npm - @tatchi-xyz/sdk - Versions diffs - 0.21.0 → 0.31.0 - Mend

@tatchi-xyz/sdk 0.21.0 → 0.31.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2488) hide show

package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/transactions.js CHANGED Viewed

@@ -1,8 +1,8 @@
-const require_rolldown_runtime = require('../../../../../_virtual/rolldown_runtime.js');
 const require_accountIds = require('../../../../types/accountIds.js');
 const require_errors = require('../../../../../utils/errors.js');
 const require_defaultConfigs = require('../../../../defaultConfigs.js');
 const require_getDeviceNumber = require('../../../SignerWorkerManager/getDeviceNumber.js');
+const require_intentDigest = require('../../../../digests/intentDigest.js');
 const require_types = require('../types.js');
 const require_common = require('../adapters/common.js');
 const require_requestHelpers = require('../adapters/requestHelpers.js');
@@ -10,16 +10,9 @@ const require_session = require('../adapters/session.js');
 const require_createAdapters = require('../adapters/createAdapters.js');
 //#region src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/transactions.ts
-require_accountIds.init_accountIds();
-require_getDeviceNumber.init_getDeviceNumber();
-require_errors.init_errors();
-require_defaultConfigs.init_defaultConfigs();
 function getSigningAuthMode(request) {
 	if (request.type === require_types.SecureConfirmationType.SIGN_TRANSACTION) return require_requestHelpers.getSignTransactionPayload(request).signingAuthMode ?? "webauthn";
-	if (request.type === require_types.SecureConfirmationType.SIGN_NEP413_MESSAGE) {
-		const p = request.payload;
-		return p?.signingAuthMode ?? "webauthn";
-	}
+	if (request.type === require_types.SecureConfirmationType.SIGN_NEP413_MESSAGE) return request.payload.signingAuthMode ?? "webauthn";
 	return "webauthn";
 }
 async function handleTransactionSigningFlow(ctx, request, worker, opts) {
@@ -35,12 +28,18 @@ async function handleTransactionSigningFlow(ctx, request, worker, opts) {
 	const nearAccountId = require_requestHelpers.getNearAccountId(request);
 	const signingAuthMode = getSigningAuthMode(request);
 	const usesNeeded = require_requestHelpers.getTxCount(request);
+	const vrfIntentDigestB64u = request.type === require_types.SecureConfirmationType.SIGN_TRANSACTION ? require_requestHelpers.getIntentDigest(request) : request.type === require_types.SecureConfirmationType.SIGN_NEP413_MESSAGE ? await require_intentDigest.computeUiIntentDigestFromNep413({
+		nearAccountId,
+		recipient: request.payload.recipient,
+		message: request.payload.message
+	}) : void 0;
+	const sessionPolicyDigest32 = request.payload.sessionPolicyDigest32;
 	const nearRpc = await adapters.near.fetchNearContext({
 		nearAccountId,
 		txCount: usesNeeded,
 		reserveNonces: true
 	});
-	if (nearRpc.error && !nearRpc.transactionContext) {
+	if (!nearRpc.transactionContext) {
 		console.error("[SigningFlow] fetchNearContext failed", {
 			error: nearRpc.error,
 			details: nearRpc.details
@@ -49,7 +48,7 @@ async function handleTransactionSigningFlow(ctx, request, worker, opts) {
 			requestId: request.requestId,
 			intentDigest: require_requestHelpers.getIntentDigest(request),
 			confirmed: false,
-			error: `${require_common.ERROR_MESSAGES.nearRpcFailed}: ${nearRpc.details}`
+			error: nearRpc.details ? `${require_common.ERROR_MESSAGES.nearRpcFailed}: ${nearRpc.details}` : require_common.ERROR_MESSAGES.nearRpcFailed
 		});
 	}
 	session.setReservedNonces(nearRpc.reservedNonces);
@@ -67,7 +66,9 @@ async function handleTransactionSigningFlow(ctx, request, worker, opts) {
 			userId: nearAccountId,
 			rpId,
 			blockHeight: transactionContext.txBlockHeight,
-			blockHash: transactionContext.txBlockHash
+			blockHash: transactionContext.txBlockHash,
+			...vrfIntentDigestB64u ? { intentDigest: vrfIntentDigestB64u } : {},
+			...sessionPolicyDigest32 ? { sessionPolicyDigest32 } : {}
 		}, request.requestId);
 		uiVrfChallengeForUi = uiVrfChallenge;
 	}
@@ -122,8 +123,9 @@ async function handleTransactionSigningFlow(ctx, request, worker, opts) {
 			if (!vrfStatus.active) throw new Error("VRF keypair not active in memory. VRF session may have expired or was not properly initialized. Please refresh and try again.");
 			if (!vrfStatus.nearAccountId || String(vrfStatus.nearAccountId) !== String(require_accountIds.toAccountId(nearAccountId))) throw new Error("VRF session is active but bound to a different account than the one being signed. Please log in again on this device.");
 			const deviceNumber = await require_getDeviceNumber.getLastLoggedInDeviceNumber(require_accountIds.toAccountId(nearAccountId), ctx.indexedDB.clientDB);
-			const encryptedKeyData = await ctx.indexedDB.nearKeysDB.getEncryptedKey(nearAccountId, deviceNumber);
-			const wrapKeySalt = encryptedKeyData?.wrapKeySalt || "";
+			const keyMaterial = await ctx.indexedDB.nearKeysDB.getLocalKeyMaterial(nearAccountId, deviceNumber);
+			if (!keyMaterial) throw new Error(`No key material found for account ${nearAccountId} device ${deviceNumber}`);
+			const wrapKeySalt = keyMaterial.wrapKeySalt;
 			if (!wrapKeySalt) throw new Error("Missing wrapKeySalt in vault; re-register to upgrade vault format.");
 			if (request.type === require_types.SecureConfirmationType.SIGN_TRANSACTION) {
 				const payload = require_requestHelpers.getSignTransactionPayload(request);
@@ -131,8 +133,8 @@ async function handleTransactionSigningFlow(ctx, request, worker, opts) {
 				nearRpcUrl = payload?.rpcCall?.nearRpcUrl;
 			} else if (request.type === require_types.SecureConfirmationType.SIGN_NEP413_MESSAGE) {
 				const payload = request.payload;
-				contractId = payload?.contractId || require_defaultConfigs.PASSKEY_MANAGER_DEFAULT_CONFIGS.contractId;
-				nearRpcUrl = payload?.nearRpcUrl || require_defaultConfigs.PASSKEY_MANAGER_DEFAULT_CONFIGS.nearRpcUrl;
+				contractId = payload.contractId || require_defaultConfigs.PASSKEY_MANAGER_DEFAULT_CONFIGS.contractId;
+				nearRpcUrl = payload.nearRpcUrl || require_defaultConfigs.PASSKEY_MANAGER_DEFAULT_CONFIGS.nearRpcUrl;
 			}
 			await adapters.vrf.mintSessionKeysAndSendToSigner({
 				sessionId: request.requestId,
@@ -163,7 +165,7 @@ async function handleTransactionSigningFlow(ctx, request, worker, opts) {
 			requestId: request.requestId,
 			intentDigest: require_requestHelpers.getIntentDigest(request),
 			confirmed: false,
-			error: cancelled ? require_common.ERROR_MESSAGES.cancelled : isWrongPasskeyError ? msg : require_common.ERROR_MESSAGES.collectCredentialsFailed
+			error: cancelled ? require_common.ERROR_MESSAGES.cancelled : isWrongPasskeyError ? msg : msg || require_common.ERROR_MESSAGES.collectCredentialsFailed
 		});
 	}
 }

