/=/g, \"\");\n}\n\n/**\n * Decodes a base64url-encoded string into a Uint8Array.\n * Handles base64url format by replacing URL-safe characters and adding padding.\n *\n * @param base64Url - The base64url-encoded string to decode\n * @returns Uint8Array containing the decoded bytes\n * @throws Error if decoding fails due to invalid base64url input\n */\nexport function base64UrlDecode(base64Url: string): Uint8Array {\n  const padding = '='.repeat((4 - (base64Url.length % 4)) % 4);\n  const base64 = base64Url.replace(/-/g, '+').replace(/_/g, '/') + padding;\n  const binaryString = atob(base64);\n  const bytes = new Uint8Array(binaryString.length);\n  for (let i = 0; i < binaryString.length; i++) {\n    bytes[i] = binaryString.charCodeAt(i);\n  }\n  return bytes;\n}\n\n/**\n * Converts an ArrayBuffer or ArrayBufferLike object to a plain number array for WASM compatibility.\n * WASM bindings require plain number arrays rather than TypedArrays for memory safety and direct access.\n * The resulting array contains values from 0-255 representing raw bytes.\n *\n * @param buffer - The source buffer to convert, either ArrayBuffer or ArrayBufferLike\n * @returns A plain number[] array containing the buffer's bytes\n */\nexport const toWasmByteArray = (buffer: ArrayBuffer | ArrayBufferLike): number[] => {\n  return Array.from(new Uint8Array(buffer));\n}\n"],"mappings":";;;;;;;;;;;AAUA,MAAa,gBAAgB,UAAqD;CAChF,MAAM,QAAQ,YAAY,OAAO,SAC7B,IAAI,WAAW,MAAM,QAAQ,MAAM,YAAY,MAAM,cACrD,IAAI,WAAW;CACnB,IAAI,SAAS;AAEb,MAAK,IAAI,IAAI,GAAG,IAAI,MAAM,QAAQ,IAChC,WAAU,OAAO,aAAa,MAAM;AAEtC,QAAO,KAAK;;;;;;;;;;AAWd,SAAgB,aAAa,QAA4B;CACvD,MAAM,eAAe,KAAK;CAC1B,MAAM,QAAQ,IAAI,WAAW,aAAa;AAC1C,MAAK,IAAI,IAAI,GAAG,IAAI,aAAa,QAAQ,IACvC,OAAM,KAAK,aAAa,WAAW;AAErC,QAAO;;;;;;;;;;;;;;;AAgBT,MAAa,mBAAmB,UAAqD;AACnF,QAAO,aAAa,OACjB,QAAQ,OAAO,KACf,QAAQ,OAAO,KACf,QAAQ,MAAM;;;;;;;;;;AAWnB,SAAgB,gBAAgB,WAA+B;CAC7D,MAAM,UAAU,IAAI,QAAQ,IAAK,UAAU,SAAS,KAAM;CAC1D,MAAM,SAAS,UAAU,QAAQ,MAAM,KAAK,QAAQ,MAAM,OAAO;CACjE,MAAM,eAAe,KAAK;CAC1B,MAAM,QAAQ,IAAI,WAAW,aAAa;AAC1C,MAAK,IAAI,IAAI,GAAG,IAAI,aAAa,QAAQ,IACvC,OAAM,KAAK,aAAa,WAAW;AAErC,QAAO"}

package/dist/esm/server/sdk/src/utils/digests.js

@@ -0,0 +1,26 @@
+//#region src/utils/digests.ts
+function isRecord(value) {
+	return value !== null && typeof value === "object" && !Array.isArray(value);
+}
+function alphabetizeStringify(input) {
+	const normalizeValue = (value) => {
+		if (Array.isArray(value)) return value.map(normalizeValue);
+		if (isRecord(value)) {
+			const sortedKeys = Object.keys(value).sort();
+			const result = {};
+			for (const key of sortedKeys) result[key] = normalizeValue(value[key]);
+			return result;
+		}
+		return value;
+	};
+	return JSON.stringify(normalizeValue(input));
+}
+async function sha256BytesUtf8(input) {
+	const data = new TextEncoder().encode(input);
+	const digest = await crypto.subtle.digest("SHA-256", data);
+	return new Uint8Array(digest);
+}
+
+//#endregion
+export { alphabetizeStringify, sha256BytesUtf8 };
+//# sourceMappingURL=digests.js.map