package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/transactions.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"transactions.js","names":["SecureConfirmationType","getSignTransactionPayload","createConfirmTxFlowAdapters","createConfirmSession","getNearAccountId","getTxCount","getIntentDigest","ERROR_MESSAGES","uiVrfChallenge: VRFChallenge \| undefined","uiVrfChallengeForUi: Partial<VRFChallenge> \| undefined","err: unknown","toError","contractId: string \| undefined","nearRpcUrl: string \| undefined","toAccountId","getLastLoggedInDeviceNumber","PASSKEY_MANAGER_DEFAULT_CONFIGS","isUserCancelledSecureConfirm"],"sources":["../../../../../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/transactions.ts"],"sourcesContent":["import type { VrfWorkerManagerContext } from '../../';\nimport type { ConfirmationConfig } from '../../../../types/signer-worker';\nimport {\n SecureConfirmationType,\n TransactionSummary,\n SigningSecureConfirmRequest,\n SigningAuthMode,\n} from '../types';\nimport { VRFChallenge, TransactionContext } from '../../../../types';\nimport {\n getNearAccountId,\n getIntentDigest,\n getTxCount,\n isUserCancelledSecureConfirm,\n ERROR_MESSAGES,\n getSignTransactionPayload,\n} from './index';\nimport { toAccountId } from '../../../../types/accountIds';\nimport { getLastLoggedInDeviceNumber } from '../../../SignerWorkerManager/getDeviceNumber';\nimport { toError } from '../../../../../utils/errors';\nimport { PASSKEY_MANAGER_DEFAULT_CONFIGS } from '../../../../defaultConfigs';\nimport { createConfirmSession } from '../adapters/session';\nimport { createConfirmTxFlowAdapters } from '../adapters/createAdapters';\n\nfunction getSigningAuthMode(request: SigningSecureConfirmRequest): SigningAuthMode {\n if (request.type === SecureConfirmationType.SIGN_TRANSACTION) {\n return getSignTransactionPayload(request).signingAuthMode ?? 'webauthn';\n }\n if (request.type === SecureConfirmationType.SIGN_NEP413_MESSAGE) {\n const p = request.payload as any;\n return (p?.signingAuthMode as SigningAuthMode \| undefined) ?? 'webauthn';\n }\n return 'webauthn';\n}\n\nexport async function handleTransactionSigningFlow(\n ctx: VrfWorkerManagerContext,\n request: SigningSecureConfirmRequest,\n worker: Worker,\n opts: { confirmationConfig: ConfirmationConfig; transactionSummary: TransactionSummary },\n): Promise<void> {\n const { confirmationConfig, transactionSummary } = opts;\n const adapters = createConfirmTxFlowAdapters(ctx);\n const session = createConfirmSession({\n adapters,\n worker,\n request,\n confirmationConfig,\n transactionSummary,\n });\n const nearAccountId = getNearAccountId(request);\n const signingAuthMode = getSigningAuthMode(request);\n const usesNeeded = getTxCount(request);\n\n // 1) NEAR context + nonce reservation\n const nearRpc = await adapters.near.fetchNearContext({ nearAccountId, txCount: usesNeeded, reserveNonces: true });\n if (nearRpc.error && !nearRpc.transactionContext) {\n // eslint-disable-next-line no-console\n console.error('[SigningFlow] fetchNearContext failed', { error: nearRpc.error, details: nearRpc.details });\n return session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: false,\n error: `${ERROR_MESSAGES.nearRpcFailed}: ${nearRpc.details}`,\n });\n }\n session.setReservedNonces(nearRpc.reservedNonces);\n let transactionContext = nearRpc.transactionContext as TransactionContext;\n\n // 2) Security context shown in the confirmer (rpId + block height).\n // For warmSession signing we still want to show this context even though\n // we won't collect a WebAuthn credential.\n const rpId = adapters.vrf.getRpId();\n let uiVrfChallenge: VRFChallenge \| undefined;\n let uiVrfChallengeForUi: Partial<VRFChallenge> \| undefined = rpId\n ? {\n userId: nearAccountId,\n rpId,\n blockHeight: transactionContext.txBlockHeight,\n blockHash: transactionContext.txBlockHash,\n }\n : undefined;\n\n // Initial VRF challenge (only needed for WebAuthn credential collection)\n if (signingAuthMode === 'webauthn') {\n uiVrfChallenge = await adapters.vrf.generateVrfChallengeForSession(\n {\n userId: nearAccountId,\n rpId,\n blockHeight: transactionContext.txBlockHeight,\n blockHash: transactionContext.txBlockHash,\n },\n request.requestId,\n );\n uiVrfChallengeForUi = uiVrfChallenge;\n }\n\n // 3) UI confirm\n const { confirmed, error: uiError } = await session.promptUser({ vrfChallenge: uiVrfChallengeForUi });\n if (!confirmed) {\n return session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: false,\n error: uiError,\n });\n }\n\n // 4) Warm session: dispense WrapKeySeed and skip WebAuthn\n if (signingAuthMode === 'warmSession') {\n try {\n await adapters.vrf.dispenseSessionKey({ sessionId: request.requestId, uses: usesNeeded });\n } catch (err: unknown) {\n const msg = String((toError(err))?.message \|\| err \|\| '');\n return session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: false,\n error: msg \|\| 'Failed to dispense warm session key',\n });\n }\n\n session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: true,\n transactionContext,\n });\n return;\n }\n\n // 5) JIT refresh VRF + ctx (best-effort)\n try {\n const refreshed = await adapters.vrf.maybeRefreshVrfChallenge(request, nearAccountId);\n uiVrfChallenge = refreshed.vrfChallenge;\n transactionContext = refreshed.transactionContext;\n session.updateUI({ vrfChallenge: uiVrfChallenge });\n } catch (e) {\n console.debug('[SigningFlow] VRF JIT refresh skipped', e);\n }\n\n // 6) Collect authentication credential\n try {\n if (!uiVrfChallenge) {\n throw new Error('Missing vrfChallenge for WebAuthn signing flow');\n }\n const serializedCredential = await adapters.webauthn.collectAuthenticationCredentialWithPRF({\n nearAccountId,\n vrfChallenge: uiVrfChallenge,\n });\n\n // 5c) Derive WrapKeySeed inside the VRF worker and deliver it to the signer worker via\n // the reserved WrapKeySeed MessagePort. Main thread only sees wrapKeySalt metadata.\n let contractId: string \| undefined;\n let nearRpcUrl: string \| undefined;\n try {\n // Ensure VRF session is active and bound to the same account we are signing for.\n const vrfStatus = await adapters.vrf.checkVrfStatus();\n if (!vrfStatus.active) {\n throw new Error('VRF keypair not active in memory. VRF session may have expired or was not properly initialized. Please refresh and try again.');\n }\n if (!vrfStatus.nearAccountId \|\| String(vrfStatus.nearAccountId) !== String(toAccountId(nearAccountId))) {\n throw new Error('VRF session is active but bound to a different account than the one being signed. Please log in again on this device.');\n }\n\n const deviceNumber = await getLastLoggedInDeviceNumber(toAccountId(nearAccountId), ctx.indexedDB.clientDB);\n const encryptedKeyData = await ctx.indexedDB.nearKeysDB.getEncryptedKey(nearAccountId, deviceNumber);\n // For v2+ vaults, wrapKeySalt is the canonical salt.\n const wrapKeySalt = encryptedKeyData?.wrapKeySalt \|\| '';\n if (!wrapKeySalt) {\n throw new Error('Missing wrapKeySalt in vault; re-register to upgrade vault format.');\n }\n\n // Extract contract verification context when available.\n // - SIGN_TRANSACTION: use per-request rpcCall (already normalized by caller).\n // - SIGN_NEP413_MESSAGE: allow per-request override; fall back to PASSKEY_MANAGER_DEFAULT_CONFIGS.\n if (request.type === SecureConfirmationType.SIGN_TRANSACTION) {\n const payload = getSignTransactionPayload(request);\n contractId = payload?.rpcCall?.contractId;\n nearRpcUrl = payload?.rpcCall?.nearRpcUrl;\n } else if (request.type === SecureConfirmationType.SIGN_NEP413_MESSAGE) {\n const payload = request.payload as any;\n contractId = payload?.contractId\n \|\| PASSKEY_MANAGER_DEFAULT_CONFIGS.contractId;\n nearRpcUrl = payload?.nearRpcUrl\n \|\| PASSKEY_MANAGER_DEFAULT_CONFIGS.nearRpcUrl;\n }\n\n await adapters.vrf.mintSessionKeysAndSendToSigner({\n sessionId: request.requestId,\n wrapKeySalt,\n contractId,\n nearRpcUrl,\n credential: serializedCredential,\n });\n\t } catch (err) {\n\t console.error('[SigningFlow] WrapKeySeed derivation failed:', err);\n\t throw err; // Don't silently ignore - propagate the error\n\t }\n\n // 6) Respond; keep nonces reserved for worker to use\n session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: true,\n credential: serializedCredential,\n // prfOutput intentionally omitted to keep signer PRF-free\n // WrapKeySeed travels only over the dedicated VRF→Signer MessagePort; do not echo in the main-thread envelope\n vrfChallenge: uiVrfChallenge,\n transactionContext,\n });\n } catch (err: unknown) {\n // Treat TouchID/FaceID cancellation and related errors as a negative decision\n const cancelled = isUserCancelledSecureConfirm(err);\n // For missing PRF outputs, surface the error to caller (defensive path tests expect a throw)\n const msg = String((toError(err))?.message \|\| err \|\| '');\n if (/Missing PRF result/i.test(msg) \|\| /Missing PRF results/i.test(msg)) {\n // Ensure UI is closed and nonces released, then rethrow\n return session.cleanupAndRethrow(err);\n }\n if (cancelled) {\n window.parent?.postMessage({ type: 'WALLET_UI_CLOSED' }, '*');\n }\n const isWrongPasskeyError = /multiple passkeys \$devicenumbers\$ for account/i.test(msg);\n return session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: false,\n error: cancelled\n ? ERROR_MESSAGES.cancelled\n : (isWrongPasskeyError ? msg : ERROR_MESSAGES.collectCredentialsFailed),\n });\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;AAwBA,SAAS,mBAAmB,SAAuD;AACjF,KAAI,QAAQ,SAASA,qCAAuB,iBAC1C,QAAOC,iDAA0B,SAAS,mBAAmB;AAE/D,KAAI,QAAQ,SAASD,qCAAuB,qBAAqB;EAC/D,MAAM,IAAI,QAAQ;AAClB,SAAQ,GAAG,mBAAmD;;AAEhE,QAAO;;AAGT,eAAsB,6BACpB,KACA,SACA,QACA,MACe;CACf,MAAM,EAAE,oBAAoB,uBAAuB;CACnD,MAAM,WAAWE,mDAA4B;CAC7C,MAAM,UAAUC,qCAAqB;EACnC;EACA;EACA;EACA;EACA;;CAEF,MAAM,gBAAgBC,wCAAiB;CACvC,MAAM,kBAAkB,mBAAmB;CAC3C,MAAM,aAAaC,kCAAW;CAG9B,MAAM,UAAU,MAAM,SAAS,KAAK,iBAAiB;EAAE;EAAe,SAAS;EAAY,eAAe;;AAC1G,KAAI,QAAQ,SAAS,CAAC,QAAQ,oBAAoB;AAEhD,UAAQ,MAAM,yCAAyC;GAAE,OAAO,QAAQ;GAAO,SAAS,QAAQ;;AAChG,SAAO,QAAQ,qBAAqB;GAClC,WAAW,QAAQ;GACnB,cAAcC,uCAAgB;GAC9B,WAAW;GACX,OAAO,GAAGC,8BAAe,cAAc,IAAI,QAAQ;;;AAGvD,SAAQ,kBAAkB,QAAQ;CAClC,IAAI,qBAAqB,QAAQ;CAKjC,MAAM,OAAO,SAAS,IAAI;CAC1B,IAAIC;CACJ,IAAIC,sBAAyD,OACzD;EACE,QAAQ;EACR;EACA,aAAa,mBAAmB;EAChC,WAAW,mBAAmB;KAEhC;AAGJ,KAAI,oBAAoB,YAAY;AAClC,mBAAiB,MAAM,SAAS,IAAI,+BAClC;GACE,QAAQ;GACR;GACA,aAAa,mBAAmB;GAChC,WAAW,mBAAmB;KAEhC,QAAQ;AAEV,wBAAsB;;CAIxB,MAAM,EAAE,WAAW,OAAO,YAAY,MAAM,QAAQ,WAAW,EAAE,cAAc;AAC/E,KAAI,CAAC,UACH,QAAO,QAAQ,qBAAqB;EAClC,WAAW,QAAQ;EACnB,cAAcH,uCAAgB;EAC9B,WAAW;EACX,OAAO;;AAKX,KAAI,oBAAoB,eAAe;AACrC,MAAI;AACF,SAAM,SAAS,IAAI,mBAAmB;IAAE,WAAW,QAAQ;IAAW,MAAM;;WACrEI,KAAc;GACrB,MAAM,MAAM,OAAQC,uBAAQ,MAAO,WAAW,OAAO;AACrD,UAAO,QAAQ,qBAAqB;IAClC,WAAW,QAAQ;IACnB,cAAcL,uCAAgB;IAC9B,WAAW;IACX,OAAO,OAAO;;;AAIlB,UAAQ,qBAAqB;GAC3B,WAAW,QAAQ;GACnB,cAAcA,uCAAgB;GAC9B,WAAW;GACX;;AAEF;;AAIF,KAAI;EACF,MAAM,YAAY,MAAM,SAAS,IAAI,yBAAyB,SAAS;AACvE,mBAAiB,UAAU;AAC3B,uBAAqB,UAAU;AAC/B,UAAQ,SAAS,EAAE,cAAc;UAC1B,GAAG;AACV,UAAQ,MAAM,yCAAyC;;AAIzD,KAAI;AACF,MAAI,CAAC,eACH,OAAM,IAAI,MAAM;EAElB,MAAM,uBAAuB,MAAM,SAAS,SAAS,uCAAuC;GAC1F;GACA,cAAc;;EAKhB,IAAIM;EACJ,IAAIC;AACJ,MAAI;GAEF,MAAM,YAAY,MAAM,SAAS,IAAI;AACrC,OAAI,CAAC,UAAU,OACb,OAAM,IAAI,MAAM;AAElB,OAAI,CAAC,UAAU,iBAAiB,OAAO,UAAU,mBAAmB,OAAOC,+BAAY,gBACrF,OAAM,IAAI,MAAM;GAGlB,MAAM,eAAe,MAAMC,oDAA4BD,+BAAY,gBAAgB,IAAI,UAAU;GACjG,MAAM,mBAAmB,MAAM,IAAI,UAAU,WAAW,gBAAgB,eAAe;GAEvF,MAAM,cAAc,kBAAkB,eAAe;AACrD,OAAI,CAAC,YACH,OAAM,IAAI,MAAM;AAMlB,OAAI,QAAQ,SAASd,qCAAuB,kBAAkB;IAC5D,MAAM,UAAUC,iDAA0B;AAC1C,iBAAa,SAAS,SAAS;AAC/B,iBAAa,SAAS,SAAS;cACtB,QAAQ,SAASD,qCAAuB,qBAAqB;IACtE,MAAM,UAAU,QAAQ;AACxB,iBAAa,SAAS,cACjBgB,uDAAgC;AACrC,iBAAa,SAAS,cACjBA,uDAAgC;;AAGvC,SAAM,SAAS,IAAI,+BAA+B;IAChD,WAAW,QAAQ;IACnB;IACA;IACA;IACA,YAAY;;WAEN,KAAK;AACZ,WAAQ,MAAM,gDAAgD;AAC9D,SAAM;;AAIT,UAAQ,qBAAqB;GAC3B,WAAW,QAAQ;GACnB,cAAcV,uCAAgB;GAC9B,WAAW;GACX,YAAY;GAGZ,cAAc;GACd;;UAEKI,KAAc;EAErB,MAAM,YAAYO,4CAA6B;EAE/C,MAAM,MAAM,OAAQN,uBAAQ,MAAO,WAAW,OAAO;AACrD,MAAI,sBAAsB,KAAK,QAAQ,uBAAuB,KAAK,KAEjE,QAAO,QAAQ,kBAAkB;AAEnC,MAAI,UACF,QAAO,QAAQ,YAAY,EAAE,MAAM,sBAAsB;EAE3D,MAAM,sBAAsB,mDAAmD,KAAK;AACpF,SAAO,QAAQ,qBAAqB;GAClC,WAAW,QAAQ;GACnB,cAAcL,uCAAgB;GAC9B,WAAW;GACX,OAAO,YACHC,8BAAe,YACd,sBAAsB,MAAMA,8BAAe"}
1	+ {"version":3,"file":"transactions.js","names":["SecureConfirmationType","getSignTransactionPayload","createConfirmTxFlowAdapters","createConfirmSession","getNearAccountId","getTxCount","getIntentDigest","computeUiIntentDigestFromNep413","ERROR_MESSAGES","transactionContext: TransactionContext","uiVrfChallenge: VRFChallenge \| undefined","uiVrfChallengeForUi: Partial<VRFChallenge> \| undefined","err: unknown","toError","contractId: string \| undefined","nearRpcUrl: string \| undefined","toAccountId","getLastLoggedInDeviceNumber","PASSKEY_MANAGER_DEFAULT_CONFIGS","isUserCancelledSecureConfirm"],"sources":["../../../../../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/transactions.ts"],"sourcesContent":["import type { VrfWorkerManagerContext } from '../../';\nimport type { ConfirmationConfig } from '../../../../types/signer-worker';\nimport {\n SecureConfirmationType,\n TransactionSummary,\n SigningSecureConfirmRequest,\n SigningAuthMode,\n} from '../types';\nimport { VRFChallenge, TransactionContext } from '../../../../types';\nimport {\n getNearAccountId,\n getIntentDigest,\n getTxCount,\n isUserCancelledSecureConfirm,\n ERROR_MESSAGES,\n getSignTransactionPayload,\n} from './index';\nimport { toAccountId } from '../../../../types/accountIds';\nimport { getLastLoggedInDeviceNumber } from '../../../SignerWorkerManager/getDeviceNumber';\nimport { toError } from '../../../../../utils/errors';\nimport { PASSKEY_MANAGER_DEFAULT_CONFIGS } from '../../../../defaultConfigs';\nimport { createConfirmSession } from '../adapters/session';\nimport { createConfirmTxFlowAdapters } from '../adapters/createAdapters';\nimport { computeUiIntentDigestFromNep413 } from '../../../../digests/intentDigest';\n\nfunction getSigningAuthMode(request: SigningSecureConfirmRequest): SigningAuthMode {\n if (request.type === SecureConfirmationType.SIGN_TRANSACTION) {\n return getSignTransactionPayload(request).signingAuthMode ?? 'webauthn';\n }\n if (request.type === SecureConfirmationType.SIGN_NEP413_MESSAGE) {\n return request.payload.signingAuthMode ?? 'webauthn';\n }\n return 'webauthn';\n}\n\nexport async function handleTransactionSigningFlow(\n ctx: VrfWorkerManagerContext,\n request: SigningSecureConfirmRequest,\n worker: Worker,\n opts: { confirmationConfig: ConfirmationConfig; transactionSummary: TransactionSummary },\n): Promise<void> {\n const { confirmationConfig, transactionSummary } = opts;\n const adapters = createConfirmTxFlowAdapters(ctx);\n const session = createConfirmSession({\n adapters,\n worker,\n request,\n confirmationConfig,\n transactionSummary,\n });\n const nearAccountId = getNearAccountId(request);\n const signingAuthMode = getSigningAuthMode(request);\n const usesNeeded = getTxCount(request);\n const vrfIntentDigestB64u = request.type === SecureConfirmationType.SIGN_TRANSACTION\n ? getIntentDigest(request)\n : request.type === SecureConfirmationType.SIGN_NEP413_MESSAGE\n ? await computeUiIntentDigestFromNep413({\n nearAccountId,\n recipient: request.payload.recipient,\n message: request.payload.message,\n })\n : undefined;\n const sessionPolicyDigest32 = request.payload.sessionPolicyDigest32;\n\n // 1) NEAR context + nonce reservation\n const nearRpc = await adapters.near.fetchNearContext({ nearAccountId, txCount: usesNeeded, reserveNonces: true });\n if (!nearRpc.transactionContext) {\n // eslint-disable-next-line no-console\n console.error('[SigningFlow] fetchNearContext failed', { error: nearRpc.error, details: nearRpc.details });\n return session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: false,\n error: nearRpc.details ? `${ERROR_MESSAGES.nearRpcFailed}: ${nearRpc.details}` : ERROR_MESSAGES.nearRpcFailed,\n });\n }\n session.setReservedNonces(nearRpc.reservedNonces);\n let transactionContext: TransactionContext = nearRpc.transactionContext;\n\n // 2) Security context shown in the confirmer (rpId + block height).\n // For warmSession signing we still want to show this context even though\n // we won't collect a WebAuthn credential.\n const rpId = adapters.vrf.getRpId();\n let uiVrfChallenge: VRFChallenge \| undefined;\n let uiVrfChallengeForUi: Partial<VRFChallenge> \| undefined = rpId\n ? {\n userId: nearAccountId,\n rpId,\n blockHeight: transactionContext.txBlockHeight,\n blockHash: transactionContext.txBlockHash,\n }\n : undefined;\n\n // Initial VRF challenge (only needed for WebAuthn credential collection)\n if (signingAuthMode === 'webauthn') {\n uiVrfChallenge = await adapters.vrf.generateVrfChallengeForSession(\n {\n userId: nearAccountId,\n rpId,\n blockHeight: transactionContext.txBlockHeight,\n blockHash: transactionContext.txBlockHash,\n ...(vrfIntentDigestB64u ? { intentDigest: vrfIntentDigestB64u } : {}),\n ...(sessionPolicyDigest32 ? { sessionPolicyDigest32 } : {}),\n },\n request.requestId,\n );\n uiVrfChallengeForUi = uiVrfChallenge;\n }\n\n // 3) UI confirm\n const { confirmed, error: uiError } = await session.promptUser({ vrfChallenge: uiVrfChallengeForUi });\n if (!confirmed) {\n return session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: false,\n error: uiError,\n });\n }\n\n // 4) Warm session: dispense WrapKeySeed and skip WebAuthn\n if (signingAuthMode === 'warmSession') {\n try {\n await adapters.vrf.dispenseSessionKey({ sessionId: request.requestId, uses: usesNeeded });\n } catch (err: unknown) {\n const msg = String((toError(err))?.message \|\| err \|\| '');\n return session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: false,\n error: msg \|\| 'Failed to dispense warm session key',\n });\n }\n\n session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: true,\n transactionContext,\n });\n return;\n }\n\n // 5) JIT refresh VRF + ctx (best-effort)\n try {\n const refreshed = await adapters.vrf.maybeRefreshVrfChallenge(request, nearAccountId);\n uiVrfChallenge = refreshed.vrfChallenge;\n transactionContext = refreshed.transactionContext;\n session.updateUI({ vrfChallenge: uiVrfChallenge });\n } catch (e) {\n console.debug('[SigningFlow] VRF JIT refresh skipped', e);\n }\n\n // 6) Collect authentication credential\n try {\n if (!uiVrfChallenge) {\n throw new Error('Missing vrfChallenge for WebAuthn signing flow');\n }\n const serializedCredential = await adapters.webauthn.collectAuthenticationCredentialWithPRF({\n nearAccountId,\n vrfChallenge: uiVrfChallenge,\n });\n\n // 5c) Derive WrapKeySeed inside the VRF worker and deliver it to the signer worker via\n // the reserved WrapKeySeed MessagePort. Main thread only sees wrapKeySalt metadata.\n let contractId: string \| undefined;\n let nearRpcUrl: string \| undefined;\n try {\n // Ensure VRF session is active and bound to the same account we are signing for.\n const vrfStatus = await adapters.vrf.checkVrfStatus();\n if (!vrfStatus.active) {\n throw new Error('VRF keypair not active in memory. VRF session may have expired or was not properly initialized. Please refresh and try again.');\n }\n if (!vrfStatus.nearAccountId \|\| String(vrfStatus.nearAccountId) !== String(toAccountId(nearAccountId))) {\n throw new Error('VRF session is active but bound to a different account than the one being signed. Please log in again on this device.');\n }\n\n const deviceNumber = await getLastLoggedInDeviceNumber(toAccountId(nearAccountId), ctx.indexedDB.clientDB);\n const keyMaterial = await ctx.indexedDB.nearKeysDB.getLocalKeyMaterial(nearAccountId, deviceNumber);\n if (!keyMaterial) {\n throw new Error(`No key material found for account ${nearAccountId} device ${deviceNumber}`);\n }\n const wrapKeySalt = keyMaterial.wrapKeySalt;\n if (!wrapKeySalt) {\n throw new Error('Missing wrapKeySalt in vault; re-register to upgrade vault format.');\n }\n\n // Extract contract verification context when available.\n // - SIGN_TRANSACTION: use per-request rpcCall (already normalized by caller).\n // - SIGN_NEP413_MESSAGE: allow per-request override; fall back to PASSKEY_MANAGER_DEFAULT_CONFIGS.\n if (request.type === SecureConfirmationType.SIGN_TRANSACTION) {\n const payload = getSignTransactionPayload(request);\n contractId = payload?.rpcCall?.contractId;\n nearRpcUrl = payload?.rpcCall?.nearRpcUrl;\n } else if (request.type === SecureConfirmationType.SIGN_NEP413_MESSAGE) {\n const payload = request.payload;\n contractId = payload.contractId \|\| PASSKEY_MANAGER_DEFAULT_CONFIGS.contractId;\n nearRpcUrl = payload.nearRpcUrl \|\| PASSKEY_MANAGER_DEFAULT_CONFIGS.nearRpcUrl;\n }\n\n await adapters.vrf.mintSessionKeysAndSendToSigner({\n sessionId: request.requestId,\n wrapKeySalt,\n contractId,\n nearRpcUrl,\n credential: serializedCredential,\n });\n\t } catch (err) {\n\t console.error('[SigningFlow] WrapKeySeed derivation failed:', err);\n\t throw err; // Don't silently ignore - propagate the error\n\t }\n\n // 6) Respond; keep nonces reserved for worker to use\n session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: true,\n credential: serializedCredential,\n // prfOutput intentionally omitted to keep signer PRF-free\n // WrapKeySeed travels only over the dedicated VRF→Signer MessagePort; do not echo in the main-thread envelope\n vrfChallenge: uiVrfChallenge,\n transactionContext,\n });\n } catch (err: unknown) {\n // Treat TouchID/FaceID cancellation and related errors as a negative decision\n const cancelled = isUserCancelledSecureConfirm(err);\n // For missing PRF outputs, surface the error to caller (defensive path tests expect a throw)\n const msg = String((toError(err))?.message \|\| err \|\| '');\n if (/Missing PRF result/i.test(msg) \|\| /Missing PRF results/i.test(msg)) {\n // Ensure UI is closed and nonces released, then rethrow\n return session.cleanupAndRethrow(err);\n }\n if (cancelled) {\n window.parent?.postMessage({ type: 'WALLET_UI_CLOSED' }, '*');\n }\n const isWrongPasskeyError = /multiple passkeys \$devicenumbers\$ for account/i.test(msg);\n return session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: false,\n error: cancelled\n ? ERROR_MESSAGES.cancelled\n : (isWrongPasskeyError ? msg : (msg \|\| ERROR_MESSAGES.collectCredentialsFailed)),\n });\n }\n}\n"],"mappings":";;;;;;;;;;;;AAyBA,SAAS,mBAAmB,SAAuD;AACjF,KAAI,QAAQ,SAASA,qCAAuB,iBAC1C,QAAOC,iDAA0B,SAAS,mBAAmB;AAE/D,KAAI,QAAQ,SAASD,qCAAuB,oBAC1C,QAAO,QAAQ,QAAQ,mBAAmB;AAE5C,QAAO;;AAGT,eAAsB,6BACpB,KACA,SACA,QACA,MACe;CACf,MAAM,EAAE,oBAAoB,uBAAuB;CACnD,MAAM,WAAWE,mDAA4B;CAC7C,MAAM,UAAUC,qCAAqB;EACnC;EACA;EACA;EACA;EACA;;CAEF,MAAM,gBAAgBC,wCAAiB;CACvC,MAAM,kBAAkB,mBAAmB;CAC3C,MAAM,aAAaC,kCAAW;CAC9B,MAAM,sBAAsB,QAAQ,SAASL,qCAAuB,mBAChEM,uCAAgB,WAChB,QAAQ,SAASN,qCAAuB,sBACtC,MAAMO,qDAAgC;EACtC;EACA,WAAW,QAAQ,QAAQ;EAC3B,SAAS,QAAQ,QAAQ;MAEzB;CACN,MAAM,wBAAwB,QAAQ,QAAQ;CAG9C,MAAM,UAAU,MAAM,SAAS,KAAK,iBAAiB;EAAE;EAAe,SAAS;EAAY,eAAe;;AAC1G,KAAI,CAAC,QAAQ,oBAAoB;AAE/B,UAAQ,MAAM,yCAAyC;GAAE,OAAO,QAAQ;GAAO,SAAS,QAAQ;;AAChG,SAAO,QAAQ,qBAAqB;GAClC,WAAW,QAAQ;GACnB,cAAcD,uCAAgB;GAC9B,WAAW;GACX,OAAO,QAAQ,UAAU,GAAGE,8BAAe,cAAc,IAAI,QAAQ,YAAYA,8BAAe;;;AAGpG,SAAQ,kBAAkB,QAAQ;CAClC,IAAIC,qBAAyC,QAAQ;CAKrD,MAAM,OAAO,SAAS,IAAI;CAC1B,IAAIC;CACJ,IAAIC,sBAAyD,OACzD;EACE,QAAQ;EACR;EACA,aAAa,mBAAmB;EAChC,WAAW,mBAAmB;KAEhC;AAGJ,KAAI,oBAAoB,YAAY;AAClC,mBAAiB,MAAM,SAAS,IAAI,+BAClC;GACE,QAAQ;GACR;GACA,aAAa,mBAAmB;GAChC,WAAW,mBAAmB;GAC9B,GAAI,sBAAsB,EAAE,cAAc,wBAAwB;GAClE,GAAI,wBAAwB,EAAE,0BAA0B;KAE1D,QAAQ;AAEV,wBAAsB;;CAIxB,MAAM,EAAE,WAAW,OAAO,YAAY,MAAM,QAAQ,WAAW,EAAE,cAAc;AAC/E,KAAI,CAAC,UACH,QAAO,QAAQ,qBAAqB;EAClC,WAAW,QAAQ;EACnB,cAAcL,uCAAgB;EAC9B,WAAW;EACX,OAAO;;AAKX,KAAI,oBAAoB,eAAe;AACrC,MAAI;AACF,SAAM,SAAS,IAAI,mBAAmB;IAAE,WAAW,QAAQ;IAAW,MAAM;;WACrEM,KAAc;GACrB,MAAM,MAAM,OAAQC,uBAAQ,MAAO,WAAW,OAAO;AACrD,UAAO,QAAQ,qBAAqB;IAClC,WAAW,QAAQ;IACnB,cAAcP,uCAAgB;IAC9B,WAAW;IACX,OAAO,OAAO;;;AAIlB,UAAQ,qBAAqB;GAC3B,WAAW,QAAQ;GACnB,cAAcA,uCAAgB;GAC9B,WAAW;GACX;;AAEF;;AAIF,KAAI;EACF,MAAM,YAAY,MAAM,SAAS,IAAI,yBAAyB,SAAS;AACvE,mBAAiB,UAAU;AAC3B,uBAAqB,UAAU;AAC/B,UAAQ,SAAS,EAAE,cAAc;UAC1B,GAAG;AACV,UAAQ,MAAM,yCAAyC;;AAIzD,KAAI;AACF,MAAI,CAAC,eACH,OAAM,IAAI,MAAM;EAElB,MAAM,uBAAuB,MAAM,SAAS,SAAS,uCAAuC;GAC1F;GACA,cAAc;;EAKhB,IAAIQ;EACJ,IAAIC;AACJ,MAAI;GAEF,MAAM,YAAY,MAAM,SAAS,IAAI;AACrC,OAAI,CAAC,UAAU,OACb,OAAM,IAAI,MAAM;AAElB,OAAI,CAAC,UAAU,iBAAiB,OAAO,UAAU,mBAAmB,OAAOC,+BAAY,gBACrF,OAAM,IAAI,MAAM;GAGlB,MAAM,eAAe,MAAMC,oDAA4BD,+BAAY,gBAAgB,IAAI,UAAU;GACjG,MAAM,cAAc,MAAM,IAAI,UAAU,WAAW,oBAAoB,eAAe;AACtF,OAAI,CAAC,YACH,OAAM,IAAI,MAAM,qCAAqC,cAAc,UAAU;GAE/E,MAAM,cAAc,YAAY;AAChC,OAAI,CAAC,YACH,OAAM,IAAI,MAAM;AAMlB,OAAI,QAAQ,SAAShB,qCAAuB,kBAAkB;IAC5D,MAAM,UAAUC,iDAA0B;AAC1C,iBAAa,SAAS,SAAS;AAC/B,iBAAa,SAAS,SAAS;cACtB,QAAQ,SAASD,qCAAuB,qBAAqB;IACtE,MAAM,UAAU,QAAQ;AACxB,iBAAa,QAAQ,cAAckB,uDAAgC;AACnE,iBAAa,QAAQ,cAAcA,uDAAgC;;AAGrE,SAAM,SAAS,IAAI,+BAA+B;IAChD,WAAW,QAAQ;IACnB;IACA;IACA;IACA,YAAY;;WAEN,KAAK;AACZ,WAAQ,MAAM,gDAAgD;AAC9D,SAAM;;AAIT,UAAQ,qBAAqB;GAC3B,WAAW,QAAQ;GACnB,cAAcZ,uCAAgB;GAC9B,WAAW;GACX,YAAY;GAGZ,cAAc;GACd;;UAEKM,KAAc;EAErB,MAAM,YAAYO,4CAA6B;EAE/C,MAAM,MAAM,OAAQN,uBAAQ,MAAO,WAAW,OAAO;AACrD,MAAI,sBAAsB,KAAK,QAAQ,uBAAuB,KAAK,KAEjE,QAAO,QAAQ,kBAAkB;AAEnC,MAAI,UACF,QAAO,QAAQ,YAAY,EAAE,MAAM,sBAAsB;EAE3D,MAAM,sBAAsB,mDAAmD,KAAK;AACpF,SAAO,QAAQ,qBAAqB;GAClC,WAAW,QAAQ;GACnB,cAAcP,uCAAgB;GAC9B,WAAW;GACX,OAAO,YACHE,8BAAe,YACd,sBAAsB,MAAO,OAAOA,8BAAe"}

package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/handleSecureConfirmRequest.js CHANGED Viewed

@@ -1,4 +1,3 @@
-const require_rolldown_runtime = require('../../../../_virtual/rolldown_runtime.js');
 const require_errors = require('../../../../utils/errors.js');
 const require_types = require('./types.js');
 const require_determineConfirmationConfig = require('./determineConfirmationConfig.js');
@@ -7,7 +6,6 @@ const require_requestHelpers = require('./adapters/requestHelpers.js');
 const require_requestAdapter = require('./adapters/requestAdapter.js');
 //#region src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/handleSecureConfirmRequest.ts
-require_errors.init_errors();
 /**
 * Handles secure confirmation requests from the worker with robust error handling
 * => SecureConfirmMessageType.PROMPT_USER_CONFIRM_IN_JS_MAIN_THREAD

package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/handleSecureConfirmRequest.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"handleSecureConfirmRequest.js","names":["request: SecureConfirmRequest","confirmationConfig: ConfirmationConfig","transactionSummary: TransactionSummary","validateSecureConfirmRequest","determineConfirmationConfig","parseTransactionSummary","getIntentDigest","sanitizeForPostMessage","e: unknown","errorMessage","_err: unknown","toError","HANDLERS: Partial<Record<SecureConfirmationType, Handler>>","SecureConfirmationType"],"sources":["../../../../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/handleSecureConfirmRequest.ts"],"sourcesContent":["import type { VrfWorkerManagerContext } from '../';\nimport type { ConfirmationConfig } from '../../../types/signer-worker';\nimport { determineConfirmationConfig } from './determineConfirmationConfig';\nimport {\n TransactionSummary,\n SecureConfirmMessageType,\n SecureConfirmRequest,\n SecureConfirmationType,\n} from './types';\nimport { errorMessage, toError } from '../../../../utils/errors';\nimport {\n parseTransactionSummary,\n getIntentDigest,\n sendConfirmResponse,\n sanitizeForPostMessage,\n} from './flows';\nimport {\n assertNoForbiddenMainThreadSigningSecrets,\n validateSecureConfirmRequest,\n} from './adapters/requestAdapter';\nimport type {\n LocalOnlySecureConfirmRequest,\n RegistrationSecureConfirmRequest,\n SigningSecureConfirmRequest,\n} from './types';\n\n/*\n Handles secure confirmation requests from the worker with robust error handling\n * => SecureConfirmMessageType.PROMPT_USER_CONFIRM_IN_JS_MAIN_THREAD\n * and proper data validation. Supports both transaction and registration confirmation flows.\n */\nexport async function handlePromptUserConfirmInJsMainThread(\n ctx: VrfWorkerManagerContext,\n message: {\n type: SecureConfirmMessageType.PROMPT_USER_CONFIRM_IN_JS_MAIN_THREAD,\n data: SecureConfirmRequest,\n },\n worker: Worker\n): Promise<void> {\n\n // 1. Validate and parse request\n let request: SecureConfirmRequest;\n let confirmationConfig: ConfirmationConfig;\n let transactionSummary: TransactionSummary;\n\n try {\n\n request = validateSecureConfirmRequest(message.data);\n assertNoForbiddenMainThreadSigningSecrets(request);\n confirmationConfig = determineConfirmationConfig(ctx, request);\n\n const parsedSummary = parseTransactionSummary(request.summary);\n const intentDigest = getIntentDigest(request);\n\n transactionSummary = sanitizeForPostMessage({\n ...parsedSummary,\n ...(intentDigest ? { intentDigest } : {}),\n }) as TransactionSummary;\n\n } catch (e: unknown) {\n\n console.error('[SecureConfirm][Host] validateAndParseRequest failed', e);\n // Attempt to send a structured error back to the worker to avoid hard failure\n try {\n const rid = (message?.data as any)?.requestId;\n if (typeof rid === 'string' && rid) {\n sendConfirmResponse(worker, {\n requestId: rid,\n confirmed: false,\n error: errorMessage(e) \|\| 'Invalid secure confirm request',\n });\n return;\n }\n } catch (_err: unknown) {\n throw toError(e);\n }\n throw toError(e);\n }\n\n const handler = HANDLERS[request.type];\n if (!handler) {\n // Unsupported type fallback: return structured error to worker.\n sendConfirmResponse(worker, {\n requestId: request.requestId,\n confirmed: false,\n error: 'Unsupported secure confirmation type'\n });\n return;\n }\n\n await handler({ ctx, request, worker, confirmationConfig, transactionSummary });\n}\n\ntype HandlerArgs = {\n ctx: VrfWorkerManagerContext;\n request: SecureConfirmRequest;\n worker: Worker;\n confirmationConfig: ConfirmationConfig;\n transactionSummary: TransactionSummary;\n};\n\ntype Handler = (args: HandlerArgs) => Promise<void>;\n\nasync function importFlow<T>(label: string, loader: () => Promise<T>): Promise<T> {\n try {\n return await loader();\n } catch (e) {\n console.error(`[SecureConfirm][Host] failed to import ${label} flow module`, e);\n throw e;\n }\n}\n\nconst HANDLERS: Partial<Record<SecureConfirmationType, Handler>> = {\n [SecureConfirmationType.DECRYPT_PRIVATE_KEY_WITH_PRF]: async ({ ctx, request, worker, confirmationConfig, transactionSummary }) => {\n const { handleLocalOnlyFlow } = await importFlow('localOnly', () => import('./flows/localOnly'));\n await handleLocalOnlyFlow(ctx, request as LocalOnlySecureConfirmRequest, worker, { confirmationConfig, transactionSummary });\n },\n [SecureConfirmationType.SHOW_SECURE_PRIVATE_KEY_UI]: async ({ ctx, request, worker, confirmationConfig, transactionSummary }) => {\n const { handleLocalOnlyFlow } = await importFlow('localOnly', () => import('./flows/localOnly'));\n await handleLocalOnlyFlow(ctx, request as LocalOnlySecureConfirmRequest, worker, { confirmationConfig, transactionSummary });\n },\n [SecureConfirmationType.REGISTER_ACCOUNT]: async ({ ctx, request, worker, confirmationConfig, transactionSummary }) => {\n const { handleRegistrationFlow } = await importFlow('registration', () => import('./flows/registration'));\n await handleRegistrationFlow(ctx, request as RegistrationSecureConfirmRequest, worker, { confirmationConfig, transactionSummary });\n },\n [SecureConfirmationType.LINK_DEVICE]: async ({ ctx, request, worker, confirmationConfig, transactionSummary }) => {\n const { handleRegistrationFlow } = await importFlow('registration', () => import('./flows/registration'));\n await handleRegistrationFlow(ctx, request as RegistrationSecureConfirmRequest, worker, { confirmationConfig, transactionSummary });\n },\n [SecureConfirmationType.SIGN_TRANSACTION]: async ({ ctx, request, worker, confirmationConfig, transactionSummary }) => {\n const { handleTransactionSigningFlow } = await importFlow('transactions', () => import('./flows/transactions'));\n await handleTransactionSigningFlow(ctx, request as SigningSecureConfirmRequest, worker, { confirmationConfig, transactionSummary });\n },\n [SecureConfirmationType.SIGN_NEP413_MESSAGE]: async ({ ctx, request, worker, confirmationConfig, transactionSummary }) => {\n const { handleTransactionSigningFlow } = await importFlow('transactions', () => import('./flows/transactions'));\n await handleTransactionSigningFlow(ctx, request as SigningSecureConfirmRequest, worker, { confirmationConfig, transactionSummary });\n },\n};\n"],"mappings":"~~;;;;;;;;;;;;;;;~~AA+BA,eAAsB,sCACpB,KACA,SAIA,QACe;CAGf,IAAIA;CACJ,IAAIC;CACJ,IAAIC;AAEJ,KAAI;AAEF,YAAUC,oDAA6B,QAAQ;AAC/C,mEAA0C;AAC1C,uBAAqBC,gEAA4B,KAAK;EAEtD,MAAM,gBAAgBC,uCAAwB,QAAQ;EACtD,MAAM,eAAeC,uCAAgB;AAErC,uBAAqBC,sCAAuB;GAC1C,GAAG;GACH,GAAI,eAAe,EAAE,iBAAiB;;UAGjCC,GAAY;AAEnB,UAAQ,MAAM,wDAAwD;AAEtE,MAAI;GACF,MAAM,OAAO,SAAS,OAAc;AACpC,OAAI,OAAO,QAAQ,YAAY,KAAK;AAClC,uCAAoB,QAAQ;KAC1B,WAAW;KACX,WAAW;KACX,OAAOC,4BAAa,MAAM;;AAE5B;;WAEKC,MAAe;AACtB,SAAMC,uBAAQ;;AAEhB,QAAMA,uBAAQ;;CAGhB,MAAM,UAAU,SAAS,QAAQ;AACjC,KAAI,CAAC,SAAS;AAEZ,qCAAoB,QAAQ;GAC1B,WAAW,QAAQ;GACnB,WAAW;GACX,OAAO;;AAET;;AAGF,OAAM,QAAQ;EAAE;EAAK;EAAS;EAAQ;EAAoB;;;AAa5D,eAAe,WAAc,OAAe,QAAsC;AAChF,KAAI;AACF,SAAO,MAAM;UACN,GAAG;AACV,UAAQ,MAAM,0CAA0C,MAAM,eAAe;AAC7E,QAAM;;;AAIV,MAAMC,WAA6D;EAChEC,qCAAuB,+BAA+B,OAAO,EAAE,KAAK,SAAS,QAAQ,oBAAoB,yBAAyB;EACjI,MAAM,EAAE,wBAAwB,MAAM,WAAW,wDAAmB;AACpE,QAAM,oBAAoB,KAAK,SAA0C,QAAQ;GAAE;GAAoB;;;EAExGA,qCAAuB,6BAA6B,OAAO,EAAE,KAAK,SAAS,QAAQ,oBAAoB,yBAAyB;EAC/H,MAAM,EAAE,wBAAwB,MAAM,WAAW,wDAAmB;AACpE,QAAM,oBAAoB,KAAK,SAA0C,QAAQ;GAAE;GAAoB;;;EAExGA,qCAAuB,mBAAmB,OAAO,EAAE,KAAK,SAAS,QAAQ,oBAAoB,yBAAyB;EACrH,MAAM,EAAE,2BAA2B,MAAM,WAAW,2DAAsB;AAC1E,QAAM,uBAAuB,KAAK,SAA6C,QAAQ;GAAE;GAAoB;;;EAE9GA,qCAAuB,cAAc,OAAO,EAAE,KAAK,SAAS,QAAQ,oBAAoB,yBAAyB;EAChH,MAAM,EAAE,2BAA2B,MAAM,WAAW,2DAAsB;AAC1E,QAAM,uBAAuB,KAAK,SAA6C,QAAQ;GAAE;GAAoB;;;EAE9GA,qCAAuB,mBAAmB,OAAO,EAAE,KAAK,SAAS,QAAQ,oBAAoB,yBAAyB;EACrH,MAAM,EAAE,iCAAiC,MAAM,WAAW,2DAAsB;AAChF,QAAM,6BAA6B,KAAK,SAAwC,QAAQ;GAAE;GAAoB;;;EAE/GA,qCAAuB,sBAAsB,OAAO,EAAE,KAAK,SAAS,QAAQ,oBAAoB,yBAAyB;EACxH,MAAM,EAAE,iCAAiC,MAAM,WAAW,2DAAsB;AAChF,QAAM,6BAA6B,KAAK,SAAwC,QAAQ;GAAE;GAAoB"}
1	+ {"version":3,"file":"handleSecureConfirmRequest.js","names":["request: SecureConfirmRequest","confirmationConfig: ConfirmationConfig","transactionSummary: TransactionSummary","validateSecureConfirmRequest","determineConfirmationConfig","parseTransactionSummary","getIntentDigest","sanitizeForPostMessage","e: unknown","errorMessage","_err: unknown","toError","HANDLERS: Partial<Record<SecureConfirmationType, Handler>>","SecureConfirmationType"],"sources":["../../../../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/handleSecureConfirmRequest.ts"],"sourcesContent":["import type { VrfWorkerManagerContext } from '../';\nimport type { ConfirmationConfig } from '../../../types/signer-worker';\nimport { determineConfirmationConfig } from './determineConfirmationConfig';\nimport {\n TransactionSummary,\n SecureConfirmMessageType,\n SecureConfirmRequest,\n SecureConfirmationType,\n} from './types';\nimport { errorMessage, toError } from '../../../../utils/errors';\nimport {\n parseTransactionSummary,\n getIntentDigest,\n sendConfirmResponse,\n sanitizeForPostMessage,\n} from './flows';\nimport {\n assertNoForbiddenMainThreadSigningSecrets,\n validateSecureConfirmRequest,\n} from './adapters/requestAdapter';\nimport type {\n LocalOnlySecureConfirmRequest,\n RegistrationSecureConfirmRequest,\n SigningSecureConfirmRequest,\n} from './types';\n\n/*\n Handles secure confirmation requests from the worker with robust error handling\n * => SecureConfirmMessageType.PROMPT_USER_CONFIRM_IN_JS_MAIN_THREAD\n * and proper data validation. Supports both transaction and registration confirmation flows.\n */\nexport async function handlePromptUserConfirmInJsMainThread(\n ctx: VrfWorkerManagerContext,\n message: {\n type: SecureConfirmMessageType.PROMPT_USER_CONFIRM_IN_JS_MAIN_THREAD,\n data: SecureConfirmRequest,\n },\n worker: Worker\n): Promise<void> {\n\n // 1. Validate and parse request\n let request: SecureConfirmRequest;\n let confirmationConfig: ConfirmationConfig;\n let transactionSummary: TransactionSummary;\n\n try {\n\n request = validateSecureConfirmRequest(message.data);\n assertNoForbiddenMainThreadSigningSecrets(request);\n confirmationConfig = determineConfirmationConfig(ctx, request);\n\n const parsedSummary = parseTransactionSummary(request.summary);\n const intentDigest = getIntentDigest(request);\n\n transactionSummary = sanitizeForPostMessage({\n ...parsedSummary,\n ...(intentDigest ? { intentDigest } : {}),\n }) as TransactionSummary;\n\n } catch (e: unknown) {\n\n console.error('[SecureConfirm][Host] validateAndParseRequest failed', e);\n // Attempt to send a structured error back to the worker to avoid hard failure\n try {\n const rid = (message?.data as any)?.requestId;\n if (typeof rid === 'string' && rid) {\n sendConfirmResponse(worker, {\n requestId: rid,\n confirmed: false,\n error: errorMessage(e) \|\| 'Invalid secure confirm request',\n });\n return;\n }\n } catch (_err: unknown) {\n throw toError(e);\n }\n throw toError(e);\n }\n\n const handler = HANDLERS[request.type];\n if (!handler) {\n // Unsupported type fallback: return structured error to worker.\n sendConfirmResponse(worker, {\n requestId: request.requestId,\n confirmed: false,\n error: 'Unsupported secure confirmation type'\n });\n return;\n }\n\n await handler({ ctx, request, worker, confirmationConfig, transactionSummary });\n}\n\ntype HandlerArgs = {\n ctx: VrfWorkerManagerContext;\n request: SecureConfirmRequest;\n worker: Worker;\n confirmationConfig: ConfirmationConfig;\n transactionSummary: TransactionSummary;\n};\n\ntype Handler = (args: HandlerArgs) => Promise<void>;\n\nasync function importFlow<T>(label: string, loader: () => Promise<T>): Promise<T> {\n try {\n return await loader();\n } catch (e) {\n console.error(`[SecureConfirm][Host] failed to import ${label} flow module`, e);\n throw e;\n }\n}\n\nconst HANDLERS: Partial<Record<SecureConfirmationType, Handler>> = {\n [SecureConfirmationType.DECRYPT_PRIVATE_KEY_WITH_PRF]: async ({ ctx, request, worker, confirmationConfig, transactionSummary }) => {\n const { handleLocalOnlyFlow } = await importFlow('localOnly', () => import('./flows/localOnly'));\n await handleLocalOnlyFlow(ctx, request as LocalOnlySecureConfirmRequest, worker, { confirmationConfig, transactionSummary });\n },\n [SecureConfirmationType.SHOW_SECURE_PRIVATE_KEY_UI]: async ({ ctx, request, worker, confirmationConfig, transactionSummary }) => {\n const { handleLocalOnlyFlow } = await importFlow('localOnly', () => import('./flows/localOnly'));\n await handleLocalOnlyFlow(ctx, request as LocalOnlySecureConfirmRequest, worker, { confirmationConfig, transactionSummary });\n },\n [SecureConfirmationType.REGISTER_ACCOUNT]: async ({ ctx, request, worker, confirmationConfig, transactionSummary }) => {\n const { handleRegistrationFlow } = await importFlow('registration', () => import('./flows/registration'));\n await handleRegistrationFlow(ctx, request as RegistrationSecureConfirmRequest, worker, { confirmationConfig, transactionSummary });\n },\n [SecureConfirmationType.LINK_DEVICE]: async ({ ctx, request, worker, confirmationConfig, transactionSummary }) => {\n const { handleRegistrationFlow } = await importFlow('registration', () => import('./flows/registration'));\n await handleRegistrationFlow(ctx, request as RegistrationSecureConfirmRequest, worker, { confirmationConfig, transactionSummary });\n },\n [SecureConfirmationType.SIGN_TRANSACTION]: async ({ ctx, request, worker, confirmationConfig, transactionSummary }) => {\n const { handleTransactionSigningFlow } = await importFlow('transactions', () => import('./flows/transactions'));\n await handleTransactionSigningFlow(ctx, request as SigningSecureConfirmRequest, worker, { confirmationConfig, transactionSummary });\n },\n [SecureConfirmationType.SIGN_NEP413_MESSAGE]: async ({ ctx, request, worker, confirmationConfig, transactionSummary }) => {\n const { handleTransactionSigningFlow } = await importFlow('transactions', () => import('./flows/transactions'));\n await handleTransactionSigningFlow(ctx, request as SigningSecureConfirmRequest, worker, { confirmationConfig, transactionSummary });\n },\n};\n"],"mappings":";;;;;;;;;;;;;AA+BA,eAAsB,sCACpB,KACA,SAIA,QACe;CAGf,IAAIA;CACJ,IAAIC;CACJ,IAAIC;AAEJ,KAAI;AAEF,YAAUC,oDAA6B,QAAQ;AAC/C,mEAA0C;AAC1C,uBAAqBC,gEAA4B,KAAK;EAEtD,MAAM,gBAAgBC,uCAAwB,QAAQ;EACtD,MAAM,eAAeC,uCAAgB;AAErC,uBAAqBC,sCAAuB;GAC1C,GAAG;GACH,GAAI,eAAe,EAAE,iBAAiB;;UAGjCC,GAAY;AAEnB,UAAQ,MAAM,wDAAwD;AAEtE,MAAI;GACF,MAAM,OAAO,SAAS,OAAc;AACpC,OAAI,OAAO,QAAQ,YAAY,KAAK;AAClC,uCAAoB,QAAQ;KAC1B,WAAW;KACX,WAAW;KACX,OAAOC,4BAAa,MAAM;;AAE5B;;WAEKC,MAAe;AACtB,SAAMC,uBAAQ;;AAEhB,QAAMA,uBAAQ;;CAGhB,MAAM,UAAU,SAAS,QAAQ;AACjC,KAAI,CAAC,SAAS;AAEZ,qCAAoB,QAAQ;GAC1B,WAAW,QAAQ;GACnB,WAAW;GACX,OAAO;;AAET;;AAGF,OAAM,QAAQ;EAAE;EAAK;EAAS;EAAQ;EAAoB;;;AAa5D,eAAe,WAAc,OAAe,QAAsC;AAChF,KAAI;AACF,SAAO,MAAM;UACN,GAAG;AACV,UAAQ,MAAM,0CAA0C,MAAM,eAAe;AAC7E,QAAM;;;AAIV,MAAMC,WAA6D;EAChEC,qCAAuB,+BAA+B,OAAO,EAAE,KAAK,SAAS,QAAQ,oBAAoB,yBAAyB;EACjI,MAAM,EAAE,wBAAwB,MAAM,WAAW,wDAAmB;AACpE,QAAM,oBAAoB,KAAK,SAA0C,QAAQ;GAAE;GAAoB;;;EAExGA,qCAAuB,6BAA6B,OAAO,EAAE,KAAK,SAAS,QAAQ,oBAAoB,yBAAyB;EAC/H,MAAM,EAAE,wBAAwB,MAAM,WAAW,wDAAmB;AACpE,QAAM,oBAAoB,KAAK,SAA0C,QAAQ;GAAE;GAAoB;;;EAExGA,qCAAuB,mBAAmB,OAAO,EAAE,KAAK,SAAS,QAAQ,oBAAoB,yBAAyB;EACrH,MAAM,EAAE,2BAA2B,MAAM,WAAW,2DAAsB;AAC1E,QAAM,uBAAuB,KAAK,SAA6C,QAAQ;GAAE;GAAoB;;;EAE9GA,qCAAuB,cAAc,OAAO,EAAE,KAAK,SAAS,QAAQ,oBAAoB,yBAAyB;EAChH,MAAM,EAAE,2BAA2B,MAAM,WAAW,2DAAsB;AAC1E,QAAM,uBAAuB,KAAK,SAA6C,QAAQ;GAAE;GAAoB;;;EAE9GA,qCAAuB,mBAAmB,OAAO,EAAE,KAAK,SAAS,QAAQ,oBAAoB,yBAAyB;EACrH,MAAM,EAAE,iCAAiC,MAAM,WAAW,2DAAsB;AAChF,QAAM,6BAA6B,KAAK,SAAwC,QAAQ;GAAE;GAAoB;;;EAE/GA,qCAAuB,sBAAsB,OAAO,EAAE,KAAK,SAAS,QAAQ,oBAAoB,yBAAyB;EACxH,MAAM,EAAE,iCAAiC,MAAM,WAAW,2DAAsB;AAChF,QAAM,6BAA6B,KAAK,SAAwC,QAAQ;GAAE;GAAoB"}