package/dist/esm/server/sdk/src/utils/digests.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"digests.js","names":["result: Record<string, unknown>"],"sources":["../../../../../../src/utils/digests.ts"],"sourcesContent":["// Shared digest primitives used across browser + server code.\n//\n// These helpers deliberately stay small and dependency-free so they can be used from:\n// - UI/VRF binding (WebAuthnManager)\n// - Relayer/server-side verification (threshold validation)\n\nfunction isRecord(value: unknown): value is Record<string, unknown> {\n  return value !== null && typeof value === 'object' && !Array.isArray(value);\n}\n\n// Deterministic stringify by alphabetizing object keys recursively.\n// Arrays preserve order; only keys within objects are sorted.\nexport function alphabetizeStringify(input: unknown): string {\n  const normalizeValue = (value: unknown): unknown => {\n    if (Array.isArray(value)) {\n      return value.map(normalizeValue);\n    }\n    if (isRecord(value)) {\n      const sortedKeys = Object.keys(value).sort();\n      const result: Record<string, unknown> = {};\n      for (const key of sortedKeys) {\n        result[key] = normalizeValue(value[key]);\n      }\n      return result;\n    }\n    return value;\n  };\n\n  return JSON.stringify(normalizeValue(input));\n}\n\nexport async function sha256BytesUtf8(input: string): Promise<Uint8Array> {\n  const data = new TextEncoder().encode(input);\n  const digest = await crypto.subtle.digest('SHA-256', data);\n  return new Uint8Array(digest);\n}\n\n"],"mappings":";AAMA,SAAS,SAAS,OAAkD;AAClE,QAAO,UAAU,QAAQ,OAAO,UAAU,YAAY,CAAC,MAAM,QAAQ;;AAKvE,SAAgB,qBAAqB,OAAwB;CAC3D,MAAM,kBAAkB,UAA4B;AAClD,MAAI,MAAM,QAAQ,OAChB,QAAO,MAAM,IAAI;AAEnB,MAAI,SAAS,QAAQ;GACnB,MAAM,aAAa,OAAO,KAAK,OAAO;GACtC,MAAMA,SAAkC;AACxC,QAAK,MAAM,OAAO,WAChB,QAAO,OAAO,eAAe,MAAM;AAErC,UAAO;;AAET,SAAO;;AAGT,QAAO,KAAK,UAAU,eAAe;;AAGvC,eAAsB,gBAAgB,OAAoC;CACxE,MAAM,OAAO,IAAI,cAAc,OAAO;CACtC,MAAM,SAAS,MAAM,OAAO,OAAO,OAAO,WAAW;AACrD,QAAO,IAAI,WAAW"}

package/dist/esm/server/sdk/src/utils/errors.js

@@ -15,7 +15,24 @@ function errorMessage(err) {
 		return "";
 	}
 }
+/**
+* Normalize any thrown value into an Error instance.
+* - preserves message/name/stack when available
+* - best-effort copies optional code/details properties if present
+*/
+function toError(e) {
+	if (e instanceof Error) return e;
+	const err = new Error(errorMessage(e));
+	try {
+		const src = e;
+		if (typeof src?.name === "string") err.name = src.name;
+		if (typeof src?.stack === "string") err.stack = src.stack;
+		if (src && typeof src.code !== "undefined") err.code = src.code;
+		if (src && typeof src.details !== "undefined") err.details = src.details;
+	} catch {}
+	return err;
+}
 
 //#endregion
-export { errorMessage };
+export { errorMessage, toError };
 //# sourceMappingURL=errors.js.map