package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/types.js CHANGED Viewed

@@ -1,4 +1,3 @@
-const require_rolldown_runtime = require('../../../../_virtual/rolldown_runtime.js');
 //#region src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/types.ts
 let SecureConfirmMessageType = /* @__PURE__ */ function(SecureConfirmMessageType$1) {

package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/types.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"types.js","names":[],"sources":["../../../../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/types.ts"],"sourcesContent":["import { VRFChallenge } from '@/core/types/vrf-worker';\nimport { TransactionInputWasm } from '../../../types';\nimport { ConfirmationConfig } from '../../../types';\nimport { TransactionContext } from '../../../types/rpc';\nimport { RpcCallPayload } from '../../../types/signer-worker';\nimport { WebAuthnAuthenticationCredential, WebAuthnRegistrationCredential } from '../../../types/webauthn';\nimport { isObject, isString } from '~~../../../WalletIframe~~/validation';\n\n// === SECURE CONFIRM TYPES (V2) ===\n\nexport enum SecureConfirmMessageType {\n PROMPT_USER_CONFIRM_IN_JS_MAIN_THREAD = 'PROMPT_USER_CONFIRM_IN_JS_MAIN_THREAD',\n USER_PASSKEY_CONFIRM_RESPONSE = 'USER_PASSKEY_CONFIRM_RESPONSE',\n}\n\n/*\n Type-level guardrail: these secrets must never appear in main-thread\n * request/response envelopes. WrapKeySeed is delivered only over the dedicated\n * VRF→Signer MessagePort, and PRF outputs should only exist inside credentials.\n /\nexport type ForbiddenMainThreadSecrets = {\n prfOutput?: never;\n prf_output?: never;\n wrapKeySeed?: never;\n wrapKeySalt?: never;\n vrf_sk?: never;\n prfKey?: never;\n};\n\nexport interface SecureConfirmDecision extends ForbiddenMainThreadSecrets {\n requestId: string;\n intentDigest?: string;\n confirmed: boolean;\n credential?: SerializableCredential; // Serialized WebAuthn credential\n vrfChallenge?: VRFChallenge; // VRF challenge generated during confirmation\n transactionContext?: TransactionContext; // NEAR data fetched during confirmation\n // This is a private field used to close the confirmation modal\n _confirmHandle?: { close: (confirmed: boolean) => void };\n error?: string;\n}\n\nexport interface TransactionSummary {\n totalAmount?: string;\n title?: string;\n body?: string;\n method?: string;\n intentDigest?: string;\n receiverId?: string;\n type?: string;\n delegate?: {\n senderId?: string;\n receiverId?: string;\n nonce?: string;\n maxBlockHeight?: string;\n };\n registrationDetails?: {\n nearAccountId: string;\n deviceNumber: number;\n deterministicVrfPublicKey?: string;\n };\n vrfChallenge?: VRFChallenge;\n summary?: unknown;\n}\n\n// Payload to return to Rust WASM is snake_case\nexport interface WorkerConfirmationResponse {\n request_id: string;\n intent_digest?: string;\n confirmed: boolean;\n credential?: SerializableCredential;\n vrf_challenge?: VRFChallenge; // VRF challenge generated during confirmation\n transaction_context?: TransactionContext; // NEAR data fetched during confirmation\n error?: string;\n}\n\n// ===== V2 MESSAGE TYPES =====\n\nexport enum SecureConfirmationType {\n SIGN_TRANSACTION = 'signTransaction',\n REGISTER_ACCOUNT = 'registerAccount',\n LINK_DEVICE = 'linkDevice',\n DECRYPT_PRIVATE_KEY_WITH_PRF = 'decryptPrivateKeyWithPrf',\n SIGN_NEP413_MESSAGE = 'signNep413Message',\n SHOW_SECURE_PRIVATE_KEY_UI = 'showSecurePrivateKeyUi',\n}\n\nexport type SigningAuthMode = 'webauthn' \| 'warmSession';\n\n// V2 summaries (render-oriented / UI hints)\nexport interface TxSummary { totalAmount?: string; method?: string; receiverId?: string }\nexport interface RegistrationSummary {\n nearAccountId: string;\n deviceNumber?: number;\n contractId?: string;\n title?: string;\n body?: string;\n}\nexport type ExportOperation = 'Export Private Key' \| 'Decrypt Private Key';\nexport interface ExportSummary { operation: ExportOperation; accountId: string; publicKey: string; warning: string }\nexport interface Nep413Summary { operation: 'Sign NEP-413 Message'; message: string; recipient: string; accountId: string }\n\n// V2 request envelope\nexport type SecureConfirmPayloadByType = {\n [SecureConfirmationType.SIGN_TRANSACTION]: SignTransactionPayload;\n [SecureConfirmationType.REGISTER_ACCOUNT]: RegisterAccountPayload;\n [SecureConfirmationType.LINK_DEVICE]: RegisterAccountPayload;\n [SecureConfirmationType.DECRYPT_PRIVATE_KEY_WITH_PRF]: DecryptPrivateKeyWithPrfPayload;\n [SecureConfirmationType.SIGN_NEP413_MESSAGE]: SignNep413Payload;\n [SecureConfirmationType.SHOW_SECURE_PRIVATE_KEY_UI]: ShowSecurePrivateKeyUiPayload;\n};\n\nexport type SecureConfirmSummaryByType = {\n [SecureConfirmationType.SIGN_TRANSACTION]: TransactionSummary;\n [SecureConfirmationType.REGISTER_ACCOUNT]: RegistrationSummary;\n [SecureConfirmationType.LINK_DEVICE]: RegistrationSummary;\n [SecureConfirmationType.DECRYPT_PRIVATE_KEY_WITH_PRF]: ExportSummary;\n [SecureConfirmationType.SIGN_NEP413_MESSAGE]: TransactionSummary;\n [SecureConfirmationType.SHOW_SECURE_PRIVATE_KEY_UI]: ExportSummary;\n};\n\nexport type SecureConfirmPayload = SecureConfirmPayloadByType[keyof SecureConfirmPayloadByType];\nexport type SecureConfirmSummary = SecureConfirmSummaryByType[keyof SecureConfirmSummaryByType];\n\nexport interface SecureConfirmRequest<TPayload = SecureConfirmPayload, TSummary = SecureConfirmSummary> {\n ~~schemaVersion: 2;\n~~ requestId: string;\n type: SecureConfirmationType;\n summary: TSummary;\n payload: TPayload;\n // Allow partial override from callers; effective config is computed later\n confirmationConfig?: Partial<ConfirmationConfig>;\n // Optional intent digest to echo back in responses for flows that\n // do not have a tx-centric payload (e.g., registration/link flows)\n intentDigest?: string;\n}\n\n// V2 payloads\nexport interface SignTransactionPayload {\n txSigningRequests: TransactionInputWasm[];\n intentDigest: string;\n rpcCall: RpcCallPayload;\n /\n Controls whether confirmTxFlow should collect a WebAuthn credential.\n * - `webauthn`: prompt TouchID/FaceID and derive WrapKeySeed from PRF.first_auth.\n * - `warmSession`: skip WebAuthn and dispense the existing VRF session key to the signer worker.\n /\n signingAuthMode?: SigningAuthMode;\n}\n\nexport interface RegisterAccountPayload {\n nearAccountId: string;\n deviceNumber?: number;\n rpcCall: RpcCallPayload;\n}\n\nexport interface DecryptPrivateKeyWithPrfPayload {\n nearAccountId: string;\n publicKey: string;\n}\n\nexport interface ShowSecurePrivateKeyUiPayload {\n nearAccountId: string;\n publicKey: string;\n privateKey: string;\n variant?: 'drawer' \| 'modal';\n theme?: 'dark' \| 'light';\n}\n\nexport interface SignNep413Payload {\n nearAccountId: string;\n message: string;\n recipient: string;\n /\n Optional contract verification context for VRF gating.\n * When provided, VRF Rust can call `verify_authentication_response` on-chain\n * before deriving and dispensing session keys.\n /\n contractId?: string;\n /\n Optional NEAR RPC URL for contract verification (single URL or failover list).\n /\n nearRpcUrl?: string;\n /\n Controls whether confirmTxFlow should collect a WebAuthn credential for this signing intent.\n * See `SignTransactionPayload.signingAuthMode`.\n */\n signingAuthMode?: SigningAuthMode;\n}\n\n// Type guards\nexport function isSecureConfirmRequestV2(x: unknown): x is SecureConfirmRequest {\n return isObject(x)\n && (x as { ~~schemaVersion~~?: unknown }).~~schemaVersion === 2~~\n && isString((x as { ~~type~~?: unknown }).~~type~~)\n && ~~isString~~((x as { ~~requestId~~?: unknown }).~~requestId)~~;\n}\n\n// Serialized WebAuthn credential (authentication or registration)\nexport type SerializableCredential = WebAuthnAuthenticationCredential \| WebAuthnRegistrationCredential;\n\n// Discriminated unions to bind `type` to payload shape\nexport type SecureConfirmRequestByType<TType extends SecureConfirmationType> =\n SecureConfirmRequest<SecureConfirmPayloadByType[TType], SecureConfirmSummaryByType[TType]> & { type: TType };\n\nexport type LocalOnlySecureConfirmRequest =\n \| SecureConfirmRequestByType<SecureConfirmationType.DECRYPT_PRIVATE_KEY_WITH_PRF>\n \| SecureConfirmRequestByType<SecureConfirmationType.SHOW_SECURE_PRIVATE_KEY_UI>;\n\nexport type RegistrationSecureConfirmRequest =\n \| SecureConfirmRequestByType<SecureConfirmationType.REGISTER_ACCOUNT>\n \| SecureConfirmRequestByType<SecureConfirmationType.LINK_DEVICE>;\n\nexport type SigningSecureConfirmRequest =\n \| SecureConfirmRequestByType<SecureConfirmationType.SIGN_TRANSACTION>\n \| SecureConfirmRequestByType<SecureConfirmationType.SIGN_NEP413_MESSAGE>;\n\nexport type KnownSecureConfirmRequest =\n \| LocalOnlySecureConfirmRequest\n \| RegistrationSecureConfirmRequest\n \| SigningSecureConfirmRequest;\n"],"mappings":"~~;;;~~AAUA,IAAY,gFAAL;AACL;AACA;;;AAiEF,IAAY,4EAAL;AACL;AACA;AACA;AACA;AACA;AACA"}
1	+ {"version":3,"file":"types.js","names":[],"sources":["../../../../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/types.ts"],"sourcesContent":["import { VRFChallenge } from '@/core/types/vrf-worker';\nimport { TransactionInputWasm } from '../../../types';\nimport { ConfirmationConfig } from '../../../types';\nimport { TransactionContext } from '../../../types/rpc';\nimport { RpcCallPayload } from '../../../types/signer-worker';\nimport { WebAuthnAuthenticationCredential, WebAuthnRegistrationCredential } from '../../../types/webauthn';\nimport { isObject, isString } from '@/utils/validation';\n\n// === SECURE CONFIRM TYPES (V2) ===\n\nexport enum SecureConfirmMessageType {\n PROMPT_USER_CONFIRM_IN_JS_MAIN_THREAD = 'PROMPT_USER_CONFIRM_IN_JS_MAIN_THREAD',\n USER_PASSKEY_CONFIRM_RESPONSE = 'USER_PASSKEY_CONFIRM_RESPONSE',\n}\n\n/*\n Type-level guardrail: these secrets must never appear in main-thread\n * request/response envelopes. WrapKeySeed is delivered only over the dedicated\n * VRF→Signer MessagePort, and PRF outputs should only exist inside credentials.\n /\nexport type ForbiddenMainThreadSecrets = {\n prfOutput?: never;\n prf_output?: never;\n wrapKeySeed?: never;\n wrapKeySalt?: never;\n vrf_sk?: never;\n prfKey?: never;\n};\n\nexport interface SecureConfirmDecision extends ForbiddenMainThreadSecrets {\n requestId: string;\n intentDigest?: string;\n confirmed: boolean;\n credential?: SerializableCredential; // Serialized WebAuthn credential\n vrfChallenge?: VRFChallenge; // VRF challenge generated during confirmation\n transactionContext?: TransactionContext; // NEAR data fetched during confirmation\n // This is a private field used to close the confirmation modal\n _confirmHandle?: { close: (confirmed: boolean) => void };\n error?: string;\n}\n\nexport interface TransactionSummary {\n totalAmount?: string;\n title?: string;\n body?: string;\n method?: string;\n intentDigest?: string;\n receiverId?: string;\n type?: string;\n delegate?: {\n senderId?: string;\n receiverId?: string;\n nonce?: string;\n maxBlockHeight?: string;\n };\n registrationDetails?: {\n nearAccountId: string;\n deviceNumber: number;\n deterministicVrfPublicKey?: string;\n };\n vrfChallenge?: VRFChallenge;\n summary?: unknown;\n}\n\n// Payload to return to Rust WASM is snake_case\nexport interface WorkerConfirmationResponse {\n request_id: string;\n intent_digest?: string;\n confirmed: boolean;\n credential?: SerializableCredential;\n vrf_challenge?: VRFChallenge; // VRF challenge generated during confirmation\n transaction_context?: TransactionContext; // NEAR data fetched during confirmation\n error?: string;\n}\n\n// ===== V2 MESSAGE TYPES =====\n\nexport enum SecureConfirmationType {\n SIGN_TRANSACTION = 'signTransaction',\n REGISTER_ACCOUNT = 'registerAccount',\n LINK_DEVICE = 'linkDevice',\n DECRYPT_PRIVATE_KEY_WITH_PRF = 'decryptPrivateKeyWithPrf',\n SIGN_NEP413_MESSAGE = 'signNep413Message',\n SHOW_SECURE_PRIVATE_KEY_UI = 'showSecurePrivateKeyUi',\n}\n\nexport type SigningAuthMode = 'webauthn' \| 'warmSession';\n\n// V2 summaries (render-oriented / UI hints)\nexport interface TxSummary { totalAmount?: string; method?: string; receiverId?: string }\nexport interface RegistrationSummary {\n nearAccountId: string;\n deviceNumber?: number;\n contractId?: string;\n title?: string;\n body?: string;\n}\nexport type ExportOperation = 'Export Private Key' \| 'Decrypt Private Key';\nexport interface ExportSummary { operation: ExportOperation; accountId: string; publicKey: string; warning: string }\nexport interface Nep413Summary { operation: 'Sign NEP-413 Message'; message: string; recipient: string; accountId: string }\n\n// V2 request envelope\nexport type SecureConfirmPayloadByType = {\n [SecureConfirmationType.SIGN_TRANSACTION]: SignTransactionPayload;\n [SecureConfirmationType.REGISTER_ACCOUNT]: RegisterAccountPayload;\n [SecureConfirmationType.LINK_DEVICE]: RegisterAccountPayload;\n [SecureConfirmationType.DECRYPT_PRIVATE_KEY_WITH_PRF]: DecryptPrivateKeyWithPrfPayload;\n [SecureConfirmationType.SIGN_NEP413_MESSAGE]: SignNep413Payload;\n [SecureConfirmationType.SHOW_SECURE_PRIVATE_KEY_UI]: ShowSecurePrivateKeyUiPayload;\n};\n\nexport type SecureConfirmSummaryByType = {\n [SecureConfirmationType.SIGN_TRANSACTION]: TransactionSummary;\n [SecureConfirmationType.REGISTER_ACCOUNT]: RegistrationSummary;\n [SecureConfirmationType.LINK_DEVICE]: RegistrationSummary;\n [SecureConfirmationType.DECRYPT_PRIVATE_KEY_WITH_PRF]: ExportSummary;\n [SecureConfirmationType.SIGN_NEP413_MESSAGE]: TransactionSummary;\n [SecureConfirmationType.SHOW_SECURE_PRIVATE_KEY_UI]: ExportSummary;\n};\n\nexport type SecureConfirmPayload = SecureConfirmPayloadByType[keyof SecureConfirmPayloadByType];\nexport type SecureConfirmSummary = SecureConfirmSummaryByType[keyof SecureConfirmSummaryByType];\n\nexport interface SecureConfirmRequest<TPayload = SecureConfirmPayload, TSummary = SecureConfirmSummary> {\n requestId: string;\n type: SecureConfirmationType;\n summary: TSummary;\n payload: TPayload;\n // Allow partial override from callers; effective config is computed later\n confirmationConfig?: Partial<ConfirmationConfig>;\n // Optional intent digest to echo back in responses for flows that\n // do not have a tx-centric payload (e.g., registration/link flows)\n intentDigest?: string;\n}\n\n// V2 payloads\nexport interface SignTransactionPayload {\n txSigningRequests: TransactionInputWasm[];\n intentDigest: string;\n rpcCall: RpcCallPayload;\n /\n Optional base64url-encoded 32-byte digest to bind a relayer session policy into the VRF input hash (v4+ only).\n * When present, it will be forwarded to the VRF worker for inclusion in VRF input derivation.\n /\n sessionPolicyDigest32?: string;\n /\n Controls whether confirmTxFlow should collect a WebAuthn credential.\n * - `webauthn`: prompt TouchID/FaceID and derive WrapKeySeed from PRF.first_auth.\n * - `warmSession`: skip WebAuthn and dispense the existing VRF session key to the signer worker.\n /\n signingAuthMode?: SigningAuthMode;\n}\n\nexport interface RegisterAccountPayload {\n nearAccountId: string;\n deviceNumber?: number;\n rpcCall: RpcCallPayload;\n}\n\nexport interface DecryptPrivateKeyWithPrfPayload {\n nearAccountId: string;\n publicKey: string;\n}\n\nexport interface ShowSecurePrivateKeyUiPayload {\n nearAccountId: string;\n publicKey: string;\n privateKey: string;\n variant?: 'drawer' \| 'modal';\n theme?: 'dark' \| 'light';\n}\n\nexport interface SignNep413Payload {\n nearAccountId: string;\n message: string;\n recipient: string;\n /\n Optional base64url-encoded 32-byte digest to bind a relayer session policy into the VRF input hash (v4+ only).\n /\n sessionPolicyDigest32?: string;\n /\n Optional contract verification context for VRF gating.\n * When provided, VRF Rust can call `verify_authentication_response` on-chain\n * before deriving and dispensing session keys.\n /\n contractId?: string;\n /\n Optional NEAR RPC URL for contract verification (single URL or failover list).\n /\n nearRpcUrl?: string;\n /\n Controls whether confirmTxFlow should collect a WebAuthn credential for this signing intent.\n * See `SignTransactionPayload.signingAuthMode`.\n */\n signingAuthMode?: SigningAuthMode;\n}\n\n// Type guards\nexport function isSecureConfirmRequestV2(x: unknown): x is SecureConfirmRequest {\n return isObject(x)\n && isString((x as { type?: unknown }).type)\n && isString((x as { requestId?: unknown }).requestId)\n && (x as { summary?: unknown }).summary != null\n && (x as { payload?: unknown }).payload != null;\n}\n\n// Serialized WebAuthn credential (authentication or registration)\nexport type SerializableCredential = WebAuthnAuthenticationCredential \| WebAuthnRegistrationCredential;\n\n// Discriminated unions to bind `type` to payload shape\nexport type SecureConfirmRequestByType<TType extends SecureConfirmationType> =\n SecureConfirmRequest<SecureConfirmPayloadByType[TType], SecureConfirmSummaryByType[TType]> & { type: TType };\n\nexport type LocalOnlySecureConfirmRequest =\n \| SecureConfirmRequestByType<SecureConfirmationType.DECRYPT_PRIVATE_KEY_WITH_PRF>\n \| SecureConfirmRequestByType<SecureConfirmationType.SHOW_SECURE_PRIVATE_KEY_UI>;\n\nexport type RegistrationSecureConfirmRequest =\n \| SecureConfirmRequestByType<SecureConfirmationType.REGISTER_ACCOUNT>\n \| SecureConfirmRequestByType<SecureConfirmationType.LINK_DEVICE>;\n\nexport type SigningSecureConfirmRequest =\n \| SecureConfirmRequestByType<SecureConfirmationType.SIGN_TRANSACTION>\n \| SecureConfirmRequestByType<SecureConfirmationType.SIGN_NEP413_MESSAGE>;\n\nexport type KnownSecureConfirmRequest =\n \| LocalOnlySecureConfirmRequest\n \| RegistrationSecureConfirmRequest\n \| SigningSecureConfirmRequest;\n"],"mappings":";;AAUA,IAAY,gFAAL;AACL;AACA;;;AAiEF,IAAY,4EAAL;AACL;AACA;AACA;AACA;AACA;AACA"}

package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/handlers/checkSessionStatus.js CHANGED Viewed

@@ -1,4 +1,3 @@
-const require_rolldown_runtime = require('../../../../_virtual/rolldown_runtime.js');
 //#region src/core/WebAuthnManager/VrfWorkerManager/handlers/checkSessionStatus.ts
 /**

package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/handlers/checkSessionStatus.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"checkSessionStatus.js","names":["message: VRFWorkerMessage<WasmCheckSessionStatusRequest>"],"sources":["../../../../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/checkSessionStatus.ts"],"sourcesContent":["import type { VRFWorkerMessage, WasmCheckSessionStatusRequest } from '../../../types/vrf-worker';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/*\n Per-`sessionId` signing-session status (WrapKeySeed session gating).\n \n This is NOT the same as the \"global\" VRF unlock status (whether the VRF keypair is active).\n * For VRF keypair unlock status, use `checkVrfStatus`.\n */\nexport async function checkSessionStatus(\n ctx: VrfWorkerManagerHandlerContext,\n args: { sessionId: string }\n): Promise<{\n sessionId: string;\n status: 'active' \| 'exhausted' \| 'expired' \| 'not_found';\n remainingUses?: number;\n expiresAtMs?: number;\n createdAtMs?: number;\n}> {\n await ctx.ensureWorkerReady(true);\n const message: VRFWorkerMessage<WasmCheckSessionStatusRequest> = {\n type: 'CHECK_SESSION_STATUS',\n id: ctx.generateMessageId(),\n payload: {\n sessionId: args.sessionId,\n } as any,\n };\n const response = await ctx.sendMessage<WasmCheckSessionStatusRequest>(message);\n if (!response.success) {\n throw new Error(`checkSessionStatus failed: ${response.error}`);\n }\n return (\n (response.data as any) \|\| {\n sessionId: args.sessionId,\n status: 'not_found',\n }\n );\n}\n"],"mappings":"~~;;;;;;;;;~~AASA,eAAsB,mBACpB,KACA,MAOC;AACD,OAAM,IAAI,kBAAkB;CAC5B,MAAMA,UAA2D;EAC/D,MAAM;EACN,IAAI,IAAI;EACR,SAAS,EACP,WAAW,KAAK;;CAGpB,MAAM,WAAW,MAAM,IAAI,YAA2C;AACtE,KAAI,CAAC,SAAS,QACZ,OAAM,IAAI,MAAM,8BAA8B,SAAS;AAEzD,QACG,SAAS,QAAgB;EACxB,WAAW,KAAK;EAChB,QAAQ"}
1	+ {"version":3,"file":"checkSessionStatus.js","names":["message: VRFWorkerMessage<WasmCheckSessionStatusRequest>"],"sources":["../../../../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/checkSessionStatus.ts"],"sourcesContent":["import type { VRFWorkerMessage, WasmCheckSessionStatusRequest } from '../../../types/vrf-worker';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/*\n Per-`sessionId` signing-session status (WrapKeySeed session gating).\n \n This is NOT the same as the \"global\" VRF unlock status (whether the VRF keypair is active).\n * For VRF keypair unlock status, use `checkVrfStatus`.\n */\nexport async function checkSessionStatus(\n ctx: VrfWorkerManagerHandlerContext,\n args: { sessionId: string }\n): Promise<{\n sessionId: string;\n status: 'active' \| 'exhausted' \| 'expired' \| 'not_found';\n remainingUses?: number;\n expiresAtMs?: number;\n createdAtMs?: number;\n}> {\n await ctx.ensureWorkerReady(true);\n const message: VRFWorkerMessage<WasmCheckSessionStatusRequest> = {\n type: 'CHECK_SESSION_STATUS',\n id: ctx.generateMessageId(),\n payload: {\n sessionId: args.sessionId,\n } as any,\n };\n const response = await ctx.sendMessage<WasmCheckSessionStatusRequest>(message);\n if (!response.success) {\n throw new Error(`checkSessionStatus failed: ${response.error}`);\n }\n return (\n (response.data as any) \|\| {\n sessionId: args.sessionId,\n status: 'not_found',\n }\n );\n}\n"],"mappings":";;;;;;;;AASA,eAAsB,mBACpB,KACA,MAOC;AACD,OAAM,IAAI,kBAAkB;CAC5B,MAAMA,UAA2D;EAC/D,MAAM;EACN,IAAI,IAAI;EACR,SAAS,EACP,WAAW,KAAK;;CAGpB,MAAM,WAAW,MAAM,IAAI,YAA2C;AACtE,KAAI,CAAC,SAAS,QACZ,OAAM,IAAI,MAAM,8BAA8B,SAAS;AAEzD,QACG,SAAS,QAAgB;EACxB,WAAW,KAAK;EAChB,QAAQ"}

package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/handlers/checkVrfStatus.js CHANGED Viewed

@@ -1,8 +1,6 @@
-const require_rolldown_runtime = require('../../../../_virtual/rolldown_runtime.js');
 const require_accountIds = require('../../../types/accountIds.js');
 //#region src/core/WebAuthnManager/VrfWorkerManager/handlers/checkVrfStatus.ts
-require_accountIds.init_accountIds();
 /**
 * "Global" VRF status: is the VRF keypair currently unlocked/active inside the VRF worker?
 *
@@ -15,7 +13,8 @@ async function checkVrfStatus(ctx) {
 	} catch {
 		return {
 			active: false,
-			nearAccountId: null
+			nearAccountId: null,
+			vrfPublicKey: null
 		};
 	}
 	try {
@@ -31,18 +30,21 @@ async function checkVrfStatus(ctx) {
 			return {
 				active: data.active,
 				nearAccountId: current ? require_accountIds.toAccountId(current) : null,
-				sessionDuration: data.sessionDuration
+				sessionDuration: data.sessionDuration,
+				vrfPublicKey: data.vrfPublicKey ?? null
 			};
 		}
 		return {
 			active: false,
-			nearAccountId: null
+			nearAccountId: null,
+			vrfPublicKey: null
 		};
 	} catch (error) {
 		console.warn("VRF Manager: Failed to get VRF status:", error);
 		return {
 			active: false,
-			nearAccountId: null
+			nearAccountId: null,
+			vrfPublicKey: null
 		};
 	}
 }

package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/handlers/checkVrfStatus.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"checkVrfStatus.js","names":["message: VRFWorkerMessage<WasmVrfWorkerRequestType>","toAccountId"],"sources":["../../../../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/checkVrfStatus.ts"],"sourcesContent":["import type { VRFWorkerMessage, VRFWorkerStatus, WasmVrfWorkerRequestType } from '../../../types/vrf-worker';\nimport { toAccountId } from '../../../types/accountIds';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/*\n \"Global\" VRF status: is the VRF keypair currently unlocked/active inside the VRF worker?\n \n This is NOT the same as a signing session status (WrapKeySeed session gating).\n * For per-`sessionId` signing-session status, use `checkSessionStatus`.\n */\nexport async function checkVrfStatus(ctx: VrfWorkerManagerHandlerContext): Promise<VRFWorkerStatus> {\n try {\n await ctx.ensureWorkerReady();\n } catch {\n // If initialization fails, return inactive status\n return { active: false, nearAccountId: null };\n }\n\n try {\n const message: VRFWorkerMessage<WasmVrfWorkerRequestType> = {\n type: 'CHECK_VRF_STATUS',\n id: ctx.generateMessageId(),\n payload: {} as WasmVrfWorkerRequestType\n };\n\n const response = await ctx.sendMessage(message);\n\n if (response.success && response.data) {\n const data = response.data as { active: boolean; sessionDuration?: number };\n const current = ctx.getCurrentVrfAccountId();\n return {\n active: data.active,\n nearAccountId: current ? toAccountId(current) : null,\n sessionDuration: data.sessionDuration\n };\n }\n\n return { active: false, nearAccountId: null };\n } catch (error) {\n console.warn('VRF Manager: Failed to get VRF status:', error);\n return { active: false, nearAccountId: null };\n }\n}\n"],"mappings":"~~;;;;;;;;;;;~~AAUA,eAAsB,eAAe,KAA+D;AAClG,KAAI;AACF,QAAM,IAAI;SACJ;AAEN,SAAO;GAAE,QAAQ;GAAO,eAAe;;;~~AAGzC~~,KAAI;EACF,MAAMA,UAAsD;GAC1D,MAAM;GACN,IAAI,IAAI;GACR,SAAS;;EAGX,MAAM,WAAW,MAAM,IAAI,YAAY;AAEvC,MAAI,SAAS,WAAW,SAAS,MAAM;GACrC,MAAM,OAAO,SAAS;GACtB,MAAM,UAAU,IAAI;AACpB,UAAO;IACL,QAAQ,KAAK;IACb,eAAe,UAAUC,+BAAY,WAAW;IAChD,iBAAiB,KAAK;;;~~AAI1B~~,SAAO;GAAE,QAAQ;GAAO,eAAe;;~~UAChC~~,OAAO;AACd,UAAQ,KAAK,0CAA0C;AACvD,SAAO;GAAE,QAAQ;GAAO,eAAe"}
1	+ {"version":3,"file":"checkVrfStatus.js","names":["message: VRFWorkerMessage<WasmVrfWorkerRequestType>","toAccountId"],"sources":["../../../../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/checkVrfStatus.ts"],"sourcesContent":["import type { VRFWorkerMessage, VRFWorkerStatus, WasmVrfWorkerRequestType } from '../../../types/vrf-worker';\nimport { toAccountId } from '../../../types/accountIds';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/*\n \"Global\" VRF status: is the VRF keypair currently unlocked/active inside the VRF worker?\n \n This is NOT the same as a signing session status (WrapKeySeed session gating).\n * For per-`sessionId` signing-session status, use `checkSessionStatus`.\n */\nexport async function checkVrfStatus(ctx: VrfWorkerManagerHandlerContext): Promise<VRFWorkerStatus> {\n try {\n await ctx.ensureWorkerReady();\n } catch {\n // If initialization fails, return inactive status\n return { active: false, nearAccountId: null, vrfPublicKey: null };\n }\n\n try {\n const message: VRFWorkerMessage<WasmVrfWorkerRequestType> = {\n type: 'CHECK_VRF_STATUS',\n id: ctx.generateMessageId(),\n payload: {} as WasmVrfWorkerRequestType\n };\n\n const response = await ctx.sendMessage(message);\n\n if (response.success && response.data) {\n const data = response.data as { active: boolean; sessionDuration?: number; vrfPublicKey?: string };\n const current = ctx.getCurrentVrfAccountId();\n return {\n active: data.active,\n nearAccountId: current ? toAccountId(current) : null,\n sessionDuration: data.sessionDuration,\n vrfPublicKey: data.vrfPublicKey ?? null,\n };\n }\n\n return { active: false, nearAccountId: null, vrfPublicKey: null };\n } catch (error) {\n console.warn('VRF Manager: Failed to get VRF status:', error);\n return { active: false, nearAccountId: null, vrfPublicKey: null };\n }\n}\n"],"mappings":";;;;;;;;;AAUA,eAAsB,eAAe,KAA+D;AAClG,KAAI;AACF,QAAM,IAAI;SACJ;AAEN,SAAO;GAAE,QAAQ;GAAO,eAAe;GAAM,cAAc;;;AAG7D,KAAI;EACF,MAAMA,UAAsD;GAC1D,MAAM;GACN,IAAI,IAAI;GACR,SAAS;;EAGX,MAAM,WAAW,MAAM,IAAI,YAAY;AAEvC,MAAI,SAAS,WAAW,SAAS,MAAM;GACrC,MAAM,OAAO,SAAS;GACtB,MAAM,UAAU,IAAI;AACpB,UAAO;IACL,QAAQ,KAAK;IACb,eAAe,UAAUC,+BAAY,WAAW;IAChD,iBAAiB,KAAK;IACtB,cAAc,KAAK,gBAAgB;;;AAIvC,SAAO;GAAE,QAAQ;GAAO,eAAe;GAAM,cAAc;;UACpD,OAAO;AACd,UAAQ,KAAK,0CAA0C;AACvD,SAAO;GAAE,QAAQ;GAAO,eAAe;GAAM,cAAc"}

package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/handlers/clearSession.js CHANGED Viewed

@@ -1,4 +1,3 @@
-const require_rolldown_runtime = require('../../../../_virtual/rolldown_runtime.js');
 //#region src/core/WebAuthnManager/VrfWorkerManager/handlers/clearSession.ts
 /**

package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/handlers/clearSession.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"clearSession.js","names":["message: VRFWorkerMessage<WasmClearSessionRequest>"],"sources":["../../../../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/clearSession.ts"],"sourcesContent":["import type { VRFWorkerMessage, WasmClearSessionRequest } from '../../../types/vrf-worker';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/*\n Best-effort cleanup for a single VRF-owned signing session.\n \n Clears any VRF worker state bound to `sessionId`:\n * - cached WrapKeySeed session material (TTL/uses),\n * - cached VRF challenge (used for contract verification),\n * - and any attached WrapKeySeed MessagePort.\n \n Used by UI \"Lock\" actions and as a safety valve for session lifecycle cleanup.\n */\nexport async function clearSession(\n ctx: VrfWorkerManagerHandlerContext,\n args: { sessionId: string }\n): Promise<{\n sessionId: string;\n clearedSession: boolean;\n clearedChallenge: boolean;\n clearedPort: boolean;\n}> {\n await ctx.ensureWorkerReady(true);\n const message: VRFWorkerMessage<WasmClearSessionRequest> = {\n type: 'CLEAR_SESSION',\n id: ctx.generateMessageId(),\n payload: {\n sessionId: args.sessionId,\n } as any,\n };\n const response = await ctx.sendMessage<WasmClearSessionRequest>(message);\n if (!response.success) {\n throw new Error(`clearSession failed: ${response.error}`);\n }\n return (response.data as any) \|\| {\n sessionId: args.sessionId,\n clearedSession: false,\n clearedChallenge: false,\n clearedPort: false,\n };\n}\n"],"mappings":"~~;;;;;;;;;;;;;~~AAaA,eAAsB,aACpB,KACA,MAMC;AACD,OAAM,IAAI,kBAAkB;CAC5B,MAAMA,UAAqD;EACzD,MAAM;EACN,IAAI,IAAI;EACR,SAAS,EACP,WAAW,KAAK;;CAGpB,MAAM,WAAW,MAAM,IAAI,YAAqC;AAChE,KAAI,CAAC,SAAS,QACZ,OAAM,IAAI,MAAM,wBAAwB,SAAS;AAEnD,QAAQ,SAAS,QAAgB;EAC/B,WAAW,KAAK;EAChB,gBAAgB;EAChB,kBAAkB;EAClB,aAAa"}
1	+ {"version":3,"file":"clearSession.js","names":["message: VRFWorkerMessage<WasmClearSessionRequest>"],"sources":["../../../../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/clearSession.ts"],"sourcesContent":["import type { VRFWorkerMessage, WasmClearSessionRequest } from '../../../types/vrf-worker';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/*\n Best-effort cleanup for a single VRF-owned signing session.\n \n Clears any VRF worker state bound to `sessionId`:\n * - cached WrapKeySeed session material (TTL/uses),\n * - cached VRF challenge (used for contract verification),\n * - and any attached WrapKeySeed MessagePort.\n \n Used by UI \"Lock\" actions and as a safety valve for session lifecycle cleanup.\n */\nexport async function clearSession(\n ctx: VrfWorkerManagerHandlerContext,\n args: { sessionId: string }\n): Promise<{\n sessionId: string;\n clearedSession: boolean;\n clearedChallenge: boolean;\n clearedPort: boolean;\n}> {\n await ctx.ensureWorkerReady(true);\n const message: VRFWorkerMessage<WasmClearSessionRequest> = {\n type: 'CLEAR_SESSION',\n id: ctx.generateMessageId(),\n payload: {\n sessionId: args.sessionId,\n } as any,\n };\n const response = await ctx.sendMessage<WasmClearSessionRequest>(message);\n if (!response.success) {\n throw new Error(`clearSession failed: ${response.error}`);\n }\n return (response.data as any) \|\| {\n sessionId: args.sessionId,\n clearedSession: false,\n clearedChallenge: false,\n clearedPort: false,\n };\n}\n"],"mappings":";;;;;;;;;;;;AAaA,eAAsB,aACpB,KACA,MAMC;AACD,OAAM,IAAI,kBAAkB;CAC5B,MAAMA,UAAqD;EACzD,MAAM;EACN,IAAI,IAAI;EACR,SAAS,EACP,WAAW,KAAK;;CAGpB,MAAM,WAAW,MAAM,IAAI,YAAqC;AAChE,KAAI,CAAC,SAAS,QACZ,OAAM,IAAI,MAAM,wBAAwB,SAAS;AAEnD,QAAQ,SAAS,QAAgB;EAC/B,WAAW,KAAK;EAChB,gBAAgB;EAChB,kBAAkB;EAClB,aAAa"}

package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/handlers/clearVrf.js CHANGED Viewed

@@ -1,4 +1,3 @@
-const require_rolldown_runtime = require('../../../../_virtual/rolldown_runtime.js');
 //#region src/core/WebAuthnManager/VrfWorkerManager/handlers/clearVrf.ts
 /**

package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/handlers/clearVrf.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"clearVrf.js","names":["message: VRFWorkerMessage<WasmVrfWorkerRequestType>"],"sources":["../../../../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/clearVrf.ts"],"sourcesContent":["import type { VRFWorkerMessage, WasmVrfWorkerRequestType } from '../../../types/vrf-worker';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/*\n Full VRF logout: zeroize the in-memory VRF keypair and clear all VRF worker caches.\n \n This differs from `clearSession`, which only clears a single signing session (`sessionId`).\n * Use this when the user explicitly logs out / locks the VRF keypair.\n */\nexport async function clearVrfSession(ctx: VrfWorkerManagerHandlerContext): Promise<void> {\n console.debug('VRF Manager: Clearing VRF session...');\n\n await ctx.ensureWorkerReady();\n\n try {\n const message: VRFWorkerMessage<WasmVrfWorkerRequestType> = {\n type: 'CLEAR_VRF',\n id: ctx.generateMessageId(),\n payload: {} as WasmVrfWorkerRequestType\n };\n\n const response = await ctx.sendMessage(message);\n\n if (response.success) {\n // Clear the TypeScript-tracked account ID\n ctx.setCurrentVrfAccountId(null);\n console.debug('VRF Manager: VRF session cleared (key material zeroized)');\n } else {\n console.warn('️VRF Manager: Clear VRF failed:', response.error);\n }\n } catch (error) {\n console.warn('VRF Manager: Clear VRF error:', error);\n }\n}\n"],"mappings":"~~;;;;;;;;;~~AASA,eAAsB,gBAAgB,KAAoD;AACxF,SAAQ,MAAM;AAEd,OAAM,IAAI;AAEV,KAAI;EACF,MAAMA,UAAsD;GAC1D,MAAM;GACN,IAAI,IAAI;GACR,SAAS;;EAGX,MAAM,WAAW,MAAM,IAAI,YAAY;AAEvC,MAAI,SAAS,SAAS;AAEpB,OAAI,uBAAuB;AAC3B,WAAQ,MAAM;QAEd,SAAQ,KAAK,mCAAmC,SAAS;UAEpD,OAAO;AACd,UAAQ,KAAK,iCAAiC"}
1	+ {"version":3,"file":"clearVrf.js","names":["message: VRFWorkerMessage<WasmVrfWorkerRequestType>"],"sources":["../../../../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/clearVrf.ts"],"sourcesContent":["import type { VRFWorkerMessage, WasmVrfWorkerRequestType } from '../../../types/vrf-worker';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/*\n Full VRF logout: zeroize the in-memory VRF keypair and clear all VRF worker caches.\n \n This differs from `clearSession`, which only clears a single signing session (`sessionId`).\n * Use this when the user explicitly logs out / locks the VRF keypair.\n */\nexport async function clearVrfSession(ctx: VrfWorkerManagerHandlerContext): Promise<void> {\n console.debug('VRF Manager: Clearing VRF session...');\n\n await ctx.ensureWorkerReady();\n\n try {\n const message: VRFWorkerMessage<WasmVrfWorkerRequestType> = {\n type: 'CLEAR_VRF',\n id: ctx.generateMessageId(),\n payload: {} as WasmVrfWorkerRequestType\n };\n\n const response = await ctx.sendMessage(message);\n\n if (response.success) {\n // Clear the TypeScript-tracked account ID\n ctx.setCurrentVrfAccountId(null);\n console.debug('VRF Manager: VRF session cleared (key material zeroized)');\n } else {\n console.warn('️VRF Manager: Clear VRF failed:', response.error);\n }\n } catch (error) {\n console.warn('VRF Manager: Clear VRF error:', error);\n }\n}\n"],"mappings":";;;;;;;;AASA,eAAsB,gBAAgB,KAAoD;AACxF,SAAQ,MAAM;AAEd,OAAM,IAAI;AAEV,KAAI;EACF,MAAMA,UAAsD;GAC1D,MAAM;GACN,IAAI,IAAI;GACR,SAAS;;EAGX,MAAM,WAAW,MAAM,IAAI,YAAY;AAEvC,MAAI,SAAS,SAAS;AAEpB,OAAI,uBAAuB;AAC3B,WAAQ,MAAM;QAEd,SAAQ,KAAK,mCAAmC,SAAS;UAEpD,OAAO;AACd,UAAQ,KAAK,iCAAiC"}

package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/handlers/confirmAndDeriveDevice2RegistrationSession.js CHANGED Viewed

@@ -1,4 +1,3 @@
-const require_rolldown_runtime = require('../../../../_virtual/rolldown_runtime.js');
 //#region src/core/WebAuthnManager/VrfWorkerManager/handlers/confirmAndDeriveDevice2RegistrationSession.ts
 /**

package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/handlers/confirmAndDeriveDevice2RegistrationSession.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"confirmAndDeriveDevice2RegistrationSession.js","names":["message: VRFWorkerMessage<WasmDevice2RegistrationSessionRequest>"],"sources":["../../../../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/confirmAndDeriveDevice2RegistrationSession.ts"],"sourcesContent":["import type { AccountId } from '../../../types/accountIds';\nimport type { EncryptedVRFKeypair, VRFWorkerMessage, WasmDevice2RegistrationSessionRequest } from '../../../types/vrf-worker';\nimport type { TransactionContext } from '../../../types/rpc';\nimport type { VRFChallenge } from '../../../types/vrf-worker';\nimport type { WebAuthnRegistrationCredential } from '../../../types/webauthn';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/*\n Kick off the SecureConfirm flow for Device2 registration (\"link device\") and return the confirmed result.\n \n This is a bundled orchestration that can:\n * - collect a registration credential (PRF-capable),\n * - derive a deterministic VRF keypair for the new device,\n * - and return the data needed for storage + subsequent signing steps (tx context, VRF challenge, etc.).\n */\nexport async function confirmAndDeriveDevice2RegistrationSession(\n ctx: VrfWorkerManagerHandlerContext,\n params: {\n sessionId: string;\n nearAccountId: AccountId;\n deviceNumber: number;\n contractId: string;\n nearRpcUrl: string;\n authenticatorOptions?: object;\n wrapKeySalt?: string;\n }\n): Promise<{\n confirmed: boolean;\n sessionId: string;\n credential: WebAuthnRegistrationCredential;\n vrfChallenge: VRFChallenge;\n transactionContext: TransactionContext;\n wrapKeySalt: string;\n requestId: string;\n intentDigest: string;\n deterministicVrfPublicKey: string;\n encryptedVrfKeypair: EncryptedVRFKeypair;\n error?: string;\n}> {\n await ctx.ensureWorkerReady(true);\n\n const message: VRFWorkerMessage<WasmDevice2RegistrationSessionRequest> = {\n type: 'DEVICE2_REGISTRATION_SESSION',\n id: ctx.generateMessageId(),\n payload: {\n sessionId: params.sessionId,\n nearAccountId: params.nearAccountId,\n deviceNumber: params.deviceNumber,\n contractId: params.contractId,\n nearRpcUrl: params.nearRpcUrl,\n wrapKeySalt: params.wrapKeySalt \|\| '',\n // No confirmationConfig override for now; can add later if needed\n }\n };\n\n const response = await ctx.sendMessage<WasmDevice2RegistrationSessionRequest>(message);\n\n if (!response.success) {\n throw new Error(`Device2 registration session failed: ${response.error}`);\n }\n\n const data = response.data as any;\n\n if (!data.confirmed) {\n throw new Error(data.error \|\| 'User rejected Device2 registration');\n }\n\n if (!data.credential) {\n throw new Error('Missing credential from Device2 registration session');\n }\n if (!data.vrfChallenge) {\n throw new Error('Missing vrfChallenge from Device2 registration session');\n }\n if (!data.transactionContext) {\n throw new Error('Missing transactionContext from Device2 registration session');\n }\n if (!data.wrapKeySalt) {\n throw new Error('Missing wrapKeySalt from Device2 registration session');\n }\n\n return {\n confirmed: true,\n sessionId: data.sessionId,\n credential: data.credential,\n vrfChallenge: data.vrfChallenge,\n transactionContext: data.transactionContext,\n wrapKeySalt: data.wrapKeySalt,\n requestId: data.requestId,\n intentDigest: data.intentDigest,\n deterministicVrfPublicKey: data.deterministicVrfPublicKey,\n encryptedVrfKeypair: data.encryptedVrfKeypair,\n };\n}\n"],"mappings":"~~;;;;;;;;;;;~~AAeA,eAAsB,2CACpB,KACA,QAqBC;AACD,OAAM,IAAI,kBAAkB;CAE5B,MAAMA,UAAmE;EACvE,MAAM;EACN,IAAI,IAAI;EACR,SAAS;GACP,WAAW,OAAO;GAClB,eAAe,OAAO;GACtB,cAAc,OAAO;GACrB,YAAY,OAAO;GACnB,YAAY,OAAO;GACnB,aAAa,OAAO,eAAe;;;CAKvC,MAAM,WAAW,MAAM,IAAI,YAAmD;AAE9E,KAAI,CAAC,SAAS,QACZ,OAAM,IAAI,MAAM,wCAAwC,SAAS;CAGnE,MAAM,OAAO,SAAS;AAEtB,KAAI,CAAC,KAAK,UACR,OAAM,IAAI,MAAM,KAAK,SAAS;AAGhC,KAAI,CAAC,KAAK,WACR,OAAM,IAAI,MAAM;AAElB,KAAI,CAAC,KAAK,aACR,OAAM,IAAI,MAAM;AAElB,KAAI,CAAC,KAAK,mBACR,OAAM,IAAI,MAAM;AAElB,KAAI,CAAC,KAAK,YACR,OAAM,IAAI,MAAM;AAGlB,QAAO;EACL,WAAW;EACX,WAAW,KAAK;EAChB,YAAY,KAAK;EACjB,cAAc,KAAK;EACnB,oBAAoB,KAAK;EACzB,aAAa,KAAK;EAClB,WAAW,KAAK;EAChB,cAAc,KAAK;EACnB,2BAA2B,KAAK;EAChC,qBAAqB,KAAK"}
1	+ {"version":3,"file":"confirmAndDeriveDevice2RegistrationSession.js","names":["message: VRFWorkerMessage<WasmDevice2RegistrationSessionRequest>"],"sources":["../../../../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/confirmAndDeriveDevice2RegistrationSession.ts"],"sourcesContent":["import type { AccountId } from '../../../types/accountIds';\nimport type { EncryptedVRFKeypair, VRFWorkerMessage, WasmDevice2RegistrationSessionRequest } from '../../../types/vrf-worker';\nimport type { TransactionContext } from '../../../types/rpc';\nimport type { VRFChallenge } from '../../../types/vrf-worker';\nimport type { WebAuthnRegistrationCredential } from '../../../types/webauthn';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/*\n Kick off the SecureConfirm flow for Device2 registration (\"link device\") and return the confirmed result.\n \n This is a bundled orchestration that can:\n * - collect a registration credential (PRF-capable),\n * - derive a deterministic VRF keypair for the new device,\n * - and return the data needed for storage + subsequent signing steps (tx context, VRF challenge, etc.).\n */\nexport async function confirmAndDeriveDevice2RegistrationSession(\n ctx: VrfWorkerManagerHandlerContext,\n params: {\n sessionId: string;\n nearAccountId: AccountId;\n deviceNumber: number;\n contractId: string;\n nearRpcUrl: string;\n authenticatorOptions?: object;\n wrapKeySalt?: string;\n }\n): Promise<{\n confirmed: boolean;\n sessionId: string;\n credential: WebAuthnRegistrationCredential;\n vrfChallenge: VRFChallenge;\n transactionContext: TransactionContext;\n wrapKeySalt: string;\n requestId: string;\n intentDigest: string;\n deterministicVrfPublicKey: string;\n encryptedVrfKeypair: EncryptedVRFKeypair;\n error?: string;\n}> {\n await ctx.ensureWorkerReady(true);\n\n const message: VRFWorkerMessage<WasmDevice2RegistrationSessionRequest> = {\n type: 'DEVICE2_REGISTRATION_SESSION',\n id: ctx.generateMessageId(),\n payload: {\n sessionId: params.sessionId,\n nearAccountId: params.nearAccountId,\n deviceNumber: params.deviceNumber,\n contractId: params.contractId,\n nearRpcUrl: params.nearRpcUrl,\n wrapKeySalt: params.wrapKeySalt \|\| '',\n // No confirmationConfig override for now; can add later if needed\n }\n };\n\n const response = await ctx.sendMessage<WasmDevice2RegistrationSessionRequest>(message);\n\n if (!response.success) {\n throw new Error(`Device2 registration session failed: ${response.error}`);\n }\n\n const data = response.data as any;\n\n if (!data.confirmed) {\n throw new Error(data.error \|\| 'User rejected Device2 registration');\n }\n\n if (!data.credential) {\n throw new Error('Missing credential from Device2 registration session');\n }\n if (!data.vrfChallenge) {\n throw new Error('Missing vrfChallenge from Device2 registration session');\n }\n if (!data.transactionContext) {\n throw new Error('Missing transactionContext from Device2 registration session');\n }\n if (!data.wrapKeySalt) {\n throw new Error('Missing wrapKeySalt from Device2 registration session');\n }\n\n return {\n confirmed: true,\n sessionId: data.sessionId,\n credential: data.credential,\n vrfChallenge: data.vrfChallenge,\n transactionContext: data.transactionContext,\n wrapKeySalt: data.wrapKeySalt,\n requestId: data.requestId,\n intentDigest: data.intentDigest,\n deterministicVrfPublicKey: data.deterministicVrfPublicKey,\n encryptedVrfKeypair: data.encryptedVrfKeypair,\n };\n}\n"],"mappings":";;;;;;;;;;AAeA,eAAsB,2CACpB,KACA,QAqBC;AACD,OAAM,IAAI,kBAAkB;CAE5B,MAAMA,UAAmE;EACvE,MAAM;EACN,IAAI,IAAI;EACR,SAAS;GACP,WAAW,OAAO;GAClB,eAAe,OAAO;GACtB,cAAc,OAAO;GACrB,YAAY,OAAO;GACnB,YAAY,OAAO;GACnB,aAAa,OAAO,eAAe;;;CAKvC,MAAM,WAAW,MAAM,IAAI,YAAmD;AAE9E,KAAI,CAAC,SAAS,QACZ,OAAM,IAAI,MAAM,wCAAwC,SAAS;CAGnE,MAAM,OAAO,SAAS;AAEtB,KAAI,CAAC,KAAK,UACR,OAAM,IAAI,MAAM,KAAK,SAAS;AAGhC,KAAI,CAAC,KAAK,WACR,OAAM,IAAI,MAAM;AAElB,KAAI,CAAC,KAAK,aACR,OAAM,IAAI,MAAM;AAElB,KAAI,CAAC,KAAK,mBACR,OAAM,IAAI,MAAM;AAElB,KAAI,CAAC,KAAK,YACR,OAAM,IAAI,MAAM;AAGlB,QAAO;EACL,WAAW;EACX,WAAW,KAAK;EAChB,YAAY,KAAK;EACjB,cAAc,KAAK;EACnB,oBAAoB,KAAK;EACzB,aAAa,KAAK;EAClB,WAAW,KAAK;EAChB,cAAc,KAAK;EACnB,2BAA2B,KAAK;EAChC,qBAAqB,KAAK"}

package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/handlers/confirmAndPrepareSigningSession.js CHANGED Viewed

@@ -1,14 +1,12 @@
-const require_rolldown_runtime = require('../../../../_virtual/rolldown_runtime.js');
 const require_actions = require('../../../types/actions.js');
-const require_txDigest = require('../../txDigest.js');
+const require_intentDigest = require('../../../digests/intentDigest.js');
 const require_types = require('../confirmTxFlow/types.js');
 //#region src/core/WebAuthnManager/VrfWorkerManager/handlers/confirmAndPrepareSigningSession.ts
-require_actions.init_actions();
 /**
 * Kick off the SecureConfirm signing flow inside the VRF worker.
 *
-* This creates a schemaVersion=2 `SecureConfirmRequest` (tx / delegate / NEP-413) and sends it to the
+* This creates a `SecureConfirmRequest` (tx / delegate / NEP-413) and sends it to the
 * VRF worker, which will render UI, collect a WebAuthn credential when needed, and return the
 * `transactionContext` (reserved nonces, block hash/height) needed by the signer worker.
 */
@@ -19,9 +17,9 @@ async function confirmAndPrepareSigningSession(handlerCtx, params) {
 	switch (params.kind) {
 		case "transaction": {
 			const txSigningRequests = params.txSigningRequests;
-			intentDigest = await require_txDigest.computeUiIntentDigestFromTxs(txSigningRequests.map((tx) => ({
+			intentDigest = await require_intentDigest.computeUiIntentDigestFromTxs(txSigningRequests.map((tx) => ({
 				receiverId: tx.receiverId,
-				actions: tx.actions.map(require_txDigest.orderActionForDigest)
+				actions: tx.actions.map(require_intentDigest.orderActionForDigest)
 			})));
 			const summary = {
 				intentDigest,
@@ -32,14 +30,15 @@ async function confirmAndPrepareSigningSession(handlerCtx, params) {
 				...params.body != null ? { body: params.body } : {}
 			};
 			request = {
-				schemaVersion: 2,
 				requestId: sessionId,
 				type: require_types.SecureConfirmationType.SIGN_TRANSACTION,
 				summary,
 				payload: {
 					txSigningRequests,
 					intentDigest,
-					rpcCall: params.rpcCall
+					rpcCall: params.rpcCall,
+					...params.sessionPolicyDigest32 ? { sessionPolicyDigest32: params.sessionPolicyDigest32 } : {},
+					...params.signingAuthMode ? { signingAuthMode: params.signingAuthMode } : {}
 				},
 				confirmationConfig: params.confirmationConfigOverride,
 				intentDigest
@@ -51,9 +50,9 @@ async function confirmAndPrepareSigningSession(handlerCtx, params) {
 				receiverId: params.delegate.receiverId,
 				actions: params.delegate.actions
 			}];
-			intentDigest = await require_txDigest.computeUiIntentDigestFromTxs(txSigningRequests.map((tx) => ({
+			intentDigest = await require_intentDigest.computeUiIntentDigestFromTxs(txSigningRequests.map((tx) => ({
 				receiverId: tx.receiverId,
-				actions: tx.actions.map(require_txDigest.orderActionForDigest)
+				actions: tx.actions.map(require_intentDigest.orderActionForDigest)
 			})));
 			const summary = {
 				intentDigest,
@@ -70,14 +69,15 @@ async function confirmAndPrepareSigningSession(handlerCtx, params) {
 				}
 			};
 			request = {
-				schemaVersion: 2,
 				requestId: sessionId,
 				type: require_types.SecureConfirmationType.SIGN_TRANSACTION,
 				summary,
 				payload: {
 					txSigningRequests,
 					intentDigest,
-					rpcCall: params.rpcCall
+					rpcCall: params.rpcCall,
+					...params.sessionPolicyDigest32 ? { sessionPolicyDigest32: params.sessionPolicyDigest32 } : {},
+					...params.signingAuthMode ? { signingAuthMode: params.signingAuthMode } : {}
 				},
 				confirmationConfig: params.confirmationConfigOverride,
 				intentDigest
@@ -94,7 +94,6 @@ async function confirmAndPrepareSigningSession(handlerCtx, params) {
 				...params.body != null ? { body: params.body } : {}
 			};
 			request = {
-				schemaVersion: 2,
 				requestId: sessionId,
 				type: require_types.SecureConfirmationType.SIGN_NEP413_MESSAGE,
 				summary,
@@ -102,8 +101,10 @@ async function confirmAndPrepareSigningSession(handlerCtx, params) {
 					nearAccountId: params.nearAccountId,
 					message: params.message,
 					recipient: params.recipient,
+					...params.sessionPolicyDigest32 ? { sessionPolicyDigest32: params.sessionPolicyDigest32 } : {},
 					...params.contractId ? { contractId: params.contractId } : {},
-					...params.nearRpcUrl ? { nearRpcUrl: params.nearRpcUrl } : {}
+					...params.nearRpcUrl ? { nearRpcUrl: params.nearRpcUrl } : {},
+					...params.signingAuthMode ? { signingAuthMode: params.signingAuthMode } : {}
 				},
 				confirmationConfig: params.confirmationConfigOverride,
 				intentDigest
@@ -127,7 +128,8 @@ async function confirmAndPrepareSigningSession(handlerCtx, params) {
 		sessionId,
 		transactionContext: decision.transaction_context,
 		intentDigest: decision.intent_digest || intentDigest,
-		credential: decision.credential
+		credential: decision.credential,
+		vrfChallenge: decision.vrf_challenge
 	};
 }
 function computeTotalAmountYocto(txSigningRequests) {

package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/handlers/confirmAndPrepareSigningSession.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"confirmAndPrepareSigningSession.js","names":["intentDigest: string","request: SecureConfirmRequest<SignTransactionPayload \| SignNep413Payload, TransactionSummary>","computeUiIntentDigestFromTxs","orderActionForDigest","summary: TransactionSummary","SecureConfirmationType","txSigningRequests: TransactionInputWasm[]","message: VRFWorkerMessage<WasmConfirmAndPrepareSigningSessionRequest>","ActionType"],"sources":["../../../../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/confirmAndPrepareSigningSession.ts"],"sourcesContent":["import type { TransactionInputWasm } from '../../../types/actions';\nimport { ActionType } from '../../../types/actions';\nimport type { RpcCallPayload, ConfirmationConfig } from '../../../types/signer-worker';\nimport type { TransactionContext } from '../../../types/rpc';\nimport { computeUiIntentDigestFromTxs, orderActionForDigest } from '../../txDigest';\nimport {\n SecureConfirmationType,\n type SecureConfirmRequest,\n type SignTransactionPayload,\n type TransactionSummary,\n type SerializableCredential,\n} from '../confirmTxFlow/types';\nimport type { SignNep413Payload } from '../confirmTxFlow/types';\nimport type { VrfWorkerManagerContext } from '..';\nimport type { VrfWorkerManagerHandlerContext } from './types';\nimport type { VRFWorkerMessage, WasmConfirmAndPrepareSigningSessionRequest } from '../../../types/vrf-worker';\n\nexport interface ConfirmAndPrepareSigningSessionBaseParams {\n ctx: VrfWorkerManagerContext;\n sessionId: string;\n confirmationConfigOverride?: Partial<ConfirmationConfig>;\n}\n\nexport interface ConfirmAndPrepareSigningSessionTransactionParams extends ConfirmAndPrepareSigningSessionBaseParams {\n kind: 'transaction';\n txSigningRequests: TransactionInputWasm[];\n rpcCall: RpcCallPayload;\n title?: string;\n body?: string;\n}\n\nexport interface ConfirmAndPrepareSigningSessionDelegateParams extends ConfirmAndPrepareSigningSessionBaseParams {\n kind: 'delegate';\n nearAccountId: string;\n title?: string;\n body?: string;\n delegate: {\n senderId: string;\n receiverId: string;\n actions: TransactionInputWasm['actions'];\n nonce: string \| number \| bigint;\n maxBlockHeight: string \| number \| bigint;\n };\n rpcCall: RpcCallPayload;\n}\n\nexport interface ConfirmAndPrepareSigningSessionNep413Params extends ConfirmAndPrepareSigningSessionBaseParams {\n kind: 'nep413';\n nearAccountId: string;\n message: string;\n recipient: string;\n title?: string;\n body?: string;\n contractId?: string;\n nearRpcUrl?: string;\n}\n\nexport type ConfirmAndPrepareSigningSessionParams =\n \| ConfirmAndPrepareSigningSessionTransactionParams\n \| ConfirmAndPrepareSigningSessionDelegateParams\n \| ConfirmAndPrepareSigningSessionNep413Params;\n\nexport interface ConfirmAndPrepareSigningSessionResult {\n sessionId: string;\n transactionContext: TransactionContext;\n intentDigest: string;\n credential?: SerializableCredential;\n}\n\n/*\n Kick off the SecureConfirm signing flow inside the VRF worker.\n \n This creates a schemaVersion=2 `SecureConfirmRequest` (tx / delegate / NEP-413) and sends it to the\n * VRF worker, which will render UI, collect a WebAuthn credential when needed, and return the\n * `transactionContext` (reserved nonces, block hash/height) needed by the signer worker.\n */\nexport async function confirmAndPrepareSigningSession(\n handlerCtx: VrfWorkerManagerHandlerContext,\n params: ConfirmAndPrepareSigningSessionParams\n): Promise<ConfirmAndPrepareSigningSessionResult> {\n const { sessionId } = params;\n\n let intentDigest: string;\n let request: SecureConfirmRequest<SignTransactionPayload \| SignNep413Payload, TransactionSummary>;\n\n switch (params.kind) {\n case 'transaction': {\n const txSigningRequests = params.txSigningRequests;\n intentDigest = await computeUiIntentDigestFromTxs(\n txSigningRequests.map(tx => ({\n receiverId: tx.receiverId,\n actions: tx.actions.map(orderActionForDigest),\n })) as TransactionInputWasm[]\n );\n\n const summary: TransactionSummary = {\n intentDigest,\n receiverId: txSigningRequests[0]?.receiverId,\n totalAmount: computeTotalAmountYocto(txSigningRequests),\n type: 'transaction',\n ...(params.title != null ? { title: params.title } : {}),\n ...(params.body != null ? { body: params.body } : {}),\n };\n\n request = {\n schemaVersion: 2,\n requestId: sessionId,\n type: SecureConfirmationType.SIGN_TRANSACTION,\n summary,\n payload: {\n txSigningRequests,\n intentDigest,\n rpcCall: params.rpcCall,\n },\n confirmationConfig: params.confirmationConfigOverride,\n intentDigest,\n };\n break;\n }\n case 'delegate': {\n const txSigningRequests: TransactionInputWasm[] = [{\n receiverId: params.delegate.receiverId,\n actions: params.delegate.actions,\n } as TransactionInputWasm];\n\n intentDigest = await computeUiIntentDigestFromTxs(\n txSigningRequests.map(tx => ({\n receiverId: tx.receiverId,\n actions: tx.actions.map(orderActionForDigest),\n })) as TransactionInputWasm[]\n );\n\n const summary: TransactionSummary = {\n intentDigest,\n receiverId: txSigningRequests[0]?.receiverId,\n totalAmount: computeTotalAmountYocto(txSigningRequests),\n type: 'delegateAction',\n ...(params.title != null ? { title: params.title } : {}),\n ...(params.body != null ? { body: params.body } : {}),\n delegate: {\n senderId: params.delegate.senderId,\n receiverId: params.delegate.receiverId,\n nonce: String(params.delegate.nonce),\n maxBlockHeight: String(params.delegate.maxBlockHeight),\n },\n };\n\n request = {\n schemaVersion: 2,\n requestId: sessionId,\n type: SecureConfirmationType.SIGN_TRANSACTION,\n summary,\n payload: {\n txSigningRequests,\n intentDigest,\n rpcCall: params.rpcCall,\n },\n confirmationConfig: params.confirmationConfigOverride,\n intentDigest,\n };\n break;\n }\n case 'nep413': {\n intentDigest = `${params.nearAccountId}:${params.recipient}:${params.message}`;\n const summary: TransactionSummary = {\n intentDigest,\n method: 'NEP-413',\n receiverId: params.recipient,\n ...(params.title != null ? { title: params.title } : {}),\n ...(params.body != null ? { body: params.body } : {}),\n };\n\n request = {\n schemaVersion: 2,\n requestId: sessionId,\n type: SecureConfirmationType.SIGN_NEP413_MESSAGE,\n summary,\n payload: {\n nearAccountId: params.nearAccountId,\n message: params.message,\n recipient: params.recipient,\n ...(params.contractId ? { contractId: params.contractId } : {}),\n ...(params.nearRpcUrl ? { nearRpcUrl: params.nearRpcUrl } : {}),\n },\n confirmationConfig: params.confirmationConfigOverride,\n intentDigest,\n };\n break;\n }\n default: {\n // Exhaustiveness guard\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n const _exhaustive: never = params;\n throw new Error('Unsupported signing session kind');\n }\n }\n\n await handlerCtx.ensureWorkerReady(true);\n const message: VRFWorkerMessage<WasmConfirmAndPrepareSigningSessionRequest> = {\n type: 'CONFIRM_AND_PREPARE_SIGNING_SESSION',\n id: handlerCtx.generateMessageId(),\n payload: {\n request,\n },\n };\n const response = await handlerCtx.sendMessage<WasmConfirmAndPrepareSigningSessionRequest>(message);\n if (!response.success) {\n throw new Error(`confirmAndPrepareSigningSession failed: ${response.error}`);\n }\n\n const decision = response.data as {\n confirmed?: boolean;\n error?: string;\n intent_digest?: string;\n transaction_context?: TransactionContext;\n credential?: SerializableCredential;\n };\n\n if (!decision?.confirmed) {\n throw new Error(decision?.error \|\| 'User rejected signing request');\n }\n if (!decision.transaction_context) {\n throw new Error('Missing transactionContext from confirmation flow');\n }\n\n return {\n sessionId,\n transactionContext: decision.transaction_context,\n intentDigest: decision.intent_digest \|\| intentDigest,\n credential: decision.credential,\n };\n}\n\nfunction computeTotalAmountYocto(txSigningRequests: TransactionInputWasm[]): string \| undefined {\n try {\n let total = BigInt(0);\n for (const tx of txSigningRequests) {\n for (const action of tx.actions) {\n switch (action.action_type) {\n case ActionType.Transfer:\n total += BigInt(action.deposit \|\| '0');\n break;\n case ActionType.FunctionCall:\n total += BigInt(action.deposit \|\| '0');\n break;\n case ActionType.Stake:\n total += BigInt(action.stake \|\| '0');\n break;\n default:\n break;\n }\n }\n }\n return total > BigInt(0) ? total.toString() : undefined;\n } catch {\n return undefined;\n }\n}\n"],"mappings":";;;;;;;;;;;;;;AA4EA,eAAsB,gCACpB,YACA,QACgD;CAChD,MAAM,EAAE,cAAc;CAEtB,IAAIA;CACJ,IAAIC;AAEJ,SAAQ,OAAO,MAAf;EACE,KAAK,eAAe;GAClB,MAAM,oBAAoB,OAAO;AACjC,kBAAe,MAAMC,8CACnB,kBAAkB,KAAI,QAAO;IAC3B,YAAY,GAAG;IACf,SAAS,GAAG,QAAQ,IAAIC;;GAI5B,MAAMC,UAA8B;IAClC;IACA,YAAY,kBAAkB,IAAI;IAClC,aAAa,wBAAwB;IACrC,MAAM;IACN,GAAI,OAAO,SAAS,OAAO,EAAE,OAAO,OAAO,UAAU;IACrD,GAAI,OAAO,QAAQ,OAAO,EAAE,MAAM,OAAO,SAAS;;AAGpD,aAAU;IACR,eAAe;IACf,WAAW;IACX,MAAMC,qCAAuB;IAC7B;IACA,SAAS;KACP;KACA;KACA,SAAS,OAAO;;IAElB,oBAAoB,OAAO;IAC3B;;AAEF;;EAEF,KAAK,YAAY;GACf,MAAMC,oBAA4C,CAAC;IACjD,YAAY,OAAO,SAAS;IAC5B,SAAS,OAAO,SAAS;;AAG3B,kBAAe,MAAMJ,8CACnB,kBAAkB,KAAI,QAAO;IAC3B,YAAY,GAAG;IACf,SAAS,GAAG,QAAQ,IAAIC;;GAI5B,MAAMC,UAA8B;IAClC;IACA,YAAY,kBAAkB,IAAI;IAClC,aAAa,wBAAwB;IACrC,MAAM;IACN,GAAI,OAAO,SAAS,OAAO,EAAE,OAAO,OAAO,UAAU;IACrD,GAAI,OAAO,QAAQ,OAAO,EAAE,MAAM,OAAO,SAAS;IAClD,UAAU;KACR,UAAU,OAAO,SAAS;KAC1B,YAAY,OAAO,SAAS;KAC5B,OAAO,OAAO,OAAO,SAAS;KAC9B,gBAAgB,OAAO,OAAO,SAAS;;;AAI3C,aAAU;IACR,eAAe;IACf,WAAW;IACX,MAAMC,qCAAuB;IAC7B;IACA,SAAS;KACP;KACA;KACA,SAAS,OAAO;;IAElB,oBAAoB,OAAO;IAC3B;;AAEF;;EAEF,KAAK,UAAU;AACb,kBAAe,GAAG,OAAO,cAAc,GAAG,OAAO,UAAU,GAAG,OAAO;GACrE,MAAMD,UAA8B;IAClC;IACA,QAAQ;IACR,YAAY,OAAO;IACnB,GAAI,OAAO,SAAS,OAAO,EAAE,OAAO,OAAO,UAAU;IACrD,GAAI,OAAO,QAAQ,OAAO,EAAE,MAAM,OAAO,SAAS;;AAGpD,aAAU;IACR,eAAe;IACf,WAAW;IACX,MAAMC,qCAAuB;IAC7B;IACA,SAAS;KACP,eAAe,OAAO;KACtB,SAAS,OAAO;KAChB,WAAW,OAAO;KAClB,GAAI,OAAO,aAAa,EAAE,YAAY,OAAO,eAAe;KAC5D,GAAI,OAAO,aAAa,EAAE,YAAY,OAAO,eAAe;;IAE9D,oBAAoB,OAAO;IAC3B;;AAEF;;EAEF,QAIE,OAAM,IAAI,MAAM;;AAIpB,OAAM,WAAW,kBAAkB;CACnC,MAAME,UAAwE;EAC5E,MAAM;EACN,IAAI,WAAW;EACf,SAAS,EACP;;CAGJ,MAAM,WAAW,MAAM,WAAW,YAAwD;AAC1F,KAAI,CAAC,SAAS,QACZ,OAAM,IAAI,MAAM,2CAA2C,SAAS;CAGtE,MAAM,WAAW,SAAS;AAQ1B,KAAI,CAAC,UAAU,UACb,OAAM,IAAI,MAAM,UAAU,SAAS;AAErC,KAAI,CAAC,SAAS,oBACZ,OAAM,IAAI,MAAM;AAGlB,QAAO;EACL;EACA,oBAAoB,SAAS;EAC7B,cAAc,SAAS,iBAAiB;EACxC,YAAY,SAAS;;;AAIzB,SAAS,wBAAwB,mBAA+D;AAC9F,KAAI;EACF,IAAI,QAAQ,OAAO;AACnB,OAAK,MAAM,MAAM,kBACf,MAAK,MAAM,UAAU,GAAG,QACtB,SAAQ,OAAO,aAAf;GACE,KAAKC,2BAAW;AACd,aAAS,OAAO,OAAO,WAAW;AAClC;GACF,KAAKA,2BAAW;AACd,aAAS,OAAO,OAAO,WAAW;AAClC;GACF,KAAKA,2BAAW;AACd,aAAS,OAAO,OAAO,SAAS;AAChC;GACF,QACE;;AAIR,SAAO,QAAQ,OAAO,KAAK,MAAM,aAAa;SACxC;AACN,SAAO"}
1	+ {"version":3,"file":"confirmAndPrepareSigningSession.js","names":["intentDigest: string","request: SecureConfirmRequest<SignTransactionPayload \| SignNep413Payload, TransactionSummary>","computeUiIntentDigestFromTxs","orderActionForDigest","summary: TransactionSummary","SecureConfirmationType","txSigningRequests: TransactionInputWasm[]","message: VRFWorkerMessage<WasmConfirmAndPrepareSigningSessionRequest>","ActionType"],"sources":["../../../../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/confirmAndPrepareSigningSession.ts"],"sourcesContent":["import type { TransactionInputWasm } from '../../../types/actions';\nimport { ActionType } from '../../../types/actions';\nimport type { RpcCallPayload, ConfirmationConfig } from '../../../types/signer-worker';\nimport type { TransactionContext } from '../../../types/rpc';\nimport { computeUiIntentDigestFromTxs, orderActionForDigest } from '../../../digests/intentDigest';\nimport {\n SecureConfirmationType,\n type SecureConfirmRequest,\n type SignTransactionPayload,\n type SigningAuthMode,\n type TransactionSummary,\n type SerializableCredential,\n} from '../confirmTxFlow/types';\nimport type { SignNep413Payload } from '../confirmTxFlow/types';\nimport type { VrfWorkerManagerContext } from '..';\nimport type { VrfWorkerManagerHandlerContext } from './types';\nimport type { VRFChallenge, VRFWorkerMessage, WasmConfirmAndPrepareSigningSessionRequest } from '../../../types/vrf-worker';\n\nexport interface ConfirmAndPrepareSigningSessionBaseParams {\n ctx: VrfWorkerManagerContext;\n sessionId: string;\n confirmationConfigOverride?: Partial<ConfirmationConfig>;\n /*\n Optional override for signing auth mode.\n * When omitted, the VRF worker may auto-select `warmSession` when a session is available.\n \n Threshold signing should force `webauthn` to ensure a fresh VRF challenge + WebAuthn assertion\n * is available for relayer authorization.\n /\n signingAuthMode?: SigningAuthMode;\n /\n Optional base64url-encoded 32-byte digest to bind a relayer session policy into the VRF input hash (v4+ only).\n * When provided, it is forwarded to the VRF worker for inclusion in VRF input derivation.\n /\n sessionPolicyDigest32?: string;\n}\n\nexport interface ConfirmAndPrepareSigningSessionTransactionParams extends ConfirmAndPrepareSigningSessionBaseParams {\n kind: 'transaction';\n txSigningRequests: TransactionInputWasm[];\n rpcCall: RpcCallPayload;\n title?: string;\n body?: string;\n}\n\nexport interface ConfirmAndPrepareSigningSessionDelegateParams extends ConfirmAndPrepareSigningSessionBaseParams {\n kind: 'delegate';\n nearAccountId: string;\n title?: string;\n body?: string;\n delegate: {\n senderId: string;\n receiverId: string;\n actions: TransactionInputWasm['actions'];\n nonce: string \| number \| bigint;\n maxBlockHeight: string \| number \| bigint;\n };\n rpcCall: RpcCallPayload;\n}\n\nexport interface ConfirmAndPrepareSigningSessionNep413Params extends ConfirmAndPrepareSigningSessionBaseParams {\n kind: 'nep413';\n nearAccountId: string;\n message: string;\n recipient: string;\n title?: string;\n body?: string;\n contractId?: string;\n nearRpcUrl?: string;\n}\n\nexport type ConfirmAndPrepareSigningSessionParams =\n \| ConfirmAndPrepareSigningSessionTransactionParams\n \| ConfirmAndPrepareSigningSessionDelegateParams\n \| ConfirmAndPrepareSigningSessionNep413Params;\n\nexport interface ConfirmAndPrepareSigningSessionResult {\n sessionId: string;\n transactionContext: TransactionContext;\n intentDigest: string;\n credential?: SerializableCredential;\n vrfChallenge?: VRFChallenge;\n}\n\n/\n Kick off the SecureConfirm signing flow inside the VRF worker.\n \n This creates a `SecureConfirmRequest` (tx / delegate / NEP-413) and sends it to the\n * VRF worker, which will render UI, collect a WebAuthn credential when needed, and return the\n * `transactionContext` (reserved nonces, block hash/height) needed by the signer worker.\n */\nexport async function confirmAndPrepareSigningSession(\n handlerCtx: VrfWorkerManagerHandlerContext,\n params: ConfirmAndPrepareSigningSessionParams\n): Promise<ConfirmAndPrepareSigningSessionResult> {\n const { sessionId } = params;\n\n let intentDigest: string;\n let request: SecureConfirmRequest<SignTransactionPayload \| SignNep413Payload, TransactionSummary>;\n\n switch (params.kind) {\n case 'transaction': {\n const txSigningRequests = params.txSigningRequests;\n intentDigest = await computeUiIntentDigestFromTxs(\n txSigningRequests.map(tx => ({\n receiverId: tx.receiverId,\n actions: tx.actions.map(orderActionForDigest),\n })) as TransactionInputWasm[]\n );\n\n const summary: TransactionSummary = {\n intentDigest,\n receiverId: txSigningRequests[0]?.receiverId,\n totalAmount: computeTotalAmountYocto(txSigningRequests),\n type: 'transaction',\n ...(params.title != null ? { title: params.title } : {}),\n ...(params.body != null ? { body: params.body } : {}),\n };\n\n request = {\n requestId: sessionId,\n type: SecureConfirmationType.SIGN_TRANSACTION,\n summary,\n payload: {\n txSigningRequests,\n intentDigest,\n rpcCall: params.rpcCall,\n ...(params.sessionPolicyDigest32 ? { sessionPolicyDigest32: params.sessionPolicyDigest32 } : {}),\n ...(params.signingAuthMode ? { signingAuthMode: params.signingAuthMode } : {}),\n },\n confirmationConfig: params.confirmationConfigOverride,\n intentDigest,\n };\n break;\n }\n case 'delegate': {\n const txSigningRequests: TransactionInputWasm[] = [{\n receiverId: params.delegate.receiverId,\n actions: params.delegate.actions,\n }];\n\n intentDigest = await computeUiIntentDigestFromTxs(\n txSigningRequests.map(tx => ({\n receiverId: tx.receiverId,\n actions: tx.actions.map(orderActionForDigest),\n }))\n );\n\n const summary: TransactionSummary = {\n intentDigest,\n receiverId: txSigningRequests[0]?.receiverId,\n totalAmount: computeTotalAmountYocto(txSigningRequests),\n type: 'delegateAction',\n ...(params.title != null ? { title: params.title } : {}),\n ...(params.body != null ? { body: params.body } : {}),\n delegate: {\n senderId: params.delegate.senderId,\n receiverId: params.delegate.receiverId,\n nonce: String(params.delegate.nonce),\n maxBlockHeight: String(params.delegate.maxBlockHeight),\n },\n };\n\n request = {\n requestId: sessionId,\n type: SecureConfirmationType.SIGN_TRANSACTION,\n summary,\n payload: {\n txSigningRequests,\n intentDigest,\n rpcCall: params.rpcCall,\n ...(params.sessionPolicyDigest32 ? { sessionPolicyDigest32: params.sessionPolicyDigest32 } : {}),\n ...(params.signingAuthMode ? { signingAuthMode: params.signingAuthMode } : {}),\n },\n confirmationConfig: params.confirmationConfigOverride,\n intentDigest,\n };\n break;\n }\n case 'nep413': {\n intentDigest = `${params.nearAccountId}:${params.recipient}:${params.message}`;\n const summary: TransactionSummary = {\n intentDigest,\n method: 'NEP-413',\n receiverId: params.recipient,\n ...(params.title != null ? { title: params.title } : {}),\n ...(params.body != null ? { body: params.body } : {}),\n };\n\n request = {\n requestId: sessionId,\n type: SecureConfirmationType.SIGN_NEP413_MESSAGE,\n summary,\n payload: {\n nearAccountId: params.nearAccountId,\n message: params.message,\n recipient: params.recipient,\n ...(params.sessionPolicyDigest32 ? { sessionPolicyDigest32: params.sessionPolicyDigest32 } : {}),\n ...(params.contractId ? { contractId: params.contractId } : {}),\n ...(params.nearRpcUrl ? { nearRpcUrl: params.nearRpcUrl } : {}),\n ...(params.signingAuthMode ? { signingAuthMode: params.signingAuthMode } : {}),\n },\n confirmationConfig: params.confirmationConfigOverride,\n intentDigest,\n };\n break;\n }\n default: {\n // Exhaustiveness guard\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n const _exhaustive: never = params;\n throw new Error('Unsupported signing session kind');\n }\n }\n\n await handlerCtx.ensureWorkerReady(true);\n const message: VRFWorkerMessage<WasmConfirmAndPrepareSigningSessionRequest> = {\n type: 'CONFIRM_AND_PREPARE_SIGNING_SESSION',\n id: handlerCtx.generateMessageId(),\n payload: {\n request,\n },\n };\n const response = await handlerCtx.sendMessage<WasmConfirmAndPrepareSigningSessionRequest>(message);\n if (!response.success) {\n throw new Error(`confirmAndPrepareSigningSession failed: ${response.error}`);\n }\n\n const decision = response.data as {\n confirmed?: boolean;\n error?: string;\n intent_digest?: string;\n transaction_context?: TransactionContext;\n credential?: SerializableCredential;\n vrf_challenge?: VRFChallenge;\n };\n\n if (!decision?.confirmed) {\n throw new Error(decision?.error \|\| 'User rejected signing request');\n }\n if (!decision.transaction_context) {\n throw new Error('Missing transactionContext from confirmation flow');\n }\n\n return {\n sessionId,\n transactionContext: decision.transaction_context,\n intentDigest: decision.intent_digest \|\| intentDigest,\n credential: decision.credential,\n vrfChallenge: decision.vrf_challenge,\n };\n}\n\nfunction computeTotalAmountYocto(txSigningRequests: TransactionInputWasm[]): string \| undefined {\n try {\n let total = BigInt(0);\n for (const tx of txSigningRequests) {\n for (const action of tx.actions) {\n switch (action.action_type) {\n case ActionType.Transfer:\n total += BigInt(action.deposit \|\| '0');\n break;\n case ActionType.FunctionCall:\n total += BigInt(action.deposit \|\| '0');\n break;\n case ActionType.Stake:\n total += BigInt(action.stake \|\| '0');\n break;\n default:\n break;\n }\n }\n }\n return total > BigInt(0) ? total.toString() : undefined;\n } catch {\n return undefined;\n }\n}\n"],"mappings":";;;;;;;;;;;;AA2FA,eAAsB,gCACpB,YACA,QACgD;CAChD,MAAM,EAAE,cAAc;CAEtB,IAAIA;CACJ,IAAIC;AAEJ,SAAQ,OAAO,MAAf;EACE,KAAK,eAAe;GAClB,MAAM,oBAAoB,OAAO;AACjC,kBAAe,MAAMC,kDACnB,kBAAkB,KAAI,QAAO;IAC3B,YAAY,GAAG;IACf,SAAS,GAAG,QAAQ,IAAIC;;GAI5B,MAAMC,UAA8B;IAClC;IACA,YAAY,kBAAkB,IAAI;IAClC,aAAa,wBAAwB;IACrC,MAAM;IACN,GAAI,OAAO,SAAS,OAAO,EAAE,OAAO,OAAO,UAAU;IACrD,GAAI,OAAO,QAAQ,OAAO,EAAE,MAAM,OAAO,SAAS;;AAGpD,aAAU;IACR,WAAW;IACX,MAAMC,qCAAuB;IAC7B;IACA,SAAS;KACP;KACA;KACA,SAAS,OAAO;KAChB,GAAI,OAAO,wBAAwB,EAAE,uBAAuB,OAAO,0BAA0B;KAC7F,GAAI,OAAO,kBAAkB,EAAE,iBAAiB,OAAO,oBAAoB;;IAE7E,oBAAoB,OAAO;IAC3B;;AAEF;;EAEF,KAAK,YAAY;GACf,MAAMC,oBAA4C,CAAC;IACjD,YAAY,OAAO,SAAS;IAC5B,SAAS,OAAO,SAAS;;AAG3B,kBAAe,MAAMJ,kDACnB,kBAAkB,KAAI,QAAO;IAC3B,YAAY,GAAG;IACf,SAAS,GAAG,QAAQ,IAAIC;;GAI5B,MAAMC,UAA8B;IAClC;IACA,YAAY,kBAAkB,IAAI;IAClC,aAAa,wBAAwB;IACrC,MAAM;IACN,GAAI,OAAO,SAAS,OAAO,EAAE,OAAO,OAAO,UAAU;IACrD,GAAI,OAAO,QAAQ,OAAO,EAAE,MAAM,OAAO,SAAS;IAClD,UAAU;KACR,UAAU,OAAO,SAAS;KAC1B,YAAY,OAAO,SAAS;KAC5B,OAAO,OAAO,OAAO,SAAS;KAC9B,gBAAgB,OAAO,OAAO,SAAS;;;AAI3C,aAAU;IACR,WAAW;IACX,MAAMC,qCAAuB;IAC7B;IACA,SAAS;KACP;KACA;KACA,SAAS,OAAO;KAChB,GAAI,OAAO,wBAAwB,EAAE,uBAAuB,OAAO,0BAA0B;KAC7F,GAAI,OAAO,kBAAkB,EAAE,iBAAiB,OAAO,oBAAoB;;IAE7E,oBAAoB,OAAO;IAC3B;;AAEF;;EAEF,KAAK,UAAU;AACb,kBAAe,GAAG,OAAO,cAAc,GAAG,OAAO,UAAU,GAAG,OAAO;GACrE,MAAMD,UAA8B;IAClC;IACA,QAAQ;IACR,YAAY,OAAO;IACnB,GAAI,OAAO,SAAS,OAAO,EAAE,OAAO,OAAO,UAAU;IACrD,GAAI,OAAO,QAAQ,OAAO,EAAE,MAAM,OAAO,SAAS;;AAGpD,aAAU;IACR,WAAW;IACX,MAAMC,qCAAuB;IAC7B;IACA,SAAS;KACP,eAAe,OAAO;KACtB,SAAS,OAAO;KAChB,WAAW,OAAO;KAClB,GAAI,OAAO,wBAAwB,EAAE,uBAAuB,OAAO,0BAA0B;KAC7F,GAAI,OAAO,aAAa,EAAE,YAAY,OAAO,eAAe;KAC5D,GAAI,OAAO,aAAa,EAAE,YAAY,OAAO,eAAe;KAC5D,GAAI,OAAO,kBAAkB,EAAE,iBAAiB,OAAO,oBAAoB;;IAE7E,oBAAoB,OAAO;IAC3B;;AAEF;;EAEF,QAIE,OAAM,IAAI,MAAM;;AAIpB,OAAM,WAAW,kBAAkB;CACnC,MAAME,UAAwE;EAC5E,MAAM;EACN,IAAI,WAAW;EACf,SAAS,EACP;;CAGJ,MAAM,WAAW,MAAM,WAAW,YAAwD;AAC1F,KAAI,CAAC,SAAS,QACZ,OAAM,IAAI,MAAM,2CAA2C,SAAS;CAGtE,MAAM,WAAW,SAAS;AAS1B,KAAI,CAAC,UAAU,UACb,OAAM,IAAI,MAAM,UAAU,SAAS;AAErC,KAAI,CAAC,SAAS,oBACZ,OAAM,IAAI,MAAM;AAGlB,QAAO;EACL;EACA,oBAAoB,SAAS;EAC7B,cAAc,SAAS,iBAAiB;EACxC,YAAY,SAAS;EACrB,cAAc,SAAS;;;AAI3B,SAAS,wBAAwB,mBAA+D;AAC9F,KAAI;EACF,IAAI,QAAQ,OAAO;AACnB,OAAK,MAAM,MAAM,kBACf,MAAK,MAAM,UAAU,GAAG,QACtB,SAAQ,OAAO,aAAf;GACE,KAAKC,2BAAW;AACd,aAAS,OAAO,OAAO,WAAW;AAClC;GACF,KAAKA,2BAAW;AACd,aAAS,OAAO,OAAO,WAAW;AAClC;GACF,KAAKA,2BAAW;AACd,aAAS,OAAO,OAAO,SAAS;AAChC;GACF,QACE;;AAIR,SAAO,QAAQ,OAAO,KAAK,MAAM,aAAa;SACxC;AACN,SAAO"}